Chiebot-Mirror
/
grpc
mirror of https://github.com/grpc/grpc.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Got core to compile (without the tests)

Browse Source
reviewable/pr3765/r1
Julien Boeuf 10 years ago
parent a8420a4cd8
commit 441176d161
10 changed files with 234 additions and 376 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      include/grpc/grpc_security.h
  2. 30
      src/core/security/client_auth_filter.c
  3. 441
      src/core/security/credentials.c
  4. 16
      src/core/security/credentials.h
  5. 53
      src/core/security/google_default_credentials.c
  6. 29
      src/core/security/security_connector.c
  7. 11
      src/core/security/security_connector.h
  8. 14
      src/core/security/security_context.c
  9. 2
      src/core/security/security_context.h
  10. 8
      src/core/surface/secure_channel_create.c

6
include/grpc/grpc_security.h
Unescape View File

@ -50,7 +50,7 @@ typedef struct grpc_channel_credentials grpc_channel_credentials;
/* Releases a channel credentials object.
The creator of the credentials object is responsible for its release. */
void grpc_credentials_release(grpc_channel_credentials *creds);
void grpc_channel_credentials_release(grpc_channel_credentials *creds);
/* Environment variable that points to the google default application
credentials json key or refresh token. Used in the
@ -101,6 +101,10 @@ grpc_channel_credentials *grpc_ssl_credentials_create(
typedef struct grpc_call_credentials grpc_call_credentials;
/* Releases a call credentials object.
The creator of the credentials object is responsible for its release. */
void grpc_call_credentials_release(grpc_call_credentials *creds);
/* Creates a composite channel credentials object. */
grpc_channel_credentials *grpc_composite_channel_credentials_create(
grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds,

30
src/core/security/client_auth_filter.c
Unescape View File

@ -50,7 +50,7 @@
/* We can have a per-call credentials. */
typedef struct {
grpc_credentials *creds;
grpc_call_credentials *creds;
grpc_mdstr *host;
grpc_mdstr *method;
/* pollset bound to this call; if we need to make external
@ -146,39 +146,35 @@ static void send_security_metadata(grpc_exec_ctx *exec_ctx,
channel_data *chand = elem->channel_data;
grpc_client_security_context *ctx =
(grpc_client_security_context *)op->context[GRPC_CONTEXT_SECURITY].value;
grpc_credentials *channel_creds =
grpc_call_credentials *channel_call_creds =
chand->security_connector->request_metadata_creds;
int channel_creds_has_md =
(channel_creds != NULL) &&
grpc_credentials_has_request_metadata(channel_creds);
int call_creds_has_md = (ctx != NULL) && (ctx->creds != NULL) &&
grpc_credentials_has_request_metadata(ctx->creds);
int call_creds_has_md = (ctx != NULL) && (ctx->creds != NULL);
if (!channel_creds_has_md && !call_creds_has_md) {
if (channel_call_creds == NULL && !call_creds_has_md) {
/* Skip sending metadata altogether. */
grpc_call_next_op(exec_ctx, elem, op);
return;
}
if (channel_creds_has_md && call_creds_has_md) {
calld->creds =
grpc_composite_credentials_create(channel_creds, ctx->creds, NULL);
if (channel_call_creds != NULL && call_creds_has_md) {
calld->creds = grpc_composite_call_credentials_create(channel_call_creds,
ctx->creds, NULL);
if (calld->creds == NULL) {
bubble_up_error(exec_ctx, elem, GRPC_STATUS_INVALID_ARGUMENT,
"Incompatible credentials set on channel and call.");
return;
}
} else {
calld->creds =
grpc_credentials_ref(call_creds_has_md ? ctx->creds : channel_creds);
calld->creds = grpc_call_credentials_ref(
call_creds_has_md ? ctx->creds : channel_call_creds);
}
build_service_url(chand->security_connector->base.url_scheme, calld);
calld->op = *op; /* Copy op (originates from the caller's stack). */
GPR_ASSERT(calld->pollset);
grpc_credentials_get_request_metadata(exec_ctx, calld->creds, calld->pollset,
calld->service_url,
on_credentials_metadata, elem);
grpc_call_credentials_get_request_metadata(exec_ctx, calld->creds,
calld->pollset, calld->service_url,
on_credentials_metadata, elem);
}
static void on_host_checked(grpc_exec_ctx *exec_ctx, void *user_data,
@ -294,7 +290,7 @@ static void init_call_elem(grpc_exec_ctx *exec_ctx, grpc_call_element *elem,
static void destroy_call_elem(grpc_exec_ctx *exec_ctx,
grpc_call_element *elem) {
call_data *calld = elem->call_data;
grpc_credentials_unref(calld->creds);
grpc_call_credentials_unref(calld->creds);
if (calld->host != NULL) {
GRPC_MDSTR_UNREF(calld->host);
}

441
src/core/security/credentials.c
Unescape View File

@ -54,18 +54,18 @@
/* -- Common. -- */
struct grpc_credentials_metadata_request {
grpc_credentials *creds;
grpc_call_credentials *creds;
grpc_credentials_metadata_cb cb;
void *user_data;
};
static grpc_credentials_metadata_request *
grpc_credentials_metadata_request_create(grpc_credentials *creds,
grpc_credentials_metadata_request_create(grpc_call_credentials *creds,
grpc_credentials_metadata_cb cb,
void *user_data) {
grpc_credentials_metadata_request *r =
gpr_malloc(sizeof(grpc_credentials_metadata_request));
r->creds = grpc_credentials_ref(creds);
r->creds = grpc_call_credentials_ref(creds);
r->cb = cb;
r->user_data = user_data;
return r;
@ -73,17 +73,18 @@ grpc_credentials_metadata_request_create(grpc_credentials *creds,
static void grpc_credentials_metadata_request_destroy(
grpc_credentials_metadata_request *r) {
grpc_credentials_unref(r->creds);
grpc_call_credentials_unref(r->creds);
gpr_free(r);
}
grpc_credentials *grpc_credentials_ref(grpc_credentials *creds) {
grpc_channel_credentials *grpc_channel_credentials_ref(
grpc_channel_credentials *creds) {
if (creds == NULL) return NULL;
gpr_ref(&creds->refcount);
return creds;
}
void grpc_credentials_unref(grpc_credentials *creds) {
void grpc_channel_credentials_unref(grpc_channel_credentials *creds) {
if (creds == NULL) return;
if (gpr_unref(&creds->refcount)) {
creds->vtable->destruct(creds);
@ -91,26 +92,34 @@ void grpc_credentials_unref(grpc_credentials *creds) {
}
}
void grpc_credentials_release(grpc_credentials *creds) {
GRPC_API_TRACE("grpc_credentials_release(creds=%p)", 1, (creds));
grpc_credentials_unref(creds);
void grpc_channel_credentials_release(grpc_channel_credentials *creds) {
GRPC_API_TRACE("grpc_channel_credentials_release(creds=%p)", 1, (creds));
grpc_channel_credentials_unref(creds);
}
int grpc_credentials_has_request_metadata(grpc_credentials *creds) {
if (creds == NULL) return 0;
return creds->vtable->has_request_metadata(creds);
grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds) {
if (creds == NULL) return NULL;
gpr_ref(&creds->refcount);
return creds;
}
int grpc_credentials_has_request_metadata_only(grpc_credentials *creds) {
if (creds == NULL) return 0;
return creds->vtable->has_request_metadata_only(creds);
void grpc_call_credentials_unref(grpc_call_credentials *creds) {
if (creds == NULL) return;
if (gpr_unref(&creds->refcount)) {
creds->vtable->destruct(creds);
gpr_free(creds);
}
}
void grpc_call_credentials_release(grpc_call_credentials *creds) {
GRPC_API_TRACE("grpc_call_credentials_release(creds=%p)", 1, (creds));
grpc_call_credentials_unref(creds);
}
void grpc_credentials_get_request_metadata(
grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset,
grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset,
const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) {
if (creds == NULL || !grpc_credentials_has_request_metadata(creds) ||
creds->vtable->get_request_metadata == NULL) {
if (creds == NULL || creds->vtable->get_request_metadata == NULL) {
if (cb != NULL) {
cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK);
}
@ -120,19 +129,19 @@ void grpc_credentials_get_request_metadata(
user_data);
}
grpc_security_status grpc_credentials_create_security_connector(
grpc_credentials *creds, const char *target, const grpc_channel_args *args,
grpc_credentials *request_metadata_creds,
grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
grpc_security_status grpc_channel_credentials_create_security_connector(
grpc_channel_credentials *channel_creds, const char *target,
const grpc_channel_args *args, grpc_channel_security_connector **sc,
grpc_channel_args **new_args) {
*new_args = NULL;
if (creds == NULL || creds->vtable->create_security_connector == NULL ||
grpc_credentials_has_request_metadata_only(creds)) {
if (channel_creds == NULL ||
channel_creds->vtable->create_security_connector == NULL) {
gpr_log(GPR_ERROR,
"Invalid credentials for creating a security connector.");
return GRPC_SECURITY_ERROR;
}
return creds->vtable->create_security_connector(
creds, target, args, request_metadata_creds, sc, new_args);
return channel_creds->vtable->create_security_connector(channel_creds, target,
args, sc, new_args);
}
grpc_server_credentials *grpc_server_credentials_ref(
@ -225,7 +234,7 @@ grpc_server_credentials *grpc_find_server_credentials_in_args(
/* -- Ssl credentials. -- */
static void ssl_destruct(grpc_credentials *creds) {
static void ssl_destruct(grpc_channel_credentials *creds) {
grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds;
if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs);
if (c->config.pem_private_key != NULL) gpr_free(c->config.pem_private_key);
@ -254,15 +263,9 @@ static void ssl_server_destruct(grpc_server_credentials *creds) {
if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs);
}
static int ssl_has_request_metadata(const grpc_credentials *creds) { return 0; }
static int ssl_has_request_metadata_only(const grpc_credentials *creds) {
return 0;
}
static grpc_security_status ssl_create_security_connector(
grpc_credentials *creds, const char *target, const grpc_channel_args *args,
grpc_credentials *request_metadata_creds,
grpc_channel_credentials *creds, const char *target,
const grpc_channel_args *args,
grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds;
grpc_security_status status = GRPC_SECURITY_OK;
@ -279,7 +282,7 @@ static grpc_security_status ssl_create_security_connector(
}
}
status = grpc_ssl_channel_security_connector_create(
request_metadata_creds, &c->config, target, overridden_target_name, sc);
creds->call_creds, &c->config, target, overridden_target_name, sc);
if (status != GRPC_SECURITY_OK) {
return status;
}
@ -296,9 +299,8 @@ static grpc_security_status ssl_server_create_security_connector(
return grpc_ssl_server_security_connector_create(&c->config, sc);
}
static grpc_credentials_vtable ssl_vtable = {
ssl_destruct, ssl_has_request_metadata, ssl_has_request_metadata_only, NULL,
ssl_create_security_connector};
static grpc_channel_credentials_vtable ssl_vtable = {
ssl_destruct, ssl_create_security_connector};
static grpc_server_credentials_vtable ssl_server_vtable = {
ssl_server_destruct, ssl_server_create_security_connector};
@ -363,7 +365,7 @@ static void ssl_build_server_config(
}
}
grpc_credentials *grpc_ssl_credentials_create(
grpc_channel_credentials *grpc_ssl_credentials_create(
const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair,
void *reserved) {
grpc_ssl_credentials *c = gpr_malloc(sizeof(grpc_ssl_credentials));
@ -374,7 +376,7 @@ grpc_credentials *grpc_ssl_credentials_create(
3, (pem_root_certs, pem_key_cert_pair, reserved));
GPR_ASSERT(reserved == NULL);
memset(c, 0, sizeof(grpc_ssl_credentials));
c->base.type = GRPC_CREDENTIALS_TYPE_SSL;
c->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_SSL;
c->base.vtable = &ssl_vtable;
gpr_ref_init(&c->base.refcount, 1);
ssl_build_config(pem_root_certs, pem_key_cert_pair, &c->config);
@ -394,7 +396,7 @@ grpc_server_credentials *grpc_ssl_server_credentials_create(
force_client_auth, reserved));
GPR_ASSERT(reserved == NULL);
memset(c, 0, sizeof(grpc_ssl_server_credentials));
c->base.type = GRPC_CREDENTIALS_TYPE_SSL;
c->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_SSL;
gpr_ref_init(&c->base.refcount, 1);
c->base.vtable = &ssl_server_vtable;
ssl_build_server_config(pem_root_certs, pem_key_cert_pairs,
@ -416,7 +418,7 @@ static void jwt_reset_cache(grpc_service_account_jwt_access_credentials *c) {
c->cached.jwt_expiration = gpr_inf_past(GPR_CLOCK_REALTIME);
}
static void jwt_destruct(grpc_credentials *creds) {
static void jwt_destruct(grpc_call_credentials *creds) {
grpc_service_account_jwt_access_credentials *c =
(grpc_service_account_jwt_access_credentials *)creds;
grpc_auth_json_key_destruct(&c->key);
@ -424,14 +426,8 @@ static void jwt_destruct(grpc_credentials *creds) {
gpr_mu_destroy(&c->cache_mu);
}
static int jwt_has_request_metadata(const grpc_credentials *creds) { return 1; }
static int jwt_has_request_metadata_only(const grpc_credentials *creds) {
return 1;
}
static void jwt_get_request_metadata(
grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset,
grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset,
const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) {
grpc_service_account_jwt_access_credentials *c =
(grpc_service_account_jwt_access_credentials *)creds;
@ -484,11 +480,10 @@ static void jwt_get_request_metadata(
}
}
static grpc_credentials_vtable jwt_vtable = {
jwt_destruct, jwt_has_request_metadata, jwt_has_request_metadata_only,
jwt_get_request_metadata, NULL};
static grpc_call_credentials_vtable jwt_vtable = {jwt_destruct,
jwt_get_request_metadata};
grpc_credentials *
grpc_call_credentials *
grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
grpc_auth_json_key key, gpr_timespec token_lifetime) {
grpc_service_account_jwt_access_credentials *c;
@ -498,7 +493,7 @@ grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
}
c = gpr_malloc(sizeof(grpc_service_account_jwt_access_credentials));
memset(c, 0, sizeof(grpc_service_account_jwt_access_credentials));
c->base.type = GRPC_CREDENTIALS_TYPE_JWT;
c->base.type = GRPC_CALL_CREDENTIALS_TYPE_JWT;
gpr_ref_init(&c->base.refcount, 1);
c->base.vtable = &jwt_vtable;
c->key = key;
@ -508,7 +503,7 @@ grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
return &c->base;
}
grpc_credentials *grpc_service_account_jwt_access_credentials_create(
grpc_call_credentials *grpc_service_account_jwt_access_credentials_create(
const char *json_key, gpr_timespec token_lifetime, void *reserved) {
GRPC_API_TRACE(
"grpc_service_account_jwt_access_credentials_create("
@ -525,7 +520,7 @@ grpc_credentials *grpc_service_account_jwt_access_credentials_create(
/* -- Oauth2TokenFetcher credentials -- */
static void oauth2_token_fetcher_destruct(grpc_credentials *creds) {
static void oauth2_token_fetcher_destruct(grpc_call_credentials *creds) {
grpc_oauth2_token_fetcher_credentials *c =
(grpc_oauth2_token_fetcher_credentials *)creds;
grpc_credentials_md_store_unref(c->access_token_md);
@ -533,16 +528,6 @@ static void oauth2_token_fetcher_destruct(grpc_credentials *creds) {
grpc_httpcli_context_destroy(&c->httpcli_context);
}
static int oauth2_token_fetcher_has_request_metadata(
const grpc_credentials *creds) {
return 1;
}
static int oauth2_token_fetcher_has_request_metadata_only(
const grpc_credentials *creds) {
return 1;
}
grpc_credentials_status
grpc_oauth2_token_fetcher_credentials_parse_server_response(
const grpc_httpcli_response *response, grpc_credentials_md_store **token_md,
@ -660,8 +645,9 @@ static void on_oauth2_token_fetcher_http_response(
}
static void oauth2_token_fetcher_get_request_metadata(
grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset,
const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) {
grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
grpc_pollset *pollset, const char *service_url,
grpc_credentials_metadata_cb cb, void *user_data) {
grpc_oauth2_token_fetcher_credentials *c =
(grpc_oauth2_token_fetcher_credentials *)creds;
gpr_timespec refresh_threshold = gpr_time_from_seconds(
@ -694,7 +680,7 @@ static void oauth2_token_fetcher_get_request_metadata(
static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials *c,
grpc_fetch_oauth2_func fetch_func) {
memset(c, 0, sizeof(grpc_oauth2_token_fetcher_credentials));
c->base.type = GRPC_CREDENTIALS_TYPE_OAUTH2;
c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
gpr_ref_init(&c->base.refcount, 1);
gpr_mu_init(&c->mu);
c->token_expiration = gpr_inf_past(GPR_CLOCK_REALTIME);
@ -704,10 +690,8 @@ static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials *c,
/* -- GoogleComputeEngine credentials. -- */
static grpc_credentials_vtable compute_engine_vtable = {
oauth2_token_fetcher_destruct, oauth2_token_fetcher_has_request_metadata,
oauth2_token_fetcher_has_request_metadata_only,
oauth2_token_fetcher_get_request_metadata, NULL};
static grpc_call_credentials_vtable compute_engine_vtable = {
oauth2_token_fetcher_destruct, oauth2_token_fetcher_get_request_metadata};
static void compute_engine_fetch_oauth2(
grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *metadata_req,
@ -724,7 +708,7 @@ static void compute_engine_fetch_oauth2(
response_cb, metadata_req);
}
grpc_credentials *grpc_google_compute_engine_credentials_create(
grpc_call_credentials *grpc_google_compute_engine_credentials_create(
void *reserved) {
grpc_oauth2_token_fetcher_credentials *c =
gpr_malloc(sizeof(grpc_oauth2_token_fetcher_credentials));
@ -738,17 +722,15 @@ grpc_credentials *grpc_google_compute_engine_credentials_create(
/* -- GoogleRefreshToken credentials. -- */
static void refresh_token_destruct(grpc_credentials *creds) {
static void refresh_token_destruct(grpc_call_credentials *creds) {
grpc_google_refresh_token_credentials *c =
(grpc_google_refresh_token_credentials *)creds;
grpc_auth_refresh_token_destruct(&c->refresh_token);
oauth2_token_fetcher_destruct(&c->base.base);
}
static grpc_credentials_vtable refresh_token_vtable = {
refresh_token_destruct, oauth2_token_fetcher_has_request_metadata,
oauth2_token_fetcher_has_request_metadata_only,
oauth2_token_fetcher_get_request_metadata, NULL};
static grpc_call_credentials_vtable refresh_token_vtable = {
refresh_token_destruct, oauth2_token_fetcher_get_request_metadata};
static void refresh_token_fetch_oauth2(
grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *metadata_req,
@ -774,7 +756,8 @@ static void refresh_token_fetch_oauth2(
gpr_free(body);
}
grpc_credentials *grpc_refresh_token_credentials_create_from_auth_refresh_token(
grpc_call_credentials *
grpc_refresh_token_credentials_create_from_auth_refresh_token(
grpc_auth_refresh_token refresh_token) {
grpc_google_refresh_token_credentials *c;
if (!grpc_auth_refresh_token_is_valid(&refresh_token)) {
@ -789,7 +772,7 @@ grpc_credentials *grpc_refresh_token_credentials_create_from_auth_refresh_token(
return &c->base.base;
}
grpc_credentials *grpc_google_refresh_token_credentials_create(
grpc_call_credentials *grpc_google_refresh_token_credentials_create(
const char *json_refresh_token, void *reserved) {
GRPC_API_TRACE(
"grpc_refresh_token_credentials_create(json_refresh_token=%s, "
@ -802,20 +785,11 @@ grpc_credentials *grpc_google_refresh_token_credentials_create(
/* -- Metadata-only credentials. -- */
static void md_only_test_destruct(grpc_credentials *creds) {
static void md_only_test_destruct(grpc_call_credentials *creds) {
grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds;
grpc_credentials_md_store_unref(c->md_store);
}
static int md_only_test_has_request_metadata(const grpc_credentials *creds) {
return 1;
}
static int md_only_test_has_request_metadata_only(
const grpc_credentials *creds) {
return 1;
}
static void on_simulated_token_fetch_done(void *user_data) {
grpc_credentials_metadata_request *r =
(grpc_credentials_metadata_request *)user_data;
@ -828,7 +802,7 @@ static void on_simulated_token_fetch_done(void *user_data) {
}
static void md_only_test_get_request_metadata(
grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset,
grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset,
const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) {
grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds;
@ -842,18 +816,15 @@ static void md_only_test_get_request_metadata(
}
}
static grpc_credentials_vtable md_only_test_vtable = {
md_only_test_destruct, md_only_test_has_request_metadata,
md_only_test_has_request_metadata_only, md_only_test_get_request_metadata,
NULL};
static grpc_call_credentials_vtable md_only_test_vtable = {
md_only_test_destruct, md_only_test_get_request_metadata};
grpc_credentials *grpc_md_only_test_credentials_create(const char *md_key,
const char *md_value,
int is_async) {
grpc_call_credentials *grpc_md_only_test_credentials_create(
const char *md_key, const char *md_value, int is_async) {
grpc_md_only_test_credentials *c =
gpr_malloc(sizeof(grpc_md_only_test_credentials));
memset(c, 0, sizeof(grpc_md_only_test_credentials));
c->base.type = GRPC_CREDENTIALS_TYPE_OAUTH2;
c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
c->base.vtable = &md_only_test_vtable;
gpr_ref_init(&c->base.refcount, 1);
c->md_store = grpc_credentials_md_store_create(1);
@ -864,34 +835,23 @@ grpc_credentials *grpc_md_only_test_credentials_create(const char *md_key,
/* -- Oauth2 Access Token credentials. -- */
static void access_token_destruct(grpc_credentials *creds) {
static void access_token_destruct(grpc_call_credentials *creds) {
grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds;
grpc_credentials_md_store_unref(c->access_token_md);
}
static int access_token_has_request_metadata(const grpc_credentials *creds) {
return 1;
}
static int access_token_has_request_metadata_only(
const grpc_credentials *creds) {
return 1;
}
static void access_token_get_request_metadata(
grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset,
grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset,
const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) {
grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds;
cb(exec_ctx, user_data, c->access_token_md->entries, 1, GRPC_CREDENTIALS_OK);
}
static grpc_credentials_vtable access_token_vtable = {
access_token_destruct, access_token_has_request_metadata,
access_token_has_request_metadata_only, access_token_get_request_metadata,
NULL};
static grpc_call_credentials_vtable access_token_vtable = {
access_token_destruct, access_token_get_request_metadata};
grpc_credentials *grpc_access_token_credentials_create(const char *access_token,
void *reserved) {
grpc_call_credentials *grpc_access_token_credentials_create(
const char *access_token, void *reserved) {
grpc_access_token_credentials *c =
gpr_malloc(sizeof(grpc_access_token_credentials));
char *token_md_value;
@ -901,7 +861,7 @@ grpc_credentials *grpc_access_token_credentials_create(const char *access_token,
2, (access_token, reserved));
GPR_ASSERT(reserved == NULL);
memset(c, 0, sizeof(grpc_access_token_credentials));
c->base.type = GRPC_CREDENTIALS_TYPE_OAUTH2;
c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
c->base.vtable = &access_token_vtable;
gpr_ref_init(&c->base.refcount, 1);
c->access_token_md = grpc_credentials_md_store_create(1);
@ -915,7 +875,7 @@ grpc_credentials *grpc_access_token_credentials_create(const char *access_token,
/* -- Fake transport security credentials. -- */
static void fake_transport_security_credentials_destruct(
grpc_credentials *creds) {
grpc_channel_credentials *creds) {
/* Nothing to do here. */
}
@ -924,21 +884,11 @@ static void fake_transport_security_server_credentials_destruct(
/* Nothing to do here. */
}
static int fake_transport_security_has_request_metadata(
const grpc_credentials *creds) {
return 0;
}
static int fake_transport_security_has_request_metadata_only(
const grpc_credentials *creds) {
return 0;
}
static grpc_security_status fake_transport_security_create_security_connector(
grpc_credentials *c, const char *target, const grpc_channel_args *args,
grpc_credentials *request_metadata_creds,
grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
*sc = grpc_fake_channel_security_connector_create(request_metadata_creds, 1);
grpc_channel_credentials *c, const char *target,
const grpc_channel_args *args, grpc_channel_security_connector **sc,
grpc_channel_args **new_args) {
*sc = grpc_fake_channel_security_connector_create(c->call_creds, 1);
return GRPC_SECURITY_OK;
}
@ -949,21 +899,21 @@ fake_transport_security_server_create_security_connector(
return GRPC_SECURITY_OK;
}
static grpc_credentials_vtable fake_transport_security_credentials_vtable = {
fake_transport_security_credentials_destruct,
fake_transport_security_has_request_metadata,
fake_transport_security_has_request_metadata_only, NULL,
fake_transport_security_create_security_connector};
static grpc_channel_credentials_vtable
fake_transport_security_credentials_vtable = {
fake_transport_security_credentials_destruct,
fake_transport_security_create_security_connector};
static grpc_server_credentials_vtable
fake_transport_security_server_credentials_vtable = {
fake_transport_security_server_credentials_destruct,
fake_transport_security_server_create_security_connector};
grpc_credentials *grpc_fake_transport_security_credentials_create(void) {
grpc_credentials *c = gpr_malloc(sizeof(grpc_credentials));
memset(c, 0, sizeof(grpc_credentials));
c->type = GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY;
grpc_channel_credentials *grpc_fake_transport_security_credentials_create(
void) {
grpc_channel_credentials *c = gpr_malloc(sizeof(grpc_channel_credentials));
memset(c, 0, sizeof(grpc_channel_credentials));
c->type = GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY;
c->vtable = &fake_transport_security_credentials_vtable;
gpr_ref_init(&c->refcount, 1);
return c;
@ -973,7 +923,7 @@ grpc_server_credentials *grpc_fake_transport_security_server_credentials_create(
void) {
grpc_server_credentials *c = gpr_malloc(sizeof(grpc_server_credentials));
memset(c, 0, sizeof(grpc_server_credentials));
c->type = GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY;
c->type = GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY;
gpr_ref_init(&c->refcount, 1);
c->vtable = &fake_transport_security_server_credentials_vtable;
return c;
@ -991,39 +941,15 @@ typedef struct {
grpc_credentials_metadata_cb cb;
} grpc_composite_credentials_metadata_context;
static void composite_destruct(grpc_credentials *creds) {
static void composite_destruct(grpc_call_credentials *creds) {
grpc_composite_credentials *c = (grpc_composite_credentials *)creds;
size_t i;
for (i = 0; i < c->inner.num_creds; i++) {
grpc_credentials_unref(c->inner.creds_array[i]);
grpc_call_credentials_unref(c->inner.creds_array[i]);
}
gpr_free(c->inner.creds_array);
}
static int composite_has_request_metadata(const grpc_credentials *creds) {
const grpc_composite_credentials *c =
(const grpc_composite_credentials *)creds;
size_t i;
for (i = 0; i < c->inner.num_creds; i++) {
if (grpc_credentials_has_request_metadata(c->inner.creds_array[i])) {
return 1;
}
}
return 0;
}
static int composite_has_request_metadata_only(const grpc_credentials *creds) {
const grpc_composite_credentials *c =
(const grpc_composite_credentials *)creds;
size_t i;
for (i = 0; i < c->inner.num_creds; i++) {
if (!grpc_credentials_has_request_metadata_only(c->inner.creds_array[i])) {
return 0;
}
}
return 1;
}
static void composite_md_context_destroy(
grpc_composite_credentials_metadata_context *ctx) {
grpc_credentials_md_store_unref(ctx->md_elems);
@ -1051,15 +977,13 @@ static void composite_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data,
}
/* See if we need to get some more metadata. */
while (ctx->creds_index < ctx->composite_creds->inner.num_creds) {
grpc_credentials *inner_creds =
if (ctx->creds_index < ctx->composite_creds->inner.num_creds) {
grpc_call_credentials *inner_creds =
ctx->composite_creds->inner.creds_array[ctx->creds_index++];
if (grpc_credentials_has_request_metadata(inner_creds)) {
grpc_credentials_get_request_metadata(exec_ctx, inner_creds, ctx->pollset,
ctx->service_url,
composite_metadata_cb, ctx);
return;
}
grpc_credentials_get_request_metadata(exec_ctx, inner_creds, ctx->pollset,
ctx->service_url,
composite_metadata_cb, ctx);
return;
}
/* We're done!. */
@ -1069,14 +993,11 @@ static void composite_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data,
}
static void composite_get_request_metadata(
grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset,
grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset,
const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) {
grpc_composite_credentials *c = (grpc_composite_credentials *)creds;
grpc_composite_credentials_metadata_context *ctx;
if (!grpc_credentials_has_request_metadata(creds)) {
cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK);
return;
}
ctx = gpr_malloc(sizeof(grpc_composite_credentials_metadata_context));
memset(ctx, 0, sizeof(grpc_composite_credentials_metadata_context));
ctx->service_url = gpr_strdup(service_url);
@ -1085,55 +1006,33 @@ static void composite_get_request_metadata(
ctx->composite_creds = c;
ctx->pollset = pollset;
ctx->md_elems = grpc_credentials_md_store_create(c->inner.num_creds);
while (ctx->creds_index < c->inner.num_creds) {
grpc_credentials *inner_creds = c->inner.creds_array[ctx->creds_index++];
if (grpc_credentials_has_request_metadata(inner_creds)) {
grpc_credentials_get_request_metadata(exec_ctx, inner_creds, pollset,
service_url, composite_metadata_cb,
ctx);
return;
}
}
GPR_ASSERT(0); /* Should have exited before. */
grpc_credentials_get_request_metadata(
exec_ctx, c->inner.creds_array[ctx->creds_index++], pollset, service_url,
composite_metadata_cb, ctx);
}
static grpc_security_status composite_create_security_connector(
grpc_credentials *creds, const char *target, const grpc_channel_args *args,
grpc_credentials *request_metadata_creds,
grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
grpc_composite_credentials *c = (grpc_composite_credentials *)creds;
if (c->connector_creds == NULL) {
gpr_log(GPR_ERROR,
"Cannot create security connector, missing connector credentials.");
return GRPC_SECURITY_ERROR;
}
return grpc_credentials_create_security_connector(c->connector_creds, target,
args, creds, sc, new_args);
}
static grpc_call_credentials_vtable composite_credentials_vtable = {
composite_destruct, composite_get_request_metadata};
static grpc_credentials_vtable composite_credentials_vtable = {
composite_destruct, composite_has_request_metadata,
composite_has_request_metadata_only, composite_get_request_metadata,
composite_create_security_connector};
static grpc_credentials_array get_creds_array(grpc_credentials **creds_addr) {
grpc_credentials_array result;
grpc_credentials *creds = *creds_addr;
static grpc_call_credentials_array get_creds_array(
grpc_call_credentials **creds_addr) {
grpc_call_credentials_array result;
grpc_call_credentials *creds = *creds_addr;
result.creds_array = creds_addr;
result.num_creds = 1;
if (strcmp(creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0) {
if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) {
result = *grpc_composite_credentials_get_credentials(creds);
}
return result;
}
grpc_credentials *grpc_composite_credentials_create(grpc_credentials *creds1,
grpc_credentials *creds2,
void *reserved) {
grpc_call_credentials *grpc_composite_call_credentials_create(
grpc_call_credentials *creds1, grpc_call_credentials *creds2,
void *reserved) {
size_t i;
size_t creds_array_byte_size;
grpc_credentials_array creds1_array;
grpc_credentials_array creds2_array;
grpc_call_credentials_array creds1_array;
grpc_call_credentials_array creds2_array;
grpc_composite_credentials *c;
GRPC_API_TRACE(
"grpc_composite_credentials_create(creds1=%p, creds2=%p, "
@ -1144,64 +1043,44 @@ grpc_credentials *grpc_composite_credentials_create(grpc_credentials *creds1,
GPR_ASSERT(creds2 != NULL);
c = gpr_malloc(sizeof(grpc_composite_credentials));
memset(c, 0, sizeof(grpc_composite_credentials));
c->base.type = GRPC_CREDENTIALS_TYPE_COMPOSITE;
c->base.type = GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE;
c->base.vtable = &composite_credentials_vtable;
gpr_ref_init(&c->base.refcount, 1);
creds1_array = get_creds_array(&creds1);
creds2_array = get_creds_array(&creds2);
c->inner.num_creds = creds1_array.num_creds + creds2_array.num_creds;
creds_array_byte_size = c->inner.num_creds * sizeof(grpc_credentials *);
creds_array_byte_size = c->inner.num_creds * sizeof(grpc_call_credentials *);
c->inner.creds_array = gpr_malloc(creds_array_byte_size);
memset(c->inner.creds_array, 0, creds_array_byte_size);
for (i = 0; i < creds1_array.num_creds; i++) {
grpc_credentials *cur_creds = creds1_array.creds_array[i];
if (!grpc_credentials_has_request_metadata_only(cur_creds)) {
if (c->connector_creds == NULL) {
c->connector_creds = cur_creds;
} else {
gpr_log(GPR_ERROR, "Cannot compose multiple connector credentials.");
goto fail;
}
}
c->inner.creds_array[i] = grpc_credentials_ref(cur_creds);
grpc_call_credentials *cur_creds = creds1_array.creds_array[i];
c->inner.creds_array[i] = grpc_call_credentials_ref(cur_creds);
}
for (i = 0; i < creds2_array.num_creds; i++) {
grpc_credentials *cur_creds = creds2_array.creds_array[i];
if (!grpc_credentials_has_request_metadata_only(cur_creds)) {
if (c->connector_creds == NULL) {
c->connector_creds = cur_creds;
} else {
gpr_log(GPR_ERROR, "Cannot compose multiple connector credentials.");
goto fail;
}
}
grpc_call_credentials *cur_creds = creds2_array.creds_array[i];
c->inner.creds_array[i + creds1_array.num_creds] =
grpc_credentials_ref(cur_creds);
grpc_call_credentials_ref(cur_creds);
}
return &c->base;
fail:
grpc_credentials_unref(&c->base);
return NULL;
}
const grpc_credentials_array *grpc_composite_credentials_get_credentials(
grpc_credentials *creds) {
const grpc_call_credentials_array *grpc_composite_credentials_get_credentials(
grpc_call_credentials *creds) {
const grpc_composite_credentials *c =
(const grpc_composite_credentials *)creds;
GPR_ASSERT(strcmp(creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0);
GPR_ASSERT(strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0);
return &c->inner;
}
grpc_credentials *grpc_credentials_contains_type(
grpc_credentials *creds, const char *type,
grpc_credentials **composite_creds) {
grpc_call_credentials *grpc_credentials_contains_type(
grpc_call_credentials *creds, const char *type,
grpc_call_credentials **composite_creds) {
size_t i;
if (strcmp(creds->type, type) == 0) {
if (composite_creds != NULL) *composite_creds = NULL;
return creds;
} else if (strcmp(creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0) {
const grpc_credentials_array *inner_creds_array =
} else if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) {
const grpc_call_credentials_array *inner_creds_array =
grpc_composite_credentials_get_credentials(creds);
for (i = 0; i < inner_creds_array->num_creds; i++) {
if (strcmp(type, inner_creds_array->creds_array[i]->type) == 0) {
@ -1215,30 +1094,26 @@ grpc_credentials *grpc_credentials_contains_type(
/* -- IAM credentials. -- */
static void iam_destruct(grpc_credentials *creds) {
static void iam_destruct(grpc_call_credentials *creds) {
grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds;
grpc_credentials_md_store_unref(c->iam_md);
}
static int iam_has_request_metadata(const grpc_credentials *creds) { return 1; }
static int iam_has_request_metadata_only(const grpc_credentials *creds) {
return 1;
}
static void iam_get_request_metadata(
grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset,
const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) {
static void iam_get_request_metadata(grpc_exec_ctx *exec_ctx,
grpc_call_credentials *creds,
grpc_pollset *pollset,
const char *service_url,
grpc_credentials_metadata_cb cb,
void *user_data) {
grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds;
cb(exec_ctx, user_data, c->iam_md->entries, c->iam_md->num_entries,
GRPC_CREDENTIALS_OK);
}
static grpc_credentials_vtable iam_vtable = {
iam_destruct, iam_has_request_metadata, iam_has_request_metadata_only,
iam_get_request_metadata, NULL};
static grpc_call_credentials_vtable iam_vtable = {iam_destruct,
iam_get_request_metadata};
grpc_credentials *grpc_google_iam_credentials_create(
grpc_call_credentials *grpc_google_iam_credentials_create(
const char *token, const char *authority_selector, void *reserved) {
grpc_google_iam_credentials *c;
GRPC_API_TRACE(
@ -1250,7 +1125,7 @@ grpc_credentials *grpc_google_iam_credentials_create(
GPR_ASSERT(authority_selector != NULL);
c = gpr_malloc(sizeof(grpc_google_iam_credentials));
memset(c, 0, sizeof(grpc_google_iam_credentials));
c->base.type = GRPC_CREDENTIALS_TYPE_IAM;
c->base.type = GRPC_CALL_CREDENTIALS_TYPE_IAM;
c->base.vtable = &iam_vtable;
gpr_ref_init(&c->base.refcount, 1);
c->iam_md = grpc_credentials_md_store_create(2);
@ -1268,21 +1143,13 @@ typedef struct {
grpc_credentials_metadata_cb cb;
} grpc_metadata_plugin_request;
static void plugin_destruct(grpc_credentials *creds) {
static void plugin_destruct(grpc_call_credentials *creds) {
grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds;
if (c->plugin.state != NULL && c->plugin.destroy != NULL) {
c->plugin.destroy(c->plugin.state);
}
}
static int plugin_has_request_metadata(const grpc_credentials *creds) {
return 1;
}
static int plugin_has_request_metadata_only(const grpc_credentials *creds) {
return 1;
}
static void plugin_md_request_metadata_ready(void *request,
const grpc_metadata *md,
size_t num_md,
@ -1321,9 +1188,12 @@ static void plugin_md_request_metadata_ready(void *request,
grpc_exec_ctx_finish(&exec_ctx);
}
static void plugin_get_request_metadata(
grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset,
const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) {
static void plugin_get_request_metadata(grpc_exec_ctx *exec_ctx,
grpc_call_credentials *creds,
grpc_pollset *pollset,
const char *service_url,
grpc_credentials_metadata_cb cb,
void *user_data) {
grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds;
if (c->plugin.get_metadata != NULL) {
grpc_metadata_plugin_request *request = gpr_malloc(sizeof(*request));
@ -1337,16 +1207,15 @@ static void plugin_get_request_metadata(
}
}
static grpc_credentials_vtable plugin_vtable = {
plugin_destruct, plugin_has_request_metadata,
plugin_has_request_metadata_only, plugin_get_request_metadata, NULL};
static grpc_call_credentials_vtable plugin_vtable = {
plugin_destruct, plugin_get_request_metadata};
grpc_credentials *grpc_metadata_credentials_create_from_plugin(
grpc_call_credentials *grpc_metadata_credentials_create_from_plugin(
grpc_metadata_credentials_plugin plugin, void *reserved) {
grpc_plugin_credentials *c = gpr_malloc(sizeof(*c));
GPR_ASSERT(reserved == NULL);
memset(c, 0, sizeof(*c));
c->base.type = GRPC_CREDENTIALS_TYPE_METADATA_PLUGIN;
c->base.type = GRPC_CALL_CREDENTIALS_TYPE_METADATA_PLUGIN;
c->base.vtable = &plugin_vtable;
gpr_ref_init(&c->base.refcount, 1);
c->plugin = plugin;

16
src/core/security/credentials.h
Unescape View File

@ -98,10 +98,11 @@ char *grpc_get_well_known_google_credentials_file_path(void);
typedef struct {
void (*destruct)(grpc_channel_credentials *c);
grpc_security_status (*create_security_connector)(
grpc_channel_credentials *c, const char *target, const grpc_channel_args *args,
grpc_call_credentials *call_creds,
grpc_channel_security_connector **sc, grpc_channel_args **new_args);
grpc_channel_credentials *c, const char *target,
const grpc_channel_args *args, grpc_channel_security_connector **sc,
grpc_channel_args **new_args);
} grpc_channel_credentials_vtable;
struct grpc_channel_credentials {
@ -121,8 +122,8 @@ void grpc_channel_credentials_unref(grpc_channel_credentials *creds);
new_args after channel creation. */
grpc_security_status grpc_channel_credentials_create_security_connector(
grpc_channel_credentials *creds, const char *target,
const grpc_channel_args *args, grpc_call_credentials *call_creds,
grpc_channel_security_connector **sc, grpc_channel_args **new_args);
const grpc_channel_args *args, grpc_channel_security_connector **sc,
grpc_channel_args **new_args);
/* --- grpc_credentials_md. --- */
@ -160,7 +161,6 @@ typedef void (*grpc_credentials_metadata_cb)(grpc_exec_ctx *exec_ctx,
typedef struct {
void (*destruct)(grpc_call_credentials *c);
int (*has_request_metadata)(const grpc_call_credentials *c);
void (*get_request_metadata)(grpc_exec_ctx *exec_ctx,
grpc_call_credentials *c, grpc_pollset *pollset,
const char *service_url,
@ -174,9 +174,8 @@ struct grpc_call_credentials {
gpr_refcount refcount;
};
grpc_call_credentials *grpc_credentials_ref(grpc_call_credentials *creds);
grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds);
void grpc_call_credentials_unref(grpc_call_credentials *creds);
int grpc_call_credentials_has_request_metadata(grpc_call_credentials *creds);
void grpc_call_credentials_get_request_metadata(grpc_exec_ctx *exec_ctx,
grpc_call_credentials *creds,
grpc_pollset *pollset,
@ -184,7 +183,6 @@ void grpc_call_credentials_get_request_metadata(grpc_exec_ctx *exec_ctx,
grpc_credentials_metadata_cb cb,
void *user_data);
typedef struct {
grpc_call_credentials **creds_array;
size_t num_creds;

53
src/core/security/google_default_credentials.c
Unescape View File

@ -50,7 +50,7 @@
/* -- Default credentials. -- */
static grpc_credentials *default_credentials = NULL;
static grpc_channel_credentials *default_credentials = NULL;
static int compute_engine_detection_done = 0;
static gpr_mu g_mu;
static gpr_once g_once = GPR_ONCE_INIT;
@ -138,11 +138,11 @@ static int is_stack_running_on_compute_engine(void) {
}
/* Takes ownership of creds_path if not NULL. */
static grpc_credentials *create_default_creds_from_path(char *creds_path) {
static grpc_call_credentials *create_default_creds_from_path(char *creds_path) {
grpc_json *json = NULL;
grpc_auth_json_key key;
grpc_auth_refresh_token token;
grpc_credentials *result = NULL;
grpc_call_credentials *result = NULL;
gpr_slice creds_data = gpr_empty_slice();
int file_ok = 0;
if (creds_path == NULL) goto end;
@ -176,9 +176,9 @@ end:
return result;
}
grpc_credentials *grpc_google_default_credentials_create(void) {
grpc_credentials *result = NULL;
int serving_cached_credentials = 0;
grpc_channel_credentials *grpc_google_default_credentials_create(void) {
grpc_channel_credentials *result = NULL;
grpc_call_credentials *call_creds = NULL;
GRPC_API_TRACE("grpc_google_default_credentials_create(void)", 0, ());
@ -187,20 +187,19 @@ grpc_credentials *grpc_google_default_credentials_create(void) {
gpr_mu_lock(&g_mu);
if (default_credentials != NULL) {
result = grpc_credentials_ref(default_credentials);
serving_cached_credentials = 1;
result = grpc_channel_credentials_ref(default_credentials);
goto end;
}
/* First, try the environment variable. */
result = create_default_creds_from_path(
call_creds = create_default_creds_from_path(
gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR));
if (result != NULL) goto end;
if (call_creds != NULL) goto end;
/* Then the well-known file. */
result = create_default_creds_from_path(
call_creds = create_default_creds_from_path(
grpc_get_well_known_google_credentials_file_path());
if (result != NULL) goto end;
if (call_creds != NULL) goto end;
/* At last try to see if we're on compute engine (do the detection only once
since it requires a network test). */
@ -208,21 +207,27 @@ grpc_credentials *grpc_google_default_credentials_create(void) {
int need_compute_engine_creds = is_stack_running_on_compute_engine();
compute_engine_detection_done = 1;
if (need_compute_engine_creds) {
result = grpc_google_compute_engine_credentials_create(NULL);
call_creds = grpc_google_compute_engine_credentials_create(NULL);
}
}
end:
if (!serving_cached_credentials && result != NULL) {
/* Blend with default ssl credentials and add a global reference so that it
can be cached and re-served. */
grpc_credentials *ssl_creds = grpc_ssl_credentials_create(NULL, NULL, NULL);
default_credentials = grpc_credentials_ref(
grpc_composite_credentials_create(ssl_creds, result, NULL));
GPR_ASSERT(default_credentials != NULL);
grpc_credentials_unref(ssl_creds);
grpc_credentials_unref(result);
result = default_credentials;
if (result == NULL) {
if (call_creds != NULL) {
/* Blend with default ssl credentials and add a global reference so that it
can be cached and re-served. */
grpc_channel_credentials *ssl_creds =
grpc_ssl_credentials_create(NULL, NULL, NULL);
default_credentials = grpc_channel_credentials_ref(
grpc_composite_channel_credentials_create(ssl_creds, call_creds,
NULL));
GPR_ASSERT(default_credentials != NULL);
grpc_channel_credentials_unref(ssl_creds);
grpc_call_credentials_unref(call_creds);
result = default_credentials;
} else {
gpr_log(GPR_ERROR, "Could not create google default credentials.");
}
}
gpr_mu_unlock(&g_mu);
return result;
@ -232,7 +237,7 @@ void grpc_flush_cached_google_default_credentials(void) {
gpr_once_init(&g_once, init_default_credentials);
gpr_mu_lock(&g_mu);
if (default_credentials != NULL) {
grpc_credentials_unref(default_credentials);
grpc_channel_credentials_unref(default_credentials);
default_credentials = NULL;
}
gpr_mu_unlock(&g_mu);

29
src/core/security/security_connector.c
Unescape View File

@ -203,16 +203,6 @@ grpc_security_connector *grpc_find_security_connector_in_args(
return NULL;
}
static int check_request_metadata_creds(grpc_credentials *creds) {
if (creds != NULL && !grpc_credentials_has_request_metadata(creds)) {
gpr_log(GPR_ERROR,
"Incompatible credentials for channel security connector: needs to "
"set request metadata.");
return 0;
}
return 1;
}
/* -- Fake implementation. -- */
typedef struct {
@ -222,7 +212,7 @@ typedef struct {
static void fake_channel_destroy(grpc_security_connector *sc) {
grpc_channel_security_connector *c = (grpc_channel_security_connector *)sc;
grpc_credentials_unref(c->request_metadata_creds);
grpc_call_credentials_unref(c->request_metadata_creds);
GRPC_AUTH_CONTEXT_UNREF(sc->auth_context, "connector");
gpr_free(sc);
}
@ -306,7 +296,8 @@ static grpc_security_connector_vtable fake_server_vtable = {
fake_server_destroy, fake_server_do_handshake, fake_check_peer};
grpc_channel_security_connector *grpc_fake_channel_security_connector_create(
grpc_credentials *request_metadata_creds, int call_host_check_is_async) {
grpc_call_credentials *request_metadata_creds,
int call_host_check_is_async) {
grpc_fake_channel_security_connector *c =
gpr_malloc(sizeof(grpc_fake_channel_security_connector));
memset(c, 0, sizeof(grpc_fake_channel_security_connector));
@ -314,8 +305,8 @@ grpc_channel_security_connector *grpc_fake_channel_security_connector_create(
c->base.base.is_client_side = 1;
c->base.base.url_scheme = GRPC_FAKE_SECURITY_URL_SCHEME;
c->base.base.vtable = &fake_channel_vtable;
GPR_ASSERT(check_request_metadata_creds(request_metadata_creds));
c->base.request_metadata_creds = grpc_credentials_ref(request_metadata_creds);
c->base.request_metadata_creds =
grpc_call_credentials_ref(request_metadata_creds);
c->base.check_call_host = fake_channel_check_call_host;
c->call_host_check_is_async = call_host_check_is_async;
return &c->base;
@ -349,7 +340,7 @@ typedef struct {
static void ssl_channel_destroy(grpc_security_connector *sc) {
grpc_ssl_channel_security_connector *c =
(grpc_ssl_channel_security_connector *)sc;
grpc_credentials_unref(c->base.request_metadata_creds);
grpc_call_credentials_unref(c->base.request_metadata_creds);
if (c->handshaker_factory != NULL) {
tsi_ssl_handshaker_factory_destroy(c->handshaker_factory);
}
@ -580,7 +571,7 @@ size_t grpc_get_default_ssl_roots(const unsigned char **pem_root_certs) {
}
grpc_security_status grpc_ssl_channel_security_connector_create(
grpc_credentials *request_metadata_creds, const grpc_ssl_config *config,
grpc_call_credentials *request_metadata_creds, const grpc_ssl_config *config,
const char *target_name, const char *overridden_target_name,
grpc_channel_security_connector **sc) {
size_t num_alpn_protocols = grpc_chttp2_num_alpn_versions();
@ -606,9 +597,6 @@ grpc_security_status grpc_ssl_channel_security_connector_create(
gpr_log(GPR_ERROR, "An ssl channel needs a config and a target name.");
goto error;
}
if (!check_request_metadata_creds(request_metadata_creds)) {
goto error;
}
if (config->pem_root_certs == NULL) {
pem_root_certs_size = grpc_get_default_ssl_roots(&pem_root_certs);
if (pem_root_certs == NULL || pem_root_certs_size == 0) {
@ -627,7 +615,8 @@ grpc_security_status grpc_ssl_channel_security_connector_create(
c->base.base.vtable = &ssl_channel_vtable;
c->base.base.is_client_side = 1;
c->base.base.url_scheme = GRPC_SSL_URL_SCHEME;
c->base.request_metadata_creds = grpc_credentials_ref(request_metadata_creds);
c->base.request_metadata_creds =
grpc_call_credentials_ref(request_metadata_creds);
c->base.check_call_host = ssl_channel_check_call_host;
gpr_split_host_port(target_name, &c->target_name, &port);
gpr_free(port);

11
src/core/security/security_connector.h
Unescape View File

@ -145,7 +145,7 @@ typedef struct grpc_channel_security_connector grpc_channel_security_connector;
struct grpc_channel_security_connector {
grpc_security_connector base; /* requires is_client_side to be non 0. */
grpc_credentials *request_metadata_creds;
grpc_call_credentials *request_metadata_creds;
grpc_security_status (*check_call_host)(grpc_exec_ctx *exec_ctx,
grpc_channel_security_connector *sc,
const char *host,
@ -167,7 +167,8 @@ grpc_security_status grpc_channel_security_connector_check_call_host(
/* For TESTING ONLY!
Creates a fake connector that emulates real channel security. */
grpc_channel_security_connector *grpc_fake_channel_security_connector_create(
grpc_credentials *request_metadata_creds, int call_host_check_is_async);
grpc_call_credentials *request_metadata_creds,
int call_host_check_is_async);
/* For TESTING ONLY!
Creates a fake connector that emulates real server security. */
@ -197,9 +198,9 @@ typedef struct {
specific error code otherwise.
*/
grpc_security_status grpc_ssl_channel_security_connector_create(
grpc_credentials *request_metadata_creds, const grpc_ssl_config *config,
const char *target_name, const char *overridden_target_name,
grpc_channel_security_connector **sc);
grpc_call_credentials *request_metadata_creds,
const grpc_ssl_config *config, const char *target_name,
const char *overridden_target_name, grpc_channel_security_connector **sc);
/* Gets the default ssl roots. */
size_t grpc_get_default_ssl_roots(const unsigned char **pem_root_certs);

14
src/core/security/security_context.c
Unescape View File

@ -46,7 +46,7 @@
/* --- grpc_call --- */
grpc_call_error grpc_call_set_credentials(grpc_call *call,
grpc_credentials *creds) {
grpc_call_credentials *creds) {
grpc_client_security_context *ctx = NULL;
GRPC_API_TRACE("grpc_call_set_credentials(call=%p, creds=%p)", 2,
(call, creds));
@ -54,20 +54,16 @@ grpc_call_error grpc_call_set_credentials(grpc_call *call,
gpr_log(GPR_ERROR, "Method is client-side only.");
return GRPC_CALL_ERROR_NOT_ON_SERVER;
}
if (creds != NULL && !grpc_credentials_has_request_metadata_only(creds)) {
gpr_log(GPR_ERROR, "Incompatible credentials to set on a call.");
return GRPC_CALL_ERROR;
}
ctx = (grpc_client_security_context *)grpc_call_context_get(
call, GRPC_CONTEXT_SECURITY);
if (ctx == NULL) {
ctx = grpc_client_security_context_create();
ctx->creds = grpc_credentials_ref(creds);
ctx->creds = grpc_call_credentials_ref(creds);
grpc_call_context_set(call, GRPC_CONTEXT_SECURITY, ctx,
grpc_client_security_context_destroy);
} else {
grpc_credentials_unref(ctx->creds);
ctx->creds = grpc_credentials_ref(creds);
grpc_call_credentials_unref(ctx->creds);
ctx->creds = grpc_call_credentials_ref(creds);
}
return GRPC_CALL_OK;
}
@ -101,7 +97,7 @@ grpc_client_security_context *grpc_client_security_context_create(void) {
void grpc_client_security_context_destroy(void *ctx) {
grpc_client_security_context *c = (grpc_client_security_context *)ctx;
grpc_credentials_unref(c->creds);
grpc_call_credentials_unref(c->creds);
GRPC_AUTH_CONTEXT_UNREF(c->auth_context, "client_security_context");
gpr_free(ctx);
}

2
src/core/security/security_context.h
Unescape View File

@ -85,7 +85,7 @@ void grpc_auth_property_reset(grpc_auth_property *property);
Internal client-side security context. */
typedef struct {
grpc_credentials *creds;
grpc_call_credentials *creds;
grpc_auth_context *auth_context;
} grpc_client_security_context;

8
src/core/surface/secure_channel_create.c
Unescape View File

@ -230,7 +230,7 @@ static const grpc_subchannel_factory_vtable subchannel_factory_vtable = {
Asynchronously: - resolve target
- connect to it (trying alternatives as presented)
- perform handshakes */
grpc_channel *grpc_secure_channel_create(grpc_credentials *creds,
grpc_channel *grpc_secure_channel_create(grpc_channel_credentials *creds,
const char *target,
const grpc_channel_args *args,
void *reserved) {
@ -261,9 +261,9 @@ grpc_channel *grpc_secure_channel_create(grpc_credentials *creds,
"Security connector exists in channel args.");
}
if (grpc_credentials_create_security_connector(
creds, target, args, NULL, &security_connector,
&new_args_from_connector) != GRPC_SECURITY_OK) {
if (grpc_channel_credentials_create_security_connector(
creds, target, args, &security_connector, &new_args_from_connector) !=
GRPC_SECURITY_OK) {
grpc_exec_ctx_finish(&exec_ctx);
return grpc_lame_client_channel_create(
target, GRPC_STATUS_INVALID_ARGUMENT,

Write Preview
Loading…
Cancel
Save