Google Git
Sign in
vanadium / release.go.x.ref / 0c73fbf1192a5c3a4099b6a5eeb924b145f20e08^! / . / runtimes / google / ipc / server.go
commit0c73fbf1192a5c3a4099b6a5eeb924b145f20e08[log] [tgz]
authorAsim Shankar <ashankar@google.com>Fri Oct 31 15:34:02 2014 -0700
committerAsim Shankar <ashankar@google.com>Fri Oct 31 15:34:02 2014 -0700
tree90eb5cd5df6e85510c705b46fec3cb479ecb2383
parentc67e554c139e2fd47304b9e545974af7e658f4da [diff] [blame]
veyron/runtimes/google/ipc: Explicitly implement default authorization.

The default authorization can be expressed in terms of ACLs, however
some folks had expressed the desire to explicitly pull out the default
policy so that:
(a) It can be more succinctly expressed
    (the language used in documentation is clearly visible in a 5 line
    code snippet)
(b) Error messages are more meaningful (does wonders in the tutorial).
    This comes at the cost of the server revealing the authorization
    policy it is using, but that seems okay.

Furthermore, there seems to be growing dissent when it comes to
using Labels in ACLs, so decoupling the default policy from ACLs
seems like the right thing to do.

Change-Id: Idec4fa9d6d9ce932bd61f8c718b67c294135f7b1

diff --git a/runtimes/google/ipc/server.go b/runtimes/google/ipc/server.go
index 002a233..08fb74a 100644
--- a/runtimes/google/ipc/server.go
+++ b/runtimes/google/ipc/server.go

@@ -28,7 +28,6 @@
 	"veyron.io/veyron/veyron/runtimes/google/lib/publisher"
 	inaming "veyron.io/veyron/veyron/runtimes/google/naming"
 	ivtrace "veyron.io/veyron/veyron/runtimes/google/vtrace"
-	vsecurity "veyron.io/veyron/veyron/security"
 	"veyron.io/veyron/veyron/services/mgmt/debug"
 )
 
@@ -688,15 +687,6 @@
 	return v
 }
 
-func defaultAuthorizer(ctx security.Context) security.Authorizer {
-	blessings := ctx.LocalBlessings().ForContext(ctx)
-	acl := security.ACL{In: make(map[security.BlessingPattern]security.LabelSet)}
-	for _, b := range blessings {
-		acl.In[security.BlessingPattern(b).MakeGlob()] = security.AllLabels
-	}
-	return vsecurity.NewACLAuthorizer(acl)
-}
-
 func (fs *flowServer) serve() error {
 	defer fs.flow.Close()
 
@@ -984,11 +974,11 @@
 
 func (fs *flowServer) authorize(auth security.Authorizer) verror.E {
 	if auth == nil {
-		auth = defaultAuthorizer(fs)
+		auth = defaultAuthorizer{}
 	}
 	if err := auth.Authorize(fs); err != nil {
 		// TODO(ataly, ashankar): For privacy reasons, should we hide the authorizer error?
-		return verror.NoAccessf("ipc: %v not authorized to call %q.%q (%v)", fs.RemoteBlessings(), fs.Name(), fs.Method(), err)
+		return verror.NoAccessf("ipc: not authorized to call %q.%q (%v)", fs.Name(), fs.Method(), err)
 	}
 	return nil
 }
@@ -1005,7 +995,7 @@
 func (fs *flowServer) authorizeForDebug(auth security.Authorizer) error {
 	dc := debugContext{fs}
 	if auth == nil {
-		auth = defaultAuthorizer(dc)
+		auth = defaultAuthorizer{}
 	}
 	return auth.Authorize(dc)
 }