diff options
author | Ossama Othman <ossama-othman@users.noreply.github.com> | 2003-09-06 18:13:38 +0000 |
---|---|---|
committer | Ossama Othman <ossama-othman@users.noreply.github.com> | 2003-09-06 18:13:38 +0000 |
commit | 299c8148ab069a55678d2e4623f522e7d8412eb8 (patch) | |
tree | 935515b2aa0f50a7074830903d0fe201d4031916 | |
parent | 1969e65ef81b5aa8ef43614132ac4ee6e8339f77 (diff) | |
download | ATCD-299c8148ab069a55678d2e4623f522e7d8412eb8.tar.gz |
CSIv2 and ATLAS work.
-rw-r--r-- | TAO/orbsvcs/orbsvcs/ATLAS.idl | 88 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/CSIIOP.idl | 1 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/CSIv2/TSS_IORInterceptor.cpp | 17 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.cpp | 52 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.h | 20 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp | 44 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h | 36 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_IORInterceptor.cpp | 217 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_IORInterceptor.h | 106 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.cpp | 54 |
10 files changed, 594 insertions, 41 deletions
diff --git a/TAO/orbsvcs/orbsvcs/ATLAS.idl b/TAO/orbsvcs/orbsvcs/ATLAS.idl new file mode 100644 index 00000000000..c313ef474c6 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/ATLAS.idl @@ -0,0 +1,88 @@ +// -*- IDL -*- + +//============================================================================= +/** + * @file ATLAS.idl + * + * $Id$ + * + * IDL for Authorization Token Layer Acquisition Service (ATLAS). + * + * @author Object Management Group + */ +//============================================================================= + + +#ifndef _ATLAS_IDL_ +#define _ATLAS_IDL_ + +#include <TimeBase.idl> +#include <CosNaming.idl> +#include <CSI.idl> +#include <CSIIOP.idl> + +#pragma prefix "omg.org" + +module ATLAS { + typedef sequence<TimeBase::UtcT, 1> ExpiryTime; + typedef sequence<CSI::IdentityToken, 1> IdTokenOption; + + struct AuthTokenData { + IdTokenOption ident_token; + CSI::AuthorizationToken auth_token; + ExpiryTime expiry_time; + }; + + exception IllegalTokenRequest { + unsigned long the_errnum; + string the_reason; + }; + + exception TokenOkay {}; + + interface AuthTokenDispenser { + AuthTokenData get_my_authorization_token () + raises (IllegalTokenRequest); + + AuthTokenData translate_authorization_token ( + in CSI::IdentityToken the_subject, + in CSI::AuthorizationToken the_token) + raises (IllegalTokenRequest, + TokenOkay); + }; + + struct CosNamingLocator { + CosNaming::NamingContext name_service; + CosNaming::Name the_name; + }; + + // + // This type specifies a string encoded in UTF-8 form [IETF RFC 2044]. + // + typedef sequence<octet> UTF8String; + typedef CosNaming::NamingContextExt::URLString URLocator; + + typedef unsigned long ATLASLocatorType; + + const ATLASLocatorType ATLASCosNaming = 1; + const ATLASLocatorType ATLASURL = 2; + const ATLASLocatorType ATLASObject = 3; + + union ATLASLocator switch (ATLASLocatorType) + { + case ATLASCosNaming: CosNamingLocator naming_locator; + case ATLASURL: URLocator the_url; + case ATLASObject: AuthTokenDispenser the_depenser; + }; + + typedef sequence<octet> ATLASCacheId; + + struct ATLASProfile { + ATLASLocator the_locator; + ATLASCacheId the_cache_id; + }; + + const CSIIOP::ServiceConfigurationSyntax SCS_ATLAS = 3; +}; + +#endif // _ATLAS_IDL_ diff --git a/TAO/orbsvcs/orbsvcs/CSIIOP.idl b/TAO/orbsvcs/orbsvcs/CSIIOP.idl index ee3609bdc49..39fe804cc41 100644 --- a/TAO/orbsvcs/orbsvcs/CSIIOP.idl +++ b/TAO/orbsvcs/orbsvcs/CSIIOP.idl @@ -77,6 +77,7 @@ module CSIIOP { // The body of the TAG_NULL_TAG component is a sequence of octets of // length 0. + // type used to define AS layer functionality within a compound mechanism // definition diff --git a/TAO/orbsvcs/orbsvcs/CSIv2/TSS_IORInterceptor.cpp b/TAO/orbsvcs/orbsvcs/CSIv2/TSS_IORInterceptor.cpp index 95e6259e2e5..404eb39bbbb 100644 --- a/TAO/orbsvcs/orbsvcs/CSIv2/TSS_IORInterceptor.cpp +++ b/TAO/orbsvcs/orbsvcs/CSIv2/TSS_IORInterceptor.cpp @@ -34,7 +34,7 @@ TAO::TSS_IORInterceptor::establish_components ( { IOP::TaggedComponent tc; - tc.component_id = IOP::TAG_CSI_SEC_MECH_LIST; + tc.tag = IOP::TAG_CSI_SEC_MECH_LIST; CSIIOP::CompoundSecMechList component; @@ -49,13 +49,22 @@ TAO::TSS_IORInterceptor::establish_components ( mech.target_requires = CSIIOP::Security::Integrity - | Security::Confidentiality - mech.transport_mech; + | Security::Confidentiality; + + // SSLIOP-specific TaggedComponent information. + IOP::TaggedComponent & transport_mech = mech.transport_mech; + transport_mech.tag = IOP::TAG_TLS_SEC_TRANS; + + CSIIOP::TLS_SEC_TRANS tls_component; + tls_component.target_supports = ; + tls_component.target_requires = ; + tls_component_addresses = ; + mech.as_context_mech; mech.sas_context_mech; // TAO currently only supports CSIv2 over IIOP. - info->add_ior_component_to_profile (component, + info->add_ior_component_to_profile (tc, IOP::TAG_INTERNET_IOP ACE_ENV_ARG_PARAMETER); ACE_CHECK; diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.cpp index ebdb1bec8b0..71d30e34feb 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.cpp @@ -53,6 +53,8 @@ TAO_SSLIOP_Acceptor::TAO_SSLIOP_Acceptor (Security::QOP qop, handler_state_ (), timeout_ (timeout) { + // --- CSIv1 --- + // Clear all bits in the SSLIOP::SSL association option fields. this->ssl_component_.target_supports = 0; this->ssl_component_.target_requires = 0; @@ -78,6 +80,33 @@ TAO_SSLIOP_Acceptor::TAO_SSLIOP_Acceptor (Security::QOP qop, if (qop == Security::SecQOPNoProtection) ACE_SET_BITS (this->ssl_component_.target_supports, Security::NoProtection); + + + // --- CSIv2 --- + + // Clear all bits in the CSIIOP::TLS_SEC_TRANS association option + // fields. + this->csiv2_component_.target_supports = 0; + this->csiv2_component_.target_requires = 0; + + // SSLIOP requires these CSIIOP::AssociationOptions by default. + ACE_SET_BITS (this->csiv2_component_.target_requires, + CSIIOP::Integrity + | CSIIOP::Confidentiality + | CSIIOP::NoDelegation); + + // SSLIOP supports these CSIIOP::AssociationOptions by default. + ACE_SET_BITS (this->csiv2_component_.target_supports, + CSIIOP::Integrity + | CSIIOP::Confidentiality + | CSIIOP::EstablishTrustInTarget + | CSIIOP::NoDelegation); + + // @@ This should go away once we support setting security + // association options through policies. + if (qop == CSIIOP::SecQOPNoProtection) + ACE_SET_BITS (this->csiv2_component_.target_supports, + CSIIOP::NoProtection); } TAO_SSLIOP_Acceptor::~TAO_SSLIOP_Acceptor (void) @@ -158,8 +187,8 @@ TAO_SSLIOP_Acceptor::create_new_profile (const TAO::ObjectKey &object_key, pfile->tagged_components ().set_orb_type (TAO_ORB_TYPE); - this->orb_core_->codeset_manager()-> - set_codeset(pfile->tagged_components()); + this->orb_core_->codeset_manager ()-> + set_codeset (pfile->tagged_components()); IOP::TaggedComponent component; component.tag = SSLIOP::TAG_SSL_SEC_TRANS; @@ -179,7 +208,7 @@ TAO_SSLIOP_Acceptor::create_new_profile (const TAO::ObjectKey &object_key, // TAO extension, replace the contents of the octet sequence with // the CDR stream - CORBA::ULong length = cdr.total_length (); + const CORBA::ULong length = cdr.total_length (); component.component_data.length (length); CORBA::Octet *buf = component.component_data.get_buffer (); for (const ACE_Message_Block *i = cdr.begin (); @@ -425,7 +454,7 @@ TAO_SSLIOP_Acceptor::open_default (TAO_ORB_Core *orb_core, // this->ssl_component_.port is initialized to zero or it is set in // this->parse_options(). if (addr.set (this->ssl_component_.port, - ACE_static_cast(ACE_UINT32, INADDR_ANY), + ACE_static_cast (ACE_UINT32, INADDR_ANY), 1) != 0) return -1; @@ -441,9 +470,9 @@ TAO_SSLIOP_Acceptor::ssliop_open_i (TAO_ORB_Core *orb_core, { this->orb_core_ = orb_core; - int giop_lite = 0; // Explicitly disable GIOPlite support since it introduces security // holes. + const int giop_lite = 0; if (TAO_SSLIOP_Util::setup_handler_state (this->orb_core_, &(this->tcp_properties_), @@ -498,11 +527,11 @@ TAO_SSLIOP_Acceptor::ssliop_open_i (TAO_ORB_Core *orb_core, // the user if provided. this->ssl_component_.port = ssl_address.get_port_number (); - (void) this->ssl_acceptor_.acceptor().enable (ACE_CLOEXEC); // This avoids having child processes acquire the listen socket // thereby denying the server the opportunity to restart on a // well-known endpoint. This does not affect the aberrent behavior // on Win32 platforms. + (void) this->ssl_acceptor_.acceptor ().enable (ACE_CLOEXEC); if (TAO_debug_level > 5) { @@ -685,3 +714,14 @@ TAO_SSLIOP_Acceptor::verify_secure_configuration (TAO_ORB_Core *orb_core, return 0; } + +void +TAO_SSLIOP_Acceptor::init_csiv2_component (CSIIOP::TLS_SEC_TRANS & c) +{ + c.target_supports = ; + c.target_requires = ; + + CSIIOP::TransportAddressList & a = c.addresses; + + a.length (this->endpoint_count_) +} diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.h index a142b8d226d..e4b46306397 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.h @@ -31,8 +31,8 @@ #include "SSLIOP_Accept_Strategy.h" -#include "orbsvcs/SSLIOPC.h" - +#include "orbsvcs/SSLIOPC.h" /* CSIv1 */ +#include "orbsvcs/CSIIOPC.h" /* CSIv2 */ /** @@ -82,8 +82,12 @@ public: virtual int is_collocated (const TAO_Endpoint* endpoint); //@} - /// Retrieve the SSLIOP::SSL component associated with the endpoints - /// set up by this acceptor. + /// Retrieve the CSIv1 SSLIOP::SSL component associated with the + /// endpoints set up by this acceptor. + const SSLIOP::SSL &ssl_component (void) const; + + /// Retrieve the CSIv2 CSIIOP::TLS_SEC_TRANS component associated with + /// the endpoints set up by this acceptor. const SSLIOP::SSL &ssl_component (void) const; private: @@ -129,13 +133,19 @@ private: TAO_SSLIOP_CONCURRENCY_STRATEGY *concurrency_strategy_; TAO_SSLIOP_ACCEPT_STRATEGY *accept_strategy_; - /// The SSL component. + /// The CSIv1 SSL component. /** * This is the SSLIOP endpoint-specific tagged component that is * embedded in a given IOR. */ SSLIOP::SSL ssl_component_; + /// The SSLIOP CSIv2 tagged component. + /** + * + */ + CSIIOP::TLS_SEC_TRANS csiv2_component_; + /// State that will be passed to each SSLIOP connection handler upon /// creation. TAO_SSLIOP_Connection_Handler_State handler_state_; diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp index 6378d722502..c90b167d441 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp @@ -6,6 +6,8 @@ #include "orbsvcs/Security/Security_ORBInitializer.h" // @todo: // should go away +//#include "orbsvcs/CSIIOPC.h" + #include "tao/debug.h" #include "ace/SSL/SSL_Context.h" @@ -24,8 +26,6 @@ static const long TAO_SSLIOP_ACCEPT_TIMEOUT = 10; // Default accept TAO_SSLIOP_Protocol_Factory::TAO_SSLIOP_Protocol_Factory (void) : TAO_Protocol_Factory (IOP::TAG_INTERNET_IOP), - major_ (TAO_DEF_GIOP_MAJOR), - minor_ (TAO_DEF_GIOP_MINOR), qop_ (Security::SecQOPIntegrityAndConfidentiality), timeout_ (TAO_SSLIOP_ACCEPT_TIMEOUT) { @@ -61,7 +61,8 @@ TAO_SSLIOP_Protocol_Factory::make_acceptor (void) ACE_NEW_RETURN (acceptor, TAO_SSLIOP_Acceptor (this->qop_, - this->timeout_), + this->timeout_, + *this->address_list_), 0); return acceptor; @@ -81,6 +82,11 @@ TAO_SSLIOP_Protocol_Factory::init (int argc, int prevdebug = -1; + CSIIOP::AssociationOptions csiv2_target_supports = + CSIIOP::Integrity | CSIIOP::Confidentiality; + CSIIOP::AssociationOptions csiv2_target_requires = + CSIIOP::Integrity | CSIIOP::Confidentiality; + // Force the Singleton instance to be initialized/instantiated. // Some SSLIOP option combinations below will result in the // Singleton instance never being initialized. In that case, @@ -130,6 +136,12 @@ TAO_SSLIOP_Protocol_Factory::init (int argc, // overridden by a SecurityLevel2::QOPPolicy in the object // reference. this->qop_ = Security::SecQOPNoProtection; + + ACE_SET_BITS (csiv2_target_supports, + CSIIOP::NoProtection); + + ACE_CLR_BITS (csiv2_target_requires, + CSIIOP::Confidentiality); } else if (ACE_OS::strcasecmp (argv[curarg], @@ -192,12 +204,23 @@ TAO_SSLIOP_Protocol_Factory::init (int argc, else if (ACE_OS::strcasecmp (argv[curarg], "SERVER") == 0) { mode = SSL_VERIFY_PEER; + + ACE_SET_BITS (csiv2_target_supports, + CSIIOP::EstablishTrustInTarget + | CSIIOP::EstablishTrustInClient); } else if (ACE_OS::strcasecmp (argv[curarg], "CLIENT") == 0 || ACE_OS::strcasecmp (argv[curarg], "SERVER_AND_CLIENT") == 0) { mode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT; + + ACE_SET_BITS (csiv2_target_supports, + CSIIOP::EstablishTrustInTarget + | CSIIOP::EstablishTrustInClient); + + ACE_SET_BITS (csiv2_target_requires, + CSIIOP::EstablishTrustInClient); } ssl_ctx->default_verify_mode (mode); @@ -358,7 +381,8 @@ TAO_SSLIOP_Protocol_Factory::init (int argc, } } - if (this->register_orb_initializer () != 0) + if (this->register_orb_initializer (csiv2_target_supports, + csiv2_target_requires) != 0) return -1; if (prevdebug != -1) @@ -368,7 +392,9 @@ TAO_SSLIOP_Protocol_Factory::init (int argc, } int -TAO_SSLIOP_Protocol_Factory::register_orb_initializer (void) +TAO_SSLIOP_Protocol_Factory::register_orb_initializer ( + CSIIOP::AssociationOptions csiv2_target_supports, + CSIIOP::AssociationOptions csiv2_target_requires) { ACE_DECLARE_NEW_CORBA_ENV; ACE_TRY @@ -395,7 +421,9 @@ TAO_SSLIOP_Protocol_Factory::register_orb_initializer (void) // Register the SSLIOP ORB initializer. // PortableInterceptor::ORBInitializer_ptr tmp; ACE_NEW_THROW_EX (tmp, - TAO_SSLIOP_ORBInitializer (this->qop_), + TAO_SSLIOP_ORBInitializer (this->qop_, + csiv2_target_supports, + csiv2_target_requires), CORBA::NO_MEMORY ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, @@ -444,8 +472,8 @@ ACE_STATIC_SVC_DEFINE (TAO_SSLIOP_Protocol_Factory, ACE_TEXT ("SSLIOP_Factory"), ACE_SVC_OBJ_T, &ACE_SVC_NAME (TAO_SSLIOP_Protocol_Factory), - ACE_Service_Type::DELETE_THIS | - ACE_Service_Type::DELETE_OBJ, + ACE_Service_Type::DELETE_THIS + | ACE_Service_Type::DELETE_OBJ, 0) ACE_FACTORY_DEFINE (TAO_SSLIOP, TAO_SSLIOP_Protocol_Factory) diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h index a671d211bed..a1d2d9a7766 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h @@ -31,9 +31,16 @@ #include "ace/Service_Config.h" + class TAO_Acceptor; class TAO_Connector; +namespace CSIIOP +{ + struct TLS_SEC_TRANS; +} + + /** * @class TAO_SSLIOP_Protocol_Factory * @@ -53,13 +60,10 @@ public: virtual int init (int argc, char* argv[]); // Dynamic linking hook - /// Create and register the SSLIOP ORB initializer. - int register_orb_initializer (void); - - virtual int match_prefix (const ACE_CString &prefix); + virtual int match_prefix (const ACE_CString & prefix); // Verify prefix is a match - virtual const char *prefix (void) const; + virtual const char * prefix (void) const; // Returns the prefix used by the protocol. virtual char options_delimiter (void) const; @@ -67,16 +71,18 @@ public: // where its options begin. // = Check Protocol_Factory.h for a description of these methods. - virtual TAO_Acceptor *make_acceptor (void); - virtual TAO_Connector *make_connector (void); + virtual TAO_Acceptor * make_acceptor (void); + virtual TAO_Connector * make_connector (void); virtual int requires_explicit_endpoint (void) const; private: - /// Changing the version number can be used to provide backwards - /// compatibility with old clients. - int major_; - int minor_; + /// Create and register the SSLIOP ORB initializer. + int register_orb_initializer ( + CSIIOP::AssociationOptions csiv2_target_supports, + CSIIOP::AssociationOptions csiv2_target_requires); + +private: /// Default quality-of-protection settings for the SSLIOP pluggable /// protocol. @@ -90,6 +96,14 @@ private: */ ACE_Time_Value timeout_; + /// The SSLIOP-specific CSIv2 transport mechanism component. + /** + * This SSLIOP-specific structure is embedded in the CSIv2 transport + * mechanism list of the @c CSIIOP::CompoundSecMechList IOR tagged + * component. + */ + CSIIOP::TLS_SEC_TRANS * csiv2_component_; + }; ACE_STATIC_SVC_DECLARE_EXPORT (TAO_SSLIOP, TAO_SSLIOP_Protocol_Factory) diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_IORInterceptor.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_IORInterceptor.cpp new file mode 100644 index 00000000000..57325016240 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_IORInterceptor.cpp @@ -0,0 +1,217 @@ +// $Id$ + + +#include "SSLIOP_IORInterceptor.h" + + +ACE_RCSID (SSLIOP, + SSLIOP_IORInterceptor, + "$Id$") + + +TAO::SSLIOP::IORInterceptor (TAO_ORB_Core * orb_core, + CSIIOP::AssociationOptions csiv2_target_supports, + CSIIOP::AssociationOptions csiv2_target_requires) + : orb_core_ (orb_core), + csiv2_target_supports_ (csiv2_target_supports), + csiv2_target_requires_ (csiv2_target_requires) +{ +} + +char * +TAO::SSLIOP::IORInterceptor::name (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + return CORBA::string_dup ("TAO::SSLIOP::IORInterceptor"); +} + +void +TAO::SSLIOP::IORInterceptor::destroy (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + // Invalidate the TAO_ORB_Core pointer. + this->orb_core_ = 0; +} + +void +TAO::SSLIOP::IORInterceptor::establish_components ( + PortableInterceptor::IORInfo_ptr info + ACE_ENV_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + IOP::TaggedComponent tc; + + tc.tag = IOP::TAG_CSI_SEC_MECH_LIST; + + CSIIOP::CompoundSecMechList component; + + component.stateful = 0; // Only stateless TSS currently supported. + + CSIIOP::CompoundSecMechanisms & mechanisms = component.mechanism_list; + + // Only SSLIOP is supported at this point in time. + mechanisms.length (1); + + CSIIOP::CompoundSecMech & mech = mechanisms[0]; + + mech.target_requires = + this->csiv2_target_requires_; // @@ Is this correct? + + if (this->construct_transport_mech_component (mech.transport_mech) != 0) + ACE_THROW (CORBA::INTERNAL ()); + + mech.as_context_mech.target_supports = 0; + mech.sas_context_mech.target_supports = 0; + + // Marshal the CSIIOP::CompoundSecMechList structure into the + // TaggedComponent to be embedded in object reference profiles. + TAO_OutputCDR cdr; + + cdr << TAO_OutputCDR::from_boolean (TAO_ENCAP_BYTE_ORDER); + cdr << mech; + + // Replace the contents of the octet sequence with the CDR stream. + const CORBA::ULong len = cdr.total_length (); + tc.component_data.length (len); + const CORBA::Octet * buf = tc.component_data.get_buffer (); + for (const ACE_Message_Block *i = cdr.begin (); + i != 0; + i = i->cont ()) + { + ACE_OS::memcpy (buf, i->rd_ptr (), i->length ()); + buf += i->length (); + } + + // TAO currently only supports CSIv2 over IIOP. + info->add_ior_component_to_profile (tc, + IOP::TAG_INTERNET_IOP + ACE_ENV_ARG_PARAMETER); + ACE_CHECK; +} + +void +TAO::SSLIOP::IORInterceptor::components_established ( + PortableInterceptor::IORInfo_ptr + ACE_ENV_ARG_DECL_NOT_USED) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ +} + +void +TAO::SSLIOP::IORInterceptor::adapter_manager_state_changed ( + PortableInterceptor::AdapterManagerId, + PortableInterceptor::AdapterState + ACE_ENV_ARG_DECL_NOT_USED) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ +} + +void +TAO::SSLIOP::IORInterceptor::adapter_state_changed ( + const PortableInterceptor::ObjectReferenceTemplateSeq &, + PortableInterceptor::AdapterState + ACE_ENV_ARG_DECL_NOT_USED) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ +} + +int +TAO::SSLIOP::IORInterceptor::construct_transport_mech_component ( + IOP::TaggedComponent & tc) +{ + // SSLIOP-specific CSIv2 TaggedComponent information. + transport_mech.tag = IOP::TAG_TLS_SEC_TRANS; + + CSIIOP::TLS_SEC_TRANS tls_component; + + tls_component.target_supports = this->csiv2_target_supports_; + tls_component.target_requires = this->csiv2_target_requires_; + + if (this->populate_transport_address_list (tls_component.addresses) != 0) + return -1; + + // Marshal the CSIIOP::TLS_SEC_TRANS structure into the + // transport_mech TaggedComponent. + TAO_OutputCDR cdr; + + cdr << TAO_OutputCDR::from_boolean (TAO_ENCAP_BYTE_ORDER); + cdr << tls_component; + + // Replace the contents of the octet sequence with the CDR stream. + const CORBA::ULong len = cdr.total_length (); + transport_mech.component_data.length (len); + const CORBA::Octet * buf = transport_mech.component_data.get_buffer (); + for (const ACE_Message_Block *i = cdr.begin (); + i != 0; + i = i->cont ()) + { + ACE_OS::memcpy (buf, i->rd_ptr (), i->length ()); + buf += i->length (); + } + + return 0; +} + +int +TAO::SSLIOP::IORInterceptor::populate_transport_address_list ( + CSIIOP::TransportAddressList & list) +{ + TAO_Acceptor_Registry & ar = + this->orb_core_->lane_resources->acceptor_registry (); + + const CORBA::ULong max_endpoints = ar->endpoint_count (); + + // Pre-allocate the maximum size of the transport address list to + // prevent unnecessary allocations and copying resulting from + // potential incremental growth. + list.length (max_endpoints); + + CORBA::ULong i = 0; + + const TAO_AcceptorSetIterator end = this->end (); + + for (TAO_AcceptorSetIterator acceptor = this->begin (); + acceptor != end; + ++acceptor) + { + if ((*acceptor)->tag () == IOP::TAG_INTERNET_IOP) + { + TAO_SSLIOP_Acceptor * s = + dynamic_cast<TAO_SSLIOP_Acceptor *> (*acceptor); + + ACE_ASSERT (s != 0); + + const ACE_INET_Addr * addrs = s->endpoints (); + + const CORBA::ULong len = s->endpoint_count (); + + for (CORBA::ULong j = 0; j < len; ++j) + { + CSIIOP::TransportAddress & address = list[i]; + const ACE_INET_Addr & addr = addrs[j]; + + if (this->orb_core_->orb_params ()->use_dotted_decimal_addresses () + && this->dotted_decimal_address (addr, + address.host_name.out ()) != 0) + { + return -1; + } + else + { + address.host_name = + CORBA::string_dup (addr.get_host_name ()); + } + + address.port = addr.get_port_number (); + + ++i; + } + } + } + + // Truncate the unused portion of the TransportAddressList. + if (i < max_endpoints) + list.length (i); + + return 0; +} diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_IORInterceptor.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_IORInterceptor.h new file mode 100644 index 00000000000..099d7c7c99f --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_IORInterceptor.h @@ -0,0 +1,106 @@ +// -*- C++ -*- + +//============================================================================= +/** + * @file SSLIOP_IORInterceptor.h + * + * $Id$ + * + * @author Ossama Othman <ossama@dre.vanderbilt.edu> + */ +//============================================================================= + +#ifndef TAO_SSLIOP_IOR_INTERCEPTOR_H +#define TAO_SSLIOP_IOR_INTERCEPTOR_H + +#include "ace/config-all.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +# pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "tao/IORInterceptor/IORInterceptorC.h" +#include "tao/PortableInterceptorC.h" +#include "tao/LocalObject.h" + +#if defined(_MSC_VER) +#if (_MSC_VER >= 1200) +#pragma warning(push) +#endif /* _MSC_VER >= 1200 */ +#pragma warning(disable:4250) +#endif /* _MSC_VER */ + + +namespace TAO +{ + namespace SSLIOP + { + /** + * @class IORInterceptor + * + * @brief IOR interceptor that adds SSLIOP-specific information to + * a CSIv2 tagged component. + * + * This IOR interceptor adds SSLIOP-specific information to a + * CSIv2 tagged component. + */ + class IORInterceptor + : public virtual PortableInterceptor::IORInterceptor, + public virtual TAO_Local_RefCounted_Object + { + public: + + /// Constructor + IORInterceptor (void); + + /** + * @name Methods Required by the IOR Interceptor Interface + * + * These are methods that must be implemented since they are + * pure virtual in the abstract base class. They are the + * canonical methods required for all IOR interceptors. + */ + //@{ + /// Return the name of this IORInterceptor. + virtual char * name (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException)); + + /// Cleanup resources acquired by this IORInterceptor. + virtual void destroy (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException)); + + /// Add the tagged components to the IOR. + virtual void establish_components (PortableInterceptor::IORInfo_ptr info + ACE_ENV_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual void components_established ( + PortableInterceptor::IORInfo_ptr info + ACE_ENV_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual void adapter_manager_state_changed ( + PortableInterceptor::AdapterManagerId id, + PortableInterceptor::AdapterState state + ACE_ENV_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual void adapter_state_changed ( + const PortableInterceptor::ObjectReferenceTemplateSeq & templates, + PortableInterceptor::AdapterState state + ACE_ENV_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException)); + //@} + + }; + + } // End SSLIOP namespace + +} // End TAO namespace + + +#if defined(_MSC_VER) && (_MSC_VER >= 1200) +#pragma warning(pop) +#endif /* _MSC_VER */ + +#endif /* TAO_SSLIOP_IOR_INTERCEPTOR_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.cpp index 16c1ab0da2e..27e274d9cc2 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.cpp @@ -1,26 +1,34 @@ -// -*- C++ -*- - #include "SSLIOP_ORBInitializer.h" -#include "SSLIOP_Vault.h" -#include "tao/debug.h" ACE_RCSID (TAO_SSLIOP, SSLIOP_ORBInitializer, "$Id$") + +#include "SSLIOP_Vault.h" + #include "SSLIOP_Current.h" #include "SSLIOP_Invocation_Interceptor.h" -#include "orbsvcs/SSLIOPC.h" +#include "SSLIOP_IORInterceptor.h" #include "orbsvcs/Security/Security_Current.h" #include "orbsvcs/Security/PrincipalAuthenticator.h" +#include "orbsvcs/SSLIOPC.h" +#include "orbsvcs/CSIIOPC.h" + #include "tao/Exception.h" #include "tao/ORBInitInfo.h" +#include "tao/debug.h" -TAO_SSLIOP_ORBInitializer::TAO_SSLIOP_ORBInitializer (Security::QOP qop) - : qop_ (qop) +TAO_SSLIOP_ORBInitializer::TAO_SSLIOP_ORBInitializer ( + Security::QOP qop, + CSIIOP::AssociationOptions csiv2_target_supports, + CSIIOP::AssociationOptions csiv2_target_requires) + : qop_ (qop), + csiv2_target_supports_ (csiv2_target_supports), + csiv2_target_requires_ (csiv2_target_requires) { } @@ -131,6 +139,38 @@ TAO_SSLIOP_ORBInitializer::post_init ( ACE_ENV_ARG_PARAMETER); ACE_CHECK; + TAO_ORBInitInfo_var tao_info = + TAO_ORBInitInfo::_narrow (info + ACE_ENV_ARG_PARAMETER); + ACE_CHECK; + + if (CORBA::is_nil (tao_info.in ())) + ACE_THROW (CORBA::INV_OBJREF ()); + + TAO_ORB_Core * orb_core = tao_info->orb_core (); + + // Create the SSLIOP IOR interceptor. + PortableInterceptor::IORInterceptor_ptr ii = + PortableInterceptor::IORInterceptor::_nil (); + ACE_NEW_THROW_EX (ii, + TAO::SSLIOP::IORInterceptor (orb_core, + this->csiv2_target_supports_, + this->csiv2_target_requires_), + CORBA::NO_MEMORY ( + CORBA::SystemException::_tao_minor_code ( + TAO_DEFAULT_MINOR_CODE, + ENOMEM), + CORBA::COMPLETED_NO)); + ACE_CHECK; + + PortableInterceptor::IORInterceptor_var ior_interceptor = + ii; + + // Register the SSLIOP IORInterceptor. + info->add_ior_interceptor (ior_interceptor.in () + ACE_ENV_ARG_PARAMETER); + ACE_CHECK; + // Register the SSLIOP-specific vault with the // PrincipalAuthenticator. obj = info->resolve_initial_references ("SecurityManager" |