From c6a9c5cd8c061e9c268e1b6e95be5e028039a46a Mon Sep 17 00:00:00 2001 From: Evgenii Stratonikov Date: Mon, 4 Apr 2022 12:21:54 +0300 Subject: [PATCH] [#1283] services/object: Disallow creating objects without a session token Signed-off-by: Evgenii Stratonikov --- pkg/services/object/put/streamer.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkg/services/object/put/streamer.go b/pkg/services/object/put/streamer.go index 3c8c0e6e4..b6d33a277 100644 --- a/pkg/services/object/put/streamer.go +++ b/pkg/services/object/put/streamer.go @@ -11,6 +11,7 @@ import ( "github.com/nspcc-dev/neofs-node/pkg/services/object_manager/placement" "github.com/nspcc-dev/neofs-node/pkg/services/object_manager/transformer" "github.com/nspcc-dev/neofs-sdk-go/object" + "github.com/nspcc-dev/neofs-sdk-go/owner" ) type Streamer struct { @@ -88,6 +89,12 @@ func (p *Streamer) initTarget(prm *PutInitPrm) error { return fmt.Errorf("(%T) could not receive session key: %w", p, err) } + // In case session token is missing, the line above returns the default key. + // If it isn't owner key, replication attempts will fail, thus this check. + if sToken == nil && !prm.hdr.OwnerID().Equal(owner.NewIDFromPublicKey(&sessionKey.PublicKey)) { + return fmt.Errorf("(%T) session token is missing but object owner id is different from the default key", p) + } + p.target = transformer.NewPayloadSizeLimiter( p.maxPayloadSz, func() transformer.ObjectTarget {