aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/core/security/client_auth_filter.c
diff options
context:
space:
mode:
authorGravatar Craig Tiller <ctiller@google.com>2015-09-22 12:33:20 -0700
committerGravatar Craig Tiller <ctiller@google.com>2015-09-22 12:33:20 -0700
commita82950e68318a6aab6fe894fa39f7fa616c4647b (patch)
tree7d02bd1e9e1cbae1f14ad4ad1e06d3ae81a96dfe /src/core/security/client_auth_filter.c
parent8af4c337181322cc4fb396199c90f574cfb4163f (diff)
clang-format all core files
Diffstat (limited to 'src/core/security/client_auth_filter.c')
-rw-r--r--src/core/security/client_auth_filter.c441
1 files changed, 212 insertions, 229 deletions
diff --git a/src/core/security/client_auth_filter.c b/src/core/security/client_auth_filter.c
index 33f2e8093a..e24281bdff 100644
--- a/src/core/security/client_auth_filter.c
+++ b/src/core/security/client_auth_filter.c
@@ -49,8 +49,7 @@
#define MAX_CREDENTIALS_METADATA_COUNT 4
/* We can have a per-call credentials. */
-typedef struct
-{
+typedef struct {
grpc_credentials *creds;
grpc_mdstr *host;
grpc_mdstr *method;
@@ -68,8 +67,7 @@ typedef struct
} call_data;
/* We can have a per-channel credentials. */
-typedef struct
-{
+typedef struct {
grpc_channel_security_connector *security_connector;
grpc_mdctx *md_ctx;
grpc_mdstr *authority_string;
@@ -78,130 +76,125 @@ typedef struct
grpc_mdstr *status_key;
} channel_data;
-static void
-reset_service_url (call_data * calld)
-{
- if (calld->service_url != NULL)
- {
- gpr_free (calld->service_url);
- calld->service_url = NULL;
- }
+static void reset_service_url(call_data *calld) {
+ if (calld->service_url != NULL) {
+ gpr_free(calld->service_url);
+ calld->service_url = NULL;
+ }
}
-static void
-bubble_up_error (grpc_exec_ctx * exec_ctx, grpc_call_element * elem, grpc_status_code status, const char *error_msg)
-{
+static void bubble_up_error(grpc_exec_ctx *exec_ctx, grpc_call_element *elem,
+ grpc_status_code status, const char *error_msg) {
call_data *calld = elem->call_data;
- gpr_log (GPR_ERROR, "Client side authentication failure: %s", error_msg);
- grpc_transport_stream_op_add_cancellation (&calld->op, status);
- grpc_call_next_op (exec_ctx, elem, &calld->op);
+ gpr_log(GPR_ERROR, "Client side authentication failure: %s", error_msg);
+ grpc_transport_stream_op_add_cancellation(&calld->op, status);
+ grpc_call_next_op(exec_ctx, elem, &calld->op);
}
-static void
-on_credentials_metadata (grpc_exec_ctx * exec_ctx, void *user_data, grpc_credentials_md * md_elems, size_t num_md, grpc_credentials_status status)
-{
- grpc_call_element *elem = (grpc_call_element *) user_data;
+static void on_credentials_metadata(grpc_exec_ctx *exec_ctx, void *user_data,
+ grpc_credentials_md *md_elems,
+ size_t num_md,
+ grpc_credentials_status status) {
+ grpc_call_element *elem = (grpc_call_element *)user_data;
call_data *calld = elem->call_data;
channel_data *chand = elem->channel_data;
grpc_transport_stream_op *op = &calld->op;
grpc_metadata_batch *mdb;
size_t i;
- reset_service_url (calld);
- if (status != GRPC_CREDENTIALS_OK)
- {
- bubble_up_error (exec_ctx, elem, GRPC_STATUS_UNAUTHENTICATED, "Credentials failed to get metadata.");
- return;
- }
- GPR_ASSERT (num_md <= MAX_CREDENTIALS_METADATA_COUNT);
- GPR_ASSERT (op->send_ops && op->send_ops->nops > calld->op_md_idx && op->send_ops->ops[calld->op_md_idx].type == GRPC_OP_METADATA);
+ reset_service_url(calld);
+ if (status != GRPC_CREDENTIALS_OK) {
+ bubble_up_error(exec_ctx, elem, GRPC_STATUS_UNAUTHENTICATED,
+ "Credentials failed to get metadata.");
+ return;
+ }
+ GPR_ASSERT(num_md <= MAX_CREDENTIALS_METADATA_COUNT);
+ GPR_ASSERT(op->send_ops && op->send_ops->nops > calld->op_md_idx &&
+ op->send_ops->ops[calld->op_md_idx].type == GRPC_OP_METADATA);
mdb = &op->send_ops->ops[calld->op_md_idx].data.metadata;
- for (i = 0; i < num_md; i++)
- {
- grpc_metadata_batch_add_tail (mdb, &calld->md_links[i], grpc_mdelem_from_slices (chand->md_ctx, gpr_slice_ref (md_elems[i].key), gpr_slice_ref (md_elems[i].value)));
- }
- grpc_call_next_op (exec_ctx, elem, op);
+ for (i = 0; i < num_md; i++) {
+ grpc_metadata_batch_add_tail(
+ mdb, &calld->md_links[i],
+ grpc_mdelem_from_slices(chand->md_ctx, gpr_slice_ref(md_elems[i].key),
+ gpr_slice_ref(md_elems[i].value)));
+ }
+ grpc_call_next_op(exec_ctx, elem, op);
}
-void
-build_service_url (const char *url_scheme, call_data * calld)
-{
- char *service = gpr_strdup (grpc_mdstr_as_c_string (calld->method));
- char *last_slash = strrchr (service, '/');
- if (last_slash == NULL)
- {
- gpr_log (GPR_ERROR, "No '/' found in fully qualified method name");
- service[0] = '\0';
- }
- else if (last_slash == service)
- {
- /* No service part in fully qualified method name: will just be "/". */
- service[1] = '\0';
- }
- else
- {
- *last_slash = '\0';
- }
- if (url_scheme == NULL)
- url_scheme = "";
- reset_service_url (calld);
- gpr_asprintf (&calld->service_url, "%s://%s%s", url_scheme, grpc_mdstr_as_c_string (calld->host), service);
- gpr_free (service);
+void build_service_url(const char *url_scheme, call_data *calld) {
+ char *service = gpr_strdup(grpc_mdstr_as_c_string(calld->method));
+ char *last_slash = strrchr(service, '/');
+ if (last_slash == NULL) {
+ gpr_log(GPR_ERROR, "No '/' found in fully qualified method name");
+ service[0] = '\0';
+ } else if (last_slash == service) {
+ /* No service part in fully qualified method name: will just be "/". */
+ service[1] = '\0';
+ } else {
+ *last_slash = '\0';
+ }
+ if (url_scheme == NULL) url_scheme = "";
+ reset_service_url(calld);
+ gpr_asprintf(&calld->service_url, "%s://%s%s", url_scheme,
+ grpc_mdstr_as_c_string(calld->host), service);
+ gpr_free(service);
}
-static void
-send_security_metadata (grpc_exec_ctx * exec_ctx, grpc_call_element * elem, grpc_transport_stream_op * op)
-{
+static void send_security_metadata(grpc_exec_ctx *exec_ctx,
+ grpc_call_element *elem,
+ grpc_transport_stream_op *op) {
call_data *calld = elem->call_data;
channel_data *chand = elem->channel_data;
- grpc_client_security_context *ctx = (grpc_client_security_context *) op->context[GRPC_CONTEXT_SECURITY].value;
- grpc_credentials *channel_creds = chand->security_connector->request_metadata_creds;
- int channel_creds_has_md = (channel_creds != NULL) && grpc_credentials_has_request_metadata (channel_creds);
- int call_creds_has_md = (ctx != NULL) && (ctx->creds != NULL) && grpc_credentials_has_request_metadata (ctx->creds);
+ grpc_client_security_context *ctx =
+ (grpc_client_security_context *)op->context[GRPC_CONTEXT_SECURITY].value;
+ grpc_credentials *channel_creds =
+ chand->security_connector->request_metadata_creds;
+ int channel_creds_has_md =
+ (channel_creds != NULL) &&
+ grpc_credentials_has_request_metadata(channel_creds);
+ int call_creds_has_md = (ctx != NULL) && (ctx->creds != NULL) &&
+ grpc_credentials_has_request_metadata(ctx->creds);
- if (!channel_creds_has_md && !call_creds_has_md)
- {
- /* Skip sending metadata altogether. */
- grpc_call_next_op (exec_ctx, elem, op);
- return;
- }
+ if (!channel_creds_has_md && !call_creds_has_md) {
+ /* Skip sending metadata altogether. */
+ grpc_call_next_op(exec_ctx, elem, op);
+ return;
+ }
- if (channel_creds_has_md && call_creds_has_md)
- {
- calld->creds = grpc_composite_credentials_create (channel_creds, ctx->creds, NULL);
- if (calld->creds == NULL)
- {
- bubble_up_error (exec_ctx, elem, GRPC_STATUS_INVALID_ARGUMENT, "Incompatible credentials set on channel and call.");
- return;
- }
- }
- else
- {
- calld->creds = grpc_credentials_ref (call_creds_has_md ? ctx->creds : channel_creds);
+ if (channel_creds_has_md && call_creds_has_md) {
+ calld->creds =
+ grpc_composite_credentials_create(channel_creds, ctx->creds, NULL);
+ if (calld->creds == NULL) {
+ bubble_up_error(exec_ctx, elem, GRPC_STATUS_INVALID_ARGUMENT,
+ "Incompatible credentials set on channel and call.");
+ return;
}
+ } else {
+ calld->creds =
+ grpc_credentials_ref(call_creds_has_md ? ctx->creds : channel_creds);
+ }
- build_service_url (chand->security_connector->base.url_scheme, calld);
- calld->op = *op; /* Copy op (originates from the caller's stack). */
- GPR_ASSERT (calld->pollset);
- grpc_credentials_get_request_metadata (exec_ctx, calld->creds, calld->pollset, calld->service_url, on_credentials_metadata, elem);
+ build_service_url(chand->security_connector->base.url_scheme, calld);
+ calld->op = *op; /* Copy op (originates from the caller's stack). */
+ GPR_ASSERT(calld->pollset);
+ grpc_credentials_get_request_metadata(exec_ctx, calld->creds, calld->pollset,
+ calld->service_url,
+ on_credentials_metadata, elem);
}
-static void
-on_host_checked (grpc_exec_ctx * exec_ctx, void *user_data, grpc_security_status status)
-{
- grpc_call_element *elem = (grpc_call_element *) user_data;
+static void on_host_checked(grpc_exec_ctx *exec_ctx, void *user_data,
+ grpc_security_status status) {
+ grpc_call_element *elem = (grpc_call_element *)user_data;
call_data *calld = elem->call_data;
- if (status == GRPC_SECURITY_OK)
- {
- send_security_metadata (exec_ctx, elem, &calld->op);
- }
- else
- {
- char *error_msg;
- gpr_asprintf (&error_msg, "Invalid host %s set in :authority metadata.", grpc_mdstr_as_c_string (calld->host));
- bubble_up_error (exec_ctx, elem, GRPC_STATUS_INVALID_ARGUMENT, error_msg);
- gpr_free (error_msg);
- }
+ if (status == GRPC_SECURITY_OK) {
+ send_security_metadata(exec_ctx, elem, &calld->op);
+ } else {
+ char *error_msg;
+ gpr_asprintf(&error_msg, "Invalid host %s set in :authority metadata.",
+ grpc_mdstr_as_c_string(calld->host));
+ bubble_up_error(exec_ctx, elem, GRPC_STATUS_INVALID_ARGUMENT, error_msg);
+ gpr_free(error_msg);
+ }
}
/* Called either:
@@ -209,9 +202,9 @@ on_host_checked (grpc_exec_ctx * exec_ctx, void *user_data, grpc_security_status
- a network event (or similar) from below, to receive something
op contains type and call direction information, in addition to the data
that is being sent or received. */
-static void
-auth_start_transport_op (grpc_exec_ctx * exec_ctx, grpc_call_element * elem, grpc_transport_stream_op * op)
-{
+static void auth_start_transport_op(grpc_exec_ctx *exec_ctx,
+ grpc_call_element *elem,
+ grpc_transport_stream_op *op) {
/* grab pointers to our data from the call element */
call_data *calld = elem->call_data;
channel_data *chand = elem->channel_data;
@@ -219,162 +212,152 @@ auth_start_transport_op (grpc_exec_ctx * exec_ctx, grpc_call_element * elem, grp
size_t i;
grpc_client_security_context *sec_ctx = NULL;
- if (calld->security_context_set == 0)
- {
- calld->security_context_set = 1;
- GPR_ASSERT (op->context);
- if (op->context[GRPC_CONTEXT_SECURITY].value == NULL)
- {
- op->context[GRPC_CONTEXT_SECURITY].value = grpc_client_security_context_create ();
- op->context[GRPC_CONTEXT_SECURITY].destroy = grpc_client_security_context_destroy;
- }
- sec_ctx = op->context[GRPC_CONTEXT_SECURITY].value;
- GRPC_AUTH_CONTEXT_UNREF (sec_ctx->auth_context, "client auth filter");
- sec_ctx->auth_context = GRPC_AUTH_CONTEXT_REF (chand->security_connector->base.auth_context, "client_auth_filter");
+ if (calld->security_context_set == 0) {
+ calld->security_context_set = 1;
+ GPR_ASSERT(op->context);
+ if (op->context[GRPC_CONTEXT_SECURITY].value == NULL) {
+ op->context[GRPC_CONTEXT_SECURITY].value =
+ grpc_client_security_context_create();
+ op->context[GRPC_CONTEXT_SECURITY].destroy =
+ grpc_client_security_context_destroy;
}
+ sec_ctx = op->context[GRPC_CONTEXT_SECURITY].value;
+ GRPC_AUTH_CONTEXT_UNREF(sec_ctx->auth_context, "client auth filter");
+ sec_ctx->auth_context = GRPC_AUTH_CONTEXT_REF(
+ chand->security_connector->base.auth_context, "client_auth_filter");
+ }
- if (op->bind_pollset)
- {
- calld->pollset = op->bind_pollset;
- }
+ if (op->bind_pollset) {
+ calld->pollset = op->bind_pollset;
+ }
- if (op->send_ops && !calld->sent_initial_metadata)
- {
- size_t nops = op->send_ops->nops;
- grpc_stream_op *ops = op->send_ops->ops;
- for (i = 0; i < nops; i++)
- {
- grpc_stream_op *sop = &ops[i];
- if (sop->type != GRPC_OP_METADATA)
- continue;
- calld->op_md_idx = i;
- calld->sent_initial_metadata = 1;
- for (l = sop->data.metadata.list.head; l != NULL; l = l->next)
- {
- grpc_mdelem *md = l->md;
- /* Pointer comparison is OK for md_elems created from the same context.
- */
- if (md->key == chand->authority_string)
- {
- if (calld->host != NULL)
- GRPC_MDSTR_UNREF (calld->host);
- calld->host = GRPC_MDSTR_REF (md->value);
- }
- else if (md->key == chand->path_string)
- {
- if (calld->method != NULL)
- GRPC_MDSTR_UNREF (calld->method);
- calld->method = GRPC_MDSTR_REF (md->value);
- }
- }
- if (calld->host != NULL)
- {
- grpc_security_status status;
- const char *call_host = grpc_mdstr_as_c_string (calld->host);
- calld->op = *op; /* Copy op (originates from the caller's stack). */
- status = grpc_channel_security_connector_check_call_host (exec_ctx, chand->security_connector, call_host, on_host_checked, elem);
- if (status != GRPC_SECURITY_OK)
- {
- if (status == GRPC_SECURITY_ERROR)
- {
- char *error_msg;
- gpr_asprintf (&error_msg, "Invalid host %s set in :authority metadata.", call_host);
- bubble_up_error (exec_ctx, elem, GRPC_STATUS_INVALID_ARGUMENT, error_msg);
- gpr_free (error_msg);
- }
- return; /* early exit */
- }
- }
- send_security_metadata (exec_ctx, elem, op);
- return; /* early exit */
- }
+ if (op->send_ops && !calld->sent_initial_metadata) {
+ size_t nops = op->send_ops->nops;
+ grpc_stream_op *ops = op->send_ops->ops;
+ for (i = 0; i < nops; i++) {
+ grpc_stream_op *sop = &ops[i];
+ if (sop->type != GRPC_OP_METADATA) continue;
+ calld->op_md_idx = i;
+ calld->sent_initial_metadata = 1;
+ for (l = sop->data.metadata.list.head; l != NULL; l = l->next) {
+ grpc_mdelem *md = l->md;
+ /* Pointer comparison is OK for md_elems created from the same context.
+ */
+ if (md->key == chand->authority_string) {
+ if (calld->host != NULL) GRPC_MDSTR_UNREF(calld->host);
+ calld->host = GRPC_MDSTR_REF(md->value);
+ } else if (md->key == chand->path_string) {
+ if (calld->method != NULL) GRPC_MDSTR_UNREF(calld->method);
+ calld->method = GRPC_MDSTR_REF(md->value);
+ }
+ }
+ if (calld->host != NULL) {
+ grpc_security_status status;
+ const char *call_host = grpc_mdstr_as_c_string(calld->host);
+ calld->op = *op; /* Copy op (originates from the caller's stack). */
+ status = grpc_channel_security_connector_check_call_host(
+ exec_ctx, chand->security_connector, call_host, on_host_checked,
+ elem);
+ if (status != GRPC_SECURITY_OK) {
+ if (status == GRPC_SECURITY_ERROR) {
+ char *error_msg;
+ gpr_asprintf(&error_msg,
+ "Invalid host %s set in :authority metadata.",
+ call_host);
+ bubble_up_error(exec_ctx, elem, GRPC_STATUS_INVALID_ARGUMENT,
+ error_msg);
+ gpr_free(error_msg);
+ }
+ return; /* early exit */
+ }
+ }
+ send_security_metadata(exec_ctx, elem, op);
+ return; /* early exit */
}
+ }
/* pass control down the stack */
- grpc_call_next_op (exec_ctx, elem, op);
+ grpc_call_next_op(exec_ctx, elem, op);
}
/* Constructor for call_data */
-static void
-init_call_elem (grpc_exec_ctx * exec_ctx, grpc_call_element * elem, const void *server_transport_data, grpc_transport_stream_op * initial_op)
-{
+static void init_call_elem(grpc_exec_ctx *exec_ctx, grpc_call_element *elem,
+ const void *server_transport_data,
+ grpc_transport_stream_op *initial_op) {
call_data *calld = elem->call_data;
- memset (calld, 0, sizeof (*calld));
- GPR_ASSERT (!initial_op || !initial_op->send_ops);
+ memset(calld, 0, sizeof(*calld));
+ GPR_ASSERT(!initial_op || !initial_op->send_ops);
}
/* Destructor for call_data */
-static void
-destroy_call_elem (grpc_exec_ctx * exec_ctx, grpc_call_element * elem)
-{
+static void destroy_call_elem(grpc_exec_ctx *exec_ctx,
+ grpc_call_element *elem) {
call_data *calld = elem->call_data;
- grpc_credentials_unref (calld->creds);
- if (calld->host != NULL)
- {
- GRPC_MDSTR_UNREF (calld->host);
- }
- if (calld->method != NULL)
- {
- GRPC_MDSTR_UNREF (calld->method);
- }
- reset_service_url (calld);
+ grpc_credentials_unref(calld->creds);
+ if (calld->host != NULL) {
+ GRPC_MDSTR_UNREF(calld->host);
+ }
+ if (calld->method != NULL) {
+ GRPC_MDSTR_UNREF(calld->method);
+ }
+ reset_service_url(calld);
}
/* Constructor for channel_data */
-static void
-init_channel_elem (grpc_exec_ctx * exec_ctx, grpc_channel_element * elem, grpc_channel * master, const grpc_channel_args * args, grpc_mdctx * metadata_context, int is_first, int is_last)
-{
- grpc_security_connector *sc = grpc_find_security_connector_in_args (args);
+static void init_channel_elem(grpc_exec_ctx *exec_ctx,
+ grpc_channel_element *elem, grpc_channel *master,
+ const grpc_channel_args *args,
+ grpc_mdctx *metadata_context, int is_first,
+ int is_last) {
+ grpc_security_connector *sc = grpc_find_security_connector_in_args(args);
/* grab pointers to our data from the channel element */
channel_data *chand = elem->channel_data;
/* The first and the last filters tend to be implemented differently to
handle the case that there's no 'next' filter to call on the up or down
path */
- GPR_ASSERT (!is_last);
- GPR_ASSERT (sc != NULL);
+ GPR_ASSERT(!is_last);
+ GPR_ASSERT(sc != NULL);
/* initialize members */
- GPR_ASSERT (sc->is_client_side);
- chand->security_connector = (grpc_channel_security_connector *) GRPC_SECURITY_CONNECTOR_REF (sc, "client_auth_filter");
+ GPR_ASSERT(sc->is_client_side);
+ chand->security_connector =
+ (grpc_channel_security_connector *)GRPC_SECURITY_CONNECTOR_REF(
+ sc, "client_auth_filter");
chand->md_ctx = metadata_context;
- chand->authority_string = grpc_mdstr_from_string (chand->md_ctx, ":authority", 0);
- chand->path_string = grpc_mdstr_from_string (chand->md_ctx, ":path", 0);
- chand->error_msg_key = grpc_mdstr_from_string (chand->md_ctx, "grpc-message", 0);
- chand->status_key = grpc_mdstr_from_string (chand->md_ctx, "grpc-status", 0);
+ chand->authority_string =
+ grpc_mdstr_from_string(chand->md_ctx, ":authority", 0);
+ chand->path_string = grpc_mdstr_from_string(chand->md_ctx, ":path", 0);
+ chand->error_msg_key =
+ grpc_mdstr_from_string(chand->md_ctx, "grpc-message", 0);
+ chand->status_key = grpc_mdstr_from_string(chand->md_ctx, "grpc-status", 0);
}
/* Destructor for channel data */
-static void
-destroy_channel_elem (grpc_exec_ctx * exec_ctx, grpc_channel_element * elem)
-{
+static void destroy_channel_elem(grpc_exec_ctx *exec_ctx,
+ grpc_channel_element *elem) {
/* grab pointers to our data from the channel element */
channel_data *chand = elem->channel_data;
grpc_channel_security_connector *ctx = chand->security_connector;
if (ctx != NULL)
- GRPC_SECURITY_CONNECTOR_UNREF (&ctx->base, "client_auth_filter");
- if (chand->authority_string != NULL)
- {
- GRPC_MDSTR_UNREF (chand->authority_string);
- }
- if (chand->error_msg_key != NULL)
- {
- GRPC_MDSTR_UNREF (chand->error_msg_key);
- }
- if (chand->status_key != NULL)
- {
- GRPC_MDSTR_UNREF (chand->status_key);
- }
- if (chand->path_string != NULL)
- {
- GRPC_MDSTR_UNREF (chand->path_string);
- }
+ GRPC_SECURITY_CONNECTOR_UNREF(&ctx->base, "client_auth_filter");
+ if (chand->authority_string != NULL) {
+ GRPC_MDSTR_UNREF(chand->authority_string);
+ }
+ if (chand->error_msg_key != NULL) {
+ GRPC_MDSTR_UNREF(chand->error_msg_key);
+ }
+ if (chand->status_key != NULL) {
+ GRPC_MDSTR_UNREF(chand->status_key);
+ }
+ if (chand->path_string != NULL) {
+ GRPC_MDSTR_UNREF(chand->path_string);
+ }
}
const grpc_channel_filter grpc_client_auth_filter = {
- auth_start_transport_op, grpc_channel_next_op,
- sizeof (call_data), init_call_elem,
- destroy_call_elem, sizeof (channel_data),
- init_channel_elem, destroy_channel_elem,
- grpc_call_next_get_peer, "client-auth"
-};
+ auth_start_transport_op, grpc_channel_next_op,
+ sizeof(call_data), init_call_elem,
+ destroy_call_elem, sizeof(channel_data),
+ init_channel_elem, destroy_channel_elem,
+ grpc_call_next_get_peer, "client-auth"};
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-04 13:55:39 +0000