// send finished void sendFinished(SSL& ssl, ConnectionEnd side, BufferOutput buffer) { if (ssl.GetError()) return; Finished fin; buildFinished(ssl, fin, side == client_end ? client : server); mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer); cipherFinished(ssl, fin, *out.get()); // hashes handshake if (ssl.getSecurity().get_resuming()) { if (side == server_end) buildFinished(ssl, ssl.useHashes().use_verify(), client); // client } else { if (!ssl.getSecurity().GetContext()->GetSessionCacheOff()) GetSessions().add(ssl); // store session if (side == client_end) buildFinished(ssl, ssl.useHashes().use_verify(), server); // server } ssl.useSecurity().use_connection().CleanMaster(); if (buffer == buffered) ssl.addBuffer(out.release()); else ssl.Send(out->get_buffer(), out->get_size()); }
void SSL_flush_sessions(SSL_CTX *ctx, long /* tm */) { if (ctx->GetSessionCacheOff()) return; GetSessions().Flush(); }
SSL_SESSION* SSL_get_session(SSL* ssl) { if (ssl->getSecurity().GetContext()->GetSessionCacheOff()) return 0; return GetSessions().lookup( ssl->getSecurity().get_connection().sessionID_); }
void ReflectSessionFactory :: BroadcastToAllSessions(const MessageRef & msgRef, void * userData) { TCHECKPOINT; for (HashtableIterator<const String *, AbstractReflectSessionRef> iter(GetSessions()); iter.HasData(); iter++) { AbstractReflectSession * session = iter.GetValue()(); if (session) session->MessageReceivedFromFactory(*this, msgRef, userData); } }
void AbstractReflectSession :: BroadcastToAllSessions(const MessageRef & msgRef, void * userData, bool toSelf) { TCHECKPOINT; for (HashtableIterator<const String *, AbstractReflectSessionRef> iter(GetSessions()); iter.HasData(); iter++) { AbstractReflectSession * session = iter.GetValue()(); if ((session)&&((toSelf)||(session != this))) session->MessageReceivedFromSession(*this, msgRef, userData); } }
AbstractReflectSessionRef FilterSessionFactory :: CreateSession(const String & clientHostIP, const IPAddressAndPort & iap) { TCHECKPOINT; if (GetSessions().GetNumItems() >= _totalMaxSessions) { LogTime(MUSCLE_LOG_DEBUG, "Connection from [%s] refused (all " UINT32_FORMAT_SPEC " sessions slots are in use).\n", clientHostIP(), _totalMaxSessions); return AbstractReflectSessionRef(); } if (_maxSessionsPerHost != MUSCLE_NO_LIMIT) { uint32 count = 0; for (HashtableIterator<const String *, AbstractReflectSessionRef> iter(GetSessions()); iter.HasData(); iter++) { if ((iter.GetValue()())&&(strcmp(iter.GetValue()()->GetHostName()(), clientHostIP()) == 0)&&(++count >= _maxSessionsPerHost)) { LogTime(MUSCLE_LOG_DEBUG, "Connection from [%s] refused (host already has " UINT32_FORMAT_SPEC " sessions open).\n", clientHostIP(), _maxSessionsPerHost); return AbstractReflectSessionRef(); } } } AbstractReflectSessionRef ret; if (GetSlave()()) { // If we have any requires, then this IP must match at least one of them! if (_requires.HasItems()) { bool matched = false; for (HashtableIterator<String, StringMatcherRef> iter(_requires); iter.HasData(); iter++) { if (iter.GetValue()()->Match(clientHostIP())) { matched = true; break; } } if (matched == false) { LogTime(MUSCLE_LOG_DEBUG, "Connection from [%s] does not match any require pattern, access denied.\n", clientHostIP()); return AbstractReflectSessionRef(); } } // This IP must *not* match any of our bans! for (HashtableIterator<String, StringMatcherRef> iter(_bans); iter.HasData(); iter++) { if (iter.GetValue()()->Match(clientHostIP())) { LogTime(MUSCLE_LOG_DEBUG, "Connection from [%s] matches ban pattern [%s], access denied.\n", clientHostIP(), iter.GetKey()()); return AbstractReflectSessionRef(); } } // Okay, he passes. We'll let our slave create a session for him. ret = GetSlave()()->CreateSession(clientHostIP, iap); if (ret()) { if (_inputPolicyRef()) ret()->SetInputPolicy(_inputPolicyRef); if (_outputPolicyRef()) ret()->SetOutputPolicy(_outputPolicyRef); } } return ret; }