aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/core/security
diff options
context:
space:
mode:
authorGravatar Craig Tiller <ctiller@google.com>2015-06-01 12:55:57 -0700
committerGravatar Craig Tiller <ctiller@google.com>2015-06-01 12:55:57 -0700
commit06bac34df01bc2b06e3808a87f80d591c491fc5f (patch)
treecede895636542b0e9ad4476f7ef8248dc82a114a /src/core/security
parent89717c4c34967baf4733435cc9640e30eddddb64 (diff)
Properly integrate credentials metadata delivery
Diffstat (limited to 'src/core/security')
-rw-r--r--src/core/security/client_auth_filter.c11
-rw-r--r--src/core/security/credentials.c42
-rw-r--r--src/core/security/credentials.h3
-rw-r--r--src/core/security/google_default_credentials.c7
4 files changed, 40 insertions, 23 deletions
diff --git a/src/core/security/client_auth_filter.c b/src/core/security/client_auth_filter.c
index b2bce1fd32..9d55362da6 100644
--- a/src/core/security/client_auth_filter.c
+++ b/src/core/security/client_auth_filter.c
@@ -52,6 +52,7 @@ typedef struct {
grpc_credentials *creds;
grpc_mdstr *host;
grpc_mdstr *method;
+ grpc_pollset *pollset;
grpc_transport_op op;
size_t op_md_idx;
int sent_initial_metadata;
@@ -160,8 +161,9 @@ static void send_security_metadata(grpc_call_element *elem,
service_url =
build_service_url(chand->security_connector->base.url_scheme, calld);
calld->op = *op; /* Copy op (originates from the caller's stack). */
- grpc_credentials_get_request_metadata(calld->creds, service_url,
- on_credentials_metadata, elem);
+ GPR_ASSERT(calld->pollset);
+ grpc_credentials_get_request_metadata(
+ calld->creds, calld->pollset, service_url, on_credentials_metadata, elem);
gpr_free(service_url);
}
@@ -195,6 +197,10 @@ static void auth_start_transport_op(grpc_call_element *elem,
/* TODO(jboeuf): write the call auth context. */
+ if (op->bind_pollset) {
+ calld->pollset = op->bind_pollset;
+ }
+
if (op->send_ops && !calld->sent_initial_metadata) {
size_t nops = op->send_ops->nops;
grpc_stream_op *ops = op->send_ops->ops;
@@ -257,6 +263,7 @@ static void init_call_elem(grpc_call_element *elem,
calld->creds = NULL;
calld->host = NULL;
calld->method = NULL;
+ calld->pollset = NULL;
calld->sent_initial_metadata = 0;
GPR_ASSERT(!initial_op || !initial_op->send_ops);
diff --git a/src/core/security/credentials.c b/src/core/security/credentials.c
index 79b14c0a83..3894f1be4f 100644
--- a/src/core/security/credentials.c
+++ b/src/core/security/credentials.c
@@ -101,6 +101,7 @@ int grpc_credentials_has_request_metadata_only(grpc_credentials *creds) {
}
void grpc_credentials_get_request_metadata(grpc_credentials *creds,
+ grpc_pollset *pollset,
const char *service_url,
grpc_credentials_metadata_cb cb,
void *user_data) {
@@ -111,7 +112,8 @@ void grpc_credentials_get_request_metadata(grpc_credentials *creds,
}
return;
}
- creds->vtable->get_request_metadata(creds, service_url, cb, user_data);
+ creds->vtable->get_request_metadata(creds, pollset, service_url, cb,
+ user_data);
}
grpc_security_status grpc_credentials_create_security_connector(
@@ -362,6 +364,7 @@ static int jwt_has_request_metadata_only(const grpc_credentials *creds) {
}
static void jwt_get_request_metadata(grpc_credentials *creds,
+ grpc_pollset *pollset,
const char *service_url,
grpc_credentials_metadata_cb cb,
void *user_data) {
@@ -443,6 +446,7 @@ grpc_credentials *grpc_jwt_credentials_create(const char *json_key,
typedef void (*grpc_fetch_oauth2_func)(grpc_credentials_metadata_request *req,
grpc_httpcli_context *http_context,
+ grpc_pollset *pollset,
grpc_httpcli_response_cb response_cb,
gpr_timespec deadline);
@@ -589,7 +593,7 @@ static void on_oauth2_token_fetcher_http_response(
}
static void oauth2_token_fetcher_get_request_metadata(
- grpc_credentials *creds, const char *service_url,
+ grpc_credentials *creds, grpc_pollset *pollset, const char *service_url,
grpc_credentials_metadata_cb cb, void *user_data) {
grpc_oauth2_token_fetcher_credentials *c =
(grpc_oauth2_token_fetcher_credentials *)creds;
@@ -612,7 +616,7 @@ static void oauth2_token_fetcher_get_request_metadata(
} else {
c->fetch_func(
grpc_credentials_metadata_request_create(creds, cb, user_data),
- &c->httpcli_context, on_oauth2_token_fetcher_http_response,
+ &c->httpcli_context, pollset, on_oauth2_token_fetcher_http_response,
gpr_time_add(gpr_now(), refresh_threshold));
}
}
@@ -638,8 +642,8 @@ static grpc_credentials_vtable compute_engine_vtable = {
static void compute_engine_fetch_oauth2(
grpc_credentials_metadata_request *metadata_req,
- grpc_httpcli_context *httpcli_context, grpc_httpcli_response_cb response_cb,
- gpr_timespec deadline) {
+ grpc_httpcli_context *httpcli_context, grpc_pollset *pollset,
+ grpc_httpcli_response_cb response_cb, gpr_timespec deadline) {
grpc_httpcli_header header = {"Metadata-Flavor", "Google"};
grpc_httpcli_request request;
memset(&request, 0, sizeof(grpc_httpcli_request));
@@ -647,7 +651,7 @@ static void compute_engine_fetch_oauth2(
request.path = GRPC_COMPUTE_ENGINE_METADATA_TOKEN_PATH;
request.hdr_count = 1;
request.hdrs = &header;
- grpc_httpcli_get(httpcli_context, &request, deadline, response_cb,
+ grpc_httpcli_get(httpcli_context, pollset, &request, deadline, response_cb,
metadata_req);
}
@@ -684,8 +688,8 @@ static grpc_credentials_vtable service_account_vtable = {
static void service_account_fetch_oauth2(
grpc_credentials_metadata_request *metadata_req,
- grpc_httpcli_context *httpcli_context, grpc_httpcli_response_cb response_cb,
- gpr_timespec deadline) {
+ grpc_httpcli_context *httpcli_context, grpc_pollset *pollset,
+ grpc_httpcli_response_cb response_cb, gpr_timespec deadline) {
grpc_service_account_credentials *c =
(grpc_service_account_credentials *)metadata_req->creds;
grpc_httpcli_header header = {"Content-Type",
@@ -710,8 +714,8 @@ static void service_account_fetch_oauth2(
request.hdr_count = 1;
request.hdrs = &header;
request.use_ssl = 1;
- grpc_httpcli_post(httpcli_context, &request, body, strlen(body), deadline,
- response_cb, metadata_req);
+ grpc_httpcli_post(httpcli_context, pollset, &request, body, strlen(body),
+ deadline, response_cb, metadata_req);
gpr_free(body);
gpr_free(jwt);
}
@@ -758,8 +762,8 @@ static grpc_credentials_vtable refresh_token_vtable = {
static void refresh_token_fetch_oauth2(
grpc_credentials_metadata_request *metadata_req,
- grpc_httpcli_context *httpcli_context, grpc_httpcli_response_cb response_cb,
- gpr_timespec deadline) {
+ grpc_httpcli_context *httpcli_context, grpc_pollset *pollset,
+ grpc_httpcli_response_cb response_cb, gpr_timespec deadline) {
grpc_refresh_token_credentials *c =
(grpc_refresh_token_credentials *)metadata_req->creds;
grpc_httpcli_header header = {"Content-Type",
@@ -775,8 +779,8 @@ static void refresh_token_fetch_oauth2(
request.hdr_count = 1;
request.hdrs = &header;
request.use_ssl = 1;
- grpc_httpcli_post(httpcli_context, &request, body, strlen(body), deadline,
- response_cb, metadata_req);
+ grpc_httpcli_post(httpcli_context, pollset, &request, body, strlen(body),
+ deadline, response_cb, metadata_req);
gpr_free(body);
}
@@ -832,6 +836,7 @@ void on_simulated_token_fetch_done(void *user_data, int success) {
}
static void fake_oauth2_get_request_metadata(grpc_credentials *creds,
+ grpc_pollset *pollset,
const char *service_url,
grpc_credentials_metadata_cb cb,
void *user_data) {
@@ -947,6 +952,7 @@ typedef struct {
grpc_credentials_md_store *md_elems;
char *service_url;
void *user_data;
+ grpc_pollset *pollset;
grpc_credentials_metadata_cb cb;
} grpc_composite_credentials_metadata_context;
@@ -1015,7 +1021,8 @@ static void composite_metadata_cb(void *user_data,
grpc_credentials *inner_creds =
ctx->composite_creds->inner.creds_array[ctx->creds_index++];
if (grpc_credentials_has_request_metadata(inner_creds)) {
- grpc_credentials_get_request_metadata(inner_creds, ctx->service_url,
+ grpc_credentials_get_request_metadata(inner_creds, ctx->pollset,
+ ctx->service_url,
composite_metadata_cb, ctx);
return;
}
@@ -1028,6 +1035,7 @@ static void composite_metadata_cb(void *user_data,
}
static void composite_get_request_metadata(grpc_credentials *creds,
+ grpc_pollset *pollset,
const char *service_url,
grpc_credentials_metadata_cb cb,
void *user_data) {
@@ -1043,11 +1051,12 @@ static void composite_get_request_metadata(grpc_credentials *creds,
ctx->user_data = user_data;
ctx->cb = cb;
ctx->composite_creds = c;
+ ctx->pollset = pollset;
ctx->md_elems = grpc_credentials_md_store_create(c->inner.num_creds);
while (ctx->creds_index < c->inner.num_creds) {
grpc_credentials *inner_creds = c->inner.creds_array[ctx->creds_index++];
if (grpc_credentials_has_request_metadata(inner_creds)) {
- grpc_credentials_get_request_metadata(inner_creds, service_url,
+ grpc_credentials_get_request_metadata(inner_creds, pollset, service_url,
composite_metadata_cb, ctx);
return;
}
@@ -1185,6 +1194,7 @@ static int iam_has_request_metadata_only(const grpc_credentials *creds) {
}
static void iam_get_request_metadata(grpc_credentials *creds,
+ grpc_pollset *pollset,
const char *service_url,
grpc_credentials_metadata_cb cb,
void *user_data) {
diff --git a/src/core/security/credentials.h b/src/core/security/credentials.h
index 85931d384d..9c876d4226 100644
--- a/src/core/security/credentials.h
+++ b/src/core/security/credentials.h
@@ -123,7 +123,7 @@ typedef struct {
void (*destroy)(grpc_credentials *c);
int (*has_request_metadata)(const grpc_credentials *c);
int (*has_request_metadata_only)(const grpc_credentials *c);
- void (*get_request_metadata)(grpc_credentials *c,
+ void (*get_request_metadata)(grpc_credentials *c, grpc_pollset *pollset,
const char *service_url,
grpc_credentials_metadata_cb cb,
void *user_data);
@@ -144,6 +144,7 @@ void grpc_credentials_unref(grpc_credentials *creds);
int grpc_credentials_has_request_metadata(grpc_credentials *creds);
int grpc_credentials_has_request_metadata_only(grpc_credentials *creds);
void grpc_credentials_get_request_metadata(grpc_credentials *creds,
+ grpc_pollset *pollset,
const char *service_url,
grpc_credentials_metadata_cb cb,
void *user_data);
diff --git a/src/core/security/google_default_credentials.c b/src/core/security/google_default_credentials.c
index 6cc3e27f4c..5d40627ba4 100644
--- a/src/core/security/google_default_credentials.c
+++ b/src/core/security/google_default_credentials.c
@@ -105,11 +105,10 @@ static int is_stack_running_on_compute_engine(void) {
request.path = "/";
grpc_httpcli_context_init(&context);
- grpc_httpcli_context_add_interested_party(&context, &detector.pollset);
- grpc_httpcli_get(&context, &request, gpr_time_add(gpr_now(), max_detection_delay),
- on_compute_engine_detection_http_response,
- &detector);
+ grpc_httpcli_get(&context, &detector.pollset, &request,
+ gpr_time_add(gpr_now(), max_detection_delay),
+ on_compute_engine_detection_http_response, &detector);
/* Block until we get the response. This is not ideal but this should only be
called once for the lifetime of the process by the default credentials. */
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-07 19:00:02 +0000