in src/server.c [678:794]
static void on_connection_bound(qd_server_t *server, pn_event_t *e) {
pn_connection_t *pn_conn = pn_event_connection(e);
qd_connection_t *ctx = pn_connection_get_context(pn_conn);
pn_transport_t *tport = pn_connection_transport(pn_conn);
pn_transport_set_context(tport, ctx); /* for transport_tracer */
//
// Proton pushes out its trace to transport_tracer() which in turn writes a trace
// message to the qdrouter log
// If trace level logging is enabled on the PROTOCOL module, set PN_TRACE_FRM as the transport trace
// and also set the transport tracer callback.
// Note here that if trace level logging is enabled on the DEFAULT module, all modules are logging at trace level too.
//
if (qd_log_enabled(ctx->server->protocol_log_source, QD_LOG_TRACE)) {
pn_transport_trace(tport, PN_TRACE_FRM);
pn_transport_set_tracer(tport, transport_tracer);
}
const qd_server_config_t *config = NULL;
if (ctx->listener) { /* Accepting an incoming connection */
config = &ctx->listener->config;
const char *name = config->host_port;
pn_transport_set_server(tport);
set_rhost_port(ctx);
sys_mutex_lock(server->lock); /* Policy check is not thread safe */
ctx->policy_counted = qd_policy_socket_accept(server->qd->policy, ctx->rhost);
sys_mutex_unlock(server->lock);
if (!ctx->policy_counted) {
pn_transport_close_tail(tport);
pn_transport_close_head(tport);
return;
}
// Set up SSL
if (config->ssl_profile) {
qd_log(ctx->server->log_source, QD_LOG_TRACE, "[C%"PRIu64"] Configuring SSL on %s", ctx->connection_id, name);
if (listener_setup_ssl(ctx, config, tport) != QD_ERROR_NONE) {
connect_fail(ctx, QD_AMQP_COND_INTERNAL_ERROR, "%s on %s", qd_error_message(), name);
return;
}
}
//
// Set up SASL
//
sys_mutex_lock(ctx->server->lock);
pn_sasl_t *sasl = pn_sasl(tport);
if (ctx->server->sasl_config_path)
pn_sasl_config_path(sasl, ctx->server->sasl_config_path);
pn_sasl_config_name(sasl, ctx->server->sasl_config_name);
if (config->sasl_mechanisms)
pn_sasl_allowed_mechs(sasl, config->sasl_mechanisms);
if (config->sasl_plugin_config.auth_service) {
qd_log(server->log_source, QD_LOG_INFO, "[C%"PRIu64"] Enabling remote authentication service %s", ctx->connection_id, config->sasl_plugin_config.auth_service);
pn_ssl_domain_t* plugin_ssl_domain = NULL;
if (config->sasl_plugin_config.use_ssl) {
plugin_ssl_domain = pn_ssl_domain(PN_SSL_MODE_CLIENT);
if (config->sasl_plugin_config.ssl_certificate_file) {
if (pn_ssl_domain_set_credentials(plugin_ssl_domain,
config->sasl_plugin_config.ssl_certificate_file,
config->sasl_plugin_config.ssl_private_key_file,
config->sasl_plugin_config.ssl_password)) {
qd_log(server->log_source, QD_LOG_ERROR, "[C%"PRIu64"] Cannot set SSL credentials for authentication service", ctx->connection_id);
}
}
if (config->sasl_plugin_config.ssl_trusted_certificate_db) {
if (pn_ssl_domain_set_trusted_ca_db(plugin_ssl_domain, config->sasl_plugin_config.ssl_trusted_certificate_db)) {
qd_log(server->log_source, QD_LOG_ERROR, "[C%"PRIu64"] Cannot set trusted SSL certificate db for authentication service", ctx->connection_id);
} else {
if (pn_ssl_domain_set_peer_authentication(plugin_ssl_domain, PN_SSL_VERIFY_PEER, config->sasl_plugin_config.ssl_trusted_certificate_db)) {
qd_log(server->log_source, QD_LOG_ERROR, "[C%"PRIu64"] Cannot set SSL peer verification for authentication service", ctx->connection_id);
}
}
}
if (config->sasl_plugin_config.ssl_ciphers) {
if (pn_ssl_domain_set_ciphers(plugin_ssl_domain, config->sasl_plugin_config.ssl_ciphers)) {
qd_log(server->log_source, QD_LOG_ERROR, "[C%"PRIu64"] Cannot set ciphers for authentication service", ctx->connection_id);
}
}
if (config->sasl_plugin_config.ssl_protocols) {
if (pn_ssl_domain_set_protocols(plugin_ssl_domain, config->sasl_plugin_config.ssl_protocols)) {
qd_log(server->log_source, QD_LOG_ERROR, "[C%"PRIu64"] Cannot set protocols for authentication service", ctx->connection_id);
}
}
}
qdr_use_remote_authentication_service(tport, config->sasl_plugin_config.auth_service, config->sasl_plugin_config.hostname, config->sasl_plugin_config.sasl_init_hostname, plugin_ssl_domain, server->proactor);
}
pn_transport_require_auth(tport, config->requireAuthentication);
pn_transport_require_encryption(tport, config->requireEncryption);
pn_sasl_set_allow_insecure_mechs(sasl, config->allowInsecureAuthentication);
sys_mutex_unlock(ctx->server->lock);
qd_log(ctx->server->log_source, QD_LOG_INFO, "[C%"PRIu64"] Accepted connection to %s from %s",
ctx->connection_id, name, ctx->rhost_port);
} else if (ctx->connector) { /* Establishing an outgoing connection */
config = &ctx->connector->config;
if (!setup_ssl_sasl_and_open(ctx)) {
qd_log(ctx->server->log_source, QD_LOG_ERROR, "[C%"PRIu64"] Connection aborted due to internal setup error",
ctx->connection_id);
pn_transport_close_tail(tport);
pn_transport_close_head(tport);
return;
}
} else { /* No connector and no listener */
connect_fail(ctx, QD_AMQP_COND_INTERNAL_ERROR, "unknown Connection");
return;
}
//
// Common transport configuration.
//
pn_transport_set_max_frame(tport, config->max_frame_size);
pn_transport_set_channel_max(tport, config->max_sessions - 1);
pn_transport_set_idle_timeout(tport, config->idle_timeout_seconds * 1000);
}