• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 //
2 //
3 // Copyright 2020 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 //     http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18 
19 #include "src/core/lib/security/security_connector/insecure/insecure_security_connector.h"
20 
21 #include <grpc/grpc_security_constants.h>
22 #include <grpc/support/port_platform.h>
23 #include <string.h>
24 
25 #include "absl/log/check.h"
26 #include "src/core/handshaker/security/security_handshaker.h"
27 #include "src/core/lib/channel/channel_args.h"
28 #include "src/core/lib/iomgr/exec_ctx.h"
29 #include "src/core/lib/promise/promise.h"
30 #include "src/core/lib/security/context/security_context.h"
31 #include "src/core/tsi/local_transport_security.h"
32 #include "src/core/util/debug_location.h"
33 #include "src/core/util/ref_counted_ptr.h"
34 
35 namespace grpc_core {
36 
37 const char kInsecureTransportSecurityType[] = "insecure";
38 
39 namespace {
40 
MakeAuthContext()41 RefCountedPtr<grpc_auth_context> MakeAuthContext() {
42   auto ctx = MakeRefCounted<grpc_auth_context>(nullptr);
43   grpc_auth_context_add_cstring_property(
44       ctx.get(), GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
45       kInsecureTransportSecurityType);
46   const char* security_level = tsi_security_level_to_string(TSI_SECURITY_NONE);
47   grpc_auth_context_add_property(ctx.get(),
48                                  GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME,
49                                  security_level, strlen(security_level));
50   return ctx;
51 }
52 
53 }  // namespace
54 
TestOnlyMakeInsecureAuthContext()55 RefCountedPtr<grpc_auth_context> TestOnlyMakeInsecureAuthContext() {
56   return MakeAuthContext();
57 }
58 
CheckCallHost(absl::string_view,grpc_auth_context *)59 ArenaPromise<absl::Status> InsecureChannelSecurityConnector::CheckCallHost(
60     absl::string_view, grpc_auth_context*) {
61   return ImmediateOkStatus();
62 }
63 
64 // add_handshakers should have been a no-op but we need to add a minimalist
65 // security handshaker so that check_peer is invoked and an auth_context is
66 // created with the security level of TSI_SECURITY_NONE.
add_handshakers(const ChannelArgs & args,grpc_pollset_set *,HandshakeManager * handshake_manager)67 void InsecureChannelSecurityConnector::add_handshakers(
68     const ChannelArgs& args, grpc_pollset_set* /* interested_parties */,
69     HandshakeManager* handshake_manager) {
70   tsi_handshaker* handshaker = nullptr;
71   // Re-use local_tsi_handshaker_create as a minimalist handshaker.
72   CHECK(tsi_local_handshaker_create(&handshaker) == TSI_OK);
73   handshake_manager->Add(SecurityHandshakerCreate(handshaker, this, args));
74 }
75 
check_peer(tsi_peer peer,grpc_endpoint *,const ChannelArgs &,RefCountedPtr<grpc_auth_context> * auth_context,grpc_closure * on_peer_checked)76 void InsecureChannelSecurityConnector::check_peer(
77     tsi_peer peer, grpc_endpoint* /*ep*/, const ChannelArgs& /*args*/,
78     RefCountedPtr<grpc_auth_context>* auth_context,
79     grpc_closure* on_peer_checked) {
80   *auth_context = MakeAuthContext();
81   tsi_peer_destruct(&peer);
82   ExecCtx::Run(DEBUG_LOCATION, on_peer_checked, absl::OkStatus());
83 }
84 
cmp(const grpc_security_connector * other_sc) const85 int InsecureChannelSecurityConnector::cmp(
86     const grpc_security_connector* other_sc) const {
87   return channel_security_connector_cmp(
88       static_cast<const grpc_channel_security_connector*>(other_sc));
89 }
90 
91 // add_handshakers should have been a no-op but we need to add a minimalist
92 // security handshaker so that check_peer is invoked and an auth_context is
93 // created with the security level of TSI_SECURITY_NONE.
add_handshakers(const ChannelArgs & args,grpc_pollset_set *,HandshakeManager * handshake_manager)94 void InsecureServerSecurityConnector::add_handshakers(
95     const ChannelArgs& args, grpc_pollset_set* /* interested_parties */,
96     HandshakeManager* handshake_manager) {
97   tsi_handshaker* handshaker = nullptr;
98   // Re-use local_tsi_handshaker_create as a minimalist handshaker.
99   CHECK(tsi_local_handshaker_create(&handshaker) == TSI_OK);
100   handshake_manager->Add(SecurityHandshakerCreate(handshaker, this, args));
101 }
102 
check_peer(tsi_peer peer,grpc_endpoint *,const ChannelArgs &,RefCountedPtr<grpc_auth_context> * auth_context,grpc_closure * on_peer_checked)103 void InsecureServerSecurityConnector::check_peer(
104     tsi_peer peer, grpc_endpoint* /*ep*/, const ChannelArgs& /*args*/,
105     RefCountedPtr<grpc_auth_context>* auth_context,
106     grpc_closure* on_peer_checked) {
107   *auth_context = MakeAuthContext();
108   tsi_peer_destruct(&peer);
109   ExecCtx::Run(DEBUG_LOCATION, on_peer_checked, absl::OkStatus());
110 }
111 
cmp(const grpc_security_connector * other) const112 int InsecureServerSecurityConnector::cmp(
113     const grpc_security_connector* other) const {
114   return server_security_connector_cmp(
115       static_cast<const grpc_server_security_connector*>(other));
116 }
117 
118 }  // namespace grpc_core
119