ssp_for_opennebula.patch
opennebula-3.8.1_patched//install.sh 2013-01-04 14:21:18.868462395 +0100 | ||
---|---|---|
509 | 509 |
SUNSTONE_PUBLIC_VENDOR_JQUERYUI:$SUNSTONE_LOCATION/public/vendor/jQueryUI |
510 | 510 |
SUNSTONE_PUBLIC_VENDOR_JQUERYUIIMAGES:$SUNSTONE_LOCATION/public/vendor/jQueryUI/images |
511 | 511 |
SUNSTONE_PUBLIC_VENDOR_JQUERYLAYOUT:$SUNSTONE_LOCATION/public/vendor/jQueryLayout |
512 |
SUNSTONE_PUBLIC_VENDOR_JQUERYCOOKIE:$SUNSTONE_LOCATION/public/vendor/jQueryCookie |
|
512 | 513 |
SUNSTONE_PUBLIC_VENDOR_FLOT:$SUNSTONE_LOCATION/public/vendor/flot |
513 | 514 |
SUNSTONE_PUBLIC_VENDOR_FILEUPLOADER:$SUNSTONE_LOCATION/public/vendor/fileuploader |
514 | 515 |
SUNSTONE_PUBLIC_VENDOR_FONTAWESOME:$SUNSTONE_LOCATION/public/vendor/FontAwesome |
... | ... | |
1120 | 1121 |
src/cloud/common/CloudAuth/SunstoneCloudAuth.rb \ |
1121 | 1122 |
src/cloud/common/CloudAuth/EC2CloudAuth.rb \ |
1122 | 1123 |
src/cloud/common/CloudAuth/X509CloudAuth.rb \ |
1123 |
src/cloud/common/CloudAuth/OpenNebulaCloudAuth.rb" |
|
1124 |
src/cloud/common/CloudAuth/OpenNebulaCloudAuth.rb \ |
|
1125 |
src/cloud/common/CloudAuth/SSPCloudAuth.rb \ |
|
1126 |
src/cloud/common/CloudAuth/ssp_helper.rb" |
|
1124 | 1127 | |
1125 | 1128 |
#------------------------------------------------------------------------------- |
1126 | 1129 |
# EC2 Query for OpenNebula |
... | ... | |
1342 | 1345 |
SUNSTONE_VIEWS_FILES="src/sunstone/views/index.erb \ |
1343 | 1346 |
src/sunstone/views/login.erb \ |
1344 | 1347 |
src/sunstone/views/_login_standard.erb \ |
1345 |
src/sunstone/views/_login_x509.erb" |
|
1348 |
src/sunstone/views/_login_x509.erb \ |
|
1349 |
src/sunstone/views/_login_ssp.erb" |
|
1346 | 1350 | |
1347 | 1351 |
SUNSTONE_PUBLIC_JS_FILES="src/sunstone/public/js/layout.js \ |
1348 | 1352 |
src/sunstone/public/js/login.js \ |
1353 |
src/sunstone/public/js/login_ssp.js \ |
|
1349 | 1354 |
src/sunstone/public/js/sunstone.js \ |
1350 | 1355 |
src/sunstone/public/js/sunstone-util.js \ |
1351 | 1356 |
src/sunstone/public/js/opennebula.js \ |
... | ... | |
1421 | 1426 |
src/sunstone/public/vendor/jQueryLayout/layout-default-latest.css \ |
1422 | 1427 |
src/sunstone/public/vendor/jQueryLayout/jquery.layout-latest.min.js \ |
1423 | 1428 |
src/sunstone/public/vendor/jQueryLayout/NOTICE" |
1429 |
|
|
1430 |
SUNSTONE_PUBLIC_VENDOR_JQUERYCOOKIE="\ |
|
1431 |
src/sunstone/public/vendor/jQueryCookie/jquery-cookie.js" |
|
1424 | 1432 | |
1425 | 1433 |
SUNSTONE_PUBLIC_VENDOR_FLOT="\ |
1426 | 1434 |
src/sunstone/public/vendor/flot/jquery.flot.min.js \ |
opennebula-3.8.1_patched//src/cloud/common/CloudAuth/SSPCloudAuth.rb 2012-12-21 11:53:07.000000000 +0100 | ||
---|---|---|
1 |
# -------------------------------------------------------------------------- # |
|
2 |
# Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org) # |
|
3 |
# # |
|
4 |
# Licensed under the Apache License, Version 2.0 (the "License"); you may # |
|
5 |
# not use this file except in compliance with the License. You may obtain # |
|
6 |
# a copy of the License at # |
|
7 |
# # |
|
8 |
# http://www.apache.org/licenses/LICENSE-2.0 # |
|
9 |
# # |
|
10 |
# Unless required by applicable law or agreed to in writing, software # |
|
11 |
# distributed under the License is distributed on an "AS IS" BASIS, # |
|
12 |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # |
|
13 |
# See the License for the specific language governing permissions and # |
|
14 |
# limitations under the License. # |
|
15 |
#--------------------------------------------------------------------------- # |
|
16 | ||
17 |
DIR=File.dirname(__FILE__) |
|
18 |
$: << DIR |
|
19 | ||
20 |
require 'ssp_helper.rb' |
|
21 |
require 'xmlrpc/client' |
|
22 |
require 'rubygems' |
|
23 |
require 'nokogiri' |
|
24 |
require 'json' |
|
25 |
require 'net/http' |
|
26 | ||
27 |
# @mainpage SSP Cloud Auth module for OpenNebula Sunstone |
|
28 |
# |
|
29 |
# @section desc Description |
|
30 |
# This is a new authentication module for OpenNebula Sunstone. In its name SSP means |
|
31 |
# Simple SAML PHP (http://simplesamlphp.org/). |
|
32 |
# SSP Cloud Auth module is useful, when a SingleSignOn is login needed, which service is realised |
|
33 |
# with SimpleSAMLphp. In this case, login handled by SimpleSAMLphp and so the Sunstone |
|
34 |
# auth module (this one) makes only the identification of the users. \n |
|
35 |
# If new user wants to login, this module creates a new account for the user. |
|
36 |
# |
|
37 |
# @section conf Configuration |
|
38 |
# Configuration file is at the end of the main Sunstone configuration file (sunstone-server.conf). |
|
39 |
module SSPCloudAuth |
|
40 | ||
41 |
attr_accessor :sessionid, :session |
|
42 |
|
|
43 |
@sessionid='' |
|
44 |
@session='' |
|
45 | ||
46 |
# original do_auth function |
|
47 |
# gets login datas from SimpleSAMLphp and authenticates the user |
|
48 |
# if new user wants to login, then creates its user |
|
49 |
# updates user's group |
|
50 |
# @param params['ssp_sessionid'] SSP session id from cookie |
|
51 |
# @return username if authentication success |
|
52 |
def do_auth(env, params={}) |
|
53 |
auth = Rack::Auth::Basic::Request.new(env) |
|
54 | ||
55 |
# initialize some variable |
|
56 |
@sessionid=params['ssp_sessionid'] |
|
57 | ||
58 |
if auth.provided? && auth.basic? |
|
59 | ||
60 |
# create helper |
|
61 |
ssp=SSP_Helper.new |
|
62 | ||
63 |
# get login datas from ssp |
|
64 |
@session=ssp.get_ssp_session(@sessionid) |
|
65 | ||
66 |
# test if user is authorized |
|
67 |
if (@session['is_auth']!=true) |
|
68 |
return nil |
|
69 |
end |
|
70 | ||
71 |
# get name from session |
|
72 |
@username=@session['data']['eduPersonPrincipalName'].join |
|
73 | ||
74 |
# if any privilege was sent then get it; if it was not sent and strict auth needed then deny login |
|
75 |
if @session['data'].has_key?('eduPersonEntitlement') |
|
76 |
@groupname=@session['data']['eduPersonEntitlement'].join |
|
77 |
else |
|
78 |
@groupname='' |
|
79 |
end |
|
80 | ||
81 |
# if new user wants to login then create it |
|
82 |
if ssp.get_userid(@username).empty? |
|
83 |
ssp.create_user(@username) |
|
84 |
end |
|
85 | ||
86 |
# update user's group |
|
87 |
ssp.update_group(@username,@groupname) |
|
88 | ||
89 |
return @username |
|
90 |
end |
|
91 | ||
92 |
return nil |
|
93 |
end |
|
94 |
end |
opennebula-3.8.1_patched//src/cloud/common/CloudAuth/ssp_helper.rb 2012-12-21 11:53:54.000000000 +0100 | ||
---|---|---|
1 |
# -------------------------------------------------------------------------- # |
|
2 |
# Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org) # |
|
3 |
# # |
|
4 |
# Licensed under the Apache License, Version 2.0 (the "License"); you may # |
|
5 |
# not use this file except in compliance with the License. You may obtain # |
|
6 |
# a copy of the License at # |
|
7 |
# # |
|
8 |
# http://www.apache.org/licenses/LICENSE-2.0 # |
|
9 |
# # |
|
10 |
# Unless required by applicable law or agreed to in writing, software # |
|
11 |
# distributed under the License is distributed on an "AS IS" BASIS, # |
|
12 |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # |
|
13 |
# See the License for the specific language governing permissions and # |
|
14 |
# limitations under the License. # |
|
15 |
#--------------------------------------------------------------------------- # |
|
16 | ||
17 |
# Helper class to call methods in SSPCloudAuth module |
|
18 |
class SSP_Helper |
|
19 | ||
20 |
attr_accessor :one_xmlrpc, :one_auth, :one_location, :config |
|
21 | ||
22 |
# initalize some instance variable |
|
23 |
def initialize |
|
24 |
@one_location='' |
|
25 |
|
|
26 |
# get ssp configuration |
|
27 |
if @one_location.empty? |
|
28 |
etc_location="/etc/one" |
|
29 |
else |
|
30 |
etc_location=@one_location+"/etc" |
|
31 |
end |
|
32 | ||
33 |
configuration_file=etc_location+"/sunstone-server.conf" |
|
34 | ||
35 |
begin |
|
36 |
@config = YAML.load_file(configuration_file) |
|
37 |
rescue Exception => e |
|
38 |
STDERR.puts "Error parsing config file #{configuration_file}: #{e.message}" |
|
39 |
exit 1 |
|
40 |
end |
|
41 | ||
42 |
@one_xmlrpc=@config[:one_xmlrpc] |
|
43 |
@one_auth=@config[:one_auth_for_ssp] |
|
44 |
end |
|
45 | ||
46 |
# creating new user |
|
47 |
# @param username username of user to be created |
|
48 |
def create_user(username) |
|
49 |
server=XMLRPC::Client.new2(@one_xmlrpc) |
|
50 |
|
|
51 |
session_string=self.get_credential["username"]+":"+self.get_credential["password"] |
|
52 |
|
|
53 |
begin |
|
54 |
response=server.call("one.user.allocate",session_string,username,self.generate_password,'') |
|
55 |
rescue Exception => e |
|
56 |
[false, e.message] |
|
57 |
end |
|
58 |
end |
|
59 | ||
60 |
# update user's group or create it's group |
|
61 |
# @param username username's group will be updated |
|
62 |
# @param groupname user's group |
|
63 |
def update_group(username,groupname) |
|
64 |
server=XMLRPC::Client.new2(@one_xmlrpc) |
|
65 |
|
|
66 |
session_string=self.get_credential["username"]+":"+self.get_credential["password"] |
|
67 | ||
68 |
if groupname.empty? |
|
69 |
groupname='users' |
|
70 |
end |
|
71 | ||
72 |
if self.get_groupid(groupname).empty? |
|
73 |
self.create_group(groupname) |
|
74 |
end |
|
75 | ||
76 |
begin |
|
77 |
response=server.call("one.user.chgrp",session_string,self.get_userid(username).to_i,self.get_groupid(groupname).to_i) |
|
78 |
rescue Exception => e |
|
79 |
[false, e.message] |
|
80 |
end |
|
81 |
end |
|
82 | ||
83 |
# get username and password from $ONE_AUTH file |
|
84 |
# @return username and password in a Hash |
|
85 |
def get_credential |
|
86 |
credential=Hash.new |
|
87 |
|
|
88 |
if File.readable?(@one_auth) |
|
89 |
File.open(@one_auth, 'r') do |line| |
|
90 |
auth_line=line.gets.strip |
|
91 |
auth_line=auth_line.split(':') |
|
92 | ||
93 |
credential["username"]=auth_line[0] |
|
94 |
credential["password"]=auth_line[1] |
|
95 |
end |
|
96 |
else |
|
97 |
# TODO: write error into log (SSP_Helper ERROR: $ONE_AUTH file is not readable) |
|
98 |
raise "one auth file not readable" |
|
99 |
end |
|
100 |
return credential |
|
101 |
end |
|
102 | ||
103 |
# get user's ID |
|
104 |
# @param username username |
|
105 |
# @return user's ID |
|
106 |
def get_userid(username) |
|
107 |
server=XMLRPC::Client.new2(@one_xmlrpc) |
|
108 |
|
|
109 |
session_string=self.get_credential["username"]+":"+self.get_credential["password"] |
|
110 |
|
|
111 |
begin |
|
112 |
response=server.call("one.userpool.info",session_string) |
|
113 |
rescue Exception => e |
|
114 |
[false, e.message] |
|
115 |
end |
|
116 | ||
117 |
xml=Nokogiri::XML(response[1]) |
|
118 |
return xml.xpath('//USER[NAME=\''+username+'\']/ID').inner_text |
|
119 |
end |
|
120 | ||
121 |
# get group ID of a group |
|
122 |
# @param groupname groupname |
|
123 |
# @return group's ID |
|
124 |
def get_groupid(groupname) |
|
125 |
server=XMLRPC::Client.new2(@one_xmlrpc) |
|
126 |
|
|
127 |
session_string=self.get_credential["username"]+":"+self.get_credential["password"] |
|
128 |
|
|
129 |
begin |
|
130 |
response=server.call("one.grouppool.info",session_string) |
|
131 |
rescue Exception => e |
|
132 |
[false, e.message] |
|
133 |
end |
|
134 | ||
135 |
xml=Nokogiri::XML(response[1]) |
|
136 |
return xml.xpath('//GROUP[NAME=\''+groupname+'\']/ID').inner_text |
|
137 |
end |
|
138 | ||
139 |
# creating new group |
|
140 |
# @param groupname groupname of group to be created |
|
141 |
def create_group(groupname) |
|
142 |
server=XMLRPC::Client.new2(@one_xmlrpc) |
|
143 |
|
|
144 |
session_string=self.get_credential["username"]+":"+self.get_credential["password"] |
|
145 |
|
|
146 |
begin |
|
147 |
response=server.call("one.group.allocate",session_string,groupname) |
|
148 |
rescue Exception => e |
|
149 |
[false, e.message] |
|
150 |
end |
|
151 |
end |
|
152 | ||
153 |
# create random password for new users |
|
154 |
# @return random password |
|
155 |
def generate_password |
|
156 |
return rand(36**20).to_s(36) |
|
157 |
end |
|
158 | ||
159 |
# get ssp session variable in JSON format |
|
160 |
# @param sessionid ssp session id from cookie |
|
161 |
# @return ssp_session ssp session in JSON format |
|
162 |
def get_ssp_session(sessionid) |
|
163 |
url=URI.parse(@config[:ssp_host]) |
|
164 |
http=Net::HTTP.new(url.host,url.port) |
|
165 |
req=Net::HTTP::Get.new(@config[:ssp_loginvalidator]+sessionid) |
|
166 |
if url.scheme=='https' |
|
167 |
http.use_ssl=true |
|
168 |
http.verify_mode=OpenSSL::SSL::VERIFY_NONE |
|
169 |
end |
|
170 |
res=http.request(req) |
|
171 |
ssp_session_json=res.body |
|
172 |
ssp_session=JSON.parse(ssp_session_json) |
|
173 |
return ssp_session |
|
174 |
end |
|
175 | ||
176 |
# is user authorized in ssp? |
|
177 |
# @param sessionid ssp session id from cookie |
|
178 |
# @return true if user is authorized |
|
179 |
def authorized?(sessionid) |
|
180 |
if sessionid.nil? or get_ssp_session(sessionid)['is_auth']!=true |
|
181 |
return false |
|
182 |
else |
|
183 |
return true |
|
184 |
end |
|
185 |
end |
|
186 | ||
187 |
end |
opennebula-3.8.1_patched//src/cloud/common/CloudAuth.rb 2012-12-11 18:20:46.000000000 +0100 | ||
---|---|---|
21 | 21 |
AUTH_MODULES = { |
22 | 22 |
"occi" => 'OCCICloudAuth', |
23 | 23 |
"sunstone" => 'SunstoneCloudAuth' , |
24 |
"ssp" => 'SSPCloudAuth' , |
|
24 | 25 |
"ec2" => 'EC2CloudAuth', |
25 | 26 |
"x509" => 'X509CloudAuth', |
26 | 27 |
"opennebula" => 'OpenNebulaCloudAuth' |
... | ... | |
158 | 159 |
raise rc.message if OpenNebula.is_error?(rc) |
159 | 160 |
} |
160 | 161 |
end |
161 |
end |
|
162 |
end |
opennebula-3.8.1_patched//src/sunstone/etc/sunstone-server.conf 2012-12-18 11:58:11.000000000 +0100 | ||
---|---|---|
50 | 50 |
# opennebula, the authentication will be done by the opennebula core using the |
51 | 51 |
# driver defined for the user |
52 | 52 |
# |
53 |
:auth: sunstone
|
|
53 |
:auth: ssp
|
|
54 | 54 | |
55 | 55 |
# Authentication driver to communicate with OpenNebula core |
56 | 56 |
# cipher, for symmetric cipher encryption of tokens |
... | ... | |
113 | 113 |
#:routes: |
114 | 114 |
# - custom |
115 | 115 |
# - other |
116 | ||
117 |
################################################################################ |
|
118 |
## SSP Auth module |
|
119 |
################################################################################# |
|
120 |
# |
|
121 |
## ssp_sessionid: Simple SAML PHP session ID cookie name. |
|
122 |
## ssp_host: Simple SAML PHP host url. |
|
123 |
## ssp_loginpage: Simple SAML PHP login page. |
|
124 |
## ssp_loginvalidator: Simple SAML PHP login validator script path. This |
|
125 |
## script authenticates users in Simple SAML PHP and |
|
126 |
## gets login data in JSON format. |
|
127 |
## ssp_logoutpage: Simple SAML PHP logout page. |
|
128 |
## one_auth_for_ssp: one_auth file location |
|
129 |
:ssp_sessionid: PHPSESSID |
|
130 |
:ssp_host: http://192.168.204.100 |
|
131 |
:ssp_loginpage: /simplesaml/module.php/core/as_login.php?AuthId=default-sp&ReturnTo=/one/ |
|
132 |
:ssp_loginvalidator: /simplesaml/module.php/getSession/index.php?sessid= |
|
133 |
:ssp_logoutpage: /simplesaml/module.php/core/as_logout.php?AuthId=default-sp&ReturnTo=/simplesaml/logout.php |
|
134 |
:one_auth_for_ssp: /var/lib/one/.one/one_auth |
opennebula-3.8.1_patched//src/sunstone/public/js/login_ssp.js 2012-12-11 18:20:46.000000000 +0100 | ||
---|---|---|
1 |
/* -------------------------------------------------------------------------- */ |
|
2 |
/* Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org) */ |
|
3 |
/* */ |
|
4 |
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */ |
|
5 |
/* not use this file except in compliance with the License. You may obtain */ |
|
6 |
/* a copy of the License at */ |
|
7 |
/* */ |
|
8 |
/* http://www.apache.org/licenses/LICENSE-2.0 */ |
|
9 |
/* */ |
|
10 |
/* Unless required by applicable law or agreed to in writing, software */ |
|
11 |
/* distributed under the License is distributed on an "AS IS" BASIS, */ |
|
12 |
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */ |
|
13 |
/* See the License for the specific language governing permissions and */ |
|
14 |
/* limitations under the License. */ |
|
15 |
/* -------------------------------------------------------------------------- */ |
|
16 | ||
17 |
function auth_success(req, response){ |
|
18 |
window.location.href = "."; |
|
19 |
} |
|
20 | ||
21 |
function auth_error(req, error){ |
|
22 | ||
23 |
var status = error.error.http_status; |
|
24 | ||
25 |
switch (status){ |
|
26 |
case 401: |
|
27 |
$("#error_box").text("Invalid username or password"); |
|
28 |
break; |
|
29 |
case 500: |
|
30 |
$("#error_box").text("OpenNebula is not running or there was a server exception. Please check the server logs."); |
|
31 |
break; |
|
32 |
case 0: |
|
33 |
$("#error_box").text("No answer from server. Is it running?"); |
|
34 |
break; |
|
35 |
default: |
|
36 |
$("#error_box").text("Unexpected error. Status "+status+". Check the server logs."); |
|
37 |
}; |
|
38 |
$("#error_box").fadeIn("slow"); |
|
39 |
} |
|
40 | ||
41 |
function authenticate(){ |
|
42 |
var username = ''; |
|
43 |
var password = ''; |
|
44 |
var remember = true; |
|
45 | ||
46 |
$("#error_box").fadeOut("slow"); |
|
47 | ||
48 |
OpenNebula.Auth.login({ data: {username: username |
|
49 |
, password: password} |
|
50 |
, remember: remember |
|
51 |
, success: auth_success |
|
52 |
, error: auth_error |
|
53 |
}); |
|
54 |
} |
|
55 | ||
56 |
function getInternetExplorerVersion(){ |
|
57 |
// Returns the version of Internet Explorer or a -1 |
|
58 |
// (indicating the use of another browser). |
|
59 |
var rv = -1; // Return value assumes failure. |
|
60 |
if (navigator.appName == 'Microsoft Internet Explorer') |
|
61 |
{ |
|
62 |
var ua = navigator.userAgent; |
|
63 |
var re = new RegExp("MSIE ([0-9]{1,}[\.0-9]{0,})"); |
|
64 |
if (re.exec(ua) != null) |
|
65 |
rv = parseFloat( RegExp.$1 ); |
|
66 |
} |
|
67 |
return rv; |
|
68 |
} |
|
69 | ||
70 |
function checkVersion(){ |
|
71 |
var ver = getInternetExplorerVersion(); |
|
72 | ||
73 |
if ( ver > -1 ){ |
|
74 |
msg = ver <= 7.0 ? "You are using an old version of IE. \ |
|
75 |
Please upgrade or use Firefox or Chrome for full compatibility." : |
|
76 |
"OpenNebula Sunstone is best seen with Chrome or Firefox"; |
|
77 |
$("#error_box").text(msg); |
|
78 |
$("#error_box").fadeIn('slow'); |
|
79 |
} |
|
80 |
} |
|
81 | ||
82 |
$(document).ready(function(){ |
|
83 | ||
84 |
var pathname=$(location).attr('href'); |
|
85 |
$.ajax({ |
|
86 |
type: 'GET', |
|
87 |
url:pathname, |
|
88 |
complete: function(XMLHttpRequest,textStatus){ |
|
89 |
authenticate(); |
|
90 |
return false; |
|
91 |
} |
|
92 |
}); |
|
93 |
//compact login elements according to screen height |
|
94 |
if (screen.height <= 600){ |
|
95 |
$('div#logo_sunstone').css("top","15px"); |
|
96 |
$('.error_message').css("top","10px"); |
|
97 |
}; |
|
98 | ||
99 |
checkVersion(); |
|
100 |
}); |
opennebula-3.8.1_patched//src/sunstone/public/js/sunstone.js 2012-12-11 18:20:46.000000000 +0100 | ||
---|---|---|
399 | 399 |
//This variables can be used anywhere |
400 | 400 |
switch(whichUI()){ |
401 | 401 |
case "sunstone": |
402 |
username = cookie["one-user"];
|
|
402 |
username = decodeURIComponent(cookie["one-user"]);
|
|
403 | 403 |
uid = cookie["one-user_id"]; |
404 | 404 |
gid = cookie["one-user_gid"]; |
405 | 405 |
break; |
406 | 406 |
case "ozones": |
407 |
username = cookie["ozones-user"];
|
|
407 |
username = decodeURIComponent(cookie["ozones-user"]);
|
|
408 | 408 |
break; |
409 | 409 |
case "selfservice": |
410 |
username = cookie["occi-user"];
|
|
410 |
username = decodeURIComponent(cookie["occi-user"]);
|
|
411 | 411 |
uid = cookie["occi-user-id"]; |
412 | 412 |
break; |
413 | 413 |
}; |
... | ... | |
416 | 416 |
$("div#header span#user").html(username); |
417 | 417 | |
418 | 418 |
$("div#header a#logout").click(function(){ |
419 |
redirect = function(){window.location.href = "login";}; |
|
419 |
if ($.cookie("ssp_logoutpage") == undefined) |
|
420 |
redirect = function(){window.location.href = "login";}; |
|
421 |
else { |
|
422 |
redirect = function(){window.location.href = $.cookie("ssp_logoutpage");}; |
|
423 |
} |
|
420 | 424 |
switch(whichUI()){ |
421 | 425 |
case "sunstone": |
422 | 426 |
OpenNebula.Auth.logout({success:redirect}); |
opennebula-3.8.1_patched//src/sunstone/public/vendor/jQueryCookie/jquery-cookie.js 2012-12-11 18:20:46.000000000 +0100 | ||
---|---|---|
1 |
/*jshint eqnull:true */ |
|
2 |
/*! |
|
3 |
* jQuery Cookie Plugin v1.1 |
|
4 |
* https://github.com/carhartl/jquery-cookie |
|
5 |
* |
|
6 |
* Copyright 2011, Klaus Hartl |
|
7 |
* Dual licensed under the MIT or GPL Version 2 licenses. |
|
8 |
* http://www.opensource.org/licenses/mit-license.php |
|
9 |
* http://www.opensource.org/licenses/GPL-2.0 |
|
10 |
*/ |
|
11 |
(function($, document) { |
|
12 | ||
13 |
var pluses = /\+/g; |
|
14 |
function raw(s) { |
|
15 |
return s; |
|
16 |
} |
|
17 |
function decoded(s) { |
|
18 |
return decodeURIComponent(s.replace(pluses, ' ')); |
|
19 |
} |
|
20 | ||
21 |
$.cookie = function(key, value, options) { |
|
22 | ||
23 |
// key and at least value given, set cookie... |
|
24 |
if (arguments.length > 1 && (!/Object/.test(Object.prototype.toString.call(value)) || value == null)) { |
|
25 |
options = $.extend({}, $.cookie.defaults, options); |
|
26 | ||
27 |
if (value == null) { |
|
28 |
options.expires = -1; |
|
29 |
} |
|
30 | ||
31 |
if (typeof options.expires === 'number') { |
|
32 |
var days = options.expires, t = options.expires = new Date(); |
|
33 |
t.setDate(t.getDate() + days); |
|
34 |
} |
|
35 | ||
36 |
value = String(value); |
|
37 | ||
38 |
return (document.cookie = [ |
|
39 |
encodeURIComponent(key), '=', options.raw ? value : encodeURIComponent(value), |
|
40 |
options.expires ? '; expires=' + options.expires.toUTCString() : '', // use expires attribute, max-age is not supported by IE |
|
41 |
options.path ? '; path=' + options.path : '', |
|
42 |
options.domain ? '; domain=' + options.domain : '', |
|
43 |
options.secure ? '; secure' : '' |
|
44 |
].join('')); |
|
45 |
} |
|
46 | ||
47 |
// key and possibly options given, get cookie... |
|
48 |
options = value || $.cookie.defaults || {}; |
|
49 |
var decode = options.raw ? raw : decoded; |
|
50 |
var cookies = document.cookie.split('; '); |
|
51 |
for (var i = 0, parts; (parts = cookies[i] && cookies[i].split('=')); i++) { |
|
52 |
if (decode(parts.shift()) === key) { |
|
53 |
return decode(parts.join('=')); |
|
54 |
} |
|
55 |
} |
|
56 |
return null; |
|
57 |
}; |
|
58 | ||
59 |
$.cookie.defaults = {}; |
|
60 | ||
61 |
})(jQuery, document); |
|
62 |
opennebula-3.8.1_patched//src/sunstone/sunstone-server.rb 2012-12-11 18:20:46.000000000 +0100 | ||
---|---|---|
41 | 41 | |
42 | 42 |
$: << RUBY_LIB_LOCATION |
43 | 43 |
$: << RUBY_LIB_LOCATION+'/cloud' |
44 |
$: << RUBY_LIB_LOCATION+'/cloud/CloudAuth' |
|
44 | 45 |
$: << SUNSTONE_ROOT_DIR |
45 | 46 |
$: << SUNSTONE_ROOT_DIR+'/models' |
46 | 47 | |
... | ... | |
58 | 59 |
require 'SunstoneServer' |
59 | 60 |
require 'SunstonePlugins' |
60 | 61 | |
62 |
require 'ssp_helper' |
|
61 | 63 | |
62 | 64 |
############################################################################## |
63 | 65 |
# Configuration |
... | ... | |
77 | 79 |
#Sinatra configuration |
78 | 80 | |
79 | 81 |
set :config, conf |
80 |
set :bind, settings.config[:host]
|
|
81 |
set :port, settings.config[:port]
|
|
82 |
set :bind, conf[:host]
|
|
83 |
set :port, conf[:port]
|
|
82 | 84 | |
83 | 85 |
use Rack::Session::Pool, :key => 'sunstone' |
84 | 86 | |
85 | 87 |
# Enable logger |
86 | 88 | |
87 | 89 |
include CloudLogger |
88 |
enable_logging SUNSTONE_LOG, settings.config[:debug_level].to_i |
|
89 | ||
90 |
logger = enable_logging SUNSTONE_LOG, conf[:debug_level].to_i |
|
90 | 91 |
begin |
91 | 92 |
ENV["ONE_CIPHER_AUTH"] = SUNSTONE_AUTH |
92 |
cloud_auth = CloudAuth.new(settings.config, settings.logger)
|
|
93 |
cloud_auth = CloudAuth.new(conf, logger)
|
|
93 | 94 |
rescue => e |
94 |
settings.logger.error { |
|
95 |
"Error initializing authentication system" } |
|
96 |
settings.logger.error { e.message } |
|
95 |
logger.error { "Error initializing authentication system" } |
|
96 |
logger.error { e.message } |
|
97 | 97 |
exit -1 |
98 | 98 |
end |
99 | 99 | |
... | ... | |
102 | 102 |
#start VNC proxy |
103 | 103 | |
104 | 104 |
configure do |
105 |
vnc = OpenNebulaVNC.new(conf, logger) |
|
106 | ||
105 | 107 |
set :run, false |
106 |
set :vnc, OpenNebulaVNC.new(conf, settings.logger) |
|
107 |
settings.vnc.start() |
|
108 |
set :vnc, vnc |
|
109 | ||
110 |
vnc.start() |
|
111 | ||
108 | 112 |
Kernel.at_exit do |
109 |
settings.vnc.stop
|
|
113 |
vnc.stop |
|
110 | 114 |
end |
111 | 115 |
end |
112 | 116 | |
... | ... | |
120 | 124 | |
121 | 125 |
def build_session |
122 | 126 |
begin |
127 |
if settings.config[:auth]=='ssp' |
|
128 |
response.set_cookie('ssp_logoutpage',settings.config[:ssp_host]+settings.config[:ssp_logoutpage]) |
|
129 |
params['ssp_sessionid']=request.cookies[settings.config[:ssp_sessionid]] |
|
130 |
end |
|
123 | 131 |
result = settings.cloud_auth.auth(request.env, params) |
124 | 132 |
rescue Exception => e |
125 | 133 |
logger.error { e.message } |
... | ... | |
211 | 219 |
############################################################################## |
212 | 220 |
# Custom routes |
213 | 221 |
############################################################################## |
214 |
if settings.config[:routes]
|
|
215 |
settings.config[:routes].each { |route|
|
|
222 |
if conf[:routes]
|
|
223 |
conf[:routes].each { |route|
|
|
216 | 224 |
require "routes/#{route}" |
217 | 225 |
} |
218 | 226 |
end |
... | ... | |
222 | 230 |
############################################################################## |
223 | 231 |
get '/' do |
224 | 232 |
content_type 'text/html', :charset => 'utf-8' |
233 | ||
234 |
if settings.config[:auth]=='ssp' |
|
235 |
ssp_sessionid=request.cookies[settings.config[:ssp_sessionid]] |
|
236 |
ssp=SSP_Helper.new |
|
237 |
if not ssp.authorized?(ssp_sessionid) |
|
238 |
redirect settings.config[:ssp_host]+settings.config[:ssp_loginpage], 302 |
|
239 |
end |
|
240 |
end |
|
241 | ||
225 | 242 |
if !authorized? |
226 | 243 |
return erb :login |
227 | 244 |
end |
opennebula-3.8.1_patched//src/sunstone/views/index.erb 2012-12-11 18:20:46.000000000 +0100 | ||
---|---|---|
16 | 16 |
<script type="text/javascript" src="vendor/jGrowl/jquery.jgrowl_minimized.js"></script> |
17 | 17 |
<script type="text/javascript" src="vendor/jQueryUI/jquery-ui-1.8.16.custom.min.js"></script> |
18 | 18 |
<script type="text/javascript" src="vendor/jQueryLayout/jquery.layout-latest.min.js"></script> |
19 |
<script type="text/javascript" src="vendor/jQueryCookie/jquery-cookie.js"></script> |
|
19 | 20 |
<script type="text/javascript" src="vendor/dataTables/jquery.dataTables.min.js"></script> |
20 | 21 |
<script type="text/javascript" src="vendor/dataTables/ColVis.min.js"></script> |
21 | 22 |
<!-- <script type="text/javascript" src="vendor/dataTables/ColReorderWithResize.js"></script>--> |
opennebula-3.8.1_patched//src/sunstone/views/login.erb 2012-12-11 18:20:46.000000000 +0100 | ||
---|---|---|
16 | 16 |
<![endif]--> |
17 | 17 | |
18 | 18 |
<script type="text/javascript" src="js/opennebula.js"></script> |
19 |
<script type="text/javascript" src="js/login.js"></script> |
|
19 |
<% if settings.config[:auth] == "ssp" %> |
|
20 |
<script type="text/javascript" src="js/login_ssp.js"></script> |
|
21 |
<% else %> |
|
22 |
<script type="text/javascript" src="js/login.js"></script> |
|
23 |
<% end %> |
|
20 | 24 | |
21 | 25 |
</head> |
22 | 26 | |
... | ... | |
30 | 34 | |
31 | 35 |
<% if settings.config[:auth] == "x509" %> |
32 | 36 |
<%= erb :_login_x509 %> |
37 |
<% elsif settings.config[:auth] == "ssp" %> |
|
38 |
<%= erb :_login_ssp %> |
|
33 | 39 |
<% else %> |
34 | 40 |
<%= erb :_login_standard %> |
35 | 41 |
<% end %> |
opennebula-3.8.1_patched//src/sunstone/views/_login_ssp.erb 2012-12-11 18:20:46.000000000 +0100 | ||
---|---|---|
1 |
<div id="wrapper"> |
|
2 |
<div id="logo_sunstone"> |
|
3 |
</div> |
|
4 | ||
5 |
<div id="error_box" class="error_message ui-state-error ui-corner-all"> |
|
6 |
</div> |
|
7 | ||
8 |
</div> |