From 53e7116197775b28de49873dbdbd063b6d356af5 Mon Sep 17 00:00:00 2001
From: Tonis Tiigi <tonistiigi@gmail.com>
Date: Tue, 8 Jun 2021 15:45:16 -0700
Subject: [PATCH] session: make sure all token request keep correct context

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
---
 session/auth/auth.go        | 12 ++++++------
 util/resolver/authorizer.go | 12 ++++++------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/session/auth/auth.go b/session/auth/auth.go
index 864ed5dd..85e6f680 100644
--- a/session/auth/auth.go
+++ b/session/auth/auth.go
@@ -52,8 +52,8 @@ func CredentialsFunc(sm *session.Manager, g session.Group) func(string) (session
 	}
 }
 
-func FetchToken(req *FetchTokenRequest, sm *session.Manager, g session.Group) (resp *FetchTokenResponse, err error) {
-	err = sm.Any(context.TODO(), g, func(ctx context.Context, id string, c session.Caller) error {
+func FetchToken(ctx context.Context, req *FetchTokenRequest, sm *session.Manager, g session.Group) (resp *FetchTokenResponse, err error) {
+	err = sm.Any(ctx, g, func(ctx context.Context, id string, c session.Caller) error {
 		client := NewAuthClient(c.Conn())
 
 		resp, err = client.FetchToken(ctx, req)
@@ -68,9 +68,9 @@ func FetchToken(req *FetchTokenRequest, sm *session.Manager, g session.Group) (r
 	return resp, nil
 }
 
-func VerifyTokenAuthority(host string, pubKey *[32]byte, sm *session.Manager, g session.Group) (sessionID string, ok bool, err error) {
+func VerifyTokenAuthority(ctx context.Context, host string, pubKey *[32]byte, sm *session.Manager, g session.Group) (sessionID string, ok bool, err error) {
 	var verified bool
-	err = sm.Any(context.TODO(), g, func(ctx context.Context, id string, c session.Caller) error {
+	err = sm.Any(ctx, g, func(ctx context.Context, id string, c session.Caller) error {
 		client := NewAuthClient(c.Conn())
 
 		payload := make([]byte, 32)
@@ -100,8 +100,8 @@ func VerifyTokenAuthority(host string, pubKey *[32]byte, sm *session.Manager, g
 	return sessionID, verified, nil
 }
 
-func GetTokenAuthority(host string, sm *session.Manager, g session.Group) (sessionID string, pubKey *[32]byte, err error) {
-	err = sm.Any(context.TODO(), g, func(ctx context.Context, id string, c session.Caller) error {
+func GetTokenAuthority(ctx context.Context, host string, sm *session.Manager, g session.Group) (sessionID string, pubKey *[32]byte, err error) {
+	err = sm.Any(ctx, g, func(ctx context.Context, id string, c session.Caller) error {
 		client := NewAuthClient(c.Conn())
 
 		resp, err := client.GetTokenAuthority(ctx, &GetTokenAuthorityRequest{
diff --git a/util/resolver/authorizer.go b/util/resolver/authorizer.go
index 32a3b23c..96755c36 100644
--- a/util/resolver/authorizer.go
+++ b/util/resolver/authorizer.go
@@ -40,7 +40,7 @@ func newAuthHandlerNS(sm *session.Manager) *authHandlerNS {
 	}
 }
 
-func (a *authHandlerNS) get(host string, sm *session.Manager, g session.Group) *authHandler {
+func (a *authHandlerNS) get(ctx context.Context, host string, sm *session.Manager, g session.Group) *authHandler {
 	if g != nil {
 		if iter := g.SessionIterator(); iter != nil {
 			for {
@@ -65,7 +65,7 @@ func (a *authHandlerNS) get(host string, sm *session.Manager, g session.Group) *
 		}
 		if parts[0] == host {
 			if h.authority != nil {
-				session, ok, err := sessionauth.VerifyTokenAuthority(host, h.authority, sm, g)
+				session, ok, err := sessionauth.VerifyTokenAuthority(ctx, host, h.authority, sm, g)
 				if err == nil && ok {
 					a.handlers[host+"/"+session] = h
 					h.lastUsed = time.Now()
@@ -122,7 +122,7 @@ func (a *dockerAuthorizer) Authorize(ctx context.Context, req *http.Request) err
 	defer a.handlers.mu.Unlock()
 
 	// skip if there is no auth handler
-	ah := a.handlers.get(req.URL.Host, a.sm, a.session)
+	ah := a.handlers.get(ctx, req.URL.Host, a.sm, a.session)
 	if ah == nil {
 		return nil
 	}
@@ -147,7 +147,7 @@ func (a *dockerAuthorizer) AddResponses(ctx context.Context, responses []*http.R
 	last := responses[len(responses)-1]
 	host := last.Request.URL.Host
 
-	handler := a.handlers.get(host, a.sm, a.session)
+	handler := a.handlers.get(ctx, host, a.sm, a.session)
 
 	for _, c := range auth.ParseAuthHeader(last.Header) {
 		if c.Scheme == auth.BearerAuth {
@@ -177,7 +177,7 @@ func (a *dockerAuthorizer) AddResponses(ctx context.Context, responses []*http.R
 			}
 
 			var username, secret string
-			session, pubKey, err := sessionauth.GetTokenAuthority(host, a.sm, a.session)
+			session, pubKey, err := sessionauth.GetTokenAuthority(ctx, host, a.sm, a.session)
 			if err != nil {
 				return err
 			}
@@ -339,7 +339,7 @@ func (ah *authHandler) fetchToken(ctx context.Context, sm *session.Manager, g se
 	}()
 
 	if ah.authority != nil {
-		resp, err := sessionauth.FetchToken(&sessionauth.FetchTokenRequest{
+		resp, err := sessionauth.FetchToken(ctx, &sessionauth.FetchTokenRequest{
 			ClientID: "buildkit-client",
 			Host:     ah.host,
 			Realm:    to.Realm,