GRPC: Add --force-ssl option to the GRPC client commands to be able to connect

to an SSL enabled GRPC server even if no client certificate is supplied. In
this case the grpc::SslCredentials needs to be used but without any options
supplied. Trying to connect a clietn with grcp::InsecureChannelCredentials to
an SSL enabled server will not work, even if the following option is enabled
on the server side: GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE

Author: esindril

client/grpc/Find.cc

@@ -9,7 +9,7 @@ int usage(const char* prog)
   fprintf(stderr, "usage: %s [--key <ssl-key-file> "
           "--cert <ssl-cert-file> "
           "--ca <ca-cert-file>] "
-          "[--endpoint <host:port>] [--token <auth-token>] [--export <exportfs>] [--depth <depth>] [--select <filter-string>] [-f | -d] <path>\n",
+          "[--endpoint <host:port>] [--token <auth-token>] [--export <exportfs>] [--depth <depth>] [--select <filter-string>] [--force-ssl] [-f | -d] <path>\n",
           prog);
   fprintf(stderr,
           " <filter-string> is setup as \"key1:val1,key2:val2,key3:val3 ... where keyN:valN is one of \n");
@@ -69,6 +69,7 @@ int main(int argc, const char* argv[])
   bool dirs  = false;
   uint64_t depth = 1024;
   std::string exportfs = "";
+  bool force_ssl = false;
 
   for (auto i = 1; i < argc; ++i) {
     std::string option = argv[i];
@@ -163,6 +164,11 @@ int main(int argc, const char* argv[])
       continue;
     }
 
+    if (option == "--force-ssl") {
+      force_ssl = true;
+      continue;
+    }
+
     path = option;
 
     if (argc > (i + 1)) {
@@ -195,7 +201,8 @@ int main(int argc, const char* argv[])
       token,
       keyfile,
       certfile,
-      cafile);
+      cafile,
+      force_ssl);
 
   if (!eosgrpc) {
     return usage(argv[0]);

client/grpc/GrpcClient.cc

@@ -543,24 +543,21 @@ GrpcClient::ContainerInsert(const std::vector<std::string>& paths)
 
 
 std::unique_ptr<GrpcClient>
-GrpcClient::Create(std::string endpoint,
-                   std::string token,
-                   std::string keyfile,
-                   std::string certfile,
-                   std::string cafile
-                  )
+GrpcClient::Create(std::string endpoint, std::string token, std::string keyfile,
+                   std::string certfile, std::string cafile, bool force_ssl)
 {
   std::string key;
   std::string cert;
   std::string ca;
-  bool ssl = false;
+  bool ssl_cred = false;
 
   if (keyfile.length() || certfile.length() || cafile.length()) {
     if (!keyfile.length() || !certfile.length() || !cafile.length()) {
       return 0;
     }
 
-    ssl = true;
+    force_ssl = true;
+    ssl_cred = true;
 
     if (eos::common::StringConversion::LoadFileIntoString(certfile.c_str(),
         cert) && !cert.length()) {
@@ -582,17 +579,20 @@ GrpcClient::Create(std::string endpoint,
     }
   }
 
-  grpc::SslCredentialsOptions opts = {
-    ca,
-    key,
-    cert
-  };
+  grpc::SslCredentialsOptions opts;
+
+  if (ssl_cred) {
+    opts.pem_root_certs = ca;
+    opts.pem_private_key = key;
+    opts.pem_cert_chain = cert;
+  }
+
   std::unique_ptr<eos::client::GrpcClient> p(new eos::client::GrpcClient(
         grpc::CreateChannel(
           endpoint,
-          ssl ? grpc::SslCredentials(opts)
-          : grpc::InsecureChannelCredentials())));
-  p->set_ssl(ssl);
+          (force_ssl ?
+           grpc::SslCredentials(opts) :
+           grpc::InsecureChannelCredentials()))));
   p->set_token(token);
   return p;
 }
@@ -693,4 +693,3 @@ GrpcClient::ExportFs(const eos::rpc::MDResponse& response,
 
 
 EOSCLIENTNAMESPACE_END
-

client/grpc/GrpcClient.hh

@@ -53,12 +53,13 @@ public:
     : stub_(eos::rpc::Eos::NewStub(channel)) { }
 
   // convenience factory function
-  static std::unique_ptr<GrpcClient> Create(std::string endpoint =
-        "localhost:50051",
-      std::string token = "",
-      std::string keyfile = "",
-      std::string certfile = "",
-      std::string cafile = "");
+  static std::unique_ptr<GrpcClient>
+  Create(std::string endpoint = "localhost:50051",
+         std::string token = "",
+         std::string keyfile = "",
+         std::string certfile = "",
+         std::string cafile = "",
+         bool force_ssl = false);
 
   std::string Ping(const std::string& payload);
 
@@ -82,16 +83,6 @@ public:
   int FileInsert(const std::vector<std::string>& paths);
   int ContainerInsert(const std::vector<std::string>& paths);
 
-  void set_ssl(bool onoff)
-  {
-    mSSL = onoff;
-  }
-
-  bool ssl() const
-  {
-    return mSSL;
-  }
-
   void set_token(const std::string& _token)
   {
     mToken = _token;
@@ -104,12 +95,10 @@ public:
 
 private:
   std::unique_ptr<eos::rpc::Eos::Stub> stub_;
-  bool mSSL;
   std::string mToken;
   std::map<uint64_t, std::string> tree;
 };
 
 #endif
 
 EOSCLIENTNAMESPACE_END
-

client/grpc/Insert.cc

@@ -11,21 +11,19 @@ int usage(const char* prog)
           "--cert <ssl-cert-file> "
           "--ca <ca-cert-file>] "
           "[--endpoint <host:port>] [--token <auth-token>] "
-	  "[--prefix prefix] "
-	  "[--treefile <treefile>] \n", prog);
-
-  fprintf(stderr, 
-	  "treefile format providing inodes: \n"
-	  "----------------------------------\n"
-	  "ino:000000000000ffff:/eos/mydir/\n"
-	  "ino:000000000000ff01:/eos/mydir/myfile\n\n");
-
-  fprintf(stderr, 
-	  "treefile format without inodes: \n"
-	  "----------------------------------\n"
-	  "/eos/mydir/\n"
-	  "/eos/mydir/myfile\n\n");
-
+          "[--prefix prefix] "
+          "[--treefile <treefile>] "
+          "[--force-ssl] \n", prog);
+  fprintf(stderr,
+          "treefile format providing inodes: \n"
+          "----------------------------------\n"
+          "ino:000000000000ffff:/eos/mydir/\n"
+          "ino:000000000000ff01:/eos/mydir/myfile\n\n");
+  fprintf(stderr,
+          "treefile format without inodes: \n"
+          "----------------------------------\n"
+          "/eos/mydir/\n"
+          "/eos/mydir/myfile\n\n");
   return -1;
 }
 
@@ -39,8 +37,9 @@ int main(int argc, const char* argv[])
   std::string keyfile;
   std::string certfile;
   std::string cafile;
-  std::string prefix="/grpc";
+  std::string prefix = "/grpc";
   std::string treefile = "namespace.txt";
+  bool force_ssl = false;
 
   for (auto i = 1; i < argc; ++i) {
     std::string option = argv[i];
@@ -115,6 +114,11 @@ int main(int argc, const char* argv[])
       }
     }
 
+    if (option == "--force-ssl") {
+      force_ssl = true;
+      continue;
+    }
+
     return usage(argv[0]);
   }
 
@@ -130,69 +134,71 @@ int main(int argc, const char* argv[])
       token,
       keyfile,
       certfile,
-      cafile);
+      cafile,
+      force_ssl);
 
   if (!eosgrpc) {
     return usage(argv[0]);
   }
 
-  std::cout << "=> settings: prefix=" << prefix << " treefile=" << treefile << std::endl;
-
-
+  std::cout << "=> settings: prefix=" << prefix << " treefile=" << treefile <<
+            std::endl;
   std::ifstream input(treefile);
-
   size_t n = 0;
   size_t bulk = 1000;
   bool dirmode = true;
   std::vector<std::string> paths;
-
   std::chrono::steady_clock::time_point watch_global =
     std::chrono::steady_clock::now();
 
-  for ( std::string line ; std::getline ( input, line ); ) {
+  for (std::string line ; std::getline(input, line);) {
     n++;
-    if (line.substr(0,4) == "ino:") {
+
+    if (line.substr(0, 4) == "ino:") {
       line.insert(21, prefix);
     } else {
-      line.insert(0,prefix);
+      line.insert(0, prefix);
     }
+
     std::cout << n << " " << line << std::endl;
+
     if (line.back() == '/') {
       // dir
       if (dirmode) {
-	paths.push_back(line);
+        paths.push_back(line);
       } else {
-	// SEND OFF DIRS
-	int retc = eosgrpc->FileInsert(paths);
-	std::cout << "::send::files" << " retc=" << retc << std::endl;
-	paths.clear();
-	paths.push_back(line);
-	dirmode = true;
+        // SEND OFF DIRS
+        int retc = eosgrpc->FileInsert(paths);
+        std::cout << "::send::files" << " retc=" << retc << std::endl;
+        paths.clear();
+        paths.push_back(line);
+        dirmode = true;
       }
     } else {
       // file
       if (dirmode) {
-	// SEND OFF FILES
-	int retc = eosgrpc->ContainerInsert(paths);
-	std::cout << "::send::dirs " << " retc=" << retc << std::endl;
-	paths.clear();
-	paths.push_back(line);
-	dirmode = false;
+        // SEND OFF FILES
+        int retc = eosgrpc->ContainerInsert(paths);
+        std::cout << "::send::dirs " << " retc=" << retc << std::endl;
+        paths.clear();
+        paths.push_back(line);
+        dirmode = false;
       } else {
-	paths.push_back(line);
+        paths.push_back(line);
       }
     }
+
     if (paths.size() >= bulk) {
       if (dirmode) {
-	// SEND OF DIRS
-	int retc = eosgrpc->ContainerInsert(paths);
-	std::cout << "::send::dirs" << " retc=" << retc << std::endl;
-	paths.clear();
+        // SEND OF DIRS
+        int retc = eosgrpc->ContainerInsert(paths);
+        std::cout << "::send::dirs" << " retc=" << retc << std::endl;
+        paths.clear();
       } else {
-	// SEND OF FILES
-	int retc = eosgrpc->FileInsert(paths);
-	std::cout << "::send::files" << " retc=" << retc << std::endl;
-	paths.clear();
+        // SEND OF FILES
+        int retc = eosgrpc->FileInsert(paths);
+        std::cout << "::send::files" << " retc=" << retc << std::endl;
+        paths.clear();
       }
     }
   }

client/grpc/Md.cc

@@ -9,7 +9,8 @@ int usage(const char* prog)
   fprintf(stderr, "usage: %s [--key <ssl-key-file> "
           "--cert <ssl-cert-file> "
           "--ca <ca-cert-file>] "
-          "[--endpoint <host:port>] [--token <auth-token>] [-l] <path>\n", prog);
+          "[--endpoint <host:port>] [--token <auth-token>] [-l] [--force-ssl] <path>\n",
+          prog);
   return -1;
 }
 
@@ -25,6 +26,7 @@ int main(int argc, const char* argv[])
   std::string cafile;
   std::string path = "";
   bool listing = false;
+  bool force_ssl = false;
 
   for (auto i = 1; i < argc; ++i) {
     std::string option = argv[i];
@@ -84,6 +86,11 @@ int main(int argc, const char* argv[])
       continue;
     }
 
+    if (option == "--force-ssl") {
+      force_ssl = true;
+      continue;
+    }
+
     path = option;
 
     if (argc > (i + 1)) {
@@ -96,7 +103,7 @@ int main(int argc, const char* argv[])
       return usage(argv[0]);
     }
   }
-  
+
   if (path.empty()) {
     return usage(argv[0]);
   }
@@ -107,7 +114,8 @@ int main(int argc, const char* argv[])
       token,
       keyfile,
       certfile,
-      cafile);
+      cafile,
+      force_ssl);
 
   if (!eosgrpc) {
     return usage(argv[0]);