diff options
| author |  David Garcia Quintas <dgq@google.com> | 2018-03-10 17:27:15 -0800 |
|---|---|---|
| committer | David Garcia Quintas <dgq@google.com> | 2018-03-10 21:32:57 -0800 |
| commit | c7c0d69d8b411f1c5102bfd186aa2f6992c2e59c (patch) | |
| tree | 4fda7b9d59a6c8e39b0bff4632072840d5bf4945 | |
| parent | 12136821220a671bb9d6443b69817babf2f5c254 (diff) | |
Secure channels: use the right authority
30 files changed, 331 insertions, 350 deletions
@@ -676,6 +676,7 @@ grpc_cc_library( "src/core/lib/channel/channel_args.cc", "src/core/lib/channel/channel_stack.cc", "src/core/lib/channel/channel_stack_builder.cc", + "src/core/lib/channel/client_authority_filter.cc", "src/core/lib/channel/connected_channel.cc", "src/core/lib/channel/handshaker.cc", "src/core/lib/channel/handshaker_factory.cc", @@ -811,6 +812,7 @@ grpc_cc_library( "src/core/lib/channel/channel_args.h", "src/core/lib/channel/channel_stack.h", "src/core/lib/channel/channel_stack_builder.h", + "src/core/lib/channel/client_authority_filter.h", "src/core/lib/channel/connected_channel.h", "src/core/lib/channel/context.h", "src/core/lib/channel/handshaker.h", @@ -1313,6 +1315,7 @@ grpc_cc_library( srcs = [ "src/core/lib/http/httpcli_security_connector.cc", "src/core/lib/security/context/security_context.cc", + "src/core/lib/security/credentials/alts/alts_credentials.cc", "src/core/lib/security/credentials/composite/composite_credentials.cc", "src/core/lib/security/credentials/credentials.cc", "src/core/lib/security/credentials/credentials_metadata.cc", @@ -1326,7 +1329,6 @@ grpc_cc_library( "src/core/lib/security/credentials/oauth2/oauth2_credentials.cc", "src/core/lib/security/credentials/plugin/plugin_credentials.cc", "src/core/lib/security/credentials/ssl/ssl_credentials.cc", - "src/core/lib/security/credentials/alts/alts_credentials.cc", "src/core/lib/security/security_connector/alts_security_connector.cc", "src/core/lib/security/security_connector/security_connector.cc", "src/core/lib/security/transport/client_auth_filter.cc", @@ -1340,6 +1342,7 @@ grpc_cc_library( ], hdrs = [ "src/core/lib/security/context/security_context.h", + "src/core/lib/security/credentials/alts/alts_credentials.h", "src/core/lib/security/credentials/composite/composite_credentials.h", "src/core/lib/security/credentials/credentials.h", "src/core/lib/security/credentials/fake/fake_credentials.h", @@ -1351,7 +1354,6 @@ grpc_cc_library( "src/core/lib/security/credentials/oauth2/oauth2_credentials.h", "src/core/lib/security/credentials/plugin/plugin_credentials.h", "src/core/lib/security/credentials/ssl/ssl_credentials.h", - "src/core/lib/security/credentials/alts/alts_credentials.h", "src/core/lib/security/security_connector/alts_security_connector.h", "src/core/lib/security/security_connector/security_connector.h", "src/core/lib/security/transport/auth_filters.h", @@ -1614,8 +1616,8 @@ grpc_cc_library( "src/core/tsi/alts/frame_protector/frame_handler.h", "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h", "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h", "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h", + "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h", "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h", "src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h", "src/core/tsi/transport_security_grpc.h", @@ -1675,31 +1677,31 @@ grpc_cc_library( ], language = "c++", deps = [ - "alts_proto", - "gpr", - "grpc_base", + "alts_proto", + "gpr", + "grpc_base", ], ) grpc_cc_library( name = "tsi", srcs = [ - "src/core/tsi/alts_transport_security.cc", "src/core/tsi/alts/handshaker/alts_handshaker_client.cc", "src/core/tsi/alts/handshaker/alts_tsi_event.cc", "src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc", "src/core/tsi/alts/handshaker/alts_tsi_utils.cc", + "src/core/tsi/alts_transport_security.cc", "src/core/tsi/fake_transport_security.cc", "src/core/tsi/ssl_transport_security.cc", "src/core/tsi/transport_security_grpc.cc", ], hdrs = [ - "src/core/tsi/alts_transport_security.h", "src/core/tsi/alts/handshaker/alts_handshaker_client.h", "src/core/tsi/alts/handshaker/alts_tsi_event.h", "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h", "src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h", "src/core/tsi/alts/handshaker/alts_tsi_utils.h", + "src/core/tsi/alts_transport_security.h", "src/core/tsi/fake_transport_security.h", "src/core/tsi/ssl_transport_security.h", "src/core/tsi/ssl_types.h", diff --git a/CMakeLists.txt b/CMakeLists.txt index 5dfbdcb85a..d3e84c7751 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -289,7 +289,6 @@ add_dependencies(buildtests_c grpc_completion_queue_test) add_dependencies(buildtests_c grpc_completion_queue_threading_test) add_dependencies(buildtests_c grpc_credentials_test) add_dependencies(buildtests_c grpc_fetch_oauth2) -add_dependencies(buildtests_c grpc_invalid_channel_args_test) if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_MAC OR _gRPC_PLATFORM_POSIX) add_dependencies(buildtests_c grpc_json_token_test) endif() @@ -856,6 +855,7 @@ add_library(grpc src/core/lib/channel/channel_args.cc src/core/lib/channel/channel_stack.cc src/core/lib/channel/channel_stack_builder.cc + src/core/lib/channel/client_authority_filter.cc src/core/lib/channel/connected_channel.cc src/core/lib/channel/handshaker.cc src/core/lib/channel/handshaker_factory.cc @@ -1231,6 +1231,7 @@ add_library(grpc_cronet src/core/lib/channel/channel_args.cc src/core/lib/channel/channel_stack.cc src/core/lib/channel/channel_stack_builder.cc + src/core/lib/channel/client_authority_filter.cc src/core/lib/channel/connected_channel.cc src/core/lib/channel/handshaker.cc src/core/lib/channel/handshaker_factory.cc @@ -1597,6 +1598,7 @@ add_library(grpc_test_util src/core/lib/channel/channel_args.cc src/core/lib/channel/channel_stack.cc src/core/lib/channel/channel_stack_builder.cc + src/core/lib/channel/client_authority_filter.cc src/core/lib/channel/connected_channel.cc src/core/lib/channel/handshaker.cc src/core/lib/channel/handshaker_factory.cc @@ -1886,6 +1888,7 @@ add_library(grpc_test_util_unsecure src/core/lib/channel/channel_args.cc src/core/lib/channel/channel_stack.cc src/core/lib/channel/channel_stack_builder.cc + src/core/lib/channel/client_authority_filter.cc src/core/lib/channel/connected_channel.cc src/core/lib/channel/handshaker.cc src/core/lib/channel/handshaker_factory.cc @@ -2155,6 +2158,7 @@ add_library(grpc_unsecure src/core/lib/channel/channel_args.cc src/core/lib/channel/channel_stack.cc src/core/lib/channel/channel_stack_builder.cc + src/core/lib/channel/client_authority_filter.cc src/core/lib/channel/connected_channel.cc src/core/lib/channel/handshaker.cc src/core/lib/channel/handshaker_factory.cc @@ -2958,6 +2962,7 @@ add_library(grpc++_cronet src/core/lib/channel/channel_args.cc src/core/lib/channel/channel_stack.cc src/core/lib/channel/channel_stack_builder.cc + src/core/lib/channel/client_authority_filter.cc src/core/lib/channel/connected_channel.cc src/core/lib/channel/handshaker.cc src/core/lib/channel/handshaker_factory.cc @@ -6813,33 +6818,6 @@ target_link_libraries(grpc_fetch_oauth2 endif (gRPC_BUILD_TESTS) if (gRPC_BUILD_TESTS) - -add_executable(grpc_invalid_channel_args_test - test/core/surface/invalid_channel_args_test.cc -) - - -target_include_directories(grpc_invalid_channel_args_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} -) - -target_link_libraries(grpc_invalid_channel_args_test - ${_gRPC_ALLTARGETS_LIBRARIES} - grpc_test_util - grpc - gpr_test_util - gpr -) - -endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_MAC OR _gRPC_PLATFORM_POSIX) add_executable(grpc_json_token_test @@ -1013,7 +1013,6 @@ grpc_completion_queue_threading_test: $(BINDIR)/$(CONFIG)/grpc_completion_queue_ grpc_create_jwt: $(BINDIR)/$(CONFIG)/grpc_create_jwt grpc_credentials_test: $(BINDIR)/$(CONFIG)/grpc_credentials_test grpc_fetch_oauth2: $(BINDIR)/$(CONFIG)/grpc_fetch_oauth2 -grpc_invalid_channel_args_test: $(BINDIR)/$(CONFIG)/grpc_invalid_channel_args_test grpc_json_token_test: $(BINDIR)/$(CONFIG)/grpc_json_token_test grpc_jwt_verifier_test: $(BINDIR)/$(CONFIG)/grpc_jwt_verifier_test grpc_print_google_default_creds_token: $(BINDIR)/$(CONFIG)/grpc_print_google_default_creds_token @@ -1448,7 +1447,6 @@ buildtests_c: privatelibs_c \ $(BINDIR)/$(CONFIG)/grpc_completion_queue_threading_test \ $(BINDIR)/$(CONFIG)/grpc_credentials_test \ $(BINDIR)/$(CONFIG)/grpc_fetch_oauth2 \ - $(BINDIR)/$(CONFIG)/grpc_invalid_channel_args_test \ $(BINDIR)/$(CONFIG)/grpc_json_token_test \ $(BINDIR)/$(CONFIG)/grpc_jwt_verifier_test \ $(BINDIR)/$(CONFIG)/grpc_security_connector_test \ @@ -1977,8 +1975,6 @@ test_c: buildtests_c $(Q) $(BINDIR)/$(CONFIG)/grpc_completion_queue_threading_test || ( echo test grpc_completion_queue_threading_test failed ; exit 1 ) $(E) "[RUN] Testing grpc_credentials_test" $(Q) $(BINDIR)/$(CONFIG)/grpc_credentials_test || ( echo test grpc_credentials_test failed ; exit 1 ) - $(E) "[RUN] Testing grpc_invalid_channel_args_test" - $(Q) $(BINDIR)/$(CONFIG)/grpc_invalid_channel_args_test || ( echo test grpc_invalid_channel_args_test failed ; exit 1 ) $(E) "[RUN] Testing grpc_json_token_test" $(Q) $(BINDIR)/$(CONFIG)/grpc_json_token_test || ( echo test grpc_json_token_test failed ; exit 1 ) $(E) "[RUN] Testing grpc_jwt_verifier_test" @@ -3164,6 +3160,7 @@ LIBGRPC_SRC = \ src/core/lib/channel/channel_args.cc \ src/core/lib/channel/channel_stack.cc \ src/core/lib/channel/channel_stack_builder.cc \ + src/core/lib/channel/client_authority_filter.cc \ src/core/lib/channel/connected_channel.cc \ src/core/lib/channel/handshaker.cc \ src/core/lib/channel/handshaker_factory.cc \ @@ -3541,6 +3538,7 @@ LIBGRPC_CRONET_SRC = \ src/core/lib/channel/channel_args.cc \ src/core/lib/channel/channel_stack.cc \ src/core/lib/channel/channel_stack_builder.cc \ + src/core/lib/channel/client_authority_filter.cc \ src/core/lib/channel/connected_channel.cc \ src/core/lib/channel/handshaker.cc \ src/core/lib/channel/handshaker_factory.cc \ @@ -3908,6 +3906,7 @@ LIBGRPC_TEST_UTIL_SRC = \ src/core/lib/channel/channel_args.cc \ src/core/lib/channel/channel_stack.cc \ src/core/lib/channel/channel_stack_builder.cc \ + src/core/lib/channel/client_authority_filter.cc \ src/core/lib/channel/connected_channel.cc \ src/core/lib/channel/handshaker.cc \ src/core/lib/channel/handshaker_factory.cc \ @@ -4190,6 +4189,7 @@ LIBGRPC_TEST_UTIL_UNSECURE_SRC = \ src/core/lib/channel/channel_args.cc \ src/core/lib/channel/channel_stack.cc \ src/core/lib/channel/channel_stack_builder.cc \ + src/core/lib/channel/client_authority_filter.cc \ src/core/lib/channel/connected_channel.cc \ src/core/lib/channel/handshaker.cc \ src/core/lib/channel/handshaker_factory.cc \ @@ -4439,6 +4439,7 @@ LIBGRPC_UNSECURE_SRC = \ src/core/lib/channel/channel_args.cc \ src/core/lib/channel/channel_stack.cc \ src/core/lib/channel/channel_stack_builder.cc \ + src/core/lib/channel/client_authority_filter.cc \ src/core/lib/channel/connected_channel.cc \ src/core/lib/channel/handshaker.cc \ src/core/lib/channel/handshaker_factory.cc \ @@ -5241,6 +5242,7 @@ LIBGRPC++_CRONET_SRC = \ src/core/lib/channel/channel_args.cc \ src/core/lib/channel/channel_stack.cc \ src/core/lib/channel/channel_stack_builder.cc \ + src/core/lib/channel/client_authority_filter.cc \ src/core/lib/channel/connected_channel.cc \ src/core/lib/channel/handshaker.cc \ src/core/lib/channel/handshaker_factory.cc \ @@ -11798,38 +11800,6 @@ endif endif -GRPC_INVALID_CHANNEL_ARGS_TEST_SRC = \ - test/core/surface/invalid_channel_args_test.cc \ - -GRPC_INVALID_CHANNEL_ARGS_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(GRPC_INVALID_CHANNEL_ARGS_TEST_SRC)))) -ifeq ($(NO_SECURE),true) - -# You can't build secure targets if you don't have OpenSSL. - -$(BINDIR)/$(CONFIG)/grpc_invalid_channel_args_test: openssl_dep_error - -else - - - -$(BINDIR)/$(CONFIG)/grpc_invalid_channel_args_test: $(GRPC_INVALID_CHANNEL_ARGS_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a - $(E) "[LD] Linking $@" - $(Q) mkdir -p `dirname $@` - $(Q) $(LD) $(LDFLAGS) $(GRPC_INVALID_CHANNEL_ARGS_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LDLIBS) $(LDLIBS_SECURE) -o $(BINDIR)/$(CONFIG)/grpc_invalid_channel_args_test - -endif - -$(OBJDIR)/$(CONFIG)/test/core/surface/invalid_channel_args_test.o: $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a - -deps_grpc_invalid_channel_args_test: $(GRPC_INVALID_CHANNEL_ARGS_TEST_OBJS:.o=.dep) - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(GRPC_INVALID_CHANNEL_ARGS_TEST_OBJS:.o=.dep) -endif -endif - - GRPC_JSON_TOKEN_TEST_SRC = \ test/core/security/json_token_test.cc \ diff --git a/build.yaml b/build.yaml index e2bb8bfa9f..eab2897706 100644 --- a/build.yaml +++ b/build.yaml @@ -232,6 +232,7 @@ filegroups: - src/core/lib/channel/channel_args.cc - src/core/lib/channel/channel_stack.cc - src/core/lib/channel/channel_stack_builder.cc + - src/core/lib/channel/client_authority_filter.cc - src/core/lib/channel/connected_channel.cc - src/core/lib/channel/handshaker.cc - src/core/lib/channel/handshaker_factory.cc @@ -388,6 +389,7 @@ filegroups: - src/core/lib/channel/channel_args.h - src/core/lib/channel/channel_stack.h - src/core/lib/channel/channel_stack_builder.h + - src/core/lib/channel/client_authority_filter.h - src/core/lib/channel/connected_channel.h - src/core/lib/channel/context.h - src/core/lib/channel/handshaker.h @@ -2576,17 +2578,6 @@ targets: - grpc - gpr_test_util - gpr -- name: grpc_invalid_channel_args_test - build: test - language: c - src: - - test/core/surface/invalid_channel_args_test.cc - deps: - - grpc_test_util - - grpc - - gpr_test_util - - gpr - uses_polling: false - name: grpc_json_token_test build: test language: c @@ -84,6 +84,7 @@ if test "$PHP_GRPC" != "no"; then src/core/lib/channel/channel_args.cc \ src/core/lib/channel/channel_stack.cc \ src/core/lib/channel/channel_stack_builder.cc \ + src/core/lib/channel/client_authority_filter.cc \ src/core/lib/channel/connected_channel.cc \ src/core/lib/channel/handshaker.cc \ src/core/lib/channel/handshaker_factory.cc \ diff --git a/config.w32 b/config.w32 index d73acc1118..1b89419c57 100644 --- a/config.w32 +++ b/config.w32 @@ -61,6 +61,7 @@ if (PHP_GRPC != "no") { "src\\core\\lib\\channel\\channel_args.cc " + "src\\core\\lib\\channel\\channel_stack.cc " + "src\\core\\lib\\channel\\channel_stack_builder.cc " + + "src\\core\\lib\\channel\\client_authority_filter.cc " + "src\\core\\lib\\channel\\connected_channel.cc " + "src\\core\\lib\\channel\\handshaker.cc " + "src\\core\\lib\\channel\\handshaker_factory.cc " + diff --git a/gRPC-C++.podspec b/gRPC-C++.podspec index 65a5dc66b4..6334ac433d 100644 --- a/gRPC-C++.podspec +++ b/gRPC-C++.podspec @@ -343,6 +343,7 @@ Pod::Spec.new do |s| 'src/core/lib/channel/channel_args.h', 'src/core/lib/channel/channel_stack.h', 'src/core/lib/channel/channel_stack_builder.h', + 'src/core/lib/channel/client_authority_filter.h', 'src/core/lib/channel/connected_channel.h', 'src/core/lib/channel/context.h', 'src/core/lib/channel/handshaker.h', @@ -522,6 +523,7 @@ Pod::Spec.new do |s| 'src/core/lib/channel/channel_args.h', 'src/core/lib/channel/channel_stack.h', 'src/core/lib/channel/channel_stack_builder.h', + 'src/core/lib/channel/client_authority_filter.h', 'src/core/lib/channel/connected_channel.h', 'src/core/lib/channel/context.h', 'src/core/lib/channel/handshaker.h', diff --git a/gRPC-Core.podspec b/gRPC-Core.podspec index 7f61719cb1..5827b397ff 100644 --- a/gRPC-Core.podspec +++ b/gRPC-Core.podspec @@ -354,6 +354,7 @@ Pod::Spec.new do |s| 'src/core/lib/channel/channel_args.h', 'src/core/lib/channel/channel_stack.h', 'src/core/lib/channel/channel_stack_builder.h', + 'src/core/lib/channel/client_authority_filter.h', 'src/core/lib/channel/connected_channel.h', 'src/core/lib/channel/context.h', 'src/core/lib/channel/handshaker.h', @@ -498,6 +499,7 @@ Pod::Spec.new do |s| 'src/core/lib/channel/channel_args.cc', 'src/core/lib/channel/channel_stack.cc', 'src/core/lib/channel/channel_stack_builder.cc', + 'src/core/lib/channel/client_authority_filter.cc', 'src/core/lib/channel/connected_channel.cc', 'src/core/lib/channel/handshaker.cc', 'src/core/lib/channel/handshaker_factory.cc', @@ -908,6 +910,7 @@ Pod::Spec.new do |s| 'src/core/lib/channel/channel_args.h', 'src/core/lib/channel/channel_stack.h', 'src/core/lib/channel/channel_stack_builder.h', + 'src/core/lib/channel/client_authority_filter.h', 'src/core/lib/channel/connected_channel.h', 'src/core/lib/channel/context.h', 'src/core/lib/channel/handshaker.h', diff --git a/grpc.gemspec b/grpc.gemspec index 89a3812376..06520c1f95 100644 --- a/grpc.gemspec +++ b/grpc.gemspec @@ -284,6 +284,7 @@ Gem::Specification.new do |s| s.files += %w( src/core/lib/channel/channel_args.h ) s.files += %w( src/core/lib/channel/channel_stack.h ) s.files += %w( src/core/lib/channel/channel_stack_builder.h ) + s.files += %w( src/core/lib/channel/client_authority_filter.h ) s.files += %w( src/core/lib/channel/connected_channel.h ) s.files += %w( src/core/lib/channel/context.h ) s.files += %w( src/core/lib/channel/handshaker.h ) @@ -428,6 +429,7 @@ Gem::Specification.new do |s| s.files += %w( src/core/lib/channel/channel_args.cc ) s.files += %w( src/core/lib/channel/channel_stack.cc ) s.files += %w( src/core/lib/channel/channel_stack_builder.cc ) + s.files += %w( src/core/lib/channel/client_authority_filter.cc ) s.files += %w( src/core/lib/channel/connected_channel.cc ) s.files += %w( src/core/lib/channel/handshaker.cc ) s.files += %w( src/core/lib/channel/handshaker_factory.cc ) @@ -236,6 +236,7 @@ 'src/core/lib/channel/channel_args.cc', 'src/core/lib/channel/channel_stack.cc', 'src/core/lib/channel/channel_stack_builder.cc', + 'src/core/lib/channel/client_authority_filter.cc', 'src/core/lib/channel/connected_channel.cc', 'src/core/lib/channel/handshaker.cc', 'src/core/lib/channel/handshaker_factory.cc', @@ -568,6 +569,7 @@ 'src/core/lib/channel/channel_args.cc', 'src/core/lib/channel/channel_stack.cc', 'src/core/lib/channel/channel_stack_builder.cc', + 'src/core/lib/channel/client_authority_filter.cc', 'src/core/lib/channel/connected_channel.cc', 'src/core/lib/channel/handshaker.cc', 'src/core/lib/channel/handshaker_factory.cc', @@ -785,6 +787,7 @@ 'src/core/lib/channel/channel_args.cc', 'src/core/lib/channel/channel_stack.cc', 'src/core/lib/channel/channel_stack_builder.cc', + 'src/core/lib/channel/client_authority_filter.cc', 'src/core/lib/channel/connected_channel.cc', 'src/core/lib/channel/handshaker.cc', 'src/core/lib/channel/handshaker_factory.cc', @@ -981,6 +984,7 @@ 'src/core/lib/channel/channel_args.cc', 'src/core/lib/channel/channel_stack.cc', 'src/core/lib/channel/channel_stack_builder.cc', + 'src/core/lib/channel/client_authority_filter.cc', 'src/core/lib/channel/connected_channel.cc', 'src/core/lib/channel/handshaker.cc', 'src/core/lib/channel/handshaker_factory.cc', diff --git a/package.xml b/package.xml index fc7ba68e8b..0abcb89738 100644 --- a/package.xml +++ b/package.xml @@ -291,6 +291,7 @@ <file baseinstalldir="/" name="src/core/lib/channel/channel_args.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/channel/channel_stack.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/channel/channel_stack_builder.h" role="src" /> + <file baseinstalldir="/" name="src/core/lib/channel/client_authority_filter.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/channel/connected_channel.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/channel/context.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/channel/handshaker.h" role="src" /> @@ -435,6 +436,7 @@ <file baseinstalldir="/" name="src/core/lib/channel/channel_args.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/channel/channel_stack.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/channel/channel_stack_builder.cc" role="src" /> + <file baseinstalldir="/" name="src/core/lib/channel/client_authority_filter.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/channel/connected_channel.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/channel/handshaker.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/channel/handshaker_factory.cc" role="src" /> diff --git a/src/core/ext/filters/client_channel/client_channel_plugin.cc b/src/core/ext/filters/client_channel/client_channel_plugin.cc index 3c3a97532f..ed3ebd2696 100644 --- a/src/core/ext/filters/client_channel/client_channel_plugin.cc +++ b/src/core/ext/filters/client_channel/client_channel_plugin.cc @@ -39,6 +39,8 @@ static bool append_filter(grpc_channel_stack_builder* builder, void* arg) { builder, static_cast<const grpc_channel_filter*>(arg), nullptr, nullptr); } +// Only used for direct channels, as they don't create subchannels, which is +// where default authority is handled for regular channels. static bool set_default_host_if_unset(grpc_channel_stack_builder* builder, void* unused) { const grpc_channel_args* args = @@ -69,7 +71,7 @@ void grpc_client_channel_init(void) { grpc_proxy_mapper_registry_init(); grpc_register_http_proxy_mapper(); grpc_subchannel_index_init(); - grpc_channel_init_register_stage(GRPC_CLIENT_CHANNEL, INT_MIN, + grpc_channel_init_register_stage(GRPC_CLIENT_DIRECT_CHANNEL, INT_MIN, set_default_host_if_unset, nullptr); grpc_channel_init_register_stage( GRPC_CLIENT_CHANNEL, GRPC_CHANNEL_INIT_BUILTIN_PRIORITY, append_filter, diff --git a/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc b/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc index cb39e4224e..49918e11b7 100644 --- a/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +++ b/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc @@ -504,9 +504,7 @@ GrpcLb::BalancerCallState::BalancerCallState( // the polling entities from client_channel. GPR_ASSERT(grpclb_policy()->server_name_ != nullptr); GPR_ASSERT(grpclb_policy()->server_name_[0] != '\0'); - grpc_slice host = - grpc_slice_from_copied_string(grpclb_policy()->server_name_); - grpc_millis deadline = + const grpc_millis deadline = grpclb_policy()->lb_call_timeout_ms_ == 0 ? GRPC_MILLIS_INF_FUTURE : ExecCtx::Get()->Now() + grpclb_policy()->lb_call_timeout_ms_; @@ -514,8 +512,7 @@ GrpcLb::BalancerCallState::BalancerCallState( grpclb_policy()->lb_channel_, nullptr, GRPC_PROPAGATE_DEFAULTS, grpclb_policy_->interested_parties(), GRPC_MDSTR_SLASH_GRPC_DOT_LB_DOT_V1_DOT_LOADBALANCER_SLASH_BALANCELOAD, - &host, deadline, nullptr); - grpc_slice_unref_internal(host); + nullptr, deadline, nullptr); // Init the LB call request payload. grpc_grpclb_request* request = grpc_grpclb_request_create(grpclb_policy()->server_name_); @@ -982,6 +979,10 @@ grpc_channel_args* BuildBalancerChannelArgs( // with the one from the grpclb policy, used to propagate updates to // the LB channel. GRPC_ARG_FAKE_RESOLVER_RESPONSE_GENERATOR, + // The LB channel should use the authority indicated by the target + // authority table (see \a grpc_lb_policy_grpclb_modify_lb_channel_args), + // as opposed to the authority from the parent channel. + GRPC_ARG_DEFAULT_AUTHORITY, }; // Channel args to add. const grpc_arg args_to_add[] = { diff --git a/src/core/ext/transport/chttp2/client/insecure/channel_create.cc b/src/core/ext/transport/chttp2/client/insecure/channel_create.cc index 60800365b8..8424cc5bc6 100644 --- a/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +++ b/src/core/ext/transport/chttp2/client/insecure/channel_create.cc @@ -38,11 +38,41 @@ static void client_channel_factory_ref( static void client_channel_factory_unref( grpc_client_channel_factory* cc_factory) {} +static grpc_channel_args* add_default_authority_if_not_present( + const grpc_channel_args* args) { + const bool has_default_authority = + grpc_channel_args_find(args, GRPC_ARG_DEFAULT_AUTHORITY) != nullptr; + grpc_arg new_args[1]; + size_t num_new_args = 0; + grpc_core::UniquePtr<char> default_authority; + if (!has_default_authority) { + const grpc_arg* server_uri_arg = + grpc_channel_args_find(args, GRPC_ARG_SERVER_URI); + const char* server_uri_str = grpc_channel_arg_get_string(server_uri_arg); + GPR_ASSERT(server_uri_str != nullptr); + default_authority = + grpc_core::ResolverRegistry::GetDefaultAuthority(server_uri_str); + GPR_ASSERT(default_authority != nullptr); + new_args[num_new_args++] = grpc_channel_arg_string_create( + const_cast<char*>(GRPC_ARG_DEFAULT_AUTHORITY), default_authority.get()); + } + return grpc_channel_args_copy_and_add(args, new_args, num_new_args); +} + static grpc_subchannel* client_channel_factory_create_subchannel( grpc_client_channel_factory* cc_factory, const grpc_subchannel_args* args) { + grpc_subchannel_args* final_sc_args = + static_cast<grpc_subchannel_args*>(gpr_malloc(sizeof(*final_sc_args))); + memcpy(final_sc_args, args, sizeof(*args)); + final_sc_args->args = add_default_authority_if_not_present(args->args); + grpc_connector* connector = grpc_chttp2_connector_create(); - grpc_subchannel* s = grpc_subchannel_create(connector, args); + grpc_subchannel* s = grpc_subchannel_create(connector, final_sc_args); grpc_connector_unref(connector); + + grpc_channel_args_destroy( + const_cast<grpc_channel_args*>(final_sc_args->args)); + gpr_free(final_sc_args); return s; } @@ -56,8 +86,8 @@ static grpc_channel* client_channel_factory_create_channel( // Add channel arg containing the server URI. grpc_core::UniquePtr<char> canonical_target = grpc_core::ResolverRegistry::AddDefaultPrefixIfNeeded(target); - grpc_arg arg = grpc_channel_arg_string_create((char*)GRPC_ARG_SERVER_URI, - canonical_target.get()); + grpc_arg arg = grpc_channel_arg_string_create( + const_cast<char*>(GRPC_ARG_SERVER_URI), canonical_target.get()); const char* to_remove[] = {GRPC_ARG_SERVER_URI}; grpc_channel_args* new_args = grpc_channel_args_copy_and_add_and_remove(args, to_remove, 1, &arg, 1); diff --git a/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc b/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc index a82009ff69..5ce73a95d7 100644 --- a/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +++ b/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc @@ -71,9 +71,6 @@ static grpc_subchannel_args* get_secure_naming_subchannel_args( grpc_uri* server_uri = grpc_uri_parse(server_uri_str, true /* supress errors */); GPR_ASSERT(server_uri != nullptr); - const char* server_uri_path; - server_uri_path = - server_uri->path[0] == '/' ? server_uri->path + 1 : server_uri->path; const grpc_core::TargetAuthorityTable* target_authority_table = grpc_core::FindTargetAuthorityTableInArgs(args->args); grpc_core::UniquePtr<char> authority; @@ -98,33 +95,49 @@ static grpc_subchannel_args* get_secure_naming_subchannel_args( // authority table was present or because the target was not present // in the table), fall back to using the original server URI. if (authority == nullptr) { - authority.reset(gpr_strdup(server_uri_path)); + authority = + grpc_core::ResolverRegistry::GetDefaultAuthority(server_uri_str); } + grpc_arg args_to_add[2]; + size_t num_args_to_add = 0; + if (grpc_channel_args_find(args->args, GRPC_ARG_DEFAULT_AUTHORITY) == + nullptr) { + // If the channel args don't already contain GRPC_ARG_DEFAULT_AUTHORITY, add + // the arg, setting it to the value just obtained. + args_to_add[num_args_to_add++] = grpc_channel_arg_string_create( + const_cast<char*>(GRPC_ARG_DEFAULT_AUTHORITY), authority.get()); + } + grpc_channel_args* args_with_authority = + grpc_channel_args_copy_and_add(args->args, args_to_add, num_args_to_add); grpc_uri_destroy(server_uri); grpc_channel_security_connector* subchannel_security_connector = nullptr; // Create the security connector using the credentials and target name. grpc_channel_args* new_args_from_connector = nullptr; const grpc_security_status security_status = grpc_channel_credentials_create_security_connector( - channel_credentials, authority.get(), args->args, + channel_credentials, authority.get(), args_with_authority, &subchannel_security_connector, &new_args_from_connector); if (security_status != GRPC_SECURITY_OK) { gpr_log(GPR_ERROR, "Failed to create secure subchannel for secure name '%s'", authority.get()); + grpc_channel_args_destroy(args_with_authority); return nullptr; } grpc_arg new_security_connector_arg = grpc_security_connector_to_arg(&subchannel_security_connector->base); grpc_channel_args* new_args = grpc_channel_args_copy_and_add( - new_args_from_connector != nullptr ? new_args_from_connector : args->args, + new_args_from_connector != nullptr ? new_args_from_connector + : args_with_authority, &new_security_connector_arg, 1); + GRPC_SECURITY_CONNECTOR_UNREF(&subchannel_security_connector->base, "lb_channel_create"); if (new_args_from_connector != nullptr) { grpc_channel_args_destroy(new_args_from_connector); } + grpc_channel_args_destroy(args_with_authority); grpc_subchannel_args* final_sc_args = static_cast<grpc_subchannel_args*>(gpr_malloc(sizeof(*final_sc_args))); memcpy(final_sc_args, args, sizeof(*args)); diff --git a/src/core/lib/channel/client_authority_filter.cc b/src/core/lib/channel/client_authority_filter.cc new file mode 100644 index 0000000000..57c5d29a93 --- /dev/null +++ b/src/core/lib/channel/client_authority_filter.cc @@ -0,0 +1,117 @@ +/* + * + * Copyright 2017 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <grpc/support/port_platform.h> + +#include <assert.h> +#include <string.h> + +#include <grpc/support/alloc.h> +#include <grpc/support/log.h> +#include <grpc/support/string_util.h> + +#include "src/core/lib/channel/channel_args.h" +#include "src/core/lib/channel/client_authority_filter.h" +#include "src/core/lib/gpr/string.h" +#include "src/core/lib/slice/slice_internal.h" +#include "src/core/lib/slice/slice_string_helpers.h" +#include "src/core/lib/surface/call.h" +#include "src/core/lib/surface/channel_init.h" +#include "src/core/lib/surface/channel_stack_type.h" +#include "src/core/lib/transport/static_metadata.h" + +namespace { + +struct call_data { + grpc_linked_mdelem authority_storage; + grpc_call_combiner* call_combiner; +}; + +struct channel_data { + grpc_slice default_authority; +}; + +void authority_start_transport_stream_op_batch( + grpc_call_element* elem, grpc_transport_stream_op_batch* batch) { + channel_data* chand = static_cast<channel_data*>(elem->channel_data); + call_data* calld = static_cast<call_data*>(elem->call_data); + // Handle send_initial_metadata. + auto* initial_metadata = + batch->payload->send_initial_metadata.send_initial_metadata; + // If the initial metadata doesn't already contain :authority, add it. + if (batch->send_initial_metadata && + initial_metadata->idx.named.authority == nullptr) { + grpc_error* error = grpc_metadata_batch_add_head( + initial_metadata, &calld->authority_storage, + grpc_mdelem_from_slices(GRPC_MDSTR_AUTHORITY, + grpc_slice_ref(chand->default_authority))); + if (error != GRPC_ERROR_NONE) { + grpc_transport_stream_op_batch_finish_with_failure(batch, error, + calld->call_combiner); + return; + } + } + // Pass control down the stack. + grpc_call_next_op(elem, batch); +} + +/* Constructor for call_data */ +grpc_error* init_call_elem(grpc_call_element* elem, + const grpc_call_element_args* args) { + call_data* calld = static_cast<call_data*>(elem->call_data); + calld->call_combiner = args->call_combiner; + return GRPC_ERROR_NONE; +} + +/* Destructor for call_data */ +void destroy_call_elem(grpc_call_element* elem, + const grpc_call_final_info* final_info, + grpc_closure* ignored) {} + +/* Constructor for channel_data */ +grpc_error* init_channel_elem(grpc_channel_element* elem, + grpc_channel_element_args* args) { + channel_data* chand = static_cast<channel_data*>(elem->channel_data); + const grpc_arg* default_authority_arg = + grpc_channel_args_find(args->channel_args, GRPC_ARG_DEFAULT_AUTHORITY); + GPR_ASSERT(default_authority_arg != nullptr); + chand->default_authority = grpc_slice_from_copied_string( + grpc_channel_arg_get_string(default_authority_arg)); + GPR_ASSERT(!args->is_last); + return GRPC_ERROR_NONE; +} + +/* Destructor for channel data */ +void destroy_channel_elem(grpc_channel_element* elem) { + channel_data* chand = static_cast<channel_data*>(elem->channel_data); + grpc_slice_unref(chand->default_authority); +} +} // namespace + +const grpc_channel_filter grpc_client_authority_filter = { + authority_start_transport_stream_op_batch, + grpc_channel_next_op, + sizeof(call_data), + init_call_elem, + grpc_call_stack_ignore_set_pollset_or_pollset_set, + destroy_call_elem, + sizeof(channel_data), + init_channel_elem, + destroy_channel_elem, + grpc_channel_next_get_info, + "authority"}; diff --git a/src/core/lib/channel/client_authority_filter.h b/src/core/lib/channel/client_authority_filter.h new file mode 100644 index 0000000000..ba996dc823 --- /dev/null +++ b/src/core/lib/channel/client_authority_filter.h @@ -0,0 +1,34 @@ +/* + * + * Copyright 2017 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef GRPC_CORE_LIB_CHANNEL_CLIENT_AUTHORITY_FILTER_H +#define GRPC_CORE_LIB_CHANNEL_CLIENT_AUTHORITY_FILTER_H + +#include <grpc/support/port_platform.h> + +#include <grpc/impl/codegen/compression_types.h> + +#include "src/core/lib/channel/channel_stack.h" + +/// Filter responsible for setting the authority header, if not already set. It +/// uses the value of the GRPC_ARG_DEFAULT_AUTHORITY channel arg if the initial +/// metadata doesn't already contain an authority value. + +extern const grpc_channel_filter grpc_client_authority_filter; + +#endif /* GRPC_CORE_LIB_CHANNEL_CLIENT_AUTHORITY_FILTER_H */ diff --git a/src/core/lib/security/credentials/ssl/ssl_credentials.cc b/src/core/lib/security/credentials/ssl/ssl_credentials.cc index 252b25bc0a..295f13c3b7 100644 --- a/src/core/lib/security/credentials/ssl/ssl_credentials.cc +++ b/src/core/lib/security/credentials/ssl/ssl_credentials.cc @@ -58,7 +58,7 @@ static grpc_security_status ssl_create_security_connector( const char* overridden_target_name = nullptr; for (size_t i = 0; args && i < args->num_args; i++) { grpc_arg* arg = &args->args[i]; - if (strcmp(arg->key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) == 0 && + if (strcmp(arg->key, GRPC_ARG_DEFAULT_AUTHORITY) == 0 && arg->type == GRPC_ARG_STRING) { overridden_target_name = arg->value.string; break; diff --git a/src/core/lib/security/security_connector/security_connector.cc b/src/core/lib/security/security_connector/security_connector.cc index 3cc151bec7..7b90b19075 100644 --- a/src/core/lib/security/security_connector/security_connector.cc +++ b/src/core/lib/security/security_connector/security_connector.cc @@ -465,12 +465,10 @@ static bool fake_channel_check_call_host(grpc_channel_security_connector* sc, grpc_error** error) { grpc_fake_channel_security_connector* c = reinterpret_cast<grpc_fake_channel_security_connector*>(sc); - if (c->is_lb_channel) { - // TODO(dgq): verify that the host (ie, authority header) matches that of - // the LB, as opposed to that of the backends. - } else { - // TODO(dgq): verify that the host (ie, authority header) matches that of - // the backend, not the LB's. + if (c->is_lb_channel && strcmp(host, c->target) != 0) { + gpr_log(GPR_ERROR, "Authority (host) '%s' != Target '%s' for an LB call", + host, c->target); + abort(); } return true; } diff --git a/src/core/lib/surface/channel.cc b/src/core/lib/surface/channel.cc index 03353d6beb..48bc69509f 100644 --- a/src/core/lib/surface/channel.cc +++ b/src/core/lib/surface/channel.cc @@ -32,6 +32,7 @@ #include "src/core/lib/channel/channel_args.h" #include "src/core/lib/debug/stats.h" #include "src/core/lib/gpr/string.h" +#include "src/core/lib/gprpp/memory.h" #include "src/core/lib/iomgr/iomgr.h" #include "src/core/lib/slice/slice_internal.h" #include "src/core/lib/surface/api_trace.h" @@ -55,7 +56,6 @@ typedef struct registered_call { struct grpc_channel { int is_client; grpc_compression_options compression_options; - grpc_mdelem default_authority; gpr_atm call_size_estimate; @@ -108,40 +108,8 @@ grpc_channel* grpc_channel_create_with_builder( grpc_compression_options_init(&channel->compression_options); for (size_t i = 0; i < args->num_args; i++) { - if (0 == strcmp(args->args[i].key, GRPC_ARG_DEFAULT_AUTHORITY)) { - if (args->args[i].type != GRPC_ARG_STRING) { - gpr_log(GPR_ERROR, "%s ignored: it must be a string", - GRPC_ARG_DEFAULT_AUTHORITY); - } else { - if (!GRPC_MDISNULL(channel->default_authority)) { - /* setting this takes precedence over anything else */ - GRPC_MDELEM_UNREF(channel->default_authority); - } - channel->default_authority = grpc_mdelem_from_slices( - GRPC_MDSTR_AUTHORITY, - grpc_slice_intern( - grpc_slice_from_static_string(args->args[i].value.string))); - } - } else if (0 == - strcmp(args->args[i].key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG)) { - if (args->args[i].type != GRPC_ARG_STRING) { - gpr_log(GPR_ERROR, "%s ignored: it must be a string", - GRPC_SSL_TARGET_NAME_OVERRIDE_ARG); - } else { - if (!GRPC_MDISNULL(channel->default_authority)) { - /* other ways of setting this (notably ssl) take precedence */ - gpr_log(GPR_ERROR, - "%s ignored: default host already set some other way", - GRPC_SSL_TARGET_NAME_OVERRIDE_ARG); - } else { - channel->default_authority = grpc_mdelem_from_slices( - GRPC_MDSTR_AUTHORITY, - grpc_slice_intern( - grpc_slice_from_static_string(args->args[i].value.string))); - } - } - } else if (0 == strcmp(args->args[i].key, - GRPC_COMPRESSION_CHANNEL_DEFAULT_LEVEL)) { + if (0 == + strcmp(args->args[i].key, GRPC_COMPRESSION_CHANNEL_DEFAULT_LEVEL)) { channel->compression_options.default_level.is_set = true; channel->compression_options.default_level.level = static_cast<grpc_compression_level>(grpc_channel_arg_get_integer( @@ -169,12 +137,49 @@ done: return channel; } +static grpc_core::UniquePtr<char> get_default_authority( + const char* target, const grpc_channel_args* input_args, + grpc_channel_stack_type channel_stack_type) { + bool has_default_authority = false; + char* ssl_override = nullptr; + grpc_core::UniquePtr<char> default_authority; + const size_t num_args = input_args != nullptr ? input_args->num_args : 0; + for (size_t i = 0; i < num_args; ++i) { + if (0 == strcmp(input_args->args[i].key, GRPC_ARG_DEFAULT_AUTHORITY)) { + has_default_authority = true; + } else if (0 == strcmp(input_args->args[i].key, + GRPC_SSL_TARGET_NAME_OVERRIDE_ARG)) { + ssl_override = input_args->args[i].value.string; + } + } + if (!has_default_authority && ssl_override != nullptr) { + default_authority.reset(gpr_strdup(ssl_override)); + } + return default_authority; +} + +static grpc_channel_args* build_channel_args( + const grpc_channel_args* input_args, char* default_authority) { + grpc_arg new_args[1]; + size_t num_new_args = 0; + if (default_authority != nullptr) { + new_args[num_new_args++] = grpc_channel_arg_string_create( + const_cast<char*>(GRPC_ARG_DEFAULT_AUTHORITY), default_authority); + } + return grpc_channel_args_copy_and_add(input_args, new_args, num_new_args); +} + grpc_channel* grpc_channel_create(const char* target, const grpc_channel_args* input_args, grpc_channel_stack_type channel_stack_type, grpc_transport* optional_transport) { grpc_channel_stack_builder* builder = grpc_channel_stack_builder_create(); - grpc_channel_stack_builder_set_channel_arguments(builder, input_args); + const grpc_core::UniquePtr<char> default_authority = + get_default_authority(target, input_args, channel_stack_type); + grpc_channel_args* args = + build_channel_args(input_args, default_authority.get()); + grpc_channel_stack_builder_set_channel_arguments(builder, args); + grpc_channel_args_destroy(args); grpc_channel_stack_builder_set_target(builder, target); grpc_channel_stack_builder_set_transport(builder, optional_transport); if (!grpc_channel_init_create_stack(builder, channel_stack_type)) { @@ -246,8 +251,6 @@ static grpc_call* grpc_channel_create_call_internal( send_metadata[num_metadata++] = path_mdelem; if (!GRPC_MDISNULL(authority_mdelem)) { send_metadata[num_metadata++] = authority_mdelem; - } else if (!GRPC_MDISNULL(channel->default_authority)) { - send_metadata[num_metadata++] = GRPC_MDELEM_REF(channel->default_authority); } grpc_call_create_args args; @@ -377,7 +380,6 @@ static void destroy_channel(void* arg, grpc_error* error) { GRPC_MDELEM_UNREF(rc->authority); gpr_free(rc); } - GRPC_MDELEM_UNREF(channel->default_authority); gpr_mu_destroy(&channel->registered_call_mu); gpr_free(channel->target); gpr_free(channel); diff --git a/src/core/lib/surface/init.cc b/src/core/lib/surface/init.cc index ac9f9e6066..10c65ce09f 100644 --- a/src/core/lib/surface/init.cc +++ b/src/core/lib/surface/init.cc @@ -27,6 +27,7 @@ #include <grpc/support/log.h> #include <grpc/support/time.h> #include "src/core/lib/channel/channel_stack.h" +#include "src/core/lib/channel/client_authority_filter.h" #include "src/core/lib/channel/connected_channel.h" #include "src/core/lib/channel/handshaker_registry.h" #include "src/core/lib/debug/stats.h" @@ -83,6 +84,13 @@ static bool prepend_filter(grpc_channel_stack_builder* builder, void* arg) { } static void register_builtin_channel_init() { + grpc_channel_init_register_stage(GRPC_CLIENT_SUBCHANNEL, INT_MAX, + prepend_filter, + (void*)(&grpc_client_authority_filter)); + grpc_channel_init_register_stage(GRPC_CLIENT_DIRECT_CHANNEL, INT_MAX, + prepend_filter, + (void*)(&grpc_client_authority_filter)); + grpc_channel_init_register_stage(GRPC_CLIENT_SUBCHANNEL, GRPC_CHANNEL_INIT_BUILTIN_PRIORITY, grpc_add_connected_filter, nullptr); diff --git a/src/python/grpcio/grpc_core_dependencies.py b/src/python/grpcio/grpc_core_dependencies.py index 994443c651..7bd1adf8fe 100644 --- a/src/python/grpcio/grpc_core_dependencies.py +++ b/src/python/grpcio/grpc_core_dependencies.py @@ -60,6 +60,7 @@ CORE_SOURCE_FILES = [ 'src/core/lib/channel/channel_args.cc', 'src/core/lib/channel/channel_stack.cc', 'src/core/lib/channel/channel_stack_builder.cc', + 'src/core/lib/channel/client_authority_filter.cc', 'src/core/lib/channel/connected_channel.cc', 'src/core/lib/channel/handshaker.cc', 'src/core/lib/channel/handshaker_factory.cc', diff --git a/test/core/channel/minimal_stack_is_minimal_test.cc b/test/core/channel/minimal_stack_is_minimal_test.cc index f02c8180f2..e5953acedc 100644 --- a/test/core/channel/minimal_stack_is_minimal_test.cc +++ b/test/core/channel/minimal_stack_is_minimal_test.cc @@ -66,35 +66,37 @@ int main(int argc, char** argv) { minimal_stack_arg.key = const_cast<char*>(GRPC_ARG_MINIMAL_STACK); minimal_stack_arg.value.integer = 1; grpc_channel_args minimal_stack_args = {1, &minimal_stack_arg}; - errors += CHECK_STACK("unknown", &minimal_stack_args, - GRPC_CLIENT_DIRECT_CHANNEL, "connected", NULL); + errors += + CHECK_STACK("unknown", &minimal_stack_args, GRPC_CLIENT_DIRECT_CHANNEL, + "authority", "connected", NULL); errors += CHECK_STACK("unknown", &minimal_stack_args, GRPC_CLIENT_SUBCHANNEL, - "connected", NULL); + "authority", "connected", NULL); errors += CHECK_STACK("unknown", &minimal_stack_args, GRPC_SERVER_CHANNEL, "server", "connected", NULL); errors += CHECK_STACK("chttp2", &minimal_stack_args, GRPC_CLIENT_DIRECT_CHANNEL, - "http-client", "connected", NULL); + "authority", "http-client", "connected", NULL); errors += CHECK_STACK("chttp2", &minimal_stack_args, GRPC_CLIENT_SUBCHANNEL, - "http-client", "connected", NULL); + "authority", "http-client", "connected", NULL); errors += CHECK_STACK("chttp2", &minimal_stack_args, GRPC_SERVER_CHANNEL, "server", "http-server", "connected", NULL); errors += CHECK_STACK(nullptr, &minimal_stack_args, GRPC_CLIENT_CHANNEL, "client-channel", NULL); // tests with a default stack - errors += CHECK_STACK("unknown", nullptr, GRPC_CLIENT_DIRECT_CHANNEL, - "message_size", "deadline", "connected", NULL); - errors += CHECK_STACK("unknown", nullptr, GRPC_CLIENT_SUBCHANNEL, + errors += + CHECK_STACK("unknown", nullptr, GRPC_CLIENT_DIRECT_CHANNEL, "authority", + "message_size", "deadline", "connected", NULL); + errors += CHECK_STACK("unknown", nullptr, GRPC_CLIENT_SUBCHANNEL, "authority", "message_size", "connected", NULL); errors += CHECK_STACK("unknown", nullptr, GRPC_SERVER_CHANNEL, "server", "message_size", "deadline", "connected", NULL); errors += CHECK_STACK("chttp2", nullptr, GRPC_CLIENT_DIRECT_CHANNEL, - "message_size", "deadline", "http-client", + "authority", "message_size", "deadline", "http-client", "message_compress", "connected", NULL); - errors += - CHECK_STACK("chttp2", nullptr, GRPC_CLIENT_SUBCHANNEL, "message_size", - "http-client", "message_compress", "connected", NULL); + errors += CHECK_STACK("chttp2", nullptr, GRPC_CLIENT_SUBCHANNEL, "authority", + "message_size", "http-client", "message_compress", + "connected", NULL); errors += CHECK_STACK("chttp2", nullptr, GRPC_SERVER_CHANNEL, "server", "message_size", "deadline", "http-server", "message_compress", "connected", NULL); diff --git a/test/core/end2end/tests/default_host.cc b/test/core/end2end/tests/default_host.cc index 3191f76688..cda716a259 100644 --- a/test/core/end2end/tests/default_host.cc +++ b/test/core/end2end/tests/default_host.cc @@ -191,7 +191,9 @@ static void simple_request_body(grpc_end2end_test_fixture f) { GPR_ASSERT(status == GRPC_STATUS_UNIMPLEMENTED); GPR_ASSERT(0 == grpc_slice_str_cmp(details, "xyz")); GPR_ASSERT(0 == grpc_slice_str_cmp(call_details.method, "/foo")); - GPR_ASSERT(grpc_slice_buf_start_eq(call_details.host, "localhost", 9)); + char* target = grpc_channel_get_target(f.client); + GPR_ASSERT(grpc_slice_buf_start_eq(call_details.host, target, 9)); + gpr_free(target); GPR_ASSERT(was_cancelled == 1); grpc_slice_unref(details); @@ -216,10 +218,9 @@ static void test_invoke_simple_request(grpc_end2end_test_config config) { } void default_host(grpc_end2end_test_config config) { - if ((config.feature_mask & FEATURE_MASK_SUPPORTS_HOSTNAME_VERIFICATION) == 0) - return; - if ((config.feature_mask & FEATURE_MASK_SUPPORTS_DELAYED_CONNECTION) == 0) + if ((config.feature_mask & FEATURE_MASK_SUPPORTS_PER_CALL_CREDENTIALS) != 0) { return; + } test_invoke_simple_request(config); } diff --git a/test/core/surface/BUILD b/test/core/surface/BUILD index e848dded13..77df1cc989 100644 --- a/test/core/surface/BUILD +++ b/test/core/surface/BUILD @@ -91,18 +91,6 @@ grpc_cc_test( ) grpc_cc_test( - name = "grpc_invalid_channel_args_test", - srcs = ["invalid_channel_args_test.cc"], - language = "C++", - deps = [ - "//:gpr", - "//:grpc", - "//test/core/util:gpr_test_util", - "//test/core/util:grpc_test_util", - ], -) - -grpc_cc_test( name = "lame_client_test", srcs = ["lame_client_test.cc"], language = "C++", diff --git a/test/core/surface/invalid_channel_args_test.cc b/test/core/surface/invalid_channel_args_test.cc deleted file mode 100644 index 7c5f1f0352..0000000000 --- a/test/core/surface/invalid_channel_args_test.cc +++ /dev/null @@ -1,137 +0,0 @@ -/* - * - * Copyright 2015 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/grpc.h> -#include <string.h> - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> -#include <grpc/support/string_util.h> -#include "test/core/util/test_config.h" - -static char* g_last_log_error_message = nullptr; -static const char* g_file_name = "channel.cc"; - -static int ends_with(const char* src, const char* suffix) { - size_t src_len = strlen(src); - size_t suffix_len = strlen(suffix); - if (src_len < suffix_len) { - return 0; - } - return strcmp(src + src_len - suffix_len, suffix) == 0; -} - -static void log_error_sink(gpr_log_func_args* args) { - if (args->severity == GPR_LOG_SEVERITY_ERROR && - ends_with(args->file, g_file_name)) { - g_last_log_error_message = gpr_strdup(args->message); - } -} - -static void verify_last_error(const char* message) { - if (message == nullptr) { - GPR_ASSERT(g_last_log_error_message == nullptr); - return; - } - GPR_ASSERT(strcmp(message, g_last_log_error_message) == 0); - gpr_free(g_last_log_error_message); - g_last_log_error_message = nullptr; -} - -static char* compose_error_string(const char* key, const char* message) { - char* ret; - gpr_asprintf(&ret, "%s%s", key, message); - return ret; -} - -static void one_test(grpc_channel_args* args, char* expected_error_message) { - grpc_channel* chan = - grpc_insecure_channel_create("nonexistant:54321", args, nullptr); - verify_last_error(expected_error_message); - gpr_free(expected_error_message); - grpc_channel_destroy(chan); -} - -static void test_no_error_message(void) { one_test(nullptr, nullptr); } - -static void test_default_authority_type(void) { - grpc_arg client_arg; - grpc_channel_args client_args; - char* expected_error_message; - - client_arg.type = GRPC_ARG_INTEGER; - client_arg.key = const_cast<char*>(GRPC_ARG_DEFAULT_AUTHORITY); - client_arg.value.integer = 0; - - client_args.num_args = 1; - client_args.args = &client_arg; - expected_error_message = compose_error_string( - GRPC_ARG_DEFAULT_AUTHORITY, " ignored: it must be a string"); - one_test(&client_args, expected_error_message); -} - -static void test_ssl_name_override_type(void) { - grpc_arg client_arg; - grpc_channel_args client_args; - char* expected_error_message; - - client_arg.type = GRPC_ARG_INTEGER; - client_arg.key = const_cast<char*>(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG); - client_arg.value.integer = 0; - - client_args.num_args = 1; - client_args.args = &client_arg; - expected_error_message = compose_error_string( - GRPC_SSL_TARGET_NAME_OVERRIDE_ARG, " ignored: it must be a string"); - one_test(&client_args, expected_error_message); -} - -static void test_ssl_name_override_failed(void) { - grpc_arg client_arg[2]; - grpc_channel_args client_args; - char* expected_error_message; - - client_arg[0].type = GRPC_ARG_STRING; - client_arg[0].key = const_cast<char*>(GRPC_ARG_DEFAULT_AUTHORITY); - client_arg[0].value.string = const_cast<char*>("default"); - client_arg[1].type = GRPC_ARG_STRING; - client_arg[1].key = const_cast<char*>(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG); - client_arg[1].value.string = const_cast<char*>("ssl"); - - client_args.num_args = 2; - client_args.args = client_arg; - expected_error_message = - compose_error_string(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG, - " ignored: default host already set some other way"); - one_test(&client_args, expected_error_message); -} - -int main(int argc, char** argv) { - grpc_test_init(argc, argv); - grpc_init(); - gpr_set_log_function(log_error_sink); - - test_no_error_message(); - test_default_authority_type(); - test_ssl_name_override_type(); - test_ssl_name_override_failed(); - - grpc_shutdown(); - - return 0; -} diff --git a/tools/doxygen/Doxyfile.c++.internal b/tools/doxygen/Doxyfile.c++.internal index ff5abc679d..f1fb7d29fc 100644 --- a/tools/doxygen/Doxyfile.c++.internal +++ b/tools/doxygen/Doxyfile.c++.internal @@ -1007,6 +1007,7 @@ src/core/lib/backoff/backoff.h \ src/core/lib/channel/channel_args.h \ src/core/lib/channel/channel_stack.h \ src/core/lib/channel/channel_stack_builder.h \ +src/core/lib/channel/client_authority_filter.h \ src/core/lib/channel/connected_channel.h \ src/core/lib/channel/context.h \ src/core/lib/channel/handshaker.h \ diff --git a/tools/doxygen/Doxyfile.core.internal b/tools/doxygen/Doxyfile.core.internal index e7e9e04979..1f19bac169 100644 --- a/tools/doxygen/Doxyfile.core.internal +++ b/tools/doxygen/Doxyfile.core.internal @@ -1034,6 +1034,8 @@ src/core/lib/channel/channel_stack.cc \ src/core/lib/channel/channel_stack.h \ src/core/lib/channel/channel_stack_builder.cc \ src/core/lib/channel/channel_stack_builder.h \ +src/core/lib/channel/client_authority_filter.cc \ +src/core/lib/channel/client_authority_filter.h \ src/core/lib/channel/connected_channel.cc \ src/core/lib/channel/connected_channel.h \ src/core/lib/channel/context.h \ diff --git a/tools/run_tests/generated/sources_and_headers.json b/tools/run_tests/generated/sources_and_headers.json index f5a9eb828e..fa34d963aa 100644 --- a/tools/run_tests/generated/sources_and_headers.json +++ b/tools/run_tests/generated/sources_and_headers.json @@ -1010,23 +1010,6 @@ "headers": [], "is_filegroup": false, "language": "c", - "name": "grpc_invalid_channel_args_test", - "src": [ - "test/core/surface/invalid_channel_args_test.cc" - ], - "third_party": false, - "type": "target" - }, - { - "deps": [ - "gpr", - "gpr_test_util", - "grpc", - "grpc_test_util" - ], - "headers": [], - "is_filegroup": false, - "language": "c", "name": "grpc_json_token_test", "src": [ "test/core/security/json_token_test.cc" @@ -9005,6 +8988,7 @@ "src/core/lib/channel/channel_args.cc", "src/core/lib/channel/channel_stack.cc", "src/core/lib/channel/channel_stack_builder.cc", + "src/core/lib/channel/client_authority_filter.cc", "src/core/lib/channel/connected_channel.cc", "src/core/lib/channel/handshaker.cc", "src/core/lib/channel/handshaker_factory.cc", @@ -9162,6 +9146,7 @@ "src/core/lib/channel/channel_args.h", "src/core/lib/channel/channel_stack.h", "src/core/lib/channel/channel_stack_builder.h", + "src/core/lib/channel/client_authority_filter.h", "src/core/lib/channel/connected_channel.h", "src/core/lib/channel/context.h", "src/core/lib/channel/handshaker.h", @@ -9306,6 +9291,7 @@ "src/core/lib/channel/channel_args.h", "src/core/lib/channel/channel_stack.h", "src/core/lib/channel/channel_stack_builder.h", + "src/core/lib/channel/client_authority_filter.h", "src/core/lib/channel/connected_channel.h", "src/core/lib/channel/context.h", "src/core/lib/channel/handshaker.h", diff --git a/tools/run_tests/generated/tests.json b/tools/run_tests/generated/tests.json index 1406c4ac7e..db2776ba75 100644 --- a/tools/run_tests/generated/tests.json +++ b/tools/run_tests/generated/tests.json @@ -1303,30 +1303,6 @@ "ci_platforms": [ "linux", "mac", - "posix", - "windows" - ], - "cpu_cost": 1.0, - "exclude_configs": [], - "exclude_iomgrs": [], - "flaky": false, - "gtest": false, - "language": "c", - "name": "grpc_invalid_channel_args_test", - "platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "uses_polling": false - }, - { - "args": [], - "benchmark": false, - "ci_platforms": [ - "linux", - "mac", "posix" ], "cpu_cost": 1.0, |