CDRIVER-3934 Correctly handle network errors during speculative authentication (#791)

alcaeus · alcaeus · commit e657c13a4eac · 2021-05-10T13:40:55.000+02:00
* CDRIVER-3934 Correctly handle network errors during speculative authentication * Assert request before getting memory failure * Fix code review feedback
diff --git a/src/libmongoc/src/mongoc/mongoc-cluster.c b/src/libmongoc/src/mongoc/mongoc-cluster.c
@@ -2426,6 +2426,12 @@ mongoc_cluster_fetch_stream_single (mongoc_cluster_t *cluster,
       _mongoc_scram_destroy (&scanner_node->scram);
 #endif
 
+      if (!scanner_node->stream) {
+         memcpy (error, &sd->error, sizeof *error);
+         mongoc_server_description_destroy (sd);
+         return NULL;
+      }
+
       if (!has_speculative_auth &&
           !_mongoc_cluster_auth_node (cluster,
                                       scanner_node->stream,
diff --git a/src/libmongoc/tests/test-mongoc-change-stream.c b/src/libmongoc/tests/test-mongoc-change-stream.c
@@ -776,12 +776,14 @@ test_change_stream_resumable_error (void)
                                     "db",
                                     MONGOC_QUERY_SLAVE_OK,
                                     "{ 'getMore': 123, 'collection': 'coll' }");
+   BSON_ASSERT (request);
    mock_server_hangs_up (request);
    request_destroy (request);
 
    /* Retry command */
    request = mock_server_receives_command (
       server, "db", MONGOC_QUERY_SLAVE_OK, watch_cmd);
+   BSON_ASSERT (request);
    mock_server_replies_simple (
       request,
       "{'cursor': {'id': 124,'ns': 'db.coll','firstBatch': []},'ok': 1 }");
diff --git a/src/libmongoc/tests/test-mongoc-client.c b/src/libmongoc/tests/test-mongoc-client.c
@@ -484,6 +484,134 @@ test_mongoc_client_authenticate (void *context)
 }
 
 
+static void
+test_mongoc_client_speculative_auth_failure (bool pooled)
+{
+   mongoc_client_t *admin_client;
+   char *username;
+   bson_t roles;
+   mongoc_database_t *database;
+   char *uri_str_no_auth;
+   char *uri_str_auth;
+   mongoc_collection_t *collection;
+   mongoc_client_t *auth_client;
+   mongoc_client_pool_t *pool;
+   mongoc_uri_t *uri;
+   mongoc_cursor_t *cursor;
+   const bson_t *doc;
+   bson_error_t error;
+   bool r;
+   bson_t q;
+
+   /*
+    * Log in as admin.
+    */
+   admin_client = test_framework_client_new ();
+
+   /*
+    * Add a user to the test database.
+    */
+   username = gen_test_user ();
+   database = mongoc_client_get_database (admin_client, "test");
+   (void) mongoc_database_remove_user (database, username, &error);
+   bson_init (&roles);
+   BCON_APPEND (&roles, "0", "{", "role", "read", "db", "test", "}");
+
+   r = mongoc_database_add_user (database,
+                                 username,
+                                 "testpass",
+                                 tmp_bson ("[{'role': 'read', 'db': 'test'}]"),
+                                 NULL,
+                                 &error);
+
+   ASSERT_OR_PRINT (r, error);
+   mongoc_database_destroy (database);
+
+   bson_init (&q);
+   uri_str_no_auth = test_framework_get_uri_str_no_auth ("test");
+   uri_str_auth =
+      test_framework_add_user_password (uri_str_no_auth, username, "testpass");
+
+   if (pooled) {
+      uri = mongoc_uri_new (uri_str_auth);
+      pool = mongoc_client_pool_new (uri);
+      mongoc_uri_destroy (uri);
+
+      test_framework_set_pool_ssl_opts (pool);
+      auth_client = mongoc_client_pool_pop (pool);
+   } else {
+      auth_client = mongoc_client_new (uri_str_auth);
+      test_framework_set_ssl_opts (auth_client);
+   }
+
+   collection = mongoc_client_get_collection (auth_client, "test", "test");
+
+   database = mongoc_client_get_database (admin_client, "admin");
+
+   /* Enable failpoint to break saslContinue */
+   r = mongoc_database_command_simple (
+      database,
+      tmp_bson ("{'configureFailPoint': 'failCommand', "
+                "'mode': {'times': 1}, "
+                "'data': {'failCommands': ['saslContinue'], 'closeConnection': "
+                "true, 'errorCode': 10107}}"),
+      NULL,
+      NULL,
+      &error);
+   ASSERT_OR_PRINT (r, error);
+   mongoc_database_destroy (database);
+
+   /* Try authenticating by running a find operation */
+   cursor = mongoc_collection_find_with_opts (collection, &q, NULL, NULL);
+   r = mongoc_cursor_next (cursor, &doc);
+   if (!r) {
+      r = mongoc_cursor_error (cursor, &error);
+      BSON_ASSERT (r);
+      ASSERT_ERROR_CONTAINS (error,
+                             MONGOC_ERROR_CLIENT,
+                             MONGOC_ERROR_CLIENT_AUTHENTICATE,
+                             "Failed to send \"saslContinue\" command");
+   }
+
+   mongoc_cursor_destroy (cursor);
+   mongoc_collection_destroy (collection);
+
+   if (pooled) {
+      mongoc_client_pool_push (pool, auth_client);
+      mongoc_client_pool_destroy (pool);
+   } else {
+      mongoc_client_destroy (auth_client);
+   }
+
+   /*
+    * Remove all test users.
+    */
+   database = mongoc_client_get_database (admin_client, "test");
+   r = mongoc_database_remove_all_users (database, &error);
+   BSON_ASSERT (r);
+
+   bson_destroy (&q);
+   bson_free (uri_str_no_auth);
+   bson_free (uri_str_auth);
+   bson_destroy (&roles);
+   bson_free (username);
+   mongoc_database_destroy (database);
+   mongoc_client_destroy (admin_client);
+}
+
+static void
+test_mongoc_client_single_speculative_auth_failure (void *context)
+{
+   test_mongoc_client_speculative_auth_failure (false);
+}
+
+static void
+test_mongoc_client_pooled_speculative_auth_failure (void *context)
+{
+   test_mongoc_client_speculative_auth_failure (true);
+}
+
+
 static void
 test_mongoc_client_authenticate_cached (bool pooled)
 {
@@ -3857,6 +3985,20 @@ test_client_install (TestSuite *suite)
                       NULL,
                       NULL,
                       test_framework_skip_if_no_auth);
+   TestSuite_AddFull (suite,
+                      "/Client/speculative_auth_failure/single",
+                      test_mongoc_client_single_speculative_auth_failure,
+                      NULL,
+                      NULL,
+                      test_framework_skip_if_no_auth,
+                      test_framework_skip_if_no_failpoint);
+   TestSuite_AddFull (suite,
+                      "/Client/speculative_auth_failure/pooled",
+                      test_mongoc_client_pooled_speculative_auth_failure,
+                      NULL,
+                      NULL,
+                      test_framework_skip_if_no_auth,
+                      test_framework_skip_if_no_failpoint);
    TestSuite_AddFull (suite,
                       "/Client/authenticate_cached/pool",
                       test_mongoc_client_authenticate_cached_pooled,
