class OpenNebula::ServerCipherAuth
Server authentication class. This method can be used by OpenNebula services to let access authenticated users by other means. It is based on OpenSSL symmetric ciphers
Constants
- CIPHER
Constants with paths to relevant files and defaults
Public Class Methods
new(srv_user, srv_passwd)
click to toggle source
# File lib/opennebula/server_cipher_auth.rb, line 37 def initialize(srv_user, srv_passwd) @srv_user = srv_user @srv_passwd = srv_passwd if !srv_passwd.empty? @key = Digest::SHA1.hexdigest(@srv_passwd) else @key = "" end @cipher = OpenSSL::Cipher::Cipher.new(CIPHER) end
new_client(srv_user=nil, srv_passwd=nil)
click to toggle source
Creates a ServerCipher for client usage
# File lib/opennebula/server_cipher_auth.rb, line 55 def self.new_client(srv_user=nil, srv_passwd=nil) if ( srv_user == nil || srv_passwd == nil ) begin if ENV["ONE_CIPHER_AUTH"] and !ENV["ONE_CIPHER_AUTH"].empty? one_auth = File.read(ENV["ONE_CIPHER_AUTH"]) else raise "ONE_CIPHER_AUTH environment variable not set" end one_auth.rstrip! rc = one_auth.match(/(.*?):(.*)/) if rc.nil? raise "Bad format for one_auth token (<user>:<passwd>)" else srv_user = rc[1] srv_passwd = rc[2] end rescue => e raise e.message end end self.new(srv_user, srv_passwd) end
new_driver()
click to toggle source
Creates a ServerCipher for driver usage
# File lib/opennebula/server_cipher_auth.rb, line 105 def self.new_driver() self.new("","") end
Public Instance Methods
authenticate(srv_user,srv_pass, signed_text)
click to toggle source
auth method for auth_mad
# File lib/opennebula/server_cipher_auth.rb, line 110 def authenticate(srv_user,srv_pass, signed_text) begin @key = srv_pass s_user, t_user, expires = decrypt(signed_text).split(':') return "User name missmatch" if s_user != srv_user return "login token expired" if Time.now.to_i >= expires.to_i return true rescue => e return e.message end end
login_token(expire, target_user=nil)
click to toggle source
Generates a login token in the form:
- server_user:target_user:time_expires
The token is then encrypted with the contents of one_auth
# File lib/opennebula/server_cipher_auth.rb, line 85 def login_token(expire, target_user=nil) target_user ||= @srv_user token_txt = "#{@srv_user}:#{target_user}:#{expire}" token = encrypt(token_txt) token64 = Base64::encode64(token).strip.delete("\n") return "#{@srv_user}:#{target_user}:#{token64}" end
password()
click to toggle source
Returns a valid password string to create a user using this auth driver
# File lib/opennebula/server_cipher_auth.rb, line 96 def password return @srv_passwd end
Private Instance Methods
decrypt(data)
click to toggle source
# File lib/opennebula/server_cipher_auth.rb, line 138 def decrypt(data) @cipher.decrypt @cipher.key = @key rc = @cipher.update(Base64::decode64(data)) rc << @cipher.final return rc end
encrypt(data)
click to toggle source
# File lib/opennebula/server_cipher_auth.rb, line 128 def encrypt(data) @cipher.encrypt @cipher.key = @key rc = @cipher.update(data) rc << @cipher.final return rc end