aboutsummaryrefslogtreecommitdiffhomepage
path: root/include
diff options
context:
space:
mode:
authorGravatar Julien Boeuf <jboeuf@google.com>2015-08-31 13:25:30 -0700
committerGravatar Julien Boeuf <jboeuf@google.com>2015-08-31 13:25:30 -0700
commit6f127029f4713f4c871b444282062d57cd15a5b3 (patch)
tree7bf4c283ffcdb1296ba25be2041af3acd4e09b9b /include
parent8b5bb27d34573c8ce6beae15971e563127024488 (diff)
parentcb7ae77bd37f30cd6de8b22bf4253ecd5fe49f3a (diff)
Merge branch 'master' of github.com:grpc/grpc into core_creds_plugin
Diffstat (limited to 'include')
-rw-r--r--include/grpc++/client_context.h2
-rw-r--r--include/grpc++/create_channel.h2
-rw-r--r--include/grpc++/security/auth_context.h (renamed from include/grpc++/support/auth_context.h)8
-rw-r--r--include/grpc++/security/auth_metadata_processor.h74
-rw-r--r--include/grpc++/security/credentials.h (renamed from include/grpc++/credentials.h)0
-rw-r--r--include/grpc++/security/server_credentials.h (renamed from include/grpc++/server_credentials.h)6
-rw-r--r--include/grpc++/server.h2
-rw-r--r--include/grpc++/server_context.h2
-rw-r--r--include/grpc/grpc_security.h6
9 files changed, 96 insertions, 6 deletions
diff --git a/include/grpc++/client_context.h b/include/grpc++/client_context.h
index 62e5260a18..917a1222a8 100644
--- a/include/grpc++/client_context.h
+++ b/include/grpc++/client_context.h
@@ -42,7 +42,7 @@
#include <grpc/grpc.h>
#include <grpc/support/log.h>
#include <grpc/support/time.h>
-#include <grpc++/support/auth_context.h>
+#include <grpc++/security/auth_context.h>
#include <grpc++/support/config.h>
#include <grpc++/support/status.h>
#include <grpc++/support/string_ref.h>
diff --git a/include/grpc++/create_channel.h b/include/grpc++/create_channel.h
index 916f3b0b97..72f05174e1 100644
--- a/include/grpc++/create_channel.h
+++ b/include/grpc++/create_channel.h
@@ -36,7 +36,7 @@
#include <memory>
-#include <grpc++/credentials.h>
+#include <grpc++/security/credentials.h>
#include <grpc++/support/channel_arguments.h>
#include <grpc++/support/config.h>
diff --git a/include/grpc++/support/auth_context.h b/include/grpc++/security/auth_context.h
index 67e3e66c05..fc2701e806 100644
--- a/include/grpc++/support/auth_context.h
+++ b/include/grpc++/security/auth_context.h
@@ -77,6 +77,9 @@ class AuthContext {
public:
virtual ~AuthContext() {}
+ // Returns true if the peer is authenticated.
+ virtual bool IsPeerAuthenticated() const = 0;
+
// A peer identity, in general is one or more properties (in which case they
// have the same name).
virtual std::vector<grpc::string_ref> GetPeerIdentity() const = 0;
@@ -89,6 +92,11 @@ class AuthContext {
// Iteration over all the properties.
virtual AuthPropertyIterator begin() const = 0;
virtual AuthPropertyIterator end() const = 0;
+
+ // Mutation functions: should only be used by an AuthMetadataProcessor.
+ virtual void AddProperty(const grpc::string& key,
+ const grpc::string_ref& value) = 0;
+ virtual bool SetPeerIdentityPropertyName(const grpc::string& name) = 0;
};
} // namespace grpc
diff --git a/include/grpc++/security/auth_metadata_processor.h b/include/grpc++/security/auth_metadata_processor.h
new file mode 100644
index 0000000000..18ad922321
--- /dev/null
+++ b/include/grpc++/security/auth_metadata_processor.h
@@ -0,0 +1,74 @@
+/*
+ *
+ * Copyright 2015, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef GRPCXX_AUTH_METADATA_PROCESSOR_H_
+#define GRPCXX_AUTH_METADATA_PROCESSOR_H_
+
+#include <map>
+
+#include <grpc++/security/auth_context.h>
+#include <grpc++/support/status.h>
+#include <grpc++/support/string_ref.h>
+
+namespace grpc {
+
+class AuthMetadataProcessor {
+ public:
+ typedef std::multimap<grpc::string_ref, grpc::string_ref> InputMetadata;
+ typedef std::multimap<grpc::string, grpc::string_ref> OutputMetadata;
+
+ virtual ~AuthMetadataProcessor() {}
+
+ // If this method returns true, the Process function will be scheduled in
+ // a different thread from the one processing the call.
+ virtual bool IsBlocking() const { return true; }
+
+ // context is read/write: it contains the properties of the channel peer and
+ // it is the job of the Process method to augment it with properties derived
+ // from the passed-in auth_metadata.
+ // consumed_auth_metadata needs to be filled with metadata that has been
+ // consumed by the processor and will be removed from the call.
+ // response_metadata is the metadata that will be sent as part of the
+ // response.
+ // If the return value is not Status::OK, the rpc call will be aborted with
+ // the error code and error message sent back to the client.
+ virtual Status Process(const InputMetadata& auth_metadata,
+ AuthContext* context,
+ OutputMetadata* consumed_auth_metadata,
+ OutputMetadata* response_metadata) = 0;
+};
+
+} // namespace grpc
+
+#endif // GRPCXX_AUTH_METADATA_PROCESSOR_H_
+
diff --git a/include/grpc++/credentials.h b/include/grpc++/security/credentials.h
index ce5a9e0606..ce5a9e0606 100644
--- a/include/grpc++/credentials.h
+++ b/include/grpc++/security/credentials.h
diff --git a/include/grpc++/server_credentials.h b/include/grpc++/security/server_credentials.h
index 16b78c08af..2094c7403c 100644
--- a/include/grpc++/server_credentials.h
+++ b/include/grpc++/security/server_credentials.h
@@ -37,6 +37,7 @@
#include <memory>
#include <vector>
+#include <grpc++/security/auth_metadata_processor.h>
#include <grpc++/support/config.h>
struct grpc_server;
@@ -49,6 +50,11 @@ class ServerCredentials {
public:
virtual ~ServerCredentials();
+ // This method is not thread-safe and has to be called before the server is
+ // started. The last call to this function wins.
+ virtual void SetAuthMetadataProcessor(
+ const std::shared_ptr<AuthMetadataProcessor>& processor) = 0;
+
private:
friend class ::grpc::Server;
diff --git a/include/grpc++/server.h b/include/grpc++/server.h
index c8979e433c..22d14ee652 100644
--- a/include/grpc++/server.h
+++ b/include/grpc++/server.h
@@ -41,6 +41,7 @@
#include <grpc++/impl/call.h>
#include <grpc++/impl/grpc_library.h>
#include <grpc++/impl/sync.h>
+#include <grpc++/security/server_credentials.h>
#include <grpc++/support/config.h>
#include <grpc++/support/status.h>
@@ -54,7 +55,6 @@ class AsyncGenericService;
class RpcService;
class RpcServiceMethod;
class ServerAsyncStreamingInterface;
-class ServerCredentials;
class ThreadPoolInterface;
// Currently it only supports handling rpcs in a single thread.
diff --git a/include/grpc++/server_context.h b/include/grpc++/server_context.h
index 4b17a28047..85f384d477 100644
--- a/include/grpc++/server_context.h
+++ b/include/grpc++/server_context.h
@@ -39,7 +39,7 @@
#include <grpc/compression.h>
#include <grpc/support/time.h>
-#include <grpc++/support/auth_context.h>
+#include <grpc++/security/auth_context.h>
#include <grpc++/support/config.h>
#include <grpc++/support/string_ref.h>
#include <grpc++/support/time.h>
diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h
index a5981937f1..34f7eab12e 100644
--- a/include/grpc/grpc_security.h
+++ b/include/grpc/grpc_security.h
@@ -301,10 +301,12 @@ typedef void (*grpc_process_auth_metadata_done_cb)(
typedef struct {
/* The context object is read/write: it contains the properties of the
channel peer and it is the job of the process function to augment it with
- properties derived from the passed-in metadata. */
+ properties derived from the passed-in metadata.
+ The lifetime of these objects is guaranteed until cb is invoked. */
void (*process)(void *state, grpc_auth_context *context,
- const grpc_metadata *md, size_t md_count,
+ const grpc_metadata *md, size_t num_md,
grpc_process_auth_metadata_done_cb cb, void *user_data);
+ void (*destroy)(void *state);
void *state;
} grpc_auth_metadata_processor;