veyron/runtimes/google/ipc: Check caveats on the server's blessings.
This commit mostly (not completely) undoes the hack in
https://veyron-review.googlesource.com/#/q/I4c693a78ad0444ad5b474d44083ee18d3daf35b1
by changing things so that only third-party-caveat validation is skipped for
servers (rather that skipping validation for all caveats).
Change-Id: I1f1dcc2c1deadfc2af87ceabfb241dc7c5e6b365
diff --git a/runtimes/google/ipc/client.go b/runtimes/google/ipc/client.go
index 51f7706..1a749d0 100644
--- a/runtimes/google/ipc/client.go
+++ b/runtimes/google/ipc/client.go
@@ -11,6 +11,7 @@
"veyron.io/veyron/veyron/runtimes/google/ipc/version"
inaming "veyron.io/veyron/veyron/runtimes/google/naming"
+ isecurity "veyron.io/veyron/veyron/runtimes/google/security"
"veyron.io/veyron/veyron/runtimes/google/vtrace"
"veyron.io/veyron/veyron2"
@@ -271,14 +272,10 @@
// TODO(ataly): What should the label be for the context? Typically the label is the
// security.Label of the method but we don't have that information here at the client.
- // TODO(ataly,andreser): Replace this statement with the commented code just below
- // it once we have a mechanism for servers to send discharges for any third-party caveats
- // on its PublicID.
- authID, err := server, error(nil)
- // authID, err := server.Authorize(isecurity.NewContext(isecurity.ContextArgs{
- // LocalID: client,
- // RemoteID: server,
- // }))
+ authID, err := server.Authorize(isecurity.NewContext(isecurity.ContextArgs{
+ LocalID: client,
+ RemoteID: server,
+ }))
if err != nil {
return nil, err
}
