Disallow connections to endpoints we're already connected to.

diff --git a/base/utility.cpp b/base/utility.cpp
index bc966350566b4fe3cb5351e656a9b8b536e0d420..53919e1be8159ccb73dbf0db7f54c6cdb4c1b9ac 100644 (file)
--- a/base/utility.cpp
+++ b/base/utility.cpp
@@ -86,3 +86,23 @@ string Utility::GetCertificateCN(const shared_ptr<X509>& certificate)
 
        return buffer;
 }
+
+shared_ptr<X509> Utility::GetX509Certificate(string pemfile)
+{
+       X509 *cert;
+       BIO *fpcert = BIO_new(BIO_s_file());
+
+       if (fpcert == NULL)
+               throw OpenSSLException("BIO_new failed", ERR_get_error());
+
+       if (BIO_read_filename(fpcert, pemfile.c_str()) < 0)
+               throw OpenSSLException("BIO_read_filename failed", ERR_get_error());
+
+       cert = PEM_read_bio_X509_AUX(fpcert, NULL, NULL, NULL);
+       if (cert == NULL)
+               throw OpenSSLException("PEM_read_bio_X509_AUX failed", ERR_get_error());
+
+       BIO_free(fpcert);
+
+       return shared_ptr<X509>(cert, X509_free);
+}

diff --git a/base/utility.h b/base/utility.h
index 785ff81272d159dc990787a7e8021641a673b0da..ef95d885f019f1be300c18e5dbe9e93f0c8e40a5 100644 (file)
--- a/base/utility.h
+++ b/base/utility.h
@@ -46,6 +46,7 @@ public:
 
        static shared_ptr<SSL_CTX> MakeSSLContext(string pubkey, string privkey, string cakey);
        static string GetCertificateCN(const shared_ptr<X509>& certificate);
+       static shared_ptr<X509> GetX509Certificate(string pemfile);
 };
 
 }

diff --git a/icinga-app/icinga.conf b/icinga-app/icinga.conf
index c7ec54767ed366b9786b4a438687ffc35e4cd942..621a96513dd6ced45aba25b2deca42e3cc93a4ef 100644 (file)
--- a/icinga-app/icinga.conf
+++ b/icinga-app/icinga.conf
@@ -4,7 +4,7 @@
                "demo": { "replicate": "0" }
        },
        "rpcconnection": {
-               "kekslistener": { "replicate": "0", "hostname": "127.0.0.1", "port": "7777" }
+               "kekslistener": { "replicate": "0", "hostname": "::1", "port": "7777" }
        },
        "rpclistener": {
                "kekslistener": { "replicate": "0", "port": "7777" }

diff --git a/icinga/discoverycomponent.cpp b/icinga/discoverycomponent.cpp
index 2b09a07059ed099c526b226dc784a53aa35dc5a2..a4682c2c7d7357b61f79df2a5716605f913a51e2 100644 (file)
--- a/icinga/discoverycomponent.cpp
+++ b/icinga/discoverycomponent.cpp
@@ -11,7 +11,7 @@ void DiscoveryComponent::Start(void)
 {
        m_DiscoveryEndpoint = make_shared<VirtualEndpoint>();
        m_DiscoveryEndpoint->RegisterMethodHandler("message::Welcome",
-               bind_weak(&DiscoveryComponent::GetPeersMessageHandler, shared_from_this()));
+               bind_weak(&DiscoveryComponent::WelcomeMessageHandler, shared_from_this()));
 
        m_DiscoveryEndpoint->RegisterMethodSource("discovery::PeerAvailable");
        m_DiscoveryEndpoint->RegisterMethodHandler("discovery::GetPeers",
@@ -28,8 +28,34 @@ void DiscoveryComponent::Stop(void)
                mgr->UnregisterEndpoint(m_DiscoveryEndpoint);
 }
 
+int DiscoveryComponent::CheckExistingEndpoint(Endpoint::Ptr endpoint, const NewEndpointEventArgs& neea)
+{
+       if (endpoint == neea.Endpoint)
+               return 0;
+
+       if (endpoint->GetIdentity() == neea.Endpoint->GetIdentity()) {
+               Application::Log("Detected duplicate identity (" + endpoint->GetIdentity() + " - Disconnecting endpoint.");
+
+               endpoint->Stop();
+               GetEndpointManager()->UnregisterEndpoint(endpoint);
+       }
+
+       return 0;
+}
+
 int DiscoveryComponent::WelcomeMessageHandler(const NewRequestEventArgs& neea)
 {
+       if (neea.Sender->GetIdentity() == GetEndpointManager()->GetIdentity()) {
+               Application::Log("Detected loop-back connection - Disconnecting endpoint.");
+
+               neea.Sender->Stop();
+               GetEndpointManager()->UnregisterEndpoint(neea.Sender);
+
+               return 0;
+       }
+
+       GetEndpointManager()->ForeachEndpoint(bind(&DiscoveryComponent::CheckExistingEndpoint, this, neea.Sender, _1));
+
        JsonRpcRequest request;
        request.SetMethod("discovery::GetPeers");
        GetEndpointManager()->SendUnicastRequest(m_DiscoveryEndpoint, neea.Sender, request);

diff --git a/icinga/discoverycomponent.h b/icinga/discoverycomponent.h
index 7d5e65008bc194320901d1b9036e10834ea8bf51..c9ba90034998d47890c73af87b2af044fd337961 100644 (file)
--- a/icinga/discoverycomponent.h
+++ b/icinga/discoverycomponent.h
@@ -14,6 +14,8 @@ private:
        int WelcomeMessageHandler(const NewRequestEventArgs& neea);
        int GetPeersMessageHandler(const NewRequestEventArgs& nrea);
 
+       int CheckExistingEndpoint(Endpoint::Ptr endpoint, const NewEndpointEventArgs& neea);
+
 public:
        virtual string GetName(void) const;
        virtual void Start(void);

diff --git a/icinga/endpoint.h b/icinga/endpoint.h
index 1980fdd48e89744339cba7b9e9113b2c9fd12fb2..785a24bee9cf63acd1cbe52667079d94c1e19fe7 100644 (file)
--- a/icinga/endpoint.h
+++ b/icinga/endpoint.h
@@ -53,6 +53,8 @@ public:
        virtual void ProcessRequest(Endpoint::Ptr sender, const JsonRpcRequest& message) = 0;
        virtual void ProcessResponse(Endpoint::Ptr sender, const JsonRpcResponse& message) = 0;
 
+       virtual void Stop(void) = 0;
+
        Event<NewMethodEventArgs> OnNewMethodSink;
        Event<NewMethodEventArgs> OnNewMethodSource;
 

diff --git a/icinga/endpointmanager.cpp b/icinga/endpointmanager.cpp
index ae869ea8baa19bad0f20e013f32d358b04ce2f62..76d094da95d3311b290c35ba45a24a6a096556fa 100644 (file)
--- a/icinga/endpointmanager.cpp
+++ b/icinga/endpointmanager.cpp
@@ -2,11 +2,17 @@
 
 using namespace icinga;
 
-EndpointManager::EndpointManager(shared_ptr<SSL_CTX> sslContext)
+EndpointManager::EndpointManager(string identity, shared_ptr<SSL_CTX> sslContext)
 {
+       m_Identity = identity;
        m_SSLContext = sslContext;
 }
 
+string EndpointManager::GetIdentity(void) const
+{
+       return m_Identity;
+}
+
 void EndpointManager::AddListener(unsigned short port)
 {
        stringstream s;
@@ -160,8 +166,13 @@ void EndpointManager::ForeachEndpoint(function<int (const NewEndpointEventArgs&)
 {
        NewEndpointEventArgs neea;
        neea.Source = shared_from_this();
-       for (list<Endpoint::Ptr>::iterator i = m_Endpoints.begin(); i != m_Endpoints.end(); i++) {
-               neea.Endpoint = *i;
+
+       list<Endpoint::Ptr>::iterator prev, i;
+       for (i = m_Endpoints.begin(); i != m_Endpoints.end(); ) {
+               prev = i;
+               i++;
+
+               neea.Endpoint = *prev;
                callback(neea);
        }
 }

diff --git a/icinga/endpointmanager.h b/icinga/endpointmanager.h
index 6a04d9f3887ff1bcd3018a3e80aa05e57f63ac07..864d31246260a0771e0216e5b62039ae925ec1b6 100644 (file)
--- a/icinga/endpointmanager.h
+++ b/icinga/endpointmanager.h
@@ -11,7 +11,9 @@ struct I2_ICINGA_API NewEndpointEventArgs : public EventArgs
 
 class I2_ICINGA_API EndpointManager : public Object
 {
+       string m_Identity;
        shared_ptr<SSL_CTX> m_SSLContext;
+
        list<JsonRpcServer::Ptr> m_Servers;
        list<Endpoint::Ptr> m_Endpoints;
 
@@ -27,7 +29,9 @@ public:
        typedef shared_ptr<EndpointManager> Ptr;
        typedef weak_ptr<EndpointManager> WeakPtr;
 
-       EndpointManager(shared_ptr<SSL_CTX> sslContext);
+       EndpointManager(string identity, shared_ptr<SSL_CTX> sslContext);
+
+       string GetIdentity(void) const;
 
        void AddListener(unsigned short port);
        void AddConnection(string host, unsigned short port);

diff --git a/icinga/icingaapplication.cpp b/icinga/icingaapplication.cpp
index 2b3ed95b517d97f928b2621f864bb3b633742bb0..ff1408607f21871c0213de3996917216d774900e 100644 (file)
--- a/icinga/icingaapplication.cpp
+++ b/icinga/icingaapplication.cpp
@@ -22,9 +22,14 @@ int IcingaApplication::Main(const vector<string>& args)
                return EXIT_FAILURE;
        }
 
+       shared_ptr<X509> cert = Utility::GetX509Certificate("icinga-c1.crt");
+       string identity = Utility::GetCertificateCN(cert);
+
+       Application::Log("My identity: " + identity);
+
        shared_ptr<SSL_CTX> sslContext = Utility::MakeSSLContext("icinga-c1.crt", "icinga-c1.key", "ca.crt");
 
-       m_EndpointManager = make_shared<EndpointManager>(sslContext);
+       m_EndpointManager = make_shared<EndpointManager>(identity, sslContext);
 
        string componentDirectory = GetExeDirectory() + "/../lib/icinga";
        AddComponentSearchDir(componentDirectory);

diff --git a/icinga/jsonrpcendpoint.cpp b/icinga/jsonrpcendpoint.cpp
index 0fd58ae0a6e0013e4bd69045517fcec3dbd28e7f..1b56009d53453f7ecbb60e03caf1cd5f7882e2a5 100644 (file)
--- a/icinga/jsonrpcendpoint.cpp
+++ b/icinga/jsonrpcendpoint.cpp
@@ -199,3 +199,11 @@ int JsonRpcEndpoint::VerifyCertificateHandler(const VerifyCertificateEventArgs&
 
        return 0;
 }
+
+void JsonRpcEndpoint::Stop(void)
+{
+       if (m_Client) {
+               m_Client->Close();
+               m_Client = JsonRpcClient::Ptr();
+       }
+}

diff --git a/icinga/jsonrpcendpoint.h b/icinga/jsonrpcendpoint.h
index b2340386a11d9629f899eed5db2e80841250f10c..b04cb78f3d0e3a49b4648895f74f6fde1532e75c 100644 (file)
--- a/icinga/jsonrpcendpoint.h
+++ b/icinga/jsonrpcendpoint.h
@@ -50,6 +50,8 @@ public:
 
        virtual void ProcessRequest(Endpoint::Ptr sender, const JsonRpcRequest& message);
        virtual void ProcessResponse(Endpoint::Ptr sender, const JsonRpcResponse& message);
+
+       virtual void Stop(void);
 };
 
 }

diff --git a/icinga/virtualendpoint.cpp b/icinga/virtualendpoint.cpp
index b22f2420efb63da677ae285f9b9b29239983c06c..fd43080d2b76c896e4a28128a7b5f958cc0985d2 100644 (file)
--- a/icinga/virtualendpoint.cpp
+++ b/icinga/virtualendpoint.cpp
@@ -83,3 +83,8 @@ bool VirtualEndpoint::IsAllowedMethodSource(string method) const
 {
        return true;
 }
+
+void VirtualEndpoint::Stop(void)
+{
+       /* Nothing to do here. */
+}

diff --git a/icinga/virtualendpoint.h b/icinga/virtualendpoint.h
index e363dd025c9b05b1455a6783fe5841286478285a..7c7cfbe71ecfa75c72719b8fab334bf24372a08a 100644 (file)
--- a/icinga/virtualendpoint.h
+++ b/icinga/virtualendpoint.h
@@ -38,6 +38,8 @@ public:
 
        virtual void ProcessRequest(Endpoint::Ptr sender, const JsonRpcRequest& message);
        virtual void ProcessResponse(Endpoint::Ptr sender, const JsonRpcResponse& message);
+
+       virtual void Stop(void);
 };
 
 }