void echoConnection::setPeer( const net::RemoteEndpointR& remote ) { net::ConnectionEndpoint::ConnectionType type = remote->type(); switch ( type ) { case net::ConnectionEndpoint::UDP: LOG_FATAL << "UDP local connection type not implemented"; abort(); case net::ConnectionEndpoint::TCP: { const net::RemoteTCPendpoint* rmt = static_cast<const net::RemoteTCPendpoint*>( remote.get() ); LOG_TRACE << "Peer set to " << rmt->toString() << ", connected at " << rmt->connectionTime(); break; } #ifdef WITH_SSL case net::ConnectionEndpoint::SSL: { const net::RemoteSSLendpoint* rmt = static_cast<const net::RemoteSSLendpoint*>( remote.get() ); LOG_TRACE << "Peer set to " << rmt->toString() << ", connected at " << boost::posix_time::from_time_t( rmt->connectionTime()); if ( rmt->SSLcertInfo() ) { LOG_TRACE << "Peer SSL certificate serial number " << rmt->SSLcertInfo()->serialNumber() << ", issued by: " << rmt->SSLcertInfo()->issuer(); LOG_TRACE << "Peer SSL certificate valid from " << boost::posix_time::from_time_t( rmt->SSLcertInfo()->notBefore()) << " to " << boost::posix_time::from_time_t( rmt->SSLcertInfo()->notAfter()); LOG_TRACE << "Peer SSL certificate subject: " << rmt->SSLcertInfo()->subject(); LOG_TRACE << "Peer SSL certificate Common Name: " << rmt->SSLcertInfo()->commonName(); } break; } #else case net::ConnectionEndpoint::SSL: #endif // WITH_SSL default: LOG_FATAL << "Impossible remote connection type !"; abort(); } }
void wolframeConnection::setPeer( const net::RemoteEndpointR& remote ) { net::ConnectionEndpoint::ConnectionType type = remote->type(); switch ( type ) { case net::ConnectionEndpoint::UDP: LOG_FATAL << "UDP local connection type not implemented"; abort(); case net::ConnectionEndpoint::TCP: { m_remoteEP = remote; LOG_TRACE << "Peer set to " << m_remoteEP->toString() << ", connected at " << boost::posix_time::from_time_t( m_remoteEP->connectionTime()); break; } case net::ConnectionEndpoint::SSL: #ifdef WITH_SSL { m_remoteEP = remote; const net::RemoteSSLendpoint* rmt = dynamic_cast<const net::RemoteSSLendpoint*>( remote.get() ); LOG_TRACE << "Peer set to " << m_remoteEP->toString() << ", connected at " << boost::posix_time::from_time_t( m_remoteEP->connectionTime()); if ( rmt->SSLcertInfo() ) { LOG_TRACE << "Peer SSL certificate serial number " << rmt->SSLcertInfo()->serialNumber() << ", issued by: " << rmt->SSLcertInfo()->issuer(); LOG_TRACE << "Peer SSL certificate valid from " << boost::posix_time::from_time_t( rmt->SSLcertInfo()->notBefore()) << " to " << boost::posix_time::from_time_t( rmt->SSLcertInfo()->notAfter()); LOG_TRACE << "Peer SSL certificate subject: " << rmt->SSLcertInfo()->subject(); LOG_TRACE << "Peer SSL certificate Common Name: " << rmt->SSLcertInfo()->commonName(); } break; } #endif // WITH_SSL default: LOG_FATAL << "Impossible remote connection type !"; abort(); } // Propagate setPeer to the command handler m_protocolHandler->setPeer( m_remoteEP); // Check if the connection is allowed if (( m_authorization = m_globalCtx.aaaa().authorizer())) { if ( m_authorization->allowed( AAAA::ConnectInfo( *m_localEP, *m_remoteEP ))) { LOG_DEBUG << "Connection from " << m_remoteEP->toString() << " to " << m_localEP->toString() << " authorized"; m_execContext.setAuthorizer( m_authorization); if (!m_execContext.checkAuthorization( proc::ExecContext::CONNECT)) { LOG_DEBUG << "Connection from " << m_remoteEP->toString() << " to " << m_localEP->toString() << " not authorized (CONNECT)"; // close the connection m_state = FORBIDDEN; } } else { LOG_DEBUG << "Connection from " << m_remoteEP->toString() << " to " << m_localEP->toString() << " not authorized"; // close the connection m_state = FORBIDDEN; } } else { LOG_WARNING << "Authorization not available"; // abort(); } }