1 thilo.boehm 1.9 //%2006////////////////////////////////////////////////////////////////////////
2 //
3 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
6 // IBM Corp.; EMC Corporation, The Open Group.
7 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
9 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
11 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
13 //
14 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
20 //
21 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 thilo.boehm 1.9 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 //
|
30 kumpf 1.11 //==============================================================================
31 //
|
32 thilo.boehm 1.9 //%/////////////////////////////////////////////////////////////////////////////
|
33 kumpf 1.11
|
34 thilo.boehm 1.9 #ifndef SocketzOS_inline_h
35 #define SocketzOS_inline_h
36
|
37 kumpf 1.11 #include <Pegasus/Common/Logger.h>
|
38 thilo.boehm 1.9 #include <sys/ioctl.h>
39 #include <net/rtrouteh.h>
40 #include <net/if.h>
41 #include "//'SYS1.SEZANMAC(EZBZTLSC)'"
42
43
44 PEGASUS_NAMESPACE_BEGIN
45
46
47 MP_Socket::MP_Socket(SocketHandle socket)
|
48 kumpf 1.11 : _socket(socket), _isSecure(false),
|
49 marek 1.12 _userAuthenticated(false),
50 _socketWriteTimeout(PEGASUS_DEFAULT_SOCKETWRITE_TIMEOUT_SECONDS)
|
51 thilo.boehm 1.9 {
|
52 kumpf 1.11 _username[0]=0;
|
53 thilo.boehm 1.9 }
54
55 MP_Socket::MP_Socket(
56 SocketHandle socket,
57 SSLContext * sslcontext,
|
58 thilo.boehm 1.10 ReadWriteSem * sslContextObjectLock)
|
59 kumpf 1.11 : _socket(socket),
|
60 marek 1.12 _userAuthenticated(false),
61 _socketWriteTimeout(PEGASUS_DEFAULT_SOCKETWRITE_TIMEOUT_SECONDS)
|
62 thilo.boehm 1.9 {
63 PEG_METHOD_ENTER(TRC_SSL, "MP_Socket::MP_Socket()");
|
64 kumpf 1.11 _username[0]=0;
|
65 thilo.boehm 1.9 if (sslcontext != NULL)
66 {
67 _isSecure = true;
68 }
69 else
70 {
71 _isSecure = false;
72 }
73 PEG_METHOD_EXIT();
74 }
75
76 int MP_Socket::ATTLS_zOS_query()
77 {
78 struct TTLS_IOCTL ioc; // ioctl data structure
79 int rcIoctl;
80 int errnoIoctl;
81 int errno2Ioctl;
82
83 PEG_METHOD_ENTER(TRC_SSL, "ATTLS_zOS_query()");
84
85 memset(&ioc,0,sizeof(ioc)); // clean the structure
86 thilo.boehm 1.9 ioc.TTLSi_Ver = TTLS_VERSION1; // set used version of structure
87 ioc.TTLSi_Req_Type = TTLS_QUERY_ONLY; // initialize for query only
88 ioc.TTLSi_BufferPtr = NULL; // no buffer for the certificate
89 ioc.TTLSi_BufferLen = 0; // will not use it
90
91 rcIoctl = ioctl(_socket,SIOCTTLSCTL,(char *)&ioc);
92 errnoIoctl = errno;
93 errno2Ioctl =__errno2();
94
|
95 kumpf 1.11 if (rcIoctl < 0)
|
96 thilo.boehm 1.9 {
97 switch(errnoIoctl)
|
98 kumpf 1.11 {
|
99 thilo.boehm 1.9 case(EINPROGRESS):
100 case(EWOULDBLOCK):
101 {
|
102 kumpf 1.11 PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4,
103 "---> Accept pending (EWB).");
|
104 thilo.boehm 1.9 return 0; // accept pending
105 }
106 case(ECONNRESET):
107 {
|
108 kumpf 1.11 Logger::put_l(
|
109 thilo.boehm 1.13 Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION,
|
110 kumpf 1.11 "Pegasus.Common.SocketzOS_inline.CONNECTION_RESET_ERROR",
111 "ATTLS reset the connection due to handshake failure. "
112 "Connection closed.");
|
113 thilo.boehm 1.9 PEG_METHOD_EXIT();
|
114 kumpf 1.11 return -1;
|
115 thilo.boehm 1.9 }
116 default:
117 {
118 char str_errno2[10];
119 sprintf(str_errno2,"%08X",errno2Ioctl);
|
120 kumpf 1.11 Logger::put_l(
121 Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
122 "Pegasus.Common.SocketzOS_inline.UNEXPECTED_ERROR",
123 "An unexpected error occurs: $0 ( errno $1, reason code "
124 "0x$2 ). Connection closed.",
125 strerror(errnoIoctl),
126 errnoIoctl,
127 str_errno2);
|
128 thilo.boehm 1.9 PEG_METHOD_EXIT();
129 return -1;
130 }
131 } // end switch(errnoIoctl)
|
132 kumpf 1.11 } // -1 ioctl()
|
133 thilo.boehm 1.9
|
134 kumpf 1.11 // this should be a secured connection so
|
135 thilo.boehm 1.9 // check the configuration of ATTLS policy.
136 switch(ioc.TTLSi_Stat_Policy)
137 {
138 case(TTLS_POL_OFF):
139 case(TTLS_POL_NO_POLICY):
140 case(TTLS_POL_NOT_ENABLED):
141 {
|
142 kumpf 1.11 Logger::put_l(
143 Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
144 "Pegasus.Common.SocketzOS_inline.POLICY_NOT_ENABLED",
145 "ATTLS policy is not aktive for the CIM Server HTTPS port. "
146 "Communication not secured. Connection closed.");
|
147 thilo.boehm 1.9 PEG_METHOD_EXIT();
148 return -1;
149 }
150 case(TTLS_POL_ENABLED):
151 {
|
152 kumpf 1.11 // a policy exists so it is ensured that a secured connection will
153 // be established
154 break;
|
155 thilo.boehm 1.9 }
156 case(TTLS_POL_APPLCNTRL):
157 {
|
158 kumpf 1.11 Logger::put_l(
159 Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
160 "Pegasus.Common.SocketzOS_inline.APPLCNTRL",
161 "ATTLS policy not valid for CIM Server. "
162 "Set ApplicationControlled to OFF. Connection closed.");
|
163 thilo.boehm 1.9 PEG_METHOD_EXIT();
164 return -1;
|
165 kumpf 1.11 }
|
166 thilo.boehm 1.9
167 } // end switch(ioc.TTLSi_Stat_Policy)
168
169 // check status of connection, configuration is ok for the CIM Server
170 switch(ioc.TTLSi_Stat_Conn)
171 {
172 case(TTLS_CONN_NOTSECURE):
173 case(TTLS_CONN_HS_INPROGRESS):
174 {
175 // the SSL handshake has not been finished yet, try late again.
176 PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, "---> Accept pending.");
177 return 0;
178 }
179 case(TTLS_CONN_SECURE):
180 {
181 break; // the connection is secure
182 }
|
183 kumpf 1.11
|
184 thilo.boehm 1.9
185 } // end switch(ioc.TTLSi_Stat_Conn)
186
|
187 kumpf 1.11 //
|
188 thilo.boehm 1.9 switch(ioc.TTLSi_Sec_Type)
189 {
190 case(TTLS_SEC_UNKNOWN):
191 case(TTLS_SEC_CLIENT):
192 {
|
193 kumpf 1.11 Logger::put_l(
194 Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
195 "Pegasus.Common.SocketzOS_inline.WRONG_ROLE",
196 "ATTLS policy specifies the wrong HandshakeRole for the "
197 "CIM Server HTTPS port. Communication not secured. "
198 "Connection closed.");
|
199 thilo.boehm 1.9 PEG_METHOD_EXIT();
200 return -1;
201
202 }
203
204 case(TTLS_SEC_SERVER):
205 case(TTLS_SEC_SRV_CA_PASS):
206 case(TTLS_SEC_SRV_CA_FULL):
207 case(TTLS_SEC_SRV_CA_REQD):
208 {
|
209 kumpf 1.11 PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4,
210 "---> ATTLS Securtiy Type is valid but no SAFCHK.");
|
211 thilo.boehm 1.9 PEG_METHOD_EXIT();
212 return 1;
213 }
214
215 case(TTLS_SEC_SRV_CA_SAFCHK):
216 {
217 _userAuthenticated=true;
218 memcpy(_username,ioc.TTLSi_UserID,ioc.TTLSi_UserID_Len);
|
219 kumpf 1.11 _username[ioc.TTLSi_UserID_Len]=0; // null terminated string
220 __etoa(_username); // the user name is in EBCDIC !
221 PEG_TRACE((TRC_SSL, Tracer::LEVEL2,
222 "---> ATTLS Securtiy Type is SAFCHK. Resolved user ID \'%s\'",
223 _username));
|
224 thilo.boehm 1.9 PEG_METHOD_EXIT();
225 return 1;
226
227 }
228 } // end switch(ioc.TTLSi_Sec_Type)
229 // This should never be reached
|
230 kumpf 1.11 PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4,
231 "---> Never reach this! New/wrong return value of ioctl().");
|
232 thilo.boehm 1.9 PEG_METHOD_EXIT();
233 return -1;
234 } // end ATTLS_zOS_Query
235
236
237 PEGASUS_NAMESPACE_END
238 #endif
239
|