net-ssh-kerberos 0.2.1 → 0.2.2

data/.document

@@ -0,0 +1,5 @@
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/.gitignore

@@ -0,0 +1,8 @@
+*.sw?
+.buildpath
+.project
+.DS_Store
+coverage
+doc
+rdoc
+pkg

data/Rakefile

@@ -43,33 +43,36 @@ rescue LoadError
 end
 
 # These are new tasks
-begin
-  require 'rake/contrib/sshpublisher'
-  namespace :rubyforge do
-
-    desc "Release gem and RDoc documentation to RubyForge"
-    task :release => ["rubyforge:release:gem", "rubyforge:release:docs"]
-
-    namespace :release do
-      desc "Publish RDoc to RubyForge."
-      task :docs => [:rdoc] do
-        config = YAML.load(
-            File.read(File.expand_path('~/.rubyforge/user-config.yml'))
-        )
-
-        host = "#{config['username']}@rubyforge.org"
-        remote_dir = "/var/www/gforge-projects/net-ssh-krb/"
-        local_dir = 'doc'
-
-        Rake::SshDirPublisher.new(host, remote_dir, local_dir).upload
-      end
-    end
-  end
-rescue LoadError
-  puts "Rake SshDirPublisher is unavailable or your rubyforge environment is not configured."
+#begin
+#  require 'rake/contrib/sshpublisher'
+#  namespace :rubyforge do
+#
+#    desc "Release gem and RDoc documentation to RubyForge"
+#    task :release => ["rubyforge:release:gem", "rubyforge:release:docs"]
+#
+#    namespace :release do
+#      desc "Publish RDoc to RubyForge."
+#      task :docs => [:rdoc] do
+#        config = YAML.load(
+#            File.read(File.expand_path('~/.rubyforge/user-config.yml'))
+#        )
+#
+#        host = "#{config['username']}@rubyforge.org"
+#        remote_dir = "/var/www/gforge-projects/net-ssh-krb/"
+#        local_dir = 'doc'
+#
+#        Rake::SshDirPublisher.new(host, remote_dir, local_dir).upload
+#      end
+#    end
+#  end
+#rescue LoadError
+#  puts "Rake SshDirPublisher is unavailable or your rubyforge environment is not configured."
+#end
+#
+Jeweler::RubyforgeTasks.new do |rubyforge|
+  rubyforge.doc_task = "rdoc"
 end
 
-
 task :default => :test
 
 require 'rake/rdoctask'
@@ -84,7 +87,7 @@ Rake::RDocTask.new do |rdoc|
     '--main' << 'README.rdoc' <<
     '--charset' << 'utf-8'
 
-  rdoc.rdoc_dir = 'doc'
+  rdoc.rdoc_dir = 'rdoc'
   rdoc.title = "Net::SSH::Kerberos #{version}"
   rdoc.rdoc_files.include('README*')
   rdoc.rdoc_files.include('lib/**/*.rb')

data/VERSION.yml

@@ -1,4 +1,4 @@
 --- 
-:major: 0
 :minor: 2
-:patch: 1
+:patch: 2
+:major: 0

data/example/Capfile

@@ -0,0 +1,3 @@
+require 'net/ssh/kerberos'
+set :ssh_options, { :auth_methods => %w(gssapi-with-mic publickey hostbased password keyboard-interactive) }
+

data/example/gss.rb

@@ -0,0 +1,91 @@
+require 'socket'
+require 'rubygems'
+gem 'net-ssh'
+$:.unshift File.join(File.dirname(__FILE__), '..', 'lib')
+require 'net/ssh'
+require 'net/ssh/errors'
+require 'net/ssh/kerberos'
+
+unless Net::SSH::Kerberos::Drivers.available.include? 'GSS'
+  $stderr.puts "No drivers supporting GSSAPI could be loaded."
+  exit 1
+end
+
+include Net::SSH::Kerberos::Drivers::GSS
+include Net::SSH::Kerberos::Constants
+
+result = API.gss_acquire_cred nil, 60, nil, GSS_C_INITIATE, nil, nil, 0
+if result.ok?
+  creds = API._args_[4]
+  $stderr.puts "gss_acquire_cred: (#{result}) => #{creds.to_i}"
+  begin
+    result = API.gss_inquire_cred creds, nil, 0, 0, nil
+    if result.ok?
+      name, oids = API._args_[1], API._args_[4]
+      $stderr.puts "gss_inquire_cred: (#{result}) #{oids.inspect}"
+      begin
+        result = API.gss_display_name name, buffer=API::GssBuffer.malloc, nil
+        if result.ok?
+          oid = API._args_[2]
+          $stderr.puts "gss_display_name: (#{result}) #{buffer} #{oid.inspect}"
+          result = API.gss_release_buffer buffer
+          $stderr.puts "gss_release_buffer: (#{result})"
+        else
+          $stderr.puts "gss_display_name failed : (#{result})"
+        end
+      ensure
+        result = API.gss_release_oid_set oids
+        $stderr.puts "gss_release_oid_set: (#{result})"
+        result = API.gss_release_name name
+        $stderr.puts "gss_release_name: (#{result})"
+      end
+    else
+      $stderr.puts "gss_inquire_cred failed: (#{result})"
+    end
+
+
+    target_name = 'host@'+Socket.gethostbyname(`hostname || echo "localhost"`.strip)[0]
+    buffer = API::GssBuffer.malloc
+    buffer.value = target_name
+    buffer.length = target_name.length
+    API.gss_import_name buffer, GSS_C_NT_HOSTBASED_SERVICE, nil
+    if result.ok?
+      target = API._args_[2]
+      $stderr.puts "gss_import_name: (#{result}) #{target.to_i}"
+      begin
+        result = API.gss_display_name target, buffer, nil
+        if result.ok?
+          oid = API._args_[2]
+          $stderr.puts "gss_display_name: (#{result}) #{buffer} #{oid.inspect}"
+          result = API.gss_release_buffer buffer
+          $stderr.puts "gss_release_buffer: (#{result})"
+        else
+          $stderr.puts "gss_display_name failed : (#{result})"
+        end
+        result = API.gss_init_sec_context creds, GSS_C_NO_CONTEXT, target, GSS_C_KRB5,
+                                          GSS_C_DELEG_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG, 60,
+                                          GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_BUFFER, nil, buffer, 0, 0
+        if result.ok?
+          context, actual_mech = API._args_[1], API._args_[8]
+          $stderr.puts "gss_init_sec_context: (#{result}) token.length=#{buffer.length}, #{actual_mech.inspect}"
+          result = API.gss_release_buffer buffer
+          $stderr.puts "gss_release_buffer: (#{result})"
+          result = API.gss_delete_sec_context context, nil
+          $stderr.puts "gss_delete_sec_context: (#{result})"
+        else
+          $stderr.puts "gss_init_sec_context failed : (#{result})"
+        end
+      ensure
+        result = API.gss_release_name target
+        $stderr.puts "gss_release_name: (#{result})"
+      end
+    else
+      $stderr.puts "gss_import_name failed: (#{result})"
+    end
+  ensure
+    result = API.gss_release_cred creds
+    $stderr.puts "gss_release_cred: (#{result})"
+  end
+else
+  $stderr.puts "gss_acquire_cred failed: (#{result})"
+end

data/example/sspi.rb

@@ -0,0 +1,73 @@
+#$DEBUG = 1
+
+require 'socket'
+require 'rubygems'
+gem 'net-ssh'
+$:.unshift File.join(File.dirname(__FILE__), '..', 'lib')
+require 'net/ssh'
+require 'net/ssh/errors'
+require 'net/ssh/kerberos'
+
+unless Net::SSH::Kerberos::Drivers.available.include? 'SSPI'
+  $stderr.puts "No drivers supporting SSPI could be loaded."
+  exit 1
+end
+
+include Net::SSH::Kerberos::Drivers::SSPI
+include Net::SSH::Kerberos::Constants
+
+result = API.querySecurityPackageInfo "Kerberos", nil
+if result.ok?
+  pkg_info = API._args_[1]
+  $stderr.puts "querySecurityPackageInfo: (#{result}) #{pkg_info.comment} (max_token=#{pkg_info.max_token})"
+  @max_token = pkg_info.max_token
+  result = API.freeContextBuffer pkg_info
+  $stderr.puts "freeContextBuffer: (#{result})"
+else
+  $stderr.puts "querySecurityPackageInfo: (#{result})"
+end
+
+result = API.acquireCredentialsHandle nil, "Kerberos", SECPKG_CRED_OUTBOUND, nil, nil, nil, nil,
+                                      creds=API::SecHandle.malloc, ts=API::TimeStamp.malloc
+if result.ok?
+  $stderr.puts "acquireCredentialsHandle: (#{result})"
+  begin
+    result = API.queryCredentialsAttributes creds, SECPKG_ATTR_NAMES, nil
+    if result.ok?
+      names = API._args_[2]
+      $stderr.puts "queryCredentialsAttributes: (#{result}) #{names.to_s}"
+      result = API.freeContextBuffer names
+      $stderr.puts "freeContextBuffer: (#{result})"
+
+      token = API::SecBuffer.malloc
+      token.type = SECBUFFER_TOKEN
+      token.data = "\0" * @max_token
+      token.length = @max_token
+      output = API::SecBufferDesc.malloc
+      output.version = 0
+      output.count = 1
+      output.buffers = token.to_ptr
+      result = API.initializeSecurityContext creds, nil, 'host/'+Socket.gethostbyname('localhost')[0], 
+                                             ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH | ISC_REQ_INTEGRITY, 0, SECURITY_NATIVE_DREP,
+                                             nil, 0, ctx=API::SecHandle.malloc, output, 0, ts=API::TimeStamp.malloc
+      if result.ok?
+        $stderr.puts "initializeSecurityContext: (#{result}) ctx=#{! ctx.nil?} token.length=#{output.buffer(0).length}"
+        result = API.freeContextBuffer token.data
+        $stderr.puts "freeContextBuffer: (#{result})"
+        result = API.deleteSecurityContext ctx
+        $stderr.puts "deleteSecurityContext: (#{result})"
+      else
+        $stderr.puts "initializeSecurityContext: (#{result})"
+      end
+    else
+      $stderr.puts "queryCredentialsAttributes: (#{result})"
+    end
+  ensure
+    result = API.freeCredentialsHandle creds
+    $stderr.puts "freeCredentialsHandle : (#{result})"
+  end
+else
+  $stderr.puts "acquireCredentialsHandle: (#{result})"
+end
+
+

data/lib/net/ssh/kerberos/drivers/gss.rb

@@ -68,22 +68,51 @@ EOCODE
       end
 	    typealias 'gss_buffer_desc', 'GssBuffer'
 	    typealias 'gss_buffer_t', 'gss_buffer_desc *'
-	    GssOID = struct2 [ "OM_uint32 length", "gss_bytes_t elements" ] do
-	      def eql?(oid) !oid.nil? && length==oid.length && to_s==oid.to_s end
+	    class GssOID
+				PACK = (RUBY_PLATFORM =~ /darwin/ ? 'I' : "I@#{DL.sizeof('P')}")+'P'
+				ELEMENTS_OFFSET = DL.sizeof(RUBY_PLATFORM =~ /darwin/ ? 'I' : 'P')
+				STRUCT_SIZE = ELEMENTS_OFFSET + DL.sizeof('P')
+
+				def initialize(ptr)
+					@ptr = ptr
+				end
+
+				def self.create(bytes)
+					v = [bytes.length, bytes]
+					o = new v.pack(PACK).to_ptr
+					o.instance_variable_set :@unpack, v
+					o
+				end
+
+				def length; unpack[0] end
+				def elements; unpack[1] end
+				alias to_s elements
+
+				def eql?(oid) !oid.nil? && length==oid.length && to_s==oid.to_s end
 	      def ==(oid) !oid.nil? && length==oid.length && to_s==oid.to_s end
-        def to_s; elements.to_s(length) if length > 0 end
-	      def inspect; 'OID: ' + (to_s.unpack("H2" * length).join(' ') rescue 'nil') end
+	      def inspect; 'OID: ' + (to_s.unpack("H2" * length).join(' ')) end
+				def ptr; @ptr end
+				alias to_ptr ptr
+
+				def self.size; STRUCT_SIZE end
+
+			private
+
+				def unpack
+					@unpack ||= (begin
+						v = @ptr.to_s(4).unpack('I')[0]
+						[ v, (@ptr + ELEMENTS_OFFSET).ptr.to_s(v) ]
+					end)
+				end
 	    end
-      def GssOID.create(bytes) new [bytes.length, bytes].pack("LP#{bytes.length}").to_ptr end
 	    typealias 'gss_OID', 'P', PTR_ENC, PTR_DEC(GssOID)
 	    typealias 'gss_OID_ref', 'p', PTR_REF_ENC, PTR_REF_DEC(GssOID)
-	    GssOIDSet = struct2 [ "size_t count", "gss_OID elements" ] do
+	    GssOIDSet = struct2 [ "size_t count", "void *elements" ] do
         def oids
-          if @oids.nil? or elements != (@oids.first.to_ptr rescue nil)
-            @oids = []
-            0.upto(count-1) { |n| @oids[n] = GssOID.new(elements + n*GssOID.size) } unless elements.nil?
-          end
-          @oids
+					return @oids unless @oids.nil?
+					@oids, m = [], GssOID.size
+					count.nonzero? and 0.upto(count-1) { |n| @oids[n] = GssOID.new(elements + n * m); @oids[n].ptr.size = m }
+					@oids
         end
 	      def inspect; 'OIDSet: [' + oids.map {|o| o.inspect }.join(', ') + ']' end
       end

data/net-ssh-kerberos.gemspec

@@ -0,0 +1,77 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{net-ssh-kerberos}
+  s.version = "0.2.2"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Joe Khoobyar"]
+  s.date = %q{2009-12-28}
+  s.description = %q{Extends Net::SSH by adding Kerberos authentication capability for password-less logins on multiple platforms.
+}
+  s.email = %q{joe@ankhcraft.com}
+  s.extra_rdoc_files = [
+    "LICENSE",
+     "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+     ".gitignore",
+     "LICENSE",
+     "README.rdoc",
+     "Rakefile",
+     "VERSION.yml",
+     "example/Capfile",
+     "example/gss.rb",
+     "example/sspi.rb",
+     "lib/net/ssh/authentication/methods/gssapi_with_mic.rb",
+     "lib/net/ssh/kerberos.rb",
+     "lib/net/ssh/kerberos/constants.rb",
+     "lib/net/ssh/kerberos/context.rb",
+     "lib/net/ssh/kerberos/drivers.rb",
+     "lib/net/ssh/kerberos/drivers/gss.rb",
+     "lib/net/ssh/kerberos/drivers/sspi.rb",
+     "lib/net/ssh/kerberos/kex.rb",
+     "lib/net/ssh/kerberos/kex/krb5_diffie_hellman_group1_sha1.rb",
+     "lib/net/ssh/kerberos/kex/krb5_diffie_hellman_group_exchange_sha1.rb",
+     "net-ssh-kerberos.gemspec",
+     "test/gss_context_test.rb",
+     "test/gss_test.rb",
+     "test/net_ssh_kerberos_test.rb",
+     "test/sspi_context_test.rb",
+     "test/sspi_test.rb",
+     "test/test_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/joekhoobyar/net-ssh-kerberos}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.required_ruby_version = Gem::Requirement.new("< 1.9")
+  s.rubyforge_project = %q{net-ssh-krb}
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{Add Kerberos support to Net::SSH}
+  s.test_files = [
+    "test/gss_context_test.rb",
+     "test/gss_test.rb",
+     "test/net_ssh_kerberos_test.rb",
+     "test/sspi_context_test.rb",
+     "test/sspi_test.rb",
+     "test/test_helper.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<net-ssh>, [">= 2.0"])
+    else
+      s.add_dependency(%q<net-ssh>, [">= 2.0"])
+    end
+  else
+    s.add_dependency(%q<net-ssh>, [">= 2.0"])
+  end
+end
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: net-ssh-kerberos
 version: !ruby/object:Gem::Version 
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors: 
 - Joe Khoobyar
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-10-19 00:00:00 -04:00
+date: 2009-12-28 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -34,10 +34,15 @@ extra_rdoc_files:
 - LICENSE
 - README.rdoc
 files: 
+- .document
+- .gitignore
 - LICENSE
 - README.rdoc
 - Rakefile
 - VERSION.yml
+- example/Capfile
+- example/gss.rb
+- example/sspi.rb
 - lib/net/ssh/authentication/methods/gssapi_with_mic.rb
 - lib/net/ssh/kerberos.rb
 - lib/net/ssh/kerberos/constants.rb
@@ -48,6 +53,7 @@ files:
 - lib/net/ssh/kerberos/kex.rb
 - lib/net/ssh/kerberos/kex/krb5_diffie_hellman_group1_sha1.rb
 - lib/net/ssh/kerberos/kex/krb5_diffie_hellman_group_exchange_sha1.rb
+- net-ssh-kerberos.gemspec
 - test/gss_context_test.rb
 - test/gss_test.rb
 - test/net_ssh_kerberos_test.rb
@@ -78,7 +84,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: net-ssh-krb
-rubygems_version: 1.3.4
+rubygems_version: 1.3.5
 signing_key: 
 specification_version: 3
 summary: Add Kerberos support to Net::SSH