diff --git a/install.sh b/install.sh index 9bde8267e5..685fbf2f20 100755 --- a/install.sh +++ b/install.sh @@ -703,10 +703,10 @@ TM_LVM_ETC_FILES="src/tm_mad/lvm/tm_lvm.conf \ HM_ETC_FILES="src/hm_mad/hmrc" #------------------------------------------------------------------------------- -# Hook Manager driver config. files, to be installed under $ETC_LOCATION/hm +# Auth Manager drivers config. files, to be installed under $ETC_LOCATION/auth #------------------------------------------------------------------------------- -AUTH_ETC_FILES="src/authm_mad/auth.conf" +AUTH_ETC_FILES="src/authm_mad/remotes/server/server_auth.conf" #------------------------------------------------------------------------------- # Sample files, to be installed under $SHARE_LOCATION/examples diff --git a/src/authm_mad/auth.conf b/src/authm_mad/auth.conf deleted file mode 100644 index 8efb6a6678..0000000000 --- a/src/authm_mad/auth.conf +++ /dev/null @@ -1,8 +0,0 @@ -:database: sqlite://auth.db -:authentication: simple -:quota: - :enabled: false - :defaults: - :cpu: 10.0 - :memory: 1048576 - :num_vms: 10 \ No newline at end of file diff --git a/src/authm_mad/remotes/server/authenticate b/src/authm_mad/remotes/server/authenticate index 5cb282c1d8..20f0a2ebe8 100755 --- a/src/authm_mad/remotes/server/authenticate +++ b/src/authm_mad/remotes/server/authenticate @@ -39,8 +39,9 @@ secret = ARGV[2] # Base64 encoded secret as obtained from login_token begin server_auth = ServerAuth.new + dsecret = Base64::decode64(secret) - rc = server_auth.authenticate(user, pass, secret) + rc = server_auth.authenticate(user, pass, dsecret) rescue => e OpenNebula.error_message e.message exit -1 diff --git a/src/authm_mad/remotes/server/server_auth.conf b/src/authm_mad/remotes/server/server_auth.conf new file mode 100644 index 0000000000..2eb8e0dc92 --- /dev/null +++ b/src/authm_mad/remotes/server/server_auth.conf @@ -0,0 +1,8 @@ +# Path to the certificate used by the OpenNebula Services +# Certificates must be in PEM format +:one_cert: "/etc/one/auth/cert.pem" +:one_key: "/etc/one/auth/pk.pem" + +# Path to the trusted CA directory. It should contain the trusted CA's for +# the server, each CA certificate shoud be name CA_hash.0 +:ca_dir: diff --git a/src/authm_mad/remotes/server/server_auth.rb b/src/authm_mad/remotes/server/server_auth.rb index 0f699bef2d..441d2905e9 100644 --- a/src/authm_mad/remotes/server/server_auth.rb +++ b/src/authm_mad/remotes/server/server_auth.rb @@ -17,18 +17,7 @@ require 'openssl' require 'base64' require 'fileutils' - -ONE_LOCATION=ENV["ONE_LOCATION"] - -if !ONE_LOCATION - RUBY_LIB_LOCATION="/usr/lib/one/ruby" - ETC_LOCATION="/etc/one/" -else - RUBY_LIB_LOCATION=ONE_LOCATION+"/lib/ruby" - ETC_LOCATION=ONE_LOCATION+"/etc/" -end - -$: << RUBY_LIB_LOCATION +require 'yaml' require 'x509_auth' @@ -65,10 +54,8 @@ class ServerAuth < X509Auth end begin - certs = Array.new - certs[0] = File.read(@options[:host_cert]) - - key = File.read(@options[:host_key]) + certs = [ File.read(@options[:one_cert]) ] + key = File.read(@options[:one_key]) super(:certs_pem => certs, :key_pem => key,