aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/core/security/security_connector.h
diff options
context:
space:
mode:
authorGravatar Julien Boeuf <jboeuf@google.com>2015-12-16 22:05:46 -0800
committerGravatar Julien Boeuf <jboeuf@google.com>2015-12-28 10:47:48 -0800
commit9a79e28c4e2dca4c32e46c6e4a867a196e7a1bb3 (patch)
treec0af3fd5ecd789e1a4b1bf8462659cd899058d95 /src/core/security/security_connector.h
parent08ae945aac08bc36f77304ea06f826a4cf52b091 (diff)
Removing the auth context from the security connector.
The security connector is a channel/server port wide construct. On the other hand, the auth_context is a per-connection construct.
Diffstat (limited to 'src/core/security/security_connector.h')
-rw-r--r--src/core/security/security_connector.h47
1 files changed, 25 insertions, 22 deletions
diff --git a/src/core/security/security_connector.h b/src/core/security/security_connector.h
index 7edb05a662..3f7103699e 100644
--- a/src/core/security/security_connector.h
+++ b/src/core/security/security_connector.h
@@ -60,23 +60,24 @@ typedef struct grpc_security_connector grpc_security_connector;
#define GRPC_SECURITY_CONNECTOR_ARG "grpc.security_connector"
-typedef void (*grpc_security_check_cb)(grpc_exec_ctx *exec_ctx, void *user_data,
- grpc_security_status status);
+typedef void (*grpc_security_peer_check_cb)(grpc_exec_ctx *exec_ctx,
+ void *user_data,
+ grpc_security_status status,
+ grpc_auth_context *auth_context);
/* Ownership of the secure_endpoint is transfered. */
-typedef void (*grpc_security_handshake_done_cb)(grpc_exec_ctx *exec_ctx,
- void *user_data,
- grpc_security_status status,
- grpc_endpoint *secure_endpoint);
+typedef void (*grpc_security_handshake_done_cb)(
+ grpc_exec_ctx *exec_ctx, void *user_data, grpc_security_status status,
+ grpc_endpoint *secure_endpoint, grpc_auth_context *auth_context);
typedef struct {
void (*destroy)(grpc_security_connector *sc);
void (*do_handshake)(grpc_exec_ctx *exec_ctx, grpc_security_connector *sc,
grpc_endpoint *nonsecure_endpoint,
grpc_security_handshake_done_cb cb, void *user_data);
- grpc_security_status (*check_peer)(grpc_security_connector *sc, tsi_peer peer,
- grpc_security_check_cb cb,
- void *user_data);
+ void (*check_peer)(grpc_exec_ctx *exec_ctx, grpc_security_connector *sc,
+ tsi_peer peer, grpc_security_peer_check_cb cb,
+ void *user_data);
} grpc_security_connector_vtable;
typedef struct grpc_security_connector_handshake_list {
@@ -89,9 +90,8 @@ struct grpc_security_connector {
gpr_refcount refcount;
int is_client_side;
const char *url_scheme;
- grpc_auth_context *auth_context; /* Populated after the peer is checked. */
/* Used on server side only. */
- /* TODO(yangg) maybe create a grpc_server_security_connector with these */
+ /* TODO(yangg): Create a grpc_server_security_connector with these. */
gpr_mu mu;
grpc_security_connector_handshake_list *handshaking_handshakes;
const grpc_channel_args *channel_args;
@@ -125,15 +125,13 @@ void grpc_security_connector_do_handshake(grpc_exec_ctx *exec_ctx,
void *user_data);
/* Check the peer.
- Implementations can choose to check the peer either synchronously or
- asynchronously. In the first case, a successful call will return
- GRPC_SECURITY_OK. In the asynchronous case, the call will return
- GRPC_SECURITY_PENDING unless an error is detected early on.
Ownership of the peer is transfered.
-*/
-grpc_security_status grpc_security_connector_check_peer(
- grpc_security_connector *sc, tsi_peer peer, grpc_security_check_cb cb,
- void *user_data);
+ TODO(jboeuf): Pass the peer by const pointer and do not pass ownership. */
+void grpc_security_connector_check_peer(grpc_exec_ctx *exec_ctx,
+ grpc_security_connector *sc,
+ tsi_peer peer,
+ grpc_security_peer_check_cb cb,
+ void *user_data);
void grpc_security_connector_shutdown(grpc_exec_ctx *exec_ctx,
grpc_security_connector *connector);
@@ -155,13 +153,17 @@ grpc_security_connector *grpc_find_security_connector_in_args(
typedef struct grpc_channel_security_connector grpc_channel_security_connector;
+typedef void (*grpc_security_call_host_check_cb)(grpc_exec_ctx *exec_ctx,
+ void *user_data,
+ grpc_security_status status);
+
struct grpc_channel_security_connector {
grpc_security_connector base; /* requires is_client_side to be non 0. */
grpc_call_credentials *request_metadata_creds;
grpc_security_status (*check_call_host)(grpc_exec_ctx *exec_ctx,
grpc_channel_security_connector *sc,
const char *host,
- grpc_security_check_cb cb,
+ grpc_security_call_host_check_cb cb,
void *user_data);
};
@@ -169,10 +171,11 @@ struct grpc_channel_security_connector {
Implementations can choose do the check either synchronously or
asynchronously. In the first case, a successful call will return
GRPC_SECURITY_OK. In the asynchronous case, the call will return
- GRPC_SECURITY_PENDING unless an error is detected early on. */
+ GRPC_SECURITY_PENDING unless an error is detected early on.
+ TODO(jboeuf): add a grpc_auth_context param to test against. */
grpc_security_status grpc_channel_security_connector_check_call_host(
grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *sc,
- const char *host, grpc_security_check_cb cb, void *user_data);
+ const char *host, grpc_security_call_host_check_cb cb, void *user_data);
/* --- Creation security connectors. --- */