From 7fa5948fd33c2448dc0eb5bf4c27ce905ea1a078 Mon Sep 17 00:00:00 2001
From: Jason Volk <jason@zemos.net>
Date: Sat, 17 Aug 2019 06:37:43 -0700
Subject: [PATCH] modules/vm: Check auth during eval.

---
 include/ircd/m/vm.h | 3 +++
 modules/m_vm.cc     | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/include/ircd/m/vm.h b/include/ircd/m/vm.h
index a624e51d6..b0d93a387 100644
--- a/include/ircd/m/vm.h
+++ b/include/ircd/m/vm.h
@@ -156,6 +156,9 @@ struct ircd::m::vm::opts
 	/// Call eval hooks or false to bypass this stage.
 	bool eval {true};
 
+	/// Perform auth or false to bypass this state.
+	bool auth {true};
+
 	/// Make writes to database
 	bool write {true};
 
diff --git a/modules/m_vm.cc b/modules/m_vm.cc
index 4c3475294..42b397e4f 100644
--- a/modules/m_vm.cc
+++ b/modules/m_vm.cc
@@ -896,6 +896,10 @@ ircd::m::vm::execute_pdu(eval &eval,
 	if(opts.fetch)
 		call_hook(fetch_hook, eval, event, eval);
 
+	// Evaluation by auth system; throws
+	if(opts.auth && !internal(room_id))
+		event::auth::check(event);
+
 	// Obtain sequence number here.
 	const auto *const &top(eval::seqmax());
 	eval.sequence_shared[0] = 0;