ipc,naming,security: Use blessing names in endpoint for server
authorization.
Servers now export "v4" formatted endpoints which contain the
blessing names that will be presented by the server. These endpoints
make their way into the mounttable.
This commit makes client use these blessing names to authorize servers
and prevent man-in-the-middle attacks.
This replaces the older scheme where the mounttable would explicitly
track blessings for each mounted server, separate from the endpoint.
Code for that (naming.MountedServer.BlessingPattern and related code)
will be removed in a follow-up change.
MultiPart: 1/2
Change-Id: Ib9f8fb3d5e6fe4ae1b87a8eb9755666f4f3e18ff
diff --git a/services/wsprd/app/app_test.go b/services/wsprd/app/app_test.go
index aa9c8ee..54ba33d 100644
--- a/services/wsprd/app/app_test.go
+++ b/services/wsprd/app/app_test.go
@@ -427,6 +427,9 @@
// Get the client that is relevant to the controller so it talks
// to the right mounttable.
client := v23.GetClient(rt.controller.Context())
+ // And have the client recognize the server, otherwise it won't
+ // authorize calls to it.
+ v23.GetPrincipal(rt.controller.Context()).AddToRoots(v23.GetPrincipal(ctx).BlessingStore().Default())
if err != nil {
t.Fatalf("unable to create client: %v", err)
