Commit ab0e8a0d authored by Gary Wong's avatar Gary Wong
Browse files

Reinstate the detection and update of stale slice expiry times.

This was introduced in commit 1aa4572f and reverted in
85688e0c.
parent 69376200
...@@ -2287,20 +2287,18 @@ sub Credential2SliceAggregate($) ...@@ -2287,20 +2287,18 @@ sub Credential2SliceAggregate($)
"Duplicate slice URN already exists here")); "Duplicate slice URN already exists here"));
} }
if ($credential->expires() gt $slice->expires()) { if ($credential->expires() gt $slice->expires()) {
#
# The credential presented lasts longer than we thought the # The credential presented lasts longer than we thought the
# slice did: our expiry date must have been stale. This can # slice did: our expiry date must have been stale. This can
# happen because the SA is always free to extend the lifetime # happen because the SA is always free to extend the lifetime
# of a slice, and is not required to tell us. # of a slice, and is not required to tell us.
# #
# If the slice has already expired, then the expiration daemon will # This is important, because we use the slice expiry time
# take care of this, and lets not get in the way of that. # for a whole bunch of validity checks. Requiring the user
# The user needed to renew the slice to prevent it. # to renew their sliver is not sufficient, because they might
# # not even HAVE a sliver (and if we don't keep the slice
# If not expired, still do nothing; it is up to the user to renew # expiry time right, they might not have permission to create
# the sliver. # one, either).
# $slice->SetExpiration( $credential->expires() );
;
} }
$aggregate = GeniAggregate->SliceAggregate($slice); $aggregate = GeniAggregate->SliceAggregate($slice);
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment