gssapi 0.1.0 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- data/VERSION +1 -1
- data/lib/gssapi/lib_gssapi.rb +14 -9
- data/lib/gssapi/simple.rb +11 -7
- metadata +3 -3
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.1.
|
|
1
|
+
0.1.2
|
data/lib/gssapi/lib_gssapi.rb
CHANGED
|
@@ -27,6 +27,8 @@ module GSSAPI
|
|
|
27
27
|
when /linux/
|
|
28
28
|
# Some Ubuntu ship only with libgssapi_krb5, hence this hackery.
|
|
29
29
|
ffi_lib File.basename Dir.glob("/usr/lib/libgssapi*").sort.first, FFI::Library::LIBC
|
|
30
|
+
when /darwin/
|
|
31
|
+
ffi_lib '/usr/lib/libgssapi_krb5.dylib', FFI::Library::LIBC
|
|
30
32
|
when /win/
|
|
31
33
|
ffi_lib 'gssapi32' # Required the MIT Kerberos libraries to be installed
|
|
32
34
|
ffi_convention :stdcall
|
|
@@ -269,15 +271,18 @@ module GSSAPI
|
|
|
269
271
|
# min_stat = FFI::MemoryPointer.new :uint32
|
|
270
272
|
# Remember to free the allocated output_message_buffer with gss_release_buffer
|
|
271
273
|
attach_function :gss_wrap, [:pointer, :pointer, :int, :OM_uint32, :pointer, :pointer, :pointer], :OM_uint32
|
|
272
|
-
|
|
273
|
-
#
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
274
|
+
|
|
275
|
+
# Mac version of krb5 does not support *_iov
|
|
276
|
+
unless RUBY_PLATFORM =~ /darwin/
|
|
277
|
+
# OM_uint32 GSSAPI_LIB_FUNCTION gss_wrap_iov( OM_uint32 * minor_status, gss_ctx_id_t context_handle,
|
|
278
|
+
# int conf_req_flag, gss_qop_t qop_req, int * conf_state, gss_iov_buffer_desc * iov, int iov_count );
|
|
279
|
+
attach_function :gss_wrap_iov, [:pointer, :pointer, :int, :OM_uint32, :pointer, :pointer, :int], :OM_uint32
|
|
280
|
+
|
|
281
|
+
# OM_uint32 GSSAPI_LIB_FUNCTION gss_unwrap_iov ( OM_uint32 * minor_status, gss_ctx_id_t context_handle,
|
|
282
|
+
# int * conf_state, gss_qop_t * qop_state, gss_iov_buffer_desc * iov, int iov_count )
|
|
283
|
+
attach_function :gss_unwrap_iov, [:pointer, :pointer, :pointer, :pointer, :pointer, :int], :OM_uint32
|
|
284
|
+
end
|
|
285
|
+
|
|
281
286
|
# TODO: Missing from Heimdal
|
|
282
287
|
# OM_uint32 gss_wrap_aead(OM_uint32 * minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, gss_buffer_t input_assoc_buffer,
|
|
283
288
|
# gss_buffer_t input_payload_buffer, int * conf_state, gss_buffer_t output_message_buffer);
|
data/lib/gssapi/simple.rb
CHANGED
|
@@ -23,6 +23,8 @@ module GSSAPI
|
|
|
23
23
|
# something a bit more advanced you may want to check out the LibGSSAPI module.
|
|
24
24
|
class Simple
|
|
25
25
|
|
|
26
|
+
attr_reader :context
|
|
27
|
+
|
|
26
28
|
# Initialize a new GSSAPI::Simple object
|
|
27
29
|
# @param [String] host_name the fully qualified host name
|
|
28
30
|
# @param [String] service_name the service name. This can either be in the form svc@example.org
|
|
@@ -43,10 +45,12 @@ module GSSAPI
|
|
|
43
45
|
def import_name(str)
|
|
44
46
|
buff_str = LibGSSAPI::GssBufferDesc.new
|
|
45
47
|
buff_str.value = str
|
|
48
|
+
mech = LibGSSAPI::GssOID.gss_c_no_oid
|
|
49
|
+
#mech = LibGSSAPI.GSS_C_NT_HOSTBASED_SERVICE
|
|
46
50
|
name = FFI::MemoryPointer.new :pointer # gss_name_t
|
|
47
51
|
min_stat = FFI::MemoryPointer.new :uint32
|
|
48
52
|
|
|
49
|
-
maj_stat = LibGSSAPI.gss_import_name(min_stat, buff_str.pointer,
|
|
53
|
+
maj_stat = LibGSSAPI.gss_import_name(min_stat, buff_str.pointer, mech, name)
|
|
50
54
|
raise GssApiError, "gss_import_name did not return GSS_S_COMPLETE. Error code: maj: #{maj_stat}, min: #{min_stat.read_int}" if maj_stat != 0
|
|
51
55
|
|
|
52
56
|
LibGSSAPI::GssNameT.new(name.get_pointer(0))
|
|
@@ -139,26 +143,26 @@ module GSSAPI
|
|
|
139
143
|
|
|
140
144
|
# Acquire security credentials. This does not log you in. It grabs the credentials from a cred cache or keytab.
|
|
141
145
|
# @param [Hash] opts options to pass to the gss_acquire_cred function.
|
|
142
|
-
# @option opts [String] :usage The credential usage type (
|
|
146
|
+
# @option opts [String] :usage The credential usage type (:accept, :initiate, :both). It defaults to 'accept' since
|
|
143
147
|
# this method is most usually called on the server only.
|
|
144
148
|
# @return [true] It will return true if everything succeeds and the @scred variable will be set for future methods. If
|
|
145
149
|
# an error ocurrs an exception will be raised.
|
|
146
|
-
def acquire_credentials(opts = {:usage =>
|
|
150
|
+
def acquire_credentials(princ = @int_svc_name, opts = {:usage => :accept})
|
|
147
151
|
min_stat = FFI::MemoryPointer.new :uint32
|
|
148
152
|
scred = FFI::MemoryPointer.new :pointer
|
|
149
153
|
|
|
150
154
|
case opts[:usage]
|
|
151
|
-
when
|
|
155
|
+
when :accept
|
|
152
156
|
usage = LibGSSAPI::GSS_C_ACCEPT
|
|
153
|
-
when
|
|
157
|
+
when :initiate
|
|
154
158
|
usage = LibGSSAPI::GSS_C_INITIATE
|
|
155
|
-
when
|
|
159
|
+
when :both
|
|
156
160
|
usage = LibGSSAPI::GSS_C_BOTH
|
|
157
161
|
else
|
|
158
162
|
raise GssApiError, "Bad option passed to #{self.class.name}#acquire_credentials"
|
|
159
163
|
end
|
|
160
164
|
|
|
161
|
-
maj_stat = LibGSSAPI.gss_acquire_cred(min_stat,
|
|
165
|
+
maj_stat = LibGSSAPI.gss_acquire_cred(min_stat, princ, 0, LibGSSAPI::GSS_C_NO_OID_SET, usage, scred, nil, nil)
|
|
162
166
|
raise GssApiError, "gss_acquire_cred did not return GSS_S_COMPLETE. Error code: maj: #{maj_stat}, min: #{min_stat.read_int}" if maj_stat != 0
|
|
163
167
|
|
|
164
168
|
@scred = LibGSSAPI::GssCredIdT.new(scred.get_pointer(0))
|
metadata
CHANGED
|
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
|
5
5
|
segments:
|
|
6
6
|
- 0
|
|
7
7
|
- 1
|
|
8
|
-
-
|
|
9
|
-
version: 0.1.
|
|
8
|
+
- 2
|
|
9
|
+
version: 0.1.2
|
|
10
10
|
platform: ruby
|
|
11
11
|
authors:
|
|
12
12
|
- Dan Wanek
|
|
@@ -14,7 +14,7 @@ autorequire:
|
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
16
|
|
|
17
|
-
date: 2011-01-
|
|
17
|
+
date: 2011-01-28 00:00:00 -06:00
|
|
18
18
|
default_executable:
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|