TAO_SSLIOP: SSLIOP_Accept_Strategy.cpp Source File

00001 #include "orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.h"
00002 
00003 
00004 ACE_RCSID (SSLIOP,
00005            SSLIOP_Accept_Strategy,
00006            "$Id: SSLIOP_Accept_Strategy.cpp 77188 2007-02-19 12:34:36Z johnnyw $")
00007 
00008 TAO_BEGIN_VERSIONED_NAMESPACE_DECL
00009 
00010 TAO::SSLIOP::Accept_Strategy::Accept_Strategy (
00011   TAO_ORB_Core * orb_core,
00012   const ACE_Time_Value & timeout)
00013   : TAO_Accept_Strategy<TAO::SSLIOP::Connection_Handler,
00014                         ACE_SSL_SOCK_ACCEPTOR> (orb_core),
00015     timeout_ (timeout)
00016 {
00017 }
00018 
00019 int
00020 TAO::SSLIOP::Accept_Strategy::accept_svc_handler (handler_type * svc_handler)
00021 {
00022   ACE_TRACE ("TAO::SSLIOP::Accept_Strategy::accept_svc_handler");
00023 
00024   // The following code is basically the same code found in
00025   // ACE_Accept_Strategy::accept_svc_handler().  The only difference
00026   // is that a timeout value is passed to the peer acceptor's accept()
00027   // method.  A timeout is necessary to prevent malicious or
00028   // misbehaved clients from only completing the TCP handshake and not
00029   // the SSL handshake.  Without the timeout, a denial-of-service
00030   // vulnerability would exist where multiple incomplete SSL passive
00031   // connections (i.e. where only the TCP handshake is completed)
00032   // could result in the server process running out of file
00033   // descriptors.  That would be due to the SSL handshaking process
00034   // blocking/waiting for the handshake to complete.
00035 
00036   // The timeout value will be modified.  Make a copy.
00037   ACE_Time_Value timeout (this->timeout_);
00038 
00039   // Try to find out if the implementation of the reactor that we are
00040   // using requires us to reset the event association for the newly
00041   // created handle. This is because the newly created handle will
00042   // inherit the properties of the listen handle, including its event
00043   // associations.
00044   int const reset_new_handle = this->reactor_->uses_event_associations ();
00045 
00046   if (this->peer_acceptor_.accept (svc_handler->peer (), // stream
00047                                    0,                // remote address
00048                                    &timeout,         // timeout
00049                                    1,                // restart
00050                                    reset_new_handle  // reset new handler
00051                                    ) == -1)
00052     {
00053       // Ensure that errno is preserved in case the svc_handler
00054       // close() method resets it.
00055       ACE_Errno_Guard error (errno);
00056 
00057       // Close down handler to avoid memory leaks.
00058       svc_handler->close (0);
00059 
00060       return -1;
00061     }
00062   else
00063     return 0;
00064 }
00065 
00066 TAO_END_VERSIONED_NAMESPACE_DECL