Check that the program was granted access to program_id (#13890)

2020-12-01 07:35:07 -08:00 · 2020-12-01 07:35:07 -08:00 · 733fcbaa6c
parent 57dd60f671
commit 733fcbaa6c
9 changed files with 3539 additions and 0 deletions
--- a/programs/bpf/Cargo.lock
+++ b/programs/bpf/Cargo.lock
@ -1916,6 +1916,13 @@ dependencies = [
 "solana-program",
 ]

+[[package]]
+name = "solana-bpf-rust-caller-access"
+version = "1.5.0"
+dependencies = [
+ "solana-program",
+]
+
 [[package]]
 name = "solana-bpf-rust-custom-heap"
 version = "1.5.0"
--- a/programs/bpf/Cargo.toml
+++ b/programs/bpf/Cargo.toml
@ -38,6 +38,7 @@ members = [
    "rust/128bit_dep",
    "rust/alloc",
    "rust/call_depth",
+    "rust/caller_access",
    "rust/custom_heap",
    "rust/dep_crate",
    "rust/deprecated_loader",
--- a/programs/bpf/build.rs
+++ b/programs/bpf/build.rs
@ -61,6 +61,7 @@ fn main() {
            "128bit",
            "alloc",
            "call_depth",
+            "caller_access",
            "custom_heap",
            "dep_crate",
            "deprecated_loader",
--- a/programs/bpf/rust/caller_access/Cargo.lock
+++ b/programs/bpf/rust/caller_access/Cargo.lock
--- a/programs/bpf/rust/caller_access/Cargo.toml
+++ b/programs/bpf/rust/caller_access/Cargo.toml
@ -0,0 +1,18 @@
+[package]
+name = "solana-bpf-rust-caller-access"
+version = "1.5.0"
+description = "Solana BPF test program written in Rust"
+authors = ["Solana Maintainers <maintainers@solana.foundation>"]
+repository = "https://github.com/solana-labs/solana"
+license = "Apache-2.0"
+homepage = "https://solana.com/"
+edition = "2018"
+
+[dependencies]
+solana-program = { path = "../../../../sdk/program", version = "1.5.0" }
+
+[lib]
+crate-type = ["cdylib"]
+
+[package.metadata.docs.rs]
+targets = ["x86_64-unknown-linux-gnu"]
--- a/programs/bpf/rust/caller_access/Xargo.toml
+++ b/programs/bpf/rust/caller_access/Xargo.toml
@ -0,0 +1,2 @@
+[target.bpfel-unknown-unknown.dependencies.std]
+features = []
--- a/programs/bpf/rust/caller_access/src/lib.rs
+++ b/programs/bpf/rust/caller_access/src/lib.rs
@ -0,0 +1,52 @@
+use solana_program::{
+    account_info::AccountInfo,
+    entrypoint,
+    entrypoint::ProgramResult,
+    instruction::{AccountMeta, Instruction},
+    msg,
+    program::invoke,
+    pubkey::Pubkey,
+};
+use std::convert::TryInto;
+
+entrypoint!(process_instruction);
+fn process_instruction(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+    instruction_data: &[u8],
+) -> ProgramResult {
+    if instruction_data.len() == 32 {
+        let key = Pubkey::new_from_array(instruction_data.try_into().unwrap());
+        let ix = Instruction::new(key, &[2], vec![]);
+        let mut lamports = accounts[0].lamports();
+        let owner = &accounts[0].owner;
+        let mut data = accounts[0].try_borrow_mut_data()?;
+        let account = AccountInfo::new(
+            &key,
+            false,
+            false,
+            &mut lamports,
+            &mut data,
+            &owner,
+            true,
+            0,
+        );
+        msg!("{:?} calling {:?}", program_id, key);
+        invoke(&ix, &[account])?;
+    } else {
+        match instruction_data[0] {
+            1 => {
+                let ix = Instruction::new(
+                    *program_id,
+                    &accounts[1].key.to_bytes(),
+                    vec![AccountMeta::new_readonly(*program_id, false)],
+                );
+                msg!("{:?} calling {:?}", program_id, program_id);
+                invoke(&ix, accounts)?;
+            }
+
+            _ => msg!("Should never get here"),
+        }
+    }
+    Ok(())
+}
--- a/programs/bpf/tests/programs.rs
+++ b/programs/bpf/tests/programs.rs
@ -796,6 +796,43 @@ fn test_program_bpf_invoke() {
        assert_eq!(10, bank.get_balance(&from_pubkey));
        assert_eq!(0, bank.get_balance(&to_pubkey));
    }
+
+    // Check the caller has access to cpi program
+    {
+        let GenesisConfigInfo {
+            genesis_config,
+            mint_keypair,
+            ..
+        } = create_genesis_config(50);
+        let mut bank = Bank::new(&genesis_config);
+        let (name, id, entrypoint) = solana_bpf_loader_program!();
+        bank.add_builtin(&name, id, entrypoint);
+        let bank = Arc::new(bank);
+        let bank_client = BankClient::new_shared(&bank);
+
+        let caller_pubkey = load_bpf_program(
+            &bank_client,
+            &bpf_loader::id(),
+            &mint_keypair,
+            "solana_bpf_rust_caller_access",
+        );
+        let caller2_pubkey = load_bpf_program(
+            &bank_client,
+            &bpf_loader::id(),
+            &mint_keypair,
+            "solana_bpf_rust_caller_access",
+        );
+        let account_metas = vec![
+            AccountMeta::new_readonly(caller_pubkey, false),
+            AccountMeta::new_readonly(caller2_pubkey, false),
+        ];
+        let instruction = Instruction::new(caller_pubkey, &[1_u8], account_metas.clone());
+        let result = bank_client.send_and_confirm_instruction(&mint_keypair, instruction);
+        assert_eq!(
+            result.unwrap_err().unwrap(),
+            TransactionError::InstructionError(0, InstructionError::MissingAccount)
+        );
+    }
 }

 #[cfg(feature = "bpf_rust")]
--- a/programs/bpf_loader/src/syscalls.rs
+++ b/programs/bpf_loader/src/syscalls.rs
@ -1336,6 +1336,20 @@ fn verify_instruction<'a>(
        }
    }

+    // validate the caller has access to the program account
+    let _ = callers_keyed_accounts
+        .iter()
+        .find_map(|keyed_account| {
+            if &instruction.program_id == keyed_account.unsigned_key() {
+                Some(keyed_account)
+            } else {
+                None
+            }
+        })
+        .ok_or(SyscallError::InstructionError(
+            InstructionError::MissingAccount,
+        ))?;
+
    Ok(())
 }