grpc 1.7.3 → 1.8.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +2106 -2116
- data/include/grpc/census.h +1 -432
- data/include/grpc/compression.h +9 -9
- data/include/grpc/grpc.h +115 -98
- data/include/grpc/grpc_cronet.h +3 -3
- data/include/grpc/grpc_posix.h +4 -4
- data/include/grpc/grpc_security.h +160 -88
- data/include/grpc/grpc_security_constants.h +7 -0
- data/include/grpc/impl/codegen/atm.h +9 -1
- data/include/grpc/impl/codegen/atm_gcc_atomic.h +13 -4
- data/include/grpc/impl/codegen/atm_gcc_sync.h +6 -5
- data/include/grpc/impl/codegen/atm_windows.h +23 -22
- data/include/grpc/impl/codegen/byte_buffer.h +14 -14
- data/include/grpc/impl/codegen/byte_buffer_reader.h +2 -2
- data/include/grpc/impl/codegen/connectivity_state.h +0 -2
- data/include/grpc/impl/codegen/grpc_types.h +32 -28
- data/include/grpc/impl/codegen/port_platform.h +48 -0
- data/include/grpc/impl/codegen/slice.h +10 -10
- data/include/grpc/impl/codegen/sync_generic.h +9 -3
- data/include/grpc/slice.h +16 -17
- data/include/grpc/slice_buffer.h +22 -22
- data/include/grpc/support/alloc.h +11 -11
- data/include/grpc/support/avl.h +28 -20
- data/include/grpc/support/cmdline.h +13 -13
- data/include/grpc/support/histogram.h +17 -17
- data/include/grpc/support/host_port.h +2 -2
- data/include/grpc/support/log.h +9 -9
- data/include/grpc/support/log_windows.h +1 -1
- data/include/grpc/support/string_util.h +2 -2
- data/include/grpc/support/subprocess.h +5 -5
- data/include/grpc/support/sync.h +43 -27
- data/include/grpc/support/thd.h +6 -6
- data/include/grpc/support/tls_gcc.h +1 -1
- data/include/grpc/support/tls_pthread.h +1 -1
- data/src/core/ext/census/{grpc_context.c → grpc_context.cc} +5 -8
- data/src/core/ext/filters/client_channel/backup_poller.cc +165 -0
- data/src/core/ext/{census/grpc_filter.h → filters/client_channel/backup_poller.h} +12 -7
- data/src/core/ext/filters/client_channel/{channel_connectivity.c → channel_connectivity.cc} +45 -42
- data/src/core/ext/filters/client_channel/{client_channel.c → client_channel.cc} +452 -417
- data/src/core/ext/filters/client_channel/client_channel.h +16 -8
- data/src/core/ext/filters/client_channel/{client_channel_factory.c → client_channel_factory.cc} +0 -0
- data/src/core/ext/filters/client_channel/client_channel_factory.h +29 -21
- data/src/core/ext/filters/client_channel/{client_channel_plugin.c → client_channel_plugin.cc} +15 -19
- data/src/core/ext/filters/client_channel/{connector.c → connector.cc} +0 -0
- data/src/core/ext/filters/client_channel/connector.h +29 -21
- data/src/core/ext/filters/client_channel/{http_connect_handshaker.c → http_connect_handshaker.cc} +10 -10
- data/src/core/ext/filters/client_channel/http_connect_handshaker.h +8 -0
- data/src/core/ext/filters/client_channel/{http_proxy.c → http_proxy.cc} +14 -14
- data/src/core/ext/filters/client_channel/http_proxy.h +8 -0
- data/src/core/ext/filters/client_channel/{lb_policy.c → lb_policy.cc} +47 -48
- data/src/core/ext/filters/client_channel/lb_policy.h +76 -70
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/{client_load_reporting_filter.c → client_load_reporting_filter.cc} +28 -29
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +9 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/{grpclb.c → grpclb.cc} +554 -563
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +9 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +17 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/{grpclb_channel_secure.c → grpclb_channel_secure.cc} +17 -17
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/{grpclb_client_stats.c → grpclb_client_stats.cc} +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +9 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/{load_balancer_api.c → load_balancer_api.cc} +64 -67
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +20 -21
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +599 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +695 -0
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc +270 -0
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +153 -0
- data/src/core/ext/filters/client_channel/{lb_policy_factory.c → lb_policy_factory.cc} +10 -10
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +48 -40
- data/src/core/ext/filters/client_channel/{lb_policy_registry.c → lb_policy_registry.cc} +9 -9
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +11 -3
- data/src/core/ext/filters/client_channel/{parse_address.c → parse_address.cc} +24 -24
- data/src/core/ext/filters/client_channel/parse_address.h +14 -6
- data/src/core/ext/filters/client_channel/{proxy_mapper.c → proxy_mapper.cc} +0 -0
- data/src/core/ext/filters/client_channel/proxy_mapper.h +8 -0
- data/src/core/ext/filters/client_channel/{proxy_mapper_registry.c → proxy_mapper_registry.cc} +0 -0
- data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +8 -0
- data/src/core/ext/filters/client_channel/{resolver.c → resolver.cc} +21 -23
- data/src/core/ext/filters/client_channel/resolver.h +33 -27
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/{dns_resolver_ares.c → dns_resolver_ares.cc} +133 -133
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +18 -9
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/{grpc_ares_ev_driver_posix.c → grpc_ares_ev_driver_posix.cc} +58 -56
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/{grpc_ares_wrapper.c → grpc_ares_wrapper.cc} +118 -115
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +23 -15
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +60 -0
- data/src/core/ext/filters/client_channel/resolver/dns/native/{dns_resolver.c → dns_resolver.cc} +100 -94
- data/src/core/ext/filters/client_channel/resolver/fake/{fake_resolver.c → fake_resolver.cc} +14 -14
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +9 -1
- data/src/core/ext/filters/client_channel/resolver/sockaddr/{sockaddr_resolver.c → sockaddr_resolver.cc} +60 -60
- data/src/core/ext/filters/client_channel/{resolver_factory.c → resolver_factory.cc} +2 -2
- data/src/core/ext/filters/client_channel/resolver_factory.h +27 -19
- data/src/core/ext/filters/client_channel/{resolver_registry.c → resolver_registry.cc} +35 -35
- data/src/core/ext/filters/client_channel/resolver_registry.h +18 -10
- data/src/core/ext/filters/client_channel/{retry_throttle.c → retry_throttle.cc} +10 -10
- data/src/core/ext/filters/client_channel/retry_throttle.h +8 -0
- data/src/core/ext/filters/client_channel/{subchannel.c → subchannel.cc} +210 -213
- data/src/core/ext/filters/client_channel/subchannel.h +68 -60
- data/src/core/ext/filters/client_channel/{subchannel_index.c → subchannel_index.cc} +52 -52
- data/src/core/ext/filters/client_channel/subchannel_index.h +22 -14
- data/src/core/ext/filters/client_channel/{uri_parser.c → uri_parser.cc} +29 -27
- data/src/core/ext/filters/client_channel/uri_parser.h +18 -10
- data/src/core/ext/filters/deadline/{deadline_filter.c → deadline_filter.cc} +12 -15
- data/src/core/ext/filters/deadline/deadline_filter.h +11 -2
- data/src/core/ext/filters/http/client/{http_client_filter.c → http_client_filter.cc} +83 -83
- data/src/core/ext/filters/http/client/http_client_filter.h +8 -0
- data/src/core/ext/filters/http/{http_filters_plugin.c → http_filters_plugin.cc} +20 -21
- data/src/core/ext/filters/http/message_compress/{message_compress_filter.c → message_compress_filter.cc} +84 -83
- data/src/core/ext/filters/http/message_compress/message_compress_filter.h +9 -1
- data/src/core/ext/filters/http/server/{http_server_filter.c → http_server_filter.cc} +80 -78
- data/src/core/ext/filters/http/server/http_server_filter.h +8 -0
- data/src/core/ext/filters/load_reporting/{server_load_reporting_filter.c → server_load_reporting_filter.cc} +29 -29
- data/src/core/ext/filters/load_reporting/server_load_reporting_filter.h +9 -1
- data/src/core/ext/filters/load_reporting/{server_load_reporting_plugin.c → server_load_reporting_plugin.cc} +11 -11
- data/src/core/ext/filters/load_reporting/server_load_reporting_plugin.h +13 -5
- data/src/core/ext/filters/max_age/{max_age_filter.c → max_age_filter.cc} +46 -56
- data/src/core/ext/filters/max_age/max_age_filter.h +8 -0
- data/src/core/ext/filters/message_size/{message_size_filter.c → message_size_filter.cc} +62 -40
- data/src/core/ext/filters/message_size/message_size_filter.h +8 -0
- data/src/core/ext/filters/workarounds/{workaround_cronet_compression_filter.c → workaround_cronet_compression_filter.cc} +11 -11
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.h +8 -0
- data/src/core/ext/filters/workarounds/{workaround_utils.c → workaround_utils.cc} +7 -7
- data/src/core/ext/filters/workarounds/workaround_utils.h +9 -1
- data/src/core/ext/transport/chttp2/alpn/{alpn.c → alpn.cc} +3 -3
- data/src/core/ext/transport/chttp2/alpn/alpn.h +10 -2
- data/src/core/ext/transport/chttp2/client/{chttp2_connector.c → chttp2_connector.cc} +49 -45
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +8 -0
- data/src/core/ext/transport/chttp2/client/insecure/{channel_create.c → channel_create.cc} +28 -27
- data/src/core/ext/transport/chttp2/client/insecure/{channel_create_posix.c → channel_create_posix.cc} +14 -13
- data/src/core/ext/transport/chttp2/client/secure/{secure_channel_create.c → secure_channel_create.cc} +68 -66
- data/src/core/ext/transport/chttp2/server/{chttp2_server.c → chttp2_server.cc} +76 -77
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -3
- data/src/core/ext/transport/chttp2/server/insecure/{server_chttp2.c → server_chttp2.cc} +3 -3
- data/src/core/ext/transport/chttp2/server/insecure/{server_chttp2_posix.c → server_chttp2_posix.cc} +13 -12
- data/src/core/ext/transport/chttp2/server/secure/{server_secure_chttp2.c → server_secure_chttp2.cc} +12 -10
- data/src/core/ext/transport/chttp2/transport/{bin_decoder.c → bin_decoder.cc} +7 -7
- data/src/core/ext/transport/chttp2/transport/bin_decoder.h +15 -7
- data/src/core/ext/transport/chttp2/transport/{bin_encoder.c → bin_encoder.cc} +11 -11
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +8 -0
- data/src/core/ext/transport/chttp2/transport/{chttp2_plugin.c → chttp2_plugin.cc} +2 -9
- data/src/core/ext/transport/chttp2/transport/{chttp2_transport.c → chttp2_transport.cc} +778 -778
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +14 -10
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +385 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.h +337 -0
- data/src/core/ext/transport/chttp2/transport/frame.h +8 -0
- data/src/core/ext/transport/chttp2/transport/{frame_data.c → frame_data.cc} +34 -34
- data/src/core/ext/transport/chttp2/transport/frame_data.h +25 -17
- data/src/core/ext/transport/chttp2/transport/{frame_goaway.c → frame_goaway.cc} +18 -18
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +18 -10
- data/src/core/ext/transport/chttp2/transport/{frame_ping.c → frame_ping.cc} +18 -19
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +12 -4
- data/src/core/ext/transport/chttp2/transport/{frame_rst_stream.c → frame_rst_stream.cc} +16 -16
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +16 -8
- data/src/core/ext/transport/chttp2/transport/{frame_settings.c → frame_settings.cc} +23 -24
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +17 -9
- data/src/core/ext/transport/chttp2/transport/{frame_window_update.c → frame_window_update.cc} +22 -24
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +14 -6
- data/src/core/ext/transport/chttp2/transport/{hpack_encoder.c → hpack_encoder.cc} +206 -161
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +23 -13
- data/src/core/ext/transport/chttp2/transport/{hpack_parser.c → hpack_parser.cc} +340 -334
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +30 -22
- data/src/core/ext/transport/chttp2/transport/{hpack_table.c → hpack_table.cc} +25 -25
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +19 -11
- data/src/core/ext/transport/chttp2/transport/{http2_settings.c → http2_settings.cc} +1 -1
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +10 -2
- data/src/core/ext/transport/chttp2/transport/{huffsyms.c → huffsyms.cc} +0 -0
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +8 -0
- data/src/core/ext/transport/chttp2/transport/{incoming_metadata.c → incoming_metadata.cc} +14 -13
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +18 -10
- data/src/core/ext/transport/chttp2/transport/internal.h +214 -340
- data/src/core/ext/transport/chttp2/transport/{parsing.c → parsing.cc} +152 -141
- data/src/core/ext/transport/chttp2/transport/{stream_lists.c → stream_lists.cc} +53 -53
- data/src/core/ext/transport/chttp2/transport/{stream_map.c → stream_map.cc} +35 -34
- data/src/core/ext/transport/chttp2/transport/stream_map.h +22 -14
- data/src/core/ext/transport/chttp2/transport/{varint.c → varint.cc} +0 -0
- data/src/core/ext/transport/chttp2/transport/varint.h +8 -0
- data/src/core/ext/transport/chttp2/transport/writing.cc +636 -0
- data/src/core/ext/transport/inproc/{inproc_plugin.c → inproc_plugin.cc} +5 -6
- data/src/core/ext/transport/inproc/{inproc_transport.c → inproc_transport.cc} +479 -544
- data/src/core/ext/transport/inproc/inproc_transport.h +4 -4
- data/src/core/lib/backoff/backoff.cc +80 -0
- data/src/core/lib/backoff/backoff.h +83 -0
- data/src/core/lib/channel/{channel_args.c → channel_args.cc} +92 -92
- data/src/core/lib/channel/channel_args.h +45 -37
- data/src/core/lib/channel/{channel_stack.c → channel_stack.cc} +67 -68
- data/src/core/lib/channel/channel_stack.h +76 -75
- data/src/core/lib/channel/{channel_stack_builder.c → channel_stack_builder.cc} +91 -91
- data/src/core/lib/channel/channel_stack_builder.h +45 -45
- data/src/core/lib/channel/{connected_channel.c → connected_channel.cc} +70 -70
- data/src/core/lib/channel/connected_channel.h +12 -4
- data/src/core/lib/channel/context.h +2 -2
- data/src/core/lib/channel/{handshaker.c → handshaker.cc} +7 -9
- data/src/core/lib/channel/handshaker.h +9 -1
- data/src/core/lib/channel/{handshaker_factory.c → handshaker_factory.cc} +7 -7
- data/src/core/lib/channel/handshaker_factory.h +18 -10
- data/src/core/lib/channel/{handshaker_registry.c → handshaker_registry.cc} +0 -0
- data/src/core/lib/channel/handshaker_registry.h +8 -0
- data/src/core/lib/compression/algorithm_metadata.h +8 -0
- data/src/core/lib/compression/{compression.c → compression.cc} +9 -9
- data/src/core/lib/compression/{message_compress.c → message_compress.cc} +0 -0
- data/src/core/lib/compression/message_compress.h +8 -0
- data/src/core/lib/compression/{stream_compression.c → stream_compression.cc} +12 -12
- data/src/core/lib/compression/stream_compression.h +27 -19
- data/src/core/lib/compression/{stream_compression_gzip.c → stream_compression_gzip.cc} +35 -36
- data/src/core/lib/compression/stream_compression_gzip.h +8 -0
- data/src/core/lib/compression/{stream_compression_identity.c → stream_compression_identity.cc} +19 -20
- data/src/core/lib/compression/stream_compression_identity.h +8 -0
- data/src/core/lib/debug/{stats.c → stats.cc} +19 -19
- data/src/core/lib/debug/stats.h +17 -9
- data/src/core/lib/debug/{stats_data.c → stats_data.cc} +45 -22
- data/src/core/lib/debug/stats_data.h +58 -19
- data/src/core/lib/debug/trace.cc +142 -0
- data/src/core/lib/debug/trace.h +74 -14
- data/src/core/lib/http/{format_request.c → format_request.cc} +10 -10
- data/src/core/lib/http/format_request.h +12 -4
- data/src/core/lib/http/{httpcli.c → httpcli.cc} +80 -80
- data/src/core/lib/http/httpcli.h +41 -33
- data/src/core/lib/http/{httpcli_security_connector.c → httpcli_security_connector.cc} +69 -55
- data/src/core/lib/http/{parser.c → parser.cc} +42 -42
- data/src/core/lib/http/parser.h +28 -20
- data/src/core/lib/{support → iomgr}/block_annotate.h +17 -8
- data/src/core/lib/iomgr/{call_combiner.c → call_combiner.cc} +29 -17
- data/src/core/lib/iomgr/call_combiner.h +9 -1
- data/src/core/lib/iomgr/closure.h +220 -62
- data/src/core/lib/iomgr/{combiner.c → combiner.cc} +63 -62
- data/src/core/lib/iomgr/combiner.h +16 -8
- data/src/core/lib/iomgr/{endpoint.c → endpoint.cc} +6 -0
- data/src/core/lib/iomgr/endpoint.h +47 -32
- data/src/core/lib/iomgr/endpoint_pair.h +12 -4
- data/src/core/lib/iomgr/{endpoint_pair_posix.c → endpoint_pair_posix.cc} +3 -3
- data/src/core/lib/iomgr/{endpoint_pair_uv.c → endpoint_pair_uv.cc} +2 -2
- data/src/core/lib/iomgr/{endpoint_pair_windows.c → endpoint_pair_windows.cc} +6 -6
- data/src/core/lib/iomgr/{error.c → error.cc} +125 -124
- data/src/core/lib/iomgr/error.h +32 -27
- data/src/core/lib/iomgr/error_internal.h +11 -2
- data/src/core/lib/iomgr/{ev_epoll1_linux.c → ev_epoll1_linux.cc} +214 -215
- data/src/core/lib/iomgr/ev_epoll1_linux.h +9 -1
- data/src/core/lib/iomgr/ev_epollex_linux.cc +1488 -0
- data/src/core/lib/iomgr/ev_epollex_linux.h +9 -1
- data/src/core/lib/iomgr/{ev_epollsig_linux.c → ev_epollsig_linux.cc} +304 -305
- data/src/core/lib/iomgr/ev_epollsig_linux.h +12 -4
- data/src/core/lib/iomgr/{ev_poll_posix.c → ev_poll_posix.cc} +272 -283
- data/src/core/lib/iomgr/ev_poll_posix.h +10 -2
- data/src/core/lib/iomgr/ev_posix.cc +288 -0
- data/src/core/lib/iomgr/ev_posix.h +75 -67
- data/src/core/lib/iomgr/{ev_windows.c → ev_windows.cc} +2 -2
- data/src/core/lib/iomgr/exec_ctx.cc +177 -0
- data/src/core/lib/iomgr/exec_ctx.h +35 -13
- data/src/core/lib/iomgr/{executor.c → executor.cc} +34 -35
- data/src/core/lib/iomgr/executor.h +12 -4
- data/src/core/lib/iomgr/{fork_posix.c → fork_posix.cc} +0 -0
- data/src/core/lib/iomgr/{fork_windows.c → fork_windows.cc} +0 -0
- data/src/core/lib/iomgr/gethostname.h +9 -1
- data/src/core/lib/iomgr/{gethostname_fallback.c → gethostname_fallback.cc} +2 -1
- data/src/core/lib/iomgr/{gethostname_host_name_max.c → gethostname_host_name_max.cc} +4 -3
- data/src/core/lib/iomgr/{gethostname_sysconf.c → gethostname_sysconf.cc} +3 -2
- data/src/core/lib/iomgr/{iocp_windows.c → iocp_windows.cc} +23 -25
- data/src/core/lib/iomgr/iocp_windows.h +17 -3
- data/src/core/lib/iomgr/{iomgr.c → iomgr.cc} +25 -19
- data/src/core/lib/iomgr/iomgr.h +11 -3
- data/src/core/lib/iomgr/iomgr_internal.h +13 -5
- data/src/core/lib/iomgr/{iomgr_posix.c → iomgr_posix.cc} +0 -1
- data/src/core/lib/iomgr/{iomgr_uv.c → iomgr_uv.cc} +1 -1
- data/src/core/lib/iomgr/iomgr_uv.h +8 -0
- data/src/core/lib/iomgr/{iomgr_windows.c → iomgr_windows.cc} +0 -0
- data/src/core/lib/iomgr/{is_epollexclusive_available.c → is_epollexclusive_available.cc} +1 -1
- data/src/core/lib/iomgr/is_epollexclusive_available.h +8 -0
- data/src/core/lib/iomgr/{load_file.c → load_file.cc} +12 -12
- data/src/core/lib/iomgr/load_file.h +2 -2
- data/src/core/lib/iomgr/{lockfree_event.c → lockfree_event.cc} +76 -68
- data/src/core/lib/iomgr/lockfree_event.h +30 -11
- data/src/core/lib/iomgr/{network_status_tracker.c → network_status_tracker.cc} +3 -2
- data/src/core/lib/iomgr/network_status_tracker.h +2 -2
- data/src/core/lib/iomgr/{polling_entity.c → polling_entity.cc} +18 -18
- data/src/core/lib/iomgr/polling_entity.h +21 -13
- data/src/core/lib/iomgr/pollset.h +17 -11
- data/src/core/lib/iomgr/pollset_set.h +23 -15
- data/src/core/lib/iomgr/{pollset_set_uv.c → pollset_set_uv.cc} +0 -0
- data/src/core/lib/iomgr/{pollset_set_windows.c → pollset_set_windows.cc} +0 -0
- data/src/core/lib/iomgr/{pollset_uv.c → pollset_uv.cc} +31 -29
- data/src/core/lib/iomgr/pollset_uv.h +8 -0
- data/src/core/lib/iomgr/{pollset_windows.c → pollset_windows.cc} +24 -24
- data/src/core/lib/iomgr/pollset_windows.h +17 -4
- data/src/core/lib/iomgr/port.h +10 -0
- data/src/core/lib/iomgr/resolve_address.h +18 -10
- data/src/core/lib/iomgr/{resolve_address_posix.c → resolve_address_posix.cc} +40 -40
- data/src/core/lib/iomgr/{resolve_address_uv.c → resolve_address_uv.cc} +61 -56
- data/src/core/lib/iomgr/{resolve_address_windows.c → resolve_address_windows.cc} +36 -34
- data/src/core/lib/iomgr/{resource_quota.c → resource_quota.cc} +209 -180
- data/src/core/lib/iomgr/resource_quota.h +45 -37
- data/src/core/lib/iomgr/{sockaddr_utils.c → sockaddr_utils.cc} +61 -61
- data/src/core/lib/iomgr/sockaddr_utils.h +23 -15
- data/src/core/lib/iomgr/sockaddr_windows.h +6 -0
- data/src/core/lib/iomgr/{socket_factory_posix.c → socket_factory_posix.cc} +20 -20
- data/src/core/lib/iomgr/socket_factory_posix.h +15 -15
- data/src/core/lib/iomgr/{socket_mutator.c → socket_mutator.cc} +18 -18
- data/src/core/lib/iomgr/socket_mutator.h +11 -11
- data/src/core/lib/iomgr/socket_utils.h +9 -1
- data/src/core/lib/iomgr/{socket_utils_common_posix.c → socket_utils_common_posix.cc} +28 -28
- data/src/core/lib/iomgr/{socket_utils_linux.c → socket_utils_linux.cc} +3 -3
- data/src/core/lib/iomgr/{socket_utils_posix.c → socket_utils_posix.cc} +3 -3
- data/src/core/lib/iomgr/socket_utils_posix.h +26 -18
- data/src/core/lib/iomgr/{socket_utils_uv.c → socket_utils_uv.cc} +1 -1
- data/src/core/lib/iomgr/{socket_utils_windows.c → socket_utils_windows.cc} +2 -2
- data/src/core/lib/iomgr/{socket_windows.c → socket_windows.cc} +18 -18
- data/src/core/lib/iomgr/socket_windows.h +26 -13
- data/src/core/lib/iomgr/tcp_client.h +14 -6
- data/src/core/lib/iomgr/{tcp_client_posix.c → tcp_client_posix.cc} +69 -70
- data/src/core/lib/iomgr/tcp_client_posix.h +11 -3
- data/src/core/lib/iomgr/{tcp_client_uv.c → tcp_client_uv.cc} +47 -48
- data/src/core/lib/iomgr/{tcp_client_windows.c → tcp_client_windows.cc} +46 -44
- data/src/core/lib/iomgr/{tcp_posix.c → tcp_posix.cc} +198 -175
- data/src/core/lib/iomgr/tcp_posix.h +15 -7
- data/src/core/lib/iomgr/tcp_server.h +31 -23
- data/src/core/lib/iomgr/{tcp_server_posix.c → tcp_server_posix.cc} +78 -77
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +27 -19
- data/src/core/lib/iomgr/{tcp_server_utils_posix_common.c → tcp_server_utils_posix_common.cc} +27 -27
- data/src/core/lib/iomgr/{tcp_server_utils_posix_ifaddrs.c → tcp_server_utils_posix_ifaddrs.cc} +25 -25
- data/src/core/lib/iomgr/{tcp_server_utils_posix_noifaddrs.c → tcp_server_utils_posix_noifaddrs.cc} +2 -2
- data/src/core/lib/iomgr/{tcp_server_uv.c → tcp_server_uv.cc} +133 -105
- data/src/core/lib/iomgr/{tcp_server_windows.c → tcp_server_windows.cc} +81 -77
- data/src/core/lib/iomgr/tcp_uv.cc +420 -0
- data/src/core/lib/iomgr/tcp_uv.h +18 -4
- data/src/core/lib/iomgr/{tcp_windows.c → tcp_windows.cc} +90 -79
- data/src/core/lib/iomgr/tcp_windows.h +17 -4
- data/src/core/lib/iomgr/{time_averaged_stats.c → time_averaged_stats.cc} +0 -0
- data/src/core/lib/iomgr/time_averaged_stats.h +8 -0
- data/src/core/lib/iomgr/timer.h +16 -9
- data/src/core/lib/iomgr/{timer_generic.c → timer_generic.cc} +130 -171
- data/src/core/lib/iomgr/timer_generic.h +4 -4
- data/src/core/lib/iomgr/{timer_heap.c → timer_heap.cc} +20 -21
- data/src/core/lib/iomgr/timer_heap.h +16 -8
- data/src/core/lib/iomgr/{timer_manager.c → timer_manager.cc} +54 -52
- data/src/core/lib/iomgr/timer_manager.h +8 -0
- data/src/core/lib/iomgr/{timer_uv.c → timer_uv.cc} +22 -24
- data/src/core/lib/iomgr/timer_uv.h +2 -2
- data/src/core/lib/iomgr/{udp_server.c → udp_server.cc} +75 -75
- data/src/core/lib/iomgr/udp_server.h +25 -17
- data/src/core/lib/iomgr/{unix_sockets_posix.c → unix_sockets_posix.cc} +22 -21
- data/src/core/lib/iomgr/unix_sockets_posix.h +14 -6
- data/src/core/lib/iomgr/{unix_sockets_posix_noop.c → unix_sockets_posix_noop.cc} +5 -5
- data/src/core/lib/iomgr/{wakeup_fd_cv.c → wakeup_fd_cv.cc} +2 -2
- data/src/core/lib/iomgr/wakeup_fd_cv.h +10 -0
- data/src/core/lib/iomgr/{wakeup_fd_eventfd.c → wakeup_fd_eventfd.cc} +0 -0
- data/src/core/lib/iomgr/{wakeup_fd_nospecial.c → wakeup_fd_nospecial.cc} +0 -0
- data/src/core/lib/iomgr/{wakeup_fd_pipe.c → wakeup_fd_pipe.cc} +1 -0
- data/src/core/lib/iomgr/wakeup_fd_pipe.h +9 -1
- data/src/core/lib/iomgr/{wakeup_fd_posix.c → wakeup_fd_posix.cc} +6 -7
- data/src/core/lib/iomgr/wakeup_fd_posix.h +8 -0
- data/src/core/lib/json/{json.c → json.cc} +0 -0
- data/src/core/lib/json/json.h +8 -0
- data/src/core/lib/json/{json_reader.c → json_reader.cc} +18 -18
- data/src/core/lib/json/json_reader.h +26 -18
- data/src/core/lib/json/{json_string.c → json_string.cc} +57 -57
- data/src/core/lib/json/{json_writer.c → json_writer.cc} +20 -20
- data/src/core/lib/json/json_writer.h +23 -15
- data/src/core/lib/profiling/{basic_timers.c → basic_timers.cc} +34 -34
- data/src/core/lib/profiling/{stap_timers.c → stap_timers.cc} +5 -5
- data/src/core/lib/profiling/timers.h +6 -6
- data/src/core/lib/security/context/{security_context.c → security_context.cc} +98 -95
- data/src/core/lib/security/context/security_context.h +27 -29
- data/src/core/lib/security/credentials/composite/{composite_credentials.c → composite_credentials.cc} +79 -73
- data/src/core/lib/security/credentials/composite/composite_credentials.h +17 -9
- data/src/core/lib/security/credentials/{credentials.c → credentials.cc} +97 -92
- data/src/core/lib/security/credentials/credentials.h +83 -75
- data/src/core/lib/security/credentials/{credentials_metadata.c → credentials_metadata.cc} +7 -6
- data/src/core/lib/security/credentials/fake/{fake_credentials.c → fake_credentials.cc} +39 -36
- data/src/core/lib/security/credentials/fake/fake_credentials.h +13 -5
- data/src/core/lib/security/credentials/google_default/{credentials_generic.c → credentials_generic.cc} +5 -5
- data/src/core/lib/security/credentials/google_default/{google_default_credentials.c → google_default_credentials.cc} +55 -55
- data/src/core/lib/security/credentials/google_default/google_default_credentials.h +9 -1
- data/src/core/lib/security/credentials/iam/{iam_credentials.c → iam_credentials.cc} +19 -18
- data/src/core/lib/security/credentials/jwt/{json_token.c → json_token.cc} +80 -75
- data/src/core/lib/security/credentials/jwt/json_token.h +23 -15
- data/src/core/lib/security/credentials/jwt/{jwt_credentials.c → jwt_credentials.cc} +45 -41
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +11 -3
- data/src/core/lib/security/credentials/jwt/{jwt_verifier.c → jwt_verifier.cc} +262 -252
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +38 -30
- data/src/core/lib/security/credentials/oauth2/{oauth2_credentials.c → oauth2_credentials.cc} +138 -141
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +30 -22
- data/src/core/lib/security/credentials/plugin/{plugin_credentials.c → plugin_credentials.cc} +52 -53
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +7 -7
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +344 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +27 -0
- data/src/core/lib/security/transport/auth_filters.h +16 -0
- data/src/core/lib/security/transport/{client_auth_filter.c → client_auth_filter.cc} +127 -115
- data/src/core/lib/security/transport/{lb_targets_info.c → lb_targets_info.cc} +16 -13
- data/src/core/lib/security/transport/lb_targets_info.h +11 -3
- data/src/core/lib/security/transport/{secure_endpoint.c → secure_endpoint.cc} +84 -76
- data/src/core/lib/security/transport/secure_endpoint.h +13 -5
- data/src/core/lib/security/transport/security_connector.cc +1121 -0
- data/src/core/lib/security/transport/security_connector.h +97 -79
- data/src/core/lib/security/transport/{security_handshaker.c → security_handshaker.cc} +139 -132
- data/src/core/lib/security/transport/security_handshaker.h +11 -3
- data/src/core/lib/security/transport/{server_auth_filter.c → server_auth_filter.cc} +68 -68
- data/src/core/lib/security/transport/{tsi_error.c → tsi_error.cc} +1 -1
- data/src/core/lib/security/transport/tsi_error.h +9 -1
- data/src/core/lib/security/util/{json_util.c → json_util.cc} +11 -11
- data/src/core/lib/security/util/json_util.h +12 -4
- data/src/core/lib/slice/{b64.c → b64.cc} +15 -15
- data/src/core/lib/slice/b64.h +12 -4
- data/src/core/lib/slice/{percent_encoding.c → percent_encoding.cc} +15 -15
- data/src/core/lib/slice/percent_encoding.h +11 -3
- data/src/core/lib/slice/{slice.c → slice.cc} +64 -64
- data/src/core/lib/slice/{slice_buffer.c → slice_buffer.cc} +38 -38
- data/src/core/lib/slice/{slice_hash_table.c → slice_hash_table.cc} +7 -7
- data/src/core/lib/slice/slice_hash_table.h +19 -11
- data/src/core/lib/slice/{slice_intern.c → slice_intern.cc} +35 -34
- data/src/core/lib/slice/slice_internal.h +17 -6
- data/src/core/lib/slice/{slice_string_helpers.c → slice_string_helpers.cc} +9 -9
- data/src/core/lib/slice/slice_string_helpers.h +3 -3
- data/src/core/lib/support/abstract.h +29 -0
- data/src/core/lib/support/{alloc.c → alloc.cc} +22 -22
- data/src/core/lib/support/{arena.c → arena.cc} +12 -12
- data/src/core/lib/support/arena.h +11 -3
- data/src/core/lib/support/{atm.c → atm.cc} +1 -1
- data/src/core/lib/support/{avl.c → avl.cc} +71 -70
- data/src/core/lib/support/{cmdline.c → cmdline.cc} +62 -62
- data/src/core/lib/support/{cpu_iphone.c → cpu_iphone.cc} +2 -0
- data/src/core/lib/support/{cpu_linux.c → cpu_linux.cc} +10 -0
- data/src/core/lib/support/{cpu_posix.c → cpu_posix.cc} +27 -4
- data/src/core/lib/support/{cpu_windows.c → cpu_windows.cc} +1 -0
- data/src/core/lib/support/env.h +3 -3
- data/src/core/lib/support/{env_linux.c → env_linux.cc} +11 -11
- data/src/core/lib/support/{env_posix.c → env_posix.cc} +4 -4
- data/src/core/lib/support/{env_windows.c → env_windows.cc} +5 -5
- data/src/core/lib/support/{fork.c → fork.cc} +2 -2
- data/src/core/lib/support/{histogram.c → histogram.cc} +25 -26
- data/src/core/lib/support/{host_port.c → host_port.cc} +16 -16
- data/src/core/lib/support/{log.c → log.cc} +8 -8
- data/src/core/lib/support/{log_android.c → log_android.cc} +7 -7
- data/src/core/lib/support/{log_linux.c → log_linux.cc} +8 -8
- data/src/core/lib/support/{log_posix.c → log_posix.cc} +9 -10
- data/src/core/lib/support/{log_windows.c → log_windows.cc} +7 -7
- data/src/core/lib/support/manual_constructor.h +211 -0
- data/src/core/lib/support/memory.h +41 -0
- data/src/core/lib/support/mpscq.cc +114 -0
- data/src/core/lib/support/mpscq.h +45 -7
- data/src/core/lib/support/{murmur_hash.c → murmur_hash.cc} +9 -12
- data/src/core/lib/support/murmur_hash.h +9 -1
- data/src/core/lib/support/spinlock.h +8 -1
- data/src/core/lib/support/{string.c → string.cc} +56 -55
- data/src/core/lib/support/string.h +21 -21
- data/src/core/lib/support/{string_posix.c → string_posix.cc} +5 -4
- data/src/core/lib/support/{string_util_windows.c → string_util_windows.cc} +9 -6
- data/src/core/lib/support/{string_windows.c → string_windows.cc} +3 -2
- data/src/core/lib/support/string_windows.h +8 -0
- data/src/core/lib/support/{subprocess_posix.c → subprocess_posix.cc} +13 -13
- data/src/core/lib/support/{subprocess_windows.c → subprocess_windows.cc} +9 -9
- data/src/core/lib/support/{sync.c → sync.cc} +22 -22
- data/src/core/lib/support/{sync_posix.c → sync_posix.cc} +6 -2
- data/src/core/lib/support/{sync_windows.c → sync_windows.cc} +14 -14
- data/src/core/lib/support/{thd.c → thd.cc} +0 -0
- data/src/core/lib/support/{thd_posix.c → thd_posix.cc} +10 -10
- data/src/core/lib/support/{thd_windows.c → thd_windows.cc} +10 -10
- data/src/core/lib/support/{time.c → time.cc} +0 -0
- data/src/core/lib/support/{time_posix.c → time_posix.cc} +5 -6
- data/src/core/lib/support/{time_precise.c → time_precise.cc} +6 -4
- data/src/core/lib/support/time_precise.h +9 -1
- data/src/core/lib/support/{time_windows.c → time_windows.cc} +2 -3
- data/src/core/lib/support/{tls_pthread.c → tls_pthread.cc} +2 -2
- data/src/core/lib/support/tmpfile.h +1 -1
- data/src/core/lib/support/{tmpfile_msys.c → tmpfile_msys.cc} +2 -2
- data/src/core/lib/support/{tmpfile_posix.c → tmpfile_posix.cc} +7 -7
- data/src/core/lib/support/{tmpfile_windows.c → tmpfile_windows.cc} +2 -2
- data/src/core/lib/support/{wrap_memcpy.c → wrap_memcpy.cc} +4 -2
- data/src/core/lib/surface/{alarm.c → alarm.cc} +32 -31
- data/src/core/lib/surface/alarm_internal.h +10 -2
- data/src/core/lib/surface/{api_trace.c → api_trace.cc} +1 -1
- data/src/core/lib/surface/api_trace.h +2 -2
- data/src/core/lib/surface/{byte_buffer.c → byte_buffer.cc} +13 -13
- data/src/core/lib/surface/{byte_buffer_reader.c → byte_buffer_reader.cc} +9 -9
- data/src/core/lib/surface/{call.c → call.cc} +379 -372
- data/src/core/lib/surface/call.h +37 -38
- data/src/core/lib/surface/{call_details.c → call_details.cc} +0 -0
- data/src/core/lib/surface/{call_log_batch.c → call_log_batch.cc} +13 -11
- data/src/core/lib/surface/call_test_only.h +5 -5
- data/src/core/lib/surface/{channel.c → channel.cc} +94 -95
- data/src/core/lib/surface/channel.h +29 -21
- data/src/core/lib/surface/{channel_init.c → channel_init.cc} +13 -13
- data/src/core/lib/surface/channel_init.h +6 -6
- data/src/core/lib/surface/{channel_ping.c → channel_ping.cc} +12 -12
- data/src/core/lib/surface/{channel_stack_type.c → channel_stack_type.cc} +1 -1
- data/src/core/lib/surface/channel_stack_type.h +9 -1
- data/src/core/lib/surface/{completion_queue.c → completion_queue.cc} +416 -379
- data/src/core/lib/surface/completion_queue.h +29 -29
- data/src/core/lib/surface/{completion_queue_factory.c → completion_queue_factory.cc} +1 -1
- data/src/core/lib/surface/completion_queue_factory.h +8 -0
- data/src/core/lib/surface/{event_string.c → event_string.cc} +9 -9
- data/src/core/lib/surface/event_string.h +9 -1
- data/src/core/lib/surface/{init.c → init.cc} +16 -39
- data/src/core/lib/surface/init.h +8 -0
- data/src/core/lib/surface/{init_secure.c → init_secure.cc} +12 -25
- data/src/core/lib/surface/lame_client.cc +38 -40
- data/src/core/lib/surface/lame_client.h +8 -0
- data/src/core/lib/surface/{metadata_array.c → metadata_array.cc} +0 -0
- data/src/core/lib/surface/{server.c → server.cc} +340 -404
- data/src/core/lib/surface/server.h +22 -14
- data/src/core/lib/surface/{validate_metadata.c → validate_metadata.cc} +10 -9
- data/src/core/lib/surface/validate_metadata.h +10 -2
- data/src/core/lib/surface/{version.c → version.cc} +2 -2
- data/src/core/lib/transport/bdp_estimator.cc +84 -0
- data/src/core/lib/transport/bdp_estimator.h +67 -42
- data/src/core/lib/transport/{byte_stream.c → byte_stream.cc} +51 -51
- data/src/core/lib/transport/byte_stream.h +41 -33
- data/src/core/lib/transport/{connectivity_state.c → connectivity_state.cc} +36 -40
- data/src/core/lib/transport/connectivity_state.h +29 -21
- data/src/core/lib/transport/{error_utils.c → error_utils.cc} +26 -22
- data/src/core/lib/transport/error_utils.h +18 -6
- data/src/core/lib/transport/{metadata.c → metadata.cc} +92 -88
- data/src/core/lib/transport/metadata.h +22 -20
- data/src/core/lib/transport/{metadata_batch.c → metadata_batch.cc} +78 -79
- data/src/core/lib/transport/metadata_batch.h +46 -45
- data/src/core/lib/transport/pid_controller.cc +48 -0
- data/src/core/lib/transport/pid_controller.h +84 -32
- data/src/core/lib/transport/{service_config.c → service_config.cc} +66 -48
- data/src/core/lib/transport/service_config.h +11 -2
- data/src/core/lib/transport/{static_metadata.c → static_metadata.cc} +2 -2
- data/src/core/lib/transport/static_metadata.h +30 -23
- data/src/core/lib/transport/{status_conversion.c → status_conversion.cc} +4 -3
- data/src/core/lib/transport/status_conversion.h +12 -2
- data/src/core/lib/transport/{timeout_encoding.c → timeout_encoding.cc} +28 -61
- data/src/core/lib/transport/timeout_encoding.h +11 -2
- data/src/core/lib/transport/{transport.c → transport.cc} +79 -79
- data/src/core/lib/transport/transport.h +78 -80
- data/src/core/lib/transport/transport_impl.h +27 -19
- data/src/core/lib/transport/{transport_op_string.c → transport_op_string.cc} +32 -30
- data/src/core/plugin_registry/{grpc_plugin_registry.c → grpc_plugin_registry.cc} +34 -38
- data/src/core/tsi/{fake_transport_security.c → fake_transport_security.cc} +141 -132
- data/src/core/tsi/fake_transport_security.h +5 -5
- data/src/core/tsi/{gts_transport_security.c → gts_transport_security.cc} +4 -4
- data/src/core/tsi/gts_transport_security.h +11 -3
- data/src/core/tsi/{ssl_transport_security.c → ssl_transport_security.cc} +309 -300
- data/src/core/tsi/ssl_transport_security.h +25 -25
- data/src/core/tsi/ssl_types.h +8 -0
- data/src/core/tsi/{transport_security.c → transport_security.cc} +94 -87
- data/src/core/tsi/transport_security.h +55 -55
- data/src/core/tsi/{transport_security_adapter.c → transport_security_adapter.cc} +58 -55
- data/src/core/tsi/transport_security_adapter.h +2 -2
- data/src/core/tsi/{transport_security_grpc.c → transport_security_grpc.cc} +21 -21
- data/src/core/tsi/transport_security_grpc.h +19 -19
- data/src/core/tsi/transport_security_interface.h +41 -41
- data/src/ruby/ext/grpc/extconf.rb +4 -2
- data/src/ruby/ext/grpc/rb_byte_buffer.c +5 -5
- data/src/ruby/ext/grpc/rb_byte_buffer.h +2 -2
- data/src/ruby/ext/grpc/rb_call.c +41 -42
- data/src/ruby/ext/grpc/rb_call.h +6 -6
- data/src/ruby/ext/grpc/rb_call_credentials.c +30 -30
- data/src/ruby/ext/grpc/rb_channel.c +87 -87
- data/src/ruby/ext/grpc/rb_channel_credentials.c +23 -23
- data/src/ruby/ext/grpc/rb_completion_queue.c +11 -11
- data/src/ruby/ext/grpc/rb_completion_queue.h +3 -3
- data/src/ruby/ext/grpc/rb_compression_options.c +20 -20
- data/src/ruby/ext/grpc/rb_event_thread.c +14 -14
- data/src/ruby/ext/grpc/rb_event_thread.h +1 -1
- data/src/ruby/ext/grpc/rb_grpc.c +8 -8
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +16 -58
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +242 -306
- data/src/ruby/ext/grpc/rb_server.c +23 -23
- data/src/ruby/ext/grpc/rb_server_credentials.c +13 -13
- data/src/ruby/lib/grpc/generic/rpc_server.rb +25 -12
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/checker.rb +14 -0
- data/src/ruby/spec/pb/health/checker_spec.rb +29 -0
- data/third_party/cares/config_freebsd/ares_config.h +502 -0
- data/third_party/cares/config_openbsd/ares_config.h +502 -0
- metadata +302 -328
- data/src/core/ext/census/aggregation.h +0 -51
- data/src/core/ext/census/base_resources.c +0 -56
- data/src/core/ext/census/base_resources.h +0 -24
- data/src/core/ext/census/census_interface.h +0 -61
- data/src/core/ext/census/census_rpc_stats.h +0 -86
- data/src/core/ext/census/context.c +0 -496
- data/src/core/ext/census/gen/census.pb.c +0 -161
- data/src/core/ext/census/gen/census.pb.h +0 -280
- data/src/core/ext/census/gen/trace_context.pb.c +0 -39
- data/src/core/ext/census/gen/trace_context.pb.h +0 -78
- data/src/core/ext/census/grpc_filter.c +0 -196
- data/src/core/ext/census/grpc_plugin.c +0 -70
- data/src/core/ext/census/initialize.c +0 -51
- data/src/core/ext/census/intrusive_hash_map.c +0 -305
- data/src/core/ext/census/intrusive_hash_map.h +0 -152
- data/src/core/ext/census/intrusive_hash_map_internal.h +0 -48
- data/src/core/ext/census/mlog.c +0 -586
- data/src/core/ext/census/mlog.h +0 -80
- data/src/core/ext/census/operation.c +0 -48
- data/src/core/ext/census/placeholders.c +0 -49
- data/src/core/ext/census/resource.c +0 -303
- data/src/core/ext/census/resource.h +0 -48
- data/src/core/ext/census/rpc_metric_id.h +0 -36
- data/src/core/ext/census/trace_context.c +0 -71
- data/src/core/ext/census/trace_context.h +0 -56
- data/src/core/ext/census/trace_label.h +0 -46
- data/src/core/ext/census/trace_propagation.h +0 -48
- data/src/core/ext/census/trace_status.h +0 -30
- data/src/core/ext/census/trace_string.h +0 -35
- data/src/core/ext/census/tracing.c +0 -55
- data/src/core/ext/census/tracing.h +0 -109
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.c +0 -714
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.c +0 -924
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.c +0 -60
- data/src/core/ext/transport/chttp2/transport/flow_control.c +0 -502
- data/src/core/ext/transport/chttp2/transport/writing.c +0 -534
- data/src/core/lib/debug/trace.c +0 -146
- data/src/core/lib/iomgr/closure.c +0 -219
- data/src/core/lib/iomgr/ev_epollex_linux.c +0 -1461
- data/src/core/lib/iomgr/ev_posix.c +0 -266
- data/src/core/lib/iomgr/exec_ctx.c +0 -113
- data/src/core/lib/iomgr/tcp_uv.c +0 -381
- data/src/core/lib/security/credentials/ssl/ssl_credentials.c +0 -194
- data/src/core/lib/security/transport/security_connector.c +0 -914
- data/src/core/lib/support/backoff.c +0 -72
- data/src/core/lib/support/backoff.h +0 -56
- data/src/core/lib/support/mpscq.c +0 -79
- data/src/core/lib/support/stack_lockfree.c +0 -137
- data/src/core/lib/support/stack_lockfree.h +0 -38
- data/src/core/lib/transport/bdp_estimator.c +0 -110
- data/src/core/lib/transport/pid_controller.c +0 -63
@@ -25,30 +25,33 @@
|
|
25
25
|
* secure naming purposes. */
|
26
26
|
#define GRPC_ARG_LB_SECURE_NAMING_MAP "grpc.lb_secure_naming_map"
|
27
27
|
|
28
|
-
static void
|
29
|
-
|
30
|
-
grpc_slice_hash_table_unref(exec_ctx, p);
|
28
|
+
static void* targets_info_copy(void* p) {
|
29
|
+
return grpc_slice_hash_table_ref((grpc_slice_hash_table*)p);
|
31
30
|
}
|
32
|
-
static
|
33
|
-
|
31
|
+
static void targets_info_destroy(grpc_exec_ctx* exec_ctx, void* p) {
|
32
|
+
grpc_slice_hash_table_unref(exec_ctx, (grpc_slice_hash_table*)p);
|
33
|
+
}
|
34
|
+
static int targets_info_cmp(void* a, void* b) {
|
35
|
+
return grpc_slice_hash_table_cmp((const grpc_slice_hash_table*)a,
|
36
|
+
(const grpc_slice_hash_table*)b);
|
34
37
|
}
|
35
38
|
static const grpc_arg_pointer_vtable server_to_balancer_names_vtable = {
|
36
39
|
targets_info_copy, targets_info_destroy, targets_info_cmp};
|
37
40
|
|
38
41
|
grpc_arg grpc_lb_targets_info_create_channel_arg(
|
39
|
-
grpc_slice_hash_table
|
40
|
-
return grpc_channel_arg_pointer_create(GRPC_ARG_LB_SECURE_NAMING_MAP,
|
42
|
+
grpc_slice_hash_table* targets_info) {
|
43
|
+
return grpc_channel_arg_pointer_create((char*)GRPC_ARG_LB_SECURE_NAMING_MAP,
|
41
44
|
targets_info,
|
42
45
|
&server_to_balancer_names_vtable);
|
43
46
|
}
|
44
47
|
|
45
|
-
grpc_slice_hash_table
|
46
|
-
const grpc_channel_args
|
47
|
-
const grpc_arg
|
48
|
+
grpc_slice_hash_table* grpc_lb_targets_info_find_in_args(
|
49
|
+
const grpc_channel_args* args) {
|
50
|
+
const grpc_arg* targets_info_arg =
|
48
51
|
grpc_channel_args_find(args, GRPC_ARG_LB_SECURE_NAMING_MAP);
|
49
|
-
if (targets_info_arg !=
|
52
|
+
if (targets_info_arg != nullptr) {
|
50
53
|
GPR_ASSERT(targets_info_arg->type == GRPC_ARG_POINTER);
|
51
|
-
return targets_info_arg->value.pointer.p;
|
54
|
+
return (grpc_slice_hash_table*)targets_info_arg->value.pointer.p;
|
52
55
|
}
|
53
|
-
return
|
56
|
+
return nullptr;
|
54
57
|
}
|
@@ -21,12 +21,20 @@
|
|
21
21
|
|
22
22
|
#include "src/core/lib/slice/slice_hash_table.h"
|
23
23
|
|
24
|
+
#ifdef __cplusplus
|
25
|
+
extern "C" {
|
26
|
+
#endif
|
27
|
+
|
24
28
|
/** Return a channel argument containing \a targets_info. */
|
25
29
|
grpc_arg grpc_lb_targets_info_create_channel_arg(
|
26
|
-
grpc_slice_hash_table
|
30
|
+
grpc_slice_hash_table* targets_info);
|
27
31
|
|
28
32
|
/** Return the instance of targets info in \a args or NULL */
|
29
|
-
grpc_slice_hash_table
|
30
|
-
const grpc_channel_args
|
33
|
+
grpc_slice_hash_table* grpc_lb_targets_info_find_in_args(
|
34
|
+
const grpc_channel_args* args);
|
35
|
+
|
36
|
+
#ifdef __cplusplus
|
37
|
+
}
|
38
|
+
#endif
|
31
39
|
|
32
40
|
#endif /* GRPC_CORE_LIB_SECURITY_TRANSPORT_LB_TARGETS_INFO_H */
|
@@ -40,15 +40,15 @@
|
|
40
40
|
|
41
41
|
typedef struct {
|
42
42
|
grpc_endpoint base;
|
43
|
-
grpc_endpoint
|
44
|
-
struct tsi_frame_protector
|
45
|
-
struct tsi_zero_copy_grpc_protector
|
43
|
+
grpc_endpoint* wrapped_ep;
|
44
|
+
struct tsi_frame_protector* protector;
|
45
|
+
struct tsi_zero_copy_grpc_protector* zero_copy_protector;
|
46
46
|
gpr_mu protector_mu;
|
47
47
|
/* saved upper level callbacks and user_data. */
|
48
|
-
grpc_closure
|
49
|
-
grpc_closure
|
48
|
+
grpc_closure* read_cb;
|
49
|
+
grpc_closure* write_cb;
|
50
50
|
grpc_closure on_read;
|
51
|
-
grpc_slice_buffer
|
51
|
+
grpc_slice_buffer* read_buffer;
|
52
52
|
grpc_slice_buffer source_buffer;
|
53
53
|
/* saved handshaker leftover data to unprotect. */
|
54
54
|
grpc_slice_buffer leftover_bytes;
|
@@ -61,11 +61,10 @@ typedef struct {
|
|
61
61
|
gpr_refcount ref;
|
62
62
|
} secure_endpoint;
|
63
63
|
|
64
|
-
|
65
|
-
GRPC_TRACER_INITIALIZER(false, "secure_endpoint");
|
64
|
+
grpc_core::TraceFlag grpc_trace_secure_endpoint(false, "secure_endpoint");
|
66
65
|
|
67
|
-
static void destroy(grpc_exec_ctx
|
68
|
-
secure_endpoint
|
66
|
+
static void destroy(grpc_exec_ctx* exec_ctx, secure_endpoint* secure_ep) {
|
67
|
+
secure_endpoint* ep = secure_ep;
|
69
68
|
grpc_endpoint_destroy(exec_ctx, ep->wrapped_ep);
|
70
69
|
tsi_frame_protector_destroy(ep->protector);
|
71
70
|
tsi_zero_copy_grpc_protector_destroy(exec_ctx, ep->zero_copy_protector);
|
@@ -83,10 +82,10 @@ static void destroy(grpc_exec_ctx *exec_ctx, secure_endpoint *secure_ep) {
|
|
83
82
|
secure_endpoint_unref((exec_ctx), (ep), (reason), __FILE__, __LINE__)
|
84
83
|
#define SECURE_ENDPOINT_REF(ep, reason) \
|
85
84
|
secure_endpoint_ref((ep), (reason), __FILE__, __LINE__)
|
86
|
-
static void secure_endpoint_unref(grpc_exec_ctx
|
87
|
-
const char
|
85
|
+
static void secure_endpoint_unref(grpc_exec_ctx* exec_ctx, secure_endpoint* ep,
|
86
|
+
const char* reason, const char* file,
|
88
87
|
int line) {
|
89
|
-
if (
|
88
|
+
if (grpc_trace_secure_endpoint.enabled()) {
|
90
89
|
gpr_atm val = gpr_atm_no_barrier_load(&ep->ref.count);
|
91
90
|
gpr_log(file, line, GPR_LOG_SEVERITY_DEBUG,
|
92
91
|
"SECENDP unref %p : %s %" PRIdPTR " -> %" PRIdPTR, ep, reason, val,
|
@@ -97,9 +96,9 @@ static void secure_endpoint_unref(grpc_exec_ctx *exec_ctx, secure_endpoint *ep,
|
|
97
96
|
}
|
98
97
|
}
|
99
98
|
|
100
|
-
static void secure_endpoint_ref(secure_endpoint
|
101
|
-
const char
|
102
|
-
if (
|
99
|
+
static void secure_endpoint_ref(secure_endpoint* ep, const char* reason,
|
100
|
+
const char* file, int line) {
|
101
|
+
if (grpc_trace_secure_endpoint.enabled()) {
|
103
102
|
gpr_atm val = gpr_atm_no_barrier_load(&ep->ref.count);
|
104
103
|
gpr_log(file, line, GPR_LOG_SEVERITY_DEBUG,
|
105
104
|
"SECENDP ref %p : %s %" PRIdPTR " -> %" PRIdPTR, ep, reason, val,
|
@@ -111,57 +110,58 @@ static void secure_endpoint_ref(secure_endpoint *ep, const char *reason,
|
|
111
110
|
#define SECURE_ENDPOINT_UNREF(exec_ctx, ep, reason) \
|
112
111
|
secure_endpoint_unref((exec_ctx), (ep))
|
113
112
|
#define SECURE_ENDPOINT_REF(ep, reason) secure_endpoint_ref((ep))
|
114
|
-
static void secure_endpoint_unref(grpc_exec_ctx
|
115
|
-
secure_endpoint
|
113
|
+
static void secure_endpoint_unref(grpc_exec_ctx* exec_ctx,
|
114
|
+
secure_endpoint* ep) {
|
116
115
|
if (gpr_unref(&ep->ref)) {
|
117
116
|
destroy(exec_ctx, ep);
|
118
117
|
}
|
119
118
|
}
|
120
119
|
|
121
|
-
static void secure_endpoint_ref(secure_endpoint
|
120
|
+
static void secure_endpoint_ref(secure_endpoint* ep) { gpr_ref(&ep->ref); }
|
122
121
|
#endif
|
123
122
|
|
124
|
-
static void flush_read_staging_buffer(secure_endpoint
|
125
|
-
uint8_t
|
123
|
+
static void flush_read_staging_buffer(secure_endpoint* ep, uint8_t** cur,
|
124
|
+
uint8_t** end) {
|
126
125
|
grpc_slice_buffer_add(ep->read_buffer, ep->read_staging_buffer);
|
127
126
|
ep->read_staging_buffer = GRPC_SLICE_MALLOC(STAGING_BUFFER_SIZE);
|
128
127
|
*cur = GRPC_SLICE_START_PTR(ep->read_staging_buffer);
|
129
128
|
*end = GRPC_SLICE_END_PTR(ep->read_staging_buffer);
|
130
129
|
}
|
131
130
|
|
132
|
-
static void call_read_cb(grpc_exec_ctx
|
133
|
-
grpc_error
|
134
|
-
if (
|
131
|
+
static void call_read_cb(grpc_exec_ctx* exec_ctx, secure_endpoint* ep,
|
132
|
+
grpc_error* error) {
|
133
|
+
if (grpc_trace_secure_endpoint.enabled()) {
|
135
134
|
size_t i;
|
136
135
|
for (i = 0; i < ep->read_buffer->count; i++) {
|
137
|
-
char
|
136
|
+
char* data = grpc_dump_slice(ep->read_buffer->slices[i],
|
138
137
|
GPR_DUMP_HEX | GPR_DUMP_ASCII);
|
139
138
|
gpr_log(GPR_DEBUG, "READ %p: %s", ep, data);
|
140
139
|
gpr_free(data);
|
141
140
|
}
|
142
141
|
}
|
143
|
-
ep->read_buffer =
|
142
|
+
ep->read_buffer = nullptr;
|
144
143
|
GRPC_CLOSURE_SCHED(exec_ctx, ep->read_cb, error);
|
145
144
|
SECURE_ENDPOINT_UNREF(exec_ctx, ep, "read");
|
146
145
|
}
|
147
146
|
|
148
|
-
static void on_read(grpc_exec_ctx
|
149
|
-
grpc_error
|
147
|
+
static void on_read(grpc_exec_ctx* exec_ctx, void* user_data,
|
148
|
+
grpc_error* error) {
|
150
149
|
unsigned i;
|
151
150
|
uint8_t keep_looping = 0;
|
152
151
|
tsi_result result = TSI_OK;
|
153
|
-
secure_endpoint
|
154
|
-
uint8_t
|
155
|
-
uint8_t
|
152
|
+
secure_endpoint* ep = (secure_endpoint*)user_data;
|
153
|
+
uint8_t* cur = GRPC_SLICE_START_PTR(ep->read_staging_buffer);
|
154
|
+
uint8_t* end = GRPC_SLICE_END_PTR(ep->read_staging_buffer);
|
156
155
|
|
157
156
|
if (error != GRPC_ERROR_NONE) {
|
158
157
|
grpc_slice_buffer_reset_and_unref_internal(exec_ctx, ep->read_buffer);
|
159
|
-
call_read_cb(exec_ctx, ep,
|
160
|
-
|
158
|
+
call_read_cb(exec_ctx, ep,
|
159
|
+
GRPC_ERROR_CREATE_REFERENCING_FROM_STATIC_STRING(
|
160
|
+
"Secure read failed", &error, 1));
|
161
161
|
return;
|
162
162
|
}
|
163
163
|
|
164
|
-
if (ep->zero_copy_protector !=
|
164
|
+
if (ep->zero_copy_protector != nullptr) {
|
165
165
|
// Use zero-copy grpc protector to unprotect.
|
166
166
|
result = tsi_zero_copy_grpc_protector_unprotect(
|
167
167
|
exec_ctx, ep->zero_copy_protector, &ep->source_buffer, ep->read_buffer);
|
@@ -170,7 +170,7 @@ static void on_read(grpc_exec_ctx *exec_ctx, void *user_data,
|
|
170
170
|
/* TODO(yangg) check error, maybe bail out early */
|
171
171
|
for (i = 0; i < ep->source_buffer.count; i++) {
|
172
172
|
grpc_slice encrypted = ep->source_buffer.slices[i];
|
173
|
-
uint8_t
|
173
|
+
uint8_t* message_bytes = GRPC_SLICE_START_PTR(encrypted);
|
174
174
|
size_t message_size = GRPC_SLICE_LENGTH(encrypted);
|
175
175
|
|
176
176
|
while (message_size > 0 || keep_looping) {
|
@@ -231,9 +231,9 @@ static void on_read(grpc_exec_ctx *exec_ctx, void *user_data,
|
|
231
231
|
call_read_cb(exec_ctx, ep, GRPC_ERROR_NONE);
|
232
232
|
}
|
233
233
|
|
234
|
-
static void endpoint_read(grpc_exec_ctx
|
235
|
-
grpc_slice_buffer
|
236
|
-
secure_endpoint
|
234
|
+
static void endpoint_read(grpc_exec_ctx* exec_ctx, grpc_endpoint* secure_ep,
|
235
|
+
grpc_slice_buffer* slices, grpc_closure* cb) {
|
236
|
+
secure_endpoint* ep = (secure_endpoint*)secure_ep;
|
237
237
|
ep->read_cb = cb;
|
238
238
|
ep->read_buffer = slices;
|
239
239
|
grpc_slice_buffer_reset_and_unref_internal(exec_ctx, ep->read_buffer);
|
@@ -250,36 +250,36 @@ static void endpoint_read(grpc_exec_ctx *exec_ctx, grpc_endpoint *secure_ep,
|
|
250
250
|
&ep->on_read);
|
251
251
|
}
|
252
252
|
|
253
|
-
static void flush_write_staging_buffer(secure_endpoint
|
254
|
-
uint8_t
|
253
|
+
static void flush_write_staging_buffer(secure_endpoint* ep, uint8_t** cur,
|
254
|
+
uint8_t** end) {
|
255
255
|
grpc_slice_buffer_add(&ep->output_buffer, ep->write_staging_buffer);
|
256
256
|
ep->write_staging_buffer = GRPC_SLICE_MALLOC(STAGING_BUFFER_SIZE);
|
257
257
|
*cur = GRPC_SLICE_START_PTR(ep->write_staging_buffer);
|
258
258
|
*end = GRPC_SLICE_END_PTR(ep->write_staging_buffer);
|
259
259
|
}
|
260
260
|
|
261
|
-
static void endpoint_write(grpc_exec_ctx
|
262
|
-
grpc_slice_buffer
|
261
|
+
static void endpoint_write(grpc_exec_ctx* exec_ctx, grpc_endpoint* secure_ep,
|
262
|
+
grpc_slice_buffer* slices, grpc_closure* cb) {
|
263
263
|
GPR_TIMER_BEGIN("secure_endpoint.endpoint_write", 0);
|
264
264
|
|
265
265
|
unsigned i;
|
266
266
|
tsi_result result = TSI_OK;
|
267
|
-
secure_endpoint
|
268
|
-
uint8_t
|
269
|
-
uint8_t
|
267
|
+
secure_endpoint* ep = (secure_endpoint*)secure_ep;
|
268
|
+
uint8_t* cur = GRPC_SLICE_START_PTR(ep->write_staging_buffer);
|
269
|
+
uint8_t* end = GRPC_SLICE_END_PTR(ep->write_staging_buffer);
|
270
270
|
|
271
271
|
grpc_slice_buffer_reset_and_unref_internal(exec_ctx, &ep->output_buffer);
|
272
272
|
|
273
|
-
if (
|
273
|
+
if (grpc_trace_secure_endpoint.enabled()) {
|
274
274
|
for (i = 0; i < slices->count; i++) {
|
275
|
-
char
|
275
|
+
char* data =
|
276
276
|
grpc_dump_slice(slices->slices[i], GPR_DUMP_HEX | GPR_DUMP_ASCII);
|
277
277
|
gpr_log(GPR_DEBUG, "WRITE %p: %s", ep, data);
|
278
278
|
gpr_free(data);
|
279
279
|
}
|
280
280
|
}
|
281
281
|
|
282
|
-
if (ep->zero_copy_protector !=
|
282
|
+
if (ep->zero_copy_protector != nullptr) {
|
283
283
|
// Use zero-copy grpc protector to protect.
|
284
284
|
result = tsi_zero_copy_grpc_protector_protect(
|
285
285
|
exec_ctx, ep->zero_copy_protector, slices, &ep->output_buffer);
|
@@ -287,7 +287,7 @@ static void endpoint_write(grpc_exec_ctx *exec_ctx, grpc_endpoint *secure_ep,
|
|
287
287
|
// Use frame protector to protect.
|
288
288
|
for (i = 0; i < slices->count; i++) {
|
289
289
|
grpc_slice plain = slices->slices[i];
|
290
|
-
uint8_t
|
290
|
+
uint8_t* message_bytes = GRPC_SLICE_START_PTR(plain);
|
291
291
|
size_t message_size = GRPC_SLICE_LENGTH(plain);
|
292
292
|
while (message_size > 0) {
|
293
293
|
size_t protected_buffer_size_to_send = (size_t)(end - cur);
|
@@ -353,45 +353,52 @@ static void endpoint_write(grpc_exec_ctx *exec_ctx, grpc_endpoint *secure_ep,
|
|
353
353
|
GPR_TIMER_END("secure_endpoint.endpoint_write", 0);
|
354
354
|
}
|
355
355
|
|
356
|
-
static void endpoint_shutdown(grpc_exec_ctx
|
357
|
-
grpc_error
|
358
|
-
secure_endpoint
|
356
|
+
static void endpoint_shutdown(grpc_exec_ctx* exec_ctx, grpc_endpoint* secure_ep,
|
357
|
+
grpc_error* why) {
|
358
|
+
secure_endpoint* ep = (secure_endpoint*)secure_ep;
|
359
359
|
grpc_endpoint_shutdown(exec_ctx, ep->wrapped_ep, why);
|
360
360
|
}
|
361
361
|
|
362
|
-
static void endpoint_destroy(grpc_exec_ctx
|
363
|
-
grpc_endpoint
|
364
|
-
secure_endpoint
|
362
|
+
static void endpoint_destroy(grpc_exec_ctx* exec_ctx,
|
363
|
+
grpc_endpoint* secure_ep) {
|
364
|
+
secure_endpoint* ep = (secure_endpoint*)secure_ep;
|
365
365
|
SECURE_ENDPOINT_UNREF(exec_ctx, ep, "destroy");
|
366
366
|
}
|
367
367
|
|
368
|
-
static void endpoint_add_to_pollset(grpc_exec_ctx
|
369
|
-
grpc_endpoint
|
370
|
-
grpc_pollset
|
371
|
-
secure_endpoint
|
368
|
+
static void endpoint_add_to_pollset(grpc_exec_ctx* exec_ctx,
|
369
|
+
grpc_endpoint* secure_ep,
|
370
|
+
grpc_pollset* pollset) {
|
371
|
+
secure_endpoint* ep = (secure_endpoint*)secure_ep;
|
372
372
|
grpc_endpoint_add_to_pollset(exec_ctx, ep->wrapped_ep, pollset);
|
373
373
|
}
|
374
374
|
|
375
|
-
static void endpoint_add_to_pollset_set(grpc_exec_ctx
|
376
|
-
grpc_endpoint
|
377
|
-
grpc_pollset_set
|
378
|
-
secure_endpoint
|
375
|
+
static void endpoint_add_to_pollset_set(grpc_exec_ctx* exec_ctx,
|
376
|
+
grpc_endpoint* secure_ep,
|
377
|
+
grpc_pollset_set* pollset_set) {
|
378
|
+
secure_endpoint* ep = (secure_endpoint*)secure_ep;
|
379
379
|
grpc_endpoint_add_to_pollset_set(exec_ctx, ep->wrapped_ep, pollset_set);
|
380
380
|
}
|
381
381
|
|
382
|
-
static
|
383
|
-
|
382
|
+
static void endpoint_delete_from_pollset_set(grpc_exec_ctx* exec_ctx,
|
383
|
+
grpc_endpoint* secure_ep,
|
384
|
+
grpc_pollset_set* pollset_set) {
|
385
|
+
secure_endpoint* ep = (secure_endpoint*)secure_ep;
|
386
|
+
grpc_endpoint_delete_from_pollset_set(exec_ctx, ep->wrapped_ep, pollset_set);
|
387
|
+
}
|
388
|
+
|
389
|
+
static char* endpoint_get_peer(grpc_endpoint* secure_ep) {
|
390
|
+
secure_endpoint* ep = (secure_endpoint*)secure_ep;
|
384
391
|
return grpc_endpoint_get_peer(ep->wrapped_ep);
|
385
392
|
}
|
386
393
|
|
387
|
-
static int endpoint_get_fd(grpc_endpoint
|
388
|
-
secure_endpoint
|
394
|
+
static int endpoint_get_fd(grpc_endpoint* secure_ep) {
|
395
|
+
secure_endpoint* ep = (secure_endpoint*)secure_ep;
|
389
396
|
return grpc_endpoint_get_fd(ep->wrapped_ep);
|
390
397
|
}
|
391
398
|
|
392
|
-
static grpc_resource_user
|
393
|
-
grpc_endpoint
|
394
|
-
secure_endpoint
|
399
|
+
static grpc_resource_user* endpoint_get_resource_user(
|
400
|
+
grpc_endpoint* secure_ep) {
|
401
|
+
secure_endpoint* ep = (secure_endpoint*)secure_ep;
|
395
402
|
return grpc_endpoint_get_resource_user(ep->wrapped_ep);
|
396
403
|
}
|
397
404
|
|
@@ -399,19 +406,20 @@ static const grpc_endpoint_vtable vtable = {endpoint_read,
|
|
399
406
|
endpoint_write,
|
400
407
|
endpoint_add_to_pollset,
|
401
408
|
endpoint_add_to_pollset_set,
|
409
|
+
endpoint_delete_from_pollset_set,
|
402
410
|
endpoint_shutdown,
|
403
411
|
endpoint_destroy,
|
404
412
|
endpoint_get_resource_user,
|
405
413
|
endpoint_get_peer,
|
406
414
|
endpoint_get_fd};
|
407
415
|
|
408
|
-
grpc_endpoint
|
409
|
-
struct tsi_frame_protector
|
410
|
-
struct tsi_zero_copy_grpc_protector
|
411
|
-
grpc_endpoint
|
416
|
+
grpc_endpoint* grpc_secure_endpoint_create(
|
417
|
+
struct tsi_frame_protector* protector,
|
418
|
+
struct tsi_zero_copy_grpc_protector* zero_copy_protector,
|
419
|
+
grpc_endpoint* transport, grpc_slice* leftover_slices,
|
412
420
|
size_t leftover_nslices) {
|
413
421
|
size_t i;
|
414
|
-
secure_endpoint
|
422
|
+
secure_endpoint* ep = (secure_endpoint*)gpr_malloc(sizeof(secure_endpoint));
|
415
423
|
ep->base.vtable = &vtable;
|
416
424
|
ep->wrapped_ep = transport;
|
417
425
|
ep->protector = protector;
|
@@ -425,7 +433,7 @@ grpc_endpoint *grpc_secure_endpoint_create(
|
|
425
433
|
ep->read_staging_buffer = GRPC_SLICE_MALLOC(STAGING_BUFFER_SIZE);
|
426
434
|
grpc_slice_buffer_init(&ep->output_buffer);
|
427
435
|
grpc_slice_buffer_init(&ep->source_buffer);
|
428
|
-
ep->read_buffer =
|
436
|
+
ep->read_buffer = nullptr;
|
429
437
|
GRPC_CLOSURE_INIT(&ep->on_read, on_read, ep, grpc_schedule_on_exec_ctx);
|
430
438
|
gpr_mu_init(&ep->protector_mu);
|
431
439
|
gpr_ref_init(&ep->ref, 1);
|
@@ -22,18 +22,26 @@
|
|
22
22
|
#include <grpc/slice.h>
|
23
23
|
#include "src/core/lib/iomgr/endpoint.h"
|
24
24
|
|
25
|
+
#ifdef __cplusplus
|
26
|
+
extern "C" {
|
27
|
+
#endif
|
28
|
+
|
25
29
|
struct tsi_frame_protector;
|
26
30
|
struct tsi_zero_copy_grpc_protector;
|
27
31
|
|
28
|
-
extern
|
32
|
+
extern grpc_core::TraceFlag grpc_trace_secure_endpoint;
|
29
33
|
|
30
34
|
/* Takes ownership of protector, zero_copy_protector, and to_wrap, and refs
|
31
35
|
* leftover_slices. If zero_copy_protector is not NULL, protector will never be
|
32
36
|
* used. */
|
33
|
-
grpc_endpoint
|
34
|
-
struct tsi_frame_protector
|
35
|
-
struct tsi_zero_copy_grpc_protector
|
36
|
-
grpc_endpoint
|
37
|
+
grpc_endpoint* grpc_secure_endpoint_create(
|
38
|
+
struct tsi_frame_protector* protector,
|
39
|
+
struct tsi_zero_copy_grpc_protector* zero_copy_protector,
|
40
|
+
grpc_endpoint* to_wrap, grpc_slice* leftover_slices,
|
37
41
|
size_t leftover_nslices);
|
38
42
|
|
43
|
+
#ifdef __cplusplus
|
44
|
+
}
|
45
|
+
#endif
|
46
|
+
|
39
47
|
#endif /* GRPC_CORE_LIB_SECURITY_TRANSPORT_SECURE_ENDPOINT_H */
|
@@ -0,0 +1,1121 @@
|
|
1
|
+
/*
|
2
|
+
*
|
3
|
+
* Copyright 2015 gRPC authors.
|
4
|
+
*
|
5
|
+
* Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
* you may not use this file except in compliance with the License.
|
7
|
+
* You may obtain a copy of the License at
|
8
|
+
*
|
9
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
*
|
11
|
+
* Unless required by applicable law or agreed to in writing, software
|
12
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
* See the License for the specific language governing permissions and
|
15
|
+
* limitations under the License.
|
16
|
+
*
|
17
|
+
*/
|
18
|
+
|
19
|
+
#include "src/core/lib/security/transport/security_connector.h"
|
20
|
+
|
21
|
+
#include <stdbool.h>
|
22
|
+
#include <string.h>
|
23
|
+
|
24
|
+
#include <grpc/slice_buffer.h>
|
25
|
+
#include <grpc/support/alloc.h>
|
26
|
+
#include <grpc/support/host_port.h>
|
27
|
+
#include <grpc/support/log.h>
|
28
|
+
#include <grpc/support/string_util.h>
|
29
|
+
|
30
|
+
#include "src/core/ext/transport/chttp2/alpn/alpn.h"
|
31
|
+
#include "src/core/lib/channel/channel_args.h"
|
32
|
+
#include "src/core/lib/channel/handshaker.h"
|
33
|
+
#include "src/core/lib/iomgr/load_file.h"
|
34
|
+
#include "src/core/lib/security/context/security_context.h"
|
35
|
+
#include "src/core/lib/security/credentials/credentials.h"
|
36
|
+
#include "src/core/lib/security/credentials/fake/fake_credentials.h"
|
37
|
+
#include "src/core/lib/security/credentials/ssl/ssl_credentials.h"
|
38
|
+
#include "src/core/lib/security/transport/lb_targets_info.h"
|
39
|
+
#include "src/core/lib/security/transport/secure_endpoint.h"
|
40
|
+
#include "src/core/lib/security/transport/security_handshaker.h"
|
41
|
+
#include "src/core/lib/support/env.h"
|
42
|
+
#include "src/core/lib/support/string.h"
|
43
|
+
#include "src/core/tsi/fake_transport_security.h"
|
44
|
+
#include "src/core/tsi/ssl_transport_security.h"
|
45
|
+
#include "src/core/tsi/transport_security_adapter.h"
|
46
|
+
|
47
|
+
grpc_core::DebugOnlyTraceFlag grpc_trace_security_connector_refcount(
|
48
|
+
false, "security_connector_refcount");
|
49
|
+
|
50
|
+
/* -- Constants. -- */
|
51
|
+
|
52
|
+
#ifndef INSTALL_PREFIX
|
53
|
+
static const char* installed_roots_path = "/usr/share/grpc/roots.pem";
|
54
|
+
#else
|
55
|
+
static const char* installed_roots_path =
|
56
|
+
INSTALL_PREFIX "/share/grpc/roots.pem";
|
57
|
+
#endif
|
58
|
+
|
59
|
+
/* -- Overridden default roots. -- */
|
60
|
+
|
61
|
+
static grpc_ssl_roots_override_callback ssl_roots_override_cb = nullptr;
|
62
|
+
|
63
|
+
void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb) {
|
64
|
+
ssl_roots_override_cb = cb;
|
65
|
+
}
|
66
|
+
|
67
|
+
/* -- Cipher suites. -- */
|
68
|
+
|
69
|
+
/* Defines the cipher suites that we accept by default. All these cipher suites
|
70
|
+
are compliant with HTTP2. */
|
71
|
+
#define GRPC_SSL_CIPHER_SUITES \
|
72
|
+
"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384"
|
73
|
+
|
74
|
+
static gpr_once cipher_suites_once = GPR_ONCE_INIT;
|
75
|
+
static const char* cipher_suites = nullptr;
|
76
|
+
|
77
|
+
static void init_cipher_suites(void) {
|
78
|
+
char* overridden = gpr_getenv("GRPC_SSL_CIPHER_SUITES");
|
79
|
+
cipher_suites = overridden != nullptr ? overridden : GRPC_SSL_CIPHER_SUITES;
|
80
|
+
}
|
81
|
+
|
82
|
+
static const char* ssl_cipher_suites(void) {
|
83
|
+
gpr_once_init(&cipher_suites_once, init_cipher_suites);
|
84
|
+
return cipher_suites;
|
85
|
+
}
|
86
|
+
|
87
|
+
/* -- Common methods. -- */
|
88
|
+
|
89
|
+
/* Returns the first property with that name. */
|
90
|
+
const tsi_peer_property* tsi_peer_get_property_by_name(const tsi_peer* peer,
|
91
|
+
const char* name) {
|
92
|
+
size_t i;
|
93
|
+
if (peer == nullptr) return nullptr;
|
94
|
+
for (i = 0; i < peer->property_count; i++) {
|
95
|
+
const tsi_peer_property* property = &peer->properties[i];
|
96
|
+
if (name == nullptr && property->name == nullptr) {
|
97
|
+
return property;
|
98
|
+
}
|
99
|
+
if (name != nullptr && property->name != nullptr &&
|
100
|
+
strcmp(property->name, name) == 0) {
|
101
|
+
return property;
|
102
|
+
}
|
103
|
+
}
|
104
|
+
return nullptr;
|
105
|
+
}
|
106
|
+
|
107
|
+
void grpc_channel_security_connector_add_handshakers(
|
108
|
+
grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* connector,
|
109
|
+
grpc_handshake_manager* handshake_mgr) {
|
110
|
+
if (connector != nullptr) {
|
111
|
+
connector->add_handshakers(exec_ctx, connector, handshake_mgr);
|
112
|
+
}
|
113
|
+
}
|
114
|
+
|
115
|
+
void grpc_server_security_connector_add_handshakers(
|
116
|
+
grpc_exec_ctx* exec_ctx, grpc_server_security_connector* connector,
|
117
|
+
grpc_handshake_manager* handshake_mgr) {
|
118
|
+
if (connector != nullptr) {
|
119
|
+
connector->add_handshakers(exec_ctx, connector, handshake_mgr);
|
120
|
+
}
|
121
|
+
}
|
122
|
+
|
123
|
+
void grpc_security_connector_check_peer(grpc_exec_ctx* exec_ctx,
|
124
|
+
grpc_security_connector* sc,
|
125
|
+
tsi_peer peer,
|
126
|
+
grpc_auth_context** auth_context,
|
127
|
+
grpc_closure* on_peer_checked) {
|
128
|
+
if (sc == nullptr) {
|
129
|
+
GRPC_CLOSURE_SCHED(exec_ctx, on_peer_checked,
|
130
|
+
GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
131
|
+
"cannot check peer -- no security connector"));
|
132
|
+
tsi_peer_destruct(&peer);
|
133
|
+
} else {
|
134
|
+
sc->vtable->check_peer(exec_ctx, sc, peer, auth_context, on_peer_checked);
|
135
|
+
}
|
136
|
+
}
|
137
|
+
|
138
|
+
int grpc_security_connector_cmp(grpc_security_connector* sc,
|
139
|
+
grpc_security_connector* other) {
|
140
|
+
if (sc == nullptr || other == nullptr) return GPR_ICMP(sc, other);
|
141
|
+
int c = GPR_ICMP(sc->vtable, other->vtable);
|
142
|
+
if (c != 0) return c;
|
143
|
+
return sc->vtable->cmp(sc, other);
|
144
|
+
}
|
145
|
+
|
146
|
+
int grpc_channel_security_connector_cmp(grpc_channel_security_connector* sc1,
|
147
|
+
grpc_channel_security_connector* sc2) {
|
148
|
+
GPR_ASSERT(sc1->channel_creds != nullptr);
|
149
|
+
GPR_ASSERT(sc2->channel_creds != nullptr);
|
150
|
+
int c = GPR_ICMP(sc1->channel_creds, sc2->channel_creds);
|
151
|
+
if (c != 0) return c;
|
152
|
+
c = GPR_ICMP(sc1->request_metadata_creds, sc2->request_metadata_creds);
|
153
|
+
if (c != 0) return c;
|
154
|
+
c = GPR_ICMP((void*)sc1->check_call_host, (void*)sc2->check_call_host);
|
155
|
+
if (c != 0) return c;
|
156
|
+
c = GPR_ICMP((void*)sc1->cancel_check_call_host,
|
157
|
+
(void*)sc2->cancel_check_call_host);
|
158
|
+
if (c != 0) return c;
|
159
|
+
return GPR_ICMP((void*)sc1->add_handshakers, (void*)sc2->add_handshakers);
|
160
|
+
}
|
161
|
+
|
162
|
+
int grpc_server_security_connector_cmp(grpc_server_security_connector* sc1,
|
163
|
+
grpc_server_security_connector* sc2) {
|
164
|
+
GPR_ASSERT(sc1->server_creds != nullptr);
|
165
|
+
GPR_ASSERT(sc2->server_creds != nullptr);
|
166
|
+
int c = GPR_ICMP(sc1->server_creds, sc2->server_creds);
|
167
|
+
if (c != 0) return c;
|
168
|
+
return GPR_ICMP((void*)sc1->add_handshakers, (void*)sc2->add_handshakers);
|
169
|
+
}
|
170
|
+
|
171
|
+
bool grpc_channel_security_connector_check_call_host(
|
172
|
+
grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* sc,
|
173
|
+
const char* host, grpc_auth_context* auth_context,
|
174
|
+
grpc_closure* on_call_host_checked, grpc_error** error) {
|
175
|
+
if (sc == nullptr || sc->check_call_host == nullptr) {
|
176
|
+
*error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
177
|
+
"cannot check call host -- no security connector");
|
178
|
+
return true;
|
179
|
+
}
|
180
|
+
return sc->check_call_host(exec_ctx, sc, host, auth_context,
|
181
|
+
on_call_host_checked, error);
|
182
|
+
}
|
183
|
+
|
184
|
+
void grpc_channel_security_connector_cancel_check_call_host(
|
185
|
+
grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* sc,
|
186
|
+
grpc_closure* on_call_host_checked, grpc_error* error) {
|
187
|
+
if (sc == nullptr || sc->cancel_check_call_host == nullptr) {
|
188
|
+
GRPC_ERROR_UNREF(error);
|
189
|
+
return;
|
190
|
+
}
|
191
|
+
sc->cancel_check_call_host(exec_ctx, sc, on_call_host_checked, error);
|
192
|
+
}
|
193
|
+
|
194
|
+
#ifndef NDEBUG
|
195
|
+
grpc_security_connector* grpc_security_connector_ref(
|
196
|
+
grpc_security_connector* sc, const char* file, int line,
|
197
|
+
const char* reason) {
|
198
|
+
if (sc == nullptr) return nullptr;
|
199
|
+
if (grpc_trace_security_connector_refcount.enabled()) {
|
200
|
+
gpr_atm val = gpr_atm_no_barrier_load(&sc->refcount.count);
|
201
|
+
gpr_log(file, line, GPR_LOG_SEVERITY_DEBUG,
|
202
|
+
"SECURITY_CONNECTOR:%p ref %" PRIdPTR " -> %" PRIdPTR " %s", sc,
|
203
|
+
val, val + 1, reason);
|
204
|
+
}
|
205
|
+
#else
|
206
|
+
grpc_security_connector* grpc_security_connector_ref(
|
207
|
+
grpc_security_connector* sc) {
|
208
|
+
if (sc == NULL) return NULL;
|
209
|
+
#endif
|
210
|
+
gpr_ref(&sc->refcount);
|
211
|
+
return sc;
|
212
|
+
}
|
213
|
+
|
214
|
+
#ifndef NDEBUG
|
215
|
+
void grpc_security_connector_unref(grpc_exec_ctx* exec_ctx,
|
216
|
+
grpc_security_connector* sc,
|
217
|
+
const char* file, int line,
|
218
|
+
const char* reason) {
|
219
|
+
if (sc == nullptr) return;
|
220
|
+
if (grpc_trace_security_connector_refcount.enabled()) {
|
221
|
+
gpr_atm val = gpr_atm_no_barrier_load(&sc->refcount.count);
|
222
|
+
gpr_log(file, line, GPR_LOG_SEVERITY_DEBUG,
|
223
|
+
"SECURITY_CONNECTOR:%p unref %" PRIdPTR " -> %" PRIdPTR " %s", sc,
|
224
|
+
val, val - 1, reason);
|
225
|
+
}
|
226
|
+
#else
|
227
|
+
void grpc_security_connector_unref(grpc_exec_ctx* exec_ctx,
|
228
|
+
grpc_security_connector* sc) {
|
229
|
+
if (sc == NULL) return;
|
230
|
+
#endif
|
231
|
+
if (gpr_unref(&sc->refcount)) sc->vtable->destroy(exec_ctx, sc);
|
232
|
+
}
|
233
|
+
|
234
|
+
static void connector_arg_destroy(grpc_exec_ctx* exec_ctx, void* p) {
|
235
|
+
GRPC_SECURITY_CONNECTOR_UNREF(exec_ctx, (grpc_security_connector*)p,
|
236
|
+
"connector_arg_destroy");
|
237
|
+
}
|
238
|
+
|
239
|
+
static void* connector_arg_copy(void* p) {
|
240
|
+
return GRPC_SECURITY_CONNECTOR_REF((grpc_security_connector*)p,
|
241
|
+
"connector_arg_copy");
|
242
|
+
}
|
243
|
+
|
244
|
+
static int connector_cmp(void* a, void* b) {
|
245
|
+
return grpc_security_connector_cmp((grpc_security_connector*)a,
|
246
|
+
(grpc_security_connector*)b);
|
247
|
+
}
|
248
|
+
|
249
|
+
static const grpc_arg_pointer_vtable connector_arg_vtable = {
|
250
|
+
connector_arg_copy, connector_arg_destroy, connector_cmp};
|
251
|
+
|
252
|
+
grpc_arg grpc_security_connector_to_arg(grpc_security_connector* sc) {
|
253
|
+
return grpc_channel_arg_pointer_create((char*)GRPC_ARG_SECURITY_CONNECTOR, sc,
|
254
|
+
&connector_arg_vtable);
|
255
|
+
}
|
256
|
+
|
257
|
+
grpc_security_connector* grpc_security_connector_from_arg(const grpc_arg* arg) {
|
258
|
+
if (strcmp(arg->key, GRPC_ARG_SECURITY_CONNECTOR)) return nullptr;
|
259
|
+
if (arg->type != GRPC_ARG_POINTER) {
|
260
|
+
gpr_log(GPR_ERROR, "Invalid type %d for arg %s", arg->type,
|
261
|
+
GRPC_ARG_SECURITY_CONNECTOR);
|
262
|
+
return nullptr;
|
263
|
+
}
|
264
|
+
return (grpc_security_connector*)arg->value.pointer.p;
|
265
|
+
}
|
266
|
+
|
267
|
+
grpc_security_connector* grpc_security_connector_find_in_args(
|
268
|
+
const grpc_channel_args* args) {
|
269
|
+
size_t i;
|
270
|
+
if (args == nullptr) return nullptr;
|
271
|
+
for (i = 0; i < args->num_args; i++) {
|
272
|
+
grpc_security_connector* sc =
|
273
|
+
grpc_security_connector_from_arg(&args->args[i]);
|
274
|
+
if (sc != nullptr) return sc;
|
275
|
+
}
|
276
|
+
return nullptr;
|
277
|
+
}
|
278
|
+
|
279
|
+
static tsi_client_certificate_request_type
|
280
|
+
get_tsi_client_certificate_request_type(
|
281
|
+
grpc_ssl_client_certificate_request_type grpc_request_type) {
|
282
|
+
switch (grpc_request_type) {
|
283
|
+
case GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE:
|
284
|
+
return TSI_DONT_REQUEST_CLIENT_CERTIFICATE;
|
285
|
+
|
286
|
+
case GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
|
287
|
+
return TSI_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY;
|
288
|
+
|
289
|
+
case GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY:
|
290
|
+
return TSI_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY;
|
291
|
+
|
292
|
+
case GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
|
293
|
+
return TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY;
|
294
|
+
|
295
|
+
case GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY:
|
296
|
+
return TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY;
|
297
|
+
|
298
|
+
default:
|
299
|
+
return TSI_DONT_REQUEST_CLIENT_CERTIFICATE;
|
300
|
+
}
|
301
|
+
}
|
302
|
+
|
303
|
+
/* -- Fake implementation. -- */
|
304
|
+
|
305
|
+
typedef struct {
|
306
|
+
grpc_channel_security_connector base;
|
307
|
+
char* target;
|
308
|
+
char* expected_targets;
|
309
|
+
bool is_lb_channel;
|
310
|
+
} grpc_fake_channel_security_connector;
|
311
|
+
|
312
|
+
static void fake_channel_destroy(grpc_exec_ctx* exec_ctx,
|
313
|
+
grpc_security_connector* sc) {
|
314
|
+
grpc_fake_channel_security_connector* c =
|
315
|
+
(grpc_fake_channel_security_connector*)sc;
|
316
|
+
grpc_call_credentials_unref(exec_ctx, c->base.request_metadata_creds);
|
317
|
+
gpr_free(c->target);
|
318
|
+
gpr_free(c->expected_targets);
|
319
|
+
gpr_free(c);
|
320
|
+
}
|
321
|
+
|
322
|
+
static void fake_server_destroy(grpc_exec_ctx* exec_ctx,
|
323
|
+
grpc_security_connector* sc) {
|
324
|
+
gpr_free(sc);
|
325
|
+
}
|
326
|
+
|
327
|
+
static bool fake_check_target(const char* target_type, const char* target,
|
328
|
+
const char* set_str) {
|
329
|
+
GPR_ASSERT(target_type != nullptr);
|
330
|
+
GPR_ASSERT(target != nullptr);
|
331
|
+
char** set = nullptr;
|
332
|
+
size_t set_size = 0;
|
333
|
+
gpr_string_split(set_str, ",", &set, &set_size);
|
334
|
+
bool found = false;
|
335
|
+
for (size_t i = 0; i < set_size; ++i) {
|
336
|
+
if (set[i] != nullptr && strcmp(target, set[i]) == 0) found = true;
|
337
|
+
}
|
338
|
+
for (size_t i = 0; i < set_size; ++i) {
|
339
|
+
gpr_free(set[i]);
|
340
|
+
}
|
341
|
+
gpr_free(set);
|
342
|
+
return found;
|
343
|
+
}
|
344
|
+
|
345
|
+
static void fake_secure_name_check(const char* target,
|
346
|
+
const char* expected_targets,
|
347
|
+
bool is_lb_channel) {
|
348
|
+
if (expected_targets == nullptr) return;
|
349
|
+
char** lbs_and_backends = nullptr;
|
350
|
+
size_t lbs_and_backends_size = 0;
|
351
|
+
bool success = false;
|
352
|
+
gpr_string_split(expected_targets, ";", &lbs_and_backends,
|
353
|
+
&lbs_and_backends_size);
|
354
|
+
if (lbs_and_backends_size > 2 || lbs_and_backends_size == 0) {
|
355
|
+
gpr_log(GPR_ERROR, "Invalid expected targets arg value: '%s'",
|
356
|
+
expected_targets);
|
357
|
+
goto done;
|
358
|
+
}
|
359
|
+
if (is_lb_channel) {
|
360
|
+
if (lbs_and_backends_size != 2) {
|
361
|
+
gpr_log(GPR_ERROR,
|
362
|
+
"Invalid expected targets arg value: '%s'. Expectations for LB "
|
363
|
+
"channels must be of the form 'be1,be2,be3,...;lb1,lb2,...",
|
364
|
+
expected_targets);
|
365
|
+
goto done;
|
366
|
+
}
|
367
|
+
if (!fake_check_target("LB", target, lbs_and_backends[1])) {
|
368
|
+
gpr_log(GPR_ERROR, "LB target '%s' not found in expected set '%s'",
|
369
|
+
target, lbs_and_backends[1]);
|
370
|
+
goto done;
|
371
|
+
}
|
372
|
+
success = true;
|
373
|
+
} else {
|
374
|
+
if (!fake_check_target("Backend", target, lbs_and_backends[0])) {
|
375
|
+
gpr_log(GPR_ERROR, "Backend target '%s' not found in expected set '%s'",
|
376
|
+
target, lbs_and_backends[0]);
|
377
|
+
goto done;
|
378
|
+
}
|
379
|
+
success = true;
|
380
|
+
}
|
381
|
+
done:
|
382
|
+
for (size_t i = 0; i < lbs_and_backends_size; ++i) {
|
383
|
+
gpr_free(lbs_and_backends[i]);
|
384
|
+
}
|
385
|
+
gpr_free(lbs_and_backends);
|
386
|
+
if (!success) abort();
|
387
|
+
}
|
388
|
+
|
389
|
+
static void fake_check_peer(grpc_exec_ctx* exec_ctx,
|
390
|
+
grpc_security_connector* sc, tsi_peer peer,
|
391
|
+
grpc_auth_context** auth_context,
|
392
|
+
grpc_closure* on_peer_checked) {
|
393
|
+
const char* prop_name;
|
394
|
+
grpc_error* error = GRPC_ERROR_NONE;
|
395
|
+
*auth_context = nullptr;
|
396
|
+
if (peer.property_count != 1) {
|
397
|
+
error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
398
|
+
"Fake peers should only have 1 property.");
|
399
|
+
goto end;
|
400
|
+
}
|
401
|
+
prop_name = peer.properties[0].name;
|
402
|
+
if (prop_name == nullptr ||
|
403
|
+
strcmp(prop_name, TSI_CERTIFICATE_TYPE_PEER_PROPERTY)) {
|
404
|
+
char* msg;
|
405
|
+
gpr_asprintf(&msg, "Unexpected property in fake peer: %s.",
|
406
|
+
prop_name == nullptr ? "<EMPTY>" : prop_name);
|
407
|
+
error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg);
|
408
|
+
gpr_free(msg);
|
409
|
+
goto end;
|
410
|
+
}
|
411
|
+
if (strncmp(peer.properties[0].value.data, TSI_FAKE_CERTIFICATE_TYPE,
|
412
|
+
peer.properties[0].value.length)) {
|
413
|
+
error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
414
|
+
"Invalid value for cert type property.");
|
415
|
+
goto end;
|
416
|
+
}
|
417
|
+
*auth_context = grpc_auth_context_create(nullptr);
|
418
|
+
grpc_auth_context_add_cstring_property(
|
419
|
+
*auth_context, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
|
420
|
+
GRPC_FAKE_TRANSPORT_SECURITY_TYPE);
|
421
|
+
end:
|
422
|
+
GRPC_CLOSURE_SCHED(exec_ctx, on_peer_checked, error);
|
423
|
+
tsi_peer_destruct(&peer);
|
424
|
+
}
|
425
|
+
|
426
|
+
static void fake_channel_check_peer(grpc_exec_ctx* exec_ctx,
|
427
|
+
grpc_security_connector* sc, tsi_peer peer,
|
428
|
+
grpc_auth_context** auth_context,
|
429
|
+
grpc_closure* on_peer_checked) {
|
430
|
+
fake_check_peer(exec_ctx, sc, peer, auth_context, on_peer_checked);
|
431
|
+
grpc_fake_channel_security_connector* c =
|
432
|
+
(grpc_fake_channel_security_connector*)sc;
|
433
|
+
fake_secure_name_check(c->target, c->expected_targets, c->is_lb_channel);
|
434
|
+
}
|
435
|
+
|
436
|
+
static void fake_server_check_peer(grpc_exec_ctx* exec_ctx,
|
437
|
+
grpc_security_connector* sc, tsi_peer peer,
|
438
|
+
grpc_auth_context** auth_context,
|
439
|
+
grpc_closure* on_peer_checked) {
|
440
|
+
fake_check_peer(exec_ctx, sc, peer, auth_context, on_peer_checked);
|
441
|
+
}
|
442
|
+
|
443
|
+
static int fake_channel_cmp(grpc_security_connector* sc1,
|
444
|
+
grpc_security_connector* sc2) {
|
445
|
+
grpc_fake_channel_security_connector* c1 =
|
446
|
+
(grpc_fake_channel_security_connector*)sc1;
|
447
|
+
grpc_fake_channel_security_connector* c2 =
|
448
|
+
(grpc_fake_channel_security_connector*)sc2;
|
449
|
+
int c = grpc_channel_security_connector_cmp(&c1->base, &c2->base);
|
450
|
+
if (c != 0) return c;
|
451
|
+
c = strcmp(c1->target, c2->target);
|
452
|
+
if (c != 0) return c;
|
453
|
+
if (c1->expected_targets == nullptr || c2->expected_targets == nullptr) {
|
454
|
+
c = GPR_ICMP(c1->expected_targets, c2->expected_targets);
|
455
|
+
} else {
|
456
|
+
c = strcmp(c1->expected_targets, c2->expected_targets);
|
457
|
+
}
|
458
|
+
if (c != 0) return c;
|
459
|
+
return GPR_ICMP(c1->is_lb_channel, c2->is_lb_channel);
|
460
|
+
}
|
461
|
+
|
462
|
+
static int fake_server_cmp(grpc_security_connector* sc1,
|
463
|
+
grpc_security_connector* sc2) {
|
464
|
+
return grpc_server_security_connector_cmp(
|
465
|
+
(grpc_server_security_connector*)sc1,
|
466
|
+
(grpc_server_security_connector*)sc2);
|
467
|
+
}
|
468
|
+
|
469
|
+
static bool fake_channel_check_call_host(grpc_exec_ctx* exec_ctx,
|
470
|
+
grpc_channel_security_connector* sc,
|
471
|
+
const char* host,
|
472
|
+
grpc_auth_context* auth_context,
|
473
|
+
grpc_closure* on_call_host_checked,
|
474
|
+
grpc_error** error) {
|
475
|
+
return true;
|
476
|
+
}
|
477
|
+
|
478
|
+
static void fake_channel_cancel_check_call_host(
|
479
|
+
grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* sc,
|
480
|
+
grpc_closure* on_call_host_checked, grpc_error* error) {
|
481
|
+
GRPC_ERROR_UNREF(error);
|
482
|
+
}
|
483
|
+
|
484
|
+
static void fake_channel_add_handshakers(
|
485
|
+
grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* sc,
|
486
|
+
grpc_handshake_manager* handshake_mgr) {
|
487
|
+
grpc_handshake_manager_add(
|
488
|
+
handshake_mgr,
|
489
|
+
grpc_security_handshaker_create(
|
490
|
+
exec_ctx, tsi_create_fake_handshaker(true /* is_client */),
|
491
|
+
&sc->base));
|
492
|
+
}
|
493
|
+
|
494
|
+
static void fake_server_add_handshakers(grpc_exec_ctx* exec_ctx,
|
495
|
+
grpc_server_security_connector* sc,
|
496
|
+
grpc_handshake_manager* handshake_mgr) {
|
497
|
+
grpc_handshake_manager_add(
|
498
|
+
handshake_mgr,
|
499
|
+
grpc_security_handshaker_create(
|
500
|
+
exec_ctx, tsi_create_fake_handshaker(false /* is_client */),
|
501
|
+
&sc->base));
|
502
|
+
}
|
503
|
+
|
504
|
+
static grpc_security_connector_vtable fake_channel_vtable = {
|
505
|
+
fake_channel_destroy, fake_channel_check_peer, fake_channel_cmp};
|
506
|
+
|
507
|
+
static grpc_security_connector_vtable fake_server_vtable = {
|
508
|
+
fake_server_destroy, fake_server_check_peer, fake_server_cmp};
|
509
|
+
|
510
|
+
grpc_channel_security_connector* grpc_fake_channel_security_connector_create(
|
511
|
+
grpc_channel_credentials* channel_creds,
|
512
|
+
grpc_call_credentials* request_metadata_creds, const char* target,
|
513
|
+
const grpc_channel_args* args) {
|
514
|
+
grpc_fake_channel_security_connector* c =
|
515
|
+
(grpc_fake_channel_security_connector*)gpr_zalloc(sizeof(*c));
|
516
|
+
gpr_ref_init(&c->base.base.refcount, 1);
|
517
|
+
c->base.base.url_scheme = GRPC_FAKE_SECURITY_URL_SCHEME;
|
518
|
+
c->base.base.vtable = &fake_channel_vtable;
|
519
|
+
c->base.channel_creds = channel_creds;
|
520
|
+
c->base.request_metadata_creds =
|
521
|
+
grpc_call_credentials_ref(request_metadata_creds);
|
522
|
+
c->base.check_call_host = fake_channel_check_call_host;
|
523
|
+
c->base.cancel_check_call_host = fake_channel_cancel_check_call_host;
|
524
|
+
c->base.add_handshakers = fake_channel_add_handshakers;
|
525
|
+
c->target = gpr_strdup(target);
|
526
|
+
const char* expected_targets = grpc_fake_transport_get_expected_targets(args);
|
527
|
+
c->expected_targets = gpr_strdup(expected_targets);
|
528
|
+
c->is_lb_channel = (grpc_lb_targets_info_find_in_args(args) != nullptr);
|
529
|
+
return &c->base;
|
530
|
+
}
|
531
|
+
|
532
|
+
grpc_server_security_connector* grpc_fake_server_security_connector_create(
|
533
|
+
grpc_server_credentials* server_creds) {
|
534
|
+
grpc_server_security_connector* c =
|
535
|
+
(grpc_server_security_connector*)gpr_zalloc(
|
536
|
+
sizeof(grpc_server_security_connector));
|
537
|
+
gpr_ref_init(&c->base.refcount, 1);
|
538
|
+
c->base.vtable = &fake_server_vtable;
|
539
|
+
c->base.url_scheme = GRPC_FAKE_SECURITY_URL_SCHEME;
|
540
|
+
c->server_creds = server_creds;
|
541
|
+
c->add_handshakers = fake_server_add_handshakers;
|
542
|
+
return c;
|
543
|
+
}
|
544
|
+
|
545
|
+
/* --- Ssl implementation. --- */
|
546
|
+
|
547
|
+
typedef struct {
|
548
|
+
grpc_channel_security_connector base;
|
549
|
+
tsi_ssl_client_handshaker_factory* client_handshaker_factory;
|
550
|
+
char* target_name;
|
551
|
+
char* overridden_target_name;
|
552
|
+
} grpc_ssl_channel_security_connector;
|
553
|
+
|
554
|
+
typedef struct {
|
555
|
+
grpc_server_security_connector base;
|
556
|
+
tsi_ssl_server_handshaker_factory* server_handshaker_factory;
|
557
|
+
} grpc_ssl_server_security_connector;
|
558
|
+
|
559
|
+
static bool server_connector_has_cert_config_fetcher(
|
560
|
+
grpc_ssl_server_security_connector* c) {
|
561
|
+
GPR_ASSERT(c != nullptr);
|
562
|
+
grpc_ssl_server_credentials* server_creds =
|
563
|
+
(grpc_ssl_server_credentials*)c->base.server_creds;
|
564
|
+
GPR_ASSERT(server_creds != nullptr);
|
565
|
+
return server_creds->certificate_config_fetcher.cb != nullptr;
|
566
|
+
}
|
567
|
+
|
568
|
+
static void ssl_channel_destroy(grpc_exec_ctx* exec_ctx,
|
569
|
+
grpc_security_connector* sc) {
|
570
|
+
grpc_ssl_channel_security_connector* c =
|
571
|
+
(grpc_ssl_channel_security_connector*)sc;
|
572
|
+
grpc_channel_credentials_unref(exec_ctx, c->base.channel_creds);
|
573
|
+
grpc_call_credentials_unref(exec_ctx, c->base.request_metadata_creds);
|
574
|
+
tsi_ssl_client_handshaker_factory_unref(c->client_handshaker_factory);
|
575
|
+
c->client_handshaker_factory = nullptr;
|
576
|
+
if (c->target_name != nullptr) gpr_free(c->target_name);
|
577
|
+
if (c->overridden_target_name != nullptr) gpr_free(c->overridden_target_name);
|
578
|
+
gpr_free(sc);
|
579
|
+
}
|
580
|
+
|
581
|
+
static void ssl_server_destroy(grpc_exec_ctx* exec_ctx,
|
582
|
+
grpc_security_connector* sc) {
|
583
|
+
grpc_ssl_server_security_connector* c =
|
584
|
+
(grpc_ssl_server_security_connector*)sc;
|
585
|
+
grpc_server_credentials_unref(exec_ctx, c->base.server_creds);
|
586
|
+
tsi_ssl_server_handshaker_factory_unref(c->server_handshaker_factory);
|
587
|
+
c->server_handshaker_factory = nullptr;
|
588
|
+
gpr_free(sc);
|
589
|
+
}
|
590
|
+
|
591
|
+
static void ssl_channel_add_handshakers(grpc_exec_ctx* exec_ctx,
|
592
|
+
grpc_channel_security_connector* sc,
|
593
|
+
grpc_handshake_manager* handshake_mgr) {
|
594
|
+
grpc_ssl_channel_security_connector* c =
|
595
|
+
(grpc_ssl_channel_security_connector*)sc;
|
596
|
+
// Instantiate TSI handshaker.
|
597
|
+
tsi_handshaker* tsi_hs = nullptr;
|
598
|
+
tsi_result result = tsi_ssl_client_handshaker_factory_create_handshaker(
|
599
|
+
c->client_handshaker_factory,
|
600
|
+
c->overridden_target_name != nullptr ? c->overridden_target_name
|
601
|
+
: c->target_name,
|
602
|
+
&tsi_hs);
|
603
|
+
if (result != TSI_OK) {
|
604
|
+
gpr_log(GPR_ERROR, "Handshaker creation failed with error %s.",
|
605
|
+
tsi_result_to_string(result));
|
606
|
+
return;
|
607
|
+
}
|
608
|
+
// Create handshakers.
|
609
|
+
grpc_handshake_manager_add(
|
610
|
+
handshake_mgr,
|
611
|
+
grpc_security_handshaker_create(
|
612
|
+
exec_ctx, tsi_create_adapter_handshaker(tsi_hs), &sc->base));
|
613
|
+
}
|
614
|
+
|
615
|
+
static const char** fill_alpn_protocol_strings(size_t* num_alpn_protocols) {
|
616
|
+
GPR_ASSERT(num_alpn_protocols != nullptr);
|
617
|
+
*num_alpn_protocols = grpc_chttp2_num_alpn_versions();
|
618
|
+
const char** alpn_protocol_strings =
|
619
|
+
(const char**)gpr_malloc(sizeof(const char*) * (*num_alpn_protocols));
|
620
|
+
for (size_t i = 0; i < *num_alpn_protocols; i++) {
|
621
|
+
alpn_protocol_strings[i] = grpc_chttp2_get_alpn_version_index(i);
|
622
|
+
}
|
623
|
+
return alpn_protocol_strings;
|
624
|
+
}
|
625
|
+
|
626
|
+
/* Attempts to replace the server_handshaker_factory with a new factory using
|
627
|
+
* the provided grpc_ssl_server_certificate_config. Should new factory creation
|
628
|
+
* fail, the existing factory will not be replaced. Returns true on success (new
|
629
|
+
* factory created). */
|
630
|
+
static bool try_replace_server_handshaker_factory(
|
631
|
+
grpc_ssl_server_security_connector* sc,
|
632
|
+
const grpc_ssl_server_certificate_config* config) {
|
633
|
+
if (config == nullptr) {
|
634
|
+
gpr_log(GPR_ERROR,
|
635
|
+
"Server certificate config callback returned invalid (NULL) "
|
636
|
+
"config.");
|
637
|
+
return false;
|
638
|
+
}
|
639
|
+
gpr_log(GPR_DEBUG, "Using new server certificate config (%p).", config);
|
640
|
+
|
641
|
+
size_t num_alpn_protocols = 0;
|
642
|
+
const char** alpn_protocol_strings =
|
643
|
+
fill_alpn_protocol_strings(&num_alpn_protocols);
|
644
|
+
tsi_ssl_pem_key_cert_pair* cert_pairs = grpc_convert_grpc_to_tsi_cert_pairs(
|
645
|
+
config->pem_key_cert_pairs, config->num_key_cert_pairs);
|
646
|
+
tsi_ssl_server_handshaker_factory* new_handshaker_factory = nullptr;
|
647
|
+
grpc_ssl_server_credentials* server_creds =
|
648
|
+
(grpc_ssl_server_credentials*)sc->base.server_creds;
|
649
|
+
tsi_result result = tsi_create_ssl_server_handshaker_factory_ex(
|
650
|
+
cert_pairs, config->num_key_cert_pairs, config->pem_root_certs,
|
651
|
+
get_tsi_client_certificate_request_type(
|
652
|
+
server_creds->config.client_certificate_request),
|
653
|
+
ssl_cipher_suites(), alpn_protocol_strings, (uint16_t)num_alpn_protocols,
|
654
|
+
&new_handshaker_factory);
|
655
|
+
gpr_free(cert_pairs);
|
656
|
+
gpr_free((void*)alpn_protocol_strings);
|
657
|
+
|
658
|
+
if (result != TSI_OK) {
|
659
|
+
gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.",
|
660
|
+
tsi_result_to_string(result));
|
661
|
+
return false;
|
662
|
+
}
|
663
|
+
tsi_ssl_server_handshaker_factory_unref(sc->server_handshaker_factory);
|
664
|
+
sc->server_handshaker_factory = new_handshaker_factory;
|
665
|
+
return true;
|
666
|
+
}
|
667
|
+
|
668
|
+
/* Attempts to fetch the server certificate config if a callback is available.
|
669
|
+
* Current certificate config will continue to be used if the callback returns
|
670
|
+
* an error. Returns true if new credentials were sucessfully loaded. */
|
671
|
+
static bool try_fetch_ssl_server_credentials(
|
672
|
+
grpc_ssl_server_security_connector* sc) {
|
673
|
+
grpc_ssl_server_certificate_config* certificate_config = nullptr;
|
674
|
+
bool status;
|
675
|
+
|
676
|
+
GPR_ASSERT(sc != nullptr);
|
677
|
+
if (!server_connector_has_cert_config_fetcher(sc)) return false;
|
678
|
+
|
679
|
+
grpc_ssl_server_credentials* server_creds =
|
680
|
+
(grpc_ssl_server_credentials*)sc->base.server_creds;
|
681
|
+
grpc_ssl_certificate_config_reload_status cb_result =
|
682
|
+
server_creds->certificate_config_fetcher.cb(
|
683
|
+
server_creds->certificate_config_fetcher.user_data,
|
684
|
+
&certificate_config);
|
685
|
+
if (cb_result == GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED) {
|
686
|
+
gpr_log(GPR_DEBUG, "No change in SSL server credentials.");
|
687
|
+
status = false;
|
688
|
+
} else if (cb_result == GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW) {
|
689
|
+
status = try_replace_server_handshaker_factory(sc, certificate_config);
|
690
|
+
} else {
|
691
|
+
// Log error, continue using previously-loaded credentials.
|
692
|
+
gpr_log(GPR_ERROR,
|
693
|
+
"Failed fetching new server credentials, continuing to "
|
694
|
+
"use previously-loaded credentials.");
|
695
|
+
status = false;
|
696
|
+
}
|
697
|
+
|
698
|
+
if (certificate_config != nullptr) {
|
699
|
+
grpc_ssl_server_certificate_config_destroy(certificate_config);
|
700
|
+
}
|
701
|
+
return status;
|
702
|
+
}
|
703
|
+
|
704
|
+
static void ssl_server_add_handshakers(grpc_exec_ctx* exec_ctx,
|
705
|
+
grpc_server_security_connector* sc,
|
706
|
+
grpc_handshake_manager* handshake_mgr) {
|
707
|
+
grpc_ssl_server_security_connector* c =
|
708
|
+
(grpc_ssl_server_security_connector*)sc;
|
709
|
+
// Instantiate TSI handshaker.
|
710
|
+
try_fetch_ssl_server_credentials(c);
|
711
|
+
tsi_handshaker* tsi_hs = nullptr;
|
712
|
+
tsi_result result = tsi_ssl_server_handshaker_factory_create_handshaker(
|
713
|
+
c->server_handshaker_factory, &tsi_hs);
|
714
|
+
if (result != TSI_OK) {
|
715
|
+
gpr_log(GPR_ERROR, "Handshaker creation failed with error %s.",
|
716
|
+
tsi_result_to_string(result));
|
717
|
+
return;
|
718
|
+
}
|
719
|
+
// Create handshakers.
|
720
|
+
grpc_handshake_manager_add(
|
721
|
+
handshake_mgr,
|
722
|
+
grpc_security_handshaker_create(
|
723
|
+
exec_ctx, tsi_create_adapter_handshaker(tsi_hs), &sc->base));
|
724
|
+
}
|
725
|
+
|
726
|
+
static int ssl_host_matches_name(const tsi_peer* peer, const char* peer_name) {
|
727
|
+
char* allocated_name = nullptr;
|
728
|
+
int r;
|
729
|
+
|
730
|
+
if (strchr(peer_name, ':') != nullptr) {
|
731
|
+
char* ignored_port;
|
732
|
+
gpr_split_host_port(peer_name, &allocated_name, &ignored_port);
|
733
|
+
gpr_free(ignored_port);
|
734
|
+
peer_name = allocated_name;
|
735
|
+
if (!peer_name) return 0;
|
736
|
+
}
|
737
|
+
r = tsi_ssl_peer_matches_name(peer, peer_name);
|
738
|
+
gpr_free(allocated_name);
|
739
|
+
return r;
|
740
|
+
}
|
741
|
+
|
742
|
+
grpc_auth_context* tsi_ssl_peer_to_auth_context(const tsi_peer* peer) {
|
743
|
+
size_t i;
|
744
|
+
grpc_auth_context* ctx = nullptr;
|
745
|
+
const char* peer_identity_property_name = nullptr;
|
746
|
+
|
747
|
+
/* The caller has checked the certificate type property. */
|
748
|
+
GPR_ASSERT(peer->property_count >= 1);
|
749
|
+
ctx = grpc_auth_context_create(nullptr);
|
750
|
+
grpc_auth_context_add_cstring_property(
|
751
|
+
ctx, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
|
752
|
+
GRPC_SSL_TRANSPORT_SECURITY_TYPE);
|
753
|
+
for (i = 0; i < peer->property_count; i++) {
|
754
|
+
const tsi_peer_property* prop = &peer->properties[i];
|
755
|
+
if (prop->name == nullptr) continue;
|
756
|
+
if (strcmp(prop->name, TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY) == 0) {
|
757
|
+
/* If there is no subject alt name, have the CN as the identity. */
|
758
|
+
if (peer_identity_property_name == nullptr) {
|
759
|
+
peer_identity_property_name = GRPC_X509_CN_PROPERTY_NAME;
|
760
|
+
}
|
761
|
+
grpc_auth_context_add_property(ctx, GRPC_X509_CN_PROPERTY_NAME,
|
762
|
+
prop->value.data, prop->value.length);
|
763
|
+
} else if (strcmp(prop->name,
|
764
|
+
TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) == 0) {
|
765
|
+
peer_identity_property_name = GRPC_X509_SAN_PROPERTY_NAME;
|
766
|
+
grpc_auth_context_add_property(ctx, GRPC_X509_SAN_PROPERTY_NAME,
|
767
|
+
prop->value.data, prop->value.length);
|
768
|
+
} else if (strcmp(prop->name, TSI_X509_PEM_CERT_PROPERTY) == 0) {
|
769
|
+
grpc_auth_context_add_property(ctx, GRPC_X509_PEM_CERT_PROPERTY_NAME,
|
770
|
+
prop->value.data, prop->value.length);
|
771
|
+
}
|
772
|
+
}
|
773
|
+
if (peer_identity_property_name != nullptr) {
|
774
|
+
GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name(
|
775
|
+
ctx, peer_identity_property_name) == 1);
|
776
|
+
}
|
777
|
+
return ctx;
|
778
|
+
}
|
779
|
+
|
780
|
+
static grpc_error* ssl_check_peer(grpc_security_connector* sc,
|
781
|
+
const char* peer_name, const tsi_peer* peer,
|
782
|
+
grpc_auth_context** auth_context) {
|
783
|
+
/* Check the ALPN. */
|
784
|
+
const tsi_peer_property* p =
|
785
|
+
tsi_peer_get_property_by_name(peer, TSI_SSL_ALPN_SELECTED_PROTOCOL);
|
786
|
+
if (p == nullptr) {
|
787
|
+
return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
788
|
+
"Cannot check peer: missing selected ALPN property.");
|
789
|
+
}
|
790
|
+
if (!grpc_chttp2_is_alpn_version_supported(p->value.data, p->value.length)) {
|
791
|
+
return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
792
|
+
"Cannot check peer: invalid ALPN value.");
|
793
|
+
}
|
794
|
+
|
795
|
+
/* Check the peer name if specified. */
|
796
|
+
if (peer_name != nullptr && !ssl_host_matches_name(peer, peer_name)) {
|
797
|
+
char* msg;
|
798
|
+
gpr_asprintf(&msg, "Peer name %s is not in peer certificate", peer_name);
|
799
|
+
grpc_error* error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg);
|
800
|
+
gpr_free(msg);
|
801
|
+
return error;
|
802
|
+
}
|
803
|
+
*auth_context = tsi_ssl_peer_to_auth_context(peer);
|
804
|
+
return GRPC_ERROR_NONE;
|
805
|
+
}
|
806
|
+
|
807
|
+
static void ssl_channel_check_peer(grpc_exec_ctx* exec_ctx,
|
808
|
+
grpc_security_connector* sc, tsi_peer peer,
|
809
|
+
grpc_auth_context** auth_context,
|
810
|
+
grpc_closure* on_peer_checked) {
|
811
|
+
grpc_ssl_channel_security_connector* c =
|
812
|
+
(grpc_ssl_channel_security_connector*)sc;
|
813
|
+
grpc_error* error = ssl_check_peer(sc,
|
814
|
+
c->overridden_target_name != nullptr
|
815
|
+
? c->overridden_target_name
|
816
|
+
: c->target_name,
|
817
|
+
&peer, auth_context);
|
818
|
+
GRPC_CLOSURE_SCHED(exec_ctx, on_peer_checked, error);
|
819
|
+
tsi_peer_destruct(&peer);
|
820
|
+
}
|
821
|
+
|
822
|
+
static void ssl_server_check_peer(grpc_exec_ctx* exec_ctx,
|
823
|
+
grpc_security_connector* sc, tsi_peer peer,
|
824
|
+
grpc_auth_context** auth_context,
|
825
|
+
grpc_closure* on_peer_checked) {
|
826
|
+
grpc_error* error = ssl_check_peer(sc, nullptr, &peer, auth_context);
|
827
|
+
tsi_peer_destruct(&peer);
|
828
|
+
GRPC_CLOSURE_SCHED(exec_ctx, on_peer_checked, error);
|
829
|
+
}
|
830
|
+
|
831
|
+
static int ssl_channel_cmp(grpc_security_connector* sc1,
|
832
|
+
grpc_security_connector* sc2) {
|
833
|
+
grpc_ssl_channel_security_connector* c1 =
|
834
|
+
(grpc_ssl_channel_security_connector*)sc1;
|
835
|
+
grpc_ssl_channel_security_connector* c2 =
|
836
|
+
(grpc_ssl_channel_security_connector*)sc2;
|
837
|
+
int c = grpc_channel_security_connector_cmp(&c1->base, &c2->base);
|
838
|
+
if (c != 0) return c;
|
839
|
+
c = strcmp(c1->target_name, c2->target_name);
|
840
|
+
if (c != 0) return c;
|
841
|
+
return (c1->overridden_target_name == nullptr ||
|
842
|
+
c2->overridden_target_name == nullptr)
|
843
|
+
? GPR_ICMP(c1->overridden_target_name, c2->overridden_target_name)
|
844
|
+
: strcmp(c1->overridden_target_name, c2->overridden_target_name);
|
845
|
+
}
|
846
|
+
|
847
|
+
static int ssl_server_cmp(grpc_security_connector* sc1,
|
848
|
+
grpc_security_connector* sc2) {
|
849
|
+
return grpc_server_security_connector_cmp(
|
850
|
+
(grpc_server_security_connector*)sc1,
|
851
|
+
(grpc_server_security_connector*)sc2);
|
852
|
+
}
|
853
|
+
|
854
|
+
static void add_shallow_auth_property_to_peer(tsi_peer* peer,
|
855
|
+
const grpc_auth_property* prop,
|
856
|
+
const char* tsi_prop_name) {
|
857
|
+
tsi_peer_property* tsi_prop = &peer->properties[peer->property_count++];
|
858
|
+
tsi_prop->name = (char*)tsi_prop_name;
|
859
|
+
tsi_prop->value.data = prop->value;
|
860
|
+
tsi_prop->value.length = prop->value_length;
|
861
|
+
}
|
862
|
+
|
863
|
+
tsi_peer tsi_shallow_peer_from_ssl_auth_context(
|
864
|
+
const grpc_auth_context* auth_context) {
|
865
|
+
size_t max_num_props = 0;
|
866
|
+
grpc_auth_property_iterator it;
|
867
|
+
const grpc_auth_property* prop;
|
868
|
+
tsi_peer peer;
|
869
|
+
memset(&peer, 0, sizeof(peer));
|
870
|
+
|
871
|
+
it = grpc_auth_context_property_iterator(auth_context);
|
872
|
+
while (grpc_auth_property_iterator_next(&it) != nullptr) max_num_props++;
|
873
|
+
|
874
|
+
if (max_num_props > 0) {
|
875
|
+
peer.properties = (tsi_peer_property*)gpr_malloc(max_num_props *
|
876
|
+
sizeof(tsi_peer_property));
|
877
|
+
it = grpc_auth_context_property_iterator(auth_context);
|
878
|
+
while ((prop = grpc_auth_property_iterator_next(&it)) != nullptr) {
|
879
|
+
if (strcmp(prop->name, GRPC_X509_SAN_PROPERTY_NAME) == 0) {
|
880
|
+
add_shallow_auth_property_to_peer(
|
881
|
+
&peer, prop, TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY);
|
882
|
+
} else if (strcmp(prop->name, GRPC_X509_CN_PROPERTY_NAME) == 0) {
|
883
|
+
add_shallow_auth_property_to_peer(
|
884
|
+
&peer, prop, TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY);
|
885
|
+
} else if (strcmp(prop->name, GRPC_X509_PEM_CERT_PROPERTY_NAME) == 0) {
|
886
|
+
add_shallow_auth_property_to_peer(&peer, prop,
|
887
|
+
TSI_X509_PEM_CERT_PROPERTY);
|
888
|
+
}
|
889
|
+
}
|
890
|
+
}
|
891
|
+
return peer;
|
892
|
+
}
|
893
|
+
|
894
|
+
void tsi_shallow_peer_destruct(tsi_peer* peer) {
|
895
|
+
if (peer->properties != nullptr) gpr_free(peer->properties);
|
896
|
+
}
|
897
|
+
|
898
|
+
static bool ssl_channel_check_call_host(grpc_exec_ctx* exec_ctx,
|
899
|
+
grpc_channel_security_connector* sc,
|
900
|
+
const char* host,
|
901
|
+
grpc_auth_context* auth_context,
|
902
|
+
grpc_closure* on_call_host_checked,
|
903
|
+
grpc_error** error) {
|
904
|
+
grpc_ssl_channel_security_connector* c =
|
905
|
+
(grpc_ssl_channel_security_connector*)sc;
|
906
|
+
grpc_security_status status = GRPC_SECURITY_ERROR;
|
907
|
+
tsi_peer peer = tsi_shallow_peer_from_ssl_auth_context(auth_context);
|
908
|
+
if (ssl_host_matches_name(&peer, host)) status = GRPC_SECURITY_OK;
|
909
|
+
/* If the target name was overridden, then the original target_name was
|
910
|
+
'checked' transitively during the previous peer check at the end of the
|
911
|
+
handshake. */
|
912
|
+
if (c->overridden_target_name != nullptr &&
|
913
|
+
strcmp(host, c->target_name) == 0) {
|
914
|
+
status = GRPC_SECURITY_OK;
|
915
|
+
}
|
916
|
+
if (status != GRPC_SECURITY_OK) {
|
917
|
+
*error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
918
|
+
"call host does not match SSL server name");
|
919
|
+
}
|
920
|
+
tsi_shallow_peer_destruct(&peer);
|
921
|
+
return true;
|
922
|
+
}
|
923
|
+
|
924
|
+
static void ssl_channel_cancel_check_call_host(
|
925
|
+
grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* sc,
|
926
|
+
grpc_closure* on_call_host_checked, grpc_error* error) {
|
927
|
+
GRPC_ERROR_UNREF(error);
|
928
|
+
}
|
929
|
+
|
930
|
+
static grpc_security_connector_vtable ssl_channel_vtable = {
|
931
|
+
ssl_channel_destroy, ssl_channel_check_peer, ssl_channel_cmp};
|
932
|
+
|
933
|
+
static grpc_security_connector_vtable ssl_server_vtable = {
|
934
|
+
ssl_server_destroy, ssl_server_check_peer, ssl_server_cmp};
|
935
|
+
|
936
|
+
/* returns a NULL terminated slice. */
|
937
|
+
static grpc_slice compute_default_pem_root_certs_once(void) {
|
938
|
+
grpc_slice result = grpc_empty_slice();
|
939
|
+
|
940
|
+
/* First try to load the roots from the environment. */
|
941
|
+
char* default_root_certs_path =
|
942
|
+
gpr_getenv(GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR);
|
943
|
+
if (default_root_certs_path != nullptr) {
|
944
|
+
GRPC_LOG_IF_ERROR("load_file",
|
945
|
+
grpc_load_file(default_root_certs_path, 1, &result));
|
946
|
+
gpr_free(default_root_certs_path);
|
947
|
+
}
|
948
|
+
|
949
|
+
/* Try overridden roots if needed. */
|
950
|
+
grpc_ssl_roots_override_result ovrd_res = GRPC_SSL_ROOTS_OVERRIDE_FAIL;
|
951
|
+
if (GRPC_SLICE_IS_EMPTY(result) && ssl_roots_override_cb != nullptr) {
|
952
|
+
char* pem_root_certs = nullptr;
|
953
|
+
ovrd_res = ssl_roots_override_cb(&pem_root_certs);
|
954
|
+
if (ovrd_res == GRPC_SSL_ROOTS_OVERRIDE_OK) {
|
955
|
+
GPR_ASSERT(pem_root_certs != nullptr);
|
956
|
+
result = grpc_slice_from_copied_buffer(
|
957
|
+
pem_root_certs,
|
958
|
+
strlen(pem_root_certs) + 1); // NULL terminator.
|
959
|
+
}
|
960
|
+
gpr_free(pem_root_certs);
|
961
|
+
}
|
962
|
+
|
963
|
+
/* Fall back to installed certs if needed. */
|
964
|
+
if (GRPC_SLICE_IS_EMPTY(result) &&
|
965
|
+
ovrd_res != GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY) {
|
966
|
+
GRPC_LOG_IF_ERROR("load_file",
|
967
|
+
grpc_load_file(installed_roots_path, 1, &result));
|
968
|
+
}
|
969
|
+
return result;
|
970
|
+
}
|
971
|
+
|
972
|
+
static grpc_slice default_pem_root_certs;
|
973
|
+
|
974
|
+
static void init_default_pem_root_certs(void) {
|
975
|
+
default_pem_root_certs = compute_default_pem_root_certs_once();
|
976
|
+
}
|
977
|
+
|
978
|
+
grpc_slice grpc_get_default_ssl_roots_for_testing(void) {
|
979
|
+
return compute_default_pem_root_certs_once();
|
980
|
+
}
|
981
|
+
|
982
|
+
const char* grpc_get_default_ssl_roots(void) {
|
983
|
+
/* TODO(jboeuf@google.com): Maybe revisit the approach which consists in
|
984
|
+
loading all the roots once for the lifetime of the process. */
|
985
|
+
static gpr_once once = GPR_ONCE_INIT;
|
986
|
+
gpr_once_init(&once, init_default_pem_root_certs);
|
987
|
+
return GRPC_SLICE_IS_EMPTY(default_pem_root_certs)
|
988
|
+
? nullptr
|
989
|
+
: (const char*)GRPC_SLICE_START_PTR(default_pem_root_certs);
|
990
|
+
}
|
991
|
+
|
992
|
+
grpc_security_status grpc_ssl_channel_security_connector_create(
|
993
|
+
grpc_exec_ctx* exec_ctx, grpc_channel_credentials* channel_creds,
|
994
|
+
grpc_call_credentials* request_metadata_creds,
|
995
|
+
const grpc_ssl_config* config, const char* target_name,
|
996
|
+
const char* overridden_target_name, grpc_channel_security_connector** sc) {
|
997
|
+
size_t num_alpn_protocols = 0;
|
998
|
+
const char** alpn_protocol_strings =
|
999
|
+
fill_alpn_protocol_strings(&num_alpn_protocols);
|
1000
|
+
tsi_result result = TSI_OK;
|
1001
|
+
grpc_ssl_channel_security_connector* c;
|
1002
|
+
const char* pem_root_certs;
|
1003
|
+
char* port;
|
1004
|
+
bool has_key_cert_pair;
|
1005
|
+
|
1006
|
+
if (config == nullptr || target_name == nullptr) {
|
1007
|
+
gpr_log(GPR_ERROR, "An ssl channel needs a config and a target name.");
|
1008
|
+
goto error;
|
1009
|
+
}
|
1010
|
+
if (config->pem_root_certs == nullptr) {
|
1011
|
+
pem_root_certs = grpc_get_default_ssl_roots();
|
1012
|
+
if (pem_root_certs == nullptr) {
|
1013
|
+
gpr_log(GPR_ERROR, "Could not get default pem root certs.");
|
1014
|
+
goto error;
|
1015
|
+
}
|
1016
|
+
} else {
|
1017
|
+
pem_root_certs = config->pem_root_certs;
|
1018
|
+
}
|
1019
|
+
|
1020
|
+
c = (grpc_ssl_channel_security_connector*)gpr_zalloc(
|
1021
|
+
sizeof(grpc_ssl_channel_security_connector));
|
1022
|
+
|
1023
|
+
gpr_ref_init(&c->base.base.refcount, 1);
|
1024
|
+
c->base.base.vtable = &ssl_channel_vtable;
|
1025
|
+
c->base.base.url_scheme = GRPC_SSL_URL_SCHEME;
|
1026
|
+
c->base.channel_creds = grpc_channel_credentials_ref(channel_creds);
|
1027
|
+
c->base.request_metadata_creds =
|
1028
|
+
grpc_call_credentials_ref(request_metadata_creds);
|
1029
|
+
c->base.check_call_host = ssl_channel_check_call_host;
|
1030
|
+
c->base.cancel_check_call_host = ssl_channel_cancel_check_call_host;
|
1031
|
+
c->base.add_handshakers = ssl_channel_add_handshakers;
|
1032
|
+
gpr_split_host_port(target_name, &c->target_name, &port);
|
1033
|
+
gpr_free(port);
|
1034
|
+
if (overridden_target_name != nullptr) {
|
1035
|
+
c->overridden_target_name = gpr_strdup(overridden_target_name);
|
1036
|
+
}
|
1037
|
+
|
1038
|
+
has_key_cert_pair = config->pem_key_cert_pair != nullptr &&
|
1039
|
+
config->pem_key_cert_pair->private_key != nullptr &&
|
1040
|
+
config->pem_key_cert_pair->cert_chain != nullptr;
|
1041
|
+
result = tsi_create_ssl_client_handshaker_factory(
|
1042
|
+
has_key_cert_pair ? config->pem_key_cert_pair : nullptr, pem_root_certs,
|
1043
|
+
ssl_cipher_suites(), alpn_protocol_strings, (uint16_t)num_alpn_protocols,
|
1044
|
+
&c->client_handshaker_factory);
|
1045
|
+
if (result != TSI_OK) {
|
1046
|
+
gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.",
|
1047
|
+
tsi_result_to_string(result));
|
1048
|
+
ssl_channel_destroy(exec_ctx, &c->base.base);
|
1049
|
+
*sc = nullptr;
|
1050
|
+
goto error;
|
1051
|
+
}
|
1052
|
+
*sc = &c->base;
|
1053
|
+
gpr_free((void*)alpn_protocol_strings);
|
1054
|
+
return GRPC_SECURITY_OK;
|
1055
|
+
|
1056
|
+
error:
|
1057
|
+
gpr_free((void*)alpn_protocol_strings);
|
1058
|
+
return GRPC_SECURITY_ERROR;
|
1059
|
+
}
|
1060
|
+
|
1061
|
+
static grpc_ssl_server_security_connector*
|
1062
|
+
grpc_ssl_server_security_connector_initialize(
|
1063
|
+
grpc_server_credentials* server_creds) {
|
1064
|
+
grpc_ssl_server_security_connector* c =
|
1065
|
+
(grpc_ssl_server_security_connector*)gpr_zalloc(
|
1066
|
+
sizeof(grpc_ssl_server_security_connector));
|
1067
|
+
gpr_ref_init(&c->base.base.refcount, 1);
|
1068
|
+
c->base.base.url_scheme = GRPC_SSL_URL_SCHEME;
|
1069
|
+
c->base.base.vtable = &ssl_server_vtable;
|
1070
|
+
c->base.add_handshakers = ssl_server_add_handshakers;
|
1071
|
+
c->base.server_creds = grpc_server_credentials_ref(server_creds);
|
1072
|
+
return c;
|
1073
|
+
}
|
1074
|
+
|
1075
|
+
grpc_security_status grpc_ssl_server_security_connector_create(
|
1076
|
+
grpc_exec_ctx* exec_ctx, grpc_server_credentials* gsc,
|
1077
|
+
grpc_server_security_connector** sc) {
|
1078
|
+
tsi_result result = TSI_OK;
|
1079
|
+
grpc_ssl_server_credentials* server_credentials =
|
1080
|
+
(grpc_ssl_server_credentials*)gsc;
|
1081
|
+
grpc_security_status retval = GRPC_SECURITY_OK;
|
1082
|
+
|
1083
|
+
GPR_ASSERT(server_credentials != nullptr);
|
1084
|
+
GPR_ASSERT(sc != nullptr);
|
1085
|
+
|
1086
|
+
grpc_ssl_server_security_connector* c =
|
1087
|
+
grpc_ssl_server_security_connector_initialize(gsc);
|
1088
|
+
if (server_connector_has_cert_config_fetcher(c)) {
|
1089
|
+
// Load initial credentials from certificate_config_fetcher:
|
1090
|
+
if (!try_fetch_ssl_server_credentials(c)) {
|
1091
|
+
gpr_log(GPR_ERROR, "Failed loading SSL server credentials from fetcher.");
|
1092
|
+
retval = GRPC_SECURITY_ERROR;
|
1093
|
+
}
|
1094
|
+
} else {
|
1095
|
+
size_t num_alpn_protocols = 0;
|
1096
|
+
const char** alpn_protocol_strings =
|
1097
|
+
fill_alpn_protocol_strings(&num_alpn_protocols);
|
1098
|
+
result = tsi_create_ssl_server_handshaker_factory_ex(
|
1099
|
+
server_credentials->config.pem_key_cert_pairs,
|
1100
|
+
server_credentials->config.num_key_cert_pairs,
|
1101
|
+
server_credentials->config.pem_root_certs,
|
1102
|
+
get_tsi_client_certificate_request_type(
|
1103
|
+
server_credentials->config.client_certificate_request),
|
1104
|
+
ssl_cipher_suites(), alpn_protocol_strings,
|
1105
|
+
(uint16_t)num_alpn_protocols, &c->server_handshaker_factory);
|
1106
|
+
gpr_free((void*)alpn_protocol_strings);
|
1107
|
+
if (result != TSI_OK) {
|
1108
|
+
gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.",
|
1109
|
+
tsi_result_to_string(result));
|
1110
|
+
retval = GRPC_SECURITY_ERROR;
|
1111
|
+
}
|
1112
|
+
}
|
1113
|
+
|
1114
|
+
if (retval == GRPC_SECURITY_OK) {
|
1115
|
+
*sc = &c->base;
|
1116
|
+
} else {
|
1117
|
+
if (c != nullptr) ssl_server_destroy(exec_ctx, &c->base.base);
|
1118
|
+
if (sc != nullptr) *sc = nullptr;
|
1119
|
+
}
|
1120
|
+
return retval;
|
1121
|
+
}
|