lex-kerberos 0.1.5 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +8 -0
  3. data/lib/legion/extensions/kerberos/helpers/spnego.rb +19 -4
  4. data/lib/legion/extensions/kerberos/version.rb +1 -1
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a852d223ce08d5c6018f29b5f76e46bd3a1b50aa7af8887dd8e02485b9f54b33
4
- data.tar.gz: ee7ceb9198dfe64e2f820dd39b0001b49721aec038e2f2ca823301655f714ece
3
+ metadata.gz: e0e7ecd19667452d1b11545558778ab33d898324ed4c6de3336bc0df524b06d9
4
+ data.tar.gz: 321674d1dce2b4d150c84652fde3bca8d4f595f7eafe52d1afef1a0109805fb4
5
5
  SHA512:
6
- metadata.gz: d894113be6962342d3964507fc89d19e219586e07dab8e2361747b95c62a8d8bfc6026844e140892706f4846c6df9f365941055974913bccc2cc0e1835d0aeaf
7
- data.tar.gz: 564021526363a320ff39b838d2b23757ee28a671dc16dc6c3dc3a09366e3416de0a58ea1c16e008e354da4ad70158f53eabf0e868269bb2ed35498812a29c050
6
+ metadata.gz: 2d6ba01ef25f0d429505d9df044ca3d9c7a993ae11f3f70662e4573f08dd2e7e07c7a759879e1296999543d3689b6d9923c38dce6e8a8b0e392a14f5d64aef16
7
+ data.tar.gz: 4cfe65a4ba6fd0167fe6e0f35c5330a6919255d80f30bbf82a6a6974da37ad1d0018c0a29713119992f8962e9418a0e92112700d0efe4be38c455511b3d4fa39
data/CHANGELOG.md CHANGED
@@ -2,6 +2,14 @@
2
2
 
3
3
  ## [Unreleased]
4
4
 
5
+ ## [0.1.6] - 2026-03-26
6
+
7
+ ### Fixed
8
+ - macOS Heimdal segfault: disable FFI autorelease on `@int_svc_name`, `@context`, `@scred` after obtaining SPNEGO token to prevent `gss_release_name` crash during GC
9
+
10
+ ### Changed
11
+ - Extract `init_spnego_context` private method from `obtain_spnego_token` for clarity
12
+
5
13
  ## [0.1.5] - 2026-03-25
6
14
 
7
15
  ### Added
data/lib/legion/extensions/kerberos/helpers/spnego.rb CHANGED
@@ -34,17 +34,32 @@ module Legion
34
34
  return { success: false, error: "service_principal must contain '/'" }
35
35
  end
36
36
 
37
+ token_bytes = init_spnego_context(service_principal)
38
+ { success: true, token: Base64.strict_encode64(token_bytes) }
39
+ rescue GSSAPI::GssApiError => e
40
+ { success: false, error: e.message }
41
+ end
42
+
43
+ private
44
+
45
+ def init_spnego_context(service_principal)
37
46
  service, host = service_principal.split('/', 2)
38
47
  ctx = GSSAPI::Simple.new(host, service)
39
48
  token_bytes = ctx.init_context
40
49
  raise GSSAPI::GssApiError, 'init_context returned nil token' if token_bytes.nil?
41
50
 
42
- { success: true, token: Base64.strict_encode64(token_bytes) }
43
- rescue GSSAPI::GssApiError => e
44
- { success: false, error: e.message }
51
+ # Prevent macOS Heimdal segfault in gss_release_name during GC (FFI autopointer finalizer).
52
+ disable_gssapi_finalizers(ctx) if RUBY_PLATFORM.include?('darwin')
53
+ token_bytes
45
54
  end
46
55
 
47
- private
56
+ def disable_gssapi_finalizers(ctx)
57
+ %i[@int_svc_name @context @scred].each do |ivar|
58
+ ptr = ctx.instance_variable_get(ivar)
59
+ ptr.autorelease = false if ptr.respond_to?(:autorelease=)
60
+ end
61
+ rescue StandardError # rubocop:disable Lint/SuppressedException
62
+ end
48
63
 
49
64
  def negotiate(input_bytes, service_principal)
50
65
  service, host = service_principal.split('/', 2)
data/lib/legion/extensions/kerberos/version.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  module Legion
4
4
  module Extensions
5
5
  module Kerberos
6
- VERSION = '0.1.5'
6
+ VERSION = '0.1.6'
7
7
  end
8
8
  end
9
9
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: lex-kerberos
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.5
4
+ version: 0.1.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Esity