Class: OpenNebula::ServerCipherAuth
- Inherits:
-
Object
- Object
- OpenNebula::ServerCipherAuth
- Defined in:
- lib/opennebula/server_cipher_auth.rb
Overview
Server authentication class. This method can be used by OpenNebula services to let access authenticated users by other means. It is based on OpenSSL symmetric ciphers
Constant Summary collapse
- CIPHER =
Constants with paths to relevant files and defaults
"aes-256-cbc"
Class Method Summary collapse
-
.new_client(srv_user = nil, srv_passwd = nil) ⇒ Object
Creates a ServerCipher for client usage.
-
.new_driver ⇒ Object
Creates a ServerCipher for driver usage.
Instance Method Summary collapse
-
#authenticate(srv_user, srv_pass, signed_text) ⇒ Object
auth method for auth_mad.
-
#initialize(srv_user, srv_passwd) ⇒ ServerCipherAuth
constructor
A new instance of ServerCipherAuth.
-
#login_token(expire, target_user = nil) ⇒ Object
Generates a login token in the form: - server_user:target_user:time_expires The token is then encrypted with the contents of one_auth.
-
#password ⇒ Object
Returns a valid password string to create a user using this auth driver.
Constructor Details
#initialize(srv_user, srv_passwd) ⇒ ServerCipherAuth
Returns a new instance of ServerCipherAuth.
37 38 39 40 41 42 43 44 45 46 47 48 |
# File 'lib/opennebula/server_cipher_auth.rb', line 37 def initialize(srv_user, srv_passwd) @srv_user = srv_user @srv_passwd = srv_passwd if !srv_passwd.empty? @key = Digest::SHA1.hexdigest(@srv_passwd) else @key = "" end @cipher = OpenSSL::Cipher::Cipher.new(CIPHER) end |
Class Method Details
.new_client(srv_user = nil, srv_passwd = nil) ⇒ Object
Creates a ServerCipher for client usage
55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
# File 'lib/opennebula/server_cipher_auth.rb', line 55 def self.new_client(srv_user=nil, srv_passwd=nil) if ( srv_user == nil || srv_passwd == nil ) begin if ENV["ONE_CIPHER_AUTH"] and !ENV["ONE_CIPHER_AUTH"].empty? one_auth = File.read(ENV["ONE_CIPHER_AUTH"]) else raise "ONE_CIPHER_AUTH environment variable not set" end one_auth.rstrip! rc = one_auth.match(/(.*?):(.*)/) if rc.nil? raise "Bad format for one_auth token (<user>:<passwd>)" else srv_user = rc[1] srv_passwd = rc[2] end rescue => e raise e. end end self.new(srv_user, srv_passwd) end |
.new_driver ⇒ Object
Creates a ServerCipher for driver usage
105 106 107 |
# File 'lib/opennebula/server_cipher_auth.rb', line 105 def self.new_driver() self.new("","") end |
Instance Method Details
#authenticate(srv_user, srv_pass, signed_text) ⇒ Object
auth method for auth_mad
110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 |
# File 'lib/opennebula/server_cipher_auth.rb', line 110 def authenticate(srv_user,srv_pass, signed_text) begin @key = srv_pass s_user, t_user, expires = decrypt(signed_text).split(':') return "User name missmatch" if s_user != srv_user return "login token expired" if Time.now.to_i >= expires.to_i return true rescue => e return e. end end |
#login_token(expire, target_user = nil) ⇒ Object
Generates a login token in the form:
- server_user:target_user:time_expires
The token is then encrypted with the contents of one_auth
85 86 87 88 89 90 91 92 93 |
# File 'lib/opennebula/server_cipher_auth.rb', line 85 def login_token(expire, target_user=nil) target_user ||= @srv_user token_txt = "#{@srv_user}:#{target_user}:#{expire}" token = encrypt(token_txt) token64 = Base64::encode64(token).strip.delete("\n") return "#{@srv_user}:#{target_user}:#{token64}" end |
#password ⇒ Object
Returns a valid password string to create a user using this auth driver
96 97 98 |
# File 'lib/opennebula/server_cipher_auth.rb', line 96 def password return @srv_passwd end |