objsvc: Validate session token owner for local sessions #924
1 changed files with 9 additions and 5 deletions
|
|
@ -110,18 +110,22 @@ func (p *Streamer) initTrustedTarget(prm *PutInitPrm) error {
|
||||||
|
|
||||||
// In case session token is missing, the line above returns the default key.
|
// In case session token is missing, the line above returns the default key.
|
||||||
// If it isn't owner key, replication attempts will fail, thus this check.
|
// If it isn't owner key, replication attempts will fail, thus this check.
|
||||||
if sToken == nil {
|
|
||||||
ownerObj := prm.hdr.OwnerID()
|
ownerObj := prm.hdr.OwnerID()
|
||||||
if ownerObj.IsEmpty() {
|
if ownerObj.IsEmpty() {
|
||||||
return errors.New("missing object owner")
|
return errors.New("missing object owner")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if sToken == nil {
|
||||||
var ownerSession user.ID
|
var ownerSession user.ID
|
||||||
user.IDFromKey(&ownerSession, sessionKey.PublicKey)
|
user.IDFromKey(&ownerSession, sessionKey.PublicKey)
|
||||||
|
|
||||||
if !ownerObj.Equals(ownerSession) {
|
if !ownerObj.Equals(ownerSession) {
|
||||||
return fmt.Errorf("(%T) session token is missing but object owner id is different from the default key", p)
|
return fmt.Errorf("(%T) session token is missing but object owner id is different from the default key", p)
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
if !ownerObj.Equals(sessionInfo.Owner) {
|
||||||
|
return fmt.Errorf("(%T) different token issuer and object owner identifiers %s/%s", p, sessionInfo.Owner, ownerObj)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
p.sessionKey = sessionKey
|
p.sessionKey = sessionKey
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue