1 /* 2 * 3 * Copyright 2015 gRPC authors. 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 */ 18 19 #ifndef GRPC_CORE_LIB_SECURITY_CONTEXT_SECURITY_CONTEXT_H 20 #define GRPC_CORE_LIB_SECURITY_CONTEXT_SECURITY_CONTEXT_H 21 22 #include <grpc/support/port_platform.h> 23 24 #include "src/core/lib/gprpp/arena.h" 25 #include "src/core/lib/gprpp/ref_counted.h" 26 #include "src/core/lib/gprpp/ref_counted_ptr.h" 27 #include "src/core/lib/iomgr/pollset.h" 28 #include "src/core/lib/security/credentials/credentials.h" 29 30 extern grpc_core::DebugOnlyTraceFlag grpc_trace_auth_context_refcount; 31 32 /* --- grpc_auth_context --- 33 34 High level authentication context object. Can optionally be chained. */ 35 36 /* Property names are always NULL terminated. */ 37 38 struct grpc_auth_property_array { 39 grpc_auth_property* array = nullptr; 40 size_t count = 0; 41 size_t capacity = 0; 42 }; 43 44 void grpc_auth_property_reset(grpc_auth_property* property); 45 46 // This type is forward declared as a C struct and we cannot define it as a 47 // class. Otherwise, compiler will complain about type mismatch due to 48 // -Wmismatched-tags. 49 struct grpc_auth_context 50 : public grpc_core::RefCounted<grpc_auth_context, 51 grpc_core::NonPolymorphicRefCount> { 52 public: grpc_auth_contextgrpc_auth_context53 explicit grpc_auth_context( 54 grpc_core::RefCountedPtr<grpc_auth_context> chained) 55 : grpc_core::RefCounted<grpc_auth_context, 56 grpc_core::NonPolymorphicRefCount>( 57 &grpc_trace_auth_context_refcount), 58 chained_(std::move(chained)) { 59 if (chained_ != nullptr) { 60 peer_identity_property_name_ = chained_->peer_identity_property_name_; 61 } 62 } 63 ~grpc_auth_contextgrpc_auth_context64 ~grpc_auth_context() { 65 chained_.reset(DEBUG_LOCATION, "chained"); 66 if (properties_.array != nullptr) { 67 for (size_t i = 0; i < properties_.count; i++) { 68 grpc_auth_property_reset(&properties_.array[i]); 69 } 70 gpr_free(properties_.array); 71 } 72 } 73 chainedgrpc_auth_context74 const grpc_auth_context* chained() const { return chained_.get(); } propertiesgrpc_auth_context75 const grpc_auth_property_array& properties() const { return properties_; } 76 is_authenticatedgrpc_auth_context77 bool is_authenticated() const { 78 return peer_identity_property_name_ != nullptr; 79 } peer_identity_property_namegrpc_auth_context80 const char* peer_identity_property_name() const { 81 return peer_identity_property_name_; 82 } set_peer_identity_property_namegrpc_auth_context83 void set_peer_identity_property_name(const char* name) { 84 peer_identity_property_name_ = name; 85 } 86 87 void ensure_capacity(); 88 void add_property(const char* name, const char* value, size_t value_length); 89 void add_cstring_property(const char* name, const char* value); 90 91 private: 92 grpc_core::RefCountedPtr<grpc_auth_context> chained_; 93 grpc_auth_property_array properties_; 94 const char* peer_identity_property_name_ = nullptr; 95 }; 96 97 /* --- grpc_security_context_extension --- 98 99 Extension to the security context that may be set in a filter and accessed 100 later by a higher level method on a grpc_call object. */ 101 102 struct grpc_security_context_extension { 103 void* instance = nullptr; 104 void (*destroy)(void*) = nullptr; 105 }; 106 107 /* --- grpc_client_security_context --- 108 109 Internal client-side security context. */ 110 111 struct grpc_client_security_context { grpc_client_security_contextgrpc_client_security_context112 explicit grpc_client_security_context( 113 grpc_core::RefCountedPtr<grpc_call_credentials> creds) 114 : creds(std::move(creds)) {} 115 ~grpc_client_security_context(); 116 117 grpc_core::RefCountedPtr<grpc_call_credentials> creds; 118 grpc_core::RefCountedPtr<grpc_auth_context> auth_context; 119 grpc_security_context_extension extension; 120 }; 121 122 grpc_client_security_context* grpc_client_security_context_create( 123 grpc_core::Arena* arena, grpc_call_credentials* creds); 124 void grpc_client_security_context_destroy(void* ctx); 125 126 /* --- grpc_server_security_context --- 127 128 Internal server-side security context. */ 129 130 struct grpc_server_security_context { 131 grpc_server_security_context() = default; 132 ~grpc_server_security_context(); 133 134 grpc_core::RefCountedPtr<grpc_auth_context> auth_context; 135 grpc_security_context_extension extension; 136 }; 137 138 grpc_server_security_context* grpc_server_security_context_create( 139 grpc_core::Arena* arena); 140 void grpc_server_security_context_destroy(void* ctx); 141 142 /* --- Channel args for auth context --- */ 143 #define GRPC_AUTH_CONTEXT_ARG "grpc.auth_context" 144 145 grpc_arg grpc_auth_context_to_arg(grpc_auth_context* c); 146 grpc_auth_context* grpc_auth_context_from_arg(const grpc_arg* arg); 147 grpc_auth_context* grpc_find_auth_context_in_args( 148 const grpc_channel_args* args); 149 150 #endif /* GRPC_CORE_LIB_SECURITY_CONTEXT_SECURITY_CONTEXT_H */ 151