#include <SSLIOP_Acceptor.h>
Collaboration diagram for TAO::SSLIOP::Acceptor:
Public Types | |
| typedef TAO_Strategy_Acceptor< Connection_Handler, ACE_SSL_SOCK_ACCEPTOR > | BASE_ACCEPTOR |
| typedef TAO_Creation_Strategy< Connection_Handler > | CREATION_STRATEGY |
| typedef TAO_Concurrency_Strategy< Connection_Handler > | CONCURRENCY_STRATEGY |
| typedef Accept_Strategy | ACCEPT_STRATEGY |
Public Member Functions | |
| Acceptor (::Security::QOP qop, const ACE_Time_Value &timeout) | |
| Constructor. | |
| ~Acceptor (void) | |
| Destructor. | |
| const ::SSLIOP::SSL & | ssl_component (void) const |
The TAO_Acceptor Methods | |
Check the documentation in tao/Pluggable.h for details. | |
| virtual int | open (TAO_ORB_Core *orb_core, ACE_Reactor *reactor, int version_major, int version_minor, const char *address, const char *options=0) |
| virtual int | open_default (TAO_ORB_Core *orb_core, ACE_Reactor *reactor, int version_major, int version_minor, const char *options=0) |
| virtual int | close (void) |
| virtual int | create_profile (const TAO::ObjectKey &object_key, TAO_MProfile &mprofile, CORBA::Short priority) |
| virtual int | is_collocated (const TAO_Endpoint *endpoint) |
Private Member Functions | |
| int | ssliop_open_i (TAO_ORB_Core *orb_core, const ACE_INET_Addr &addr, ACE_Reactor *reactor) |
| Implement the common part of the open*() methods. | |
| virtual int | parse_options_i (int &argc, ACE_CString **argv) |
| Parse protocol specific options. | |
| int | verify_secure_configuration (TAO_ORB_Core *orb_core, int major, int minor) |
| int | create_new_profile (const TAO::ObjectKey &object_key, TAO_MProfile &mprofile, CORBA::Short priority) |
| int | create_shared_profile (const TAO::ObjectKey &object_key, TAO_MProfile &mprofile, CORBA::Short priority) |
Private Attributes | |
| BASE_ACCEPTOR | ssl_acceptor_ |
| The concrete acceptor, as a pointer to it's base class. | |
Acceptor Strategies | |
Strategies used when accepting an incoming connection. | |
| CREATION_STRATEGY * | creation_strategy_ |
| CONCURRENCY_STRATEGY * | concurrency_strategy_ |
| ACCEPT_STRATEGY * | accept_strategy_ |
| ::SSLIOP::SSL | ssl_component_ |
| The CSIv1 SSL component. | |
| CSIIOP::TLS_SEC_TRANS | csiv2_component_ |
| The SSLIOP CSIv2 tagged component. | |
| const ACE_Time_Value | timeout_ |
| The accept() timeout. | |
Definition at line 48 of file SSLIOP_Acceptor.h.
Definition at line 63 of file SSLIOP_Acceptor.h.
| typedef TAO_Strategy_Acceptor<Connection_Handler, ACE_SSL_SOCK_ACCEPTOR> TAO::SSLIOP::Acceptor::BASE_ACCEPTOR |
Definition at line 60 of file SSLIOP_Acceptor.h.
Definition at line 62 of file SSLIOP_Acceptor.h.
Definition at line 61 of file SSLIOP_Acceptor.h.
| TAO_BEGIN_VERSIONED_NAMESPACE_DECL TAO::SSLIOP::Acceptor::Acceptor | ( | ::Security::QOP | qop, | |
| const ACE_Time_Value & | timeout | |||
| ) |
Constructor.
Definition at line 22 of file SSLIOP_Acceptor.cpp.
References ACE_SET_BITS, Confidentiality, Security::Confidentiality, EstablishTrustInTarget, Security::EstablishTrustInTarget, Integrity, Security::Integrity, NoDelegation, Security::NoDelegation, NoProtection, Security::NoProtection, and Security::SecQOPNoProtection.
00024 : TAO::IIOP_SSL_Acceptor (), 00025 ssl_acceptor_ (this), 00026 creation_strategy_ (0), 00027 concurrency_strategy_ (0), 00028 accept_strategy_ (0), 00029 timeout_ (timeout) 00030 { 00031 // --- CSIv1 --- 00032 00033 // Clear all bits in the SSLIOP::SSL association option fields. 00034 this->ssl_component_.target_supports = 0; 00035 this->ssl_component_.target_requires = 0; 00036 00037 // SSLIOP requires these Security::AssociationOptions by default. 00038 ACE_SET_BITS (this->ssl_component_.target_requires, 00039 ::Security::Integrity 00040 | ::Security::Confidentiality 00041 | ::Security::NoDelegation); 00042 00043 // SSLIOP supports these Security::AssociationOptions by default. 00044 ACE_SET_BITS (this->ssl_component_.target_supports, 00045 ::Security::Integrity 00046 | ::Security::Confidentiality 00047 | ::Security::EstablishTrustInTarget 00048 | ::Security::NoDelegation); 00049 00050 // Initialize the default SSL port to zero (wild card port). 00051 this->ssl_component_.port = 0; 00052 00053 // @@ This should go away once we support setting security 00054 // association options through policies. 00055 if (qop == ::Security::SecQOPNoProtection) 00056 ACE_SET_BITS (this->ssl_component_.target_supports, 00057 ::Security::NoProtection); 00058 00059 00060 // --- CSIv2 --- 00061 00062 // Clear all bits in the CSIIOP::TLS_SEC_TRANS association option 00063 // fields. 00064 this->csiv2_component_.target_supports = 0; 00065 this->csiv2_component_.target_requires = 0; 00066 00067 // SSLIOP requires these CSIIOP::AssociationOptions by default. 00068 ACE_SET_BITS (this->csiv2_component_.target_requires, 00069 CSIIOP::Integrity 00070 | CSIIOP::Confidentiality 00071 | CSIIOP::NoDelegation); 00072 00073 // SSLIOP supports these CSIIOP::AssociationOptions by default. 00074 ACE_SET_BITS (this->csiv2_component_.target_supports, 00075 CSIIOP::Integrity 00076 | CSIIOP::Confidentiality 00077 | CSIIOP::EstablishTrustInTarget 00078 | CSIIOP::NoDelegation); 00079 00080 // @@ This should go away once we support setting security 00081 // association options through policies. 00082 if (qop == CSIIOP::NoProtection) 00083 ACE_SET_BITS (this->csiv2_component_.target_supports, 00084 CSIIOP::NoProtection); 00085 }
| TAO::SSLIOP::Acceptor::~Acceptor | ( | void | ) |
Destructor.
Definition at line 87 of file SSLIOP_Acceptor.cpp.
References accept_strategy_, close(), concurrency_strategy_, and creation_strategy_.
00088 { 00089 // Make sure we are closed before we start destroying the 00090 // strategies. 00091 this->close (); 00092 00093 delete this->creation_strategy_; 00094 delete this->concurrency_strategy_; 00095 delete this->accept_strategy_; 00096 }
| int TAO::SSLIOP::Acceptor::close | ( | void | ) | [virtual] |
Definition at line 359 of file SSLIOP_Acceptor.cpp.
References ACE_Acceptor< SVC_HANDLER, >::close(), and ssl_acceptor_.
Referenced by ~Acceptor().
00360 { 00361 int r = this->ssl_acceptor_.close (); 00362 if (this->IIOP_SSL_Acceptor::close () != 0) 00363 r = -1; 00364 00365 return r; 00366 }
| int TAO::SSLIOP::Acceptor::create_new_profile | ( | const TAO::ObjectKey & | object_key, | |
| TAO_MProfile & | mprofile, | |||
| CORBA::Short | priority | |||
| ) | [private] |
Helper method to add a new profile to the mprofile for each endpoint.
Definition at line 120 of file SSLIOP_Acceptor.cpp.
References ACE_NEW_RETURN, ACE_OutputCDR::begin(), TAO_MProfile::give_profile(), TAO_MProfile::grow(), ACE_OS::memcpy(), TAO_MProfile::profile_count(), TAO_Codeset_Manager::set_codeset(), TAO_Tagged_Components::set_component(), TAO_MProfile::size(), ssl_component_, SSLIOP::TAG_SSL_SEC_TRANS, TAO_Profile::tagged_components(), TAO_ENCAP_BYTE_ORDER, TAO_ORB_TYPE, and ACE_OutputCDR::total_length().
Referenced by create_profile().
00123 { 00124 // Adding this->endpoint_count_ to the TAO_MProfile. 00125 const int count = mprofile.profile_count (); 00126 if ((mprofile.size () - count) < this->endpoint_count_ 00127 && mprofile.grow (count + this->endpoint_count_) == -1) 00128 return -1; 00129 00130 // Create a profile for each acceptor endpoint. 00131 for (size_t i = 0; i < this->endpoint_count_; ++i) 00132 { 00133 TAO_SSLIOP_Profile *pfile = 0; 00134 00135 // @@ We need to create an SSLIOP::SSL component for the object 00136 // we're creating an MProfile for. This will allow us to 00137 // properly embed secure invocation policies in the generated 00138 // IOR, i.e. secure invocation policies on a per-object 00139 // basis, rather than on a per-endpoint basis. If no secure 00140 // invocation policies have been set then we should use the 00141 // below default SSLIOP::SSL component. 00142 ACE_NEW_RETURN (pfile, 00143 TAO_SSLIOP_Profile (this->hosts_[i], 00144 this->addrs_[i].get_port_number (), 00145 object_key, 00146 this->addrs_[i], 00147 this->version_, 00148 this->orb_core_, 00149 &(this->ssl_component_)), 00150 -1); 00151 pfile->endpoint ()->priority (priority); 00152 00153 if (mprofile.give_profile (pfile) == -1) 00154 { 00155 pfile->_decr_refcnt (); 00156 pfile = 0; 00157 return -1; 00158 } 00159 00160 if (this->orb_core_->orb_params ()->std_profile_components () == 0) 00161 continue; 00162 00163 pfile->tagged_components ().set_orb_type (TAO_ORB_TYPE); 00164 00165 TAO_Codeset_Manager *csm = this->orb_core_->codeset_manager(); 00166 if (csm) 00167 csm->set_codeset (pfile->tagged_components()); 00168 00169 IOP::TaggedComponent component; 00170 component.tag = ::SSLIOP::TAG_SSL_SEC_TRANS; 00171 00172 // @@???? Check this code, only intended as guideline... 00173 TAO_OutputCDR cdr; 00174 cdr << TAO_OutputCDR::from_boolean (TAO_ENCAP_BYTE_ORDER); 00175 00176 // @@ We need to create an SSLIOP::SSL component for the object 00177 // we're creating an MProfile for. This will allow us to 00178 // properly embed secure invocation policies in the generated 00179 // IOR, i.e. secure invocation policies on a per-object 00180 // basis, rather than on a per-endpoint basis. If no secure 00181 // invocation policies have been set then we should use the 00182 // below default SSLIOP::SSL component. 00183 cdr << this->ssl_component_; 00184 00185 // TAO extension, replace the contents of the octet sequence with 00186 // the CDR stream 00187 const CORBA::ULong length = cdr.total_length (); 00188 component.component_data.length (length); 00189 CORBA::Octet *buf = component.component_data.get_buffer (); 00190 for (const ACE_Message_Block *i = cdr.begin (); 00191 i != 0; 00192 i = i->cont ()) 00193 { 00194 ACE_OS::memcpy (buf, i->rd_ptr (), i->length ()); 00195 buf += i->length (); 00196 } 00197 00198 pfile->tagged_components ().set_component (component); 00199 } 00200 00201 return 0; 00202 }
| int TAO::SSLIOP::Acceptor::create_profile | ( | const TAO::ObjectKey & | object_key, | |
| TAO_MProfile & | mprofile, | |||
| CORBA::Short | priority | |||
| ) | [virtual] |
Definition at line 99 of file SSLIOP_Acceptor.cpp.
References create_new_profile(), create_shared_profile(), and TAO_INVALID_PRIORITY.
00102 { 00103 // Sanity check. 00104 if (this->endpoint_count_ == 0) 00105 return -1; 00106 00107 // Check if multiple endpoints should be put in one profile or 00108 // if they should be spread across multiple profiles. 00109 if (priority == TAO_INVALID_PRIORITY) 00110 return this->create_new_profile (object_key, 00111 mprofile, 00112 priority); 00113 else 00114 return this->create_shared_profile (object_key, 00115 mprofile, 00116 priority); 00117 }
| int TAO::SSLIOP::Acceptor::create_shared_profile | ( | const TAO::ObjectKey & | object_key, | |
| TAO_MProfile & | mprofile, | |||
| CORBA::Short | priority | |||
| ) | [private] |
Helper method to create a profile that contains all of our endpoints.
Definition at line 206 of file SSLIOP_Acceptor.cpp.
References TAO_Profile::_decr_refcnt(), ACE_NEW_RETURN, TAO_SSLIOP_Profile::add_endpoint(), ACE_OutputCDR::begin(), ACE_Message_Block::cont(), TAO_SSLIOP_Profile::endpoint(), TAO_MProfile::get_profile(), TAO_MProfile::give_profile(), ACE_OS::memcpy(), TAO_Endpoint::priority(), TAO_MProfile::profile_count(), TAO_Codeset_Manager::set_codeset(), TAO_Tagged_Components::set_component(), TAO_Tagged_Components::set_orb_type(), ssl_component_, TAO_Profile::tag(), SSLIOP::TAG_SSL_SEC_TRANS, TAO_Profile::tagged_components(), TAO_ENCAP_BYTE_ORDER, TAO_ORB_TYPE, and ACE_OutputCDR::total_length().
Referenced by create_profile().
00209 { 00210 size_t index = 0; 00211 TAO_Profile *pfile = 0; 00212 TAO_SSLIOP_Profile *ssliop_profile = 0; 00213 00214 // First see if <mprofile> already contains a SSLIOP profile. 00215 for (TAO_PHandle i = 0; i != mprofile.profile_count (); ++i) 00216 { 00217 pfile = mprofile.get_profile (i); 00218 if (pfile->tag () == IOP::TAG_INTERNET_IOP) 00219 { 00220 ssliop_profile = dynamic_cast<TAO_SSLIOP_Profile *> (pfile); 00221 if (ssliop_profile == 0) 00222 return -1; 00223 break; 00224 } 00225 } 00226 00227 // If <mprofile> doesn't contain SSLIOP_Profile, we need to create 00228 // one. 00229 if (ssliop_profile == 0) 00230 { 00231 // @@ We need to create an SSLIOP::SSL component for the object 00232 // we're creating an MProfile for. This will allow us to 00233 // properly embed secure invocation policies in the generated 00234 // IOR, i.e. secure invocation policies on a per-object 00235 // basis, rather than on a per-endpoint basis. If no secure 00236 // invocation policies have been set then we should use the 00237 // below default SSLIOP::SSL component. 00238 ACE_NEW_RETURN (ssliop_profile, 00239 TAO_SSLIOP_Profile (this->hosts_[0], 00240 this->addrs_[0].get_port_number (), 00241 object_key, 00242 this->addrs_[0], 00243 this->version_, 00244 this->orb_core_, 00245 &(this->ssl_component_)), 00246 -1); 00247 00248 TAO_SSLIOP_Endpoint * const ssliop_endp = 00249 dynamic_cast<TAO_SSLIOP_Endpoint *> (ssliop_profile->endpoint ()); 00250 00251 if (!ssliop_endp) 00252 return -1; 00253 00254 ssliop_endp->priority (priority); 00255 ssliop_endp->iiop_endpoint ()->priority (priority); 00256 00257 if (mprofile.give_profile (ssliop_profile) == -1) 00258 { 00259 ssliop_profile->_decr_refcnt (); 00260 ssliop_profile = 0; 00261 return -1; 00262 } 00263 00264 if (this->orb_core_->orb_params ()->std_profile_components () != 0) 00265 { 00266 ssliop_profile->tagged_components ().set_orb_type (TAO_ORB_TYPE); 00267 00268 TAO_Codeset_Manager *csm = this->orb_core_->codeset_manager(); 00269 if (csm) 00270 csm->set_codeset(ssliop_profile->tagged_components()); 00271 00272 IOP::TaggedComponent component; 00273 component.tag = ::SSLIOP::TAG_SSL_SEC_TRANS; 00274 // @@???? Check this code, only intended as guideline... 00275 TAO_OutputCDR cdr; 00276 cdr << TAO_OutputCDR::from_boolean (TAO_ENCAP_BYTE_ORDER); 00277 00278 // @@ We need to create an SSLIOP::SSL component for the 00279 // object we're creating an MProfile for. This will 00280 // allow us to properly embed secure invocation policies 00281 // in the generated IOR, i.e. secure invocation policies 00282 // on a per-object basis, rather than on a per-endpoint 00283 // basis. If no secure invocation policies have been set 00284 // then we should use the below default SSLIOP::SSL 00285 // component. 00286 cdr << this->ssl_component_; 00287 00288 // TAO extension, replace the contents of the octet sequence with 00289 // the CDR stream 00290 CORBA::ULong length = cdr.total_length (); 00291 component.component_data.length (length); 00292 CORBA::Octet *buf = component.component_data.get_buffer (); 00293 for (const ACE_Message_Block *i = cdr.begin (); 00294 i != 0; 00295 i = i->cont ()) 00296 { 00297 ACE_OS::memcpy (buf, i->rd_ptr (), i->length ()); 00298 buf += i->length (); 00299 } 00300 00301 ssliop_profile->tagged_components ().set_component (component); 00302 } 00303 00304 index = 1; 00305 } 00306 00307 // Add any remaining endpoints to the SSLIOP_Profile. 00308 for (; 00309 index < this->endpoint_count_; 00310 ++index) 00311 { 00312 TAO_SSLIOP_Endpoint *ssl_endp = 0; 00313 TAO_IIOP_Endpoint *iiop_endp = 0; 00314 ACE_NEW_RETURN (iiop_endp, 00315 TAO_IIOP_Endpoint (this->hosts_[index], 00316 this->addrs_[index].get_port_number (), 00317 this->addrs_[index]), 00318 -1); 00319 iiop_endp->priority (priority); 00320 00321 ACE_NEW_RETURN (ssl_endp, 00322 TAO_SSLIOP_Endpoint (&(this->ssl_component_), 00323 iiop_endp), 00324 -1); 00325 00326 ssl_endp->priority (priority); 00327 ssliop_profile->add_endpoint (ssl_endp); 00328 } 00329 00330 return 0; 00331 }
| int TAO::SSLIOP::Acceptor::is_collocated | ( | const TAO_Endpoint * | endpoint | ) | [virtual] |
Definition at line 334 of file SSLIOP_Acceptor.cpp.
References TAO_SSLIOP_Endpoint::iiop_endpoint(), and TAO_IIOP_Endpoint::object_addr().
00335 { 00336 const TAO_SSLIOP_Endpoint *endp = 00337 dynamic_cast<const TAO_SSLIOP_Endpoint *> (endpoint); 00338 00339 // Make sure the dynamically cast pointer is valid. 00340 if (endp == 0) 00341 return 0; 00342 00343 for (size_t i = 0; i < this->endpoint_count_; ++i) 00344 { 00345 // @@ TODO The following code looks funky, why only the address 00346 // is compared? What about the IIOP address? Why force a 00347 // DNS lookup every time an SSLIOP object is decoded: 00348 // 00349 // http://deuce.doc.wustl.edu/bugzilla/show_bug.cgi?id=1220 00350 // 00351 if (endp->iiop_endpoint ()->object_addr () == this->addrs_[i]) 00352 return 1; // Collocated 00353 } 00354 00355 return 0; // Not collocated 00356 }
| int TAO::SSLIOP::Acceptor::open | ( | TAO_ORB_Core * | orb_core, | |
| ACE_Reactor * | reactor, | |||
| int | version_major, | |||
| int | version_minor, | |||
| const char * | address, | |||
| const char * | options = 0 | |||
| ) | [virtual] |
Definition at line 369 of file SSLIOP_Acceptor.cpp.
References ACE_INET_Addr::set_port_number(), and ssliop_open_i().
00375 { 00376 // Ensure that neither the endpoint configuration nor the ORB 00377 // configuration violate security measures. 00378 if (this->verify_secure_configuration (orb_core, 00379 major, 00380 minor) != 0) 00381 return -1; 00382 00383 ACE_INET_Addr addr; 00384 ACE_CString specified_hostname; 00385 if (this->parse_address (address, addr, specified_hostname) == -1) 00386 return -1; 00387 00388 // Open the non-SSL enabled endpoints, then open the SSL enabled 00389 // endpoints. 00390 if (this->IIOP_SSL_Acceptor::open (orb_core, 00391 reactor, 00392 major, 00393 minor, 00394 address, 00395 options) != 0) 00396 return -1; 00397 00398 // The SSL port is set in the parse_options() method. All we have 00399 // to do is call open_i() 00400 addr.set_port_number (this->ssl_component_.port); 00401 00402 return this->ssliop_open_i (orb_core, 00403 addr, 00404 reactor); 00405 }
| int TAO::SSLIOP::Acceptor::open_default | ( | TAO_ORB_Core * | orb_core, | |
| ACE_Reactor * | reactor, | |||
| int | version_major, | |||
| int | version_minor, | |||
| const char * | options = 0 | |||
| ) | [virtual] |
Definition at line 408 of file SSLIOP_Acceptor.cpp.
References INADDR_ANY, ACE_INET_Addr::set(), and ssliop_open_i().
00413 { 00414 // Ensure that neither the endpoint configuration nor the ORB 00415 // configuration violate security measures. 00416 if (this->verify_secure_configuration (orb_core, 00417 major, 00418 minor) != 0) 00419 return -1; 00420 00421 // Open the non-SSL enabled endpoints, then open the SSL enabled 00422 // endpoints. 00423 if (this->IIOP_SSL_Acceptor::open_default (orb_core, 00424 reactor, 00425 major, 00426 minor, 00427 options) == -1) 00428 return -1; 00429 00430 // Now that each network interface's hostname has been cached, open 00431 // an endpoint on each network interface using the INADDR_ANY 00432 // address. 00433 ACE_INET_Addr addr; 00434 00435 // this->ssl_component_.port is initialized to zero or it is set in 00436 // this->parse_options(). 00437 if (addr.set (this->ssl_component_.port, 00438 static_cast<ACE_UINT32> (INADDR_ANY), 00439 1) != 0) 00440 return -1; 00441 00442 return this->ssliop_open_i (orb_core, 00443 addr, 00444 reactor); 00445 }
| int TAO::SSLIOP::Acceptor::parse_options_i | ( | int & | argc, | |
| ACE_CString ** | argv | |||
| ) | [private, virtual] |
Parse protocol specific options.
Definition at line 581 of file SSLIOP_Acceptor.cpp.
References ACE_ERROR_RETURN, ACE_TEXT(), ACE_OS::atoi(), ACE_String_Base< CHAR >::c_str(), ACE_String_Base< CHAR >::find(), LM_ERROR, SSLIOP::SSL::port, ssl_component_, ACE_OS::strcmp(), and ACE_String_Base< CHAR >::substring().
00582 { 00583 //first, do the base class parser, then parse the leftovers. 00584 int result = this->IIOP_SSL_Acceptor::parse_options_i(argc,argv); 00585 if (result == -1) 00586 return result; 00587 00588 // then parse out our own options. 00589 int i = 0; 00590 while (i < argc) 00591 { 00592 // since the base class has already iterated over the list once, 00593 // it has vound any ill-formed options. Therefore we don't need 00594 // to do that again here. 00595 int slot = argv[i]->find ("="); 00596 ACE_CString name = argv[i]->substring (0, slot); 00597 ACE_CString value = argv[i]->substring (slot + 1); 00598 00599 if (name == "priority") 00600 { 00601 ACE_ERROR_RETURN ((LM_ERROR, 00602 ACE_TEXT ("TAO (%P|%t) Invalid SSLIOP endpoint format: ") 00603 ACE_TEXT ("endpoint priorities no longer supported. \n"), 00604 value.c_str ()), 00605 -1); 00606 } 00607 else if (ACE_OS::strcmp (name.c_str (), "ssl_port") == 0) 00608 { 00609 int ssl_port = ACE_OS::atoi (value.c_str ()); 00610 00611 if (ssl_port >= 0 && ssl_port < 65536) 00612 this->ssl_component_.port = ssl_port; 00613 else 00614 ACE_ERROR_RETURN ((LM_ERROR, 00615 ACE_TEXT ("TAO (%P|%t) Invalid ") 00616 ACE_TEXT ("IIOP/SSL endpoint ") 00617 ACE_TEXT ("port: <%s>\n"), 00618 value.c_str ()), 00619 -1); 00620 } 00621 else 00622 { 00623 // the name is not known, skip to the next option 00624 i++; 00625 continue; 00626 } 00627 // at the end, we've consumed this argument. Shift the list and 00628 // put this one on the end. This technique has the effect of 00629 // putting them in reverse order, but that doesn't matter, since 00630 // these arguments are only whole strings. 00631 argc--; 00632 ACE_CString *temp = argv[i]; 00633 for (int j = i; j <= argc-1; j++) 00634 argv[j] = argv[j+1]; 00635 argv[argc] = temp; 00636 00637 } 00638 return 0; 00639 }
| TAO_BEGIN_VERSIONED_NAMESPACE_DECL ACE_INLINE const SSLIOP::SSL & TAO::SSLIOP::Acceptor::ssl_component | ( | void | ) | const |
Retrieve the CSIv1 SSLIOP::SSL component associated with the endpoints set up by this acceptor.
Definition at line 9 of file SSLIOP_Acceptor.inl.
References ssl_component_.
Referenced by TAO::SSLIOP::Transport::get_listen_point().
00010 { 00011 return this->ssl_component_; 00012 }
| int TAO::SSLIOP::Acceptor::ssliop_open_i | ( | TAO_ORB_Core * | orb_core, | |
| const ACE_INET_Addr & | addr, | |||
| ACE_Reactor * | reactor | |||
| ) | [private] |
Implement the common part of the open*() methods.
Definition at line 448 of file SSLIOP_Acceptor.cpp.
References ACE_CLOEXEC, ACE_DEBUG, ACE_MAX_DEFAULT_PORT, ACE_NEW_RETURN, ACE_TEXT(), ACE_INET_Addr::get_port_number(), LM_DEBUG, SSLIOP::SSL::port, ACE_INET_Addr::set_port_number(), ssl_component_, and TAO_debug_level.
Referenced by open(), and open_default().
00451 { 00452 this->orb_core_ = orb_core; 00453 00454 ACE_NEW_RETURN (this->creation_strategy_, 00455 CREATION_STRATEGY (this->orb_core_), 00456 -1); 00457 00458 ACE_NEW_RETURN (this->concurrency_strategy_, 00459 CONCURRENCY_STRATEGY (this->orb_core_), 00460 -1); 00461 00462 ACE_NEW_RETURN (this->accept_strategy_, 00463 ACCEPT_STRATEGY (this->orb_core_, 00464 this->timeout_), 00465 -1); 00466 00467 u_short requested_port = addr.get_port_number (); 00468 if (requested_port == 0) 00469 { 00470 // don't care, i.e., let the OS choose an ephemeral port 00471 if (this->ssl_acceptor_.open (addr, 00472 reactor, 00473 this->creation_strategy_, 00474 this->accept_strategy_, 00475 this->concurrency_strategy_, 00476 0, 0, 0, 1, 00477 this->reuse_addr_) == -1) 00478 { 00479 if (TAO_debug_level > 0) 00480 ACE_DEBUG ((LM_DEBUG, 00481 ACE_TEXT ("\n\nTAO (%P|%t) ") 00482 ACE_TEXT ("SSLIOP_Acceptor::open_i - %p\n\n"), 00483 ACE_TEXT ("cannot open acceptor"))); 00484 return -1; 00485 } 00486 } 00487 else 00488 { 00489 ACE_INET_Addr a(addr); 00490 00491 int found_a_port = 0; 00492 ACE_UINT32 last_port = requested_port + this->port_span_ - 1; 00493 if (last_port > ACE_MAX_DEFAULT_PORT) 00494 { 00495 last_port = ACE_MAX_DEFAULT_PORT; 00496 } 00497 00498 for (ACE_UINT32 p = requested_port; p <= last_port; p++) 00499 { 00500 if (TAO_debug_level > 5) 00501 ACE_DEBUG ((LM_DEBUG, 00502 ACE_TEXT ("TAO (%P|%t) IIOP_Acceptor::open_i() ") 00503 ACE_TEXT ("trying to listen on port %d\n"), p)); 00504 00505 // Now try to actually open on that port 00506 a.set_port_number ((u_short)p); 00507 if (this->ssl_acceptor_.open (a, 00508 reactor, 00509 this->creation_strategy_, 00510 this->accept_strategy_, 00511 this->concurrency_strategy_, 00512 0, 0, 0, 1, 00513 this->reuse_addr_) != -1) 00514 { 00515 found_a_port = 1; 00516 break; 00517 } 00518 } 00519 00520 // Now, if we couldn't locate a port, we punt 00521 if (! found_a_port) 00522 { 00523 if (TAO_debug_level > 0) 00524 ACE_DEBUG ((LM_DEBUG, 00525 ACE_TEXT ("\n\nTAO (%P|%t) ") 00526 ACE_TEXT ("SSLIOP_Acceptor::open_i - %p\n\n"), 00527 ACE_TEXT ("cannot open acceptor"))); 00528 return -1; 00529 } 00530 } 00531 00532 ACE_INET_Addr ssl_address; 00533 00534 // We do this to make sure the port number the endpoint is listening 00535 // on gets set in the addr. 00536 if (this->ssl_acceptor_.acceptor ().get_local_addr (ssl_address) != 0) 00537 { 00538 // @@ Should this be a catastrophic error??? 00539 if (TAO_debug_level > 0) 00540 ACE_DEBUG ((LM_DEBUG, 00541 ACE_TEXT ("\n\nTAO (%P|%t) ") 00542 ACE_TEXT ("SSLIOP_Acceptor::open_i - %p\n\n"), 00543 ACE_TEXT ("cannot get local addr"))); 00544 return -1; 00545 } 00546 00547 // Reset the SSL endpoint port to the one chosen by the OS (or by 00548 // the user if provided. 00549 this->ssl_component_.port = ssl_address.get_port_number (); 00550 00551 (void) this->ssl_acceptor_.acceptor().enable (ACE_CLOEXEC); 00552 // This avoids having child processes acquire the listen socket 00553 // thereby denying the server the opportunity to restart on a 00554 // well-known endpoint. This does not affect the aberrent behavior 00555 // on Win32 platforms. 00556 00557 if (TAO_debug_level > 5) 00558 { 00559 for (size_t i = 0; i < this->endpoint_count_; ++i) 00560 { 00561 ACE_DEBUG ((LM_DEBUG, 00562 ACE_TEXT ("TAO (%P|%t) ") 00563 ACE_TEXT ("SSLIOP_Acceptor::open_i - ") 00564 ACE_TEXT ("listening on: <%s:%u>\n"), 00565 this->hosts_[i], 00566 this->ssl_component_.port)); 00567 } 00568 } 00569 00570 // In the event that an accept() fails, we can examine the reason. If 00571 // the reason warrants it, we can try accepting again at a later time. 00572 // The amount of time we wait to accept again is governed by this orb 00573 // parameter. 00574 this->set_error_retry_delay ( 00575 this->orb_core_->orb_params ()->accept_error_delay()); 00576 00577 return 0; 00578 }
| int TAO::SSLIOP::Acceptor::verify_secure_configuration | ( | TAO_ORB_Core * | orb_core, | |
| int | major, | |||
| int | minor | |||
| ) | [private] |
Ensure that neither the endpoint configuration nor the ORB configuration violate security measures.
Definition at line 642 of file SSLIOP_Acceptor.cpp.
References ACE_BIT_DISABLED, ACE_ERROR, ACE_TEXT(), LM_ERROR, Security::NoProtection, TAO_ORB_Core::orb_params(), TAO_ORB_Parameters::std_profile_components(), and TAO_debug_level.
00645 { 00646 // Sanity check. 00647 if (major < 1) 00648 { 00649 // There is no such thing as IIOP 0.x. 00650 errno = EINVAL; 00651 return -1; 00652 } 00653 00654 // In order to support a secure connection, the SSLIOP::SSL tagged 00655 // component must be embedded in the IOR. This isn't possible if 00656 // the user elects to disable standard profile components. 00657 // Similarly, IIOP 1.0 does not support tagged components, which 00658 // makes it impossible to embed the SSLIOP::SSL tagged component 00659 // within the IOR. If the given object explicitly disallows 00660 // insecure invocations and standard profile components are 00661 // disabled, then return with an error since secure invocations 00662 // cannot be supported without standard profile components. 00663 // 00664 // Note that it isn't enough to support NoProtection. NoProtection 00665 // must be required since "support" does not preclude the secure 00666 // port from being used. 00667 00668 if ((orb_core->orb_params ()->std_profile_components () == 0 00669 || (major == 1 && minor == 0)) 00670 && ACE_BIT_DISABLED (this->ssl_component_.target_requires, 00671 ::Security::NoProtection)) 00672 { 00673 if (TAO_debug_level > 0) 00674 ACE_ERROR ((LM_ERROR, 00675 ACE_TEXT ("(%P|%t) Cannot support secure ") 00676 ACE_TEXT ("IIOP over SSL connection if\n") 00677 ACE_TEXT ("(%P|%t) standard profile ") 00678 ACE_TEXT ("components are disabled\n") 00679 ACE_TEXT ("(%P|%t) or IIOP 1.0 endpoint is ") 00680 ACE_TEXT ("used.\n"))); 00681 00682 errno = EINVAL; 00683 return -1; 00684 } 00685 00686 return 0; 00687 }
CSIIOP::TLS_SEC_TRANS TAO::SSLIOP::Acceptor::csiv2_component_ [private] |
The concrete acceptor, as a pointer to it's base class.
Definition at line 124 of file SSLIOP_Acceptor.h.
Referenced by close().
::SSLIOP::SSL TAO::SSLIOP::Acceptor::ssl_component_ [private] |
The CSIv1 SSL component.
This is the SSLIOP endpoint-specific tagged component that is embedded in a given IOR.
Definition at line 140 of file SSLIOP_Acceptor.h.
Referenced by create_new_profile(), create_shared_profile(), parse_options_i(), ssl_component(), and ssliop_open_i().
const ACE_Time_Value TAO::SSLIOP::Acceptor::timeout_ [private] |
The accept() timeout.
This timeout includes the overall time to complete the SSL handshake. This includes both the TCP handshake and the SSL handshake.
Definition at line 154 of file SSLIOP_Acceptor.h.
1.4.7