PROXY over TLS: Fix stream-based DNS transports tests support

This commit fixes the infrastructural code of the stream-based DNS
transports to take PROXY over TLS support into account.

diff --git a/tests/isc/netmgr_common.c b/tests/isc/netmgr_common.c
index 45f76fe34ef174edc3022934a42aa544492858ae..35375ebda5b1cdf7b265768793171f482ac7a34f 100644 (file)
--- a/tests/isc/netmgr_common.c
+++ b/tests/isc/netmgr_common.c
@@ -103,6 +103,7 @@ bool allow_send_back = false;
 bool noanswer = false;
 bool stream_use_TLS = false;
 bool stream_use_PROXY = false;
+bool stream_PROXY_over_TLS = false;
 bool stream = false;
 in_port_t stream_port = 0;
 
@@ -607,14 +608,19 @@ get_proxyheader_info(void) {
 
 static void
 proxystream_connect(isc_nm_t *nm) {
+       isc_tlsctx_t *tlsctx = stream_PROXY_over_TLS ? tcp_connect_tlsctx
+                                                    : NULL;
+       isc_tlsctx_client_session_cache_t *sess_cache =
+               stream_PROXY_over_TLS ? tcp_tlsctx_client_sess_cache : NULL;
+
        isc_nm_proxystreamconnect(nm, &tcp_connect_addr, &tcp_listen_addr,
-                                 connect_connect_cb, NULL, T_CONNECT, NULL,
-                                 NULL, get_proxyheader_info());
+                                 connect_connect_cb, NULL, T_CONNECT, tlsctx,
+                                 sess_cache, get_proxyheader_info());
 }
 
 stream_connect_function
 get_stream_connect_function(void) {
-       if (stream_use_TLS) {
+       if (stream_use_TLS && !stream_PROXY_over_TLS) {
                return (tls_connect);
        } else if (stream_use_PROXY) {
                return (proxystream_connect);
@@ -630,16 +636,18 @@ stream_listen(isc_nm_accept_cb_t accept_cb, void *accept_cbarg, int backlog,
              isc_quota_t *quota, isc_nmsocket_t **sockp) {
        isc_result_t result = ISC_R_SUCCESS;
 
-       if (stream_use_TLS) {
+       if (stream_use_TLS && !stream_PROXY_over_TLS) {
                result = isc_nm_listentls(
                        listen_nm, ISC_NM_LISTEN_ALL, &tcp_listen_addr,
                        accept_cb, accept_cbarg, backlog, quota,
                        tcp_listen_tlsctx, stream_use_PROXY, sockp);
                return (result);
        } else if (stream_use_PROXY) {
+               isc_tlsctx_t *tlsctx = stream_PROXY_over_TLS ? tcp_listen_tlsctx
+                                                            : NULL;
                result = isc_nm_listenproxystream(
                        listen_nm, ISC_NM_LISTEN_ALL, &tcp_listen_addr,
-                       accept_cb, accept_cbarg, backlog, quota, NULL, sockp);
+                       accept_cb, accept_cbarg, backlog, quota, tlsctx, sockp);
                return (result);
        } else {
                result = isc_nm_listentcp(listen_nm, ISC_NM_LISTEN_ALL,
@@ -655,16 +663,23 @@ void
 stream_connect(isc_nm_cb_t cb, void *cbarg, unsigned int timeout) {
        isc_refcount_increment0(&active_cconnects);
 
-       if (stream_use_TLS) {
+       if (stream_use_TLS && !stream_PROXY_over_TLS) {
                isc_nm_tlsconnect(
                        connect_nm, &tcp_connect_addr, &tcp_listen_addr, cb,
                        cbarg, tcp_connect_tlsctx, tcp_tlsctx_client_sess_cache,
                        timeout, stream_use_PROXY, NULL);
                return;
        } else if (stream_use_PROXY) {
+               isc_tlsctx_t *tlsctx = stream_PROXY_over_TLS
+                                              ? tcp_connect_tlsctx
+                                              : NULL;
+               isc_tlsctx_client_session_cache_t *sess_cache =
+                       stream_PROXY_over_TLS ? tcp_tlsctx_client_sess_cache
+                                             : NULL;
                isc_nm_proxystreamconnect(connect_nm, &tcp_connect_addr,
                                          &tcp_listen_addr, cb, cbarg, timeout,
-                                         NULL, NULL, get_proxyheader_info());
+                                         tlsctx, sess_cache,
+                                         get_proxyheader_info());
                return;
        } else {
                isc_nm_tcpconnect(connect_nm, &tcp_connect_addr,
@@ -674,6 +689,17 @@ stream_connect(isc_nm_cb_t cb, void *cbarg, unsigned int timeout) {
        UNREACHABLE();
 }
 
+isc_nm_proxy_type_t
+get_proxy_type(void) {
+       if (!stream_use_PROXY) {
+               return (ISC_NM_PROXY_NONE);
+       } else if (stream_PROXY_over_TLS) {
+               return (ISC_NM_PROXY_ENCRYPTED);
+       }
+
+       return (ISC_NM_PROXY_PLAIN);
+}
+
 void
 connect_success_cb(isc_nmhandle_t *handle, isc_result_t eresult, void *cbarg) {
        UNUSED(handle);
@@ -703,6 +729,12 @@ proxystream_noop_setup(void **state) {
        return (stream_noop_setup(state));
 }
 
+int
+proxystreamtls_noop_setup(void **state) {
+       stream_PROXY_over_TLS = true;
+       return (proxystream_noop_setup(state));
+}
+
 void
 stream_noop(void **state ISC_ATTR_UNUSED) {
        isc_result_t result = ISC_R_SUCCESS;
@@ -733,6 +765,14 @@ proxystream_noop_teardown(void **state) {
        return (r);
 }
 
+int
+proxystreamtls_noop_teardown(void **state) {
+       int r = proxystream_noop_teardown(state);
+       stream_PROXY_over_TLS = false;
+
+       return (r);
+}
+
 static void
 noresponse_readcb(isc_nmhandle_t *handle, isc_result_t eresult,
                  isc_region_t *region, void *cbarg) {
@@ -811,6 +851,19 @@ proxystream_noresponse_teardown(void **state) {
        return (r);
 }
 
+int
+proxystreamtls_noresponse_setup(void **state) {
+       stream_PROXY_over_TLS = true;
+       return (proxystream_noresponse_setup(state));
+}
+
+int
+proxystreamtls_noresponse_teardown(void **state) {
+       int r = proxystream_noresponse_teardown(state);
+       stream_PROXY_over_TLS = false;
+       return (r);
+}
+
 void
 stream_noresponse(void **state ISC_ATTR_UNUSED) {
        isc_result_t result = ISC_R_SUCCESS;
@@ -864,6 +917,19 @@ proxystream_timeout_recovery_teardown(void **state) {
        return (r);
 }
 
+int
+proxystreamtls_timeout_recovery_setup(void **state) {
+       stream_PROXY_over_TLS = true;
+       return (proxystream_timeout_recovery_setup(state));
+}
+
+int
+proxystreamtls_timeout_recovery_teardown(void **state) {
+       int r = proxystream_timeout_recovery_teardown(state);
+       stream_PROXY_over_TLS = false;
+       return (r);
+}
+
 void
 stream_timeout_recovery(void **state ISC_ATTR_UNUSED) {
        isc_result_t result = ISC_R_SUCCESS;
@@ -929,6 +995,19 @@ proxystream_recv_one_teardown(void **state) {
        return (r);
 }
 
+int
+proxystreamtls_recv_one_setup(void **state) {
+       stream_PROXY_over_TLS = true;
+       return (proxystream_recv_one_setup(state));
+}
+
+int
+proxystreamtls_recv_one_teardown(void **state) {
+       int r = proxystream_recv_one_teardown(state);
+       stream_PROXY_over_TLS = false;
+       return (r);
+}
+
 void
 stream_recv_one(void **state ISC_ATTR_UNUSED) {
        isc_result_t result = ISC_R_SUCCESS;
@@ -994,6 +1073,19 @@ proxystream_recv_two_teardown(void **state) {
        return (r);
 }
 
+int
+proxystreamtls_recv_two_setup(void **state) {
+       stream_PROXY_over_TLS = true;
+       return (proxystream_recv_two_setup(state));
+}
+
+int
+proxystreamtls_recv_two_teardown(void **state) {
+       int r = proxystream_recv_two_teardown(state);
+       stream_PROXY_over_TLS = false;
+       return (r);
+}
+
 void
 stream_recv_two(void **state ISC_ATTR_UNUSED) {
        isc_result_t result = ISC_R_SUCCESS;
@@ -1047,6 +1139,19 @@ proxystream_recv_send_teardown(void **state) {
        return (r);
 }
 
+int
+proxystreamtls_recv_send_setup(void **state) {
+       stream_PROXY_over_TLS = true;
+       return (proxystream_recv_send_setup(state));
+}
+
+int
+proxystreamtls_recv_send_teardown(void **state) {
+       int r = proxystream_recv_send_teardown(state);
+       stream_PROXY_over_TLS = false;
+       return (r);
+}
+
 void
 stream_recv_send(void **state ISC_ATTR_UNUSED) {
        isc_result_t result = ISC_R_SUCCESS;

diff --git a/tests/isc/netmgr_common.h b/tests/isc/netmgr_common.h
index a6729b5fe4dac306660df6a27d2fbb2a0019c1fc..4e3d2be0a2c72ca948bf3103ca25b992ce02f5ac 100644 (file)
--- a/tests/isc/netmgr_common.h
+++ b/tests/isc/netmgr_common.h
@@ -131,6 +131,7 @@ extern bool allow_send_back;
 extern bool noanswer;
 extern bool stream_use_TLS;
 extern bool stream_use_PROXY;
+extern bool stream_PROXY_over_TLS;
 extern bool stream;
 extern in_port_t stream_port;
 
@@ -288,6 +289,9 @@ stream_connect(isc_nm_cb_t cb, void *cbarg, unsigned int timeout);
 isc_nm_proxyheader_info_t *
 get_proxyheader_info(void);
 
+isc_nm_proxy_type_t
+get_proxy_type(void);
+
 int
 stream_noop_setup(void **state ISC_ATTR_UNUSED);
 void
@@ -300,6 +304,11 @@ proxystream_noop_setup(void **state);
 int
 proxystream_noop_teardown(void **state);
 
+int
+proxystreamtls_noop_setup(void **state);
+int
+proxystreamtls_noop_teardown(void **state);
+
 int
 stream_noresponse_setup(void **state ISC_ATTR_UNUSED);
 void
@@ -312,6 +321,11 @@ proxystream_noresponse_setup(void **state);
 int
 proxystream_noresponse_teardown(void **state);
 
+int
+proxystreamtls_noresponse_setup(void **state);
+int
+proxystreamtls_noresponse_teardown(void **state);
+
 int
 stream_timeout_recovery_setup(void **state ISC_ATTR_UNUSED);
 void
@@ -324,6 +338,11 @@ proxystream_timeout_recovery_setup(void **state);
 int
 proxystream_timeout_recovery_teardown(void **state);
 
+int
+proxystreamtls_timeout_recovery_setup(void **state);
+int
+proxystreamtls_timeout_recovery_teardown(void **state);
+
 int
 stream_recv_one_setup(void **state ISC_ATTR_UNUSED);
 void
@@ -336,6 +355,11 @@ proxystream_recv_one_setup(void **state);
 int
 proxystream_recv_one_teardown(void **state);
 
+int
+proxystreamtls_recv_one_setup(void **state);
+int
+proxystreamtls_recv_one_teardown(void **state);
+
 int
 stream_recv_two_setup(void **state ISC_ATTR_UNUSED);
 void
@@ -348,6 +372,11 @@ proxystream_recv_two_setup(void **state);
 int
 proxystream_recv_two_teardown(void **state);
 
+int
+proxystreamtls_recv_two_setup(void **state);
+int
+proxystreamtls_recv_two_teardown(void **state);
+
 int
 stream_recv_send_setup(void **state ISC_ATTR_UNUSED);
 void
@@ -362,6 +391,11 @@ proxystream_recv_send_setup(void **state);
 int
 proxystream_recv_send_teardown(void **state);
 
+int
+proxystreamtls_recv_send_setup(void **state);
+int
+proxystreamtls_recv_send_teardown(void **state);
+
 int
 stream_shutdownconnect_setup(void **state ISC_ATTR_UNUSED);
 void
@@ -374,6 +408,11 @@ proxystream_shutdownconnect_setup(void **state);
 int
 proxystream_shutdownconnect_teardown(void **state);
 
+int
+proxystreamtls_shutdownconnect_setup(void **state);
+int
+proxystreamtls_shutdownconnect_teardown(void **state);
+
 int
 stream_shutdownread_setup(void **state ISC_ATTR_UNUSED);
 void
@@ -386,5 +425,10 @@ proxystream_shutdownread_setup(void **state);
 int
 proxystream_shutdownread_teardown(void **state);
 
+int
+proxystreamtls_shutdownread_setup(void **state);
+int
+proxystreamtls_shutdownread_teardown(void **state);
+
 void
 stop_listening(void *arg ISC_ATTR_UNUSED);

diff --git a/tests/isc/stream_shutdown.c b/tests/isc/stream_shutdown.c
index bf466bb21e3ce836ec5ea2a800937f41aad53e64..09b7ef0b69393d73847beaa2dc81d3523b88140f 100644 (file)
--- a/tests/isc/stream_shutdown.c
+++ b/tests/isc/stream_shutdown.c
@@ -72,6 +72,19 @@ proxystream_shutdownconnect_teardown(void **state) {
        return (r);
 }
 
+int
+proxystreamtls_shutdownconnect_setup(void **state) {
+       stream_PROXY_over_TLS = true;
+       return (proxystream_shutdownconnect_setup(state));
+}
+
+int
+proxystreamtls_shutdownconnect_teardown(void **state) {
+       int r = proxystream_shutdownconnect_teardown(state);
+       stream_PROXY_over_TLS = false;
+       return (r);
+}
+
 void
 stream_shutdownconnect(void **state ISC_ATTR_UNUSED) {
        isc_result_t result = stream_listen(stream_accept_cb, NULL, 128, NULL,
@@ -174,6 +187,19 @@ proxystream_shutdownread_teardown(void **state) {
        return (r);
 }
 
+int
+proxystreamtls_shutdownread_setup(void **state) {
+       stream_PROXY_over_TLS = true;
+       return (proxystream_shutdownread_setup(state));
+}
+
+int
+proxystreamtls_shutdownread_teardown(void **state) {
+       int r = proxystream_shutdownread_teardown(state);
+       stream_PROXY_over_TLS = false;
+       return (r);
+}
+
 void
 stream_shutdownread(void **state ISC_ATTR_UNUSED) {
        isc_result_t result = stream_listen(stream_accept_cb, NULL, 128, NULL,

diff --git a/tests/isc/tcpdns_test.c b/tests/isc/tcpdns_test.c
index 6b562d1fb7d4892948b27ccc3d4ff0ccff6d4171..fd7f23414c59f226e88a36045f0b194b667c619b 100644 (file)
--- a/tests/isc/tcpdns_test.c
+++ b/tests/isc/tcpdns_test.c
@@ -53,7 +53,7 @@ start_listening(uint32_t nworkers, isc_nm_accept_cb_t accept_cb,
                isc_nm_recv_cb_t recv_cb) {
        isc_result_t result = isc_nm_listenstreamdns(
                listen_nm, nworkers, &tcp_listen_addr, recv_cb, NULL, accept_cb,
-               NULL, 128, NULL, NULL, stream_use_PROXY, &listen_sock);
+               NULL, 128, NULL, NULL, get_proxy_type(), &listen_sock);
        assert_int_equal(result, ISC_R_SUCCESS);
 
        isc_loop_teardown(mainloop, stop_listening, listen_sock);
@@ -63,7 +63,7 @@ static void
 tcpdns_connect(isc_nm_t *nm) {
        isc_nm_streamdnsconnect(nm, &tcp_connect_addr, &tcp_listen_addr,
                                connect_connect_cb, tcpdns_connect, T_CONNECT,
-                               NULL, NULL, stream_use_PROXY, NULL);
+                               NULL, NULL, get_proxy_type(), NULL);
 }
 
 ISC_LOOP_TEST_IMPL(tcpdns_noop) {
@@ -73,7 +73,7 @@ ISC_LOOP_TEST_IMPL(tcpdns_noop) {
        isc_refcount_increment0(&active_cconnects);
        isc_nm_streamdnsconnect(connect_nm, &tcp_connect_addr, &tcp_listen_addr,
                                connect_success_cb, tcpdns_connect, T_CONNECT,
-                               NULL, NULL, stream_use_PROXY, NULL);
+                               NULL, NULL, get_proxy_type(), NULL);
 }
 
 ISC_LOOP_TEST_IMPL(tcpdns_noresponse) {
@@ -82,7 +82,7 @@ ISC_LOOP_TEST_IMPL(tcpdns_noresponse) {
        isc_refcount_increment0(&active_cconnects);
        isc_nm_streamdnsconnect(connect_nm, &tcp_connect_addr, &tcp_listen_addr,
                                connect_connect_cb, tcpdns_connect, T_CONNECT,
-                               NULL, NULL, stream_use_PROXY, NULL);
+                               NULL, NULL, get_proxy_type(), NULL);
 }
 
 ISC_LOOP_TEST_IMPL(tcpdns_timeout_recovery) {

diff --git a/tests/isc/tlsdns_test.c b/tests/isc/tlsdns_test.c
index 9f98ed3ebcfc53893c88d105a43c5d0e4e746ff8..0bd257b48feaac634ba8e480540710a4f55f4c43 100644 (file)
--- a/tests/isc/tlsdns_test.c
+++ b/tests/isc/tlsdns_test.c
@@ -52,7 +52,7 @@ start_listening(uint32_t nworkers, isc_nm_accept_cb_t accept_cb,
                isc_nm_recv_cb_t recv_cb) {
        isc_result_t result = isc_nm_listenstreamdns(
                listen_nm, nworkers, &tcp_listen_addr, recv_cb, NULL, accept_cb,
-               NULL, 128, NULL, tcp_listen_tlsctx, stream_use_PROXY,
+               NULL, 128, NULL, tcp_listen_tlsctx, get_proxy_type(),
                &listen_sock);
        assert_int_equal(result, ISC_R_SUCCESS);
 
@@ -64,7 +64,7 @@ tlsdns_connect(isc_nm_t *nm) {
        isc_nm_streamdnsconnect(
                nm, &tcp_connect_addr, &tcp_listen_addr, connect_connect_cb,
                tlsdns_connect, T_CONNECT, tcp_connect_tlsctx,
-               tcp_tlsctx_client_sess_cache, stream_use_PROXY, NULL);
+               tcp_tlsctx_client_sess_cache, get_proxy_type(), NULL);
 }
 
 ISC_LOOP_TEST_IMPL(tlsdns_noop) {
@@ -75,7 +75,7 @@ ISC_LOOP_TEST_IMPL(tlsdns_noop) {
        isc_nm_streamdnsconnect(connect_nm, &tcp_connect_addr, &tcp_listen_addr,
                                connect_success_cb, tlsdns_connect, T_CONNECT,
                                tcp_connect_tlsctx,
-                               tcp_tlsctx_client_sess_cache, stream_use_PROXY,
+                               tcp_tlsctx_client_sess_cache, get_proxy_type(),
                                NULL);
 }
 
@@ -86,7 +86,7 @@ ISC_LOOP_TEST_IMPL(tlsdns_noresponse) {
        isc_nm_streamdnsconnect(connect_nm, &tcp_connect_addr, &tcp_listen_addr,
                                connect_connect_cb, tlsdns_connect, T_CONNECT,
                                tcp_connect_tlsctx,
-                               tcp_tlsctx_client_sess_cache, stream_use_PROXY,
+                               tcp_tlsctx_client_sess_cache, get_proxy_type(),
                                NULL);
 }
 
@@ -109,7 +109,7 @@ ISC_LOOP_TEST_IMPL(tlsdns_timeout_recovery) {
        isc_nm_streamdnsconnect(
                connect_nm, &tcp_connect_addr, &tcp_listen_addr,
                connect_connect_cb, tlsdns_connect, T_SOFT, tcp_connect_tlsctx,
-               tcp_tlsctx_client_sess_cache, stream_use_PROXY, NULL);
+               tcp_tlsctx_client_sess_cache, get_proxy_type(), NULL);
 }
 
 ISC_LOOP_TEST_IMPL(tlsdns_recv_one) {