[omniORB] Interceptor access check - getting there - but a few questions.

[JHJE (Jan Holst Jensen)]

Hi list.

I am approaching an omniNames with simple IP address access check. I
have added a serverReceiveRequest interceptor in omniNames.cc and can
get the client address and raise a NO_PERMISSION as appropriate.
However, I am still uncertain about a couple of issues:

1) Sometimes there is no call descriptor. Seems to always be when the
connection is established so I suspect that the server is then handling
a location forward request (?). Is it always safe to assume that the
server will never foward calls to a servant when there is no call
descriptor ?

2) I can't log an opname when using omniORB apps like nameclt or
eg3_clt. When using a remote CORBA client written in pascal the opname
is logged as expected. What is a more reliable approach for getting the
opname ?

Interceptor code is shown below.

Cheers
-- Jan Holst Jensen, Novo Nordisk A/S, Denmark

static
CORBA::Boolean
checkUpdateAccess(omniInterceptors::serverReceiveRequest_T::info_T&
info) {

  omniORB::logger log;

  omniCallDescriptor* calldesc = info.giop_s.calldescriptor();
  if (!calldesc) {
    // No call descriptor - caused by location forward messages ? Safe
to ignore ?
    log << "No calldescriptor - bailing out!\n";
    return 1;
  }
  const char* opname = calldesc->op();
  if (!opname) { log << "No opname!\n"; }
  // opname is '' when using omniORB apps. Why ?
  // Above if statement is not trigged, so opname is not a null pointer.
  log << "opname is '" << opname << "'\n";

  giopStrand& strand = (giopStrand&)((giopStream&)info.giop_s);
  const char* strandPeerAddress = strand.connection->peeraddress();
  log << "Request from " << strandPeerAddress << "\n";

  // Testing: Only allow connections from localhost 10.9.4.204.
  if ( !strstr(strandPeerAddress, "giop:tcp:10.9.4.204") ) {
    log << "Rejected access to " << strandPeerAddress << "\n";
    OMNIORB_THROW(NO_PERMISSION, 0, CORBA::COMPLETED_NO);
  }

  return 1;

}