realloc/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Releases Packages Activity

[#229] services/tree: Use bearer owner as signer

Browse source 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
Denis Kirillov 2022-10-25 15:24:06 +03:00 committed by Denis Kirillov
parent 89530534a1
commit dce5924a89
4 changed files with 42 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

4
pkg/services/tree/signature.go
View file

@ -101,6 +101,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
}
var tb eacl.Table
signer := req.GetSignature().GetKey()
if tableFromBearer {
if bt.Impersonate() {
tbCore, err := s.eaclSource.GetEACL(cid)
@ -108,6 +109,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
return handleGetEACLError(err)
}
tb = *tbCore.Value
signer = bt.SigningKeyBytes()
} else {
if !bearer.ResolveIssuer(*bt).Equals(cnr.Value.Owner()) {
return eACLErr(eaclOp, errBearerWrongOwner)
@ -123,7 +125,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
tb = *tbCore.Value
}
return checkEACL(tb, req.GetSignature().GetKey(), eACLRole(role), eaclOp)
return checkEACL(tb, signer, eACLRole(role), eaclOp)
}
func handleGetEACLError(err error) error {