#include <SSLIOP_Connection_Handler.h>
Inheritance diagram for TAO::SSLIOP::Connection_Handler:
Public Member Functions | |
| Connection_Handler (ACE_Thread_Manager *t=0) | |
| Connection_Handler (TAO_ORB_Core *orb_core) | |
| Constructor. | |
| ~Connection_Handler (void) | |
| Destructor. | |
| int | close (u_long=0) |
| int | add_transport_to_cache (void) |
| Add ourselves to cache. | |
| int | process_listen_point_list (IIOP::ListenPointList &listen_list) |
| Process the listen_list. | |
| int | setup_ssl_state (TAO::SSLIOP::Current_Impl *&previous_current_impl, TAO::SSLIOP::Current_Impl *new_current_impl, bool &setup_done) |
| void | teardown_ssl_state (TAO::SSLIOP::Current_Impl *previous_current_impl, bool &setup_done) |
| Teardown the SSL session state. | |
Connection Handler overloads | |
Connection Handler overloads. | |
| virtual int | open_handler (void *) |
Event Handler overloads | |
| virtual int | resume_handler (void) |
| virtual int | close_connection (void) |
| virtual int | handle_input (ACE_HANDLE) |
| virtual int | handle_output (ACE_HANDLE) |
| virtual int | handle_close (ACE_HANDLE, ACE_Reactor_Mask) |
| virtual int | handle_timeout (const ACE_Time_Value ¤t_time, const void *act=0) |
| virtual int | open (void *) |
Protected Member Functions | |
TAO_Connection Handler overloads | |
| virtual int | release_os_resources (void) |
| virtual void | pos_io_hook (int &return_value) |
Protected Attributes | |
| TAO::SSLIOP::Current_var | current_ |
Private Attributes | |
| TAO_IIOP_Properties * | tcp_properties_ |
| TCP configuration for this connection. | |
The Connection handler which is common for the Acceptor and the Connector
Definition at line 51 of file SSLIOP_Connection_Handler.h.
|
|
Definition at line 29 of file SSLIOP_Connection_Handler.cpp. References ACE_ASSERT, and TAO::SSLIOP::SVC_HANDLER.
00031 : SVC_HANDLER (t, 0 , 0), 00032 TAO_Connection_Handler (0), 00033 current_ () 00034 { 00035 // This constructor should *never* get called, it is just here to 00036 // make the compiler happy: the default implementation of the 00037 // Creation_Strategy requires a constructor with that signature, we 00038 // don't use that implementation, but some (most?) compilers 00039 // instantiate it anyway. 00040 ACE_ASSERT (0); 00041 } |
|
|
Constructor.
Definition at line 43 of file SSLIOP_Connection_Handler.cpp. References ACE_NEW, TAO::SSLIOP::Util::current(), TAO::SSLIOP::SVC_HANDLER, and TAO_Connection_Handler::transport().
00044 : SVC_HANDLER (orb_core->thr_mgr (), 0, 0), 00045 TAO_Connection_Handler (orb_core), 00046 current_ () 00047 { 00048 this->current_ = TAO::SSLIOP::Util::current (orb_core); 00049 00050 TAO::SSLIOP::Transport* specific_transport = 0; 00051 ACE_NEW (specific_transport, 00052 TAO::SSLIOP::Transport (this, orb_core)); 00053 00054 // store this pointer (indirectly increment ref count) 00055 this->transport (specific_transport); 00056 } |
|
|
Destructor.
Definition at line 58 of file SSLIOP_Connection_Handler.cpp. References ACE_ERROR, ACE_TEXT, LM_ERROR, release_os_resources(), TAO_debug_level, and TAO_Connection_Handler::transport().
00059 {
00060 delete this->transport ();
00061 int const result =
00062 this->release_os_resources ();
00063
00064 if (result == -1 && TAO_debug_level)
00065 {
00066 ACE_ERROR ((LM_ERROR,
00067 ACE_TEXT("TAO (%P|%t) - SSLIOP_Connection_Handler::")
00068 ACE_TEXT("~SSLIOP_Connection_Handler, ")
00069 ACE_TEXT("release_os_resources() failed %m\n")));
00070 }
00071 }
|
|
|
Add ourselves to cache.
Definition at line 320 of file SSLIOP_Connection_Handler.cpp. References TAO::Transport_Cache_Manager::cache_idle_transport(), ACE_INET_Addr::get_port_number(), TAO_ORB_Core::lane_resources(), TAO_Connection_Handler::orb_core(), ACE_Svc_Handler<, >::peer(), and TAO_Thread_Lane_Resources::transport_cache().
00321 {
00322 ACE_INET_Addr addr;
00323
00324 // Get the peername.
00325 //
00326 // Note that the port set in the ACE_INET_Addr is actually the SSL
00327 // port!
00328 if (this->peer ().get_remote_addr (addr) == -1)
00329 return -1;
00330
00331 // Construct an IIOP_Endpoint object
00332 TAO_IIOP_Endpoint tmpoint (
00333 addr,
00334 this->orb_core()->orb_params()->use_dotted_decimal_addresses());
00335
00336 // @@ This is broken. We need to include the SecurityAssociation
00337 // options to be able to truly distinguish cached SSLIOP
00338 // transports.
00339 const ::SSLIOP::SSL ssl =
00340 {
00341 0, // target_supports
00342 0, // target_requires
00343 addr.get_port_number () // port
00344 };
00345
00346 TAO_SSLIOP_Endpoint endpoint (&ssl,
00347 &tmpoint);
00348
00349 // Construct a property object
00350 TAO_Base_Transport_Property prop (&endpoint);
00351
00352 TAO::Transport_Cache_Manager &cache =
00353 this->orb_core ()->lane_resources ().transport_cache ();
00354
00355 // Add the handler to Cache
00356 return cache.cache_idle_transport (&prop, this->transport ());
00357 }
|
|
|
Close called by the Acceptor or Connector when connection establishment fails. Reimplemented from ACE_Svc_Handler<, >. Definition at line 301 of file SSLIOP_Connection_Handler.cpp. References TAO_Connection_Handler::close_handler(). Referenced by handle_timeout(), and TAO::SSLIOP::Connector::ssliop_connect().
00302 {
00303 return this->close_handler ();
00304 }
|
|
|
Implements TAO_Connection_Handler. Definition at line 244 of file SSLIOP_Connection_Handler.cpp. References TAO_Connection_Handler::close_connection_eh(). Referenced by handle_output().
00245 {
00246 return this->close_connection_eh (this);
00247 }
|
|
||||||||||||
|
Reimplemented from ACE_Svc_Handler<, >. Definition at line 294 of file SSLIOP_Connection_Handler.cpp. References ACE_ASSERT.
00295 {
00296 ACE_ASSERT (0);
00297 return 0;
00298 }
|
|
|
Implements TAO_Connection_Handler. Definition at line 250 of file SSLIOP_Connection_Handler.cpp. References TAO_Connection_Handler::handle_input_eh().
00251 {
00252 return this->handle_input_eh (h, this);
00253 }
|
|
|
Reimplemented from ACE_Event_Handler. Definition at line 256 of file SSLIOP_Connection_Handler.cpp. References close_connection(), and TAO_Connection_Handler::handle_output_eh().
00257 {
00258 const int result =
00259 this->handle_output_eh (handle, this);
00260
00261 if (result == -1)
00262 {
00263 this->close_connection ();
00264 return 0;
00265 }
00266
00267 return result;
00268 }
|
|
||||||||||||
|
Reimplemented from ACE_Svc_Handler<, >. Definition at line 271 of file SSLIOP_Connection_Handler.cpp. References close(), and TAO_LF_Event::reset_state().
00273 {
00274 // Using this to ensure this instance will be deleted (if necessary)
00275 // only after reset_state(). Without this, when this refcount==1 -
00276 // the call to close() will cause a call to remove_reference() which
00277 // will delete this. At that point this->reset_state() is in no
00278 // man's territory and that causes SEGV on some platforms (Windows!)
00279
00280 TAO_Auto_Reference<TAO::SSLIOP::Connection_Handler> safeguard (*this);
00281
00282 // NOTE: Perhaps not the best solution, as it feels like the upper
00283 // layers should be responsible for this?
00284
00285 // We don't use this upcall for I/O. This is only used by the
00286 // Connector to indicate that the connection timedout. Therefore,
00287 // we should call close().
00288 int ret = this->close ();
00289 this->reset_state (TAO_LF_Event::LFS_TIMEOUT);
00290 return ret;
00291 }
|
|
|
Reimplemented from ACE_Svc_Handler<, >. Definition at line 80 of file SSLIOP_Connection_Handler.cpp. References ACE_DEBUG, ACE_ERROR, ACE_IPPROTO_TCP, ACE_NONBLOCK, ACE_TEXT(), ACE_INET_Addr::addr_to_string(), TAO_Protocols_Hooks::client_protocol_properties_at_orb_level(), TAO_ORB_Core::get_protocols_hooks(), LM_DEBUG, LM_ERROR, MAXHOSTNAMELEN, TAO_IIOP_Protocol_Properties::no_delay_, TAO_ORB_Parameters::nodelay(), TAO_Wait_Strategy::non_blocking(), TAO_Transport::opened_as(), TAO_Connection_Handler::orb_core(), TAO_ORB_Core::orb_params(), ACE_Svc_Handler<, >::peer(), TAO_Transport::post_open(), TAO_IIOP_Protocol_Properties::recv_buffer_size_, TAO_IIOP_Protocol_Properties::send_buffer_size_, TAO_Protocols_Hooks::server_protocol_properties_at_orb_level(), TAO_Connection_Handler::set_socket_option(), TAO_Connection_Handler::shared_open(), TAO_ORB_Parameters::sock_rcvbuf_size(), TAO_ORB_Parameters::sock_sndbuf_size(), TAO_LF_Event::state_changed(), ACE_OS::strcpy(), TAO_debug_level, TCP_NODELAY, TAO_Connection_Handler::transport(), and TAO_Transport::wait_strategy(). Referenced by open_handler().
00081 {
00082 if (this->shared_open() == -1)
00083 return -1;
00084
00085 TAO_IIOP_Protocol_Properties protocol_properties;
00086
00087 // Initialize values from ORB params.
00088 protocol_properties.send_buffer_size_ =
00089 this->orb_core ()->orb_params ()->sock_sndbuf_size ();
00090 protocol_properties.recv_buffer_size_ =
00091 this->orb_core ()->orb_params ()->sock_rcvbuf_size ();
00092 protocol_properties.no_delay_ =
00093 this->orb_core ()->orb_params ()->nodelay ();
00094
00095 TAO_Protocols_Hooks *tph = this->orb_core ()->get_protocols_hooks ();
00096
00097 if (tph != 0)
00098 {
00099 try
00100 {
00101 if (this->transport ()->opened_as () == TAO::TAO_CLIENT_ROLE)
00102 {
00103 tph->client_protocol_properties_at_orb_level (
00104 protocol_properties);
00105 }
00106 else
00107 {
00108 tph->server_protocol_properties_at_orb_level (
00109 protocol_properties);
00110 }
00111 }
00112 catch (const CORBA::Exception&)
00113 {
00114 return -1;
00115 }
00116 }
00117
00118 if (this->set_socket_option (this->peer (),
00119 protocol_properties.send_buffer_size_,
00120 protocol_properties.recv_buffer_size_) == -1)
00121 return -1;
00122
00123 #if !defined (ACE_LACKS_TCP_NODELAY)
00124 if (this->peer ().set_option (ACE_IPPROTO_TCP,
00125 TCP_NODELAY,
00126 (void *) &protocol_properties.no_delay_,
00127 sizeof (protocol_properties.no_delay_)) == -1)
00128 return -1;
00129 #endif /* ! ACE_LACKS_TCP_NODELAY */
00130
00131 if (this->transport ()->wait_strategy ()->non_blocking ())
00132 {
00133 if (this->peer ().enable (ACE_NONBLOCK) == -1)
00134 return -1;
00135
00136 // Enable partial SSL writes.
00137 //
00138 // By default, OpenSSL attempts to send the entire chunk of
00139 // data. This is fine for relatively small chunks of data.
00140 // However, if SSL_write() returns with an SSL_ERROR_WANT_WRITE
00141 // (basically an EWOULDBLOCK) when using non-blocking I/O, TAO
00142 // may attempt to resend the same data with a potentially
00143 // different buffer address. Such a scenario is prone to happen
00144 // when sending large chunks of data that cause flow control to
00145 // occur. For most protocol implementations this is fine.
00146 // OpenSSL, on the other hand, requires that the same arguments
00147 // be passed to SSL_write() if an SSL_ERROR_WANT_WRITE error
00148 // occured on a previous SSL_write() attempt, which cannot be
00149 // guaranteed by TAO's current message queuing/construction
00150 // code, often resulting in a "bad write retry" OpenSSL error.
00151 // To work around this issue, we enable partial SSL_write()s in
00152 // SSL/TLS connections created by TAO's SSLIOP pluggable
00153 // protocol. Doing so makes SSL_write() behave like write(2).
00154 //
00155 // This isn't an issue when using blocking I/O.
00156 (void) ::SSL_set_mode (this->peer ().ssl (),
00157 SSL_MODE_ENABLE_PARTIAL_WRITE);
00158 (void) ::SSL_set_mode (this->peer ().ssl (),
00159 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
00160 }
00161
00162 // Called by the <Strategy_Acceptor> when the handler is
00163 // completely connected.
00164 ACE_INET_Addr remote_addr;
00165 if (this->peer ().get_remote_addr (remote_addr) == -1)
00166 return -1;
00167
00168 ACE_INET_Addr local_addr;
00169 if (this->peer ().get_local_addr (local_addr) == -1)
00170 return -1;
00171
00172 if (local_addr == remote_addr)
00173 {
00174 if (TAO_debug_level > 0)
00175 {
00176 char remote_as_string[MAXHOSTNAMELEN + 16];
00177 char local_as_string[MAXHOSTNAMELEN + 16];
00178
00179 (void) remote_addr.addr_to_string (remote_as_string,
00180 sizeof (remote_as_string));
00181 (void) local_addr.addr_to_string (local_as_string,
00182 sizeof (local_as_string));
00183 ACE_ERROR ((LM_ERROR,
00184 "TAO(%P|%t) - TAO::SSLIOP::Connection_Handler::open, "
00185 "Holy Cow! The remote addr and "
00186 "local addr are identical (%s == %s)\n",
00187 remote_as_string, local_as_string));
00188 }
00189
00190 return -1;
00191 }
00192
00193 if (TAO_debug_level > 0)
00194 {
00195 char client[MAXHOSTNAMELEN + 16];
00196
00197 // Verify that we can resolve the peer hostname.
00198 if (remote_addr.addr_to_string (client,
00199 sizeof (client)) == -1)
00200 {
00201 ACE_OS::strcpy (client, "*unable to obtain*");
00202 }
00203
00204 ACE_DEBUG ((LM_DEBUG,
00205 ACE_TEXT ("TAO (%P|%t) SSLIOP connection from ")
00206 ACE_TEXT ("client <%s> on [%d]\n"),
00207 client,
00208 this->peer ().get_handle ()));
00209
00210 // Verify that we can resolve our hostname.
00211 if (local_addr.addr_to_string (client,
00212 sizeof (client)) == -1)
00213 {
00214 ACE_OS::strcpy (client, "*unable to obtain*");
00215 }
00216
00217 ACE_DEBUG ((LM_DEBUG,
00218 ACE_TEXT ("TAO (%P|%t) SSLIOP connection accepted from ")
00219 ACE_TEXT ("server <%s> on [%d]\n"),
00220 client,
00221 this->get_handle ()));
00222 }
00223
00224 // Set that the transport is now connected, if fails we return -1
00225 // Use C-style cast b/c otherwise we get warnings on lots of
00226 // compilers
00227 if (!this->transport ()->post_open ((size_t) this->get_handle ()))
00228 return -1;
00229
00230 // @@ Not needed
00231 this->state_changed (TAO_LF_Event::LFS_SUCCESS,
00232 this->orb_core ()->leader_follower ());
00233
00234 return 0;
00235 }
|
|
|
Implements TAO_Connection_Handler. Definition at line 74 of file SSLIOP_Connection_Handler.cpp. References open().
00075 {
00076 return this->open (v);
00077 }
|
|
|
Reimplemented from TAO_Connection_Handler. Definition at line 313 of file SSLIOP_Connection_Handler.cpp. References ACE_Svc_Handler<, >::peer().
00314 {
00315 if (return_value == 0 && ::SSL_pending (this->peer ().ssl ()))
00316 return_value = 1;
00317 }
|
|
|
Process the listen_list.
Definition at line 360 of file SSLIOP_Connection_Handler.cpp. References ACE_DEBUG, IIOP::ListenPoint::host, LM_DEBUG, TAO_Transport::make_idle(), IIOP::ListenPoint::port, TAO_Transport::recache_transport(), TAO_Transport_Descriptor_Interface::set_bidir_flag(), TAO_debug_level, and TAO_Connection_Handler::transport(). Referenced by TAO::SSLIOP::Transport::tear_listen_point_list().
00362 {
00363 // Get the size of the list
00364 const CORBA::ULong len = listen_list.length ();
00365
00366 for (CORBA::ULong i = 0; i < len; ++i)
00367 {
00368 IIOP::ListenPoint listen_point = listen_list[i];
00369 ACE_INET_Addr addr (listen_point.port,
00370 listen_point.host.in ());
00371
00372
00373 if (TAO_debug_level > 0)
00374 {
00375 ACE_DEBUG ((LM_DEBUG,
00376 "(%P|%t) Listening port [%d] on [%s]\n",
00377 listen_point.port,
00378 listen_point.host.in ()));
00379 }
00380
00381 // Construct an IIOP_Endpoint object using the host as provided
00382 // in the listen point list. We must use the host in that form
00383 // because that's also how the ORB on the other side will
00384 // advertise the host in an IOR.
00385 //
00386 // Note that the port in the ACE_INET_Addr is actually the SSL
00387 // port!
00388 TAO_IIOP_Endpoint tmpoint (listen_point.host.in (),
00389 listen_point.port,
00390 addr);
00391
00392 // @@ This is broken. Instead of just using the default CORBA
00393 // SecurityAssociation options, by not supplying SSLIOP::SSL
00394 // instance in the endpoint constructor, we need to include the
00395 // actual SecurityAssociation options so that the invocation to
00396 // the originator is attempted with the appropriate security
00397 // settings. Unfortunately, there is currently no portable way to
00398 // send the SecurityAssociation options with the
00399 // IIOP::ListenPointList. Presumably the new Firewall
00400 // specification will address this deficiency.
00401 TAO_SSLIOP_Synthetic_Endpoint endpoint (&tmpoint);
00402
00403 // Construct a property object
00404 TAO_Base_Transport_Property prop (&endpoint);
00405
00406 // Mark the connection as bidirectional
00407 prop.set_bidir_flag (1);
00408
00409 // The property for this handler has changed. Recache the
00410 // handler with this property
00411 const int retval = this->transport ()->recache_transport (&prop);
00412 if (retval == -1)
00413 return retval;
00414
00415 // Make the handler idle and ready for use
00416 this->transport ()->make_idle ();
00417 }
00418
00419 return 0;
00420 }
|
|
|
Reimplemented from TAO_Connection_Handler. Definition at line 307 of file SSLIOP_Connection_Handler.cpp. References ACE_Svc_Handler<, >::peer(). Referenced by ~Connection_Handler().
00308 {
00309 return this->peer().close ();
00310 }
|
|
|
Reimplemented from ACE_Event_Handler. Definition at line 238 of file SSLIOP_Connection_Handler.cpp.
00239 {
00240 return ACE_Event_Handler::ACE_APPLICATION_RESUMES_HANDLER;
00241 }
|
|
||||||||||||||||
|
Make the SSL session state available to the SSLIOP::Current object. Definition at line 423 of file SSLIOP_Connection_Handler.cpp. References TAO::SSLIOP::Current_Impl::ssl(). Referenced by TAO::SSLIOP::State_Guard::State_Guard().
00427 {
00428 // Make the SSL session state available to the SSLIOP::Current
00429 // TSS object.
00430 new_current_impl->ssl (this->peer ().ssl ());
00431
00432 // The following call is reentrant and thread-safe
00433 this->current_->setup (previous_current_impl,
00434 new_current_impl,
00435 setup_done);
00436
00437 return 0;
00438 }
|
|
||||||||||||
|
Teardown the SSL session state.
Definition at line 441 of file SSLIOP_Connection_Handler.cpp. Referenced by TAO::SSLIOP::State_Guard::~State_Guard().
00444 {
00445 this->current_->teardown (previous_current_impl, setup_done);
00446 }
|
|
|
Reference to the SSLIOP::Current object (downcast to gain access to the low-level management methods). Definition at line 122 of file SSLIOP_Connection_Handler.h. |
|
|
TCP configuration for this connection.
Definition at line 127 of file SSLIOP_Connection_Handler.h. |
1.3.6