From: Ian Jackson Date: Tue, 4 May 2021 00:14:40 +0000 (+0100) Subject: bundles: Require and provide an authproof for opening X-Git-Tag: otter-0.6.0~410 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=5a21b78317c3eeb75152b67466396753da3e758a;p=otter.git bundles: Require and provide an authproof for opening Signed-off-by: Ian Jackson --- diff --git a/daemon/cmdlistener.rs b/daemon/cmdlistener.rs index 3a80418a..40479d0f 100644 --- a/daemon/cmdlistener.rs +++ b/daemon/cmdlistener.rs @@ -253,9 +253,10 @@ fn execute_and_respond(cs: &mut CommandStreamData, cmd: MgmtCommand, let ag = AccountsGuard::lock(); let gref = Instance::lookup_by_name_unauth(&game)?; let mut igu = gref.lock()?; - let (ig, _) = cs.check_acl(&ag, &mut igu, PCH::Instance, + let (ig, auth) = cs.check_acl(&ag, &mut igu, PCH::Instance, TP_ACCESS_BUNDLES)?; - let f = id.open(&ig.name)?.ok_or_else(|| ME::BundleNotFound)?; + let f = id.open(&ig.name,auth.bundles())? + .ok_or_else(|| ME::BundleNotFound)?; bulk_download = Some(Box::new(f)); Fine } diff --git a/src/bundles.rs b/src/bundles.rs index 2bf9aa99..57db87fd 100644 --- a/src/bundles.rs +++ b/src/bundles.rs @@ -51,6 +51,10 @@ const BUNDLES_MAX: Index = Index(64); #[derive(Serialize,Deserialize)] pub struct Id { pub index: Index, pub kind: Kind, } +impl Authorisation { + pub fn bundles(self) -> Authorisation { self.therefore_ok() } +} + #[derive(Debug,Clone)] pub struct InstanceBundles { // todo: this vec is needed during loading only! @@ -118,7 +122,8 @@ impl Id { } #[throws(IE)] - pub fn open(&self, instance_name: &InstanceName) -> Option { + pub fn open(&self, instance_name: &InstanceName, + _: Authorisation) -> Option { let path = self.path(instance_name); match File::open(&path) { Ok(f) => Some(f),