Re: comm_failure for large sequences using giop between two machines



Michael Meeks wrote:

>	Oh dear; ok - so, I think the 'is_auth' flag needs to be set on the
>connection the first time we receive a valid object key from it [ this
>is how we do security ]. Better still, we could do this by grokking the
>first fragment / few tens of bytes of the message - and then allow the
>buffers to accumulate if it is for a valid object key.
>

<snip>

>  
>
>>These artificial limits pose a bit of a problem for the project I am 
>>working on. Since the client and server may need to send and receive 
>>very large sequences. Unfortunately, there is no way to predict 
>>beforehand an upper limit on the size of the sequences.
>>    
>>
>
>	Right; so - this is in some ways a shortish term solution - although I
>think we should have a configurable limit for messages [ I believe we do
>in HEAD - via. some ORB parameter - I think you can also make it
>ulimited somehow via that parameter too.
>
>	Ultimately we need to re-hash the code slightly so we know when we can
>detect whether the invocation is valid, and thus authenticated as early
>as possible; rather than when we've read the whole message.
>
>	Are you interested in looking into that ?
>  
>
I can probably get a few hours to look into it. I would like to get this 
resolved, since I want to keep ORBit a viable option for the project I 
am working on. The alternative is omniORB which is just so much larger 
and slower.

Let us see if I have this right. The is_auth flag for the connection is 
set initally based on the connection protocol:
cnx->is_auth       = (proto->flags & LINK_PROTOCOL_SECURE);

The problem is the flag is never upgraded for IPv4 (and other insecure 
connection protocols), so we never trust the sender. What needs to 
happen is the when we receive a message from a connection we check if 
the object key is valid and if so set is_auth flag to true. (If it isn't 
a valid object key that generate some kind of error?) The trick is the 
message header contains the length of the message but not the object 
key. So we need to get at least the first part of the message body to be 
able to check the object key.  That raises two questions: how do I get 
more of the message without messing up the buffer state? and how do I 
establish if the object key is valid? I'm not that familiar with ORBit's 
internals so any hints would be most appreciated.



-- 
Bowie Owens

CSIRO Mathematical & Information Sciences
phone  : +61 3 9545 8055
fax    : +61 3 9545 8080
mobile : 0425 729 875
email  : Bowie.Owens@csiro.au






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]