aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/core/security
diff options
context:
space:
mode:
Diffstat (limited to 'src/core/security')
-rw-r--r--src/core/security/auth.c130
-rw-r--r--src/core/security/secure_transport_setup.c3
-rw-r--r--src/core/security/security_context.c177
-rw-r--r--src/core/security/security_context.h38
4 files changed, 261 insertions, 87 deletions
diff --git a/src/core/security/auth.c b/src/core/security/auth.c
index 9d0c075bc3..18c32f90f4 100644
--- a/src/core/security/auth.c
+++ b/src/core/security/auth.c
@@ -35,22 +35,49 @@
#include <string.h>
-#include "src/core/security/security_context.h"
-#include "src/core/security/credentials.h"
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
+#include "src/core/support/string.h"
+#include "src/core/channel/channel_stack.h"
+#include "src/core/security/security_context.h"
+#include "src/core/security/credentials.h"
+#include "src/core/surface/call.h"
+
/* We can have a per-call credentials. */
typedef struct {
grpc_credentials *creds;
+ grpc_mdstr *host;
grpc_call_op op;
} call_data;
/* We can have a per-channel credentials. */
typedef struct {
grpc_channel_security_context *security_context;
+ grpc_mdctx *md_ctx;
+ grpc_mdstr *authority_string;
+ grpc_mdstr *error_msg_key;
} channel_data;
+static void do_nothing(void *ignored, grpc_op_error error) {}
+
+static void bubbleup_error(grpc_call_element *elem, const char *error_msg) {
+ grpc_call_op finish_op;
+ channel_data *channeld = elem->channel_data;
+
+ gpr_log(GPR_ERROR, "%s", error_msg);
+ finish_op.type = GRPC_RECV_METADATA;
+ finish_op.dir = GRPC_CALL_UP;
+ finish_op.flags = 0;
+ finish_op.data.metadata = grpc_mdelem_from_metadata_strings(
+ channeld->md_ctx, channeld->error_msg_key,
+ grpc_mdstr_from_string(channeld->md_ctx, error_msg));
+ finish_op.done_cb = do_nothing;
+ finish_op.user_data = NULL;
+ grpc_call_next_op(elem, &finish_op);
+ grpc_call_element_send_cancel(elem);
+}
+
static void on_credentials_metadata(void *user_data, grpc_mdelem **md_elems,
size_t num_md,
grpc_credentials_status status) {
@@ -62,6 +89,46 @@ static void on_credentials_metadata(void *user_data, grpc_mdelem **md_elems,
grpc_call_next_op(elem, &((call_data *)elem->call_data)->op);
}
+static void send_security_metadata(grpc_call_element *elem, grpc_call_op *op) {
+ /* grab pointers to our data from the call element */
+ call_data *calld = elem->call_data;
+ channel_data *channeld = elem->channel_data;
+
+ grpc_credentials *channel_creds =
+ channeld->security_context->request_metadata_creds;
+ /* TODO(jboeuf):
+ Decide on the policy in this case:
+ - populate both channel and call?
+ - the call takes precedence over the channel?
+ - leave this decision up to the channel credentials? */
+ if (calld->creds != NULL) {
+ gpr_log(GPR_ERROR, "Ignoring per call credentials for now.");
+ }
+ if (channel_creds != NULL &&
+ grpc_credentials_has_request_metadata(channel_creds)) {
+ calld->op = *op; /* Copy op (originates from the caller's stack). */
+ grpc_credentials_get_request_metadata(channel_creds,
+ on_credentials_metadata, elem);
+ } else {
+ grpc_call_next_op(elem, op);
+ }
+}
+
+static void on_host_checked(void *user_data, grpc_security_status status) {
+ grpc_call_element *elem = (grpc_call_element *)user_data;
+ call_data *calld = elem->call_data;
+
+ if (status == GRPC_SECURITY_OK) {
+ send_security_metadata(elem, &calld->op);
+ } else {
+ char *error_msg;
+ gpr_asprintf(&error_msg, "Invalid host %s set in :authority metadata.",
+ grpc_mdstr_as_c_string(calld->host));
+ bubbleup_error(elem, error_msg);
+ gpr_free(error_msg);
+ }
+}
+
/* Called either:
- in response to an API call (or similar) from above, to send something
- a network event (or similar) from below, to receive something
@@ -74,26 +141,36 @@ static void call_op(grpc_call_element *elem, grpc_call_element *from_elem,
channel_data *channeld = elem->channel_data;
switch (op->type) {
- case GRPC_SEND_START: {
- grpc_credentials *channel_creds =
- channeld->security_context->request_metadata_creds;
- /* TODO(jboeuf):
- Decide on the policy in this case:
- - populate both channel and call?
- - the call takes precedence over the channel?
- - leave this decision up to the channel credentials? */
- if (calld->creds != NULL) {
- gpr_log(GPR_ERROR, "Ignoring per call credentials for now.");
+ case GRPC_SEND_METADATA:
+ /* Pointer comparison is OK for md_elems created from the same context. */
+ if (op->data.metadata->key == channeld->authority_string) {
+ if (calld->host != NULL) grpc_mdstr_unref(calld->host);
+ calld->host = grpc_mdstr_ref(op->data.metadata->value);
}
- if (channel_creds != NULL &&
- grpc_credentials_has_request_metadata(channel_creds)) {
+ grpc_call_next_op(elem, op);
+ break;
+
+ case GRPC_SEND_START:
+ if (calld->host != NULL) {
+ grpc_security_status status;
+ const char *call_host = grpc_mdstr_as_c_string(calld->host);
calld->op = *op; /* Copy op (originates from the caller's stack). */
- grpc_credentials_get_request_metadata(channel_creds,
- on_credentials_metadata, elem);
- break;
+ status = grpc_channel_security_context_check_call_host(
+ channeld->security_context, call_host, on_host_checked, elem);
+ if (status != GRPC_SECURITY_OK) {
+ if (status == GRPC_SECURITY_ERROR) {
+ char *error_msg;
+ gpr_asprintf(&error_msg,
+ "Invalid host %s set in :authority metadata.",
+ call_host);
+ bubbleup_error(elem, error_msg);
+ gpr_free(error_msg);
+ }
+ break;
+ }
}
- /* FALLTHROUGH INTENDED. */
- }
+ send_security_metadata(elem, op);
+ break;
default:
/* pass control up or down the stack depending on op->dir */
@@ -116,6 +193,7 @@ static void init_call_elem(grpc_call_element *elem,
Find a way to pass-in the credentials from the caller here. */
call_data *calld = elem->call_data;
calld->creds = NULL;
+ calld->host = NULL;
}
/* Destructor for call_data */
@@ -124,6 +202,9 @@ static void destroy_call_elem(grpc_call_element *elem) {
if (calld->creds != NULL) {
grpc_credentials_unref(calld->creds);
}
+ if (calld->host != NULL) {
+ grpc_mdstr_unref(calld->host);
+ }
}
/* Constructor for channel_data */
@@ -146,6 +227,11 @@ static void init_channel_elem(grpc_channel_element *elem,
GPR_ASSERT(ctx->is_client_side);
channeld->security_context =
(grpc_channel_security_context *)grpc_security_context_ref(ctx);
+ channeld->md_ctx = metadata_context;
+ channeld->authority_string =
+ grpc_mdstr_from_string(channeld->md_ctx, ":authority");
+ channeld->error_msg_key =
+ grpc_mdstr_from_string(channeld->md_ctx, "grpc-message");
}
/* Destructor for channel data */
@@ -154,6 +240,12 @@ static void destroy_channel_elem(grpc_channel_element *elem) {
channel_data *channeld = elem->channel_data;
grpc_channel_security_context *ctx = channeld->security_context;
if (ctx != NULL) grpc_security_context_unref(&ctx->base);
+ if (channeld->authority_string != NULL) {
+ grpc_mdstr_unref(channeld->authority_string);
+ }
+ if (channeld->error_msg_key != NULL) {
+ grpc_mdstr_unref(channeld->error_msg_key);
+ }
}
const grpc_channel_filter grpc_client_auth_filter = {
diff --git a/src/core/security/secure_transport_setup.c b/src/core/security/secure_transport_setup.c
index 50a6987fbf..59789a7e4d 100644
--- a/src/core/security/secure_transport_setup.c
+++ b/src/core/security/secure_transport_setup.c
@@ -113,8 +113,7 @@ static void check_peer(grpc_secure_transport_setup *s) {
return;
}
peer_status =
- grpc_security_context_check_peer(s->ctx, &peer, on_peer_checked, s);
- tsi_peer_destruct(&peer);
+ grpc_security_context_check_peer(s->ctx, peer, on_peer_checked, s);
if (peer_status == GRPC_SECURITY_ERROR) {
gpr_log(GPR_ERROR, "Peer check failed.");
secure_transport_setup_done(s, 0);
diff --git a/src/core/security/security_context.c b/src/core/security/security_context.c
index 1edec29775..adb0269792 100644
--- a/src/core/security/security_context.c
+++ b/src/core/security/security_context.c
@@ -69,12 +69,22 @@ grpc_security_status grpc_security_context_create_handshaker(
}
grpc_security_status grpc_security_context_check_peer(
- grpc_security_context *ctx, const tsi_peer *peer,
- grpc_security_check_peer_cb cb, void *user_data) {
- if (ctx == NULL) return GRPC_SECURITY_ERROR;
+ grpc_security_context *ctx, tsi_peer peer, grpc_security_check_cb cb,
+ void *user_data) {
+ if (ctx == NULL) {
+ tsi_peer_destruct(&peer);
+ return GRPC_SECURITY_ERROR;
+ }
return ctx->vtable->check_peer(ctx, peer, cb, user_data);
}
+grpc_security_status grpc_channel_security_context_check_call_host(
+ grpc_channel_security_context *ctx, const char *host,
+ grpc_security_check_cb cb, void *user_data) {
+ if (ctx == NULL || ctx->check_call_host == NULL) return GRPC_SECURITY_ERROR;
+ return ctx->check_call_host(ctx, host, cb, user_data);
+}
+
void grpc_security_context_unref(grpc_security_context *ctx) {
if (ctx == NULL) return;
if (gpr_unref(&ctx->refcount)) ctx->vtable->destroy(ctx);
@@ -137,6 +147,11 @@ static int check_request_metadata_creds(grpc_credentials *creds) {
/* -- Fake implementation. -- */
+typedef struct {
+ grpc_channel_security_context base;
+ int call_host_check_is_async;
+} grpc_fake_channel_security_context;
+
static void fake_channel_destroy(grpc_security_context *ctx) {
grpc_channel_security_context *c = (grpc_channel_security_context *)ctx;
grpc_credentials_unref(c->request_metadata_creds);
@@ -158,31 +173,51 @@ static grpc_security_status fake_server_create_handshaker(
}
static grpc_security_status fake_check_peer(grpc_security_context *ctx,
- const tsi_peer *peer,
- grpc_security_check_peer_cb cb,
+ tsi_peer peer,
+ grpc_security_check_cb cb,
void *user_data) {
const char *prop_name;
- if (peer->property_count != 1) {
+ grpc_security_status status = GRPC_SECURITY_OK;
+ if (peer.property_count != 1) {
gpr_log(GPR_ERROR, "Fake peers should only have 1 property.");
- return GRPC_SECURITY_ERROR;
+ status = GRPC_SECURITY_ERROR;
+ goto end;
}
- prop_name = peer->properties[0].name;
+ prop_name = peer.properties[0].name;
if (prop_name == NULL ||
strcmp(prop_name, TSI_CERTIFICATE_TYPE_PEER_PROPERTY)) {
gpr_log(GPR_ERROR, "Unexpected property in fake peer: %s.",
prop_name == NULL ? "<EMPTY>" : prop_name);
- return GRPC_SECURITY_ERROR;
+ status = GRPC_SECURITY_ERROR;
+ goto end;
}
- if (peer->properties[0].type != TSI_PEER_PROPERTY_TYPE_STRING) {
+ if (peer.properties[0].type != TSI_PEER_PROPERTY_TYPE_STRING) {
gpr_log(GPR_ERROR, "Invalid type of cert type property.");
- return GRPC_SECURITY_ERROR;
+ status = GRPC_SECURITY_ERROR;
+ goto end;
}
- if (strncmp(peer->properties[0].value.string.data, TSI_FAKE_CERTIFICATE_TYPE,
- peer->properties[0].value.string.length)) {
+ if (strncmp(peer.properties[0].value.string.data, TSI_FAKE_CERTIFICATE_TYPE,
+ peer.properties[0].value.string.length)) {
gpr_log(GPR_ERROR, "Invalid value for cert type property.");
- return GRPC_SECURITY_ERROR;
+ status = GRPC_SECURITY_ERROR;
+ goto end;
+ }
+end:
+ tsi_peer_destruct(&peer);
+ return status;
+}
+
+static grpc_security_status fake_channel_check_call_host(
+ grpc_channel_security_context *ctx, const char *host,
+ grpc_security_check_cb cb, void *user_data) {
+ grpc_fake_channel_security_context *c =
+ (grpc_fake_channel_security_context *)ctx;
+ if (c->call_host_check_is_async) {
+ cb(user_data, GRPC_SECURITY_OK);
+ return GRPC_SECURITY_PENDING;
+ } else {
+ return GRPC_SECURITY_OK;
}
- return GRPC_SECURITY_OK;
}
static grpc_security_context_vtable fake_channel_vtable = {
@@ -192,15 +227,17 @@ static grpc_security_context_vtable fake_server_vtable = {
fake_server_destroy, fake_server_create_handshaker, fake_check_peer};
grpc_channel_security_context *grpc_fake_channel_security_context_create(
- grpc_credentials *request_metadata_creds) {
- grpc_channel_security_context *c =
- gpr_malloc(sizeof(grpc_channel_security_context));
- gpr_ref_init(&c->base.refcount, 1);
- c->base.is_client_side = 1;
- c->base.vtable = &fake_channel_vtable;
+ grpc_credentials *request_metadata_creds, int call_host_check_is_async) {
+ grpc_fake_channel_security_context *c =
+ gpr_malloc(sizeof(grpc_fake_channel_security_context));
+ gpr_ref_init(&c->base.base.refcount, 1);
+ c->base.base.is_client_side = 1;
+ c->base.base.vtable = &fake_channel_vtable;
GPR_ASSERT(check_request_metadata_creds(request_metadata_creds));
- c->request_metadata_creds = grpc_credentials_ref(request_metadata_creds);
- return c;
+ c->base.request_metadata_creds = grpc_credentials_ref(request_metadata_creds);
+ c->base.check_call_host = fake_channel_check_call_host;
+ c->call_host_check_is_async = call_host_check_is_async;
+ return &c->base;
}
grpc_security_context *grpc_fake_server_security_context_create(void) {
@@ -215,7 +252,9 @@ grpc_security_context *grpc_fake_server_security_context_create(void) {
typedef struct {
grpc_channel_security_context base;
tsi_ssl_handshaker_factory *handshaker_factory;
- char *secure_peer_name;
+ char *target_name;
+ char *overridden_target_name;
+ tsi_peer peer;
} grpc_ssl_channel_security_context;
typedef struct {
@@ -230,7 +269,9 @@ static void ssl_channel_destroy(grpc_security_context *ctx) {
if (c->handshaker_factory != NULL) {
tsi_ssl_handshaker_factory_destroy(c->handshaker_factory);
}
- if (c->secure_peer_name != NULL) gpr_free(c->secure_peer_name);
+ if (c->target_name != NULL) gpr_free(c->target_name);
+ if (c->overridden_target_name != NULL) gpr_free(c->overridden_target_name);
+ tsi_peer_destruct(&c->peer);
gpr_free(ctx);
}
@@ -244,11 +285,11 @@ static void ssl_server_destroy(grpc_security_context *ctx) {
static grpc_security_status ssl_create_handshaker(
tsi_ssl_handshaker_factory *handshaker_factory, int is_client,
- const char *secure_peer_name, tsi_handshaker **handshaker) {
+ const char *peer_name, tsi_handshaker **handshaker) {
tsi_result result = TSI_OK;
if (handshaker_factory == NULL) return GRPC_SECURITY_ERROR;
result = tsi_ssl_handshaker_factory_create_handshaker(
- handshaker_factory, is_client ? secure_peer_name : NULL, handshaker);
+ handshaker_factory, is_client ? peer_name : NULL, handshaker);
if (result != TSI_OK) {
gpr_log(GPR_ERROR, "Handshaker creation failed with error %s.",
tsi_result_to_string(result));
@@ -261,7 +302,10 @@ static grpc_security_status ssl_channel_create_handshaker(
grpc_security_context *ctx, tsi_handshaker **handshaker) {
grpc_ssl_channel_security_context *c =
(grpc_ssl_channel_security_context *)ctx;
- return ssl_create_handshaker(c->handshaker_factory, 1, c->secure_peer_name,
+ return ssl_create_handshaker(c->handshaker_factory, 1,
+ c->overridden_target_name != NULL
+ ? c->overridden_target_name
+ : c->target_name,
handshaker);
}
@@ -271,7 +315,7 @@ static grpc_security_status ssl_server_create_handshaker(
return ssl_create_handshaker(c->handshaker_factory, 0, NULL, handshaker);
}
-static grpc_security_status ssl_check_peer(const char *secure_peer_name,
+static grpc_security_status ssl_check_peer(const char *peer_name,
const tsi_peer *peer) {
/* Check the ALPN. */
const tsi_peer_property *p =
@@ -291,28 +335,54 @@ static grpc_security_status ssl_check_peer(const char *secure_peer_name,
}
/* Check the peer name if specified. */
- if (secure_peer_name != NULL &&
- !tsi_ssl_peer_matches_name(peer, secure_peer_name)) {
- gpr_log(GPR_ERROR, "Peer name %s is not in peer certificate",
- secure_peer_name);
+ if (peer_name != NULL &&
+ !tsi_ssl_peer_matches_name(peer, peer_name)) {
+ gpr_log(GPR_ERROR, "Peer name %s is not in peer certificate", peer_name);
return GRPC_SECURITY_ERROR;
}
return GRPC_SECURITY_OK;
}
-static grpc_security_status ssl_channel_check_peer(
- grpc_security_context *ctx, const tsi_peer *peer,
- grpc_security_check_peer_cb cb, void *user_data) {
+static grpc_security_status ssl_channel_check_peer(grpc_security_context *ctx,
+ tsi_peer peer,
+ grpc_security_check_cb cb,
+ void *user_data) {
grpc_ssl_channel_security_context *c =
(grpc_ssl_channel_security_context *)ctx;
- return ssl_check_peer(c->secure_peer_name, peer);
+ grpc_security_status status = ssl_check_peer(c->overridden_target_name != NULL
+ ? c->overridden_target_name
+ : c->target_name,
+ &peer);
+ c->peer = peer;
+ return status;
+}
+
+static grpc_security_status ssl_server_check_peer(grpc_security_context *ctx,
+ tsi_peer peer,
+ grpc_security_check_cb cb,
+ void *user_data) {
+ /* TODO(jboeuf): Find a way to expose the peer to the authorization layer. */
+ grpc_security_status status = ssl_check_peer(NULL, &peer);
+ tsi_peer_destruct(&peer);
+ return status;
}
-static grpc_security_status ssl_server_check_peer(
- grpc_security_context *ctx, const tsi_peer *peer,
- grpc_security_check_peer_cb cb, void *user_data) {
- /* TODO(jboeuf): Find a way to expose the peer to the authorization layer. */
- return ssl_check_peer(NULL, peer);
+static grpc_security_status ssl_channel_check_call_host(
+ grpc_channel_security_context *ctx, const char *host,
+ grpc_security_check_cb cb, void *user_data) {
+ grpc_ssl_channel_security_context *c =
+ (grpc_ssl_channel_security_context *)ctx;
+
+ if (tsi_ssl_peer_matches_name(&c->peer, host)) return GRPC_SECURITY_OK;
+
+ /* If the target name was overridden, then the original target_name was
+ 'checked' transitively during the previous peer check at the end of the
+ handshake. */
+ if (c->overridden_target_name != NULL && !strcmp(host, c->target_name)) {
+ return GRPC_SECURITY_OK;
+ } else {
+ return GRPC_SECURITY_ERROR;
+ }
}
static grpc_security_context_vtable ssl_channel_vtable = {
@@ -345,7 +415,8 @@ static size_t get_default_pem_roots(const unsigned char **pem_root_certs) {
grpc_security_status grpc_ssl_channel_security_context_create(
grpc_credentials *request_metadata_creds, const grpc_ssl_config *config,
- const char *secure_peer_name, grpc_channel_security_context **ctx) {
+ const char *target_name, const char *overridden_target_name,
+ grpc_channel_security_context **ctx) {
size_t num_alpn_protocols = grpc_chttp2_num_alpn_versions();
const unsigned char **alpn_protocol_strings =
gpr_malloc(sizeof(const char *) * num_alpn_protocols);
@@ -364,8 +435,8 @@ grpc_security_status grpc_ssl_channel_security_context_create(
strlen(grpc_chttp2_get_alpn_version_index(i));
}
- if (config == NULL || secure_peer_name == NULL) {
- gpr_log(GPR_ERROR, "An ssl channel needs a config and a secure name.");
+ if (config == NULL || target_name == NULL) {
+ gpr_log(GPR_ERROR, "An ssl channel needs a config and a target name.");
goto error;
}
if (!check_request_metadata_creds(request_metadata_creds)) {
@@ -379,8 +450,12 @@ grpc_security_status grpc_ssl_channel_security_context_create(
c->base.base.vtable = &ssl_channel_vtable;
c->base.base.is_client_side = 1;
c->base.request_metadata_creds = grpc_credentials_ref(request_metadata_creds);
- if (secure_peer_name != NULL) {
- c->secure_peer_name = gpr_strdup(secure_peer_name);
+ c->base.check_call_host = ssl_channel_check_call_host;
+ if (target_name != NULL) {
+ c->target_name = gpr_strdup(target_name);
+ }
+ if (overridden_target_name != NULL) {
+ c->overridden_target_name = gpr_strdup(overridden_target_name);
}
if (config->pem_root_certs == NULL) {
pem_root_certs_size = get_default_pem_roots(&pem_root_certs);
@@ -478,7 +553,7 @@ grpc_channel *grpc_ssl_channel_create(grpc_credentials *ssl_creds,
grpc_channel *channel = NULL;
grpc_security_status status = GRPC_SECURITY_OK;
size_t i = 0;
- const char *secure_peer_name = target;
+ const char *overridden_target_name = NULL;
grpc_arg arg;
grpc_channel_args *new_args;
@@ -486,13 +561,13 @@ grpc_channel *grpc_ssl_channel_create(grpc_credentials *ssl_creds,
grpc_arg *arg = &args->args[i];
if (!strcmp(arg->key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) &&
arg->type == GRPC_ARG_STRING) {
- secure_peer_name = arg->value.string;
+ overridden_target_name = arg->value.string;
break;
}
}
status = grpc_ssl_channel_security_context_create(
request_metadata_creds, grpc_ssl_credentials_get_config(ssl_creds),
- secure_peer_name, &ctx);
+ target, overridden_target_name, &ctx);
if (status != GRPC_SECURITY_OK) {
return grpc_lame_client_channel_create();
}
@@ -510,7 +585,7 @@ grpc_channel *grpc_fake_transport_security_channel_create(
grpc_credentials *fake_creds, grpc_credentials *request_metadata_creds,
const char *target, const grpc_channel_args *args) {
grpc_channel_security_context *ctx =
- grpc_fake_channel_security_context_create(request_metadata_creds);
+ grpc_fake_channel_security_context_create(request_metadata_creds, 1);
grpc_channel *channel =
grpc_secure_channel_create_internal(target, args, ctx);
grpc_security_context_unref(&ctx->base);
diff --git a/src/core/security/security_context.h b/src/core/security/security_context.h
index 2caa2d3690..25d467d717 100644
--- a/src/core/security/security_context.h
+++ b/src/core/security/security_context.h
@@ -56,16 +56,15 @@ typedef struct grpc_security_context grpc_security_context;
#define GRPC_SECURITY_CONTEXT_ARG "grpc.security_context"
-typedef void (*grpc_security_check_peer_cb)(void *user_data,
- grpc_security_status status);
+typedef void (*grpc_security_check_cb)(void *user_data,
+ grpc_security_status status);
typedef struct {
void (*destroy)(grpc_security_context *ctx);
grpc_security_status (*create_handshaker)(grpc_security_context *ctx,
tsi_handshaker **handshaker);
- grpc_security_status (*check_peer)(grpc_security_context *ctx,
- const tsi_peer *peer,
- grpc_security_check_peer_cb,
+ grpc_security_status (*check_peer)(grpc_security_context *ctx, tsi_peer peer,
+ grpc_security_check_cb cb,
void *user_data);
} grpc_security_context_vtable;
@@ -87,18 +86,14 @@ grpc_security_status grpc_security_context_create_handshaker(
/* Check the peer.
Implementations can choose to check the peer either synchronously or
- asynchronously. In the first case, a successful will return
+ asynchronously. In the first case, a successful call will return
GRPC_SECURITY_OK. In the asynchronous case, the call will return
GRPC_SECURITY_PENDING unless an error is detected early on.
-
- Note:
- Asynchronous implementations of this interface should make a copy of the
- fields of the peer they want to check as there is no guarantee on the
- lifetime of the peer object beyond this call.
+ Ownership of the peer is transfered.
*/
grpc_security_status grpc_security_context_check_peer(
- grpc_security_context *ctx, const tsi_peer *peer,
- grpc_security_check_peer_cb cb, void *user_data);
+ grpc_security_context *ctx, tsi_peer peer,
+ grpc_security_check_cb cb, void *user_data);
/* Util to encapsulate the context in a channel arg. */
grpc_arg grpc_security_context_to_arg(grpc_security_context *ctx);
@@ -120,14 +115,26 @@ typedef struct grpc_channel_security_context grpc_channel_security_context;
struct grpc_channel_security_context {
grpc_security_context base; /* requires is_client_side to be non 0. */
grpc_credentials *request_metadata_creds;
+ grpc_security_status (*check_call_host)(
+ grpc_channel_security_context *ctx, const char *host,
+ grpc_security_check_cb cb, void *user_data);
};
+/* Checks that the host that will be set for a call is acceptable.
+ Implementations can choose do the check either synchronously or
+ asynchronously. In the first case, a successful call will return
+ GRPC_SECURITY_OK. In the asynchronous case, the call will return
+ GRPC_SECURITY_PENDING unless an error is detected early on. */
+grpc_security_status grpc_channel_security_context_check_call_host(
+ grpc_channel_security_context *ctx, const char *host,
+ grpc_security_check_cb cb, void *user_data);
+
/* --- Creation security contexts. --- */
/* For TESTING ONLY!
Creates a fake context that emulates real channel security. */
grpc_channel_security_context *grpc_fake_channel_security_context_create(
- grpc_credentials *request_metadata_creds);
+ grpc_credentials *request_metadata_creds, int call_host_check_is_async);
/* For TESTING ONLY!
Creates a fake context that emulates real server security. */
@@ -148,7 +155,8 @@ grpc_security_context *grpc_fake_server_security_context_create(void);
*/
grpc_security_status grpc_ssl_channel_security_context_create(
grpc_credentials *request_metadata_creds, const grpc_ssl_config *config,
- const char *secure_peer_name, grpc_channel_security_context **ctx);
+ const char *target_name, const char *overridden_target_name,
+ grpc_channel_security_context **ctx);
/* Creates an SSL server_security_context.
- config is the SSL config to be used for the SSL channel establishment.