aarifullin/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Issues Pull requests Projects Releases Packages Wiki Activity

services/tree: Use bearer owner as signer

Browse source 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
Denis Kirillov 2022-10-25 15:24:06 +03:00 committed by Denis Kirillov
parent fe56f11edc
commit 6f991ab762
3 changed files with 12 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
go.mod
View file

@ -39,10 +39,15 @@ require (
gopkg.in/yaml.v3 v3.0.1
)
replace (
github.com/TrueCloudLab/frostfs-api-go/v2 v2.0.0-20221212144048-1351b6656d68 => github.com/KirillovDenis/frostfs-api-go/v2 v2.11.2-0.20230221082308-ac00938fa447
github.com/TrueCloudLab/frostfs-sdk-go v0.0.0-20221214065929-4c779423f556 => github.com/KirillovDenis/frostfs-sdk-go v0.0.0-20230221082914-5f20e7c6a460
)
require (
github.com/TrueCloudLab/frostfs-crypto v0.5.0 // indirect
github.com/TrueCloudLab/rfc6979 v0.3.0 // indirect
github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20221202181307-76fa05c21b12 // indirect
github.com/benbjohnson/clock v1.1.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.1.2 // indirect
@ -54,7 +59,7 @@ require (
github.com/golang/snappy v0.0.3 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/gorilla/websocket v1.4.2 // indirect
github.com/hashicorp/golang-lru v0.5.4 // indirect
github.com/hashicorp/golang-lru v0.6.0 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/holiman/uint256 v1.2.0 // indirect
github.com/inconshreveable/mousetrap v1.0.1 // indirect
@ -89,8 +94,9 @@ require (
github.com/syndtr/goleveldb v1.0.1-0.20210305035536-64b5b1c73954 // indirect
github.com/twmb/murmur3 v1.1.5 // indirect
github.com/urfave/cli v1.22.5 // indirect
go.uber.org/multierr v1.8.0 // indirect
go.uber.org/multierr v1.9.0 // indirect
golang.org/x/crypto v0.4.0 // indirect
golang.org/x/exp v0.0.0-20221227203929-1b447090c38c // indirect
golang.org/x/net v0.4.0 // indirect
golang.org/x/sync v0.1.0 // indirect
golang.org/x/sys v0.3.0 // indirect

BIN
go.sum
View file

Binary file not shown.

4
pkg/services/tree/signature.go
View file

@ -100,6 +100,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
}
var tb eacl.Table
signer := req.GetSignature().GetKey()
if tableFromBearer {
if bt.Impersonate() {
tbCore, err := s.eaclSource.GetEACL(cid)
@ -111,6 +112,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
return fmt.Errorf("get eACL table: %w", err)
}
tb = *tbCore.Value
signer = bt.SigningKeyBytes()
} else {
if !bearer.ResolveIssuer(*bt).Equals(cnr.Value.Owner()) {
return eACLErr(eaclOp, errBearerWrongOwner)
@ -130,7 +132,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
tb = *tbCore.Value
}
return checkEACL(tb, req.GetSignature().GetKey(), eACLRole(role), eaclOp)
return checkEACL(tb, signer, eACLRole(role), eaclOp)
}
func verifyMessage(m message) error {