static void on_secure_handshake_done(grpc_exec_ctx *exec_ctx, void *arg, grpc_security_status status, grpc_endpoint *secure_endpoint, grpc_auth_context *auth_context) { connector *c = arg; gpr_mu_lock(&c->mu); grpc_error *error = GRPC_ERROR_NONE; if (c->connecting_endpoint == NULL) { memset(c->result, 0, sizeof(*c->result)); gpr_mu_unlock(&c->mu); } else if (status != GRPC_SECURITY_OK) { error = grpc_error_set_int(GRPC_ERROR_CREATE("Secure handshake failed"), GRPC_ERROR_INT_SECURITY_STATUS, status); memset(c->result, 0, sizeof(*c->result)); c->connecting_endpoint = NULL; gpr_mu_unlock(&c->mu); } else { grpc_arg auth_context_arg; c->connecting_endpoint = NULL; gpr_mu_unlock(&c->mu); c->result->transport = grpc_create_chttp2_transport( exec_ctx, c->args.channel_args, secure_endpoint, 1); grpc_chttp2_transport_start_reading(exec_ctx, c->result->transport, NULL); auth_context_arg = grpc_auth_context_to_arg(auth_context); c->result->channel_args = grpc_channel_args_copy_and_add(c->tmp_args, &auth_context_arg, 1); } grpc_closure *notify = c->notify; c->notify = NULL; grpc_exec_ctx_sched(exec_ctx, notify, error, NULL); }
grpc_channel *grpc_ssl_channel_create(grpc_credentials *ssl_creds, grpc_credentials *request_metadata_creds, const char *target, const grpc_channel_args *args) { grpc_channel_security_context *ctx = NULL; grpc_channel *channel = NULL; grpc_security_status status = GRPC_SECURITY_OK; size_t i = 0; const char *overridden_target_name = NULL; grpc_arg arg; grpc_channel_args *new_args; for (i = 0; args && i < args->num_args; i++) { grpc_arg *arg = &args->args[i]; if (strcmp(arg->key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) == 0 && arg->type == GRPC_ARG_STRING) { overridden_target_name = arg->value.string; break; } } status = grpc_ssl_channel_security_context_create( request_metadata_creds, grpc_ssl_credentials_get_config(ssl_creds), target, overridden_target_name, &ctx); if (status != GRPC_SECURITY_OK) { return grpc_lame_client_channel_create(); } arg.type = GRPC_ARG_STRING; arg.key = GRPC_ARG_HTTP2_SCHEME; arg.value.string = "https"; new_args = grpc_channel_args_copy_and_add(args, &arg); channel = grpc_secure_channel_create_internal(target, new_args, ctx); grpc_security_context_unref(&ctx->base); grpc_channel_args_destroy(new_args); return channel; }
grpc_channel_args *grpc_channel_args_compression_algorithm_set_state( grpc_channel_args **a, grpc_compression_algorithm algorithm, int state) { int *states_arg; grpc_channel_args *result = *a; const int states_arg_found = find_compression_algorithm_states_bitset(*a, &states_arg); if (states_arg_found) { if (state != 0) { GPR_BITSET((unsigned *)states_arg, algorithm); } else { GPR_BITCLEAR((unsigned *)states_arg, algorithm); } } else { /* create a new arg */ grpc_arg tmp; tmp.type = GRPC_ARG_INTEGER; tmp.key = GRPC_COMPRESSION_ALGORITHM_STATE_ARG; /* all enabled by default */ tmp.value.integer = (1u << GRPC_COMPRESS_ALGORITHMS_COUNT) - 1; if (state != 0) { GPR_BITSET((unsigned *)&tmp.value.integer, algorithm); } else { GPR_BITCLEAR((unsigned *)&tmp.value.integer, algorithm); } result = grpc_channel_args_copy_and_add(*a, &tmp, 1); grpc_channel_args_destroy(*a); *a = result; } return result; }
static bool set_default_host_if_unset(grpc_exec_ctx *exec_ctx, grpc_channel_stack_builder *builder, void *unused) { const grpc_channel_args *args = grpc_channel_stack_builder_get_channel_arguments(builder); for (size_t i = 0; i < args->num_args; i++) { if (0 == strcmp(args->args[i].key, GRPC_ARG_DEFAULT_AUTHORITY) || 0 == strcmp(args->args[i].key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG)) { return true; } } char *default_authority = grpc_get_default_authority( exec_ctx, grpc_channel_stack_builder_get_target(builder)); if (default_authority != NULL) { grpc_arg arg; arg.type = GRPC_ARG_STRING; arg.key = GRPC_ARG_DEFAULT_AUTHORITY; arg.value.string = default_authority; grpc_channel_args *new_args = grpc_channel_args_copy_and_add(args, &arg, 1); grpc_channel_stack_builder_set_channel_arguments(exec_ctx, builder, new_args); gpr_free(default_authority); grpc_channel_args_destroy(exec_ctx, new_args); } return true; }
static bool proxy_mapper_map_name(grpc_exec_ctx* exec_ctx, grpc_proxy_mapper* mapper, const char* server_uri, const grpc_channel_args* args, char** name_to_resolve, grpc_channel_args** new_args) { *name_to_resolve = grpc_get_http_proxy_server(); if (*name_to_resolve == NULL) return false; grpc_uri* uri = grpc_uri_parse(server_uri, false /* suppress_errors */); if (uri == NULL || uri->path[0] == '\0') { gpr_log(GPR_ERROR, "'http_proxy' environment variable set, but cannot " "parse server URI '%s' -- not using proxy", server_uri); if (uri != NULL) grpc_uri_destroy(uri); return false; } if (strcmp(uri->scheme, "unix") == 0) { gpr_log(GPR_INFO, "not using proxy for Unix domain socket '%s'", server_uri); grpc_uri_destroy(uri); return false; } grpc_arg new_arg; new_arg.key = GRPC_ARG_HTTP_CONNECT_SERVER; new_arg.type = GRPC_ARG_STRING; new_arg.value.string = uri->path[0] == '/' ? uri->path + 1 : uri->path; *new_args = grpc_channel_args_copy_and_add(args, &new_arg, 1); grpc_uri_destroy(uri); return true; }
static grpc_security_status ssl_create_security_connector( grpc_credentials *creds, const char *target, const grpc_channel_args *args, grpc_credentials *request_metadata_creds, grpc_channel_security_connector **sc, grpc_channel_args **new_args) { grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds; grpc_security_status status = GRPC_SECURITY_OK; size_t i = 0; const char *overridden_target_name = NULL; grpc_arg arg; for (i = 0; args && i < args->num_args; i++) { grpc_arg *arg = &args->args[i]; if (strcmp(arg->key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) == 0 && arg->type == GRPC_ARG_STRING) { overridden_target_name = arg->value.string; break; } } status = grpc_ssl_channel_security_connector_create( request_metadata_creds, &c->config, target, overridden_target_name, sc); if (status != GRPC_SECURITY_OK) { return status; } arg.type = GRPC_ARG_STRING; arg.key = GRPC_ARG_HTTP2_SCHEME; arg.value.string = "https"; *new_args = grpc_channel_args_copy_and_add(args, &arg, 1); return status; }
static void test_create(void) { grpc_arg arg_int; grpc_arg arg_string; grpc_arg to_add[2]; grpc_channel_args *ch_args; arg_int.key = "int_arg"; arg_int.type = GRPC_ARG_INTEGER; arg_int.value.integer = 123; arg_string.key = "str key"; arg_string.type = GRPC_ARG_STRING; arg_string.value.string = "str value"; to_add[0] = arg_int; to_add[1] = arg_string; ch_args = grpc_channel_args_copy_and_add(NULL, to_add, 2); GPR_ASSERT(ch_args->num_args == 2); GPR_ASSERT(strcmp(ch_args->args[0].key, arg_int.key) == 0); GPR_ASSERT(ch_args->args[0].type == arg_int.type); GPR_ASSERT(ch_args->args[0].value.integer == arg_int.value.integer); GPR_ASSERT(strcmp(ch_args->args[1].key, arg_string.key) == 0); GPR_ASSERT(ch_args->args[1].type == arg_string.type); GPR_ASSERT(strcmp(ch_args->args[1].value.string, arg_string.value.string) == 0); grpc_channel_args_destroy(ch_args); }
static void on_secure_handshake_done(grpc_exec_ctx *exec_ctx, void *arg, grpc_security_status status, grpc_endpoint *secure_endpoint, grpc_auth_context *auth_context) { connector *c = arg; grpc_closure *notify; grpc_channel_args *args_copy = NULL; gpr_mu_lock(&c->mu); if (c->connecting_endpoint == NULL) { memset(c->result, 0, sizeof(*c->result)); gpr_mu_unlock(&c->mu); } else if (status != GRPC_SECURITY_OK) { gpr_log(GPR_ERROR, "Secure handshake failed with error %d.", status); memset(c->result, 0, sizeof(*c->result)); c->connecting_endpoint = NULL; gpr_mu_unlock(&c->mu); } else { grpc_arg auth_context_arg; c->connecting_endpoint = NULL; gpr_mu_unlock(&c->mu); c->result->transport = grpc_create_chttp2_transport( exec_ctx, c->args.channel_args, secure_endpoint, 1); grpc_chttp2_transport_start_reading(exec_ctx, c->result->transport, NULL, 0); auth_context_arg = grpc_auth_context_to_arg(auth_context); args_copy = grpc_channel_args_copy_and_add(c->args.channel_args, &auth_context_arg, 1); c->result->channel_args = args_copy; } notify = c->notify; c->notify = NULL; /* look at c->args which are connector args. */ notify->cb(exec_ctx, notify->cb_arg, 1); if (args_copy != NULL) grpc_channel_args_destroy(args_copy); }
grpc_channel *grpc_insecure_channel_create_from_fd( const char *target, int fd, const grpc_channel_args *args) { grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; GRPC_API_TRACE("grpc_insecure_channel_create(target=%p, fd=%d, args=%p)", 3, (target, fd, args)); grpc_arg default_authority_arg; default_authority_arg.type = GRPC_ARG_STRING; default_authority_arg.key = GRPC_ARG_DEFAULT_AUTHORITY; default_authority_arg.value.string = "test.authority"; grpc_channel_args *final_args = grpc_channel_args_copy_and_add(args, &default_authority_arg, 1); int flags = fcntl(fd, F_GETFL, 0); GPR_ASSERT(fcntl(fd, F_SETFL, flags | O_NONBLOCK) == 0); grpc_endpoint *client = grpc_tcp_client_create_from_fd( &exec_ctx, grpc_fd_create(fd, "client"), args, "fd-client"); grpc_transport *transport = grpc_create_chttp2_transport(&exec_ctx, final_args, client, 1); GPR_ASSERT(transport); grpc_channel *channel = grpc_channel_create( &exec_ctx, target, final_args, GRPC_CLIENT_DIRECT_CHANNEL, transport); grpc_channel_args_destroy(final_args); grpc_chttp2_transport_start_reading(&exec_ctx, transport, NULL); grpc_exec_ctx_finish(&exec_ctx); return channel != NULL ? channel : grpc_lame_client_channel_create( target, GRPC_STATUS_INTERNAL, "Failed to create client channel"); }
static void on_secure_handshake_done(grpc_exec_ctx *exec_ctx, void *statep, grpc_security_status status, grpc_endpoint *secure_endpoint, grpc_auth_context *auth_context) { server_secure_connect *state = statep; if (status == GRPC_SECURITY_OK) { if (secure_endpoint) { gpr_mu_lock(&state->state->mu); if (!state->state->is_shutdown) { grpc_transport *transport = grpc_create_chttp2_transport( exec_ctx, grpc_server_get_channel_args(state->state->server), secure_endpoint, 0); grpc_arg args_to_add[2]; args_to_add[0] = grpc_server_credentials_to_arg(state->state->creds); args_to_add[1] = grpc_auth_context_to_arg(auth_context); grpc_channel_args *args_copy = grpc_channel_args_copy_and_add( state->args, args_to_add, GPR_ARRAY_SIZE(args_to_add)); grpc_server_setup_transport(exec_ctx, state->state->server, transport, state->accepting_pollset, args_copy); grpc_channel_args_destroy(args_copy); grpc_chttp2_transport_start_reading(exec_ctx, transport, NULL); } else { /* We need to consume this here, because the server may already have * gone away. */ grpc_endpoint_destroy(exec_ctx, secure_endpoint); } gpr_mu_unlock(&state->state->mu); } } else { gpr_log(GPR_ERROR, "Secure transport failed with error %d", status); } grpc_channel_args_destroy(state->args); state_unref(state->state); gpr_free(state); }
grpc_channel_args *grpc_channel_args_set_compression_algorithm( grpc_channel_args *a, grpc_compression_algorithm algorithm) { grpc_arg tmp; tmp.type = GRPC_ARG_INTEGER; tmp.key = GRPC_COMPRESSION_ALGORITHM_ARG; tmp.value.integer = algorithm; return grpc_channel_args_copy_and_add(a, &tmp, 1); }
void chttp2_init_client_fullstack(grpc_end2end_test_fixture *f, grpc_channel_args *client_args) { fullstack_fixture_data *ffd = f->fixture_data; grpc_arg arg = grpc_load_reporting_config_create_arg(g_client_lrc); client_args = grpc_channel_args_copy_and_add(client_args, &arg, 1); f->client = grpc_insecure_channel_create(ffd->localaddr, client_args, NULL); grpc_channel_args_destroy(client_args); GPR_ASSERT(f->client); }
grpc_channel_args *grpc_channel_args_set_stream_compression_algorithm( grpc_channel_args *a, grpc_stream_compression_algorithm algorithm) { GPR_ASSERT(algorithm < GRPC_STREAM_COMPRESS_ALGORITHMS_COUNT); grpc_arg tmp; tmp.type = GRPC_ARG_INTEGER; tmp.key = (char *)GRPC_STREAM_COMPRESSION_CHANNEL_DEFAULT_ALGORITHM; tmp.value.integer = algorithm; return grpc_channel_args_copy_and_add(a, &tmp, 1); }
/* Create a secure client channel: Asynchronously: - resolve target - connect to it (trying alternatives as presented) - perform handshakes */ grpc_channel *grpc_secure_channel_create(grpc_channel_credentials *creds, const char *target, const grpc_channel_args *args, void *reserved) { grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; GRPC_API_TRACE( "grpc_secure_channel_create(creds=%p, target=%s, args=%p, " "reserved=%p)", 4, (creds, target, args, reserved)); GPR_ASSERT(reserved == NULL); // Make sure security connector does not already exist in args. if (grpc_find_security_connector_in_args(args) != NULL) { gpr_log(GPR_ERROR, "Cannot set security context in channel args."); grpc_exec_ctx_finish(&exec_ctx); return grpc_lame_client_channel_create( target, GRPC_STATUS_INTERNAL, "Security connector exists in channel args."); } // Create security connector and construct new channel args. grpc_channel_security_connector *security_connector; grpc_channel_args *new_args_from_connector; if (grpc_channel_credentials_create_security_connector( creds, target, args, &security_connector, &new_args_from_connector) != GRPC_SECURITY_OK) { grpc_exec_ctx_finish(&exec_ctx); return grpc_lame_client_channel_create( target, GRPC_STATUS_INTERNAL, "Failed to create security connector."); } grpc_arg connector_arg = grpc_security_connector_to_arg(&security_connector->base); grpc_channel_args *new_args = grpc_channel_args_copy_and_add( new_args_from_connector != NULL ? new_args_from_connector : args, &connector_arg, 1); if (new_args_from_connector != NULL) { grpc_channel_args_destroy(new_args_from_connector); } // Create client channel factory. client_channel_factory *f = gpr_malloc(sizeof(*f)); memset(f, 0, sizeof(*f)); f->base.vtable = &client_channel_factory_vtable; gpr_ref_init(&f->refs, 1); GRPC_SECURITY_CONNECTOR_REF(&security_connector->base, "grpc_secure_channel_create"); f->security_connector = security_connector; // Create channel. grpc_channel *channel = client_channel_factory_create_channel( &exec_ctx, &f->base, target, GRPC_CLIENT_CHANNEL_TYPE_REGULAR, new_args); // Clean up. GRPC_SECURITY_CONNECTOR_UNREF(&f->security_connector->base, "secure_client_channel_factory_create_channel"); grpc_channel_args_destroy(new_args); grpc_client_channel_factory_unref(&exec_ctx, &f->base); grpc_exec_ctx_finish(&exec_ctx); return channel; /* may be NULL */ }
static void chttp2_init_client_simple_ssl_secure_fullstack( grpc_end2end_test_fixture *f, grpc_channel_args *client_args) { grpc_credentials *ssl_creds = grpc_ssl_credentials_create(NULL, NULL); grpc_arg ssl_name_override = {GRPC_ARG_STRING, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG, {"foo.test.google.fr"}}; grpc_channel_args *new_client_args = grpc_channel_args_copy_and_add(client_args, &ssl_name_override, 1); chttp2_init_client_secure_fullstack(f, new_client_args, ssl_creds); grpc_channel_args_destroy(new_client_args); }
static void fake_resolver_maybe_finish_next_locked(grpc_exec_ctx* exec_ctx, fake_resolver* r) { if (r->next_completion != NULL && !r->published) { r->published = true; grpc_arg arg = grpc_lb_addresses_create_channel_arg(r->addresses); *r->target_result = grpc_channel_args_copy_and_add(r->channel_args, &arg, 1); grpc_closure_sched(exec_ctx, r->next_completion, GRPC_ERROR_NONE); r->next_completion = NULL; } }
static void on_peer_checked(grpc_exec_ctx *exec_ctx, void *arg, grpc_error *error) { security_handshaker *h = arg; gpr_mu_lock(&h->mu); if (error != GRPC_ERROR_NONE || h->shutdown) { security_handshake_failed_locked(exec_ctx, h, GRPC_ERROR_REF(error)); goto done; } // Create frame protector. tsi_frame_protector *protector; tsi_result result = tsi_handshaker_result_create_frame_protector( h->handshaker_result, NULL, &protector); if (result != TSI_OK) { error = grpc_set_tsi_error_result( GRPC_ERROR_CREATE_FROM_STATIC_STRING("Frame protector creation failed"), result); security_handshake_failed_locked(exec_ctx, h, error); goto done; } // Get unused bytes. unsigned char *unused_bytes = NULL; size_t unused_bytes_size = 0; result = tsi_handshaker_result_get_unused_bytes( h->handshaker_result, &unused_bytes, &unused_bytes_size); // Create secure endpoint. if (unused_bytes_size > 0) { grpc_slice slice = grpc_slice_from_copied_buffer((char *)unused_bytes, unused_bytes_size); h->args->endpoint = grpc_secure_endpoint_create(protector, h->args->endpoint, &slice, 1); grpc_slice_unref_internal(exec_ctx, slice); } else { h->args->endpoint = grpc_secure_endpoint_create(protector, h->args->endpoint, NULL, 0); } tsi_handshaker_result_destroy(h->handshaker_result); h->handshaker_result = NULL; // Clear out the read buffer before it gets passed to the transport. grpc_slice_buffer_reset_and_unref_internal(exec_ctx, h->args->read_buffer); // Add auth context to channel args. grpc_arg auth_context_arg = grpc_auth_context_to_arg(h->auth_context); grpc_channel_args *tmp_args = h->args->args; h->args->args = grpc_channel_args_copy_and_add(tmp_args, &auth_context_arg, 1); grpc_channel_args_destroy(exec_ctx, tmp_args); // Invoke callback. GRPC_CLOSURE_SCHED(exec_ctx, h->on_handshake_done, GRPC_ERROR_NONE); // Set shutdown to true so that subsequent calls to // security_handshaker_shutdown() do nothing. h->shutdown = true; done: gpr_mu_unlock(&h->mu); security_handshaker_unref(exec_ctx, h); }
void chttp2_init_client_fullstack(grpc_end2end_test_fixture *f, grpc_channel_args *client_args) { fullstack_fixture_data *ffd = f->fixture_data; grpc_arg arg = make_census_enable_arg(); client_args = grpc_channel_args_copy_and_add(client_args, &arg, 1); f->client = grpc_insecure_channel_create(ffd->localaddr, client_args, NULL); GPR_ASSERT(f->client); { grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; grpc_channel_args_destroy(&exec_ctx, client_args); grpc_exec_ctx_finish(&exec_ctx); } }
static void test_compression_algorithm_states(void) { grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; grpc_channel_args *ch_args, *ch_args_wo_gzip, *ch_args_wo_gzip_deflate; unsigned states_bitset; size_t i; ch_args = grpc_channel_args_copy_and_add(NULL, NULL, 0); /* by default, all enabled */ states_bitset = (unsigned)grpc_channel_args_compression_algorithm_get_states(ch_args); for (i = 0; i < GRPC_COMPRESS_ALGORITHMS_COUNT; i++) { GPR_ASSERT(GPR_BITGET(states_bitset, i)); } /* disable gzip and deflate */ ch_args_wo_gzip = grpc_channel_args_compression_algorithm_set_state( &exec_ctx, &ch_args, GRPC_COMPRESS_GZIP, 0); GPR_ASSERT(ch_args == ch_args_wo_gzip); ch_args_wo_gzip_deflate = grpc_channel_args_compression_algorithm_set_state( &exec_ctx, &ch_args_wo_gzip, GRPC_COMPRESS_DEFLATE, 0); GPR_ASSERT(ch_args_wo_gzip == ch_args_wo_gzip_deflate); states_bitset = (unsigned)grpc_channel_args_compression_algorithm_get_states( ch_args_wo_gzip_deflate); for (i = 0; i < GRPC_COMPRESS_ALGORITHMS_COUNT; i++) { if (i == GRPC_COMPRESS_GZIP || i == GRPC_COMPRESS_DEFLATE) { GPR_ASSERT(GPR_BITGET(states_bitset, i) == 0); } else { GPR_ASSERT(GPR_BITGET(states_bitset, i) != 0); } } /* re-enabled gzip only */ ch_args_wo_gzip = grpc_channel_args_compression_algorithm_set_state( &exec_ctx, &ch_args_wo_gzip_deflate, GRPC_COMPRESS_GZIP, 1); GPR_ASSERT(ch_args_wo_gzip == ch_args_wo_gzip_deflate); states_bitset = (unsigned)grpc_channel_args_compression_algorithm_get_states( ch_args_wo_gzip); for (i = 0; i < GRPC_COMPRESS_ALGORITHMS_COUNT; i++) { if (i == GRPC_COMPRESS_DEFLATE) { GPR_ASSERT(GPR_BITGET(states_bitset, i) == 0); } else { GPR_ASSERT(GPR_BITGET(states_bitset, i) != 0); } } grpc_channel_args_destroy(&exec_ctx, ch_args); grpc_exec_ctx_finish(&exec_ctx); }
void chttp2_init_server_fullstack(grpc_end2end_test_fixture *f, grpc_channel_args *server_args) { fullstack_fixture_data *ffd = f->fixture_data; if (f->server) { grpc_server_destroy(f->server); } grpc_arg arg = grpc_load_reporting_config_create_arg(g_server_lrc); server_args = grpc_channel_args_copy_and_add(server_args, &arg, 1); f->server = grpc_server_create(server_args, NULL); grpc_channel_args_destroy(server_args); grpc_server_register_completion_queue(f->server, f->cq, NULL); GPR_ASSERT(grpc_server_add_insecure_http2_port(f->server, ffd->localaddr)); grpc_server_start(f->server); }
static void setup_transport(grpc_exec_ctx *exec_ctx, void *statep, grpc_transport *transport, grpc_auth_context *auth_context) { grpc_server_secure_state *state = statep; grpc_channel_args *args_copy; grpc_arg args_to_add[2]; args_to_add[0] = grpc_server_credentials_to_arg(state->creds); args_to_add[1] = grpc_auth_context_to_arg(auth_context); args_copy = grpc_channel_args_copy_and_add( grpc_server_get_channel_args(state->server), args_to_add, GPR_ARRAY_SIZE(args_to_add)); grpc_server_setup_transport(exec_ctx, state->server, transport, args_copy); grpc_channel_args_destroy(args_copy); }
int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, grpc_server_credentials *creds) { grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; grpc_error *err = GRPC_ERROR_NONE; grpc_server_security_connector *sc = NULL; int port_num = 0; GRPC_API_TRACE( "grpc_server_add_secure_http2_port(" "server=%p, addr=%s, creds=%p)", 3, (server, addr, creds)); // Create security context. if (creds == NULL) { err = GRPC_ERROR_CREATE( "No credentials specified for secure server port (creds==NULL)"); goto done; } grpc_security_status status = grpc_server_credentials_create_security_connector(&exec_ctx, creds, &sc); if (status != GRPC_SECURITY_OK) { char *msg; gpr_asprintf(&msg, "Unable to create secure server with credentials of type %s.", creds->type); err = grpc_error_set_int(GRPC_ERROR_CREATE(msg), GRPC_ERROR_INT_SECURITY_STATUS, status); gpr_free(msg); goto done; } // Create channel args. grpc_arg args_to_add[2]; args_to_add[0] = grpc_server_credentials_to_arg(creds); args_to_add[1] = grpc_security_connector_to_arg(&sc->base); grpc_channel_args *args = grpc_channel_args_copy_and_add(grpc_server_get_channel_args(server), args_to_add, GPR_ARRAY_SIZE(args_to_add)); // Add server port. err = grpc_chttp2_server_add_port(&exec_ctx, server, addr, args, &port_num); done: if (sc != NULL) { GRPC_SECURITY_CONNECTOR_UNREF(&exec_ctx, &sc->base, "server"); } grpc_exec_ctx_finish(&exec_ctx); if (err != GRPC_ERROR_NONE) { const char *msg = grpc_error_string(err); gpr_log(GPR_ERROR, "%s", msg); grpc_error_free_string(msg); GRPC_ERROR_UNREF(err); } return port_num; }
static void dns_on_resolved(grpc_exec_ctx *exec_ctx, void *arg, grpc_error *error) { dns_resolver *r = arg; grpc_channel_args *result = NULL; gpr_mu_lock(&r->mu); GPR_ASSERT(r->resolving); r->resolving = false; if (r->addresses != NULL) { grpc_lb_addresses *addresses = grpc_lb_addresses_create( r->addresses->naddrs, NULL /* user_data_vtable */); for (size_t i = 0; i < r->addresses->naddrs; ++i) { grpc_lb_addresses_set_address( addresses, i, &r->addresses->addrs[i].addr, r->addresses->addrs[i].len, false /* is_balancer */, NULL /* balancer_name */, NULL /* user_data */); } grpc_arg new_arg = grpc_lb_addresses_create_channel_arg(addresses); result = grpc_channel_args_copy_and_add(r->channel_args, &new_arg, 1); grpc_resolved_addresses_destroy(r->addresses); grpc_lb_addresses_destroy(addresses); } else { gpr_timespec now = gpr_now(GPR_CLOCK_MONOTONIC); gpr_timespec next_try = gpr_backoff_step(&r->backoff_state, now); gpr_timespec timeout = gpr_time_sub(next_try, now); const char *msg = grpc_error_string(error); gpr_log(GPR_DEBUG, "dns resolution failed: %s", msg); grpc_error_free_string(msg); GPR_ASSERT(!r->have_retry_timer); r->have_retry_timer = true; GRPC_RESOLVER_REF(&r->base, "retry-timer"); if (gpr_time_cmp(timeout, gpr_time_0(timeout.clock_type)) > 0) { gpr_log(GPR_DEBUG, "retrying in %" PRId64 ".%09d seconds", timeout.tv_sec, timeout.tv_nsec); } else { gpr_log(GPR_DEBUG, "retrying immediately"); } grpc_timer_init(exec_ctx, &r->retry_timer, next_try, dns_on_retry_timer, r, now); } if (r->resolved_result != NULL) { grpc_channel_args_destroy(r->resolved_result); } r->resolved_result = result; r->resolved_version++; dns_maybe_finish_next_locked(exec_ctx, r); gpr_mu_unlock(&r->mu); GRPC_RESOLVER_UNREF(exec_ctx, &r->base, "dns-resolving"); }
static grpc_transport_setup_result setup_transport(void *statep, grpc_transport *transport, grpc_mdctx *mdctx) { static grpc_channel_filter const *extra_filters[] = { &grpc_server_auth_filter, &grpc_http_server_filter}; grpc_server_secure_state *state = statep; grpc_transport_setup_result result; grpc_arg connector_arg = grpc_security_connector_to_arg(state->sc); grpc_channel_args *args_copy = grpc_channel_args_copy_and_add( grpc_server_get_channel_args(state->server), &connector_arg); result = grpc_server_setup_transport(state->server, transport, extra_filters, GPR_ARRAY_SIZE(extra_filters), mdctx, args_copy); grpc_channel_args_destroy(args_copy); return result; }
static grpc_channel *create_proxy_client(const char *target, grpc_channel_args *client_args) { grpc_channel *channel; grpc_channel_credentials *ssl_creds = grpc_ssl_credentials_create(NULL, NULL, NULL); grpc_arg ssl_name_override = {GRPC_ARG_STRING, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG, {"foo.test.google.fr"}}; grpc_channel_args *new_client_args = grpc_channel_args_copy_and_add(client_args, &ssl_name_override, 1); channel = grpc_secure_channel_create(ssl_creds, target, new_client_args, NULL); grpc_channel_credentials_release(ssl_creds); grpc_channel_args_destroy(new_client_args); return channel; }
static void test_get_channel_info() { grpc_channel *channel = grpc_insecure_channel_create("ipv4:127.0.0.1:1234", NULL, NULL); // Ensures that resolver returns. grpc_channel_check_connectivity_state(channel, true /* try_to_connect */); // First, request no fields. This is a no-op. grpc_channel_info channel_info; memset(&channel_info, 0, sizeof(channel_info)); grpc_channel_get_info(channel, &channel_info); // Request LB policy name. char *lb_policy_name = NULL; channel_info.lb_policy_name = &lb_policy_name; grpc_channel_get_info(channel, &channel_info); GPR_ASSERT(lb_policy_name != NULL); GPR_ASSERT(strcmp(lb_policy_name, "pick_first") == 0); gpr_free(lb_policy_name); // Request service config, which does not exist, so we'll get nothing back. memset(&channel_info, 0, sizeof(channel_info)); char *service_config_json = "dummy_string"; channel_info.service_config_json = &service_config_json; grpc_channel_get_info(channel, &channel_info); GPR_ASSERT(service_config_json == NULL); // Recreate the channel such that it has a service config. grpc_channel_destroy(channel); grpc_arg arg; arg.type = GRPC_ARG_STRING; arg.key = GRPC_ARG_SERVICE_CONFIG; arg.value.string = "{\"loadBalancingPolicy\": \"ROUND_ROBIN\"}"; grpc_channel_args *args = grpc_channel_args_copy_and_add(NULL, &arg, 1); channel = grpc_insecure_channel_create("ipv4:127.0.0.1:1234", args, NULL); { grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; grpc_channel_args_destroy(&exec_ctx, args); grpc_exec_ctx_finish(&exec_ctx); } // Ensures that resolver returns. grpc_channel_check_connectivity_state(channel, true /* try_to_connect */); // Now request the service config again. grpc_channel_get_info(channel, &channel_info); GPR_ASSERT(service_config_json != NULL); GPR_ASSERT(strcmp(service_config_json, arg.value.string) == 0); gpr_free(service_config_json); // Clean up. grpc_channel_destroy(channel); }
grpc_channel_args *grpc_channel_args_union(const grpc_channel_args *a, const grpc_channel_args *b) { const size_t max_out = (a->num_args + b->num_args); grpc_arg *uniques = (grpc_arg *)gpr_malloc(sizeof(*uniques) * max_out); for (size_t i = 0; i < a->num_args; ++i) uniques[i] = a->args[i]; size_t uniques_idx = a->num_args; for (size_t i = 0; i < b->num_args; ++i) { const char *b_key = b->args[i].key; if (grpc_channel_args_find(a, b_key) == NULL) { // not found uniques[uniques_idx++] = b->args[i]; } } grpc_channel_args *result = grpc_channel_args_copy_and_add(NULL, uniques, uniques_idx); gpr_free(uniques); return result; }
void chttp2_init_server_load_reporting(grpc_end2end_test_fixture *f, grpc_channel_args *server_args) { load_reporting_fixture_data *ffd = f->fixture_data; grpc_arg arg = grpc_load_reporting_enable_arg(); if (f->server) { grpc_server_destroy(f->server); } server_args = grpc_channel_args_copy_and_add(server_args, &arg, 1); f->server = grpc_server_create(server_args, NULL); { grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; grpc_channel_args_destroy(&exec_ctx, server_args); grpc_exec_ctx_finish(&exec_ctx); } grpc_server_register_completion_queue(f->server, f->cq, NULL); GPR_ASSERT(grpc_server_add_insecure_http2_port(f->server, ffd->localaddr)); grpc_server_start(f->server); }
static void chttp2_init_client_simple_ssl_with_oauth2_secure_fullstack( grpc_end2end_test_fixture *f, grpc_channel_args *client_args) { grpc_credentials *ssl_creds = grpc_ssl_credentials_create(test_root_cert, NULL); grpc_credentials *oauth2_creds = grpc_fake_oauth2_credentials_create("Bearer aaslkfjs424535asdf", 1); grpc_credentials *ssl_oauth2_creds = grpc_composite_credentials_create(ssl_creds, oauth2_creds); grpc_arg ssl_name_override = {GRPC_ARG_STRING, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG, {"foo.test.google.fr"}}; grpc_channel_args *new_client_args = grpc_channel_args_copy_and_add(client_args, &ssl_name_override); chttp2_init_client_secure_fullstack(f, new_client_args, ssl_oauth2_creds); grpc_channel_args_destroy(new_client_args); grpc_credentials_release(ssl_creds); grpc_credentials_release(oauth2_creds); }
static void on_peer_checked(grpc_exec_ctx *exec_ctx, void *arg, grpc_error *error) { security_handshaker *h = arg; gpr_mu_lock(&h->mu); if (error != GRPC_ERROR_NONE || h->shutdown) { security_handshake_failed_locked(exec_ctx, h, GRPC_ERROR_REF(error)); goto done; } // Get frame protector. tsi_frame_protector *protector; tsi_result result = tsi_handshaker_create_frame_protector(h->handshaker, NULL, &protector); if (result != TSI_OK) { error = grpc_set_tsi_error_result( GRPC_ERROR_CREATE("Frame protector creation failed"), result); security_handshake_failed_locked(exec_ctx, h, error); goto done; } // Success. // Create secure endpoint. h->args->endpoint = grpc_secure_endpoint_create( protector, h->args->endpoint, h->left_overs.slices, h->left_overs.count); h->left_overs.count = 0; h->left_overs.length = 0; // Clear out the read buffer before it gets passed to the transport, // since any excess bytes were already copied to h->left_overs. grpc_slice_buffer_reset_and_unref(h->args->read_buffer); // Add auth context to channel args. grpc_arg auth_context_arg = grpc_auth_context_to_arg(h->auth_context); grpc_channel_args *tmp_args = h->args->args; h->args->args = grpc_channel_args_copy_and_add(tmp_args, &auth_context_arg, 1); grpc_channel_args_destroy(tmp_args); // Invoke callback. grpc_exec_ctx_sched(exec_ctx, h->on_handshake_done, GRPC_ERROR_NONE, NULL); // Set shutdown to true so that subsequent calls to // security_handshaker_shutdown() do nothing. h->shutdown = true; done: gpr_mu_unlock(&h->mu); security_handshaker_unref(exec_ctx, h); }