net-ssh-kerberos 0.1.3 → 0.2.0

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: net-ssh-kerberos
 version: !ruby/object:Gem::Version 
-  version: 0.1.3
+  version: 0.2.0
 platform: ruby
 authors: 
 - Joe Khoobyar
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-10-16 00:00:00 -04:00
+date: 2009-10-18 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -22,18 +22,8 @@ dependencies:
       - !ruby/object:Gem::Version 
         version: "2.0"
     version: 
-- !ruby/object:Gem::Dependency 
-  name: rubysspi
-  type: :runtime
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "1.3"
-    version: 
 description: |
-  Adds support for Microsoft Kerberos (SSPI) with the Net:SSH gem.
+  Extends Net::SSH by adding Kerberos authentication capability for password-less logins on multiple platforms.
 
 email: joe@ankhcraft.com
 executables: []
@@ -50,17 +40,14 @@ files:
 - VERSION.yml
 - lib/net/ssh/authentication/methods/gssapi_with_mic.rb
 - lib/net/ssh/kerberos.rb
-- lib/net/ssh/kerberos/common/context.rb
 - lib/net/ssh/kerberos/constants.rb
-- lib/net/ssh/kerberos/gss.rb
-- lib/net/ssh/kerberos/gss/api.rb
-- lib/net/ssh/kerberos/gss/context.rb
+- lib/net/ssh/kerberos/context.rb
+- lib/net/ssh/kerberos/drivers.rb
+- lib/net/ssh/kerberos/drivers/gss.rb
+- lib/net/ssh/kerberos/drivers/sspi.rb
 - lib/net/ssh/kerberos/kex.rb
 - lib/net/ssh/kerberos/kex/krb5_diffie_hellman_group1_sha1.rb
 - lib/net/ssh/kerberos/kex/krb5_diffie_hellman_group_exchange_sha1.rb
-- lib/net/ssh/kerberos/sspi.rb
-- lib/net/ssh/kerberos/sspi/api.rb
-- lib/net/ssh/kerberos/sspi/context.rb
 - test/gss_context_test.rb
 - test/gss_test.rb
 - test/net_ssh_kerberos_test.rb

data/lib/net/ssh/kerberos/common/context.rb

@@ -1,71 +0,0 @@
-module Net; module SSH; module Kerberos; module Common; class Context
-
-  class GeneralError < StandardError; end
-
-  class State < Struct.new(:handle, :result, :token, :timestamp)
-    def complete?; result.complete? end
-  end
-
-  attr_reader :cred_name, :cred_krb_name, :server_name, :server_krb_name
-
-  def initialize
-    raise "Don't create this class directly - use a subclass" if self.class == Context
-  end
-
-  def create(user, host)
-    dispose if @credentials or @target or @handle
-
-    creds, name = acquire_current_credentials
-    begin
-      @cred_name = name.to_s.sub(/^[^\\\/]*[\\\/]/, '')
-      @cred_krb_name = @cred_name.gsub('@', '/');
-
-      z = (user.include?('@') ? user.gsub('@','/') : user+'/')
-      unless z.downcase == @cred_krb_name[0,z.length].downcase
-        raise GeneralError, "Credentials mismatch: current is #{@cred_name}, requested is #{user}"
-      end
-      @credentials = creds
-    ensure
-      if @credentials.nil?
-        release_credentials creds
-        @cred_name = @cred_krb_name = nil
-      end
-    end
-
-    @server_name = Socket.gethostbyname(host)[0]
-    @target, @server_krb_name = import_server_name host
-
-    true
-  end
-
-  def credentials?; ! @credentials.nil? end
-  
-  def established?; ! @handle.nil? && (@state.nil? || @state.complete?) end
-  
-  def init(token=nil); raise NotImplementedError, "subclasses must implement this method" end
-  
-  def get_mic(token=nil); raise NotImplementedError, "subclasses must implement this method" end
-  
-  def dispose
-    @handle and delete_context @handle
-    @credentials and release_credentials @credentials
-    @target and release_server_name @target
-  ensure
-    @credentials = @cred_name = @cred_krb_name = nil
-    @target = @server_name = @server_krb_name = nil
-    @handle = @state = nil
-  end 
-
-private
-
-  def acquire_current_credentials; raise NotImplementedError, "subclasses must implement this method" end
-
-  def release_credentials(creds); raise NotImplementedError, "subclasses must implement this method" end
-
-  def import_server_name(host); raise NotImplementedError, "subclasses must implement this method" end
-
-  def release_server_name(target); raise NotImplementedError, "subclasses must implement this method" end
-
-  def delete_context(handle); raise NotImplementedError, "subclasses must implement this method" end
-
-end; end; end; end; end

data/lib/net/ssh/kerberos/gss.rb

@@ -1,9 +0,0 @@
-if ! defined? Net::SSH::Kerberos::SSPI::Context
-  $stderr.puts "warning: Kerberos support using GSSAPI is not fully tested."
-end
-
-require 'net/ssh/kerberos/gss/api'
-require 'net/ssh/kerberos/gss/context'
-
-module Net; module SSH; module Kerberos; module GSS
-end; end; end; end

data/lib/net/ssh/kerberos/gss/api.rb

@@ -1,163 +0,0 @@
-require 'dl/import'
-require 'dl/struct'
-
-module Net; module SSH; module Kerberos; module GSS;
-
-  module API
-
-    extend DL::Importable
-
-    def self.struct2(fields, &block)
-      t = struct fields
-      return t unless block_given?
-      t.instance_variable_set :@methods, Module.new(&block)
-      class << t
-        alias :new_struct :new
-        def new(ptr)
-          mem = new_struct(ptr)
-          mem.extend @methods
-          mem
-        end
-      end
-      t
-    end
-
-    if RUBY_PLATFORM =~ /cygwin/
-      dlload('cyggss-1.dll')
-    else
-      dlload('libgssapi_krb5.so')
-    end 
-
-    typealias 'OM_uint32', 'unsigned int'
-    typealias 'size_t', 'unsigned int'
-
-    GssBuffer = struct [ "size_t length", "char *value" ]
-    typealias 'gss_buffer_desc', 'GssBuffer'
-    typealias 'gss_buffer_t', 'gss_buffer_desc *'
-    GssOID = struct2 [ "OM_uint32 length", "char *elements" ] do
-      def to_hex
-        s = elements.to_s
-        s.unpack("H2" * s.length).join ' '
-      end
-    end
-    typealias 'gss_OID_desc', 'GssOID'
-    typealias 'gss_OID', 'gss_OID_desc *'
-    GssOIDSet = struct [ "size_t count", "gss_OID elements" ]
-    typealias 'gss_OID_set_desc', 'GssOIDSet'
-    typealias 'gss_OID_set', 'gss_OID_set_desc *'
-
-    typealias 'gss_ctx_id_t', 'void *'
-    typealias 'gss_cred_id_t', 'void *'
-    typealias 'gss_name_t', 'void *'
-    typealias 'gss_qop_t', 'OM_uint32'
-    typealias 'gss_cred_usage_t', 'int'
-
-    GssNameRef = struct [ "gss_name_t handle" ]
-    GssContextRef = struct [ "gss_ctx_id_t handle" ]
-    GssCredRef = struct [ "gss_cred_id_t handle" ]
-    OM_uint32Ref = struct [ "OM_uint32 value" ]
-    GssCredUsageRef = struct [ "int value" ]
-
-    GssOIDRef = struct2 [ "GssOID *ptr" ] do
-      def oid
-        @oid = GssOID.new(ptr) if (@oid.nil? or @oid.to_ptr != ptr) and ! ptr.nil?
-        @oid
-      end
-    end
-
-    GssOIDSetRef = struct2 [ "GssOIDSet *ptr" ] do
-      def oidset
-        @oidset = GssOIDSet.new(ptr) if (@oidset.nil? or @oidset.to_ptr != ptr) and ! ptr.nil?
-        @oidset
-      end
-    end
-
-    class GssResult < Struct.new(:major, :minor, :status, :calling_error, :routine_error)
-      def initialize(result, minor=nil)
-        self.major = (result >> 16) & 0x0000ffff
-        self.minor = minor.value if minor.respond_to? :value
-        self.status = result & 0x0000ffff
-        self.calling_error = (major >> 8) & 0x00ff
-        self.routine_error = major & 0x00ff
-      end
-
-      def ok?; major.zero? end
-
-      def complete?; status.zero? end
-
-      def incomplete?; false end
-
-      def failure?; major.nonzero? end
-
-      def temporary_failure?
-        routine_error==GSS_S_CREDENTIALS_EXPIRED ||
-          routine_error==GSS_S_CONTEXT_EXPIRED ||
-          routine_error==GSS_S_UNAVAILABLE
-      end
-
-      def to_s; "%#4.4x%4.4x [%#8.8x]" % [major, status, minor] end
-    end
-
-    extern "OM_uint32 gss_acquire_cred (OM_uint32 *, gss_name_t, OM_uint32, gss_OID_set, gss_cred_usage_t, gss_cred_id_t *, gss_OID_set *, OM_uint32 *)"
-    extern "OM_uint32 gss_inquire_cred (OM_uint32 *, gss_cred_id_t, gss_name_t *, OM_uint32 *, gss_cred_usage_t *, gss_OID_set *)"
-    extern "OM_uint32 gss_release_cred (OM_uint32 *, gss_cred_id_t *)"
-    extern "OM_uint32 gss_import_name (OM_uint32 *, gss_buffer_t, gss_OID, gss_name_t *)"
-    extern "OM_uint32 gss_release_name (OM_uint32 *, gss_name_t *)"
-    extern "OM_uint32 gss_display_name (OM_uint32 *, gss_name_t, gss_buffer_t, gss_OID *)"
-    extern "OM_uint32 gss_release_buffer (OM_uint32 *, gss_buffer_t)"
-    extern "OM_uint32 gss_release_oid_set (OM_uint32 *, gss_OID_set *)"
-    extern "OM_uint32 gss_init_sec_context (OM_uint32 *, gss_cred_id_t, gss_ctx_id_t *, gss_name_t, gss_OID, OM_uint32, OM_uint32, void *, gss_buffer_t, gss_OID *, gss_buffer_t, OM_uint32 *, OM_uint32 *)"
-    extern "OM_uint32 gss_delete_sec_context (OM_uint32 *, gss_ctx_id_t *, gss_buffer_t)"
-    extern "OM_uint32 gss_get_mic(OM_uint32 *, gss_ctx_id_t, gss_qop_t, gss_buffer_t, gss_buffer_t)"
-
-    if @LIBS.empty? and ! defined? Net::SSH::Kerberos::SSPI::Context
-      $stderr.puts "error: Failed to a find a supported GSS implementation on this platform (#{RUBY_PLATFORM})"
-    end
-  end
-
-  GSS_C_INITIATE = 1
-
-  GSS_C_DELEG_FLAG      = 1
-  GSS_C_MUTUAL_FLAG     = 2
-  GSS_C_REPLAY_FLAG     = 4
-  GSS_C_SEQUENCE_FLAG   = 8
-  GSS_C_CONF_FLAG       = 16
-  GSS_C_INTEG_FLAG      = 32
-  GSS_C_ANON_FLAG       = 64
-  GSS_C_PROT_READY_FLAG = 128
-  GSS_C_TRANS_FLAG      = 256
-
-  GSS_C_NO_NAME         = nil
-  GSS_C_NO_BUFFER       = nil
-  GSS_C_NO_OID          = nil
-  GSS_C_NO_OID_SET      = nil
-  GSS_C_NO_CONTEXT      = nil
-  GSS_C_NO_CREDENTIAL   = nil
-  GSS_C_NO_CHANNEL_BINDINGS = nil
-  GSS_C_QOP_DEFAULT     = 0
-
-  GSS_S_COMPLETE        = 0
-  GSS_S_CONTINUE_NEEDED = 1
-  GSS_S_DUPLICATE_TOKEN = 2
-  GSS_S_OLD_TOKEN       = 4
-  GSS_S_UNSEQ_TOKEN     = 8
-  GSS_S_GAP_TOKEN       = 16
-
-  #--
-  # GSSAPI / Kerberos 5  OID(s)
-  #++
-  GSS_C_NT_PRINCIPAL = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"
-  GSS_C_NT_MACHINE_UID_NAME = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"
-  GSS_C_NT_STRING_UID_NAME = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"
-  GSS_C_NT_HOSTBASED_SERVICE = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"
-  GSS_C_NT_ANONYMOUS = "\x2b\x06\01\x05\x06\x03"
-  GSS_C_NT_EXPORT_NAME = "\x2b\x06\01\x05\x06\x04"
-  GSS_KRB5_MECH = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"
-  GSS_KRB5_MECH_USER2USER = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x03"
-
-  #--
-  # GSSAPI / Kerberos 5  Deprecated / Proprietary OID(s)
-  #++
-  GSS_C_NT_HOSTBASED_SERVICE_X = "\x2b\x06\x01\x05\x06\x02"
-
-end; end; end; end

data/lib/net/ssh/kerberos/gss/context.rb

@@ -1,115 +0,0 @@
-require 'net/ssh/kerberos/common/context'
-require 'net/ssh/kerberos/gss/api'
-
-module Net; module SSH; module Kerberos; module GSS; class Context < Common::Context
-
-  GssResult = API::GssResult
-
-  def init(token=nil)
-    minor_status = API::OM_uint32Ref.malloc
-
-    mech = API::GssOID.malloc
-    mech.elements = GSS_KRB5_MECH
-    mech.length = GSS_KRB5_MECH.length
-    actual_mech = API::GssOIDRef.malloc
-    buffer = API::GssBuffer.malloc
-    if token.nil?
-      input = GSS_C_NO_BUFFER
-    else
-      input = API::GssBuffer.malloc
-      input.value = token.to_ptr
-      input.length = token.length
-    end
-    if @state.nil? or @state.handle.nil?
-      context = API::GssContextRef.malloc
-      context.handle = GSS_C_NO_CONTEXT
-    else
-      context = @state.handle
-    end
-    result = GssResult.new API.gss_init_sec_context(minor_status, @credentials, context, @target.handle, mech,
-                                                    GSS_C_DELEG_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG, 60,
-                                                    GSS_C_NO_CHANNEL_BINDINGS, input, actual_mech, buffer, nil, nil), minor_status
-    result.failure? and raise GeneralError, "Error initializing security context: #{result.major} #{input.length}"
-    begin
-      @state = State.new(context, result, (buffer.value && buffer.value.to_s(buffer.length).dup), nil)
-      @handle = @state.handle if result.complete?
-      return @state.token
-    ensure
-      API.gss_release_buffer(minor_status, buffer) unless buffer.value.nil?
-    end
-  end
-  
-  def get_mic(token=nil)
-    minor_status = API::OM_uint32Ref.malloc
-    input = API::GssBuffer.malloc
-    input.value = token.to_ptr
-    input.length = token.length
-    output = API::GssBuffer.malloc
-    @state.result = GssResult.new API.gss_get_mic(minor_status, @handle.handle, GSS_C_QOP_DEFAULT, input, output), minor_status
-    unless @state.result.complete? and output
-      raise GeneralError, "Error creating the signature: #{@state.result}"
-    end
-    begin return output.value.to_s(output.length).dup
-    ensure API.gss_release_buffer minor_status, output
-    end
-  end
-
-protected
-
-  def state; @state end
-  
-private
-  
-  def acquire_current_credentials
-    minor_status = API::OM_uint32Ref.malloc
-    creds = API::GssCredRef.malloc
-    result = GssResult.new API.gss_acquire_cred(minor_status, nil, 60, nil, GSS_C_INITIATE, creds, nil, nil), minor_status
-    result.ok? or raise GeneralError, "Error acquiring credentials: #{result}"
-    begin
-      name = API::GssNameRef.malloc
-      result = GssResult.new API.gss_inquire_cred(minor_status, creds.handle, name, nil, nil, nil), minor_status
-      result.ok? or raise GeneralError, "Error inquiring credentials: #{result}"
-      begin
-        buffer = API::GssBuffer.malloc
-        result = GssResult.new API.gss_display_name(minor_status, name.handle, buffer, nil), minor_status
-        result.ok? or raise GeneralError, "Error getting display name: #{result}"
-        begin return [creds, buffer.value.to_s.dup]
-        ensure API.gss_release_buffer API::OM_uint32Ref.malloc, buffer
-        end
-      ensure
-        API.gss_release_name API::OM_uint32Ref.malloc, name
-      end
-    ensure
-      API.gss_release_cred API::OM_uint32Ref.malloc, creds
-    end
-  end
-
-  def release_credentials(creds)
-    creds.nil? or API.gss_release_cred API::OM_uint32Ref.malloc, creds
-  end
-
-  def import_server_name(host)
-    host = 'host@' + host
-    minor_status = API::OM_uint32Ref.malloc
-    buffer = API::GssBuffer.malloc
-    buffer.value = host.to_ptr
-    buffer.length = host.length
-    mech = API::GssOID.malloc
-    mech.elements = GSS_C_NT_HOSTBASED_SERVICE
-    mech.length = GSS_C_NT_HOSTBASED_SERVICE.length
-    target = API::GssNameRef.malloc
-    result = GssResult.new API.gss_import_name(minor_status, buffer, mech, target), minor_status
-    result.failure? and raise GeneralError, "Error importing name: #{result} #{input.inspect}"
-
-    [target, host]
-  end
-
-  def release_server_name(target)
-    target.nil? or API.gss_release_name API::OM_uint32Ref.malloc, target
-  end
-
-  def delete_context(handle)
-    handle.nil? or API.gss_delete_sec_context API::OM_uint32Ref.malloc, handle, nil
-  end
-
-end; end; end; end; end

data/lib/net/ssh/kerberos/sspi.rb

@@ -1,5 +0,0 @@
-require 'net/ssh/kerberos/sspi/api'
-require 'net/ssh/kerberos/sspi/context'
-
-module Net; module SSH; module Kerberos; module SSPI
-end; end; end; end

data/lib/net/ssh/kerberos/sspi/api.rb

@@ -1,228 +0,0 @@
-require 'win32/sspi'
-require 'dl'
-
-module Win32; module SSPI
-
-  SECPKG_CRED_ATTR_NAMES = 1
-
-  ISC_REQ_DELEGATE                = 0x00000001
-  ISC_REQ_MUTUAL_AUTH             = 0x00000002
-  ISC_REQ_INTEGRITY               = 0x00010000
-
-  SECPKG_ATTR_AUTHORITY = 6
-  SECPKG_ATTR_CONNECTION_INFO = 90
-  SECPKG_ATTR_ISSUER_LIST = 80
-  SECPKG_ATTR_ISSUER_LIST_EX = 89
-  SECPKG_ATTR_KEY_INFO = 5
-  SECPKG_ATTR_LIFESPAN = 2
-  SECPKG_ATTR_LOCAL_CERT_CONTEXT = 84
-  SECPKG_ATTR_LOCAL_CRED = 82
-  SECPKG_ATTR_NAMES = 1
-  SECPKG_ATTR_PROTO_INFO = 7
-  SECPKG_ATTR_REMOTE_CERT_CONTEXT = 83
-  SECPKG_ATTR_REMOTE_CRED = 81
-  SECPKG_ATTR_SIZES = 0
-  SECPKG_ATTR_STREAM_SIZES = 4
-  
-  # Buffer types
-  SECBUFFER_EMPTY = 0
-  SECBUFFER_DATA = 1
-  SECBUFFER_TOKEN = 2
-  SECBUFFER_PKG_PARAMS = 3
-  SECBUFFER_MISSING = 4
-  SECBUFFER_EXTRA = 5
-  SECBUFFER_STREAM_TRAILER = 6
-  SECBUFFER_STREAM_HEADER = 7
-  SECBUFFER_PADDING = 9
-  SECBUFFER_STREAM = 10
-  SECBUFFER_MECHLIST = 11
-  SECBUFFER_MECHLIST_SIGNATURE = 12
-  SECBUFFER_TARGET = 13
-  SECBUFFER_CHANNEL_BINDINGS = 14
-  SECBUFFER_CHANGE_PASS_RESPONSE = 15
-  SECBUFFER_TARGET_HOST = 16
-  SECBUFFER_READONLY = 0x80000000
-  SECBUFFER_READONLY_WITH_CHECKSUM = 0x10000000
-  SECBUFFER_ATTRMASK = 0xf0000000
-  
-  # Good results
-  SEC_E_OK = 0x00000000
-  SEC_I_RENEGOTIATE = 590625;
-  SEC_I_COMPLETE_AND_CONTINUE = 590612;
-  SEC_I_COMPLETE_NEEDED = 590611;
-  SEC_I_CONTINUE_NEEDED = 590610;
-  SEC_I_INCOMPLETE_CREDENTIALS = 590624;
-
-  # These are generally returned by InitializeSecurityContext
-  SEC_E_INSUFFICIENT_MEMORY = 0x80090300
-  SEC_E_INTERNAL_ERROR = 0x80090304
-  SEC_E_INVALID_HANDLE = 0x80090301
-  SEC_E_INVALID_TOKEN = 0x80090308
-  SEC_E_LOGON_DENIED = 0x8009030C
-  SEC_E_NO_AUTHENTICATING_AUTHORITY = 0x80090311
-  SEC_E_NO_CREDENTIALS = 0x8009030E
-  SEC_E_TARGET_UNKNOWN = 0x80090303
-  SEC_E_UNSUPPORTED_FUNCTION = 0x80090302
-  SEC_E_WRONG_PRINCIPAL = 0x80090322
-
-  # These are generally returned by AcquireCredentialsHandle
-  SEC_E_NOT_OWNER = 0x80090306
-  SEC_E_SECPKG_NOT_FOUND = 0x80090305
-  SEC_E_UNKNOWN_CREDENTIALS = 0x8009030D
-
-  module API
-    QuerySecurityPackageInfo = Win32API.new("secur32", "QuerySecurityPackageInfoA", 'pp', 'L')
-    QueryCredentialsAttributes = Win32API.new("secur32", "QueryCredentialsAttributesA", 'pLp', 'L')
-    QueryContextAttributes = Win32API.new("secur32", "QueryContextAttributesA", 'pLp', 'L')
-    CompleteAuthToken = Win32API.new("secur32", "CompleteAuthToken", 'pp', 'L')
-    MakeSignature = Win32API.new("secur32", "MakeSignature", 'pLpL', 'L')
-    FreeContextBuffer = Win32API.new("secur32", "FreeContextBuffer", 'P', 'L')
-
-  private
-
-    def self.method_missing(symbol, *args)
-      return super unless const_defined? symbol and Win32API === (api = const_get(symbol))
-      result = SSPIResult.new api.call(*args)
-      args = (1..(args.length)).inject([]) { |v,n| v << "a#{n}" }.join ', '
-      class_eval "def self.#{symbol}(#{args}); SSPIResult.new #{symbol}.call(#{args}) end"
-      result
-    end
-  end
-
-  SecPkgCredentialsNames = Struct.new(:user_name)
-
-  class SecurityHandle
-    def nil?; @struct.unpack('Q').first.zero? end
-    alias :to_str :to_p
-  end
-
-  class TimeStamp
-    def nil?; @struct.unpack('Q').first.zero? end
-    alias :to_str :to_p
-  end
-
-  class SSPIResult
-    def ok?; (value & 0x80000000).zero? end
-
-    def complete?; value.zero? end
-
-    def incomplete?; SEC_I_COMPLETE_NEEDED==value || SEC_I_COMPLETE_AND_CONTINUE==value end
-
-    def failure?; (value & 0x80000000).nonzero? end
-
-    def temporary_failure?
-      value==SEC_E_LOGON_DENIED || value==SEC_E_NO_AUTHENTICATING_AUTHORITY || value==SEC_E_NO_CREDENTIALS
-    end
-  end
-  
-  class SecPkgInfo
-    attr_reader :struct
-    
-    def capabilities; unpacked[0] end
-    def max_token; unpacked[2] end
-    def name; unpacked[3] end
-    def comment; unpacked[4] end 
-    
-    def unpacked;
-      @unpacked ||= @struct.to_ptr.ptr.to_a("LLL", 3) + (@struct.to_ptr.ptr + 12).to_a("SS", 2)
-    end
-    
-    def to_p; @struct ||= "\0" * 4 end
-    alias :to_str :to_p
-  end
-
-	class SecPkgSizes
-	  attr_reader :struct
-	  
-	  def max_token; unpacked[0] end
-	  def max_signature; unpacked[1] end
-	  def block_size; unpacked[2] end 
-	  def security_trailer; unpacked[3] end
-	  
-	  def unpacked;
-	    @unpacked ||= @struct.unpack("LLLL")
-	  end
-	  
-	  def to_p; @struct ||= "\0" * 16 end
-    alias :to_str :to_p
-	end
-	
-	# Creates binary representaiton of a SecBufferDesc structure,
-	# including the SecBuffer contained inside.
-	class SecurityBuffer
-	
-	  def initialize(buffers=nil)
-	    case buffers
-	    when String
-		    @bufferTokens = [ buffers.dup ]
-		    @bufferSizes = [ buffers.length ]
-		    @bufferTypes = [ SECBUFFER_TOKEN ]
-		  when Fixnum
-		    @bufferTokens = [ "\0" * TOKENBUFSIZE ] * buffers
-		    @bufferSizes = [ TOKENBUFSIZE ] * buffers
-		    @bufferTypes = [ SECBUFFER_TOKEN ] * buffers
-		  when NilClass
-		    @bufferTokens = [ "\0" * TOKENBUFSIZE ]
-		    @bufferSizes = [ TOKENBUFSIZE ]
-		    @bufferTypes = [ SECBUFFER_TOKEN ]
-	    else
-	      raise ArgumentError
-		  end
-	  end
-	  
-	  def bufferSize(n=0)
-	    unpack
-	    @bufferSizes[n]
-	  end
-	  
-	  def bufferType(n=0)
-	    unpack
-	    @bufferTypes[n]
-	  end
-	  
-	  def token(n=0)
-	    unpack
-	    @bufferTokens[n]
-	  end
-	  
-	  def set_buffer(n=0, type=SECBUFFER_TOKEN, token=nil, size=nil)
-	    @bufferTypes[n] = type
-	    @bufferSizes[n] = size || (token.nil? ? 0 : token.length)
-	    @bufferTokens[n] = (token.nil? && size && size > 0) ? "\0" * (size+1) : token
-	  end
-	  
-	  def to_p
-	    # Assumption is that when to_p is called we are going to get a packed structure. Therefore,
-	    # set @unpacked back to nil so we know to unpack when accessors are next accessed.
-	    @unpacked = nil
-	    # Assignment of inner structure to variable is very important here. Without it,
-	    # will not be able to unpack changes to the structure. Alternative, nested unpacks,
-	    # does not work (i.e. @struct.unpack("LLP12")[2].unpack("LLP12") results in "no associated pointer")
-	    @sec_buffers ||= @bufferTokens.inject([]) do |v,t|
-	      v.push @bufferSizes[v.size / 3], @bufferTypes[v.size / 3], t
-	    end.pack("LLP" * @bufferTokens.size)
-	    @struct ||= [SECBUFFER_VERSION, @bufferTokens.size, @sec_buffers].pack("LLP")    
-	  end
-    alias :to_str :to_p
-	
-	private
-	
-	  # Unpacks the SecurityBufferDesc structure into member variables. We
-	  # only want to do this once per struct, so the struct is deleted
-	  # after unpacking. 
-	  def unpack
-	    if ! @unpacked && @sec_buffers && @struct
-	      d = @sec_buffers.unpack("LLL" * @bufferTokens.size)
-	      k = ''; 0.upto(@bufferTokens.size - 1) do |n| k << "LLP#{d[n * 3]}" end
-	      d = @sec_buffers.unpack(k)
-	      0.upto(@bufferTokens.size - 1) do |n| @bufferSizes[n] = d[n * 3] end
-	      0.upto(@bufferTokens.size - 1) do |n| @bufferTypes[n] = d[n * 3 + 1] end
-	      0.upto(@bufferTokens.size - 1) do |n| @bufferTokens[n] = d[n * 3 + 2] end
-	      @struct = nil
-	      @sec_buffers = nil
-	      @unpacked = true
-	    end
-	  end
-	end
-	
-end; end