diff options
Diffstat (limited to 'src/core/lib/security/credentials')
15 files changed, 242 insertions, 168 deletions
diff --git a/src/core/lib/security/credentials/composite/composite_credentials.c b/src/core/lib/security/credentials/composite/composite_credentials.c index d55d00b7b6..be1588dd8b 100644 --- a/src/core/lib/security/credentials/composite/composite_credentials.c +++ b/src/core/lib/security/credentials/composite/composite_credentials.c @@ -54,18 +54,20 @@ typedef struct { grpc_credentials_metadata_cb cb; } grpc_composite_call_credentials_metadata_context; -static void composite_call_destruct(grpc_call_credentials *creds) { +static void composite_call_destruct(grpc_exec_ctx *exec_ctx, + grpc_call_credentials *creds) { grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds; size_t i; for (i = 0; i < c->inner.num_creds; i++) { - grpc_call_credentials_unref(c->inner.creds_array[i]); + grpc_call_credentials_unref(exec_ctx, c->inner.creds_array[i]); } gpr_free(c->inner.creds_array); } static void composite_call_md_context_destroy( + grpc_exec_ctx *exec_ctx, grpc_composite_call_credentials_metadata_context *ctx) { - grpc_credentials_md_store_unref(ctx->md_elems); + grpc_credentials_md_store_unref(exec_ctx, ctx->md_elems); gpr_free(ctx); } @@ -103,7 +105,7 @@ static void composite_call_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data, /* We're done!. */ ctx->cb(exec_ctx, ctx->user_data, ctx->md_elems->entries, ctx->md_elems->num_entries, GRPC_CREDENTIALS_OK, NULL); - composite_call_md_context_destroy(ctx); + composite_call_md_context_destroy(exec_ctx, ctx); } static void composite_call_get_request_metadata( @@ -209,17 +211,19 @@ grpc_call_credentials *grpc_credentials_contains_type( /* -- Composite channel credentials. -- */ -static void composite_channel_destruct(grpc_channel_credentials *creds) { +static void composite_channel_destruct(grpc_exec_ctx *exec_ctx, + grpc_channel_credentials *creds) { grpc_composite_channel_credentials *c = (grpc_composite_channel_credentials *)creds; - grpc_channel_credentials_unref(c->inner_creds); - grpc_call_credentials_unref(c->call_creds); + grpc_channel_credentials_unref(exec_ctx, c->inner_creds); + grpc_call_credentials_unref(exec_ctx, c->call_creds); } static grpc_security_status composite_channel_create_security_connector( - grpc_channel_credentials *creds, grpc_call_credentials *call_creds, - const char *target, const grpc_channel_args *args, - grpc_channel_security_connector **sc, grpc_channel_args **new_args) { + grpc_exec_ctx *exec_ctx, grpc_channel_credentials *creds, + grpc_call_credentials *call_creds, const char *target, + const grpc_channel_args *args, grpc_channel_security_connector **sc, + grpc_channel_args **new_args) { grpc_composite_channel_credentials *c = (grpc_composite_channel_credentials *)creds; grpc_security_status status = GRPC_SECURITY_ERROR; @@ -233,11 +237,12 @@ static grpc_security_status composite_channel_create_security_connector( grpc_call_credentials *composite_call_creds = grpc_composite_call_credentials_create(c->call_creds, call_creds, NULL); status = c->inner_creds->vtable->create_security_connector( - c->inner_creds, composite_call_creds, target, args, sc, new_args); - grpc_call_credentials_unref(composite_call_creds); + exec_ctx, c->inner_creds, composite_call_creds, target, args, sc, + new_args); + grpc_call_credentials_unref(exec_ctx, composite_call_creds); } else { status = c->inner_creds->vtable->create_security_connector( - c->inner_creds, c->call_creds, target, args, sc, new_args); + exec_ctx, c->inner_creds, c->call_creds, target, args, sc, new_args); } return status; } diff --git a/src/core/lib/security/credentials/credentials.c b/src/core/lib/security/credentials/credentials.c index 1149e5c2ed..9781a22a86 100644 --- a/src/core/lib/security/credentials/credentials.c +++ b/src/core/lib/security/credentials/credentials.c @@ -66,8 +66,8 @@ grpc_credentials_metadata_request *grpc_credentials_metadata_request_create( } void grpc_credentials_metadata_request_destroy( - grpc_credentials_metadata_request *r) { - grpc_call_credentials_unref(r->creds); + grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *r) { + grpc_call_credentials_unref(exec_ctx, r->creds); grpc_http_response_destroy(&r->response); gpr_free(r); } @@ -79,17 +79,22 @@ grpc_channel_credentials *grpc_channel_credentials_ref( return creds; } -void grpc_channel_credentials_unref(grpc_channel_credentials *creds) { +void grpc_channel_credentials_unref(grpc_exec_ctx *exec_ctx, + grpc_channel_credentials *creds) { if (creds == NULL) return; if (gpr_unref(&creds->refcount)) { - if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds); + if (creds->vtable->destruct != NULL) { + creds->vtable->destruct(exec_ctx, creds); + } gpr_free(creds); } } void grpc_channel_credentials_release(grpc_channel_credentials *creds) { GRPC_API_TRACE("grpc_channel_credentials_release(creds=%p)", 1, (creds)); - grpc_channel_credentials_unref(creds); + grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; + grpc_channel_credentials_unref(&exec_ctx, creds); + grpc_exec_ctx_finish(&exec_ctx); } grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds) { @@ -98,17 +103,22 @@ grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds) { return creds; } -void grpc_call_credentials_unref(grpc_call_credentials *creds) { +void grpc_call_credentials_unref(grpc_exec_ctx *exec_ctx, + grpc_call_credentials *creds) { if (creds == NULL) return; if (gpr_unref(&creds->refcount)) { - if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds); + if (creds->vtable->destruct != NULL) { + creds->vtable->destruct(exec_ctx, creds); + } gpr_free(creds); } } void grpc_call_credentials_release(grpc_call_credentials *creds) { GRPC_API_TRACE("grpc_call_credentials_release(creds=%p)", 1, (creds)); - grpc_call_credentials_unref(creds); + grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; + grpc_call_credentials_unref(&exec_ctx, creds); + grpc_exec_ctx_finish(&exec_ctx); } void grpc_call_credentials_get_request_metadata( @@ -126,16 +136,16 @@ void grpc_call_credentials_get_request_metadata( } grpc_security_status grpc_channel_credentials_create_security_connector( - grpc_channel_credentials *channel_creds, const char *target, - const grpc_channel_args *args, grpc_channel_security_connector **sc, - grpc_channel_args **new_args) { + grpc_exec_ctx *exec_ctx, grpc_channel_credentials *channel_creds, + const char *target, const grpc_channel_args *args, + grpc_channel_security_connector **sc, grpc_channel_args **new_args) { *new_args = NULL; if (channel_creds == NULL) { return GRPC_SECURITY_ERROR; } GPR_ASSERT(channel_creds->vtable->create_security_connector != NULL); return channel_creds->vtable->create_security_connector( - channel_creds, NULL, target, args, sc, new_args); + exec_ctx, channel_creds, NULL, target, args, sc, new_args); } grpc_channel_credentials * @@ -157,10 +167,13 @@ grpc_server_credentials *grpc_server_credentials_ref( return creds; } -void grpc_server_credentials_unref(grpc_server_credentials *creds) { +void grpc_server_credentials_unref(grpc_exec_ctx *exec_ctx, + grpc_server_credentials *creds) { if (creds == NULL) return; if (gpr_unref(&creds->refcount)) { - if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds); + if (creds->vtable->destruct != NULL) { + creds->vtable->destruct(exec_ctx, creds); + } if (creds->processor.destroy != NULL && creds->processor.state != NULL) { creds->processor.destroy(creds->processor.state); } @@ -170,16 +183,19 @@ void grpc_server_credentials_unref(grpc_server_credentials *creds) { void grpc_server_credentials_release(grpc_server_credentials *creds) { GRPC_API_TRACE("grpc_server_credentials_release(creds=%p)", 1, (creds)); - grpc_server_credentials_unref(creds); + grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; + grpc_server_credentials_unref(&exec_ctx, creds); + grpc_exec_ctx_finish(&exec_ctx); } grpc_security_status grpc_server_credentials_create_security_connector( - grpc_server_credentials *creds, grpc_server_security_connector **sc) { + grpc_exec_ctx *exec_ctx, grpc_server_credentials *creds, + grpc_server_security_connector **sc) { if (creds == NULL || creds->vtable->create_security_connector == NULL) { gpr_log(GPR_ERROR, "Server credentials cannot create security context."); return GRPC_SECURITY_ERROR; } - return creds->vtable->create_security_connector(creds, sc); + return creds->vtable->create_security_connector(exec_ctx, creds, sc); } void grpc_server_credentials_set_auth_metadata_processor( @@ -196,8 +212,9 @@ void grpc_server_credentials_set_auth_metadata_processor( creds->processor = processor; } -static void server_credentials_pointer_arg_destroy(void *p) { - grpc_server_credentials_unref(p); +static void server_credentials_pointer_arg_destroy(grpc_exec_ctx *exec_ctx, + void *p) { + grpc_server_credentials_unref(exec_ctx, p); } static void *server_credentials_pointer_arg_copy(void *p) { diff --git a/src/core/lib/security/credentials/credentials.h b/src/core/lib/security/credentials/credentials.h index 85b3bc5350..3011df6b8a 100644 --- a/src/core/lib/security/credentials/credentials.h +++ b/src/core/lib/security/credentials/credentials.h @@ -101,12 +101,13 @@ void grpc_override_well_known_credentials_path_getter( /* --- grpc_channel_credentials. --- */ typedef struct { - void (*destruct)(grpc_channel_credentials *c); + void (*destruct)(grpc_exec_ctx *exec_ctx, grpc_channel_credentials *c); grpc_security_status (*create_security_connector)( - grpc_channel_credentials *c, grpc_call_credentials *call_creds, - const char *target, const grpc_channel_args *args, - grpc_channel_security_connector **sc, grpc_channel_args **new_args); + grpc_exec_ctx *exec_ctx, grpc_channel_credentials *c, + grpc_call_credentials *call_creds, const char *target, + const grpc_channel_args *args, grpc_channel_security_connector **sc, + grpc_channel_args **new_args); grpc_channel_credentials *(*duplicate_without_call_credentials)( grpc_channel_credentials *c); @@ -120,16 +121,17 @@ struct grpc_channel_credentials { grpc_channel_credentials *grpc_channel_credentials_ref( grpc_channel_credentials *creds); -void grpc_channel_credentials_unref(grpc_channel_credentials *creds); +void grpc_channel_credentials_unref(grpc_exec_ctx *exec_ctx, + grpc_channel_credentials *creds); /* Creates a security connector for the channel. May also create new channel args for the channel to be used in place of the passed in const args if returned non NULL. In that case the caller is responsible for destroying new_args after channel creation. */ grpc_security_status grpc_channel_credentials_create_security_connector( - grpc_channel_credentials *creds, const char *target, - const grpc_channel_args *args, grpc_channel_security_connector **sc, - grpc_channel_args **new_args); + grpc_exec_ctx *exec_ctx, grpc_channel_credentials *creds, + const char *target, const grpc_channel_args *args, + grpc_channel_security_connector **sc, grpc_channel_args **new_args); /* Creates a version of the channel credentials without any attached call credentials. This can be used in order to open a channel to a non-trusted @@ -162,7 +164,8 @@ void grpc_credentials_md_store_add_cstrings(grpc_credentials_md_store *store, const char *key, const char *value); grpc_credentials_md_store *grpc_credentials_md_store_ref( grpc_credentials_md_store *store); -void grpc_credentials_md_store_unref(grpc_credentials_md_store *store); +void grpc_credentials_md_store_unref(grpc_exec_ctx *exec_ctx, + grpc_credentials_md_store *store); /* --- grpc_call_credentials. --- */ @@ -172,7 +175,7 @@ typedef void (*grpc_credentials_metadata_cb)( size_t num_md, grpc_credentials_status status, const char *error_details); typedef struct { - void (*destruct)(grpc_call_credentials *c); + void (*destruct)(grpc_exec_ctx *exec_ctx, grpc_call_credentials *c); void (*get_request_metadata)(grpc_exec_ctx *exec_ctx, grpc_call_credentials *c, grpc_polling_entity *pollent, @@ -188,7 +191,8 @@ struct grpc_call_credentials { }; grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds); -void grpc_call_credentials_unref(grpc_call_credentials *creds); +void grpc_call_credentials_unref(grpc_exec_ctx *exec_ctx, + grpc_call_credentials *creds); void grpc_call_credentials_get_request_metadata( grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_polling_entity *pollent, grpc_auth_metadata_context context, @@ -202,9 +206,10 @@ grpc_call_credentials *grpc_md_only_test_credentials_create( /* --- grpc_server_credentials. --- */ typedef struct { - void (*destruct)(grpc_server_credentials *c); + void (*destruct)(grpc_exec_ctx *exec_ctx, grpc_server_credentials *c); grpc_security_status (*create_security_connector)( - grpc_server_credentials *c, grpc_server_security_connector **sc); + grpc_exec_ctx *exec_ctx, grpc_server_credentials *c, + grpc_server_security_connector **sc); } grpc_server_credentials_vtable; struct grpc_server_credentials { @@ -215,12 +220,14 @@ struct grpc_server_credentials { }; grpc_security_status grpc_server_credentials_create_security_connector( - grpc_server_credentials *creds, grpc_server_security_connector **sc); + grpc_exec_ctx *exec_ctx, grpc_server_credentials *creds, + grpc_server_security_connector **sc); grpc_server_credentials *grpc_server_credentials_ref( grpc_server_credentials *creds); -void grpc_server_credentials_unref(grpc_server_credentials *creds); +void grpc_server_credentials_unref(grpc_exec_ctx *exec_ctx, + grpc_server_credentials *creds); #define GRPC_SERVER_CREDENTIALS_ARG "grpc.server_credentials" @@ -243,6 +250,6 @@ grpc_credentials_metadata_request *grpc_credentials_metadata_request_create( void *user_data); void grpc_credentials_metadata_request_destroy( - grpc_credentials_metadata_request *r); + grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *r); #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_CREDENTIALS_H */ diff --git a/src/core/lib/security/credentials/credentials_metadata.c b/src/core/lib/security/credentials/credentials_metadata.c index e6cb567734..68da5fb4a8 100644 --- a/src/core/lib/security/credentials/credentials_metadata.c +++ b/src/core/lib/security/credentials/credentials_metadata.c @@ -37,6 +37,8 @@ #include <string.h> +#include "src/core/lib/slice/slice_internal.h" + static void store_ensure_capacity(grpc_credentials_md_store *store) { if (store->num_entries == store->allocated) { store->allocated = (store->allocated == 0) ? 1 : store->allocated * 2; @@ -62,8 +64,8 @@ void grpc_credentials_md_store_add(grpc_credentials_md_store *store, grpc_slice key, grpc_slice value) { if (store == NULL) return; store_ensure_capacity(store); - store->entries[store->num_entries].key = grpc_slice_ref(key); - store->entries[store->num_entries].value = grpc_slice_ref(value); + store->entries[store->num_entries].key = grpc_slice_ref_internal(key); + store->entries[store->num_entries].value = grpc_slice_ref_internal(value); store->num_entries++; } @@ -85,14 +87,15 @@ grpc_credentials_md_store *grpc_credentials_md_store_ref( return store; } -void grpc_credentials_md_store_unref(grpc_credentials_md_store *store) { +void grpc_credentials_md_store_unref(grpc_exec_ctx *exec_ctx, + grpc_credentials_md_store *store) { if (store == NULL) return; if (gpr_unref(&store->refcount)) { if (store->entries != NULL) { size_t i; for (i = 0; i < store->num_entries; i++) { - grpc_slice_unref(store->entries[i].key); - grpc_slice_unref(store->entries[i].value); + grpc_slice_unref_internal(exec_ctx, store->entries[i].key); + grpc_slice_unref_internal(exec_ctx, store->entries[i].value); } gpr_free(store->entries); } diff --git a/src/core/lib/security/credentials/fake/fake_credentials.c b/src/core/lib/security/credentials/fake/fake_credentials.c index ea4cb76fb9..f41184f9f9 100644 --- a/src/core/lib/security/credentials/fake/fake_credentials.c +++ b/src/core/lib/security/credentials/fake/fake_credentials.c @@ -45,16 +45,18 @@ /* -- Fake transport security credentials. -- */ static grpc_security_status fake_transport_security_create_security_connector( - grpc_channel_credentials *c, grpc_call_credentials *call_creds, - const char *target, const grpc_channel_args *args, - grpc_channel_security_connector **sc, grpc_channel_args **new_args) { + grpc_exec_ctx *exec_ctx, grpc_channel_credentials *c, + grpc_call_credentials *call_creds, const char *target, + const grpc_channel_args *args, grpc_channel_security_connector **sc, + grpc_channel_args **new_args) { *sc = grpc_fake_channel_security_connector_create(call_creds); return GRPC_SECURITY_OK; } static grpc_security_status fake_transport_security_server_create_security_connector( - grpc_server_credentials *c, grpc_server_security_connector **sc) { + grpc_exec_ctx *exec_ctx, grpc_server_credentials *c, + grpc_server_security_connector **sc) { *sc = grpc_fake_server_security_connector_create(); return GRPC_SECURITY_OK; } @@ -89,9 +91,10 @@ grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( /* -- Metadata-only test credentials. -- */ -static void md_only_test_destruct(grpc_call_credentials *creds) { +static void md_only_test_destruct(grpc_exec_ctx *exec_ctx, + grpc_call_credentials *creds) { grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds; - grpc_credentials_md_store_unref(c->md_store); + grpc_credentials_md_store_unref(exec_ctx, c->md_store); } static void on_simulated_token_fetch_done(grpc_exec_ctx *exec_ctx, @@ -101,7 +104,7 @@ static void on_simulated_token_fetch_done(grpc_exec_ctx *exec_ctx, grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)r->creds; r->cb(exec_ctx, r->user_data, c->md_store->entries, c->md_store->num_entries, GRPC_CREDENTIALS_OK, NULL); - grpc_credentials_metadata_request_destroy(r); + grpc_credentials_metadata_request_destroy(exec_ctx, r); } static void md_only_test_get_request_metadata( diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.c b/src/core/lib/security/credentials/google_default/google_default_credentials.c index afe0e3d357..4afeb4a3d2 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.c +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.c @@ -45,6 +45,7 @@ #include "src/core/lib/iomgr/polling_entity.h" #include "src/core/lib/security/credentials/jwt/jwt_credentials.h" #include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h" +#include "src/core/lib/slice/slice_internal.h" #include "src/core/lib/slice/slice_string_helpers.h" #include "src/core/lib/support/env.h" #include "src/core/lib/support/string.h" @@ -101,11 +102,10 @@ static void destroy_pollset(grpc_exec_ctx *exec_ctx, void *p, grpc_error *e) { grpc_pollset_destroy(p); } -static int is_stack_running_on_compute_engine(void) { +static int is_stack_running_on_compute_engine(grpc_exec_ctx *exec_ctx) { compute_engine_detector detector; grpc_httpcli_request request; grpc_httpcli_context context; - grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; grpc_closure destroy_closure; /* The http call is local. If it takes more than one sec, it is for sure not @@ -128,13 +128,13 @@ static int is_stack_running_on_compute_engine(void) { grpc_resource_quota *resource_quota = grpc_resource_quota_create("google_default_credentials"); grpc_httpcli_get( - &exec_ctx, &context, &detector.pollent, resource_quota, &request, + exec_ctx, &context, &detector.pollent, resource_quota, &request, gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), max_detection_delay), grpc_closure_create(on_compute_engine_detection_http_response, &detector), &detector.response); - grpc_resource_quota_internal_unref(&exec_ctx, resource_quota); + grpc_resource_quota_unref_internal(exec_ctx, resource_quota); - grpc_exec_ctx_flush(&exec_ctx); + grpc_exec_ctx_flush(exec_ctx); /* Block until we get the response. This is not ideal but this should only be called once for the lifetime of the process by the default credentials. */ @@ -143,7 +143,7 @@ static int is_stack_running_on_compute_engine(void) { grpc_pollset_worker *worker = NULL; if (!GRPC_LOG_IF_ERROR( "pollset_work", - grpc_pollset_work(&exec_ctx, + grpc_pollset_work(exec_ctx, grpc_polling_entity_pollset(&detector.pollent), &worker, gpr_now(GPR_CLOCK_MONOTONIC), gpr_inf_future(GPR_CLOCK_MONOTONIC)))) { @@ -156,11 +156,11 @@ static int is_stack_running_on_compute_engine(void) { grpc_httpcli_context_destroy(&context); grpc_closure_init(&destroy_closure, destroy_pollset, grpc_polling_entity_pollset(&detector.pollent)); - grpc_pollset_shutdown(&exec_ctx, + grpc_pollset_shutdown(exec_ctx, grpc_polling_entity_pollset(&detector.pollent), &destroy_closure); - grpc_exec_ctx_finish(&exec_ctx); g_polling_mu = NULL; + grpc_exec_ctx_flush(exec_ctx); gpr_free(grpc_polling_entity_pollset(&detector.pollent)); grpc_http_response_destroy(&detector.response); @@ -170,7 +170,7 @@ static int is_stack_running_on_compute_engine(void) { /* Takes ownership of creds_path if not NULL. */ static grpc_error *create_default_creds_from_path( - char *creds_path, grpc_call_credentials **creds) { + grpc_exec_ctx *exec_ctx, char *creds_path, grpc_call_credentials **creds) { grpc_json *json = NULL; grpc_auth_json_key key; grpc_auth_refresh_token token; @@ -200,7 +200,7 @@ static grpc_error *create_default_creds_from_path( if (grpc_auth_json_key_is_valid(&key)) { result = grpc_service_account_jwt_access_credentials_create_from_auth_json_key( - key, grpc_max_auth_token_lifetime()); + exec_ctx, key, grpc_max_auth_token_lifetime()); if (result == NULL) { error = GRPC_ERROR_CREATE( "grpc_service_account_jwt_access_credentials_create_from_auth_json_" @@ -225,7 +225,7 @@ static grpc_error *create_default_creds_from_path( end: GPR_ASSERT((result == NULL) + (error == GRPC_ERROR_NONE) == 1); if (creds_path != NULL) gpr_free(creds_path); - grpc_slice_unref(creds_data); + grpc_slice_unref_internal(exec_ctx, creds_data); if (json != NULL) grpc_json_destroy(json); *creds = result; return error; @@ -236,6 +236,7 @@ grpc_channel_credentials *grpc_google_default_credentials_create(void) { grpc_call_credentials *call_creds = NULL; grpc_error *error = GRPC_ERROR_CREATE("Failed to create Google credentials"); grpc_error *err; + grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; GRPC_API_TRACE("grpc_google_default_credentials_create(void)", 0, ()); @@ -250,20 +251,22 @@ grpc_channel_credentials *grpc_google_default_credentials_create(void) { /* First, try the environment variable. */ err = create_default_creds_from_path( - gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR), &call_creds); + &exec_ctx, gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR), &call_creds); if (err == GRPC_ERROR_NONE) goto end; error = grpc_error_add_child(error, err); /* Then the well-known file. */ err = create_default_creds_from_path( - grpc_get_well_known_google_credentials_file_path(), &call_creds); + &exec_ctx, grpc_get_well_known_google_credentials_file_path(), + &call_creds); if (err == GRPC_ERROR_NONE) goto end; error = grpc_error_add_child(error, err); /* At last try to see if we're on compute engine (do the detection only once since it requires a network test). */ if (!compute_engine_detection_done) { - int need_compute_engine_creds = is_stack_running_on_compute_engine(); + int need_compute_engine_creds = + is_stack_running_on_compute_engine(&exec_ctx); compute_engine_detection_done = 1; if (need_compute_engine_creds) { call_creds = grpc_google_compute_engine_credentials_create(NULL); @@ -286,8 +289,8 @@ end: grpc_composite_channel_credentials_create(ssl_creds, call_creds, NULL)); GPR_ASSERT(default_credentials != NULL); - grpc_channel_credentials_unref(ssl_creds); - grpc_call_credentials_unref(call_creds); + grpc_channel_credentials_unref(&exec_ctx, ssl_creds); + grpc_call_credentials_unref(&exec_ctx, call_creds); result = default_credentials; } else { gpr_log(GPR_ERROR, "Could not create google default credentials."); @@ -299,18 +302,21 @@ end: } else { GRPC_ERROR_UNREF(error); } + grpc_exec_ctx_finish(&exec_ctx); return result; } void grpc_flush_cached_google_default_credentials(void) { + grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; gpr_once_init(&g_once, init_default_credentials); gpr_mu_lock(&g_state_mu); if (default_credentials != NULL) { - grpc_channel_credentials_unref(default_credentials); + grpc_channel_credentials_unref(&exec_ctx, default_credentials); default_credentials = NULL; } compute_engine_detection_done = 0; gpr_mu_unlock(&g_state_mu); + grpc_exec_ctx_finish(&exec_ctx); } /* -- Well known credentials path. -- */ diff --git a/src/core/lib/security/credentials/iam/iam_credentials.c b/src/core/lib/security/credentials/iam/iam_credentials.c index 370a384d0e..abd69a9670 100644 --- a/src/core/lib/security/credentials/iam/iam_credentials.c +++ b/src/core/lib/security/credentials/iam/iam_credentials.c @@ -42,9 +42,10 @@ #include <grpc/support/string_util.h> #include <grpc/support/sync.h> -static void iam_destruct(grpc_call_credentials *creds) { +static void iam_destruct(grpc_exec_ctx *exec_ctx, + grpc_call_credentials *creds) { grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds; - grpc_credentials_md_store_unref(c->iam_md); + grpc_credentials_md_store_unref(exec_ctx, c->iam_md); } static void iam_get_request_metadata(grpc_exec_ctx *exec_ctx, diff --git a/src/core/lib/security/credentials/jwt/jwt_credentials.c b/src/core/lib/security/credentials/jwt/jwt_credentials.c index 3daf0f4ef7..616be64a54 100644 --- a/src/core/lib/security/credentials/jwt/jwt_credentials.c +++ b/src/core/lib/security/credentials/jwt/jwt_credentials.c @@ -42,9 +42,10 @@ #include <grpc/support/string_util.h> #include <grpc/support/sync.h> -static void jwt_reset_cache(grpc_service_account_jwt_access_credentials *c) { +static void jwt_reset_cache(grpc_exec_ctx *exec_ctx, + grpc_service_account_jwt_access_credentials *c) { if (c->cached.jwt_md != NULL) { - grpc_credentials_md_store_unref(c->cached.jwt_md); + grpc_credentials_md_store_unref(exec_ctx, c->cached.jwt_md); c->cached.jwt_md = NULL; } if (c->cached.service_url != NULL) { @@ -54,11 +55,12 @@ static void jwt_reset_cache(grpc_service_account_jwt_access_credentials *c) { c->cached.jwt_expiration = gpr_inf_past(GPR_CLOCK_REALTIME); } -static void jwt_destruct(grpc_call_credentials *creds) { +static void jwt_destruct(grpc_exec_ctx *exec_ctx, + grpc_call_credentials *creds) { grpc_service_account_jwt_access_credentials *c = (grpc_service_account_jwt_access_credentials *)creds; grpc_auth_json_key_destruct(&c->key); - jwt_reset_cache(c); + jwt_reset_cache(exec_ctx, c); gpr_mu_destroy(&c->cache_mu); } @@ -92,7 +94,7 @@ static void jwt_get_request_metadata(grpc_exec_ctx *exec_ctx, char *jwt = NULL; /* Generate a new jwt. */ gpr_mu_lock(&c->cache_mu); - jwt_reset_cache(c); + jwt_reset_cache(exec_ctx, c); jwt = grpc_jwt_encode_and_sign(&c->key, context.service_url, c->jwt_lifetime, NULL); if (jwt != NULL) { @@ -114,7 +116,7 @@ static void jwt_get_request_metadata(grpc_exec_ctx *exec_ctx, if (jwt_md != NULL) { cb(exec_ctx, user_data, jwt_md->entries, jwt_md->num_entries, GRPC_CREDENTIALS_OK, NULL); - grpc_credentials_md_store_unref(jwt_md); + grpc_credentials_md_store_unref(exec_ctx, jwt_md); } else { cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_ERROR, "Could not generate JWT."); @@ -126,7 +128,8 @@ static grpc_call_credentials_vtable jwt_vtable = {jwt_destruct, grpc_call_credentials * grpc_service_account_jwt_access_credentials_create_from_auth_json_key( - grpc_auth_json_key key, gpr_timespec token_lifetime) { + grpc_exec_ctx *exec_ctx, grpc_auth_json_key key, + gpr_timespec token_lifetime) { grpc_service_account_jwt_access_credentials *c; if (!grpc_auth_json_key_is_valid(&key)) { gpr_log(GPR_ERROR, "Invalid input for jwt credentials creation"); @@ -140,7 +143,7 @@ grpc_service_account_jwt_access_credentials_create_from_auth_json_key( c->key = key; c->jwt_lifetime = token_lifetime; gpr_mu_init(&c->cache_mu); - jwt_reset_cache(c); + jwt_reset_cache(exec_ctx, c); return &c->base; } @@ -183,6 +186,11 @@ grpc_call_credentials *grpc_service_account_jwt_access_credentials_create( gpr_free(clean_json); } GPR_ASSERT(reserved == NULL); - return grpc_service_account_jwt_access_credentials_create_from_auth_json_key( - grpc_auth_json_key_create_from_string(json_key), token_lifetime); + grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; + grpc_call_credentials *creds = + grpc_service_account_jwt_access_credentials_create_from_auth_json_key( + &exec_ctx, grpc_auth_json_key_create_from_string(json_key), + token_lifetime); + grpc_exec_ctx_finish(&exec_ctx); + return creds; } diff --git a/src/core/lib/security/credentials/jwt/jwt_credentials.h b/src/core/lib/security/credentials/jwt/jwt_credentials.h index d572606179..39b7aeafe8 100644 --- a/src/core/lib/security/credentials/jwt/jwt_credentials.h +++ b/src/core/lib/security/credentials/jwt/jwt_credentials.h @@ -57,6 +57,7 @@ typedef struct { // Takes ownership of the key. grpc_call_credentials * grpc_service_account_jwt_access_credentials_create_from_auth_json_key( - grpc_auth_json_key key, gpr_timespec token_lifetime); + grpc_exec_ctx *exec_ctx, grpc_auth_json_key key, + gpr_timespec token_lifetime); #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_CREDENTIALS_H */ diff --git a/src/core/lib/security/credentials/jwt/jwt_verifier.c b/src/core/lib/security/credentials/jwt/jwt_verifier.c index 42bd89dd0a..71febc248a 100644 --- a/src/core/lib/security/credentials/jwt/jwt_verifier.c +++ b/src/core/lib/security/credentials/jwt/jwt_verifier.c @@ -36,11 +36,6 @@ #include <limits.h> #include <string.h> -#include "src/core/lib/http/httpcli.h" -#include "src/core/lib/iomgr/polling_entity.h" -#include "src/core/lib/security/util/b64.h" -#include "src/core/lib/tsi/ssl_types.h" - #include <grpc/support/alloc.h> #include <grpc/support/log.h> #include <grpc/support/string_util.h> @@ -48,6 +43,12 @@ #include <grpc/support/useful.h> #include <openssl/pem.h> +#include "src/core/lib/http/httpcli.h" +#include "src/core/lib/iomgr/polling_entity.h" +#include "src/core/lib/security/util/b64.h" +#include "src/core/lib/slice/slice_internal.h" +#include "src/core/lib/tsi/ssl_types.h" + /* --- Utils. --- */ const char *grpc_jwt_verifier_status_to_string( @@ -84,11 +85,12 @@ static const EVP_MD *evp_md_from_alg(const char *alg) { } } -static grpc_json *parse_json_part_from_jwt(const char *str, size_t len, +static grpc_json *parse_json_part_from_jwt(grpc_exec_ctx *exec_ctx, + const char *str, size_t len, grpc_slice *buffer) { grpc_json *json; - *buffer = grpc_base64_decode_with_len(str, len, 1); + *buffer = grpc_base64_decode_with_len(exec_ctx, str, len, 1); if (GRPC_SLICE_IS_EMPTY(*buffer)) { gpr_log(GPR_ERROR, "Invalid base64."); return NULL; @@ -96,7 +98,7 @@ static grpc_json *parse_json_part_from_jwt(const char *str, size_t len, json = grpc_json_parse_string_with_len((char *)GRPC_SLICE_START_PTR(*buffer), GRPC_SLICE_LENGTH(*buffer)); if (json == NULL) { - grpc_slice_unref(*buffer); + grpc_slice_unref_internal(exec_ctx, *buffer); gpr_log(GPR_ERROR, "JSON parsing error."); } return json; @@ -132,13 +134,14 @@ typedef struct { grpc_slice buffer; } jose_header; -static void jose_header_destroy(jose_header *h) { - grpc_slice_unref(h->buffer); +static void jose_header_destroy(grpc_exec_ctx *exec_ctx, jose_header *h) { + grpc_slice_unref_internal(exec_ctx, h->buffer); gpr_free(h); } /* Takes ownership of json and buffer. */ -static jose_header *jose_header_from_json(grpc_json *json, grpc_slice buffer) { +static jose_header *jose_header_from_json(grpc_exec_ctx *exec_ctx, + grpc_json *json, grpc_slice buffer) { grpc_json *cur; jose_header *h = gpr_malloc(sizeof(jose_header)); memset(h, 0, sizeof(jose_header)); @@ -173,7 +176,7 @@ static jose_header *jose_header_from_json(grpc_json *json, grpc_slice buffer) { error: grpc_json_destroy(json); - jose_header_destroy(h); + jose_header_destroy(exec_ctx, h); return NULL; } @@ -193,9 +196,9 @@ struct grpc_jwt_claims { grpc_slice buffer; }; -void grpc_jwt_claims_destroy(grpc_jwt_claims *claims) { +void grpc_jwt_claims_destroy(grpc_exec_ctx *exec_ctx, grpc_jwt_claims *claims) { grpc_json_destroy(claims->json); - grpc_slice_unref(claims->buffer); + grpc_slice_unref_internal(exec_ctx, claims->buffer); gpr_free(claims); } @@ -240,7 +243,8 @@ gpr_timespec grpc_jwt_claims_not_before(const grpc_jwt_claims *claims) { } /* Takes ownership of json and buffer even in case of failure. */ -grpc_jwt_claims *grpc_jwt_claims_from_json(grpc_json *json, grpc_slice buffer) { +grpc_jwt_claims *grpc_jwt_claims_from_json(grpc_exec_ctx *exec_ctx, + grpc_json *json, grpc_slice buffer) { grpc_json *cur; grpc_jwt_claims *claims = gpr_malloc(sizeof(grpc_jwt_claims)); memset(claims, 0, sizeof(grpc_jwt_claims)); @@ -281,7 +285,7 @@ grpc_jwt_claims *grpc_jwt_claims_from_json(grpc_json *json, grpc_slice buffer) { return claims; error: - grpc_jwt_claims_destroy(claims); + grpc_jwt_claims_destroy(exec_ctx, claims); return NULL; } @@ -362,12 +366,12 @@ static verifier_cb_ctx *verifier_cb_ctx_create( return ctx; } -void verifier_cb_ctx_destroy(verifier_cb_ctx *ctx) { +void verifier_cb_ctx_destroy(grpc_exec_ctx *exec_ctx, verifier_cb_ctx *ctx) { if (ctx->audience != NULL) gpr_free(ctx->audience); - if (ctx->claims != NULL) grpc_jwt_claims_destroy(ctx->claims); - grpc_slice_unref(ctx->signature); - grpc_slice_unref(ctx->signed_data); - jose_header_destroy(ctx->header); + if (ctx->claims != NULL) grpc_jwt_claims_destroy(exec_ctx, ctx->claims); + grpc_slice_unref_internal(exec_ctx, ctx->signature); + grpc_slice_unref_internal(exec_ctx, ctx->signed_data); + jose_header_destroy(exec_ctx, ctx->header); for (size_t i = 0; i < HTTP_RESPONSE_COUNT; i++) { grpc_http_response_destroy(&ctx->responses[i]); } @@ -447,23 +451,24 @@ end: return result; } -static BIGNUM *bignum_from_base64(const char *b64) { +static BIGNUM *bignum_from_base64(grpc_exec_ctx *exec_ctx, const char *b64) { BIGNUM *result = NULL; grpc_slice bin; if (b64 == NULL) return NULL; - bin = grpc_base64_decode(b64, 1); + bin = grpc_base64_decode(exec_ctx, b64, 1); if (GRPC_SLICE_IS_EMPTY(bin)) { gpr_log(GPR_ERROR, "Invalid base64 for big num."); return NULL; } result = BN_bin2bn(GRPC_SLICE_START_PTR(bin), TSI_SIZE_AS_SIZE(GRPC_SLICE_LENGTH(bin)), NULL); - grpc_slice_unref(bin); + grpc_slice_unref_internal(exec_ctx, bin); return result; } -static EVP_PKEY *pkey_from_jwk(const grpc_json *json, const char *kty) { +static EVP_PKEY *pkey_from_jwk(grpc_exec_ctx *exec_ctx, const grpc_json *json, + const char *kty) { const grpc_json *key_prop; RSA *rsa = NULL; EVP_PKEY *result = NULL; @@ -480,10 +485,12 @@ static EVP_PKEY *pkey_from_jwk(const grpc_json *json, const char *kty) { } for (key_prop = json->child; key_prop != NULL; key_prop = key_prop->next) { if (strcmp(key_prop->key, "n") == 0) { - rsa->n = bignum_from_base64(validate_string_field(key_prop, "n")); + rsa->n = + bignum_from_base64(exec_ctx, validate_string_field(key_prop, "n")); if (rsa->n == NULL) goto end; } else if (strcmp(key_prop->key, "e") == 0) { - rsa->e = bignum_from_base64(validate_string_field(key_prop, "e")); + rsa->e = + bignum_from_base64(exec_ctx, validate_string_field(key_prop, "e")); if (rsa->e == NULL) goto end; } } @@ -499,7 +506,8 @@ end: return result; } -static EVP_PKEY *find_verification_key(const grpc_json *json, +static EVP_PKEY *find_verification_key(grpc_exec_ctx *exec_ctx, + const grpc_json *json, const char *header_alg, const char *header_kid) { const grpc_json *jkey; @@ -543,7 +551,7 @@ static EVP_PKEY *find_verification_key(const grpc_json *json, } if (alg != NULL && kid != NULL && kty != NULL && strcmp(kid, header_kid) == 0 && strcmp(alg, header_alg) == 0) { - return pkey_from_jwk(jkey, kty); + return pkey_from_jwk(exec_ctx, jkey, kty); } } gpr_log(GPR_ERROR, @@ -597,7 +605,7 @@ static void on_keys_retrieved(grpc_exec_ctx *exec_ctx, void *user_data, goto end; } verification_key = - find_verification_key(json, ctx->header->alg, ctx->header->kid); + find_verification_key(exec_ctx, json, ctx->header->alg, ctx->header->kid); if (verification_key == NULL) { gpr_log(GPR_ERROR, "Could not find verification key with kid %s.", ctx->header->kid); @@ -621,8 +629,8 @@ static void on_keys_retrieved(grpc_exec_ctx *exec_ctx, void *user_data, end: if (json != NULL) grpc_json_destroy(json); if (verification_key != NULL) EVP_PKEY_free(verification_key); - ctx->user_cb(ctx->user_data, status, claims); - verifier_cb_ctx_destroy(ctx); + ctx->user_cb(exec_ctx, ctx->user_data, status, claims); + verifier_cb_ctx_destroy(exec_ctx, ctx); } static void on_openid_config_retrieved(grpc_exec_ctx *exec_ctx, void *user_data, @@ -667,15 +675,16 @@ static void on_openid_config_retrieved(grpc_exec_ctx *exec_ctx, void *user_data, gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), grpc_jwt_verifier_max_delay), grpc_closure_create(on_keys_retrieved, ctx), &ctx->responses[HTTP_RESPONSE_KEYS]); - grpc_resource_quota_internal_unref(exec_ctx, resource_quota); + grpc_resource_quota_unref_internal(exec_ctx, resource_quota); grpc_json_destroy(json); gpr_free(req.host); return; error: if (json != NULL) grpc_json_destroy(json); - ctx->user_cb(ctx->user_data, GRPC_JWT_VERIFIER_KEY_RETRIEVAL_ERROR, NULL); - verifier_cb_ctx_destroy(ctx); + ctx->user_cb(exec_ctx, ctx->user_data, GRPC_JWT_VERIFIER_KEY_RETRIEVAL_ERROR, + NULL); + verifier_cb_ctx_destroy(exec_ctx, ctx); } static email_key_mapping *verifier_get_mapping(grpc_jwt_verifier *v, @@ -779,14 +788,15 @@ static void retrieve_key_and_verify(grpc_exec_ctx *exec_ctx, exec_ctx, &ctx->verifier->http_ctx, &ctx->pollent, resource_quota, &req, gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), grpc_jwt_verifier_max_delay), http_cb, &ctx->responses[rsp_idx]); - grpc_resource_quota_internal_unref(exec_ctx, resource_quota); + grpc_resource_quota_unref_internal(exec_ctx, resource_quota); gpr_free(req.host); gpr_free(req.http.path); return; error: - ctx->user_cb(ctx->user_data, GRPC_JWT_VERIFIER_KEY_RETRIEVAL_ERROR, NULL); - verifier_cb_ctx_destroy(ctx); + ctx->user_cb(exec_ctx, ctx->user_data, GRPC_JWT_VERIFIER_KEY_RETRIEVAL_ERROR, + NULL); + verifier_cb_ctx_destroy(exec_ctx, ctx); } void grpc_jwt_verifier_verify(grpc_exec_ctx *exec_ctx, @@ -808,22 +818,24 @@ void grpc_jwt_verifier_verify(grpc_exec_ctx *exec_ctx, GPR_ASSERT(verifier != NULL && jwt != NULL && audience != NULL && cb != NULL); dot = strchr(cur, '.'); if (dot == NULL) goto error; - json = parse_json_part_from_jwt(cur, (size_t)(dot - cur), &header_buffer); + json = parse_json_part_from_jwt(exec_ctx, cur, (size_t)(dot - cur), + &header_buffer); if (json == NULL) goto error; - header = jose_header_from_json(json, header_buffer); + header = jose_header_from_json(exec_ctx, json, header_buffer); if (header == NULL) goto error; cur = dot + 1; dot = strchr(cur, '.'); if (dot == NULL) goto error; - json = parse_json_part_from_jwt(cur, (size_t)(dot - cur), &claims_buffer); + json = parse_json_part_from_jwt(exec_ctx, cur, (size_t)(dot - cur), + &claims_buffer); if (json == NULL) goto error; - claims = grpc_jwt_claims_from_json(json, claims_buffer); + claims = grpc_jwt_claims_from_json(exec_ctx, json, claims_buffer); if (claims == NULL) goto error; signed_jwt_len = (size_t)(dot - jwt); cur = dot + 1; - signature = grpc_base64_decode(cur, 1); + signature = grpc_base64_decode(exec_ctx, cur, 1); if (GRPC_SLICE_IS_EMPTY(signature)) goto error; retrieve_key_and_verify( exec_ctx, @@ -832,9 +844,9 @@ void grpc_jwt_verifier_verify(grpc_exec_ctx *exec_ctx, return; error: - if (header != NULL) jose_header_destroy(header); - if (claims != NULL) grpc_jwt_claims_destroy(claims); - cb(user_data, GRPC_JWT_VERIFIER_BAD_FORMAT, NULL); + if (header != NULL) jose_header_destroy(exec_ctx, header); + if (claims != NULL) grpc_jwt_claims_destroy(exec_ctx, claims); + cb(exec_ctx, user_data, GRPC_JWT_VERIFIER_BAD_FORMAT, NULL); } grpc_jwt_verifier *grpc_jwt_verifier_create( diff --git a/src/core/lib/security/credentials/jwt/jwt_verifier.h b/src/core/lib/security/credentials/jwt/jwt_verifier.h index f09f9d5d47..b79f411903 100644 --- a/src/core/lib/security/credentials/jwt/jwt_verifier.h +++ b/src/core/lib/security/credentials/jwt/jwt_verifier.h @@ -66,7 +66,7 @@ const char *grpc_jwt_verifier_status_to_string(grpc_jwt_verifier_status status); typedef struct grpc_jwt_claims grpc_jwt_claims; -void grpc_jwt_claims_destroy(grpc_jwt_claims *claims); +void grpc_jwt_claims_destroy(grpc_exec_ctx *exec_ctx, grpc_jwt_claims *claims); /* Returns the whole JSON tree of the claims. */ const grpc_json *grpc_jwt_claims_json(const grpc_jwt_claims *claims); @@ -115,7 +115,8 @@ void grpc_jwt_verifier_destroy(grpc_jwt_verifier *verifier); is done (maybe in another thread). It is the responsibility of the callee to call grpc_jwt_claims_destroy on the claims. */ -typedef void (*grpc_jwt_verification_done_cb)(void *user_data, +typedef void (*grpc_jwt_verification_done_cb)(grpc_exec_ctx *exec_ctx, + void *user_data, grpc_jwt_verifier_status status, grpc_jwt_claims *claims); @@ -129,7 +130,8 @@ void grpc_jwt_verifier_verify(grpc_exec_ctx *exec_ctx, /* --- TESTING ONLY exposed functions. --- */ -grpc_jwt_claims *grpc_jwt_claims_from_json(grpc_json *json, grpc_slice buffer); +grpc_jwt_claims *grpc_jwt_claims_from_json(grpc_exec_ctx *exec_ctx, + grpc_json *json, grpc_slice buffer); grpc_jwt_verifier_status grpc_jwt_claims_check(const grpc_jwt_claims *claims, const char *audience); diff --git a/src/core/lib/security/credentials/oauth2/oauth2_credentials.c b/src/core/lib/security/credentials/oauth2/oauth2_credentials.c index b3625b22c0..cbcd74958c 100644 --- a/src/core/lib/security/credentials/oauth2/oauth2_credentials.c +++ b/src/core/lib/security/credentials/oauth2/oauth2_credentials.c @@ -118,18 +118,19 @@ void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token) { // Oauth2 Token Fetcher credentials. // -static void oauth2_token_fetcher_destruct(grpc_call_credentials *creds) { +static void oauth2_token_fetcher_destruct(grpc_exec_ctx *exec_ctx, + grpc_call_credentials *creds) { grpc_oauth2_token_fetcher_credentials *c = (grpc_oauth2_token_fetcher_credentials *)creds; - grpc_credentials_md_store_unref(c->access_token_md); + grpc_credentials_md_store_unref(exec_ctx, c->access_token_md); gpr_mu_destroy(&c->mu); grpc_httpcli_context_destroy(&c->httpcli_context); } grpc_credentials_status grpc_oauth2_token_fetcher_credentials_parse_server_response( - const grpc_http_response *response, grpc_credentials_md_store **token_md, - gpr_timespec *token_lifetime) { + grpc_exec_ctx *exec_ctx, const grpc_http_response *response, + grpc_credentials_md_store **token_md, gpr_timespec *token_lifetime) { char *null_terminated_body = NULL; char *new_access_token = NULL; grpc_credentials_status status = GRPC_CREDENTIALS_OK; @@ -198,7 +199,7 @@ grpc_oauth2_token_fetcher_credentials_parse_server_response( token_lifetime->tv_sec = strtol(expires_in->value, NULL, 10); token_lifetime->tv_nsec = 0; token_lifetime->clock_type = GPR_TIMESPAN; - if (*token_md != NULL) grpc_credentials_md_store_unref(*token_md); + if (*token_md != NULL) grpc_credentials_md_store_unref(exec_ctx, *token_md); *token_md = grpc_credentials_md_store_create(1); grpc_credentials_md_store_add_cstrings( *token_md, GRPC_AUTHORIZATION_METADATA_KEY, new_access_token); @@ -207,7 +208,7 @@ grpc_oauth2_token_fetcher_credentials_parse_server_response( end: if (status != GRPC_CREDENTIALS_OK && (*token_md != NULL)) { - grpc_credentials_md_store_unref(*token_md); + grpc_credentials_md_store_unref(exec_ctx, *token_md); *token_md = NULL; } if (null_terminated_body != NULL) gpr_free(null_terminated_body); @@ -230,7 +231,7 @@ static void on_oauth2_token_fetcher_http_response(grpc_exec_ctx *exec_ctx, gpr_mu_lock(&c->mu); status = grpc_oauth2_token_fetcher_credentials_parse_server_response( - &r->response, &c->access_token_md, &token_lifetime); + exec_ctx, &r->response, &c->access_token_md, &token_lifetime); if (status == GRPC_CREDENTIALS_OK) { c->token_expiration = gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), token_lifetime); @@ -242,7 +243,7 @@ static void on_oauth2_token_fetcher_http_response(grpc_exec_ctx *exec_ctx, "Error occured when fetching oauth2 token."); } gpr_mu_unlock(&c->mu); - grpc_credentials_metadata_request_destroy(r); + grpc_credentials_metadata_request_destroy(exec_ctx, r); } static void oauth2_token_fetcher_get_request_metadata( @@ -268,7 +269,7 @@ static void oauth2_token_fetcher_get_request_metadata( if (cached_access_token_md != NULL) { cb(exec_ctx, user_data, cached_access_token_md->entries, cached_access_token_md->num_entries, GRPC_CREDENTIALS_OK, NULL); - grpc_credentials_md_store_unref(cached_access_token_md); + grpc_credentials_md_store_unref(exec_ctx, cached_access_token_md); } else { c->fetch_func( exec_ctx, @@ -315,7 +316,7 @@ static void compute_engine_fetch_oauth2( grpc_httpcli_get(exec_ctx, httpcli_context, pollent, resource_quota, &request, deadline, grpc_closure_create(response_cb, metadata_req), &metadata_req->response); - grpc_resource_quota_internal_unref(exec_ctx, resource_quota); + grpc_resource_quota_unref_internal(exec_ctx, resource_quota); } grpc_call_credentials *grpc_google_compute_engine_credentials_create( @@ -334,11 +335,12 @@ grpc_call_credentials *grpc_google_compute_engine_credentials_create( // Google Refresh Token credentials. // -static void refresh_token_destruct(grpc_call_credentials *creds) { +static void refresh_token_destruct(grpc_exec_ctx *exec_ctx, + grpc_call_credentials *creds) { grpc_google_refresh_token_credentials *c = (grpc_google_refresh_token_credentials *)creds; grpc_auth_refresh_token_destruct(&c->refresh_token); - oauth2_token_fetcher_destruct(&c->base.base); + oauth2_token_fetcher_destruct(exec_ctx, &c->base.base); } static grpc_call_credentials_vtable refresh_token_vtable = { @@ -372,7 +374,7 @@ static void refresh_token_fetch_oauth2( &request, body, strlen(body), deadline, grpc_closure_create(response_cb, metadata_req), &metadata_req->response); - grpc_resource_quota_internal_unref(exec_ctx, resource_quota); + grpc_resource_quota_unref_internal(exec_ctx, resource_quota); gpr_free(body); } @@ -424,9 +426,10 @@ grpc_call_credentials *grpc_google_refresh_token_credentials_create( // Oauth2 Access Token credentials. // -static void access_token_destruct(grpc_call_credentials *creds) { +static void access_token_destruct(grpc_exec_ctx *exec_ctx, + grpc_call_credentials *creds) { grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds; - grpc_credentials_md_store_unref(c->access_token_md); + grpc_credentials_md_store_unref(exec_ctx, c->access_token_md); } static void access_token_get_request_metadata( diff --git a/src/core/lib/security/credentials/oauth2/oauth2_credentials.h b/src/core/lib/security/credentials/oauth2/oauth2_credentials.h index 7f6f205c22..2d7c02ccf5 100644 --- a/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +++ b/src/core/lib/security/credentials/oauth2/oauth2_credentials.h @@ -103,7 +103,7 @@ grpc_refresh_token_credentials_create_from_auth_refresh_token( // Exposed for testing only. grpc_credentials_status grpc_oauth2_token_fetcher_credentials_parse_server_response( - const struct grpc_http_response *response, + grpc_exec_ctx *exec_ctx, const struct grpc_http_response *response, grpc_credentials_md_store **token_md, gpr_timespec *token_lifetime); #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_OAUTH2_OAUTH2_CREDENTIALS_H */ diff --git a/src/core/lib/security/credentials/plugin/plugin_credentials.c b/src/core/lib/security/credentials/plugin/plugin_credentials.c index 5d950098a0..f90d7dce83 100644 --- a/src/core/lib/security/credentials/plugin/plugin_credentials.c +++ b/src/core/lib/security/credentials/plugin/plugin_credentials.c @@ -35,20 +35,22 @@ #include <string.h> -#include "src/core/lib/surface/api_trace.h" - #include <grpc/grpc.h> #include <grpc/support/alloc.h> #include <grpc/support/log.h> #include <grpc/support/string_util.h> #include <grpc/support/sync.h> +#include "src/core/lib/slice/slice_internal.h" +#include "src/core/lib/surface/api_trace.h" + typedef struct { void *user_data; grpc_credentials_metadata_cb cb; } grpc_metadata_plugin_request; -static void plugin_destruct(grpc_call_credentials *creds) { +static void plugin_destruct(grpc_exec_ctx *exec_ctx, + grpc_call_credentials *creds) { grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds; if (c->plugin.state != NULL && c->plugin.destroy != NULL) { c->plugin.destroy(c->plugin.state); @@ -100,8 +102,8 @@ static void plugin_md_request_metadata_ready(void *request, r->cb(&exec_ctx, r->user_data, md_array, num_md, GRPC_CREDENTIALS_OK, NULL); for (i = 0; i < num_md; i++) { - grpc_slice_unref(md_array[i].key); - grpc_slice_unref(md_array[i].value); + grpc_slice_unref_internal(&exec_ctx, md_array[i].key); + grpc_slice_unref_internal(&exec_ctx, md_array[i].value); } gpr_free(md_array); } else if (num_md == 0) { diff --git a/src/core/lib/security/credentials/ssl/ssl_credentials.c b/src/core/lib/security/credentials/ssl/ssl_credentials.c index 0dc1fccec4..4eebb7d613 100644 --- a/src/core/lib/security/credentials/ssl/ssl_credentials.c +++ b/src/core/lib/security/credentials/ssl/ssl_credentials.c @@ -57,7 +57,8 @@ static void ssl_copy_key_material(const char *input, unsigned char **output, // SSL Channel Credentials. // -static void ssl_destruct(grpc_channel_credentials *creds) { +static void ssl_destruct(grpc_exec_ctx *exec_ctx, + grpc_channel_credentials *creds) { grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds; if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs); if (c->config.pem_private_key != NULL) gpr_free(c->config.pem_private_key); @@ -65,9 +66,10 @@ static void ssl_destruct(grpc_channel_credentials *creds) { } static grpc_security_status ssl_create_security_connector( - grpc_channel_credentials *creds, grpc_call_credentials *call_creds, - const char *target, const grpc_channel_args *args, - grpc_channel_security_connector **sc, grpc_channel_args **new_args) { + grpc_exec_ctx *exec_ctx, grpc_channel_credentials *creds, + grpc_call_credentials *call_creds, const char *target, + const grpc_channel_args *args, grpc_channel_security_connector **sc, + grpc_channel_args **new_args) { grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds; grpc_security_status status = GRPC_SECURITY_OK; size_t i = 0; @@ -83,7 +85,7 @@ static grpc_security_status ssl_create_security_connector( } } status = grpc_ssl_channel_security_connector_create( - call_creds, &c->config, target, overridden_target_name, sc); + exec_ctx, call_creds, &c->config, target, overridden_target_name, sc); if (status != GRPC_SECURITY_OK) { return status; } @@ -138,7 +140,8 @@ grpc_channel_credentials *grpc_ssl_credentials_create( // SSL Server Credentials. // -static void ssl_server_destruct(grpc_server_credentials *creds) { +static void ssl_server_destruct(grpc_exec_ctx *exec_ctx, + grpc_server_credentials *creds) { grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds; size_t i; for (i = 0; i < c->config.num_key_cert_pairs; i++) { @@ -161,9 +164,10 @@ static void ssl_server_destruct(grpc_server_credentials *creds) { } static grpc_security_status ssl_server_create_security_connector( - grpc_server_credentials *creds, grpc_server_security_connector **sc) { + grpc_exec_ctx *exec_ctx, grpc_server_credentials *creds, + grpc_server_security_connector **sc) { grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds; - return grpc_ssl_server_security_connector_create(&c->config, sc); + return grpc_ssl_server_security_connector_create(exec_ctx, &c->config, sc); } static grpc_server_credentials_vtable ssl_server_vtable = { |