rkerberos 0.2.1 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7d95bc44b05fe9b2d7d50af063944d2464a39e2387c6af3c9b8dbefd68025e94
-  data.tar.gz: 8dcdcec07fcdd598065fc7e826dda60b66a683c0cfb500aaa594fdbe5b5c3326
+  metadata.gz: 71575b32bb628b8425101d837de9c86ce1dd5e865a5db93462457266c8eb4d2c
+  data.tar.gz: 99128f7462ed48175619b224d838f2dd00b7d7f972963530c1276037fe299792
 SHA512:
-  metadata.gz: ee3844d89f82e24b9447f67538e40f9af8d4df630c3e3da757e0ce8c3d54b1ba1d3a57d48db0c2ed4001a687dd1ccfbcb2e3c5ef6eb120b5eed5802964a47f74
-  data.tar.gz: 93003f70201a17ecbc3f158cf4fa997657ee1d25b1c28d3e3019207f3b3664d880db4d3297a8a542d54343ad4fe2f38afa607b028ea161d6bbb50a1a526f4e63
+  metadata.gz: d90e4d248f40ae3cd13d02febfe71cd92e0dbc4712f37326444eff8368e5326a55980424263f30d8983a1ddd674b948034cbad0c3ce3e6606649e72feb77ca57
+  data.tar.gz: aa5bd082185a5e8b11b4d50d9e58e3fc76f954b9694d5f00aa5c53e4aeca5739c737a4c4477cc028b374391b108b4a4d166c25ce557b4a39eee39f5a1758ad16

data/CHANGES.md

@@ -1,4 +1,24 @@
- = 0.2.1 - 1-Mar-2026
+# 0.2.3 - 8-Mar-2026
+* All Kadm5 related classes are skipped if not found.
+* Several updates to the spec helper that mainly revolved around supporting
+  MS Windows and/or skipping specs when Kadm5 classes aren't found.
+* More potential memory issues addressed, mainly stuff that only happened
+  on an error path.
+
+# 0.2.2 - 3-Mar-2026
+* Added custom .dup methods for CredentialsCache and Keytab.
+* Added the keytab_name and keytab_type methods to Keytab.
+* Added the cache_name, cache_type and principal methods to CredentialsCache.
+* The Keytab#get_entry method now properly honors the vno and encoding type arguments.
+* Fixed the max_life and max_rlife attributes in Config.
+* Fixed the get_privileges method in Kadm5.
+* Fixed the change_password method in Kadm5 and added specs for it. Previously it would
+  generally always return true because it wasn't considering KDC failures, only raw
+  function failures.
+* Heaps of memory leak fixes. Get it? Heaps? Right, I'll see myself out.
+* Converted the CHANGES and MANIFEST files to markdown.
+
+# 0.2.1 - 1-Mar-2026
 * Added the verify_init_creds and an authenticate! methods.
 * The Context constructor now accepts optional :secure and/or :profile arguments
   for different types of contexts.
@@ -10,37 +30,37 @@
 * The rake-compiler gem is now a development dependency, not a runtime
   dependency (thanks Ondřej Gajdušek).
 
- = 0.2.0 - 14-Feb-2026
+# 0.2.0 - 14-Feb-2026
 * Added Docker and Podman support for running tests in isolated environments with Kerberos and OpenLDAP services.
 * Updated documentation with modern testing and development workflows, including container-based instructions.
 * Improved compatibility for Ruby 3.4 and later.
 * Enhanced build and test automation using docker-compose and podman-compose.
 * Various bug fixes, code cleanups, and test improvements.
 
-= 0.1.5 - 17-Oct-2016
+# 0.1.5 - 17-Oct-2016
 * Fix build error on Ruby 2.0.0/2.1 with CFLAGS concatenation
 
-= 0.1.4 - 14-Oct-2016
+# 0.1.4 - 14-Oct-2016
 * Implement db_args functionality in kadmin (fixes #8)
 * Fix a double-free error when setting the realm for a principal
 * Fix an error in policy creation that would sometimes cause a communication failure
 * Set C99 as the C Standard and fix all compiler warnings at this level
 
-= 0.1.3 - 07-Sep-2013
+# 0.1.3 - 07-Sep-2013
 * Add optional 'service' argument to get_init_creds_password (fixes #3)
 * Artistic License 2.0 text now included (fixes #2)
 
-= 0.1.2 - 24-Jun-2013
+# 0.1.2 - 24-Jun-2013
 * Fix kadm5clnt build issue on EL6
 * Remove admin_keytab references for krb5 1.11
 * Add Gemfile
 * Replace deprecated Config with RbConfig (Ruby 2)
 
-= 0.1.1 - 08-May-2013
+# 0.1.1 - 08-May-2013
 * Add credential cache argument to get_init_creds_keytab
 * Fixed invalid VALUE declarations affecting non-gcc compilers
 * Add OS X install instructions
 
-= 0.1.0 - 28-Apr-2011
+# 0.1.0 - 28-Apr-2011
 * Initial release. This is effectively a re-release of my own custom branch
   of the krb5-auth library, with some minor changes.

data/MANIFEST.md

@@ -1,16 +1,24 @@
-CHANGES.md
-rkerberos.gemspec
-MANIFEST.md
-Rakefile
-README
-ext/ccache.c
-ext/context.c
-ext/extconf.rb
-ext/kadm5.c
-ext/keytab.c
-ext/keytab_entry.c
-ext/rkerberos.c
-ext/rkerberos.h
-ext/policy.c
-ext/principal.c
-test/test_krb5.rb
+* CHANGES.md
+* rkerberos.gemspec
+* MANIFEST.md
+* Rakefile
+* README
+* ext/ccache.c
+* ext/context.c
+* ext/extconf.rb
+* ext/kadm5.c
+* ext/keytab.c
+* ext/keytab_entry.c
+* ext/rkerberos.c
+* ext/rkerberos.h
+* ext/policy.c
+* ext/principal.c
+* spec/config_spec.rb
+* spec/context_spec.rb
+* spec/credentials_spec.rb
+* spec/kadm5_spec.rb
+* spec/keytab_entry_spec.rb
+* spec/krb5_keytab_spec.rb
+* spec/krb5_spec.rb
+* spec/policy_spec.rb
+* spec/principal_spec.rb

data/Rakefile

@@ -100,7 +100,10 @@ namespace :spec do
 
     FileUtils.rm_rf('Gemfile.lock')
     begin
-      sh "#{compose} build --no-cache rkerberos-test" unless fast
+      unless fast
+        sh "#{compose} build --no-cache kerberos-kdc"
+        sh "#{compose} build --no-cache rkerberos-test"
+      end
       sh "#{compose} run --rm rkerberos-test"
     ensure
       # redirect stderr so missing-container messages don't appear

data/ext/rkerberos/ccache.c

@@ -157,6 +157,40 @@ static VALUE rkrb5_ccache_default_name(VALUE self){
   return rb_str_new2(krb5_cc_default_name(ptr->ctx));
 }
 
+// Wrapper for krb5_cc_get_name; returns the actual ccache name.
+static VALUE rkrb5_ccache_get_name(VALUE self){
+  RUBY_KRB5_CCACHE* ptr;
+  const char *name;
+
+  TypedData_Get_Struct(self, RUBY_KRB5_CCACHE, &rkrb5_ccache_data_type, ptr);
+
+  if(!ptr->ctx)
+    rb_raise(cKrb5Exception, "no context has been established");
+
+  name = krb5_cc_get_name(ptr->ctx, ptr->ccache);
+  if(!name)
+    rb_raise(cKrb5Exception, "krb5_cc_get_name returned NULL");
+
+  return rb_str_new2(name);
+}
+
+// Wrapper for krb5_cc_get_type; returns the cache type string.
+static VALUE rkrb5_ccache_get_type(VALUE self){
+  RUBY_KRB5_CCACHE* ptr;
+  const char *type;
+
+  TypedData_Get_Struct(self, RUBY_KRB5_CCACHE, &rkrb5_ccache_data_type, ptr);
+
+  if(!ptr->ctx)
+    rb_raise(cKrb5Exception, "no context has been established");
+
+  type = krb5_cc_get_type(ptr->ctx, ptr->ccache);
+  if(!type)
+    rb_raise(cKrb5Exception, "krb5_cc_get_type returned NULL");
+
+  return rb_str_new2(type);
+}
+
 /*
  * call-seq:
  *   ccache.primary_principal
@@ -173,6 +207,11 @@ static VALUE rkrb5_ccache_primary_principal(VALUE self){
   if(!ptr->ctx)
     rb_raise(cKrb5Exception, "no context has been established");
 
+  if(ptr->principal){
+    krb5_free_principal(ptr->ctx, ptr->principal);
+    ptr->principal = NULL;
+  }
+
   kerror = krb5_cc_get_principal(ptr->ctx, ptr->ccache, &ptr->principal);
 
   if(kerror)
@@ -183,7 +222,15 @@ static VALUE rkrb5_ccache_primary_principal(VALUE self){
   if(kerror)
     rb_raise(cKrb5Exception, "krb5_unparse_name: %s", error_message(kerror));
 
-  return rb_str_new2(name);
+  VALUE v_name = rb_str_new2(name);
+  krb5_free_unparsed_name(ptr->ctx, name);
+
+  return v_name;
+}
+
+// Simple wrapper around krb5_cc_get_principal returning a principal name string.
+static VALUE rkrb5_ccache_principal(VALUE self){
+  return rkrb5_ccache_primary_principal(self);
 }
 
 /*
@@ -220,6 +267,10 @@ static VALUE rkrb5_ccache_destroy(VALUE self){
       if(ptr->ctx)
         krb5_free_context(ptr->ctx);
 
+      ptr->ccache = NULL;
+      ptr->ctx = NULL;
+      ptr->principal = NULL;
+
       rb_raise(cKrb5Exception, "krb5_cc_destroy: %s", error_message(kerror));
     }
   }
@@ -237,6 +288,47 @@ static VALUE rkrb5_ccache_destroy(VALUE self){
   return v_bool;
 }
 
+// Duplicate the credentials cache object.
+// call-seq:
+//   ccache.dup -> new_ccache
+//
+// Returns a new Kerberos::Krb5::CredentialsCache that references the
+// same underlying cache data. The new object has its own krb5 context so
+// that closing one cache does not affect the other.
+static VALUE rkrb5_ccache_dup(VALUE self){
+  RUBY_KRB5_CCACHE *ptr, *newptr;
+  krb5_error_code kerror;
+  VALUE newobj;
+
+  TypedData_Get_Struct(self, RUBY_KRB5_CCACHE, &rkrb5_ccache_data_type, ptr);
+
+  if(!ptr->ctx)
+    rb_raise(cKrb5Exception, "no context has been established");
+
+  // allocate new ruby object and struct
+  newobj = rkrb5_ccache_allocate(CLASS_OF(self));
+  TypedData_Get_Struct(newobj, RUBY_KRB5_CCACHE, &rkrb5_ccache_data_type, newptr);
+
+  // initialize a fresh context for the duplicate
+  kerror = krb5_init_context(&newptr->ctx);
+  if(kerror){
+    rb_raise(cKrb5Exception, "krb5_init_context: %s", error_message(kerror));
+  }
+
+  // perform ccache duplication using the new context
+  kerror = krb5_cc_dup(newptr->ctx, ptr->ccache, &newptr->ccache);
+  if(kerror){
+    krb5_free_context(newptr->ctx);
+    newptr->ctx = NULL;
+    rb_raise(cKrb5Exception, "krb5_cc_dup: %s", error_message(kerror));
+  }
+
+  // principal is not copied; let callers query primary_principal on each
+  newptr->principal = NULL;
+
+  return newobj;
+}
+
 void Init_ccache(void){
   /* The Kerberos::Krb5::CredentialsCache class encapsulates a Kerberos credentials cache. */
   cKrb5CCache = rb_define_class_under(cKrb5, "CredentialsCache", rb_cObject);
@@ -250,8 +342,13 @@ void Init_ccache(void){
   // Instance Methods
   rb_define_method(cKrb5CCache, "close", rkrb5_ccache_close, 0);
   rb_define_method(cKrb5CCache, "default_name", rkrb5_ccache_default_name, 0);
+  rb_define_method(cKrb5CCache, "cache_name", rkrb5_ccache_get_name, 0);
+  rb_define_method(cKrb5CCache, "cache_type", rkrb5_ccache_get_type, 0);
   rb_define_method(cKrb5CCache, "destroy", rkrb5_ccache_destroy, 0);
   rb_define_method(cKrb5CCache, "primary_principal", rkrb5_ccache_primary_principal, 0);
+  rb_define_method(cKrb5CCache, "principal", rkrb5_ccache_principal, 0);
+  rb_define_method(cKrb5CCache, "dup", rkrb5_ccache_dup, 0);
+  rb_define_alias(cKrb5CCache, "clone", "dup");
 
   // Aliases
   rb_define_alias(cKrb5CCache, "delete", "destroy");

data/ext/rkerberos/config.c

@@ -1,3 +1,4 @@
+#ifdef HAVE_KADM5_ADMIN_H
 #include <rkerberos.h>
 
 VALUE cKadm5Config;
@@ -8,9 +9,10 @@ VALUE cKeySalt;
 static void rkadm5_config_typed_free(void *ptr) {
   if (!ptr) return;
   RUBY_KADM5_CONFIG *c = (RUBY_KADM5_CONFIG *)ptr;
-  kadm5_free_config_params(c->ctx, &c->config);
-  if (c->ctx)
+  if (c->ctx) {
+    kadm5_free_config_params(c->ctx, &c->config);
     krb5_free_context(c->ctx);
+  }
   free(c);
 }
 
@@ -263,12 +265,12 @@ static VALUE rkadm5_config_inspect(VALUE self){
   rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@mkey_from_kbd")));
   rb_str_buf_cat2(v_str, " ");
 
-  rb_str_buf_cat2(v_str, "maxlife=");
-  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@maxlife")));
+  rb_str_buf_cat2(v_str, "max_life=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@max_life")));
   rb_str_buf_cat2(v_str, " ");
 
-  rb_str_buf_cat2(v_str, "maxrlife=");
-  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@maxrlife")));
+  rb_str_buf_cat2(v_str, "max_rlife=");
+  rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@max_rlife")));
   rb_str_buf_cat2(v_str, " ");
 
   rb_str_buf_cat2(v_str, "num_keysalts=");
@@ -332,4 +334,5 @@ void Init_config(void){
   cKeySalt = rb_define_class_under(cKadm5, "KeySalt", rb_cObject);
   rb_define_attr(cKeySalt, "enctype", 1, 0);
   rb_define_attr(cKeySalt, "salttype", 1, 0);
-}
+}
+#endif

data/ext/rkerberos/context.c

@@ -61,6 +61,8 @@ static VALUE rkrb5_context_close(VALUE self){
  *
  *   :secure  => true|false           # Use config files only, ignore env variables
  *   :profile => '/path/to/krb5.conf' # Use the specified profile file
+ *
+ * Note that the profile option may not be supported on your platform.
  */
 static VALUE rkrb5_context_initialize(int argc, VALUE *argv, VALUE self){
   RUBY_KRB5_CONTEXT* ptr;
@@ -92,6 +94,9 @@ static VALUE rkrb5_context_initialize(int argc, VALUE *argv, VALUE self){
    * is used when the :secure option is truthy.
    */
   if (!NIL_P(v_profile)){
+#ifndef HAVE_PROFILE_INIT_PATH
+    rb_raise(rb_eArgError, "profile option not supported on this platform");
+#else
     Check_Type(v_profile, T_STRING);
 
     const char *profile_path = StringValueCStr(v_profile);
@@ -110,6 +115,7 @@ static VALUE rkrb5_context_initialize(int argc, VALUE *argv, VALUE self){
       rb_raise(cKrb5Exception, "krb5_init_context_profile: %s", error_message(kerror));
 
     return self;
+#endif
   }
 
   // No profile given, choose secure or normal init.

data/ext/rkerberos/extconf.rb

@@ -14,8 +14,19 @@ else
   else
     dir_config('rkerberos', '/usr/local')
   end
+
+  if File::ALT_SEPARATOR
+    kfw_dir = ENV['KRB5_DIR'] || 'C:/Program Files/MIT/Kerberos'
+    kfw_inc = ENV['KRB5_INCLUDE'] || File.join(kfw_dir, 'include')
+    kfw_lib = ENV['KRB5_LIB'] || File.join(kfw_dir, 'lib')
+    $INCFLAGS << " -I\"#{kfw_inc}\""
+    $LDFLAGS << " -L\"#{kfw_lib}\""
+  end
+
   have_header('krb5.h')
-  have_library('krb5')
+
+  have_library('krb5') || have_library('krb5_64')
+  have_library('comerr') || have_library('comerr64')
 end
 
 pkg_config('com_err') || have_library('com_err')
@@ -26,8 +37,10 @@ end
 
 if pkg_config('kdb5') || have_library('kdb5')
   have_header('kdb.h')
-else
-  raise 'kdb5 library not found'
+end
+
+if have_header('profile.h')
+  have_func('profile_init_path')
 end
 
 create_makefile('rkerberos')