/* * * Copyright 2015 gRPC authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * */ #ifndef GRPC_CORE_LIB_SECURITY_CONTEXT_SECURITY_CONTEXT_H #define GRPC_CORE_LIB_SECURITY_CONTEXT_SECURITY_CONTEXT_H #include #include "src/core/lib/gprpp/ref_counted.h" #include "src/core/lib/gprpp/ref_counted_ptr.h" #include "src/core/lib/iomgr/pollset.h" #include "src/core/lib/security/credentials/credentials.h" extern grpc_core::DebugOnlyTraceFlag grpc_trace_auth_context_refcount; struct gpr_arena; /* --- grpc_auth_context --- High level authentication context object. Can optionally be chained. */ /* Property names are always NULL terminated. */ struct grpc_auth_property_array { grpc_auth_property* array = nullptr; size_t count = 0; size_t capacity = 0; }; void grpc_auth_property_reset(grpc_auth_property* property); // This type is forward declared as a C struct and we cannot define it as a // class. Otherwise, compiler will complain about type mismatch due to // -Wmismatched-tags. struct grpc_auth_context : public grpc_core::RefCounted { public: explicit grpc_auth_context( grpc_core::RefCountedPtr chained) : grpc_core::RefCounted( &grpc_trace_auth_context_refcount), chained_(std::move(chained)) { if (chained_ != nullptr) { peer_identity_property_name_ = chained_->peer_identity_property_name_; } } ~grpc_auth_context() { chained_.reset(DEBUG_LOCATION, "chained"); if (properties_.array != nullptr) { for (size_t i = 0; i < properties_.count; i++) { grpc_auth_property_reset(&properties_.array[i]); } gpr_free(properties_.array); } } const grpc_auth_context* chained() const { return chained_.get(); } const grpc_auth_property_array& properties() const { return properties_; } bool is_authenticated() const { return peer_identity_property_name_ != nullptr; } const char* peer_identity_property_name() const { return peer_identity_property_name_; } void set_peer_identity_property_name(const char* name) { peer_identity_property_name_ = name; } void ensure_capacity(); void add_property(const char* name, const char* value, size_t value_length); void add_cstring_property(const char* name, const char* value); private: grpc_core::RefCountedPtr chained_; grpc_auth_property_array properties_; const char* peer_identity_property_name_ = nullptr; }; /* --- grpc_security_context_extension --- Extension to the security context that may be set in a filter and accessed later by a higher level method on a grpc_call object. */ struct grpc_security_context_extension { void* instance = nullptr; void (*destroy)(void*) = nullptr; }; /* --- grpc_client_security_context --- Internal client-side security context. */ struct grpc_client_security_context { explicit grpc_client_security_context( grpc_core::RefCountedPtr creds) : creds(std::move(creds)) {} ~grpc_client_security_context(); grpc_core::RefCountedPtr creds; grpc_core::RefCountedPtr auth_context; grpc_security_context_extension extension; }; grpc_client_security_context* grpc_client_security_context_create( gpr_arena* arena, grpc_call_credentials* creds); void grpc_client_security_context_destroy(void* ctx); /* --- grpc_server_security_context --- Internal server-side security context. */ struct grpc_server_security_context { grpc_server_security_context() = default; ~grpc_server_security_context(); grpc_core::RefCountedPtr auth_context; grpc_security_context_extension extension; }; grpc_server_security_context* grpc_server_security_context_create( gpr_arena* arena); void grpc_server_security_context_destroy(void* ctx); /* --- Channel args for auth context --- */ #define GRPC_AUTH_CONTEXT_ARG "grpc.auth_context" grpc_arg grpc_auth_context_to_arg(grpc_auth_context* c); grpc_auth_context* grpc_auth_context_from_arg(const grpc_arg* arg); grpc_auth_context* grpc_find_auth_context_in_args( const grpc_channel_args* args); #endif /* GRPC_CORE_LIB_SECURITY_CONTEXT_SECURITY_CONTEXT_H */