Changesets can be listed by changeset number.
The Git repository is here.
Changeset 192
Loads random data block fewer times - for FCGI-like execution
models, possibly only once per application instance. Better
handling of local DRb server proxies. Clarified a few comments.
- Comitted by: rool
- Date: Wednesday April 04 18:36:45 2007 (over 17 years ago)
Affected files:
- rool/rails/gems/hubssolib/trunk/VERSION (diff)
- rool/rails/gems/hubssolib/trunk/hubssolib.gemspec (diff)
- rool/rails/gems/hubssolib/trunk/lib/hub_sso_lib.rb (diff)
rool/rails/gems/hubssolib/trunk/VERSION:
prev. | current | |
1 | ||
1 | 0.2.5 (04-Apr-2007) |
rool/rails/gems/hubssolib/trunk/hubssolib.gemspec:
prev. | current | |
s.platform = Gem::Platform::RUBY | ||
s.name = 'hubssolib' | ||
7 | | |
7 | s.version = '0.2.5' | |
s.author = 'Andrew Hodgkinson and others' | ||
s.email = 'ahodgkin@rowing.org.uk' | ||
s.homepage = 'http://pond.org.uk/ruby/hub/' |
rool/rails/gems/hubssolib/trunk/lib/hub_sso_lib.rb:
prev. | current | |
HUBSSOLIB_COOKIE_NAME = 'hubapp_shared_id' | ||
HUBSSOLIB_COOKIE_PATH = ENV['HUB_COOKIE_PATH'] | ||
37 | # Cache the random data. Assuming FCGI or similar, this code gets | |
38 | # executed only once per FCGI instance initialisation rather than | |
39 | # once per request. | |
40 | ||
41 | attr_reader :HUBSSOLIB_RANDOM_DATA, :HUBSSOLIB_RANDOM_DATA_SIZE | |
42 | ||
43 | HUBSSOLIB_RANDOM_DATA_SIZE = File.size(HUBSSOLIB_RND_FILE_PATH) | |
44 | HUBSSOLIB_RANDOM_DATA_SIZE = 16384 if (HUBSSOLIB_RANDOM_DATA_SIZE > 16384) | |
45 | ||
46 | if HUBSSOLIB_RANDOM_DATA_SIZE < 1024 | |
47 | raise "HubSsoLib needs at least 1024 bytes of random data - file '#{rnd_file}' is too small" | |
48 | else | |
49 | HUBSSOLIB_RANDOM_DATA = File.read(HUBSSOLIB_RND_FILE_PATH) | |
50 | end | |
51 | ||
####################################################################### | ||
# Class: Crypto # | ||
# By Hipposoft, 2006 # | ||
... | ... | |
# 'Crypto' from 'HubSsoCrypto'. # | ||
####################################################################### | ||
50 | | |
51 | | |
65 | # Encryption and decryption utility object. Once instantiated, a | |
# HubSsoLib::Crypto object is used to encrypt and decrypt data with the | ||
# AES-256-CBC cipher. A single passphrase is used for both operations. | ||
# A SHA-256 hash of that passphrase is used as the encryption key. | ||
# | ||
# CBC operation requires an initialization vector for the first block of | ||
57 | | |
71 | # data during encryption and decryption. A block of random data is used | |
# for this in conjunction with the passphrase used to generate the key. By | ||
# so doing, the initialization vector is not revealed to third parties, | ||
# even though the source code of the object is available. The weakness is | ||
... | ... | |
# callers themselves to only have to remember the passphrase. See private | ||
# method obtain_iv() for more details. | ||
# | ||
80 | # The block of random data is obtained from the DRb server. It is usually | |
81 | # a RAM-cached near-random file. The important behaviour is that the | |
82 | # contents are not know to the outside world and the contents, while they | |
83 | # may change at any point, don't change during the duration of a user | |
84 | # log-in session (at least, if it changes, all current sessions will be | |
85 | # harmlessly invalidated). | |
86 | # | |
class Crypto | ||
require 'openssl' | ||
require 'digest/sha2' | ||
require 'digest/md5' | ||
72 | | |
73 | | |
74 | | |
75 | | |
76 | | |
77 | | |
78 | | |
79 | | |
80 | | |
93 | # # Initialize the HubSsoLib::Crypto object. | |
94 | # # | |
95 | # def initialize() | |
96 | # DRb.start_service() | |
97 | # | |
98 | # factory = DRbObject.new_with_uri(HUBSSOLIB_DRB_URI) | |
99 | # @rnd_data = factory.random_data() | |
100 | # @rnd_size = factory.random_data_size() | |
101 | # | |
102 | # DRb.stop_service() | |
103 | # end | |
82 | | |
83 | | |
84 | ||
85 | | |
86 | | |
87 | | |
88 | | |
89 | | |
90 | | |
91 | | |
92 | | |
93 | ||
# Generate a series of pseudo-random bytes of the given length. | ||
# | ||
def self.random_data(size) | ||
... | ... | |
# be raised (failure is not expected). | ||
# | ||
def self.encode_object(object, passphrase) | ||
202 | | |
213 | crypto = HubSsoLib::Crypto.new | |
passphrase = crypto.scramble_passphrase(passphrase) | ||
return crypto.encode(Marshal.dump(object), passphrase) | ||
... | ... | |
# this method returns 'nil' should there be any decode problems. | ||
# | ||
def self.decode_object(data, passphrase) | ||
219 | | |
230 | crypto = HubSsoLib::Crypto.new | |
passphrase = crypto.scramble_passphrase(passphrase) | ||
object = nil | ||
... | ... | |
# 33, thus providing an offset into the file from which we can safely | ||
# read 32 bytes of data. | ||
257 | | |
268 | offset = Digest::MD5.hexdigest(passphrase).hex % (HubSsoLib::HUBSSOLIB_RANDOM_DATA_SIZE - 32) | |
# Return 32 bytes of data from the random pool at the calculated offset. | ||
261 | | |
272 | return HubSsoLib::HUBSSOLIB_RANDOM_DATA[offset..offset + 31] | |
end | ||
private | ||
... | ... | |
} | ||
end | ||
1122 | # Establish a single DRb factory connection. | |
1123 | # | |
1124 | def hubssolib_factory | |
1125 | if !defined? @factory | |
1126 | DRb.start_service() | |
1127 | @factory = DRbObject.new_with_uri(HUBSSOLIB_DRB_URI) | |
1128 | end | |
1129 | ||
1130 | return @factory | |
1131 | end | |
1132 | ||
# Retrieve user data from the DRb server. | ||
# | ||
def hubssolib_get_user_data | ||
... | ... | |
hubssolib_set_secure_cookie_data(HUBSSOLIB_COOKIE_NAME, key) | ||
end | ||
1140 | | |
1162 | return hubssolib_factory().get_session(key) | |
1142 | | |
1143 | | |
1144 | ||
rescue Exception => e | ||
# At this point there tends to be no Session data, so we're | ||
... | ... | |
# be allowed access. | ||
# | ||
def hubssolib_enumerate_users | ||
1169 | | |
1170 | ||
1171 | | |
1172 | | |
1188 | sessions = hubssolib_factory().enumerate_sessions() | |
users = [] | ||
sessions.each do |key, value| |