diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/grpc/grpc_security.h | 45 |
1 files changed, 43 insertions, 2 deletions
diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index ff84050c6d..640c1fda98 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -199,8 +199,6 @@ grpc_call_error grpc_call_set_credentials(grpc_call *call, /* --- Authentication Context. --- */ -/* TODO(jboeuf): Define some well-known property names. */ - #define GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME "transport_security_type" #define GRPC_SSL_TRANSPORT_SECURITY_TYPE "ssl" @@ -255,6 +253,49 @@ grpc_auth_context *grpc_call_auth_context(grpc_call *call); /* Releases the auth context returned from grpc_call_auth_context. */ void grpc_auth_context_release(grpc_auth_context *context); +/* -- + The following auth context methods should only be called by a server metadata + processor to set properties extracted from auth metadata. + -- */ + +/* Add a property. */ +void grpc_auth_context_add_property(grpc_auth_context *ctx, const char *name, + const char *value, size_t value_length); + +/* Add a C string property. */ +void grpc_auth_context_add_cstring_property(grpc_auth_context *ctx, + const char *name, + const char *value); + +/* Sets the property name. Returns 1 if successful or 0 in case of failure + (which means that no property with this name exists). */ +int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx, + const char *name); + +/* --- Auth Metadata Processing --- */ + +/* Callback function that is called when the metadata processing is done. + success is 1 if processing succeeded, 0 otherwise. + Consumed metadata will be removed from the set of metadata available on the + call. */ +typedef void (*grpc_process_auth_metadata_done_cb)( + void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md, + int success); + +/* Pluggable server-side metadata processor object. */ +typedef struct { + /* The context object is read/write: it contains the properties of the + channel peer and it is the job of the process function to augment it with + properties derived from the passed-in metadata. */ + void (*process)(void *state, grpc_auth_context *context, + const grpc_metadata *md, size_t md_count, + grpc_process_auth_metadata_done_cb cb, void *user_data); + void *state; +} grpc_auth_metadata_processor; + +void grpc_server_credentials_set_auth_metadata_processor( + grpc_server_credentials *creds, grpc_auth_metadata_processor processor); + #ifdef __cplusplus } #endif |