Commit 4c07275a authored by Jonathon Duerig's avatar Jonathon Duerig

When redeeming tickets, they need to be tied to slice not user

parent 21a0b623
......@@ -466,7 +466,7 @@ sub GetTicket($;$)
if (GeniResponse::IsResponse($credential));
if ($isupdate) {
$ticket = CheckTicket($tickstr);
$ticket = CheckTicket($tickstr, $credential->target_urn());
return $ticket
if (GeniResponse::IsResponse($ticket));
}
......@@ -2547,7 +2547,7 @@ sub SliverWork($$)
return $credential
if (GeniResponse::IsResponse($credential));
my $ticket = CheckTicket($ticketstr);
my $ticket = CheckTicket($ticketstr, $credential->target_urn());
return $ticket
if (GeniResponse::IsResponse($ticket));
......@@ -4027,7 +4027,7 @@ sub ReleaseTicket($)
return $credential
if (GeniResponse::IsResponse($credential));
my $ticket = CheckTicket($tickstr);
my $ticket = CheckTicket($tickstr, $credential->target_urn());
return $ticket
if (GeniResponse::IsResponse($ticket));
......@@ -6046,9 +6046,10 @@ sub CheckCredential($)
return $credential;
}
sub CheckTicket($)
sub CheckTicket($$)
{
my $ticket = GeniTicket->CreateFromSignedTicket($_[0]);
my $slice_urn = $_[1];
if (!defined($ticket)) {
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
$GeniTicket::CreateFromSignedError);
......@@ -6064,11 +6065,11 @@ sub CheckTicket($)
GeniHRN::IsValid($ticket->target_urn())));
#
# Make sure the ticket was issued to the caller.
# Make sure the ticket is associated with the slice URN
#
if ($ticket->owner_urn() ne $ENV{'GENIURN'}) {
if ($ticket->slice_urn() ne $slice_urn) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"This is not your ticket");
"This ticket does not belong to your slice");
}
#
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment