mirror of https://github.com/grpc/grpc.git
Merge pull request #14615 from dgquintas/authority_header
Secure channels: use the right authoritypull/14836/merge
commit
07e75a02a0
128 changed files with 1590 additions and 949 deletions
@ -0,0 +1,141 @@ |
||||
/*
|
||||
* |
||||
* Copyright 2018 gRPC authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
* |
||||
*/ |
||||
|
||||
#include <grpc/support/port_platform.h> |
||||
|
||||
#include <assert.h> |
||||
#include <limits.h> |
||||
#include <string.h> |
||||
|
||||
#include <grpc/support/alloc.h> |
||||
#include <grpc/support/log.h> |
||||
#include <grpc/support/string_util.h> |
||||
|
||||
#include "src/core/ext/filters/http/client_authority_filter.h" |
||||
#include "src/core/lib/channel/channel_args.h" |
||||
#include "src/core/lib/gpr/string.h" |
||||
#include "src/core/lib/slice/slice_internal.h" |
||||
#include "src/core/lib/slice/slice_string_helpers.h" |
||||
#include "src/core/lib/surface/call.h" |
||||
#include "src/core/lib/surface/channel_init.h" |
||||
#include "src/core/lib/surface/channel_stack_type.h" |
||||
#include "src/core/lib/transport/static_metadata.h" |
||||
|
||||
namespace { |
||||
|
||||
struct call_data { |
||||
grpc_linked_mdelem authority_storage; |
||||
grpc_call_combiner* call_combiner; |
||||
}; |
||||
|
||||
struct channel_data { |
||||
grpc_slice default_authority; |
||||
}; |
||||
|
||||
void authority_start_transport_stream_op_batch( |
||||
grpc_call_element* elem, grpc_transport_stream_op_batch* batch) { |
||||
channel_data* chand = static_cast<channel_data*>(elem->channel_data); |
||||
call_data* calld = static_cast<call_data*>(elem->call_data); |
||||
// Handle send_initial_metadata.
|
||||
auto* initial_metadata = |
||||
batch->payload->send_initial_metadata.send_initial_metadata; |
||||
// If the initial metadata doesn't already contain :authority, add it.
|
||||
if (batch->send_initial_metadata && |
||||
initial_metadata->idx.named.authority == nullptr) { |
||||
grpc_error* error = grpc_metadata_batch_add_head( |
||||
initial_metadata, &calld->authority_storage, |
||||
grpc_mdelem_from_slices(GRPC_MDSTR_AUTHORITY, |
||||
grpc_slice_ref(chand->default_authority))); |
||||
if (error != GRPC_ERROR_NONE) { |
||||
grpc_transport_stream_op_batch_finish_with_failure(batch, error, |
||||
calld->call_combiner); |
||||
return; |
||||
} |
||||
} |
||||
// Pass control down the stack.
|
||||
grpc_call_next_op(elem, batch); |
||||
} |
||||
|
||||
/* Constructor for call_data */ |
||||
grpc_error* init_call_elem(grpc_call_element* elem, |
||||
const grpc_call_element_args* args) { |
||||
call_data* calld = static_cast<call_data*>(elem->call_data); |
||||
calld->call_combiner = args->call_combiner; |
||||
return GRPC_ERROR_NONE; |
||||
} |
||||
|
||||
/* Destructor for call_data */ |
||||
void destroy_call_elem(grpc_call_element* elem, |
||||
const grpc_call_final_info* final_info, |
||||
grpc_closure* ignored) {} |
||||
|
||||
/* Constructor for channel_data */ |
||||
grpc_error* init_channel_elem(grpc_channel_element* elem, |
||||
grpc_channel_element_args* args) { |
||||
channel_data* chand = static_cast<channel_data*>(elem->channel_data); |
||||
const grpc_arg* default_authority_arg = |
||||
grpc_channel_args_find(args->channel_args, GRPC_ARG_DEFAULT_AUTHORITY); |
||||
if (default_authority_arg == nullptr) { |
||||
gpr_log( |
||||
GPR_ERROR, |
||||
"GRPC_ARG_DEFAULT_AUTHORITY channel arg. not found. Note that direct " |
||||
"channels must explicity specify a value for this argument."); |
||||
abort(); |
||||
} |
||||
chand->default_authority = grpc_slice_from_copied_string( |
||||
grpc_channel_arg_get_string(default_authority_arg)); |
||||
GPR_ASSERT(!args->is_last); |
||||
return GRPC_ERROR_NONE; |
||||
} |
||||
|
||||
/* Destructor for channel data */ |
||||
void destroy_channel_elem(grpc_channel_element* elem) { |
||||
channel_data* chand = static_cast<channel_data*>(elem->channel_data); |
||||
grpc_slice_unref(chand->default_authority); |
||||
} |
||||
} // namespace
|
||||
|
||||
const grpc_channel_filter grpc_client_authority_filter = { |
||||
authority_start_transport_stream_op_batch, |
||||
grpc_channel_next_op, |
||||
sizeof(call_data), |
||||
init_call_elem, |
||||
grpc_call_stack_ignore_set_pollset_or_pollset_set, |
||||
destroy_call_elem, |
||||
sizeof(channel_data), |
||||
init_channel_elem, |
||||
destroy_channel_elem, |
||||
grpc_channel_next_get_info, |
||||
"authority"}; |
||||
|
||||
static bool add_client_authority_filter(grpc_channel_stack_builder* builder, |
||||
void* arg) { |
||||
return grpc_channel_stack_builder_prepend_filter( |
||||
builder, static_cast<const grpc_channel_filter*>(arg), nullptr, nullptr); |
||||
} |
||||
|
||||
void grpc_client_authority_filter_init(void) { |
||||
grpc_channel_init_register_stage(GRPC_CLIENT_SUBCHANNEL, INT_MAX, |
||||
add_client_authority_filter, |
||||
(void*)&grpc_client_authority_filter); |
||||
grpc_channel_init_register_stage(GRPC_CLIENT_DIRECT_CHANNEL, INT_MAX, |
||||
add_client_authority_filter, |
||||
(void*)&grpc_client_authority_filter); |
||||
} |
||||
|
||||
void grpc_client_authority_filter_shutdown(void) {} |
@ -0,0 +1,34 @@ |
||||
/*
|
||||
* |
||||
* Copyright 2018 gRPC authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
* |
||||
*/ |
||||
|
||||
#ifndef GRPC_CORE_EXT_FILTERS_HTTP_CLIENT_AUTHORITY_FILTER_H |
||||
#define GRPC_CORE_EXT_FILTERS_HTTP_CLIENT_AUTHORITY_FILTER_H |
||||
|
||||
#include <grpc/support/port_platform.h> |
||||
|
||||
#include <grpc/impl/codegen/compression_types.h> |
||||
|
||||
#include "src/core/lib/channel/channel_stack.h" |
||||
|
||||
/// Filter responsible for setting the authority header, if not already set. It
|
||||
/// uses the value of the GRPC_ARG_DEFAULT_AUTHORITY channel arg if the initial
|
||||
/// metadata doesn't already contain an authority value.
|
||||
|
||||
extern const grpc_channel_filter grpc_client_authority_filter; |
||||
|
||||
#endif /* GRPC_CORE_EXT_FILTERS_HTTP_CLIENT_AUTHORITY_FILTER_H */ |
@ -0,0 +1,42 @@ |
||||
/*
|
||||
* |
||||
* Copyright 2018 gRPC authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
* |
||||
*/ |
||||
|
||||
#include <grpc/support/port_platform.h> |
||||
|
||||
#include "src/core/ext/transport/chttp2/client/authority.h" |
||||
|
||||
grpc_channel_args* grpc_default_authority_add_if_not_present( |
||||
const grpc_channel_args* args) { |
||||
const bool has_default_authority = |
||||
grpc_channel_args_find(args, GRPC_ARG_DEFAULT_AUTHORITY) != nullptr; |
||||
grpc_arg new_args[1]; |
||||
size_t num_new_args = 0; |
||||
grpc_core::UniquePtr<char> default_authority; |
||||
if (!has_default_authority) { |
||||
const grpc_arg* server_uri_arg = |
||||
grpc_channel_args_find(args, GRPC_ARG_SERVER_URI); |
||||
const char* server_uri_str = grpc_channel_arg_get_string(server_uri_arg); |
||||
GPR_ASSERT(server_uri_str != nullptr); |
||||
default_authority = |
||||
grpc_core::ResolverRegistry::GetDefaultAuthority(server_uri_str); |
||||
GPR_ASSERT(default_authority != nullptr); |
||||
new_args[num_new_args++] = grpc_channel_arg_string_create( |
||||
const_cast<char*>(GRPC_ARG_DEFAULT_AUTHORITY), default_authority.get()); |
||||
} |
||||
return grpc_channel_args_copy_and_add(args, new_args, num_new_args); |
||||
} |
@ -0,0 +1,36 @@ |
||||
/*
|
||||
* |
||||
* Copyright 2018 gRPC authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
* |
||||
*/ |
||||
|
||||
#ifndef GRPC_CORE_EXT_TRANSPORT_CHTTP2_CLIENT_AUTHORITY_H |
||||
#define GRPC_CORE_EXT_TRANSPORT_CHTTP2_CLIENT_AUTHORITY_H |
||||
|
||||
#include <grpc/support/port_platform.h> |
||||
|
||||
#include <grpc/grpc.h> |
||||
|
||||
#include "src/core/ext/filters/client_channel/client_channel.h" |
||||
#include "src/core/ext/filters/client_channel/resolver_registry.h" |
||||
#include "src/core/lib/channel/channel_args.h" |
||||
#include "src/core/lib/gprpp/memory.h" |
||||
|
||||
/// Returns a copy of \a args with the default authority channel arg set if it
|
||||
/// wasn't already present.
|
||||
grpc_channel_args* grpc_default_authority_add_if_not_present( |
||||
const grpc_channel_args* args); |
||||
|
||||
#endif /* GRPC_CORE_EXT_TRANSPORT_CHTTP2_CLIENT_AUTHORITY_H */ |
@ -0,0 +1,230 @@ |
||||
/*
|
||||
* |
||||
* Copyright 2015 gRPC authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
* |
||||
*/ |
||||
|
||||
#include "test/core/end2end/end2end_tests.h" |
||||
|
||||
#include <stdio.h> |
||||
#include <string.h> |
||||
|
||||
#include <grpc/byte_buffer.h> |
||||
#include <grpc/grpc.h> |
||||
#include <grpc/support/alloc.h> |
||||
#include <grpc/support/log.h> |
||||
#include <grpc/support/time.h> |
||||
|
||||
#include "src/core/lib/channel/channel_args.h" |
||||
#include "src/core/lib/gpr/string.h" |
||||
#include "test/core/end2end/cq_verifier.h" |
||||
|
||||
static void* tag(intptr_t t) { return (void*)t; } |
||||
|
||||
static grpc_end2end_test_fixture begin_test(grpc_end2end_test_config config, |
||||
const char* test_name, |
||||
grpc_channel_args* client_args, |
||||
grpc_channel_args* server_args) { |
||||
grpc_end2end_test_fixture f; |
||||
gpr_log(GPR_INFO, "Running test: %s/%s", test_name, config.name); |
||||
f = config.create_fixture(client_args, server_args); |
||||
grpc_arg fake_security_name_override = { |
||||
GRPC_ARG_STRING, |
||||
const_cast<char*>(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG), |
||||
{const_cast<char*>("foo.test.google.fr:1234")}}; |
||||
grpc_channel_args* new_client_args = grpc_channel_args_copy_and_add( |
||||
client_args, &fake_security_name_override, 1); |
||||
config.init_client(&f, new_client_args); |
||||
grpc_channel_args_destroy(new_client_args); |
||||
config.init_server(&f, server_args); |
||||
return f; |
||||
} |
||||
|
||||
static gpr_timespec n_seconds_from_now(int n) { |
||||
return grpc_timeout_seconds_to_deadline(n); |
||||
} |
||||
|
||||
static gpr_timespec five_seconds_from_now(void) { |
||||
return n_seconds_from_now(5); |
||||
} |
||||
|
||||
static void drain_cq(grpc_completion_queue* cq) { |
||||
grpc_event ev; |
||||
do { |
||||
ev = grpc_completion_queue_next(cq, five_seconds_from_now(), nullptr); |
||||
} while (ev.type != GRPC_QUEUE_SHUTDOWN); |
||||
} |
||||
|
||||
static void shutdown_server(grpc_end2end_test_fixture* f) { |
||||
if (!f->server) return; |
||||
grpc_server_shutdown_and_notify(f->server, f->shutdown_cq, tag(1000)); |
||||
GPR_ASSERT(grpc_completion_queue_pluck(f->shutdown_cq, tag(1000), |
||||
grpc_timeout_seconds_to_deadline(5), |
||||
nullptr) |
||||
.type == GRPC_OP_COMPLETE); |
||||
grpc_server_destroy(f->server); |
||||
f->server = nullptr; |
||||
} |
||||
|
||||
static void shutdown_client(grpc_end2end_test_fixture* f) { |
||||
if (!f->client) return; |
||||
grpc_channel_destroy(f->client); |
||||
f->client = nullptr; |
||||
} |
||||
|
||||
static void end_test(grpc_end2end_test_fixture* f) { |
||||
shutdown_server(f); |
||||
shutdown_client(f); |
||||
|
||||
grpc_completion_queue_shutdown(f->cq); |
||||
drain_cq(f->cq); |
||||
grpc_completion_queue_destroy(f->cq); |
||||
grpc_completion_queue_destroy(f->shutdown_cq); |
||||
} |
||||
|
||||
static void test_invoke_simple_request(grpc_end2end_test_config config) { |
||||
grpc_end2end_test_fixture f = |
||||
begin_test(config, "test_invoke_simple_request", nullptr, nullptr); |
||||
grpc_call* c; |
||||
grpc_call* s; |
||||
cq_verifier* cqv = cq_verifier_create(f.cq); |
||||
grpc_op ops[6]; |
||||
grpc_op* op; |
||||
grpc_metadata_array initial_metadata_recv; |
||||
grpc_metadata_array trailing_metadata_recv; |
||||
grpc_metadata_array request_metadata_recv; |
||||
grpc_call_details call_details; |
||||
grpc_status_code status; |
||||
grpc_call_error error; |
||||
grpc_slice details; |
||||
int was_cancelled = 2; |
||||
char* peer; |
||||
|
||||
gpr_timespec deadline = five_seconds_from_now(); |
||||
c = grpc_channel_create_call( |
||||
f.client, nullptr, GRPC_PROPAGATE_DEFAULTS, f.cq, |
||||
grpc_slice_from_static_string("/foo"), |
||||
get_host_override_slice("foo.test.google.fr:1234", config), deadline, |
||||
nullptr); |
||||
GPR_ASSERT(c); |
||||
|
||||
peer = grpc_call_get_peer(c); |
||||
GPR_ASSERT(peer != nullptr); |
||||
gpr_log(GPR_DEBUG, "client_peer_before_call=%s", peer); |
||||
gpr_free(peer); |
||||
|
||||
grpc_metadata_array_init(&initial_metadata_recv); |
||||
grpc_metadata_array_init(&trailing_metadata_recv); |
||||
grpc_metadata_array_init(&request_metadata_recv); |
||||
grpc_call_details_init(&call_details); |
||||
|
||||
memset(ops, 0, sizeof(ops)); |
||||
op = ops; |
||||
op->op = GRPC_OP_SEND_INITIAL_METADATA; |
||||
op->data.send_initial_metadata.count = 0; |
||||
op->flags = 0; |
||||
op->reserved = nullptr; |
||||
op++; |
||||
op->op = GRPC_OP_SEND_CLOSE_FROM_CLIENT; |
||||
op->flags = 0; |
||||
op->reserved = nullptr; |
||||
op++; |
||||
op->op = GRPC_OP_RECV_INITIAL_METADATA; |
||||
op->data.recv_initial_metadata.recv_initial_metadata = &initial_metadata_recv; |
||||
op->flags = 0; |
||||
op->reserved = nullptr; |
||||
op++; |
||||
op->op = GRPC_OP_RECV_STATUS_ON_CLIENT; |
||||
op->data.recv_status_on_client.trailing_metadata = &trailing_metadata_recv; |
||||
op->data.recv_status_on_client.status = &status; |
||||
op->data.recv_status_on_client.status_details = &details; |
||||
op->flags = 0; |
||||
op->reserved = nullptr; |
||||
op++; |
||||
error = grpc_call_start_batch(c, ops, static_cast<size_t>(op - ops), tag(1), |
||||
nullptr); |
||||
GPR_ASSERT(error == GRPC_CALL_OK); |
||||
|
||||
error = |
||||
grpc_server_request_call(f.server, &s, &call_details, |
||||
&request_metadata_recv, f.cq, f.cq, tag(101)); |
||||
GPR_ASSERT(error == GRPC_CALL_OK); |
||||
CQ_EXPECT_COMPLETION(cqv, tag(101), 1); |
||||
cq_verify(cqv); |
||||
|
||||
peer = grpc_call_get_peer(s); |
||||
GPR_ASSERT(peer != nullptr); |
||||
gpr_log(GPR_DEBUG, "server_peer=%s", peer); |
||||
gpr_free(peer); |
||||
peer = grpc_call_get_peer(c); |
||||
GPR_ASSERT(peer != nullptr); |
||||
gpr_log(GPR_DEBUG, "client_peer=%s", peer); |
||||
gpr_free(peer); |
||||
|
||||
memset(ops, 0, sizeof(ops)); |
||||
op = ops; |
||||
op->op = GRPC_OP_SEND_INITIAL_METADATA; |
||||
op->data.send_initial_metadata.count = 0; |
||||
op->flags = 0; |
||||
op->reserved = nullptr; |
||||
op++; |
||||
op->op = GRPC_OP_SEND_STATUS_FROM_SERVER; |
||||
op->data.send_status_from_server.trailing_metadata_count = 0; |
||||
op->data.send_status_from_server.status = GRPC_STATUS_UNIMPLEMENTED; |
||||
grpc_slice status_details = grpc_slice_from_static_string("xyz"); |
||||
op->data.send_status_from_server.status_details = &status_details; |
||||
op->flags = 0; |
||||
op->reserved = nullptr; |
||||
op++; |
||||
op->op = GRPC_OP_RECV_CLOSE_ON_SERVER; |
||||
op->data.recv_close_on_server.cancelled = &was_cancelled; |
||||
op->flags = 0; |
||||
op->reserved = nullptr; |
||||
op++; |
||||
error = grpc_call_start_batch(s, ops, static_cast<size_t>(op - ops), tag(102), |
||||
nullptr); |
||||
GPR_ASSERT(error == GRPC_CALL_OK); |
||||
|
||||
CQ_EXPECT_COMPLETION(cqv, tag(102), 1); |
||||
CQ_EXPECT_COMPLETION(cqv, tag(1), 1); |
||||
cq_verify(cqv); |
||||
|
||||
GPR_ASSERT(status == GRPC_STATUS_UNIMPLEMENTED); |
||||
GPR_ASSERT(0 == grpc_slice_str_cmp(details, "xyz")); |
||||
GPR_ASSERT(0 == grpc_slice_str_cmp(call_details.method, "/foo")); |
||||
validate_host_override_string("foo.test.google.fr:1234", call_details.host, |
||||
config); |
||||
GPR_ASSERT(was_cancelled == 1); |
||||
|
||||
grpc_slice_unref(details); |
||||
grpc_metadata_array_destroy(&initial_metadata_recv); |
||||
grpc_metadata_array_destroy(&trailing_metadata_recv); |
||||
grpc_metadata_array_destroy(&request_metadata_recv); |
||||
grpc_call_details_destroy(&call_details); |
||||
|
||||
grpc_call_unref(c); |
||||
grpc_call_unref(s); |
||||
|
||||
cq_verifier_destroy(cqv); |
||||
|
||||
end_test(&f); |
||||
config.tear_down_data(&f); |
||||
} |
||||
|
||||
void call_host_override(grpc_end2end_test_config config) { |
||||
test_invoke_simple_request(config); |
||||
} |
||||
|
||||
void call_host_override_pre_init(void) {} |
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in new issue