FreeBSD Bugzilla – Attachment 116986 Details for
Bug 159031
[PATCH] devel/Ice: Fix close socket and incorporate security patch for IceGrid
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Ice-3.4.2_1.patch
Ice-3.4.2_1.patch (text/plain), 30.37 KB, created by
Michael Gmelin
on 2011-07-19 15:30:11 UTC
(
hide
)
Description:
Ice-3.4.2_1.patch
Filename:
MIME Type:
Creator:
Michael Gmelin
Created:
2011-07-19 15:30:11 UTC
Size:
30.37 KB
patch
obsolete
>diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/Makefile /usr/ports/devel/ice/Makefile >--- /usr/ports/devel/ice.orig/Makefile 2011-06-28 15:43:59.000000000 +0200 >+++ /usr/ports/devel/ice/Makefile 2011-07-18 23:53:27.000000000 +0200 >@@ -7,6 +7,7 @@ > > PORTNAME= Ice > PORTVERSION= 3.4.2 >+PORTREVISION= 1 > CATEGORIES= devel > MASTER_SITES= http://download.zeroc.com/Ice/3.4/ > >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-config-PropertyNames.xml /usr/ports/devel/ice/files/patch-config-PropertyNames.xml >--- /usr/ports/devel/ice.orig/files/patch-config-PropertyNames.xml 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-config-PropertyNames.xml 2011-07-19 02:26:15.000000000 +0200 >@@ -0,0 +1,11 @@ >+--- config/PropertyNames.xml.orig Wed Jun 15 19:43:59 2011 >++++ config/PropertyNames.xml Tue Jul 12 15:32:00 2011 >+@@ -437,6 +437,8 @@ generated from the section label. >+ <property name="Registry.PermissionsVerifier" class="proxy" /> >+ <property name="Registry.ReplicaName" /> >+ <property name="Registry.ReplicaSessionTimeout" /> >++ <property name="Registry.RequireNodeCertCN" /> >++ <property name="Registry.RequireReplicaCertCN" /> >+ <property name="Registry.Server" class="objectadapter" /> >+ <property name="Registry.SessionFilters" /> >+ <property name="Registry.SessionManager" class="objectadapter" /> >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-cpp-demo-IceGrid-secure-README /usr/ports/devel/ice/files/patch-cpp-demo-IceGrid-secure-README >--- /usr/ports/devel/ice.orig/files/patch-cpp-demo-IceGrid-secure-README 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-cpp-demo-IceGrid-secure-README 2011-07-18 23:48:42.000000000 +0200 >@@ -0,0 +1,14 @@ >+--- cpp/demo/IceGrid/secure/README.orig Wed Jun 15 19:44:00 2011 >++++ cpp/demo/IceGrid/secure/README Tue Jul 12 15:32:00 2011 >+@@ -31,9 +31,10 @@ so you might as well use a certificate without a password and rely on >+ the filesystem permissions to restrict access to the certificate. >+ >+ Once the certificates are generated, you can start the IceGrid >+-registry, node, and Glacier2 router: >++registries, node, and Glacier2 router: >+ >+-$ icegridregistry --Ice.Config=config.registry >++$ icegridregistry --Ice.Config=config.master >++$ icegridregistry --Ice.Config=config.slave >+ $ icegridnode --Ice.Config=config.node >+ $ glacier2router --Ice.Config=config.glacier2 >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-cpp-demo-IceGrid-secure-application.xml /usr/ports/devel/ice/files/patch-cpp-demo-IceGrid-secure-application.xml >--- /usr/ports/devel/ice.orig/files/patch-cpp-demo-IceGrid-secure-application.xml 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-cpp-demo-IceGrid-secure-application.xml 2011-07-18 23:48:37.000000000 +0200 >@@ -0,0 +1,14 @@ >+--- cpp/demo/IceGrid/secure/application.xml.orig Wed Jun 15 19:43:58 2011 >++++ cpp/demo/IceGrid/secure/application.xml Tue Jul 12 15:32:00 2011 >+@@ -20,8 +20,9 @@ >+ <property name="IceSSL.DefaultDir" value="certs"/> >+ >+ <property name="Ice.Admin.Endpoints" value="ssl -h 127.0.0.1"/> >+- <property name="IceSSL.TrustOnly.Client" value="CN=IceGrid Registry"/> >+- <property name="IceSSL.TrustOnly.Server.Ice.Admin" value="CN=IceGrid Node"/> >++ <property name="IceSSL.TrustOnly.Client" value="CN=Master;CN=Slave"/> >++ <property name="IceSSL.TrustOnly.Client" value="CN=Master;CN=Slave"/> >++ <property name="IceSSL.TrustOnly.Server.Ice.Admin" value="CN=Node"/> >+ </properties> >+ >+ <node name="Node"> >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-cpp-demo-IceGrid-secure-config.admin /usr/ports/devel/ice/files/patch-cpp-demo-IceGrid-secure-config.admin >--- /usr/ports/devel/ice.orig/files/patch-cpp-demo-IceGrid-secure-config.admin 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-cpp-demo-IceGrid-secure-config.admin 2011-07-18 23:48:41.000000000 +0200 >@@ -0,0 +1,11 @@ >+--- cpp/demo/IceGrid/secure/config.admin.orig Wed Jun 15 19:43:58 2011 >++++ cpp/demo/IceGrid/secure/config.admin Tue Jul 12 15:32:00 2011 >+@@ -14,7 +14,7 @@ IceGridAdmin.Password=dummy >+ # SSL Configuration >+ # >+ IceSSL.DefaultDir=certs >+-IceSSL.TrustOnly.Client=CN="IceGrid Registry";CN="Glacier2" >++IceSSL.TrustOnly.Client=CN="Master";CN="Slave";CN="Glacier2" >+ >+ # C++ configuration >+ Ice.Plugin.IceSSL.cpp=IceSSL:createIceSSL >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-cpp-demo-IceGrid-secure-config.client /usr/ports/devel/ice/files/patch-cpp-demo-IceGrid-secure-config.client >--- /usr/ports/devel/ice.orig/files/patch-cpp-demo-IceGrid-secure-config.client 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-cpp-demo-IceGrid-secure-config.client 2011-07-18 23:48:37.000000000 +0200 >@@ -0,0 +1,11 @@ >+--- cpp/demo/IceGrid/secure/config.client.orig Wed Jun 15 19:43:59 2011 >++++ cpp/demo/IceGrid/secure/config.client Tue Jul 12 15:32:00 2011 >+@@ -1,7 +1,7 @@ >+ # >+ # The IceGrid locator proxy. >+ # >+-Ice.Default.Locator=DemoIceGrid/Locator:tcp -p 4061 >++Ice.Default.Locator=DemoIceGrid/Locator:tcp -p 4061:tcp -p 14061 >+ >+ # >+ # Trace properties. >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-cpp-demo-IceGrid-secure-config.master /usr/ports/devel/ice/files/patch-cpp-demo-IceGrid-secure-config.master >--- /usr/ports/devel/ice.orig/files/patch-cpp-demo-IceGrid-secure-config.master 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-cpp-demo-IceGrid-secure-config.master 2011-07-18 23:47:56.000000000 +0200 >@@ -0,0 +1,64 @@ >+--- /dev/null >++++ cpp/demo/IceGrid/secure/config.master Tue Jul 12 15:32:00 2011 >+@@ -0,0 +1,61 @@ >++# >++# The IceGrid instance name. >++# >++IceGrid.InstanceName=DemoIceGrid >++ >++# >++# IceGrid registry configuration. >++# >++IceGrid.Registry.Client.Endpoints=tcp -p 4061 -t 10000:ssl -p 4062 -t 10000 >++IceGrid.Registry.Server.Endpoints=ssl -t 10000 >++IceGrid.Registry.Internal.Endpoints=ssl -t 10000 >++IceGrid.Registry.Data=db/master >++ >++# >++# Ensure that nodes and slaves connecting to this registry have a name >++# matching the certificate CN. >++# >++IceGrid.Registry.RequireNodeCertCN=1 >++IceGrid.Registry.RequireReplicaCertCN=1 >++ >++# >++# IceGrid admin clients must use a secure connection to connect to the >++# registry or use Glacier2. >++# >++IceGrid.Registry.AdminSessionManager.Endpoints=ssl -t 10000 >++IceGrid.Registry.AdminPermissionsVerifier=DemoIceGrid/NullPermissionsVerifier >++ >++# >++# IceGrid SQL configuration if using SQL database. >++# >++#Ice.Plugin.DB=IceGridSqlDB:createSqlDB >++#IceGrid.SQL.DatabaseType=QSQLITE >++#IceGrid.SQL.DatabaseName=db/master/Registry.db >++ >++# >++# Trace properties. >++# >++Ice.ProgramName=Master >++IceGrid.Registry.Trace.Node=2 >++IceGrid.Registry.Trace.Replica=2 >++ >++# >++# SSL Configuration >++# >++Ice.Plugin.IceSSL=IceSSL:createIceSSL >++IceSSL.DefaultDir=certs >++IceSSL.CertAuthFile=ca_cert.pem >++IceSSL.CertFile=master_cert.pem >++IceSSL.KeyFile=master_key.pem >++ >++# >++# Don't require certificates. This is useful for admin clients that don't >++# use certificate but still need to establish a secure connection for the >++# username/password authentication >++# >++IceSSL.VerifyPeer=1 >++ >++IceSSL.TrustOnly.Client=CN="Master";CN="Slave";CN="Node";CN="Glacier2" >++IceSSL.TrustOnly.Server.IceGrid.Registry.Server=CN="Server" >++IceSSL.TrustOnly.Server.IceGrid.Registry.Internal=CN="Node";CN="Master";CN="Slave" >++IceSSL.TrustOnly.Server.IceGrid.Registry.AdminSessionManager=CN="Glacier2" >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-cpp-demo-IceGrid-secure-config.node /usr/ports/devel/ice/files/patch-cpp-demo-IceGrid-secure-config.node >--- /usr/ports/devel/ice.orig/files/patch-cpp-demo-IceGrid-secure-config.node 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-cpp-demo-IceGrid-secure-config.node 2011-07-18 23:48:37.000000000 +0200 >@@ -0,0 +1,19 @@ >+--- cpp/demo/IceGrid/secure/config.node.orig Wed Jun 15 19:43:58 2011 >++++ cpp/demo/IceGrid/secure/config.node Tue Jul 12 15:32:00 2011 >+@@ -1,7 +1,7 @@ >+ # >+ # The IceGrid locator proxy. >+ # >+-Ice.Default.Locator=DemoIceGrid/Locator:ssl -p 4062 -t 10000 >++Ice.Default.Locator=DemoIceGrid/Locator:ssl -p 4062 -t 10000:ssl -p 14062 -t 10000 >+ >+ # >+ # IceGrid node configuration. >+@@ -26,5 +26,5 @@ IceSSL.CertAuthFile=ca_cert.pem >+ IceSSL.CertFile=node_cert.pem >+ IceSSL.KeyFile=node_key.pem >+ >+-IceSSL.TrustOnly.Client=CN="Server";CN="IceGrid Registry" >+-IceSSL.TrustOnly.Server=CN="IceGrid Registry" >++IceSSL.TrustOnly.Client=CN="Server";CN="Master";CN="Slave" >++IceSSL.TrustOnly.Server=CN="Master";CN="Slave" >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-cpp-demo-IceGrid-secure-config.registry /usr/ports/devel/ice/files/patch-cpp-demo-IceGrid-secure-config.registry >--- /usr/ports/devel/ice.orig/files/patch-cpp-demo-IceGrid-secure-config.registry 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-cpp-demo-IceGrid-secure-config.registry 2011-07-18 23:48:40.000000000 +0200 >@@ -0,0 +1,57 @@ >+--- cpp/demo/IceGrid/secure/config.registry Wed Jun 15 19:43:58 2011 >++++ /dev/null >+@@ -1,54 +0,0 @@ >+-# >+-# The IceGrid instance name. >+-# >+-IceGrid.InstanceName=DemoIceGrid >+- >+-# >+-# IceGrid registry configuration. >+-# >+-IceGrid.Registry.Client.Endpoints=tcp -p 4061 -t 10000:ssl -p 4062 -t 10000 >+-IceGrid.Registry.Server.Endpoints=ssl -t 10000 >+-IceGrid.Registry.Internal.Endpoints=ssl -t 10000 >+-IceGrid.Registry.Data=db/registry >+- >+-# >+-# IceGrid admin clients must use a secure connection to connect to the >+-# registry or use Glacier2. >+-# >+-IceGrid.Registry.AdminSessionManager.Endpoints=ssl -t 10000 >+-IceGrid.Registry.AdminPermissionsVerifier=DemoIceGrid/NullPermissionsVerifier >+- >+-# >+-# IceGrid SQL configuration if using SQL database. >+-# >+-#Ice.Plugin.DB=IceGridSqlDB:createSqlDB >+-#IceGrid.SQL.DatabaseType=QSQLITE >+-#IceGrid.SQL.DatabaseName=db/registry/Registry.db >+- >+-# >+-# Trace properties. >+-# >+-Ice.ProgramName=Registry >+-IceGrid.Registry.Trace.Node=2 >+-IceGrid.Registry.Trace.Replica=2 >+- >+-# >+-# SSL Configuration >+-# >+-Ice.Plugin.IceSSL=IceSSL:createIceSSL >+-IceSSL.DefaultDir=certs >+-IceSSL.CertAuthFile=ca_cert.pem >+-IceSSL.CertFile=registry_cert.pem >+-IceSSL.KeyFile=registry_key.pem >+- >+-# >+-# Don't require certificates. This is useful for admin clients that don't >+-# use certificate but still need to establish a secure connection for the >+-# username/password authentication >+-# >+-IceSSL.VerifyPeer=1 >+- >+-IceSSL.TrustOnly.Client=CN="IceGrid Registry";CN="IceGrid Node";CN="Glacier2" >+-IceSSL.TrustOnly.Server.IceGrid.Registry.Server=CN="Server" >+-IceSSL.TrustOnly.Server.IceGrid.Registry.Internal=CN="IceGrid Node";CN="IceGrid Registry" >+-IceSSL.TrustOnly.Server.IceGrid.Registry.AdminSessionManager=CN="Glacier2" >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-cpp-demo-IceGrid-secure-config.slave /usr/ports/devel/ice/files/patch-cpp-demo-IceGrid-secure-config.slave >--- /usr/ports/devel/ice.orig/files/patch-cpp-demo-IceGrid-secure-config.slave 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-cpp-demo-IceGrid-secure-config.slave 2011-07-18 23:47:58.000000000 +0200 >@@ -0,0 +1,69 @@ >+--- /dev/null >++++ cpp/demo/IceGrid/secure/config.slave Tue Jul 12 15:32:00 2011 >+@@ -0,0 +1,66 @@ >++# >++# The IceGrid locator proxy. >++# >++Ice.Default.Locator=DemoIceGrid/Locator:ssl -p 4062 -t 10000 >++ >++# >++# The IceGrid instance name. >++# >++IceGrid.InstanceName=DemoIceGrid >++ >++# >++# IceGrid registry configuration. >++# >++IceGrid.Registry.Client.Endpoints=tcp -p 14061 -t 10000:ssl -p 14062 -t 10000 >++IceGrid.Registry.Server.Endpoints=ssl -t 10000 >++IceGrid.Registry.Internal.Endpoints=ssl -t 10000 >++IceGrid.Registry.Data=db/slave >++IceGrid.Registry.ReplicaName=Slave >++ >++# >++# Ensure that nodes connecting to this registry have a name matching >++# the certificate CN. >++# >++IceGrid.Registry.RequireNodeCertCN=1 >++ >++# >++# IceGrid admin clients must use a secure connection to connect to the >++# registry or use Glacier2. >++# >++IceGrid.Registry.AdminSessionManager.Endpoints=ssl -t 10000 >++IceGrid.Registry.AdminPermissionsVerifier=DemoIceGrid/NullPermissionsVerifier >++ >++# >++# IceGrid SQL configuration if using SQL database. >++# >++#Ice.Plugin.DB=IceGridSqlDB:createSqlDB >++#IceGrid.SQL.DatabaseType=QSQLITE >++#IceGrid.SQL.DatabaseName=db/slave/Registry.db >++ >++# >++# Trace properties. >++# >++Ice.ProgramName=Slave >++IceGrid.Registry.Trace.Node=2 >++IceGrid.Registry.Trace.Replica=2 >++ >++# >++# SSL Configuration >++# >++Ice.Plugin.IceSSL=IceSSL:createIceSSL >++IceSSL.DefaultDir=certs >++IceSSL.CertAuthFile=ca_cert.pem >++IceSSL.CertFile=slave_cert.pem >++IceSSL.KeyFile=slave_key.pem >++ >++# >++# Don't require certificates. This is useful for admin clients that don't >++# use certificate but still need to establish a secure connection for the >++# username/password authentication >++# >++IceSSL.VerifyPeer=1 >++ >++IceSSL.TrustOnly.Client=CN="Master";CN="Slave";CN="Node";CN="Glacier2" >++IceSSL.TrustOnly.Server.IceGrid.Registry.Server=CN="Server" >++IceSSL.TrustOnly.Server.IceGrid.Registry.Internal=CN="Node";CN="Master";CN="Slave" >++IceSSL.TrustOnly.Server.IceGrid.Registry.AdminSessionManager=CN="Glacier2" >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-cpp-demo-IceGrid-secure-makecerts.py /usr/ports/devel/ice/files/patch-cpp-demo-IceGrid-secure-makecerts.py >--- /usr/ports/devel/ice.orig/files/patch-cpp-demo-IceGrid-secure-makecerts.py 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-cpp-demo-IceGrid-secure-makecerts.py 2011-07-18 23:48:40.000000000 +0200 >@@ -0,0 +1,13 @@ >+--- cpp/demo/IceGrid/secure/makecerts.py.orig Wed Jun 15 19:43:58 2011 >++++ cpp/demo/IceGrid/secure/makecerts.py Tue Jul 12 15:32:00 2011 >+@@ -44,8 +44,9 @@ runIceca("init --overwrite --no-password") >+ print >+ print >+ >+-createCertificate("registry", "IceGrid Registry") >+-createCertificate("node", "IceGrid Node") >++createCertificate("master", "Master") >++createCertificate("slave", "Slave") >++createCertificate("node", "Node") >+ createCertificate("glacier2", "Glacier2") >+ createCertificate("server", "Server") >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-cpp-src-Ice-Network.cpp /usr/ports/devel/ice/files/patch-cpp-src-Ice-Network.cpp >--- /usr/ports/devel/ice.orig/files/patch-cpp-src-Ice-Network.cpp 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-cpp-src-Ice-Network.cpp 2011-07-18 23:48:36.000000000 +0200 >@@ -0,0 +1,15 @@ >+--- cpp/src/Ice/Network.cpp.orig Wed Jun 15 19:43:59 2011 >++++ cpp/src/Ice/Network.cpp Fri 15 23:40:26 2011 >+@@ -715,7 +715,11 @@ >+ WSASetLastError(error); >+ #else >+ int error = errno; >+- if(close(fd) == SOCKET_ERROR) >++ if(close(fd) == SOCKET_ERROR >++# if defined(__FreeBSD__) >++ && getSocketErrno() != ECONNRESET >++# endif >++ ) >+ { >+ SocketException ex(__FILE__, __LINE__); >+ ex.error = getSocketErrno(); >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-cpp-src-Ice-PropertyNames.cpp /usr/ports/devel/ice/files/patch-cpp-src-Ice-PropertyNames.cpp >--- /usr/ports/devel/ice.orig/files/patch-cpp-src-Ice-PropertyNames.cpp 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-cpp-src-Ice-PropertyNames.cpp 2011-07-18 23:48:39.000000000 +0200 >@@ -0,0 +1,20 @@ >+--- cpp/src/Ice/PropertyNames.cpp.orig Wed Jun 15 19:43:59 2011 >++++ cpp/src/Ice/PropertyNames.cpp Tue Jul 12 15:32:00 2011 >+@@ -8,7 +8,7 @@ >+ // ********************************************************************** >+ >+ // >+-// Generated by makeprops.py from file ..\config\PropertyNames.xml, Mon May 09 07:39:43 2011 >++// Generated by makeprops.py from file ../config/PropertyNames.xml, Tue Jul 12 07:22:34 2011 >+ >+ // IMPORTANT: Do not edit this file -- any edits made here will be lost! >+ >+@@ -335,6 +335,8 @@ const IceInternal::Property IceGridPropsData[] = >+ IceInternal::Property("IceGrid.Registry.PermissionsVerifier", false, 0), >+ IceInternal::Property("IceGrid.Registry.ReplicaName", false, 0), >+ IceInternal::Property("IceGrid.Registry.ReplicaSessionTimeout", false, 0), >++ IceInternal::Property("IceGrid.Registry.RequireNodeCertCN", false, 0), >++ IceInternal::Property("IceGrid.Registry.RequireReplicaCertCN", false, 0), >+ IceInternal::Property("IceGrid.Registry.Server.ACM", false, 0), >+ IceInternal::Property("IceGrid.Registry.Server.AdapterId", false, 0), >+ IceInternal::Property("IceGrid.Registry.Server.Endpoints", false, 0), >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-cpp-src-Ice-PropertyNames.h /usr/ports/devel/ice/files/patch-cpp-src-Ice-PropertyNames.h >--- /usr/ports/devel/ice.orig/files/patch-cpp-src-Ice-PropertyNames.h 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-cpp-src-Ice-PropertyNames.h 2011-07-18 23:48:36.000000000 +0200 >@@ -0,0 +1,10 @@ >+--- cpp/src/Ice/PropertyNames.h.orig Wed Jun 15 19:43:59 2011 >++++ cpp/src/Ice/PropertyNames.h Tue Jul 12 15:32:00 2011 >+@@ -8,7 +8,7 @@ >+ // ********************************************************************** >+ >+ // >+-// Generated by makeprops.py from file ..\config\PropertyNames.xml, Mon May 09 07:39:43 2011 >++// Generated by makeprops.py from file ../config/PropertyNames.xml, Tue Jul 12 07:22:34 2011 >+ >+ // IMPORTANT: Do not edit this file -- any edits made here will be lost! >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-cpp-src-IceGrid-Internal.ice /usr/ports/devel/ice/files/patch-cpp-src-IceGrid-Internal.ice >--- /usr/ports/devel/ice.orig/files/patch-cpp-src-IceGrid-Internal.ice 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-cpp-src-IceGrid-Internal.ice 2011-07-18 23:48:39.000000000 +0200 >@@ -0,0 +1,20 @@ >+--- cpp/src/IceGrid/Internal.ice.orig Wed Jun 15 19:43:59 2011 >++++ cpp/src/IceGrid/Internal.ice Tue Jul 12 15:32:00 2011 >+@@ -702,7 +702,7 @@ interface InternalRegistry extends FileReader >+ * >+ **/ >+ NodeSession* registerNode(InternalNodeInfo info, Node* prx, LoadInfo loadInf) >+- throws NodeActiveException; >++ throws NodeActiveException, PermissionDeniedException; >+ >+ /** >+ * >+@@ -721,7 +721,7 @@ interface InternalRegistry extends FileReader >+ * >+ **/ >+ ReplicaSession* registerReplica(InternalReplicaInfo info, InternalRegistry* prx) >+- throws ReplicaActiveException; >++ throws ReplicaActiveException, PermissionDeniedException; >+ >+ /** >+ * >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-cpp-src-IceGrid-InternalRegistryI.cpp /usr/ports/devel/ice/files/patch-cpp-src-IceGrid-InternalRegistryI.cpp >--- /usr/ports/devel/ice.orig/files/patch-cpp-src-IceGrid-InternalRegistryI.cpp 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-cpp-src-IceGrid-InternalRegistryI.cpp 2011-07-18 23:48:35.000000000 +0200 >@@ -0,0 +1,136 @@ >+--- cpp/src/IceGrid/InternalRegistryI.cpp.orig Wed Jun 15 19:43:59 2011 >++++ cpp/src/IceGrid/InternalRegistryI.cpp Tue Jul 12 15:32:00 2011 >+@@ -19,6 +19,8 @@ >+ #include <IceGrid/ReplicaSessionI.h> >+ #include <IceGrid/ReplicaSessionManager.h> >+ #include <IceGrid/FileCache.h> >++#include <IceSSL/IceSSL.h> >++#include <IceSSL/RFC2253.h> >+ >+ using namespace std; >+ using namespace IceGrid; >+@@ -38,6 +40,8 @@ InternalRegistryI::InternalRegistryI(const RegistryIPtr& registry, >+ Ice::PropertiesPtr properties = database->getCommunicator()->getProperties(); >+ _nodeSessionTimeout = properties->getPropertyAsIntWithDefault("IceGrid.Registry.NodeSessionTimeout", 30); >+ _replicaSessionTimeout = properties->getPropertyAsIntWithDefault("IceGrid.Registry.ReplicaSessionTimeout", 30); >++ _requireNodeCertCN = properties->getPropertyAsIntWithDefault("IceGrid.Registry.RequireNodeCertCN", 0); >++ _requireReplicaCertCN = properties->getPropertyAsIntWithDefault("IceGrid.Registry.RequireNodeCertCN", 0); >+ } >+ >+ InternalRegistryI::~InternalRegistryI() >+@@ -50,7 +54,56 @@ InternalRegistryI::registerNode(const InternalNodeInfoPtr& info, >+ const LoadInfo& load, >+ const Ice::Current& current) >+ { >+- const Ice::LoggerPtr logger = _database->getTraceLevels()->logger; >++ const TraceLevelsPtr traceLevels = _database->getTraceLevels(); >++ const Ice::LoggerPtr logger = traceLevels->logger; >++ if(!info || !node) >++ { >++ return 0; >++ } >++ >++ if(_requireNodeCertCN) >++ { >++ try >++ { >++ IceSSL::ConnectionInfoPtr sslConnInfo = IceSSL::ConnectionInfoPtr::dynamicCast(current.con->getInfo()); >++ if(sslConnInfo) >++ { >++ if (sslConnInfo->certs.empty() || >++ !IceSSL::Certificate::decode(sslConnInfo->certs[0])->getSubjectDN().match("CN=" + info->name)) >++ { >++ if(traceLevels->node > 0) >++ { >++ Ice::Trace out(logger, traceLevels->nodeCat); >++ out << "certificate CN doesn't match node name `" << info->name << "'"; >++ } >++ throw PermissionDeniedException("certificate CN doesn't match node name `" + info->name + "'"); >++ } >++ } >++ else >++ { >++ if(traceLevels->node > 0) >++ { >++ Ice::Trace out(logger, traceLevels->nodeCat); >++ out << "node certificate for `" << info->name << "' is required to connect to this registry"; >++ } >++ throw PermissionDeniedException("node certificate is required to connect to this registry"); >++ } >++ } >++ catch(const PermissionDeniedException& ex) >++ { >++ throw ex; >++ } >++ catch(const IceUtil::Exception&) >++ { >++ if(traceLevels->node > 0) >++ { >++ Ice::Trace out(logger, traceLevels->nodeCat); >++ out << "unexpected exception while verifying certificate for node `" << info->name << "'"; >++ } >++ throw PermissionDeniedException("unable to verify certificate for node `" + info->name + "'"); >++ } >++ } >++ >+ try >+ { >+ NodeSessionIPtr session = new NodeSessionI(_database, node, info, _nodeSessionTimeout, load); >+@@ -68,7 +121,56 @@ InternalRegistryI::registerReplica(const InternalReplicaInfoPtr& info, >+ const InternalRegistryPrx& prx, >+ const Ice::Current& current) >+ { >+- const Ice::LoggerPtr logger = _database->getTraceLevels()->logger; >++ const TraceLevelsPtr traceLevels = _database->getTraceLevels(); >++ const Ice::LoggerPtr logger = traceLevels->logger; >++ if(!info || !prx) >++ { >++ return 0; >++ } >++ >++ if(_requireReplicaCertCN) >++ { >++ try >++ { >++ IceSSL::ConnectionInfoPtr sslConnInfo = IceSSL::ConnectionInfoPtr::dynamicCast(current.con->getInfo()); >++ if(sslConnInfo) >++ { >++ if (sslConnInfo->certs.empty() || >++ !IceSSL::Certificate::decode(sslConnInfo->certs[0])->getSubjectDN().match("CN=" + info->name)) >++ { >++ if(traceLevels->replica > 0) >++ { >++ Ice::Trace out(logger, traceLevels->replicaCat); >++ out << "certificate CN doesn't match replica name `" << info->name << "'"; >++ } >++ throw PermissionDeniedException("certificate CN doesn't match replica name `" + info->name + "'"); >++ } >++ } >++ else >++ { >++ if(traceLevels->replica > 0) >++ { >++ Ice::Trace out(logger, traceLevels->replicaCat); >++ out << "replica certificate for `" << info->name << "' is required to connect to this registry"; >++ } >++ throw PermissionDeniedException("replica certificate is required to connect to this registry"); >++ } >++ } >++ catch(const PermissionDeniedException& ex) >++ { >++ throw ex; >++ } >++ catch(const IceUtil::Exception&) >++ { >++ if(traceLevels->replica > 0) >++ { >++ Ice::Trace out(logger, traceLevels->replicaCat); >++ out << "unexpected exception while verifying certificate for replica `" << info->name << "'"; >++ } >++ throw PermissionDeniedException("unable to verify certificate for replica `" + info->name + "'"); >++ } >++ } >++ >+ try >+ { >+ ReplicaSessionIPtr s = new ReplicaSessionI(_database, _wellKnownObjects, info, prx, _replicaSessionTimeout); >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-cpp-src-IceGrid-InternalRegistryI.h /usr/ports/devel/ice/files/patch-cpp-src-IceGrid-InternalRegistryI.h >--- /usr/ports/devel/ice.orig/files/patch-cpp-src-IceGrid-InternalRegistryI.h 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-cpp-src-IceGrid-InternalRegistryI.h 2011-07-18 23:48:38.000000000 +0200 >@@ -0,0 +1,11 @@ >+--- cpp/src/IceGrid/InternalRegistryI.h.orig Wed Jun 15 19:43:59 2011 >++++ cpp/src/IceGrid/InternalRegistryI.h Tue Jul 12 15:32:00 2011 >+@@ -68,6 +68,8 @@ private: >+ ReplicaSessionManager& _session; >+ int _nodeSessionTimeout; >+ int _replicaSessionTimeout; >++ bool _requireNodeCertCN; >++ bool _requireReplicaCertCN; >+ }; >+ >+ }; >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-cpp-src-IceGrid-NodeSessionManager.cpp /usr/ports/devel/ice/files/patch-cpp-src-IceGrid-NodeSessionManager.cpp >--- /usr/ports/devel/ice.orig/files/patch-cpp-src-IceGrid-NodeSessionManager.cpp 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-cpp-src-IceGrid-NodeSessionManager.cpp 2011-07-18 23:48:43.000000000 +0200 >@@ -0,0 +1,17 @@ >+--- cpp/src/IceGrid/NodeSessionManager.cpp.orig Wed Jun 15 19:43:59 2011 >++++ cpp/src/IceGrid/NodeSessionManager.cpp Tue Jul 12 15:32:00 2011 >+@@ -110,6 +110,14 @@ NodeSessionKeepAliveThread::createSession(InternalRegistryPrx& registry, IceUtil >+ } >+ exception.reset(ex.ice_clone()); >+ } >++ catch(const PermissionDeniedException& ex) >++ { >++ if(traceLevels) >++ { >++ traceLevels->logger->error("connection to the the registry `" + _name + "' was denied:\n" + ex.reason); >++ } >++ exception.reset(ex.ice_clone()); >++ } >+ catch(const Ice::Exception& ex) >+ { >+ exception.reset(ex.ice_clone()); >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-cpp-src-IceGrid-ReplicaSessionManager.cpp /usr/ports/devel/ice/files/patch-cpp-src-IceGrid-ReplicaSessionManager.cpp >--- /usr/ports/devel/ice.orig/files/patch-cpp-src-IceGrid-ReplicaSessionManager.cpp 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-cpp-src-IceGrid-ReplicaSessionManager.cpp 2011-07-18 23:48:38.000000000 +0200 >@@ -0,0 +1,17 @@ >+--- cpp/src/IceGrid/ReplicaSessionManager.cpp.orig Wed Jun 15 19:43:59 2011 >++++ cpp/src/IceGrid/ReplicaSessionManager.cpp Tue Jul 12 15:32:00 2011 >+@@ -500,6 +500,14 @@ ReplicaSessionManager::createSession(InternalRegistryPrx& registry, IceUtil::Tim >+ } >+ exception.reset(ex.ice_clone()); >+ } >++ catch(const PermissionDeniedException& ex) >++ { >++ if(_traceLevels) >++ { >++ _traceLevels->logger->error("connection to the the registry `" + _name + "' was denied:\n" + ex.reason); >++ } >++ exception.reset(ex.ice_clone()); >++ } >+ catch(const Ice::Exception& ex) >+ { >+ exception.reset(ex.ice_clone()); >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-cs-src-Ice-PropertyNames.cs /usr/ports/devel/ice/files/patch-cs-src-Ice-PropertyNames.cs >--- /usr/ports/devel/ice.orig/files/patch-cs-src-Ice-PropertyNames.cs 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-cs-src-Ice-PropertyNames.cs 2011-07-19 02:26:15.000000000 +0200 >@@ -0,0 +1,20 @@ >+--- cs/src/Ice/PropertyNames.cs.orig Wed Jun 15 19:43:59 2011 >++++ cs/src/Ice/PropertyNames.cs Tue Jul 12 15:32:00 2011 >+@@ -8,7 +8,7 @@ >+ // ********************************************************************** >+ >+ // >+-// Generated by makeprops.py from file ..\config\PropertyNames.xml, Mon May 09 07:39:43 2011 >++// Generated by makeprops.py from file ../config/PropertyNames.xml, Tue Jul 12 07:22:34 2011 >+ >+ // IMPORTANT: Do not edit this file -- any edits made here will be lost! >+ >+@@ -325,6 +325,8 @@ namespace IceInternal >+ new Property(@"^IceGrid\.Registry\.PermissionsVerifier$", false, null), >+ new Property(@"^IceGrid\.Registry\.ReplicaName$", false, null), >+ new Property(@"^IceGrid\.Registry\.ReplicaSessionTimeout$", false, null), >++ new Property(@"^IceGrid\.Registry\.RequireNodeCertCN$", false, null), >++ new Property(@"^IceGrid\.Registry\.RequireReplicaCertCN$", false, null), >+ new Property(@"^IceGrid\.Registry\.Server\.ACM$", false, null), >+ new Property(@"^IceGrid\.Registry\.Server\.AdapterId$", false, null), >+ new Property(@"^IceGrid\.Registry\.Server\.Endpoints$", false, null), >diff -ruN --exclude=CVS /usr/ports/devel/ice.orig/files/patch-java-src-IceInternal-PropertyNames.java /usr/ports/devel/ice/files/patch-java-src-IceInternal-PropertyNames.java >--- /usr/ports/devel/ice.orig/files/patch-java-src-IceInternal-PropertyNames.java 1970-01-01 01:00:00.000000000 +0100 >+++ /usr/ports/devel/ice/files/patch-java-src-IceInternal-PropertyNames.java 2011-07-19 02:26:15.000000000 +0200 >@@ -0,0 +1,20 @@ >+--- java/src/IceInternal/PropertyNames.java.orig Wed Jun 15 19:43:59 2011 >++++ java/src/IceInternal/PropertyNames.java Tue Jul 12 15:32:00 2011 >+@@ -8,7 +8,7 @@ >+ // ********************************************************************** >+ >+ // >+-// Generated by makeprops.py from file ..\config\PropertyNames.xml, Mon May 09 07:39:43 2011 >++// Generated by makeprops.py from file ../config/PropertyNames.xml, Tue Jul 12 07:22:34 2011 >+ >+ // IMPORTANT: Do not edit this file -- any edits made here will be lost! >+ >+@@ -325,6 +325,8 @@ public final class PropertyNames >+ new Property("IceGrid\\.Registry\\.PermissionsVerifier", false, null), >+ new Property("IceGrid\\.Registry\\.ReplicaName", false, null), >+ new Property("IceGrid\\.Registry\\.ReplicaSessionTimeout", false, null), >++ new Property("IceGrid\\.Registry\\.RequireNodeCertCN", false, null), >++ new Property("IceGrid\\.Registry\\.RequireReplicaCertCN", false, null), >+ new Property("IceGrid\\.Registry\\.Server\\.ACM", false, null), >+ new Property("IceGrid\\.Registry\\.Server\\.AdapterId", false, null), >+ new Property("IceGrid\\.Registry\\.Server\\.Endpoints", false, null),
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=116986">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 159031
: 116986