[#xx] treesvc: Fix panic in bearer token processing #510

Merged
fyrchik merged 2 commits from fyrchik/frostfs-node:fix-tree-panic into master 2023-07-12 10:23:22 +00:00

View file

@ -84,7 +84,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
return nil
}
var tableFromBearer bool
var useBearer bool
if len(rawBearer) != 0 {
if !basicACL.AllowedBearerRules(op) {
s.log.Debug(logs.TreeBearerPresentedButNotAllowedByACL,
@ -92,13 +92,13 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
zap.String("op", op.String()),
)
} else {
tableFromBearer = true
useBearer = true
}
}
var tb eacl.Table
signer := req.GetSignature().GetKey()
if tableFromBearer && !bt.Impersonate() {
if useBearer && !bt.Impersonate() {
if !bearer.ResolveIssuer(*bt).Equals(cnr.Value.Owner()) {
return eACLErr(eaclOp, errBearerWrongOwner)
}
@ -110,7 +110,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
}
tb = *tbCore.Value
if bt.Impersonate() {
if useBearer && bt.Impersonate() {
signer = bt.SigningKeyBytes()
}
}