bug #847: The authentication driver is now not encoded as part of the secret. The base auth driver has been updated to deal with this new protocol

include/AuthManager.h

@@ -342,13 +342,16 @@ public:
      *  Sets the challenge to authenticate an user
      *  @param challenge a driver specific authentication challenge
      */
-    void add_authenticate(const string &_username,
+    void add_authenticate(const string &_driver,
+                          const string &_username,
                           const string &_password,
                           const string &_session)
     {
         username = _username;
         password = _password;
         session  = _session;
+        
+        driver   = _driver;
     }
 
     /**
@@ -500,6 +503,11 @@ private:
      */
     string session;
 
+    /**
+     *  Authentication driver to be used with this request
+     */
+    string driver;
+
     /**
      *  A list of authorization requests
      */

include/AuthManagerDriver.h

@@ -82,12 +82,14 @@ private:
      *  "AUTHENTICATE REQUEST_ID USER_ID USER_NAME PASSWORD XMLRPC_TOKEN"
      *    @param oid an id to identify the request.
      *    @param uid the user id.
+     *    @param auth_driver
      *    @param username
      *    @param password
      *    @param session token from the xml-rpc parameter
      */
     void authenticate(int           oid,
                       int           uid,
+                      const string& auth_driver,
                       const string& username,
                       const string& password,
                       const string& session) const;

src/authm/AuthManager.cc

@@ -283,6 +283,7 @@ void AuthManager::authenticate_action(AuthRequest * ar)
 
     authm_md->authenticate(ar->id,
                            ar->uid,
+                           ar->driver,
                            ar->username,
                            ar->password,
                            ar->session);

src/authm/AuthManagerDriver.cc

@@ -39,6 +39,7 @@ void AuthManagerDriver::authorize(int           oid,
 
 void AuthManagerDriver::authenticate(int           oid,
                                      int           uid,
+                                     const string& driver,
                                      const string& username,
                                      const string& password,
                                      const string& session) const
@@ -47,6 +48,7 @@ void AuthManagerDriver::authenticate(int           oid,
 
     os << "AUTHENTICATE " << oid << " "
                           << uid << " "
+                          << driver << " "
                           << username << " "
                           << password << " "
                           << session  << endl;

src/authm_mad/one_auth_mad.rb

@@ -89,35 +89,27 @@ class AuthDriver < OpenNebulaDriver
     # @param [String] the id for this request, used by OpenNebula core
     #        to identify the request 
     # @param [String] id of the user, "-1" if not in defined in OpenNebula
+    # @param [String] driver to be used
     # @param [Strgin] user filed of the auth string
     # @param [String] password of the user registered in OpenNebula "-" if none
     # @param [String] secret filed of the auth string
-    def authN(request_id, user_id, user, password, secret)
-        #OpenNebula.log_debug("authN: #{request_id} #{user_id} #{password} #{secret}")
+    def authN(request_id, user_id, driver, user, password, secret)
+        #OpenNebula.log_debug("authN: #{request_id} #{user_id} #{driver} #{password} #{secret}")
 
-        secret_attr = secret.split(':')
-
-        if secret_attr.length == 1 
-            protocol = "plain"
-        else
-            protocol = secret_attr[0]
-            secret_attr.shift
-        end
-
-        unless @authN_protocols.include?(protocol)
+        unless @authN_protocols.include?(driver)
             return send_message(
                 ACTION[:authN],
                 RESULT[:failure],
                 request_id,
-                "Authentication protocol '#{protocol}' not available")
+                "Authentication driver '#{driver}' not available")
         end
 
         #build path for the auth action
-        #/var/lib/one/remotes/auth/<protocol>/authenticate
-        authN_path = File.join(@local_scripts_path, protocol)
+        #/var/lib/one/remotes/auth/<driver>/authenticate
+        authN_path = File.join(@local_scripts_path, driver)
         
         command = File.join(authN_path,ACTION[:authN].downcase) 
-        command << ' ' << user << ' ' << password << ' ' << secret_attr.join(' ')
+        command << ' ' << user << ' ' << password << ' ' << secret
 
         local_action(command, request_id, ACTION[:authN])
     end

src/um/UserPool.cc

@@ -232,7 +232,7 @@ bool UserPool::authenticate(const string& session,
 
     User * user = 0;
     string username;
-    string secret, u_secret, u_pass;
+    string u_secret, u_pass;
     string auth_driver;
 
     string tuname;
@@ -289,7 +289,7 @@ bool UserPool::authenticate(const string& session,
     {
         if (user != 0) //no core auth for external users
         {
-            ar.add_authenticate(username,u_pass,u_secret);
+            ar.add_authenticate("",username,u_pass,u_secret);
 
             if (ar.core_authenticate()) 
             {
@@ -305,17 +305,8 @@ bool UserPool::authenticate(const string& session,
     }
     else if ( authm != 0 ) //use auth driver if it was loaded
     {
-        //Compose secret for the user driver
-        if (!auth_driver.empty())
-        {
-            secret =  auth_driver;
-            secret += ":";
-        }
-
-        secret += u_secret;
-
         //Initialize authentication request and call the driver
-        ar.add_authenticate(username,u_pass,secret);
+        ar.add_authenticate(auth_driver,username,u_pass,u_secret);
 
         authm->trigger(AuthManager::AUTHENTICATE,&ar);
         ar.wait();