Class: OpenNebula::ServerCipherAuth

Inherits:
Object
  • Object
show all
Defined in:
lib/opennebula/server_cipher_auth.rb

Overview

Server authentication class. This method can be used by OpenNebula services to let access authenticated users by other means. It is based on OpenSSL symmetric ciphers

Constant Summary collapse

CIPHER =

Constants with paths to relevant files and defaults

"aes-256-cbc"

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(srv_user, srv_passwd) ⇒ ServerCipherAuth

Returns a new instance of ServerCipherAuth.



37
38
39
40
41
42
43
44
45
46
47
48
# File 'lib/opennebula/server_cipher_auth.rb', line 37

def initialize(srv_user, srv_passwd)
    @srv_user   = srv_user
    @srv_passwd = srv_passwd 

    if !srv_passwd.empty?
        @key = Digest::SHA1.hexdigest(@srv_passwd)
    else
        @key = ""
    end

    @cipher = OpenSSL::Cipher::Cipher.new(CIPHER)
end

Class Method Details

.new_client(srv_user = nil, srv_passwd = nil) ⇒ Object

Creates a ServerCipher for client usage



55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# File 'lib/opennebula/server_cipher_auth.rb', line 55

def self.new_client(srv_user=nil, srv_passwd=nil)
    if ( srv_user == nil || srv_passwd == nil ) 
        begin
            if ENV["ONE_CIPHER_AUTH"] and !ENV["ONE_CIPHER_AUTH"].empty?
                one_auth = File.read(ENV["ONE_CIPHER_AUTH"])
            else
                raise "ONE_CIPHER_AUTH environment variable not set"
            end

            one_auth.rstrip!

            rc =  one_auth.match(/(.*?):(.*)/)
            
            if rc.nil?
                raise "Bad format for one_auth token (<user>:<passwd>)"
            else 
                srv_user   = rc[1]
                srv_passwd = rc[2]
            end
        rescue => e
            raise e.message
        end
    end 

    self.new(srv_user, srv_passwd)
end

.new_driverObject

Creates a ServerCipher for driver usage



105
106
107
# File 'lib/opennebula/server_cipher_auth.rb', line 105

def self.new_driver()
    self.new("","")
end

Instance Method Details

#authenticate(srv_user, srv_pass, signed_text) ⇒ Object

auth method for auth_mad



110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# File 'lib/opennebula/server_cipher_auth.rb', line 110

def authenticate(srv_user,srv_pass, signed_text)
    begin
        @key = srv_pass
        
        s_user, t_user, expires = decrypt(signed_text).split(':')

        return "User name missmatch" if s_user != srv_user
         
        return "login token expired" if Time.now.to_i >= expires.to_i

        return true
    rescue => e
        return e.message
    end
end

#login_token(expire, target_user = nil) ⇒ Object

Generates a login token in the form:

- server_user:target_user:time_expires

The token is then encrypted with the contents of one_auth



85
86
87
88
89
90
91
92
93
# File 'lib/opennebula/server_cipher_auth.rb', line 85

def (expire, target_user=nil)
    target_user ||= @srv_user
    token_txt   =   "#{@srv_user}:#{target_user}:#{expire}"

    token   = encrypt(token_txt)
    token64 = Base64::encode64(token).strip.delete("\n")

    return "#{@srv_user}:#{target_user}:#{token64}"
end

#passwordObject

Returns a valid password string to create a user using this auth driver



96
97
98
# File 'lib/opennebula/server_cipher_auth.rb', line 96

def password
    return @srv_passwd
end