gssapi 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.gitignore +11 -0
- data/Changelog.md +9 -0
- data/VERSION +1 -1
- data/examples/gss_iov_helpers.rb +1 -1
- data/lib/gssapi/lib_gssapi.rb +3 -0
- data/lib/gssapi/lib_gssapi_loader.rb +2 -0
- data/lib/gssapi/simple.rb +12 -1
- data/test/spec/gssapi_simple_spec.rb +54 -8
- data/test/spec/test_buffer_spec.rb +1 -1
- metadata +10 -9
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: e6ab2e07f67767b64527b373d0c6ea265c54d4f4540f2f3821c1b3e013180cc8
|
|
4
|
+
data.tar.gz: 136299a62f83e238d6f711df62bcc61788112e26a4ae6089c973262226d8a0f9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c771726133a21b478516798b3e5ae969fe2620a0d808531ba0e081cd0437a3a61cb50d7616ffb7f446c63111312c3a5f97016cbccfd3bc7c1f1c530fef7ddc45
|
|
7
|
+
data.tar.gz: b1a9e90de99f477dd3af1f2a8db990b6a4093389754da6e5df1212e368d99d7fbc7a3c47591506cab3083c4fd123ce73dc70e22b9b2c29e642749d19e7e47321
|
data/.gitignore
ADDED
data/Changelog.md
CHANGED
|
@@ -12,3 +12,12 @@
|
|
|
12
12
|
|
|
13
13
|
## Version 1.2.0
|
|
14
14
|
* Move IOV and AEAD to gssapi/extensions.rb so it can be loaded separately when needed
|
|
15
|
+
|
|
16
|
+
## Version 1.3.0
|
|
17
|
+
|
|
18
|
+
Sorry everyone that this has taken so long to go out. I don't really work much
|
|
19
|
+
with GSSAPI so it hasn't been a priority for me.
|
|
20
|
+
|
|
21
|
+
* Implemented delegation and added verify_mic. Thanks @mfazekas
|
|
22
|
+
* Add loading of MIT GSS libs for solaris/smartos. Thanks @fac
|
|
23
|
+
* Fix corruption in iov_decrypt example. Thanks @Iristyle
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.3.0
|
data/examples/gss_iov_helpers.rb
CHANGED
data/lib/gssapi/lib_gssapi.rb
CHANGED
|
@@ -281,6 +281,9 @@ module GSSAPI
|
|
|
281
281
|
# OM_uint32 gss_get_mic(OM_uint32 * minor_status, const gss_ctx_id_t context_handle, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer)
|
|
282
282
|
attach_function :gss_get_mic, [:pointer, :pointer, :OM_uint32, :pointer, :pointer], :OM_uint32
|
|
283
283
|
|
|
284
|
+
# OM_uint32 gss_verify_mic (OM_uint32 *minor_status,const gss_ctx_id_t context_handle, const gss_buffer_t message_buffer,const gss_buffer_t token_buffer, gss_qop_t qop_state)
|
|
285
|
+
attach_function :gss_verify_mic, [:pointer, :pointer, :pointer, :pointer, :OM_uint32], :OM_uint32
|
|
286
|
+
|
|
284
287
|
# OM_uint32 gss_delete_sec_context(OM_uint32 * minor_status, gss_ctx_id_t * context_handle, gss_buffer_t output_token);
|
|
285
288
|
attach_function :gss_delete_sec_context, [:pointer, :pointer, :pointer], :OM_uint32
|
|
286
289
|
|
|
@@ -30,6 +30,8 @@ module GSSAPI
|
|
|
30
30
|
gssapi32_path = ENV['gssapi32'] ? ENV['gssapi32'] : 'C:\Program Files (x86)\MIT\Kerberos\bin\gssapi32.dll'
|
|
31
31
|
ffi_lib gssapi32_path, FFI::Library::LIBC # Required the MIT Kerberos libraries to be installed
|
|
32
32
|
ffi_convention :stdcall
|
|
33
|
+
when /solaris/
|
|
34
|
+
ffi_lib 'libgss.so', 'mech_krb5.so', FFI::Library::LIBC
|
|
33
35
|
else
|
|
34
36
|
raise LoadError, "This host OS (#{host_os}) is not supported by ruby gssapi and the MIT libraries."
|
|
35
37
|
end
|
data/lib/gssapi/simple.rb
CHANGED
|
@@ -59,6 +59,7 @@ module GSSAPI
|
|
|
59
59
|
# @option opts [Fixnum] :flags override all other flags. If you set the :delegate option this option will override it.
|
|
60
60
|
# @see http://tools.ietf.org/html/rfc4121#section-4.1.1.1
|
|
61
61
|
# @option opts [Boolean] :delegate if true set the credential delegate flag
|
|
62
|
+
# [Credentials] :credentials set to open the context in behalf of someone (delegated_credentials)
|
|
62
63
|
# @return [String, true] if a continuation flag is set it will return the output token that is needed to send
|
|
63
64
|
# to the remote host. Otherwise it returns true and the GSS security context has been established.
|
|
64
65
|
def init_context(in_token = nil, opts = {})
|
|
@@ -79,7 +80,7 @@ module GSSAPI
|
|
|
79
80
|
|
|
80
81
|
|
|
81
82
|
maj_stat = LibGSSAPI.gss_init_sec_context(min_stat,
|
|
82
|
-
|
|
83
|
+
opts[:credentials],
|
|
83
84
|
pctx,
|
|
84
85
|
@int_svc_name,
|
|
85
86
|
mech,
|
|
@@ -162,6 +163,16 @@ module GSSAPI
|
|
|
162
163
|
out_buff.value
|
|
163
164
|
end
|
|
164
165
|
|
|
166
|
+
def verify_mic(token,mic)
|
|
167
|
+
min_stat = FFI::MemoryPointer.new :OM_uint32
|
|
168
|
+
in_buff = GSSAPI::LibGSSAPI::UnManagedGssBufferDesc.new
|
|
169
|
+
in_buff.value = token
|
|
170
|
+
mic_buff = GSSAPI::LibGSSAPI::UnManagedGssBufferDesc.new
|
|
171
|
+
mic_buff.value = mic
|
|
172
|
+
maj_stat = GSSAPI::LibGSSAPI.gss_verify_mic(min_stat, @context, in_buff.pointer, mic_buff.pointer, 0)
|
|
173
|
+
raise GssApiError.new(maj_stat, min_stat), "Failed to gss_verify_mic" if maj_stat != 0
|
|
174
|
+
return (maj_stat == 0)
|
|
175
|
+
end
|
|
165
176
|
|
|
166
177
|
# Get textual representation of internal GSS name
|
|
167
178
|
# @return [String] textual representation of internal GSS name
|
|
@@ -6,19 +6,65 @@ require 'yaml'
|
|
|
6
6
|
|
|
7
7
|
describe GSSAPI::Simple, 'Test the Simple GSSAPI interface' do
|
|
8
8
|
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
let(:conf) { YAML.load_file "#{File.dirname(__FILE__)}/conf_file.yaml" }
|
|
10
|
+
let(:cli) { GSSAPI::Simple.new(conf['s_host'], conf['s_service']) }
|
|
11
|
+
let(:srv ) { GSSAPI::Simple.new(conf['s_host'], conf['s_service'], conf['keytab']) }
|
|
12
12
|
|
|
13
13
|
it 'should get the initial context for a client' do
|
|
14
|
-
|
|
15
|
-
token
|
|
16
|
-
token.should_not be_empty
|
|
14
|
+
token = cli.init_context
|
|
15
|
+
expect(token).not_to be_empty
|
|
17
16
|
end
|
|
18
17
|
|
|
19
18
|
it 'should acquire credentials for a server service' do
|
|
20
|
-
|
|
21
|
-
gsscli.acquire_credentials.should be_true
|
|
19
|
+
expect(srv.acquire_credentials).to eq(true)
|
|
22
20
|
end
|
|
23
21
|
|
|
22
|
+
def play_handshake(cli,srv,clioptions={})
|
|
23
|
+
clitoken = cli.init_context(nil, clioptions)
|
|
24
|
+
expect(clitoken).not_to be_empty
|
|
25
|
+
|
|
26
|
+
expect(srv.acquire_credentials).to eq(true)
|
|
27
|
+
|
|
28
|
+
srvoktok = srv.accept_context(clitoken)
|
|
29
|
+
expect(srvoktok).not_to be_empty
|
|
30
|
+
|
|
31
|
+
ret = cli.init_context(srvoktok)
|
|
32
|
+
expect(ret).to eq(true)
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
it 'client server should handshake' do
|
|
36
|
+
play_handshake(cli,srv)
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
it 'mic' do
|
|
40
|
+
play_handshake(cli,srv)
|
|
41
|
+
|
|
42
|
+
secret = "this is secreta"
|
|
43
|
+
|
|
44
|
+
mic = cli.get_mic(secret)
|
|
45
|
+
|
|
46
|
+
expect(srv.verify_mic(secret,mic)).to eq(true)
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
context "no delegation" do
|
|
50
|
+
it "sets delegated_credentials to nil" do
|
|
51
|
+
play_handshake(cli,srv,:delegate => false)
|
|
52
|
+
expect(srv.delegated_credentials).to be_nil
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
describe "delegation" do
|
|
57
|
+
it "sets delegated_credentials to valid" do
|
|
58
|
+
play_handshake(cli,srv,:delegate => true)
|
|
59
|
+
expect(srv.delegated_credentials).not_to be_nil
|
|
60
|
+
delegated_display_name = srv.display_name
|
|
61
|
+
|
|
62
|
+
host2 = conf['s_host2'] || conf['s_host']
|
|
63
|
+
service2 = conf['s_service2'] || conf['s_service']
|
|
64
|
+
cli_del = GSSAPI::Simple.new(host2, service2)
|
|
65
|
+
srv_del = GSSAPI::Simple.new(host2, service2, conf['keytab2'])
|
|
66
|
+
play_handshake(cli_del,srv_del,:credentials => srv.delegated_credentials)
|
|
67
|
+
expect(srv_del.display_name).to eq(delegated_display_name)
|
|
68
|
+
end
|
|
69
|
+
end
|
|
24
70
|
end
|
metadata
CHANGED
|
@@ -1,27 +1,27 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gssapi
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dan Wanek
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-04-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- -
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: 1.0.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- -
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: 1.0.1
|
|
27
27
|
description: |2
|
|
@@ -38,6 +38,7 @@ extra_rdoc_files:
|
|
|
38
38
|
- COPYING
|
|
39
39
|
- Changelog.md
|
|
40
40
|
files:
|
|
41
|
+
- ".gitignore"
|
|
41
42
|
- COPYING
|
|
42
43
|
- Changelog.md
|
|
43
44
|
- Gemfile
|
|
@@ -66,25 +67,25 @@ licenses:
|
|
|
66
67
|
metadata: {}
|
|
67
68
|
post_install_message:
|
|
68
69
|
rdoc_options:
|
|
69
|
-
- -x
|
|
70
|
+
- "-x"
|
|
70
71
|
- test/
|
|
71
|
-
- -x
|
|
72
|
+
- "-x"
|
|
72
73
|
- examples/
|
|
73
74
|
require_paths:
|
|
74
75
|
- lib
|
|
75
76
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
76
77
|
requirements:
|
|
77
|
-
- -
|
|
78
|
+
- - ">="
|
|
78
79
|
- !ruby/object:Gem::Version
|
|
79
80
|
version: 1.8.7
|
|
80
81
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
81
82
|
requirements:
|
|
82
|
-
- -
|
|
83
|
+
- - ">="
|
|
83
84
|
- !ruby/object:Gem::Version
|
|
84
85
|
version: '0'
|
|
85
86
|
requirements: []
|
|
86
87
|
rubyforge_project:
|
|
87
|
-
rubygems_version: 2.
|
|
88
|
+
rubygems_version: 2.7.9
|
|
88
89
|
signing_key:
|
|
89
90
|
specification_version: 4
|
|
90
91
|
summary: A FFI wrapper around the system GSSAPI library.
|