diff options
| -rw-r--r-- | Makefile | 3 | ||||
| -rw-r--r-- | build.json | 1 | ||||
| -rw-r--r-- | include/grpc/grpc_security.h | 9 | ||||
| -rw-r--r-- | src/core/security/factories.c | 28 | ||||
| -rw-r--r-- | src/core/security/server_secure_chttp2.c | 70 | ||||
| -rw-r--r-- | src/core/surface/secure_server_create.c | 57 | ||||
| -rw-r--r-- | test/core/echo/server.c | 4 | ||||
| -rw-r--r-- | test/core/end2end/fixtures/chttp2_fake_security.c | 4 | ||||
| -rw-r--r-- | test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c | 4 | ||||
| -rw-r--r-- | test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c | 4 | ||||
| -rw-r--r-- | test/core/fling/server.c | 4 | ||||
| -rw-r--r-- | vsprojects/vs2013/grpc.vcxproj | 2 | ||||
| -rw-r--r-- | vsprojects/vs2013/grpc.vcxproj.filters | 3 | ||||
| -rw-r--r-- | vsprojects/vs2013/grpc_shared.vcxproj | 2 | ||||
| -rw-r--r-- | vsprojects/vs2013/grpc_shared.vcxproj.filters | 3 |
15 files changed, 67 insertions, 131 deletions
@@ -2315,7 +2315,6 @@ LIBGRPC_SRC = \ src/core/security/security_context.c \ src/core/security/server_secure_chttp2.c \ src/core/surface/secure_channel_create.c \ - src/core/surface/secure_server_create.c \ src/core/tsi/fake_transport_security.c \ src/core/tsi/ssl_transport_security.c \ src/core/tsi/transport_security.c \ @@ -2456,7 +2455,6 @@ src/core/security/secure_transport_setup.c: $(OPENSSL_DEP) src/core/security/security_context.c: $(OPENSSL_DEP) src/core/security/server_secure_chttp2.c: $(OPENSSL_DEP) src/core/surface/secure_channel_create.c: $(OPENSSL_DEP) -src/core/surface/secure_server_create.c: $(OPENSSL_DEP) src/core/tsi/fake_transport_security.c: $(OPENSSL_DEP) src/core/tsi/ssl_transport_security.c: $(OPENSSL_DEP) src/core/tsi/transport_security.c: $(OPENSSL_DEP) @@ -2614,7 +2612,6 @@ $(OBJDIR)/$(CONFIG)/src/core/security/secure_transport_setup.o: $(OBJDIR)/$(CONFIG)/src/core/security/security_context.o: $(OBJDIR)/$(CONFIG)/src/core/security/server_secure_chttp2.o: $(OBJDIR)/$(CONFIG)/src/core/surface/secure_channel_create.o: -$(OBJDIR)/$(CONFIG)/src/core/surface/secure_server_create.o: $(OBJDIR)/$(CONFIG)/src/core/tsi/fake_transport_security.o: $(OBJDIR)/$(CONFIG)/src/core/tsi/ssl_transport_security.o: $(OBJDIR)/$(CONFIG)/src/core/tsi/transport_security.o: diff --git a/build.json b/build.json index 9ab59f9379..1e9b4d72a3 100644 --- a/build.json +++ b/build.json @@ -381,7 +381,6 @@ "src/core/security/security_context.c", "src/core/security/server_secure_chttp2.c", "src/core/surface/secure_channel_create.c", - "src/core/surface/secure_server_create.c", "src/core/tsi/fake_transport_security.c", "src/core/tsi/ssl_transport_security.c", "src/core/tsi/transport_security.c" diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 0eae444a9b..196bb3c0e6 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -168,17 +168,12 @@ grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( /* --- Secure server creation. --- */ -/* Creates a secure server using the passed-in server credentials. */ -grpc_server *grpc_secure_server_create(grpc_server_credentials *creds, - grpc_completion_queue *cq, - const grpc_channel_args *args); - /* Add a HTTP2 over an encrypted link over tcp listener. Server must have been created with grpc_secure_server_create. Returns bound port number on success, 0 on failure. REQUIRES: server not started */ -int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr); - +int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, + grpc_server_credentials *creds); #ifdef __cplusplus } diff --git a/src/core/security/factories.c b/src/core/security/factories.c index c9701b9080..372ee256f2 100644 --- a/src/core/security/factories.c +++ b/src/core/security/factories.c @@ -50,31 +50,3 @@ grpc_channel *grpc_secure_channel_create(grpc_credentials *creds, return grpc_secure_channel_create_with_factories( factories, GPR_ARRAY_SIZE(factories), creds, target, args); } - -grpc_server *grpc_secure_server_create(grpc_server_credentials *creds, - grpc_completion_queue *cq, - const grpc_channel_args *args) { - grpc_security_status status = GRPC_SECURITY_ERROR; - grpc_security_context *ctx = NULL; - grpc_server *server = NULL; - if (creds == NULL) return NULL; /* TODO(ctiller): Return lame server. */ - - if (!strcmp(creds->type, GRPC_CREDENTIALS_TYPE_SSL)) { - status = grpc_ssl_server_security_context_create( - grpc_ssl_server_credentials_get_config(creds), &ctx); - } else if (!strcmp(creds->type, - GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY)) { - ctx = grpc_fake_server_security_context_create(); - status = GRPC_SECURITY_OK; - } - - if (status != GRPC_SECURITY_OK) { - gpr_log(GPR_ERROR, - "Unable to create secure server with credentials of type %s.", - creds->type); - return NULL; /* TODO(ctiller): Return lame server. */ - } - server = grpc_secure_server_create_internal(cq, args, ctx); - grpc_security_context_unref(ctx); - return server; -} diff --git a/src/core/security/server_secure_chttp2.c b/src/core/security/server_secure_chttp2.c index c88f0726bb..4dcd4b5524 100644 --- a/src/core/security/server_secure_chttp2.c +++ b/src/core/security/server_secure_chttp2.c @@ -33,6 +33,8 @@ #include <grpc/grpc.h> +#include <string.h> + #include "src/core/channel/http_filter.h" #include "src/core/channel/http_server_filter.h" #include "src/core/iomgr/resolve_address.h" @@ -66,37 +68,64 @@ static void on_secure_transport_setup_done(void *server, } } -static void on_accept(void *server, grpc_endpoint *tcp) { - const grpc_channel_args *args = grpc_server_get_channel_args(server); - grpc_security_context *ctx = grpc_find_security_context_in_args(args); - GPR_ASSERT(ctx); - grpc_setup_secure_transport(ctx, tcp, on_secure_transport_setup_done, server); -} +typedef struct { + grpc_tcp_server *tcp; + grpc_security_context *ctx; + grpc_server *server; +} secured_port; -/* Note: the following code is the same with server_chttp2.c */ +static void on_accept(void *spp, grpc_endpoint *tcp) { + secured_port *sp = spp; + grpc_setup_secure_transport(sp->ctx, tcp, on_secure_transport_setup_done, sp->server); +} /* Server callback: start listening on our ports */ -static void start(grpc_server *server, void *tcpp, grpc_pollset **pollsets, +static void start(grpc_server *server, void *spp, grpc_pollset **pollsets, size_t pollset_count) { - grpc_tcp_server *tcp = tcpp; - grpc_tcp_server_start(tcp, pollsets, pollset_count, on_accept, server); + secured_port *sp = spp; + grpc_tcp_server_start(sp->tcp, pollsets, pollset_count, on_accept, sp); } /* Server callback: destroy the tcp listener (so we don't generate further callbacks) */ -static void destroy(grpc_server *server, void *tcpp) { - grpc_tcp_server *tcp = tcpp; - grpc_tcp_server_destroy(tcp); +static void destroy(grpc_server *server, void *spp) { + secured_port *sp = spp; + grpc_tcp_server_destroy(sp->tcp); + grpc_security_context_unref(sp->ctx); + gpr_free(sp); } -int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr) { +int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, grpc_server_credentials *creds) { grpc_resolved_addresses *resolved = NULL; grpc_tcp_server *tcp = NULL; size_t i; unsigned count = 0; int port_num = -1; int port_temp; + grpc_security_status status = GRPC_SECURITY_ERROR; + grpc_security_context *ctx = NULL; + secured_port *sp = NULL; + + /* create security context */ + if (creds == NULL) goto error; + + if (!strcmp(creds->type, GRPC_CREDENTIALS_TYPE_SSL)) { + status = grpc_ssl_server_security_context_create( + grpc_ssl_server_credentials_get_config(creds), &ctx); + } else if (!strcmp(creds->type, + GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY)) { + ctx = grpc_fake_server_security_context_create(); + status = GRPC_SECURITY_OK; + } + if (status != GRPC_SECURITY_OK) { + gpr_log(GPR_ERROR, + "Unable to create secure server with credentials of type %s.", + creds->type); + goto error; + } + + /* resolve address */ resolved = grpc_blocking_resolve_address(addr, "https"); if (!resolved) { goto error; @@ -132,18 +161,29 @@ int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr) { } grpc_resolved_addresses_destroy(resolved); + sp = gpr_malloc(sizeof(secured_port)); + sp->tcp = tcp; + sp->ctx = ctx; + sp->server = server; + /* Register with the server only upon success */ - grpc_server_add_listener(server, tcp, start, destroy); + grpc_server_add_listener(server, sp, start, destroy); return port_num; /* Error path: cleanup and return */ error: + if (ctx) { + grpc_security_context_unref(ctx); + } if (resolved) { grpc_resolved_addresses_destroy(resolved); } if (tcp) { grpc_tcp_server_destroy(tcp); } + if (sp) { + gpr_free(sp); + } return 0; } diff --git a/src/core/surface/secure_server_create.c b/src/core/surface/secure_server_create.c deleted file mode 100644 index 1d5b927997..0000000000 --- a/src/core/surface/secure_server_create.c +++ /dev/null @@ -1,57 +0,0 @@ -/* - * - * Copyright 2015, Google Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are - * met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following disclaimer - * in the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Google Inc. nor the names of its - * contributors may be used to endorse or promote products derived from - * this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include <grpc/grpc.h> - -#include "src/core/channel/channel_args.h" -#include "src/core/security/security_context.h" -#include "src/core/surface/completion_queue.h" -#include "src/core/surface/server.h" -#include <grpc/support/log.h> - -grpc_server *grpc_secure_server_create_internal( - grpc_completion_queue *cq, const grpc_channel_args *args, - grpc_security_context *context) { - grpc_arg context_arg; - grpc_channel_args *args_copy; - grpc_server *server; - if (grpc_find_security_context_in_args(args) != NULL) { - gpr_log(GPR_ERROR, "Cannot set security context in channel args."); - } - - context_arg = grpc_security_context_to_arg(context); - args_copy = grpc_channel_args_copy_and_add(args, &context_arg); - server = grpc_server_create_from_filters(cq, NULL, 0, args_copy); - grpc_channel_args_destroy(args_copy); - return server; -} diff --git a/test/core/echo/server.c b/test/core/echo/server.c index 83da8b644d..8c9175e3cf 100644 --- a/test/core/echo/server.c +++ b/test/core/echo/server.c @@ -143,8 +143,8 @@ int main(int argc, char **argv) { test_server1_cert}; grpc_server_credentials *ssl_creds = grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1); - server = grpc_secure_server_create(ssl_creds, cq, &args); - GPR_ASSERT(grpc_server_add_secure_http2_port(server, addr)); + server = grpc_server_create(cq, &args); + GPR_ASSERT(grpc_server_add_secure_http2_port(server, addr, ssl_creds)); grpc_server_credentials_release(ssl_creds); } else { server = grpc_server_create(cq, &args); diff --git a/test/core/end2end/fixtures/chttp2_fake_security.c b/test/core/end2end/fixtures/chttp2_fake_security.c index 039909f76c..6079b550d8 100644 --- a/test/core/end2end/fixtures/chttp2_fake_security.c +++ b/test/core/end2end/fixtures/chttp2_fake_security.c @@ -84,9 +84,9 @@ static void chttp2_init_server_secure_fullstack( grpc_server_destroy(f->server); } f->server = - grpc_secure_server_create(server_creds, f->server_cq, server_args); + grpc_server_create(f->server_cq, server_args); + GPR_ASSERT(grpc_server_add_secure_http2_port(f->server, ffd->localaddr, server_creds)); grpc_server_credentials_release(server_creds); - GPR_ASSERT(grpc_server_add_secure_http2_port(f->server, ffd->localaddr)); grpc_server_start(f->server); } diff --git a/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c b/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c index 1db9e727b8..9af2f46410 100644 --- a/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c +++ b/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c @@ -87,9 +87,9 @@ static void chttp2_init_server_secure_fullstack( grpc_server_destroy(f->server); } f->server = - grpc_secure_server_create(server_creds, f->server_cq, server_args); + grpc_server_create(f->server_cq, server_args); + GPR_ASSERT(grpc_server_add_secure_http2_port(f->server, ffd->localaddr, server_creds)); grpc_server_credentials_release(server_creds); - GPR_ASSERT(grpc_server_add_secure_http2_port(f->server, ffd->localaddr)); grpc_server_start(f->server); } diff --git a/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c b/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c index 35e022c494..0be0a2302a 100644 --- a/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c +++ b/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c @@ -85,9 +85,9 @@ static void chttp2_init_server_secure_fullstack( grpc_server_destroy(f->server); } f->server = - grpc_secure_server_create(server_creds, f->server_cq, server_args); + grpc_server_create(f->server_cq, server_args); + GPR_ASSERT(grpc_server_add_secure_http2_port(f->server, ffd->localaddr, server_creds)); grpc_server_credentials_release(server_creds); - GPR_ASSERT(grpc_server_add_secure_http2_port(f->server, ffd->localaddr)); grpc_server_start(f->server); } diff --git a/test/core/fling/server.c b/test/core/fling/server.c index 59c303015a..4f29c3b5cf 100644 --- a/test/core/fling/server.c +++ b/test/core/fling/server.c @@ -205,8 +205,8 @@ int main(int argc, char **argv) { test_server1_cert}; grpc_server_credentials *ssl_creds = grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1); - server = grpc_secure_server_create(ssl_creds, cq, NULL); - GPR_ASSERT(grpc_server_add_secure_http2_port(server, addr)); + server = grpc_server_create(cq, NULL); + GPR_ASSERT(grpc_server_add_secure_http2_port(server, addr, ssl_creds)); grpc_server_credentials_release(ssl_creds); } else { server = grpc_server_create(cq, NULL); diff --git a/vsprojects/vs2013/grpc.vcxproj b/vsprojects/vs2013/grpc.vcxproj index 89c0de333c..1b4005e036 100644 --- a/vsprojects/vs2013/grpc.vcxproj +++ b/vsprojects/vs2013/grpc.vcxproj @@ -215,8 +215,6 @@ </ClCompile> <ClCompile Include="..\..\src\core\surface\secure_channel_create.c"> </ClCompile> - <ClCompile Include="..\..\src\core\surface\secure_server_create.c"> - </ClCompile> <ClCompile Include="..\..\src\core\tsi\fake_transport_security.c"> </ClCompile> <ClCompile Include="..\..\src\core\tsi\ssl_transport_security.c"> diff --git a/vsprojects/vs2013/grpc.vcxproj.filters b/vsprojects/vs2013/grpc.vcxproj.filters index a2d9f30eda..949be75180 100644 --- a/vsprojects/vs2013/grpc.vcxproj.filters +++ b/vsprojects/vs2013/grpc.vcxproj.filters @@ -43,9 +43,6 @@ <ClCompile Include="..\..\src\core\surface\secure_channel_create.c"> <Filter>src\core\surface</Filter> </ClCompile> - <ClCompile Include="..\..\src\core\surface\secure_server_create.c"> - <Filter>src\core\surface</Filter> - </ClCompile> <ClCompile Include="..\..\src\core\tsi\fake_transport_security.c"> <Filter>src\core\tsi</Filter> </ClCompile> diff --git a/vsprojects/vs2013/grpc_shared.vcxproj b/vsprojects/vs2013/grpc_shared.vcxproj index 81a280d912..6bbe656a80 100644 --- a/vsprojects/vs2013/grpc_shared.vcxproj +++ b/vsprojects/vs2013/grpc_shared.vcxproj @@ -219,8 +219,6 @@ </ClCompile> <ClCompile Include="..\..\src\core\surface\secure_channel_create.c"> </ClCompile> - <ClCompile Include="..\..\src\core\surface\secure_server_create.c"> - </ClCompile> <ClCompile Include="..\..\src\core\tsi\fake_transport_security.c"> </ClCompile> <ClCompile Include="..\..\src\core\tsi\ssl_transport_security.c"> diff --git a/vsprojects/vs2013/grpc_shared.vcxproj.filters b/vsprojects/vs2013/grpc_shared.vcxproj.filters index a2d9f30eda..949be75180 100644 --- a/vsprojects/vs2013/grpc_shared.vcxproj.filters +++ b/vsprojects/vs2013/grpc_shared.vcxproj.filters @@ -43,9 +43,6 @@ <ClCompile Include="..\..\src\core\surface\secure_channel_create.c"> <Filter>src\core\surface</Filter> </ClCompile> - <ClCompile Include="..\..\src\core\surface\secure_server_create.c"> - <Filter>src\core\surface</Filter> - </ClCompile> <ClCompile Include="..\..\src\core\tsi\fake_transport_security.c"> <Filter>src\core\tsi</Filter> </ClCompile> |