ipc: ServerBlessings is no longer a IPCStreamListenerOpt.
This change passes blessings explicitly to manager.Listen and other
internal ipc calls.
MultiPart: 1/2
Change-Id: Idedda3963112be6d0e2b19c269c351f5dcbd1157
diff --git a/profiles/internal/rpc/stream/benchmark/dial_vc.go b/profiles/internal/rpc/stream/benchmark/dial_vc.go
index c6a2568..86badf6 100644
--- a/profiles/internal/rpc/stream/benchmark/dial_vc.go
+++ b/profiles/internal/rpc/stream/benchmark/dial_vc.go
@@ -19,9 +19,10 @@
server := manager.InternalNew(naming.FixedRoutingID(0x5))
client := manager.InternalNew(naming.FixedRoutingID(0xc))
- principal := tsecurity.NewPrincipal("client")
+ principal := tsecurity.NewPrincipal("test")
- _, ep, err := server.Listen("tcp", "127.0.0.1:0", tsecurity.NewPrincipal("server"), mode)
+ _, ep, err := server.Listen("tcp", "127.0.0.1:0", principal, principal.BlessingStore().Default(), mode)
+
if err != nil {
b.Fatal(err)
}
diff --git a/profiles/internal/rpc/stream/benchmark/dial_vif.go b/profiles/internal/rpc/stream/benchmark/dial_vif.go
index 861684e..d4a6d2c 100644
--- a/profiles/internal/rpc/stream/benchmark/dial_vif.go
+++ b/profiles/internal/rpc/stream/benchmark/dial_vif.go
@@ -16,7 +16,8 @@
// benchmarkDialVIF measures VIF creation time over the underlying net connection.
func benchmarkDialVIF(b *testing.B, mode options.VCSecurityLevel) {
stats := benchmark.AddStats(b, 16)
- principal := tsecurity.NewPrincipal("server")
+ principal := tsecurity.NewPrincipal("test")
+ blessings := principal.BlessingStore().Default()
b.ResetTimer() // Exclude setup time from measurement.
@@ -24,7 +25,7 @@
b.StopTimer()
nc, ns := net.Pipe()
- server, err := vif.InternalNewAcceptedVIF(ns, naming.FixedRoutingID(0x5), principal, nil, mode)
+ server, err := vif.InternalNewAcceptedVIF(ns, naming.FixedRoutingID(0x5), principal, blessings, nil, mode)
if err != nil {
b.Fatal(err)
}
diff --git a/profiles/internal/rpc/stream/benchmark/throughput_flow.go b/profiles/internal/rpc/stream/benchmark/throughput_flow.go
index 46e972f..9ff2e9e 100644
--- a/profiles/internal/rpc/stream/benchmark/throughput_flow.go
+++ b/profiles/internal/rpc/stream/benchmark/throughput_flow.go
@@ -29,7 +29,8 @@
func createListeners(mode options.VCSecurityLevel, m stream.Manager, N int) (servers []listener, err error) {
for i := 0; i < N; i++ {
var l listener
- if l.ln, l.ep, err = m.Listen("tcp", "127.0.0.1:0", tsecurity.NewPrincipal("test"), mode); err != nil {
+ principal := tsecurity.NewPrincipal("test")
+ if l.ln, l.ep, err = m.Listen("tcp", "127.0.0.1:0", principal, principal.BlessingStore().Default(), mode); err != nil {
return
}
servers = append(servers, l)
diff --git a/profiles/internal/rpc/stream/manager/listener.go b/profiles/internal/rpc/stream/manager/listener.go
index 2958e82..19560bb 100644
--- a/profiles/internal/rpc/stream/manager/listener.go
+++ b/profiles/internal/rpc/stream/manager/listener.go
@@ -49,12 +49,13 @@
proxyEP naming.Endpoint
manager *manager
principal security.Principal
+ blessings security.Blessings
opts []stream.ListenerOpt
}
var _ stream.Listener = (*proxyListener)(nil)
-func newNetListener(m *manager, netLn net.Listener, principal security.Principal, opts []stream.ListenerOpt) listener {
+func newNetListener(m *manager, netLn net.Listener, principal security.Principal, blessings security.Blessings, opts []stream.ListenerOpt) listener {
ln := &netListener{
q: upcqueue.New(),
manager: m,
@@ -62,11 +63,11 @@
vifs: vif.NewSet(),
}
ln.netLoop.Add(1)
- go ln.netAcceptLoop(principal, opts)
+ go ln.netAcceptLoop(principal, blessings, opts)
return ln
}
-func (ln *netListener) netAcceptLoop(principal security.Principal, listenerOpts []stream.ListenerOpt) {
+func (ln *netListener) netAcceptLoop(principal security.Principal, blessings security.Blessings, listenerOpts []stream.ListenerOpt) {
defer ln.netLoop.Done()
for {
conn, err := ln.netLn.Accept()
@@ -75,7 +76,7 @@
return
}
vlog.VI(1).Infof("New net.Conn accepted from %s (local address: %s)", conn.RemoteAddr(), conn.LocalAddr())
- vf, err := vif.InternalNewAcceptedVIF(conn, ln.manager.rid, principal, nil, listenerOpts...)
+ vf, err := vif.InternalNewAcceptedVIF(conn, ln.manager.rid, principal, blessings, nil, listenerOpts...)
if err != nil {
vlog.Infof("Shutting down conn from %s (local address: %s) as a VIF could not be created: %v", conn.RemoteAddr(), conn.LocalAddr(), err)
conn.Close()
diff --git a/profiles/internal/rpc/stream/manager/manager.go b/profiles/internal/rpc/stream/manager/manager.go
index e6824f6..9e13e51 100644
--- a/profiles/internal/rpc/stream/manager/manager.go
+++ b/profiles/internal/rpc/stream/manager/manager.go
@@ -10,7 +10,6 @@
"time"
"v.io/v23/naming"
- "v.io/v23/options"
"v.io/v23/rpc"
"v.io/v23/security"
"v.io/v23/verror"
@@ -26,7 +25,7 @@
var (
errShutDown = errors.New("manager has been shut down")
- errProvidedServerBlessingsWithoutPrincipal = errors.New("options.ServerBlessings provided but no known principal")
+ errProvidedServerBlessingsWithoutPrincipal = errors.New("blessings provided but no known principal")
errNoBlessingNames = errors.New("stream.ListenerOpts includes a principal but no blessing names could be extracted")
)
@@ -159,20 +158,20 @@
return nil, fmt.Errorf("unknown network %s", protocol)
}
-func (m *manager) Listen(protocol, address string, principal security.Principal, opts ...stream.ListenerOpt) (stream.Listener, naming.Endpoint, error) {
- blessings, err := extractBlessings(principal, opts)
+func (m *manager) Listen(protocol, address string, principal security.Principal, blessings security.Blessings, opts ...stream.ListenerOpt) (stream.Listener, naming.Endpoint, error) {
+ bNames, err := extractBlessingNames(principal, blessings)
if err != nil {
return nil, nil, err
}
- ln, ep, err := m.internalListen(protocol, address, principal, opts...)
+ ln, ep, err := m.internalListen(protocol, address, principal, blessings, opts...)
if err != nil {
return nil, nil, err
}
- ep.Blessings = blessings
+ ep.Blessings = bNames
return ln, ep, nil
}
-func (m *manager) internalListen(protocol, address string, principal security.Principal, opts ...stream.ListenerOpt) (stream.Listener, *inaming.Endpoint, error) {
+func (m *manager) internalListen(protocol, address string, principal security.Principal, blessings security.Blessings, opts ...stream.ListenerOpt) (stream.Listener, *inaming.Endpoint, error) {
m.muListeners.Lock()
if m.shutdown {
m.muListeners.Unlock()
@@ -200,7 +199,7 @@
return nil, nil, errShutDown
}
- ln := newNetListener(m, netln, principal, opts)
+ ln := newNetListener(m, netln, principal, blessings, opts)
m.listeners[ln] = true
m.muListeners.Unlock()
return ln, version.Endpoint(protocol, netln.Addr().String(), m.rid), nil
@@ -297,27 +296,13 @@
return strings.Join(l, "\n")
}
-func extractBlessings(p security.Principal, opts []stream.ListenerOpt) ([]string, error) {
- var b security.Blessings
- for _, o := range opts {
- switch v := o.(type) {
- case options.ServerBlessings:
- b = v.Blessings
- }
- }
- // b is provided but not p, then that is an error (because the caller
- // intended to provide blessings but there isn't enough information to
- // extract it).
+func extractBlessingNames(p security.Principal, b security.Blessings) ([]string, error) {
if !b.IsZero() && p == nil {
return nil, errProvidedServerBlessingsWithoutPrincipal
}
if p == nil {
return nil, nil
}
- if b.IsZero() {
- b = p.BlessingStore().Default()
- }
- // At this point, must have a name.
var ret []string
for b, _ := range p.BlessingsInfo(b) {
ret = append(ret, b)
diff --git a/profiles/internal/rpc/stream/manager/manager_test.go b/profiles/internal/rpc/stream/manager/manager_test.go
index 514cae1..cf285cd 100644
--- a/profiles/internal/rpc/stream/manager/manager_test.go
+++ b/profiles/internal/rpc/stream/manager/manager_test.go
@@ -16,7 +16,6 @@
"v.io/x/lib/vlog"
"v.io/v23/naming"
- "v.io/v23/options"
"v.io/v23/rpc"
"v.io/v23/security"
@@ -59,8 +58,9 @@
server := InternalNew(naming.FixedRoutingID(0x55555555))
client := InternalNew(naming.FixedRoutingID(0xcccccccc))
pclient := tsecurity.NewPrincipal("client")
+ pserver := tsecurity.NewPrincipal("server")
- ln, ep, err := server.Listen(protocol, "127.0.0.1:0", tsecurity.NewPrincipal("server"))
+ ln, ep, err := server.Listen(protocol, "127.0.0.1:0", pserver, pserver.BlessingStore().Default())
if err != nil {
t.Fatal(err)
}
@@ -181,7 +181,7 @@
)
// VCSecurityLevel is intentionally not provided to Listen - to test
// default behavior.
- ln, ep, err := server.Listen(protocol, "127.0.0.1:0", serverPrincipal)
+ ln, ep, err := server.Listen(protocol, "127.0.0.1:0", serverPrincipal, serverPrincipal.BlessingStore().Default())
if err != nil {
t.Fatal(err)
}
@@ -257,8 +257,10 @@
func TestListenEndpoints(t *testing.T) {
server := InternalNew(naming.FixedRoutingID(0xcafe))
- ln1, ep1, err1 := server.Listen("tcp", "127.0.0.1:0", tsecurity.NewPrincipal("test"))
- ln2, ep2, err2 := server.Listen("tcp", "127.0.0.1:0", tsecurity.NewPrincipal("test"))
+ principal := tsecurity.NewPrincipal("test")
+ blessings := principal.BlessingStore().Default()
+ ln1, ep1, err1 := server.Listen("tcp", "127.0.0.1:0", principal, blessings)
+ ln2, ep2, err2 := server.Listen("tcp", "127.0.0.1:0", principal, blessings)
// Since "127.0.0.1:0" was used as the network address, a random port will be
// assigned in each case. The endpoint should include that random port.
if err1 != nil {
@@ -304,8 +306,10 @@
func testCloseListener(t *testing.T, protocol string) {
server := InternalNew(naming.FixedRoutingID(0x5e97e9))
pclient := tsecurity.NewPrincipal("client")
+ pserver := tsecurity.NewPrincipal("server")
+ blessings := pserver.BlessingStore().Default()
- ln, ep, err := server.Listen(protocol, "127.0.0.1:0", tsecurity.NewPrincipal("server"))
+ ln, ep, err := server.Listen(protocol, "127.0.0.1:0", pserver, blessings)
if err != nil {
t.Fatal(err)
}
@@ -324,7 +328,9 @@
func TestShutdown(t *testing.T) {
server := InternalNew(naming.FixedRoutingID(0x5e97e9))
- ln, _, err := server.Listen("tcp", "127.0.0.1:0", tsecurity.NewPrincipal("test"))
+ principal := tsecurity.NewPrincipal("test")
+ blessings := principal.BlessingStore().Default()
+ ln, _, err := server.Listen("tcp", "127.0.0.1:0", principal, blessings)
if err != nil {
t.Fatal(err)
}
@@ -334,7 +340,7 @@
t.Errorf("expecting %d listeners, got %d for %s", n, expect, debugString(server))
}
server.Shutdown()
- if _, _, err := server.Listen("tcp", "127.0.0.1:0", tsecurity.NewPrincipal("test")); err == nil {
+ if _, _, err := server.Listen("tcp", "127.0.0.1:0", principal, blessings); err == nil {
t.Error("server should have shut down")
}
if n, expect := numListeners(server), 0; n != expect {
@@ -353,8 +359,9 @@
func testShutdownEndpoint(t *testing.T, protocol string) {
server := InternalNew(naming.FixedRoutingID(0x55555555))
client := InternalNew(naming.FixedRoutingID(0xcccccccc))
+ principal := tsecurity.NewPrincipal("test")
- ln, ep, err := server.Listen(protocol, "127.0.0.1:0", tsecurity.NewPrincipal("server"))
+ ln, ep, err := server.Listen(protocol, "127.0.0.1:0", principal, principal.BlessingStore().Default())
if err != nil {
t.Fatal(err)
}
@@ -397,13 +404,14 @@
func testMultipleVCs(t *testing.T, protocol string) {
server := InternalNew(naming.FixedRoutingID(0x55555555))
client := InternalNew(naming.FixedRoutingID(0xcccccccc))
+ principal := tsecurity.NewPrincipal("test")
const nVCs = 2
const data = "bugs bunny"
// Have the server read from each flow and write to rchan.
rchan := make(chan string)
- ln, ep, err := server.Listen(protocol, "127.0.0.1:0", tsecurity.NewPrincipal("server"))
+ ln, ep, err := server.Listen(protocol, "127.0.0.1:0", principal, principal.BlessingStore().Default())
if err != nil {
t.Fatal(err)
}
@@ -485,13 +493,14 @@
func TestAddressResolution(t *testing.T) {
server := InternalNew(naming.FixedRoutingID(0x55555555))
client := InternalNew(naming.FixedRoutingID(0xcccccccc))
+ principal := tsecurity.NewPrincipal("test")
// Using "tcp4" instead of "tcp" because the latter can end up with IPv6
// addresses and our Google Compute Engine integration test machines cannot
// resolve IPv6 addresses.
// As of April 2014, https://developers.google.com/compute/docs/networking
// said that IPv6 is not yet supported.
- ln, ep, err := server.Listen("tcp4", "127.0.0.1:0", tsecurity.NewPrincipal("test"))
+ ln, ep, err := server.Listen("tcp4", "127.0.0.1:0", principal, principal.BlessingStore().Default())
if err != nil {
t.Fatal(err)
}
@@ -575,7 +584,8 @@
func runServer(stdin io.Reader, stdout, stderr io.Writer, env map[string]string, args ...string) error {
server := InternalNew(naming.FixedRoutingID(0x55555555))
- _, ep, err := server.Listen(args[0], args[1], tsecurity.NewPrincipal("test"))
+ principal := tsecurity.NewPrincipal("test")
+ _, ep, err := server.Listen(args[0], args[1], principal, principal.BlessingStore().Default())
if err != nil {
fmt.Fprintln(stderr, err)
return err
@@ -613,7 +623,8 @@
func TestRegistration(t *testing.T) {
server := InternalNew(naming.FixedRoutingID(0x55555555))
client := InternalNew(naming.FixedRoutingID(0xcccccccc))
- pserver := tsecurity.NewPrincipal("server")
+ principal := tsecurity.NewPrincipal("server")
+ blessings := principal.BlessingStore().Default()
dialer := func(_, _ string, _ time.Duration) (net.Conn, error) {
return nil, fmt.Errorf("tn.Dial")
@@ -623,12 +634,12 @@
}
rpc.RegisterProtocol("tn", dialer, listener)
- _, _, err := server.Listen("tnx", "127.0.0.1:0", pserver)
+ _, _, err := server.Listen("tnx", "127.0.0.1:0", principal, blessings)
if err == nil || !strings.Contains(err.Error(), "unknown network tnx") {
t.Fatal("expected error is missing (%v)", err)
}
- _, _, err = server.Listen("tn", "127.0.0.1:0", pserver)
+ _, _, err = server.Listen("tn", "127.0.0.1:0", principal, blessings)
if err == nil || !strings.Contains(err.Error(), "tn.Listen") {
t.Fatal("expected error is missing (%v)", err)
}
@@ -642,7 +653,7 @@
t.Errorf("got %t, want %t", got, want)
}
- _, ep, err := server.Listen("tn", "127.0.0.1:0", pserver)
+ _, ep, err := server.Listen("tn", "127.0.0.1:0", principal, blessings)
if err != nil {
t.Errorf("unexpected error %s", err)
}
@@ -655,49 +666,41 @@
func TestBlessingNamesInEndpoint(t *testing.T) {
var (
- p = tsecurity.NewPrincipal("default")
- b1, _ = p.BlessSelf("dev.v.io/users/foo@bar.com/devices/desktop/app/myapp")
- b2, _ = p.BlessSelf("otherblessing")
- b, _ = security.UnionOfBlessings(b1, b2)
- bopt = options.ServerBlessings{b}
+ p = tsecurity.NewPrincipal("default")
+ b, _ = p.BlessSelf("dev.v.io/users/foo@bar.com/devices/desktop/app/myapp")
server = InternalNew(naming.FixedRoutingID(0x1))
tests = []struct {
- principal security.Principal
- opts []stream.ListenerOpt
- blessings []string
- err bool
+ principal security.Principal
+ blessings security.Blessings
+ blessingNames []string
+ err bool
}{
{
- // Use the default blessings when only a principal is provided
- principal: p,
- blessings: []string{"default"},
+ // provided blessings should match returned output.
+ principal: p,
+ blessings: b,
+ blessingNames: []string{"dev.v.io/users/foo@bar.com/devices/desktop/app/myapp"},
},
{
- // Respect options.ServerBlessings if provided
+ // It is an error to provide a principal without providing blessings.
principal: p,
- opts: []stream.ListenerOpt{bopt},
- blessings: []string{"dev.v.io/users/foo@bar.com/devices/desktop/app/myapp", "otherblessing"},
- },
- {
- // It is an error to provide options.ServerBlessings without passing a principal
- principal: nil,
- opts: []stream.ListenerOpt{bopt},
+ blessings: security.Blessings{},
err: true,
},
{
- // It is an error to provide inconsistent options.ServerBlessings and principal
+ // It is an error to provide inconsistent blessings and principal
principal: tsecurity.NewPrincipal("random"),
- opts: []stream.ListenerOpt{bopt},
+ blessings: b,
err: true,
},
}
)
// p must recognize its own blessings!
- p.AddToRoots(bopt.Blessings)
+ p.AddToRoots(b)
for idx, test := range tests {
- ln, ep, err := server.Listen("tcp", "127.0.0.1:0", test.principal, test.opts...)
+ ln, ep, err := server.Listen("tcp", "127.0.0.1:0", test.principal, test.blessings)
if (err != nil) != test.err {
t.Errorf("test #%d: Got error %v, wanted error: %v", idx, err, test.err)
}
@@ -705,7 +708,7 @@
continue
}
ln.Close()
- got, want := ep.BlessingNames(), test.blessings
+ got, want := ep.BlessingNames(), test.blessingNames
sort.Strings(got)
sort.Strings(want)
if !reflect.DeepEqual(got, want) {
diff --git a/profiles/internal/rpc/stream/model.go b/profiles/internal/rpc/stream/model.go
index 0adda72..cd134a6 100644
--- a/profiles/internal/rpc/stream/model.go
+++ b/profiles/internal/rpc/stream/model.go
@@ -121,10 +121,8 @@
//
// principal is used during authentication. If principal is nil, then the Listener
// expects to be used for unauthenticated, unencrypted communication.
- // If no Blessings are provided via v23.options.ServerBlessings, the principal's
- // default Blessings will be presented to the Client.
- // TODO(suharshs): Pass Blessings in explicitly instead of relying on ServerBlessings opt.
- Listen(protocol, address string, principal security.Principal, opts ...ListenerOpt) (Listener, naming.Endpoint, error)
+ // blessings are the Blessings presented to the Client during authentication.
+ Listen(protocol, address string, principal security.Principal, blessings security.Blessings, opts ...ListenerOpt) (Listener, naming.Endpoint, error)
// Dial creates a VC to the provided remote endpoint.
// principal is used during authentication. If principal is nil, then the VC expects
diff --git a/profiles/internal/rpc/stream/proxy/proxy.go b/profiles/internal/rpc/stream/proxy/proxy.go
index 19d7733..11f76c8 100644
--- a/profiles/internal/rpc/stream/proxy/proxy.go
+++ b/profiles/internal/rpc/stream/proxy/proxy.go
@@ -48,6 +48,7 @@
ln net.Listener
rid naming.RoutingID
principal security.Principal
+ blessings security.Blessings
mu sync.RWMutex
servers *servermap
processes map[*process]struct{}
@@ -211,6 +212,9 @@
principal: principal,
statsName: naming.Join("rpc", "proxy", "routing-id", rid.String(), "debug"),
}
+ if principal != nil {
+ proxy.blessings = principal.BlessingStore().Default()
+ }
stats.NewStringFunc(proxy.statsName, proxy.debugString)
go proxy.listenLoop()
@@ -563,7 +567,7 @@
p.proxy.routeCounters(p, m.Counters)
if vcObj != nil {
server := &server{Process: p, VC: vcObj}
- go p.proxy.runServer(server, vcObj.HandshakeAcceptedVC(p.proxy.principal))
+ go p.proxy.runServer(server, vcObj.HandshakeAcceptedVC(p.proxy.principal, p.proxy.blessings))
}
break
}
diff --git a/profiles/internal/rpc/stream/proxy/proxy_test.go b/profiles/internal/rpc/stream/proxy/proxy_test.go
index 623b07a..2189bf4 100644
--- a/profiles/internal/rpc/stream/proxy/proxy_test.go
+++ b/profiles/internal/rpc/stream/proxy/proxy_test.go
@@ -26,13 +26,15 @@
t.Fatal(err)
}
defer shutdown()
+ principal := tsecurity.NewPrincipal("test")
+ blessings := principal.BlessingStore().Default()
// Create the stream.Manager for the server.
server1 := manager.InternalNew(naming.FixedRoutingID(0x1111111111111111))
defer server1.Shutdown()
// Setup a stream.Listener that will accept VCs and Flows routed
// through the proxy.
- ln1, ep1, err := server1.Listen(proxyEp.Network(), proxyEp.String(), tsecurity.NewPrincipal("test"))
+ ln1, ep1, err := server1.Listen(proxyEp.Network(), proxyEp.String(), principal, blessings)
if err != nil {
t.Fatal(err)
}
@@ -43,7 +45,7 @@
defer server2.Shutdown()
// Setup a stream.Listener that will accept VCs and Flows routed
// through the proxy.
- ln2, ep2, err := server2.Listen(proxyEp.Network(), proxyEp.String(), tsecurity.NewPrincipal("test"))
+ ln2, ep2, err := server2.Listen(proxyEp.Network(), proxyEp.String(), principal, blessings)
if err != nil {
t.Fatal(err)
}
@@ -95,14 +97,17 @@
defer server1.Shutdown()
defer server2.Shutdown()
+ principal := tsecurity.NewPrincipal("test")
+ blessings := principal.BlessingStore().Default()
+
// First server to claim serverRID should win.
- ln1, ep1, err := server1.Listen(proxyEp.Network(), proxyEp.String(), tsecurity.NewPrincipal("test"))
+ ln1, ep1, err := server1.Listen(proxyEp.Network(), proxyEp.String(), principal, blessings)
if err != nil {
t.Fatal(err)
}
defer ln1.Close()
- ln2, ep2, err := server2.Listen(proxyEp.Network(), proxyEp.String(), tsecurity.NewPrincipal("test"))
+ ln2, ep2, err := server2.Listen(proxyEp.Network(), proxyEp.String(), principal, blessings)
if pattern := "routing id 00000000000000005555555555555555 is already being proxied"; err == nil || !strings.Contains(err.Error(), pattern) {
t.Errorf("Got (%v, %v, %v) want error \"...%v\" (ep1:%v)", ln2, ep2, err, pattern, ep1)
}
@@ -152,7 +157,8 @@
server := manager.InternalNew(naming.FixedRoutingID(0x5555555555555555))
defer server.Shutdown()
- ln, ep, err := server.Listen(proxyEp.Network(), proxyEp.String(), pserver)
+
+ ln, ep, err := server.Listen(proxyEp.Network(), proxyEp.String(), pserver, pserver.BlessingStore().Default())
if err != nil {
t.Fatal(err)
}
@@ -194,7 +200,9 @@
defer server.Shutdown()
addr := proxyEp.Addr().String()
port := addr[strings.LastIndex(addr, ":"):]
- ln, _, err := server.Listen("veyron", "127.0.0.1"+port, tsecurity.NewPrincipal("test"))
+ principal := tsecurity.NewPrincipal("test")
+ blessings := principal.BlessingStore().Default()
+ ln, _, err := server.Listen("veyron", "127.0.0.1"+port, principal, blessings)
if err != nil {
t.Fatal(err)
}
@@ -215,7 +223,9 @@
defer client1.Shutdown()
defer client2.Shutdown()
- lnS, epS, err := server.Listen(proxyEp.Network(), proxyEp.String(), tsecurity.NewPrincipal("test"))
+ principal := tsecurity.NewPrincipal("test")
+ blessings := principal.BlessingStore().Default()
+ lnS, epS, err := server.Listen(proxyEp.Network(), proxyEp.String(), principal, blessings)
if err != nil {
t.Fatal(err)
}
@@ -238,7 +248,7 @@
}
// Now client1 becomes a server
- lnC, epC, err := client1.Listen(proxyEp.Network(), proxyEp.String(), pclient1)
+ lnC, epC, err := client1.Listen(proxyEp.Network(), proxyEp.String(), pclient1, pclient1.BlessingStore().Default())
if err != nil {
t.Fatal(err)
}
diff --git a/profiles/internal/rpc/stream/vc/vc.go b/profiles/internal/rpc/stream/vc/vc.go
index 005107b..9fef705 100644
--- a/profiles/internal/rpc/stream/vc/vc.go
+++ b/profiles/internal/rpc/stream/vc/vc.go
@@ -494,11 +494,10 @@
// is done asynchronously and the result of the handshake is written to the
// channel returned by this method.
//
-// principal is server's used during authentication. If principal is nil, then the VC
-// expects to be used for unauthenticated, unencrypted communication.
-// If no Blessings are provided via v23.options.ServerBlessings, the principal's
-// default Blessings will be presented to the Client.
-func (vc *VC) HandshakeAcceptedVC(principal security.Principal, opts ...stream.ListenerOpt) <-chan HandshakeResult {
+// 'principal' is the principal used by the server used during authentication.
+// If principal is nil, then the VC expects to be used for unauthenticated, unencrypted communication.
+// 'lBlessings' is presented to the client during authentication.
+func (vc *VC) HandshakeAcceptedVC(principal security.Principal, lBlessings security.Blessings, opts ...stream.ListenerOpt) <-chan HandshakeResult {
result := make(chan HandshakeResult, 1)
finish := func(ln stream.Listener, err error) chan HandshakeResult {
result <- HandshakeResult{ln, err}
@@ -507,7 +506,6 @@
var (
securityLevel options.VCSecurityLevel
dischargeClient DischargeClient
- lBlessings security.Blessings
dischargeExpiryBuffer = DefaultServerDischargeExpiryBuffer
)
@@ -517,8 +515,6 @@
dischargeClient = v
case options.VCSecurityLevel:
securityLevel = v
- case options.ServerBlessings:
- lBlessings = v.Blessings
case DischargeExpiryBuffer:
dischargeExpiryBuffer = time.Duration(v)
}
@@ -537,7 +533,7 @@
return finish(nil, fmt.Errorf("principal required for VCSecurityConfidential"))
}
if lBlessings.IsZero() {
- lBlessings = principal.BlessingStore().Default()
+ return finish(nil, fmt.Errorf("blessings required for VCSecurityConfidential"))
}
case options.VCSecurityNone:
return finish(ln, nil)
diff --git a/profiles/internal/rpc/stream/vc/vc_test.go b/profiles/internal/rpc/stream/vc/vc_test.go
index 28fa9f1..1dda404 100644
--- a/profiles/internal/rpc/stream/vc/vc_test.go
+++ b/profiles/internal/rpc/stream/vc/vc_test.go
@@ -483,7 +483,7 @@
vcopts = append(vcopts, auth)
}
- c := serverH.VC.HandshakeAcceptedVC(server, lopts...)
+ c := serverH.VC.HandshakeAcceptedVC(server, server.BlessingStore().Default(), lopts...)
if err := clientH.VC.HandshakeDialedVC(client, vcopts...); err != nil {
go func() { <-c }()
return nil, nil, err
diff --git a/profiles/internal/rpc/stream/vif/auth.go b/profiles/internal/rpc/stream/vif/auth.go
index b62157a..465351b 100644
--- a/profiles/internal/rpc/stream/vif/auth.go
+++ b/profiles/internal/rpc/stream/vif/auth.go
@@ -188,11 +188,12 @@
}
// serverAuthOptions returns credentials for VIF authentication, based on the provided principal and options list.
-func serverAuthOptions(principal security.Principal, lopts []stream.ListenerOpt) (security.Principal, security.Blessings, vc.DischargeClient, error) {
+// TODO(suharshs): If/Once we pass dischargeClient explicitly, perhaps we should have a serverAuthParams struct
+// and not have this method at all.
+func serverAuthOptions(principal security.Principal, lBlessings security.Blessings, lopts []stream.ListenerOpt) (security.Principal, security.Blessings, vc.DischargeClient, error) {
var (
securityLevel options.VCSecurityLevel
dischargeClient vc.DischargeClient
- lBlessings security.Blessings
)
for _, o := range lopts {
switch v := o.(type) {
@@ -200,14 +201,15 @@
dischargeClient = v
case options.VCSecurityLevel:
securityLevel = v
- case options.ServerBlessings:
- lBlessings = v.Blessings
}
}
switch securityLevel {
case options.VCSecurityConfidential:
+ if principal == nil {
+ return nil, security.Blessings{}, nil, fmt.Errorf("principal required for VCSecurityConfidential")
+ }
if lBlessings.IsZero() {
- lBlessings = principal.BlessingStore().Default()
+ return nil, security.Blessings{}, nil, fmt.Errorf("blessings required for VCSecurityConfidential")
}
return principal, lBlessings, dischargeClient, nil
case options.VCSecurityNone:
diff --git a/profiles/internal/rpc/stream/vif/set_test.go b/profiles/internal/rpc/stream/vif/set_test.go
index c555cf8..7123d7e 100644
--- a/profiles/internal/rpc/stream/vif/set_test.go
+++ b/profiles/internal/rpc/stream/vif/set_test.go
@@ -60,7 +60,9 @@
func newVIF(c, s net.Conn) (*vif.VIF, *vif.VIF, error) {
done := make(chan *vif.VIF)
go func() {
- vf, err := vif.InternalNewAcceptedVIF(s, naming.FixedRoutingID(0x5), tsecurity.NewPrincipal("accepted"), nil)
+ principal := tsecurity.NewPrincipal("accepted")
+ blessings := principal.BlessingStore().Default()
+ vf, err := vif.InternalNewAcceptedVIF(s, naming.FixedRoutingID(0x5), principal, blessings, nil)
if err != nil {
panic(err)
}
diff --git a/profiles/internal/rpc/stream/vif/vif.go b/profiles/internal/rpc/stream/vif/vif.go
index 4fdf1aa..69e8780 100644
--- a/profiles/internal/rpc/stream/vif/vif.go
+++ b/profiles/internal/rpc/stream/vif/vif.go
@@ -66,6 +66,7 @@
acceptor *upcqueue.T // GUARDED_BY(muListen)
listenerOpts []stream.ListenerOpt // GUARDED_BY(muListen)
principal security.Principal
+ blessings security.Blessings
muNextVCI sync.Mutex
nextVCI id.VC
@@ -154,7 +155,11 @@
if err != nil {
return nil, err
}
- return internalNew(conn, pool, reader, rid, id.VC(vc.NumReservedVCs), versions, principal, nil, nil, c)
+ var blessings security.Blessings
+ if principal != nil {
+ blessings = principal.BlessingStore().Default()
+ }
+ return internalNew(conn, pool, reader, rid, id.VC(vc.NumReservedVCs), versions, principal, blessings, nil, nil, c)
}
// InternalNewAcceptedVIF creates a new virtual interface over the provided
@@ -167,13 +172,13 @@
// As the name suggests, this method is intended for use only within packages
// placed inside veyron/profiles/internal. Code outside the
// veyron/profiles/internal/* packages should never call this method.
-func InternalNewAcceptedVIF(conn net.Conn, rid naming.RoutingID, principal security.Principal, versions *version.Range, lopts ...stream.ListenerOpt) (*VIF, error) {
+func InternalNewAcceptedVIF(conn net.Conn, rid naming.RoutingID, principal security.Principal, blessings security.Blessings, versions *version.Range, lopts ...stream.ListenerOpt) (*VIF, error) {
pool := iobuf.NewPool(0)
reader := iobuf.NewReader(pool, conn)
- return internalNew(conn, pool, reader, rid, id.VC(vc.NumReservedVCs)+1, versions, principal, upcqueue.New(), lopts, &crypto.NullControlCipher{})
+ return internalNew(conn, pool, reader, rid, id.VC(vc.NumReservedVCs)+1, versions, principal, blessings, upcqueue.New(), lopts, &crypto.NullControlCipher{})
}
-func internalNew(conn net.Conn, pool *iobuf.Pool, reader *iobuf.Reader, rid naming.RoutingID, initialVCI id.VC, versions *version.Range, principal security.Principal, acceptor *upcqueue.T, listenerOpts []stream.ListenerOpt, c crypto.ControlCipher) (*VIF, error) {
+func internalNew(conn net.Conn, pool *iobuf.Pool, reader *iobuf.Reader, rid naming.RoutingID, initialVCI id.VC, versions *version.Range, principal security.Principal, blessings security.Blessings, acceptor *upcqueue.T, listenerOpts []stream.ListenerOpt, c crypto.ControlCipher) (*VIF, error) {
var (
// Choose IDs that will not conflict with any other (VC, Flow)
// pairs. VCI 0 is never used by the application (it is
@@ -221,6 +226,7 @@
stopQ: stopQ,
versions: versions,
msgCounters: make(map[string]int64),
+ blessings: blessings,
}
go vif.readLoop()
go vif.writeLoop()
@@ -450,7 +456,7 @@
})
return nil
}
- go vif.acceptFlowsLoop(vc, vc.HandshakeAcceptedVC(vif.principal, lopts...))
+ go vif.acceptFlowsLoop(vc, vc.HandshakeAcceptedVC(vif.principal, vif.blessings, lopts...))
case *message.SetupVC:
// TODO(ashankar,mattr): Handle this! See comment about SetupVC
// in vif.Dial
@@ -493,7 +499,7 @@
return errAlreadySetup
}
vif.muListen.Lock()
- principal, lBlessings, dischargeClient, err := serverAuthOptions(vif.principal, vif.listenerOpts)
+ principal, lBlessings, dischargeClient, err := serverAuthOptions(vif.principal, vif.blessings, vif.listenerOpts)
vif.muListen.Unlock()
if err != nil {
return errVersionNegotiationFailed
diff --git a/profiles/internal/rpc/stream/vif/vif_test.go b/profiles/internal/rpc/stream/vif/vif_test.go
index 2183975..2829257 100644
--- a/profiles/internal/rpc/stream/vif/vif_test.go
+++ b/profiles/internal/rpc/stream/vif/vif_test.go
@@ -386,7 +386,9 @@
}
result <- client
}()
- server, err := vif.InternalNewAcceptedVIF(c2, naming.FixedRoutingID(0x5), tsecurity.NewPrincipal("server"), nil)
+ pserver := tsecurity.NewPrincipal("server")
+ blessings := pserver.BlessingStore().Default()
+ server, err := vif.InternalNewAcceptedVIF(c2, naming.FixedRoutingID(0x5), pserver, blessings, nil)
if err != nil {
t.Fatal(err)
}
@@ -497,7 +499,9 @@
cl <- c
}
}()
- s, err := vif.InternalNewAcceptedVIF(c2, naming.FixedRoutingID(0x5), tsecurity.NewPrincipal("server"), serverVersions)
+ pserver := tsecurity.NewPrincipal("server")
+ bserver := pserver.BlessingStore().Default()
+ s, err := vif.InternalNewAcceptedVIF(c2, naming.FixedRoutingID(0x5), pserver, bserver, serverVersions)
c, ok := <-cl
if err != nil {
verr = err
