diff --git a/install.sh b/install.sh index 46a9fe7e56..e68a8ca288 100755 --- a/install.sh +++ b/install.sh @@ -808,7 +808,7 @@ COMMON_CLOUD_LIB_FILES="src/cloud/common/CloudServer.rb \ COMMON_CLOUD_CLIENT_LIB_FILES="src/cloud/common/CloudClient.rb" -CLOUD_AUTH_LIB_FILES="src/cloud/common/CloudAuth/BasicCloudAuth.rb \ +CLOUD_AUTH_LIB_FILES="src/cloud/common/CloudAuth/OCCICloudAuth.rb \ src/cloud/common/CloudAuth/SunstoneCloudAuth.rb \ src/cloud/common/CloudAuth/EC2CloudAuth.rb \ src/cloud/common/CloudAuth/X509CloudAuth.rb" @@ -860,6 +860,8 @@ OCCI_LIB_FILES="src/cloud/occi/lib/OCCIServer.rb \ src/cloud/occi/lib/VirtualMachinePoolOCCI.rb \ src/cloud/occi/lib/VirtualNetworkOCCI.rb \ src/cloud/occi/lib/VirtualNetworkPoolOCCI.rb \ + src/cloud/occi/lib/UserOCCI.rb \ + src/cloud/occi/lib/UserPoolOCCI.rb \ src/cloud/occi/lib/ImageOCCI.rb \ src/cloud/occi/lib/ImagePoolOCCI.rb" diff --git a/src/cloud/common/CloudAuth.rb b/src/cloud/common/CloudAuth.rb index 28da088235..3dfbab8246 100644 --- a/src/cloud/common/CloudAuth.rb +++ b/src/cloud/common/CloudAuth.rb @@ -14,12 +14,10 @@ # limitations under the License. # #--------------------------------------------------------------------------- # -require 'server_cipher_auth' - class CloudAuth # These are the authentication methods for the user requests AUTH_MODULES = { - "basic" => 'BasicCloudAuth', + "occi" => 'OCCICloudAuth', "sunstone" => 'SunstoneCloudAuth' , "ec2" => 'EC2CloudAuth', "x509" => 'X509CloudAuth' diff --git a/src/cloud/common/CloudAuth/BasicCloudAuth.rb b/src/cloud/common/CloudAuth/OCCICloudAuth.rb similarity index 79% rename from src/cloud/common/CloudAuth/BasicCloudAuth.rb rename to src/cloud/common/CloudAuth/OCCICloudAuth.rb index ae61eed91e..e6f80c4f67 100644 --- a/src/cloud/common/CloudAuth/BasicCloudAuth.rb +++ b/src/cloud/common/CloudAuth/OCCICloudAuth.rb @@ -14,7 +14,7 @@ # limitations under the License. # #--------------------------------------------------------------------------- # -module BasicCloudAuth +module OCCICloudAuth def auth(env, params={}) auth = Rack::Auth::Basic::Request.new(env) @@ -23,15 +23,11 @@ module BasicCloudAuth one_pass = get_password(username) - if one_pass && one_pass == Digest::SHA1.hexdigest(password) - @token = @server_auth.login_token(username) - @client = Client.new(@token, @conf[:one_xmlrpc]) - return nil - else - return "Authentication failure" + if one_pass && one_pass == password + return username end - else - return "Basic auth not provided" end - end -end + + return nil + end +end \ No newline at end of file diff --git a/src/cloud/common/CloudServer.rb b/src/cloud/common/CloudServer.rb index 59ad085e7f..8a1beac4aa 100755 --- a/src/cloud/common/CloudServer.rb +++ b/src/cloud/common/CloudServer.rb @@ -15,7 +15,6 @@ #--------------------------------------------------------------------------- # require 'OpenNebula' -require 'CloudAuth' ############################################################################## # This class represents a generic Cloud Server using the OpenNebula Cloud @@ -49,17 +48,7 @@ class CloudServer def initialize(config) # --- Load the Cloud Server configuration file --- @config = config - @cloud_auth = CloudAuth.new(@config) end - - def authenticate(env, params={}) - @cloud_auth.auth(env, params) - end - - def client - @cloud_auth.client - end - # # Prints the configuration of the server # diff --git a/src/cloud/occi/lib/OCCIServer.rb b/src/cloud/occi/lib/OCCIServer.rb index 6edf28d972..841f45fa49 100755 --- a/src/cloud/occi/lib/OCCIServer.rb +++ b/src/cloud/occi/lib/OCCIServer.rb @@ -41,7 +41,7 @@ class OCCIServer < CloudServer # Server initializer # config_file:: _String_ path of the config file # template:: _String_ path to the location of the templates - def initialize(config) + def initialize(client, config) super(config) if config[:ssl_server] @@ -49,6 +49,8 @@ class OCCIServer < CloudServer else @base_url="http://#{config[:server]}:#{config[:port]}" end + + @client = client end # Prepare the OCCI XML Response @@ -75,7 +77,7 @@ class OCCIServer < CloudServer user_flag = -1 vmpool = VirtualMachinePoolOCCI.new( - self.client, + @client, user_flag) # --- Prepare XML Response --- @@ -102,7 +104,7 @@ class OCCIServer < CloudServer user_flag = -1 network_pool = VirtualNetworkPoolOCCI.new( - self.client, + @client, user_flag) # --- Prepare XML Response --- @@ -128,7 +130,7 @@ class OCCIServer < CloudServer user_flag = -1 image_pool = ImagePoolOCCI.new( - self.client, + @client, user_flag) # --- Prepare XML Response --- @@ -151,7 +153,7 @@ class OCCIServer < CloudServer # status code def get_users(request) # --- Get Users Pool --- - user_pool = UserPoolOCCI.new(self.client) + user_pool = UserPoolOCCI.new(@client) # --- Prepare XML Response --- rc = user_pool.info @@ -180,7 +182,7 @@ class OCCIServer < CloudServer # --- Create the new Instance --- vm = VirtualMachineOCCI.new( VirtualMachine.build_xml, - self.client, + @client, request.body.read, @config[:instance_types], @config[:template_location]) @@ -205,7 +207,7 @@ class OCCIServer < CloudServer # --- Get the VM --- vm = VirtualMachineOCCI.new( VirtualMachine.build_xml(params[:id]), - self.client) + @client) # --- Prepare XML Response --- rc = vm.info @@ -230,7 +232,7 @@ class OCCIServer < CloudServer # --- Get the VM --- vm = VirtualMachineOCCI.new( VirtualMachine.build_xml(params[:id]), - self.client) + @client) rc = vm.info return rc, 404 if OpenNebula::is_error?(rc) @@ -250,7 +252,7 @@ class OCCIServer < CloudServer # --- Get the VM --- vm = VirtualMachineOCCI.new( VirtualMachine.build_xml(params[:id]), - self.client) + @client) rc = vm.info if OpenNebula.is_error?(rc) @@ -278,7 +280,7 @@ class OCCIServer < CloudServer # --- Create the new Instance --- network = VirtualNetworkOCCI.new( VirtualNetwork.build_xml, - self.client, + @client, request.body, @config[:bridge]) @@ -301,7 +303,7 @@ class OCCIServer < CloudServer def get_network(request, params) network = VirtualNetworkOCCI.new( VirtualNetwork.build_xml(params[:id]), - self.client) + @client) # --- Prepare XML Response --- rc = network.info @@ -324,7 +326,7 @@ class OCCIServer < CloudServer def delete_network(request, params) network = VirtualNetworkOCCI.new( VirtualNetwork.build_xml(params[:id]), - self.client) + @client) rc = network.info return rc, 404 if OpenNebula::is_error?(rc) @@ -346,7 +348,7 @@ class OCCIServer < CloudServer vnet = VirtualNetworkOCCI.new( VirtualNetwork.build_xml(params[:id]), - self.client) + @client) rc = vnet.info return rc, 400 if OpenNebula.is_error?(rc) @@ -386,7 +388,7 @@ class OCCIServer < CloudServer image = ImageOCCI.new( Image.build_xml, - self.client, + @client, occixml, request.params['file']) @@ -410,7 +412,7 @@ class OCCIServer < CloudServer # --- Get the Image --- image = ImageOCCI.new( Image.build_xml(params[:id]), - self.client) + @client) rc = image.info @@ -434,7 +436,7 @@ class OCCIServer < CloudServer # --- Get the Image --- image = ImageOCCI.new( Image.build_xml(params[:id]), - self.client) + @client) rc = image.info return rc, 404 if OpenNebula::is_error?(rc) @@ -456,7 +458,7 @@ class OCCIServer < CloudServer image = ImageOCCI.new( Image.build_xml(params[:id]), - self.client) + @client) rc = image.info return rc, 400 if OpenNebula.is_error?(rc) @@ -491,7 +493,7 @@ class OCCIServer < CloudServer # --- Get the USER --- user = UserOCCI.new( User.build_xml(params[:id]), - self.client) + @client) # --- Prepare XML Response --- rc = user.info diff --git a/src/cloud/occi/lib/occi-server.rb b/src/cloud/occi/lib/occi-server.rb index d0d355dce9..6410ba4e27 100755 --- a/src/cloud/occi/lib/occi-server.rb +++ b/src/cloud/occi/lib/occi-server.rb @@ -46,6 +46,7 @@ require 'sinatra' require 'yaml' require 'OCCIServer' +require 'CloudAuth' include OpenNebula @@ -77,20 +78,24 @@ end set :host, settings.config[:server] set :port, settings.config[:port] +set :cloud_auth, CloudAuth.new(settings.config) + ############################################################################## # Helpers ############################################################################## before do - @occi_server = OCCIServer.new(settings.config) begin - result = @occi_server.authenticate(request.env) + username = settings.cloud_auth.auth(request.env, params) rescue Exception => e error 500, e.message end - if result - error 401, result + if username.nil? + return [401, ""] + else + client = settings.cloud_auth.client(username) + @occi_server = OCCIServer.new(client, settings.config) end end diff --git a/src/sunstone/etc/sunstone-server.conf b/src/sunstone/etc/sunstone-server.conf index a83a1f1a5c..c45fac01ce 100644 --- a/src/sunstone/etc/sunstone-server.conf +++ b/src/sunstone/etc/sunstone-server.conf @@ -6,6 +6,8 @@ :port: 9869 # Authentication driver for incomming requests +# sunstone, for OpenNebula's user-password scheme +# x509, for x509 certificates based authentication :auth: sunstone # Authentication driver to communicate with OpenNebula core