Merge branch 'master' of git.opennebula.org:one

src/authm/AuthManager.cc

@@ -117,6 +117,28 @@ void AuthRequest::add_auth(Object        ob,
     self_authorize = self_authorize && auth;
 
     auths.push_back(oss.str());
+
+    if ( auth == false )
+    {
+        ostringstream oss;
+
+        oss << message;
+
+        if ( !message.empty() )
+        {
+            oss << "; ";
+        }
+
+        oss << "Not authorized to perform " << Operation_to_str(op)
+            << " " << Object_to_str(ob);
+
+        if ( ob_id_int != -1 )
+        {
+            oss << " [" << ob_id << "]";
+        }
+
+        message = oss.str();
+    }
 }
 
 /* -------------------------------------------------------------------------- */
@@ -417,7 +439,20 @@ void AuthManager::notify_request(int auth_id,bool result,const string& message)
     }
 
     ar->result = result;
-    ar->message= message;
+
+    if ( message != "-" )
+    {
+        ostringstream oss;
+
+        if ( !ar->message.empty() )
+        {
+            oss << ar->message << "; ";
+        }
+
+        oss << message;
+
+        ar->message = oss.str();
+    }
 
     ar->notify();
 }

src/authm_mad/one_auth_mad.rb

@@ -49,7 +49,9 @@ class AuthDriver < OpenNebulaDriver
     #
     # @param [String] the authorization method to be used, nil to use the 
     #        built-in ACL engine
-    def initialize(authZ, nthreads)
+    # @param [Array] authentication modules enabled, nil will use any
+    #        any method existing in remotes directory
+    def initialize(authZ, authN, nthreads)
         super(
             "auth",
             :concurrency   => nthreads,
@@ -66,6 +68,20 @@ class AuthDriver < OpenNebulaDriver
         else
             @authZ_cmd = nil
         end
+
+        if authN == nil
+            # get the directories from remotes dir that have an authenticate
+            # script
+            @authN_protocols=Dir[@local_scripts_path+"/*/authenticate"].map do |d|
+                d.split('/')[-2]
+            end
+        else
+            if authN.class==String
+                @authN_protocols=[authN]
+            else
+                @authN_protocols=authN
+            end
+        end
     end
 
     # Authenticate a user based in a string of the form user:secret when using the 
@@ -88,6 +104,14 @@ class AuthDriver < OpenNebulaDriver
             secret_attr.shift
         end
 
+        unless @authN_protocols.include?(protocol)
+            return send_message(
+                ACTION[:authN],
+                RESULT[:failure],
+                request_id,
+                "Authentication rotocol '#{protocol}' not available")
+        end
+
         #build path for the auth action
         #/var/lib/one/remotes/auth/<protocol>/authenticate
         authN_path = File.join(@local_scripts_path, protocol)
@@ -133,11 +157,13 @@ end
 # Auth Driver Main program
 opts = GetoptLong.new(
     [ '--threads',    '-t', GetoptLong::REQUIRED_ARGUMENT ],
-    [ '--authz',      '-z', GetoptLong::REQUIRED_ARGUMENT ]
+    [ '--authz',      '-z', GetoptLong::REQUIRED_ARGUMENT ],
+    [ '--authn',      '-n', GetoptLong::REQUIRED_ARGUMENT ]
 )
 
 threads = 15
 authz   = nil
+authn   = nil
 
 begin
     opts.each do |opt, arg|
@@ -146,12 +172,14 @@ begin
                 threads = arg.to_i
             when '--authz'
                 authz   = arg
+            when '--authn'
+                authn   = arg.split(',').map {|a| a.strip }
         end
     end
 rescue Exception => e
     exit(-1)
 end
 
-auth_driver = AuthDriver.new(authz, threads)
+auth_driver = AuthDriver.new(authz, authn, threads)
 
 auth_driver.start_driver

src/authm_mad/remotes/quota/quota.rb

@@ -190,6 +190,7 @@ class Quota
         quota = get_quota(user_id)
 
         msg = ""
+        separator = ""
         info.each { |qname, quota_requested|
             unless quota[qname]
                 next
@@ -201,10 +202,13 @@ class Quota
             spent = used + request
 
             if spent > limit
+                msg << separator
                 msg << " #{qname.to_s.upcase} quota exceeded "
                 msg << "(Quota: #{limit}, "
                 msg << "Used: #{used}, "
                 msg << "Requested: #{request})"
+
+                separator = ";"
             end
         }
 

src/cli/one_helper/oneuser_helper.rb

@@ -117,12 +117,11 @@ class OneUserHelper < OpenNebulaHelper::OneHelper
             begin  
                 proxy = File.read(options[:proxy])
 
-                rc = proxy.scan(/(-+BEGIN CERTIFICATE-+\n[^-]*\n-+END CERTIFICATE-+)/)
-                certs = rc.flatten!
+                certs = proxy.scan(/(-+BEGIN CERTIFICATE-+\n[^-]*\n-+END CERTIFICATE-+)/)
+                certs.flatten!
 
                 rc = proxy.match(/(-+BEGIN RSA PRIVATE KEY-+\n[^-]*\n-+END RSA PRIVATE KEY-+)/)
-
-                key  = rc[1]
+                key= rc[1]
 
                 auth = X509Auth.new(:certs_pem=>certs, :key_pem=>key)
             rescue => e

src/mad/sh/scripts_common.sh

@@ -20,7 +20,7 @@ BASH=/bin/bash
 CUT=cut
 DATE=/bin/date
 DD=/bin/dd
-DU=/bin/du
+DU=/usr/bin/du
 LVCREATE=/sbin/lvcreate
 LVREMOVE=/sbin/lvremove
 LVS=/sbin/lvs

src/rm/Request.cc

@@ -189,13 +189,16 @@ string Request::authorization_error (const string &message,
 {
     ostringstream oss;
 
-    oss << "[" << method_name << "]" << " User [" << att.uid << "] not authorized"
-        << " to perform action on " << object_name(auth_object) << ".";
+    oss << "[" << method_name << "]" << " User [" << att.uid << "] ";
 
-
-    if ( !message.empty() )
+    if ( message.empty() )
     {
-        oss << message ;
+        oss << "not authorized to perform action on "
+            << object_name(auth_object) << ".";
+    }
+    else
+    {
+        oss << ": " << message << ".";
     }
 
     return oss.str();