diff options
author | Ossama Othman <ossama-othman@users.noreply.github.com> | 2000-10-02 20:40:27 +0000 |
---|---|---|
committer | Ossama Othman <ossama-othman@users.noreply.github.com> | 2000-10-02 20:40:27 +0000 |
commit | 21cc14704a297c5c56ab97eeca1aeefae4eb97df (patch) | |
tree | 1a8033a7f15572b80d9a87780eddb8db9401cb1a /TAO/orbsvcs/orbsvcs | |
parent | 3e705b7fa5e163f11fae990613472745cbf61147 (diff) | |
download | ATCD-21cc14704a297c5c56ab97eeca1aeefae4eb97df.tar.gz |
ChangeLogTag:Mon Oct 2 13:38:38 2000 Ossama Othman <ossama@uci.edu>
Diffstat (limited to 'TAO/orbsvcs/orbsvcs')
-rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.cpp | 58 |
1 files changed, 35 insertions, 23 deletions
diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.cpp index db94781f9d0..2128df67aa5 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.cpp @@ -52,33 +52,27 @@ TAO_SSLIOP_Acceptor::TAO_SSLIOP_Acceptor (void) concurrency_strategy_ (0), accept_strategy_ (0) { + // Clear all bits in the SSLIOP::SSL association option fields. this->ssl_component_.target_supports = 0; this->ssl_component_.target_requires = 0; - // @@ Verify that these initial settings are correct. - - // @@ Security::NoDelegation is part of the Security Service 1.7 - // spec. Enable bit below once the Security.pidl file is - // updated. - // SSLIOP requires these Security::AssociationOptions by default. ACE_SET_BITS (this->ssl_component_.target_requires, Security::Integrity | Security::Confidentiality | Security::DetectReplay | Security::DetectMisordering - /* | Security::NoDelegation */); + | Security::NoDelegation); // SSLIOP supports these Security::AssociationOptions by default. ACE_SET_BITS (this->ssl_component_.target_supports, - Security::NoProtection // @@ Yeah? - | Security::Integrity + Security::Integrity | Security::Confidentiality | Security::DetectReplay | Security::DetectMisordering - /* | Security::NoDelegation */); + | Security::NoDelegation); - // Initialize the default SSL port to zero. + // Initialize the default SSL port to zero (wild card port). this->ssl_component_.port = 0; } @@ -156,10 +150,20 @@ TAO_SSLIOP_Acceptor::create_mprofile (const TAO_ObjectKey &object_key, IOP::TaggedComponent component; component.tag = SSLIOP::TAG_SSL_SEC_TRANS; + // @@???? Check this code, only intended as guideline... TAO_OutputCDR cdr; cdr << TAO_OutputCDR::from_boolean (TAO_ENCAP_BYTE_ORDER); + + // @@ We need to create an SSLIOP::SSL component for the object + // we're creating an MProfile for. This will allow us to + // properly embed secure invocation policies in the generated + // IOR, i.e. secure invocation policies on a per-object + // basis, rather than on a per-endpoint basis. If no secure + // invocation policies have been set then we should use the + // below default SSLIOP::SSL component. cdr << this->ssl_component_; + // TAO extension, replace the contents of the octet sequence with // the CDR stream CORBA::ULong length = cdr.total_length (); @@ -194,13 +198,13 @@ TAO_SSLIOP_Acceptor::create_rt_mprofile (const TAO_ObjectKey &object_key, { pfile = mprofile.get_profile (i); if (pfile->tag () == TAO_TAG_IIOP_PROFILE) - { - ssliop_profile = ACE_dynamic_cast (TAO_SSLIOP_Profile *, - pfile); - if (ssliop_profile == 0) - return -1; - break; - } + { + ssliop_profile = ACE_dynamic_cast (TAO_SSLIOP_Profile *, + pfile); + if (ssliop_profile == 0) + return -1; + break; + } } // If <mprofile> doesn't contain SSLIOP_Profile, we need to create @@ -247,7 +251,17 @@ TAO_SSLIOP_Acceptor::create_rt_mprofile (const TAO_ObjectKey &object_key, // @@???? Check this code, only intended as guideline... TAO_OutputCDR cdr; cdr << TAO_OutputCDR::from_boolean (TAO_ENCAP_BYTE_ORDER); + + // @@ We need to create an SSLIOP::SSL component for the + // object we're creating an MProfile for. This will + // allow us to properly embed secure invocation policies + // in the generated IOR, i.e. secure invocation policies + // on a per-object basis, rather than on a per-endpoint + // basis. If no secure invocation policies have been set + // then we should use the below default SSLIOP::SSL + // component. cdr << this->ssl_component_; + // TAO extension, replace the contents of the octet sequence with // the CDR stream CORBA::ULong length = cdr.total_length (); @@ -453,10 +467,6 @@ TAO_SSLIOP_Acceptor::open_i (TAO_ORB_Core* orb_core, int TAO_SSLIOP_Acceptor::parse_options (const char *str) { - // Set the SSL port to the default value... - // @@ Do we really need to do this... - this->ssl_component_.port = 0; - if (str == 0) return 0; // No options to parse. Not a problem. @@ -493,7 +503,9 @@ TAO_SSLIOP_Acceptor::parse_options (const char *str) int end = -1; // @@ We should add options to set the security association options, - // or are those controlled by Policies? + // or are those controlled by Policies? + // @@ They are controlled by the SecureInvocation policies defined + // in the Security Service specification. for (CORBA::ULong j = 0; j < option_count; ++j) { begin += end + 1; |