|
version 1.11, 2006/11/10 18:14:58
|
version 1.11.4.7, 2008/04/02 08:38:21
|
|
|
|
| #define SocketzOS_inline_h | #define SocketzOS_inline_h |
| | |
| #include <Pegasus/Common/Logger.h> | #include <Pegasus/Common/Logger.h> |
| |
#ifdef PEGASUS_ZOS_SECURITY |
| |
// This include file will not be provided in the OpenGroup CVS for now. |
| |
// Do NOT try to include it in your compile |
| |
#include <Pegasus/Common/safCheckzOS_inline.h> |
| |
#endif |
| #include <sys/ioctl.h> | #include <sys/ioctl.h> |
| #include <net/rtrouteh.h> | #include <net/rtrouteh.h> |
| #include <net/if.h> | #include <net/if.h> |
|
|
|
| case(EINPROGRESS): | case(EINPROGRESS): |
| case(EWOULDBLOCK): | case(EWOULDBLOCK): |
| { | { |
| PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, |
PEG_TRACE((TRC_SSL, Tracer::LEVEL4, |
| "---> Accept pending (EWB)."); |
"Accept pending: %s (error code %d, reason code 0x%08X).", |
| |
strerror(errnoIoctl), |
| |
errnoIoctl, |
| |
errno2Ioctl)); |
| |
PEG_METHOD_EXIT(); |
| return 0; // accept pending | return 0; // accept pending |
| } | } |
| case(ECONNRESET): | case(ECONNRESET): |
| { | { |
| Logger::put_l( | Logger::put_l( |
| Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION, |
| "Pegasus.Common.SocketzOS_inline.CONNECTION_RESET_ERROR", | "Pegasus.Common.SocketzOS_inline.CONNECTION_RESET_ERROR", |
| "ATTLS reset the connection due to handshake failure. " | "ATTLS reset the connection due to handshake failure. " |
| "Connection closed."); | "Connection closed."); |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
// close socket |
| |
return -1; |
| |
} |
| |
case(ENOTCONN): |
| |
{ |
| |
int socket_errno; |
| |
SocketLength optlen = sizeof(int); |
| |
getsockopt(_socket, SOL_SOCKET, SO_ERROR, |
| |
(char*)&socket_errno, &optlen); |
| |
PEG_TRACE((TRC_DISCARDED_DATA, Tracer::LEVEL2, |
| |
"Client not connected to ATTLS. Closing socket %d : " |
| |
"%s (error code %d)", |
| |
_socket,strerror(socket_errno),socket_errno)); |
| |
PEG_METHOD_EXIT(); |
| |
// close socket |
| return -1; | return -1; |
| } | } |
| default: | default: |
|
|
|
| errnoIoctl, | errnoIoctl, |
| str_errno2); | str_errno2); |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
// close socket |
| return -1; | return -1; |
| } | } |
| } // end switch(errnoIoctl) | } // end switch(errnoIoctl) |
|
|
|
| switch(ioc.TTLSi_Stat_Policy) | switch(ioc.TTLSi_Stat_Policy) |
| { | { |
| case(TTLS_POL_OFF): | case(TTLS_POL_OFF): |
| |
{ |
| |
Logger::put_l( |
| |
Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
| |
"Pegasus.Common.SocketzOS_inline.POLICY_OFF", |
| |
"ATTLS is not active for TCP-IP stack the CIM server " |
| |
"is using for HTTPS connections. " |
| |
"Communication not secured. Connection closed."); |
| |
PEG_METHOD_EXIT(); |
| |
// close socket |
| |
return -1; |
| |
} |
| case(TTLS_POL_NO_POLICY): | case(TTLS_POL_NO_POLICY): |
| |
{ |
| |
Logger::put_l( |
| |
Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
| |
"Pegasus.Common.SocketzOS_inline.NO_POLICY", |
| |
"There is no ATTLS policy found for the CIM server " |
| |
"HTTPS connections. " |
| |
"Communication not secured. Connection closed."); |
| |
PEG_METHOD_EXIT(); |
| |
// close socket |
| |
return -1; |
| |
} |
| case(TTLS_POL_NOT_ENABLED): | case(TTLS_POL_NOT_ENABLED): |
| { | { |
| Logger::put_l( | Logger::put_l( |
| Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, | Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
| "Pegasus.Common.SocketzOS_inline.POLICY_NOT_ENABLED", | "Pegasus.Common.SocketzOS_inline.POLICY_NOT_ENABLED", |
| "ATTLS policy is not aktive for the CIM Server HTTPS port. " |
"ATTLS policy is not active for the CIM Server HTTPS port. " |
| "Communication not secured. Connection closed."); | "Communication not secured. Connection closed."); |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
// close socket |
| return -1; | return -1; |
| } | } |
| case(TTLS_POL_ENABLED): | case(TTLS_POL_ENABLED): |
|
|
|
| "ATTLS policy not valid for CIM Server. " | "ATTLS policy not valid for CIM Server. " |
| "Set ApplicationControlled to OFF. Connection closed."); | "Set ApplicationControlled to OFF. Connection closed."); |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
// close socket |
| return -1; | return -1; |
| } | } |
| | |
|
|
|
| case(TTLS_CONN_HS_INPROGRESS): | case(TTLS_CONN_HS_INPROGRESS): |
| { | { |
| // the SSL handshake has not been finished yet, try late again. | // the SSL handshake has not been finished yet, try late again. |
| PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, "---> Accept pending."); |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
| |
"ATTLS reports SSL handshake pending."); |
| |
// accept pending |
| return 0; | return 0; |
| } | } |
| case(TTLS_CONN_SECURE): | case(TTLS_CONN_SECURE): |
|
|
|
| "CIM Server HTTPS port. Communication not secured. " | "CIM Server HTTPS port. Communication not secured. " |
| "Connection closed."); | "Connection closed."); |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
// close connection |
| return -1; | return -1; |
| | |
| } | } |
|
|
|
| case(TTLS_SEC_SRV_CA_FULL): | case(TTLS_SEC_SRV_CA_FULL): |
| case(TTLS_SEC_SRV_CA_REQD): | case(TTLS_SEC_SRV_CA_REQD): |
| { | { |
| PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
| "---> ATTLS Securtiy Type is valid but no SAFCHK."); |
"---> ATTLS Security Type is valid but no SAFCHK."); |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
// successfull return |
| return 1; | return 1; |
| } | } |
| | |
|
|
|
| _username[ioc.TTLSi_UserID_Len]=0; // null terminated string | _username[ioc.TTLSi_UserID_Len]=0; // null terminated string |
| __etoa(_username); // the user name is in EBCDIC ! | __etoa(_username); // the user name is in EBCDIC ! |
| PEG_TRACE((TRC_SSL, Tracer::LEVEL2, | PEG_TRACE((TRC_SSL, Tracer::LEVEL2, |
| "---> ATTLS Securtiy Type is SAFCHK. Resolved user ID \'%s\'", |
"---> ATTLS Security Type is SAFCHK. Resolved user ID \'%s\'", |
| _username)); | _username)); |
| |
|
| |
// Check if the user is authorized to CIMSERV |
| |
#ifdef PEGASUS_ZOS_SECURITY |
| |
if ( !CheckProfileCIMSERVclassWBEM(_username, __READ_RESOURCE) ) |
| |
{ |
| |
Logger::put_l(Logger::STANDARD_LOG, ZOS_SECURITY_NAME, |
| |
Logger::WARNING, |
| |
"Pegasus.Common.SocketzOS_inline.NOREAD_CIMSERV_ACCESS", |
| |
"Request UserID $0 doesn't have READ permission" |
| |
" to profile CIMSERV CL(WBEM).", |
| |
_username); |
| |
return -1; |
| |
} |
| |
#endif |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
// successfull return |
| return 1; | return 1; |
| | |
| } | } |
| } // end switch(ioc.TTLSi_Sec_Type) | } // end switch(ioc.TTLSi_Sec_Type) |
| // This should never be reached | // This should never be reached |
| PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
| "---> Never reach this! New/wrong return value of ioctl()."); | "---> Never reach this! New/wrong return value of ioctl()."); |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return -1; | return -1; |
Return to
SocketzOS_inline.h
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Common