/** run as a child thread by test_mongoc_tls_hangup
*
* It:
* 1. spins up
* 2. waits on a condvar until the server is up
* 3. connects to the server's port
* 4. writes a byte
* 5. confirms that the server hangs up promptly
* 6. shuts down
*/
static void *
ssl_hangup_client (void *ptr)
{
ssl_test_data_t *data = (ssl_test_data_t *)ptr;
mongoc_stream_t *sock_stream;
mongoc_stream_t *ssl_stream;
mongoc_socket_t *conn_sock;
char buf = 'b';
ssize_t r;
mongoc_iovec_t riov;
mongoc_iovec_t wiov;
struct sockaddr_in server_addr = { 0 };
int64_t start_time;
conn_sock = mongoc_socket_new (AF_INET, SOCK_STREAM, 0);
assert (conn_sock);
mongoc_mutex_lock (&data->cond_mutex);
while (!data->server_port) {
mongoc_cond_wait (&data->cond, &data->cond_mutex);
}
mongoc_mutex_unlock (&data->cond_mutex);
server_addr.sin_family = AF_INET;
server_addr.sin_port = htons (data->server_port);
server_addr.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
r = mongoc_socket_connect (conn_sock, (struct sockaddr *)&server_addr,
sizeof (server_addr), -1);
assert (r == 0);
sock_stream = mongoc_stream_socket_new (conn_sock);
assert (sock_stream);
ssl_stream = mongoc_stream_tls_new (sock_stream, data->client, 1);
assert (ssl_stream);
r = mongoc_stream_tls_do_handshake (ssl_stream, TIMEOUT);
assert (r);
wiov.iov_base = (void *)&buf;
wiov.iov_len = 1;
r = mongoc_stream_writev (ssl_stream, &wiov, 1, TIMEOUT);
assert (r == 1);
riov.iov_base = (void *)&buf;
riov.iov_len = 1;
/* we should notice promptly that the server hangs up */
start_time = bson_get_monotonic_time ();
r = mongoc_stream_readv (ssl_stream, &riov, 1, 1, TIMEOUT);
/* time is in microseconds */
assert (bson_get_monotonic_time () - start_time < 1000 * 1000);
assert (r == -1);
mongoc_stream_destroy (ssl_stream);
data->client_result->result = SSL_TEST_SUCCESS;
return NULL;
}
static mongoc_stream_t *
mongoc_client_default_stream_initiator (const mongoc_uri_t *uri,
const mongoc_host_list_t *host,
void *user_data,
bson_error_t *error)
{
mongoc_stream_t *base_stream = NULL;
#ifdef MONGOC_ENABLE_SSL
mongoc_client_t *client = user_data;
const bson_t *options;
bson_iter_t iter;
const char *mechanism;
#endif
bson_return_val_if_fail (uri, NULL);
bson_return_val_if_fail (host, NULL);
#ifndef MONGOC_ENABLE_SSL
if (mongoc_uri_get_ssl (uri)) {
bson_set_error (error,
MONGOC_ERROR_CLIENT,
MONGOC_ERROR_CLIENT_NO_ACCEPTABLE_PEER,
"SSL is not enabled in this build of mongo-c-driver.");
return NULL;
}
#endif
switch (host->family) {
#if defined(AF_INET6)
case AF_INET6:
#endif
case AF_INET:
base_stream = mongoc_client_connect_tcp (uri, host, error);
break;
case AF_UNIX:
base_stream = mongoc_client_connect_unix (uri, host, error);
break;
default:
bson_set_error (error,
MONGOC_ERROR_STREAM,
MONGOC_ERROR_STREAM_INVALID_TYPE,
"Invalid address family: 0x%02x", host->family);
break;
}
#ifdef MONGOC_ENABLE_SSL
if (base_stream) {
options = mongoc_uri_get_options (uri);
mechanism = mongoc_uri_get_auth_mechanism (uri);
if ((bson_iter_init_find_case (&iter, options, "ssl") &&
bson_iter_as_bool (&iter)) ||
(mechanism && (0 == strcmp (mechanism, "MONGODB-X509")))) {
base_stream = mongoc_stream_tls_new (base_stream, &client->ssl_opts,
true);
if (!base_stream) {
bson_set_error (error,
MONGOC_ERROR_STREAM,
MONGOC_ERROR_STREAM_SOCKET,
"Failed initialize TLS state.");
return NULL;
}
if (!mongoc_stream_tls_do_handshake (base_stream, -1) ||
!mongoc_stream_tls_check_cert (base_stream, host->host)) {
bson_set_error (error,
MONGOC_ERROR_STREAM,
MONGOC_ERROR_STREAM_SOCKET,
"Failed to handshake and validate TLS certificate.");
mongoc_stream_destroy (base_stream);
base_stream = NULL;
return NULL;
}
}
}
#endif
return base_stream ? mongoc_stream_buffered_new (base_stream, 1024) : NULL;
}
mongoc_stream_t *
mongoc_client_default_stream_initiator (const mongoc_uri_t *uri,
const mongoc_host_list_t *host,
void *user_data,
bson_error_t *error)
{
mongoc_stream_t *base_stream = NULL;
#ifdef MONGOC_ENABLE_SSL
mongoc_client_t *client = (mongoc_client_t *)user_data;
const char *mechanism;
int32_t connecttimeoutms;
#endif
BSON_ASSERT (uri);
BSON_ASSERT (host);
#ifndef MONGOC_ENABLE_SSL
if (mongoc_uri_get_ssl (uri)) {
bson_set_error (error,
MONGOC_ERROR_CLIENT,
MONGOC_ERROR_CLIENT_NO_ACCEPTABLE_PEER,
"SSL is not enabled in this build of mongo-c-driver.");
return NULL;
}
#endif
switch (host->family) {
#if defined(AF_INET6)
case AF_INET6:
#endif
case AF_INET:
base_stream = mongoc_client_connect_tcp (uri, host, error);
break;
case AF_UNIX:
base_stream = mongoc_client_connect_unix (uri, host, error);
break;
default:
bson_set_error (error,
MONGOC_ERROR_STREAM,
MONGOC_ERROR_STREAM_INVALID_TYPE,
"Invalid address family: 0x%02x", host->family);
break;
}
#ifdef MONGOC_ENABLE_SSL
if (base_stream) {
mechanism = mongoc_uri_get_auth_mechanism (uri);
if (client->use_ssl ||
(mechanism && (0 == strcmp (mechanism, "MONGODB-X509")))) {
base_stream = mongoc_stream_tls_new (base_stream, &client->ssl_opts,
true);
if (!base_stream) {
bson_set_error (error,
MONGOC_ERROR_STREAM,
MONGOC_ERROR_STREAM_SOCKET,
"Failed initialize TLS state.");
return NULL;
}
connecttimeoutms = mongoc_uri_get_option_as_int32 (
uri, "connecttimeoutms", MONGOC_DEFAULT_CONNECTTIMEOUTMS);
if (!mongoc_stream_tls_do_handshake (base_stream, connecttimeoutms) ||
!mongoc_stream_tls_check_cert (base_stream, host->host)) {
bson_set_error (error,
MONGOC_ERROR_STREAM,
MONGOC_ERROR_STREAM_SOCKET,
"Failed to handshake and validate TLS certificate.");
mongoc_stream_destroy (base_stream);
return NULL;
}
}
}
#endif
return base_stream ? mongoc_stream_buffered_new (base_stream, 1024) : NULL;
}
/** this function is meant to be run from ssl_test as a child thread
*
* It:
* 1. spins up
* 2. binds and listens to a random port
* 3. notifies the client of it's port through a condvar
* 4. accepts a request
* 5. reads a 32 bit length
* 6. reads a string of that length
* 7. echos it back to the client
* 8. shuts down
*/
static void *
ssl_test_server (void * ptr)
{
ssl_test_data_t *data = (ssl_test_data_t *)ptr;
mongoc_stream_t *sock_stream;
mongoc_stream_t *ssl_stream;
mongoc_socket_t *listen_sock;
mongoc_socket_t *conn_sock;
socklen_t sock_len;
char buf[1024];
ssize_t r;
mongoc_iovec_t iov;
struct sockaddr_in server_addr = { 0 };
int len;
iov.iov_base = buf;
iov.iov_len = sizeof buf;
listen_sock = mongoc_socket_new (AF_INET, SOCK_STREAM, 0);
assert (listen_sock);
server_addr.sin_family = AF_INET;
server_addr.sin_addr.s_addr = htonl (INADDR_ANY);
server_addr.sin_port = htons (0);
r = mongoc_socket_bind (listen_sock,
(struct sockaddr *)&server_addr,
sizeof server_addr);
assert (r == 0);
sock_len = sizeof(server_addr);
r = mongoc_socket_getsockname (listen_sock, (struct sockaddr *)&server_addr, &sock_len);
assert(r == 0);
r = mongoc_socket_listen (listen_sock, 10);
assert(r == 0);
mongoc_mutex_lock(&data->cond_mutex);
data->server_port = ntohs(server_addr.sin_port);
mongoc_cond_signal(&data->cond);
mongoc_mutex_unlock(&data->cond_mutex);
conn_sock = mongoc_socket_accept (listen_sock, -1);
assert (conn_sock);
sock_stream = mongoc_stream_socket_new (conn_sock);
assert (sock_stream);
ssl_stream = mongoc_stream_tls_new(sock_stream, data->server, 0);
if (!ssl_stream) {
unsigned long err = ERR_get_error();
assert(err);
data->server_result->ssl_err = err;
data->server_result->result = SSL_TEST_SSL_INIT;
mongoc_stream_destroy (sock_stream);
mongoc_socket_destroy (listen_sock);
return NULL;
}
assert(ssl_stream);
r = mongoc_stream_tls_do_handshake (ssl_stream, TIMEOUT);
if (!r) {
unsigned long err = ERR_get_error();
assert(err);
data->server_result->ssl_err = err;
data->server_result->result = SSL_TEST_SSL_HANDSHAKE;
mongoc_socket_destroy (listen_sock);
mongoc_stream_destroy(ssl_stream);
return NULL;
}
r = mongoc_stream_readv(ssl_stream, &iov, 1, 4, TIMEOUT);
if (r < 0) {
#ifdef _WIN32
assert(errno == WSAETIMEDOUT);
#else
assert(errno == ETIMEDOUT);
#endif
data->server_result->err = errno;
data->server_result->result = SSL_TEST_TIMEOUT;
mongoc_stream_destroy(ssl_stream);
mongoc_socket_destroy (listen_sock);
return NULL;
}
assert(r == 4);
memcpy(&len, iov.iov_base, r);
r = mongoc_stream_readv(ssl_stream, &iov, 1, len, TIMEOUT);
assert(r == len);
iov.iov_len = r;
mongoc_stream_writev(ssl_stream, &iov, 1, TIMEOUT);
mongoc_stream_destroy(ssl_stream);
mongoc_socket_destroy (listen_sock);
data->server_result->result = SSL_TEST_SUCCESS;
return NULL;
}
/** this function is meant to be run from ssl_test as a child thread
*
* It:
* 1. spins up
* 2. waits on a condvar until the server is up
* 3. connects to the servers port
* 4. writes a 4 bytes length
* 5. writes a string of length size
* 6. reads a response back of the given length
* 7. confirms that its the same as what was written
* 8. shuts down
*/
static void *
ssl_test_client (void * ptr)
{
ssl_test_data_t *data = (ssl_test_data_t *)ptr;
mongoc_stream_t *sock_stream;
mongoc_stream_t *ssl_stream;
mongoc_socket_t *conn_sock;
char buf[1024];
ssize_t r;
mongoc_iovec_t riov;
mongoc_iovec_t wiov;
struct sockaddr_in server_addr = { 0 };
int len;
riov.iov_base = buf;
riov.iov_len = sizeof buf;
conn_sock = mongoc_socket_new (AF_INET, SOCK_STREAM, 0);
assert (conn_sock);
mongoc_mutex_lock(&data->cond_mutex);
while (! data->server_port) {
mongoc_cond_wait(&data->cond, &data->cond_mutex);
}
mongoc_mutex_unlock(&data->cond_mutex);
server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(data->server_port);
r = inet_pton(AF_INET, LOCALHOST, &server_addr.sin_addr);
assert (r > 0);
r = mongoc_socket_connect (conn_sock, (struct sockaddr *)&server_addr, sizeof(server_addr), -1);
assert (r == 0);
sock_stream = mongoc_stream_socket_new (conn_sock);
assert(sock_stream);
ssl_stream = mongoc_stream_tls_new(sock_stream, data->client, 1);
if (! ssl_stream) {
unsigned long err = ERR_get_error();
assert(err);
data->client_result->ssl_err = err;
data->client_result->result = SSL_TEST_SSL_INIT;
mongoc_stream_destroy(sock_stream);
return NULL;
}
assert(ssl_stream);
errno = 0;
r = mongoc_stream_tls_do_handshake (ssl_stream, TIMEOUT);
if (! r) {
unsigned long err = ERR_get_error();
assert(err || errno);
if (err) {
data->client_result->ssl_err = err;
} else {
data->client_result->err = errno;
}
data->client_result->result = SSL_TEST_SSL_HANDSHAKE;
mongoc_stream_destroy(ssl_stream);
return NULL;
}
r = mongoc_stream_tls_check_cert (ssl_stream, data->host);
if (! r) {
data->client_result->result = SSL_TEST_SSL_VERIFY;
mongoc_stream_destroy(ssl_stream);
return NULL;
}
len = 4;
wiov.iov_base = (void *)&len;
wiov.iov_len = 4;
r = mongoc_stream_writev(ssl_stream, &wiov, 1, TIMEOUT);
assert(r == wiov.iov_len);
wiov.iov_base = "foo";
wiov.iov_len = 4;
r = mongoc_stream_writev(ssl_stream, &wiov, 1, TIMEOUT);
assert(r == wiov.iov_len);
r = mongoc_stream_readv(ssl_stream, &riov, 1, 4, TIMEOUT);
assert(r > 0);
assert(r == wiov.iov_len);
assert(strcmp(riov.iov_base, wiov.iov_base) == 0);
mongoc_stream_destroy(ssl_stream);
data->client_result->result = SSL_TEST_SUCCESS;
return NULL;
}
/** run as a child thread by test_mongoc_tls_hangup
*
* It:
* 1. spins up
* 2. binds and listens to a random port
* 3. notifies the client of its port through a condvar
* 4. accepts a request
* 5. reads a byte
* 7. hangs up
*/
static void *
ssl_error_server (void *ptr)
{
ssl_test_data_t *data = (ssl_test_data_t *)ptr;
mongoc_stream_t *sock_stream;
mongoc_stream_t *ssl_stream;
mongoc_socket_t *listen_sock;
mongoc_socket_t *conn_sock;
socklen_t sock_len;
char buf;
ssize_t r;
mongoc_iovec_t iov;
struct sockaddr_in server_addr = { 0 };
iov.iov_base = &buf;
iov.iov_len = 1;
listen_sock = mongoc_socket_new (AF_INET, SOCK_STREAM, 0);
assert (listen_sock);
server_addr.sin_family = AF_INET;
server_addr.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
server_addr.sin_port = htons (0);
r = mongoc_socket_bind (listen_sock,
(struct sockaddr *)&server_addr,
sizeof server_addr);
assert (r == 0);
sock_len = sizeof (server_addr);
r = mongoc_socket_getsockname (listen_sock, (struct sockaddr *)&server_addr,
&sock_len);
assert (r == 0);
r = mongoc_socket_listen (listen_sock, 10);
assert (r == 0);
mongoc_mutex_lock (&data->cond_mutex);
data->server_port = ntohs (server_addr.sin_port);
mongoc_cond_signal (&data->cond);
mongoc_mutex_unlock (&data->cond_mutex);
conn_sock = mongoc_socket_accept (listen_sock, -1);
assert (conn_sock);
sock_stream = mongoc_stream_socket_new (conn_sock);
assert (sock_stream);
ssl_stream = mongoc_stream_tls_new (sock_stream, data->server, 0);
assert (ssl_stream);
switch (data->behavior) {
case SSL_TEST_BEHAVIOR_STALL_BEFORE_HANDSHAKE:
_mongoc_usleep (data->handshake_stall_ms * 1000);
break;
case SSL_TEST_BEHAVIOR_HANGUP_AFTER_HANDSHAKE:
r = mongoc_stream_tls_do_handshake (ssl_stream, TIMEOUT);
assert (r);
r = mongoc_stream_readv (ssl_stream, &iov, 1, 1, TIMEOUT);
assert (r == 1);
break;
case SSL_TEST_BEHAVIOR_NORMAL:
default:
fprintf (stderr, "unimplemented ssl_test_behavior_t\n");
abort ();
}
data->server_result->result = SSL_TEST_SUCCESS;
mongoc_stream_close (ssl_stream);
mongoc_stream_destroy (ssl_stream);
mongoc_socket_destroy (listen_sock);
return NULL;
}
/** this function is meant to be run from ssl_test as a child thread
*
* It:
* 1. spins up
* 2. waits on a condvar until the server is up
* 3. connects to the servers port
* 4. writes a 4 bytes length
* 5. writes a string of length size
* 6. reads a response back of the given length
* 7. confirms that its the same as what was written
* 8. shuts down
*/
static void *
ssl_test_client (void * ptr)
{
ssl_test_data_t *data = (ssl_test_data_t *)ptr;
mongoc_stream_t *sock_stream;
mongoc_stream_t *ssl_stream;
mongoc_socket_t *conn_sock;
int i;
int errno_captured;
char buf[1024];
ssize_t r;
mongoc_iovec_t riov;
mongoc_iovec_t wiov;
mongoc_iovec_t wiov_many[NUM_IOVECS];
struct sockaddr_in server_addr = { 0 };
int len;
riov.iov_base = buf;
riov.iov_len = sizeof buf;
conn_sock = mongoc_socket_new (AF_INET, SOCK_STREAM, 0);
assert (conn_sock);
mongoc_mutex_lock(&data->cond_mutex);
while (! data->server_port) {
mongoc_cond_wait(&data->cond, &data->cond_mutex);
}
mongoc_mutex_unlock(&data->cond_mutex);
server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(data->server_port);
server_addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
r = mongoc_socket_connect (conn_sock, (struct sockaddr *)&server_addr, sizeof(server_addr), -1);
assert (r == 0);
sock_stream = mongoc_stream_socket_new (conn_sock);
assert(sock_stream);
ssl_stream = mongoc_stream_tls_new(sock_stream, data->client, 1);
if (! ssl_stream) {
unsigned long err = ERR_get_error();
assert(err);
data->client_result->ssl_err = err;
data->client_result->result = SSL_TEST_SSL_INIT;
mongoc_stream_destroy(sock_stream);
return NULL;
}
assert(ssl_stream);
errno = 0;
r = mongoc_stream_tls_do_handshake (ssl_stream, TIMEOUT);
errno_captured = errno;
if (! r) {
unsigned long err = ERR_get_error();
assert(err || errno_captured);
if (err) {
data->client_result->ssl_err = err;
} else {
data->client_result->err = errno_captured;
}
data->client_result->result = SSL_TEST_SSL_HANDSHAKE;
mongoc_stream_destroy(ssl_stream);
return NULL;
}
r = mongoc_stream_tls_check_cert (ssl_stream, data->host);
if (! r) {
data->client_result->result = SSL_TEST_SSL_VERIFY;
mongoc_stream_destroy(ssl_stream);
return NULL;
}
len = 4 * NUM_IOVECS;
wiov.iov_base = (void *)&len;
wiov.iov_len = 4;
r = mongoc_stream_writev(ssl_stream, &wiov, 1, TIMEOUT);
assert(r == wiov.iov_len);
for (i = 0; i < NUM_IOVECS; i++) {
wiov_many[i].iov_base = "foo";
wiov_many[i].iov_len = 4;
}
r = mongoc_stream_writev(ssl_stream, wiov_many, NUM_IOVECS, TIMEOUT);
assert(r == wiov_many[0].iov_len * NUM_IOVECS);
riov.iov_len = 1;
r = mongoc_stream_readv(ssl_stream, &riov, 1, 1, TIMEOUT);
assert(r == 1);
assert(memcmp(riov.iov_base, "f", 1) == 0);
riov.iov_len = 3;
r = mongoc_stream_readv(ssl_stream, &riov, 1, 3, TIMEOUT);
assert(r == 3);
assert(memcmp(riov.iov_base, "oo", 3) == 0);
mongoc_stream_destroy(ssl_stream);
data->client_result->result = SSL_TEST_SUCCESS;
return NULL;
}
