pkg/services/object/put/streamer.go

@@ -110,18 +110,22 @@ func (p *Streamer) initTrustedTarget(prm *PutInitPrm) error {
 
 	// In case session token is missing, the line above returns the default key.
 	// If it isn't owner key, replication attempts will fail, thus this check.
-	if sToken == nil {
-		ownerObj := prm.hdr.OwnerID()
-		if ownerObj.IsEmpty() {
-			return errors.New("missing object owner")
-		}
+	ownerObj := prm.hdr.OwnerID()
+	if ownerObj.IsEmpty() {
+		return errors.New("missing object owner")
+	}
 
+	if sToken == nil {
 		var ownerSession user.ID
 		user.IDFromKey(&ownerSession, sessionKey.PublicKey)
 
 		if !ownerObj.Equals(ownerSession) {
 			return fmt.Errorf("(%T) session token is missing but object owner id is different from the default key", p)
 		}
+	} else {
+		if !ownerObj.Equals(sessionInfo.Owner) {
+			return fmt.Errorf("(%T) different token issuer and object owner identifiers %s/%s", p, sessionInfo.Owner, ownerObj)
+		}
 	}
 
 	p.sessionKey = sessionKey