From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sun, 30 May 2021 12:40:53 +0000 (+0100)
Subject: sshkeys: Fix Authorisation handling etc. in PerScope.check()
X-Git-Tag: otter-0.7.0~214
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=89c0e8c2d4068adf30300ab9f038b86ebf196208;p=otter.git

sshkeys: Fix Authorisation handling etc. in PerScope.check()

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---

diff --git a/src/sshkeys.rs b/src/sshkeys.rs
index 00af3a76..4d06eabe 100644
--- a/src/sshkeys.rs
+++ b/src/sshkeys.rs
@@ -149,15 +149,21 @@ impl Debug for Nonce {
 }
 
 impl PerScope {
-  pub fn check(&self, gl: &Global, id: Id, nonce: Nonce)
+  pub fn check(&self, ag: &AccountsGuard, id: Id, nonce: &Nonce,
+               auth_in: Authorisation<(Id, Nonce)>)
                -> Option<Authorisation<AccountScope>> {
+    let gl = &ag.get().ssh_keys;
     for sk in &self.authorised {
       if_chain!{
         if let Some(sk) = sk;
         if sk.id == id;
         if let Some(key) = gl.keys.get(sk.id);
-        if key.nonce == nonce;
-        then { return Some(Authorisation::authorise_any()) }
+        if &key.nonce == nonce;
+        then {
+          // We have checked id and nonce, against those allowed
+          let auth = auth_in.therefore_ok();
+          return Some(auth);
+        }
       }
     }
     None