From e451ddbf4657cbe72f539e1f9513a5bc3a31f3d6 Mon Sep 17 00:00:00 2001 From: xiekeyang Date: Thu, 27 Aug 2015 19:03:00 +0800 Subject: [PATCH] Fix: Docker Daemon didn't send actual actions client ask for to Token Server The Docker Daemon should send actual actions client ask for to issue tokens, not all the permissions that client is guaranteed. Signed-off-by: xiekeyang --- graph/pull_v2.go | 2 +- graph/push_v2.go | 2 +- graph/registry.go | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/graph/pull_v2.go b/graph/pull_v2.go index 0b21c1f75a..07680a09db 100644 --- a/graph/pull_v2.go +++ b/graph/pull_v2.go @@ -34,7 +34,7 @@ type v2Puller struct { func (p *v2Puller) Pull(tag string) (fallback bool, err error) { // TODO(tiborvass): was ReceiveTimeout - p.repo, err = NewV2Repository(p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig) + p.repo, err = NewV2Repository(p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "pull") if err != nil { logrus.Debugf("Error getting v2 registry: %v", err) return true, err diff --git a/graph/push_v2.go b/graph/push_v2.go index 6823ac5928..5c6aaa3e18 100644 --- a/graph/push_v2.go +++ b/graph/push_v2.go @@ -30,7 +30,7 @@ type v2Pusher struct { } func (p *v2Pusher) Push() (fallback bool, err error) { - p.repo, err = NewV2Repository(p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig) + p.repo, err = NewV2Repository(p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "push", "pull") if err != nil { logrus.Debugf("Error getting v2 registry: %v", err) return true, err diff --git a/graph/registry.go b/graph/registry.go index 2898e00c78..7700d4bfe9 100644 --- a/graph/registry.go +++ b/graph/registry.go @@ -30,7 +30,7 @@ func (dcs dumbCredentialStore) Basic(*url.URL) (string, string) { // NewV2Repository returns a repository (v2 only). It creates a HTTP transport // providing timeout settings and authentication support, and also verifies the // remote API version. -func NewV2Repository(repoInfo *registry.RepositoryInfo, endpoint registry.APIEndpoint, metaHeaders http.Header, authConfig *cliconfig.AuthConfig) (distribution.Repository, error) { +func NewV2Repository(repoInfo *registry.RepositoryInfo, endpoint registry.APIEndpoint, metaHeaders http.Header, authConfig *cliconfig.AuthConfig, actions ...string) (distribution.Repository, error) { ctx := context.Background() repoName := repoInfo.CanonicalName @@ -91,7 +91,7 @@ func NewV2Repository(repoInfo *registry.RepositoryInfo, endpoint registry.APIEnd } creds := dumbCredentialStore{auth: authConfig} - tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, "push", "pull") + tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, actions...) basicHandler := auth.NewBasicHandler(creds) modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler)) tr := transport.NewTransport(base, modifiers...)