diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/core/httpcli/httpcli_security_context.c | 15 | ||||
-rw-r--r-- | src/core/security/auth.c | 130 | ||||
-rw-r--r-- | src/core/security/secure_transport_setup.c | 3 | ||||
-rw-r--r-- | src/core/security/security_context.c | 177 | ||||
-rw-r--r-- | src/core/security/security_context.h | 38 | ||||
-rw-r--r-- | src/core/surface/secure_channel_create.c | 7 |
6 files changed, 273 insertions, 97 deletions
diff --git a/src/core/httpcli/httpcli_security_context.c b/src/core/httpcli/httpcli_security_context.c index d074e163f1..53e887ccd1 100644 --- a/src/core/httpcli/httpcli_security_context.c +++ b/src/core/httpcli/httpcli_security_context.c @@ -73,20 +73,23 @@ static grpc_security_status httpcli_ssl_create_handshaker( return GRPC_SECURITY_OK; } -static grpc_security_status httpcli_ssl_check_peer( - grpc_security_context *ctx, const tsi_peer *peer, - grpc_security_check_peer_cb cb, void *user_data) { +static grpc_security_status httpcli_ssl_check_peer(grpc_security_context *ctx, + tsi_peer peer, + grpc_security_check_cb cb, + void *user_data) { grpc_httpcli_ssl_channel_security_context *c = (grpc_httpcli_ssl_channel_security_context *)ctx; + grpc_security_status status = GRPC_SECURITY_OK; /* Check the peer name. */ if (c->secure_peer_name != NULL && - !tsi_ssl_peer_matches_name(peer, c->secure_peer_name)) { + !tsi_ssl_peer_matches_name(&peer, c->secure_peer_name)) { gpr_log(GPR_ERROR, "Peer name %s is not in peer certificate", c->secure_peer_name); - return GRPC_SECURITY_ERROR; + status = GRPC_SECURITY_ERROR; } - return GRPC_SECURITY_OK; + tsi_peer_destruct(&peer); + return status; } static grpc_security_context_vtable httpcli_ssl_vtable = { diff --git a/src/core/security/auth.c b/src/core/security/auth.c index 9d0c075bc3..18c32f90f4 100644 --- a/src/core/security/auth.c +++ b/src/core/security/auth.c @@ -35,22 +35,49 @@ #include <string.h> -#include "src/core/security/security_context.h" -#include "src/core/security/credentials.h" #include <grpc/support/alloc.h> #include <grpc/support/log.h> +#include "src/core/support/string.h" +#include "src/core/channel/channel_stack.h" +#include "src/core/security/security_context.h" +#include "src/core/security/credentials.h" +#include "src/core/surface/call.h" + /* We can have a per-call credentials. */ typedef struct { grpc_credentials *creds; + grpc_mdstr *host; grpc_call_op op; } call_data; /* We can have a per-channel credentials. */ typedef struct { grpc_channel_security_context *security_context; + grpc_mdctx *md_ctx; + grpc_mdstr *authority_string; + grpc_mdstr *error_msg_key; } channel_data; +static void do_nothing(void *ignored, grpc_op_error error) {} + +static void bubbleup_error(grpc_call_element *elem, const char *error_msg) { + grpc_call_op finish_op; + channel_data *channeld = elem->channel_data; + + gpr_log(GPR_ERROR, "%s", error_msg); + finish_op.type = GRPC_RECV_METADATA; + finish_op.dir = GRPC_CALL_UP; + finish_op.flags = 0; + finish_op.data.metadata = grpc_mdelem_from_metadata_strings( + channeld->md_ctx, channeld->error_msg_key, + grpc_mdstr_from_string(channeld->md_ctx, error_msg)); + finish_op.done_cb = do_nothing; + finish_op.user_data = NULL; + grpc_call_next_op(elem, &finish_op); + grpc_call_element_send_cancel(elem); +} + static void on_credentials_metadata(void *user_data, grpc_mdelem **md_elems, size_t num_md, grpc_credentials_status status) { @@ -62,6 +89,46 @@ static void on_credentials_metadata(void *user_data, grpc_mdelem **md_elems, grpc_call_next_op(elem, &((call_data *)elem->call_data)->op); } +static void send_security_metadata(grpc_call_element *elem, grpc_call_op *op) { + /* grab pointers to our data from the call element */ + call_data *calld = elem->call_data; + channel_data *channeld = elem->channel_data; + + grpc_credentials *channel_creds = + channeld->security_context->request_metadata_creds; + /* TODO(jboeuf): + Decide on the policy in this case: + - populate both channel and call? + - the call takes precedence over the channel? + - leave this decision up to the channel credentials? */ + if (calld->creds != NULL) { + gpr_log(GPR_ERROR, "Ignoring per call credentials for now."); + } + if (channel_creds != NULL && + grpc_credentials_has_request_metadata(channel_creds)) { + calld->op = *op; /* Copy op (originates from the caller's stack). */ + grpc_credentials_get_request_metadata(channel_creds, + on_credentials_metadata, elem); + } else { + grpc_call_next_op(elem, op); + } +} + +static void on_host_checked(void *user_data, grpc_security_status status) { + grpc_call_element *elem = (grpc_call_element *)user_data; + call_data *calld = elem->call_data; + + if (status == GRPC_SECURITY_OK) { + send_security_metadata(elem, &calld->op); + } else { + char *error_msg; + gpr_asprintf(&error_msg, "Invalid host %s set in :authority metadata.", + grpc_mdstr_as_c_string(calld->host)); + bubbleup_error(elem, error_msg); + gpr_free(error_msg); + } +} + /* Called either: - in response to an API call (or similar) from above, to send something - a network event (or similar) from below, to receive something @@ -74,26 +141,36 @@ static void call_op(grpc_call_element *elem, grpc_call_element *from_elem, channel_data *channeld = elem->channel_data; switch (op->type) { - case GRPC_SEND_START: { - grpc_credentials *channel_creds = - channeld->security_context->request_metadata_creds; - /* TODO(jboeuf): - Decide on the policy in this case: - - populate both channel and call? - - the call takes precedence over the channel? - - leave this decision up to the channel credentials? */ - if (calld->creds != NULL) { - gpr_log(GPR_ERROR, "Ignoring per call credentials for now."); + case GRPC_SEND_METADATA: + /* Pointer comparison is OK for md_elems created from the same context. */ + if (op->data.metadata->key == channeld->authority_string) { + if (calld->host != NULL) grpc_mdstr_unref(calld->host); + calld->host = grpc_mdstr_ref(op->data.metadata->value); } - if (channel_creds != NULL && - grpc_credentials_has_request_metadata(channel_creds)) { + grpc_call_next_op(elem, op); + break; + + case GRPC_SEND_START: + if (calld->host != NULL) { + grpc_security_status status; + const char *call_host = grpc_mdstr_as_c_string(calld->host); calld->op = *op; /* Copy op (originates from the caller's stack). */ - grpc_credentials_get_request_metadata(channel_creds, - on_credentials_metadata, elem); - break; + status = grpc_channel_security_context_check_call_host( + channeld->security_context, call_host, on_host_checked, elem); + if (status != GRPC_SECURITY_OK) { + if (status == GRPC_SECURITY_ERROR) { + char *error_msg; + gpr_asprintf(&error_msg, + "Invalid host %s set in :authority metadata.", + call_host); + bubbleup_error(elem, error_msg); + gpr_free(error_msg); + } + break; + } } - /* FALLTHROUGH INTENDED. */ - } + send_security_metadata(elem, op); + break; default: /* pass control up or down the stack depending on op->dir */ @@ -116,6 +193,7 @@ static void init_call_elem(grpc_call_element *elem, Find a way to pass-in the credentials from the caller here. */ call_data *calld = elem->call_data; calld->creds = NULL; + calld->host = NULL; } /* Destructor for call_data */ @@ -124,6 +202,9 @@ static void destroy_call_elem(grpc_call_element *elem) { if (calld->creds != NULL) { grpc_credentials_unref(calld->creds); } + if (calld->host != NULL) { + grpc_mdstr_unref(calld->host); + } } /* Constructor for channel_data */ @@ -146,6 +227,11 @@ static void init_channel_elem(grpc_channel_element *elem, GPR_ASSERT(ctx->is_client_side); channeld->security_context = (grpc_channel_security_context *)grpc_security_context_ref(ctx); + channeld->md_ctx = metadata_context; + channeld->authority_string = + grpc_mdstr_from_string(channeld->md_ctx, ":authority"); + channeld->error_msg_key = + grpc_mdstr_from_string(channeld->md_ctx, "grpc-message"); } /* Destructor for channel data */ @@ -154,6 +240,12 @@ static void destroy_channel_elem(grpc_channel_element *elem) { channel_data *channeld = elem->channel_data; grpc_channel_security_context *ctx = channeld->security_context; if (ctx != NULL) grpc_security_context_unref(&ctx->base); + if (channeld->authority_string != NULL) { + grpc_mdstr_unref(channeld->authority_string); + } + if (channeld->error_msg_key != NULL) { + grpc_mdstr_unref(channeld->error_msg_key); + } } const grpc_channel_filter grpc_client_auth_filter = { diff --git a/src/core/security/secure_transport_setup.c b/src/core/security/secure_transport_setup.c index 50a6987fbf..59789a7e4d 100644 --- a/src/core/security/secure_transport_setup.c +++ b/src/core/security/secure_transport_setup.c @@ -113,8 +113,7 @@ static void check_peer(grpc_secure_transport_setup *s) { return; } peer_status = - grpc_security_context_check_peer(s->ctx, &peer, on_peer_checked, s); - tsi_peer_destruct(&peer); + grpc_security_context_check_peer(s->ctx, peer, on_peer_checked, s); if (peer_status == GRPC_SECURITY_ERROR) { gpr_log(GPR_ERROR, "Peer check failed."); secure_transport_setup_done(s, 0); diff --git a/src/core/security/security_context.c b/src/core/security/security_context.c index 1edec29775..adb0269792 100644 --- a/src/core/security/security_context.c +++ b/src/core/security/security_context.c @@ -69,12 +69,22 @@ grpc_security_status grpc_security_context_create_handshaker( } grpc_security_status grpc_security_context_check_peer( - grpc_security_context *ctx, const tsi_peer *peer, - grpc_security_check_peer_cb cb, void *user_data) { - if (ctx == NULL) return GRPC_SECURITY_ERROR; + grpc_security_context *ctx, tsi_peer peer, grpc_security_check_cb cb, + void *user_data) { + if (ctx == NULL) { + tsi_peer_destruct(&peer); + return GRPC_SECURITY_ERROR; + } return ctx->vtable->check_peer(ctx, peer, cb, user_data); } +grpc_security_status grpc_channel_security_context_check_call_host( + grpc_channel_security_context *ctx, const char *host, + grpc_security_check_cb cb, void *user_data) { + if (ctx == NULL || ctx->check_call_host == NULL) return GRPC_SECURITY_ERROR; + return ctx->check_call_host(ctx, host, cb, user_data); +} + void grpc_security_context_unref(grpc_security_context *ctx) { if (ctx == NULL) return; if (gpr_unref(&ctx->refcount)) ctx->vtable->destroy(ctx); @@ -137,6 +147,11 @@ static int check_request_metadata_creds(grpc_credentials *creds) { /* -- Fake implementation. -- */ +typedef struct { + grpc_channel_security_context base; + int call_host_check_is_async; +} grpc_fake_channel_security_context; + static void fake_channel_destroy(grpc_security_context *ctx) { grpc_channel_security_context *c = (grpc_channel_security_context *)ctx; grpc_credentials_unref(c->request_metadata_creds); @@ -158,31 +173,51 @@ static grpc_security_status fake_server_create_handshaker( } static grpc_security_status fake_check_peer(grpc_security_context *ctx, - const tsi_peer *peer, - grpc_security_check_peer_cb cb, + tsi_peer peer, + grpc_security_check_cb cb, void *user_data) { const char *prop_name; - if (peer->property_count != 1) { + grpc_security_status status = GRPC_SECURITY_OK; + if (peer.property_count != 1) { gpr_log(GPR_ERROR, "Fake peers should only have 1 property."); - return GRPC_SECURITY_ERROR; + status = GRPC_SECURITY_ERROR; + goto end; } - prop_name = peer->properties[0].name; + prop_name = peer.properties[0].name; if (prop_name == NULL || strcmp(prop_name, TSI_CERTIFICATE_TYPE_PEER_PROPERTY)) { gpr_log(GPR_ERROR, "Unexpected property in fake peer: %s.", prop_name == NULL ? "<EMPTY>" : prop_name); - return GRPC_SECURITY_ERROR; + status = GRPC_SECURITY_ERROR; + goto end; } - if (peer->properties[0].type != TSI_PEER_PROPERTY_TYPE_STRING) { + if (peer.properties[0].type != TSI_PEER_PROPERTY_TYPE_STRING) { gpr_log(GPR_ERROR, "Invalid type of cert type property."); - return GRPC_SECURITY_ERROR; + status = GRPC_SECURITY_ERROR; + goto end; } - if (strncmp(peer->properties[0].value.string.data, TSI_FAKE_CERTIFICATE_TYPE, - peer->properties[0].value.string.length)) { + if (strncmp(peer.properties[0].value.string.data, TSI_FAKE_CERTIFICATE_TYPE, + peer.properties[0].value.string.length)) { gpr_log(GPR_ERROR, "Invalid value for cert type property."); - return GRPC_SECURITY_ERROR; + status = GRPC_SECURITY_ERROR; + goto end; + } +end: + tsi_peer_destruct(&peer); + return status; +} + +static grpc_security_status fake_channel_check_call_host( + grpc_channel_security_context *ctx, const char *host, + grpc_security_check_cb cb, void *user_data) { + grpc_fake_channel_security_context *c = + (grpc_fake_channel_security_context *)ctx; + if (c->call_host_check_is_async) { + cb(user_data, GRPC_SECURITY_OK); + return GRPC_SECURITY_PENDING; + } else { + return GRPC_SECURITY_OK; } - return GRPC_SECURITY_OK; } static grpc_security_context_vtable fake_channel_vtable = { @@ -192,15 +227,17 @@ static grpc_security_context_vtable fake_server_vtable = { fake_server_destroy, fake_server_create_handshaker, fake_check_peer}; grpc_channel_security_context *grpc_fake_channel_security_context_create( - grpc_credentials *request_metadata_creds) { - grpc_channel_security_context *c = - gpr_malloc(sizeof(grpc_channel_security_context)); - gpr_ref_init(&c->base.refcount, 1); - c->base.is_client_side = 1; - c->base.vtable = &fake_channel_vtable; + grpc_credentials *request_metadata_creds, int call_host_check_is_async) { + grpc_fake_channel_security_context *c = + gpr_malloc(sizeof(grpc_fake_channel_security_context)); + gpr_ref_init(&c->base.base.refcount, 1); + c->base.base.is_client_side = 1; + c->base.base.vtable = &fake_channel_vtable; GPR_ASSERT(check_request_metadata_creds(request_metadata_creds)); - c->request_metadata_creds = grpc_credentials_ref(request_metadata_creds); - return c; + c->base.request_metadata_creds = grpc_credentials_ref(request_metadata_creds); + c->base.check_call_host = fake_channel_check_call_host; + c->call_host_check_is_async = call_host_check_is_async; + return &c->base; } grpc_security_context *grpc_fake_server_security_context_create(void) { @@ -215,7 +252,9 @@ grpc_security_context *grpc_fake_server_security_context_create(void) { typedef struct { grpc_channel_security_context base; tsi_ssl_handshaker_factory *handshaker_factory; - char *secure_peer_name; + char *target_name; + char *overridden_target_name; + tsi_peer peer; } grpc_ssl_channel_security_context; typedef struct { @@ -230,7 +269,9 @@ static void ssl_channel_destroy(grpc_security_context *ctx) { if (c->handshaker_factory != NULL) { tsi_ssl_handshaker_factory_destroy(c->handshaker_factory); } - if (c->secure_peer_name != NULL) gpr_free(c->secure_peer_name); + if (c->target_name != NULL) gpr_free(c->target_name); + if (c->overridden_target_name != NULL) gpr_free(c->overridden_target_name); + tsi_peer_destruct(&c->peer); gpr_free(ctx); } @@ -244,11 +285,11 @@ static void ssl_server_destroy(grpc_security_context *ctx) { static grpc_security_status ssl_create_handshaker( tsi_ssl_handshaker_factory *handshaker_factory, int is_client, - const char *secure_peer_name, tsi_handshaker **handshaker) { + const char *peer_name, tsi_handshaker **handshaker) { tsi_result result = TSI_OK; if (handshaker_factory == NULL) return GRPC_SECURITY_ERROR; result = tsi_ssl_handshaker_factory_create_handshaker( - handshaker_factory, is_client ? secure_peer_name : NULL, handshaker); + handshaker_factory, is_client ? peer_name : NULL, handshaker); if (result != TSI_OK) { gpr_log(GPR_ERROR, "Handshaker creation failed with error %s.", tsi_result_to_string(result)); @@ -261,7 +302,10 @@ static grpc_security_status ssl_channel_create_handshaker( grpc_security_context *ctx, tsi_handshaker **handshaker) { grpc_ssl_channel_security_context *c = (grpc_ssl_channel_security_context *)ctx; - return ssl_create_handshaker(c->handshaker_factory, 1, c->secure_peer_name, + return ssl_create_handshaker(c->handshaker_factory, 1, + c->overridden_target_name != NULL + ? c->overridden_target_name + : c->target_name, handshaker); } @@ -271,7 +315,7 @@ static grpc_security_status ssl_server_create_handshaker( return ssl_create_handshaker(c->handshaker_factory, 0, NULL, handshaker); } -static grpc_security_status ssl_check_peer(const char *secure_peer_name, +static grpc_security_status ssl_check_peer(const char *peer_name, const tsi_peer *peer) { /* Check the ALPN. */ const tsi_peer_property *p = @@ -291,28 +335,54 @@ static grpc_security_status ssl_check_peer(const char *secure_peer_name, } /* Check the peer name if specified. */ - if (secure_peer_name != NULL && - !tsi_ssl_peer_matches_name(peer, secure_peer_name)) { - gpr_log(GPR_ERROR, "Peer name %s is not in peer certificate", - secure_peer_name); + if (peer_name != NULL && + !tsi_ssl_peer_matches_name(peer, peer_name)) { + gpr_log(GPR_ERROR, "Peer name %s is not in peer certificate", peer_name); return GRPC_SECURITY_ERROR; } return GRPC_SECURITY_OK; } -static grpc_security_status ssl_channel_check_peer( - grpc_security_context *ctx, const tsi_peer *peer, - grpc_security_check_peer_cb cb, void *user_data) { +static grpc_security_status ssl_channel_check_peer(grpc_security_context *ctx, + tsi_peer peer, + grpc_security_check_cb cb, + void *user_data) { grpc_ssl_channel_security_context *c = (grpc_ssl_channel_security_context *)ctx; - return ssl_check_peer(c->secure_peer_name, peer); + grpc_security_status status = ssl_check_peer(c->overridden_target_name != NULL + ? c->overridden_target_name + : c->target_name, + &peer); + c->peer = peer; + return status; +} + +static grpc_security_status ssl_server_check_peer(grpc_security_context *ctx, + tsi_peer peer, + grpc_security_check_cb cb, + void *user_data) { + /* TODO(jboeuf): Find a way to expose the peer to the authorization layer. */ + grpc_security_status status = ssl_check_peer(NULL, &peer); + tsi_peer_destruct(&peer); + return status; } -static grpc_security_status ssl_server_check_peer( - grpc_security_context *ctx, const tsi_peer *peer, - grpc_security_check_peer_cb cb, void *user_data) { - /* TODO(jboeuf): Find a way to expose the peer to the authorization layer. */ - return ssl_check_peer(NULL, peer); +static grpc_security_status ssl_channel_check_call_host( + grpc_channel_security_context *ctx, const char *host, + grpc_security_check_cb cb, void *user_data) { + grpc_ssl_channel_security_context *c = + (grpc_ssl_channel_security_context *)ctx; + + if (tsi_ssl_peer_matches_name(&c->peer, host)) return GRPC_SECURITY_OK; + + /* If the target name was overridden, then the original target_name was + 'checked' transitively during the previous peer check at the end of the + handshake. */ + if (c->overridden_target_name != NULL && !strcmp(host, c->target_name)) { + return GRPC_SECURITY_OK; + } else { + return GRPC_SECURITY_ERROR; + } } static grpc_security_context_vtable ssl_channel_vtable = { @@ -345,7 +415,8 @@ static size_t get_default_pem_roots(const unsigned char **pem_root_certs) { grpc_security_status grpc_ssl_channel_security_context_create( grpc_credentials *request_metadata_creds, const grpc_ssl_config *config, - const char *secure_peer_name, grpc_channel_security_context **ctx) { + const char *target_name, const char *overridden_target_name, + grpc_channel_security_context **ctx) { size_t num_alpn_protocols = grpc_chttp2_num_alpn_versions(); const unsigned char **alpn_protocol_strings = gpr_malloc(sizeof(const char *) * num_alpn_protocols); @@ -364,8 +435,8 @@ grpc_security_status grpc_ssl_channel_security_context_create( strlen(grpc_chttp2_get_alpn_version_index(i)); } - if (config == NULL || secure_peer_name == NULL) { - gpr_log(GPR_ERROR, "An ssl channel needs a config and a secure name."); + if (config == NULL || target_name == NULL) { + gpr_log(GPR_ERROR, "An ssl channel needs a config and a target name."); goto error; } if (!check_request_metadata_creds(request_metadata_creds)) { @@ -379,8 +450,12 @@ grpc_security_status grpc_ssl_channel_security_context_create( c->base.base.vtable = &ssl_channel_vtable; c->base.base.is_client_side = 1; c->base.request_metadata_creds = grpc_credentials_ref(request_metadata_creds); - if (secure_peer_name != NULL) { - c->secure_peer_name = gpr_strdup(secure_peer_name); + c->base.check_call_host = ssl_channel_check_call_host; + if (target_name != NULL) { + c->target_name = gpr_strdup(target_name); + } + if (overridden_target_name != NULL) { + c->overridden_target_name = gpr_strdup(overridden_target_name); } if (config->pem_root_certs == NULL) { pem_root_certs_size = get_default_pem_roots(&pem_root_certs); @@ -478,7 +553,7 @@ grpc_channel *grpc_ssl_channel_create(grpc_credentials *ssl_creds, grpc_channel *channel = NULL; grpc_security_status status = GRPC_SECURITY_OK; size_t i = 0; - const char *secure_peer_name = target; + const char *overridden_target_name = NULL; grpc_arg arg; grpc_channel_args *new_args; @@ -486,13 +561,13 @@ grpc_channel *grpc_ssl_channel_create(grpc_credentials *ssl_creds, grpc_arg *arg = &args->args[i]; if (!strcmp(arg->key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) && arg->type == GRPC_ARG_STRING) { - secure_peer_name = arg->value.string; + overridden_target_name = arg->value.string; break; } } status = grpc_ssl_channel_security_context_create( request_metadata_creds, grpc_ssl_credentials_get_config(ssl_creds), - secure_peer_name, &ctx); + target, overridden_target_name, &ctx); if (status != GRPC_SECURITY_OK) { return grpc_lame_client_channel_create(); } @@ -510,7 +585,7 @@ grpc_channel *grpc_fake_transport_security_channel_create( grpc_credentials *fake_creds, grpc_credentials *request_metadata_creds, const char *target, const grpc_channel_args *args) { grpc_channel_security_context *ctx = - grpc_fake_channel_security_context_create(request_metadata_creds); + grpc_fake_channel_security_context_create(request_metadata_creds, 1); grpc_channel *channel = grpc_secure_channel_create_internal(target, args, ctx); grpc_security_context_unref(&ctx->base); diff --git a/src/core/security/security_context.h b/src/core/security/security_context.h index 2caa2d3690..25d467d717 100644 --- a/src/core/security/security_context.h +++ b/src/core/security/security_context.h @@ -56,16 +56,15 @@ typedef struct grpc_security_context grpc_security_context; #define GRPC_SECURITY_CONTEXT_ARG "grpc.security_context" -typedef void (*grpc_security_check_peer_cb)(void *user_data, - grpc_security_status status); +typedef void (*grpc_security_check_cb)(void *user_data, + grpc_security_status status); typedef struct { void (*destroy)(grpc_security_context *ctx); grpc_security_status (*create_handshaker)(grpc_security_context *ctx, tsi_handshaker **handshaker); - grpc_security_status (*check_peer)(grpc_security_context *ctx, - const tsi_peer *peer, - grpc_security_check_peer_cb, + grpc_security_status (*check_peer)(grpc_security_context *ctx, tsi_peer peer, + grpc_security_check_cb cb, void *user_data); } grpc_security_context_vtable; @@ -87,18 +86,14 @@ grpc_security_status grpc_security_context_create_handshaker( /* Check the peer. Implementations can choose to check the peer either synchronously or - asynchronously. In the first case, a successful will return + asynchronously. In the first case, a successful call will return GRPC_SECURITY_OK. In the asynchronous case, the call will return GRPC_SECURITY_PENDING unless an error is detected early on. - - Note: - Asynchronous implementations of this interface should make a copy of the - fields of the peer they want to check as there is no guarantee on the - lifetime of the peer object beyond this call. + Ownership of the peer is transfered. */ grpc_security_status grpc_security_context_check_peer( - grpc_security_context *ctx, const tsi_peer *peer, - grpc_security_check_peer_cb cb, void *user_data); + grpc_security_context *ctx, tsi_peer peer, + grpc_security_check_cb cb, void *user_data); /* Util to encapsulate the context in a channel arg. */ grpc_arg grpc_security_context_to_arg(grpc_security_context *ctx); @@ -120,14 +115,26 @@ typedef struct grpc_channel_security_context grpc_channel_security_context; struct grpc_channel_security_context { grpc_security_context base; /* requires is_client_side to be non 0. */ grpc_credentials *request_metadata_creds; + grpc_security_status (*check_call_host)( + grpc_channel_security_context *ctx, const char *host, + grpc_security_check_cb cb, void *user_data); }; +/* Checks that the host that will be set for a call is acceptable. + Implementations can choose do the check either synchronously or + asynchronously. In the first case, a successful call will return + GRPC_SECURITY_OK. In the asynchronous case, the call will return + GRPC_SECURITY_PENDING unless an error is detected early on. */ +grpc_security_status grpc_channel_security_context_check_call_host( + grpc_channel_security_context *ctx, const char *host, + grpc_security_check_cb cb, void *user_data); + /* --- Creation security contexts. --- */ /* For TESTING ONLY! Creates a fake context that emulates real channel security. */ grpc_channel_security_context *grpc_fake_channel_security_context_create( - grpc_credentials *request_metadata_creds); + grpc_credentials *request_metadata_creds, int call_host_check_is_async); /* For TESTING ONLY! Creates a fake context that emulates real server security. */ @@ -148,7 +155,8 @@ grpc_security_context *grpc_fake_server_security_context_create(void); */ grpc_security_status grpc_ssl_channel_security_context_create( grpc_credentials *request_metadata_creds, const grpc_ssl_config *config, - const char *secure_peer_name, grpc_channel_security_context **ctx); + const char *target_name, const char *overridden_target_name, + grpc_channel_security_context **ctx); /* Creates an SSL server_security_context. - config is the SSL config to be used for the SSL channel establishment. diff --git a/src/core/surface/secure_channel_create.c b/src/core/surface/secure_channel_create.c index defee79766..562e27ff6d 100644 --- a/src/core/surface/secure_channel_create.c +++ b/src/core/surface/secure_channel_create.c @@ -189,8 +189,8 @@ static void done_setup(void *sp) { static grpc_transport_setup_result complete_setup(void *channel_stack, grpc_transport *transport, grpc_mdctx *mdctx) { - static grpc_channel_filter const *extra_filters[] = {&grpc_http_client_filter, - &grpc_http_filter}; + static grpc_channel_filter const *extra_filters[] = { + &grpc_client_auth_filter, &grpc_http_client_filter, &grpc_http_filter}; return grpc_client_channel_transport_setup_complete( channel_stack, transport, extra_filters, GPR_ARRAY_SIZE(extra_filters), mdctx); @@ -208,7 +208,7 @@ grpc_channel *grpc_secure_channel_create_internal( grpc_arg context_arg; grpc_channel_args *args_copy; grpc_mdctx *mdctx = grpc_mdctx_create(); -#define MAX_FILTERS 4 +#define MAX_FILTERS 3 const grpc_channel_filter *filters[MAX_FILTERS]; int n = 0; if (grpc_find_security_context_in_args(args) != NULL) { @@ -222,7 +222,6 @@ grpc_channel *grpc_secure_channel_create_internal( if (grpc_channel_args_is_census_enabled(args)) { filters[n++] = &grpc_client_census_filter; } - filters[n++] = &grpc_client_auth_filter; filters[n++] = &grpc_client_channel_filter; GPR_ASSERT(n <= MAX_FILTERS); channel = grpc_channel_create_from_filters(filters, n, args_copy, mdctx, 1); |