diff options
author | Alexander Polcyn <apolcyn@google.com> | 2017-11-13 16:31:27 -0800 |
---|---|---|
committer | Alexander Polcyn <apolcyn@google.com> | 2017-11-13 16:31:27 -0800 |
commit | 248c4f5848c8761fc16352e1f2f1e6d047780b4e (patch) | |
tree | db3bc383eeccf2599a2c3ddae821ad363c74515a /src/core/lib/security | |
parent | 3f6b10afba43e2855efd2fbeb3f1f4ea6c2a9657 (diff) | |
parent | e52772451a7bbf4f3f7b72cfc369781fd74a6930 (diff) |
Merge remote-tracking branch 'upstream/master' into pass_args_to_tsi
Diffstat (limited to 'src/core/lib/security')
40 files changed, 1875 insertions, 1599 deletions
diff --git a/src/core/lib/security/context/security_context.cc b/src/core/lib/security/context/security_context.cc index 31d800b9b4..b2b90e86e0 100644 --- a/src/core/lib/security/context/security_context.cc +++ b/src/core/lib/security/context/security_context.cc @@ -36,17 +36,17 @@ grpc_tracer_flag grpc_trace_auth_context_refcount = /* --- grpc_call --- */ -grpc_call_error grpc_call_set_credentials(grpc_call *call, - grpc_call_credentials *creds) { +grpc_call_error grpc_call_set_credentials(grpc_call* call, + grpc_call_credentials* creds) { grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; - grpc_client_security_context *ctx = NULL; + grpc_client_security_context* ctx = NULL; GRPC_API_TRACE("grpc_call_set_credentials(call=%p, creds=%p)", 2, (call, creds)); if (!grpc_call_is_client(call)) { gpr_log(GPR_ERROR, "Method is client-side only."); return GRPC_CALL_ERROR_NOT_ON_SERVER; } - ctx = (grpc_client_security_context *)grpc_call_context_get( + ctx = (grpc_client_security_context*)grpc_call_context_get( call, GRPC_CONTEXT_SECURITY); if (ctx == NULL) { ctx = grpc_client_security_context_create(); @@ -61,34 +61,34 @@ grpc_call_error grpc_call_set_credentials(grpc_call *call, return GRPC_CALL_OK; } -grpc_auth_context *grpc_call_auth_context(grpc_call *call) { - void *sec_ctx = grpc_call_context_get(call, GRPC_CONTEXT_SECURITY); +grpc_auth_context* grpc_call_auth_context(grpc_call* call) { + void* sec_ctx = grpc_call_context_get(call, GRPC_CONTEXT_SECURITY); GRPC_API_TRACE("grpc_call_auth_context(call=%p)", 1, (call)); if (sec_ctx == NULL) return NULL; return grpc_call_is_client(call) ? GRPC_AUTH_CONTEXT_REF( - ((grpc_client_security_context *)sec_ctx)->auth_context, + ((grpc_client_security_context*)sec_ctx)->auth_context, "grpc_call_auth_context client") : GRPC_AUTH_CONTEXT_REF( - ((grpc_server_security_context *)sec_ctx)->auth_context, + ((grpc_server_security_context*)sec_ctx)->auth_context, "grpc_call_auth_context server"); } -void grpc_auth_context_release(grpc_auth_context *context) { +void grpc_auth_context_release(grpc_auth_context* context) { GRPC_API_TRACE("grpc_auth_context_release(context=%p)", 1, (context)); GRPC_AUTH_CONTEXT_UNREF(context, "grpc_auth_context_unref"); } /* --- grpc_client_security_context --- */ -grpc_client_security_context *grpc_client_security_context_create(void) { - return (grpc_client_security_context *)gpr_zalloc( +grpc_client_security_context* grpc_client_security_context_create(void) { + return (grpc_client_security_context*)gpr_zalloc( sizeof(grpc_client_security_context)); } -void grpc_client_security_context_destroy(void *ctx) { +void grpc_client_security_context_destroy(void* ctx) { grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; - grpc_client_security_context *c = (grpc_client_security_context *)ctx; + grpc_client_security_context* c = (grpc_client_security_context*)ctx; grpc_call_credentials_unref(&exec_ctx, c->creds); GRPC_AUTH_CONTEXT_UNREF(c->auth_context, "client_security_context"); if (c->extension.instance != NULL && c->extension.destroy != NULL) { @@ -100,13 +100,13 @@ void grpc_client_security_context_destroy(void *ctx) { /* --- grpc_server_security_context --- */ -grpc_server_security_context *grpc_server_security_context_create(void) { - return (grpc_server_security_context *)gpr_zalloc( +grpc_server_security_context* grpc_server_security_context_create(void) { + return (grpc_server_security_context*)gpr_zalloc( sizeof(grpc_server_security_context)); } -void grpc_server_security_context_destroy(void *ctx) { - grpc_server_security_context *c = (grpc_server_security_context *)ctx; +void grpc_server_security_context_destroy(void* ctx) { + grpc_server_security_context* c = (grpc_server_security_context*)ctx; GRPC_AUTH_CONTEXT_UNREF(c->auth_context, "server_security_context"); if (c->extension.instance != NULL && c->extension.destroy != NULL) { c->extension.destroy(c->extension.instance); @@ -118,9 +118,9 @@ void grpc_server_security_context_destroy(void *ctx) { static grpc_auth_property_iterator empty_iterator = {NULL, 0, NULL}; -grpc_auth_context *grpc_auth_context_create(grpc_auth_context *chained) { - grpc_auth_context *ctx = - (grpc_auth_context *)gpr_zalloc(sizeof(grpc_auth_context)); +grpc_auth_context* grpc_auth_context_create(grpc_auth_context* chained) { + grpc_auth_context* ctx = + (grpc_auth_context*)gpr_zalloc(sizeof(grpc_auth_context)); gpr_ref_init(&ctx->refcount, 1); if (chained != NULL) { ctx->chained = GRPC_AUTH_CONTEXT_REF(chained, "chained"); @@ -131,9 +131,9 @@ grpc_auth_context *grpc_auth_context_create(grpc_auth_context *chained) { } #ifndef NDEBUG -grpc_auth_context *grpc_auth_context_ref(grpc_auth_context *ctx, - const char *file, int line, - const char *reason) { +grpc_auth_context* grpc_auth_context_ref(grpc_auth_context* ctx, + const char* file, int line, + const char* reason) { if (ctx == NULL) return NULL; if (GRPC_TRACER_ON(grpc_trace_auth_context_refcount)) { gpr_atm val = gpr_atm_no_barrier_load(&ctx->refcount.count); @@ -142,7 +142,7 @@ grpc_auth_context *grpc_auth_context_ref(grpc_auth_context *ctx, val + 1, reason); } #else -grpc_auth_context *grpc_auth_context_ref(grpc_auth_context *ctx) { +grpc_auth_context* grpc_auth_context_ref(grpc_auth_context* ctx) { if (ctx == NULL) return NULL; #endif gpr_ref(&ctx->refcount); @@ -150,8 +150,8 @@ grpc_auth_context *grpc_auth_context_ref(grpc_auth_context *ctx) { } #ifndef NDEBUG -void grpc_auth_context_unref(grpc_auth_context *ctx, const char *file, int line, - const char *reason) { +void grpc_auth_context_unref(grpc_auth_context* ctx, const char* file, int line, + const char* reason) { if (ctx == NULL) return; if (GRPC_TRACER_ON(grpc_trace_auth_context_refcount)) { gpr_atm val = gpr_atm_no_barrier_load(&ctx->refcount.count); @@ -160,7 +160,7 @@ void grpc_auth_context_unref(grpc_auth_context *ctx, const char *file, int line, val - 1, reason); } #else -void grpc_auth_context_unref(grpc_auth_context *ctx) { +void grpc_auth_context_unref(grpc_auth_context* ctx) { if (ctx == NULL) return; #endif if (gpr_unref(&ctx->refcount)) { @@ -176,18 +176,18 @@ void grpc_auth_context_unref(grpc_auth_context *ctx) { } } -const char *grpc_auth_context_peer_identity_property_name( - const grpc_auth_context *ctx) { +const char* grpc_auth_context_peer_identity_property_name( + const grpc_auth_context* ctx) { GRPC_API_TRACE("grpc_auth_context_peer_identity_property_name(ctx=%p)", 1, (ctx)); return ctx->peer_identity_property_name; } -int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx, - const char *name) { +int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context* ctx, + const char* name) { grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name(ctx, name); - const grpc_auth_property *prop = grpc_auth_property_iterator_next(&it); + const grpc_auth_property* prop = grpc_auth_property_iterator_next(&it); GRPC_API_TRACE( "grpc_auth_context_set_peer_identity_property_name(ctx=%p, name=%s)", 2, (ctx, name)); @@ -200,13 +200,13 @@ int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx, return 1; } -int grpc_auth_context_peer_is_authenticated(const grpc_auth_context *ctx) { +int grpc_auth_context_peer_is_authenticated(const grpc_auth_context* ctx) { GRPC_API_TRACE("grpc_auth_context_peer_is_authenticated(ctx=%p)", 1, (ctx)); return ctx->peer_identity_property_name == NULL ? 0 : 1; } grpc_auth_property_iterator grpc_auth_context_property_iterator( - const grpc_auth_context *ctx) { + const grpc_auth_context* ctx) { grpc_auth_property_iterator it = empty_iterator; GRPC_API_TRACE("grpc_auth_context_property_iterator(ctx=%p)", 1, (ctx)); if (ctx == NULL) return it; @@ -214,8 +214,8 @@ grpc_auth_property_iterator grpc_auth_context_property_iterator( return it; } -const grpc_auth_property *grpc_auth_property_iterator_next( - grpc_auth_property_iterator *it) { +const grpc_auth_property* grpc_auth_property_iterator_next( + grpc_auth_property_iterator* it) { GRPC_API_TRACE("grpc_auth_property_iterator_next(it=%p)", 1, (it)); if (it == NULL || it->ctx == NULL) return NULL; while (it->index == it->ctx->properties.count) { @@ -227,7 +227,7 @@ const grpc_auth_property *grpc_auth_property_iterator_next( return &it->ctx->properties.array[it->index++]; } else { while (it->index < it->ctx->properties.count) { - const grpc_auth_property *prop = &it->ctx->properties.array[it->index++]; + const grpc_auth_property* prop = &it->ctx->properties.array[it->index++]; GPR_ASSERT(prop->name != NULL); if (strcmp(it->name, prop->name) == 0) { return prop; @@ -239,7 +239,7 @@ const grpc_auth_property *grpc_auth_property_iterator_next( } grpc_auth_property_iterator grpc_auth_context_find_properties_by_name( - const grpc_auth_context *ctx, const char *name) { + const grpc_auth_context* ctx, const char* name) { grpc_auth_property_iterator it = empty_iterator; GRPC_API_TRACE("grpc_auth_context_find_properties_by_name(ctx=%p, name=%s)", 2, (ctx, name)); @@ -250,44 +250,45 @@ grpc_auth_property_iterator grpc_auth_context_find_properties_by_name( } grpc_auth_property_iterator grpc_auth_context_peer_identity( - const grpc_auth_context *ctx) { + const grpc_auth_context* ctx) { GRPC_API_TRACE("grpc_auth_context_peer_identity(ctx=%p)", 1, (ctx)); if (ctx == NULL) return empty_iterator; return grpc_auth_context_find_properties_by_name( ctx, ctx->peer_identity_property_name); } -static void ensure_auth_context_capacity(grpc_auth_context *ctx) { +static void ensure_auth_context_capacity(grpc_auth_context* ctx) { if (ctx->properties.count == ctx->properties.capacity) { ctx->properties.capacity = GPR_MAX(ctx->properties.capacity + 8, ctx->properties.capacity * 2); - ctx->properties.array = (grpc_auth_property *)gpr_realloc( + ctx->properties.array = (grpc_auth_property*)gpr_realloc( ctx->properties.array, ctx->properties.capacity * sizeof(grpc_auth_property)); } } -void grpc_auth_context_add_property(grpc_auth_context *ctx, const char *name, - const char *value, size_t value_length) { - grpc_auth_property *prop; +void grpc_auth_context_add_property(grpc_auth_context* ctx, const char* name, + const char* value, size_t value_length) { + grpc_auth_property* prop; GRPC_API_TRACE( "grpc_auth_context_add_property(ctx=%p, name=%s, value=%*.*s, " "value_length=%lu)", - 6, (ctx, name, (int)value_length, (int)value_length, value, - (unsigned long)value_length)); + 6, + (ctx, name, (int)value_length, (int)value_length, value, + (unsigned long)value_length)); ensure_auth_context_capacity(ctx); prop = &ctx->properties.array[ctx->properties.count++]; prop->name = gpr_strdup(name); - prop->value = (char *)gpr_malloc(value_length + 1); + prop->value = (char*)gpr_malloc(value_length + 1); memcpy(prop->value, value, value_length); prop->value[value_length] = '\0'; prop->value_length = value_length; } -void grpc_auth_context_add_cstring_property(grpc_auth_context *ctx, - const char *name, - const char *value) { - grpc_auth_property *prop; +void grpc_auth_context_add_cstring_property(grpc_auth_context* ctx, + const char* name, + const char* value) { + grpc_auth_property* prop; GRPC_API_TRACE( "grpc_auth_context_add_cstring_property(ctx=%p, name=%s, value=%s)", 3, (ctx, name, value)); @@ -298,48 +299,48 @@ void grpc_auth_context_add_cstring_property(grpc_auth_context *ctx, prop->value_length = strlen(value); } -void grpc_auth_property_reset(grpc_auth_property *property) { +void grpc_auth_property_reset(grpc_auth_property* property) { gpr_free(property->name); gpr_free(property->value); memset(property, 0, sizeof(grpc_auth_property)); } -static void auth_context_pointer_arg_destroy(grpc_exec_ctx *exec_ctx, void *p) { - GRPC_AUTH_CONTEXT_UNREF((grpc_auth_context *)p, "auth_context_pointer_arg"); +static void auth_context_pointer_arg_destroy(grpc_exec_ctx* exec_ctx, void* p) { + GRPC_AUTH_CONTEXT_UNREF((grpc_auth_context*)p, "auth_context_pointer_arg"); } -static void *auth_context_pointer_arg_copy(void *p) { - return GRPC_AUTH_CONTEXT_REF((grpc_auth_context *)p, +static void* auth_context_pointer_arg_copy(void* p) { + return GRPC_AUTH_CONTEXT_REF((grpc_auth_context*)p, "auth_context_pointer_arg"); } -static int auth_context_pointer_cmp(void *a, void *b) { return GPR_ICMP(a, b); } +static int auth_context_pointer_cmp(void* a, void* b) { return GPR_ICMP(a, b); } static const grpc_arg_pointer_vtable auth_context_pointer_vtable = { auth_context_pointer_arg_copy, auth_context_pointer_arg_destroy, auth_context_pointer_cmp}; -grpc_arg grpc_auth_context_to_arg(grpc_auth_context *p) { - return grpc_channel_arg_pointer_create((char *)GRPC_AUTH_CONTEXT_ARG, p, +grpc_arg grpc_auth_context_to_arg(grpc_auth_context* p) { + return grpc_channel_arg_pointer_create((char*)GRPC_AUTH_CONTEXT_ARG, p, &auth_context_pointer_vtable); } -grpc_auth_context *grpc_auth_context_from_arg(const grpc_arg *arg) { +grpc_auth_context* grpc_auth_context_from_arg(const grpc_arg* arg) { if (strcmp(arg->key, GRPC_AUTH_CONTEXT_ARG) != 0) return NULL; if (arg->type != GRPC_ARG_POINTER) { gpr_log(GPR_ERROR, "Invalid type %d for arg %s", arg->type, GRPC_AUTH_CONTEXT_ARG); return NULL; } - return (grpc_auth_context *)arg->value.pointer.p; + return (grpc_auth_context*)arg->value.pointer.p; } -grpc_auth_context *grpc_find_auth_context_in_args( - const grpc_channel_args *args) { +grpc_auth_context* grpc_find_auth_context_in_args( + const grpc_channel_args* args) { size_t i; if (args == NULL) return NULL; for (i = 0; i < args->num_args; i++) { - grpc_auth_context *p = grpc_auth_context_from_arg(&args->args[i]); + grpc_auth_context* p = grpc_auth_context_from_arg(&args->args[i]); if (p != NULL) return p; } return NULL; diff --git a/src/core/lib/security/context/security_context.h b/src/core/lib/security/context/security_context.h index 0df39257a7..4f049c4a3b 100644 --- a/src/core/lib/security/context/security_context.h +++ b/src/core/lib/security/context/security_context.h @@ -37,21 +37,21 @@ extern "C" { /* Property names are always NULL terminated. */ typedef struct { - grpc_auth_property *array; + grpc_auth_property* array; size_t count; size_t capacity; } grpc_auth_property_array; struct grpc_auth_context { - struct grpc_auth_context *chained; + struct grpc_auth_context* chained; grpc_auth_property_array properties; gpr_refcount refcount; - const char *peer_identity_property_name; - grpc_pollset *pollset; + const char* peer_identity_property_name; + grpc_pollset* pollset; }; /* Creation. */ -grpc_auth_context *grpc_auth_context_create(grpc_auth_context *chained); +grpc_auth_context* grpc_auth_context_create(grpc_auth_context* chained); /* Refcounting. */ #ifndef NDEBUG @@ -59,19 +59,19 @@ grpc_auth_context *grpc_auth_context_create(grpc_auth_context *chained); grpc_auth_context_ref((p), __FILE__, __LINE__, (r)) #define GRPC_AUTH_CONTEXT_UNREF(p, r) \ grpc_auth_context_unref((p), __FILE__, __LINE__, (r)) -grpc_auth_context *grpc_auth_context_ref(grpc_auth_context *policy, - const char *file, int line, - const char *reason); -void grpc_auth_context_unref(grpc_auth_context *policy, const char *file, - int line, const char *reason); +grpc_auth_context* grpc_auth_context_ref(grpc_auth_context* policy, + const char* file, int line, + const char* reason); +void grpc_auth_context_unref(grpc_auth_context* policy, const char* file, + int line, const char* reason); #else #define GRPC_AUTH_CONTEXT_REF(p, r) grpc_auth_context_ref((p)) #define GRPC_AUTH_CONTEXT_UNREF(p, r) grpc_auth_context_unref((p)) -grpc_auth_context *grpc_auth_context_ref(grpc_auth_context *policy); -void grpc_auth_context_unref(grpc_auth_context *policy); +grpc_auth_context* grpc_auth_context_ref(grpc_auth_context* policy); +void grpc_auth_context_unref(grpc_auth_context* policy); #endif -void grpc_auth_property_reset(grpc_auth_property *property); +void grpc_auth_property_reset(grpc_auth_property* property); /* --- grpc_security_context_extension --- @@ -79,8 +79,8 @@ void grpc_auth_property_reset(grpc_auth_property *property); later by a higher level method on a grpc_call object. */ typedef struct { - void *instance; - void (*destroy)(void *); + void* instance; + void (*destroy)(void*); } grpc_security_context_extension; /* --- grpc_client_security_context --- @@ -88,33 +88,33 @@ typedef struct { Internal client-side security context. */ typedef struct { - grpc_call_credentials *creds; - grpc_auth_context *auth_context; + grpc_call_credentials* creds; + grpc_auth_context* auth_context; grpc_security_context_extension extension; } grpc_client_security_context; -grpc_client_security_context *grpc_client_security_context_create(void); -void grpc_client_security_context_destroy(void *ctx); +grpc_client_security_context* grpc_client_security_context_create(void); +void grpc_client_security_context_destroy(void* ctx); /* --- grpc_server_security_context --- Internal server-side security context. */ typedef struct { - grpc_auth_context *auth_context; + grpc_auth_context* auth_context; grpc_security_context_extension extension; } grpc_server_security_context; -grpc_server_security_context *grpc_server_security_context_create(void); -void grpc_server_security_context_destroy(void *ctx); +grpc_server_security_context* grpc_server_security_context_create(void); +void grpc_server_security_context_destroy(void* ctx); /* --- Channel args for auth context --- */ #define GRPC_AUTH_CONTEXT_ARG "grpc.auth_context" -grpc_arg grpc_auth_context_to_arg(grpc_auth_context *c); -grpc_auth_context *grpc_auth_context_from_arg(const grpc_arg *arg); -grpc_auth_context *grpc_find_auth_context_in_args( - const grpc_channel_args *args); +grpc_arg grpc_auth_context_to_arg(grpc_auth_context* c); +grpc_auth_context* grpc_auth_context_from_arg(const grpc_arg* arg); +grpc_auth_context* grpc_find_auth_context_in_args( + const grpc_channel_args* args); #ifdef __cplusplus } diff --git a/src/core/lib/security/credentials/composite/composite_credentials.cc b/src/core/lib/security/credentials/composite/composite_credentials.cc index 779300ac07..5eb7f9d09e 100644 --- a/src/core/lib/security/credentials/composite/composite_credentials.cc +++ b/src/core/lib/security/credentials/composite/composite_credentials.cc @@ -30,32 +30,32 @@ /* -- Composite call credentials. -- */ typedef struct { - grpc_composite_call_credentials *composite_creds; + grpc_composite_call_credentials* composite_creds; size_t creds_index; - grpc_polling_entity *pollent; + grpc_polling_entity* pollent; grpc_auth_metadata_context auth_md_context; - grpc_credentials_mdelem_array *md_array; - grpc_closure *on_request_metadata; + grpc_credentials_mdelem_array* md_array; + grpc_closure* on_request_metadata; grpc_closure internal_on_request_metadata; } grpc_composite_call_credentials_metadata_context; -static void composite_call_destruct(grpc_exec_ctx *exec_ctx, - grpc_call_credentials *creds) { - grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds; +static void composite_call_destruct(grpc_exec_ctx* exec_ctx, + grpc_call_credentials* creds) { + grpc_composite_call_credentials* c = (grpc_composite_call_credentials*)creds; for (size_t i = 0; i < c->inner.num_creds; i++) { grpc_call_credentials_unref(exec_ctx, c->inner.creds_array[i]); } gpr_free(c->inner.creds_array); } -static void composite_call_metadata_cb(grpc_exec_ctx *exec_ctx, void *arg, - grpc_error *error) { - grpc_composite_call_credentials_metadata_context *ctx = - (grpc_composite_call_credentials_metadata_context *)arg; +static void composite_call_metadata_cb(grpc_exec_ctx* exec_ctx, void* arg, + grpc_error* error) { + grpc_composite_call_credentials_metadata_context* ctx = + (grpc_composite_call_credentials_metadata_context*)arg; if (error == GRPC_ERROR_NONE) { /* See if we need to get some more metadata. */ if (ctx->creds_index < ctx->composite_creds->inner.num_creds) { - grpc_call_credentials *inner_creds = + grpc_call_credentials* inner_creds = ctx->composite_creds->inner.creds_array[ctx->creds_index++]; if (grpc_call_credentials_get_request_metadata( exec_ctx, inner_creds, ctx->pollent, ctx->auth_md_context, @@ -73,13 +73,13 @@ static void composite_call_metadata_cb(grpc_exec_ctx *exec_ctx, void *arg, } static bool composite_call_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, - grpc_polling_entity *pollent, grpc_auth_metadata_context auth_md_context, - grpc_credentials_mdelem_array *md_array, grpc_closure *on_request_metadata, - grpc_error **error) { - grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds; - grpc_composite_call_credentials_metadata_context *ctx; - ctx = (grpc_composite_call_credentials_metadata_context *)gpr_zalloc( + grpc_exec_ctx* exec_ctx, grpc_call_credentials* creds, + grpc_polling_entity* pollent, grpc_auth_metadata_context auth_md_context, + grpc_credentials_mdelem_array* md_array, grpc_closure* on_request_metadata, + grpc_error** error) { + grpc_composite_call_credentials* c = (grpc_composite_call_credentials*)creds; + grpc_composite_call_credentials_metadata_context* ctx; + ctx = (grpc_composite_call_credentials_metadata_context*)gpr_zalloc( sizeof(grpc_composite_call_credentials_metadata_context)); ctx->composite_creds = c; ctx->pollent = pollent; @@ -90,7 +90,7 @@ static bool composite_call_get_request_metadata( composite_call_metadata_cb, ctx, grpc_schedule_on_exec_ctx); bool synchronous = true; while (ctx->creds_index < ctx->composite_creds->inner.num_creds) { - grpc_call_credentials *inner_creds = + grpc_call_credentials* inner_creds = ctx->composite_creds->inner.creds_array[ctx->creds_index++]; if (grpc_call_credentials_get_request_metadata( exec_ctx, inner_creds, ctx->pollent, ctx->auth_md_context, @@ -106,9 +106,9 @@ static bool composite_call_get_request_metadata( } static void composite_call_cancel_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, - grpc_credentials_mdelem_array *md_array, grpc_error *error) { - grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds; + grpc_exec_ctx* exec_ctx, grpc_call_credentials* creds, + grpc_credentials_mdelem_array* md_array, grpc_error* error) { + grpc_composite_call_credentials* c = (grpc_composite_call_credentials*)creds; for (size_t i = 0; i < c->inner.num_creds; ++i) { grpc_call_credentials_cancel_get_request_metadata( exec_ctx, c->inner.creds_array[i], md_array, GRPC_ERROR_REF(error)); @@ -121,9 +121,9 @@ static grpc_call_credentials_vtable composite_call_credentials_vtable = { composite_call_cancel_get_request_metadata}; static grpc_call_credentials_array get_creds_array( - grpc_call_credentials **creds_addr) { + grpc_call_credentials** creds_addr) { grpc_call_credentials_array result; - grpc_call_credentials *creds = *creds_addr; + grpc_call_credentials* creds = *creds_addr; result.creds_array = creds_addr; result.num_creds = 1; if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) { @@ -132,14 +132,14 @@ static grpc_call_credentials_array get_creds_array( return result; } -grpc_call_credentials *grpc_composite_call_credentials_create( - grpc_call_credentials *creds1, grpc_call_credentials *creds2, - void *reserved) { +grpc_call_credentials* grpc_composite_call_credentials_create( + grpc_call_credentials* creds1, grpc_call_credentials* creds2, + void* reserved) { size_t i; size_t creds_array_byte_size; grpc_call_credentials_array creds1_array; grpc_call_credentials_array creds2_array; - grpc_composite_call_credentials *c; + grpc_composite_call_credentials* c; GRPC_API_TRACE( "grpc_composite_call_credentials_create(creds1=%p, creds2=%p, " "reserved=%p)", @@ -147,7 +147,7 @@ grpc_call_credentials *grpc_composite_call_credentials_create( GPR_ASSERT(reserved == NULL); GPR_ASSERT(creds1 != NULL); GPR_ASSERT(creds2 != NULL); - c = (grpc_composite_call_credentials *)gpr_zalloc( + c = (grpc_composite_call_credentials*)gpr_zalloc( sizeof(grpc_composite_call_credentials)); c->base.type = GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE; c->base.vtable = &composite_call_credentials_vtable; @@ -155,38 +155,38 @@ grpc_call_credentials *grpc_composite_call_credentials_create( creds1_array = get_creds_array(&creds1); creds2_array = get_creds_array(&creds2); c->inner.num_creds = creds1_array.num_creds + creds2_array.num_creds; - creds_array_byte_size = c->inner.num_creds * sizeof(grpc_call_credentials *); + creds_array_byte_size = c->inner.num_creds * sizeof(grpc_call_credentials*); c->inner.creds_array = - (grpc_call_credentials **)gpr_zalloc(creds_array_byte_size); + (grpc_call_credentials**)gpr_zalloc(creds_array_byte_size); for (i = 0; i < creds1_array.num_creds; i++) { - grpc_call_credentials *cur_creds = creds1_array.creds_array[i]; + grpc_call_credentials* cur_creds = creds1_array.creds_array[i]; c->inner.creds_array[i] = grpc_call_credentials_ref(cur_creds); } for (i = 0; i < creds2_array.num_creds; i++) { - grpc_call_credentials *cur_creds = creds2_array.creds_array[i]; + grpc_call_credentials* cur_creds = creds2_array.creds_array[i]; c->inner.creds_array[i + creds1_array.num_creds] = grpc_call_credentials_ref(cur_creds); } return &c->base; } -const grpc_call_credentials_array * -grpc_composite_call_credentials_get_credentials(grpc_call_credentials *creds) { - const grpc_composite_call_credentials *c = - (const grpc_composite_call_credentials *)creds; +const grpc_call_credentials_array* +grpc_composite_call_credentials_get_credentials(grpc_call_credentials* creds) { + const grpc_composite_call_credentials* c = + (const grpc_composite_call_credentials*)creds; GPR_ASSERT(strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0); return &c->inner; } -grpc_call_credentials *grpc_credentials_contains_type( - grpc_call_credentials *creds, const char *type, - grpc_call_credentials **composite_creds) { +grpc_call_credentials* grpc_credentials_contains_type( + grpc_call_credentials* creds, const char* type, + grpc_call_credentials** composite_creds) { size_t i; if (strcmp(creds->type, type) == 0) { if (composite_creds != NULL) *composite_creds = NULL; return creds; } else if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) { - const grpc_call_credentials_array *inner_creds_array = + const grpc_call_credentials_array* inner_creds_array = grpc_composite_call_credentials_get_credentials(creds); for (i = 0; i < inner_creds_array->num_creds; i++) { if (strcmp(type, inner_creds_array->creds_array[i]->type) == 0) { @@ -200,21 +200,21 @@ grpc_call_credentials *grpc_credentials_contains_type( /* -- Composite channel credentials. -- */ -static void composite_channel_destruct(grpc_exec_ctx *exec_ctx, - grpc_channel_credentials *creds) { - grpc_composite_channel_credentials *c = - (grpc_composite_channel_credentials *)creds; +static void composite_channel_destruct(grpc_exec_ctx* exec_ctx, + grpc_channel_credentials* creds) { + grpc_composite_channel_credentials* c = + (grpc_composite_channel_credentials*)creds; grpc_channel_credentials_unref(exec_ctx, c->inner_creds); grpc_call_credentials_unref(exec_ctx, c->call_creds); } static grpc_security_status composite_channel_create_security_connector( - grpc_exec_ctx *exec_ctx, grpc_channel_credentials *creds, - grpc_call_credentials *call_creds, const char *target, - const grpc_channel_args *args, grpc_channel_security_connector **sc, - grpc_channel_args **new_args) { - grpc_composite_channel_credentials *c = - (grpc_composite_channel_credentials *)creds; + grpc_exec_ctx* exec_ctx, grpc_channel_credentials* creds, + grpc_call_credentials* call_creds, const char* target, + const grpc_channel_args* args, grpc_channel_security_connector** sc, + grpc_channel_args** new_args) { + grpc_composite_channel_credentials* c = + (grpc_composite_channel_credentials*)creds; grpc_security_status status = GRPC_SECURITY_ERROR; GPR_ASSERT(c->inner_creds != NULL && c->call_creds != NULL && @@ -223,7 +223,7 @@ static grpc_security_status composite_channel_create_security_connector( /* If we are passed a call_creds, create a call composite to pass it downstream. */ if (call_creds != NULL) { - grpc_call_credentials *composite_call_creds = + grpc_call_credentials* composite_call_creds = grpc_composite_call_credentials_create(c->call_creds, call_creds, NULL); status = c->inner_creds->vtable->create_security_connector( exec_ctx, c->inner_creds, composite_call_creds, target, args, sc, @@ -236,11 +236,11 @@ static grpc_security_status composite_channel_create_security_connector( return status; } -static grpc_channel_credentials * +static grpc_channel_credentials* composite_channel_duplicate_without_call_credentials( - grpc_channel_credentials *creds) { - grpc_composite_channel_credentials *c = - (grpc_composite_channel_credentials *)creds; + grpc_channel_credentials* creds) { + grpc_composite_channel_credentials* c = + (grpc_composite_channel_credentials*)creds; return grpc_channel_credentials_ref(c->inner_creds); } @@ -248,11 +248,11 @@ static grpc_channel_credentials_vtable composite_channel_credentials_vtable = { composite_channel_destruct, composite_channel_create_security_connector, composite_channel_duplicate_without_call_credentials}; -grpc_channel_credentials *grpc_composite_channel_credentials_create( - grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, - void *reserved) { - grpc_composite_channel_credentials *c = - (grpc_composite_channel_credentials *)gpr_zalloc(sizeof(*c)); +grpc_channel_credentials* grpc_composite_channel_credentials_create( + grpc_channel_credentials* channel_creds, grpc_call_credentials* call_creds, + void* reserved) { + grpc_composite_channel_credentials* c = + (grpc_composite_channel_credentials*)gpr_zalloc(sizeof(*c)); GPR_ASSERT(channel_creds != NULL && call_creds != NULL && reserved == NULL); GRPC_API_TRACE( "grpc_composite_channel_credentials_create(channel_creds=%p, " diff --git a/src/core/lib/security/credentials/composite/composite_credentials.h b/src/core/lib/security/credentials/composite/composite_credentials.h index 6e9f9a8f6f..efb5f4f0c4 100644 --- a/src/core/lib/security/credentials/composite/composite_credentials.h +++ b/src/core/lib/security/credentials/composite/composite_credentials.h @@ -26,28 +26,28 @@ extern "C" { #endif typedef struct { - grpc_call_credentials **creds_array; + grpc_call_credentials** creds_array; size_t num_creds; } grpc_call_credentials_array; -const grpc_call_credentials_array * +const grpc_call_credentials_array* grpc_composite_call_credentials_get_credentials( - grpc_call_credentials *composite_creds); + grpc_call_credentials* composite_creds); /* Returns creds if creds is of the specified type or the inner creds of the specified type (if found), if the creds is of type COMPOSITE. If composite_creds is not NULL, *composite_creds will point to creds if of type COMPOSITE in case of success. */ -grpc_call_credentials *grpc_credentials_contains_type( - grpc_call_credentials *creds, const char *type, - grpc_call_credentials **composite_creds); +grpc_call_credentials* grpc_credentials_contains_type( + grpc_call_credentials* creds, const char* type, + grpc_call_credentials** composite_creds); /* -- Composite channel credentials. -- */ typedef struct { grpc_channel_credentials base; - grpc_channel_credentials *inner_creds; - grpc_call_credentials *call_creds; + grpc_channel_credentials* inner_creds; + grpc_call_credentials* call_creds; } grpc_composite_channel_credentials; /* -- Composite call credentials. -- */ @@ -62,4 +62,4 @@ typedef struct { #endif #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_COMPOSITE_COMPOSITE_CREDENTIALS_H \ - */ + */ diff --git a/src/core/lib/security/credentials/credentials.cc b/src/core/lib/security/credentials/credentials.cc index ebbf350865..e60d022f1b 100644 --- a/src/core/lib/security/credentials/credentials.cc +++ b/src/core/lib/security/credentials/credentials.cc @@ -37,31 +37,31 @@ /* -- Common. -- */ -grpc_credentials_metadata_request *grpc_credentials_metadata_request_create( - grpc_call_credentials *creds) { - grpc_credentials_metadata_request *r = - (grpc_credentials_metadata_request *)gpr_zalloc( +grpc_credentials_metadata_request* grpc_credentials_metadata_request_create( + grpc_call_credentials* creds) { + grpc_credentials_metadata_request* r = + (grpc_credentials_metadata_request*)gpr_zalloc( sizeof(grpc_credentials_metadata_request)); r->creds = grpc_call_credentials_ref(creds); return r; } void grpc_credentials_metadata_request_destroy( - grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *r) { + grpc_exec_ctx* exec_ctx, grpc_credentials_metadata_request* r) { grpc_call_credentials_unref(exec_ctx, r->creds); grpc_http_response_destroy(&r->response); gpr_free(r); } -grpc_channel_credentials *grpc_channel_credentials_ref( - grpc_channel_credentials *creds) { +grpc_channel_credentials* grpc_channel_credentials_ref( + grpc_channel_credentials* creds) { if (creds == NULL) return NULL; gpr_ref(&creds->refcount); return creds; } -void grpc_channel_credentials_unref(grpc_exec_ctx *exec_ctx, - grpc_channel_credentials *creds) { +void grpc_channel_credentials_unref(grpc_exec_ctx* exec_ctx, + grpc_channel_credentials* creds) { if (creds == NULL) return; if (gpr_unref(&creds->refcount)) { if (creds->vtable->destruct != NULL) { @@ -71,21 +71,21 @@ void grpc_channel_credentials_unref(grpc_exec_ctx *exec_ctx, } } -void grpc_channel_credentials_release(grpc_channel_credentials *creds) { +void grpc_channel_credentials_release(grpc_channel_credentials* creds) { GRPC_API_TRACE("grpc_channel_credentials_release(creds=%p)", 1, (creds)); grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; grpc_channel_credentials_unref(&exec_ctx, creds); grpc_exec_ctx_finish(&exec_ctx); } -grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds) { +grpc_call_credentials* grpc_call_credentials_ref(grpc_call_credentials* creds) { if (creds == NULL) return NULL; gpr_ref(&creds->refcount); return creds; } -void grpc_call_credentials_unref(grpc_exec_ctx *exec_ctx, - grpc_call_credentials *creds) { +void grpc_call_credentials_unref(grpc_exec_ctx* exec_ctx, + grpc_call_credentials* creds) { if (creds == NULL) return; if (gpr_unref(&creds->refcount)) { if (creds->vtable->destruct != NULL) { @@ -95,7 +95,7 @@ void grpc_call_credentials_unref(grpc_exec_ctx *exec_ctx, } } -void grpc_call_credentials_release(grpc_call_credentials *creds) { +void grpc_call_credentials_release(grpc_call_credentials* creds) { GRPC_API_TRACE("grpc_call_credentials_release(creds=%p)", 1, (creds)); grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; grpc_call_credentials_unref(&exec_ctx, creds); @@ -103,10 +103,10 @@ void grpc_call_credentials_release(grpc_call_credentials *creds) { } bool grpc_call_credentials_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, - grpc_polling_entity *pollent, grpc_auth_metadata_context context, - grpc_credentials_mdelem_array *md_array, grpc_closure *on_request_metadata, - grpc_error **error) { + grpc_exec_ctx* exec_ctx, grpc_call_credentials* creds, + grpc_polling_entity* pollent, grpc_auth_metadata_context context, + grpc_credentials_mdelem_array* md_array, grpc_closure* on_request_metadata, + grpc_error** error) { if (creds == NULL || creds->vtable->get_request_metadata == NULL) { return true; } @@ -115,8 +115,8 @@ bool grpc_call_credentials_get_request_metadata( } void grpc_call_credentials_cancel_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, - grpc_credentials_mdelem_array *md_array, grpc_error *error) { + grpc_exec_ctx* exec_ctx, grpc_call_credentials* creds, + grpc_credentials_mdelem_array* md_array, grpc_error* error) { if (creds == NULL || creds->vtable->cancel_get_request_metadata == NULL) { return; } @@ -124,9 +124,9 @@ void grpc_call_credentials_cancel_get_request_metadata( } grpc_security_status grpc_channel_credentials_create_security_connector( - grpc_exec_ctx *exec_ctx, grpc_channel_credentials *channel_creds, - const char *target, const grpc_channel_args *args, - grpc_channel_security_connector **sc, grpc_channel_args **new_args) { + grpc_exec_ctx* exec_ctx, grpc_channel_credentials* channel_creds, + const char* target, const grpc_channel_args* args, + grpc_channel_security_connector** sc, grpc_channel_args** new_args) { *new_args = NULL; if (channel_creds == NULL) { return GRPC_SECURITY_ERROR; @@ -136,9 +136,9 @@ grpc_security_status grpc_channel_credentials_create_security_connector( exec_ctx, channel_creds, NULL, target, args, sc, new_args); } -grpc_channel_credentials * +grpc_channel_credentials* grpc_channel_credentials_duplicate_without_call_credentials( - grpc_channel_credentials *channel_creds) { + grpc_channel_credentials* channel_creds) { if (channel_creds != NULL && channel_creds->vtable != NULL && channel_creds->vtable->duplicate_without_call_credentials != NULL) { return channel_creds->vtable->duplicate_without_call_credentials( @@ -148,59 +148,59 @@ grpc_channel_credentials_duplicate_without_call_credentials( } } -static void credentials_pointer_arg_destroy(grpc_exec_ctx *exec_ctx, void *p) { - grpc_channel_credentials_unref(exec_ctx, (grpc_channel_credentials *)p); +static void credentials_pointer_arg_destroy(grpc_exec_ctx* exec_ctx, void* p) { + grpc_channel_credentials_unref(exec_ctx, (grpc_channel_credentials*)p); } -static void *credentials_pointer_arg_copy(void *p) { - return grpc_channel_credentials_ref((grpc_channel_credentials *)p); +static void* credentials_pointer_arg_copy(void* p) { + return grpc_channel_credentials_ref((grpc_channel_credentials*)p); } -static int credentials_pointer_cmp(void *a, void *b) { return GPR_ICMP(a, b); } +static int credentials_pointer_cmp(void* a, void* b) { return GPR_ICMP(a, b); } static const grpc_arg_pointer_vtable credentials_pointer_vtable = { credentials_pointer_arg_copy, credentials_pointer_arg_destroy, credentials_pointer_cmp}; grpc_arg grpc_channel_credentials_to_arg( - grpc_channel_credentials *credentials) { - return grpc_channel_arg_pointer_create((char *)GRPC_ARG_CHANNEL_CREDENTIALS, + grpc_channel_credentials* credentials) { + return grpc_channel_arg_pointer_create((char*)GRPC_ARG_CHANNEL_CREDENTIALS, credentials, &credentials_pointer_vtable); } -grpc_channel_credentials *grpc_channel_credentials_from_arg( - const grpc_arg *arg) { +grpc_channel_credentials* grpc_channel_credentials_from_arg( + const grpc_arg* arg) { if (strcmp(arg->key, GRPC_ARG_CHANNEL_CREDENTIALS)) return NULL; if (arg->type != GRPC_ARG_POINTER) { gpr_log(GPR_ERROR, "Invalid type %d for arg %s", arg->type, GRPC_ARG_CHANNEL_CREDENTIALS); return NULL; } - return (grpc_channel_credentials *)arg->value.pointer.p; + return (grpc_channel_credentials*)arg->value.pointer.p; } -grpc_channel_credentials *grpc_channel_credentials_find_in_args( - const grpc_channel_args *args) { +grpc_channel_credentials* grpc_channel_credentials_find_in_args( + const grpc_channel_args* args) { size_t i; if (args == NULL) return NULL; for (i = 0; i < args->num_args; i++) { - grpc_channel_credentials *credentials = + grpc_channel_credentials* credentials = grpc_channel_credentials_from_arg(&args->args[i]); if (credentials != NULL) return credentials; } return NULL; } -grpc_server_credentials *grpc_server_credentials_ref( - grpc_server_credentials *creds) { +grpc_server_credentials* grpc_server_credentials_ref( + grpc_server_credentials* creds) { if (creds == NULL) return NULL; gpr_ref(&creds->refcount); return creds; } -void grpc_server_credentials_unref(grpc_exec_ctx *exec_ctx, - grpc_server_credentials *creds) { +void grpc_server_credentials_unref(grpc_exec_ctx* exec_ctx, + grpc_server_credentials* creds) { if (creds == NULL) return; if (gpr_unref(&creds->refcount)) { if (creds->vtable->destruct != NULL) { @@ -213,7 +213,7 @@ void grpc_server_credentials_unref(grpc_exec_ctx *exec_ctx, } } -void grpc_server_credentials_release(grpc_server_credentials *creds) { +void grpc_server_credentials_release(grpc_server_credentials* creds) { GRPC_API_TRACE("grpc_server_credentials_release(creds=%p)", 1, (creds)); grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; grpc_server_credentials_unref(&exec_ctx, creds); @@ -221,8 +221,8 @@ void grpc_server_credentials_release(grpc_server_credentials *creds) { } grpc_security_status grpc_server_credentials_create_security_connector( - grpc_exec_ctx *exec_ctx, grpc_server_credentials *creds, - grpc_server_security_connector **sc) { + grpc_exec_ctx* exec_ctx, grpc_server_credentials* creds, + grpc_server_security_connector** sc) { if (creds == NULL || creds->vtable->create_security_connector == NULL) { gpr_log(GPR_ERROR, "Server credentials cannot create security context."); return GRPC_SECURITY_ERROR; @@ -231,12 +231,12 @@ grpc_security_status grpc_server_credentials_create_security_connector( } void grpc_server_credentials_set_auth_metadata_processor( - grpc_server_credentials *creds, grpc_auth_metadata_processor processor) { + grpc_server_credentials* creds, grpc_auth_metadata_processor processor) { GRPC_API_TRACE( "grpc_server_credentials_set_auth_metadata_processor(" "creds=%p, " "processor=grpc_auth_metadata_processor { process: %p, state: %p })", - 3, (creds, (void *)(intptr_t)processor.process, processor.state)); + 3, (creds, (void*)(intptr_t)processor.process, processor.state)); if (creds == NULL) return; if (creds->processor.destroy != NULL && creds->processor.state != NULL) { creds->processor.destroy(creds->processor.state); @@ -244,16 +244,16 @@ void grpc_server_credentials_set_auth_metadata_processor( creds->processor = processor; } -static void server_credentials_pointer_arg_destroy(grpc_exec_ctx *exec_ctx, - void *p) { - grpc_server_credentials_unref(exec_ctx, (grpc_server_credentials *)p); +static void server_credentials_pointer_arg_destroy(grpc_exec_ctx* exec_ctx, + void* p) { + grpc_server_credentials_unref(exec_ctx, (grpc_server_credentials*)p); } -static void *server_credentials_pointer_arg_copy(void *p) { - return grpc_server_credentials_ref((grpc_server_credentials *)p); +static void* server_credentials_pointer_arg_copy(void* p) { + return grpc_server_credentials_ref((grpc_server_credentials*)p); } -static int server_credentials_pointer_cmp(void *a, void *b) { +static int server_credentials_pointer_cmp(void* a, void* b) { return GPR_ICMP(a, b); } @@ -261,27 +261,27 @@ static const grpc_arg_pointer_vtable cred_ptr_vtable = { server_credentials_pointer_arg_copy, server_credentials_pointer_arg_destroy, server_credentials_pointer_cmp}; -grpc_arg grpc_server_credentials_to_arg(grpc_server_credentials *p) { - return grpc_channel_arg_pointer_create((char *)GRPC_SERVER_CREDENTIALS_ARG, p, +grpc_arg grpc_server_credentials_to_arg(grpc_server_credentials* p) { + return grpc_channel_arg_pointer_create((char*)GRPC_SERVER_CREDENTIALS_ARG, p, &cred_ptr_vtable); } -grpc_server_credentials *grpc_server_credentials_from_arg(const grpc_arg *arg) { +grpc_server_credentials* grpc_server_credentials_from_arg(const grpc_arg* arg) { if (strcmp(arg->key, GRPC_SERVER_CREDENTIALS_ARG) != 0) return NULL; if (arg->type != GRPC_ARG_POINTER) { gpr_log(GPR_ERROR, "Invalid type %d for arg %s", arg->type, GRPC_SERVER_CREDENTIALS_ARG); return NULL; } - return (grpc_server_credentials *)arg->value.pointer.p; + return (grpc_server_credentials*)arg->value.pointer.p; } -grpc_server_credentials *grpc_find_server_credentials_in_args( - const grpc_channel_args *args) { +grpc_server_credentials* grpc_find_server_credentials_in_args( + const grpc_channel_args* args) { size_t i; if (args == NULL) return NULL; for (i = 0; i < args->num_args; i++) { - grpc_server_credentials *p = + grpc_server_credentials* p = grpc_server_credentials_from_arg(&args->args[i]); if (p != NULL) return p; } diff --git a/src/core/lib/security/credentials/credentials.h b/src/core/lib/security/credentials/credentials.h index 73e39ae039..c65b9660ea 100644 --- a/src/core/lib/security/credentials/credentials.h +++ b/src/core/lib/security/credentials/credentials.h @@ -77,13 +77,13 @@ typedef enum { /* --- Google utils --- */ /* It is the caller's responsibility to gpr_free the result if not NULL. */ -char *grpc_get_well_known_google_credentials_file_path(void); +char* grpc_get_well_known_google_credentials_file_path(void); /* Implementation function for the different platforms. */ -char *grpc_get_well_known_google_credentials_file_path_impl(void); +char* grpc_get_well_known_google_credentials_file_path_impl(void); /* Override for testing only. Not thread-safe */ -typedef char *(*grpc_well_known_credentials_path_getter)(void); +typedef char* (*grpc_well_known_credentials_path_getter)(void); void grpc_override_well_known_credentials_path_getter( grpc_well_known_credentials_path_getter getter); @@ -92,169 +92,169 @@ void grpc_override_well_known_credentials_path_getter( #define GRPC_ARG_CHANNEL_CREDENTIALS "grpc.channel_credentials" typedef struct { - void (*destruct)(grpc_exec_ctx *exec_ctx, grpc_channel_credentials *c); + void (*destruct)(grpc_exec_ctx* exec_ctx, grpc_channel_credentials* c); grpc_security_status (*create_security_connector)( - grpc_exec_ctx *exec_ctx, grpc_channel_credentials *c, - grpc_call_credentials *call_creds, const char *target, - const grpc_channel_args *args, grpc_channel_security_connector **sc, - grpc_channel_args **new_args); + grpc_exec_ctx* exec_ctx, grpc_channel_credentials* c, + grpc_call_credentials* call_creds, const char* target, + const grpc_channel_args* args, grpc_channel_security_connector** sc, + grpc_channel_args** new_args); - grpc_channel_credentials *(*duplicate_without_call_credentials)( - grpc_channel_credentials *c); + grpc_channel_credentials* (*duplicate_without_call_credentials)( + grpc_channel_credentials* c); } grpc_channel_credentials_vtable; struct grpc_channel_credentials { - const grpc_channel_credentials_vtable *vtable; - const char *type; + const grpc_channel_credentials_vtable* vtable; + const char* type; gpr_refcount refcount; }; -grpc_channel_credentials *grpc_channel_credentials_ref( - grpc_channel_credentials *creds); -void grpc_channel_credentials_unref(grpc_exec_ctx *exec_ctx, - grpc_channel_credentials *creds); +grpc_channel_credentials* grpc_channel_credentials_ref( + grpc_channel_credentials* creds); +void grpc_channel_credentials_unref(grpc_exec_ctx* exec_ctx, + grpc_channel_credentials* creds); /* Creates a security connector for the channel. May also create new channel args for the channel to be used in place of the passed in const args if returned non NULL. In that case the caller is responsible for destroying new_args after channel creation. */ grpc_security_status grpc_channel_credentials_create_security_connector( - grpc_exec_ctx *exec_ctx, grpc_channel_credentials *creds, - const char *target, const grpc_channel_args *args, - grpc_channel_security_connector **sc, grpc_channel_args **new_args); + grpc_exec_ctx* exec_ctx, grpc_channel_credentials* creds, + const char* target, const grpc_channel_args* args, + grpc_channel_security_connector** sc, grpc_channel_args** new_args); /* Creates a version of the channel credentials without any attached call credentials. This can be used in order to open a channel to a non-trusted gRPC load balancer. */ -grpc_channel_credentials * +grpc_channel_credentials* grpc_channel_credentials_duplicate_without_call_credentials( - grpc_channel_credentials *creds); + grpc_channel_credentials* creds); /* Util to encapsulate the channel credentials in a channel arg. */ -grpc_arg grpc_channel_credentials_to_arg(grpc_channel_credentials *credentials); +grpc_arg grpc_channel_credentials_to_arg(grpc_channel_credentials* credentials); /* Util to get the channel credentials from a channel arg. */ -grpc_channel_credentials *grpc_channel_credentials_from_arg( - const grpc_arg *arg); +grpc_channel_credentials* grpc_channel_credentials_from_arg( + const grpc_arg* arg); /* Util to find the channel credentials from channel args. */ -grpc_channel_credentials *grpc_channel_credentials_find_in_args( - const grpc_channel_args *args); +grpc_channel_credentials* grpc_channel_credentials_find_in_args( + const grpc_channel_args* args); /* --- grpc_credentials_mdelem_array. --- */ typedef struct { - grpc_mdelem *md; + grpc_mdelem* md; size_t size; } grpc_credentials_mdelem_array; /// Takes a new ref to \a md. -void grpc_credentials_mdelem_array_add(grpc_credentials_mdelem_array *list, +void grpc_credentials_mdelem_array_add(grpc_credentials_mdelem_array* list, grpc_mdelem md); /// Appends all elements from \a src to \a dst, taking a new ref to each one. -void grpc_credentials_mdelem_array_append(grpc_credentials_mdelem_array *dst, - grpc_credentials_mdelem_array *src); +void grpc_credentials_mdelem_array_append(grpc_credentials_mdelem_array* dst, + grpc_credentials_mdelem_array* src); -void grpc_credentials_mdelem_array_destroy(grpc_exec_ctx *exec_ctx, - grpc_credentials_mdelem_array *list); +void grpc_credentials_mdelem_array_destroy(grpc_exec_ctx* exec_ctx, + grpc_credentials_mdelem_array* list); /* --- grpc_call_credentials. --- */ typedef struct { - void (*destruct)(grpc_exec_ctx *exec_ctx, grpc_call_credentials *c); - bool (*get_request_metadata)(grpc_exec_ctx *exec_ctx, - grpc_call_credentials *c, - grpc_polling_entity *pollent, + void (*destruct)(grpc_exec_ctx* exec_ctx, grpc_call_credentials* c); + bool (*get_request_metadata)(grpc_exec_ctx* exec_ctx, + grpc_call_credentials* c, + grpc_polling_entity* pollent, grpc_auth_metadata_context context, - grpc_credentials_mdelem_array *md_array, - grpc_closure *on_request_metadata, - grpc_error **error); - void (*cancel_get_request_metadata)(grpc_exec_ctx *exec_ctx, - grpc_call_credentials *c, - grpc_credentials_mdelem_array *md_array, - grpc_error *error); + grpc_credentials_mdelem_array* md_array, + grpc_closure* on_request_metadata, + grpc_error** error); + void (*cancel_get_request_metadata)(grpc_exec_ctx* exec_ctx, + grpc_call_credentials* c, + grpc_credentials_mdelem_array* md_array, + grpc_error* error); } grpc_call_credentials_vtable; struct grpc_call_credentials { - const grpc_call_credentials_vtable *vtable; - const char *type; + const grpc_call_credentials_vtable* vtable; + const char* type; gpr_refcount refcount; }; -grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds); -void grpc_call_credentials_unref(grpc_exec_ctx *exec_ctx, - grpc_call_credentials *creds); +grpc_call_credentials* grpc_call_credentials_ref(grpc_call_credentials* creds); +void grpc_call_credentials_unref(grpc_exec_ctx* exec_ctx, + grpc_call_credentials* creds); /// Returns true if completed synchronously, in which case \a error will /// be set to indicate the result. Otherwise, \a on_request_metadata will /// be invoked asynchronously when complete. \a md_array will be populated /// with the resulting metadata once complete. bool grpc_call_credentials_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, - grpc_polling_entity *pollent, grpc_auth_metadata_context context, - grpc_credentials_mdelem_array *md_array, grpc_closure *on_request_metadata, - grpc_error **error); + grpc_exec_ctx* exec_ctx, grpc_call_credentials* creds, + grpc_polling_entity* pollent, grpc_auth_metadata_context context, + grpc_credentials_mdelem_array* md_array, grpc_closure* on_request_metadata, + grpc_error** error); /// Cancels a pending asynchronous operation started by /// grpc_call_credentials_get_request_metadata() with the corresponding /// value of \a md_array. void grpc_call_credentials_cancel_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *c, - grpc_credentials_mdelem_array *md_array, grpc_error *error); + grpc_exec_ctx* exec_ctx, grpc_call_credentials* c, + grpc_credentials_mdelem_array* md_array, grpc_error* error); /* Metadata-only credentials with the specified key and value where asynchronicity can be simulated for testing. */ -grpc_call_credentials *grpc_md_only_test_credentials_create( - grpc_exec_ctx *exec_ctx, const char *md_key, const char *md_value, +grpc_call_credentials* grpc_md_only_test_credentials_create( + grpc_exec_ctx* exec_ctx, const char* md_key, const char* md_value, bool is_async); /* --- grpc_server_credentials. --- */ typedef struct { - void (*destruct)(grpc_exec_ctx *exec_ctx, grpc_server_credentials *c); + void (*destruct)(grpc_exec_ctx* exec_ctx, grpc_server_credentials* c); grpc_security_status (*create_security_connector)( - grpc_exec_ctx *exec_ctx, grpc_server_credentials *c, - grpc_server_security_connector **sc); + grpc_exec_ctx* exec_ctx, grpc_server_credentials* c, + grpc_server_security_connector** sc); } grpc_server_credentials_vtable; struct grpc_server_credentials { - const grpc_server_credentials_vtable *vtable; - const char *type; + const grpc_server_credentials_vtable* vtable; + const char* type; gpr_refcount refcount; grpc_auth_metadata_processor processor; }; grpc_security_status grpc_server_credentials_create_security_connector( - grpc_exec_ctx *exec_ctx, grpc_server_credentials *creds, - grpc_server_security_connector **sc); + grpc_exec_ctx* exec_ctx, grpc_server_credentials* creds, + grpc_server_security_connector** sc); -grpc_server_credentials *grpc_server_credentials_ref( - grpc_server_credentials *creds); +grpc_server_credentials* grpc_server_credentials_ref( + grpc_server_credentials* creds); -void grpc_server_credentials_unref(grpc_exec_ctx *exec_ctx, - grpc_server_credentials *creds); +void grpc_server_credentials_unref(grpc_exec_ctx* exec_ctx, + grpc_server_credentials* creds); #define GRPC_SERVER_CREDENTIALS_ARG "grpc.server_credentials" -grpc_arg grpc_server_credentials_to_arg(grpc_server_credentials *c); -grpc_server_credentials *grpc_server_credentials_from_arg(const grpc_arg *arg); -grpc_server_credentials *grpc_find_server_credentials_in_args( - const grpc_channel_args *args); +grpc_arg grpc_server_credentials_to_arg(grpc_server_credentials* c); +grpc_server_credentials* grpc_server_credentials_from_arg(const grpc_arg* arg); +grpc_server_credentials* grpc_find_server_credentials_in_args( + const grpc_channel_args* args); /* -- Credentials Metadata Request. -- */ typedef struct { - grpc_call_credentials *creds; + grpc_call_credentials* creds; grpc_http_response response; } grpc_credentials_metadata_request; -grpc_credentials_metadata_request *grpc_credentials_metadata_request_create( - grpc_call_credentials *creds); +grpc_credentials_metadata_request* grpc_credentials_metadata_request_create( + grpc_call_credentials* creds); void grpc_credentials_metadata_request_destroy( - grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *r); + grpc_exec_ctx* exec_ctx, grpc_credentials_metadata_request* r); #ifdef __cplusplus } diff --git a/src/core/lib/security/credentials/credentials_metadata.cc b/src/core/lib/security/credentials/credentials_metadata.cc index 5ba98bda4e..a3623fa1d6 100644 --- a/src/core/lib/security/credentials/credentials_metadata.cc +++ b/src/core/lib/security/credentials/credentials_metadata.cc @@ -24,7 +24,7 @@ #include "src/core/lib/slice/slice_internal.h" -static void mdelem_list_ensure_capacity(grpc_credentials_mdelem_array *list, +static void mdelem_list_ensure_capacity(grpc_credentials_mdelem_array* list, size_t additional_space_needed) { size_t target_size = list->size + additional_space_needed; // Find the next power of two greater than the target size (i.e., @@ -34,17 +34,17 @@ static void mdelem_list_ensure_capacity(grpc_credentials_mdelem_array *list, new_size *= 2; } list->md = - (grpc_mdelem *)gpr_realloc(list->md, sizeof(grpc_mdelem) * new_size); + (grpc_mdelem*)gpr_realloc(list->md, sizeof(grpc_mdelem) * new_size); } -void grpc_credentials_mdelem_array_add(grpc_credentials_mdelem_array *list, +void grpc_credentials_mdelem_array_add(grpc_credentials_mdelem_array* list, grpc_mdelem md) { mdelem_list_ensure_capacity(list, 1); list->md[list->size++] = GRPC_MDELEM_REF(md); } -void grpc_credentials_mdelem_array_append(grpc_credentials_mdelem_array *dst, - grpc_credentials_mdelem_array *src) { +void grpc_credentials_mdelem_array_append(grpc_credentials_mdelem_array* dst, + grpc_credentials_mdelem_array* src) { mdelem_list_ensure_capacity(dst, src->size); for (size_t i = 0; i < src->size; ++i) { dst->md[dst->size++] = GRPC_MDELEM_REF(src->md[i]); @@ -52,7 +52,7 @@ void grpc_credentials_mdelem_array_append(grpc_credentials_mdelem_array *dst, } void grpc_credentials_mdelem_array_destroy( - grpc_exec_ctx *exec_ctx, grpc_credentials_mdelem_array *list) { + grpc_exec_ctx* exec_ctx, grpc_credentials_mdelem_array* list) { for (size_t i = 0; i < list->size; ++i) { GRPC_MDELEM_UNREF(exec_ctx, list->md[i]); } diff --git a/src/core/lib/security/credentials/fake/fake_credentials.cc b/src/core/lib/security/credentials/fake/fake_credentials.cc index cf10bf24c8..17700f5651 100644 --- a/src/core/lib/security/credentials/fake/fake_credentials.cc +++ b/src/core/lib/security/credentials/fake/fake_credentials.cc @@ -34,10 +34,10 @@ "grpc.fake_security.expected_targets" static grpc_security_status fake_transport_security_create_security_connector( - grpc_exec_ctx *exec_ctx, grpc_channel_credentials *c, - grpc_call_credentials *call_creds, const char *target, - const grpc_channel_args *args, grpc_channel_security_connector **sc, - grpc_channel_args **new_args) { + grpc_exec_ctx* exec_ctx, grpc_channel_credentials* c, + grpc_call_credentials* call_creds, const char* target, + const grpc_channel_args* args, grpc_channel_security_connector** sc, + grpc_channel_args** new_args) { *sc = grpc_fake_channel_security_connector_create(c, call_creds, target, args); return GRPC_SECURITY_OK; @@ -45,8 +45,8 @@ static grpc_security_status fake_transport_security_create_security_connector( static grpc_security_status fake_transport_security_server_create_security_connector( - grpc_exec_ctx *exec_ctx, grpc_server_credentials *c, - grpc_server_security_connector **sc) { + grpc_exec_ctx* exec_ctx, grpc_server_credentials* c, + grpc_server_security_connector** sc) { *sc = grpc_fake_server_security_connector_create(c); return GRPC_SECURITY_OK; } @@ -59,20 +59,20 @@ static grpc_server_credentials_vtable fake_transport_security_server_credentials_vtable = { NULL, fake_transport_security_server_create_security_connector}; -grpc_channel_credentials *grpc_fake_transport_security_credentials_create( +grpc_channel_credentials* grpc_fake_transport_security_credentials_create( void) { - grpc_channel_credentials *c = - (grpc_channel_credentials *)gpr_zalloc(sizeof(grpc_channel_credentials)); + grpc_channel_credentials* c = + (grpc_channel_credentials*)gpr_zalloc(sizeof(grpc_channel_credentials)); c->type = GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY; c->vtable = &fake_transport_security_credentials_vtable; gpr_ref_init(&c->refcount, 1); return c; } -grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( +grpc_server_credentials* grpc_fake_transport_security_server_credentials_create( void) { - grpc_server_credentials *c = - (grpc_server_credentials *)gpr_malloc(sizeof(grpc_server_credentials)); + grpc_server_credentials* c = + (grpc_server_credentials*)gpr_malloc(sizeof(grpc_server_credentials)); memset(c, 0, sizeof(grpc_server_credentials)); c->type = GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY; gpr_ref_init(&c->refcount, 1); @@ -80,14 +80,14 @@ grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( return c; } -grpc_arg grpc_fake_transport_expected_targets_arg(char *expected_targets) { +grpc_arg grpc_fake_transport_expected_targets_arg(char* expected_targets) { return grpc_channel_arg_string_create( - (char *)GRPC_ARG_FAKE_SECURITY_EXPECTED_TARGETS, expected_targets); + (char*)GRPC_ARG_FAKE_SECURITY_EXPECTED_TARGETS, expected_targets); } -const char *grpc_fake_transport_get_expected_targets( - const grpc_channel_args *args) { - const grpc_arg *expected_target_arg = +const char* grpc_fake_transport_get_expected_targets( + const grpc_channel_args* args) { + const grpc_arg* expected_target_arg = grpc_channel_args_find(args, GRPC_ARG_FAKE_SECURITY_EXPECTED_TARGETS); if (expected_target_arg != NULL && expected_target_arg->type == GRPC_ARG_STRING) { @@ -98,18 +98,18 @@ const char *grpc_fake_transport_get_expected_targets( /* -- Metadata-only test credentials. -- */ -static void md_only_test_destruct(grpc_exec_ctx *exec_ctx, - grpc_call_credentials *creds) { - grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds; +static void md_only_test_destruct(grpc_exec_ctx* exec_ctx, + grpc_call_credentials* creds) { + grpc_md_only_test_credentials* c = (grpc_md_only_test_credentials*)creds; GRPC_MDELEM_UNREF(exec_ctx, c->md); } static bool md_only_test_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, - grpc_polling_entity *pollent, grpc_auth_metadata_context context, - grpc_credentials_mdelem_array *md_array, grpc_closure *on_request_metadata, - grpc_error **error) { - grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds; + grpc_exec_ctx* exec_ctx, grpc_call_credentials* creds, + grpc_polling_entity* pollent, grpc_auth_metadata_context context, + grpc_credentials_mdelem_array* md_array, grpc_closure* on_request_metadata, + grpc_error** error) { + grpc_md_only_test_credentials* c = (grpc_md_only_test_credentials*)creds; grpc_credentials_mdelem_array_add(md_array, c->md); if (c->is_async) { GRPC_CLOSURE_SCHED(exec_ctx, on_request_metadata, GRPC_ERROR_NONE); @@ -119,8 +119,8 @@ static bool md_only_test_get_request_metadata( } static void md_only_test_cancel_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *c, - grpc_credentials_mdelem_array *md_array, grpc_error *error) { + grpc_exec_ctx* exec_ctx, grpc_call_credentials* c, + grpc_credentials_mdelem_array* md_array, grpc_error* error) { GRPC_ERROR_UNREF(error); } @@ -128,12 +128,11 @@ static grpc_call_credentials_vtable md_only_test_vtable = { md_only_test_destruct, md_only_test_get_request_metadata, md_only_test_cancel_get_request_metadata}; -grpc_call_credentials *grpc_md_only_test_credentials_create( - grpc_exec_ctx *exec_ctx, const char *md_key, const char *md_value, +grpc_call_credentials* grpc_md_only_test_credentials_create( + grpc_exec_ctx* exec_ctx, const char* md_key, const char* md_value, bool is_async) { - grpc_md_only_test_credentials *c = - (grpc_md_only_test_credentials *)gpr_zalloc( - sizeof(grpc_md_only_test_credentials)); + grpc_md_only_test_credentials* c = (grpc_md_only_test_credentials*)gpr_zalloc( + sizeof(grpc_md_only_test_credentials)); c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2; c->base.vtable = &md_only_test_vtable; gpr_ref_init(&c->base.refcount, 1); diff --git a/src/core/lib/security/credentials/fake/fake_credentials.h b/src/core/lib/security/credentials/fake/fake_credentials.h index ed3f893c58..b8b58cc8fd 100644 --- a/src/core/lib/security/credentials/fake/fake_credentials.h +++ b/src/core/lib/security/credentials/fake/fake_credentials.h @@ -28,10 +28,10 @@ extern "C" { /* -- Fake transport security credentials. -- */ /* Creates a fake transport security credentials object for testing. */ -grpc_channel_credentials *grpc_fake_transport_security_credentials_create(void); +grpc_channel_credentials* grpc_fake_transport_security_credentials_create(void); /* Creates a fake server transport security credentials object for testing. */ -grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( +grpc_server_credentials* grpc_fake_transport_security_server_credentials_create( void); /* Used to verify the target names given to the fake transport security @@ -46,11 +46,11 @@ grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( * That is to say, LB channels have a heading list of LB targets separated from * the list of backend targets by a semicolon. For non-LB channels, only the * latter is present. */ -grpc_arg grpc_fake_transport_expected_targets_arg(char *expected_targets); +grpc_arg grpc_fake_transport_expected_targets_arg(char* expected_targets); /* Return the value associated with the expected targets channel arg or NULL */ -const char *grpc_fake_transport_get_expected_targets( - const grpc_channel_args *args); +const char* grpc_fake_transport_get_expected_targets( + const grpc_channel_args* args); /* -- Metadata-only Test credentials. -- */ diff --git a/src/core/lib/security/credentials/google_default/credentials_generic.cc b/src/core/lib/security/credentials/google_default/credentials_generic.cc index 4f79718f3d..c2a336ff07 100644 --- a/src/core/lib/security/credentials/google_default/credentials_generic.cc +++ b/src/core/lib/security/credentials/google_default/credentials_generic.cc @@ -25,9 +25,9 @@ #include "src/core/lib/support/env.h" #include "src/core/lib/support/string.h" -char *grpc_get_well_known_google_credentials_file_path_impl(void) { - char *result = NULL; - char *base = gpr_getenv(GRPC_GOOGLE_CREDENTIALS_PATH_ENV_VAR); +char* grpc_get_well_known_google_credentials_file_path_impl(void) { + char* result = NULL; + char* base = gpr_getenv(GRPC_GOOGLE_CREDENTIALS_PATH_ENV_VAR); if (base == NULL) { gpr_log(GPR_ERROR, "Could not get " GRPC_GOOGLE_CREDENTIALS_ENV_VAR " environment variable."); diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index 5b2ddceb4a..3ce19e9a05 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -43,10 +43,10 @@ /* -- Default credentials. -- */ -static grpc_channel_credentials *default_credentials = NULL; +static grpc_channel_credentials* default_credentials = NULL; static int compute_engine_detection_done = 0; static gpr_mu g_state_mu; -static gpr_mu *g_polling_mu; +static gpr_mu* g_polling_mu; static gpr_once g_once = GPR_ONCE_INIT; static void init_default_credentials(void) { gpr_mu_init(&g_state_mu); } @@ -58,17 +58,17 @@ typedef struct { grpc_http_response response; } compute_engine_detector; -static void on_compute_engine_detection_http_response(grpc_exec_ctx *exec_ctx, - void *user_data, - grpc_error *error) { - compute_engine_detector *detector = (compute_engine_detector *)user_data; +static void on_compute_engine_detection_http_response(grpc_exec_ctx* exec_ctx, + void* user_data, + grpc_error* error) { + compute_engine_detector* detector = (compute_engine_detector*)user_data; if (error == GRPC_ERROR_NONE && detector->response.status == 200 && detector->response.hdr_count > 0) { /* Internet providers can return a generic response to all requests, so it is necessary to check that metadata header is present also. */ size_t i; for (i = 0; i < detector->response.hdr_count; i++) { - grpc_http_header *header = &detector->response.hdrs[i]; + grpc_http_header* header = &detector->response.hdrs[i]; if (strcmp(header->key, "Metadata-Flavor") == 0 && strcmp(header->value, "Google") == 0) { detector->success = 1; @@ -85,11 +85,11 @@ static void on_compute_engine_detection_http_response(grpc_exec_ctx *exec_ctx, gpr_mu_unlock(g_polling_mu); } -static void destroy_pollset(grpc_exec_ctx *exec_ctx, void *p, grpc_error *e) { - grpc_pollset_destroy(exec_ctx, (grpc_pollset *)p); +static void destroy_pollset(grpc_exec_ctx* exec_ctx, void* p, grpc_error* e) { + grpc_pollset_destroy(exec_ctx, (grpc_pollset*)p); } -static int is_stack_running_on_compute_engine(grpc_exec_ctx *exec_ctx) { +static int is_stack_running_on_compute_engine(grpc_exec_ctx* exec_ctx) { compute_engine_detector detector; grpc_httpcli_request request; grpc_httpcli_context context; @@ -99,7 +99,7 @@ static int is_stack_running_on_compute_engine(grpc_exec_ctx *exec_ctx) { on compute engine. */ grpc_millis max_detection_delay = GPR_MS_PER_SEC; - grpc_pollset *pollset = (grpc_pollset *)gpr_zalloc(grpc_pollset_size()); + grpc_pollset* pollset = (grpc_pollset*)gpr_zalloc(grpc_pollset_size()); grpc_pollset_init(pollset, &g_polling_mu); detector.pollent = grpc_polling_entity_create_from_pollset(pollset); detector.is_done = 0; @@ -107,12 +107,12 @@ static int is_stack_running_on_compute_engine(grpc_exec_ctx *exec_ctx) { memset(&detector.response, 0, sizeof(detector.response)); memset(&request, 0, sizeof(grpc_httpcli_request)); - request.host = (char *)GRPC_COMPUTE_ENGINE_DETECTION_HOST; - request.http.path = (char *)"/"; + request.host = (char*)GRPC_COMPUTE_ENGINE_DETECTION_HOST; + request.http.path = (char*)"/"; grpc_httpcli_context_init(&context); - grpc_resource_quota *resource_quota = + grpc_resource_quota* resource_quota = grpc_resource_quota_create("google_default_credentials"); grpc_httpcli_get( exec_ctx, &context, &detector.pollent, resource_quota, &request, @@ -128,7 +128,7 @@ static int is_stack_running_on_compute_engine(grpc_exec_ctx *exec_ctx) { called once for the lifetime of the process by the default credentials. */ gpr_mu_lock(g_polling_mu); while (!detector.is_done) { - grpc_pollset_worker *worker = NULL; + grpc_pollset_worker* worker = NULL; if (!GRPC_LOG_IF_ERROR( "pollset_work", grpc_pollset_work(exec_ctx, @@ -157,14 +157,14 @@ static int is_stack_running_on_compute_engine(grpc_exec_ctx *exec_ctx) { } /* Takes ownership of creds_path if not NULL. */ -static grpc_error *create_default_creds_from_path( - grpc_exec_ctx *exec_ctx, char *creds_path, grpc_call_credentials **creds) { - grpc_json *json = NULL; +static grpc_error* create_default_creds_from_path( + grpc_exec_ctx* exec_ctx, char* creds_path, grpc_call_credentials** creds) { + grpc_json* json = NULL; grpc_auth_json_key key; grpc_auth_refresh_token token; - grpc_call_credentials *result = NULL; + grpc_call_credentials* result = NULL; grpc_slice creds_data = grpc_empty_slice(); - grpc_error *error = GRPC_ERROR_NONE; + grpc_error* error = GRPC_ERROR_NONE; if (creds_path == NULL) { error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("creds_path unset"); goto end; @@ -174,7 +174,7 @@ static grpc_error *create_default_creds_from_path( goto end; } json = grpc_json_parse_string_with_len( - (char *)GRPC_SLICE_START_PTR(creds_data), GRPC_SLICE_LENGTH(creds_data)); + (char*)GRPC_SLICE_START_PTR(creds_data), GRPC_SLICE_LENGTH(creds_data)); if (json == NULL) { error = grpc_error_set_str( GRPC_ERROR_CREATE_FROM_STATIC_STRING("Failed to parse JSON"), @@ -218,12 +218,12 @@ end: return error; } -grpc_channel_credentials *grpc_google_default_credentials_create(void) { - grpc_channel_credentials *result = NULL; - grpc_call_credentials *call_creds = NULL; - grpc_error *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( +grpc_channel_credentials* grpc_google_default_credentials_create(void) { + grpc_channel_credentials* result = NULL; + grpc_call_credentials* call_creds = NULL; + grpc_error* error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( "Failed to create Google credentials"); - grpc_error *err; + grpc_error* err; grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; GRPC_API_TRACE("grpc_google_default_credentials_create(void)", 0, ()); @@ -272,7 +272,7 @@ end: /* Blend with default ssl credentials and add a global reference so that it can be cached and re-served. */ - grpc_channel_credentials *ssl_creds = + grpc_channel_credentials* ssl_creds = grpc_ssl_credentials_create(NULL, NULL, NULL); default_credentials = grpc_channel_credentials_ref( grpc_composite_channel_credentials_create(ssl_creds, call_creds, @@ -312,7 +312,7 @@ void grpc_flush_cached_google_default_credentials(void) { static grpc_well_known_credentials_path_getter creds_path_getter = NULL; -char *grpc_get_well_known_google_credentials_file_path(void) { +char* grpc_get_well_known_google_credentials_file_path(void) { if (creds_path_getter != NULL) return creds_path_getter(); return grpc_get_well_known_google_credentials_file_path_impl(); } diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.h b/src/core/lib/security/credentials/google_default/google_default_credentials.h index 66677873ca..a0f8dc954e 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.h +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.h @@ -50,4 +50,4 @@ void grpc_flush_cached_google_default_credentials(void); #endif #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_GOOGLE_DEFAULT_GOOGLE_DEFAULT_CREDENTIALS_H \ - */ + */ diff --git a/src/core/lib/security/credentials/iam/iam_credentials.cc b/src/core/lib/security/credentials/iam/iam_credentials.cc index e9cf208c16..7410294a20 100644 --- a/src/core/lib/security/credentials/iam/iam_credentials.cc +++ b/src/core/lib/security/credentials/iam/iam_credentials.cc @@ -27,35 +27,35 @@ #include <grpc/support/string_util.h> #include <grpc/support/sync.h> -static void iam_destruct(grpc_exec_ctx *exec_ctx, - grpc_call_credentials *creds) { - grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds; +static void iam_destruct(grpc_exec_ctx* exec_ctx, + grpc_call_credentials* creds) { + grpc_google_iam_credentials* c = (grpc_google_iam_credentials*)creds; grpc_credentials_mdelem_array_destroy(exec_ctx, &c->md_array); } -static bool iam_get_request_metadata(grpc_exec_ctx *exec_ctx, - grpc_call_credentials *creds, - grpc_polling_entity *pollent, +static bool iam_get_request_metadata(grpc_exec_ctx* exec_ctx, + grpc_call_credentials* creds, + grpc_polling_entity* pollent, grpc_auth_metadata_context context, - grpc_credentials_mdelem_array *md_array, - grpc_closure *on_request_metadata, - grpc_error **error) { - grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds; + grpc_credentials_mdelem_array* md_array, + grpc_closure* on_request_metadata, + grpc_error** error) { + grpc_google_iam_credentials* c = (grpc_google_iam_credentials*)creds; grpc_credentials_mdelem_array_append(md_array, &c->md_array); return true; } static void iam_cancel_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *c, - grpc_credentials_mdelem_array *md_array, grpc_error *error) { + grpc_exec_ctx* exec_ctx, grpc_call_credentials* c, + grpc_credentials_mdelem_array* md_array, grpc_error* error) { GRPC_ERROR_UNREF(error); } static grpc_call_credentials_vtable iam_vtable = { iam_destruct, iam_get_request_metadata, iam_cancel_get_request_metadata}; -grpc_call_credentials *grpc_google_iam_credentials_create( - const char *token, const char *authority_selector, void *reserved) { +grpc_call_credentials* grpc_google_iam_credentials_create( + const char* token, const char* authority_selector, void* reserved) { grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; GRPC_API_TRACE( "grpc_iam_credentials_create(token=%s, authority_selector=%s, " @@ -64,8 +64,8 @@ grpc_call_credentials *grpc_google_iam_credentials_create( GPR_ASSERT(reserved == NULL); GPR_ASSERT(token != NULL); GPR_ASSERT(authority_selector != NULL); - grpc_google_iam_credentials *c = - (grpc_google_iam_credentials *)gpr_zalloc(sizeof(*c)); + grpc_google_iam_credentials* c = + (grpc_google_iam_credentials*)gpr_zalloc(sizeof(*c)); c->base.type = GRPC_CALL_CREDENTIALS_TYPE_IAM; c->base.vtable = &iam_vtable; gpr_ref_init(&c->base.refcount, 1); diff --git a/src/core/lib/security/credentials/jwt/json_token.cc b/src/core/lib/security/credentials/jwt/json_token.cc index 8c30353470..e195ec7509 100644 --- a/src/core/lib/security/credentials/jwt/json_token.cc +++ b/src/core/lib/security/credentials/jwt/json_token.cc @@ -56,15 +56,15 @@ static grpc_jwt_encode_and_sign_override g_jwt_encode_and_sign_override = NULL; /* --- grpc_auth_json_key. --- */ -int grpc_auth_json_key_is_valid(const grpc_auth_json_key *json_key) { +int grpc_auth_json_key_is_valid(const grpc_auth_json_key* json_key) { return (json_key != NULL) && strcmp(json_key->type, GRPC_AUTH_JSON_TYPE_INVALID); } -grpc_auth_json_key grpc_auth_json_key_create_from_json(const grpc_json *json) { +grpc_auth_json_key grpc_auth_json_key_create_from_json(const grpc_json* json) { grpc_auth_json_key result; - BIO *bio = NULL; - const char *prop_value; + BIO* bio = NULL; + const char* prop_value; int success = 0; memset(&result, 0, sizeof(grpc_auth_json_key)); @@ -99,7 +99,7 @@ grpc_auth_json_key grpc_auth_json_key_create_from_json(const grpc_json *json) { gpr_log(GPR_ERROR, "Could not write into openssl BIO."); goto end; } - result.private_key = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, (void *)""); + result.private_key = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, (void*)""); if (result.private_key == NULL) { gpr_log(GPR_ERROR, "Could not deserialize private key."); goto end; @@ -113,16 +113,16 @@ end: } grpc_auth_json_key grpc_auth_json_key_create_from_string( - const char *json_string) { - char *scratchpad = gpr_strdup(json_string); - grpc_json *json = grpc_json_parse_string(scratchpad); + const char* json_string) { + char* scratchpad = gpr_strdup(json_string); + grpc_json* json = grpc_json_parse_string(scratchpad); grpc_auth_json_key result = grpc_auth_json_key_create_from_json(json); if (json != NULL) grpc_json_destroy(json); gpr_free(scratchpad); return result; } -void grpc_auth_json_key_destruct(grpc_auth_json_key *json_key) { +void grpc_auth_json_key_destruct(grpc_auth_json_key* json_key) { if (json_key == NULL) return; json_key->type = GRPC_AUTH_JSON_TYPE_INVALID; if (json_key->client_id != NULL) { @@ -145,10 +145,10 @@ void grpc_auth_json_key_destruct(grpc_auth_json_key *json_key) { /* --- jwt encoding and signature. --- */ -static grpc_json *create_child(grpc_json *brother, grpc_json *parent, - const char *key, const char *value, +static grpc_json* create_child(grpc_json* brother, grpc_json* parent, + const char* key, const char* value, grpc_json_type type) { - grpc_json *child = grpc_json_create(type); + grpc_json* child = grpc_json_create(type); if (brother) brother->next = child; if (!parent->child) parent->child = child; child->parent = parent; @@ -157,11 +157,11 @@ static grpc_json *create_child(grpc_json *brother, grpc_json *parent, return child; } -static char *encoded_jwt_header(const char *key_id, const char *algorithm) { - grpc_json *json = grpc_json_create(GRPC_JSON_OBJECT); - grpc_json *child = NULL; - char *json_str = NULL; - char *result = NULL; +static char* encoded_jwt_header(const char* key_id, const char* algorithm) { + grpc_json* json = grpc_json_create(GRPC_JSON_OBJECT); + grpc_json* child = NULL; + char* json_str = NULL; + char* result = NULL; child = create_child(NULL, json, "alg", algorithm, GRPC_JSON_STRING); child = create_child(child, json, "typ", GRPC_JWT_TYPE, GRPC_JSON_STRING); @@ -174,13 +174,13 @@ static char *encoded_jwt_header(const char *key_id, const char *algorithm) { return result; } -static char *encoded_jwt_claim(const grpc_auth_json_key *json_key, - const char *audience, - gpr_timespec token_lifetime, const char *scope) { - grpc_json *json = grpc_json_create(GRPC_JSON_OBJECT); - grpc_json *child = NULL; - char *json_str = NULL; - char *result = NULL; +static char* encoded_jwt_claim(const grpc_auth_json_key* json_key, + const char* audience, + gpr_timespec token_lifetime, const char* scope) { + grpc_json* json = grpc_json_create(GRPC_JSON_OBJECT); + grpc_json* child = NULL; + char* json_str = NULL; + char* result = NULL; gpr_timespec now = gpr_now(GPR_CLOCK_REALTIME); gpr_timespec expiration = gpr_time_add(now, token_lifetime); char now_str[GPR_LTOA_MIN_BUFSIZE]; @@ -213,12 +213,12 @@ static char *encoded_jwt_claim(const grpc_auth_json_key *json_key, return result; } -static char *dot_concat_and_free_strings(char *str1, char *str2) { +static char* dot_concat_and_free_strings(char* str1, char* str2) { size_t str1_len = strlen(str1); size_t str2_len = strlen(str2); size_t result_len = str1_len + 1 /* dot */ + str2_len; - char *result = (char *)gpr_malloc(result_len + 1 /* NULL terminated */); - char *current = result; + char* result = (char*)gpr_malloc(result_len + 1 /* NULL terminated */); + char* current = result; memcpy(current, str1, str1_len); current += str1_len; *(current++) = '.'; @@ -232,7 +232,7 @@ static char *dot_concat_and_free_strings(char *str1, char *str2) { return result; } -const EVP_MD *openssl_digest_from_algorithm(const char *algorithm) { +const EVP_MD* openssl_digest_from_algorithm(const char* algorithm) { if (strcmp(algorithm, GRPC_JWT_RSA_SHA256_ALGORITHM) == 0) { return EVP_sha256(); } else { @@ -241,15 +241,15 @@ const EVP_MD *openssl_digest_from_algorithm(const char *algorithm) { } } -char *compute_and_encode_signature(const grpc_auth_json_key *json_key, - const char *signature_algorithm, - const char *to_sign) { - const EVP_MD *md = openssl_digest_from_algorithm(signature_algorithm); - EVP_MD_CTX *md_ctx = NULL; - EVP_PKEY *key = EVP_PKEY_new(); +char* compute_and_encode_signature(const grpc_auth_json_key* json_key, + const char* signature_algorithm, + const char* to_sign) { + const EVP_MD* md = openssl_digest_from_algorithm(signature_algorithm); + EVP_MD_CTX* md_ctx = NULL; + EVP_PKEY* key = EVP_PKEY_new(); size_t sig_len = 0; - unsigned char *sig = NULL; - char *result = NULL; + unsigned char* sig = NULL; + char* result = NULL; if (md == NULL) return NULL; md_ctx = EVP_MD_CTX_create(); if (md_ctx == NULL) { @@ -269,7 +269,7 @@ char *compute_and_encode_signature(const grpc_auth_json_key *json_key, gpr_log(GPR_ERROR, "DigestFinal (get signature length) failed."); goto end; } - sig = (unsigned char *)gpr_malloc(sig_len); + sig = (unsigned char*)gpr_malloc(sig_len); if (EVP_DigestSignFinal(md_ctx, sig, &sig_len) != 1) { gpr_log(GPR_ERROR, "DigestFinal (signature compute) failed."); goto end; @@ -283,18 +283,18 @@ end: return result; } -char *grpc_jwt_encode_and_sign(const grpc_auth_json_key *json_key, - const char *audience, - gpr_timespec token_lifetime, const char *scope) { +char* grpc_jwt_encode_and_sign(const grpc_auth_json_key* json_key, + const char* audience, + gpr_timespec token_lifetime, const char* scope) { if (g_jwt_encode_and_sign_override != NULL) { return g_jwt_encode_and_sign_override(json_key, audience, token_lifetime, scope); } else { - const char *sig_algo = GRPC_JWT_RSA_SHA256_ALGORITHM; - char *to_sign = dot_concat_and_free_strings( + const char* sig_algo = GRPC_JWT_RSA_SHA256_ALGORITHM; + char* to_sign = dot_concat_and_free_strings( encoded_jwt_header(json_key->private_key_id, sig_algo), encoded_jwt_claim(json_key, audience, token_lifetime, scope)); - char *sig = compute_and_encode_signature(json_key, sig_algo, to_sign); + char* sig = compute_and_encode_signature(json_key, sig_algo, to_sign); if (sig == NULL) { gpr_free(to_sign); return NULL; diff --git a/src/core/lib/security/credentials/jwt/json_token.h b/src/core/lib/security/credentials/jwt/json_token.h index b923b02df6..b2c3c09c25 100644 --- a/src/core/lib/security/credentials/jwt/json_token.h +++ b/src/core/lib/security/credentials/jwt/json_token.h @@ -35,40 +35,40 @@ extern "C" { /* --- auth_json_key parsing. --- */ typedef struct { - const char *type; - char *private_key_id; - char *client_id; - char *client_email; - RSA *private_key; + const char* type; + char* private_key_id; + char* client_id; + char* client_email; + RSA* private_key; } grpc_auth_json_key; /* Returns 1 if the object is valid, 0 otherwise. */ -int grpc_auth_json_key_is_valid(const grpc_auth_json_key *json_key); +int grpc_auth_json_key_is_valid(const grpc_auth_json_key* json_key); /* Creates a json_key object from string. Returns an invalid object if a parsing error has been encountered. */ grpc_auth_json_key grpc_auth_json_key_create_from_string( - const char *json_string); + const char* json_string); /* Creates a json_key object from parsed json. Returns an invalid object if a parsing error has been encountered. */ -grpc_auth_json_key grpc_auth_json_key_create_from_json(const grpc_json *json); +grpc_auth_json_key grpc_auth_json_key_create_from_json(const grpc_json* json); /* Destructs the object. */ -void grpc_auth_json_key_destruct(grpc_auth_json_key *json_key); +void grpc_auth_json_key_destruct(grpc_auth_json_key* json_key); /* --- json token encoding and signing. --- */ /* Caller is responsible for calling gpr_free on the returned value. May return NULL on invalid input. The scope parameter may be NULL. */ -char *grpc_jwt_encode_and_sign(const grpc_auth_json_key *json_key, - const char *audience, - gpr_timespec token_lifetime, const char *scope); +char* grpc_jwt_encode_and_sign(const grpc_auth_json_key* json_key, + const char* audience, + gpr_timespec token_lifetime, const char* scope); /* Override encode_and_sign function for testing. */ -typedef char *(*grpc_jwt_encode_and_sign_override)( - const grpc_auth_json_key *json_key, const char *audience, - gpr_timespec token_lifetime, const char *scope); +typedef char* (*grpc_jwt_encode_and_sign_override)( + const grpc_auth_json_key* json_key, const char* audience, + gpr_timespec token_lifetime, const char* scope); /* Set a custom encode_and_sign override for testing. */ void grpc_jwt_encode_and_sign_set_override( diff --git a/src/core/lib/security/credentials/jwt/jwt_credentials.cc b/src/core/lib/security/credentials/jwt/jwt_credentials.cc index 835dd677ed..e8baa7e053 100644 --- a/src/core/lib/security/credentials/jwt/jwt_credentials.cc +++ b/src/core/lib/security/credentials/jwt/jwt_credentials.cc @@ -30,8 +30,8 @@ #include <grpc/support/string_util.h> #include <grpc/support/sync.h> -static void jwt_reset_cache(grpc_exec_ctx *exec_ctx, - grpc_service_account_jwt_access_credentials *c) { +static void jwt_reset_cache(grpc_exec_ctx* exec_ctx, + grpc_service_account_jwt_access_credentials* c) { GRPC_MDELEM_UNREF(exec_ctx, c->cached.jwt_md); c->cached.jwt_md = GRPC_MDNULL; if (c->cached.service_url != NULL) { @@ -41,24 +41,24 @@ static void jwt_reset_cache(grpc_exec_ctx *exec_ctx, c->cached.jwt_expiration = gpr_inf_past(GPR_CLOCK_REALTIME); } -static void jwt_destruct(grpc_exec_ctx *exec_ctx, - grpc_call_credentials *creds) { - grpc_service_account_jwt_access_credentials *c = - (grpc_service_account_jwt_access_credentials *)creds; +static void jwt_destruct(grpc_exec_ctx* exec_ctx, + grpc_call_credentials* creds) { + grpc_service_account_jwt_access_credentials* c = + (grpc_service_account_jwt_access_credentials*)creds; grpc_auth_json_key_destruct(&c->key); jwt_reset_cache(exec_ctx, c); gpr_mu_destroy(&c->cache_mu); } -static bool jwt_get_request_metadata(grpc_exec_ctx *exec_ctx, - grpc_call_credentials *creds, - grpc_polling_entity *pollent, +static bool jwt_get_request_metadata(grpc_exec_ctx* exec_ctx, + grpc_call_credentials* creds, + grpc_polling_entity* pollent, grpc_auth_metadata_context context, - grpc_credentials_mdelem_array *md_array, - grpc_closure *on_request_metadata, - grpc_error **error) { - grpc_service_account_jwt_access_credentials *c = - (grpc_service_account_jwt_access_credentials *)creds; + grpc_credentials_mdelem_array* md_array, + grpc_closure* on_request_metadata, + grpc_error** error) { + grpc_service_account_jwt_access_credentials* c = + (grpc_service_account_jwt_access_credentials*)creds; gpr_timespec refresh_threshold = gpr_time_from_seconds( GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, GPR_TIMESPAN); @@ -78,14 +78,14 @@ static bool jwt_get_request_metadata(grpc_exec_ctx *exec_ctx, } if (GRPC_MDISNULL(jwt_md)) { - char *jwt = NULL; + char* jwt = NULL; /* Generate a new jwt. */ gpr_mu_lock(&c->cache_mu); jwt_reset_cache(exec_ctx, c); jwt = grpc_jwt_encode_and_sign(&c->key, context.service_url, c->jwt_lifetime, NULL); if (jwt != NULL) { - char *md_value; + char* md_value; gpr_asprintf(&md_value, "Bearer %s", jwt); gpr_free(jwt); c->cached.jwt_expiration = @@ -111,24 +111,24 @@ static bool jwt_get_request_metadata(grpc_exec_ctx *exec_ctx, } static void jwt_cancel_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *c, - grpc_credentials_mdelem_array *md_array, grpc_error *error) { + grpc_exec_ctx* exec_ctx, grpc_call_credentials* c, + grpc_credentials_mdelem_array* md_array, grpc_error* error) { GRPC_ERROR_UNREF(error); } static grpc_call_credentials_vtable jwt_vtable = { jwt_destruct, jwt_get_request_metadata, jwt_cancel_get_request_metadata}; -grpc_call_credentials * +grpc_call_credentials* grpc_service_account_jwt_access_credentials_create_from_auth_json_key( - grpc_exec_ctx *exec_ctx, grpc_auth_json_key key, + grpc_exec_ctx* exec_ctx, grpc_auth_json_key key, gpr_timespec token_lifetime) { - grpc_service_account_jwt_access_credentials *c; + grpc_service_account_jwt_access_credentials* c; if (!grpc_auth_json_key_is_valid(&key)) { gpr_log(GPR_ERROR, "Invalid input for jwt credentials creation"); return NULL; } - c = (grpc_service_account_jwt_access_credentials *)gpr_zalloc( + c = (grpc_service_account_jwt_access_credentials*)gpr_zalloc( sizeof(grpc_service_account_jwt_access_credentials)); c->base.type = GRPC_CALL_CREDENTIALS_TYPE_JWT; gpr_ref_init(&c->base.refcount, 1); @@ -147,33 +147,33 @@ grpc_service_account_jwt_access_credentials_create_from_auth_json_key( return &c->base; } -static char *redact_private_key(const char *json_key) { - char *json_copy = gpr_strdup(json_key); - grpc_json *json = grpc_json_parse_string(json_copy); +static char* redact_private_key(const char* json_key) { + char* json_copy = gpr_strdup(json_key); + grpc_json* json = grpc_json_parse_string(json_copy); if (!json) { gpr_free(json_copy); return gpr_strdup("<Json failed to parse.>"); } - const char *redacted = "<redacted>"; - grpc_json *current = json->child; + const char* redacted = "<redacted>"; + grpc_json* current = json->child; while (current) { if (current->type == GRPC_JSON_STRING && strcmp(current->key, "private_key") == 0) { - current->value = (char *)redacted; + current->value = (char*)redacted; break; } current = current->next; } - char *clean_json = grpc_json_dump_to_string(json, 2); + char* clean_json = grpc_json_dump_to_string(json, 2); gpr_free(json_copy); grpc_json_destroy(json); return clean_json; } -grpc_call_credentials *grpc_service_account_jwt_access_credentials_create( - const char *json_key, gpr_timespec token_lifetime, void *reserved) { +grpc_call_credentials* grpc_service_account_jwt_access_credentials_create( + const char* json_key, gpr_timespec token_lifetime, void* reserved) { if (GRPC_TRACER_ON(grpc_api_trace)) { - char *clean_json = redact_private_key(json_key); + char* clean_json = redact_private_key(json_key); gpr_log(GPR_INFO, "grpc_service_account_jwt_access_credentials_create(" "json_key=%s, " @@ -187,7 +187,7 @@ grpc_call_credentials *grpc_service_account_jwt_access_credentials_create( } GPR_ASSERT(reserved == NULL); grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; - grpc_call_credentials *creds = + grpc_call_credentials* creds = grpc_service_account_jwt_access_credentials_create_from_auth_json_key( &exec_ctx, grpc_auth_json_key_create_from_string(json_key), token_lifetime); diff --git a/src/core/lib/security/credentials/jwt/jwt_credentials.h b/src/core/lib/security/credentials/jwt/jwt_credentials.h index 5cee6ed0da..d554613eed 100644 --- a/src/core/lib/security/credentials/jwt/jwt_credentials.h +++ b/src/core/lib/security/credentials/jwt/jwt_credentials.h @@ -34,7 +34,7 @@ typedef struct { gpr_mu cache_mu; struct { grpc_mdelem jwt_md; - char *service_url; + char* service_url; gpr_timespec jwt_expiration; } cached; @@ -44,9 +44,9 @@ typedef struct { // Private constructor for jwt credentials from an already parsed json key. // Takes ownership of the key. -grpc_call_credentials * +grpc_call_credentials* grpc_service_account_jwt_access_credentials_create_from_auth_json_key( - grpc_exec_ctx *exec_ctx, grpc_auth_json_key key, + grpc_exec_ctx* exec_ctx, grpc_auth_json_key key, gpr_timespec token_lifetime); #ifdef __cplusplus diff --git a/src/core/lib/security/credentials/jwt/jwt_verifier.cc b/src/core/lib/security/credentials/jwt/jwt_verifier.cc index 39e72c195b..0fce5f5555 100644 --- a/src/core/lib/security/credentials/jwt/jwt_verifier.cc +++ b/src/core/lib/security/credentials/jwt/jwt_verifier.cc @@ -40,7 +40,7 @@ extern "C" { /* --- Utils. --- */ -const char *grpc_jwt_verifier_status_to_string( +const char* grpc_jwt_verifier_status_to_string( grpc_jwt_verifier_status status) { switch (status) { case GRPC_JWT_VERIFIER_OK: @@ -62,7 +62,7 @@ const char *grpc_jwt_verifier_status_to_string( } } -static const EVP_MD *evp_md_from_alg(const char *alg) { +static const EVP_MD* evp_md_from_alg(const char* alg) { if (strcmp(alg, "RS256") == 0) { return EVP_sha256(); } else if (strcmp(alg, "RS384") == 0) { @@ -74,17 +74,17 @@ static const EVP_MD *evp_md_from_alg(const char *alg) { } } -static grpc_json *parse_json_part_from_jwt(grpc_exec_ctx *exec_ctx, - const char *str, size_t len, - grpc_slice *buffer) { - grpc_json *json; +static grpc_json* parse_json_part_from_jwt(grpc_exec_ctx* exec_ctx, + const char* str, size_t len, + grpc_slice* buffer) { + grpc_json* json; *buffer = grpc_base64_decode_with_len(exec_ctx, str, len, 1); if (GRPC_SLICE_IS_EMPTY(*buffer)) { gpr_log(GPR_ERROR, "Invalid base64."); return NULL; } - json = grpc_json_parse_string_with_len((char *)GRPC_SLICE_START_PTR(*buffer), + json = grpc_json_parse_string_with_len((char*)GRPC_SLICE_START_PTR(*buffer), GRPC_SLICE_LENGTH(*buffer)); if (json == NULL) { grpc_slice_unref_internal(exec_ctx, *buffer); @@ -93,8 +93,8 @@ static grpc_json *parse_json_part_from_jwt(grpc_exec_ctx *exec_ctx, return json; } -static const char *validate_string_field(const grpc_json *json, - const char *key) { +static const char* validate_string_field(const grpc_json* json, + const char* key) { if (json->type != GRPC_JSON_STRING) { gpr_log(GPR_ERROR, "Invalid %s field [%s]", key, json->value); return NULL; @@ -102,8 +102,8 @@ static const char *validate_string_field(const grpc_json *json, return json->value; } -static gpr_timespec validate_time_field(const grpc_json *json, - const char *key) { +static gpr_timespec validate_time_field(const grpc_json* json, + const char* key) { gpr_timespec result = gpr_time_0(GPR_CLOCK_REALTIME); if (json->type != GRPC_JSON_NUMBER) { gpr_log(GPR_ERROR, "Invalid %s field [%s]", key, json->value); @@ -116,23 +116,23 @@ static gpr_timespec validate_time_field(const grpc_json *json, /* --- JOSE header. see http://tools.ietf.org/html/rfc7515#section-4 --- */ typedef struct { - const char *alg; - const char *kid; - const char *typ; + const char* alg; + const char* kid; + const char* typ; /* TODO(jboeuf): Add others as needed (jku, jwk, x5u, x5c and so on...). */ grpc_slice buffer; } jose_header; -static void jose_header_destroy(grpc_exec_ctx *exec_ctx, jose_header *h) { +static void jose_header_destroy(grpc_exec_ctx* exec_ctx, jose_header* h) { grpc_slice_unref_internal(exec_ctx, h->buffer); gpr_free(h); } /* Takes ownership of json and buffer. */ -static jose_header *jose_header_from_json(grpc_exec_ctx *exec_ctx, - grpc_json *json, grpc_slice buffer) { - grpc_json *cur; - jose_header *h = (jose_header *)gpr_zalloc(sizeof(jose_header)); +static jose_header* jose_header_from_json(grpc_exec_ctx* exec_ctx, + grpc_json* json, grpc_slice buffer) { + grpc_json* cur; + jose_header* h = (jose_header*)gpr_zalloc(sizeof(jose_header)); h->buffer = buffer; for (cur = json->child; cur != NULL; cur = cur->next) { if (strcmp(cur->key, "alg") == 0) { @@ -172,70 +172,70 @@ error: struct grpc_jwt_claims { /* Well known properties already parsed. */ - const char *sub; - const char *iss; - const char *aud; - const char *jti; + const char* sub; + const char* iss; + const char* aud; + const char* jti; gpr_timespec iat; gpr_timespec exp; gpr_timespec nbf; - grpc_json *json; + grpc_json* json; grpc_slice buffer; }; -void grpc_jwt_claims_destroy(grpc_exec_ctx *exec_ctx, grpc_jwt_claims *claims) { +void grpc_jwt_claims_destroy(grpc_exec_ctx* exec_ctx, grpc_jwt_claims* claims) { grpc_json_destroy(claims->json); grpc_slice_unref_internal(exec_ctx, claims->buffer); gpr_free(claims); } -const grpc_json *grpc_jwt_claims_json(const grpc_jwt_claims *claims) { +const grpc_json* grpc_jwt_claims_json(const grpc_jwt_claims* claims) { if (claims == NULL) return NULL; return claims->json; } -const char *grpc_jwt_claims_subject(const grpc_jwt_claims *claims) { +const char* grpc_jwt_claims_subject(const grpc_jwt_claims* claims) { if (claims == NULL) return NULL; return claims->sub; } -const char *grpc_jwt_claims_issuer(const grpc_jwt_claims *claims) { +const char* grpc_jwt_claims_issuer(const grpc_jwt_claims* claims) { if (claims == NULL) return NULL; return claims->iss; } -const char *grpc_jwt_claims_id(const grpc_jwt_claims *claims) { +const char* grpc_jwt_claims_id(const grpc_jwt_claims* claims) { if (claims == NULL) return NULL; return claims->jti; } -const char *grpc_jwt_claims_audience(const grpc_jwt_claims *claims) { +const char* grpc_jwt_claims_audience(const grpc_jwt_claims* claims) { if (claims == NULL) return NULL; return claims->aud; } -gpr_timespec grpc_jwt_claims_issued_at(const grpc_jwt_claims *claims) { +gpr_timespec grpc_jwt_claims_issued_at(const grpc_jwt_claims* claims) { if (claims == NULL) return gpr_inf_past(GPR_CLOCK_REALTIME); return claims->iat; } -gpr_timespec grpc_jwt_claims_expires_at(const grpc_jwt_claims *claims) { +gpr_timespec grpc_jwt_claims_expires_at(const grpc_jwt_claims* claims) { if (claims == NULL) return gpr_inf_future(GPR_CLOCK_REALTIME); return claims->exp; } -gpr_timespec grpc_jwt_claims_not_before(const grpc_jwt_claims *claims) { +gpr_timespec grpc_jwt_claims_not_before(const grpc_jwt_claims* claims) { if (claims == NULL) return gpr_inf_past(GPR_CLOCK_REALTIME); return claims->nbf; } /* Takes ownership of json and buffer even in case of failure. */ -grpc_jwt_claims *grpc_jwt_claims_from_json(grpc_exec_ctx *exec_ctx, - grpc_json *json, grpc_slice buffer) { - grpc_json *cur; - grpc_jwt_claims *claims = - (grpc_jwt_claims *)gpr_malloc(sizeof(grpc_jwt_claims)); +grpc_jwt_claims* grpc_jwt_claims_from_json(grpc_exec_ctx* exec_ctx, + grpc_json* json, grpc_slice buffer) { + grpc_json* cur; + grpc_jwt_claims* claims = + (grpc_jwt_claims*)gpr_malloc(sizeof(grpc_jwt_claims)); memset(claims, 0, sizeof(grpc_jwt_claims)); claims->json = json; claims->buffer = buffer; @@ -278,8 +278,8 @@ error: return NULL; } -grpc_jwt_verifier_status grpc_jwt_claims_check(const grpc_jwt_claims *claims, - const char *audience) { +grpc_jwt_verifier_status grpc_jwt_claims_check(const grpc_jwt_claims* claims, + const char* audience) { gpr_timespec skewed_now; int audience_ok; @@ -332,26 +332,26 @@ typedef enum { } http_response_index; typedef struct { - grpc_jwt_verifier *verifier; + grpc_jwt_verifier* verifier; grpc_polling_entity pollent; - jose_header *header; - grpc_jwt_claims *claims; - char *audience; + jose_header* header; + grpc_jwt_claims* claims; + char* audience; grpc_slice signature; grpc_slice signed_data; - void *user_data; + void* user_data; grpc_jwt_verification_done_cb user_cb; grpc_http_response responses[HTTP_RESPONSE_COUNT]; } verifier_cb_ctx; /* Takes ownership of the header, claims and signature. */ -static verifier_cb_ctx *verifier_cb_ctx_create( - grpc_jwt_verifier *verifier, grpc_pollset *pollset, jose_header *header, - grpc_jwt_claims *claims, const char *audience, grpc_slice signature, - const char *signed_jwt, size_t signed_jwt_len, void *user_data, +static verifier_cb_ctx* verifier_cb_ctx_create( + grpc_jwt_verifier* verifier, grpc_pollset* pollset, jose_header* header, + grpc_jwt_claims* claims, const char* audience, grpc_slice signature, + const char* signed_jwt, size_t signed_jwt_len, void* user_data, grpc_jwt_verification_done_cb cb) { grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; - verifier_cb_ctx *ctx = (verifier_cb_ctx *)gpr_zalloc(sizeof(verifier_cb_ctx)); + verifier_cb_ctx* ctx = (verifier_cb_ctx*)gpr_zalloc(sizeof(verifier_cb_ctx)); ctx->verifier = verifier; ctx->pollent = grpc_polling_entity_create_from_pollset(pollset); ctx->header = header; @@ -365,7 +365,7 @@ static verifier_cb_ctx *verifier_cb_ctx_create( return ctx; } -void verifier_cb_ctx_destroy(grpc_exec_ctx *exec_ctx, verifier_cb_ctx *ctx) { +void verifier_cb_ctx_destroy(grpc_exec_ctx* exec_ctx, verifier_cb_ctx* ctx) { if (ctx->audience != NULL) gpr_free(ctx->audience); if (ctx->claims != NULL) grpc_jwt_claims_destroy(exec_ctx, ctx->claims); grpc_slice_unref_internal(exec_ctx, ctx->signature); @@ -387,19 +387,19 @@ gpr_timespec grpc_jwt_verifier_clock_skew = {60, 0, GPR_TIMESPAN}; grpc_millis grpc_jwt_verifier_max_delay = 60 * GPR_MS_PER_SEC; typedef struct { - char *email_domain; - char *key_url_prefix; + char* email_domain; + char* key_url_prefix; } email_key_mapping; struct grpc_jwt_verifier { - email_key_mapping *mappings; + email_key_mapping* mappings; size_t num_mappings; /* Should be very few, linear search ok. */ size_t allocated_mappings; grpc_httpcli_context http_ctx; }; -static grpc_json *json_from_http(const grpc_httpcli_response *response) { - grpc_json *json = NULL; +static grpc_json* json_from_http(const grpc_httpcli_response* response) { + grpc_json* json = NULL; if (response == NULL) { gpr_log(GPR_ERROR, "HTTP response is NULL."); @@ -418,19 +418,19 @@ static grpc_json *json_from_http(const grpc_httpcli_response *response) { return json; } -static const grpc_json *find_property_by_name(const grpc_json *json, - const char *name) { - const grpc_json *cur; +static const grpc_json* find_property_by_name(const grpc_json* json, + const char* name) { + const grpc_json* cur; for (cur = json->child; cur != NULL; cur = cur->next) { if (strcmp(cur->key, name) == 0) return cur; } return NULL; } -static EVP_PKEY *extract_pkey_from_x509(const char *x509_str) { - X509 *x509 = NULL; - EVP_PKEY *result = NULL; - BIO *bio = BIO_new(BIO_s_mem()); +static EVP_PKEY* extract_pkey_from_x509(const char* x509_str) { + X509* x509 = NULL; + EVP_PKEY* result = NULL; + BIO* bio = BIO_new(BIO_s_mem()); size_t len = strlen(x509_str); GPR_ASSERT(len < INT_MAX); BIO_write(bio, x509_str, (int)len); @@ -450,8 +450,8 @@ end: return result; } -static BIGNUM *bignum_from_base64(grpc_exec_ctx *exec_ctx, const char *b64) { - BIGNUM *result = NULL; +static BIGNUM* bignum_from_base64(grpc_exec_ctx* exec_ctx, const char* b64) { + BIGNUM* result = NULL; grpc_slice bin; if (b64 == NULL) return NULL; @@ -469,7 +469,7 @@ static BIGNUM *bignum_from_base64(grpc_exec_ctx *exec_ctx, const char *b64) { #if OPENSSL_VERSION_NUMBER < 0x10100000L // Provide compatibility across OpenSSL 1.02 and 1.1. -static int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { +static int RSA_set0_key(RSA* r, BIGNUM* n, BIGNUM* e, BIGNUM* d) { /* If the fields n and e in r are NULL, the corresponding input * parameters MUST be non-NULL for n and e. d may be * left NULL (in case only the public key is used). @@ -495,13 +495,13 @@ static int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { } #endif // OPENSSL_VERSION_NUMBER < 0x10100000L -static EVP_PKEY *pkey_from_jwk(grpc_exec_ctx *exec_ctx, const grpc_json *json, - const char *kty) { - const grpc_json *key_prop; - RSA *rsa = NULL; - EVP_PKEY *result = NULL; - BIGNUM *tmp_n = NULL; - BIGNUM *tmp_e = NULL; +static EVP_PKEY* pkey_from_jwk(grpc_exec_ctx* exec_ctx, const grpc_json* json, + const char* kty) { + const grpc_json* key_prop; + RSA* rsa = NULL; + EVP_PKEY* result = NULL; + BIGNUM* tmp_n = NULL; + BIGNUM* tmp_e = NULL; GPR_ASSERT(kty != NULL && json != NULL); if (strcmp(kty, "RSA") != 0) { @@ -545,19 +545,19 @@ end: return result; } -static EVP_PKEY *find_verification_key(grpc_exec_ctx *exec_ctx, - const grpc_json *json, - const char *header_alg, - const char *header_kid) { - const grpc_json *jkey; - const grpc_json *jwk_keys; +static EVP_PKEY* find_verification_key(grpc_exec_ctx* exec_ctx, + const grpc_json* json, + const char* header_alg, + const char* header_kid) { + const grpc_json* jkey; + const grpc_json* jwk_keys; /* Try to parse the json as a JWK set: https://tools.ietf.org/html/rfc7517#section-5. */ jwk_keys = find_property_by_name(json, "keys"); if (jwk_keys == NULL) { /* Use the google proprietary format which is: { <kid1>: <x5091>, <kid2>: <x5092>, ... } */ - const grpc_json *cur = find_property_by_name(json, header_kid); + const grpc_json* cur = find_property_by_name(json, header_kid); if (cur == NULL) return NULL; return extract_pkey_from_x509(cur->value); } @@ -570,10 +570,10 @@ static EVP_PKEY *find_verification_key(grpc_exec_ctx *exec_ctx, /* Key format is specified in: https://tools.ietf.org/html/rfc7518#section-6. */ for (jkey = jwk_keys->child; jkey != NULL; jkey = jkey->next) { - grpc_json *key_prop; - const char *alg = NULL; - const char *kid = NULL; - const char *kty = NULL; + grpc_json* key_prop; + const char* alg = NULL; + const char* kid = NULL; + const char* kty = NULL; if (jkey->type != GRPC_JSON_OBJECT) continue; for (key_prop = jkey->child; key_prop != NULL; key_prop = key_prop->next) { @@ -599,10 +599,10 @@ static EVP_PKEY *find_verification_key(grpc_exec_ctx *exec_ctx, return NULL; } -static int verify_jwt_signature(EVP_PKEY *key, const char *alg, +static int verify_jwt_signature(EVP_PKEY* key, const char* alg, grpc_slice signature, grpc_slice signed_data) { - EVP_MD_CTX *md_ctx = EVP_MD_CTX_create(); - const EVP_MD *md = evp_md_from_alg(alg); + EVP_MD_CTX* md_ctx = EVP_MD_CTX_create(); + const EVP_MD* md = evp_md_from_alg(alg); int result = 0; GPR_ASSERT(md != NULL); /* Checked before. */ @@ -631,13 +631,13 @@ end: return result; } -static void on_keys_retrieved(grpc_exec_ctx *exec_ctx, void *user_data, - grpc_error *error) { - verifier_cb_ctx *ctx = (verifier_cb_ctx *)user_data; - grpc_json *json = json_from_http(&ctx->responses[HTTP_RESPONSE_KEYS]); - EVP_PKEY *verification_key = NULL; +static void on_keys_retrieved(grpc_exec_ctx* exec_ctx, void* user_data, + grpc_error* error) { + verifier_cb_ctx* ctx = (verifier_cb_ctx*)user_data; + grpc_json* json = json_from_http(&ctx->responses[HTTP_RESPONSE_KEYS]); + EVP_PKEY* verification_key = NULL; grpc_jwt_verifier_status status = GRPC_JWT_VERIFIER_GENERIC_ERROR; - grpc_jwt_claims *claims = NULL; + grpc_jwt_claims* claims = NULL; if (json == NULL) { status = GRPC_JWT_VERIFIER_KEY_RETRIEVAL_ERROR; @@ -672,15 +672,15 @@ end: verifier_cb_ctx_destroy(exec_ctx, ctx); } -static void on_openid_config_retrieved(grpc_exec_ctx *exec_ctx, void *user_data, - grpc_error *error) { - const grpc_json *cur; - verifier_cb_ctx *ctx = (verifier_cb_ctx *)user_data; - const grpc_http_response *response = &ctx->responses[HTTP_RESPONSE_OPENID]; - grpc_json *json = json_from_http(response); +static void on_openid_config_retrieved(grpc_exec_ctx* exec_ctx, void* user_data, + grpc_error* error) { + const grpc_json* cur; + verifier_cb_ctx* ctx = (verifier_cb_ctx*)user_data; + const grpc_http_response* response = &ctx->responses[HTTP_RESPONSE_OPENID]; + grpc_json* json = json_from_http(response); grpc_httpcli_request req; - const char *jwks_uri; - grpc_resource_quota *resource_quota = NULL; + const char* jwks_uri; + grpc_resource_quota* resource_quota = NULL; /* TODO(jboeuf): Cache the jwks_uri in order to avoid this hop next time. */ if (json == NULL) goto error; @@ -698,9 +698,9 @@ static void on_openid_config_retrieved(grpc_exec_ctx *exec_ctx, void *user_data, jwks_uri += 8; req.handshaker = &grpc_httpcli_ssl; req.host = gpr_strdup(jwks_uri); - req.http.path = (char *)strchr(jwks_uri, '/'); + req.http.path = (char*)strchr(jwks_uri, '/'); if (req.http.path == NULL) { - req.http.path = (char *)""; + req.http.path = (char*)""; } else { *(req.host + (req.http.path - jwks_uri)) = '\0'; } @@ -726,8 +726,8 @@ error: verifier_cb_ctx_destroy(exec_ctx, ctx); } -static email_key_mapping *verifier_get_mapping(grpc_jwt_verifier *v, - const char *email_domain) { +static email_key_mapping* verifier_get_mapping(grpc_jwt_verifier* v, + const char* email_domain) { size_t i; if (v->mappings == NULL) return NULL; for (i = 0; i < v->num_mappings; i++) { @@ -738,9 +738,9 @@ static email_key_mapping *verifier_get_mapping(grpc_jwt_verifier *v, return NULL; } -static void verifier_put_mapping(grpc_jwt_verifier *v, const char *email_domain, - const char *key_url_prefix) { - email_key_mapping *mapping = verifier_get_mapping(v, email_domain); +static void verifier_put_mapping(grpc_jwt_verifier* v, const char* email_domain, + const char* key_url_prefix) { + email_key_mapping* mapping = verifier_get_mapping(v, email_domain); GPR_ASSERT(v->num_mappings < v->allocated_mappings); if (mapping != NULL) { gpr_free(mapping->key_url_prefix); @@ -755,30 +755,30 @@ static void verifier_put_mapping(grpc_jwt_verifier *v, const char *email_domain, /* Very non-sophisticated way to detect an email address. Should be good enough for now... */ -const char *grpc_jwt_issuer_email_domain(const char *issuer) { - const char *at_sign = strchr(issuer, '@'); +const char* grpc_jwt_issuer_email_domain(const char* issuer) { + const char* at_sign = strchr(issuer, '@'); if (at_sign == NULL) return NULL; - const char *email_domain = at_sign + 1; + const char* email_domain = at_sign + 1; if (*email_domain == '\0') return NULL; - const char *dot = strrchr(email_domain, '.'); + const char* dot = strrchr(email_domain, '.'); if (dot == NULL || dot == email_domain) return email_domain; GPR_ASSERT(dot > email_domain); /* There may be a subdomain, we just want the domain. */ - dot = (const char *)gpr_memrchr((void *)email_domain, '.', - (size_t)(dot - email_domain)); + dot = (const char*)gpr_memrchr((void*)email_domain, '.', + (size_t)(dot - email_domain)); if (dot == NULL) return email_domain; return dot + 1; } /* Takes ownership of ctx. */ -static void retrieve_key_and_verify(grpc_exec_ctx *exec_ctx, - verifier_cb_ctx *ctx) { - const char *email_domain; - grpc_closure *http_cb; - char *path_prefix = NULL; - const char *iss; +static void retrieve_key_and_verify(grpc_exec_ctx* exec_ctx, + verifier_cb_ctx* ctx) { + const char* email_domain; + grpc_closure* http_cb; + char* path_prefix = NULL; + const char* iss; grpc_httpcli_request req; - grpc_resource_quota *resource_quota = NULL; + grpc_resource_quota* resource_quota = NULL; memset(&req, 0, sizeof(grpc_httpcli_request)); req.handshaker = &grpc_httpcli_ssl; http_response_index rsp_idx; @@ -801,7 +801,7 @@ static void retrieve_key_and_verify(grpc_exec_ctx *exec_ctx, Part 4, on the other hand is implemented by both google and salesforce. */ email_domain = grpc_jwt_issuer_email_domain(iss); if (email_domain != NULL) { - email_key_mapping *mapping; + email_key_mapping* mapping; GPR_ASSERT(ctx->verifier != NULL); mapping = verifier_get_mapping(ctx->verifier, email_domain); if (mapping == NULL) { @@ -853,21 +853,21 @@ error: verifier_cb_ctx_destroy(exec_ctx, ctx); } -void grpc_jwt_verifier_verify(grpc_exec_ctx *exec_ctx, - grpc_jwt_verifier *verifier, - grpc_pollset *pollset, const char *jwt, - const char *audience, +void grpc_jwt_verifier_verify(grpc_exec_ctx* exec_ctx, + grpc_jwt_verifier* verifier, + grpc_pollset* pollset, const char* jwt, + const char* audience, grpc_jwt_verification_done_cb cb, - void *user_data) { - const char *dot = NULL; - grpc_json *json; - jose_header *header = NULL; - grpc_jwt_claims *claims = NULL; + void* user_data) { + const char* dot = NULL; + grpc_json* json; + jose_header* header = NULL; + grpc_jwt_claims* claims = NULL; grpc_slice header_buffer; grpc_slice claims_buffer; grpc_slice signature; size_t signed_jwt_len; - const char *cur = jwt; + const char* cur = jwt; GPR_ASSERT(verifier != NULL && jwt != NULL && audience != NULL && cb != NULL); dot = strchr(cur, '.'); @@ -903,17 +903,17 @@ error: cb(exec_ctx, user_data, GRPC_JWT_VERIFIER_BAD_FORMAT, NULL); } -grpc_jwt_verifier *grpc_jwt_verifier_create( - const grpc_jwt_verifier_email_domain_key_url_mapping *mappings, +grpc_jwt_verifier* grpc_jwt_verifier_create( + const grpc_jwt_verifier_email_domain_key_url_mapping* mappings, size_t num_mappings) { - grpc_jwt_verifier *v = - (grpc_jwt_verifier *)gpr_zalloc(sizeof(grpc_jwt_verifier)); + grpc_jwt_verifier* v = + (grpc_jwt_verifier*)gpr_zalloc(sizeof(grpc_jwt_verifier)); grpc_httpcli_context_init(&v->http_ctx); /* We know at least of one mapping. */ v->allocated_mappings = 1 + num_mappings; - v->mappings = (email_key_mapping *)gpr_malloc(v->allocated_mappings * - sizeof(email_key_mapping)); + v->mappings = (email_key_mapping*)gpr_malloc(v->allocated_mappings * + sizeof(email_key_mapping)); verifier_put_mapping(v, GRPC_GOOGLE_SERVICE_ACCOUNTS_EMAIL_DOMAIN, GRPC_GOOGLE_SERVICE_ACCOUNTS_KEY_URL_PREFIX); /* User-Provided mappings. */ @@ -927,7 +927,7 @@ grpc_jwt_verifier *grpc_jwt_verifier_create( return v; } -void grpc_jwt_verifier_destroy(grpc_exec_ctx *exec_ctx, grpc_jwt_verifier *v) { +void grpc_jwt_verifier_destroy(grpc_exec_ctx* exec_ctx, grpc_jwt_verifier* v) { size_t i; if (v == NULL) return; grpc_httpcli_context_destroy(exec_ctx, &v->http_ctx); diff --git a/src/core/lib/security/credentials/jwt/jwt_verifier.h b/src/core/lib/security/credentials/jwt/jwt_verifier.h index 998365e75c..8083cf9beb 100644 --- a/src/core/lib/security/credentials/jwt/jwt_verifier.h +++ b/src/core/lib/security/credentials/jwt/jwt_verifier.h @@ -49,25 +49,25 @@ typedef enum { GRPC_JWT_VERIFIER_GENERIC_ERROR } grpc_jwt_verifier_status; -const char *grpc_jwt_verifier_status_to_string(grpc_jwt_verifier_status status); +const char* grpc_jwt_verifier_status_to_string(grpc_jwt_verifier_status status); /* --- grpc_jwt_claims. --- */ typedef struct grpc_jwt_claims grpc_jwt_claims; -void grpc_jwt_claims_destroy(grpc_exec_ctx *exec_ctx, grpc_jwt_claims *claims); +void grpc_jwt_claims_destroy(grpc_exec_ctx* exec_ctx, grpc_jwt_claims* claims); /* Returns the whole JSON tree of the claims. */ -const grpc_json *grpc_jwt_claims_json(const grpc_jwt_claims *claims); +const grpc_json* grpc_jwt_claims_json(const grpc_jwt_claims* claims); /* Access to registered claims in https://tools.ietf.org/html/rfc7519#page-9 */ -const char *grpc_jwt_claims_subject(const grpc_jwt_claims *claims); -const char *grpc_jwt_claims_issuer(const grpc_jwt_claims *claims); -const char *grpc_jwt_claims_id(const grpc_jwt_claims *claims); -const char *grpc_jwt_claims_audience(const grpc_jwt_claims *claims); -gpr_timespec grpc_jwt_claims_issued_at(const grpc_jwt_claims *claims); -gpr_timespec grpc_jwt_claims_expires_at(const grpc_jwt_claims *claims); -gpr_timespec grpc_jwt_claims_not_before(const grpc_jwt_claims *claims); +const char* grpc_jwt_claims_subject(const grpc_jwt_claims* claims); +const char* grpc_jwt_claims_issuer(const grpc_jwt_claims* claims); +const char* grpc_jwt_claims_id(const grpc_jwt_claims* claims); +const char* grpc_jwt_claims_audience(const grpc_jwt_claims* claims); +gpr_timespec grpc_jwt_claims_issued_at(const grpc_jwt_claims* claims); +gpr_timespec grpc_jwt_claims_expires_at(const grpc_jwt_claims* claims); +gpr_timespec grpc_jwt_claims_not_before(const grpc_jwt_claims* claims); /* --- grpc_jwt_verifier. --- */ @@ -75,12 +75,12 @@ typedef struct grpc_jwt_verifier grpc_jwt_verifier; typedef struct { /* The email domain is the part after the @ sign. */ - const char *email_domain; + const char* email_domain; /* The key url prefix will be used to get the public key from the issuer: https://<key_url_prefix>/<issuer_email> Therefore the key_url_prefix must NOT contain https://. */ - const char *key_url_prefix; + const char* key_url_prefix; } grpc_jwt_verifier_email_domain_key_url_mapping; /* Globals to control the verifier. Not thread-safe. */ @@ -93,38 +93,38 @@ extern grpc_millis grpc_jwt_verifier_max_delay; A verifier object has one built-in mapping (unless overridden): GRPC_GOOGLE_SERVICE_ACCOUNTS_EMAIL_DOMAIN -> GRPC_GOOGLE_SERVICE_ACCOUNTS_KEY_URL_PREFIX.*/ -grpc_jwt_verifier *grpc_jwt_verifier_create( - const grpc_jwt_verifier_email_domain_key_url_mapping *mappings, +grpc_jwt_verifier* grpc_jwt_verifier_create( + const grpc_jwt_verifier_email_domain_key_url_mapping* mappings, size_t num_mappings); /*The verifier must not be destroyed if there are still outstanding callbacks.*/ -void grpc_jwt_verifier_destroy(grpc_exec_ctx *exec_ctx, - grpc_jwt_verifier *verifier); +void grpc_jwt_verifier_destroy(grpc_exec_ctx* exec_ctx, + grpc_jwt_verifier* verifier); /* User provided callback that will be called when the verification of the JWT is done (maybe in another thread). It is the responsibility of the callee to call grpc_jwt_claims_destroy on the claims. */ -typedef void (*grpc_jwt_verification_done_cb)(grpc_exec_ctx *exec_ctx, - void *user_data, +typedef void (*grpc_jwt_verification_done_cb)(grpc_exec_ctx* exec_ctx, + void* user_data, grpc_jwt_verifier_status status, - grpc_jwt_claims *claims); + grpc_jwt_claims* claims); /* Verifies for the JWT for the given expected audience. */ -void grpc_jwt_verifier_verify(grpc_exec_ctx *exec_ctx, - grpc_jwt_verifier *verifier, - grpc_pollset *pollset, const char *jwt, - const char *audience, +void grpc_jwt_verifier_verify(grpc_exec_ctx* exec_ctx, + grpc_jwt_verifier* verifier, + grpc_pollset* pollset, const char* jwt, + const char* audience, grpc_jwt_verification_done_cb cb, - void *user_data); + void* user_data); /* --- TESTING ONLY exposed functions. --- */ -grpc_jwt_claims *grpc_jwt_claims_from_json(grpc_exec_ctx *exec_ctx, - grpc_json *json, grpc_slice buffer); -grpc_jwt_verifier_status grpc_jwt_claims_check(const grpc_jwt_claims *claims, - const char *audience); -const char *grpc_jwt_issuer_email_domain(const char *issuer); +grpc_jwt_claims* grpc_jwt_claims_from_json(grpc_exec_ctx* exec_ctx, + grpc_json* json, grpc_slice buffer); +grpc_jwt_verifier_status grpc_jwt_claims_check(const grpc_jwt_claims* claims, + const char* audience); +const char* grpc_jwt_issuer_email_domain(const char* issuer); #ifdef __cplusplus } diff --git a/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc b/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc index 7867105f56..2a44211228 100644 --- a/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +++ b/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc @@ -32,15 +32,15 @@ // int grpc_auth_refresh_token_is_valid( - const grpc_auth_refresh_token *refresh_token) { + const grpc_auth_refresh_token* refresh_token) { return (refresh_token != NULL) && strcmp(refresh_token->type, GRPC_AUTH_JSON_TYPE_INVALID); } grpc_auth_refresh_token grpc_auth_refresh_token_create_from_json( - const grpc_json *json) { + const grpc_json* json) { grpc_auth_refresh_token result; - const char *prop_value; + const char* prop_value; int success = 0; memset(&result, 0, sizeof(grpc_auth_refresh_token)); @@ -72,9 +72,9 @@ end: } grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string( - const char *json_string) { - char *scratchpad = gpr_strdup(json_string); - grpc_json *json = grpc_json_parse_string(scratchpad); + const char* json_string) { + char* scratchpad = gpr_strdup(json_string); + grpc_json* json = grpc_json_parse_string(scratchpad); grpc_auth_refresh_token result = grpc_auth_refresh_token_create_from_json(json); if (json != NULL) grpc_json_destroy(json); @@ -82,7 +82,7 @@ grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string( return result; } -void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token) { +void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token* refresh_token) { if (refresh_token == NULL) return; refresh_token->type = GRPC_AUTH_JSON_TYPE_INVALID; if (refresh_token->client_id != NULL) { @@ -103,10 +103,10 @@ void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token) { // Oauth2 Token Fetcher credentials. // -static void oauth2_token_fetcher_destruct(grpc_exec_ctx *exec_ctx, - grpc_call_credentials *creds) { - grpc_oauth2_token_fetcher_credentials *c = - (grpc_oauth2_token_fetcher_credentials *)creds; +static void oauth2_token_fetcher_destruct(grpc_exec_ctx* exec_ctx, + grpc_call_credentials* creds) { + grpc_oauth2_token_fetcher_credentials* c = + (grpc_oauth2_token_fetcher_credentials*)creds; GRPC_MDELEM_UNREF(exec_ctx, c->access_token_md); gpr_mu_destroy(&c->mu); grpc_pollset_set_destroy(exec_ctx, @@ -116,12 +116,12 @@ static void oauth2_token_fetcher_destruct(grpc_exec_ctx *exec_ctx, grpc_credentials_status grpc_oauth2_token_fetcher_credentials_parse_server_response( - grpc_exec_ctx *exec_ctx, const grpc_http_response *response, - grpc_mdelem *token_md, grpc_millis *token_lifetime) { - char *null_terminated_body = NULL; - char *new_access_token = NULL; + grpc_exec_ctx* exec_ctx, const grpc_http_response* response, + grpc_mdelem* token_md, grpc_millis* token_lifetime) { + char* null_terminated_body = NULL; + char* new_access_token = NULL; grpc_credentials_status status = GRPC_CREDENTIALS_OK; - grpc_json *json = NULL; + grpc_json* json = NULL; if (response == NULL) { gpr_log(GPR_ERROR, "Received NULL response."); @@ -130,7 +130,7 @@ grpc_oauth2_token_fetcher_credentials_parse_server_response( } if (response->body_length > 0) { - null_terminated_body = (char *)gpr_malloc(response->body_length + 1); + null_terminated_body = (char*)gpr_malloc(response->body_length + 1); null_terminated_body[response->body_length] = '\0'; memcpy(null_terminated_body, response->body, response->body_length); } @@ -142,10 +142,10 @@ grpc_oauth2_token_fetcher_credentials_parse_server_response( status = GRPC_CREDENTIALS_ERROR; goto end; } else { - grpc_json *access_token = NULL; - grpc_json *token_type = NULL; - grpc_json *expires_in = NULL; - grpc_json *ptr; + grpc_json* access_token = NULL; + grpc_json* token_type = NULL; + grpc_json* expires_in = NULL; + grpc_json* ptr; json = grpc_json_parse_string(null_terminated_body); if (json == NULL) { gpr_log(GPR_ERROR, "Could not parse JSON from %s", null_terminated_body); @@ -203,14 +203,14 @@ end: return status; } -static void on_oauth2_token_fetcher_http_response(grpc_exec_ctx *exec_ctx, - void *user_data, - grpc_error *error) { +static void on_oauth2_token_fetcher_http_response(grpc_exec_ctx* exec_ctx, + void* user_data, + grpc_error* error) { GRPC_LOG_IF_ERROR("oauth_fetch", GRPC_ERROR_REF(error)); - grpc_credentials_metadata_request *r = - (grpc_credentials_metadata_request *)user_data; - grpc_oauth2_token_fetcher_credentials *c = - (grpc_oauth2_token_fetcher_credentials *)r->creds; + grpc_credentials_metadata_request* r = + (grpc_credentials_metadata_request*)user_data; + grpc_oauth2_token_fetcher_credentials* c = + (grpc_oauth2_token_fetcher_credentials*)r->creds; grpc_mdelem access_token_md = GRPC_MDNULL; grpc_millis token_lifetime; grpc_credentials_status status = @@ -223,7 +223,7 @@ static void on_oauth2_token_fetcher_http_response(grpc_exec_ctx *exec_ctx, c->token_expiration = status == GRPC_CREDENTIALS_OK ? grpc_exec_ctx_now(exec_ctx) + token_lifetime : 0; - grpc_oauth2_pending_get_request_metadata *pending_request = + grpc_oauth2_pending_get_request_metadata* pending_request = c->pending_requests; c->pending_requests = NULL; gpr_mu_unlock(&c->mu); @@ -240,7 +240,7 @@ static void on_oauth2_token_fetcher_http_response(grpc_exec_ctx *exec_ctx, grpc_polling_entity_del_from_pollset_set( exec_ctx, pending_request->pollent, grpc_polling_entity_pollset_set(&c->pollent)); - grpc_oauth2_pending_get_request_metadata *prev = pending_request; + grpc_oauth2_pending_get_request_metadata* prev = pending_request; pending_request = pending_request->next; gpr_free(prev); } @@ -250,12 +250,12 @@ static void on_oauth2_token_fetcher_http_response(grpc_exec_ctx *exec_ctx, } static bool oauth2_token_fetcher_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, - grpc_polling_entity *pollent, grpc_auth_metadata_context context, - grpc_credentials_mdelem_array *md_array, grpc_closure *on_request_metadata, - grpc_error **error) { - grpc_oauth2_token_fetcher_credentials *c = - (grpc_oauth2_token_fetcher_credentials *)creds; + grpc_exec_ctx* exec_ctx, grpc_call_credentials* creds, + grpc_polling_entity* pollent, grpc_auth_metadata_context context, + grpc_credentials_mdelem_array* md_array, grpc_closure* on_request_metadata, + grpc_error** error) { + grpc_oauth2_token_fetcher_credentials* c = + (grpc_oauth2_token_fetcher_credentials*)creds; // Check if we can use the cached token. grpc_millis refresh_threshold = GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS * GPR_MS_PER_SEC; @@ -273,8 +273,8 @@ static bool oauth2_token_fetcher_get_request_metadata( } // Couldn't get the token from the cache. // Add request to c->pending_requests and start a new fetch if needed. - grpc_oauth2_pending_get_request_metadata *pending_request = - (grpc_oauth2_pending_get_request_metadata *)gpr_malloc( + grpc_oauth2_pending_get_request_metadata* pending_request = + (grpc_oauth2_pending_get_request_metadata*)gpr_malloc( sizeof(*pending_request)); pending_request->md_array = md_array; pending_request->on_request_metadata = on_request_metadata; @@ -300,13 +300,13 @@ static bool oauth2_token_fetcher_get_request_metadata( } static void oauth2_token_fetcher_cancel_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, - grpc_credentials_mdelem_array *md_array, grpc_error *error) { - grpc_oauth2_token_fetcher_credentials *c = - (grpc_oauth2_token_fetcher_credentials *)creds; + grpc_exec_ctx* exec_ctx, grpc_call_credentials* creds, + grpc_credentials_mdelem_array* md_array, grpc_error* error) { + grpc_oauth2_token_fetcher_credentials* c = + (grpc_oauth2_token_fetcher_credentials*)creds; gpr_mu_lock(&c->mu); - grpc_oauth2_pending_get_request_metadata *prev = NULL; - grpc_oauth2_pending_get_request_metadata *pending_request = + grpc_oauth2_pending_get_request_metadata* prev = NULL; + grpc_oauth2_pending_get_request_metadata* pending_request = c->pending_requests; while (pending_request != NULL) { if (pending_request->md_array == md_array) { @@ -329,7 +329,7 @@ static void oauth2_token_fetcher_cancel_get_request_metadata( GRPC_ERROR_UNREF(error); } -static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials *c, +static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials* c, grpc_fetch_oauth2_func fetch_func) { memset(c, 0, sizeof(grpc_oauth2_token_fetcher_credentials)); c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2; @@ -351,20 +351,20 @@ static grpc_call_credentials_vtable compute_engine_vtable = { oauth2_token_fetcher_cancel_get_request_metadata}; static void compute_engine_fetch_oauth2( - grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *metadata_req, - grpc_httpcli_context *httpcli_context, grpc_polling_entity *pollent, + grpc_exec_ctx* exec_ctx, grpc_credentials_metadata_request* metadata_req, + grpc_httpcli_context* httpcli_context, grpc_polling_entity* pollent, grpc_iomgr_cb_func response_cb, grpc_millis deadline) { - grpc_http_header header = {(char *)"Metadata-Flavor", (char *)"Google"}; + grpc_http_header header = {(char*)"Metadata-Flavor", (char*)"Google"}; grpc_httpcli_request request; memset(&request, 0, sizeof(grpc_httpcli_request)); - request.host = (char *)GRPC_COMPUTE_ENGINE_METADATA_HOST; - request.http.path = (char *)GRPC_COMPUTE_ENGINE_METADATA_TOKEN_PATH; + request.host = (char*)GRPC_COMPUTE_ENGINE_METADATA_HOST; + request.http.path = (char*)GRPC_COMPUTE_ENGINE_METADATA_TOKEN_PATH; request.http.hdr_count = 1; request.http.hdrs = &header; /* TODO(ctiller): Carry the resource_quota in ctx and share it with the host channel. This would allow us to cancel an authentication query when under extreme memory pressure. */ - grpc_resource_quota *resource_quota = + grpc_resource_quota* resource_quota = grpc_resource_quota_create("oauth2_credentials"); grpc_httpcli_get( exec_ctx, httpcli_context, pollent, resource_quota, &request, deadline, @@ -373,10 +373,10 @@ static void compute_engine_fetch_oauth2( grpc_resource_quota_unref_internal(exec_ctx, resource_quota); } -grpc_call_credentials *grpc_google_compute_engine_credentials_create( - void *reserved) { - grpc_oauth2_token_fetcher_credentials *c = - (grpc_oauth2_token_fetcher_credentials *)gpr_malloc( +grpc_call_credentials* grpc_google_compute_engine_credentials_create( + void* reserved) { + grpc_oauth2_token_fetcher_credentials* c = + (grpc_oauth2_token_fetcher_credentials*)gpr_malloc( sizeof(grpc_oauth2_token_fetcher_credentials)); GRPC_API_TRACE("grpc_compute_engine_credentials_create(reserved=%p)", 1, (reserved)); @@ -390,10 +390,10 @@ grpc_call_credentials *grpc_google_compute_engine_credentials_create( // Google Refresh Token credentials. // -static void refresh_token_destruct(grpc_exec_ctx *exec_ctx, - grpc_call_credentials *creds) { - grpc_google_refresh_token_credentials *c = - (grpc_google_refresh_token_credentials *)creds; +static void refresh_token_destruct(grpc_exec_ctx* exec_ctx, + grpc_call_credentials* creds) { + grpc_google_refresh_token_credentials* c = + (grpc_google_refresh_token_credentials*)creds; grpc_auth_refresh_token_destruct(&c->refresh_token); oauth2_token_fetcher_destruct(exec_ctx, &c->base.base); } @@ -403,28 +403,28 @@ static grpc_call_credentials_vtable refresh_token_vtable = { oauth2_token_fetcher_cancel_get_request_metadata}; static void refresh_token_fetch_oauth2( - grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *metadata_req, - grpc_httpcli_context *httpcli_context, grpc_polling_entity *pollent, + grpc_exec_ctx* exec_ctx, grpc_credentials_metadata_request* metadata_req, + grpc_httpcli_context* httpcli_context, grpc_polling_entity* pollent, grpc_iomgr_cb_func response_cb, grpc_millis deadline) { - grpc_google_refresh_token_credentials *c = - (grpc_google_refresh_token_credentials *)metadata_req->creds; - grpc_http_header header = {(char *)"Content-Type", - (char *)"application/x-www-form-urlencoded"}; + grpc_google_refresh_token_credentials* c = + (grpc_google_refresh_token_credentials*)metadata_req->creds; + grpc_http_header header = {(char*)"Content-Type", + (char*)"application/x-www-form-urlencoded"}; grpc_httpcli_request request; - char *body = NULL; + char* body = NULL; gpr_asprintf(&body, GRPC_REFRESH_TOKEN_POST_BODY_FORMAT_STRING, c->refresh_token.client_id, c->refresh_token.client_secret, c->refresh_token.refresh_token); memset(&request, 0, sizeof(grpc_httpcli_request)); - request.host = (char *)GRPC_GOOGLE_OAUTH2_SERVICE_HOST; - request.http.path = (char *)GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH; + request.host = (char*)GRPC_GOOGLE_OAUTH2_SERVICE_HOST; + request.http.path = (char*)GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH; request.http.hdr_count = 1; request.http.hdrs = &header; request.handshaker = &grpc_httpcli_ssl; /* TODO(ctiller): Carry the resource_quota in ctx and share it with the host channel. This would allow us to cancel an authentication query when under extreme memory pressure. */ - grpc_resource_quota *resource_quota = + grpc_resource_quota* resource_quota = grpc_resource_quota_create("oauth2_credentials_refresh"); grpc_httpcli_post( exec_ctx, httpcli_context, pollent, resource_quota, &request, body, @@ -435,15 +435,15 @@ static void refresh_token_fetch_oauth2( gpr_free(body); } -grpc_call_credentials * +grpc_call_credentials* grpc_refresh_token_credentials_create_from_auth_refresh_token( grpc_auth_refresh_token refresh_token) { - grpc_google_refresh_token_credentials *c; + grpc_google_refresh_token_credentials* c; if (!grpc_auth_refresh_token_is_valid(&refresh_token)) { gpr_log(GPR_ERROR, "Invalid input for refresh token credentials creation"); return NULL; } - c = (grpc_google_refresh_token_credentials *)gpr_zalloc( + c = (grpc_google_refresh_token_credentials*)gpr_zalloc( sizeof(grpc_google_refresh_token_credentials)); init_oauth2_token_fetcher(&c->base, refresh_token_fetch_oauth2); c->base.base.vtable = &refresh_token_vtable; @@ -451,11 +451,11 @@ grpc_refresh_token_credentials_create_from_auth_refresh_token( return &c->base.base; } -static char *create_loggable_refresh_token(grpc_auth_refresh_token *token) { +static char* create_loggable_refresh_token(grpc_auth_refresh_token* token) { if (strcmp(token->type, GRPC_AUTH_JSON_TYPE_INVALID) == 0) { return gpr_strdup("<Invalid json token>"); } - char *loggable_token = NULL; + char* loggable_token = NULL; gpr_asprintf(&loggable_token, "{\n type: %s\n client_id: %s\n client_secret: " "<redacted>\n refresh_token: <redacted>\n}", @@ -463,12 +463,12 @@ static char *create_loggable_refresh_token(grpc_auth_refresh_token *token) { return loggable_token; } -grpc_call_credentials *grpc_google_refresh_token_credentials_create( - const char *json_refresh_token, void *reserved) { +grpc_call_credentials* grpc_google_refresh_token_credentials_create( + const char* json_refresh_token, void* reserved) { grpc_auth_refresh_token token = grpc_auth_refresh_token_create_from_string(json_refresh_token); if (GRPC_TRACER_ON(grpc_api_trace)) { - char *loggable_token = create_loggable_refresh_token(&token); + char* loggable_token = create_loggable_refresh_token(&token); gpr_log(GPR_INFO, "grpc_refresh_token_credentials_create(json_refresh_token=%s, " "reserved=%p)", @@ -483,25 +483,25 @@ grpc_call_credentials *grpc_google_refresh_token_credentials_create( // Oauth2 Access Token credentials. // -static void access_token_destruct(grpc_exec_ctx *exec_ctx, - grpc_call_credentials *creds) { - grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds; +static void access_token_destruct(grpc_exec_ctx* exec_ctx, + grpc_call_credentials* creds) { + grpc_access_token_credentials* c = (grpc_access_token_credentials*)creds; GRPC_MDELEM_UNREF(exec_ctx, c->access_token_md); } static bool access_token_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, - grpc_polling_entity *pollent, grpc_auth_metadata_context context, - grpc_credentials_mdelem_array *md_array, grpc_closure *on_request_metadata, - grpc_error **error) { - grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds; + grpc_exec_ctx* exec_ctx, grpc_call_credentials* creds, + grpc_polling_entity* pollent, grpc_auth_metadata_context context, + grpc_credentials_mdelem_array* md_array, grpc_closure* on_request_metadata, + grpc_error** error) { + grpc_access_token_credentials* c = (grpc_access_token_credentials*)creds; grpc_credentials_mdelem_array_add(md_array, c->access_token_md); return true; } static void access_token_cancel_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *c, - grpc_credentials_mdelem_array *md_array, grpc_error *error) { + grpc_exec_ctx* exec_ctx, grpc_call_credentials* c, + grpc_credentials_mdelem_array* md_array, grpc_error* error) { GRPC_ERROR_UNREF(error); } @@ -509,11 +509,10 @@ static grpc_call_credentials_vtable access_token_vtable = { access_token_destruct, access_token_get_request_metadata, access_token_cancel_get_request_metadata}; -grpc_call_credentials *grpc_access_token_credentials_create( - const char *access_token, void *reserved) { - grpc_access_token_credentials *c = - (grpc_access_token_credentials *)gpr_zalloc( - sizeof(grpc_access_token_credentials)); +grpc_call_credentials* grpc_access_token_credentials_create( + const char* access_token, void* reserved) { + grpc_access_token_credentials* c = (grpc_access_token_credentials*)gpr_zalloc( + sizeof(grpc_access_token_credentials)); GRPC_API_TRACE( "grpc_access_token_credentials_create(access_token=<redacted>, " "reserved=%p)", @@ -522,7 +521,7 @@ grpc_call_credentials *grpc_access_token_credentials_create( c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2; c->base.vtable = &access_token_vtable; gpr_ref_init(&c->base.refcount, 1); - char *token_md_value; + char* token_md_value; gpr_asprintf(&token_md_value, "Bearer %s", access_token); grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; c->access_token_md = grpc_mdelem_from_slices( diff --git a/src/core/lib/security/credentials/oauth2/oauth2_credentials.h b/src/core/lib/security/credentials/oauth2/oauth2_credentials.h index c12db896f3..32d3ff760d 100644 --- a/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +++ b/src/core/lib/security/credentials/oauth2/oauth2_credentials.h @@ -28,46 +28,46 @@ extern "C" { // auth_refresh_token parsing. typedef struct { - const char *type; - char *client_id; - char *client_secret; - char *refresh_token; + const char* type; + char* client_id; + char* client_secret; + char* refresh_token; } grpc_auth_refresh_token; /// Returns 1 if the object is valid, 0 otherwise. int grpc_auth_refresh_token_is_valid( - const grpc_auth_refresh_token *refresh_token); + const grpc_auth_refresh_token* refresh_token); /// Creates a refresh token object from string. Returns an invalid object if a /// parsing error has been encountered. grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string( - const char *json_string); + const char* json_string); /// Creates a refresh token object from parsed json. Returns an invalid object /// if a parsing error has been encountered. grpc_auth_refresh_token grpc_auth_refresh_token_create_from_json( - const grpc_json *json); + const grpc_json* json); /// Destructs the object. -void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token); +void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token* refresh_token); // -- Oauth2 Token Fetcher credentials -- // // This object is a base for credentials that need to acquire an oauth2 token // from an http service. -typedef void (*grpc_fetch_oauth2_func)(grpc_exec_ctx *exec_ctx, - grpc_credentials_metadata_request *req, - grpc_httpcli_context *http_context, - grpc_polling_entity *pollent, +typedef void (*grpc_fetch_oauth2_func)(grpc_exec_ctx* exec_ctx, + grpc_credentials_metadata_request* req, + grpc_httpcli_context* http_context, + grpc_polling_entity* pollent, grpc_iomgr_cb_func cb, grpc_millis deadline); typedef struct grpc_oauth2_pending_get_request_metadata { - grpc_credentials_mdelem_array *md_array; - grpc_closure *on_request_metadata; - grpc_polling_entity *pollent; - struct grpc_oauth2_pending_get_request_metadata *next; + grpc_credentials_mdelem_array* md_array; + grpc_closure* on_request_metadata; + grpc_polling_entity* pollent; + struct grpc_oauth2_pending_get_request_metadata* next; } grpc_oauth2_pending_get_request_metadata; typedef struct { @@ -76,7 +76,7 @@ typedef struct { grpc_mdelem access_token_md; grpc_millis token_expiration; bool token_fetch_pending; - grpc_oauth2_pending_get_request_metadata *pending_requests; + grpc_oauth2_pending_get_request_metadata* pending_requests; grpc_httpcli_context httpcli_context; grpc_fetch_oauth2_func fetch_func; grpc_polling_entity pollent; @@ -96,15 +96,15 @@ typedef struct { // Private constructor for refresh token credentials from an already parsed // refresh token. Takes ownership of the refresh token. -grpc_call_credentials * +grpc_call_credentials* grpc_refresh_token_credentials_create_from_auth_refresh_token( grpc_auth_refresh_token token); // Exposed for testing only. grpc_credentials_status grpc_oauth2_token_fetcher_credentials_parse_server_response( - grpc_exec_ctx *exec_ctx, const struct grpc_http_response *response, - grpc_mdelem *token_md, grpc_millis *token_lifetime); + grpc_exec_ctx* exec_ctx, const struct grpc_http_response* response, + grpc_mdelem* token_md, grpc_millis* token_lifetime); #ifdef __cplusplus } diff --git a/src/core/lib/security/credentials/plugin/plugin_credentials.cc b/src/core/lib/security/credentials/plugin/plugin_credentials.cc index 8106a730fe..e75b00c01a 100644 --- a/src/core/lib/security/credentials/plugin/plugin_credentials.cc +++ b/src/core/lib/security/credentials/plugin/plugin_credentials.cc @@ -34,9 +34,9 @@ grpc_tracer_flag grpc_plugin_credentials_trace = GRPC_TRACER_INITIALIZER(false, "plugin_credentials"); -static void plugin_destruct(grpc_exec_ctx *exec_ctx, - grpc_call_credentials *creds) { - grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds; +static void plugin_destruct(grpc_exec_ctx* exec_ctx, + grpc_call_credentials* creds) { + grpc_plugin_credentials* c = (grpc_plugin_credentials*)creds; gpr_mu_destroy(&c->mu); if (c->plugin.state != NULL && c->plugin.destroy != NULL) { c->plugin.destroy(c->plugin.state); @@ -44,8 +44,8 @@ static void plugin_destruct(grpc_exec_ctx *exec_ctx, } static void pending_request_remove_locked( - grpc_plugin_credentials *c, - grpc_plugin_credentials_pending_request *pending_request) { + grpc_plugin_credentials* c, + grpc_plugin_credentials_pending_request* pending_request) { if (pending_request->prev == NULL) { c->pending_requests = pending_request->next; } else { @@ -62,7 +62,7 @@ static void pending_request_remove_locked( // When this returns, r->cancelled indicates whether the request was // cancelled before completion. static void pending_request_complete( - grpc_exec_ctx *exec_ctx, grpc_plugin_credentials_pending_request *r) { + grpc_exec_ctx* exec_ctx, grpc_plugin_credentials_pending_request* r) { gpr_mu_lock(&r->creds->mu); if (!r->cancelled) pending_request_remove_locked(r->creds, r); gpr_mu_unlock(&r->creds->mu); @@ -70,13 +70,13 @@ static void pending_request_complete( grpc_call_credentials_unref(exec_ctx, &r->creds->base); } -static grpc_error *process_plugin_result( - grpc_exec_ctx *exec_ctx, grpc_plugin_credentials_pending_request *r, - const grpc_metadata *md, size_t num_md, grpc_status_code status, - const char *error_details) { - grpc_error *error = GRPC_ERROR_NONE; +static grpc_error* process_plugin_result( + grpc_exec_ctx* exec_ctx, grpc_plugin_credentials_pending_request* r, + const grpc_metadata* md, size_t num_md, grpc_status_code status, + const char* error_details) { + grpc_error* error = GRPC_ERROR_NONE; if (status != GRPC_STATUS_OK) { - char *msg; + char* msg; gpr_asprintf(&msg, "Getting metadata from plugin failed with error: %s", error_details); error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg); @@ -112,17 +112,17 @@ static grpc_error *process_plugin_result( return error; } -static void plugin_md_request_metadata_ready(void *request, - const grpc_metadata *md, +static void plugin_md_request_metadata_ready(void* request, + const grpc_metadata* md, size_t num_md, grpc_status_code status, - const char *error_details) { + const char* error_details) { /* called from application code */ grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INITIALIZER( GRPC_EXEC_CTX_FLAG_IS_FINISHED | GRPC_EXEC_CTX_FLAG_THREAD_RESOURCE_LOOP, NULL, NULL); - grpc_plugin_credentials_pending_request *r = - (grpc_plugin_credentials_pending_request *)request; + grpc_plugin_credentials_pending_request* r = + (grpc_plugin_credentials_pending_request*)request; if (GRPC_TRACER_ON(grpc_plugin_credentials_trace)) { gpr_log(GPR_INFO, "plugin_credentials[%p]: request %p: plugin returned " @@ -133,7 +133,7 @@ static void plugin_md_request_metadata_ready(void *request, pending_request_complete(&exec_ctx, r); // If it has not been cancelled, process it. if (!r->cancelled) { - grpc_error *error = + grpc_error* error = process_plugin_result(&exec_ctx, r, md, num_md, status, error_details); GRPC_CLOSURE_SCHED(&exec_ctx, r->on_request_metadata, error); } else if (GRPC_TRACER_ON(grpc_plugin_credentials_trace)) { @@ -146,19 +146,19 @@ static void plugin_md_request_metadata_ready(void *request, grpc_exec_ctx_finish(&exec_ctx); } -static bool plugin_get_request_metadata(grpc_exec_ctx *exec_ctx, - grpc_call_credentials *creds, - grpc_polling_entity *pollent, +static bool plugin_get_request_metadata(grpc_exec_ctx* exec_ctx, + grpc_call_credentials* creds, + grpc_polling_entity* pollent, grpc_auth_metadata_context context, - grpc_credentials_mdelem_array *md_array, - grpc_closure *on_request_metadata, - grpc_error **error) { - grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds; + grpc_credentials_mdelem_array* md_array, + grpc_closure* on_request_metadata, + grpc_error** error) { + grpc_plugin_credentials* c = (grpc_plugin_credentials*)creds; bool retval = true; // Synchronous return. if (c->plugin.get_metadata != NULL) { // Create pending_request object. - grpc_plugin_credentials_pending_request *pending_request = - (grpc_plugin_credentials_pending_request *)gpr_zalloc( + grpc_plugin_credentials_pending_request* pending_request = + (grpc_plugin_credentials_pending_request*)gpr_zalloc( sizeof(*pending_request)); pending_request->creds = c; pending_request->md_array = md_array; @@ -180,7 +180,7 @@ static bool plugin_get_request_metadata(grpc_exec_ctx *exec_ctx, grpc_metadata creds_md[GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX]; size_t num_creds_md = 0; grpc_status_code status = GRPC_STATUS_OK; - const char *error_details = NULL; + const char* error_details = NULL; if (!c->plugin.get_metadata(c->plugin.state, context, plugin_md_request_metadata_ready, pending_request, creds_md, &num_creds_md, @@ -222,18 +222,18 @@ static bool plugin_get_request_metadata(grpc_exec_ctx *exec_ctx, grpc_slice_unref_internal(exec_ctx, creds_md[i].key); grpc_slice_unref_internal(exec_ctx, creds_md[i].value); } - gpr_free((void *)error_details); + gpr_free((void*)error_details); gpr_free(pending_request); } return retval; } static void plugin_cancel_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, - grpc_credentials_mdelem_array *md_array, grpc_error *error) { - grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds; + grpc_exec_ctx* exec_ctx, grpc_call_credentials* creds, + grpc_credentials_mdelem_array* md_array, grpc_error* error) { + grpc_plugin_credentials* c = (grpc_plugin_credentials*)creds; gpr_mu_lock(&c->mu); - for (grpc_plugin_credentials_pending_request *pending_request = + for (grpc_plugin_credentials_pending_request* pending_request = c->pending_requests; pending_request != NULL; pending_request = pending_request->next) { if (pending_request->md_array == md_array) { @@ -256,10 +256,9 @@ static grpc_call_credentials_vtable plugin_vtable = { plugin_destruct, plugin_get_request_metadata, plugin_cancel_get_request_metadata}; -grpc_call_credentials *grpc_metadata_credentials_create_from_plugin( - grpc_metadata_credentials_plugin plugin, void *reserved) { - grpc_plugin_credentials *c = - (grpc_plugin_credentials *)gpr_zalloc(sizeof(*c)); +grpc_call_credentials* grpc_metadata_credentials_create_from_plugin( + grpc_metadata_credentials_plugin plugin, void* reserved) { + grpc_plugin_credentials* c = (grpc_plugin_credentials*)gpr_zalloc(sizeof(*c)); GRPC_API_TRACE("grpc_metadata_credentials_create_from_plugin(reserved=%p)", 1, (reserved)); GPR_ASSERT(reserved == NULL); diff --git a/src/core/lib/security/credentials/plugin/plugin_credentials.h b/src/core/lib/security/credentials/plugin/plugin_credentials.h index f56df9eac5..fc0955c695 100644 --- a/src/core/lib/security/credentials/plugin/plugin_credentials.h +++ b/src/core/lib/security/credentials/plugin/plugin_credentials.h @@ -27,18 +27,18 @@ struct grpc_plugin_credentials; typedef struct grpc_plugin_credentials_pending_request { bool cancelled; - struct grpc_plugin_credentials *creds; - grpc_credentials_mdelem_array *md_array; - grpc_closure *on_request_metadata; - struct grpc_plugin_credentials_pending_request *prev; - struct grpc_plugin_credentials_pending_request *next; + struct grpc_plugin_credentials* creds; + grpc_credentials_mdelem_array* md_array; + grpc_closure* on_request_metadata; + struct grpc_plugin_credentials_pending_request* prev; + struct grpc_plugin_credentials_pending_request* next; } grpc_plugin_credentials_pending_request; typedef struct grpc_plugin_credentials { grpc_call_credentials base; grpc_metadata_credentials_plugin plugin; gpr_mu mu; - grpc_plugin_credentials_pending_request *pending_requests; + grpc_plugin_credentials_pending_request* pending_requests; } grpc_plugin_credentials; #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_PLUGIN_PLUGIN_CREDENTIALS_H */ diff --git a/src/core/lib/security/credentials/ssl/ssl_credentials.cc b/src/core/lib/security/credentials/ssl/ssl_credentials.cc index 8e47aebedb..79e223ddcb 100644 --- a/src/core/lib/security/credentials/ssl/ssl_credentials.cc +++ b/src/core/lib/security/credentials/ssl/ssl_credentials.cc @@ -31,33 +31,33 @@ // SSL Channel Credentials. // -void grpc_tsi_ssl_pem_key_cert_pairs_destroy(tsi_ssl_pem_key_cert_pair *kp, +void grpc_tsi_ssl_pem_key_cert_pairs_destroy(tsi_ssl_pem_key_cert_pair* kp, size_t num_key_cert_pairs) { if (kp == NULL) return; for (size_t i = 0; i < num_key_cert_pairs; i++) { - gpr_free((void *)kp[i].private_key); - gpr_free((void *)kp[i].cert_chain); + gpr_free((void*)kp[i].private_key); + gpr_free((void*)kp[i].cert_chain); } gpr_free(kp); } -static void ssl_destruct(grpc_exec_ctx *exec_ctx, - grpc_channel_credentials *creds) { - grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds; +static void ssl_destruct(grpc_exec_ctx* exec_ctx, + grpc_channel_credentials* creds) { + grpc_ssl_credentials* c = (grpc_ssl_credentials*)creds; gpr_free(c->config.pem_root_certs); grpc_tsi_ssl_pem_key_cert_pairs_destroy(c->config.pem_key_cert_pair, 1); } static grpc_security_status ssl_create_security_connector( - grpc_exec_ctx *exec_ctx, grpc_channel_credentials *creds, - grpc_call_credentials *call_creds, const char *target, - const grpc_channel_args *args, grpc_channel_security_connector **sc, - grpc_channel_args **new_args) { - grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds; + grpc_exec_ctx* exec_ctx, grpc_channel_credentials* creds, + grpc_call_credentials* call_creds, const char* target, + const grpc_channel_args* args, grpc_channel_security_connector** sc, + grpc_channel_args** new_args) { + grpc_ssl_credentials* c = (grpc_ssl_credentials*)creds; grpc_security_status status = GRPC_SECURITY_OK; - const char *overridden_target_name = NULL; + const char* overridden_target_name = NULL; for (size_t i = 0; args && i < args->num_args; i++) { - grpc_arg *arg = &args->args[i]; + grpc_arg* arg = &args->args[i]; if (strcmp(arg->key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) == 0 && arg->type == GRPC_ARG_STRING) { overridden_target_name = arg->value.string; @@ -71,7 +71,7 @@ static grpc_security_status ssl_create_security_connector( return status; } grpc_arg new_arg = grpc_channel_arg_string_create( - (char *)GRPC_ARG_HTTP2_SCHEME, (char *)"https"); + (char*)GRPC_ARG_HTTP2_SCHEME, (char*)"https"); *new_args = grpc_channel_args_copy_and_add(args, &new_arg, 1); return status; } @@ -79,16 +79,16 @@ static grpc_security_status ssl_create_security_connector( static grpc_channel_credentials_vtable ssl_vtable = { ssl_destruct, ssl_create_security_connector, NULL}; -static void ssl_build_config(const char *pem_root_certs, - grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, - grpc_ssl_config *config) { +static void ssl_build_config(const char* pem_root_certs, + grpc_ssl_pem_key_cert_pair* pem_key_cert_pair, + grpc_ssl_config* config) { if (pem_root_certs != NULL) { config->pem_root_certs = gpr_strdup(pem_root_certs); } if (pem_key_cert_pair != NULL) { GPR_ASSERT(pem_key_cert_pair->private_key != NULL); GPR_ASSERT(pem_key_cert_pair->cert_chain != NULL); - config->pem_key_cert_pair = (tsi_ssl_pem_key_cert_pair *)gpr_zalloc( + config->pem_key_cert_pair = (tsi_ssl_pem_key_cert_pair*)gpr_zalloc( sizeof(tsi_ssl_pem_key_cert_pair)); config->pem_key_cert_pair->cert_chain = gpr_strdup(pem_key_cert_pair->cert_chain); @@ -97,11 +97,11 @@ static void ssl_build_config(const char *pem_root_certs, } } -grpc_channel_credentials *grpc_ssl_credentials_create( - const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, - void *reserved) { - grpc_ssl_credentials *c = - (grpc_ssl_credentials *)gpr_zalloc(sizeof(grpc_ssl_credentials)); +grpc_channel_credentials* grpc_ssl_credentials_create( + const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair, + void* reserved) { + grpc_ssl_credentials* c = + (grpc_ssl_credentials*)gpr_zalloc(sizeof(grpc_ssl_credentials)); GRPC_API_TRACE( "grpc_ssl_credentials_create(pem_root_certs=%s, " "pem_key_cert_pair=%p, " @@ -119,32 +119,36 @@ grpc_channel_credentials *grpc_ssl_credentials_create( // SSL Server Credentials. // -static void ssl_server_destruct(grpc_exec_ctx *exec_ctx, - grpc_server_credentials *creds) { - grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds; +struct grpc_ssl_server_credentials_options { + grpc_ssl_client_certificate_request_type client_certificate_request; + grpc_ssl_server_certificate_config* certificate_config; + grpc_ssl_server_certificate_config_fetcher* certificate_config_fetcher; +}; + +static void ssl_server_destruct(grpc_exec_ctx* exec_ctx, + grpc_server_credentials* creds) { + grpc_ssl_server_credentials* c = (grpc_ssl_server_credentials*)creds; grpc_tsi_ssl_pem_key_cert_pairs_destroy(c->config.pem_key_cert_pairs, c->config.num_key_cert_pairs); gpr_free(c->config.pem_root_certs); } static grpc_security_status ssl_server_create_security_connector( - grpc_exec_ctx *exec_ctx, grpc_server_credentials *creds, - grpc_server_security_connector **sc) { - grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds; - return grpc_ssl_server_security_connector_create(exec_ctx, creds, &c->config, - sc); + grpc_exec_ctx* exec_ctx, grpc_server_credentials* creds, + grpc_server_security_connector** sc) { + return grpc_ssl_server_security_connector_create(exec_ctx, creds, sc); } static grpc_server_credentials_vtable ssl_server_vtable = { ssl_server_destruct, ssl_server_create_security_connector}; -tsi_ssl_pem_key_cert_pair *grpc_convert_grpc_to_tsi_cert_pairs( - const grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, +tsi_ssl_pem_key_cert_pair* grpc_convert_grpc_to_tsi_cert_pairs( + const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, size_t num_key_cert_pairs) { - tsi_ssl_pem_key_cert_pair *tsi_pairs = NULL; + tsi_ssl_pem_key_cert_pair* tsi_pairs = NULL; if (num_key_cert_pairs > 0) { GPR_ASSERT(pem_key_cert_pairs != NULL); - tsi_pairs = (tsi_ssl_pem_key_cert_pair *)gpr_zalloc( + tsi_pairs = (tsi_ssl_pem_key_cert_pair*)gpr_zalloc( num_key_cert_pairs * sizeof(tsi_ssl_pem_key_cert_pair)); } for (size_t i = 0; i < num_key_cert_pairs; i++) { @@ -157,10 +161,10 @@ tsi_ssl_pem_key_cert_pair *grpc_convert_grpc_to_tsi_cert_pairs( } static void ssl_build_server_config( - const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, + const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, - grpc_ssl_server_config *config) { + grpc_ssl_server_config* config) { config->client_certificate_request = client_certificate_request; if (pem_root_certs != NULL) { config->pem_root_certs = gpr_strdup(pem_root_certs); @@ -170,9 +174,89 @@ static void ssl_build_server_config( config->num_key_cert_pairs = num_key_cert_pairs; } -grpc_server_credentials *grpc_ssl_server_credentials_create( - const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, - size_t num_key_cert_pairs, int force_client_auth, void *reserved) { +grpc_ssl_server_certificate_config* grpc_ssl_server_certificate_config_create( + const char* pem_root_certs, + const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, + size_t num_key_cert_pairs) { + grpc_ssl_server_certificate_config* config = + (grpc_ssl_server_certificate_config*)gpr_zalloc( + sizeof(grpc_ssl_server_certificate_config)); + if (pem_root_certs != NULL) { + config->pem_root_certs = gpr_strdup(pem_root_certs); + } + if (num_key_cert_pairs > 0) { + GPR_ASSERT(pem_key_cert_pairs != NULL); + config->pem_key_cert_pairs = (grpc_ssl_pem_key_cert_pair*)gpr_zalloc( + num_key_cert_pairs * sizeof(grpc_ssl_pem_key_cert_pair)); + } + config->num_key_cert_pairs = num_key_cert_pairs; + for (size_t i = 0; i < num_key_cert_pairs; i++) { + GPR_ASSERT(pem_key_cert_pairs[i].private_key != NULL); + GPR_ASSERT(pem_key_cert_pairs[i].cert_chain != NULL); + config->pem_key_cert_pairs[i].cert_chain = + gpr_strdup(pem_key_cert_pairs[i].cert_chain); + config->pem_key_cert_pairs[i].private_key = + gpr_strdup(pem_key_cert_pairs[i].private_key); + } + return config; +} + +void grpc_ssl_server_certificate_config_destroy( + grpc_ssl_server_certificate_config* config) { + if (config == NULL) return; + for (size_t i = 0; i < config->num_key_cert_pairs; i++) { + gpr_free((void*)config->pem_key_cert_pairs[i].private_key); + gpr_free((void*)config->pem_key_cert_pairs[i].cert_chain); + } + gpr_free(config->pem_key_cert_pairs); + gpr_free(config->pem_root_certs); + gpr_free(config); +} + +grpc_ssl_server_credentials_options* +grpc_ssl_server_credentials_create_options_using_config( + grpc_ssl_client_certificate_request_type client_certificate_request, + grpc_ssl_server_certificate_config* config) { + grpc_ssl_server_credentials_options* options = NULL; + if (config == NULL) { + gpr_log(GPR_ERROR, "Certificate config must not be NULL."); + goto done; + } + options = (grpc_ssl_server_credentials_options*)gpr_zalloc( + sizeof(grpc_ssl_server_credentials_options)); + options->client_certificate_request = client_certificate_request; + options->certificate_config = config; +done: + return options; +} + +grpc_ssl_server_credentials_options* +grpc_ssl_server_credentials_create_options_using_config_fetcher( + grpc_ssl_client_certificate_request_type client_certificate_request, + grpc_ssl_server_certificate_config_callback cb, void* user_data) { + if (cb == NULL) { + gpr_log(GPR_ERROR, "Invalid certificate config callback parameter."); + return NULL; + } + + grpc_ssl_server_certificate_config_fetcher* fetcher = + (grpc_ssl_server_certificate_config_fetcher*)gpr_zalloc( + sizeof(grpc_ssl_server_certificate_config_fetcher)); + fetcher->cb = cb; + fetcher->user_data = user_data; + + grpc_ssl_server_credentials_options* options = + (grpc_ssl_server_credentials_options*)gpr_zalloc( + sizeof(grpc_ssl_server_credentials_options)); + options->client_certificate_request = client_certificate_request; + options->certificate_config_fetcher = fetcher; + + return options; +} + +grpc_server_credentials* grpc_ssl_server_credentials_create( + const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, + size_t num_key_cert_pairs, int force_client_auth, void* reserved) { return grpc_ssl_server_credentials_create_ex( pem_root_certs, pem_key_cert_pairs, num_key_cert_pairs, force_client_auth @@ -181,25 +265,80 @@ grpc_server_credentials *grpc_ssl_server_credentials_create( reserved); } -grpc_server_credentials *grpc_ssl_server_credentials_create_ex( - const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, +grpc_server_credentials* grpc_ssl_server_credentials_create_ex( + const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, - void *reserved) { - grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)gpr_zalloc( - sizeof(grpc_ssl_server_credentials)); + void* reserved) { GRPC_API_TRACE( "grpc_ssl_server_credentials_create_ex(" "pem_root_certs=%s, pem_key_cert_pairs=%p, num_key_cert_pairs=%lu, " "client_certificate_request=%d, reserved=%p)", - 5, (pem_root_certs, pem_key_cert_pairs, (unsigned long)num_key_cert_pairs, - client_certificate_request, reserved)); + 5, + (pem_root_certs, pem_key_cert_pairs, (unsigned long)num_key_cert_pairs, + client_certificate_request, reserved)); GPR_ASSERT(reserved == NULL); + + grpc_ssl_server_certificate_config* cert_config = + grpc_ssl_server_certificate_config_create( + pem_root_certs, pem_key_cert_pairs, num_key_cert_pairs); + grpc_ssl_server_credentials_options* options = + grpc_ssl_server_credentials_create_options_using_config( + client_certificate_request, cert_config); + + return grpc_ssl_server_credentials_create_with_options(options); +} + +grpc_server_credentials* grpc_ssl_server_credentials_create_with_options( + grpc_ssl_server_credentials_options* options) { + grpc_server_credentials* retval = NULL; + grpc_ssl_server_credentials* c = NULL; + + if (options == NULL) { + gpr_log(GPR_ERROR, + "Invalid options trying to create SSL server credentials."); + goto done; + } + + if (options->certificate_config == NULL && + options->certificate_config_fetcher == NULL) { + gpr_log(GPR_ERROR, + "SSL server credentials options must specify either " + "certificate config or fetcher."); + goto done; + } else if (options->certificate_config_fetcher != NULL && + options->certificate_config_fetcher->cb == NULL) { + gpr_log(GPR_ERROR, "Certificate config fetcher callback must not be NULL."); + goto done; + } + + c = (grpc_ssl_server_credentials*)gpr_zalloc( + sizeof(grpc_ssl_server_credentials)); c->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_SSL; gpr_ref_init(&c->base.refcount, 1); c->base.vtable = &ssl_server_vtable; - ssl_build_server_config(pem_root_certs, pem_key_cert_pairs, - num_key_cert_pairs, client_certificate_request, - &c->config); - return &c->base; + + if (options->certificate_config_fetcher != NULL) { + c->config.client_certificate_request = options->client_certificate_request; + c->certificate_config_fetcher = *options->certificate_config_fetcher; + } else { + ssl_build_server_config(options->certificate_config->pem_root_certs, + options->certificate_config->pem_key_cert_pairs, + options->certificate_config->num_key_cert_pairs, + options->client_certificate_request, &c->config); + } + + retval = &c->base; + +done: + grpc_ssl_server_credentials_options_destroy(options); + return retval; +} + +void grpc_ssl_server_credentials_options_destroy( + grpc_ssl_server_credentials_options* o) { + if (o == NULL) return; + gpr_free(o->certificate_config_fetcher); + grpc_ssl_server_certificate_config_destroy(o->certificate_config); + gpr_free(o); } diff --git a/src/core/lib/security/credentials/ssl/ssl_credentials.h b/src/core/lib/security/credentials/ssl/ssl_credentials.h index 42e425d9f1..82b9ce11f6 100644 --- a/src/core/lib/security/credentials/ssl/ssl_credentials.h +++ b/src/core/lib/security/credentials/ssl/ssl_credentials.h @@ -29,16 +29,28 @@ typedef struct { grpc_ssl_config config; } grpc_ssl_credentials; +struct grpc_ssl_server_certificate_config { + grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs; + size_t num_key_cert_pairs; + char* pem_root_certs; +}; + +typedef struct { + grpc_ssl_server_certificate_config_callback cb; + void* user_data; +} grpc_ssl_server_certificate_config_fetcher; + typedef struct { grpc_server_credentials base; grpc_ssl_server_config config; + grpc_ssl_server_certificate_config_fetcher certificate_config_fetcher; } grpc_ssl_server_credentials; -tsi_ssl_pem_key_cert_pair *grpc_convert_grpc_to_tsi_cert_pairs( - const grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, +tsi_ssl_pem_key_cert_pair* grpc_convert_grpc_to_tsi_cert_pairs( + const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, size_t num_key_cert_pairs); -void grpc_tsi_ssl_pem_key_cert_pairs_destroy(tsi_ssl_pem_key_cert_pair *kp, +void grpc_tsi_ssl_pem_key_cert_pairs_destroy(tsi_ssl_pem_key_cert_pair* kp, size_t num_key_cert_pairs); #ifdef __cplusplus diff --git a/src/core/lib/security/transport/auth_filters.h b/src/core/lib/security/transport/auth_filters.h index ba5df7fe70..6376929890 100644 --- a/src/core/lib/security/transport/auth_filters.h +++ b/src/core/lib/security/transport/auth_filters.h @@ -19,6 +19,7 @@ #ifndef GRPC_CORE_LIB_SECURITY_TRANSPORT_AUTH_FILTERS_H #define GRPC_CORE_LIB_SECURITY_TRANSPORT_AUTH_FILTERS_H +#include <grpc/grpc_security.h> #include "src/core/lib/channel/channel_stack.h" #ifdef __cplusplus @@ -28,6 +29,13 @@ extern "C" { extern const grpc_channel_filter grpc_client_auth_filter; extern const grpc_channel_filter grpc_server_auth_filter; +void grpc_auth_metadata_context_build( + const char* url_scheme, grpc_slice call_host, grpc_slice call_method, + grpc_auth_context* auth_context, + grpc_auth_metadata_context* auth_md_context); + +void grpc_auth_metadata_context_reset(grpc_auth_metadata_context* context); + #ifdef __cplusplus } #endif diff --git a/src/core/lib/security/transport/client_auth_filter.cc b/src/core/lib/security/transport/client_auth_filter.cc index a8464dbf9e..11f5a13ccc 100644 --- a/src/core/lib/security/transport/client_auth_filter.cc +++ b/src/core/lib/security/transport/client_auth_filter.cc @@ -39,9 +39,9 @@ /* We can have a per-call credentials. */ typedef struct { - grpc_call_stack *owning_call; - grpc_call_combiner *call_combiner; - grpc_call_credentials *creds; + grpc_call_stack* owning_call; + grpc_call_combiner* call_combiner; + grpc_call_credentials* creds; bool have_host; bool have_method; grpc_slice host; @@ -50,7 +50,7 @@ typedef struct { network requests, they should be done under a pollset added to this pollset_set so that work can progress when this call wants work to progress */ - grpc_polling_entity *pollent; + grpc_polling_entity* pollent; grpc_credentials_mdelem_array md_array; grpc_linked_mdelem md_links[MAX_CREDENTIALS_METADATA_COUNT]; grpc_auth_metadata_context auth_md_context; @@ -61,27 +61,27 @@ typedef struct { /* We can have a per-channel credentials. */ typedef struct { - grpc_channel_security_connector *security_connector; - grpc_auth_context *auth_context; + grpc_channel_security_connector* security_connector; + grpc_auth_context* auth_context; } channel_data; -static void reset_auth_metadata_context( - grpc_auth_metadata_context *auth_md_context) { +void grpc_auth_metadata_context_reset( + grpc_auth_metadata_context* auth_md_context) { if (auth_md_context->service_url != NULL) { - gpr_free((char *)auth_md_context->service_url); + gpr_free((char*)auth_md_context->service_url); auth_md_context->service_url = NULL; } if (auth_md_context->method_name != NULL) { - gpr_free((char *)auth_md_context->method_name); + gpr_free((char*)auth_md_context->method_name); auth_md_context->method_name = NULL; } GRPC_AUTH_CONTEXT_UNREF( - (grpc_auth_context *)auth_md_context->channel_auth_context, + (grpc_auth_context*)auth_md_context->channel_auth_context, "grpc_auth_metadata_context"); auth_md_context->channel_auth_context = NULL; } -static void add_error(grpc_error **combined, grpc_error *error) { +static void add_error(grpc_error** combined, grpc_error* error) { if (error == GRPC_ERROR_NONE) return; if (*combined == GRPC_ERROR_NONE) { *combined = GRPC_ERROR_CREATE_FROM_STATIC_STRING( @@ -90,18 +90,18 @@ static void add_error(grpc_error **combined, grpc_error *error) { *combined = grpc_error_add_child(*combined, error); } -static void on_credentials_metadata(grpc_exec_ctx *exec_ctx, void *arg, - grpc_error *input_error) { - grpc_transport_stream_op_batch *batch = (grpc_transport_stream_op_batch *)arg; - grpc_call_element *elem = - (grpc_call_element *)batch->handler_private.extra_arg; - call_data *calld = (call_data *)elem->call_data; - reset_auth_metadata_context(&calld->auth_md_context); - grpc_error *error = GRPC_ERROR_REF(input_error); +static void on_credentials_metadata(grpc_exec_ctx* exec_ctx, void* arg, + grpc_error* input_error) { + grpc_transport_stream_op_batch* batch = (grpc_transport_stream_op_batch*)arg; + grpc_call_element* elem = + (grpc_call_element*)batch->handler_private.extra_arg; + call_data* calld = (call_data*)elem->call_data; + grpc_auth_metadata_context_reset(&calld->auth_md_context); + grpc_error* error = GRPC_ERROR_REF(input_error); if (error == GRPC_ERROR_NONE) { GPR_ASSERT(calld->md_array.size <= MAX_CREDENTIALS_METADATA_COUNT); GPR_ASSERT(batch->send_initial_metadata); - grpc_metadata_batch *mdb = + grpc_metadata_batch* mdb = batch->payload->send_initial_metadata.send_initial_metadata; for (size_t i = 0; i < calld->md_array.size; ++i) { add_error(&error, grpc_metadata_batch_add_tail( @@ -119,40 +119,47 @@ static void on_credentials_metadata(grpc_exec_ctx *exec_ctx, void *arg, } } -void build_auth_metadata_context(grpc_security_connector *sc, - grpc_auth_context *auth_context, - call_data *calld) { - char *service = grpc_slice_to_c_string(calld->method); - char *last_slash = strrchr(service, '/'); - char *method_name = NULL; - char *service_url = NULL; - reset_auth_metadata_context(&calld->auth_md_context); +void grpc_auth_metadata_context_build( + const char* url_scheme, grpc_slice call_host, grpc_slice call_method, + grpc_auth_context* auth_context, + grpc_auth_metadata_context* auth_md_context) { + char* service = grpc_slice_to_c_string(call_method); + char* last_slash = strrchr(service, '/'); + char* method_name = NULL; + char* service_url = NULL; + grpc_auth_metadata_context_reset(auth_md_context); if (last_slash == NULL) { gpr_log(GPR_ERROR, "No '/' found in fully qualified method name"); service[0] = '\0'; + method_name = gpr_strdup(""); } else if (last_slash == service) { - /* No service part in fully qualified method name: will just be "/". */ - service[1] = '\0'; + method_name = gpr_strdup(""); } else { *last_slash = '\0'; method_name = gpr_strdup(last_slash + 1); } - if (method_name == NULL) method_name = gpr_strdup(""); - char *host = grpc_slice_to_c_string(calld->host); - gpr_asprintf(&service_url, "%s://%s%s", - sc->url_scheme == NULL ? "" : sc->url_scheme, host, service); - calld->auth_md_context.service_url = service_url; - calld->auth_md_context.method_name = method_name; - calld->auth_md_context.channel_auth_context = + char* host_and_port = grpc_slice_to_c_string(call_host); + if (url_scheme != NULL && strcmp(url_scheme, GRPC_SSL_URL_SCHEME) == 0) { + /* Remove the port if it is 443. */ + char* port_delimiter = strrchr(host_and_port, ':'); + if (port_delimiter != NULL && strcmp(port_delimiter + 1, "443") == 0) { + *port_delimiter = '\0'; + } + } + gpr_asprintf(&service_url, "%s://%s%s", url_scheme == NULL ? "" : url_scheme, + host_and_port, service); + auth_md_context->service_url = service_url; + auth_md_context->method_name = method_name; + auth_md_context->channel_auth_context = GRPC_AUTH_CONTEXT_REF(auth_context, "grpc_auth_metadata_context"); gpr_free(service); - gpr_free(host); + gpr_free(host_and_port); } -static void cancel_get_request_metadata(grpc_exec_ctx *exec_ctx, void *arg, - grpc_error *error) { - grpc_call_element *elem = (grpc_call_element *)arg; - call_data *calld = (call_data *)elem->call_data; +static void cancel_get_request_metadata(grpc_exec_ctx* exec_ctx, void* arg, + grpc_error* error) { + grpc_call_element* elem = (grpc_call_element*)arg; + call_data* calld = (call_data*)elem->call_data; if (error != GRPC_ERROR_NONE) { grpc_call_credentials_cancel_get_request_metadata( exec_ctx, calld->creds, &calld->md_array, GRPC_ERROR_REF(error)); @@ -161,16 +168,16 @@ static void cancel_get_request_metadata(grpc_exec_ctx *exec_ctx, void *arg, "cancel_get_request_metadata"); } -static void send_security_metadata(grpc_exec_ctx *exec_ctx, - grpc_call_element *elem, - grpc_transport_stream_op_batch *batch) { - call_data *calld = (call_data *)elem->call_data; - channel_data *chand = (channel_data *)elem->channel_data; - grpc_client_security_context *ctx = - (grpc_client_security_context *)batch->payload +static void send_security_metadata(grpc_exec_ctx* exec_ctx, + grpc_call_element* elem, + grpc_transport_stream_op_batch* batch) { + call_data* calld = (call_data*)elem->call_data; + channel_data* chand = (channel_data*)elem->channel_data; + grpc_client_security_context* ctx = + (grpc_client_security_context*)batch->payload ->context[GRPC_CONTEXT_SECURITY] .value; - grpc_call_credentials *channel_call_creds = + grpc_call_credentials* channel_call_creds = chand->security_connector->request_metadata_creds; int call_creds_has_md = (ctx != NULL) && (ctx->creds != NULL); @@ -198,14 +205,15 @@ static void send_security_metadata(grpc_exec_ctx *exec_ctx, call_creds_has_md ? ctx->creds : channel_call_creds); } - build_auth_metadata_context(&chand->security_connector->base, - chand->auth_context, calld); + grpc_auth_metadata_context_build( + chand->security_connector->base.url_scheme, calld->host, calld->method, + chand->auth_context, &calld->auth_md_context); GPR_ASSERT(calld->pollent != NULL); GRPC_CLOSURE_INIT(&calld->async_result_closure, on_credentials_metadata, batch, grpc_schedule_on_exec_ctx); - grpc_error *error = GRPC_ERROR_NONE; + grpc_error* error = GRPC_ERROR_NONE; if (grpc_call_credentials_get_request_metadata( exec_ctx, calld->creds, calld->pollent, calld->auth_md_context, &calld->md_array, &calld->async_result_closure, &error)) { @@ -223,17 +231,17 @@ static void send_security_metadata(grpc_exec_ctx *exec_ctx, } } -static void on_host_checked(grpc_exec_ctx *exec_ctx, void *arg, - grpc_error *error) { - grpc_transport_stream_op_batch *batch = (grpc_transport_stream_op_batch *)arg; - grpc_call_element *elem = - (grpc_call_element *)batch->handler_private.extra_arg; - call_data *calld = (call_data *)elem->call_data; +static void on_host_checked(grpc_exec_ctx* exec_ctx, void* arg, + grpc_error* error) { + grpc_transport_stream_op_batch* batch = (grpc_transport_stream_op_batch*)arg; + grpc_call_element* elem = + (grpc_call_element*)batch->handler_private.extra_arg; + call_data* calld = (call_data*)elem->call_data; if (error == GRPC_ERROR_NONE) { send_security_metadata(exec_ctx, elem, batch); } else { - char *error_msg; - char *host = grpc_slice_to_c_string(calld->host); + char* error_msg; + char* host = grpc_slice_to_c_string(calld->host); gpr_asprintf(&error_msg, "Invalid host %s set in :authority metadata.", host); gpr_free(host); @@ -247,11 +255,11 @@ static void on_host_checked(grpc_exec_ctx *exec_ctx, void *arg, } } -static void cancel_check_call_host(grpc_exec_ctx *exec_ctx, void *arg, - grpc_error *error) { - grpc_call_element *elem = (grpc_call_element *)arg; - call_data *calld = (call_data *)elem->call_data; - channel_data *chand = (channel_data *)elem->channel_data; +static void cancel_check_call_host(grpc_exec_ctx* exec_ctx, void* arg, + grpc_error* error) { + grpc_call_element* elem = (grpc_call_element*)arg; + call_data* calld = (call_data*)elem->call_data; + channel_data* chand = (channel_data*)elem->channel_data; if (error != GRPC_ERROR_NONE) { grpc_channel_security_connector_cancel_check_call_host( exec_ctx, chand->security_connector, &calld->async_result_closure, @@ -261,13 +269,13 @@ static void cancel_check_call_host(grpc_exec_ctx *exec_ctx, void *arg, } static void auth_start_transport_stream_op_batch( - grpc_exec_ctx *exec_ctx, grpc_call_element *elem, - grpc_transport_stream_op_batch *batch) { + grpc_exec_ctx* exec_ctx, grpc_call_element* elem, + grpc_transport_stream_op_batch* batch) { GPR_TIMER_BEGIN("auth_start_transport_stream_op_batch", 0); /* grab pointers to our data from the call element */ - call_data *calld = (call_data *)elem->call_data; - channel_data *chand = (channel_data *)elem->channel_data; + call_data* calld = (call_data*)elem->call_data; + channel_data* chand = (channel_data*)elem->channel_data; if (!batch->cancel_stream) { GPR_ASSERT(batch->payload->context != NULL); @@ -277,8 +285,8 @@ static void auth_start_transport_stream_op_batch( batch->payload->context[GRPC_CONTEXT_SECURITY].destroy = grpc_client_security_context_destroy; } - grpc_client_security_context *sec_ctx = - (grpc_client_security_context *)batch->payload + grpc_client_security_context* sec_ctx = + (grpc_client_security_context*)batch->payload ->context[GRPC_CONTEXT_SECURITY] .value; GRPC_AUTH_CONTEXT_UNREF(sec_ctx->auth_context, "client auth filter"); @@ -287,7 +295,7 @@ static void auth_start_transport_stream_op_batch( } if (batch->send_initial_metadata) { - for (grpc_linked_mdelem *l = batch->payload->send_initial_metadata + for (grpc_linked_mdelem* l = batch->payload->send_initial_metadata .send_initial_metadata->list.head; l != NULL; l = l->next) { grpc_mdelem md = l->md; @@ -311,8 +319,8 @@ static void auth_start_transport_stream_op_batch( batch->handler_private.extra_arg = elem; GRPC_CLOSURE_INIT(&calld->async_result_closure, on_host_checked, batch, grpc_schedule_on_exec_ctx); - char *call_host = grpc_slice_to_c_string(calld->host); - grpc_error *error = GRPC_ERROR_NONE; + char* call_host = grpc_slice_to_c_string(calld->host); + grpc_error* error = GRPC_ERROR_NONE; if (grpc_channel_security_connector_check_call_host( exec_ctx, chand->security_connector, call_host, chand->auth_context, &calld->async_result_closure, &error)) { @@ -340,27 +348,27 @@ static void auth_start_transport_stream_op_batch( } /* Constructor for call_data */ -static grpc_error *init_call_elem(grpc_exec_ctx *exec_ctx, - grpc_call_element *elem, - const grpc_call_element_args *args) { - call_data *calld = (call_data *)elem->call_data; +static grpc_error* init_call_elem(grpc_exec_ctx* exec_ctx, + grpc_call_element* elem, + const grpc_call_element_args* args) { + call_data* calld = (call_data*)elem->call_data; calld->owning_call = args->call_stack; calld->call_combiner = args->call_combiner; return GRPC_ERROR_NONE; } -static void set_pollset_or_pollset_set(grpc_exec_ctx *exec_ctx, - grpc_call_element *elem, - grpc_polling_entity *pollent) { - call_data *calld = (call_data *)elem->call_data; +static void set_pollset_or_pollset_set(grpc_exec_ctx* exec_ctx, + grpc_call_element* elem, + grpc_polling_entity* pollent) { + call_data* calld = (call_data*)elem->call_data; calld->pollent = pollent; } /* Destructor for call_data */ -static void destroy_call_elem(grpc_exec_ctx *exec_ctx, grpc_call_element *elem, - const grpc_call_final_info *final_info, - grpc_closure *ignored) { - call_data *calld = (call_data *)elem->call_data; +static void destroy_call_elem(grpc_exec_ctx* exec_ctx, grpc_call_element* elem, + const grpc_call_final_info* final_info, + grpc_closure* ignored) { + call_data* calld = (call_data*)elem->call_data; grpc_credentials_mdelem_array_destroy(exec_ctx, &calld->md_array); grpc_call_credentials_unref(exec_ctx, calld->creds); if (calld->have_host) { @@ -369,20 +377,20 @@ static void destroy_call_elem(grpc_exec_ctx *exec_ctx, grpc_call_element *elem, if (calld->have_method) { grpc_slice_unref_internal(exec_ctx, calld->method); } - reset_auth_metadata_context(&calld->auth_md_context); + grpc_auth_metadata_context_reset(&calld->auth_md_context); } /* Constructor for channel_data */ -static grpc_error *init_channel_elem(grpc_exec_ctx *exec_ctx, - grpc_channel_element *elem, - grpc_channel_element_args *args) { - grpc_security_connector *sc = +static grpc_error* init_channel_elem(grpc_exec_ctx* exec_ctx, + grpc_channel_element* elem, + grpc_channel_element_args* args) { + grpc_security_connector* sc = grpc_security_connector_find_in_args(args->channel_args); if (sc == NULL) { return GRPC_ERROR_CREATE_FROM_STATIC_STRING( "Security connector missing from client auth filter args"); } - grpc_auth_context *auth_context = + grpc_auth_context* auth_context = grpc_find_auth_context_in_args(args->channel_args); if (auth_context == NULL) { return GRPC_ERROR_CREATE_FROM_STATIC_STRING( @@ -390,7 +398,7 @@ static grpc_error *init_channel_elem(grpc_exec_ctx *exec_ctx, } /* grab pointers to our data from the channel element */ - channel_data *chand = (channel_data *)elem->channel_data; + channel_data* chand = (channel_data*)elem->channel_data; /* The first and the last filters tend to be implemented differently to handle the case that there's no 'next' filter to call on the up or down @@ -399,7 +407,7 @@ static grpc_error *init_channel_elem(grpc_exec_ctx *exec_ctx, /* initialize members */ chand->security_connector = - (grpc_channel_security_connector *)GRPC_SECURITY_CONNECTOR_REF( + (grpc_channel_security_connector*)GRPC_SECURITY_CONNECTOR_REF( sc, "client_auth_filter"); chand->auth_context = GRPC_AUTH_CONTEXT_REF(auth_context, "client_auth_filter"); @@ -407,11 +415,11 @@ static grpc_error *init_channel_elem(grpc_exec_ctx *exec_ctx, } /* Destructor for channel data */ -static void destroy_channel_elem(grpc_exec_ctx *exec_ctx, - grpc_channel_element *elem) { +static void destroy_channel_elem(grpc_exec_ctx* exec_ctx, + grpc_channel_element* elem) { /* grab pointers to our data from the channel element */ - channel_data *chand = (channel_data *)elem->channel_data; - grpc_channel_security_connector *sc = chand->security_connector; + channel_data* chand = (channel_data*)elem->channel_data; + grpc_channel_security_connector* sc = chand->security_connector; if (sc != NULL) { GRPC_SECURITY_CONNECTOR_UNREF(exec_ctx, &sc->base, "client_auth_filter"); } diff --git a/src/core/lib/security/transport/lb_targets_info.cc b/src/core/lib/security/transport/lb_targets_info.cc index 947fc1addf..1655e18f37 100644 --- a/src/core/lib/security/transport/lb_targets_info.cc +++ b/src/core/lib/security/transport/lb_targets_info.cc @@ -25,33 +25,33 @@ * secure naming purposes. */ #define GRPC_ARG_LB_SECURE_NAMING_MAP "grpc.lb_secure_naming_map" -static void *targets_info_copy(void *p) { - return grpc_slice_hash_table_ref((grpc_slice_hash_table *)p); +static void* targets_info_copy(void* p) { + return grpc_slice_hash_table_ref((grpc_slice_hash_table*)p); } -static void targets_info_destroy(grpc_exec_ctx *exec_ctx, void *p) { - grpc_slice_hash_table_unref(exec_ctx, (grpc_slice_hash_table *)p); +static void targets_info_destroy(grpc_exec_ctx* exec_ctx, void* p) { + grpc_slice_hash_table_unref(exec_ctx, (grpc_slice_hash_table*)p); } -static int targets_info_cmp(void *a, void *b) { - return grpc_slice_hash_table_cmp((const grpc_slice_hash_table *)a, - (const grpc_slice_hash_table *)b); +static int targets_info_cmp(void* a, void* b) { + return grpc_slice_hash_table_cmp((const grpc_slice_hash_table*)a, + (const grpc_slice_hash_table*)b); } static const grpc_arg_pointer_vtable server_to_balancer_names_vtable = { targets_info_copy, targets_info_destroy, targets_info_cmp}; grpc_arg grpc_lb_targets_info_create_channel_arg( - grpc_slice_hash_table *targets_info) { - return grpc_channel_arg_pointer_create((char *)GRPC_ARG_LB_SECURE_NAMING_MAP, + grpc_slice_hash_table* targets_info) { + return grpc_channel_arg_pointer_create((char*)GRPC_ARG_LB_SECURE_NAMING_MAP, targets_info, &server_to_balancer_names_vtable); } -grpc_slice_hash_table *grpc_lb_targets_info_find_in_args( - const grpc_channel_args *args) { - const grpc_arg *targets_info_arg = +grpc_slice_hash_table* grpc_lb_targets_info_find_in_args( + const grpc_channel_args* args) { + const grpc_arg* targets_info_arg = grpc_channel_args_find(args, GRPC_ARG_LB_SECURE_NAMING_MAP); if (targets_info_arg != NULL) { GPR_ASSERT(targets_info_arg->type == GRPC_ARG_POINTER); - return (grpc_slice_hash_table *)targets_info_arg->value.pointer.p; + return (grpc_slice_hash_table*)targets_info_arg->value.pointer.p; } return NULL; } diff --git a/src/core/lib/security/transport/lb_targets_info.h b/src/core/lib/security/transport/lb_targets_info.h index 43f0e64556..b4a0bc91da 100644 --- a/src/core/lib/security/transport/lb_targets_info.h +++ b/src/core/lib/security/transport/lb_targets_info.h @@ -27,11 +27,11 @@ extern "C" { /** Return a channel argument containing \a targets_info. */ grpc_arg grpc_lb_targets_info_create_channel_arg( - grpc_slice_hash_table *targets_info); + grpc_slice_hash_table* targets_info); /** Return the instance of targets info in \a args or NULL */ -grpc_slice_hash_table *grpc_lb_targets_info_find_in_args( - const grpc_channel_args *args); +grpc_slice_hash_table* grpc_lb_targets_info_find_in_args( + const grpc_channel_args* args); #ifdef __cplusplus } diff --git a/src/core/lib/security/transport/secure_endpoint.cc b/src/core/lib/security/transport/secure_endpoint.cc index 859d04ae5a..9a29e05715 100644 --- a/src/core/lib/security/transport/secure_endpoint.cc +++ b/src/core/lib/security/transport/secure_endpoint.cc @@ -40,15 +40,15 @@ typedef struct { grpc_endpoint base; - grpc_endpoint *wrapped_ep; - struct tsi_frame_protector *protector; - struct tsi_zero_copy_grpc_protector *zero_copy_protector; + grpc_endpoint* wrapped_ep; + struct tsi_frame_protector* protector; + struct tsi_zero_copy_grpc_protector* zero_copy_protector; gpr_mu protector_mu; /* saved upper level callbacks and user_data. */ - grpc_closure *read_cb; - grpc_closure *write_cb; + grpc_closure* read_cb; + grpc_closure* write_cb; grpc_closure on_read; - grpc_slice_buffer *read_buffer; + grpc_slice_buffer* read_buffer; grpc_slice_buffer source_buffer; /* saved handshaker leftover data to unprotect. */ grpc_slice_buffer leftover_bytes; @@ -64,8 +64,8 @@ typedef struct { grpc_tracer_flag grpc_trace_secure_endpoint = GRPC_TRACER_INITIALIZER(false, "secure_endpoint"); -static void destroy(grpc_exec_ctx *exec_ctx, secure_endpoint *secure_ep) { - secure_endpoint *ep = secure_ep; +static void destroy(grpc_exec_ctx* exec_ctx, secure_endpoint* secure_ep) { + secure_endpoint* ep = secure_ep; grpc_endpoint_destroy(exec_ctx, ep->wrapped_ep); tsi_frame_protector_destroy(ep->protector); tsi_zero_copy_grpc_protector_destroy(exec_ctx, ep->zero_copy_protector); @@ -83,8 +83,8 @@ static void destroy(grpc_exec_ctx *exec_ctx, secure_endpoint *secure_ep) { secure_endpoint_unref((exec_ctx), (ep), (reason), __FILE__, __LINE__) #define SECURE_ENDPOINT_REF(ep, reason) \ secure_endpoint_ref((ep), (reason), __FILE__, __LINE__) -static void secure_endpoint_unref(grpc_exec_ctx *exec_ctx, secure_endpoint *ep, - const char *reason, const char *file, +static void secure_endpoint_unref(grpc_exec_ctx* exec_ctx, secure_endpoint* ep, + const char* reason, const char* file, int line) { if (GRPC_TRACER_ON(grpc_trace_secure_endpoint)) { gpr_atm val = gpr_atm_no_barrier_load(&ep->ref.count); @@ -97,8 +97,8 @@ static void secure_endpoint_unref(grpc_exec_ctx *exec_ctx, secure_endpoint *ep, } } -static void secure_endpoint_ref(secure_endpoint *ep, const char *reason, - const char *file, int line) { +static void secure_endpoint_ref(secure_endpoint* ep, const char* reason, + const char* file, int line) { if (GRPC_TRACER_ON(grpc_trace_secure_endpoint)) { gpr_atm val = gpr_atm_no_barrier_load(&ep->ref.count); gpr_log(file, line, GPR_LOG_SEVERITY_DEBUG, @@ -111,30 +111,30 @@ static void secure_endpoint_ref(secure_endpoint *ep, const char *reason, #define SECURE_ENDPOINT_UNREF(exec_ctx, ep, reason) \ secure_endpoint_unref((exec_ctx), (ep)) #define SECURE_ENDPOINT_REF(ep, reason) secure_endpoint_ref((ep)) -static void secure_endpoint_unref(grpc_exec_ctx *exec_ctx, - secure_endpoint *ep) { +static void secure_endpoint_unref(grpc_exec_ctx* exec_ctx, + secure_endpoint* ep) { if (gpr_unref(&ep->ref)) { destroy(exec_ctx, ep); } } -static void secure_endpoint_ref(secure_endpoint *ep) { gpr_ref(&ep->ref); } +static void secure_endpoint_ref(secure_endpoint* ep) { gpr_ref(&ep->ref); } #endif -static void flush_read_staging_buffer(secure_endpoint *ep, uint8_t **cur, - uint8_t **end) { +static void flush_read_staging_buffer(secure_endpoint* ep, uint8_t** cur, + uint8_t** end) { grpc_slice_buffer_add(ep->read_buffer, ep->read_staging_buffer); ep->read_staging_buffer = GRPC_SLICE_MALLOC(STAGING_BUFFER_SIZE); *cur = GRPC_SLICE_START_PTR(ep->read_staging_buffer); *end = GRPC_SLICE_END_PTR(ep->read_staging_buffer); } -static void call_read_cb(grpc_exec_ctx *exec_ctx, secure_endpoint *ep, - grpc_error *error) { +static void call_read_cb(grpc_exec_ctx* exec_ctx, secure_endpoint* ep, + grpc_error* error) { if (GRPC_TRACER_ON(grpc_trace_secure_endpoint)) { size_t i; for (i = 0; i < ep->read_buffer->count; i++) { - char *data = grpc_dump_slice(ep->read_buffer->slices[i], + char* data = grpc_dump_slice(ep->read_buffer->slices[i], GPR_DUMP_HEX | GPR_DUMP_ASCII); gpr_log(GPR_DEBUG, "READ %p: %s", ep, data); gpr_free(data); @@ -145,19 +145,20 @@ static void call_read_cb(grpc_exec_ctx *exec_ctx, secure_endpoint *ep, SECURE_ENDPOINT_UNREF(exec_ctx, ep, "read"); } -static void on_read(grpc_exec_ctx *exec_ctx, void *user_data, - grpc_error *error) { +static void on_read(grpc_exec_ctx* exec_ctx, void* user_data, + grpc_error* error) { unsigned i; uint8_t keep_looping = 0; tsi_result result = TSI_OK; - secure_endpoint *ep = (secure_endpoint *)user_data; - uint8_t *cur = GRPC_SLICE_START_PTR(ep->read_staging_buffer); - uint8_t *end = GRPC_SLICE_END_PTR(ep->read_staging_buffer); + secure_endpoint* ep = (secure_endpoint*)user_data; + uint8_t* cur = GRPC_SLICE_START_PTR(ep->read_staging_buffer); + uint8_t* end = GRPC_SLICE_END_PTR(ep->read_staging_buffer); if (error != GRPC_ERROR_NONE) { grpc_slice_buffer_reset_and_unref_internal(exec_ctx, ep->read_buffer); - call_read_cb(exec_ctx, ep, GRPC_ERROR_CREATE_REFERENCING_FROM_STATIC_STRING( - "Secure read failed", &error, 1)); + call_read_cb(exec_ctx, ep, + GRPC_ERROR_CREATE_REFERENCING_FROM_STATIC_STRING( + "Secure read failed", &error, 1)); return; } @@ -170,7 +171,7 @@ static void on_read(grpc_exec_ctx *exec_ctx, void *user_data, /* TODO(yangg) check error, maybe bail out early */ for (i = 0; i < ep->source_buffer.count; i++) { grpc_slice encrypted = ep->source_buffer.slices[i]; - uint8_t *message_bytes = GRPC_SLICE_START_PTR(encrypted); + uint8_t* message_bytes = GRPC_SLICE_START_PTR(encrypted); size_t message_size = GRPC_SLICE_LENGTH(encrypted); while (message_size > 0 || keep_looping) { @@ -231,9 +232,9 @@ static void on_read(grpc_exec_ctx *exec_ctx, void *user_data, call_read_cb(exec_ctx, ep, GRPC_ERROR_NONE); } -static void endpoint_read(grpc_exec_ctx *exec_ctx, grpc_endpoint *secure_ep, - grpc_slice_buffer *slices, grpc_closure *cb) { - secure_endpoint *ep = (secure_endpoint *)secure_ep; +static void endpoint_read(grpc_exec_ctx* exec_ctx, grpc_endpoint* secure_ep, + grpc_slice_buffer* slices, grpc_closure* cb) { + secure_endpoint* ep = (secure_endpoint*)secure_ep; ep->read_cb = cb; ep->read_buffer = slices; grpc_slice_buffer_reset_and_unref_internal(exec_ctx, ep->read_buffer); @@ -250,29 +251,29 @@ static void endpoint_read(grpc_exec_ctx *exec_ctx, grpc_endpoint *secure_ep, &ep->on_read); } -static void flush_write_staging_buffer(secure_endpoint *ep, uint8_t **cur, - uint8_t **end) { +static void flush_write_staging_buffer(secure_endpoint* ep, uint8_t** cur, + uint8_t** end) { grpc_slice_buffer_add(&ep->output_buffer, ep->write_staging_buffer); ep->write_staging_buffer = GRPC_SLICE_MALLOC(STAGING_BUFFER_SIZE); *cur = GRPC_SLICE_START_PTR(ep->write_staging_buffer); *end = GRPC_SLICE_END_PTR(ep->write_staging_buffer); } -static void endpoint_write(grpc_exec_ctx *exec_ctx, grpc_endpoint *secure_ep, - grpc_slice_buffer *slices, grpc_closure *cb) { +static void endpoint_write(grpc_exec_ctx* exec_ctx, grpc_endpoint* secure_ep, + grpc_slice_buffer* slices, grpc_closure* cb) { GPR_TIMER_BEGIN("secure_endpoint.endpoint_write", 0); unsigned i; tsi_result result = TSI_OK; - secure_endpoint *ep = (secure_endpoint *)secure_ep; - uint8_t *cur = GRPC_SLICE_START_PTR(ep->write_staging_buffer); - uint8_t *end = GRPC_SLICE_END_PTR(ep->write_staging_buffer); + secure_endpoint* ep = (secure_endpoint*)secure_ep; + uint8_t* cur = GRPC_SLICE_START_PTR(ep->write_staging_buffer); + uint8_t* end = GRPC_SLICE_END_PTR(ep->write_staging_buffer); grpc_slice_buffer_reset_and_unref_internal(exec_ctx, &ep->output_buffer); if (GRPC_TRACER_ON(grpc_trace_secure_endpoint)) { for (i = 0; i < slices->count; i++) { - char *data = + char* data = grpc_dump_slice(slices->slices[i], GPR_DUMP_HEX | GPR_DUMP_ASCII); gpr_log(GPR_DEBUG, "WRITE %p: %s", ep, data); gpr_free(data); @@ -287,7 +288,7 @@ static void endpoint_write(grpc_exec_ctx *exec_ctx, grpc_endpoint *secure_ep, // Use frame protector to protect. for (i = 0; i < slices->count; i++) { grpc_slice plain = slices->slices[i]; - uint8_t *message_bytes = GRPC_SLICE_START_PTR(plain); + uint8_t* message_bytes = GRPC_SLICE_START_PTR(plain); size_t message_size = GRPC_SLICE_LENGTH(plain); while (message_size > 0) { size_t protected_buffer_size_to_send = (size_t)(end - cur); @@ -353,52 +354,52 @@ static void endpoint_write(grpc_exec_ctx *exec_ctx, grpc_endpoint *secure_ep, GPR_TIMER_END("secure_endpoint.endpoint_write", 0); } -static void endpoint_shutdown(grpc_exec_ctx *exec_ctx, grpc_endpoint *secure_ep, - grpc_error *why) { - secure_endpoint *ep = (secure_endpoint *)secure_ep; +static void endpoint_shutdown(grpc_exec_ctx* exec_ctx, grpc_endpoint* secure_ep, + grpc_error* why) { + secure_endpoint* ep = (secure_endpoint*)secure_ep; grpc_endpoint_shutdown(exec_ctx, ep->wrapped_ep, why); } -static void endpoint_destroy(grpc_exec_ctx *exec_ctx, - grpc_endpoint *secure_ep) { - secure_endpoint *ep = (secure_endpoint *)secure_ep; +static void endpoint_destroy(grpc_exec_ctx* exec_ctx, + grpc_endpoint* secure_ep) { + secure_endpoint* ep = (secure_endpoint*)secure_ep; SECURE_ENDPOINT_UNREF(exec_ctx, ep, "destroy"); } -static void endpoint_add_to_pollset(grpc_exec_ctx *exec_ctx, - grpc_endpoint *secure_ep, - grpc_pollset *pollset) { - secure_endpoint *ep = (secure_endpoint *)secure_ep; +static void endpoint_add_to_pollset(grpc_exec_ctx* exec_ctx, + grpc_endpoint* secure_ep, + grpc_pollset* pollset) { + secure_endpoint* ep = (secure_endpoint*)secure_ep; grpc_endpoint_add_to_pollset(exec_ctx, ep->wrapped_ep, pollset); } -static void endpoint_add_to_pollset_set(grpc_exec_ctx *exec_ctx, - grpc_endpoint *secure_ep, - grpc_pollset_set *pollset_set) { - secure_endpoint *ep = (secure_endpoint *)secure_ep; +static void endpoint_add_to_pollset_set(grpc_exec_ctx* exec_ctx, + grpc_endpoint* secure_ep, + grpc_pollset_set* pollset_set) { + secure_endpoint* ep = (secure_endpoint*)secure_ep; grpc_endpoint_add_to_pollset_set(exec_ctx, ep->wrapped_ep, pollset_set); } -static void endpoint_delete_from_pollset_set(grpc_exec_ctx *exec_ctx, - grpc_endpoint *secure_ep, - grpc_pollset_set *pollset_set) { - secure_endpoint *ep = (secure_endpoint *)secure_ep; +static void endpoint_delete_from_pollset_set(grpc_exec_ctx* exec_ctx, + grpc_endpoint* secure_ep, + grpc_pollset_set* pollset_set) { + secure_endpoint* ep = (secure_endpoint*)secure_ep; grpc_endpoint_delete_from_pollset_set(exec_ctx, ep->wrapped_ep, pollset_set); } -static char *endpoint_get_peer(grpc_endpoint *secure_ep) { - secure_endpoint *ep = (secure_endpoint *)secure_ep; +static char* endpoint_get_peer(grpc_endpoint* secure_ep) { + secure_endpoint* ep = (secure_endpoint*)secure_ep; return grpc_endpoint_get_peer(ep->wrapped_ep); } -static int endpoint_get_fd(grpc_endpoint *secure_ep) { - secure_endpoint *ep = (secure_endpoint *)secure_ep; +static int endpoint_get_fd(grpc_endpoint* secure_ep) { + secure_endpoint* ep = (secure_endpoint*)secure_ep; return grpc_endpoint_get_fd(ep->wrapped_ep); } -static grpc_resource_user *endpoint_get_resource_user( - grpc_endpoint *secure_ep) { - secure_endpoint *ep = (secure_endpoint *)secure_ep; +static grpc_resource_user* endpoint_get_resource_user( + grpc_endpoint* secure_ep) { + secure_endpoint* ep = (secure_endpoint*)secure_ep; return grpc_endpoint_get_resource_user(ep->wrapped_ep); } @@ -413,13 +414,13 @@ static const grpc_endpoint_vtable vtable = {endpoint_read, endpoint_get_peer, endpoint_get_fd}; -grpc_endpoint *grpc_secure_endpoint_create( - struct tsi_frame_protector *protector, - struct tsi_zero_copy_grpc_protector *zero_copy_protector, - grpc_endpoint *transport, grpc_slice *leftover_slices, +grpc_endpoint* grpc_secure_endpoint_create( + struct tsi_frame_protector* protector, + struct tsi_zero_copy_grpc_protector* zero_copy_protector, + grpc_endpoint* transport, grpc_slice* leftover_slices, size_t leftover_nslices) { size_t i; - secure_endpoint *ep = (secure_endpoint *)gpr_malloc(sizeof(secure_endpoint)); + secure_endpoint* ep = (secure_endpoint*)gpr_malloc(sizeof(secure_endpoint)); ep->base.vtable = &vtable; ep->wrapped_ep = transport; ep->protector = protector; diff --git a/src/core/lib/security/transport/secure_endpoint.h b/src/core/lib/security/transport/secure_endpoint.h index 980449c03e..db8233f6e6 100644 --- a/src/core/lib/security/transport/secure_endpoint.h +++ b/src/core/lib/security/transport/secure_endpoint.h @@ -34,10 +34,10 @@ extern grpc_tracer_flag grpc_trace_secure_endpoint; /* Takes ownership of protector, zero_copy_protector, and to_wrap, and refs * leftover_slices. If zero_copy_protector is not NULL, protector will never be * used. */ -grpc_endpoint *grpc_secure_endpoint_create( - struct tsi_frame_protector *protector, - struct tsi_zero_copy_grpc_protector *zero_copy_protector, - grpc_endpoint *to_wrap, grpc_slice *leftover_slices, +grpc_endpoint* grpc_secure_endpoint_create( + struct tsi_frame_protector* protector, + struct tsi_zero_copy_grpc_protector* zero_copy_protector, + grpc_endpoint* to_wrap, grpc_slice* leftover_slices, size_t leftover_nslices); #ifdef __cplusplus diff --git a/src/core/lib/security/transport/security_connector.cc b/src/core/lib/security/transport/security_connector.cc index b050be2129..b5822d7454 100644 --- a/src/core/lib/security/transport/security_connector.cc +++ b/src/core/lib/security/transport/security_connector.cc @@ -34,6 +34,7 @@ #include "src/core/lib/security/context/security_context.h" #include "src/core/lib/security/credentials/credentials.h" #include "src/core/lib/security/credentials/fake/fake_credentials.h" +#include "src/core/lib/security/credentials/ssl/ssl_credentials.h" #include "src/core/lib/security/transport/lb_targets_info.h" #include "src/core/lib/security/transport/secure_endpoint.h" #include "src/core/lib/security/transport/security_handshaker.h" @@ -51,9 +52,9 @@ grpc_tracer_flag grpc_trace_security_connector_refcount = /* -- Constants. -- */ #ifndef INSTALL_PREFIX -static const char *installed_roots_path = "/usr/share/grpc/roots.pem"; +static const char* installed_roots_path = "/usr/share/grpc/roots.pem"; #else -static const char *installed_roots_path = +static const char* installed_roots_path = INSTALL_PREFIX "/share/grpc/roots.pem"; #endif @@ -73,14 +74,14 @@ void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb) { "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384" static gpr_once cipher_suites_once = GPR_ONCE_INIT; -static const char *cipher_suites = NULL; +static const char* cipher_suites = NULL; static void init_cipher_suites(void) { - char *overridden = gpr_getenv("GRPC_SSL_CIPHER_SUITES"); + char* overridden = gpr_getenv("GRPC_SSL_CIPHER_SUITES"); cipher_suites = overridden != NULL ? overridden : GRPC_SSL_CIPHER_SUITES; } -static const char *ssl_cipher_suites(void) { +static const char* ssl_cipher_suites(void) { gpr_once_init(&cipher_suites_once, init_cipher_suites); return cipher_suites; } @@ -88,12 +89,12 @@ static const char *ssl_cipher_suites(void) { /* -- Common methods. -- */ /* Returns the first property with that name. */ -const tsi_peer_property *tsi_peer_get_property_by_name(const tsi_peer *peer, - const char *name) { +const tsi_peer_property* tsi_peer_get_property_by_name(const tsi_peer* peer, + const char* name) { size_t i; if (peer == NULL) return NULL; for (i = 0; i < peer->property_count; i++) { - const tsi_peer_property *property = &peer->properties[i]; + const tsi_peer_property* property = &peer->properties[i]; if (name == NULL && property->name == NULL) { return property; } @@ -106,26 +107,26 @@ const tsi_peer_property *tsi_peer_get_property_by_name(const tsi_peer *peer, } void grpc_channel_security_connector_add_handshakers( - grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *connector, - grpc_handshake_manager *handshake_mgr) { + grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* connector, + grpc_handshake_manager* handshake_mgr) { if (connector != NULL) { connector->add_handshakers(exec_ctx, connector, handshake_mgr); } } void grpc_server_security_connector_add_handshakers( - grpc_exec_ctx *exec_ctx, grpc_server_security_connector *connector, - grpc_handshake_manager *handshake_mgr) { + grpc_exec_ctx* exec_ctx, grpc_server_security_connector* connector, + grpc_handshake_manager* handshake_mgr) { if (connector != NULL) { connector->add_handshakers(exec_ctx, connector, handshake_mgr); } } -void grpc_security_connector_check_peer(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc, +void grpc_security_connector_check_peer(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc, tsi_peer peer, - grpc_auth_context **auth_context, - grpc_closure *on_peer_checked) { + grpc_auth_context** auth_context, + grpc_closure* on_peer_checked) { if (sc == NULL) { GRPC_CLOSURE_SCHED(exec_ctx, on_peer_checked, GRPC_ERROR_CREATE_FROM_STATIC_STRING( @@ -136,43 +137,43 @@ void grpc_security_connector_check_peer(grpc_exec_ctx *exec_ctx, } } -int grpc_security_connector_cmp(grpc_security_connector *sc, - grpc_security_connector *other) { +int grpc_security_connector_cmp(grpc_security_connector* sc, + grpc_security_connector* other) { if (sc == NULL || other == NULL) return GPR_ICMP(sc, other); int c = GPR_ICMP(sc->vtable, other->vtable); if (c != 0) return c; return sc->vtable->cmp(sc, other); } -int grpc_channel_security_connector_cmp(grpc_channel_security_connector *sc1, - grpc_channel_security_connector *sc2) { +int grpc_channel_security_connector_cmp(grpc_channel_security_connector* sc1, + grpc_channel_security_connector* sc2) { GPR_ASSERT(sc1->channel_creds != NULL); GPR_ASSERT(sc2->channel_creds != NULL); int c = GPR_ICMP(sc1->channel_creds, sc2->channel_creds); if (c != 0) return c; c = GPR_ICMP(sc1->request_metadata_creds, sc2->request_metadata_creds); if (c != 0) return c; - c = GPR_ICMP((void *)sc1->check_call_host, (void *)sc2->check_call_host); + c = GPR_ICMP((void*)sc1->check_call_host, (void*)sc2->check_call_host); if (c != 0) return c; - c = GPR_ICMP((void *)sc1->cancel_check_call_host, - (void *)sc2->cancel_check_call_host); + c = GPR_ICMP((void*)sc1->cancel_check_call_host, + (void*)sc2->cancel_check_call_host); if (c != 0) return c; - return GPR_ICMP((void *)sc1->add_handshakers, (void *)sc2->add_handshakers); + return GPR_ICMP((void*)sc1->add_handshakers, (void*)sc2->add_handshakers); } -int grpc_server_security_connector_cmp(grpc_server_security_connector *sc1, - grpc_server_security_connector *sc2) { +int grpc_server_security_connector_cmp(grpc_server_security_connector* sc1, + grpc_server_security_connector* sc2) { GPR_ASSERT(sc1->server_creds != NULL); GPR_ASSERT(sc2->server_creds != NULL); int c = GPR_ICMP(sc1->server_creds, sc2->server_creds); if (c != 0) return c; - return GPR_ICMP((void *)sc1->add_handshakers, (void *)sc2->add_handshakers); + return GPR_ICMP((void*)sc1->add_handshakers, (void*)sc2->add_handshakers); } bool grpc_channel_security_connector_check_call_host( - grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *sc, - const char *host, grpc_auth_context *auth_context, - grpc_closure *on_call_host_checked, grpc_error **error) { + grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* sc, + const char* host, grpc_auth_context* auth_context, + grpc_closure* on_call_host_checked, grpc_error** error) { if (sc == NULL || sc->check_call_host == NULL) { *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( "cannot check call host -- no security connector"); @@ -183,8 +184,8 @@ bool grpc_channel_security_connector_check_call_host( } void grpc_channel_security_connector_cancel_check_call_host( - grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *sc, - grpc_closure *on_call_host_checked, grpc_error *error) { + grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* sc, + grpc_closure* on_call_host_checked, grpc_error* error) { if (sc == NULL || sc->cancel_check_call_host == NULL) { GRPC_ERROR_UNREF(error); return; @@ -193,9 +194,9 @@ void grpc_channel_security_connector_cancel_check_call_host( } #ifndef NDEBUG -grpc_security_connector *grpc_security_connector_ref( - grpc_security_connector *sc, const char *file, int line, - const char *reason) { +grpc_security_connector* grpc_security_connector_ref( + grpc_security_connector* sc, const char* file, int line, + const char* reason) { if (sc == NULL) return NULL; if (GRPC_TRACER_ON(grpc_trace_security_connector_refcount)) { gpr_atm val = gpr_atm_no_barrier_load(&sc->refcount.count); @@ -204,8 +205,8 @@ grpc_security_connector *grpc_security_connector_ref( val, val + 1, reason); } #else -grpc_security_connector *grpc_security_connector_ref( - grpc_security_connector *sc) { +grpc_security_connector* grpc_security_connector_ref( + grpc_security_connector* sc) { if (sc == NULL) return NULL; #endif gpr_ref(&sc->refcount); @@ -213,10 +214,10 @@ grpc_security_connector *grpc_security_connector_ref( } #ifndef NDEBUG -void grpc_security_connector_unref(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc, - const char *file, int line, - const char *reason) { +void grpc_security_connector_unref(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc, + const char* file, int line, + const char* reason) { if (sc == NULL) return; if (GRPC_TRACER_ON(grpc_trace_security_connector_refcount)) { gpr_atm val = gpr_atm_no_barrier_load(&sc->refcount.count); @@ -225,87 +226,111 @@ void grpc_security_connector_unref(grpc_exec_ctx *exec_ctx, val, val - 1, reason); } #else -void grpc_security_connector_unref(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc) { +void grpc_security_connector_unref(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc) { if (sc == NULL) return; #endif if (gpr_unref(&sc->refcount)) sc->vtable->destroy(exec_ctx, sc); } -static void connector_arg_destroy(grpc_exec_ctx *exec_ctx, void *p) { - GRPC_SECURITY_CONNECTOR_UNREF(exec_ctx, (grpc_security_connector *)p, +static void connector_arg_destroy(grpc_exec_ctx* exec_ctx, void* p) { + GRPC_SECURITY_CONNECTOR_UNREF(exec_ctx, (grpc_security_connector*)p, "connector_arg_destroy"); } -static void *connector_arg_copy(void *p) { - return GRPC_SECURITY_CONNECTOR_REF((grpc_security_connector *)p, +static void* connector_arg_copy(void* p) { + return GRPC_SECURITY_CONNECTOR_REF((grpc_security_connector*)p, "connector_arg_copy"); } -static int connector_cmp(void *a, void *b) { - return grpc_security_connector_cmp((grpc_security_connector *)a, - (grpc_security_connector *)b); +static int connector_cmp(void* a, void* b) { + return grpc_security_connector_cmp((grpc_security_connector*)a, + (grpc_security_connector*)b); } static const grpc_arg_pointer_vtable connector_arg_vtable = { connector_arg_copy, connector_arg_destroy, connector_cmp}; -grpc_arg grpc_security_connector_to_arg(grpc_security_connector *sc) { - return grpc_channel_arg_pointer_create((char *)GRPC_ARG_SECURITY_CONNECTOR, - sc, &connector_arg_vtable); +grpc_arg grpc_security_connector_to_arg(grpc_security_connector* sc) { + return grpc_channel_arg_pointer_create((char*)GRPC_ARG_SECURITY_CONNECTOR, sc, + &connector_arg_vtable); } -grpc_security_connector *grpc_security_connector_from_arg(const grpc_arg *arg) { +grpc_security_connector* grpc_security_connector_from_arg(const grpc_arg* arg) { if (strcmp(arg->key, GRPC_ARG_SECURITY_CONNECTOR)) return NULL; if (arg->type != GRPC_ARG_POINTER) { gpr_log(GPR_ERROR, "Invalid type %d for arg %s", arg->type, GRPC_ARG_SECURITY_CONNECTOR); return NULL; } - return (grpc_security_connector *)arg->value.pointer.p; + return (grpc_security_connector*)arg->value.pointer.p; } -grpc_security_connector *grpc_security_connector_find_in_args( - const grpc_channel_args *args) { +grpc_security_connector* grpc_security_connector_find_in_args( + const grpc_channel_args* args) { size_t i; if (args == NULL) return NULL; for (i = 0; i < args->num_args; i++) { - grpc_security_connector *sc = + grpc_security_connector* sc = grpc_security_connector_from_arg(&args->args[i]); if (sc != NULL) return sc; } return NULL; } +static tsi_client_certificate_request_type +get_tsi_client_certificate_request_type( + grpc_ssl_client_certificate_request_type grpc_request_type) { + switch (grpc_request_type) { + case GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE: + return TSI_DONT_REQUEST_CLIENT_CERTIFICATE; + + case GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY: + return TSI_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY; + + case GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY: + return TSI_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY; + + case GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY: + return TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY; + + case GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY: + return TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY; + + default: + return TSI_DONT_REQUEST_CLIENT_CERTIFICATE; + } +} + /* -- Fake implementation. -- */ typedef struct { grpc_channel_security_connector base; - char *target; - char *expected_targets; + char* target; + char* expected_targets; bool is_lb_channel; } grpc_fake_channel_security_connector; -static void fake_channel_destroy(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc) { - grpc_fake_channel_security_connector *c = - (grpc_fake_channel_security_connector *)sc; +static void fake_channel_destroy(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc) { + grpc_fake_channel_security_connector* c = + (grpc_fake_channel_security_connector*)sc; grpc_call_credentials_unref(exec_ctx, c->base.request_metadata_creds); gpr_free(c->target); gpr_free(c->expected_targets); gpr_free(c); } -static void fake_server_destroy(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc) { +static void fake_server_destroy(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc) { gpr_free(sc); } -static bool fake_check_target(const char *target_type, const char *target, - const char *set_str) { +static bool fake_check_target(const char* target_type, const char* target, + const char* set_str) { GPR_ASSERT(target_type != NULL); GPR_ASSERT(target != NULL); - char **set = NULL; + char** set = NULL; size_t set_size = 0; gpr_string_split(set_str, ",", &set, &set_size); bool found = false; @@ -319,11 +344,11 @@ static bool fake_check_target(const char *target_type, const char *target, return found; } -static void fake_secure_name_check(const char *target, - const char *expected_targets, +static void fake_secure_name_check(const char* target, + const char* expected_targets, bool is_lb_channel) { if (expected_targets == NULL) return; - char **lbs_and_backends = NULL; + char** lbs_and_backends = NULL; size_t lbs_and_backends_size = 0; bool success = false; gpr_string_split(expected_targets, ";", &lbs_and_backends, @@ -363,12 +388,12 @@ done: if (!success) abort(); } -static void fake_check_peer(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc, tsi_peer peer, - grpc_auth_context **auth_context, - grpc_closure *on_peer_checked) { - const char *prop_name; - grpc_error *error = GRPC_ERROR_NONE; +static void fake_check_peer(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc, tsi_peer peer, + grpc_auth_context** auth_context, + grpc_closure* on_peer_checked) { + const char* prop_name; + grpc_error* error = GRPC_ERROR_NONE; *auth_context = NULL; if (peer.property_count != 1) { error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( @@ -378,7 +403,7 @@ static void fake_check_peer(grpc_exec_ctx *exec_ctx, prop_name = peer.properties[0].name; if (prop_name == NULL || strcmp(prop_name, TSI_CERTIFICATE_TYPE_PEER_PROPERTY)) { - char *msg; + char* msg; gpr_asprintf(&msg, "Unexpected property in fake peer: %s.", prop_name == NULL ? "<EMPTY>" : prop_name); error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg); @@ -400,29 +425,29 @@ end: tsi_peer_destruct(&peer); } -static void fake_channel_check_peer(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc, tsi_peer peer, - grpc_auth_context **auth_context, - grpc_closure *on_peer_checked) { +static void fake_channel_check_peer(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc, tsi_peer peer, + grpc_auth_context** auth_context, + grpc_closure* on_peer_checked) { fake_check_peer(exec_ctx, sc, peer, auth_context, on_peer_checked); - grpc_fake_channel_security_connector *c = - (grpc_fake_channel_security_connector *)sc; + grpc_fake_channel_security_connector* c = + (grpc_fake_channel_security_connector*)sc; fake_secure_name_check(c->target, c->expected_targets, c->is_lb_channel); } -static void fake_server_check_peer(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc, tsi_peer peer, - grpc_auth_context **auth_context, - grpc_closure *on_peer_checked) { +static void fake_server_check_peer(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc, tsi_peer peer, + grpc_auth_context** auth_context, + grpc_closure* on_peer_checked) { fake_check_peer(exec_ctx, sc, peer, auth_context, on_peer_checked); } -static int fake_channel_cmp(grpc_security_connector *sc1, - grpc_security_connector *sc2) { - grpc_fake_channel_security_connector *c1 = - (grpc_fake_channel_security_connector *)sc1; - grpc_fake_channel_security_connector *c2 = - (grpc_fake_channel_security_connector *)sc2; +static int fake_channel_cmp(grpc_security_connector* sc1, + grpc_security_connector* sc2) { + grpc_fake_channel_security_connector* c1 = + (grpc_fake_channel_security_connector*)sc1; + grpc_fake_channel_security_connector* c2 = + (grpc_fake_channel_security_connector*)sc2; int c = grpc_channel_security_connector_cmp(&c1->base, &c2->base); if (c != 0) return c; c = strcmp(c1->target, c2->target); @@ -436,31 +461,31 @@ static int fake_channel_cmp(grpc_security_connector *sc1, return GPR_ICMP(c1->is_lb_channel, c2->is_lb_channel); } -static int fake_server_cmp(grpc_security_connector *sc1, - grpc_security_connector *sc2) { +static int fake_server_cmp(grpc_security_connector* sc1, + grpc_security_connector* sc2) { return grpc_server_security_connector_cmp( - (grpc_server_security_connector *)sc1, - (grpc_server_security_connector *)sc2); + (grpc_server_security_connector*)sc1, + (grpc_server_security_connector*)sc2); } -static bool fake_channel_check_call_host(grpc_exec_ctx *exec_ctx, - grpc_channel_security_connector *sc, - const char *host, - grpc_auth_context *auth_context, - grpc_closure *on_call_host_checked, - grpc_error **error) { +static bool fake_channel_check_call_host(grpc_exec_ctx* exec_ctx, + grpc_channel_security_connector* sc, + const char* host, + grpc_auth_context* auth_context, + grpc_closure* on_call_host_checked, + grpc_error** error) { return true; } static void fake_channel_cancel_check_call_host( - grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *sc, - grpc_closure *on_call_host_checked, grpc_error *error) { + grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* sc, + grpc_closure* on_call_host_checked, grpc_error* error) { GRPC_ERROR_UNREF(error); } static void fake_channel_add_handshakers( - grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *sc, - grpc_handshake_manager *handshake_mgr) { + grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* sc, + grpc_handshake_manager* handshake_mgr) { grpc_handshake_manager_add( handshake_mgr, grpc_security_handshaker_create( @@ -468,9 +493,9 @@ static void fake_channel_add_handshakers( &sc->base)); } -static void fake_server_add_handshakers(grpc_exec_ctx *exec_ctx, - grpc_server_security_connector *sc, - grpc_handshake_manager *handshake_mgr) { +static void fake_server_add_handshakers(grpc_exec_ctx* exec_ctx, + grpc_server_security_connector* sc, + grpc_handshake_manager* handshake_mgr) { grpc_handshake_manager_add( handshake_mgr, grpc_security_handshaker_create( @@ -484,12 +509,12 @@ static grpc_security_connector_vtable fake_channel_vtable = { static grpc_security_connector_vtable fake_server_vtable = { fake_server_destroy, fake_server_check_peer, fake_server_cmp}; -grpc_channel_security_connector *grpc_fake_channel_security_connector_create( - grpc_channel_credentials *channel_creds, - grpc_call_credentials *request_metadata_creds, const char *target, - const grpc_channel_args *args) { - grpc_fake_channel_security_connector *c = - (grpc_fake_channel_security_connector *)gpr_zalloc(sizeof(*c)); +grpc_channel_security_connector* grpc_fake_channel_security_connector_create( + grpc_channel_credentials* channel_creds, + grpc_call_credentials* request_metadata_creds, const char* target, + const grpc_channel_args* args) { + grpc_fake_channel_security_connector* c = + (grpc_fake_channel_security_connector*)gpr_zalloc(sizeof(*c)); gpr_ref_init(&c->base.base.refcount, 1); c->base.base.url_scheme = GRPC_FAKE_SECURITY_URL_SCHEME; c->base.base.vtable = &fake_channel_vtable; @@ -500,16 +525,16 @@ grpc_channel_security_connector *grpc_fake_channel_security_connector_create( c->base.cancel_check_call_host = fake_channel_cancel_check_call_host; c->base.add_handshakers = fake_channel_add_handshakers; c->target = gpr_strdup(target); - const char *expected_targets = grpc_fake_transport_get_expected_targets(args); + const char* expected_targets = grpc_fake_transport_get_expected_targets(args); c->expected_targets = gpr_strdup(expected_targets); c->is_lb_channel = (grpc_lb_targets_info_find_in_args(args) != NULL); return &c->base; } -grpc_server_security_connector *grpc_fake_server_security_connector_create( - grpc_server_credentials *server_creds) { - grpc_server_security_connector *c = - (grpc_server_security_connector *)gpr_zalloc( +grpc_server_security_connector* grpc_fake_server_security_connector_create( + grpc_server_credentials* server_creds) { + grpc_server_security_connector* c = + (grpc_server_security_connector*)gpr_zalloc( sizeof(grpc_server_security_connector)); gpr_ref_init(&c->base.refcount, 1); c->base.vtable = &fake_server_vtable; @@ -523,20 +548,29 @@ grpc_server_security_connector *grpc_fake_server_security_connector_create( typedef struct { grpc_channel_security_connector base; - tsi_ssl_client_handshaker_factory *client_handshaker_factory; - char *target_name; - char *overridden_target_name; + tsi_ssl_client_handshaker_factory* client_handshaker_factory; + char* target_name; + char* overridden_target_name; } grpc_ssl_channel_security_connector; typedef struct { grpc_server_security_connector base; - tsi_ssl_server_handshaker_factory *server_handshaker_factory; + tsi_ssl_server_handshaker_factory* server_handshaker_factory; } grpc_ssl_server_security_connector; -static void ssl_channel_destroy(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc) { - grpc_ssl_channel_security_connector *c = - (grpc_ssl_channel_security_connector *)sc; +static bool server_connector_has_cert_config_fetcher( + grpc_ssl_server_security_connector* c) { + GPR_ASSERT(c != NULL); + grpc_ssl_server_credentials* server_creds = + (grpc_ssl_server_credentials*)c->base.server_creds; + GPR_ASSERT(server_creds != NULL); + return server_creds->certificate_config_fetcher.cb != NULL; +} + +static void ssl_channel_destroy(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc) { + grpc_ssl_channel_security_connector* c = + (grpc_ssl_channel_security_connector*)sc; grpc_channel_credentials_unref(exec_ctx, c->base.channel_creds); grpc_call_credentials_unref(exec_ctx, c->base.request_metadata_creds); tsi_ssl_client_handshaker_factory_unref(c->client_handshaker_factory); @@ -546,23 +580,23 @@ static void ssl_channel_destroy(grpc_exec_ctx *exec_ctx, gpr_free(sc); } -static void ssl_server_destroy(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc) { - grpc_ssl_server_security_connector *c = - (grpc_ssl_server_security_connector *)sc; +static void ssl_server_destroy(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc) { + grpc_ssl_server_security_connector* c = + (grpc_ssl_server_security_connector*)sc; grpc_server_credentials_unref(exec_ctx, c->base.server_creds); tsi_ssl_server_handshaker_factory_unref(c->server_handshaker_factory); c->server_handshaker_factory = NULL; gpr_free(sc); } -static void ssl_channel_add_handshakers(grpc_exec_ctx *exec_ctx, - grpc_channel_security_connector *sc, - grpc_handshake_manager *handshake_mgr) { - grpc_ssl_channel_security_connector *c = - (grpc_ssl_channel_security_connector *)sc; +static void ssl_channel_add_handshakers(grpc_exec_ctx* exec_ctx, + grpc_channel_security_connector* sc, + grpc_handshake_manager* handshake_mgr) { + grpc_ssl_channel_security_connector* c = + (grpc_ssl_channel_security_connector*)sc; // Instantiate TSI handshaker. - tsi_handshaker *tsi_hs = NULL; + tsi_handshaker* tsi_hs = NULL; tsi_result result = tsi_ssl_client_handshaker_factory_create_handshaker( c->client_handshaker_factory, c->overridden_target_name != NULL ? c->overridden_target_name @@ -573,7 +607,6 @@ static void ssl_channel_add_handshakers(grpc_exec_ctx *exec_ctx, tsi_result_to_string(result)); return; } - // Create handshakers. grpc_handshake_manager_add( handshake_mgr, @@ -581,13 +614,103 @@ static void ssl_channel_add_handshakers(grpc_exec_ctx *exec_ctx, exec_ctx, tsi_create_adapter_handshaker(tsi_hs), &sc->base)); } -static void ssl_server_add_handshakers(grpc_exec_ctx *exec_ctx, - grpc_server_security_connector *sc, - grpc_handshake_manager *handshake_mgr) { - grpc_ssl_server_security_connector *c = - (grpc_ssl_server_security_connector *)sc; +static const char** fill_alpn_protocol_strings(size_t* num_alpn_protocols) { + GPR_ASSERT(num_alpn_protocols != NULL); + *num_alpn_protocols = grpc_chttp2_num_alpn_versions(); + const char** alpn_protocol_strings = + (const char**)gpr_malloc(sizeof(const char*) * (*num_alpn_protocols)); + for (size_t i = 0; i < *num_alpn_protocols; i++) { + alpn_protocol_strings[i] = grpc_chttp2_get_alpn_version_index(i); + } + return alpn_protocol_strings; +} + +/* Attempts to replace the server_handshaker_factory with a new factory using + * the provided grpc_ssl_server_certificate_config. Should new factory creation + * fail, the existing factory will not be replaced. Returns true on success (new + * factory created). */ +static bool try_replace_server_handshaker_factory( + grpc_ssl_server_security_connector* sc, + const grpc_ssl_server_certificate_config* config) { + if (config == NULL) { + gpr_log(GPR_ERROR, + "Server certificate config callback returned invalid (NULL) " + "config."); + return false; + } + gpr_log(GPR_DEBUG, "Using new server certificate config (%p).", config); + + size_t num_alpn_protocols = 0; + const char** alpn_protocol_strings = + fill_alpn_protocol_strings(&num_alpn_protocols); + tsi_ssl_pem_key_cert_pair* cert_pairs = grpc_convert_grpc_to_tsi_cert_pairs( + config->pem_key_cert_pairs, config->num_key_cert_pairs); + tsi_ssl_server_handshaker_factory* new_handshaker_factory = NULL; + grpc_ssl_server_credentials* server_creds = + (grpc_ssl_server_credentials*)sc->base.server_creds; + tsi_result result = tsi_create_ssl_server_handshaker_factory_ex( + cert_pairs, config->num_key_cert_pairs, config->pem_root_certs, + get_tsi_client_certificate_request_type( + server_creds->config.client_certificate_request), + ssl_cipher_suites(), alpn_protocol_strings, (uint16_t)num_alpn_protocols, + &new_handshaker_factory); + gpr_free(cert_pairs); + gpr_free((void*)alpn_protocol_strings); + + if (result != TSI_OK) { + gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.", + tsi_result_to_string(result)); + return false; + } + tsi_ssl_server_handshaker_factory_unref(sc->server_handshaker_factory); + sc->server_handshaker_factory = new_handshaker_factory; + return true; +} + +/* Attempts to fetch the server certificate config if a callback is available. + * Current certificate config will continue to be used if the callback returns + * an error. Returns true if new credentials were sucessfully loaded. */ +static bool try_fetch_ssl_server_credentials( + grpc_ssl_server_security_connector* sc) { + grpc_ssl_server_certificate_config* certificate_config = NULL; + bool status; + + GPR_ASSERT(sc != NULL); + if (!server_connector_has_cert_config_fetcher(sc)) return false; + + grpc_ssl_server_credentials* server_creds = + (grpc_ssl_server_credentials*)sc->base.server_creds; + grpc_ssl_certificate_config_reload_status cb_result = + server_creds->certificate_config_fetcher.cb( + server_creds->certificate_config_fetcher.user_data, + &certificate_config); + if (cb_result == GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED) { + gpr_log(GPR_DEBUG, "No change in SSL server credentials."); + status = false; + } else if (cb_result == GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW) { + status = try_replace_server_handshaker_factory(sc, certificate_config); + } else { + // Log error, continue using previously-loaded credentials. + gpr_log(GPR_ERROR, + "Failed fetching new server credentials, continuing to " + "use previously-loaded credentials."); + status = false; + } + + if (certificate_config != NULL) { + grpc_ssl_server_certificate_config_destroy(certificate_config); + } + return status; +} + +static void ssl_server_add_handshakers(grpc_exec_ctx* exec_ctx, + grpc_server_security_connector* sc, + grpc_handshake_manager* handshake_mgr) { + grpc_ssl_server_security_connector* c = + (grpc_ssl_server_security_connector*)sc; // Instantiate TSI handshaker. - tsi_handshaker *tsi_hs = NULL; + try_fetch_ssl_server_credentials(c); + tsi_handshaker* tsi_hs = NULL; tsi_result result = tsi_ssl_server_handshaker_factory_create_handshaker( c->server_handshaker_factory, &tsi_hs); if (result != TSI_OK) { @@ -595,7 +718,6 @@ static void ssl_server_add_handshakers(grpc_exec_ctx *exec_ctx, tsi_result_to_string(result)); return; } - // Create handshakers. grpc_handshake_manager_add( handshake_mgr, @@ -603,12 +725,12 @@ static void ssl_server_add_handshakers(grpc_exec_ctx *exec_ctx, exec_ctx, tsi_create_adapter_handshaker(tsi_hs), &sc->base)); } -static int ssl_host_matches_name(const tsi_peer *peer, const char *peer_name) { - char *allocated_name = NULL; +static int ssl_host_matches_name(const tsi_peer* peer, const char* peer_name) { + char* allocated_name = NULL; int r; if (strchr(peer_name, ':') != NULL) { - char *ignored_port; + char* ignored_port; gpr_split_host_port(peer_name, &allocated_name, &ignored_port); gpr_free(ignored_port); peer_name = allocated_name; @@ -619,10 +741,10 @@ static int ssl_host_matches_name(const tsi_peer *peer, const char *peer_name) { return r; } -grpc_auth_context *tsi_ssl_peer_to_auth_context(const tsi_peer *peer) { +grpc_auth_context* tsi_ssl_peer_to_auth_context(const tsi_peer* peer) { size_t i; - grpc_auth_context *ctx = NULL; - const char *peer_identity_property_name = NULL; + grpc_auth_context* ctx = NULL; + const char* peer_identity_property_name = NULL; /* The caller has checked the certificate type property. */ GPR_ASSERT(peer->property_count >= 1); @@ -631,7 +753,7 @@ grpc_auth_context *tsi_ssl_peer_to_auth_context(const tsi_peer *peer) { ctx, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME, GRPC_SSL_TRANSPORT_SECURITY_TYPE); for (i = 0; i < peer->property_count; i++) { - const tsi_peer_property *prop = &peer->properties[i]; + const tsi_peer_property* prop = &peer->properties[i]; if (prop->name == NULL) continue; if (strcmp(prop->name, TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY) == 0) { /* If there is no subject alt name, have the CN as the identity. */ @@ -657,11 +779,11 @@ grpc_auth_context *tsi_ssl_peer_to_auth_context(const tsi_peer *peer) { return ctx; } -static grpc_error *ssl_check_peer(grpc_security_connector *sc, - const char *peer_name, const tsi_peer *peer, - grpc_auth_context **auth_context) { +static grpc_error* ssl_check_peer(grpc_security_connector* sc, + const char* peer_name, const tsi_peer* peer, + grpc_auth_context** auth_context) { /* Check the ALPN. */ - const tsi_peer_property *p = + const tsi_peer_property* p = tsi_peer_get_property_by_name(peer, TSI_SSL_ALPN_SELECTED_PROTOCOL); if (p == NULL) { return GRPC_ERROR_CREATE_FROM_STATIC_STRING( @@ -674,9 +796,9 @@ static grpc_error *ssl_check_peer(grpc_security_connector *sc, /* Check the peer name if specified. */ if (peer_name != NULL && !ssl_host_matches_name(peer, peer_name)) { - char *msg; + char* msg; gpr_asprintf(&msg, "Peer name %s is not in peer certificate", peer_name); - grpc_error *error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg); + grpc_error* error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg); gpr_free(msg); return error; } @@ -684,35 +806,36 @@ static grpc_error *ssl_check_peer(grpc_security_connector *sc, return GRPC_ERROR_NONE; } -static void ssl_channel_check_peer(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc, tsi_peer peer, - grpc_auth_context **auth_context, - grpc_closure *on_peer_checked) { - grpc_ssl_channel_security_connector *c = - (grpc_ssl_channel_security_connector *)sc; - grpc_error *error = ssl_check_peer(sc, c->overridden_target_name != NULL - ? c->overridden_target_name - : c->target_name, +static void ssl_channel_check_peer(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc, tsi_peer peer, + grpc_auth_context** auth_context, + grpc_closure* on_peer_checked) { + grpc_ssl_channel_security_connector* c = + (grpc_ssl_channel_security_connector*)sc; + grpc_error* error = ssl_check_peer(sc, + c->overridden_target_name != NULL + ? c->overridden_target_name + : c->target_name, &peer, auth_context); GRPC_CLOSURE_SCHED(exec_ctx, on_peer_checked, error); tsi_peer_destruct(&peer); } -static void ssl_server_check_peer(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc, tsi_peer peer, - grpc_auth_context **auth_context, - grpc_closure *on_peer_checked) { - grpc_error *error = ssl_check_peer(sc, NULL, &peer, auth_context); +static void ssl_server_check_peer(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc, tsi_peer peer, + grpc_auth_context** auth_context, + grpc_closure* on_peer_checked) { + grpc_error* error = ssl_check_peer(sc, NULL, &peer, auth_context); tsi_peer_destruct(&peer); GRPC_CLOSURE_SCHED(exec_ctx, on_peer_checked, error); } -static int ssl_channel_cmp(grpc_security_connector *sc1, - grpc_security_connector *sc2) { - grpc_ssl_channel_security_connector *c1 = - (grpc_ssl_channel_security_connector *)sc1; - grpc_ssl_channel_security_connector *c2 = - (grpc_ssl_channel_security_connector *)sc2; +static int ssl_channel_cmp(grpc_security_connector* sc1, + grpc_security_connector* sc2) { + grpc_ssl_channel_security_connector* c1 = + (grpc_ssl_channel_security_connector*)sc1; + grpc_ssl_channel_security_connector* c2 = + (grpc_ssl_channel_security_connector*)sc2; int c = grpc_channel_security_connector_cmp(&c1->base, &c2->base); if (c != 0) return c; c = strcmp(c1->target_name, c2->target_name); @@ -723,27 +846,27 @@ static int ssl_channel_cmp(grpc_security_connector *sc1, : strcmp(c1->overridden_target_name, c2->overridden_target_name); } -static int ssl_server_cmp(grpc_security_connector *sc1, - grpc_security_connector *sc2) { +static int ssl_server_cmp(grpc_security_connector* sc1, + grpc_security_connector* sc2) { return grpc_server_security_connector_cmp( - (grpc_server_security_connector *)sc1, - (grpc_server_security_connector *)sc2); + (grpc_server_security_connector*)sc1, + (grpc_server_security_connector*)sc2); } -static void add_shallow_auth_property_to_peer(tsi_peer *peer, - const grpc_auth_property *prop, - const char *tsi_prop_name) { - tsi_peer_property *tsi_prop = &peer->properties[peer->property_count++]; - tsi_prop->name = (char *)tsi_prop_name; +static void add_shallow_auth_property_to_peer(tsi_peer* peer, + const grpc_auth_property* prop, + const char* tsi_prop_name) { + tsi_peer_property* tsi_prop = &peer->properties[peer->property_count++]; + tsi_prop->name = (char*)tsi_prop_name; tsi_prop->value.data = prop->value; tsi_prop->value.length = prop->value_length; } tsi_peer tsi_shallow_peer_from_ssl_auth_context( - const grpc_auth_context *auth_context) { + const grpc_auth_context* auth_context) { size_t max_num_props = 0; grpc_auth_property_iterator it; - const grpc_auth_property *prop; + const grpc_auth_property* prop; tsi_peer peer; memset(&peer, 0, sizeof(peer)); @@ -751,8 +874,8 @@ tsi_peer tsi_shallow_peer_from_ssl_auth_context( while (grpc_auth_property_iterator_next(&it) != NULL) max_num_props++; if (max_num_props > 0) { - peer.properties = (tsi_peer_property *)gpr_malloc( - max_num_props * sizeof(tsi_peer_property)); + peer.properties = (tsi_peer_property*)gpr_malloc(max_num_props * + sizeof(tsi_peer_property)); it = grpc_auth_context_property_iterator(auth_context); while ((prop = grpc_auth_property_iterator_next(&it)) != NULL) { if (strcmp(prop->name, GRPC_X509_SAN_PROPERTY_NAME) == 0) { @@ -770,18 +893,18 @@ tsi_peer tsi_shallow_peer_from_ssl_auth_context( return peer; } -void tsi_shallow_peer_destruct(tsi_peer *peer) { +void tsi_shallow_peer_destruct(tsi_peer* peer) { if (peer->properties != NULL) gpr_free(peer->properties); } -static bool ssl_channel_check_call_host(grpc_exec_ctx *exec_ctx, - grpc_channel_security_connector *sc, - const char *host, - grpc_auth_context *auth_context, - grpc_closure *on_call_host_checked, - grpc_error **error) { - grpc_ssl_channel_security_connector *c = - (grpc_ssl_channel_security_connector *)sc; +static bool ssl_channel_check_call_host(grpc_exec_ctx* exec_ctx, + grpc_channel_security_connector* sc, + const char* host, + grpc_auth_context* auth_context, + grpc_closure* on_call_host_checked, + grpc_error** error) { + grpc_ssl_channel_security_connector* c = + (grpc_ssl_channel_security_connector*)sc; grpc_security_status status = GRPC_SECURITY_ERROR; tsi_peer peer = tsi_shallow_peer_from_ssl_auth_context(auth_context); if (ssl_host_matches_name(&peer, host)) status = GRPC_SECURITY_OK; @@ -800,8 +923,8 @@ static bool ssl_channel_check_call_host(grpc_exec_ctx *exec_ctx, } static void ssl_channel_cancel_check_call_host( - grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *sc, - grpc_closure *on_call_host_checked, grpc_error *error) { + grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* sc, + grpc_closure* on_call_host_checked, grpc_error* error) { GRPC_ERROR_UNREF(error); } @@ -816,7 +939,7 @@ static grpc_slice compute_default_pem_root_certs_once(void) { grpc_slice result = grpc_empty_slice(); /* First try to load the roots from the environment. */ - char *default_root_certs_path = + char* default_root_certs_path = gpr_getenv(GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR); if (default_root_certs_path != NULL) { GRPC_LOG_IF_ERROR("load_file", @@ -827,7 +950,7 @@ static grpc_slice compute_default_pem_root_certs_once(void) { /* Try overridden roots if needed. */ grpc_ssl_roots_override_result ovrd_res = GRPC_SSL_ROOTS_OVERRIDE_FAIL; if (GRPC_SLICE_IS_EMPTY(result) && ssl_roots_override_cb != NULL) { - char *pem_root_certs = NULL; + char* pem_root_certs = NULL; ovrd_res = ssl_roots_override_cb(&pem_root_certs); if (ovrd_res == GRPC_SSL_ROOTS_OVERRIDE_OK) { GPR_ASSERT(pem_root_certs != NULL); @@ -857,58 +980,29 @@ grpc_slice grpc_get_default_ssl_roots_for_testing(void) { return compute_default_pem_root_certs_once(); } -static tsi_client_certificate_request_type -get_tsi_client_certificate_request_type( - grpc_ssl_client_certificate_request_type grpc_request_type) { - switch (grpc_request_type) { - case GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE: - return TSI_DONT_REQUEST_CLIENT_CERTIFICATE; - - case GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY: - return TSI_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY; - - case GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY: - return TSI_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY; - - case GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY: - return TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY; - - case GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY: - return TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY; - - default: - // Is this a sane default - return TSI_DONT_REQUEST_CLIENT_CERTIFICATE; - } -} - -const char *grpc_get_default_ssl_roots(void) { +const char* grpc_get_default_ssl_roots(void) { /* TODO(jboeuf@google.com): Maybe revisit the approach which consists in loading all the roots once for the lifetime of the process. */ static gpr_once once = GPR_ONCE_INIT; gpr_once_init(&once, init_default_pem_root_certs); return GRPC_SLICE_IS_EMPTY(default_pem_root_certs) ? NULL - : (const char *)GRPC_SLICE_START_PTR(default_pem_root_certs); + : (const char*)GRPC_SLICE_START_PTR(default_pem_root_certs); } grpc_security_status grpc_ssl_channel_security_connector_create( - grpc_exec_ctx *exec_ctx, grpc_channel_credentials *channel_creds, - grpc_call_credentials *request_metadata_creds, - const grpc_ssl_config *config, const char *target_name, - const char *overridden_target_name, grpc_channel_security_connector **sc) { - size_t num_alpn_protocols = grpc_chttp2_num_alpn_versions(); - const char **alpn_protocol_strings = - (const char **)gpr_malloc(sizeof(const char *) * num_alpn_protocols); + grpc_exec_ctx* exec_ctx, grpc_channel_credentials* channel_creds, + grpc_call_credentials* request_metadata_creds, + const grpc_ssl_config* config, const char* target_name, + const char* overridden_target_name, grpc_channel_security_connector** sc) { + size_t num_alpn_protocols = 0; + const char** alpn_protocol_strings = + fill_alpn_protocol_strings(&num_alpn_protocols); tsi_result result = TSI_OK; - grpc_ssl_channel_security_connector *c; - size_t i; - const char *pem_root_certs; - char *port; + grpc_ssl_channel_security_connector* c; + const char* pem_root_certs; + char* port; bool has_key_cert_pair; - for (i = 0; i < num_alpn_protocols; i++) { - alpn_protocol_strings[i] = grpc_chttp2_get_alpn_version_index(i); - } if (config == NULL || target_name == NULL) { gpr_log(GPR_ERROR, "An ssl channel needs a config and a target name."); @@ -924,7 +1018,7 @@ grpc_security_status grpc_ssl_channel_security_connector_create( pem_root_certs = config->pem_root_certs; } - c = (grpc_ssl_channel_security_connector *)gpr_zalloc( + c = (grpc_ssl_channel_security_connector*)gpr_zalloc( sizeof(grpc_ssl_channel_security_connector)); gpr_ref_init(&c->base.base.refcount, 1); @@ -957,58 +1051,72 @@ grpc_security_status grpc_ssl_channel_security_connector_create( goto error; } *sc = &c->base; - gpr_free((void *)alpn_protocol_strings); + gpr_free((void*)alpn_protocol_strings); return GRPC_SECURITY_OK; error: - gpr_free((void *)alpn_protocol_strings); + gpr_free((void*)alpn_protocol_strings); return GRPC_SECURITY_ERROR; } -grpc_security_status grpc_ssl_server_security_connector_create( - grpc_exec_ctx *exec_ctx, grpc_server_credentials *server_creds, - const grpc_ssl_server_config *config, grpc_server_security_connector **sc) { - size_t num_alpn_protocols = grpc_chttp2_num_alpn_versions(); - const char **alpn_protocol_strings = - (const char **)gpr_malloc(sizeof(const char *) * num_alpn_protocols); - tsi_result result = TSI_OK; - grpc_ssl_server_security_connector *c; - size_t i; - - for (i = 0; i < num_alpn_protocols; i++) { - alpn_protocol_strings[i] = grpc_chttp2_get_alpn_version_index(i); - } - - if (config == NULL || config->num_key_cert_pairs == 0) { - gpr_log(GPR_ERROR, "An SSL server needs a key and a cert."); - goto error; - } - c = (grpc_ssl_server_security_connector *)gpr_zalloc( - sizeof(grpc_ssl_server_security_connector)); - +static grpc_ssl_server_security_connector* +grpc_ssl_server_security_connector_initialize( + grpc_server_credentials* server_creds) { + grpc_ssl_server_security_connector* c = + (grpc_ssl_server_security_connector*)gpr_zalloc( + sizeof(grpc_ssl_server_security_connector)); gpr_ref_init(&c->base.base.refcount, 1); c->base.base.url_scheme = GRPC_SSL_URL_SCHEME; c->base.base.vtable = &ssl_server_vtable; + c->base.add_handshakers = ssl_server_add_handshakers; c->base.server_creds = grpc_server_credentials_ref(server_creds); - result = tsi_create_ssl_server_handshaker_factory_ex( - config->pem_key_cert_pairs, config->num_key_cert_pairs, - config->pem_root_certs, get_tsi_client_certificate_request_type( - config->client_certificate_request), - ssl_cipher_suites(), alpn_protocol_strings, (uint16_t)num_alpn_protocols, - &c->server_handshaker_factory); - if (result != TSI_OK) { - gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.", - tsi_result_to_string(result)); - ssl_server_destroy(exec_ctx, &c->base.base); - *sc = NULL; - goto error; + return c; +} + +grpc_security_status grpc_ssl_server_security_connector_create( + grpc_exec_ctx* exec_ctx, grpc_server_credentials* gsc, + grpc_server_security_connector** sc) { + tsi_result result = TSI_OK; + grpc_ssl_server_credentials* server_credentials = + (grpc_ssl_server_credentials*)gsc; + grpc_security_status retval = GRPC_SECURITY_OK; + + GPR_ASSERT(server_credentials != NULL); + GPR_ASSERT(sc != NULL); + + grpc_ssl_server_security_connector* c = + grpc_ssl_server_security_connector_initialize(gsc); + if (server_connector_has_cert_config_fetcher(c)) { + // Load initial credentials from certificate_config_fetcher: + if (!try_fetch_ssl_server_credentials(c)) { + gpr_log(GPR_ERROR, "Failed loading SSL server credentials from fetcher."); + retval = GRPC_SECURITY_ERROR; + } + } else { + size_t num_alpn_protocols = 0; + const char** alpn_protocol_strings = + fill_alpn_protocol_strings(&num_alpn_protocols); + result = tsi_create_ssl_server_handshaker_factory_ex( + server_credentials->config.pem_key_cert_pairs, + server_credentials->config.num_key_cert_pairs, + server_credentials->config.pem_root_certs, + get_tsi_client_certificate_request_type( + server_credentials->config.client_certificate_request), + ssl_cipher_suites(), alpn_protocol_strings, + (uint16_t)num_alpn_protocols, &c->server_handshaker_factory); + gpr_free((void*)alpn_protocol_strings); + if (result != TSI_OK) { + gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.", + tsi_result_to_string(result)); + retval = GRPC_SECURITY_ERROR; + } } - c->base.add_handshakers = ssl_server_add_handshakers; - *sc = &c->base; - gpr_free((void *)alpn_protocol_strings); - return GRPC_SECURITY_OK; -error: - gpr_free((void *)alpn_protocol_strings); - return GRPC_SECURITY_ERROR; + if (retval == GRPC_SECURITY_OK) { + *sc = &c->base; + } else { + if (c != NULL) ssl_server_destroy(exec_ctx, &c->base.base); + if (sc != NULL) *sc = NULL; + } + return retval; } diff --git a/src/core/lib/security/transport/security_connector.h b/src/core/lib/security/transport/security_connector.h index 8287151f44..79fdbc1a66 100644 --- a/src/core/lib/security/transport/security_connector.h +++ b/src/core/lib/security/transport/security_connector.h @@ -56,17 +56,17 @@ typedef struct grpc_security_connector grpc_security_connector; #define GRPC_ARG_SECURITY_CONNECTOR "grpc.security_connector" typedef struct { - void (*destroy)(grpc_exec_ctx *exec_ctx, grpc_security_connector *sc); - void (*check_peer)(grpc_exec_ctx *exec_ctx, grpc_security_connector *sc, - tsi_peer peer, grpc_auth_context **auth_context, - grpc_closure *on_peer_checked); - int (*cmp)(grpc_security_connector *sc, grpc_security_connector *other); + void (*destroy)(grpc_exec_ctx* exec_ctx, grpc_security_connector* sc); + void (*check_peer)(grpc_exec_ctx* exec_ctx, grpc_security_connector* sc, + tsi_peer peer, grpc_auth_context** auth_context, + grpc_closure* on_peer_checked); + int (*cmp)(grpc_security_connector* sc, grpc_security_connector* other); } grpc_security_connector_vtable; struct grpc_security_connector { - const grpc_security_connector_vtable *vtable; + const grpc_security_connector_vtable* vtable; gpr_refcount refcount; - const char *url_scheme; + const char* url_scheme; }; /* Refcounting. */ @@ -75,44 +75,44 @@ struct grpc_security_connector { grpc_security_connector_ref((p), __FILE__, __LINE__, (r)) #define GRPC_SECURITY_CONNECTOR_UNREF(exec_ctx, p, r) \ grpc_security_connector_unref((exec_ctx), (p), __FILE__, __LINE__, (r)) -grpc_security_connector *grpc_security_connector_ref( - grpc_security_connector *policy, const char *file, int line, - const char *reason); -void grpc_security_connector_unref(grpc_exec_ctx *exec_ctx, - grpc_security_connector *policy, - const char *file, int line, - const char *reason); +grpc_security_connector* grpc_security_connector_ref( + grpc_security_connector* policy, const char* file, int line, + const char* reason); +void grpc_security_connector_unref(grpc_exec_ctx* exec_ctx, + grpc_security_connector* policy, + const char* file, int line, + const char* reason); #else #define GRPC_SECURITY_CONNECTOR_REF(p, r) grpc_security_connector_ref((p)) #define GRPC_SECURITY_CONNECTOR_UNREF(exec_ctx, p, r) \ grpc_security_connector_unref((exec_ctx), (p)) -grpc_security_connector *grpc_security_connector_ref( - grpc_security_connector *policy); -void grpc_security_connector_unref(grpc_exec_ctx *exec_ctx, - grpc_security_connector *policy); +grpc_security_connector* grpc_security_connector_ref( + grpc_security_connector* policy); +void grpc_security_connector_unref(grpc_exec_ctx* exec_ctx, + grpc_security_connector* policy); #endif /* Check the peer. Callee takes ownership of the peer object. When done, sets *auth_context and invokes on_peer_checked. */ -void grpc_security_connector_check_peer(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc, +void grpc_security_connector_check_peer(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc, tsi_peer peer, - grpc_auth_context **auth_context, - grpc_closure *on_peer_checked); + grpc_auth_context** auth_context, + grpc_closure* on_peer_checked); /* Compares two security connectors. */ -int grpc_security_connector_cmp(grpc_security_connector *sc, - grpc_security_connector *other); +int grpc_security_connector_cmp(grpc_security_connector* sc, + grpc_security_connector* other); /* Util to encapsulate the connector in a channel arg. */ -grpc_arg grpc_security_connector_to_arg(grpc_security_connector *sc); +grpc_arg grpc_security_connector_to_arg(grpc_security_connector* sc); /* Util to get the connector from a channel arg. */ -grpc_security_connector *grpc_security_connector_from_arg(const grpc_arg *arg); +grpc_security_connector* grpc_security_connector_from_arg(const grpc_arg* arg); /* Util to find the connector from channel args. */ -grpc_security_connector *grpc_security_connector_find_in_args( - const grpc_channel_args *args); +grpc_security_connector* grpc_security_connector_find_in_args( + const grpc_channel_args* args); /* --- channel_security_connector object. --- @@ -123,46 +123,46 @@ typedef struct grpc_channel_security_connector grpc_channel_security_connector; struct grpc_channel_security_connector { grpc_security_connector base; - grpc_channel_credentials *channel_creds; - grpc_call_credentials *request_metadata_creds; - bool (*check_call_host)(grpc_exec_ctx *exec_ctx, - grpc_channel_security_connector *sc, const char *host, - grpc_auth_context *auth_context, - grpc_closure *on_call_host_checked, - grpc_error **error); - void (*cancel_check_call_host)(grpc_exec_ctx *exec_ctx, - grpc_channel_security_connector *sc, - grpc_closure *on_call_host_checked, - grpc_error *error); - void (*add_handshakers)(grpc_exec_ctx *exec_ctx, - grpc_channel_security_connector *sc, - grpc_handshake_manager *handshake_mgr); + grpc_channel_credentials* channel_creds; + grpc_call_credentials* request_metadata_creds; + bool (*check_call_host)(grpc_exec_ctx* exec_ctx, + grpc_channel_security_connector* sc, const char* host, + grpc_auth_context* auth_context, + grpc_closure* on_call_host_checked, + grpc_error** error); + void (*cancel_check_call_host)(grpc_exec_ctx* exec_ctx, + grpc_channel_security_connector* sc, + grpc_closure* on_call_host_checked, + grpc_error* error); + void (*add_handshakers)(grpc_exec_ctx* exec_ctx, + grpc_channel_security_connector* sc, + grpc_handshake_manager* handshake_mgr); }; /// A helper function for use in grpc_security_connector_cmp() implementations. -int grpc_channel_security_connector_cmp(grpc_channel_security_connector *sc1, - grpc_channel_security_connector *sc2); +int grpc_channel_security_connector_cmp(grpc_channel_security_connector* sc1, + grpc_channel_security_connector* sc2); /// Checks that the host that will be set for a call is acceptable. /// Returns true if completed synchronously, in which case \a error will /// be set to indicate the result. Otherwise, \a on_call_host_checked /// will be invoked when complete. bool grpc_channel_security_connector_check_call_host( - grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *sc, - const char *host, grpc_auth_context *auth_context, - grpc_closure *on_call_host_checked, grpc_error **error); + grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* sc, + const char* host, grpc_auth_context* auth_context, + grpc_closure* on_call_host_checked, grpc_error** error); /// Cancels a pending asychronous call to /// grpc_channel_security_connector_check_call_host() with /// \a on_call_host_checked as its callback. void grpc_channel_security_connector_cancel_check_call_host( - grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *sc, - grpc_closure *on_call_host_checked, grpc_error *error); + grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* sc, + grpc_closure* on_call_host_checked, grpc_error* error); /* Registers handshakers with \a handshake_mgr. */ void grpc_channel_security_connector_add_handshakers( - grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *connector, - grpc_handshake_manager *handshake_mgr); + grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* connector, + grpc_handshake_manager* handshake_mgr); /* --- server_security_connector object. --- @@ -173,39 +173,39 @@ typedef struct grpc_server_security_connector grpc_server_security_connector; struct grpc_server_security_connector { grpc_security_connector base; - grpc_server_credentials *server_creds; - void (*add_handshakers)(grpc_exec_ctx *exec_ctx, - grpc_server_security_connector *sc, - grpc_handshake_manager *handshake_mgr); + grpc_server_credentials* server_creds; + void (*add_handshakers)(grpc_exec_ctx* exec_ctx, + grpc_server_security_connector* sc, + grpc_handshake_manager* handshake_mgr); }; /// A helper function for use in grpc_security_connector_cmp() implementations. -int grpc_server_security_connector_cmp(grpc_server_security_connector *sc1, - grpc_server_security_connector *sc2); +int grpc_server_security_connector_cmp(grpc_server_security_connector* sc1, + grpc_server_security_connector* sc2); void grpc_server_security_connector_add_handshakers( - grpc_exec_ctx *exec_ctx, grpc_server_security_connector *sc, - grpc_handshake_manager *handshake_mgr); + grpc_exec_ctx* exec_ctx, grpc_server_security_connector* sc, + grpc_handshake_manager* handshake_mgr); /* --- Creation security connectors. --- */ /* For TESTING ONLY! Creates a fake connector that emulates real channel security. */ -grpc_channel_security_connector *grpc_fake_channel_security_connector_create( - grpc_channel_credentials *channel_creds, - grpc_call_credentials *request_metadata_creds, const char *target, - const grpc_channel_args *args); +grpc_channel_security_connector* grpc_fake_channel_security_connector_create( + grpc_channel_credentials* channel_creds, + grpc_call_credentials* request_metadata_creds, const char* target, + const grpc_channel_args* args); /* For TESTING ONLY! Creates a fake connector that emulates real server security. */ -grpc_server_security_connector *grpc_fake_server_security_connector_create( - grpc_server_credentials *server_creds); +grpc_server_security_connector* grpc_fake_server_security_connector_create( + grpc_server_credentials* server_creds); /* Config for ssl clients. */ typedef struct { - tsi_ssl_pem_key_cert_pair *pem_key_cert_pair; - char *pem_root_certs; + tsi_ssl_pem_key_cert_pair* pem_key_cert_pair; + char* pem_root_certs; } grpc_ssl_config; /* Creates an SSL channel_security_connector. @@ -222,22 +222,22 @@ typedef struct { specific error code otherwise. */ grpc_security_status grpc_ssl_channel_security_connector_create( - grpc_exec_ctx *exec_ctx, grpc_channel_credentials *channel_creds, - grpc_call_credentials *request_metadata_creds, - const grpc_ssl_config *config, const char *target_name, - const char *overridden_target_name, grpc_channel_security_connector **sc); + grpc_exec_ctx* exec_ctx, grpc_channel_credentials* channel_creds, + grpc_call_credentials* request_metadata_creds, + const grpc_ssl_config* config, const char* target_name, + const char* overridden_target_name, grpc_channel_security_connector** sc); /* Gets the default ssl roots. Returns NULL if not found. */ -const char *grpc_get_default_ssl_roots(void); +const char* grpc_get_default_ssl_roots(void); /* Exposed for TESTING ONLY!. */ grpc_slice grpc_get_default_ssl_roots_for_testing(void); /* Config for ssl servers. */ typedef struct { - tsi_ssl_pem_key_cert_pair *pem_key_cert_pairs; + tsi_ssl_pem_key_cert_pair* pem_key_cert_pairs; size_t num_key_cert_pairs; - char *pem_root_certs; + char* pem_root_certs; grpc_ssl_client_certificate_request_type client_certificate_request; } grpc_ssl_server_config; @@ -248,18 +248,18 @@ typedef struct { specific error code otherwise. */ grpc_security_status grpc_ssl_server_security_connector_create( - grpc_exec_ctx *exec_ctx, grpc_server_credentials *server_creds, - const grpc_ssl_server_config *config, grpc_server_security_connector **sc); + grpc_exec_ctx* exec_ctx, grpc_server_credentials* server_credentials, + grpc_server_security_connector** sc); /* Util. */ -const tsi_peer_property *tsi_peer_get_property_by_name(const tsi_peer *peer, - const char *name); +const tsi_peer_property* tsi_peer_get_property_by_name(const tsi_peer* peer, + const char* name); /* Exposed for testing only. */ -grpc_auth_context *tsi_ssl_peer_to_auth_context(const tsi_peer *peer); +grpc_auth_context* tsi_ssl_peer_to_auth_context(const tsi_peer* peer); tsi_peer tsi_shallow_peer_from_ssl_auth_context( - const grpc_auth_context *auth_context); -void tsi_shallow_peer_destruct(tsi_peer *peer); + const grpc_auth_context* auth_context); +void tsi_shallow_peer_destruct(tsi_peer* peer); #ifdef __cplusplus } diff --git a/src/core/lib/security/transport/security_handshaker.cc b/src/core/lib/security/transport/security_handshaker.cc index b42f2699ae..8cb29f9710 100644 --- a/src/core/lib/security/transport/security_handshaker.cc +++ b/src/core/lib/security/transport/security_handshaker.cc @@ -40,37 +40,37 @@ typedef struct { grpc_handshaker base; // State set at creation time. - tsi_handshaker *handshaker; - grpc_security_connector *connector; + tsi_handshaker* handshaker; + grpc_security_connector* connector; gpr_mu mu; gpr_refcount refs; bool shutdown; // Endpoint and read buffer to destroy after a shutdown. - grpc_endpoint *endpoint_to_destroy; - grpc_slice_buffer *read_buffer_to_destroy; + grpc_endpoint* endpoint_to_destroy; + grpc_slice_buffer* read_buffer_to_destroy; // State saved while performing the handshake. - grpc_handshaker_args *args; - grpc_closure *on_handshake_done; + grpc_handshaker_args* args; + grpc_closure* on_handshake_done; - unsigned char *handshake_buffer; + unsigned char* handshake_buffer; size_t handshake_buffer_size; grpc_slice_buffer outgoing; grpc_closure on_handshake_data_sent_to_peer; grpc_closure on_handshake_data_received_from_peer; grpc_closure on_peer_checked; - grpc_auth_context *auth_context; - tsi_handshaker_result *handshaker_result; + grpc_auth_context* auth_context; + tsi_handshaker_result* handshaker_result; } security_handshaker; -static size_t move_read_buffer_into_handshake_buffer(grpc_exec_ctx *exec_ctx, - security_handshaker *h) { +static size_t move_read_buffer_into_handshake_buffer(grpc_exec_ctx* exec_ctx, + security_handshaker* h) { size_t bytes_in_read_buffer = h->args->read_buffer->length; if (h->handshake_buffer_size < bytes_in_read_buffer) { h->handshake_buffer = - (uint8_t *)gpr_realloc(h->handshake_buffer, bytes_in_read_buffer); + (uint8_t*)gpr_realloc(h->handshake_buffer, bytes_in_read_buffer); h->handshake_buffer_size = bytes_in_read_buffer; } size_t offset = 0; @@ -84,8 +84,8 @@ static size_t move_read_buffer_into_handshake_buffer(grpc_exec_ctx *exec_ctx, return bytes_in_read_buffer; } -static void security_handshaker_unref(grpc_exec_ctx *exec_ctx, - security_handshaker *h) { +static void security_handshaker_unref(grpc_exec_ctx* exec_ctx, + security_handshaker* h) { if (gpr_unref(&h->refs)) { gpr_mu_destroy(&h->mu); tsi_handshaker_destroy(h->handshaker); @@ -107,8 +107,8 @@ static void security_handshaker_unref(grpc_exec_ctx *exec_ctx, // Set args fields to NULL, saving the endpoint and read buffer for // later destruction. -static void cleanup_args_for_failure_locked(grpc_exec_ctx *exec_ctx, - security_handshaker *h) { +static void cleanup_args_for_failure_locked(grpc_exec_ctx* exec_ctx, + security_handshaker* h) { h->endpoint_to_destroy = h->args->endpoint; h->args->endpoint = NULL; h->read_buffer_to_destroy = h->args->read_buffer; @@ -119,15 +119,15 @@ static void cleanup_args_for_failure_locked(grpc_exec_ctx *exec_ctx, // If the handshake failed or we're shutting down, clean up and invoke the // callback with the error. -static void security_handshake_failed_locked(grpc_exec_ctx *exec_ctx, - security_handshaker *h, - grpc_error *error) { +static void security_handshake_failed_locked(grpc_exec_ctx* exec_ctx, + security_handshaker* h, + grpc_error* error) { if (error == GRPC_ERROR_NONE) { // If we were shut down after the handshake succeeded but before an // endpoint callback was invoked, we need to generate our own error. error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("Handshaker shutdown"); } - const char *msg = grpc_error_string(error); + const char* msg = grpc_error_string(error); gpr_log(GPR_DEBUG, "Security handshake failed: %s", msg); if (!h->shutdown) { @@ -147,14 +147,14 @@ static void security_handshake_failed_locked(grpc_exec_ctx *exec_ctx, GRPC_CLOSURE_SCHED(exec_ctx, h->on_handshake_done, error); } -static void on_peer_checked_inner(grpc_exec_ctx *exec_ctx, - security_handshaker *h, grpc_error *error) { +static void on_peer_checked_inner(grpc_exec_ctx* exec_ctx, + security_handshaker* h, grpc_error* error) { if (error != GRPC_ERROR_NONE || h->shutdown) { security_handshake_failed_locked(exec_ctx, h, GRPC_ERROR_REF(error)); return; } // Create zero-copy frame protector, if implemented. - tsi_zero_copy_grpc_protector *zero_copy_protector = NULL; + tsi_zero_copy_grpc_protector* zero_copy_protector = NULL; tsi_result result = tsi_handshaker_result_create_zero_copy_grpc_protector( exec_ctx, h->handshaker_result, NULL, &zero_copy_protector); if (result != TSI_OK && result != TSI_UNIMPLEMENTED) { @@ -166,7 +166,7 @@ static void on_peer_checked_inner(grpc_exec_ctx *exec_ctx, return; } // Create frame protector if zero-copy frame protector is NULL. - tsi_frame_protector *protector = NULL; + tsi_frame_protector* protector = NULL; if (zero_copy_protector == NULL) { result = tsi_handshaker_result_create_frame_protector(h->handshaker_result, NULL, &protector); @@ -179,14 +179,14 @@ static void on_peer_checked_inner(grpc_exec_ctx *exec_ctx, } } // Get unused bytes. - const unsigned char *unused_bytes = NULL; + const unsigned char* unused_bytes = NULL; size_t unused_bytes_size = 0; result = tsi_handshaker_result_get_unused_bytes( h->handshaker_result, &unused_bytes, &unused_bytes_size); // Create secure endpoint. if (unused_bytes_size > 0) { grpc_slice slice = - grpc_slice_from_copied_buffer((char *)unused_bytes, unused_bytes_size); + grpc_slice_from_copied_buffer((char*)unused_bytes, unused_bytes_size); h->args->endpoint = grpc_secure_endpoint_create( protector, zero_copy_protector, h->args->endpoint, &slice, 1); grpc_slice_unref_internal(exec_ctx, slice); @@ -198,7 +198,7 @@ static void on_peer_checked_inner(grpc_exec_ctx *exec_ctx, h->handshaker_result = NULL; // Add auth context to channel args. grpc_arg auth_context_arg = grpc_auth_context_to_arg(h->auth_context); - grpc_channel_args *tmp_args = h->args->args; + grpc_channel_args* tmp_args = h->args->args; h->args->args = grpc_channel_args_copy_and_add(tmp_args, &auth_context_arg, 1); grpc_channel_args_destroy(exec_ctx, tmp_args); @@ -209,17 +209,17 @@ static void on_peer_checked_inner(grpc_exec_ctx *exec_ctx, h->shutdown = true; } -static void on_peer_checked(grpc_exec_ctx *exec_ctx, void *arg, - grpc_error *error) { - security_handshaker *h = (security_handshaker *)arg; +static void on_peer_checked(grpc_exec_ctx* exec_ctx, void* arg, + grpc_error* error) { + security_handshaker* h = (security_handshaker*)arg; gpr_mu_lock(&h->mu); on_peer_checked_inner(exec_ctx, h, error); gpr_mu_unlock(&h->mu); security_handshaker_unref(exec_ctx, h); } -static grpc_error *check_peer_locked(grpc_exec_ctx *exec_ctx, - security_handshaker *h) { +static grpc_error* check_peer_locked(grpc_exec_ctx* exec_ctx, + security_handshaker* h) { tsi_peer peer; tsi_result result = tsi_handshaker_result_extract_peer(h->handshaker_result, &peer); @@ -232,11 +232,11 @@ static grpc_error *check_peer_locked(grpc_exec_ctx *exec_ctx, return GRPC_ERROR_NONE; } -static grpc_error *on_handshake_next_done_locked( - grpc_exec_ctx *exec_ctx, security_handshaker *h, tsi_result result, - const unsigned char *bytes_to_send, size_t bytes_to_send_size, - tsi_handshaker_result *handshaker_result) { - grpc_error *error = GRPC_ERROR_NONE; +static grpc_error* on_handshake_next_done_locked( + grpc_exec_ctx* exec_ctx, security_handshaker* h, tsi_result result, + const unsigned char* bytes_to_send, size_t bytes_to_send_size, + tsi_handshaker_result* handshaker_result) { + grpc_error* error = GRPC_ERROR_NONE; // Read more if we need to. if (result == TSI_INCOMPLETE_DATA) { GPR_ASSERT(bytes_to_send_size == 0); @@ -256,7 +256,7 @@ static grpc_error *on_handshake_next_done_locked( if (bytes_to_send_size > 0) { // Send data to peer, if needed. grpc_slice to_send = grpc_slice_from_copied_buffer( - (const char *)bytes_to_send, bytes_to_send_size); + (const char*)bytes_to_send, bytes_to_send_size); grpc_slice_buffer_reset_and_unref_internal(exec_ctx, &h->outgoing); grpc_slice_buffer_add(&h->outgoing, to_send); grpc_endpoint_write(exec_ctx, h->args->endpoint, &h->outgoing, @@ -273,14 +273,14 @@ static grpc_error *on_handshake_next_done_locked( } static void on_handshake_next_done_grpc_wrapper( - tsi_result result, void *user_data, const unsigned char *bytes_to_send, - size_t bytes_to_send_size, tsi_handshaker_result *handshaker_result) { - security_handshaker *h = (security_handshaker *)user_data; + tsi_result result, void* user_data, const unsigned char* bytes_to_send, + size_t bytes_to_send_size, tsi_handshaker_result* handshaker_result) { + security_handshaker* h = (security_handshaker*)user_data; // This callback will be invoked by TSI in a non-grpc thread, so it's // safe to create our own exec_ctx here. grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; gpr_mu_lock(&h->mu); - grpc_error *error = + grpc_error* error = on_handshake_next_done_locked(&exec_ctx, h, result, bytes_to_send, bytes_to_send_size, handshaker_result); if (error != GRPC_ERROR_NONE) { @@ -293,13 +293,13 @@ static void on_handshake_next_done_grpc_wrapper( grpc_exec_ctx_finish(&exec_ctx); } -static grpc_error *do_handshaker_next_locked( - grpc_exec_ctx *exec_ctx, security_handshaker *h, - const unsigned char *bytes_received, size_t bytes_received_size) { +static grpc_error* do_handshaker_next_locked( + grpc_exec_ctx* exec_ctx, security_handshaker* h, + const unsigned char* bytes_received, size_t bytes_received_size) { // Invoke TSI handshaker. - const unsigned char *bytes_to_send = NULL; + const unsigned char* bytes_to_send = NULL; size_t bytes_to_send_size = 0; - tsi_handshaker_result *handshaker_result = NULL; + tsi_handshaker_result* handshaker_result = NULL; tsi_result result = tsi_handshaker_next( h->handshaker, bytes_received, bytes_received_size, &bytes_to_send, &bytes_to_send_size, &handshaker_result, @@ -315,14 +315,15 @@ static grpc_error *do_handshaker_next_locked( bytes_to_send_size, handshaker_result); } -static void on_handshake_data_received_from_peer(grpc_exec_ctx *exec_ctx, - void *arg, grpc_error *error) { - security_handshaker *h = (security_handshaker *)arg; +static void on_handshake_data_received_from_peer(grpc_exec_ctx* exec_ctx, + void* arg, grpc_error* error) { + security_handshaker* h = (security_handshaker*)arg; gpr_mu_lock(&h->mu); if (error != GRPC_ERROR_NONE || h->shutdown) { security_handshake_failed_locked( - exec_ctx, h, GRPC_ERROR_CREATE_REFERENCING_FROM_STATIC_STRING( - "Handshake read failed", &error, 1)); + exec_ctx, h, + GRPC_ERROR_CREATE_REFERENCING_FROM_STATIC_STRING( + "Handshake read failed", &error, 1)); gpr_mu_unlock(&h->mu); security_handshaker_unref(exec_ctx, h); return; @@ -343,14 +344,15 @@ static void on_handshake_data_received_from_peer(grpc_exec_ctx *exec_ctx, } } -static void on_handshake_data_sent_to_peer(grpc_exec_ctx *exec_ctx, void *arg, - grpc_error *error) { - security_handshaker *h = (security_handshaker *)arg; +static void on_handshake_data_sent_to_peer(grpc_exec_ctx* exec_ctx, void* arg, + grpc_error* error) { + security_handshaker* h = (security_handshaker*)arg; gpr_mu_lock(&h->mu); if (error != GRPC_ERROR_NONE || h->shutdown) { security_handshake_failed_locked( - exec_ctx, h, GRPC_ERROR_CREATE_REFERENCING_FROM_STATIC_STRING( - "Handshake write failed", &error, 1)); + exec_ctx, h, + GRPC_ERROR_CREATE_REFERENCING_FROM_STATIC_STRING( + "Handshake write failed", &error, 1)); gpr_mu_unlock(&h->mu); security_handshaker_unref(exec_ctx, h); return; @@ -375,16 +377,16 @@ static void on_handshake_data_sent_to_peer(grpc_exec_ctx *exec_ctx, void *arg, // public handshaker API // -static void security_handshaker_destroy(grpc_exec_ctx *exec_ctx, - grpc_handshaker *handshaker) { - security_handshaker *h = (security_handshaker *)handshaker; +static void security_handshaker_destroy(grpc_exec_ctx* exec_ctx, + grpc_handshaker* handshaker) { + security_handshaker* h = (security_handshaker*)handshaker; security_handshaker_unref(exec_ctx, h); } -static void security_handshaker_shutdown(grpc_exec_ctx *exec_ctx, - grpc_handshaker *handshaker, - grpc_error *why) { - security_handshaker *h = (security_handshaker *)handshaker; +static void security_handshaker_shutdown(grpc_exec_ctx* exec_ctx, + grpc_handshaker* handshaker, + grpc_error* why) { + security_handshaker* h = (security_handshaker*)handshaker; gpr_mu_lock(&h->mu); if (!h->shutdown) { h->shutdown = true; @@ -395,19 +397,19 @@ static void security_handshaker_shutdown(grpc_exec_ctx *exec_ctx, GRPC_ERROR_UNREF(why); } -static void security_handshaker_do_handshake(grpc_exec_ctx *exec_ctx, - grpc_handshaker *handshaker, - grpc_tcp_server_acceptor *acceptor, - grpc_closure *on_handshake_done, - grpc_handshaker_args *args) { - security_handshaker *h = (security_handshaker *)handshaker; +static void security_handshaker_do_handshake(grpc_exec_ctx* exec_ctx, + grpc_handshaker* handshaker, + grpc_tcp_server_acceptor* acceptor, + grpc_closure* on_handshake_done, + grpc_handshaker_args* args) { + security_handshaker* h = (security_handshaker*)handshaker; gpr_mu_lock(&h->mu); h->args = args; h->on_handshake_done = on_handshake_done; gpr_ref(&h->refs); size_t bytes_received_size = move_read_buffer_into_handshake_buffer(exec_ctx, h); - grpc_error *error = do_handshaker_next_locked( + grpc_error* error = do_handshaker_next_locked( exec_ctx, h, h->handshake_buffer, bytes_received_size); if (error != GRPC_ERROR_NONE) { security_handshake_failed_locked(exec_ctx, h, error); @@ -422,18 +424,18 @@ static const grpc_handshaker_vtable security_handshaker_vtable = { security_handshaker_destroy, security_handshaker_shutdown, security_handshaker_do_handshake}; -static grpc_handshaker *security_handshaker_create( - grpc_exec_ctx *exec_ctx, tsi_handshaker *handshaker, - grpc_security_connector *connector) { - security_handshaker *h = - (security_handshaker *)gpr_zalloc(sizeof(security_handshaker)); +static grpc_handshaker* security_handshaker_create( + grpc_exec_ctx* exec_ctx, tsi_handshaker* handshaker, + grpc_security_connector* connector) { + security_handshaker* h = + (security_handshaker*)gpr_zalloc(sizeof(security_handshaker)); grpc_handshaker_init(&security_handshaker_vtable, &h->base); h->handshaker = handshaker; h->connector = GRPC_SECURITY_CONNECTOR_REF(connector, "handshake"); gpr_mu_init(&h->mu); gpr_ref_init(&h->refs, 1); h->handshake_buffer_size = GRPC_INITIAL_HANDSHAKE_BUFFER_SIZE; - h->handshake_buffer = (uint8_t *)gpr_malloc(h->handshake_buffer_size); + h->handshake_buffer = (uint8_t*)gpr_malloc(h->handshake_buffer_size); GRPC_CLOSURE_INIT(&h->on_handshake_data_sent_to_peer, on_handshake_data_sent_to_peer, h, grpc_schedule_on_exec_ctx); @@ -450,22 +452,22 @@ static grpc_handshaker *security_handshaker_create( // fail_handshaker // -static void fail_handshaker_destroy(grpc_exec_ctx *exec_ctx, - grpc_handshaker *handshaker) { +static void fail_handshaker_destroy(grpc_exec_ctx* exec_ctx, + grpc_handshaker* handshaker) { gpr_free(handshaker); } -static void fail_handshaker_shutdown(grpc_exec_ctx *exec_ctx, - grpc_handshaker *handshaker, - grpc_error *why) { +static void fail_handshaker_shutdown(grpc_exec_ctx* exec_ctx, + grpc_handshaker* handshaker, + grpc_error* why) { GRPC_ERROR_UNREF(why); } -static void fail_handshaker_do_handshake(grpc_exec_ctx *exec_ctx, - grpc_handshaker *handshaker, - grpc_tcp_server_acceptor *acceptor, - grpc_closure *on_handshake_done, - grpc_handshaker_args *args) { +static void fail_handshaker_do_handshake(grpc_exec_ctx* exec_ctx, + grpc_handshaker* handshaker, + grpc_tcp_server_acceptor* acceptor, + grpc_closure* on_handshake_done, + grpc_handshaker_args* args) { GRPC_CLOSURE_SCHED(exec_ctx, on_handshake_done, GRPC_ERROR_CREATE_FROM_STATIC_STRING( "Failed to create security handshaker")); @@ -475,8 +477,8 @@ static const grpc_handshaker_vtable fail_handshaker_vtable = { fail_handshaker_destroy, fail_handshaker_shutdown, fail_handshaker_do_handshake}; -static grpc_handshaker *fail_handshaker_create() { - grpc_handshaker *h = (grpc_handshaker *)gpr_malloc(sizeof(*h)); +static grpc_handshaker* fail_handshaker_create() { + grpc_handshaker* h = (grpc_handshaker*)gpr_malloc(sizeof(*h)); grpc_handshaker_init(&fail_handshaker_vtable, h); return h; } @@ -486,27 +488,27 @@ static grpc_handshaker *fail_handshaker_create() { // static void client_handshaker_factory_add_handshakers( - grpc_exec_ctx *exec_ctx, grpc_handshaker_factory *handshaker_factory, - const grpc_channel_args *args, grpc_handshake_manager *handshake_mgr) { - grpc_channel_security_connector *security_connector = - (grpc_channel_security_connector *)grpc_security_connector_find_in_args( + grpc_exec_ctx* exec_ctx, grpc_handshaker_factory* handshaker_factory, + const grpc_channel_args* args, grpc_handshake_manager* handshake_mgr) { + grpc_channel_security_connector* security_connector = + (grpc_channel_security_connector*)grpc_security_connector_find_in_args( args); grpc_channel_security_connector_add_handshakers(exec_ctx, security_connector, handshake_mgr); } static void server_handshaker_factory_add_handshakers( - grpc_exec_ctx *exec_ctx, grpc_handshaker_factory *hf, - const grpc_channel_args *args, grpc_handshake_manager *handshake_mgr) { - grpc_server_security_connector *security_connector = - (grpc_server_security_connector *)grpc_security_connector_find_in_args( + grpc_exec_ctx* exec_ctx, grpc_handshaker_factory* hf, + const grpc_channel_args* args, grpc_handshake_manager* handshake_mgr) { + grpc_server_security_connector* security_connector = + (grpc_server_security_connector*)grpc_security_connector_find_in_args( args); grpc_server_security_connector_add_handshakers(exec_ctx, security_connector, handshake_mgr); } static void handshaker_factory_destroy( - grpc_exec_ctx *exec_ctx, grpc_handshaker_factory *handshaker_factory) {} + grpc_exec_ctx* exec_ctx, grpc_handshaker_factory* handshaker_factory) {} static const grpc_handshaker_factory_vtable client_handshaker_factory_vtable = { client_handshaker_factory_add_handshakers, handshaker_factory_destroy}; @@ -524,9 +526,9 @@ static grpc_handshaker_factory server_handshaker_factory = { // exported functions // -grpc_handshaker *grpc_security_handshaker_create( - grpc_exec_ctx *exec_ctx, tsi_handshaker *handshaker, - grpc_security_connector *connector) { +grpc_handshaker* grpc_security_handshaker_create( + grpc_exec_ctx* exec_ctx, tsi_handshaker* handshaker, + grpc_security_connector* connector) { // If no TSI handshaker was created, return a handshaker that always fails. // Otherwise, return a real security handshaker. if (handshaker == NULL) { diff --git a/src/core/lib/security/transport/security_handshaker.h b/src/core/lib/security/transport/security_handshaker.h index 178099bb94..174f70f0dd 100644 --- a/src/core/lib/security/transport/security_handshaker.h +++ b/src/core/lib/security/transport/security_handshaker.h @@ -28,9 +28,9 @@ extern "C" { #endif /// Creates a security handshaker using \a handshaker. -grpc_handshaker *grpc_security_handshaker_create( - grpc_exec_ctx *exec_ctx, tsi_handshaker *handshaker, - grpc_security_connector *connector); +grpc_handshaker* grpc_security_handshaker_create( + grpc_exec_ctx* exec_ctx, tsi_handshaker* handshaker, + grpc_security_connector* connector); /// Registers security handshaker factories. void grpc_security_register_handshaker_factories(); diff --git a/src/core/lib/security/transport/server_auth_filter.cc b/src/core/lib/security/transport/server_auth_filter.cc index f5e02f42fe..e1307410d6 100644 --- a/src/core/lib/security/transport/server_auth_filter.cc +++ b/src/core/lib/security/transport/server_auth_filter.cc @@ -33,37 +33,37 @@ typedef enum { } async_state; typedef struct call_data { - grpc_call_combiner *call_combiner; - grpc_call_stack *owning_call; - grpc_transport_stream_op_batch *recv_initial_metadata_batch; - grpc_closure *original_recv_initial_metadata_ready; + grpc_call_combiner* call_combiner; + grpc_call_stack* owning_call; + grpc_transport_stream_op_batch* recv_initial_metadata_batch; + grpc_closure* original_recv_initial_metadata_ready; grpc_closure recv_initial_metadata_ready; grpc_metadata_array md; - const grpc_metadata *consumed_md; + const grpc_metadata* consumed_md; size_t num_consumed_md; - grpc_auth_context *auth_context; + grpc_auth_context* auth_context; grpc_closure cancel_closure; gpr_atm state; // async_state } call_data; typedef struct channel_data { - grpc_auth_context *auth_context; - grpc_server_credentials *creds; + grpc_auth_context* auth_context; + grpc_server_credentials* creds; } channel_data; static grpc_metadata_array metadata_batch_to_md_array( - const grpc_metadata_batch *batch) { - grpc_linked_mdelem *l; + const grpc_metadata_batch* batch) { + grpc_linked_mdelem* l; grpc_metadata_array result; grpc_metadata_array_init(&result); for (l = batch->list.head; l != NULL; l = l->next) { - grpc_metadata *usr_md = NULL; + grpc_metadata* usr_md = NULL; grpc_mdelem md = l->md; grpc_slice key = GRPC_MDKEY(md); grpc_slice value = GRPC_MDVALUE(md); if (result.count == result.capacity) { result.capacity = GPR_MAX(result.capacity + 8, result.capacity * 2); - result.metadata = (grpc_metadata *)gpr_realloc( + result.metadata = (grpc_metadata*)gpr_realloc( result.metadata, result.capacity * sizeof(grpc_metadata)); } usr_md = &result.metadata[result.count++]; @@ -73,14 +73,14 @@ static grpc_metadata_array metadata_batch_to_md_array( return result; } -static grpc_filtered_mdelem remove_consumed_md(grpc_exec_ctx *exec_ctx, - void *user_data, +static grpc_filtered_mdelem remove_consumed_md(grpc_exec_ctx* exec_ctx, + void* user_data, grpc_mdelem md) { - grpc_call_element *elem = (grpc_call_element *)user_data; - call_data *calld = (call_data *)elem->call_data; + grpc_call_element* elem = (grpc_call_element*)user_data; + call_data* calld = (call_data*)elem->call_data; size_t i; for (i = 0; i < calld->num_consumed_md; i++) { - const grpc_metadata *consumed_md = &calld->consumed_md[i]; + const grpc_metadata* consumed_md = &calld->consumed_md[i]; if (grpc_slice_eq(GRPC_MDKEY(md), consumed_md->key) && grpc_slice_eq(GRPC_MDVALUE(md), consumed_md->value)) return GRPC_FILTERED_REMOVE(); @@ -88,15 +88,15 @@ static grpc_filtered_mdelem remove_consumed_md(grpc_exec_ctx *exec_ctx, return GRPC_FILTERED_MDELEM(md); } -static void on_md_processing_done_inner(grpc_exec_ctx *exec_ctx, - grpc_call_element *elem, - const grpc_metadata *consumed_md, +static void on_md_processing_done_inner(grpc_exec_ctx* exec_ctx, + grpc_call_element* elem, + const grpc_metadata* consumed_md, size_t num_consumed_md, - const grpc_metadata *response_md, + const grpc_metadata* response_md, size_t num_response_md, - grpc_error *error) { - call_data *calld = (call_data *)elem->call_data; - grpc_transport_stream_op_batch *batch = calld->recv_initial_metadata_batch; + grpc_error* error) { + call_data* calld = (call_data*)elem->call_data; + grpc_transport_stream_op_batch* batch = calld->recv_initial_metadata_batch; /* TODO(jboeuf): Implement support for response_md. */ if (response_md != NULL && num_response_md > 0) { gpr_log(GPR_INFO, @@ -116,16 +116,16 @@ static void on_md_processing_done_inner(grpc_exec_ctx *exec_ctx, // Called from application code. static void on_md_processing_done( - void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md, - const grpc_metadata *response_md, size_t num_response_md, - grpc_status_code status, const char *error_details) { - grpc_call_element *elem = (grpc_call_element *)user_data; - call_data *calld = (call_data *)elem->call_data; + void* user_data, const grpc_metadata* consumed_md, size_t num_consumed_md, + const grpc_metadata* response_md, size_t num_response_md, + grpc_status_code status, const char* error_details) { + grpc_call_element* elem = (grpc_call_element*)user_data; + call_data* calld = (call_data*)elem->call_data; grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; // If the call was not cancelled while we were in flight, process the result. if (gpr_atm_full_cas(&calld->state, (gpr_atm)STATE_INIT, (gpr_atm)STATE_DONE)) { - grpc_error *error = GRPC_ERROR_NONE; + grpc_error* error = GRPC_ERROR_NONE; if (status != GRPC_STATUS_OK) { if (error_details == NULL) { error_details = "Authentication metadata processing failed."; @@ -147,9 +147,9 @@ static void on_md_processing_done( grpc_exec_ctx_finish(&exec_ctx); } -static void cancel_call(grpc_exec_ctx *exec_ctx, void *arg, grpc_error *error) { - grpc_call_element *elem = (grpc_call_element *)arg; - call_data *calld = (call_data *)elem->call_data; +static void cancel_call(grpc_exec_ctx* exec_ctx, void* arg, grpc_error* error) { + grpc_call_element* elem = (grpc_call_element*)arg; + call_data* calld = (call_data*)elem->call_data; // If the result was not already processed, invoke the callback now. if (error != GRPC_ERROR_NONE && gpr_atm_full_cas(&calld->state, (gpr_atm)STATE_INIT, @@ -160,12 +160,12 @@ static void cancel_call(grpc_exec_ctx *exec_ctx, void *arg, grpc_error *error) { GRPC_CALL_STACK_UNREF(exec_ctx, calld->owning_call, "cancel_call"); } -static void recv_initial_metadata_ready(grpc_exec_ctx *exec_ctx, void *arg, - grpc_error *error) { - grpc_call_element *elem = (grpc_call_element *)arg; - channel_data *chand = (channel_data *)elem->channel_data; - call_data *calld = (call_data *)elem->call_data; - grpc_transport_stream_op_batch *batch = calld->recv_initial_metadata_batch; +static void recv_initial_metadata_ready(grpc_exec_ctx* exec_ctx, void* arg, + grpc_error* error) { + grpc_call_element* elem = (grpc_call_element*)arg; + channel_data* chand = (channel_data*)elem->channel_data; + call_data* calld = (call_data*)elem->call_data; + grpc_transport_stream_op_batch* batch = calld->recv_initial_metadata_batch; if (error == GRPC_ERROR_NONE) { if (chand->creds != NULL && chand->creds->processor.process != NULL) { // We're calling out to the application, so we need to make sure @@ -189,9 +189,9 @@ static void recv_initial_metadata_ready(grpc_exec_ctx *exec_ctx, void *arg, } static void auth_start_transport_stream_op_batch( - grpc_exec_ctx *exec_ctx, grpc_call_element *elem, - grpc_transport_stream_op_batch *batch) { - call_data *calld = (call_data *)elem->call_data; + grpc_exec_ctx* exec_ctx, grpc_call_element* elem, + grpc_transport_stream_op_batch* batch) { + call_data* calld = (call_data*)elem->call_data; if (batch->recv_initial_metadata) { // Inject our callback. calld->recv_initial_metadata_batch = batch; @@ -204,11 +204,11 @@ static void auth_start_transport_stream_op_batch( } /* Constructor for call_data */ -static grpc_error *init_call_elem(grpc_exec_ctx *exec_ctx, - grpc_call_element *elem, - const grpc_call_element_args *args) { - call_data *calld = (call_data *)elem->call_data; - channel_data *chand = (channel_data *)elem->channel_data; +static grpc_error* init_call_elem(grpc_exec_ctx* exec_ctx, + grpc_call_element* elem, + const grpc_call_element_args* args) { + call_data* calld = (call_data*)elem->call_data; + channel_data* chand = (channel_data*)elem->channel_data; calld->call_combiner = args->call_combiner; calld->owning_call = args->call_stack; GRPC_CLOSURE_INIT(&calld->recv_initial_metadata_ready, @@ -216,7 +216,7 @@ static grpc_error *init_call_elem(grpc_exec_ctx *exec_ctx, grpc_schedule_on_exec_ctx); // Create server security context. Set its auth context from channel // data and save it in the call context. - grpc_server_security_context *server_ctx = + grpc_server_security_context* server_ctx = grpc_server_security_context_create(); server_ctx->auth_context = grpc_auth_context_create(chand->auth_context); calld->auth_context = server_ctx->auth_context; @@ -231,31 +231,31 @@ static grpc_error *init_call_elem(grpc_exec_ctx *exec_ctx, } /* Destructor for call_data */ -static void destroy_call_elem(grpc_exec_ctx *exec_ctx, grpc_call_element *elem, - const grpc_call_final_info *final_info, - grpc_closure *ignored) {} +static void destroy_call_elem(grpc_exec_ctx* exec_ctx, grpc_call_element* elem, + const grpc_call_final_info* final_info, + grpc_closure* ignored) {} /* Constructor for channel_data */ -static grpc_error *init_channel_elem(grpc_exec_ctx *exec_ctx, - grpc_channel_element *elem, - grpc_channel_element_args *args) { +static grpc_error* init_channel_elem(grpc_exec_ctx* exec_ctx, + grpc_channel_element* elem, + grpc_channel_element_args* args) { GPR_ASSERT(!args->is_last); - channel_data *chand = (channel_data *)elem->channel_data; - grpc_auth_context *auth_context = + channel_data* chand = (channel_data*)elem->channel_data; + grpc_auth_context* auth_context = grpc_find_auth_context_in_args(args->channel_args); GPR_ASSERT(auth_context != NULL); chand->auth_context = GRPC_AUTH_CONTEXT_REF(auth_context, "server_auth_filter"); - grpc_server_credentials *creds = + grpc_server_credentials* creds = grpc_find_server_credentials_in_args(args->channel_args); chand->creds = grpc_server_credentials_ref(creds); return GRPC_ERROR_NONE; } /* Destructor for channel data */ -static void destroy_channel_elem(grpc_exec_ctx *exec_ctx, - grpc_channel_element *elem) { - channel_data *chand = (channel_data *)elem->channel_data; +static void destroy_channel_elem(grpc_exec_ctx* exec_ctx, + grpc_channel_element* elem) { + channel_data* chand = (channel_data*)elem->channel_data; GRPC_AUTH_CONTEXT_UNREF(chand->auth_context, "server_auth_filter"); grpc_server_credentials_unref(exec_ctx, chand->creds); } diff --git a/src/core/lib/security/transport/tsi_error.cc b/src/core/lib/security/transport/tsi_error.cc index 72f9600e84..f71696d35d 100644 --- a/src/core/lib/security/transport/tsi_error.cc +++ b/src/core/lib/security/transport/tsi_error.cc @@ -18,7 +18,7 @@ #include "src/core/lib/security/transport/tsi_error.h" -grpc_error *grpc_set_tsi_error_result(grpc_error *error, tsi_result result) { +grpc_error* grpc_set_tsi_error_result(grpc_error* error, tsi_result result) { return grpc_error_set_int( grpc_error_set_str( error, GRPC_ERROR_STR_TSI_ERROR, diff --git a/src/core/lib/security/transport/tsi_error.h b/src/core/lib/security/transport/tsi_error.h index 4e19daf796..4e8418f3fd 100644 --- a/src/core/lib/security/transport/tsi_error.h +++ b/src/core/lib/security/transport/tsi_error.h @@ -26,7 +26,7 @@ extern "C" { #endif -grpc_error *grpc_set_tsi_error_result(grpc_error *error, tsi_result result); +grpc_error* grpc_set_tsi_error_result(grpc_error* error, tsi_result result); #ifdef __cplusplus } diff --git a/src/core/lib/security/util/json_util.cc b/src/core/lib/security/util/json_util.cc index d847addef9..365bd1537c 100644 --- a/src/core/lib/security/util/json_util.cc +++ b/src/core/lib/security/util/json_util.cc @@ -23,9 +23,9 @@ #include <grpc/support/log.h> #include <grpc/support/string_util.h> -const char *grpc_json_get_string_property(const grpc_json *json, - const char *prop_name) { - grpc_json *child; +const char* grpc_json_get_string_property(const grpc_json* json, + const char* prop_name) { + grpc_json* child; for (child = json->child; child != NULL; child = child->next) { if (strcmp(child->key, prop_name) == 0) break; } @@ -36,10 +36,10 @@ const char *grpc_json_get_string_property(const grpc_json *json, return child->value; } -bool grpc_copy_json_string_property(const grpc_json *json, - const char *prop_name, - char **copied_value) { - const char *prop_value = grpc_json_get_string_property(json, prop_name); +bool grpc_copy_json_string_property(const grpc_json* json, + const char* prop_name, + char** copied_value) { + const char* prop_value = grpc_json_get_string_property(json, prop_name); if (prop_value == NULL) return false; *copied_value = gpr_strdup(prop_value); return true; diff --git a/src/core/lib/security/util/json_util.h b/src/core/lib/security/util/json_util.h index cdd8a7198a..7538f76120 100644 --- a/src/core/lib/security/util/json_util.h +++ b/src/core/lib/security/util/json_util.h @@ -33,13 +33,13 @@ extern "C" { #endif // Gets a child property from a json node. -const char *grpc_json_get_string_property(const grpc_json *json, - const char *prop_name); +const char* grpc_json_get_string_property(const grpc_json* json, + const char* prop_name); // Copies the value of the json child property specified by prop_name. // Returns false if the property was not found. -bool grpc_copy_json_string_property(const grpc_json *json, - const char *prop_name, char **copied_value); +bool grpc_copy_json_string_property(const grpc_json* json, + const char* prop_name, char** copied_value); #ifdef __cplusplus } |