diff options
author | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2018-02-07 11:23:32 -0500 |
---|---|---|
committer | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2018-02-07 11:23:32 -0500 |
commit | 5f86a8e4ca87f169dc708b15b13a26c2bb514762 (patch) | |
tree | f312d8f95b314906b539ea44c963bf74e0b5b7c4 /src/mongo | |
parent | ad223ea38846ceac92d7b5356add62e23e985537 (diff) | |
download | mongo-5f86a8e4ca87f169dc708b15b13a26c2bb514762.tar.gz |
Revert "SERVER-22411 Add stub implementation of ASIO SChannel integration"
This reverts commit ad223ea38846ceac92d7b5356add62e23e985537.
Diffstat (limited to 'src/mongo')
-rw-r--r-- | src/mongo/SConscript | 1 | ||||
-rw-r--r-- | src/mongo/config.h.in | 7 | ||||
-rw-r--r-- | src/mongo/crypto/sha_block_tom.cpp | 2 | ||||
-rw-r--r-- | src/mongo/platform/windows_basic.h | 2 | ||||
-rw-r--r-- | src/mongo/util/net/ssl_manager.h | 18 | ||||
-rw-r--r-- | src/mongo/util/net/ssl_manager_windows.cpp | 209 | ||||
-rw-r--r-- | src/mongo/util/version.cpp | 14 |
7 files changed, 6 insertions, 247 deletions
diff --git a/src/mongo/SConscript b/src/mongo/SConscript index 71f10e87f76..0c6f230519c 100644 --- a/src/mongo/SConscript +++ b/src/mongo/SConscript @@ -255,7 +255,6 @@ config_header_substs = ( ('@mongo_config_max_extended_alignment@', 'MONGO_CONFIG_MAX_EXTENDED_ALIGNMENT'), ('@mongo_config_optimized_build@', 'MONGO_CONFIG_OPTIMIZED_BUILD'), ('@mongo_config_ssl@', 'MONGO_CONFIG_SSL'), - ('@mongo_config_ssl_provider@', 'MONGO_CONFIG_SSL_PROVIDER'), ('@mongo_config_ssl_has_asn1_any_definitions@', 'MONGO_CONFIG_HAVE_ASN1_ANY_DEFINITIONS'), ('@mongo_config_has_ssl_set_ecdh_auto@', 'MONGO_CONFIG_HAS_SSL_SET_ECDH_AUTO'), ('@mongo_config_wiredtiger_enabled@', 'MONGO_CONFIG_WIREDTIGER_ENABLED'), diff --git a/src/mongo/config.h.in b/src/mongo/config.h.in index 5808477e11f..c4c65d366d6 100644 --- a/src/mongo/config.h.in +++ b/src/mongo/config.h.in @@ -28,10 +28,6 @@ #pragma once -// List of possible SSL providers -#define SSL_PROVIDER_OPENSSL 1 -#define SSL_PROVIDER_WINDOWS 2 - // Define to target byte order (1234 vs 4321) @mongo_config_byte_order@ @@ -71,9 +67,6 @@ // Defined if SSL support is enabled @mongo_config_ssl@ -// Defined if SSL support is enabled with chosen ssl provider -@mongo_config_ssl_provider@ - // Defined if OpenSSL has SEQUENCE_ANY @mongo_config_ssl_has_asn1_any_definitions@ diff --git a/src/mongo/crypto/sha_block_tom.cpp b/src/mongo/crypto/sha_block_tom.cpp index 4908f5ffe20..20e11d34ce8 100644 --- a/src/mongo/crypto/sha_block_tom.cpp +++ b/src/mongo/crypto/sha_block_tom.cpp @@ -35,10 +35,8 @@ #include "mongo/util/assert_util.h" #ifdef MONGO_CONFIG_SSL -#if MONGO_CONFIG_SSL_PROVIDER != SSL_PROVIDER_WINDOWS #error This file should not be included if compiling with SSL support #endif -#endif #include "tomcrypt.h" diff --git a/src/mongo/platform/windows_basic.h b/src/mongo/platform/windows_basic.h index defe7b68b09..86e1396aefd 100644 --- a/src/mongo/platform/windows_basic.h +++ b/src/mongo/platform/windows_basic.h @@ -95,8 +95,6 @@ #include <sspi.h> -#include <schannel.h> - #undef WIN32_NO_STATUS // Obtain a definition for the ntstatus type. diff --git a/src/mongo/util/net/ssl_manager.h b/src/mongo/util/net/ssl_manager.h index bc640dc4b88..ea02f94496c 100644 --- a/src/mongo/util/net/ssl_manager.h +++ b/src/mongo/util/net/ssl_manager.h @@ -43,11 +43,9 @@ #include "mongo/util/net/ssl_types.h" #include "mongo/util/time_support.h" -// SChannel implementation -#if MONGO_CONFIG_SSL_PROVIDER == SSL_PROVIDER_OPENSSL #include <openssl/err.h> #include <openssl/ssl.h> -#endif + #endif // #ifdef MONGO_CONFIG_SSL namespace mongo { @@ -61,16 +59,6 @@ const std::string getSSLVersion(const std::string& prefix, const std::string& su namespace mongo { struct SSLParams; -#if MONGO_CONFIG_SSL_PROVIDER == SSL_PROVIDER_OPENSSL -typedef SSL_CTX* SSLContextType; -typedef SSL* SSLConnectionType; -#elif MONGO_CONFIG_SSL_PROVIDER == SSL_PROVIDER_WINDOWS -typedef SCHANNEL_CRED* SSLContextType; -typedef PCtxtHandle SSLConnectionType; -#else -#error "Unknown SSL Provider" -#endif - /** * Maintain per connection SSL state for the Sock class. Used by SSLManagerInterface to perform SSL * operations. @@ -178,7 +166,7 @@ public: * acceptable on non-blocking connections are set. "direction" specifies whether the SSL_CTX * will be used to make outgoing connections or accept incoming connections. */ - virtual Status initSSLContext(SSLContextType context, + virtual Status initSSLContext(SSL_CTX* context, const SSLParams& params, ConnectionDirection direction) = 0; @@ -190,7 +178,7 @@ public: * X509 authorization will be returned. */ virtual StatusWith<boost::optional<SSLPeerInfo>> parseAndValidatePeerCertificate( - SSLConnectionType ssl, const std::string& remoteHost) = 0; + SSL* ssl, const std::string& remoteHost) = 0; }; // Access SSL functions through this instance. diff --git a/src/mongo/util/net/ssl_manager_windows.cpp b/src/mongo/util/net/ssl_manager_windows.cpp deleted file mode 100644 index 78128a6c663..00000000000 --- a/src/mongo/util/net/ssl_manager_windows.cpp +++ /dev/null @@ -1,209 +0,0 @@ -/** - * Copyright (C) 2018 MongoDB Inc. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * - * As a special exception, the copyright holders give permission to link the - * code of portions of this program with the OpenSSL library under certain - * conditions as described in each individual source file and distribute - * linked combinations including the program with the OpenSSL library. You - * must comply with the GNU Affero General Public License in all respects - * for all of the code used other than as permitted herein. If you modify - * file(s) with this exception, you may extend this exception to your - * version of the file(s), but you are not obligated to do so. If you do not - * wish to do so, delete this exception statement from your version. If you - * delete this exception statement from all source files in the program, - * then also delete it in the license file. - */ - -#define MONGO_LOG_DEFAULT_COMPONENT ::mongo::logger::LogComponent::kNetwork - -#include "mongo/platform/basic.h" - -#include "mongo/util/net/ssl_manager.h" - -#include <asio.hpp> -#include <asio/ssl.hpp> -#include <boost/algorithm/string.hpp> -#include <boost/date_time/posix_time/posix_time.hpp> -#include <fstream> -#include <iostream> -#include <sstream> -#include <stack> -#include <string> -#include <vector> - -#include "mongo/base/init.h" -#include "mongo/base/initializer_context.h" -#include "mongo/bson/bsonobjbuilder.h" -#include "mongo/config.h" -#include "mongo/db/server_parameters.h" -#include "mongo/platform/atomic_word.h" -#include "mongo/stdx/memory.h" -#include "mongo/transport/session.h" -#include "mongo/util/concurrency/mutex.h" -#include "mongo/util/debug_util.h" -#include "mongo/util/exit.h" -#include "mongo/util/log.h" -#include "mongo/util/mongoutils/str.h" -#include "mongo/util/net/private/ssl_expiration.h" -#include "mongo/util/net/sock.h" -#include "mongo/util/net/socket_exception.h" -#include "mongo/util/net/ssl_options.h" -#include "mongo/util/net/ssl_types.h" -#include "mongo/util/scopeguard.h" -#include "mongo/util/text.h" -#include "mongo/util/uuid.h" - -namespace mongo { - -namespace { - -SimpleMutex sslManagerMtx; -SSLManagerInterface* theSSLManagerWindows = NULL; - - -} // namespace - -/** - * Manage state for a SSL Connection. Used by the Socket class. - */ -class SSLConnectionWindows : public SSLConnectionInterface { -public: - ~SSLConnectionWindows(); - - std::string getSNIServerName() const final; -}; - - -class SSLManagerWindows : public SSLManagerInterface { -public: - explicit SSLManagerWindows(const SSLParams& params, bool isServer); - - /** - * Initializes an OpenSSL context according to the provided settings. Only settings which are - * acceptable on non-blocking connections are set. - */ - Status initSSLContext(SCHANNEL_CRED* cred, - const SSLParams& params, - ConnectionDirection direction) final; - - virtual SSLConnectionInterface* connect(Socket* socket); - - virtual SSLConnectionInterface* accept(Socket* socket, const char* initialBytes, int len); - - virtual SSLPeerInfo parseAndValidatePeerCertificateDeprecated( - const SSLConnectionInterface* conn, const std::string& remoteHost); - - StatusWith<boost::optional<SSLPeerInfo>> parseAndValidatePeerCertificate( - PCtxtHandle ssl, const std::string& remoteHost) final; - - - virtual const SSLConfiguration& getSSLConfiguration() const { - return _sslConfiguration; - } - - virtual int SSL_read(SSLConnectionInterface* conn, void* buf, int num); - - virtual int SSL_write(SSLConnectionInterface* conn, const void* buf, int num); - - virtual int SSL_shutdown(SSLConnectionInterface* conn); - -private: - bool _weakValidation; - bool _allowInvalidCertificates; - bool _allowInvalidHostnames; - SSLConfiguration _sslConfiguration; -}; - -// Global variable indicating if this is a server or a client instance -bool isSSLServer = false; - -MONGO_INITIALIZER(SSLManager)(InitializerContext*) { - stdx::lock_guard<SimpleMutex> lck(sslManagerMtx); - if (!isSSLServer || (sslGlobalParams.sslMode.load() != SSLParams::SSLMode_disabled)) { - theSSLManagerWindows = new SSLManagerWindows(sslGlobalParams, isSSLServer); - } - - return Status::OK(); -} - -SSLConnectionWindows::~SSLConnectionWindows() {} - -std::string SSLConnectionWindows::getSNIServerName() const { - invariant(false); - return ""; -} - -std::unique_ptr<SSLManagerInterface> SSLManagerInterface::create(const SSLParams& params, - bool isServer) { - return stdx::make_unique<SSLManagerWindows>(params, isServer); -} - -SSLManagerInterface* getSSLManager() { - stdx::lock_guard<SimpleMutex> lck(sslManagerMtx); - if (theSSLManagerWindows) - return theSSLManagerWindows; - return NULL; -} - -SSLManagerWindows::SSLManagerWindows(const SSLParams& params, bool isServer) - : _weakValidation(params.sslWeakCertificateValidation), - _allowInvalidCertificates(params.sslAllowInvalidCertificates), - _allowInvalidHostnames(params.sslAllowInvalidHostnames) {} - -int SSLManagerWindows::SSL_read(SSLConnectionInterface* connInterface, void* buf, int num) { - invariant(false); - return 0; -} - -int SSLManagerWindows::SSL_write(SSLConnectionInterface* connInterface, const void* buf, int num) { - invariant(false); - return 0; -} - -int SSLManagerWindows::SSL_shutdown(SSLConnectionInterface* conn) { - invariant(false); - return 0; -} - -Status SSLManagerWindows::initSSLContext(SCHANNEL_CRED* cred, - const SSLParams& params, - ConnectionDirection direction) { - - return Status::OK(); -} - -SSLConnectionInterface* SSLManagerWindows::connect(Socket* socket) { - return nullptr; -} - -SSLConnectionInterface* SSLManagerWindows::accept(Socket* socket, - const char* initialBytes, - int len) { - return nullptr; -} - -SSLPeerInfo SSLManagerWindows::parseAndValidatePeerCertificateDeprecated( - const SSLConnectionInterface* conn, const std::string& remoteHost) { - return SSLPeerInfo(); -} - -StatusWith<boost::optional<SSLPeerInfo>> SSLManagerWindows::parseAndValidatePeerCertificate( - PCtxtHandle ssl, const std::string& remoteHost) { - - return {boost::none}; -} - - -} // namespace mongo diff --git a/src/mongo/util/version.cpp b/src/mongo/util/version.cpp index 9536caf1516..41933e8c9ac 100644 --- a/src/mongo/util/version.cpp +++ b/src/mongo/util/version.cpp @@ -34,10 +34,8 @@ #include "mongo/config.h" #ifdef MONGO_CONFIG_SSL -#if MONGO_CONFIG_SSL_PROVIDER == SSL_PROVIDER_OPENSSL #include <openssl/crypto.h> #endif -#endif #include <pcrecpp.h> @@ -147,13 +145,7 @@ void VersionInfoInterface::appendBuildInfo(BSONObjBuilder* result) const { BSONObjBuilder opensslInfo(result->subobjStart("openssl")); #ifdef MONGO_CONFIG_SSL -#if MONGO_CONFIG_SSL_PROVIDER == SSL_PROVIDER_OPENSSL opensslInfo << "running" << openSSLVersion() << "compiled" << OPENSSL_VERSION_TEXT; -#elif MONGO_CONFIG_SSL_PROVIDER == SSL_PROVIDER_WINDOWS - opensslInfo << "Windows SChannel"; -#else -#error "Unknown SSL Provider" -#endif // MONGO_CONFIG_SSL_PROVIDER #else opensslInfo << "running" << "disabled" @@ -176,9 +168,9 @@ void VersionInfoInterface::appendBuildInfo(BSONObjBuilder* result) const { } std::string VersionInfoInterface::openSSLVersion(StringData prefix, StringData suffix) const { -#if !defined(MONGO_CONFIG_SSL) || MONGO_CONFIG_SSL_PROVIDER != SSL_PROVIDER_OPENSSL +#ifndef MONGO_CONFIG_SSL return ""; -#elif MONGO_CONFIG_SSL_PROVIDER == SSL_PROVIDER_OPENSSL +#else return prefix.toString() + SSLeay_version(SSLEAY_VERSION) + suffix; #endif } @@ -190,7 +182,7 @@ void VersionInfoInterface::logTargetMinOS() const { void VersionInfoInterface::logBuildInfo() const { log() << "git version: " << gitVersion(); -#if defined(MONGO_CONFIG_SSL) && MONGO_CONFIG_SSL_PROVIDER == SSL_PROVIDER_OPENSSL +#ifdef MONGO_CONFIG_SSL log() << openSSLVersion("OpenSSL version: "); #endif |