LdapCloudAuth.rb
| 1 |
# -------------------------------------------------------------------------- #
|
|---|---|
| 2 |
# Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org) #
|
| 3 |
# #
|
| 4 |
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
|
| 5 |
# not use this file except in compliance with the License. You may obtain #
|
| 6 |
# a copy of the License at #
|
| 7 |
# #
|
| 8 |
# http://www.apache.org/licenses/LICENSE-2.0 #
|
| 9 |
# #
|
| 10 |
# Unless required by applicable law or agreed to in writing, software #
|
| 11 |
# distributed under the License is distributed on an "AS IS" BASIS, #
|
| 12 |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
|
| 13 |
# See the License for the specific language governing permissions and #
|
| 14 |
# limitations under the License. #
|
| 15 |
#--------------------------------------------------------------------------- #
|
| 16 |
|
| 17 |
require 'yaml'
|
| 18 |
require 'ldap_auth'
|
| 19 |
|
| 20 |
module LdapCloudAuth |
| 21 |
def do_auth(env, params={}) |
| 22 |
auth = Rack::Auth::Basic::Request.new(env) |
| 23 |
|
| 24 |
if auth.provided? && auth.basic?
|
| 25 |
username, password = auth.credentials |
| 26 |
|
| 27 |
one_pass = get_password(username, true)
|
| 28 |
|
| 29 |
options=YAML.load(File.read('/etc/one/auth/ldap_auth.conf')) |
| 30 |
ldap=LdapAuth.new(options)
|
| 31 |
user_name=ldap.find_user(username) |
| 32 |
if !user_name || user_name != one_pass
|
| 33 |
return nil |
| 34 |
end
|
| 35 |
if options[:group] |
| 36 |
if !ldap.is_in_group?(user_name, options[:group]) |
| 37 |
return nil |
| 38 |
end
|
| 39 |
end
|
| 40 |
if ldap.authenticate(user_name, password)
|
| 41 |
return username
|
| 42 |
end
|
| 43 |
end
|
| 44 |
|
| 45 |
return nil |
| 46 |
end
|
| 47 |
end
|