• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/usr/bin/env ruby
2#
3# Copyright 2016 gRPC authors.
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9#     http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17this_dir = File.expand_path(File.dirname(__FILE__))
18protos_lib_dir = File.join(this_dir, 'lib')
19grpc_lib_dir = File.join(File.dirname(this_dir), 'lib')
20$LOAD_PATH.unshift(grpc_lib_dir) unless $LOAD_PATH.include?(grpc_lib_dir)
21$LOAD_PATH.unshift(protos_lib_dir) unless $LOAD_PATH.include?(protos_lib_dir)
22$LOAD_PATH.unshift(this_dir) unless $LOAD_PATH.include?(this_dir)
23
24require 'grpc'
25require 'end2end_common'
26
27def create_channel_creds
28  test_root = File.join(File.dirname(__FILE__), '..', 'spec', 'testdata')
29  files = ['ca.pem', 'client.key', 'client.pem']
30  creds = files.map { |f| File.open(File.join(test_root, f)).read }
31  GRPC::Core::ChannelCredentials.new(creds[0], creds[1], creds[2])
32end
33
34def client_cert
35  test_root = File.join(File.dirname(__FILE__), '..', 'spec', 'testdata')
36  cert = File.open(File.join(test_root, 'client.pem')).read
37  fail unless cert.is_a?(String)
38  cert
39end
40
41def create_server_creds
42  test_root = File.join(File.dirname(__FILE__), '..', 'spec', 'testdata')
43  GRPC.logger.info("test root: #{test_root}")
44  files = ['ca.pem', 'server1.key', 'server1.pem']
45  creds = files.map { |f| File.open(File.join(test_root, f)).read }
46  GRPC::Core::ServerCredentials.new(
47    creds[0],
48    [{ private_key: creds[1], cert_chain: creds[2] }],
49    true) # force client auth
50end
51
52# Useful to update a value within a do block
53class MutableValue
54  attr_accessor :value
55
56  def initialize(value)
57    @value = value
58  end
59end
60
61# rubocop:disable Metrics/AbcSize
62# rubocop:disable Metrics/MethodLength
63def main
64  server_runner = ServerRunner.new(EchoServerImpl)
65  server_runner.server_creds = create_server_creds
66  server_port = server_runner.run
67  channel_args = {
68    GRPC::Core::Channel::SSL_TARGET => 'foo.test.google.fr'
69  }
70  token_fetch_attempts = MutableValue.new(0)
71  token_fetch_attempts_mu = Mutex.new
72  jwt_aud_uri_extraction_success_count = MutableValue.new(0)
73  jwt_aud_uri_extraction_success_count_mu = Mutex.new
74  expected_jwt_aud_uri = 'https://foo.test.google.fr/echo.EchoServer'
75  jwt_aud_uri_failure_values = []
76  times_out_first_time_auth_proc = proc do |args|
77    # We check the value of jwt_aud_uri not necessarily as a test for
78    # the correctness of jwt_aud_uri w.r.t. its expected semantics, but
79    # more for as an indirect way to check for memory corruption.
80    jwt_aud_uri_extraction_success_count_mu.synchronize do
81      if args[:jwt_aud_uri] == expected_jwt_aud_uri
82        jwt_aud_uri_extraction_success_count.value += 1
83      else
84        jwt_aud_uri_failure_values << args[:jwt_aud_uri]
85      end
86    end
87    token_fetch_attempts_mu.synchronize do
88      old_val = token_fetch_attempts.value
89      token_fetch_attempts.value += 1
90      if old_val.zero?
91        STDERR.puts 'call creds plugin sleeping for 4 seconds'
92        sleep 4
93        STDERR.puts 'call creds plugin done with 4 second sleep'
94        raise 'test exception thrown purposely from call creds plugin'
95      end
96    end
97    { 'authorization' => 'fake_val' }.merge(args)
98  end
99  channel_creds = create_channel_creds.compose(
100    GRPC::Core::CallCredentials.new(times_out_first_time_auth_proc))
101  stub = Echo::EchoServer::Stub.new("localhost:#{server_port}",
102                                    channel_creds,
103                                    channel_args: channel_args)
104  STDERR.puts 'perform a first few RPCs to try to get things into a bad state...'
105  threads = []
106  got_at_least_one_failure = MutableValue.new(false)
107  2000.times do
108    threads << Thread.new do
109      begin
110        # 2 seconds is chosen as deadline here because it is less than the 4 second
111        # sleep that the first call creds user callback does. The idea here is that
112        # a lot of RPCs will be made concurrently all with 2 second deadlines, and they
113        # will all queue up onto the call creds user callback thread, and will all
114        # have to wait for the first 4 second sleep to finish. When the deadlines
115        # of the associated calls fire ~2 seconds in, some of their C-core data
116        # will have ownership dropped, and they will hit the user-after-free in
117        # https://github.com/grpc/grpc/issues/19195 if this isn't handled correctly.
118        stub.echo(Echo::EchoRequest.new(request: 'hello'), deadline: Time.now + 2)
119      rescue GRPC::BadStatus
120        got_at_least_one_failure.value = true
121        # We don't care if these RPCs succeed or fail. The purpose of these
122        # RPCs is just to try to induce a specific use-after-free bug, and to get
123        # the call credentials callback thread into a bad state.
124      end
125    end
126  end
127  threads.each(&:join)
128  unless got_at_least_one_failure.value
129    fail 'expected at least one of the initial RPCs to fail'
130  end
131  # Expect three more RPCs to succeed
132  STDERR.puts 'now perform another RPC and expect OK...'
133  stub.echo(Echo::EchoRequest.new(request: 'hello'), deadline: Time.now + 10)
134  STDERR.puts 'now perform another RPC and expect OK...'
135  stub.echo(Echo::EchoRequest.new(request: 'hello'), deadline: Time.now + 10)
136  STDERR.puts 'now perform another RPC and expect OK...'
137  stub.echo(Echo::EchoRequest.new(request: 'hello'), deadline: Time.now + 10)
138  jwt_aud_uri_extraction_success_count_mu.synchronize do
139    if jwt_aud_uri_extraction_success_count.value != 2003
140      fail "Expected to get jwt_aud_uri:#{expected_jwt_aud_uri} passed to call creds
141user callback 2003 times, but it was only passed to the call creds user callback
142#{jwt_aud_uri_extraction_success_count.value} times. This suggests that either:
143a) the expected jwt_aud_uri value is incorrect
144b) there is some corruption of the jwt_aud_uri argument
145Here are are the values of the jwt_aud_uri parameter that were passed to the call
146creds user callback that did not match #{expected_jwt_aud_uri}:
147#{jwt_aud_uri_failure_values}"
148    end
149  end
150  server_runner.stop
151end
152
153main
154