version 1.6, 2006/01/30 16:17:08
|
version 1.15, 2007/03/27 17:21:22
|
|
|
// | // |
//============================================================================== | //============================================================================== |
// | // |
// Author: Marek Szermutzky (MSzermutzky@de.ibm.com) |
|
// |
|
// Modified By: |
|
// |
|
//%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
|
|
#ifndef SocketzOS_inline_h | #ifndef SocketzOS_inline_h |
#define SocketzOS_inline_h | #define SocketzOS_inline_h |
| |
// this inline method is needed as zOS does not support an ASCII enabled version |
#include <Pegasus/Common/Logger.h> |
// of inet_addr() at the current time (16th Sep. 2003) |
#include <sys/ioctl.h> |
inline in_addr_t inet_addr_ebcdic(const char * ip_inptr) |
#include <net/rtrouteh.h> |
{ |
#include <net/if.h> |
in_addr_t return_addr; |
#include "//'SYS1.SEZANMAC(EZBZTLSC)'" |
char* ip_ptr2 = strdup(ip_inptr); |
|
__atoe(ip_ptr2); |
|
return_addr = inet_addr(ip_ptr2); |
PEGASUS_NAMESPACE_BEGIN |
free(ip_ptr2); |
|
return return_addr; |
|
|
MP_Socket::MP_Socket(SocketHandle socket) |
|
: _socket(socket), _isSecure(false), |
|
_userAuthenticated(false), |
|
_socketWriteTimeout(PEGASUS_DEFAULT_SOCKETWRITE_TIMEOUT_SECONDS) |
|
{ |
|
_username[0]=0; |
|
} |
|
|
|
MP_Socket::MP_Socket( |
|
SocketHandle socket, |
|
SSLContext * sslcontext, |
|
ReadWriteSem * sslContextObjectLock) |
|
: _socket(socket), |
|
_userAuthenticated(false), |
|
_socketWriteTimeout(PEGASUS_DEFAULT_SOCKETWRITE_TIMEOUT_SECONDS) |
|
{ |
|
PEG_METHOD_ENTER(TRC_SSL, "MP_Socket::MP_Socket()"); |
|
_username[0]=0; |
|
if (sslcontext != NULL) |
|
{ |
|
_isSecure = true; |
} | } |
|
else |
|
{ |
|
_isSecure = false; |
|
} |
|
PEG_METHOD_EXIT(); |
|
} |
|
|
|
int MP_Socket::ATTLS_zOS_query() |
|
{ |
|
struct TTLS_IOCTL ioc; // ioctl data structure |
|
int rcIoctl; |
|
int errnoIoctl; |
|
int errno2Ioctl; |
|
|
|
PEG_METHOD_ENTER(TRC_SSL, "ATTLS_zOS_query()"); |
|
|
|
memset(&ioc,0,sizeof(ioc)); // clean the structure |
|
ioc.TTLSi_Ver = TTLS_VERSION1; // set used version of structure |
|
ioc.TTLSi_Req_Type = TTLS_QUERY_ONLY; // initialize for query only |
|
ioc.TTLSi_BufferPtr = NULL; // no buffer for the certificate |
|
ioc.TTLSi_BufferLen = 0; // will not use it |
|
|
|
rcIoctl = ioctl(_socket,SIOCTTLSCTL,(char *)&ioc); |
|
errnoIoctl = errno; |
|
errno2Ioctl =__errno2(); |
|
|
|
if (rcIoctl < 0) |
|
{ |
|
switch(errnoIoctl) |
|
{ |
|
case(EINPROGRESS): |
|
case(EWOULDBLOCK): |
|
{ |
|
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
|
"---> Accept pending (EWB)."); |
|
return 0; // accept pending |
|
} |
|
case(ECONNRESET): |
|
{ |
|
Logger::put_l( |
|
Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION, |
|
"Pegasus.Common.SocketzOS_inline.CONNECTION_RESET_ERROR", |
|
"ATTLS reset the connection due to handshake failure. " |
|
"Connection closed."); |
|
PEG_METHOD_EXIT(); |
|
return -1; |
|
} |
|
default: |
|
{ |
|
char str_errno2[10]; |
|
sprintf(str_errno2,"%08X",errno2Ioctl); |
|
Logger::put_l( |
|
Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
|
"Pegasus.Common.SocketzOS_inline.UNEXPECTED_ERROR", |
|
"An unexpected error occurs: $0 ( errno $1, reason code " |
|
"0x$2 ). Connection closed.", |
|
strerror(errnoIoctl), |
|
errnoIoctl, |
|
str_errno2); |
|
PEG_METHOD_EXIT(); |
|
return -1; |
|
} |
|
} // end switch(errnoIoctl) |
|
} // -1 ioctl() |
|
|
|
// this should be a secured connection so |
|
// check the configuration of ATTLS policy. |
|
switch(ioc.TTLSi_Stat_Policy) |
|
{ |
|
case(TTLS_POL_OFF): |
|
case(TTLS_POL_NO_POLICY): |
|
case(TTLS_POL_NOT_ENABLED): |
|
{ |
|
Logger::put_l( |
|
Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
|
"Pegasus.Common.SocketzOS_inline.POLICY_NOT_ENABLED", |
|
"ATTLS policy is not aktive for the CIM Server HTTPS port. " |
|
"Communication not secured. Connection closed."); |
|
PEG_METHOD_EXIT(); |
|
return -1; |
|
} |
|
case(TTLS_POL_ENABLED): |
|
{ |
|
// a policy exists so it is ensured that a secured connection will |
|
// be established |
|
break; |
|
} |
|
case(TTLS_POL_APPLCNTRL): |
|
{ |
|
Logger::put_l( |
|
Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
|
"Pegasus.Common.SocketzOS_inline.APPLCNTRL", |
|
"ATTLS policy not valid for CIM Server. " |
|
"Set ApplicationControlled to OFF. Connection closed."); |
|
PEG_METHOD_EXIT(); |
|
return -1; |
|
} |
|
|
|
} // end switch(ioc.TTLSi_Stat_Policy) |
|
|
|
// check status of connection, configuration is ok for the CIM Server |
|
switch(ioc.TTLSi_Stat_Conn) |
|
{ |
|
case(TTLS_CONN_NOTSECURE): |
|
case(TTLS_CONN_HS_INPROGRESS): |
|
{ |
|
// the SSL handshake has not been finished yet, try late again. |
|
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> Accept pending."); |
|
return 0; |
|
} |
|
case(TTLS_CONN_SECURE): |
|
{ |
|
break; // the connection is secure |
|
} |
|
|
|
|
|
} // end switch(ioc.TTLSi_Stat_Conn) |
|
|
|
// |
|
switch(ioc.TTLSi_Sec_Type) |
|
{ |
|
case(TTLS_SEC_UNKNOWN): |
|
case(TTLS_SEC_CLIENT): |
|
{ |
|
Logger::put_l( |
|
Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
|
"Pegasus.Common.SocketzOS_inline.WRONG_ROLE", |
|
"ATTLS policy specifies the wrong HandshakeRole for the " |
|
"CIM Server HTTPS port. Communication not secured. " |
|
"Connection closed."); |
|
PEG_METHOD_EXIT(); |
|
return -1; |
|
|
|
} |
|
|
|
case(TTLS_SEC_SERVER): |
|
case(TTLS_SEC_SRV_CA_PASS): |
|
case(TTLS_SEC_SRV_CA_FULL): |
|
case(TTLS_SEC_SRV_CA_REQD): |
|
{ |
|
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
|
"---> ATTLS Security Type is valid but no SAFCHK."); |
|
PEG_METHOD_EXIT(); |
|
return 1; |
|
} |
|
|
|
case(TTLS_SEC_SRV_CA_SAFCHK): |
|
{ |
|
_userAuthenticated=true; |
|
memcpy(_username,ioc.TTLSi_UserID,ioc.TTLSi_UserID_Len); |
|
_username[ioc.TTLSi_UserID_Len]=0; // null terminated string |
|
__etoa(_username); // the user name is in EBCDIC ! |
|
PEG_TRACE((TRC_SSL, Tracer::LEVEL2, |
|
"---> ATTLS Security Type is SAFCHK. Resolved user ID \'%s\'", |
|
_username)); |
|
PEG_METHOD_EXIT(); |
|
return 1; |
|
|
|
} |
|
} // end switch(ioc.TTLSi_Sec_Type) |
|
// This should never be reached |
|
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
|
"---> Never reach this! New/wrong return value of ioctl()."); |
|
PEG_METHOD_EXIT(); |
|
return -1; |
|
} // end ATTLS_zOS_Query |
|
|
|
|
|
PEGASUS_NAMESPACE_END |
#endif | #endif |
| |