1 //
2 //
3 // Copyright 2020 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 //     http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18 
19 #include <grpc/support/port_platform.h>
20 
21 #include "src/core/lib/security/security_connector/insecure/insecure_security_connector.h"
22 
23 #include "src/core/lib/gprpp/ref_counted_ptr.h"
24 #include "src/core/lib/security/transport/security_handshaker.h"
25 #include "src/core/tsi/local_transport_security.h"
26 
27 namespace grpc_core {
28 
29 const char kInsecureTransportSecurityType[] = "insecure";
30 
31 namespace {
32 
MakeAuthContext()33 RefCountedPtr<grpc_auth_context> MakeAuthContext() {
34   auto ctx = MakeRefCounted<grpc_auth_context>(nullptr);
35   grpc_auth_context_add_cstring_property(
36       ctx.get(), GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
37       kInsecureTransportSecurityType);
38   const char* security_level = tsi_security_level_to_string(TSI_SECURITY_NONE);
39   grpc_auth_context_add_property(ctx.get(),
40                                  GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME,
41                                  security_level, strlen(security_level));
42   return ctx;
43 }
44 
45 }  // namespace
46 
TestOnlyMakeInsecureAuthContext()47 RefCountedPtr<grpc_auth_context> TestOnlyMakeInsecureAuthContext() {
48   return MakeAuthContext();
49 }
50 
51 // check_call_host and cancel_check_call_host are no-ops since we want to
52 // provide an insecure channel.
check_call_host(absl::string_view host,grpc_auth_context * auth_context,grpc_closure * on_call_host_checked,grpc_error ** error)53 bool InsecureChannelSecurityConnector::check_call_host(
54     absl::string_view host, grpc_auth_context* auth_context,
55     grpc_closure* on_call_host_checked, grpc_error** error) {
56   *error = GRPC_ERROR_NONE;
57   return true;
58 }
59 
cancel_check_call_host(grpc_closure * on_call_host_checked,grpc_error * error)60 void InsecureChannelSecurityConnector::cancel_check_call_host(
61     grpc_closure* on_call_host_checked, grpc_error* error) {
62   GRPC_ERROR_UNREF(error);
63 }
64 
65 // add_handshakers should have been a no-op but we need to add a minimalist
66 // security handshaker so that check_peer is invoked and an auth_context is
67 // created with the security level of TSI_SECURITY_NONE.
add_handshakers(const grpc_channel_args * args,grpc_pollset_set *,HandshakeManager * handshake_manager)68 void InsecureChannelSecurityConnector::add_handshakers(
69     const grpc_channel_args* args, grpc_pollset_set* /* interested_parties */,
70     HandshakeManager* handshake_manager) {
71   tsi_handshaker* handshaker = nullptr;
72   // Re-use local_tsi_handshaker_create as a minimalist handshaker.
73   GPR_ASSERT(tsi_local_handshaker_create(true /* is_client */, &handshaker) ==
74              TSI_OK);
75   handshake_manager->Add(SecurityHandshakerCreate(handshaker, this, args));
76 }
77 
check_peer(tsi_peer peer,grpc_endpoint * ep,RefCountedPtr<grpc_auth_context> * auth_context,grpc_closure * on_peer_checked)78 void InsecureChannelSecurityConnector::check_peer(
79     tsi_peer peer, grpc_endpoint* ep,
80     RefCountedPtr<grpc_auth_context>* auth_context,
81     grpc_closure* on_peer_checked) {
82   *auth_context = MakeAuthContext();
83   tsi_peer_destruct(&peer);
84   ExecCtx::Run(DEBUG_LOCATION, on_peer_checked, GRPC_ERROR_NONE);
85 }
86 
cmp(const grpc_security_connector * other_sc) const87 int InsecureChannelSecurityConnector::cmp(
88     const grpc_security_connector* other_sc) const {
89   return channel_security_connector_cmp(
90       static_cast<const grpc_channel_security_connector*>(other_sc));
91 }
92 
93 // add_handshakers should have been a no-op but we need to add a minimalist
94 // security handshaker so that check_peer is invoked and an auth_context is
95 // created with the security level of TSI_SECURITY_NONE.
add_handshakers(const grpc_channel_args * args,grpc_pollset_set *,grpc_core::HandshakeManager * handshake_manager)96 void InsecureServerSecurityConnector::add_handshakers(
97     const grpc_channel_args* args, grpc_pollset_set* /* interested_parties */,
98     grpc_core::HandshakeManager* handshake_manager) {
99   tsi_handshaker* handshaker = nullptr;
100   // Re-use local_tsi_handshaker_create as a minimalist handshaker.
101   GPR_ASSERT(tsi_local_handshaker_create(false /* is_client */, &handshaker) ==
102              TSI_OK);
103   handshake_manager->Add(SecurityHandshakerCreate(handshaker, this, args));
104 }
105 
check_peer(tsi_peer peer,grpc_endpoint * ep,grpc_core::RefCountedPtr<grpc_auth_context> * auth_context,grpc_closure * on_peer_checked)106 void InsecureServerSecurityConnector::check_peer(
107     tsi_peer peer, grpc_endpoint* ep,
108     grpc_core::RefCountedPtr<grpc_auth_context>* auth_context,
109     grpc_closure* on_peer_checked) {
110   *auth_context = MakeAuthContext();
111   tsi_peer_destruct(&peer);
112   ExecCtx::Run(DEBUG_LOCATION, on_peer_checked, GRPC_ERROR_NONE);
113 }
114 
cmp(const grpc_security_connector * other) const115 int InsecureServerSecurityConnector::cmp(
116     const grpc_security_connector* other) const {
117   return server_security_connector_cmp(
118       static_cast<const grpc_server_security_connector*>(other));
119 }
120 
121 }  // namespace grpc_core
122