diff options
23 files changed, 533 insertions, 1 deletions
@@ -587,11 +587,15 @@ cc_library( name = "grpc++", srcs = [ "src/cpp/client/secure_credentials.h", + "src/cpp/common/secure_auth_context.h", "src/cpp/server/secure_server_credentials.h", "src/cpp/client/channel.h", + "src/cpp/common/create_auth_context.h", "src/cpp/server/thread_pool.h", "src/cpp/client/secure_channel_arguments.cc", "src/cpp/client/secure_credentials.cc", + "src/cpp/common/secure_auth_context.cc", + "src/cpp/common/secure_create_auth_context.cc", "src/cpp/server/secure_server_credentials.cc", "src/cpp/client/channel.cc", "src/cpp/client/channel_arguments.cc", @@ -621,6 +625,7 @@ cc_library( hdrs = [ "include/grpc++/async_generic_service.h", "include/grpc++/async_unary_call.h", + "include/grpc++/auth_context.h", "include/grpc++/byte_buffer.h", "include/grpc++/channel_arguments.h", "include/grpc++/channel_interface.h", @@ -672,8 +677,11 @@ cc_library( cc_library( name = "grpc++_unsecure", srcs = [ + "src/cpp/common/insecure_auth_context.h", "src/cpp/client/channel.h", + "src/cpp/common/create_auth_context.h", "src/cpp/server/thread_pool.h", + "src/cpp/common/insecure_create_auth_context.cc", "src/cpp/client/channel.cc", "src/cpp/client/channel_arguments.cc", "src/cpp/client/client_context.cc", @@ -702,6 +710,7 @@ cc_library( hdrs = [ "include/grpc++/async_generic_service.h", "include/grpc++/async_unary_call.h", + "include/grpc++/auth_context.h", "include/grpc++/byte_buffer.h", "include/grpc++/channel_arguments.h", "include/grpc++/channel_interface.h", @@ -3589,6 +3589,8 @@ endif LIBGRPC++_SRC = \ src/cpp/client/secure_channel_arguments.cc \ src/cpp/client/secure_credentials.cc \ + src/cpp/common/secure_auth_context.cc \ + src/cpp/common/secure_create_auth_context.cc \ src/cpp/server/secure_server_credentials.cc \ src/cpp/client/channel.cc \ src/cpp/client/channel_arguments.cc \ @@ -3618,6 +3620,7 @@ LIBGRPC++_SRC = \ PUBLIC_HEADERS_CXX += \ include/grpc++/async_generic_service.h \ include/grpc++/async_unary_call.h \ + include/grpc++/auth_context.h \ include/grpc++/byte_buffer.h \ include/grpc++/channel_arguments.h \ include/grpc++/channel_interface.h \ @@ -3829,6 +3832,7 @@ $(OBJDIR)/$(CONFIG)/test/cpp/util/subprocess.o: $(GENDIR)/test/cpp/util/messages LIBGRPC++_UNSECURE_SRC = \ + src/cpp/common/insecure_create_auth_context.cc \ src/cpp/client/channel.cc \ src/cpp/client/channel_arguments.cc \ src/cpp/client/client_context.cc \ @@ -3857,6 +3861,7 @@ LIBGRPC++_UNSECURE_SRC = \ PUBLIC_HEADERS_CXX += \ include/grpc++/async_generic_service.h \ include/grpc++/async_unary_call.h \ + include/grpc++/auth_context.h \ include/grpc++/byte_buffer.h \ include/grpc++/channel_arguments.h \ include/grpc++/channel_interface.h \ diff --git a/build.json b/build.json index cbe7b6167f..a0ef745244 100644 --- a/build.json +++ b/build.json @@ -30,6 +30,7 @@ "public_headers": [ "include/grpc++/async_generic_service.h", "include/grpc++/async_unary_call.h", + "include/grpc++/auth_context.h", "include/grpc++/byte_buffer.h", "include/grpc++/channel_arguments.h", "include/grpc++/channel_interface.h", @@ -68,6 +69,7 @@ ], "headers": [ "src/cpp/client/channel.h", + "src/cpp/common/create_auth_context.h", "src/cpp/server/thread_pool.h" ], "src": [ @@ -537,11 +539,14 @@ "language": "c++", "headers": [ "src/cpp/client/secure_credentials.h", + "src/cpp/common/secure_auth_context.h", "src/cpp/server/secure_server_credentials.h" ], "src": [ "src/cpp/client/secure_channel_arguments.cc", "src/cpp/client/secure_credentials.cc", + "src/cpp/common/secure_auth_context.cc", + "src/cpp/common/secure_create_auth_context.cc", "src/cpp/server/secure_server_credentials.cc" ], "deps": [ @@ -594,6 +599,12 @@ "name": "grpc++_unsecure", "build": "all", "language": "c++", + "headers": [ + "src/cpp/common/insecure_auth_context.h" + ], + "src": [ + "src/cpp/common/insecure_create_auth_context.cc" + ], "deps": [ "gpr", "grpc_unsecure" diff --git a/include/grpc++/auth_context.h b/include/grpc++/auth_context.h new file mode 100644 index 0000000000..158f8e3f07 --- /dev/null +++ b/include/grpc++/auth_context.h @@ -0,0 +1,62 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef GRPCXX_AUTH_CONTEXT_H +#define GRPCXX_AUTH_CONTEXT_H + +#include <vector> + +#include <grpc++/config.h> + +namespace grpc { + +class AuthContext { + public: + typedef std::pair<grpc::string, grpc::string> Property; + + virtual ~AuthContext() {} + + // A peer identity, in general is one or more properties (in which case they + // have the same name). + virtual std::vector<grpc::string> GetPeerIdentity() const = 0; + virtual grpc::string GetPeerIdentityPropertyName() const = 0; + + // Returns all the property values with the given name. + virtual std::vector<grpc::string> FindPropertyValues( + const grpc::string& name) const = 0; +}; + +} // namespace grpc + +#endif // GRPCXX_AUTH_CONTEXT_H + diff --git a/include/grpc++/client_context.h b/include/grpc++/client_context.h index 5e10875260..3bf5edc6c0 100644 --- a/include/grpc++/client_context.h +++ b/include/grpc++/client_context.h @@ -40,6 +40,7 @@ #include <grpc/support/log.h> #include <grpc/support/time.h> +#include <grpc++/auth_context.h> #include <grpc++/config.h> #include <grpc++/status.h> #include <grpc++/time.h> @@ -107,6 +108,8 @@ class ClientContext { creds_ = creds; } + std::unique_ptr<const AuthContext> auth_context() const; + void TryCancel(); private: diff --git a/include/grpc++/server_context.h b/include/grpc++/server_context.h index 326b6a125c..3bf21e02bf 100644 --- a/include/grpc++/server_context.h +++ b/include/grpc++/server_context.h @@ -35,8 +35,10 @@ #define GRPCXX_SERVER_CONTEXT_H #include <map> +#include <memory> #include <grpc/support/time.h> +#include <grpc++/auth_context.h> #include <grpc++/config.h> #include <grpc++/time.h> @@ -97,6 +99,8 @@ class ServerContext { return client_metadata_; } + std::unique_ptr<const AuthContext> auth_context() const; + private: friend class ::grpc::Server; template <class W, class R> diff --git a/src/core/security/client_auth_filter.c b/src/core/security/client_auth_filter.c index e9bd45db68..9f1eae813b 100644 --- a/src/core/security/client_auth_filter.c +++ b/src/core/security/client_auth_filter.c @@ -61,6 +61,7 @@ typedef struct { grpc_transport_op op; size_t op_md_idx; int sent_initial_metadata; + gpr_uint8 security_context_set; grpc_linked_mdelem md_links[MAX_CREDENTIALS_METADATA_COUNT]; } call_data; @@ -199,8 +200,26 @@ static void auth_start_transport_op(grpc_call_element *elem, channel_data *chand = elem->channel_data; grpc_linked_mdelem *l; size_t i; + grpc_client_security_context* sec_ctx = NULL; - /* TODO(jboeuf): write the call auth context. */ + if (calld->security_context_set == 0) { + calld->security_context_set = 1; + GPR_ASSERT(op->context); + if (op->context[GRPC_CONTEXT_SECURITY].value == NULL) { + op->context[GRPC_CONTEXT_SECURITY].value = + grpc_client_security_context_create(); + op->context[GRPC_CONTEXT_SECURITY].destroy = + grpc_client_security_context_destroy; + } + sec_ctx = op->context[GRPC_CONTEXT_SECURITY].value; + if (sec_ctx->auth_context == NULL) { + sec_ctx->auth_context = + grpc_auth_context_ref(chand->security_connector->base.auth_context); + } else { + sec_ctx->auth_context->chained = + grpc_auth_context_ref(chand->security_connector->base.auth_context); + } + } if (op->bind_pollset) { calld->pollset = op->bind_pollset; @@ -270,6 +289,7 @@ static void init_call_elem(grpc_call_element *elem, calld->method = NULL; calld->pollset = NULL; calld->sent_initial_metadata = 0; + calld->security_context_set = 0; GPR_ASSERT(!initial_op || !initial_op->send_ops); } diff --git a/src/core/security/security_context.h b/src/core/security/security_context.h index 20c4390898..76a45910bb 100644 --- a/src/core/security/security_context.h +++ b/src/core/security/security_context.h @@ -36,6 +36,10 @@ #include "src/core/security/credentials.h" +#ifdef __cplusplus +extern "C" { +#endif + /* --- grpc_auth_context --- High level authentication context object. Can optionally be chained. */ @@ -103,5 +107,9 @@ typedef struct { grpc_server_security_context *grpc_server_security_context_create(void); void grpc_server_security_context_destroy(void *ctx); +#ifdef __cplusplus +} +#endif + #endif /* GRPC_INTERNAL_CORE_SECURITY_SECURITY_CONTEXT_H */ diff --git a/src/cpp/client/client_context.cc b/src/cpp/client/client_context.cc index 72cdd49d19..ac154d557a 100644 --- a/src/cpp/client/client_context.cc +++ b/src/cpp/client/client_context.cc @@ -36,6 +36,7 @@ #include <grpc/grpc.h> #include <grpc++/credentials.h> #include <grpc++/time.h> +#include "src/cpp/common/create_auth_context.h" namespace grpc { @@ -75,6 +76,10 @@ void ClientContext::set_call(grpc_call* call, } } +std::unique_ptr<const AuthContext> ClientContext::auth_context() const { + return CreateAuthContext(call_); +} + void ClientContext::TryCancel() { if (call_) { grpc_call_cancel(call_); diff --git a/src/cpp/common/create_auth_context.h b/src/cpp/common/create_auth_context.h new file mode 100644 index 0000000000..24c00c43a8 --- /dev/null +++ b/src/cpp/common/create_auth_context.h @@ -0,0 +1,42 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#include <memory> + +#include <grpc/grpc.h> +#include <grpc++/auth_context.h> + +namespace grpc { + +std::unique_ptr<const AuthContext> CreateAuthContext(grpc_call* call); + +} // namespace grpc diff --git a/src/cpp/common/insecure_auth_context.h b/src/cpp/common/insecure_auth_context.h new file mode 100644 index 0000000000..8d1653a477 --- /dev/null +++ b/src/cpp/common/insecure_auth_context.h @@ -0,0 +1,59 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef GRPC_INTERNAL_CPP_COMMON_INSECURE_AUTH_CONTEXT_H +#define GRPC_INTERNAL_CPP_COMMON_INSECURE_AUTH_CONTEXT_H + +#include <grpc++/auth_context.h> + +namespace grpc { + +class InsecureAuthContext : public AuthContext { + public: + ~InsecureAuthContext() GRPC_OVERRIDE {} + + std::vector<grpc::string> GetPeerIdentity() const GRPC_OVERRIDE { + return std::vector<grpc::string>(); + } + + grpc::string GetPeerIdentityPropertyName() const GRPC_OVERRIDE { return ""; } + + std::vector<grpc::string> FindPropertyValues(const grpc::string& name) const + GRPC_OVERRIDE { + return std::vector<grpc::string>(); + } +}; + +} // namespace grpc + +#endif // GRPC_INTERNAL_CPP_COMMON_INSECURE_AUTH_CONTEXT_H diff --git a/src/cpp/common/insecure_create_auth_context.cc b/src/cpp/common/insecure_create_auth_context.cc new file mode 100644 index 0000000000..79d868254d --- /dev/null +++ b/src/cpp/common/insecure_create_auth_context.cc @@ -0,0 +1,46 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#include <memory> + +#include <grpc/grpc.h> +#include <grpc++/auth_context.h> +#include "src/cpp/common/insecure_auth_context.h" + +namespace grpc { + +std::unique_ptr<const AuthContext> CreateAuthContext(grpc_call* call) { + (void)call; + return std::unique_ptr<const AuthContext>(new InsecureAuthContext); +} + +} // namespace grpc diff --git a/src/cpp/common/secure_auth_context.cc b/src/cpp/common/secure_auth_context.cc new file mode 100644 index 0000000000..4e616b913e --- /dev/null +++ b/src/cpp/common/secure_auth_context.cc @@ -0,0 +1,81 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "src/cpp/common/secure_auth_context.h" + +#include "src/core/security/security_context.h" + +namespace grpc { + +SecureAuthContext::SecureAuthContext(grpc_auth_context* ctx) + : ctx_(grpc_auth_context_ref(ctx)) {} + +SecureAuthContext::~SecureAuthContext() { grpc_auth_context_unref(ctx_); } + +std::vector<grpc::string> SecureAuthContext::GetPeerIdentity() const { + if (!ctx_) { + return std::vector<grpc::string>(); + } + grpc_auth_property_iterator iter = grpc_auth_context_peer_identity(ctx_); + std::vector<grpc::string> identity; + const grpc_auth_property* property = nullptr; + while ((property = grpc_auth_property_iterator_next(&iter))) { + identity.push_back(grpc::string(property->value, property->value_length)); + } + return identity; +} + +grpc::string SecureAuthContext::GetPeerIdentityPropertyName() const { + if (!ctx_) { + return ""; + } + const char* name = grpc_auth_context_peer_identity_property_name(ctx_); + return name == nullptr ? "" : name; +} + +std::vector<grpc::string> SecureAuthContext::FindPropertyValues( + const grpc::string& name) const { + if (!ctx_) { + return std::vector<grpc::string>(); + } + grpc_auth_property_iterator iter = + grpc_auth_context_find_properties_by_name(ctx_, name.c_str()); + const grpc_auth_property* property = nullptr; + std::vector<grpc::string> values; + while ((property = grpc_auth_property_iterator_next(&iter))) { + values.push_back(grpc::string(property->value, property->value_length)); + } + return values; +} + +} // namespace grpc diff --git a/src/cpp/common/secure_auth_context.h b/src/cpp/common/secure_auth_context.h new file mode 100644 index 0000000000..892f8d522c --- /dev/null +++ b/src/cpp/common/secure_auth_context.h @@ -0,0 +1,61 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef GRPC_INTERNAL_CPP_COMMON_SECURE_AUTH_CONTEXT_H +#define GRPC_INTERNAL_CPP_COMMON_SECURE_AUTH_CONTEXT_H + +#include <grpc++/auth_context.h> +#include "src/core/security/security_context.h" + +namespace grpc { + +class SecureAuthContext : public AuthContext { + public: + SecureAuthContext(grpc_auth_context* ctx); + + ~SecureAuthContext() GRPC_OVERRIDE; + + std::vector<grpc::string> GetPeerIdentity() const GRPC_OVERRIDE; + + grpc::string GetPeerIdentityPropertyName() const GRPC_OVERRIDE; + + std::vector<grpc::string> FindPropertyValues(const grpc::string& name) const + GRPC_OVERRIDE; + + private: + grpc_auth_context* ctx_; +}; + +} // namespace grpc + +#endif // GRPC_INTERNAL_CPP_COMMON_SECURE_AUTH_CONTEXT_H diff --git a/src/cpp/common/secure_create_auth_context.cc b/src/cpp/common/secure_create_auth_context.cc new file mode 100644 index 0000000000..d9fba4f4d4 --- /dev/null +++ b/src/cpp/common/secure_create_auth_context.cc @@ -0,0 +1,50 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#include <memory> + +#include <grpc/grpc.h> +#include <grpc/grpc_security.h> +#include <grpc++/auth_context.h> +#include "src/cpp/common/secure_auth_context.h" + +namespace grpc { + +std::unique_ptr<const AuthContext> CreateAuthContext(grpc_call* call) { + grpc_auth_context* context = nullptr; + if (call) { + context = const_cast<grpc_auth_context*>(grpc_call_auth_context(call)); + } + return std::unique_ptr<const AuthContext>(new SecureAuthContext(context)); +} + +} // namespace grpc diff --git a/src/cpp/server/server_context.cc b/src/cpp/server/server_context.cc index 699895a3cf..357d1a5a02 100644 --- a/src/cpp/server/server_context.cc +++ b/src/cpp/server/server_context.cc @@ -39,6 +39,8 @@ #include <grpc++/impl/sync.h> #include <grpc++/time.h> +#include "src/cpp/common/create_auth_context.h" + namespace grpc { // CompletionOp @@ -146,4 +148,8 @@ bool ServerContext::IsCancelled() { return completion_op_ && completion_op_->CheckCancelled(cq_); } +std::unique_ptr<const AuthContext> ServerContext::auth_context() const { + return CreateAuthContext(call_); +} + } // namespace grpc diff --git a/tools/doxygen/Doxyfile.c++ b/tools/doxygen/Doxyfile.c++ index d782dc18f7..feb7ad8bb9 100644 --- a/tools/doxygen/Doxyfile.c++ +++ b/tools/doxygen/Doxyfile.c++ @@ -762,6 +762,7 @@ WARN_LOGFILE = INPUT = include/grpc++/async_generic_service.h \ include/grpc++/async_unary_call.h \ +include/grpc++/auth_context.h \ include/grpc++/byte_buffer.h \ include/grpc++/channel_arguments.h \ include/grpc++/channel_interface.h \ diff --git a/tools/doxygen/Doxyfile.c++.internal b/tools/doxygen/Doxyfile.c++.internal index 575cd95753..67718d8976 100644 --- a/tools/doxygen/Doxyfile.c++.internal +++ b/tools/doxygen/Doxyfile.c++.internal @@ -762,6 +762,7 @@ WARN_LOGFILE = INPUT = include/grpc++/async_generic_service.h \ include/grpc++/async_unary_call.h \ +include/grpc++/auth_context.h \ include/grpc++/byte_buffer.h \ include/grpc++/channel_arguments.h \ include/grpc++/channel_interface.h \ @@ -798,11 +799,15 @@ include/grpc++/stream.h \ include/grpc++/thread_pool_interface.h \ include/grpc++/time.h \ src/cpp/client/secure_credentials.h \ +src/cpp/common/secure_auth_context.h \ src/cpp/server/secure_server_credentials.h \ src/cpp/client/channel.h \ +src/cpp/common/create_auth_context.h \ src/cpp/server/thread_pool.h \ src/cpp/client/secure_channel_arguments.cc \ src/cpp/client/secure_credentials.cc \ +src/cpp/common/secure_auth_context.cc \ +src/cpp/common/secure_create_auth_context.cc \ src/cpp/server/secure_server_credentials.cc \ src/cpp/client/channel.cc \ src/cpp/client/channel_arguments.cc \ diff --git a/tools/run_tests/sources_and_headers.json b/tools/run_tests/sources_and_headers.json index 453cb6e7fd..1fb239983a 100644 --- a/tools/run_tests/sources_and_headers.json +++ b/tools/run_tests/sources_and_headers.json @@ -9370,6 +9370,7 @@ "headers": [ "include/grpc++/async_generic_service.h", "include/grpc++/async_unary_call.h", + "include/grpc++/auth_context.h", "include/grpc++/byte_buffer.h", "include/grpc++/channel_arguments.h", "include/grpc++/channel_interface.h", @@ -9407,6 +9408,8 @@ "include/grpc++/time.h", "src/cpp/client/channel.h", "src/cpp/client/secure_credentials.h", + "src/cpp/common/create_auth_context.h", + "src/cpp/common/secure_auth_context.h", "src/cpp/server/secure_server_credentials.h", "src/cpp/server/thread_pool.h" ], @@ -9415,6 +9418,7 @@ "src": [ "include/grpc++/async_generic_service.h", "include/grpc++/async_unary_call.h", + "include/grpc++/auth_context.h", "include/grpc++/byte_buffer.h", "include/grpc++/channel_arguments.h", "include/grpc++/channel_interface.h", @@ -9464,7 +9468,11 @@ "src/cpp/client/secure_credentials.h", "src/cpp/common/call.cc", "src/cpp/common/completion_queue.cc", + "src/cpp/common/create_auth_context.h", "src/cpp/common/rpc_method.cc", + "src/cpp/common/secure_auth_context.cc", + "src/cpp/common/secure_auth_context.h", + "src/cpp/common/secure_create_auth_context.cc", "src/cpp/proto/proto_utils.cc", "src/cpp/server/async_generic_service.cc", "src/cpp/server/create_default_thread_pool.cc", @@ -9533,6 +9541,7 @@ "headers": [ "include/grpc++/async_generic_service.h", "include/grpc++/async_unary_call.h", + "include/grpc++/auth_context.h", "include/grpc++/byte_buffer.h", "include/grpc++/channel_arguments.h", "include/grpc++/channel_interface.h", @@ -9569,6 +9578,8 @@ "include/grpc++/thread_pool_interface.h", "include/grpc++/time.h", "src/cpp/client/channel.h", + "src/cpp/common/create_auth_context.h", + "src/cpp/common/insecure_auth_context.h", "src/cpp/server/thread_pool.h" ], "language": "c++", @@ -9576,6 +9587,7 @@ "src": [ "include/grpc++/async_generic_service.h", "include/grpc++/async_unary_call.h", + "include/grpc++/auth_context.h", "include/grpc++/byte_buffer.h", "include/grpc++/channel_arguments.h", "include/grpc++/channel_interface.h", @@ -9622,6 +9634,9 @@ "src/cpp/client/internal_stub.cc", "src/cpp/common/call.cc", "src/cpp/common/completion_queue.cc", + "src/cpp/common/create_auth_context.h", + "src/cpp/common/insecure_auth_context.h", + "src/cpp/common/insecure_create_auth_context.cc", "src/cpp/common/rpc_method.cc", "src/cpp/proto/proto_utils.cc", "src/cpp/server/async_generic_service.cc", diff --git a/vsprojects/grpc++/grpc++.vcxproj b/vsprojects/grpc++/grpc++.vcxproj index f69d50ffb8..c1a32656cf 100644 --- a/vsprojects/grpc++/grpc++.vcxproj +++ b/vsprojects/grpc++/grpc++.vcxproj @@ -148,6 +148,7 @@ <ItemGroup> <ClInclude Include="..\..\include\grpc++\async_generic_service.h" /> <ClInclude Include="..\..\include\grpc++\async_unary_call.h" /> + <ClInclude Include="..\..\include\grpc++\auth_context.h" /> <ClInclude Include="..\..\include\grpc++\byte_buffer.h" /> <ClInclude Include="..\..\include\grpc++\channel_arguments.h" /> <ClInclude Include="..\..\include\grpc++\channel_interface.h" /> @@ -186,8 +187,10 @@ </ItemGroup> <ItemGroup> <ClInclude Include="..\..\src\cpp\client\secure_credentials.h" /> + <ClInclude Include="..\..\src\cpp\common\secure_auth_context.h" /> <ClInclude Include="..\..\src\cpp\server\secure_server_credentials.h" /> <ClInclude Include="..\..\src\cpp\client\channel.h" /> + <ClInclude Include="..\..\src\cpp\common\create_auth_context.h" /> <ClInclude Include="..\..\src\cpp\server\thread_pool.h" /> </ItemGroup> <ItemGroup> @@ -195,6 +198,10 @@ </ClCompile> <ClCompile Include="..\..\src\cpp\client\secure_credentials.cc"> </ClCompile> + <ClCompile Include="..\..\src\cpp\common\secure_auth_context.cc"> + </ClCompile> + <ClCompile Include="..\..\src\cpp\common\secure_create_auth_context.cc"> + </ClCompile> <ClCompile Include="..\..\src\cpp\server\secure_server_credentials.cc"> </ClCompile> <ClCompile Include="..\..\src\cpp\client\channel.cc"> diff --git a/vsprojects/grpc++/grpc++.vcxproj.filters b/vsprojects/grpc++/grpc++.vcxproj.filters index aa4b50e33f..e63c77a53d 100644 --- a/vsprojects/grpc++/grpc++.vcxproj.filters +++ b/vsprojects/grpc++/grpc++.vcxproj.filters @@ -7,6 +7,12 @@ <ClCompile Include="..\..\src\cpp\client\secure_credentials.cc"> <Filter>src\cpp\client</Filter> </ClCompile> + <ClCompile Include="..\..\src\cpp\common\secure_auth_context.cc"> + <Filter>src\cpp\common</Filter> + </ClCompile> + <ClCompile Include="..\..\src\cpp\common\secure_create_auth_context.cc"> + <Filter>src\cpp\common</Filter> + </ClCompile> <ClCompile Include="..\..\src\cpp\server\secure_server_credentials.cc"> <Filter>src\cpp\server</Filter> </ClCompile> @@ -90,6 +96,9 @@ <ClInclude Include="..\..\include\grpc++\async_unary_call.h"> <Filter>include\grpc++</Filter> </ClInclude> + <ClInclude Include="..\..\include\grpc++\auth_context.h"> + <Filter>include\grpc++</Filter> + </ClInclude> <ClInclude Include="..\..\include\grpc++\byte_buffer.h"> <Filter>include\grpc++</Filter> </ClInclude> @@ -200,12 +209,18 @@ <ClInclude Include="..\..\src\cpp\client\secure_credentials.h"> <Filter>src\cpp\client</Filter> </ClInclude> + <ClInclude Include="..\..\src\cpp\common\secure_auth_context.h"> + <Filter>src\cpp\common</Filter> + </ClInclude> <ClInclude Include="..\..\src\cpp\server\secure_server_credentials.h"> <Filter>src\cpp\server</Filter> </ClInclude> <ClInclude Include="..\..\src\cpp\client\channel.h"> <Filter>src\cpp\client</Filter> </ClInclude> + <ClInclude Include="..\..\src\cpp\common\create_auth_context.h"> + <Filter>src\cpp\common</Filter> + </ClInclude> <ClInclude Include="..\..\src\cpp\server\thread_pool.h"> <Filter>src\cpp\server</Filter> </ClInclude> diff --git a/vsprojects/grpc++_unsecure/grpc++_unsecure.vcxproj b/vsprojects/grpc++_unsecure/grpc++_unsecure.vcxproj index 639f904cce..984fb6884e 100644 --- a/vsprojects/grpc++_unsecure/grpc++_unsecure.vcxproj +++ b/vsprojects/grpc++_unsecure/grpc++_unsecure.vcxproj @@ -148,6 +148,7 @@ <ItemGroup> <ClInclude Include="..\..\include\grpc++\async_generic_service.h" /> <ClInclude Include="..\..\include\grpc++\async_unary_call.h" /> + <ClInclude Include="..\..\include\grpc++\auth_context.h" /> <ClInclude Include="..\..\include\grpc++\byte_buffer.h" /> <ClInclude Include="..\..\include\grpc++\channel_arguments.h" /> <ClInclude Include="..\..\include\grpc++\channel_interface.h" /> @@ -185,10 +186,14 @@ <ClInclude Include="..\..\include\grpc++\time.h" /> </ItemGroup> <ItemGroup> + <ClInclude Include="..\..\src\cpp\common\insecure_auth_context.h" /> <ClInclude Include="..\..\src\cpp\client\channel.h" /> + <ClInclude Include="..\..\src\cpp\common\create_auth_context.h" /> <ClInclude Include="..\..\src\cpp\server\thread_pool.h" /> </ItemGroup> <ItemGroup> + <ClCompile Include="..\..\src\cpp\common\insecure_create_auth_context.cc"> + </ClCompile> <ClCompile Include="..\..\src\cpp\client\channel.cc"> </ClCompile> <ClCompile Include="..\..\src\cpp\client\channel_arguments.cc"> diff --git a/vsprojects/grpc++_unsecure/grpc++_unsecure.vcxproj.filters b/vsprojects/grpc++_unsecure/grpc++_unsecure.vcxproj.filters index 974dc3e27a..ae348d3fb5 100644 --- a/vsprojects/grpc++_unsecure/grpc++_unsecure.vcxproj.filters +++ b/vsprojects/grpc++_unsecure/grpc++_unsecure.vcxproj.filters @@ -1,6 +1,9 @@ <?xml version="1.0" encoding="utf-8"?> <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <ItemGroup> + <ClCompile Include="..\..\src\cpp\common\insecure_create_auth_context.cc"> + <Filter>src\cpp\common</Filter> + </ClCompile> <ClCompile Include="..\..\src\cpp\client\channel.cc"> <Filter>src\cpp\client</Filter> </ClCompile> @@ -81,6 +84,9 @@ <ClInclude Include="..\..\include\grpc++\async_unary_call.h"> <Filter>include\grpc++</Filter> </ClInclude> + <ClInclude Include="..\..\include\grpc++\auth_context.h"> + <Filter>include\grpc++</Filter> + </ClInclude> <ClInclude Include="..\..\include\grpc++\byte_buffer.h"> <Filter>include\grpc++</Filter> </ClInclude> @@ -188,9 +194,15 @@ </ClInclude> </ItemGroup> <ItemGroup> + <ClInclude Include="..\..\src\cpp\common\insecure_auth_context.h"> + <Filter>src\cpp\common</Filter> + </ClInclude> <ClInclude Include="..\..\src\cpp\client\channel.h"> <Filter>src\cpp\client</Filter> </ClInclude> + <ClInclude Include="..\..\src\cpp\common\create_auth_context.h"> + <Filter>src\cpp\common</Filter> + </ClInclude> <ClInclude Include="..\..\src\cpp\server\thread_pool.h"> <Filter>src\cpp\server</Filter> </ClInclude> |