mkadilov/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Pull requests Activity

[#1628] tree: Log unacceptable bearer attachment

Browse source 
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
This commit is contained in:
Pavel Karpy 2022-09-12 14:28:37 +03:00 committed by fyrchik
parent 2ffcd02ac3
commit 5adf089c1d
1 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
pkg/services/tree/signature.go
View file

@ -18,6 +18,7 @@ import (
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
"github.com/nspcc-dev/neofs-sdk-go/eacl" "github.com/nspcc-dev/neofs-sdk-go/eacl"
"github.com/nspcc-dev/neofs-sdk-go/user" "github.com/nspcc-dev/neofs-sdk-go/user"
"go.uber.org/zap"
) )
type message interface { type message interface {
@ -68,8 +69,20 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
eaclOp := eACLOp(op) eaclOp := eACLOp(op)
var tableFromBearer bool
if len(rawBearer) != 0 {
if !basicACL.AllowedBearerRules(op) {
s.log.Debug("bearer presented but not allowed by ACL",
zap.String("cid", cid.EncodeToString()),
zap.String("op", op.String()),
)
} else {
tableFromBearer = true
}
}
var tb eacl.Table var tb eacl.Table
if len(rawBearer) != 0 && basicACL.AllowedBearerRules(op) { if tableFromBearer {
var bt bearer.Token var bt bearer.Token
if err = bt.Unmarshal(rawBearer); err != nil { if err = bt.Unmarshal(rawBearer); err != nil {
return eACLErr(eaclOp, fmt.Errorf("invalid bearer token: %w", err)) return eACLErr(eaclOp, fmt.Errorf("invalid bearer token: %w", err))