Merge "veyron/lib/stats/sysstats: add the pid to sysstats"
diff --git a/runtimes/google/ipc/client.go b/runtimes/google/ipc/client.go
index 628e1d3..c0d41df 100644
--- a/runtimes/google/ipc/client.go
+++ b/runtimes/google/ipc/client.go
@@ -79,6 +79,9 @@
errAuthNoPatternMatch = verror.Register(pkgPath+".authNoPatternMatch",
verror.NoRetry, "server blessings {3} do not match pattern {4}")
+ errAuthServerNotAllowed = verror.Register(pkgPath+".authServerNotAllowed",
+ verror.NoRetry, "set of allowed servers {3} not matched by server blessings {4}")
+
errDefaultAuthDenied = verror.Register(pkgPath+".defaultAuthDenied", verror.NoRetry, "default authorization precludes talking to server with blessings{:3}")
errBlessingGrant = verror.Register(pkgPath+".blessingGrantFailed", verror.NoRetry, "failed to grant blessing to server with blessings {3}{:4}")
@@ -661,6 +664,17 @@
}
for _, o := range opts {
switch v := o.(type) {
+ case options.AllowedServersPolicy:
+ allowed := false
+ for _, p := range v {
+ if p.MatchedBy(serverBlessings...) {
+ allowed = true
+ break
+ }
+ }
+ if !allowed {
+ return nil, nil, verror.Make(errAuthServerNotAllowed, ctx, v, serverBlessings)
+ }
case ipc.Granter:
if b, err := v.Grant(flow.RemoteBlessings()); err != nil {
return nil, nil, verror.Make(errBlessingGrant, ctx, serverBlessings, err)
diff --git a/runtimes/google/ipc/full_test.go b/runtimes/google/ipc/full_test.go
index 45f3a61..f46b0b7 100644
--- a/runtimes/google/ipc/full_test.go
+++ b/runtimes/google/ipc/full_test.go
@@ -6,7 +6,6 @@
"fmt"
"io"
"net"
- "os"
"path/filepath"
"reflect"
"runtime"
@@ -352,10 +351,8 @@
}
func matchesErrorPattern(err error, id verror.IDAction, pattern string) bool {
- if len(pattern) > 0 && err != nil {
- if strings.Index(err.Error(), pattern) < 0 {
- fmt.Fprintf(os.Stderr, "got error msg: %q, expected: %q\n", err, pattern)
- }
+ if len(pattern) > 0 && err != nil && strings.Index(err.Error(), pattern) < 0 {
+ return false
}
if err == nil && id.ID == "" {
return true
@@ -427,73 +424,91 @@
func TestRPCServerAuthorization(t *testing.T) {
const (
- vcErr = "VC handshake failed"
- nameErr = "do not match pattern"
+ vcErr = "VC handshake failed"
+ nameErr = "do not match pattern"
+ allowedErr = "set of allowed servers"
)
var (
pprovider, pclient, pserver = tsecurity.NewPrincipal("root"), tsecurity.NewPrincipal(), tsecurity.NewPrincipal()
pdischarger = pprovider
-
- now = time.Now()
-
- serverName = "mountpoint/server"
- dischargeServerName = "mountpoint/dischargeserver"
+ now = time.Now()
+ noErrID verror.IDAction
// Third-party caveats on blessings presented by server.
- cavTPValid = mkThirdPartyCaveat(pdischarger.PublicKey(), dischargeServerName, mkCaveat(security.ExpiryCaveat(now.Add(24*time.Hour))))
- cavTPExpired = mkThirdPartyCaveat(pdischarger.PublicKey(), dischargeServerName, mkCaveat(security.ExpiryCaveat(now.Add(-1*time.Second))))
+ cavTPValid = mkThirdPartyCaveat(pdischarger.PublicKey(), "mountpoint/dischargeserver", mkCaveat(security.ExpiryCaveat(now.Add(24*time.Hour))))
+ cavTPExpired = mkThirdPartyCaveat(pdischarger.PublicKey(), "mountpoint/dischargeserver", mkCaveat(security.ExpiryCaveat(now.Add(-1*time.Second))))
// Server blessings.
bServer = bless(pprovider, pserver, "server")
bServerExpired = bless(pprovider, pserver, "server", mkCaveat(security.ExpiryCaveat(time.Now().Add(-1*time.Second))))
bServerTPValid = bless(pprovider, pserver, "serverWithTPCaveats", cavTPValid)
bServerTPExpired = bless(pprovider, pserver, "serverWithTPCaveats", cavTPExpired)
+ bTwoBlessings, _ = security.UnionOfBlessings(bServer, bServerTPValid)
mgr = imanager.InternalNew(naming.FixedRoutingID(0x1111111))
ns = tnaming.NewSimpleNamespace()
tests = []struct {
- server security.Blessings // blessings presented by the server to the client.
- pattern security.BlessingPattern // pattern on the server identity expected by the client.
+ server security.Blessings // blessings presented by the server to the client.
+ name string // name provided by the client to StartCall
+ allowed options.AllowedServersPolicy // option provided to StartCall.
errID verror.IDAction
err string
}{
- // Client accepts talking to the server only if the server's blessings match the provided pattern
- {bServer, security.AllPrincipals, verror.IDAction{}, ""},
- {bServer, "root/server", verror.IDAction{}, ""},
- {bServer, "root/otherserver", verror.NotTrusted, nameErr},
- {bServer, "otherroot/server", verror.NotTrusted, nameErr},
+ // Client accepts talking to the server only if the
+ // server's blessings match the provided pattern
+ {bServer, "mountpoint/server", nil, noErrID, ""},
+ {bServer, "[root/server]mountpoint/server", nil, noErrID, ""},
+ {bServer, "[root/otherserver]mountpoint/server", nil, verror.NotTrusted, nameErr},
+ {bServer, "[otherroot/server]mountpoint/server", nil, verror.NotTrusted, nameErr},
- // and, if the server's blessing has third-party caveats then the server provides
- // appropriate discharges.
- {bServerTPValid, security.AllPrincipals, verror.IDAction{}, ""},
- {bServerTPValid, "root/serverWithTPCaveats", verror.IDAction{}, ""},
- {bServerTPValid, "root/otherserver", verror.NotTrusted, nameErr},
- {bServerTPValid, "otherroot/server", verror.NotTrusted, nameErr},
+ // and, if the server's blessing has third-party
+ // caveats then the server provides appropriate
+ // discharges.
+ {bServerTPValid, "mountpoint/server", nil, noErrID, ""},
+ {bServerTPValid, "[root/serverWithTPCaveats]mountpoint/server", nil, noErrID, ""},
+ {bServerTPValid, "[root/otherserver]mountpoint/server", nil, verror.NotTrusted, nameErr},
+ {bServerTPValid, "[otherroot/server]mountpoint/server", nil, verror.NotTrusted, nameErr},
- // Client does not talk to a server that presents expired blessings.
- {bServerExpired, security.AllPrincipals, verror.NotTrusted, vcErr},
+ // Client does not talk to a server that presents
+ // expired blessings (because the blessing store is
+ // configured to only talk to root/...).
+ {bServerExpired, "mountpoint/server", nil, verror.NotTrusted, vcErr},
- // Client does not talk to a server that fails to provide discharges for
- // third-party caveats on the blessings presented by it.
- {bServerTPExpired, security.AllPrincipals, verror.NotTrusted, vcErr},
+ // Client does not talk to a server that fails to
+ // provide discharges for third-party caveats on the
+ // blessings presented by it.
+ {bServerTPExpired, "mountpoint/server", nil, verror.NotTrusted, vcErr},
+
+ // Testing the AllowedServersPolicy option.
+ {bServer, "mountpoint/server", options.AllowedServersPolicy{"otherroot/..."}, verror.NotTrusted, allowedErr},
+ {bServer, "[root/server]mountpoint/server", options.AllowedServersPolicy{"otherroot/..."}, verror.NotTrusted, allowedErr},
+ {bServer, "[otherroot/server]mountpoint/server", options.AllowedServersPolicy{"root/server"}, verror.NotTrusted, nameErr},
+ {bServer, "[root/server]mountpoint/server", options.AllowedServersPolicy{"root/..."}, noErrID, ""},
+ // Server presents two blessings: One that satisfies
+ // the pattern provided to StartCall and one that
+ // satisfies the AllowedServersPolicy, so the server is
+ // authorized.
+ {bTwoBlessings, "[root/serverWithTPCaveats]mountpoint/server", options.AllowedServersPolicy{"root/server"}, noErrID, ""},
}
)
- _, server := startServer(t, pserver, mgr, ns, serverName, testServerDisp{&testServer{}})
- defer stopServer(t, server, ns, serverName)
+ _, server := startServer(t, pserver, mgr, ns, "mountpoint/server", testServerDisp{&testServer{}})
+ defer stopServer(t, server, ns, "mountpoint/server")
// Start the discharge server.
- _, dischargeServer := startServer(t, pdischarger, mgr, ns, dischargeServerName, testutil.LeafDispatcher(&dischargeServer{}, &acceptAllAuthorizer{}))
- defer stopServer(t, dischargeServer, ns, dischargeServerName)
+ _, dischargeServer := startServer(t, pdischarger, mgr, ns, "mountpoint/dischargeserver", testutil.LeafDispatcher(&dischargeServer{}, &acceptAllAuthorizer{}))
+ defer stopServer(t, dischargeServer, ns, "mountpoint/dischargeserver")
- // Make the client and server principals trust root certificates from pprovider
+ // Make the client and server principals trust root certificates from
+ // pprovider
pclient.AddToRoots(pprovider.BlessingStore().Default())
pserver.AddToRoots(pprovider.BlessingStore().Default())
- // Set a blessing that the client is willing to share with servers with blessings
- // from pprovider.
+ // Set a blessing that the client is willing to share with servers with
+ // blessings from pprovider.
pclient.BlessingStore().Set(bless(pprovider, pclient, "client"), "root/...")
+
for i, test := range tests {
- name := fmt.Sprintf("(%q@%q)", test.pattern, test.server)
+ name := fmt.Sprintf("(Name:%q, Server:%q, Allowed:%v)", test.name, test.server, test.allowed)
if err := pserver.BlessingStore().SetDefault(test.server); err != nil {
t.Fatalf("SetDefault failed on server's BlessingStore: %v", err)
}
@@ -506,9 +521,12 @@
t.Errorf("%s: failed to create client: %v", name, err)
continue
}
- ctx := testContextWithoutDeadline()
- dctx, cancel := context.WithTimeout(ctx, 10*time.Second)
- call, err := client.StartCall(dctx, fmt.Sprintf("[%s]%s/suffix", test.pattern, serverName), "Method", nil)
+ ctx, cancel := context.WithTimeout(testContextWithoutDeadline(), 10*time.Second)
+ var opts []ipc.CallOpt
+ if test.allowed != nil {
+ opts = append(opts, test.allowed)
+ }
+ call, err := client.StartCall(ctx, test.name, "Method", nil, opts...)
if !matchesErrorPattern(err, test.errID, test.err) {
t.Errorf(`%d: %s: client.StartCall: got error "%v", want to match "%v"`, i, name, err, test.err)
} else if call != nil {
@@ -516,8 +534,12 @@
if proof == nil {
t.Errorf("%s: Returned nil for remote blessings", name)
}
- if !test.pattern.MatchedBy(blessings...) {
- t.Errorf("%s: %q.MatchedBy(%v) failed", name, test.pattern, blessings)
+ // Currently all tests are configured so that the only
+ // blessings presented by the server that are
+ // recognized by the client match the pattern
+ // "root/..."
+ if len(blessings) < 1 || !security.BlessingPattern("root/...").MatchedBy(blessings...) {
+ t.Errorf("%s: Client sees server as %v, expected a single blessing matching root/...", name, blessings)
}
}
cancel()
