shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-22 18:50:08 +03:00
Code Releases Wiki Activity

B #1021: Pass AuthN/AuthZ data over stdin

Browse Source
This commit is contained in:
Vlastimil Holer 2018-01-09 18:20:03 +01:00 committed by Ruben S. Montero
parent 6f5ba65753
commit de924cfba0
8 changed files with 135 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/authm_mad/one_auth_mad.rb
View File

@ -32,6 +32,8 @@ require 'scripts_common'
require 'OpenNebulaDriver'
require 'getoptlong'
require 'shellwords'
require 'rexml/document'
require 'opennebula'
# This is a generic AuthZ/AuthN driver able to manage multiple authentication
# protocols (simultaneosly). It also supports the definition of custom
@ -90,15 +92,6 @@ class AuthDriver < OpenNebulaDriver
end
end
# Works the same as log_method but changes the password by '****'.
# The last word is the password for authentication.
def log_method_no_password(num, secret)
lambda {|message, all=true|
m=message.gsub(/ #{Regexp.escape(secret)}$/, ' ****')
log(num, m, all)
}
end
# Authenticate a user based in a string of the form user:secret when using the
# driver secret is protocol:token
# @param [String] the id for this request, used by OpenNebula core
@ -125,12 +118,17 @@ class AuthDriver < OpenNebulaDriver
authN_path = File.join(@local_scripts_path, driver)
command = File.join(authN_path, ACTION[:authN].downcase)
command << ' ' << ([user, password, secret].map do |p|
Shellwords.escape(p)
end.join(' '))
stdin_xml = OpenNebula::XMLElement.new
stdin_xml.initialize_xml('<AUTHN/>', 'AUTHN')
stdin_xml.add_element('/AUTHN',
'USERNAME' => user,
'PASSWORD' => password,
'SECRET' => secret)
rc = LocalCommand.run(command,
log_method_no_password(request_id, Shellwords.escape(secret)))
log_method(request_id),
stdin_xml.to_xml)
result, info = get_info_from_execution(rc)
@ -162,9 +160,21 @@ class AuthDriver < OpenNebulaDriver
send_message(ACTION[:authZ], result, request_id, "-")
else
command = @authZ_cmd.clone
command << ' ' << user_id << ' ' << requests.join(' ')
rc = LocalCommand.run(command, log_method(request_id))
stdin_xml = OpenNebula::XMLElement.new
stdin_xml.initialize_xml('<AUTHZ/>', 'AUTHZ')
stdin_xml.add_element('/AUTHZ',
'USERNAME' => user_id,
'REQUESTS' => nil)
requests.each do |request|
stdin_xml.add_element('/AUTHZ/REQUESTS',
'REQUEST' => request)
end
rc = LocalCommand.run(command,
log_method(request_id),
stdin_xml.to_xml)
result , info = get_info_from_execution(rc)

31
src/authm_mad/remotes/dummy/authenticate
View File

@ -1,4 +1,4 @@
#!/usr/bin/env bash
#!/usr/bin/env ruby
# -------------------------------------------------------------------------- #
# Copyright 2002-2018, OpenNebula Project, OpenNebula Systems #
@ -16,11 +16,32 @@
# limitations under the License. #
#--------------------------------------------------------------------------- #
# $1 = username
# $2 = "-" if user is not registered in opennebula
# $3 = password
echo core $1 $3
ONE_LOCATION=ENV["ONE_LOCATION"]
if !ONE_LOCATION
RUBY_LIB_LOCATION="/usr/lib/one/ruby"
ETC_LOCATION="/etc/one/"
else
RUBY_LIB_LOCATION=ONE_LOCATION+"/lib/ruby"
ETC_LOCATION=ONE_LOCATION+"/etc/"
end
$: << RUBY_LIB_LOCATION
require 'rexml/document'
require 'opennebula/error'
require 'opennebula/xml_utils'
begin
xml = OpenNebula::XMLElement.new
xml.initialize_xml(STDIN.read, 'AUTHN')
user = xml['/AUTHN/USERNAME']
pass = xml['/AUTHN/PASSWORD']
secret = xml['/AUTHN/SECRET']
rescue
STDERR.puts "Invalid XML input"
exit(-1)
end
puts "core #{user} #{secret}"

17
src/authm_mad/remotes/ldap/authenticate
View File

@ -31,6 +31,9 @@ $: << RUBY_LIB_LOCATION
require 'yaml'
require 'opennebula/ldap_auth'
require 'uri'
require 'rexml/document'
require 'opennebula/error'
require 'opennebula/xml_utils'
if defined?(URI::Parser)
URI_PARSER=URI::Parser.new
@ -38,9 +41,17 @@ else
URI_PARSER=URI
end
user=URI_PARSER.unescape(ARGV[0])
pass=URI_PARSER.unescape(ARGV[1])
secret=URI_PARSER.unescape(ARGV[2])
begin
xml = OpenNebula::XMLElement.new
xml.initialize_xml(STDIN.read, 'AUTHN')
user = URI_PARSER.unescape(xml['/AUTHN/USERNAME'])
pass = URI_PARSER.unescape(xml['/AUTHN/PASSWORD'])
secret = URI_PARSER.unescape(xml['/AUTHN/SECRET'])
rescue
STDERR.puts "Invalid XML input"
exit(-1)
end
options=YAML.load(File.read(ETC_LOCATION+'/auth/ldap_auth.conf'))

17
src/authm_mad/remotes/plain/authenticate
View File

@ -29,10 +29,21 @@ end
$: << RUBY_LIB_LOCATION
require 'scripts_common'
require 'rexml/document'
require 'opennebula/error'
require 'opennebula/xml_utils'
user = ARGV[0]
pass = ARGV[1]
secret = ARGV[2]
begin
xml = OpenNebula::XMLElement.new
xml.initialize_xml(STDIN.read, 'AUTHN')
user = xml['/AUTHN/USERNAME']
pass = xml['/AUTHN/PASSWORD']
secret = xml['/AUTHN/SECRET']
rescue
STDERR.puts "Invalid XML input"
exit(-1)
end
#OpenNebula.log_debug("Authenticating #{user}, with password #{pass} (#{secret})")

17
src/authm_mad/remotes/server_cipher/authenticate
View File

@ -30,10 +30,21 @@ $: << RUBY_LIB_LOCATION
require 'opennebula/server_cipher_auth'
require 'scripts_common'
require 'rexml/document'
require 'opennebula/error'
require 'opennebula/xml_utils'
user = ARGV[0] # username as registered in OpenNebula
pass = ARGV[1] # password for this user
secret = ARGV[2] # Base64 encoded secret as obtained from login_token
begin
xml = OpenNebula::XMLElement.new
xml.initialize_xml(STDIN.read, 'AUTHN')
user = xml['/AUTHN/USERNAME'] # username as registered in OpenNebula
pass = xml['/AUTHN/PASSWORD'] # password for this user
secret = xml['/AUTHN/SECRET'] # Base64 encoded secret as obtained from login_token
rescue
STDERR.puts "Invalid XML input"
exit(-1)
end
#OpenNebula.log_debug("Authenticating #{user}, with password #{pass} (#{secret})")

17
src/authm_mad/remotes/server_x509/authenticate
View File

@ -30,10 +30,21 @@ $: << RUBY_LIB_LOCATION
require 'opennebula/server_x509_auth'
require 'scripts_common'
require 'rexml/document'
require 'opennebula/error'
require 'opennebula/xml_utils'
user = ARGV[0] # username as registered in OpenNebula
pass = ARGV[1] # password for this user
secret = ARGV[2] # Base64 encoded secret as obtained from login_token
begin
xml = OpenNebula::XMLElement.new
xml.initialize_xml(STDIN.read, 'AUTHN')
user = xml['/AUTHN/USERNAME'] # username as registered in OpenNebula
pass = xml['/AUTHN/PASSWORD'] # password for this user
secret = xml['/AUTHN/SECRET'] # Base64 encoded secret as obtained from login_token
rescue
STDERR.puts "Invalid XML input"
exit(-1)
end
#OpenNebula.log_debug("Authenticating #{user}, with password #{pass} (#{secret})")

17
src/authm_mad/remotes/ssh/authenticate
View File

@ -30,10 +30,21 @@ $: << RUBY_LIB_LOCATION
require 'opennebula/ssh_auth'
require 'scripts_common'
require 'rexml/document'
require 'opennebula/error'
require 'opennebula/xml_utils'
user = ARGV[0]
pass = ARGV[1]
secret = ARGV[2]
begin
xml = OpenNebula::XMLElement.new
xml.initialize_xml(STDIN.read, 'AUTHN')
user = xml['/AUTHN/USERNAME']
pass = xml['/AUTHN/PASSWORD']
secret = xml['/AUTHN/SECRET']
rescue
STDERR.puts "Invalid XML input"
exit(-1)
end
#OpenNebula.log_debug("Authenticating #{user}, with password #{pass} (#{secret})")
begin

17
src/authm_mad/remotes/x509/authenticate
View File

@ -30,10 +30,21 @@ $: << RUBY_LIB_LOCATION
require 'opennebula/x509_auth'
require 'scripts_common'
require 'rexml/document'
require 'opennebula/error'
require 'opennebula/xml_utils'
user = ARGV[0] # username as registered in OpenNebula
pass = ARGV[1] # DN registered for this user
secret = ARGV[2] # Base64 encoded text and certificate chain text:cert_0:cert_1:..., certs in pem format
begin
xml = OpenNebula::XMLElement.new
xml.initialize_xml(STDIN.read, 'AUTHN')
user = xml['/AUTHN/USERNAME'] # username as registered in OpenNebula
pass = xml['/AUTHN/PASSWORD'] # DN registered for this user
secret = xml['/AUTHN/SECRET'] # Base64 encoded text and certificate chain text:cert_0:cert_1:..., certs in pem format
rescue
STDERR.puts "Invalid XML input"
exit(-1)
end
#OpenNebula.log_debug("Authenticating #{user}, with password #{pass} (#{secret})")