kerberos_authenticator 0.0.4 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4a44179b216387e5f2eb0a20ef4bf9b1cd1aeea1
4
- data.tar.gz: 9822897ddb64fdb9f78ef9c490e8228d56f9e6a6
3
+ metadata.gz: ae668eaa13a5a760620f1c5fbe67ea57c48fb08f
4
+ data.tar.gz: 60eab79c31c8f11e858c782d3220a5e51db13a37
5
5
  SHA512:
6
- metadata.gz: 34ca852532daa3c7917ca32424c70ab2ef926656c0ccaee40bfa6cc91eab871c41d411bebc10ee829dfd04bf41208192f73f39f825bc40e432c248bb6bed338f
7
- data.tar.gz: c93c71a10984de26d2c2917ae0bbb7351be8532ff6a140921fed507514817f6992d3df838871d7b6ec557cf6b8d8252dcc309861c678584555c5c2d7cdaeb3fe
6
+ metadata.gz: 89e39afb2afe2ce6d2ffb0e7e39a108aa8f3b3747cc3154985655b1ba71b79773496e0f986a7aa7b7d44d1c1e622a0a357b63c4a12d0424903879afa3aa5f46d
7
+ data.tar.gz: 35cd393566e7818ea3c71b07b3e5980f9697b025f0ccef61199aa94b73b2d97ebadf9748517c64a1789a0eb85cba919bfa685c68e15221ff66907f7ace2fc191
@@ -35,16 +35,16 @@ module KerberosAuthenticator
35
35
  end
36
36
 
37
37
  # @!attribute [rw] server
38
- # @return [String] the server principal name to use when verifying the identity the KDC
38
+ # @return [String] the server principal name to use when verifying the identity of the KDC
39
39
 
40
40
  # @!attribute [rw] service
41
41
  # @return [String] the service principal name to request a ticket for when obtaining a user's credentials
42
42
 
43
43
  # @!attribute [rw] keytab_base64
44
- # @return [String] the keytab to use when verifying the identity the KDC represented as a Base64 encoded string (overrides keytab_path)
44
+ # @return [String] the keytab to use when verifying the identity of the KDC represented as a Base64 encoded string (overrides keytab_path)
45
45
 
46
46
  # @!attribute [rw] keytab_path
47
- # @return [String] the path to the keytab to use when verifying the identity the KDC
47
+ # @return [String] the path to the keytab to use when verifying the identity of the KDC
48
48
 
49
49
  @service = nil
50
50
 
@@ -92,7 +92,7 @@ module KerberosAuthenticator
92
92
  def self.new_kt_tmp_file
93
93
  return nil unless keytab_base64
94
94
 
95
- kt_tmp_file = Tempfile.new('krb5_kt', encoding: 'ascii-8bit')
95
+ kt_tmp_file = Tempfile.new('krb5_kt', encoding: 'binary')
96
96
  kt_tmp_file.write(Base64.decode64(keytab_base64))
97
97
  kt_tmp_file.close
98
98
 
@@ -6,12 +6,16 @@ module KerberosAuthenticator
6
6
  module Krb5
7
7
  extend FFI::Library
8
8
 
9
- PREFERRED_VERSIONS = ['.3','.26','']
9
+ # Version suffixes of the library to search for, in order:
10
+ # - .3: MIT as of Debian 8, RHEL 7
11
+ # - .26: Heimdal as of Debian 8, RHEL 7
12
+ # and then no suffix (which should pickup OS X Kerberos).
13
+ PREFERRED_VERSIONS = ['.3', '.26', ''].freeze
10
14
 
11
15
  if ENV['FFI_KRB5_LIBRARY_NAME']
12
16
  ffi_lib ENV['FFI_KRB5_LIBRARY_NAME']
13
17
  else
14
- ffi_lib PREFERRED_VERSIONS.map {|v| FFI.map_library_name('krb5') + v}
18
+ ffi_lib PREFERRED_VERSIONS.map { |v| FFI.map_library_name('krb5') + v }
15
19
  end
16
20
 
17
21
  # @!attribute [rw] use_secure_context
@@ -8,13 +8,17 @@ module KerberosAuthenticator
8
8
  attach_function :krb5_verify_init_creds_opt_init, [:pointer], :void
9
9
  attach_function :krb5_verify_init_creds_opt_set_ap_req_nofail, [:pointer, :bool], :void
10
10
 
11
- attach_function :krb5_free_creds, [:krb5_context, :krb5_creds], :void
11
+ attach_function :krb5_free_cred_contents, [:krb5_context, :krb5_creds], :void
12
12
  attach_function :krb5_get_init_creds_opt_free, [:krb5_context, :pointer], :void
13
13
 
14
14
  # Credentials, or tickets, provided by a KDC for a user.
15
15
  class Creds
16
16
  attr_reader :context, :ptr
17
17
 
18
+ # The size, in bytes, of the krb5_creds structure.
19
+ # This differs between implementations and architectures.
20
+ SIZE_OF_KRB5_CREDS = 480
21
+
18
22
  # Requests initial credentials for principal using password from a KDC.
19
23
  # @param principal [Principal] the user's Principal
20
24
  # @param password [String] the user's password
@@ -25,12 +29,12 @@ module KerberosAuthenticator
25
29
  # @see http://web.mit.edu/kerberos/krb5-1.14/doc/appdev/refs/api/krb5_get_init_creds_password.html krb5_get_init_creds_password
26
30
  # @see http://web.mit.edu/kerberos/krb5-1.14/doc/appdev/init_creds.html Initial credentials
27
31
  def self.initial_creds_for_principal_with_a_password(principal, password, service = nil)
28
- raise ArgumentError, 'expected Principal' unless principal.is_a? Principal
32
+ raise TypeError, 'expected Principal' unless principal.is_a? Principal
29
33
 
30
34
  context = principal.context
31
- ptr = FFI::MemoryPointer.new :char, 120
35
+ ptr = FFI::MemoryPointer.new :char, SIZE_OF_KRB5_CREDS
32
36
 
33
- Krb5.get_init_creds_password(context.ptr, ptr, principal.ptr, password, nil, nil, 0, service, nil)
37
+ Krb5.get_init_creds_password(context.ptr, ptr, principal.ptr, password.to_str, nil, nil, 0, service, nil)
34
38
 
35
39
  new(context, ptr)
36
40
  end
@@ -62,24 +66,20 @@ module KerberosAuthenticator
62
66
  # @see http://web.mit.edu/kerberos/krb5-1.14/doc/appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail.html krb5_verify_init_creds_opt_set_ap_req_nofail
63
67
  def verify(nofail = false, server_principal = nil, keytab = nil)
64
68
  verify_creds_opt = FFI::MemoryPointer.new :int, 2
65
-
66
69
  Krb5.verify_init_creds_opt_init(verify_creds_opt)
70
+ Krb5.verify_init_creds_opt_set_ap_req_nofail(verify_creds_opt, nofail)
67
71
 
68
- begin
69
- Krb5.verify_init_creds_opt_set_ap_req_nofail(verify_creds_opt, nofail)
70
-
71
- server_princ_ptr = server_principal ? server_principal.ptr : nil
72
- keytab_ptr = keytab ? keytab.ptr : nil
72
+ server_princ_ptr = server_principal ? server_principal.ptr : nil
73
+ keytab_ptr = keytab ? keytab.ptr : nil
73
74
 
74
- Krb5.verify_init_creds(context.ptr, ptr, server_princ_ptr, keytab_ptr, nil, verify_creds_opt)
75
- end
75
+ Krb5.verify_init_creds(context.ptr, ptr, server_princ_ptr, keytab_ptr, nil, verify_creds_opt)
76
76
 
77
77
  true
78
78
  end
79
79
 
80
80
  # @api private
81
81
  def self.finalize(context, ptr)
82
- proc { Krb5.free_creds(context.ptr, ptr) }
82
+ proc { Krb5.free_cred_contents(context.ptr, ptr); ptr.free }
83
83
  end
84
84
  end
85
85
  end
@@ -1,7 +1,8 @@
1
1
  module KerberosAuthenticator
2
2
  module Krb5
3
3
  typedef :int, :krb5_error_code
4
- attach_function :krb5_get_error_message, [:pointer, :krb5_error_code], :string
4
+ attach_function :krb5_get_error_message, [:pointer, :krb5_error_code], :strptr
5
+ attach_function :krb5_free_error_message, [:pointer, :pointer], :void
5
6
 
6
7
  # A Kerberos library error
7
8
  class Error < StandardError
@@ -10,7 +11,13 @@ module KerberosAuthenticator
10
11
  # @see http://web.mit.edu/kerberos/krb5-1.14/doc/appdev/refs/api/krb5_get_error_message.html krb5_get_error_message
11
12
  def initialize(context_ptr, krb5_error_code)
12
13
  @error_code = krb5_error_code
13
- super(Krb5.get_error_message(context_ptr, krb5_error_code))
14
+ error_message, error_ptr = Krb5.get_error_message(context_ptr, krb5_error_code)
15
+ FFI::AutoPointer.new(error_ptr, self.class.finalize(context_ptr))
16
+ super(String.new(error_message))
17
+ end
18
+
19
+ def self.finalize(context_ptr)
20
+ proc { |ptr| Krb5.free_error_message(context_ptr, ptr) }
14
21
  end
15
22
 
16
23
  def self.raise_if_error(context_ptr = nil)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kerberos_authenticator
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.4
4
+ version: 0.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Watkins
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-04-10 00:00:00.000000000 Z
11
+ date: 2016-04-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ffi