Commit 75f89a35 authored by Gary Wong's avatar Gary Wong

Add support for sub-authorities.

Generate authority certificates for local sub-authorities (i.e. authorities
corresponding to a local project) on demand.

Map per-project URLs to the same XMLRPC server handled in the context of
the authority for the specified project.

Make the SA give out per-project credentials when it's asked for a
GetCredential in a sub-authority.
parent ce0d0261
......@@ -57,10 +57,36 @@ sub Lookup($$)
DBQueryWarn("select uuid from geni_authorities ".
"where urn='$token'");
return undef
if (! $query_result || !$query_result->numrows);
if( $query_result && $query_result->numrows ) {
($uuid) = $query_result->fetchrow_array();
} else {
# A lexically valid name, which isn't in the authority
# database. First, we check if the authority corresponds
# to a valid local project: we generate those on demand.
my ($auth, $type, $id) = GeniHRN::Parse( $token );
if( $type eq "authority" && $auth =~ /^@OURDOMAIN@:([-\w]+)$/ ) {
my $pid = $1;
require Project;
my $project = Project->Lookup($pid);
return undef if (!defined($project));
my $url = "@TBBASE@/protogeni/xmlrpc/project/$pid/$id";
my $cert = GeniCertificate->Create(
{ "urn" => GeniHRN::Generate( "@OURDOMAIN@:$pid",
"authority", $id ),
"url" => $url,
"email" => "@TBOPSEMAIL@",
"hrn" => "@OURDOMAIN@.$pid.$id" } );
return GeniAuthority->Create( $cert, $url, $id );
}
($uuid) = $query_result->fetchrow_array();
return undef;
}
}
elsif ($token =~ /^\w+\-\w+\-\w+\-\w+\-\w+$/) {
$uuid = $token;
......
......@@ -462,7 +462,8 @@ sub Register($)
$expires = $when;
}
my $urn = GeniHRN::Generate( "@OURDOMAIN@", "slice", $hrn );
my ($ourdomain, undef, undef) = GeniHRN::Parse( $ENV{ 'MYURN' } );
my $urn = GeniHRN::Generate( $ourdomain, "slice", $hrn );
#
# When using this interface, the HRN does not correspond to an
......
......@@ -49,7 +49,7 @@ my %GENI_MODULES = ( "cm" => "@prefix@/lib/protogeni-cm.pm",
# These variables are shared with the loaded module.
use vars qw($EMULAB_PEMFILE $GENI_METHODS $GENI_VERSION
$GENI_RESPONSE_CONVERTER);
$GENI_RESPONSE_CONVERTER $PROJECT);
# Testbed libraries.
use lib '@prefix@/lib';
......@@ -158,6 +158,17 @@ if (exists($ENV{'PATH_INFO'}) && $ENV{'PATH_INFO'} ne "") {
my @parts = split(/\//, $pathinfo);
if (@parts) {
my $m = shift(@parts);
if( $m eq "project" ) {
if (@parts) {
my $p = shift(@parts);
if ($p =~ /^[-\w]+$/) {
$PROJECT = "$p";
}
if (@parts) {
$m = shift(@parts);
}
}
}
if ($m =~ /^[-\w]+$/) {
$MODULE = $m;
if (@parts) {
......@@ -251,12 +262,27 @@ if (!(defined($GENI_METHODS) && defined($EMULAB_PEMFILE))) {
# So we know who/what we are acting as.
#
my $certificate = GeniCertificate->LoadFromFile($EMULAB_PEMFILE);
if (!defined($certificate)) {
die("*** $0:\n".
" Could not get uuid from $EMULAB_PEMFILE\n");
}
$ENV{'MYUUID'} = $certificate->uuid();
$ENV{'MYURN'} = $certificate->urn();
if( $PROJECT ) {
my $name = GeniHRN::Generate( "@OURDOMAIN@:$PROJECT", "authority",
$MODULE );
my $authority = GeniAuthority->Lookup( $name );
if (!defined($authority)) {
die("*** $0:\n".
" Could not resolve requested authority\n");
}
$ENV{'MYUUID'} = $authority->uuid();
$ENV{'MYURN'} = $authority->urn();
} else {
$ENV{'MYUUID'} = $certificate->uuid();
$ENV{'MYURN'} = $certificate->urn();
}
#
# Create and set our RPC context for any calls we end up making.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment