auth: break TLS VerifiedChains for-loop early

Fix "auth/store.go:1147:4: the surrounding loop is unconditionally terminated (SA4004)" Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2024-09-27 06:25:44 +00:00 · 2018-04-30 10:33:59 -07:00
parent cdadc4638d
commit d398d41ff0
1 changed files with 19 additions and 11 deletions
--- a/auth/store.go
+++ b/auth/store.go
@@ -1129,7 +1129,7 @@ func (as *authStore) Revision() uint64 {
 	return atomic.LoadUint64(&as.revision)
 }

-func (as *authStore) AuthInfoFromTLS(ctx context.Context) *AuthInfo {
+func (as *authStore) AuthInfoFromTLS(ctx context.Context) (ai *AuthInfo) {
 	peer, ok := peer.FromContext(ctx)
 	if !ok || peer == nil || peer.AuthInfo == nil {
 		return nil
@@ -1137,18 +1137,26 @@ func (as *authStore) AuthInfoFromTLS(ctx context.Context) *AuthInfo {

 	tlsInfo := peer.AuthInfo.(credentials.TLSInfo)
 	for _, chains := range tlsInfo.State.VerifiedChains {
-		for _, chain := range chains {
-			cn := chain.Subject.CommonName
-			if as.lg != nil {
-				as.lg.Debug("found command name", zap.String("common-name", cn))
-			} else {
-				plog.Debugf("found common name %s", cn)
-			}
-			return &AuthInfo{Username: cn, Revision: as.Revision()}
+		if len(chains) < 1 {
+			continue
 		}
+		ai = &AuthInfo{
+			Username: chains[0].Subject.CommonName,
+			Revision: as.Revision(),
+		}
+		if as.lg != nil {
+			as.lg.Debug(
+				"found command name",
+				zap.String("common-name", ai.Username),
+				zap.String("user-name", ai.Username),
+				zap.Uint64("revision", ai.Revision),
+			)
+		} else {
+			plog.Debugf("found common name %s", ai.Username)
+		}
+		break
 	}
-
-	return nil
+	return ai
 }

 func (as *authStore) AuthInfoFromCtx(ctx context.Context) (*AuthInfo, error) {