services/tree: Use bearer owner as signer

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2022-10-25 15:24:06 +03:00 · 2022-10-25 15:24:06 +03:00 · 6f991ab762
commit 6f991ab762
parent fe56f11edc
3 changed files with 12 additions and 4 deletions
--- a/go.mod
+++ b/go.mod
@ -39,10 +39,15 @@ require (
 	gopkg.in/yaml.v3 v3.0.1
 )
 replace (
 	github.com/TrueCloudLab/frostfs-api-go/v2 v2.0.0-20221212144048-1351b6656d68 => github.com/KirillovDenis/frostfs-api-go/v2 v2.11.2-0.20230221082308-ac00938fa447
 	github.com/TrueCloudLab/frostfs-sdk-go v0.0.0-20221214065929-4c779423f556 => github.com/KirillovDenis/frostfs-sdk-go v0.0.0-20230221082914-5f20e7c6a460
 )
 require (
 	github.com/TrueCloudLab/frostfs-crypto v0.5.0 // indirect
 	github.com/TrueCloudLab/rfc6979 v0.3.0 // indirect
-	github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
+	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20221202181307-76fa05c21b12 // indirect
 	github.com/benbjohnson/clock v1.1.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
@ -54,7 +59,7 @@ require (
 	github.com/golang/snappy v0.0.3 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/gorilla/websocket v1.4.2 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/hashicorp/golang-lru v0.6.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/holiman/uint256 v1.2.0 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
@ -89,8 +94,9 @@ require (
 	github.com/syndtr/goleveldb v1.0.1-0.20210305035536-64b5b1c73954 // indirect
 	github.com/twmb/murmur3 v1.1.5 // indirect
 	github.com/urfave/cli v1.22.5 // indirect
-	go.uber.org/multierr v1.8.0 // indirect
+	go.uber.org/multierr v1.9.0 // indirect
 	golang.org/x/crypto v0.4.0 // indirect
 	golang.org/x/exp v0.0.0-20221227203929-1b447090c38c // indirect
 	golang.org/x/net v0.4.0 // indirect
 	golang.org/x/sync v0.1.0 // indirect
 	golang.org/x/sys v0.3.0 // indirect
--- a/go.sum
+++ b/go.sum
--- a/pkg/services/tree/signature.go
+++ b/pkg/services/tree/signature.go
@ -100,6 +100,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
 	}
 	var tb eacl.Table
 	signer := req.GetSignature().GetKey()
 	if tableFromBearer {
 		if bt.Impersonate() {
 			tbCore, err := s.eaclSource.GetEACL(cid)
@ -111,6 +112,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
 				return fmt.Errorf("get eACL table: %w", err)
 			}
 			tb = *tbCore.Value
 			signer = bt.SigningKeyBytes()
 		} else {
 			if !bearer.ResolveIssuer(*bt).Equals(cnr.Value.Owner()) {
 				return eACLErr(eaclOp, errBearerWrongOwner)
@ -130,7 +132,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
 		tb = *tbCore.Value
 	}
-	return checkEACL(tb, req.GetSignature().GetKey(), eACLRole(role), eaclOp)
+	return checkEACL(tb, signer, eACLRole(role), eaclOp)
 }
 func verifyMessage(m message) error {