File: sspi.rb

package info (click to toggle)
ruby-net-ssh-krb 0.4.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 156 kB
  • sloc: ruby: 277; makefile: 4
file content (67 lines) | stat: -rw-r--r-- 2,511 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
#$DEBUG = 1

require 'socket'
require 'rubygems'
gem 'net-ssh'
$:.unshift File.join(File.dirname(__FILE__), '..', 'lib')
require 'net/ssh'
require 'net/ssh/errors'
require 'net/ssh/kerberos'

unless Net::SSH::Kerberos::Drivers.available.include? 'SSPI'
  $stderr.puts "No drivers supporting SSPI could be loaded."
  exit 1
end

include Net::SSH::Kerberos::Drivers::SSPI
include Net::SSH::Kerberos::Constants

result = API.querySecurityPackageInfo "Kerberos", nil
if result.ok?
  pkg_info = API._args_[1]
  $stderr.puts "querySecurityPackageInfo: (#{result}) #{pkg_info.comment} (max_token=#{pkg_info.max_token})"
  @max_token = pkg_info.max_token
  result = API.freeContextBuffer pkg_info.to_ptr
  $stderr.puts "freeContextBuffer: (#{result})"
else
  $stderr.puts "querySecurityPackageInfo: (#{result})"
end

result = API.acquireCredentialsHandle nil, "Kerberos", SECPKG_CRED_OUTBOUND, nil, nil, nil, nil,
                                      creds=API::SecHandle.malloc, ts=API::TimeStamp.malloc
if result.ok?
  $stderr.puts "acquireCredentialsHandle: (#{result})"
  begin
    result = API.queryCredentialsAttributes creds, SECPKG_ATTR_NAMES, nil
    if result.ok?
      names = API._args_[2]
      $stderr.puts "queryCredentialsAttributes: (#{result}) #{names.to_s}"
      result = API.freeContextBuffer names
      $stderr.puts "freeContextBuffer: (#{result})"

      output = API::SecBufferDesc.create @max_token
      if $DEBUG
        $stderr.puts "SecBufferDesc.create: #{output.inspect} => #{output.buffer(0).inspect} => #{output.buffer(0).data.inspect}"
      end
      result = API.initializeSecurityContext creds, nil, 'host/'+Socket.gethostbyname('localhost')[0], 
                                             ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH | ISC_REQ_INTEGRITY, 0, SECURITY_NATIVE_DREP,
                                             nil, 0, ctx=API::SecHandle.malloc, output, 0, ts=API::TimeStamp.malloc
      if result.ok?
        $stderr.puts "initializeSecurityContext: (#{result}) ctx=#{! ctx.nil?} token.length=#{output.buffer(0).length}"
        result = API.deleteSecurityContext ctx
        $stderr.puts "deleteSecurityContext: (#{result})"
      else
        $stderr.puts "initializeSecurityContext: (#{result})"
      end
    else
      $stderr.puts "queryCredentialsAttributes: (#{result})"
    end
  ensure
    result = API.freeCredentialsHandle creds
    $stderr.puts "freeCredentialsHandle : (#{result})"
  end
else
  $stderr.puts "acquireCredentialsHandle: (#{result})"
end