Here is the repo made public with the first beta release for testing: https://github.com/Terradue/DotNet4One
Cheers, Emmanuel Mathot www.terradue.com On 30 Jul 2014, at 12:48, Daniel Molina <[email protected]> wrote: > Sound good, thank you for the info Emmanuel. Looking forward to seeing the > code > > > On 30 July 2014 12:44, Emmanuel Mathot <[email protected]> wrote: > We are developing an API library for .Net framework. Soon available in > OpenSource on Github. > > Cheers, > > Emmanuel Mathot > www.terradue.com > > > <PastedGraphic-1.tiff> > > On 30 Jul 2014, at 12:37, Daniel Molina <[email protected]> wrote: > >> Great!!. May I ask what kind of tool/integration are you building on top >> OpenNebula? >> >> Cheers >> >> >> On 30 July 2014 09:49, Cesare Rossi <[email protected]> wrote: >> Dear Daniel, >> >> thank you for your support. We found that the problem was the encryption >> made on the client side. Now it works perfectly. >> >> Thank you again >> >> Cheers >> >> >> Cesare Rossi >> Terradue >> Rome, Italy | Oxford, UK >> http://www.terradue.com >> >> >> >> On 29 Jul 2014, at 12:23, Daniel Molina <[email protected]> wrote: >> >>> Could you check the password you are using to encrypt (password+sha1) is >>> the same that oned uses to decrypt (oneuser show) >>> >>> [oneadmin@node1 ~]$ oneuser show serveradmin | grep PASS >>> PASSWORD : 3412... >>> [oneadmin@node1 ~]$ cat .one/sunstone_auth >>> serveradmin:7f9f... >>> [oneadmin@node1 ~]$ echo -n "7f9f..." | sha1sum >>> 3412... - >>> >>> Also the problem could be that the token is (base64) encoded after being >>> encrypted: >>> https://github.com/OpenNebula/one/blob/master/src/authm_mad/remotes/server_cipher/server_cipher_auth.rb#L90 >>> >>> and before being decrypted it's decoded: >>> https://github.com/OpenNebula/one/blob/master/src/authm_mad/remotes/server_cipher/server_cipher_auth.rb#L142 >>> >>> Cheers >>> >>> >>> On 29 July 2014 12:01, Emmanuel Mathot <[email protected]> wrote: >>> Here is the log output: >>> >>> Mon Jul 28 16:37:48 2014 [AuM][D]: Message received: LOG I 5 Command >>> execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate >>> serveradmin [secret] **** >>> >>> Mon Jul 28 16:37:48 2014 [AuM][I]: Command execution fail: >>> /var/lib/one/remotes/auth/server_cipher/authenticate serveradmin [secret] >>> **** >>> Mon Jul 28 16:37:48 2014 [AuM][D]: Message received: LOG D 5 authenticate: >>> Authenticating serveradmin, with password [secret] >>> (4zj727qqns0xXEHWPBq4tJ2nRSyqom1KtWx5QBueF54I33c1y0fIuymmkn84TMP9) >>> >>> Mon Jul 28 16:37:48 2014 [AuM][I]: authenticate: Authenticating >>> serveradmin, with password [secret] >>> (4zj727qqns0xXEHWPBq4tJ2nRSyqom1KtWx5QBueF54I33c1y0fIuymmkn84TMP9) >>> Mon Jul 28 16:37:48 2014 [AuM][D]: Message received: LOG E 5 bad decrypt >>> >>> Mon Jul 28 16:37:48 2014 [AuM][I]: bad decrypt >>> Mon Jul 28 16:37:48 2014 [AuM][D]: Message received: LOG I 5 ExitCode: 255 >>> >>> >>> Emmanuel Mathot >>> www.terradue.com >>> >>> >>> <PastedGraphic-1.tiff> >>> >>> On 29 Jul 2014, at 11:06, Daniel Molina <[email protected]> wrote: >>> >>>> Hi Enguerran, >>>> >>>> What error message are you getting in oned.log after trying to connect? >>>> >>>> Cheers >>>> >>>> >>>> On 28 July 2014 17:16, Enguerran Boissier >>>> <[email protected]> wrote: >>>> Hello Daniel, >>>> Thanks for your answer, unfortunately we still don't manage to connect >>>> with a server_* user on the behalf of another normal user. >>>> This is basically what we do, let us know if we do something wrong: >>>> >>>> { >>>> string expires = DateTime.Now.Subtract(new DateTime(1970,1,1,0,0,0, >>>> DateTimeKind.Utc)).TotalSeconds + 3600 + ""; >>>> string token_encrypted = Encrypt(this.AdminUsername + ":" + >>>> this.TargetUsername + ":" + expires, this.AdminPassword); >>>> //this.AdminUsername = server_* user name >>>> //this.TargetUsername = normal user name (target user) >>>> //this.AdminPassword = server_* user password (SHA1 encrypted) >>>> //Encrypt do the equivalent of the AES 256 CBC openssl encryption (cf >>>> https://gist.github.com/scottlowe/1411917, we just removed the salt part) >>>> session_SHA = this.AdminUsername + ":" + this.TargetUsername + ":" + >>>> token_encrypted; >>>> //session_SHA is the token used to authenticate on a request >>>> } >>>> >>>> Thanks >>>> Best regards >>>> >>>> >>>> >>>> >>>> Enguerran Boissier >>>> www.terradue.com >>>> >>>> <t2uk.png> >>>> >>>> On 28 Jul 2014, at 10:45, Daniel Molina <[email protected]> wrote: >>>> >>>>> Hi Cesare, >>>>> >>>>> The server_* authentication is a special method where a user can >>>>> authenticate on behalf of other user. This method was included in >>>>> OpenNebula for scenarios such as an Apache server configured to use x509 >>>>> certificates, Apache has already authenticated the user and we just >>>>> encrypt a token with the serveradmin credentials and OpenNebula will >>>>> decrypt the token and will perform all the actions as the target_username. >>>>> >>>>> Users using the server_* auth method are special users and should not >>>>> have any resource. >>>>> >>>>> You can see an example on how Sunstone uses this method: >>>>> A user logs in: >>>>> https://github.com/OpenNebula/one/blob/master/src/sunstone/sunstone-server.rb#L169 >>>>> do_auth is called to authenticate the user: >>>>> https://github.com/OpenNebula/one/blob/master/src/cloud/common/CloudAuth/SunstoneCloudAuth.rb#L18 >>>>> a token is generated using the server_* method >>>>> https://github.com/OpenNebula/one/blob/master/src/authm_mad/remotes/server_cipher/server_cipher_auth.rb#L85 >>>>> this info is sent to one and then checked by the auth driver: >>>>> https://github.com/OpenNebula/one/blob/master/src/authm_mad/remotes/server_cipher/server_cipher_auth.rb#L110 >>>>> >>>>> Hope this helps >>>>> >>>>> http://docs.opennebula.org/4.6/administration/sunstone_gui/cloud_auth.html >>>>> >>>>> >>>>> >>>>> >>>>> On 25 July 2014 12:39, Cesare Rossi <[email protected]> wrote: >>>>> Dear All, >>>>> >>>>> we are interacting with the XML-RPC API. We are trying to perform the >>>>> special authentication method available with the users' drivers >>>>> server_cipher or server_x509 (i.e. using >>>>> username:target_username:secret), but it seems not working. >>>>> >>>>> The question is: is it possible to use with that API such kind of users ? >>>>> If yes, how ? >>>>> >>>>> Thanks in advance, >>>>> >>>>> Cheers >>>>> >>>>> Cesare Rossi >>>>> Terradue >>>>> Rome, Italy | Oxford, UK >>>>> http://www.terradue.com >>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://lists.opennebula.org/listinfo.cgi/dev-opennebula.org >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> -- >>>>> Daniel Molina >>>>> Project Engineer >>>>> OpenNebula - Flexible Enterprise Cloud Made Simple >>>>> www.OpenNebula.org | [email protected] | @OpenNebula >>>> >>>> >>>> >>>> >>>> -- >>>> -- >>>> Daniel Molina >>>> Project Engineer >>>> OpenNebula - Flexible Enterprise Cloud Made Simple >>>> www.OpenNebula.org | [email protected] | @OpenNebula >>> >>> >>> >>> >>> -- >>> -- >>> Daniel Molina >>> Project Engineer >>> OpenNebula - Flexible Enterprise Cloud Made Simple >>> www.OpenNebula.org | [email protected] | @OpenNebula >> >> >> >> >> -- >> -- >> Daniel Molina >> Project Engineer >> OpenNebula - Flexible Enterprise Cloud Made Simple >> www.OpenNebula.org | [email protected] | @OpenNebula > > > > > -- > -- > Daniel Molina > Project Engineer > OpenNebula - Flexible Enterprise Cloud Made Simple > www.OpenNebula.org | [email protected] | @OpenNebula
_______________________________________________ Dev mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/dev-opennebula.org
