diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/grpc++/client_context.h | 2 | ||||
-rw-r--r-- | include/grpc++/create_channel.h | 2 | ||||
-rw-r--r-- | include/grpc++/security/auth_context.h (renamed from include/grpc++/support/auth_context.h) | 8 | ||||
-rw-r--r-- | include/grpc++/security/auth_metadata_processor.h | 74 | ||||
-rw-r--r-- | include/grpc++/security/credentials.h (renamed from include/grpc++/credentials.h) | 0 | ||||
-rw-r--r-- | include/grpc++/security/server_credentials.h (renamed from include/grpc++/server_credentials.h) | 6 | ||||
-rw-r--r-- | include/grpc++/server.h | 2 | ||||
-rw-r--r-- | include/grpc++/server_context.h | 2 | ||||
-rw-r--r-- | include/grpc/grpc_security.h | 6 |
9 files changed, 96 insertions, 6 deletions
diff --git a/include/grpc++/client_context.h b/include/grpc++/client_context.h index 62e5260a18..917a1222a8 100644 --- a/include/grpc++/client_context.h +++ b/include/grpc++/client_context.h @@ -42,7 +42,7 @@ #include <grpc/grpc.h> #include <grpc/support/log.h> #include <grpc/support/time.h> -#include <grpc++/support/auth_context.h> +#include <grpc++/security/auth_context.h> #include <grpc++/support/config.h> #include <grpc++/support/status.h> #include <grpc++/support/string_ref.h> diff --git a/include/grpc++/create_channel.h b/include/grpc++/create_channel.h index 916f3b0b97..72f05174e1 100644 --- a/include/grpc++/create_channel.h +++ b/include/grpc++/create_channel.h @@ -36,7 +36,7 @@ #include <memory> -#include <grpc++/credentials.h> +#include <grpc++/security/credentials.h> #include <grpc++/support/channel_arguments.h> #include <grpc++/support/config.h> diff --git a/include/grpc++/support/auth_context.h b/include/grpc++/security/auth_context.h index 67e3e66c05..fc2701e806 100644 --- a/include/grpc++/support/auth_context.h +++ b/include/grpc++/security/auth_context.h @@ -77,6 +77,9 @@ class AuthContext { public: virtual ~AuthContext() {} + // Returns true if the peer is authenticated. + virtual bool IsPeerAuthenticated() const = 0; + // A peer identity, in general is one or more properties (in which case they // have the same name). virtual std::vector<grpc::string_ref> GetPeerIdentity() const = 0; @@ -89,6 +92,11 @@ class AuthContext { // Iteration over all the properties. virtual AuthPropertyIterator begin() const = 0; virtual AuthPropertyIterator end() const = 0; + + // Mutation functions: should only be used by an AuthMetadataProcessor. + virtual void AddProperty(const grpc::string& key, + const grpc::string_ref& value) = 0; + virtual bool SetPeerIdentityPropertyName(const grpc::string& name) = 0; }; } // namespace grpc diff --git a/include/grpc++/security/auth_metadata_processor.h b/include/grpc++/security/auth_metadata_processor.h new file mode 100644 index 0000000000..18ad922321 --- /dev/null +++ b/include/grpc++/security/auth_metadata_processor.h @@ -0,0 +1,74 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef GRPCXX_AUTH_METADATA_PROCESSOR_H_ +#define GRPCXX_AUTH_METADATA_PROCESSOR_H_ + +#include <map> + +#include <grpc++/security/auth_context.h> +#include <grpc++/support/status.h> +#include <grpc++/support/string_ref.h> + +namespace grpc { + +class AuthMetadataProcessor { + public: + typedef std::multimap<grpc::string_ref, grpc::string_ref> InputMetadata; + typedef std::multimap<grpc::string, grpc::string_ref> OutputMetadata; + + virtual ~AuthMetadataProcessor() {} + + // If this method returns true, the Process function will be scheduled in + // a different thread from the one processing the call. + virtual bool IsBlocking() const { return true; } + + // context is read/write: it contains the properties of the channel peer and + // it is the job of the Process method to augment it with properties derived + // from the passed-in auth_metadata. + // consumed_auth_metadata needs to be filled with metadata that has been + // consumed by the processor and will be removed from the call. + // response_metadata is the metadata that will be sent as part of the + // response. + // If the return value is not Status::OK, the rpc call will be aborted with + // the error code and error message sent back to the client. + virtual Status Process(const InputMetadata& auth_metadata, + AuthContext* context, + OutputMetadata* consumed_auth_metadata, + OutputMetadata* response_metadata) = 0; +}; + +} // namespace grpc + +#endif // GRPCXX_AUTH_METADATA_PROCESSOR_H_ + diff --git a/include/grpc++/credentials.h b/include/grpc++/security/credentials.h index ce5a9e0606..ce5a9e0606 100644 --- a/include/grpc++/credentials.h +++ b/include/grpc++/security/credentials.h diff --git a/include/grpc++/server_credentials.h b/include/grpc++/security/server_credentials.h index 16b78c08af..2094c7403c 100644 --- a/include/grpc++/server_credentials.h +++ b/include/grpc++/security/server_credentials.h @@ -37,6 +37,7 @@ #include <memory> #include <vector> +#include <grpc++/security/auth_metadata_processor.h> #include <grpc++/support/config.h> struct grpc_server; @@ -49,6 +50,11 @@ class ServerCredentials { public: virtual ~ServerCredentials(); + // This method is not thread-safe and has to be called before the server is + // started. The last call to this function wins. + virtual void SetAuthMetadataProcessor( + const std::shared_ptr<AuthMetadataProcessor>& processor) = 0; + private: friend class ::grpc::Server; diff --git a/include/grpc++/server.h b/include/grpc++/server.h index c8979e433c..22d14ee652 100644 --- a/include/grpc++/server.h +++ b/include/grpc++/server.h @@ -41,6 +41,7 @@ #include <grpc++/impl/call.h> #include <grpc++/impl/grpc_library.h> #include <grpc++/impl/sync.h> +#include <grpc++/security/server_credentials.h> #include <grpc++/support/config.h> #include <grpc++/support/status.h> @@ -54,7 +55,6 @@ class AsyncGenericService; class RpcService; class RpcServiceMethod; class ServerAsyncStreamingInterface; -class ServerCredentials; class ThreadPoolInterface; // Currently it only supports handling rpcs in a single thread. diff --git a/include/grpc++/server_context.h b/include/grpc++/server_context.h index 4b17a28047..85f384d477 100644 --- a/include/grpc++/server_context.h +++ b/include/grpc++/server_context.h @@ -39,7 +39,7 @@ #include <grpc/compression.h> #include <grpc/support/time.h> -#include <grpc++/support/auth_context.h> +#include <grpc++/security/auth_context.h> #include <grpc++/support/config.h> #include <grpc++/support/string_ref.h> #include <grpc++/support/time.h> diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index a5981937f1..34f7eab12e 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -301,10 +301,12 @@ typedef void (*grpc_process_auth_metadata_done_cb)( typedef struct { /* The context object is read/write: it contains the properties of the channel peer and it is the job of the process function to augment it with - properties derived from the passed-in metadata. */ + properties derived from the passed-in metadata. + The lifetime of these objects is guaranteed until cb is invoked. */ void (*process)(void *state, grpc_auth_context *context, - const grpc_metadata *md, size_t md_count, + const grpc_metadata *md, size_t num_md, grpc_process_auth_metadata_done_cb cb, void *user_data); + void (*destroy)(void *state); void *state; } grpc_auth_metadata_processor; |