opennebula 3.9.80.beta

data/lib/opennebula/virtual_network_pool.rb

@@ -0,0 +1,79 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2013, OpenNebula Project (OpenNebula.org), C12G Labs        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+
+
+require 'opennebula/pool'
+
+module OpenNebula
+    class VirtualNetworkPool < Pool
+        #######################################################################
+        # Constants and Class attribute accessors
+        #######################################################################
+
+
+        VN_POOL_METHODS = {
+            :info => "vnpool.info"
+        }
+
+        #######################################################################
+        # Class constructor & Pool Methods
+        #######################################################################
+
+        # +client+ a Client object that represents a XML-RPC connection
+        # +user_id+ is to refer to a Pool with VirtualNetworks from that user
+        def initialize(client, user_id=0)
+            super('VNET_POOL','VNET',client)
+
+            @user_id  = user_id
+        end
+
+        # Default Factory Method for the Pools
+        def factory(element_xml)
+            OpenNebula::VirtualNetwork.new(element_xml,@client)
+        end
+
+        #######################################################################
+        # XML-RPC Methods for the Virtual Network Object
+        #######################################################################
+
+        # Retrieves all or part of the VirtualMachines in the pool.
+        def info(*args)
+            case args.size
+                when 0
+                    info_filter(VN_POOL_METHODS[:info],@user_id,-1,-1)
+                when 3
+                    info_filter(VN_POOL_METHODS[:info],args[0],args[1],args[2])
+            end
+        end
+
+        def info_all()
+            return super(VN_POOL_METHODS[:info])
+        end
+
+        def info_mine()
+            return super(VN_POOL_METHODS[:info])
+        end
+
+        def info_group()
+            return super(VN_POOL_METHODS[:info])
+        end
+
+        alias_method :info!, :info
+        alias_method :info_all!, :info_all
+        alias_method :info_mine!, :info_mine
+        alias_method :info_group!, :info_group
+    end
+end

data/lib/opennebula/x509_auth.rb

@@ -0,0 +1,288 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2013, OpenNebula Project (OpenNebula.org), C12G Labs        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+
+require 'openssl'
+require 'base64'
+require 'fileutils'
+require 'yaml'
+
+module OpenNebula; end
+
+# X509 authentication class. It can be used as a driver for auth_mad
+# as auth method is defined. It also holds some helper methods to be used
+# by oneauth command
+class OpenNebula::X509Auth
+    ###########################################################################
+    #Constants with paths to relevant files and defaults
+    ###########################################################################
+    if !ENV["ONE_LOCATION"]
+        ETC_LOCATION      = "/etc/one"
+    else
+        ETC_LOCATION      = ENV["ONE_LOCATION"] + "/etc"
+    end
+
+    LOGIN_PATH = ENV['HOME']+'/.one/one_x509'
+
+    X509_AUTH_CONF_PATH = ETC_LOCATION + "/auth/x509_auth.conf"
+
+    X509_DEFAULTS = {
+        :ca_dir   => ETC_LOCATION + "/auth/certificates"
+    }
+
+    def self.escape_dn(dn)
+        dn.gsub(/\s/) { |s| "\\"+s[0].ord.to_s(16) }
+    end
+
+    def self.unescape_dn(dn)
+        dn.gsub(/\\[0-9a-f]{2}/) { |s| s[1,2].to_i(16).chr }
+    end
+
+    ###########################################################################
+    # Initialize x509Auth object
+    #
+    # @param [Hash] default options for path
+    # @option options [String] :certs_pem
+    #         cert chain array in colon-separated pem format
+    # @option options [String] :key_pem
+    #         key in pem format
+    # @option options [String] :ca_dir
+    #         directory of trusted CA's. Needed for auth method, not for login.
+    def initialize(options={})
+        @options ||= X509_DEFAULTS
+        @options.merge!(options)
+
+        load_options(X509_AUTH_CONF_PATH)
+
+        @cert_chain = @options[:certs_pem].collect do |cert_pem|
+            OpenSSL::X509::Certificate.new(cert_pem)
+        end
+
+        if @options[:key_pem]
+            @key  = OpenSSL::PKey::RSA.new(@options[:key_pem])
+        end
+    end
+
+    ###########################################################################
+    # Client side
+    ###########################################################################
+
+    # Creates the login file for x509 authentication at ~/.one/one_x509.
+    # By default it is valid as long as the certificate is valid. It can
+    # be changed to any number of seconds with expire parameter (sec.)
+    def login(user, expire=0)
+        write_login(login_token(user,expire))
+    end
+
+    # Returns a valid password string to create a user using this auth driver.
+    # In this case the dn of the user certificate.
+    def password
+        self.class.escape_dn(@cert_chain[0].subject.to_s)
+    end
+
+    # Generates a login token in the form:
+    # user_name:x509:user_name:time_expires:cert_chain
+    #   - user_name:time_expires is encrypted with the user certificate
+    #   - user_name:time_expires:cert_chain is base64 encoded
+    def login_token(user, expire)
+        if expire != 0
+            expires = Time.now.to_i + expire.to_i
+        else
+            expires = @cert_chain[0].not_after.to_i
+        end
+
+        text_to_sign = "#{user}:#{expires}"
+        signed_text  = encrypt(text_to_sign)
+
+        certs_pem = @cert_chain.collect{|cert| cert.to_pem}.join(":")
+
+        token     = "#{signed_text}:#{certs_pem}"
+        token64   = Base64::encode64(token).strip.delete("\n")
+
+        login_out = "#{user}:#{token64}"
+
+        login_out
+    end
+
+    ###########################################################################
+    # Server side
+    ###########################################################################
+    # auth method for auth_mad
+    def authenticate(user, pass, signed_text)
+        begin
+            # Decryption demonstrates that the user posessed the private key.
+            _user, expires = decrypt(signed_text).split(':')
+
+            return "User name missmatch" if user != _user
+
+            return "x509 proxy expired"  if Time.now.to_i >= expires.to_i
+
+            # Some DN in the chain must match a DN in the password
+            dn_ok = @cert_chain.each do |cert|
+                if pass.split('|').include?(
+                        self.class.escape_dn(cert.subject.to_s))
+                    break true
+                end
+            end
+
+            unless dn_ok == true
+                return "Certificate subject missmatch"
+            end
+
+            validate
+
+            return true
+        rescue => e
+            return e.message
+        end
+    end
+
+private
+    # Writes a login_txt to the login file as defined in LOGIN_PATH
+    # constant
+    def write_login(login_txt)
+        # Inits login file path and creates ~/.one directory if needed
+        # Set instance variables
+        login_dir = File.dirname(LOGIN_PATH)
+
+        begin
+            FileUtils.mkdir_p(login_dir)
+        rescue Errno::EEXIST
+        end
+
+        file = File.open(LOGIN_PATH, "w")
+        file.write(login_txt)
+        file.close
+
+        File.chmod(0600,LOGIN_PATH)
+    end
+
+    # Load class options form a configuration file (yaml syntax)
+    def load_options(conf_file)
+        if File.readable?(conf_file)
+            conf_txt = File.read(conf_file)
+            conf_opt = YAML::load(conf_txt)
+
+            @options.merge!(conf_opt) if conf_opt != false
+        end
+    end
+
+    ###########################################################################
+    #                       Methods to encrpyt/decrypt keys
+    ###########################################################################
+    # Encrypts data with the private key of the user and returns
+    # base 64 encoded output in a single line
+    def encrypt(data)
+        return nil if !@key
+        Base64::encode64(@key.private_encrypt(data)).delete("\n").strip
+    end
+
+    # Decrypts base 64 encoded data with pub_key (public key)
+    def decrypt(data)
+        @cert_chain[0].public_key.public_decrypt(Base64::decode64(data))
+    end
+
+    ###########################################################################
+    # Validate the user certificate
+    ###########################################################################
+    def validate
+        now    = Time.now
+
+        # Check start time and end time of certificates
+        @cert_chain.each do |cert|
+            if cert.not_before > now || cert.not_after < now
+                raise failed +  "Certificate not valid. Current time is " +
+                  now.localtime.to_s + "."
+            end
+        end
+
+        begin
+            # Validate the proxy certifcates
+            signee = @cert_chain[0]
+
+            check_crl(signee)
+
+            @cert_chain[1..-1].each do |cert|
+                if !((signee.issuer.to_s == cert.subject.to_s) &&
+                     (signee.verify(cert.public_key)))
+                    raise  failed + signee.subject.to_s + " with issuer " +
+                           signee.issuer.to_s + " was not verified by " +
+                           cert.subject.to_s + "."
+                end
+                signee = cert
+            end
+
+            # Validate the End Entity certificate
+            if !@options[:ca_dir]
+                raise failed + "No certifcate authority directory was specified."
+            end
+
+            begin
+                ca_hash = signee.issuer.hash.to_s(16)
+                ca_path = @options[:ca_dir] + '/' + ca_hash + '.0'
+
+                ca_cert = OpenSSL::X509::Certificate.new(File.read(ca_path))
+
+                if !((signee.issuer.to_s == ca_cert.subject.to_s) &&
+                     (signee.verify(ca_cert.public_key)))
+                    raise  failed + signee.subject.to_s + " with issuer " +
+                           signee.issuer.to_s + " was not verified by " +
+                           ca_cert.subject.to_s + "."
+                end
+
+                signee = ca_cert
+            end while ca_cert.subject.to_s != ca_cert.issuer.to_s
+        rescue
+            raise
+        end
+    end
+
+    def check_crl(signee)
+        failed = "Could not validate user credentials: "
+
+        ca_hash = signee.issuer.hash.to_s(16)
+        ca_path = @options[:ca_dir] + '/' + ca_hash + '.0'
+
+        crl_path = @options[:ca_dir] + '/' + ca_hash + '.r0'
+
+        if !File.exist?(crl_path)
+            if @options[:check_crl]
+                raise failed + "CRL file #{crl_path} does not exist"
+            else
+                return
+            end
+        end
+
+        ca_cert = OpenSSL::X509::Certificate.new( File.read(ca_path) )
+        crl_cert = OpenSSL::X509::CRL.new( File.read(crl_path) )
+
+        # First verify the CRL itself with its signer
+        unless crl_cert.verify( ca_cert.public_key ) then
+            raise failed + "CRL is not verified by its Signer"
+        end
+
+        # Extract the list of revoked certificates from the CRL
+        rc_array = crl_cert.revoked
+
+        # Loop over the list and compare with the target personal
+        # certificate
+        rc_array.each do |e|
+            if e.serial.eql?(signee.serial) then
+                raise failed + "#{signee.subject.to_s} is found in the "<<
+                    "CRL, i.e. it is revoked"
+            end
+        end
+    end
+end

data/lib/opennebula/xml_element.rb

@@ -0,0 +1,427 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2013, OpenNebula Project (OpenNebula.org), C12G Labs        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+
+
+module OpenNebula
+    # The XMLElement class provides an abstraction of the underlying
+    # XML parser engine. It provides XML-related methods for the Pool and
+    # PoolElement classes
+    class XMLElement
+
+        # xml:: _opaque xml object_ an xml object as returned by build_xml
+        def initialize(xml=nil)
+            @xml = xml
+        end
+
+        # Initialize a XML document for the element
+        # xml:: _String_ the XML document of the object
+        # root_element:: _String_ Base xml element
+        def initialize_xml(xml, root_element)
+            @xml = XMLElement.build_xml(xml, root_element)
+
+            if OpenNebula.is_error?(@xml)
+                @xml = nil
+            else
+                if NOKOGIRI
+                    if @xml.size == 0
+                        @xml = nil
+                    end
+                else
+                    if @xml.name != root_element
+                        @xml = nil
+                    end
+                end
+            end
+        end
+
+        # Builds a XML document
+        # xml:: _String_ the XML document of the object
+        # root_element:: _String_ Base xml element
+        # [return] _XML_ object for the underlying XML engine
+        def self.build_xml(xml, root_element)
+            begin
+                if NOKOGIRI
+                    doc = Nokogiri::XML(xml).xpath("/#{root_element}")
+                else
+                    doc = REXML::Document.new(xml).root
+                end
+            rescue Exception => e
+                return OpenNebula::Error.new(e.message)
+            end
+
+            return doc
+        end
+
+        # Extract a text element from the XML description of the PoolElement.
+        #
+        # @param [String] key Xpath expression
+        #
+        # @return [String, nil] If a text element is found, the element's
+        #   text value. Otherwise, an empty string or nil, depending
+        #   on the backend
+        #
+        # @example
+        #   vm['VID'] # gets VM id
+        #   vm['HISTORY/HOSTNAME'] # get the hostname from the history
+        def [](key)
+            if NOKOGIRI
+                element=@xml.xpath(key.to_s)
+
+                return nil if element.size == 0
+            else
+                element=@xml.elements[key.to_s]
+
+                return "" if element && !element.has_text?
+            end
+
+            element.text if element
+        end
+
+        # Delete an element from the xml
+        # xpath::_String_ xpath expression that selects the elemnts to be deleted
+        def delete_element(xpath)
+            if NOKOGIRI
+                @xml.xpath(xpath.to_s).remove
+            else
+                @xml.delete_element(xpath.to_s)
+            end
+        end
+
+        # Add a new element to the xml
+        # xpath::_String_ xpath xpression where the elemente will be added
+        # elems::_Hash_ Hash containing the pairs key-value to be included
+        # Examples:
+        #   add_element('VM', 'NEW_ITEM' => 'NEW_VALUE')
+        #     <VM><NEW_ITEM>NEW_VALUE</NEW_ITEM>...</VM>
+        #
+        #   add_element('VM/TEMPLATE', 'V1' => {'X1' => 'A1', 'Y2' => 'A2'})
+        #     <VM><TEMPLATE><V1><X1>A1</X1><Y2>A2</Y2>...</TEMPLATE></VM>
+        def add_element(xpath, elems)
+            elems.each { |key, value|
+                if value.instance_of?(Hash)
+                    if NOKOGIRI
+                        elem = Nokogiri::XML::Node.new key, @xml.document
+                        value.each { |k2, v2|
+                            child = Nokogiri::XML::Node.new k2, elem
+                            child.content = v2
+                            elem.add_child(child)
+                        }
+                        @xml.xpath(xpath.to_s).first.add_child(elem)
+                    else
+                        elem = REXML::Element.new(key)
+                        value.each { |k2, v2|
+                            elem.add_element(k2).text = v2
+                        }
+                        @xml.elements[xpath].add_element(elem)
+                    end
+                else
+                    if NOKOGIRI
+                        elem = Nokogiri::XML::Node.new key, @xml.document
+                        elem.content = value
+                        @xml.xpath(xpath.to_s).first.add_child(elem)
+                    else
+                        @xml.elements[xpath].add_element(key).text = value
+                    end
+                end
+            }
+        end
+
+        # Gets an array of text from elemenets extracted
+        # using  the XPATH  expression passed as filter
+        def retrieve_elements(filter)
+            elements_array = Array.new
+
+            if NOKOGIRI
+                @xml.xpath(filter.to_s).each { |pelem|
+                    elements_array << pelem.text if pelem.text
+                 }
+            else
+                @xml.elements.each(filter.to_s) { |pelem|
+                    elements_array << pelem.text if pelem.text
+                }
+            end
+
+            if elements_array.size == 0
+                return nil
+            else
+                return elements_array
+            end
+
+        end
+
+        # Gets an attribute from an elemenT
+        # key:: _String_ xpath for the element
+        # name:: _String_ name of the attribute
+        def attr(key,name)
+            value = nil
+
+            if NOKOGIRI
+                element=@xml.xpath(key.to_s.upcase)
+                if element.size == 0
+                    return nil
+                end
+
+                attribute = element.attr(name)
+
+                value = attribute.text if attribute != nil
+            else
+                element=@xml.elements[key.to_s.upcase]
+
+                value = element.attributes[name] if element != nil
+            end
+
+            return value
+        end
+
+        # Iterates over every Element in the XPath and calls the block with a
+        # a XMLElement
+        # block:: _Block_
+        def each(xpath_str,&block)
+            if NOKOGIRI
+                @xml.xpath(xpath_str).each { |pelem|
+                    block.call XMLElement.new(pelem)
+                }
+            else
+                @xml.elements.each(xpath_str) { |pelem|
+                    block.call XMLElement.new(pelem)
+                }
+            end
+        end
+
+        def each_xpath(xpath_str,&block)
+            if NOKOGIRI
+                @xml.xpath(xpath_str).each { |pelem|
+                    block.call pelem.text
+                }
+            else
+                @xml.elements.each(xpath_str) { |pelem|
+                    block.call pelem.text
+                }
+            end
+        end
+
+        def name
+            @xml.name
+        end
+
+        def text
+            if NOKOGIRI
+                @xml.content
+            else
+                @xml.text
+            end
+        end
+
+        # Returns wheter there are elements for a given XPath
+        # xpath_str:: _String_ XPath expression to locate the element
+        def has_elements?(xpath_str)
+            if NOKOGIRI
+                element = @xml.xpath(xpath_str.to_s.upcase)
+                return element != nil && element.children.size > 0
+            else
+                element = @xml.elements[xpath_str.to_s]
+                return element != nil && element.has_elements?
+            end
+        end
+
+        # Returns the <TEMPLATE> element in text form
+        # indent:: _Boolean_ indents the resulting string, default true
+        def template_str(indent=true)
+            template_like_str('TEMPLATE', indent)
+        end
+
+        # Returns the <TEMPLATE> element in XML form
+        def template_xml
+            if NOKOGIRI
+                @xml.xpath('TEMPLATE').to_s
+            else
+                @xml.elements['TEMPLATE'].to_s
+            end
+        end
+
+        # Returns the xml of an element
+        def element_xml(xpath)
+            if NOKOGIRI
+                @xml.xpath(xpath).to_s
+            else
+                @xml.elements[xpath].to_s
+            end
+        end
+
+        # Returns elements in text form
+        # root_element:: _String_ base element
+        # indent:: _Boolean_ indents the resulting string, default true
+        # xpath_exp:: _String_ filter elements with a XPath
+        def template_like_str(root_element, indent=true, xpath_exp=nil)
+            if NOKOGIRI
+                xml_template = @xml.xpath(root_element).to_s
+                rexml        = REXML::Document.new(xml_template).root
+            else
+                rexml = @xml.elements[root_element]
+            end
+
+            if indent
+                ind_enter = "\n"
+                ind_tab   = '  '
+            else
+                ind_enter = ''
+                ind_tab   = ' '
+            end
+
+            str = rexml.elements.collect(xpath_exp) {|n|
+                next if n.class != REXML::Element
+
+                str_line = ""
+
+                if n.has_elements?
+                    str_line << "#{n.name}=[#{ind_enter}" << n.collect { |n2|
+
+                        next if n2.class != REXML::Element or !n2.has_text?
+
+                        str = "#{ind_tab}#{n2.name}=#{attr_to_str(n2.text)}"
+
+                    }.compact.join(",#{ind_enter}") << " ]"
+                else
+                    next if !n.has_text?
+
+                    str_line << "#{n.name}=#{attr_to_str(n.text)}"
+                end
+
+                str_line
+            }.compact.join("\n")
+
+            return str
+        end
+
+        #
+        #
+        #
+        def to_xml(pretty=false)
+            if NOKOGIRI && pretty
+                str = @xml.to_xml
+            elsif REXML_FORMATTERS && pretty
+                str = String.new
+
+                formatter = REXML::Formatters::Pretty.new
+                formatter.compact = true
+
+                formatter.write(@xml,str)
+            else
+                str = @xml.to_s
+            end
+
+            return str
+        end
+
+        # @return [Hash] a hash representing the resource
+        def to_hash
+            hash = {}
+
+            if NOKOGIRI
+                if @xml.instance_of?(Nokogiri::XML::NodeSet)
+                    @xml.each { |c|
+                        if c.element?
+                            build_hash(hash, c)
+                        end
+                    }
+                else
+                    build_hash(hash, @xml)
+                end
+            else
+                build_hash(hash, @xml)
+            end
+
+            hash
+        end
+
+        private
+
+        #
+        #
+        #
+        def build_hash(hash, element)
+            if NOKOGIRI
+                array = element.children
+                if array.length==1 and (array.first.text? or array.first.cdata?)
+                    r = array.first.text
+                else
+                    r = {}
+                    array.each { |c|
+                        if c.element?
+                            build_hash(r, c)
+                        end
+                    }
+                end
+            else
+                r = {}
+                if element.has_elements?
+                    element.each_element { |c| build_hash(r, c) }
+                elsif element.has_text?
+                    r = element.text
+                end
+            end
+
+            key = element.name
+            if hash.has_key?(key)
+                if hash[key].instance_of?(Array)
+                    hash[key] << r
+                else
+                    hash[key] = [hash[key], r]
+                end
+            else
+                hash[key] = r
+            end
+
+            hash
+        end
+
+        #
+        #
+        #
+        def attr_to_str(attr)
+            attr.gsub!('"',"\\\"")
+            attr = "\"#{attr}\""
+
+            return attr
+        end
+    end
+
+    # The XMLUtilsPool module provides an abstraction of the underlying
+    # XML parser engine. It provides XML-related methods for the Pools
+    class XMLPool < XMLElement
+
+        def initialize(xml=nil)
+            super(xml)
+        end
+
+        #Executes the given block for each element of the Pool
+        #block:: _Block_
+        def each_element(block)
+            if NOKOGIRI
+                @xml.xpath(
+                    "#{@element_name}").each {|pelem|
+                    block.call self.factory(pelem)
+                }
+            else
+                @xml.elements.each(
+                    "#{@element_name}") {|pelem|
+                    block.call self.factory(pelem)
+                }
+            end
+        end
+    end
+
+end