Commit bfe00a60 authored by Gary Wong's avatar Gary Wong

Tweak generated credentials: set the expiration time in the future, and

allow delegation by default.
parent 6557ef96
......@@ -322,9 +322,9 @@ sub Sign($$)
return -1
if (!ref($self));
# If no capabilities, then allow all rights, no delegation.
# If no capabilities, then allow all rights, with delegation.
if (!defined($self->capabilities())) {
$self->AddCapability("*", 0);
$self->AddCapability("*", 1);
}
# This little wrapup is for xmlout.
my $cap_xml = "<privileges>\n";
......@@ -369,6 +369,12 @@ sub Sign($$)
}
my $owner_cert = $self->owner_cert()->cert();
# Credential expiration: hard-code to 24 hours from now.
my @expt = gmtime( time() + 24 * 60 * 60 );
my $expiry = sprintf( "%04d-%02d-%02dT%02d:%02d:%02d",
$expt[ 5 ] + 1900, $expt[ 4 ] + 1, $expt[ 3 ],
$expt[ 2 ], $expt[ 1 ], $expt[ 0 ] );
#
# Create a template xml file to sign.
#
......@@ -380,7 +386,7 @@ sub Sign($$)
" <owner_gid>$owner_cert</owner_gid>\n".
" <target_gid>$target_cert</target_gid>\n".
" <uuid>$cred_uuid</uuid>\n".
" <expires>2008-05-10T09:00:00</expires>\n".
" <expires>$expiry</expires>\n".
" $cap_xml\n".
"</credential>\n";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment