From ae86a5352b6f25bb7fd02c21dfaff196052ad936 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sun, 30 May 2021 13:24:30 +0100 Subject: [PATCH] cmdlistener: authorise_by_account Do not re-authorise the account. Instead, check what we got from previous SelectAccount. Signed-off-by: Ian Jackson --- daemon/cmdlistener.rs | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/daemon/cmdlistener.rs b/daemon/cmdlistener.rs index 959753c2..f2ca5baf 100644 --- a/daemon/cmdlistener.rs +++ b/daemon/cmdlistener.rs @@ -61,7 +61,7 @@ enum AuthState { struct AccountSpecified { notional_account: AccountName, // might not exist cooked: String, // account.to_string() - auth: Authorisation, + auth: Authorisation, // but we did check permissions } enum PermissionCheckHow { @@ -1691,10 +1691,28 @@ fn authorise_for_account( fn authorise_by_account(cs: &CommandStreamData, ag: &AccountsGuard, wanted: &InstanceName) -> Authorisation { - let account = &wanted.account; - ag.check(account)?; - authorise_for_account(cs, ag, account)? - .therefore_ok() + let current = cs.current_account()?; + ag.check(¤t.notional_account)?; + + if let Some(y) = cs.superuser() { + return y.therefore_ok(); + } + + if ¤t.notional_account == &wanted.account { + current.auth.map( + // Not executed, exists as a proof. + // we need this Box::leak because map wants us to return a ref + // borrowing from the incoming subject, which would imply narrowing + // of scope and of course we are widening scope here. We're + // saying that the account can access all its games. + |account: &AccountName| Box::leak(Box::new(InstanceName { + account: account.clone(), + game: wanted.game.clone(), + })) + ) + } else { + throw!(ME::AuthorisationError); + } } #[throws(MgmtError)] -- 2.30.2