diff --git a/actors/market/src/lib.rs b/actors/market/src/lib.rs index 45dbb7e7d4..287e6c239d 100644 --- a/actors/market/src/lib.rs +++ b/actors/market/src/lib.rs @@ -32,9 +32,8 @@ use fil_actors_runtime::runtime::builtins::Type; use fil_actors_runtime::runtime::{ActorCode, Policy, Runtime}; use fil_actors_runtime::{ actor_error, cbor, restrict_internal_api, ActorContext, ActorDowncast, ActorError, - AsActorError, BURNT_FUNDS_ACTOR_ADDR, CALLER_TYPES_SIGNABLE, CRON_ACTOR_ADDR, - DATACAP_TOKEN_ACTOR_ADDR, REWARD_ACTOR_ADDR, STORAGE_POWER_ACTOR_ADDR, SYSTEM_ACTOR_ADDR, - VERIFIED_REGISTRY_ACTOR_ADDR, + AsActorError, BURNT_FUNDS_ACTOR_ADDR, CRON_ACTOR_ADDR, DATACAP_TOKEN_ACTOR_ADDR, + REWARD_ACTOR_ADDR, STORAGE_POWER_ACTOR_ADDR, SYSTEM_ACTOR_ADDR, VERIFIED_REGISTRY_ACTOR_ADDR, }; use crate::ext::verifreg::{AllocationID, AllocationRequest}; @@ -114,8 +113,7 @@ impl Actor { )); } - // only signing parties can add balance for client AND provider. - rt.validate_immediate_caller_type(CALLER_TYPES_SIGNABLE.iter())?; + rt.validate_immediate_caller_accept_any()?; let (nominal, _, _) = escrow_address(rt, &provider_or_client)?; @@ -228,9 +226,7 @@ impl Actor { rt: &mut impl Runtime, params: PublishStorageDealsParams, ) -> Result { - // Deal message must have a From field identical to the provider of all the deals. - // This allows us to retain and verify only the client's signature in each deal proposal itself. - rt.validate_immediate_caller_type(CALLER_TYPES_SIGNABLE.iter())?; + rt.validate_immediate_caller_accept_any()?; if params.deals.is_empty() { return Err(actor_error!(illegal_argument, "Empty deals parameter")); } diff --git a/actors/market/tests/cron_tick_timedout_deals.rs b/actors/market/tests/cron_tick_timedout_deals.rs index dfdff2e456..9a5a627a13 100644 --- a/actors/market/tests/cron_tick_timedout_deals.rs +++ b/actors/market/tests/cron_tick_timedout_deals.rs @@ -6,7 +6,7 @@ use fil_actor_market::{ }; use fil_actors_runtime::network::EPOCHS_IN_DAY; use fil_actors_runtime::test_utils::*; -use fil_actors_runtime::{BURNT_FUNDS_ACTOR_ADDR, CALLER_TYPES_SIGNABLE}; +use fil_actors_runtime::BURNT_FUNDS_ACTOR_ADDR; use fvm_ipld_encoding::RawBytes; use fvm_shared::clock::ChainEpoch; use fvm_shared::crypto::signature::Signature; @@ -84,7 +84,7 @@ fn publishing_timed_out_deal_again_should_work_after_cron_tick_as_it_should_no_l let client_deal_proposal = ClientDealProposal { proposal: deal_proposal2.clone(), client_signature: sig }; let params = PublishStorageDealsParams { deals: vec![client_deal_proposal] }; - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); expect_provider_control_address(&mut rt, PROVIDER_ADDR, OWNER_ADDR, WORKER_ADDR); expect_query_network_info(&mut rt); rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, WORKER_ADDR); diff --git a/actors/market/tests/harness.rs b/actors/market/tests/harness.rs index 7bccd15064..36a071c2de 100644 --- a/actors/market/tests/harness.rs +++ b/actors/market/tests/harness.rs @@ -27,8 +27,8 @@ use fil_actors_runtime::{ network::EPOCHS_IN_DAY, runtime::{builtins::Type, Policy, Runtime}, test_utils::*, - ActorError, BatchReturn, SetMultimap, BURNT_FUNDS_ACTOR_ADDR, CALLER_TYPES_SIGNABLE, - CRON_ACTOR_ADDR, DATACAP_TOKEN_ACTOR_ADDR, REWARD_ACTOR_ADDR, STORAGE_MARKET_ACTOR_ADDR, + ActorError, BatchReturn, SetMultimap, BURNT_FUNDS_ACTOR_ADDR, CRON_ACTOR_ADDR, + DATACAP_TOKEN_ACTOR_ADDR, REWARD_ACTOR_ADDR, STORAGE_MARKET_ACTOR_ADDR, STORAGE_POWER_ACTOR_ADDR, SYSTEM_ACTOR_ADDR, VERIFIED_REGISTRY_ACTOR_ADDR, }; use fvm_ipld_encoding::{to_vec, RawBytes}; @@ -167,7 +167,7 @@ pub fn add_provider_funds(rt: &mut MockRuntime, amount: TokenAmount, addrs: &Min rt.set_value(amount.clone()); rt.set_address_actor_type(addrs.provider, *MINER_ACTOR_CODE_ID); rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, addrs.owner); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); expect_provider_control_address(rt, addrs.provider, addrs.owner, addrs.worker); @@ -188,8 +188,7 @@ pub fn add_participant_funds(rt: &mut MockRuntime, addr: Address, amount: TokenA rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, addr); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); - + rt.expect_validate_caller_any(); assert!(rt .call::(Method::AddBalance as u64, &RawBytes::serialize(addr).unwrap()) .is_ok()); @@ -440,8 +439,7 @@ pub fn publish_deals( publish_deals: &[DealProposal], next_allocation_id: AllocationID, ) -> Vec { - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); - + rt.expect_validate_caller_any(); let return_value = GetControlAddressesReturnParams { owner: addrs.owner, worker: addrs.worker, @@ -564,7 +562,7 @@ pub fn publish_deals_expect_abort( proposal: DealProposal, expected_exit_code: ExitCode, ) { - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); expect_provider_control_address( rt, miner_addresses.provider, @@ -747,7 +745,7 @@ where rt.set_epoch(current_epoch); post_setup(&mut rt, &mut deal_proposal); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); expect_provider_control_address(&mut rt, PROVIDER_ADDR, OWNER_ADDR, WORKER_ADDR); expect_query_network_info(&mut rt); rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, WORKER_ADDR); diff --git a/actors/market/tests/market_actor_test.rs b/actors/market/tests/market_actor_test.rs index b4e0c63e01..ce6212a499 100644 --- a/actors/market/tests/market_actor_test.rs +++ b/actors/market/tests/market_actor_test.rs @@ -14,7 +14,7 @@ use fil_actors_runtime::runtime::{builtins::Type, Policy, Runtime}; use fil_actors_runtime::test_utils::*; use fil_actors_runtime::{ make_empty_map, make_map_with_root_and_bitwidth, ActorError, BatchReturn, Map, SetMultimap, - BURNT_FUNDS_ACTOR_ADDR, CALLER_TYPES_SIGNABLE, DATACAP_TOKEN_ACTOR_ADDR, SYSTEM_ACTOR_ADDR, + BURNT_FUNDS_ACTOR_ADDR, DATACAP_TOKEN_ACTOR_ADDR, SYSTEM_ACTOR_ADDR, VERIFIED_REGISTRY_ACTOR_ADDR, }; use frc46_token::token::types::{TransferFromParams, TransferFromReturn}; @@ -195,7 +195,7 @@ fn adds_to_provider_escrow_funds() { for tc in &test_cases { rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, *caller_addr); rt.set_value(TokenAmount::from_atto(tc.delta)); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); expect_provider_control_address(&mut rt, PROVIDER_ADDR, OWNER_ADDR, WORKER_ADDR); assert_eq!( @@ -378,28 +378,6 @@ fn worker_balance_after_withdrawal_must_account_for_slashed_funds() { check_state(&rt); } -#[test] -fn fails_unless_called_by_an_account_actor() { - let mut rt = setup(); - - rt.set_value(TokenAmount::from_atto(10)); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); - - rt.set_caller(*MINER_ACTOR_CODE_ID, PROVIDER_ADDR); - assert_eq!( - ExitCode::USR_FORBIDDEN, - rt.call::( - Method::AddBalance as u64, - &RawBytes::serialize(PROVIDER_ADDR).unwrap(), - ) - .unwrap_err() - .exit_code() - ); - - rt.verify(); - check_state(&rt); -} - #[test] fn adds_to_non_provider_funds() { struct TestCase { @@ -418,8 +396,7 @@ fn adds_to_non_provider_funds() { for tc in &test_cases { rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, *caller_addr); rt.set_value(TokenAmount::from_atto(tc.delta)); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); - + rt.expect_validate_caller_any(); assert_eq!( RawBytes::default(), rt.call::( @@ -564,7 +541,6 @@ fn fails_if_withdraw_from_provider_funds_is_not_initiated_by_the_owner_or_worker assert_eq!(get_balance(&mut rt, &PROVIDER_ADDR).balance, amount); - // only signing parties can add balance for client AND provider. rt.expect_validate_caller_addr(vec![OWNER_ADDR, WORKER_ADDR]); let params = WithdrawBalanceParams { provider_or_client: PROVIDER_ADDR, @@ -821,7 +797,7 @@ fn provider_and_client_addresses_are_resolved_before_persisting_state_and_sent_t rt.set_value(amount.clone()); rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, client_resolved); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); assert!(rt .call::(Method::AddBalance as u64, &RawBytes::serialize(client_bls).unwrap()) .is_ok()); @@ -833,7 +809,7 @@ fn provider_and_client_addresses_are_resolved_before_persisting_state_and_sent_t // add funds for provider using it's BLS address -> will be resolved and persisted rt.value_received = deal.provider_collateral.clone(); rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, OWNER_ADDR); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); expect_provider_control_address(&mut rt, provider_resolved, OWNER_ADDR, WORKER_ADDR); assert_eq!( @@ -850,7 +826,7 @@ fn provider_and_client_addresses_are_resolved_before_persisting_state_and_sent_t // publish deal using the BLS addresses rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, WORKER_ADDR); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); expect_provider_control_address(&mut rt, provider_resolved, OWNER_ADDR, WORKER_ADDR); expect_query_network_info(&mut rt); @@ -1402,7 +1378,7 @@ fn cannot_publish_the_same_deal_twice_before_a_cron_tick() { let params = PublishStorageDealsParams { deals: vec![ClientDealProposal { proposal: d2.clone(), client_signature: sig }], }; - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); expect_provider_control_address(&mut rt, PROVIDER_ADDR, OWNER_ADDR, WORKER_ADDR); expect_query_network_info(&mut rt); rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, WORKER_ADDR); @@ -1770,7 +1746,7 @@ fn insufficient_client_balance_in_a_batch() { deal1.provider_balance_requirement().add(deal2.provider_balance_requirement()); rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, OWNER_ADDR); rt.set_value(provider_funds); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); expect_provider_control_address(&mut rt, PROVIDER_ADDR, OWNER_ADDR, WORKER_ADDR); assert_eq!( @@ -1802,7 +1778,7 @@ fn insufficient_client_balance_in_a_batch() { ], }; - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); expect_provider_control_address(&mut rt, PROVIDER_ADDR, OWNER_ADDR, WORKER_ADDR); expect_query_network_info(&mut rt); @@ -1883,7 +1859,7 @@ fn insufficient_provider_balance_in_a_batch() { // Provider has enough for only the second deal rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, OWNER_ADDR); rt.set_value(deal2.provider_balance_requirement().clone()); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); expect_provider_control_address(&mut rt, PROVIDER_ADDR, OWNER_ADDR, WORKER_ADDR); assert_eq!( @@ -1919,7 +1895,7 @@ fn insufficient_provider_balance_in_a_batch() { ], }; - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); expect_provider_control_address(&mut rt, PROVIDER_ADDR, OWNER_ADDR, WORKER_ADDR); expect_query_network_info(&mut rt); @@ -1990,16 +1966,12 @@ fn add_balance_restricted_correctly() { ); // can call the exported method num - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); - // TODO: This call should succeed: See https://github.com/filecoin-project/builtin-actors/issues/806. - expect_abort_contains_message( - ExitCode::USR_FORBIDDEN, - "forbidden, allowed: [Account, Multisig]", - rt.call::( - Method::AddBalanceExported as MethodNum, - &RawBytes::serialize(CLIENT_ADDR).unwrap(), - ), - ); + rt.expect_validate_caller_any(); + rt.call::( + Method::AddBalanceExported as MethodNum, + &RawBytes::serialize(CLIENT_ADDR).unwrap(), + ) + .unwrap(); rt.verify(); } diff --git a/actors/market/tests/publish_storage_deals_failures.rs b/actors/market/tests/publish_storage_deals_failures.rs index 38b4315d0a..7cdf2492b5 100644 --- a/actors/market/tests/publish_storage_deals_failures.rs +++ b/actors/market/tests/publish_storage_deals_failures.rs @@ -9,7 +9,6 @@ use fil_actor_market::{ use fil_actors_runtime::network::EPOCHS_IN_DAY; use fil_actors_runtime::runtime::Policy; use fil_actors_runtime::test_utils::*; -use fil_actors_runtime::CALLER_TYPES_SIGNABLE; use fvm_ipld_encoding::RawBytes; use fvm_shared::address::Address; use fvm_shared::bigint::BigInt; @@ -255,7 +254,7 @@ fn fail_when_provider_has_some_funds_but_not_enough_for_a_deal() { deals: vec![ClientDealProposal { proposal: deal1.clone(), client_signature: sig }], }; - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); expect_provider_control_address(&mut rt, PROVIDER_ADDR, OWNER_ADDR, WORKER_ADDR); expect_query_network_info(&mut rt); rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, WORKER_ADDR); @@ -315,7 +314,7 @@ fn fail_when_deals_have_different_providers() { ], }; - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); expect_provider_control_address(&mut rt, PROVIDER_ADDR, OWNER_ADDR, WORKER_ADDR); expect_query_network_info(&mut rt); rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, WORKER_ADDR); @@ -363,36 +362,12 @@ fn fail_when_deals_have_different_providers() { check_state(&rt); } -#[test] -fn fail_when_caller_is_not_of_signable_type() { - let start_epoch = 10; - let end_epoch = start_epoch + 200 * EPOCHS_IN_DAY; - - let mut rt = setup(); - let deal = generate_deal_proposal(CLIENT_ADDR, PROVIDER_ADDR, start_epoch, end_epoch); - let sig = Signature::new_bls("does not matter".as_bytes().to_vec()); - let params = PublishStorageDealsParams { - deals: vec![ClientDealProposal { proposal: deal, client_signature: sig }], - }; - let w = Address::new_id(1000); - rt.set_caller(*MINER_ACTOR_CODE_ID, w); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); - expect_abort( - ExitCode::USR_FORBIDDEN, - rt.call::( - Method::PublishStorageDeals as u64, - &RawBytes::serialize(params).unwrap(), - ), - ); - check_state(&rt); -} - #[test] fn fail_when_no_deals_in_params() { let mut rt = setup(); let params = PublishStorageDealsParams { deals: vec![] }; rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, WORKER_ADDR); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); expect_abort( ExitCode::USR_ILLEGAL_ARGUMENT, rt.call::( @@ -417,7 +392,7 @@ fn fail_to_resolve_provider_address() { deals: vec![ClientDealProposal { proposal: deal, client_signature: sig }], }; rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, WORKER_ADDR); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); expect_abort( ExitCode::USR_NOT_FOUND, rt.call::( @@ -440,7 +415,7 @@ fn caller_is_not_the_same_as_the_worker_address_for_miner() { deals: vec![ClientDealProposal { proposal: deal, client_signature: sig }], }; - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); expect_provider_control_address(&mut rt, PROVIDER_ADDR, OWNER_ADDR, WORKER_ADDR); rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, Address::new_id(999)); expect_abort( @@ -469,7 +444,7 @@ fn fails_if_provider_is_not_a_storage_miner_actor() { deals: vec![ClientDealProposal { proposal: deal, client_signature: sig }], }; - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, WORKER_ADDR); expect_abort( ExitCode::USR_ILLEGAL_ARGUMENT, diff --git a/actors/miner/src/lib.rs b/actors/miner/src/lib.rs index 7e99005df8..dd9404e3b4 100644 --- a/actors/miner/src/lib.rs +++ b/actors/miner/src/lib.rs @@ -22,7 +22,7 @@ use fvm_shared::randomness::*; use fvm_shared::reward::ThisEpochRewardReturn; use fvm_shared::sector::*; use fvm_shared::smooth::FilterEstimate; -use fvm_shared::{MethodNum, METHOD_CONSTRUCTOR, METHOD_SEND}; +use fvm_shared::{ActorID, MethodNum, METHOD_CONSTRUCTOR, METHOD_SEND}; use itertools::Itertools; use log::{error, info, warn}; use multihash::Code::Blake2b256; @@ -42,8 +42,8 @@ use fil_actors_runtime::runtime::builtins::Type; use fil_actors_runtime::runtime::{ActorCode, DomainSeparationTag, Policy, Runtime}; use fil_actors_runtime::{ actor_error, cbor, restrict_internal_api, ActorContext, ActorDowncast, ActorError, - BURNT_FUNDS_ACTOR_ADDR, CALLER_TYPES_SIGNABLE, INIT_ACTOR_ADDR, REWARD_ACTOR_ADDR, - STORAGE_MARKET_ACTOR_ADDR, STORAGE_POWER_ACTOR_ADDR, VERIFIED_REGISTRY_ACTOR_ADDR, + BURNT_FUNDS_ACTOR_ADDR, INIT_ACTOR_ADDR, REWARD_ACTOR_ADDR, STORAGE_MARKET_ACTOR_ADDR, + STORAGE_POWER_ACTOR_ADDR, VERIFIED_REGISTRY_ACTOR_ADDR, }; pub use monies::*; pub use partition_state::*; @@ -151,12 +151,19 @@ impl Actor { check_peer_info(rt.policy(), ¶ms.peer_id, ¶ms.multi_addresses)?; check_valid_post_proof_type(rt.policy(), params.window_post_proof_type)?; - let owner = resolve_control_address(rt, params.owner)?; + let owner = rt.resolve_address(¶ms.owner).ok_or_else(|| { + actor_error!(illegal_argument, "unable to resolve owner address: {}", params.owner) + })?; + let worker = resolve_worker_address(rt, params.worker)?; let control_addresses: Vec<_> = params .control_addresses .into_iter() - .map(|address| resolve_control_address(rt, address)) + .map(|address| { + rt.resolve_address(&address).ok_or_else(|| { + actor_error!(illegal_argument, "unable to resolve control address: {}", address) + }) + }) .collect::>()?; let policy = rt.policy(); @@ -297,11 +304,16 @@ impl Actor { ) -> Result<(), ActorError> { check_control_addresses(rt.policy(), ¶ms.new_control_addresses)?; - let new_worker = resolve_worker_address(rt, params.new_worker)?; + let new_worker = Address::new_id(resolve_worker_address(rt, params.new_worker)?); let control_addresses: Vec
= params .new_control_addresses .into_iter() - .map(|address| resolve_control_address(rt, address)) + .map(|address| { + rt.resolve_address(&address).ok_or_else(|| { + actor_error!(illegal_argument, "unable to resolve control address: {}", address) + }) + }) + .map(|id_result| id_result.map(Address::new_id)) .collect::>()?; rt.transaction(|state: &mut State, rt| { @@ -1419,7 +1431,7 @@ impl Actor { rt: &mut impl Runtime, params: DisputeWindowedPoStParams, ) -> Result<(), ActorError> { - rt.validate_immediate_caller_type(CALLER_TYPES_SIGNABLE.iter())?; + rt.validate_immediate_caller_accept_any()?; let reporter = rt.message().caller(); { @@ -3057,7 +3069,7 @@ impl Actor { // Note: only the first report of any fault is processed because it sets the // ConsensusFaultElapsed state variable to an epoch after the fault, and reports prior to // that epoch are no longer valid - rt.validate_immediate_caller_type(CALLER_TYPES_SIGNABLE.iter())?; + rt.validate_immediate_caller_accept_any()?; let reporter = rt.message().caller(); let fault = rt @@ -4319,36 +4331,9 @@ fn request_current_total_power( Ok(power) } -/// Resolves an address to an ID address and verifies that it is address of an account or multisig actor. -fn resolve_control_address(rt: &impl Runtime, raw: Address) -> Result { - let resolved = rt - .resolve_address(&raw) - .ok_or_else(|| actor_error!(illegal_argument, "unable to resolve address: {}", raw))?; - - let owner_code = rt - .get_actor_code_cid(&resolved) - .ok_or_else(|| actor_error!(illegal_argument, "no code for address: {}", resolved))?; - - let is_principal = rt - .resolve_builtin_actor_type(&owner_code) - .as_ref() - .map(|t| CALLER_TYPES_SIGNABLE.contains(t)) - .unwrap_or(false); - - if !is_principal { - return Err(actor_error!( - illegal_argument, - "owner actor type must be a principal, was {}", - owner_code - )); - } - - Ok(Address::new_id(resolved)) -} - /// Resolves an address to an ID address and verifies that it is address of an account actor with an associated BLS key. /// The worker must be BLS since the worker key will be used alongside a BLS-VRF. -fn resolve_worker_address(rt: &mut impl Runtime, raw: Address) -> Result { +fn resolve_worker_address(rt: &mut impl Runtime, raw: Address) -> Result { let resolved = rt .resolve_address(&raw) .ok_or_else(|| actor_error!(illegal_argument, "unable to resolve address: {}", raw))?; @@ -4381,7 +4366,7 @@ fn resolve_worker_address(rt: &mut impl Runtime, raw: Address) -> Result
Result<(), ActorError> { diff --git a/actors/miner/src/state.rs b/actors/miner/src/state.rs index b44c315ca7..1a3f0499a8 100644 --- a/actors/miner/src/state.rs +++ b/actors/miner/src/state.rs @@ -24,7 +24,8 @@ use fvm_shared::clock::{ChainEpoch, QuantSpec, EPOCH_UNDEFINED}; use fvm_shared::econ::TokenAmount; use fvm_shared::error::ExitCode; use fvm_shared::sector::{RegisteredPoStProof, SectorNumber, SectorSize, MAX_SECTOR_NUMBER}; -use fvm_shared::HAMT_BIT_WIDTH; +use fvm_shared::{ActorID, HAMT_BIT_WIDTH}; +use itertools::Itertools; use num_traits::Zero; use super::beneficiary::*; @@ -1266,9 +1267,9 @@ pub struct MinerInfo { impl MinerInfo { pub fn new( - owner: Address, - worker: Address, - control_addresses: Vec
, + owner: ActorID, + worker: ActorID, + control_addresses: Vec, peer_id: Vec, multi_address: Vec, window_post_proof_type: RegisteredPoStProof, @@ -1282,11 +1283,12 @@ impl MinerInfo { .map_err(|e| actor_error!(illegal_argument, "invalid partition sectors: {}", e))?; Ok(Self { - owner, - worker, - control_addresses, + owner: Address::new_id(owner), + worker: Address::new_id(worker), + control_addresses: control_addresses.into_iter().map(Address::new_id).collect_vec(), + pending_worker_key: None, - beneficiary: owner, + beneficiary: Address::new_id(owner), beneficiary_term: BeneficiaryTerm::default(), pending_beneficiary_term: None, peer_id, diff --git a/actors/miner/tests/miner_actor_test_construction.rs b/actors/miner/tests/miner_actor_test_construction.rs index 9c9d44a0af..844b1d59b9 100644 --- a/actors/miner/tests/miner_actor_test_construction.rs +++ b/actors/miner/tests/miner_actor_test_construction.rs @@ -168,34 +168,6 @@ fn control_addresses_are_resolved_during_construction() { assert_eq!(control2id, info.control_addresses[1]); } -#[test] -fn fails_if_control_address_is_not_an_account_actor() { - let mut env = prepare_env(); - - let control1 = Address::new_id(501); - env.control_addrs = vec![control1]; - env.rt.actor_code_cids.insert(control1, *PAYCH_ACTOR_CODE_ID); - - let params = constructor_params(&env); - env.rt.set_caller(*INIT_ACTOR_CODE_ID, INIT_ACTOR_ADDR); - env.rt.expect_validate_caller_addr(vec![INIT_ACTOR_ADDR]); - env.rt.expect_send( - env.worker, - AccountMethod::PubkeyAddress as u64, - RawBytes::default(), - TokenAmount::zero(), - RawBytes::serialize(env.worker_key).unwrap(), - ExitCode::OK, - ); - - let result = env - .rt - .call::(Method::Constructor as u64, &RawBytes::serialize(params).unwrap()) - .unwrap_err(); - assert_eq!(result.exit_code(), ExitCode::USR_ILLEGAL_ARGUMENT); - env.rt.verify(); -} - #[test] fn test_construct_with_invalid_peer_id() { let mut env = prepare_env(); diff --git a/actors/miner/tests/miner_actor_test_wpost.rs b/actors/miner/tests/miner_actor_test_wpost.rs index 6817181d4b..1f9508f540 100644 --- a/actors/miner/tests/miner_actor_test_wpost.rs +++ b/actors/miner/tests/miner_actor_test_wpost.rs @@ -4,7 +4,6 @@ use fil_actor_miner as miner; use fil_actor_miner::PowerPair; use fil_actors_runtime::runtime::DomainSeparationTag; use fil_actors_runtime::test_utils::*; -use fil_actors_runtime::CALLER_TYPES_SIGNABLE; use fvm_ipld_bitfield::BitField; use fvm_ipld_encoding::RawBytes; use fvm_shared::clock::ChainEpoch; @@ -1031,7 +1030,7 @@ fn cannot_dispute_posts_when_the_challenge_window_is_open() { let params = miner::DisputeWindowedPoStParams { deadline: dlinfo.index, post_index: 0 }; rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, h.worker); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); h.expect_query_network_info(&mut rt); let result = rt.call::( @@ -1092,8 +1091,7 @@ fn can_dispute_up_till_window_end_but_not_after() { // Now try to dispute. let params = miner::DisputeWindowedPoStParams { deadline: dlidx, post_index: 0 }; rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, h.worker); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); - + rt.expect_validate_caller_any(); h.expect_query_network_info(&mut rt); let result = rt.call::( @@ -1125,7 +1123,7 @@ fn cant_dispute_up_with_an_invalid_deadline() { let params = miner::DisputeWindowedPoStParams { deadline: 50, post_index: 0 }; rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, h.worker); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); let result = rt.call::( miner::Method::DisputeWindowedPoSt as u64, diff --git a/actors/miner/tests/state_harness.rs b/actors/miner/tests/state_harness.rs index 08a6530861..7c982ec914 100644 --- a/actors/miner/tests/state_harness.rs +++ b/actors/miner/tests/state_harness.rs @@ -10,7 +10,6 @@ use fvm_ipld_blockstore::MemoryBlockstore; use fvm_ipld_encoding::BytesDe; use fvm_ipld_encoding::CborStore; use fvm_ipld_hamt::Error as HamtError; -use fvm_shared::address::Address; use fvm_shared::econ::TokenAmount; use fvm_shared::sector::{SectorNumber, SectorSize}; use fvm_shared::{clock::ChainEpoch, clock::QuantSpec, sector::RegisteredPoStProof}; @@ -34,8 +33,8 @@ impl StateHarness { // store init let store = MemoryBlockstore::default(); // state field init - let owner = Address::new_id(1); - let worker = Address::new_id(2); + let owner = 1; + let worker = 2; let test_window_post_proof_type = RegisteredPoStProof::StackedDRGWindow2KiBV1; diff --git a/actors/miner/tests/util.rs b/actors/miner/tests/util.rs index 12c1a35176..c0e5bf7d10 100644 --- a/actors/miner/tests/util.rs +++ b/actors/miner/tests/util.rs @@ -45,8 +45,8 @@ use fil_actors_runtime::runtime::{DomainSeparationTag, Policy, Runtime, RuntimeP use fil_actors_runtime::{test_utils::*, BatchReturn, BatchReturnGen}; use fil_actors_runtime::{ ActorDowncast, ActorError, Array, DealWeight, MessageAccumulator, BURNT_FUNDS_ACTOR_ADDR, - CALLER_TYPES_SIGNABLE, INIT_ACTOR_ADDR, REWARD_ACTOR_ADDR, STORAGE_MARKET_ACTOR_ADDR, - STORAGE_POWER_ACTOR_ADDR, VERIFIED_REGISTRY_ACTOR_ADDR, + INIT_ACTOR_ADDR, REWARD_ACTOR_ADDR, STORAGE_MARKET_ACTOR_ADDR, STORAGE_POWER_ACTOR_ADDR, + VERIFIED_REGISTRY_ACTOR_ADDR, }; use fvm_ipld_amt::Amt; use fvm_shared::bigint::Zero; @@ -1436,7 +1436,7 @@ impl ActorHarness { expect_success: Option, ) { rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, self.worker); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); self.expect_query_network_info(rt); @@ -1876,7 +1876,7 @@ impl ActorHarness { from: Address, fault: Option, ) -> Result<(), ActorError> { - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, from); let params = ReportConsensusFaultParams { header1: vec![], header2: vec![], header_extra: vec![] }; diff --git a/actors/multisig/src/lib.rs b/actors/multisig/src/lib.rs index 8bd64b74a8..c31d051b49 100644 --- a/actors/multisig/src/lib.rs +++ b/actors/multisig/src/lib.rs @@ -13,7 +13,7 @@ use num_derive::FromPrimitive; use num_traits::{FromPrimitive, Zero}; use fil_actors_runtime::cbor::serialize_vec; -use fil_actors_runtime::runtime::{builtins::Type, ActorCode, Primitives, Runtime}; +use fil_actors_runtime::runtime::{ActorCode, Primitives, Runtime}; use fil_actors_runtime::{ actor_error, cbor, make_empty_map, make_map_with_root, resolve_to_actor_id, restrict_internal_api, ActorContext, ActorError, AsActorError, Map, INIT_ACTOR_ADDR, @@ -132,7 +132,7 @@ impl Actor { rt: &mut impl Runtime, params: ProposeParams, ) -> Result { - rt.validate_immediate_caller_type(&[Type::Account, Type::Multisig])?; + rt.validate_immediate_caller_accept_any()?; let proposer: Address = rt.message().caller(); if params.value.is_negative() { @@ -185,7 +185,7 @@ impl Actor { rt: &mut impl Runtime, params: TxnIDParams, ) -> Result { - rt.validate_immediate_caller_type(&[Type::Account, Type::Multisig])?; + rt.validate_immediate_caller_accept_any()?; let approver: Address = rt.message().caller(); let id = params.id; @@ -217,7 +217,7 @@ impl Actor { /// Multisig actor cancel function pub fn cancel(rt: &mut impl Runtime, params: TxnIDParams) -> Result<(), ActorError> { - rt.validate_immediate_caller_type(&[Type::Account, Type::Multisig])?; + rt.validate_immediate_caller_accept_any()?; let caller_addr: Address = rt.message().caller(); rt.transaction(|st: &mut State, rt| { diff --git a/actors/multisig/tests/multisig_actor_test.rs b/actors/multisig/tests/multisig_actor_test.rs index 91957f71b3..d9b2b1084b 100644 --- a/actors/multisig/tests/multisig_actor_test.rs +++ b/actors/multisig/tests/multisig_actor_test.rs @@ -6,12 +6,11 @@ use fil_actor_multisig::{ use fil_actors_runtime::cbor::serialize; use fil_actors_runtime::runtime::Runtime; use fil_actors_runtime::test_utils::*; -use fil_actors_runtime::{CALLER_TYPES_SIGNABLE, INIT_ACTOR_ADDR, SYSTEM_ACTOR_ADDR}; +use fil_actors_runtime::{INIT_ACTOR_ADDR, SYSTEM_ACTOR_ADDR}; use fvm_ipld_encoding::tuple::*; use fvm_ipld_encoding::RawBytes; use fvm_shared::address::{Address, BLS_PUB_LEN}; -use fil_actors_runtime::runtime::builtins::Type; use fvm_shared::bigint::Zero; use fvm_shared::clock::ChainEpoch; use fvm_shared::econ::TokenAmount; @@ -759,8 +758,8 @@ fn test_propose_restricted_correctly() { let h = util::ActorHarness::new(); let anne = Address::new_id(101); + // We will treat Bob as having code CID b"102" let bob = Address::new_id(102); - // We will treat Chuck as having code CID b"103" let chuck = Address::new_id(103); let no_unlock_duration = 0; let start_epoch = 0; @@ -770,7 +769,7 @@ fn test_propose_restricted_correctly() { h.construct_and_verify(&mut rt, 2, no_unlock_duration, start_epoch, signers); // set caller to not-builtin - rt.set_caller(make_identity_cid(b"103"), Address::new_id(103)); + rt.set_caller(make_identity_cid(b"102"), Address::new_id(102)); let propose_params = serialize( &ProposeParams { to: chuck, @@ -793,13 +792,8 @@ fn test_propose_restricted_correctly() { rt.verify(); // can call the exported method num - rt.expect_validate_caller_type([Type::Account, Type::Multisig].to_vec()); - // TODO: This call should succeed: See https://github.com/filecoin-project/builtin-actors/issues/806. - expect_abort_contains_message( - ExitCode::USR_FORBIDDEN, - "forbidden, allowed: [Account, Multisig]", - rt.call::(Method::ProposeExported as u64, &propose_params), - ); + rt.expect_validate_caller_any(); + rt.call::(Method::ProposeExported as u64, &propose_params).unwrap(); rt.verify(); } @@ -1605,7 +1599,7 @@ mod approval_tests { RawBytes::default(), ExitCode::OK, ); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); let params = TxnIDParams { id: TxnID(0), proposal_hash: Vec::::new() }; rt.call::(Method::Approve as u64, &RawBytes::serialize(params).unwrap()) .unwrap(); @@ -1667,7 +1661,7 @@ mod approval_tests { h.construct_and_verify(&mut rt, 1, 0, 0, signers); rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, bob); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); let params = TxnIDParams { id: dne_tx_id, proposal_hash: Vec::::new() }; rt.call::(Method::Approve as u64, &RawBytes::serialize(params).unwrap()) .expect_err("should fail on approve of non existent tx id"); diff --git a/actors/multisig/tests/util.rs b/actors/multisig/tests/util.rs index fdb96a94fc..0dd0f8c4e0 100644 --- a/actors/multisig/tests/util.rs +++ b/actors/multisig/tests/util.rs @@ -5,8 +5,8 @@ use fil_actor_multisig::{ }; use fil_actor_multisig::{ChangeNumApprovalsThresholdParams, LockBalanceParams}; use fil_actors_runtime::test_utils::*; +use fil_actors_runtime::INIT_ACTOR_ADDR; use fil_actors_runtime::{make_map_with_root, ActorError}; -use fil_actors_runtime::{CALLER_TYPES_SIGNABLE, INIT_ACTOR_ADDR}; use fvm_ipld_encoding::RawBytes; use fvm_shared::address::Address; use fvm_shared::clock::ChainEpoch; @@ -125,7 +125,7 @@ impl ActorHarness { method: MethodNum, params: RawBytes, ) -> Result { - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); let propose_params = ProposeParams { to, value, method, params }; let ret = rt.call::(Method::Propose as u64, &RawBytes::serialize(propose_params).unwrap()); @@ -139,7 +139,7 @@ impl ActorHarness { txn_id: TxnID, proposal_hash: [u8; 32], ) -> Result { - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); let approve_params = TxnIDParams { id: txn_id, proposal_hash: Vec::::from(proposal_hash) }; let ret = @@ -154,7 +154,7 @@ impl ActorHarness { txn_id: TxnID, proposal_hash: [u8; 32], ) -> Result { - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); let cancel_params = TxnIDParams { id: txn_id, proposal_hash: Vec::::from(proposal_hash) }; let ret = diff --git a/actors/power/src/lib.rs b/actors/power/src/lib.rs index 43437812c6..9d5552094e 100644 --- a/actors/power/src/lib.rs +++ b/actors/power/src/lib.rs @@ -87,7 +87,7 @@ impl Actor { rt: &mut impl Runtime, params: CreateMinerParams, ) -> Result { - rt.validate_immediate_caller_type(&[Type::Account, Type::Multisig])?; + rt.validate_immediate_caller_accept_any()?; let value = rt.message().value_received(); let constructor_params = RawBytes::serialize(ext::miner::MinerConstructorParams { diff --git a/actors/power/tests/harness/mod.rs b/actors/power/tests/harness/mod.rs index dd53f55fc2..b236610984 100644 --- a/actors/power/tests/harness/mod.rs +++ b/actors/power/tests/harness/mod.rs @@ -13,7 +13,6 @@ use fil_actor_power::CRON_QUEUE_HAMT_BITWIDTH; use fil_actors_runtime::runtime::RuntimePolicy; use fil_actors_runtime::test_utils::CRON_ACTOR_CODE_ID; use fil_actors_runtime::Multimap; -use fil_actors_runtime::CALLER_TYPES_SIGNABLE; use fil_actors_runtime::CRON_ACTOR_ADDR; use fil_actors_runtime::REWARD_ACTOR_ADDR; use fvm_ipld_blockstore::Blockstore; @@ -142,7 +141,7 @@ impl Harness { rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, *owner); rt.set_value(value.clone()); rt.set_balance(value.clone()); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); let miner_ctor_params = MinerConstructorParams { owner: *owner, diff --git a/actors/power/tests/power_actor_tests.rs b/actors/power/tests/power_actor_tests.rs index 5be231f36a..fba2a73596 100644 --- a/actors/power/tests/power_actor_tests.rs +++ b/actors/power/tests/power_actor_tests.rs @@ -5,7 +5,7 @@ use fil_actors_runtime::test_utils::{ expect_abort, expect_abort_contains_message, make_identity_cid, ACCOUNT_ACTOR_CODE_ID, MINER_ACTOR_CODE_ID, SYSTEM_ACTOR_CODE_ID, }; -use fil_actors_runtime::{runtime::Policy, CALLER_TYPES_SIGNABLE, INIT_ACTOR_ADDR}; +use fil_actors_runtime::{runtime::Policy, INIT_ACTOR_ADDR}; use fvm_ipld_encoding::{BytesDe, RawBytes}; use fvm_shared::address::Address; use fvm_shared::bigint::bigint_ser::BigIntSer; @@ -77,34 +77,6 @@ fn create_miner() { h.check_state(&rt); } -#[test] -fn create_miner_given_caller_is_not_of_signable_type_should_fail() { - let (h, mut rt) = setup(); - - let peer = "miner".as_bytes().to_vec(); - let multiaddrs = vec![BytesDe("multiaddr".as_bytes().to_vec())]; - - let create_miner_params = CreateMinerParams { - owner: *OWNER, - worker: *OWNER, - window_post_proof_type: RegisteredPoStProof::StackedDRGWindow32GiBV1, - peer, - multiaddrs, - }; - - rt.set_caller(*MINER_ACTOR_CODE_ID, *OWNER); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); - expect_abort( - ExitCode::USR_FORBIDDEN, - rt.call::( - Method::CreateMiner as u64, - &RawBytes::serialize(&create_miner_params).unwrap(), - ), - ); - rt.verify(); - h.check_state(&rt); -} - #[test] fn create_miner_given_send_to_init_actor_fails_should_fail() { let (h, mut rt) = setup(); @@ -124,7 +96,7 @@ fn create_miner_given_send_to_init_actor_fails_should_fail() { rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, *OWNER); rt.value_received = TokenAmount::from_atto(10); rt.set_balance(TokenAmount::from_atto(10)); - rt.expect_validate_caller_type((*CALLER_TYPES_SIGNABLE).to_vec()); + rt.expect_validate_caller_any(); let message_params = ExecParams { code_cid: *MINER_ACTOR_CODE_ID, diff --git a/runtime/src/builtin/shared.rs b/runtime/src/builtin/shared.rs index 2208a45bb2..c4a338d597 100644 --- a/runtime/src/builtin/shared.rs +++ b/runtime/src/builtin/shared.rs @@ -6,16 +6,10 @@ use fvm_shared::address::Address; use fvm_shared::METHOD_SEND; use fvm_shared::{ActorID, MethodNum}; -use crate::runtime::builtins::Type; use crate::runtime::Runtime; pub const HAMT_BIT_WIDTH: u32 = 5; -/// Types of built-in actors that can be treated as principals. -/// This distinction is legacy and should be removed prior to FVM support for -/// user-programmable actors. -pub const CALLER_TYPES_SIGNABLE: &[Type] = &[Type::Account, Type::Multisig]; - /// ResolveToActorID resolves the given address to it's actor ID. /// If an actor ID for the given address dosen't exist yet, it tries to create one by sending /// a zero balance to the given address.