Commit dfaa3bc2 authored by Gary Wong's avatar Gary Wong

Merged Srikanth's CM admin credential changes.

From branch 'srikanth' of repository:
parents 2bb6a567 658b0ccb
......@@ -558,6 +558,7 @@ sub SliverAction($$$$)
(defined($slice_urn) || defined($sliver_urns)))) {
return GeniResponse->MalformedArgsResponse("Missing arguments");
my $credential = CheckCredentials($credentials);
return $credential
if (GeniResponse::IsResponse($credential));
......@@ -571,6 +572,21 @@ sub SliverAction($$$$)
# For now, only allow top level aggregate or the slice
my ($slice, $aggregate) = Credential2SliceAggregate($credential);
# find out the component manager URN.
my $cm_urn = GeniHRN::Generate($OURDOMAIN, "authority", "cm");
if ((!defined($slice)) && ($credential->target_urn() =~ "+authority+cm")) {
# administrative credentials are presented.
if ($cm_urn != $credential->target_urn() {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN(), undef,
"Credential target does not match CM URN");
return GeniResponse->MalformedArgsResponse("Missing arguments");
$slice = GeniSlice->Lookup($slice_urn);
if (! (defined($slice) && defined($aggregate))) {
return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
"No slice or aggregate here");
#!/usr/bin/perl -wT
# Copyright (c) 2008-2009 University of Utah and the Flux Group.
# All rights reserved.
use strict;
use Exporter;
use vars qw(@ISA @EXPORT);
@ISA = "Exporter";
@EXPORT = qw ( );
use GeniCredential;
use GeniCertificate;
use GeniAuthority;
use GeniHRN;
use GeniResponse;
use GeniUser;
sub CreateAdminCredential()
my $owner_urn = shift;
my $target_cm_urn = shift;
# Must be an emulab user who is talking to us.
# If any of the URN specified is invalid do not accept.
if (! (GeniHRN::IsValid($owner_urn) && GeniHRN::IsValid($target_cm_urn))) {
return GeniResponse->MalformedArgsResponse();
my $geniuser = GeniUser->Lookup($owner_urn);
if (!defined($geniuser)) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN,
undef, "Who are you?");
my $authority = GeniAuthority->Lookup($target_cm_urn);
if (!defined($authority)) {
print STDERR "Could not find local authority object for $target_cm_urn\n";
return GeniResponse->Create(GENIRESPONSE_ERROR);
my $credential =
return GeniResponse->Create(GENIRESPONSE_ERROR)
if (!defined($credential));
return GeniResponse->Create(GENIRESPONSE_SUCCESS,
print CreateAdminCredential @ARGV
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment