Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
YottaChain
YTBP
提交
34c4d2c3
Y
YTBP
项目概览
YottaChain
/
YTBP
通知
0
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
Y
YTBP
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
34c4d2c3
编写于
5月 04, 2018
作者:
M
Matt Witherspoon
提交者:
GitHub
5月 04, 2018
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #2772 from EOSIO/slim-inline-action-better-error
Eager checks for the existence of accounts and permissions in actions
上级
4b3660f2
cfac2397
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
34 addition
and
5 deletion
+34
-5
libraries/chain/apply_context.cpp
libraries/chain/apply_context.cpp
+20
-1
libraries/chain/controller.cpp
libraries/chain/controller.cpp
+14
-4
未找到文件。
libraries/chain/apply_context.cpp
浏览文件 @
34c4d2c3
...
@@ -194,6 +194,19 @@ void apply_context::require_recipient( account_name recipient ) {
...
@@ -194,6 +194,19 @@ void apply_context::require_recipient( account_name recipient ) {
* can better understand the security risk.
* can better understand the security risk.
*/
*/
void
apply_context
::
execute_inline
(
action
&&
a
)
{
void
apply_context
::
execute_inline
(
action
&&
a
)
{
auto
*
code
=
control
.
db
().
find
<
account_object
,
by_name
>
(
a
.
account
);
EOS_ASSERT
(
code
!=
nullptr
,
action_validate_exception
,
"inline action's code account ${account} does not exist"
,
(
"account"
,
a
.
account
)
);
for
(
const
auto
&
auth
:
a
.
authorization
)
{
auto
*
actor
=
control
.
db
().
find
<
account_object
,
by_name
>
(
auth
.
actor
);
EOS_ASSERT
(
actor
!=
nullptr
,
action_validate_exception
,
"inline action's authorizing actor ${account} does not exist"
,
(
"account"
,
auth
.
actor
)
);
EOS_ASSERT
(
control
.
get_authorization_manager
().
find_permission
(
auth
)
!=
nullptr
,
action_validate_exception
,
"inline action's authorizations include a non-existent permission: {permission}"
,
(
"permission"
,
auth
)
);
}
if
(
!
privileged
)
{
if
(
!
privileged
)
{
if
(
a
.
account
!=
receiver
)
{
// if a contract is calling itself then there is no need to check permissions
if
(
a
.
account
!=
receiver
)
{
// if a contract is calling itself then there is no need to check permissions
const
auto
delay
=
control
.
limit_delay
(
control
.
get_authorization_manager
()
const
auto
delay
=
control
.
limit_delay
(
control
.
get_authorization_manager
()
...
@@ -214,7 +227,13 @@ void apply_context::execute_inline( action&& a ) {
...
@@ -214,7 +227,13 @@ void apply_context::execute_inline( action&& a ) {
}
}
void
apply_context
::
execute_context_free_inline
(
action
&&
a
)
{
void
apply_context
::
execute_context_free_inline
(
action
&&
a
)
{
FC_ASSERT
(
a
.
authorization
.
size
()
==
0
,
"context free actions cannot have authorizations"
);
auto
*
code
=
control
.
db
().
find
<
account_object
,
by_name
>
(
a
.
account
);
EOS_ASSERT
(
code
!=
nullptr
,
action_validate_exception
,
"inline action's code account ${account} does not exist"
,
(
"account"
,
a
.
account
)
);
EOS_ASSERT
(
a
.
authorization
.
size
()
==
0
,
action_validate_exception
,
"context-free actions cannot have authorizations"
);
_cfa_inline_actions
.
emplace_back
(
move
(
a
)
);
_cfa_inline_actions
.
emplace_back
(
move
(
a
)
);
}
}
...
...
libraries/chain/controller.cpp
浏览文件 @
34c4d2c3
...
@@ -1302,15 +1302,25 @@ fc::microseconds controller::limit_delay( fc::microseconds delay )const {
...
@@ -1302,15 +1302,25 @@ fc::microseconds controller::limit_delay( fc::microseconds delay )const {
void
controller
::
validate_referenced_accounts
(
const
transaction
&
trx
)
const
{
void
controller
::
validate_referenced_accounts
(
const
transaction
&
trx
)
const
{
for
(
const
auto
&
a
:
trx
.
context_free_actions
)
{
for
(
const
auto
&
a
:
trx
.
context_free_actions
)
{
get_account
(
a
.
account
);
auto
*
code
=
my
->
db
.
find
<
account_object
,
by_name
>
(
a
.
account
);
FC_ASSERT
(
a
.
authorization
.
size
()
==
0
);
EOS_ASSERT
(
code
!=
nullptr
,
transaction_exception
,
"action's code account ${account} does not exist"
,
(
"account"
,
a
.
account
)
);
EOS_ASSERT
(
a
.
authorization
.
size
()
==
0
,
transaction_exception
,
"context-free actions cannot have authorizations"
);
}
}
bool
one_auth
=
false
;
bool
one_auth
=
false
;
for
(
const
auto
&
a
:
trx
.
actions
)
{
for
(
const
auto
&
a
:
trx
.
actions
)
{
get_account
(
a
.
account
);
auto
*
code
=
my
->
db
.
find
<
account_object
,
by_name
>
(
a
.
account
);
EOS_ASSERT
(
code
!=
nullptr
,
transaction_exception
,
"action's code account ${account} does not exist"
,
(
"account"
,
a
.
account
)
);
for
(
const
auto
&
auth
:
a
.
authorization
)
{
for
(
const
auto
&
auth
:
a
.
authorization
)
{
one_auth
=
true
;
one_auth
=
true
;
get_account
(
auth
.
actor
);
auto
*
actor
=
my
->
db
.
find
<
account_object
,
by_name
>
(
auth
.
actor
);
EOS_ASSERT
(
actor
!=
nullptr
,
transaction_exception
,
"action's authorizing actor ${account} does not exist"
,
(
"account"
,
auth
.
actor
)
);
EOS_ASSERT
(
my
->
authorization
.
find_permission
(
auth
)
!=
nullptr
,
transaction_exception
,
"action's authorizations include a non-existent permission: {permission}"
,
(
"permission"
,
auth
)
);
}
}
}
}
EOS_ASSERT
(
one_auth
,
tx_no_auths
,
"transaction must have at least one authorization"
);
EOS_ASSERT
(
one_auth
,
tx_no_auths
,
"transaction must have at least one authorization"
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录