diff --git a/cmd/neofs-node/object.go b/cmd/neofs-node/object.go index 449c41b8a..d10c3bdbf 100644 --- a/cmd/neofs-node/object.go +++ b/cmd/neofs-node/object.go @@ -371,11 +371,13 @@ func (s *signedEACLTable) SignedDataSize() int { } func (s *morphEACLStorage) GetEACL(cid *container.ID) (*eaclSDK.Table, error) { - table, sig, err := s.w.GetEACL(cid) + table, err := s.w.GetEACL(cid) if err != nil { return nil, err } + sig := table.Signature() + if err := signature.VerifyDataWithSource( (*signedEACLTable)(table), func() ([]byte, []byte) { diff --git a/pkg/morph/client/container/wrapper/eacl.go b/pkg/morph/client/container/wrapper/eacl.go index ba98b8e4a..6b0001ed7 100644 --- a/pkg/morph/client/container/wrapper/eacl.go +++ b/pkg/morph/client/container/wrapper/eacl.go @@ -12,23 +12,23 @@ import ( // GetEACL reads the extended ACL table from NeoFS system // through Container contract call. -func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, *pkg.Signature, error) { +func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, error) { if cid == nil { - return nil, nil, errNilArgument + return nil, errNilArgument } args := client.EACLArgs{} v2 := cid.ToV2() if v2 == nil { - return nil, nil, errUnsupported // use other major version if there any + return nil, errUnsupported // use other major version if there any } args.SetCID(v2.GetValue()) rpcAnswer, err := w.client.EACL(args) if err != nil { - return nil, nil, err + return nil, err } // Client may not return errors if the table is missing, so check this case additionally. @@ -36,7 +36,7 @@ func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, *pkg.Signature, er // since unsigned table cannot be approved in the storage by design. sig := rpcAnswer.Signature() if len(sig) == 0 { - return nil, nil, container.ErrEACLNotFound + return nil, container.ErrEACLNotFound } tableSignature := pkg.NewSignature() @@ -46,10 +46,12 @@ func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, *pkg.Signature, er table := eacl.NewTable() if err = table.Unmarshal(rpcAnswer.EACL()); err != nil { // use other major version if there any - return nil, nil, err + return nil, err } - return table, tableSignature, nil + table.SetSignature(tableSignature) + + return table, nil } // PutEACL marshals table, and passes it to Wrapper's PutEACLBinary method diff --git a/pkg/services/container/morph/executor.go b/pkg/services/container/morph/executor.go index c2a75345d..d17d60138 100644 --- a/pkg/services/container/morph/executor.go +++ b/pkg/services/container/morph/executor.go @@ -102,14 +102,14 @@ func (s *morphExecutor) SetExtendedACL(ctx context.Context, body *container.SetE func (s *morphExecutor) GetExtendedACL(ctx context.Context, body *container.GetExtendedACLRequestBody) (*container.GetExtendedACLResponseBody, error) { cid := containerSDK.NewIDFromV2(body.GetContainerID()) - table, signature, err := s.wrapper.GetEACL(cid) + table, err := s.wrapper.GetEACL(cid) if err != nil { return nil, err } res := new(container.GetExtendedACLResponseBody) res.SetEACL(table.ToV2()) - res.SetSignature(signature.ToV2()) + res.SetSignature(table.Signature().ToV2()) res.SetSessionToken(table.SessionToken().ToV2()) return res, nil