[#xx] treesvc: Fix panic in bearer token processing #510

Merged
fyrchik merged 2 commits from fyrchik/frostfs-node:fix-tree-panic into master 2023-07-12 10:23:22 +00:00

View file

@ -84,7 +84,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
return nil return nil
} }
var tableFromBearer bool var useBearer bool
if len(rawBearer) != 0 { if len(rawBearer) != 0 {
if !basicACL.AllowedBearerRules(op) { if !basicACL.AllowedBearerRules(op) {
s.log.Debug(logs.TreeBearerPresentedButNotAllowedByACL, s.log.Debug(logs.TreeBearerPresentedButNotAllowedByACL,
@ -92,13 +92,13 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
zap.String("op", op.String()), zap.String("op", op.String()),
) )
} else { } else {
tableFromBearer = true useBearer = true
} }
} }
var tb eacl.Table var tb eacl.Table
signer := req.GetSignature().GetKey() signer := req.GetSignature().GetKey()
if tableFromBearer && !bt.Impersonate() { if useBearer && !bt.Impersonate() {
if !bearer.ResolveIssuer(*bt).Equals(cnr.Value.Owner()) { if !bearer.ResolveIssuer(*bt).Equals(cnr.Value.Owner()) {
return eACLErr(eaclOp, errBearerWrongOwner) return eACLErr(eaclOp, errBearerWrongOwner)
} }
@ -110,7 +110,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
} }
tb = *tbCore.Value tb = *tbCore.Value
if bt.Impersonate() { if useBearer && bt.Impersonate() {
signer = bt.SigningKeyBytes() signer = bt.SigningKeyBytes()
} }
} }