| /* |
| * |
| * Copyright 2015, Google Inc. |
| * All rights reserved. |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions are |
| * met: |
| * |
| * * Redistributions of source code must retain the above copyright |
| * notice, this list of conditions and the following disclaimer. |
| * * Redistributions in binary form must reproduce the above |
| * copyright notice, this list of conditions and the following disclaimer |
| * in the documentation and/or other materials provided with the |
| * distribution. |
| * * Neither the name of Google Inc. nor the names of its |
| * contributors may be used to endorse or promote products derived from |
| * this software without specific prior written permission. |
| * |
| * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| * |
| */ |
| |
| #include <string.h> |
| |
| #include "src/core/security/security_context.h" |
| #include "src/core/surface/call.h" |
| #include "src/core/support/string.h" |
| |
| #include <grpc/grpc_security.h> |
| #include <grpc/support/alloc.h> |
| #include <grpc/support/log.h> |
| #include <grpc/support/string_util.h> |
| |
| /* --- grpc_call --- */ |
| |
| grpc_call_error grpc_call_set_credentials(grpc_call *call, |
| grpc_credentials *creds) { |
| grpc_client_security_context *ctx = NULL; |
| if (!grpc_call_is_client(call)) { |
| gpr_log(GPR_ERROR, "Method is client-side only."); |
| return GRPC_CALL_ERROR_NOT_ON_SERVER; |
| } |
| if (creds != NULL && !grpc_credentials_has_request_metadata_only(creds)) { |
| gpr_log(GPR_ERROR, "Incompatible credentials to set on a call."); |
| return GRPC_CALL_ERROR; |
| } |
| ctx = (grpc_client_security_context *)grpc_call_context_get( |
| call, GRPC_CONTEXT_SECURITY); |
| if (ctx == NULL) { |
| ctx = grpc_client_security_context_create(); |
| ctx->creds = grpc_credentials_ref(creds); |
| grpc_call_context_set(call, GRPC_CONTEXT_SECURITY, ctx, |
| grpc_client_security_context_destroy); |
| } else { |
| grpc_credentials_unref(ctx->creds); |
| ctx->creds = grpc_credentials_ref(creds); |
| } |
| return GRPC_CALL_OK; |
| } |
| |
| grpc_auth_context *grpc_call_auth_context(grpc_call *call) { |
| void *sec_ctx = grpc_call_context_get(call, GRPC_CONTEXT_SECURITY); |
| if (sec_ctx == NULL) return NULL; |
| return grpc_call_is_client(call) |
| ? GRPC_AUTH_CONTEXT_REF( |
| ((grpc_client_security_context *)sec_ctx)->auth_context, |
| "grpc_call_auth_context client") |
| : GRPC_AUTH_CONTEXT_REF( |
| ((grpc_server_security_context *)sec_ctx)->auth_context, |
| "grpc_call_auth_context server"); |
| } |
| |
| void grpc_auth_context_release(grpc_auth_context *context) { |
| GRPC_AUTH_CONTEXT_UNREF(context, "grpc_auth_context_unref"); |
| } |
| |
| /* --- grpc_client_security_context --- */ |
| |
| grpc_client_security_context *grpc_client_security_context_create(void) { |
| grpc_client_security_context *ctx = |
| gpr_malloc(sizeof(grpc_client_security_context)); |
| memset(ctx, 0, sizeof(grpc_client_security_context)); |
| return ctx; |
| } |
| |
| void grpc_client_security_context_destroy(void *ctx) { |
| grpc_client_security_context *c = (grpc_client_security_context *)ctx; |
| grpc_credentials_unref(c->creds); |
| GRPC_AUTH_CONTEXT_UNREF(c->auth_context, "client_security_context"); |
| gpr_free(ctx); |
| } |
| |
| /* --- grpc_server_security_context --- */ |
| |
| grpc_server_security_context *grpc_server_security_context_create(void) { |
| grpc_server_security_context *ctx = |
| gpr_malloc(sizeof(grpc_server_security_context)); |
| memset(ctx, 0, sizeof(grpc_server_security_context)); |
| return ctx; |
| } |
| |
| void grpc_server_security_context_destroy(void *ctx) { |
| grpc_server_security_context *c = (grpc_server_security_context *)ctx; |
| GRPC_AUTH_CONTEXT_UNREF(c->auth_context, "server_security_context"); |
| gpr_free(ctx); |
| } |
| |
| /* --- grpc_auth_context --- */ |
| |
| static grpc_auth_property_iterator empty_iterator = {NULL, 0, NULL}; |
| |
| grpc_auth_context *grpc_auth_context_create(grpc_auth_context *chained, |
| size_t property_count) { |
| grpc_auth_context *ctx = gpr_malloc(sizeof(grpc_auth_context)); |
| memset(ctx, 0, sizeof(grpc_auth_context)); |
| ctx->properties = gpr_malloc(property_count * sizeof(grpc_auth_property)); |
| memset(ctx->properties, 0, property_count * sizeof(grpc_auth_property)); |
| ctx->property_count = property_count; |
| gpr_ref_init(&ctx->refcount, 1); |
| if (chained != NULL) ctx->chained = GRPC_AUTH_CONTEXT_REF(chained, "chained"); |
| return ctx; |
| } |
| |
| #ifdef GRPC_AUTH_CONTEXT_REFCOUNT_DEBUG |
| grpc_auth_context *grpc_auth_context_ref(grpc_auth_context *ctx, |
| const char *file, int line, |
| const char *reason) { |
| if (ctx == NULL) return NULL; |
| gpr_log(file, line, GPR_LOG_SEVERITY_DEBUG, |
| "AUTH_CONTEXT:%p ref %d -> %d %s", ctx, (int)ctx->refcount.count, |
| (int)ctx->refcount.count + 1, reason); |
| #else |
| grpc_auth_context *grpc_auth_context_ref(grpc_auth_context *ctx) { |
| if (ctx == NULL) return NULL; |
| #endif |
| gpr_ref(&ctx->refcount); |
| return ctx; |
| } |
| |
| #ifdef GRPC_AUTH_CONTEXT_REFCOUNT_DEBUG |
| void grpc_auth_context_unref(grpc_auth_context *ctx, const char *file, int line, |
| const char *reason) { |
| if (ctx == NULL) return; |
| gpr_log(file, line, GPR_LOG_SEVERITY_DEBUG, |
| "AUTH_CONTEXT:%p unref %d -> %d %s", ctx, (int)ctx->refcount.count, |
| (int)ctx->refcount.count - 1, reason); |
| #else |
| void grpc_auth_context_unref(grpc_auth_context *ctx) { |
| if (ctx == NULL) return; |
| #endif |
| if (gpr_unref(&ctx->refcount)) { |
| size_t i; |
| GRPC_AUTH_CONTEXT_UNREF(ctx->chained, "chained"); |
| if (ctx->properties != NULL) { |
| for (i = 0; i < ctx->property_count; i++) { |
| grpc_auth_property_reset(&ctx->properties[i]); |
| } |
| gpr_free(ctx->properties); |
| } |
| gpr_free(ctx); |
| } |
| } |
| |
| const char *grpc_auth_context_peer_identity_property_name( |
| const grpc_auth_context *ctx) { |
| return ctx->peer_identity_property_name; |
| } |
| |
| int grpc_auth_context_peer_is_authenticated( |
| const grpc_auth_context *ctx) { |
| return ctx->peer_identity_property_name == NULL ? 0 : 1; |
| } |
| |
| grpc_auth_property_iterator grpc_auth_context_property_iterator( |
| const grpc_auth_context *ctx) { |
| grpc_auth_property_iterator it = empty_iterator; |
| if (ctx == NULL) return it; |
| it.ctx = ctx; |
| return it; |
| } |
| |
| const grpc_auth_property *grpc_auth_property_iterator_next( |
| grpc_auth_property_iterator *it) { |
| if (it == NULL || it->ctx == NULL) return NULL; |
| while (it->index == it->ctx->property_count) { |
| if (it->ctx->chained == NULL) return NULL; |
| it->ctx = it->ctx->chained; |
| it->index = 0; |
| } |
| if (it->name == NULL) { |
| return &it->ctx->properties[it->index++]; |
| } else { |
| while (it->index < it->ctx->property_count) { |
| const grpc_auth_property *prop = &it->ctx->properties[it->index++]; |
| GPR_ASSERT(prop->name != NULL); |
| if (strcmp(it->name, prop->name) == 0) { |
| return prop; |
| } |
| } |
| /* We could not find the name, try another round. */ |
| return grpc_auth_property_iterator_next(it); |
| } |
| } |
| |
| grpc_auth_property_iterator grpc_auth_context_find_properties_by_name( |
| const grpc_auth_context *ctx, const char *name) { |
| grpc_auth_property_iterator it = empty_iterator; |
| if (ctx == NULL || name == NULL) return empty_iterator; |
| it.ctx = ctx; |
| it.name = name; |
| return it; |
| } |
| |
| grpc_auth_property_iterator grpc_auth_context_peer_identity( |
| const grpc_auth_context *ctx) { |
| if (ctx == NULL) return empty_iterator; |
| return grpc_auth_context_find_properties_by_name( |
| ctx, ctx->peer_identity_property_name); |
| } |
| |
| grpc_auth_property grpc_auth_property_init_from_cstring(const char *name, |
| const char *value) { |
| grpc_auth_property prop; |
| prop.name = gpr_strdup(name); |
| prop.value = gpr_strdup(value); |
| prop.value_length = strlen(value); |
| return prop; |
| } |
| |
| grpc_auth_property grpc_auth_property_init(const char *name, const char *value, |
| size_t value_length) { |
| grpc_auth_property prop; |
| prop.name = gpr_strdup(name); |
| prop.value = gpr_malloc(value_length + 1); |
| memcpy(prop.value, value, value_length); |
| prop.value[value_length] = '\0'; |
| prop.value_length = value_length; |
| return prop; |
| } |
| |
| void grpc_auth_property_reset(grpc_auth_property *property) { |
| gpr_free(property->name); |
| gpr_free(property->value); |
| memset(property, 0, sizeof(grpc_auth_property)); |
| } |
| |