Merge branch 'feature-754' of git.opennebula.org:one into feature-754

2025-03-21 14:50:08 +03:00 · 2011-08-26 19:08:53 +02:00 · 2011-08-26 19:08:53 +02:00 · 1c875dd438
commit 1c875dd438
parent c6e8767f3b 4c9f95ad58
5 changed files with 15 additions and 27 deletions
--- a/install.sh
+++ b/install.sh
@ -703,10 +703,10 @@ TM_LVM_ETC_FILES="src/tm_mad/lvm/tm_lvm.conf \
 HM_ETC_FILES="src/hm_mad/hmrc"

 #-------------------------------------------------------------------------------
-# Hook Manager driver config. files, to be installed under $ETC_LOCATION/hm
+# Auth Manager drivers config. files, to be installed under $ETC_LOCATION/auth
 #-------------------------------------------------------------------------------

-AUTH_ETC_FILES="src/authm_mad/auth.conf"
+AUTH_ETC_FILES="src/authm_mad/remotes/server/server_auth.conf"

 #-------------------------------------------------------------------------------
 # Sample files, to be installed under $SHARE_LOCATION/examples
--- a/src/authm_mad/auth.conf
+++ b/src/authm_mad/auth.conf
@ -1,8 +0,0 @@
-:database: sqlite://auth.db
-:authentication: simple
-:quota:
-  :enabled: false
-  :defaults:
-    :cpu: 10.0
-    :memory: 1048576
-    :num_vms: 10
--- a/src/authm_mad/remotes/server/authenticate
+++ b/src/authm_mad/remotes/server/authenticate
@ -39,8 +39,9 @@ secret = ARGV[2] # Base64 encoded secret as obtained from login_token

 begin
    server_auth = ServerAuth.new
+    dsecret     = Base64::decode64(secret)

-    rc = server_auth.authenticate(user, pass, secret)
+    rc = server_auth.authenticate(user, pass, dsecret)
 rescue => e
    OpenNebula.error_message e.message
    exit -1
--- a/src/authm_mad/remotes/server/server_auth.conf
+++ b/src/authm_mad/remotes/server/server_auth.conf
@ -0,0 +1,8 @@
+# Path to the certificate used by the OpenNebula Services
+# Certificates must be in PEM format
+:one_cert: "/etc/one/auth/cert.pem"
+:one_key: "/etc/one/auth/pk.pem"
+
+# Path to the trusted CA directory. It should contain the trusted CA's for
+# the server, each CA certificate shoud be name CA_hash.0
+:ca_dir: 
--- a/src/authm_mad/remotes/server/server_auth.rb
+++ b/src/authm_mad/remotes/server/server_auth.rb
@ -17,18 +17,7 @@
 require 'openssl'
 require 'base64'
 require 'fileutils'
-
-ONE_LOCATION=ENV["ONE_LOCATION"]
-
-if !ONE_LOCATION
-    RUBY_LIB_LOCATION="/usr/lib/one/ruby"
-    ETC_LOCATION="/etc/one/"
-else
-    RUBY_LIB_LOCATION=ONE_LOCATION+"/lib/ruby"
-    ETC_LOCATION=ONE_LOCATION+"/etc/"
-end
-
-$: << RUBY_LIB_LOCATION
+require 'yaml'

 require 'x509_auth'

@ -65,10 +54,8 @@ class ServerAuth < X509Auth
        end
        
        begin
-            certs    = Array.new
-            certs[0] = File.read(@options[:host_cert])
-
-            key = File.read(@options[:host_key])
+            certs = [ File.read(@options[:one_cert]) ]
+            key   =   File.read(@options[:one_key])

            super(:certs_pem => certs, 
                  :key_pem   => key,