rack-auth-kerberos 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
data/CHANGES ADDED
@@ -0,0 +1,2 @@
1
+ = 0.1.0 - ???
2
+ * Initial release
data/MANIFEST ADDED
@@ -0,0 +1,7 @@
1
+ CHANGES
2
+ MANIFEST
3
+ README
4
+ Rakefile
5
+ rack-kerberos.gemspec
6
+ lib/rack/auth/kerberos.rb
7
+ test/test_rack_kerberos.rb
data/README ADDED
@@ -0,0 +1,31 @@
1
+ = Description
2
+ The rack-kerberos library is a Rack library that uses Kerberos to authenicate
3
+ users against your Kerberos server.
4
+
5
+ = Prerequisites
6
+ rack 1.0.0 or later
7
+ krb5-auth 0.7 or later
8
+
9
+ = Usage
10
+ use "Rack::Auth::Kerberos", "user_field", "password_field", "YOUR.REALM_NAME"
11
+
12
+ = Default Fields
13
+ The default user field is "username".
14
+ The default password field is "password".
15
+ The default realm is whatever you've got set in your krb5.conf file.
16
+
17
+ = Details
18
+ This rack library only handles requests that contain a username and password
19
+ parameter. If both are not present, the request is forwarded normally.
20
+
21
+ If a username and password are detected, then they're authenicated against
22
+ your Kerberos server. If valid, then env['AUTH_USER'] is set to the username
23
+ and env['AUTH_FAIL'] is deleted. If invalid, then env['AUTH_USER'] is deleted
24
+ and env['AUTH_FAIL'] is set to an error message explaining what went wrong.
25
+
26
+ Note that if env['AUTH_USER'] or env['AUTH_FAIL'] are already set, then the
27
+ request is forwarded normally.
28
+
29
+ = Authors
30
+ Daniel Berger
31
+ Charlie O'Keefe
data/Rakefile ADDED
@@ -0,0 +1,54 @@
1
+ require 'rake'
2
+ require 'rake/testtask'
3
+ require 'rbconfig'
4
+
5
+ desc 'Install the rack-auth-kerberos library (non-gem)'
6
+ task :install do
7
+ dir = File.join(CONFIG['sitelibdir'], 'rack', 'auth')
8
+ FileUtils.mkdir_p(dir) unless File.exists?(dir)
9
+ file = 'lib/rack/auth/kerberos.rb'
10
+ FileUtils.cp_r(file, dir, :verbose => true)
11
+ end
12
+
13
+ desc 'Build the gem'
14
+ task :gem do
15
+ spec = eval(IO.read('rack-auth-kerberos.gemspec'))
16
+ Gem::Builder.new(spec).build
17
+ end
18
+
19
+ desc 'Install the rack-auth-kerberos library as a gem'
20
+ task :install_gem => [:gem] do
21
+ file = Dir["*.gem"].first
22
+ sh "gem install #{file}"
23
+ end
24
+
25
+ desc 'Export the git archive to a .zip, .gz and .bz2 file in your home directory'
26
+ task :export, :output_file do |t, args|
27
+ file = args[:output_file]
28
+
29
+ sh "git archive --prefix #{file}/ --output #{ENV['HOME']}/#{file}.tar master"
30
+
31
+ Dir.chdir(ENV['HOME']) do
32
+ sh "gzip -f #{ENV['HOME']}/#{file}.tar"
33
+ end
34
+
35
+ sh "git archive --prefix #{file}/ --output #{ENV['HOME']}/#{file}.tar master"
36
+
37
+ Dir.chdir(ENV['HOME']) do
38
+ sh "bzip2 -f #{ENV['HOME']}/#{file}.tar"
39
+ end
40
+
41
+ sh "git archive --prefix #{file}/ --output #{ENV['HOME']}/#{file}.zip --format zip master"
42
+
43
+ Dir.chdir(ENV['HOME']) do
44
+ sh "unzip #{file}.zip"
45
+ Dir.chdir(file) do
46
+ sh "rake gem"
47
+ end
48
+ end
49
+ end
50
+
51
+ Rake::TestTask.new do |t|
52
+ t.verbose = true
53
+ t.warning = true
54
+ end
@@ -0,0 +1,94 @@
1
+ require 'krb5_auth'
2
+
3
+ module Rack
4
+ module Auth
5
+ class Kerberos
6
+ # The version of the rack-auth-kerberos library.
7
+ VERSION = '0.1.0'
8
+
9
+ # Creates a new Rack::Kerberos object. The +user_field+ and +password_field+
10
+ # are the params looked for in the call method. The defaults are 'username'
11
+ # and 'password', respectively.
12
+ #
13
+ # If the optional +realm+ parameter is supplied it will override the
14
+ # default realm specified in your krb5.conf file.
15
+ #
16
+ # The realm is automatically appended to the username if not already
17
+ # present. This makes it easier for application developers, i.e. they can
18
+ # supply a username with or without a realm and it will Just Work (TM).
19
+ #
20
+ def initialize(app, user_field = 'username', password_field = 'password', realm = nil)
21
+ @app = app
22
+ @user_field = user_field
23
+ @password_field = password_field
24
+ @kerberos = Krb5Auth::Krb5.new
25
+
26
+ if realm
27
+ @realm = realm
28
+ else
29
+ @realm = @kerberos.get_default_realm
30
+ end
31
+ end
32
+
33
+ # The call method we've defined first checks to see if the AUTH_USER
34
+ # environment variable is set. If it is, we assume that the user has
35
+ # already been authenticated and move on.
36
+ #
37
+ # If AUTH_USER is not set, and AUTH_FAIL is not set, we then attempt
38
+ # to authenticate the user against the Kerberos server. If successful
39
+ # then AUTH_USER is set to the username.
40
+ #
41
+ # If unsuccessful then AUTH_USER is set to nil and AUTH_FAIL is
42
+ # set to an appropriate error message.
43
+ #
44
+ # It is then up to the application to check for the presence of AUTH_USER
45
+ # and/or AUTH_FAIL and act as necessary.
46
+ #
47
+ def call(env)
48
+ request = Rack::Request.new(env)
49
+
50
+ user = request.params[@user_field]
51
+ password = request.params[@password_field]
52
+
53
+ # Only authenticate user if both the username and password fields are present
54
+ unless user && password
55
+ return @app.call(env)
56
+ end
57
+
58
+ # Automatically append the realm if not already present
59
+ user_with_realm = user.dup
60
+ user_with_realm += "@#{@realm}" unless user.include?('@')
61
+
62
+ # Do not authenticate if either one of these is set
63
+ if env['AUTH_USER'] || env['AUTH_FAIL']
64
+ return @app.call(env)
65
+ end
66
+
67
+ begin
68
+ @kerberos.get_init_creds_password(user_with_realm, password)
69
+ env['AUTH_USER'] = user
70
+ env.delete('AUTH_FAIL')
71
+ rescue Krb5Auth::Krb5::Exception => err
72
+ case err.message
73
+ when /client not found/i
74
+ msg = "Invalid userid '#{user}'"
75
+ when /integrity check failed/i
76
+ msg = "Invalid password for '#{user}'"
77
+ else
78
+ msg = "Error attempting to validate userid and password"
79
+ end
80
+
81
+ env.delete('AUTH_USER')
82
+ env['AUTH_FAIL'] = msg
83
+ rescue => err
84
+ env.delete('AUTH_USER')
85
+ env['AUTH_FAIL'] = "Unexpected failure during Kerberos authentication"
86
+ ensure
87
+ @kerberos.close
88
+ end
89
+
90
+ @app.call(env)
91
+ end
92
+ end
93
+ end
94
+ end
@@ -0,0 +1,22 @@
1
+ require 'rubygems'
2
+
3
+ Gem::Specification.new do |gem|
4
+ gem.name = 'rack-auth-kerberos'
5
+ gem.version = '0.1.0'
6
+ gem.authors = ["Daniel Berger", "Charlie O'Keefe"]
7
+ gem.email = 'dberger@globe.gov'
8
+ gem.homepage = 'http://www.github.com/rack-kerberos'
9
+ gem.summary = 'A Rack library that authenticates people using Kerberos'
10
+ gem.test_file = 'test/test_rack_auth_kerberos.rb'
11
+ gem.files = Dir['**/*'].delete_if{ |item| item.include?('git') }
12
+
13
+ gem.extra_rdoc_files = ['CHANGES', 'README', 'MANIFEST']
14
+
15
+ gem.add_dependency('rack', '>= 1.0.0')
16
+ gem.add_dependency('krb5-auth', '>= 0.7')
17
+
18
+ gem.description = <<-EOF
19
+ The rack-kerberos library provides a Rack middleware interface for
20
+ authenticating users against a Kerberos server.
21
+ EOF
22
+ end
@@ -0,0 +1,22 @@
1
+ require 'test/unit'
2
+ require 'rack/auth/kerberos'
3
+
4
+ class TC_Rack_Auth_Kerberos < Test::Unit::TestCase
5
+ def setup
6
+ @app = 1 # Placeholder
7
+ @env = 1 # Placeholder
8
+ @rack = Rack::Auth::Kerberos.new(@app)
9
+ end
10
+
11
+ def test_constructor_basic
12
+ assert_nothing_raised{ Rack::Auth::Kerberos.new(@app) }
13
+ end
14
+
15
+ def test_version
16
+ assert_equal('0.1.0', Rack::Auth::Kerberos::VERSION)
17
+ end
18
+
19
+ def teardown
20
+ @rack = nil
21
+ end
22
+ end
metadata ADDED
@@ -0,0 +1,83 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: rack-auth-kerberos
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Daniel Berger
8
+ - Charlie O'Keefe
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+
13
+ date: 2009-12-11 00:00:00 -07:00
14
+ default_executable:
15
+ dependencies:
16
+ - !ruby/object:Gem::Dependency
17
+ name: rack
18
+ type: :runtime
19
+ version_requirement:
20
+ version_requirements: !ruby/object:Gem::Requirement
21
+ requirements:
22
+ - - ">="
23
+ - !ruby/object:Gem::Version
24
+ version: 1.0.0
25
+ version:
26
+ - !ruby/object:Gem::Dependency
27
+ name: krb5-auth
28
+ type: :runtime
29
+ version_requirement:
30
+ version_requirements: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - ">="
33
+ - !ruby/object:Gem::Version
34
+ version: "0.7"
35
+ version:
36
+ description: " The rack-kerberos library provides a Rack middleware interface for\n authenticating users against a Kerberos server.\n"
37
+ email: dberger@globe.gov
38
+ executables: []
39
+
40
+ extensions: []
41
+
42
+ extra_rdoc_files:
43
+ - CHANGES
44
+ - README
45
+ - MANIFEST
46
+ files:
47
+ - MANIFEST
48
+ - test/test_rack_auth_kerberos.rb
49
+ - Rakefile
50
+ - CHANGES
51
+ - README
52
+ - lib/rack/auth/kerberos.rb
53
+ - rack-auth-kerberos.gemspec
54
+ has_rdoc: true
55
+ homepage: http://www.github.com/rack-kerberos
56
+ licenses: []
57
+
58
+ post_install_message:
59
+ rdoc_options: []
60
+
61
+ require_paths:
62
+ - lib
63
+ required_ruby_version: !ruby/object:Gem::Requirement
64
+ requirements:
65
+ - - ">="
66
+ - !ruby/object:Gem::Version
67
+ version: "0"
68
+ version:
69
+ required_rubygems_version: !ruby/object:Gem::Requirement
70
+ requirements:
71
+ - - ">="
72
+ - !ruby/object:Gem::Version
73
+ version: "0"
74
+ version:
75
+ requirements: []
76
+
77
+ rubyforge_project:
78
+ rubygems_version: 1.3.5
79
+ signing_key:
80
+ specification_version: 3
81
+ summary: A Rack library that authenticates people using Kerberos
82
+ test_files:
83
+ - test/test_rack_auth_kerberos.rb