diff --git a/src/core/lib/http/httpcli_security_connector.cc b/src/core/lib/http/httpcli_security_connector.cc index 3ef4a4d073f..3475b7ebd57 100644 --- a/src/core/lib/http/httpcli_security_connector.cc +++ b/src/core/lib/http/httpcli_security_connector.cc @@ -105,6 +105,11 @@ class grpc_httpcli_ssl_channel_security_connector final tsi_peer_destruct(&peer); } + void cancel_check_peer(grpc_closure* /*on_peer_checked*/, + grpc_error* error) override { + GRPC_ERROR_UNREF(error); + } + int cmp(const grpc_security_connector* other_sc) const override { auto* other = reinterpret_cast( diff --git a/src/core/lib/security/security_connector/alts/alts_security_connector.cc b/src/core/lib/security/security_connector/alts/alts_security_connector.cc index 64c39e6d5e3..7558ab976bc 100644 --- a/src/core/lib/security/security_connector/alts/alts_security_connector.cc +++ b/src/core/lib/security/security_connector/alts/alts_security_connector.cc @@ -103,6 +103,11 @@ class grpc_alts_channel_security_connector final alts_check_peer(peer, auth_context, on_peer_checked); } + void cancel_check_peer(grpc_closure* /*on_peer_checked*/, + grpc_error* error) override { + GRPC_ERROR_UNREF(error); + } + int cmp(const grpc_security_connector* other_sc) const override { auto* other = reinterpret_cast(other_sc); @@ -168,6 +173,11 @@ class grpc_alts_server_security_connector final alts_check_peer(peer, auth_context, on_peer_checked); } + void cancel_check_peer(grpc_closure* /*on_peer_checked*/, + grpc_error* error) override { + GRPC_ERROR_UNREF(error); + } + int cmp(const grpc_security_connector* other) const override { return server_security_connector_cmp( static_cast(other)); diff --git a/src/core/lib/security/security_connector/fake/fake_security_connector.cc b/src/core/lib/security/security_connector/fake/fake_security_connector.cc index fdf750f4ede..e07685ade43 100644 --- a/src/core/lib/security/security_connector/fake/fake_security_connector.cc +++ b/src/core/lib/security/security_connector/fake/fake_security_connector.cc @@ -79,6 +79,11 @@ class grpc_fake_channel_security_connector final grpc_core::RefCountedPtr* auth_context, grpc_closure* on_peer_checked) override; + void cancel_check_peer(grpc_closure* /*on_peer_checked*/, + grpc_error* error) override { + GRPC_ERROR_UNREF(error); + } + int cmp(const grpc_security_connector* other_sc) const override { auto* other = reinterpret_cast(other_sc); @@ -287,6 +292,11 @@ class grpc_fake_server_security_connector fake_check_peer(this, peer, auth_context, on_peer_checked); } + void cancel_check_peer(grpc_closure* /*on_peer_checked*/, + grpc_error* error) override { + GRPC_ERROR_UNREF(error); + } + void add_handshakers(const grpc_channel_args* args, grpc_pollset_set* /*interested_parties*/, grpc_core::HandshakeManager* handshake_mgr) override { diff --git a/src/core/lib/security/security_connector/insecure/insecure_security_connector.h b/src/core/lib/security/security_connector/insecure/insecure_security_connector.h index 7d0f79e90f1..933ee3406c3 100644 --- a/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +++ b/src/core/lib/security/security_connector/insecure/insecure_security_connector.h @@ -60,6 +60,11 @@ class InsecureChannelSecurityConnector grpc_core::RefCountedPtr* auth_context, grpc_closure* on_peer_checked) override; + void cancel_check_peer(grpc_closure* /*on_peer_checked*/, + grpc_error* error) override { + GRPC_ERROR_UNREF(error); + } + int cmp(const grpc_security_connector* other_sc) const override; }; @@ -78,6 +83,11 @@ class InsecureServerSecurityConnector : public grpc_server_security_connector { grpc_core::RefCountedPtr* auth_context, grpc_closure* on_peer_checked) override; + void cancel_check_peer(grpc_closure* /*on_peer_checked*/, + grpc_error* error) override { + GRPC_ERROR_UNREF(error); + } + int cmp(const grpc_security_connector* other) const override; }; diff --git a/src/core/lib/security/security_connector/local/local_security_connector.cc b/src/core/lib/security/security_connector/local/local_security_connector.cc index 2cec0dbb9a5..2b4f591740e 100644 --- a/src/core/lib/security/security_connector/local/local_security_connector.cc +++ b/src/core/lib/security/security_connector/local/local_security_connector.cc @@ -181,6 +181,11 @@ class grpc_local_channel_security_connector final creds->connect_type()); } + void cancel_check_peer(grpc_closure* /*on_peer_checked*/, + grpc_error* error) override { + GRPC_ERROR_UNREF(error); + } + bool check_call_host(absl::string_view host, grpc_auth_context* /*auth_context*/, grpc_closure* /*on_call_host_checked*/, @@ -230,6 +235,11 @@ class grpc_local_server_security_connector final creds->connect_type()); } + void cancel_check_peer(grpc_closure* /*on_peer_checked*/, + grpc_error* error) override { + GRPC_ERROR_UNREF(error); + } + int cmp(const grpc_security_connector* other) const override { return server_security_connector_cmp( static_cast(other)); diff --git a/src/core/lib/security/security_connector/security_connector.h b/src/core/lib/security/security_connector/security_connector.h index 204b6957462..0ce97fe7295 100644 --- a/src/core/lib/security/security_connector/security_connector.h +++ b/src/core/lib/security/security_connector/security_connector.h @@ -55,13 +55,18 @@ class grpc_security_connector url_scheme_(url_scheme) {} ~grpc_security_connector() override = default; - /* Check the peer. Callee takes ownership of the peer object. - When done, sets *auth_context and invokes on_peer_checked. */ + // Checks the peer. Callee takes ownership of the peer object. + // When done, sets *auth_context and invokes on_peer_checked. virtual void check_peer( tsi_peer peer, grpc_endpoint* ep, grpc_core::RefCountedPtr* auth_context, grpc_closure* on_peer_checked) = 0; + // Cancels the pending check_peer() request associated with on_peer_checked. + // If there is no such request pending, this is a no-op. + virtual void cancel_check_peer(grpc_closure* on_peer_checked, + grpc_error* error) = 0; + /* Compares two security connectors. */ virtual int cmp(const grpc_security_connector* other) const = 0; diff --git a/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc b/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc index ee5672b955a..ba018af4d5a 100644 --- a/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +++ b/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc @@ -173,6 +173,11 @@ class grpc_ssl_channel_security_connector final tsi_peer_destruct(&peer); } + void cancel_check_peer(grpc_closure* /*on_peer_checked*/, + grpc_error* error) override { + GRPC_ERROR_UNREF(error); + } + int cmp(const grpc_security_connector* other_sc) const override { auto* other = reinterpret_cast(other_sc); @@ -293,6 +298,11 @@ class grpc_ssl_server_security_connector grpc_core::ExecCtx::Run(DEBUG_LOCATION, on_peer_checked, error); } + void cancel_check_peer(grpc_closure* /*on_peer_checked*/, + grpc_error* error) override { + GRPC_ERROR_UNREF(error); + } + int cmp(const grpc_security_connector* other) const override { return server_security_connector_cmp( static_cast(other)); diff --git a/src/core/lib/security/security_connector/tls/tls_security_connector.h b/src/core/lib/security/security_connector/tls/tls_security_connector.h index 453c531925d..bfed5c203a2 100644 --- a/src/core/lib/security/security_connector/tls/tls_security_connector.h +++ b/src/core/lib/security/security_connector/tls/tls_security_connector.h @@ -60,6 +60,12 @@ class TlsChannelSecurityConnector final grpc_core::RefCountedPtr* auth_context, grpc_closure* on_peer_checked) override; + void cancel_check_peer(grpc_closure* /*on_peer_checked*/, + grpc_error* error) override { + // TODO(ZhenLian): call verifier->cancel() once the verifier is ready. + GRPC_ERROR_UNREF(error); + } + int cmp(const grpc_security_connector* other_sc) const override; bool check_call_host(absl::string_view host, grpc_auth_context* auth_context, @@ -161,6 +167,12 @@ class TlsServerSecurityConnector final : public grpc_server_security_connector { grpc_core::RefCountedPtr* auth_context, grpc_closure* on_peer_checked) override; + void cancel_check_peer(grpc_closure* /*on_peer_checked*/, + grpc_error* error) override { + // TODO(ZhenLian): call verifier->cancel() once the verifier is ready. + GRPC_ERROR_UNREF(error); + } + int cmp(const grpc_security_connector* other) const override; tsi_ssl_server_handshaker_factory* ServerHandshakerFactoryForTesting() { diff --git a/src/core/lib/security/transport/security_handshaker.cc b/src/core/lib/security/transport/security_handshaker.cc index 6e09fef359d..58359b23f15 100644 --- a/src/core/lib/security/transport/security_handshaker.cc +++ b/src/core/lib/security/transport/security_handshaker.cc @@ -486,6 +486,7 @@ void SecurityHandshaker::Shutdown(grpc_error* why) { MutexLock lock(&mu_); if (!is_shutdown_) { is_shutdown_ = true; + connector_->cancel_check_peer(&on_peer_checked_, GRPC_ERROR_REF(why)); tsi_handshaker_shutdown(handshaker_); grpc_endpoint_shutdown(args_->endpoint, GRPC_ERROR_REF(why)); CleanupArgsForFailureLocked();