0008-Use-signature-instead-of-private-encryption-in-ssh-a.patch

Jean-Philippe Garcia Ballester, 04/17/2013 11:06 AM

     $nokogiri='nokogiri'
     DEFAULT=%w{sunstone quota cloud ozones_server auth_ldap}
     DEFAULT=%w{sunstone quota cloud ozones_server auth_ldap auth_ssh}
     if defined?(RUBY_VERSION) && RUBY_VERSION>="1.8.7"
         SQLITE='sqlite3'
-...
         :ozones_server_sqlite => %w{json sequel}<<SQLITE,
         :ozones_server_mysql => %w{json sequel mysql},
         :auth_ldap => 'net-ldap'
         :auth_ssh => 'net-ssh'
+    }
     PACKAGES=GROUPS.keys
     GEM_TEST={
         'net-ldap' => 'net/ldap'
         'net-ssh' => 'net/ssh'
+    }
     DISTRIBUTIONS={

     #--------------------------------------------------------------------------- #
     require 'rubygems'
     require 'net/ssh'
     require 'pp'
     require 'openssl'
     require 'base64'
-...
             # Generate security token
             time = Time.now.to_i + expire.to_i
             secret_plain   = "#{user}:#{time}"
             secret_crypted = encrypt(secret_plain)
             secret_plain     = "#{user};#{time}"
             secret_signature = sign(secret_plain)
             secret           = "#{secret_plain}@#{secret_signature}"
             proxy = "#{user}:#{secret_crypted}"
             proxy = "#{user}:#{secret}"
             file = File.open(LOGIN_PATH, "w")
             file.write(proxy)
-...
             File.chmod(0600,LOGIN_PATH)
             secret_crypted
             secret
         end
         # Returns a valid password string to create a user using this auth driver.
-...
         # Checks the proxy created with the login method
         def authenticate(user, token)
             begin
                 token_plain = decrypt(token)
                 _user, time = token_plain.split(':')
                 plain_data, signed_data = token.split('@')
                 valid_sig = verify(signed_data, plain_data)
                 _user, time = plain_data.split(';')
                 if user == _user
                 if valid_sig && user == _user
                     if Time.now.to_i >= time.to_i
                         return "ssh proxy expired, login again to renew it"
                     else
-...
             end unless path_or_key.nil?
         end
         # Encrypts data with the private key of the user and returns
         # base 64 encoded output in a single line
         def encrypt(data)
             Base64::encode64(@private_key.private_encrypt(data)).gsub!(/\n/, '').strip
         # Signs data with the private key of the user and returns
         # base 64 encoded signature in a single line
         def sign(data)
             sig = if @agent
                       b = Net::SSH::Buffer.new(@agent.sign(@public_key, data))
                       b.read_string # remove description
                       b.read_string
                   else
                       @private_key.ssh_do_sign(data)
                   end
             Base64::encode64(sig).gsub!(/\n/, '').strip
         end
         # Decrypts base 64 encoded data with pub_key (public key)
         def decrypt(data)
             @public_key.public_decrypt(Base64::decode64(data))
         # Verify base 64 encoded signature of data with the public key of the
         # user and returns true if signature is valid
         def verify(sig, data)
             @public_key.ssh_do_verify(Base64::decode64(sig), data)
         end
     end
+    -