Adding connect auth feature. Proxy-Authorization header is being inserted when user creds are present in uri

author: Yash Tibrewal <yashkt@google.com> 2017-07-19 10:26:41 -0700
committer: Yash Tibrewal <yashkt@google.com> 2017-07-19 10:26:41 -0700
commit: f7350ea6b7b58d632bf4a8aafaa0354e022d9c0b (patch)
tree: bf1ca22ba21e82f0290f76d064df03e139614d5c /src/core/ext
parent: 19fc5526b2604b3dace6ebfa7f6ffb786fd6bba2 (diff)
1 files changed, 41 insertions, 12 deletions
diff --git a/src/core/ext/filters/client_channel/http_proxy.c b/src/core/ext/filters/client_channel/http_proxy.c
index cfb5ec6f00..faa4b3c319 100644
--- a/src/core/ext/filters/client_channel/http_proxy.c
+++ b/src/core/ext/filters/client_channel/http_proxy.c
@@ -30,13 +30,17 @@
 #include "src/core/ext/filters/client_channel/uri_parser.h"
 #include "src/core/lib/channel/channel_args.h"
 #include "src/core/lib/support/env.h"
+#include "src/core/lib/support/string.h"
+#include "src/core/lib/slice/b64.h"
 
-static char* grpc_get_http_proxy_server(grpc_exec_ctx* exec_ctx) {
+static void grpc_get_http_proxy_server(grpc_exec_ctx* exec_ctx,
+                                char **name_to_resolve,
+                                char **user_cred) {
+  *name_to_resolve = NULL;
   char* uri_str = gpr_getenv("http_proxy");
-  if (uri_str == NULL) return NULL;
+  if (uri_str == NULL) return;
   grpc_uri* uri =
       grpc_uri_parse(exec_ctx, uri_str, false /* suppress_errors */);
-  char* proxy_name = NULL;
   if (uri == NULL || uri->authority == NULL) {
     gpr_log(GPR_ERROR, "cannot parse value of 'http_proxy' env var");
     goto done;
@@ -45,15 +49,18 @@ static char* grpc_get_http_proxy_server(grpc_exec_ctx* exec_ctx) {
     gpr_log(GPR_ERROR, "'%s' scheme not supported in proxy URI", uri->scheme);
     goto done;
   }
-  if (strchr(uri->authority, '@') != NULL) {
-    gpr_log(GPR_ERROR, "userinfo not supported in proxy URI");
-    goto done;
+  char *user_cred_end = strchr(uri->authority, '@');
+  if (user_cred_end != NULL) {
+    *name_to_resolve = gpr_strdup(user_cred_end + 1);
+    *user_cred_end = '\0';
+    *user_cred = gpr_strdup(uri->authority);
+    gpr_log(GPR_INFO, "userinfo found in proxy URI");
+  } else {
+    *name_to_resolve = gpr_strdup(uri->authority);
   }
-  proxy_name = gpr_strdup(uri->authority);
 done:
   gpr_free(uri_str);
   grpc_uri_destroy(uri);
-  return proxy_name;
 }
 
 static bool proxy_mapper_map_name(grpc_exec_ctx* exec_ctx,
@@ -62,7 +69,8 @@ static bool proxy_mapper_map_name(grpc_exec_ctx* exec_ctx,
                                   const grpc_channel_args* args,
                                   char** name_to_resolve,
                                   grpc_channel_args** new_args) {
-  *name_to_resolve = grpc_get_http_proxy_server(exec_ctx);
+  char *user_cred = NULL;
+  grpc_get_http_proxy_server(exec_ctx, name_to_resolve, &user_cred);
   if (*name_to_resolve == NULL) return false;
   grpc_uri* uri =
       grpc_uri_parse(exec_ctx, server_uri, false /* suppress_errors */);
@@ -71,19 +79,40 @@ static bool proxy_mapper_map_name(grpc_exec_ctx* exec_ctx,
             "'http_proxy' environment variable set, but cannot "
             "parse server URI '%s' -- not using proxy",
             server_uri);
-    if (uri != NULL) grpc_uri_destroy(uri);
+    if (uri != NULL) {
+      gpr_free(user_cred);
+      grpc_uri_destroy(uri);
+    }
     return false;
   }
   if (strcmp(uri->scheme, "unix") == 0) {
     gpr_log(GPR_INFO, "not using proxy for Unix domain socket '%s'",
             server_uri);
+    gpr_free(user_cred);
     grpc_uri_destroy(uri);
     return false;
   }
-  grpc_arg new_arg = grpc_channel_arg_string_create(
+
+  grpc_arg args_to_add[2];
+  args_to_add[0] = grpc_channel_arg_string_create(
       GRPC_ARG_HTTP_CONNECT_SERVER,
       uri->path[0] == '/' ? uri->path + 1 : uri->path);
-  *new_args = grpc_channel_args_copy_and_add(args, &new_arg, 1);
+
+  if(user_cred != NULL) {
+    /* Use base64 encoding for user credentials */
+    char *encoded_user_cred =
+        grpc_base64_encode(user_auth, strlen(user_cred), 0, 0);
+    char *header;
+    gpr_asprintf(&header, "Proxy-Authorization:Basic %s", encoded_user_cred);
+    gpr_free(encoded_user_cred);
+    args_to_add[1] = grpc_channel_arg_string_create(
+        GRPC_ARG_HTTP_CONNECT_HEADERS, header);
+    *new_args = grpc_channel_args_copy_and_add(args, args_to_add, 2);
+    gpr_free(header);
+  } else {
+    *new_args = grpc_channel_args_copy_and_add(args, args_to_add, 1);
+  }
+  gpr_free(user_cred);
   grpc_uri_destroy(uri);
   return true;
 }
author	Yash Tibrewal <yashkt@google.com>	2017-07-19 10:26:41 -0700
committer	Yash Tibrewal <yashkt@google.com>	2017-07-19 10:26:41 -0700
commit	f7350ea6b7b58d632bf4a8aafaa0354e022d9c0b (patch)
tree	bf1ca22ba21e82f0290f76d064df03e139614d5c /src/core/ext
parent	19fc5526b2604b3dace6ebfa7f6ffb786fd6bba2 (diff)