ipc: Get rid of vc.LocalPrincipal and vc.AnonymousPrincipal.
This involved:
(1) Getting principal from ctx in client.StartCall.
(2) This means all ipc tests need to use the fake profile.
(3) Manager Dial, InternalNewDialedVIf, and vf.Dial take a principal as well.
(4) VCMap in client.go must also be keys by the publicKey of the principal
since the principal can vary per call.
Change-Id: I7f8ed573499376343b675b616f05f02590dfb8f0
diff --git a/profiles/internal/ipc/cancel_test.go b/profiles/internal/ipc/cancel_test.go
index 6d95855..a8da7e7 100644
--- a/profiles/internal/ipc/cancel_test.go
+++ b/profiles/internal/ipc/cancel_test.go
@@ -6,8 +6,8 @@
"v.io/x/ref/profiles/internal/ipc/stream"
"v.io/x/ref/profiles/internal/ipc/stream/manager"
tnaming "v.io/x/ref/profiles/internal/testing/mocks/naming"
- tsecurity "v.io/x/ref/test/security"
+ "v.io/v23"
"v.io/v23/context"
"v.io/v23/ipc"
"v.io/v23/naming"
@@ -54,10 +54,9 @@
return nil
}
-func makeCanceld(ns ns.Namespace, name, child string) (*canceld, error) {
+func makeCanceld(ctx *context.T, ns ns.Namespace, name, child string) (*canceld, error) {
sm := manager.InternalNew(naming.FixedRoutingID(0x111111111))
- ctx := testContext()
- s, err := testInternalNewServer(ctx, sm, ns, tsecurity.NewPrincipal("test"))
+ s, err := testInternalNewServer(ctx, sm, ns, v23.GetPrincipal(ctx))
if err != nil {
return nil, err
}
@@ -85,6 +84,9 @@
// TestCancellationPropagation tests that cancellation propogates along an
// RPC call chain without user intervention.
func TestCancellationPropagation(t *testing.T) {
+ ctx, shutdown := initForTest()
+ defer shutdown()
+
sm := manager.InternalNew(naming.FixedRoutingID(0x555555555))
ns := tnaming.NewSimpleNamespace()
@@ -93,19 +95,19 @@
t.Error(err)
}
- c1, err := makeCanceld(ns, "c1", "c2")
+ c1, err := makeCanceld(ctx, ns, "c1", "c2")
if err != nil {
t.Fatal("Can't start server:", err)
}
defer c1.stop()
- c2, err := makeCanceld(ns, "c2", "")
+ c2, err := makeCanceld(ctx, ns, "c2", "")
if err != nil {
t.Fatal("Can't start server:", err)
}
defer c2.stop()
- ctx, cancel := context.WithCancel(testContext())
+ ctx, cancel := context.WithCancel(ctx)
_, err = client.StartCall(ctx, "c1", "Run", []interface{}{})
if err != nil {
t.Fatal("can't call: ", err)
diff --git a/profiles/internal/ipc/client.go b/profiles/internal/ipc/client.go
index 4138ba2..9f32184 100644
--- a/profiles/internal/ipc/client.go
+++ b/profiles/internal/ipc/client.go
@@ -11,6 +11,7 @@
"sync"
"time"
+ "v.io/v23"
"v.io/v23/context"
"v.io/v23/i18n"
"v.io/v23/ipc"
@@ -112,8 +113,8 @@
}
type vcMapKey struct {
- endpoint string
- encrypted bool
+ endpoint string
+ clientPublicKey string // clientPublicKey = "" means we are running unencrypted (i.e. VCSecurityNone)
}
func InternalNewClient(streamMgr stream.Manager, ns ns.Namespace, opts ...ipc.ClientOpt) (ipc.Client, error) {
@@ -143,7 +144,14 @@
if c.vcMap == nil {
return nil, verror.New(errClientCloseAlreadyCalled, ctx)
}
- vcKey := vcMapKey{ep.String(), vcEncrypted(vcOpts)}
+ vcKey := vcMapKey{endpoint: ep.String()}
+ var principal security.Principal
+ if vcEncrypted(vcOpts) {
+ principal = v23.GetPrincipal(ctx)
+ }
+ if principal != nil {
+ vcKey.clientPublicKey = principal.PublicKey().String()
+ }
if vcinfo := c.vcMap[vcKey]; vcinfo != nil {
if flow, err := vcinfo.vc.Connect(); err == nil {
return flow, nil
@@ -158,7 +166,8 @@
}
sm := c.streamMgr
c.vcMapMu.Unlock()
- vc, err := sm.Dial(ep, vcOpts...)
+
+ vc, err := sm.Dial(ep, principal, vcOpts...)
c.vcMapMu.Lock()
if err != nil {
if strings.Contains(err.Error(), "authentication failed") {
diff --git a/profiles/internal/ipc/debug_test.go b/profiles/internal/ipc/debug_test.go
index 9a41c67..ea0bea4 100644
--- a/profiles/internal/ipc/debug_test.go
+++ b/profiles/internal/ipc/debug_test.go
@@ -6,6 +6,7 @@
"sort"
"testing"
+ "v.io/v23"
"v.io/v23/ipc"
"v.io/v23/naming"
"v.io/v23/options"
@@ -13,13 +14,14 @@
"v.io/x/ref/lib/stats"
"v.io/x/ref/profiles/internal/ipc/stream/manager"
- "v.io/x/ref/profiles/internal/ipc/stream/vc"
tnaming "v.io/x/ref/profiles/internal/testing/mocks/naming"
"v.io/x/ref/services/mgmt/debug"
tsecurity "v.io/x/ref/test/security"
)
func TestDebugServer(t *testing.T) {
+ ctx, shutdown := initForTest()
+ defer shutdown()
// Setup the client and server principals, with the client willing to share its
// blessing with the server.
var (
@@ -35,7 +37,6 @@
sm := manager.InternalNew(naming.FixedRoutingID(0x555555555))
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
- ctx := testContext()
server, err := testInternalNewServer(ctx, sm, ns, pserver, ReservedNameDispatcher{debugDisp})
if err != nil {
t.Fatalf("InternalNewServer failed: %v", err)
@@ -48,7 +49,8 @@
if err := server.Serve("", &testObject{}, nil); err != nil {
t.Fatalf("server.Serve failed: %v", err)
}
- client, err := InternalNewClient(sm, ns, vc.LocalPrincipal{pclient})
+ ctx, _ = v23.SetPrincipal(ctx, pclient)
+ client, err := InternalNewClient(sm, ns)
if err != nil {
t.Fatalf("InternalNewClient failed: %v", err)
}
diff --git a/profiles/internal/ipc/default_authorizer_test.go b/profiles/internal/ipc/default_authorizer_test.go
index d722310..9c27210 100644
--- a/profiles/internal/ipc/default_authorizer_test.go
+++ b/profiles/internal/ipc/default_authorizer_test.go
@@ -132,7 +132,8 @@
authorized: true,
},
}
- ctx := testContextWithoutDeadline()
+ ctx, shutdown := initForTest()
+ defer shutdown()
for _, test := range tests {
test.call.p, test.call.l, test.call.r, test.call.c = pali, test.local, test.remote, ctx
ctx, cancel := context.RootContext()
diff --git a/profiles/internal/ipc/full_test.go b/profiles/internal/ipc/full_test.go
index f351b1d..c2a64cf 100644
--- a/profiles/internal/ipc/full_test.go
+++ b/profiles/internal/ipc/full_test.go
@@ -15,6 +15,7 @@
"testing"
"time"
+ "v.io/v23"
"v.io/v23/context"
"v.io/v23/ipc"
"v.io/v23/naming"
@@ -30,7 +31,6 @@
"v.io/x/ref/profiles/internal/ipc/stream"
"v.io/x/lib/netstate"
- "v.io/x/ref/lib/flags"
"v.io/x/ref/lib/stats"
_ "v.io/x/ref/profiles/internal/ipc/protocols/tcp"
_ "v.io/x/ref/profiles/internal/ipc/protocols/ws"
@@ -41,7 +41,6 @@
"v.io/x/ref/profiles/internal/lib/websocket"
inaming "v.io/x/ref/profiles/internal/naming"
tnaming "v.io/x/ref/profiles/internal/testing/mocks/naming"
- ivtrace "v.io/x/ref/profiles/internal/vtrace"
tsecurity "v.io/x/ref/test/security"
"v.io/x/ref/test/testutil"
)
@@ -74,16 +73,6 @@
c.Unlock()
}
-func testContextWithoutDeadline() *context.T {
- ctx, _ := context.RootContext()
- ctx, err := ivtrace.Init(ctx, flags.VtraceFlags{})
- if err != nil {
- panic(err)
- }
- ctx, _ = vtrace.SetNewTrace(ctx)
- return ctx
-}
-
func testInternalNewServer(ctx *context.T, streamMgr stream.Manager, ns ns.Namespace, principal security.Principal, opts ...ipc.ServerOpt) (ipc.Server, error) {
client, err := InternalNewClient(streamMgr, ns)
if err != nil {
@@ -229,8 +218,8 @@
return call.LocalPrincipal().MintDischarge(cav, expiry)
}
-func startServer(t *testing.T, principal security.Principal, sm stream.Manager, ns ns.Namespace, name string, disp ipc.Dispatcher, opts ...ipc.ServerOpt) (naming.Endpoint, ipc.Server) {
- return startServerWS(t, principal, sm, ns, name, disp, noWebsocket, opts...)
+func startServer(t *testing.T, ctx *context.T, principal security.Principal, sm stream.Manager, ns ns.Namespace, name string, disp ipc.Dispatcher, opts ...ipc.ServerOpt) (naming.Endpoint, ipc.Server) {
+ return startServerWS(t, ctx, principal, sm, ns, name, disp, noWebsocket, opts...)
}
func endpointsToStrings(eps []naming.Endpoint) []string {
@@ -242,9 +231,8 @@
return r
}
-func startServerWS(t *testing.T, principal security.Principal, sm stream.Manager, ns ns.Namespace, name string, disp ipc.Dispatcher, shouldUseWebsocket websocketMode, opts ...ipc.ServerOpt) (naming.Endpoint, ipc.Server) {
+func startServerWS(t *testing.T, ctx *context.T, principal security.Principal, sm stream.Manager, ns ns.Namespace, name string, disp ipc.Dispatcher, shouldUseWebsocket websocketMode, opts ...ipc.ServerOpt) (naming.Endpoint, ipc.Server) {
vlog.VI(1).Info("InternalNewServer")
- ctx := testContext()
server, err := testInternalNewServer(ctx, sm, ns, principal, opts...)
if err != nil {
t.Errorf("InternalNewServer failed: %v", err)
@@ -279,8 +267,8 @@
return fmt.Sprintf("%s:%d", filepath.Base(file), line)
}
-func verifyMount(t *testing.T, ns ns.Namespace, name string) []string {
- me, err := ns.Resolve(testContext(), name)
+func verifyMount(t *testing.T, ctx *context.T, ns ns.Namespace, name string) []string {
+ me, err := ns.Resolve(ctx, name)
if err != nil {
t.Errorf("%s: %s not found in mounttable", loc(1), name)
return nil
@@ -288,30 +276,30 @@
return me.Names()
}
-func verifyMountMissing(t *testing.T, ns ns.Namespace, name string) {
- if me, err := ns.Resolve(testContext(), name); err == nil {
+func verifyMountMissing(t *testing.T, ctx *context.T, ns ns.Namespace, name string) {
+ if me, err := ns.Resolve(ctx, name); err == nil {
names := me.Names()
t.Errorf("%s: %s not supposed to be found in mounttable; got %d servers instead: %v (%+v)", loc(1), name, len(names), names, me)
}
}
-func stopServer(t *testing.T, server ipc.Server, ns ns.Namespace, name string) {
+func stopServer(t *testing.T, ctx *context.T, server ipc.Server, ns ns.Namespace, name string) {
vlog.VI(1).Info("server.Stop")
new_name := "should_appear_in_mt/server"
- verifyMount(t, ns, name)
+ verifyMount(t, ctx, ns, name)
// publish a second name
if err := server.AddName(new_name); err != nil {
t.Errorf("server.Serve failed: %v", err)
}
- verifyMount(t, ns, new_name)
+ verifyMount(t, ctx, ns, new_name)
if err := server.Stop(); err != nil {
t.Errorf("server.Stop failed: %v", err)
}
- verifyMountMissing(t, ns, name)
- verifyMountMissing(t, ns, new_name)
+ verifyMountMissing(t, ctx, ns, name)
+ verifyMountMissing(t, ctx, ns, new_name)
// Check that we can no longer serve after Stop.
err := server.AddName("name doesn't matter")
@@ -325,9 +313,9 @@
// the use of websockets. It does so by resolving the original name
// and choosing the 'ws' endpoint from the set of endpoints returned.
// It must return a name since it'll be passed to StartCall.
-func fakeWSName(ns ns.Namespace, name string) (string, error) {
+func fakeWSName(ctx *context.T, ns ns.Namespace, name string) (string, error) {
// Find the ws endpoint and use that.
- me, err := ns.Resolve(testContext(), name)
+ me, err := ns.Resolve(ctx, name)
if err != nil {
return "", err
}
@@ -349,31 +337,29 @@
name string
}
-func (b bundle) cleanup(t *testing.T) {
+func (b bundle) cleanup(t *testing.T, ctx *context.T) {
if b.server != nil {
- stopServer(t, b.server, b.ns, b.name)
+ stopServer(t, ctx, b.server, b.ns, b.name)
}
if b.client != nil {
b.client.Close()
}
}
-func createBundle(t *testing.T, client, server security.Principal, ts interface{}) (b bundle) {
- return createBundleWS(t, client, server, ts, noWebsocket)
+func createBundle(t *testing.T, ctx *context.T, server security.Principal, ts interface{}) (b bundle) {
+ return createBundleWS(t, ctx, server, ts, noWebsocket)
}
-func createBundleWS(t *testing.T, client, server security.Principal, ts interface{}, shouldUseWebsocket websocketMode) (b bundle) {
+func createBundleWS(t *testing.T, ctx *context.T, server security.Principal, ts interface{}, shouldUseWebsocket websocketMode) (b bundle) {
b.sm = imanager.InternalNew(naming.FixedRoutingID(0x555555555))
b.ns = tnaming.NewSimpleNamespace()
b.name = "mountpoint/server"
if server != nil {
- b.ep, b.server = startServerWS(t, server, b.sm, b.ns, b.name, testServerDisp{ts}, shouldUseWebsocket)
+ b.ep, b.server = startServerWS(t, ctx, server, b.sm, b.ns, b.name, testServerDisp{ts}, shouldUseWebsocket)
}
- if client != nil {
- var err error
- if b.client, err = InternalNewClient(b.sm, b.ns, vc.LocalPrincipal{client}); err != nil {
- t.Fatalf("InternalNewClient failed: %v", err)
- }
+ var err error
+ if b.client, err = InternalNewClient(b.sm, b.ns); err != nil {
+ t.Fatalf("InternalNewClient failed: %v", err)
}
return
}
@@ -388,13 +374,13 @@
return verror.Is(err, id.ID)
}
-func runServer(t *testing.T, ns ns.Namespace, principal security.Principal, name string, obj interface{}, opts ...ipc.ServerOpt) stream.Manager {
+func runServer(t *testing.T, ctx *context.T, ns ns.Namespace, principal security.Principal, name string, obj interface{}, opts ...ipc.ServerOpt) stream.Manager {
rid, err := naming.NewRoutingID()
if err != nil {
t.Fatal(err)
}
sm := imanager.InternalNew(rid)
- server, err := testInternalNewServer(testContext(), sm, ns, principal, opts...)
+ server, err := testInternalNewServer(ctx, sm, ns, principal, opts...)
if err != nil {
t.Fatal(err)
}
@@ -410,7 +396,8 @@
func TestMultipleCallsToServeAndName(t *testing.T) {
sm := imanager.InternalNew(naming.FixedRoutingID(0x555555555))
ns := tnaming.NewSimpleNamespace()
- ctx := testContext()
+ ctx, shutdown := initForTest()
+ defer shutdown()
server, err := testInternalNewServer(ctx, sm, ns, tsecurity.NewPrincipal("server"))
if err != nil {
t.Errorf("InternalNewServer failed: %v", err)
@@ -430,7 +417,7 @@
n3 := "should_appear_in_mt/server"
n4 := "should_not_appear_in_mt/server"
- verifyMount(t, ns, n1)
+ verifyMount(t, ctx, ns, n1)
if server.ServeDispatcher(n2, disp) == nil {
t.Errorf("server.ServeDispatcher should have failed")
@@ -447,26 +434,26 @@
if err := server.AddName(n3); err != nil {
t.Errorf("server.AddName failed: %v", err)
}
- verifyMount(t, ns, n2)
- verifyMount(t, ns, n3)
+ verifyMount(t, ctx, ns, n2)
+ verifyMount(t, ctx, ns, n3)
server.RemoveName(n1)
- verifyMountMissing(t, ns, n1)
+ verifyMountMissing(t, ctx, ns, n1)
server.RemoveName("some randome name")
if err := server.ServeDispatcher(n4, &testServerDisp{&testServer{}}); err == nil {
t.Errorf("server.ServeDispatcher should have failed")
}
- verifyMountMissing(t, ns, n4)
+ verifyMountMissing(t, ctx, ns, n4)
if err := server.Stop(); err != nil {
t.Errorf("server.Stop failed: %v", err)
}
- verifyMountMissing(t, ns, n1)
- verifyMountMissing(t, ns, n2)
- verifyMountMissing(t, ns, n3)
+ verifyMountMissing(t, ctx, ns, n1)
+ verifyMountMissing(t, ctx, ns, n2)
+ verifyMountMissing(t, ctx, ns, n3)
}
func TestRPCServerAuthorization(t *testing.T) {
@@ -544,12 +531,15 @@
}
)
- _, server := startServer(t, pserver, mgr, ns, "mountpoint/server", testServerDisp{&testServer{}})
- defer stopServer(t, server, ns, "mountpoint/server")
+ ctx, shutdown := initForTest()
+ defer shutdown()
+
+ _, server := startServer(t, ctx, pserver, mgr, ns, "mountpoint/server", testServerDisp{&testServer{}})
+ defer stopServer(t, ctx, server, ns, "mountpoint/server")
// Start the discharge server.
- _, dischargeServer := startServer(t, pdischarger, mgr, ns, "mountpoint/dischargeserver", testutil.LeafDispatcher(&dischargeServer{}, &acceptAllAuthorizer{}))
- defer stopServer(t, dischargeServer, ns, "mountpoint/dischargeserver")
+ _, dischargeServer := startServer(t, ctx, pdischarger, mgr, ns, "mountpoint/dischargeserver", testutil.LeafDispatcher(&dischargeServer{}, &acceptAllAuthorizer{}))
+ defer stopServer(t, ctx, dischargeServer, ns, "mountpoint/dischargeserver")
// Make the client and server principals trust root certificates from
// pprovider
@@ -568,12 +558,13 @@
t.Fatalf("Set failed on server's BlessingStore: %v", err)
}
// Recreate client in each test (so as to not re-use VCs to the server).
- client, err := InternalNewClient(mgr, ns, vc.LocalPrincipal{pclient})
+ client, err := InternalNewClient(mgr, ns)
if err != nil {
t.Errorf("%s: failed to create client: %v", name, err)
continue
}
- ctx, cancel := context.WithTimeout(testContextWithoutDeadline(), 10*time.Second)
+ ctx, _ = v23.SetPrincipal(ctx, pclient)
+ ctx, cancel := context.WithCancel(ctx)
call, err := client.StartCall(ctx, test.name, "Method", nil, test.opt)
if !matchesErrorPattern(err, test.errID, test.err) {
t.Errorf(`%s: client.StartCall: got error "%v", want to match "%v"`, name, err, test.err)
@@ -598,10 +589,12 @@
func TestServerManInTheMiddleAttack(t *testing.T) {
// Test scenario: A server mounts itself, but then some other service
// somehow "takes over" the endpoint, thus trying to steal traffic.
+ ctx, shutdown := initForTest()
+ defer shutdown()
// Start up the attacker's server.
attacker, err := testInternalNewServer(
- testContext(),
+ ctx,
imanager.InternalNew(naming.FixedRoutingID(0xaaaaaaaaaaaaaaaa)),
// (To prevent the attacker for legitimately mounting on the
// namespace that the client will use, provide it with a
@@ -627,7 +620,7 @@
// The legitimate server would have mounted the same endpoint on the
// namespace.
ns := tnaming.NewSimpleNamespace()
- if err := ns.Mount(testContext(), "mountpoint/server", ep.Name(), time.Hour, naming.MountedServerBlessingsOpt{"server"}); err != nil {
+ if err := ns.Mount(ctx, "mountpoint/server", ep.Name(), time.Hour, naming.MountedServerBlessingsOpt{"server"}); err != nil {
t.Fatal(err)
}
@@ -637,17 +630,18 @@
client, err := InternalNewClient(
imanager.InternalNew(naming.FixedRoutingID(0xcccccccccccccccc)),
ns,
- vc.LocalPrincipal{tsecurity.NewPrincipal("client")})
+ )
if err != nil {
t.Fatal(err)
}
defer client.Close()
- if _, err := client.StartCall(testContext(), "mountpoint/server", "Closure", nil); !verror.Is(err, verror.ErrNotTrusted.ID) {
+ ctx, _ = v23.SetPrincipal(ctx, tsecurity.NewPrincipal("client"))
+ if _, err := client.StartCall(ctx, "mountpoint/server", "Closure", nil); !verror.Is(err, verror.ErrNotTrusted.ID) {
t.Errorf("Got error %v (errorid=%v), want errorid=%v", err, verror.ErrorID(err), verror.ErrNotTrusted.ID)
}
// But the RPC should succeed if the client explicitly
// decided to skip server authorization.
- if _, err := client.StartCall(testContext(), "mountpoint/server", "Closure", nil, options.SkipResolveAuthorization{}); err != nil {
+ if _, err := client.StartCall(ctx, "mountpoint/server", "Closure", nil, options.SkipResolveAuthorization{}); err != nil {
t.Errorf("Unexpected error(%v) when skipping server authorization", err)
}
}
@@ -715,9 +709,13 @@
pserver = tsecurity.NewPrincipal("server")
pclient = tsecurity.NewPrincipal("client")
- b = createBundleWS(t, pclient, pserver, &testServer{}, shouldUseWebsocket)
+ ctx, shutdown = initForTest()
+
+ b = createBundleWS(t, ctx, pserver, &testServer{}, shouldUseWebsocket)
)
- defer b.cleanup(t)
+ defer shutdown()
+ defer b.cleanup(t, ctx)
+ ctx, _ = v23.SetPrincipal(ctx, pclient)
// The server needs to recognize the client's root certificate.
pserver.AddToRoots(pclient.BlessingStore().Default())
for _, test := range tests {
@@ -725,13 +723,13 @@
vname := test.name
if shouldUseWebsocket {
var err error
- vname, err = fakeWSName(b.ns, vname)
+ vname, err = fakeWSName(ctx, b.ns, vname)
if err != nil && err != test.startErr {
t.Errorf(`%s ns.Resolve got error "%v", want "%v"`, name(test), err, test.startErr)
continue
}
}
- call, err := b.client.StartCall(testContext(), vname, test.method, test.args)
+ call, err := b.client.StartCall(ctx, vname, test.method, test.args)
if err != test.startErr {
t.Errorf(`%s client.StartCall got error "%v", want "%v"`, name(test), err, test.startErr)
continue
@@ -778,10 +776,13 @@
}
func TestMultipleFinish(t *testing.T) {
+ ctx, shutdown := initForTest()
+ defer shutdown()
type v []interface{}
- b := createBundle(t, tsecurity.NewPrincipal("client"), tsecurity.NewPrincipal("server"), &testServer{})
- defer b.cleanup(t)
- call, err := b.client.StartCall(testContext(), "mountpoint/server/suffix", "Echo", v{"foo"})
+ b := createBundle(t, ctx, tsecurity.NewPrincipal("server"), &testServer{})
+ defer b.cleanup(t, ctx)
+ ctx, _ = v23.SetPrincipal(ctx, tsecurity.NewPrincipal("client"))
+ call, err := b.client.StartCall(ctx, "mountpoint/server/suffix", "Echo", v{"foo"})
if err != nil {
t.Fatalf(`client.StartCall got error "%v"`, err)
}
@@ -807,11 +808,15 @@
func TestGranter(t *testing.T) {
var (
- pclient = tsecurity.NewPrincipal("client")
- pserver = tsecurity.NewPrincipal("server")
- b = createBundle(t, pclient, pserver, &testServer{})
+ pclient = tsecurity.NewPrincipal("client")
+ pserver = tsecurity.NewPrincipal("server")
+ ctx, shutdown = initForTest()
+ b = createBundle(t, ctx, pserver, &testServer{})
)
- defer b.cleanup(t)
+ defer shutdown()
+ defer b.cleanup(t, ctx)
+
+ ctx, _ = v23.SetPrincipal(ctx, pclient)
tests := []struct {
granter ipc.Granter
@@ -824,7 +829,7 @@
{granter: granter{b: pclient.BlessingStore().Default()}, finishErrID: verror.ErrNoAccess, finisherr: "blessing granted not bound to this server"},
}
for i, test := range tests {
- call, err := b.client.StartCall(testContext(), "mountpoint/server/suffix", "EchoGrantedBlessings", []interface{}{"argument"}, test.granter)
+ call, err := b.client.StartCall(ctx, "mountpoint/server/suffix", "EchoGrantedBlessings", []interface{}{"argument"}, test.granter)
if !matchesErrorPattern(err, test.startErrID, test.starterr) {
t.Errorf("%d: %+v: StartCall returned error %v", i, test, err)
}
@@ -872,7 +877,7 @@
sm = imanager.InternalNew(naming.FixedRoutingID(0x555555555))
ns = tnaming.NewSimpleNamespace()
- mkClient = func(req security.ThirdPartyRequirements) vc.LocalPrincipal {
+ mkClient = func(req security.ThirdPartyRequirements) security.Principal {
// Setup the client so that it shares a blessing with a third-party caveat with the server.
cav, err := security.NewPublicKeyCaveat(pdischarger.PublicKey(), "mountpoint/discharger", req, security.UnconstrainedUse())
if err != nil {
@@ -883,9 +888,11 @@
t.Fatalf("BlessSelf failed: %v", err)
}
pclient.BlessingStore().Set(b, "server")
- return vc.LocalPrincipal{pclient}
+ return pclient
}
)
+ ctx, shutdown := initForTest()
+ defer shutdown()
// Initialize the client principal.
// It trusts both the application server and the discharger.
pclient.AddToRoots(pserver.BlessingStore().Default())
@@ -902,7 +909,6 @@
// Setup the discharge server.
var tester dischargeTestServer
- ctx := testContext()
dischargeServer, err := testInternalNewServer(ctx, sm, ns, pdischarger)
if err != nil {
t.Fatal(err)
@@ -964,12 +970,12 @@
for _, test := range tests {
pclient := mkClient(test.Requirements)
- client, err := InternalNewClient(sm, ns, pclient)
+ ctx, _ = v23.SetPrincipal(ctx, pclient)
+ client, err := InternalNewClient(sm, ns)
if err != nil {
t.Fatalf("InternalNewClient(%+v) failed: %v", test.Requirements, err)
}
defer client.Close()
- ctx := testContext()
tid := vtrace.GetSpan(ctx).Trace()
// StartCall should fetch the discharge, do not worry about finishing the RPC - do not care about that for this test.
if _, err := client.StartCall(ctx, object, "Method", []interface{}{"argument"}); err != nil {
@@ -1093,13 +1099,16 @@
{bServerClientTPValid, "mountpoint/server/suffix", "Unauthorized", nil, v{""}, false},
}
)
+
+ ctx, shutdown := initForTest()
+ defer shutdown()
// Start the main server.
- _, server := startServer(t, pserver, mgr, ns, serverName, testServerDisp{&testServer{}})
- defer stopServer(t, server, ns, serverName)
+ _, server := startServer(t, ctx, pserver, mgr, ns, serverName, testServerDisp{&testServer{}})
+ defer stopServer(t, ctx, server, ns, serverName)
// Start the discharge server.
- _, dischargeServer := startServer(t, pdischarger, mgr, ns, dischargeServerName, testutil.LeafDispatcher(&dischargeServer{}, &acceptAllAuthorizer{}))
- defer stopServer(t, dischargeServer, ns, dischargeServerName)
+ _, dischargeServer := startServer(t, ctx, pdischarger, mgr, ns, dischargeServerName, testutil.LeafDispatcher(&dischargeServer{}, &acceptAllAuthorizer{}))
+ defer stopServer(t, ctx, dischargeServer, ns, dischargeServerName)
// The server should recognize the client principal as an authority on "client" and "random" blessings.
pserver.AddToRoots(bClient)
@@ -1115,14 +1124,15 @@
for i, test := range tests {
name := fmt.Sprintf("#%d: %q.%s(%v) by %v", i, test.name, test.method, test.args, test.blessings)
- client, err := InternalNewClient(mgr, ns, vc.LocalPrincipal{pclient})
+ client, err := InternalNewClient(mgr, ns)
if err != nil {
t.Fatalf("InternalNewClient failed: %v", err)
}
defer client.Close()
pclient.BlessingStore().Set(test.blessings, "server")
- call, err := client.StartCall(testContext(), test.name, test.method, test.args)
+ ctx, _ := v23.SetPrincipal(ctx, pclient)
+ call, err := client.StartCall(ctx, test.name, test.method, test.args)
if err != nil {
t.Errorf(`%s client.StartCall got unexpected error: "%v"`, name, err)
continue
@@ -1192,9 +1202,13 @@
bclient = bless(pprovider, pclient, "client")
bvictim = bless(pprovider, tsecurity.NewPrincipal("victim"), "victim")
- b = createBundle(t, pclient, pserver, &testServer{})
+ ctx, shutdown = initForTest()
+ b = createBundle(t, ctx, pserver, &testServer{})
)
- defer b.cleanup(t)
+ defer shutdown()
+ defer b.cleanup(t, ctx)
+
+ ctx, _ = v23.SetPrincipal(ctx, pclient)
// Make the client and server trust blessings from pprovider.
pclient.AddToRoots(pprovider.BlessingStore().Default())
@@ -1219,7 +1233,7 @@
pclient.BlessingStore().Set(test.blessings, "root")
- call, err := b.client.StartCall(testContext(), "mountpoint/server/suffix", "Closure", nil)
+ call, err := b.client.StartCall(ctx, "mountpoint/server/suffix", "Closure", nil)
if err != nil {
t.Errorf("%v: StartCall failed: %v", name, err)
continue
@@ -1244,6 +1258,10 @@
bserver = bless(pprovider, pserver, "server", tpCav)
bclient = bless(pprovider, pclient, "client")
)
+
+ ctx, shutdown := initForTest()
+ defer shutdown()
+
// Make the client and server principals trust root certificates from
// pprovider.
pclient.AddToRoots(pprovider.BlessingStore().Default())
@@ -1253,23 +1271,24 @@
pserver.BlessingStore().SetDefault(bserver)
// Start the server and the discharger.
- _, server := startServer(t, pserver, mgr, ns, "mountpoint/server", testServerDisp{&testServer{}})
- defer stopServer(t, server, ns, "mountpoint/server")
+ _, server := startServer(t, ctx, pserver, mgr, ns, "mountpoint/server", testServerDisp{&testServer{}})
+ defer stopServer(t, ctx, server, ns, "mountpoint/server")
- _, dischargeServer := startServer(t, pdischarger, mgr, ns, "mountpoint/dischargeserver", testutil.LeafDispatcher(&dischargeServer{}, &acceptAllAuthorizer{}))
- defer stopServer(t, dischargeServer, ns, "mountpoint/dischargeserver")
+ _, dischargeServer := startServer(t, ctx, pdischarger, mgr, ns, "mountpoint/dischargeserver", testutil.LeafDispatcher(&dischargeServer{}, &acceptAllAuthorizer{}))
+ defer stopServer(t, ctx, dischargeServer, ns, "mountpoint/dischargeserver")
// Make the client present bclient to all servers that are blessed
// by pprovider.
pclient.BlessingStore().Set(bclient, "root")
- client, err := InternalNewClient(mgr, ns, vc.LocalPrincipal{pclient})
+ client, err := InternalNewClient(mgr, ns)
if err != nil {
t.Fatalf("InternalNewClient failed: %v", err)
}
defer client.Close()
- call, err := client.StartCall(testContext(), "mountpoint/server/suffix", "EchoBlessings", nil)
+ ctx, _ = v23.SetPrincipal(ctx, pclient)
+ call, err := client.StartCall(ctx, "mountpoint/server/suffix", "EchoBlessings", nil)
if err != nil {
t.Fatalf("StartCall failed: %v", err)
}
@@ -1297,15 +1316,19 @@
pclient.AddToRoots(pserver.BlessingStore().Default())
pclient.BlessingStore().Set(bclient, "server")
- b := createBundle(t, nil, pserver, &testServer{})
- defer b.cleanup(t)
+ ctx, shutdown := initForTest()
+ defer shutdown()
+
+ b := createBundle(t, ctx, pserver, &testServer{})
+ defer b.cleanup(t, ctx)
var err error
- if b.client, err = InternalNewClient(b.sm, b.ns, vc.LocalPrincipal{pclient}); err != nil {
+ if b.client, err = InternalNewClient(b.sm, b.ns); err != nil {
t.Fatalf("InternalNewClient failed: %v", err)
}
+ ctx, _ = v23.SetPrincipal(ctx, pclient)
call := func() error {
- call, err := b.client.StartCall(testContext(), "mountpoint/server/aclAuth", "Echo", []interface{}{"batman"})
+ call, err := b.client.StartCall(ctx, "mountpoint/server/aclAuth", "Echo", []interface{}{"batman"})
if err != nil {
return err //fmt.Errorf("client.StartCall failed: %v", err)
}
@@ -1377,11 +1400,14 @@
// TestCancel tests cancellation while the server is reading from a stream.
func TestCancel(t *testing.T) {
+ ctx, shutdown := initForTest()
+ defer shutdown()
ts := newCancelTestServer(t)
- b := createBundle(t, tsecurity.NewPrincipal("client"), tsecurity.NewPrincipal("server"), ts)
- defer b.cleanup(t)
+ b := createBundle(t, ctx, tsecurity.NewPrincipal("server"), ts)
+ defer b.cleanup(t, ctx)
- ctx, cancel := context.WithCancel(testContext())
+ ctx, _ = v23.SetPrincipal(ctx, tsecurity.NewPrincipal("client"))
+ ctx, cancel := context.WithCancel(ctx)
_, err := b.client.StartCall(ctx, "mountpoint/server/suffix", "CancelStreamReader", []interface{}{})
if err != nil {
t.Fatalf("Start call failed: %v", err)
@@ -1392,11 +1418,14 @@
// TestCancelWithFullBuffers tests that even if the writer has filled the buffers and
// the server is not reading that the cancel message gets through.
func TestCancelWithFullBuffers(t *testing.T) {
+ ctx, shutdown := initForTest()
+ defer shutdown()
ts := newCancelTestServer(t)
- b := createBundle(t, tsecurity.NewPrincipal("client"), tsecurity.NewPrincipal("server"), ts)
- defer b.cleanup(t)
+ b := createBundle(t, ctx, tsecurity.NewPrincipal("server"), ts)
+ defer b.cleanup(t, ctx)
- ctx, cancel := context.WithCancel(testContext())
+ ctx, _ = v23.SetPrincipal(ctx, tsecurity.NewPrincipal("client"))
+ ctx, cancel := context.WithCancel(ctx)
call, err := b.client.StartCall(ctx, "mountpoint/server/suffix", "CancelStreamIgnorer", []interface{}{})
if err != nil {
t.Fatalf("Start call failed: %v", err)
@@ -1429,11 +1458,14 @@
}
func TestStreamReadTerminatedByServer(t *testing.T) {
+ ctx, shutdown := initForTest()
+ defer shutdown()
s := &streamRecvInGoroutineServer{c: make(chan error, 1)}
- b := createBundle(t, tsecurity.NewPrincipal("client"), tsecurity.NewPrincipal("server"), s)
- defer b.cleanup(t)
+ b := createBundle(t, ctx, tsecurity.NewPrincipal("server"), s)
+ defer b.cleanup(t, ctx)
- call, err := b.client.StartCall(testContext(), "mountpoint/server/suffix", "RecvInGoroutine", []interface{}{})
+ ctx, _ = v23.SetPrincipal(ctx, tsecurity.NewPrincipal("client"))
+ call, err := b.client.StartCall(ctx, "mountpoint/server/suffix", "RecvInGoroutine", []interface{}{})
if err != nil {
t.Fatalf("StartCall failed: %v", err)
}
@@ -1462,20 +1494,21 @@
// TestConnectWithIncompatibleServers tests that clients ignore incompatible endpoints.
func TestConnectWithIncompatibleServers(t *testing.T) {
- b := createBundle(t, tsecurity.NewPrincipal("client"), tsecurity.NewPrincipal("server"), &testServer{})
- defer b.cleanup(t)
+ ctx, shutdown := initForTest()
+ defer shutdown()
+ b := createBundle(t, ctx, tsecurity.NewPrincipal("server"), &testServer{})
+ defer b.cleanup(t, ctx)
// Publish some incompatible endpoints.
- publisher := publisher.New(testContext(), b.ns, publishPeriod)
+ publisher := publisher.New(ctx, b.ns, publishPeriod)
defer publisher.WaitForStop()
defer publisher.Stop()
publisher.AddName("incompatible")
publisher.AddServer("/@2@tcp@localhost:10000@@1000000@2000000@@", false)
publisher.AddServer("/@2@tcp@localhost:10001@@2000000@3000000@@", false)
- ctx, _ := context.WithTimeout(testContext(), 100*time.Millisecond)
-
- _, err := b.client.StartCall(ctx, "incompatible/suffix", "Echo", []interface{}{"foo"})
+ ctx, _ = v23.SetPrincipal(ctx, tsecurity.NewPrincipal("client"))
+ _, err := b.client.StartCall(ctx, "incompatible/suffix", "Echo", []interface{}{"foo"}, options.NoRetry{})
if !verror.Is(err, verror.ErrNoServers.ID) {
t.Errorf("Expected error %s, found: %v", verror.ErrNoServers, err)
}
@@ -1484,7 +1517,7 @@
publisher.AddServer("/"+b.ep.String(), false)
publisher.AddName("incompatible")
- call, err := b.client.StartCall(testContext(), "incompatible/suffix", "Echo", []interface{}{"foo"})
+ call, err := b.client.StartCall(ctx, "incompatible/suffix", "Echo", []interface{}{"foo"})
if err != nil {
t.Fatal(err)
}
@@ -1499,6 +1532,8 @@
}
func TestPreferredAddress(t *testing.T) {
+ ctx, shutdown := initForTest()
+ defer shutdown()
sm := imanager.InternalNew(naming.FixedRoutingID(0x555555555))
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
@@ -1507,7 +1542,6 @@
a.IP = net.ParseIP("1.1.1.1")
return []ipc.Address{&netstate.AddrIfc{Addr: a}}, nil
}
- ctx := testContext()
server, err := testInternalNewServer(ctx, sm, ns, tsecurity.NewPrincipal("server"))
if err != nil {
t.Errorf("InternalNewServer failed: %v", err)
@@ -1543,13 +1577,14 @@
}
func TestPreferredAddressErrors(t *testing.T) {
+ ctx, shutdown := initForTest()
+ defer shutdown()
sm := imanager.InternalNew(naming.FixedRoutingID(0x555555555))
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
paerr := func(_ string, a []ipc.Address) ([]ipc.Address, error) {
return nil, fmt.Errorf("oops")
}
- ctx := testContext()
server, err := testInternalNewServer(ctx, sm, ns, tsecurity.NewPrincipal("server"))
if err != nil {
t.Errorf("InternalNewServer failed: %v", err)
@@ -1575,10 +1610,11 @@
}
func TestSecurityNone(t *testing.T) {
+ ctx, shutdown := initForTest()
+ defer shutdown()
sm := imanager.InternalNew(naming.FixedRoutingID(0x66666666))
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
- ctx := testContext()
server, err := testInternalNewServer(ctx, sm, ns, nil, options.VCSecurityNone)
if err != nil {
t.Fatalf("InternalNewServer failed: %v", err)
@@ -1632,6 +1668,8 @@
pclient = tsecurity.NewPrincipal("client")
batman, _ = pserver.BlessSelf("batman")
)
+ ctx, shutdown := initForTest()
+ defer shutdown()
// Client and server recognize the servers blessings
for _, p := range []security.Principal{pserver, pclient} {
if err := p.AddToRoots(pserver.BlessingStore().Default()); err != nil {
@@ -1645,8 +1683,8 @@
// to act as batman (as opposed to using the default blessing).
ns := tnaming.NewSimpleNamespace()
- defer runServer(t, ns, pserver, "mountpoint/batman", &testServer{}, options.ServerBlessings{batman}).Shutdown()
- defer runServer(t, ns, pserver, "mountpoint/default", &testServer{}).Shutdown()
+ defer runServer(t, ctx, ns, pserver, "mountpoint/batman", &testServer{}, options.ServerBlessings{batman}).Shutdown()
+ defer runServer(t, ctx, ns, pserver, "mountpoint/default", &testServer{}).Shutdown()
// And finally, make an RPC and see that the client sees "batman"
runClient := func(server string) ([]string, error) {
@@ -1654,13 +1692,13 @@
defer smc.Shutdown()
client, err := InternalNewClient(
smc,
- ns,
- vc.LocalPrincipal{pclient})
+ ns)
if err != nil {
return nil, err
}
defer client.Close()
- call, err := client.StartCall(testContext(), server, "Closure", nil)
+ ctx, _ = v23.SetPrincipal(ctx, pclient)
+ call, err := client.StartCall(ctx, server, "Closure", nil)
if err != nil {
return nil, err
}
@@ -1684,6 +1722,8 @@
pserver = tsecurity.NewPrincipal("server")
pclient = tsecurity.NewPrincipal("client")
)
+ ctx, shutdown := initForTest()
+ defer shutdown()
// Make the client recognize all server blessings
if err := pclient.AddToRoots(pserver.BlessingStore().Default()); err != nil {
t.Fatal(err)
@@ -1706,8 +1746,8 @@
// Setup the disharger and test server.
discharger := &dischargeServer{}
- defer runServer(t, ns, pdischarger, "mountpoint/discharger", discharger).Shutdown()
- defer runServer(t, ns, pserver, "mountpoint/testServer", &testServer{}).Shutdown()
+ defer runServer(t, ctx, ns, pdischarger, "mountpoint/discharger", discharger).Shutdown()
+ defer runServer(t, ctx, ns, pserver, "mountpoint/testServer", &testServer{}).Shutdown()
runClient := func(noDischarges bool) {
rid, err := naming.NewRoutingID()
@@ -1716,7 +1756,7 @@
}
smc := imanager.InternalNew(rid)
defer smc.Shutdown()
- client, err := InternalNewClient(smc, ns, vc.LocalPrincipal{pclient})
+ client, err := InternalNewClient(smc, ns)
if err != nil {
t.Fatalf("failed to create client: %v", err)
}
@@ -1725,7 +1765,8 @@
if noDischarges {
opts = append(opts, NoDischarges{})
}
- if _, err = client.StartCall(testContext(), "mountpoint/testServer", "Closure", nil, opts...); err != nil {
+ ctx, _ = v23.SetPrincipal(ctx, pclient)
+ if _, err = client.StartCall(ctx, "mountpoint/testServer", "Closure", nil, opts...); err != nil {
t.Fatalf("failed to StartCall: %v", err)
}
}
@@ -1748,7 +1789,8 @@
pdischarger2 = tsecurity.NewPrincipal("discharger2")
pdischargeClient = tsecurity.NewPrincipal("dischargeClient")
)
-
+ ctx, shutdown := initForTest()
+ defer shutdown()
// Bless the client with a ThirdPartyCaveat from discharger1.
tpcav1 := mkThirdPartyCaveat(pdischarger1.PublicKey(), "mountpoint/discharger1", mkCaveat(security.ExpiryCaveat(time.Now().Add(time.Hour))))
blessings, err := pdischarger1.Bless(pdischargeClient.PublicKey(), pdischarger1.BlessingStore().Default(), "tpcav1", tpcav1)
@@ -1764,8 +1806,8 @@
// Setup the disharger and test server.
discharger1 := &dischargeServer{}
discharger2 := &dischargeServer{}
- defer runServer(t, ns, pdischarger1, "mountpoint/discharger1", discharger1).Shutdown()
- defer runServer(t, ns, pdischarger2, "mountpoint/discharger2", discharger2).Shutdown()
+ defer runServer(t, ctx, ns, pdischarger1, "mountpoint/discharger1", discharger1).Shutdown()
+ defer runServer(t, ctx, ns, pdischarger2, "mountpoint/discharger2", discharger2).Shutdown()
rid, err := naming.NewRoutingID()
if err != nil {
@@ -1773,7 +1815,7 @@
}
sm := imanager.InternalNew(rid)
- c, err := InternalNewClient(sm, ns, vc.LocalPrincipal{pdischargeClient})
+ c, err := InternalNewClient(sm, ns)
if err != nil {
t.Fatalf("failed to create client: %v", err)
}
@@ -1782,7 +1824,8 @@
if err != nil {
t.Error(err)
}
- dc.PrepareDischarges(testContext(), []security.Caveat{tpcav2}, security.DischargeImpetus{})
+ ctx, _ = v23.SetPrincipal(ctx, pdischargeClient)
+ dc.PrepareDischarges(ctx, []security.Caveat{tpcav2}, security.DischargeImpetus{})
// Ensure that discharger1 was not called and discharger2 was called.
if discharger1.called {
@@ -1800,6 +1843,8 @@
pserver = tsecurity.NewPrincipal("server")
pclient = tsecurity.NewPrincipal("client")
)
+ ctx, shutdown := initForTest()
+ defer shutdown()
// Make the client recognize all server blessings
if err := pclient.AddToRoots(pserver.BlessingStore().Default()); err != nil {
t.Fatal(err)
@@ -1807,10 +1852,12 @@
ns := tnaming.NewSimpleNamespace()
- serverSM := runServer(t, ns, pserver, "mountpoint/testServer", &testServer{})
+ serverSM := runServer(t, ctx, ns, pserver, "mountpoint/testServer", &testServer{})
defer serverSM.Shutdown()
rid := serverSM.RoutingID()
+ ctx, _ = v23.SetPrincipal(ctx, pclient)
+
newClient := func() ipc.Client {
rid, err := naming.NewRoutingID()
if err != nil {
@@ -1818,7 +1865,7 @@
}
smc := imanager.InternalNew(rid)
defer smc.Shutdown()
- client, err := InternalNewClient(smc, ns, vc.LocalPrincipal{pclient})
+ client, err := InternalNewClient(smc, ns)
if err != nil {
t.Fatalf("failed to create client: %v", err)
}
@@ -1826,7 +1873,7 @@
}
runClient := func(client ipc.Client) {
- if call, err := client.StartCall(testContext(), "mountpoint/testServer", "Closure", nil); err != nil {
+ if call, err := client.StartCall(ctx, "mountpoint/testServer", "Closure", nil); err != nil {
t.Fatalf("failed to StartCall: %v", err)
} else if err := call.Finish(); err != nil {
t.Fatal(err)
@@ -1887,30 +1934,29 @@
pother = tsecurity.NewPrincipal("other")
pclient = tsecurity.NewPrincipal("client")
)
-
+ ctx, shutdown := initForTest()
+ defer shutdown()
ns := tnaming.NewSimpleNamespace()
mountName := "mountpoint/default"
// Start a server with pserver.
- defer runServer(t, ns, pserver, mountName, &testServer{}).Shutdown()
+ defer runServer(t, ctx, ns, pserver, mountName, &testServer{}).Shutdown()
smc := imanager.InternalNew(naming.FixedRoutingID(0xc))
- client, err := InternalNewClient(
- smc,
- ns,
- vc.LocalPrincipal{pclient})
+ client, err := InternalNewClient(smc, ns)
if err != nil {
t.Fatal(err)
}
defer smc.Shutdown()
defer client.Close()
+ ctx, _ = v23.SetPrincipal(ctx, pclient)
// The call should succeed when the server presents the same public as the opt...
- if _, err = client.StartCall(testContext(), mountName, "Closure", nil, options.ServerPublicKey{pserver.PublicKey()}); err != nil {
+ if _, err = client.StartCall(ctx, mountName, "Closure", nil, options.ServerPublicKey{pserver.PublicKey()}); err != nil {
t.Errorf("Expected call to succeed but got %v", err)
}
// ...but fail if they differ.
- if _, err = client.StartCall(testContext(), mountName, "Closure", nil, options.ServerPublicKey{pother.PublicKey()}); !verror.Is(err, verror.ErrNotTrusted.ID) {
+ if _, err = client.StartCall(ctx, mountName, "Closure", nil, options.ServerPublicKey{pother.PublicKey()}); !verror.Is(err, verror.ErrNotTrusted.ID) {
t.Errorf("got %v, want %v", verror.ErrorID(err), verror.ErrNotTrusted.ID)
}
}
@@ -1947,16 +1993,17 @@
var (
pdischarger = tsecurity.NewPrincipal("discharger")
)
+ ctx, shutdown := initForTest()
+ defer shutdown()
// Bless the client with a ThirdPartyCaveat.
tpcav := mkThirdPartyCaveat(pdischarger.PublicKey(), "mountpoint/discharger", mkCaveat(security.ExpiryCaveat(time.Now().Add(time.Hour))))
ns := tnaming.NewSimpleNamespace()
- ctx := testContext()
// Setup the disharge server.
discharger := &expiryDischarger{}
- defer runServer(t, ns, pdischarger, "mountpoint/discharger", discharger).Shutdown()
+ defer runServer(t, ctx, ns, pdischarger, "mountpoint/discharger", discharger).Shutdown()
// Create a discharge client.
rid, err := naming.NewRoutingID()
diff --git a/profiles/internal/ipc/resolve_test.go b/profiles/internal/ipc/resolve_test.go
index ce35790..b415220 100644
--- a/profiles/internal/ipc/resolve_test.go
+++ b/profiles/internal/ipc/resolve_test.go
@@ -3,6 +3,8 @@
import (
"flag"
"fmt"
+ "io"
+ "os"
"testing"
"time"
@@ -10,6 +12,7 @@
"v.io/v23/context"
"v.io/v23/ipc"
"v.io/v23/naming"
+ "v.io/v23/options"
"v.io/x/ref/lib/flags"
"v.io/x/ref/profiles/fake"
@@ -18,10 +21,10 @@
"v.io/x/ref/profiles/internal/lib/appcycle"
inaming "v.io/x/ref/profiles/internal/naming"
grt "v.io/x/ref/profiles/internal/rt"
+ mounttable "v.io/x/ref/services/mounttable/lib"
"v.io/x/ref/test"
"v.io/x/ref/test/expect"
"v.io/x/ref/test/modules"
- "v.io/x/ref/test/modules/core"
)
var commonFlags *flags.Flags
@@ -31,7 +34,9 @@
if err := internal.ParseFlags(commonFlags); err != nil {
panic(err)
}
+}
+func setupRuntime() {
ac := appcycle.New()
listenSpec := ipc.ListenSpec{Addrs: ipc.ListenAddrs{{"tcp", "127.0.0.1:0"}}}
@@ -56,8 +61,38 @@
fake.InjectRuntime(runtime, ctx, shutdown)
}
+func rootMountTable(stdin io.Reader, stdout, stderr io.Writer, env map[string]string, args ...string) error {
+ setupRuntime()
+ ctx, shutdown := v23.Init()
+ defer shutdown()
+
+ lspec := v23.GetListenSpec(ctx)
+ server, err := v23.NewServer(ctx, options.ServesMountTable(true))
+ if err != nil {
+ return fmt.Errorf("root failed: %v", err)
+ }
+ mp := ""
+ mt, err := mounttable.NewMountTableDispatcher("")
+ if err != nil {
+ return fmt.Errorf("mounttable.NewMountTableDispatcher failed: %s", err)
+ }
+ eps, err := server.Listen(lspec)
+ if err != nil {
+ return fmt.Errorf("server.Listen failed: %s", err)
+ }
+ if err := server.ServeDispatcher(mp, mt); err != nil {
+ return fmt.Errorf("root failed: %s", err)
+ }
+ fmt.Fprintf(stdout, "PID=%d\n", os.Getpid())
+ for _, ep := range eps {
+ fmt.Fprintf(stdout, "MT_NAME=%s\n", ep.Name())
+ }
+ modules.WaitForEOF(stdin)
+ return nil
+}
+
func startMT(t *testing.T, sh *modules.Shell) string {
- h, err := sh.Start(core.RootMTCommand, nil)
+ h, err := sh.Start("rootMountTable", nil)
if err != nil {
t.Fatalf("unexpected error for root mt: %s", err)
}
@@ -67,6 +102,7 @@
}
func TestResolveToEndpoint(t *testing.T) {
+ setupRuntime()
sh, err := modules.NewShell(nil, nil, testing.Verbose(), t)
if err != nil {
t.Fatalf("modules.NewShell failed: %s", err)
diff --git a/profiles/internal/ipc/server_authorizer_test.go b/profiles/internal/ipc/server_authorizer_test.go
index 416f70a..e185e4b 100644
--- a/profiles/internal/ipc/server_authorizer_test.go
+++ b/profiles/internal/ipc/server_authorizer_test.go
@@ -5,6 +5,7 @@
tsecurity "v.io/x/ref/test/security"
+ "v.io/v23"
"v.io/v23/options"
"v.io/v23/security"
)
@@ -21,7 +22,7 @@
otherAli, _ = pother.BlessSelf("ali")
zero = security.Blessings{}
- ctx = testContext()
+ ctx, shutdown = initForTest()
U = func(blessings ...security.Blessings) security.Blessings {
u, err := security.UnionOfBlessings(blessings...)
@@ -31,6 +32,8 @@
return u
}
)
+ defer shutdown()
+ ctx, _ = v23.SetPrincipal(ctx, pclient)
// Make client recognize ali, bob and otherAli blessings
for _, b := range []security.Blessings{ali, bob, otherAli} {
if err := pclient.AddToRoots(b); err != nil {
diff --git a/profiles/internal/ipc/server_test.go b/profiles/internal/ipc/server_test.go
index 37cbc17..808bb8e 100644
--- a/profiles/internal/ipc/server_test.go
+++ b/profiles/internal/ipc/server_test.go
@@ -7,6 +7,7 @@
"testing"
"time"
+ "v.io/v23"
"v.io/v23/config"
"v.io/v23/context"
"v.io/v23/ipc"
@@ -17,7 +18,6 @@
"v.io/x/lib/netstate"
imanager "v.io/x/ref/profiles/internal/ipc/stream/manager"
- "v.io/x/ref/profiles/internal/ipc/stream/vc"
inaming "v.io/x/ref/profiles/internal/naming"
tnaming "v.io/x/ref/profiles/internal/testing/mocks/naming"
tsecurity "v.io/x/ref/test/security"
@@ -38,13 +38,14 @@
return noMethodsType{}, nil, nil
}
-// TestBadObject ensures that Serve handles bad reciver objects gracefully (in
+// TestBadObject ensures that Serve handles bad receiver objects gracefully (in
// particular, it doesn't panic).
func TestBadObject(t *testing.T) {
sm := imanager.InternalNew(naming.FixedRoutingID(0x555555555))
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
- ctx := testContext()
+ ctx, shutdown := initForTest()
+ defer shutdown()
server, err := testInternalNewServer(ctx, sm, ns, tsecurity.NewPrincipal("test"))
if err != nil {
t.Fatal(err)
@@ -70,7 +71,7 @@
if err != nil {
t.Fatalf("InternalNewClient failed: %v", err)
}
- ctx, _ = context.WithDeadline(testContext(), time.Now().Add(10*time.Second))
+ ctx, _ = context.WithDeadline(ctx, time.Now().Add(10*time.Second))
call, err := client.StartCall(ctx, "servername", "SomeMethod", nil)
if err != nil {
t.Fatalf("StartCall failed: %v", err)
@@ -87,7 +88,9 @@
sm := imanager.InternalNew(naming.FixedRoutingID(0x555555555))
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
- server, err := testInternalNewServer(testContext(), sm, ns, tsecurity.NewPrincipal("test"))
+ ctx, shutdown := initForTest()
+ defer shutdown()
+ server, err := testInternalNewServer(ctx, sm, ns, tsecurity.NewPrincipal("test"))
if err != nil {
t.Fatal(err)
}
@@ -130,7 +133,8 @@
}
func TestServerStatus(t *testing.T) {
- ctx := testContext()
+ ctx, shutdown := initForTest()
+ defer shutdown()
sm := imanager.InternalNew(naming.FixedRoutingID(0x555555555))
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
@@ -162,7 +166,8 @@
progress := make(chan error)
- client, err := InternalNewClient(sm, ns, vc.LocalPrincipal{principal})
+ client, err := InternalNewClient(sm, ns)
+ ctx, _ = v23.SetPrincipal(ctx, principal)
makeCall := func(ctx *context.T) {
call, err := client.StartCall(ctx, "test", "Hang", nil)
progress <- err
@@ -222,7 +227,8 @@
sm := imanager.InternalNew(naming.FixedRoutingID(0x555555555))
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
- ctx := testContext()
+ ctx, shutdown := initForTest()
+ defer shutdown()
expectBadState := func(err error) {
if !verror.Is(err, verror.ErrBadState.ID) {
@@ -289,7 +295,9 @@
sm := imanager.InternalNew(naming.FixedRoutingID(0x555555555))
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
- server, err := testInternalNewServer(testContext(), sm, ns, tsecurity.NewPrincipal("test"))
+ ctx, shutdown := initForTest()
+ defer shutdown()
+ server, err := testInternalNewServer(ctx, sm, ns, tsecurity.NewPrincipal("test"))
if err != nil {
t.Fatal(err)
}
@@ -411,7 +419,9 @@
sm := imanager.InternalNew(naming.FixedRoutingID(0x555555555))
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
- server, err := testInternalNewServer(testContext(), sm, ns, tsecurity.NewPrincipal("test"))
+ ctx, shutdown := initForTest()
+ defer shutdown()
+ server, err := testInternalNewServer(ctx, sm, ns, tsecurity.NewPrincipal("test"))
defer server.Stop()
if err != nil {
@@ -560,7 +570,9 @@
sm := imanager.InternalNew(naming.FixedRoutingID(0x555555555))
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
- server, err := testInternalNewServer(testContext(), sm, ns, tsecurity.NewPrincipal("test"))
+ ctx, shutdown := initForTest()
+ defer shutdown()
+ server, err := testInternalNewServer(ctx, sm, ns, tsecurity.NewPrincipal("test"))
defer server.Stop()
if err != nil {
diff --git a/profiles/internal/ipc/stream/benchmark/dial_vc.go b/profiles/internal/ipc/stream/benchmark/dial_vc.go
index 1b42060..604be19 100644
--- a/profiles/internal/ipc/stream/benchmark/dial_vc.go
+++ b/profiles/internal/ipc/stream/benchmark/dial_vc.go
@@ -19,14 +19,15 @@
server := manager.InternalNew(naming.FixedRoutingID(0x5))
client := manager.InternalNew(naming.FixedRoutingID(0xc))
+ principal := tsecurity.NewPrincipal("client")
- _, ep, err := server.Listen("tcp", "127.0.0.1:0", tsecurity.NewPrincipal("test"), mode)
+ _, ep, err := server.Listen("tcp", "127.0.0.1:0", tsecurity.NewPrincipal("server"), mode)
if err != nil {
b.Fatal(err)
}
// Warmup to create the underlying VIF.
- _, err = client.Dial(ep, mode)
+ _, err = client.Dial(ep, principal, mode)
if err != nil {
b.Fatal(err)
}
@@ -37,7 +38,7 @@
b.StartTimer()
start := time.Now()
- _, err := client.Dial(ep, mode)
+ _, err := client.Dial(ep, principal, mode)
if err != nil {
b.Fatal(err)
}
diff --git a/profiles/internal/ipc/stream/benchmark/dial_vif.go b/profiles/internal/ipc/stream/benchmark/dial_vif.go
index 7224c8e..40078af 100644
--- a/profiles/internal/ipc/stream/benchmark/dial_vif.go
+++ b/profiles/internal/ipc/stream/benchmark/dial_vif.go
@@ -16,7 +16,7 @@
// benchmarkDialVIF measures VIF creation time over the underlying net connection.
func benchmarkDialVIF(b *testing.B, mode options.VCSecurityLevel) {
stats := benchmark.AddStats(b, 16)
- principal := tsecurity.NewPrincipal("test")
+ principal := tsecurity.NewPrincipal("server")
b.ResetTimer() // Exclude setup time from measurement.
@@ -32,7 +32,7 @@
b.StartTimer()
start := time.Now()
- client, err := vif.InternalNewDialedVIF(nc, naming.FixedRoutingID(0xc), nil, mode)
+ client, err := vif.InternalNewDialedVIF(nc, naming.FixedRoutingID(0xc), principal, nil, mode)
if err != nil {
b.Fatal(err)
}
diff --git a/profiles/internal/ipc/stream/benchmark/throughput_flow.go b/profiles/internal/ipc/stream/benchmark/throughput_flow.go
index d102382..0f8be69 100644
--- a/profiles/internal/ipc/stream/benchmark/throughput_flow.go
+++ b/profiles/internal/ipc/stream/benchmark/throughput_flow.go
@@ -40,6 +40,7 @@
func benchmarkFlow(b *testing.B, mode options.VCSecurityLevel, nVIFs, nVCsPerVIF, nFlowsPerVC int) {
client := manager.InternalNew(naming.FixedRoutingID(0xcccccccc))
server := manager.InternalNew(naming.FixedRoutingID(0x55555555))
+ principal := tsecurity.NewPrincipal("test")
lns, err := createListeners(mode, server, nVIFs)
if err != nil {
@@ -50,12 +51,14 @@
rchan := make(chan io.ReadCloser, nFlows)
wchan := make(chan io.WriteCloser, nFlows)
+ b.ResetTimer()
+
go func() {
defer close(wchan)
for i := 0; i < nVIFs; i++ {
ep := lns[i].ep
for j := 0; j < nVCsPerVIF; j++ {
- vc, err := client.Dial(ep, mode)
+ vc, err := client.Dial(ep, principal, mode)
if err != nil {
b.Error(err)
return
diff --git a/profiles/internal/ipc/stream/manager/listener.go b/profiles/internal/ipc/stream/manager/listener.go
index 07fde42..fc4a916 100644
--- a/profiles/internal/ipc/stream/manager/listener.go
+++ b/profiles/internal/ipc/stream/manager/listener.go
@@ -8,7 +8,6 @@
"sync"
"v.io/x/ref/profiles/internal/ipc/stream/proxy"
- "v.io/x/ref/profiles/internal/ipc/stream/vc"
"v.io/x/ref/profiles/internal/ipc/stream/vif"
"v.io/x/ref/profiles/internal/lib/upcqueue"
inaming "v.io/x/ref/profiles/internal/naming"
@@ -158,8 +157,7 @@
func (ln *proxyListener) connect() (*vif.VIF, *inaming.Endpoint, error) {
vlog.VI(1).Infof("Connecting to proxy at %v", ln.proxyEP)
- // Requires dialing a VC to the proxy, need to extract options (like the principal)
- // from ln.opts to do so.
+ // Requires dialing a VC to the proxy, need to extract options from ln.opts to do so.
var dialOpts []stream.VCOpt
for _, opt := range ln.opts {
if dopt, ok := opt.(stream.VCOpt); ok {
@@ -167,9 +165,7 @@
}
}
// TODO(cnicolaou, ashankar): probably want to set a timeout here. (is this covered by opts?)
- // TODO(suharshs): Pass the principal explicitly to FindOrDialVIF and remove vc.LocalPrincipal.
- dialOpts = append(dialOpts, vc.LocalPrincipal{ln.principal})
- vf, err := ln.manager.FindOrDialVIF(ln.proxyEP, dialOpts...)
+ vf, err := ln.manager.FindOrDialVIF(ln.proxyEP, ln.principal, dialOpts...)
if err != nil {
return nil, nil, err
}
@@ -177,7 +173,7 @@
return nil, nil, fmt.Errorf("already connected to proxy and accepting connections? VIF: %v, StartAccepting error: %v", vf, err)
}
// Proxy protocol: See veyron/profiles/proxy/protocol.vdl
- vc, err := vf.Dial(ln.proxyEP, dialOpts...)
+ vc, err := vf.Dial(ln.proxyEP, ln.principal, dialOpts...)
if err != nil {
vf.StopAccepting()
if verror.ErrorID(err) == verror.ErrAborted.ID {
diff --git a/profiles/internal/ipc/stream/manager/manager.go b/profiles/internal/ipc/stream/manager/manager.go
index e7c42e1..192c9b8 100644
--- a/profiles/internal/ipc/stream/manager/manager.go
+++ b/profiles/internal/ipc/stream/manager/manager.go
@@ -77,7 +77,7 @@
// FindOrDialVIF returns the network connection (VIF) to the provided address
// from the cache in the manager. If not already present in the cache, a new
// connection will be created using net.Dial.
-func (m *manager) FindOrDialVIF(remote naming.Endpoint, opts ...stream.VCOpt) (*vif.VIF, error) {
+func (m *manager) FindOrDialVIF(remote naming.Endpoint, principal security.Principal, opts ...stream.VCOpt) (*vif.VIF, error) {
// Extract options.
var timeout time.Duration
for _, o := range opts {
@@ -116,7 +116,7 @@
vRange = r
}
}
- vf, err := vif.InternalNewDialedVIF(conn, m.rid, vRange, opts...)
+ vf, err := vif.InternalNewDialedVIF(conn, m.rid, principal, vRange, opts...)
if err != nil {
conn.Close()
return nil, fmt.Errorf("failed to create VIF: %v", err)
@@ -133,15 +133,15 @@
return vf, nil
}
-func (m *manager) Dial(remote naming.Endpoint, opts ...stream.VCOpt) (stream.VC, error) {
+func (m *manager) Dial(remote naming.Endpoint, principal security.Principal, opts ...stream.VCOpt) (stream.VC, error) {
// If vif.Dial fails because the cached network connection was broken, remove from
// the cache and try once more.
for retry := true; true; retry = false {
- vf, err := m.FindOrDialVIF(remote, opts...)
+ vf, err := m.FindOrDialVIF(remote, principal, opts...)
if err != nil {
return nil, err
}
- vc, err := vf.Dial(remote, append(opts, m.sessionCache)...)
+ vc, err := vf.Dial(remote, principal, append(opts, m.sessionCache)...)
if !retry || verror.ErrorID(err) != verror.ErrAborted.ID {
return vc, err
}
diff --git a/profiles/internal/ipc/stream/manager/manager_test.go b/profiles/internal/ipc/stream/manager/manager_test.go
index bcebc33..7e3a288 100644
--- a/profiles/internal/ipc/stream/manager/manager_test.go
+++ b/profiles/internal/ipc/stream/manager/manager_test.go
@@ -58,8 +58,9 @@
func testSimpleFlow(t *testing.T, protocol string) {
server := InternalNew(naming.FixedRoutingID(0x55555555))
client := InternalNew(naming.FixedRoutingID(0xcccccccc))
+ pclient := tsecurity.NewPrincipal("client")
- ln, ep, err := server.Listen(protocol, "127.0.0.1:0", tsecurity.NewPrincipal("test"))
+ ln, ep, err := server.Listen(protocol, "127.0.0.1:0", tsecurity.NewPrincipal("server"))
if err != nil {
t.Fatal(err)
}
@@ -68,7 +69,7 @@
var clientVC stream.VC
var clientF1 stream.Flow
go func() {
- if clientVC, err = client.Dial(ep); err != nil {
+ if clientVC, err = client.Dial(ep, pclient); err != nil {
t.Errorf("Dial(%q) failed: %v", ep, err)
return
}
@@ -134,7 +135,7 @@
t.Errorf("Should not be able to Dial or Write after the Listener is closed")
}
// Opening a new VC should fail fast.
- if _, err := client.Dial(ep); err == nil {
+ if _, err := client.Dial(ep, pclient); err == nil {
t.Errorf("Should not be able to Dial after listener is closed")
}
}
@@ -154,7 +155,7 @@
go func() {
// 203.0.113.0 is TEST-NET-3 from RFC5737
ep, _ := inaming.NewEndpoint(naming.FormatEndpoint("tcp", "203.0.113.10:80"))
- _, err := client.Dial(ep, &DialTimeout{time.Second})
+ _, err := client.Dial(ep, tsecurity.NewPrincipal("client"), &DialTimeout{time.Second})
ch <- err
}()
@@ -220,7 +221,7 @@
go func() {
// VCSecurityLevel is intentionally not provided to Dial - to
// test default behavior.
- vc, err := client.Dial(ep, vc.LocalPrincipal{clientPrincipal})
+ vc, err := client.Dial(ep, clientPrincipal)
if err != nil {
errs <- err
return
@@ -302,20 +303,21 @@
func testCloseListener(t *testing.T, protocol string) {
server := InternalNew(naming.FixedRoutingID(0x5e97e9))
+ pclient := tsecurity.NewPrincipal("client")
- ln, ep, err := server.Listen(protocol, "127.0.0.1:0", tsecurity.NewPrincipal("test"))
+ ln, ep, err := server.Listen(protocol, "127.0.0.1:0", tsecurity.NewPrincipal("server"))
if err != nil {
t.Fatal(err)
}
// Server will just listen for flows and close them.
go acceptLoop(ln)
client := InternalNew(naming.FixedRoutingID(0xc1e41))
- if _, err = client.Dial(ep); err != nil {
+ if _, err = client.Dial(ep, pclient); err != nil {
t.Fatal(err)
}
ln.Close()
client = InternalNew(naming.FixedRoutingID(0xc1e42))
- if _, err := client.Dial(ep); err == nil {
+ if _, err := client.Dial(ep, pclient); err == nil {
t.Errorf("client.Dial(%q) should have failed", ep)
}
}
@@ -352,7 +354,7 @@
server := InternalNew(naming.FixedRoutingID(0x55555555))
client := InternalNew(naming.FixedRoutingID(0xcccccccc))
- ln, ep, err := server.Listen(protocol, "127.0.0.1:0", tsecurity.NewPrincipal("test"))
+ ln, ep, err := server.Listen(protocol, "127.0.0.1:0", tsecurity.NewPrincipal("server"))
if err != nil {
t.Fatal(err)
}
@@ -360,7 +362,7 @@
// Server will just listen for flows and close them.
go acceptLoop(ln)
- vc, err := client.Dial(ep)
+ vc, err := client.Dial(ep, tsecurity.NewPrincipal("client"))
if err != nil {
t.Fatal(err)
}
@@ -401,7 +403,7 @@
// Have the server read from each flow and write to rchan.
rchan := make(chan string)
- ln, ep, err := server.Listen(protocol, "127.0.0.1:0", tsecurity.NewPrincipal("test"))
+ ln, ep, err := server.Listen(protocol, "127.0.0.1:0", tsecurity.NewPrincipal("server"))
if err != nil {
t.Fatal(err)
}
@@ -438,7 +440,7 @@
var vcs [nVCs]stream.VC
for i := 0; i < nVCs; i++ {
var err error
- vcs[i], err = client.Dial(ep)
+ vcs[i], err = client.Dial(ep, tsecurity.NewPrincipal("client"))
if err != nil {
t.Fatal(err)
}
@@ -507,7 +509,7 @@
// Dial multiple VCs
for i := 0; i < 2; i++ {
- if _, err = client.Dial(nep); err != nil {
+ if _, err = client.Dial(nep, tsecurity.NewPrincipal("client")); err != nil {
t.Fatalf("Dial #%d failed: %v", i, err)
}
}
@@ -531,6 +533,7 @@
func testServerRestartDuringClientLifetime(t *testing.T, protocol string) {
client := InternalNew(naming.FixedRoutingID(0xcccccccc))
+ pclient := tsecurity.NewPrincipal("client")
sh, err := modules.NewShell(nil, nil, testing.Verbose(), t)
if err != nil {
t.Fatalf("unexpected error: %s", err)
@@ -547,13 +550,13 @@
if err != nil {
t.Fatalf("inaming.NewEndpoint(%q): %v", addr, err)
}
- if _, err := client.Dial(ep); err != nil {
+ if _, err := client.Dial(ep, pclient); err != nil {
t.Fatal(err)
}
h.Shutdown(nil, os.Stderr)
// A new VC cannot be created since the server is dead
- if _, err := client.Dial(ep); err == nil {
+ if _, err := client.Dial(ep, pclient); err == nil {
t.Fatal("Expected client.Dial to fail since server is dead")
}
@@ -565,7 +568,7 @@
if addr2 := h.ReadLine(); addr2 != addr || err != nil {
t.Fatalf("Got (%q, %v) want (%q, nil)", addr2, err, addr)
}
- if _, err := client.Dial(ep); err != nil {
+ if _, err := client.Dial(ep, pclient); err != nil {
t.Fatal(err)
}
}
@@ -610,6 +613,7 @@
func TestRegistration(t *testing.T) {
server := InternalNew(naming.FixedRoutingID(0x55555555))
client := InternalNew(naming.FixedRoutingID(0xcccccccc))
+ pserver := tsecurity.NewPrincipal("server")
dialer := func(_, _ string, _ time.Duration) (net.Conn, error) {
return nil, fmt.Errorf("tn.Dial")
@@ -619,12 +623,12 @@
}
ipc.RegisterProtocol("tn", dialer, listener)
- _, _, err := server.Listen("tnx", "127.0.0.1:0", tsecurity.NewPrincipal("test"))
+ _, _, err := server.Listen("tnx", "127.0.0.1:0", pserver)
if err == nil || !strings.Contains(err.Error(), "unknown network tnx") {
t.Fatal("expected error is missing (%v)", err)
}
- _, _, err = server.Listen("tn", "127.0.0.1:0", tsecurity.NewPrincipal("test"))
+ _, _, err = server.Listen("tn", "127.0.0.1:0", pserver)
if err == nil || !strings.Contains(err.Error(), "tn.Listen") {
t.Fatal("expected error is missing (%v)", err)
}
@@ -638,12 +642,12 @@
t.Errorf("got %t, want %t", got, want)
}
- _, ep, err := server.Listen("tn", "127.0.0.1:0", tsecurity.NewPrincipal("test"))
+ _, ep, err := server.Listen("tn", "127.0.0.1:0", pserver)
if err != nil {
t.Errorf("unexpected error %s", err)
}
- _, err = client.Dial(ep)
+ _, err = client.Dial(ep, tsecurity.NewPrincipal("client"))
if err == nil || !strings.Contains(err.Error(), "tn.Dial") {
t.Fatal("expected error is missing (%v)", err)
}
diff --git a/profiles/internal/ipc/stream/model.go b/profiles/internal/ipc/stream/model.go
index 5bee977..aa6095c 100644
--- a/profiles/internal/ipc/stream/model.go
+++ b/profiles/internal/ipc/stream/model.go
@@ -127,7 +127,9 @@
Listen(protocol, address string, principal security.Principal, opts ...ListenerOpt) (Listener, naming.Endpoint, error)
// Dial creates a VC to the provided remote endpoint.
- Dial(remote naming.Endpoint, opts ...VCOpt) (VC, error)
+ // principal is used during authentication. If principal is nil, then the VC expects
+ // to be used for unauthenticated, unencrypted communication.
+ Dial(remote naming.Endpoint, principal security.Principal, opts ...VCOpt) (VC, error)
// ShutdownEndpoint closes all VCs (and Flows and Listeners over it)
// involving the provided remote endpoint.
diff --git a/profiles/internal/ipc/stream/proxy/proxy_test.go b/profiles/internal/ipc/stream/proxy/proxy_test.go
index 26123d6..ed9a607 100644
--- a/profiles/internal/ipc/stream/proxy/proxy_test.go
+++ b/profiles/internal/ipc/stream/proxy/proxy_test.go
@@ -122,7 +122,7 @@
other := manager.InternalNew(naming.FixedRoutingID(0xcccccccccccccccc))
defer other.Shutdown()
- vc, err := other.Dial(proxyEp)
+ vc, err := other.Dial(proxyEp, tsecurity.NewPrincipal("other"))
if err != nil {
t.Fatal(err)
}
@@ -170,7 +170,7 @@
client := manager.InternalNew(naming.FixedRoutingID(0xcccccccccccccccc))
defer client.Shutdown()
- vc, err := client.Dial(ep)
+ vc, err := client.Dial(ep, tsecurity.NewPrincipal("client"))
if err != nil {
t.Fatal(err)
}
@@ -222,12 +222,14 @@
defer lnS.Close()
rchan := make(chan string)
+ pclient1 := tsecurity.NewPrincipal("client1")
+
// client1 must connect to the proxy to speak to the server.
// Keep a VC and Flow open to the server, to ensure that the proxy
// maintains routing information (at some point, inactive VIFs
// should be garbage collected, so this ensures that the VIF
// is "active")
- if vc, err := client1.Dial(epS); err != nil {
+ if vc, err := client1.Dial(epS, pclient1); err != nil {
t.Fatal(err)
} else if flow, err := vc.Connect(); err != nil {
t.Fatal(err)
@@ -236,7 +238,7 @@
}
// Now client1 becomes a server
- lnC, epC, err := client1.Listen(proxyEp.Network(), proxyEp.String(), tsecurity.NewPrincipal("test"))
+ lnC, epC, err := client1.Listen(proxyEp.Network(), proxyEp.String(), pclient1)
if err != nil {
t.Fatal(err)
}
@@ -253,7 +255,7 @@
}
func writeFlow(mgr stream.Manager, ep naming.Endpoint, data string) error {
- vc, err := mgr.Dial(ep)
+ vc, err := mgr.Dial(ep, tsecurity.NewPrincipal("test"))
if err != nil {
return fmt.Errorf("manager.Dial(%v) failed: %v", ep, err)
}
diff --git a/profiles/internal/ipc/stream/vc/init.go b/profiles/internal/ipc/stream/vc/init.go
deleted file mode 100644
index 4fc3889..0000000
--- a/profiles/internal/ipc/stream/vc/init.go
+++ /dev/null
@@ -1,63 +0,0 @@
-package vc
-
-import (
- "crypto/ecdsa"
- "crypto/elliptic"
- "crypto/rand"
- "fmt"
-
- "v.io/v23/security"
- "v.io/x/lib/vlog"
-)
-
-var AnonymousPrincipal security.Principal
-
-func init() {
- key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
- if err != nil {
- vlog.Fatalf("could not create private key for anonymous principal: %v", err)
- }
- store := &anonymousBlessingStore{k: security.NewECDSAPublicKey(&key.PublicKey)}
- if AnonymousPrincipal, err = security.CreatePrincipal(security.NewInMemoryECDSASigner(key), store, nil); err != nil {
- vlog.Fatalf("could not create anonymous principal: %v", err)
- }
- if store.b, err = AnonymousPrincipal.BlessSelf("anonymous"); err != nil {
- vlog.Fatalf("failed to generate the one blessing to be used by the anonymous principal: %v", err)
- }
-}
-
-// TODO(ashankar,ataly): Figure out what to do with this!
-// (Most likely move the BlessingStore implementation from veyron/profiles/internal/rt to veyron/security
-// and use that?)
-type anonymousBlessingStore struct {
- k security.PublicKey
- b security.Blessings
-}
-
-func (s *anonymousBlessingStore) Set(security.Blessings, security.BlessingPattern) (security.Blessings, error) {
- return security.Blessings{}, fmt.Errorf("cannot store blessings with an anonymous principal")
-}
-
-func (s *anonymousBlessingStore) ForPeer(...string) security.Blessings {
- return s.b
-}
-
-func (s *anonymousBlessingStore) SetDefault(security.Blessings) error {
- return fmt.Errorf("cannot change default blessing associated with the anonymous principal")
-}
-
-func (s *anonymousBlessingStore) Default() security.Blessings {
- return s.b
-}
-
-func (s *anonymousBlessingStore) PublicKey() security.PublicKey {
- return s.k
-}
-
-func (s *anonymousBlessingStore) PeerBlessings() map[security.BlessingPattern]security.Blessings {
- return nil
-}
-
-func (anonymousBlessingStore) DebugString() string {
- return "anonymous BlessingStore"
-}
diff --git a/profiles/internal/ipc/stream/vc/vc.go b/profiles/internal/ipc/stream/vc/vc.go
index f3e3cc7..b32ff82 100644
--- a/profiles/internal/ipc/stream/vc/vc.go
+++ b/profiles/internal/ipc/stream/vc/vc.go
@@ -139,14 +139,6 @@
Version version.IPCVersion
}
-// LocalPrincipal wraps a security.Principal so that it can be provided
-// as an option to various methods in order to provide authentication information
-// when establishing virtual circuits.
-type LocalPrincipal struct{ security.Principal }
-
-func (LocalPrincipal) IPCStreamVCOpt() {}
-func (LocalPrincipal) IPCClientOpt() {}
-
// DischargeClient is an interface for obtaining discharges for a set of third-party
// caveats.
//
@@ -407,17 +399,14 @@
// HandshakeDialedVC completes initialization of the VC (setting up encryption,
// authentication etc.) under the assumption that the VC was initiated by the
// local process (i.e., the local process "Dial"ed to create the VC).
-func (vc *VC) HandshakeDialedVC(opts ...stream.VCOpt) error {
+func (vc *VC) HandshakeDialedVC(principal security.Principal, opts ...stream.VCOpt) error {
var (
- principal security.Principal
tlsSessionCache crypto.TLSClientSessionCache
securityLevel options.VCSecurityLevel
auth *ServerAuthorizer
)
for _, o := range opts {
switch v := o.(type) {
- case LocalPrincipal:
- principal = v.Principal
case options.VCSecurityLevel:
securityLevel = v
case crypto.TLSClientSessionCache:
@@ -429,7 +418,7 @@
switch securityLevel {
case options.VCSecurityConfidential:
if principal == nil {
- principal = AnonymousPrincipal
+ return fmt.Errorf("principal required for VCSecurityConfidential")
}
case options.VCSecurityNone:
return nil
diff --git a/profiles/internal/ipc/stream/vc/vc_test.go b/profiles/internal/ipc/stream/vc/vc_test.go
index 056716e..302f477 100644
--- a/profiles/internal/ipc/stream/vc/vc_test.go
+++ b/profiles/internal/ipc/stream/vc/vc_test.go
@@ -474,7 +474,7 @@
go serverH.pipeLoop(clientH.VC)
lopts := []stream.ListenerOpt{security}
- vcopts := []stream.VCOpt{vc.LocalPrincipal{client}, security}
+ vcopts := []stream.VCOpt{security}
if dischargeClient != nil {
lopts = append(lopts, dischargeClient)
@@ -484,7 +484,7 @@
}
c := serverH.VC.HandshakeAcceptedVC(server, lopts...)
- if err := clientH.VC.HandshakeDialedVC(vcopts...); err != nil {
+ if err := clientH.VC.HandshakeDialedVC(client, vcopts...); err != nil {
go func() { <-c }()
return nil, nil, err
}
diff --git a/profiles/internal/ipc/stream/vif/set_test.go b/profiles/internal/ipc/stream/vif/set_test.go
index ca53318..6621d4b 100644
--- a/profiles/internal/ipc/stream/vif/set_test.go
+++ b/profiles/internal/ipc/stream/vif/set_test.go
@@ -60,14 +60,14 @@
func newVIF(c, s net.Conn) (*vif.VIF, *vif.VIF, error) {
done := make(chan *vif.VIF)
go func() {
- vf, err := vif.InternalNewAcceptedVIF(s, naming.FixedRoutingID(0x5), tsecurity.NewPrincipal("test"), nil)
+ vf, err := vif.InternalNewAcceptedVIF(s, naming.FixedRoutingID(0x5), tsecurity.NewPrincipal("accepted"), nil)
if err != nil {
panic(err)
}
done <- vf
}()
- vf, err := vif.InternalNewDialedVIF(c, naming.FixedRoutingID(0xc), nil, nil, nil)
+ vf, err := vif.InternalNewDialedVIF(c, naming.FixedRoutingID(0xc), tsecurity.NewPrincipal("dialed"), nil)
if err != nil {
return nil, nil, err
}
diff --git a/profiles/internal/ipc/stream/vif/vif.go b/profiles/internal/ipc/stream/vif/vif.go
index 97bbe65..5279034 100644
--- a/profiles/internal/ipc/stream/vif/vif.go
+++ b/profiles/internal/ipc/stream/vif/vif.go
@@ -131,8 +131,8 @@
// As the name suggests, this method is intended for use only within packages
// placed inside veyron/profiles/internal. Code outside the
// veyron2/profiles/internal/* packages should never call this method.
-func InternalNewDialedVIF(conn net.Conn, rid naming.RoutingID, versions *version.Range, opts ...stream.VCOpt) (*VIF, error) {
- ctx, principal, err := clientAuthOptions(opts)
+func InternalNewDialedVIF(conn net.Conn, rid naming.RoutingID, principal security.Principal, versions *version.Range, opts ...stream.VCOpt) (*VIF, error) {
+ ctx, principal, err := clientAuthOptions(principal, opts)
if err != nil {
return nil, err
}
@@ -229,7 +229,7 @@
// Dial creates a new VC to the provided remote identity, authenticating the VC
// with the provided local identity.
-func (vif *VIF) Dial(remoteEP naming.Endpoint, opts ...stream.VCOpt) (stream.VC, error) {
+func (vif *VIF) Dial(remoteEP naming.Endpoint, principal security.Principal, opts ...stream.VCOpt) (stream.VC, error) {
vc, err := vif.newVC(vif.allocVCI(), vif.localEP, remoteEP, true)
if err != nil {
return nil, err
@@ -255,7 +255,7 @@
vc.Close(err.Error())
return nil, err
}
- if err := vc.HandshakeDialedVC(opts...); err != nil {
+ if err := vc.HandshakeDialedVC(principal, opts...); err != nil {
vif.vcMap.Delete(vc.VCI())
err = fmt.Errorf("VC handshake failed: %v", err)
vc.Close(err.Error())
@@ -961,16 +961,16 @@
return ep
}
-// clientAuthOptions extracts the client authentication options from the options
-// list.
-func clientAuthOptions(lopts []stream.VCOpt) (ctx *context.T, principal security.Principal, err error) {
- var securityLevel options.VCSecurityLevel
+// clientAuthOptions returns credentials for VIF authentication, based on the provided principal and options list.
+func clientAuthOptions(principal security.Principal, lopts []stream.VCOpt) (*context.T, security.Principal, error) {
+ var (
+ securityLevel options.VCSecurityLevel
+ ctx *context.T
+ )
for _, o := range lopts {
switch v := o.(type) {
case vc.DialContext:
ctx = v.T
- case vc.LocalPrincipal:
- principal = v.Principal
case options.VCSecurityLevel:
securityLevel = v
}
@@ -978,12 +978,12 @@
switch securityLevel {
case options.VCSecurityConfidential:
if principal == nil {
- principal = vc.AnonymousPrincipal
+ return nil, nil, fmt.Errorf("principal required for VCSecurityConfidential")
}
+ return ctx, principal, nil
case options.VCSecurityNone:
- principal = nil
+ return ctx, nil, nil
default:
- err = fmt.Errorf("unrecognized VC security level: %v", securityLevel)
+ return nil, nil, fmt.Errorf("unrecognized VC security level: %v", securityLevel)
}
- return
}
diff --git a/profiles/internal/ipc/stream/vif/vif_test.go b/profiles/internal/ipc/stream/vif/vif_test.go
index cf99618..4bb1abe 100644
--- a/profiles/internal/ipc/stream/vif/vif_test.go
+++ b/profiles/internal/ipc/stream/vif/vif_test.go
@@ -19,7 +19,6 @@
"v.io/v23/ipc/version"
"v.io/v23/naming"
- "v.io/x/ref/profiles/internal/ipc/stream/vc"
"v.io/x/ref/profiles/internal/ipc/stream/vif"
iversion "v.io/x/ref/profiles/internal/ipc/version"
tsecurity "v.io/x/ref/test/security"
@@ -30,10 +29,6 @@
//go:generate v23 test generate
-func newPrincipal(defaultBlessing string) vc.LocalPrincipal {
- return vc.LocalPrincipal{tsecurity.NewPrincipal("defaultBlessing")}
-}
-
func TestSingleFlowCreatedAtClient(t *testing.T) {
client, server := NewClientServer()
defer client.Close()
@@ -383,21 +378,22 @@
func TestNetworkFailure(t *testing.T) {
c1, c2 := pipe()
result := make(chan *vif.VIF)
+ pclient := tsecurity.NewPrincipal("client")
go func() {
- client, err := vif.InternalNewDialedVIF(c1, naming.FixedRoutingID(0xc), nil)
+ client, err := vif.InternalNewDialedVIF(c1, naming.FixedRoutingID(0xc), pclient, nil)
if err != nil {
t.Fatal(err)
}
result <- client
}()
- server, err := vif.InternalNewAcceptedVIF(c2, naming.FixedRoutingID(0x5), tsecurity.NewPrincipal("test"), nil)
+ server, err := vif.InternalNewAcceptedVIF(c2, naming.FixedRoutingID(0x5), tsecurity.NewPrincipal("server"), nil)
if err != nil {
t.Fatal(err)
}
client := <-result
// If the network connection dies, Dial and Accept should fail.
c1.Close()
- if _, err := client.Dial(makeEP(0x5)); err == nil {
+ if _, err := client.Dial(makeEP(0x5), pclient); err == nil {
t.Errorf("Expected client.Dial to fail")
}
if _, err := server.Accept(); err == nil {
@@ -493,7 +489,7 @@
var cerr error
cl := make(chan *vif.VIF)
go func() {
- c, err := vif.InternalNewDialedVIF(c1, naming.FixedRoutingID(0xc), clientVersions, newPrincipal("client"))
+ c, err := vif.InternalNewDialedVIF(c1, naming.FixedRoutingID(0xc), tsecurity.NewPrincipal("client"), clientVersions)
if err != nil {
cerr = err
close(cl)
@@ -550,7 +546,7 @@
scChan := make(chan stream.Connector)
errChan := make(chan error)
go func() {
- vc, err := client.Dial(ep, newPrincipal("client"))
+ vc, err := client.Dial(ep, tsecurity.NewPrincipal("client"))
errChan <- err
vcChan <- vc
}()
diff --git a/profiles/internal/ipc/test/proxy_test.go b/profiles/internal/ipc/test/proxy_test.go
index df7d9f3..6c7c2f8 100644
--- a/profiles/internal/ipc/test/proxy_test.go
+++ b/profiles/internal/ipc/test/proxy_test.go
@@ -25,7 +25,6 @@
iipc "v.io/x/ref/profiles/internal/ipc"
imanager "v.io/x/ref/profiles/internal/ipc/stream/manager"
"v.io/x/ref/profiles/internal/ipc/stream/proxy"
- "v.io/x/ref/profiles/internal/ipc/stream/vc"
"v.io/x/ref/profiles/internal/lib/publisher"
inaming "v.io/x/ref/profiles/internal/naming"
tnaming "v.io/x/ref/profiles/internal/testing/mocks/naming"
@@ -177,7 +176,7 @@
)
defer smserver.Shutdown()
defer smclient.Shutdown()
- client, err := iipc.InternalNewClient(smserver, ns, vc.LocalPrincipal{tsecurity.NewPrincipal("client")})
+ client, err := iipc.InternalNewClient(smserver, ns)
if err != nil {
t.Fatal(err)
}
diff --git a/profiles/internal/ipc/testutil_test.go b/profiles/internal/ipc/testutil_test.go
index a35808f..0648593 100644
--- a/profiles/internal/ipc/testutil_test.go
+++ b/profiles/internal/ipc/testutil_test.go
@@ -5,6 +5,12 @@
"testing"
"time"
+ "v.io/v23/vtrace"
+ "v.io/x/ref/lib/flags"
+ ivtrace "v.io/x/ref/profiles/internal/vtrace"
+ "v.io/x/ref/test"
+
+ "v.io/v23"
"v.io/v23/context"
"v.io/v23/naming"
"v.io/v23/security"
@@ -68,6 +74,16 @@
return b
}
+func initForTest() (*context.T, v23.Shutdown) {
+ ctx, shutdown := test.InitForTest()
+ ctx, err := ivtrace.Init(ctx, flags.VtraceFlags{})
+ if err != nil {
+ panic(err)
+ }
+ ctx, _ = vtrace.SetNewTrace(ctx)
+ return ctx, shutdown
+}
+
func mkThirdPartyCaveat(discharger security.PublicKey, location string, c security.Caveat) security.Caveat {
tpc, err := security.NewPublicKeyCaveat(discharger, location, security.ThirdPartyRequirements{}, c)
if err != nil {
@@ -76,15 +92,6 @@
return tpc
}
-// We need a special way to create contexts for tests. We
-// can't create a real runtime in the runtime implementation
-// so we use a fake one that panics if used. The runtime
-// implementation should not ever use the Runtime from a context.
-func testContext() *context.T {
- ctx, _ := context.WithTimeout(testContextWithoutDeadline(), 20*time.Second)
- return ctx
-}
-
// mockCall implements security.Call
type mockCall struct {
p security.Principal
diff --git a/profiles/internal/ipc/v23_internal_test.go b/profiles/internal/ipc/v23_test.go
similarity index 85%
rename from profiles/internal/ipc/v23_internal_test.go
rename to profiles/internal/ipc/v23_test.go
index 9597c2e..0efc85a 100644
--- a/profiles/internal/ipc/v23_internal_test.go
+++ b/profiles/internal/ipc/v23_test.go
@@ -4,7 +4,7 @@
// This file was auto-generated via go generate.
// DO NOT UPDATE MANUALLY
-package ipc
+package ipc_test
import "fmt"
import "testing"
@@ -13,6 +13,10 @@
import "v.io/x/ref/test"
import "v.io/x/ref/test/modules"
+func init() {
+ modules.RegisterChild("rootMountTable", ``, rootMountTable)
+}
+
func TestMain(m *testing.M) {
test.Init()
if modules.IsModulesChildProcess() {
