Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10386 from hexfusion/release-3.2

Browse Source 
[Cherry-pick 3.2] auth: disable CommonName auth for gRPC-gateway
This commit is contained in:
Gyuho Lee 2019-01-11 10:01:12 -08:00 committed by GitHub
commit ab4693d97f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
auth/store.go
View File

@ -981,10 +981,23 @@ func (as *authStore) AuthInfoFromTLS(ctx context.Context) *AuthInfo {
cn := chain.Subject.CommonName cn := chain.Subject.CommonName
plog.Debugf("found common name %s", cn) plog.Debugf("found common name %s", cn)
return &AuthInfo{ ai := &AuthInfo{
Username: cn, Username: cn,
Revision: as.Revision(), Revision: as.Revision(),
} }
md, ok := metadata.FromIncomingContext(ctx)
if !ok {
return nil
}
// gRPC-gateway proxy request to etcd server includes Grpcgateway-Accept
// header. The proxy uses etcd client server certificate. If the certificate
// has a CommonName we should never use this for authentication.
if gw := md["grpcgateway-accept"]; len(gw) > 0 {
plog.Warningf("ignoring common name in gRPC-gateway proxy request %s", ai.Username)
return nil
}
return ai
} }
} }