mongo_kerberos 2.0.0 → 2.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: ee9a349ff716b92f980bcac496566f266bd94247
-  data.tar.gz: 400120da9cc60b7eba94cfe16af095d5b159537f
+SHA256:
+  metadata.gz: 0e6ada2e4a0ddcaf0c1bb4c4a64ca232977bfaca7cd70116179d93dd48852975
+  data.tar.gz: ff2b0390d7937b433e0a8c2fed0f8823ec290b542f01b7c54bc7e2f241af5854
 SHA512:
-  metadata.gz: 9ce6868631cc3f3d67e43f37a33b2e0be688d6f505643ea42bbc09a5982bd87b26fa34bea2567307ea17067f10e4355ccc6d57408c7d54bdb8309d81f0f510f8
-  data.tar.gz: f81f226ba51bd02577d651b310220e546cba4cd0ea2b9ffd68af26f49dba09296f1e31e7e7b5b245932b259ac52631a6ed858d1aaa28f18f4d12ce6ef628de25
+  metadata.gz: 2b93ad2ab566e16181b640217af56ef0e9d865230250bd673b10191b518f613c4b6aad07654650ab721c0a6a9807ac7de92e94d6a7a73fe5577d211158c631e6
+  data.tar.gz: 13cb346db91f3a813a97c3612a5f43650db61993f6390128398c98942f7e6b709f1df178ef4e4bac181fa32f1474048fdc0c8c4408e7ad0a936a9ba74bec4c0e

checksums.yaml.gz.sig

@@ -1 +1 @@
-��o��[=��*rDg���8�� ����S
�`���OX|�D���Q%Z��56
+Y:.=��1��ڌm����5�J�7W��{��}�&6���y.AO��K0cm;�[����,�Cvs����J�Sg�2���EuGZǮϙ��5��4��Jq��ll�n�v�S��c#��ά���O����V*ԏe���fo

data/README.md

@@ -1,15 +1,21 @@
-Mongo Kerberos [![Build Status](https://secure.travis-ci.org/mongodb/mongo-ruby-kerberos.png?branch=master&.png)](http://travis-ci.org/mongodb/mongo-ruby-kerberos) [![Code Climate](https://codeclimate.com/github/mongodb/mongo-ruby-kerberos.png)](https://codeclimate.com/github/mongodb/mongo-ruby-kerberos) [![Coverage Status](https://coveralls.io/repos/mongodb/mongo-ruby-kerberos/badge.png?branch=master)](https://coveralls.io/r/mongodb/mongo-ruby-kerberos?branch=master)
-====
+# Mongo Kerberos [![Build Status](https://secure.travis-ci.org/mongodb/mongo-ruby-kerberos.png?branch=master&.png)](http://travis-ci.org/mongodb/mongo-ruby-kerberos) [![Code Climate](https://codeclimate.com/github/mongodb/mongo-ruby-kerberos.png)](https://codeclimate.com/github/mongodb/mongo-ruby-kerberos) [![Coverage Status](https://coveralls.io/repos/mongodb/mongo-ruby-kerberos/badge.png?branch=master)](https://coveralls.io/r/mongodb/mongo-ruby-kerberos?branch=master)
 
 Provides Kerberos authentication support to the Mongo Ruby Driver.
 
-Compatibility
--------------
 
-mongo_kerberos is tested against MRI (1.9.2+) and JRuby (1.7.0+)
+## Compatibility
 
-Installation
-------------
+mongo_kerberos is tested against MRI (1.9.3+) and JRuby (9.1+).
+
+### JRuby
+
+In order to work with Kerberos TGTs that are in the system cache (e.g. obtained with `kinit`), the
+JRuby extension sets the JVM system property "sun.security.jgss.native" to "true". Note that any
+other use of the JGSS library will also be affected by this setting, meaning that any TGTs in the
+system cache will be available for obtaining Kerberos credentials as well.
+
+
+## Installation
 
 libsasl is a requirement to be able to install the mongo_kerberos gem. Please see the
 [Cyrus documentation](http://cyrusimap.web.cmu.edu/docs/cyrus-sasl/2.1.25/) for more
@@ -18,7 +24,7 @@ information.
 With bundler, add the `mongo_kerberos` gem to your `Gemfile`.
 
 ```ruby
-gem "mongo_kerberos", "~> 2.0"
+gem "mongo_kerberos", "~> 2.1"
 ```
 
 Require the `mongo_kerberos` gem in your application.
@@ -27,17 +33,13 @@ Require the `mongo_kerberos` gem in your application.
 require "mongo_kerberos"
 ```
 
-Usage
------
-
 
-API Documentation
------------------
+## API Documentation
 
 The [API Documentation](http://rdoc.info/github/mongodb/mongo-ruby-kerberos/master/frames) is
 located at rdoc.info.
 
-Versioning
-----------
+## Versioning
 
-As of 2.0.0, this project adheres to the [Semantic Versioning Specification](http://semver.org/).
+As of 2.1.0, this project adheres to the
+[Semantic Versioning Specification](http://semver.org/).

data/Rakefile

@@ -35,9 +35,9 @@ if jruby?
 else
   require "rake/extensiontask"
   Rake::ExtensionTask.new do |ext|
-    ext.name = "native"
-    ext.ext_dir = "ext/mongo/kerberos"
-    ext.lib_dir = "lib/mongo/auth/kerberos"
+    ext.name = "mongo_kerberos_native"
+    ext.ext_dir = "ext/mongo_kerberos"
+    ext.lib_dir = "lib"
   end
 end
 
@@ -62,9 +62,11 @@ end
 task :clean_all => :clean do
   begin
     Dir.chdir(Pathname(__FILE__).dirname + "lib") do
-      `rm native.#{extension}`
-      `rm native.o`
-      `rm native.jar`
+      ["o", extension, "jar"].each do |e|
+         Dir.glob(File.join("**", "*.#{e}")).each do |f|
+          `rm #{f}`
+        end
+      end
     end
   rescue Exception => e
     puts e.message
@@ -94,3 +96,15 @@ task :release => :build do
 end
 
 task :default => [ :clean_all, :spec ]
+
+desc "Generate all documentation"
+task :docs => 'docs:yard'
+
+namespace :docs do
+  desc "Generate yard documention"
+  task :yard do
+    out = File.join('yard-docs', Mongo::Auth::Kerberos::VERSION)
+    FileUtils.rm_rf(out)
+    system "yardoc -o #{out} --title mongo-ruby-kerberos-#{Mongo::Auth::Kerberos::VERSION}"
+  end
+end

data/ext/{mongo/kerberos → mongo_kerberos}/extconf.rb

@@ -1,7 +1,7 @@
 require 'mkmf'
 find_header('sasl/sasl.h')
 if have_library('sasl2', 'sasl_version')
-  create_makefile('native')
+  create_makefile('mongo_kerberos_native')
 else
   abort "libsasl (cyrus sasl) is required in the system to install the mongo_kerberos gem."
 end

data/ext/{mongo/kerberos/native.c → mongo_kerberos/mongo_kerberos_native.c}

@@ -18,8 +18,14 @@
 
 static void mongo_sasl_conn_free(void* data) {
   sasl_conn_t *conn = (sasl_conn_t*) data;
-  // Ideally we would use sasl_client_done() but that's only available as of cyrus sasl 2.1.25
-  if(conn) sasl_done();
+  if (conn) {
+    sasl_dispose(&conn);
+    /* We do not set connection to NULL in the Ruby object. */
+    /* This is probably fine because this method is supposed to be called */
+    /* when the Ruby object is being garbage collected. */
+    /* Plus, we don't have the Ruby object reference here to do anything */
+    /* with it. */
+  }
 }
 
 static sasl_conn_t* mongo_sasl_context(VALUE self) {
@@ -104,7 +110,14 @@ static VALUE initialize_challenge(VALUE self) {
   }
 
   context = Data_Wrap_Struct(rb_cObject, NULL, mongo_sasl_conn_free, conn);
+  /* I'm guessing ruby raises on out of memory condition rather than */
+  /* returns NULL, hence no error checking is needed here? */
+  
+  /* from now on context owns conn */
+  /* since mongo_sasl_conn_free cleans up conn, we should NOT call */
+  /* sasl_dispose any more in this function. */
   rb_iv_set(self, "@context", context);
+  RB_GC_GUARD(context);
 
   result = sasl_client_start(conn, mechanism_list, NULL, &raw_payload, &raw_payload_len, &mechanism_selected);
   if (is_sasl_failure(result)) {
@@ -115,7 +128,9 @@ static VALUE initialize_challenge(VALUE self) {
     return Qfalse;
   }
 
-  result = sasl_encode64(raw_payload, raw_payload_len, encoded_payload, sizeof(encoded_payload), &encoded_payload_len);
+  /* cyrus-sasl considers `outmax` (fourth argument) to include the null */
+  /* terminator, but this is not documented. Be defensive and exclude it. */
+  result = sasl_encode64(raw_payload, raw_payload_len, encoded_payload, sizeof(encoded_payload)-1, &encoded_payload_len);
   if (is_sasl_failure(result)) {
     return Qfalse;
   }
@@ -135,17 +150,17 @@ static VALUE evaluate_challenge(VALUE self, VALUE rb_payload) {
   step_payload = RSTRING_PTR(rb_payload);
   step_payload_len = (int)RSTRING_LEN(rb_payload);
 
-  result = sasl_decode64(step_payload, step_payload_len, base_payload, sizeof(base_payload), &base_payload_len);
+  result = sasl_decode64(step_payload, step_payload_len, base_payload, sizeof(base_payload)-1, &base_payload_len);
   if (is_sasl_failure(result)) {
     return Qfalse;
   }
 
   result = sasl_client_step(conn, base_payload, base_payload_len, NULL, &out, &outlen);
   if (is_sasl_failure(result)) {
-  	return Qfalse;
+    return Qfalse;
   }
 
-  result = sasl_encode64(out, outlen, payload, sizeof(payload), &payload_len);
+  result = sasl_encode64(out, outlen, payload, sizeof(payload)-1, &payload_len);
   if (is_sasl_failure(result)) {
     return Qfalse;
   }
@@ -155,7 +170,7 @@ static VALUE evaluate_challenge(VALUE self, VALUE rb_payload) {
 
 VALUE c_GSSAPI_authenticator;
 
-void Init_native() {
+void Init_mongo_kerberos_native() {
   VALUE mongo, auth;
   mongo = rb_const_get(rb_cObject, rb_intern("Mongo"));
   auth = rb_const_get(mongo, rb_intern("Auth"));

data/lib/mongo/auth/kerberos/conversation.rb

@@ -113,7 +113,7 @@ module Mongo
 
         # Create the new conversation.
         #
-        # @example Create the new coversation.
+        # @example Create the new conversation.
         #   Conversation.new(user, 'test.example.com')
         #
         # @param [ Auth::User ] user The user to converse about.

data/lib/mongo/auth/kerberos/jruby/authenticator.rb

@@ -13,7 +13,6 @@
 # limitations under the License.
 
 require 'java'
-require 'mongo/auth/kerberos/jsasl.jar'
 require 'mongo/auth/kerberos/native.jar'
 
 module Mongo

data/lib/mongo/auth/kerberos/mri/authenticator.rb

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'mongo/auth/kerberos/native'
+require 'mongo_kerberos_native'
 
 module Mongo
   module Auth

data/lib/mongo/auth/kerberos/version.rb

@@ -17,7 +17,7 @@ module Mongo
     class Kerberos
 
       # The gem version number.
-      VERSION = '2.0.0'.freeze
+      VERSION = '2.1.1'.freeze
     end
   end
 end

data/lib/mongo/auth/kerberos.rb

@@ -22,13 +22,24 @@ module Mongo
     #
     # @since 2.0.0
     class Kerberos
-      include Executable
 
-      # The authentication mechinism string.
+      # The authentication mechanism string.
       #
       # @since 2.0.0
       MECHANISM = 'GSSAPI'.freeze
 
+      # Instantiate a new authenticator.
+      #
+      # example Create the authenticator.
+      #   Mongo::Auth::Kerberos.new(user)
+      #
+      # @param [ Mongo::Auth::User ] user The user to authenticate.
+      #
+      # @since 2.0.1
+      def initialize(user)
+        @user = user
+      end
+
       # Log the user in on the given connection.
       #
       # @example Log the user in.
@@ -41,10 +52,12 @@ module Mongo
       #
       # @since 2.0.0
       def login(connection)
-        conversation = Conversation.new(user, connection.address.host)
+        conversation = Conversation.new(@user, connection.address.host)
         reply = connection.dispatch([ conversation.start ])
+        connection.update_cluster_time(Operation::Result.new(reply))
         until reply.documents[0][Conversation::DONE]
           reply = connection.dispatch([ conversation.finalize(reply) ])
+          connection.update_cluster_time(Operation::Result.new(reply))
         end
         reply
       end

data/spec/mongo/auth/kerberos/conversation_spec.rb

@@ -20,6 +20,17 @@ describe Mongo::Auth::Kerberos::Conversation do
       and_return(authenticator)
   end
 
+  context 'when the user has a realm', if: RUBY_PLATFORM == 'java' do
+
+    let(:user) do
+      Mongo::Auth::User.new(user: 'user1@MYREALM.ME')
+    end
+
+    it 'includes the realm in the username as it was provided' do
+      expect(conversation.user.name).to eq(user.name)
+    end
+  end
+
   describe '#start' do
 
     let(:query) do

metadata

@@ -1,37 +1,42 @@
 --- !ruby/object:Gem::Specification
 name: mongo_kerberos
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.1.1
 platform: ruby
 authors:
 - Emily Stolfo
 - Durran Jordan
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain:
 - |
   -----BEGIN CERTIFICATE-----
-  MIIDfDCCAmSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMRQwEgYDVQQDDAtkcml2
-  ZXItcnVieTEVMBMGCgmSJomT8ixkARkWBTEwZ2VuMRMwEQYKCZImiZPyLGQBGRYD
-  Y29tMB4XDTE0MTEyMDE1NTYxOVoXDTE1MTEyMDE1NTYxOVowQjEUMBIGA1UEAwwL
-  ZHJpdmVyLXJ1YnkxFTATBgoJkiaJk/IsZAEZFgUxMGdlbjETMBEGCgmSJomT8ixk
-  ARkWA2NvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANFdSAa8fRm1
-  bAM9za6Z0fAH4g02bqM1NGnw8zJQrE/PFrFfY6IFCT2AsLfOwr1maVm7iU1+kdVI
-  IQ+iI/9+E+ArJ+rbGV3dDPQ+SLl3mLT+vXjfjcxMqI2IW6UuVtt2U3Rxd4QU0kdT
-  JxmcPYs5fDN6BgYc6XXgUjy3m+Kwha2pGctdciUOwEfOZ4RmNRlEZKCMLRHdFP8j
-  4WTnJSGfXDiuoXICJb5yOPOZPuaapPSNXp93QkUdsqdKC32I+KMpKKYGBQ6yisfA
-  5MyVPPCzLR1lP5qXVGJPnOqUAkvEUfCahg7EP9tI20qxiXrR6TSEraYhIFXL0EGY
-  u8KAcPHm5KkCAwEAAaN9MHswCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0O
-  BBYEFFt3WbF+9JpUjAoj62cQBgNb8HzXMCAGA1UdEQQZMBeBFWRyaXZlci1ydWJ5
-  QDEwZ2VuLmNvbTAgBgNVHRIEGTAXgRVkcml2ZXItcnVieUAxMGdlbi5jb20wDQYJ
-  KoZIhvcNAQEFBQADggEBAKjvumG2Fy9zAoSc1OEcmAqqOfzx1U+isGyEsz1rs5eT
-  HAIHsxaEdZTjSwDuqyelLDWJHWspeWU5pV5lepfI4cop29wwoPJIJ9Az2RMMbtdv
-  gFApVb6QX61OMenFeOdJ/QZ3n9xcrxJZFdvrXQ5GjEU2anq3dJhFeESwIMlfVJC7
-  7XrlMxizzH712DPfy65dMj0Y39qHdoWYKeCkEoj5UWNcHRK9xgaHJR6prlXrIhgb
-  o2UXDbWtz5PqoFd8EgNJAn3+BG1pwC9S9pVFG3WPucfAx/bE8iq/vvchHei5Y/Vo
-  aAz5f/hY4zFeYWvGDBHYEXE1rTN2hhMSyJscPcFbmz0=
+  MIIEeDCCAuCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBBMREwDwYDVQQDDAhkYngt
+  cnVieTEXMBUGCgmSJomT8ixkARkWB21vbmdvZGIxEzARBgoJkiaJk/IsZAEZFgNj
+  b20wHhcNMjMwMTMxMTE1NjM1WhcNMjQwMTMxMTE1NjM1WjBBMREwDwYDVQQDDAhk
+  YngtcnVieTEXMBUGCgmSJomT8ixkARkWB21vbmdvZGIxEzARBgoJkiaJk/IsZAEZ
+  FgNjb20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC0/Veq9l47cTfX
+  tQ+kHq2NOCwJuJGt1iXWQ/vH/yp7pZ/bLej7gPDl2CfIngAXRjM7r1FkR9ya7VAm
+  IneBFcVU3HhpIXWi4ByXGjBOXFD1Dfbz4C4zedIWRk/hNzXa+rQY4KPwpOwG/hZg
+  id+rSXWSbNlkyN97XfonweVh7JsIa9X/2JY9ADYjhCfEZF+b0+Wl7+jgwzLWb46I
+  0WH0bZBIZ0BbKAwUXIgvq5mQf9PzukmMVYCwnkJ/P4wrHO22HuwnbMyvJuGjVwqi
+  j1NRp/2vjmKBFWxIfhlSXEIiqAmeEVNXzhPvTVeyo+rma+7R3Bo+4WHkcnPpXJJZ
+  Jd63qXMvTB0GplEcMJPztWhrJOmcxIOVoQyigEPSQT8JpzFVXby4SGioizv2eT7l
+  VYSiCHuc3yEDyq5M+98WGX2etbj6esYtzI3rDevpIAHPB6HQmtoJIA4dSl3gjFb+
+  D+YQSuB2qYu021FI9zeY9sbZyWysEXBxhwrmTk+XUV0qz+OQZkMCAwEAAaN7MHkw
+  CQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFH4nnr4tYlatU57RbExW
+  jG86YM5nMB8GA1UdEQQYMBaBFGRieC1ydWJ5QG1vbmdvZGIuY29tMB8GA1UdEgQY
+  MBaBFGRieC1ydWJ5QG1vbmdvZGIuY29tMA0GCSqGSIb3DQEBCwUAA4IBgQAVSlgM
+  nFDWCCNLOCqG5/Lj4U62XoALkdCI+OZ30+WrA8qiRLSL9ZEziVK9AV7ylez+sriQ
+  m8XKZKsCN5ON4+zXw1S+6Ftz/R4zDg7nTb9Wgw8ibzsoiP6e4pRW3Fls3ZdaG4pW
+  +qMTbae9OiSrgI2bxNTII+v+1FcbQjOlMu8HPZ3ZfXnurXPgN5GxSyyclZI1QONO
+  HbUoKHRirZu0F7JCvQQq4EkSuLWPplRJfYEeJIYm05zhhFeEyqea2B/TTlCtXa42
+  84vxXsxGzumuO8F2Q9m6/p95sNhqCp0B/SkKXIrRGJ7FBzupoORNRXHviS2OC3ty
+  4lwUzOlLTF/yO0wwYYfmtQOALQwKnW838vbYthMXvTjxB0EgVZ5PKto99WbjsXzy
+  wkeAWhd5b+5JS0zgDL4SvGB8/W2IY+y0zELkojBMgJPyrpAWHL/WSsSBMuhyI2Pv
+  xxaBVLklnJJ/qCCOZ3lG2MyVc/Nb0Mmq8ygWNsfwHmKKYuuWcviit0D0Tek=
   -----END CERTIFICATE-----
-date: 2015-03-25 00:00:00.000000000 Z
+date: 2023-06-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mongo
@@ -39,21 +44,21 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: '2.0'
 description: Adds Kerberos authentication via libsasl to the MongoDB Ruby Driver on
   MRI and JRuby
 email:
 - mongodb-dev@googlegroups.com
 executables: []
 extensions:
-- ext/mongo/kerberos/extconf.rb
+- ext/mongo_kerberos/extconf.rb
 extra_rdoc_files: []
 files:
 - CONTRIBUTING.md
@@ -61,15 +66,12 @@ files:
 - NOTICE
 - README.md
 - Rakefile
-- ext/mongo/kerberos/extconf.rb
-- ext/mongo/kerberos/native.c
+- ext/mongo_kerberos/extconf.rb
+- ext/mongo_kerberos/mongo_kerberos_native.c
 - lib/mongo/auth/kerberos.rb
 - lib/mongo/auth/kerberos/conversation.rb
 - lib/mongo/auth/kerberos/jruby/authenticator.rb
-- lib/mongo/auth/kerberos/jsasl.jar
 - lib/mongo/auth/kerberos/mri/authenticator.rb
-- lib/mongo/auth/kerberos/native.bundle
-- lib/mongo/auth/kerberos/native.jar
 - lib/mongo/auth/kerberos/version.rb
 - lib/mongo_kerberos.rb
 - spec/mongo/auth/kerberos/conversation_spec.rb
@@ -79,7 +81,7 @@ homepage: http://www.mongodb.org
 licenses:
 - Apache License Version 2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -94,9 +96,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
-rubyforge_project: mongo_kerberos
-rubygems_version: 2.2.2
-signing_key: 
+rubygems_version: 3.4.12
+signing_key:
 specification_version: 4
 summary: Kerberos authentication support for the MongoDB Ruby driver
 test_files: