ChangeLogTag:Thu Jul 5 21:44:59 2001 Balachandran Natarajan <bala@cs.wustl.edu>

author: bala <balanatarajan@users.noreply.github.com> 2001-07-06 02:36:46 +0000
committer: bala <balanatarajan@users.noreply.github.com> 2001-07-06 02:36:46 +0000
commit: d43d3e5f8f54b5bc7c2f3f19d708a9878292f7d4 (patch)
tree: d5004c2ef3ba1c2916b9671083c7a157a2cc5faa
parent: 5cebc014589c3499be237af3b15aee8a56040b42 (diff)
download: ATCD-d43d3e5f8f54b5bc7c2f3f19d708a9878292f7d4.tar.gz
5 files changed, 161 insertions, 41 deletions
diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.cpp
index e9388ef0fb8..e3e4d24e458 100644
--- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.cpp
+++ b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.cpp
@@ -2,6 +2,7 @@
 
 
 #include "IIOP_SSL_Connection_Handler.h"
+#include "IIOP_SSL_Transport.h"
 #include "SSLIOP_Current.h"
 #include "tao/Timeprobe.h"
 #include "tao/ORB_Core.h"
@@ -64,6 +65,13 @@ TAO_IIOP_SSL_Connection_Handler (TAO_ORB_Core *orb_core,
                                  void *arg)
   : TAO_IIOP_Connection_Handler (orb_core, flag, arg)
 {
+  TAO_IIOP_SSL_Transport* specific_transport = 0;
+  ACE_NEW(specific_transport,
+          TAO_IIOP_SSL_Transport (this, orb_core, 0));
+
+  // store this pointer (indirectly increment ref count)
+  this->transport (specific_transport);
+  TAO_Transport::release (specific_transport);
 }
 
 TAO_IIOP_SSL_Connection_Handler::
@@ -71,23 +79,6 @@ TAO_IIOP_SSL_Connection_Handler::
 {
 }
 
-/*int
-TAO_IIOP_SSL_Connection_Handler::handle_input (ACE_HANDLE handle)
-{
-  int result;
-
-  // Invalidate the TSS SSL session state to make sure that SSL state
-  // from a previous SSL connection is not confused with this non-SSL
-  // connection.
-  TAO_Null_SSL_State_Guard guard (this->orb_core (), result);
-
-  if (result != 0)
-    return -1;
-
-  return
-    this->TAO_IIOP_Connection_Handler::handle_input (handle);
-
-}*/
 
 // ****************************************************************
 
diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h
index c08192ce073..e7f39338a0b 100644
--- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h
+++ b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h
@@ -11,8 +11,8 @@
 //=============================================================================
 
 
-#ifndef TAO_IIOP_SSL_CONNECT_H
-#define TAO_IIOP_SSL_CONNECT_H
+#ifndef TAO_IIOP_SSL_CONNECTION_HANDLER_H
+#define TAO_IIOP_SSL_CONNECTION_HANDLER_H
 
 #include "ace/pre.h"
 
@@ -35,18 +35,9 @@
  * sure that SSL session state from a previous connection is not
  * associated with the non-SSL connection handled by this handler.
  *
- * This connection handler is essentially the same as the
- * standard IIOP client connection handler it is derived from.
- * However, this class overrides the handle_input() method to
- * invalidate the current TSS SSL state during a standard IIOP
- * (insecure) upcall.  This prevents SSL session state from a previous
- * SSL connection from being associated with non-SSL connections
- * processed by this connection handler.  In particular, this is very
- * important for closing a security hole in nested upcalls.  For
- * example, an SSLIOP request is made.  During that secure upcall, an
- * insecure nested upcall is made.  A naive implementation would
- * associate the TSS SSL state from the secure upcall with the
- * insecure upcall.  This implementation closes that security hole.
+ * This class is just a place holder to create the
+ * TAO_IIOP_SSL_Transport  which does the work of clearing the TSS SSL
+ * state
  */
 class TAO_SSLIOP_Export TAO_IIOP_SSL_Connection_Handler
   : public TAO_IIOP_Connection_Handler
@@ -65,12 +56,6 @@ public:
 
 protected:
 
-  /// Overridden method that invalidates the TSS SSL state for the
-  /// current upcall, and restores the previous state once the upcall
-  /// is done.
-  // virtual int handle_input_i (ACE_HANDLE = ACE_INVALID_HANDLE);
-
-
 };
 
 // ****************************************************************
@@ -111,4 +96,4 @@ private:
 
 #include "ace/post.h"
 
-#endif  /* TAO_IIOP_SSL_CONNECT_H */
+#endif  /* TAO_IIOP_SSL_CONNECTION_HANDLER_H */
diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.cpp
new file mode 100644
index 00000000000..42b15bacac3
--- /dev/null
+++ b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.cpp
@@ -0,0 +1,45 @@
+// $Id$
+
+#include "IIOP_SSL_Transport.h"
+#include "tao/Timeprobe.h"
+#include "tao/ORB_Core.h"
+#include "tao/ORB.h"
+#include "tao/debug.h"
+
+ACE_RCSID(TAO_SSLIOP, IIOP_SSL_Connect, "$Id$")
+
+TAO_IIOP_SSL_Transport::TAO_IIOP_SSL_Transport (
+    TAO_IIOP_SSL_Connection_Handler *handler,
+    TAO_ORB_Core *orb_core,
+    CORBA::Boolean flag)
+  : TAO_IIOP_Transport (handler,
+                        orb_core,
+                        flag)
+{
+
+}
+
+TAO_IIOP_SSL_Transport::~TAO_IIOP_SSL_Transport (void)
+{
+}
+
+int
+TAO_IIOP_SSL_Transport::handle_input_i (TAO_Resume_Handle &rh,
+                                        ACE_Time_Value *max_wait_time
+                                        int block)
+{
+  int result = 0;
+
+  // Invalidate the TSS SSL session state to make sure that SSL state
+  // from a previous SSL connection is not confused with this non-SSL
+  // connection.
+  TAO_Null_SSL_State_Guard guard (this->orb_core (), result);
+
+  if (result != 0)
+    return -1;
+
+  return
+    this->TAO_IIOP_Transport::handle_input_i (rh,
+                                              max_wait_time,
+                                              block);
+}
diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.h b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.h
new file mode 100644
index 00000000000..e6d63658321
--- /dev/null
+++ b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.h
@@ -0,0 +1,73 @@
+// -*- C++ -*-
+
+//=============================================================================
+/**
+ *  @file   IIOP_SSL_Transport.h
+ *
+ *  $Id$
+ *
+ *  @author Ossama Othman <ossama@uci.edu>
+ */
+//=============================================================================
+
+
+#ifndef TAO_IIOP_SSL_TRANSPORT_H
+#define TAO_IIOP_SSL_TRANSPORT_H
+
+#include "ace/pre.h"
+
+#include "SSLIOP_Export.h"
+
+#if !defined (ACE_LACKS_PRAGMA_ONCE)
+#pragma once
+#endif /* ACE_LACKS_PRAGMA_ONCE */
+
+#include "tao/IIOP_Transport.h"
+
+
+/**
+ * @class TAO_IIOP_SSL_Transport
+ *
+ * @brief
+ * IIOP Transport designed to be "SSL aware," i.e. it is
+ * aware of the existence of the SSLIOP Transport.   It makes
+ * sure that SSL session state from a previous connection is not
+ * associated with the non-SSL connection handled by this handler.
+ *
+ * However, this class overrides the handle_input_i() method to
+ * invalidate the current TSS SSL state during a standard IIOP
+ * (insecure) upcall.  This prevents SSL session state from a previous
+ * SSL connection from being associated with non-SSL connections
+ * processed by this connection handler.  In particular, this is very
+ * important for closing a security hole in nested upcalls.  For
+ * example, an SSLIOP request is made.  During that secure upcall, an
+ * insecure nested upcall is made.  A naive implementation would
+ * associate the TSS SSL state from the secure upcall with the
+ * insecure upcall.  This implementation closes that security hole.
+ */
+
+class TAO_SSLIOP_Export TAO_IIOP_SSL_Transport : public TAO_IIOP_Transport
+{
+public:
+  /// Constructor.
+  TAO_IIOP_SSL_Transport (TAO_IIOP_SSL_Connection_Handler *handler,
+                          TAO_ORB_Core *orb_core,
+                          CORBA::Boolean flag = 0);
+
+  /// Default destructor.
+  ~TAO_IIOP_SSL_Transport (void);
+
+  /** @name Overridden Template Methods
+   *
+   * Please check the documentation in "tao/Transport.h" for more
+   * details.
+   */
+  virtual int handle_input_i (TAO_Resume_Handle &rh,
+                              ACE_Time_Value *max_wait_time = 0,
+                              int block = 0);
+protected:
+
+};
+
+
+#endif /*TAO_IIOP_SSL_TRANSPORT_H*/
diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.cpp
index b43fd9746c9..7bdae83ce0e 100644
--- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.cpp
+++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.cpp
@@ -112,9 +112,35 @@ TAO_SSLIOP_Transport::recv_i (char *buf,
                               size_t len,
                               const ACE_Time_Value * /*max_wait_time*/)
 {
-  return this->connection_handler_->peer ().recv (buf,
-                                                  len
-                                                  /*, max_wait_time*/);
+  ssize_t n = this->connection_handler_->peer ().recv (buf,
+                                                       len
+                                                       /* ,max_wait_time */);
+
+  // Most of the errors handling is common for
+  // Now the message has been read
+  if (n == -1 && TAO_debug_level > 4)
+    {
+      ACE_DEBUG ((LM_DEBUG,
+                  ACE_TEXT ("TAO (%P|%t) - %p \n"),
+                  ACE_TEXT ("TAO - read message failure ")
+                  ACE_TEXT ("recv_i () \n")));
+    }
+
+  // Error handling
+  if (n == -1)
+    {
+      if (errno == EWOULDBLOCK)
+        return 0;
+
+      return -1;
+    }
+  // @@ What are the other error handling here??
+  else if (n == 0)
+    {
+      return -1;
+    }
+
+  return n;
 }
author	bala <balanatarajan@users.noreply.github.com>	2001-07-06 02:36:46 +0000
committer	bala <balanatarajan@users.noreply.github.com>	2001-07-06 02:36:46 +0000
commit	d43d3e5f8f54b5bc7c2f3f19d708a9878292f7d4 (patch)
tree	d5004c2ef3ba1c2916b9671083c7a157a2cc5faa
parent	5cebc014589c3499be237af3b15aee8a56040b42 (diff)
download	ATCD-d43d3e5f8f54b5bc7c2f3f19d708a9878292f7d4.tar.gz