diff options
author | 2015-11-02 14:09:40 -0800 | |
---|---|---|
committer | 2015-11-02 14:09:40 -0800 | |
commit | 0581d129f53930c474330627fbc99f4eda2d693b (patch) | |
tree | c3e6a5edd3b8b2941c02ab3127139769dd152ebf /src/core/security/client_auth_filter.c | |
parent | ca1593a955d267d2158966618e943955e827296a (diff) |
stream_op cleanup: security changes
Diffstat (limited to 'src/core/security/client_auth_filter.c')
-rw-r--r-- | src/core/security/client_auth_filter.c | 109 |
1 files changed, 48 insertions, 61 deletions
diff --git a/src/core/security/client_auth_filter.c b/src/core/security/client_auth_filter.c index 635982b252..c780b65873 100644 --- a/src/core/security/client_auth_filter.c +++ b/src/core/security/client_auth_filter.c @@ -59,8 +59,6 @@ typedef struct { progress */ grpc_pollset *pollset; grpc_transport_stream_op op; - size_t op_md_idx; - int sent_initial_metadata; gpr_uint8 security_context_set; grpc_linked_mdelem md_links[MAX_CREDENTIALS_METADATA_COUNT]; char *service_url; @@ -108,9 +106,8 @@ static void on_credentials_metadata(grpc_exec_ctx *exec_ctx, void *user_data, return; } GPR_ASSERT(num_md <= MAX_CREDENTIALS_METADATA_COUNT); - GPR_ASSERT(op->send_ops && op->send_ops->nops > calld->op_md_idx && - op->send_ops->ops[calld->op_md_idx].type == GRPC_OP_METADATA); - mdb = &op->send_ops->ops[calld->op_md_idx].data.metadata; + GPR_ASSERT(op->send_initial_metadata != NULL); + mdb = op->send_initial_metadata; for (i = 0; i < num_md; i++) { grpc_metadata_batch_add_tail( mdb, &calld->md_links[i], @@ -209,7 +206,6 @@ static void auth_start_transport_op(grpc_exec_ctx *exec_ctx, call_data *calld = elem->call_data; channel_data *chand = elem->channel_data; grpc_linked_mdelem *l; - size_t i; grpc_client_security_context *sec_ctx = NULL; if (calld->security_context_set == 0 && @@ -228,53 +224,41 @@ static void auth_start_transport_op(grpc_exec_ctx *exec_ctx, chand->security_connector->base.auth_context, "client_auth_filter"); } - if (op->bind_pollset != NULL) { - calld->pollset = op->bind_pollset; - } - - if (op->send_ops != NULL && !calld->sent_initial_metadata) { - size_t nops = op->send_ops->nops; - grpc_stream_op *ops = op->send_ops->ops; - for (i = 0; i < nops; i++) { - grpc_stream_op *sop = &ops[i]; - if (sop->type != GRPC_OP_METADATA) continue; - calld->op_md_idx = i; - calld->sent_initial_metadata = 1; - for (l = sop->data.metadata.list.head; l != NULL; l = l->next) { - grpc_mdelem *md = l->md; - /* Pointer comparison is OK for md_elems created from the same context. - */ - if (md->key == chand->authority_string) { - if (calld->host != NULL) GRPC_MDSTR_UNREF(calld->host); - calld->host = GRPC_MDSTR_REF(md->value); - } else if (md->key == chand->path_string) { - if (calld->method != NULL) GRPC_MDSTR_UNREF(calld->method); - calld->method = GRPC_MDSTR_REF(md->value); - } + if (op->send_initial_metadata != NULL) { + for (l = op->send_initial_metadata->list.head; l != NULL; l = l->next) { + grpc_mdelem *md = l->md; + /* Pointer comparison is OK for md_elems created from the same context. + */ + if (md->key == chand->authority_string) { + if (calld->host != NULL) GRPC_MDSTR_UNREF(calld->host); + calld->host = GRPC_MDSTR_REF(md->value); + } else if (md->key == chand->path_string) { + if (calld->method != NULL) GRPC_MDSTR_UNREF(calld->method); + calld->method = GRPC_MDSTR_REF(md->value); } - if (calld->host != NULL) { - grpc_security_status status; - const char *call_host = grpc_mdstr_as_c_string(calld->host); - calld->op = *op; /* Copy op (originates from the caller's stack). */ - status = grpc_channel_security_connector_check_call_host( - exec_ctx, chand->security_connector, call_host, on_host_checked, - elem); - if (status != GRPC_SECURITY_OK) { - if (status == GRPC_SECURITY_ERROR) { - char *error_msg; - gpr_asprintf(&error_msg, - "Invalid host %s set in :authority metadata.", - call_host); - bubble_up_error(exec_ctx, elem, GRPC_STATUS_INVALID_ARGUMENT, - error_msg); - gpr_free(error_msg); - } - return; /* early exit */ + } + if (calld->host != NULL) { + grpc_security_status status; + const char *call_host = grpc_mdstr_as_c_string(calld->host); + calld->op = *op; /* Copy op (originates from the caller's stack). */ + status = grpc_channel_security_connector_check_call_host( + exec_ctx, chand->security_connector, call_host, on_host_checked, + elem); + if (status != GRPC_SECURITY_OK) { + if (status == GRPC_SECURITY_ERROR) { + char *error_msg; + gpr_asprintf(&error_msg, + "Invalid host %s set in :authority metadata.", + call_host); + bubble_up_error(exec_ctx, elem, GRPC_STATUS_INVALID_ARGUMENT, + error_msg); + gpr_free(error_msg); } + return; /* early exit */ } - send_security_metadata(exec_ctx, elem, op); - return; /* early exit */ } + send_security_metadata(exec_ctx, elem, op); + return; /* early exit */ } /* pass control down the stack */ @@ -283,11 +267,15 @@ static void auth_start_transport_op(grpc_exec_ctx *exec_ctx, /* Constructor for call_data */ static void init_call_elem(grpc_exec_ctx *exec_ctx, grpc_call_element *elem, - const void *server_transport_data, - grpc_transport_stream_op *initial_op) { + grpc_call_element_args *args) { call_data *calld = elem->call_data; memset(calld, 0, sizeof(*calld)); - GPR_ASSERT(!initial_op || !initial_op->send_ops); +} + +static void set_pollset(grpc_exec_ctx *exec_ctx, grpc_call_element *elem, + grpc_pollset *pollset) { + call_data *calld = elem->call_data; + calld->pollset = pollset; } /* Destructor for call_data */ @@ -306,18 +294,17 @@ static void destroy_call_elem(grpc_exec_ctx *exec_ctx, /* Constructor for channel_data */ static void init_channel_elem(grpc_exec_ctx *exec_ctx, - grpc_channel_element *elem, grpc_channel *master, - const grpc_channel_args *args, - grpc_mdctx *metadata_context, int is_first, - int is_last) { - grpc_security_connector *sc = grpc_find_security_connector_in_args(args); + grpc_channel_element *elem, + grpc_channel_element_args *args) { + grpc_security_connector *sc = + grpc_find_security_connector_in_args(args->channel_args); /* grab pointers to our data from the channel element */ channel_data *chand = elem->channel_data; /* The first and the last filters tend to be implemented differently to handle the case that there's no 'next' filter to call on the up or down path */ - GPR_ASSERT(!is_last); + GPR_ASSERT(!args->is_last); GPR_ASSERT(sc != NULL); /* initialize members */ @@ -325,7 +312,7 @@ static void init_channel_elem(grpc_exec_ctx *exec_ctx, chand->security_connector = (grpc_channel_security_connector *)GRPC_SECURITY_CONNECTOR_REF( sc, "client_auth_filter"); - chand->md_ctx = metadata_context; + chand->md_ctx = args->metadata_context; chand->authority_string = grpc_mdstr_from_string(chand->md_ctx, ":authority"); chand->path_string = grpc_mdstr_from_string(chand->md_ctx, ":path"); chand->error_msg_key = grpc_mdstr_from_string(chand->md_ctx, "grpc-message"); @@ -356,6 +343,6 @@ static void destroy_channel_elem(grpc_exec_ctx *exec_ctx, const grpc_channel_filter grpc_client_auth_filter = { auth_start_transport_op, grpc_channel_next_op, sizeof(call_data), - init_call_elem, destroy_call_elem, sizeof(channel_data), - init_channel_elem, destroy_channel_elem, grpc_call_next_get_peer, + init_call_elem, set_pollset, destroy_call_elem, sizeof(channel_data), + init_channel_elem, destroy_channel_elem, grpc_call_next_get_peer, "client-auth"}; |