mongo_kerberos 1.12.5 → 2.0.0.beta

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d979298212bcb5d6578b9159cf6ac64edb3a6850
-  data.tar.gz: 023d477567b958541c4f5f079f310410c2529f6e
+  metadata.gz: 694a7be9f3d2f4e5b023a41185a5647365d8a74b
+  data.tar.gz: f965f509fbc58144270e0e996fccbf4b8c706fe2
 SHA512:
-  metadata.gz: d1cace8d82858218466d2c2cfd3187d365b7cecb30f7cc773d7bc869a4a3e1d96d3867f406145fe522af1674ae9606acb38d142f86e5986c5e6243bf68683722
-  data.tar.gz: fd451dfccc9f92fd1bf87f9809d5cc0fba291ea175ca8bbbf126de76fe0745e9f62a9259d65f9e47127964ddbd6c16ce7fb3f5c7ec7d3dd57d5060d5f395f61f
+  metadata.gz: 22481c83798b568a4717e64e315bdeac791936c9b090d32553ed28e3d191ccad537dbacc5c1bf9e83d375d8812fca806f2da7f5659c2e181e8488aa97ad9100f
+  data.tar.gz: f0364c77acbc3bf73d92deb3e5c7f1a48592ee8e15f37339aae4c271d9d2c284b1f96c09756301c1f39157a5cd98d6e1d499bdbbf69c442a416d8fccd1bafb54

data/CONTRIBUTING.md

@@ -0,0 +1,42 @@
+Contributing
+============
+
+Code Conventions
+----------------
+
+Code style should fall in line with the style guide outlined by
+[Github](https://github.com/styleguide/ruby)
+
+Testing
+-------
+
+Bug fixes and new features should always have the appropriate specs, and the
+specs should follow the following guidelines:
+
+- Prefer `let` and `let!` over the use of instance variables and `subject`.
+- Prefer `expect(...).to eq(...) syntax over `...should eq(...)`.
+- Use shared examples to reduce duplication.
+- Use `describe "#method"` for instance method specs.
+- Use `describe ".method"` for class method specs.
+- Use `context` blocks to set up conditions.
+- Always provide descriptive specifications via `it`.
+
+Specs can be automatically run with Guard, via `bundle exec guard`
+
+Before commiting, run `rake` to ensure all specs pass with both pure Ruby and
+the native extensions.
+
+Git Etiquette
+-------------
+
+Please follow the commit message guidelines as outlined
+[in this blog post](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
+
+If the commit fixes a bug, please add the JIRA number on the last line:
+
+```
+[ close RUBY-492 ]
+```
+
+Please ensure that only one feature/bug fix is in each pull request, and
+that it is squashed into a single commit.

data/LICENSE

@@ -175,7 +175,7 @@
 
    END OF TERMS AND CONDITIONS
 
-   Copyright (C) 2008-2013 MongoDB, Inc.
+   Copyright (C) 2008-2015 MongoDB, Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

data/NOTICE

@@ -0,0 +1,2 @@
+Ruby Mongo Kerberos Support
+Copyright (C) 2014-2015 MongoDB, Inc.

data/README.md

@@ -0,0 +1,43 @@
+Mongo Kerberos [![Build Status](https://secure.travis-ci.org/mongodb/mongo-ruby-kerberos.png?branch=master&.png)](http://travis-ci.org/mongodb/mongo-ruby-kerberos) [![Code Climate](https://codeclimate.com/github/mongodb/mongo-ruby-kerberos.png)](https://codeclimate.com/github/mongodb/mongo-ruby-kerberos) [![Coverage Status](https://coveralls.io/repos/mongodb/mongo-ruby-kerberos/badge.png?branch=master)](https://coveralls.io/r/mongodb/mongo-ruby-kerberos?branch=master)
+====
+
+Provides Kerberos authentication support to the Mongo Ruby Driver.
+
+Compatibility
+-------------
+
+mongo_kerberos is tested against MRI (1.9.2+) and JRuby (1.7.0+)
+
+Installation
+------------
+
+libsasl is a requirement to be able to install the mongo_kerberos gem. Please see the
+[Cyrus documentation](http://cyrusimap.web.cmu.edu/docs/cyrus-sasl/2.1.25/) for more
+information.
+
+With bundler, add the `mongo_kerberos` gem to your `Gemfile`.
+
+```ruby
+gem "mongo_kerberos", "~> 2.0"
+```
+
+Require the `mongo_kerberos` gem in your application.
+
+```ruby
+require "mongo_kerberos"
+```
+
+Usage
+-----
+
+
+API Documentation
+-----------------
+
+The [API Documentation](http://rdoc.info/github/mongodb/mongo-ruby-kerberos/master/frames) is
+located at rdoc.info.
+
+Versioning
+----------
+
+As of 2.0.0, this project adheres to the [Semantic Versioning Specification](http://semver.org/).

data/Rakefile

@@ -0,0 +1,96 @@
+# Copyright (C) 2009-2013 MongoDB Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "bundler"
+Bundler.setup
+
+$LOAD_PATH.unshift(File.expand_path("../lib", __FILE__))
+
+require "rake"
+require "rake/extensiontask"
+require "rspec/core/rake_task"
+
+def jruby?
+  defined?(JRUBY_VERSION)
+end
+
+if jruby?
+  require "rake/javaextensiontask"
+  Rake::JavaExtensionTask.new do |ext|
+    ext.name = "native"
+    ext.ext_dir = "src"
+    ext.lib_dir = "lib/mongo/auth/kerberos"
+  end
+else
+  require "rake/extensiontask"
+  Rake::ExtensionTask.new do |ext|
+    ext.name = "native"
+    ext.ext_dir = "ext/mongo/kerberos"
+    ext.lib_dir = "lib/mongo/auth/kerberos"
+  end
+end
+
+require "mongo/auth/kerberos/version"
+
+def extension
+  RUBY_PLATFORM =~ /darwin/ ? "bundle" : "so"
+end
+
+RSpec::Core::RakeTask.new(:rspec)
+
+if jruby?
+  task :build => [ :clean_all, :compile ] do
+    system "gem build mongo_kerberos.gemspec"
+  end
+else
+  task :build => :clean_all do
+    system "gem build mongo_kerberos.gemspec"
+  end
+end
+
+task :clean_all => :clean do
+  begin
+    Dir.chdir(Pathname(__FILE__).dirname + "lib") do
+      `rm native.#{extension}`
+      `rm native.o`
+      `rm native.jar`
+    end
+  rescue Exception => e
+    puts e.message
+  end
+end
+
+task :spec => :compile do
+  Rake::Task["rspec"].invoke
+end
+
+# Run bundle exec rake release with mri and jruby. Ex:
+#
+# rvm use 2.1.0@mongo_kerberos
+# bundle exec rake release
+# rvm use jruby@mongo_kerberos
+# bundle exec rake release
+task :release => :build do
+  system "git tag -a #{Mongo::Auth::Kerberos::VERSION} -m 'Tagging release: #{Mongo::Auth::Kerberos::VERSION}'"
+  system "git push --tags"
+  if jruby?
+    system "gem push mongo_kerberos-#{Mongo::Auth::Kerberos::VERSION}-java.gem"
+    system "rm mongo_kerberos-#{Mongo::Auth::Kerberos::VERSION}-java.gem"
+  else
+    system "gem push mongo_kerberos-#{Mongo::Auth::Kerberos::VERSION}.gem"
+    system "rm mongo_kerberos-#{Mongo::Auth::Kerberos::VERSION}.gem"
+  end
+end
+
+task :default => [ :clean_all, :spec ]

data/ext/{csasl → mongo/kerberos}/extconf.rb

@@ -1,8 +1,7 @@
 require 'mkmf'
 find_header('sasl/sasl.h')
-
 if have_library('sasl2', 'sasl_version')
-  create_makefile('csasl/csasl')
+  create_makefile('native')
 else
   abort "libsasl (cyrus sasl) is required in the system to install the mongo_kerberos gem."
 end

data/ext/{csasl/csasl.c → mongo/kerberos/native.c}

@@ -155,11 +155,11 @@ static VALUE evaluate_challenge(VALUE self, VALUE rb_payload) {
 
 VALUE c_GSSAPI_authenticator;
 
-void Init_csasl() {
-  VALUE mongo, sasl;
+void Init_native() {
+  VALUE mongo, auth;
   mongo = rb_const_get(rb_cObject, rb_intern("Mongo"));
-  sasl = rb_const_get(mongo, rb_intern("Sasl"));
-  c_GSSAPI_authenticator = rb_define_class_under(sasl, "GSSAPIAuthenticator", rb_cObject);
+  auth = rb_const_get(mongo, rb_intern("Auth"));
+  c_GSSAPI_authenticator = rb_define_class_under(auth, "GSSAPIAuthenticator", rb_cObject);
   rb_define_method(c_GSSAPI_authenticator, "initialize", a_init, 4);
   rb_define_method(c_GSSAPI_authenticator, "initialize_challenge", initialize_challenge, 0);
   rb_define_method(c_GSSAPI_authenticator, "evaluate_challenge", evaluate_challenge, 1);

data/lib/mongo/auth/kerberos/conversation.rb

@@ -0,0 +1,160 @@
+# Copyright (C) 2015 MongoDB Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+if BSON::Environment.jruby?
+  require 'mongo/auth/kerberos/jruby/authenticator'
+else
+  require 'mongo/auth/kerberos/mri/authenticator'
+end
+
+module Mongo
+  module Auth
+    class Kerberos
+
+      # Defines behaviour around a single GSSAPI conversation between the
+      # client and server.
+      #
+      # @since 2.0.0
+      class Conversation
+
+        # The base client continue message.
+        #
+        # @since 2.0.0
+        CONTINUE_MESSAGE = { saslContinue: 1 }.freeze
+
+        # The key for the done field in the responses.
+        #
+        # @since 2.0.0
+        DONE = 'done'.freeze
+
+        # The conversation id field.
+        #
+        # @since 2.0.0
+        ID = 'conversationId'.freeze
+
+        # The payload field.
+        #
+        # @since 2.0.0
+        PAYLOAD = 'payload'.freeze
+
+        # The base client first message.
+        #
+        # @since 2.0.0
+        START_MESSAGE = { saslStart: 1, autoAuthorize: 1 }.freeze
+
+        # @return [ Protocol::Reply ] reply The current reply in the conversation.
+        attr_reader :reply
+
+        # @return [ Authenticator ] authenticator The native SASL authenticator.
+        attr_reader :authenticator
+
+        # @return [ Mongo::Auth::User ] user The user to authenticate.
+        attr_reader :user
+
+        # Finalize the conversation.
+        #
+        # @example Finalize the conversation.
+        #   conversation.finalize(reply)
+        #
+        # @param [ Protocol::Reply ] reply The response from the server.
+        #
+        # @return [ Protocol::Query ] The next query to execute.
+        #
+        # @since 2.0.0
+        def finalize(reply)
+          validate!(reply)
+          Protocol::Query.new(
+            Auth::EXTERNAL,
+            Database::COMMAND,
+            CONTINUE_MESSAGE.merge(payload: continue_token, conversationId: id),
+            limit: -1
+          )
+        end
+
+        # Start the authentication conversation.
+        #
+        # @example Start the conversation.
+        #   conversation.start
+        #
+        # @return [ Protocol::Query ] The command to execute.
+        #
+        # @since 2.0.0
+        def start
+          Protocol::Query.new(
+            Auth::EXTERNAL,
+            Database::COMMAND,
+            START_MESSAGE.merge(mechanism: Kerberos::MECHANISM, payload: start_token),
+            limit: -1
+          )
+        end
+
+        # Get the id of the conversation.
+        #
+        # @example Get the id of the conversation.
+        #   conversation.id
+        #
+        # @return [ Integer ] The conversation id.
+        #
+        # @since 2.0.0
+        def id
+          reply.documents[0][ID]
+        end
+
+        # Create the new conversation.
+        #
+        # @example Create the new coversation.
+        #   Conversation.new(user, 'test.example.com')
+        #
+        # @param [ Auth::User ] user The user to converse about.
+        # @param [ String ] host The host to talk to.
+        #
+        # @since 2.0.0
+        def initialize(user, host)
+          @user = user
+          @authenticator = Authenticator.new(user, host)
+        end
+
+        private
+
+        if BSON::Environment.jruby?
+
+          def start_token
+            BSON::Binary.new(authenticator.initialize_challenge)
+          end
+
+          def continue_token
+            payload = reply.documents[0][PAYLOAD]
+            BSON::Binary.new(authenticator.evaluate_challenge(payload.data))
+          end
+        else
+
+          def start_token
+            authenticator.initialize_challenge
+          end
+
+          def continue_token
+            authenticator.evaluate_challenge(reply.documents[0][PAYLOAD])
+          end
+        end
+
+        def validate!(reply)
+          unless reply.documents[0][Operation::Result::OK] == 1
+            raise Unauthorized.new(user)
+          end
+          @reply = reply
+        end
+      end
+    end
+  end
+end

data/lib/mongo/auth/kerberos/jruby/authenticator.rb

@@ -0,0 +1,53 @@
+# Copyright (C) 2014 MongoDB, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'java'
+require 'mongo/auth/kerberos/jsasl.jar'
+require 'mongo/auth/kerberos/native.jar'
+
+module Mongo
+  module Auth
+    class Kerberos
+
+      # Wraps authenticator construction for JRuby.
+      #
+      # @since 2.0.0
+      class Authenticator
+        extend Forwardable
+
+        # Delegate to the wrapped authenticator.
+        def_delegators :@wrapped, :initialize_challenge, :evaluate_challenge
+
+        # Crate the new authenticator.
+        #
+        # @example Create the authenticator.
+        #   Authenticator.new(user, host)
+        #
+        # @param [ Mongo::Auth::User ] user The user.
+        # @param [ String ] host The host.
+        #
+        # @since 2.0.0
+        def initialize(user, host)
+          @wrapped = org.mongodb.sasl.GSSAPIAuthenticator.new(
+            JRuby.runtime,
+            user.name,
+            host,
+            user.auth_mech_properties[:service_name] || 'mongodb',
+            user.auth_mech_properties[:canonicalize_host_name] || false
+          )
+        end
+      end
+    end
+  end
+end

data/lib/mongo/auth/kerberos/mri/authenticator.rb

@@ -0,0 +1,50 @@
+# Copyright (C) 2014 MongoDB, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'mongo/auth/kerberos/native'
+
+module Mongo
+  module Auth
+    class Kerberos
+
+      # Wraps authenticator construction for MRI.
+      #
+      # @since 2.0.0
+      class Authenticator
+        extend Forwardable
+
+        # Delegate to the wrapped authenticator.
+        def_delegators :@wrapped, :initialize_challenge, :evaluate_challenge
+
+        # Crate the new authenticator.
+        #
+        # @example Create the authenticator.
+        #   Authenticator.new(user, host)
+        #
+        # @param [ Mongo::Auth::User ] user The user.
+        # @param [ String ] host The host.
+        #
+        # @since 2.0.0
+        def initialize(user, host)
+          @wrapped = GSSAPIAuthenticator.new(
+            user.name,
+            host,
+            user.auth_mech_properties[:service_name] || 'mongodb',
+            user.auth_mech_properties[:canonicalize_host_name] || false
+          )
+        end
+      end
+    end
+  end
+end

data/lib/mongo/auth/kerberos/version.rb

@@ -0,0 +1,23 @@
+# Copyright (C) 2015 MongoDB, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module Mongo
+  module Auth
+    class Kerberos
+
+      # The gem version number.
+      VERSION = '2.0.0.beta'.freeze
+    end
+  end
+end

data/lib/mongo/auth/kerberos.rb

@@ -0,0 +1,53 @@
+# Copyright (C) 2014-2015 MongoDB, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'mongo/auth/kerberos/conversation'
+require 'mongo/auth/kerberos/version'
+
+module Mongo
+  module Auth
+
+    # Defines behaviour for Kerberos authentication.
+    #
+    # @since 2.0.0
+    class Kerberos
+      include Executable
+
+      # The authentication mechinism string.
+      #
+      # @since 2.0.0
+      MECHANISM = 'GSSAPI'.freeze
+
+      # Log the user in on the given connection.
+      #
+      # @example Log the user in.
+      #   user.login(connection)
+      #
+      # @param [ Mongo::Connection ] connection The connection to log into.
+      #   on.
+      #
+      # @return [ Protocol::Reply ] The authentication response.
+      #
+      # @since 2.0.0
+      def login(connection)
+        conversation = Conversation.new(user, connection.address.host)
+        reply = connection.dispatch([ conversation.start ])
+        until reply.documents[0][Conversation::DONE]
+          reply = connection.dispatch([ conversation.finalize(reply) ])
+        end
+        reply
+      end
+    end
+  end
+end

data/lib/mongo_kerberos.rb

@@ -4,7 +4,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#   http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
@@ -12,30 +12,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require 'forwardable'
 require 'mongo'
+require 'mongo/auth/kerberos'
 
-begin
-  if RUBY_PLATFORM =~ /java/
-    require 'mongo_kerberos/sasl_java'
-  else
-    require 'mongo_kerberos/sasl_c'
-    require "csasl/csasl"
-  end
-end
-
-module Mongo
-  module Authentication
-
-    private
+# Add the Kerberos authentication mechanism.
+#
+# @since 2.0.0
+Mongo::Auth::SOURCES[:gssapi] = Mongo::Auth::Kerberos
 
-    # Handles issuing authentication commands for the GSSAPI auth mechanism.
-    #
-    # @param auth [Hash] The authentication credentials to be used.
-    # @param opts [Hash] Hash of optional settings and configuration values.
-    #
-    # @private
-    def issue_gssapi(auth, opts={})
-      Mongo::Sasl::GSSAPI.authenticate(auth[:username], self, opts[:socket], auth[:extra] || {})
-    end
-  end
-end
+# @note Prevent any further modifications.
+Mongo::Auth::SOURCES.freeze

data/spec/mongo/auth/kerberos/conversation_spec.rb

@@ -0,0 +1,131 @@
+require 'spec_helper'
+
+describe Mongo::Auth::Kerberos::Conversation do
+
+  let(:user) do
+    Mongo::Auth::User.new(user: 'test')
+  end
+
+  let(:conversation) do
+    described_class.new(user, 'test.example.com')
+  end
+
+  let(:authenticator) do
+    double('authenticator')
+  end
+
+  before do
+    expect(Mongo::Auth::Kerberos::Authenticator).to receive(:new).
+      with(user, 'test.example.com').
+      and_return(authenticator)
+  end
+
+  describe '#start' do
+
+    let(:query) do
+      conversation.start
+    end
+
+    let(:selector) do
+      query.selector
+    end
+
+    before do
+      expect(authenticator).to receive(:initialize_challenge).and_return('test')
+    end
+
+    it 'sets the sasl start flag' do
+      expect(selector[:saslStart]).to eq(1)
+    end
+
+    it 'sets the auto authorize flag' do
+      expect(selector[:autoAuthorize]).to eq(1)
+    end
+
+    it 'sets the mechanism' do
+      expect(selector[:mechanism]).to eq('GSSAPI')
+    end
+
+    it 'sets the payload', unless: BSON::Environment.jruby? do
+      expect(selector[:payload]).to start_with('test')
+    end
+
+    it 'sets the payload', if: BSON::Environment.jruby? do
+      expect(selector[:payload].data).to start_with('test')
+    end
+  end
+
+  describe '#finalize' do
+
+    let(:reply) do
+      Mongo::Protocol::Reply.new
+    end
+
+    let(:continue_token) do
+      BSON::Environment.jruby? ? BSON::Binary.new('testing') : 'testing'
+    end
+
+    context 'when the conversation is a success' do
+
+      let(:documents) do
+        [{
+          'conversationId' => 1,
+          'done' => false,
+          'payload' => continue_token,
+          'ok' => 1.0
+        }]
+      end
+
+      let(:query) do
+        conversation.finalize(reply)
+      end
+
+      let(:selector) do
+        query.selector
+      end
+
+      before do
+        expect(authenticator).to receive(:evaluate_challenge).
+          with('testing').and_return(continue_token)
+        reply.instance_variable_set(:@documents, documents)
+      end
+
+      it 'sets the conversation id' do
+        expect(selector[:conversationId]).to eq(1)
+      end
+
+      it 'sets the payload', unless: BSON::Environment.jruby? do
+        expect(selector[:payload]).to eq(continue_token)
+      end
+
+      it 'sets the payload', if: BSON::Environment.jruby? do
+        expect(selector[:payload].data).to eq(continue_token)
+      end
+
+      it 'sets the continue flag' do
+        expect(selector[:saslContinue]).to eq(1)
+      end
+    end
+
+    context 'when the auth failed' do
+
+      let(:documents) do
+        [{
+          'conversationId' => 1,
+          'done' => false,
+          'ok' => 0.0
+        }]
+      end
+
+      before do
+        reply.instance_variable_set(:@documents, documents)
+      end
+
+      it 'raises an error' do
+        expect {
+          conversation.finalize(reply)
+        }.to raise_error(Mongo::Auth::Unauthorized)
+      end
+    end
+  end
+end

data/spec/mongo/auth/kerberos/mri/authenticator_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe Mongo::Auth::Kerberos::Authenticator do
+
+  describe '#initialize' do
+
+    let(:user) do
+      Mongo::Auth::User.new(user: 'drivers@LDAPTEST.10GEN.CC')
+    end
+
+    let(:authenticator) do
+      described_class.new(user, '127.0.0.1')
+    end
+
+    let(:wrapped) do
+      authenticator.instance_variable_get(:@wrapped)
+    end
+
+    it 'wraps the c extension authenticator', unless: BSON::Environment.jruby? do
+      expect(wrapped).to be_a(Mongo::Auth::GSSAPIAuthenticator)
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,30 @@
+# Copyright (C) 2014 MongoDB Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
+
+if ENV["CI"] && !ENV["WITH_EXT"]
+  require "simplecov"
+  require "coveralls"
+  SimpleCov.formatter = Coveralls::SimpleCov::Formatter
+  SimpleCov.start do
+    add_filter "spec"
+  end
+end
+
+require "mongo_kerberos"
+require "rspec"
+
+# Dir["./spec/support/**/*.rb"].each { |file| require file }

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mongo_kerberos
 version: !ruby/object:Gem::Version
-  version: 1.12.5
+  version: 2.0.0.beta
 platform: ruby
 authors:
 - Emily Stolfo
@@ -13,7 +13,7 @@ cert_chain:
   -----BEGIN CERTIFICATE-----
   MIIDfDCCAmSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMRQwEgYDVQQDDAtkcml2
   ZXItcnVieTEVMBMGCgmSJomT8ixkARkWBTEwZ2VuMRMwEQYKCZImiZPyLGQBGRYD
-  Y29tMB4XDTE1MDMzMTA5NDIzNVoXDTE2MDMzMDA5NDIzNVowQjEUMBIGA1UEAwwL
+  Y29tMB4XDTE0MTEyMDE1NTYxOVoXDTE1MTEyMDE1NTYxOVowQjEUMBIGA1UEAwwL
   ZHJpdmVyLXJ1YnkxFTATBgoJkiaJk/IsZAEZFgUxMGdlbjETMBEGCgmSJomT8ixk
   ARkWA2NvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANFdSAa8fRm1
   bAM9za6Z0fAH4g02bqM1NGnw8zJQrE/PFrFfY6IFCT2AsLfOwr1maVm7iU1+kdVI
@@ -24,45 +24,57 @@ cert_chain:
   u8KAcPHm5KkCAwEAAaN9MHswCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0O
   BBYEFFt3WbF+9JpUjAoj62cQBgNb8HzXMCAGA1UdEQQZMBeBFWRyaXZlci1ydWJ5
   QDEwZ2VuLmNvbTAgBgNVHRIEGTAXgRVkcml2ZXItcnVieUAxMGdlbi5jb20wDQYJ
-  KoZIhvcNAQEFBQADggEBAH+jEbhVRjZke7ZgM3EjERSblLM8RtHZBczjQKuG0Eor
-  HUF/hyq7D+mz75Ch7K8m5NRwvppePbBV4lAF+DzuDGjh+V6cz4wNKaWWFIL8eNCY
-  F+0vDVtGok06CXnb2swHEtd1Z8zpQviJ3xpSGAvF88+glzvPQmCyA071kPUAmDvd
-  5og5x3Bv8IxaxmEpFndXhT3NHL/tOBeT9VJuJWMCxOXRCv4y9bBBTrxoRVuos59Z
-  XZOS48LlWh15EG4yZo/gRzqNAW2LUIkYA5eMS2Kp6r+KV8IBUO/LaHdrXbdilpa8
-  BRsuCo7UZDbFVRns04HLyjVvkj+K/ywIcdKdS0csz5M=
+  KoZIhvcNAQEFBQADggEBAKjvumG2Fy9zAoSc1OEcmAqqOfzx1U+isGyEsz1rs5eT
+  HAIHsxaEdZTjSwDuqyelLDWJHWspeWU5pV5lepfI4cop29wwoPJIJ9Az2RMMbtdv
+  gFApVb6QX61OMenFeOdJ/QZ3n9xcrxJZFdvrXQ5GjEU2anq3dJhFeESwIMlfVJC7
+  7XrlMxizzH712DPfy65dMj0Y39qHdoWYKeCkEoj5UWNcHRK9xgaHJR6prlXrIhgb
+  o2UXDbWtz5PqoFd8EgNJAn3+BG1pwC9S9pVFG3WPucfAx/bE8iq/vvchHei5Y/Vo
+  aAz5f/hY4zFeYWvGDBHYEXE1rTN2hhMSyJscPcFbmz0=
   -----END CERTIFICATE-----
-date: 2015-12-01 00:00:00.000000000 Z
+date: 2015-03-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mongo
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.12.5
+        version: 2.0.0.beta
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.12.5
-description: Adds kerberos authentication via libsasl to the MongoDB Ruby Driver on
+        version: 2.0.0.beta
+description: Adds Kerberos authentication via libsasl to the MongoDB Ruby Driver on
   MRI and JRuby
-email: mongodb-dev@googlegroups.com
+email:
+- mongodb-dev@googlegroups.com
 executables: []
 extensions:
-- ext/csasl/extconf.rb
+- ext/mongo/kerberos/extconf.rb
 extra_rdoc_files: []
 files:
+- CONTRIBUTING.md
 - LICENSE
-- VERSION
-- ext/csasl/csasl.c
-- ext/csasl/extconf.rb
+- NOTICE
+- README.md
+- Rakefile
+- ext/mongo/kerberos/extconf.rb
+- ext/mongo/kerberos/native.c
+- lib/mongo/auth/kerberos.rb
+- lib/mongo/auth/kerberos/conversation.rb
+- lib/mongo/auth/kerberos/jruby/authenticator.rb
+- lib/mongo/auth/kerberos/jsasl.jar
+- lib/mongo/auth/kerberos/mri/authenticator.rb
+- lib/mongo/auth/kerberos/native.bundle
+- lib/mongo/auth/kerberos/native.jar
+- lib/mongo/auth/kerberos/version.rb
 - lib/mongo_kerberos.rb
-- lib/mongo_kerberos/sasl_c.rb
-- lib/mongo_kerberos/sasl_java.rb
-- mongo_kerberos.gemspec
+- spec/mongo/auth/kerberos/conversation_spec.rb
+- spec/mongo/auth/kerberos/mri/authenticator_spec.rb
+- spec/spec_helper.rb
 homepage: http://www.mongodb.org
 licenses:
 - Apache License Version 2.0
@@ -75,17 +87,19 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.6
 requirements: []
 rubyforge_project: mongo_kerberos
-rubygems_version: 2.4.6
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: Kerberos authentication support for the MongoDB Ruby driver
-test_files: []
-has_rdoc: yard
+test_files:
+- spec/mongo/auth/kerberos/conversation_spec.rb
+- spec/mongo/auth/kerberos/mri/authenticator_spec.rb
+- spec/spec_helper.rb

data/VERSION

@@ -1 +0,0 @@
-1.12.5

data/lib/mongo_kerberos/sasl_c.rb

@@ -1,43 +0,0 @@
-# Copyright (C) 2009-2014 MongoDB, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-module Mongo
-  module Sasl
-    module GSSAPI
-
-      def self.authenticate(username, client, socket, opts={})
-        db           = client.db('$external')
-        hostname     = socket.pool.host
-        servicename  = opts[:service_name] || 'mongodb'
-        canonicalize = opts[:canonicalize_host_name] ? opts[:canonicalize_host_name] : false
-        username     += "@#{opts[:service_realm]}" if opts[:service_realm]
-        authenticator = Mongo::Sasl::GSSAPIAuthenticator.new(username, hostname, servicename, canonicalize)
-
-        return { } unless authenticator.valid?
-
-        token    = authenticator.initialize_challenge
-        cmd      = BSON::OrderedHash['saslStart', 1, 'mechanism', 'GSSAPI', 'payload', token, 'autoAuthorize', 1]
-        response = db.command(cmd, :check_response => false, :socket => socket)
-
-        until response['done'] do
-          break unless Support.ok?(response)
-          token    = authenticator.evaluate_challenge(response['payload'])
-          cmd      = BSON::OrderedHash['saslContinue', 1, 'conversationId', response['conversationId'], 'payload', token]
-          response = db.command(cmd, :check_response => false, :socket => socket)
-        end
-        response
-      end
-    end
-  end
-end

data/lib/mongo_kerberos/sasl_java.rb

@@ -1,52 +0,0 @@
-# Copyright (C) 2009-2014 MongoDB, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-require 'jruby'
-
-include Java
-
-jar_dir = File.expand_path(File.join(File.dirname(__FILE__), '../../ext/jsasl'))
-require File.join(jar_dir, 'target/jsasl.jar')
-
-module Mongo
-  module Sasl
-    module GSSAPI
-
-      def self.authenticate(username, client, socket, opts={})
-        db            = client.db('$external')
-        hostname      = socket.pool.host
-        servicename   = opts[:service_name] || 'mongodb'
-        username      += "@#{opts[:service_realm]}" if opts[:service_realm]
-        canonicalize  = opts[:canonicalize_host_name] ? opts[:canonicalize_host_name] : false
-
-        begin
-          authenticator = org.mongodb.sasl.GSSAPIAuthenticator.new(JRuby.runtime, username, hostname, servicename, canonicalize)
-          token         = BSON::Binary.new(authenticator.initialize_challenge)
-          cmd           = BSON::OrderedHash['saslStart', 1, 'mechanism', 'GSSAPI', 'payload', token, 'autoAuthorize', 1]
-          response      = db.command(cmd, :check_response => false, :socket => socket)
-
-          until response['done'] do
-            break unless Support.ok?(response)
-            token    = BSON::Binary.new(authenticator.evaluate_challenge(response['payload'].to_s))
-            cmd      = BSON::OrderedHash['saslContinue', 1, 'conversationId', response['conversationId'], 'payload', token]
-            response = db.command(cmd, :check_response => false, :socket => socket)
-          end
-          response
-        rescue Java::OrgMongodbSasl::MongoSecurityException
-          return { }
-        end
-      end
-    end
-  end
-end

data/mongo_kerberos.gemspec

@@ -1,35 +0,0 @@
-Gem::Specification.new do |s|
-  s.name = 'mongo_kerberos'
-  s.version = File.read(File.join(File.dirname(__FILE__), 'VERSION'))
-  s.platform = Gem::Platform::RUBY
-  s.authors = [ 'Emily Stolfo', 'Durran Jordan' ]
-  s.email = 'mongodb-dev@googlegroups.com'
-  s.homepage = 'http://www.mongodb.org'
-  s.summary = 'Kerberos authentication support for the MongoDB Ruby driver'
-  s.description = 'Adds kerberos authentication via libsasl to the MongoDB Ruby Driver on MRI and JRuby'
-  s.rubyforge_project = 'mongo_kerberos'
-  s.license = 'Apache License Version 2.0'
-
-  if File.exists?('gem-private_key.pem')
-    s.signing_key = 'gem-private_key.pem'
-    s.cert_chain  = ['gem-public_cert.pem']
-  else
-    warn 'Warning: No private key present, creating unsigned gem.'
-  end
-
-  s.files = [ 'mongo_kerberos.gemspec', 'LICENSE', 'VERSION' ]
-  s.files += [ 'lib/mongo_kerberos.rb' ]
-  s.files += Dir[ 'lib/mongo_kerberos/**/*.rb' ]
-
-  if RUBY_PLATFORM =~ /java/
-    s.platform = 'java'
-    s.files << 'ext/jsasl/target/jsasl.jar'
-  else
-    s.files += Dir.glob('ext/csasl/**/*.{c,h,rb}')
-    s.extensions = [ 'ext/csasl/extconf.rb' ]
-  end
-
-  s.add_dependency('mongo', "#{s.version}")
-  s.require_paths = ['lib']
-  s.has_rdoc = 'yard'
-end