Check that the program was granted access to program_id (#13890)
This commit is contained in:
parent
57dd60f671
commit
733fcbaa6c
|
@ -1916,6 +1916,13 @@ dependencies = [
|
|||
"solana-program",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "solana-bpf-rust-caller-access"
|
||||
version = "1.5.0"
|
||||
dependencies = [
|
||||
"solana-program",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "solana-bpf-rust-custom-heap"
|
||||
version = "1.5.0"
|
||||
|
|
|
@ -38,6 +38,7 @@ members = [
|
|||
"rust/128bit_dep",
|
||||
"rust/alloc",
|
||||
"rust/call_depth",
|
||||
"rust/caller_access",
|
||||
"rust/custom_heap",
|
||||
"rust/dep_crate",
|
||||
"rust/deprecated_loader",
|
||||
|
|
|
@ -61,6 +61,7 @@ fn main() {
|
|||
"128bit",
|
||||
"alloc",
|
||||
"call_depth",
|
||||
"caller_access",
|
||||
"custom_heap",
|
||||
"dep_crate",
|
||||
"deprecated_loader",
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,18 @@
|
|||
[package]
|
||||
name = "solana-bpf-rust-caller-access"
|
||||
version = "1.5.0"
|
||||
description = "Solana BPF test program written in Rust"
|
||||
authors = ["Solana Maintainers <maintainers@solana.foundation>"]
|
||||
repository = "https://github.com/solana-labs/solana"
|
||||
license = "Apache-2.0"
|
||||
homepage = "https://solana.com/"
|
||||
edition = "2018"
|
||||
|
||||
[dependencies]
|
||||
solana-program = { path = "../../../../sdk/program", version = "1.5.0" }
|
||||
|
||||
[lib]
|
||||
crate-type = ["cdylib"]
|
||||
|
||||
[package.metadata.docs.rs]
|
||||
targets = ["x86_64-unknown-linux-gnu"]
|
|
@ -0,0 +1,2 @@
|
|||
[target.bpfel-unknown-unknown.dependencies.std]
|
||||
features = []
|
|
@ -0,0 +1,52 @@
|
|||
use solana_program::{
|
||||
account_info::AccountInfo,
|
||||
entrypoint,
|
||||
entrypoint::ProgramResult,
|
||||
instruction::{AccountMeta, Instruction},
|
||||
msg,
|
||||
program::invoke,
|
||||
pubkey::Pubkey,
|
||||
};
|
||||
use std::convert::TryInto;
|
||||
|
||||
entrypoint!(process_instruction);
|
||||
fn process_instruction(
|
||||
program_id: &Pubkey,
|
||||
accounts: &[AccountInfo],
|
||||
instruction_data: &[u8],
|
||||
) -> ProgramResult {
|
||||
if instruction_data.len() == 32 {
|
||||
let key = Pubkey::new_from_array(instruction_data.try_into().unwrap());
|
||||
let ix = Instruction::new(key, &[2], vec![]);
|
||||
let mut lamports = accounts[0].lamports();
|
||||
let owner = &accounts[0].owner;
|
||||
let mut data = accounts[0].try_borrow_mut_data()?;
|
||||
let account = AccountInfo::new(
|
||||
&key,
|
||||
false,
|
||||
false,
|
||||
&mut lamports,
|
||||
&mut data,
|
||||
&owner,
|
||||
true,
|
||||
0,
|
||||
);
|
||||
msg!("{:?} calling {:?}", program_id, key);
|
||||
invoke(&ix, &[account])?;
|
||||
} else {
|
||||
match instruction_data[0] {
|
||||
1 => {
|
||||
let ix = Instruction::new(
|
||||
*program_id,
|
||||
&accounts[1].key.to_bytes(),
|
||||
vec![AccountMeta::new_readonly(*program_id, false)],
|
||||
);
|
||||
msg!("{:?} calling {:?}", program_id, program_id);
|
||||
invoke(&ix, accounts)?;
|
||||
}
|
||||
|
||||
_ => msg!("Should never get here"),
|
||||
}
|
||||
}
|
||||
Ok(())
|
||||
}
|
|
@ -796,6 +796,43 @@ fn test_program_bpf_invoke() {
|
|||
assert_eq!(10, bank.get_balance(&from_pubkey));
|
||||
assert_eq!(0, bank.get_balance(&to_pubkey));
|
||||
}
|
||||
|
||||
// Check the caller has access to cpi program
|
||||
{
|
||||
let GenesisConfigInfo {
|
||||
genesis_config,
|
||||
mint_keypair,
|
||||
..
|
||||
} = create_genesis_config(50);
|
||||
let mut bank = Bank::new(&genesis_config);
|
||||
let (name, id, entrypoint) = solana_bpf_loader_program!();
|
||||
bank.add_builtin(&name, id, entrypoint);
|
||||
let bank = Arc::new(bank);
|
||||
let bank_client = BankClient::new_shared(&bank);
|
||||
|
||||
let caller_pubkey = load_bpf_program(
|
||||
&bank_client,
|
||||
&bpf_loader::id(),
|
||||
&mint_keypair,
|
||||
"solana_bpf_rust_caller_access",
|
||||
);
|
||||
let caller2_pubkey = load_bpf_program(
|
||||
&bank_client,
|
||||
&bpf_loader::id(),
|
||||
&mint_keypair,
|
||||
"solana_bpf_rust_caller_access",
|
||||
);
|
||||
let account_metas = vec![
|
||||
AccountMeta::new_readonly(caller_pubkey, false),
|
||||
AccountMeta::new_readonly(caller2_pubkey, false),
|
||||
];
|
||||
let instruction = Instruction::new(caller_pubkey, &[1_u8], account_metas.clone());
|
||||
let result = bank_client.send_and_confirm_instruction(&mint_keypair, instruction);
|
||||
assert_eq!(
|
||||
result.unwrap_err().unwrap(),
|
||||
TransactionError::InstructionError(0, InstructionError::MissingAccount)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(feature = "bpf_rust")]
|
||||
|
|
|
@ -1336,6 +1336,20 @@ fn verify_instruction<'a>(
|
|||
}
|
||||
}
|
||||
|
||||
// validate the caller has access to the program account
|
||||
let _ = callers_keyed_accounts
|
||||
.iter()
|
||||
.find_map(|keyed_account| {
|
||||
if &instruction.program_id == keyed_account.unsigned_key() {
|
||||
Some(keyed_account)
|
||||
} else {
|
||||
None
|
||||
}
|
||||
})
|
||||
.ok_or(SyscallError::InstructionError(
|
||||
InstructionError::MissingAccount,
|
||||
))?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue