1 /* 2 * 3 * Copyright 2015 gRPC authors. 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 */ 18 19 #ifndef GRPC_CORE_LIB_SECURITY_CONTEXT_SECURITY_CONTEXT_H 20 #define GRPC_CORE_LIB_SECURITY_CONTEXT_SECURITY_CONTEXT_H 21 22 #include <grpc/support/port_platform.h> 23 24 #include "src/core/lib/gprpp/arena.h" 25 #include "src/core/lib/gprpp/ref_counted.h" 26 #include "src/core/lib/gprpp/ref_counted_ptr.h" 27 #include "src/core/lib/iomgr/pollset.h" 28 #include "src/core/lib/security/credentials/credentials.h" 29 30 extern grpc_core::DebugOnlyTraceFlag grpc_trace_auth_context_refcount; 31 32 /* --- grpc_auth_context --- 33 34 High level authentication context object. Can optionally be chained. */ 35 36 /* Property names are always NULL terminated. */ 37 38 struct grpc_auth_property_array { 39 grpc_auth_property* array = nullptr; 40 size_t count = 0; 41 size_t capacity = 0; 42 }; 43 44 void grpc_auth_property_reset(grpc_auth_property* property); 45 46 // This type is forward declared as a C struct and we cannot define it as a 47 // class. Otherwise, compiler will complain about type mismatch due to 48 // -Wmismatched-tags. 49 struct grpc_auth_context 50 : public grpc_core::RefCounted<grpc_auth_context, 51 grpc_core::NonPolymorphicRefCount> { 52 public: grpc_auth_contextgrpc_auth_context53 explicit grpc_auth_context( 54 grpc_core::RefCountedPtr<grpc_auth_context> chained) 55 : grpc_core::RefCounted<grpc_auth_context, 56 grpc_core::NonPolymorphicRefCount>( 57 GRPC_TRACE_FLAG_ENABLED(grpc_trace_auth_context_refcount) 58 ? "auth_context_refcount" 59 : nullptr), 60 chained_(std::move(chained)) { 61 if (chained_ != nullptr) { 62 peer_identity_property_name_ = chained_->peer_identity_property_name_; 63 } 64 } 65 ~grpc_auth_contextgrpc_auth_context66 ~grpc_auth_context() { 67 chained_.reset(DEBUG_LOCATION, "chained"); 68 if (properties_.array != nullptr) { 69 for (size_t i = 0; i < properties_.count; i++) { 70 grpc_auth_property_reset(&properties_.array[i]); 71 } 72 gpr_free(properties_.array); 73 } 74 } 75 chainedgrpc_auth_context76 const grpc_auth_context* chained() const { return chained_.get(); } propertiesgrpc_auth_context77 const grpc_auth_property_array& properties() const { return properties_; } 78 is_authenticatedgrpc_auth_context79 bool is_authenticated() const { 80 return peer_identity_property_name_ != nullptr; 81 } peer_identity_property_namegrpc_auth_context82 const char* peer_identity_property_name() const { 83 return peer_identity_property_name_; 84 } set_peer_identity_property_namegrpc_auth_context85 void set_peer_identity_property_name(const char* name) { 86 peer_identity_property_name_ = name; 87 } 88 89 void ensure_capacity(); 90 void add_property(const char* name, const char* value, size_t value_length); 91 void add_cstring_property(const char* name, const char* value); 92 93 private: 94 grpc_core::RefCountedPtr<grpc_auth_context> chained_; 95 grpc_auth_property_array properties_; 96 const char* peer_identity_property_name_ = nullptr; 97 }; 98 99 /* --- grpc_security_context_extension --- 100 101 Extension to the security context that may be set in a filter and accessed 102 later by a higher level method on a grpc_call object. */ 103 104 struct grpc_security_context_extension { 105 void* instance = nullptr; 106 void (*destroy)(void*) = nullptr; 107 }; 108 109 /* --- grpc_client_security_context --- 110 111 Internal client-side security context. */ 112 113 struct grpc_client_security_context { grpc_client_security_contextgrpc_client_security_context114 explicit grpc_client_security_context( 115 grpc_core::RefCountedPtr<grpc_call_credentials> creds) 116 : creds(std::move(creds)) {} 117 ~grpc_client_security_context(); 118 119 grpc_core::RefCountedPtr<grpc_call_credentials> creds; 120 grpc_core::RefCountedPtr<grpc_auth_context> auth_context; 121 grpc_security_context_extension extension; 122 }; 123 124 grpc_client_security_context* grpc_client_security_context_create( 125 grpc_core::Arena* arena, grpc_call_credentials* creds); 126 void grpc_client_security_context_destroy(void* ctx); 127 128 /* --- grpc_server_security_context --- 129 130 Internal server-side security context. */ 131 132 struct grpc_server_security_context { 133 grpc_server_security_context() = default; 134 ~grpc_server_security_context(); 135 136 grpc_core::RefCountedPtr<grpc_auth_context> auth_context; 137 grpc_security_context_extension extension; 138 }; 139 140 grpc_server_security_context* grpc_server_security_context_create( 141 grpc_core::Arena* arena); 142 void grpc_server_security_context_destroy(void* ctx); 143 144 /* --- Channel args for auth context --- */ 145 #define GRPC_AUTH_CONTEXT_ARG "grpc.auth_context" 146 147 grpc_arg grpc_auth_context_to_arg(grpc_auth_context* c); 148 grpc_auth_context* grpc_auth_context_from_arg(const grpc_arg* arg); 149 grpc_auth_context* grpc_find_auth_context_in_args( 150 const grpc_channel_args* args); 151 152 #endif /* GRPC_CORE_LIB_SECURITY_CONTEXT_SECURITY_CONTEXT_H */ 153