Fix GSS_SPNEGO auth adapter

Author: nsanta

lib/net/ldap.rb

@@ -33,6 +33,7 @@ class LDAP
 
 Net::LDAP::AuthAdapter.register([:simple, :anon, :anonymous], Net::LDAP::AuthAdapter::Simple)
 Net::LDAP::AuthAdapter.register(:sasl, Net::LDAP::AuthAdapter::Sasl)
+Net::LDAP::AuthAdapter.register(:gss_spnego, Net::LDAP::AuthAdapter::GssSpnego)
 
 # == Quick-start for the Impatient
 # === Quick Example of a user-authentication against an LDAP directory:

lib/net/ldap/auth_adapter/gss_spnego.rb

@@ -3,7 +3,7 @@
 
 module Net
   class LDAP
-    module AuthAdapers
+    class AuthAdapter
       #--
       # PROVISIONAL, only for testing SASL implementations. DON'T USE THIS YET.
       # Uses Kohei Kajimoto's Ruby/NTLM. We have to find a clean way to
@@ -15,25 +15,25 @@ module AuthAdapers
       # GSS-SPNEGO authentication with the server, which is presumed to be a
       # Microsoft Active Directory.
       #++
-      class GSS_SPNEGO < Net::LDAP::AuthAdapter
+      class GssSpnego < Net::LDAP::AuthAdapter
         def bind(auth)
-          require 'ntlm'
-
-          user, psw = [auth[:username] || auth[:dn], auth[:password]]
-          raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw)
+          user = auth[:username] || auth[:dn]
+          psw = auth[:password]
+          fail Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw)
 
           nego = proc do |challenge|
             t2_msg = NTLM::Message.parse(challenge)
             t3_msg = t2_msg.response({ :user => user, :password => psw },
-                                     { :ntlmv2 => true })
+                                     :ntlmv2 => true)
             t3_msg.serialize
           end
 
-          Net::LDAP::AuthAdapter::Sasl.new(@connection).bind \
-            :method             => :sasl,
-            :mechanism          => "GSS-SPNEGO",
+          Net::LDAP::AuthAdapter::Sasl.new(@connection).bind(
+            :method => :sasl,
+            :mechanism => "GSS-SPNEGO",
             :initial_credential => NTLM::Message::Type1.new.serialize,
             :challenge_response => nego
+          )
         end
       end
     end

lib/net/ldap/auth_adapter/sasl.rb

@@ -4,6 +4,8 @@ module Net
   class LDAP
     class AuthAdapter
       class Sasl < Net::LDAP::AuthAdapter
+
+        MAX_SASL_CHALLENGES = 10
         #--
         # Required parameters: :mechanism, :initial_credential and
         # :challenge_response
@@ -47,7 +49,7 @@ def bind(auth)
             end
 
             return pdu unless pdu.result_code == Net::LDAP::ResultCodeSaslBindInProgress
-            raise Net::LDAP::SASLChallengeOverflowError, "sasl-challenge overflow" if ((n += 1) > MaxSaslChallenges)
+            raise Net::LDAP::SASLChallengeOverflowError, "sasl-challenge overflow" if ((n += 1) > MAX_SASL_CHALLENGES)
 
             cred = chall.call(pdu.result_server_sasl_creds)
           end

lib/net/ldap/connection.rb

@@ -7,7 +7,6 @@ class Net::LDAP::Connection #:nodoc:
   DefaultConnectTimeout = 5
 
   LdapVersion = 3
-  MaxSaslChallenges = 10
 
   # Initialize a connection to an LDAP server
   #

net-ldap.gemspec

@@ -29,6 +29,7 @@ the most recent LDAP RFCs (4510-4519, plutions of 4520-4532).}
   s.required_ruby_version = ">= 2.0.0"
   s.summary = %q{Net::LDAP for Ruby (also called net-ldap) implements client access for the Lightweight Directory Access Protocol (LDAP), an IETF standard protocol for accessing distributed directory services}
 
+  s.add_runtime_dependency("rubyntlm")
   s.add_development_dependency("flexmock", "~> 1.3")
   s.add_development_dependency("rake", "~> 10.0")
   s.add_development_dependency("rubocop", "~> 0.28.0")