Commit 9ce773b0 authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Allow credentials that are delegated to the local authority so that we

can pass additional credentials, those that are not owned by the user.
parent 98b0eeaf
#!/usr/bin/perl -wT
#
# Copyright (c) 2008-2015 University of Utah and the Flux Group.
# Copyright (c) 2008-2016 University of Utah and the Flux Group.
#
# {{{GENIPUBLIC-LICENSE
#
......@@ -362,7 +362,10 @@ sub CheckCredentials($;$)
$error = $cred;
goto bad;
}
if ($cred->owner_urn() ne $speaksfor->target_urn()) {
# We also allow credentials whose target is the
# local authority.
if ($cred->owner_urn() ne $speaksfor->target_urn() &&
$cred->owner_urn() ne $ENV{'MYURN'}) {
$error = GeniResponse->Create(GENIRESPONSE_FORBIDDEN,
undef,
"Credential owner does not match speaksfor target");
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment