net-ssh-kerberos 0.1.3 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Rakefile +33 -4
- data/VERSION.yml +2 -2
- data/lib/net/ssh/authentication/methods/gssapi_with_mic.rb +5 -8
- data/lib/net/ssh/kerberos.rb +7 -20
- data/lib/net/ssh/kerberos/constants.rb +3 -7
- data/lib/net/ssh/kerberos/context.rb +75 -0
- data/lib/net/ssh/kerberos/drivers.rb +57 -0
- data/lib/net/ssh/kerberos/drivers/gss.rb +263 -0
- data/lib/net/ssh/kerberos/drivers/sspi.rb +216 -0
- data/test/gss_context_test.rb +3 -4
- data/test/gss_test.rb +43 -61
- data/test/sspi_context_test.rb +2 -4
- data/test/sspi_test.rb +31 -39
- metadata +7 -20
- data/lib/net/ssh/kerberos/common/context.rb +0 -71
- data/lib/net/ssh/kerberos/gss.rb +0 -9
- data/lib/net/ssh/kerberos/gss/api.rb +0 -163
- data/lib/net/ssh/kerberos/gss/context.rb +0 -115
- data/lib/net/ssh/kerberos/sspi.rb +0 -5
- data/lib/net/ssh/kerberos/sspi/api.rb +0 -228
- data/lib/net/ssh/kerberos/sspi/context.rb +0 -76
@@ -1,76 +0,0 @@
|
|
1
|
-
require 'net/ssh/kerberos/common/context'
|
2
|
-
require 'net/ssh/kerberos/sspi/api'
|
3
|
-
|
4
|
-
module Net; module SSH; module Kerberos; module SSPI; class Context < Common::Context
|
5
|
-
|
6
|
-
include Win32::SSPI
|
7
|
-
|
8
|
-
def init(token=nil)
|
9
|
-
ctx = CtxtHandle.new
|
10
|
-
ts = TimeStamp.new
|
11
|
-
prev = @state[:handle] if @state
|
12
|
-
req = ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH | ISC_REQ_INTEGRITY
|
13
|
-
output = SecurityBuffer.new
|
14
|
-
input = SecurityBuffer.new(token) if token
|
15
|
-
ctxAttr = "\0" * 4
|
16
|
-
result = API::InitializeSecurityContext @credentials, prev, @server_krb_name, req, 0,
|
17
|
-
SECURITY_NATIVE_DREP, input, 0, ctx, output, ctxAttr, ts
|
18
|
-
result = API::CompleteAuthToken ctx, output if result.incomplete?
|
19
|
-
if result.failure?
|
20
|
-
input.token and raise GeneralError, "Error initializing security context: #{result} #{input.inspect}"
|
21
|
-
end
|
22
|
-
@state = State.new(ctx, result, output.token, ts)
|
23
|
-
if result.complete?
|
24
|
-
result = API::QueryContextAttributes ctx, SECPKG_ATTR_SIZES, @sizes=SecPkgSizes.new
|
25
|
-
@handle = @state.handle
|
26
|
-
end
|
27
|
-
@state.token
|
28
|
-
end
|
29
|
-
|
30
|
-
def get_mic(token=nil)
|
31
|
-
buffers = SecurityBuffer.new 2
|
32
|
-
buffers.set_buffer 0, SECBUFFER_DATA, token
|
33
|
-
buffers.set_buffer 1, SECBUFFER_TOKEN, nil, @sizes.max_signature
|
34
|
-
@state.result = API::MakeSignature @handle, 0, buffers, 0
|
35
|
-
unless @state.result.complete? and (token = buffers.token(1))
|
36
|
-
raise GeneralError, "Error creating the signature: #{result}"
|
37
|
-
end
|
38
|
-
|
39
|
-
begin return token.dup
|
40
|
-
ensure API::FreeContextBuffer token
|
41
|
-
end
|
42
|
-
end
|
43
|
-
|
44
|
-
private
|
45
|
-
|
46
|
-
def acquire_current_credentials
|
47
|
-
result = API::AcquireCredentialsHandle nil, "Kerberos", SECPKG_CRED_OUTBOUND, nil, nil, nil, nil,
|
48
|
-
creds=CredHandle.new, ts=TimeStamp.new
|
49
|
-
result.ok? or raise GeneralError, "Error acquiring credentials: #{result}"
|
50
|
-
|
51
|
-
buff = "\0\0\0\0"
|
52
|
-
result = API::QueryCredentialsAttributes creds, SECPKG_CRED_ATTR_NAMES, buff
|
53
|
-
if result.ok?
|
54
|
-
name = buff.to_ptr.ptr
|
55
|
-
begin return [creds, name.to_s.dup]
|
56
|
-
ensure API::FreeContextBuffer name
|
57
|
-
end
|
58
|
-
end
|
59
|
-
end
|
60
|
-
|
61
|
-
def release_credentials(creds)
|
62
|
-
creds.nil? or API::FreeCredentialsHandle creds
|
63
|
-
end
|
64
|
-
|
65
|
-
def import_server_name(host)
|
66
|
-
['host/'+host, 'host/'+host]
|
67
|
-
end
|
68
|
-
|
69
|
-
def release_server_name(target)
|
70
|
-
end
|
71
|
-
|
72
|
-
def delete_context(handle)
|
73
|
-
handle.nil? or API::DeleteSecurityContext handle
|
74
|
-
end
|
75
|
-
|
76
|
-
end; end; end; end; end
|