From 48c0e0654497a0736fb76e15d8a422f68d181ee4 Mon Sep 17 00:00:00 2001 From: "Ruben S. Montero" Date: Fri, 26 Aug 2011 16:34:17 +0200 Subject: [PATCH 1/3] feature #754: Fix bugs for server authN --- src/authm_mad/remotes/server/authenticate | 3 ++- src/authm_mad/remotes/server/server_auth.rb | 18 ++---------------- 2 files changed, 4 insertions(+), 17 deletions(-) diff --git a/src/authm_mad/remotes/server/authenticate b/src/authm_mad/remotes/server/authenticate index 5cb282c1d8..20f0a2ebe8 100755 --- a/src/authm_mad/remotes/server/authenticate +++ b/src/authm_mad/remotes/server/authenticate @@ -39,8 +39,9 @@ secret = ARGV[2] # Base64 encoded secret as obtained from login_token begin server_auth = ServerAuth.new + dsecret = Base64::decode64(secret) - rc = server_auth.authenticate(user, pass, secret) + rc = server_auth.authenticate(user, pass, dsecret) rescue => e OpenNebula.error_message e.message exit -1 diff --git a/src/authm_mad/remotes/server/server_auth.rb b/src/authm_mad/remotes/server/server_auth.rb index 0f699bef2d..23bca5819c 100644 --- a/src/authm_mad/remotes/server/server_auth.rb +++ b/src/authm_mad/remotes/server/server_auth.rb @@ -18,18 +18,6 @@ require 'openssl' require 'base64' require 'fileutils' -ONE_LOCATION=ENV["ONE_LOCATION"] - -if !ONE_LOCATION - RUBY_LIB_LOCATION="/usr/lib/one/ruby" - ETC_LOCATION="/etc/one/" -else - RUBY_LIB_LOCATION=ONE_LOCATION+"/lib/ruby" - ETC_LOCATION=ONE_LOCATION+"/etc/" -end - -$: << RUBY_LIB_LOCATION - require 'x509_auth' # Server authentication class. This authmethod can be used by opennebula services @@ -65,10 +53,8 @@ class ServerAuth < X509Auth end begin - certs = Array.new - certs[0] = File.read(@options[:host_cert]) - - key = File.read(@options[:host_key]) + certs = [ File.read(@options[:one_cert]) ] + key = File.read(@options[:one_key]) super(:certs_pem => certs, :key_pem => key, From 1b1d4f900aecdffe0ae62233a6ad77337e58c041 Mon Sep 17 00:00:00 2001 From: "Ruben S. Montero" Date: Fri, 26 Aug 2011 16:41:56 +0200 Subject: [PATCH 2/3] feature #754: Missing require --- src/authm_mad/remotes/server/server_auth.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/src/authm_mad/remotes/server/server_auth.rb b/src/authm_mad/remotes/server/server_auth.rb index 23bca5819c..441d2905e9 100644 --- a/src/authm_mad/remotes/server/server_auth.rb +++ b/src/authm_mad/remotes/server/server_auth.rb @@ -17,6 +17,7 @@ require 'openssl' require 'base64' require 'fileutils' +require 'yaml' require 'x509_auth' From 4c9f95ad58d5e932636f807aaeeeb08f8e6e0de4 Mon Sep 17 00:00:00 2001 From: "Ruben S. Montero" Date: Fri, 26 Aug 2011 16:51:13 +0200 Subject: [PATCH 3/3] Feature #754: Update configuration files --- install.sh | 4 ++-- src/authm_mad/auth.conf | 8 -------- src/authm_mad/remotes/server/server_auth.conf | 8 ++++++++ 3 files changed, 10 insertions(+), 10 deletions(-) delete mode 100644 src/authm_mad/auth.conf create mode 100644 src/authm_mad/remotes/server/server_auth.conf diff --git a/install.sh b/install.sh index 9bde8267e5..685fbf2f20 100755 --- a/install.sh +++ b/install.sh @@ -703,10 +703,10 @@ TM_LVM_ETC_FILES="src/tm_mad/lvm/tm_lvm.conf \ HM_ETC_FILES="src/hm_mad/hmrc" #------------------------------------------------------------------------------- -# Hook Manager driver config. files, to be installed under $ETC_LOCATION/hm +# Auth Manager drivers config. files, to be installed under $ETC_LOCATION/auth #------------------------------------------------------------------------------- -AUTH_ETC_FILES="src/authm_mad/auth.conf" +AUTH_ETC_FILES="src/authm_mad/remotes/server/server_auth.conf" #------------------------------------------------------------------------------- # Sample files, to be installed under $SHARE_LOCATION/examples diff --git a/src/authm_mad/auth.conf b/src/authm_mad/auth.conf deleted file mode 100644 index 8efb6a6678..0000000000 --- a/src/authm_mad/auth.conf +++ /dev/null @@ -1,8 +0,0 @@ -:database: sqlite://auth.db -:authentication: simple -:quota: - :enabled: false - :defaults: - :cpu: 10.0 - :memory: 1048576 - :num_vms: 10 \ No newline at end of file diff --git a/src/authm_mad/remotes/server/server_auth.conf b/src/authm_mad/remotes/server/server_auth.conf new file mode 100644 index 0000000000..2eb8e0dc92 --- /dev/null +++ b/src/authm_mad/remotes/server/server_auth.conf @@ -0,0 +1,8 @@ +# Path to the certificate used by the OpenNebula Services +# Certificates must be in PEM format +:one_cert: "/etc/one/auth/cert.pem" +:one_key: "/etc/one/auth/pk.pem" + +# Path to the trusted CA directory. It should contain the trusted CA's for +# the server, each CA certificate shoud be name CA_hash.0 +:ca_dir: