Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 1 | /* |
| 2 | * |
Craig Tiller | 0605995 | 2015-02-18 08:34:56 -0800 | [diff] [blame] | 3 | * Copyright 2015, Google Inc. |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 4 | * All rights reserved. |
| 5 | * |
| 6 | * Redistribution and use in source and binary forms, with or without |
| 7 | * modification, are permitted provided that the following conditions are |
| 8 | * met: |
| 9 | * |
| 10 | * * Redistributions of source code must retain the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer. |
| 12 | * * Redistributions in binary form must reproduce the above |
| 13 | * copyright notice, this list of conditions and the following disclaimer |
| 14 | * in the documentation and/or other materials provided with the |
| 15 | * distribution. |
| 16 | * * Neither the name of Google Inc. nor the names of its |
| 17 | * contributors may be used to endorse or promote products derived from |
| 18 | * this software without specific prior written permission. |
| 19 | * |
| 20 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 21 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 22 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| 23 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| 24 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 25 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| 26 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 27 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 28 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 29 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 30 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 31 | * |
| 32 | */ |
| 33 | |
| 34 | #include <grpc/grpc.h> |
| 35 | |
Craig Tiller | 759026c | 2015-02-22 23:09:45 -0800 | [diff] [blame] | 36 | #include <string.h> |
| 37 | |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 38 | #include "src/core/channel/http_filter.h" |
| 39 | #include "src/core/channel/http_server_filter.h" |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 40 | #include "src/core/iomgr/endpoint.h" |
ctiller | 18b49ab | 2014-12-09 14:39:16 -0800 | [diff] [blame] | 41 | #include "src/core/iomgr/resolve_address.h" |
| 42 | #include "src/core/iomgr/tcp_server.h" |
Julien Boeuf | 7d1d9ca | 2015-04-17 14:38:48 -0700 | [diff] [blame] | 43 | #include "src/core/security/credentials.h" |
| 44 | #include "src/core/security/security_connector.h" |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 45 | #include "src/core/security/secure_transport_setup.h" |
| 46 | #include "src/core/surface/server.h" |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 47 | #include "src/core/transport/chttp2_transport.h" |
| 48 | #include <grpc/support/alloc.h> |
| 49 | #include <grpc/support/log.h> |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 50 | #include <grpc/support/sync.h> |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 51 | #include <grpc/support/useful.h> |
| 52 | |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 53 | typedef struct grpc_server_secure_state { |
| 54 | grpc_server *server; |
| 55 | grpc_tcp_server *tcp; |
Julien Boeuf | 7d1d9ca | 2015-04-17 14:38:48 -0700 | [diff] [blame] | 56 | grpc_security_connector *sc; |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 57 | int is_shutdown; |
| 58 | gpr_mu mu; |
| 59 | gpr_refcount refcount; |
| 60 | } grpc_server_secure_state; |
| 61 | |
| 62 | static void state_ref(grpc_server_secure_state *state) { |
| 63 | gpr_ref(&state->refcount); |
| 64 | } |
| 65 | |
| 66 | static void state_unref(grpc_server_secure_state *state) { |
| 67 | if (gpr_unref(&state->refcount)) { |
Julien Boeuf | 7d1d9ca | 2015-04-17 14:38:48 -0700 | [diff] [blame] | 68 | grpc_security_connector_unref(state->sc); |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 69 | gpr_free(state); |
| 70 | } |
| 71 | } |
| 72 | |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 73 | static grpc_transport_setup_result setup_transport(void *server, |
| 74 | grpc_transport *transport, |
| 75 | grpc_mdctx *mdctx) { |
| 76 | static grpc_channel_filter const *extra_filters[] = {&grpc_http_server_filter, |
| 77 | &grpc_http_filter}; |
| 78 | return grpc_server_setup_transport(server, transport, extra_filters, |
| 79 | GPR_ARRAY_SIZE(extra_filters), mdctx); |
| 80 | } |
| 81 | |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 82 | static void on_secure_transport_setup_done(void *statep, |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 83 | grpc_security_status status, |
| 84 | grpc_endpoint *secure_endpoint) { |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 85 | grpc_server_secure_state *state = statep; |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 86 | if (status == GRPC_SECURITY_OK) { |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 87 | gpr_mu_lock(&state->mu); |
| 88 | if (!state->is_shutdown) { |
Craig Tiller | c02c1d8 | 2015-04-07 16:21:55 -0700 | [diff] [blame] | 89 | grpc_create_chttp2_transport(setup_transport, state->server, |
| 90 | grpc_server_get_channel_args(state->server), |
| 91 | secure_endpoint, NULL, 0, |
| 92 | grpc_mdctx_create(), 0); |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 93 | } else { |
| 94 | /* We need to consume this here, because the server may already have gone |
| 95 | * away. */ |
| 96 | grpc_endpoint_destroy(secure_endpoint); |
| 97 | } |
| 98 | gpr_mu_unlock(&state->mu); |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 99 | } else { |
| 100 | gpr_log(GPR_ERROR, "Secure transport failed with error %d", status); |
| 101 | } |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 102 | state_unref(state); |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 103 | } |
| 104 | |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 105 | static void on_accept(void *statep, grpc_endpoint *tcp) { |
| 106 | grpc_server_secure_state *state = statep; |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 107 | state_ref(state); |
Julien Boeuf | 7d1d9ca | 2015-04-17 14:38:48 -0700 | [diff] [blame] | 108 | grpc_setup_secure_transport(state->sc, tcp, on_secure_transport_setup_done, |
Craig Tiller | c02c1d8 | 2015-04-07 16:21:55 -0700 | [diff] [blame] | 109 | state); |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 110 | } |
| 111 | |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 112 | /* Server callback: start listening on our ports */ |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 113 | static void start(grpc_server *server, void *statep, grpc_pollset **pollsets, |
Craig Tiller | 20bc56d | 2015-02-12 09:02:56 -0800 | [diff] [blame] | 114 | size_t pollset_count) { |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 115 | grpc_server_secure_state *state = statep; |
| 116 | grpc_tcp_server_start(state->tcp, pollsets, pollset_count, on_accept, state); |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 117 | } |
| 118 | |
| 119 | /* Server callback: destroy the tcp listener (so we don't generate further |
| 120 | callbacks) */ |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 121 | static void destroy(grpc_server *server, void *statep) { |
| 122 | grpc_server_secure_state *state = statep; |
| 123 | gpr_mu_lock(&state->mu); |
| 124 | state->is_shutdown = 1; |
Craig Tiller | c02c1d8 | 2015-04-07 16:21:55 -0700 | [diff] [blame] | 125 | grpc_tcp_server_destroy(state->tcp, grpc_server_listener_destroy_done, |
| 126 | server); |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 127 | gpr_mu_unlock(&state->mu); |
| 128 | state_unref(state); |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 129 | } |
| 130 | |
Craig Tiller | c02c1d8 | 2015-04-07 16:21:55 -0700 | [diff] [blame] | 131 | int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, |
| 132 | grpc_server_credentials *creds) { |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 133 | grpc_resolved_addresses *resolved = NULL; |
| 134 | grpc_tcp_server *tcp = NULL; |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 135 | grpc_server_secure_state *state = NULL; |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 136 | size_t i; |
Nicolas "Pixel" Noble | 213ed91 | 2015-01-30 02:11:35 +0100 | [diff] [blame] | 137 | unsigned count = 0; |
murgatroid99 | c896e19 | 2015-01-21 11:36:23 -0800 | [diff] [blame] | 138 | int port_num = -1; |
| 139 | int port_temp; |
Craig Tiller | 759026c | 2015-02-22 23:09:45 -0800 | [diff] [blame] | 140 | grpc_security_status status = GRPC_SECURITY_ERROR; |
Julien Boeuf | 7d1d9ca | 2015-04-17 14:38:48 -0700 | [diff] [blame] | 141 | grpc_security_connector *sc = NULL; |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 142 | |
Craig Tiller | 759026c | 2015-02-22 23:09:45 -0800 | [diff] [blame] | 143 | /* create security context */ |
| 144 | if (creds == NULL) goto error; |
Julien Boeuf | 7d1d9ca | 2015-04-17 14:38:48 -0700 | [diff] [blame] | 145 | status = grpc_server_credentials_create_security_connector(creds, &sc); |
Craig Tiller | 759026c | 2015-02-22 23:09:45 -0800 | [diff] [blame] | 146 | if (status != GRPC_SECURITY_OK) { |
| 147 | gpr_log(GPR_ERROR, |
| 148 | "Unable to create secure server with credentials of type %s.", |
| 149 | creds->type); |
| 150 | goto error; |
| 151 | } |
| 152 | |
| 153 | /* resolve address */ |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 154 | resolved = grpc_blocking_resolve_address(addr, "https"); |
| 155 | if (!resolved) { |
| 156 | goto error; |
| 157 | } |
| 158 | |
ctiller | 18b49ab | 2014-12-09 14:39:16 -0800 | [diff] [blame] | 159 | tcp = grpc_tcp_server_create(); |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 160 | if (!tcp) { |
| 161 | goto error; |
| 162 | } |
| 163 | |
| 164 | for (i = 0; i < resolved->naddrs; i++) { |
murgatroid99 | c896e19 | 2015-01-21 11:36:23 -0800 | [diff] [blame] | 165 | port_temp = grpc_tcp_server_add_port( |
| 166 | tcp, (struct sockaddr *)&resolved->addrs[i].addr, |
| 167 | resolved->addrs[i].len); |
| 168 | if (port_temp >= 0) { |
| 169 | if (port_num == -1) { |
| 170 | port_num = port_temp; |
| 171 | } else { |
| 172 | GPR_ASSERT(port_num == port_temp); |
| 173 | } |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 174 | count++; |
| 175 | } |
| 176 | } |
| 177 | if (count == 0) { |
| 178 | gpr_log(GPR_ERROR, "No address added out of total %d resolved", |
| 179 | resolved->naddrs); |
| 180 | goto error; |
| 181 | } |
| 182 | if (count != resolved->naddrs) { |
| 183 | gpr_log(GPR_ERROR, "Only %d addresses added out of total %d resolved", |
| 184 | count, resolved->naddrs); |
Nicolas "Pixel" Noble | 213ed91 | 2015-01-30 02:11:35 +0100 | [diff] [blame] | 185 | /* if it's an error, don't we want to goto error; here ? */ |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 186 | } |
| 187 | grpc_resolved_addresses_destroy(resolved); |
| 188 | |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 189 | state = gpr_malloc(sizeof(*state)); |
| 190 | state->server = server; |
| 191 | state->tcp = tcp; |
Julien Boeuf | 7d1d9ca | 2015-04-17 14:38:48 -0700 | [diff] [blame] | 192 | state->sc = sc; |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 193 | state->is_shutdown = 0; |
| 194 | gpr_mu_init(&state->mu); |
| 195 | gpr_ref_init(&state->refcount, 1); |
Craig Tiller | 759026c | 2015-02-22 23:09:45 -0800 | [diff] [blame] | 196 | |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 197 | /* Register with the server only upon success */ |
David Klempner | fd5d8ff | 2015-03-05 14:17:38 -0800 | [diff] [blame] | 198 | grpc_server_add_listener(server, state, start, destroy); |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 199 | |
murgatroid99 | c896e19 | 2015-01-21 11:36:23 -0800 | [diff] [blame] | 200 | return port_num; |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 201 | |
| 202 | /* Error path: cleanup and return */ |
| 203 | error: |
Julien Boeuf | 7d1d9ca | 2015-04-17 14:38:48 -0700 | [diff] [blame] | 204 | if (sc) { |
| 205 | grpc_security_connector_unref(sc); |
Craig Tiller | 759026c | 2015-02-22 23:09:45 -0800 | [diff] [blame] | 206 | } |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 207 | if (resolved) { |
| 208 | grpc_resolved_addresses_destroy(resolved); |
| 209 | } |
| 210 | if (tcp) { |
Craig Tiller | aec96aa | 2015-04-07 14:32:15 -0700 | [diff] [blame] | 211 | grpc_tcp_server_destroy(tcp, NULL, NULL); |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 212 | } |
Craig Tiller | 60a5bfc | 2015-03-05 17:02:17 -0800 | [diff] [blame] | 213 | if (state) { |
| 214 | gpr_free(state); |
Craig Tiller | 759026c | 2015-02-22 23:09:45 -0800 | [diff] [blame] | 215 | } |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 216 | return 0; |
Craig Tiller | 190d360 | 2015-02-18 09:23:38 -0800 | [diff] [blame] | 217 | } |