diff options
| author |  Julien Boeuf <jboeuf@google.com> | 2015-08-19 22:17:03 -0700 |
|---|---|---|
| committer | Julien Boeuf <jboeuf@google.com> | 2015-08-19 22:17:03 -0700 |
| commit | ee3dbb00789b463119242ea74c6c7317b42bee48 (patch) | |
| tree | 626ad82373ab04bcc8a37950d8b616065f8190dc | |
| parent | b714648e517ccb647eaa2d79f529f3a0e6067ddf (diff) | |
Have a richer interface for auth metadata processors.
7 files changed, 35 insertions, 19 deletions
diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 640c1fda98..7f8f4d4a05 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -275,12 +275,18 @@ int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx, /* --- Auth Metadata Processing --- */ /* Callback function that is called when the metadata processing is done. - success is 1 if processing succeeded, 0 otherwise. - Consumed metadata will be removed from the set of metadata available on the - call. */ + - Consumed metadata will be removed from the set of metadata available on the + call. consumed_md may be NULL if no metadata has been consumed. + - Response metadata will be set on the response. response_md may be NULL. + - status is GRPC_STATUS_OK for success or a specific status for an error. + Common error status for auth metadata processing is either + GRPC_STATUS_UNAUTHENTICATED in case of an authentication failure or + GRPC_STATUS PERMISSION_DENIED in case of an authorization failure. + - error_details gives details about the error. May be NULL. */ typedef void (*grpc_process_auth_metadata_done_cb)( void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md, - int success); + const grpc_metadata *response_md, size_t num_response_md, + grpc_status_code status, const char *error_details); /* Pluggable server-side metadata processor object. */ typedef struct { diff --git a/src/core/security/server_auth_filter.c b/src/core/security/server_auth_filter.c index 2f42f01f53..6e831431fa 100644 --- a/src/core/security/server_auth_filter.c +++ b/src/core/security/server_auth_filter.c @@ -104,24 +104,34 @@ static grpc_mdelem *remove_consumed_md(void *user_data, grpc_mdelem *md) { return md; } -static void on_md_processing_done(void *user_data, - const grpc_metadata *consumed_md, - size_t num_consumed_md, int success) { +static void on_md_processing_done( + void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md, + const grpc_metadata *response_md, size_t num_response_md, + grpc_status_code status, const char *error_details) { grpc_call_element *elem = user_data; call_data *calld = elem->call_data; - if (success) { + /* TODO(jboeuf): Implement support for response_md. */ + if (response_md != NULL && num_response_md > 0) { + gpr_log(GPR_INFO, + "response_md in auth metadata processing not supported for now. " + "Ignoring..."); + } + + if (status == GRPC_STATUS_OK) { calld->consumed_md = consumed_md; calld->num_consumed_md = num_consumed_md; grpc_metadata_batch_filter(&calld->md_op->data.metadata, remove_consumed_md, elem); - calld->on_done_recv->cb(calld->on_done_recv->cb_arg, success); + calld->on_done_recv->cb(calld->on_done_recv->cb_arg, 1); } else { - gpr_slice message = gpr_slice_from_copied_string( - "Authentication metadata processing failed."); + gpr_slice message; + error_details = error_details != NULL + ? error_details + : "Authentication metadata processing failed."; + message = gpr_slice_from_copied_string(error_details); grpc_sopb_reset(calld->recv_ops); - grpc_transport_stream_op_add_close(&calld->transport_op, - GRPC_STATUS_UNAUTHENTICATED, &message); + grpc_transport_stream_op_add_close(&calld->transport_op, status, &message); grpc_call_next_op(elem, &calld->transport_op); } } diff --git a/test/core/end2end/fixtures/chttp2_fake_security.c b/test/core/end2end/fixtures/chttp2_fake_security.c index 27531ecbc3..a0a67939a2 100644 --- a/test/core/end2end/fixtures/chttp2_fake_security.c +++ b/test/core/end2end/fixtures/chttp2_fake_security.c @@ -70,7 +70,7 @@ static void process_auth_failure(void *state, grpc_auth_context *ctx, grpc_process_auth_metadata_done_cb cb, void *user_data) { GPR_ASSERT(state == NULL); - cb(user_data, NULL, 0, 0); + cb(user_data, NULL, 0, NULL, 0, GRPC_STATUS_UNAUTHENTICATED, NULL); } static void chttp2_init_client_secure_fullstack(grpc_end2end_test_fixture *f, diff --git a/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c b/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c index 491a293764..beae24136c 100644 --- a/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c +++ b/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c @@ -73,7 +73,7 @@ static void process_auth_failure(void *state, grpc_auth_context *ctx, grpc_process_auth_metadata_done_cb cb, void *user_data) { GPR_ASSERT(state == NULL); - cb(user_data, NULL, 0, 0); + cb(user_data, NULL, 0, NULL, 0, GRPC_STATUS_UNAUTHENTICATED, NULL); } static void chttp2_init_client_secure_fullstack(grpc_end2end_test_fixture *f, diff --git a/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack_with_poll.c b/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack_with_poll.c index f2736cc92f..c8971be596 100644 --- a/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack_with_poll.c +++ b/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack_with_poll.c @@ -73,7 +73,7 @@ static void process_auth_failure(void *state, grpc_auth_context *ctx, grpc_process_auth_metadata_done_cb cb, void *user_data) { GPR_ASSERT(state == NULL); - cb(user_data, NULL, 0, 0); + cb(user_data, NULL, 0, NULL, 0, GRPC_STATUS_UNAUTHENTICATED, NULL); } static void chttp2_init_client_secure_fullstack(grpc_end2end_test_fixture *f, diff --git a/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack_with_proxy.c b/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack_with_proxy.c index cc0b9dbbdd..a518a7da15 100644 --- a/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack_with_proxy.c +++ b/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack_with_proxy.c @@ -101,7 +101,7 @@ static void process_auth_failure(void *state, grpc_auth_context *ctx, grpc_process_auth_metadata_done_cb cb, void *user_data) { GPR_ASSERT(state == NULL); - cb(user_data, NULL, 0, 0); + cb(user_data, NULL, 0, NULL, 0, GRPC_STATUS_UNAUTHENTICATED, NULL); } static void chttp2_init_client_secure_fullstack(grpc_end2end_test_fixture *f, diff --git a/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c b/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c index d82e623f22..7f11028cb5 100644 --- a/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c +++ b/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c @@ -79,7 +79,7 @@ static void process_oauth2_success(void *state, grpc_auth_context *ctx, client_identity); GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name( ctx, client_identity_property_name) == 1); - cb(user_data, oauth2, 1, 1); + cb(user_data, oauth2, 1, NULL, 0, GRPC_STATUS_OK, NULL); } static void process_oauth2_failure(void *state, grpc_auth_context *ctx, @@ -90,7 +90,7 @@ static void process_oauth2_failure(void *state, grpc_auth_context *ctx, find_metadata(md, md_count, "Authorization", oauth2_md); GPR_ASSERT(state == NULL); GPR_ASSERT(oauth2 != NULL); - cb(user_data, oauth2, 1, 0); + cb(user_data, oauth2, 1, NULL, 0, GRPC_STATUS_UNAUTHENTICATED, NULL); } static grpc_end2end_test_fixture chttp2_create_fixture_secure_fullstack( |