kerberos_authenticator 0.0.5 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/kerberos_authenticator.rb +13 -5
- data/lib/kerberos_authenticator/error.rb +1 -1
- data/lib/kerberos_authenticator/krb5.rb +2 -0
- data/lib/kerberos_authenticator/krb5/attach_function.rb +3 -0
- data/lib/kerberos_authenticator/krb5/context.rb +5 -0
- data/lib/kerberos_authenticator/krb5/creds.rb +7 -0
- data/lib/kerberos_authenticator/krb5/error.rb +18 -0
- data/lib/kerberos_authenticator/krb5/keytab.rb +11 -0
- data/lib/kerberos_authenticator/krb5/principal.rb +9 -0
- data/lib/kerberos_authenticator/version.rb +3 -0
- metadata +5 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d21f1ea20049f7cc581df957b1b2e738b4578cab
|
4
|
+
data.tar.gz: 74504aa9db7035a3935f346c2563b3ccfda586d2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ec9e7e068cfb22395aab8865f03f8060bee9f1e5f66196518435963f13100d7953dc9013c6dd76dd9f349f6a994eba444baea344655dc3699e2c8f4717c0a666
|
7
|
+
data.tar.gz: 6a784a3b02dac99f4638d23da612918c89116eb55b79b88074176a99edeb826a523d5c0eb041ab1421227677743970fc0932708dabe052751cf49eaf6ef54ea8
|
@@ -1,10 +1,13 @@
|
|
1
1
|
require 'base64'
|
2
2
|
require 'tempfile'
|
3
3
|
|
4
|
+
require 'kerberos_authenticator/version'
|
4
5
|
require 'kerberos_authenticator/error'
|
5
6
|
require 'kerberos_authenticator/krb5'
|
6
7
|
|
7
8
|
module KerberosAuthenticator
|
9
|
+
|
10
|
+
# A convenience method to access the Krb5 module when using the setup method.
|
8
11
|
# @return [Krb5]
|
9
12
|
def self.krb5
|
10
13
|
Krb5
|
@@ -34,17 +37,22 @@ module KerberosAuthenticator
|
|
34
37
|
true
|
35
38
|
end
|
36
39
|
|
40
|
+
# @!attribute [rw] keytab_base64
|
41
|
+
# @!scope class
|
42
|
+
# @return [String] the keytab to use when verifying the identity of the KDC represented as a Base64 encoded string (overrides keytab_path)
|
43
|
+
|
44
|
+
# @!attribute [rw] keytab_path
|
45
|
+
# @!scope class
|
46
|
+
# @return [String] the path to the keytab to use when verifying the identity of the KDC
|
47
|
+
|
37
48
|
# @!attribute [rw] server
|
49
|
+
# @!scope class
|
38
50
|
# @return [String] the server principal name to use when verifying the identity of the KDC
|
39
51
|
|
40
52
|
# @!attribute [rw] service
|
53
|
+
# @!scope class
|
41
54
|
# @return [String] the service principal name to request a ticket for when obtaining a user's credentials
|
42
55
|
|
43
|
-
# @!attribute [rw] keytab_base64
|
44
|
-
# @return [String] the keytab to use when verifying the identity of the KDC represented as a Base64 encoded string (overrides keytab_path)
|
45
|
-
|
46
|
-
# @!attribute [rw] keytab_path
|
47
|
-
# @return [String] the path to the keytab to use when verifying the identity of the KDC
|
48
56
|
|
49
57
|
@service = nil
|
50
58
|
|
@@ -19,8 +19,10 @@ module KerberosAuthenticator
|
|
19
19
|
end
|
20
20
|
|
21
21
|
# @!attribute [rw] use_secure_context
|
22
|
+
# @!scope class
|
22
23
|
# @return [Boolean] if Context.context should ignore environmental variables when returning a library context
|
23
24
|
|
25
|
+
|
24
26
|
@use_secure_context = true
|
25
27
|
|
26
28
|
def self.use_secure_context
|
@@ -1,8 +1,11 @@
|
|
1
1
|
module KerberosAuthenticator
|
2
2
|
module Krb5
|
3
|
+
# Attaches a Kerberos library function to Krb5.
|
3
4
|
# Extends FFI's built-in method to:
|
4
5
|
# - drop the krb5_ prefix from function names
|
5
6
|
# - wrap any call returning a krb5_error_code with Krb5::Error.raise_if_error
|
7
|
+
# @api private
|
8
|
+
# @see http://www.rubydoc.info/github/ffi/ffi/FFI/Library#attach_function-instance_method FFI::Library#attach_function
|
6
9
|
def self.attach_function(c_name, params, returns, options = {})
|
7
10
|
ruby_name = c_name.to_s.gsub(/^krb5_/, '').to_sym
|
8
11
|
|
@@ -41,11 +41,16 @@ module KerberosAuthenticator
|
|
41
41
|
self
|
42
42
|
end
|
43
43
|
|
44
|
+
# @return [FFI::Pointer] the pointer to the krb5_context structure
|
45
|
+
# @see http://web.mit.edu/kerberos/krb5-1.14/doc/appdev/refs/types/krb5_context.html krb5_context
|
44
46
|
def ptr
|
45
47
|
@buffer.get_pointer(0)
|
46
48
|
end
|
47
49
|
|
50
|
+
# Builds a Proc to free the Context once its no longer in use.
|
48
51
|
# @api private
|
52
|
+
# @return [Proc]
|
53
|
+
# @see http://web.mit.edu/kerberos/krb5-1.14/doc/appdev/refs/api/krb5_free_context.html krb5_free_context
|
49
54
|
def self.finalize(buffer)
|
50
55
|
proc { Krb5.free_context(buffer.get_pointer(0)) }
|
51
56
|
end
|
@@ -39,6 +39,10 @@ module KerberosAuthenticator
|
|
39
39
|
new(context, ptr)
|
40
40
|
end
|
41
41
|
|
42
|
+
# Initialize a new Keytab with a pointer to a krb5_keytab structure, and define its finalizer.
|
43
|
+
# @param context [Context]
|
44
|
+
# @param ptr [FFI::MemoryPointer]
|
45
|
+
# @return [Keytab]
|
42
46
|
def initialize(context, ptr)
|
43
47
|
@context = context
|
44
48
|
@ptr = ptr
|
@@ -77,7 +81,10 @@ module KerberosAuthenticator
|
|
77
81
|
true
|
78
82
|
end
|
79
83
|
|
84
|
+
# Builds a Proc to free the credentials once they're no longer in use.
|
80
85
|
# @api private
|
86
|
+
# @return [Proc]
|
87
|
+
# @see http://web.mit.edu/kerberos/krb5-1.14/doc/appdev/refs/api/krb5_free_cred_contents.html krb5_free_cred_contents
|
81
88
|
def self.finalize(context, ptr)
|
82
89
|
proc { Krb5.free_cred_contents(context.ptr, ptr); ptr.free }
|
83
90
|
end
|
@@ -6,8 +6,17 @@ module KerberosAuthenticator
|
|
6
6
|
|
7
7
|
# A Kerberos library error
|
8
8
|
class Error < StandardError
|
9
|
+
# @!attribute [r] error_code
|
10
|
+
# @return [Integer] the krb5_error_code used to convey the status of a Kerberos library operation.
|
11
|
+
# @see http://web.mit.edu/kerberos/krb5-1.14/doc/appdev/refs/types/krb5_error_code.html krb5_error_code
|
12
|
+
|
13
|
+
|
9
14
|
attr_reader :error_code
|
10
15
|
|
16
|
+
# Initializes a new Error using an error code and the relevant Context to provide a friendly error message.
|
17
|
+
# @param context_ptr [FFI::Pointer] A Context's pointer
|
18
|
+
# @param krb5_error_code [Integer] An integer used to convey a operation's status
|
19
|
+
# @return [Error]
|
11
20
|
# @see http://web.mit.edu/kerberos/krb5-1.14/doc/appdev/refs/api/krb5_get_error_message.html krb5_get_error_message
|
12
21
|
def initialize(context_ptr, krb5_error_code)
|
13
22
|
@error_code = krb5_error_code
|
@@ -16,10 +25,19 @@ module KerberosAuthenticator
|
|
16
25
|
super(String.new(error_message))
|
17
26
|
end
|
18
27
|
|
28
|
+
# Build a Proc to free the error message string once it's no longer in use.
|
29
|
+
# @api private
|
30
|
+
# @return [Proc]
|
31
|
+
# @see http://web.mit.edu/kerberos/krb5-1.14/doc/appdev/refs/api/krb5_free_error_message.html krb5_free_error_message
|
19
32
|
def self.finalize(context_ptr)
|
20
33
|
proc { |ptr| Krb5.free_error_message(context_ptr, ptr) }
|
21
34
|
end
|
22
35
|
|
36
|
+
# Used to wrap Kerberos library functions that return a krb5_error_code.
|
37
|
+
# @return [Integer] always returns zero on success
|
38
|
+
# @yield [] A call to a Kerberos library function
|
39
|
+
# @yieldreturn [Integer] a krb5_error_code
|
40
|
+
# @raise [Error] if the krb5_error_code differed from zero
|
23
41
|
def self.raise_if_error(context_ptr = nil)
|
24
42
|
err = yield
|
25
43
|
return 0 if err == 0
|
@@ -20,6 +20,10 @@ module KerberosAuthenticator
|
|
20
20
|
new(context, buffer)
|
21
21
|
end
|
22
22
|
|
23
|
+
# Initialize a new Keytab with a buffer containing a krb5_keytab structure, and define its finalizer.
|
24
|
+
# @param context [Context]
|
25
|
+
# @param buffer [FFI::Buffer]
|
26
|
+
# @return [Keytab]
|
23
27
|
def initialize(context, buffer)
|
24
28
|
@context = context
|
25
29
|
@buffer = buffer
|
@@ -28,15 +32,22 @@ module KerberosAuthenticator
|
|
28
32
|
self
|
29
33
|
end
|
30
34
|
|
35
|
+
# @return [FFI::Pointer] the pointer to the krb5_keytab structure
|
36
|
+
# @see http://web.mit.edu/kerberos/krb5-1.14/doc/appdev/refs/types/krb5_keytab.html krb5_keytab
|
31
37
|
def ptr
|
32
38
|
@buffer.get_pointer(0)
|
33
39
|
end
|
34
40
|
|
41
|
+
# @return [String] the type of the key table
|
42
|
+
# @see http://web.mit.edu/Kerberos/krb5-1.14/doc/appdev/refs/api/krb5_kt_get_type.html kt_get_type
|
35
43
|
def type
|
36
44
|
Krb5.kt_get_type(context.ptr, ptr)
|
37
45
|
end
|
38
46
|
|
47
|
+
# Builds a Proc to close the Keytab once its no longer in use.
|
39
48
|
# @api private
|
49
|
+
# @return [Proc]
|
50
|
+
# @see http://web.mit.edu/kerberos/krb5-1.14/doc/appdev/refs/api/krb5_kt_close.html krb5_kt_close
|
40
51
|
def self.finalize(context, buffer)
|
41
52
|
proc { Krb5.kt_close(context.ptr, buffer.get_pointer(0)) }
|
42
53
|
end
|
@@ -25,6 +25,10 @@ module KerberosAuthenticator
|
|
25
25
|
new(context, buffer)
|
26
26
|
end
|
27
27
|
|
28
|
+
# Initialize a new Principal with a buffer containing a krb5_principal structure, and define its finalizer.
|
29
|
+
# @param context [Context]
|
30
|
+
# @param buffer [FFI::Buffer]
|
31
|
+
# @return [Principal]
|
28
32
|
def initialize(context, buffer)
|
29
33
|
@context = context
|
30
34
|
@buffer = buffer
|
@@ -42,6 +46,8 @@ module KerberosAuthenticator
|
|
42
46
|
Creds.initial_creds_for_principal_with_a_password(self, password, service)
|
43
47
|
end
|
44
48
|
|
49
|
+
# @return [FFI::Pointer] the pointer to the krb5_principal structure
|
50
|
+
# @see http://web.mit.edu/kerberos/krb5-1.14/doc/appdev/refs/types/krb5_principal.html krb5_principal
|
45
51
|
def ptr
|
46
52
|
@buffer.get_pointer(0)
|
47
53
|
end
|
@@ -60,7 +66,10 @@ module KerberosAuthenticator
|
|
60
66
|
copy
|
61
67
|
end
|
62
68
|
|
69
|
+
# Builds a Proc to free the Principal once it's no longer in use.
|
63
70
|
# @api private
|
71
|
+
# @return [Proc]
|
72
|
+
# @see http://web.mit.edu/kerberos/krb5-1.14/doc/appdev/refs/api/krb5_free_principal.html krb5_free_principal
|
64
73
|
def self.finalize(context, buffer)
|
65
74
|
proc { Krb5.free_principal(context.ptr, buffer.get_pointer(0)) }
|
66
75
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kerberos_authenticator
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Adam Watkins
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-04-
|
11
|
+
date: 2016-04-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ffi
|
@@ -53,6 +53,7 @@ files:
|
|
53
53
|
- lib/kerberos_authenticator/krb5/error.rb
|
54
54
|
- lib/kerberos_authenticator/krb5/keytab.rb
|
55
55
|
- lib/kerberos_authenticator/krb5/principal.rb
|
56
|
+
- lib/kerberos_authenticator/version.rb
|
56
57
|
homepage: https://github.com/stupidpupil/kerberos_authenticator
|
57
58
|
licenses:
|
58
59
|
- MIT
|
@@ -77,7 +78,7 @@ rubyforge_project:
|
|
77
78
|
rubygems_version: 2.5.1
|
78
79
|
signing_key:
|
79
80
|
specification_version: 4
|
80
|
-
summary:
|
81
|
-
|
81
|
+
summary: Authenticate a Kerberos user using their password. Uses Ruby-FFI to interface
|
82
|
+
with the Kerberos library.
|
82
83
|
test_files: []
|
83
84
|
has_rdoc:
|