Commit 69837f72 authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Bug fix for "not your ticket" error wrt local user/projects.

parent d5baa3c2
......@@ -1511,12 +1511,20 @@ sub UpdateTicket($)
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
$GeniTicket::CreateFromSignedError);
}
#
# We need the user to sign the new ticket.
#
my $user = GeniCM::CreateUserFromCertificate($credential);
return $user
if (GeniResponse::IsResponse($user));
#
# Make sure the ticket was issued to the caller. Note special
# case for speaksfor.
# Make sure the ticket was issued to the caller.
#
if ($ticket->owner_urn() ne
(defined($speaksfor) ? $speaksfor->target_urn() : $ENV{'GENIURN'})) {
if ($ticket->owner_urn() ne $user->urn()) {
print STDERR $ticket->owner_urn() . "\n";
print STDERR $user->urn() . "\n";
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"This is not your ticket");
}
......@@ -1529,13 +1537,6 @@ sub UpdateTicket($)
"This ticket is for another slice");
}
#
# We need the user to sign the new ticket to.
#
my $user = GeniCM::CreateUserFromCertificate($credential);
return $user
if (GeniResponse::IsResponse($user));
return GeniCM::GetTicketAuxAux($slice, $user,
$rspecstr, 1, $impotent, 1, 1, $ticket,
[$credential, @morecreds], $speaksfor);
......@@ -1648,11 +1649,18 @@ sub RedeemTicket($)
$GeniTicket::CreateFromSignedError);
}
#
# Make sure the ticket was issued to the caller. Note special
# case for speaksfor.
# We need the user to sign the new ticket.
#
my $user = GeniCM::CreateUserFromCertificate($credential);
return $user
if (GeniResponse::IsResponse($user));
#
# Make sure the ticket was issued to the caller.
#
if ($ticket->owner_urn() ne
(defined($speaksfor) ? $speaksfor->target_urn() : $ENV{'GENIURN'})) {
if ($ticket->owner_urn() ne $user->urn()) {
print STDERR $ticket->owner_urn() . "\n";
print STDERR $user->urn() . "\n";
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"This is not your ticket");
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment