# encoding: UTF-8 require 'sha1' require 'xmlrpc/client' require 'timeout' # # This allows poking of the SSL attributes of the http client. # module XMLRPC ; class Client ; attr_reader :http ; end ; end module Mauve # # Base class for authentication. # class Authentication ORDER = [] # Autenticates a user. # # @param [String] login # @param [String] password # # @return [FalseClass] Always returns false. def authenticate(login, password) raise ArgumentError.new("Login must be a string, not a #{login.class}") if String != login.class raise ArgumentError.new("Password must be a string, not a #{password.class}") if String != password.class raise ArgumentError.new("Login or/and password is/are empty.") if login.empty? || password.empty? return false unless Mauve::Configuration.current.people.has_key?(login) false end # @return [Log4r::Logger] def logger self.class.logger end # @return [Log4r::Logger] def self.logger @logger ||= Log4r::Logger.new(self.to_s) end # This calls all classes in the ORDER array one by one. If all classes # fail, a 5 second sleep rate-limits authentication attempts. # # @param [String] login # @param [String] password # # @return [Boolean] Success or failure. # def self.authenticate(login, password) result = false ORDER.any? do |klass| auth = klass.new result = begin auth.authenticate(login, password) rescue StandardError => ex logger.error "#{ex.class}: #{ex.to_s} during #{auth.class} for #{login}" logger.debug ex.backtrace.join("\n") false end logger.info "Authenticated #{login} using #{auth.class.to_s}" if true == result result end unless true == result logger.info "Authentication for #{login} failed" # Rate limit sleep 5 end result end end # This is the Bytemark authentication mechansim. # class AuthBytemark < Authentication Mauve::Authentication::ORDER << self # Set up the Bytemark authenticator # # @todo allow configuration of where the server is. # # @param [String] srv Authentication server name # @param [String] port Port overwhich authentication should take place # # @return [Mauve::AuthBytemark] # def initialize (srv='auth.bytemark.co.uk', port=443) raise ArgumentError.new("Server must be a String, not a #{srv.class}") if String != srv.class raise ArgumentError.new("Port must be a Fixnum, not a #{port.class}") if Fixnum != port.class @srv = srv @port = port @timeout = 7 self end # Tests to see if a server is alive, alive-o. # # @deprecated Not really needed. # # @return [Boolean] def ping begin Timeout.timeout(@timeout) do s = TCPSocket.open(@srv, @port) s.close() return true end rescue Timeout::Error => ex return false rescue => ex return false end return false end # Authenticate against the Bytemark server # # @param [String] login # @param [String] password # # @return [Boolean] def authenticate(login, password) super client = XMLRPC::Client.new(@srv,"/",@port,nil,nil,nil,nil,true,@timeout) # # Make sure we verify our peer before attempting login. # if client.http.use_ssl? client.http.ca_path = "/etc/ssl/certs/" client.http.verify_mode = OpenSSL::SSL::VERIFY_PEER end begin proxy = client.proxy("bytemark.auth") challenge = proxy.getChallengeForUser(login) response = Digest::SHA1.new.update(challenge).update(password).hexdigest proxy.login(login, response) return true rescue XMLRPC::FaultException => fault logger.warn "#{self.class} for #{login} failed" logger.debug "#{fault.faultCode}: #{fault.faultString}" return false rescue IOError => ex logger.warn "#{ex.class} during auth for #{login} (#{ex.to_s})" return false end end end # This is the local authentication mechansim, i.e. against the values in the # Mauve config file. # class AuthLocal < Authentication Mauve::Authentication::ORDER << self # Authenticate against the local configuration # # @param [String] login # @param [String] password # # @return [Boolean] def authenticate(login,password) super if ( Digest::SHA1.hexdigest(password) == Mauve::Configuration.current.people[login].password ) return true else logger.warn "#{self.class} for #{login} failed" return false end end end end