[#529] objectcore: Fix object content validation

There are old objects where the owner of the object may not match the one who issued the token. Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-07-28 15:44:35 +03:00 · 2023-07-28 15:44:35 +03:00 · ae81d6660a
commit ae81d6660a
parent ab2614ec2d
10 changed files with 535 additions and 42 deletions
--- a/cmd/frostfs-node/object.go
+++ b/cmd/frostfs-node/object.go
@ -160,8 +160,9 @@ func initObjectService(c *cfg) {
 	addPolicer(c, keyStorage, c.bgClientCache)

 	traverseGen := util.NewTraverserGenerator(c.netMapSource, c.cfgObject.cnrSource, c)
+	irFetcher := newCachedIRFetcher(createInnerRingFetcher(c))

-	sPut := createPutSvc(c, keyStorage)
+	sPut := createPutSvc(c, keyStorage, &irFetcher)

 	sPutV2 := createPutSvcV2(sPut, keyStorage)

@ -184,7 +185,7 @@ func initObjectService(c *cfg) {

 	splitSvc := createSplitService(c, sPutV2, sGetV2, sSearchV2, sDeleteV2)

-	aclSvc := createACLServiceV2(c, splitSvc)
+	aclSvc := createACLServiceV2(c, splitSvc, &irFetcher)

 	var commonSvc objectService.Common
 	commonSvc.Init(&c.internals, aclSvc)
@ -295,7 +296,7 @@ func createReplicator(c *cfg, keyStorage *util.KeyStorage, cache *cache.ClientCa
 	)
 }

-func createPutSvc(c *cfg, keyStorage *util.KeyStorage) *putsvc.Service {
+func createPutSvc(c *cfg, keyStorage *util.KeyStorage, irFetcher *cachedIRFetcher) *putsvc.Service {
 	ls := c.cfgObject.cfgLocalStorage.localStorage

 	var os putsvc.ObjectStorage = engineWithoutNotifications{
@ -320,8 +321,10 @@ func createPutSvc(c *cfg, keyStorage *util.KeyStorage) *putsvc.Service {
 		c.netMapSource,
 		c,
 		c.cfgNetmap.state,
+		irFetcher,
 		putsvc.WithWorkerPools(c.cfgObject.pool.putRemote, c.cfgObject.pool.putLocal),
 		putsvc.WithLogger(c.log),
+		putsvc.WithVerifySessionTokenIssuer(!c.cfgObject.skipSessionTokenIssuerVerification),
 	)
 }

@ -405,14 +408,13 @@ func createSplitService(c *cfg, sPutV2 *putsvcV2.Service, sGetV2 *getsvcV2.Servi
 	)
 }

-func createACLServiceV2(c *cfg, splitSvc *objectService.TransportSplitter) v2.Service {
+func createACLServiceV2(c *cfg, splitSvc *objectService.TransportSplitter, irFetcher *cachedIRFetcher) v2.Service {
 	ls := c.cfgObject.cfgLocalStorage.localStorage
-	irFetcher := createInnerRingFetcher(c)

 	return v2.New(
 		splitSvc,
 		c.netMapSource,
-		newCachedIRFetcher(irFetcher),
+		irFetcher,
 		acl.NewChecker(
 			c.cfgNetmap.state,
 			c.cfgObject.eaclSource,