veyron/runtimes/google: Plumb the new security model all the way through.
This commit aims to enable a smooth transition to the new security
model for all client and server processes.
- ipc.Server implementations have both an old model identity
(PrivateID/PublicID) and new model credentials (Principal)
However, the IPC protocol version sent by the client determines
which model to use. IPCVersion4 implies authentication with
the new model, older versions use the older model
- The runtime sets up ipc.Client to use the new security model
only when explicitly asked to do so via the presense of the
VEYRON_CREDENTIALS environment variable.
The upgrade plan is to:
- Generate new-model credentials for all services and restart
those services
- After some time (once we've traced all remaining old code),
switch the default behavior to only use the old model if
explicitly asked to do so.
- And after that, remove the old model
Change-Id: Ifcaee44dbf12fa8bdbeec6e241f3f9d232668273
diff --git a/runtimes/google/ipc/stream/proxy/proxy.go b/runtimes/google/ipc/stream/proxy/proxy.go
index 4099d71..683ea0c 100644
--- a/runtimes/google/ipc/stream/proxy/proxy.go
+++ b/runtimes/google/ipc/stream/proxy/proxy.go
@@ -127,14 +127,7 @@
// New creates a new Proxy that listens for network connections on the provided
// (network, address) pair and routes VC traffic between accepted connections.
-//
-// TODO(ashankar): Change principal to security.Principal once the old security model is ripped out.
-func New(rid naming.RoutingID, principal interface{}, network, address, pubAddress string) (*Proxy, error) {
- if _, ok := principal.(security.Principal); principal != nil && !ok {
- if _, ok := principal.(security.PrivateID); !ok {
- return nil, fmt.Errorf("principal argument must be either a security.Principal or a security.PrivateID, not a %T", principal)
- }
- }
+func New(rid naming.RoutingID, principal security.Principal, network, address, pubAddress string) (*Proxy, error) {
ln, err := net.Listen(network, address)
if err != nil {
return nil, fmt.Errorf("net.Listen(%q, %q) failed: %v", network, address, err)
@@ -148,11 +141,7 @@
servers: &servermap{m: make(map[naming.RoutingID]*server)},
processes: make(map[*process]struct{}),
pubAddress: pubAddress,
- }
- if p, ok := principal.(security.Principal); ok {
- proxy.principal = vc.LocalPrincipal{p}
- } else if principal != nil {
- proxy.principal = vc.FixedLocalID(principal.(security.PrivateID))
+ principal: vc.LocalPrincipal{principal},
}
go proxy.listenLoop()
return proxy, nil
@@ -518,6 +507,11 @@
vc.Close("duplicate OpenVC request")
return nil
}
+ version, err := version.CommonVersion(m.DstEndpoint, m.SrcEndpoint)
+ if err != nil {
+ p.SendCloseVC(m.VCI, fmt.Errorf("incompatible IPC protocol versions: %v", err))
+ return nil
+ }
vc := vc.InternalNew(vc.Params{
VCI: m.VCI,
LocalEP: m.DstEndpoint,
@@ -525,6 +519,7 @@
Pool: iobuf.NewPool(0),
ReserveBytes: message.HeaderSizeBytes,
Helper: p,
+ Version: version,
})
p.servers[m.VCI] = vc
proxyLog().Infof("Registered VC %v from server on process %v", vc, p)
