diff options
| author |  Julien Boeuf <jboeuf@google.com> | 2015-11-18 21:33:58 -0800 |
|---|---|---|
| committer | Julien Boeuf <jboeuf@google.com> | 2015-11-18 21:33:58 -0800 |
| commit | 3c957e60a3901d2d56ce57e2c1b900a8c3697ea7 (patch) | |
| tree | b3632822d65b0d03f8b803d21e1f1b1850526b20 /src/core | |
| parent | ea44bba3b97dc2834456cc6fa96e2b341ad56f13 (diff) | |
Fixing implementations.
Diffstat (limited to 'src/core')
| -rw-r--r-- | src/core/security/client_auth_filter.c | 47 | ||||
| -rw-r--r-- | src/core/security/credentials.c | 72 | ||||
| -rw-r--r-- | src/core/security/credentials.h | 4 |
3 files changed, 73 insertions, 50 deletions
diff --git a/src/core/security/client_auth_filter.c b/src/core/security/client_auth_filter.c index f257502a98..d822164233 100644 --- a/src/core/security/client_auth_filter.c +++ b/src/core/security/client_auth_filter.c @@ -63,7 +63,7 @@ typedef struct { int sent_initial_metadata; gpr_uint8 security_context_set; grpc_linked_mdelem md_links[MAX_CREDENTIALS_METADATA_COUNT]; - char *service_url; + grpc_auth_metadata_context auth_md_context; } call_data; /* We can have a per-channel credentials. */ @@ -76,11 +76,20 @@ typedef struct { grpc_mdstr *status_key; } channel_data; -static void reset_service_url(call_data *calld) { - if (calld->service_url != NULL) { - gpr_free(calld->service_url); - calld->service_url = NULL; +static void reset_auth_metadata_context( + grpc_auth_metadata_context *auth_md_context) { + if (auth_md_context->service_url != NULL) { + gpr_free((char *)auth_md_context->service_url); + auth_md_context->service_url = NULL; } + if (auth_md_context->method_name != NULL) { + gpr_free((char *)auth_md_context->method_name); + auth_md_context->method_name = NULL; + } + GRPC_AUTH_CONTEXT_UNREF( + (grpc_auth_context *)auth_md_context->channel_auth_context, + "grpc_auth_metadata_context"); + auth_md_context->channel_auth_context = NULL; } static void bubble_up_error(grpc_exec_ctx *exec_ctx, grpc_call_element *elem, @@ -101,7 +110,7 @@ static void on_credentials_metadata(grpc_exec_ctx *exec_ctx, void *user_data, grpc_transport_stream_op *op = &calld->op; grpc_metadata_batch *mdb; size_t i; - reset_service_url(calld); + reset_auth_metadata_context(&calld->auth_md_context); if (status != GRPC_CREDENTIALS_OK) { bubble_up_error(exec_ctx, elem, GRPC_STATUS_UNAUTHENTICATED, "Credentials failed to get metadata."); @@ -120,9 +129,13 @@ static void on_credentials_metadata(grpc_exec_ctx *exec_ctx, void *user_data, grpc_call_next_op(exec_ctx, elem, op); } -void build_service_url(const char *url_scheme, call_data *calld) { +void build_auth_metadata_context(grpc_security_connector *sc, + call_data *calld) { char *service = gpr_strdup(grpc_mdstr_as_c_string(calld->method)); char *last_slash = strrchr(service, '/'); + char *method_name = NULL; + char *service_url = NULL; + reset_auth_metadata_context(&calld->auth_md_context); if (last_slash == NULL) { gpr_log(GPR_ERROR, "No '/' found in fully qualified method name"); service[0] = '\0'; @@ -131,11 +144,15 @@ void build_service_url(const char *url_scheme, call_data *calld) { service[1] = '\0'; } else { *last_slash = '\0'; + method_name = gpr_strdup(last_slash + 1); } - if (url_scheme == NULL) url_scheme = ""; - reset_service_url(calld); - gpr_asprintf(&calld->service_url, "%s://%s%s", url_scheme, + gpr_asprintf(&service_url, "%s://%s%s", + sc->url_scheme == NULL ? "" : sc->url_scheme, grpc_mdstr_as_c_string(calld->host), service); + calld->auth_md_context.service_url = service_url; + calld->auth_md_context.method_name = method_name; + calld->auth_md_context.channel_auth_context = GRPC_AUTH_CONTEXT_REF( + sc->auth_context, "grpc_auth_metadata_context"); gpr_free(service); } @@ -169,12 +186,12 @@ static void send_security_metadata(grpc_exec_ctx *exec_ctx, call_creds_has_md ? ctx->creds : channel_call_creds); } - build_service_url(chand->security_connector->base.url_scheme, calld); + build_auth_metadata_context(&chand->security_connector->base, calld); calld->op = *op; /* Copy op (originates from the caller's stack). */ GPR_ASSERT(calld->pollset); - grpc_call_credentials_get_request_metadata(exec_ctx, calld->creds, - calld->pollset, calld->service_url, - on_credentials_metadata, elem); + grpc_call_credentials_get_request_metadata( + exec_ctx, calld->creds, calld->pollset, calld->auth_md_context, + on_credentials_metadata, elem); } static void on_host_checked(grpc_exec_ctx *exec_ctx, void *user_data, @@ -297,7 +314,7 @@ static void destroy_call_elem(grpc_exec_ctx *exec_ctx, if (calld->method != NULL) { GRPC_MDSTR_UNREF(calld->method); } - reset_service_url(calld); + reset_auth_metadata_context(&calld->auth_md_context); } /* Constructor for channel_data */ diff --git a/src/core/security/credentials.c b/src/core/security/credentials.c index 5c9d89c764..806f9a6f1c 100644 --- a/src/core/security/credentials.c +++ b/src/core/security/credentials.c @@ -33,16 +33,16 @@ #include "src/core/security/credentials.h" -#include <string.h> #include <stdio.h> +#include <string.h> #include "src/core/channel/channel_args.h" #include "src/core/channel/http_client_filter.h" -#include "src/core/json/json.h" #include "src/core/httpcli/httpcli.h" #include "src/core/iomgr/iomgr.h" -#include "src/core/surface/api_trace.h" +#include "src/core/json/json.h" #include "src/core/support/string.h" +#include "src/core/surface/api_trace.h" #include <grpc/support/alloc.h> #include <grpc/support/log.h> @@ -117,15 +117,16 @@ void grpc_call_credentials_release(grpc_call_credentials *creds) { } void grpc_call_credentials_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset, - const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { + grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, + grpc_pollset *pollset, grpc_auth_metadata_context context, + grpc_credentials_metadata_cb cb, void *user_data) { if (creds == NULL || creds->vtable->get_request_metadata == NULL) { if (cb != NULL) { cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK); } return; } - creds->vtable->get_request_metadata(exec_ctx, creds, pollset, service_url, cb, + creds->vtable->get_request_metadata(exec_ctx, creds, pollset, context, cb, user_data); } @@ -207,8 +208,7 @@ grpc_arg grpc_server_credentials_to_arg(grpc_server_credentials *p) { return arg; } -grpc_server_credentials *grpc_server_credentials_from_arg( - const grpc_arg *arg) { +grpc_server_credentials *grpc_server_credentials_from_arg(const grpc_arg *arg) { if (strcmp(arg->key, GRPC_SERVER_CREDENTIALS_ARG) != 0) return NULL; if (arg->type != GRPC_ARG_POINTER) { gpr_log(GPR_ERROR, "Invalid type %d for arg %s", arg->type, @@ -424,9 +424,12 @@ static void jwt_destruct(grpc_call_credentials *creds) { gpr_mu_destroy(&c->cache_mu); } -static void jwt_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset, - const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { +static void jwt_get_request_metadata(grpc_exec_ctx *exec_ctx, + grpc_call_credentials *creds, + grpc_pollset *pollset, + grpc_auth_metadata_context context, + grpc_credentials_metadata_cb cb, + void *user_data) { grpc_service_account_jwt_access_credentials *c = (grpc_service_account_jwt_access_credentials *)creds; gpr_timespec refresh_threshold = gpr_time_from_seconds( @@ -437,7 +440,7 @@ static void jwt_get_request_metadata( { gpr_mu_lock(&c->cache_mu); if (c->cached.service_url != NULL && - strcmp(c->cached.service_url, service_url) == 0 && + strcmp(c->cached.service_url, context.service_url) == 0 && c->cached.jwt_md != NULL && (gpr_time_cmp(gpr_time_sub(c->cached.jwt_expiration, gpr_now(GPR_CLOCK_REALTIME)), @@ -452,14 +455,15 @@ static void jwt_get_request_metadata( /* Generate a new jwt. */ gpr_mu_lock(&c->cache_mu); jwt_reset_cache(c); - jwt = grpc_jwt_encode_and_sign(&c->key, service_url, c->jwt_lifetime, NULL); + jwt = grpc_jwt_encode_and_sign(&c->key, context.service_url, + c->jwt_lifetime, NULL); if (jwt != NULL) { char *md_value; gpr_asprintf(&md_value, "Bearer %s", jwt); gpr_free(jwt); c->cached.jwt_expiration = gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), c->jwt_lifetime); - c->cached.service_url = gpr_strdup(service_url); + c->cached.service_url = gpr_strdup(context.service_url); c->cached.jwt_md = grpc_credentials_md_store_create(1); grpc_credentials_md_store_add_cstrings( c->cached.jwt_md, GRPC_AUTHORIZATION_METADATA_KEY, md_value); @@ -644,7 +648,7 @@ static void on_oauth2_token_fetcher_http_response( static void oauth2_token_fetcher_get_request_metadata( grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, - grpc_pollset *pollset, const char *service_url, + grpc_pollset *pollset, grpc_auth_metadata_context context, grpc_credentials_metadata_cb cb, void *user_data) { grpc_oauth2_token_fetcher_credentials *c = (grpc_oauth2_token_fetcher_credentials *)creds; @@ -800,8 +804,9 @@ static void on_simulated_token_fetch_done(void *user_data) { } static void md_only_test_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset, - const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { + grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, + grpc_pollset *pollset, grpc_auth_metadata_context context, + grpc_credentials_metadata_cb cb, void *user_data) { grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds; if (c->is_async) { @@ -839,8 +844,9 @@ static void access_token_destruct(grpc_call_credentials *creds) { } static void access_token_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset, - const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { + grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, + grpc_pollset *pollset, grpc_auth_metadata_context context, + grpc_credentials_metadata_cb cb, void *user_data) { grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds; cb(exec_ctx, user_data, c->access_token_md->entries, 1, GRPC_CREDENTIALS_OK); } @@ -921,7 +927,7 @@ typedef struct { grpc_composite_call_credentials *composite_creds; size_t creds_index; grpc_credentials_md_store *md_elems; - char *service_url; + grpc_auth_metadata_context auth_md_context; void *user_data; grpc_pollset *pollset; grpc_credentials_metadata_cb cb; @@ -939,7 +945,6 @@ static void composite_call_destruct(grpc_call_credentials *creds) { static void composite_call_md_context_destroy( grpc_composite_call_credentials_metadata_context *ctx) { grpc_credentials_md_store_unref(ctx->md_elems); - if (ctx->service_url != NULL) gpr_free(ctx->service_url); gpr_free(ctx); } @@ -967,9 +972,9 @@ static void composite_call_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data, if (ctx->creds_index < ctx->composite_creds->inner.num_creds) { grpc_call_credentials *inner_creds = ctx->composite_creds->inner.creds_array[ctx->creds_index++]; - grpc_call_credentials_get_request_metadata(exec_ctx, inner_creds, - ctx->pollset, ctx->service_url, - composite_call_metadata_cb, ctx); + grpc_call_credentials_get_request_metadata( + exec_ctx, inner_creds, ctx->pollset, ctx->auth_md_context, + composite_call_metadata_cb, ctx); return; } @@ -980,22 +985,23 @@ static void composite_call_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data, } static void composite_call_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset, - const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { + grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, + grpc_pollset *pollset, grpc_auth_metadata_context auth_md_context, + grpc_credentials_metadata_cb cb, void *user_data) { grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds; grpc_composite_call_credentials_metadata_context *ctx; ctx = gpr_malloc(sizeof(grpc_composite_call_credentials_metadata_context)); memset(ctx, 0, sizeof(grpc_composite_call_credentials_metadata_context)); - ctx->service_url = gpr_strdup(service_url); + ctx->auth_md_context = auth_md_context; ctx->user_data = user_data; ctx->cb = cb; ctx->composite_creds = c; ctx->pollset = pollset; ctx->md_elems = grpc_credentials_md_store_create(c->inner.num_creds); grpc_call_credentials_get_request_metadata( - exec_ctx, c->inner.creds_array[ctx->creds_index++], pollset, service_url, - composite_call_metadata_cb, ctx); + exec_ctx, c->inner.creds_array[ctx->creds_index++], pollset, + auth_md_context, composite_call_metadata_cb, ctx); } static grpc_call_credentials_vtable composite_call_credentials_vtable = { @@ -1089,7 +1095,7 @@ static void iam_destruct(grpc_call_credentials *creds) { static void iam_get_request_metadata(grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset, - const char *service_url, + grpc_auth_metadata_context context, grpc_credentials_metadata_cb cb, void *user_data) { grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds; @@ -1098,7 +1104,7 @@ static void iam_get_request_metadata(grpc_exec_ctx *exec_ctx, } static grpc_call_credentials_vtable iam_vtable = {iam_destruct, - iam_get_request_metadata}; + iam_get_request_metadata}; grpc_call_credentials *grpc_google_iam_credentials_create( const char *token, const char *authority_selector, void *reserved) { @@ -1178,7 +1184,7 @@ static void plugin_md_request_metadata_ready(void *request, static void plugin_get_request_metadata(grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset, - const char *service_url, + grpc_auth_metadata_context context, grpc_credentials_metadata_cb cb, void *user_data) { grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds; @@ -1187,7 +1193,7 @@ static void plugin_get_request_metadata(grpc_exec_ctx *exec_ctx, memset(request, 0, sizeof(*request)); request->user_data = user_data; request->cb = cb; - c->plugin.get_metadata(c->plugin.state, service_url, + c->plugin.get_metadata(c->plugin.state, context, plugin_md_request_metadata_ready, request); } else { cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK); diff --git a/src/core/security/credentials.h b/src/core/security/credentials.h index 5189a6d816..79caee7f99 100644 --- a/src/core/security/credentials.h +++ b/src/core/security/credentials.h @@ -162,7 +162,7 @@ typedef struct { void (*destruct)(grpc_call_credentials *c); void (*get_request_metadata)(grpc_exec_ctx *exec_ctx, grpc_call_credentials *c, grpc_pollset *pollset, - const char *service_url, + grpc_auth_metadata_context context, grpc_credentials_metadata_cb cb, void *user_data); } grpc_call_credentials_vtable; @@ -178,7 +178,7 @@ void grpc_call_credentials_unref(grpc_call_credentials *creds); void grpc_call_credentials_get_request_metadata(grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset, - const char *service_url, + grpc_auth_metadata_context context, grpc_credentials_metadata_cb cb, void *user_data); |