diff --git a/src/sunstone/models/SunstoneServer.rb b/src/sunstone/models/SunstoneServer.rb index 3d72294114..04d0a249c2 100644 --- a/src/sunstone/models/SunstoneServer.rb +++ b/src/sunstone/models/SunstoneServer.rb @@ -312,7 +312,7 @@ class SunstoneServer < CloudServer ######################################################################## # Guacamole ######################################################################## - def startguac(id, type_connection, guac) + def startguac(id, type_connection, guac, client=nil) resource = retrieve_resource("vm", id) if OpenNebula.is_error?(resource) return [404, resource.to_json] @@ -334,7 +334,7 @@ class SunstoneServer < CloudServer exit -1 end - return guac.proxy(resource, type_connection) + return guac.proxy(resource, type_connection, client) end ######################################################################## diff --git a/src/sunstone/models/sunstone_guac.rb b/src/sunstone/models/sunstone_guac.rb index b824bd2ae8..df4eae09aa 100644 --- a/src/sunstone/models/sunstone_guac.rb +++ b/src/sunstone/models/sunstone_guac.rb @@ -42,7 +42,7 @@ class SunstoneGuac < SunstoneRemoteConnections super end - def proxy(vm_resource, type_connection = 'vnc') + def proxy(vm_resource, type_connection = 'vnc', client = nil) # Check configurations and VM attributes if !allowed_console_states.include?(vm_resource['LCM_STATE']) error_message = "Wrong state (#{vm_resource['LCM_STATE']}) @@ -66,7 +66,7 @@ class SunstoneGuac < SunstoneRemoteConnections case type_connection.downcase when 'vnc' then settings = get_config_vnc(vm_resource) when 'rdp' then settings = get_config_rdp(vm_resource) - when 'ssh' then settings = get_config_ssh(vm_resource) + when 'ssh' then settings = get_config_ssh(vm_resource, client) else { :error => error(400, 'Type connection not supported by Guacamole') } @@ -157,7 +157,7 @@ class SunstoneGuac < SunstoneRemoteConnections ) end - def get_config_ssh(vm_resource) + def get_config_ssh(vm_resource, client) hostname = vm_resource["TEMPLATE/NIC[SSH='YES'][1]/EXTERNAL_IP"] || vm_resource["TEMPLATE/NIC[SSH='YES'][1]/IP"] || @@ -184,19 +184,47 @@ class SunstoneGuac < SunstoneRemoteConnections return { :error => error(400, error_message) } end + hash = { + 'hostname' => hostname, + 'port' => port || vm_resource['TEMPLATE/CONTEXT/SSH_PORT'] + } + + if vm_resource['TEMPLATE/CONTEXT/USERNAME'] + hash['username'] = vm_resource['TEMPLATE/CONTEXT/USERNAME'] + end + + if vm_resource['TEMPLATE/CONTEXT/PASSWORD'] + hash['password'] = vm_resource['TEMPLATE/CONTEXT/PASSWORD'] + end + + if vm_resource['TEMPLATE/CONTEXT/SSH_PUBLIC_KEY'] + user = User.new_with_id(OpenNebula::User::SELF, client) + rc = user.info + + if OpenNebula.is_error?(rc) + error_message = "VMID:#{vmid} user.info error: #{rc.message}" + return { :error => error(400, error_message) } + end + + private_key = user['TEMPLATE/SSH_PRIVATE_KEY'] + + if private_key.nil? + error_message = "SSH_PRIVATE_KEY not present in the USER:#{OpenNebula::User::SELF} TEMPLATE" + return { :error => error(400, error_message) } + end + + passphrase = user['TEMPLATE/SSH_PASSPHRASE'] + if !passphrase.nil? + hash['passphrase'] = passphrase + end + + hash['private-key'] = private_key + end + { 'hostname' => 'localhost', - 'port' => '22', - 'username' => nil, - 'password' => nil - }.merge( - { - 'hostname' => hostname, - 'port' => port || vm_resource['TEMPLATE/CONTEXT/SSH_PORT'], - 'username' => vm_resource['TEMPLATE/CONTEXT/USERNAME'], - 'password' => vm_resource['TEMPLATE/CONTEXT/PASSWORD'] - } - ) + 'port' => '22' + }.merge(hash) end def encrypt_data(data) diff --git a/src/sunstone/public/app/tabs/users-tab/panels/auth-common.js b/src/sunstone/public/app/tabs/users-tab/panels/auth-common.js index b2894931b0..591a3cad2d 100644 --- a/src/sunstone/public/app/tabs/users-tab/panels/auth-common.js +++ b/src/sunstone/public/app/tabs/users-tab/panels/auth-common.js @@ -35,7 +35,7 @@ define(function(require) { var CONFIRM_DIALOG_ID = require('utils/dialogs/generic-confirm/dialogId'); var RESOURCE = "User"; var XML_ROOT = "USER"; - var REGEX_HIDDEN_ATTRS = /^(SUNSTONE|SSH_PUBLIC_KEY)$/ + var REGEX_HIDDEN_ATTRS = /^(SUNSTONE|SSH_PUBLIC_KEY|SSH_PRIVATE_KEY|SSH_PASSPHRASE)$/ /* CONSTRUCTOR */ @@ -165,7 +165,7 @@ define(function(require) { } }); - // SSH input + // Public SSH input context.off("click", ".user_ssh_public_key_edit"); context.on("click", ".user_ssh_public_key_edit", function() { @@ -188,6 +188,55 @@ define(function(require) { $("#user_ssh_public_key_text", context).show(); $("#user_ssh_public_key_textarea", context).hide(); + + // Private SSH input + + context.off("click", ".user_ssh_private_key_edit"); + context.on("click", ".user_ssh_private_key_edit", function() { + $("#user_ssh_private_key_text", context).hide(); + $("#user_ssh_private_key_textarea", context).show().focus(); + }); + + context.off("change", "#user_ssh_private_key_textarea"); + context.on("change", "#user_ssh_private_key_textarea", function() { + var template_str = 'SSH_PRIVATE_KEY = "'+TemplateUtils.escapeDoubleQuotes($(this).val())+'"'; + + Sunstone.runAction("User.append_template", that.element.ID, template_str); + }); + + context.off("focusout", "#user_ssh_private_key_textarea"); + context.on("focusout", "#user_ssh_private_key_textarea", function() { + $("#user_ssh_private_key_text", context).show(); + $("#user_ssh_private_key_textarea", context).hide(); + }); + + $("#user_ssh_private_key_text", context).show(); + $("#user_ssh_private_key_textarea", context).hide(); + + // Private SSH Passphrases input + + context.off("click", ".user_ssh_passphrase_edit"); + context.on("click", ".user_ssh_passphrase_edit", function() { + $("#user_ssh_passphrase_text", context).hide(); + $("#user_ssh_passphrase_textarea", context).show().focus(); + }); + + context.off("change", "#user_ssh_passphrase_textarea"); + context.on("change", "#user_ssh_passphrase_textarea", function() { + var template_str = 'SSH_PASSPHRASE = "'+TemplateUtils.escapeDoubleQuotes($(this).val())+'"'; + + Sunstone.runAction("User.append_template", that.element.ID, template_str); + }); + + context.off("focusout", "#user_ssh_passphrase_textarea"); + context.on("focusout", "#user_ssh_passphrase_textarea", function() { + $("#user_ssh_passphrase_text", context).show(); + $("#user_ssh_passphrase_textarea", context).hide(); + }); + + $("#user_ssh_passphrase_text", context).show(); + $("#user_ssh_passphrase_textarea", context).hide(); + return false; } }); diff --git a/src/sunstone/public/app/tabs/users-tab/panels/auth/html.hbs b/src/sunstone/public/app/tabs/users-tab/panels/auth/html.hbs index ec06e5d6bc..8d392d0415 100644 --- a/src/sunstone/public/app/tabs/users-tab/panels/auth/html.hbs +++ b/src/sunstone/public/app/tabs/users-tab/panels/auth/html.hbs @@ -98,5 +98,57 @@ +
+
+ + + + + + + +
{{tr "Private SSH Key"}} + +
+ + +

+ {{#if element.TEMPLATE.SSH_PRIVATE_KEY}} + {{element.TEMPLATE.SSH_PRIVATE_KEY}} + {{else}} + {{tr "You can provide a Private SSH Key for this User clicking on the edit button"}} + {{/if}} +

+ +
+
+
+
+ + + + + + + +
{{tr "Private SSH Key Passphrase"}} + +
+ + +

+ {{#if element.TEMPLATE.SSH_PASSPHRASE}} + {{element.TEMPLATE.SSH_PASSPHRASE}} + {{else}} + {{tr "You can provide a Private SSH Key Passphrase for this User clicking on the edit button"}} + {{/if}} +

+ +
+
diff --git a/src/sunstone/public/app/tabs/users-tab/panels/info-common.js b/src/sunstone/public/app/tabs/users-tab/panels/info-common.js index 272688d13c..6cf3c42f65 100644 --- a/src/sunstone/public/app/tabs/users-tab/panels/info-common.js +++ b/src/sunstone/public/app/tabs/users-tab/panels/info-common.js @@ -38,7 +38,7 @@ define(function(require) { var RESOURCE = "User"; var XML_ROOT = "USER"; - var REGEX_HIDDEN_ATTRS = /^(SSH_PUBLIC_KEY|SUNSTONE|FIREEDGE)$/ + var REGEX_HIDDEN_ATTRS = /^(|SSH_PUBLIC_KEY|SSH_PRIVATE_KEY|SSH_PASSPHRASE|SUNSTONE|FIREEDGE)$/ /* CONSTRUCTOR diff --git a/src/sunstone/sunstone-server.rb b/src/sunstone/sunstone-server.rb index 3b3608bf65..c651641215 100755 --- a/src/sunstone/sunstone-server.rb +++ b/src/sunstone/sunstone-server.rb @@ -1194,8 +1194,18 @@ end post '/vm/:id/guac/:type' do vm_id = params[:id] type_connection = params[:type] + + user = OpenNebula::User.new_with_id( + OpenNebula::User::SELF, + $cloud_auth.client(session[:user], session[:active_zone_endpoint])) - @SunstoneServer.startguac(vm_id, type_connection, $guac) + rc = user.info + if OpenNebula.is_error?(rc) + logger.error { rc.message } + error 500, "" + end + + @SunstoneServer.startguac(vm_id, type_connection, $guac, user) end ##############################################################################