diff options
Diffstat (limited to 'src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c')
-rw-r--r-- | src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c | 165 |
1 files changed, 105 insertions, 60 deletions
diff --git a/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c b/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c index 698b2bef61..c42810e913 100644 --- a/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c +++ b/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c @@ -37,6 +37,7 @@ #include <grpc/support/alloc.h> #include <grpc/support/log.h> +#include <grpc/support/string_util.h> #include <grpc/support/sync.h> #include <grpc/support/useful.h> #include "src/core/ext/transport/chttp2/transport/chttp2_transport.h" @@ -45,14 +46,14 @@ #include "src/core/lib/iomgr/endpoint.h" #include "src/core/lib/iomgr/resolve_address.h" #include "src/core/lib/iomgr/tcp_server.h" -#include "src/core/lib/security/auth_filters.h" -#include "src/core/lib/security/credentials.h" -#include "src/core/lib/security/security_connector.h" -#include "src/core/lib/security/security_context.h" +#include "src/core/lib/security/context/security_context.h" +#include "src/core/lib/security/credentials/credentials.h" +#include "src/core/lib/security/transport/auth_filters.h" +#include "src/core/lib/security/transport/security_connector.h" #include "src/core/lib/surface/api_trace.h" #include "src/core/lib/surface/server.h" -typedef struct grpc_server_secure_state { +typedef struct server_secure_state { grpc_server *server; grpc_tcp_server *tcp; grpc_server_security_connector *sc; @@ -62,13 +63,16 @@ typedef struct grpc_server_secure_state { gpr_refcount refcount; grpc_closure destroy_closure; grpc_closure *destroy_callback; -} grpc_server_secure_state; +} server_secure_state; -static void state_ref(grpc_server_secure_state *state) { - gpr_ref(&state->refcount); -} +typedef struct server_secure_connect { + server_secure_state *state; + grpc_pollset *accepting_pollset; +} server_secure_connect; + +static void state_ref(server_secure_state *state) { gpr_ref(&state->refcount); } -static void state_unref(grpc_server_secure_state *state) { +static void state_unref(server_secure_state *state) { if (gpr_unref(&state->refcount)) { /* ensure all threads have unlocked */ gpr_mu_lock(&state->mu); @@ -80,70 +84,72 @@ static void state_unref(grpc_server_secure_state *state) { } } -static void setup_transport(grpc_exec_ctx *exec_ctx, void *statep, - grpc_transport *transport, - grpc_auth_context *auth_context) { - grpc_server_secure_state *state = statep; - grpc_channel_args *args_copy; - grpc_arg args_to_add[2]; - args_to_add[0] = grpc_server_credentials_to_arg(state->creds); - args_to_add[1] = grpc_auth_context_to_arg(auth_context); - args_copy = grpc_channel_args_copy_and_add( - grpc_server_get_channel_args(state->server), args_to_add, - GPR_ARRAY_SIZE(args_to_add)); - grpc_server_setup_transport(exec_ctx, state->server, transport, args_copy); - grpc_channel_args_destroy(args_copy); -} - static void on_secure_handshake_done(grpc_exec_ctx *exec_ctx, void *statep, grpc_security_status status, grpc_endpoint *secure_endpoint, grpc_auth_context *auth_context) { - grpc_server_secure_state *state = statep; + server_secure_connect *state = statep; grpc_transport *transport; if (status == GRPC_SECURITY_OK) { if (secure_endpoint) { - gpr_mu_lock(&state->mu); - if (!state->is_shutdown) { + gpr_mu_lock(&state->state->mu); + if (!state->state->is_shutdown) { transport = grpc_create_chttp2_transport( - exec_ctx, grpc_server_get_channel_args(state->server), + exec_ctx, grpc_server_get_channel_args(state->state->server), secure_endpoint, 0); - setup_transport(exec_ctx, state, transport, auth_context); + grpc_channel_args *args_copy; + grpc_arg args_to_add[2]; + args_to_add[0] = grpc_server_credentials_to_arg(state->state->creds); + args_to_add[1] = grpc_auth_context_to_arg(auth_context); + args_copy = grpc_channel_args_copy_and_add( + grpc_server_get_channel_args(state->state->server), args_to_add, + GPR_ARRAY_SIZE(args_to_add)); + grpc_server_setup_transport(exec_ctx, state->state->server, transport, + state->accepting_pollset, args_copy); + grpc_channel_args_destroy(args_copy); grpc_chttp2_transport_start_reading(exec_ctx, transport, NULL, 0); } else { /* We need to consume this here, because the server may already have * gone away. */ grpc_endpoint_destroy(exec_ctx, secure_endpoint); } - gpr_mu_unlock(&state->mu); + gpr_mu_unlock(&state->state->mu); } } else { gpr_log(GPR_ERROR, "Secure transport failed with error %d", status); } - state_unref(state); + state_unref(state->state); + gpr_free(state); } static void on_accept(grpc_exec_ctx *exec_ctx, void *statep, grpc_endpoint *tcp, + grpc_pollset *accepting_pollset, grpc_tcp_server_acceptor *acceptor) { - grpc_server_secure_state *state = statep; - state_ref(state); + server_secure_connect *state = gpr_malloc(sizeof(*state)); + state->state = statep; + state_ref(state->state); + state->accepting_pollset = accepting_pollset; grpc_server_security_connector_do_handshake( - exec_ctx, state->sc, acceptor, tcp, on_secure_handshake_done, state); + exec_ctx, state->state->sc, acceptor, tcp, + gpr_time_add(gpr_now(GPR_CLOCK_MONOTONIC), + gpr_time_from_seconds(120, GPR_TIMESPAN)), + on_secure_handshake_done, state); } /* Server callback: start listening on our ports */ static void start(grpc_exec_ctx *exec_ctx, grpc_server *server, void *statep, grpc_pollset **pollsets, size_t pollset_count) { - grpc_server_secure_state *state = statep; + server_secure_state *state = statep; grpc_tcp_server_start(exec_ctx, state->tcp, pollsets, pollset_count, on_accept, state); } -static void destroy_done(grpc_exec_ctx *exec_ctx, void *statep, bool success) { - grpc_server_secure_state *state = statep; +static void destroy_done(grpc_exec_ctx *exec_ctx, void *statep, + grpc_error *error) { + server_secure_state *state = statep; if (state->destroy_callback != NULL) { state->destroy_callback->cb(exec_ctx, state->destroy_callback->cb_arg, - success); + GRPC_ERROR_REF(error)); } grpc_server_security_connector_shutdown(exec_ctx, state->sc); state_unref(state); @@ -153,7 +159,7 @@ static void destroy_done(grpc_exec_ctx *exec_ctx, void *statep, bool success) { callbacks) */ static void destroy(grpc_exec_ctx *exec_ctx, grpc_server *server, void *statep, grpc_closure *callback) { - grpc_server_secure_state *state = statep; + server_secure_state *state = statep; grpc_tcp_server *tcp; gpr_mu_lock(&state->mu); state->is_shutdown = 1; @@ -167,14 +173,16 @@ int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, grpc_server_credentials *creds) { grpc_resolved_addresses *resolved = NULL; grpc_tcp_server *tcp = NULL; - grpc_server_secure_state *state = NULL; + server_secure_state *state = NULL; size_t i; - unsigned count = 0; + size_t count = 0; int port_num = -1; int port_temp; grpc_security_status status = GRPC_SECURITY_ERROR; grpc_server_security_connector *sc = NULL; grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; + grpc_error *err = GRPC_ERROR_NONE; + grpc_error **errors = NULL; GRPC_API_TRACE( "grpc_server_add_secure_http2_port(" @@ -182,26 +190,35 @@ int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, 3, (server, addr, creds)); /* create security context */ - if (creds == NULL) goto error; + if (creds == NULL) { + err = GRPC_ERROR_CREATE( + "No credentials specified for secure server port (creds==NULL)"); + goto error; + } status = grpc_server_credentials_create_security_connector(creds, &sc); if (status != GRPC_SECURITY_OK) { - gpr_log(GPR_ERROR, - "Unable to create secure server with credentials of type %s.", - creds->type); + char *msg; + gpr_asprintf(&msg, + "Unable to create secure server with credentials of type %s.", + creds->type); + err = grpc_error_set_int(GRPC_ERROR_CREATE(msg), + GRPC_ERROR_INT_SECURITY_STATUS, status); + gpr_free(msg); goto error; } sc->channel_args = grpc_server_get_channel_args(server); /* resolve address */ - resolved = grpc_blocking_resolve_address(addr, "https"); - if (!resolved) { + err = grpc_blocking_resolve_address(addr, "https", &resolved); + if (err != GRPC_ERROR_NONE) { goto error; } state = gpr_malloc(sizeof(*state)); memset(state, 0, sizeof(*state)); grpc_closure_init(&state->destroy_closure, destroy_done, state); - tcp = grpc_tcp_server_create(&state->destroy_closure); - if (!tcp) { + err = grpc_tcp_server_create(&state->destroy_closure, + grpc_server_get_channel_args(server), &tcp); + if (err != GRPC_ERROR_NONE) { goto error; } @@ -213,11 +230,12 @@ int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, gpr_mu_init(&state->mu); gpr_ref_init(&state->refcount, 1); + errors = gpr_malloc(sizeof(*errors) * resolved->naddrs); for (i = 0; i < resolved->naddrs; i++) { - port_temp = grpc_tcp_server_add_port( + errors[i] = grpc_tcp_server_add_port( tcp, (struct sockaddr *)&resolved->addrs[i].addr, - resolved->addrs[i].len); - if (port_temp > 0) { + resolved->addrs[i].len, &port_temp); + if (errors[i] == GRPC_ERROR_NONE) { if (port_num == -1) { port_num = port_temp; } else { @@ -227,15 +245,31 @@ int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, } } if (count == 0) { - gpr_log(GPR_ERROR, "No address added out of total %d resolved", - resolved->naddrs); + char *msg; + gpr_asprintf(&msg, "No address added out of total %" PRIuPTR " resolved", + resolved->naddrs); + err = GRPC_ERROR_CREATE_REFERENCING(msg, errors, resolved->naddrs); + gpr_free(msg); goto error; + } else if (count != resolved->naddrs) { + char *msg; + gpr_asprintf(&msg, "Only %" PRIuPTR + " addresses added out of total %" PRIuPTR " resolved", + count, resolved->naddrs); + err = GRPC_ERROR_CREATE_REFERENCING(msg, errors, resolved->naddrs); + gpr_free(msg); + + const char *warning_message = grpc_error_string(err); + gpr_log(GPR_INFO, "WARNING: %s", warning_message); + grpc_error_free_string(warning_message); + /* we managed to bind some addresses: continue */ + } else { + for (i = 0; i < resolved->naddrs; i++) { + GRPC_ERROR_UNREF(errors[i]); + } } - if (count != resolved->naddrs) { - gpr_log(GPR_ERROR, "Only %d addresses added out of total %d resolved", - count, resolved->naddrs); - /* if it's an error, don't we want to goto error; here ? */ - } + gpr_free(errors); + errors = NULL; grpc_resolved_addresses_destroy(resolved); /* Register with the server only upon success */ @@ -246,6 +280,13 @@ int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, /* Error path: cleanup and return */ error: + GPR_ASSERT(err != GRPC_ERROR_NONE); + if (errors != NULL) { + for (i = 0; i < resolved->naddrs; i++) { + GRPC_ERROR_UNREF(errors[i]); + } + gpr_free(errors); + } if (resolved) { grpc_resolved_addresses_destroy(resolved); } @@ -260,5 +301,9 @@ error: } } grpc_exec_ctx_finish(&exec_ctx); + const char *msg = grpc_error_string(err); + GRPC_ERROR_UNREF(err); + gpr_log(GPR_ERROR, "%s", msg); + grpc_error_free_string(msg); return 0; } |