예제 #1
0
void echoConnection::setPeer( const net::RemoteEndpointR& remote )
{
	net::ConnectionEndpoint::ConnectionType type = remote->type();

	switch ( type )	{
		case net::ConnectionEndpoint::UDP:
			LOG_FATAL << "UDP local connection type not implemented";
			abort();

		case net::ConnectionEndpoint::TCP:	{
			const net::RemoteTCPendpoint* rmt = static_cast<const net::RemoteTCPendpoint*>( remote.get() );
			LOG_TRACE << "Peer set to " << rmt->toString() << ", connected at " << rmt->connectionTime();
			break;
		}
#ifdef WITH_SSL
		case net::ConnectionEndpoint::SSL:	{
			const net::RemoteSSLendpoint* rmt = static_cast<const net::RemoteSSLendpoint*>( remote.get() );
			LOG_TRACE << "Peer set to " << rmt->toString() << ", connected at " << boost::posix_time::from_time_t( rmt->connectionTime());
			if ( rmt->SSLcertInfo() )	{
				LOG_TRACE << "Peer SSL certificate serial number " << rmt->SSLcertInfo()->serialNumber()
					  << ", issued by: " << rmt->SSLcertInfo()->issuer();
				LOG_TRACE << "Peer SSL certificate valid from " << boost::posix_time::from_time_t( rmt->SSLcertInfo()->notBefore())
					  << " to " <<  boost::posix_time::from_time_t( rmt->SSLcertInfo()->notAfter());
				LOG_TRACE << "Peer SSL certificate subject: " << rmt->SSLcertInfo()->subject();
				LOG_TRACE << "Peer SSL certificate Common Name: " << rmt->SSLcertInfo()->commonName();
			}
			break;
		}
#else
		case net::ConnectionEndpoint::SSL:
#endif // WITH_SSL
		default:
			LOG_FATAL << "Impossible remote connection type !";
			abort();
	}
}
예제 #2
0
void wolframeConnection::setPeer( const net::RemoteEndpointR& remote )
{
	net::ConnectionEndpoint::ConnectionType type = remote->type();

	switch ( type )	{
		case net::ConnectionEndpoint::UDP:
			LOG_FATAL << "UDP local connection type not implemented";
			abort();

		case net::ConnectionEndpoint::TCP:	{
			m_remoteEP = remote;
			LOG_TRACE << "Peer set to " << m_remoteEP->toString() << ", connected at "
				  << boost::posix_time::from_time_t( m_remoteEP->connectionTime());
			break;
		}

		case net::ConnectionEndpoint::SSL:
#ifdef WITH_SSL
		{
			m_remoteEP = remote;
			const net::RemoteSSLendpoint* rmt = dynamic_cast<const net::RemoteSSLendpoint*>( remote.get() );

			LOG_TRACE << "Peer set to " << m_remoteEP->toString() << ", connected at " << boost::posix_time::from_time_t( m_remoteEP->connectionTime());
			if ( rmt->SSLcertInfo() )	{
				LOG_TRACE << "Peer SSL certificate serial number " << rmt->SSLcertInfo()->serialNumber()
					  << ", issued by: " << rmt->SSLcertInfo()->issuer();
				LOG_TRACE << "Peer SSL certificate valid from " << boost::posix_time::from_time_t( rmt->SSLcertInfo()->notBefore())
					  << " to " <<  boost::posix_time::from_time_t( rmt->SSLcertInfo()->notAfter());
				LOG_TRACE << "Peer SSL certificate subject: " << rmt->SSLcertInfo()->subject();
				LOG_TRACE << "Peer SSL certificate Common Name: " << rmt->SSLcertInfo()->commonName();
			}
			break;
		}
#endif // WITH_SSL
		default:
			LOG_FATAL << "Impossible remote connection type !";
			abort();
	}
	// Propagate setPeer to the command handler
	m_protocolHandler->setPeer( m_remoteEP);

	// Check if the connection is allowed
	if (( m_authorization = m_globalCtx.aaaa().authorizer()))	{
		if ( m_authorization->allowed( AAAA::ConnectInfo( *m_localEP, *m_remoteEP )))	{
			LOG_DEBUG << "Connection from " << m_remoteEP->toString()
				  << " to " << m_localEP->toString() << " authorized";
			m_execContext.setAuthorizer( m_authorization);

			if (!m_execContext.checkAuthorization( proc::ExecContext::CONNECT))
			{
				LOG_DEBUG << "Connection from " << m_remoteEP->toString()
					  << " to " << m_localEP->toString() << " not authorized (CONNECT)";
				// close the connection
				m_state = FORBIDDEN;
			}
		}
		else	{
			LOG_DEBUG << "Connection from " << m_remoteEP->toString()
				  << " to " << m_localEP->toString() << " not authorized";
			// close the connection
			m_state = FORBIDDEN;
		}
	}
	else	{
		LOG_WARNING << "Authorization not available";
		//		abort();
	}
}