rubysspi-server 0.0.1

data/LICENSE.txt

@@ -0,0 +1,18 @@
+Copyright (c) 2009 Alexey Borzenkov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.txt

@@ -0,0 +1,25 @@
+= Server bindings to Win32 SSPI
+
+The rubysspi gem provides a ruby interface to the SSPI functions in Windows
+but it is mostly concerned with the client side of SSPI, to get through corporate
+firewalls with NTLM.
+
+This gem extends it to also support server side SSPI
+
+= Using rubysspi-server
+
+Instantiate NegotiateServer instance:
+
+  sspi = Win32::SSPI::NegotiateServer.new # optionally specifying "Negotiate" package (defaults to "NTLM")
+  sspi.acquire_credentials_handle
+
+When you receive Type1 message, accept it:
+
+  t2 = sspi.accept_security_context(t1) # t2 is already Base64 encoded
+
+When you receive Type3 message, accept it:
+
+  t2 = sspi.accept_security_context(t3)
+  username = sspi.get_username_from_context
+
+Now connection is authenticated with NTLM/Negotiate.

data/Rakefile

@@ -0,0 +1,13 @@
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "rubysspi-server"
+    gemspec.summary = "A library which implements Ruby server bindings to the Win32 SSPI library."
+    gemspec.author = "Alexey Borzenkov"
+    gemspec.email = "snaury@gmail.com"
+
+    gemspec.add_dependency('rubysspi', '>= 1.3.1')
+  end
+rescue LoadError
+  puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
+end

data/VERSION.yml

@@ -0,0 +1,4 @@
+---
+:major: 0
+:minor: 0
+:patch: 1

data/lib/win32/sspi/server.rb

@@ -0,0 +1,117 @@
+# Copyright (c) 2009 Alexey Borzenkov
+#
+# The rubysspi gem provides a ruby interface to the SSPI functions in Windows
+# but it is mostly concerned with the client side of SSPI, to get through corporate
+# firewalls with NTLM.
+#
+# This gem extends it to also support server side SSPI
+#
+# Originally part of mongrel-ntlm (c) 2008 Seggy Umboh
+
+require 'win32/sspi'
+
+module Win32
+  module SSPI
+    SECPKG_ATTR_NAMES = 0x00000001
+    ASC_REQ_DELEGATE = 0x00000001
+
+    module API
+      AcceptSecurityContext = Win32API.new('secur32', 'AcceptSecurityContext', 'pppLLpppp', 'L')
+      FreeContextBuffer = Win32API.new('secur32', 'FreeContextBuffer', 'P', 'L')
+      QueryContextAttributes = Win32API.new('secur32', 'QueryContextAttributes', 'pLp', 'L')
+      Strncpy = Win32API.new('msvcrt', 'strncpy', 'PLL', 'L')
+    end
+
+    class SecPkgCredentials_Names
+      BUF_SZ = 512
+
+      def initialize
+        @buffer = "\0" * BUF_SZ
+      end
+
+      def to_s
+        API::Strncpy.call(@buffer, @struct.unpack('L')[0], BUF_SZ-1) if @buffer.rstrip.empty?
+        @buffer.rstrip
+      end
+
+      def to_p
+        @struct ||= [@buffer].pack('p')
+      end
+
+      def cleanup
+        API::FreeContextBuffer.call(self.to_p)
+      end
+    end
+
+    class NegotiateServer
+      WORD_SZ = [0].pack('L').size
+      attr_accessor :package
+
+      def initialize(package = "NTLM")
+        @package = package
+      end
+
+      def acquire_credentials_handle
+        @credentials = CredHandle.new
+
+        result = SSPIResult.new(API::AcquireCredentialsHandle.call(
+          nil,
+          @package,
+          SECPKG_CRED_INBOUND,
+          nil,
+          nil,
+          nil,
+          nil,
+          @credentials.to_p,
+          TimeStamp.new.to_p
+        ))
+        raise "AcquireCredentialsHandle Error: #{result}" unless result.ok?
+      end
+
+      def accept_security_context(token)
+        incoming = SecurityBuffer.new(token)
+        outgoing = SecurityBuffer.new
+
+        current_context = @context.nil? ? nil : @context.to_p
+        @context ||= CtxtHandle.new
+        @contextAttributes = "\0" * WORD_SZ
+
+        result = SSPIResult.new(API::AcceptSecurityContext.call(
+          @credentials.to_p,
+          current_context,
+          incoming.to_p,
+          ASC_REQ_DELEGATE,
+          SECURITY_NETWORK_DREP,
+          @context.to_p,
+          outgoing.to_p,
+          @contextAttributes,
+          TimeStamp.new.to_p
+        ))
+        raise "AcceptSecurityContext Error: #{result}" unless result.ok?
+
+        Base64.encode64(outgoing.token).delete("\n")
+      end
+
+      def get_username_from_context
+        return @username unless @username.nil?
+        return nil if @context.nil?
+
+        names = SecPkgCredentials_Names.new
+        result = SSPIResult.new(API::QueryContextAttributes.call(
+          @context.to_p,
+          SECPKG_ATTR_NAMES,
+          names.to_p
+        ))
+        @username = names.to_s if result.ok?
+      ensure
+        names.cleanup
+      end
+
+      def cleanup
+        API::FreeCredentialsHandle.call(@credentials.to_p) unless @credentials.nil?
+        API::DeleteSecurityContext.call(@context.to_p) unless @context.nil?
+        @credentials = @context = @contextAttributes = nil
+      end
+    end
+  end
+end

data/rubysspi-server.gemspec

@@ -0,0 +1,41 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{rubysspi-server}
+  s.version = "0.0.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Alexey Borzenkov"]
+  s.date = %q{2009-05-20}
+  s.email = %q{snaury@gmail.com}
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+     "README.txt"
+  ]
+  s.files = [
+    "LICENSE.txt",
+     "README.txt",
+     "Rakefile",
+     "VERSION.yml",
+     "lib/win32/sspi/server.rb",
+     "rubysspi-server.gemspec"
+  ]
+  s.has_rdoc = true
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.1}
+  s.summary = %q{A library which implements Ruby server bindings to the Win32 SSPI library.}
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 2
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<rubysspi>, [">= 1.3.1"])
+    else
+      s.add_dependency(%q<rubysspi>, [">= 1.3.1"])
+    end
+  else
+    s.add_dependency(%q<rubysspi>, [">= 1.3.1"])
+  end
+end

metadata

@@ -0,0 +1,70 @@
+--- !ruby/object:Gem::Specification 
+name: rubysspi-server
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Alexey Borzenkov
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-05-20 00:00:00 +04:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rubysspi
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 1.3.1
+    version: 
+description: 
+email: snaury@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE.txt
+- README.txt
+files: 
+- LICENSE.txt
+- README.txt
+- Rakefile
+- VERSION.yml
+- lib/win32/sspi/server.rb
+- rubysspi-server.gemspec
+has_rdoc: true
+homepage: 
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 2
+summary: A library which implements Ruby server bindings to the Win32 SSPI library.
+test_files: []
+