sshkeys: Fix Authorisation handling etc. in PerScope.check()

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

diff --git a/src/sshkeys.rs b/src/sshkeys.rs
index 00af3a76cdadcb0ba0da0f1d5623e5f626837be3..4d06eabeafc08fde6a9375f293e8a1c7bfa9c238 100644 (file)
--- a/src/sshkeys.rs
+++ b/src/sshkeys.rs
@@ -149,15 +149,21 @@ impl Debug for Nonce {
 }
 
 impl PerScope {
-  pub fn check(&self, gl: &Global, id: Id, nonce: Nonce)
+  pub fn check(&self, ag: &AccountsGuard, id: Id, nonce: &Nonce,
+               auth_in: Authorisation<(Id, Nonce)>)
                -> Option<Authorisation<AccountScope>> {
+    let gl = &ag.get().ssh_keys;
     for sk in &self.authorised {
       if_chain!{
         if let Some(sk) = sk;
         if sk.id == id;
         if let Some(key) = gl.keys.get(sk.id);
-        if key.nonce == nonce;
-        then { return Some(Authorisation::authorise_any()) }
+        if &key.nonce == nonce;
+        then {
+          // We have checked id and nonce, against those allowed
+          let auth = auth_in.therefore_ok();
+          return Some(auth);
+        }
       }
     }
     None