commit b2098425911ff2be1543c3fbae3174beddbcb471
author Vitaly Buka <vitalybuka@chromium.org> Sun May 31 23:32:46 2015 -0700
committer ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> Mon Jun 01 18:12:17 2015 +0000
tree ed9c97a01404e3e1f4494e95573c2bc9fb12ecce
parent be7ccb959d1795f5e3be9a0f9ff82ef56bd828aa

privetd: Compare user scope with minimalRole for local commands

Prived passes current auth scope corresponding to the current
/privet/v3/commands/execute requests to buffet.
Buffet compare scope with minimalRole of requested command and denies
request if scope is not enough.

BUG=brillo:808
TEST=`FEATURES=test emerge-gizmo buffet privetd`

Change-Id: Ib691184460fcd9d099e0688eaeadf831229672aa
Reviewed-on: https://chromium-review.googlesource.com/274234
Tested-by: Vitaly Buka <vitalybuka@chromium.org>
Reviewed-by: Alex Vakulenko <avakulenko@chromium.org>
Commit-Queue: Vitaly Buka <vitalybuka@chromium.org>

buffet/buffet_client.cc

diff --git a/buffet/buffet_client.cc b/buffet/buffet_client.cc
index 8408a46..ab8f189 100644
--- a/buffet/buffet_client.cc
+++ b/buffet/buffet_client.cc
@@ -365,7 +365,7 @@
   void CallAddCommand(const std::string& command, ManagerProxy* manager_proxy) {
     ErrorPtr error;
     std::string id;
-    if (!manager_proxy->AddCommand(command, &id, &error)) {
+    if (!manager_proxy->AddCommand(command, "owner", &id, &error)) {
       return ReportError(error.get());
     }
     OnJobComplete();