Revision 0dc421ea

View differences:

install.sh
288 288
                src/authm_mad/one_usage.rb \
289 289
                src/authm_mad/quota.rb \
290 290
                src/authm_mad/simple_auth.rb \
291
                src/authm_mad/simple_permissions.rb"
291
                src/authm_mad/simple_permissions.rb \
292
                src/authm_mad/ssh_auth.rb"
292 293

  
293 294
RUBY_OPENNEBULA_LIB_FILES="src/oca/ruby/OpenNebula/Host.rb \
294 295
                           src/oca/ruby/OpenNebula/HostPool.rb \
src/authm_mad/one_auth_mad.rb
36 36
require 'simple_permissions'
37 37
require 'yaml'
38 38
require 'sequel'
39
require 'ssh_auth'
39 40

  
40 41
class AuthorizationManager < OpenNebulaDriver
41 42
    def initialize
......
50 51
        database_url=@config[:database]
51 52
        @db=Sequel.connect(database_url)
52 53
        
53
        @authenticate=SimpleAuth.new
54
        #@authenticate=SimpleAuth.new
55
        @authenticate=SshAuth.new
54 56
        @permissions=SimplePermissions.new(@db, OpenNebula::Client.new,
55 57
            @config)
56 58
        
......
59 61
    end
60 62
    
61 63
    def action_authenticate(request_id, user_id, user, password, token)
64
        STDERR.puts [user_id, user, password, token].inspect
62 65
        auth=@authenticate.auth(user_id, user, password, token)
63 66
        if auth==true
64 67
            send_message('AUTHENTICATE', RESULT[:success],
src/authm_mad/oneauth
1
#!/usr/bin/env ruby
2

  
3
# -------------------------------------------------------------------------- #
4
# Copyright 2002-2010, OpenNebula Project Leads (OpenNebula.org)             #
5
#                                                                            #
6
# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
7
# not use this file except in compliance with the License. You may obtain    #
8
# a copy of the License at                                                   #
9
#                                                                            #
10
# http://www.apache.org/licenses/LICENSE-2.0                                 #
11
#                                                                            #
12
# Unless required by applicable law or agreed to in writing, software        #
13
# distributed under the License is distributed on an "AS IS" BASIS,          #
14
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
15
# See the License for the specific language governing permissions and        #
16
# limitations under the License.                                             #
17
#--------------------------------------------------------------------------- #
18

  
19
ONE_LOCATION=ENV["ONE_LOCATION"]
20

  
21
if !ONE_LOCATION
22
    RUBY_LIB_LOCATION="/usr/lib/one/ruby"
23
    ETC_LOCATION="/etc/one/"
24
    VAR_LOCATION="/var/lib/one"
25
else
26
    RUBY_LIB_LOCATION=ONE_LOCATION+"/lib/ruby"
27
    ETC_LOCATION=ONE_LOCATION+"/etc/"
28
    VAR_LOCATION="#{ONE_LOCATION}/var"
29
end
30

  
31
$: << RUBY_LIB_LOCATION
32

  
33

  
34
require 'OpenNebula'
35
require 'client_utilities'
36
require 'command_parse'
37

  
38
require 'rubygems'
39
require 'sequel'
40
require 'quota'
41
require 'ssh_auth'
42

  
43
class OneAuthCli < CommandParse
44
    
45
    COMMANDS_HELP=<<-EOT
46
Commands:
47

  
48
* create (Creates a new user)
49
    oneuser create username password
50
    
51
* delete (Removes a user)
52
    oneuser delete <id>
53
    
54
* list (Lists all the users in the pool)
55
    oneuser list
56

  
57
EOT
58

  
59
    def text_commands
60
        COMMANDS_HELP
61
    end
62

  
63
    def text_command_name
64
        "oneauth"
65
    end
66

  
67
    def list_options
68
        table=ShowTable.new(ShowTableUP)
69
        table.print_help
70
    end
71

  
72
end
73

  
74
def get_database
75
    config_data=File.read(ETC_LOCATION+'/auth/auth.conf')
76
    config=YAML::load(config_data)
77
    
78
    database_url=config[:database]
79
    db=Sequel.connect(database_url)
80
end
81

  
82
def add_quota(uid, cpu, memory)
83
    db=get_database
84
    quota=Quota.new(db, OpenNebula::Client.new)
85
    quota.set(uid.to_i, cpu.to_f, memory.to_i, nil)
86
end
87

  
88
oneauth_opts=OneAuthCli.new
89
oneauth_opts.parse(ARGV)
90
ops=oneauth_opts.options
91

  
92
result=[false, "Unknown error"]
93

  
94
command=ARGV.shift
95

  
96
case command
97
when "quota"
98
    check_parameters("quota", 1)
99
    
100
    case ARGV[0].downcase
101
    when 'set'
102
        check_parameters("quota set", 3)
103
        Dir.chdir VAR_LOCATION
104
        add_quota(*ARGV[1..3])
105
    else
106
        #default
107
    end
108
    
109
    exit 0
110
    
111
when "login"
112
    check_parameters("login", 1)
113
    
114
    user=ARGV[0]
115
    time=ARGV[1]
116
    
117
    if time
118
        time=time.to_i
119
    else
120
        time=3600
121
    end
122
    
123
    ssh=SshAuth.new
124
    ssh.login(user, time)
125
    
126
when "create"
127
    user=OpenNebula::User.new(
128
        OpenNebula::User.build_xml, OpenNebula::Client.new)
129
    password = ARGV[1]
130
    
131
    pp [ARGV[0], ARGV[1]]
132
    
133
    result=user.allocate(ARGV[0], password)
134
    if !OpenNebula.is_error?(result)
135
        puts "ID: " + user.id.to_s if ops[:verbose]
136
        exit 0
137
    end
138
    
139
when "key"
140
    ssh=SshAuth.new
141
    puts ssh.extract_public_key
142
    
143
    exit 0
144
    
145
else
146
    oneauth_opts.print_help
147
    exit -1
148
end
149

  
150
if OpenNebula.is_error?(result)
151
    puts "Error: " + result.message
152
    exit -1
153
end
src/authm_mad/quota.rb
68 68
        }
69 69

  
70 70
        quotas=@table.filter(:uid => uid)
71
        pp quotas.first
71 72
        
72 73
        if quotas.first
74
            STDERR.puts "updating"
73 75
            quotas.update(data)
74 76
        else
77
            STDERR.puts "inserting"
75 78
            @table.insert(data.merge!(:uid => uid))
76 79
        end
77 80
    end
src/authm_mad/ssh_auth.rb
1

  
2
require 'pp'
3
require 'openssl'
4
require 'base64'
5
require 'fileutils'
6

  
7
class SshAuth
8
    
9
    def get_priv_key
10
        path=ENV['HOME']+'/.ssh/id_rsa'
11
        File.read(path)
12
    end
13
    
14
    def get_proxy_file
15
        proxy_dir=ENV['HOME']+'/.one'
16
        begin
17
            FileUtils.mkdir_p(proxy_dir)
18
        rescue Errno::EEXIST
19
        end
20
        
21
        File.open(proxy_dir+'/one_ssh', "w")
22
    end
23
    
24
    def encrypt(data)
25
        rsa=OpenSSL::PKey::RSA.new(get_priv_key)
26
        Base64::encode64(rsa.private_encrypt(data)).gsub!(/\n/, '').strip
27
    end
28
    
29
    def decrypt(data, pub_key)
30
        rsa=OpenSSL::PKey::RSA.new(Base64::decode64(pub_key))
31
        rsa.public_decrypt(Base64::decode64(data))
32
    end
33
    
34
    def extract_public_key
35
        key=OpenSSL::PKey::RSA.new(get_priv_key)
36
        public_key=key.public_key.to_pem.split("\n")
37
        public_key.reject {|l| l.match(/RSA PUBLIC KEY/) }.join('')
38
    end
39
    
40
    def login(user, expire=3600)
41
        time=Time.now.to_i+expire
42
        proxy_text="#{user}:#{time}"
43
        proxy_crypted=encrypt(proxy_text)
44
        proxy="#{user}:ssh:#{proxy_crypted}"
45
        file=get_proxy_file
46
        file.write(proxy)
47
        file.close
48
        
49
        puts "export ONE_AUTH=#{ENV['HOME']}/.one/one_ssh"
50
        
51
        proxy_crypted
52
    end
53
    
54
    def auth(user_id, user, password, token)
55
        begin
56
            decrypted=decrypt(token, password)
57
        
58
            username, time=decrypted.split(':')
59
            
60
            pp [username, time]
61
        
62
            if user==username
63
                if Time.now.to_i>=time.to_i
64
                    "proxy expired, login again"
65
                else
66
                    true
67
                end
68
            else
69
                "invalid credentials"
70
            end
71
        rescue
72
            "error"
73
        end
74
    end
75
    
76
end
77

  
78
#pub_key="MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAyspEH4KiKRX625j4knzQueD2IRxkJlvT7O777Q18105kqDhhPYW5RtvxKWFqhUAQPPd2cjLkJ1bmk4JJuDk4rJWN0KEmB14JWB68u+YAv+u3NWCw0StDf25hRf+iN9dBf+WOt9brTpLGBF1BPtHY0+XkC/DnVhPbCxz5dvptSW8ajmpRS+u1qQIyyv9/bucDIoBvHmiA10ydBoQYwMOHk3U+ONJrgniph01tYfeQqLIngG86yaauadp8CqScRhPZdvtbBIhbxghrE/AfhXhWNti0cPbTZTWc2teXHkiwq//JIyIl29oZjmr3jcAZT8j2e5kJzKSS6RxrGdmR66fSkwIBIw=="
79

  
80
#ssh=SshAuth.new
81
#pp data=ssh.encrypt("hola cucucucucuc #{Time.now.to_i}")
82
#pp ssh.decrypt(data, pub_key)
83

  
84
#pp ssh.decrypt(ssh.login("jfontan", 0), pub_key)
85

  
src/oca/ruby/OpenNebula.rb
84 84

  
85 85

  
86 86
            one_secret=~/^(.+?):(.+)$/
87
            @one_auth  = "#{$1}:#{Digest::SHA1.hexdigest($2)}"
87
            user=$1
88
            password=$2
89
            
90
            if password.match(/^ssh:/)
91
                @one_auth = "#{user}:#{password.split(':').last}"
92
            else
93
                @one_auth = "#{user}:#{Digest::SHA1.hexdigest(password)}"
94
            end
88 95

  
89 96
            if endpoint
90 97
                @one_endpoint=endpoint

Also available in: Unified diff