1 /* 2 * 3 * Copyright 2015 gRPC authors. 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 */ 18 19 #ifndef GRPC_GRPC_SECURITY_H 20 #define GRPC_GRPC_SECURITY_H 21 22 #include <grpc/grpc.h> 23 #include <grpc/grpc_security_constants.h> 24 #include <grpc/status.h> 25 #include <grpc/support/port_platform.h> 26 #include <stdbool.h> 27 28 #ifdef __cplusplus 29 extern "C" { 30 #endif 31 32 /** --- Authentication Context. --- */ 33 34 typedef struct grpc_auth_context grpc_auth_context; 35 36 typedef struct grpc_auth_property_iterator { 37 const grpc_auth_context* ctx; 38 size_t index; 39 const char* name; 40 } grpc_auth_property_iterator; 41 42 /** value, if not NULL, is guaranteed to be NULL terminated. */ 43 typedef struct grpc_auth_property { 44 char* name; 45 char* value; 46 size_t value_length; 47 } grpc_auth_property; 48 49 /** Returns NULL when the iterator is at the end. */ 50 GRPCAPI const grpc_auth_property* grpc_auth_property_iterator_next( 51 grpc_auth_property_iterator* it); 52 53 /** Iterates over the auth context. */ 54 GRPCAPI grpc_auth_property_iterator 55 grpc_auth_context_property_iterator(const grpc_auth_context* ctx); 56 57 /** Gets the peer identity. Returns an empty iterator (first _next will return 58 NULL) if the peer is not authenticated. */ 59 GRPCAPI grpc_auth_property_iterator 60 grpc_auth_context_peer_identity(const grpc_auth_context* ctx); 61 62 /** Finds a property in the context. May return an empty iterator (first _next 63 will return NULL) if no property with this name was found in the context. */ 64 GRPCAPI grpc_auth_property_iterator grpc_auth_context_find_properties_by_name( 65 const grpc_auth_context* ctx, const char* name); 66 67 /** Gets the name of the property that indicates the peer identity. Will return 68 NULL if the peer is not authenticated. */ 69 GRPCAPI const char* grpc_auth_context_peer_identity_property_name( 70 const grpc_auth_context* ctx); 71 72 /** Returns 1 if the peer is authenticated, 0 otherwise. */ 73 GRPCAPI int grpc_auth_context_peer_is_authenticated( 74 const grpc_auth_context* ctx); 75 76 /** Gets the auth context from the call. Caller needs to call 77 grpc_auth_context_release on the returned context. */ 78 GRPCAPI grpc_auth_context* grpc_call_auth_context(grpc_call* call); 79 80 /** Releases the auth context returned from grpc_call_auth_context. */ 81 GRPCAPI void grpc_auth_context_release(grpc_auth_context* context); 82 83 /** -- 84 The following auth context methods should only be called by a server metadata 85 processor to set properties extracted from auth metadata. 86 -- */ 87 88 /** Add a property. */ 89 GRPCAPI void grpc_auth_context_add_property(grpc_auth_context* ctx, 90 const char* name, const char* value, 91 size_t value_length); 92 93 /** Add a C string property. */ 94 GRPCAPI void grpc_auth_context_add_cstring_property(grpc_auth_context* ctx, 95 const char* name, 96 const char* value); 97 98 /** Sets the property name. Returns 1 if successful or 0 in case of failure 99 (which means that no property with this name exists). */ 100 GRPCAPI int grpc_auth_context_set_peer_identity_property_name( 101 grpc_auth_context* ctx, const char* name); 102 103 /** 104 * EXPERIMENTAL - Subject to change. 105 * An opaque type that is responsible for providing authorization policies to 106 * gRPC. 107 */ 108 typedef struct grpc_authorization_policy_provider 109 grpc_authorization_policy_provider; 110 111 /** 112 * EXPERIMENTAL - Subject to change. 113 * Creates a grpc_authorization_policy_provider using gRPC authorization policy 114 * from static string. 115 * - authz_policy is the input gRPC authorization policy. 116 * - code is the error status code on failure. On success, it equals 117 * GRPC_STATUS_OK. 118 * - error_details contains details about the error if any. If the 119 * initialization is successful, it will be null. Caller must use gpr_free to 120 * destroy this string. 121 */ 122 GRPCAPI grpc_authorization_policy_provider* 123 grpc_authorization_policy_provider_static_data_create( 124 const char* authz_policy, grpc_status_code* code, 125 const char** error_details); 126 127 /** 128 * EXPERIMENTAL - Subject to change. 129 * Creates a grpc_authorization_policy_provider by watching for gRPC 130 * authorization policy changes in filesystem. 131 * - authz_policy is the file path of gRPC authorization policy. 132 * - refresh_interval_sec is the amount of time the internal thread would wait 133 * before checking for file updates. 134 * - code is the error status code on failure. On success, it equals 135 * GRPC_STATUS_OK. 136 * - error_details contains details about the error if any. If the 137 * initialization is successful, it will be null. Caller must use gpr_free to 138 * destroy this string. 139 */ 140 GRPCAPI grpc_authorization_policy_provider* 141 grpc_authorization_policy_provider_file_watcher_create( 142 const char* authz_policy_path, unsigned int refresh_interval_sec, 143 grpc_status_code* code, const char** error_details); 144 145 /** 146 * EXPERIMENTAL - Subject to change. 147 * Releases grpc_authorization_policy_provider object. The creator of 148 * grpc_authorization_policy_provider is responsible for its release. 149 */ 150 GRPCAPI void grpc_authorization_policy_provider_release( 151 grpc_authorization_policy_provider* provider); 152 153 #ifdef __cplusplus 154 } 155 #endif 156 157 #endif /* GRPC_GRPC_SECURITY_H */ 158