bug #802: This commit includes

- Comment options in configuration files so default values can use $ONE_LOCATION if defined
- Better check of YAML syntax errors
- Changed some tabs for spaces
- By default the installer creates auth/certificates
(cherry picked from commit 3527bbd1f721d344afca282dab03d84332a72a24)

install.sh

@@ -191,6 +191,7 @@ ETC_DIRS="$ETC_LOCATION/im_kvm \
           $ETC_LOCATION/tm_lvm \
           $ETC_LOCATION/hm \
           $ETC_LOCATION/auth \
+          $ETC_LOCATION/auth/certificates \
           $ETC_LOCATION/ec2query_templates \
           $ETC_LOCATION/occi_templates \
           $ETC_LOCATION/cli"

src/authm_mad/remotes/server/server_auth.conf

@@ -1,4 +1,5 @@
 # Path to the certificate used by the OpenNebula Services
 # Certificates must be in PEM format
-:one_cert: "/etc/one/auth/cert.pem"
-:one_key: "/etc/one/auth/pk.pem"
+
+#:one_cert: "/etc/one/auth/cert.pem"
+#:one_key: "/etc/one/auth/pk.pem"

src/authm_mad/remotes/server/server_auth.rb

@@ -63,7 +63,7 @@ class ServerAuth < X509Auth
         token_txt = "#{user}:#{user_pass}:#{expires}"
 
         token     = encrypt(token_txt)
-	    token64   = Base64::encode64(token).strip.delete("\n")
+        token64   = Base64::encode64(token).strip.delete("\n")
 
         login_out = "#{user}:server:#{token64}"
         
@@ -76,7 +76,7 @@ class ServerAuth < X509Auth
     # auth method for auth_mad
     def authenticate(user, pass, signed_text)
         begin            
-	    # Decryption demonstrates that the user posessed the private key.
+            # Decryption demonstrates that the user posessed the private key.
             _user, user_pass, expires = decrypt(signed_text).split(':')
 
             return "User name missmatch" if user != _user
@@ -85,7 +85,7 @@ class ServerAuth < X509Auth
 
             # Check that the signed password matches one for the user.
             if !pass.split('|').include?(user_pass)
-	            return "User password missmatch"
+                return "User password missmatch"
             end
 
             return true

src/authm_mad/remotes/x509/x509_auth.conf

@@ -1,3 +1,4 @@
 # Path to the trusted CA directory. It should contain the trusted CA's for
 # the server, each CA certificate shoud be name CA_hash.0
-:ca_dir: "/etc/one/auth/certificates"
+
+#:ca_dir: "/etc/one/auth/certificates"

src/authm_mad/remotes/x509/x509_auth.rb

@@ -91,17 +91,17 @@ class X509Auth
     def login_token(user, expire)
         if expire != 0
             expires = Time.now.to_i + expire.to_i
-	    else
-	        expires = @cert_chain[0].not_after.to_i
-	    end
+        else
+            expires = @cert_chain[0].not_after.to_i
+        end
         
         text_to_sign = "#{user}:#{expires}"
         signed_text  = encrypt(text_to_sign)
 
         certs_pem = @cert_chain.collect{|cert| cert.to_pem}.join(":")
 
-	    token     = "#{signed_text}:#{certs_pem}"	
-	    token64   = Base64::encode64(token).strip.delete("\n")
+        token     = "#{signed_text}:#{certs_pem}"	
+        token64   = Base64::encode64(token).strip.delete("\n")
 
         login_out = "#{user}:x509:#{token64}"
         
@@ -114,23 +114,25 @@ class X509Auth
     # auth method for auth_mad
     def authenticate(user, pass, signed_text)
         begin            
-	    # Decryption demonstrates that the user posessed the private key.
+            # Decryption demonstrates that the user posessed the private key.
             _user, expires = decrypt(signed_text).split(':')
 
             return "User name missmatch" if user != _user
 
             return "x509 proxy expired"  if Time.now.to_i >= expires.to_i
 
-	    # Some DN in the chain must match a DN in the password	    
-	    dn_ok = @cert_chain.each do |cert|
-                break true if pass.split('|').include?(cert.subject.to_s.delete("\s"))
+            # Some DN in the chain must match a DN in the password	    
+            dn_ok = @cert_chain.each do |cert|
+                if pass.split('|').include?(cert.subject.to_s.delete("\s"))
+                    break true
+                end
             end
-	    
-	    unless dn_ok == true
-	        return "Certificate subject missmatch"
+    
+            unless dn_ok == true
+                return "Certificate subject missmatch"
             end
-	    
-	    validate
+    
+            validate
 
             return true
         rescue => e
@@ -159,9 +161,10 @@ private
     # Load class options form a configuration file (yaml syntax)
     def load_options(conf_file)
         if File.readable?(conf_file)
-            config = File.read(conf_file)
-             
-            @options.merge!(YAML::load(config))
+            conf_txt = File.read(conf_file)
+            conf_opt = YAML::load(conf_txt)
+
+            @options.merge!(conf_opt) if conf_opt != false
         end
     end
 
@@ -184,7 +187,7 @@ private
     # Validate the user certificate
     ###########################################################################
     def validate
- 	now    = Time.now
+        now    = Time.now
         failed = "Could not validate user credentials: "
 
         # Check start time and end time of certificates
@@ -196,10 +199,10 @@ private
         end 
 
         begin
-	    # Validate the proxy certifcates
+            # Validate the proxy certifcates
             signee = @cert_chain[0]
 
-	        @cert_chain[1..-1].each do |cert|
+            @cert_chain[1..-1].each do |cert|
                 if !((signee.issuer.to_s == cert.subject.to_s) &&
                      (signee.verify(cert.public_key)))
                     raise  failed + signee.subject.to_s + " with issuer " +
@@ -210,7 +213,7 @@ private
             end
 
             # Validate the End Entity certificate
-	        if !@options[:ca_dir]
+            if !@options[:ca_dir]
                 raise failed + "No certifcate authority directory was specified." 
             end