summaryrefslogtreecommitdiff
path: root/cpp
diff options
context:
space:
mode:
Diffstat (limited to 'cpp')
-rw-r--r--cpp/config/PropertyNames.def2
-rw-r--r--cpp/slice/IceGrid/Registry.ice38
-rw-r--r--cpp/src/Ice/PropertyNames.cpp4
-rw-r--r--cpp/src/Ice/PropertyNames.h2
-rw-r--r--cpp/src/IceGrid/AdminSessionI.cpp41
-rw-r--r--cpp/src/IceGrid/AdminSessionI.h18
-rw-r--r--cpp/src/IceGrid/Makefile4
-rw-r--r--cpp/src/IceGrid/NodeCache.cpp6
-rw-r--r--cpp/src/IceGrid/ObjectCache.cpp4
-rw-r--r--cpp/src/IceGrid/RegistryI.cpp187
-rw-r--r--cpp/src/IceGrid/RegistryI.h8
-rw-r--r--cpp/src/IceGrid/ServerCache.cpp4
-rw-r--r--cpp/src/IceGrid/SessionI.cpp35
-rw-r--r--cpp/src/IceGrid/SessionI.h21
14 files changed, 340 insertions, 34 deletions
diff --git a/cpp/config/PropertyNames.def b/cpp/config/PropertyNames.def
index 97d94bc532e..c48ba485001 100644
--- a/cpp/config/PropertyNames.def
+++ b/cpp/config/PropertyNames.def
@@ -225,6 +225,7 @@ IceGrid:
Registry.Admin.ThreadPool.StackSize
Registry.AdminCryptPasswords
Registry.AdminPermissionsVerifier
+ Registry.AdminSSLPermissionsVerifier
Registry.AdminSessionTimeout
Registry.Client.AdapterId
Registry.Client.ReplicaGroupId
@@ -259,6 +260,7 @@ IceGrid:
Registry.Server.ThreadPool.SizeMax
Registry.Server.ThreadPool.SizeWarn
Registry.Server.ThreadPool.StackSize
+ Registry.SSLPermissionsVerifier
Registry.Trace.Application
Registry.Trace.Adapter
Registry.Trace.Node
diff --git a/cpp/slice/IceGrid/Registry.ice b/cpp/slice/IceGrid/Registry.ice
index 0ef5e471b1f..ae5a1f41eae 100644
--- a/cpp/slice/IceGrid/Registry.ice
+++ b/cpp/slice/IceGrid/Registry.ice
@@ -58,6 +58,44 @@ interface Registry
**/
AdminSession* createAdminSession(string userId, string password)
throws PermissionDeniedException;
+
+ /**
+ *
+ * Create a client session.
+ *
+ * @see Session
+ * @see Glacier2::PermissionsVerifier
+ *
+ * @return A proxy for the newly created session.
+ *
+ * @param userId The user id for which to check the password.
+ *
+ * @param password The password for the given user id.
+ *
+ * @throws PermissionDeniedException Raised if the password for
+ * the given user id is not correct, or if the user is not allowed
+ * access.
+ *
+ **/
+ Session* createSessionFromSecureConnection()
+ throws PermissionDeniedException;
+
+ /**
+ *
+ * Create an administrative session.
+ *
+ * @see Session
+ * @see Glacier2::PermissionsVerifier
+ *
+ * @return A proxy for the newly created session.
+ *
+ * @throws PermissionDeniedException Raised if the password for
+ * the given user id is not correct, or if the user is not allowed
+ * access.
+ *
+ **/
+ AdminSession* createAdminSessionFromSecureConnection()
+ throws PermissionDeniedException;
};
};
diff --git a/cpp/src/Ice/PropertyNames.cpp b/cpp/src/Ice/PropertyNames.cpp
index 0f847b942d1..ac0d928271a 100644
--- a/cpp/src/Ice/PropertyNames.cpp
+++ b/cpp/src/Ice/PropertyNames.cpp
@@ -7,7 +7,7 @@
//
// **********************************************************************
-// Generated by makeprops.py from file `../config/PropertyNames.def', Fri May 19 11:05:54 2006
+// Generated by makeprops.py from file `../config/PropertyNames.def', Fri May 19 15:20:17 2006
// IMPORTANT: Do not edit this file -- any edits made here will be lost!
@@ -133,6 +133,7 @@ const char* IceInternal::PropertyNames::IceGridProps[] =
"IceGrid.Registry.Admin.ThreadPool.StackSize",
"IceGrid.Registry.AdminCryptPasswords",
"IceGrid.Registry.AdminPermissionsVerifier",
+ "IceGrid.Registry.AdminSSLPermissionsVerifier",
"IceGrid.Registry.AdminSessionTimeout",
"IceGrid.Registry.Client.AdapterId",
"IceGrid.Registry.Client.ReplicaGroupId",
@@ -167,6 +168,7 @@ const char* IceInternal::PropertyNames::IceGridProps[] =
"IceGrid.Registry.Server.ThreadPool.SizeMax",
"IceGrid.Registry.Server.ThreadPool.SizeWarn",
"IceGrid.Registry.Server.ThreadPool.StackSize",
+ "IceGrid.Registry.SSLPermissionsVerifier",
"IceGrid.Registry.Trace.Application",
"IceGrid.Registry.Trace.Adapter",
"IceGrid.Registry.Trace.Node",
diff --git a/cpp/src/Ice/PropertyNames.h b/cpp/src/Ice/PropertyNames.h
index ff92b867968..89d89c7521b 100644
--- a/cpp/src/Ice/PropertyNames.h
+++ b/cpp/src/Ice/PropertyNames.h
@@ -7,7 +7,7 @@
//
// **********************************************************************
-// Generated by makeprops.py from file `../config/PropertyNames.def', Fri May 19 11:05:54 2006
+// Generated by makeprops.py from file `../config/PropertyNames.def', Fri May 19 15:20:17 2006
// IMPORTANT: Do not edit this file -- any edits made here will be lost!
diff --git a/cpp/src/IceGrid/AdminSessionI.cpp b/cpp/src/IceGrid/AdminSessionI.cpp
index fedb6f1cfc0..7d0f2e30424 100644
--- a/cpp/src/IceGrid/AdminSessionI.cpp
+++ b/cpp/src/IceGrid/AdminSessionI.cpp
@@ -11,15 +11,17 @@
#include <IceGrid/AdminSessionI.h>
#include <IceGrid/Database.h>
+#include <IceSSL/Plugin.h>
+
using namespace std;
using namespace IceGrid;
-AdminSessionI::AdminSessionI(const string& userId,
+AdminSessionI::AdminSessionI(const string& id,
const DatabasePtr& database,
int timeout,
const RegistryObserverTopicPtr& registryObserverTopic,
const NodeObserverTopicPtr& nodeObserverTopic) :
- BaseSessionI(userId, "admin", database, timeout),
+ BaseSessionI(id, "admin", database, timeout),
_registryObserverTopic(registryObserverTopic),
_nodeObserverTopic(nodeObserverTopic),
_updating(false)
@@ -120,7 +122,7 @@ AdminSessionI::startUpdate(const Ice::Current& current)
throw ex;
}
- int serial = _database->lock(this, _userId);
+ int serial = _database->lock(this, _id);
_updating = true;
return serial;
}
@@ -257,16 +259,35 @@ AdminSessionManagerI::AdminSessionManagerI(const DatabasePtr& database,
}
Glacier2::SessionPrx
-AdminSessionManagerI::create(const string& userId, const Glacier2::SessionControlPrx&, const Ice::Current& current)
+AdminSessionManagerI::create(const string& id, const Glacier2::SessionControlPrx&, const Ice::Current& current)
{
- //
- // TODO: XXX: Update the Glacier2 allowable table to allow access to this object!
- //
- return Glacier2::SessionPrx::uncheckedCast(current.adapter->addWithUUID(create(userId)));
+ return Glacier2::SessionPrx::uncheckedCast(current.adapter->addWithUUID(create(id)));
}
AdminSessionIPtr
-AdminSessionManagerI::create(const string& userId)
+AdminSessionManagerI::create(const string& id)
{
- return new AdminSessionI(userId, _database, _timeout, _registryObserverTopic, _nodeObserverTopic);
+ return new AdminSessionI(id, _database, _timeout, _registryObserverTopic, _nodeObserverTopic);
}
+
+AdminSSLSessionManagerI::AdminSSLSessionManagerI(const DatabasePtr& database,
+ int sessionTimeout,
+ const RegistryObserverTopicPtr& regTopic,
+ const NodeObserverTopicPtr& nodeTopic) :
+ _database(database),
+ _timeout(sessionTimeout),
+ _registryObserverTopic(regTopic),
+ _nodeObserverTopic(nodeTopic)
+{
+}
+
+Glacier2::SessionPrx
+AdminSSLSessionManagerI::create(const Glacier2::SSLInfo& info, const Glacier2::SessionControlPrx&,
+ const Ice::Current& current)
+{
+ IceSSL::CertificatePtr cert = IceSSL::Certificate::decode(info.certs[0]);
+ string id = cert->getSubjectDN();
+ AdminSessionIPtr session = new AdminSessionI(id, _database, _timeout, _registryObserverTopic, _nodeObserverTopic);
+ return Glacier2::SessionPrx::uncheckedCast(current.adapter->addWithUUID(session));
+}
+
diff --git a/cpp/src/IceGrid/AdminSessionI.h b/cpp/src/IceGrid/AdminSessionI.h
index 350f0d84293..2cac2bf40a0 100644
--- a/cpp/src/IceGrid/AdminSessionI.h
+++ b/cpp/src/IceGrid/AdminSessionI.h
@@ -67,6 +67,24 @@ private:
};
typedef IceUtil::Handle<AdminSessionManagerI> AdminSessionManagerIPtr;
+class AdminSSLSessionManagerI : virtual public Glacier2::SSLSessionManager
+{
+public:
+
+ AdminSSLSessionManagerI(const DatabasePtr&, int, const RegistryObserverTopicPtr& , const NodeObserverTopicPtr&);
+
+ virtual Glacier2::SessionPrx create(const Glacier2::SSLInfo&, const Glacier2::SessionControlPrx&,
+ const Ice::Current&);
+
+private:
+
+ const DatabasePtr _database;
+ const int _timeout;
+ const RegistryObserverTopicPtr _registryObserverTopic;
+ const NodeObserverTopicPtr _nodeObserverTopic;
+};
+typedef IceUtil::Handle<AdminSSLSessionManagerI> AdminSSLSessionManagerIPtr;
+
};
#endif
diff --git a/cpp/src/IceGrid/Makefile b/cpp/src/IceGrid/Makefile
index 8e1fda80863..ca304cde6ab 100644
--- a/cpp/src/IceGrid/Makefile
+++ b/cpp/src/IceGrid/Makefile
@@ -135,12 +135,12 @@ $(ADMIN): $(ADMIN_OBJS) $(LIBTARGETS)
$(REGISTRY_SERVER): $(REGISTRY_SVR_OBJS) $(LIBTARGETS)
rm -f $@
$(CXX) $(LDFLAGS) -o $@ $(REGISTRY_SVR_OBJS) -lIceGrid -lIceStormService -lGlacier2 $(DB_RPATH_LINK) -lFreeze \
- -lIceBox $(EXPAT_RPATH_LINK) -lIceXML $(OPENSSL_LIBS) $(LIBS)
+ -lIceBox $(EXPAT_RPATH_LINK) -lIceXML -lIceSSL $(OPENSSL_LIBS) $(LIBS)
$(NODE_SERVER): $(NODE_SVR_OBJS) $(LIBTARGETS)
rm -f $@
$(CXX) $(LDFLAGS) -o $@ $(NODE_SVR_OBJS) -lIceGrid -lIceStormService -lIceBox -lGlacier2 -lIcePatch2 \
- $(DB_RPATH_LINK) -lFreeze $(EXPAT_RPATH_LINK) -lIceXML $(OPENSSL_LIBS) $(LIBS)
+ $(DB_RPATH_LINK) -lFreeze $(EXPAT_RPATH_LINK) -lIceXML -lIceSSL $(OPENSSL_LIBS) $(LIBS)
$(LOCAL_HDIR)/%.h %.cpp: $(SDIR)/%.ice $(SLICE2CPP)
rm -f $(HDIR)/$(*F).h $(*F).cpp
diff --git a/cpp/src/IceGrid/NodeCache.cpp b/cpp/src/IceGrid/NodeCache.cpp
index 33615b68d65..a48dfb956c8 100644
--- a/cpp/src/IceGrid/NodeCache.cpp
+++ b/cpp/src/IceGrid/NodeCache.cpp
@@ -417,12 +417,12 @@ NodeEntry::loadServer(const ServerEntryPtr& entry, const ServerInfo& server, con
out << "loading `" << desc->id << "' on node `" << _name << "'";
if(session)
{
- out << " for session `" << session->getUserId() << "'";
+ out << " for session `" << session->getId() << "'";
}
}
AMI_Node_loadServerPtr amiCB = new LoadCB(_cache.getTraceLevels(), entry, entry->getId(), _name);
- node->loadServer_async(amiCB, server.application, desc, session ? session->getUserId() : "");
+ node->loadServer_async(amiCB, server.application, desc, session ? session->getId() : "");
}
catch(const NodeUnreachableException& ex)
{
@@ -483,7 +483,7 @@ NodeEntry::getServerDescriptor(const ServerInfo& server, const SessionIPtr& sess
if(session)
{
- resolve.setReserved("session.userid", session->getUserId());
+ resolve.setReserved("session.id", session->getId());
}
IceBoxDescriptorPtr iceBox = IceBoxDescriptorPtr::dynamicCast(server.descriptor);
diff --git a/cpp/src/IceGrid/ObjectCache.cpp b/cpp/src/IceGrid/ObjectCache.cpp
index 3d2c4fddb3f..b0afd3f7c3e 100644
--- a/cpp/src/IceGrid/ObjectCache.cpp
+++ b/cpp/src/IceGrid/ObjectCache.cpp
@@ -365,7 +365,7 @@ ObjectEntry::allocated(const SessionIPtr& session)
{
Ice::Trace out(traceLevels->logger, traceLevels->objectCat);
const Ice::Identity id = _info.proxy->ice_getIdentity();
- out << "object `" << _cache.communicator()->identityToString(id) << "' allocated by `" << session->getUserId()
+ out << "object `" << _cache.communicator()->identityToString(id) << "' allocated by `" << session->getId()
<< "' (" << _count << ")";
}
}
@@ -383,7 +383,7 @@ ObjectEntry::released(const SessionIPtr& session)
{
Ice::Trace out(traceLevels->logger, traceLevels->objectCat);
const Ice::Identity id = _info.proxy->ice_getIdentity();
- out << "object `" << _cache.communicator()->identityToString(id) << "' released by `" << session->getUserId()
+ out << "object `" << _cache.communicator()->identityToString(id) << "' released by `" << session->getId()
<< "' (" << _count << ")";
}
}
diff --git a/cpp/src/IceGrid/RegistryI.cpp b/cpp/src/IceGrid/RegistryI.cpp
index 1aa428a2ae4..f3ca88b4994 100644
--- a/cpp/src/IceGrid/RegistryI.cpp
+++ b/cpp/src/IceGrid/RegistryI.cpp
@@ -9,9 +9,10 @@
#include <IceUtil/UUID.h>
#include <Ice/Ice.h>
+#include <Ice/Network.h>
#include <IceStorm/Service.h>
-
+#include <IceSSL/Plugin.h>
#include <Glacier2/PermissionsVerifier.h>
#include <IceGrid/TraceLevels.h>
@@ -357,6 +358,12 @@ RegistryI::start(bool nowarn)
_adminSessionManager = new AdminSessionManagerI(_database, sessionTimeout, regTopic, nodeTopic);
adminAdapter->add(_adminSessionManager, adminSessionMgrId);
+ Identity sslClientSessionMgrId = _communicator->stringToIdentity(instanceName + "/SSLSessionManager");
+ adminAdapter->add(new ClientSSLSessionManagerI(_database, sessionTimeout, _waitQueue), sslClientSessionMgrId);
+
+ Identity sslAdmSessionMgrId = _communicator->stringToIdentity(instanceName + "/AdminSSLSessionManager");
+ adminAdapter->add(new AdminSSLSessionManagerI(_database, sessionTimeout, regTopic, nodeTopic), sslAdmSessionMgrId);
+
//
// Setup null permissions verifier object, client and admin permissions verifiers.
//
@@ -373,6 +380,7 @@ RegistryI::start(bool nowarn)
{
return false;
}
+
_adminVerifier = getPermissionsVerifier(registryAdapter,
internalLocatorPrx,
properties->getProperty("IceGrid.Registry.AdminPermissionsVerifier"),
@@ -383,6 +391,11 @@ RegistryI::start(bool nowarn)
return false;
}
+ _sslClientVerifier = getSSLPermissionsVerifier(
+ internalLocatorPrx, properties->getProperty("IceGrid.Registry.SSLPermissionsVerifier"));
+ _sslAdminVerifier = getSSLPermissionsVerifier(
+ internalLocatorPrx, properties->getProperty("IceGrid.Registry.AdminSSLPermissionsVerifier"));
+
//
// Register well known objects with the object registry.
//
@@ -392,6 +405,8 @@ RegistryI::start(bool nowarn)
addWellKnownObject(adminAdapter->createProxy(adminId), Admin::ice_staticId());
addWellKnownObject(adminAdapter->createProxy(clientSessionMgrId), Glacier2::SessionManager::ice_staticId());
addWellKnownObject(adminAdapter->createProxy(adminSessionMgrId), Glacier2::SessionManager::ice_staticId());
+ addWellKnownObject(adminAdapter->createProxy(sslClientSessionMgrId), Glacier2::SSLSessionManager::ice_staticId());
+ addWellKnownObject(adminAdapter->createProxy(sslAdmSessionMgrId), Glacier2::SSLSessionManager::ice_staticId());
addWellKnownObject(registryAdapter->createProxy(internalRegistryId), InternalRegistry::ice_staticId());
@@ -494,6 +509,88 @@ RegistryI::createAdminSession(const string& user, const string& password, const
return proxy;
}
+SessionPrx
+RegistryI::createSessionFromSecureConnection(const Ice::Current& current)
+{
+ if(!_sslClientVerifier)
+ {
+ PermissionDeniedException exc;
+ exc.reason = "no configured ssl permissions verifier";
+ throw exc;
+ }
+
+ Glacier2::SSLInfo info = getSSLInfo(current.con);
+ try
+ {
+ string reason;
+ if(!_sslClientVerifier->authorize(info, reason, current.ctx))
+ {
+ PermissionDeniedException exc;
+ exc.reason = reason;
+ throw exc;
+ }
+ }
+ catch(const Ice::LocalException& ex)
+ {
+ if(_traceLevels && _traceLevels->session > 0)
+ {
+ Ice::Trace out(_traceLevels->logger, _traceLevels->sessionCat);
+ out << "exception while verifying password with SSL client permission verifier:\n" << ex;
+ }
+
+ PermissionDeniedException exc;
+ exc.reason = "internal server error";
+ throw exc;
+ }
+
+ IceSSL::CertificatePtr cert = IceSSL::Certificate::decode(info.certs[0]);
+ SessionIPtr session = _clientSessionManager->create(cert->getSubjectDN(), 0);
+ SessionPrx proxy = SessionPrx::uncheckedCast(current.adapter->addWithUUID(session));
+ _clientReaper->add(new SessionReapable(current.adapter, session, proxy));
+ return proxy;
+}
+
+AdminSessionPrx
+RegistryI::createAdminSessionFromSecureConnection(const Ice::Current& current)
+{
+ if(!_sslAdminVerifier)
+ {
+ PermissionDeniedException exc;
+ exc.reason = "no configured ssl permissions verifier";
+ throw exc;
+ }
+
+ Glacier2::SSLInfo info = getSSLInfo(current.con);
+ try
+ {
+ string reason;
+ if(!_sslAdminVerifier->authorize(info, reason, current.ctx))
+ {
+ PermissionDeniedException exc;
+ exc.reason = reason;
+ throw exc;
+ }
+ }
+ catch(const Ice::LocalException& ex)
+ {
+ if(_traceLevels && _traceLevels->session > 0)
+ {
+ Ice::Trace out(_traceLevels->logger, _traceLevels->sessionCat);
+ out << "exception while verifying password with SSL admin permission verifier:\n" << ex;
+ }
+
+ PermissionDeniedException exc;
+ exc.reason = "internal server error";
+ throw exc;
+ }
+
+ IceSSL::CertificatePtr cert = IceSSL::Certificate::decode(info.certs[0]);
+ AdminSessionIPtr session = _adminSessionManager->create(cert->getSubjectDN());
+ AdminSessionPrx proxy = AdminSessionPrx::uncheckedCast(current.adapter->addWithUUID(session));
+ _clientReaper->add(new SessionReapable(current.adapter, session, proxy));
+ return proxy;
+}
+
void
RegistryI::shutdown()
{
@@ -630,3 +727,91 @@ RegistryI::getPermissionsVerifier(const Ice::ObjectAdapterPtr& adapter,
}
return verifierPrx;
}
+
+Glacier2::SSLPermissionsVerifierPrx
+RegistryI::getSSLPermissionsVerifier(const Ice::LocatorPrx& locator, const string& verifierProperty)
+{
+ //
+ // Get the permissions verifier, or create a default one if no
+ // verifier is specified.
+ //
+ if(verifierProperty.empty())
+ {
+ return 0;
+ }
+
+ Ice::ObjectPrx verifier;
+ try
+ {
+ verifier = _communicator->stringToProxy(verifierProperty);
+ }
+ catch(const Ice::LocalException& ex)
+ {
+ Error out(_communicator->getLogger());
+ out << "permissions verifier `" + verifierProperty + "' is invalid:\n" << ex;
+ return 0;
+ }
+
+ Glacier2::SSLPermissionsVerifierPrx verifierPrx;
+ try
+ {
+ //
+ // Set the permission verifier proxy locator to the internal
+ // locator. We can't use the "public" locator, this could lead
+ // to deadlocks if there's not enough threads in the client
+ // thread pool anymore.
+ //
+ verifierPrx = Glacier2::SSLPermissionsVerifierPrx::checkedCast(verifier->ice_locator(locator));
+ if(!verifierPrx)
+ {
+ Error out(_communicator->getLogger());
+ out << "permissions verifier `" + verifierProperty + "' is invalid";
+ return 0;
+ }
+ }
+ catch(const Ice::LocalException& ex)
+ {
+ Warning out(_communicator->getLogger());
+ out << "couldn't contact permissions verifier `" + verifierProperty + "':" << ex;
+ }
+ return verifierPrx;
+}
+
+Glacier2::SSLInfo
+RegistryI::getSSLInfo(const Ice::ConnectionPtr& connection)
+{
+ Glacier2::SSLInfo sslinfo;
+ try
+ {
+ IceSSL::ConnectionInfo info = IceSSL::getConnectionInfo(connection);
+ sslinfo.remotePort = ntohs(info.remoteAddr.sin_port);
+ sslinfo.remoteHost = IceInternal::inetAddrToString(info.remoteAddr.sin_addr);
+ sslinfo.localPort = ntohs(info.localAddr.sin_port);
+ sslinfo.localHost = IceInternal::inetAddrToString(info.localAddr.sin_addr);
+
+ sslinfo.cipher = info.cipher;
+
+ if(info.certs.size() > 0)
+ {
+ sslinfo.certs.resize(info.certs.size());
+ for(unsigned int i = 0; i < info.certs.size(); ++i)
+ {
+ sslinfo.certs[i] = info.certs[i]->encode();
+ }
+ }
+ }
+ catch(const IceSSL::ConnectionInvalidException&)
+ {
+ PermissionDeniedException exc;
+ exc.reason = "not ssl connection";
+ throw exc;
+ }
+ catch(const IceSSL::CertificateEncodingException&)
+ {
+ PermissionDeniedException exc;
+ exc.reason = "certificate encoding exception";
+ throw exc;
+ }
+
+ return sslinfo;
+}
diff --git a/cpp/src/IceGrid/RegistryI.h b/cpp/src/IceGrid/RegistryI.h
index 3a5b2442a33..0b31ed10738 100644
--- a/cpp/src/IceGrid/RegistryI.h
+++ b/cpp/src/IceGrid/RegistryI.h
@@ -49,6 +49,9 @@ public:
virtual SessionPrx createSession(const std::string&, const std::string&, const Ice::Current&);
virtual AdminSessionPrx createAdminSession(const std::string&, const std::string&, const Ice::Current&);
+ virtual SessionPrx createSessionFromSecureConnection(const Ice::Current&);
+ virtual AdminSessionPrx createAdminSessionFromSecureConnection(const Ice::Current&);
+
virtual void shutdown();
private:
@@ -58,6 +61,9 @@ private:
Glacier2::PermissionsVerifierPrx getPermissionsVerifier(const Ice::ObjectAdapterPtr&, const Ice::LocatorPrx&,
const std::string&, const std::string&);
+ Glacier2::SSLPermissionsVerifierPrx getSSLPermissionsVerifier(const Ice::LocatorPrx&, const std::string&);
+ Glacier2::SSLInfo getSSLInfo(const Ice::ConnectionPtr&);
+
Ice::CommunicatorPtr _communicator;
DatabasePtr _database;
TraceLevelsPtr _traceLevels;
@@ -66,8 +72,10 @@ private:
WaitQueuePtr _waitQueue;
ClientSessionManagerIPtr _clientSessionManager;
Glacier2::PermissionsVerifierPrx _clientVerifier;
+ Glacier2::SSLPermissionsVerifierPrx _sslClientVerifier;
AdminSessionManagerIPtr _adminSessionManager;
Glacier2::PermissionsVerifierPrx _adminVerifier;
+ Glacier2::SSLPermissionsVerifierPrx _sslAdminVerifier;
IceStorm::ServicePtr _iceStorm;
};
diff --git a/cpp/src/IceGrid/ServerCache.cpp b/cpp/src/IceGrid/ServerCache.cpp
index 2e89fa9486d..d16441eedac 100644
--- a/cpp/src/IceGrid/ServerCache.cpp
+++ b/cpp/src/IceGrid/ServerCache.cpp
@@ -763,7 +763,7 @@ ServerEntry::allocated(const SessionIPtr& session)
if(traceLevels && traceLevels->server > 1)
{
Ice::Trace out(traceLevels->logger, traceLevels->serverCat);
- out << "server `" << _id << "' allocated by `" << session->getUserId() << "' (" << _count << ")";
+ out << "server `" << _id << "' allocated by `" << session->getId() << "' (" << _count << ")";
}
{
@@ -804,7 +804,7 @@ ServerEntry::released(const SessionIPtr& session)
if(traceLevels && traceLevels->server > 1)
{
Ice::Trace out(traceLevels->logger, traceLevels->serverCat);
- out << "server `" << _id << "' released by `" << session->getUserId() << "' (" << _count << ")";
+ out << "server `" << _id << "' released by `" << session->getId() << "' (" << _count << ")";
}
syncImpl(false); // We sync here to ensure the server will be shutdown.
diff --git a/cpp/src/IceGrid/SessionI.cpp b/cpp/src/IceGrid/SessionI.cpp
index 8babdb0c56a..b00854091d8 100644
--- a/cpp/src/IceGrid/SessionI.cpp
+++ b/cpp/src/IceGrid/SessionI.cpp
@@ -13,6 +13,8 @@
#include <IceGrid/LocatorI.h>
#include <IceGrid/Database.h>
+#include <IceSSL/Plugin.h>
+
using namespace std;
using namespace IceGrid;
@@ -60,11 +62,11 @@ newAllocateObject(const SessionIPtr& session, const IceUtil::Handle<T>& cb)
};
-BaseSessionI::BaseSessionI(const string& userId,
+BaseSessionI::BaseSessionI(const string& id,
const string& prefix,
const DatabasePtr& database,
int timeout) :
- _userId(userId),
+ _id(id),
_prefix(prefix),
_timeout(timeout),
_traceLevels(database->getTraceLevels()),
@@ -75,7 +77,7 @@ BaseSessionI::BaseSessionI(const string& userId,
if(_traceLevels && _traceLevels->session > 0)
{
Ice::Trace out(_traceLevels->logger, _traceLevels->sessionCat);
- out << _prefix << " session `" << _userId << "' created";
+ out << _prefix << " session `" << _id << "' created";
}
}
@@ -99,7 +101,7 @@ BaseSessionI::keepAlive(const Ice::Current& current)
if(_traceLevels->session > 1)
{
Ice::Trace out(_traceLevels->logger, _traceLevels->sessionCat);
- out << _prefix << " session `" << _userId << "' keep alive";
+ out << _prefix << " session `" << _id << "' keep alive";
}
}
@@ -135,7 +137,7 @@ BaseSessionI::destroy(const Ice::Current& current)
if(_traceLevels && _traceLevels->session > 0)
{
Ice::Trace out(_traceLevels->logger, _traceLevels->sessionCat);
- out << _prefix << " session `" << _userId << "' destroyed";
+ out << _prefix << " session `" << _id << "' destroyed";
}
}
@@ -146,12 +148,12 @@ BaseSessionI::timestamp() const
return _timestamp;
}
-SessionI::SessionI(const string& userId,
+SessionI::SessionI(const string& id,
const DatabasePtr& database,
int timeout,
const WaitQueuePtr& waitQueue,
const Glacier2::SessionControlPrx& sessionControl) :
- BaseSessionI(userId, "client", database, timeout),
+ BaseSessionI(id, "client", database, timeout),
_waitQueue(waitQueue),
_sessionControl(sessionControl),
_allocationTimeout(-1)
@@ -285,9 +287,6 @@ ClientSessionManagerI::ClientSessionManagerI(const DatabasePtr& database, int ti
Glacier2::SessionPrx
ClientSessionManagerI::create(const string& user, const Glacier2::SessionControlPrx& ctl, const Ice::Current& current)
{
- //
- // TODO: XXX: Update the Glacier2 allowable table to allow access to this object!
- //
return Glacier2::SessionPrx::uncheckedCast(current.adapter->addWithUUID(create(user, ctl)));
}
@@ -296,3 +295,19 @@ ClientSessionManagerI::create(const string& userId, const Glacier2::SessionContr
{
return new SessionI(userId, _database, _timeout, _waitQueue, ctl);
}
+
+ClientSSLSessionManagerI::ClientSSLSessionManagerI(const DatabasePtr& db, int timeout, const WaitQueuePtr& waitQueue) :
+ _database(db),
+ _timeout(timeout),
+ _waitQueue(waitQueue)
+{
+}
+
+Glacier2::SessionPrx
+ClientSSLSessionManagerI::create(const Glacier2::SSLInfo& info, const Glacier2::SessionControlPrx& ctl,
+ const Ice::Current& current)
+{
+ IceSSL::CertificatePtr cert = IceSSL::Certificate::decode(info.certs[0]);
+ SessionIPtr session = new SessionI(cert->getSubjectDN(), _database, _timeout, _waitQueue, ctl);
+ return Glacier2::SessionPrx::uncheckedCast(current.adapter->addWithUUID(session));
+}
diff --git a/cpp/src/IceGrid/SessionI.h b/cpp/src/IceGrid/SessionI.h
index db230e868ac..998f1f8e8ea 100644
--- a/cpp/src/IceGrid/SessionI.h
+++ b/cpp/src/IceGrid/SessionI.h
@@ -53,7 +53,7 @@ protected:
BaseSessionI(const std::string&, const std::string&, const DatabasePtr&, int);
- const std::string _userId;
+ const std::string _id;
const std::string _prefix;
const int _timeout;
const TraceLevelsPtr _traceLevels;
@@ -80,7 +80,7 @@ public:
int getAllocationTimeout() const;
const WaitQueuePtr& getWaitQueue() const { return _waitQueue; }
- const std::string& getUserId() const { return _userId; }
+ const std::string& getId() const { return _id; }
bool addAllocationRequest(const AllocationRequestPtr&);
void removeAllocationRequest(const AllocationRequestPtr&);
@@ -115,6 +115,23 @@ private:
};
typedef IceUtil::Handle<ClientSessionManagerI> ClientSessionManagerIPtr;
+class ClientSSLSessionManagerI : virtual public Glacier2::SSLSessionManager
+{
+public:
+
+ ClientSSLSessionManagerI(const DatabasePtr&, int, const WaitQueuePtr&);
+
+ virtual Glacier2::SessionPrx create(const Glacier2::SSLInfo&, const Glacier2::SessionControlPrx&,
+ const Ice::Current&);
+
+private:
+
+ const DatabasePtr _database;
+ const int _timeout;
+ const WaitQueuePtr _waitQueue;
+};
+typedef IceUtil::Handle<ClientSSLSessionManagerI> ClientSSLSessionManagerIPtr;
+
};
#endif
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-04 14:02:30 +0000