Commit bfe00a60 authored by Gary Wong's avatar Gary Wong
Browse files

Tweak generated credentials: set the expiration time in the future, and

allow delegation by default.
parent 6557ef96
...@@ -322,9 +322,9 @@ sub Sign($$) ...@@ -322,9 +322,9 @@ sub Sign($$)
return -1 return -1
if (!ref($self)); if (!ref($self));
# If no capabilities, then allow all rights, no delegation. # If no capabilities, then allow all rights, with delegation.
if (!defined($self->capabilities())) { if (!defined($self->capabilities())) {
$self->AddCapability("*", 0); $self->AddCapability("*", 1);
} }
# This little wrapup is for xmlout. # This little wrapup is for xmlout.
my $cap_xml = "<privileges>\n"; my $cap_xml = "<privileges>\n";
...@@ -369,6 +369,12 @@ sub Sign($$) ...@@ -369,6 +369,12 @@ sub Sign($$)
} }
my $owner_cert = $self->owner_cert()->cert(); my $owner_cert = $self->owner_cert()->cert();
# Credential expiration: hard-code to 24 hours from now.
my @expt = gmtime( time() + 24 * 60 * 60 );
my $expiry = sprintf( "%04d-%02d-%02dT%02d:%02d:%02d",
$expt[ 5 ] + 1900, $expt[ 4 ] + 1, $expt[ 3 ],
$expt[ 2 ], $expt[ 1 ], $expt[ 0 ] );
# #
# Create a template xml file to sign. # Create a template xml file to sign.
# #
...@@ -380,7 +386,7 @@ sub Sign($$) ...@@ -380,7 +386,7 @@ sub Sign($$)
" <owner_gid>$owner_cert</owner_gid>\n". " <owner_gid>$owner_cert</owner_gid>\n".
" <target_gid>$target_cert</target_gid>\n". " <target_gid>$target_cert</target_gid>\n".
" <uuid>$cred_uuid</uuid>\n". " <uuid>$cred_uuid</uuid>\n".
" <expires>2008-05-10T09:00:00</expires>\n". " <expires>$expiry</expires>\n".
" $cap_xml\n". " $cap_xml\n".
"</credential>\n"; "</credential>\n";
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment