diff options
author | Julien Boeuf <jboeuf@google.com> | 2015-12-16 22:05:46 -0800 |
---|---|---|
committer | Julien Boeuf <jboeuf@google.com> | 2015-12-28 10:47:48 -0800 |
commit | 9a79e28c4e2dca4c32e46c6e4a867a196e7a1bb3 (patch) | |
tree | c0af3fd5ecd789e1a4b1bf8462659cd899058d95 /src/core/security/security_connector.h | |
parent | 08ae945aac08bc36f77304ea06f826a4cf52b091 (diff) |
Removing the auth context from the security connector.
The security connector is a channel/server port wide construct. On the
other hand, the auth_context is a per-connection construct.
Diffstat (limited to 'src/core/security/security_connector.h')
-rw-r--r-- | src/core/security/security_connector.h | 47 |
1 files changed, 25 insertions, 22 deletions
diff --git a/src/core/security/security_connector.h b/src/core/security/security_connector.h index 7edb05a662..3f7103699e 100644 --- a/src/core/security/security_connector.h +++ b/src/core/security/security_connector.h @@ -60,23 +60,24 @@ typedef struct grpc_security_connector grpc_security_connector; #define GRPC_SECURITY_CONNECTOR_ARG "grpc.security_connector" -typedef void (*grpc_security_check_cb)(grpc_exec_ctx *exec_ctx, void *user_data, - grpc_security_status status); +typedef void (*grpc_security_peer_check_cb)(grpc_exec_ctx *exec_ctx, + void *user_data, + grpc_security_status status, + grpc_auth_context *auth_context); /* Ownership of the secure_endpoint is transfered. */ -typedef void (*grpc_security_handshake_done_cb)(grpc_exec_ctx *exec_ctx, - void *user_data, - grpc_security_status status, - grpc_endpoint *secure_endpoint); +typedef void (*grpc_security_handshake_done_cb)( + grpc_exec_ctx *exec_ctx, void *user_data, grpc_security_status status, + grpc_endpoint *secure_endpoint, grpc_auth_context *auth_context); typedef struct { void (*destroy)(grpc_security_connector *sc); void (*do_handshake)(grpc_exec_ctx *exec_ctx, grpc_security_connector *sc, grpc_endpoint *nonsecure_endpoint, grpc_security_handshake_done_cb cb, void *user_data); - grpc_security_status (*check_peer)(grpc_security_connector *sc, tsi_peer peer, - grpc_security_check_cb cb, - void *user_data); + void (*check_peer)(grpc_exec_ctx *exec_ctx, grpc_security_connector *sc, + tsi_peer peer, grpc_security_peer_check_cb cb, + void *user_data); } grpc_security_connector_vtable; typedef struct grpc_security_connector_handshake_list { @@ -89,9 +90,8 @@ struct grpc_security_connector { gpr_refcount refcount; int is_client_side; const char *url_scheme; - grpc_auth_context *auth_context; /* Populated after the peer is checked. */ /* Used on server side only. */ - /* TODO(yangg) maybe create a grpc_server_security_connector with these */ + /* TODO(yangg): Create a grpc_server_security_connector with these. */ gpr_mu mu; grpc_security_connector_handshake_list *handshaking_handshakes; const grpc_channel_args *channel_args; @@ -125,15 +125,13 @@ void grpc_security_connector_do_handshake(grpc_exec_ctx *exec_ctx, void *user_data); /* Check the peer. - Implementations can choose to check the peer either synchronously or - asynchronously. In the first case, a successful call will return - GRPC_SECURITY_OK. In the asynchronous case, the call will return - GRPC_SECURITY_PENDING unless an error is detected early on. Ownership of the peer is transfered. -*/ -grpc_security_status grpc_security_connector_check_peer( - grpc_security_connector *sc, tsi_peer peer, grpc_security_check_cb cb, - void *user_data); + TODO(jboeuf): Pass the peer by const pointer and do not pass ownership. */ +void grpc_security_connector_check_peer(grpc_exec_ctx *exec_ctx, + grpc_security_connector *sc, + tsi_peer peer, + grpc_security_peer_check_cb cb, + void *user_data); void grpc_security_connector_shutdown(grpc_exec_ctx *exec_ctx, grpc_security_connector *connector); @@ -155,13 +153,17 @@ grpc_security_connector *grpc_find_security_connector_in_args( typedef struct grpc_channel_security_connector grpc_channel_security_connector; +typedef void (*grpc_security_call_host_check_cb)(grpc_exec_ctx *exec_ctx, + void *user_data, + grpc_security_status status); + struct grpc_channel_security_connector { grpc_security_connector base; /* requires is_client_side to be non 0. */ grpc_call_credentials *request_metadata_creds; grpc_security_status (*check_call_host)(grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *sc, const char *host, - grpc_security_check_cb cb, + grpc_security_call_host_check_cb cb, void *user_data); }; @@ -169,10 +171,11 @@ struct grpc_channel_security_connector { Implementations can choose do the check either synchronously or asynchronously. In the first case, a successful call will return GRPC_SECURITY_OK. In the asynchronous case, the call will return - GRPC_SECURITY_PENDING unless an error is detected early on. */ + GRPC_SECURITY_PENDING unless an error is detected early on. + TODO(jboeuf): add a grpc_auth_context param to test against. */ grpc_security_status grpc_channel_security_connector_check_call_host( grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *sc, - const char *host, grpc_security_check_cb cb, void *user_data); + const char *host, grpc_security_call_host_check_cb cb, void *user_data); /* --- Creation security connectors. --- */ |