RubyGems - gssapi - Versions diffs - 1.0.3 → 1.1.0 - Mend

gssapi 1.0.3 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

data/VERSION +1 -1
data/examples/gss_iov_client.rb +55 -0
data/examples/gss_iov_helpers.rb +74 -0
data/examples/gss_iov_server.rb +67 -0
data/examples/gss_server.rb +2 -3
data/gssapi.gemspec +1 -1
data/lib/gssapi/lib_gssapi.rb +10 -21
data/lib/gssapi/lib_gssapi_loader.rb +58 -24
data/lib/gssapi/simple.rb +1 -1
metadata +35 -36

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 1.0.3
1	+ 1.1.0

data/examples/gss_iov_client.rb ADDED

@@ -0,0 +1,55 @@
+#!/usr/bin/env ruby
+$: << '../lib'
+$: << '.'
+#require 'gssapi/heimdal'
+require 'gssapi'
+require 'gss_iov_helpers'
+require 'base64'
+require 'socket'
+class GssIovClient
+  include GssIOVHelpers
+  def initialize
+    @host = 'example.org'
+    @service  = 'host'
+    @sock = TCPSocket.new(@host, 8082)
+    @gss = GSSAPI::Simple.new(@host, @service)
+  end
+  def run
+    handshake
+    begin
+      print "> "
+      msg = STDIN.gets.chomp
+      emsg = iov_encrypt(msg)
+      @sock.write("#{emsg.last}\n")
+    end while msg != 'exit'
+    @sock.close
+  end
+  private
+  def handshake
+    tok = @gss.init_context
+    stok = Base64.strict_encode64(tok)
+    @sock.write("#{stok}\n") # send initial token
+    stok = @sock.gets.chomp  # get back continuation token
+    ctx = @gss.init_context(Base64.strict_decode64(stok.chomp)) # complete security context
+    puts "Connection #{(ctx ? 'succeeded' : 'failed')}"
+  end
+  # Encrypt message
+  def msg_enc(msg)
+    emsg = @gss.wrap_message(msg)
+    Base64.strict_encode64(emsg)
+  end
+end
+cli = GssIovClient.new
+cli.run

data/examples/gss_iov_helpers.rb ADDED

@@ -0,0 +1,74 @@
+module GssIOVHelpers
+  def iov_encrypt(str)
+    iov_cnt = 3
+    iov = FFI::MemoryPointer.new(GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * iov_cnt)
+    iov0 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address))
+    iov0[:type] = (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_HEADER | GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_FLAG_ALLOCATE)
+    iov1 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 1)))
+    iov1[:type] =  (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_DATA)
+    iov1[:buffer].value = str
+    iov2 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 2)))
+    iov2[:type] = (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_PADDING | GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_FLAG_ALLOCATE)
+    conf_state = FFI::MemoryPointer.new :uint32
+    min_stat = FFI::MemoryPointer.new :uint32
+    maj_stat = GSSAPI::LibGSSAPI.gss_wrap_iov(min_stat, @gss.context, 1, GSSAPI::LibGSSAPI::GSS_C_QOP_DEFAULT, conf_state, iov, iov_cnt)
+    token = [iov0[:buffer].length].pack('L')
+    token += iov0[:buffer].value
+    token += iov1[:buffer].value
+    pad_len = iov2[:buffer].length
+    token += iov2[:buffer].value if pad_len > 0
+    [pad_len, token]
+  end
+  # @return [String] the unencrypted response string
+  def iov_decrypt(str)
+    puts "Decrypting message:\n#{str}"
+    iov_cnt = 3
+    iov = FFI::MemoryPointer.new(GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * iov_cnt)
+    iov0 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address))
+    iov0[:type] = (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_HEADER | GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_FLAG_ALLOCATE)
+    iov1 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 1)))
+    iov1[:type] =  (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_DATA)
+    iov2 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 2)))
+    iov2[:type] =  (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_DATA)
+    str.force_encoding('BINARY')
+    #str.sub!(/^.*Content-Type: application\/octet-stream\r\n(.*)--Encrypted.*$/m, '\1')
+    len = str.unpack("L").first
+    puts "LEN: #{len}"
+    iov_data = str.unpack("LA#{len}A*")
+    iov0[:buffer].value = iov_data[1]
+    iov1[:buffer].value = iov_data[2]
+    min_stat = FFI::MemoryPointer.new :uint32
+    conf_state = FFI::MemoryPointer.new :uint32
+    conf_state.write_int(1)
+    qop_state = FFI::MemoryPointer.new :uint32
+    qop_state.write_int(0)
+    puts "Unwrapping IOV...."
+    maj_stat = GSSAPI::LibGSSAPI.gss_unwrap_iov(min_stat, @gss.context, conf_state, qop_state, iov, iov_cnt)
+    puts "Done Unwrapping IOV...."
+    if(maj_stat == 0)
+      puts "Success!!!"
+    else
+      puts "GSSAPI Failure. Status Codes(major: #{maj_stat}, minor: #{min_stat.read_int})"
+    end
+    puts "???HELLO???"
+    iov1[:buffer].value
+  end
+end

data/examples/gss_iov_server.rb ADDED

@@ -0,0 +1,67 @@
+#!/usr/bin/env ruby
+$: << '../lib'
+$: << '.'
+#require 'gssapi/heimdal'
+require 'gssapi'
+require 'gss_iov_helpers'
+require 'base64'
+require 'socket'
+class GssIovServer
+  include GssIOVHelpers
+  def initialize
+    @host = 'example.org'
+    @service  = "host"
+    @keytab = "#{ENV['HOME']}/.gssapi/krb5.keytab"  # this is optional, but probably required if not running as root
+    @port = 8082
+    @tcpsrv = TCPServer.new(@host, @port)
+  end
+  def runner
+    loop do
+      puts "Listening on port #{@port}"
+      Thread.start(@tcpsrv.accept) do |s|
+        init_krb
+        handshake(s)
+        begin
+          emsg = (s.gets.chomp)
+          puts "---> Received: #{emsg}"
+          msg  = iov_decrypt(emsg)
+          puts "===> Received: #{msg}"
+        end while msg != 'exit'
+        print(s, "Closing Socket\n")
+        s.close
+        puts "Closed...."
+      end
+    end
+  end
+  private
+  def init_krb
+    @gss = GSSAPI::Simple.new(@host, @service, @keytab)
+    @gss.acquire_credentials
+    puts "HELLO"
+  end
+  def handshake(sock)
+    print(sock, "Accepted Connection\n")
+    stok = sock.gets.chomp
+    print(sock, "Received string#{stok}\n")
+    otok = @gss.accept_context(Base64.strict_decode64(stok.chomp))
+    sock.write("#{Base64.strict_encode64(otok)}\n")
+  end
+  # Decrypt message
+  def msg_dec(msg)
+    @gss.unwrap_message(Base64.strict_decode64(msg.chomp))
+  end
+end
+gserv = GssIovServer.new
+gserv.runner

data/examples/gss_server.rb CHANGED

@@ -9,14 +9,13 @@ keytab = "#{ENV['HOME']}/.gssapi/krb5.keytab"  # this is optional, but probably
 tcpsrv = TCPServer.new(host, 8082)
-srv = GSSAPI::Simple.new(host, service, keytab)
-srv.acquire_credentials
 loop do
   Thread.start(tcpsrv.accept) do |s|
     print(s, "Accepted Connection\n")
     stok = s.gets.chomp
     print(s, "Received string#{stok}\n")
+    srv = GSSAPI::Simple.new(host, service, keytab)
+    srv.acquire_credentials
     otok = srv.accept_context(Base64.strict_decode64(stok.chomp))
     s.write("#{Base64.strict_encode64(otok)}\n")

data/gssapi.gemspec CHANGED

@@ -28,6 +28,6 @@ Gem::Specification.new do |gem|
   gem.rdoc_options	= %w(-x test/ -x examples/)
   gem.extra_rdoc_files = %w(README.textile COPYING)
-  gem.required_ruby_version	= '>= 1.9.1'
+  gem.required_ruby_version	= '>= 1.8.7'
   gem.add_runtime_dependency  'ffi', '>= 1.0.1'
 end

data/lib/gssapi/lib_gssapi.rb CHANGED

@@ -15,15 +15,6 @@ module GSSAPI
     # void *memcpy(void *dest, const void *src, size_t n);
     attach_function :memcpy, [:pointer, :pointer, :size_t], :pointer
-    class GssOID < FFI::Struct
-      layout  :length   =>  :OM_uint32,
-        :elements => :pointer # pointer of :void
-      def self.gss_c_no_oid
-        self.new(GSSAPI::LibGSSAPI::GSS_C_NO_OID)
-      end
-    end
     # This is a generic Managed Struct subclass that hides the [] methods.
     # Classes that implement this class should provide accessor methods to get to the attributes.
     class GssMStruct < FFI::ManagedStruct
@@ -56,8 +47,8 @@ module GSSAPI
     module GssBufferDescLayout
       def self.included(base)
         base.class_eval do
-          layout :length => :OM_uint32,
-            :value => :pointer # pointer of :void
+          layout :length, :OM_uint32,
+            :value, :pointer # pointer of :void
           def length
             self[:length]
@@ -142,16 +133,16 @@ module GSSAPI
     #   iov_buff[:buffer][:length] = str.size
     #   iov_buff[:buffer][:value] = str
     class GssIOVBufferDesc < FFI::Struct
-      layout  :type   => :OM_uint32,
-              :buffer => UnManagedGssBufferDesc
+      layout :type, :OM_uint32,
+        :buffer, UnManagedGssBufferDesc
     end
     class GssChannelBindingsStruct < FFI::Struct
-      layout  :initiator_addrtype => :OM_uint32,
-        :initiator_address  => UnManagedGssBufferDesc,
-        :acceptor_addrtype  => :OM_uint32,
-        :acceptor_address   => UnManagedGssBufferDesc,
-        :application_data   => UnManagedGssBufferDesc
+      layout :initiator_addrtype, :OM_uint32,
+        :initiator_address, UnManagedGssBufferDesc,
+        :acceptor_addrtype, :OM_uint32,
+        :acceptor_address, UnManagedGssBufferDesc,
+        :application_data, UnManagedGssBufferDesc
       no_chn_bind = FFI::MemoryPointer.new :pointer  #
       no_chn_bind.write_int 0
@@ -199,6 +190,7 @@ module GSSAPI
     # gss_cred_id_t
     class GssCredIdT < GssPointer
       def self.release_ptr(cred_ptr)
+        puts "Releasing gss_cred_id_t at #{cred_ptr.address.to_s(16)}" if $DEBUG
         min_stat = FFI::MemoryPointer.new :OM_uint32
         maj_stat = LibGSSAPI.gss_release_cred(min_stat, cred_ptr)
       end
@@ -335,9 +327,6 @@ module GSSAPI
     # Variable definitions
     # --------------------
-    attach_variable :GSS_C_NT_HOSTBASED_SERVICE, :pointer # type gss_OID
-    attach_variable :GSS_C_NT_EXPORT_NAME, :pointer # type gss_OID
     # Flag bits for context-level services.
     GSS_C_DELEG_FLAG        = 1
     GSS_C_MUTUAL_FLAG       = 2

data/lib/gssapi/lib_gssapi_loader.rb CHANGED

@@ -6,35 +6,69 @@ Licensed under the MIT License: http://www.opensource.org/licenses/mit-license.p
 module GSSAPI
   module LibGSSAPI
+    class GssOID < FFI::Struct
+      layout  :length, :OM_uint32,
+        :elements, :pointer # pointer of :void
+      def self.gss_c_no_oid
+        self.new(GSSAPI::LibGSSAPI::GSS_C_NO_OID)
+      end
+    end
+    def self.load_mit
+      case RUBY_PLATFORM
+      when /linux/
+        gssapi_lib = 'libgssapi_krb5.so.2'
+      when /darwin/
+        gssapi_lib = '/usr/lib/libgssapi_krb5.dylib'
+      when /mswin|mingw32|windows/
+        # Pull the gssapi32 path from the environment if it exist, otherwise use the default in Program Files
+        gssapi32_path = ENV['gssapi32'] ? ENV['gssapi32'] : 'C:\Program Files (x86)\MIT\Kerberos\bin\gssapi32.dll'
+        ffi_lib gssapi32_path, FFI::Library::LIBC  # Required the MIT Kerberos libraries to be installed
+        ffi_convention :stdcall
+      else
+        raise LoadError, "This platform (#{RUBY_PLATFORM}) is not supported by ruby gssapi and the MIT libraries."
+      end
+      ffi_lib gssapi_lib, FFI::Library::LIBC
+      # -------------------- MIT Specifics --------------------
+      attach_variable :__GSS_C_NT_HOSTBASED_SERVICE, :GSS_C_NT_HOSTBASED_SERVICE, :pointer # type gss_OID
+      attach_variable :__GSS_C_NT_EXPORT_NAME, :GSS_C_NT_EXPORT_NAME, :pointer # type gss_OID
+      LibGSSAPI.const_set("GSS_C_NT_HOSTBASED_SERVICE", __GSS_C_NT_HOSTBASED_SERVICE)
+      LibGSSAPI.const_set("GSS_C_NT_EXPORT_NAME", __GSS_C_NT_EXPORT_NAME)
+    end
+    def self.load_heimdal
+      case RUBY_PLATFORM
+      when /linux/
+        gssapi_lib = 'libgssapi.so.3'
+      when /darwin/
+        # use Heimdal Kerberos since Mac MIT Kerberos is OLD. Do a "require 'gssapi/heimdal'" first
+        gssapi_lib = '/usr/heimdal/lib/libgssapi.dylib'
+      else
+        raise LoadError, "This platform (#{RUBY_PLATFORM}) is not supported by ruby gssapi and the Heimdal libraries."
+      end
+      ffi_lib gssapi_lib, FFI::Library::LIBC
+      # ------------------ Heimdal Specifics ------------------
+      attach_variable :__gss_c_nt_hostbased_service_oid_desc, GssOID
+      attach_variable :__gss_c_nt_export_name_oid_desc, GssOID
+      LibGSSAPI.const_set("GSS_C_NT_HOSTBASED_SERVICE", FFI::Pointer.new(__gss_c_nt_hostbased_service_oid_desc.to_ptr))
+      LibGSSAPI.const_set("GSS_C_NT_EXPORT_NAME", FFI::Pointer.new(__gss_c_nt_export_name_oid_desc.to_ptr))
+    end
     # Heimdal supported the *_iov functions befor MIT did so in some OS distributions if
     # you need IOV support and MIT does not provide it try the Heimdal libs and then
     # before doing a "require 'gssapi'" do a "require 'gssapi/heimdal'" and that will attempt
     # to load the Heimdal libs
-    case RUBY_PLATFORM
-    when /linux/
-      case GSSAPI_LIB_TYPE
-      when :mit
-        GSSAPI_LIB = 'libgssapi_krb5.so.2'
-      when :heimdal
-        GSSAPI_LIB = 'libgssapi.so.2'
-      end
-      ffi_lib GSSAPI_LIB, FFI::Library::LIBC
-    when /darwin/
-      case GSSAPI_LIB_TYPE
-      when :mit
-        GSSAPI_LIB = '/usr/lib/libgssapi_krb5.dylib'
-      when :heimdal
-        # use Heimdal Kerberos since Mac MIT Kerberos is OLD. Do a "require 'gssapi/heimdal'" first
-        GSSAPI_LIB = '/usr/heimdal/lib/libgssapi.dylib'
-      end
-      ffi_lib GSSAPI_LIB, FFI::Library::LIBC
-    when /mswin|mingw32|windows/
-      # Pull the gssapi32 path from the environment if it exist, otherwise use the default in Program Files
-      gssapi32_path = ENV['gssapi32'] ? ENV['gssapi32'] : 'C:\Program Files (x86)\MIT\Kerberos\bin\gssapi32.dll'
-      ffi_lib gssapi32_path, FFI::Library::LIBC  # Required the MIT Kerberos libraries to be installed
-      ffi_convention :stdcall
+    case GSSAPI_LIB_TYPE
+    when :mit
+      load_mit
+    when :heimdal
+      load_heimdal
     else
-      raise LoadError, "This platform (#{RUBY_PLATFORM}) is not supported by ruby gssapi."
+      raise LoadError, "Unexpected Lib type: #{GSSAPI_LIB_TYPE}"
     end
   end

data/lib/gssapi/simple.rb CHANGED

@@ -38,7 +38,7 @@ module GSSAPI
       if (str =~ /[A-Za-z0-9]+\/[^@]+@.+$/)
         mech = LibGSSAPI::GssOID.gss_c_no_oid
       else
-        mech = LibGSSAPI.GSS_C_NT_HOSTBASED_SERVICE
+        mech = LibGSSAPI::GSS_C_NT_HOSTBASED_SERVICE
       end
       name = FFI::MemoryPointer.new :pointer # gss_name_t
       min_stat = FFI::MemoryPointer.new :OM_uint32

metadata CHANGED

@@ -1,43 +1,46 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: gssapi
-version: !ruby/object:Gem::Version
+version: !ruby/object:Gem::Version
+  version: 1.1.0
   prerelease:
-  version: 1.0.3
 platform: ruby
-authors:
+authors:
 - Dan Wanek
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-11-07 00:00:00 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2012-02-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: ffi
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement
+  requirement: &17171140 !ruby/object:Gem::Requirement
     none: false
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 1.0.1
   type: :runtime
-  version_requirements: *id001
-description: "    A FFI wrapper around the system GSSAPI library. Please make sure and read the\n    Yard docs or standard GSSAPI documentation if you have any questions.\n    \n    There is also a class called GSSAPI::Simple that wraps many of the common features\n    used for GSSAPI.\n"
+  prerelease: false
+  version_requirements: *17171140
+description: ! "    A FFI wrapper around the system GSSAPI library. Please make sure
+  and read the\n    Yard docs or standard GSSAPI documentation if you have any questions.\n
+  \   \n    There is also a class called GSSAPI::Simple that wraps many of the common
+  features\n    used for GSSAPI.\n"
 email: dan.wanek@gmail.com
 executables: []
 extensions: []
-extra_rdoc_files:
+extra_rdoc_files:
 - README.textile
 - COPYING
-files:
+files:
 - COPYING
 - README.textile
 - Rakefile
 - VERSION
 - examples/gss_client.rb
+- examples/gss_iov_client.rb
+- examples/gss_iov_helpers.rb
+- examples/gss_iov_server.rb
 - examples/gss_server.rb
 - gssapi.gemspec
 - lib/gssapi.rb
@@ -51,34 +54,30 @@ files:
 - test/spec/test_buffer_spec.rb
 homepage: http://github.com/zenchild/gssapi
 licenses: []
 post_install_message:
-rdoc_options:
+rdoc_options:
 - -x
 - test/
 - -x
 - examples/
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      version: 1.9.1
-required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: 1.8.7
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.11
+rubygems_version: 1.8.10
 signing_key:
 specification_version: 3
 summary: A FFI wrapper around the system GSSAPI library.
 test_files: []
-has_rdoc: