packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
iSulad/src/connect/service/grpc/grpc_server_tls_auth.cc
overweight 665cb60dbd Package init
2019-09-30 10:53:41 -04:00

61 lines
2.4 KiB
C++
Raw Blame History

/******************************************************************************
* Copyright (c) Huawei Technologies Co., Ltd. 2019-2019. All rights reserved.
* iSulad licensed under the Mulan PSL v1.
* You can use this software according to the terms and conditions of the Mulan PSL v1.
* You may obtain a copy of Mulan PSL v1 at:
* http://license.coscl.org.cn/MulanPSL
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v1 for more details.
* Author: zhangsong
* Create: 2019-04-26
* Description: provide grpc tls request authorization
******************************************************************************/
#include "grpc_server_tls_auth.h"
#include <map>
#include <stdlib.h>
#include "http.h"
namespace AuthorizationPluginConfig {
std::string auth_plugin = "";
};
namespace GrpcServerTlsAuth {
Status auth(ServerContext *context, std::string action)
{
const std::multimap<grpc::string_ref, grpc::string_ref> init_metadata = context->client_metadata();
auto tls_mode_kv = init_metadata.find("tls_mode");
if (tls_mode_kv == init_metadata.end()) {
return Status(StatusCode::UNKNOWN, "unkown error");
}
std::string tls_mode = std::string(tls_mode_kv->second.data(), tls_mode_kv->second.length());
if (tls_mode == "0") {
return Status::OK;
}
if (AuthorizationPluginConfig::auth_plugin.empty()) {
return Status::OK;
} else if (AuthorizationPluginConfig::auth_plugin == "authz-broker") {
auto username_kv = init_metadata.find("username");
if (username_kv == init_metadata.end()) {
return Status(StatusCode::UNKNOWN, "unkown error");
}
std::string username = std::string(username_kv->second.data(), username_kv->second.length());
char *errmsg = nullptr;
if (authz_http_request(username.c_str(), action.c_str(), &errmsg)) {
std::string err = errmsg;
free(errmsg);
return Status(StatusCode::PERMISSION_DENIED, err);
} else {
if (errmsg != nullptr) {
free(errmsg);
}
}
} else {
return Status(StatusCode::UNIMPLEMENTED, "authorization plugin invalid");
}
return Status::OK;
}
} // namespace GrpcServerTlsAuth
Reference in New Issue View Git Blame Copy Permalink