The R13B03 release.OTP_R13B03

1 files changed, 449 insertions, 0 deletions

diff --git a/lib/ssl/src/inet_ssl_dist.erl b/lib/ssl/src/inet_ssl_dist.erl
new file mode 100644
index 0000000000..f62aefd35a
--- /dev/null
+++ b/lib/ssl/src/inet_ssl_dist.erl
@@ -0,0 +1,449 @@
+%%<copyright>
+%% <year>2000-2008</year>
+%% <holder>Ericsson AB, All Rights Reserved</holder>
+%%</copyright>
+%%<legalnotice>
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% The Initial Developer of the Original Code is Ericsson AB.
+%%</legalnotice>
+%%
+-module(inet_ssl_dist).
+
+%% Handles the connection setup phase with other Erlang nodes.
+
+-export([childspecs/0, listen/1, accept/1, accept_connection/5,
+	 setup/5, close/1, select/1, is_node_name/1]).
+
+%% internal exports
+
+-export([accept_loop/2,do_accept/6,do_setup/6, getstat/1,tick/1]).
+
+-import(error_logger,[error_msg/2]).
+
+-include("net_address.hrl").
+
+
+
+-define(to_port(Socket, Data, Opts),
+	case ssl_prim:send(Socket, Data, Opts) of
+	    {error, closed} ->
+		self() ! {ssl_closed, Socket},
+	        {error, closed};
+	    R ->
+	        R
+        end).
+
+
+-include("dist.hrl").
+-include("dist_util.hrl").
+
+%% -------------------------------------------------------------
+%% This function should return a valid childspec, so that 
+%% the primitive ssl_server gets supervised
+%% -------------------------------------------------------------
+childspecs() ->
+    {ok, [{ssl_server_prim,{ssl_server, start_link_prim, []},
+	  permanent, 2000, worker, [ssl_server]}]}.
+
+
+%% ------------------------------------------------------------
+%%  Select this protocol based on node name
+%%  select(Node) => Bool
+%% ------------------------------------------------------------
+
+select(Node) ->
+    case split_node(atom_to_list(Node), $@, []) of
+	[_,_Host] -> true;
+	_ -> false
+    end.
+
+%% ------------------------------------------------------------
+%% Create the listen socket, i.e. the port that this erlang
+%% node is accessible through.
+%% ------------------------------------------------------------
+
+listen(Name) ->
+    case ssl_prim:listen(0, [{active, false}, {packet,4}] ++ 
+			 get_ssl_options(server)) of
+	{ok, Socket} ->
+	    TcpAddress = get_tcp_address(Socket),
+	    {_,Port} = TcpAddress#net_address.address,
+	    {ok, Creation} = erl_epmd:register_node(Name, Port),
+	    {ok, {Socket, TcpAddress, Creation}};
+	Error ->
+	    Error
+    end.
+
+%% ------------------------------------------------------------
+%% Accepts new connection attempts from other Erlang nodes.
+%% ------------------------------------------------------------
+
+accept(Listen) ->
+    spawn_link(?MODULE, accept_loop, [self(), Listen]).
+
+accept_loop(Kernel, Listen) ->
+    process_flag(priority, max),
+    case ssl_prim:accept(Listen) of
+	{ok, Socket} ->
+	    Kernel ! {accept,self(),Socket,inet,ssl},
+	    controller(Kernel, Socket),
+	    accept_loop(Kernel, Listen);
+	Error ->
+	    exit(Error)
+    end.
+
+controller(Kernel, Socket) ->
+    receive
+	{Kernel, controller, Pid} ->
+	    flush_controller(Pid, Socket),
+	    ssl_prim:controlling_process(Socket, Pid),
+	    flush_controller(Pid, Socket),
+	    Pid ! {self(), controller};
+	{Kernel, unsupported_protocol} ->
+	    exit(unsupported_protocol)
+    end.
+
+flush_controller(Pid, Socket) ->
+    receive
+	{ssl, Socket, Data} ->
+	    Pid ! {ssl, Socket, Data},
+	    flush_controller(Pid, Socket);
+	{ssl_closed, Socket} ->
+	    Pid ! {ssl_closed, Socket},
+	    flush_controller(Pid, Socket)
+    after 0 ->
+	    ok
+    end.
+
+%% ------------------------------------------------------------
+%% Accepts a new connection attempt from another Erlang node.
+%% Performs the handshake with the other side.
+%% ------------------------------------------------------------
+
+accept_connection(AcceptPid, Socket, MyNode, Allowed, SetupTime) ->
+    spawn_link(?MODULE, do_accept,
+	       [self(), AcceptPid, Socket, MyNode,
+		Allowed, SetupTime]).
+
+do_accept(Kernel, AcceptPid, Socket, MyNode, Allowed, SetupTime) ->
+    process_flag(priority, max),
+    receive
+	{AcceptPid, controller} ->
+	    Timer = dist_util:start_timer(SetupTime),
+	    case check_ip(Socket) of
+		true ->
+		    HSData = #hs_data{
+		      kernel_pid = Kernel,
+		      this_node = MyNode,
+		      socket = Socket,
+		      timer = Timer,
+		      this_flags = 0,
+		      allowed = Allowed,
+		      f_send = fun(S,D) -> ssl_prim:send(S,D) end,
+		      f_recv = fun(S,N,T) -> ssl_prim:recv(S,N,T) 
+			       end,
+		      f_setopts_pre_nodeup = 
+		      fun(S) ->
+			      ssl_prim:setopts(S, 
+					       [{active, false}])
+		      end,
+		      f_setopts_post_nodeup = 
+		      fun(S) ->
+			      ssl_prim:setopts(S, 
+					       [{deliver, port},
+						{active, true}])
+		      end,
+		      f_getll = fun(S) ->
+					ssl_prim:getll(S)
+				end,
+		      f_address = fun get_remote_id/2,
+		      mf_tick = {?MODULE, tick},
+		      mf_getstat = {?MODULE,getstat}
+		     },
+		    dist_util:handshake_other_started(HSData);
+		{false,IP} ->
+		    error_msg("** Connection attempt from "
+			      "disallowed IP ~w ** ~n", [IP]),
+		    ?shutdown(no_node)
+	    end
+    end.
+
+%% ------------------------------------------------------------
+%% Get remote information about a Socket.
+%% ------------------------------------------------------------
+
+get_remote_id(Socket, Node) ->
+    {ok, Address} = ssl_prim:peername(Socket),
+    [_, Host] = split_node(atom_to_list(Node), $@, []),
+    #net_address {
+		  address = Address,
+		  host = Host,
+		  protocol = ssl,
+		  family = inet }.
+
+%% ------------------------------------------------------------
+%% Setup a new connection to another Erlang node.
+%% Performs the handshake with the other side.
+%% ------------------------------------------------------------
+
+setup(Node, Type, MyNode, LongOrShortNames,SetupTime) ->
+    spawn_link(?MODULE, do_setup, [self(),
+				   Node,
+				   Type,
+				   MyNode,
+				   LongOrShortNames,
+				   SetupTime]).
+
+do_setup(Kernel, Node, Type, MyNode, LongOrShortNames,SetupTime) ->
+    process_flag(priority, max),
+    ?trace("~p~n",[{inet_ssl_dist,self(),setup,Node}]),
+    [Name, Address] = splitnode(Node, LongOrShortNames),
+    case inet:getaddr(Address, inet) of
+	{ok, Ip} ->
+	    Timer = dist_util:start_timer(SetupTime),
+	    case erl_epmd:port_please(Name, Ip) of
+		{port, TcpPort, Version} ->
+		    ?trace("port_please(~p) -> version ~p~n", 
+			   [Node,Version]),
+		    dist_util:reset_timer(Timer),
+		    case ssl_prim:connect(Ip, TcpPort, 
+					  [{active, false}, 
+					   {packet,4}] ++ 
+					  get_ssl_options(client)) of
+			{ok, Socket} ->
+			    HSData = #hs_data{
+			      kernel_pid = Kernel,
+			      other_node = Node,
+			      this_node = MyNode,
+			      socket = Socket,
+			      timer = Timer,
+			      this_flags = 0,
+			      other_version = Version,
+			      f_send = fun(S,D) -> 
+					       ssl_prim:send(S,D) 
+				       end,
+			      f_recv = fun(S,N,T) -> 
+					       ssl_prim:recv(S,N,T) 
+				       end,
+			      f_setopts_pre_nodeup = 
+			      fun(S) ->
+				      ssl_prim:setopts
+					(S, 
+					 [{active, false}])
+			      end,
+			      f_setopts_post_nodeup = 
+			      fun(S) ->
+				      ssl_prim:setopts
+					(S, 
+					 [{deliver, port},{active, true}])
+			      end,
+			      f_getll = fun(S) ->
+						ssl_prim:getll(S)
+					end,
+			      f_address = 
+			      fun(_,_) ->
+				      #net_address {
+				   address = {Ip,TcpPort},
+				   host = Address,
+				   protocol = ssl,
+				   family = inet}
+			      end,
+			      mf_tick = {?MODULE, tick},
+			      mf_getstat = {?MODULE,getstat},
+			      request_type = Type
+			     },
+			    dist_util:handshake_we_started(HSData);
+			_ ->
+			    %% Other Node may have closed since 
+			    %% port_please !
+			    ?trace("other node (~p) "
+				   "closed since port_please.~n", 
+				   [Node]),
+			    ?shutdown(Node)
+		    end;
+		_ ->
+		    ?trace("port_please (~p) "
+			   "failed.~n", [Node]),
+		    ?shutdown(Node)
+	    end;
+	_Other ->
+	    ?trace("inet_getaddr(~p) "
+		   "failed (~p).~n", [Node,Other]),
+	    ?shutdown(Node)
+    end.
+
+%%
+%% Close a socket.
+%%
+close(Socket) ->
+    ssl_prim:close(Socket).
+
+
+%% If Node is illegal terminate the connection setup!!
+splitnode(Node, LongOrShortNames) ->
+    case split_node(atom_to_list(Node), $@, []) of
+	[Name|Tail] when Tail =/= [] ->
+	    Host = lists:append(Tail),
+	    case split_node(Host, $., []) of
+		[_] when LongOrShortNames == longnames ->
+		    error_msg("** System running to use "
+			      "fully qualified "
+			      "hostnames **~n"
+			      "** Hostname ~s is illegal **~n",
+			      [Host]),
+		    ?shutdown(Node);
+		[_, _ | _] when LongOrShortNames == shortnames ->
+		    error_msg("** System NOT running to use fully qualified "
+			      "hostnames **~n"
+			      "** Hostname ~s is illegal **~n",
+			      [Host]),
+		    ?shutdown(Node);
+		_ ->
+		    [Name, Host]
+	    end;
+	[_] ->
+	    error_msg("** Nodename ~p illegal, no '@' character **~n",
+		      [Node]),
+	    ?shutdown(Node);
+	_ ->
+	    error_msg("** Nodename ~p illegal **~n", [Node]),
+	    ?shutdown(Node)
+    end.
+
+split_node([Chr|T], Chr, Ack) -> [lists:reverse(Ack)|split_node(T, Chr, [])];
+split_node([H|T], Chr, Ack)   -> split_node(T, Chr, [H|Ack]);
+split_node([], _, Ack)        -> [lists:reverse(Ack)].
+
+%% ------------------------------------------------------------
+%% Fetch local information about a Socket.
+%% ------------------------------------------------------------
+get_tcp_address(Socket) ->
+    {ok, Address} = ssl_prim:sockname(Socket),
+    {ok, Host} = inet:gethostname(),
+    #net_address {
+		  address = Address,
+		  host = Host,
+		  protocol = ssl,
+		  family = inet
+		 }.
+
+%% ------------------------------------------------------------
+%% Do only accept new connection attempts from nodes at our
+%% own LAN, if the check_ip environment parameter is true.
+%% ------------------------------------------------------------
+check_ip(Socket) ->
+    case application:get_env(check_ip) of
+	{ok, true} ->
+	    case get_ifs(Socket) of
+		{ok, IFs, IP} ->
+		    check_ip(IFs, IP);
+		_ ->
+		    ?shutdown(no_node)
+	    end;
+	_ ->
+	    true
+    end.
+
+get_ifs(Socket) ->
+    case ssl_prim:peername(Socket) of
+	{ok, {IP, _}} ->
+	    case ssl_prim:getif(Socket) of
+		{ok, IFs} -> {ok, IFs, IP};
+		Error     -> Error
+	    end;
+	Error ->
+	    Error
+    end.
+
+check_ip([{OwnIP, _, Netmask}|IFs], PeerIP) ->
+    case {mask(Netmask, PeerIP), mask(Netmask, OwnIP)} of
+	{M, M} -> true;
+	_      -> check_ip(IFs, PeerIP)
+    end;
+check_ip([], PeerIP) ->
+    {false, PeerIP}.
+    
+mask({M1,M2,M3,M4}, {IP1,IP2,IP3,IP4}) ->
+    {M1 band IP1,
+     M2 band IP2,
+     M3 band IP3,
+     M4 band IP4}.
+
+is_node_name(Node) when is_atom(Node) ->
+    case split_node(atom_to_list(Node), $@, []) of
+	[_, _Host] -> true;
+	_ -> false
+    end;
+is_node_name(_Node) ->
+    false.
+tick(Sock) ->
+    ?to_port(Sock,[],[force]).
+getstat(Socket) ->
+    case ssl_prim:getstat(Socket, [recv_cnt, send_cnt, send_pend]) of
+	{ok, Stat} ->
+	    split_stat(Stat,0,0,0);
+	Error ->
+	    Error
+    end.
+
+split_stat([{recv_cnt, R}|Stat], _, W, P) ->
+    split_stat(Stat, R, W, P);
+split_stat([{send_cnt, W}|Stat], R, _, P) ->
+    split_stat(Stat, R, W, P);
+split_stat([{send_pend, P}|Stat], R, W, _) ->
+    split_stat(Stat, R, W, P);
+split_stat([], R, W, P) ->
+    {ok, R, W, P}.
+
+
+get_ssl_options(Type) ->
+    case init:get_argument(ssl_dist_opt) of
+	{ok, Args} ->
+	    ssl_options(Type, Args);
+	_ ->
+	    []
+    end.
+
+ssl_options(_,[]) ->
+    [];
+ssl_options(server, [["server_certfile", Value]|T]) ->
+    [{certfile, Value} | ssl_options(server,T)];
+ssl_options(client, [["client_certfile", Value]|T]) ->
+    [{certfile, Value} | ssl_options(client,T)];
+ssl_options(server, [["server_cacertfile", Value]|T]) ->
+    [{cacertfile, Value} | ssl_options(server,T)];
+ssl_options(server, [["server_keyfile", Value]|T]) ->
+    [{keyfile, Value} | ssl_options(server,T)];
+ssl_options(Type, [["client_certfile", _Value]|T]) ->
+    ssl_options(Type,T);
+ssl_options(Type, [["server_certfile", _Value]|T]) ->
+    ssl_options(Type,T);
+ssl_options(Type, [[Item, Value]|T]) ->
+    [{atomize(Item),fixup(Value)} | ssl_options(Type,T)];
+ssl_options(Type, [[Item,Value |T1]|T2]) ->
+    ssl_options(atomize(Type),[[Item,Value],T1|T2]);
+ssl_options(_,_) ->
+    exit(malformed_ssl_dist_opt).
+    
+fixup(Value) ->
+    case catch list_to_integer(Value) of
+	{'EXIT',_} ->
+	    Value;
+	Int ->
+	    Int
+    end.
+
+atomize(List) when is_list(List) ->
+    list_to_atom(List);
+atomize(Atom) when is_atom(Atom) ->
+    Atom.