Guard the Requester so that the Responder can't do whatever it wants

datman/src/remote/backup_source_requester.rs

@@ -11,6 +11,7 @@ use std::sync::Arc;
 use yama::commands::{load_pile_descriptor, open_pile};
 use yama::definitions::{PartialPointerData, TreeNode};
 use yama::operations::storing::{pointer_ops_prepare_to_store, pointers_ops_after_store};
+use yama::pile::access_guard::PileGuard;
 use yama::pile::{Pile, RawPile, StoragePipelineSettings};
 use yama::progress::ProgressTracker;
 use yama::remote::responder::{Responder, ResponderWritingPipeline};
@@ -94,11 +95,13 @@ pub fn chunking<
         (None, None)
     };
 
+    let guarded_pile = PileGuard::new(Arc::clone(&raw_pile), true);
+
     let (r_handle, w_handle, join_handles) = Responder::start(
         read,
         write,
         get_number_of_workers("YAMA_RESPONDERS") as u16,
-        raw_pile,
+        Arc::new(guarded_pile),
         writing_pipeline,
         progress_bar,
     );

yama/src/pile/access_guard.rs

@@ -17,8 +17,8 @@ use std::thread;
 #[derivative(Clone(bound = ""))]
 // we need to use derivative's Clone impl because Arc<R> causes R to have a bound on Clone
 // even though that's not needed. https://github.com/rust-lang/rust/issues/26925
-pub struct PileGuard<R: RawPile> {
-    underlying: Arc<R>,
+pub struct PileGuard<R: Clone + RawPile> {
+    underlying: R,
     /// Whether to verify chunk IDs to prevent malicious corruption
     verify_chunk_ids: bool,
 }
@@ -39,9 +39,16 @@ fn pipeline(
     Ok(())
 }
 
-impl<R: RawPile> PileGuard<R> {}
+impl<R: Clone + RawPile> PileGuard<R> {
+    pub fn new(underlying: R, verify_chunk_ids: bool) -> Self {
+        PileGuard {
+            underlying,
+            verify_chunk_ids,
+        }
+    }
+}
 
-impl<R: RawPile> RawPile for PileGuard<R> {
+impl<R: Clone + RawPile> RawPile for PileGuard<R> {
     fn exists(&self, kind: Keyspace, key: &[u8]) -> anyhow::Result<bool> {
         match kind {
             Keyspace::Chunk => self.underlying.exists(kind, key),