diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/core/channel/context.h | 7 | ||||
| -rw-r--r-- | src/core/security/auth_filters.h (renamed from src/core/security/auth.h) | 7 | ||||
| -rw-r--r-- | src/core/security/client_auth_filter.c (renamed from src/core/security/auth.c) | 14 | ||||
| -rw-r--r-- | src/core/security/security_connector.c | 1 | ||||
| -rw-r--r-- | src/core/security/server_auth_filter.c | 144 | ||||
| -rw-r--r-- | src/core/security/server_secure_chttp2.c | 25 | ||||
| -rw-r--r-- | src/core/surface/call.c | 22 | ||||
| -rw-r--r-- | src/core/surface/secure_channel_create.c | 2 | ||||
| -rw-r--r-- | src/core/surface/server.c | 6 | ||||
| -rw-r--r-- | src/core/surface/server.h | 2 | ||||
| -rw-r--r-- | src/core/surface/server_chttp2.c | 3 | ||||
| -rw-r--r-- | src/core/transport/transport.h | 3 |
12 files changed, 199 insertions, 37 deletions
diff --git a/src/core/channel/context.h b/src/core/channel/context.h index e2e5e80513..85de60d81a 100644 --- a/src/core/channel/context.h +++ b/src/core/channel/context.h @@ -41,4 +41,9 @@ typedef enum { GRPC_CONTEXT_COUNT } grpc_context_index; -#endif +typedef struct { + void *value; + void (*destroy)(void *); +} grpc_call_context; + +#endif /* GRPC_INTERNAL_CORE_CHANNEL_CONTEXT_H */ diff --git a/src/core/security/auth.h b/src/core/security/auth_filters.h index 08dc4152ba..ff921690e0 100644 --- a/src/core/security/auth.h +++ b/src/core/security/auth_filters.h @@ -31,11 +31,12 @@ * */ -#ifndef GRPC_INTERNAL_CORE_SECURITY_AUTH_H -#define GRPC_INTERNAL_CORE_SECURITY_AUTH_H +#ifndef GRPC_INTERNAL_CORE_SECURITY_AUTH_FILTERS_H +#define GRPC_INTERNAL_CORE_SECURITY_AUTH_FILTERS_H #include "src/core/channel/channel_stack.h" extern const grpc_channel_filter grpc_client_auth_filter; +extern const grpc_channel_filter grpc_server_auth_filter; -#endif /* GRPC_INTERNAL_CORE_SECURITY_AUTH_H */ +#endif /* GRPC_INTERNAL_CORE_SECURITY_AUTH_FILTERS_H */ diff --git a/src/core/security/auth.c b/src/core/security/client_auth_filter.c index faf12d8f14..1d9788b8dd 100644 --- a/src/core/security/auth.c +++ b/src/core/security/client_auth_filter.c @@ -31,7 +31,7 @@ * */ -#include "src/core/security/auth.h" +#include "src/core/security/auth_filters.h" #include <string.h> @@ -125,7 +125,7 @@ static void send_security_metadata(grpc_call_element *elem, call_data *calld = elem->call_data; channel_data *chand = elem->channel_data; grpc_client_security_context *ctx = - (grpc_client_security_context *)op->context[GRPC_CONTEXT_SECURITY]; + (grpc_client_security_context *)op->contexts[GRPC_CONTEXT_SECURITY].value; char *service_url = NULL; grpc_credentials *channel_creds = chand->security_connector->request_metadata_creds; @@ -273,7 +273,7 @@ static void init_channel_elem(grpc_channel_element *elem, const grpc_channel_args *args, grpc_mdctx *metadata_context, int is_first, int is_last) { - grpc_security_connector *ctx = grpc_find_security_connector_in_args(args); + grpc_security_connector *sc = grpc_find_security_connector_in_args(args); /* grab pointers to our data from the channel element */ channel_data *chand = elem->channel_data; @@ -282,12 +282,12 @@ static void init_channel_elem(grpc_channel_element *elem, path */ GPR_ASSERT(!is_first); GPR_ASSERT(!is_last); - GPR_ASSERT(ctx != NULL); + GPR_ASSERT(sc != NULL); /* initialize members */ - GPR_ASSERT(ctx->is_client_side); + GPR_ASSERT(sc->is_client_side); chand->security_connector = - (grpc_channel_security_connector *)grpc_security_connector_ref(ctx); + (grpc_channel_security_connector *)grpc_security_connector_ref(sc); chand->md_ctx = metadata_context; chand->authority_string = grpc_mdstr_from_string(chand->md_ctx, ":authority"); @@ -321,4 +321,4 @@ static void destroy_channel_elem(grpc_channel_element *elem) { const grpc_channel_filter grpc_client_auth_filter = { auth_start_transport_op, channel_op, sizeof(call_data), init_call_elem, destroy_call_elem, sizeof(channel_data), init_channel_elem, - destroy_channel_elem, "auth"}; + destroy_channel_elem, "client-auth"}; diff --git a/src/core/security/security_connector.c b/src/core/security/security_connector.c index b17e0e0dfa..035f3735e3 100644 --- a/src/core/security/security_connector.c +++ b/src/core/security/security_connector.c @@ -278,6 +278,7 @@ grpc_channel_security_connector *grpc_fake_channel_security_connector_create( grpc_security_connector *grpc_fake_server_security_connector_create(void) { grpc_security_connector *c = gpr_malloc(sizeof(grpc_security_connector)); gpr_ref_init(&c->refcount, 1); + c->is_client_side = 0; c->vtable = &fake_server_vtable; c->url_scheme = GRPC_FAKE_SECURITY_URL_SCHEME; return c; diff --git a/src/core/security/server_auth_filter.c b/src/core/security/server_auth_filter.c new file mode 100644 index 0000000000..7779bcc407 --- /dev/null +++ b/src/core/security/server_auth_filter.c @@ -0,0 +1,144 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "src/core/security/auth_filters.h" +#include "src/core/security/security_connector.h" + +#include <grpc/support/log.h> + +typedef struct call_data { + int unused; /* C89 requires at least one struct element */ +} call_data; + +typedef struct channel_data { + grpc_security_connector *security_connector; +} channel_data; + +/* used to silence 'variable not used' warnings */ +static void ignore_unused(void *ignored) {} + +static void noop_mutate_op(grpc_call_element *elem, grpc_transport_op *op) { + /* grab pointers to our data from the call element */ + call_data *calld = elem->call_data; + channel_data *chand = elem->channel_data; + + ignore_unused(calld); + ignore_unused(chand); + + /* do nothing */ +} + +/* Called either: + - in response to an API call (or similar) from above, to send something + - a network event (or similar) from below, to receive something + op contains type and call direction information, in addition to the data + that is being sent or received. */ +static void auth_start_transport_op(grpc_call_element *elem, + grpc_transport_op *op) { + noop_mutate_op(elem, op); + + /* pass control down the stack */ + grpc_call_next_op(elem, op); +} + +/* Called on special channel events, such as disconnection or new incoming + calls on the server */ +static void channel_op(grpc_channel_element *elem, + grpc_channel_element *from_elem, grpc_channel_op *op) { + /* grab pointers to our data from the channel element */ + channel_data *chand = elem->channel_data; + + ignore_unused(chand); + + switch (op->type) { + default: + /* pass control up or down the stack depending on op->dir */ + grpc_channel_next_op(elem, op); + break; + } +} + +/* Constructor for call_data */ +static void init_call_elem(grpc_call_element *elem, + const void *server_transport_data, + grpc_transport_op *initial_op) { + /* grab pointers to our data from the call element */ + call_data *calld = elem->call_data; + + /* initialize members */ + calld->unused = 0; + + if (initial_op) noop_mutate_op(elem, initial_op); +} + +/* Destructor for call_data */ +static void destroy_call_elem(grpc_call_element *elem) { + /* grab pointers to our data from the call element */ + call_data *calld = elem->call_data; + channel_data *chand = elem->channel_data; + + ignore_unused(calld); + ignore_unused(chand); +} + +/* Constructor for channel_data */ +static void init_channel_elem(grpc_channel_element *elem, + const grpc_channel_args *args, grpc_mdctx *mdctx, + int is_first, int is_last) { + grpc_security_connector *sc = grpc_find_security_connector_in_args(args); + /* grab pointers to our data from the channel element */ + channel_data *chand = elem->channel_data; + + /* The first and the last filters tend to be implemented differently to + handle the case that there's no 'next' filter to call on the up or down + path */ + GPR_ASSERT(!is_first); + GPR_ASSERT(!is_last); + GPR_ASSERT(sc != NULL); + + /* initialize members */ + GPR_ASSERT(!sc->is_client_side); + chand->security_connector = grpc_security_connector_ref(sc); +} + +/* Destructor for channel data */ +static void destroy_channel_elem(grpc_channel_element *elem) { + /* grab pointers to our data from the channel element */ + channel_data *chand = elem->channel_data; + grpc_security_connector_unref(chand->security_connector); +} + +const grpc_channel_filter grpc_server_auth_filter = { + auth_start_transport_op, channel_op, sizeof(call_data), init_call_elem, + destroy_call_elem, sizeof(channel_data), init_channel_elem, + destroy_channel_elem, "server-auth"}; diff --git a/src/core/security/server_secure_chttp2.c b/src/core/security/server_secure_chttp2.c index db9d545c0e..3519930f38 100644 --- a/src/core/security/server_secure_chttp2.c +++ b/src/core/security/server_secure_chttp2.c @@ -35,10 +35,12 @@ #include <string.h> +#include "src/core/channel/channel_args.h" #include "src/core/channel/http_server_filter.h" #include "src/core/iomgr/endpoint.h" #include "src/core/iomgr/resolve_address.h" #include "src/core/iomgr/tcp_server.h" +#include "src/core/security/auth_filters.h" #include "src/core/security/credentials.h" #include "src/core/security/security_connector.h" #include "src/core/security/secure_transport_setup.h" @@ -69,13 +71,21 @@ static void state_unref(grpc_server_secure_state *state) { } } -static grpc_transport_setup_result setup_transport(void *server, +static grpc_transport_setup_result setup_transport(void *statep, grpc_transport *transport, grpc_mdctx *mdctx) { static grpc_channel_filter const *extra_filters[] = { - &grpc_http_server_filter}; - return grpc_server_setup_transport(server, transport, extra_filters, - GPR_ARRAY_SIZE(extra_filters), mdctx); + &grpc_server_auth_filter, &grpc_http_server_filter}; + grpc_server_secure_state *state = statep; + grpc_transport_setup_result result; + grpc_arg connector_arg = grpc_security_connector_to_arg(state->sc); + grpc_channel_args *args_copy = grpc_channel_args_copy_and_add( + grpc_server_get_channel_args(state->server), &connector_arg); + result = grpc_server_setup_transport(state->server, transport, extra_filters, + GPR_ARRAY_SIZE(extra_filters), mdctx, + args_copy); + grpc_channel_args_destroy(args_copy); + return result; } static void on_secure_transport_setup_done(void *statep, @@ -85,10 +95,9 @@ static void on_secure_transport_setup_done(void *statep, if (status == GRPC_SECURITY_OK) { gpr_mu_lock(&state->mu); if (!state->is_shutdown) { - grpc_create_chttp2_transport(setup_transport, state->server, - grpc_server_get_channel_args(state->server), - secure_endpoint, NULL, 0, - grpc_mdctx_create(), 0); + grpc_create_chttp2_transport( + setup_transport, state, grpc_server_get_channel_args(state->server), + secure_endpoint, NULL, 0, grpc_mdctx_create(), 0); } else { /* We need to consume this here, because the server may already have gone * away. */ diff --git a/src/core/surface/call.c b/src/core/surface/call.c index 50df36cae9..0169ce3158 100644 --- a/src/core/surface/call.c +++ b/src/core/surface/call.c @@ -205,8 +205,8 @@ struct grpc_call { /* Received call statuses from various sources */ received_status status[STATUS_SOURCE_COUNT]; - void *context[GRPC_CONTEXT_COUNT]; - void (*destroy_context[GRPC_CONTEXT_COUNT])(void *); + /* Contexts for various subsystems (security, tracing, ...). */ + grpc_call_context contexts[GRPC_CONTEXT_COUNT]; /* Deadline alarm - if have_alarm is non-zero */ grpc_alarm alarm; @@ -290,7 +290,7 @@ grpc_call *grpc_call_create(grpc_channel *channel, grpc_completion_queue *cq, initial_op.recv_state = &call->recv_state; initial_op.on_done_recv = call_on_done_recv; initial_op.recv_user_data = call; - initial_op.context = call->context; + initial_op.contexts = call->contexts; call->receiving = 1; GRPC_CALL_INTERNAL_REF(call, "receiving"); initial_op_ptr = &initial_op; @@ -344,8 +344,8 @@ static void destroy_call(void *call, int ignored_success) { grpc_mdelem_unref(c->send_initial_metadata[i].md); } for (i = 0; i < GRPC_CONTEXT_COUNT; i++) { - if (c->destroy_context[i]) { - c->destroy_context[i](c->context[i]); + if (c->contexts[i].destroy) { + c->contexts[i].destroy(c->contexts[i].value); } } grpc_sopb_destroy(&c->send_ops); @@ -1048,7 +1048,7 @@ static grpc_call_error cancel_with_status( static void execute_op(grpc_call *call, grpc_transport_op *op) { grpc_call_element *elem; elem = CALL_ELEM_FROM_CALL(call, 0); - op->context = call->context; + op->contexts = call->contexts; elem->filter->start_transport_op(elem, op); } @@ -1289,15 +1289,15 @@ grpc_call_error grpc_call_start_batch(grpc_call *call, const grpc_op *ops, void grpc_call_context_set(grpc_call *call, grpc_context_index elem, void *value, void (*destroy)(void *value)) { - if (call->destroy_context[elem]) { - call->destroy_context[elem](value); + if (call->contexts[elem].destroy) { + call->contexts[elem].destroy(call->contexts[elem].value); } - call->context[elem] = value; - call->destroy_context[elem] = destroy; + call->contexts[elem].value = value; + call->contexts[elem].destroy = destroy; } void *grpc_call_context_get(grpc_call *call, grpc_context_index elem) { - return call->context[elem]; + return call->contexts[elem].value; } gpr_uint8 grpc_call_is_client(grpc_call *call) { return call->is_client; } diff --git a/src/core/surface/secure_channel_create.c b/src/core/surface/secure_channel_create.c index 3e331293b5..3b9ed242e4 100644 --- a/src/core/surface/secure_channel_create.c +++ b/src/core/surface/secure_channel_create.c @@ -46,7 +46,7 @@ #include "src/core/channel/http_client_filter.h" #include "src/core/iomgr/resolve_address.h" #include "src/core/iomgr/tcp_client.h" -#include "src/core/security/auth.h" +#include "src/core/security/auth_filters.h" #include "src/core/security/credentials.h" #include "src/core/security/secure_transport_setup.h" #include "src/core/support/string.h" diff --git a/src/core/surface/server.c b/src/core/surface/server.c index 351ed5b758..1b80a56d3d 100644 --- a/src/core/surface/server.c +++ b/src/core/surface/server.c @@ -699,7 +699,7 @@ void grpc_server_start(grpc_server *server) { grpc_transport_setup_result grpc_server_setup_transport( grpc_server *s, grpc_transport *transport, grpc_channel_filter const **extra_filters, size_t num_extra_filters, - grpc_mdctx *mdctx) { + grpc_mdctx *mdctx, const grpc_channel_args *args) { size_t num_filters = s->channel_filter_count + num_extra_filters + 1; grpc_channel_filter const **filters = gpr_malloc(sizeof(grpc_channel_filter *) * num_filters); @@ -730,8 +730,8 @@ grpc_transport_setup_result grpc_server_setup_transport( grpc_transport_add_to_pollset(transport, grpc_cq_pollset(s->cqs[i])); } - channel = grpc_channel_create_from_filters(filters, num_filters, - s->channel_args, mdctx, 0); + channel = + grpc_channel_create_from_filters(filters, num_filters, args, mdctx, 0); chand = (channel_data *)grpc_channel_stack_element( grpc_channel_get_channel_stack(channel), 0) ->channel_data; diff --git a/src/core/surface/server.h b/src/core/surface/server.h index c6331033e0..e32254ed8f 100644 --- a/src/core/surface/server.h +++ b/src/core/surface/server.h @@ -58,7 +58,7 @@ void grpc_server_listener_destroy_done(void *server); grpc_transport_setup_result grpc_server_setup_transport( grpc_server *server, grpc_transport *transport, grpc_channel_filter const **extra_filters, size_t num_extra_filters, - grpc_mdctx *mdctx); + grpc_mdctx *mdctx, const grpc_channel_args *args); const grpc_channel_args *grpc_server_get_channel_args(grpc_server *server); diff --git a/src/core/surface/server_chttp2.c b/src/core/surface/server_chttp2.c index 7b5c2f227b..7e49a531df 100644 --- a/src/core/surface/server_chttp2.c +++ b/src/core/surface/server_chttp2.c @@ -48,7 +48,8 @@ static grpc_transport_setup_result setup_transport(void *server, static grpc_channel_filter const *extra_filters[] = { &grpc_http_server_filter}; return grpc_server_setup_transport(server, transport, extra_filters, - GPR_ARRAY_SIZE(extra_filters), mdctx); + GPR_ARRAY_SIZE(extra_filters), mdctx, + grpc_server_get_channel_args(server)); } static void new_transport(void *server, grpc_endpoint *tcp) { diff --git a/src/core/transport/transport.h b/src/core/transport/transport.h index 7a389ea393..dd6bee8ce9 100644 --- a/src/core/transport/transport.h +++ b/src/core/transport/transport.h @@ -38,6 +38,7 @@ #include "src/core/iomgr/pollset.h" #include "src/core/transport/stream_op.h" +#include "src/core/channel/context.h" /* forward declarations */ typedef struct grpc_transport grpc_transport; @@ -78,7 +79,7 @@ typedef struct grpc_transport_op { grpc_mdstr *cancel_message; /* Indexes correspond to grpc_context_index enum values */ - void *const *context; + grpc_call_context *contexts; } grpc_transport_op; /* Callbacks made from the transport to the upper layers of grpc. */ |