英文:
Accessing underlying connection in GRPC server with unix socket
问题
想知道是否有一种方法可以访问底层的net.Conn,使用SO_PEERCRED检索用户凭据并在服务器处理请求之前进行验证。
根据https://blog.jbowen.dev/2019/09/using-so_peercred-in-go/,需要net.UnixConn来返回用于验证的unix.Ucred。因此,如果服务器请求处理程序有办法获取net.Conn,这应该很容易。
我查看了UnaryServerInterceptor,但是UnaryServerInterceptor中没有提供net.Conn。
func interceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
log.Printf("Intercepted: %+v %+v", info.Server, req) // 这里有什么?
return handler(ctx, req)
}
英文:
Wondering if there is a way to access the underlying net.Conn to retrieve user credentials using SO_PEERCRED and verify a request before it is handled by the server.
From https://blog.jbowen.dev/2019/09/using-so_peercred-in-go/, the net.UnixConn is needed to return the unix.Ucred used for verification. So if there is some way for the server request handler to get at the net.Conn, this should be easy
I looked at a UnaryServerInterceptor, but nothing provided in UnaryServerInterceptor seems to contain the net.Conn
func interceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
log.Printf("Intercepted: %+v %+v", info.Server, req) // anything here?
return handler(ctx, req)
}
答案1
得分: 2
TransportCredentials.ServerHandshake
是你需要的接口方法。你的实现可以从输入的 net.Conn
中读取,并将凭证作为 AuthInfo
返回。然后在处理程序代码中,你可以通过 peer.FromContext
从上下文中获取凭证。另外,如果你希望在处理程序代码之前进行身份验证,你可以直接在 TransportCredentials.ServerHandshake
中或通过拦截器进行身份验证。
另请参阅:https://groups.google.com/g/grpc-io/c/FeQV7NXpeqA
英文:
The interface method TransportCredentials.ServerHandshake
is the seam that you need. Your implementation can read from the input net.Conn
and return the credential as an AuthInfo
. Then in your handler code, you can get the credential out from the context via peer.FromContext
. Alternatively, if you prefer to have authentication occur before the handler code is reached, you can do that directly in the TransportCredentials.ServerHandshake
or via an interceptor.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论