static void
print_doc (const bson_t *b)
{
char *str;
str = bson_as_json(b, NULL);
MONGOC_DEBUG("%s", str);
bson_free(str);
}
void
mongoc_client_set_stream_initiator (mongoc_client_t *client,
mongoc_stream_initiator_t initiator,
void *user_data)
{
bson_return_if_fail (client);
if (!initiator) {
initiator = mongoc_client_default_stream_initiator;
user_data = client;
} else {
MONGOC_DEBUG ("Using custom stream initiator.");
}
client->initiator = initiator;
client->initiator_data = user_data;
}
void
mongoc_client_set_stream_initiator (mongoc_client_t *client,
mongoc_stream_initiator_t initiator,
void *user_data)
{
BSON_ASSERT (client);
if (!initiator) {
initiator = mongoc_client_default_stream_initiator;
user_data = client;
} else {
MONGOC_DEBUG ("Using custom stream initiator.");
}
client->initiator = initiator;
client->initiator_data = user_data;
if (client->topology->single_threaded) {
mongoc_topology_scanner_set_stream_initiator (client->topology->scanner,
initiator, user_data);
}
}
bool
mongoc_secure_transport_setup_ca (mongoc_stream_tls_secure_transport_t *secure_transport,
mongoc_ssl_opt_t *opt)
{
if (opt->ca_file) {
CFArrayRef items;
SecExternalItemType type = kSecItemTypeCertificate;
bool success = _mongoc_secure_transport_import_pem (opt->ca_file, NULL, &items, &type);
if (!success) {
MONGOC_ERROR ("Can't find certificate in \"%s\"", opt->ca_file);
return false;
}
if (type == kSecItemTypeAggregate) {
CFMutableArrayRef anchors = CFArrayCreateMutable (kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
for (CFIndex i = 0; i < CFArrayGetCount (items); ++i) {
CFTypeID item_id = CFGetTypeID (CFArrayGetValueAtIndex (items, i));
if (item_id == SecCertificateGetTypeID()) {
CFArrayAppendValue (anchors, CFArrayGetValueAtIndex (items, i));
}
}
secure_transport->anchors = CFRetain (anchors);
CFRelease (items);
} else if (type == kSecItemTypeCertificate) {
secure_transport->anchors = CFRetain (items);
}
/* This should be SSLSetCertificateAuthorities But the /TLS/ tests fail when it is */
success = !SSLSetTrustedRoots (secure_transport->ssl_ctx_ref, secure_transport->anchors, true);
MONGOC_DEBUG ("Setting certificate authority %s (%s)", success ? "succeeded" : "failed", opt->ca_file);
return true;
}
MONGOC_INFO ("No CA provided, using defaults");
return false;
}
static void
ha_replica_set_configure (ha_replica_set_t *replica_set,
ha_node_t *primary)
{
mongoc_database_t *database;
mongoc_client_t *client;
mongoc_cursor_t *cursor;
const bson_t *doc;
bson_error_t error;
bson_iter_t iter;
ha_node_t *node;
bson_t ar;
bson_t cmd;
bson_t config;
bson_t member;
char *str;
char *uristr;
char hoststr[32];
char key[8];
int i = 0;
uristr = bson_strdup_printf("mongodb://127.0.0.1:%hu/", primary->port);
client = mongoc_client_new(uristr);
#ifdef MONGOC_ENABLE_SSL
if (replica_set->ssl_opt) {
mongoc_client_set_ssl_opts(client, replica_set->ssl_opt);
}
#endif
bson_free(uristr);
bson_init(&cmd);
bson_append_document_begin(&cmd, "replSetInitiate", -1, &config);
bson_append_utf8(&config, "_id", 3, replica_set->name, -1);
bson_append_array_begin(&config, "members", -1, &ar);
for (node = replica_set->nodes; node; node = node->next) {
snprintf(key, sizeof key, "%u", i);
key[sizeof key - 1] = '\0';
snprintf(hoststr, sizeof hoststr, "127.0.0.1:%hu", node->port);
hoststr[sizeof hoststr - 1] = '\0';
bson_append_document_begin(&ar, key, -1, &member);
bson_append_int32(&member, "_id", -1, i);
bson_append_utf8(&member, "host", -1, hoststr, -1);
bson_append_bool(&member, "arbiterOnly", -1, node->is_arbiter);
bson_append_document_end(&ar, &member);
i++;
}
bson_append_array_end(&config, &ar);
bson_append_document_end(&cmd, &config);
str = bson_as_json(&cmd, NULL);
MONGOC_DEBUG("Config: %s", str);
bson_free(str);
database = mongoc_client_get_database(client, "admin");
again:
cursor = mongoc_database_command(database,
MONGOC_QUERY_NONE,
0,
1,
&cmd,
NULL,
NULL);
while (mongoc_cursor_next(cursor, &doc)) {
str = bson_as_json(doc, NULL);
MONGOC_DEBUG("Reply: %s", str);
bson_free(str);
if (bson_iter_init_find(&iter, doc, "ok") &&
bson_iter_as_bool(&iter)) {
goto cleanup;
}
}
if (mongoc_cursor_error(cursor, &error)) {
mongoc_cursor_destroy(cursor);
MONGOC_WARNING("%s: Retrying in 1 second.", error.message);
sleep(1);
goto again;
}
cleanup:
mongoc_cursor_destroy(cursor);
mongoc_database_destroy(database);
mongoc_client_destroy(client);
bson_destroy(&cmd);
}
static void
test1 (void)
{
mongoc_server_description_t *description;
mongoc_collection_t *collection;
mongoc_read_prefs_t *read_prefs;
mongoc_cursor_t *cursor;
mongoc_client_t *client;
mongoc_client_pool_t *pool = NULL;
const bson_t *doc;
bson_error_t error;
bool r;
ha_node_t *replica;
bson_t q;
int i;
bson_init(&q);
if (use_pool) {
pool = ha_replica_set_create_client_pool(replica_set);
client = mongoc_client_pool_pop (pool);
} else {
client = ha_replica_set_create_client(replica_set);
}
collection = mongoc_client_get_collection(client, "test1", "test1");
MONGOC_DEBUG("Inserting test documents.");
insert_test_docs(collection);
MONGOC_INFO("Test documents inserted.");
read_prefs = mongoc_read_prefs_new(MONGOC_READ_SECONDARY);
MONGOC_DEBUG("Sending query to a SECONDARY.");
cursor = mongoc_collection_find(collection,
MONGOC_QUERY_NONE,
0,
0,
100,
&q,
NULL,
read_prefs);
BSON_ASSERT(cursor);
BSON_ASSERT(!cursor->server_id);
/*
* Send OP_QUERY to server and get first document back.
*/
MONGOC_INFO("Sending OP_QUERY.");
r = mongoc_cursor_next(cursor, &doc);
BSON_ASSERT(r);
BSON_ASSERT(cursor->server_id);
BSON_ASSERT(cursor->sent);
BSON_ASSERT(!cursor->done);
BSON_ASSERT(cursor->rpc.reply.n_returned == 100);
BSON_ASSERT(!cursor->end_of_event);
/*
* Make sure we queried a secondary.
*/
description = mongoc_topology_server_by_id(client->topology,
cursor->server_id,
&error);
ASSERT_OR_PRINT (description, error);
BSON_ASSERT (description->type != MONGOC_SERVER_RS_PRIMARY);
mongoc_server_description_destroy(description);
/*
* Exhaust the items in our first OP_REPLY.
*/
MONGOC_DEBUG("Exhausting OP_REPLY.");
for (i = 0; i < 98; i++) {
r = mongoc_cursor_next(cursor, &doc);
BSON_ASSERT(r);
BSON_ASSERT(cursor->server_id);
BSON_ASSERT(!cursor->done);
BSON_ASSERT(!cursor->end_of_event);
}
/*
* Finish off the last item in this OP_REPLY.
*/
MONGOC_INFO("Fetcing last doc from OP_REPLY.");
r = mongoc_cursor_next(cursor, &doc);
BSON_ASSERT(r);
BSON_ASSERT(cursor->server_id);
BSON_ASSERT(cursor->sent);
BSON_ASSERT(!cursor->done);
BSON_ASSERT(!cursor->end_of_event);
/*
* Determine which node we queried by using the server_id to
* get the cluster information.
*/
BSON_ASSERT(cursor->server_id);
replica = get_replica(client, cursor->server_id);
/*
* Kill the node we are communicating with.
*/
MONGOC_INFO("Killing replicaSet node to synthesize failure.");
ha_node_kill(replica);
/*
* Try to fetch the next result set, expect failure.
*/
MONGOC_DEBUG("Checking for expected failure.");
r = mongoc_cursor_next(cursor, &doc);
BSON_ASSERT(!r);
r = mongoc_cursor_error(cursor, &error);
BSON_ASSERT(r);
MONGOC_WARNING("%s", error.message);
mongoc_cursor_destroy(cursor);
mongoc_read_prefs_destroy(read_prefs);
mongoc_collection_destroy(collection);
if (use_pool) {
mongoc_client_pool_push (pool, client);
mongoc_client_pool_destroy (pool);
} else {
mongoc_client_destroy(client);
}
bson_destroy(&q);
ha_node_restart(replica);
}
bool
mongoc_secure_transport_setup_certificate (mongoc_stream_tls_secure_transport_t *secure_transport,
mongoc_ssl_opt_t *opt)
{
bool success;
CFArrayRef items;
SecIdentityRef id;
SecKeyRef key = NULL;
SecCertificateRef cert = NULL;
SecExternalItemType type = kSecItemTypeCertificate;
if (!opt->pem_file) {
MONGOC_INFO ("No private key provided, the server won't be able to verify us");
return false;
}
success = _mongoc_secure_transport_import_pem (opt->pem_file, opt->pem_pwd, &items, &type);
if (!success) {
MONGOC_ERROR ("Can't find certificate in: '%s'", opt->pem_file);
return false;
}
if (type != kSecItemTypeAggregate) {
MONGOC_ERROR ("Cannot work with keys of type \"%d\". Please file a JIRA", type);
CFRelease (items);
return false;
}
for (CFIndex i = 0; i < CFArrayGetCount (items); ++i) {
CFTypeID item_id = CFGetTypeID (CFArrayGetValueAtIndex (items, i));
if (item_id == SecCertificateGetTypeID()) {
cert = (SecCertificateRef) CFArrayGetValueAtIndex (items, i);
} else if (item_id == SecKeyGetTypeID()) {
key = (SecKeyRef) CFArrayGetValueAtIndex (items, i);
}
}
if (!cert || !key) {
MONGOC_ERROR ("Couldn't find valid private key");
CFRelease (items);
return false;
}
id = SecIdentityCreate (kCFAllocatorDefault, cert, key);
secure_transport->my_cert = CFArrayCreateMutableCopy(kCFAllocatorDefault, (CFIndex)2, items);
CFArraySetValueAtIndex(secure_transport->my_cert, 0, id);
CFArraySetValueAtIndex(secure_transport->my_cert, 1, cert);
/*
* Secure Transport assumes the following:
* * The certificate references remain valid for the lifetime of the session.
* * The identity specified in certRefs[0] is capable of signing.
*/
success = !SSLSetCertificate (secure_transport->ssl_ctx_ref, secure_transport->my_cert);
MONGOC_DEBUG("Setting client certificate %s", success ? "succeeded" : "failed");
CFRelease (items);
return true;
}
bool
_mongoc_cluster_auth_node_cyrus (mongoc_cluster_t *cluster,
mongoc_stream_t *stream,
mongoc_server_description_t *sd,
bson_error_t *error)
{
mongoc_cmd_parts_t parts;
uint32_t buflen = 0;
mongoc_cyrus_t sasl;
bson_iter_t iter;
bool ret = false;
const char *tmpstr;
uint8_t buf[4096] = {0};
bson_t cmd;
bson_t reply;
int conv_id = 0;
mongoc_server_stream_t *server_stream;
BSON_ASSERT (cluster);
BSON_ASSERT (stream);
if (!_mongoc_cyrus_new_from_cluster (
&sasl, cluster, stream, sd->host.host, error)) {
return false;
}
for (;;) {
mongoc_cmd_parts_init (
&parts, cluster->client, "$external", MONGOC_QUERY_SLAVE_OK, &cmd);
if (!_mongoc_cyrus_step (
&sasl, buf, buflen, buf, sizeof buf, &buflen, error)) {
goto failure;
}
bson_init (&cmd);
if (sasl.step == 1) {
_mongoc_cluster_build_sasl_start (
&cmd, sasl.credentials.mechanism, (const char *) buf, buflen);
} else {
_mongoc_cluster_build_sasl_continue (
&cmd, conv_id, (const char *) buf, buflen);
}
TRACE ("SASL: authenticating (step %d)", sasl.step);
server_stream = _mongoc_cluster_create_server_stream (
cluster->client->topology, sd->id, stream, error);
if (!mongoc_cmd_parts_assemble (&parts, server_stream, error)) {
mongoc_server_stream_cleanup (server_stream);
bson_destroy (&cmd);
goto failure;
}
if (!mongoc_cluster_run_command_private (
cluster, &parts.assembled, &reply, error)) {
mongoc_server_stream_cleanup (server_stream);
bson_destroy (&cmd);
bson_destroy (&reply);
goto failure;
}
mongoc_server_stream_cleanup (server_stream);
bson_destroy (&cmd);
if (bson_iter_init_find (&iter, &reply, "done") &&
bson_iter_as_bool (&iter)) {
bson_destroy (&reply);
break;
}
conv_id = _mongoc_cluster_get_conversation_id (&reply);
if (!bson_iter_init_find (&iter, &reply, "payload") ||
!BSON_ITER_HOLDS_UTF8 (&iter)) {
MONGOC_DEBUG ("SASL: authentication failed");
bson_destroy (&reply);
bson_set_error (error,
MONGOC_ERROR_CLIENT,
MONGOC_ERROR_CLIENT_AUTHENTICATE,
"Received invalid SASL reply from MongoDB server.");
goto failure;
}
tmpstr = bson_iter_utf8 (&iter, &buflen);
if (buflen > sizeof buf) {
bson_set_error (error,
MONGOC_ERROR_CLIENT,
MONGOC_ERROR_CLIENT_AUTHENTICATE,
"SASL reply from MongoDB is too large.");
bson_destroy (&reply);
goto failure;
}
memcpy (buf, tmpstr, buflen);
bson_destroy (&reply);
mongoc_cmd_parts_cleanup (&parts);
}
TRACE ("%s", "SASL: authenticated");
ret = true;
failure:
_mongoc_cyrus_destroy (&sasl);
mongoc_cmd_parts_cleanup (&parts);
return ret;
}
