gssapi 0.0.2 → 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/VERSION +1 -1
- data/lib/gssapi/lib_gssapi.rb +18 -10
- data/lib/gssapi/simple.rb +21 -5
- metadata +3 -3
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.0
|
|
1
|
+
0.1.0
|
data/lib/gssapi/lib_gssapi.rb
CHANGED
|
@@ -23,7 +23,16 @@ module GSSAPI
|
|
|
23
23
|
module LibGSSAPI
|
|
24
24
|
extend FFI::Library
|
|
25
25
|
|
|
26
|
-
|
|
26
|
+
case RUBY_PLATFORM
|
|
27
|
+
when /linux/
|
|
28
|
+
# Some Ubuntu ship only with libgssapi_krb5, hence this hackery.
|
|
29
|
+
ffi_lib File.basename Dir.glob("/usr/lib/libgssapi*").sort.first, FFI::Library::LIBC
|
|
30
|
+
when /win/
|
|
31
|
+
ffi_lib 'gssapi32' # Required the MIT Kerberos libraries to be installed
|
|
32
|
+
ffi_convention :stdcall
|
|
33
|
+
else
|
|
34
|
+
raise LoadError, "This platform (#{RUBY_PLATFORM}) is not supported by ruby gssapi."
|
|
35
|
+
end
|
|
27
36
|
|
|
28
37
|
# Libc functions
|
|
29
38
|
|
|
@@ -225,6 +234,7 @@ module GSSAPI
|
|
|
225
234
|
# oidstr[:value].read_string
|
|
226
235
|
attach_function :gss_oid_to_str, [:pointer, :pointer, :pointer], :OM_uint32
|
|
227
236
|
|
|
237
|
+
# TODO: Missing from Heimdal
|
|
228
238
|
# OM_uint32 gss_str_to_oid(OM_uint32 *minor_status, const gss_buffer_t oid_str, gss_OID *oid);
|
|
229
239
|
# @example: Simulate GSS_C_NT_HOSTBASED_SERVICE
|
|
230
240
|
# min_stat = FFI::MemoryPointer.new :uint32
|
|
@@ -236,7 +246,7 @@ module GSSAPI
|
|
|
236
246
|
# min_stat = FFI::MemoryPointer.new :uint32
|
|
237
247
|
# maj_stat = GSSAPI::LibGSSAPI.gss_str_to_oid(min_stat, oidstr.pointer, oid)
|
|
238
248
|
# oid = GSSAPI::LibGSSAPI::GssOID.new(oid.get_pointer(0))
|
|
239
|
-
attach_function :gss_str_to_oid, [:pointer, :pointer, :pointer], :OM_uint32
|
|
249
|
+
#attach_function :gss_str_to_oid, [:pointer, :pointer, :pointer], :OM_uint32
|
|
240
250
|
|
|
241
251
|
# OM_uint32 gss_init_sec_context(OM_uint32 * minor_status, const gss_cred_id_t initiator_cred_handle,
|
|
242
252
|
# gss_ctx_id_t * context_handle, const gss_name_t target_name, const gss_OID mech_type, OM_uint32 req_flags,
|
|
@@ -264,9 +274,14 @@ module GSSAPI
|
|
|
264
274
|
# int conf_req_flag, gss_qop_t qop_req, int * conf_state, gss_iov_buffer_desc * iov, int iov_count );
|
|
265
275
|
attach_function :gss_wrap_iov, [:pointer, :pointer, :int, :OM_uint32, :pointer, :pointer, :int], :OM_uint32
|
|
266
276
|
|
|
277
|
+
# OM_uint32 GSSAPI_LIB_FUNCTION gss_unwrap_iov ( OM_uint32 * minor_status, gss_ctx_id_t context_handle,
|
|
278
|
+
# int * conf_state, gss_qop_t * qop_state, gss_iov_buffer_desc * iov, int iov_count )
|
|
279
|
+
attach_function :gss_unwrap_iov, [:pointer, :pointer, :pointer, :pointer, :pointer, :int], :OM_uint32
|
|
280
|
+
|
|
281
|
+
# TODO: Missing from Heimdal
|
|
267
282
|
# OM_uint32 gss_wrap_aead(OM_uint32 * minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, gss_buffer_t input_assoc_buffer,
|
|
268
283
|
# gss_buffer_t input_payload_buffer, int * conf_state, gss_buffer_t output_message_buffer);
|
|
269
|
-
attach_function :gss_wrap_aead, [:pointer, :pointer, :int, :OM_uint32, :pointer, :pointer, :pointer, :pointer], :OM_uint32
|
|
284
|
+
#attach_function :gss_wrap_aead, [:pointer, :pointer, :int, :OM_uint32, :pointer, :pointer, :pointer, :pointer], :OM_uint32
|
|
270
285
|
|
|
271
286
|
# OM_uint32 gss_unwrap(OM_uint32 * minor_status, const gss_ctx_id_t context_handle,
|
|
272
287
|
# const gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int * conf_state, gss_qop_t * qop_state);
|
|
@@ -297,13 +312,6 @@ module GSSAPI
|
|
|
297
312
|
|
|
298
313
|
attach_variable :GSS_C_NT_HOSTBASED_SERVICE, :pointer # type gss_OID
|
|
299
314
|
attach_variable :GSS_C_NT_EXPORT_NAME, :pointer # type gss_OID
|
|
300
|
-
attach_variable :gss_mech_krb5, :pointer # type gss_OID
|
|
301
|
-
attach_variable :gss_mech_set_krb5, :pointer # type gss_OID_set
|
|
302
|
-
attach_variable :gss_nt_krb5_name, :pointer # type gss_OID
|
|
303
|
-
attach_variable :gss_nt_krb5_principal, :pointer # type gss_OID
|
|
304
|
-
attach_variable :gss_nt_krb5_principal, :pointer # type gss_OID_set
|
|
305
|
-
|
|
306
|
-
|
|
307
315
|
|
|
308
316
|
# Flag bits for context-level services.
|
|
309
317
|
GSS_C_DELEG_FLAG = 1
|
data/lib/gssapi/simple.rb
CHANGED
|
@@ -54,17 +54,30 @@ module GSSAPI
|
|
|
54
54
|
|
|
55
55
|
# Initialize the GSS security context (client initiator). If there was a previous call that issued a
|
|
56
56
|
# continue you can pass the continuation token in via the token param.
|
|
57
|
+
# If no flags are set the default flags are LibGSSAPI::GSS_C_MUTUAL_FLAG | LibGSSAPI::GSS_C_SEQUENCE_FLAG
|
|
57
58
|
# @param [String] in_token an input token sent from the remote service in a continuation.
|
|
59
|
+
# @param [Hash] opts misc opts to be set
|
|
60
|
+
# @option opts [Fixnum] :flags override all other flags. If you set the :delegate option this option will override it.
|
|
61
|
+
# @see http://tools.ietf.org/html/rfc4121#section-4.1.1.1
|
|
62
|
+
# @option opts [Boolean] :delegate if true set the credential delegate flag
|
|
58
63
|
# @return [String, true] if a continuation flag is set it will return the output token that is needed to send
|
|
59
64
|
# to the remote host. Otherwise it returns true and the GSS security context has been established.
|
|
60
|
-
def init_context(in_token = nil)
|
|
65
|
+
def init_context(in_token = nil, opts = {})
|
|
61
66
|
min_stat = FFI::MemoryPointer.new :uint32
|
|
62
67
|
ctx = (@context.nil? ? LibGSSAPI::GssCtxIdT.gss_c_no_context.address_of : @context.address_of)
|
|
63
68
|
mech = LibGSSAPI::GssOID.gss_c_no_oid
|
|
69
|
+
if(opts[:flags])
|
|
70
|
+
flags = opts[:flags]
|
|
71
|
+
else
|
|
72
|
+
flags = (LibGSSAPI::GSS_C_MUTUAL_FLAG | LibGSSAPI::GSS_C_SEQUENCE_FLAG)
|
|
73
|
+
flags |= LibGSSAPI::GSS_C_DELEG_FLAG if opts[:delegate]
|
|
74
|
+
flags |= LibGSSAPI::GSS_C_DELEG_POLICY_FLAG if opts[:delegate]
|
|
75
|
+
end
|
|
64
76
|
in_tok = LibGSSAPI::GssBufferDesc.new
|
|
65
77
|
in_tok.value = in_token
|
|
66
78
|
out_tok = LibGSSAPI::GssBufferDesc.new
|
|
67
79
|
out_tok.value = nil
|
|
80
|
+
ret_flags = FFI::MemoryPointer.new :uint32
|
|
68
81
|
|
|
69
82
|
|
|
70
83
|
maj_stat = LibGSSAPI.gss_init_sec_context(min_stat,
|
|
@@ -72,13 +85,13 @@ module GSSAPI
|
|
|
72
85
|
ctx,
|
|
73
86
|
@int_svc_name,
|
|
74
87
|
mech,
|
|
75
|
-
|
|
88
|
+
flags,
|
|
76
89
|
0,
|
|
77
90
|
nil,
|
|
78
91
|
in_tok.pointer,
|
|
79
92
|
nil,
|
|
80
93
|
out_tok.pointer,
|
|
81
|
-
|
|
94
|
+
ret_flags,
|
|
82
95
|
nil)
|
|
83
96
|
|
|
84
97
|
raise GssApiError, "gss_init_sec_context did not return GSS_S_COMPLETE. Error code: maj: #{maj_stat}, min: #{min_stat.read_int}" if maj_stat > 1
|
|
@@ -103,7 +116,9 @@ module GSSAPI
|
|
|
103
116
|
in_tok = GSSAPI::LibGSSAPI::GssBufferDesc.new
|
|
104
117
|
in_tok.value = in_token
|
|
105
118
|
out_tok = GSSAPI::LibGSSAPI::GssBufferDesc.new
|
|
106
|
-
out_tok.value = nil
|
|
119
|
+
out_tok.value = nil
|
|
120
|
+
ret_flags = FFI::MemoryPointer.new :uint32
|
|
121
|
+
|
|
107
122
|
maj_stat = LibGSSAPI.gss_accept_sec_context(min_stat,
|
|
108
123
|
ctx,
|
|
109
124
|
@scred,
|
|
@@ -112,7 +127,8 @@ module GSSAPI
|
|
|
112
127
|
client,
|
|
113
128
|
mech,
|
|
114
129
|
out_tok.pointer,
|
|
115
|
-
|
|
130
|
+
ret_flags,
|
|
131
|
+
nil, nil)
|
|
116
132
|
|
|
117
133
|
raise GssApiError, "gss_accept_sec_context did not return GSS_S_COMPLETE. Error code: maj: #{maj_stat}, min: #{min_stat.read_int}" if maj_stat > 1
|
|
118
134
|
|
metadata
CHANGED
|
@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
|
|
|
4
4
|
prerelease: false
|
|
5
5
|
segments:
|
|
6
6
|
- 0
|
|
7
|
+
- 1
|
|
7
8
|
- 0
|
|
8
|
-
|
|
9
|
-
version: 0.0.2
|
|
9
|
+
version: 0.1.0
|
|
10
10
|
platform: ruby
|
|
11
11
|
authors:
|
|
12
12
|
- Dan Wanek
|
|
@@ -14,7 +14,7 @@ autorequire:
|
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
16
|
|
|
17
|
-
date:
|
|
17
|
+
date: 2011-01-24 00:00:00 -06:00
|
|
18
18
|
default_executable:
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|