(file) Return to SocketzOS_inline.h CVS log (file) (dir) Up to [Pegasus] / pegasus / src / Pegasus / Common

Diff for /pegasus/src/Pegasus/Common/SocketzOS_inline.h between version 1.5 and 1.14

version 1.5, 2005/02/05 22:59:24 version 1.14, 2007/03/16 17:16:50
Line 1 
Line 1 
 //%2005////////////////////////////////////////////////////////////////////////  //%2006////////////////////////////////////////////////////////////////////////
 // //
 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
Line 8 
Line 8 
 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
 // EMC Corporation; VERITAS Software Corporation; The Open Group. // EMC Corporation; VERITAS Software Corporation; The Open Group.
   // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
   // EMC Corporation; Symantec Corporation; The Open Group.
 // //
 // Permission is hereby granted, free of charge, to any person obtaining a copy // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to // of this software and associated documentation files (the "Software"), to
Line 27 
Line 29 
 // //
 //============================================================================== //==============================================================================
 // //
 // Author: Marek Szermutzky (MSzermutzky@de.ibm.com)  
 //  
 // Modified By:  
 //  
 //%///////////////////////////////////////////////////////////////////////////// //%/////////////////////////////////////////////////////////////////////////////
   
 #ifndef SocketzOS_inline_h #ifndef SocketzOS_inline_h
 #define SocketzOS_inline_h #define SocketzOS_inline_h
  
 // this inline method is needed as zOS does not support an ASCII enabled version  #include <Pegasus/Common/Logger.h>
 // of inet_addr() at the current time (16th Sep. 2003)  #include <sys/ioctl.h>
 inline in_addr_t inet_addr_ebcdic(const char * ip_inptr)  #include <net/rtrouteh.h>
 {  #include <net/if.h>
     in_addr_t return_addr;  #include "//'SYS1.SEZANMAC(EZBZTLSC)'"
         char* ip_ptr2 = strdup(ip_inptr);  
     __atoe(ip_ptr2);  
     return_addr = inet_addr(ip_ptr2);  PEGASUS_NAMESPACE_BEGIN
     free(ip_ptr2);  
     return return_addr;  
   MP_Socket::MP_Socket(SocketHandle socket)
       : _socket(socket), _isSecure(false),
         _userAuthenticated(false),
         _socketWriteTimeout(PEGASUS_DEFAULT_SOCKETWRITE_TIMEOUT_SECONDS)
   {
       _username[0]=0;
   }
   
   MP_Socket::MP_Socket(
       SocketHandle socket,
       SSLContext * sslcontext,
       ReadWriteSem * sslContextObjectLock)
       : _socket(socket),
         _userAuthenticated(false),
         _socketWriteTimeout(PEGASUS_DEFAULT_SOCKETWRITE_TIMEOUT_SECONDS)
   {
       PEG_METHOD_ENTER(TRC_SSL, "MP_Socket::MP_Socket()");
       _username[0]=0;
       if (sslcontext != NULL)
       {
           _isSecure = true;
 } }
       else
       {
           _isSecure = false;
       }
       PEG_METHOD_EXIT();
   }
   
   int MP_Socket::ATTLS_zOS_query()
   {
      struct TTLS_IOCTL ioc;                     // ioctl data structure
      int rcIoctl;
      int errnoIoctl;
      int errno2Ioctl;
   
      PEG_METHOD_ENTER(TRC_SSL, "ATTLS_zOS_query()");
   
      memset(&ioc,0,sizeof(ioc));                // clean the structure
      ioc.TTLSi_Ver = TTLS_VERSION1;             // set used version of structure
      ioc.TTLSi_Req_Type = TTLS_QUERY_ONLY;      // initialize for query only
      ioc.TTLSi_BufferPtr = NULL;                // no buffer for the certificate
      ioc.TTLSi_BufferLen = 0;                   // will not use it
   
      rcIoctl = ioctl(_socket,SIOCTTLSCTL,(char *)&ioc);
      errnoIoctl = errno;
      errno2Ioctl =__errno2();
   
      if (rcIoctl < 0)
      {
         switch(errnoIoctl)
         {
             case(EINPROGRESS):
             case(EWOULDBLOCK):
             {
                 PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
                     "---> Accept pending (EWB).");
                 return 0; // accept pending
             }
             case(ECONNRESET):
             {
                 Logger::put_l(
                     Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION,
                     "Pegasus.Common.SocketzOS_inline.CONNECTION_RESET_ERROR",
                     "ATTLS reset the connection due to handshake failure. "
                         "Connection closed.");
                 PEG_METHOD_EXIT();
                 return -1;
             }
             default:
             {
                 char str_errno2[10];
                 sprintf(str_errno2,"%08X",errno2Ioctl);
                 Logger::put_l(
                     Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
                     "Pegasus.Common.SocketzOS_inline.UNEXPECTED_ERROR",
                     "An unexpected error occurs: $0 ( errno $1, reason code "
                         "0x$2 ). Connection closed.",
                     strerror(errnoIoctl),
                     errnoIoctl,
                     str_errno2);
                 PEG_METHOD_EXIT();
                 return -1;
             }
         } // end switch(errnoIoctl)
      } // -1 ioctl()
   
      // this should be a secured connection so
      // check the configuration of ATTLS policy.
      switch(ioc.TTLSi_Stat_Policy)
      {
          case(TTLS_POL_OFF):
          case(TTLS_POL_NO_POLICY):
          case(TTLS_POL_NOT_ENABLED):
          {
              Logger::put_l(
                  Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
                  "Pegasus.Common.SocketzOS_inline.POLICY_NOT_ENABLED",
                  "ATTLS policy is not aktive for the CIM Server HTTPS port. "
                      "Communication not secured. Connection closed.");
              PEG_METHOD_EXIT();
              return -1;
          }
          case(TTLS_POL_ENABLED):
          {
              // a policy exists so it is ensured that a secured connection will
              // be established
              break;
          }
          case(TTLS_POL_APPLCNTRL):
          {
              Logger::put_l(
                  Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
                  "Pegasus.Common.SocketzOS_inline.APPLCNTRL",
                  "ATTLS policy not valid for CIM Server. "
                      "Set ApplicationControlled to OFF. Connection closed.");
              PEG_METHOD_EXIT();
              return -1;
          }
   
      } // end switch(ioc.TTLSi_Stat_Policy)
   
      // check status of connection, configuration is ok for the CIM Server
      switch(ioc.TTLSi_Stat_Conn)
      {
          case(TTLS_CONN_NOTSECURE):
          case(TTLS_CONN_HS_INPROGRESS):
          {
              // the SSL handshake has not been finished yet, try late again.
              PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> Accept pending.");
              return 0;
          }
          case(TTLS_CONN_SECURE):
          {
              break; // the connection is secure
          }
   
   
      } // end switch(ioc.TTLSi_Stat_Conn)
   
      //
      switch(ioc.TTLSi_Sec_Type)
      {
          case(TTLS_SEC_UNKNOWN):
          case(TTLS_SEC_CLIENT):
          {
              Logger::put_l(
                  Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
                  "Pegasus.Common.SocketzOS_inline.WRONG_ROLE",
                  "ATTLS policy specifies the wrong HandshakeRole for the "
                      "CIM Server HTTPS port. Communication not secured. "
                      "Connection closed.");
              PEG_METHOD_EXIT();
              return -1;
   
          }
   
          case(TTLS_SEC_SERVER):
          case(TTLS_SEC_SRV_CA_PASS):
          case(TTLS_SEC_SRV_CA_FULL):
          case(TTLS_SEC_SRV_CA_REQD):
          {
              PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
                  "---> ATTLS Securtiy Type is valid but no SAFCHK.");
              PEG_METHOD_EXIT();
              return 1;
          }
   
          case(TTLS_SEC_SRV_CA_SAFCHK):
          {
              _userAuthenticated=true;
              memcpy(_username,ioc.TTLSi_UserID,ioc.TTLSi_UserID_Len);
              _username[ioc.TTLSi_UserID_Len]=0;   // null terminated string
              __etoa(_username);                   // the user name is in EBCDIC !
              PEG_TRACE((TRC_SSL, Tracer::LEVEL2,
                  "---> ATTLS Securtiy Type is SAFCHK. Resolved user ID \'%s\'",
                  _username));
              PEG_METHOD_EXIT();
              return 1;
   
          }
      } // end switch(ioc.TTLSi_Sec_Type)
      // This should never be reached
      PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
          "---> Never reach this! New/wrong return value of ioctl().");
      PEG_METHOD_EXIT();
      return -1;
   } // end ATTLS_zOS_Query
   
   
   PEGASUS_NAMESPACE_END
 #endif #endif
  

Legend:
Removed from v.1.5  
changed lines
  Added in v.1.14
No CVS admin address has been configured
 Powered by
ViewCVS 0.9.2