gssapi 1.1.2 → 1.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 4900e3de24fcb1b4bd1e1f6e4beece74187ac663
+  data.tar.gz: 25cd31e5aacea658b701c8870a9d14ce6bb735bf
+SHA512:
+  metadata.gz: d0bf8e7383f210b60f3b9e8207d8a6fd15caea5712dc247e2e3fc014de1f527349e8e97e1110a47f7512ff62622052db2cce1ff1320274a498b4aea3e4604c4d
+  data.tar.gz: 8ae992ceaab77f81815aa836181cc8b929c93b0b58b129d1a27a7f186739384127ee0fdc47105564ffa13c767a4ee20a8926f143bd5b98710c5a2a24a9666669

data/Changelog.md

@@ -0,0 +1,14 @@
+## Version 1.1.1
+  * Allow GssApiError to be initialized with string.
+  * Add display_name wrapper for gss_display_name to GSSAPI::Simple
+  * gss_iov examples
+  * Ruby 1.8.x support
+  * Change loader for MIT and Heimdal to be a bit cleaner. Fix syntax in simple.rb
+  * Do a gss_acquire_cred for every connection to the server.
+  * updating path to gssapi32.dll
+
+## Version 1.1.2
+  * add gss_get_mic
+
+## Version 1.2.0
+  * Move IOV and AEAD to gssapi/extensions.rb so it can be loaded separately when needed

data/Gemfile

@@ -0,0 +1,2 @@
+source "https://rubygems.org"
+gemspec

data/README.md

@@ -0,0 +1,22 @@
+# Ruby GSSAPI Library
+
+This is a wrapper around the system GSSAPI library (MIT only at this time).  It exposes the low-level GSSAPI methods like gss_init_sec_context and gss_wrap and also provides an easier to use wrapper on top of this for common usage scenarios.
+
+
+I'm going to try and maintain most of the docs in the Github WIKI for this project so please check there for documentation and examples.
+
+https://github.com/zenchild/gssapi/wiki
+
+
+Also check out the examples directory for some stubbed out client/server examples.
+
+
+## Note on IOV and AEAD functions
+
+If you require the IOV and AEAD functions you will have to `require "gssapi/extensions"` to gain access to them.
+
+
+#### License
+
+Copyright © 2010 Dan Wanek <dan.wanek@gmail.com>
+Ruby gssapi is licensed under the MIT license (see COPYING)

data/Rakefile

@@ -1,29 +1,11 @@
-desc "Build the gem"
-task :gem do
-    system "gem build gssapi.gemspec"
-end
-
-desc "Clean the build environment"
-task :clean do
-    system "rm gssapi*.gem"
-end
-
-desc "Increment the version by 1 minor release"
-task :versionup do
-	ver = up_min_version
-	puts "New version: #{ver}"
-end
-
-
-def up_min_version
-	f = File.open('VERSION', 'r+')
-	ver = f.readline.chomp
-	v_arr = ver.split(/\./).map do |v|
-		v.to_i
-	end
-	v_arr[2] += 1
-	ver = v_arr.join('.')
-	f.rewind
-	f.write(ver)
-	ver
+require "bundler/gem_tasks"
+
+desc "Open a Pry Console"
+task :console do
+  require "pry"
+  require "pathname"
+  $: << (Pathname(__FILE__).dirname + "lib").to_s
+  require "gssapi"
+  ARGV.clear
+  Pry.start
 end

data/VERSION

@@ -1 +1 @@
-1.1.2
+1.2.0

data/gssapi.gemspec

@@ -4,21 +4,22 @@ $:.unshift lib unless $:.include?(lib)
 require 'date'
 
 Gem::Specification.new do |gem|
-  gem.name = "gssapi"
-  gem.version = File.open('VERSION').readline.chomp
-  gem.date		= Date.today.to_s
+  gem.name     = "gssapi"
+  gem.version  = File.open('VERSION').readline.chomp
+  gem.date     = Date.today.to_s
   gem.platform = Gem::Platform::RUBY
   gem.rubyforge_project  = nil
 
   gem.author = "Dan Wanek"
   gem.email = "dan.wanek@gmail.com"
   gem.homepage = "http://github.com/zenchild/gssapi"
+  gem.license = "MIT"
 
   gem.summary = "A FFI wrapper around the system GSSAPI library."
   gem.description	= <<-EOF
     A FFI wrapper around the system GSSAPI library. Please make sure and read the
     Yard docs or standard GSSAPI documentation if you have any questions.
-    
+
     There is also a class called GSSAPI::Simple that wraps many of the common features
     used for GSSAPI.
   EOF
@@ -26,7 +27,7 @@ Gem::Specification.new do |gem|
   gem.files = `git ls-files`.split(/\n/)
   gem.require_path = "lib"
   gem.rdoc_options	= %w(-x test/ -x examples/)
-  gem.extra_rdoc_files = %w(README.textile COPYING)
+  gem.extra_rdoc_files = %w(README.md COPYING Changelog.md)
 
   gem.required_ruby_version	= '>= 1.8.7'
   gem.add_runtime_dependency  'ffi', '>= 1.0.1'

data/lib/gssapi/extensions.rb

@@ -0,0 +1,40 @@
+=begin
+Copyright © 2014 Dan Wanek <dan.wanek@gmail.com>
+
+Licensed under the MIT License: http://www.opensource.org/licenses/mit-license.php
+=end
+module GSSAPI
+  module LibGSSAPI
+
+    # Some versions of GSSAPI might not have support for IOV yet.
+    begin
+      # OM_uint32 GSSAPI_LIB_FUNCTION gss_wrap_iov( OM_uint32 * minor_status, gss_ctx_id_t  context_handle,
+      #   int conf_req_flag, gss_qop_t  qop_req, int *  conf_state, gss_iov_buffer_desc *  iov, int  iov_count );
+      attach_function :gss_wrap_iov, [:pointer, :pointer, :int, :OM_uint32, :pointer, :pointer, :int], :OM_uint32
+
+      # OM_uint32 GSSAPI_LIB_FUNCTION gss_unwrap_iov ( OM_uint32 * minor_status, gss_ctx_id_t context_handle,
+      #   int * conf_state, gss_qop_t * qop_state, gss_iov_buffer_desc * iov, int iov_count )
+      attach_function :gss_unwrap_iov, [:pointer, :pointer, :pointer, :pointer, :pointer, :int], :OM_uint32
+
+      # OM_uint32 GSSAPI_LIB_CALL gss_wrap_iov_length ( OM_uint32 * minor_status, gss_ctx_id_t context_handle,
+      #   int conf_req_flag, gss_qop_t  qop_req, int *  conf_state, gss_iov_buffer_desc * iov, int iov_count)
+      attach_function :gss_wrap_iov_length, [:pointer, :pointer, :int, :OM_uint32, :pointer, :pointer, :int], :OM_uint32
+    rescue FFI::NotFoundError => ex
+      warn "WARNING: Could not load IOV methods. Check your GSSAPI C library for an update"
+    end
+
+    begin
+      # OM_uint32 gss_wrap_aead(OM_uint32 * minor_status, gss_ctx_id_t context_handle, int conf_req_flag,
+      #   gss_qop_t qop_req, gss_buffer_t input_assoc_buffer,
+      #   gss_buffer_t input_payload_buffer, int * conf_state, gss_buffer_t output_message_buffer);
+      attach_function :gss_wrap_aead, [:pointer, :pointer, :int, :OM_uint32, :pointer, :pointer, :pointer, :pointer], :OM_uint32
+
+      # OM_uint32 gss_unwrap_aead(OM_uint32 * minor_status, gss_ctx_id_t context_handle, gss_buffer_t input_message_buffer,
+      #   gss_buffer_t input_assoc_buffer, gss_buffer_t output_payload_buffer, int * conf_state, gss_qop_t * qop_state);
+      attach_function :gss_unwrap_aead, [:pointer,:pointer,:pointer,:pointer,:pointer,:pointer,:pointer], :OM_uint32
+    rescue FFI::NotFoundError => ex
+      warn "WARNING: Could not load AEAD methods. Check your GSSAPI C library for an update"
+    end
+
+  end
+end

data/lib/gssapi/lib_gssapi.rb

@@ -158,7 +158,7 @@ module GSSAPI
 
       def self.release(ptr)
         if( ptr.address == 0 )
-          puts "NULL POINTER: Not freeing" if $DEBUG
+          puts "Releasing #{self.name} NULL POINTER: Not freeing" if $DEBUG
           return
         else
           puts "Releasing #{self.name} at #{ptr.address.to_s(16)}" if $DEBUG
@@ -270,36 +270,6 @@ module GSSAPI
     #   min_stat = FFI::MemoryPointer.new :OM_uint32
     # Remember to free the allocated output_message_buffer with gss_release_buffer
     attach_function :gss_wrap, [:pointer, :pointer, :int, :OM_uint32, :pointer, :pointer, :pointer], :OM_uint32
-    
-    # Some versions of GSSAPI might not have support for IOV yet.
-    begin
-      # OM_uint32 GSSAPI_LIB_FUNCTION gss_wrap_iov( OM_uint32 * minor_status, gss_ctx_id_t  context_handle,
-      #   int conf_req_flag, gss_qop_t  qop_req, int *  conf_state, gss_iov_buffer_desc *  iov, int  iov_count );
-      attach_function :gss_wrap_iov, [:pointer, :pointer, :int, :OM_uint32, :pointer, :pointer, :int], :OM_uint32
-
-      # OM_uint32 GSSAPI_LIB_FUNCTION gss_unwrap_iov ( OM_uint32 * minor_status, gss_ctx_id_t context_handle,
-      #   int * conf_state, gss_qop_t * qop_state, gss_iov_buffer_desc * iov, int iov_count )
-      attach_function :gss_unwrap_iov, [:pointer, :pointer, :pointer, :pointer, :pointer, :int], :OM_uint32
-
-      # OM_uint32 GSSAPI_LIB_CALL gss_wrap_iov_length ( OM_uint32 * minor_status, gss_ctx_id_t context_handle,
-      #   int conf_req_flag, gss_qop_t  qop_req, int *  conf_state, gss_iov_buffer_desc * iov, int iov_count)
-      attach_function :gss_wrap_iov_length, [:pointer, :pointer, :int, :OM_uint32, :pointer, :pointer, :int], :OM_uint32
-    rescue FFI::NotFoundError => ex
-      warn "WARNING: Could not load IOV methods. Check your GSSAPI C library for an update"
-    end
-    
-    begin
-      # OM_uint32 gss_wrap_aead(OM_uint32 * minor_status, gss_ctx_id_t context_handle, int conf_req_flag,
-      #   gss_qop_t qop_req, gss_buffer_t input_assoc_buffer,
-      #   gss_buffer_t input_payload_buffer, int * conf_state, gss_buffer_t output_message_buffer);
-      attach_function :gss_wrap_aead, [:pointer, :pointer, :int, :OM_uint32, :pointer, :pointer, :pointer, :pointer], :OM_uint32
-
-      # OM_uint32 gss_unwrap_aead(OM_uint32 * minor_status, gss_ctx_id_t context_handle, gss_buffer_t input_message_buffer,
-      #   gss_buffer_t input_assoc_buffer, gss_buffer_t output_payload_buffer, int * conf_state, gss_qop_t * qop_state);
-      attach_function :gss_unwrap_aead, [:pointer,:pointer,:pointer,:pointer,:pointer,:pointer,:pointer], :OM_uint32
-    rescue FFI::NotFoundError => ex
-      warn "WARNING: Could not load AEAD methods. Check your GSSAPI C library for an update"
-    end
 
     # OM_uint32  gss_unwrap(OM_uint32  *  minor_status, const gss_ctx_id_t context_handle,
     #   const gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int * conf_state, gss_qop_t * qop_state);
@@ -330,6 +300,9 @@ module GSSAPI
     # OM_uint32 gss_display_status(OM_uint32 *minor_status, OM_uint32 status_value, int status_type, gss_OID mech_type, OM_uint32 *message_context, gss_buffer_t status_string)
     attach_function :gss_display_status, [:pointer, :OM_uint32, :int, :pointer, :pointer, :pointer], :OM_uint32
 
+    # OM_uint32 gss_krb5_copy_ccache(OM_uint32 *minor_status, gss_cred_id_t cred_handle, krb5_ccache out_ccache)
+    attach_function :gss_krb5_copy_ccache, [:pointer, :pointer, :pointer], :OM_uint32
+
     # Variable definitions
     # --------------------
 

data/lib/gssapi/lib_gssapi_loader.rb

@@ -17,22 +17,24 @@ module GSSAPI
 
 
     def self.load_mit
-      case RUBY_PLATFORM
+      host_os = RbConfig::CONFIG['host_os']
+      case host_os
       when /linux/
         gssapi_lib = 'libgssapi_krb5.so.2'
+        ffi_lib gssapi_lib, FFI::Library::LIBC
       when /darwin/
         gssapi_lib = '/usr/lib/libgssapi_krb5.dylib'
+        ffi_lib gssapi_lib, FFI::Library::LIBC
       when /mswin|mingw32|windows/
         # Pull the gssapi32 path from the environment if it exist, otherwise use the default in Program Files
         gssapi32_path = ENV['gssapi32'] ? ENV['gssapi32'] : 'C:\Program Files (x86)\MIT\Kerberos\bin\gssapi32.dll'
         ffi_lib gssapi32_path, FFI::Library::LIBC  # Required the MIT Kerberos libraries to be installed
         ffi_convention :stdcall
       else
-        raise LoadError, "This platform (#{RUBY_PLATFORM}) is not supported by ruby gssapi and the MIT libraries."
+        raise LoadError, "This host OS (#{host_os}) is not supported by ruby gssapi and the MIT libraries."
       end
-      ffi_lib gssapi_lib, FFI::Library::LIBC
 
-      # -------------------- MIT Specifics -------------------- 
+      # -------------------- MIT Specifics --------------------
       attach_variable :__GSS_C_NT_HOSTBASED_SERVICE, :GSS_C_NT_HOSTBASED_SERVICE, :pointer # type gss_OID
       attach_variable :__GSS_C_NT_EXPORT_NAME, :GSS_C_NT_EXPORT_NAME, :pointer # type gss_OID
       LibGSSAPI.const_set("GSS_C_NT_HOSTBASED_SERVICE", __GSS_C_NT_HOSTBASED_SERVICE)
@@ -40,25 +42,26 @@ module GSSAPI
     end
 
     def self.load_heimdal
-      case RUBY_PLATFORM
+      host_os = RbConfig::CONFIG['host_os']
+      case host_os
       when /linux/
         gssapi_lib = 'libgssapi.so.3'
       when /darwin/
         # use Heimdal Kerberos since Mac MIT Kerberos is OLD. Do a "require 'gssapi/heimdal'" first
         gssapi_lib = '/usr/heimdal/lib/libgssapi.dylib'
       else
-        raise LoadError, "This platform (#{RUBY_PLATFORM}) is not supported by ruby gssapi and the Heimdal libraries."
+        raise LoadError, "This host OS (#{host_os}) is not supported by ruby gssapi and the Heimdal libraries."
       end
       ffi_lib gssapi_lib, FFI::Library::LIBC
 
-      # ------------------ Heimdal Specifics ------------------ 
+      # ------------------ Heimdal Specifics ------------------
       attach_variable :__gss_c_nt_hostbased_service_oid_desc, GssOID
       attach_variable :__gss_c_nt_export_name_oid_desc, GssOID
       LibGSSAPI.const_set("GSS_C_NT_HOSTBASED_SERVICE", FFI::Pointer.new(__gss_c_nt_hostbased_service_oid_desc.to_ptr))
       LibGSSAPI.const_set("GSS_C_NT_EXPORT_NAME", FFI::Pointer.new(__gss_c_nt_export_name_oid_desc.to_ptr))
     end
 
-    # Heimdal supported the *_iov functions befor MIT did so in some OS distributions if
+    # Heimdal supported the *_iov functions before MIT did so in some OS distributions if
     # you need IOV support and MIT does not provide it try the Heimdal libs and then
     # before doing a "require 'gssapi'" do a "require 'gssapi/heimdal'" and that will attempt
     # to load the Heimdal libs

data/lib/gssapi/simple.rb

@@ -10,6 +10,7 @@ module GSSAPI
   class Simple
 
     attr_reader :context
+    attr_reader :delegated_credentials
 
     # Initialize a new GSSAPI::Simple object
     # @param [String] host_name the fully qualified host name
@@ -26,6 +27,7 @@ module GSSAPI
       @context = nil # the security context
       @scred = nil # the service credentials.  really only used for the server-side via acquire_credentials
       set_keytab(keytab) unless keytab.nil?
+      @delegated_credentials = nil
     end
 
 
@@ -61,7 +63,7 @@ module GSSAPI
     #   to the remote host.  Otherwise it returns true and the GSS security context has been established.
     def init_context(in_token = nil, opts = {})
       min_stat = FFI::MemoryPointer.new :OM_uint32
-      ctx = (@context.nil? ? LibGSSAPI::GssCtxIdT.gss_c_no_context.address_of : @context.address_of)
+      pctx = (@context.nil? ? LibGSSAPI::GssCtxIdT.gss_c_no_context.address_of : @context.address_of)
       mech = LibGSSAPI::GssOID.gss_c_no_oid
       if(opts[:flags])
         flags = opts[:flags]
@@ -78,7 +80,7 @@ module GSSAPI
 
       maj_stat = LibGSSAPI.gss_init_sec_context(min_stat,
                                                 nil,
-                                                ctx,
+                                                pctx,
                                                 @int_svc_name,
                                                 mech,
                                                 flags,
@@ -91,8 +93,13 @@ module GSSAPI
                                                 nil)
 
       raise GssApiError.new(maj_stat, min_stat), "gss_init_sec_context did not return GSS_S_COMPLETE" if maj_stat > 1
-      
-      @context = LibGSSAPI::GssCtxIdT.new(ctx.get_pointer(0))
+
+      # The returned context may be equal to the passed in @context. If so, we
+      # must not create another AutoPointer to the same gss_buffer_t. If we do
+      # we will double delete it.
+      ctx = pctx.get_pointer(0)
+      @context = LibGSSAPI::GssCtxIdT.new(ctx) if ctx != @context
+
       maj_stat == 1 ? out_tok.value : true
     end
 
@@ -105,7 +112,7 @@ module GSSAPI
       raise GssApiError, "No credentials yet acquired. Call #{self.class.name}#acquire_credentials first" if @scred.nil?
 
       min_stat = FFI::MemoryPointer.new :OM_uint32
-      ctx = (@context.nil? ? LibGSSAPI::GssCtxIdT.gss_c_no_context.address_of : @context.address_of)
+      pctx = (@context.nil? ? LibGSSAPI::GssCtxIdT.gss_c_no_context.address_of : @context.address_of)
       no_chn_bind = LibGSSAPI::GSS_C_NO_CHANNEL_BINDINGS
       @client = FFI::MemoryPointer.new :pointer  # Will hold the initiating client name after the call
       mech = FFI::MemoryPointer.new :pointer  # Will hold the mech being used after the call
@@ -113,9 +120,10 @@ module GSSAPI
       in_tok.value = in_token
       out_tok = GSSAPI::LibGSSAPI::ManagedGssBufferDesc.new
       ret_flags = FFI::MemoryPointer.new :OM_uint32
+      delegated_cred_handle = FFI::MemoryPointer.new :pointer
 
       maj_stat = LibGSSAPI.gss_accept_sec_context(min_stat,
-                                                  ctx,
+                                                  pctx,
                                                   @scred,
                                                   in_tok.pointer,
                                                   no_chn_bind,
@@ -123,11 +131,21 @@ module GSSAPI
                                                   mech,
                                                   out_tok.pointer,
                                                   ret_flags,
-                                                  nil, nil)
+                                                  nil,
+                                                  delegated_cred_handle)
 
       raise GssApiError.new(maj_stat, min_stat), "gss_accept_sec_context did not return GSS_S_COMPLETE" if maj_stat > 1
 
-      @context = LibGSSAPI::GssCtxIdT.new(ctx.get_pointer(0))
+      if (ret_flags.read_uint32 & LibGSSAPI::GSS_C_DELEG_FLAG) != 0
+        @delegated_credentials = LibGSSAPI::GssCredIdT.new(delegated_cred_handle.get_pointer(0))
+      end
+
+      # The returned context may be equal to the passed in @context. If so, we
+      # must not create another AutoPointer to the same gss_buffer_t. If we do
+      # we will double delete it.
+      ctx = pctx.get_pointer(0)
+      @context = LibGSSAPI::GssCtxIdT.new(ctx) if ctx != @context
+
       out_tok.length > 0 ? out_tok.value : true
     end
 

metadata

@@ -1,45 +1,47 @@
 --- !ruby/object:Gem::Specification
 name: gssapi
 version: !ruby/object:Gem::Version
-  version: 1.1.2
-  prerelease: 
+  version: 1.2.0
 platform: ruby
 authors:
 - Dan Wanek
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-11-05 00:00:00.000000000 Z
+date: 2014-09-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: 1.0.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: 1.0.1
-description: ! "    A FFI wrapper around the system GSSAPI library. Please make sure
-  and read the\n    Yard docs or standard GSSAPI documentation if you have any questions.\n
-  \   \n    There is also a class called GSSAPI::Simple that wraps many of the common
-  features\n    used for GSSAPI.\n"
+description: |2
+      A FFI wrapper around the system GSSAPI library. Please make sure and read the
+      Yard docs or standard GSSAPI documentation if you have any questions.
+
+      There is also a class called GSSAPI::Simple that wraps many of the common features
+      used for GSSAPI.
 email: dan.wanek@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files:
-- README.textile
+- README.md
 - COPYING
+- Changelog.md
 files:
 - COPYING
-- README.textile
+- Changelog.md
+- Gemfile
+- README.md
 - Rakefile
 - VERSION
 - examples/gss_client.rb
@@ -50,6 +52,7 @@ files:
 - gssapi.gemspec
 - lib/gssapi.rb
 - lib/gssapi/exceptions.rb
+- lib/gssapi/extensions.rb
 - lib/gssapi/heimdal.rb
 - lib/gssapi/lib_gssapi.rb
 - lib/gssapi/lib_gssapi_loader.rb
@@ -58,7 +61,9 @@ files:
 - test/spec/gssapi_simple_spec.rb
 - test/spec/test_buffer_spec.rb
 homepage: http://github.com/zenchild/gssapi
-licenses: []
+licenses:
+- MIT
+metadata: {}
 post_install_message: 
 rdoc_options:
 - -x
@@ -68,21 +73,19 @@ rdoc_options:
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: 1.8.7
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.24
+rubygems_version: 2.2.2
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: A FFI wrapper around the system GSSAPI library.
 test_files: []

data/README.textile

@@ -1,16 +0,0 @@
-h1. Ruby GSSAPI Library
-
-p. This is a wrapper around the system GSSAPI library (MIT only at this time).  It exposes the low-level GSSAPI methods like gss_init_sec_context and gss_wrap and also provides an easier to use wrapper on top of this for common usage scenarios.
-
-
-p. I'm going to try and maintain most of the docs in the Github WIKI for this project so please check there for documentation and examples.
-
-https://github.com/zenchild/gssapi/wiki
-
-p. Also check out the examples directory for some stubbed out client/server examples.
-
-
-h4. License
-
-Copyright © 2010 Dan Wanek <dan.wanek@gmail.com>
-Ruby gssapi is licensed under the MIT license (see COPYING)