winrm 2.1.1 → 2.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 640699847b134916407b0e18c09c14cc323f0951
-  data.tar.gz: 0129263b31ef9e042dbb7e404e71b56ebcad7f34
+  metadata.gz: 9f7008164689e6ff66359218a1c3d35aa83690f0
+  data.tar.gz: 61301e63b59b0080c7e97c1a24cd9fe8feff58a2
 SHA512:
-  metadata.gz: 71b28f0853aca2274064f14e867f1638a83927ea649df320701c171c58425c1149cc6b0ca36fe11dd34c9df5756117ba92ada06fe4716b5e0f7d9fac8f6ce38e
-  data.tar.gz: e22fa02527fa907bc668fbdead7d0a40f6ad6eeeb1d965064e6266270a173a52a1bd16a8ab9d7e664689f17bbe33c43f5abeee1ab0a4f611a731c59436b10f39
+  metadata.gz: 3947c9f5095f99380485cc7df15d9cc999ca57216882d56c8e32e8b0ae744e8fd2b2bbd4a03db012cbcf2dc66de041259d0fbdfdcbc5e4c2e9b3a60c912e8a7d
+  data.tar.gz: a451b042529eec914cb0cfcb72d4c59b76453e49fb371b3f35ae8b0abf362d2a9b307807fc8cce582adcafd3e32dfe29b7aa7485afcf713db59db37ef8506a4b

data/changelog.md

@@ -1,5 +1,8 @@
 # WinRM Gem Changelog
 
+# 2.1.2
+- Fix kerberos transport
+
 # 2.1.1
 - Fix rendering of powershell output with non ascii UTF-8 characters emitted from executables
 

data/lib/winrm/http/transport.rb

@@ -269,6 +269,7 @@ module WinRM
         no_sspi_auth!
         service ||= 'HTTP'
         @service = "#{service}/#{@endpoint.host}@#{realm}"
+        no_ssl_peer_verification! if opts[:no_ssl_peer_verification]
         init_krb
       end
 
@@ -336,89 +337,91 @@ module WinRM
         @gsscli.init_context(itok)
       end
 
+      # rubocop:disable Metrics/MethodLength
+      # rubocop:disable Metrics/AbcSize
+
       # @return [String] the encrypted request string
       def winrm_encrypt(str)
         @logger.debug "Encrypting SOAP message:\n#{str}"
-        iov = iov_pointer
+        iov_cnt = 3
+        iov = FFI::MemoryPointer.new(GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * iov_cnt)
 
-        iov0 = create_iov(iov.address, 0, :header)[:buffer]
-        iov1 = create_iov(iov.address, 1, :data, str)[:buffer]
-        iov2 = create_iov(iov.address, 2, :padding)[:buffer]
+        iov0 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address))
+        iov0[:type] = (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_HEADER | \
+          GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_FLAG_ALLOCATE)
 
-        gss_wrap(iov)
+        iov1 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(
+          FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 1)))
+        iov1[:type] = GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_DATA
+        iov1[:buffer].value = str
+
+        iov2 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(
+          FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 2)))
+        iov2[:type] = (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_PADDING | \
+          GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_FLAG_ALLOCATE)
 
-        token = [iov0.length].pack('L')
-        token += iov0.value
-        token += iov1.value
-        pad_len = iov2.length
-        token += iov2.value if pad_len > 0
+        conf_state = FFI::MemoryPointer.new :uint32
+        min_stat = FFI::MemoryPointer.new :uint32
+
+        GSSAPI::LibGSSAPI.gss_wrap_iov(
+          min_stat,
+          @gsscli.context,
+          1,
+          GSSAPI::LibGSSAPI::GSS_C_QOP_DEFAULT,
+          conf_state,
+          iov,
+          iov_cnt)
+
+        token = [iov0[:buffer].length].pack('L')
+        token += iov0[:buffer].value
+        token += iov1[:buffer].value
+        pad_len = iov2[:buffer].length
+        token += iov2[:buffer].value if pad_len > 0
         [pad_len, token]
       end
 
       # @return [String] the unencrypted response string
       def winrm_decrypt(str)
         @logger.debug "Decrypting SOAP message:\n#{str}"
+        iov_cnt = 3
+        iov = FFI::MemoryPointer.new(GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * iov_cnt)
 
-        str.force_encoding('BINARY')
-        str.sub!(%r{^.*Content-Type: application\/octet-stream\r\n(.*)--Encrypted.*$}m, '\1')
-        iov_data = str.unpack("LA#{str.unpack('L').first}A*")
-
-        iov = iov_pointer
-
-        create_iov(iov.address, 0, :header, iov_data[1])
-        ret = create_iov(iov.address, 1, :data, iov_data[2])[:buffer].value
-        create_iov(iov.address, 2, :data)
+        iov0 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(FFI::Pointer.new(iov.address))
+        iov0[:type] = (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_HEADER | \
+          GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_FLAG_ALLOCATE)
 
-        maj_stat = gss_unwrap(iov)
+        iov1 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(
+          FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 1)))
+        iov1[:type] = GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_DATA
 
-        @logger.debug "SOAP message decrypted (MAJ: #{maj_stat}, " \
-          "MIN: #{min_stat.read_int}):\n#{ret}"
+        iov2 = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(
+          FFI::Pointer.new(iov.address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 2)))
+        iov2[:type] = GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_DATA
 
-        ret
-      end
+        str.force_encoding('BINARY')
+        str.sub!(%r{^.*Content-Type: application\/octet-stream\r\n(.*)--Encrypted.*$}m, '\1')
 
-      def iov_pointer
-        FFI::MemoryPointer.new(GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * 3)
-      end
+        len = str.unpack('L').first
+        iov_data = str.unpack("LA#{len}A*")
+        iov0[:buffer].value = iov_data[1]
+        iov1[:buffer].value = iov_data[2]
 
-      def gss_unwrap(iov)
         min_stat = FFI::MemoryPointer.new :uint32
         conf_state = FFI::MemoryPointer.new :uint32
         conf_state.write_int(1)
         qop_state = FFI::MemoryPointer.new :uint32
         qop_state.write_int(0)
 
-        GSSAPI::LibGSSAPI.gss_unwrap_iov(
-          min_stat, @gsscli.context, conf_state, qop_state, iov, 3)
-      end
+        maj_stat = GSSAPI::LibGSSAPI.gss_unwrap_iov(
+          min_stat, @gsscli.context, conf_state, qop_state, iov, iov_cnt)
 
-      def gss_wrap(iov)
-        GSSAPI::LibGSSAPI.gss_wrap_iov(
-          FFI::MemoryPointer.new(:uint32),
-          @gsscli.context,
-          1,
-          GSSAPI::LibGSSAPI::GSS_C_QOP_DEFAULT,
-          FFI::MemoryPointer.new(:uint32),
-          iov,
-          3)
-      end
+        @logger.debug "SOAP message decrypted (MAJ: #{maj_stat}, " \
+          "MIN: #{min_stat.read_int}):\n#{iov1[:buffer].value}"
 
-      def create_iov(address, offset, type, buffer = nil)
-        iov = GSSAPI::LibGSSAPI::GssIOVBufferDesc.new(
-          FFI::Pointer.new(address + (GSSAPI::LibGSSAPI::GssIOVBufferDesc.size * offset)))
-        case type
-        when :data
-          iov[:type] = GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_DATA
-        when :header
-          iov[:type] = (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_HEADER | \
-          GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_FLAG_ALLOCATE)
-        when :padding
-          iov[:type] = (GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_TYPE_PADDING | \
-            GSSAPI::LibGSSAPI::GSS_IOV_BUFFER_FLAG_ALLOCATE)
-        end
-        iov[:buffer].value = buffer if buffer
-        iov
+        iov1[:buffer].value
       end
+      # rubocop:enable Metrics/MethodLength
+      # rubocop:enable Metrics/AbcSize
     end
   end
 end # WinRM

data/lib/winrm/version.rb

@@ -3,5 +3,5 @@
 # WinRM module
 module WinRM
   # The version of the WinRM library
-  VERSION = '2.1.1'.freeze
+  VERSION = '2.1.2'.freeze
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: winrm
 version: !ruby/object:Gem::Version
-  version: 2.1.1
+  version: 2.1.2
 platform: ruby
 authors:
 - Dan Wanek
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-12-19 00:00:00.000000000 Z
+date: 2017-01-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gssapi