Commit ab0e8a0d authored by Gary Wong's avatar Gary Wong
Browse files

Reinstate the detection and update of stale slice expiry times.

This was introduced in commit 1aa4572f and reverted in
85688e0c.
parent 69376200
......@@ -2287,20 +2287,18 @@ sub Credential2SliceAggregate($)
"Duplicate slice URN already exists here"));
}
if ($credential->expires() gt $slice->expires()) {
#
# The credential presented lasts longer than we thought the
# slice did: our expiry date must have been stale. This can
# happen because the SA is always free to extend the lifetime
# of a slice, and is not required to tell us.
#
# If the slice has already expired, then the expiration daemon will
# take care of this, and lets not get in the way of that.
# The user needed to renew the slice to prevent it.
#
# If not expired, still do nothing; it is up to the user to renew
# the sliver.
#
;
# This is important, because we use the slice expiry time
# for a whole bunch of validity checks. Requiring the user
# to renew their sliver is not sufficient, because they might
# not even HAVE a sliver (and if we don't keep the slice
# expiry time right, they might not have permission to create
# one, either).
$slice->SetExpiration( $credential->expires() );
}
$aggregate = GeniAggregate->SliceAggregate($slice);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment