From 182bcbf7bde2793de2dcfc0cc1262e918e53db87 Mon Sep 17 00:00:00 2001
From: Michael Davis <michael.davis@cern.ch>
Date: Wed, 21 Mar 2018 16:33:56 +0100
Subject: [PATCH] [cta-frontend] Validates that instance name matches in
 Protobuf and SSS key

---
 xroot_plugins/XrdSsiCtaRequestMessage.cpp | 6 ++++++
 xroot_plugins/XrdSsiCtaRequestMessage.hpp | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/xroot_plugins/XrdSsiCtaRequestMessage.cpp b/xroot_plugins/XrdSsiCtaRequestMessage.cpp
index d85d9a8f8a..d4a3af3eb0 100644
--- a/xroot_plugins/XrdSsiCtaRequestMessage.cpp
+++ b/xroot_plugins/XrdSsiCtaRequestMessage.cpp
@@ -291,6 +291,12 @@ void RequestMessage::process(const cta::xrd::Request &request, cta::xrd::Respons
          break;
 
       case Request::kNotification:
+         // Validate that instance name in SSS key and instance name in Protocol buffer match
+         if(m_cliIdentity.username != request.notification().wf().instance().name()) {
+            throw PbException("Instance name \"" + request.notification().wf().instance().name() +
+                              "\" does not match key identifier \"" + m_cliIdentity.username + "\"");
+         }
+
          // Map the Workflow Event to a method
          switch(request.notification().wf().event()) {
             using namespace cta::eos;
diff --git a/xroot_plugins/XrdSsiCtaRequestMessage.hpp b/xroot_plugins/XrdSsiCtaRequestMessage.hpp
index a5f1108845..1df8281dd8 100644
--- a/xroot_plugins/XrdSsiCtaRequestMessage.hpp
+++ b/xroot_plugins/XrdSsiCtaRequestMessage.hpp
@@ -40,7 +40,7 @@ public:
          m_cliIdentity.username = client.name;
          m_cliIdentity.host     = client.host;
 
-         // Map the client protcol string to an enum value
+         // Map the client protocol string to an enum value
          auto proto_it = m_protomap.find(client.prot);
          m_protocol = proto_it != m_protomap.end() ? proto_it->second : Protocol::OTHER;
       }
-- 
GitLab