diff --git a/src/authm_mad/one_auth_mad.rb b/src/authm_mad/one_auth_mad.rb
index 8920e11c6e..2df3f394ef 100755
--- a/src/authm_mad/one_auth_mad.rb
+++ b/src/authm_mad/one_auth_mad.rb
@@ -32,6 +32,8 @@ require 'scripts_common'
require 'OpenNebulaDriver'
require 'getoptlong'
require 'shellwords'
+require 'rexml/document'
+require 'opennebula'
# This is a generic AuthZ/AuthN driver able to manage multiple authentication
# protocols (simultaneosly). It also supports the definition of custom
@@ -90,15 +92,6 @@ class AuthDriver < OpenNebulaDriver
end
end
- # Works the same as log_method but changes the password by '****'.
- # The last word is the password for authentication.
- def log_method_no_password(num, secret)
- lambda {|message, all=true|
- m=message.gsub(/ #{Regexp.escape(secret)}$/, ' ****')
- log(num, m, all)
- }
- end
-
# Authenticate a user based in a string of the form user:secret when using the
# driver secret is protocol:token
# @param [String] the id for this request, used by OpenNebula core
@@ -125,12 +118,17 @@ class AuthDriver < OpenNebulaDriver
authN_path = File.join(@local_scripts_path, driver)
command = File.join(authN_path, ACTION[:authN].downcase)
- command << ' ' << ([user, password, secret].map do |p|
- Shellwords.escape(p)
- end.join(' '))
+
+ stdin_xml = OpenNebula::XMLElement.new
+ stdin_xml.initialize_xml('', 'AUTHN')
+ stdin_xml.add_element('/AUTHN',
+ 'USERNAME' => user,
+ 'PASSWORD' => password,
+ 'SECRET' => secret)
rc = LocalCommand.run(command,
- log_method_no_password(request_id, Shellwords.escape(secret)))
+ log_method(request_id),
+ stdin_xml.to_xml)
result, info = get_info_from_execution(rc)
@@ -162,9 +160,21 @@ class AuthDriver < OpenNebulaDriver
send_message(ACTION[:authZ], result, request_id, "-")
else
command = @authZ_cmd.clone
- command << ' ' << user_id << ' ' << requests.join(' ')
- rc = LocalCommand.run(command, log_method(request_id))
+ stdin_xml = OpenNebula::XMLElement.new
+ stdin_xml.initialize_xml('', 'AUTHZ')
+ stdin_xml.add_element('/AUTHZ',
+ 'USERNAME' => user_id,
+ 'REQUESTS' => nil)
+
+ requests.each do |request|
+ stdin_xml.add_element('/AUTHZ/REQUESTS',
+ 'REQUEST' => request)
+ end
+
+ rc = LocalCommand.run(command,
+ log_method(request_id),
+ stdin_xml.to_xml)
result , info = get_info_from_execution(rc)
diff --git a/src/authm_mad/remotes/dummy/authenticate b/src/authm_mad/remotes/dummy/authenticate
index ac6355d99e..f517b1a288 100755
--- a/src/authm_mad/remotes/dummy/authenticate
+++ b/src/authm_mad/remotes/dummy/authenticate
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/usr/bin/env ruby
# -------------------------------------------------------------------------- #
# Copyright 2002-2018, OpenNebula Project, OpenNebula Systems #
@@ -16,11 +16,32 @@
# limitations under the License. #
#--------------------------------------------------------------------------- #
-# $1 = username
-# $2 = "-" if user is not registered in opennebula
-# $3 = password
-echo core $1 $3
+ONE_LOCATION=ENV["ONE_LOCATION"]
+if !ONE_LOCATION
+ RUBY_LIB_LOCATION="/usr/lib/one/ruby"
+ ETC_LOCATION="/etc/one/"
+else
+ RUBY_LIB_LOCATION=ONE_LOCATION+"/lib/ruby"
+ ETC_LOCATION=ONE_LOCATION+"/etc/"
+end
+$: << RUBY_LIB_LOCATION
+require 'rexml/document'
+require 'opennebula/error'
+require 'opennebula/xml_utils'
+begin
+ xml = OpenNebula::XMLElement.new
+ xml.initialize_xml(STDIN.read, 'AUTHN')
+
+ user = xml['/AUTHN/USERNAME']
+ pass = xml['/AUTHN/PASSWORD']
+ secret = xml['/AUTHN/SECRET']
+rescue
+ STDERR.puts "Invalid XML input"
+ exit(-1)
+end
+
+puts "core #{user} #{secret}"
diff --git a/src/authm_mad/remotes/ldap/authenticate b/src/authm_mad/remotes/ldap/authenticate
index ed9528ad30..099f92ddb3 100755
--- a/src/authm_mad/remotes/ldap/authenticate
+++ b/src/authm_mad/remotes/ldap/authenticate
@@ -31,6 +31,9 @@ $: << RUBY_LIB_LOCATION
require 'yaml'
require 'opennebula/ldap_auth'
require 'uri'
+require 'rexml/document'
+require 'opennebula/error'
+require 'opennebula/xml_utils'
if defined?(URI::Parser)
URI_PARSER=URI::Parser.new
@@ -38,9 +41,17 @@ else
URI_PARSER=URI
end
-user=URI_PARSER.unescape(ARGV[0])
-pass=URI_PARSER.unescape(ARGV[1])
-secret=URI_PARSER.unescape(ARGV[2])
+begin
+ xml = OpenNebula::XMLElement.new
+ xml.initialize_xml(STDIN.read, 'AUTHN')
+
+ user = URI_PARSER.unescape(xml['/AUTHN/USERNAME'])
+ pass = URI_PARSER.unescape(xml['/AUTHN/PASSWORD'])
+ secret = URI_PARSER.unescape(xml['/AUTHN/SECRET'])
+rescue
+ STDERR.puts "Invalid XML input"
+ exit(-1)
+end
options=YAML.load(File.read(ETC_LOCATION+'/auth/ldap_auth.conf'))
diff --git a/src/authm_mad/remotes/plain/authenticate b/src/authm_mad/remotes/plain/authenticate
index bd1fce9340..8d3d4d9012 100755
--- a/src/authm_mad/remotes/plain/authenticate
+++ b/src/authm_mad/remotes/plain/authenticate
@@ -29,10 +29,21 @@ end
$: << RUBY_LIB_LOCATION
require 'scripts_common'
+require 'rexml/document'
+require 'opennebula/error'
+require 'opennebula/xml_utils'
-user = ARGV[0]
-pass = ARGV[1]
-secret = ARGV[2]
+begin
+ xml = OpenNebula::XMLElement.new
+ xml.initialize_xml(STDIN.read, 'AUTHN')
+
+ user = xml['/AUTHN/USERNAME']
+ pass = xml['/AUTHN/PASSWORD']
+ secret = xml['/AUTHN/SECRET']
+rescue
+ STDERR.puts "Invalid XML input"
+ exit(-1)
+end
#OpenNebula.log_debug("Authenticating #{user}, with password #{pass} (#{secret})")
diff --git a/src/authm_mad/remotes/server_cipher/authenticate b/src/authm_mad/remotes/server_cipher/authenticate
index 941a59a79d..c06dd66bf2 100755
--- a/src/authm_mad/remotes/server_cipher/authenticate
+++ b/src/authm_mad/remotes/server_cipher/authenticate
@@ -30,10 +30,21 @@ $: << RUBY_LIB_LOCATION
require 'opennebula/server_cipher_auth'
require 'scripts_common'
+require 'rexml/document'
+require 'opennebula/error'
+require 'opennebula/xml_utils'
-user = ARGV[0] # username as registered in OpenNebula
-pass = ARGV[1] # password for this user
-secret = ARGV[2] # Base64 encoded secret as obtained from login_token
+begin
+ xml = OpenNebula::XMLElement.new
+ xml.initialize_xml(STDIN.read, 'AUTHN')
+
+ user = xml['/AUTHN/USERNAME'] # username as registered in OpenNebula
+ pass = xml['/AUTHN/PASSWORD'] # password for this user
+ secret = xml['/AUTHN/SECRET'] # Base64 encoded secret as obtained from login_token
+rescue
+ STDERR.puts "Invalid XML input"
+ exit(-1)
+end
#OpenNebula.log_debug("Authenticating #{user}, with password #{pass} (#{secret})")
diff --git a/src/authm_mad/remotes/server_x509/authenticate b/src/authm_mad/remotes/server_x509/authenticate
index 5a6a33b690..e731a9f7c2 100755
--- a/src/authm_mad/remotes/server_x509/authenticate
+++ b/src/authm_mad/remotes/server_x509/authenticate
@@ -30,10 +30,21 @@ $: << RUBY_LIB_LOCATION
require 'opennebula/server_x509_auth'
require 'scripts_common'
+require 'rexml/document'
+require 'opennebula/error'
+require 'opennebula/xml_utils'
-user = ARGV[0] # username as registered in OpenNebula
-pass = ARGV[1] # password for this user
-secret = ARGV[2] # Base64 encoded secret as obtained from login_token
+begin
+ xml = OpenNebula::XMLElement.new
+ xml.initialize_xml(STDIN.read, 'AUTHN')
+
+ user = xml['/AUTHN/USERNAME'] # username as registered in OpenNebula
+ pass = xml['/AUTHN/PASSWORD'] # password for this user
+ secret = xml['/AUTHN/SECRET'] # Base64 encoded secret as obtained from login_token
+rescue
+ STDERR.puts "Invalid XML input"
+ exit(-1)
+end
#OpenNebula.log_debug("Authenticating #{user}, with password #{pass} (#{secret})")
diff --git a/src/authm_mad/remotes/ssh/authenticate b/src/authm_mad/remotes/ssh/authenticate
index 5c4548c4df..d80013fb6c 100755
--- a/src/authm_mad/remotes/ssh/authenticate
+++ b/src/authm_mad/remotes/ssh/authenticate
@@ -30,10 +30,21 @@ $: << RUBY_LIB_LOCATION
require 'opennebula/ssh_auth'
require 'scripts_common'
+require 'rexml/document'
+require 'opennebula/error'
+require 'opennebula/xml_utils'
-user = ARGV[0]
-pass = ARGV[1]
-secret = ARGV[2]
+begin
+ xml = OpenNebula::XMLElement.new
+ xml.initialize_xml(STDIN.read, 'AUTHN')
+
+ user = xml['/AUTHN/USERNAME']
+ pass = xml['/AUTHN/PASSWORD']
+ secret = xml['/AUTHN/SECRET']
+rescue
+ STDERR.puts "Invalid XML input"
+ exit(-1)
+end
#OpenNebula.log_debug("Authenticating #{user}, with password #{pass} (#{secret})")
begin
diff --git a/src/authm_mad/remotes/x509/authenticate b/src/authm_mad/remotes/x509/authenticate
index 584252399a..5fffe376a1 100755
--- a/src/authm_mad/remotes/x509/authenticate
+++ b/src/authm_mad/remotes/x509/authenticate
@@ -30,10 +30,21 @@ $: << RUBY_LIB_LOCATION
require 'opennebula/x509_auth'
require 'scripts_common'
+require 'rexml/document'
+require 'opennebula/error'
+require 'opennebula/xml_utils'
-user = ARGV[0] # username as registered in OpenNebula
-pass = ARGV[1] # DN registered for this user
-secret = ARGV[2] # Base64 encoded text and certificate chain text:cert_0:cert_1:..., certs in pem format
+begin
+ xml = OpenNebula::XMLElement.new
+ xml.initialize_xml(STDIN.read, 'AUTHN')
+
+ user = xml['/AUTHN/USERNAME'] # username as registered in OpenNebula
+ pass = xml['/AUTHN/PASSWORD'] # DN registered for this user
+ secret = xml['/AUTHN/SECRET'] # Base64 encoded text and certificate chain text:cert_0:cert_1:..., certs in pem format
+rescue
+ STDERR.puts "Invalid XML input"
+ exit(-1)
+end
#OpenNebula.log_debug("Authenticating #{user}, with password #{pass} (#{secret})")