security: Provide an Authorizer implementation that never denies access.
When I was young, I harbored hopes of a world where the policy of never
denying access would be silly and rare. I am wiser now, I was silly
then.
MultiPart: 2/3
Change-Id: I5af020a19f558cd0856f2b3491369c7e47faf984
diff --git a/cmd/principal/main.go b/cmd/principal/main.go
index 05df6ee..a894f30 100644
--- a/cmd/principal/main.go
+++ b/cmd/principal/main.go
@@ -796,7 +796,7 @@
token: base64.URLEncoding.EncodeToString(token[:]),
notify: make(chan error),
}
- if err := server.Serve("", service, allowAnyone{}); err != nil {
+ if err := server.Serve("", service, security.AllowEveryone()); err != nil {
return fmt.Errorf("failed to setup service: %v", err)
}
// Proposed name:
@@ -1208,10 +1208,6 @@
return nil
}
-type allowAnyone struct{}
-
-func (allowAnyone) Authorize(*context.T, security.Call) error { return nil }
-
type granter struct {
with security.Blessings
extension string
diff --git a/profiles/internal/naming/namespace/all_test.go b/profiles/internal/naming/namespace/all_test.go
index 87bad7e..59749d3 100644
--- a/profiles/internal/naming/namespace/all_test.go
+++ b/profiles/internal/naming/namespace/all_test.go
@@ -123,14 +123,10 @@
return ch, nil
}
-type allowEveryoneAuthorizer struct{}
-
-func (allowEveryoneAuthorizer) Authorize(*context.T, security.Call) error { return nil }
-
type dispatcher struct{}
func (d *dispatcher) Lookup(suffix string) (interface{}, security.Authorizer, error) {
- return &testServer{suffix}, allowEveryoneAuthorizer{}, nil
+ return &testServer{suffix}, security.AllowEveryone(), nil
}
func knockKnock(t *testing.T, ctx *context.T, name string) {
diff --git a/profiles/internal/rpc/cancel_test.go b/profiles/internal/rpc/cancel_test.go
index c14d120..0ab201e 100644
--- a/profiles/internal/rpc/cancel_test.go
+++ b/profiles/internal/rpc/cancel_test.go
@@ -19,12 +19,6 @@
tnaming "v.io/x/ref/profiles/internal/testing/mocks/naming"
)
-type fakeAuthorizer int
-
-func (fakeAuthorizer) Authorize(*context.T, security.Call) error {
- return nil
-}
-
type canceld struct {
sm stream.Manager
ns namespace.T
@@ -78,7 +72,7 @@
stop: s.Stop,
}
- if err := s.Serve(name, c, fakeAuthorizer(0)); err != nil {
+ if err := s.Serve(name, c, security.AllowEveryone()); err != nil {
return nil, err
}
diff --git a/profiles/internal/rpc/full_test.go b/profiles/internal/rpc/full_test.go
index e978fc0..e2e3abf 100644
--- a/profiles/internal/rpc/full_test.go
+++ b/profiles/internal/rpc/full_test.go
@@ -389,7 +389,7 @@
if _, err := server.Listen(listenSpec); err != nil {
t.Fatal(err)
}
- if err := server.Serve(name, obj, acceptAllAuthorizer{}); err != nil {
+ if err := server.Serve(name, obj, security.AllowEveryone()); err != nil {
t.Fatal(err)
}
return sm
@@ -523,7 +523,7 @@
}
)
// Start the discharge server.
- _, dischargeServer := startServer(t, ctx, pdischarger, mgr, ns, "mountpoint/dischargeserver", testutil.LeafDispatcher(&dischargeServer{}, &acceptAllAuthorizer{}))
+ _, dischargeServer := startServer(t, ctx, pdischarger, mgr, ns, "mountpoint/dischargeserver", testutil.LeafDispatcher(&dischargeServer{}, security.AllowEveryone()))
defer stopServer(t, ctx, dischargeServer, ns, "mountpoint/dischargeserver")
// Make the client and server principals trust root certificates from
@@ -1108,7 +1108,7 @@
defer stopServer(t, ctx, server, ns, serverName)
// Start the discharge server.
- _, dischargeServer := startServer(t, ctx, pdischarger, mgr, ns, dischargeServerName, testutil.LeafDispatcher(&dischargeServer{}, &acceptAllAuthorizer{}))
+ _, dischargeServer := startServer(t, ctx, pdischarger, mgr, ns, dischargeServerName, testutil.LeafDispatcher(&dischargeServer{}, security.AllowEveryone()))
defer stopServer(t, ctx, dischargeServer, ns, dischargeServerName)
// The server should recognize the client principal as an authority on "client" and "random" blessings.
@@ -1256,7 +1256,7 @@
_, server := startServer(t, ctx, pserver, mgr, ns, "mountpoint/server", testServerDisp{&testServer{}})
defer stopServer(t, ctx, server, ns, "mountpoint/server")
- _, dischargeServer := startServer(t, ctx, pdischarger, mgr, ns, "mountpoint/dischargeserver", testutil.LeafDispatcher(&dischargeServer{}, &acceptAllAuthorizer{}))
+ _, dischargeServer := startServer(t, ctx, pdischarger, mgr, ns, "mountpoint/dischargeserver", testutil.LeafDispatcher(&dischargeServer{}, security.AllowEveryone()))
defer stopServer(t, ctx, dischargeServer, ns, "mountpoint/dischargeserver")
// Make the client present bclient to all servers that are blessed
diff --git a/profiles/internal/rpc/server.go b/profiles/internal/rpc/server.go
index d41aa64..657b3ba 100644
--- a/profiles/internal/rpc/server.go
+++ b/profiles/internal/rpc/server.go
@@ -1160,7 +1160,7 @@
// value may be modified to match the actual suffix and method to use.
func (fs *flowServer) lookup(suffix string, method string) (rpc.Invoker, security.Authorizer, error) {
if naming.IsReserved(method) {
- return reservedInvoker(fs.disp, fs.server.dispReserved), &acceptAllAuthorizer{}, nil
+ return reservedInvoker(fs.disp, fs.server.dispReserved), security.AllowEveryone(), nil
}
disp := fs.disp
if naming.IsReserved(suffix) {
@@ -1234,12 +1234,6 @@
return nil
}
-type acceptAllAuthorizer struct{}
-
-func (acceptAllAuthorizer) Authorize(*context.T, security.Call) error {
- return nil
-}
-
func authorize(ctx *context.T, call security.Call, auth security.Authorizer) error {
if call.LocalPrincipal() == nil {
// LocalPrincipal is nil means that the server wanted to avoid
diff --git a/profiles/internal/rpc/stress/internal/server.go b/profiles/internal/rpc/stress/internal/server.go
index 66b49d7..c4a62a1 100644
--- a/profiles/internal/rpc/stress/internal/server.go
+++ b/profiles/internal/rpc/stress/internal/server.go
@@ -81,10 +81,6 @@
return nil
}
-type allowEveryoneAuthorizer struct{}
-
-func (allowEveryoneAuthorizer) Authorize(*context.T, security.Call) error { return nil }
-
// StartServer starts a server that implements the Stress service, and returns
// the server and its vanadium address. It also returns a channel carrying stop
// requests. After reading from the stop channel, the application should exit.
@@ -102,7 +98,7 @@
}
s := impl{stop: make(chan struct{})}
- if err := server.Serve("", stress.StressServer(&s), allowEveryoneAuthorizer{}); err != nil {
+ if err := server.Serve("", stress.StressServer(&s), security.AllowEveryone()); err != nil {
vlog.Fatalf("Serve failed: %v", err)
}
return server, eps[0], s.stop
diff --git a/profiles/internal/rpc/test/retry_test.go b/profiles/internal/rpc/test/retry_test.go
index 9f69ee0..0b28efb 100644
--- a/profiles/internal/rpc/test/retry_test.go
+++ b/profiles/internal/rpc/test/retry_test.go
@@ -32,12 +32,6 @@
return verror.New(errRetryThis, ctx)
}
-type allowEveryoneAuth struct{}
-
-func (allowEveryoneAuth) Authorize(*context.T, security.Call) error {
- return nil
-}
-
func TestRetryCall(t *testing.T) {
ctx, shutdown := v23.Init()
defer shutdown()
@@ -52,7 +46,7 @@
t.Fatal(err)
}
rs := retryServer{}
- if err = server.Serve("", &rs, allowEveryoneAuth{}); err != nil {
+ if err = server.Serve("", &rs, security.AllowEveryone()); err != nil {
t.Fatal(err)
}
name := eps[0].Name()
diff --git a/profiles/internal/rt/ipc_test.go b/profiles/internal/rt/ipc_test.go
index 6c76eb4..10dae1f 100644
--- a/profiles/internal/rt/ipc_test.go
+++ b/profiles/internal/rt/ipc_test.go
@@ -92,7 +92,7 @@
return nil, "", err
}
serverObjectName := naming.JoinAddressName(endpoints[0].String(), "")
- if err := server.Serve("", s, allowEveryone{}); err != nil {
+ if err := server.Serve("", s, security.AllowEveryone()); err != nil {
return nil, "", err
}
return server, serverObjectName, nil
@@ -372,7 +372,3 @@
t.Errorf("client.StartCall passed unexpectedly with remote end authenticated as: %v", remoteBlessings)
}
}
-
-type allowEveryone struct{}
-
-func (allowEveryone) Authorize(*context.T, security.Call) error { return nil }
diff --git a/profiles/internal/vtrace/vtrace_test.go b/profiles/internal/vtrace/vtrace_test.go
index 74b7cab..87a1bf8 100644
--- a/profiles/internal/vtrace/vtrace_test.go
+++ b/profiles/internal/vtrace/vtrace_test.go
@@ -154,10 +154,6 @@
}, nil
}
-type anyone struct{}
-
-func (anyone) Authorize(*context.T, security.Call) error { return nil }
-
func makeTestServer(ctx *context.T, principal security.Principal, name string) (*testServer, error) {
// Set a new vtrace store to simulate a separate process.
ctx, err := ivtrace.Init(ctx, flags.VtraceFlags{CacheSize: 100})
@@ -180,7 +176,7 @@
name: name,
stop: s.Stop,
}
- if err := s.Serve(name, c, anyone{}); err != nil {
+ if err := s.Serve(name, c, security.AllowEveryone()); err != nil {
return nil, err
}
return c, nil
diff --git a/services/device/device/local_install.go b/services/device/device/local_install.go
index f2a3243..c124974 100644
--- a/services/device/device/local_install.go
+++ b/services/device/device/local_install.go
@@ -52,10 +52,6 @@
cmdInstallLocal.Flags.Var(&packagesOverride, "packages", "JSON-encoded application.Packages object, of the form: '{\"pkg1\":{\"File\":\"local file path1\"},\"pkg2\":{\"File\":\"local file path 2\"}}'")
}
-type openAuthorizer struct{}
-
-func (openAuthorizer) Authorize(*context.T, security.Call) error { return nil }
-
type mapDispatcher map[string]interface{}
func (d mapDispatcher) Lookup(suffix string) (interface{}, security.Authorizer, error) {
@@ -63,8 +59,8 @@
if !ok {
return nil, nil, fmt.Errorf("suffix %s not found", suffix)
}
- // TODO(caprita): Do not open authorizer even for a short-lived server.
- return o, &openAuthorizer{}, nil
+ // TODO(caprita): Do not allow everyone, even for a short-lived server.
+ return o, security.AllowEveryone(), nil
}
type mapServer struct {
diff --git a/services/device/internal/impl/impl_test.go b/services/device/internal/impl/impl_test.go
index 91718af..4b2cdf4 100644
--- a/services/device/internal/impl/impl_test.go
+++ b/services/device/internal/impl/impl_test.go
@@ -563,7 +563,7 @@
func setupPingServer(t *testing.T, ctx *context.T) (<-chan pingArgs, func()) {
server, _ := servicetest.NewServer(ctx)
pingCh := make(chan pingArgs, 1)
- if err := server.Serve("pingserver", pingServer(pingCh), &openAuthorizer{}); err != nil {
+ if err := server.Serve("pingserver", pingServer(pingCh), security.AllowEveryone()); err != nil {
t.Fatalf("Serve(%q, <dispatcher>) failed: %v", "pingserver", err)
}
return pingCh, func() {
diff --git a/services/device/internal/impl/mock_repo_test.go b/services/device/internal/impl/mock_repo_test.go
index 7f6a03d..632342b 100644
--- a/services/device/internal/impl/mock_repo_test.go
+++ b/services/device/internal/impl/mock_repo_test.go
@@ -47,7 +47,7 @@
server, _ := servicetest.NewServer(ctx)
invoker := new(arInvoker)
name := mockApplicationRepoName
- if err := server.Serve(name, repository.ApplicationServer(invoker), &openAuthorizer{}); err != nil {
+ if err := server.Serve(name, repository.ApplicationServer(invoker), security.AllowEveryone()); err != nil {
vlog.Fatalf("Serve(%v) failed: %v", name, err)
}
return &invoker.envelope, func() {
@@ -57,10 +57,6 @@
}
}
-type openAuthorizer struct{}
-
-func (openAuthorizer) Authorize(*context.T, security.Call) error { return nil }
-
// arInvoker holds the state of an application repository invocation mock. The
// mock returns the value of the wrapped envelope, which can be subsequently be
// changed at any time. Client is responsible for synchronization if desired.
@@ -94,7 +90,7 @@
func startBinaryRepository(ctx *context.T) func() {
server, _ := servicetest.NewServer(ctx)
name := mockBinaryRepoName
- if err := server.Serve(name, repository.BinaryServer(new(brInvoker)), &openAuthorizer{}); err != nil {
+ if err := server.Serve(name, repository.BinaryServer(new(brInvoker)), security.AllowEveryone()); err != nil {
vlog.Fatalf("Serve(%q) failed: %v", name, err)
}
return func() {
diff --git a/services/identity/internal/server/identityd.go b/services/identity/internal/server/identityd.go
index f1f0cda..01eaeb4 100644
--- a/services/identity/internal/server/identityd.go
+++ b/services/identity/internal/server/identityd.go
@@ -253,15 +253,11 @@
return d
}
-type allowEveryoneAuthorizer struct{}
-
-func (allowEveryoneAuthorizer) Authorize(*context.T, security.Call) error { return nil }
-
type dispatcher map[string]interface{}
func (d dispatcher) Lookup(suffix string) (interface{}, security.Authorizer, error) {
if invoker := d[suffix]; invoker != nil {
- return invoker, allowEveryoneAuthorizer{}, nil
+ return invoker, security.AllowEveryone(), nil
}
return nil, nil, verror.New(verror.ErrNoExist, nil, suffix)
}
diff --git a/services/proxy/proxyd/proxyd_v23_test.go b/services/proxy/proxyd/proxyd_v23_test.go
index 5a44507..2e4d4e0 100644
--- a/services/proxy/proxyd/proxyd_v23_test.go
+++ b/services/proxy/proxyd/proxyd_v23_test.go
@@ -75,7 +75,7 @@
if _, err := server.Listen(rpc.ListenSpec{Proxy: proxyName}); err != nil {
return err
}
- if err := server.Serve(serverName, service{}, allowEveryone{}); err != nil {
+ if err := server.Serve(serverName, service{}, security.AllowEveryone()); err != nil {
return err
}
@@ -106,7 +106,3 @@
server := security.LocalBlessingNames(ctx, call.Security())
return fmt.Sprintf("server %v saw client %v", server, client), nil
}
-
-type allowEveryone struct{}
-
-func (allowEveryone) Authorize(*context.T, security.Call) error { return nil }
diff --git a/services/role/roled/internal/dispatcher.go b/services/role/roled/internal/dispatcher.go
index 4567c2b..475beb5 100644
--- a/services/role/roled/internal/dispatcher.go
+++ b/services/role/roled/internal/dispatcher.go
@@ -46,7 +46,7 @@
func (d *dispatcher) Lookup(suffix string) (interface{}, security.Authorizer, error) {
if len(suffix) == 0 {
- return discharger.DischargerServer(&dischargerImpl{d.config}), &openAuthorizer{}, nil
+ return discharger.DischargerServer(&dischargerImpl{d.config}), security.AllowEveryone(), nil
}
fileName := filepath.Join(d.config.root, filepath.FromSlash(suffix+".conf"))
if !strings.HasPrefix(fileName, d.config.root) {
@@ -65,12 +65,6 @@
return role.RoleServer(obj), &authorizer{roleConfig}, nil
}
-type openAuthorizer struct{}
-
-func (openAuthorizer) Authorize(*context.T, security.Call) error {
- return nil
-}
-
type authorizer struct {
config *Config
}