Class: ApacheAuthTkt
- Inherits:
-
Object
- Object
- ApacheAuthTkt
- Defined in:
- lib/apache_auth_tkt.rb
Instance Attribute Summary collapse
-
#base64encode ⇒ Object
Returns the value of attribute base64encode.
-
#conf_file ⇒ Object
Returns the value of attribute conf_file.
-
#digest_type ⇒ Object
Returns the value of attribute digest_type.
-
#error ⇒ Object
Returns the value of attribute error.
-
#ipaddr ⇒ Object
Returns the value of attribute ipaddr.
-
#lifetime ⇒ Object
Returns the value of attribute lifetime.
-
#secret ⇒ Object
Returns the value of attribute secret.
Instance Method Summary collapse
- #_get_secret(filename) ⇒ Object
-
#create_ticket(user_opts = {}) ⇒ Object
based on meso.net/mod_auth_tkt.
- #expired?(tkt) ⇒ Boolean
- #get_digest(ts, ipaddr, user, tokens, data) ⇒ Object
-
#initialize(args) ⇒ ApacheAuthTkt
constructor
A new instance of ApacheAuthTkt.
-
#ip2long(ip) ⇒ Object
from meso.net/mod_auth_tkt function adapted according to php: generates an IPv4 Internet network address from its Internet standard format (dotted string) representation.
- #parse_ticket(tkt) ⇒ Object
- #validate_ticket(tkt, ipaddr = '0.0.0.0') ⇒ Object
Constructor Details
#initialize(args) ⇒ ApacheAuthTkt
Returns a new instance of ApacheAuthTkt.
33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'lib/apache_auth_tkt.rb', line 33 def initialize(args) #puts args.inspect # set defaults if (args.has_key? :ipaddr) @ipaddr = args[:ipaddr] else @ipaddr = '0.0.0.0' end if (args.has_key? :secret) @secret = args[:secret] elsif (args.has_key? :conf_file) @secret = _get_secret(args[:conf_file]) if (!@secret.length) raise "Can't parse secret from " + args[:conf_file] end else raise "Must pass 'secret' or 'conf_file'" end if (args[:digest_type]) @digest_type = args[:digest_type] else @digest_type = 'md5' end if (args.has_key? :base64encode) @base64encode = args[:base64encode] else @base64encode = true end if (args.has_key? :lifetime) @lifetime = args[:lifetime] else # 8 hours. @lifetime = 28800 end end |
Instance Attribute Details
#base64encode ⇒ Object
Returns the value of attribute base64encode.
30 31 32 |
# File 'lib/apache_auth_tkt.rb', line 30 def base64encode @base64encode end |
#conf_file ⇒ Object
Returns the value of attribute conf_file.
28 29 30 |
# File 'lib/apache_auth_tkt.rb', line 28 def conf_file @conf_file end |
#digest_type ⇒ Object
Returns the value of attribute digest_type.
27 28 29 |
# File 'lib/apache_auth_tkt.rb', line 27 def digest_type @digest_type end |
#error ⇒ Object
Returns the value of attribute error.
29 30 31 |
# File 'lib/apache_auth_tkt.rb', line 29 def error @error end |
#ipaddr ⇒ Object
Returns the value of attribute ipaddr.
26 27 28 |
# File 'lib/apache_auth_tkt.rb', line 26 def ipaddr @ipaddr end |
#lifetime ⇒ Object
Returns the value of attribute lifetime.
31 32 33 |
# File 'lib/apache_auth_tkt.rb', line 31 def lifetime @lifetime end |
#secret ⇒ Object
Returns the value of attribute secret.
25 26 27 |
# File 'lib/apache_auth_tkt.rb', line 25 def secret @secret end |
Instance Method Details
#_get_secret(filename) ⇒ Object
76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 |
# File 'lib/apache_auth_tkt.rb', line 76 def _get_secret(filename) # based on http://meso.net/mod_auth_tkt if (!File.file? filename) raise "#{filename} is not a file" end secret_str = '' open(filename) do |file| file.each do |line| if line.include? 'TKTAuthSecret' secret_str = line.gsub('TKTAuthSecret', '').strip.gsub("\"", '').gsub("'",'') break end end end return secret_str end |
#create_ticket(user_opts = {}) ⇒ Object
based on meso.net/mod_auth_tkt
105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 |
# File 'lib/apache_auth_tkt.rb', line 105 def create_ticket(user_opts={}) = { :user => 'guest', :tokens => '', :user_data => '', :ignore_ip => false, :ts => Time.now.to_i }.merge(user_opts) = [:ts] ip_address = [:ignore_ip] ? '0.0.0.0' : @ipaddr digest = get_digest(, ip_address, [:user], [:tokens], [:user_data]) tkt = sprintf("%s%08x%s!%s!%s", digest, , [:user], [:tokens], [:user_data]) if (@base64encode) tkt = Base64.encode64(tkt).gsub("\n", '').strip end return tkt end |
#expired?(tkt) ⇒ Boolean
196 197 198 199 200 201 202 203 |
# File 'lib/apache_auth_tkt.rb', line 196 def expired?(tkt) return false if @lifetime.nil? parsed = self.parse_ticket(tkt) if (!parsed) return false end !(parsed[:ts] + @lifetime >= Time.now.to_i) end |
#get_digest(ts, ipaddr, user, tokens, data) ⇒ Object
127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 |
# File 'lib/apache_auth_tkt.rb', line 127 def get_digest(ts, ipaddr, user, tokens, data) ipts = [ip2long(ipaddr), ts].pack("NN") digest0 = nil digest = nil raw = ipts + @secret + user + "\0" + tokens + "\0" + data if (@digest_type == 'md5') digest0 = Digest::MD5.hexdigest(raw) digest = Digest::MD5.hexdigest(digest0 + @secret) elsif (@digest_type == 'sha256') digest0 = Digest::SHA256.hexdigest(raw) digest = Digest::SHA256.hexdigest(digest0 + @secret) else raise "unsupported digest type: " + @digest_type end return digest end |
#ip2long(ip) ⇒ Object
from meso.net/mod_auth_tkt function adapted according to php: generates an IPv4 Internet network address from its Internet standard format (dotted string) representation.
96 97 98 99 100 101 102 |
# File 'lib/apache_auth_tkt.rb', line 96 def ip2long(ip) long = 0 ip.split( /\./ ).reverse.each_with_index do |x, i| long += x.to_i << ( i * 8 ) end long end |
#parse_ticket(tkt) ⇒ Object
157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 |
# File 'lib/apache_auth_tkt.rb', line 157 def parse_ticket(tkt) # strip possible lead/trail quotes tkt = tkt.gsub(/^"|"$/,'') # test if base64 encoded before decoding if (@base64encode && tkt.length % 4 == 0 && tkt =~ /^[A-Za-z0-9+\/=]+\Z/) tkt = Base64.decode64(tkt) end # sanity checks if (tkt.length < 40) @error = "ticket string too short" return false end if (!tkt.index('!')) @error = "ticket missing !" return false end # parse it parts = tkt.split(/\!/) parsed = {:tokens => '', :data => ''} if (packed = parts[0].match('^(.{32})(.{8})(.+)$')) parsed[:digest] = packed[1] parsed[:ts] = packed[2].hex parsed[:user] = packed[3] if (parts.length == 3) parsed[:tokens] = parts[1] parsed[:data] = parts[2] elsif (parts.length == 2) parsed[:tokens] = parts[1] end else @error = "invalid ticket pattern" return false end return parsed end |
#validate_ticket(tkt, ipaddr = '0.0.0.0') ⇒ Object
144 145 146 147 148 149 150 151 152 153 154 155 |
# File 'lib/apache_auth_tkt.rb', line 144 def validate_ticket(tkt, ipaddr='0.0.0.0') parsed = parse_ticket(tkt) if (!parsed) return false end expected_digest = get_digest(parsed[:ts], ipaddr, parsed[:user], parsed[:tokens], parsed[:data]) if (expected_digest == parsed[:digest]) return parsed else return false end end |