/
envoy.istio
/
oceanbase
GigaCode
beta
ОбзорЦентр заботыВойти

oceanbase

Форк
0
Ветки: 12Коммиты: 12104Теги: 40
oceanbase
/deps
/ussl-hook
/loop
/
handle-event.c 
517 строк · 18.4 Кб
1
/**
2
 * Copyright (c) 2021 OceanBase
3
 * OceanBase CE is licensed under Mulan PubL v2.
4
 * You can use this software according to the terms and conditions of the Mulan PubL v2.
5
 * You may obtain a copy of Mulan PubL v2 at:
6
 *          http://license.coscl.org.cn/MulanPubL-2.0
7
 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
8
 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
9
 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
10
 * See the Mulan PubL v2 for more details.
11
 */
12


13
#include <errno.h>
14
#include <string.h>
15
#include <stdlib.h>
16
#include <sys/stat.h>
17
#include <arpa/inet.h>
18


19
#define USSL_SCRAMBLE_LEN 16
20
#define USSL_MAX_KEY_LEN 16
21
#define AUTH_TYPE_STRING_MAX_LEN 32
22


23
enum ClientNegoStage {
24
  SEND_FIRST_NEGO_MESSAGE = 1,
25
  DOING_SSL_HANSHAKE = 2,
26
};
27


28
enum ServerNegoStage {
29
  SERVER_ACCEPT_CONNECTION = 1,
30
  SERVER_ACK_NEGO_AND_AUTH = 2,
31
  SERVER_ACK_NEGO_AND_SSL = 3,
32
};
33


34
enum ob_rpc_connection_type {
35
  OB_CONNECTION_COMMON_TYPE,
36
  OB_CONNECTION_AUTH_BYPASS_TYPE,
37
};
38


39
static const int MAX_FD_NUM = 1024 * 1024;
40
static uint8_t gs_connection_type_arr[MAX_FD_NUM];
41


42
int ussl_set_rpc_connection_type(int fd, int type)
43
{
44
  int ret = 0;
45
  if (fd >= 0 && fd < MAX_FD_NUM) {
46
    gs_connection_type_arr[fd] = type;
47
  } else {
48
    ret = -ERANGE;
49
  }
50
  return ret;
51
}
52


53
void ussl_reset_rpc_connection_type(int fd)
54
{
55
  if (fd >= 0 && fd < MAX_FD_NUM) {
56
    gs_connection_type_arr[fd] = 0;
57
  }
58
}
59


60
static void auth_type_to_str(int auth_type, char *buf, size_t len)
61
{
62
  if (USSL_AUTH_NONE == auth_type) {
63
    strncpy(buf, "NONE", len);
64
  } else if (USSL_AUTH_SSL_HANDSHAKE == auth_type) {
65
    strncpy(buf, "SSL_NO_ENCRYPT", len);
66
  } else if (USSL_AUTH_SSL_IO == auth_type) {
67
    strncpy(buf, "SSL_IO", len);
68
  }
69
}
70


71
static void get_client_addr(int fd, char *buf, int len)
72
{
73
  struct sockaddr_storage addr;
74
  socklen_t sock_len = sizeof(addr);
75
  if (0 != getsockname(fd, (struct sockaddr *)&addr, &sock_len)) {
76
    ussl_log_warn("getsockname failed, fd:%d, errno:%d", fd, errno);
77
  } else {
78
    char src_addr[INET6_ADDRSTRLEN];
79
    if (AF_INET == addr.ss_family) {
80
      struct sockaddr_in *s = (struct sockaddr_in *)&addr;
81
      if (NULL != inet_ntop(AF_INET, &s->sin_addr, src_addr, INET_ADDRSTRLEN)) {
82
        if (snprintf(buf, len, "%s:%d", src_addr, ntohs(s->sin_port)) < 0) {
83
          ussl_log_warn("snprintf failed, errno:%d", errno);
84
        }
85
      } else {
86
        ussl_log_warn("call inet_ntop for AF_INET failed, errno:%d", errno);
87
      }
88
    } else {
89
      struct sockaddr_in6 *s = (struct sockaddr_in6 *)&addr;
90
      if (NULL != inet_ntop(AF_INET6, &s->sin6_addr, src_addr, INET6_ADDRSTRLEN)) {
91
        if (snprintf(buf, len, "[%s]:%d", src_addr, ntohs(s->sin6_port)) < 0) {
92
          ussl_log_warn("snprintf failed, errno:%d", errno);
93
        }
94
      } else {
95
        ussl_log_warn("call inet_ntop for AF_INET6 failed, errno:%d", errno);
96
      }
97
    }
98
  }
99
}
100


101
static int is_local_ip_address(const char *addr)
102
{
103
  int ret = 0;
104
  if (NULL != strstr(addr, "127.0.0.1")) {
105
    ret = 1;
106
  }
107
  return ret;
108
}
109


110
static int handle_client_writable_event(ussl_sock_t *s)
111
{
112
  int ret = EAGAIN;
113
  int err = 0;
114
  int so_error = 0;
115
  int need_giveback = 0;
116
  socklen_t len = sizeof(err);
117
  clientfd_sk_t *cs = (clientfd_sk_t *)s;
118
  if (-1 == (err = getsockopt(cs->fd, SOL_SOCKET, SO_ERROR, (void *)&so_error, &len))) {
119
    ussl_log_error("call getsockopt failed, fd:%d, errno:%d", cs->fd, errno);
120
  } else if (0 != so_error) {
121
    ussl_log_warn("there is an error on the socket, fd:%d, so_error:%d", cs->fd, so_error);
122
  } else {
123
    // 1.remode EPOLLOUT & add EPOLLIN
124
    cs->mask &= ~EPOLLOUT;
125
    struct epoll_event event;
126
    uint32_t new_flags = EPOLLIN | EPOLLERR;
127
    int client_am = get_client_auth_methods();
128
    if (0 != (err = libc_epoll_ctl(cs->ep->fd, EPOLL_CTL_MOD, cs->fd,
129
                                   ussl_make_epoll_event(&event, new_flags, (ussl_sock_t *)cs)))) {
130
      ussl_log_error("modify epoll flag failed, fd:%d, errno:%d", cs->fd, errno);
131
    } else { // 3.send negotiation message
132
      int need_send_negotiation = 1;
133
      if (USSL_AUTH_NONE == client_am) {
134
        if (1 == cs->fd_info.send_negotiation) {
135
          need_send_negotiation = 1;
136
        } else {
137
          need_send_negotiation = 0;
138
        }
139
        need_giveback = 1;
140
      } else {
141
        need_send_negotiation = 1;
142
      }
143
      if (1 == need_send_negotiation) {
144
        negotiation_message_t nego_msg;
145
        nego_msg.type = client_am;
146
        nego_msg.client_gid = cs->fd_info.client_gid;
147
        if (0 != (err = send_negotiation_message(cs->fd, (char *)&nego_msg, sizeof(nego_msg)))) {
148
          ussl_log_warn("send negotiation message failed, fd:%d, err:%d, errno:%d", cs->fd, err,
149
                        errno);
150
        } else { // 4.add to timeout list (if needed)
151
          // succ log
152
          char client_addr[IP_STRING_MAX_LEN] = {0};
153
          get_client_addr(cs->fd, client_addr, IP_STRING_MAX_LEN);
154
          char auth_type[AUTH_TYPE_STRING_MAX_LEN] = {0};
155
          auth_type_to_str(nego_msg.type, auth_type, AUTH_TYPE_STRING_MAX_LEN);
156
          ussl_log_info("client send negotiation message succ, fd:%d, addr:%s, auth_method:%s, gid:0x%lx",
157
                        cs->fd, client_addr, auth_type, cs->fd_info.client_gid);
158
          if (USSL_AUTH_NONE == client_am) {
159
            need_giveback = 1;
160
          } else {
161
            if (is_local_ip_address(client_addr)) {
162
                need_giveback = 1;
163
            } else {
164
                cs->start_time = time(NULL);
165
                add_to_timeout_list(&cs->timeout_link);
166
                cs->fd_info.stage = SEND_FIRST_NEGO_MESSAGE;
167
                ret = EAGAIN;
168
            }
169
          }
170
        }
171
      }
172
    }
173
  }
174
  if (0 != err  || 0 != so_error || need_giveback) {
175
    s->has_error = ((err != 0) || (so_error != 0)) ? 1 : 0;
176
    ret = EUCLEAN;
177
  }
178
  return ret;
179
}
180


181
static int client_do_ssl_handshake(clientfd_sk_t *cs)
182
{
183
  int ret = EAGAIN;
184
  int err = 0;
185
  err = ssl_do_handshake(cs->fd);
186
  if (0 == err) {
187
    // stop timer and give back
188
    cs->has_error = 0;
189
    ret = EUCLEAN;
190
  } else if (EAGAIN == err) {
191
    ret = EAGAIN;
192
  } else {
193
    ussl_log_warn("client do ssl handshake failed, fd:%d, err:%d, errno:%d", cs->fd, err, errno);
194
    cs->has_error = 1;
195
    ret = EUCLEAN;
196
  }
197
  return ret;
198
}
199


200
static int handle_client_readable_event(ussl_sock_t *s)
201
{
202
  int ret = EAGAIN;
203
  clientfd_sk_t *cs = (clientfd_sk_t *)s;
204
  char client_addr[IP_STRING_MAX_LEN] = {0};
205
  get_client_addr(cs->fd, client_addr, IP_STRING_MAX_LEN);
206
  char auth_type[AUTH_TYPE_STRING_MAX_LEN] = {0};
207
  auth_type_to_str(cs->fd_info.auth_methods, auth_type, AUTH_TYPE_STRING_MAX_LEN);
208
  if (SEND_FIRST_NEGO_MESSAGE == cs->fd_info.stage) {
209
    int64_t rbytes = 0;
210
    char buf[USSL_BUF_LEN];
211
    // peek
212
    while ((rbytes = recv(cs->fd, buf, sizeof(buf), MSG_PEEK)) < 0 && EINTR == errno)
213
      ;
214
    if (0 == rbytes) {
215
      ret = EUCLEAN;
216
      cs->has_error = 1;
217
      ussl_log_info("read EOF, fd:%d, src_addr:%s", cs->fd, client_addr);
218
    } else if (rbytes < 0) {
219
      if (EINTR == errno) {
220
        ret = 0;
221
      } else if (EAGAIN == errno || EWOULDBLOCK == errno) {
222
        s->mask &= ~EPOLLIN;
223
        ret = EAGAIN;
224
      } else {
225
        s->has_error = 1;
226
        ret = EUCLEAN;
227
        ussl_log_warn("read failed, fd:%d, errno:%d", s->fd, errno);
228
      }
229
    } else if (rbytes < sizeof(negotiation_head_t)) {
230
      ussl_log_warn("recv message is not complete, close connection, rbytes:%ld, fd:%d", rbytes, cs->fd);
231
      cs->has_error = 1;
232
      ret = EUCLEAN;
233
    } else { // get mag len & read msg
234
      negotiation_head_t msg_head;
235
      memcpy(&msg_head, buf, sizeof(msg_head));
236
      if (NEGOTIATION_MAGIC != msg_head.magic) {
237
        cs->has_error = 1;
238
        ret = EUCLEAN;
239
      } else if (rbytes < sizeof(negotiation_head_t) + msg_head.len) {
240
        ussl_log_warn("recv message is not complete, close connection, rbytes:%ld, fd:%d", rbytes, cs->fd);
241
        cs->has_error = 1;
242
        ret = EUCLEAN;
243
      } else {
244
        while ((rbytes = recv(cs->fd, buf, sizeof(msg_head) + msg_head.len, 0)) < 0 &&
245
              EINTR == errno)
246
          ;
247
        if (rbytes != sizeof(msg_head) + msg_head.len) {
248
          ussl_log_warn("recv data failed, fd:%d, errno:%d, rbytes:%ld", cs->fd, errno, rbytes);
249
          cs->has_error = 1;
250
          ret = EUCLEAN;
251
        } else {
252
          negotiation_message_t nego_msg;
253
          memcpy(&nego_msg, buf + sizeof(msg_head), sizeof(nego_msg));
254
          if (USSL_AUTH_SSL_HANDSHAKE == nego_msg.type || USSL_AUTH_SSL_IO == nego_msg.type) {
255
            // do ssl handshake
256
            if (0 !=
257
                (ret = fd_enable_ssl_for_client(cs->fd, cs->fd_info.ssl_ctx_id, nego_msg.type))) {
258
              cs->has_error = 1;
259
              ussl_log_error("create SSL failed, fd:%d, errno:%d", s->fd, errno);
260
            } else {
261
              ussl_log_info("client do ssl handshake first, fd:%d, addr:%s, auth_method:%s", cs->fd,
262
                             client_addr, auth_type);
263
              ret = client_do_ssl_handshake(cs);
264
              if (EAGAIN == ret) {
265
                cs->fd_info.stage = DOING_SSL_HANSHAKE;
266
              }
267
            }
268
          }
269
        }
270
      }
271
    }
272
  } else {
273
    ussl_log_info("client do ssl handshake again, fd:%d, addr:%s, auth_method:%s", cs->fd,
274
              client_addr, auth_type);
275
    ret = client_do_ssl_handshake(cs);
276
  }
277
  return ret;
278
}
279


280
int clientfd_sk_handle_event(clientfd_sk_t *s)
281
{
282
  int ret = EAGAIN;
283
  if (ussl_skt(s, OUT)) {
284
    ret = handle_client_writable_event((ussl_sock_t *)s);
285
  } else if (ussl_skt(s, IN)) {
286
    ret = handle_client_readable_event((ussl_sock_t *)s);
287
  }
288
  return ret;
289
}
290


291
void ussl_get_peer_addr(int fd, char *buf, int len)
292
{
293
  struct sockaddr_storage addr;
294
  socklen_t sock_len = sizeof(addr);
295
  if (0 != getpeername(fd, (struct sockaddr *)&addr, &sock_len)) {
296
    ussl_log_warn("getpeername failed, fd:%d, errno:%d", fd, errno);
297
  } else {
298
    char src_addr[INET6_ADDRSTRLEN];
299
    if (AF_INET == addr.ss_family) {
300
      struct sockaddr_in *s = (struct sockaddr_in *)&addr;
301
      if (NULL != inet_ntop(AF_INET, &s->sin_addr, src_addr, INET_ADDRSTRLEN)) {
302
        if (snprintf(buf, len, "%s:%d", src_addr, ntohs(s->sin_port)) < 0) {
303
          ussl_log_warn("snprintf failed, errno:%d", errno);
304
        }
305
      } else {
306
        ussl_log_warn("call inet_ntop for AF_INET failed, errno:%d", errno);
307
      }
308
    } else {
309
      struct sockaddr_in6 *s = (struct sockaddr_in6 *)&addr;
310
      if (NULL != inet_ntop(AF_INET6, &s->sin6_addr, src_addr, INET6_ADDRSTRLEN)) {
311
        if (snprintf(buf, len, "[%s]:%d", src_addr, ntohs(s->sin6_port)) < 0) {
312
          ussl_log_warn("snprintf failed, errno:%d", errno);
313
        }
314
      } else {
315
        ussl_log_warn("call inet_ntop for AF_INET6 failed, errno:%d", errno);
316
      }
317
    }
318
  }
319
}
320


321
static int acceptfd_handle_first_readable_event(acceptfd_sk_t *s)
322
{
323
  int err = 0;
324
  char buf[USSL_BUF_LEN];
325
  ssize_t rbytes = 0;
326
  while ((rbytes = recv(s->fd, buf, sizeof(buf), MSG_PEEK)) < 0 && EINTR == errno);
327
  negotiation_head_t *h = (typeof(h))buf;
328
  char src_addr[IP_STRING_MAX_LEN] = {0};
329
  ussl_get_peer_addr(s->fd, src_addr, IP_STRING_MAX_LEN);
330
  if (0 == rbytes) {
331
    err = EUCLEAN;
332
    s->has_error = 1;
333
    ussl_log_info("read EOF, fd:%d, src_addr:%s", s->fd, src_addr);
334
  } else if (rbytes < 0) {
335
    if (EINTR == errno) {
336
    } else if (EAGAIN == errno || EWOULDBLOCK == errno) {
337
      s->mask &= ~EPOLLIN;
338
      err = EAGAIN;
339
    } else {
340
      err = EUCLEAN;
341
      s->has_error = 1;
342
      ussl_log_info("recv failed, fd:%d, errno:%d, src_addr:%s", s->fd, errno, src_addr);
343
    }
344
  } else if (rbytes < sizeof(negotiation_head_t)) {
345
    err = EUCLEAN;
346
    s->has_error = 1;
347
    ussl_log_info("read EOF, fd:%d, src_addr:%s", s->fd, src_addr);
348
  } else if (h->magic != NEGOTIATION_MAGIC) {
349
    int need_dispatch = 0;
350
    if (test_server_auth_methods(USSL_AUTH_NONE)) {
351
      need_dispatch = 1;
352
    } else if (is_local_ip_address(src_addr)) {
353
      ussl_log_info("local ip address:%s, need dispatch", src_addr);
354
      need_dispatch = 1;
355
    } else if (is_net_keepalive_connection(rbytes, buf)) {
356
      need_dispatch = 1;
357
      ussl_log_info("net keepalive negotation message, need dispatch, src:%s, fd:%d", src_addr, s->fd);
358
    } else {
359
      //if enable rpc auth bypass, all connections are allowed, including tableapi, liboblog,
360
      //else, only tableapi connections are allowed
361
      if (ussl_get_auth_bypass_flag()) {
362
        ussl_log_info("rpc auth enable bypass, need dispatch, src:%s, fd:%d", src_addr, s->fd);
363
        need_dispatch = 1;
364
      } else {
365
        if (ob_judge_is_tableapi_pcode_from_raw_packet(buf, rbytes)) {
366
          ussl_log_info("tableapi connection, need dispatch, src:%s, fd:%d", src_addr, s->fd);
367
          need_dispatch = 1;
368
        }
369
      }
370
      if (need_dispatch) {
371
        if (0 == ussl_set_rpc_connection_type(s->fd, OB_CONNECTION_AUTH_BYPASS_TYPE)) {
372
        } else {
373
          ussl_log_warn("ussl_set_rpc_connection_type failed, need close, src:%s, fd:%d", src_addr, s->fd);
374
          need_dispatch = 0;
375
        }
376
      }
377
    }
378
    if (need_dispatch) {
379
      err = EUCLEAN;
380
      s->fd_info.client_gid = UINT64_MAX;
381
      ussl_log_info("recv non-negotiation message, the fd will be dispatched, fd:%d, src_addr:%s, magic:0x%x",
382
              s->fd, src_addr, h->magic);
383
    } else {
384
      char auth_type[AUTH_TYPE_STRING_MAX_LEN] = {0};
385
      auth_type_to_str(get_server_auth_methods(), auth_type, AUTH_TYPE_STRING_MAX_LEN);
386
      err = EUCLEAN;
387
      s->has_error = 1;
388
      ussl_log_warn("connection is not allowed, fd:%d, src_addr:%s, server_auth_method:%s, "
389
                     "rbytes:%ld, magic:%x",
390
                     s->fd, src_addr, auth_type, rbytes, h->magic);
391
    }
392
  } else if (h->len + sizeof(*h) > rbytes) {
393
    err = EUCLEAN;
394
    s->has_error = 1;
395
    ussl_log_warn("recv message is not complete, close connection, rbytes:%ld, fd:%d", rbytes, s->fd);
396
  } else {
397
    while ((rbytes = recv(s->fd, buf, h->len + sizeof(negotiation_head_t), 0)) < 0 &&
398
           EINTR == errno)
399
      ;
400
    if (rbytes != h->len + sizeof(negotiation_head_t)) {
401
      err = EUCLEAN;
402
      s->has_error = 1;
403
      ussl_log_warn("consume nego message failed, rbytes:%ld, fd:%d, errno:%d", rbytes, s->fd,
404
                     errno);
405
    } else {
406
      if (is_local_ip_address(src_addr)) {
407
        //TODO fix me
408
        //if observer use local loop ip to start service, there will be error here
409
        err = EUCLEAN;
410
        s->fd_info.client_gid = UINT64_MAX;
411
        ussl_log_info("local ip address:%s, dispatch after consume", src_addr);
412
      } else {
413
        negotiation_message_t *nego_message = (typeof(nego_message))(h + 1);
414
        s->fd_info.client_gid = nego_message->client_gid;
415
        char auth_type[AUTH_TYPE_STRING_MAX_LEN] = {0};
416
        auth_type_to_str(nego_message->type, auth_type, AUTH_TYPE_STRING_MAX_LEN);
417
        if (USSL_AUTH_NONE == nego_message->type) {
418
          if (test_server_auth_methods(USSL_AUTH_NONE)) {
419
            err = EUCLEAN;
420
            s->fd_info.client_gid = nego_message->client_gid;
421
            ussl_log_info("auth mothod is NONE, the fd will be dispatched, fd:%d, src_addr:%s", s->fd,
422
                          src_addr);
423
          } else if (ussl_get_auth_bypass_flag()) {
424
            if (0 == ussl_set_rpc_connection_type(s->fd, OB_CONNECTION_AUTH_BYPASS_TYPE)) {
425
              err = EUCLEAN;
426
              ussl_log_warn("enable bypass connection, allow connect, src:%s, fd:%d", src_addr, s->fd);
427
            } else {
428
              err = EUCLEAN;
429
              s->has_error = 1;
430
            }
431
          } else {
432
            err = EUCLEAN;
433
            s->has_error = 1;
434
            ussl_log_warn("ussl server not support mode:%s, fd:%d", auth_type, s->fd);
435
          }
436
        } else if (USSL_AUTH_SSL_IO == nego_message->type ||
437
                  USSL_AUTH_SSL_HANDSHAKE == nego_message->type) {
438
          if (test_server_auth_methods(USSL_AUTH_SSL_IO) ||
439
              test_server_auth_methods(USSL_AUTH_SSL_HANDSHAKE)) {
440
            if (-1 == ssl_config_ctx_id) {
441
              err = EUCLEAN;
442
              s->has_error = 1;
443
              ussl_log_warn("ssl config not configured or not load completely!");
444
            } else {
445
              negotiation_message_t nego_message_ack;
446
              nego_message_ack.type = nego_message->type;
447
              int has_method_none = test_server_auth_methods(USSL_AUTH_NONE);
448
              if (0 != fd_enable_ssl_for_server(s->fd, ssl_config_ctx_id, nego_message->type,
449
                  has_method_none)) {
450
                err = EUCLEAN;
451
                s->has_error = 1;
452
                ussl_log_error("fd_enable_ssl_for_server failed, fd:%d", s->fd);
453
              } else if (0 != send_negotiation_message(s->fd, (char *)&nego_message_ack,
454
                                                      sizeof(nego_message_ack))) {
455
                err = EUCLEAN;
456
                s->has_error = 1;
457
                ussl_log_warn("send_negotiation_message failed, auth-mode:%d, fd:%d",
458
                              nego_message->type, s->fd);
459
              } else {
460
                ussl_log_info("auth method is SSL_NO_ENCRYPT or SSL_IO, and the negotiation message "
461
                              "has be sent, fd:%d, src_addr:%s",
462
                              s->fd, src_addr);
463
                s->fd_info.stage = SERVER_ACK_NEGO_AND_SSL;
464
                err = EAGAIN;
465
              }
466
            }
467
          } else {
468
            err = EUCLEAN;
469
            s->has_error = 1;
470
            ussl_log_warn("ussl server not support mode:%s, fd:%d", auth_type, s->fd);
471
          }
472
        }
473
      }
474
    }
475
  }
476
  return err;
477
}
478


479
static int acceptfd_handle_ssl_event(acceptfd_sk_t *s)
480
{
481
  int ret = 0;
482
  char src_addr[IP_STRING_MAX_LEN] = {0};
483
  ussl_get_peer_addr(s->fd, src_addr, IP_STRING_MAX_LEN);
484
  ret = ssl_do_handshake(s->fd);
485
  if (0 == ret) {
486
    ret = EUCLEAN;
487
    ussl_log_info("ssl_do_handshake succ, fd:%d, client_gid:%lu, src_addr:%s", s->fd, s->fd_info.client_gid, src_addr);
488
  } else if (EAGAIN == ret) {
489
  } else {
490
    s->has_error = 1;
491
    ussl_log_warn("ssl_do_handshake failed, fd:%d, ret:%d, src_addr:%s", s->fd, ret, src_addr);
492
  }
493
  return ret;
494
}
495


496
int acceptfd_sk_handle_event(acceptfd_sk_t *s)
497
{
498
  int ret = 0;
499
  if (ussl_skt(s, IN)) {
500
    if (SERVER_ACCEPT_CONNECTION == s->fd_info.stage) {
501
      ret = acceptfd_handle_first_readable_event(s);
502
    } else if (SERVER_ACK_NEGO_AND_SSL == s->fd_info.stage) {
503
      ret = acceptfd_handle_ssl_event(s);
504
    }
505
  }
506
  return ret;
507
}
508


509
int ussl_check_pcode_mismatch_connection(int fd, uint32_t pcode)
510
{
511
  int ret = 0;
512
  if (fd >= 0 && fd < MAX_FD_NUM) {
513
    ret = (gs_connection_type_arr[fd] & OB_CONNECTION_AUTH_BYPASS_TYPE) &&
514
          !ob_is_bypass_pcode(pcode);
515
  }
516
  return ret;
517
}

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.