From 24350486125264c025ec046f83e127977fc217ca Mon Sep 17 00:00:00 2001 From: Daniel Molina Date: Wed, 26 Oct 2011 12:16:55 +0200 Subject: [PATCH] bug #847: Add sha1 option and driver helpers --- src/cli/one_helper/oneuser_helper.rb | 44 ++++++++++------------------ src/cli/oneuser | 38 ++++++++++++++---------- src/oca/ruby/OpenNebula/User.rb | 5 +++- 3 files changed, 43 insertions(+), 44 deletions(-) diff --git a/src/cli/one_helper/oneuser_helper.rb b/src/cli/one_helper/oneuser_helper.rb index 930f719e2e..e2c052441d 100644 --- a/src/cli/one_helper/oneuser_helper.rb +++ b/src/cli/one_helper/oneuser_helper.rb @@ -40,15 +40,17 @@ class OneUserHelper < OpenNebulaHelper::OneHelper password = arg end - if options[:x509] - password.delete!("\s") + if options[:sha1] + require 'digest/sha1' + password = Digest::SHA1.hexdigest(password) end return 0, password end def password(options) - if options[:ssh] + case options[:driver] + when OpenNebula::User::SSH_AUTH if !options[:key] return -1, "You have to specify the --key option" end @@ -60,7 +62,7 @@ class OneUserHelper < OpenNebulaHelper::OneHelper rescue Exception => e return -1, e.message end - elsif options[:x509] + when OpenNebula::User::X509_AUTH options[:cert] ||= ENV['X509_USER_CERT'] if !options[:cert] @@ -82,23 +84,9 @@ class OneUserHelper < OpenNebulaHelper::OneHelper return 0, auth.password end - # Returns the driver to be used for 'oneuser create' - # @param options [Hash] oneuser command options - # @return [String] the authentication driver to use - def driver(options) - if options[:driver] - return options[:driver] - elsif options[:ssh] - return OpenNebula::User::SSH_AUTH - elsif options[:x509] - return OpenNebula::User::X509_AUTH - else - return OpenNebula::User::CORE_AUTH - end - end - def self.login(username, options) - if options[:ssh] + case options[:driver] + when OpenNebula::User::SSH_AUTH require 'ssh_auth' options[:key] ||= ENV['HOME']+'/.ssh/id_rsa' @@ -108,7 +96,7 @@ class OneUserHelper < OpenNebulaHelper::OneHelper rescue Exception => e return -1, e.message end - elsif options[:x509] + when OpenNebula::User::X509_AUTH require 'x509_auth' options[:cert] ||= ENV['X509_USER_CERT'] @@ -122,12 +110,12 @@ class OneUserHelper < OpenNebulaHelper::OneHelper rescue Exception => e return -1, e.message end - elsif options[:x509_proxy] + when OpenNebula::User::X509_PROXY_AUTH require 'x509_auth' options[:proxy] ||= ENV['X509_PROXY_CERT'] - - begin + + begin proxy = File.read(options[:proxy]) certs = proxy.scan(/(-+BEGIN CERTIFICATE-+\n[^-]*\n-+END CERTIFICATE-+)/) @@ -143,10 +131,10 @@ class OneUserHelper < OpenNebulaHelper::OneHelper else return -1, "You have to specify an Auth method" end - + options[:time] ||= 3600 - auth.login(username, options[:time]) + auth.login(username, Time.now+options[:time]) return 0, 'export ONE_AUTH=' << auth.class::LOGIN_PATH end @@ -180,9 +168,9 @@ class OneUserHelper < OpenNebulaHelper::OneHelper puts str % ["ENABLED", OpenNebulaHelper.boolean_to_str(user['ENABLED'])] - + puts - + CLIHelper.print_header(str_h1 % "USER TEMPLATE",false) puts user.template_str end diff --git a/src/cli/oneuser b/src/cli/oneuser index b1c6970c1b..3f2cd5f9bb 100755 --- a/src/cli/oneuser +++ b/src/cli/oneuser @@ -50,22 +50,38 @@ cmd=CommandParser::CmdParser.new(ARGV) do :description => "Read password from file" } + SHA1={ + :name => "sha1", + :short => "-s", + :large => "--sha1", + :description => "The password will be hashed using the sha1 algorithm" + } + SSH={ :name => "ssh", :large => "--ssh", - :description => "SSH Auth system" + :description => "SSH Auth system", + :proc => lambda { |o, options| + options[:driver] = OpenNebula::User::SSH_AUTH + } } X509={ :name => "x509", :large => "--x509", - :description => "x509 Auth system for x509 certificates" + :description => "x509 Auth system for x509 certificates", + :proc => lambda { |o, options| + options[:driver] = OpenNebula::User::X509_AUTH + } } X509_PROXY={ :name => "x509_proxy", :large => "--x509_proxy", - :description => "x509 Auth system based on x509 proxy certificates" + :description => "x509 Auth system based on x509 proxy certificates", + :proc => lambda { |o, options| + options[:driver] = OpenNebula::User::X509_PROXY_AUTH + } } KEY={ @@ -98,15 +114,7 @@ cmd=CommandParser::CmdParser.new(ARGV) do :description => "Token duration in seconds, defaults to 3600 (1 h)" } - DRIVER={ - :name => "driver", - :short => "-d driver_name", - :large => "--driver driver_name", - :format => String, - :description => "Authentication driver to be used with this user" - } - - create_options = [READ_FILE, SSH, X509, KEY, CERT, DRIVER] + create_options = [READ_FILE, SHA1, SSH, X509, KEY, CERT] login_options = [SSH, X509, X509_PROXY, KEY, CERT, PROXY, TIME] ######################################################################## @@ -138,7 +146,7 @@ cmd=CommandParser::CmdParser.new(ARGV) do Creates a new User Examples: oneuser create my_user my_password - oneuser create my_user -r /tmp/mypass + oneuser create my_user -r /tmp/mypass oneuser create my_user --ssh --key /tmp/id_rsa -d ssh oneuser create my_user --ssh -r /tmp/public_key -d ssh oneuser create my_user --x509 --cert /tmp/my_cert.pem -d x509 @@ -159,7 +167,7 @@ cmd=CommandParser::CmdParser.new(ARGV) do end end - driver = helper.driver(options) + driver = options[:driver] || OpenNebula::User::CORE helper.create_resource(options) do |user| user.allocate(args[0], pass, driver) @@ -172,7 +180,7 @@ cmd=CommandParser::CmdParser.new(ARGV) do command :update, update_desc, :userid do helper = OneUserHelper.new - + helper.perform_action(args[0],options,"modified") do |user| str = OpenNebulaHelper.update_template(args[0], user) user.update(str) diff --git a/src/oca/ruby/OpenNebula/User.rb b/src/oca/ruby/OpenNebula/User.rb index ed104a17f0..e9b44e8cef 100644 --- a/src/oca/ruby/OpenNebula/User.rb +++ b/src/oca/ruby/OpenNebula/User.rb @@ -34,7 +34,7 @@ module OpenNebula } SELF = -1 - + # Driver name for default core authentication CORE_AUTH = "core" @@ -44,6 +44,9 @@ module OpenNebula # Driver name for x509 authentication X509_AUTH = "x509" + # Driver name for x509 proxy authentication + X509_PROXY_AUTH = "x509_proxy" + # Creates a User description with just its identifier # this method should be used to create plain User objects. # +id+ the id of the user