Line data Source code
1 : /*
2 : *
3 : * Copyright 2015, Google Inc.
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions are
8 : * met:
9 : *
10 : * * Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : * * Redistributions in binary form must reproduce the above
13 : * copyright notice, this list of conditions and the following disclaimer
14 : * in the documentation and/or other materials provided with the
15 : * distribution.
16 : * * Neither the name of Google Inc. nor the names of its
17 : * contributors may be used to endorse or promote products derived from
18 : * this software without specific prior written permission.
19 : *
20 : * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 : * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 : * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23 : * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 : * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 : * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 : * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 : * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 : * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 : * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 : * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 : *
32 : */
33 :
34 : #include <string.h>
35 :
36 : #include "src/core/security/security_context.h"
37 : #include "src/core/surface/api_trace.h"
38 : #include "src/core/surface/call.h"
39 : #include "src/core/support/string.h"
40 :
41 : #include <grpc/grpc_security.h>
42 : #include <grpc/support/alloc.h>
43 : #include <grpc/support/log.h>
44 : #include <grpc/support/string_util.h>
45 :
46 : /* --- grpc_call --- */
47 :
48 40 : grpc_call_error grpc_call_set_credentials(grpc_call *call,
49 : grpc_call_credentials *creds) {
50 35 : grpc_client_security_context *ctx = NULL;
51 40 : GRPC_API_TRACE("grpc_call_set_credentials(call=%p, creds=%p)", 2,
52 : (call, creds));
53 40 : if (!grpc_call_is_client(call)) {
54 9 : gpr_log(GPR_ERROR, "Method is client-side only.");
55 9 : return GRPC_CALL_ERROR_NOT_ON_SERVER;
56 : }
57 31 : ctx = (grpc_client_security_context *)grpc_call_context_get(
58 : call, GRPC_CONTEXT_SECURITY);
59 31 : if (ctx == NULL) {
60 25 : ctx = grpc_client_security_context_create();
61 25 : ctx->creds = grpc_call_credentials_ref(creds);
62 25 : grpc_call_context_set(call, GRPC_CONTEXT_SECURITY, ctx,
63 : grpc_client_security_context_destroy);
64 : } else {
65 6 : grpc_call_credentials_unref(ctx->creds);
66 6 : ctx->creds = grpc_call_credentials_ref(creds);
67 : }
68 26 : return GRPC_CALL_OK;
69 : }
70 :
71 1646409 : grpc_auth_context *grpc_call_auth_context(grpc_call *call) {
72 1646409 : void *sec_ctx = grpc_call_context_get(call, GRPC_CONTEXT_SECURITY);
73 1646746 : GRPC_API_TRACE("grpc_call_auth_context(call=%p)", 1, (call));
74 1646748 : if (sec_ctx == NULL) return NULL;
75 94842 : return grpc_call_is_client(call)
76 10 : ? GRPC_AUTH_CONTEXT_REF(
77 : ((grpc_client_security_context *)sec_ctx)->auth_context,
78 : "grpc_call_auth_context client")
79 47431 : : GRPC_AUTH_CONTEXT_REF(
80 : ((grpc_server_security_context *)sec_ctx)->auth_context,
81 : "grpc_call_auth_context server");
82 : }
83 :
84 1646391 : void grpc_auth_context_release(grpc_auth_context *context) {
85 1646391 : GRPC_API_TRACE("grpc_auth_context_release(context=%p)", 1, (context));
86 1646391 : GRPC_AUTH_CONTEXT_UNREF(context, "grpc_auth_context_unref");
87 1646650 : }
88 :
89 : /* --- grpc_client_security_context --- */
90 :
91 152302 : grpc_client_security_context *grpc_client_security_context_create(void) {
92 152302 : grpc_client_security_context *ctx =
93 : gpr_malloc(sizeof(grpc_client_security_context));
94 152302 : memset(ctx, 0, sizeof(grpc_client_security_context));
95 152302 : return ctx;
96 : }
97 :
98 152278 : void grpc_client_security_context_destroy(void *ctx) {
99 152276 : grpc_client_security_context *c = (grpc_client_security_context *)ctx;
100 152278 : grpc_call_credentials_unref(c->creds);
101 152278 : GRPC_AUTH_CONTEXT_UNREF(c->auth_context, "client_security_context");
102 152278 : gpr_free(ctx);
103 152278 : }
104 :
105 : /* --- grpc_server_security_context --- */
106 :
107 152299 : grpc_server_security_context *grpc_server_security_context_create(void) {
108 152299 : grpc_server_security_context *ctx =
109 : gpr_malloc(sizeof(grpc_server_security_context));
110 152299 : memset(ctx, 0, sizeof(grpc_server_security_context));
111 152299 : return ctx;
112 : }
113 :
114 152284 : void grpc_server_security_context_destroy(void *ctx) {
115 152273 : grpc_server_security_context *c = (grpc_server_security_context *)ctx;
116 152284 : GRPC_AUTH_CONTEXT_UNREF(c->auth_context, "server_security_context");
117 152284 : gpr_free(ctx);
118 152284 : }
119 :
120 : /* --- grpc_auth_context --- */
121 :
122 : static grpc_auth_property_iterator empty_iterator = {NULL, 0, NULL};
123 :
124 153487 : grpc_auth_context *grpc_auth_context_create(grpc_auth_context *chained) {
125 153487 : grpc_auth_context *ctx = gpr_malloc(sizeof(grpc_auth_context));
126 153487 : memset(ctx, 0, sizeof(grpc_auth_context));
127 153487 : gpr_ref_init(&ctx->refcount, 1);
128 153487 : if (chained != NULL) {
129 152300 : ctx->chained = GRPC_AUTH_CONTEXT_REF(chained, "chained");
130 152300 : ctx->peer_identity_property_name =
131 152300 : ctx->chained->peer_identity_property_name;
132 : }
133 153487 : return ctx;
134 : }
135 :
136 : #ifdef GRPC_AUTH_CONTEXT_REFCOUNT_DEBUG
137 : grpc_auth_context *grpc_auth_context_ref(grpc_auth_context *ctx,
138 : const char *file, int line,
139 : const char *reason) {
140 : if (ctx == NULL) return NULL;
141 : gpr_log(file, line, GPR_LOG_SEVERITY_DEBUG,
142 : "AUTH_CONTEXT:%p ref %d -> %d %s", ctx, (int)ctx->refcount.count,
143 : (int)ctx->refcount.count + 1, reason);
144 : #else
145 379378 : grpc_auth_context *grpc_auth_context_ref(grpc_auth_context *ctx) {
146 379378 : if (ctx == NULL) return NULL;
147 : #endif
148 379378 : gpr_ref(&ctx->refcount);
149 379378 : return ctx;
150 : }
151 :
152 : #ifdef GRPC_AUTH_CONTEXT_REFCOUNT_DEBUG
153 : void grpc_auth_context_unref(grpc_auth_context *ctx, const char *file, int line,
154 : const char *reason) {
155 : if (ctx == NULL) return;
156 : gpr_log(file, line, GPR_LOG_SEVERITY_DEBUG,
157 : "AUTH_CONTEXT:%p unref %d -> %d %s", ctx, (int)ctx->refcount.count,
158 : (int)ctx->refcount.count - 1, reason);
159 : #else
160 2464267 : void grpc_auth_context_unref(grpc_auth_context *ctx) {
161 4928534 : if (ctx == NULL) return;
162 : #endif
163 532779 : if (gpr_unref(&ctx->refcount)) {
164 : size_t i;
165 153440 : GRPC_AUTH_CONTEXT_UNREF(ctx->chained, "chained");
166 153440 : if (ctx->properties.array != NULL) {
167 56462 : for (i = 0; i < ctx->properties.count; i++) {
168 29165 : grpc_auth_property_reset(&ctx->properties.array[i]);
169 : }
170 27305 : gpr_free(ctx->properties.array);
171 : }
172 153440 : gpr_free(ctx);
173 : }
174 : }
175 :
176 7 : const char *grpc_auth_context_peer_identity_property_name(
177 : const grpc_auth_context *ctx) {
178 7 : GRPC_API_TRACE("grpc_auth_context_peer_identity_property_name(ctx=%p)", 1,
179 : (ctx));
180 7 : return ctx->peer_identity_property_name;
181 : }
182 :
183 26640 : int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx,
184 : const char *name) {
185 26640 : grpc_auth_property_iterator it =
186 : grpc_auth_context_find_properties_by_name(ctx, name);
187 26640 : const grpc_auth_property *prop = grpc_auth_property_iterator_next(&it);
188 26640 : GRPC_API_TRACE(
189 : "grpc_auth_context_set_peer_identity_property_name(ctx=%p, name=%s)", 2,
190 : (ctx, name));
191 26640 : if (prop == NULL) {
192 1 : gpr_log(GPR_ERROR, "Property name %s not found in auth context.",
193 : name != NULL ? name : "NULL");
194 1 : return 0;
195 : }
196 26639 : ctx->peer_identity_property_name = prop->name;
197 26639 : return 1;
198 : }
199 :
200 36 : int grpc_auth_context_peer_is_authenticated(const grpc_auth_context *ctx) {
201 36 : GRPC_API_TRACE("grpc_auth_context_peer_is_authenticated(ctx=%p)", 1, (ctx));
202 36 : return ctx->peer_identity_property_name == NULL ? 0 : 1;
203 : }
204 :
205 23 : grpc_auth_property_iterator grpc_auth_context_property_iterator(
206 : const grpc_auth_context *ctx) {
207 23 : grpc_auth_property_iterator it = empty_iterator;
208 23 : GRPC_API_TRACE("grpc_auth_context_property_iterator(ctx=%p)", 1, (ctx));
209 23 : if (ctx == NULL) return it;
210 23 : it.ctx = ctx;
211 23 : return it;
212 : }
213 :
214 26845 : const grpc_auth_property *grpc_auth_property_iterator_next(
215 : grpc_auth_property_iterator *it) {
216 26845 : GRPC_API_TRACE("grpc_auth_property_iterator_next(it=%p)", 1, (it));
217 26845 : if (it == NULL || it->ctx == NULL) return NULL;
218 53662 : while (it->index == it->ctx->properties.count) {
219 73 : if (it->ctx->chained == NULL) return NULL;
220 17 : it->ctx = it->ctx->chained;
221 17 : it->index = 0;
222 : }
223 26775 : if (it->name == NULL) {
224 56 : return &it->ctx->properties.array[it->index++];
225 : } else {
226 54454 : while (it->index < it->ctx->properties.count) {
227 27736 : const grpc_auth_property *prop = &it->ctx->properties.array[it->index++];
228 27736 : GPR_ASSERT(prop->name != NULL);
229 27736 : if (strcmp(it->name, prop->name) == 0) {
230 26703 : return prop;
231 : }
232 : }
233 : /* We could not find the name, try another round. */
234 16 : return grpc_auth_property_iterator_next(it);
235 : }
236 : }
237 :
238 26690 : grpc_auth_property_iterator grpc_auth_context_find_properties_by_name(
239 : const grpc_auth_context *ctx, const char *name) {
240 26690 : grpc_auth_property_iterator it = empty_iterator;
241 26690 : GRPC_API_TRACE("grpc_auth_context_find_properties_by_name(ctx=%p, name=%s)",
242 : 2, (ctx, name));
243 26690 : if (ctx == NULL || name == NULL) return empty_iterator;
244 26659 : it.ctx = ctx;
245 26659 : it.name = name;
246 26676 : return it;
247 : }
248 :
249 33 : grpc_auth_property_iterator grpc_auth_context_peer_identity(
250 : const grpc_auth_context *ctx) {
251 33 : GRPC_API_TRACE("grpc_auth_context_peer_identity(ctx=%p)", 1, (ctx));
252 33 : if (ctx == NULL) return empty_iterator;
253 33 : return grpc_auth_context_find_properties_by_name(
254 : ctx, ctx->peer_identity_property_name);
255 : }
256 :
257 29277 : static void ensure_auth_context_capacity(grpc_auth_context *ctx) {
258 29277 : if (ctx->properties.count == ctx->properties.capacity) {
259 27337 : ctx->properties.capacity =
260 27337 : GPR_MAX(ctx->properties.capacity + 8, ctx->properties.capacity * 2);
261 27337 : ctx->properties.array =
262 27337 : gpr_realloc(ctx->properties.array,
263 27303 : ctx->properties.capacity * sizeof(grpc_auth_property));
264 : }
265 29277 : }
266 :
267 1935 : void grpc_auth_context_add_property(grpc_auth_context *ctx, const char *name,
268 : const char *value, size_t value_length) {
269 : grpc_auth_property *prop;
270 1935 : GRPC_API_TRACE(
271 : "grpc_auth_context_add_property(ctx=%p, name=%s, value=%*.*s, "
272 : "value_length=%lu)",
273 : 6, (ctx, name, (int)value_length, (int)value_length, value,
274 : (unsigned long)value_length));
275 1935 : ensure_auth_context_capacity(ctx);
276 1935 : prop = &ctx->properties.array[ctx->properties.count++];
277 1935 : prop->name = gpr_strdup(name);
278 1935 : prop->value = gpr_malloc(value_length + 1);
279 1935 : memcpy(prop->value, value, value_length);
280 1935 : prop->value[value_length] = '\0';
281 1935 : prop->value_length = value_length;
282 1935 : }
283 :
284 27342 : void grpc_auth_context_add_cstring_property(grpc_auth_context *ctx,
285 : const char *name,
286 : const char *value) {
287 : grpc_auth_property *prop;
288 27342 : GRPC_API_TRACE(
289 : "grpc_auth_context_add_cstring_property(ctx=%p, name=%s, value=%s)", 3,
290 : (ctx, name, value));
291 27342 : ensure_auth_context_capacity(ctx);
292 27342 : prop = &ctx->properties.array[ctx->properties.count++];
293 27342 : prop->name = gpr_strdup(name);
294 27342 : prop->value = gpr_strdup(value);
295 27342 : prop->value_length = strlen(value);
296 27342 : }
297 :
298 29165 : void grpc_auth_property_reset(grpc_auth_property *property) {
299 29165 : gpr_free(property->name);
300 29165 : gpr_free(property->value);
301 29165 : memset(property, 0, sizeof(grpc_auth_property));
302 29165 : }
303 :
304 590 : static void auth_context_pointer_arg_destroy(void *p) {
305 590 : GRPC_AUTH_CONTEXT_UNREF(p, "auth_context_pointer_arg");
306 590 : }
307 :
308 590 : static void *auth_context_pointer_arg_copy(void *p) {
309 590 : return GRPC_AUTH_CONTEXT_REF(p, "auth_context_pointer_arg");
310 : }
311 :
312 590 : grpc_arg grpc_auth_context_to_arg(grpc_auth_context *p) {
313 : grpc_arg arg;
314 590 : memset(&arg, 0, sizeof(grpc_arg));
315 590 : arg.type = GRPC_ARG_POINTER;
316 590 : arg.key = GRPC_AUTH_CONTEXT_ARG;
317 590 : arg.value.pointer.p = p;
318 590 : arg.value.pointer.copy = auth_context_pointer_arg_copy;
319 590 : arg.value.pointer.destroy = auth_context_pointer_arg_destroy;
320 590 : return arg;
321 : }
322 :
323 1424 : grpc_auth_context *grpc_auth_context_from_arg(const grpc_arg *arg) {
324 1424 : if (strcmp(arg->key, GRPC_AUTH_CONTEXT_ARG) != 0) return NULL;
325 590 : if (arg->type != GRPC_ARG_POINTER) {
326 0 : gpr_log(GPR_ERROR, "Invalid type %d for arg %s", arg->type,
327 : GRPC_AUTH_CONTEXT_ARG);
328 0 : return NULL;
329 : }
330 590 : return arg->value.pointer.p;
331 : }
332 :
333 590 : grpc_auth_context *grpc_find_auth_context_in_args(
334 : const grpc_channel_args *args) {
335 : size_t i;
336 590 : if (args == NULL) return NULL;
337 1407 : for (i = 0; i < args->num_args; i++) {
338 1424 : grpc_auth_context *p = grpc_auth_context_from_arg(&args->args[i]);
339 1424 : if (p != NULL) return p;
340 : }
341 0 : return NULL;
342 : }
|
