// send finished
void sendFinished(SSL& ssl, ConnectionEnd side, BufferOutput buffer)
{
if (ssl.GetError()) return;
Finished fin;
buildFinished(ssl, fin, side == client_end ? client : server);
mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer);
cipherFinished(ssl, fin, *out.get()); // hashes handshake
if (ssl.getSecurity().get_resuming()) {
if (side == server_end)
buildFinished(ssl, ssl.useHashes().use_verify(), client); // client
}
else {
if (!ssl.getSecurity().GetContext()->GetSessionCacheOff())
GetSessions().add(ssl); // store session
if (side == client_end)
buildFinished(ssl, ssl.useHashes().use_verify(), server); // server
}
ssl.useSecurity().use_connection().CleanMaster();
if (buffer == buffered)
ssl.addBuffer(out.release());
else
ssl.Send(out->get_buffer(), out->get_size());
}
void SSL_flush_sessions(SSL_CTX *ctx, long /* tm */)
{
if (ctx->GetSessionCacheOff())
return;
GetSessions().Flush();
}
SSL_SESSION* SSL_get_session(SSL* ssl)
{
if (ssl->getSecurity().GetContext()->GetSessionCacheOff())
return 0;
return GetSessions().lookup(
ssl->getSecurity().get_connection().sessionID_);
}
void
ReflectSessionFactory ::
BroadcastToAllSessions(const MessageRef & msgRef, void * userData)
{
TCHECKPOINT;
for (HashtableIterator<const String *, AbstractReflectSessionRef> iter(GetSessions()); iter.HasData(); iter++)
{
AbstractReflectSession * session = iter.GetValue()();
if (session) session->MessageReceivedFromFactory(*this, msgRef, userData);
}
}
void
AbstractReflectSession ::
BroadcastToAllSessions(const MessageRef & msgRef, void * userData, bool toSelf)
{
TCHECKPOINT;
for (HashtableIterator<const String *, AbstractReflectSessionRef> iter(GetSessions()); iter.HasData(); iter++)
{
AbstractReflectSession * session = iter.GetValue()();
if ((session)&&((toSelf)||(session != this))) session->MessageReceivedFromSession(*this, msgRef, userData);
}
}
AbstractReflectSessionRef FilterSessionFactory :: CreateSession(const String & clientHostIP, const IPAddressAndPort & iap)
{
TCHECKPOINT;
if (GetSessions().GetNumItems() >= _totalMaxSessions)
{
LogTime(MUSCLE_LOG_DEBUG, "Connection from [%s] refused (all " UINT32_FORMAT_SPEC " sessions slots are in use).\n", clientHostIP(), _totalMaxSessions);
return AbstractReflectSessionRef();
}
if (_maxSessionsPerHost != MUSCLE_NO_LIMIT)
{
uint32 count = 0;
for (HashtableIterator<const String *, AbstractReflectSessionRef> iter(GetSessions()); iter.HasData(); iter++)
{
if ((iter.GetValue()())&&(strcmp(iter.GetValue()()->GetHostName()(), clientHostIP()) == 0)&&(++count >= _maxSessionsPerHost))
{
LogTime(MUSCLE_LOG_DEBUG, "Connection from [%s] refused (host already has " UINT32_FORMAT_SPEC " sessions open).\n", clientHostIP(), _maxSessionsPerHost);
return AbstractReflectSessionRef();
}
}
}
AbstractReflectSessionRef ret;
if (GetSlave()())
{
// If we have any requires, then this IP must match at least one of them!
if (_requires.HasItems())
{
bool matched = false;
for (HashtableIterator<String, StringMatcherRef> iter(_requires); iter.HasData(); iter++)
{
if (iter.GetValue()()->Match(clientHostIP()))
{
matched = true;
break;
}
}
if (matched == false)
{
LogTime(MUSCLE_LOG_DEBUG, "Connection from [%s] does not match any require pattern, access denied.\n", clientHostIP());
return AbstractReflectSessionRef();
}
}
// This IP must *not* match any of our bans!
for (HashtableIterator<String, StringMatcherRef> iter(_bans); iter.HasData(); iter++)
{
if (iter.GetValue()()->Match(clientHostIP()))
{
LogTime(MUSCLE_LOG_DEBUG, "Connection from [%s] matches ban pattern [%s], access denied.\n", clientHostIP(), iter.GetKey()());
return AbstractReflectSessionRef();
}
}
// Okay, he passes. We'll let our slave create a session for him.
ret = GetSlave()()->CreateSession(clientHostIP, iap);
if (ret())
{
if (_inputPolicyRef()) ret()->SetInputPolicy(_inputPolicyRef);
if (_outputPolicyRef()) ret()->SetOutputPolicy(_outputPolicyRef);
}
}
return ret;
}
