gssapi 1.2.0 → 1.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.gitignore +11 -0
- data/Changelog.md +9 -0
- data/VERSION +1 -1
- data/examples/gss_iov_helpers.rb +1 -1
- data/gssapi.gemspec +2 -0
- data/lib/gssapi/lib_gssapi.rb +7 -2
- data/lib/gssapi/lib_gssapi_loader.rb +2 -0
- data/lib/gssapi/simple.rb +12 -1
- data/test/spec/gssapi_simple_spec.rb +54 -8
- data/test/spec/test_buffer_spec.rb +1 -1
- metadata +27 -13
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 3783cdc3cf7cac849ba482b3b03e5f73593f91beab95e31b8dfdd296a8cd0e4a
|
|
4
|
+
data.tar.gz: 11d7a7b367ad6f7e8f3420c094976dceee1bdedb7907bef5614e6a5846164cb4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 462afcc325ae6e9c0c3b63ba711569bda177c6443792031a857a01808ba63e9e5a90c0cc455518c431e39275dc68421b6b426a89bd6cb5bd61a5aebd53a04a3b
|
|
7
|
+
data.tar.gz: d76e23ca9d859dc7a11589c8490d92c455e6874336efc00a070442f695713aa5adcc008767fc3943176aaec8a4dfe0f86b5f70cfc003650ab33f0d4bfea9d916
|
data/.gitignore
ADDED
data/Changelog.md
CHANGED
|
@@ -12,3 +12,12 @@
|
|
|
12
12
|
|
|
13
13
|
## Version 1.2.0
|
|
14
14
|
* Move IOV and AEAD to gssapi/extensions.rb so it can be loaded separately when needed
|
|
15
|
+
|
|
16
|
+
## Version 1.3.0
|
|
17
|
+
|
|
18
|
+
Sorry everyone that this has taken so long to go out. I don't really work much
|
|
19
|
+
with GSSAPI so it hasn't been a priority for me.
|
|
20
|
+
|
|
21
|
+
* Implemented delegation and added verify_mic. Thanks @mfazekas
|
|
22
|
+
* Add loading of MIT GSS libs for solaris/smartos. Thanks @fac
|
|
23
|
+
* Fix corruption in iov_decrypt example. Thanks @Iristyle
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.3.1
|
data/examples/gss_iov_helpers.rb
CHANGED
data/gssapi.gemspec
CHANGED
data/lib/gssapi/lib_gssapi.rb
CHANGED
|
@@ -179,11 +179,13 @@ module GSSAPI
|
|
|
179
179
|
class GssCtxIdT < GssPointer
|
|
180
180
|
def self.release_ptr(context_ptr)
|
|
181
181
|
min_stat = FFI::MemoryPointer.new :OM_uint32
|
|
182
|
-
|
|
182
|
+
ptr_p = FFI::MemoryPointer.new :pointer
|
|
183
|
+
ctx_ptr = ptr_p.write_pointer(context_ptr)
|
|
184
|
+
maj_stat = LibGSSAPI.gss_delete_sec_context(min_stat, ctx_ptr, LibGSSAPI::GSS_C_NO_BUFFER)
|
|
183
185
|
end
|
|
184
186
|
|
|
185
187
|
def self.gss_c_no_context
|
|
186
|
-
|
|
188
|
+
GssPointer.new(GSSAPI::LibGSSAPI::GSS_C_NO_CONTEXT)
|
|
187
189
|
end
|
|
188
190
|
end
|
|
189
191
|
|
|
@@ -281,6 +283,9 @@ module GSSAPI
|
|
|
281
283
|
# OM_uint32 gss_get_mic(OM_uint32 * minor_status, const gss_ctx_id_t context_handle, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer)
|
|
282
284
|
attach_function :gss_get_mic, [:pointer, :pointer, :OM_uint32, :pointer, :pointer], :OM_uint32
|
|
283
285
|
|
|
286
|
+
# OM_uint32 gss_verify_mic (OM_uint32 *minor_status,const gss_ctx_id_t context_handle, const gss_buffer_t message_buffer,const gss_buffer_t token_buffer, gss_qop_t qop_state)
|
|
287
|
+
attach_function :gss_verify_mic, [:pointer, :pointer, :pointer, :pointer, :OM_uint32], :OM_uint32
|
|
288
|
+
|
|
284
289
|
# OM_uint32 gss_delete_sec_context(OM_uint32 * minor_status, gss_ctx_id_t * context_handle, gss_buffer_t output_token);
|
|
285
290
|
attach_function :gss_delete_sec_context, [:pointer, :pointer, :pointer], :OM_uint32
|
|
286
291
|
|
|
@@ -30,6 +30,8 @@ module GSSAPI
|
|
|
30
30
|
gssapi32_path = ENV['gssapi32'] ? ENV['gssapi32'] : 'C:\Program Files (x86)\MIT\Kerberos\bin\gssapi32.dll'
|
|
31
31
|
ffi_lib gssapi32_path, FFI::Library::LIBC # Required the MIT Kerberos libraries to be installed
|
|
32
32
|
ffi_convention :stdcall
|
|
33
|
+
when /solaris/
|
|
34
|
+
ffi_lib 'libgss.so', 'mech_krb5.so', FFI::Library::LIBC
|
|
33
35
|
else
|
|
34
36
|
raise LoadError, "This host OS (#{host_os}) is not supported by ruby gssapi and the MIT libraries."
|
|
35
37
|
end
|
data/lib/gssapi/simple.rb
CHANGED
|
@@ -59,6 +59,7 @@ module GSSAPI
|
|
|
59
59
|
# @option opts [Fixnum] :flags override all other flags. If you set the :delegate option this option will override it.
|
|
60
60
|
# @see http://tools.ietf.org/html/rfc4121#section-4.1.1.1
|
|
61
61
|
# @option opts [Boolean] :delegate if true set the credential delegate flag
|
|
62
|
+
# [Credentials] :credentials set to open the context in behalf of someone (delegated_credentials)
|
|
62
63
|
# @return [String, true] if a continuation flag is set it will return the output token that is needed to send
|
|
63
64
|
# to the remote host. Otherwise it returns true and the GSS security context has been established.
|
|
64
65
|
def init_context(in_token = nil, opts = {})
|
|
@@ -79,7 +80,7 @@ module GSSAPI
|
|
|
79
80
|
|
|
80
81
|
|
|
81
82
|
maj_stat = LibGSSAPI.gss_init_sec_context(min_stat,
|
|
82
|
-
|
|
83
|
+
opts[:credentials],
|
|
83
84
|
pctx,
|
|
84
85
|
@int_svc_name,
|
|
85
86
|
mech,
|
|
@@ -162,6 +163,16 @@ module GSSAPI
|
|
|
162
163
|
out_buff.value
|
|
163
164
|
end
|
|
164
165
|
|
|
166
|
+
def verify_mic(token,mic)
|
|
167
|
+
min_stat = FFI::MemoryPointer.new :OM_uint32
|
|
168
|
+
in_buff = GSSAPI::LibGSSAPI::UnManagedGssBufferDesc.new
|
|
169
|
+
in_buff.value = token
|
|
170
|
+
mic_buff = GSSAPI::LibGSSAPI::UnManagedGssBufferDesc.new
|
|
171
|
+
mic_buff.value = mic
|
|
172
|
+
maj_stat = GSSAPI::LibGSSAPI.gss_verify_mic(min_stat, @context, in_buff.pointer, mic_buff.pointer, 0)
|
|
173
|
+
raise GssApiError.new(maj_stat, min_stat), "Failed to gss_verify_mic" if maj_stat != 0
|
|
174
|
+
return (maj_stat == 0)
|
|
175
|
+
end
|
|
165
176
|
|
|
166
177
|
# Get textual representation of internal GSS name
|
|
167
178
|
# @return [String] textual representation of internal GSS name
|
|
@@ -6,19 +6,65 @@ require 'yaml'
|
|
|
6
6
|
|
|
7
7
|
describe GSSAPI::Simple, 'Test the Simple GSSAPI interface' do
|
|
8
8
|
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
let(:conf) { YAML.load_file "#{File.dirname(__FILE__)}/conf_file.yaml" }
|
|
10
|
+
let(:cli) { GSSAPI::Simple.new(conf['s_host'], conf['s_service']) }
|
|
11
|
+
let(:srv ) { GSSAPI::Simple.new(conf['s_host'], conf['s_service'], conf['keytab']) }
|
|
12
12
|
|
|
13
13
|
it 'should get the initial context for a client' do
|
|
14
|
-
|
|
15
|
-
token
|
|
16
|
-
token.should_not be_empty
|
|
14
|
+
token = cli.init_context
|
|
15
|
+
expect(token).not_to be_empty
|
|
17
16
|
end
|
|
18
17
|
|
|
19
18
|
it 'should acquire credentials for a server service' do
|
|
20
|
-
|
|
21
|
-
gsscli.acquire_credentials.should be_true
|
|
19
|
+
expect(srv.acquire_credentials).to eq(true)
|
|
22
20
|
end
|
|
23
21
|
|
|
22
|
+
def play_handshake(cli,srv,clioptions={})
|
|
23
|
+
clitoken = cli.init_context(nil, clioptions)
|
|
24
|
+
expect(clitoken).not_to be_empty
|
|
25
|
+
|
|
26
|
+
expect(srv.acquire_credentials).to eq(true)
|
|
27
|
+
|
|
28
|
+
srvoktok = srv.accept_context(clitoken)
|
|
29
|
+
expect(srvoktok).not_to be_empty
|
|
30
|
+
|
|
31
|
+
ret = cli.init_context(srvoktok)
|
|
32
|
+
expect(ret).to eq(true)
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
it 'client server should handshake' do
|
|
36
|
+
play_handshake(cli,srv)
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
it 'mic' do
|
|
40
|
+
play_handshake(cli,srv)
|
|
41
|
+
|
|
42
|
+
secret = "this is secreta"
|
|
43
|
+
|
|
44
|
+
mic = cli.get_mic(secret)
|
|
45
|
+
|
|
46
|
+
expect(srv.verify_mic(secret,mic)).to eq(true)
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
context "no delegation" do
|
|
50
|
+
it "sets delegated_credentials to nil" do
|
|
51
|
+
play_handshake(cli,srv,:delegate => false)
|
|
52
|
+
expect(srv.delegated_credentials).to be_nil
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
describe "delegation" do
|
|
57
|
+
it "sets delegated_credentials to valid" do
|
|
58
|
+
play_handshake(cli,srv,:delegate => true)
|
|
59
|
+
expect(srv.delegated_credentials).not_to be_nil
|
|
60
|
+
delegated_display_name = srv.display_name
|
|
61
|
+
|
|
62
|
+
host2 = conf['s_host2'] || conf['s_host']
|
|
63
|
+
service2 = conf['s_service2'] || conf['s_service']
|
|
64
|
+
cli_del = GSSAPI::Simple.new(host2, service2)
|
|
65
|
+
srv_del = GSSAPI::Simple.new(host2, service2, conf['keytab2'])
|
|
66
|
+
play_handshake(cli_del,srv_del,:credentials => srv.delegated_credentials)
|
|
67
|
+
expect(srv_del.display_name).to eq(delegated_display_name)
|
|
68
|
+
end
|
|
69
|
+
end
|
|
24
70
|
end
|
metadata
CHANGED
|
@@ -1,29 +1,43 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gssapi
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dan Wanek
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-11-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- -
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: 1.0.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- -
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: 1.0.1
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: pry-byebug
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - ">="
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '0'
|
|
34
|
+
type: :development
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - ">="
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: '0'
|
|
27
41
|
description: |2
|
|
28
42
|
A FFI wrapper around the system GSSAPI library. Please make sure and read the
|
|
29
43
|
Yard docs or standard GSSAPI documentation if you have any questions.
|
|
@@ -38,6 +52,7 @@ extra_rdoc_files:
|
|
|
38
52
|
- COPYING
|
|
39
53
|
- Changelog.md
|
|
40
54
|
files:
|
|
55
|
+
- ".gitignore"
|
|
41
56
|
- COPYING
|
|
42
57
|
- Changelog.md
|
|
43
58
|
- Gemfile
|
|
@@ -64,28 +79,27 @@ homepage: http://github.com/zenchild/gssapi
|
|
|
64
79
|
licenses:
|
|
65
80
|
- MIT
|
|
66
81
|
metadata: {}
|
|
67
|
-
post_install_message:
|
|
82
|
+
post_install_message:
|
|
68
83
|
rdoc_options:
|
|
69
|
-
- -x
|
|
84
|
+
- "-x"
|
|
70
85
|
- test/
|
|
71
|
-
- -x
|
|
86
|
+
- "-x"
|
|
72
87
|
- examples/
|
|
73
88
|
require_paths:
|
|
74
89
|
- lib
|
|
75
90
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
76
91
|
requirements:
|
|
77
|
-
- -
|
|
92
|
+
- - ">="
|
|
78
93
|
- !ruby/object:Gem::Version
|
|
79
94
|
version: 1.8.7
|
|
80
95
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
81
96
|
requirements:
|
|
82
|
-
- -
|
|
97
|
+
- - ">="
|
|
83
98
|
- !ruby/object:Gem::Version
|
|
84
99
|
version: '0'
|
|
85
100
|
requirements: []
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
signing_key:
|
|
101
|
+
rubygems_version: 3.0.8
|
|
102
|
+
signing_key:
|
|
89
103
|
specification_version: 4
|
|
90
104
|
summary: A FFI wrapper around the system GSSAPI library.
|
|
91
105
|
test_files: []
|