Module: Gsasl

Extended by:

FFI::Library

Defined in:

lib/gsasl.rb,
lib/gsasl/peer.rb,
lib/gsasl/native.rb,
lib/gsasl/context.rb,
lib/gsasl/version.rb,
lib/gsasl/remote_authenticator.rb

Defined Under Namespace

Classes: Context, GsaslError, Peer, RemoteAuthenticator

Constant Summary

GSASL_MIN_MECHANISM_SIZE =

RFC 2222: SASL mechanisms are named by strings, from 1 to 20 characters in length, consisting of upper-case letters, digits, hyphens, and/or underscores. SASL mechanism names must be registered with the IANA.

1,
GSASL_MAX_MECHANISM_SIZE = 20

GSASL_OK =

Error codes for library functions.

0

GSASL_NEEDS_MORE =

1

GSASL_UNKNOWN_MECHANISM =

2

GSASL_MECHANISM_CALLED_TOO_MANY_TIMES =

3

GSASL_MALLOC_ERROR =

7

GSASL_BASE64_ERROR =

8

GSASL_CRYPTO_ERROR =

9

GSASL_SASLPREP_ERROR =

29

GSASL_MECHANISM_PARSE_ERROR =

30

GSASL_AUTHENTICATION_ERROR =

31

GSASL_INTEGRITY_ERROR =

33

GSASL_NO_CLIENT_CODE =

35

GSASL_NO_SERVER_CODE =

36

GSASL_NO_CALLBACK =

51

GSASL_NO_ANONYMOUS_TOKEN =

52

GSASL_NO_AUTHID =

53

GSASL_NO_AUTHZID =

54

GSASL_NO_PASSWORD =

55

GSASL_NO_PASSCODE =

56

GSASL_NO_PIN =

57

GSASL_NO_SERVICE =

58

GSASL_NO_HOSTNAME =

59

GSASL_NO_CB_TLS_UNIQUE =

65

GSASL_NO_SAML20_IDP_IDENTIFIER =

66

GSASL_NO_SAML20_REDIRECT_URL =

67

GSASL_NO_OPENID20_AUTH_IDENTIFIER =

68

GSASL_GSSAPI_RELEASE_BUFFER_ERROR =

Mechanism specific errors.

37

GSASL_GSSAPI_IMPORT_NAME_ERROR =

38

GSASL_GSSAPI_INIT_SEC_CONTEXT_ERROR =

39

GSASL_GSSAPI_ACCEPT_SEC_CONTEXT_ERROR =

40

GSASL_GSSAPI_UNWRAP_ERROR =

41

GSASL_GSSAPI_WRAP_ERROR =

42

GSASL_GSSAPI_ACQUIRE_CRED_ERROR =

43

GSASL_GSSAPI_DISPLAY_NAME_ERROR =

44

GSASL_GSSAPI_UNSUPPORTED_PROTECTION_ERROR =

45

GSASL_KERBEROS_V5_INIT_ERROR =

46

GSASL_KERBEROS_V5_INTERNAL_ERROR =

47

GSASL_SHISHI_ERROR =

GSASL_KERBEROS_V5_INTERNAL_ERROR

GSASL_SECURID_SERVER_NEED_ADDITIONAL_PASSCODE =

48

GSASL_SECURID_SERVER_NEED_NEW_PIN =

49

GSASL_GSSAPI_ENCAPSULATE_TOKEN_ERROR =

60

GSASL_GSSAPI_DECAPSULATE_TOKEN_ERROR =

61

GSASL_GSSAPI_INQUIRE_MECH_FOR_SASLNAME_ERROR =

62

GSASL_GSSAPI_TEST_OID_SET_MEMBER_ERROR =

63

GSASL_GSSAPI_RELEASE_OID_SET_ERROR =

64

GSASL_AUTHID =

Information properties, e.g., username.

1

GSASL_AUTHZID =

2

GSASL_PASSWORD =

3

GSASL_ANONYMOUS_TOKEN =

4

GSASL_SERVICE =

5

GSASL_HOSTNAME =

6

GSASL_GSSAPI_DISPLAY_NAME =

7

GSASL_PASSCODE =

8

GSASL_SUGGESTED_PIN =

9

GSASL_PIN =

10

GSASL_REALM =

11

GSASL_DIGEST_MD5_HASHED_PASSWORD =

12

GSASL_QOPS =

13

GSASL_QOP =

14

GSASL_SCRAM_ITER =

15

GSASL_SCRAM_SALT =

16

GSASL_SCRAM_SALTED_PASSWORD =

17

GSASL_CB_TLS_UNIQUE =

18

GSASL_SAML20_IDP_IDENTIFIER =

19

GSASL_SAML20_REDIRECT_URL =

20

GSASL_OPENID20_AUTH_IDENTIFIER =

21

GSASL_SAML20_AUTHENTICATE_IN_BROWSER =

Client callbacks.

250

GSASL_VALIDATE_SIMPLE =

Server validation callback properties.

500

GSASL_VALIDATE_EXTERNAL =

501

GSASL_VALIDATE_ANONYMOUS =

502

GSASL_VALIDATE_GSSAPI =

503

GSASL_VALIDATE_SECURID =

504

GSASL_VALIDATE_SAML20 =

505

GSASL_CIPHER_DES =

Gsasl_cipher

1

GSASL_CIPHER_3DES =

2

GSASL_CIPHER_RC4 =

4

GSASL_CIPHER_RC4_40 =

8

GSASL_CIPHER_RC4_56 =

16

GSASL_CIPHER_AES =

32

GSASL_QOP_AUTH =

Quality of Protection types (DIGEST-MD5 and GSSAPI). The integrity and confidentiality values is about application data wrapping. We recommend that you use @GSASL_QOP_AUTH with TLS as that combination is generally more secure and have better chance of working than the integrity/confidentiality layers of SASL.

1,
GSASL_QOP_AUTH_INT = 2,
GSASL_QOP_AUTH_CONF = 4

CALLBACK =

Handles at a global level all callbacks that are made by the gsasl library. The context and session (or peer) will be used to proxy the events to the corresponding object.

Proc.new do |context, peer, property|
  # find the object...
  if context = find_by_context(context.address)
    if peer = context.peers[peer.address]
      # ...and call the callback with the property
      result = peer.call(property)
    end
  end
  
  # if there is no callback handler (nil) return that information
  result || Gsasl::GSASL_NO_CALLBACK
end

VERSION =

"1.0.0"

Class Method Summary

• .find_by_context(id) ⇒ Gsasl::Context^? private

  Helper to find an context (or session) by the passed id.

• .new_context(id, context) ⇒ Object private

  Registers the context and the session for later use in the global callback.

• .raise_error!(code) ⇒ Object

  Raises an error if the passed result is not GSASL_OK.

Class Method Details

.find_by_context(id) ⇒ Gsasl::Context^?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Helper to find an context (or session) by the passed id. Used by ‘CALLBACK`.

Parameters:

• id (Fixnum) —

  the id of the sesseion (pointer to context struct)

Returns:

• (Gsasl::Context, nil) —

  the session or nil if nothing was found

# File 'lib/gsasl/native.rb', line 170

def self.find_by_context(id)
  @contexts ||= {}
  @contexts[id]
end

.new_context(id, context) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Registers the context and the session for later use in the global callback.

Parameters:

• id (Fixnum) —

  the id of the sesseion (pointer to context struct)

• context (Gsasl::Context) —

  the session to save for later use

# File 'lib/gsasl/native.rb', line 179

def self.new_context(id, context)
  @contexts ||= {}
  @contexts[id] = context
end

.raise_error!(code) ⇒ Object

Raises an error if the passed result is not GSASL_OK

Parameters:

• code (Fixnum) —

  that should be checked

# File 'lib/gsasl/native.rb', line 142

def self.raise_error!(code)
  if code != GSASL_OK
    error = GsaslError.new(Gsasl.gsasl_strerror(code) + " [#{code}]")
    error.code = code
    raise error
  end
end