kiro-ruby-sasl 0.0.4.0 → 0.0.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 10e07b40466156392cccf8216fdb8ba1fe3a1a3a
-  data.tar.gz: 4c112a5fb128343ff32cfce1f6896762d7abfcad
+  metadata.gz: d6120e3e4c0ff7622a3c9a1fc44b40c15a4383df
+  data.tar.gz: 1cd8c81fadca22b24db8c0ecbdbe4f9556864c42
 SHA512:
-  metadata.gz: 3579aa92c4f44e391aa21613c1d6398f1548b495e7784da8f9972b2803e0a3836844b02c342359662e86a30437b5004e2f9a2b9aba062fad223bb0822cf6c2d4
-  data.tar.gz: 6a7e9657313c56e2e5ce2166df38767d3bdfb800dfc3f601e459e3703d7b4234eacf43ea7c3b7ee511df9f6cc1bf46db1961420ab8eff761e98c927a25c42c01
+  metadata.gz: 33f868fd65da70183308305655ad62c0f5f35fc8c0c9493019043b2cf043f744557ed8d05564c82be104d7b27d5afc3e91e8c6d07277185ba31b3b4910fd05e8
+  data.tar.gz: 6eb02464ab684c0442e1c20ee325f63f78a63e56bafbd619c1764b73aa2a00718a630a8de3d231d47c50eb3c3e33769d1846b20ee010dcc9d3e6c7c26bf56e4e

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2012 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kiro-ruby-sasl
 version: !ruby/object:Gem::Version
-  version: 0.0.4.0
+  version: 0.0.4.1
 platform: ruby
 authors:
 - Stephan Maka
@@ -18,21 +18,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- MIT-LICENSE
 - README.markdown
-- lib/sasl.rb
-- lib/sasl/anonymous.rb
-- lib/sasl/base.rb
-- lib/sasl/base64.rb
-- lib/sasl/digest_md5.rb
-- lib/sasl/gssapi.rb
-- lib/sasl/gssspnego.rb
-- lib/sasl/plain.rb
-- lib/sasl/socket.rb
-- spec/anonymous_spec.rb
-- spec/digest_md5_spec.rb
-- spec/mechanism_spec.rb
-- spec/plain_spec.rb
-- spec/socket_spec.rb
 homepage: http://github.com/luizluca/ruby-sasl/
 licenses: []
 metadata: {}
@@ -56,9 +43,4 @@ rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: SASL client library
-test_files:
-- spec/mechanism_spec.rb
-- spec/anonymous_spec.rb
-- spec/plain_spec.rb
-- spec/digest_md5_spec.rb
-- spec/socket_spec.rb
+test_files: []

data/lib/sasl.rb

@@ -1,5 +0,0 @@
-SASL_PATH = File.dirname(__FILE__) + "/sasl"
-require 'sasl/base'
-Dir.foreach(SASL_PATH) do |f|
-  require "#{SASL_PATH}/#{f}" if f =~ /^[^\.].+\.rb$/ && f != 'base.rb'
-end

data/lib/sasl/anonymous.rb

@@ -1,14 +0,0 @@
-module SASL
-  ##
-  # SASL ANONYMOUS where you only send a username that may not get
-  # evaluated by the server.
-  #
-  # RFC 4505:
-  # http://tools.ietf.org/html/rfc4505
-  class Anonymous < Mechanism
-    def start
-      @state = nil
-      ['auth', preferences.username.to_s]
-    end
-  end
-end

data/lib/sasl/base.rb

@@ -1,126 +0,0 @@
-##
-# RFC 4422:
-# http://tools.ietf.org/html/rfc4422
-module SASL
-  ##
-  # You must derive from class Preferences and overwrite methods you
-  # want to implement.
-  class Preferences
-    attr_reader :config
-    # key in config hash
-    # authzid: Authorization identitiy ('username@domain' in XMPP)
-    # realm: Realm ('domain' in XMPP)
-    # digest-uri: : serv-type/serv-name | serv-type/host/serv-name ('xmpp/domain' in XMPP)
-    # username
-    # has_password?
-    # allow_plaintext?
-    # password
-    # want_anonymous?
-    
-    def initialize (config)
-      @config = {:has_password? => false, :allow_plaintext? => false, :want_anonymous? => false}.merge(config.dup)
-    end
-    def method_missing(sym, *args, &block)
-      @config.send "[]", sym, &block
-    end    
-  end
-
-  ##
-  # Will be raised by SASL.new_mechanism if mechanism passed to the
-  # constructor is not known.
-  class UnknownMechanism < RuntimeError
-    def initialize(mechanism)
-      @mechanism = mechanism
-    end
-
-    def to_s
-      "Unknown mechanism: #{@mechanism.inspect}"
-    end
-  end
-
-  def SASL.new(mechanisms, preferences)
-    best_mechanism = if preferences.want_anonymous? && mechanisms.include?('ANONYMOUS')
-                       'ANONYMOUS'
-                     elsif preferences.has_password?
-                       if mechanisms.include?('DIGEST-MD5')
-                         'DIGEST-MD5'
-                       elsif preferences.allow_plaintext?
-                         'PLAIN'
-                       else
-                         raise UnknownMechanism.new(mechanisms)
-                       end
-                     else
-                       raise UnknownMechanism.new(mechanisms)
-                     end
-    new_mechanism(best_mechanism, preferences)
-  end
-
-  ##
-  # Create a SASL Mechanism for the named mechanism
-  #
-  # mechanism:: [String] mechanism name
-  def SASL.new_mechanism(mechanism, preferences)
-    mechanism_class = case mechanism
-                      when 'DIGEST-MD5'
-                        DigestMD5
-                      when 'PLAIN'
-                        Plain
-                      when 'ANONYMOUS'
-                        Anonymous
-                      when 'GSS-SPNEGO'
-                        GssSpnego
-                      when 'GSSAPI'
-                        GssApi
-                      else
-                        raise UnknownMechanism.new(mechanism)
-                      end
-    mechanism_class.new(mechanism, preferences)
-  end
-
-
-  class AbstractMethod < Exception # :nodoc:
-    def to_s
-      "Abstract method is not implemented"
-    end
-  end
-
-  ##
-  # Common functions for mechanisms
-  #
-  # Mechanisms implement handling of methods start and receive. They
-  # return: [message_name, content] or nil where message_name is
-  # either 'auth' or 'response' and content is either a string which
-  # may transmitted encoded as Base64 or nil.
-  class Mechanism
-    attr_reader :mechanism
-    attr_reader :preferences
-
-    def initialize(mechanism, preferences)
-      @mechanism = mechanism
-      @preferences = preferences
-      @state = nil
-    end
-
-    def success?
-      @state == :success
-    end
-    def failure?
-      @state == :failure
-    end
-
-    def start
-      raise AbstractMethod
-    end
-
-
-    def receive(message_name, content)
-      case message_name
-      when 'success'
-        @state = :success
-      when 'failure'
-        @state = :failure
-      end
-      nil
-    end
-  end
-end

data/lib/sasl/base64.rb

@@ -1,32 +0,0 @@
-# =XMPP4R - XMPP Library for Ruby
-# License:: Ruby's license (see the LICENSE file) or GNU GPL, at your option.
-# Website::http://home.gna.org/xmpp4r/
-
-begin
-  require 'base64'
-rescue LoadError
-  ##
-  # Ruby 1.9 has dropped the Base64 module,
-  # this is a replacement
-  #
-  # We could replace all call by Array#pack('m')
-  # and String#unpack('m'), but this module
-  # improves readability.
-  module Base64
-    ##
-    # Encode a String
-    # data:: [String] Binary
-    # result:: [String] Binary in Base64
-    def self.encode64(data)
-      [data].pack('m')
-    end
-
-    ##
-    # Decode a Base64-encoded String
-    # data64:: [String] Binary in Base64
-    # result:: [String] Binary
-    def self.decode64(data64)
-      data64.unpack('m').first
-    end
-  end
-end

data/lib/sasl/digest_md5.rb

@@ -1,432 +0,0 @@
-require 'digest/md5'
-
-module SASL
-  ##
-  # RFC 2831:
-  # http://tools.ietf.org/html/rfc2831
-  class DigestMD5 < Mechanism
-    begin
-      require 'openssl'
-      ##
-      # Set to +true+ if OpenSSL is available and LDAPS is supported.
-      HasOpenSSL = true
-    rescue LoadError
-      # :stopdoc:
-      HasOpenSSL = false
-      # :startdoc:
-    end
-
-    attr_writer :cnonce
-
-    def initialize(*a)
-      super
-      @nonce_count = 0
-      preferences.config[:secure_layer]=false if preferences.config[:secure_layer]==nil
-      preferences.config[:confidentiality]=preferences.config[:secure_layer] if preferences.config[:confidentiality]==nil
-      preferences.config[:cipher]="rc4" if preferences.config[:confidentiality] and not preferences.config[:cipher]
-
-      if preferences.secure_layer and not HasOpenSSL
-        raise ":secure_layer in #{self.class} depends on Openssl"
-      end
-    end
-
-    def start
-      @state = nil
-      unless defined? @nonce
-        ['auth', nil]
-      else
-        # reauthentication
-        receive('challenge', '')
-      end
-    end
-
-    def receive(message_name, content)
-      case message_name
-      when 'challenge'
-        c = decode_challenge(content)
-
-        unless c['rspauth']
-          response = {}
-          if defined?(@nonce) && response['nonce'].nil?
-            # Could be reauth
-          else
-            # No reauth:
-            @nonce_count = 0
-          end
-          @nonce ||= c['nonce']
-          response['username'] = preferences.username
-          response['realm'] = c['realm'] || preferences.realm
-          response['nonce'] = @nonce
-          @cnonce = generate_nonce unless defined? @cnonce
-          response['cnonce'] = @cnonce
-          @nc = next_nc
-          response['nc'] = @nc
-          @qop="auth"
-          if c['qop']
-            c_qop = c['qop'].split(",")
-          else
-            c_qop = []
-          end
-          if preferences.secure_layer and preferences.confidentiality and c_qop.include?("auth-conf")
-            response['qop'] = "auth-conf"
-            response['cipher'] = preferences.config[:cipher]
-          elsif preferences.secure_layer and not preferences.confidentiality and c_qop.include?("auth-int")
-            response['qop'] = "auth-int"
-          else
-            response['qop'] = 'auth'
-          end
-          @cipher=response['cipher']
-          @qop=response['qop']
-          response['digest-uri'] = preferences.digest_uri
-          response['charset'] = 'utf-8'
-          @algorithm = c['algorithm'] || "md5"
-          response['response'] = response_value(@algorithm, response['nonce'], response['nc'], response['cnonce'], response['qop'], response['realm'])
-          result=['response', encode_response(response)]
-        else
-          rspauth_expected = response_value(@algorithm, @nonce, @nc, @cnonce, @qop, '')
-          #p :rspauth_received=>c['rspauth'], :rspauth_expected=>rspauth_expected
-          if c['rspauth'] == rspauth_expected
-            result=['response', nil]
-          else
-            # Bogus server?
-            @state = :failure
-            result=['failure', nil]
-          end
-        end
-      when 'success'
-         result=super
-         if preferences.secure_layer 
-            securelayer_wrapper = proc {|io| DigestMD5SecureLayer.new(io, @ha1, @qop=="auth-conf",  @cipher) }
-            result=['securelayer_wrapper', securelayer_wrapper]
-         end      
-      else
-        # No challenge? Might be success or failure
-        result=super
-      end
-      result
-    end
-
-    private
-
-    def decode_challenge(text)
-      challenge = {}
-      
-      state = :key
-      key = ''
-      value = ''
-
-      text.scan(/./) do |ch|
-        if state == :key
-          if ch == '='
-            state = :value
-          elsif ch =~ /\S/
-            key += ch
-          end
-          
-        elsif state == :value
-          if ch == ','
-            challenge[key] = value
-            key = ''
-            value = ''
-            state = :key
-          elsif ch == '"' and value == ''
-            state = :quote
-          else
-            value += ch
-          end
-
-        elsif state == :quote
-          if ch == '"'
-            state = :value
-          else
-            value += ch
-          end
-        end
-      end
-      challenge[key] = value unless key == ''
-      
-      #p :decode_challenge => challenge
-      challenge
-    end
-
-    def encode_response(response)
-      #p :encode_response => response
-      response.collect do |k,v|
-        if ['username', 'cnonce', 'nonce', 'digest-uri', 'authzid','realm','qop'].include? k
-          v.sub!('\\', '\\\\')
-          v.sub!('"', '\\"')
-          "#{k}=\"#{v}\""
-        else
-          "#{k}=#{v}"
-        end
-      end.join(',')
-    end
-
-    def generate_nonce
-      nonce = ''
-      while nonce.length < 32
-        c = rand(128).chr
-        nonce += c if c =~ /^[a-zA-Z0-9]$/
-      end
-      nonce
-    end
-
-    ##
-    # Function from RFC2831
-    def self.h(s); Digest::MD5.digest(s); end
-    def h(s) self.class.h(s); end
-    ##
-    # Function from RFC2831
-    def self.hh(s); Digest::MD5.hexdigest(s); end
-    def hh(s) self.class.hh(s); end
-
-    ##
-    # Calculate the value for the response field
-    def response_value(algorithm, nonce, nc, cnonce, qop, realm, a2_prefix='AUTHENTICATE')
-      #p :response_value => {:nonce=>nonce,
-      #  :cnonce=>cnonce,
-      #  :qop=>qop,
-      #  :username=>preferences.username,
-      #  :realm=>preferences.realm,
-      #  :password=>preferences.password,
-      #  :authzid=>preferences.authzid}
-      a1 = "#{preferences.username}:#{realm}:#{preferences.password}"
-      if algorithm.downcase == "md5-sess"
-          a1 = "#{h(a1)}:#{nonce}:#{cnonce}"
-      end
-
-      if preferences.authzid
-        a1 += ":#{preferences.authzid}"
-      end
-      @ha1=h(a1)
-
-      a2="#{a2_prefix}:#{preferences.digest_uri}"
-
-      qop = "missing" if not qop
-
-      case qop.downcase
-      when "auth-int", "auth-conf"
-        a2 = "#{a2}:00000000000000000000000000000000"
-      end
-
-      case qop.downcase
-      when "auth", "auth-int", "auth-conf"
-        hh("#{hh(a1)}:#{nonce}:#{nc}:#{cnonce}:#{qop}:#{hh(a2)}")
-      when "missing"
-        hh("#{hh(a1)}:#{nonce}:#{hh(a2)}")
-      else
-        raise "Unknown qop=#{qop}"
-      end
-    end
-
-    def next_nc
-      @nonce_count += 1
-      s = @nonce_count.to_s
-      s = "0#{s}" while s.length < 8
-      s
-    end
-  end
-
-  class DigestMD5SecureLayer < SecureLayer
-    class DigestMD5SecureLayerError < StandardError; end
-
-    DIGEST_SESSKEY_MAGIC_CONS_C2S = "Digest session key to client-to-server signing key magic constant"
-    DIGEST_SESSKEY_MAGIC_CONS_S2C = "Digest session key to server-to-client signing key magic constant"
-    DIGEST_HA1_MAGIC_CONS_C2S = "Digest H(A1) to client-to-server sealing key magic constant"
-    DIGEST_HA1_MAGIC_CONS_S2C = "Digest H(A1) to server-to-client sealing key magic constant"
-    ONE = [1].pack("n")
-
-    # DES does not use the last bit
-    def self.des_key(key)
-        key=key.bytes.to_a
-        (0..(key.size)).map {|i|
-            left  = (i>=1       ? ((key[i-1]<<(8-i))%256) : 0)
-            right = (i<key.size ? (key[i]>>i)             : 0)
-            (left | right).chr
-        }.join
-    end
-
-    def initialize(io, ha1, confidentiality, cipher, is_server=false)
-        super(io)
-        @localseq=0
-        @remoteseq=0
-
-        @confidentiality=confidentiality
-
-        if is_server
-            @ki_send=self.class.kis(ha1)
-            @ki_recv=self.class.kic(ha1)
-        else
-            @ki_send=self.class.kic(ha1)
-            @ki_recv=self.class.kis(ha1)
-        end
-
-        if @confidentiality
-          cipher.downcase!
-
-          # adapt openssl 3des name
-          ssl_cipher=cipher
-          key_len=nil
-          case cipher
-          when "des"
-            ssl_cipher="des-cbc"
-          when "3des"
-            ssl_cipher="des-ede-cbc"
-          when /rc4-[0-9]*/
-            key_bits=cipher.split("-").last.to_i
-            raise "Non 8-bit multiple for key size: #{key_bits}" if not key_bits%8 == 0
-            key_len=key_bits/8
-            ssl_cipher="rc4"
-          end
-
-          @enc=OpenSSL::Cipher.new(ssl_cipher).encrypt
-          @dec=OpenSSL::Cipher.new(ssl_cipher).decrypt
-
-          # Force keylen size for rc4-* that is not rc-40 or rc4. Does it work?
-          [@enc,@dec].each {|cp| cp.key_len = key_len } if key_len
-          
-          case cipher
-          # For cipher "rc4-40" n is 5;
-          when "rc4-40"
-            n=5
-          # for "rc4-56" n is 7;
-          when "rc4-56"
-            n=7
-          # for the rest n is 16
-          else
-            n=16
-          end
-
-          if is_server
-            @kc_send=self.class.kcs(ha1, n)
-            @kc_recv=self.class.kcc(ha1, n)
-          else
-            @kc_send=self.class.kcc(ha1, n)
-            @kc_recv=self.class.kcs(ha1, n)
-          end
-
-          # The key for the "rc-*" ciphers is all 16 bytes of Kcc or Kcs
-          case cipher
-          when /rc.*/
-            key_len=16
-            iv_len=0
-          # the key for "des" is the first 7 bytes
-          when "des"
-            key_len=7
-            iv_len=8
-          when "3des"
-            key_len=14
-            iv_len=8
-          end
-
-          kc_send=@kc_send[0,key_len]
-          kc_recv=@kc_recv[0,key_len]
-
-          case cipher
-          when "des"
-            # (8 bit * 7 bytes) key must be expanded to (7-bit * 8 bytes),
-            # skipping last bit
-            kc_send=self.class.des_key(kc_send)
-            kc_recv=self.class.des_key(kc_recv)
-            key_len = 8
-            # DES does not use padding here
-            [@enc,@dec].each {|cp| cp.padding=0 }
-          when "3des"
-            # (8 bit * 7 bytes) key must be expanded to (7-bit * 8 bytes),
-            # skipping last bit
-            kc_send=self.class.des_key(kc_send[0,7])+self.class.des_key(kc_send[7,7])
-            kc_recv=self.class.des_key(kc_recv[0,7])+self.class.des_key(kc_recv[7,7])
-            key_len = 16
-            # 3DES does not use padding here
-            [@enc,@dec].each {|cp| cp.padding=0 }
-          end
-
-          [@enc,@dec].each {|cp| cp.key_len = key_len } if key_len
-
-          @enc.key=kc_send
-          @enc.iv=@kc_send[-iv_len,iv_len] if iv_len >0
-          @dec.key=kc_recv
-          @dec.iv=@kc_recv[-iv_len,iv_len] if iv_len >0
-        end
-    end
-
-    def hm(ki, msg)
-        OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('md5'), ki, msg)
-    end
-
-    def mac(ki, seqnum, msg)
-      hm(ki, (seqnum + msg))[0..9]# + ONE + seqnum
-    end
-
-    def wrap(msg)
-        seqnum=[@localseq].pack("N")
-        if @confidentiality
-            # SEAL(Ki, Kc, SeqNum, msg) = {CIPHER(Kc, {msg, pad, HMAC(Ki, {SeqNum, msg})[0..9])}), 0x0001, SeqNum}
-            if @enc.block_size==1
-                pad=""
-            else
-                pad_len = @enc.block_size - ((msg.size + 10) % @enc.block_size)
-                pad=pad_len.chr*pad_len
-            end
-            buf=@enc.update(msg + pad + mac(@ki_send, seqnum, msg)) + ONE + seqnum
-        else
-            #MAC(Ki, SeqNum, msg) = (HMAC(Ki, {SeqNum, msg})[0..9], 0x0001, SeqNum)
-            buf=msg + mac(@ki_send, seqnum, msg) + ONE + seqnum
-        end
-        @localseq+=1
-        buf
-    end
-
-    def unwrap(buf)
-        msg_seqnum=buf[-4..-1]
-        # rfc2831 does not ask to check this
-        #exp_seqnum=[@remoteseq].pack("N")
-        #raise DigestMD5SecureLayerError, "Invalid remote sequence field! expected:#{@remoteseq}, got:#{msg_seqnum.unpack("N").first}" if not msg_seqnum == exp_seqnum
-        
-        msg_one=buf[-6..-5]
-        raise DigestMD5SecureLayerError, "Invalid one field!" if not msg_one == ONE
-
-        if @confidentiality
-            msg_pad_mac=@dec.update(buf[0..-7])
-            msg_mac=msg_pad_mac[-10..-1]
-
-            if @enc.block_size==1
-                msg=msg_pad_mac[0..-11]
-            else
-                pad_len=msg_pad_mac[-11].ord
-                raise DigestMD5SecureLayerError, "Invalid pad size. Invalid crypto? key?" if not ((1..8).include?(pad_len))
-                msg=msg_pad_mac[0..(-11-(pad_len))]
-            end
-        else
-            msg=buf[0..-17]
-            msg_mac=buf[-16..-7]
-        end
-        exp_mac=mac(@ki_recv, msg_seqnum, msg)
-        raise DigestMD5SecureLayerError, "Invalid mac field!" if not msg_mac == exp_mac        
-
-        @remoteseq+=1
-        msg
-    end
-
-    # Kic = MD5({H(A1), "Digest session key to client-to-server signing key magic constant"})
-    def self.kic(ha1)
-        DigestMD5.h(ha1 + DIGEST_SESSKEY_MAGIC_CONS_C2S)
-    end
-    def self.kis(ha1)
-        DigestMD5.h(ha1 + DIGEST_SESSKEY_MAGIC_CONS_S2C)
-    end
-
-    # Kcs = MD5({H(A1)[0..n], "Digest H(A1) to server-to-client sealing key magic constant"})
-    # FYI: Specs do not specify what 0..n means. According to cyrus sasl code, n is length and not position.
-    #      More like [0,n] for ruby
-    def self.kcc(ha1,n=16)
-        DigestMD5.h(ha1[0,n] + DIGEST_HA1_MAGIC_CONS_C2S)
-    end
-    def self.kcs(ha1,n=16)
-        DigestMD5.h(ha1[0,n] + DIGEST_HA1_MAGIC_CONS_S2C)
-    end
-
-  end
-end
-
-

data/lib/sasl/gssapi.rb

@@ -1,92 +0,0 @@
-require 'sasl/socket'
-
-module SASL
-
-  class GssApi < Mechanism
-
-    begin
-      # gssapi (1.1.2) 
-      require 'gssapi'
-      HasGSSAPI = true
-    rescue LoadError
-      # :stopdoc:
-      HasGSSAPI = false
-      # :startdoc:
-    end
-
-    def initialize(*args)
-        raise LoadError.new("You need gssapi gem in order to use this class") if not HasGSSAPI
-        super(*args)
-        preferences.config[:gss_opts] = {} if not preferences.config.include? :gss_opts    
-        preferences.config[:secure_layer] = false if preferences.config[:secure_layer]==nil
-    end
-
-    def start
-        @state = :authneg
-        (@service,@host)=preferences.digest_uri.split("/")
-        @cli = GSSAPI::Simple.new(@host, @service)
-        tok = @cli.init_context(nil, preferences.gss_opts)
-        ['auth', tok ]
-    end
-
-    def receive(message_name, content)
-      case message_name
-      when 'challenge'
-        case @state
-        when :authneg
-            if @cli.init_context(content, preferences.gss_opts)
-                if false #http
-                    @state = :waiting_result
-                else
-                    @state = :ssfcap
-                end
-            else
-                @state = :failure
-            end
-            response = nil  
-        when :ssfcap
-            ssf = @cli.unwrap_message(content)
-            if not ssf.size == 4
-                raise "token too short or long (#{ssf.size}). Should be 4."
-            end
-
-            if not preferences.secure_layer 
-                # No security wanted
-                response = @cli.wrap_message(0)
-            else
-                response = @cli.wrap_message(ssf)
-            end
-            @state = :waiting_result
-        else
-            raise "Invalid state #{@state}. Did you called start method?"
-        end
-        result=['response', response]
-      when 'success'
-         result=super
-         if preferences.secure_layer 
-            securelayer_wrapper = proc {|io| SASL::GssSecureLayer.new(io,@cli) }
-            result=['securelayer_wrapper', securelayer_wrapper]
-         end
-      else
-        result=super
-      end
-      result
-    end
-  end
-
-  class GssSecureLayer < SecureLayer
-    def initialize(io,ctx)
-        super(io)
-        @ctx=ctx
-    end
-
-    def wrap(buf)
-        @ctx.wrap_message(buf)
-    end
-   
-    def unwrap(buf)
-        @ctx.unwrap_message(buf)
-    end
-  end
-end
-

data/lib/sasl/gssspnego.rb

@@ -1,38 +0,0 @@
-module SASL
-
-  class GssSpnego < Mechanism
-
-    begin
-      # rubyntlm (0.3.3)
-      require 'net/ntlm'
-      HasNTLM = true
-    rescue LoadError
-      # :stopdoc:
-      HasNTLM = false
-      # :startdoc:
-    end
-
-    def initialize(*args)
-        raise LoadError.new("You need rubyntlm gem in order to use this class") if not HasNTLM
-        super(*args)
-    end
-
-    def start
-      @state = nil
-      ['auth', Net::NTLM::Message::Type1.new.serialize]
-    end
-
-    def receive(message_name, content)
-      if message_name == 'challenge'
-        t2_msg = Net::NTLM::Message.parse(content)
-        t3_msg = t2_msg.response({ :user => preferences.username, :password => preferences.password},
-                                 { :ntlmv2 => true })
-        p message_name
-        ['response', t3_msg.serialize]
-      else
-        super
-      end
-    end
-  end
-end
-

data/lib/sasl/plain.rb

@@ -1,14 +0,0 @@
-module SASL
-  ##
-  # RFC 4616:
-  # http://tools.ietf.org/html/rfc4616
-  class Plain < Mechanism
-    def start
-      @state = nil
-      message = [preferences.authzid.to_s,
-                 preferences.username,
-                 preferences.password].join("\000")
-      ['auth', message]
-    end
-  end
-end

data/lib/sasl/socket.rb

@@ -1,88 +0,0 @@
-module SASL
-    
-    class SecureLayer
-        attr_reader :io
-
-        def initialize(io)
-            @io=io
-        end
-
-        def write(buf)
-            wbuf = wrap(buf)
-            @io.syswrite([wbuf.size].pack("N"))
-            @io.syswrite(wbuf)
-        end
-    
-        def read
-            bsize=@io.sysread(4)
-            raise "SASL Buffer size is nil!" if bsize==nil
-            size=bsize.unpack("N")
-            buf=@io.sysread(size.first)
-            unwrap(buf)
-        end
-
-        def wrap(buf)
-            raise AbstractMethod
-        end
-
-        def unwrap(buf)
-            raise AbstractMethod
-        end
-
-        def close
-            @io.close
-        end
-    end
-
-    module Buffering
-        begin
-          require 'openssl'
-          HasOpenSSL = true
-        rescue LoadError
-          # :stopdoc:
-          HasOpenSSL = false
-          # :startdoc:
-        end
-
-        # When an object is extended
-        def self.extended(base)
-            class << base
-                Buffering.included(self)
-            end
-            base.initialize_buffering
-        end
-      
-        # When a class is extended
-        def self.included(base)
-            raise LoadError.new("SASL::Buffering depends on OpenSSL::Buffering") if not HasOpenSSL
-            base.class_eval do
-                alias_method :nonbuf_read,  :read
-                alias_method :nonbuf_write, :write
-                alias_method :nonbuf_close, :close
-
-                # OpenSSL::Buffering replaces initialize. I should save it
-                alias_method :orig_initialize, :initialize
-                include OpenSSL::Buffering
-                alias_method :initialize_buffering, :initialize
-                public :initialize_buffering
-                
-                def initialize(*args)
-                    orig_initialize(*args)
-                    initialize_buffering
-                end
-            end
-        end
-
-        def sysread(size)
-            nonbuf_read   
-        end
-
-        def syswrite(buf)
-            nonbuf_write(buf)
-        end
-
-        def sysclose
-            nonbuf_close
-        end
-    end
-end

data/spec/anonymous_spec.rb

@@ -1,19 +0,0 @@
-require 'sasl'
-require 'rspec'
-
-describe SASL::Anonymous do
-  class MyAnonymousPreferences < SASL::Preferences
-    def username
-      'bob'
-    end
-  end
-  preferences = MyAnonymousPreferences.new({})
-
-  it 'should authenticate anonymously' do
-    sasl = SASL::Anonymous.new('ANONYMOUS', preferences)
-    sasl.start.should == ['auth', 'bob']
-    sasl.success?.should == false
-    sasl.receive('success', nil).should == nil
-    sasl.success?.should == true
-  end
-end

data/spec/digest_md5_spec.rb

@@ -1,244 +0,0 @@
-require 'sasl'
-require 'rspec'
-
-describe SASL::DigestMD5 do
-  # Preferences from http://tools.ietf.org/html/rfc2831#section-4
-  class MyDigestMD5Preferences < SASL::Preferences
-    attr_writer :serv_type
-    def realm
-      'elwood.innosoft.com'
-    end
-    def digest_uri
-      "#{@serv_type}/elwood.innosoft.com"
-    end
-    def username
-      'chris'
-    end
-    def has_password?
-      true
-    end
-    def password
-      'secret'
-    end
-  end
-  preferences = MyDigestMD5Preferences.new({})
-
-  it 'should authenticate (1)' do
-    preferences.serv_type = 'imap'
-    sasl = SASL::DigestMD5.new('DIGEST-MD5', preferences)
-    sasl.start.should == ['auth', nil]
-    sasl.cnonce = 'OA6MHXh6VqTrRk'
-    response = sasl.receive('challenge',
-                            'realm="elwood.innosoft.com",nonce="OA6MG9tEQGm2hh",qop="auth",
-                             algorithm=md5-sess,charset=utf-8')
-    response[0].should == 'response'
-    response[1].should =~ /charset="?utf-8"?/
-    response[1].should =~ /username="?chris"?/
-    response[1].should =~ /realm="?elwood.innosoft.com"?/
-    response[1].should =~ /nonce="?OA6MG9tEQGm2hh"?/
-    response[1].should =~ /nc="?00000001"?/
-    response[1].should =~ /cnonce="?OA6MHXh6VqTrRk"?/
-    response[1].should =~ /digest-uri="?imap\/elwood.innosoft.com"?/
-    response[1].should =~ /response=d388dad90d4bbd760a152321f2143af7"?/
-    response[1].should =~ /"?qop="?auth"?/
-
-    sasl.receive('challenge',
-                 'rspauth=ea40f60335c427b5527b84dbabcdfffd').should ==
-      ['response', nil]
-    sasl.receive('success', nil).should == nil
-    sasl.success?.should == true
-  end
-
-  it 'should authenticate (2)' do
-    preferences.serv_type = 'acap'
-    sasl = SASL::DigestMD5.new('DIGEST-MD5', preferences)
-    sasl.start.should == ['auth', nil]
-    sasl.cnonce = 'OA9BSuZWMSpW8m'
-    response = sasl.receive('challenge',
-                            'realm="elwood.innosoft.com",nonce="OA9BSXrbuRhWay",qop="auth",
-                             algorithm=md5-sess,charset=utf-8')
-    response[0].should == 'response'
-    response[1].should =~ /charset="?utf-8"?/
-    response[1].should =~ /username="?chris"?/
-    response[1].should =~ /realm="?elwood.innosoft.com"?/
-    response[1].should =~ /nonce="?OA9BSXrbuRhWay"?/
-    response[1].should =~ /nc="?00000001"?/
-    response[1].should =~ /cnonce="?OA9BSuZWMSpW8m"?/
-    response[1].should =~ /digest-uri="?acap\/elwood.innosoft.com"?/
-    response[1].should =~ /response=6084c6db3fede7352c551284490fd0fc"?/
-    response[1].should =~ /"?qop="?auth"?/
-
-    sasl.receive('challenge',
-                 'rspauth=2f0b3d7c3c2e486600ef710726aa2eae').should ==
-      ['response', nil]
-    sasl.receive('success', nil).should == nil
-    sasl.success?.should == true
-  end
-
-  it 'should reauthenticate' do
-    preferences.serv_type = 'imap'
-    sasl = SASL::DigestMD5.new('DIGEST-MD5', preferences)
-    sasl.start.should == ['auth', nil]
-    sasl.cnonce = 'OA6MHXh6VqTrRk'
-    sasl.receive('challenge',
-                 'realm="elwood.innosoft.com",nonce="OA6MG9tEQGm2hh",qop="auth",
-                  algorithm=md5-sess,charset=utf-8')
-    # reauth:
-    response = sasl.start
-    response[0].should == 'response'
-    response[1].should =~ /charset="?utf-8"?/
-    response[1].should =~ /username="?chris"?/
-    response[1].should =~ /realm="?elwood.innosoft.com"?/
-    response[1].should =~ /nonce="?OA6MG9tEQGm2hh"?/
-    response[1].should =~ /nc="?00000002"?/
-    response[1].should =~ /cnonce="?OA6MHXh6VqTrRk"?/
-    response[1].should =~ /digest-uri="?imap\/elwood.innosoft.com"?/
-    response[1].should =~ /response=b0b5d72a400655b8306e434566b10efb"?/ # my own result
-    response[1].should =~ /"?qop="?auth"?/
-  end
-
-  it 'should fail' do
-    sasl = SASL::DigestMD5.new('DIGEST-MD5', preferences)
-    sasl.start.should == ['auth', nil]
-    sasl.receive('failure', 'EPIC FAIL')
-    sasl.failure?.should == true
-    sasl.success?.should == false
-  end
-end
-
-describe SASL::DigestMD5SecureLayer do
-  HA1="1234567890ABCDEF" if not defined? HA1
-  MSG="plaintext" if not defined? MSG
-
-  it 'DigestMD5SecureLayer.kic should generate correct KIC' do
-    result   = SASL::DigestMD5SecureLayer.kic(HA1)
-    expected = "\xC6 6/\xFD\xD5\x0F\xF6E7=\x82Y\x16\r\x03"
-    expected.bytes.to_a.should == result.bytes.to_a
-  end
-
-  it 'DigestMD5SecureLayer.kcc should generate correct KIS' do
-    result   = SASL::DigestMD5SecureLayer.kis(HA1)
-    expected = "\x10\xBED)v\x1E#I\xA5\xF8RR\xF4\x80\t_"
-    expected.bytes.to_a.should == result.bytes.to_a
-  end
-
-  it 'DigestMD5SecureLayer.kcc should generate correct KCC (n=16)' do
-    result   = SASL::DigestMD5SecureLayer.kcc(HA1,16)
-    expected = "a\xA2\xF5\x9C\xD2g\x85\xF3\eOZ\x10^\xF9\x97v"
-    expected.bytes.to_a.should == result.bytes.to_a
-  end
-
-  it 'DigestMD5SecureLayer.kcc should generate correct KCC (n=7)' do
-    result   = SASL::DigestMD5SecureLayer.kcc(HA1,7)
-    expected = "E{\xC1\xE4\x14W\x12\xE4\x88d=\xA5\xFCY5M"
-    expected.bytes.to_a.should == result.bytes.to_a
-  end
-
-  it 'DigestMD5SecureLayer.kcc should generate correct KCC (n=5)' do
-    result   = SASL::DigestMD5SecureLayer.kcc(HA1,5)
-    expected = "\xD3\xBCK\x86\xF4\xC1\xEF\xA9\xAE\xCC\xB9K\xA4KJ\x99"
-    expected.bytes.to_a.should == result.bytes.to_a
-  end
-
-  it 'DigestMD5SecureLayer.kcs should generate correct KCS (n=5)' do
-    result   = SASL::DigestMD5SecureLayer.kcs(HA1,16)
-    expected = "\x18g\xDA\xD2\x99\xC41\xD3\x11\x0E\x8B\xA2\xAC&\x82\xA3"
-    expected.bytes.to_a.should == result.bytes.to_a
-  end
-
-  ###################
-  # Integrity tests
-  ###################
-  function="DigestMD5SecureLayer.wrap (integrity mode, client)"
-  io=StringIO.new("", "w")
-  dg=SASL::DigestMD5SecureLayer.new(io, HA1, false, nil, false)
-  dg.write(MSG)
-  buf=io.string
-
-  # Client mode (write)
-  it 'should generate correct bufsize' do
-    result   = buf[0,4]
-    expected = "\x00\x00\x00\x19" 
-    expected.bytes.to_a.should == result.bytes.to_a
-  end
-  # I should tested this twice to see if it increments
-  it 'should generate correct seq number' do
-    result   = buf[-4,4]
-    expected = "\x00\x00\x00\x00" 
-    expected.bytes.to_a.should == result.bytes.to_a
-  end
-  it 'should generate one number' do
-    result   = buf[-6,2]
-    expected = "\x00\x01"
-    expected.bytes.to_a.should == result.bytes.to_a
-  end
-  it 'should generate correct MAC field ' do
-    result   = buf[-16,10]
-    expected = "b\xD6\xD1#\xCF\xCE7\x97\x1D\xD4"
-    expected.bytes.to_a.should == result.bytes.to_a
-  end
-  it 'should preserve original msg content' do
-    result   = buf[4,9]
-    expected = MSG
-    expected.bytes.to_a.should == result.bytes.to_a
-  end
-
-  # Server mode (read)
-  it 'should return only the original msg content' do
-    io=StringIO.new(buf, "r")
-    dg=SASL::DigestMD5SecureLayer.new(io, HA1, false, nil, true)
-    result = dg.read
-    expected = MSG 
-    expected.bytes.to_a.should == result.bytes.to_a
-  end
-  it 'should raise exception when msgsize is changed' do
-     buf_def=buf.clone
-     buf_def[4]="\x18"
-     io=StringIO.new(buf_def, "r")
-     dg=SASL::DigestMD5SecureLayer.new(io, HA1, false, nil, true)
-     expect { dg.read }.to raise_error SASL::DigestMD5SecureLayer::DigestMD5SecureLayerError
-  end
-  it 'should raise exception when one field is missing' do
-     buf_def=buf.clone
-     buf_def[-5]="\x02"
-     io=StringIO.new(buf_def, "r")
-     dg=SASL::DigestMD5SecureLayer.new(io, HA1, false, nil, true)
-     expect { dg.read }.to raise_error SASL::DigestMD5SecureLayer::DigestMD5SecureLayerError
-  end
-  it 'should raise exception when MAC is changed' do
-     buf_def=buf.clone
-     buf_def[-16]="\x0F"
-     io=StringIO.new(buf_def, "r")
-     dg=SASL::DigestMD5SecureLayer.new(io, HA1, false, nil, true)
-     expect { dg.read }.to raise_error SASL::DigestMD5SecureLayer::DigestMD5SecureLayerError
-  end
-  it 'should raise exception when msg content is changed' do
-     buf_def=buf.clone
-     buf_def[4]="P"
-     io=StringIO.new(buf_def, "r")
-     dg=SASL::DigestMD5SecureLayer.new(io, HA1, false, nil, true)
-     expect { dg.read }.to raise_error SASL::DigestMD5SecureLayer::DigestMD5SecureLayerError
-  end
-
-  ###########################
-  # Confidentiality tests
-  ###########################
-  ["rc4","rc4-40","rc4-56","des","3des"].each do
-    |cipher|
-     it "should encrypt and decrypt messages with #{cipher} cipher" do
-       # client
-       io=StringIO.new("", "w")
-       dg=SASL::DigestMD5SecureLayer.new(io, HA1, true, cipher, false)
-       dg.write(MSG)
-       buf=io.string
-
-       # server
-       io=StringIO.new(buf, "r")
-       dg=SASL::DigestMD5SecureLayer.new(io, HA1, true, cipher, true)
-       result = dg.read
-       expected = MSG 
-       expected.bytes.to_a.should == result.bytes.to_a
-     end
-  end
-
-end

data/spec/mechanism_spec.rb

@@ -1,65 +0,0 @@
-require 'sasl'
-require 'rspec'
-
-describe SASL do
-  it 'should know DIGEST-MD5' do
-    sasl = SASL.new_mechanism('DIGEST-MD5', SASL::Preferences.new({}))
-    sasl.should be_an_instance_of SASL::DigestMD5
-  end
-  it 'should know PLAIN' do
-    sasl = SASL.new_mechanism('PLAIN', SASL::Preferences.new({}))
-    sasl.should be_an_instance_of SASL::Plain
-  end
-  it 'should know ANONYMOUS' do
-    sasl = SASL.new_mechanism('ANONYMOUS', SASL::Preferences.new({}))
-    sasl.should be_an_instance_of SASL::Anonymous
-  end
-  it 'should know GSSAPI' do
-    sasl = SASL.new_mechanism('GSSAPI', SASL::Preferences.new({}))
-    sasl.should be_an_instance_of SASL::GssApi
-  end
-  it 'should know GSS-SPNEGO' do
-    sasl = SASL.new_mechanism('GSS-SPNEGO', SASL::Preferences.new({}))
-    sasl.should be_an_instance_of SASL::GssSpnego
-  end
-
-  it 'should choose ANONYMOUS' do
-    preferences = SASL::Preferences.new({})
-    class << preferences
-      def want_anonymous?
-        true
-      end
-    end
-    SASL.new(%w(PLAIN DIGEST-MD5 ANONYMOUS), preferences).should be_an_instance_of SASL::Anonymous
-  end
-  it 'should choose DIGEST-MD5' do
-    preferences = SASL::Preferences.new({})
-    class << preferences
-      def has_password?
-        true
-      end
-    end
-    SASL.new(%w(PLAIN DIGEST-MD5 ANONYMOUS), preferences).should be_an_instance_of SASL::DigestMD5
-  end
-  it 'should choose PLAIN' do
-    preferences = SASL::Preferences.new({})
-    class << preferences
-      def has_password?
-        true
-      end
-      def allow_plaintext?
-        true
-      end
-    end
-    SASL.new(%w(PLAIN ANONYMOUS), preferences).should be_an_instance_of SASL::Plain
-  end
-  it 'should disallow PLAIN by default' do
-    preferences = SASL::Preferences.new({})
-    class << preferences
-      def has_password?
-        true
-      end
-    end
-    lambda { SASL.new(%w(PLAIN ANONYMOUS), preferences) }.should raise_error(SASL::UnknownMechanism)
-  end
-end

data/spec/plain_spec.rb

@@ -1,39 +0,0 @@
-require 'sasl'
-require 'rspec'
-
-describe SASL::Plain do
-  class MyPlainPreferences < SASL::Preferences
-    def authzid
-      'bob@example.com'
-    end
-    def username
-      'bob'
-    end
-    def has_password?
-      true
-    end
-    def password
-      's3cr3t'
-    end
-  end
-  preferences = MyPlainPreferences.new({})
-
-  it 'should authenticate' do
-    sasl = SASL::Plain.new('PLAIN', preferences)
-    sasl.start.should == ['auth', "bob@example.com\000bob\000s3cr3t"]
-    sasl.success?.should == false
-    sasl.receive('success', nil).should == nil
-    sasl.failure?.should == false
-    sasl.success?.should == true
-  end
-
-  it 'should recognize failure' do
-    sasl = SASL::Plain.new('PLAIN', preferences)
-    sasl.start.should == ['auth', "bob@example.com\000bob\000s3cr3t"]
-    sasl.success?.should == false
-    sasl.failure?.should == false
-    sasl.receive('failure', 'keep-idiots-out').should == nil
-    sasl.failure?.should == true
-    sasl.success?.should == false
-  end
-end

data/spec/socket_spec.rb

@@ -1,49 +0,0 @@
-require "sasl"
-require 'socket'
-require 'rspec'
-
-describe SASL::SecureLayer do
-
-  class PlainSecureLayer < SASL::SecureLayer
-    def wrap(buf)
-      buf
-    end
-    def unwrap(buf)
-      buf
-    end
-  end
-
-  MSG="plaintext" if not defined? MSG
-  io=StringIO.new("","w")
-  sl=PlainSecureLayer.new(io)
-  sl.write(MSG)
-  buf=io.string
-
-  it 'should send msg with correct size' do
-    buf[0,4].unpack("N").first.should == MSG.size
-  end
-  it 'should send msg with the correct content' do
-    msg=buf[4..-1]
-    msg.bytes.to_a.should == MSG.bytes.to_a
-  end
-
-  it 'should recv msg with the correct content' do
-    io=StringIO.new(buf,"r")
-    sl=PlainSecureLayer.new(io)
-    msg=sl.read
-    msg.bytes.to_a.should == MSG.bytes.to_a
-  end
-
-  class PlainSecureLayerBuffered < PlainSecureLayer
-    include SASL::Buffering
-  end
-
-  it 'should recv msg with the correct content, even when buffering' do
-    io=StringIO.new(buf,"r")
-    sl=PlainSecureLayerBuffered.new(io)
-    MSG.each_char {|chr|
-      sl.getc.ord.should == chr.ord
-    }
-  end
-
-end