Hello community, here is the log from the commit of package rubygem-gssapi for openSUSE:Factory checked in at 2019-06-19 20:59:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-gssapi (Old) and /work/SRC/openSUSE:Factory/.rubygem-gssapi.new.4811 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-gssapi" Wed Jun 19 20:59:58 2019 rev:2 rq:705992 version:1.3.0 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-gssapi/rubygem-gssapi.changes 2017-06-16 10:54:26.790344335 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-gssapi.new.4811/rubygem-gssapi.changes 2019-06-19 21:00:00.110067158 +0200 @@ -1,0 +2,16 @@ +Sun May 5 09:29:15 UTC 2019 - Stephan Kulow <[email protected]> + +- updated to version 1.3.0 + see installed Changelog.md + + + ## Version 1.3.0 + + Sorry everyone that this has taken so long to go out. I don't really work much + with GSSAPI so it hasn't been a priority for me. + + * Implemented delegation and added verify_mic. Thanks @mfazekas + * Add loading of MIT GSS libs for solaris/smartos. Thanks @fac + * Fix corruption in iov_decrypt example. Thanks @Iristyle + +------------------------------------------------------------------- Old: ---- gssapi-1.2.0.gem New: ---- gssapi-1.3.0.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-gssapi.spec ++++++ --- /var/tmp/diff_new_pack.dgISmI/_old 2019-06-19 21:00:00.598067595 +0200 +++ /var/tmp/diff_new_pack.dgISmI/_new 2019-06-19 21:00:00.598067595 +0200 @@ -1,7 +1,7 @@ # # spec file for package rubygem-gssapi # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,19 +12,27 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +# +# This file was generated with a gem2rpm.yml and not just plain gem2rpm. +# All sections marked as MANUAL, license headers, summaries and descriptions +# can be maintained in that file. Please consult this file before editing any +# of those fields # Name: rubygem-gssapi -Version: 1.2.0 +Version: 1.3.0 Release: 0 %define mod_name gssapi %define mod_full_name %{mod_name}-%{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: ruby-macros >= 5 BuildRequires: %{ruby >= 1.8.7} BuildRequires: %{rubygem gem2rpm} BuildRequires: %{rubygem rdoc > 3.10} +BuildRequires: ruby-macros >= 5 Url: http://github.com/zenchild/gssapi Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1: gem2rpm.yml ++++++ gssapi-1.2.0.gem -> gssapi-1.3.0.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2019-04-30 20:23:26.000000000 +0200 @@ -0,0 +1,11 @@ +Gemfile.lock + +# RVM setup +/.ruby-version +/.ruby-gemset + +# Vim swap files +*.sw[op] + +# VS Code Dir +/.vscode diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Changelog.md new/Changelog.md --- old/Changelog.md 2014-09-21 06:22:14.000000000 +0200 +++ new/Changelog.md 2019-04-30 20:23:26.000000000 +0200 @@ -12,3 +12,12 @@ ## Version 1.2.0 * Move IOV and AEAD to gssapi/extensions.rb so it can be loaded separately when needed + +## Version 1.3.0 + +Sorry everyone that this has taken so long to go out. I don't really work much +with GSSAPI so it hasn't been a priority for me. + + * Implemented delegation and added verify_mic. Thanks @mfazekas + * Add loading of MIT GSS libs for solaris/smartos. Thanks @fac + * Fix corruption in iov_decrypt example. Thanks @Iristyle diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/VERSION new/VERSION --- old/VERSION 2014-09-21 06:22:14.000000000 +0200 +++ new/VERSION 2019-04-30 20:23:26.000000000 +0200 @@ -1 +1 @@ -1.2.0 +1.3.0 Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/examples/gss_iov_helpers.rb new/examples/gss_iov_helpers.rb --- old/examples/gss_iov_helpers.rb 2014-09-21 06:22:14.000000000 +0200 +++ new/examples/gss_iov_helpers.rb 2019-04-30 20:23:26.000000000 +0200 @@ -47,7 +47,7 @@ len = str.unpack("L").first puts "LEN: #{len}" - iov_data = str.unpack("LA#{len}A*") + iov_data = str.unpack("La#{len}a*") iov0[:buffer].value = iov_data[1] iov1[:buffer].value = iov_data[2] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/gssapi/lib_gssapi.rb new/lib/gssapi/lib_gssapi.rb --- old/lib/gssapi/lib_gssapi.rb 2014-09-21 06:22:14.000000000 +0200 +++ new/lib/gssapi/lib_gssapi.rb 2019-04-30 20:23:26.000000000 +0200 @@ -281,6 +281,9 @@ # OM_uint32 gss_get_mic(OM_uint32 * minor_status, const gss_ctx_id_t context_handle, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer) attach_function :gss_get_mic, [:pointer, :pointer, :OM_uint32, :pointer, :pointer], :OM_uint32 + # OM_uint32 gss_verify_mic (OM_uint32 *minor_status,const gss_ctx_id_t context_handle, const gss_buffer_t message_buffer,const gss_buffer_t token_buffer, gss_qop_t qop_state) + attach_function :gss_verify_mic, [:pointer, :pointer, :pointer, :pointer, :OM_uint32], :OM_uint32 + # OM_uint32 gss_delete_sec_context(OM_uint32 * minor_status, gss_ctx_id_t * context_handle, gss_buffer_t output_token); attach_function :gss_delete_sec_context, [:pointer, :pointer, :pointer], :OM_uint32 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/gssapi/lib_gssapi_loader.rb new/lib/gssapi/lib_gssapi_loader.rb --- old/lib/gssapi/lib_gssapi_loader.rb 2014-09-21 06:22:14.000000000 +0200 +++ new/lib/gssapi/lib_gssapi_loader.rb 2019-04-30 20:23:26.000000000 +0200 @@ -30,6 +30,8 @@ gssapi32_path = ENV['gssapi32'] ? ENV['gssapi32'] : 'C:\Program Files (x86)\MIT\Kerberos\bin\gssapi32.dll' ffi_lib gssapi32_path, FFI::Library::LIBC # Required the MIT Kerberos libraries to be installed ffi_convention :stdcall + when /solaris/ + ffi_lib 'libgss.so', 'mech_krb5.so', FFI::Library::LIBC else raise LoadError, "This host OS (#{host_os}) is not supported by ruby gssapi and the MIT libraries." end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/gssapi/simple.rb new/lib/gssapi/simple.rb --- old/lib/gssapi/simple.rb 2014-09-21 06:22:14.000000000 +0200 +++ new/lib/gssapi/simple.rb 2019-04-30 20:23:26.000000000 +0200 @@ -59,6 +59,7 @@ # @option opts [Fixnum] :flags override all other flags. If you set the :delegate option this option will override it. # @see http://tools.ietf.org/html/rfc4121#section-4.1.1.1 # @option opts [Boolean] :delegate if true set the credential delegate flag + # [Credentials] :credentials set to open the context in behalf of someone (delegated_credentials) # @return [String, true] if a continuation flag is set it will return the output token that is needed to send # to the remote host. Otherwise it returns true and the GSS security context has been established. def init_context(in_token = nil, opts = {}) @@ -79,7 +80,7 @@ maj_stat = LibGSSAPI.gss_init_sec_context(min_stat, - nil, + opts[:credentials], pctx, @int_svc_name, mech, @@ -162,6 +163,16 @@ out_buff.value end + def verify_mic(token,mic) + min_stat = FFI::MemoryPointer.new :OM_uint32 + in_buff = GSSAPI::LibGSSAPI::UnManagedGssBufferDesc.new + in_buff.value = token + mic_buff = GSSAPI::LibGSSAPI::UnManagedGssBufferDesc.new + mic_buff.value = mic + maj_stat = GSSAPI::LibGSSAPI.gss_verify_mic(min_stat, @context, in_buff.pointer, mic_buff.pointer, 0) + raise GssApiError.new(maj_stat, min_stat), "Failed to gss_verify_mic" if maj_stat != 0 + return (maj_stat == 0) + end # Get textual representation of internal GSS name # @return [String] textual representation of internal GSS name diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2014-09-21 06:22:14.000000000 +0200 +++ new/metadata 2019-04-30 20:23:26.000000000 +0200 @@ -1,27 +1,27 @@ --- !ruby/object:Gem::Specification name: gssapi version: !ruby/object:Gem::Version - version: 1.2.0 + version: 1.3.0 platform: ruby authors: - Dan Wanek autorequire: bindir: bin cert_chain: [] -date: 2014-09-20 00:00:00.000000000 Z +date: 2019-04-30 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: ffi requirement: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - ">=" - !ruby/object:Gem::Version version: 1.0.1 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - ">=" - !ruby/object:Gem::Version version: 1.0.1 description: |2 @@ -38,6 +38,7 @@ - COPYING - Changelog.md files: +- ".gitignore" - COPYING - Changelog.md - Gemfile @@ -66,25 +67,25 @@ metadata: {} post_install_message: rdoc_options: -- -x +- "-x" - test/ -- -x +- "-x" - examples/ require_paths: - lib required_ruby_version: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - ">=" - !ruby/object:Gem::Version version: 1.8.7 required_rubygems_version: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - ">=" - !ruby/object:Gem::Version version: '0' requirements: [] rubyforge_project: -rubygems_version: 2.2.2 +rubygems_version: 2.7.9 signing_key: specification_version: 4 summary: A FFI wrapper around the system GSSAPI library. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/spec/gssapi_simple_spec.rb new/test/spec/gssapi_simple_spec.rb --- old/test/spec/gssapi_simple_spec.rb 2014-09-21 06:22:14.000000000 +0200 +++ new/test/spec/gssapi_simple_spec.rb 2019-04-30 20:23:26.000000000 +0200 @@ -6,19 +6,65 @@ describe GSSAPI::Simple, 'Test the Simple GSSAPI interface' do - before :all do - @conf = YAML.load_file "#{File.dirname(__FILE__)}/conf_file.yaml" - end + let(:conf) { YAML.load_file "#{File.dirname(__FILE__)}/conf_file.yaml" } + let(:cli) { GSSAPI::Simple.new(conf['s_host'], conf['s_service']) } + let(:srv ) { GSSAPI::Simple.new(conf['s_host'], conf['s_service'], conf['keytab']) } it 'should get the initial context for a client' do - gsscli = GSSAPI::Simple.new(@conf[:c_host], @conf[:c_service]) - token = gsscli.init_context - token.should_not be_empty + token = cli.init_context + expect(token).not_to be_empty end it 'should acquire credentials for a server service' do - gsscli = GSSAPI::Simple.new(@conf[:s_host], @conf[:s_service], @conf[:keytab]) - gsscli.acquire_credentials.should be_true + expect(srv.acquire_credentials).to eq(true) end + def play_handshake(cli,srv,clioptions={}) + clitoken = cli.init_context(nil, clioptions) + expect(clitoken).not_to be_empty + + expect(srv.acquire_credentials).to eq(true) + + srvoktok = srv.accept_context(clitoken) + expect(srvoktok).not_to be_empty + + ret = cli.init_context(srvoktok) + expect(ret).to eq(true) + end + + it 'client server should handshake' do + play_handshake(cli,srv) + end + + it 'mic' do + play_handshake(cli,srv) + + secret = "this is secreta" + + mic = cli.get_mic(secret) + + expect(srv.verify_mic(secret,mic)).to eq(true) + end + + context "no delegation" do + it "sets delegated_credentials to nil" do + play_handshake(cli,srv,:delegate => false) + expect(srv.delegated_credentials).to be_nil + end + end + + describe "delegation" do + it "sets delegated_credentials to valid" do + play_handshake(cli,srv,:delegate => true) + expect(srv.delegated_credentials).not_to be_nil + delegated_display_name = srv.display_name + + host2 = conf['s_host2'] || conf['s_host'] + service2 = conf['s_service2'] || conf['s_service'] + cli_del = GSSAPI::Simple.new(host2, service2) + srv_del = GSSAPI::Simple.new(host2, service2, conf['keytab2']) + play_handshake(cli_del,srv_del,:credentials => srv.delegated_credentials) + expect(srv_del.display_name).to eq(delegated_display_name) + end + end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/spec/test_buffer_spec.rb new/test/spec/test_buffer_spec.rb --- old/test/spec/test_buffer_spec.rb 2014-09-21 06:22:14.000000000 +0200 +++ new/test/spec/test_buffer_spec.rb 2019-04-30 20:23:26.000000000 +0200 @@ -10,6 +10,6 @@ end # If we get here without any errors we should be golden - true.should be_true + expect(true).to eq(true) end end
