mongo_kerberos 1.12.5 → 2.0.0.beta

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d979298212bcb5d6578b9159cf6ac64edb3a6850
4
- data.tar.gz: 023d477567b958541c4f5f079f310410c2529f6e
3
+ metadata.gz: 694a7be9f3d2f4e5b023a41185a5647365d8a74b
4
+ data.tar.gz: f965f509fbc58144270e0e996fccbf4b8c706fe2
5
5
  SHA512:
6
- metadata.gz: d1cace8d82858218466d2c2cfd3187d365b7cecb30f7cc773d7bc869a4a3e1d96d3867f406145fe522af1674ae9606acb38d142f86e5986c5e6243bf68683722
7
- data.tar.gz: fd451dfccc9f92fd1bf87f9809d5cc0fba291ea175ca8bbbf126de76fe0745e9f62a9259d65f9e47127964ddbd6c16ce7fb3f5c7ec7d3dd57d5060d5f395f61f
6
+ metadata.gz: 22481c83798b568a4717e64e315bdeac791936c9b090d32553ed28e3d191ccad537dbacc5c1bf9e83d375d8812fca806f2da7f5659c2e181e8488aa97ad9100f
7
+ data.tar.gz: f0364c77acbc3bf73d92deb3e5c7f1a48592ee8e15f37339aae4c271d9d2c284b1f96c09756301c1f39157a5cd98d6e1d499bdbbf69c442a416d8fccd1bafb54
checksums.yaml.gz.sig CHANGED
Binary file
data/CONTRIBUTING.md ADDED
@@ -0,0 +1,42 @@
1
+ Contributing
2
+ ============
3
+
4
+ Code Conventions
5
+ ----------------
6
+
7
+ Code style should fall in line with the style guide outlined by
8
+ [Github](https://github.com/styleguide/ruby)
9
+
10
+ Testing
11
+ -------
12
+
13
+ Bug fixes and new features should always have the appropriate specs, and the
14
+ specs should follow the following guidelines:
15
+
16
+ - Prefer `let` and `let!` over the use of instance variables and `subject`.
17
+ - Prefer `expect(...).to eq(...) syntax over `...should eq(...)`.
18
+ - Use shared examples to reduce duplication.
19
+ - Use `describe "#method"` for instance method specs.
20
+ - Use `describe ".method"` for class method specs.
21
+ - Use `context` blocks to set up conditions.
22
+ - Always provide descriptive specifications via `it`.
23
+
24
+ Specs can be automatically run with Guard, via `bundle exec guard`
25
+
26
+ Before commiting, run `rake` to ensure all specs pass with both pure Ruby and
27
+ the native extensions.
28
+
29
+ Git Etiquette
30
+ -------------
31
+
32
+ Please follow the commit message guidelines as outlined
33
+ [in this blog post](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
34
+
35
+ If the commit fixes a bug, please add the JIRA number on the last line:
36
+
37
+ ```
38
+ [ close RUBY-492 ]
39
+ ```
40
+
41
+ Please ensure that only one feature/bug fix is in each pull request, and
42
+ that it is squashed into a single commit.
data/LICENSE CHANGED
@@ -175,7 +175,7 @@
175
175
 
176
176
  END OF TERMS AND CONDITIONS
177
177
 
178
- Copyright (C) 2008-2013 MongoDB, Inc.
178
+ Copyright (C) 2008-2015 MongoDB, Inc.
179
179
 
180
180
  Licensed under the Apache License, Version 2.0 (the "License");
181
181
  you may not use this file except in compliance with the License.
data/NOTICE ADDED
@@ -0,0 +1,2 @@
1
+ Ruby Mongo Kerberos Support
2
+ Copyright (C) 2014-2015 MongoDB, Inc.
data/README.md ADDED
@@ -0,0 +1,43 @@
1
+ Mongo Kerberos [![Build Status](https://secure.travis-ci.org/mongodb/mongo-ruby-kerberos.png?branch=master&.png)](http://travis-ci.org/mongodb/mongo-ruby-kerberos) [![Code Climate](https://codeclimate.com/github/mongodb/mongo-ruby-kerberos.png)](https://codeclimate.com/github/mongodb/mongo-ruby-kerberos) [![Coverage Status](https://coveralls.io/repos/mongodb/mongo-ruby-kerberos/badge.png?branch=master)](https://coveralls.io/r/mongodb/mongo-ruby-kerberos?branch=master)
2
+ ====
3
+
4
+ Provides Kerberos authentication support to the Mongo Ruby Driver.
5
+
6
+ Compatibility
7
+ -------------
8
+
9
+ mongo_kerberos is tested against MRI (1.9.2+) and JRuby (1.7.0+)
10
+
11
+ Installation
12
+ ------------
13
+
14
+ libsasl is a requirement to be able to install the mongo_kerberos gem. Please see the
15
+ [Cyrus documentation](http://cyrusimap.web.cmu.edu/docs/cyrus-sasl/2.1.25/) for more
16
+ information.
17
+
18
+ With bundler, add the `mongo_kerberos` gem to your `Gemfile`.
19
+
20
+ ```ruby
21
+ gem "mongo_kerberos", "~> 2.0"
22
+ ```
23
+
24
+ Require the `mongo_kerberos` gem in your application.
25
+
26
+ ```ruby
27
+ require "mongo_kerberos"
28
+ ```
29
+
30
+ Usage
31
+ -----
32
+
33
+
34
+ API Documentation
35
+ -----------------
36
+
37
+ The [API Documentation](http://rdoc.info/github/mongodb/mongo-ruby-kerberos/master/frames) is
38
+ located at rdoc.info.
39
+
40
+ Versioning
41
+ ----------
42
+
43
+ As of 2.0.0, this project adheres to the [Semantic Versioning Specification](http://semver.org/).
data/Rakefile ADDED
@@ -0,0 +1,96 @@
1
+ # Copyright (C) 2009-2013 MongoDB Inc.
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ require "bundler"
16
+ Bundler.setup
17
+
18
+ $LOAD_PATH.unshift(File.expand_path("../lib", __FILE__))
19
+
20
+ require "rake"
21
+ require "rake/extensiontask"
22
+ require "rspec/core/rake_task"
23
+
24
+ def jruby?
25
+ defined?(JRUBY_VERSION)
26
+ end
27
+
28
+ if jruby?
29
+ require "rake/javaextensiontask"
30
+ Rake::JavaExtensionTask.new do |ext|
31
+ ext.name = "native"
32
+ ext.ext_dir = "src"
33
+ ext.lib_dir = "lib/mongo/auth/kerberos"
34
+ end
35
+ else
36
+ require "rake/extensiontask"
37
+ Rake::ExtensionTask.new do |ext|
38
+ ext.name = "native"
39
+ ext.ext_dir = "ext/mongo/kerberos"
40
+ ext.lib_dir = "lib/mongo/auth/kerberos"
41
+ end
42
+ end
43
+
44
+ require "mongo/auth/kerberos/version"
45
+
46
+ def extension
47
+ RUBY_PLATFORM =~ /darwin/ ? "bundle" : "so"
48
+ end
49
+
50
+ RSpec::Core::RakeTask.new(:rspec)
51
+
52
+ if jruby?
53
+ task :build => [ :clean_all, :compile ] do
54
+ system "gem build mongo_kerberos.gemspec"
55
+ end
56
+ else
57
+ task :build => :clean_all do
58
+ system "gem build mongo_kerberos.gemspec"
59
+ end
60
+ end
61
+
62
+ task :clean_all => :clean do
63
+ begin
64
+ Dir.chdir(Pathname(__FILE__).dirname + "lib") do
65
+ `rm native.#{extension}`
66
+ `rm native.o`
67
+ `rm native.jar`
68
+ end
69
+ rescue Exception => e
70
+ puts e.message
71
+ end
72
+ end
73
+
74
+ task :spec => :compile do
75
+ Rake::Task["rspec"].invoke
76
+ end
77
+
78
+ # Run bundle exec rake release with mri and jruby. Ex:
79
+ #
80
+ # rvm use 2.1.0@mongo_kerberos
81
+ # bundle exec rake release
82
+ # rvm use jruby@mongo_kerberos
83
+ # bundle exec rake release
84
+ task :release => :build do
85
+ system "git tag -a #{Mongo::Auth::Kerberos::VERSION} -m 'Tagging release: #{Mongo::Auth::Kerberos::VERSION}'"
86
+ system "git push --tags"
87
+ if jruby?
88
+ system "gem push mongo_kerberos-#{Mongo::Auth::Kerberos::VERSION}-java.gem"
89
+ system "rm mongo_kerberos-#{Mongo::Auth::Kerberos::VERSION}-java.gem"
90
+ else
91
+ system "gem push mongo_kerberos-#{Mongo::Auth::Kerberos::VERSION}.gem"
92
+ system "rm mongo_kerberos-#{Mongo::Auth::Kerberos::VERSION}.gem"
93
+ end
94
+ end
95
+
96
+ task :default => [ :clean_all, :spec ]
@@ -1,8 +1,7 @@
1
1
  require 'mkmf'
2
2
  find_header('sasl/sasl.h')
3
-
4
3
  if have_library('sasl2', 'sasl_version')
5
- create_makefile('csasl/csasl')
4
+ create_makefile('native')
6
5
  else
7
6
  abort "libsasl (cyrus sasl) is required in the system to install the mongo_kerberos gem."
8
7
  end
@@ -155,11 +155,11 @@ static VALUE evaluate_challenge(VALUE self, VALUE rb_payload) {
155
155
 
156
156
  VALUE c_GSSAPI_authenticator;
157
157
 
158
- void Init_csasl() {
159
- VALUE mongo, sasl;
158
+ void Init_native() {
159
+ VALUE mongo, auth;
160
160
  mongo = rb_const_get(rb_cObject, rb_intern("Mongo"));
161
- sasl = rb_const_get(mongo, rb_intern("Sasl"));
162
- c_GSSAPI_authenticator = rb_define_class_under(sasl, "GSSAPIAuthenticator", rb_cObject);
161
+ auth = rb_const_get(mongo, rb_intern("Auth"));
162
+ c_GSSAPI_authenticator = rb_define_class_under(auth, "GSSAPIAuthenticator", rb_cObject);
163
163
  rb_define_method(c_GSSAPI_authenticator, "initialize", a_init, 4);
164
164
  rb_define_method(c_GSSAPI_authenticator, "initialize_challenge", initialize_challenge, 0);
165
165
  rb_define_method(c_GSSAPI_authenticator, "evaluate_challenge", evaluate_challenge, 1);
@@ -0,0 +1,160 @@
1
+ # Copyright (C) 2015 MongoDB Inc.
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ if BSON::Environment.jruby?
16
+ require 'mongo/auth/kerberos/jruby/authenticator'
17
+ else
18
+ require 'mongo/auth/kerberos/mri/authenticator'
19
+ end
20
+
21
+ module Mongo
22
+ module Auth
23
+ class Kerberos
24
+
25
+ # Defines behaviour around a single GSSAPI conversation between the
26
+ # client and server.
27
+ #
28
+ # @since 2.0.0
29
+ class Conversation
30
+
31
+ # The base client continue message.
32
+ #
33
+ # @since 2.0.0
34
+ CONTINUE_MESSAGE = { saslContinue: 1 }.freeze
35
+
36
+ # The key for the done field in the responses.
37
+ #
38
+ # @since 2.0.0
39
+ DONE = 'done'.freeze
40
+
41
+ # The conversation id field.
42
+ #
43
+ # @since 2.0.0
44
+ ID = 'conversationId'.freeze
45
+
46
+ # The payload field.
47
+ #
48
+ # @since 2.0.0
49
+ PAYLOAD = 'payload'.freeze
50
+
51
+ # The base client first message.
52
+ #
53
+ # @since 2.0.0
54
+ START_MESSAGE = { saslStart: 1, autoAuthorize: 1 }.freeze
55
+
56
+ # @return [ Protocol::Reply ] reply The current reply in the conversation.
57
+ attr_reader :reply
58
+
59
+ # @return [ Authenticator ] authenticator The native SASL authenticator.
60
+ attr_reader :authenticator
61
+
62
+ # @return [ Mongo::Auth::User ] user The user to authenticate.
63
+ attr_reader :user
64
+
65
+ # Finalize the conversation.
66
+ #
67
+ # @example Finalize the conversation.
68
+ # conversation.finalize(reply)
69
+ #
70
+ # @param [ Protocol::Reply ] reply The response from the server.
71
+ #
72
+ # @return [ Protocol::Query ] The next query to execute.
73
+ #
74
+ # @since 2.0.0
75
+ def finalize(reply)
76
+ validate!(reply)
77
+ Protocol::Query.new(
78
+ Auth::EXTERNAL,
79
+ Database::COMMAND,
80
+ CONTINUE_MESSAGE.merge(payload: continue_token, conversationId: id),
81
+ limit: -1
82
+ )
83
+ end
84
+
85
+ # Start the authentication conversation.
86
+ #
87
+ # @example Start the conversation.
88
+ # conversation.start
89
+ #
90
+ # @return [ Protocol::Query ] The command to execute.
91
+ #
92
+ # @since 2.0.0
93
+ def start
94
+ Protocol::Query.new(
95
+ Auth::EXTERNAL,
96
+ Database::COMMAND,
97
+ START_MESSAGE.merge(mechanism: Kerberos::MECHANISM, payload: start_token),
98
+ limit: -1
99
+ )
100
+ end
101
+
102
+ # Get the id of the conversation.
103
+ #
104
+ # @example Get the id of the conversation.
105
+ # conversation.id
106
+ #
107
+ # @return [ Integer ] The conversation id.
108
+ #
109
+ # @since 2.0.0
110
+ def id
111
+ reply.documents[0][ID]
112
+ end
113
+
114
+ # Create the new conversation.
115
+ #
116
+ # @example Create the new coversation.
117
+ # Conversation.new(user, 'test.example.com')
118
+ #
119
+ # @param [ Auth::User ] user The user to converse about.
120
+ # @param [ String ] host The host to talk to.
121
+ #
122
+ # @since 2.0.0
123
+ def initialize(user, host)
124
+ @user = user
125
+ @authenticator = Authenticator.new(user, host)
126
+ end
127
+
128
+ private
129
+
130
+ if BSON::Environment.jruby?
131
+
132
+ def start_token
133
+ BSON::Binary.new(authenticator.initialize_challenge)
134
+ end
135
+
136
+ def continue_token
137
+ payload = reply.documents[0][PAYLOAD]
138
+ BSON::Binary.new(authenticator.evaluate_challenge(payload.data))
139
+ end
140
+ else
141
+
142
+ def start_token
143
+ authenticator.initialize_challenge
144
+ end
145
+
146
+ def continue_token
147
+ authenticator.evaluate_challenge(reply.documents[0][PAYLOAD])
148
+ end
149
+ end
150
+
151
+ def validate!(reply)
152
+ unless reply.documents[0][Operation::Result::OK] == 1
153
+ raise Unauthorized.new(user)
154
+ end
155
+ @reply = reply
156
+ end
157
+ end
158
+ end
159
+ end
160
+ end
@@ -0,0 +1,53 @@
1
+ # Copyright (C) 2014 MongoDB, Inc.
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ require 'java'
16
+ require 'mongo/auth/kerberos/jsasl.jar'
17
+ require 'mongo/auth/kerberos/native.jar'
18
+
19
+ module Mongo
20
+ module Auth
21
+ class Kerberos
22
+
23
+ # Wraps authenticator construction for JRuby.
24
+ #
25
+ # @since 2.0.0
26
+ class Authenticator
27
+ extend Forwardable
28
+
29
+ # Delegate to the wrapped authenticator.
30
+ def_delegators :@wrapped, :initialize_challenge, :evaluate_challenge
31
+
32
+ # Crate the new authenticator.
33
+ #
34
+ # @example Create the authenticator.
35
+ # Authenticator.new(user, host)
36
+ #
37
+ # @param [ Mongo::Auth::User ] user The user.
38
+ # @param [ String ] host The host.
39
+ #
40
+ # @since 2.0.0
41
+ def initialize(user, host)
42
+ @wrapped = org.mongodb.sasl.GSSAPIAuthenticator.new(
43
+ JRuby.runtime,
44
+ user.name,
45
+ host,
46
+ user.auth_mech_properties[:service_name] || 'mongodb',
47
+ user.auth_mech_properties[:canonicalize_host_name] || false
48
+ )
49
+ end
50
+ end
51
+ end
52
+ end
53
+ end
Binary file
@@ -0,0 +1,50 @@
1
+ # Copyright (C) 2014 MongoDB, Inc.
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ require 'mongo/auth/kerberos/native'
16
+
17
+ module Mongo
18
+ module Auth
19
+ class Kerberos
20
+
21
+ # Wraps authenticator construction for MRI.
22
+ #
23
+ # @since 2.0.0
24
+ class Authenticator
25
+ extend Forwardable
26
+
27
+ # Delegate to the wrapped authenticator.
28
+ def_delegators :@wrapped, :initialize_challenge, :evaluate_challenge
29
+
30
+ # Crate the new authenticator.
31
+ #
32
+ # @example Create the authenticator.
33
+ # Authenticator.new(user, host)
34
+ #
35
+ # @param [ Mongo::Auth::User ] user The user.
36
+ # @param [ String ] host The host.
37
+ #
38
+ # @since 2.0.0
39
+ def initialize(user, host)
40
+ @wrapped = GSSAPIAuthenticator.new(
41
+ user.name,
42
+ host,
43
+ user.auth_mech_properties[:service_name] || 'mongodb',
44
+ user.auth_mech_properties[:canonicalize_host_name] || false
45
+ )
46
+ end
47
+ end
48
+ end
49
+ end
50
+ end
Binary file
@@ -0,0 +1,23 @@
1
+ # Copyright (C) 2015 MongoDB, Inc.
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ module Mongo
16
+ module Auth
17
+ class Kerberos
18
+
19
+ # The gem version number.
20
+ VERSION = '2.0.0.beta'.freeze
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,53 @@
1
+ # Copyright (C) 2014-2015 MongoDB, Inc.
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ require 'mongo/auth/kerberos/conversation'
16
+ require 'mongo/auth/kerberos/version'
17
+
18
+ module Mongo
19
+ module Auth
20
+
21
+ # Defines behaviour for Kerberos authentication.
22
+ #
23
+ # @since 2.0.0
24
+ class Kerberos
25
+ include Executable
26
+
27
+ # The authentication mechinism string.
28
+ #
29
+ # @since 2.0.0
30
+ MECHANISM = 'GSSAPI'.freeze
31
+
32
+ # Log the user in on the given connection.
33
+ #
34
+ # @example Log the user in.
35
+ # user.login(connection)
36
+ #
37
+ # @param [ Mongo::Connection ] connection The connection to log into.
38
+ # on.
39
+ #
40
+ # @return [ Protocol::Reply ] The authentication response.
41
+ #
42
+ # @since 2.0.0
43
+ def login(connection)
44
+ conversation = Conversation.new(user, connection.address.host)
45
+ reply = connection.dispatch([ conversation.start ])
46
+ until reply.documents[0][Conversation::DONE]
47
+ reply = connection.dispatch([ conversation.finalize(reply) ])
48
+ end
49
+ reply
50
+ end
51
+ end
52
+ end
53
+ end
@@ -4,7 +4,7 @@
4
4
  # you may not use this file except in compliance with the License.
5
5
  # You may obtain a copy of the License at
6
6
  #
7
- # http://www.apache.org/licenses/LICENSE-2.0
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
8
  #
9
9
  # Unless required by applicable law or agreed to in writing, software
10
10
  # distributed under the License is distributed on an "AS IS" BASIS,
@@ -12,30 +12,14 @@
12
12
  # See the License for the specific language governing permissions and
13
13
  # limitations under the License.
14
14
 
15
+ require 'forwardable'
15
16
  require 'mongo'
17
+ require 'mongo/auth/kerberos'
16
18
 
17
- begin
18
- if RUBY_PLATFORM =~ /java/
19
- require 'mongo_kerberos/sasl_java'
20
- else
21
- require 'mongo_kerberos/sasl_c'
22
- require "csasl/csasl"
23
- end
24
- end
25
-
26
- module Mongo
27
- module Authentication
28
-
29
- private
19
+ # Add the Kerberos authentication mechanism.
20
+ #
21
+ # @since 2.0.0
22
+ Mongo::Auth::SOURCES[:gssapi] = Mongo::Auth::Kerberos
30
23
 
31
- # Handles issuing authentication commands for the GSSAPI auth mechanism.
32
- #
33
- # @param auth [Hash] The authentication credentials to be used.
34
- # @param opts [Hash] Hash of optional settings and configuration values.
35
- #
36
- # @private
37
- def issue_gssapi(auth, opts={})
38
- Mongo::Sasl::GSSAPI.authenticate(auth[:username], self, opts[:socket], auth[:extra] || {})
39
- end
40
- end
41
- end
24
+ # @note Prevent any further modifications.
25
+ Mongo::Auth::SOURCES.freeze
@@ -0,0 +1,131 @@
1
+ require 'spec_helper'
2
+
3
+ describe Mongo::Auth::Kerberos::Conversation do
4
+
5
+ let(:user) do
6
+ Mongo::Auth::User.new(user: 'test')
7
+ end
8
+
9
+ let(:conversation) do
10
+ described_class.new(user, 'test.example.com')
11
+ end
12
+
13
+ let(:authenticator) do
14
+ double('authenticator')
15
+ end
16
+
17
+ before do
18
+ expect(Mongo::Auth::Kerberos::Authenticator).to receive(:new).
19
+ with(user, 'test.example.com').
20
+ and_return(authenticator)
21
+ end
22
+
23
+ describe '#start' do
24
+
25
+ let(:query) do
26
+ conversation.start
27
+ end
28
+
29
+ let(:selector) do
30
+ query.selector
31
+ end
32
+
33
+ before do
34
+ expect(authenticator).to receive(:initialize_challenge).and_return('test')
35
+ end
36
+
37
+ it 'sets the sasl start flag' do
38
+ expect(selector[:saslStart]).to eq(1)
39
+ end
40
+
41
+ it 'sets the auto authorize flag' do
42
+ expect(selector[:autoAuthorize]).to eq(1)
43
+ end
44
+
45
+ it 'sets the mechanism' do
46
+ expect(selector[:mechanism]).to eq('GSSAPI')
47
+ end
48
+
49
+ it 'sets the payload', unless: BSON::Environment.jruby? do
50
+ expect(selector[:payload]).to start_with('test')
51
+ end
52
+
53
+ it 'sets the payload', if: BSON::Environment.jruby? do
54
+ expect(selector[:payload].data).to start_with('test')
55
+ end
56
+ end
57
+
58
+ describe '#finalize' do
59
+
60
+ let(:reply) do
61
+ Mongo::Protocol::Reply.new
62
+ end
63
+
64
+ let(:continue_token) do
65
+ BSON::Environment.jruby? ? BSON::Binary.new('testing') : 'testing'
66
+ end
67
+
68
+ context 'when the conversation is a success' do
69
+
70
+ let(:documents) do
71
+ [{
72
+ 'conversationId' => 1,
73
+ 'done' => false,
74
+ 'payload' => continue_token,
75
+ 'ok' => 1.0
76
+ }]
77
+ end
78
+
79
+ let(:query) do
80
+ conversation.finalize(reply)
81
+ end
82
+
83
+ let(:selector) do
84
+ query.selector
85
+ end
86
+
87
+ before do
88
+ expect(authenticator).to receive(:evaluate_challenge).
89
+ with('testing').and_return(continue_token)
90
+ reply.instance_variable_set(:@documents, documents)
91
+ end
92
+
93
+ it 'sets the conversation id' do
94
+ expect(selector[:conversationId]).to eq(1)
95
+ end
96
+
97
+ it 'sets the payload', unless: BSON::Environment.jruby? do
98
+ expect(selector[:payload]).to eq(continue_token)
99
+ end
100
+
101
+ it 'sets the payload', if: BSON::Environment.jruby? do
102
+ expect(selector[:payload].data).to eq(continue_token)
103
+ end
104
+
105
+ it 'sets the continue flag' do
106
+ expect(selector[:saslContinue]).to eq(1)
107
+ end
108
+ end
109
+
110
+ context 'when the auth failed' do
111
+
112
+ let(:documents) do
113
+ [{
114
+ 'conversationId' => 1,
115
+ 'done' => false,
116
+ 'ok' => 0.0
117
+ }]
118
+ end
119
+
120
+ before do
121
+ reply.instance_variable_set(:@documents, documents)
122
+ end
123
+
124
+ it 'raises an error' do
125
+ expect {
126
+ conversation.finalize(reply)
127
+ }.to raise_error(Mongo::Auth::Unauthorized)
128
+ end
129
+ end
130
+ end
131
+ end
@@ -0,0 +1,23 @@
1
+ require 'spec_helper'
2
+
3
+ describe Mongo::Auth::Kerberos::Authenticator do
4
+
5
+ describe '#initialize' do
6
+
7
+ let(:user) do
8
+ Mongo::Auth::User.new(user: 'drivers@LDAPTEST.10GEN.CC')
9
+ end
10
+
11
+ let(:authenticator) do
12
+ described_class.new(user, '127.0.0.1')
13
+ end
14
+
15
+ let(:wrapped) do
16
+ authenticator.instance_variable_get(:@wrapped)
17
+ end
18
+
19
+ it 'wraps the c extension authenticator', unless: BSON::Environment.jruby? do
20
+ expect(wrapped).to be_a(Mongo::Auth::GSSAPIAuthenticator)
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,30 @@
1
+ # Copyright (C) 2014 MongoDB Inc.
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
16
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
17
+
18
+ if ENV["CI"] && !ENV["WITH_EXT"]
19
+ require "simplecov"
20
+ require "coveralls"
21
+ SimpleCov.formatter = Coveralls::SimpleCov::Formatter
22
+ SimpleCov.start do
23
+ add_filter "spec"
24
+ end
25
+ end
26
+
27
+ require "mongo_kerberos"
28
+ require "rspec"
29
+
30
+ # Dir["./spec/support/**/*.rb"].each { |file| require file }
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mongo_kerberos
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.12.5
4
+ version: 2.0.0.beta
5
5
  platform: ruby
6
6
  authors:
7
7
  - Emily Stolfo
@@ -13,7 +13,7 @@ cert_chain:
13
13
  -----BEGIN CERTIFICATE-----
14
14
  MIIDfDCCAmSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMRQwEgYDVQQDDAtkcml2
15
15
  ZXItcnVieTEVMBMGCgmSJomT8ixkARkWBTEwZ2VuMRMwEQYKCZImiZPyLGQBGRYD
16
- Y29tMB4XDTE1MDMzMTA5NDIzNVoXDTE2MDMzMDA5NDIzNVowQjEUMBIGA1UEAwwL
16
+ Y29tMB4XDTE0MTEyMDE1NTYxOVoXDTE1MTEyMDE1NTYxOVowQjEUMBIGA1UEAwwL
17
17
  ZHJpdmVyLXJ1YnkxFTATBgoJkiaJk/IsZAEZFgUxMGdlbjETMBEGCgmSJomT8ixk
18
18
  ARkWA2NvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANFdSAa8fRm1
19
19
  bAM9za6Z0fAH4g02bqM1NGnw8zJQrE/PFrFfY6IFCT2AsLfOwr1maVm7iU1+kdVI
@@ -24,45 +24,57 @@ cert_chain:
24
24
  u8KAcPHm5KkCAwEAAaN9MHswCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0O
25
25
  BBYEFFt3WbF+9JpUjAoj62cQBgNb8HzXMCAGA1UdEQQZMBeBFWRyaXZlci1ydWJ5
26
26
  QDEwZ2VuLmNvbTAgBgNVHRIEGTAXgRVkcml2ZXItcnVieUAxMGdlbi5jb20wDQYJ
27
- KoZIhvcNAQEFBQADggEBAH+jEbhVRjZke7ZgM3EjERSblLM8RtHZBczjQKuG0Eor
28
- HUF/hyq7D+mz75Ch7K8m5NRwvppePbBV4lAF+DzuDGjh+V6cz4wNKaWWFIL8eNCY
29
- F+0vDVtGok06CXnb2swHEtd1Z8zpQviJ3xpSGAvF88+glzvPQmCyA071kPUAmDvd
30
- 5og5x3Bv8IxaxmEpFndXhT3NHL/tOBeT9VJuJWMCxOXRCv4y9bBBTrxoRVuos59Z
31
- XZOS48LlWh15EG4yZo/gRzqNAW2LUIkYA5eMS2Kp6r+KV8IBUO/LaHdrXbdilpa8
32
- BRsuCo7UZDbFVRns04HLyjVvkj+K/ywIcdKdS0csz5M=
27
+ KoZIhvcNAQEFBQADggEBAKjvumG2Fy9zAoSc1OEcmAqqOfzx1U+isGyEsz1rs5eT
28
+ HAIHsxaEdZTjSwDuqyelLDWJHWspeWU5pV5lepfI4cop29wwoPJIJ9Az2RMMbtdv
29
+ gFApVb6QX61OMenFeOdJ/QZ3n9xcrxJZFdvrXQ5GjEU2anq3dJhFeESwIMlfVJC7
30
+ 7XrlMxizzH712DPfy65dMj0Y39qHdoWYKeCkEoj5UWNcHRK9xgaHJR6prlXrIhgb
31
+ o2UXDbWtz5PqoFd8EgNJAn3+BG1pwC9S9pVFG3WPucfAx/bE8iq/vvchHei5Y/Vo
32
+ aAz5f/hY4zFeYWvGDBHYEXE1rTN2hhMSyJscPcFbmz0=
33
33
  -----END CERTIFICATE-----
34
- date: 2015-12-01 00:00:00.000000000 Z
34
+ date: 2015-03-02 00:00:00.000000000 Z
35
35
  dependencies:
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: mongo
38
38
  requirement: !ruby/object:Gem::Requirement
39
39
  requirements:
40
- - - '='
40
+ - - "~>"
41
41
  - !ruby/object:Gem::Version
42
- version: 1.12.5
42
+ version: 2.0.0.beta
43
43
  type: :runtime
44
44
  prerelease: false
45
45
  version_requirements: !ruby/object:Gem::Requirement
46
46
  requirements:
47
- - - '='
47
+ - - "~>"
48
48
  - !ruby/object:Gem::Version
49
- version: 1.12.5
50
- description: Adds kerberos authentication via libsasl to the MongoDB Ruby Driver on
49
+ version: 2.0.0.beta
50
+ description: Adds Kerberos authentication via libsasl to the MongoDB Ruby Driver on
51
51
  MRI and JRuby
52
- email: mongodb-dev@googlegroups.com
52
+ email:
53
+ - mongodb-dev@googlegroups.com
53
54
  executables: []
54
55
  extensions:
55
- - ext/csasl/extconf.rb
56
+ - ext/mongo/kerberos/extconf.rb
56
57
  extra_rdoc_files: []
57
58
  files:
59
+ - CONTRIBUTING.md
58
60
  - LICENSE
59
- - VERSION
60
- - ext/csasl/csasl.c
61
- - ext/csasl/extconf.rb
61
+ - NOTICE
62
+ - README.md
63
+ - Rakefile
64
+ - ext/mongo/kerberos/extconf.rb
65
+ - ext/mongo/kerberos/native.c
66
+ - lib/mongo/auth/kerberos.rb
67
+ - lib/mongo/auth/kerberos/conversation.rb
68
+ - lib/mongo/auth/kerberos/jruby/authenticator.rb
69
+ - lib/mongo/auth/kerberos/jsasl.jar
70
+ - lib/mongo/auth/kerberos/mri/authenticator.rb
71
+ - lib/mongo/auth/kerberos/native.bundle
72
+ - lib/mongo/auth/kerberos/native.jar
73
+ - lib/mongo/auth/kerberos/version.rb
62
74
  - lib/mongo_kerberos.rb
63
- - lib/mongo_kerberos/sasl_c.rb
64
- - lib/mongo_kerberos/sasl_java.rb
65
- - mongo_kerberos.gemspec
75
+ - spec/mongo/auth/kerberos/conversation_spec.rb
76
+ - spec/mongo/auth/kerberos/mri/authenticator_spec.rb
77
+ - spec/spec_helper.rb
66
78
  homepage: http://www.mongodb.org
67
79
  licenses:
68
80
  - Apache License Version 2.0
@@ -75,17 +87,19 @@ required_ruby_version: !ruby/object:Gem::Requirement
75
87
  requirements:
76
88
  - - ">="
77
89
  - !ruby/object:Gem::Version
78
- version: '0'
90
+ version: 1.9.3
79
91
  required_rubygems_version: !ruby/object:Gem::Requirement
80
92
  requirements:
81
93
  - - ">="
82
94
  - !ruby/object:Gem::Version
83
- version: '0'
95
+ version: 1.3.6
84
96
  requirements: []
85
97
  rubyforge_project: mongo_kerberos
86
- rubygems_version: 2.4.6
98
+ rubygems_version: 2.4.5
87
99
  signing_key:
88
100
  specification_version: 4
89
101
  summary: Kerberos authentication support for the MongoDB Ruby driver
90
- test_files: []
91
- has_rdoc: yard
102
+ test_files:
103
+ - spec/mongo/auth/kerberos/conversation_spec.rb
104
+ - spec/mongo/auth/kerberos/mri/authenticator_spec.rb
105
+ - spec/spec_helper.rb
metadata.gz.sig CHANGED
Binary file
data/VERSION DELETED
@@ -1 +0,0 @@
1
- 1.12.5
@@ -1,43 +0,0 @@
1
- # Copyright (C) 2009-2014 MongoDB, Inc.
2
- #
3
- # Licensed under the Apache License, Version 2.0 (the "License");
4
- # you may not use this file except in compliance with the License.
5
- # You may obtain a copy of the License at
6
- #
7
- # http://www.apache.org/licenses/LICENSE-2.0
8
- #
9
- # Unless required by applicable law or agreed to in writing, software
10
- # distributed under the License is distributed on an "AS IS" BASIS,
11
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
- # See the License for the specific language governing permissions and
13
- # limitations under the License.
14
-
15
- module Mongo
16
- module Sasl
17
- module GSSAPI
18
-
19
- def self.authenticate(username, client, socket, opts={})
20
- db = client.db('$external')
21
- hostname = socket.pool.host
22
- servicename = opts[:service_name] || 'mongodb'
23
- canonicalize = opts[:canonicalize_host_name] ? opts[:canonicalize_host_name] : false
24
- username += "@#{opts[:service_realm]}" if opts[:service_realm]
25
- authenticator = Mongo::Sasl::GSSAPIAuthenticator.new(username, hostname, servicename, canonicalize)
26
-
27
- return { } unless authenticator.valid?
28
-
29
- token = authenticator.initialize_challenge
30
- cmd = BSON::OrderedHash['saslStart', 1, 'mechanism', 'GSSAPI', 'payload', token, 'autoAuthorize', 1]
31
- response = db.command(cmd, :check_response => false, :socket => socket)
32
-
33
- until response['done'] do
34
- break unless Support.ok?(response)
35
- token = authenticator.evaluate_challenge(response['payload'])
36
- cmd = BSON::OrderedHash['saslContinue', 1, 'conversationId', response['conversationId'], 'payload', token]
37
- response = db.command(cmd, :check_response => false, :socket => socket)
38
- end
39
- response
40
- end
41
- end
42
- end
43
- end
@@ -1,52 +0,0 @@
1
- # Copyright (C) 2009-2014 MongoDB, Inc.
2
- #
3
- # Licensed under the Apache License, Version 2.0 (the "License");
4
- # you may not use this file except in compliance with the License.
5
- # You may obtain a copy of the License at
6
- #
7
- # http://www.apache.org/licenses/LICENSE-2.0
8
- #
9
- # Unless required by applicable law or agreed to in writing, software
10
- # distributed under the License is distributed on an "AS IS" BASIS,
11
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
- # See the License for the specific language governing permissions and
13
- # limitations under the License.
14
-
15
- require 'jruby'
16
-
17
- include Java
18
-
19
- jar_dir = File.expand_path(File.join(File.dirname(__FILE__), '../../ext/jsasl'))
20
- require File.join(jar_dir, 'target/jsasl.jar')
21
-
22
- module Mongo
23
- module Sasl
24
- module GSSAPI
25
-
26
- def self.authenticate(username, client, socket, opts={})
27
- db = client.db('$external')
28
- hostname = socket.pool.host
29
- servicename = opts[:service_name] || 'mongodb'
30
- username += "@#{opts[:service_realm]}" if opts[:service_realm]
31
- canonicalize = opts[:canonicalize_host_name] ? opts[:canonicalize_host_name] : false
32
-
33
- begin
34
- authenticator = org.mongodb.sasl.GSSAPIAuthenticator.new(JRuby.runtime, username, hostname, servicename, canonicalize)
35
- token = BSON::Binary.new(authenticator.initialize_challenge)
36
- cmd = BSON::OrderedHash['saslStart', 1, 'mechanism', 'GSSAPI', 'payload', token, 'autoAuthorize', 1]
37
- response = db.command(cmd, :check_response => false, :socket => socket)
38
-
39
- until response['done'] do
40
- break unless Support.ok?(response)
41
- token = BSON::Binary.new(authenticator.evaluate_challenge(response['payload'].to_s))
42
- cmd = BSON::OrderedHash['saslContinue', 1, 'conversationId', response['conversationId'], 'payload', token]
43
- response = db.command(cmd, :check_response => false, :socket => socket)
44
- end
45
- response
46
- rescue Java::OrgMongodbSasl::MongoSecurityException
47
- return { }
48
- end
49
- end
50
- end
51
- end
52
- end
@@ -1,35 +0,0 @@
1
- Gem::Specification.new do |s|
2
- s.name = 'mongo_kerberos'
3
- s.version = File.read(File.join(File.dirname(__FILE__), 'VERSION'))
4
- s.platform = Gem::Platform::RUBY
5
- s.authors = [ 'Emily Stolfo', 'Durran Jordan' ]
6
- s.email = 'mongodb-dev@googlegroups.com'
7
- s.homepage = 'http://www.mongodb.org'
8
- s.summary = 'Kerberos authentication support for the MongoDB Ruby driver'
9
- s.description = 'Adds kerberos authentication via libsasl to the MongoDB Ruby Driver on MRI and JRuby'
10
- s.rubyforge_project = 'mongo_kerberos'
11
- s.license = 'Apache License Version 2.0'
12
-
13
- if File.exists?('gem-private_key.pem')
14
- s.signing_key = 'gem-private_key.pem'
15
- s.cert_chain = ['gem-public_cert.pem']
16
- else
17
- warn 'Warning: No private key present, creating unsigned gem.'
18
- end
19
-
20
- s.files = [ 'mongo_kerberos.gemspec', 'LICENSE', 'VERSION' ]
21
- s.files += [ 'lib/mongo_kerberos.rb' ]
22
- s.files += Dir[ 'lib/mongo_kerberos/**/*.rb' ]
23
-
24
- if RUBY_PLATFORM =~ /java/
25
- s.platform = 'java'
26
- s.files << 'ext/jsasl/target/jsasl.jar'
27
- else
28
- s.files += Dir.glob('ext/csasl/**/*.{c,h,rb}')
29
- s.extensions = [ 'ext/csasl/extconf.rb' ]
30
- end
31
-
32
- s.add_dependency('mongo', "#{s.version}")
33
- s.require_paths = ['lib']
34
- s.has_rdoc = 'yard'
35
- end