security: Provide an Authorizer implementation that never denies access.

When I was young, I harbored hopes of a world where the policy of never
denying access would be silly and rare. I am wiser now, I was silly
then.

MultiPart: 2/3
Change-Id: I5af020a19f558cd0856f2b3491369c7e47faf984
diff --git a/cmd/principal/main.go b/cmd/principal/main.go
index 05df6ee..a894f30 100644
--- a/cmd/principal/main.go
+++ b/cmd/principal/main.go
@@ -796,7 +796,7 @@
 				token:     base64.URLEncoding.EncodeToString(token[:]),
 				notify:    make(chan error),
 			}
-			if err := server.Serve("", service, allowAnyone{}); err != nil {
+			if err := server.Serve("", service, security.AllowEveryone()); err != nil {
 				return fmt.Errorf("failed to setup service: %v", err)
 			}
 			// Proposed name:
@@ -1208,10 +1208,6 @@
 	return nil
 }
 
-type allowAnyone struct{}
-
-func (allowAnyone) Authorize(*context.T, security.Call) error { return nil }
-
 type granter struct {
 	with      security.Blessings
 	extension string
diff --git a/profiles/internal/naming/namespace/all_test.go b/profiles/internal/naming/namespace/all_test.go
index 87bad7e..59749d3 100644
--- a/profiles/internal/naming/namespace/all_test.go
+++ b/profiles/internal/naming/namespace/all_test.go
@@ -123,14 +123,10 @@
 	return ch, nil
 }
 
-type allowEveryoneAuthorizer struct{}
-
-func (allowEveryoneAuthorizer) Authorize(*context.T, security.Call) error { return nil }
-
 type dispatcher struct{}
 
 func (d *dispatcher) Lookup(suffix string) (interface{}, security.Authorizer, error) {
-	return &testServer{suffix}, allowEveryoneAuthorizer{}, nil
+	return &testServer{suffix}, security.AllowEveryone(), nil
 }
 
 func knockKnock(t *testing.T, ctx *context.T, name string) {
diff --git a/profiles/internal/rpc/cancel_test.go b/profiles/internal/rpc/cancel_test.go
index c14d120..0ab201e 100644
--- a/profiles/internal/rpc/cancel_test.go
+++ b/profiles/internal/rpc/cancel_test.go
@@ -19,12 +19,6 @@
 	tnaming "v.io/x/ref/profiles/internal/testing/mocks/naming"
 )
 
-type fakeAuthorizer int
-
-func (fakeAuthorizer) Authorize(*context.T, security.Call) error {
-	return nil
-}
-
 type canceld struct {
 	sm       stream.Manager
 	ns       namespace.T
@@ -78,7 +72,7 @@
 		stop:     s.Stop,
 	}
 
-	if err := s.Serve(name, c, fakeAuthorizer(0)); err != nil {
+	if err := s.Serve(name, c, security.AllowEveryone()); err != nil {
 		return nil, err
 	}
 
diff --git a/profiles/internal/rpc/full_test.go b/profiles/internal/rpc/full_test.go
index e978fc0..e2e3abf 100644
--- a/profiles/internal/rpc/full_test.go
+++ b/profiles/internal/rpc/full_test.go
@@ -389,7 +389,7 @@
 	if _, err := server.Listen(listenSpec); err != nil {
 		t.Fatal(err)
 	}
-	if err := server.Serve(name, obj, acceptAllAuthorizer{}); err != nil {
+	if err := server.Serve(name, obj, security.AllowEveryone()); err != nil {
 		t.Fatal(err)
 	}
 	return sm
@@ -523,7 +523,7 @@
 		}
 	)
 	// Start the discharge server.
-	_, dischargeServer := startServer(t, ctx, pdischarger, mgr, ns, "mountpoint/dischargeserver", testutil.LeafDispatcher(&dischargeServer{}, &acceptAllAuthorizer{}))
+	_, dischargeServer := startServer(t, ctx, pdischarger, mgr, ns, "mountpoint/dischargeserver", testutil.LeafDispatcher(&dischargeServer{}, security.AllowEveryone()))
 	defer stopServer(t, ctx, dischargeServer, ns, "mountpoint/dischargeserver")
 
 	// Make the client and server principals trust root certificates from
@@ -1108,7 +1108,7 @@
 	defer stopServer(t, ctx, server, ns, serverName)
 
 	// Start the discharge server.
-	_, dischargeServer := startServer(t, ctx, pdischarger, mgr, ns, dischargeServerName, testutil.LeafDispatcher(&dischargeServer{}, &acceptAllAuthorizer{}))
+	_, dischargeServer := startServer(t, ctx, pdischarger, mgr, ns, dischargeServerName, testutil.LeafDispatcher(&dischargeServer{}, security.AllowEveryone()))
 	defer stopServer(t, ctx, dischargeServer, ns, dischargeServerName)
 
 	// The server should recognize the client principal as an authority on "client" and "random" blessings.
@@ -1256,7 +1256,7 @@
 	_, server := startServer(t, ctx, pserver, mgr, ns, "mountpoint/server", testServerDisp{&testServer{}})
 	defer stopServer(t, ctx, server, ns, "mountpoint/server")
 
-	_, dischargeServer := startServer(t, ctx, pdischarger, mgr, ns, "mountpoint/dischargeserver", testutil.LeafDispatcher(&dischargeServer{}, &acceptAllAuthorizer{}))
+	_, dischargeServer := startServer(t, ctx, pdischarger, mgr, ns, "mountpoint/dischargeserver", testutil.LeafDispatcher(&dischargeServer{}, security.AllowEveryone()))
 	defer stopServer(t, ctx, dischargeServer, ns, "mountpoint/dischargeserver")
 
 	// Make the client present bclient to all servers that are blessed
diff --git a/profiles/internal/rpc/server.go b/profiles/internal/rpc/server.go
index d41aa64..657b3ba 100644
--- a/profiles/internal/rpc/server.go
+++ b/profiles/internal/rpc/server.go
@@ -1160,7 +1160,7 @@
 // value may be modified to match the actual suffix and method to use.
 func (fs *flowServer) lookup(suffix string, method string) (rpc.Invoker, security.Authorizer, error) {
 	if naming.IsReserved(method) {
-		return reservedInvoker(fs.disp, fs.server.dispReserved), &acceptAllAuthorizer{}, nil
+		return reservedInvoker(fs.disp, fs.server.dispReserved), security.AllowEveryone(), nil
 	}
 	disp := fs.disp
 	if naming.IsReserved(suffix) {
@@ -1234,12 +1234,6 @@
 	return nil
 }
 
-type acceptAllAuthorizer struct{}
-
-func (acceptAllAuthorizer) Authorize(*context.T, security.Call) error {
-	return nil
-}
-
 func authorize(ctx *context.T, call security.Call, auth security.Authorizer) error {
 	if call.LocalPrincipal() == nil {
 		// LocalPrincipal is nil means that the server wanted to avoid
diff --git a/profiles/internal/rpc/stress/internal/server.go b/profiles/internal/rpc/stress/internal/server.go
index 66b49d7..c4a62a1 100644
--- a/profiles/internal/rpc/stress/internal/server.go
+++ b/profiles/internal/rpc/stress/internal/server.go
@@ -81,10 +81,6 @@
 	return nil
 }
 
-type allowEveryoneAuthorizer struct{}
-
-func (allowEveryoneAuthorizer) Authorize(*context.T, security.Call) error { return nil }
-
 // StartServer starts a server that implements the Stress service, and returns
 // the server and its vanadium address. It also returns a channel carrying stop
 // requests. After reading from the stop channel, the application should exit.
@@ -102,7 +98,7 @@
 	}
 
 	s := impl{stop: make(chan struct{})}
-	if err := server.Serve("", stress.StressServer(&s), allowEveryoneAuthorizer{}); err != nil {
+	if err := server.Serve("", stress.StressServer(&s), security.AllowEveryone()); err != nil {
 		vlog.Fatalf("Serve failed: %v", err)
 	}
 	return server, eps[0], s.stop
diff --git a/profiles/internal/rpc/test/retry_test.go b/profiles/internal/rpc/test/retry_test.go
index 9f69ee0..0b28efb 100644
--- a/profiles/internal/rpc/test/retry_test.go
+++ b/profiles/internal/rpc/test/retry_test.go
@@ -32,12 +32,6 @@
 	return verror.New(errRetryThis, ctx)
 }
 
-type allowEveryoneAuth struct{}
-
-func (allowEveryoneAuth) Authorize(*context.T, security.Call) error {
-	return nil
-}
-
 func TestRetryCall(t *testing.T) {
 	ctx, shutdown := v23.Init()
 	defer shutdown()
@@ -52,7 +46,7 @@
 		t.Fatal(err)
 	}
 	rs := retryServer{}
-	if err = server.Serve("", &rs, allowEveryoneAuth{}); err != nil {
+	if err = server.Serve("", &rs, security.AllowEveryone()); err != nil {
 		t.Fatal(err)
 	}
 	name := eps[0].Name()
diff --git a/profiles/internal/rt/ipc_test.go b/profiles/internal/rt/ipc_test.go
index 6c76eb4..10dae1f 100644
--- a/profiles/internal/rt/ipc_test.go
+++ b/profiles/internal/rt/ipc_test.go
@@ -92,7 +92,7 @@
 		return nil, "", err
 	}
 	serverObjectName := naming.JoinAddressName(endpoints[0].String(), "")
-	if err := server.Serve("", s, allowEveryone{}); err != nil {
+	if err := server.Serve("", s, security.AllowEveryone()); err != nil {
 		return nil, "", err
 	}
 	return server, serverObjectName, nil
@@ -372,7 +372,3 @@
 		t.Errorf("client.StartCall passed unexpectedly with remote end authenticated as: %v", remoteBlessings)
 	}
 }
-
-type allowEveryone struct{}
-
-func (allowEveryone) Authorize(*context.T, security.Call) error { return nil }
diff --git a/profiles/internal/vtrace/vtrace_test.go b/profiles/internal/vtrace/vtrace_test.go
index 74b7cab..87a1bf8 100644
--- a/profiles/internal/vtrace/vtrace_test.go
+++ b/profiles/internal/vtrace/vtrace_test.go
@@ -154,10 +154,6 @@
 	}, nil
 }
 
-type anyone struct{}
-
-func (anyone) Authorize(*context.T, security.Call) error { return nil }
-
 func makeTestServer(ctx *context.T, principal security.Principal, name string) (*testServer, error) {
 	// Set a new vtrace store to simulate a separate process.
 	ctx, err := ivtrace.Init(ctx, flags.VtraceFlags{CacheSize: 100})
@@ -180,7 +176,7 @@
 		name: name,
 		stop: s.Stop,
 	}
-	if err := s.Serve(name, c, anyone{}); err != nil {
+	if err := s.Serve(name, c, security.AllowEveryone()); err != nil {
 		return nil, err
 	}
 	return c, nil
diff --git a/services/device/device/local_install.go b/services/device/device/local_install.go
index f2a3243..c124974 100644
--- a/services/device/device/local_install.go
+++ b/services/device/device/local_install.go
@@ -52,10 +52,6 @@
 	cmdInstallLocal.Flags.Var(&packagesOverride, "packages", "JSON-encoded application.Packages object, of the form: '{\"pkg1\":{\"File\":\"local file path1\"},\"pkg2\":{\"File\":\"local file path 2\"}}'")
 }
 
-type openAuthorizer struct{}
-
-func (openAuthorizer) Authorize(*context.T, security.Call) error { return nil }
-
 type mapDispatcher map[string]interface{}
 
 func (d mapDispatcher) Lookup(suffix string) (interface{}, security.Authorizer, error) {
@@ -63,8 +59,8 @@
 	if !ok {
 		return nil, nil, fmt.Errorf("suffix %s not found", suffix)
 	}
-	// TODO(caprita): Do not open authorizer even for a short-lived server.
-	return o, &openAuthorizer{}, nil
+	// TODO(caprita): Do not allow everyone, even for a short-lived server.
+	return o, security.AllowEveryone(), nil
 }
 
 type mapServer struct {
diff --git a/services/device/internal/impl/impl_test.go b/services/device/internal/impl/impl_test.go
index 91718af..4b2cdf4 100644
--- a/services/device/internal/impl/impl_test.go
+++ b/services/device/internal/impl/impl_test.go
@@ -563,7 +563,7 @@
 func setupPingServer(t *testing.T, ctx *context.T) (<-chan pingArgs, func()) {
 	server, _ := servicetest.NewServer(ctx)
 	pingCh := make(chan pingArgs, 1)
-	if err := server.Serve("pingserver", pingServer(pingCh), &openAuthorizer{}); err != nil {
+	if err := server.Serve("pingserver", pingServer(pingCh), security.AllowEveryone()); err != nil {
 		t.Fatalf("Serve(%q, <dispatcher>) failed: %v", "pingserver", err)
 	}
 	return pingCh, func() {
diff --git a/services/device/internal/impl/mock_repo_test.go b/services/device/internal/impl/mock_repo_test.go
index 7f6a03d..632342b 100644
--- a/services/device/internal/impl/mock_repo_test.go
+++ b/services/device/internal/impl/mock_repo_test.go
@@ -47,7 +47,7 @@
 	server, _ := servicetest.NewServer(ctx)
 	invoker := new(arInvoker)
 	name := mockApplicationRepoName
-	if err := server.Serve(name, repository.ApplicationServer(invoker), &openAuthorizer{}); err != nil {
+	if err := server.Serve(name, repository.ApplicationServer(invoker), security.AllowEveryone()); err != nil {
 		vlog.Fatalf("Serve(%v) failed: %v", name, err)
 	}
 	return &invoker.envelope, func() {
@@ -57,10 +57,6 @@
 	}
 }
 
-type openAuthorizer struct{}
-
-func (openAuthorizer) Authorize(*context.T, security.Call) error { return nil }
-
 // arInvoker holds the state of an application repository invocation mock.  The
 // mock returns the value of the wrapped envelope, which can be subsequently be
 // changed at any time.  Client is responsible for synchronization if desired.
@@ -94,7 +90,7 @@
 func startBinaryRepository(ctx *context.T) func() {
 	server, _ := servicetest.NewServer(ctx)
 	name := mockBinaryRepoName
-	if err := server.Serve(name, repository.BinaryServer(new(brInvoker)), &openAuthorizer{}); err != nil {
+	if err := server.Serve(name, repository.BinaryServer(new(brInvoker)), security.AllowEveryone()); err != nil {
 		vlog.Fatalf("Serve(%q) failed: %v", name, err)
 	}
 	return func() {
diff --git a/services/identity/internal/server/identityd.go b/services/identity/internal/server/identityd.go
index f1f0cda..01eaeb4 100644
--- a/services/identity/internal/server/identityd.go
+++ b/services/identity/internal/server/identityd.go
@@ -253,15 +253,11 @@
 	return d
 }
 
-type allowEveryoneAuthorizer struct{}
-
-func (allowEveryoneAuthorizer) Authorize(*context.T, security.Call) error { return nil }
-
 type dispatcher map[string]interface{}
 
 func (d dispatcher) Lookup(suffix string) (interface{}, security.Authorizer, error) {
 	if invoker := d[suffix]; invoker != nil {
-		return invoker, allowEveryoneAuthorizer{}, nil
+		return invoker, security.AllowEveryone(), nil
 	}
 	return nil, nil, verror.New(verror.ErrNoExist, nil, suffix)
 }
diff --git a/services/proxy/proxyd/proxyd_v23_test.go b/services/proxy/proxyd/proxyd_v23_test.go
index 5a44507..2e4d4e0 100644
--- a/services/proxy/proxyd/proxyd_v23_test.go
+++ b/services/proxy/proxyd/proxyd_v23_test.go
@@ -75,7 +75,7 @@
 	if _, err := server.Listen(rpc.ListenSpec{Proxy: proxyName}); err != nil {
 		return err
 	}
-	if err := server.Serve(serverName, service{}, allowEveryone{}); err != nil {
+	if err := server.Serve(serverName, service{}, security.AllowEveryone()); err != nil {
 		return err
 	}
 
@@ -106,7 +106,3 @@
 	server := security.LocalBlessingNames(ctx, call.Security())
 	return fmt.Sprintf("server %v saw client %v", server, client), nil
 }
-
-type allowEveryone struct{}
-
-func (allowEveryone) Authorize(*context.T, security.Call) error { return nil }
diff --git a/services/role/roled/internal/dispatcher.go b/services/role/roled/internal/dispatcher.go
index 4567c2b..475beb5 100644
--- a/services/role/roled/internal/dispatcher.go
+++ b/services/role/roled/internal/dispatcher.go
@@ -46,7 +46,7 @@
 
 func (d *dispatcher) Lookup(suffix string) (interface{}, security.Authorizer, error) {
 	if len(suffix) == 0 {
-		return discharger.DischargerServer(&dischargerImpl{d.config}), &openAuthorizer{}, nil
+		return discharger.DischargerServer(&dischargerImpl{d.config}), security.AllowEveryone(), nil
 	}
 	fileName := filepath.Join(d.config.root, filepath.FromSlash(suffix+".conf"))
 	if !strings.HasPrefix(fileName, d.config.root) {
@@ -65,12 +65,6 @@
 	return role.RoleServer(obj), &authorizer{roleConfig}, nil
 }
 
-type openAuthorizer struct{}
-
-func (openAuthorizer) Authorize(*context.T, security.Call) error {
-	return nil
-}
-
 type authorizer struct {
 	config *Config
 }