From b76ee8f7c858dd056de140057077ef8f53653ab1 Mon Sep 17 00:00:00 2001 From: bala Date: Fri, 8 Dec 2000 19:16:05 +0000 Subject: ChangeLogTag: Fri Dec 8 13:06:40 2000 Balachandran Natarajan --- TAO/ChangeLogs/ChangeLog-02a | 5 +- TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connect.cpp | 212 ------- TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connect.h | 176 ------ .../orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.cpp | 162 +++++ .../orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h | 114 ++++ TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connect.cpp | 658 --------------------- TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connect.h | 290 --------- TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connect.i | 38 -- .../orbsvcs/SSLIOP/SSLIOP_Connection_Handler.cpp | 383 ++++++++++++ .../orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h | 204 +++++++ .../orbsvcs/SSLIOP/SSLIOP_Connection_Handler.i | 28 + 11 files changed, 895 insertions(+), 1375 deletions(-) delete mode 100644 TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connect.cpp delete mode 100644 TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connect.h create mode 100644 TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.cpp create mode 100644 TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h delete mode 100644 TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connect.cpp delete mode 100644 TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connect.h delete mode 100644 TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connect.i create mode 100644 TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.cpp create mode 100644 TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h create mode 100644 TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.i diff --git a/TAO/ChangeLogs/ChangeLog-02a b/TAO/ChangeLogs/ChangeLog-02a index 612ff7f2e4b..a74de73f796 100644 --- a/TAO/ChangeLogs/ChangeLog-02a +++ b/TAO/ChangeLogs/ChangeLog-02a @@ -13,7 +13,7 @@ Fri Dec 8 13:06:40 2000 Balachandran Natarajan * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i: * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.cpp: * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.h: Replicated changes - from IIOP. + that have been made to IIOP. * orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h: * orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.cpp: @@ -22,6 +22,9 @@ Fri Dec 8 13:06:40 2000 Balachandran Natarajan * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.i: New files for the connection handler. + * orbsvcs/orbsvcs/Makefile.SSLIOP: Added new files and updated + dependencies. + * tao/IIOP_Connector.cpp: Fixed some typos in #pragma instantiation. diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connect.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connect.cpp deleted file mode 100644 index 2a8894fabd6..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connect.cpp +++ /dev/null @@ -1,212 +0,0 @@ -// $Id$ - - -#include "IIOP_SSL_Connect.h" -#include "SSLIOP_Current.h" -#include "tao/Timeprobe.h" -#include "tao/ORB_Core.h" -#include "tao/ORB.h" - - -ACE_RCSID(TAO_SSLIOP, IIOP_SSL_Connect, "$Id$") - - -#if defined (ACE_ENABLE_TIMEPROBES) - -static const char *TAO_IIOP_SSL_Connect_Timeprobe_Description[] = -{ - "IIOP_SSL_Server_Connection_Handler::handle_input - start", - "IIOP_SSL_Server_Connection_Handler::handle_input - end", - - "IIOP_SSL_Server_Connection_Handler::handle_locate - start", - "IIOP_SSL_Server_Connection_Handler::handle_locate - end", - - "IIOP_SSL_Server_Connection_Handler::receive_request - end", - - "IIOP_SSL_Client_Connection_Handler::send_request - start", - "IIOP_SSL_Client_Connection_Handler::send_request - end"}; - -enum -{ - // Timeprobe description table start key - TAO_IIOP_SSL_SERVER_CONNECTION_HANDLER_HANDLE_INPUT_START = 320, - TAO_IIOP_SSL_SERVER_CONNECTION_HANDLER_HANDLE_INPUT_END, - - TAO_IIOP_SSL_SERVER_CONNECTION_HANDLER_HANDLE_LOCATE_START, - TAO_IIOP_SSL_SERVER_CONNECTION_HANDLER_HANDLE_LOCATE_END, - - TAO_IIOP_SSL_SERVER_CONNECTION_HANDLER_RECEIVE_REQUEST_END, - - TAO_IIOP_SSL_CLIENT_CONNECTION_HANDLER_SEND_REQUEST_START, - TAO_IIOP_SSL_CLIENT_CONNECTION_HANDLER_SEND_REQUEST_END -}; - -// Setup Timeprobes -ACE_TIMEPROBE_EVENT_DESCRIPTIONS (TAO_IIOP_SSL_Connect_Timeprobe_Description, - TAO_IIOP_SSL_SERVER_CONNECTION_HANDLER_HANDLE_INPUT_START); - -#endif /* ACE_ENABLE_TIMEPROBES */ - -TAO_IIOP_SSL_Server_Connection_Handler:: -TAO_IIOP_SSL_Server_Connection_Handler (ACE_Thread_Manager *t) - : TAO_IIOP_Server_Connection_Handler (t) -{ - // This constructor should *never* get called, it is just here to - // make the compiler happy: the default implementation of the - // Creation_Strategy requires a constructor with that signature, we - // don't use that implementation, but some (most?) compilers - // instantiate it anyway. - ACE_ASSERT (this->orb_core () != 0); -} - - -TAO_IIOP_SSL_Server_Connection_Handler:: -TAO_IIOP_SSL_Server_Connection_Handler (TAO_ORB_Core *orb_core, - CORBA::Boolean flag, - void *arg) - : TAO_IIOP_Server_Connection_Handler (orb_core, flag, arg) -{ -} - -TAO_IIOP_SSL_Server_Connection_Handler:: -~TAO_IIOP_SSL_Server_Connection_Handler (void) -{ -} - -int -TAO_IIOP_SSL_Server_Connection_Handler::handle_input_i ( - ACE_HANDLE handle, - ACE_Time_Value *max_wait_time) -{ - int result; - - // Invalidate the TSS SSL session state to make sure that SSL state - // from a previous SSL connection is not confused with this non-SSL - // connection. - TAO_Null_SSL_State_Guard guard (this->orb_core (), result); - - if (result != 0) - return -1; - - return - this->TAO_IIOP_Server_Connection_Handler::handle_input_i (handle, - max_wait_time); -} - -// **************************************************************** - -TAO_IIOP_SSL_Client_Connection_Handler:: -TAO_IIOP_SSL_Client_Connection_Handler (ACE_Thread_Manager* t) - : TAO_IIOP_Client_Connection_Handler (t) -{ - // This constructor should *never* get called. See comments in .h - ACE_ASSERT (this->orb_core () != 0); -} - -TAO_IIOP_SSL_Client_Connection_Handler:: -TAO_IIOP_SSL_Client_Connection_Handler (ACE_Thread_Manager *t, - TAO_ORB_Core* orb_core, - CORBA::Boolean flag, - void *arg) - : TAO_IIOP_Client_Connection_Handler (t, orb_core, flag, arg) -{ -} - -TAO_IIOP_SSL_Client_Connection_Handler:: -~TAO_IIOP_SSL_Client_Connection_Handler (void) -{ -} - -int -TAO_IIOP_SSL_Client_Connection_Handler::handle_input (ACE_HANDLE handle) -{ - int result; - - // Invalidate the TSS SSL session state to make sure that SSL state - // from a previous SSL connection is not confused with this non-SSL - // connection. - TAO_Null_SSL_State_Guard guard (this->orb_core (), result); - - if (result != 0) - return -1; - - return - this->TAO_IIOP_Client_Connection_Handler::handle_input (handle); -} - -int -TAO_IIOP_SSL_Client_Connection_Handler::handle_input_i (ACE_HANDLE, - ACE_Time_Value *) -{ - ACE_NOTSUP_RETURN (-1); -} - -// **************************************************************** - -TAO_Null_SSL_State_Guard::TAO_Null_SSL_State_Guard ( - TAO_ORB_Core *orb_core, - int &result) -{ - // Make sure we have a valid reference to the SSLIOP::Current - // object. - if (CORBA::is_nil (this->current_.in ())) - { - ACE_DECLARE_NEW_CORBA_ENV; - ACE_TRY - { - CORBA::Object_var object = - orb_core->orb ()->resolve_initial_references ( - "SSLIOPCurrent", - ACE_TRY_ENV); - ACE_TRY_CHECK; - - this->current_ = SSLIOP::Current::_narrow (object.in (), - ACE_TRY_ENV); - ACE_TRY_CHECK; - - if (CORBA::is_nil (this->current_.in ())) - ACE_TRY_THROW (CORBA::INV_OBJREF ()); - } - ACE_CATCHANY - { - if (TAO_debug_level > 0) - ACE_PRINT_EXCEPTION (ACE_ANY_EXCEPTION, - "TAO_Null_SSL_State_Guard: " - "Could not resolve " - "\"SSLIOPCurrent\" object."); - - result = -1; - return; - } - ACE_ENDTRY; - ACE_CHECK; - } - - TAO_SSLIOP_Current *current = - ACE_dynamic_cast (TAO_SSLIOP_Current *, - this->current_.in ()); - - if (current == 0) // Sanity check - { - result = -1; - return; - } - - // Invalidate the TSS SSL session state to make sure that SSL state - // from a previous SSL connection is not confused with this non-SSL - // connection. - current->setup (0); - - result = 0; -} - -TAO_Null_SSL_State_Guard::~TAO_Null_SSL_State_Guard (void) -{ - TAO_SSLIOP_Current *current = - ACE_dynamic_cast (TAO_SSLIOP_Current *, - this->current_.in ()); - - // Restore the previous TSS SSL state. - if (current != 0) - current->teardown (); -} diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connect.h b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connect.h deleted file mode 100644 index 976c80b8cf7..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connect.h +++ /dev/null @@ -1,176 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file IIOP_SSL_Connect.h - * - * $Id$ - * - * @author Ossama Othman - */ -//============================================================================= - - -#ifndef TAO_IIOP_SSL_CONNECT_H -#define TAO_IIOP_SSL_CONNECT_H - -#include "ace/pre.h" - -#include "SSLIOP_Export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -#pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOPC.h" -#include "tao/IIOP_Connect.h" - - -/** - * @class TAO_IIOP_SSL_Server_Connection_Handler - * - * @brief - * IIOP connection handler designed to be "SSL aware," i.e. it is - * aware of the existence of the SSLIOP connection handler. It makes - * sure that SSL session state from a previous connection is not - * associated with the non-SSL connection handled by this handler. - * - * This connection handler is essentially the same as the - * standard IIOP client connection handler it is derived from. - * However, this class overrides the handle_input() method to - * invalidate the current TSS SSL state during a standard IIOP - * (insecure) upcall. This prevents SSL session state from a previous - * SSL connection from being associated with non-SSL connections - * processed by this connection handler. In particular, this is very - * important for closing a security hole in nested upcalls. For - * example, an SSLIOP request is made. During that secure upcall, an - * insecure nested upcall is made. A naive implementation would - * associate the TSS SSL state from the secure upcall with the - * insecure upcall. This implementation closes that security hole. - */ -class TAO_SSLIOP_Export TAO_IIOP_SSL_Server_Connection_Handler - : public TAO_IIOP_Server_Connection_Handler -{ -public: - - /// Constructor. parameter is used by the Acceptor to pass the - /// protocol configuration properties for this connection. - TAO_IIOP_SSL_Server_Connection_Handler (ACE_Thread_Manager* t = 0); - TAO_IIOP_SSL_Server_Connection_Handler (TAO_ORB_Core *orb_core, - CORBA::Boolean flag, - void *arg); - - /// Destructor. - ~TAO_IIOP_SSL_Server_Connection_Handler (void); - -protected: - - /// Overridden method that invalidates the TSS SSL state for the - /// current upcall, and restores the previous state once the upcall - /// is done. - virtual int handle_input_i (ACE_HANDLE = ACE_INVALID_HANDLE, - ACE_Time_Value *max_wait_time = 0); - -}; - -/*************************************************************************/ - -/** - * @class TAO_IIOP_SSL_Client_Connection_Handler - * - * @brief - * IIOP connection handler designed to be "SSL aware," i.e. it is - * aware of the existence of the SSLIOP connection handler. It makes - * sure that SSL session state from a previous connection is not - * associated with the non-SSL connection handled by this handler. - * - * This connection handler is essentially the same as the - * standard IIOP client connection handler it is derived from. - * However, this class overrides the handle_input() method to - * invalidate the current TSS SSL state during a standard IIOP - * (insecure) upcall. This prevents SSL session state from a previous - * SSL connection from being associated with non-SSL connections - * processed by this connection handler. - */ -class TAO_SSLIOP_Export TAO_IIOP_SSL_Client_Connection_Handler - : public TAO_IIOP_Client_Connection_Handler -{ - // = TITLE - // used on the client side and returned by the - // . -public: - - /** - * This constructor should *never* get called, it is just here to - * make the compiler happy: the default implementation of the - * Creation_Strategy requires a constructor with that signature, we - * don't use that implementation, but some (most?) compilers - * instantiate it anyway. - */ - TAO_IIOP_SSL_Client_Connection_Handler (ACE_Thread_Manager* t = 0); - - /// Constructor. parameter is used by the Connector to pass - /// the protocol configuration properties for this connection. - TAO_IIOP_SSL_Client_Connection_Handler (ACE_Thread_Manager *t, - TAO_ORB_Core* orb_core, - CORBA::Boolean flag, - void *arg); - - /// Destructor - virtual ~TAO_IIOP_SSL_Client_Connection_Handler (void); - - /// Overridden method that invalidates the TSS SSL state for the - /// current request, and restores the previous state once the - /// request is completed. - virtual int handle_input (ACE_HANDLE = ACE_INVALID_HANDLE); - -private: - - /** - * Will not be called at all. As a matter of fact should not be - * called. This is just to override the pure virtual function in - * the TAO_Connection_Handler class. - */ - virtual int handle_input_i (ACE_HANDLE = ACE_INVALID_HANDLE, - ACE_Time_Value *max_wait_time = 0); -}; - -// **************************************************************** - -/** - * @class TAO_Null_SSL_State_Guard - * - * @brief - * This class sets up null TSS SSL state upon instantiation, and - * restores the previous TSS SSL state when that instance goes out of - * scope. - * - * This guard is used to make TSS SSL state configuration and - * deconfiguration during an upcall exception safe. Exceptions are - * not supposed to be propagated up to the scope this guard is used - * in, so this guard may be unnecessary. However, since proper TSS - * SSL state configuration/deconfiguration is critical to proper - * security support, this guard is used to ensure that - * configuration/deconfiguration is exception safe. - */ -class TAO_SSLIOP_Export TAO_Null_SSL_State_Guard -{ -public: - - /// Constructor that sets up the null TSS SSL state. - TAO_Null_SSL_State_Guard (TAO_ORB_Core *orb_core, - int &result); - - /// Destructor that restores the previous TSS SSL state. - ~TAO_Null_SSL_State_Guard (void); - -private: - - /// Reference to the SSLIOP::Current object. - SSLIOP::Current_var current_; - -}; - -#include "ace/post.h" - -#endif /* TAO_IIOP_SSL_CONNECT_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.cpp new file mode 100644 index 00000000000..4f9e9cbba66 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.cpp @@ -0,0 +1,162 @@ +// $Id$ + + +#include "IIOP_SSL_Connection_Handler.h" +#include "SSLIOP_Current.h" +#include "tao/Timeprobe.h" +#include "tao/ORB_Core.h" +#include "tao/ORB.h" + + +ACE_RCSID(TAO_SSLIOP, IIOP_SSL_Connect, "$Id$") + + +#if defined (ACE_ENABLE_TIMEPROBES) + +static const char *TAO_IIOP_SSL_Connect_Timeprobe_Description[] = +{ + "IIOP_SSL_Connection_Handler::handle_input - start", + "IIOP_SSL_Connection_Handler::handle_input - end", + + "IIOP_SSL_Connection_Handler::handle_locate - start", + "IIOP_SSL_Connection_Handler::handle_locate - end", + + "IIOP_SSL_Connection_Handler::receive_request - end", + + "IIOP_SSL_Connection_Handler::send_request - start", + "IIOP_SSL_Connection_Handler::send_request - end"}; + +enum +{ + // Timeprobe description table start key + TAO_IIOP_SSL_CONNECTION_HANDLER_HANDLE_INPUT_START = 320, + TAO_IIOP_SSL_CONNECTION_HANDLER_HANDLE_INPUT_END, + + TAO_IIOP_SSL_CONNECTION_HANDLER_HANDLE_LOCATE_START, + TAO_IIOP_SSL_CONNECTION_HANDLER_HANDLE_LOCATE_END, + + TAO_IIOP_SSL_CONNECTION_HANDLER_RECEIVE_REQUEST_END + +}; + +// Setup Timeprobes +ACE_TIMEPROBE_EVENT_DESCRIPTIONS (TAO_IIOP_SSL_Connect_Timeprobe_Description, + TAO_IIOP_SSL_CONNECTION_HANDLER_HANDLE_INPUT_START); + +#endif /* ACE_ENABLE_TIMEPROBES */ + +TAO_IIOP_SSL_Connection_Handler:: +TAO_IIOP_SSL_Connection_Handler (ACE_Thread_Manager *t) + : TAO_IIOP_Connection_Handler (t) +{ + // This constructor should *never* get called, it is just here to + // make the compiler happy: the default implementation of the + // Creation_Strategy requires a constructor with that signature, we + // don't use that implementation, but some (most?) compilers + // instantiate it anyway. + ACE_ASSERT (this->orb_core () != 0); +} + + +TAO_IIOP_SSL_Connection_Handler:: +TAO_IIOP_SSL_Connection_Handler (TAO_ORB_Core *orb_core, + CORBA::Boolean flag, + void *arg) + : TAO_IIOP_Connection_Handler (orb_core, flag, arg) +{ +} + +TAO_IIOP_SSL_Connection_Handler:: +~TAO_IIOP_SSL_Connection_Handler (void) +{ +} + +int +TAO_IIOP_SSL_Connection_Handler::handle_input_i ( + ACE_HANDLE handle, + ACE_Time_Value *max_wait_time) +{ + int result; + + // Invalidate the TSS SSL session state to make sure that SSL state + // from a previous SSL connection is not confused with this non-SSL + // connection. + TAO_Null_SSL_State_Guard guard (this->orb_core (), result); + + if (result != 0) + return -1; + + return + this->TAO_IIOP_Connection_Handler::handle_input_i (handle, + max_wait_time); +} + +// **************************************************************** + +TAO_Null_SSL_State_Guard::TAO_Null_SSL_State_Guard ( + TAO_ORB_Core *orb_core, + int &result) +{ + // Make sure we have a valid reference to the SSLIOP::Current + // object. + if (CORBA::is_nil (this->current_.in ())) + { + ACE_DECLARE_NEW_CORBA_ENV; + ACE_TRY + { + CORBA::Object_var object = + orb_core->orb ()->resolve_initial_references ( + "SSLIOPCurrent", + ACE_TRY_ENV); + ACE_TRY_CHECK; + + this->current_ = SSLIOP::Current::_narrow (object.in (), + ACE_TRY_ENV); + ACE_TRY_CHECK; + + if (CORBA::is_nil (this->current_.in ())) + ACE_TRY_THROW (CORBA::INV_OBJREF ()); + } + ACE_CATCHANY + { + if (TAO_debug_level > 0) + ACE_PRINT_EXCEPTION (ACE_ANY_EXCEPTION, + "TAO_Null_SSL_State_Guard: " + "Could not resolve " + "\"SSLIOPCurrent\" object."); + + result = -1; + return; + } + ACE_ENDTRY; + ACE_CHECK; + } + + TAO_SSLIOP_Current *current = + ACE_dynamic_cast (TAO_SSLIOP_Current *, + this->current_.in ()); + + if (current == 0) // Sanity check + { + result = -1; + return; + } + + // Invalidate the TSS SSL session state to make sure that SSL state + // from a previous SSL connection is not confused with this non-SSL + // connection. + current->setup (0); + + result = 0; +} + +TAO_Null_SSL_State_Guard::~TAO_Null_SSL_State_Guard (void) +{ + TAO_SSLIOP_Current *current = + ACE_dynamic_cast (TAO_SSLIOP_Current *, + this->current_.in ()); + + // Restore the previous TSS SSL state. + if (current != 0) + current->teardown (); +} diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h new file mode 100644 index 00000000000..04bc0852b29 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h @@ -0,0 +1,114 @@ +// -*- C++ -*- + +//============================================================================= +/** + * @file IIOP_SSL_Connect.h + * + * $Id$ + * + * @author Ossama Othman + */ +//============================================================================= + + +#ifndef TAO_IIOP_SSL_CONNECT_H +#define TAO_IIOP_SSL_CONNECT_H + +#include "ace/pre.h" + +#include "SSLIOP_Export.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +#pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "orbsvcs/SSLIOPC.h" +#include "tao/IIOP_Connection_Handler.h" + + +/** + * @class TAO_IIOP_SSL_Connection_Handler + * + * @brief + * IIOP connection handler designed to be "SSL aware," i.e. it is + * aware of the existence of the SSLIOP connection handler. It makes + * sure that SSL session state from a previous connection is not + * associated with the non-SSL connection handled by this handler. + * + * This connection handler is essentially the same as the + * standard IIOP client connection handler it is derived from. + * However, this class overrides the handle_input() method to + * invalidate the current TSS SSL state during a standard IIOP + * (insecure) upcall. This prevents SSL session state from a previous + * SSL connection from being associated with non-SSL connections + * processed by this connection handler. In particular, this is very + * important for closing a security hole in nested upcalls. For + * example, an SSLIOP request is made. During that secure upcall, an + * insecure nested upcall is made. A naive implementation would + * associate the TSS SSL state from the secure upcall with the + * insecure upcall. This implementation closes that security hole. + */ +class TAO_SSLIOP_Export TAO_IIOP_SSL_Connection_Handler + : public TAO_IIOP_Connection_Handler +{ +public: + + /// Constructor. parameter is used by the Acceptor to pass the + /// protocol configuration properties for this connection. + TAO_IIOP_SSL_Connection_Handler (ACE_Thread_Manager* t = 0); + TAO_IIOP_SSL_Connection_Handler (TAO_ORB_Core *orb_core, + CORBA::Boolean flag, + void *arg); + + /// Destructor. + ~TAO_IIOP_SSL_Connection_Handler (void); + +protected: + + /// Overridden method that invalidates the TSS SSL state for the + /// current upcall, and restores the previous state once the upcall + /// is done. + virtual int handle_input_i (ACE_HANDLE = ACE_INVALID_HANDLE, + ACE_Time_Value *max_wait_time = 0); + +}; + +// **************************************************************** + +/** + * @class TAO_Null_SSL_State_Guard + * + * @brief + * This class sets up null TSS SSL state upon instantiation, and + * restores the previous TSS SSL state when that instance goes out of + * scope. + * + * This guard is used to make TSS SSL state configuration and + * deconfiguration during an upcall exception safe. Exceptions are + * not supposed to be propagated up to the scope this guard is used + * in, so this guard may be unnecessary. However, since proper TSS + * SSL state configuration/deconfiguration is critical to proper + * security support, this guard is used to ensure that + * configuration/deconfiguration is exception safe. + */ +class TAO_SSLIOP_Export TAO_Null_SSL_State_Guard +{ +public: + + /// Constructor that sets up the null TSS SSL state. + TAO_Null_SSL_State_Guard (TAO_ORB_Core *orb_core, + int &result); + + /// Destructor that restores the previous TSS SSL state. + ~TAO_Null_SSL_State_Guard (void); + +private: + + /// Reference to the SSLIOP::Current object. + SSLIOP::Current_var current_; + +}; + +#include "ace/post.h" + +#endif /* TAO_IIOP_SSL_CONNECT_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connect.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connect.cpp deleted file mode 100644 index 6a0df1d8484..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connect.cpp +++ /dev/null @@ -1,658 +0,0 @@ -// $Id$ - -#include "SSLIOP_Connect.h" -#include "SSLIOP_Current.h" -#include "SSLIOP_Endpoint.h" - -#include "tao/Timeprobe.h" -#include "tao/debug.h" -#include "tao/Base_Connection_Property.h" -#include "tao/ORB_Core.h" -#include "tao/ORB.h" -#include "tao/CDR.h" -#include "tao/Messaging_Policy_i.h" -#include "tao/GIOP_Message_Lite.h" -#include "tao/GIOP_Message_Acceptors.h" -#include "tao/Server_Strategy_Factory.h" -#include "tao/IIOP_Endpoint.h" - - -#if !defined (__ACE_INLINE__) -# include "SSLIOP_Connect.i" -#endif /* ! __ACE_INLINE__ */ - -ACE_RCSID(TAO_SSLIOP, SSLIOP_Connect, "$Id$") - -#if defined (ACE_ENABLE_TIMEPROBES) - -static const char *TAO_SSLIOP_Connect_Timeprobe_Description[] = -{ - "SSLIOP_Server_Connection_Handler::handle_input - start", - "SSLIOP_Server_Connection_Handler::handle_input - end", - - "SSLIOP_Server_Connection_Handler::handle_locate - start", - "SSLIOP_Server_Connection_Handler::handle_locate - end", - - "SSLIOP_Server_Connection_Handler::receive_request - end", - - "SSLIOP_Client_Connection_Handler::send_request - start", - "SSLIOP_Client_Connection_Handler::send_request - end"}; - -enum -{ - // Timeprobe description table start key - TAO_SSLIOP_SERVER_CONNECTION_HANDLER_HANDLE_INPUT_START = 310, - TAO_SSLIOP_SERVER_CONNECTION_HANDLER_HANDLE_INPUT_END, - - TAO_SSLIOP_SERVER_CONNECTION_HANDLER_HANDLE_LOCATE_START, - TAO_SSLIOP_SERVER_CONNECTION_HANDLER_HANDLE_LOCATE_END, - - TAO_SSLIOP_SERVER_CONNECTION_HANDLER_RECEIVE_REQUEST_END, - - TAO_SSLIOP_CLIENT_CONNECTION_HANDLER_SEND_REQUEST_START, - TAO_SSLIOP_CLIENT_CONNECTION_HANDLER_SEND_REQUEST_END -}; - -// Setup Timeprobes -ACE_TIMEPROBE_EVENT_DESCRIPTIONS (TAO_SSLIOP_Connect_Timeprobe_Description, - TAO_SSLIOP_SERVER_CONNECTION_HANDLER_HANDLE_INPUT_START); - -#endif /* ACE_ENABLE_TIMEPROBES */ - -// **************************************************************** - -TAO_SSLIOP_Connection_Handler::TAO_SSLIOP_Connection_Handler ( - ACE_Thread_Manager* t) - : TAO_SSL_SVC_HANDLER (t, 0, 0), - current_ (), - current_impl_ () -{ -} - -int -TAO_SSLIOP_Connection_Handler::setup_ssl_state (TAO_ORB_Core *orb_core) -{ - // Make sure we have a valid reference to the SSLIOP::Current - // object. - if (CORBA::is_nil (this->current_.in ())) - { - ACE_DECLARE_NEW_CORBA_ENV; - ACE_TRY - { - CORBA::Object_var object = - orb_core->orb ()->resolve_initial_references ( - "SSLIOPCurrent", - ACE_TRY_ENV); - ACE_TRY_CHECK; - - this->current_ = SSLIOP::Current::_narrow (object.in (), - ACE_TRY_ENV); - ACE_TRY_CHECK; - - if (CORBA::is_nil (this->current_.in ())) - ACE_TRY_THROW (CORBA::INV_OBJREF ()); - } - ACE_CATCHANY - { - if (TAO_debug_level > 0) - ACE_PRINT_EXCEPTION (ACE_ANY_EXCEPTION, - "Could not resolve " - "\"SSLIOPCurrent\" object"); - - return -1; - } - ACE_ENDTRY; - ACE_CHECK_RETURN (-1); - } - - TAO_SSLIOP_Current *current = - ACE_dynamic_cast (TAO_SSLIOP_Current *, - this->current_.in ()); - - if (current == 0) // Sanity check - return -1; - - // Make the SSL session state available to the SSLIOP::Current - // TSS object. - this->current_impl_.ssl (this->peer ().ssl ()); - - current->setup (&this->current_impl_); - - return 0; -} - -void -TAO_SSLIOP_Connection_Handler::teardown_ssl_state (void) -{ - TAO_SSLIOP_Current *current = - ACE_dynamic_cast (TAO_SSLIOP_Current *, - this->current_.in ()); - - if (current != 0) - current->teardown (); -} - -// **************************************************************** - -TAO_SSLIOP_Server_Connection_Handler:: -TAO_SSLIOP_Server_Connection_Handler (ACE_Thread_Manager *t) - : TAO_SSLIOP_Connection_Handler (t), - TAO_Connection_Handler (0), - transport_ (this, 0), - acceptor_factory_ (0), - refcount_ (1), - tcp_properties_ (0) -{ - // This constructor should *never* get called, it is just here to - // make the compiler happy: the default implementation of the - // Creation_Strategy requires a constructor with that signature, we - // don't use that implementation, but some (most?) compilers - // instantiate it anyway. - ACE_ASSERT (this->orb_core () != 0); -} - -TAO_SSLIOP_Server_Connection_Handler::TAO_SSLIOP_Server_Connection_Handler ( - TAO_ORB_Core *orb_core, - CORBA::Boolean /* lite_flag */, - void *arg) - : TAO_SSLIOP_Connection_Handler (orb_core->thr_mgr ()), - TAO_Connection_Handler (orb_core), - transport_ (this, orb_core), - acceptor_factory_ (orb_core), - refcount_ (1), - tcp_properties_ (ACE_static_cast - (TAO_IIOP_Properties *, arg)) -{ - // The flag that is used to enable GIOPlite is *not* used for - // SSLIOP. GIOPlite introduces security holes. It should not be - // enabled for SSLIOP, so mark it as an unused argument in the - // argument list. -} - - -TAO_SSLIOP_Server_Connection_Handler:: -~TAO_SSLIOP_Server_Connection_Handler (void) -{ - // If the socket has not already been closed. - if (this->get_handle () != ACE_INVALID_HANDLE) - { - // Cannot deal with errors, and therefore they are ignored. - this->transport_.send_buffered_messages (); - } - else - { - // Dequeue messages and delete message blocks. - this->transport_.dequeue_all (); - } -} - -int -TAO_SSLIOP_Server_Connection_Handler::open (void*) -{ - if (this->set_socket_option (this->peer (), - tcp_properties_->send_buffer_size, - tcp_properties_->recv_buffer_size) - == -1) - return -1; - -#if !defined (ACE_LACKS_TCP_NODELAY) - - if (this->peer ().set_option (ACE_IPPROTO_TCP, - TCP_NODELAY, - (void *) - &this->tcp_properties_->no_delay, - sizeof (int)) == -1) - return -1; -#endif /* ! ACE_LACKS_TCP_NODELAY */ - - // Called by the when the handler is - // completely connected. - ACE_INET_Addr addr; - - if (this->peer ().get_remote_addr (addr) == -1) - return -1; - - char client[MAXHOSTNAMELEN + 16]; - if (addr.addr_to_string (client, sizeof (client)) == -1) - return -1; - - // Construct an IIOP_Endpoint object - TAO_IIOP_Endpoint tmpoint (addr, - 0); - - TAO_SSLIOP_Endpoint endpoint (0, - &tmpoint); - - // Construct a property object - TAO_Base_Connection_Property prop (&endpoint); - - // Add the handler to Cache - if (this->orb_core ()->connection_cache ().cache_handler (&prop, - this) == -1) - { - if (TAO_debug_level > 4) - { - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) unable to cache the handle \n"))); - } - } - - if (TAO_debug_level > 0) - { - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) SSLIOP connection from ") - ACE_TEXT ("client <%s> on %d\n"), - client, - this->peer ().get_handle ())); - } - - return 0; -} - -int -TAO_SSLIOP_Server_Connection_Handler::activate (long flags, - int n_threads, - int force_active, - long priority, - int grp_id, - ACE_Task_Base *task, - ACE_hthread_t thread_handles[], - void *stack[], - size_t stack_size[], - ACE_thread_t thread_names[]) -{ - if (TAO_orbdebug) - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) ") - ACE_TEXT ("SSLIOP_Server_Connection_Handler::activate %d ") - ACE_TEXT ("threads, flags = %d\n"), - n_threads, - flags, - THR_BOUND)); - - return TAO_SSL_SVC_HANDLER::activate (flags, - n_threads, - force_active, - priority, - grp_id, - task, - thread_handles, - stack, - stack_size, - thread_names); -} - -int -TAO_SSLIOP_Server_Connection_Handler::handle_close (ACE_HANDLE handle, - ACE_Reactor_Mask rm) -{ - if (TAO_orbdebug) - ACE_DEBUG ((LM_DEBUG, - "TAO (%P|%t) SSLIOP_Server_Connection_Handler::handle_close " - "(%d, %d)\n", - handle, - rm)); - - --this->refcount_; - if (this->refcount_ == 0 && - this->is_registered ()) - { - // Set the flag to indicate that it is no longer registered with - // the reactor, so that it isn't included in the set that is - // passed to the reactor on ORB destruction. - this->is_registered (0); - - // Decrement the reference count - this->decr_ref_count (); - - //return TAO_SSL_SVC_HANDLER::handle_close (handle, rm); - } - - return 0; -} - -int -TAO_SSLIOP_Server_Connection_Handler::svc (void) -{ - // This method is called when an instance is "activated", i.e., - // turned into an active object. Presumably, activation spawns a - // thread with this method as the "worker function". - - // Call the implementation here - return this->svc_i (); -} - -int -TAO_SSLIOP_Server_Connection_Handler::handle_input (ACE_HANDLE h) -{ - return this->handle_input_i (h); -} - -int -TAO_SSLIOP_Server_Connection_Handler::handle_input_i ( - ACE_HANDLE, - ACE_Time_Value *max_wait_time) -{ - int result; - - // Set up the SSLIOP::Current object. - TAO_SSL_State_Guard ssl_state_guard (this, this->orb_core (), result); - - if (result != 0) - return -1; - - this->refcount_++; - - result = - this->acceptor_factory_.handle_input (this->transport (), - this->orb_core (), - this->transport_.message_state_, - max_wait_time); - - if (result == -1 && TAO_debug_level > 0) - { - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) - %p\n "), - ACE_TEXT ("SSLIOP_Server_Connection_Handler::handle_input, ") - ACE_TEXT ("handle_input"))); - } - - if (result == 0 || result == -1) - { - --this->refcount_; - if (this->refcount_ == 0) - this->decr_ref_count (); - - return result; - } - - // - // Take out all the information from the and reset - // it so that nested upcall on the same transport can be handled. - // - - // Notice that the message_state is only modified in one thread at a - // time because the reactor does not call handle_input() for the - // same Event_Handler in two threads at the same time. - - // Copy message type. - TAO_GIOP_Message_State &ms = this->transport_.message_state_; - CORBA::Octet message_type = ms.message_type; - - // Copy version. - TAO_GIOP_Version giop_version = ms.giop_version; - - // Steal the input CDR from the message state. - TAO_InputCDR input_cdr (ACE_InputCDR::Transfer_Contents (ms.cdr), - this->orb_core ()); - - // Reset the message state. - this->transport_.message_state_.reset (0); - - result = - this->acceptor_factory_.process_client_message (this->transport (), - this->orb_core (), - input_cdr, - message_type); - - if (result != -1) - result = 0; - - --this->refcount_; - if (this->refcount_ == 0) - this->decr_ref_count (); - - return result; -} - -ACE_HANDLE -TAO_SSLIOP_Server_Connection_Handler::fetch_handle (void) -{ - return this->get_handle (); -} - -// **************************************************************** - -// transport obj. -TAO_SSLIOP_Client_Connection_Handler:: -TAO_SSLIOP_Client_Connection_Handler (ACE_Thread_Manager *t) - : TAO_SSLIOP_Connection_Handler (t), - TAO_Connection_Handler (0), - transport_ (this, 0), - tcp_properties_ (0) -{ - // This constructor should *never* get called. See comments in .h - ACE_ASSERT (this->orb_core () != 0); -} - -TAO_SSLIOP_Client_Connection_Handler:: -TAO_SSLIOP_Client_Connection_Handler (ACE_Thread_Manager *t, - TAO_ORB_Core* orb_core, - CORBA::Boolean /* lite_flag */, - void *arg) - : TAO_SSLIOP_Connection_Handler (t), - TAO_Connection_Handler (orb_core), - transport_ (this, orb_core), - tcp_properties_ (ACE_static_cast - (TAO_IIOP_Properties *, arg)) -{ - // The flag that is used to enable GIOPlite is *not* used for - // SSLIOP. GIOPlite introduces security holes. It should not be - // enabled for SSLIOP, so mark it as an unused argument in the - // argument list. -} - -TAO_SSLIOP_Client_Connection_Handler:: -~TAO_SSLIOP_Client_Connection_Handler (void) -{ - // If the socket has not already been closed. - if (this->get_handle () != ACE_INVALID_HANDLE) - { - // Cannot deal with errors, and therefore they are ignored. - this->transport_.send_buffered_messages (); - - // Close the socket - this->peer ().close (); - } - else - { - // Dequeue messages and delete message blocks. - this->transport_.dequeue_all (); - } -} - - -// @@ Should I do something here to enable non-blocking?? (Alex). -// @@ Alex: I don't know if this is the place to do it, but the way to -// do it is: -// if (this->peer ().enable (ACE_NONBLOCK) == -1) -// return -1; -// Probably we will need to use the transport to decide if it is -// needed or not. - -int -TAO_SSLIOP_Client_Connection_Handler::open (void *) -{ - if (this->set_socket_option (this->peer (), - tcp_properties_->send_buffer_size, - tcp_properties_->recv_buffer_size) - == -1) - return -1; - -#if !defined (ACE_LACKS_TCP_NODELAY) - - if (this->peer ().set_option (ACE_IPPROTO_TCP, - TCP_NODELAY, - (void *) &tcp_properties_->no_delay, - sizeof (int)) == -1) - ACE_ERROR_RETURN ((LM_ERROR, - ACE_TEXT ("NODELAY failed\n")), - -1); -#endif /* ! ACE_LACKS_TCP_NODELAY */ - - // Called by the when the handler is completely - // connected. - ACE_INET_Addr addr; - - if (this->peer ().get_remote_addr (addr) == -1) - return -1; - - if (TAO_debug_level > 0) - { - char server[MAXHOSTNAMELEN + 16]; - - (void) addr.addr_to_string (server, sizeof (server)); - - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) SSLIOP connection to server ") - ACE_TEXT ("<%s> on %d\n"), - server, - this->peer ().get_handle ())); - } - - // Register the handler with the Reactor if necessary. - return this->transport ()->wait_strategy ()->register_handler (); -} - -int -TAO_SSLIOP_Client_Connection_Handler::close (u_long) -{ - this->destroy (); - - return 0; -} - -int -TAO_SSLIOP_Client_Connection_Handler::handle_input (ACE_HANDLE) -{ - int result; - - // Set up the SSLIOP::Current object. - TAO_SSL_State_Guard ssl_state_guard (this, this->orb_core (), result); - if (result != 0) - return -1; - - result = this->transport ()->handle_client_input (); - - if (result == -1) - return -1; - - return 0; -} - -int -TAO_SSLIOP_Client_Connection_Handler::handle_input_i (ACE_HANDLE, - ACE_Time_Value *) -{ - ACE_NOTSUP_RETURN (-1); -} - -int -TAO_SSLIOP_Client_Connection_Handler::handle_timeout (const ACE_Time_Value &, - const void *) -{ - // This method is called when buffering timer expires. - // - - ACE_Time_Value *max_wait_time = 0; - - TAO_Stub *stub = 0; - int has_timeout; - this->orb_core ()->call_timeout_hook (stub, - has_timeout, - *max_wait_time); - - // Cannot deal with errors, and therefore they are ignored. - this->transport ()->send_buffered_messages (max_wait_time); - - return 0; -} - - -int -TAO_SSLIOP_Client_Connection_Handler::handle_close (ACE_HANDLE handle, - ACE_Reactor_Mask rm) -{ - // @@ Alex: we need to figure out if the transport decides to close - // us or something else. If it is something else (for example - // the cached connector trying to make room for other - // connections) then we should let the transport know, so it can - // in turn take appropiate action (such as sending exceptions to - // all waiting reply handlers). - - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) ") - ACE_TEXT ("SSLIOP_Client_Connection_Handler::") - ACE_TEXT ("handle_close (%d, %d)\n"), - handle, - rm)); - - // Deregister this handler with the ACE_Reactor. - return this->handle_cleanup (); -} - -int -TAO_SSLIOP_Client_Connection_Handler::handle_close_i (ACE_HANDLE handle, - ACE_Reactor_Mask rm) -{ - // @@ Alex: we need to figure out if the transport decides to close - // us or something else. If it is something else (for example - // the cached connector trying to make room for other - // connections) then we should let the transport know, so it can - // in turn take appropiate action (such as sending exceptions to - // all waiting reply handlers). - - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) ") - ACE_TEXT ("SSLIOP_Client_Connection_Handler::") - ACE_TEXT ("handle_close_i (%d, %d)\n"), - handle, - rm)); - - return this->handle_cleanup (); -} - -int -TAO_SSLIOP_Client_Connection_Handler::handle_cleanup (void) -{ - // Call the implementation. - if (this->reactor ()) - { - // Make sure there are no timers. - this->reactor ()->cancel_timer (this); - } - - if (this->is_registered ()) - { - // Set the flag to indicate that it is no longer registered with - // the reactor, so that it isn't included in the set that is - // passed to the reactor on ORB destruction. - this->is_registered (0); - - // Now do the decrement of the ref count - this->decr_ref_count (); - } - - return 0; -} - -ACE_HANDLE -TAO_SSLIOP_Client_Connection_Handler::fetch_handle (void) -{ - return this->get_handle (); -} - - -// **************************************************************** - -#if defined (ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION) - -template class ACE_Svc_Handler; - -#elif defined (ACE_HAS_TEMPLATE_INSTANTIATION_PRAGMA) - -#pragma instantiate ACE_Svc_Handler - -#endif /* ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connect.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connect.h deleted file mode 100644 index f410194d395..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connect.h +++ /dev/null @@ -1,290 +0,0 @@ -// -*- C++ -*- -// -// $Id$ - -// ============================================================================ -// -// = LIBRARY -// TAO_SSLIOP -// -// = FILENAME -// SSLIOP_Connect.h -// -// = AUTHOR -// Carlos O'Ryan -// Ossama Othman -// -// ============================================================================ - -#ifndef TAO_SSLIOP_CONNECT_H -#define TAO_SSLIOP_CONNECT_H - -#include "ace/pre.h" - -#include "ace/config-all.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -#pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "ace/Reactor.h" - -#include "tao/corbafwd.h" -#include "tao/Wait_Strategy.h" -#include "tao/GIOP_Message_Acceptors.h" -#include "tao/Connection_Handler.h" -#include "tao/IIOP_Connect.h" - -#include "SSLIOP_Transport.h" -#include "SSLIOP_Current_Impl.h" -#include "orbsvcs/SSLIOPC.h" - - -// **************************************************************** - -/** - * @class TAO_SSLIOP_Connection_Handler - * - * @brief - * Class that encapsulates methods common to both the client and - * server side SSLIOP connection handlers. - */ -class TAO_SSLIOP_Export TAO_SSLIOP_Connection_Handler - : public TAO_SSL_SVC_HANDLER -{ - friend class TAO_SSL_State_Guard; - -public: - - /// Constructor. - TAO_SSLIOP_Connection_Handler (ACE_Thread_Manager* t); - -protected: - - /// Make the SSL session state available to the SSLIOP::Current - /// object. - int setup_ssl_state (TAO_ORB_Core *orb_core); - - /// Teardown the SSL session state. - void teardown_ssl_state (void); - -protected: - - /// Reference to the SSLIOP::Current object. - SSLIOP::Current_var current_; - - /// The portion of the SSLIOP::Current object that is placed in - /// TSS. - TAO_SSLIOP_Current_Impl current_impl_; - -}; - -// **************************************************************** - -class TAO_SSLIOP_Export TAO_SSLIOP_Server_Connection_Handler - : public TAO_SSLIOP_Connection_Handler, - public TAO_Connection_Handler -{ - // = TITLE - // Handles requests on a single connection in a server. - -public: - - TAO_SSLIOP_Server_Connection_Handler (ACE_Thread_Manager* t = 0); - TAO_SSLIOP_Server_Connection_Handler (TAO_ORB_Core *orb_core, - CORBA::Boolean flag, - void *arg); - // Constructor. - // parameter is normally used to enable the GIOPlite - // messaging protocol. However, it is disabled in SSLIOP since it - // introduces security holes. - // parameter is used by the Acceptor to pass the protocol - // configuration properties for this connection. - - ~TAO_SSLIOP_Server_Connection_Handler (void); - // Destructor. - - virtual int open (void *); - // Called by the when the handler is completely - // connected. Argument is unused. - - // = Active object activation method. - virtual int activate (long flags = THR_NEW_LWP, - int n_threads = 1, - int force_active = 0, - long priority = ACE_DEFAULT_THREAD_PRIORITY, - int grp_id = -1, - ACE_Task_Base *task = 0, - ACE_hthread_t thread_handles[] = 0, - void *stack[] = 0, - size_t stack_size[] = 0, - ACE_thread_t thread_names[] = 0); - - virtual int svc (void); - // Only used when the handler is turned into an active object by - // calling . This serves as the event loop in such cases. - - // = Template Methods Called by - - TAO_Transport *transport (void); - - virtual ACE_HANDLE fetch_handle (void); - // Return the underlying handle - -protected: - - // = Event Handler overloads - - virtual int handle_input (ACE_HANDLE = ACE_INVALID_HANDLE); - virtual int handle_input_i (ACE_HANDLE = ACE_INVALID_HANDLE, - ACE_Time_Value *max_wait_time = 0); - // Reads a message from the , dispatching and servicing it - // appropriately. - // handle_input() just delegates on handle_input_i() which timeouts - // after , this is used in thread-per-connection to - // ensure that server threads eventually exit. - - virtual int handle_close (ACE_HANDLE = ACE_INVALID_HANDLE, - ACE_Reactor_Mask = ACE_Event_Handler::NULL_MASK); - // Perform appropriate closing. - -protected: - - TAO_SSLIOP_Server_Transport transport_; - // @@ New transport object reference. - - TAO_GIOP_Message_Acceptors acceptor_factory_; - // Messaging acceptor factory - - u_long refcount_; - // Reference count, to avoid early deletes... - - TAO_IIOP_Properties *tcp_properties_; - // TCP configuration for this connection. - -}; - -// **************************************************************** - -class TAO_SSLIOP_Export TAO_SSLIOP_Client_Connection_Handler - : public TAO_SSLIOP_Connection_Handler, - public TAO_Connection_Handler -{ - // = TITLE - // used on the client side and returned by the - // . -public: - // = Initialization methods. - - TAO_SSLIOP_Client_Connection_Handler (ACE_Thread_Manager* t = 0); - // This constructor should *never* get called, it is just here to - // make the compiler happy: the default implementation of the - // Creation_Strategy requires a constructor with that signature, we - // don't use that implementation, but some (most?) compilers - // instantiate it anyway. - - TAO_SSLIOP_Client_Connection_Handler (ACE_Thread_Manager *t, - TAO_ORB_Core* orb_core, - CORBA::Boolean flag, - void *arg); - // Constructor. parameter is used by the Connector to pass the - // protocol configuration properties for this connection. - - virtual ~TAO_SSLIOP_Client_Connection_Handler (void); - - // = hook. - virtual int open (void *); - // Activation template method. - - // = Event Handler overloads - - virtual int handle_input (ACE_HANDLE = ACE_INVALID_HANDLE); - // Called when a response from a twoway invocation is available. - - virtual int handle_timeout (const ACE_Time_Value &tv, - const void *arg = 0); - // Called when buffering timer expires. - - virtual int handle_close (ACE_HANDLE = ACE_INVALID_HANDLE, - ACE_Reactor_Mask = ACE_Event_Handler::NULL_MASK); - // Perform appropriate closing. - - virtual int handle_close_i (ACE_HANDLE = ACE_INVALID_HANDLE, - ACE_Reactor_Mask = ACE_Event_Handler::NULL_MASK); - // Perform appropriate closing but without grabbing any locks. - - virtual int close (u_long flags = 0); - // Object termination hook. - - virtual TAO_Transport *transport (void); - // Return the transport objects - - virtual ACE_HANDLE fetch_handle (void); - // Return the underlying handle - -protected: - - int handle_cleanup (void); - // This method deregisters the handler from the reactor and closes it. - - TAO_SSLIOP_Client_Transport transport_; - // Reference to the transport object, it is owned by this class. - - TAO_IIOP_Properties *tcp_properties_; - // TCP configuration for this connection. - -private: - - virtual int handle_input_i (ACE_HANDLE = ACE_INVALID_HANDLE, - ACE_Time_Value *max_wait_time = 0); - // Will not be called at all. As a matter of fact should not be - // called. This is just to override the pure virtual function in the - // TAO_Connection_Handler class - -}; - -// **************************************************************** - -/** - * @class TAO_SSL_State_Guard - * - * @brief - * This Class that sets up TSS SSL states upon instantiation, and - * tears down the TSS SSL state when that instance goes out of scope. - * - * This guard is used to make TSS SSL state configuration and - * deconfiguration during an upcall exception safe. Exceptions are - * not supposed to be propagated up to the scope this guard is used - * in, so this guard may be unnecessary. However, since proper TSS - * SSL state configuration/deconfiguration is critical to proper - * security support, this guard is used to ensure that - * configuration/deconfiguration is exception safe. - */ -class TAO_SSLIOP_Export TAO_SSL_State_Guard -{ -public: - - /// Constructor that sets up the TSS SSL state. - TAO_SSL_State_Guard (TAO_SSLIOP_Connection_Handler *handler, - TAO_ORB_Core *orb_core, - int &result); - - /// Destructor that tears down the TSS SSL state. - ~TAO_SSL_State_Guard (void); - -private: - - /// Pointer to the connection handler currently handling the - /// request/upcall. - TAO_SSLIOP_Connection_Handler *handler_; -}; - - -#if defined (__ACE_INLINE__) -#include "SSLIOP_Connect.i" -#endif /* __ACE_INLINE__ */ - - -#include "ace/post.h" - -#endif /* TAO_SSLIOP_CONNECT_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connect.i b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connect.i deleted file mode 100644 index 49a19b1ec30..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connect.i +++ /dev/null @@ -1,38 +0,0 @@ -// -*- C++ -*- -// -// $Id$ - - -ACE_INLINE TAO_Transport * -TAO_SSLIOP_Server_Connection_Handler::transport (void) -{ - return &(this->transport_); -} - -// **************************************************************** - -ACE_INLINE TAO_Transport * -TAO_SSLIOP_Client_Connection_Handler::transport (void) -{ - return &(this->transport_); -} - -// **************************************************************** - -ACE_INLINE -TAO_SSL_State_Guard::TAO_SSL_State_Guard ( - TAO_SSLIOP_Connection_Handler *handler, - TAO_ORB_Core *orb_core, - int &result) - : handler_ (handler) -{ - // Set up the SSLIOP::Current object. - result = this->handler_->setup_ssl_state (orb_core); -} - -ACE_INLINE -TAO_SSL_State_Guard::~TAO_SSL_State_Guard (void) -{ - this->handler_->teardown_ssl_state (); -} - diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.cpp new file mode 100644 index 00000000000..656191cef0d --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.cpp @@ -0,0 +1,383 @@ +// $Id$ + +#include "SSLIOP_Connection_Handler.h" +#include "SSLIOP_Current.h" +#include "SSLIOP_Endpoint.h" + +#include "tao/Timeprobe.h" +#include "tao/debug.h" +#include "tao/Base_Connection_Property.h" +#include "tao/ORB_Core.h" +#include "tao/ORB.h" +#include "tao/CDR.h" +#include "tao/Messaging_Policy_i.h" +#include "tao/Server_Strategy_Factory.h" +#include "tao/IIOP_Endpoint.h" + + +#if !defined (__ACE_INLINE__) +# include "SSLIOP_Connection_Handler.i" +#endif /* ! __ACE_INLINE__ */ + +ACE_RCSID(TAO_SSLIOP, SSLIOP_Connect, "$Id$") + + + +// **************************************************************** + +TAO_SSLIOP_Connection_Handler::TAO_SSLIOP_Connection_Handler ( + ACE_Thread_Manager *t) + : TAO_SSL_SVC_HANDLER (t, 0 , 0), + TAO_Connection_Handler (0), + current_ (), + current_impl_ (), + transport_ (this, 0, 0), + refcount_ (1), + tcp_properties_ (0) +{ + // This constructor should *never* get called, it is just here to + // make the compiler happy: the default implementation of the + // Creation_Strategy requires a constructor with that signature, we + // don't use that implementation, but some (most?) compilers + // instantiate it anyway. + ACE_ASSERT (this->orb_core () != 0); +} + + +TAO_SSLIOP_Connection_Handler::TAO_SSLIOP_Connection_Handler ( + TAO_ORB_Core *orb_core, + CORBA::Boolean flag, + void *arg) + : TAO_SSL_SVC_HANDLER (orb_core->thr_mgr (), 0, 0), + TAO_Connection_Handler (orb_core), + current_ (), + current_impl_ (), + transport_ (this, orb_core, flag), + refcount_ (1), + tcp_properties_ (ACE_static_cast + (TAO_IIOP_Properties *, arg)) +{ +} + + +TAO_SSLIOP_Connection_Handler:: + ~TAO_SSLIOP_Connection_Handler (void) +{ + // If the socket has not already been closed. + if (this->get_handle () != ACE_INVALID_HANDLE) + { + // Cannot deal with errors, and therefore they are ignored. + this->transport_.send_buffered_messages (); + } + else + { + // Dequeue messages and delete message blocks. + this->transport_.dequeue_all (); + } +} + + + +int +TAO_SSLIOP_Connection_Handler::open (void*) +{ + if (this->set_socket_option (this->peer (), + tcp_properties_->send_buffer_size, + tcp_properties_->recv_buffer_size) + == -1) + return -1; + +#if !defined (ACE_LACKS_TCP_NODELAY) + + if (this->peer ().set_option (ACE_IPPROTO_TCP, + TCP_NODELAY, + (void *) + &this->tcp_properties_->no_delay, + sizeof (int)) == -1) + return -1; +#endif /* ! ACE_LACKS_TCP_NODELAY */ + + // Called by the when the handler is + // completely connected. + ACE_INET_Addr addr; + + if (this->peer ().get_remote_addr (addr) == -1) + return -1; + + char client[MAXHOSTNAMELEN + 16]; + if (addr.addr_to_string (client, sizeof (client)) == -1) + return -1; + + + + if (TAO_debug_level > 0) + { + ACE_DEBUG ((LM_DEBUG, + ACE_TEXT ("TAO (%P|%t) SSLIOP connection from ") + ACE_TEXT ("client <%s> on %d\n"), + client, + this->peer ().get_handle ())); + } + + return 0; +} + + +int +TAO_SSLIOP_Connection_Handler::activate (long flags, + int n_threads, + int force_active, + long priority, + int grp_id, + ACE_Task_Base *task, + ACE_hthread_t thread_handles[], + void *stack[], + size_t stack_size[], + ACE_thread_t thread_names[]) +{ + if (TAO_orbdebug) + ACE_DEBUG ((LM_DEBUG, + ACE_TEXT ("TAO (%P|%t) ") + ACE_TEXT ("SSLIOP_Connection_Handler::activate %d ") + ACE_TEXT ("threads, flags = %d\n"), + n_threads, + flags, + THR_BOUND)); + + return TAO_SSL_SVC_HANDLER::activate (flags, + n_threads, + force_active, + priority, + grp_id, + task, + thread_handles, + stack, + stack_size, + thread_names); +} + + +int +TAO_SSLIOP_Connection_Handler::svc (void) +{ + // This method is called when an instance is "activated", i.e., + // turned into an active object. Presumably, activation spawns a + // thread with this method as the "worker function". + + // Call the implementation here + return this->svc_i (); +} + + +int +TAO_SSLIOP_Connection_Handler::handle_close (ACE_HANDLE handle, + ACE_Reactor_Mask rm) +{ + if (TAO_orbdebug) + ACE_DEBUG ((LM_DEBUG, + "TAO (%P|%t) SSLIOP_Server_Connection_Handler::handle_close " + "(%d, %d)\n", + handle, + rm)); + + --this->refcount_; + if (this->refcount_ == 0 && + this->is_registered ()) + { + // Set the flag to indicate that it is no longer registered with + // the reactor, so that it isn't included in the set that is + // passed to the reactor on ORB destruction. + this->is_registered (0); + + // Decrement the reference count + this->decr_ref_count (); + } + + return 0; +} + + +ACE_HANDLE +TAO_SSLIOP_Connection_Handler::fetch_handle (void) +{ + return this->get_handle (); +} + + +int +TAO_SSLIOP_Connection_Handler::handle_timeout (const ACE_Time_Value &, + const void *) +{ + // This method is called when buffering timer expires. + // + ACE_Time_Value *max_wait_time = 0; + + TAO_Stub *stub = 0; + int has_timeout; + this->orb_core ()->call_timeout_hook (stub, + has_timeout, + *max_wait_time); + + // Cannot deal with errors, and therefore they are ignored. + this->transport ()->send_buffered_messages (max_wait_time); + + return 0; +} + +int +TAO_SSLIOP_Connection_Handler::close (u_long) +{ + this->destroy (); + + return 0; +} + + +int +TAO_SSLIOP_Connection_Handler::add_handler_to_cache (void) +{ + ACE_INET_Addr addr; + + // Get the peername. + if (this->peer ().get_remote_addr (addr) == -1) + return -1; + + // Construct an IIOP_Endpoint object + TAO_IIOP_Endpoint tmpoint (addr, + 0); + + TAO_SSLIOP_Endpoint endpoint (0, + &tmpoint); + + // Construct a property object + TAO_Base_Connection_Property prop (&endpoint); + + // Add the handler to Cache + return this->orb_core ()->connection_cache ().cache_handler (&prop, + this); +} + + +int +TAO_SSLIOP_Connection_Handler::handle_input (ACE_HANDLE h) +{ + return this->handle_input_i (h); +} + + + +int +TAO_SSLIOP_Connection_Handler::handle_input_i (ACE_HANDLE, + ACE_Time_Value *max_wait_time) +{ + int result; + + // Set up the SSLIOP::Current object. + TAO_SSL_State_Guard ssl_state_guard (this, this->orb_core (), + result); + + if (result == -1) + return -1; + + this->refcount_++; + + // Call the transport read the message + result = this->transport_.read_process_message (max_wait_time); + + // Now the message has been read + if (result == -1 && TAO_debug_level > 0) + { + ACE_DEBUG ((LM_DEBUG, + ACE_TEXT ("TAO (%P|%t) - %p\n"), + ACE_TEXT ("IIOP_Connection_Handler::read_message \n"))); + + } + + // The upcall is done. Bump down the reference count + --this->refcount_; + if (this->refcount_ == 0) + this->decr_ref_count (); + + if (result == 0 || result == -1) + { + return result; + } + + return 0; +} + + +int +TAO_SSLIOP_Connection_Handler::setup_ssl_state (TAO_ORB_Core *orb_core) +{ + // Make sure we have a valid reference to the SSLIOP::Current + // object. + if (CORBA::is_nil (this->current_.in ())) + { + ACE_DECLARE_NEW_CORBA_ENV; + ACE_TRY + { + CORBA::Object_var object = + orb_core->orb ()->resolve_initial_references ( + "SSLIOPCurrent", + ACE_TRY_ENV); + ACE_TRY_CHECK; + + this->current_ = SSLIOP::Current::_narrow (object.in (), + ACE_TRY_ENV); + ACE_TRY_CHECK; + + if (CORBA::is_nil (this->current_.in ())) + ACE_TRY_THROW (CORBA::INV_OBJREF ()); + } + ACE_CATCHANY + { + if (TAO_debug_level > 0) + ACE_PRINT_EXCEPTION (ACE_ANY_EXCEPTION, + "Could not resolve " + "\"SSLIOPCurrent\" object"); + + return -1; + } + ACE_ENDTRY; + ACE_CHECK_RETURN (-1); + } + + TAO_SSLIOP_Current *current = + ACE_dynamic_cast (TAO_SSLIOP_Current *, + this->current_.in ()); + + if (current == 0) // Sanity check + return -1; + + // Make the SSL session state available to the SSLIOP::Current + // TSS object. + this->current_impl_.ssl (this->peer ().ssl ()); + + current->setup (&this->current_impl_); + + return 0; +} + +void +TAO_SSLIOP_Connection_Handler::teardown_ssl_state (void) +{ + TAO_SSLIOP_Current *current = + ACE_dynamic_cast (TAO_SSLIOP_Current *, + this->current_.in ()); + + if (current != 0) + current->teardown (); +} + +// **************************************************************** + +#if defined (ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION) + +template class ACE_Svc_Handler; + +#elif defined (ACE_HAS_TEMPLATE_INSTANTIATION_PRAGMA) + +#pragma instantiate ACE_Svc_Handler + +#endif /* ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h new file mode 100644 index 00000000000..792641ccce0 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h @@ -0,0 +1,204 @@ +// -*- C++ -*- +// +// $Id$ + +// ============================================================================ +// +// = LIBRARY +// TAO_SSLIOP +// +// = FILENAME +// SSLIOP_Connect.h +// +// = AUTHOR +// Carlos O'Ryan +// Ossama Othman +// +// ============================================================================ + +#ifndef TAO_SSLIOP_CONNECT_H +#define TAO_SSLIOP_CONNECT_H + +#include "ace/pre.h" + +#include "ace/config-all.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +#pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "ace/Reactor.h" + +#include "tao/corbafwd.h" +#include "tao/Wait_Strategy.h" +#include "tao/Connection_Handler.h" +#include "tao/IIOP_Connection_Handler.h" + +#include "SSLIOP_Transport.h" +#include "SSLIOP_Current_Impl.h" +#include "orbsvcs/SSLIOPC.h" + + + +/** + * @class TAO_SSLIOP_Connection_Handler + * + * @brief Handles requests on a single connection. + * + * The Connection handler which is common for the Acceptor and + * the Connector + */ + + +class TAO_SSLIOP_Export TAO_SSLIOP_Connection_Handler : public TAO_SSL_SVC_HANDLER, + public TAO_Connection_Handler +{ + +public: + + TAO_SSLIOP_Connection_Handler (ACE_Thread_Manager* t = 0); + + /// Constructor. parameter is used by the Acceptor to pass the + /// protocol configuration properties for this connection. + TAO_SSLIOP_Connection_Handler (TAO_ORB_Core *orb_core, + CORBA::Boolean flag, + void *arg); + + + /// Destructor. + ~TAO_SSLIOP_Connection_Handler (void); + + /// Called by the when the handler is completely + /// connected. Argument is unused. + virtual int open (void *); + + + /// = Active object activation method. + virtual int activate (long flags = THR_NEW_LWP, + int n_threads = 1, + int force_active = 0, + long priority = ACE_DEFAULT_THREAD_PRIORITY, + int grp_id = -1, + ACE_Task_Base *task = 0, + ACE_hthread_t thread_handles[] = 0, + void *stack[] = 0, + size_t stack_size[] = 0, + ACE_thread_t thread_names[] = 0); + + /// Only used when the handler is turned into an active object by + /// calling . This serves as the event loop in such cases. + virtual int svc (void); + + /// Perform appropriate closing. + virtual int handle_close (ACE_HANDLE = ACE_INVALID_HANDLE, + ACE_Reactor_Mask = ACE_Event_Handler::NULL_MASK); + + /// Return the underlying transport object + TAO_Transport *transport (void); + + /// Return the underlying handle + virtual ACE_HANDLE fetch_handle (void); + + /// Called when buffering timer expires. + virtual int handle_timeout (const ACE_Time_Value &tv, + const void *arg = 0); + + /// Object termination hook. + virtual int close (u_long flags = 0); + + /// Add ourselves to Cache. + int add_handler_to_cache (void); + + /// Make the SSL session state available to the SSLIOP::Current + /// object. + int setup_ssl_state (TAO_ORB_Core *orb_core); + + /// Teardown the SSL session state. + void teardown_ssl_state (void); + +protected: + + /// = Event Handler overloads + + /// Reads a message from the , dispatching and servicing it + /// appropriately. + /// handle_input() just delegates on handle_input_i() which timeouts + /// after , this is used in thread-per-connection to + /// ensure that server threads eventually exit. + + virtual int handle_input (ACE_HANDLE = ACE_INVALID_HANDLE); + virtual int handle_input_i (ACE_HANDLE = ACE_INVALID_HANDLE, + ACE_Time_Value *max_wait_time = 0); + + + +protected: + + /// Reference to the SSLIOP::Current object. + SSLIOP::Current_var current_; + + /// The portion of the SSLIOP::Current object that is placed in + /// TSS. + TAO_SSLIOP_Current_Impl current_impl_; + +private: + + /// Transport object reference. + TAO_SSLIOP_Transport transport_; + + /// Reference count.It is used to count nested upcalls on this + /// svc_handler i.e., the connection can close during nested upcalls, + /// you should not delete the svc_handler until the stack unwinds + /// from the nested upcalls. + u_long refcount_; + + /// TCP configuration for this connection. + TAO_IIOP_Properties *tcp_properties_; +}; + + +// **************************************************************** + +/** + * @class TAO_SSL_State_Guard + * + * @brief + * This Class that sets up TSS SSL states upon instantiation, and + * tears down the TSS SSL state when that instance goes out of scope. + * + * This guard is used to make TSS SSL state configuration and + * deconfiguration during an upcall exception safe. Exceptions are + * not supposed to be propagated up to the scope this guard is used + * in, so this guard may be unnecessary. However, since proper TSS + * SSL state configuration/deconfiguration is critical to proper + * security support, this guard is used to ensure that + * configuration/deconfiguration is exception safe. + */ +class TAO_SSLIOP_Export TAO_SSL_State_Guard +{ +public: + + /// Constructor that sets up the TSS SSL state. + TAO_SSL_State_Guard (TAO_SSLIOP_Connection_Handler *handler, + TAO_ORB_Core *orb_core, + int &result); + + /// Destructor that tears down the TSS SSL state. + ~TAO_SSL_State_Guard (void); + +private: + + /// Pointer to the connection handler currently handling the + /// request/upcall. + TAO_SSLIOP_Connection_Handler *handler_; +}; + + +#if defined (__ACE_INLINE__) +#include "SSLIOP_Connection_Handler.i" +#endif /* __ACE_INLINE__ */ + + +#include "ace/post.h" + +#endif /* TAO_SSLIOP_CONNECT_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.i b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.i new file mode 100644 index 00000000000..4a942f01923 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.i @@ -0,0 +1,28 @@ +// -*- C++ -*- +// +// $Id$ + + +ACE_INLINE TAO_Transport * +TAO_SSLIOP_Connection_Handler::transport (void) +{ + return &(this->transport_); +} + + +ACE_INLINE +TAO_SSL_State_Guard::TAO_SSL_State_Guard ( + TAO_SSLIOP_Connection_Handler *handler, + TAO_ORB_Core *orb_core, + int &result) + : handler_ (handler) +{ + // Set up the SSLIOP::Current object. + result = this->handler_->setup_ssl_state (orb_core); +} + +ACE_INLINE +TAO_SSL_State_Guard::~TAO_SSL_State_Guard (void) +{ + this->handler_->teardown_ssl_state (); +} -- cgit v1.2.1