class RIMS::Authentication

Attributes

capability[R]
hostname[R]

Public Class Methods

add_plug_in(name, klass) click to toggle source
# File lib/rims/auth.rb, line 33
def add_plug_in(name, klass)
  PLUG_IN[name] = klass
  self
end
cram_md5_server_challenge_data(hostname, time_source, random_string_source) click to toggle source
# File lib/rims/auth.rb, line 23
def cram_md5_server_challenge_data(hostname, time_source, random_string_source)
  s = random_string_source.call
  t = time_source.call
  "#{s}.#{t.to_i}@#{hostname}"
end
get_plug_in(name, config) click to toggle source
# File lib/rims/auth.rb, line 38
def get_plug_in(name, config)
  klass = PLUG_IN[name] or raise KeyError, "not found a password source plug-in: #{name}"
  klass.build_from_conf(config)
end
hmac_md5_hexdigest(key, data) click to toggle source
# File lib/rims/auth.rb, line 29
def hmac_md5_hexdigest(key, data)
  OpenSSL::HMAC.hexdigest('md5', key, data)
end
make_random_string_source() click to toggle source
# File lib/rims/auth.rb, line 19
def make_random_string_source
  proc{ SecureRandom.uuid }
end
make_time_source() click to toggle source
# File lib/rims/auth.rb, line 15
def make_time_source
  proc{ Time.now }
end
new(hostname: 'rims', time_source: Authentication.make_time_source, random_string_source: Authentication.make_random_string_source) click to toggle source
# File lib/rims/auth.rb, line 48
def initialize(hostname: 'rims',
               time_source: Authentication.make_time_source,
               random_string_source: Authentication.make_random_string_source)
  @hostname = hostname
  @time_source = time_source
  @random_string_source = random_string_source
  @capability = %w[ PLAIN CRAM-MD5 ]
  @passwd_src_list = []
end
plug_in_names() click to toggle source
# File lib/rims/auth.rb, line 43
def plug_in_names
  PLUG_IN.keys
end
unique_user_id(username) click to toggle source
# File lib/rims/auth.rb, line 11
def unique_user_id(username)
  Digest::SHA256.hexdigest(username).freeze
end

Public Instance Methods

add_plug_in(passwd_src) click to toggle source
# File lib/rims/auth.rb, line 61
def add_plug_in(passwd_src)
  unless (passwd_src.raw_password?) then
    @capability.delete('CRAM-MD5')
  end
  @passwd_src_list << passwd_src
  self
end
authenticate_cram_md5(server_challenge_data, client_response_data) click to toggle source
# File lib/rims/auth.rb, line 109
def authenticate_cram_md5(server_challenge_data, client_response_data)
  username, client_hmac_result_data = client_response_data.split(' ', 2)
  for passwd_src in @passwd_src_list
    if (passwd_src.raw_password?) then
      if (key = passwd_src.fetch_password(username)) then
        server_hmac_result_data = Authentication.hmac_md5_hexdigest(key, server_challenge_data)
        if (client_hmac_result_data == server_hmac_result_data) then
          return username
        end
      end
    end
  end

  nil
end
authenticate_login(username, password) click to toggle source
# File lib/rims/auth.rb, line 88
def authenticate_login(username, password)
  for passwd_src in @passwd_src_list
    if (passwd_src.compare_password(username, password)) then
      return username
    end
  end

  nil
end
authenticate_plain(client_response_data) click to toggle source
# File lib/rims/auth.rb, line 98
def authenticate_plain(client_response_data)
  authz_id, authc_id, password = client_response_data.split("\0", 3)
  if (authz_id.empty? || (authz_id == authc_id)) then
    authenticate_login(authc_id, password)
  end
end
cram_md5_server_challenge_data() click to toggle source
# File lib/rims/auth.rb, line 105
def cram_md5_server_challenge_data
  self.class.cram_md5_server_challenge_data(@hostname, @time_source, @random_string_source)
end
start_plug_in(logger) click to toggle source
# File lib/rims/auth.rb, line 69
def start_plug_in(logger)
  for passwd_src in @passwd_src_list
    logger.info("start password source plug-in: #{passwd_src.class}")
    passwd_src.logger = logger
    passwd_src.start
  end
end
stop_plug_in(logger) click to toggle source
# File lib/rims/auth.rb, line 77
def stop_plug_in(logger)
  for passwd_src in @passwd_src_list.reverse
    logger.info("stop password source plug-in: #{passwd_src.class}")
    passwd_src.stop
  end
end
user?(username) click to toggle source
# File lib/rims/auth.rb, line 84
def user?(username)
  @passwd_src_list.any?{|passwd_src| passwd_src.user? username }
end