#include <SSLIOP_Connection_Handler.h>
Inheritance diagram for TAO::SSLIOP::Connection_Handler:
Public Member Functions | |
| Connection_Handler (ACE_Thread_Manager *t=0) | |
| Connection_Handler (TAO_ORB_Core *orb_core) | |
| Constructor. | |
| ~Connection_Handler (void) | |
| Destructor. | |
| int | close (u_long=0) |
| int | add_transport_to_cache (void) |
| Add ourselves to cache. | |
| int | process_listen_point_list (IIOP::ListenPointList &listen_list) |
| Process the listen_list. | |
| int | setup_ssl_state (TAO::SSLIOP::Current_Impl *&previous_current_impl, TAO::SSLIOP::Current_Impl *new_current_impl, bool &setup_done) |
| void | teardown_ssl_state (TAO::SSLIOP::Current_Impl *previous_current_impl, bool &setup_done) |
| Teardown the SSL session state. | |
Connection Handler overloads | |
Connection Handler overloads. | |
| virtual int | open_handler (void *) |
Event Handler overloads | |
| virtual int | resume_handler (void) |
| virtual int | close_connection (void) |
| virtual int | handle_input (ACE_HANDLE) |
| virtual int | handle_output (ACE_HANDLE) |
| virtual int | handle_close (ACE_HANDLE, ACE_Reactor_Mask) |
| virtual int | handle_timeout (const ACE_Time_Value ¤t_time, const void *act=0) |
| virtual int | open (void *) |
Protected Member Functions | |
TAO_Connection Handler overloads | |
| virtual int | release_os_resources (void) |
| virtual void | pos_io_hook (int &return_value) |
Protected Attributes | |
| TAO::SSLIOP::Current_var | current_ |
Private Attributes | |
| TAO_IIOP_Properties * | tcp_properties_ |
| TCP configuration for this connection. | |
The Connection handler which is common for the Acceptor and the Connector
Definition at line 51 of file SSLIOP_Connection_Handler.h.
| TAO_BEGIN_VERSIONED_NAMESPACE_DECL TAO::SSLIOP::Connection_Handler::Connection_Handler | ( | ACE_Thread_Manager * | t = 0 |
) |
Definition at line 29 of file SSLIOP_Connection_Handler.cpp.
References ACE_ASSERT.
00031 : SVC_HANDLER (t, 0 , 0), 00032 TAO_Connection_Handler (0), 00033 current_ () 00034 { 00035 // This constructor should *never* get called, it is just here to 00036 // make the compiler happy: the default implementation of the 00037 // Creation_Strategy requires a constructor with that signature, we 00038 // don't use that implementation, but some (most?) compilers 00039 // instantiate it anyway. 00040 ACE_ASSERT (0); 00041 }
| TAO::SSLIOP::Connection_Handler::Connection_Handler | ( | TAO_ORB_Core * | orb_core | ) |
Constructor.
Definition at line 43 of file SSLIOP_Connection_Handler.cpp.
References ACE_NEW, TAO::SSLIOP::Util::current(), current_, TAO_Connection_Handler::orb_core(), and TAO_Connection_Handler::transport().
00044 : SVC_HANDLER (orb_core->thr_mgr (), 0, 0), 00045 TAO_Connection_Handler (orb_core), 00046 current_ () 00047 { 00048 this->current_ = TAO::SSLIOP::Util::current (orb_core); 00049 00050 TAO::SSLIOP::Transport* specific_transport = 0; 00051 ACE_NEW (specific_transport, 00052 TAO::SSLIOP::Transport (this, orb_core)); 00053 00054 // store this pointer (indirectly increment ref count) 00055 this->transport (specific_transport); 00056 }
| TAO::SSLIOP::Connection_Handler::~Connection_Handler | ( | void | ) |
Destructor.
Definition at line 58 of file SSLIOP_Connection_Handler.cpp.
References ACE_ERROR, ACE_TEXT(), LM_ERROR, release_os_resources(), TAO_debug_level, and TAO_Connection_Handler::transport().
00059 { 00060 delete this->transport (); 00061 int const result = 00062 this->release_os_resources (); 00063 00064 if (result == -1 && TAO_debug_level) 00065 { 00066 ACE_ERROR ((LM_ERROR, 00067 ACE_TEXT("TAO (%P|%t) - SSLIOP_Connection_Handler::") 00068 ACE_TEXT("~SSLIOP_Connection_Handler, ") 00069 ACE_TEXT("release_os_resources() failed %m\n"))); 00070 } 00071 }
| int TAO::SSLIOP::Connection_Handler::add_transport_to_cache | ( | void | ) |
Add ourselves to cache.
Definition at line 317 of file SSLIOP_Connection_Handler.cpp.
References ACE_INET_Addr::get_port_number(), TAO_ORB_Core::lane_resources(), TAO_Connection_Handler::orb_core(), and TAO_Thread_Lane_Resources::transport_cache().
00318 { 00319 ACE_INET_Addr addr; 00320 00321 // Get the peername. 00322 // 00323 // Note that the port set in the ACE_INET_Addr is actually the SSL 00324 // port! 00325 if (this->peer ().get_remote_addr (addr) == -1) 00326 return -1; 00327 00328 // Construct an IIOP_Endpoint object 00329 TAO_IIOP_Endpoint tmpoint ( 00330 addr, 00331 this->orb_core()->orb_params()->use_dotted_decimal_addresses()); 00332 00333 // @@ This is broken. We need to include the SecurityAssociation 00334 // options to be able to truly distinguish cached SSLIOP 00335 // transports. 00336 const ::SSLIOP::SSL ssl = 00337 { 00338 0, // target_supports 00339 0, // target_requires 00340 addr.get_port_number () // port 00341 }; 00342 00343 TAO_SSLIOP_Endpoint endpoint (&ssl, &tmpoint); 00344 00345 // Construct a property object 00346 TAO_Base_Transport_Property prop (&endpoint); 00347 00348 TAO::Transport_Cache_Manager &cache = 00349 this->orb_core ()->lane_resources ().transport_cache (); 00350 00351 // Add the handler to Cache 00352 return cache.cache_idle_transport (&prop, this->transport ()); 00353 }
| int TAO::SSLIOP::Connection_Handler::close | ( | u_long | = 0 |
) | [virtual] |
Close called by the Acceptor or Connector when connection establishment fails.
Reimplemented from ACE_Svc_Handler< ACE_SSL_SOCK_STREAM, ACE_NULL_SYNCH >.
Definition at line 298 of file SSLIOP_Connection_Handler.cpp.
References TAO_Connection_Handler::close_handler().
Referenced by handle_timeout(), and TAO::SSLIOP::Connector::ssliop_connect().
00299 { 00300 return this->close_handler (); 00301 }
| int TAO::SSLIOP::Connection_Handler::close_connection | ( | void | ) | [virtual] |
Implements TAO_Connection_Handler.
Definition at line 242 of file SSLIOP_Connection_Handler.cpp.
References TAO_Connection_Handler::close_connection_eh().
Referenced by handle_output().
00243 { 00244 return this->close_connection_eh (this); 00245 }
| int TAO::SSLIOP::Connection_Handler::handle_close | ( | ACE_HANDLE | , | |
| ACE_Reactor_Mask | ||||
| ) | [virtual] |
Reimplemented from ACE_Svc_Handler< ACE_SSL_SOCK_STREAM, ACE_NULL_SYNCH >.
Definition at line 291 of file SSLIOP_Connection_Handler.cpp.
References ACE_ASSERT.
00292 { 00293 ACE_ASSERT (0); 00294 return 0; 00295 }
| int TAO::SSLIOP::Connection_Handler::handle_input | ( | ACE_HANDLE | ) | [virtual] |
Implements TAO_Connection_Handler.
Definition at line 248 of file SSLIOP_Connection_Handler.cpp.
References TAO_Connection_Handler::handle_input_eh().
00249 { 00250 return this->handle_input_eh (h, this); 00251 }
| int TAO::SSLIOP::Connection_Handler::handle_output | ( | ACE_HANDLE | ) | [virtual] |
Reimplemented from ACE_Event_Handler.
Definition at line 254 of file SSLIOP_Connection_Handler.cpp.
References close_connection(), and TAO_Connection_Handler::handle_output_eh().
00255 { 00256 int const result = this->handle_output_eh (handle, this); 00257 00258 if (result == -1) 00259 { 00260 this->close_connection (); 00261 return 0; 00262 } 00263 00264 return result; 00265 }
| int TAO::SSLIOP::Connection_Handler::handle_timeout | ( | const ACE_Time_Value & | current_time, | |
| const void * | act = 0 | |||
| ) | [virtual] |
Reimplemented from ACE_Svc_Handler< ACE_SSL_SOCK_STREAM, ACE_NULL_SYNCH >.
Definition at line 268 of file SSLIOP_Connection_Handler.cpp.
References close(), TAO_LF_Event::LFS_TIMEOUT, and TAO_LF_Event::reset_state().
00270 { 00271 // Using this to ensure this instance will be deleted (if necessary) 00272 // only after reset_state(). Without this, when this refcount==1 - 00273 // the call to close() will cause a call to remove_reference() which 00274 // will delete this. At that point this->reset_state() is in no 00275 // man's territory and that causes SEGV on some platforms (Windows!) 00276 00277 TAO_Auto_Reference<TAO::SSLIOP::Connection_Handler> safeguard (*this); 00278 00279 // NOTE: Perhaps not the best solution, as it feels like the upper 00280 // layers should be responsible for this? 00281 00282 // We don't use this upcall for I/O. This is only used by the 00283 // Connector to indicate that the connection timedout. Therefore, 00284 // we should call close(). 00285 int const ret = this->close (); 00286 this->reset_state (TAO_LF_Event::LFS_TIMEOUT); 00287 return ret; 00288 }
| int TAO::SSLIOP::Connection_Handler::open | ( | void * | ) | [virtual] |
Reimplemented from ACE_Svc_Handler< ACE_SSL_SOCK_STREAM, ACE_NULL_SYNCH >.
Definition at line 80 of file SSLIOP_Connection_Handler.cpp.
References ACE_DEBUG, ACE_ERROR, ACE_IPPROTO_TCP, ACE_NONBLOCK, ACE_TEXT(), ACE_INET_Addr::addr_to_string(), TAO_Protocols_Hooks::client_protocol_properties_at_orb_level(), TAO_ORB_Core::get_protocols_hooks(), TAO_LF_Event::LFS_SUCCESS, LM_DEBUG, LM_ERROR, MAXHOSTNAMELEN, TAO_IIOP_Protocol_Properties::no_delay_, TAO_ORB_Parameters::nodelay(), TAO_Connection_Handler::orb_core(), TAO_ORB_Core::orb_params(), TAO_IIOP_Protocol_Properties::recv_buffer_size_, TAO_IIOP_Protocol_Properties::send_buffer_size_, TAO_Protocols_Hooks::server_protocol_properties_at_orb_level(), TAO_ORB_Parameters::sock_rcvbuf_size(), TAO_ORB_Parameters::sock_sndbuf_size(), TAO_LF_Event::state_changed(), ACE_OS::strcpy(), TAO::TAO_CLIENT_ROLE, TAO_debug_level, and TCP_NODELAY.
Referenced by open_handler().
00081 { 00082 if (this->shared_open() == -1) 00083 return -1; 00084 00085 TAO_IIOP_Protocol_Properties protocol_properties; 00086 00087 // Initialize values from ORB params. 00088 protocol_properties.send_buffer_size_ = 00089 this->orb_core ()->orb_params ()->sock_sndbuf_size (); 00090 protocol_properties.recv_buffer_size_ = 00091 this->orb_core ()->orb_params ()->sock_rcvbuf_size (); 00092 protocol_properties.no_delay_ = 00093 this->orb_core ()->orb_params ()->nodelay (); 00094 00095 TAO_Protocols_Hooks *tph = this->orb_core ()->get_protocols_hooks (); 00096 00097 if (tph != 0) 00098 { 00099 try 00100 { 00101 if (this->transport ()->opened_as () == TAO::TAO_CLIENT_ROLE) 00102 { 00103 tph->client_protocol_properties_at_orb_level (protocol_properties); 00104 } 00105 else 00106 { 00107 tph->server_protocol_properties_at_orb_level (protocol_properties); 00108 } 00109 } 00110 catch (const CORBA::Exception&) 00111 { 00112 return -1; 00113 } 00114 } 00115 00116 if (this->set_socket_option (this->peer (), 00117 protocol_properties.send_buffer_size_, 00118 protocol_properties.recv_buffer_size_) == -1) 00119 return -1; 00120 00121 #if !defined (ACE_LACKS_TCP_NODELAY) 00122 if (this->peer ().set_option (ACE_IPPROTO_TCP, 00123 TCP_NODELAY, 00124 (void *) &protocol_properties.no_delay_, 00125 sizeof (protocol_properties.no_delay_)) == -1) 00126 return -1; 00127 #endif /* ! ACE_LACKS_TCP_NODELAY */ 00128 00129 if (this->transport ()->wait_strategy ()->non_blocking ()) 00130 { 00131 if (this->peer ().enable (ACE_NONBLOCK) == -1) 00132 return -1; 00133 00134 // Enable partial SSL writes. 00135 // 00136 // By default, OpenSSL attempts to send the entire chunk of 00137 // data. This is fine for relatively small chunks of data. 00138 // However, if SSL_write() returns with an SSL_ERROR_WANT_WRITE 00139 // (basically an EWOULDBLOCK) when using non-blocking I/O, TAO 00140 // may attempt to resend the same data with a potentially 00141 // different buffer address. Such a scenario is prone to happen 00142 // when sending large chunks of data that cause flow control to 00143 // occur. For most protocol implementations this is fine. 00144 // OpenSSL, on the other hand, requires that the same arguments 00145 // be passed to SSL_write() if an SSL_ERROR_WANT_WRITE error 00146 // occured on a previous SSL_write() attempt, which cannot be 00147 // guaranteed by TAO's current message queuing/construction 00148 // code, often resulting in a "bad write retry" OpenSSL error. 00149 // To work around this issue, we enable partial SSL_write()s in 00150 // SSL/TLS connections created by TAO's SSLIOP pluggable 00151 // protocol. Doing so makes SSL_write() behave like write(2). 00152 // 00153 // This isn't an issue when using blocking I/O. 00154 (void) ::SSL_set_mode (this->peer ().ssl (), 00155 SSL_MODE_ENABLE_PARTIAL_WRITE); 00156 (void) ::SSL_set_mode (this->peer ().ssl (), 00157 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); 00158 } 00159 00160 // Called by the <Strategy_Acceptor> when the handler is 00161 // completely connected. 00162 ACE_INET_Addr remote_addr; 00163 if (this->peer ().get_remote_addr (remote_addr) == -1) 00164 return -1; 00165 00166 ACE_INET_Addr local_addr; 00167 if (this->peer ().get_local_addr (local_addr) == -1) 00168 return -1; 00169 00170 if (local_addr == remote_addr) 00171 { 00172 if (TAO_debug_level > 0) 00173 { 00174 char remote_as_string[MAXHOSTNAMELEN + 16]; 00175 char local_as_string[MAXHOSTNAMELEN + 16]; 00176 00177 (void) remote_addr.addr_to_string (remote_as_string, 00178 sizeof (remote_as_string)); 00179 (void) local_addr.addr_to_string (local_as_string, 00180 sizeof (local_as_string)); 00181 ACE_ERROR ((LM_ERROR, 00182 "TAO(%P|%t) - TAO::SSLIOP::Connection_Handler::open, " 00183 "Holy Cow! The remote addr and " 00184 "local addr are identical (%s == %s)\n", 00185 remote_as_string, local_as_string)); 00186 } 00187 00188 return -1; 00189 } 00190 00191 if (TAO_debug_level > 0) 00192 { 00193 char client[MAXHOSTNAMELEN + 16]; 00194 00195 // Verify that we can resolve the peer hostname. 00196 if (remote_addr.addr_to_string (client, 00197 sizeof (client)) == -1) 00198 { 00199 ACE_OS::strcpy (client, "*unable to obtain*"); 00200 } 00201 00202 ACE_DEBUG ((LM_DEBUG, 00203 ACE_TEXT ("TAO (%P|%t) SSLIOP connection from ") 00204 ACE_TEXT ("client <%s> on [%d]\n"), 00205 client, 00206 this->peer ().get_handle ())); 00207 00208 // Verify that we can resolve our hostname. 00209 if (local_addr.addr_to_string (client, 00210 sizeof (client)) == -1) 00211 { 00212 ACE_OS::strcpy (client, "*unable to obtain*"); 00213 } 00214 00215 ACE_DEBUG ((LM_DEBUG, 00216 ACE_TEXT ("TAO (%P|%t) SSLIOP connection accepted from ") 00217 ACE_TEXT ("server <%s> on [%d]\n"), 00218 client, 00219 this->get_handle ())); 00220 } 00221 00222 // Set that the transport is now connected, if fails we return -1 00223 // Use C-style cast b/c otherwise we get warnings on lots of 00224 // compilers 00225 if (!this->transport ()->post_open ((size_t) this->get_handle ())) 00226 return -1; 00227 00228 // @@ Not needed 00229 this->state_changed (TAO_LF_Event::LFS_SUCCESS, 00230 this->orb_core ()->leader_follower ()); 00231 00232 return 0; 00233 }
| int TAO::SSLIOP::Connection_Handler::open_handler | ( | void * | ) | [virtual] |
Implements TAO_Connection_Handler.
Definition at line 74 of file SSLIOP_Connection_Handler.cpp.
References open().
00075 { 00076 return this->open (v); 00077 }
| void TAO::SSLIOP::Connection_Handler::pos_io_hook | ( | int & | return_value | ) | [protected, virtual] |
Reimplemented from TAO_Connection_Handler.
Definition at line 310 of file SSLIOP_Connection_Handler.cpp.
00311 { 00312 if (return_value == 0 && ::SSL_pending (this->peer ().ssl ())) 00313 return_value = 1; 00314 }
| int TAO::SSLIOP::Connection_Handler::process_listen_point_list | ( | IIOP::ListenPointList & | listen_list | ) |
Process the listen_list.
Definition at line 356 of file SSLIOP_Connection_Handler.cpp.
References ACE_DEBUG, LM_DEBUG, TAO_Transport::make_idle(), TAO_Transport_Descriptor_Interface::set_bidir_flag(), TAO_debug_level, and TAO_Connection_Handler::transport().
Referenced by TAO::SSLIOP::Transport::tear_listen_point_list().
00358 { 00359 // Get the size of the list 00360 CORBA::ULong const len = listen_list.length (); 00361 00362 for (CORBA::ULong i = 0; i < len; ++i) 00363 { 00364 IIOP::ListenPoint listen_point = listen_list[i]; 00365 ACE_INET_Addr addr (listen_point.port, 00366 listen_point.host.in ()); 00367 00368 00369 if (TAO_debug_level > 0) 00370 { 00371 ACE_DEBUG ((LM_DEBUG, 00372 "(%P|%t) Listening port [%d] on [%s]\n", 00373 listen_point.port, 00374 listen_point.host.in ())); 00375 } 00376 00377 // Construct an IIOP_Endpoint object using the host as provided 00378 // in the listen point list. We must use the host in that form 00379 // because that's also how the ORB on the other side will 00380 // advertise the host in an IOR. 00381 // 00382 // Note that the port in the ACE_INET_Addr is actually the SSL 00383 // port! 00384 TAO_IIOP_Endpoint tmpoint (listen_point.host.in (), 00385 listen_point.port, 00386 addr); 00387 00388 // @@ This is broken. Instead of just using the default CORBA 00389 // SecurityAssociation options, by not supplying SSLIOP::SSL 00390 // instance in the endpoint constructor, we need to include the 00391 // actual SecurityAssociation options so that the invocation to 00392 // the originator is attempted with the appropriate security 00393 // settings. Unfortunately, there is currently no portable way to 00394 // send the SecurityAssociation options with the 00395 // IIOP::ListenPointList. Presumably the new Firewall 00396 // specification will address this deficiency. 00397 TAO_SSLIOP_Synthetic_Endpoint endpoint (&tmpoint); 00398 00399 // Construct a property object 00400 TAO_Base_Transport_Property prop (&endpoint); 00401 00402 // Mark the connection as bidirectional 00403 prop.set_bidir_flag (1); 00404 00405 // The property for this handler has changed. Recache the 00406 // handler with this property 00407 if (this->transport ()->recache_transport (&prop) == -1) 00408 return -1; 00409 00410 // Make the handler idle and ready for use 00411 this->transport ()->make_idle (); 00412 } 00413 00414 return 0; 00415 }
| int TAO::SSLIOP::Connection_Handler::release_os_resources | ( | void | ) | [protected, virtual] |
Reimplemented from TAO_Connection_Handler.
Definition at line 304 of file SSLIOP_Connection_Handler.cpp.
References ACE_Svc_Handler< ACE_SSL_SOCK_STREAM, ACE_NULL_SYNCH >::peer().
Referenced by ~Connection_Handler().
00305 { 00306 return this->peer().close (); 00307 }
| int TAO::SSLIOP::Connection_Handler::resume_handler | ( | void | ) | [virtual] |
Reimplemented from ACE_Event_Handler.
Definition at line 236 of file SSLIOP_Connection_Handler.cpp.
References ACE_Event_Handler::ACE_APPLICATION_RESUMES_HANDLER.
00237 { 00238 return ACE_Event_Handler::ACE_APPLICATION_RESUMES_HANDLER; 00239 }
| int TAO::SSLIOP::Connection_Handler::setup_ssl_state | ( | TAO::SSLIOP::Current_Impl *& | previous_current_impl, | |
| TAO::SSLIOP::Current_Impl * | new_current_impl, | |||
| bool & | setup_done | |||
| ) |
Make the SSL session state available to the SSLIOP::Current object.
Definition at line 418 of file SSLIOP_Connection_Handler.cpp.
References current_, and TAO::SSLIOP::Current_Impl::ssl().
Referenced by TAO::SSLIOP::State_Guard::State_Guard().
00422 { 00423 // Make the SSL session state available to the SSLIOP::Current 00424 // TSS object. 00425 new_current_impl->ssl (this->peer ().ssl ()); 00426 00427 // The following call is reentrant and thread-safe 00428 this->current_->setup (previous_current_impl, 00429 new_current_impl, 00430 setup_done); 00431 00432 return 0; 00433 }
| void TAO::SSLIOP::Connection_Handler::teardown_ssl_state | ( | TAO::SSLIOP::Current_Impl * | previous_current_impl, | |
| bool & | setup_done | |||
| ) |
Teardown the SSL session state.
Definition at line 436 of file SSLIOP_Connection_Handler.cpp.
References current_.
Referenced by TAO::SSLIOP::State_Guard::~State_Guard().
00439 { 00440 this->current_->teardown (previous_current_impl, setup_done); 00441 }
Reference to the SSLIOP::Current object (downcast to gain access to the low-level management methods).
Definition at line 122 of file SSLIOP_Connection_Handler.h.
Referenced by Connection_Handler(), setup_ssl_state(), and teardown_ssl_state().
TAO_IIOP_Properties* TAO::SSLIOP::Connection_Handler::tcp_properties_ [private] |
1.4.7