dse-driver 1.0.1

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    M2YwYzhhNTk0YzgxZTFkMzg2NGQyZWI0MDkyYmIxZTg4OWQ3OGZhZA==
+  data.tar.gz: !binary |-
+    YTQ2NWY1NDJjMTRiY2U5OGVhNWVjNTYxYTc3YjAxOTM3NmEyMDA3ZQ==
+SHA512:
+  metadata.gz: !binary |-
+    NGEyZTY1NmMxMThiZTY0YjJlZmQxMzE2MmUxY2ZkODUwNGUyOWVmZjZkNTIw
+    NjQ3OWI3NDJiMjJhMTM3ODkxOGEzMGZhNmRjYjdhMzI5YjMzNWY0ZjZiZTFj
+    ZjcyNzlkMTU0YjIyNDRmODQ2Yjk3ODU3ODc3Yzk1NDdkY2ZmNzk=
+  data.tar.gz: !binary |-
+    OGU0MTJkOTNmMzQ0YzgzNGNlNWMwMjQ1MDllNzhkNTcxYWQ5NTFhZTc4NTc2
+    NTc4NTljNDczNzQyOThlNDk5NTc3NjcwNzAwYmI0MjUyMjc1YTkyNjFmM2M5
+    YTVmZTZjZGMzMGU5ZTY2NzcwNzVmY2JhYWQ0ZGRhZTQ0YzRmODM=

data/.yardopts

@@ -0,0 +1,13 @@
+--no-private
+--markup markdown
+--type-tag expected_errors:"Expected Errors"
+--tag jira_ticket:"JIRA Ticket"
+--type-tag expected_result:"Expected Result"
+--tag test_assumptions:"Test Assumptions"
+--tag test_category:"Test Category"
+
+lib/**/*.rb
+integration/**/*.rb
+-- README
+
+load_plugins: true

data/README.md

@@ -0,0 +1,72 @@
+# DataStax Enterprise Ruby Driver
+
+*NOTE: The DataStax Enterprise Ruby Driver can be used solely with DataStax Enterprise. Please consult [the license](http://www.datastax.com/terms/datastax-dse-driver-license-terms).*
+
+This driver is built on top of the [DataStax Ruby driver for Apache Cassandra](http://docs.datastax.com/en/latest-ruby-driver/ruby-driver/whatsNew.html)
+and enhanced for the adaptive data management and mixed workload capabilities
+provided by DSE. Therefore a lot of the underlying concepts are the same.
+
+## Documentation
+Driver documentation can be found [here](http://docs.datastax.com/en/latest-dse-ruby-driver/ruby-driver/whatsNew.html).
+
+In particular, you'll find our [Features](http://docs.datastax.com/en/latest-dse-ruby-driver/supplemental/features) and
+[API](http://docs.datastax.com/en/latest-dse-ruby-driver/supplemental/api) sections very enlightening.
+
+## Feedback Requested
+*Help us focus our efforts!* [Provide your input](http://goo.gl/forms/pCs8PTpHLf) on the Ruby Driver
+Platform and Runtime Survey (we kept it short).
+
+If you find an issue, please file an issue in our [public JIRA](https://datastax-oss.atlassian.net/browse/RUBY).
+*Please be sure to specify the affects-version (DSE-1.X.Y).*
+
+You can also post questions in [our forum](https://groups.google.com/a/lists.datastax.com/forum/#!forum/ruby-driver-user).
+
+## Features
+
+This driver exposes the following features of DSE 5.0:
+
+* <a href="features/graph#graph">Graph</a>
+* <a href="features/authentication#authentication">Authentication</a> with nodes running DSE
+* <a href="features/geospatial#geospatial-types">Geospatial types</a>
+
+Note that this driver is fully compatible with previous versions of DataStax Enterprise.
+
+## Installation
+The driver is named dse-driver on rubygems.org and can easily be installed with Bundler or the gem program. It will
+download the appropriate Cassandra driver as well.
+
+## Upgrade
+The driver is intended to have the same look and feel as the core driver to make upgrading from the core driver
+trivial. The only change is to replace references to the <code>Cassandra</code> module with <code>Dse</code> when
+creating the cluster object:
+
+```ruby
+require 'dse'
+
+# This returns a Dse::Cluster instance
+cluster = Dse.cluster
+
+# This returns a Dse::Session instance
+session = cluster.connect
+rs = session.execute('select * from system.local')
+```
+
+## Determining driver versions
+Within a script or irb, you can determine the exact versions of the dse and core drivers by accessing the VERSION
+constant of the appropriate module:
+
+```ruby
+require 'dse'
+
+puts "Dse Driver Version: #{Dse::VERSION}"
+puts "Cassandra Driver Version: #{Cassandra::VERSION}"
+```
+
+## Compatibility
+Although this driver exposes new features introduced in DSE 5.0, it is fully compatible and supported for use with
+previous versions of DSE. 
+
+## License
+Copyright (C) 2016 DataStax Inc.
+
+The full license terms are available at http://www.datastax.com/terms/datastax-dse-driver-license-terms

data/ext/gss_api_context/extconf.rb

@@ -0,0 +1,27 @@
+#--
+#      Copyright (C) 2016 DataStax Inc.
+#
+#      This software can be used solely with DataStax Enterprise. Please consult the license at
+#      http://www.datastax.com/terms/datastax-dse-driver-license-terms
+#++
+
+require 'mkmf'
+
+LIBDIR      = RbConfig::CONFIG['libdir']
+INCLUDEDIR  = RbConfig::CONFIG['includedir']
+
+HEADER_DIRS = [INCLUDEDIR, '/usr/include'].freeze
+
+LIB_DIRS = [LIBDIR, '/usr/lib'].freeze
+
+dir_config('gssapi', HEADER_DIRS, LIB_DIRS)
+
+abort 'no gssapi header' unless find_header('gssapi/gssapi.h')
+
+abort 'gssapi library not found' unless find_library('gssapi_krb5', 'gss_release_buffer')
+
+# On Mac at least, there are a lot of deprecated api warnings for gss_* functions. Disable that!
+# rubocop:disable Style/GlobalVars
+$CFLAGS << ' -Wno-deprecated'
+
+create_makefile('gss_api_context')

data/ext/gss_api_context/gss_api_context.c

@@ -0,0 +1,129 @@
+//--
+//      Copyright (C) 2016 DataStax Inc.
+//
+//      This software can be used solely with DataStax Enterprise. Please consult the license at
+//      http://www.datastax.com/terms/datastax-dse-driver-license-terms
+//++
+
+#include <ruby.h>
+
+#include "kerberosgss.h"
+
+//-----------------------------------------------------------------------------
+// Platform-specific functions and macros
+
+#ifdef _MSC_VER
+typedef unsigned __int64 uint64_t;
+typedef __int64 int64_t;
+
+#else
+#include <stdint.h>
+#endif
+
+VALUE e_GssError;
+static void rb_free_context(gss_client_state* state);
+
+static gss_client_state* get_state(VALUE self) {
+  gss_client_state* p;
+  Data_Get_Struct(self, gss_client_state, p);
+  return p;
+}
+
+static VALUE
+rb_context_alloc(VALUE klass)
+{
+    gss_client_state* state = ALLOC(gss_client_state);
+    state->response = NULL;
+    return Data_Wrap_Struct(klass, 0, rb_free_context, state);
+}
+
+static VALUE
+rb_context_initialize(VALUE self, VALUE _service, VALUE _principal, VALUE _ticket_cache)
+{
+    const char* service = StringValuePtr(_service);
+    const char* principal = _principal == Qnil ? NULL : StringValuePtr(_principal);
+    const char* ticket_cache = _ticket_cache == Qnil ? NULL : StringValuePtr(_ticket_cache);
+
+    long int gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
+    gss_client_state* state = get_state(self);
+
+    authenticate_gss_client_init(service, principal, ticket_cache, gss_flags, NULL, GSS_C_NO_OID, state);
+
+    return self;
+}
+
+static void
+rb_free_context(gss_client_state* state)
+{
+    if (state) {
+        authenticate_gss_client_clean(state);
+        xfree(state);
+    }
+}
+
+static VALUE
+rb_context_response(VALUE self)
+{
+    gss_client_state* state = get_state(self);
+    return state->response ? rb_str_new(state->response, state->responseLen) : Qnil;
+}
+
+static VALUE
+rb_context_step(VALUE self, VALUE rb_challenge)
+{
+    const char* challenge = StringValuePtr(rb_challenge);
+    int challenge_len = RSTRING_LEN(rb_challenge);
+
+    gss_client_state* state = get_state(self);
+    VALUE rc = INT2NUM(authenticate_gss_client_step(state, challenge, challenge_len));
+    return rb_ary_new3(2, rc, rb_context_response(self));
+}
+
+static VALUE
+rb_context_wrap(VALUE self, VALUE rb_challenge)
+{
+    const char* challenge = StringValuePtr(rb_challenge);
+    int challenge_len = RSTRING_LEN(rb_challenge);
+
+    gss_client_state* state = get_state(self);
+    authenticate_gss_client_wrap(state, challenge, challenge_len);
+    return rb_context_response(self);
+}
+
+static VALUE
+rb_context_unwrap(VALUE self, VALUE rb_challenge)
+{
+    const char* challenge = StringValuePtr(rb_challenge);
+    int challenge_len = RSTRING_LEN(rb_challenge);
+
+    gss_client_state* state = get_state(self);
+    authenticate_gss_client_unwrap(state, challenge, challenge_len);
+    return rb_context_response(self);
+}
+
+static VALUE
+rb_context_user_name(VALUE self)
+{
+    gss_client_state* state = get_state(self);
+    return state->username ? rb_str_new2(state->username) : Qnil;
+}
+
+void
+Init_gss_api_context()
+{
+  VALUE currentContainer;
+
+  currentContainer = rb_define_module_under(rb_cObject, "Dse");
+  currentContainer = rb_define_module_under(currentContainer, "Auth");
+  currentContainer = rb_define_module_under(currentContainer, "Providers");
+  currentContainer = rb_define_class_under(currentContainer, "GssApiContext", rb_cObject);
+  rb_define_alloc_func(currentContainer, rb_context_alloc);
+  rb_define_method(currentContainer, "initialize", rb_context_initialize, 3);
+  rb_define_method(currentContainer, "step", rb_context_step, 1);
+  rb_define_method(currentContainer, "response", rb_context_response, 0);
+  rb_define_method(currentContainer, "wrap", rb_context_wrap, 1);
+  rb_define_method(currentContainer, "unwrap", rb_context_unwrap, 1);
+  rb_define_method(currentContainer, "user_name", rb_context_user_name, 0);
+
+  e_GssError = rb_define_class_under(currentContainer, "Error", rb_eStandardError);
+}

data/ext/gss_api_context/kerberosgss.c

@@ -0,0 +1,407 @@
+/**
+ * Copyright (c) 2006-2016 Apple Inc. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+#include "kerberosgss.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <arpa/inet.h>
+
+#include <ruby.h>
+
+/* This is allocated in gss_api_context.c. */
+extern VALUE e_GssError;
+
+static void raise_gss_error(OM_uint32 err_maj, OM_uint32 err_min)
+{
+    OM_uint32 maj_stat, min_stat;
+    OM_uint32 msg_ctx = 0;
+    gss_buffer_desc status_string;
+    char buf_maj[512];
+    char buf_min[512];
+
+    do {
+        maj_stat = gss_display_status(
+            &min_stat,
+            err_maj,
+            GSS_C_GSS_CODE,
+            GSS_C_NO_OID,
+            &msg_ctx,
+            &status_string
+        );
+        if (GSS_ERROR(maj_stat)) {
+            break;
+        }
+        strncpy(buf_maj, (char*) status_string.value, sizeof(buf_maj));
+        gss_release_buffer(&min_stat, &status_string);
+
+        if (!err_min) {
+            // There is no minor error to report.
+            break;
+        }
+
+        maj_stat = gss_display_status(
+            &min_stat,
+            err_min,
+            GSS_C_MECH_CODE,
+            GSS_C_NULL_OID,
+            &msg_ctx,
+            &status_string
+        );
+        if (! GSS_ERROR(maj_stat)) {
+            strncpy(buf_min, (char*) status_string.value, sizeof(buf_min));
+            gss_release_buffer(&min_stat, &status_string);
+        }
+    } while (!GSS_ERROR(maj_stat) && msg_ctx != 0);
+
+    if (err_min) {
+        rb_raise(e_GssError, "%s: %s", buf_maj, buf_min);
+    } else {
+        rb_raise(e_GssError, "%s", buf_maj);
+    }
+}
+
+void clear_response(gss_client_state* state)
+{
+    if (state->response != NULL) {
+        free(state->response);
+        state->response = NULL;
+        state->responseLen = 0;
+        state->responseConf = 0;
+    }
+}
+
+static void save_response(gss_client_state* state, gss_buffer_desc* output_token, int conf)
+{
+    OM_uint32 min_stat, maj_stat;
+
+    if (output_token->length) {
+        state->response = malloc(output_token->length);
+        memcpy(state->response, output_token->value, output_token->length);
+        state->responseLen = output_token->length;
+		state->responseConf = conf;
+
+        maj_stat = gss_release_buffer(&min_stat, output_token);
+    }
+}
+
+static void copy_challenge_to_token(const char* challenge, int challenge_len, gss_buffer_desc* token)
+{
+    if (challenge && *challenge) {
+        // It would be great to just send the challenge along straight, but
+        // token->value is a non-const void*, so gss_* functions might
+        // mutate it.
+
+        token->value = malloc(challenge_len);
+        memcpy(token->value, challenge, challenge_len);
+        token->length = challenge_len;
+    }
+}
+
+void authenticate_gss_client_init(
+    const char* service, const char* principal, const char* ticket_cache, long int gss_flags,
+    gss_server_state* delegatestate, gss_OID mech_oid, gss_client_state* state
+)
+{
+    OM_uint32 maj_stat;
+    OM_uint32 min_stat;
+    gss_buffer_desc name_token = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc principal_token = GSS_C_EMPTY_BUFFER;
+
+    state->server_name = GSS_C_NO_NAME;
+    state->mech_oid = mech_oid;
+    state->context = GSS_C_NO_CONTEXT;
+    state->gss_flags = gss_flags;
+    state->client_creds = GSS_C_NO_CREDENTIAL;
+    state->username = NULL;
+    clear_response(state);
+
+    // Import server name first
+    name_token.length = strlen(service);
+    name_token.value = (char *)service;
+
+    maj_stat = gss_import_name(
+        &min_stat, &name_token, gss_krb5_nt_service_name, &state->server_name
+    );
+
+    if (GSS_ERROR(maj_stat)) {
+        raise_gss_error(maj_stat, min_stat);
+    }
+
+    if (ticket_cache && *ticket_cache) {
+        maj_stat = gss_krb5_ccache_name(&min_stat, ticket_cache, NULL);
+        if (GSS_ERROR(maj_stat)) {
+            raise_gss_error(maj_stat, min_stat);
+        }
+    }
+
+    // Use the delegate credentials if they exist
+    if (delegatestate && delegatestate->client_creds != GSS_C_NO_CREDENTIAL) {
+        state->client_creds = delegatestate->client_creds;
+    }
+    // If available use the principal to extract its associated credentials
+    else if (principal && *principal) {
+        gss_name_t name;
+        principal_token.length = strlen(principal);
+        principal_token.value = (char *)principal;
+
+        maj_stat = gss_import_name(
+            &min_stat, &principal_token, GSS_C_NT_USER_NAME, &name
+        );
+        if (GSS_ERROR(maj_stat)) {
+            raise_gss_error(maj_stat, min_stat);
+        }
+        maj_stat = gss_acquire_cred(
+            &min_stat, name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
+            GSS_C_INITIATE, &state->client_creds, NULL, NULL
+        );
+        if (GSS_ERROR(maj_stat)) {
+            raise_gss_error(maj_stat, min_stat);
+        }
+
+        maj_stat = gss_release_name(&min_stat, &name);
+        if (GSS_ERROR(maj_stat)) {
+            raise_gss_error(maj_stat, min_stat);
+        }
+    }
+}
+
+int authenticate_gss_client_clean(gss_client_state *state)
+{
+    OM_uint32 maj_stat;
+    OM_uint32 min_stat;
+    int ret = AUTH_GSS_COMPLETE;
+
+    if (state->context != GSS_C_NO_CONTEXT) {
+        maj_stat = gss_delete_sec_context(
+            &min_stat, &state->context, GSS_C_NO_BUFFER
+        );
+    }
+    if (state->server_name != GSS_C_NO_NAME) {
+        maj_stat = gss_release_name(&min_stat, &state->server_name);
+    }
+    if (
+        state->client_creds != GSS_C_NO_CREDENTIAL &&
+        ! (state->gss_flags & GSS_C_DELEG_FLAG)
+    ) {
+        maj_stat = gss_release_cred(&min_stat, &state->client_creds);
+    }
+    if (state->username != NULL) {
+        free(state->username);
+        state->username = NULL;
+    }
+    clear_response(state);
+
+    return ret;
+}
+
+int authenticate_gss_client_step(
+    gss_client_state* state, const char* challenge, int challenge_len
+) {
+    OM_uint32 maj_stat;
+    OM_uint32 min_stat;
+    gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
+    int ret = AUTH_GSS_CONTINUE;
+
+    // Always clear out the old response
+    clear_response(state);
+
+    // If there is a challenge (data from the server) we need to give it to GSS
+    copy_challenge_to_token(challenge, challenge_len, &input_token);
+
+    // Do GSSAPI step
+    maj_stat = gss_init_sec_context(
+        &min_stat,
+        state->client_creds,
+        &state->context,
+        state->server_name,
+        state->mech_oid,
+        (OM_uint32)state->gss_flags,
+        0,
+        GSS_C_NO_CHANNEL_BINDINGS,
+        &input_token,
+        NULL,
+        &output_token,
+        NULL,
+        NULL
+    );
+
+    if ((maj_stat != GSS_S_COMPLETE) && (maj_stat != GSS_S_CONTINUE_NEEDED)) {
+        if (output_token.value) {
+            gss_release_buffer(&min_stat, &output_token);
+        }
+        if (input_token.value) {
+            free(input_token.value);
+        }
+        raise_gss_error(maj_stat, min_stat);
+    }
+
+    ret = (maj_stat == GSS_S_COMPLETE) ? AUTH_GSS_COMPLETE : AUTH_GSS_CONTINUE;
+
+    // Grab the client response to send back to the server
+    save_response(state, &output_token, 0);
+
+    // Try to get the user name if we have completed all GSS operations
+    if (ret == AUTH_GSS_COMPLETE) {
+        gss_name_t gssuser = GSS_C_NO_NAME;
+        maj_stat = gss_inquire_context(&min_stat, state->context, &gssuser, NULL, NULL, NULL,  NULL, NULL, NULL);
+        if (GSS_ERROR(maj_stat)) {
+            if (input_token.value) {
+                free(input_token.value);
+            }
+            if (output_token.value) {
+                gss_release_buffer(&min_stat, &output_token);
+            }
+            raise_gss_error(maj_stat, min_stat);
+        }
+
+        gss_buffer_desc name_token;
+        name_token.length = 0;
+        maj_stat = gss_display_name(&min_stat, gssuser, &name_token, NULL);
+        if (GSS_ERROR(maj_stat)) {
+            if (name_token.value) {
+                gss_release_buffer(&min_stat, &name_token);
+            }
+            gss_release_name(&min_stat, &gssuser);
+
+            if (input_token.value) {
+                free(input_token.value);
+            }
+            if (output_token.value) {
+                gss_release_buffer(&min_stat, &output_token);
+            }
+            raise_gss_error(maj_stat, min_stat);
+        } else {
+            if (state->username != NULL) {
+                free(state->username);
+                state->username = NULL;
+            }
+            state->username = (char *)malloc(name_token.length + 1);
+            strncpy(state->username, (char*) name_token.value, name_token.length);
+            state->username[name_token.length] = 0;
+            gss_release_buffer(&min_stat, &name_token);
+            gss_release_name(&min_stat, &gssuser);
+        }
+    }
+
+end:
+    if (output_token.value) {
+        gss_release_buffer(&min_stat, &output_token);
+    }
+    if (input_token.value) {
+        free(input_token.value);
+    }
+    return ret;
+}
+
+int authenticate_gss_client_unwrap(
+    gss_client_state *state, const char *challenge, int challenge_len
+) {
+	OM_uint32 maj_stat;
+	OM_uint32 min_stat;
+	gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
+	gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
+	int ret = AUTH_GSS_CONTINUE;
+	int conf = 0;
+
+	// Always clear out the old response
+	clear_response(state);
+
+	// If there is a challenge (data from the server) we need to give it to GSS
+    copy_challenge_to_token(challenge, challenge_len, &input_token);
+
+	// Do GSSAPI step
+	maj_stat = gss_unwrap(
+        &min_stat,
+        state->context,
+        &input_token,
+        &output_token,
+        &conf,
+        NULL
+    );
+
+	if (maj_stat != GSS_S_COMPLETE)	{
+        if (output_token.value) {
+            gss_release_buffer(&min_stat, &output_token);
+        }
+        if (input_token.value) {
+            free(input_token.value);
+        }
+		raise_gss_error(maj_stat, min_stat);
+	} else {
+		ret = AUTH_GSS_COMPLETE;
+    }
+
+	// Grab the client response
+	save_response(state, &output_token, conf);
+
+end:
+	if (output_token.value) {
+		gss_release_buffer(&min_stat, &output_token);
+    }
+	if (input_token.value) {
+		free(input_token.value);
+    }
+	return ret;
+}
+
+int authenticate_gss_client_wrap(
+    gss_client_state* state, const char* challenge, int challenge_len
+) {
+	OM_uint32 maj_stat;
+	OM_uint32 min_stat;
+	gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
+	gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
+	int ret = AUTH_GSS_CONTINUE;
+	char buf[4096], server_conf_flags;
+	unsigned long buf_size;
+
+	// Always clear out the old response
+	clear_response(state);
+
+    copy_challenge_to_token(challenge, challenge_len, &input_token);
+
+	// Do GSSAPI wrap
+	maj_stat = gss_wrap(
+        &min_stat,
+        state->context,
+        0,
+        GSS_C_QOP_DEFAULT,
+        &input_token,
+        NULL,
+        &output_token
+    );
+
+	if (maj_stat != GSS_S_COMPLETE)	{
+        if (output_token.value) {
+            gss_release_buffer(&min_stat, &output_token);
+        }
+		raise_gss_error(maj_stat, min_stat);
+	} else {
+		ret = AUTH_GSS_COMPLETE;
+    }
+
+	// Grab the client response to send back to the server
+	save_response(state, &output_token, 0);
+
+end:
+	if (output_token.value) {
+		gss_release_buffer(&min_stat, &output_token);
+    }
+	return ret;
+}