Merge "ipc: Remove AnonymousPrinicipal from server side of VCs."
diff --git a/profiles/internal/ipc/cancel_test.go b/profiles/internal/ipc/cancel_test.go
index 6a510ab..4154aaa 100644
--- a/profiles/internal/ipc/cancel_test.go
+++ b/profiles/internal/ipc/cancel_test.go
@@ -3,6 +3,8 @@
import (
"testing"
+ tsecurity "v.io/x/ref/lib/testutil/security"
+ "v.io/x/ref/profiles/internal/ipc/stream"
"v.io/x/ref/profiles/internal/ipc/stream/manager"
tnaming "v.io/x/ref/profiles/internal/testing/mocks/naming"
@@ -12,7 +14,6 @@
"v.io/v23/naming/ns"
"v.io/v23/security"
"v.io/x/lib/vlog"
- "v.io/x/ref/profiles/internal/ipc/stream"
)
type fakeAuthorizer int
@@ -57,7 +58,7 @@
func makeCanceld(ns ns.Namespace, name, child string) (*canceld, error) {
sm := manager.InternalNew(naming.FixedRoutingID(0x111111111))
ctx := testContext()
- s, err := testInternalNewServer(ctx, sm, ns)
+ s, err := testInternalNewServer(ctx, sm, ns, tsecurity.NewPrincipal("test"))
if err != nil {
return nil, err
}
diff --git a/profiles/internal/ipc/debug_test.go b/profiles/internal/ipc/debug_test.go
index 71f21b7..502995d 100644
--- a/profiles/internal/ipc/debug_test.go
+++ b/profiles/internal/ipc/debug_test.go
@@ -36,7 +36,7 @@
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
ctx := testContext()
- server, err := testInternalNewServer(ctx, sm, ns, ReservedNameDispatcher{debugDisp}, vc.LocalPrincipal{pserver})
+ server, err := testInternalNewServer(ctx, sm, ns, pserver, ReservedNameDispatcher{debugDisp})
if err != nil {
t.Fatalf("InternalNewServer failed: %v", err)
}
diff --git a/profiles/internal/ipc/full_test.go b/profiles/internal/ipc/full_test.go
index 8adb4bf..a8e0077 100644
--- a/profiles/internal/ipc/full_test.go
+++ b/profiles/internal/ipc/full_test.go
@@ -81,12 +81,12 @@
return ctx
}
-func testInternalNewServer(ctx *context.T, streamMgr stream.Manager, ns ns.Namespace, opts ...ipc.ServerOpt) (ipc.Server, error) {
+func testInternalNewServer(ctx *context.T, streamMgr stream.Manager, ns ns.Namespace, principal security.Principal, opts ...ipc.ServerOpt) (ipc.Server, error) {
client, err := InternalNewClient(streamMgr, ns)
if err != nil {
return nil, err
}
- return InternalNewServer(ctx, streamMgr, ns, client, opts...)
+ return InternalNewServer(ctx, streamMgr, ns, client, principal, opts...)
}
type userType string
@@ -254,9 +254,8 @@
func startServerWS(t *testing.T, principal security.Principal, sm stream.Manager, ns ns.Namespace, name string, disp ipc.Dispatcher, shouldUseWebsocket websocketMode, opts ...ipc.ServerOpt) (naming.Endpoint, ipc.Server) {
vlog.VI(1).Info("InternalNewServer")
- opts = append(opts, vc.LocalPrincipal{principal})
ctx := testContext()
- server, err := testInternalNewServer(ctx, sm, ns, opts...)
+ server, err := testInternalNewServer(ctx, sm, ns, principal, opts...)
if err != nil {
t.Errorf("InternalNewServer failed: %v", err)
}
@@ -399,13 +398,13 @@
return verror.Is(err, id.ID)
}
-func runServer(t *testing.T, ns ns.Namespace, name string, obj interface{}, opts ...ipc.ServerOpt) stream.Manager {
+func runServer(t *testing.T, ns ns.Namespace, principal security.Principal, name string, obj interface{}, opts ...ipc.ServerOpt) stream.Manager {
rid, err := naming.NewRoutingID()
if err != nil {
t.Fatal(err)
}
sm := imanager.InternalNew(rid)
- server, err := testInternalNewServer(testContext(), sm, ns, opts...)
+ server, err := testInternalNewServer(testContext(), sm, ns, principal, opts...)
if err != nil {
t.Fatal(err)
}
@@ -422,7 +421,7 @@
sm := imanager.InternalNew(naming.FixedRoutingID(0x555555555))
ns := tnaming.NewSimpleNamespace()
ctx := testContext()
- server, err := testInternalNewServer(ctx, sm, ns, vc.LocalPrincipal{tsecurity.NewPrincipal("server")})
+ server, err := testInternalNewServer(ctx, sm, ns, tsecurity.NewPrincipal("server"))
if err != nil {
t.Errorf("InternalNewServer failed: %v", err)
}
@@ -618,7 +617,7 @@
// namespace that the client will use, provide it with a
// different namespace).
tnaming.NewSimpleNamespace(),
- vc.LocalPrincipal{tsecurity.NewPrincipal("attacker")})
+ tsecurity.NewPrincipal("attacker"))
if err != nil {
t.Fatal(err)
}
@@ -922,7 +921,7 @@
// Setup the discharge server.
var tester dischargeTestServer
ctx := testContext()
- dischargeServer, err := testInternalNewServer(ctx, sm, ns, vc.LocalPrincipal{pdischarger})
+ dischargeServer, err := testInternalNewServer(ctx, sm, ns, pdischarger)
if err != nil {
t.Fatal(err)
}
@@ -935,7 +934,7 @@
}
// Setup the application server.
- appServer, err := testInternalNewServer(ctx, sm, ns, vc.LocalPrincipal{pserver})
+ appServer, err := testInternalNewServer(ctx, sm, ns, pserver)
if err != nil {
t.Fatal(err)
}
@@ -1527,7 +1526,7 @@
return []ipc.Address{&netstate.AddrIfc{Addr: a}}, nil
}
ctx := testContext()
- server, err := testInternalNewServer(ctx, sm, ns, vc.LocalPrincipal{tsecurity.NewPrincipal("server")})
+ server, err := testInternalNewServer(ctx, sm, ns, tsecurity.NewPrincipal("server"))
if err != nil {
t.Errorf("InternalNewServer failed: %v", err)
}
@@ -1569,7 +1568,7 @@
return nil, fmt.Errorf("oops")
}
ctx := testContext()
- server, err := testInternalNewServer(ctx, sm, ns, vc.LocalPrincipal{tsecurity.NewPrincipal("server")})
+ server, err := testInternalNewServer(ctx, sm, ns, tsecurity.NewPrincipal("server"))
if err != nil {
t.Errorf("InternalNewServer failed: %v", err)
}
@@ -1598,7 +1597,7 @@
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
ctx := testContext()
- server, err := testInternalNewServer(ctx, sm, ns, options.VCSecurityNone)
+ server, err := testInternalNewServer(ctx, sm, ns, nil, options.VCSecurityNone)
if err != nil {
t.Fatalf("InternalNewServer failed: %v", err)
}
@@ -1664,9 +1663,8 @@
// to act as batman (as opposed to using the default blessing).
ns := tnaming.NewSimpleNamespace()
- popt := vc.LocalPrincipal{pserver}
- defer runServer(t, ns, "mountpoint/batman", &testServer{}, popt, options.ServerBlessings{batman}).Shutdown()
- defer runServer(t, ns, "mountpoint/default", &testServer{}, popt).Shutdown()
+ defer runServer(t, ns, pserver, "mountpoint/batman", &testServer{}, options.ServerBlessings{batman}).Shutdown()
+ defer runServer(t, ns, pserver, "mountpoint/default", &testServer{}).Shutdown()
// And finally, make an RPC and see that the client sees "batman"
runClient := func(server string) ([]string, error) {
@@ -1726,8 +1724,8 @@
// Setup the disharger and test server.
discharger := &dischargeServer{}
- defer runServer(t, ns, "mountpoint/discharger", discharger, vc.LocalPrincipal{pdischarger}).Shutdown()
- defer runServer(t, ns, "mountpoint/testServer", &testServer{}, vc.LocalPrincipal{pserver}).Shutdown()
+ defer runServer(t, ns, pdischarger, "mountpoint/discharger", discharger).Shutdown()
+ defer runServer(t, ns, pserver, "mountpoint/testServer", &testServer{}).Shutdown()
runClient := func(noDischarges bool) {
rid, err := naming.NewRoutingID()
@@ -1784,8 +1782,8 @@
// Setup the disharger and test server.
discharger1 := &dischargeServer{}
discharger2 := &dischargeServer{}
- defer runServer(t, ns, "mountpoint/discharger1", discharger1, vc.LocalPrincipal{pdischarger1}).Shutdown()
- defer runServer(t, ns, "mountpoint/discharger2", discharger2, vc.LocalPrincipal{pdischarger2}).Shutdown()
+ defer runServer(t, ns, pdischarger1, "mountpoint/discharger1", discharger1).Shutdown()
+ defer runServer(t, ns, pdischarger2, "mountpoint/discharger2", discharger2).Shutdown()
rid, err := naming.NewRoutingID()
if err != nil {
@@ -1827,7 +1825,7 @@
ns := tnaming.NewSimpleNamespace()
- serverSM := runServer(t, ns, "mountpoint/testServer", &testServer{}, vc.LocalPrincipal{pserver})
+ serverSM := runServer(t, ns, pserver, "mountpoint/testServer", &testServer{})
defer serverSM.Shutdown()
rid := serverSM.RoutingID()
@@ -1912,7 +1910,7 @@
mountName := "mountpoint/default"
// Start a server with pserver.
- defer runServer(t, ns, mountName, &testServer{}, vc.LocalPrincipal{pserver}).Shutdown()
+ defer runServer(t, ns, pserver, mountName, &testServer{}).Shutdown()
smc := imanager.InternalNew(naming.FixedRoutingID(0xc))
client, err := InternalNewClient(
@@ -1976,7 +1974,7 @@
// Setup the disharge server.
discharger := &expiryDischarger{}
- defer runServer(t, ns, "mountpoint/discharger", discharger, vc.LocalPrincipal{pdischarger}).Shutdown()
+ defer runServer(t, ns, pdischarger, "mountpoint/discharger", discharger).Shutdown()
// Create a discharge client.
rid, err := naming.NewRoutingID()
diff --git a/profiles/internal/ipc/proxy_test.go b/profiles/internal/ipc/proxy_test.go
index 58259d9..6eed70a 100644
--- a/profiles/internal/ipc/proxy_test.go
+++ b/profiles/internal/ipc/proxy_test.go
@@ -185,7 +185,7 @@
}
defer client.Close()
serverCtx, _ := v23.SetPrincipal(ctx, pserver)
- server, err := iipc.InternalNewServer(serverCtx, smserver, ns, nil, vc.LocalPrincipal{pserver})
+ server, err := iipc.InternalNewServer(serverCtx, smserver, ns, nil, pserver)
if err != nil {
t.Fatal(err)
}
diff --git a/profiles/internal/ipc/server.go b/profiles/internal/ipc/server.go
index 6ee0b8f..c289c3d 100644
--- a/profiles/internal/ipc/server.go
+++ b/profiles/internal/ipc/server.go
@@ -74,6 +74,7 @@
publisher publisher.Publisher // publisher to publish mounttable mounts.
listenerOpts []stream.ListenerOpt // listener opts for Listen.
dhcpState *dhcpState // dhcpState, nil if not using dhcp
+ principal security.Principal
// maps that contain state on listeners.
listenState map[*listenState]struct{}
@@ -150,15 +151,15 @@
var _ ipc.Server = (*server)(nil)
-func InternalNewServer(ctx *context.T, streamMgr stream.Manager, ns ns.Namespace, client ipc.Client, opts ...ipc.ServerOpt) (ipc.Server, error) {
+func InternalNewServer(ctx *context.T, streamMgr stream.Manager, ns ns.Namespace, client ipc.Client, principal security.Principal, opts ...ipc.ServerOpt) (ipc.Server, error) {
ctx, cancel := context.WithRootCancel(ctx)
ctx, _ = vtrace.SetNewSpan(ctx, "NewServer")
statsPrefix := naming.Join("ipc", "server", "routing-id", streamMgr.RoutingID().String())
s := &server{
-
ctx: ctx,
cancel: cancel,
streamMgr: streamMgr,
+ principal: principal,
publisher: publisher.New(ctx, ns, publishPeriod),
listenState: make(map[*listenState]struct{}),
listeners: make(map[stream.Listener]struct{}),
@@ -169,7 +170,6 @@
stats: newIPCStats(statsPrefix),
}
var (
- principal security.Principal
blessings security.Blessings
dischargeExpiryBuffer = vc.DefaultServerDischargeExpiryBuffer
)
@@ -179,8 +179,6 @@
// Collect all ServerOpts that are also ListenerOpts.
s.listenerOpts = append(s.listenerOpts, opt)
switch opt := opt.(type) {
- case vc.LocalPrincipal:
- principal = opt.Principal
case options.ServerBlessings:
blessings = opt.Blessings
case vc.DischargeExpiryBuffer:
@@ -391,7 +389,7 @@
protocol: addr.Protocol,
address: addr.Address,
}
- ls.ln, ls.lep, ls.lnerr = s.streamMgr.Listen(addr.Protocol, addr.Address, s.listenerOpts...)
+ ls.ln, ls.lep, ls.lnerr = s.streamMgr.Listen(addr.Protocol, addr.Address, s.principal, s.listenerOpts...)
lnState = append(lnState, ls)
if ls.lnerr != nil {
vlog.VI(2).Infof("Listen(%q, %q, ...) failed: %v", addr.Protocol, addr.Address, ls.lnerr)
@@ -463,7 +461,7 @@
if err != nil {
return nil, nil, fmt.Errorf("Failed to resolve proxy %q (%v)", proxy, err)
}
- ln, ep, err := s.streamMgr.Listen(inaming.Network, resolved, s.listenerOpts...)
+ ln, ep, err := s.streamMgr.Listen(inaming.Network, resolved, s.principal, s.listenerOpts...)
if err != nil {
return nil, nil, fmt.Errorf("failed to listen on %q: %s", resolved, err)
}
diff --git a/profiles/internal/ipc/server_test.go b/profiles/internal/ipc/server_test.go
index 469cb59..2670900 100644
--- a/profiles/internal/ipc/server_test.go
+++ b/profiles/internal/ipc/server_test.go
@@ -45,7 +45,7 @@
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
ctx := testContext()
- server, err := testInternalNewServer(ctx, sm, ns)
+ server, err := testInternalNewServer(ctx, sm, ns, tsecurity.NewPrincipal("test"))
if err != nil {
t.Fatal(err)
}
@@ -87,7 +87,7 @@
sm := imanager.InternalNew(naming.FixedRoutingID(0x555555555))
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
- server, err := InternalNewServer(testContext(), sm, ns, nil)
+ server, err := testInternalNewServer(testContext(), sm, ns, tsecurity.NewPrincipal("test"))
if err != nil {
t.Fatal(err)
}
@@ -134,7 +134,7 @@
sm := imanager.InternalNew(naming.FixedRoutingID(0x555555555))
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
- principal := vc.LocalPrincipal{tsecurity.NewPrincipal("testServerStatus")}
+ principal := tsecurity.NewPrincipal("testServerStatus")
server, err := testInternalNewServer(ctx, sm, ns, principal)
if err != nil {
t.Fatal(err)
@@ -162,7 +162,7 @@
progress := make(chan error)
- client, err := InternalNewClient(sm, ns, principal)
+ client, err := InternalNewClient(sm, ns, vc.LocalPrincipal{principal})
makeCall := func(ctx *context.T) {
call, err := client.StartCall(ctx, "test", "Hang", nil)
progress <- err
@@ -236,7 +236,7 @@
}
}
- server, err := testInternalNewServer(ctx, sm, ns)
+ server, err := testInternalNewServer(ctx, sm, ns, tsecurity.NewPrincipal("test"))
expectNoError(err)
defer server.Stop()
@@ -289,7 +289,7 @@
sm := imanager.InternalNew(naming.FixedRoutingID(0x555555555))
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
- server, err := testInternalNewServer(testContext(), sm, ns)
+ server, err := testInternalNewServer(testContext(), sm, ns, tsecurity.NewPrincipal("test"))
if err != nil {
t.Fatal(err)
}
@@ -411,7 +411,7 @@
sm := imanager.InternalNew(naming.FixedRoutingID(0x555555555))
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
- server, err := testInternalNewServer(testContext(), sm, ns)
+ server, err := testInternalNewServer(testContext(), sm, ns, tsecurity.NewPrincipal("test"))
defer server.Stop()
if err != nil {
@@ -560,7 +560,7 @@
sm := imanager.InternalNew(naming.FixedRoutingID(0x555555555))
defer sm.Shutdown()
ns := tnaming.NewSimpleNamespace()
- server, err := testInternalNewServer(testContext(), sm, ns)
+ server, err := testInternalNewServer(testContext(), sm, ns, tsecurity.NewPrincipal("test"))
defer server.Stop()
if err != nil {
diff --git a/profiles/internal/ipc/stream/benchmark/dial_vc.go b/profiles/internal/ipc/stream/benchmark/dial_vc.go
index 68cfdd5..ca94f11 100644
--- a/profiles/internal/ipc/stream/benchmark/dial_vc.go
+++ b/profiles/internal/ipc/stream/benchmark/dial_vc.go
@@ -5,6 +5,7 @@
"time"
"v.io/x/ref/lib/testutil/benchmark"
+ tsecurity "v.io/x/ref/lib/testutil/security"
"v.io/x/ref/profiles/internal/ipc/stream/manager"
_ "v.io/x/ref/profiles/static"
@@ -19,7 +20,7 @@
server := manager.InternalNew(naming.FixedRoutingID(0x5))
client := manager.InternalNew(naming.FixedRoutingID(0xc))
- _, ep, err := server.Listen("tcp", "127.0.0.1:0", mode)
+ _, ep, err := server.Listen("tcp", "127.0.0.1:0", tsecurity.NewPrincipal("test"), mode)
if err != nil {
b.Fatal(err)
}
diff --git a/profiles/internal/ipc/stream/benchmark/dial_vif.go b/profiles/internal/ipc/stream/benchmark/dial_vif.go
index 6bd7d7d..fd1d47e 100644
--- a/profiles/internal/ipc/stream/benchmark/dial_vif.go
+++ b/profiles/internal/ipc/stream/benchmark/dial_vif.go
@@ -6,6 +6,7 @@
"time"
"v.io/x/ref/lib/testutil/benchmark"
+ tsecurity "v.io/x/ref/lib/testutil/security"
"v.io/x/ref/profiles/internal/ipc/stream/vif"
"v.io/v23/naming"
@@ -15,6 +16,7 @@
// benchmarkDialVIF measures VIF creation time over the underlying net connection.
func benchmarkDialVIF(b *testing.B, mode options.VCSecurityLevel) {
stats := benchmark.AddStats(b, 16)
+ principal := tsecurity.NewPrincipal("test")
b.ResetTimer() // Exclude setup time from measurement.
@@ -22,7 +24,7 @@
b.StopTimer()
nc, ns := net.Pipe()
- server, err := vif.InternalNewAcceptedVIF(ns, naming.FixedRoutingID(0x5), nil, mode)
+ server, err := vif.InternalNewAcceptedVIF(ns, naming.FixedRoutingID(0x5), principal, nil, mode)
if err != nil {
b.Fatal(err)
}
diff --git a/profiles/internal/ipc/stream/benchmark/throughput_flow.go b/profiles/internal/ipc/stream/benchmark/throughput_flow.go
index e0191d0..82e4b9c 100644
--- a/profiles/internal/ipc/stream/benchmark/throughput_flow.go
+++ b/profiles/internal/ipc/stream/benchmark/throughput_flow.go
@@ -8,6 +8,7 @@
"v.io/v23/naming"
"v.io/v23/options"
+ tsecurity "v.io/x/ref/lib/testutil/security"
"v.io/x/ref/profiles/internal/ipc/stream"
)
@@ -28,7 +29,7 @@
func createListeners(mode options.VCSecurityLevel, m stream.Manager, N int) (servers []listener, err error) {
for i := 0; i < N; i++ {
var l listener
- if l.ln, l.ep, err = m.Listen("tcp", "127.0.0.1:0", mode); err != nil {
+ if l.ln, l.ep, err = m.Listen("tcp", "127.0.0.1:0", tsecurity.NewPrincipal("test"), mode); err != nil {
return
}
servers = append(servers, l)
diff --git a/profiles/internal/ipc/stream/manager/listener.go b/profiles/internal/ipc/stream/manager/listener.go
index 6c23880..07fde42 100644
--- a/profiles/internal/ipc/stream/manager/listener.go
+++ b/profiles/internal/ipc/stream/manager/listener.go
@@ -8,11 +8,13 @@
"sync"
"v.io/x/ref/profiles/internal/ipc/stream/proxy"
+ "v.io/x/ref/profiles/internal/ipc/stream/vc"
"v.io/x/ref/profiles/internal/ipc/stream/vif"
"v.io/x/ref/profiles/internal/lib/upcqueue"
inaming "v.io/x/ref/profiles/internal/naming"
"v.io/v23/naming"
+ "v.io/v23/security"
"v.io/v23/verror"
"v.io/v23/vom"
"v.io/x/lib/vlog"
@@ -44,15 +46,16 @@
// proxyListener implements the listener interface by connecting to a remote
// proxy (typically used to "listen" across network domains).
type proxyListener struct {
- q *upcqueue.T
- proxyEP naming.Endpoint
- manager *manager
- opts []stream.ListenerOpt
+ q *upcqueue.T
+ proxyEP naming.Endpoint
+ manager *manager
+ principal security.Principal
+ opts []stream.ListenerOpt
}
var _ stream.Listener = (*proxyListener)(nil)
-func newNetListener(m *manager, netLn net.Listener, opts []stream.ListenerOpt) listener {
+func newNetListener(m *manager, netLn net.Listener, principal security.Principal, opts []stream.ListenerOpt) listener {
ln := &netListener{
q: upcqueue.New(),
manager: m,
@@ -60,11 +63,11 @@
vifs: vif.NewSet(),
}
ln.netLoop.Add(1)
- go ln.netAcceptLoop(opts)
+ go ln.netAcceptLoop(principal, opts)
return ln
}
-func (ln *netListener) netAcceptLoop(listenerOpts []stream.ListenerOpt) {
+func (ln *netListener) netAcceptLoop(principal security.Principal, listenerOpts []stream.ListenerOpt) {
defer ln.netLoop.Done()
for {
conn, err := ln.netLn.Accept()
@@ -73,7 +76,7 @@
return
}
vlog.VI(1).Infof("New net.Conn accepted from %s (local address: %s)", conn.RemoteAddr(), conn.LocalAddr())
- vf, err := vif.InternalNewAcceptedVIF(conn, ln.manager.rid, nil, listenerOpts...)
+ vf, err := vif.InternalNewAcceptedVIF(conn, ln.manager.rid, principal, nil, listenerOpts...)
if err != nil {
vlog.Infof("Shutting down conn from %s (local address: %s) as a VIF could not be created: %v", conn.RemoteAddr(), conn.LocalAddr(), err)
conn.Close()
@@ -137,12 +140,13 @@
return strings.Join(ret, "\n")
}
-func newProxyListener(m *manager, proxyEP naming.Endpoint, opts []stream.ListenerOpt) (listener, *inaming.Endpoint, error) {
+func newProxyListener(m *manager, proxyEP naming.Endpoint, principal security.Principal, opts []stream.ListenerOpt) (listener, *inaming.Endpoint, error) {
ln := &proxyListener{
- q: upcqueue.New(),
- proxyEP: proxyEP,
- manager: m,
- opts: opts,
+ q: upcqueue.New(),
+ proxyEP: proxyEP,
+ manager: m,
+ opts: opts,
+ principal: principal,
}
vf, ep, err := ln.connect()
if err != nil {
@@ -163,6 +167,8 @@
}
}
// TODO(cnicolaou, ashankar): probably want to set a timeout here. (is this covered by opts?)
+ // TODO(suharshs): Pass the principal explicitly to FindOrDialVIF and remove vc.LocalPrincipal.
+ dialOpts = append(dialOpts, vc.LocalPrincipal{ln.principal})
vf, err := ln.manager.FindOrDialVIF(ln.proxyEP, dialOpts...)
if err != nil {
return nil, nil, err
diff --git a/profiles/internal/ipc/stream/manager/manager.go b/profiles/internal/ipc/stream/manager/manager.go
index b8e657a..e7c42e1 100644
--- a/profiles/internal/ipc/stream/manager/manager.go
+++ b/profiles/internal/ipc/stream/manager/manager.go
@@ -19,7 +19,6 @@
"v.io/x/ref/lib/stats"
"v.io/x/ref/profiles/internal/ipc/stream"
"v.io/x/ref/profiles/internal/ipc/stream/crypto"
- "v.io/x/ref/profiles/internal/ipc/stream/vc"
"v.io/x/ref/profiles/internal/ipc/stream/vif"
"v.io/x/ref/profiles/internal/ipc/version"
inaming "v.io/x/ref/profiles/internal/naming"
@@ -160,12 +159,12 @@
return nil, fmt.Errorf("unknown network %s", protocol)
}
-func (m *manager) Listen(protocol, address string, opts ...stream.ListenerOpt) (stream.Listener, naming.Endpoint, error) {
- blessings, err := extractBlessings(opts)
+func (m *manager) Listen(protocol, address string, principal security.Principal, opts ...stream.ListenerOpt) (stream.Listener, naming.Endpoint, error) {
+ blessings, err := extractBlessings(principal, opts)
if err != nil {
return nil, nil, err
}
- ln, ep, err := m.internalListen(protocol, address, opts...)
+ ln, ep, err := m.internalListen(protocol, address, principal, opts...)
if err != nil {
return nil, nil, err
}
@@ -173,7 +172,7 @@
return ln, ep, nil
}
-func (m *manager) internalListen(protocol, address string, opts ...stream.ListenerOpt) (stream.Listener, *inaming.Endpoint, error) {
+func (m *manager) internalListen(protocol, address string, principal security.Principal, opts ...stream.ListenerOpt) (stream.Listener, *inaming.Endpoint, error) {
m.muListeners.Lock()
if m.shutdown {
m.muListeners.Unlock()
@@ -187,7 +186,7 @@
if err != nil {
return nil, nil, fmt.Errorf("failed to parse endpoint %q: %v", address, err)
}
- return m.remoteListen(ep, opts)
+ return m.remoteListen(ep, principal, opts)
}
netln, err := listen(protocol, address)
if err != nil {
@@ -201,14 +200,14 @@
return nil, nil, errShutDown
}
- ln := newNetListener(m, netln, opts)
+ ln := newNetListener(m, netln, principal, opts)
m.listeners[ln] = true
m.muListeners.Unlock()
return ln, version.Endpoint(protocol, netln.Addr().String(), m.rid), nil
}
-func (m *manager) remoteListen(proxy naming.Endpoint, listenerOpts []stream.ListenerOpt) (stream.Listener, *inaming.Endpoint, error) {
- ln, ep, err := newProxyListener(m, proxy, listenerOpts)
+func (m *manager) remoteListen(proxy naming.Endpoint, principal security.Principal, listenerOpts []stream.ListenerOpt) (stream.Listener, *inaming.Endpoint, error) {
+ ln, ep, err := newProxyListener(m, proxy, principal, listenerOpts)
if err != nil {
return nil, nil, err
}
@@ -298,15 +297,10 @@
return strings.Join(l, "\n")
}
-func extractBlessings(opts []stream.ListenerOpt) ([]string, error) {
- var (
- p security.Principal
- b security.Blessings
- )
+func extractBlessings(p security.Principal, opts []stream.ListenerOpt) ([]string, error) {
+ var b security.Blessings
for _, o := range opts {
switch v := o.(type) {
- case vc.LocalPrincipal:
- p = v.Principal
case options.ServerBlessings:
b = v.Blessings
}
diff --git a/profiles/internal/ipc/stream/manager/manager_test.go b/profiles/internal/ipc/stream/manager/manager_test.go
index 29e4d27..3d7a1a5 100644
--- a/profiles/internal/ipc/stream/manager/manager_test.go
+++ b/profiles/internal/ipc/stream/manager/manager_test.go
@@ -31,10 +31,6 @@
inaming "v.io/x/ref/profiles/internal/naming"
)
-func newPrincipal(defaultBlessing string) vc.LocalPrincipal {
- return vc.LocalPrincipal{tsecurity.NewPrincipal(defaultBlessing)}
-}
-
func init() {
modules.RegisterChild("runServer", "", runServer)
}
@@ -62,7 +58,7 @@
server := InternalNew(naming.FixedRoutingID(0x55555555))
client := InternalNew(naming.FixedRoutingID(0xcccccccc))
- ln, ep, err := server.Listen(protocol, "127.0.0.1:0")
+ ln, ep, err := server.Listen(protocol, "127.0.0.1:0", tsecurity.NewPrincipal("test"))
if err != nil {
t.Fatal(err)
}
@@ -176,10 +172,10 @@
server = InternalNew(naming.FixedRoutingID(0x55555555))
client = InternalNew(naming.FixedRoutingID(0xcccccccc))
- clientPrincipal = newPrincipal("client")
- serverPrincipal = newPrincipal("server")
- clientKey = clientPrincipal.Principal.PublicKey()
- serverBlessings = serverPrincipal.Principal.BlessingStore().Default()
+ clientPrincipal = tsecurity.NewPrincipal("client")
+ serverPrincipal = tsecurity.NewPrincipal("server")
+ clientKey = clientPrincipal.PublicKey()
+ serverBlessings = serverPrincipal.BlessingStore().Default()
)
// VCSecurityLevel is intentionally not provided to Listen - to test
// default behavior.
@@ -223,7 +219,7 @@
go func() {
// VCSecurityLevel is intentionally not provided to Dial - to
// test default behavior.
- vc, err := client.Dial(ep, clientPrincipal)
+ vc, err := client.Dial(ep, vc.LocalPrincipal{clientPrincipal})
if err != nil {
errs <- err
return
@@ -259,8 +255,8 @@
func TestListenEndpoints(t *testing.T) {
server := InternalNew(naming.FixedRoutingID(0xcafe))
- ln1, ep1, err1 := server.Listen("tcp", "127.0.0.1:0")
- ln2, ep2, err2 := server.Listen("tcp", "127.0.0.1:0")
+ ln1, ep1, err1 := server.Listen("tcp", "127.0.0.1:0", tsecurity.NewPrincipal("test"))
+ ln2, ep2, err2 := server.Listen("tcp", "127.0.0.1:0", tsecurity.NewPrincipal("test"))
// Since "127.0.0.1:0" was used as the network address, a random port will be
// assigned in each case. The endpoint should include that random port.
if err1 != nil {
@@ -306,7 +302,7 @@
func testCloseListener(t *testing.T, protocol string) {
server := InternalNew(naming.FixedRoutingID(0x5e97e9))
- ln, ep, err := server.Listen(protocol, "127.0.0.1:0")
+ ln, ep, err := server.Listen(protocol, "127.0.0.1:0", tsecurity.NewPrincipal("test"))
if err != nil {
t.Fatal(err)
}
@@ -325,7 +321,7 @@
func TestShutdown(t *testing.T) {
server := InternalNew(naming.FixedRoutingID(0x5e97e9))
- ln, _, err := server.Listen("tcp", "127.0.0.1:0")
+ ln, _, err := server.Listen("tcp", "127.0.0.1:0", tsecurity.NewPrincipal("test"))
if err != nil {
t.Fatal(err)
}
@@ -335,7 +331,7 @@
t.Errorf("expecting %d listeners, got %d for %s", n, expect, debugString(server))
}
server.Shutdown()
- if _, _, err := server.Listen("tcp", "127.0.0.1:0"); err == nil {
+ if _, _, err := server.Listen("tcp", "127.0.0.1:0", tsecurity.NewPrincipal("test")); err == nil {
t.Error("server should have shut down")
}
if n, expect := numListeners(server), 0; n != expect {
@@ -355,7 +351,7 @@
server := InternalNew(naming.FixedRoutingID(0x55555555))
client := InternalNew(naming.FixedRoutingID(0xcccccccc))
- ln, ep, err := server.Listen(protocol, "127.0.0.1:0")
+ ln, ep, err := server.Listen(protocol, "127.0.0.1:0", tsecurity.NewPrincipal("test"))
if err != nil {
t.Fatal(err)
}
@@ -379,13 +375,13 @@
/* TLS + resumption + channel bindings is broken: <https://secure-resumption.com/#channelbindings>.
func TestSessionTicketCache(t *testing.T) {
server := InternalNew(naming.FixedRoutingID(0x55555555))
- _, ep, err := server.Listen("tcp", "127.0.0.1:0", newPrincipal("server"))
+ _, ep, err := server.Listen("tcp", "127.0.0.1:0", tsecurity.NewPrincipal("server"))
if err != nil {
t.Fatal(err)
}
client := InternalNew(naming.FixedRoutingID(0xcccccccc))
- if _, err = client.Dial(ep, newPrincipal("TestSessionTicketCacheClient")); err != nil {
+ if _, err = client.Dial(ep, tsecurity.NewPrincipal("TestSessionTicketCacheClient")); err != nil {
t.Fatalf("Dial(%q) failed: %v", ep, err)
}
@@ -404,7 +400,7 @@
// Have the server read from each flow and write to rchan.
rchan := make(chan string)
- ln, ep, err := server.Listen(protocol, "127.0.0.1:0")
+ ln, ep, err := server.Listen(protocol, "127.0.0.1:0", tsecurity.NewPrincipal("test"))
if err != nil {
t.Fatal(err)
}
@@ -492,7 +488,7 @@
// resolve IPv6 addresses.
// As of April 2014, https://developers.google.com/compute/docs/networking
// said that IPv6 is not yet supported.
- ln, ep, err := server.Listen("tcp4", "127.0.0.1:0")
+ ln, ep, err := server.Listen("tcp4", "127.0.0.1:0", tsecurity.NewPrincipal("test"))
if err != nil {
t.Fatal(err)
}
@@ -576,7 +572,7 @@
func runServer(stdin io.Reader, stdout, stderr io.Writer, env map[string]string, args ...string) error {
server := InternalNew(naming.FixedRoutingID(0x55555555))
- _, ep, err := server.Listen(args[0], args[1])
+ _, ep, err := server.Listen(args[0], args[1], tsecurity.NewPrincipal("test"))
if err != nil {
fmt.Fprintln(stderr, err)
return err
@@ -623,12 +619,12 @@
}
ipc.RegisterProtocol("tn", dialer, listener)
- _, _, err := server.Listen("tnx", "127.0.0.1:0")
+ _, _, err := server.Listen("tnx", "127.0.0.1:0", tsecurity.NewPrincipal("test"))
if err == nil || !strings.Contains(err.Error(), "unknown network tnx") {
t.Fatal("expected error is missing (%v)", err)
}
- _, _, err = server.Listen("tn", "127.0.0.1:0")
+ _, _, err = server.Listen("tn", "127.0.0.1:0", tsecurity.NewPrincipal("test"))
if err == nil || !strings.Contains(err.Error(), "tn.Listen") {
t.Fatal("expected error is missing (%v)", err)
}
@@ -642,7 +638,7 @@
t.Errorf("got %t, want %t", got, want)
}
- _, ep, err := server.Listen("tn", "127.0.0.1:0")
+ _, ep, err := server.Listen("tn", "127.0.0.1:0", tsecurity.NewPrincipal("test"))
if err != nil {
t.Errorf("unexpected error %s", err)
}
@@ -655,45 +651,49 @@
func TestBlessingNamesInEndpoint(t *testing.T) {
var (
- p = newPrincipal("default")
- b1, _ = p.Principal.BlessSelf("dev.v.io/users/foo@bar.com/devices/desktop/app/myapp")
- b2, _ = p.Principal.BlessSelf("otherblessing")
+ p = tsecurity.NewPrincipal("default")
+ b1, _ = p.BlessSelf("dev.v.io/users/foo@bar.com/devices/desktop/app/myapp")
+ b2, _ = p.BlessSelf("otherblessing")
b, _ = security.UnionOfBlessings(b1, b2)
bopt = options.ServerBlessings{b}
server = InternalNew(naming.FixedRoutingID(0x1))
tests = []struct {
+ principal security.Principal
opts []stream.ListenerOpt
blessings []string
err bool
}{
{
// Use the default blessings when only a principal is provided
- opts: []stream.ListenerOpt{p},
+ principal: p,
blessings: []string{"default"},
},
{
// Respect options.ServerBlessings if provided
- opts: []stream.ListenerOpt{p, bopt},
+ principal: p,
+ opts: []stream.ListenerOpt{bopt},
blessings: []string{"dev.v.io/users/foo@bar.com/devices/desktop/app/myapp", "otherblessing"},
},
{
- // It is an error to provide options.ServerBlessings without vc.LocalPrincipal
- opts: []stream.ListenerOpt{bopt},
- err: true,
+ // It is an error to provide options.ServerBlessings without passing a principal
+ principal: nil,
+ opts: []stream.ListenerOpt{bopt},
+ err: true,
},
{
- // It is an error to provide inconsistent options.ServerBlessings and vc.LocalPrincipal
- opts: []stream.ListenerOpt{newPrincipal("random"), bopt},
- err: true,
+ // It is an error to provide inconsistent options.ServerBlessings and principal
+ principal: tsecurity.NewPrincipal("random"),
+ opts: []stream.ListenerOpt{bopt},
+ err: true,
},
}
)
// p must recognize its own blessings!
p.AddToRoots(bopt.Blessings)
for idx, test := range tests {
- ln, ep, err := server.Listen("tcp", "127.0.0.1:0", test.opts...)
+ ln, ep, err := server.Listen("tcp", "127.0.0.1:0", test.principal, test.opts...)
if (err != nil) != test.err {
t.Errorf("test #%d: Got error %v, wanted error: %v", idx, err, test.err)
}
diff --git a/profiles/internal/ipc/stream/model.go b/profiles/internal/ipc/stream/model.go
index 630fe1e..ddbc8e5 100644
--- a/profiles/internal/ipc/stream/model.go
+++ b/profiles/internal/ipc/stream/model.go
@@ -111,14 +111,20 @@
// with the provided network address.
//
// For example:
- // ln, ep, err := Listen("tcp", ":0")
+ // ln, ep, err := Listen("tcp", ":0", principal)
// for {
// flow, err := ln.Accept()
// // process flow
// }
// can be used to accept Flows initiated by remote processes to the endpoint
// identified by the returned Endpoint.
- Listen(protocol, address string, opts ...ListenerOpt) (Listener, naming.Endpoint, error)
+ //
+ // principal is used during authentication. If principal is nil, then the Listener
+ // expects to be used for unauthenticated, unencrypted communication.
+ // If no Blessings are provided via v23.options.ServerBlessings, the principal's
+ // default Blessings will be presented to the Client.
+ // TODO(suharshs): Pass Blessings in explicitly instead of relying on ServerBlessings opt.
+ Listen(protocol, address string, principal security.Principal, opts ...ListenerOpt) (Listener, naming.Endpoint, error)
// Dial creates a VC to the provided remote endpoint.
Dial(remote naming.Endpoint, opts ...VCOpt) (VC, error)
diff --git a/profiles/internal/ipc/stream/proxy/proxy.go b/profiles/internal/ipc/stream/proxy/proxy.go
index f3c50ac..8189083 100644
--- a/profiles/internal/ipc/stream/proxy/proxy.go
+++ b/profiles/internal/ipc/stream/proxy/proxy.go
@@ -563,7 +563,7 @@
p.proxy.routeCounters(p, m.Counters)
if vcObj != nil {
server := &server{Process: p, VC: vcObj}
- go p.proxy.runServer(server, vcObj.HandshakeAcceptedVC(vc.LocalPrincipal{p.proxy.principal}))
+ go p.proxy.runServer(server, vcObj.HandshakeAcceptedVC(p.proxy.principal))
}
break
}
diff --git a/profiles/internal/ipc/stream/proxy/proxy_test.go b/profiles/internal/ipc/stream/proxy/proxy_test.go
index 7cb86e0..cc6d906 100644
--- a/profiles/internal/ipc/stream/proxy/proxy_test.go
+++ b/profiles/internal/ipc/stream/proxy/proxy_test.go
@@ -15,13 +15,13 @@
_ "v.io/x/ref/profiles"
"v.io/x/ref/profiles/internal/ipc/stream/manager"
"v.io/x/ref/profiles/internal/ipc/stream/proxy"
- "v.io/x/ref/profiles/internal/ipc/stream/vc"
)
//go:generate v23 test generate
func TestProxy(t *testing.T) {
- shutdown, proxyEp, err := proxy.InternalNew(naming.FixedRoutingID(0xbbbbbbbbbbbbbbbb), nil, "tcp", "127.0.0.1:0", "")
+ pproxy := tsecurity.NewPrincipal("proxy")
+ shutdown, proxyEp, err := proxy.InternalNew(naming.FixedRoutingID(0xbbbbbbbbbbbbbbbb), pproxy, "tcp", "127.0.0.1:0", "")
if err != nil {
t.Fatal(err)
}
@@ -32,7 +32,7 @@
defer server1.Shutdown()
// Setup a stream.Listener that will accept VCs and Flows routed
// through the proxy.
- ln1, ep1, err := server1.Listen(proxyEp.Network(), proxyEp.String())
+ ln1, ep1, err := server1.Listen(proxyEp.Network(), proxyEp.String(), tsecurity.NewPrincipal("test"))
if err != nil {
t.Fatal(err)
}
@@ -43,7 +43,7 @@
defer server2.Shutdown()
// Setup a stream.Listener that will accept VCs and Flows routed
// through the proxy.
- ln2, ep2, err := server2.Listen(proxyEp.Network(), proxyEp.String())
+ ln2, ep2, err := server2.Listen(proxyEp.Network(), proxyEp.String(), tsecurity.NewPrincipal("test"))
if err != nil {
t.Fatal(err)
}
@@ -81,7 +81,8 @@
}
func TestDuplicateRoutingID(t *testing.T) {
- shutdown, proxyEp, err := proxy.InternalNew(naming.FixedRoutingID(0xbbbbbbbbbbbbbbbb), nil, "tcp", "127.0.0.1:0", "")
+ pproxy := tsecurity.NewPrincipal("proxy")
+ shutdown, proxyEp, err := proxy.InternalNew(naming.FixedRoutingID(0xbbbbbbbbbbbbbbbb), pproxy, "tcp", "127.0.0.1:0", "")
if err != nil {
t.Fatal(err)
}
@@ -95,13 +96,13 @@
defer server2.Shutdown()
// First server to claim serverRID should win.
- ln1, ep1, err := server1.Listen(proxyEp.Network(), proxyEp.String())
+ ln1, ep1, err := server1.Listen(proxyEp.Network(), proxyEp.String(), tsecurity.NewPrincipal("test"))
if err != nil {
t.Fatal(err)
}
defer ln1.Close()
- ln2, ep2, err := server2.Listen(proxyEp.Network(), proxyEp.String())
+ ln2, ep2, err := server2.Listen(proxyEp.Network(), proxyEp.String(), tsecurity.NewPrincipal("test"))
if pattern := "routing id 00000000000000005555555555555555 is already being proxied"; err == nil || !strings.Contains(err.Error(), pattern) {
t.Errorf("Got (%v, %v, %v) want error \"...%v\" (ep1:%v)", ln2, ep2, err, pattern, ep1)
}
@@ -151,7 +152,7 @@
server := manager.InternalNew(naming.FixedRoutingID(0x5555555555555555))
defer server.Shutdown()
- ln, ep, err := server.Listen(proxyEp.Network(), proxyEp.String(), vc.LocalPrincipal{pserver})
+ ln, ep, err := server.Listen(proxyEp.Network(), proxyEp.String(), pserver)
if err != nil {
t.Fatal(err)
}
@@ -183,7 +184,8 @@
}
func TestHostPort(t *testing.T) {
- shutdown, proxyEp, err := proxy.InternalNew(naming.FixedRoutingID(0xbbbbbbbbbbbbbbbb), nil, "tcp", "127.0.0.1:0", "")
+ pproxy := tsecurity.NewPrincipal("proxy")
+ shutdown, proxyEp, err := proxy.InternalNew(naming.FixedRoutingID(0xbbbbbbbbbbbbbbbb), pproxy, "tcp", "127.0.0.1:0", "")
if err != nil {
t.Fatal(err)
}
@@ -192,7 +194,7 @@
defer server.Shutdown()
addr := proxyEp.Addr().String()
port := addr[strings.LastIndex(addr, ":"):]
- ln, _, err := server.Listen("veyron", "127.0.0.1"+port)
+ ln, _, err := server.Listen("veyron", "127.0.0.1"+port, tsecurity.NewPrincipal("test"))
if err != nil {
t.Fatal(err)
}
@@ -200,7 +202,8 @@
}
func TestClientBecomesServer(t *testing.T) {
- shutdown, proxyEp, err := proxy.InternalNew(naming.FixedRoutingID(0xbbbbbbbbbbbbbbbb), nil, "tcp", "127.0.0.1:0", "")
+ pproxy := tsecurity.NewPrincipal("proxy")
+ shutdown, proxyEp, err := proxy.InternalNew(naming.FixedRoutingID(0xbbbbbbbbbbbbbbbb), pproxy, "tcp", "127.0.0.1:0", "")
if err != nil {
t.Fatal(err)
}
@@ -212,7 +215,7 @@
defer client1.Shutdown()
defer client2.Shutdown()
- lnS, epS, err := server.Listen(proxyEp.Network(), proxyEp.String())
+ lnS, epS, err := server.Listen(proxyEp.Network(), proxyEp.String(), tsecurity.NewPrincipal("test"))
if err != nil {
t.Fatal(err)
}
@@ -233,7 +236,7 @@
}
// Now client1 becomes a server
- lnC, epC, err := client1.Listen(proxyEp.Network(), proxyEp.String())
+ lnC, epC, err := client1.Listen(proxyEp.Network(), proxyEp.String(), tsecurity.NewPrincipal("test"))
if err != nil {
t.Fatal(err)
}
diff --git a/profiles/internal/ipc/stream/vc/vc.go b/profiles/internal/ipc/stream/vc/vc.go
index c994b3a..bbad982 100644
--- a/profiles/internal/ipc/stream/vc/vc.go
+++ b/profiles/internal/ipc/stream/vc/vc.go
@@ -142,10 +142,8 @@
// when establishing virtual circuits.
type LocalPrincipal struct{ security.Principal }
-func (LocalPrincipal) IPCStreamListenerOpt() {}
-func (LocalPrincipal) IPCStreamVCOpt() {}
-func (LocalPrincipal) IPCClientOpt() {}
-func (LocalPrincipal) IPCServerOpt() {}
+func (LocalPrincipal) IPCStreamVCOpt() {}
+func (LocalPrincipal) IPCClientOpt() {}
// DischargeClient is an interface for obtaining discharges for a set of third-party
// caveats.
@@ -504,14 +502,18 @@
// Since the handshaking process might involve several round trips, a bulk of the work
// is done asynchronously and the result of the handshake is written to the
// channel returned by this method.
-func (vc *VC) HandshakeAcceptedVC(opts ...stream.ListenerOpt) <-chan HandshakeResult {
+//
+// principal is server's used during authentication. If principal is nil, then the VC
+// expects to be used for unauthenticated, unencrypted communication.
+// If no Blessings are provided via v23.options.ServerBlessings, the principal's
+// default Blessings will be presented to the Client.
+func (vc *VC) HandshakeAcceptedVC(principal security.Principal, opts ...stream.ListenerOpt) <-chan HandshakeResult {
result := make(chan HandshakeResult, 1)
finish := func(ln stream.Listener, err error) chan HandshakeResult {
result <- HandshakeResult{ln, err}
return result
}
var (
- principal security.Principal
securityLevel options.VCSecurityLevel
dischargeClient DischargeClient
lBlessings security.Blessings
@@ -522,8 +524,6 @@
switch v := o.(type) {
case DischargeClient:
dischargeClient = v
- case LocalPrincipal:
- principal = v.Principal
case options.VCSecurityLevel:
securityLevel = v
case options.ServerBlessings:
@@ -543,7 +543,7 @@
switch securityLevel {
case options.VCSecurityConfidential:
if principal == nil {
- principal = AnonymousPrincipal
+ return finish(nil, fmt.Errorf("principal required for VCSecurityConfidential"))
}
if lBlessings.IsZero() {
lBlessings = principal.BlessingStore().Default()
diff --git a/profiles/internal/ipc/stream/vc/vc_test.go b/profiles/internal/ipc/stream/vc/vc_test.go
index 9a9ff00..40d549d 100644
--- a/profiles/internal/ipc/stream/vc/vc_test.go
+++ b/profiles/internal/ipc/stream/vc/vc_test.go
@@ -472,7 +472,7 @@
go clientH.pipeLoop(serverH.VC)
go serverH.pipeLoop(clientH.VC)
- lopts := []stream.ListenerOpt{vc.LocalPrincipal{server}, security}
+ lopts := []stream.ListenerOpt{security}
vcopts := []stream.VCOpt{vc.LocalPrincipal{client}, security}
if dischargeClient != nil {
@@ -482,7 +482,7 @@
vcopts = append(vcopts, auth)
}
- c := serverH.VC.HandshakeAcceptedVC(lopts...)
+ c := serverH.VC.HandshakeAcceptedVC(server, lopts...)
if err := clientH.VC.HandshakeDialedVC(vcopts...); err != nil {
go func() { <-c }()
return nil, nil, err
diff --git a/profiles/internal/ipc/stream/vif/auth.go b/profiles/internal/ipc/stream/vif/auth.go
index 62914ab..25a5414 100644
--- a/profiles/internal/ipc/stream/vif/auth.go
+++ b/profiles/internal/ipc/stream/vif/auth.go
@@ -187,15 +187,17 @@
return c, nil
}
-// serverAuthOptions extracts the Principal from the options list.
-func serverAuthOptions(lopts []stream.ListenerOpt) (principal security.Principal, lBlessings security.Blessings, dischargeClient vc.DischargeClient, err error) {
- var securityLevel options.VCSecurityLevel
+// serverAuthOptions returns credentials for VIF authentication, based on the provided principal and options list.
+func serverAuthOptions(principal security.Principal, lopts []stream.ListenerOpt) (security.Principal, security.Blessings, vc.DischargeClient, error) {
+ var (
+ securityLevel options.VCSecurityLevel
+ dischargeClient vc.DischargeClient
+ lBlessings security.Blessings
+ )
for _, o := range lopts {
switch v := o.(type) {
case vc.DischargeClient:
dischargeClient = v
- case vc.LocalPrincipal:
- principal = v.Principal
case options.VCSecurityLevel:
securityLevel = v
case options.ServerBlessings:
@@ -204,18 +206,15 @@
}
switch securityLevel {
case options.VCSecurityConfidential:
- if principal == nil {
- principal = vc.AnonymousPrincipal
- }
if lBlessings.IsZero() {
lBlessings = principal.BlessingStore().Default()
}
+ return principal, lBlessings, dischargeClient, nil
case options.VCSecurityNone:
- principal = nil
+ return nil, security.Blessings{}, nil, nil
default:
- err = fmt.Errorf("unrecognized VC security level: %v", securityLevel)
+ return nil, security.Blessings{}, nil, fmt.Errorf("unrecognized VC security level: %v", securityLevel)
}
- return
}
// makeHopSetup constructs the options that this process can support.
diff --git a/profiles/internal/ipc/stream/vif/set_test.go b/profiles/internal/ipc/stream/vif/set_test.go
index 0a45f12..e00a51b 100644
--- a/profiles/internal/ipc/stream/vif/set_test.go
+++ b/profiles/internal/ipc/stream/vif/set_test.go
@@ -12,6 +12,7 @@
"v.io/v23/ipc"
"v.io/v23/naming"
+ tsecurity "v.io/x/ref/lib/testutil/security"
_ "v.io/x/ref/profiles"
"v.io/x/ref/profiles/internal/ipc/stream/vif"
)
@@ -59,7 +60,7 @@
func newVIF(c, s net.Conn) (*vif.VIF, *vif.VIF, error) {
done := make(chan *vif.VIF)
go func() {
- vf, err := vif.InternalNewAcceptedVIF(s, naming.FixedRoutingID(0x5), nil)
+ vf, err := vif.InternalNewAcceptedVIF(s, naming.FixedRoutingID(0x5), tsecurity.NewPrincipal("test"), nil)
if err != nil {
panic(err)
}
diff --git a/profiles/internal/ipc/stream/vif/vif.go b/profiles/internal/ipc/stream/vif/vif.go
index dd2c703..97bbe65 100644
--- a/profiles/internal/ipc/stream/vif/vif.go
+++ b/profiles/internal/ipc/stream/vif/vif.go
@@ -65,6 +65,7 @@
muListen sync.Mutex
acceptor *upcqueue.T // GUARDED_BY(muListen)
listenerOpts []stream.ListenerOpt // GUARDED_BY(muListen)
+ principal security.Principal
muNextVCI sync.Mutex
nextVCI id.VC
@@ -153,7 +154,7 @@
if err != nil {
return nil, err
}
- return internalNew(conn, pool, reader, rid, id.VC(vc.NumReservedVCs), versions, nil, nil, c)
+ return internalNew(conn, pool, reader, rid, id.VC(vc.NumReservedVCs), versions, principal, nil, nil, c)
}
// InternalNewAcceptedVIF creates a new virtual interface over the provided
@@ -166,13 +167,13 @@
// As the name suggests, this method is intended for use only within packages
// placed inside veyron/profiles/internal. Code outside the
// veyron/profiles/internal/* packages should never call this method.
-func InternalNewAcceptedVIF(conn net.Conn, rid naming.RoutingID, versions *version.Range, lopts ...stream.ListenerOpt) (*VIF, error) {
+func InternalNewAcceptedVIF(conn net.Conn, rid naming.RoutingID, principal security.Principal, versions *version.Range, lopts ...stream.ListenerOpt) (*VIF, error) {
pool := iobuf.NewPool(0)
reader := iobuf.NewReader(pool, conn)
- return internalNew(conn, pool, reader, rid, id.VC(vc.NumReservedVCs)+1, versions, upcqueue.New(), lopts, &crypto.NullControlCipher{})
+ return internalNew(conn, pool, reader, rid, id.VC(vc.NumReservedVCs)+1, versions, principal, upcqueue.New(), lopts, &crypto.NullControlCipher{})
}
-func internalNew(conn net.Conn, pool *iobuf.Pool, reader *iobuf.Reader, rid naming.RoutingID, initialVCI id.VC, versions *version.Range, acceptor *upcqueue.T, listenerOpts []stream.ListenerOpt, c crypto.ControlCipher) (*VIF, error) {
+func internalNew(conn net.Conn, pool *iobuf.Pool, reader *iobuf.Reader, rid naming.RoutingID, initialVCI id.VC, versions *version.Range, principal security.Principal, acceptor *upcqueue.T, listenerOpts []stream.ListenerOpt, c crypto.ControlCipher) (*VIF, error) {
var (
// Choose IDs that will not conflict with any other (VC, Flow)
// pairs. VCI 0 is never used by the application (it is
@@ -210,6 +211,7 @@
vcMap: newVCMap(),
acceptor: acceptor,
listenerOpts: listenerOpts,
+ principal: principal,
localEP: localEP(conn, rid, versions),
nextVCI: initialVCI,
outgoing: outgoing,
@@ -448,7 +450,7 @@
})
return nil
}
- go vif.acceptFlowsLoop(vc, vc.HandshakeAcceptedVC(lopts...))
+ go vif.acceptFlowsLoop(vc, vc.HandshakeAcceptedVC(vif.principal, lopts...))
case *message.SetupVC:
// TODO(ashankar,mattr): Handle this! See comment about SetupVC
// in vif.Dial
@@ -491,7 +493,7 @@
return errAlreadySetup
}
vif.muListen.Lock()
- principal, lBlessings, dischargeClient, err := serverAuthOptions(vif.listenerOpts)
+ principal, lBlessings, dischargeClient, err := serverAuthOptions(vif.principal, vif.listenerOpts)
vif.muListen.Unlock()
if err != nil {
return errVersionNegotiationFailed
diff --git a/profiles/internal/ipc/stream/vif/vif_test.go b/profiles/internal/ipc/stream/vif/vif_test.go
index 132aa11..959ae0b 100644
--- a/profiles/internal/ipc/stream/vif/vif_test.go
+++ b/profiles/internal/ipc/stream/vif/vif_test.go
@@ -389,7 +389,7 @@
}
result <- client
}()
- server, err := vif.InternalNewAcceptedVIF(c2, naming.FixedRoutingID(0x5), nil)
+ server, err := vif.InternalNewAcceptedVIF(c2, naming.FixedRoutingID(0x5), tsecurity.NewPrincipal("test"), nil)
if err != nil {
t.Fatal(err)
}
@@ -500,7 +500,7 @@
cl <- c
}
}()
- s, err := vif.InternalNewAcceptedVIF(c2, naming.FixedRoutingID(0x5), serverVersions, newPrincipal("server"))
+ s, err := vif.InternalNewAcceptedVIF(c2, naming.FixedRoutingID(0x5), tsecurity.NewPrincipal("server"), serverVersions)
c, ok := <-cl
if err != nil {
verr = err
diff --git a/profiles/internal/rt/ipc_test.go b/profiles/internal/rt/ipc_test.go
index eaa9615..36ec91f 100644
--- a/profiles/internal/rt/ipc_test.go
+++ b/profiles/internal/rt/ipc_test.go
@@ -239,7 +239,9 @@
// no proxies were started. Anyway, just to express the
// intent...
for _, ep := range status.Endpoints {
- if got := ep.BlessingNames(); !reflect.DeepEqual(got, want) {
+ got := ep.BlessingNames()
+ sort.Strings(got)
+ if !reflect.DeepEqual(got, want) {
t.Errorf("test #%d: endpoint=%q: Got blessings %v, want %v", idx, ep, got, want)
}
}
diff --git a/profiles/internal/rt/runtime.go b/profiles/internal/rt/runtime.go
index d065cb0..8eba35a 100644
--- a/profiles/internal/rt/runtime.go
+++ b/profiles/internal/rt/runtime.go
@@ -232,7 +232,6 @@
client, _ := ctx.Value(clientKey).(ipc.Client)
otherOpts := append([]ipc.ServerOpt{}, opts...)
- otherOpts = append(otherOpts, vc.LocalPrincipal{principal})
if reserved, ok := ctx.Value(reservedNameKey).(*reservedNameDispatcher); ok {
otherOpts = append(otherOpts, iipc.ReservedNameDispatcher{reserved.dispatcher})
otherOpts = append(otherOpts, reserved.opts...)
@@ -244,7 +243,7 @@
if !hasServerBlessingsOpt(opts) && principal != nil {
otherOpts = append(otherOpts, options.ServerBlessings{principal.BlessingStore().Default()})
}
- server, err := iipc.InternalNewServer(ctx, sm, ns, r.GetClient(ctx), otherOpts...)
+ server, err := iipc.InternalNewServer(ctx, sm, ns, r.GetClient(ctx), principal, otherOpts...)
if err != nil {
return nil, err
}
diff --git a/profiles/internal/vtrace/vtrace_test.go b/profiles/internal/vtrace/vtrace_test.go
index 14afa92..834af71 100644
--- a/profiles/internal/vtrace/vtrace_test.go
+++ b/profiles/internal/vtrace/vtrace_test.go
@@ -15,6 +15,7 @@
"v.io/x/lib/vlog"
"v.io/x/ref/lib/testutil"
+ tsecurity "v.io/x/ref/lib/testutil/security"
_ "v.io/x/ref/profiles"
iipc "v.io/x/ref/profiles/internal/ipc"
"v.io/x/ref/profiles/internal/ipc/stream"
@@ -90,7 +91,7 @@
if err != nil {
return nil, err
}
- s, err := iipc.InternalNewServer(ctx, sm, ns, client)
+ s, err := iipc.InternalNewServer(ctx, sm, ns, client, tsecurity.NewPrincipal("test"))
if err != nil {
return nil, err
}
