class OpenNebula::ServerCipherAuth

Server authentication class. This method can be used by OpenNebula services to let access authenticated users by other means. It is based on OpenSSL symmetric ciphers

Constants

CIPHER

Constants with paths to relevant files and defaults

Public Class Methods

new(srv_user, srv_passwd) click to toggle source
# File lib/opennebula/server_cipher_auth.rb, line 37
def initialize(srv_user, srv_passwd)
    @srv_user   = srv_user
    @srv_passwd = srv_passwd 

    if !srv_passwd.empty?
        @key = Digest::SHA1.hexdigest(@srv_passwd)
    else
        @key = ""
    end

    @cipher = OpenSSL::Cipher::Cipher.new(CIPHER)
end
new_client(srv_user=nil, srv_passwd=nil) click to toggle source

Creates a ServerCipher for client usage

# File lib/opennebula/server_cipher_auth.rb, line 55
def self.new_client(srv_user=nil, srv_passwd=nil)
    if ( srv_user == nil || srv_passwd == nil ) 
        begin
            if ENV["ONE_CIPHER_AUTH"] and !ENV["ONE_CIPHER_AUTH"].empty?
                one_auth = File.read(ENV["ONE_CIPHER_AUTH"])
            else
                raise "ONE_CIPHER_AUTH environment variable not set"
            end

            one_auth.rstrip!

            rc =  one_auth.match(/(.*?):(.*)/)
            
            if rc.nil?
                raise "Bad format for one_auth token (<user>:<passwd>)"
            else 
                srv_user   = rc[1]
                srv_passwd = rc[2]
            end
        rescue => e
            raise e.message
        end
    end 

    self.new(srv_user, srv_passwd)
end
new_driver() click to toggle source

Creates a ServerCipher for driver usage

# File lib/opennebula/server_cipher_auth.rb, line 105
def self.new_driver()
    self.new("","")
end

Public Instance Methods

authenticate(srv_user,srv_pass, signed_text) click to toggle source

auth method for auth_mad

# File lib/opennebula/server_cipher_auth.rb, line 110
def authenticate(srv_user,srv_pass, signed_text)
    begin
        @key = srv_pass
        
        s_user, t_user, expires = decrypt(signed_text).split(':')

        return "User name missmatch" if s_user != srv_user
         
        return "login token expired" if Time.now.to_i >= expires.to_i

        return true
    rescue => e
        return e.message
    end
end
login_token(expire, target_user=nil) click to toggle source

Generates a login token in the form:

- server_user:target_user:time_expires

The token is then encrypted with the contents of one_auth

# File lib/opennebula/server_cipher_auth.rb, line 85
def login_token(expire, target_user=nil)
    target_user ||= @srv_user
    token_txt   =   "#{@srv_user}:#{target_user}:#{expire}"

    token   = encrypt(token_txt)
    token64 = Base64::encode64(token).strip.delete("\n")

    return "#{@srv_user}:#{target_user}:#{token64}"
end
password() click to toggle source

Returns a valid password string to create a user using this auth driver

# File lib/opennebula/server_cipher_auth.rb, line 96
def password
    return @srv_passwd
end

Private Instance Methods

decrypt(data) click to toggle source
# File lib/opennebula/server_cipher_auth.rb, line 138
def decrypt(data) 
    @cipher.decrypt
    @cipher.key = @key
    
    rc = @cipher.update(Base64::decode64(data))
    rc << @cipher.final

    return rc
end
encrypt(data) click to toggle source
# File lib/opennebula/server_cipher_auth.rb, line 128
def encrypt(data) 
    @cipher.encrypt
    @cipher.key = @key
    
    rc = @cipher.update(data)
    rc << @cipher.final

    return rc
end