From: Ian Jackson Date: Sun, 30 May 2021 12:24:30 +0000 (+0100) Subject: cmdlistener: authorise_by_account X-Git-Tag: otter-0.7.0~217 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=ae86a5352b6f25bb7fd02c21dfaff196052ad936;p=otter.git cmdlistener: authorise_by_account Do not re-authorise the account. Instead, check what we got from previous SelectAccount. Signed-off-by: Ian Jackson --- diff --git a/daemon/cmdlistener.rs b/daemon/cmdlistener.rs index 959753c2..f2ca5baf 100644 --- a/daemon/cmdlistener.rs +++ b/daemon/cmdlistener.rs @@ -61,7 +61,7 @@ enum AuthState { struct AccountSpecified { notional_account: AccountName, // might not exist cooked: String, // account.to_string() - auth: Authorisation, + auth: Authorisation, // but we did check permissions } enum PermissionCheckHow { @@ -1691,10 +1691,28 @@ fn authorise_for_account( fn authorise_by_account(cs: &CommandStreamData, ag: &AccountsGuard, wanted: &InstanceName) -> Authorisation { - let account = &wanted.account; - ag.check(account)?; - authorise_for_account(cs, ag, account)? - .therefore_ok() + let current = cs.current_account()?; + ag.check(¤t.notional_account)?; + + if let Some(y) = cs.superuser() { + return y.therefore_ok(); + } + + if ¤t.notional_account == &wanted.account { + current.auth.map( + // Not executed, exists as a proof. + // we need this Box::leak because map wants us to return a ref + // borrowing from the incoming subject, which would imply narrowing + // of scope and of course we are widening scope here. We're + // saying that the account can access all its games. + |account: &AccountName| Box::leak(Box::new(InstanceName { + account: account.clone(), + game: wanted.game.clone(), + })) + ) + } else { + throw!(ME::AuthorisationError); + } } #[throws(MgmtError)]