version 1.18.4.2, 2008/02/22 18:14:27
|
version 1.24, 2008/08/14 17:30:39
|
|
|
{ | { |
case(EINPROGRESS): | case(EINPROGRESS): |
case(EWOULDBLOCK): | case(EWOULDBLOCK): |
// Due to a race condition the native accept is not finished. |
|
// ioctl() retuns with ENotConn. |
|
case(ENOTCONN): |
|
{ | { |
PEG_TRACE((TRC_SSL, Tracer::LEVEL4, | PEG_TRACE((TRC_SSL, Tracer::LEVEL4, |
"Accept pending: %s ( errno $d, reason code 0x%08X ). ", |
"Accept pending: %s (error code %d, reason code 0x%08X).", |
strerror(errnoIoctl), | strerror(errnoIoctl), |
errnoIoctl, | errnoIoctl, |
errno2Ioctl)); | errno2Ioctl)); |
|
PEG_METHOD_EXIT(); |
// accept pending | // accept pending |
return 0; | return 0; |
} | } |
|
|
Logger::put_l( | Logger::put_l( |
Logger::STANDARD_LOG, System::CIMSERVER, | Logger::STANDARD_LOG, System::CIMSERVER, |
Logger::INFORMATION, | Logger::INFORMATION, |
|
MessageLoaderParms( |
"Pegasus.Common.SocketzOS_inline.CONNECTION_RESET_ERROR", | "Pegasus.Common.SocketzOS_inline.CONNECTION_RESET_ERROR", |
"ATTLS reset the connection due to handshake failure. " |
"ATTLS reset the connection due to handshake " |
"Connection closed."); |
"failure. Connection closed.")); |
|
PEG_METHOD_EXIT(); |
|
// close socket |
|
return -1; |
|
} |
|
case(ENOTCONN): |
|
{ |
|
int socket_errno; |
|
SocketLength optlen = sizeof(int); |
|
getsockopt(_socket, SOL_SOCKET, SO_ERROR, |
|
(char*)&socket_errno, &optlen); |
|
PEG_TRACE((TRC_DISCARDED_DATA, Tracer::LEVEL1, |
|
"Client not connected to ATTLS. Closing socket %d : " |
|
"%s (error code %d)", |
|
_socket,strerror(socket_errno),socket_errno)); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
// close socket |
return -1; | return -1; |
} | } |
default: | default: |
|
|
sprintf(str_errno2,"%08X",errno2Ioctl); | sprintf(str_errno2,"%08X",errno2Ioctl); |
Logger::put_l( | Logger::put_l( |
Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, | Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
|
MessageLoaderParms( |
"Pegasus.Common.SocketzOS_inline.UNEXPECTED_ERROR", | "Pegasus.Common.SocketzOS_inline.UNEXPECTED_ERROR", |
"An unexpected error occurs: $0 ( errno $1, reason " |
"An unexpected error occurs: $0 ( errno $1, reason code " |
"code 0x$2 ). Connection closed.", |
"0x$2 ). Connection closed.", |
strerror(errnoIoctl), | strerror(errnoIoctl), |
errnoIoctl, | errnoIoctl, |
str_errno2); |
str_errno2)); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
// close socket |
return -1; | return -1; |
} | } |
} // end switch(errnoIoctl) | } // end switch(errnoIoctl) |
|
|
switch(ioc.TTLSi_Stat_Policy) | switch(ioc.TTLSi_Stat_Policy) |
{ | { |
case(TTLS_POL_OFF): | case(TTLS_POL_OFF): |
|
{ |
|
Logger::put_l( |
|
Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
|
MessageLoaderParms( |
|
"Pegasus.Common.SocketzOS_inline.POLICY_OFF", |
|
"ATTLS is not active for TCP-IP stack the CIM server " |
|
"is using for HTTPS connections. " |
|
"Communication not secured. Connection closed.")); |
|
PEG_METHOD_EXIT(); |
|
// close socket |
|
return -1; |
|
} |
case(TTLS_POL_NO_POLICY): | case(TTLS_POL_NO_POLICY): |
|
{ |
|
Logger::put_l( |
|
Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
|
MessageLoaderParms( |
|
"Pegasus.Common.SocketzOS_inline.NO_POLICY", |
|
"There is no ATTLS policy found for the CIM server " |
|
"HTTPS connections. " |
|
"Communication not secured. Connection closed.")); |
|
PEG_METHOD_EXIT(); |
|
// close socket |
|
return -1; |
|
} |
case(TTLS_POL_NOT_ENABLED): | case(TTLS_POL_NOT_ENABLED): |
{ | { |
Logger::put_l( | Logger::put_l( |
Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, | Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
|
MessageLoaderParms( |
"Pegasus.Common.SocketzOS_inline.POLICY_NOT_ENABLED", | "Pegasus.Common.SocketzOS_inline.POLICY_NOT_ENABLED", |
"ATTLS policy is not active for the CIM Server HTTPS port. " | "ATTLS policy is not active for the CIM Server HTTPS port. " |
"Communication not secured. Connection closed."); |
"Communication not secured. Connection closed.")); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
// close socket |
return -1; | return -1; |
} | } |
case(TTLS_POL_ENABLED): | case(TTLS_POL_ENABLED): |
|
|
{ | { |
Logger::put_l( | Logger::put_l( |
Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, | Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
|
MessageLoaderParms( |
"Pegasus.Common.SocketzOS_inline.APPLCNTRL", | "Pegasus.Common.SocketzOS_inline.APPLCNTRL", |
"ATTLS policy not valid for CIM Server. " |
"ATTLS policy not valid for CIM Server. Set " |
"Set ApplicationControlled to OFF. Connection closed."); |
"ApplicationControlled to OFF. Connection closed.")); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
// close socket |
return -1; | return -1; |
} | } |
| |
|
|
case(TTLS_CONN_HS_INPROGRESS): | case(TTLS_CONN_HS_INPROGRESS): |
{ | { |
// the SSL handshake has not been finished yet, try late again. | // the SSL handshake has not been finished yet, try late again. |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> Accept pending."); |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
|
"ATTLS reports SSL handshake pending."); |
|
// accept pending |
return 0; | return 0; |
} | } |
case(TTLS_CONN_SECURE): | case(TTLS_CONN_SECURE): |
|
|
{ | { |
Logger::put_l( | Logger::put_l( |
Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, | Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
|
MessageLoaderParms( |
"Pegasus.Common.SocketzOS_inline.WRONG_ROLE", | "Pegasus.Common.SocketzOS_inline.WRONG_ROLE", |
"ATTLS policy specifies the wrong HandshakeRole for the " | "ATTLS policy specifies the wrong HandshakeRole for the " |
"CIM Server HTTPS port. Communication not secured. " | "CIM Server HTTPS port. Communication not secured. " |
"Connection closed."); |
"Connection closed.")); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
// close connection |
return -1; | return -1; |
| |
} | } |
|
|
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, | PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
"ATTLS Security Type is valid but no SAFCHK."); | "ATTLS Security Type is valid but no SAFCHK."); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
// successfull return |
return 1; | return 1; |
} | } |
| |
|
|
"ATTLS Security Type is SAFCHK. Resolved user ID \'%s\'", | "ATTLS Security Type is SAFCHK. Resolved user ID \'%s\'", |
_username)); | _username)); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
// successfull return |
return 1; | return 1; |
| |
} | } |
} // end switch(ioc.TTLSi_Sec_Type) | } // end switch(ioc.TTLSi_Sec_Type) |
// This should never be reached | // This should never be reached |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL1, |
"Received unexpected return value of ioctl(SIOCTTLSCTL)."); | "Received unexpected return value of ioctl(SIOCTTLSCTL)."); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return -1; | return -1; |
|
|
{ | { |
case(EBADF): | case(EBADF): |
{ | { |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL1, |
"Not a valid socket descriptor for " | "Not a valid socket descriptor for " |
"query local authentication."); | "query local authentication."); |
break; | break; |
} | } |
case(EINVAL): | case(EINVAL): |
{ | { |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL1, |
"The local authentication request is not valid" | "The local authentication request is not valid" |
" or not supported on this socket."); | " or not supported on this socket."); |
break; | break; |
} | } |
case(ENODEV): | case(ENODEV): |
{ | { |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL2, |
"Not a local socket descriptor."); | "Not a local socket descriptor."); |
break; | break; |
} | } |
default: | default: |
{ | { |
PEG_TRACE((TRC_SSL, Tracer::LEVEL4, |
PEG_TRACE((TRC_SSL, Tracer::LEVEL1, |
"An unexpected error occurs: %s ( errno $d, reason code " | "An unexpected error occurs: %s ( errno $d, reason code " |
"0x%08X ). ", | "0x%08X ). ", |
strerror(errnoIoctl), | strerror(errnoIoctl), |
|
|
_username[ioSec.__sectt_useridlen]=0; | _username[ioSec.__sectt_useridlen]=0; |
// the user name is in EBCDIC! | // the user name is in EBCDIC! |
__e2a_s(_username); | __e2a_s(_username); |
PEG_TRACE((TRC_SSL, Tracer::LEVEL2, |
PEG_TRACE((TRC_SSL, Tracer::LEVEL3, |
"Local Socket authentication. Resolved task level user ID \'%s\'", | "Local Socket authentication. Resolved task level user ID \'%s\'", |
_username)); | _username)); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
|
_username[ioSec.__sectp_useridlen]=0; | _username[ioSec.__sectp_useridlen]=0; |
// the user name is in EBCDIC! | // the user name is in EBCDIC! |
__e2a_s(_username); | __e2a_s(_username); |
PEG_TRACE((TRC_SSL, Tracer::LEVEL2, |
PEG_TRACE((TRC_SSL, Tracer::LEVEL3, |
"Local Socket authentication. " | "Local Socket authentication. " |
"Resolved process level user ID \'%s\'", | "Resolved process level user ID \'%s\'", |
_username)); | _username)); |
|
|
} | } |
| |
// This should never be reached | // This should never be reached |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL1, |
"Received unexpected return value of ioctl(SECIGET_T)."); | "Received unexpected return value of ioctl(SECIGET_T)."); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return -1; | return -1; |