Class: OpenNebula::ServerX509Auth

Inherits:
X509Auth
  • Object
show all
Defined in:
lib/opennebula/server_x509_auth.rb

Overview

Server authentication class. This authmethod can be used by opennebula services to let access authenticated users by other means. It is based on x509 server certificates

Constant Summary collapse

SERVER_AUTH_CONF_PATH =

Constants with paths to relevant files and defaults

ETC_LOCATION + "/auth/server_x509_auth.conf"
SERVER_DEFAULTS =
{
    :one_cert => ETC_LOCATION + "/auth/cert.pem",
    :one_key  => ETC_LOCATION + "/auth/key.pem"
}

Constants inherited from X509Auth

X509Auth::ETC_LOCATION, X509Auth::X509_AUTH_CONF_PATH, X509Auth::X509_DEFAULTS

Instance Method Summary collapse

Methods inherited from X509Auth

escape_dn, #password, unescape_dn

Constructor Details

#initializeServerX509Auth

Returns a new instance of ServerX509Auth.



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# File 'lib/opennebula/server_x509_auth.rb', line 42

def initialize()
    @options = SERVER_DEFAULTS

    load_options(SERVER_AUTH_CONF_PATH)

    begin
        certs = [ File.read(@options[:one_cert]) ]
        key   =   File.read(@options[:one_key])

        super(:certs_pem => certs, :key_pem => key)
    rescue
        raise
    end

    if @options[:srv_user] == nil || @options[:srv_user].empty?
       raise "User for x509 server not defined"
    end
end

Instance Method Details

#authenticate(server_user, server_pass, signed_text) ⇒ Object

auth method for auth_mad



88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# File 'lib/opennebula/server_x509_auth.rb', line 88

def authenticate(server_user, server_pass, signed_text)
    begin
        token_array = decrypt(signed_text).split(':')

        s_user  = token_array[0]
        expires = token_array[-1]

        return "Server password missmatch" if server_pass != password

        return "User name missmatch" if ( s_user != server_user ||
                                          s_user != @options[:srv_user] )

        return "login token expired" if Time.now.to_i >= expires.to_i

        return true
    rescue => e
        return e.message
    end
end

#login_token(expire, target_user = nil) ⇒ Object

Generates a login token in the form:

- server_user:target_user:time_expires


73
74
75
76
77
78
79
80
81
# File 'lib/opennebula/server_x509_auth.rb', line 73

def (expire, target_user=nil)
    target_user ||= @options[:srv_user]
    token_txt   =   "#{@options[:srv_user]}:#{target_user}:#{expire}"

    token   = encrypt(token_txt)
    token64 = Base64::encode64(token).strip.delete("\n")

    return "#{@options[:srv_user]}:#{target_user}:#{token64}"
end