class RIMS::Authentication
Attributes
capability[R]
hostname[R]
Public Class Methods
add_plug_in(name, klass)
click to toggle source
# File lib/rims/auth.rb, line 33 def add_plug_in(name, klass) PLUG_IN[name] = klass self end
cram_md5_server_challenge_data(hostname, time_source, random_string_source)
click to toggle source
# File lib/rims/auth.rb, line 23 def cram_md5_server_challenge_data(hostname, time_source, random_string_source) s = random_string_source.call t = time_source.call "#{s}.#{t.to_i}@#{hostname}" end
get_plug_in(name, config)
click to toggle source
# File lib/rims/auth.rb, line 38 def get_plug_in(name, config) klass = PLUG_IN[name] or raise KeyError, "not found a password source plug-in: #{name}" klass.build_from_conf(config) end
hmac_md5_hexdigest(key, data)
click to toggle source
# File lib/rims/auth.rb, line 29 def hmac_md5_hexdigest(key, data) OpenSSL::HMAC.hexdigest('md5', key, data) end
make_random_string_source()
click to toggle source
# File lib/rims/auth.rb, line 19 def make_random_string_source proc{ SecureRandom.uuid } end
make_time_source()
click to toggle source
# File lib/rims/auth.rb, line 15 def make_time_source proc{ Time.now } end
new(hostname: 'rims', time_source: Authentication.make_time_source, random_string_source: Authentication.make_random_string_source)
click to toggle source
# File lib/rims/auth.rb, line 48 def initialize(hostname: 'rims', time_source: Authentication.make_time_source, random_string_source: Authentication.make_random_string_source) @hostname = hostname @time_source = time_source @random_string_source = random_string_source @capability = %w[ PLAIN CRAM-MD5 ] @passwd_src_list = [] end
plug_in_names()
click to toggle source
# File lib/rims/auth.rb, line 43 def plug_in_names PLUG_IN.keys end
unique_user_id(username)
click to toggle source
# File lib/rims/auth.rb, line 11 def unique_user_id(username) Digest::SHA256.hexdigest(username).freeze end
Public Instance Methods
add_plug_in(passwd_src)
click to toggle source
# File lib/rims/auth.rb, line 61 def add_plug_in(passwd_src) unless (passwd_src.raw_password?) then @capability.delete('CRAM-MD5') end @passwd_src_list << passwd_src self end
authenticate_cram_md5(server_challenge_data, client_response_data)
click to toggle source
# File lib/rims/auth.rb, line 109 def authenticate_cram_md5(server_challenge_data, client_response_data) username, client_hmac_result_data = client_response_data.split(' ', 2) for passwd_src in @passwd_src_list if (passwd_src.raw_password?) then if (key = passwd_src.fetch_password(username)) then server_hmac_result_data = Authentication.hmac_md5_hexdigest(key, server_challenge_data) if (client_hmac_result_data == server_hmac_result_data) then return username end end end end nil end
authenticate_login(username, password)
click to toggle source
# File lib/rims/auth.rb, line 88 def authenticate_login(username, password) for passwd_src in @passwd_src_list if (passwd_src.compare_password(username, password)) then return username end end nil end
authenticate_plain(client_response_data)
click to toggle source
# File lib/rims/auth.rb, line 98 def authenticate_plain(client_response_data) authz_id, authc_id, password = client_response_data.split("\0", 3) if (authz_id.empty? || (authz_id == authc_id)) then authenticate_login(authc_id, password) end end
cram_md5_server_challenge_data()
click to toggle source
# File lib/rims/auth.rb, line 105 def cram_md5_server_challenge_data self.class.cram_md5_server_challenge_data(@hostname, @time_source, @random_string_source) end
start_plug_in(logger)
click to toggle source
# File lib/rims/auth.rb, line 69 def start_plug_in(logger) for passwd_src in @passwd_src_list logger.info("start password source plug-in: #{passwd_src.class}") passwd_src.logger = logger passwd_src.start end end
stop_plug_in(logger)
click to toggle source
# File lib/rims/auth.rb, line 77 def stop_plug_in(logger) for passwd_src in @passwd_src_list.reverse logger.info("stop password source plug-in: #{passwd_src.class}") passwd_src.stop end end
user?(username)
click to toggle source
# File lib/rims/auth.rb, line 84 def user?(username) @passwd_src_list.any?{|passwd_src| passwd_src.user? username } end