mongo_kerberos 2.0.0 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: ee9a349ff716b92f980bcac496566f266bd94247
-  data.tar.gz: 400120da9cc60b7eba94cfe16af095d5b159537f
+SHA256:
+  metadata.gz: 4f0c261a895c98efee67485fede02fe284e0ed01b75ba0dd1f1fa7b5ba9c07c7
+  data.tar.gz: f66c7b985d7a29325f8e04f8e29394e919f9b7fa1bd7734bd39aba23eb2dbed8
 SHA512:
-  metadata.gz: 9ce6868631cc3f3d67e43f37a33b2e0be688d6f505643ea42bbc09a5982bd87b26fa34bea2567307ea17067f10e4355ccc6d57408c7d54bdb8309d81f0f510f8
-  data.tar.gz: f81f226ba51bd02577d651b310220e546cba4cd0ea2b9ffd68af26f49dba09296f1e31e7e7b5b245932b259ac52631a6ed858d1aaa28f18f4d12ce6ef628de25
+  metadata.gz: f76cb875dab48b38fa290585ef9e5ad15fd22b199ac913bc175557be26e6ba89ec916f093c0effd4edb21bcd6389d63ff73e4c4ea1edb2d51c7325d9c0d7b0b9
+  data.tar.gz: 0b8d5ea7c0b2fbb4bb7fcff78b2809e178bd3bbe70c948995e65db4fb9e77acd5122c3a737f2b15ba448fb8dbc24eda60ecd34a707be7e3f66955e19ed7395b2

data/README.md

@@ -1,15 +1,21 @@
-Mongo Kerberos [![Build Status](https://secure.travis-ci.org/mongodb/mongo-ruby-kerberos.png?branch=master&.png)](http://travis-ci.org/mongodb/mongo-ruby-kerberos) [![Code Climate](https://codeclimate.com/github/mongodb/mongo-ruby-kerberos.png)](https://codeclimate.com/github/mongodb/mongo-ruby-kerberos) [![Coverage Status](https://coveralls.io/repos/mongodb/mongo-ruby-kerberos/badge.png?branch=master)](https://coveralls.io/r/mongodb/mongo-ruby-kerberos?branch=master)
-====
+# Mongo Kerberos [![Build Status](https://secure.travis-ci.org/mongodb/mongo-ruby-kerberos.png?branch=master&.png)](http://travis-ci.org/mongodb/mongo-ruby-kerberos) [![Code Climate](https://codeclimate.com/github/mongodb/mongo-ruby-kerberos.png)](https://codeclimate.com/github/mongodb/mongo-ruby-kerberos) [![Coverage Status](https://coveralls.io/repos/mongodb/mongo-ruby-kerberos/badge.png?branch=master)](https://coveralls.io/r/mongodb/mongo-ruby-kerberos?branch=master)
 
 Provides Kerberos authentication support to the Mongo Ruby Driver.
 
-Compatibility
--------------
 
-mongo_kerberos is tested against MRI (1.9.2+) and JRuby (1.7.0+)
+## Compatibility
 
-Installation
-------------
+mongo_kerberos is tested against MRI (1.9.3+) and JRuby (9.1+).
+
+### JRuby
+
+In order to work with Kerberos TGTs that are in the system cache (e.g. obtained with `kinit`), the
+JRuby extension sets the JVM system property "sun.security.jgss.native" to "true". Note that any
+other use of the JGSS library will also be affected by this setting, meaning that any TGTs in the
+system cache will be available for obtaining Kerberos credentials as well.
+
+
+## Installation
 
 libsasl is a requirement to be able to install the mongo_kerberos gem. Please see the
 [Cyrus documentation](http://cyrusimap.web.cmu.edu/docs/cyrus-sasl/2.1.25/) for more
@@ -18,7 +24,7 @@ information.
 With bundler, add the `mongo_kerberos` gem to your `Gemfile`.
 
 ```ruby
-gem "mongo_kerberos", "~> 2.0"
+gem "mongo_kerberos", "~> 2.1"
 ```
 
 Require the `mongo_kerberos` gem in your application.
@@ -27,17 +33,13 @@ Require the `mongo_kerberos` gem in your application.
 require "mongo_kerberos"
 ```
 
-Usage
------
-
 
-API Documentation
------------------
+## API Documentation
 
 The [API Documentation](http://rdoc.info/github/mongodb/mongo-ruby-kerberos/master/frames) is
 located at rdoc.info.
 
-Versioning
-----------
+## Versioning
 
-As of 2.0.0, this project adheres to the [Semantic Versioning Specification](http://semver.org/).
+As of 2.1.0, this project adheres to the
+[Semantic Versioning Specification](http://semver.org/).

data/Rakefile

@@ -35,9 +35,9 @@ if jruby?
 else
   require "rake/extensiontask"
   Rake::ExtensionTask.new do |ext|
-    ext.name = "native"
-    ext.ext_dir = "ext/mongo/kerberos"
-    ext.lib_dir = "lib/mongo/auth/kerberos"
+    ext.name = "mongo_kerberos_native"
+    ext.ext_dir = "ext/mongo_kerberos"
+    ext.lib_dir = "lib"
   end
 end
 
@@ -62,9 +62,11 @@ end
 task :clean_all => :clean do
   begin
     Dir.chdir(Pathname(__FILE__).dirname + "lib") do
-      `rm native.#{extension}`
-      `rm native.o`
-      `rm native.jar`
+      ["o", extension, "jar"].each do |e|
+         Dir.glob(File.join("**", "*.#{e}")).each do |f|
+          `rm #{f}`
+        end
+      end
     end
   rescue Exception => e
     puts e.message
@@ -94,3 +96,15 @@ task :release => :build do
 end
 
 task :default => [ :clean_all, :spec ]
+
+desc "Generate all documentation"
+task :docs => 'docs:yard'
+
+namespace :docs do
+  desc "Generate yard documention"
+  task :yard do
+    out = File.join('yard-docs', Mongo::Auth::Kerberos::VERSION)
+    FileUtils.rm_rf(out)
+    system "yardoc -o #{out} --title mongo-ruby-kerberos-#{Mongo::Auth::Kerberos::VERSION}"
+  end
+end

data/ext/{mongo/kerberos → mongo_kerberos}/extconf.rb

@@ -1,7 +1,7 @@
 require 'mkmf'
 find_header('sasl/sasl.h')
 if have_library('sasl2', 'sasl_version')
-  create_makefile('native')
+  create_makefile('mongo_kerberos_native')
 else
   abort "libsasl (cyrus sasl) is required in the system to install the mongo_kerberos gem."
 end

data/ext/{mongo/kerberos/native.c → mongo_kerberos/mongo_kerberos_native.c}

@@ -18,8 +18,14 @@
 
 static void mongo_sasl_conn_free(void* data) {
   sasl_conn_t *conn = (sasl_conn_t*) data;
-  // Ideally we would use sasl_client_done() but that's only available as of cyrus sasl 2.1.25
-  if(conn) sasl_done();
+  if (conn) {
+    sasl_dispose(&conn);
+    /* We do not set connection to NULL in the Ruby object. */
+    /* This is probably fine because this method is supposed to be called */
+    /* when the Ruby object is being garbage collected. */
+    /* Plus, we don't have the Ruby object reference here to do anything */
+    /* with it. */
+  }
 }
 
 static sasl_conn_t* mongo_sasl_context(VALUE self) {
@@ -104,7 +110,14 @@ static VALUE initialize_challenge(VALUE self) {
   }
 
   context = Data_Wrap_Struct(rb_cObject, NULL, mongo_sasl_conn_free, conn);
+  /* I'm guessing ruby raises on out of memory condition rather than */
+  /* returns NULL, hence no error checking is needed here? */
+  
+  /* from now on context owns conn */
+  /* since mongo_sasl_conn_free cleans up conn, we should NOT call */
+  /* sasl_dispose any more in this function. */
   rb_iv_set(self, "@context", context);
+  RB_GC_GUARD(context);
 
   result = sasl_client_start(conn, mechanism_list, NULL, &raw_payload, &raw_payload_len, &mechanism_selected);
   if (is_sasl_failure(result)) {
@@ -115,7 +128,9 @@ static VALUE initialize_challenge(VALUE self) {
     return Qfalse;
   }
 
-  result = sasl_encode64(raw_payload, raw_payload_len, encoded_payload, sizeof(encoded_payload), &encoded_payload_len);
+  /* cyrus-sasl considers `outmax` (fourth argument) to include the null */
+  /* terminator, but this is not documented. Be defensive and exclude it. */
+  result = sasl_encode64(raw_payload, raw_payload_len, encoded_payload, sizeof(encoded_payload)-1, &encoded_payload_len);
   if (is_sasl_failure(result)) {
     return Qfalse;
   }
@@ -135,17 +150,17 @@ static VALUE evaluate_challenge(VALUE self, VALUE rb_payload) {
   step_payload = RSTRING_PTR(rb_payload);
   step_payload_len = (int)RSTRING_LEN(rb_payload);
 
-  result = sasl_decode64(step_payload, step_payload_len, base_payload, sizeof(base_payload), &base_payload_len);
+  result = sasl_decode64(step_payload, step_payload_len, base_payload, sizeof(base_payload)-1, &base_payload_len);
   if (is_sasl_failure(result)) {
     return Qfalse;
   }
 
   result = sasl_client_step(conn, base_payload, base_payload_len, NULL, &out, &outlen);
   if (is_sasl_failure(result)) {
-  	return Qfalse;
+    return Qfalse;
   }
 
-  result = sasl_encode64(out, outlen, payload, sizeof(payload), &payload_len);
+  result = sasl_encode64(out, outlen, payload, sizeof(payload)-1, &payload_len);
   if (is_sasl_failure(result)) {
     return Qfalse;
   }
@@ -155,7 +170,7 @@ static VALUE evaluate_challenge(VALUE self, VALUE rb_payload) {
 
 VALUE c_GSSAPI_authenticator;
 
-void Init_native() {
+void Init_mongo_kerberos_native() {
   VALUE mongo, auth;
   mongo = rb_const_get(rb_cObject, rb_intern("Mongo"));
   auth = rb_const_get(mongo, rb_intern("Auth"));

data/lib/mongo/auth/kerberos.rb

@@ -22,13 +22,24 @@ module Mongo
     #
     # @since 2.0.0
     class Kerberos
-      include Executable
 
-      # The authentication mechinism string.
+      # The authentication mechanism string.
       #
       # @since 2.0.0
       MECHANISM = 'GSSAPI'.freeze
 
+      # Instantiate a new authenticator.
+      #
+      # example Create the authenticator.
+      #   Mongo::Auth::Kerberos.new(user)
+      #
+      # @param [ Mongo::Auth::User ] user The user to authenticate.
+      #
+      # @since 2.0.1
+      def initialize(user)
+        @user = user
+      end
+
       # Log the user in on the given connection.
       #
       # @example Log the user in.
@@ -41,10 +52,12 @@ module Mongo
       #
       # @since 2.0.0
       def login(connection)
-        conversation = Conversation.new(user, connection.address.host)
+        conversation = Conversation.new(@user, connection.address.host)
         reply = connection.dispatch([ conversation.start ])
+        connection.update_cluster_time(Operation::Result.new(reply))
         until reply.documents[0][Conversation::DONE]
           reply = connection.dispatch([ conversation.finalize(reply) ])
+          connection.update_cluster_time(Operation::Result.new(reply))
         end
         reply
       end

data/lib/mongo/auth/kerberos/conversation.rb

@@ -113,7 +113,7 @@ module Mongo
 
         # Create the new conversation.
         #
-        # @example Create the new coversation.
+        # @example Create the new conversation.
         #   Conversation.new(user, 'test.example.com')
         #
         # @param [ Auth::User ] user The user to converse about.

data/lib/mongo/auth/kerberos/jruby/authenticator.rb

@@ -13,7 +13,6 @@
 # limitations under the License.
 
 require 'java'
-require 'mongo/auth/kerberos/jsasl.jar'
 require 'mongo/auth/kerberos/native.jar'
 
 module Mongo

data/lib/mongo/auth/kerberos/mri/authenticator.rb

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'mongo/auth/kerberos/native'
+require 'mongo_kerberos_native'
 
 module Mongo
   module Auth

data/lib/mongo/auth/kerberos/version.rb

@@ -17,7 +17,7 @@ module Mongo
     class Kerberos
 
       # The gem version number.
-      VERSION = '2.0.0'.freeze
+      VERSION = '2.1.0'.freeze
     end
   end
 end

data/spec/mongo/auth/kerberos/conversation_spec.rb

@@ -20,6 +20,17 @@ describe Mongo::Auth::Kerberos::Conversation do
       and_return(authenticator)
   end
 
+  context 'when the user has a realm', if: RUBY_PLATFORM == 'java' do
+
+    let(:user) do
+      Mongo::Auth::User.new(user: 'user1@MYREALM.ME')
+    end
+
+    it 'includes the realm in the username as it was provided' do
+      expect(conversation.user.name).to eq(user.name)
+    end
+  end
+
   describe '#start' do
 
     let(:query) do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mongo_kerberos
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.1.0
 platform: ruby
 authors:
 - Emily Stolfo
@@ -11,27 +11,26 @@ bindir: bin
 cert_chain:
 - |
   -----BEGIN CERTIFICATE-----
-  MIIDfDCCAmSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMRQwEgYDVQQDDAtkcml2
-  ZXItcnVieTEVMBMGCgmSJomT8ixkARkWBTEwZ2VuMRMwEQYKCZImiZPyLGQBGRYD
-  Y29tMB4XDTE0MTEyMDE1NTYxOVoXDTE1MTEyMDE1NTYxOVowQjEUMBIGA1UEAwwL
-  ZHJpdmVyLXJ1YnkxFTATBgoJkiaJk/IsZAEZFgUxMGdlbjETMBEGCgmSJomT8ixk
-  ARkWA2NvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANFdSAa8fRm1
-  bAM9za6Z0fAH4g02bqM1NGnw8zJQrE/PFrFfY6IFCT2AsLfOwr1maVm7iU1+kdVI
-  IQ+iI/9+E+ArJ+rbGV3dDPQ+SLl3mLT+vXjfjcxMqI2IW6UuVtt2U3Rxd4QU0kdT
-  JxmcPYs5fDN6BgYc6XXgUjy3m+Kwha2pGctdciUOwEfOZ4RmNRlEZKCMLRHdFP8j
-  4WTnJSGfXDiuoXICJb5yOPOZPuaapPSNXp93QkUdsqdKC32I+KMpKKYGBQ6yisfA
-  5MyVPPCzLR1lP5qXVGJPnOqUAkvEUfCahg7EP9tI20qxiXrR6TSEraYhIFXL0EGY
-  u8KAcPHm5KkCAwEAAaN9MHswCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0O
-  BBYEFFt3WbF+9JpUjAoj62cQBgNb8HzXMCAGA1UdEQQZMBeBFWRyaXZlci1ydWJ5
-  QDEwZ2VuLmNvbTAgBgNVHRIEGTAXgRVkcml2ZXItcnVieUAxMGdlbi5jb20wDQYJ
-  KoZIhvcNAQEFBQADggEBAKjvumG2Fy9zAoSc1OEcmAqqOfzx1U+isGyEsz1rs5eT
-  HAIHsxaEdZTjSwDuqyelLDWJHWspeWU5pV5lepfI4cop29wwoPJIJ9Az2RMMbtdv
-  gFApVb6QX61OMenFeOdJ/QZ3n9xcrxJZFdvrXQ5GjEU2anq3dJhFeESwIMlfVJC7
-  7XrlMxizzH712DPfy65dMj0Y39qHdoWYKeCkEoj5UWNcHRK9xgaHJR6prlXrIhgb
-  o2UXDbWtz5PqoFd8EgNJAn3+BG1pwC9S9pVFG3WPucfAx/bE8iq/vvchHei5Y/Vo
-  aAz5f/hY4zFeYWvGDBHYEXE1rTN2hhMSyJscPcFbmz0=
+  MIIDRDCCAiygAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtkcml2
+  ZXItcnVieS9EQz0xMGdlbi9EQz1jb20wHhcNMTgxMDA0MTczODA5WhcNMTkxMDA0
+  MTczODA5WjAmMSQwIgYDVQQDDBtkcml2ZXItcnVieS9EQz0xMGdlbi9EQz1jb20w
+  ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRXUgGvH0ZtWwDPc2umdHw
+  B+INNm6jNTRp8PMyUKxPzxaxX2OiBQk9gLC3zsK9ZmlZu4lNfpHVSCEPoiP/fhPg
+  Kyfq2xld3Qz0Pki5d5i0/r14343MTKiNiFulLlbbdlN0cXeEFNJHUycZnD2LOXwz
+  egYGHOl14FI8t5visIWtqRnLXXIlDsBHzmeEZjUZRGSgjC0R3RT/I+Fk5yUhn1w4
+  rqFyAiW+cjjzmT7mmqT0jV6fd0JFHbKnSgt9iPijKSimBgUOsorHwOTMlTzwsy0d
+  ZT+al1RiT5zqlAJLxFHwmoYOxD/bSNtKsYl60ek0hK2mISBVy9BBmLvCgHDx5uSp
+  AgMBAAGjfTB7MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBRbd1mx
+  fvSaVIwKI+tnEAYDW/B81zAgBgNVHREEGTAXgRVkcml2ZXItcnVieUAxMGdlbi5j
+  b20wIAYDVR0SBBkwF4EVZHJpdmVyLXJ1YnlAMTBnZW4uY29tMA0GCSqGSIb3DQEB
+  CwUAA4IBAQAaVV3xYYK7qtbnTzctqafLFN4d6amxzWGs4KYpnCSr1BRJQYIiq8Zp
+  hjTZoOQlEiUP/4TlNg81sO4TY8RPbE3SAeIEfPWTiQYT7bD51KwOdOtegXSbhn5a
+  hEjUXYxYpVJdAqh4BGT78TY/3M1oPpOLnWRUI5TQ8S1BT5C+dqJG8fZW04C50LdL
+  P3JIZhI5pIae1pnGh/lS4oxAUxMVuILPJwHbtK7RkiIUOv3PA0JkPDnKLlKVSMks
+  oJ3hhwXc2QCuggX+vYTfFkm49uIb1jzivtRTIDwRWCfp3KKtV85BCM0UDTJqZBDe
+  JvwE2HAT8fOpY1c60+KRpfRKddtgMo7R
   -----END CERTIFICATE-----
-date: 2015-03-25 00:00:00.000000000 Z
+date: 2019-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mongo
@@ -39,21 +38,21 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: '2.0'
 description: Adds Kerberos authentication via libsasl to the MongoDB Ruby Driver on
   MRI and JRuby
 email:
 - mongodb-dev@googlegroups.com
 executables: []
 extensions:
-- ext/mongo/kerberos/extconf.rb
+- ext/mongo_kerberos/extconf.rb
 extra_rdoc_files: []
 files:
 - CONTRIBUTING.md
@@ -61,15 +60,12 @@ files:
 - NOTICE
 - README.md
 - Rakefile
-- ext/mongo/kerberos/extconf.rb
-- ext/mongo/kerberos/native.c
+- ext/mongo_kerberos/extconf.rb
+- ext/mongo_kerberos/mongo_kerberos_native.c
 - lib/mongo/auth/kerberos.rb
 - lib/mongo/auth/kerberos/conversation.rb
 - lib/mongo/auth/kerberos/jruby/authenticator.rb
-- lib/mongo/auth/kerberos/jsasl.jar
 - lib/mongo/auth/kerberos/mri/authenticator.rb
-- lib/mongo/auth/kerberos/native.bundle
-- lib/mongo/auth/kerberos/native.jar
 - lib/mongo/auth/kerberos/version.rb
 - lib/mongo_kerberos.rb
 - spec/mongo/auth/kerberos/conversation_spec.rb
@@ -95,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.6
 requirements: []
 rubyforge_project: mongo_kerberos
-rubygems_version: 2.2.2
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Kerberos authentication support for the MongoDB Ruby driver

metadata.gz.sig

@@ -1,3 +1,3 @@
-�<��xM~��t�,��͑�)a��'F���%���eLՕ=���q^R�L"}�,�Yk8�y���(�h���H��^��{�j�k�r'��3h`�'�������7b�� 4D�vb"�}��Oo�N��.[)�ߧ�
-��"�Q�n,6tMnN�>�A�"8yU�b<��\��	��x�
I��~��C�����]�n�ht
-�@o����6
+&�3\���8���`:�'�� Rf[�+�-Zs7��r�.&�:b��tf
+J$Me;A���)�����E��u��E�++l��)E��7���A����h����$������ﻞTM��5Cˑ�=[i/��`�;0�{*4�
+ʖS	�N�J�����Q��qW�����l]�hEɺ�$W�zdiƞ��u�{��:����A�y

���/lst(U�.qw�}�N��)�����!�19�8p�`Y����@0;B����{��%