gssapi 0.0.2 → 0.1.0

data/VERSION

@@ -1 +1 @@
-0.0.2
+0.1.0

data/lib/gssapi/lib_gssapi.rb

@@ -23,7 +23,16 @@ module GSSAPI
   module LibGSSAPI
     extend FFI::Library
     
-    ffi_lib File.basename Dir.glob("/usr/lib/libgssapi*").first, FFI::Library::LIBC
+    case RUBY_PLATFORM
+    when /linux/
+      # Some Ubuntu ship only with libgssapi_krb5, hence this hackery.
+      ffi_lib File.basename Dir.glob("/usr/lib/libgssapi*").sort.first, FFI::Library::LIBC
+    when /win/
+      ffi_lib 'gssapi32'  # Required the MIT Kerberos libraries to be installed
+      ffi_convention :stdcall
+    else
+      raise LoadError, "This platform (#{RUBY_PLATFORM}) is not supported by ruby gssapi."
+    end
 
     # Libc functions
 
@@ -225,6 +234,7 @@ module GSSAPI
     #   oidstr[:value].read_string
     attach_function :gss_oid_to_str, [:pointer, :pointer, :pointer], :OM_uint32
 
+    # TODO: Missing from Heimdal
     # OM_uint32 gss_str_to_oid(OM_uint32 *minor_status, const gss_buffer_t oid_str, gss_OID *oid);
     # @example: Simulate GSS_C_NT_HOSTBASED_SERVICE
     #   min_stat = FFI::MemoryPointer.new :uint32
@@ -236,7 +246,7 @@ module GSSAPI
     #   min_stat = FFI::MemoryPointer.new :uint32
     #   maj_stat = GSSAPI::LibGSSAPI.gss_str_to_oid(min_stat, oidstr.pointer, oid)
     #   oid = GSSAPI::LibGSSAPI::GssOID.new(oid.get_pointer(0))
-    attach_function :gss_str_to_oid, [:pointer, :pointer, :pointer], :OM_uint32
+    #attach_function :gss_str_to_oid, [:pointer, :pointer, :pointer], :OM_uint32
 
     # OM_uint32  gss_init_sec_context(OM_uint32  *  minor_status, const gss_cred_id_t initiator_cred_handle,
     #   gss_ctx_id_t * context_handle, const gss_name_t target_name, const gss_OID mech_type, OM_uint32 req_flags,
@@ -264,9 +274,14 @@ module GSSAPI
     #   int conf_req_flag, gss_qop_t 	qop_req, int * 	conf_state, gss_iov_buffer_desc * 	iov, int 	iov_count );
     attach_function :gss_wrap_iov, [:pointer, :pointer, :int, :OM_uint32, :pointer, :pointer, :int], :OM_uint32
 
+    # OM_uint32 GSSAPI_LIB_FUNCTION gss_unwrap_iov ( OM_uint32 * minor_status, gss_ctx_id_t context_handle,
+    #   int * conf_state, gss_qop_t * qop_state, gss_iov_buffer_desc * iov, int iov_count )
+    attach_function :gss_unwrap_iov, [:pointer, :pointer, :pointer, :pointer, :pointer, :int], :OM_uint32
+
+    # TODO: Missing from Heimdal
     # OM_uint32 gss_wrap_aead(OM_uint32 * minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, gss_buffer_t input_assoc_buffer,
     #  gss_buffer_t input_payload_buffer, int * conf_state, gss_buffer_t output_message_buffer);
-    attach_function :gss_wrap_aead, [:pointer, :pointer, :int, :OM_uint32, :pointer, :pointer, :pointer, :pointer], :OM_uint32
+    #attach_function :gss_wrap_aead, [:pointer, :pointer, :int, :OM_uint32, :pointer, :pointer, :pointer, :pointer], :OM_uint32
 
     # OM_uint32  gss_unwrap(OM_uint32  *  minor_status, const gss_ctx_id_t context_handle,
     #   const gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int * conf_state, gss_qop_t * qop_state);
@@ -297,13 +312,6 @@ module GSSAPI
 
     attach_variable :GSS_C_NT_HOSTBASED_SERVICE, :pointer # type gss_OID
     attach_variable :GSS_C_NT_EXPORT_NAME, :pointer # type gss_OID
-    attach_variable :gss_mech_krb5, :pointer # type gss_OID
-    attach_variable :gss_mech_set_krb5, :pointer # type gss_OID_set
-    attach_variable :gss_nt_krb5_name, :pointer # type gss_OID
-    attach_variable :gss_nt_krb5_principal, :pointer # type gss_OID
-    attach_variable :gss_nt_krb5_principal, :pointer # type gss_OID_set
-
-
 
     # Flag bits for context-level services.
     GSS_C_DELEG_FLAG        = 1

data/lib/gssapi/simple.rb

@@ -54,17 +54,30 @@ module GSSAPI
 
     # Initialize the GSS security context (client initiator).  If there was a previous call that issued a
     #   continue you can pass the continuation token in via the token param.
+    #   If no flags are set the default flags are LibGSSAPI::GSS_C_MUTUAL_FLAG | LibGSSAPI::GSS_C_SEQUENCE_FLAG
     # @param [String] in_token an input token sent from the remote service in a continuation.
+    # @param [Hash] opts misc opts to be set
+    # @option opts [Fixnum] :flags override all other flags.  If you set the :delegate option this option will override it.
+    #   @see http://tools.ietf.org/html/rfc4121#section-4.1.1.1
+    # @option opts [Boolean] :delegate if true set the credential delegate flag
     # @return [String, true] if a continuation flag is set it will return the output token that is needed to send
     #   to the remote host.  Otherwise it returns true and the GSS security context has been established.
-    def init_context(in_token = nil)
+    def init_context(in_token = nil, opts = {})
       min_stat = FFI::MemoryPointer.new :uint32
       ctx = (@context.nil? ? LibGSSAPI::GssCtxIdT.gss_c_no_context.address_of : @context.address_of)
       mech = LibGSSAPI::GssOID.gss_c_no_oid
+      if(opts[:flags])
+        flags = opts[:flags]
+      else
+        flags = (LibGSSAPI::GSS_C_MUTUAL_FLAG | LibGSSAPI::GSS_C_SEQUENCE_FLAG)
+        flags |= LibGSSAPI::GSS_C_DELEG_FLAG  if opts[:delegate]
+        flags |= LibGSSAPI::GSS_C_DELEG_POLICY_FLAG  if opts[:delegate]
+      end
       in_tok = LibGSSAPI::GssBufferDesc.new
       in_tok.value = in_token
       out_tok = LibGSSAPI::GssBufferDesc.new
       out_tok.value = nil
+      ret_flags = FFI::MemoryPointer.new :uint32
 
 
       maj_stat = LibGSSAPI.gss_init_sec_context(min_stat,
@@ -72,13 +85,13 @@ module GSSAPI
                                                 ctx,
                                                 @int_svc_name,
                                                 mech,
-                                                (LibGSSAPI::GSS_C_MUTUAL_FLAG | LibGSSAPI::GSS_C_SEQUENCE_FLAG),
+                                                flags,
                                                 0,
                                                 nil,
                                                 in_tok.pointer,
                                                 nil,
                                                 out_tok.pointer,
-                                                nil,
+                                                ret_flags,
                                                 nil)
 
       raise GssApiError, "gss_init_sec_context did not return GSS_S_COMPLETE.  Error code: maj: #{maj_stat}, min: #{min_stat.read_int}" if maj_stat > 1
@@ -103,7 +116,9 @@ module GSSAPI
       in_tok = GSSAPI::LibGSSAPI::GssBufferDesc.new
       in_tok.value = in_token
       out_tok = GSSAPI::LibGSSAPI::GssBufferDesc.new
-      out_tok.value = nil
+      out_tok.value = nil 
+      ret_flags = FFI::MemoryPointer.new :uint32
+
       maj_stat = LibGSSAPI.gss_accept_sec_context(min_stat,
                                                   ctx,
                                                   @scred,
@@ -112,7 +127,8 @@ module GSSAPI
                                                   client,
                                                   mech,
                                                   out_tok.pointer,
-                                                  nil, nil, nil)
+                                                  ret_flags,
+                                                  nil, nil)
 
       raise GssApiError, "gss_accept_sec_context did not return GSS_S_COMPLETE.  Error code: maj: #{maj_stat}, min: #{min_stat.read_int}" if maj_stat > 1
 

metadata

@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
   prerelease: false
   segments: 
   - 0
+  - 1
   - 0
-  - 2
-  version: 0.0.2
+  version: 0.1.0
 platform: ruby
 authors: 
 - Dan Wanek
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-12-16 00:00:00 -06:00
+date: 2011-01-24 00:00:00 -06:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency