Class: Aerospike::LoginCommand

Inherits:
AdminCommand show all
Defined in:
lib/aerospike/command/login_command.rb

Overview

:nodoc:

Constant Summary collapse

SALT = 
'$2a$10$7EqJtq98hPqEX7fNZaFWoO'

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from AdminCommand

#change_password, #create_role, #create_user, #drop_role, #drop_user, #execute_command, #grant_privileges, #grant_roles, #initialize, #parse_allowlist, #parse_info, #parse_privileges, #parse_roles, #parse_roles_full, #parse_users, #query_role, #query_roles, #query_user, #query_users, #read_role_blocks, #read_roles, #read_user_blocks, #read_users, #revoke_privileges, #revoke_roles, #set_allowlist, #set_password, #set_quotas, #write_allowlist, #write_byte, #write_field_bytes, #write_field_header, #write_field_str, #write_field_uint32, #write_header, #write_privileges, #write_roles, #write_size, #write_str

Constructor Details

This class inherits a constructor from Aerospike::AdminCommand

Class Method Details

.hash_password(password) ⇒ Object 



158
159
160
161
 
# File 'lib/aerospike/command/login_command.rb', line 158

def self.hash_password(password)
  # Hashing the password with the cost of 10, with a static salt
  return BCrypt::Engine.hash_secret(password, SALT, :cost => 10)
end

Instance Method Details

#authenticate(conn, user, hashed_pass) ⇒ Object 



32
33
34
35
36
37
38
 
# File 'lib/aerospike/command/login_command.rb', line 32

def authenticate(conn, user, hashed_pass)
  write_header(LOGIN, 2)
  write_field_str(USER, policy.user)
  write_field_bytes(CREDENTIAL, hashed_pass)

  parse_tokens(conn)
end

#authenticate_new(conn, cluster) ⇒ Object 



40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/aerospike/command/login_command.rb', line 40

def authenticate_new(conn, cluster)
  @data_offset = 8
  policy = cluster.client_policy
  case policy.auth_mode
  when Aerospike::AuthMode::EXTERNAL
    write_header(LOGIN, 3)
    write_field_str(USER, policy.user)
    write_field_bytes(CREDENTIAL, cluster.password)
    write_field_str(CLEAR_PASSWORD, policy.password)
  when Aerospike::AuthMode::INTERNAL
    write_header(LOGIN, 2)
    write_field_str(USER, policy.user)
    write_field_bytes(CREDENTIAL, cluster.password)
  when Aerospike::AuthMode::PKI
    write_header(LOGIN, 0)
  else
    raise Exceptions::Aerospike.new(Aerospike::ResultCode::COMMAND_REJECTED, "Invalid client_policy#auth_mode.")
  end

  parse_tokens(conn)
  cluster.session_token = @session_token
  cluster.session_expiration = @session_expiration
end

#authenticate_via_token(conn, cluster) ⇒ Object 



128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
 
# File 'lib/aerospike/command/login_command.rb', line 128

def authenticate_via_token(conn, cluster)
  @data_offset = 8
  policy = cluster.client_policy
  if policy.auth_mode == Aerospike::AuthMode::PKI
    write_header(AUTHENTICATE, 1)
  else
    write_header(AUTHENTICATE, 2)
    write_field_str(USER, policy.user)
  end

  write_field_bytes(SESSION_TOKEN, cluster.session_token) if cluster.session_token
  write_size

  conn.write(@data_buffer, @data_offset)
  conn.read(@data_buffer, HEADER_SIZE)

  result = @data_buffer.read(RESULT_CODE)
  size = @data_buffer.read_int64(0)
  receive_size = (size & 0xFFFFFFFFFFFF) - HEADER_REMAINING
  conn.read(@data_buffer, receive_size)

  if result != 0
    return if result == Aerospike::ResultCode::SECURITY_NOT_ENABLED
    raise Exceptions::Aerospike.new(result, "Authentication failed")
  end

  nil
end

#login(conn, policy) ⇒ Object 



27
28
29
30
 
# File 'lib/aerospike/command/login_command.rb', line 27

def (conn, policy)
    hashed_pass = LoginCommand.hash_password(policy.password)
    authenticate(conn, policy, hashed_pass)
end

#parse_tokens(conn) ⇒ Object 



64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'lib/aerospike/command/login_command.rb', line 64

def parse_tokens(conn)
  begin
    write_size
    conn.write(@data_buffer, @data_offset)
    conn.read(@data_buffer, HEADER_SIZE)

    result = @data_buffer.read(RESULT_CODE)

    if result != 0
      return if result == Aerospike::ResultCode::SECURITY_NOT_ENABLED
      raise Exceptions::Aerospike.new(result, "Authentication failed")
    end

    # read the rest of the buffer
    size = @data_buffer.read_int64(0)
    receive_size = (size & 0xFFFFFFFFFFFF) - HEADER_REMAINING
    field_count = @data_buffer.read(11) & 0xFF

    if receive_size <= 0 || receive_size > @data_buffer.size || field_count <= 0
      raise Exceptions::Aerospike.new(result, "Node failed to retrieve session token")
    end

    if @data_buffer.size < receive_size
      @data_buffer.resize(receive_size)
    end

    conn.read(@data_buffer, receive_size)

    @data_offset = 0
    for i in 0...field_count
      mlen = @data_buffer.read_int32(@data_offset)
      @data_offset += 4
      id = @data_buffer.read(@data_offset)
      @data_offset += 1
      mlen -= 1

      case id
      when SESSION_TOKEN
        # copy the contents of the buffer into a new byte slice
        @session_token = @data_buffer.read(@data_offset, mlen)

      when SESSION_TTL
        # Subtract 60 seconds from TTL so client session expires before server session.
        seconds = @data_buffer.read_int32(@data_offset) - 60

        if seconds > 0
          @session_expiration = Time.now + (seconds/86400)
        else
          Aerospike.logger.warn("Invalid session TTL: #{seconds}")
          raise Exceptions::Aerospike.new(result, "Node failed to retrieve session token")
        end
      end

      @data_offset += mlen
    end

    if !@session_token
      raise Exceptions::Aerospike.new(result, "Node failed to retrieve session token")
    end
  ensure
    Buffer.put(@data_buffer)
  end
end