krb5-auth 0.6 → 0.7

data/README

@@ -4,18 +4,18 @@ This is an implementation of Ruby bindings for the Kerberos library.
 
 To build a gem, you'll want to:
 
-$ gem build krb5-auth.gemspec
-# gem install krb5-auth-{VERSION}.gem
+$ rake gem
+$ sudo gem install pkg/krb5-auth-{VERSION}.gem
 
 To build an RPM, you'll want to:
 
-$ gem build krb5-auth.gemspec
-$ gem2rpm -s -t rubygem-krb5-auth.spec krb5-auth-{VERSION}.gem
-$ rpmbuild --rebuild rubygem-krb5-auth-{VERSION}-{RELEASE}.fc8.src.rpm
+$ rake rpm
+$ sudo rpm -Uvh pkg/{i386,x86_64}/rubygem-krb5-auth-{VERSION}.{i386,x86_64}.rpm
 
 and then install the resulting RPM.
 
 To build it just for development, you'll want to:
-$ cd ext
-$ ruby extconf.rb
-$ make
+$ rake build
+
+To build the documentation, make sure you have rdoc installed, and then:
+$ rake rdoc

data/Rakefile

@@ -0,0 +1,103 @@
+# -*- ruby -*-
+# Rakefile: build ruby kerberos bindings
+#
+# Copyright (C) 2008 Red Hat, Inc.
+#
+# Distributed under the GNU Lesser General Public License v2.1 or later.
+# See COPYING for details
+#
+# Chris Lalancette <clalance@redhat.com>
+
+# Rakefile for ruby-rpm -*- ruby -*-
+require 'rake/clean'
+require 'rake/rdoctask'
+require 'rake/testtask'
+require 'rake/gempackagetask'
+
+PKG_NAME='krb5-auth'
+PKG_VERSION='0.7'
+
+EXT_CONF='ext/extconf.rb'
+MAKEFILE='ext/Makefile'
+KRB5AUTH_MODULE='ext/krb5_auth.so'
+SPEC_FILE='rubygem-krb5-auth.spec'
+KRB5AUTH_SRC='ext/ruby_krb5_auth.c'
+
+CLEAN.include [ "ext/*.o", KRB5AUTH_MODULE ]
+CLOBBER.include [ "ext/mkmf.log", MAKEFILE ]
+
+#
+# Build locally
+#
+file MAKEFILE => EXT_CONF do |t|
+  Dir::chdir(File::dirname(EXT_CONF)) do
+    unless sh "ruby #{File::basename(EXT_CONF)}"
+      $stderr.puts "Failed to run extconf"
+      break
+    end
+  end
+end
+file KRB5AUTH_MODULE => [ MAKEFILE, KRB5AUTH_SRC ] do |t|
+  Dir::chdir(File::dirname(EXT_CONF)) do
+    unless sh "make"
+      $stderr.puts "make failed"
+      break
+    end
+  end
+end
+desc "Build the native library"
+task :build => KRB5AUTH_MODULE
+
+Rake::RDocTask.new(:rdoc) do |rd|
+  rd.rdoc_dir = "doc"
+  rd.rdoc_files.include("ext/*.c")
+end
+
+#
+# Package tasks
+#
+
+PKG_FILES = FileList[
+    "README","bin/example.rb","ext/extconf.rb",
+    "ext/ruby_krb5_auth.c","COPYING","TODO","Rakefile"
+]
+
+SPEC = Gem::Specification.new do |s|
+  s.name                = PKG_NAME
+  s.version             = PKG_VERSION
+  s.email               = "clalance@redhat.com"
+  s.homepage            = "http://rubyforge.org/projects/krb5-auth/"
+  s.summary             = "Kerberos binding for Ruby"
+  s.files               = PKG_FILES
+  s.autorequire         = "Krb5Auth"
+  s.require_paths       = [ "ext" ]
+  s.extensions		= "ext/extconf.rb"
+  s.author              = "Chris Lalancette"
+  s.platform            = Gem::Platform::RUBY
+  s.has_rdoc            = true
+end
+
+Rake::GemPackageTask.new(SPEC) do |pkg|
+    pkg.need_tar = true
+    pkg.need_zip = true
+end
+
+desc "Build (S)RPM for #{PKG_NAME}"
+task :rpm => [ :package ] do |t|
+    system("sed -e 's/@VERSION@/#{PKG_VERSION}/' #{SPEC_FILE} > pkg/#{SPEC_FILE}")
+    Dir::chdir("pkg") do |dir|
+        dir = File::expand_path(".")
+        system("rpmbuild --define '_topdir #{dir}' --define '_sourcedir #{dir}' --define '_srcrpmdir #{dir}' --define '_rpmdir #{dir}' --define '_builddir #{dir}' -ba #{SPEC_FILE} > rpmbuild.log 2>&1")
+        if $? != 0
+            raise "rpmbuild failed"
+        end
+    end
+end
+
+#
+# Default
+#
+
+desc "Default task: build all"
+task :default => [ :build, :rdoc, :rpm ] do |t|
+end

data/TODO

@@ -1,4 +1,3 @@
 TODO items:
-1.  Implement cached principal listing (similar to klist)
-2.  Finer-grained error reporting
-3.  Documentation on how to use the API
+1.  Finer-grained error reporting
+2.  Automated tests

data/bin/example.rb

@@ -23,6 +23,13 @@ krb5.cache
 
 puts "Principal: " + krb5.get_default_principal
 
+# List all of the credentials in the cache, and expiration times, etc.
+krb5.list_cache.each do |cred|
+  starttime = DateTime.strptime(cred.starttime.to_s, "%s")
+  endtime = DateTime.strptime(cred.endtime.to_s, "%s")
+  puts "Client: " + cred.client + " Server: " + cred.server + " starttime: " + starttime.strftime("%D %T") + " endtime: " + endtime.strftime("%D %T")
+end
+
 # destroy those same credentials from the default cache location
 krb5.destroy
 

data/ext/ruby_krb5_auth.c

@@ -20,13 +20,14 @@
  * Author: Chris Lalancette <clalance@redhat.com>
  */
 
-#include "ruby.h"
-#include "krb5.h"
+#include <ruby.h>
+#include <krb5.h>
 #include <stdio.h>
 #include <strings.h>
 
 static VALUE mKerberos;
 static VALUE cKrb5;
+static VALUE cCred;
 static VALUE cKrb5_Exception;
 
 struct ruby_krb5 {
@@ -64,6 +65,12 @@ static void kerb_free(void *p)
   free(kerb);
 }
 
+/*
+ * call-seq:
+ *   new
+ *
+ * Create a new Krb5Auth::Krb5 object.  This must be called before any other methods are called.  Returns true on success, raises Krb5Auth::Krb5::Exception on failure.
+ */
 static VALUE Krb5_new(VALUE self)
 {
   struct ruby_krb5 *kerb;
@@ -86,6 +93,12 @@ static VALUE Krb5_new(VALUE self)
   return Data_Wrap_Struct(cKrb5, NULL, kerb_free, kerb);
 }
 
+/*
+ * call-seq:
+ *   get_default_realm -> string
+ *
+ * Call krb5_get_default_realm() to get the default realm.  Returns the default realm on success, raises Krb5Auth::Krb5::Exception on failure.
+ */
 static VALUE Krb5_get_default_realm(VALUE self)
 {
   struct ruby_krb5 *kerb;
@@ -112,6 +125,12 @@ static VALUE Krb5_get_default_realm(VALUE self)
   return result;
 }
 
+/*
+ * call-seq:
+ *   get_default_principal -> string
+ *
+ * Call krb5_cc_get_principal() to get the principal from the default cachefile.  Returns the default principal on success, raises Krb5Auth::Krb5::Exception on failure.
+ */
 static VALUE Krb5_get_default_principal(VALUE self)
 {
   struct ruby_krb5 *kerb;
@@ -154,6 +173,12 @@ static VALUE Krb5_get_default_principal(VALUE self)
   return result;
 }
 
+/*
+ * call-seq:
+ *   get_init_creds_password(username, password)
+ *
+ * Call krb5_get_init_creds_password() to get credentials based on a username and password.  Returns true on success, raises Krb5Auth::Krb5::Exception on failure.
+ */
 static VALUE Krb5_get_init_creds_password(VALUE self, VALUE _user, VALUE _pass)
 {
   Check_Type(_user,T_STRING);
@@ -191,6 +216,12 @@ static VALUE Krb5_get_init_creds_password(VALUE self, VALUE _user, VALUE _pass)
   return Qfalse;
 }
 
+/*
+ * call-seq:
+ *   get_init_creds_keytab([principal][,keytab])
+ *
+ * Call krb5_get_init_creds_keytab() to get credentials based on a keytab.  With no parameters, gets the default principal (probably the username@DEFAULT_REALM) from the default keytab (as configured in /etc/krb5.conf).  With one parameter, get the named principal from the default keytab (as configured in /etc/krb5.conf).  With two parameters, get the named principal from the named keytab.  Returns true on success, raises Krb5Auth::Krb5::Exception on failure.
+ */
 static VALUE Krb5_get_init_creds_keytab(int argc, VALUE *argv, VALUE self)
 {
   char *princ;
@@ -270,6 +301,12 @@ static VALUE Krb5_get_init_creds_keytab(int argc, VALUE *argv, VALUE self)
   return Qfalse;
 }
 
+/*
+ * call-seq:
+ *   set_password(new_password)
+ *
+ * Call krb5_set_password to set the password for this credential to new_password.  This requires that the credentials have already been fetched via Krb5.get_init_creds_password or Krb5.get_init_creds_keytab.  Returns true on success, raises Krb5Auth::Krb5::Exception on failure.
+ */
 static VALUE Krb5_change_password(VALUE self, VALUE _newpass)
 {
   Check_Type(_newpass,T_STRING);
@@ -296,6 +333,12 @@ static VALUE Krb5_change_password(VALUE self, VALUE _newpass)
   return Qtrue;
 }
 
+/*
+ * call-seq:
+ *   cache([cache_name])
+ *
+ * Call krb5_cc_store_cred to store credentials in a cachefile.  With no parameters, it stores the credentials in the default cachefile.  With one parameter, it stores the credentials in the named cachefile.  This requires that the credentials have already been fetched via Krb5.get_init_creds_password or Krb5.get_init_creds_keytab.  Returns true on success, raises Krb5Auth::Krb5::Exception on failure.
+ */
 static VALUE Krb5_cache_creds(int argc, VALUE *argv, VALUE self)
 {
   struct ruby_krb5 *kerb;
@@ -363,6 +406,124 @@ static VALUE Krb5_cache_creds(int argc, VALUE *argv, VALUE self)
   return Qfalse;
 }
 
+/*
+ * call-seq:
+ *   list_cache([cache_name]) -> array
+ *
+ * Call krb5_cc_next_cred to fetch credentials from a cachefile.  With no parameters, it fetches the credentials in the default cachefile.  With one parameter, it fetches the credentials in the named cachefile.  Returns a list of Krb5Auth::Krb5::Cred objects on success, raises Krb5Auth::Krb5::Exception on failure.
+ */
+static VALUE Krb5_list_cache_creds(int argc, VALUE *argv, VALUE self)
+{
+  struct ruby_krb5 *kerb;
+  krb5_error_code krbret;
+  char *cache_name;
+  krb5_ccache cc;
+  krb5_cc_cursor cur;
+  krb5_creds creds;
+  char *name;
+  char *sname;
+  krb5_ticket *tkt;
+  VALUE result;
+  VALUE line;
+    
+  if (argc == 0) {
+    cache_name = NULL;
+  }
+  else if (argc == 1) {
+    Check_Type(argv[0], T_STRING);
+    cache_name = STR2CSTR(argv[0]);
+  }
+  else {
+    rb_raise(rb_eRuntimeError, "Invalid arguments");
+  }
+
+  Data_Get_Struct(self, struct ruby_krb5, kerb);
+  if (!kerb) {
+    NOSTRUCT_EXCEPT();
+    return Qfalse;
+  }
+
+  if (cache_name == NULL) {
+    krbret = krb5_cc_default(kerb->ctx, &cc);
+  }
+  else {
+    krbret = krb5_cc_resolve(kerb->ctx, cache_name, &cc);
+  }
+
+  if (krbret) {
+    goto cache_fail_raise;
+  }
+
+  krbret = krb5_cc_start_seq_get(kerb->ctx, cc, &cur);
+  if (krbret) {
+    goto cache_fail_close;
+  }
+
+  result = rb_ary_new();
+  while (!(krbret = krb5_cc_next_cred(kerb->ctx, cc, &cur, &creds))) {
+    krbret = krb5_unparse_name(kerb->ctx, creds.client, &name);
+    if (krbret) {
+      krb5_free_cred_contents(kerb->ctx, &creds);
+      break;
+    }
+    krbret = krb5_unparse_name(kerb->ctx, creds.server, &sname);
+    if (krbret) {
+      free(name);
+      krb5_free_cred_contents(kerb->ctx, &creds);
+      break;
+    }
+    krbret = krb5_decode_ticket(&creds.ticket, &tkt);
+    if (krbret) {
+      free(sname);
+      free(name);
+      krb5_free_cred_contents(kerb->ctx, &creds);
+      break;
+    }
+    line = rb_class_new_instance(0, NULL, cCred);
+    rb_iv_set(line, "@client", rb_str_new2(name));
+    rb_iv_set(line, "@server", rb_str_new2(sname));
+    rb_iv_set(line, "@starttime", INT2NUM(creds.times.starttime));
+    rb_iv_set(line, "@authtime", INT2NUM(creds.times.authtime));
+    rb_iv_set(line, "@endtime", INT2NUM(creds.times.endtime));
+    rb_iv_set(line, "@ticket_flags", INT2NUM(creds.ticket_flags));
+    rb_iv_set(line, "@cred_enctype", INT2NUM(creds.keyblock.enctype));
+    rb_iv_set(line, "@ticket_enctype", INT2NUM(tkt->enc_part.enctype));
+    rb_ary_push(result, line);
+    krb5_free_ticket(kerb->ctx, tkt);
+    free(sname);
+    free(name);
+    krb5_free_cred_contents(kerb->ctx, &creds);
+  }
+
+  if (krbret != KRB5_CC_END) {
+    // FIXME: do we need to free up "result" here?  There will be no
+    // references to it, so I think the garbage collector will pick it up,
+    // but I'm not sure.
+
+    goto cache_fail_close;
+  }
+
+  krbret = krb5_cc_end_seq_get(kerb->ctx, cc, &cur);
+
+  krb5_cc_close(kerb->ctx, cc);
+
+  return result;
+
+ cache_fail_close:
+  krb5_cc_close(kerb->ctx, cc);
+
+ cache_fail_raise:
+  Krb5_register_error(krbret);
+
+  return Qfalse;
+}
+
+/*
+ * call-seq:
+ *   destroy([cache_name])
+ *
+ * Call krb5_cc_destroy to destroy all credentials in a cachefile.  With no parameters, it destroys the credentials in the default cachefile.  With one parameter, it destroys the credentials in the named cachefile.  Returns true on success, raises Krb5Auth::Krb5::Exception on failure.
+ */
 static VALUE Krb5_destroy_creds(int argc, VALUE *argv, VALUE self)
 {
   struct ruby_krb5 *kerb;
@@ -411,6 +572,12 @@ static VALUE Krb5_destroy_creds(int argc, VALUE *argv, VALUE self)
   return Qtrue;
 }
 
+/*
+ * call-seq:
+ *   close
+ *
+ * Free up all memory associated with this object.  After this is called, no more methods may be called against this object.
+ */
 static VALUE Krb5_close(VALUE self)
 {
   struct ruby_krb5 *kerb;
@@ -424,6 +591,11 @@ static VALUE Krb5_close(VALUE self)
   return Qnil;
 }
 
+/*
+ * = Ruby bindings for kerberos
+ *
+ * The module Krb5Auth provides bindings to kerberos version 5 libraries
+ */
 void Init_krb5_auth()
 {
   mKerberos = rb_define_module("Krb5Auth");
@@ -432,6 +604,55 @@ void Init_krb5_auth()
 
   cKrb5_Exception = rb_define_class_under(cKrb5, "Exception", rb_eStandardError);
 
+  cCred = rb_define_class_under(cKrb5, "Cred", rb_cObject);
+  rb_define_attr(cCred, "client", 1, 0);
+  rb_define_attr(cCred, "server", 1, 0);
+  rb_define_attr(cCred, "starttime", 1, 0);
+  rb_define_attr(cCred, "authtime", 1, 0);
+  rb_define_attr(cCred, "endtime", 1, 0);
+  rb_define_attr(cCred, "ticket_flags", 1, 0);
+  rb_define_attr(cCred, "cred_enctype", 1, 0);
+  rb_define_attr(cCred, "ticket_enctype", 1, 0);
+
+#define DEF_FLAG_CONST(name) \
+  rb_define_const(cCred, #name, INT2NUM(name))
+
+  DEF_FLAG_CONST(TKT_FLG_FORWARDABLE);
+  DEF_FLAG_CONST(TKT_FLG_FORWARDED);
+  DEF_FLAG_CONST(TKT_FLG_PROXIABLE);
+  DEF_FLAG_CONST(TKT_FLG_PROXY);
+  DEF_FLAG_CONST(TKT_FLG_MAY_POSTDATE);
+  DEF_FLAG_CONST(TKT_FLG_POSTDATED);
+  DEF_FLAG_CONST(TKT_FLG_INVALID);
+  DEF_FLAG_CONST(TKT_FLG_RENEWABLE);
+  DEF_FLAG_CONST(TKT_FLG_INITIAL);
+  DEF_FLAG_CONST(TKT_FLG_HW_AUTH);
+  DEF_FLAG_CONST(TKT_FLG_PRE_AUTH);
+  DEF_FLAG_CONST(TKT_FLG_TRANSIT_POLICY_CHECKED);
+  DEF_FLAG_CONST(TKT_FLG_OK_AS_DELEGATE);
+  DEF_FLAG_CONST(TKT_FLG_ANONYMOUS);
+
+#undef DEF_FLAG_CONST
+
+#define DEF_ENC_CONST(name) \
+  rb_define_const(cCred, #name, INT2NUM(name))
+
+  DEF_ENC_CONST(ENCTYPE_NULL);
+  DEF_ENC_CONST(ENCTYPE_DES_CBC_CRC);
+  DEF_ENC_CONST(ENCTYPE_DES_CBC_MD4);
+  DEF_ENC_CONST(ENCTYPE_DES_CBC_MD5);
+  DEF_ENC_CONST(ENCTYPE_DES_CBC_RAW);
+  DEF_ENC_CONST(ENCTYPE_DES3_CBC_SHA);
+  DEF_ENC_CONST(ENCTYPE_DES3_CBC_RAW);
+  DEF_ENC_CONST(ENCTYPE_DES_HMAC_SHA1);
+  DEF_ENC_CONST(ENCTYPE_DES3_CBC_SHA1);
+  DEF_ENC_CONST(ENCTYPE_AES128_CTS_HMAC_SHA1_96);
+  DEF_ENC_CONST(ENCTYPE_AES256_CTS_HMAC_SHA1_96);
+  DEF_ENC_CONST(ENCTYPE_ARCFOUR_HMAC);
+  DEF_ENC_CONST(ENCTYPE_ARCFOUR_HMAC_EXP);
+  DEF_ENC_CONST(ENCTYPE_UNKNOWN);
+#undef DEF_ENC_CONST
+
   rb_define_singleton_method(cKrb5, "new", Krb5_new, 0);
   rb_define_method(cKrb5, "get_init_creds_password", Krb5_get_init_creds_password, 2);
   rb_define_method(cKrb5, "get_init_creds_keytab", Krb5_get_init_creds_keytab, -1);
@@ -439,6 +660,7 @@ void Init_krb5_auth()
   rb_define_method(cKrb5, "get_default_principal", Krb5_get_default_principal, 0);
   rb_define_method(cKrb5, "change_password", Krb5_change_password, 1);
   rb_define_method(cKrb5, "cache", Krb5_cache_creds, -1);
+  rb_define_method(cKrb5, "list_cache", Krb5_list_cache_creds, -1);
   rb_define_method(cKrb5, "destroy", Krb5_destroy_creds, -1);
   rb_define_method(cKrb5, "close", Krb5_close, 0);
 }

metadata

@@ -3,13 +3,13 @@ rubygems_version: 0.9.4
 specification_version: 1
 name: krb5-auth
 version: !ruby/object:Gem::Version 
-  version: "0.6"
-date: 2008-05-21 00:00:00 +02:00
+  version: "0.7"
+date: 2008-06-20 00:00:00 +02:00
 summary: Kerberos binding for Ruby
 require_paths: 
-- lib
+- ext
 email: clalance@redhat.com
-homepage: 
+homepage: http://rubyforge.org/projects/krb5-auth/
 rubyforge_project: 
 description: 
 autorequire: Krb5Auth
@@ -30,12 +30,12 @@ authors:
 - Chris Lalancette
 files: 
 - README
-- lib/krb5-auth.rb
 - bin/example.rb
 - ext/extconf.rb
 - ext/ruby_krb5_auth.c
 - COPYING
 - TODO
+- Rakefile
 test_files: []
 
 rdoc_options: []

data/lib/krb5-auth.rb

@@ -1,23 +0,0 @@
-#
-# krb5-auth.rb: main module for the ruby-krb5-auth bindings
-#
-# Copyright (C) 2008 Red Hat, Inc.
-#
-# Distributed under the GNU Lesser General Public License v2.1 or later.
-# See COPYING for details
-#
-# Chris Lalancette <clalance@redhat.com>
-
-require 'krb5_auth'
-
-# Ruby C extension for basic Kerberos functions. Tested on Linux with
-# Kerberos 5-1.6.1
-module Krb5Auth
-
-# Krb5 contains the kerberos end user functionality, such as user
-# authentication and password changes.
-  class Krb5
-
-  end
-
-end