Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

etcdserver: respect auth on serialized Range

Browse Source
This commit is contained in:
Anthony Romano 2016-06-10 10:53:40 -07:00
parent bdc7035c10
commit b3a0b0502c
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
etcdserver/v3_server.go
View File

@ -17,6 +17,7 @@ package etcdserver
import ( import (
"time" "time"
"github.com/coreos/etcd/auth"
pb "github.com/coreos/etcd/etcdserver/etcdserverpb" pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
"github.com/coreos/etcd/lease" "github.com/coreos/etcd/lease"
"github.com/coreos/etcd/lease/leasehttp" "github.com/coreos/etcd/lease/leasehttp"
@ -74,6 +75,14 @@ type Authenticator interface {
func (s *EtcdServer) Range(ctx context.Context, r *pb.RangeRequest) (*pb.RangeResponse, error) { func (s *EtcdServer) Range(ctx context.Context, r *pb.RangeRequest) (*pb.RangeResponse, error) {
if r.Serializable { if r.Serializable {
user, err := s.usernameFromCtx(ctx)
if err != nil {
return nil, err
}
hdr := &pb.RequestHeader{Username: user}
if !s.AuthStore().IsRangePermitted(hdr, string(r.Key), string(r.RangeEnd)) {
return nil, auth.ErrPermissionDenied
}
return s.applyV3.Range(noTxn, r) return s.applyV3.Range(noTxn, r)
} }