mongo_kerberos 1.12.5-java → 2.0.0.beta-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/CONTRIBUTING.md +42 -0
- data/LICENSE +1 -1
- data/NOTICE +2 -0
- data/README.md +43 -0
- data/Rakefile +96 -0
- data/lib/mongo/auth/kerberos.rb +53 -0
- data/lib/mongo/auth/kerberos/conversation.rb +160 -0
- data/lib/mongo/auth/kerberos/jruby/authenticator.rb +53 -0
- data/{ext/jsasl/target → lib/mongo/auth/kerberos}/jsasl.jar +0 -0
- data/lib/mongo/auth/kerberos/mri/authenticator.rb +50 -0
- data/lib/mongo/auth/kerberos/native.bundle +0 -0
- data/lib/mongo/auth/kerberos/native.jar +0 -0
- data/lib/mongo/auth/kerberos/version.rb +23 -0
- data/lib/mongo_kerberos.rb +9 -25
- data/spec/mongo/auth/kerberos/conversation_spec.rb +131 -0
- data/spec/mongo/auth/kerberos/mri/authenticator_spec.rb +23 -0
- data/spec/spec_helper.rb +30 -0
- metadata +42 -28
- metadata.gz.sig +0 -0
- data/VERSION +0 -1
- data/lib/mongo_kerberos/sasl_c.rb +0 -43
- data/lib/mongo_kerberos/sasl_java.rb +0 -52
- data/mongo_kerberos.gemspec +0 -35
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0e24de2cf749c7b910ba00ac06bc770902c9f0d9
|
4
|
+
data.tar.gz: 49a7528188114ebb5d4dcc2dd3c86bde0c728216
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 20432d514d9d0ccdc1cd4fea3f26d5097e203cfb0bddd12f4be7dabde31385388989ae0832fc4358c4f50fd43390e12d0e68179b75231cd8aa02ffd2682e88db
|
7
|
+
data.tar.gz: 9da06f8806a88fd33bddb6727d79cd377814acf2b32463ef707d5d86c9340f4cebdde4647ada3fc8e910e724dd0c9a575ad10df558cb09f721a32eaa41b5da70
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
data/CONTRIBUTING.md
ADDED
@@ -0,0 +1,42 @@
|
|
1
|
+
Contributing
|
2
|
+
============
|
3
|
+
|
4
|
+
Code Conventions
|
5
|
+
----------------
|
6
|
+
|
7
|
+
Code style should fall in line with the style guide outlined by
|
8
|
+
[Github](https://github.com/styleguide/ruby)
|
9
|
+
|
10
|
+
Testing
|
11
|
+
-------
|
12
|
+
|
13
|
+
Bug fixes and new features should always have the appropriate specs, and the
|
14
|
+
specs should follow the following guidelines:
|
15
|
+
|
16
|
+
- Prefer `let` and `let!` over the use of instance variables and `subject`.
|
17
|
+
- Prefer `expect(...).to eq(...) syntax over `...should eq(...)`.
|
18
|
+
- Use shared examples to reduce duplication.
|
19
|
+
- Use `describe "#method"` for instance method specs.
|
20
|
+
- Use `describe ".method"` for class method specs.
|
21
|
+
- Use `context` blocks to set up conditions.
|
22
|
+
- Always provide descriptive specifications via `it`.
|
23
|
+
|
24
|
+
Specs can be automatically run with Guard, via `bundle exec guard`
|
25
|
+
|
26
|
+
Before commiting, run `rake` to ensure all specs pass with both pure Ruby and
|
27
|
+
the native extensions.
|
28
|
+
|
29
|
+
Git Etiquette
|
30
|
+
-------------
|
31
|
+
|
32
|
+
Please follow the commit message guidelines as outlined
|
33
|
+
[in this blog post](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
|
34
|
+
|
35
|
+
If the commit fixes a bug, please add the JIRA number on the last line:
|
36
|
+
|
37
|
+
```
|
38
|
+
[ close RUBY-492 ]
|
39
|
+
```
|
40
|
+
|
41
|
+
Please ensure that only one feature/bug fix is in each pull request, and
|
42
|
+
that it is squashed into a single commit.
|
data/LICENSE
CHANGED
@@ -175,7 +175,7 @@
|
|
175
175
|
|
176
176
|
END OF TERMS AND CONDITIONS
|
177
177
|
|
178
|
-
Copyright (C) 2008-
|
178
|
+
Copyright (C) 2008-2015 MongoDB, Inc.
|
179
179
|
|
180
180
|
Licensed under the Apache License, Version 2.0 (the "License");
|
181
181
|
you may not use this file except in compliance with the License.
|
data/NOTICE
ADDED
data/README.md
ADDED
@@ -0,0 +1,43 @@
|
|
1
|
+
Mongo Kerberos [![Build Status](https://secure.travis-ci.org/mongodb/mongo-ruby-kerberos.png?branch=master&.png)](http://travis-ci.org/mongodb/mongo-ruby-kerberos) [![Code Climate](https://codeclimate.com/github/mongodb/mongo-ruby-kerberos.png)](https://codeclimate.com/github/mongodb/mongo-ruby-kerberos) [![Coverage Status](https://coveralls.io/repos/mongodb/mongo-ruby-kerberos/badge.png?branch=master)](https://coveralls.io/r/mongodb/mongo-ruby-kerberos?branch=master)
|
2
|
+
====
|
3
|
+
|
4
|
+
Provides Kerberos authentication support to the Mongo Ruby Driver.
|
5
|
+
|
6
|
+
Compatibility
|
7
|
+
-------------
|
8
|
+
|
9
|
+
mongo_kerberos is tested against MRI (1.9.2+) and JRuby (1.7.0+)
|
10
|
+
|
11
|
+
Installation
|
12
|
+
------------
|
13
|
+
|
14
|
+
libsasl is a requirement to be able to install the mongo_kerberos gem. Please see the
|
15
|
+
[Cyrus documentation](http://cyrusimap.web.cmu.edu/docs/cyrus-sasl/2.1.25/) for more
|
16
|
+
information.
|
17
|
+
|
18
|
+
With bundler, add the `mongo_kerberos` gem to your `Gemfile`.
|
19
|
+
|
20
|
+
```ruby
|
21
|
+
gem "mongo_kerberos", "~> 2.0"
|
22
|
+
```
|
23
|
+
|
24
|
+
Require the `mongo_kerberos` gem in your application.
|
25
|
+
|
26
|
+
```ruby
|
27
|
+
require "mongo_kerberos"
|
28
|
+
```
|
29
|
+
|
30
|
+
Usage
|
31
|
+
-----
|
32
|
+
|
33
|
+
|
34
|
+
API Documentation
|
35
|
+
-----------------
|
36
|
+
|
37
|
+
The [API Documentation](http://rdoc.info/github/mongodb/mongo-ruby-kerberos/master/frames) is
|
38
|
+
located at rdoc.info.
|
39
|
+
|
40
|
+
Versioning
|
41
|
+
----------
|
42
|
+
|
43
|
+
As of 2.0.0, this project adheres to the [Semantic Versioning Specification](http://semver.org/).
|
data/Rakefile
ADDED
@@ -0,0 +1,96 @@
|
|
1
|
+
# Copyright (C) 2009-2013 MongoDB Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require "bundler"
|
16
|
+
Bundler.setup
|
17
|
+
|
18
|
+
$LOAD_PATH.unshift(File.expand_path("../lib", __FILE__))
|
19
|
+
|
20
|
+
require "rake"
|
21
|
+
require "rake/extensiontask"
|
22
|
+
require "rspec/core/rake_task"
|
23
|
+
|
24
|
+
def jruby?
|
25
|
+
defined?(JRUBY_VERSION)
|
26
|
+
end
|
27
|
+
|
28
|
+
if jruby?
|
29
|
+
require "rake/javaextensiontask"
|
30
|
+
Rake::JavaExtensionTask.new do |ext|
|
31
|
+
ext.name = "native"
|
32
|
+
ext.ext_dir = "src"
|
33
|
+
ext.lib_dir = "lib/mongo/auth/kerberos"
|
34
|
+
end
|
35
|
+
else
|
36
|
+
require "rake/extensiontask"
|
37
|
+
Rake::ExtensionTask.new do |ext|
|
38
|
+
ext.name = "native"
|
39
|
+
ext.ext_dir = "ext/mongo/kerberos"
|
40
|
+
ext.lib_dir = "lib/mongo/auth/kerberos"
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
require "mongo/auth/kerberos/version"
|
45
|
+
|
46
|
+
def extension
|
47
|
+
RUBY_PLATFORM =~ /darwin/ ? "bundle" : "so"
|
48
|
+
end
|
49
|
+
|
50
|
+
RSpec::Core::RakeTask.new(:rspec)
|
51
|
+
|
52
|
+
if jruby?
|
53
|
+
task :build => [ :clean_all, :compile ] do
|
54
|
+
system "gem build mongo_kerberos.gemspec"
|
55
|
+
end
|
56
|
+
else
|
57
|
+
task :build => :clean_all do
|
58
|
+
system "gem build mongo_kerberos.gemspec"
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
task :clean_all => :clean do
|
63
|
+
begin
|
64
|
+
Dir.chdir(Pathname(__FILE__).dirname + "lib") do
|
65
|
+
`rm native.#{extension}`
|
66
|
+
`rm native.o`
|
67
|
+
`rm native.jar`
|
68
|
+
end
|
69
|
+
rescue Exception => e
|
70
|
+
puts e.message
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
task :spec => :compile do
|
75
|
+
Rake::Task["rspec"].invoke
|
76
|
+
end
|
77
|
+
|
78
|
+
# Run bundle exec rake release with mri and jruby. Ex:
|
79
|
+
#
|
80
|
+
# rvm use 2.1.0@mongo_kerberos
|
81
|
+
# bundle exec rake release
|
82
|
+
# rvm use jruby@mongo_kerberos
|
83
|
+
# bundle exec rake release
|
84
|
+
task :release => :build do
|
85
|
+
system "git tag -a #{Mongo::Auth::Kerberos::VERSION} -m 'Tagging release: #{Mongo::Auth::Kerberos::VERSION}'"
|
86
|
+
system "git push --tags"
|
87
|
+
if jruby?
|
88
|
+
system "gem push mongo_kerberos-#{Mongo::Auth::Kerberos::VERSION}-java.gem"
|
89
|
+
system "rm mongo_kerberos-#{Mongo::Auth::Kerberos::VERSION}-java.gem"
|
90
|
+
else
|
91
|
+
system "gem push mongo_kerberos-#{Mongo::Auth::Kerberos::VERSION}.gem"
|
92
|
+
system "rm mongo_kerberos-#{Mongo::Auth::Kerberos::VERSION}.gem"
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
task :default => [ :clean_all, :spec ]
|
@@ -0,0 +1,53 @@
|
|
1
|
+
# Copyright (C) 2014-2015 MongoDB, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require 'mongo/auth/kerberos/conversation'
|
16
|
+
require 'mongo/auth/kerberos/version'
|
17
|
+
|
18
|
+
module Mongo
|
19
|
+
module Auth
|
20
|
+
|
21
|
+
# Defines behaviour for Kerberos authentication.
|
22
|
+
#
|
23
|
+
# @since 2.0.0
|
24
|
+
class Kerberos
|
25
|
+
include Executable
|
26
|
+
|
27
|
+
# The authentication mechinism string.
|
28
|
+
#
|
29
|
+
# @since 2.0.0
|
30
|
+
MECHANISM = 'GSSAPI'.freeze
|
31
|
+
|
32
|
+
# Log the user in on the given connection.
|
33
|
+
#
|
34
|
+
# @example Log the user in.
|
35
|
+
# user.login(connection)
|
36
|
+
#
|
37
|
+
# @param [ Mongo::Connection ] connection The connection to log into.
|
38
|
+
# on.
|
39
|
+
#
|
40
|
+
# @return [ Protocol::Reply ] The authentication response.
|
41
|
+
#
|
42
|
+
# @since 2.0.0
|
43
|
+
def login(connection)
|
44
|
+
conversation = Conversation.new(user, connection.address.host)
|
45
|
+
reply = connection.dispatch([ conversation.start ])
|
46
|
+
until reply.documents[0][Conversation::DONE]
|
47
|
+
reply = connection.dispatch([ conversation.finalize(reply) ])
|
48
|
+
end
|
49
|
+
reply
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
@@ -0,0 +1,160 @@
|
|
1
|
+
# Copyright (C) 2015 MongoDB Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
if BSON::Environment.jruby?
|
16
|
+
require 'mongo/auth/kerberos/jruby/authenticator'
|
17
|
+
else
|
18
|
+
require 'mongo/auth/kerberos/mri/authenticator'
|
19
|
+
end
|
20
|
+
|
21
|
+
module Mongo
|
22
|
+
module Auth
|
23
|
+
class Kerberos
|
24
|
+
|
25
|
+
# Defines behaviour around a single GSSAPI conversation between the
|
26
|
+
# client and server.
|
27
|
+
#
|
28
|
+
# @since 2.0.0
|
29
|
+
class Conversation
|
30
|
+
|
31
|
+
# The base client continue message.
|
32
|
+
#
|
33
|
+
# @since 2.0.0
|
34
|
+
CONTINUE_MESSAGE = { saslContinue: 1 }.freeze
|
35
|
+
|
36
|
+
# The key for the done field in the responses.
|
37
|
+
#
|
38
|
+
# @since 2.0.0
|
39
|
+
DONE = 'done'.freeze
|
40
|
+
|
41
|
+
# The conversation id field.
|
42
|
+
#
|
43
|
+
# @since 2.0.0
|
44
|
+
ID = 'conversationId'.freeze
|
45
|
+
|
46
|
+
# The payload field.
|
47
|
+
#
|
48
|
+
# @since 2.0.0
|
49
|
+
PAYLOAD = 'payload'.freeze
|
50
|
+
|
51
|
+
# The base client first message.
|
52
|
+
#
|
53
|
+
# @since 2.0.0
|
54
|
+
START_MESSAGE = { saslStart: 1, autoAuthorize: 1 }.freeze
|
55
|
+
|
56
|
+
# @return [ Protocol::Reply ] reply The current reply in the conversation.
|
57
|
+
attr_reader :reply
|
58
|
+
|
59
|
+
# @return [ Authenticator ] authenticator The native SASL authenticator.
|
60
|
+
attr_reader :authenticator
|
61
|
+
|
62
|
+
# @return [ Mongo::Auth::User ] user The user to authenticate.
|
63
|
+
attr_reader :user
|
64
|
+
|
65
|
+
# Finalize the conversation.
|
66
|
+
#
|
67
|
+
# @example Finalize the conversation.
|
68
|
+
# conversation.finalize(reply)
|
69
|
+
#
|
70
|
+
# @param [ Protocol::Reply ] reply The response from the server.
|
71
|
+
#
|
72
|
+
# @return [ Protocol::Query ] The next query to execute.
|
73
|
+
#
|
74
|
+
# @since 2.0.0
|
75
|
+
def finalize(reply)
|
76
|
+
validate!(reply)
|
77
|
+
Protocol::Query.new(
|
78
|
+
Auth::EXTERNAL,
|
79
|
+
Database::COMMAND,
|
80
|
+
CONTINUE_MESSAGE.merge(payload: continue_token, conversationId: id),
|
81
|
+
limit: -1
|
82
|
+
)
|
83
|
+
end
|
84
|
+
|
85
|
+
# Start the authentication conversation.
|
86
|
+
#
|
87
|
+
# @example Start the conversation.
|
88
|
+
# conversation.start
|
89
|
+
#
|
90
|
+
# @return [ Protocol::Query ] The command to execute.
|
91
|
+
#
|
92
|
+
# @since 2.0.0
|
93
|
+
def start
|
94
|
+
Protocol::Query.new(
|
95
|
+
Auth::EXTERNAL,
|
96
|
+
Database::COMMAND,
|
97
|
+
START_MESSAGE.merge(mechanism: Kerberos::MECHANISM, payload: start_token),
|
98
|
+
limit: -1
|
99
|
+
)
|
100
|
+
end
|
101
|
+
|
102
|
+
# Get the id of the conversation.
|
103
|
+
#
|
104
|
+
# @example Get the id of the conversation.
|
105
|
+
# conversation.id
|
106
|
+
#
|
107
|
+
# @return [ Integer ] The conversation id.
|
108
|
+
#
|
109
|
+
# @since 2.0.0
|
110
|
+
def id
|
111
|
+
reply.documents[0][ID]
|
112
|
+
end
|
113
|
+
|
114
|
+
# Create the new conversation.
|
115
|
+
#
|
116
|
+
# @example Create the new coversation.
|
117
|
+
# Conversation.new(user, 'test.example.com')
|
118
|
+
#
|
119
|
+
# @param [ Auth::User ] user The user to converse about.
|
120
|
+
# @param [ String ] host The host to talk to.
|
121
|
+
#
|
122
|
+
# @since 2.0.0
|
123
|
+
def initialize(user, host)
|
124
|
+
@user = user
|
125
|
+
@authenticator = Authenticator.new(user, host)
|
126
|
+
end
|
127
|
+
|
128
|
+
private
|
129
|
+
|
130
|
+
if BSON::Environment.jruby?
|
131
|
+
|
132
|
+
def start_token
|
133
|
+
BSON::Binary.new(authenticator.initialize_challenge)
|
134
|
+
end
|
135
|
+
|
136
|
+
def continue_token
|
137
|
+
payload = reply.documents[0][PAYLOAD]
|
138
|
+
BSON::Binary.new(authenticator.evaluate_challenge(payload.data))
|
139
|
+
end
|
140
|
+
else
|
141
|
+
|
142
|
+
def start_token
|
143
|
+
authenticator.initialize_challenge
|
144
|
+
end
|
145
|
+
|
146
|
+
def continue_token
|
147
|
+
authenticator.evaluate_challenge(reply.documents[0][PAYLOAD])
|
148
|
+
end
|
149
|
+
end
|
150
|
+
|
151
|
+
def validate!(reply)
|
152
|
+
unless reply.documents[0][Operation::Result::OK] == 1
|
153
|
+
raise Unauthorized.new(user)
|
154
|
+
end
|
155
|
+
@reply = reply
|
156
|
+
end
|
157
|
+
end
|
158
|
+
end
|
159
|
+
end
|
160
|
+
end
|
@@ -0,0 +1,53 @@
|
|
1
|
+
# Copyright (C) 2014 MongoDB, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require 'java'
|
16
|
+
require 'mongo/auth/kerberos/jsasl.jar'
|
17
|
+
require 'mongo/auth/kerberos/native.jar'
|
18
|
+
|
19
|
+
module Mongo
|
20
|
+
module Auth
|
21
|
+
class Kerberos
|
22
|
+
|
23
|
+
# Wraps authenticator construction for JRuby.
|
24
|
+
#
|
25
|
+
# @since 2.0.0
|
26
|
+
class Authenticator
|
27
|
+
extend Forwardable
|
28
|
+
|
29
|
+
# Delegate to the wrapped authenticator.
|
30
|
+
def_delegators :@wrapped, :initialize_challenge, :evaluate_challenge
|
31
|
+
|
32
|
+
# Crate the new authenticator.
|
33
|
+
#
|
34
|
+
# @example Create the authenticator.
|
35
|
+
# Authenticator.new(user, host)
|
36
|
+
#
|
37
|
+
# @param [ Mongo::Auth::User ] user The user.
|
38
|
+
# @param [ String ] host The host.
|
39
|
+
#
|
40
|
+
# @since 2.0.0
|
41
|
+
def initialize(user, host)
|
42
|
+
@wrapped = org.mongodb.sasl.GSSAPIAuthenticator.new(
|
43
|
+
JRuby.runtime,
|
44
|
+
user.name,
|
45
|
+
host,
|
46
|
+
user.auth_mech_properties[:service_name] || 'mongodb',
|
47
|
+
user.auth_mech_properties[:canonicalize_host_name] || false
|
48
|
+
)
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
File without changes
|
@@ -0,0 +1,50 @@
|
|
1
|
+
# Copyright (C) 2014 MongoDB, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require 'mongo/auth/kerberos/native'
|
16
|
+
|
17
|
+
module Mongo
|
18
|
+
module Auth
|
19
|
+
class Kerberos
|
20
|
+
|
21
|
+
# Wraps authenticator construction for MRI.
|
22
|
+
#
|
23
|
+
# @since 2.0.0
|
24
|
+
class Authenticator
|
25
|
+
extend Forwardable
|
26
|
+
|
27
|
+
# Delegate to the wrapped authenticator.
|
28
|
+
def_delegators :@wrapped, :initialize_challenge, :evaluate_challenge
|
29
|
+
|
30
|
+
# Crate the new authenticator.
|
31
|
+
#
|
32
|
+
# @example Create the authenticator.
|
33
|
+
# Authenticator.new(user, host)
|
34
|
+
#
|
35
|
+
# @param [ Mongo::Auth::User ] user The user.
|
36
|
+
# @param [ String ] host The host.
|
37
|
+
#
|
38
|
+
# @since 2.0.0
|
39
|
+
def initialize(user, host)
|
40
|
+
@wrapped = GSSAPIAuthenticator.new(
|
41
|
+
user.name,
|
42
|
+
host,
|
43
|
+
user.auth_mech_properties[:service_name] || 'mongodb',
|
44
|
+
user.auth_mech_properties[:canonicalize_host_name] || false
|
45
|
+
)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
Binary file
|
Binary file
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# Copyright (C) 2015 MongoDB, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
module Mongo
|
16
|
+
module Auth
|
17
|
+
class Kerberos
|
18
|
+
|
19
|
+
# The gem version number.
|
20
|
+
VERSION = '2.0.0.beta'.freeze
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
data/lib/mongo_kerberos.rb
CHANGED
@@ -4,7 +4,7 @@
|
|
4
4
|
# you may not use this file except in compliance with the License.
|
5
5
|
# You may obtain a copy of the License at
|
6
6
|
#
|
7
|
-
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
8
|
#
|
9
9
|
# Unless required by applicable law or agreed to in writing, software
|
10
10
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
@@ -12,30 +12,14 @@
|
|
12
12
|
# See the License for the specific language governing permissions and
|
13
13
|
# limitations under the License.
|
14
14
|
|
15
|
+
require 'forwardable'
|
15
16
|
require 'mongo'
|
17
|
+
require 'mongo/auth/kerberos'
|
16
18
|
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
require 'mongo_kerberos/sasl_c'
|
22
|
-
require "csasl/csasl"
|
23
|
-
end
|
24
|
-
end
|
25
|
-
|
26
|
-
module Mongo
|
27
|
-
module Authentication
|
28
|
-
|
29
|
-
private
|
19
|
+
# Add the Kerberos authentication mechanism.
|
20
|
+
#
|
21
|
+
# @since 2.0.0
|
22
|
+
Mongo::Auth::SOURCES[:gssapi] = Mongo::Auth::Kerberos
|
30
23
|
|
31
|
-
|
32
|
-
|
33
|
-
# @param auth [Hash] The authentication credentials to be used.
|
34
|
-
# @param opts [Hash] Hash of optional settings and configuration values.
|
35
|
-
#
|
36
|
-
# @private
|
37
|
-
def issue_gssapi(auth, opts={})
|
38
|
-
Mongo::Sasl::GSSAPI.authenticate(auth[:username], self, opts[:socket], auth[:extra] || {})
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
24
|
+
# @note Prevent any further modifications.
|
25
|
+
Mongo::Auth::SOURCES.freeze
|
@@ -0,0 +1,131 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Mongo::Auth::Kerberos::Conversation do
|
4
|
+
|
5
|
+
let(:user) do
|
6
|
+
Mongo::Auth::User.new(user: 'test')
|
7
|
+
end
|
8
|
+
|
9
|
+
let(:conversation) do
|
10
|
+
described_class.new(user, 'test.example.com')
|
11
|
+
end
|
12
|
+
|
13
|
+
let(:authenticator) do
|
14
|
+
double('authenticator')
|
15
|
+
end
|
16
|
+
|
17
|
+
before do
|
18
|
+
expect(Mongo::Auth::Kerberos::Authenticator).to receive(:new).
|
19
|
+
with(user, 'test.example.com').
|
20
|
+
and_return(authenticator)
|
21
|
+
end
|
22
|
+
|
23
|
+
describe '#start' do
|
24
|
+
|
25
|
+
let(:query) do
|
26
|
+
conversation.start
|
27
|
+
end
|
28
|
+
|
29
|
+
let(:selector) do
|
30
|
+
query.selector
|
31
|
+
end
|
32
|
+
|
33
|
+
before do
|
34
|
+
expect(authenticator).to receive(:initialize_challenge).and_return('test')
|
35
|
+
end
|
36
|
+
|
37
|
+
it 'sets the sasl start flag' do
|
38
|
+
expect(selector[:saslStart]).to eq(1)
|
39
|
+
end
|
40
|
+
|
41
|
+
it 'sets the auto authorize flag' do
|
42
|
+
expect(selector[:autoAuthorize]).to eq(1)
|
43
|
+
end
|
44
|
+
|
45
|
+
it 'sets the mechanism' do
|
46
|
+
expect(selector[:mechanism]).to eq('GSSAPI')
|
47
|
+
end
|
48
|
+
|
49
|
+
it 'sets the payload', unless: BSON::Environment.jruby? do
|
50
|
+
expect(selector[:payload]).to start_with('test')
|
51
|
+
end
|
52
|
+
|
53
|
+
it 'sets the payload', if: BSON::Environment.jruby? do
|
54
|
+
expect(selector[:payload].data).to start_with('test')
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
describe '#finalize' do
|
59
|
+
|
60
|
+
let(:reply) do
|
61
|
+
Mongo::Protocol::Reply.new
|
62
|
+
end
|
63
|
+
|
64
|
+
let(:continue_token) do
|
65
|
+
BSON::Environment.jruby? ? BSON::Binary.new('testing') : 'testing'
|
66
|
+
end
|
67
|
+
|
68
|
+
context 'when the conversation is a success' do
|
69
|
+
|
70
|
+
let(:documents) do
|
71
|
+
[{
|
72
|
+
'conversationId' => 1,
|
73
|
+
'done' => false,
|
74
|
+
'payload' => continue_token,
|
75
|
+
'ok' => 1.0
|
76
|
+
}]
|
77
|
+
end
|
78
|
+
|
79
|
+
let(:query) do
|
80
|
+
conversation.finalize(reply)
|
81
|
+
end
|
82
|
+
|
83
|
+
let(:selector) do
|
84
|
+
query.selector
|
85
|
+
end
|
86
|
+
|
87
|
+
before do
|
88
|
+
expect(authenticator).to receive(:evaluate_challenge).
|
89
|
+
with('testing').and_return(continue_token)
|
90
|
+
reply.instance_variable_set(:@documents, documents)
|
91
|
+
end
|
92
|
+
|
93
|
+
it 'sets the conversation id' do
|
94
|
+
expect(selector[:conversationId]).to eq(1)
|
95
|
+
end
|
96
|
+
|
97
|
+
it 'sets the payload', unless: BSON::Environment.jruby? do
|
98
|
+
expect(selector[:payload]).to eq(continue_token)
|
99
|
+
end
|
100
|
+
|
101
|
+
it 'sets the payload', if: BSON::Environment.jruby? do
|
102
|
+
expect(selector[:payload].data).to eq(continue_token)
|
103
|
+
end
|
104
|
+
|
105
|
+
it 'sets the continue flag' do
|
106
|
+
expect(selector[:saslContinue]).to eq(1)
|
107
|
+
end
|
108
|
+
end
|
109
|
+
|
110
|
+
context 'when the auth failed' do
|
111
|
+
|
112
|
+
let(:documents) do
|
113
|
+
[{
|
114
|
+
'conversationId' => 1,
|
115
|
+
'done' => false,
|
116
|
+
'ok' => 0.0
|
117
|
+
}]
|
118
|
+
end
|
119
|
+
|
120
|
+
before do
|
121
|
+
reply.instance_variable_set(:@documents, documents)
|
122
|
+
end
|
123
|
+
|
124
|
+
it 'raises an error' do
|
125
|
+
expect {
|
126
|
+
conversation.finalize(reply)
|
127
|
+
}.to raise_error(Mongo::Auth::Unauthorized)
|
128
|
+
end
|
129
|
+
end
|
130
|
+
end
|
131
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Mongo::Auth::Kerberos::Authenticator do
|
4
|
+
|
5
|
+
describe '#initialize' do
|
6
|
+
|
7
|
+
let(:user) do
|
8
|
+
Mongo::Auth::User.new(user: 'drivers@LDAPTEST.10GEN.CC')
|
9
|
+
end
|
10
|
+
|
11
|
+
let(:authenticator) do
|
12
|
+
described_class.new(user, '127.0.0.1')
|
13
|
+
end
|
14
|
+
|
15
|
+
let(:wrapped) do
|
16
|
+
authenticator.instance_variable_get(:@wrapped)
|
17
|
+
end
|
18
|
+
|
19
|
+
it 'wraps the c extension authenticator', unless: BSON::Environment.jruby? do
|
20
|
+
expect(wrapped).to be_a(Mongo::Auth::GSSAPIAuthenticator)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
# Copyright (C) 2014 MongoDB Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
$LOAD_PATH.unshift(File.dirname(__FILE__))
|
16
|
+
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
|
17
|
+
|
18
|
+
if ENV["CI"] && !ENV["WITH_EXT"]
|
19
|
+
require "simplecov"
|
20
|
+
require "coveralls"
|
21
|
+
SimpleCov.formatter = Coveralls::SimpleCov::Formatter
|
22
|
+
SimpleCov.start do
|
23
|
+
add_filter "spec"
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
require "mongo_kerberos"
|
28
|
+
require "rspec"
|
29
|
+
|
30
|
+
# Dir["./spec/support/**/*.rb"].each { |file| require file }
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: mongo_kerberos
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0.beta
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Emily Stolfo
|
@@ -13,7 +13,7 @@ cert_chain:
|
|
13
13
|
-----BEGIN CERTIFICATE-----
|
14
14
|
MIIDfDCCAmSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMRQwEgYDVQQDDAtkcml2
|
15
15
|
ZXItcnVieTEVMBMGCgmSJomT8ixkARkWBTEwZ2VuMRMwEQYKCZImiZPyLGQBGRYD
|
16
|
-
|
16
|
+
Y29tMB4XDTE0MTEyMDE1NTYxOVoXDTE1MTEyMDE1NTYxOVowQjEUMBIGA1UEAwwL
|
17
17
|
ZHJpdmVyLXJ1YnkxFTATBgoJkiaJk/IsZAEZFgUxMGdlbjETMBEGCgmSJomT8ixk
|
18
18
|
ARkWA2NvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANFdSAa8fRm1
|
19
19
|
bAM9za6Z0fAH4g02bqM1NGnw8zJQrE/PFrFfY6IFCT2AsLfOwr1maVm7iU1+kdVI
|
@@ -24,42 +24,53 @@ cert_chain:
|
|
24
24
|
u8KAcPHm5KkCAwEAAaN9MHswCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0O
|
25
25
|
BBYEFFt3WbF+9JpUjAoj62cQBgNb8HzXMCAGA1UdEQQZMBeBFWRyaXZlci1ydWJ5
|
26
26
|
QDEwZ2VuLmNvbTAgBgNVHRIEGTAXgRVkcml2ZXItcnVieUAxMGdlbi5jb20wDQYJ
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
27
|
+
KoZIhvcNAQEFBQADggEBAKjvumG2Fy9zAoSc1OEcmAqqOfzx1U+isGyEsz1rs5eT
|
28
|
+
HAIHsxaEdZTjSwDuqyelLDWJHWspeWU5pV5lepfI4cop29wwoPJIJ9Az2RMMbtdv
|
29
|
+
gFApVb6QX61OMenFeOdJ/QZ3n9xcrxJZFdvrXQ5GjEU2anq3dJhFeESwIMlfVJC7
|
30
|
+
7XrlMxizzH712DPfy65dMj0Y39qHdoWYKeCkEoj5UWNcHRK9xgaHJR6prlXrIhgb
|
31
|
+
o2UXDbWtz5PqoFd8EgNJAn3+BG1pwC9S9pVFG3WPucfAx/bE8iq/vvchHei5Y/Vo
|
32
|
+
aAz5f/hY4zFeYWvGDBHYEXE1rTN2hhMSyJscPcFbmz0=
|
33
33
|
-----END CERTIFICATE-----
|
34
|
-
date: 2015-
|
34
|
+
date: 2015-03-02 00:00:00.000000000 Z
|
35
35
|
dependencies:
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
|
+
name: mongo
|
38
|
+
version_requirements: !ruby/object:Gem::Requirement
|
39
|
+
requirements:
|
40
|
+
- - ~>
|
41
|
+
- !ruby/object:Gem::Version
|
42
|
+
version: 2.0.0.beta
|
37
43
|
requirement: !ruby/object:Gem::Requirement
|
38
44
|
requirements:
|
39
|
-
- -
|
45
|
+
- - ~>
|
40
46
|
- !ruby/object:Gem::Version
|
41
|
-
version:
|
42
|
-
name: mongo
|
47
|
+
version: 2.0.0.beta
|
43
48
|
prerelease: false
|
44
49
|
type: :runtime
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
- !ruby/object:Gem::Version
|
49
|
-
version: 1.12.5
|
50
|
-
description: Adds kerberos authentication via libsasl to the MongoDB Ruby Driver on MRI and JRuby
|
51
|
-
email: mongodb-dev@googlegroups.com
|
50
|
+
description: Adds Kerberos authentication via libsasl to the MongoDB Ruby Driver on MRI and JRuby
|
51
|
+
email:
|
52
|
+
- mongodb-dev@googlegroups.com
|
52
53
|
executables: []
|
53
54
|
extensions: []
|
54
55
|
extra_rdoc_files: []
|
55
56
|
files:
|
57
|
+
- CONTRIBUTING.md
|
56
58
|
- LICENSE
|
57
|
-
-
|
58
|
-
-
|
59
|
+
- NOTICE
|
60
|
+
- README.md
|
61
|
+
- Rakefile
|
59
62
|
- lib/mongo_kerberos.rb
|
60
|
-
- lib/
|
61
|
-
- lib/
|
62
|
-
-
|
63
|
+
- lib/mongo/auth/kerberos.rb
|
64
|
+
- lib/mongo/auth/kerberos/conversation.rb
|
65
|
+
- lib/mongo/auth/kerberos/jsasl.jar
|
66
|
+
- lib/mongo/auth/kerberos/native.bundle
|
67
|
+
- lib/mongo/auth/kerberos/native.jar
|
68
|
+
- lib/mongo/auth/kerberos/version.rb
|
69
|
+
- lib/mongo/auth/kerberos/jruby/authenticator.rb
|
70
|
+
- lib/mongo/auth/kerberos/mri/authenticator.rb
|
71
|
+
- spec/spec_helper.rb
|
72
|
+
- spec/mongo/auth/kerberos/conversation_spec.rb
|
73
|
+
- spec/mongo/auth/kerberos/mri/authenticator_spec.rb
|
63
74
|
homepage: http://www.mongodb.org
|
64
75
|
licenses:
|
65
76
|
- Apache License Version 2.0
|
@@ -72,16 +83,19 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
72
83
|
requirements:
|
73
84
|
- - '>='
|
74
85
|
- !ruby/object:Gem::Version
|
75
|
-
version:
|
86
|
+
version: 1.9.3
|
76
87
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
77
88
|
requirements:
|
78
89
|
- - '>='
|
79
90
|
- !ruby/object:Gem::Version
|
80
|
-
version:
|
91
|
+
version: 1.3.6
|
81
92
|
requirements: []
|
82
93
|
rubyforge_project: mongo_kerberos
|
83
|
-
rubygems_version: 2.
|
94
|
+
rubygems_version: 2.1.9
|
84
95
|
signing_key:
|
85
96
|
specification_version: 4
|
86
97
|
summary: Kerberos authentication support for the MongoDB Ruby driver
|
87
|
-
test_files:
|
98
|
+
test_files:
|
99
|
+
- spec/spec_helper.rb
|
100
|
+
- spec/mongo/auth/kerberos/conversation_spec.rb
|
101
|
+
- spec/mongo/auth/kerberos/mri/authenticator_spec.rb
|
metadata.gz.sig
CHANGED
Binary file
|
data/VERSION
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
1.12.5
|
@@ -1,43 +0,0 @@
|
|
1
|
-
# Copyright (C) 2009-2014 MongoDB, Inc.
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
|
15
|
-
module Mongo
|
16
|
-
module Sasl
|
17
|
-
module GSSAPI
|
18
|
-
|
19
|
-
def self.authenticate(username, client, socket, opts={})
|
20
|
-
db = client.db('$external')
|
21
|
-
hostname = socket.pool.host
|
22
|
-
servicename = opts[:service_name] || 'mongodb'
|
23
|
-
canonicalize = opts[:canonicalize_host_name] ? opts[:canonicalize_host_name] : false
|
24
|
-
username += "@#{opts[:service_realm]}" if opts[:service_realm]
|
25
|
-
authenticator = Mongo::Sasl::GSSAPIAuthenticator.new(username, hostname, servicename, canonicalize)
|
26
|
-
|
27
|
-
return { } unless authenticator.valid?
|
28
|
-
|
29
|
-
token = authenticator.initialize_challenge
|
30
|
-
cmd = BSON::OrderedHash['saslStart', 1, 'mechanism', 'GSSAPI', 'payload', token, 'autoAuthorize', 1]
|
31
|
-
response = db.command(cmd, :check_response => false, :socket => socket)
|
32
|
-
|
33
|
-
until response['done'] do
|
34
|
-
break unless Support.ok?(response)
|
35
|
-
token = authenticator.evaluate_challenge(response['payload'])
|
36
|
-
cmd = BSON::OrderedHash['saslContinue', 1, 'conversationId', response['conversationId'], 'payload', token]
|
37
|
-
response = db.command(cmd, :check_response => false, :socket => socket)
|
38
|
-
end
|
39
|
-
response
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
@@ -1,52 +0,0 @@
|
|
1
|
-
# Copyright (C) 2009-2014 MongoDB, Inc.
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
|
15
|
-
require 'jruby'
|
16
|
-
|
17
|
-
include Java
|
18
|
-
|
19
|
-
jar_dir = File.expand_path(File.join(File.dirname(__FILE__), '../../ext/jsasl'))
|
20
|
-
require File.join(jar_dir, 'target/jsasl.jar')
|
21
|
-
|
22
|
-
module Mongo
|
23
|
-
module Sasl
|
24
|
-
module GSSAPI
|
25
|
-
|
26
|
-
def self.authenticate(username, client, socket, opts={})
|
27
|
-
db = client.db('$external')
|
28
|
-
hostname = socket.pool.host
|
29
|
-
servicename = opts[:service_name] || 'mongodb'
|
30
|
-
username += "@#{opts[:service_realm]}" if opts[:service_realm]
|
31
|
-
canonicalize = opts[:canonicalize_host_name] ? opts[:canonicalize_host_name] : false
|
32
|
-
|
33
|
-
begin
|
34
|
-
authenticator = org.mongodb.sasl.GSSAPIAuthenticator.new(JRuby.runtime, username, hostname, servicename, canonicalize)
|
35
|
-
token = BSON::Binary.new(authenticator.initialize_challenge)
|
36
|
-
cmd = BSON::OrderedHash['saslStart', 1, 'mechanism', 'GSSAPI', 'payload', token, 'autoAuthorize', 1]
|
37
|
-
response = db.command(cmd, :check_response => false, :socket => socket)
|
38
|
-
|
39
|
-
until response['done'] do
|
40
|
-
break unless Support.ok?(response)
|
41
|
-
token = BSON::Binary.new(authenticator.evaluate_challenge(response['payload'].to_s))
|
42
|
-
cmd = BSON::OrderedHash['saslContinue', 1, 'conversationId', response['conversationId'], 'payload', token]
|
43
|
-
response = db.command(cmd, :check_response => false, :socket => socket)
|
44
|
-
end
|
45
|
-
response
|
46
|
-
rescue Java::OrgMongodbSasl::MongoSecurityException
|
47
|
-
return { }
|
48
|
-
end
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
52
|
-
end
|
data/mongo_kerberos.gemspec
DELETED
@@ -1,35 +0,0 @@
|
|
1
|
-
Gem::Specification.new do |s|
|
2
|
-
s.name = 'mongo_kerberos'
|
3
|
-
s.version = File.read(File.join(File.dirname(__FILE__), 'VERSION'))
|
4
|
-
s.platform = Gem::Platform::RUBY
|
5
|
-
s.authors = [ 'Emily Stolfo', 'Durran Jordan' ]
|
6
|
-
s.email = 'mongodb-dev@googlegroups.com'
|
7
|
-
s.homepage = 'http://www.mongodb.org'
|
8
|
-
s.summary = 'Kerberos authentication support for the MongoDB Ruby driver'
|
9
|
-
s.description = 'Adds kerberos authentication via libsasl to the MongoDB Ruby Driver on MRI and JRuby'
|
10
|
-
s.rubyforge_project = 'mongo_kerberos'
|
11
|
-
s.license = 'Apache License Version 2.0'
|
12
|
-
|
13
|
-
if File.exists?('gem-private_key.pem')
|
14
|
-
s.signing_key = 'gem-private_key.pem'
|
15
|
-
s.cert_chain = ['gem-public_cert.pem']
|
16
|
-
else
|
17
|
-
warn 'Warning: No private key present, creating unsigned gem.'
|
18
|
-
end
|
19
|
-
|
20
|
-
s.files = [ 'mongo_kerberos.gemspec', 'LICENSE', 'VERSION' ]
|
21
|
-
s.files += [ 'lib/mongo_kerberos.rb' ]
|
22
|
-
s.files += Dir[ 'lib/mongo_kerberos/**/*.rb' ]
|
23
|
-
|
24
|
-
if RUBY_PLATFORM =~ /java/
|
25
|
-
s.platform = 'java'
|
26
|
-
s.files << 'ext/jsasl/target/jsasl.jar'
|
27
|
-
else
|
28
|
-
s.files += Dir.glob('ext/csasl/**/*.{c,h,rb}')
|
29
|
-
s.extensions = [ 'ext/csasl/extconf.rb' ]
|
30
|
-
end
|
31
|
-
|
32
|
-
s.add_dependency('mongo', "#{s.version}")
|
33
|
-
s.require_paths = ['lib']
|
34
|
-
s.has_rdoc = 'yard'
|
35
|
-
end
|