handling admin credentials

47ee8b7f · Srikanth Chikkulapelly · 9b94a0f4 · 47ee8b7f
Commit 47ee8b7f authored Feb 08, 2010 by Srikanth Chikkulapelly
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 0 deletions

protogeni/lib/GeniCMV2.pm.in protogeni/lib/GeniCMV2.pm.in +15 -0

No files found.
--- a/protogeni/lib/GeniCMV2.pm.in
+++ b/protogeni/lib/GeniCMV2.pm.in
@@ -571,6 +571,21 @@ sub SliverAction($$$$)
    # For now, only allow top level aggregate or the slice
    #
    my ($slice, $aggregate) = Credential2SliceAggregate($credential);
+    # find out the component manager URN.
+    my $cm_urn = GeniHRN::Generate($OURDOMAIN, "authority", "cm");
+
+    if ((!defined($slice)) && ($credential->target_urn() =~ "+authority+cm")) {
+        # administrative credentials are presented.
+        if ($cm_urn != $credential->target_urn() {
+            return GeniResponse->Create(GENIRESPONSE_FORBIDDEN(), undef,
+		"Credential target does not match CM URN");
+        }
+    	if(!defined($slice_urn)){
+    	    return GeniResponse->MalformedArgsResponse("Missing arguments");
+    	}
+	$slice = GeniSlice->Lookup($slice_urn);
+    }
+
    if (! (defined($slice) && defined($aggregate))) {
 	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
 				    "No slice or aggregate here");