Commit dfaa3bc2 authored by Gary Wong's avatar Gary Wong

Merged Srikanth's CM admin credential changes.

From branch 'srikanth' of repository:
    git-public.flux.utah.edu:/flux/git/users/srikanth/emulab-devel
parents 2bb6a567 658b0ccb
...@@ -558,6 +558,7 @@ sub SliverAction($$$$) ...@@ -558,6 +558,7 @@ sub SliverAction($$$$)
(defined($slice_urn) || defined($sliver_urns)))) { (defined($slice_urn) || defined($sliver_urns)))) {
return GeniResponse->MalformedArgsResponse("Missing arguments"); return GeniResponse->MalformedArgsResponse("Missing arguments");
} }
my $credential = CheckCredentials($credentials); my $credential = CheckCredentials($credentials);
return $credential return $credential
if (GeniResponse::IsResponse($credential)); if (GeniResponse::IsResponse($credential));
...@@ -571,6 +572,21 @@ sub SliverAction($$$$) ...@@ -571,6 +572,21 @@ sub SliverAction($$$$)
# For now, only allow top level aggregate or the slice # For now, only allow top level aggregate or the slice
# #
my ($slice, $aggregate) = Credential2SliceAggregate($credential); my ($slice, $aggregate) = Credential2SliceAggregate($credential);
# find out the component manager URN.
my $cm_urn = GeniHRN::Generate($OURDOMAIN, "authority", "cm");
if ((!defined($slice)) && ($credential->target_urn() =~ "+authority+cm")) {
# administrative credentials are presented.
if ($cm_urn != $credential->target_urn() {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN(), undef,
"Credential target does not match CM URN");
}
if(!defined($slice_urn)){
return GeniResponse->MalformedArgsResponse("Missing arguments");
}
$slice = GeniSlice->Lookup($slice_urn);
}
if (! (defined($slice) && defined($aggregate))) { if (! (defined($slice) && defined($aggregate))) {
return GeniResponse->Create(GENIRESPONSE_BADARGS, undef, return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
"No slice or aggregate here"); "No slice or aggregate here");
......
#!/usr/bin/perl -wT
#
# GENIPUBLIC-COPYRIGHT
# Copyright (c) 2008-2009 University of Utah and the Flux Group.
# All rights reserved.
#
use strict;
use Exporter;
use vars qw(@ISA @EXPORT);
@ISA = "Exporter";
@EXPORT = qw ( );
use GeniCredential;
use GeniCertificate;
use GeniAuthority;
use GeniHRN;
use GeniResponse;
use GeniUser;
sub CreateAdminCredential()
{
my $owner_urn = shift;
my $target_cm_urn = shift;
#
# Must be an emulab user who is talking to us.
# If any of the URN specified is invalid do not accept.
if (! (GeniHRN::IsValid($owner_urn) && GeniHRN::IsValid($target_cm_urn))) {
return GeniResponse->MalformedArgsResponse();
}
my $geniuser = GeniUser->Lookup($owner_urn);
if (!defined($geniuser)) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN,
undef, "Who are you?");
}
my $authority = GeniAuthority->Lookup($target_cm_urn);
if (!defined($authority)) {
print STDERR "Could not find local authority object for $target_cm_urn\n";
return GeniResponse->Create(GENIRESPONSE_ERROR);
}
my $credential =
GeniCredential->CreateSigned($authority,
$geniuser,
$GeniCredential::LOCALSA_FLAG);
return GeniResponse->Create(GENIRESPONSE_ERROR)
if (!defined($credential));
return GeniResponse->Create(GENIRESPONSE_SUCCESS,
$credential->asString());
}
print CreateAdminCredential @ARGV
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment