diff options
Diffstat (limited to 'src')
15 files changed, 385 insertions, 92 deletions
diff --git a/src/core/ext/filters/client_channel/authority.cc b/src/core/ext/filters/client_channel/authority.cc new file mode 100644 index 0000000000..46a9f39aed --- /dev/null +++ b/src/core/ext/filters/client_channel/authority.cc @@ -0,0 +1,42 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <grpc/support/port_platform.h> + +#include "src/core/ext/filters/client_channel/authority.h" + +grpc_channel_args* grpc_add_default_authority_if_not_present( + const grpc_channel_args* args) { + const bool has_default_authority = + grpc_channel_args_find(args, GRPC_ARG_DEFAULT_AUTHORITY) != nullptr; + grpc_arg new_args[1]; + size_t num_new_args = 0; + grpc_core::UniquePtr<char> default_authority; + if (!has_default_authority) { + const grpc_arg* server_uri_arg = + grpc_channel_args_find(args, GRPC_ARG_SERVER_URI); + const char* server_uri_str = grpc_channel_arg_get_string(server_uri_arg); + GPR_ASSERT(server_uri_str != nullptr); + default_authority = + grpc_core::ResolverRegistry::GetDefaultAuthority(server_uri_str); + GPR_ASSERT(default_authority != nullptr); + new_args[num_new_args++] = grpc_channel_arg_string_create( + const_cast<char*>(GRPC_ARG_DEFAULT_AUTHORITY), default_authority.get()); + } + return grpc_channel_args_copy_and_add(args, new_args, num_new_args); +} diff --git a/src/core/ext/filters/client_channel/authority.h b/src/core/ext/filters/client_channel/authority.h new file mode 100644 index 0000000000..0923e9d56c --- /dev/null +++ b/src/core/ext/filters/client_channel/authority.h @@ -0,0 +1,36 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef GRPC_CORE_EXT_FILTERS_CLIENT_CHANNEL_AUTHORITY_H +#define GRPC_CORE_EXT_FILTERS_CLIENT_CHANNEL_AUTHORITY_H + +#include <grpc/support/port_platform.h> + +#include <grpc/grpc.h> + +#include "src/core/ext/filters/client_channel/client_channel.h" +#include "src/core/ext/filters/client_channel/resolver_registry.h" +#include "src/core/lib/channel/channel_args.h" +#include "src/core/lib/gprpp/memory.h" + +/// Returns a copy of \a args with the default authority channel arg set if it +/// wasn't already present. +grpc_channel_args* grpc_add_default_authority_if_not_present( + const grpc_channel_args* args); + +#endif /* GRPC_CORE_EXT_FILTERS_CLIENT_CHANNEL_AUTHORITY_H */ diff --git a/src/core/ext/filters/client_channel/client_channel_plugin.cc b/src/core/ext/filters/client_channel/client_channel_plugin.cc index 3c3a97532f..98d9d02110 100644 --- a/src/core/ext/filters/client_channel/client_channel_plugin.cc +++ b/src/core/ext/filters/client_channel/client_channel_plugin.cc @@ -39,29 +39,6 @@ static bool append_filter(grpc_channel_stack_builder* builder, void* arg) { builder, static_cast<const grpc_channel_filter*>(arg), nullptr, nullptr); } -static bool set_default_host_if_unset(grpc_channel_stack_builder* builder, - void* unused) { - const grpc_channel_args* args = - grpc_channel_stack_builder_get_channel_arguments(builder); - for (size_t i = 0; i < args->num_args; i++) { - if (0 == strcmp(args->args[i].key, GRPC_ARG_DEFAULT_AUTHORITY) || - 0 == strcmp(args->args[i].key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG)) { - return true; - } - } - grpc_core::UniquePtr<char> default_authority = - grpc_core::ResolverRegistry::GetDefaultAuthority( - grpc_channel_stack_builder_get_target(builder)); - if (default_authority.get() != nullptr) { - grpc_arg arg = grpc_channel_arg_string_create( - (char*)GRPC_ARG_DEFAULT_AUTHORITY, default_authority.get()); - grpc_channel_args* new_args = grpc_channel_args_copy_and_add(args, &arg, 1); - grpc_channel_stack_builder_set_channel_arguments(builder, new_args); - grpc_channel_args_destroy(new_args); - } - return true; -} - void grpc_client_channel_init(void) { grpc_core::LoadBalancingPolicyRegistry::Builder::InitRegistry(); grpc_core::ResolverRegistry::Builder::InitRegistry(); @@ -69,8 +46,6 @@ void grpc_client_channel_init(void) { grpc_proxy_mapper_registry_init(); grpc_register_http_proxy_mapper(); grpc_subchannel_index_init(); - grpc_channel_init_register_stage(GRPC_CLIENT_CHANNEL, INT_MIN, - set_default_host_if_unset, nullptr); grpc_channel_init_register_stage( GRPC_CLIENT_CHANNEL, GRPC_CHANNEL_INIT_BUILTIN_PRIORITY, append_filter, (void*)&grpc_client_channel_filter); diff --git a/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc b/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc index e805593dd8..0b2a30818e 100644 --- a/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +++ b/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc @@ -505,9 +505,7 @@ GrpcLb::BalancerCallState::BalancerCallState( // the polling entities from client_channel. GPR_ASSERT(grpclb_policy()->server_name_ != nullptr); GPR_ASSERT(grpclb_policy()->server_name_[0] != '\0'); - grpc_slice host = - grpc_slice_from_copied_string(grpclb_policy()->server_name_); - grpc_millis deadline = + const grpc_millis deadline = grpclb_policy()->lb_call_timeout_ms_ == 0 ? GRPC_MILLIS_INF_FUTURE : ExecCtx::Get()->Now() + grpclb_policy()->lb_call_timeout_ms_; @@ -515,8 +513,7 @@ GrpcLb::BalancerCallState::BalancerCallState( grpclb_policy()->lb_channel_, nullptr, GRPC_PROPAGATE_DEFAULTS, grpclb_policy_->interested_parties(), GRPC_MDSTR_SLASH_GRPC_DOT_LB_DOT_V1_DOT_LOADBALANCER_SLASH_BALANCELOAD, - &host, deadline, nullptr); - grpc_slice_unref_internal(host); + nullptr, deadline, nullptr); // Init the LB call request payload. grpc_grpclb_request* request = grpc_grpclb_request_create(grpclb_policy()->server_name_); @@ -983,6 +980,14 @@ grpc_channel_args* BuildBalancerChannelArgs( // with the one from the grpclb policy, used to propagate updates to // the LB channel. GRPC_ARG_FAKE_RESOLVER_RESPONSE_GENERATOR, + // The LB channel should use the authority indicated by the target + // authority table (see \a grpc_lb_policy_grpclb_modify_lb_channel_args), + // as opposed to the authority from the parent channel. + GRPC_ARG_DEFAULT_AUTHORITY, + // Just as for \a GRPC_ARG_DEFAULT_AUTHORITY, the LB channel should be + // treated as a stand-alone channel and not inherit this argument from the + // args of the parent channel. + GRPC_SSL_TARGET_NAME_OVERRIDE_ARG, }; // Channel args to add. const grpc_arg args_to_add[] = { diff --git a/src/core/ext/filters/http/client_authority_filter.cc b/src/core/ext/filters/http/client_authority_filter.cc new file mode 100644 index 0000000000..f2b3e0fe7b --- /dev/null +++ b/src/core/ext/filters/http/client_authority_filter.cc @@ -0,0 +1,141 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <grpc/support/port_platform.h> + +#include <assert.h> +#include <limits.h> +#include <string.h> + +#include <grpc/support/alloc.h> +#include <grpc/support/log.h> +#include <grpc/support/string_util.h> + +#include "src/core/ext/filters/http/client_authority_filter.h" +#include "src/core/lib/channel/channel_args.h" +#include "src/core/lib/gpr/string.h" +#include "src/core/lib/slice/slice_internal.h" +#include "src/core/lib/slice/slice_string_helpers.h" +#include "src/core/lib/surface/call.h" +#include "src/core/lib/surface/channel_init.h" +#include "src/core/lib/surface/channel_stack_type.h" +#include "src/core/lib/transport/static_metadata.h" + +namespace { + +struct call_data { + grpc_linked_mdelem authority_storage; + grpc_call_combiner* call_combiner; +}; + +struct channel_data { + grpc_slice default_authority; +}; + +void authority_start_transport_stream_op_batch( + grpc_call_element* elem, grpc_transport_stream_op_batch* batch) { + channel_data* chand = static_cast<channel_data*>(elem->channel_data); + call_data* calld = static_cast<call_data*>(elem->call_data); + // Handle send_initial_metadata. + auto* initial_metadata = + batch->payload->send_initial_metadata.send_initial_metadata; + // If the initial metadata doesn't already contain :authority, add it. + if (batch->send_initial_metadata && + initial_metadata->idx.named.authority == nullptr) { + grpc_error* error = grpc_metadata_batch_add_head( + initial_metadata, &calld->authority_storage, + grpc_mdelem_from_slices(GRPC_MDSTR_AUTHORITY, + grpc_slice_ref(chand->default_authority))); + if (error != GRPC_ERROR_NONE) { + grpc_transport_stream_op_batch_finish_with_failure(batch, error, + calld->call_combiner); + return; + } + } + // Pass control down the stack. + grpc_call_next_op(elem, batch); +} + +/* Constructor for call_data */ +grpc_error* init_call_elem(grpc_call_element* elem, + const grpc_call_element_args* args) { + call_data* calld = static_cast<call_data*>(elem->call_data); + calld->call_combiner = args->call_combiner; + return GRPC_ERROR_NONE; +} + +/* Destructor for call_data */ +void destroy_call_elem(grpc_call_element* elem, + const grpc_call_final_info* final_info, + grpc_closure* ignored) {} + +/* Constructor for channel_data */ +grpc_error* init_channel_elem(grpc_channel_element* elem, + grpc_channel_element_args* args) { + channel_data* chand = static_cast<channel_data*>(elem->channel_data); + const grpc_arg* default_authority_arg = + grpc_channel_args_find(args->channel_args, GRPC_ARG_DEFAULT_AUTHORITY); + if (default_authority_arg == nullptr) { + gpr_log( + GPR_ERROR, + "GRPC_ARG_DEFAULT_AUTHORITY channel arg. not found. Note that direct " + "channels must explicity specify a value for this argument."); + abort(); + } + chand->default_authority = grpc_slice_from_copied_string( + grpc_channel_arg_get_string(default_authority_arg)); + GPR_ASSERT(!args->is_last); + return GRPC_ERROR_NONE; +} + +/* Destructor for channel data */ +void destroy_channel_elem(grpc_channel_element* elem) { + channel_data* chand = static_cast<channel_data*>(elem->channel_data); + grpc_slice_unref(chand->default_authority); +} +} // namespace + +const grpc_channel_filter grpc_client_authority_filter = { + authority_start_transport_stream_op_batch, + grpc_channel_next_op, + sizeof(call_data), + init_call_elem, + grpc_call_stack_ignore_set_pollset_or_pollset_set, + destroy_call_elem, + sizeof(channel_data), + init_channel_elem, + destroy_channel_elem, + grpc_channel_next_get_info, + "authority"}; + +static bool add_client_authority_filter(grpc_channel_stack_builder* builder, + void* arg) { + return grpc_channel_stack_builder_prepend_filter( + builder, static_cast<const grpc_channel_filter*>(arg), nullptr, nullptr); +} + +void grpc_client_authority_filter_init(void) { + grpc_channel_init_register_stage(GRPC_CLIENT_SUBCHANNEL, INT_MAX, + add_client_authority_filter, + (void*)&grpc_client_authority_filter); + grpc_channel_init_register_stage(GRPC_CLIENT_DIRECT_CHANNEL, INT_MAX, + add_client_authority_filter, + (void*)&grpc_client_authority_filter); +} + +void grpc_client_authority_filter_shutdown(void) {} diff --git a/src/core/ext/filters/http/client_authority_filter.h b/src/core/ext/filters/http/client_authority_filter.h new file mode 100644 index 0000000000..5824e91ff2 --- /dev/null +++ b/src/core/ext/filters/http/client_authority_filter.h @@ -0,0 +1,34 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef GRPC_CORE_EXT_FILTERS_HTTP_CLIENT_AUTHORITY_FILTER_H +#define GRPC_CORE_EXT_FILTERS_HTTP_CLIENT_AUTHORITY_FILTER_H + +#include <grpc/support/port_platform.h> + +#include <grpc/impl/codegen/compression_types.h> + +#include "src/core/lib/channel/channel_stack.h" + +/// Filter responsible for setting the authority header, if not already set. It +/// uses the value of the GRPC_ARG_DEFAULT_AUTHORITY channel arg if the initial +/// metadata doesn't already contain an authority value. + +extern const grpc_channel_filter grpc_client_authority_filter; + +#endif /* GRPC_CORE_EXT_FILTERS_HTTP_CLIENT_AUTHORITY_FILTER_H */ diff --git a/src/core/ext/transport/chttp2/client/insecure/channel_create.cc b/src/core/ext/transport/chttp2/client/insecure/channel_create.cc index 60800365b8..5b08b6cd36 100644 --- a/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +++ b/src/core/ext/transport/chttp2/client/insecure/channel_create.cc @@ -25,6 +25,7 @@ #include <grpc/support/alloc.h> #include <grpc/support/string_util.h> +#include "src/core/ext/filters/client_channel/authority.h" #include "src/core/ext/filters/client_channel/client_channel.h" #include "src/core/ext/filters/client_channel/resolver_registry.h" #include "src/core/ext/transport/chttp2/client/chttp2_connector.h" @@ -40,9 +41,16 @@ static void client_channel_factory_unref( static grpc_subchannel* client_channel_factory_create_subchannel( grpc_client_channel_factory* cc_factory, const grpc_subchannel_args* args) { + grpc_subchannel_args* final_sc_args = + static_cast<grpc_subchannel_args*>(gpr_malloc(sizeof(*final_sc_args))); + memcpy(final_sc_args, args, sizeof(*args)); + final_sc_args->args = grpc_add_default_authority_if_not_present(args->args); grpc_connector* connector = grpc_chttp2_connector_create(); - grpc_subchannel* s = grpc_subchannel_create(connector, args); + grpc_subchannel* s = grpc_subchannel_create(connector, final_sc_args); grpc_connector_unref(connector); + grpc_channel_args_destroy( + const_cast<grpc_channel_args*>(final_sc_args->args)); + gpr_free(final_sc_args); return s; } @@ -56,8 +64,8 @@ static grpc_channel* client_channel_factory_create_channel( // Add channel arg containing the server URI. grpc_core::UniquePtr<char> canonical_target = grpc_core::ResolverRegistry::AddDefaultPrefixIfNeeded(target); - grpc_arg arg = grpc_channel_arg_string_create((char*)GRPC_ARG_SERVER_URI, - canonical_target.get()); + grpc_arg arg = grpc_channel_arg_string_create( + const_cast<char*>(GRPC_ARG_SERVER_URI), canonical_target.get()); const char* to_remove[] = {GRPC_ARG_SERVER_URI}; grpc_channel_args* new_args = grpc_channel_args_copy_and_add_and_remove(args, to_remove, 1, &arg, 1); diff --git a/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc b/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc index a82009ff69..5ce73a95d7 100644 --- a/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +++ b/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc @@ -71,9 +71,6 @@ static grpc_subchannel_args* get_secure_naming_subchannel_args( grpc_uri* server_uri = grpc_uri_parse(server_uri_str, true /* supress errors */); GPR_ASSERT(server_uri != nullptr); - const char* server_uri_path; - server_uri_path = - server_uri->path[0] == '/' ? server_uri->path + 1 : server_uri->path; const grpc_core::TargetAuthorityTable* target_authority_table = grpc_core::FindTargetAuthorityTableInArgs(args->args); grpc_core::UniquePtr<char> authority; @@ -98,33 +95,49 @@ static grpc_subchannel_args* get_secure_naming_subchannel_args( // authority table was present or because the target was not present // in the table), fall back to using the original server URI. if (authority == nullptr) { - authority.reset(gpr_strdup(server_uri_path)); + authority = + grpc_core::ResolverRegistry::GetDefaultAuthority(server_uri_str); } + grpc_arg args_to_add[2]; + size_t num_args_to_add = 0; + if (grpc_channel_args_find(args->args, GRPC_ARG_DEFAULT_AUTHORITY) == + nullptr) { + // If the channel args don't already contain GRPC_ARG_DEFAULT_AUTHORITY, add + // the arg, setting it to the value just obtained. + args_to_add[num_args_to_add++] = grpc_channel_arg_string_create( + const_cast<char*>(GRPC_ARG_DEFAULT_AUTHORITY), authority.get()); + } + grpc_channel_args* args_with_authority = + grpc_channel_args_copy_and_add(args->args, args_to_add, num_args_to_add); grpc_uri_destroy(server_uri); grpc_channel_security_connector* subchannel_security_connector = nullptr; // Create the security connector using the credentials and target name. grpc_channel_args* new_args_from_connector = nullptr; const grpc_security_status security_status = grpc_channel_credentials_create_security_connector( - channel_credentials, authority.get(), args->args, + channel_credentials, authority.get(), args_with_authority, &subchannel_security_connector, &new_args_from_connector); if (security_status != GRPC_SECURITY_OK) { gpr_log(GPR_ERROR, "Failed to create secure subchannel for secure name '%s'", authority.get()); + grpc_channel_args_destroy(args_with_authority); return nullptr; } grpc_arg new_security_connector_arg = grpc_security_connector_to_arg(&subchannel_security_connector->base); grpc_channel_args* new_args = grpc_channel_args_copy_and_add( - new_args_from_connector != nullptr ? new_args_from_connector : args->args, + new_args_from_connector != nullptr ? new_args_from_connector + : args_with_authority, &new_security_connector_arg, 1); + GRPC_SECURITY_CONNECTOR_UNREF(&subchannel_security_connector->base, "lb_channel_create"); if (new_args_from_connector != nullptr) { grpc_channel_args_destroy(new_args_from_connector); } + grpc_channel_args_destroy(args_with_authority); grpc_subchannel_args* final_sc_args = static_cast<grpc_subchannel_args*>(gpr_malloc(sizeof(*final_sc_args))); memcpy(final_sc_args, args, sizeof(*args)); diff --git a/src/core/lib/security/security_connector/security_connector.cc b/src/core/lib/security/security_connector/security_connector.cc index cbe77d5a69..a0e05a3fbd 100644 --- a/src/core/lib/security/security_connector/security_connector.cc +++ b/src/core/lib/security/security_connector/security_connector.cc @@ -306,6 +306,7 @@ typedef struct { char* target; char* expected_targets; bool is_lb_channel; + char* ssl_target_name_override; } grpc_fake_channel_security_connector; static void fake_channel_destroy(grpc_security_connector* sc) { @@ -314,6 +315,7 @@ static void fake_channel_destroy(grpc_security_connector* sc) { grpc_call_credentials_unref(c->base.request_metadata_creds); gpr_free(c->target); gpr_free(c->expected_targets); + gpr_free(c->ssl_target_name_override); gpr_free(c); } @@ -465,13 +467,34 @@ static bool fake_channel_check_call_host(grpc_channel_security_connector* sc, grpc_error** error) { grpc_fake_channel_security_connector* c = reinterpret_cast<grpc_fake_channel_security_connector*>(sc); - if (c->is_lb_channel) { - // TODO(dgq): verify that the host (ie, authority header) matches that of - // the LB, as opposed to that of the backends. - } else { - // TODO(dgq): verify that the host (ie, authority header) matches that of - // the backend, not the LB's. + char* authority_hostname = nullptr; + char* authority_ignored_port = nullptr; + char* target_hostname = nullptr; + char* target_ignored_port = nullptr; + gpr_split_host_port(host, &authority_hostname, &authority_ignored_port); + gpr_split_host_port(c->target, &target_hostname, &target_ignored_port); + if (c->ssl_target_name_override != nullptr) { + char* ssl_target_name_override_hostname = nullptr; + char* ssl_target_name_override_ignored_port = nullptr; + gpr_split_host_port(c->ssl_target_name_override, + &ssl_target_name_override_hostname, + &ssl_target_name_override_ignored_port); + if (strcmp(authority_hostname, ssl_target_name_override_hostname) != 0) { + gpr_log(GPR_ERROR, "Authority (host) '%s' != SSL Target override '%s'", + host, ssl_target_name_override_hostname); + abort(); + } + gpr_free(ssl_target_name_override_hostname); + gpr_free(ssl_target_name_override_ignored_port); + } else if (strcmp(authority_hostname, target_hostname) != 0) { + gpr_log(GPR_ERROR, "Authority (host) '%s' != Target '%s'", + authority_hostname, target_hostname); + abort(); } + gpr_free(authority_hostname); + gpr_free(authority_ignored_port); + gpr_free(target_hostname); + gpr_free(target_ignored_port); return true; } @@ -524,6 +547,12 @@ grpc_channel_security_connector* grpc_fake_channel_security_connector_create( const char* expected_targets = grpc_fake_transport_get_expected_targets(args); c->expected_targets = gpr_strdup(expected_targets); c->is_lb_channel = grpc_core::FindTargetAuthorityTableInArgs(args) != nullptr; + const grpc_arg* ssl_target_name_override_arg = + grpc_channel_args_find(args, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG); + if (ssl_target_name_override_arg != nullptr) { + c->ssl_target_name_override = + grpc_channel_arg_get_string(ssl_target_name_override_arg); + } return &c->base; } diff --git a/src/core/lib/surface/channel.cc b/src/core/lib/surface/channel.cc index cecc15b2df..807e28eef1 100644 --- a/src/core/lib/surface/channel.cc +++ b/src/core/lib/surface/channel.cc @@ -60,7 +60,6 @@ typedef struct registered_call { struct grpc_channel { int is_client; grpc_compression_options compression_options; - grpc_mdelem default_authority; gpr_atm call_size_estimate; @@ -117,40 +116,8 @@ grpc_channel* grpc_channel_create_with_builder( grpc_compression_options_init(&channel->compression_options); for (size_t i = 0; i < args->num_args; i++) { - if (0 == strcmp(args->args[i].key, GRPC_ARG_DEFAULT_AUTHORITY)) { - if (args->args[i].type != GRPC_ARG_STRING) { - gpr_log(GPR_ERROR, "%s ignored: it must be a string", - GRPC_ARG_DEFAULT_AUTHORITY); - } else { - if (!GRPC_MDISNULL(channel->default_authority)) { - /* setting this takes precedence over anything else */ - GRPC_MDELEM_UNREF(channel->default_authority); - } - channel->default_authority = grpc_mdelem_from_slices( - GRPC_MDSTR_AUTHORITY, - grpc_slice_intern( - grpc_slice_from_static_string(args->args[i].value.string))); - } - } else if (0 == - strcmp(args->args[i].key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG)) { - if (args->args[i].type != GRPC_ARG_STRING) { - gpr_log(GPR_ERROR, "%s ignored: it must be a string", - GRPC_SSL_TARGET_NAME_OVERRIDE_ARG); - } else { - if (!GRPC_MDISNULL(channel->default_authority)) { - /* other ways of setting this (notably ssl) take precedence */ - gpr_log(GPR_ERROR, - "%s ignored: default host already set some other way", - GRPC_SSL_TARGET_NAME_OVERRIDE_ARG); - } else { - channel->default_authority = grpc_mdelem_from_slices( - GRPC_MDSTR_AUTHORITY, - grpc_slice_intern( - grpc_slice_from_static_string(args->args[i].value.string))); - } - } - } else if (0 == strcmp(args->args[i].key, - GRPC_COMPRESSION_CHANNEL_DEFAULT_LEVEL)) { + if (0 == + strcmp(args->args[i].key, GRPC_COMPRESSION_CHANNEL_DEFAULT_LEVEL)) { channel->compression_options.default_level.is_set = true; channel->compression_options.default_level.level = static_cast<grpc_compression_level>(grpc_channel_arg_get_integer( @@ -189,6 +156,37 @@ grpc_channel* grpc_channel_create_with_builder( return channel; } +static grpc_core::UniquePtr<char> get_default_authority( + const grpc_channel_args* input_args) { + bool has_default_authority = false; + char* ssl_override = nullptr; + grpc_core::UniquePtr<char> default_authority; + const size_t num_args = input_args != nullptr ? input_args->num_args : 0; + for (size_t i = 0; i < num_args; ++i) { + if (0 == strcmp(input_args->args[i].key, GRPC_ARG_DEFAULT_AUTHORITY)) { + has_default_authority = true; + } else if (0 == strcmp(input_args->args[i].key, + GRPC_SSL_TARGET_NAME_OVERRIDE_ARG)) { + ssl_override = input_args->args[i].value.string; + } + } + if (!has_default_authority && ssl_override != nullptr) { + default_authority.reset(gpr_strdup(ssl_override)); + } + return default_authority; +} + +static grpc_channel_args* build_channel_args( + const grpc_channel_args* input_args, char* default_authority) { + grpc_arg new_args[1]; + size_t num_new_args = 0; + if (default_authority != nullptr) { + new_args[num_new_args++] = grpc_channel_arg_string_create( + const_cast<char*>(GRPC_ARG_DEFAULT_AUTHORITY), default_authority); + } + return grpc_channel_args_copy_and_add(input_args, new_args, num_new_args); +} + char* grpc_channel_get_trace(grpc_channel* channel) { return channel->tracer->RenderTrace(); } @@ -202,7 +200,12 @@ grpc_channel* grpc_channel_create(const char* target, grpc_channel_stack_type channel_stack_type, grpc_transport* optional_transport) { grpc_channel_stack_builder* builder = grpc_channel_stack_builder_create(); - grpc_channel_stack_builder_set_channel_arguments(builder, input_args); + const grpc_core::UniquePtr<char> default_authority = + get_default_authority(input_args); + grpc_channel_args* args = + build_channel_args(input_args, default_authority.get()); + grpc_channel_stack_builder_set_channel_arguments(builder, args); + grpc_channel_args_destroy(args); grpc_channel_stack_builder_set_target(builder, target); grpc_channel_stack_builder_set_transport(builder, optional_transport); if (!grpc_channel_init_create_stack(builder, channel_stack_type)) { @@ -274,8 +277,6 @@ static grpc_call* grpc_channel_create_call_internal( send_metadata[num_metadata++] = path_mdelem; if (!GRPC_MDISNULL(authority_mdelem)) { send_metadata[num_metadata++] = authority_mdelem; - } else if (!GRPC_MDISNULL(channel->default_authority)) { - send_metadata[num_metadata++] = GRPC_MDELEM_REF(channel->default_authority); } grpc_call_create_args args; @@ -406,7 +407,6 @@ static void destroy_channel(void* arg, grpc_error* error) { gpr_free(rc); } channel->tracer.reset(); - GRPC_MDELEM_UNREF(channel->default_authority); gpr_mu_destroy(&channel->registered_call_mu); gpr_free(channel->target); gpr_free(channel); diff --git a/src/core/lib/surface/init_secure.cc b/src/core/lib/surface/init_secure.cc index 78e983e0cd..28c6f7b121 100644 --- a/src/core/lib/surface/init_secure.cc +++ b/src/core/lib/surface/init_secure.cc @@ -67,9 +67,12 @@ static bool maybe_prepend_server_auth_filter( } void grpc_register_security_filters(void) { - grpc_channel_init_register_stage(GRPC_CLIENT_SUBCHANNEL, INT_MAX, + // Register the auth client with a priority < INT_MAX to allow the authority + // filter -on which the auth filter depends- to be higher on the channel + // stack. + grpc_channel_init_register_stage(GRPC_CLIENT_SUBCHANNEL, INT_MAX - 1, maybe_prepend_client_auth_filter, nullptr); - grpc_channel_init_register_stage(GRPC_CLIENT_DIRECT_CHANNEL, INT_MAX, + grpc_channel_init_register_stage(GRPC_CLIENT_DIRECT_CHANNEL, INT_MAX - 1, maybe_prepend_client_auth_filter, nullptr); grpc_channel_init_register_stage(GRPC_SERVER_CHANNEL, INT_MAX, maybe_prepend_server_auth_filter, nullptr); diff --git a/src/core/plugin_registry/grpc_plugin_registry.cc b/src/core/plugin_registry/grpc_plugin_registry.cc index 6f11e6bb5b..e371310fa1 100644 --- a/src/core/plugin_registry/grpc_plugin_registry.cc +++ b/src/core/plugin_registry/grpc_plugin_registry.cc @@ -52,6 +52,8 @@ void grpc_max_age_filter_init(void); void grpc_max_age_filter_shutdown(void); void grpc_message_size_filter_init(void); void grpc_message_size_filter_shutdown(void); +void grpc_client_authority_filter_init(void); +void grpc_client_authority_filter_shutdown(void); void grpc_workaround_cronet_compression_filter_init(void); void grpc_workaround_cronet_compression_filter_shutdown(void); @@ -88,6 +90,8 @@ void grpc_register_built_in_plugins(void) { grpc_max_age_filter_shutdown); grpc_register_plugin(grpc_message_size_filter_init, grpc_message_size_filter_shutdown); + grpc_register_plugin(grpc_client_authority_filter_init, + grpc_client_authority_filter_shutdown); grpc_register_plugin(grpc_workaround_cronet_compression_filter_init, grpc_workaround_cronet_compression_filter_shutdown); } diff --git a/src/core/plugin_registry/grpc_unsecure_plugin_registry.cc b/src/core/plugin_registry/grpc_unsecure_plugin_registry.cc index b08c5ce3ae..283db5b4f4 100644 --- a/src/core/plugin_registry/grpc_unsecure_plugin_registry.cc +++ b/src/core/plugin_registry/grpc_unsecure_plugin_registry.cc @@ -50,6 +50,8 @@ void grpc_max_age_filter_init(void); void grpc_max_age_filter_shutdown(void); void grpc_message_size_filter_init(void); void grpc_message_size_filter_shutdown(void); +void grpc_client_authority_filter_init(void); +void grpc_client_authority_filter_shutdown(void); void grpc_workaround_cronet_compression_filter_init(void); void grpc_workaround_cronet_compression_filter_shutdown(void); @@ -84,6 +86,8 @@ void grpc_register_built_in_plugins(void) { grpc_max_age_filter_shutdown); grpc_register_plugin(grpc_message_size_filter_init, grpc_message_size_filter_shutdown); + grpc_register_plugin(grpc_client_authority_filter_init, + grpc_client_authority_filter_shutdown); grpc_register_plugin(grpc_workaround_cronet_compression_filter_init, grpc_workaround_cronet_compression_filter_shutdown); } diff --git a/src/objective-c/tests/CoreCronetEnd2EndTests/CoreCronetEnd2EndTests.mm b/src/objective-c/tests/CoreCronetEnd2EndTests/CoreCronetEnd2EndTests.mm index 33ccdb5844..8e1a0ee7df 100644 --- a/src/objective-c/tests/CoreCronetEnd2EndTests/CoreCronetEnd2EndTests.mm +++ b/src/objective-c/tests/CoreCronetEnd2EndTests/CoreCronetEnd2EndTests.mm @@ -147,12 +147,9 @@ static void chttp2_init_server_simple_ssl_secure_fullstack( static grpc_end2end_test_config configs[] = { {"chttp2/simple_ssl_fullstack", - FEATURE_MASK_SUPPORTS_DELAYED_CONNECTION | - FEATURE_MASK_SUPPORTS_PER_CALL_CREDENTIALS, - chttp2_create_fixture_secure_fullstack, - cronet_init_client_simple_ssl_secure_fullstack, - chttp2_init_server_simple_ssl_secure_fullstack, - chttp2_tear_down_secure_fullstack}, + FEATURE_MASK_SUPPORTS_DELAYED_CONNECTION | FEATURE_MASK_SUPPORTS_PER_CALL_CREDENTIALS, nullptr, + chttp2_create_fixture_secure_fullstack, cronet_init_client_simple_ssl_secure_fullstack, + chttp2_init_server_simple_ssl_secure_fullstack, chttp2_tear_down_secure_fullstack}, }; static char *roots_filename; diff --git a/src/python/grpcio/grpc_core_dependencies.py b/src/python/grpcio/grpc_core_dependencies.py index 8e815fba7e..2ec9e07e95 100644 --- a/src/python/grpcio/grpc_core_dependencies.py +++ b/src/python/grpcio/grpc_core_dependencies.py @@ -297,6 +297,7 @@ CORE_SOURCE_FILES = [ 'src/core/ext/transport/chttp2/client/insecure/channel_create.cc', 'src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc', 'src/core/ext/transport/chttp2/client/chttp2_connector.cc', + 'src/core/ext/filters/client_channel/authority.cc', 'src/core/ext/filters/client_channel/backup_poller.cc', 'src/core/ext/filters/client_channel/channel_connectivity.cc', 'src/core/ext/filters/client_channel/client_channel.cc', @@ -353,6 +354,7 @@ CORE_SOURCE_FILES = [ 'src/core/ext/census/grpc_context.cc', 'src/core/ext/filters/max_age/max_age_filter.cc', 'src/core/ext/filters/message_size/message_size_filter.cc', + 'src/core/ext/filters/http/client_authority_filter.cc', 'src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc', 'src/core/ext/filters/workarounds/workaround_utils.cc', 'src/core/plugin_registry/grpc_plugin_registry.cc', |