Convert more users of grpc_slice_unref --> grpc_slice_unref_internal

reviewable/pr8705/r1
Craig Tiller 8 years ago
parent 7e733d49b7
commit bd1795ca8a
  1. 9
      src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c
  2. 10
      src/core/ext/transport/chttp2/transport/chttp2_transport.c
  3. 6
      src/core/ext/transport/chttp2/transport/hpack_parser.c
  4. 6
      src/core/ext/transport/chttp2/transport/hpack_parser.h
  5. 4
      src/core/ext/transport/chttp2/transport/incoming_metadata.c
  6. 2
      src/core/ext/transport/chttp2/transport/incoming_metadata.h
  7. 10
      src/core/ext/transport/chttp2/transport/parsing.c
  8. 8
      src/core/ext/transport/chttp2/transport/writing.c
  9. 14
      src/core/lib/http/httpcli_security_connector.c
  10. 10
      src/core/lib/security/context/security_context.c
  11. 31
      src/core/lib/security/credentials/composite/composite_credentials.c
  12. 55
      src/core/lib/security/credentials/credentials.c
  13. 39
      src/core/lib/security/credentials/credentials.h
  14. 5
      src/core/lib/security/credentials/credentials_metadata.c
  15. 17
      src/core/lib/security/credentials/fake/fake_credentials.c
  16. 37
      src/core/lib/security/credentials/google_default/google_default_credentials.c
  17. 5
      src/core/lib/security/credentials/iam/iam_credentials.c
  18. 28
      src/core/lib/security/credentials/jwt/jwt_credentials.c
  19. 3
      src/core/lib/security/credentials/jwt/jwt_credentials.h
  20. 72
      src/core/lib/security/credentials/jwt/jwt_verifier.c
  21. 5
      src/core/lib/security/credentials/jwt/jwt_verifier.h
  22. 29
      src/core/lib/security/credentials/oauth2/oauth2_credentials.c
  23. 2
      src/core/lib/security/credentials/oauth2/oauth2_credentials.h
  24. 12
      src/core/lib/security/credentials/plugin/plugin_credentials.c
  25. 20
      src/core/lib/security/credentials/ssl/ssl_credentials.c
  26. 19
      src/core/lib/security/transport/client_auth_filter.c
  27. 13
      src/core/lib/security/transport/handshake.c
  28. 1
      src/core/lib/security/transport/secure_endpoint.c
  29. 37
      src/core/lib/security/transport/security_connector.c
  30. 20
      src/core/lib/security/transport/security_connector.h
  31. 8
      src/core/lib/security/transport/server_auth_filter.c

@ -199,8 +199,8 @@ static void tcp_server_shutdown_complete(grpc_exec_ctx *exec_ctx, void *statep,
/* Flush queued work before a synchronous unref. */ /* Flush queued work before a synchronous unref. */
grpc_exec_ctx_flush(exec_ctx); grpc_exec_ctx_flush(exec_ctx);
GRPC_SECURITY_CONNECTOR_UNREF(&server_state->sc->base, "server"); GRPC_SECURITY_CONNECTOR_UNREF(exec_ctx, &server_state->sc->base, "server");
grpc_server_credentials_unref(server_state->creds); grpc_server_credentials_unref(exec_ctx, server_state->creds);
if (destroy_done != NULL) { if (destroy_done != NULL) {
destroy_done->cb(exec_ctx, destroy_done->cb_arg, GRPC_ERROR_REF(error)); destroy_done->cb(exec_ctx, destroy_done->cb_arg, GRPC_ERROR_REF(error));
@ -249,7 +249,8 @@ int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr,
"No credentials specified for secure server port (creds==NULL)"); "No credentials specified for secure server port (creds==NULL)");
goto error; goto error;
} }
status = grpc_server_credentials_create_security_connector(creds, &sc); status =
grpc_server_credentials_create_security_connector(&exec_ctx, creds, &sc);
if (status != GRPC_SECURITY_OK) { if (status != GRPC_SECURITY_OK) {
char *msg; char *msg;
gpr_asprintf(&msg, gpr_asprintf(&msg,
@ -349,7 +350,7 @@ error:
} else { } else {
if (sc) { if (sc) {
grpc_exec_ctx_flush(&exec_ctx); grpc_exec_ctx_flush(&exec_ctx);
GRPC_SECURITY_CONNECTOR_UNREF(&sc->base, "server"); GRPC_SECURITY_CONNECTOR_UNREF(&exec_ctx, &sc->base, "server");
} }
if (server_state) { if (server_state) {
gpr_free(server_state); gpr_free(server_state);

@ -151,7 +151,7 @@ static void destruct_transport(grpc_exec_ctx *exec_ctx,
grpc_chttp2_hpack_compressor_destroy(exec_ctx, &t->hpack_compressor); grpc_chttp2_hpack_compressor_destroy(exec_ctx, &t->hpack_compressor);
grpc_slice_buffer_destroy_internal(exec_ctx, &t->read_buffer); grpc_slice_buffer_destroy_internal(exec_ctx, &t->read_buffer);
grpc_chttp2_hpack_parser_destroy(&t->hpack_parser); grpc_chttp2_hpack_parser_destroy(exec_ctx, &t->hpack_parser);
grpc_chttp2_goaway_parser_destroy(&t->goaway_parser); grpc_chttp2_goaway_parser_destroy(&t->goaway_parser);
for (i = 0; i < STREAM_LIST_COUNT; i++) { for (i = 0; i < STREAM_LIST_COUNT; i++) {
@ -264,7 +264,7 @@ static void init_transport(grpc_exec_ctx *exec_ctx, grpc_chttp2_transport *t,
destructive_reclaimer_locked, t); destructive_reclaimer_locked, t);
grpc_chttp2_goaway_parser_init(&t->goaway_parser); grpc_chttp2_goaway_parser_init(&t->goaway_parser);
grpc_chttp2_hpack_parser_init(&t->hpack_parser); grpc_chttp2_hpack_parser_init(exec_ctx, &t->hpack_parser);
grpc_slice_buffer_init(&t->read_buffer); grpc_slice_buffer_init(&t->read_buffer);
@ -531,8 +531,10 @@ static void destroy_stream_locked(grpc_exec_ctx *exec_ctx, void *sp,
GPR_ASSERT(s->recv_message_ready == NULL); GPR_ASSERT(s->recv_message_ready == NULL);
GPR_ASSERT(s->recv_trailing_metadata_finished == NULL); GPR_ASSERT(s->recv_trailing_metadata_finished == NULL);
grpc_chttp2_data_parser_destroy(exec_ctx, &s->data_parser); grpc_chttp2_data_parser_destroy(exec_ctx, &s->data_parser);
grpc_chttp2_incoming_metadata_buffer_destroy(&s->metadata_buffer[0]); grpc_chttp2_incoming_metadata_buffer_destroy(exec_ctx,
grpc_chttp2_incoming_metadata_buffer_destroy(&s->metadata_buffer[1]); &s->metadata_buffer[0]);
grpc_chttp2_incoming_metadata_buffer_destroy(exec_ctx,
&s->metadata_buffer[1]);
grpc_slice_buffer_destroy_internal(exec_ctx, &s->flow_controlled_buffer); grpc_slice_buffer_destroy_internal(exec_ctx, &s->flow_controlled_buffer);
GRPC_ERROR_UNREF(s->read_closed_error); GRPC_ERROR_UNREF(s->read_closed_error);
GRPC_ERROR_UNREF(s->write_closed_error); GRPC_ERROR_UNREF(s->write_closed_error);

@ -1533,7 +1533,8 @@ static grpc_error *parse_value_string_with_literal_key(
/* PUBLIC INTERFACE */ /* PUBLIC INTERFACE */
void grpc_chttp2_hpack_parser_init(grpc_chttp2_hpack_parser *p) { void grpc_chttp2_hpack_parser_init(grpc_exec_ctx *exec_ctx,
grpc_chttp2_hpack_parser *p) {
p->on_header = NULL; p->on_header = NULL;
p->on_header_user_data = NULL; p->on_header_user_data = NULL;
p->state = parse_begin; p->state = parse_begin;
@ -1553,7 +1554,8 @@ void grpc_chttp2_hpack_parser_set_has_priority(grpc_chttp2_hpack_parser *p) {
p->state = parse_stream_dep0; p->state = parse_stream_dep0;
} }
void grpc_chttp2_hpack_parser_destroy(grpc_chttp2_hpack_parser *p) { void grpc_chttp2_hpack_parser_destroy(grpc_exec_ctx *exec_ctx,
grpc_chttp2_hpack_parser *p) {
grpc_chttp2_hptbl_destroy(exec_ctx, &p->table); grpc_chttp2_hptbl_destroy(exec_ctx, &p->table);
GRPC_ERROR_UNREF(p->last_error); GRPC_ERROR_UNREF(p->last_error);
gpr_free(p->key.str); gpr_free(p->key.str);

@ -99,8 +99,10 @@ struct grpc_chttp2_hpack_parser {
grpc_chttp2_hptbl table; grpc_chttp2_hptbl table;
}; };
void grpc_chttp2_hpack_parser_init(grpc_chttp2_hpack_parser *p); void grpc_chttp2_hpack_parser_init(grpc_exec_ctx *exec_ctx,
void grpc_chttp2_hpack_parser_destroy(grpc_chttp2_hpack_parser *p); grpc_chttp2_hpack_parser *p);
void grpc_chttp2_hpack_parser_destroy(grpc_exec_ctx *exec_ctx,
grpc_chttp2_hpack_parser *p);
void grpc_chttp2_hpack_parser_set_has_priority(grpc_chttp2_hpack_parser *p); void grpc_chttp2_hpack_parser_set_has_priority(grpc_chttp2_hpack_parser *p);

@ -46,11 +46,11 @@ void grpc_chttp2_incoming_metadata_buffer_init(
} }
void grpc_chttp2_incoming_metadata_buffer_destroy( void grpc_chttp2_incoming_metadata_buffer_destroy(
grpc_chttp2_incoming_metadata_buffer *buffer) { grpc_exec_ctx *exec_ctx, grpc_chttp2_incoming_metadata_buffer *buffer) {
size_t i; size_t i;
if (!buffer->published) { if (!buffer->published) {
for (i = 0; i < buffer->count; i++) { for (i = 0; i < buffer->count; i++) {
GRPC_MDELEM_UNREF(buffer->elems[i].md); GRPC_MDELEM_UNREF(exec_ctx, buffer->elems[i].md);
} }
} }
gpr_free(buffer->elems); gpr_free(buffer->elems);

@ -49,7 +49,7 @@ typedef struct {
void grpc_chttp2_incoming_metadata_buffer_init( void grpc_chttp2_incoming_metadata_buffer_init(
grpc_chttp2_incoming_metadata_buffer *buffer); grpc_chttp2_incoming_metadata_buffer *buffer);
void grpc_chttp2_incoming_metadata_buffer_destroy( void grpc_chttp2_incoming_metadata_buffer_destroy(
grpc_chttp2_incoming_metadata_buffer *buffer); grpc_exec_ctx *exec_ctx, grpc_chttp2_incoming_metadata_buffer *buffer);
void grpc_chttp2_incoming_metadata_buffer_publish( void grpc_chttp2_incoming_metadata_buffer_publish(
grpc_chttp2_incoming_metadata_buffer *buffer, grpc_metadata_batch *batch); grpc_chttp2_incoming_metadata_buffer *buffer, grpc_metadata_batch *batch);

@ -336,7 +336,7 @@ static grpc_error *skip_parser(grpc_exec_ctx *exec_ctx, void *parser,
} }
static void skip_header(grpc_exec_ctx *exec_ctx, void *tp, grpc_mdelem *md) { static void skip_header(grpc_exec_ctx *exec_ctx, void *tp, grpc_mdelem *md) {
GRPC_MDELEM_UNREF(md); GRPC_MDELEM_UNREF(exec_ctx, md);
} }
static grpc_error *init_skip_frame_parser(grpc_exec_ctx *exec_ctx, static grpc_error *init_skip_frame_parser(grpc_exec_ctx *exec_ctx,
@ -476,7 +476,7 @@ static void on_initial_header(grpc_exec_ctx *exec_ctx, void *tp,
grpc_chttp2_incoming_metadata_buffer_set_deadline( grpc_chttp2_incoming_metadata_buffer_set_deadline(
&s->metadata_buffer[0], &s->metadata_buffer[0],
gpr_time_add(gpr_now(GPR_CLOCK_MONOTONIC), *cached_timeout)); gpr_time_add(gpr_now(GPR_CLOCK_MONOTONIC), *cached_timeout));
GRPC_MDELEM_UNREF(md); GRPC_MDELEM_UNREF(exec_ctx, md);
} else { } else {
const size_t new_size = s->metadata_buffer[0].size + GRPC_MDELEM_LENGTH(md); const size_t new_size = s->metadata_buffer[0].size + GRPC_MDELEM_LENGTH(md);
const size_t metadata_size_limit = const size_t metadata_size_limit =
@ -494,7 +494,7 @@ static void on_initial_header(grpc_exec_ctx *exec_ctx, void *tp,
GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_RESOURCE_EXHAUSTED)); GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_RESOURCE_EXHAUSTED));
grpc_chttp2_parsing_become_skip_parser(exec_ctx, t); grpc_chttp2_parsing_become_skip_parser(exec_ctx, t);
s->seen_error = true; s->seen_error = true;
GRPC_MDELEM_UNREF(md); GRPC_MDELEM_UNREF(exec_ctx, md);
} else { } else {
grpc_chttp2_incoming_metadata_buffer_add(&s->metadata_buffer[0], md); grpc_chttp2_incoming_metadata_buffer_add(&s->metadata_buffer[0], md);
} }
@ -537,7 +537,7 @@ static void on_trailing_header(grpc_exec_ctx *exec_ctx, void *tp,
GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_RESOURCE_EXHAUSTED)); GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_RESOURCE_EXHAUSTED));
grpc_chttp2_parsing_become_skip_parser(exec_ctx, t); grpc_chttp2_parsing_become_skip_parser(exec_ctx, t);
s->seen_error = true; s->seen_error = true;
GRPC_MDELEM_UNREF(md); GRPC_MDELEM_UNREF(exec_ctx, md);
} else { } else {
grpc_chttp2_incoming_metadata_buffer_add(&s->metadata_buffer[1], md); grpc_chttp2_incoming_metadata_buffer_add(&s->metadata_buffer[1], md);
} }
@ -711,7 +711,7 @@ static grpc_error *init_settings_frame_parser(grpc_exec_ctx *exec_ctx,
memcpy(t->settings[GRPC_ACKED_SETTINGS], t->settings[GRPC_SENT_SETTINGS], memcpy(t->settings[GRPC_ACKED_SETTINGS], t->settings[GRPC_SENT_SETTINGS],
GRPC_CHTTP2_NUM_SETTINGS * sizeof(uint32_t)); GRPC_CHTTP2_NUM_SETTINGS * sizeof(uint32_t));
grpc_chttp2_hptbl_set_max_bytes( grpc_chttp2_hptbl_set_max_bytes(
&t->hpack_parser.table, exec_ctx, &t->hpack_parser.table,
t->settings[GRPC_ACKED_SETTINGS] t->settings[GRPC_ACKED_SETTINGS]
[GRPC_CHTTP2_SETTINGS_HEADER_TABLE_SIZE]); [GRPC_CHTTP2_SETTINGS_HEADER_TABLE_SIZE]);
t->sent_local_settings = 0; t->sent_local_settings = 0;

@ -120,7 +120,7 @@ bool grpc_chttp2_begin_write(grpc_exec_ctx *exec_ctx,
/* send initial metadata if it's available */ /* send initial metadata if it's available */
if (!sent_initial_metadata && s->send_initial_metadata) { if (!sent_initial_metadata && s->send_initial_metadata) {
grpc_chttp2_encode_header( grpc_chttp2_encode_header(
&t->hpack_compressor, s->id, s->send_initial_metadata, 0, exec_ctx, &t->hpack_compressor, s->id, s->send_initial_metadata, 0,
t->settings[GRPC_ACKED_SETTINGS][GRPC_CHTTP2_SETTINGS_MAX_FRAME_SIZE], t->settings[GRPC_ACKED_SETTINGS][GRPC_CHTTP2_SETTINGS_MAX_FRAME_SIZE],
&s->stats.outgoing, &t->outbuf); &s->stats.outgoing, &t->outbuf);
s->send_initial_metadata = NULL; s->send_initial_metadata = NULL;
@ -187,9 +187,9 @@ bool grpc_chttp2_begin_write(grpc_exec_ctx *exec_ctx,
&s->stats.outgoing, &t->outbuf); &s->stats.outgoing, &t->outbuf);
} else { } else {
grpc_chttp2_encode_header( grpc_chttp2_encode_header(
&t->hpack_compressor, s->id, s->send_trailing_metadata, true, exec_ctx, &t->hpack_compressor, s->id, s->send_trailing_metadata,
t->settings[GRPC_ACKED_SETTINGS] true, t->settings[GRPC_ACKED_SETTINGS]
[GRPC_CHTTP2_SETTINGS_MAX_FRAME_SIZE], [GRPC_CHTTP2_SETTINGS_MAX_FRAME_SIZE],
&s->stats.outgoing, &t->outbuf); &s->stats.outgoing, &t->outbuf);
} }
s->send_trailing_metadata = NULL; s->send_trailing_metadata = NULL;

@ -48,7 +48,8 @@ typedef struct {
char *secure_peer_name; char *secure_peer_name;
} grpc_httpcli_ssl_channel_security_connector; } grpc_httpcli_ssl_channel_security_connector;
static void httpcli_ssl_destroy(grpc_security_connector *sc) { static void httpcli_ssl_destroy(grpc_exec_ctx *exec_ctx,
grpc_security_connector *sc) {
grpc_httpcli_ssl_channel_security_connector *c = grpc_httpcli_ssl_channel_security_connector *c =
(grpc_httpcli_ssl_channel_security_connector *)sc; (grpc_httpcli_ssl_channel_security_connector *)sc;
if (c->handshaker_factory != NULL) { if (c->handshaker_factory != NULL) {
@ -111,8 +112,9 @@ static grpc_security_connector_vtable httpcli_ssl_vtable = {
httpcli_ssl_destroy, httpcli_ssl_check_peer}; httpcli_ssl_destroy, httpcli_ssl_check_peer};
static grpc_security_status httpcli_ssl_channel_security_connector_create( static grpc_security_status httpcli_ssl_channel_security_connector_create(
const unsigned char *pem_root_certs, size_t pem_root_certs_size, grpc_exec_ctx *exec_ctx, const unsigned char *pem_root_certs,
const char *secure_peer_name, grpc_channel_security_connector **sc) { size_t pem_root_certs_size, const char *secure_peer_name,
grpc_channel_security_connector **sc) {
tsi_result result = TSI_OK; tsi_result result = TSI_OK;
grpc_httpcli_ssl_channel_security_connector *c; grpc_httpcli_ssl_channel_security_connector *c;
@ -136,7 +138,7 @@ static grpc_security_status httpcli_ssl_channel_security_connector_create(
if (result != TSI_OK) { if (result != TSI_OK) {
gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.", gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.",
tsi_result_to_string(result)); tsi_result_to_string(result));
httpcli_ssl_destroy(&c->base.base); httpcli_ssl_destroy(exec_ctx, &c->base.base);
*sc = NULL; *sc = NULL;
return GRPC_SECURITY_ERROR; return GRPC_SECURITY_ERROR;
} }
@ -184,11 +186,11 @@ static void ssl_handshake(grpc_exec_ctx *exec_ctx, void *arg,
c->func = on_done; c->func = on_done;
c->arg = arg; c->arg = arg;
GPR_ASSERT(httpcli_ssl_channel_security_connector_create( GPR_ASSERT(httpcli_ssl_channel_security_connector_create(
pem_root_certs, pem_root_certs_size, host, &sc) == exec_ctx, pem_root_certs, pem_root_certs_size, host, &sc) ==
GRPC_SECURITY_OK); GRPC_SECURITY_OK);
grpc_channel_security_connector_do_handshake( grpc_channel_security_connector_do_handshake(
exec_ctx, sc, tcp, NULL, deadline, on_secure_transport_setup_done, c); exec_ctx, sc, tcp, NULL, deadline, on_secure_transport_setup_done, c);
GRPC_SECURITY_CONNECTOR_UNREF(&sc->base, "httpcli"); GRPC_SECURITY_CONNECTOR_UNREF(exec_ctx, &sc->base, "httpcli");
} }
const grpc_httpcli_handshaker grpc_httpcli_ssl = {"https", ssl_handshake}; const grpc_httpcli_handshaker grpc_httpcli_ssl = {"https", ssl_handshake};

@ -47,6 +47,7 @@
grpc_call_error grpc_call_set_credentials(grpc_call *call, grpc_call_error grpc_call_set_credentials(grpc_call *call,
grpc_call_credentials *creds) { grpc_call_credentials *creds) {
grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
grpc_client_security_context *ctx = NULL; grpc_client_security_context *ctx = NULL;
GRPC_API_TRACE("grpc_call_set_credentials(call=%p, creds=%p)", 2, GRPC_API_TRACE("grpc_call_set_credentials(call=%p, creds=%p)", 2,
(call, creds)); (call, creds));
@ -62,9 +63,10 @@ grpc_call_error grpc_call_set_credentials(grpc_call *call,
grpc_call_context_set(call, GRPC_CONTEXT_SECURITY, ctx, grpc_call_context_set(call, GRPC_CONTEXT_SECURITY, ctx,
grpc_client_security_context_destroy); grpc_client_security_context_destroy);
} else { } else {
grpc_call_credentials_unref(ctx->creds); grpc_call_credentials_unref(&exec_ctx, ctx->creds);
ctx->creds = grpc_call_credentials_ref(creds); ctx->creds = grpc_call_credentials_ref(creds);
} }
grpc_exec_ctx_finish(&exec_ctx);
return GRPC_CALL_OK; return GRPC_CALL_OK;
} }
@ -96,13 +98,15 @@ grpc_client_security_context *grpc_client_security_context_create(void) {
} }
void grpc_client_security_context_destroy(void *ctx) { void grpc_client_security_context_destroy(void *ctx) {
grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
grpc_client_security_context *c = (grpc_client_security_context *)ctx; grpc_client_security_context *c = (grpc_client_security_context *)ctx;
grpc_call_credentials_unref(c->creds); grpc_call_credentials_unref(&exec_ctx, c->creds);
GRPC_AUTH_CONTEXT_UNREF(c->auth_context, "client_security_context"); GRPC_AUTH_CONTEXT_UNREF(c->auth_context, "client_security_context");
if (c->extension.instance != NULL && c->extension.destroy != NULL) { if (c->extension.instance != NULL && c->extension.destroy != NULL) {
c->extension.destroy(c->extension.instance); c->extension.destroy(c->extension.instance);
} }
gpr_free(ctx); gpr_free(ctx);
grpc_exec_ctx_finish(&exec_ctx);
} }
/* --- grpc_server_security_context --- */ /* --- grpc_server_security_context --- */
@ -307,7 +311,7 @@ void grpc_auth_property_reset(grpc_auth_property *property) {
memset(property, 0, sizeof(grpc_auth_property)); memset(property, 0, sizeof(grpc_auth_property));
} }
static void auth_context_pointer_arg_destroy(void *p) { static void auth_context_pointer_arg_destroy(grpc_exec_ctx *exec_ctx, void *p) {
GRPC_AUTH_CONTEXT_UNREF(p, "auth_context_pointer_arg"); GRPC_AUTH_CONTEXT_UNREF(p, "auth_context_pointer_arg");
} }

@ -54,18 +54,20 @@ typedef struct {
grpc_credentials_metadata_cb cb; grpc_credentials_metadata_cb cb;
} grpc_composite_call_credentials_metadata_context; } grpc_composite_call_credentials_metadata_context;
static void composite_call_destruct(grpc_call_credentials *creds) { static void composite_call_destruct(grpc_exec_ctx *exec_ctx,
grpc_call_credentials *creds) {
grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds; grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds;
size_t i; size_t i;
for (i = 0; i < c->inner.num_creds; i++) { for (i = 0; i < c->inner.num_creds; i++) {
grpc_call_credentials_unref(c->inner.creds_array[i]); grpc_call_credentials_unref(exec_ctx, c->inner.creds_array[i]);
} }
gpr_free(c->inner.creds_array); gpr_free(c->inner.creds_array);
} }
static void composite_call_md_context_destroy( static void composite_call_md_context_destroy(
grpc_exec_ctx *exec_ctx,
grpc_composite_call_credentials_metadata_context *ctx) { grpc_composite_call_credentials_metadata_context *ctx) {
grpc_credentials_md_store_unref(ctx->md_elems); grpc_credentials_md_store_unref(exec_ctx, ctx->md_elems);
gpr_free(ctx); gpr_free(ctx);
} }
@ -103,7 +105,7 @@ static void composite_call_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data,
/* We're done!. */ /* We're done!. */
ctx->cb(exec_ctx, ctx->user_data, ctx->md_elems->entries, ctx->cb(exec_ctx, ctx->user_data, ctx->md_elems->entries,
ctx->md_elems->num_entries, GRPC_CREDENTIALS_OK, NULL); ctx->md_elems->num_entries, GRPC_CREDENTIALS_OK, NULL);
composite_call_md_context_destroy(ctx); composite_call_md_context_destroy(exec_ctx, ctx);
} }
static void composite_call_get_request_metadata( static void composite_call_get_request_metadata(
@ -209,17 +211,19 @@ grpc_call_credentials *grpc_credentials_contains_type(
/* -- Composite channel credentials. -- */ /* -- Composite channel credentials. -- */
static void composite_channel_destruct(grpc_channel_credentials *creds) { static void composite_channel_destruct(grpc_exec_ctx *exec_ctx,
grpc_channel_credentials *creds) {
grpc_composite_channel_credentials *c = grpc_composite_channel_credentials *c =
(grpc_composite_channel_credentials *)creds; (grpc_composite_channel_credentials *)creds;
grpc_channel_credentials_unref(c->inner_creds); grpc_channel_credentials_unref(exec_ctx, c->inner_creds);
grpc_call_credentials_unref(c->call_creds); grpc_call_credentials_unref(exec_ctx, c->call_creds);
} }
static grpc_security_status composite_channel_create_security_connector( static grpc_security_status composite_channel_create_security_connector(
grpc_channel_credentials *creds, grpc_call_credentials *call_creds, grpc_exec_ctx *exec_ctx, grpc_channel_credentials *creds,
const char *target, const grpc_channel_args *args, grpc_call_credentials *call_creds, const char *target,
grpc_channel_security_connector **sc, grpc_channel_args **new_args) { const grpc_channel_args *args, grpc_channel_security_connector **sc,
grpc_channel_args **new_args) {
grpc_composite_channel_credentials *c = grpc_composite_channel_credentials *c =
(grpc_composite_channel_credentials *)creds; (grpc_composite_channel_credentials *)creds;
grpc_security_status status = GRPC_SECURITY_ERROR; grpc_security_status status = GRPC_SECURITY_ERROR;
@ -233,11 +237,12 @@ static grpc_security_status composite_channel_create_security_connector(
grpc_call_credentials *composite_call_creds = grpc_call_credentials *composite_call_creds =
grpc_composite_call_credentials_create(c->call_creds, call_creds, NULL); grpc_composite_call_credentials_create(c->call_creds, call_creds, NULL);
status = c->inner_creds->vtable->create_security_connector( status = c->inner_creds->vtable->create_security_connector(
c->inner_creds, composite_call_creds, target, args, sc, new_args); exec_ctx, c->inner_creds, composite_call_creds, target, args, sc,
grpc_call_credentials_unref(composite_call_creds); new_args);
grpc_call_credentials_unref(exec_ctx, composite_call_creds);
} else { } else {
status = c->inner_creds->vtable->create_security_connector( status = c->inner_creds->vtable->create_security_connector(
c->inner_creds, c->call_creds, target, args, sc, new_args); exec_ctx, c->inner_creds, c->call_creds, target, args, sc, new_args);
} }
return status; return status;
} }

@ -66,8 +66,8 @@ grpc_credentials_metadata_request *grpc_credentials_metadata_request_create(
} }
void grpc_credentials_metadata_request_destroy( void grpc_credentials_metadata_request_destroy(
grpc_credentials_metadata_request *r) { grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *r) {
grpc_call_credentials_unref(r->creds); grpc_call_credentials_unref(exec_ctx, r->creds);
grpc_http_response_destroy(&r->response); grpc_http_response_destroy(&r->response);
gpr_free(r); gpr_free(r);
} }
@ -79,17 +79,22 @@ grpc_channel_credentials *grpc_channel_credentials_ref(
return creds; return creds;
} }
void grpc_channel_credentials_unref(grpc_channel_credentials *creds) { void grpc_channel_credentials_unref(grpc_exec_ctx *exec_ctx,
grpc_channel_credentials *creds) {
if (creds == NULL) return; if (creds == NULL) return;
if (gpr_unref(&creds->refcount)) { if (gpr_unref(&creds->refcount)) {
if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds); if (creds->vtable->destruct != NULL) {
creds->vtable->destruct(exec_ctx, creds);
}
gpr_free(creds); gpr_free(creds);
} }
} }
void grpc_channel_credentials_release(grpc_channel_credentials *creds) { void grpc_channel_credentials_release(grpc_channel_credentials *creds) {
GRPC_API_TRACE("grpc_channel_credentials_release(creds=%p)", 1, (creds)); GRPC_API_TRACE("grpc_channel_credentials_release(creds=%p)", 1, (creds));
grpc_channel_credentials_unref(creds); grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
grpc_channel_credentials_unref(&exec_ctx, creds);
grpc_exec_ctx_finish(&exec_ctx);
} }
grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds) { grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds) {
@ -98,17 +103,22 @@ grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds) {
return creds; return creds;
} }
void grpc_call_credentials_unref(grpc_call_credentials *creds) { void grpc_call_credentials_unref(grpc_exec_ctx *exec_ctx,
grpc_call_credentials *creds) {
if (creds == NULL) return; if (creds == NULL) return;
if (gpr_unref(&creds->refcount)) { if (gpr_unref(&creds->refcount)) {
if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds); if (creds->vtable->destruct != NULL) {
creds->vtable->destruct(exec_ctx, creds);
}
gpr_free(creds); gpr_free(creds);
} }
} }
void grpc_call_credentials_release(grpc_call_credentials *creds) { void grpc_call_credentials_release(grpc_call_credentials *creds) {
GRPC_API_TRACE("grpc_call_credentials_release(creds=%p)", 1, (creds)); GRPC_API_TRACE("grpc_call_credentials_release(creds=%p)", 1, (creds));
grpc_call_credentials_unref(creds); grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
grpc_call_credentials_unref(&exec_ctx, creds);
grpc_exec_ctx_finish(&exec_ctx);
} }
void grpc_call_credentials_get_request_metadata( void grpc_call_credentials_get_request_metadata(
@ -126,16 +136,16 @@ void grpc_call_credentials_get_request_metadata(
} }
grpc_security_status grpc_channel_credentials_create_security_connector( grpc_security_status grpc_channel_credentials_create_security_connector(
grpc_channel_credentials *channel_creds, const char *target, grpc_exec_ctx *exec_ctx, grpc_channel_credentials *channel_creds,
const grpc_channel_args *args, grpc_channel_security_connector **sc, const char *target, const grpc_channel_args *args,
grpc_channel_args **new_args) { grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
*new_args = NULL; *new_args = NULL;
if (channel_creds == NULL) { if (channel_creds == NULL) {
return GRPC_SECURITY_ERROR; return GRPC_SECURITY_ERROR;
} }
GPR_ASSERT(channel_creds->vtable->create_security_connector != NULL); GPR_ASSERT(channel_creds->vtable->create_security_connector != NULL);
return channel_creds->vtable->create_security_connector( return channel_creds->vtable->create_security_connector(
channel_creds, NULL, target, args, sc, new_args); exec_ctx, channel_creds, NULL, target, args, sc, new_args);
} }
grpc_channel_credentials * grpc_channel_credentials *
@ -157,10 +167,13 @@ grpc_server_credentials *grpc_server_credentials_ref(
return creds; return creds;
} }
void grpc_server_credentials_unref(grpc_server_credentials *creds) { void grpc_server_credentials_unref(grpc_exec_ctx *exec_ctx,
grpc_server_credentials *creds) {
if (creds == NULL) return; if (creds == NULL) return;
if (gpr_unref(&creds->refcount)) { if (gpr_unref(&creds->refcount)) {
if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds); if (creds->vtable->destruct != NULL) {
creds->vtable->destruct(exec_ctx, creds);
}
if (creds->processor.destroy != NULL && creds->processor.state != NULL) { if (creds->processor.destroy != NULL && creds->processor.state != NULL) {
creds->processor.destroy(creds->processor.state); creds->processor.destroy(creds->processor.state);
} }
@ -170,16 +183,19 @@ void grpc_server_credentials_unref(grpc_server_credentials *creds) {
void grpc_server_credentials_release(grpc_server_credentials *creds) { void grpc_server_credentials_release(grpc_server_credentials *creds) {
GRPC_API_TRACE("grpc_server_credentials_release(creds=%p)", 1, (creds)); GRPC_API_TRACE("grpc_server_credentials_release(creds=%p)", 1, (creds));
grpc_server_credentials_unref(creds); grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
grpc_server_credentials_unref(&exec_ctx, creds);
grpc_exec_ctx_finish(&exec_ctx);
} }
grpc_security_status grpc_server_credentials_create_security_connector( grpc_security_status grpc_server_credentials_create_security_connector(
grpc_server_credentials *creds, grpc_server_security_connector **sc) { grpc_exec_ctx *exec_ctx, grpc_server_credentials *creds,
grpc_server_security_connector **sc) {
if (creds == NULL || creds->vtable->create_security_connector == NULL) { if (creds == NULL || creds->vtable->create_security_connector == NULL) {
gpr_log(GPR_ERROR, "Server credentials cannot create security context."); gpr_log(GPR_ERROR, "Server credentials cannot create security context.");
return GRPC_SECURITY_ERROR; return GRPC_SECURITY_ERROR;
} }
return creds->vtable->create_security_connector(creds, sc); return creds->vtable->create_security_connector(exec_ctx, creds, sc);
} }
void grpc_server_credentials_set_auth_metadata_processor( void grpc_server_credentials_set_auth_metadata_processor(
@ -196,8 +212,9 @@ void grpc_server_credentials_set_auth_metadata_processor(
creds->processor = processor; creds->processor = processor;
} }
static void server_credentials_pointer_arg_destroy(void *p) { static void server_credentials_pointer_arg_destroy(grpc_exec_ctx *exec_ctx,
grpc_server_credentials_unref(p); void *p) {
grpc_server_credentials_unref(exec_ctx, p);
} }
static void *server_credentials_pointer_arg_copy(void *p) { static void *server_credentials_pointer_arg_copy(void *p) {

@ -101,12 +101,13 @@ void grpc_override_well_known_credentials_path_getter(
/* --- grpc_channel_credentials. --- */ /* --- grpc_channel_credentials. --- */
typedef struct { typedef struct {
void (*destruct)(grpc_channel_credentials *c); void (*destruct)(grpc_exec_ctx *exec_ctx, grpc_channel_credentials *c);
grpc_security_status (*create_security_connector)( grpc_security_status (*create_security_connector)(
grpc_channel_credentials *c, grpc_call_credentials *call_creds, grpc_exec_ctx *exec_ctx, grpc_channel_credentials *c,
const char *target, const grpc_channel_args *args, grpc_call_credentials *call_creds, const char *target,
grpc_channel_security_connector **sc, grpc_channel_args **new_args); const grpc_channel_args *args, grpc_channel_security_connector **sc,
grpc_channel_args **new_args);
grpc_channel_credentials *(*duplicate_without_call_credentials)( grpc_channel_credentials *(*duplicate_without_call_credentials)(
grpc_channel_credentials *c); grpc_channel_credentials *c);
@ -120,16 +121,17 @@ struct grpc_channel_credentials {
grpc_channel_credentials *grpc_channel_credentials_ref( grpc_channel_credentials *grpc_channel_credentials_ref(
grpc_channel_credentials *creds); grpc_channel_credentials *creds);
void grpc_channel_credentials_unref(grpc_channel_credentials *creds); void grpc_channel_credentials_unref(grpc_exec_ctx *exec_ctx,
grpc_channel_credentials *creds);
/* Creates a security connector for the channel. May also create new channel /* Creates a security connector for the channel. May also create new channel
args for the channel to be used in place of the passed in const args if args for the channel to be used in place of the passed in const args if
returned non NULL. In that case the caller is responsible for destroying returned non NULL. In that case the caller is responsible for destroying
new_args after channel creation. */ new_args after channel creation. */
grpc_security_status grpc_channel_credentials_create_security_connector( grpc_security_status grpc_channel_credentials_create_security_connector(
grpc_channel_credentials *creds, const char *target, grpc_exec_ctx *exec_ctx, grpc_channel_credentials *creds,
const grpc_channel_args *args, grpc_channel_security_connector **sc, const char *target, const grpc_channel_args *args,
grpc_channel_args **new_args); grpc_channel_security_connector **sc, grpc_channel_args **new_args);
/* Creates a version of the channel credentials without any attached call /* Creates a version of the channel credentials without any attached call
credentials. This can be used in order to open a channel to a non-trusted credentials. This can be used in order to open a channel to a non-trusted
@ -162,7 +164,8 @@ void grpc_credentials_md_store_add_cstrings(grpc_credentials_md_store *store,
const char *key, const char *value); const char *key, const char *value);
grpc_credentials_md_store *grpc_credentials_md_store_ref( grpc_credentials_md_store *grpc_credentials_md_store_ref(
grpc_credentials_md_store *store); grpc_credentials_md_store *store);
void grpc_credentials_md_store_unref(grpc_credentials_md_store *store); void grpc_credentials_md_store_unref(grpc_exec_ctx *exec_ctx,
grpc_credentials_md_store *store);
/* --- grpc_call_credentials. --- */ /* --- grpc_call_credentials. --- */
@ -172,7 +175,7 @@ typedef void (*grpc_credentials_metadata_cb)(
size_t num_md, grpc_credentials_status status, const char *error_details); size_t num_md, grpc_credentials_status status, const char *error_details);
typedef struct { typedef struct {
void (*destruct)(grpc_call_credentials *c); void (*destruct)(grpc_exec_ctx *exec_ctx, grpc_call_credentials *c);
void (*get_request_metadata)(grpc_exec_ctx *exec_ctx, void (*get_request_metadata)(grpc_exec_ctx *exec_ctx,
grpc_call_credentials *c, grpc_call_credentials *c,
grpc_polling_entity *pollent, grpc_polling_entity *pollent,
@ -188,7 +191,8 @@ struct grpc_call_credentials {
}; };
grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds); grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds);
void grpc_call_credentials_unref(grpc_call_credentials *creds); void grpc_call_credentials_unref(grpc_exec_ctx *exec_ctx,
grpc_call_credentials *creds);
void grpc_call_credentials_get_request_metadata( void grpc_call_credentials_get_request_metadata(
grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
grpc_polling_entity *pollent, grpc_auth_metadata_context context, grpc_polling_entity *pollent, grpc_auth_metadata_context context,
@ -202,9 +206,10 @@ grpc_call_credentials *grpc_md_only_test_credentials_create(
/* --- grpc_server_credentials. --- */ /* --- grpc_server_credentials. --- */
typedef struct { typedef struct {
void (*destruct)(grpc_server_credentials *c); void (*destruct)(grpc_exec_ctx *exec_ctx, grpc_server_credentials *c);
grpc_security_status (*create_security_connector)( grpc_security_status (*create_security_connector)(
grpc_server_credentials *c, grpc_server_security_connector **sc); grpc_exec_ctx *exec_ctx, grpc_server_credentials *c,
grpc_server_security_connector **sc);
} grpc_server_credentials_vtable; } grpc_server_credentials_vtable;
struct grpc_server_credentials { struct grpc_server_credentials {
@ -215,12 +220,14 @@ struct grpc_server_credentials {
}; };
grpc_security_status grpc_server_credentials_create_security_connector( grpc_security_status grpc_server_credentials_create_security_connector(
grpc_server_credentials *creds, grpc_server_security_connector **sc); grpc_exec_ctx *exec_ctx, grpc_server_credentials *creds,
grpc_server_security_connector **sc);
grpc_server_credentials *grpc_server_credentials_ref( grpc_server_credentials *grpc_server_credentials_ref(
grpc_server_credentials *creds); grpc_server_credentials *creds);
void grpc_server_credentials_unref(grpc_server_credentials *creds); void grpc_server_credentials_unref(grpc_exec_ctx *exec_ctx,
grpc_server_credentials *creds);
#define GRPC_SERVER_CREDENTIALS_ARG "grpc.server_credentials" #define GRPC_SERVER_CREDENTIALS_ARG "grpc.server_credentials"
@ -243,6 +250,6 @@ grpc_credentials_metadata_request *grpc_credentials_metadata_request_create(
void *user_data); void *user_data);
void grpc_credentials_metadata_request_destroy( void grpc_credentials_metadata_request_destroy(
grpc_credentials_metadata_request *r); grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *r);
#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_CREDENTIALS_H */ #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_CREDENTIALS_H */

@ -37,6 +37,8 @@
#include <string.h> #include <string.h>
#include "src/core/lib/slice/slice_internal.h"
static void store_ensure_capacity(grpc_credentials_md_store *store) { static void store_ensure_capacity(grpc_credentials_md_store *store) {
if (store->num_entries == store->allocated) { if (store->num_entries == store->allocated) {
store->allocated = (store->allocated == 0) ? 1 : store->allocated * 2; store->allocated = (store->allocated == 0) ? 1 : store->allocated * 2;
@ -85,7 +87,8 @@ grpc_credentials_md_store *grpc_credentials_md_store_ref(
return store; return store;
} }
void grpc_credentials_md_store_unref(grpc_credentials_md_store *store) { void grpc_credentials_md_store_unref(grpc_exec_ctx *exec_ctx,
grpc_credentials_md_store *store) {
if (store == NULL) return; if (store == NULL) return;
if (gpr_unref(&store->refcount)) { if (gpr_unref(&store->refcount)) {
if (store->entries != NULL) { if (store->entries != NULL) {

@ -45,16 +45,18 @@
/* -- Fake transport security credentials. -- */ /* -- Fake transport security credentials. -- */
static grpc_security_status fake_transport_security_create_security_connector( static grpc_security_status fake_transport_security_create_security_connector(
grpc_channel_credentials *c, grpc_call_credentials *call_creds, grpc_exec_ctx *exec_ctx, grpc_channel_credentials *c,
const char *target, const grpc_channel_args *args, grpc_call_credentials *call_creds, const char *target,
grpc_channel_security_connector **sc, grpc_channel_args **new_args) { const grpc_channel_args *args, grpc_channel_security_connector **sc,
grpc_channel_args **new_args) {
*sc = grpc_fake_channel_security_connector_create(call_creds); *sc = grpc_fake_channel_security_connector_create(call_creds);
return GRPC_SECURITY_OK; return GRPC_SECURITY_OK;
} }
static grpc_security_status static grpc_security_status
fake_transport_security_server_create_security_connector( fake_transport_security_server_create_security_connector(
grpc_server_credentials *c, grpc_server_security_connector **sc) { grpc_exec_ctx *exec_ctx, grpc_server_credentials *c,
grpc_server_security_connector **sc) {
*sc = grpc_fake_server_security_connector_create(); *sc = grpc_fake_server_security_connector_create();
return GRPC_SECURITY_OK; return GRPC_SECURITY_OK;
} }
@ -89,9 +91,10 @@ grpc_server_credentials *grpc_fake_transport_security_server_credentials_create(
/* -- Metadata-only test credentials. -- */ /* -- Metadata-only test credentials. -- */
static void md_only_test_destruct(grpc_call_credentials *creds) { static void md_only_test_destruct(grpc_exec_ctx *exec_ctx,
grpc_call_credentials *creds) {
grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds; grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds;
grpc_credentials_md_store_unref(c->md_store); grpc_credentials_md_store_unref(exec_ctx, c->md_store);
} }
static void on_simulated_token_fetch_done(grpc_exec_ctx *exec_ctx, static void on_simulated_token_fetch_done(grpc_exec_ctx *exec_ctx,
@ -101,7 +104,7 @@ static void on_simulated_token_fetch_done(grpc_exec_ctx *exec_ctx,
grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)r->creds; grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)r->creds;
r->cb(exec_ctx, r->user_data, c->md_store->entries, c->md_store->num_entries, r->cb(exec_ctx, r->user_data, c->md_store->entries, c->md_store->num_entries,
GRPC_CREDENTIALS_OK, NULL); GRPC_CREDENTIALS_OK, NULL);
grpc_credentials_metadata_request_destroy(r); grpc_credentials_metadata_request_destroy(exec_ctx, r);
} }
static void md_only_test_get_request_metadata( static void md_only_test_get_request_metadata(

@ -45,6 +45,7 @@
#include "src/core/lib/iomgr/polling_entity.h" #include "src/core/lib/iomgr/polling_entity.h"
#include "src/core/lib/security/credentials/jwt/jwt_credentials.h" #include "src/core/lib/security/credentials/jwt/jwt_credentials.h"
#include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h" #include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h"
#include "src/core/lib/slice/slice_internal.h"
#include "src/core/lib/slice/slice_string_helpers.h" #include "src/core/lib/slice/slice_string_helpers.h"
#include "src/core/lib/support/env.h" #include "src/core/lib/support/env.h"
#include "src/core/lib/support/string.h" #include "src/core/lib/support/string.h"
@ -101,11 +102,10 @@ static void destroy_pollset(grpc_exec_ctx *exec_ctx, void *p, grpc_error *e) {
grpc_pollset_destroy(p); grpc_pollset_destroy(p);
} }
static int is_stack_running_on_compute_engine(void) { static int is_stack_running_on_compute_engine(grpc_exec_ctx *exec_ctx) {
compute_engine_detector detector; compute_engine_detector detector;
grpc_httpcli_request request; grpc_httpcli_request request;
grpc_httpcli_context context; grpc_httpcli_context context;
grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
grpc_closure destroy_closure; grpc_closure destroy_closure;
/* The http call is local. If it takes more than one sec, it is for sure not /* The http call is local. If it takes more than one sec, it is for sure not
@ -128,13 +128,13 @@ static int is_stack_running_on_compute_engine(void) {
grpc_resource_quota *resource_quota = grpc_resource_quota *resource_quota =
grpc_resource_quota_create("google_default_credentials"); grpc_resource_quota_create("google_default_credentials");
grpc_httpcli_get( grpc_httpcli_get(
&exec_ctx, &context, &detector.pollent, resource_quota, &request, exec_ctx, &context, &detector.pollent, resource_quota, &request,
gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), max_detection_delay), gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), max_detection_delay),
grpc_closure_create(on_compute_engine_detection_http_response, &detector), grpc_closure_create(on_compute_engine_detection_http_response, &detector),
&detector.response); &detector.response);
grpc_resource_quota_unref_internal(&exec_ctx, resource_quota); grpc_resource_quota_unref_internal(exec_ctx, resource_quota);
grpc_exec_ctx_flush(&exec_ctx); grpc_exec_ctx_flush(exec_ctx);
/* Block until we get the response. This is not ideal but this should only be /* Block until we get the response. This is not ideal but this should only be
called once for the lifetime of the process by the default credentials. */ called once for the lifetime of the process by the default credentials. */
@ -143,7 +143,7 @@ static int is_stack_running_on_compute_engine(void) {
grpc_pollset_worker *worker = NULL; grpc_pollset_worker *worker = NULL;
if (!GRPC_LOG_IF_ERROR( if (!GRPC_LOG_IF_ERROR(
"pollset_work", "pollset_work",
grpc_pollset_work(&exec_ctx, grpc_pollset_work(exec_ctx,
grpc_polling_entity_pollset(&detector.pollent), grpc_polling_entity_pollset(&detector.pollent),
&worker, gpr_now(GPR_CLOCK_MONOTONIC), &worker, gpr_now(GPR_CLOCK_MONOTONIC),
gpr_inf_future(GPR_CLOCK_MONOTONIC)))) { gpr_inf_future(GPR_CLOCK_MONOTONIC)))) {
@ -156,10 +156,9 @@ static int is_stack_running_on_compute_engine(void) {
grpc_httpcli_context_destroy(&context); grpc_httpcli_context_destroy(&context);
grpc_closure_init(&destroy_closure, destroy_pollset, grpc_closure_init(&destroy_closure, destroy_pollset,
grpc_polling_entity_pollset(&detector.pollent)); grpc_polling_entity_pollset(&detector.pollent));
grpc_pollset_shutdown(&exec_ctx, grpc_pollset_shutdown(exec_ctx,
grpc_polling_entity_pollset(&detector.pollent), grpc_polling_entity_pollset(&detector.pollent),
&destroy_closure); &destroy_closure);
grpc_exec_ctx_finish(&exec_ctx);
g_polling_mu = NULL; g_polling_mu = NULL;
gpr_free(grpc_polling_entity_pollset(&detector.pollent)); gpr_free(grpc_polling_entity_pollset(&detector.pollent));
@ -170,7 +169,7 @@ static int is_stack_running_on_compute_engine(void) {
/* Takes ownership of creds_path if not NULL. */ /* Takes ownership of creds_path if not NULL. */
static grpc_error *create_default_creds_from_path( static grpc_error *create_default_creds_from_path(
char *creds_path, grpc_call_credentials **creds) { grpc_exec_ctx *exec_ctx, char *creds_path, grpc_call_credentials **creds) {
grpc_json *json = NULL; grpc_json *json = NULL;
grpc_auth_json_key key; grpc_auth_json_key key;
grpc_auth_refresh_token token; grpc_auth_refresh_token token;
@ -200,7 +199,7 @@ static grpc_error *create_default_creds_from_path(
if (grpc_auth_json_key_is_valid(&key)) { if (grpc_auth_json_key_is_valid(&key)) {
result = result =
grpc_service_account_jwt_access_credentials_create_from_auth_json_key( grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
key, grpc_max_auth_token_lifetime()); exec_ctx, key, grpc_max_auth_token_lifetime());
if (result == NULL) { if (result == NULL) {
error = GRPC_ERROR_CREATE( error = GRPC_ERROR_CREATE(
"grpc_service_account_jwt_access_credentials_create_from_auth_json_" "grpc_service_account_jwt_access_credentials_create_from_auth_json_"
@ -236,6 +235,7 @@ grpc_channel_credentials *grpc_google_default_credentials_create(void) {
grpc_call_credentials *call_creds = NULL; grpc_call_credentials *call_creds = NULL;
grpc_error *error = GRPC_ERROR_CREATE("Failed to create Google credentials"); grpc_error *error = GRPC_ERROR_CREATE("Failed to create Google credentials");
grpc_error *err; grpc_error *err;
grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
GRPC_API_TRACE("grpc_google_default_credentials_create(void)", 0, ()); GRPC_API_TRACE("grpc_google_default_credentials_create(void)", 0, ());
@ -250,20 +250,22 @@ grpc_channel_credentials *grpc_google_default_credentials_create(void) {
/* First, try the environment variable. */ /* First, try the environment variable. */
err = create_default_creds_from_path( err = create_default_creds_from_path(
gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR), &call_creds); &exec_ctx, gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR), &call_creds);
if (err == GRPC_ERROR_NONE) goto end; if (err == GRPC_ERROR_NONE) goto end;
error = grpc_error_add_child(error, err); error = grpc_error_add_child(error, err);
/* Then the well-known file. */ /* Then the well-known file. */
err = create_default_creds_from_path( err = create_default_creds_from_path(
grpc_get_well_known_google_credentials_file_path(), &call_creds); &exec_ctx, grpc_get_well_known_google_credentials_file_path(),
&call_creds);
if (err == GRPC_ERROR_NONE) goto end; if (err == GRPC_ERROR_NONE) goto end;
error = grpc_error_add_child(error, err); error = grpc_error_add_child(error, err);
/* At last try to see if we're on compute engine (do the detection only once /* At last try to see if we're on compute engine (do the detection only once
since it requires a network test). */ since it requires a network test). */
if (!compute_engine_detection_done) { if (!compute_engine_detection_done) {
int need_compute_engine_creds = is_stack_running_on_compute_engine(); int need_compute_engine_creds =
is_stack_running_on_compute_engine(&exec_ctx);
compute_engine_detection_done = 1; compute_engine_detection_done = 1;
if (need_compute_engine_creds) { if (need_compute_engine_creds) {
call_creds = grpc_google_compute_engine_credentials_create(NULL); call_creds = grpc_google_compute_engine_credentials_create(NULL);
@ -286,8 +288,8 @@ end:
grpc_composite_channel_credentials_create(ssl_creds, call_creds, grpc_composite_channel_credentials_create(ssl_creds, call_creds,
NULL)); NULL));
GPR_ASSERT(default_credentials != NULL); GPR_ASSERT(default_credentials != NULL);
grpc_channel_credentials_unref(ssl_creds); grpc_channel_credentials_unref(&exec_ctx, ssl_creds);
grpc_call_credentials_unref(call_creds); grpc_call_credentials_unref(&exec_ctx, call_creds);
result = default_credentials; result = default_credentials;
} else { } else {
gpr_log(GPR_ERROR, "Could not create google default credentials."); gpr_log(GPR_ERROR, "Could not create google default credentials.");
@ -299,18 +301,21 @@ end:
} else { } else {
GRPC_ERROR_UNREF(error); GRPC_ERROR_UNREF(error);
} }
grpc_exec_ctx_finish(&exec_ctx);
return result; return result;
} }
void grpc_flush_cached_google_default_credentials(void) { void grpc_flush_cached_google_default_credentials(void) {
grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
gpr_once_init(&g_once, init_default_credentials); gpr_once_init(&g_once, init_default_credentials);
gpr_mu_lock(&g_state_mu); gpr_mu_lock(&g_state_mu);
if (default_credentials != NULL) { if (default_credentials != NULL) {
grpc_channel_credentials_unref(default_credentials); grpc_channel_credentials_unref(&exec_ctx, default_credentials);
default_credentials = NULL; default_credentials = NULL;
} }
compute_engine_detection_done = 0; compute_engine_detection_done = 0;
gpr_mu_unlock(&g_state_mu); gpr_mu_unlock(&g_state_mu);
grpc_exec_ctx_finish(&exec_ctx);
} }
/* -- Well known credentials path. -- */ /* -- Well known credentials path. -- */

@ -42,9 +42,10 @@
#include <grpc/support/string_util.h> #include <grpc/support/string_util.h>
#include <grpc/support/sync.h> #include <grpc/support/sync.h>
static void iam_destruct(grpc_call_credentials *creds) { static void iam_destruct(grpc_exec_ctx *exec_ctx,
grpc_call_credentials *creds) {
grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds; grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds;
grpc_credentials_md_store_unref(c->iam_md); grpc_credentials_md_store_unref(exec_ctx, c->iam_md);
} }
static void iam_get_request_metadata(grpc_exec_ctx *exec_ctx, static void iam_get_request_metadata(grpc_exec_ctx *exec_ctx,

@ -42,9 +42,10 @@
#include <grpc/support/string_util.h> #include <grpc/support/string_util.h>
#include <grpc/support/sync.h> #include <grpc/support/sync.h>
static void jwt_reset_cache(grpc_service_account_jwt_access_credentials *c) { static void jwt_reset_cache(grpc_exec_ctx *exec_ctx,
grpc_service_account_jwt_access_credentials *c) {
if (c->cached.jwt_md != NULL) { if (c->cached.jwt_md != NULL) {
grpc_credentials_md_store_unref(c->cached.jwt_md); grpc_credentials_md_store_unref(exec_ctx, c->cached.jwt_md);
c->cached.jwt_md = NULL; c->cached.jwt_md = NULL;
} }
if (c->cached.service_url != NULL) { if (c->cached.service_url != NULL) {
@ -54,11 +55,12 @@ static void jwt_reset_cache(grpc_service_account_jwt_access_credentials *c) {
c->cached.jwt_expiration = gpr_inf_past(GPR_CLOCK_REALTIME); c->cached.jwt_expiration = gpr_inf_past(GPR_CLOCK_REALTIME);
} }
static void jwt_destruct(grpc_call_credentials *creds) { static void jwt_destruct(grpc_exec_ctx *exec_ctx,
grpc_call_credentials *creds) {
grpc_service_account_jwt_access_credentials *c = grpc_service_account_jwt_access_credentials *c =
(grpc_service_account_jwt_access_credentials *)creds; (grpc_service_account_jwt_access_credentials *)creds;
grpc_auth_json_key_destruct(&c->key); grpc_auth_json_key_destruct(&c->key);
jwt_reset_cache(c); jwt_reset_cache(exec_ctx, c);
gpr_mu_destroy(&c->cache_mu); gpr_mu_destroy(&c->cache_mu);
} }
@ -92,7 +94,7 @@ static void jwt_get_request_metadata(grpc_exec_ctx *exec_ctx,
char *jwt = NULL; char *jwt = NULL;
/* Generate a new jwt. */ /* Generate a new jwt. */
gpr_mu_lock(&c->cache_mu); gpr_mu_lock(&c->cache_mu);
jwt_reset_cache(c); jwt_reset_cache(exec_ctx, c);
jwt = grpc_jwt_encode_and_sign(&c->key, context.service_url, jwt = grpc_jwt_encode_and_sign(&c->key, context.service_url,
c->jwt_lifetime, NULL); c->jwt_lifetime, NULL);
if (jwt != NULL) { if (jwt != NULL) {
@ -114,7 +116,7 @@ static void jwt_get_request_metadata(grpc_exec_ctx *exec_ctx,
if (jwt_md != NULL) { if (jwt_md != NULL) {
cb(exec_ctx, user_data, jwt_md->entries, jwt_md->num_entries, cb(exec_ctx, user_data, jwt_md->entries, jwt_md->num_entries,
GRPC_CREDENTIALS_OK, NULL); GRPC_CREDENTIALS_OK, NULL);
grpc_credentials_md_store_unref(jwt_md); grpc_credentials_md_store_unref(exec_ctx, jwt_md);
} else { } else {
cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_ERROR, cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_ERROR,
"Could not generate JWT."); "Could not generate JWT.");
@ -126,7 +128,8 @@ static grpc_call_credentials_vtable jwt_vtable = {jwt_destruct,
grpc_call_credentials * grpc_call_credentials *
grpc_service_account_jwt_access_credentials_create_from_auth_json_key( grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
grpc_auth_json_key key, gpr_timespec token_lifetime) { grpc_exec_ctx *exec_ctx, grpc_auth_json_key key,
gpr_timespec token_lifetime) {
grpc_service_account_jwt_access_credentials *c; grpc_service_account_jwt_access_credentials *c;
if (!grpc_auth_json_key_is_valid(&key)) { if (!grpc_auth_json_key_is_valid(&key)) {
gpr_log(GPR_ERROR, "Invalid input for jwt credentials creation"); gpr_log(GPR_ERROR, "Invalid input for jwt credentials creation");
@ -140,7 +143,7 @@ grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
c->key = key; c->key = key;
c->jwt_lifetime = token_lifetime; c->jwt_lifetime = token_lifetime;
gpr_mu_init(&c->cache_mu); gpr_mu_init(&c->cache_mu);
jwt_reset_cache(c); jwt_reset_cache(exec_ctx, c);
return &c->base; return &c->base;
} }
@ -156,6 +159,11 @@ grpc_call_credentials *grpc_service_account_jwt_access_credentials_create(
5, (json_key, token_lifetime.tv_sec, token_lifetime.tv_nsec, 5, (json_key, token_lifetime.tv_sec, token_lifetime.tv_nsec,
(int)token_lifetime.clock_type, reserved)); (int)token_lifetime.clock_type, reserved));
GPR_ASSERT(reserved == NULL); GPR_ASSERT(reserved == NULL);
return grpc_service_account_jwt_access_credentials_create_from_auth_json_key( grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
grpc_auth_json_key_create_from_string(json_key), token_lifetime); grpc_call_credentials *creds =
grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
&exec_ctx, grpc_auth_json_key_create_from_string(json_key),
token_lifetime);
grpc_exec_ctx_finish(&exec_ctx);
return creds;
} }

@ -57,6 +57,7 @@ typedef struct {
// Takes ownership of the key. // Takes ownership of the key.
grpc_call_credentials * grpc_call_credentials *
grpc_service_account_jwt_access_credentials_create_from_auth_json_key( grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
grpc_auth_json_key key, gpr_timespec token_lifetime); grpc_exec_ctx *exec_ctx, grpc_auth_json_key key,
gpr_timespec token_lifetime);
#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_CREDENTIALS_H */ #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_CREDENTIALS_H */

@ -36,11 +36,6 @@
#include <limits.h> #include <limits.h>
#include <string.h> #include <string.h>
#include "src/core/lib/http/httpcli.h"
#include "src/core/lib/iomgr/polling_entity.h"
#include "src/core/lib/security/util/b64.h"
#include "src/core/lib/tsi/ssl_types.h"
#include <grpc/support/alloc.h> #include <grpc/support/alloc.h>
#include <grpc/support/log.h> #include <grpc/support/log.h>
#include <grpc/support/string_util.h> #include <grpc/support/string_util.h>
@ -48,6 +43,12 @@
#include <grpc/support/useful.h> #include <grpc/support/useful.h>
#include <openssl/pem.h> #include <openssl/pem.h>
#include "src/core/lib/http/httpcli.h"
#include "src/core/lib/iomgr/polling_entity.h"
#include "src/core/lib/security/util/b64.h"
#include "src/core/lib/slice/slice_internal.h"
#include "src/core/lib/tsi/ssl_types.h"
/* --- Utils. --- */ /* --- Utils. --- */
const char *grpc_jwt_verifier_status_to_string( const char *grpc_jwt_verifier_status_to_string(
@ -84,7 +85,8 @@ static const EVP_MD *evp_md_from_alg(const char *alg) {
} }
} }
static grpc_json *parse_json_part_from_jwt(const char *str, size_t len, static grpc_json *parse_json_part_from_jwt(grpc_exec_ctx *exec_ctx,
const char *str, size_t len,
grpc_slice *buffer) { grpc_slice *buffer) {
grpc_json *json; grpc_json *json;
@ -132,13 +134,14 @@ typedef struct {
grpc_slice buffer; grpc_slice buffer;
} jose_header; } jose_header;
static void jose_header_destroy(jose_header *h) { static void jose_header_destroy(grpc_exec_ctx *exec_ctx, jose_header *h) {
grpc_slice_unref_internal(exec_ctx, h->buffer); grpc_slice_unref_internal(exec_ctx, h->buffer);
gpr_free(h); gpr_free(h);
} }
/* Takes ownership of json and buffer. */ /* Takes ownership of json and buffer. */
static jose_header *jose_header_from_json(grpc_json *json, grpc_slice buffer) { static jose_header *jose_header_from_json(grpc_exec_ctx *exec_ctx,
grpc_json *json, grpc_slice buffer) {
grpc_json *cur; grpc_json *cur;
jose_header *h = gpr_malloc(sizeof(jose_header)); jose_header *h = gpr_malloc(sizeof(jose_header));
memset(h, 0, sizeof(jose_header)); memset(h, 0, sizeof(jose_header));
@ -173,7 +176,7 @@ static jose_header *jose_header_from_json(grpc_json *json, grpc_slice buffer) {
error: error:
grpc_json_destroy(json); grpc_json_destroy(json);
jose_header_destroy(h); jose_header_destroy(exec_ctx, h);
return NULL; return NULL;
} }
@ -193,7 +196,7 @@ struct grpc_jwt_claims {
grpc_slice buffer; grpc_slice buffer;
}; };
void grpc_jwt_claims_destroy(grpc_jwt_claims *claims) { void grpc_jwt_claims_destroy(grpc_exec_ctx *exec_ctx, grpc_jwt_claims *claims) {
grpc_json_destroy(claims->json); grpc_json_destroy(claims->json);
grpc_slice_unref_internal(exec_ctx, claims->buffer); grpc_slice_unref_internal(exec_ctx, claims->buffer);
gpr_free(claims); gpr_free(claims);
@ -240,7 +243,8 @@ gpr_timespec grpc_jwt_claims_not_before(const grpc_jwt_claims *claims) {
} }
/* Takes ownership of json and buffer even in case of failure. */ /* Takes ownership of json and buffer even in case of failure. */
grpc_jwt_claims *grpc_jwt_claims_from_json(grpc_json *json, grpc_slice buffer) { grpc_jwt_claims *grpc_jwt_claims_from_json(grpc_exec_ctx *exec_ctx,
grpc_json *json, grpc_slice buffer) {
grpc_json *cur; grpc_json *cur;
grpc_jwt_claims *claims = gpr_malloc(sizeof(grpc_jwt_claims)); grpc_jwt_claims *claims = gpr_malloc(sizeof(grpc_jwt_claims));
memset(claims, 0, sizeof(grpc_jwt_claims)); memset(claims, 0, sizeof(grpc_jwt_claims));
@ -281,7 +285,7 @@ grpc_jwt_claims *grpc_jwt_claims_from_json(grpc_json *json, grpc_slice buffer) {
return claims; return claims;
error: error:
grpc_jwt_claims_destroy(claims); grpc_jwt_claims_destroy(exec_ctx, claims);
return NULL; return NULL;
} }
@ -362,12 +366,12 @@ static verifier_cb_ctx *verifier_cb_ctx_create(
return ctx; return ctx;
} }
void verifier_cb_ctx_destroy(verifier_cb_ctx *ctx) { void verifier_cb_ctx_destroy(grpc_exec_ctx *exec_ctx, verifier_cb_ctx *ctx) {
if (ctx->audience != NULL) gpr_free(ctx->audience); if (ctx->audience != NULL) gpr_free(ctx->audience);
if (ctx->claims != NULL) grpc_jwt_claims_destroy(ctx->claims); if (ctx->claims != NULL) grpc_jwt_claims_destroy(exec_ctx, ctx->claims);
grpc_slice_unref_internal(exec_ctx, ctx->signature); grpc_slice_unref_internal(exec_ctx, ctx->signature);
grpc_slice_unref_internal(exec_ctx, ctx->signed_data); grpc_slice_unref_internal(exec_ctx, ctx->signed_data);
jose_header_destroy(ctx->header); jose_header_destroy(exec_ctx, ctx->header);
for (size_t i = 0; i < HTTP_RESPONSE_COUNT; i++) { for (size_t i = 0; i < HTTP_RESPONSE_COUNT; i++) {
grpc_http_response_destroy(&ctx->responses[i]); grpc_http_response_destroy(&ctx->responses[i]);
} }
@ -447,7 +451,7 @@ end:
return result; return result;
} }
static BIGNUM *bignum_from_base64(const char *b64) { static BIGNUM *bignum_from_base64(grpc_exec_ctx *exec_ctx, const char *b64) {
BIGNUM *result = NULL; BIGNUM *result = NULL;
grpc_slice bin; grpc_slice bin;
@ -463,7 +467,8 @@ static BIGNUM *bignum_from_base64(const char *b64) {
return result; return result;
} }
static EVP_PKEY *pkey_from_jwk(const grpc_json *json, const char *kty) { static EVP_PKEY *pkey_from_jwk(grpc_exec_ctx *exec_ctx, const grpc_json *json,
const char *kty) {
const grpc_json *key_prop; const grpc_json *key_prop;
RSA *rsa = NULL; RSA *rsa = NULL;
EVP_PKEY *result = NULL; EVP_PKEY *result = NULL;
@ -480,10 +485,12 @@ static EVP_PKEY *pkey_from_jwk(const grpc_json *json, const char *kty) {
} }
for (key_prop = json->child; key_prop != NULL; key_prop = key_prop->next) { for (key_prop = json->child; key_prop != NULL; key_prop = key_prop->next) {
if (strcmp(key_prop->key, "n") == 0) { if (strcmp(key_prop->key, "n") == 0) {
rsa->n = bignum_from_base64(validate_string_field(key_prop, "n")); rsa->n =
bignum_from_base64(exec_ctx, validate_string_field(key_prop, "n"));
if (rsa->n == NULL) goto end; if (rsa->n == NULL) goto end;
} else if (strcmp(key_prop->key, "e") == 0) { } else if (strcmp(key_prop->key, "e") == 0) {
rsa->e = bignum_from_base64(validate_string_field(key_prop, "e")); rsa->e =
bignum_from_base64(exec_ctx, validate_string_field(key_prop, "e"));
if (rsa->e == NULL) goto end; if (rsa->e == NULL) goto end;
} }
} }
@ -499,7 +506,8 @@ end:
return result; return result;
} }
static EVP_PKEY *find_verification_key(const grpc_json *json, static EVP_PKEY *find_verification_key(grpc_exec_ctx *exec_ctx,
const grpc_json *json,
const char *header_alg, const char *header_alg,
const char *header_kid) { const char *header_kid) {
const grpc_json *jkey; const grpc_json *jkey;
@ -543,7 +551,7 @@ static EVP_PKEY *find_verification_key(const grpc_json *json,
} }
if (alg != NULL && kid != NULL && kty != NULL && if (alg != NULL && kid != NULL && kty != NULL &&
strcmp(kid, header_kid) == 0 && strcmp(alg, header_alg) == 0) { strcmp(kid, header_kid) == 0 && strcmp(alg, header_alg) == 0) {
return pkey_from_jwk(jkey, kty); return pkey_from_jwk(exec_ctx, jkey, kty);
} }
} }
gpr_log(GPR_ERROR, gpr_log(GPR_ERROR,
@ -597,7 +605,7 @@ static void on_keys_retrieved(grpc_exec_ctx *exec_ctx, void *user_data,
goto end; goto end;
} }
verification_key = verification_key =
find_verification_key(json, ctx->header->alg, ctx->header->kid); find_verification_key(exec_ctx, json, ctx->header->alg, ctx->header->kid);
if (verification_key == NULL) { if (verification_key == NULL) {
gpr_log(GPR_ERROR, "Could not find verification key with kid %s.", gpr_log(GPR_ERROR, "Could not find verification key with kid %s.",
ctx->header->kid); ctx->header->kid);
@ -622,7 +630,7 @@ end:
if (json != NULL) grpc_json_destroy(json); if (json != NULL) grpc_json_destroy(json);
if (verification_key != NULL) EVP_PKEY_free(verification_key); if (verification_key != NULL) EVP_PKEY_free(verification_key);
ctx->user_cb(ctx->user_data, status, claims); ctx->user_cb(ctx->user_data, status, claims);
verifier_cb_ctx_destroy(ctx); verifier_cb_ctx_destroy(exec_ctx, ctx);
} }
static void on_openid_config_retrieved(grpc_exec_ctx *exec_ctx, void *user_data, static void on_openid_config_retrieved(grpc_exec_ctx *exec_ctx, void *user_data,
@ -675,7 +683,7 @@ static void on_openid_config_retrieved(grpc_exec_ctx *exec_ctx, void *user_data,
error: error:
if (json != NULL) grpc_json_destroy(json); if (json != NULL) grpc_json_destroy(json);
ctx->user_cb(ctx->user_data, GRPC_JWT_VERIFIER_KEY_RETRIEVAL_ERROR, NULL); ctx->user_cb(ctx->user_data, GRPC_JWT_VERIFIER_KEY_RETRIEVAL_ERROR, NULL);
verifier_cb_ctx_destroy(ctx); verifier_cb_ctx_destroy(exec_ctx, ctx);
} }
static email_key_mapping *verifier_get_mapping(grpc_jwt_verifier *v, static email_key_mapping *verifier_get_mapping(grpc_jwt_verifier *v,
@ -786,7 +794,7 @@ static void retrieve_key_and_verify(grpc_exec_ctx *exec_ctx,
error: error:
ctx->user_cb(ctx->user_data, GRPC_JWT_VERIFIER_KEY_RETRIEVAL_ERROR, NULL); ctx->user_cb(ctx->user_data, GRPC_JWT_VERIFIER_KEY_RETRIEVAL_ERROR, NULL);
verifier_cb_ctx_destroy(ctx); verifier_cb_ctx_destroy(exec_ctx, ctx);
} }
void grpc_jwt_verifier_verify(grpc_exec_ctx *exec_ctx, void grpc_jwt_verifier_verify(grpc_exec_ctx *exec_ctx,
@ -808,17 +816,19 @@ void grpc_jwt_verifier_verify(grpc_exec_ctx *exec_ctx,
GPR_ASSERT(verifier != NULL && jwt != NULL && audience != NULL && cb != NULL); GPR_ASSERT(verifier != NULL && jwt != NULL && audience != NULL && cb != NULL);
dot = strchr(cur, '.'); dot = strchr(cur, '.');
if (dot == NULL) goto error; if (dot == NULL) goto error;
json = parse_json_part_from_jwt(cur, (size_t)(dot - cur), &header_buffer); json = parse_json_part_from_jwt(exec_ctx, cur, (size_t)(dot - cur),
&header_buffer);
if (json == NULL) goto error; if (json == NULL) goto error;
header = jose_header_from_json(json, header_buffer); header = jose_header_from_json(exec_ctx, json, header_buffer);
if (header == NULL) goto error; if (header == NULL) goto error;
cur = dot + 1; cur = dot + 1;
dot = strchr(cur, '.'); dot = strchr(cur, '.');
if (dot == NULL) goto error; if (dot == NULL) goto error;
json = parse_json_part_from_jwt(cur, (size_t)(dot - cur), &claims_buffer); json = parse_json_part_from_jwt(exec_ctx, cur, (size_t)(dot - cur),
&claims_buffer);
if (json == NULL) goto error; if (json == NULL) goto error;
claims = grpc_jwt_claims_from_json(json, claims_buffer); claims = grpc_jwt_claims_from_json(exec_ctx, json, claims_buffer);
if (claims == NULL) goto error; if (claims == NULL) goto error;
signed_jwt_len = (size_t)(dot - jwt); signed_jwt_len = (size_t)(dot - jwt);
@ -832,8 +842,8 @@ void grpc_jwt_verifier_verify(grpc_exec_ctx *exec_ctx,
return; return;
error: error:
if (header != NULL) jose_header_destroy(header); if (header != NULL) jose_header_destroy(exec_ctx, header);
if (claims != NULL) grpc_jwt_claims_destroy(claims); if (claims != NULL) grpc_jwt_claims_destroy(exec_ctx, claims);
cb(user_data, GRPC_JWT_VERIFIER_BAD_FORMAT, NULL); cb(user_data, GRPC_JWT_VERIFIER_BAD_FORMAT, NULL);
} }

@ -66,7 +66,7 @@ const char *grpc_jwt_verifier_status_to_string(grpc_jwt_verifier_status status);
typedef struct grpc_jwt_claims grpc_jwt_claims; typedef struct grpc_jwt_claims grpc_jwt_claims;
void grpc_jwt_claims_destroy(grpc_jwt_claims *claims); void grpc_jwt_claims_destroy(grpc_exec_ctx *exec_ctx, grpc_jwt_claims *claims);
/* Returns the whole JSON tree of the claims. */ /* Returns the whole JSON tree of the claims. */
const grpc_json *grpc_jwt_claims_json(const grpc_jwt_claims *claims); const grpc_json *grpc_jwt_claims_json(const grpc_jwt_claims *claims);
@ -129,7 +129,8 @@ void grpc_jwt_verifier_verify(grpc_exec_ctx *exec_ctx,
/* --- TESTING ONLY exposed functions. --- */ /* --- TESTING ONLY exposed functions. --- */
grpc_jwt_claims *grpc_jwt_claims_from_json(grpc_json *json, grpc_slice buffer); grpc_jwt_claims *grpc_jwt_claims_from_json(grpc_exec_ctx *exec_ctx,
grpc_json *json, grpc_slice buffer);
grpc_jwt_verifier_status grpc_jwt_claims_check(const grpc_jwt_claims *claims, grpc_jwt_verifier_status grpc_jwt_claims_check(const grpc_jwt_claims *claims,
const char *audience); const char *audience);

@ -118,18 +118,19 @@ void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token) {
// Oauth2 Token Fetcher credentials. // Oauth2 Token Fetcher credentials.
// //
static void oauth2_token_fetcher_destruct(grpc_call_credentials *creds) { static void oauth2_token_fetcher_destruct(grpc_exec_ctx *exec_ctx,
grpc_call_credentials *creds) {
grpc_oauth2_token_fetcher_credentials *c = grpc_oauth2_token_fetcher_credentials *c =
(grpc_oauth2_token_fetcher_credentials *)creds; (grpc_oauth2_token_fetcher_credentials *)creds;
grpc_credentials_md_store_unref(c->access_token_md); grpc_credentials_md_store_unref(exec_ctx, c->access_token_md);
gpr_mu_destroy(&c->mu); gpr_mu_destroy(&c->mu);
grpc_httpcli_context_destroy(&c->httpcli_context); grpc_httpcli_context_destroy(&c->httpcli_context);
} }
grpc_credentials_status grpc_credentials_status
grpc_oauth2_token_fetcher_credentials_parse_server_response( grpc_oauth2_token_fetcher_credentials_parse_server_response(
const grpc_http_response *response, grpc_credentials_md_store **token_md, grpc_exec_ctx *exec_ctx, const grpc_http_response *response,
gpr_timespec *token_lifetime) { grpc_credentials_md_store **token_md, gpr_timespec *token_lifetime) {
char *null_terminated_body = NULL; char *null_terminated_body = NULL;
char *new_access_token = NULL; char *new_access_token = NULL;
grpc_credentials_status status = GRPC_CREDENTIALS_OK; grpc_credentials_status status = GRPC_CREDENTIALS_OK;
@ -198,7 +199,7 @@ grpc_oauth2_token_fetcher_credentials_parse_server_response(
token_lifetime->tv_sec = strtol(expires_in->value, NULL, 10); token_lifetime->tv_sec = strtol(expires_in->value, NULL, 10);
token_lifetime->tv_nsec = 0; token_lifetime->tv_nsec = 0;
token_lifetime->clock_type = GPR_TIMESPAN; token_lifetime->clock_type = GPR_TIMESPAN;
if (*token_md != NULL) grpc_credentials_md_store_unref(*token_md); if (*token_md != NULL) grpc_credentials_md_store_unref(exec_ctx, *token_md);
*token_md = grpc_credentials_md_store_create(1); *token_md = grpc_credentials_md_store_create(1);
grpc_credentials_md_store_add_cstrings( grpc_credentials_md_store_add_cstrings(
*token_md, GRPC_AUTHORIZATION_METADATA_KEY, new_access_token); *token_md, GRPC_AUTHORIZATION_METADATA_KEY, new_access_token);
@ -207,7 +208,7 @@ grpc_oauth2_token_fetcher_credentials_parse_server_response(
end: end:
if (status != GRPC_CREDENTIALS_OK && (*token_md != NULL)) { if (status != GRPC_CREDENTIALS_OK && (*token_md != NULL)) {
grpc_credentials_md_store_unref(*token_md); grpc_credentials_md_store_unref(exec_ctx, *token_md);
*token_md = NULL; *token_md = NULL;
} }
if (null_terminated_body != NULL) gpr_free(null_terminated_body); if (null_terminated_body != NULL) gpr_free(null_terminated_body);
@ -230,7 +231,7 @@ static void on_oauth2_token_fetcher_http_response(grpc_exec_ctx *exec_ctx,
gpr_mu_lock(&c->mu); gpr_mu_lock(&c->mu);
status = grpc_oauth2_token_fetcher_credentials_parse_server_response( status = grpc_oauth2_token_fetcher_credentials_parse_server_response(
&r->response, &c->access_token_md, &token_lifetime); exec_ctx, &r->response, &c->access_token_md, &token_lifetime);
if (status == GRPC_CREDENTIALS_OK) { if (status == GRPC_CREDENTIALS_OK) {
c->token_expiration = c->token_expiration =
gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), token_lifetime); gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), token_lifetime);
@ -242,7 +243,7 @@ static void on_oauth2_token_fetcher_http_response(grpc_exec_ctx *exec_ctx,
"Error occured when fetching oauth2 token."); "Error occured when fetching oauth2 token.");
} }
gpr_mu_unlock(&c->mu); gpr_mu_unlock(&c->mu);
grpc_credentials_metadata_request_destroy(r); grpc_credentials_metadata_request_destroy(exec_ctx, r);
} }
static void oauth2_token_fetcher_get_request_metadata( static void oauth2_token_fetcher_get_request_metadata(
@ -268,7 +269,7 @@ static void oauth2_token_fetcher_get_request_metadata(
if (cached_access_token_md != NULL) { if (cached_access_token_md != NULL) {
cb(exec_ctx, user_data, cached_access_token_md->entries, cb(exec_ctx, user_data, cached_access_token_md->entries,
cached_access_token_md->num_entries, GRPC_CREDENTIALS_OK, NULL); cached_access_token_md->num_entries, GRPC_CREDENTIALS_OK, NULL);
grpc_credentials_md_store_unref(cached_access_token_md); grpc_credentials_md_store_unref(exec_ctx, cached_access_token_md);
} else { } else {
c->fetch_func( c->fetch_func(
exec_ctx, exec_ctx,
@ -334,11 +335,12 @@ grpc_call_credentials *grpc_google_compute_engine_credentials_create(
// Google Refresh Token credentials. // Google Refresh Token credentials.
// //
static void refresh_token_destruct(grpc_call_credentials *creds) { static void refresh_token_destruct(grpc_exec_ctx *exec_ctx,
grpc_call_credentials *creds) {
grpc_google_refresh_token_credentials *c = grpc_google_refresh_token_credentials *c =
(grpc_google_refresh_token_credentials *)creds; (grpc_google_refresh_token_credentials *)creds;
grpc_auth_refresh_token_destruct(&c->refresh_token); grpc_auth_refresh_token_destruct(&c->refresh_token);
oauth2_token_fetcher_destruct(&c->base.base); oauth2_token_fetcher_destruct(exec_ctx, &c->base.base);
} }
static grpc_call_credentials_vtable refresh_token_vtable = { static grpc_call_credentials_vtable refresh_token_vtable = {
@ -407,9 +409,10 @@ grpc_call_credentials *grpc_google_refresh_token_credentials_create(
// Oauth2 Access Token credentials. // Oauth2 Access Token credentials.
// //
static void access_token_destruct(grpc_call_credentials *creds) { static void access_token_destruct(grpc_exec_ctx *exec_ctx,
grpc_call_credentials *creds) {
grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds; grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds;
grpc_credentials_md_store_unref(c->access_token_md); grpc_credentials_md_store_unref(exec_ctx, c->access_token_md);
} }
static void access_token_get_request_metadata( static void access_token_get_request_metadata(

@ -103,7 +103,7 @@ grpc_refresh_token_credentials_create_from_auth_refresh_token(
// Exposed for testing only. // Exposed for testing only.
grpc_credentials_status grpc_credentials_status
grpc_oauth2_token_fetcher_credentials_parse_server_response( grpc_oauth2_token_fetcher_credentials_parse_server_response(
const struct grpc_http_response *response, grpc_exec_ctx *exec_ctx, const struct grpc_http_response *response,
grpc_credentials_md_store **token_md, gpr_timespec *token_lifetime); grpc_credentials_md_store **token_md, gpr_timespec *token_lifetime);
#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_OAUTH2_OAUTH2_CREDENTIALS_H */ #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_OAUTH2_OAUTH2_CREDENTIALS_H */

@ -35,20 +35,22 @@
#include <string.h> #include <string.h>
#include "src/core/lib/surface/api_trace.h"
#include <grpc/grpc.h> #include <grpc/grpc.h>
#include <grpc/support/alloc.h> #include <grpc/support/alloc.h>
#include <grpc/support/log.h> #include <grpc/support/log.h>
#include <grpc/support/string_util.h> #include <grpc/support/string_util.h>
#include <grpc/support/sync.h> #include <grpc/support/sync.h>
#include "src/core/lib/slice/slice_internal.h"
#include "src/core/lib/surface/api_trace.h"
typedef struct { typedef struct {
void *user_data; void *user_data;
grpc_credentials_metadata_cb cb; grpc_credentials_metadata_cb cb;
} grpc_metadata_plugin_request; } grpc_metadata_plugin_request;
static void plugin_destruct(grpc_call_credentials *creds) { static void plugin_destruct(grpc_exec_ctx *exec_ctx,
grpc_call_credentials *creds) {
grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds; grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds;
if (c->plugin.state != NULL && c->plugin.destroy != NULL) { if (c->plugin.state != NULL && c->plugin.destroy != NULL) {
c->plugin.destroy(c->plugin.state); c->plugin.destroy(c->plugin.state);
@ -100,8 +102,8 @@ static void plugin_md_request_metadata_ready(void *request,
r->cb(&exec_ctx, r->user_data, md_array, num_md, GRPC_CREDENTIALS_OK, r->cb(&exec_ctx, r->user_data, md_array, num_md, GRPC_CREDENTIALS_OK,
NULL); NULL);
for (i = 0; i < num_md; i++) { for (i = 0; i < num_md; i++) {
grpc_slice_unref_internal(exec_ctx, md_array[i].key); grpc_slice_unref_internal(&exec_ctx, md_array[i].key);
grpc_slice_unref_internal(exec_ctx, md_array[i].value); grpc_slice_unref_internal(&exec_ctx, md_array[i].value);
} }
gpr_free(md_array); gpr_free(md_array);
} }

@ -57,7 +57,8 @@ static void ssl_copy_key_material(const char *input, unsigned char **output,
// SSL Channel Credentials. // SSL Channel Credentials.
// //
static void ssl_destruct(grpc_channel_credentials *creds) { static void ssl_destruct(grpc_exec_ctx *exec_ctx,
grpc_channel_credentials *creds) {
grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds; grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds;
if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs); if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs);
if (c->config.pem_private_key != NULL) gpr_free(c->config.pem_private_key); if (c->config.pem_private_key != NULL) gpr_free(c->config.pem_private_key);
@ -65,9 +66,10 @@ static void ssl_destruct(grpc_channel_credentials *creds) {
} }
static grpc_security_status ssl_create_security_connector( static grpc_security_status ssl_create_security_connector(
grpc_channel_credentials *creds, grpc_call_credentials *call_creds, grpc_exec_ctx *exec_ctx, grpc_channel_credentials *creds,
const char *target, const grpc_channel_args *args, grpc_call_credentials *call_creds, const char *target,
grpc_channel_security_connector **sc, grpc_channel_args **new_args) { const grpc_channel_args *args, grpc_channel_security_connector **sc,
grpc_channel_args **new_args) {
grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds; grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds;
grpc_security_status status = GRPC_SECURITY_OK; grpc_security_status status = GRPC_SECURITY_OK;
size_t i = 0; size_t i = 0;
@ -83,7 +85,7 @@ static grpc_security_status ssl_create_security_connector(
} }
} }
status = grpc_ssl_channel_security_connector_create( status = grpc_ssl_channel_security_connector_create(
call_creds, &c->config, target, overridden_target_name, sc); exec_ctx, call_creds, &c->config, target, overridden_target_name, sc);
if (status != GRPC_SECURITY_OK) { if (status != GRPC_SECURITY_OK) {
return status; return status;
} }
@ -138,7 +140,8 @@ grpc_channel_credentials *grpc_ssl_credentials_create(
// SSL Server Credentials. // SSL Server Credentials.
// //
static void ssl_server_destruct(grpc_server_credentials *creds) { static void ssl_server_destruct(grpc_exec_ctx *exec_ctx,
grpc_server_credentials *creds) {
grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds; grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds;
size_t i; size_t i;
for (i = 0; i < c->config.num_key_cert_pairs; i++) { for (i = 0; i < c->config.num_key_cert_pairs; i++) {
@ -161,9 +164,10 @@ static void ssl_server_destruct(grpc_server_credentials *creds) {
} }
static grpc_security_status ssl_server_create_security_connector( static grpc_security_status ssl_server_create_security_connector(
grpc_server_credentials *creds, grpc_server_security_connector **sc) { grpc_exec_ctx *exec_ctx, grpc_server_credentials *creds,
grpc_server_security_connector **sc) {
grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds; grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds;
return grpc_ssl_server_security_connector_create(&c->config, sc); return grpc_ssl_server_security_connector_create(exec_ctx, &c->config, sc);
} }
static grpc_server_credentials_vtable ssl_server_vtable = { static grpc_server_credentials_vtable ssl_server_vtable = {

@ -44,6 +44,7 @@
#include "src/core/lib/security/context/security_context.h" #include "src/core/lib/security/context/security_context.h"
#include "src/core/lib/security/credentials/credentials.h" #include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/security/transport/security_connector.h" #include "src/core/lib/security/transport/security_connector.h"
#include "src/core/lib/slice/slice_internal.h"
#include "src/core/lib/support/string.h" #include "src/core/lib/support/string.h"
#include "src/core/lib/surface/call.h" #include "src/core/lib/surface/call.h"
#include "src/core/lib/transport/static_metadata.h" #include "src/core/lib/transport/static_metadata.h"
@ -93,7 +94,8 @@ static void bubble_up_error(grpc_exec_ctx *exec_ctx, grpc_call_element *elem,
call_data *calld = elem->call_data; call_data *calld = elem->call_data;
gpr_log(GPR_ERROR, "Client side authentication failure: %s", error_msg); gpr_log(GPR_ERROR, "Client side authentication failure: %s", error_msg);
grpc_slice error_slice = grpc_slice_from_copied_string(error_msg); grpc_slice error_slice = grpc_slice_from_copied_string(error_msg);
grpc_transport_stream_op_add_close(&calld->op, status, &error_slice); grpc_transport_stream_op_add_close(exec_ctx, &calld->op, status,
&error_slice);
grpc_call_next_op(exec_ctx, elem, &calld->op); grpc_call_next_op(exec_ctx, elem, &calld->op);
} }
@ -121,7 +123,8 @@ static void on_credentials_metadata(grpc_exec_ctx *exec_ctx, void *user_data,
for (i = 0; i < num_md; i++) { for (i = 0; i < num_md; i++) {
grpc_metadata_batch_add_tail( grpc_metadata_batch_add_tail(
mdb, &calld->md_links[i], mdb, &calld->md_links[i],
grpc_mdelem_from_slices(grpc_slice_ref_internal(md_elems[i].key), grpc_mdelem_from_slices(exec_ctx,
grpc_slice_ref_internal(md_elems[i].key),
grpc_slice_ref_internal(md_elems[i].value))); grpc_slice_ref_internal(md_elems[i].value)));
} }
grpc_call_next_op(exec_ctx, elem, op); grpc_call_next_op(exec_ctx, elem, op);
@ -248,10 +251,10 @@ static void auth_start_transport_op(grpc_exec_ctx *exec_ctx,
/* Pointer comparison is OK for md_elems created from the same context. /* Pointer comparison is OK for md_elems created from the same context.
*/ */
if (md->key == GRPC_MDSTR_AUTHORITY) { if (md->key == GRPC_MDSTR_AUTHORITY) {
if (calld->host != NULL) GRPC_MDSTR_UNREF(calld->host); if (calld->host != NULL) GRPC_MDSTR_UNREF(exec_ctx, calld->host);
calld->host = GRPC_MDSTR_REF(md->value); calld->host = GRPC_MDSTR_REF(md->value);
} else if (md->key == GRPC_MDSTR_PATH) { } else if (md->key == GRPC_MDSTR_PATH) {
if (calld->method != NULL) GRPC_MDSTR_UNREF(calld->method); if (calld->method != NULL) GRPC_MDSTR_UNREF(exec_ctx, calld->method);
calld->method = GRPC_MDSTR_REF(md->value); calld->method = GRPC_MDSTR_REF(md->value);
} }
} }
@ -292,12 +295,12 @@ static void destroy_call_elem(grpc_exec_ctx *exec_ctx, grpc_call_element *elem,
const grpc_call_final_info *final_info, const grpc_call_final_info *final_info,
void *ignored) { void *ignored) {
call_data *calld = elem->call_data; call_data *calld = elem->call_data;
grpc_call_credentials_unref(calld->creds); grpc_call_credentials_unref(exec_ctx, calld->creds);
if (calld->host != NULL) { if (calld->host != NULL) {
GRPC_MDSTR_UNREF(calld->host); GRPC_MDSTR_UNREF(exec_ctx, calld->host);
} }
if (calld->method != NULL) { if (calld->method != NULL) {
GRPC_MDSTR_UNREF(calld->method); GRPC_MDSTR_UNREF(exec_ctx, calld->method);
} }
reset_auth_metadata_context(&calld->auth_md_context); reset_auth_metadata_context(&calld->auth_md_context);
} }
@ -336,7 +339,7 @@ static void destroy_channel_elem(grpc_exec_ctx *exec_ctx,
channel_data *chand = elem->channel_data; channel_data *chand = elem->channel_data;
grpc_channel_security_connector *sc = chand->security_connector; grpc_channel_security_connector *sc = chand->security_connector;
if (sc != NULL) { if (sc != NULL) {
GRPC_SECURITY_CONNECTOR_UNREF(&sc->base, "client_auth_filter"); GRPC_SECURITY_CONNECTOR_UNREF(exec_ctx, &sc->base, "client_auth_filter");
} }
GRPC_AUTH_CONTEXT_UNREF(chand->auth_context, "client_auth_filter"); GRPC_AUTH_CONTEXT_UNREF(chand->auth_context, "client_auth_filter");
} }

@ -43,6 +43,7 @@
#include "src/core/lib/security/context/security_context.h" #include "src/core/lib/security/context/security_context.h"
#include "src/core/lib/security/transport/secure_endpoint.h" #include "src/core/lib/security/transport/secure_endpoint.h"
#include "src/core/lib/security/transport/tsi_error.h" #include "src/core/lib/security/transport/tsi_error.h"
#include "src/core/lib/slice/slice_internal.h"
#define GRPC_INITIAL_HANDSHAKE_BUFFER_SIZE 256 #define GRPC_INITIAL_HANDSHAKE_BUFFER_SIZE 256
@ -100,7 +101,8 @@ static void security_connector_remove_handshake(grpc_security_handshake *h) {
gpr_mu_unlock(&sc->mu); gpr_mu_unlock(&sc->mu);
} }
static void unref_handshake(grpc_security_handshake *h) { static void unref_handshake(grpc_exec_ctx *exec_ctx,
grpc_security_handshake *h) {
if (gpr_unref(&h->refs)) { if (gpr_unref(&h->refs)) {
if (h->handshaker != NULL) tsi_handshaker_destroy(h->handshaker); if (h->handshaker != NULL) tsi_handshaker_destroy(h->handshaker);
if (h->handshake_buffer != NULL) gpr_free(h->handshake_buffer); if (h->handshake_buffer != NULL) gpr_free(h->handshake_buffer);
@ -108,7 +110,7 @@ static void unref_handshake(grpc_security_handshake *h) {
grpc_slice_buffer_destroy_internal(exec_ctx, &h->outgoing); grpc_slice_buffer_destroy_internal(exec_ctx, &h->outgoing);
grpc_slice_buffer_destroy_internal(exec_ctx, &h->incoming); grpc_slice_buffer_destroy_internal(exec_ctx, &h->incoming);
GRPC_AUTH_CONTEXT_UNREF(h->auth_context, "handshake"); GRPC_AUTH_CONTEXT_UNREF(h->auth_context, "handshake");
GRPC_SECURITY_CONNECTOR_UNREF(h->connector, "handshake"); GRPC_SECURITY_CONNECTOR_UNREF(exec_ctx, h->connector, "handshake");
gpr_free(h); gpr_free(h);
} }
} }
@ -136,7 +138,7 @@ static void security_handshake_done(grpc_exec_ctx *exec_ctx,
} }
h->cb(exec_ctx, h->user_data, GRPC_SECURITY_ERROR, NULL, NULL); h->cb(exec_ctx, h->user_data, GRPC_SECURITY_ERROR, NULL, NULL);
} }
unref_handshake(h); unref_handshake(exec_ctx, h);
GRPC_ERROR_UNREF(error); GRPC_ERROR_UNREF(error);
} }
@ -280,7 +282,8 @@ static void on_handshake_data_received_from_peer(grpc_exec_ctx *exec_ctx,
grpc_slice_buffer_add( grpc_slice_buffer_add(
&h->left_overs, &h->left_overs,
grpc_slice_split_tail(&h->incoming.slices[i], consumed_slice_size)); grpc_slice_split_tail(&h->incoming.slices[i], consumed_slice_size));
grpc_slice_unref_internal(exec_ctx, grpc_slice_unref_internal(
exec_ctx,
h->incoming.slices[i]); /* split_tail above increments refcount. */ h->incoming.slices[i]); /* split_tail above increments refcount. */
} }
grpc_slice_buffer_addn( grpc_slice_buffer_addn(
@ -319,7 +322,7 @@ static void on_timeout(grpc_exec_ctx *exec_ctx, void *arg, grpc_error *error) {
if (error == GRPC_ERROR_NONE) { if (error == GRPC_ERROR_NONE) {
grpc_endpoint_shutdown(exec_ctx, h->wrapped_endpoint); grpc_endpoint_shutdown(exec_ctx, h->wrapped_endpoint);
} }
unref_handshake(h); unref_handshake(exec_ctx, h);
} }
void grpc_do_security_handshake( void grpc_do_security_handshake(

@ -40,6 +40,7 @@
#include "src/core/lib/debug/trace.h" #include "src/core/lib/debug/trace.h"
#include "src/core/lib/profiling/timers.h" #include "src/core/lib/profiling/timers.h"
#include "src/core/lib/security/transport/tsi_error.h" #include "src/core/lib/security/transport/tsi_error.h"
#include "src/core/lib/slice/slice_internal.h"
#include "src/core/lib/slice/slice_string_helpers.h" #include "src/core/lib/slice/slice_string_helpers.h"
#include "src/core/lib/support/string.h" #include "src/core/lib/support/string.h"
#include "src/core/lib/tsi/transport_security_interface.h" #include "src/core/lib/tsi/transport_security_interface.h"

@ -195,7 +195,8 @@ grpc_security_connector *grpc_security_connector_ref(
} }
#ifdef GRPC_SECURITY_CONNECTOR_REFCOUNT_DEBUG #ifdef GRPC_SECURITY_CONNECTOR_REFCOUNT_DEBUG
void grpc_security_connector_unref(grpc_security_connector *sc, void grpc_security_connector_unref(grpc_exec_ctx *exec_ctx,
grpc_security_connector *sc,
const char *file, int line, const char *file, int line,
const char *reason) { const char *reason) {
if (sc == NULL) return; if (sc == NULL) return;
@ -203,14 +204,15 @@ void grpc_security_connector_unref(grpc_security_connector *sc,
"SECURITY_CONNECTOR:%p unref %d -> %d %s", sc, "SECURITY_CONNECTOR:%p unref %d -> %d %s", sc,
(int)sc->refcount.count, (int)sc->refcount.count - 1, reason); (int)sc->refcount.count, (int)sc->refcount.count - 1, reason);
#else #else
void grpc_security_connector_unref(grpc_security_connector *sc) { void grpc_security_connector_unref(grpc_exec_ctx *exec_ctx,
grpc_security_connector *sc) {
if (sc == NULL) return; if (sc == NULL) return;
#endif #endif
if (gpr_unref(&sc->refcount)) sc->vtable->destroy(sc); if (gpr_unref(&sc->refcount)) sc->vtable->destroy(exec_ctx, sc);
} }
static void connector_pointer_arg_destroy(void *p) { static void connector_pointer_arg_destroy(grpc_exec_ctx *exec_ctx, void *p) {
GRPC_SECURITY_CONNECTOR_UNREF(p, "connector_pointer_arg"); GRPC_SECURITY_CONNECTOR_UNREF(exec_ctx, p, "connector_pointer_arg");
} }
static void *connector_pointer_arg_copy(void *p) { static void *connector_pointer_arg_copy(void *p) {
@ -256,13 +258,15 @@ grpc_security_connector *grpc_find_security_connector_in_args(
/* -- Fake implementation. -- */ /* -- Fake implementation. -- */
static void fake_channel_destroy(grpc_security_connector *sc) { static void fake_channel_destroy(grpc_exec_ctx *exec_ctx,
grpc_security_connector *sc) {
grpc_channel_security_connector *c = (grpc_channel_security_connector *)sc; grpc_channel_security_connector *c = (grpc_channel_security_connector *)sc;
grpc_call_credentials_unref(c->request_metadata_creds); grpc_call_credentials_unref(exec_ctx, c->request_metadata_creds);
gpr_free(sc); gpr_free(sc);
} }
static void fake_server_destroy(grpc_security_connector *sc) { static void fake_server_destroy(grpc_exec_ctx *exec_ctx,
grpc_security_connector *sc) {
grpc_server_security_connector *c = (grpc_server_security_connector *)sc; grpc_server_security_connector *c = (grpc_server_security_connector *)sc;
gpr_mu_destroy(&c->mu); gpr_mu_destroy(&c->mu);
gpr_free(sc); gpr_free(sc);
@ -381,10 +385,11 @@ typedef struct {
tsi_ssl_handshaker_factory *handshaker_factory; tsi_ssl_handshaker_factory *handshaker_factory;
} grpc_ssl_server_security_connector; } grpc_ssl_server_security_connector;
static void ssl_channel_destroy(grpc_security_connector *sc) { static void ssl_channel_destroy(grpc_exec_ctx *exec_ctx,
grpc_security_connector *sc) {
grpc_ssl_channel_security_connector *c = grpc_ssl_channel_security_connector *c =
(grpc_ssl_channel_security_connector *)sc; (grpc_ssl_channel_security_connector *)sc;
grpc_call_credentials_unref(c->base.request_metadata_creds); grpc_call_credentials_unref(exec_ctx, c->base.request_metadata_creds);
if (c->handshaker_factory != NULL) { if (c->handshaker_factory != NULL) {
tsi_ssl_handshaker_factory_destroy(c->handshaker_factory); tsi_ssl_handshaker_factory_destroy(c->handshaker_factory);
} }
@ -393,7 +398,8 @@ static void ssl_channel_destroy(grpc_security_connector *sc) {
gpr_free(sc); gpr_free(sc);
} }
static void ssl_server_destroy(grpc_security_connector *sc) { static void ssl_server_destroy(grpc_exec_ctx *exec_ctx,
grpc_security_connector *sc) {
grpc_ssl_server_security_connector *c = grpc_ssl_server_security_connector *c =
(grpc_ssl_server_security_connector *)sc; (grpc_ssl_server_security_connector *)sc;
@ -719,7 +725,7 @@ size_t grpc_get_default_ssl_roots(const unsigned char **pem_root_certs) {
} }
grpc_security_status grpc_ssl_channel_security_connector_create( grpc_security_status grpc_ssl_channel_security_connector_create(
grpc_call_credentials *request_metadata_creds, grpc_exec_ctx *exec_ctx, grpc_call_credentials *request_metadata_creds,
const grpc_ssl_config *config, const char *target_name, const grpc_ssl_config *config, const char *target_name,
const char *overridden_target_name, grpc_channel_security_connector **sc) { const char *overridden_target_name, grpc_channel_security_connector **sc) {
size_t num_alpn_protocols = grpc_chttp2_num_alpn_versions(); size_t num_alpn_protocols = grpc_chttp2_num_alpn_versions();
@ -780,7 +786,7 @@ grpc_security_status grpc_ssl_channel_security_connector_create(
if (result != TSI_OK) { if (result != TSI_OK) {
gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.", gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.",
tsi_result_to_string(result)); tsi_result_to_string(result));
ssl_channel_destroy(&c->base.base); ssl_channel_destroy(exec_ctx, &c->base.base);
*sc = NULL; *sc = NULL;
goto error; goto error;
} }
@ -796,7 +802,8 @@ error:
} }
grpc_security_status grpc_ssl_server_security_connector_create( grpc_security_status grpc_ssl_server_security_connector_create(
const grpc_ssl_server_config *config, grpc_server_security_connector **sc) { grpc_exec_ctx *exec_ctx, const grpc_ssl_server_config *config,
grpc_server_security_connector **sc) {
size_t num_alpn_protocols = grpc_chttp2_num_alpn_versions(); size_t num_alpn_protocols = grpc_chttp2_num_alpn_versions();
const unsigned char **alpn_protocol_strings = const unsigned char **alpn_protocol_strings =
gpr_malloc(sizeof(const char *) * num_alpn_protocols); gpr_malloc(sizeof(const char *) * num_alpn_protocols);
@ -836,7 +843,7 @@ grpc_security_status grpc_ssl_server_security_connector_create(
if (result != TSI_OK) { if (result != TSI_OK) {
gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.", gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.",
tsi_result_to_string(result)); tsi_result_to_string(result));
ssl_server_destroy(&c->base.base); ssl_server_destroy(exec_ctx, &c->base.base);
*sc = NULL; *sc = NULL;
goto error; goto error;
} }

@ -68,7 +68,7 @@ typedef void (*grpc_security_handshake_done_cb)(
grpc_endpoint *secure_endpoint, grpc_auth_context *auth_context); grpc_endpoint *secure_endpoint, grpc_auth_context *auth_context);
typedef struct { typedef struct {
void (*destroy)(grpc_security_connector *sc); void (*destroy)(grpc_exec_ctx *exec_ctx, grpc_security_connector *sc);
void (*check_peer)(grpc_exec_ctx *exec_ctx, grpc_security_connector *sc, void (*check_peer)(grpc_exec_ctx *exec_ctx, grpc_security_connector *sc,
tsi_peer peer, grpc_security_peer_check_cb cb, tsi_peer peer, grpc_security_peer_check_cb cb,
void *user_data); void *user_data);
@ -89,20 +89,23 @@ struct grpc_security_connector {
#ifdef GRPC_SECURITY_CONNECTOR_REFCOUNT_DEBUG #ifdef GRPC_SECURITY_CONNECTOR_REFCOUNT_DEBUG
#define GRPC_SECURITY_CONNECTOR_REF(p, r) \ #define GRPC_SECURITY_CONNECTOR_REF(p, r) \
grpc_security_connector_ref((p), __FILE__, __LINE__, (r)) grpc_security_connector_ref((p), __FILE__, __LINE__, (r))
#define GRPC_SECURITY_CONNECTOR_UNREF(p, r) \ #define GRPC_SECURITY_CONNECTOR_UNREF(exec_ctx, p, r) \
grpc_security_connector_unref((p), __FILE__, __LINE__, (r)) grpc_security_connector_unref((exec_ctx), (p), __FILE__, __LINE__, (r))
grpc_security_connector *grpc_security_connector_ref( grpc_security_connector *grpc_security_connector_ref(
grpc_security_connector *policy, const char *file, int line, grpc_security_connector *policy, const char *file, int line,
const char *reason); const char *reason);
void grpc_security_connector_unref(grpc_security_connector *policy, void grpc_security_connector_unref(grpc_exec_ctx *exec_ctx,
grpc_security_connector *policy,
const char *file, int line, const char *file, int line,
const char *reason); const char *reason);
#else #else
#define GRPC_SECURITY_CONNECTOR_REF(p, r) grpc_security_connector_ref((p)) #define GRPC_SECURITY_CONNECTOR_REF(p, r) grpc_security_connector_ref((p))
#define GRPC_SECURITY_CONNECTOR_UNREF(p, r) grpc_security_connector_unref((p)) #define GRPC_SECURITY_CONNECTOR_UNREF(exec_ctx, p, r) \
grpc_security_connector_unref((exec_ctx), (p))
grpc_security_connector *grpc_security_connector_ref( grpc_security_connector *grpc_security_connector_ref(
grpc_security_connector *policy); grpc_security_connector *policy);
void grpc_security_connector_unref(grpc_security_connector *policy); void grpc_security_connector_unref(grpc_exec_ctx *exec_ctx,
grpc_security_connector *policy);
#endif #endif
/* Check the peer. Callee takes ownership of the peer object. /* Check the peer. Callee takes ownership of the peer object.
@ -225,7 +228,7 @@ typedef struct {
specific error code otherwise. specific error code otherwise.
*/ */
grpc_security_status grpc_ssl_channel_security_connector_create( grpc_security_status grpc_ssl_channel_security_connector_create(
grpc_call_credentials *request_metadata_creds, grpc_exec_ctx *exec_ctx, grpc_call_credentials *request_metadata_creds,
const grpc_ssl_config *config, const char *target_name, const grpc_ssl_config *config, const char *target_name,
const char *overridden_target_name, grpc_channel_security_connector **sc); const char *overridden_target_name, grpc_channel_security_connector **sc);
@ -254,7 +257,8 @@ typedef struct {
specific error code otherwise. specific error code otherwise.
*/ */
grpc_security_status grpc_ssl_server_security_connector_create( grpc_security_status grpc_ssl_server_security_connector_create(
const grpc_ssl_server_config *config, grpc_server_security_connector **sc); grpc_exec_ctx *exec_ctx, const grpc_ssl_server_config *config,
grpc_server_security_connector **sc);
/* Util. */ /* Util. */
const tsi_peer_property *tsi_peer_get_property_by_name(const tsi_peer *peer, const tsi_peer_property *tsi_peer_get_property_by_name(const tsi_peer *peer,

@ -129,8 +129,8 @@ static void on_md_processing_done(
if (status == GRPC_STATUS_OK) { if (status == GRPC_STATUS_OK) {
calld->consumed_md = consumed_md; calld->consumed_md = consumed_md;
calld->num_consumed_md = num_consumed_md; calld->num_consumed_md = num_consumed_md;
grpc_metadata_batch_filter(calld->recv_initial_metadata, remove_consumed_md, grpc_metadata_batch_filter(&exec_ctx, calld->recv_initial_metadata,
elem); remove_consumed_md, elem);
grpc_metadata_array_destroy(&calld->md); grpc_metadata_array_destroy(&calld->md);
grpc_exec_ctx_sched(&exec_ctx, calld->on_done_recv, GRPC_ERROR_NONE, NULL); grpc_exec_ctx_sched(&exec_ctx, calld->on_done_recv, GRPC_ERROR_NONE, NULL);
} else { } else {
@ -149,7 +149,7 @@ static void on_md_processing_done(
} }
calld->transport_op->send_trailing_metadata = NULL; calld->transport_op->send_trailing_metadata = NULL;
close_op->on_complete = grpc_closure_create(destroy_op, close_op); close_op->on_complete = grpc_closure_create(destroy_op, close_op);
grpc_transport_stream_op_add_close(close_op, status, &message); grpc_transport_stream_op_add_close(&exec_ctx, close_op, status, &message);
grpc_call_next_op(&exec_ctx, elem, close_op); grpc_call_next_op(&exec_ctx, elem, close_op);
grpc_exec_ctx_sched(&exec_ctx, calld->on_done_recv, grpc_exec_ctx_sched(&exec_ctx, calld->on_done_recv,
grpc_error_set_int(GRPC_ERROR_CREATE(error_details), grpc_error_set_int(GRPC_ERROR_CREATE(error_details),
@ -264,7 +264,7 @@ static void destroy_channel_elem(grpc_exec_ctx *exec_ctx,
/* grab pointers to our data from the channel element */ /* grab pointers to our data from the channel element */
channel_data *chand = elem->channel_data; channel_data *chand = elem->channel_data;
GRPC_AUTH_CONTEXT_UNREF(chand->auth_context, "server_auth_filter"); GRPC_AUTH_CONTEXT_UNREF(chand->auth_context, "server_auth_filter");
grpc_server_credentials_unref(chand->creds); grpc_server_credentials_unref(exec_ctx, chand->creds);
} }
const grpc_channel_filter grpc_server_auth_filter = { const grpc_channel_filter grpc_server_auth_filter = {

Loading…
Cancel
Save