rkerberos 0.1.0

data/ext/rkerberos/keytab_entry.c

@@ -0,0 +1,84 @@
+#include <rkerberos.h>
+
+VALUE cKrb5KtEntry;
+
+// Free function for the Kerberos::Krb5::Keytab::Entry class.
+static void rkrb5_kt_entry_free(RUBY_KRB5_KT_ENTRY* ptr){
+  if(!ptr)
+    return;
+
+  free(ptr);
+}
+
+// Allocation function for the Kerberos::Krb5::Keytab::Entry class.
+static VALUE rkrb5_kt_entry_allocate(VALUE klass){
+  RUBY_KRB5_KT_ENTRY* ptr = malloc(sizeof(RUBY_KRB5_KT_ENTRY));
+  memset(ptr, 0, sizeof(RUBY_KRB5_KT_ENTRY));
+  return Data_Wrap_Struct(klass, 0, rkrb5_kt_entry_free, ptr);
+}
+
+/*
+ * call-seq:
+ *
+ *   Kerberos::Krb5::Keytab::Entry.new
+ *
+ * Creates and returns a new Kerberos::Krb5::Keytab::Entry object. These
+ * objects are what is typically returned from the various Krb5::Keytab
+ * methods.
+ */
+static VALUE rkrb5_kt_entry_initialize(VALUE self){
+  RUBY_KRB5_KT_ENTRY* ptr;
+  Data_Get_Struct(self, RUBY_KRB5_KT_ENTRY, ptr); 
+  return self;
+}
+
+/*
+ * A custom inspect method for nicer output.
+ */
+static VALUE rkrb5_kt_entry_inspect(VALUE self){
+  RUBY_KRB5_KT_ENTRY* ptr;
+  Data_Get_Struct(self, RUBY_KRB5_KT_ENTRY, ptr);
+  VALUE v_str;
+
+  v_str = rb_str_new2("#<"); 
+  rb_str_buf_cat2(v_str, rb_obj_classname(self));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "principal=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@principal")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "timestamp=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@timestamp")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "vno=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@vno")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "key=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@key")));
+  rb_str_buf_cat2(v_str, " ");
+
+  return v_str;
+}
+
+void Init_keytab_entry(){
+  // The Kerberos::Krb5::Keytab::Entry class encapsulates a Kerberos keytab entry.
+  cKrb5KtEntry = rb_define_class_under(cKrb5Keytab, "Entry", rb_cObject);
+
+  // Allocation function
+  rb_define_alloc_func(cKrb5KtEntry, rkrb5_kt_entry_allocate);
+
+  // Constructor
+  rb_define_method(cKrb5KtEntry, "initialize", rkrb5_kt_entry_initialize, 0);
+
+  // Instance Methods
+  rb_define_method(cKrb5KtEntry, "inspect", rkrb5_kt_entry_inspect, 0); 
+
+  // Accessors
+  rb_define_attr(cKrb5KtEntry, "principal", 1, 1);
+  rb_define_attr(cKrb5KtEntry, "timestamp", 1, 1);
+  rb_define_attr(cKrb5KtEntry, "vno", 1, 1);
+  rb_define_attr(cKrb5KtEntry, "key", 1, 1);
+}

data/ext/rkerberos/policy.c

@@ -0,0 +1,196 @@
+#include <rkerberos.h>
+
+VALUE cKadm5Policy;
+
+// Free function for the Kerberos::Krb5::CCache class.
+static void rkadm5_policy_free(RUBY_KADM5_POLICY* ptr){
+  if(!ptr)
+    return;
+
+  if(ptr->ctx)
+    krb5_free_context(ptr->ctx);
+
+  free(ptr);
+}
+
+// Allocation function for the Kerberos::Kadm5::Policy class.
+static VALUE rkadm5_policy_allocate(VALUE klass){
+  RUBY_KADM5_POLICY* ptr = malloc(sizeof(RUBY_KADM5_POLICY));
+  memset(ptr, 0, sizeof(RUBY_KADM5_POLICY));
+  return Data_Wrap_Struct(klass, 0, rkadm5_policy_free, ptr);
+}
+
+/*
+ * call-seq:
+ *   Kerberos::Kadm5::Policy.new(options)
+ *
+ * Returns a new policy object using +options+ you choose to pass, where
+ * the +options+ argument is a hash. This does NOT actually create the policy
+ * object within Kerberos. To do that pass your Policy object to the
+ * Kadm5.create_policy method.
+ *
+ * The possible options are:
+ *
+ * * name        - the name of the policy (mandatory) 
+ * * min_life    - minimum lifetime of a password
+ * * max_life    - maximum lifetime of a password
+ * * min_length  - minimum length of a password
+ * * min_classes - minimum number of character classes allowed in a password
+ * * history_num - number of past key kept for a principal
+ *
+ * If you do not provide a :name then an ArgumentError will be raised.
+ */
+static VALUE rkadm5_policy_init(VALUE self, VALUE v_options){
+  RUBY_KADM5_POLICY* ptr;
+  VALUE v_name, v_minlife, v_maxlife, v_minlength;
+  VALUE v_minclasses, v_historynum;
+
+  Data_Get_Struct(self, RUBY_KADM5_POLICY, ptr);
+
+  Check_Type(v_options, T_HASH);
+
+  if(RTEST(rb_funcall(v_options, rb_intern("empty?"), 0, 0)))
+    rb_raise(rb_eArgError, "no policy options provided");
+
+  v_name       = rb_hash_aref2(v_options, "name");
+  v_minlife    = rb_hash_aref2(v_options, "min_life");
+  v_maxlife    = rb_hash_aref2(v_options, "max_life");
+  v_minlength  = rb_hash_aref2(v_options, "min_length");
+  v_minclasses = rb_hash_aref2(v_options, "min_classes");
+  v_historynum = rb_hash_aref2(v_options, "history_num");
+
+  if(NIL_P(v_name)){
+    rb_raise(rb_eArgError, "name policy option is mandatory");
+  }
+  else{
+    ptr->policy.policy = StringValuePtr(v_name);
+    rb_iv_set(self, "@policy", v_name);
+  }
+
+  if(!NIL_P(v_minlife)){
+    ptr->policy.pw_min_life = NUM2LONG(v_minlife);
+    rb_iv_set(self, "@min_life", v_minlife);
+  }
+  else{
+    rb_iv_set(self, "@min_life", Qnil);
+  }
+
+  if(!NIL_P(v_maxlife)){
+    ptr->policy.pw_max_life = NUM2LONG(v_maxlife);
+    rb_iv_set(self, "@max_life", v_maxlife);
+  }
+  else{
+    rb_iv_set(self, "@max_life", Qnil);
+  }
+  
+  if(!NIL_P(v_minlength)){
+    ptr->policy.pw_min_length = NUM2LONG(v_minlength);
+    rb_iv_set(self, "@min_length", v_minlength);
+  }
+  else{
+    rb_iv_set(self, "@min_length", Qnil);
+  }
+
+  if(!NIL_P(v_minclasses)){
+    ptr->policy.pw_min_classes = NUM2LONG(v_minclasses);
+    rb_iv_set(self, "@min_classes", v_minclasses);
+  }
+  else{
+    rb_iv_set(self, "@min_classes", Qnil);
+  }
+
+  if(!NIL_P(v_historynum)){
+    ptr->policy.pw_history_num = NUM2LONG(v_historynum);
+    rb_iv_set(self, "@history_num", v_historynum);
+  }
+  else{
+    rb_iv_set(self, "@history_num", Qnil);
+  }
+
+  return self;
+}
+
+/*
+ * call-seq:
+ *   policy.inspect
+ *
+ * A custom inspect method for Policy objects.
+ */
+static VALUE rkadm5_policy_inspect(VALUE self){
+  RUBY_KADM5_POLICY* ptr;
+  VALUE v_str;
+
+  Data_Get_Struct(self, RUBY_KADM5_POLICY, ptr);
+
+  v_str = rb_str_new2("#<");
+  rb_str_buf_cat2(v_str, rb_obj_classname(self));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "policy=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@policy")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "min_life=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@min_life")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "max_life=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@max_life")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "min_length=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@min_length")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "min_classes=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@min_classes")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "history_num=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@history_num")));
+
+  rb_str_buf_cat2(v_str, ">");
+  
+  return v_str;
+}
+
+void Init_policy(){
+  /* The Kerberos::Kadm5::Policy class encapsulates a Kerberos policy. */
+  cKadm5Policy = rb_define_class_under(cKadm5, "Policy", rb_cObject);
+
+  // Allocation Function
+
+  rb_define_alloc_func(cKadm5Policy, rkadm5_policy_allocate);
+
+  // Initialization Function
+
+  rb_define_method(cKadm5Policy, "initialize", rkadm5_policy_init, 1);
+
+  // Instance methods
+
+  rb_define_method(cKadm5Policy, "inspect", rkadm5_policy_inspect, 0);
+
+  // Accessors
+
+  /* The name of the policy. */
+  rb_define_attr(cKadm5Policy, "policy", 1, 0);
+
+  /* The minimum password lifetime, in seconds. */
+  rb_define_attr(cKadm5Policy, "min_life", 1, 1);
+
+  /* The maximum duration of a password, in seconds. */
+  rb_define_attr(cKadm5Policy, "max_life", 1, 1);
+
+  /* The minimum password length. */
+  rb_define_attr(cKadm5Policy, "min_length", 1, 1);
+
+  /* The minimum number of character classes (1-5). */
+  rb_define_attr(cKadm5Policy, "min_classes", 1, 1);
+
+  /* The number of past passwords that are stored. */
+  rb_define_attr(cKadm5Policy, "history_num", 1, 1);
+
+  // Aliases
+
+  rb_define_alias(cKadm5Policy, "name", "policy");
+}

data/ext/rkerberos/principal.c

@@ -0,0 +1,263 @@
+#include <rkerberos.h>
+
+VALUE cKrb5Principal;
+
+// Free function for the Kerberos::Krb5::Keytab class.
+static void rkrb5_princ_free(RUBY_KRB5_PRINC* ptr){
+  if(!ptr)
+    return;
+
+  if(ptr->principal)
+    krb5_free_principal(ptr->ctx, ptr->principal);
+
+  if(ptr->ctx)
+    krb5_free_context(ptr->ctx);
+
+  free(ptr);
+}
+
+// Allocation function for the Kerberos::Krb5::Keytab class.
+static VALUE rkrb5_princ_allocate(VALUE klass){
+  RUBY_KRB5_PRINC* ptr = malloc(sizeof(RUBY_KRB5_PRINC));
+  memset(ptr, 0, sizeof(RUBY_KRB5_PRINC));
+  return Data_Wrap_Struct(klass, 0, rkrb5_princ_free, ptr);
+}
+
+/*
+ * call-seq:
+ *   Kerberos::Krb5::Principal.new(name)
+ *
+ * Creates and returns a new Krb5::Principal object. If a block is provided
+ * then it yields itself.
+ *
+ * Example:
+ *
+ *   principal1 = Kerberos::Krb5::Principal.new('Jon')
+ *
+ *   principal2 = Kerberos::Krb5::Principal.new('Jon') do |pr|
+ *     pr.expire_time = Time.now + 20000
+ *   end
+ */
+static VALUE rkrb5_princ_initialize(VALUE self, VALUE v_name){
+  RUBY_KRB5_PRINC* ptr;
+  krb5_error_code kerror;
+
+  Data_Get_Struct(self, RUBY_KRB5_PRINC, ptr); 
+
+  kerror = krb5_init_context(&ptr->ctx);
+
+  if(kerror)
+    rb_raise(cKrb5Exception, "krb5_init_context failed: %s", error_message(kerror));
+
+  if(NIL_P(v_name)){
+    rb_iv_set(self, "@principal", Qnil);
+  }
+  else{
+    char* name;
+    Check_Type(v_name, T_STRING);
+    name = StringValuePtr(v_name);
+    kerror = krb5_parse_name(ptr->ctx, name, &ptr->principal);
+
+    if(kerror)
+      rb_raise(cKrb5Exception, "krb5_parse_name failed: %s", error_message(kerror));
+
+    rb_iv_set(self, "@principal", v_name);
+  }
+
+  rb_iv_set(self, "@attributes", Qnil);
+  rb_iv_set(self, "@aux_attributes", Qnil);
+  rb_iv_set(self, "@expire_time", Qnil);
+  rb_iv_set(self, "@fail_auth_count", Qnil);
+  rb_iv_set(self, "@last_failed", Qnil);
+  rb_iv_set(self, "@last_password_change", Qnil);
+  rb_iv_set(self, "@last_success", Qnil);
+  rb_iv_set(self, "@max_life", Qnil); 
+  rb_iv_set(self, "@max_renewable_life", Qnil); 
+  rb_iv_set(self, "@mod_date", Qnil);
+  rb_iv_set(self, "@mod_name", Qnil);
+  rb_iv_set(self, "@password_expiration", Qnil);
+  rb_iv_set(self, "@policy", Qnil);
+  rb_iv_set(self, "@kvno", Qnil);
+
+  if(rb_block_given_p())
+    rb_yield(self);
+
+  return self;
+}
+
+/*
+ * call-seq:
+ *   principal.realm
+ *
+ * Returns the realm for the given principal.
+ */
+static VALUE rkrb5_princ_get_realm(VALUE self){
+  RUBY_KRB5_PRINC* ptr;
+  Data_Get_Struct(self, RUBY_KRB5_PRINC, ptr); 
+
+  return rb_str_new2(krb5_princ_realm(ptr->ctx, ptr->principal)->data);
+}
+
+/*
+ * call-seq:
+ *   principal.realm = 'YOUR.REALM'
+ *
+ * Sets the realm for the given principal.
+ */
+static VALUE rkrb5_princ_set_realm(VALUE self, VALUE v_realm){
+  RUBY_KRB5_PRINC* ptr;
+  krb5_data kdata;
+
+  memset(&kdata, 0, sizeof(kdata));
+  Data_Get_Struct(self, RUBY_KRB5_PRINC, ptr); 
+
+  Check_Type(v_realm, T_STRING);
+  kdata.data = StringValuePtr(v_realm);
+
+  krb5_princ_set_realm(ptr->ctx, ptr->principal, &kdata);
+
+  return v_realm;
+}
+
+/*
+ * call-seq:
+ *   principal1 == principal2
+ *
+ * Returns whether or not two principals are the same.
+ */
+static VALUE rkrb5_princ_equal(VALUE self, VALUE v_other){
+  RUBY_KRB5_PRINC* ptr1;
+  RUBY_KRB5_PRINC* ptr2;
+  VALUE v_bool = Qfalse;
+
+  Data_Get_Struct(self, RUBY_KRB5_PRINC, ptr1); 
+  Data_Get_Struct(v_other, RUBY_KRB5_PRINC, ptr2); 
+
+  if(krb5_principal_compare(ptr1->ctx, ptr1->principal, ptr2->principal))
+    v_bool = Qtrue;
+
+  return v_bool;
+}
+
+/* 
+ * call-seq:
+ *   principal.inspect
+ *
+ * A custom inspect method for the Principal object.
+ */
+static VALUE rkrb5_princ_inspect(VALUE self){
+  RUBY_KRB5_PRINC* ptr;
+  VALUE v_str;
+
+  Data_Get_Struct(self, RUBY_KRB5_PRINC, ptr); 
+
+  v_str = rb_str_new2("#<");
+  rb_str_buf_cat2(v_str, rb_obj_classname(self));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "attributes=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@attributes")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "aux_attributes=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@aux_attributes")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "expire_time=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@expire_time")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "fail_auth_count=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@fail_auth_count")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "kvno=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@kvno")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "last_failed=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@last_failed")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "last_password_change=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@last_password_change")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "last_success=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@last_success")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "max_life=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@max_life")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "max_renewable_life=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@max_renewable_life")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "mod_date=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@mod_date")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "mod_name=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@mod_name")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "password_expiration=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@password_expiration")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "policy=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@policy")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, "principal=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@principal")));
+  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, ">");
+
+  return v_str;
+}
+
+void Init_principal(){
+  /* The Kerberos::Krb5::Principal class encapsulates a Kerberos principal. */
+  cKrb5Principal = rb_define_class_under(cKrb5, "Principal", rb_cObject);
+
+  // Allocation Function
+
+  rb_define_alloc_func(cKrb5Principal, rkrb5_princ_allocate);
+
+  // Constructor
+
+  rb_define_method(cKrb5Principal, "initialize", rkrb5_princ_initialize, 1);
+
+  // Instance Methods
+
+  rb_define_method(cKrb5Principal, "inspect", rkrb5_princ_inspect, 0);
+  rb_define_method(cKrb5Principal, "realm", rkrb5_princ_get_realm, 0);
+  rb_define_method(cKrb5Principal, "realm=", rkrb5_princ_set_realm, 1);
+  rb_define_method(cKrb5Principal, "==", rkrb5_princ_equal, 1);
+
+  // Attributes
+
+  rb_define_attr(cKrb5Principal, "attributes", 1, 1);
+  rb_define_attr(cKrb5Principal, "aux_attributes", 1, 1);
+  rb_define_attr(cKrb5Principal, "expire_time", 1, 1);
+  rb_define_attr(cKrb5Principal, "fail_auth_count", 1, 1);
+  rb_define_attr(cKrb5Principal, "kvno", 1, 1);
+  rb_define_attr(cKrb5Principal, "last_failed", 1, 1);
+  rb_define_attr(cKrb5Principal, "last_password_change", 1, 1);
+  rb_define_attr(cKrb5Principal, "last_success", 1, 1);
+  rb_define_attr(cKrb5Principal, "max_life", 1, 1);
+  rb_define_attr(cKrb5Principal, "max_renewable_life", 1, 1);
+  rb_define_attr(cKrb5Principal, "mod_date", 1, 1);
+  rb_define_attr(cKrb5Principal, "mod_name", 1, 1);
+  rb_define_attr(cKrb5Principal, "password_expiration", 1, 1);
+  rb_define_attr(cKrb5Principal, "policy", 1, 1);
+  rb_define_attr(cKrb5Principal, "principal", 1, 0);
+
+  // Aliases
+
+  rb_define_alias(cKrb5Principal, "name", "principal");
+}