Have a richer interface for auth metadata processors.

pull/3007/head
Julien Boeuf 10 years ago
parent b714648e51
commit ee3dbb0078
  1. 14
      include/grpc/grpc_security.h
  2. 28
      src/core/security/server_auth_filter.c
  3. 2
      test/core/end2end/fixtures/chttp2_fake_security.c
  4. 2
      test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c
  5. 2
      test/core/end2end/fixtures/chttp2_simple_ssl_fullstack_with_poll.c
  6. 2
      test/core/end2end/fixtures/chttp2_simple_ssl_fullstack_with_proxy.c
  7. 4
      test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c

@ -275,12 +275,18 @@ int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx,
/* --- Auth Metadata Processing --- */
/* Callback function that is called when the metadata processing is done.
success is 1 if processing succeeded, 0 otherwise.
Consumed metadata will be removed from the set of metadata available on the
call. */
- Consumed metadata will be removed from the set of metadata available on the
call. consumed_md may be NULL if no metadata has been consumed.
- Response metadata will be set on the response. response_md may be NULL.
- status is GRPC_STATUS_OK for success or a specific status for an error.
Common error status for auth metadata processing is either
GRPC_STATUS_UNAUTHENTICATED in case of an authentication failure or
GRPC_STATUS PERMISSION_DENIED in case of an authorization failure.
- error_details gives details about the error. May be NULL. */
typedef void (*grpc_process_auth_metadata_done_cb)(
void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md,
int success);
const grpc_metadata *response_md, size_t num_response_md,
grpc_status_code status, const char *error_details);
/* Pluggable server-side metadata processor object. */
typedef struct {

@ -104,24 +104,34 @@ static grpc_mdelem *remove_consumed_md(void *user_data, grpc_mdelem *md) {
return md;
}
static void on_md_processing_done(void *user_data,
const grpc_metadata *consumed_md,
size_t num_consumed_md, int success) {
static void on_md_processing_done(
void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md,
const grpc_metadata *response_md, size_t num_response_md,
grpc_status_code status, const char *error_details) {
grpc_call_element *elem = user_data;
call_data *calld = elem->call_data;
if (success) {
/* TODO(jboeuf): Implement support for response_md. */
if (response_md != NULL && num_response_md > 0) {
gpr_log(GPR_INFO,
"response_md in auth metadata processing not supported for now. "
"Ignoring...");
}
if (status == GRPC_STATUS_OK) {
calld->consumed_md = consumed_md;
calld->num_consumed_md = num_consumed_md;
grpc_metadata_batch_filter(&calld->md_op->data.metadata, remove_consumed_md,
elem);
calld->on_done_recv->cb(calld->on_done_recv->cb_arg, success);
calld->on_done_recv->cb(calld->on_done_recv->cb_arg, 1);
} else {
gpr_slice message = gpr_slice_from_copied_string(
"Authentication metadata processing failed.");
gpr_slice message;
error_details = error_details != NULL
? error_details
: "Authentication metadata processing failed.";
message = gpr_slice_from_copied_string(error_details);
grpc_sopb_reset(calld->recv_ops);
grpc_transport_stream_op_add_close(&calld->transport_op,
GRPC_STATUS_UNAUTHENTICATED, &message);
grpc_transport_stream_op_add_close(&calld->transport_op, status, &message);
grpc_call_next_op(elem, &calld->transport_op);
}
}

@ -70,7 +70,7 @@ static void process_auth_failure(void *state, grpc_auth_context *ctx,
grpc_process_auth_metadata_done_cb cb,
void *user_data) {
GPR_ASSERT(state == NULL);
cb(user_data, NULL, 0, 0);
cb(user_data, NULL, 0, NULL, 0, GRPC_STATUS_UNAUTHENTICATED, NULL);
}
static void chttp2_init_client_secure_fullstack(grpc_end2end_test_fixture *f,

@ -73,7 +73,7 @@ static void process_auth_failure(void *state, grpc_auth_context *ctx,
grpc_process_auth_metadata_done_cb cb,
void *user_data) {
GPR_ASSERT(state == NULL);
cb(user_data, NULL, 0, 0);
cb(user_data, NULL, 0, NULL, 0, GRPC_STATUS_UNAUTHENTICATED, NULL);
}
static void chttp2_init_client_secure_fullstack(grpc_end2end_test_fixture *f,

@ -73,7 +73,7 @@ static void process_auth_failure(void *state, grpc_auth_context *ctx,
grpc_process_auth_metadata_done_cb cb,
void *user_data) {
GPR_ASSERT(state == NULL);
cb(user_data, NULL, 0, 0);
cb(user_data, NULL, 0, NULL, 0, GRPC_STATUS_UNAUTHENTICATED, NULL);
}
static void chttp2_init_client_secure_fullstack(grpc_end2end_test_fixture *f,

@ -101,7 +101,7 @@ static void process_auth_failure(void *state, grpc_auth_context *ctx,
grpc_process_auth_metadata_done_cb cb,
void *user_data) {
GPR_ASSERT(state == NULL);
cb(user_data, NULL, 0, 0);
cb(user_data, NULL, 0, NULL, 0, GRPC_STATUS_UNAUTHENTICATED, NULL);
}
static void chttp2_init_client_secure_fullstack(grpc_end2end_test_fixture *f,

@ -79,7 +79,7 @@ static void process_oauth2_success(void *state, grpc_auth_context *ctx,
client_identity);
GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name(
ctx, client_identity_property_name) == 1);
cb(user_data, oauth2, 1, 1);
cb(user_data, oauth2, 1, NULL, 0, GRPC_STATUS_OK, NULL);
}
static void process_oauth2_failure(void *state, grpc_auth_context *ctx,
@ -90,7 +90,7 @@ static void process_oauth2_failure(void *state, grpc_auth_context *ctx,
find_metadata(md, md_count, "Authorization", oauth2_md);
GPR_ASSERT(state == NULL);
GPR_ASSERT(oauth2 != NULL);
cb(user_data, oauth2, 1, 0);
cb(user_data, oauth2, 1, NULL, 0, GRPC_STATUS_UNAUTHENTICATED, NULL);
}
static grpc_end2end_test_fixture chttp2_create_fixture_secure_fullstack(

Loading…
Cancel
Save