diff --git a/src/cli/one_helper/oneuser_helper.rb b/src/cli/one_helper/oneuser_helper.rb index 24f2fd87e1..05255add83 100644 --- a/src/cli/one_helper/oneuser_helper.rb +++ b/src/cli/one_helper/oneuser_helper.rb @@ -47,6 +47,67 @@ class OneUserHelper < OpenNebulaHelper::OneHelper return 0, password end + def password(options) + if options[:ssh] + require 'ssh_auth' + + options[:key] ||= ENV['HOME']+'/.ssh/id_rsa' + + begin + sshauth = SshAuth.new(:private_key=>options[:key]) + rescue Exception => e + return -1, e.message + end + + return 0, sshauth.public_key + elsif options[:x509] + require 'x509_auth' + + options[:cert] ||= ENV['X509_USER_CERT'] + + begin + x509auth = X509Auth.new(:cert=>options[:cert]) + rescue Exception => e + return -1, e.message + end + + return 0, x509auth.dn + else + return -1, "You have to specify an Auth method or define a password" + end + end + + def login(username, options) + if options[:ssh] + require 'ssh_auth' + + options[:key] ||= ENV['HOME']+'/.ssh/id_rsa' + + begin + auth = SshAuth.new(:private_key=>options[:key]) + rescue Exception => e + return -1, e.message + end + elsif options[:x509] + require 'x509_auth' + + options[:cert] ||= ENV['X509_USER_CERT'] + options[:key] ||= ENV['X509_USER_KEY'] + + begin + auth = X509Auth.new(:cert=>options[:cert], :key=>options[:key]) + rescue Exception => e + return -1, e.message + end + else + return -1, "You have to specify an Auth method" + end + + auth.login(username, options[:time]) + + return 0, 'export ONE_AUTH=' << auth.class::PROXY_PATH + end + private def factory(id=nil) diff --git a/src/cli/oneuser b/src/cli/oneuser index ffb4346786..2273562ed7 100755 --- a/src/cli/oneuser +++ b/src/cli/oneuser @@ -59,7 +59,42 @@ cmd=CommandParser::CmdParser.new(ARGV) do :description => "Store plain password" } - create_options = [READ_FILE, PLAIN] + SSH={ + :name => "ssh", + :large => "--ssh", + :description => "SSH Auth system" + } + + X509={ + :name => "x509", + :large => "--x509", + :description => "x509 Auth system" + } + + KEY={ + :name => "key", + :short => "-k private_key", + :large => "--key private_key", + :format => String, + :description => "Path to the Private Key of the User" + } + + CERT={ + :name => "cert", + :large => "--cert s", + :format => String, + :description => "Path to the Certificate of the User" + } + + TIME={ + :name => "time", + :large => "--time x", + :format => Integer, + :description => "Token duration in hours, (default 1)" + } + + create_options = [READ_FILE, PLAIN, SSH, X509, KEY, CERT] + login_options = [SSH, X509, KEY, CERT, TIME] ######################################################################## # Formatters for arguments @@ -86,13 +121,42 @@ cmd=CommandParser::CmdParser.new(ARGV) do create_desc = <<-EOT.unindent Creates a new User + Examples: + oneuser create my_user my_password + oneuser create my_user /tmp/mypass -r + oneuser create my_user --ssh --key /tmp/id_rsa + oneuser create my_user --x509 --cert /tmp/my_cert.pem EOT - command :create, create_desc, :username, :password, + command :create, create_desc, :username, [:password, nil], :options=>create_options do - helper.create_resource(options) do |user| - user.allocate(args[0], args[1]) + if args[1].nil? + rc = helper.password(options) + if rc.first == 0 + pass = rc[1] + else + exit_with_code *rc + end + else + pass = args[1] end + + helper.create_resource(options) do |user| + user.allocate(args[0], pass) + end + end + + login_desc = <<-EOT.unindent + Creates the Login token for authentication + Examples: + oneuser login my_user --ssh --key /tmp/id_rsa --time 72000 + oneuser login my_user --x509 --cert /tmp/my_cert.pem \ + --key /tmp/my_key.pk --time 72000 + EOT + + command :login, login_desc, :username, [:password, nil], + :options=>create_options do + helper.login(args[0], options) end delete_desc = <<-EOT.unindent