1 thilo.boehm 1.9 //%2006////////////////////////////////////////////////////////////////////////
2 //
3 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
6 // IBM Corp.; EMC Corporation, The Open Group.
7 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
9 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
11 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
13 //
14 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
20 //
21 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 thilo.boehm 1.9 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 //
30 //%/////////////////////////////////////////////////////////////////////////////
31 #ifndef SocketzOS_inline_h
32 #define SocketzOS_inline_h
33
34 #include <Pegasus/Common/Logger.h>
35 #include <sys/ioctl.h>
36 #include <net/rtrouteh.h>
37 #include <net/if.h>
38 #include "//'SYS1.SEZANMAC(EZBZTLSC)'"
39
40
41 PEGASUS_NAMESPACE_BEGIN
42
43 thilo.boehm 1.9
44 MP_Socket::MP_Socket(SocketHandle socket)
45 : _socket(socket), _isSecure(false),
46 _userAuthenticated(false)
47 {
48 _username[0]=0;
49 }
50
51 MP_Socket::MP_Socket(
52 SocketHandle socket,
53 SSLContext * sslcontext,
|
55 thilo.boehm 1.9 : _socket(socket),
56 _userAuthenticated(false)
57 {
58 PEG_METHOD_ENTER(TRC_SSL, "MP_Socket::MP_Socket()");
59 _username[0]=0;
60 if (sslcontext != NULL)
61 {
62 _isSecure = true;
63 }
64 else
65 {
66 _isSecure = false;
67 }
68 PEG_METHOD_EXIT();
69 }
70
71 int MP_Socket::ATTLS_zOS_query()
72 {
73 struct TTLS_IOCTL ioc; // ioctl data structure
74 int rcIoctl;
75 int errnoIoctl;
76 thilo.boehm 1.9 int errno2Ioctl;
77
78 PEG_METHOD_ENTER(TRC_SSL, "ATTLS_zOS_query()");
79
80 memset(&ioc,0,sizeof(ioc)); // clean the structure
81 ioc.TTLSi_Ver = TTLS_VERSION1; // set used version of structure
82 ioc.TTLSi_Req_Type = TTLS_QUERY_ONLY; // initialize for query only
83 ioc.TTLSi_BufferPtr = NULL; // no buffer for the certificate
84 ioc.TTLSi_BufferLen = 0; // will not use it
85
86 rcIoctl = ioctl(_socket,SIOCTTLSCTL,(char *)&ioc);
87 errnoIoctl = errno;
88 errno2Ioctl =__errno2();
89
90 if(rcIoctl < 0)
91 {
92 switch(errnoIoctl)
93 {
94 case(EINPROGRESS):
95 case(EWOULDBLOCK):
96 {
97 thilo.boehm 1.9 PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, "---> Accept pending (EWB).");
98 return 0; // accept pending
99 }
100 case(ECONNRESET):
101 {
102 Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
103 "Pegasus.Common.SocketzOS_inline.CONNECTION_RESET_ERROR",
104 "ATTLS reset the connection due to handshake failure. \
105 Connection closed.");
106 PEG_METHOD_EXIT();
107 return -1;
108 }
109 default:
110 {
111 char str_errno2[10];
112 sprintf(str_errno2,"%08X",errno2Ioctl);
113 Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
114 "Pegasus.Common.SocketzOS_inline.UNEXPECTED_ERROR",
115 "An unexpected error occurs: $0 ( errno $1, reason code 0x$2 ). \
116 Connection closed."
117 ,strerror(errnoIoctl),errnoIoctl,str_errno2);
118 thilo.boehm 1.9 PEG_METHOD_EXIT();
119 return -1;
120
121 }
122 } // end switch(errnoIoctl)
123 } // -1 ioctl()
124
125 // this should be a secured connection so
126 // check the configuration of ATTLS policy.
127 switch(ioc.TTLSi_Stat_Policy)
128 {
129 case(TTLS_POL_OFF):
130 case(TTLS_POL_NO_POLICY):
131 case(TTLS_POL_NOT_ENABLED):
132 {
133 Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
134 "Pegasus.Common.SocketzOS_inline.POLICY_NOT_ENABLED",
135 "ATTLS policy is not aktive for the CIM Server HTTPS port. \
136 Communication not secured. Connection closed.");
137 PEG_METHOD_EXIT();
138 return -1;
139 thilo.boehm 1.9 }
140 case(TTLS_POL_ENABLED):
141 {
142 break; // a policy exists so it is ensured that a secured connectio will be established
143 }
144 case(TTLS_POL_APPLCNTRL):
145 {
146 Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
147 "Pegasus.Common.SocketzOS_inline.APPLCNTRL",
148 "ATTLS policy not valid for CIM Server. \
149 Set ApplicationControlled to OFF. Connection closed.");
150 PEG_METHOD_EXIT();
151 return -1;
152
153 }
154
155 } // end switch(ioc.TTLSi_Stat_Policy)
156
157 // check status of connection, configuration is ok for the CIM Server
158 switch(ioc.TTLSi_Stat_Conn)
159 {
160 thilo.boehm 1.9 case(TTLS_CONN_NOTSECURE):
161 case(TTLS_CONN_HS_INPROGRESS):
162 {
163 // the SSL handshake has not been finished yet, try late again.
164 PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, "---> Accept pending.");
165 return 0;
166 }
167 case(TTLS_CONN_SECURE):
168 {
169 break; // the connection is secure
170 }
171
172
173 } // end switch(ioc.TTLSi_Stat_Conn)
174
175 //
176 switch(ioc.TTLSi_Sec_Type)
177 {
178 case(TTLS_SEC_UNKNOWN):
179 case(TTLS_SEC_CLIENT):
180 {
181 thilo.boehm 1.9 Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
182 "Pegasus.Common.SocketzOS_inline.WRONG_ROLE",
183 "ATTLS policy specifies the wrong HandshakeRole for the CIM Server HTTPS port. \
184 Communication not secured. Connection closed.");
185 PEG_METHOD_EXIT();
186 return -1;
187
188 }
189
190 case(TTLS_SEC_SERVER):
191 case(TTLS_SEC_SRV_CA_PASS):
192 case(TTLS_SEC_SRV_CA_FULL):
193 case(TTLS_SEC_SRV_CA_REQD):
194 {
195 PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4,
196 "---> ATTLS Securtiy Type is valid but no SAFCHK.");
197 PEG_METHOD_EXIT();
198 return 1;
199 }
200
201 case(TTLS_SEC_SRV_CA_SAFCHK):
202 thilo.boehm 1.9 {
203 _userAuthenticated=true;
204 memcpy(_username,ioc.TTLSi_UserID,ioc.TTLSi_UserID_Len);
205 _username[ioc.TTLSi_UserID_Len]=0; // null terminated string
206 __etoa(_username); // the user name is in EBCDIC !
207 PEG_TRACE((TRC_SSL, Tracer::LEVEL2,
208 "---> ATTLS Securtiy Type is SAFCHK. Resolved user ID \'%s\'",_username));
209 PEG_METHOD_EXIT();
210 return 1;
211
212 }
213 } // end switch(ioc.TTLSi_Sec_Type)
214 // This should never be reached
215 PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4,
216 "---> Never reach this! New/wrong return value of ioctl().");
217 PEG_METHOD_EXIT();
218 return -1;
219 } // end ATTLS_zOS_Query
220
221
222 PEGASUS_NAMESPACE_END
223 thilo.boehm 1.9 #endif
224
|