From 5a21b78317c3eeb75152b67466396753da3e758a Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 4 May 2021 01:14:40 +0100 Subject: [PATCH] bundles: Require and provide an authproof for opening Signed-off-by: Ian Jackson --- daemon/cmdlistener.rs | 5 +++-- src/bundles.rs | 7 ++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/daemon/cmdlistener.rs b/daemon/cmdlistener.rs index 3a80418a..40479d0f 100644 --- a/daemon/cmdlistener.rs +++ b/daemon/cmdlistener.rs @@ -253,9 +253,10 @@ fn execute_and_respond(cs: &mut CommandStreamData, cmd: MgmtCommand, let ag = AccountsGuard::lock(); let gref = Instance::lookup_by_name_unauth(&game)?; let mut igu = gref.lock()?; - let (ig, _) = cs.check_acl(&ag, &mut igu, PCH::Instance, + let (ig, auth) = cs.check_acl(&ag, &mut igu, PCH::Instance, TP_ACCESS_BUNDLES)?; - let f = id.open(&ig.name)?.ok_or_else(|| ME::BundleNotFound)?; + let f = id.open(&ig.name,auth.bundles())? + .ok_or_else(|| ME::BundleNotFound)?; bulk_download = Some(Box::new(f)); Fine } diff --git a/src/bundles.rs b/src/bundles.rs index 2bf9aa99..57db87fd 100644 --- a/src/bundles.rs +++ b/src/bundles.rs @@ -51,6 +51,10 @@ const BUNDLES_MAX: Index = Index(64); #[derive(Serialize,Deserialize)] pub struct Id { pub index: Index, pub kind: Kind, } +impl Authorisation { + pub fn bundles(self) -> Authorisation { self.therefore_ok() } +} + #[derive(Debug,Clone)] pub struct InstanceBundles { // todo: this vec is needed during loading only! @@ -118,7 +122,8 @@ impl Id { } #[throws(IE)] - pub fn open(&self, instance_name: &InstanceName) -> Option { + pub fn open(&self, instance_name: &InstanceName, + _: Authorisation) -> Option { let path = self.path(instance_name); match File::open(&path) { Ok(f) => Some(f), -- 2.30.2