Class: OpenNebula::ServerCipherAuth

Inherits:

Object

• Object
• OpenNebula::ServerCipherAuth

Defined in:

lib/opennebula/server_cipher_auth.rb

Overview

Server authentication class. This method can be used by OpenNebula services to let access authenticated users by other means. It is based on OpenSSL symmetric ciphers

Constant Summary

CIPHER =

Constants with paths to relevant files and defaults

"aes-256-cbc"

Class Method Summary

• .new_client(srv_user = nil, srv_passwd = nil) ⇒ Object

  Creates a ServerCipher for client usage.

• .new_driver ⇒ Object

  Creates a ServerCipher for driver usage.

Instance Method Summary

• #authenticate(srv_user, srv_pass, signed_text) ⇒ Object

  auth method for auth_mad.

• #initialize(srv_user, srv_passwd) ⇒ ServerCipherAuth constructor

  A new instance of ServerCipherAuth.

• #login_token(expire, target_user = nil) ⇒ Object

  Generates a login token in the form: - server_user:target_user:time_expires The token is then encrypted with the contents of one_auth.

• #password ⇒ Object

  Returns a valid password string to create a user using this auth driver.

Constructor Details

#initialize(srv_user, srv_passwd) ⇒ ServerCipherAuth

Returns a new instance of ServerCipherAuth.

# File 'lib/opennebula/server_cipher_auth.rb', line 37

def initialize(srv_user, srv_passwd)
    @srv_user   = srv_user
    @srv_passwd = srv_passwd

    if !srv_passwd.empty?
        # truncate token to 32-bytes for Ruby >= 2.4
        @key = Digest::SHA1.hexdigest(@srv_passwd)[0..31]
    else
        @key = ""
    end

    @cipher = OpenSSL::Cipher.new(CIPHER)
end

Class Method Details

.new_client(srv_user = nil, srv_passwd = nil) ⇒ Object

Creates a ServerCipher for client usage

# File 'lib/opennebula/server_cipher_auth.rb', line 56

def self.new_client(srv_user=nil, srv_passwd=nil)
    if ( srv_user == nil || srv_passwd == nil )
        begin
            if ENV["ONE_CIPHER_AUTH"] and !ENV["ONE_CIPHER_AUTH"].empty?
                one_auth = File.read(ENV["ONE_CIPHER_AUTH"])
            else
                raise "ONE_CIPHER_AUTH environment variable not set"
            end

            one_auth.rstrip!

            rc =  one_auth.match(/(.*?):(.*)/)

            if rc.nil?
                raise "Bad format for one_auth token (<user>:<passwd>)"
            else
                srv_user   = rc[1]
                srv_passwd = rc[2]
            end
        rescue => e
            raise e.message
        end
    end

    self.new(srv_user, srv_passwd)
end

.new_driver ⇒ Object

Creates a ServerCipher for driver usage

# File 'lib/opennebula/server_cipher_auth.rb', line 106

def self.new_driver()
    self.new("","")
end

Instance Method Details

#authenticate(srv_user, srv_pass, signed_text) ⇒ Object

auth method for auth_mad

# File 'lib/opennebula/server_cipher_auth.rb', line 111

def authenticate(srv_user, srv_pass, signed_text)
    begin
        # truncate token to 32-bytes for Ruby >= 2.4
        @key = srv_pass[0..31]

        token_array = decrypt(signed_text).split(':')

        s_user  = token_array[0]
        expires = token_array[-1]

        return "User name missmatch" if s_user != srv_user

        return "login token expired" if Time.now.to_i >= expires.to_i

        return true
    rescue => e
        return e.message
    end
end

#login_token(expire, target_user = nil) ⇒ Object

Generates a login token in the form:

- server_user:target_user:time_expires

The token is then encrypted with the contents of one_auth

# File 'lib/opennebula/server_cipher_auth.rb', line 86

def login_token(expire, target_user=nil)
    target_user ||= @srv_user
    token_txt   =   "#{@srv_user}:#{target_user}:#{expire}"

    token   = encrypt(token_txt)
    token64 = Base64::encode64(token).strip.delete("\n")

    return "#{@srv_user}:#{target_user}:#{token64}"
end

#password ⇒ Object

Returns a valid password string to create a user using this auth driver

# File 'lib/opennebula/server_cipher_auth.rb', line 97

def password
    return @srv_passwd
end