From 092d4b554012f0fc2c9b01d582c79fc3b1d478f3 Mon Sep 17 00:00:00 2001
From: Tony Mack <tmack@cs.princeton.edu>
Date: Thu, 19 Aug 2010 19:26:09 +0000
Subject: [PATCH] should be passing the caller's gid not the delegee's gid to
 Credential.set_issuer_keys() when delegating

---
 sfa/client/sfi.py       |  8 ++++++--
 sfa/trust/credential.py | 15 ++++++++-------
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py
index e8b3b1a0..bec38d39 100755
--- a/sfa/client/sfi.py
+++ b/sfa/client/sfi.py
@@ -611,13 +611,17 @@ class Sfi:
         if not object_cred.get_privileges().get_all_delegate():
             print "Error: Object credential", object_hrn, "does not have delegate bit set"
             return
-    
+
+        # the delegating user's gid
+        caller_gid = self._get_gid(self.user)
+        caller_gidfile = os.path.join(self.options.sfi_dir, self.user + ".gid")
+  
         # the gid of the user who will be delegated to
         delegee_gid = self._get_gid(hrn)
         delegee_hrn = delegee_gid.get_hrn()
         delegee_gidfile = os.path.join(self.options.sfi_dir, delegee_hrn + ".gid")
         delegee_gid.save_to_file(filename=delegee_gidfile)
-        dcred = object_cred.delegate(delegee_gidfile, self.get_key_file())
+        dcred = object_cred.delegate(delegee_gidfile, self.get_key_file(), caller_gidfile)
         return dcred.save_to_string(save_parents=True)
      
     # removed named registry record
diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py
index 46205ead..4735a696 100644
--- a/sfa/trust/credential.py
+++ b/sfa/trust/credential.py
@@ -780,7 +780,7 @@ class Credential(object):
             parent_cred.verify_parent(parent_cred.parent)
 
 
-    def delegate(self, delegee_gidfile, keyfile):
+    def delegate(self, delegee_gidfile, caller_keyfile, caller_gidfile):
         """
         Return a delegated copy of this credential, delegated to the 
         specified gid's user.    
@@ -792,18 +792,19 @@ class Credential(object):
         # the hrn of the user who will be delegated to
         delegee_gid = GID(filename=delegee_gidfile)
         delegee_hrn = delegee_gid.get_hrn()
-   
-        user_key = Keypair(filename=keyfile)
-        user_hrn = self.get_gid_caller().get_hrn()
+  
+        #user_key = Keypair(filename=keyfile)
+        #user_hrn = self.get_gid_caller().get_hrn()
         subject_string = "%s delegated to %s" % (object_hrn, delegee_hrn)
         dcred = Credential(subject=subject_string)
         dcred.set_gid_caller(delegee_gid)
         dcred.set_gid_object(object_gid)
-        privs = self.get_privileges()
+        dcred.set_parent(self)
+        dcred.set_lifetime(self.get_lifetime())
         dcred.set_privileges(self.get_privileges())
         dcred.get_privileges().delegate_all_privileges(True)
-        dcred.set_issuer_keys(keyfile, delegee_gidfile)
-        dcred.set_parent(self)
+        #dcred.set_issuer_keys(keyfile, delegee_gidfile)
+        dcred.set_issuer_keys(caller_keyfile, caller_gidfile)
         dcred.encode()
         dcred.sign()
 
-- 
2.43.0