gsasl 0.2.0 → 1.0.0

data/.travis.yml

@@ -1,2 +1,10 @@
+language: ruby
+rvm:
+  - 1.8.7
+  - 1.9.3
+  - jruby-18mode # JRuby in 1.8 mode
+  - jruby-19mode # JRuby in 1.9 mode
+#  - rbx-18mode
+#  - rbx-19mode
 before_script:
-  - sudo apt-get install libgsasl
+  - sudo apt-get install libgsasl7

data/README.md

@@ -1,4 +1,4 @@
-# GNU SASL for Ruby
+# GNU SASL for Ruby [![Build Status](https://secure.travis-ci.org/threez/gsasl.png)](http://travis-ci.org/threez/gsasl)
 
 This libaray is a lib ffi based wrapper for the [GNU SASL](http://www.gnu.org/software/gsasl/) library. It supports a variaty of different authentication mechanisms. Those are the mechanisms supported for the current versions:
 

data/lib/gsasl.rb

@@ -1,9 +1,12 @@
 require "gsasl/version"
 require "gsasl/native"
-require "gsasl/context"
-require "gsasl/remote_authenticator"
-require "gsasl/peer"
 
 module Gsasl
-  class GsaslError < StandardError; end
+  autoload :Context, "gsasl/context"
+  autoload :RemoteAuthenticator, "gsasl/remote_authenticator"
+  autoload :Peer, "gsasl/peer"
+  
+  class GsaslError < StandardError;
+    attr_accessor :code
+  end
 end

data/lib/gsasl/native.rb

@@ -2,7 +2,11 @@ require 'ffi'
 
 module Gsasl
   extend FFI::Library
-  ffi_lib "libgsasl"
+  begin
+    ffi_lib "libgsasl"
+  rescue LoadError # debain/ubuntu has a different name for the libgsasl library
+    ffi_lib "libgsasl.so.7"
+  end
   
   # RFC 2222: SASL mechanisms are named by strings, from 1 to 20
   # characters in length, consisting of upper-case letters, digits,
@@ -133,11 +137,13 @@ module Gsasl
   attach_function :gsasl_step64, [ :pointer, :string, :pointer], :int
   
   # Raises an error if the passed result is not GSASL_OK
-  # @param [Fixnum] result that should be checked
+  # @param [Fixnum] code that should be checked
   # @raises [GsaslError] if a different result occured
-  def self.raise_error!(result)
-    if result != GSASL_OK
-      raise GsaslError, Gsasl.gsasl_strerror(result)
+  def self.raise_error!(code)
+    if code != GSASL_OK
+      error = GsaslError.new(Gsasl.gsasl_strerror(code) + " [#{code}]")
+      error.code = code
+      raise error
     end
   end
   

data/lib/gsasl/peer.rb

@@ -156,7 +156,9 @@ module Gsasl
         when Gsasl::GSASL_VALIDATE_SECURID
           handle_secureid_authentication(&block)
         when Gsasl::GSASL_DIGEST_MD5_HASHED_PASSWORD
-          handle_digest_md5_authentication(&block)
+          handle_digest_md5_authentication(&block) ||
+          # fallback to password if there is no hash digest available
+          handle_password_authentication(&block)
         when Gsasl::GSASL_VALIDATE_ANONYMOUS
           handle_anonymous_authentication(&block)
         when Gsasl::GSASL_VALIDATE_EXTERNAL
@@ -260,6 +262,8 @@ module Gsasl
       end
       
       result == Gsasl::GSASL_OK
+    rescue GsaslError => ex
+      false
     end
     
     # Authenticate against a remote peer using a socket like authenication
@@ -291,6 +295,32 @@ module Gsasl
       result == Gsasl::GSASL_OK
     end
     
+    # Handles a client authentication request by the server peer.
+    # @param [String] client_initialization if the client already gives
+    #   initialization data before the process starts
+    # @example
+    #   auth_result = server.handle do |remote|
+    #     remote.recieve { io.gets.strip }
+    #     remote.send    { |data| io.print "+ #{data}\r\n" }
+    #   end
+    def handle(client_initialization = nil, &block)
+      result = GSASL_NEEDS_MORE
+      input = client_initialization
+
+      # create a new authenticator and define its behaviour
+      remote = RemoteAuthenticator.new
+      block.call(remote)
+      
+      while result == GSASL_NEEDS_MORE
+        # use the client initialization if given (once) otherwise receive
+        # from the remote client
+        result, response = process input
+        input = remote.send(response) if result == GSASL_NEEDS_MORE
+      end
+
+      result == Gsasl::GSASL_OK
+    end
+    
     # Close the authentication peer. This should be done after one
     # authenticaion.
     def close
@@ -307,7 +337,7 @@ module Gsasl
         output = output_ptr.get_pointer(0)
         [result, output.read_string.to_s]
       else
-        [result, nil]
+        Gsasl.raise_error!(result)
       end
     ensure  
       Gsasl.gsasl_free(output)

data/lib/gsasl/version.rb

@@ -1,3 +1,3 @@
 module Gsasl
-  VERSION = "0.2.0"
+  VERSION = "1.0.0"
 end

data/spec/peer_spec.rb

@@ -79,6 +79,94 @@ describe Gsasl::Context do
         "fb2441a715a5484c6fa16147c4a6b7a8"
     end
   end
+  
+  context "client authenticaten" do
+    before(:each) do
+      @general_handler = lambda do |server, client|
+        server.handle do |remote|
+          remote.send do |data|
+            _, output = client.process data
+            output
+          end
+        end
+      end
+    end
+    
+    it "should handle LOGIN" do
+      @client = @session.create_client("LOGIN")
+      @client.credentials!("joe", "secret")
+      @peer = @session.create_server("LOGIN") do |type, authid|
+        "secret" if type == :password && authid == "joe"
+      end
+      @general_handler.call(@peer, @client).should be_true
+    end
+    
+    it "should handle PLAIN" do
+      @client = @session.create_client("PLAIN")
+      @client.credentials!("joe", "secret")
+      @peer = @session.create_server("PLAIN") do |type, authid|
+        "secret" if type == :password && authid == "joe"
+      end
+      @general_handler.call(@peer, @client).should be_true
+    end
+    
+    it "should handle CRAM-MD5" do
+      @client = @session.create_client("CRAM-MD5")
+      @client.credentials!("joe", "secret")
+      @peer = @session.create_server("CRAM-MD5") do |type, authid|
+        "secret" if type == :password && authid == "joe"
+      end
+      @general_handler.call(@peer, @client).should be_true
+    end
+    
+    it "should handle SCRAM-SHA-1" do
+      @client = @session.create_client("SCRAM-SHA-1")
+      @client.credentials!("joe", "secret")
+      @peer = @session.create_server("SCRAM-SHA-1") do |type, authid|
+        "secret" if type == :password && authid == "joe"
+      end
+      @general_handler.call(@peer, @client).should be_true
+    end
+    
+    it "should handle DIGEST-MD5" do
+      @client = @session.create_client("DIGEST-MD5")
+      @client.credentials!("joe", "secret")
+      @client.service!("smtp", "localhost")
+      @client.realm = "gsasl"
+      @peer = @session.create_server("DIGEST-MD5", "gsasl") do |type, authid|
+        "secret" if type == :password && authid == "joe"
+      end
+      @general_handler.call(@peer, @client).should be_true
+    end
+  
+    after(:each) do
+      @peer.close
+      @client.close
+    end
+  end
+  
+  context "client initialization" do
+    it "should be possible with PLAIN" do
+      @client = @session.create_client("PLAIN")
+      @client.credentials!("joe", "secret")
+      @peer = @session.create_server("PLAIN") do |type, authid|
+        "secret" if type == :password && authid == "joe"
+      end
+      _, init = @client.process # emulate a client side authentication
+      init.should_not be_empty
+      @peer.handle(init) do |remote|
+        remote.send do |data|
+          _, output = @client.process data
+          output
+        end
+      end.should be_true
+    end
+    
+    after(:each) do
+      @peer.close
+      @client.close
+    end
+  end
 
   after(:each) do
     @session.close

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gsasl
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 1.0.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-05-01 00:00:00.000000000 Z
+date: 2012-05-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec