From 89c0e8c2d4068adf30300ab9f038b86ebf196208 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sun, 30 May 2021 13:40:53 +0100
Subject: [PATCH] sshkeys: Fix Authorisation handling etc. in PerScope.check()

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 src/sshkeys.rs | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/sshkeys.rs b/src/sshkeys.rs
index 00af3a76..4d06eabe 100644
--- a/src/sshkeys.rs
+++ b/src/sshkeys.rs
@@ -149,15 +149,21 @@ impl Debug for Nonce {
 }
 
 impl PerScope {
-  pub fn check(&self, gl: &Global, id: Id, nonce: Nonce)
+  pub fn check(&self, ag: &AccountsGuard, id: Id, nonce: &Nonce,
+               auth_in: Authorisation<(Id, Nonce)>)
                -> Option<Authorisation<AccountScope>> {
+    let gl = &ag.get().ssh_keys;
     for sk in &self.authorised {
       if_chain!{
         if let Some(sk) = sk;
         if sk.id == id;
         if let Some(key) = gl.keys.get(sk.id);
-        if key.nonce == nonce;
-        then { return Some(Authorisation::authorise_any()) }
+        if &key.nonce == nonce;
+        then {
+          // We have checked id and nonce, against those allowed
+          let auth = auth_in.therefore_ok();
+          return Some(auth);
+        }
       }
     }
     None
-- 
2.30.2