aboutsummaryrefslogtreecommitdiffhomepage
path: root/src
diff options
context:
space:
mode:
authorGravatar Craig Tiller <craig.tiller@gmail.com>2015-02-22 23:09:45 -0800
committerGravatar Craig Tiller <ctiller@google.com>2015-02-23 09:58:22 -0800
commit759026cbf0419dae4edddd9e75fa338e1028a3d8 (patch)
tree0b5794b584271006351dcac532732ce64b38f889 /src
parent47c83fdaf71ca5072d0ab37322b37586d23f5ceb (diff)
Server API simplification
Remove 'secure_serer_create', and instead attach credentials to ports, meaning different ports can serve different credentials.
Diffstat (limited to 'src')
-rw-r--r--src/core/security/factories.c28
-rw-r--r--src/core/security/server_secure_chttp2.c70
-rw-r--r--src/core/surface/secure_server_create.c57
3 files changed, 55 insertions, 100 deletions
diff --git a/src/core/security/factories.c b/src/core/security/factories.c
index c9701b9080..372ee256f2 100644
--- a/src/core/security/factories.c
+++ b/src/core/security/factories.c
@@ -50,31 +50,3 @@ grpc_channel *grpc_secure_channel_create(grpc_credentials *creds,
return grpc_secure_channel_create_with_factories(
factories, GPR_ARRAY_SIZE(factories), creds, target, args);
}
-
-grpc_server *grpc_secure_server_create(grpc_server_credentials *creds,
- grpc_completion_queue *cq,
- const grpc_channel_args *args) {
- grpc_security_status status = GRPC_SECURITY_ERROR;
- grpc_security_context *ctx = NULL;
- grpc_server *server = NULL;
- if (creds == NULL) return NULL; /* TODO(ctiller): Return lame server. */
-
- if (!strcmp(creds->type, GRPC_CREDENTIALS_TYPE_SSL)) {
- status = grpc_ssl_server_security_context_create(
- grpc_ssl_server_credentials_get_config(creds), &ctx);
- } else if (!strcmp(creds->type,
- GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY)) {
- ctx = grpc_fake_server_security_context_create();
- status = GRPC_SECURITY_OK;
- }
-
- if (status != GRPC_SECURITY_OK) {
- gpr_log(GPR_ERROR,
- "Unable to create secure server with credentials of type %s.",
- creds->type);
- return NULL; /* TODO(ctiller): Return lame server. */
- }
- server = grpc_secure_server_create_internal(cq, args, ctx);
- grpc_security_context_unref(ctx);
- return server;
-}
diff --git a/src/core/security/server_secure_chttp2.c b/src/core/security/server_secure_chttp2.c
index c88f0726bb..4dcd4b5524 100644
--- a/src/core/security/server_secure_chttp2.c
+++ b/src/core/security/server_secure_chttp2.c
@@ -33,6 +33,8 @@
#include <grpc/grpc.h>
+#include <string.h>
+
#include "src/core/channel/http_filter.h"
#include "src/core/channel/http_server_filter.h"
#include "src/core/iomgr/resolve_address.h"
@@ -66,37 +68,64 @@ static void on_secure_transport_setup_done(void *server,
}
}
-static void on_accept(void *server, grpc_endpoint *tcp) {
- const grpc_channel_args *args = grpc_server_get_channel_args(server);
- grpc_security_context *ctx = grpc_find_security_context_in_args(args);
- GPR_ASSERT(ctx);
- grpc_setup_secure_transport(ctx, tcp, on_secure_transport_setup_done, server);
-}
+typedef struct {
+ grpc_tcp_server *tcp;
+ grpc_security_context *ctx;
+ grpc_server *server;
+} secured_port;
-/* Note: the following code is the same with server_chttp2.c */
+static void on_accept(void *spp, grpc_endpoint *tcp) {
+ secured_port *sp = spp;
+ grpc_setup_secure_transport(sp->ctx, tcp, on_secure_transport_setup_done, sp->server);
+}
/* Server callback: start listening on our ports */
-static void start(grpc_server *server, void *tcpp, grpc_pollset **pollsets,
+static void start(grpc_server *server, void *spp, grpc_pollset **pollsets,
size_t pollset_count) {
- grpc_tcp_server *tcp = tcpp;
- grpc_tcp_server_start(tcp, pollsets, pollset_count, on_accept, server);
+ secured_port *sp = spp;
+ grpc_tcp_server_start(sp->tcp, pollsets, pollset_count, on_accept, sp);
}
/* Server callback: destroy the tcp listener (so we don't generate further
callbacks) */
-static void destroy(grpc_server *server, void *tcpp) {
- grpc_tcp_server *tcp = tcpp;
- grpc_tcp_server_destroy(tcp);
+static void destroy(grpc_server *server, void *spp) {
+ secured_port *sp = spp;
+ grpc_tcp_server_destroy(sp->tcp);
+ grpc_security_context_unref(sp->ctx);
+ gpr_free(sp);
}
-int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr) {
+int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, grpc_server_credentials *creds) {
grpc_resolved_addresses *resolved = NULL;
grpc_tcp_server *tcp = NULL;
size_t i;
unsigned count = 0;
int port_num = -1;
int port_temp;
+ grpc_security_status status = GRPC_SECURITY_ERROR;
+ grpc_security_context *ctx = NULL;
+ secured_port *sp = NULL;
+
+ /* create security context */
+ if (creds == NULL) goto error;
+
+ if (!strcmp(creds->type, GRPC_CREDENTIALS_TYPE_SSL)) {
+ status = grpc_ssl_server_security_context_create(
+ grpc_ssl_server_credentials_get_config(creds), &ctx);
+ } else if (!strcmp(creds->type,
+ GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY)) {
+ ctx = grpc_fake_server_security_context_create();
+ status = GRPC_SECURITY_OK;
+ }
+ if (status != GRPC_SECURITY_OK) {
+ gpr_log(GPR_ERROR,
+ "Unable to create secure server with credentials of type %s.",
+ creds->type);
+ goto error;
+ }
+
+ /* resolve address */
resolved = grpc_blocking_resolve_address(addr, "https");
if (!resolved) {
goto error;
@@ -132,18 +161,29 @@ int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr) {
}
grpc_resolved_addresses_destroy(resolved);
+ sp = gpr_malloc(sizeof(secured_port));
+ sp->tcp = tcp;
+ sp->ctx = ctx;
+ sp->server = server;
+
/* Register with the server only upon success */
- grpc_server_add_listener(server, tcp, start, destroy);
+ grpc_server_add_listener(server, sp, start, destroy);
return port_num;
/* Error path: cleanup and return */
error:
+ if (ctx) {
+ grpc_security_context_unref(ctx);
+ }
if (resolved) {
grpc_resolved_addresses_destroy(resolved);
}
if (tcp) {
grpc_tcp_server_destroy(tcp);
}
+ if (sp) {
+ gpr_free(sp);
+ }
return 0;
}
diff --git a/src/core/surface/secure_server_create.c b/src/core/surface/secure_server_create.c
deleted file mode 100644
index 1d5b927997..0000000000
--- a/src/core/surface/secure_server_create.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- *
- * Copyright 2015, Google Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following disclaimer
- * in the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name of Google Inc. nor the names of its
- * contributors may be used to endorse or promote products derived from
- * this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <grpc/grpc.h>
-
-#include "src/core/channel/channel_args.h"
-#include "src/core/security/security_context.h"
-#include "src/core/surface/completion_queue.h"
-#include "src/core/surface/server.h"
-#include <grpc/support/log.h>
-
-grpc_server *grpc_secure_server_create_internal(
- grpc_completion_queue *cq, const grpc_channel_args *args,
- grpc_security_context *context) {
- grpc_arg context_arg;
- grpc_channel_args *args_copy;
- grpc_server *server;
- if (grpc_find_security_context_in_args(args) != NULL) {
- gpr_log(GPR_ERROR, "Cannot set security context in channel args.");
- }
-
- context_arg = grpc_security_context_to_arg(context);
- args_copy = grpc_channel_args_copy_and_add(args, &context_arg);
- server = grpc_server_create_from_filters(cq, NULL, 0, args_copy);
- grpc_channel_args_destroy(args_copy);
- return server;
-}