1 thilo.boehm 1.9 //%2006////////////////////////////////////////////////////////////////////////
2 //
3 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
6 // IBM Corp.; EMC Corporation, The Open Group.
7 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
9 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
11 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
13 //
14 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
20 //
21 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 thilo.boehm 1.9 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 //
|
30 kumpf 1.11 //==============================================================================
31 //
|
32 thilo.boehm 1.9 //%/////////////////////////////////////////////////////////////////////////////
|
33 kumpf 1.11
|
34 thilo.boehm 1.9 #ifndef SocketzOS_inline_h
35 #define SocketzOS_inline_h
36
|
37 kumpf 1.11 #include <Pegasus/Common/Logger.h>
|
38 thilo.boehm 1.9 #include <sys/ioctl.h>
39 #include <net/rtrouteh.h>
40 #include <net/if.h>
41 #include "//'SYS1.SEZANMAC(EZBZTLSC)'"
42
43
44 PEGASUS_NAMESPACE_BEGIN
45
46
47 MP_Socket::MP_Socket(SocketHandle socket)
|
48 kumpf 1.11 : _socket(socket), _isSecure(false),
49 _userAuthenticated(false)
|
50 thilo.boehm 1.9 {
|
51 kumpf 1.11 _username[0]=0;
|
52 thilo.boehm 1.9 }
53
54 MP_Socket::MP_Socket(
55 SocketHandle socket,
56 SSLContext * sslcontext,
|
57 thilo.boehm 1.10 ReadWriteSem * sslContextObjectLock)
|
58 kumpf 1.11 : _socket(socket),
|
59 thilo.boehm 1.9 _userAuthenticated(false)
60 {
61 PEG_METHOD_ENTER(TRC_SSL, "MP_Socket::MP_Socket()");
|
62 kumpf 1.11 _username[0]=0;
|
63 thilo.boehm 1.9 if (sslcontext != NULL)
64 {
65 _isSecure = true;
66 }
67 else
68 {
69 _isSecure = false;
70 }
71 PEG_METHOD_EXIT();
72 }
73
74 int MP_Socket::ATTLS_zOS_query()
75 {
76 struct TTLS_IOCTL ioc; // ioctl data structure
77 int rcIoctl;
78 int errnoIoctl;
79 int errno2Ioctl;
80
81 PEG_METHOD_ENTER(TRC_SSL, "ATTLS_zOS_query()");
82
83 memset(&ioc,0,sizeof(ioc)); // clean the structure
84 thilo.boehm 1.9 ioc.TTLSi_Ver = TTLS_VERSION1; // set used version of structure
85 ioc.TTLSi_Req_Type = TTLS_QUERY_ONLY; // initialize for query only
86 ioc.TTLSi_BufferPtr = NULL; // no buffer for the certificate
87 ioc.TTLSi_BufferLen = 0; // will not use it
88
89 rcIoctl = ioctl(_socket,SIOCTTLSCTL,(char *)&ioc);
90 errnoIoctl = errno;
91 errno2Ioctl =__errno2();
92
|
93 kumpf 1.11 if (rcIoctl < 0)
|
94 thilo.boehm 1.9 {
95 switch(errnoIoctl)
|
96 kumpf 1.11 {
|
97 thilo.boehm 1.9 case(EINPROGRESS):
98 case(EWOULDBLOCK):
99 {
|
100 kumpf 1.11 PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4,
101 "---> Accept pending (EWB).");
|
102 thilo.boehm 1.9 return 0; // accept pending
103 }
104 case(ECONNRESET):
105 {
|
106 kumpf 1.11 Logger::put_l(
|
107 thilo.boehm 1.11.4.1 Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION,
|
108 kumpf 1.11 "Pegasus.Common.SocketzOS_inline.CONNECTION_RESET_ERROR",
109 "ATTLS reset the connection due to handshake failure. "
110 "Connection closed.");
|
111 thilo.boehm 1.9 PEG_METHOD_EXIT();
|
112 kumpf 1.11 return -1;
|
113 thilo.boehm 1.9 }
114 default:
115 {
116 char str_errno2[10];
117 sprintf(str_errno2,"%08X",errno2Ioctl);
|
118 kumpf 1.11 Logger::put_l(
119 Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
120 "Pegasus.Common.SocketzOS_inline.UNEXPECTED_ERROR",
121 "An unexpected error occurs: $0 ( errno $1, reason code "
122 "0x$2 ). Connection closed.",
123 strerror(errnoIoctl),
124 errnoIoctl,
125 str_errno2);
|
126 thilo.boehm 1.9 PEG_METHOD_EXIT();
127 return -1;
128 }
129 } // end switch(errnoIoctl)
|
130 kumpf 1.11 } // -1 ioctl()
|
131 thilo.boehm 1.9
|
132 kumpf 1.11 // this should be a secured connection so
|
133 thilo.boehm 1.9 // check the configuration of ATTLS policy.
134 switch(ioc.TTLSi_Stat_Policy)
135 {
136 case(TTLS_POL_OFF):
137 case(TTLS_POL_NO_POLICY):
138 case(TTLS_POL_NOT_ENABLED):
139 {
|
140 kumpf 1.11 Logger::put_l(
141 Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
142 "Pegasus.Common.SocketzOS_inline.POLICY_NOT_ENABLED",
143 "ATTLS policy is not aktive for the CIM Server HTTPS port. "
144 "Communication not secured. Connection closed.");
|
145 thilo.boehm 1.9 PEG_METHOD_EXIT();
146 return -1;
147 }
148 case(TTLS_POL_ENABLED):
149 {
|
150 kumpf 1.11 // a policy exists so it is ensured that a secured connection will
151 // be established
152 break;
|
153 thilo.boehm 1.9 }
154 case(TTLS_POL_APPLCNTRL):
155 {
|
156 kumpf 1.11 Logger::put_l(
157 Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
158 "Pegasus.Common.SocketzOS_inline.APPLCNTRL",
159 "ATTLS policy not valid for CIM Server. "
160 "Set ApplicationControlled to OFF. Connection closed.");
|
161 thilo.boehm 1.9 PEG_METHOD_EXIT();
162 return -1;
|
163 kumpf 1.11 }
|
164 thilo.boehm 1.9
165 } // end switch(ioc.TTLSi_Stat_Policy)
166
167 // check status of connection, configuration is ok for the CIM Server
168 switch(ioc.TTLSi_Stat_Conn)
169 {
170 case(TTLS_CONN_NOTSECURE):
171 case(TTLS_CONN_HS_INPROGRESS):
172 {
173 // the SSL handshake has not been finished yet, try late again.
174 PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, "---> Accept pending.");
175 return 0;
176 }
177 case(TTLS_CONN_SECURE):
178 {
179 break; // the connection is secure
180 }
|
181 kumpf 1.11
|
182 thilo.boehm 1.9
183 } // end switch(ioc.TTLSi_Stat_Conn)
184
|
185 kumpf 1.11 //
|
186 thilo.boehm 1.9 switch(ioc.TTLSi_Sec_Type)
187 {
188 case(TTLS_SEC_UNKNOWN):
189 case(TTLS_SEC_CLIENT):
190 {
|
191 kumpf 1.11 Logger::put_l(
192 Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
193 "Pegasus.Common.SocketzOS_inline.WRONG_ROLE",
194 "ATTLS policy specifies the wrong HandshakeRole for the "
195 "CIM Server HTTPS port. Communication not secured. "
196 "Connection closed.");
|
197 thilo.boehm 1.9 PEG_METHOD_EXIT();
198 return -1;
199
200 }
201
202 case(TTLS_SEC_SERVER):
203 case(TTLS_SEC_SRV_CA_PASS):
204 case(TTLS_SEC_SRV_CA_FULL):
205 case(TTLS_SEC_SRV_CA_REQD):
206 {
|
207 kumpf 1.11 PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4,
208 "---> ATTLS Securtiy Type is valid but no SAFCHK.");
|
209 thilo.boehm 1.9 PEG_METHOD_EXIT();
210 return 1;
211 }
212
213 case(TTLS_SEC_SRV_CA_SAFCHK):
214 {
215 _userAuthenticated=true;
216 memcpy(_username,ioc.TTLSi_UserID,ioc.TTLSi_UserID_Len);
|
217 kumpf 1.11 _username[ioc.TTLSi_UserID_Len]=0; // null terminated string
218 __etoa(_username); // the user name is in EBCDIC !
219 PEG_TRACE((TRC_SSL, Tracer::LEVEL2,
220 "---> ATTLS Securtiy Type is SAFCHK. Resolved user ID \'%s\'",
221 _username));
|
222 thilo.boehm 1.9 PEG_METHOD_EXIT();
223 return 1;
224
225 }
226 } // end switch(ioc.TTLSi_Sec_Type)
227 // This should never be reached
|
228 kumpf 1.11 PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4,
229 "---> Never reach this! New/wrong return value of ioctl().");
|
230 thilo.boehm 1.9 PEG_METHOD_EXIT();
231 return -1;
232 } // end ATTLS_zOS_Query
233
234
235 PEGASUS_NAMESPACE_END
236 #endif
237
|