#include <SSLIOP_Acceptor.h>
Inheritance diagram for TAO::SSLIOP::Acceptor:
Public Types | |
| typedef ACE_Strategy_Acceptor< Connection_Handler, ACE_SSL_SOCK_ACCEPTOR > | BASE_ACCEPTOR |
| typedef TAO_Creation_Strategy< Connection_Handler > | CREATION_STRATEGY |
| typedef TAO_Concurrency_Strategy< Connection_Handler > | CONCURRENCY_STRATEGY |
| typedef Accept_Strategy | ACCEPT_STRATEGY |
Public Member Functions | |
| Acceptor (::Security::QOP qop, const ACE_Time_Value &timeout) | |
| Constructor. | |
| ~Acceptor (void) | |
| Destructor. | |
| const::SSLIOP::SSL & | ssl_component (void) const |
The TAO_Acceptor Methods | |
Check the documentation in tao/Pluggable.h for details. | |
| virtual int | open (TAO_ORB_Core *orb_core, ACE_Reactor *reactor, int version_major, int version_minor, const char *address, const char *options=0) |
| virtual int | open_default (TAO_ORB_Core *orb_core, ACE_Reactor *reactor, int version_major, int version_minor, const char *options=0) |
| virtual int | close (void) |
| virtual int | create_profile (const TAO::ObjectKey &object_key, TAO_MProfile &mprofile, CORBA::Short priority) |
| virtual int | is_collocated (const TAO_Endpoint *endpoint) |
Private Member Functions | |
| int | ssliop_open_i (TAO_ORB_Core *orb_core, const ACE_INET_Addr &addr, ACE_Reactor *reactor) |
| Implement the common part of the open*() methods. | |
| virtual int | parse_options_i (int &argc, ACE_CString **argv) |
| Parse protocol specific options. | |
| int | verify_secure_configuration (TAO_ORB_Core *orb_core, int major, int minor) |
| int | create_new_profile (const TAO::ObjectKey &object_key, TAO_MProfile &mprofile, CORBA::Short priority) |
| int | create_shared_profile (const TAO::ObjectKey &object_key, TAO_MProfile &mprofile, CORBA::Short priority) |
Private Attributes | |
| BASE_ACCEPTOR | ssl_acceptor_ |
| The concrete acceptor, as a pointer to it's base class. | |
Acceptor Strategies | |
Strategies used when accepting an incoming connection. | |
| CREATION_STRATEGY * | creation_strategy_ |
| CONCURRENCY_STRATEGY * | concurrency_strategy_ |
| ACCEPT_STRATEGY * | accept_strategy_ |
| ::SSLIOP::SSL | ssl_component_ |
| The CSIv1 SSL component. | |
| CSIIOP::TLS_SEC_TRANS | csiv2_component_ |
| The SSLIOP CSIv2 tagged component. | |
| const ACE_Time_Value | timeout_ |
| The accept() timeout. | |
Definition at line 48 of file SSLIOP_Acceptor.h.
|
|
Reimplemented from TAO_IIOP_Acceptor. Definition at line 63 of file SSLIOP_Acceptor.h. |
|
|
Reimplemented from TAO_IIOP_Acceptor. Definition at line 60 of file SSLIOP_Acceptor.h. |
|
|
Reimplemented from TAO_IIOP_Acceptor. Definition at line 62 of file SSLIOP_Acceptor.h. |
|
|
Reimplemented from TAO_IIOP_Acceptor. Definition at line 61 of file SSLIOP_Acceptor.h. |
|
||||||||||||
|
Constructor.
Definition at line 22 of file SSLIOP_Acceptor.cpp. References ACE_SET_BITS, csiv2_component_, SSLIOP::SSL::port, ssl_component_, SSLIOP::SSL::target_requires, and SSLIOP::SSL::target_supports.
00024 : TAO::IIOP_SSL_Acceptor (), 00025 ssl_acceptor_ (), 00026 creation_strategy_ (0), 00027 concurrency_strategy_ (0), 00028 accept_strategy_ (0), 00029 timeout_ (timeout) 00030 { 00031 // --- CSIv1 --- 00032 00033 // Clear all bits in the SSLIOP::SSL association option fields. 00034 this->ssl_component_.target_supports = 0; 00035 this->ssl_component_.target_requires = 0; 00036 00037 // SSLIOP requires these Security::AssociationOptions by default. 00038 ACE_SET_BITS (this->ssl_component_.target_requires, 00039 ::Security::Integrity 00040 | ::Security::Confidentiality 00041 | ::Security::NoDelegation); 00042 00043 // SSLIOP supports these Security::AssociationOptions by default. 00044 ACE_SET_BITS (this->ssl_component_.target_supports, 00045 ::Security::Integrity 00046 | ::Security::Confidentiality 00047 | ::Security::EstablishTrustInTarget 00048 | ::Security::NoDelegation); 00049 00050 // Initialize the default SSL port to zero (wild card port). 00051 this->ssl_component_.port = 0; 00052 00053 // @@ This should go away once we support setting security 00054 // association options through policies. 00055 if (qop == ::Security::SecQOPNoProtection) 00056 ACE_SET_BITS (this->ssl_component_.target_supports, 00057 ::Security::NoProtection); 00058 00059 00060 // --- CSIv2 --- 00061 00062 // Clear all bits in the CSIIOP::TLS_SEC_TRANS association option 00063 // fields. 00064 this->csiv2_component_.target_supports = 0; 00065 this->csiv2_component_.target_requires = 0; 00066 00067 // SSLIOP requires these CSIIOP::AssociationOptions by default. 00068 ACE_SET_BITS (this->csiv2_component_.target_requires, 00069 CSIIOP::Integrity 00070 | CSIIOP::Confidentiality 00071 | CSIIOP::NoDelegation); 00072 00073 // SSLIOP supports these CSIIOP::AssociationOptions by default. 00074 ACE_SET_BITS (this->csiv2_component_.target_supports, 00075 CSIIOP::Integrity 00076 | CSIIOP::Confidentiality 00077 | CSIIOP::EstablishTrustInTarget 00078 | CSIIOP::NoDelegation); 00079 00080 // @@ This should go away once we support setting security 00081 // association options through policies. 00082 if (qop == CSIIOP::NoProtection) 00083 ACE_SET_BITS (this->csiv2_component_.target_supports, 00084 CSIIOP::NoProtection); 00085 } |
|
|
Destructor.
Definition at line 87 of file SSLIOP_Acceptor.cpp. References close().
00088 {
00089 // Make sure we are closed before we start destroying the
00090 // strategies.
00091 this->close ();
00092
00093 delete this->creation_strategy_;
00094 delete this->concurrency_strategy_;
00095 delete this->accept_strategy_;
00096 }
|
|
|
Reimplemented from TAO::IIOP_SSL_Acceptor. Definition at line 359 of file SSLIOP_Acceptor.cpp. References ssl_acceptor_. Referenced by ~Acceptor().
00360 {
00361 int r = this->ssl_acceptor_.close ();
00362 if (this->IIOP_SSL_Acceptor::close () != 0)
00363 r = -1;
00364
00365 return r;
00366 }
|
|
||||||||||||||||
|
Helper method to add a new profile to the mprofile for each endpoint. Reimplemented from TAO_IIOP_Acceptor. Definition at line 120 of file SSLIOP_Acceptor.cpp. References TAO_Profile::_decr_refcnt(), ACE_NEW_RETURN, ACE_OutputCDR::begin(), IOP::TaggedComponent::component_data, ACE_Message_Block::cont(), TAO_SSLIOP_Profile::endpoint(), TAO_MProfile::give_profile(), TAO_MProfile::grow(), ACE_Message_Block::length(), ACE_OS::memcpy(), TAO_Endpoint::priority(), TAO_MProfile::profile_count(), ACE_Message_Block::rd_ptr(), TAO_Codeset_Manager::set_codeset(), TAO_Tagged_Components::set_component(), TAO_Tagged_Components::set_orb_type(), TAO_MProfile::size(), ssl_component_, IOP::TaggedComponent::tag, TAO_Profile::tagged_components(), TAO_ENCAP_BYTE_ORDER, TAO_ORB_TYPE, and ACE_OutputCDR::total_length(). Referenced by create_profile().
00123 {
00124 // Adding this->endpoint_count_ to the TAO_MProfile.
00125 const int count = mprofile.profile_count ();
00126 if ((mprofile.size () - count) < this->endpoint_count_
00127 && mprofile.grow (count + this->endpoint_count_) == -1)
00128 return -1;
00129
00130 // Create a profile for each acceptor endpoint.
00131 for (size_t i = 0; i < this->endpoint_count_; ++i)
00132 {
00133 TAO_SSLIOP_Profile *pfile = 0;
00134
00135 // @@ We need to create an SSLIOP::SSL component for the object
00136 // we're creating an MProfile for. This will allow us to
00137 // properly embed secure invocation policies in the generated
00138 // IOR, i.e. secure invocation policies on a per-object
00139 // basis, rather than on a per-endpoint basis. If no secure
00140 // invocation policies have been set then we should use the
00141 // below default SSLIOP::SSL component.
00142 ACE_NEW_RETURN (pfile,
00143 TAO_SSLIOP_Profile (this->hosts_[i],
00144 this->addrs_[i].get_port_number (),
00145 object_key,
00146 this->addrs_[i],
00147 this->version_,
00148 this->orb_core_,
00149 &(this->ssl_component_)),
00150 -1);
00151 pfile->endpoint ()->priority (priority);
00152
00153 if (mprofile.give_profile (pfile) == -1)
00154 {
00155 pfile->_decr_refcnt ();
00156 pfile = 0;
00157 return -1;
00158 }
00159
00160 if (this->orb_core_->orb_params ()->std_profile_components () == 0)
00161 continue;
00162
00163 pfile->tagged_components ().set_orb_type (TAO_ORB_TYPE);
00164
00165 TAO_Codeset_Manager *csm = this->orb_core_->codeset_manager();
00166 if (csm)
00167 csm->set_codeset (pfile->tagged_components());
00168
00169 IOP::TaggedComponent component;
00170 component.tag = ::SSLIOP::TAG_SSL_SEC_TRANS;
00171
00172 // @@???? Check this code, only intended as guideline...
00173 TAO_OutputCDR cdr;
00174 cdr << TAO_OutputCDR::from_boolean (TAO_ENCAP_BYTE_ORDER);
00175
00176 // @@ We need to create an SSLIOP::SSL component for the object
00177 // we're creating an MProfile for. This will allow us to
00178 // properly embed secure invocation policies in the generated
00179 // IOR, i.e. secure invocation policies on a per-object
00180 // basis, rather than on a per-endpoint basis. If no secure
00181 // invocation policies have been set then we should use the
00182 // below default SSLIOP::SSL component.
00183 cdr << this->ssl_component_;
00184
00185 // TAO extension, replace the contents of the octet sequence with
00186 // the CDR stream
00187 const CORBA::ULong length = cdr.total_length ();
00188 component.component_data.length (length);
00189 CORBA::Octet *buf = component.component_data.get_buffer ();
00190 for (const ACE_Message_Block *i = cdr.begin ();
00191 i != 0;
00192 i = i->cont ())
00193 {
00194 ACE_OS::memcpy (buf, i->rd_ptr (), i->length ());
00195 buf += i->length ();
00196 }
00197
00198 pfile->tagged_components ().set_component (component);
00199 }
00200
00201 return 0;
00202 }
|
|
||||||||||||||||
|
Reimplemented from TAO_IIOP_Acceptor. Definition at line 99 of file SSLIOP_Acceptor.cpp. References create_new_profile(), create_shared_profile(), and TAO_INVALID_PRIORITY.
00102 {
00103 // Sanity check.
00104 if (this->endpoint_count_ == 0)
00105 return -1;
00106
00107 // Check if multiple endpoints should be put in one profile or
00108 // if they should be spread across multiple profiles.
00109 if (priority == TAO_INVALID_PRIORITY)
00110 return this->create_new_profile (object_key,
00111 mprofile,
00112 priority);
00113 else
00114 return this->create_shared_profile (object_key,
00115 mprofile,
00116 priority);
00117 }
|
|
||||||||||||||||
|
Helper method to create a profile that contains all of our endpoints. Reimplemented from TAO_IIOP_Acceptor. Definition at line 206 of file SSLIOP_Acceptor.cpp. References TAO_Profile::_decr_refcnt(), ACE_NEW_RETURN, TAO_SSLIOP_Profile::add_endpoint(), ACE_OutputCDR::begin(), IOP::TaggedComponent::component_data, ACE_Message_Block::cont(), TAO_SSLIOP_Profile::endpoint(), TAO_MProfile::get_profile(), TAO_MProfile::give_profile(), TAO_SSLIOP_Endpoint::iiop_endpoint(), ACE_Message_Block::length(), ACE_OS::memcpy(), TAO_Endpoint::priority(), TAO_MProfile::profile_count(), ACE_Message_Block::rd_ptr(), TAO_Codeset_Manager::set_codeset(), TAO_Tagged_Components::set_component(), TAO_Tagged_Components::set_orb_type(), ssl_component_, IOP::TaggedComponent::tag, TAO_Profile::tag(), TAO_Profile::tagged_components(), TAO_ENCAP_BYTE_ORDER, TAO_ORB_TYPE, TAO_PHandle, and ACE_OutputCDR::total_length(). Referenced by create_profile().
00209 {
00210 size_t index = 0;
00211 TAO_Profile *pfile = 0;
00212 TAO_SSLIOP_Profile *ssliop_profile = 0;
00213
00214 // First see if <mprofile> already contains a SSLIOP profile.
00215 for (TAO_PHandle i = 0; i != mprofile.profile_count (); ++i)
00216 {
00217 pfile = mprofile.get_profile (i);
00218 if (pfile->tag () == IOP::TAG_INTERNET_IOP)
00219 {
00220 ssliop_profile = dynamic_cast<TAO_SSLIOP_Profile *> (pfile);
00221 if (ssliop_profile == 0)
00222 return -1;
00223 break;
00224 }
00225 }
00226
00227 // If <mprofile> doesn't contain SSLIOP_Profile, we need to create
00228 // one.
00229 if (ssliop_profile == 0)
00230 {
00231 // @@ We need to create an SSLIOP::SSL component for the object
00232 // we're creating an MProfile for. This will allow us to
00233 // properly embed secure invocation policies in the generated
00234 // IOR, i.e. secure invocation policies on a per-object
00235 // basis, rather than on a per-endpoint basis. If no secure
00236 // invocation policies have been set then we should use the
00237 // below default SSLIOP::SSL component.
00238 ACE_NEW_RETURN (ssliop_profile,
00239 TAO_SSLIOP_Profile (this->hosts_[0],
00240 this->addrs_[0].get_port_number (),
00241 object_key,
00242 this->addrs_[0],
00243 this->version_,
00244 this->orb_core_,
00245 &(this->ssl_component_)),
00246 -1);
00247
00248 TAO_SSLIOP_Endpoint * const ssliop_endp =
00249 dynamic_cast<TAO_SSLIOP_Endpoint *> (ssliop_profile->endpoint ());
00250
00251 if (!ssliop_endp)
00252 return -1;
00253
00254 ssliop_endp->priority (priority);
00255 ssliop_endp->iiop_endpoint ()->priority (priority);
00256
00257 if (mprofile.give_profile (ssliop_profile) == -1)
00258 {
00259 ssliop_profile->_decr_refcnt ();
00260 ssliop_profile = 0;
00261 return -1;
00262 }
00263
00264 if (this->orb_core_->orb_params ()->std_profile_components () != 0)
00265 {
00266 ssliop_profile->tagged_components ().set_orb_type (TAO_ORB_TYPE);
00267
00268 TAO_Codeset_Manager *csm = this->orb_core_->codeset_manager();
00269 if (csm)
00270 csm->set_codeset(ssliop_profile->tagged_components());
00271
00272 IOP::TaggedComponent component;
00273 component.tag = ::SSLIOP::TAG_SSL_SEC_TRANS;
00274 // @@???? Check this code, only intended as guideline...
00275 TAO_OutputCDR cdr;
00276 cdr << TAO_OutputCDR::from_boolean (TAO_ENCAP_BYTE_ORDER);
00277
00278 // @@ We need to create an SSLIOP::SSL component for the
00279 // object we're creating an MProfile for. This will
00280 // allow us to properly embed secure invocation policies
00281 // in the generated IOR, i.e. secure invocation policies
00282 // on a per-object basis, rather than on a per-endpoint
00283 // basis. If no secure invocation policies have been set
00284 // then we should use the below default SSLIOP::SSL
00285 // component.
00286 cdr << this->ssl_component_;
00287
00288 // TAO extension, replace the contents of the octet sequence with
00289 // the CDR stream
00290 CORBA::ULong length = cdr.total_length ();
00291 component.component_data.length (length);
00292 CORBA::Octet *buf = component.component_data.get_buffer ();
00293 for (const ACE_Message_Block *i = cdr.begin ();
00294 i != 0;
00295 i = i->cont ())
00296 {
00297 ACE_OS::memcpy (buf, i->rd_ptr (), i->length ());
00298 buf += i->length ();
00299 }
00300
00301 ssliop_profile->tagged_components ().set_component (component);
00302 }
00303
00304 index = 1;
00305 }
00306
00307 // Add any remaining endpoints to the SSLIOP_Profile.
00308 for (;
00309 index < this->endpoint_count_;
00310 ++index)
00311 {
00312 TAO_SSLIOP_Endpoint *ssl_endp = 0;
00313 TAO_IIOP_Endpoint *iiop_endp = 0;
00314 ACE_NEW_RETURN (iiop_endp,
00315 TAO_IIOP_Endpoint (this->hosts_[index],
00316 this->addrs_[index].get_port_number (),
00317 this->addrs_[index]),
00318 -1);
00319 iiop_endp->priority (priority);
00320
00321 ACE_NEW_RETURN (ssl_endp,
00322 TAO_SSLIOP_Endpoint (&(this->ssl_component_),
00323 iiop_endp),
00324 -1);
00325
00326 ssl_endp->priority (priority);
00327 ssliop_profile->add_endpoint (ssl_endp);
00328 }
00329
00330 return 0;
00331 }
|
|
|
Reimplemented from TAO_IIOP_Acceptor. Definition at line 334 of file SSLIOP_Acceptor.cpp. References TAO_SSLIOP_Endpoint::iiop_endpoint(), and TAO_IIOP_Endpoint::object_addr().
00335 {
00336 const TAO_SSLIOP_Endpoint *endp =
00337 dynamic_cast<const TAO_SSLIOP_Endpoint *> (endpoint);
00338
00339 // Make sure the dynamically cast pointer is valid.
00340 if (endp == 0)
00341 return 0;
00342
00343 for (size_t i = 0; i < this->endpoint_count_; ++i)
00344 {
00345 // @@ TODO The following code looks funky, why only the address
00346 // is compared? What about the IIOP address? Why force a
00347 // DNS lookup every time an SSLIOP object is decoded:
00348 //
00349 // http://deuce.doc.wustl.edu/bugzilla/show_bug.cgi?id=1220
00350 //
00351 if (endp->iiop_endpoint ()->object_addr () == this->addrs_[i])
00352 return 1; // Collocated
00353 }
00354
00355 return 0; // Not collocated
00356 }
|
|
||||||||||||||||||||||||||||
|
Reimplemented from TAO_IIOP_Acceptor. Definition at line 369 of file SSLIOP_Acceptor.cpp. References ACE_CString, TAO_IIOP_Acceptor::parse_address(), ACE_INET_Addr::set_port_number(), ssliop_open_i(), and verify_secure_configuration().
00375 {
00376 // Ensure that neither the endpoint configuration nor the ORB
00377 // configuration violate security measures.
00378 if (this->verify_secure_configuration (orb_core,
00379 major,
00380 minor) != 0)
00381 return -1;
00382
00383 ACE_INET_Addr addr;
00384 ACE_CString specified_hostname;
00385 if (this->parse_address (address, addr, specified_hostname) == -1)
00386 return -1;
00387
00388 // Open the non-SSL enabled endpoints, then open the SSL enabled
00389 // endpoints.
00390 if (this->IIOP_SSL_Acceptor::open (orb_core,
00391 reactor,
00392 major,
00393 minor,
00394 address,
00395 options) != 0)
00396 return -1;
00397
00398 // The SSL port is set in the parse_options() method. All we have
00399 // to do is call open_i()
00400 addr.set_port_number (this->ssl_component_.port);
00401
00402 return this->ssliop_open_i (orb_core,
00403 addr,
00404 reactor);
00405 }
|
|
||||||||||||||||||||||||
|
Reimplemented from TAO_IIOP_Acceptor. Definition at line 408 of file SSLIOP_Acceptor.cpp. References INADDR_ANY, ACE_INET_Addr::set(), ssliop_open_i(), and verify_secure_configuration().
00413 {
00414 // Ensure that neither the endpoint configuration nor the ORB
00415 // configuration violate security measures.
00416 if (this->verify_secure_configuration (orb_core,
00417 major,
00418 minor) != 0)
00419 return -1;
00420
00421 // Open the non-SSL enabled endpoints, then open the SSL enabled
00422 // endpoints.
00423 if (this->IIOP_SSL_Acceptor::open_default (orb_core,
00424 reactor,
00425 major,
00426 minor,
00427 options) == -1)
00428 return -1;
00429
00430 // Now that each network interface's hostname has been cached, open
00431 // an endpoint on each network interface using the INADDR_ANY
00432 // address.
00433 ACE_INET_Addr addr;
00434
00435 // this->ssl_component_.port is initialized to zero or it is set in
00436 // this->parse_options().
00437 if (addr.set (this->ssl_component_.port,
00438 static_cast<ACE_UINT32> (INADDR_ANY),
00439 1) != 0)
00440 return -1;
00441
00442 return this->ssliop_open_i (orb_core,
00443 addr,
00444 reactor);
00445 }
|
|
||||||||||||
|
Parse protocol specific options.
Reimplemented from TAO_IIOP_Acceptor. Definition at line 574 of file SSLIOP_Acceptor.cpp. References ACE_CString, ACE_ERROR_RETURN, ACE_TEXT(), ACE_OS::atoi(), LM_ERROR, SSLIOP::SSL::port, ssl_component_, and ACE_OS::strcmp().
00575 {
00576 //first, do the base class parser, then parse the leftovers.
00577 int result = this->IIOP_SSL_Acceptor::parse_options_i(argc,argv);
00578 if (result == -1)
00579 return result;
00580
00581 // then parse out our own options.
00582 int i = 0;
00583 while (i < argc)
00584 {
00585 // since the base class has already iterated over the list once,
00586 // it has vound any ill-formed options. Therefore we don't need
00587 // to do that again here.
00588 int slot = argv[i]->find ("=");
00589 ACE_CString name = argv[i]->substring (0, slot);
00590 ACE_CString value = argv[i]->substring (slot + 1);
00591
00592 if (name == "priority")
00593 {
00594 ACE_ERROR_RETURN ((LM_ERROR,
00595 ACE_TEXT ("TAO (%P|%t) Invalid SSLIOP endpoint format: ")
00596 ACE_TEXT ("endpoint priorities no longer supported. \n"),
00597 value.c_str ()),
00598 -1);
00599 }
00600 else if (ACE_OS::strcmp (name.c_str (), "ssl_port") == 0)
00601 {
00602 int ssl_port = ACE_OS::atoi (value.c_str ());
00603
00604 if (ssl_port >= 0 && ssl_port < 65536)
00605 this->ssl_component_.port = ssl_port;
00606 else
00607 ACE_ERROR_RETURN ((LM_ERROR,
00608 ACE_TEXT ("TAO (%P|%t) Invalid ")
00609 ACE_TEXT ("IIOP/SSL endpoint ")
00610 ACE_TEXT ("port: <%s>\n"),
00611 value.c_str ()),
00612 -1);
00613 }
00614 else
00615 {
00616 // the name is not known, skip to the next option
00617 i++;
00618 continue;
00619 }
00620 // at the end, we've consumed this argument. Shift the list and
00621 // put this one on the end. This technique has the effect of
00622 // putting them in reverse order, but that doesn't matter, since
00623 // these arguments are only whole strings.
00624 argc--;
00625 ACE_CString *temp = argv[i];
00626 for (int j = i; j <= argc-1; j++)
00627 argv[j] = argv[j+1];
00628 argv[argc] = temp;
00629
00630 }
00631 return 0;
00632 }
|
|
|
Retrieve the CSIv1 SSLIOP::SSL component associated with the endpoints set up by this acceptor. Definition at line 9 of file SSLIOP_Acceptor.inl. References ssl_component_. Referenced by TAO::SSLIOP::Transport::get_listen_point().
00010 {
00011 return this->ssl_component_;
00012 }
|
|
||||||||||||||||
|
Implement the common part of the open*() methods.
Definition at line 448 of file SSLIOP_Acceptor.cpp. References ACE_CLOEXEC, ACE_DEBUG, ACE_MAX_DEFAULT_PORT, ACE_NEW_RETURN, ACE_TEXT(), ACE_INET_Addr::get_port_number(), LM_DEBUG, SSLIOP::SSL::port, ACE_INET_Addr::set_port_number(), ssl_acceptor_, ssl_component_, and TAO_debug_level. Referenced by open(), and open_default().
00451 {
00452 this->orb_core_ = orb_core;
00453
00454 ACE_NEW_RETURN (this->creation_strategy_,
00455 CREATION_STRATEGY (this->orb_core_),
00456 -1);
00457
00458 ACE_NEW_RETURN (this->concurrency_strategy_,
00459 CONCURRENCY_STRATEGY (this->orb_core_),
00460 -1);
00461
00462 ACE_NEW_RETURN (this->accept_strategy_,
00463 ACCEPT_STRATEGY (this->orb_core_,
00464 this->timeout_),
00465 -1);
00466
00467 u_short requested_port = addr.get_port_number ();
00468 if (requested_port == 0)
00469 {
00470 // don't care, i.e., let the OS choose an ephemeral port
00471 if (this->ssl_acceptor_.open (addr,
00472 reactor,
00473 this->creation_strategy_,
00474 this->accept_strategy_,
00475 this->concurrency_strategy_,
00476 0, 0, 0, 1,
00477 this->reuse_addr_) == -1)
00478 {
00479 if (TAO_debug_level > 0)
00480 ACE_DEBUG ((LM_DEBUG,
00481 ACE_TEXT ("\n\nTAO (%P|%t) ")
00482 ACE_TEXT ("SSLIOP_Acceptor::open_i - %p\n\n"),
00483 ACE_TEXT ("cannot open acceptor")));
00484 return -1;
00485 }
00486 }
00487 else
00488 {
00489 ACE_INET_Addr a(addr);
00490
00491 int found_a_port = 0;
00492 ACE_UINT32 last_port = requested_port + this->port_span_ - 1;
00493 if (last_port > ACE_MAX_DEFAULT_PORT)
00494 {
00495 last_port = ACE_MAX_DEFAULT_PORT;
00496 }
00497
00498 for (ACE_UINT32 p = requested_port; p <= last_port; p++)
00499 {
00500 if (TAO_debug_level > 5)
00501 ACE_DEBUG ((LM_DEBUG,
00502 ACE_TEXT ("TAO (%P|%t) IIOP_Acceptor::open_i() ")
00503 ACE_TEXT ("trying to listen on port %d\n"), p));
00504
00505 // Now try to actually open on that port
00506 a.set_port_number ((u_short)p);
00507 if (this->ssl_acceptor_.open (a,
00508 reactor,
00509 this->creation_strategy_,
00510 this->accept_strategy_,
00511 this->concurrency_strategy_,
00512 0, 0, 0, 1,
00513 this->reuse_addr_) != -1)
00514 {
00515 found_a_port = 1;
00516 break;
00517 }
00518 }
00519
00520 // Now, if we couldn't locate a port, we punt
00521 if (! found_a_port)
00522 {
00523 if (TAO_debug_level > 0)
00524 ACE_DEBUG ((LM_DEBUG,
00525 ACE_TEXT ("\n\nTAO (%P|%t) ")
00526 ACE_TEXT ("SSLIOP_Acceptor::open_i - %p\n\n"),
00527 ACE_TEXT ("cannot open acceptor")));
00528 return -1;
00529 }
00530 }
00531
00532 ACE_INET_Addr ssl_address;
00533
00534 // We do this to make sure the port number the endpoint is listening
00535 // on gets set in the addr.
00536 if (this->ssl_acceptor_.acceptor ().get_local_addr (ssl_address) != 0)
00537 {
00538 // @@ Should this be a catastrophic error???
00539 if (TAO_debug_level > 0)
00540 ACE_DEBUG ((LM_DEBUG,
00541 ACE_TEXT ("\n\nTAO (%P|%t) ")
00542 ACE_TEXT ("SSLIOP_Acceptor::open_i - %p\n\n"),
00543 ACE_TEXT ("cannot get local addr")));
00544 return -1;
00545 }
00546
00547 // Reset the SSL endpoint port to the one chosen by the OS (or by
00548 // the user if provided.
00549 this->ssl_component_.port = ssl_address.get_port_number ();
00550
00551 (void) this->ssl_acceptor_.acceptor().enable (ACE_CLOEXEC);
00552 // This avoids having child processes acquire the listen socket
00553 // thereby denying the server the opportunity to restart on a
00554 // well-known endpoint. This does not affect the aberrent behavior
00555 // on Win32 platforms.
00556
00557 if (TAO_debug_level > 5)
00558 {
00559 for (size_t i = 0; i < this->endpoint_count_; ++i)
00560 {
00561 ACE_DEBUG ((LM_DEBUG,
00562 ACE_TEXT ("TAO (%P|%t) ")
00563 ACE_TEXT ("SSLIOP_Acceptor::open_i - ")
00564 ACE_TEXT ("listening on: <%s:%u>\n"),
00565 this->hosts_[i],
00566 this->ssl_component_.port));
00567 }
00568 }
00569
00570 return 0;
00571 }
|
|
||||||||||||||||
|
Ensure that neither the endpoint configuration nor the ORB configuration violate security measures. Definition at line 635 of file SSLIOP_Acceptor.cpp. References ACE_BIT_DISABLED, ACE_ERROR, ACE_TEXT(), LM_ERROR, TAO_ORB_Core::orb_params(), TAO_ORB_Parameters::std_profile_components(), and TAO_debug_level. Referenced by open(), and open_default().
00638 {
00639 // Sanity check.
00640 if (major < 1)
00641 {
00642 // There is no such thing as IIOP 0.x.
00643 errno = EINVAL;
00644 return -1;
00645 }
00646
00647 // In order to support a secure connection, the SSLIOP::SSL tagged
00648 // component must be embedded in the IOR. This isn't possible if
00649 // the user elects to disable standard profile components.
00650 // Similarly, IIOP 1.0 does not support tagged components, which
00651 // makes it impossible to embed the SSLIOP::SSL tagged component
00652 // within the IOR. If the given object explicitly disallows
00653 // insecure invocations and standard profile components are
00654 // disabled, then return with an error since secure invocations
00655 // cannot be supported without standard profile components.
00656 //
00657 // Note that it isn't enough to support NoProtection. NoProtection
00658 // must be required since "support" does not preclude the secure
00659 // port from being used.
00660
00661 if ((orb_core->orb_params ()->std_profile_components () == 0
00662 || (major == 1 && minor == 0))
00663 && ACE_BIT_DISABLED (this->ssl_component_.target_requires,
00664 ::Security::NoProtection))
00665 {
00666 if (TAO_debug_level > 0)
00667 ACE_ERROR ((LM_ERROR,
00668 ACE_TEXT ("(%P|%t) Cannot support secure ")
00669 ACE_TEXT ("IIOP over SSL connection if\n")
00670 ACE_TEXT ("(%P|%t) standard profile ")
00671 ACE_TEXT ("components are disabled\n")
00672 ACE_TEXT ("(%P|%t) or IIOP 1.0 endpoint is ")
00673 ACE_TEXT ("used.\n")));
00674
00675 errno = EINVAL;
00676 return -1;
00677 }
00678
00679 return 0;
00680 }
|
|
|
Reimplemented from TAO::IIOP_SSL_Acceptor. Definition at line 133 of file SSLIOP_Acceptor.h. |
|
|
Reimplemented from TAO::IIOP_SSL_Acceptor. Definition at line 132 of file SSLIOP_Acceptor.h. |
|
|
Reimplemented from TAO::IIOP_SSL_Acceptor. Definition at line 131 of file SSLIOP_Acceptor.h. |
|
|
The SSLIOP CSIv2 tagged component.
Definition at line 146 of file SSLIOP_Acceptor.h. Referenced by Acceptor(). |
|
|
The concrete acceptor, as a pointer to it's base class.
Definition at line 124 of file SSLIOP_Acceptor.h. Referenced by close(), and ssliop_open_i(). |
|
|
The CSIv1 SSL component. This is the SSLIOP endpoint-specific tagged component that is embedded in a given IOR. Definition at line 140 of file SSLIOP_Acceptor.h. Referenced by Acceptor(), create_new_profile(), create_shared_profile(), parse_options_i(), ssl_component(), and ssliop_open_i(). |
|
|
The accept() timeout. This timeout includes the overall time to complete the SSL handshake. This includes both the TCP handshake and the SSL handshake. Definition at line 154 of file SSLIOP_Acceptor.h. |
1.3.6