diff options
author | 2018-07-02 13:29:27 -0700 | |
---|---|---|
committer | 2018-07-02 13:29:27 -0700 | |
commit | c5f1eda10f7c04368450b757bda7fe4b58d62844 (patch) | |
tree | e5f7671750ff2b6de327cd1f9384015fc9bf8412 /src | |
parent | 6eb6c845aa419f0c3a3e6be69a7e74e72a306f90 (diff) |
implement loca credentials
Diffstat (limited to 'src')
9 files changed, 700 insertions, 0 deletions
diff --git a/src/core/lib/security/credentials/local/local_credentials.cc b/src/core/lib/security/credentials/local/local_credentials.cc new file mode 100644 index 0000000000..9a2f646ba5 --- /dev/null +++ b/src/core/lib/security/credentials/local/local_credentials.cc @@ -0,0 +1,77 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <grpc/support/port_platform.h> + +#include "src/core/lib/security/credentials/local/local_credentials.h" + +#include <grpc/grpc.h> +#include <grpc/support/alloc.h> +#include <grpc/support/log.h> + +#include "src/core/lib/channel/channel_args.h" +#include "src/core/lib/security/security_connector/local_security_connector.h" + +#define GRPC_CREDENTIALS_TYPE_LOCAL "Local" + +static void local_credentials_destruct(grpc_channel_credentials* creds) {} + +static void local_server_credentials_destruct(grpc_server_credentials* creds) {} + +static grpc_security_status local_create_security_connector( + grpc_channel_credentials* creds, + grpc_call_credentials* request_metadata_creds, const char* target_name, + const grpc_channel_args* args, grpc_channel_security_connector** sc, + grpc_channel_args** new_args) { + return grpc_local_channel_security_connector_create( + creds, request_metadata_creds, args, target_name, sc); +} + +static grpc_security_status local_server_create_security_connector( + grpc_server_credentials* creds, grpc_server_security_connector** sc) { + return grpc_local_server_security_connector_create(creds, sc); +} + +static const grpc_channel_credentials_vtable local_credentials_vtable = { + local_credentials_destruct, local_create_security_connector, + /*duplicate_without_call_credentials=*/nullptr}; + +static const grpc_server_credentials_vtable local_server_credentials_vtable = { + local_server_credentials_destruct, local_server_create_security_connector}; + +grpc_channel_credentials* grpc_local_credentials_create( + grpc_local_connect_type connect_type) { + auto creds = static_cast<grpc_local_credentials*>( + gpr_zalloc(sizeof(grpc_local_credentials))); + creds->connect_type = connect_type; + creds->base.type = GRPC_CREDENTIALS_TYPE_LOCAL; + creds->base.vtable = &local_credentials_vtable; + gpr_ref_init(&creds->base.refcount, 1); + return &creds->base; +} + +grpc_server_credentials* grpc_local_server_credentials_create( + grpc_local_connect_type connect_type) { + auto creds = static_cast<grpc_local_server_credentials*>( + gpr_zalloc(sizeof(grpc_local_server_credentials))); + creds->connect_type = connect_type; + creds->base.type = GRPC_CREDENTIALS_TYPE_LOCAL; + creds->base.vtable = &local_server_credentials_vtable; + gpr_ref_init(&creds->base.refcount, 1); + return &creds->base; +} diff --git a/src/core/lib/security/credentials/local/local_credentials.h b/src/core/lib/security/credentials/local/local_credentials.h new file mode 100644 index 0000000000..47358b04bc --- /dev/null +++ b/src/core/lib/security/credentials/local/local_credentials.h @@ -0,0 +1,40 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_LOCAL_LOCAL_CREDENTIALS_H +#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_LOCAL_LOCAL_CREDENTIALS_H + +#include <grpc/support/port_platform.h> + +#include <grpc/grpc_security.h> + +#include "src/core/lib/security/credentials/credentials.h" + +/* Main struct for grpc local channel credential. */ +typedef struct grpc_local_credentials { + grpc_channel_credentials base; + grpc_local_connect_type connect_type; +} grpc_local_credentials; + +/* Main struct for grpc local server credential. */ +typedef struct grpc_local_server_credentials { + grpc_server_credentials base; + grpc_local_connect_type connect_type; +} grpc_local_server_credentials; + +#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_LOCAL_LOCAL_CREDENTIALS_H */ diff --git a/src/core/lib/security/security_connector/local_security_connector.cc b/src/core/lib/security/security_connector/local_security_connector.cc new file mode 100644 index 0000000000..3fe72013bd --- /dev/null +++ b/src/core/lib/security/security_connector/local_security_connector.cc @@ -0,0 +1,239 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <grpc/support/port_platform.h> + +#include "src/core/lib/security/security_connector/local_security_connector.h" + +#include <stdbool.h> +#include <string.h> + +#include <grpc/grpc.h> +#include <grpc/support/alloc.h> +#include <grpc/support/log.h> +#include <grpc/support/string_util.h> + +#include "src/core/ext/filters/client_channel/client_channel.h" +#include "src/core/lib/channel/channel_args.h" +#include "src/core/lib/security/credentials/local/local_credentials.h" +#include "src/core/lib/security/transport/security_handshaker.h" +#include "src/core/tsi/local_transport_security.h" + +#define GRPC_UDS_URL_SCHEME "unix" +#define GRPC_LOCAL_TRANSPORT_SECURITY_TYPE "local" + +typedef struct { + grpc_channel_security_connector base; + char* target_name; +} grpc_local_channel_security_connector; + +typedef struct { + grpc_server_security_connector base; +} grpc_local_server_security_connector; + +static void local_channel_destroy(grpc_security_connector* sc) { + if (sc == nullptr) { + return; + } + auto c = reinterpret_cast<grpc_local_channel_security_connector*>(sc); + grpc_call_credentials_unref(c->base.request_metadata_creds); + grpc_channel_credentials_unref(c->base.channel_creds); + gpr_free(c->target_name); + gpr_free(sc); +} + +static void local_server_destroy(grpc_security_connector* sc) { + if (sc == nullptr) { + return; + } + auto c = reinterpret_cast<grpc_local_server_security_connector*>(sc); + grpc_server_credentials_unref(c->base.server_creds); + gpr_free(sc); +} + +static void local_channel_add_handshakers( + grpc_channel_security_connector* sc, + grpc_handshake_manager* handshake_manager) { + tsi_handshaker* handshaker = nullptr; + GPR_ASSERT(local_tsi_handshaker_create(true /* is_client */, &handshaker) == + TSI_OK); + grpc_handshake_manager_add(handshake_manager, grpc_security_handshaker_create( + handshaker, &sc->base)); +} + +static void local_server_add_handshakers( + grpc_server_security_connector* sc, + grpc_handshake_manager* handshake_manager) { + tsi_handshaker* handshaker = nullptr; + GPR_ASSERT(local_tsi_handshaker_create(false /* is_client */, &handshaker) == + TSI_OK); + grpc_handshake_manager_add(handshake_manager, grpc_security_handshaker_create( + handshaker, &sc->base)); +} + +static int local_channel_cmp(grpc_security_connector* sc1, + grpc_security_connector* sc2) { + grpc_local_channel_security_connector* c1 = + reinterpret_cast<grpc_local_channel_security_connector*>(sc1); + grpc_local_channel_security_connector* c2 = + reinterpret_cast<grpc_local_channel_security_connector*>(sc2); + int c = grpc_channel_security_connector_cmp(&c1->base, &c2->base); + if (c != 0) return c; + return strcmp(c1->target_name, c2->target_name); +} + +static int local_server_cmp(grpc_security_connector* sc1, + grpc_security_connector* sc2) { + grpc_local_server_security_connector* c1 = + reinterpret_cast<grpc_local_server_security_connector*>(sc1); + grpc_local_server_security_connector* c2 = + reinterpret_cast<grpc_local_server_security_connector*>(sc2); + return grpc_server_security_connector_cmp(&c1->base, &c2->base); +} + +static grpc_security_status local_auth_context_create(grpc_auth_context** ctx) { + if (ctx == nullptr) { + gpr_log(GPR_ERROR, "Invalid arguments to local_auth_context_create()"); + return GRPC_SECURITY_ERROR; + } + /* Create auth context. */ + *ctx = grpc_auth_context_create(nullptr); + grpc_auth_context_add_cstring_property( + *ctx, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME, + GRPC_LOCAL_TRANSPORT_SECURITY_TYPE); + GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name( + *ctx, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME) == 1); + return GRPC_SECURITY_OK; +} + +static void local_check_peer(grpc_security_connector* sc, tsi_peer peer, + grpc_auth_context** auth_context, + grpc_closure* on_peer_checked) { + grpc_security_status status; + status = local_auth_context_create(auth_context); + grpc_error* error = status == GRPC_SECURITY_OK + ? GRPC_ERROR_NONE + : GRPC_ERROR_CREATE_FROM_STATIC_STRING( + "Could not create local auth context"); + GRPC_CLOSURE_SCHED(on_peer_checked, error); +} + +static grpc_security_connector_vtable local_channel_vtable = { + local_channel_destroy, local_check_peer, local_channel_cmp}; + +static grpc_security_connector_vtable local_server_vtable = { + local_server_destroy, local_check_peer, local_server_cmp}; + +static bool local_check_call_host(grpc_channel_security_connector* sc, + const char* host, + grpc_auth_context* auth_context, + grpc_closure* on_call_host_checked, + grpc_error** error) { + grpc_local_channel_security_connector* local_sc = + reinterpret_cast<grpc_local_channel_security_connector*>(sc); + if (host == nullptr || local_sc == nullptr || + strcmp(host, local_sc->target_name) != 0) { + *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( + "local call host does not match target name"); + } + return true; +} + +static void local_cancel_check_call_host(grpc_channel_security_connector* sc, + grpc_closure* on_call_host_checked, + grpc_error* error) { + GRPC_ERROR_UNREF(error); +} + +grpc_security_status grpc_local_channel_security_connector_create( + grpc_channel_credentials* channel_creds, + grpc_call_credentials* request_metadata_creds, + const grpc_channel_args* args, const char* target_name, + grpc_channel_security_connector** sc) { + if (channel_creds == nullptr || sc == nullptr || target_name == nullptr) { + gpr_log( + GPR_ERROR, + "Invalid arguments to grpc_local_channel_security_connector_create()"); + return GRPC_SECURITY_ERROR; + } + // Check if local_connect_type is UDS. Only UDS is supported for now. + grpc_local_credentials* creds = + reinterpret_cast<grpc_local_credentials*>(channel_creds); + if (creds->connect_type != UDS) { + gpr_log(GPR_ERROR, + "Invalid local channel type to " + "grpc_local_channel_security_connector_create()"); + return GRPC_SECURITY_ERROR; + } + // Check if target_name is a valid UDS address. + const grpc_arg* server_uri_arg = + grpc_channel_args_find(args, GRPC_ARG_SERVER_URI); + const char* server_uri_str = grpc_channel_arg_get_string(server_uri_arg); + if (strncmp(GRPC_UDS_URL_SCHEME, server_uri_str, + strlen(GRPC_UDS_URL_SCHEME)) != 0) { + gpr_log(GPR_ERROR, + "Invalid target_name to " + "grpc_local_channel_security_connector_create()"); + return GRPC_SECURITY_ERROR; + } + auto c = static_cast<grpc_local_channel_security_connector*>( + gpr_zalloc(sizeof(grpc_local_channel_security_connector))); + gpr_ref_init(&c->base.base.refcount, 1); + c->base.base.vtable = &local_channel_vtable; + c->base.add_handshakers = local_channel_add_handshakers; + c->base.channel_creds = grpc_channel_credentials_ref(channel_creds); + c->base.request_metadata_creds = + grpc_call_credentials_ref(request_metadata_creds); + c->base.check_call_host = local_check_call_host; + c->base.cancel_check_call_host = local_cancel_check_call_host; + c->base.base.url_scheme = + creds->connect_type == UDS ? GRPC_UDS_URL_SCHEME : nullptr; + c->target_name = gpr_strdup(target_name); + *sc = &c->base; + return GRPC_SECURITY_OK; +} + +grpc_security_status grpc_local_server_security_connector_create( + grpc_server_credentials* server_creds, + grpc_server_security_connector** sc) { + if (server_creds == nullptr || sc == nullptr) { + gpr_log( + GPR_ERROR, + "Invalid arguments to grpc_local_server_security_connector_create()"); + return GRPC_SECURITY_ERROR; + } + // Check if local_connect_type is UDS. Only UDS is supported for now. + grpc_local_server_credentials* creds = + reinterpret_cast<grpc_local_server_credentials*>(server_creds); + if (creds->connect_type != UDS) { + gpr_log(GPR_ERROR, + "Invalid local server type to " + "grpc_local_server_security_connector_create()"); + return GRPC_SECURITY_ERROR; + } + auto c = static_cast<grpc_local_server_security_connector*>( + gpr_zalloc(sizeof(grpc_local_server_security_connector))); + gpr_ref_init(&c->base.base.refcount, 1); + c->base.base.vtable = &local_server_vtable; + c->base.server_creds = grpc_server_credentials_ref(server_creds); + c->base.base.url_scheme = + creds->connect_type == UDS ? GRPC_UDS_URL_SCHEME : nullptr; + c->base.add_handshakers = local_server_add_handshakers; + *sc = &c->base; + return GRPC_SECURITY_OK; +} diff --git a/src/core/lib/security/security_connector/local_security_connector.h b/src/core/lib/security/security_connector/local_security_connector.h new file mode 100644 index 0000000000..a970a74788 --- /dev/null +++ b/src/core/lib/security/security_connector/local_security_connector.h @@ -0,0 +1,58 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_LOCAL_SECURITY_CONNECTOR_H +#define GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_LOCAL_SECURITY_CONNECTOR_H + +#include <grpc/support/port_platform.h> + +#include "src/core/lib/security/context/security_context.h" + +/** + * This method creates a local channel security connector. + * + * - channel_creds: channel credential instance. + * - request_metadata_creds: credential object which will be sent with each + * request. This parameter can be nullptr. + * - target_name: the name of the endpoint that the channel is connecting to. + * - args: channel args passed from the caller. + * - sc: address of local channel security connector instance to be returned + * from the method. + * + * It returns GRPC_SECURITY_OK on success, and an error stauts code on failure. + */ +grpc_security_status grpc_local_channel_security_connector_create( + grpc_channel_credentials* channel_creds, + grpc_call_credentials* request_metadata_creds, + const grpc_channel_args* args, const char* target_name, + grpc_channel_security_connector** sc); + +/** + * This method creates a local server security connector. + * + * - server_creds: server credential instance. + * - sc: address of local server security connector instance to be returned from + * the method. + * + * It returns GRPC_SECURITY_OK on success, and an error status code on failure. + */ +grpc_security_status grpc_local_server_security_connector_create( + grpc_server_credentials* server_creds, grpc_server_security_connector** sc); + +#endif /* GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_LOCAL_SECURITY_CONNECTOR_H \ + */ diff --git a/src/core/tsi/local_transport_security.cc b/src/core/tsi/local_transport_security.cc new file mode 100644 index 0000000000..2799098108 --- /dev/null +++ b/src/core/tsi/local_transport_security.cc @@ -0,0 +1,222 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <grpc/support/port_platform.h> + +#include "src/core/tsi/local_transport_security.h" + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <grpc/support/alloc.h> +#include <grpc/support/log.h> +#include <grpc/support/string_util.h> + +#include "src/core/lib/iomgr/exec_ctx.h" +#include "src/core/tsi/transport_security_grpc.h" + +#define TSI_LOCAL_PEER_IDENTITY "local" + +/* Main struct for local TSI zero-copy frame protector. */ +typedef struct local_zero_copy_grpc_protector { + tsi_zero_copy_grpc_protector base; +} local_zero_copy_grpc_protector; + +/* Main struct for local TSI handshaker result. */ +typedef struct local_tsi_handshaker_result { + tsi_handshaker_result base; + char* peer_identity; + bool is_client; +} local_tsi_handshaker_result; + +/* Main struct for local TSI handshaker. */ +typedef struct local_tsi_handshaker { + tsi_handshaker base; + bool is_client; +} local_tsi_handshaker; + +/* --- tsi_zero_copy_grpc_protector methods implementation. --- */ + +static tsi_result local_zero_copy_grpc_protector_protect( + tsi_zero_copy_grpc_protector* self, grpc_slice_buffer* unprotected_slices, + grpc_slice_buffer* protected_slices) { + if (self == nullptr || unprotected_slices == nullptr || + protected_slices == nullptr) { + gpr_log(GPR_ERROR, "Invalid nullptr arguments to zero-copy grpc protect."); + return TSI_INVALID_ARGUMENT; + } + grpc_slice_buffer_move_into(unprotected_slices, protected_slices); + return TSI_OK; +} + +static tsi_result local_zero_copy_grpc_protector_unprotect( + tsi_zero_copy_grpc_protector* self, grpc_slice_buffer* protected_slices, + grpc_slice_buffer* unprotected_slices) { + if (self == nullptr || unprotected_slices == nullptr || + protected_slices == nullptr) { + gpr_log(GPR_ERROR, + "Invalid nullptr arguments to zero-copy grpc unprotect."); + return TSI_INVALID_ARGUMENT; + } + grpc_slice_buffer_move_into(protected_slices, unprotected_slices); + return TSI_OK; +} + +static void local_zero_copy_grpc_protector_destroy( + tsi_zero_copy_grpc_protector* self) { + gpr_free(self); +} + +static const tsi_zero_copy_grpc_protector_vtable + local_zero_copy_grpc_protector_vtable = { + local_zero_copy_grpc_protector_protect, + local_zero_copy_grpc_protector_unprotect, + local_zero_copy_grpc_protector_destroy}; + +tsi_result local_zero_copy_grpc_protector_create( + tsi_zero_copy_grpc_protector** protector) { + if (grpc_core::ExecCtx::Get() == nullptr || protector == nullptr) { + gpr_log( + GPR_ERROR, + "Invalid nullptr arguments to local_zero_copy_grpc_protector create."); + return TSI_INVALID_ARGUMENT; + } + local_zero_copy_grpc_protector* impl = + static_cast<local_zero_copy_grpc_protector*>(gpr_zalloc(sizeof(*impl))); + impl->base.vtable = &local_zero_copy_grpc_protector_vtable; + *protector = &impl->base; + return TSI_OK; +} + +/* --- tsi_handshaker_result methods implementation. --- */ + +static tsi_result handshaker_result_extract_peer( + const tsi_handshaker_result* self, tsi_peer* peer) { + return TSI_OK; +} + +static tsi_result handshaker_result_create_zero_copy_grpc_protector( + const tsi_handshaker_result* self, size_t* max_output_protected_frame_size, + tsi_zero_copy_grpc_protector** protector) { + if (self == nullptr || protector == nullptr) { + gpr_log(GPR_ERROR, + "Invalid arguments to create_zero_copy_grpc_protector()"); + return TSI_INVALID_ARGUMENT; + } + tsi_result ok = local_zero_copy_grpc_protector_create(protector); + if (ok != TSI_OK) { + gpr_log(GPR_ERROR, "Failed to create zero-copy grpc protector"); + } + return ok; +} + +static void handshaker_result_destroy(tsi_handshaker_result* self) { + if (self == nullptr) { + return; + } + local_tsi_handshaker_result* result = + reinterpret_cast<local_tsi_handshaker_result*>( + const_cast<tsi_handshaker_result*>(self)); + gpr_free(result->peer_identity); + gpr_free(result); +} + +static const tsi_handshaker_result_vtable result_vtable = { + handshaker_result_extract_peer, + handshaker_result_create_zero_copy_grpc_protector, + nullptr, /* handshaker_result_create_frame_protector */ + nullptr, /* handshaker_result_get_unused_bytes */ + handshaker_result_destroy}; + +static tsi_result create_handshaker_result(bool is_client, + tsi_handshaker_result** self) { + if (self == nullptr) { + gpr_log(GPR_ERROR, "Invalid arguments to create_handshaker_result()"); + return TSI_INVALID_ARGUMENT; + } + local_tsi_handshaker_result* result = + static_cast<local_tsi_handshaker_result*>(gpr_zalloc(sizeof(*result))); + result->is_client = is_client; + result->base.vtable = &result_vtable; + /* Create a peer identity with random information that will be later converted + * to auth context. Without this peer identity, the santiy check in {client, + * server}_auth_filter that verifies if the peer's auth context is obtained + * during handshakes will fail. Since the peer identity information in auth + * context is only checked for its existence (not actually used), we only + * populate some random data and later will provision more meaningful peer if + * needed (e.g., peer's pid/uid/gid from credentials). + */ + result->peer_identity = gpr_strdup(TSI_LOCAL_PEER_IDENTITY); + *self = &result->base; + return TSI_OK; +} + +/* --- tsi_handshaker methods implementation. --- */ + +static tsi_result handshaker_next( + tsi_handshaker* self, const unsigned char* received_bytes, + size_t received_bytes_size, const unsigned char** bytes_to_send, + size_t* bytes_to_send_size, tsi_handshaker_result** result, + tsi_handshaker_on_next_done_cb cb, void* user_data) { + if (self == nullptr) { + gpr_log(GPR_ERROR, "Invalid arguments to handshaker_next()"); + return TSI_INVALID_ARGUMENT; + } + /* Note that there is no interaction between TSI peers, and all operations are + * local. + */ + local_tsi_handshaker* handshaker = + reinterpret_cast<local_tsi_handshaker*>(self); + *bytes_to_send_size = 0; + create_handshaker_result(handshaker->is_client, result); + return TSI_OK; +} + +static void handshaker_destroy(tsi_handshaker* self) { + if (self == nullptr) { + return; + } + local_tsi_handshaker* handshaker = + reinterpret_cast<local_tsi_handshaker*>(self); + gpr_free(handshaker); +} + +static const tsi_handshaker_vtable handshaker_vtable = { + nullptr, /* get_bytes_to_send_to_peer -- deprecated */ + nullptr, /* process_bytes_from_peer -- deprecated */ + nullptr, /* get_result -- deprecated */ + nullptr, /* extract_peer -- deprecated */ + nullptr, /* create_frame_protector -- deprecated */ + handshaker_destroy, + handshaker_next, + nullptr, /* shutdown */ +}; + +tsi_result local_tsi_handshaker_create(bool is_client, tsi_handshaker** self) { + if (self == nullptr) { + gpr_log(GPR_ERROR, "Invalid arguments to local_tsi_handshaker_create()"); + return TSI_INVALID_ARGUMENT; + } + local_tsi_handshaker* handshaker = + static_cast<local_tsi_handshaker*>(gpr_zalloc(sizeof(*handshaker))); + handshaker->is_client = is_client; + handshaker->base.vtable = &handshaker_vtable; + *self = &handshaker->base; + return TSI_OK; +} diff --git a/src/core/tsi/local_transport_security.h b/src/core/tsi/local_transport_security.h new file mode 100644 index 0000000000..17213ecf35 --- /dev/null +++ b/src/core/tsi/local_transport_security.h @@ -0,0 +1,51 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef GRPC_CORE_TSI_LOCAL_TRANSPORT_SECURITY_H +#define GRPC_CORE_TSI_LOCAL_TRANSPORT_SECURITY_H + +#include <grpc/support/port_platform.h> + +#include <grpc/grpc.h> + +#include "src/core/tsi/transport_security.h" +#include "src/core/tsi/transport_security_interface.h" + +#define TSI_LOCAL_NUM_OF_PEER_PROPERTIES 1 +#define TSI_LOCAL_PROCESS_ID_PEER_PROPERTY "process_id" + +/** + * Main struct for local TSI handshaker. All APIs in the header are + * thread-comptabile. + */ +typedef struct local_tsi_handshaker local_tsi_handshaker; + +/** + * This method creates a local TSI handshaker instance. + * + * - is_client: boolean value indicating if the handshaker is used at the client + * (is_client = true) or server (is_client = false) side. The parameter is + * added for future extension. + * - self: address of local TSI handshaker instance to be returned from the + * method. + * + * It returns TSI_OK on success and an error status code on failure. + */ +tsi_result local_tsi_handshaker_create(bool is_client, tsi_handshaker** self); + +#endif /* GRPC_CORE_TSI_LOCAL_TRANSPORT_SECURITY_H */ diff --git a/src/python/grpcio/grpc_core_dependencies.py b/src/python/grpcio/grpc_core_dependencies.py index 05d4786f3f..1746020b72 100644 --- a/src/python/grpcio/grpc_core_dependencies.py +++ b/src/python/grpcio/grpc_core_dependencies.py @@ -249,10 +249,12 @@ CORE_SOURCE_FILES = [ 'src/core/lib/security/credentials/jwt/json_token.cc', 'src/core/lib/security/credentials/jwt/jwt_credentials.cc', 'src/core/lib/security/credentials/jwt/jwt_verifier.cc', + 'src/core/lib/security/credentials/local/local_credentials.cc', 'src/core/lib/security/credentials/oauth2/oauth2_credentials.cc', 'src/core/lib/security/credentials/plugin/plugin_credentials.cc', 'src/core/lib/security/credentials/ssl/ssl_credentials.cc', 'src/core/lib/security/security_connector/alts_security_connector.cc', + 'src/core/lib/security/security_connector/local_security_connector.cc', 'src/core/lib/security/security_connector/security_connector.cc', 'src/core/lib/security/transport/client_auth_filter.cc', 'src/core/lib/security/transport/secure_endpoint.cc', @@ -325,6 +327,7 @@ CORE_SOURCE_FILES = [ 'src/core/ext/filters/deadline/deadline_filter.cc', 'src/core/tsi/alts_transport_security.cc', 'src/core/tsi/fake_transport_security.cc', + 'src/core/tsi/local_transport_security.cc', 'src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc', 'src/core/tsi/ssl/session_cache/ssl_session_cache.cc', 'src/core/tsi/ssl/session_cache/ssl_session_openssl.cc', diff --git a/src/ruby/ext/grpc/rb_grpc_imports.generated.c b/src/ruby/ext/grpc/rb_grpc_imports.generated.c index 031699ce8e..6b1bcf6fcd 100644 --- a/src/ruby/ext/grpc/rb_grpc_imports.generated.c +++ b/src/ruby/ext/grpc/rb_grpc_imports.generated.c @@ -142,6 +142,8 @@ grpc_alts_credentials_client_options_add_target_service_account_type grpc_alts_c grpc_alts_credentials_options_destroy_type grpc_alts_credentials_options_destroy_import; grpc_alts_credentials_create_type grpc_alts_credentials_create_import; grpc_alts_server_credentials_create_type grpc_alts_server_credentials_create_import; +grpc_local_credentials_create_type grpc_local_credentials_create_import; +grpc_local_server_credentials_create_type grpc_local_server_credentials_create_import; grpc_raw_byte_buffer_create_type grpc_raw_byte_buffer_create_import; grpc_raw_compressed_byte_buffer_create_type grpc_raw_compressed_byte_buffer_create_import; grpc_byte_buffer_copy_type grpc_byte_buffer_copy_import; @@ -388,6 +390,8 @@ void grpc_rb_load_imports(HMODULE library) { grpc_alts_credentials_options_destroy_import = (grpc_alts_credentials_options_destroy_type) GetProcAddress(library, "grpc_alts_credentials_options_destroy"); grpc_alts_credentials_create_import = (grpc_alts_credentials_create_type) GetProcAddress(library, "grpc_alts_credentials_create"); grpc_alts_server_credentials_create_import = (grpc_alts_server_credentials_create_type) GetProcAddress(library, "grpc_alts_server_credentials_create"); + grpc_local_credentials_create_import = (grpc_local_credentials_create_type) GetProcAddress(library, "grpc_local_credentials_create"); + grpc_local_server_credentials_create_import = (grpc_local_server_credentials_create_type) GetProcAddress(library, "grpc_local_server_credentials_create"); grpc_raw_byte_buffer_create_import = (grpc_raw_byte_buffer_create_type) GetProcAddress(library, "grpc_raw_byte_buffer_create"); grpc_raw_compressed_byte_buffer_create_import = (grpc_raw_compressed_byte_buffer_create_type) GetProcAddress(library, "grpc_raw_compressed_byte_buffer_create"); grpc_byte_buffer_copy_import = (grpc_byte_buffer_copy_type) GetProcAddress(library, "grpc_byte_buffer_copy"); diff --git a/src/ruby/ext/grpc/rb_grpc_imports.generated.h b/src/ruby/ext/grpc/rb_grpc_imports.generated.h index 474405ae3f..20052c28a4 100644 --- a/src/ruby/ext/grpc/rb_grpc_imports.generated.h +++ b/src/ruby/ext/grpc/rb_grpc_imports.generated.h @@ -401,6 +401,12 @@ extern grpc_alts_credentials_create_type grpc_alts_credentials_create_import; typedef grpc_server_credentials*(*grpc_alts_server_credentials_create_type)(const grpc_alts_credentials_options* options); extern grpc_alts_server_credentials_create_type grpc_alts_server_credentials_create_import; #define grpc_alts_server_credentials_create grpc_alts_server_credentials_create_import +typedef grpc_channel_credentials*(*grpc_local_credentials_create_type)(grpc_local_connect_type type); +extern grpc_local_credentials_create_type grpc_local_credentials_create_import; +#define grpc_local_credentials_create grpc_local_credentials_create_import +typedef grpc_server_credentials*(*grpc_local_server_credentials_create_type)(grpc_local_connect_type type); +extern grpc_local_server_credentials_create_type grpc_local_server_credentials_create_import; +#define grpc_local_server_credentials_create grpc_local_server_credentials_create_import typedef grpc_byte_buffer*(*grpc_raw_byte_buffer_create_type)(grpc_slice* slices, size_t nslices); extern grpc_raw_byte_buffer_create_type grpc_raw_byte_buffer_create_import; #define grpc_raw_byte_buffer_create grpc_raw_byte_buffer_create_import |