gssapi 1.0.3 → 1.1.0

data/VERSION

@@ -1 +1 @@
-1.0.3
+1.1.0

data/examples/gss_iov_client.rb

@@ -0,0 +1,55 @@
+#!/usr/bin/env ruby
+$: << '../lib'
+$: << '.'
+#require 'gssapi/heimdal'
+require 'gssapi'
+require 'gss_iov_helpers'
+require 'base64'
+require 'socket'
+
+class GssIovClient
+  include GssIOVHelpers
+
+  def initialize
+    @host = 'example.org'
+    @service  = 'host'
+    @sock = TCPSocket.new(@host, 8082)
+    @gss = GSSAPI::Simple.new(@host, @service)
+  end
+
+  def run
+    handshake
+    begin
+      print "> "
+      msg = STDIN.gets.chomp
+      emsg = iov_encrypt(msg)
+      @sock.write("#{emsg.last}\n")
+    end while msg != 'exit'
+
+    @sock.close
+  end
+
+
+  private
+
+  def handshake
+    tok = @gss.init_context
+    stok = Base64.strict_encode64(tok)
+
+    @sock.write("#{stok}\n") # send initial token
+    stok = @sock.gets.chomp  # get back continuation token
+    ctx = @gss.init_context(Base64.strict_decode64(stok.chomp)) # complete security context
+    puts "Connection #{(ctx ? 'succeeded' : 'failed')}"
+  end
+
+  # Encrypt message
+  def msg_enc(msg)
+    emsg = @gss.wrap_message(msg)
+    Base64.strict_encode64(emsg)
+  end
+
+end
+
+
+cli = GssIovClient.new
+cli.run

data/examples/gss_iov_helpers.rb

@@ -0,0 +1,74 @@
+module GssIOVHelpers
+
+  def iov_encrypt(str)
+    iov_cnt = 3
+    iov = FFI::MemoryPointer.new(GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * iov_cnt)
+
+    iov0 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address))
+    iov0[:type] = (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_HEADER | GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_FLAG_ALLOCATE)
+
+    iov1 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 1)))
+    iov1[:type] =  (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_DATA)
+    iov1[:buffer].value = str
+
+    iov2 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 2)))
+    iov2[:type] = (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_PADDING | GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_FLAG_ALLOCATE)
+
+    conf_state = FFI::MemoryPointer.new :uint32
+    min_stat = FFI::MemoryPointer.new :uint32
+
+    maj_stat = GSSAPI::LibGSSAPI.gss_wrap_iov(min_stat, @gss.context, 1, GSSAPI::LibGSSAPI::GSS_C_QOP_DEFAULT, conf_state, iov, iov_cnt)
+
+    token = [iov0[:buffer].length].pack('L')
+    token += iov0[:buffer].value
+    token += iov1[:buffer].value
+    pad_len = iov2[:buffer].length
+    token += iov2[:buffer].value if pad_len > 0
+    [pad_len, token]
+  end
+
+  # @return [String] the unencrypted response string
+  def iov_decrypt(str)
+    puts "Decrypting message:\n#{str}"
+    iov_cnt = 3
+    iov = FFI::MemoryPointer.new(GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * iov_cnt)
+
+    iov0 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address))
+    iov0[:type] = (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_HEADER | GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_FLAG_ALLOCATE)
+
+    iov1 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 1)))
+    iov1[:type] =  (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_DATA)
+
+    iov2 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 2)))
+    iov2[:type] =  (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_DATA)
+
+    str.force_encoding('BINARY')
+    #str.sub!(/^.*Content-Type: application\/octet-stream\r\n(.*)--Encrypted.*$/m, '\1')
+
+    len = str.unpack("L").first
+    puts "LEN: #{len}"
+    iov_data = str.unpack("LA#{len}A*")
+    iov0[:buffer].value = iov_data[1]
+    iov1[:buffer].value = iov_data[2]
+
+    min_stat = FFI::MemoryPointer.new :uint32
+    conf_state = FFI::MemoryPointer.new :uint32
+    conf_state.write_int(1)
+    qop_state = FFI::MemoryPointer.new :uint32
+    qop_state.write_int(0)
+
+    puts "Unwrapping IOV...."
+    maj_stat = GSSAPI::LibGSSAPI.gss_unwrap_iov(min_stat, @gss.context, conf_state, qop_state, iov, iov_cnt)
+    puts "Done Unwrapping IOV...."
+    if(maj_stat == 0)
+      puts "Success!!!"
+    else
+      puts "GSSAPI Failure. Status Codes(major: #{maj_stat}, minor: #{min_stat.read_int})"
+    end
+
+    puts "???HELLO???"
+
+    iov1[:buffer].value
+  end
+
+end

data/examples/gss_iov_server.rb

@@ -0,0 +1,67 @@
+#!/usr/bin/env ruby
+$: << '../lib'
+$: << '.'
+#require 'gssapi/heimdal'
+require 'gssapi'
+require 'gss_iov_helpers'
+require 'base64'
+require 'socket'
+
+class GssIovServer
+  include GssIOVHelpers
+
+  def initialize
+    @host = 'example.org'
+    @service  = "host"
+    @keytab = "#{ENV['HOME']}/.gssapi/krb5.keytab"  # this is optional, but probably required if not running as root
+    @port = 8082
+    @tcpsrv = TCPServer.new(@host, @port)
+  end
+
+  def runner
+    loop do
+      puts "Listening on port #{@port}"
+      Thread.start(@tcpsrv.accept) do |s|
+        init_krb
+        handshake(s)
+
+        begin
+          emsg = (s.gets.chomp)
+          puts "---> Received: #{emsg}"
+          msg  = iov_decrypt(emsg)
+          puts "===> Received: #{msg}"
+        end while msg != 'exit'
+
+        print(s, "Closing Socket\n")
+        s.close
+        puts "Closed...."
+      end
+    end
+  end
+
+
+  private
+
+  def init_krb
+    @gss = GSSAPI::Simple.new(@host, @service, @keytab)
+    @gss.acquire_credentials
+    puts "HELLO"
+  end
+
+  def handshake(sock)
+    print(sock, "Accepted Connection\n")
+    stok = sock.gets.chomp
+    print(sock, "Received string#{stok}\n")
+    otok = @gss.accept_context(Base64.strict_decode64(stok.chomp))
+    sock.write("#{Base64.strict_encode64(otok)}\n")
+  end
+
+  # Decrypt message
+  def msg_dec(msg)
+    @gss.unwrap_message(Base64.strict_decode64(msg.chomp))
+  end
+
+end
+
+gserv = GssIovServer.new
+gserv.runner

data/examples/gss_server.rb

@@ -9,14 +9,13 @@ keytab = "#{ENV['HOME']}/.gssapi/krb5.keytab"  # this is optional, but probably
 
 tcpsrv = TCPServer.new(host, 8082)
 
-srv = GSSAPI::Simple.new(host, service, keytab)
-srv.acquire_credentials
-
 loop do
   Thread.start(tcpsrv.accept) do |s|
     print(s, "Accepted Connection\n")
     stok = s.gets.chomp
     print(s, "Received string#{stok}\n")
+    srv = GSSAPI::Simple.new(host, service, keytab)
+    srv.acquire_credentials
     otok = srv.accept_context(Base64.strict_decode64(stok.chomp))
     s.write("#{Base64.strict_encode64(otok)}\n")
 

data/gssapi.gemspec

@@ -28,6 +28,6 @@ Gem::Specification.new do |gem|
   gem.rdoc_options	= %w(-x test/ -x examples/)
   gem.extra_rdoc_files = %w(README.textile COPYING)
 
-  gem.required_ruby_version	= '>= 1.9.1'
+  gem.required_ruby_version	= '>= 1.8.7'
   gem.add_runtime_dependency  'ffi', '>= 1.0.1'
 end

data/lib/gssapi/lib_gssapi.rb

@@ -15,15 +15,6 @@ module GSSAPI
     # void *memcpy(void *dest, const void *src, size_t n);
     attach_function :memcpy, [:pointer, :pointer, :size_t], :pointer
 
-    class GssOID < FFI::Struct
-      layout  :length   =>  :OM_uint32,
-        :elements => :pointer # pointer of :void
-
-      def self.gss_c_no_oid
-        self.new(GSSAPI::LibGSSAPI::GSS_C_NO_OID)
-      end
-    end
-
     # This is a generic Managed Struct subclass that hides the [] methods.
     # Classes that implement this class should provide accessor methods to get to the attributes.
     class GssMStruct < FFI::ManagedStruct
@@ -56,8 +47,8 @@ module GSSAPI
     module GssBufferDescLayout
       def self.included(base)
         base.class_eval do
-          layout :length => :OM_uint32,
-            :value => :pointer # pointer of :void
+          layout :length, :OM_uint32,
+            :value, :pointer # pointer of :void
 
           def length
             self[:length]
@@ -142,16 +133,16 @@ module GSSAPI
     #   iov_buff[:buffer][:length] = str.size
     #   iov_buff[:buffer][:value] = str
     class GssIOVBufferDesc < FFI::Struct
-      layout  :type   => :OM_uint32,
-              :buffer => UnManagedGssBufferDesc
+      layout :type, :OM_uint32,
+        :buffer, UnManagedGssBufferDesc
     end
 
     class GssChannelBindingsStruct < FFI::Struct
-      layout  :initiator_addrtype => :OM_uint32,
-        :initiator_address  => UnManagedGssBufferDesc,
-        :acceptor_addrtype  => :OM_uint32,
-        :acceptor_address   => UnManagedGssBufferDesc,
-        :application_data   => UnManagedGssBufferDesc
+      layout :initiator_addrtype, :OM_uint32,
+        :initiator_address, UnManagedGssBufferDesc,
+        :acceptor_addrtype, :OM_uint32,
+        :acceptor_address, UnManagedGssBufferDesc,
+        :application_data, UnManagedGssBufferDesc
 
       no_chn_bind = FFI::MemoryPointer.new :pointer  #
       no_chn_bind.write_int 0
@@ -199,6 +190,7 @@ module GSSAPI
     # gss_cred_id_t
     class GssCredIdT < GssPointer
       def self.release_ptr(cred_ptr)
+        puts "Releasing gss_cred_id_t at #{cred_ptr.address.to_s(16)}" if $DEBUG
         min_stat = FFI::MemoryPointer.new :OM_uint32
         maj_stat = LibGSSAPI.gss_release_cred(min_stat, cred_ptr)
       end
@@ -335,9 +327,6 @@ module GSSAPI
     # Variable definitions
     # --------------------
 
-    attach_variable :GSS_C_NT_HOSTBASED_SERVICE, :pointer # type gss_OID
-    attach_variable :GSS_C_NT_EXPORT_NAME, :pointer # type gss_OID
-
     # Flag bits for context-level services.
     GSS_C_DELEG_FLAG        = 1
     GSS_C_MUTUAL_FLAG       = 2

data/lib/gssapi/lib_gssapi_loader.rb

@@ -6,35 +6,69 @@ Licensed under the MIT License: http://www.opensource.org/licenses/mit-license.p
 module GSSAPI
   module LibGSSAPI
 
+    class GssOID < FFI::Struct
+      layout  :length, :OM_uint32,
+        :elements, :pointer # pointer of :void
+
+      def self.gss_c_no_oid
+        self.new(GSSAPI::LibGSSAPI::GSS_C_NO_OID)
+      end
+    end
+
+
+    def self.load_mit
+      case RUBY_PLATFORM
+      when /linux/
+        gssapi_lib = 'libgssapi_krb5.so.2'
+      when /darwin/
+        gssapi_lib = '/usr/lib/libgssapi_krb5.dylib'
+      when /mswin|mingw32|windows/
+        # Pull the gssapi32 path from the environment if it exist, otherwise use the default in Program Files
+        gssapi32_path = ENV['gssapi32'] ? ENV['gssapi32'] : 'C:\Program Files (x86)\MIT\Kerberos\bin\gssapi32.dll'
+        ffi_lib gssapi32_path, FFI::Library::LIBC  # Required the MIT Kerberos libraries to be installed
+        ffi_convention :stdcall
+      else
+        raise LoadError, "This platform (#{RUBY_PLATFORM}) is not supported by ruby gssapi and the MIT libraries."
+      end
+      ffi_lib gssapi_lib, FFI::Library::LIBC
+
+      # -------------------- MIT Specifics -------------------- 
+      attach_variable :__GSS_C_NT_HOSTBASED_SERVICE, :GSS_C_NT_HOSTBASED_SERVICE, :pointer # type gss_OID
+      attach_variable :__GSS_C_NT_EXPORT_NAME, :GSS_C_NT_EXPORT_NAME, :pointer # type gss_OID
+      LibGSSAPI.const_set("GSS_C_NT_HOSTBASED_SERVICE", __GSS_C_NT_HOSTBASED_SERVICE)
+      LibGSSAPI.const_set("GSS_C_NT_EXPORT_NAME", __GSS_C_NT_EXPORT_NAME)
+    end
+
+    def self.load_heimdal
+      case RUBY_PLATFORM
+      when /linux/
+        gssapi_lib = 'libgssapi.so.3'
+      when /darwin/
+        # use Heimdal Kerberos since Mac MIT Kerberos is OLD. Do a "require 'gssapi/heimdal'" first
+        gssapi_lib = '/usr/heimdal/lib/libgssapi.dylib'
+      else
+        raise LoadError, "This platform (#{RUBY_PLATFORM}) is not supported by ruby gssapi and the Heimdal libraries."
+      end
+      ffi_lib gssapi_lib, FFI::Library::LIBC
+
+      # ------------------ Heimdal Specifics ------------------ 
+      attach_variable :__gss_c_nt_hostbased_service_oid_desc, GssOID
+      attach_variable :__gss_c_nt_export_name_oid_desc, GssOID
+      LibGSSAPI.const_set("GSS_C_NT_HOSTBASED_SERVICE", FFI::Pointer.new(__gss_c_nt_hostbased_service_oid_desc.to_ptr))
+      LibGSSAPI.const_set("GSS_C_NT_EXPORT_NAME", FFI::Pointer.new(__gss_c_nt_export_name_oid_desc.to_ptr))
+    end
+
     # Heimdal supported the *_iov functions befor MIT did so in some OS distributions if
     # you need IOV support and MIT does not provide it try the Heimdal libs and then
     # before doing a "require 'gssapi'" do a "require 'gssapi/heimdal'" and that will attempt
     # to load the Heimdal libs
-    case RUBY_PLATFORM
-    when /linux/
-      case GSSAPI_LIB_TYPE
-      when :mit
-        GSSAPI_LIB = 'libgssapi_krb5.so.2'
-      when :heimdal
-        GSSAPI_LIB = 'libgssapi.so.2'
-      end
-      ffi_lib GSSAPI_LIB, FFI::Library::LIBC
-    when /darwin/
-      case GSSAPI_LIB_TYPE
-      when :mit
-        GSSAPI_LIB = '/usr/lib/libgssapi_krb5.dylib'
-      when :heimdal
-        # use Heimdal Kerberos since Mac MIT Kerberos is OLD. Do a "require 'gssapi/heimdal'" first
-        GSSAPI_LIB = '/usr/heimdal/lib/libgssapi.dylib'
-      end
-      ffi_lib GSSAPI_LIB, FFI::Library::LIBC
-    when /mswin|mingw32|windows/
-      # Pull the gssapi32 path from the environment if it exist, otherwise use the default in Program Files
-      gssapi32_path = ENV['gssapi32'] ? ENV['gssapi32'] : 'C:\Program Files (x86)\MIT\Kerberos\bin\gssapi32.dll'
-      ffi_lib gssapi32_path, FFI::Library::LIBC  # Required the MIT Kerberos libraries to be installed
-      ffi_convention :stdcall
+    case GSSAPI_LIB_TYPE
+    when :mit
+      load_mit
+    when :heimdal
+      load_heimdal
     else
-      raise LoadError, "This platform (#{RUBY_PLATFORM}) is not supported by ruby gssapi."
+      raise LoadError, "Unexpected Lib type: #{GSSAPI_LIB_TYPE}"
     end
 
   end

data/lib/gssapi/simple.rb

@@ -38,7 +38,7 @@ module GSSAPI
       if (str =~ /[A-Za-z0-9]+\/[^@]+@.+$/)
         mech = LibGSSAPI::GssOID.gss_c_no_oid
       else
-        mech = LibGSSAPI.GSS_C_NT_HOSTBASED_SERVICE
+        mech = LibGSSAPI::GSS_C_NT_HOSTBASED_SERVICE
       end
       name = FFI::MemoryPointer.new :pointer # gss_name_t
       min_stat = FFI::MemoryPointer.new :OM_uint32

metadata

@@ -1,43 +1,46 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: gssapi
-version: !ruby/object:Gem::Version 
+version: !ruby/object:Gem::Version
+  version: 1.1.0
   prerelease: 
-  version: 1.0.3
 platform: ruby
-authors: 
+authors:
 - Dan Wanek
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2011-11-07 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2012-02-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: ffi
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: &17171140 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 1.0.1
   type: :runtime
-  version_requirements: *id001
-description: "    A FFI wrapper around the system GSSAPI library. Please make sure and read the\n    Yard docs or standard GSSAPI documentation if you have any questions.\n    \n    There is also a class called GSSAPI::Simple that wraps many of the common features\n    used for GSSAPI.\n"
+  prerelease: false
+  version_requirements: *17171140
+description: ! "    A FFI wrapper around the system GSSAPI library. Please make sure
+  and read the\n    Yard docs or standard GSSAPI documentation if you have any questions.\n
+  \   \n    There is also a class called GSSAPI::Simple that wraps many of the common
+  features\n    used for GSSAPI.\n"
 email: dan.wanek@gmail.com
 executables: []
-
 extensions: []
-
-extra_rdoc_files: 
+extra_rdoc_files:
 - README.textile
 - COPYING
-files: 
+files:
 - COPYING
 - README.textile
 - Rakefile
 - VERSION
 - examples/gss_client.rb
+- examples/gss_iov_client.rb
+- examples/gss_iov_helpers.rb
+- examples/gss_iov_server.rb
 - examples/gss_server.rb
 - gssapi.gemspec
 - lib/gssapi.rb
@@ -51,34 +54,30 @@ files:
 - test/spec/test_buffer_spec.rb
 homepage: http://github.com/zenchild/gssapi
 licenses: []
-
 post_install_message: 
-rdoc_options: 
+rdoc_options:
 - -x
 - test/
 - -x
 - examples/
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: 1.9.1
-required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: 1.8.7
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.8.11
+rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3
 summary: A FFI wrapper around the system GSSAPI library.
 test_files: []
-
-has_rdoc: