Mark D. Roth | d58a985 | 2017-01-18 08:28:57 -0800 | [diff] [blame] | 1 | /* |
| 2 | * |
Jan Tattermusch | 7897ae9 | 2017-06-07 22:57:36 +0200 | [diff] [blame] | 3 | * Copyright 2016 gRPC authors. |
Mark D. Roth | d58a985 | 2017-01-18 08:28:57 -0800 | [diff] [blame] | 4 | * |
Jan Tattermusch | 7897ae9 | 2017-06-07 22:57:36 +0200 | [diff] [blame] | 5 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | * you may not use this file except in compliance with the License. |
| 7 | * You may obtain a copy of the License at |
Mark D. Roth | d58a985 | 2017-01-18 08:28:57 -0800 | [diff] [blame] | 8 | * |
Jan Tattermusch | 7897ae9 | 2017-06-07 22:57:36 +0200 | [diff] [blame] | 9 | * http://www.apache.org/licenses/LICENSE-2.0 |
Mark D. Roth | d58a985 | 2017-01-18 08:28:57 -0800 | [diff] [blame] | 10 | * |
Jan Tattermusch | 7897ae9 | 2017-06-07 22:57:36 +0200 | [diff] [blame] | 11 | * Unless required by applicable law or agreed to in writing, software |
| 12 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | * See the License for the specific language governing permissions and |
| 15 | * limitations under the License. |
Mark D. Roth | d58a985 | 2017-01-18 08:28:57 -0800 | [diff] [blame] | 16 | * |
| 17 | */ |
| 18 | |
Craig Tiller | 9eb0fde | 2017-03-31 16:59:30 -0700 | [diff] [blame] | 19 | #include "src/core/ext/filters/client_channel/http_proxy.h" |
Mark D. Roth | d58a985 | 2017-01-18 08:28:57 -0800 | [diff] [blame] | 20 | |
| 21 | #include <stdbool.h> |
| 22 | #include <string.h> |
| 23 | |
| 24 | #include <grpc/support/alloc.h> |
Ben Sykes | 02d426e | 2017-07-11 13:58:42 -0700 | [diff] [blame] | 25 | #include <grpc/support/host_port.h> |
Mark D. Roth | d58a985 | 2017-01-18 08:28:57 -0800 | [diff] [blame] | 26 | #include <grpc/support/log.h> |
| 27 | #include <grpc/support/string_util.h> |
| 28 | |
Craig Tiller | 9eb0fde | 2017-03-31 16:59:30 -0700 | [diff] [blame] | 29 | #include "src/core/ext/filters/client_channel/http_connect_handshaker.h" |
| 30 | #include "src/core/ext/filters/client_channel/proxy_mapper_registry.h" |
| 31 | #include "src/core/ext/filters/client_channel/uri_parser.h" |
Mark D. Roth | dc9bee7 | 2017-02-07 12:29:14 -0800 | [diff] [blame] | 32 | #include "src/core/lib/channel/channel_args.h" |
Yash Tibrewal | c62ce80 | 2017-07-20 16:48:01 -0700 | [diff] [blame] | 33 | #include "src/core/lib/slice/b64.h" |
Mark D. Roth | d58a985 | 2017-01-18 08:28:57 -0800 | [diff] [blame] | 34 | #include "src/core/lib/support/env.h" |
Yash Tibrewal | f7350ea | 2017-07-19 10:26:41 -0700 | [diff] [blame] | 35 | #include "src/core/lib/support/string.h" |
Mark D. Roth | d58a985 | 2017-01-18 08:28:57 -0800 | [diff] [blame] | 36 | |
Yash Tibrewal | 78d7125 | 2017-07-19 16:33:16 -0700 | [diff] [blame] | 37 | /** |
| 38 | * Parses the 'http_proxy' env var and returns the proxy hostname to resolve or |
Yash Tibrewal | c62ce80 | 2017-07-20 16:48:01 -0700 | [diff] [blame] | 39 | * NULL on error. Also sets 'user_cred' to user credentials if present in the |
| 40 | * 'http_proxy' env var, otherwise leaves it unchanged. It is caller's |
| 41 | * responsibility to gpr_free user_cred. |
Yash Tibrewal | 78d7125 | 2017-07-19 16:33:16 -0700 | [diff] [blame] | 42 | */ |
Yash Tibrewal | c62ce80 | 2017-07-20 16:48:01 -0700 | [diff] [blame] | 43 | static char* get_http_proxy_server(grpc_exec_ctx* exec_ctx, char** user_cred) { |
| 44 | GPR_ASSERT(user_cred != NULL); |
| 45 | char* proxy_name = NULL; |
Mark D. Roth | d58a985 | 2017-01-18 08:28:57 -0800 | [diff] [blame] | 46 | char* uri_str = gpr_getenv("http_proxy"); |
Yash Tibrewal | 533d118 | 2017-09-18 10:48:22 -0700 | [diff] [blame^] | 47 | char** authority_strs = NULL; |
| 48 | size_t authority_nstrs; |
Yash Tibrewal | 78d7125 | 2017-07-19 16:33:16 -0700 | [diff] [blame] | 49 | if (uri_str == NULL) return NULL; |
David Garcia Quintas | dcb71e0 | 2017-03-06 10:16:26 -0800 | [diff] [blame] | 50 | grpc_uri* uri = |
| 51 | grpc_uri_parse(exec_ctx, uri_str, false /* suppress_errors */); |
Mark D. Roth | d58a985 | 2017-01-18 08:28:57 -0800 | [diff] [blame] | 52 | if (uri == NULL || uri->authority == NULL) { |
| 53 | gpr_log(GPR_ERROR, "cannot parse value of 'http_proxy' env var"); |
| 54 | goto done; |
| 55 | } |
| 56 | if (strcmp(uri->scheme, "http") != 0) { |
| 57 | gpr_log(GPR_ERROR, "'%s' scheme not supported in proxy URI", uri->scheme); |
| 58 | goto done; |
| 59 | } |
Yash Tibrewal | 78d7125 | 2017-07-19 16:33:16 -0700 | [diff] [blame] | 60 | /* Split on '@' to separate user credentials from host */ |
Yash Tibrewal | 78d7125 | 2017-07-19 16:33:16 -0700 | [diff] [blame] | 61 | gpr_string_split(uri->authority, "@", &authority_strs, &authority_nstrs); |
Yash Tibrewal | a74ea86 | 2017-07-19 17:43:30 -0700 | [diff] [blame] | 62 | GPR_ASSERT(authority_nstrs != 0); /* should have at least 1 string */ |
Yash Tibrewal | c62ce80 | 2017-07-20 16:48:01 -0700 | [diff] [blame] | 63 | if (authority_nstrs == 1) { |
| 64 | /* User cred not present in authority */ |
| 65 | proxy_name = authority_strs[0]; |
| 66 | } else if (authority_nstrs == 2) { |
| 67 | /* User cred found */ |
| 68 | *user_cred = authority_strs[0]; |
| 69 | proxy_name = authority_strs[1]; |
Yash Tibrewal | d0c1e50 | 2017-07-21 12:34:38 -0700 | [diff] [blame] | 70 | gpr_log(GPR_DEBUG, "userinfo found in proxy URI"); |
Yash Tibrewal | f7350ea | 2017-07-19 10:26:41 -0700 | [diff] [blame] | 71 | } else { |
Yash Tibrewal | c62ce80 | 2017-07-20 16:48:01 -0700 | [diff] [blame] | 72 | /* Bad authority */ |
| 73 | for (size_t i = 0; i < authority_nstrs; i++) { |
| 74 | gpr_free(authority_strs[i]); |
| 75 | } |
Yash Tibrewal | 78d7125 | 2017-07-19 16:33:16 -0700 | [diff] [blame] | 76 | proxy_name = NULL; |
Mark D. Roth | d58a985 | 2017-01-18 08:28:57 -0800 | [diff] [blame] | 77 | } |
Yash Tibrewal | 78d7125 | 2017-07-19 16:33:16 -0700 | [diff] [blame] | 78 | gpr_free(authority_strs); |
Mark D. Roth | d58a985 | 2017-01-18 08:28:57 -0800 | [diff] [blame] | 79 | done: |
| 80 | gpr_free(uri_str); |
| 81 | grpc_uri_destroy(uri); |
Yash Tibrewal | 78d7125 | 2017-07-19 16:33:16 -0700 | [diff] [blame] | 82 | return proxy_name; |
Mark D. Roth | d58a985 | 2017-01-18 08:28:57 -0800 | [diff] [blame] | 83 | } |
Mark D. Roth | dc9bee7 | 2017-02-07 12:29:14 -0800 | [diff] [blame] | 84 | |
| 85 | static bool proxy_mapper_map_name(grpc_exec_ctx* exec_ctx, |
| 86 | grpc_proxy_mapper* mapper, |
| 87 | const char* server_uri, |
| 88 | const grpc_channel_args* args, |
| 89 | char** name_to_resolve, |
| 90 | grpc_channel_args** new_args) { |
Yash Tibrewal | c62ce80 | 2017-07-20 16:48:01 -0700 | [diff] [blame] | 91 | char* user_cred = NULL; |
| 92 | *name_to_resolve = get_http_proxy_server(exec_ctx, &user_cred); |
Mark D. Roth | dc9bee7 | 2017-02-07 12:29:14 -0800 | [diff] [blame] | 93 | if (*name_to_resolve == NULL) return false; |
David Garcia Quintas | dcb71e0 | 2017-03-06 10:16:26 -0800 | [diff] [blame] | 94 | grpc_uri* uri = |
| 95 | grpc_uri_parse(exec_ctx, server_uri, false /* suppress_errors */); |
Mark D. Roth | dc9bee7 | 2017-02-07 12:29:14 -0800 | [diff] [blame] | 96 | if (uri == NULL || uri->path[0] == '\0') { |
| 97 | gpr_log(GPR_ERROR, |
| 98 | "'http_proxy' environment variable set, but cannot " |
| 99 | "parse server URI '%s' -- not using proxy", |
| 100 | server_uri); |
Yash Tibrewal | f7350ea | 2017-07-19 10:26:41 -0700 | [diff] [blame] | 101 | if (uri != NULL) { |
| 102 | gpr_free(user_cred); |
| 103 | grpc_uri_destroy(uri); |
| 104 | } |
Mark D. Roth | dc9bee7 | 2017-02-07 12:29:14 -0800 | [diff] [blame] | 105 | return false; |
| 106 | } |
Mark D. Roth | 3878859 | 2017-02-09 09:28:53 -0800 | [diff] [blame] | 107 | if (strcmp(uri->scheme, "unix") == 0) { |
| 108 | gpr_log(GPR_INFO, "not using proxy for Unix domain socket '%s'", |
| 109 | server_uri); |
Yash Tibrewal | f7350ea | 2017-07-19 10:26:41 -0700 | [diff] [blame] | 110 | gpr_free(user_cred); |
Mark D. Roth | 3878859 | 2017-02-09 09:28:53 -0800 | [diff] [blame] | 111 | grpc_uri_destroy(uri); |
| 112 | return false; |
| 113 | } |
Ben Sykes | 02d426e | 2017-07-11 13:58:42 -0700 | [diff] [blame] | 114 | char* no_proxy_str = gpr_getenv("no_proxy"); |
| 115 | if (no_proxy_str != NULL) { |
| 116 | static const char* NO_PROXY_SEPARATOR = ","; |
| 117 | bool use_proxy = true; |
| 118 | char* server_host; |
| 119 | char* server_port; |
| 120 | if (!gpr_split_host_port(uri->path[0] == '/' ? uri->path + 1 : uri->path, |
| 121 | &server_host, &server_port)) { |
| 122 | gpr_log(GPR_INFO, |
| 123 | "unable to split host and port, not checking no_proxy list for " |
| 124 | "host '%s'", |
| 125 | server_uri); |
| 126 | } else { |
| 127 | size_t uri_len = strlen(server_host); |
| 128 | char** no_proxy_hosts; |
| 129 | size_t num_no_proxy_hosts; |
| 130 | gpr_string_split(no_proxy_str, NO_PROXY_SEPARATOR, &no_proxy_hosts, |
| 131 | &num_no_proxy_hosts); |
| 132 | for (size_t i = 0; i < num_no_proxy_hosts; i++) { |
| 133 | char* no_proxy_entry = no_proxy_hosts[i]; |
| 134 | size_t no_proxy_len = strlen(no_proxy_entry); |
| 135 | if (no_proxy_len <= uri_len && |
| 136 | gpr_stricmp(no_proxy_entry, &server_host[uri_len - no_proxy_len]) == |
| 137 | 0) { |
| 138 | gpr_log(GPR_INFO, "not using proxy for host in no_proxy list '%s'", |
| 139 | server_uri); |
| 140 | use_proxy = false; |
| 141 | break; |
| 142 | } |
| 143 | } |
| 144 | for (size_t i = 0; i < num_no_proxy_hosts; i++) { |
| 145 | gpr_free(no_proxy_hosts[i]); |
| 146 | } |
| 147 | gpr_free(no_proxy_hosts); |
| 148 | gpr_free(server_host); |
| 149 | gpr_free(server_port); |
| 150 | if (!use_proxy) { |
| 151 | grpc_uri_destroy(uri); |
| 152 | gpr_free(*name_to_resolve); |
| 153 | *name_to_resolve = NULL; |
| 154 | return false; |
| 155 | } |
| 156 | } |
| 157 | } |
Yash Tibrewal | f7350ea | 2017-07-19 10:26:41 -0700 | [diff] [blame] | 158 | grpc_arg args_to_add[2]; |
| 159 | args_to_add[0] = grpc_channel_arg_string_create( |
Yash Tibrewal | 9eb8672 | 2017-09-17 23:43:30 -0700 | [diff] [blame] | 160 | (char*)GRPC_ARG_HTTP_CONNECT_SERVER, |
Mark D. Roth | 8d5e60b | 2017-06-09 09:08:23 -0700 | [diff] [blame] | 161 | uri->path[0] == '/' ? uri->path + 1 : uri->path); |
Yash Tibrewal | c62ce80 | 2017-07-20 16:48:01 -0700 | [diff] [blame] | 162 | if (user_cred != NULL) { |
| 163 | /* Use base64 encoding for user credentials as stated in RFC 7617 */ |
| 164 | char* encoded_user_cred = |
Yash Tibrewal | c59ef5e | 2017-07-19 10:40:17 -0700 | [diff] [blame] | 165 | grpc_base64_encode(user_cred, strlen(user_cred), 0, 0); |
Yash Tibrewal | c62ce80 | 2017-07-20 16:48:01 -0700 | [diff] [blame] | 166 | char* header; |
Yash Tibrewal | f7350ea | 2017-07-19 10:26:41 -0700 | [diff] [blame] | 167 | gpr_asprintf(&header, "Proxy-Authorization:Basic %s", encoded_user_cred); |
| 168 | gpr_free(encoded_user_cred); |
Yash Tibrewal | 9eb8672 | 2017-09-17 23:43:30 -0700 | [diff] [blame] | 169 | args_to_add[1] = grpc_channel_arg_string_create( |
| 170 | (char*)GRPC_ARG_HTTP_CONNECT_HEADERS, header); |
Yash Tibrewal | f7350ea | 2017-07-19 10:26:41 -0700 | [diff] [blame] | 171 | *new_args = grpc_channel_args_copy_and_add(args, args_to_add, 2); |
| 172 | gpr_free(header); |
| 173 | } else { |
| 174 | *new_args = grpc_channel_args_copy_and_add(args, args_to_add, 1); |
| 175 | } |
| 176 | gpr_free(user_cred); |
Mark D. Roth | dc9bee7 | 2017-02-07 12:29:14 -0800 | [diff] [blame] | 177 | grpc_uri_destroy(uri); |
| 178 | return true; |
| 179 | } |
| 180 | |
| 181 | static bool proxy_mapper_map_address(grpc_exec_ctx* exec_ctx, |
| 182 | grpc_proxy_mapper* mapper, |
| 183 | const grpc_resolved_address* address, |
| 184 | const grpc_channel_args* args, |
| 185 | grpc_resolved_address** new_address, |
| 186 | grpc_channel_args** new_args) { |
| 187 | return false; |
| 188 | } |
| 189 | |
| 190 | static void proxy_mapper_destroy(grpc_proxy_mapper* mapper) {} |
| 191 | |
| 192 | static const grpc_proxy_mapper_vtable proxy_mapper_vtable = { |
| 193 | proxy_mapper_map_name, proxy_mapper_map_address, proxy_mapper_destroy}; |
| 194 | |
| 195 | static grpc_proxy_mapper proxy_mapper = {&proxy_mapper_vtable}; |
| 196 | |
| 197 | void grpc_register_http_proxy_mapper() { |
| 198 | grpc_proxy_mapper_register(true /* at_start */, &proxy_mapper); |
| 199 | } |