RubyGems - rkerberos - Versions diffs - 0.2.1 → 0.2.3 - Mend

rkerberos 0.2.1 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

checksums.yaml +4 -4
data/CHANGES.md +28 -8
data/MANIFEST.md +24 -16
data/Rakefile +4 -1
data/ext/rkerberos/ccache.c +98 -1
data/ext/rkerberos/config.c +10 -7
data/ext/rkerberos/context.c +6 -0
data/ext/rkerberos/extconf.rb +16 -3
data/ext/rkerberos/kadm5.c +97 -45
data/ext/rkerberos/keytab.c +247 -106
data/ext/rkerberos/keytab_entry.c +2 -1
data/ext/rkerberos/principal.c +28 -0
data/ext/rkerberos/rkerberos.c +91 -13
data/rkerberos.gemspec +1 -1
data/spec/config_spec.rb +29 -7
data/spec/context_spec.rb +6 -7
data/spec/credentials_cache_spec.rb +79 -12
data/spec/kadm5_spec.rb +57 -16
data/spec/krb5_keytab_spec.rb +200 -4
data/spec/krb5_spec.rb +81 -9
data/spec/policy_spec.rb +8 -7
data/spec/principal_spec.rb +18 -0
data/spec/spec_helper.rb +34 -0
metadata +3 -2

data/ext/rkerberos/keytab.c CHANGED Viewed

@@ -7,7 +7,7 @@ VALUE cKrb5Keytab, cKrb5KeytabException;
 void rkrb5_keytab_typed_free(void *ptr) {
   if (!ptr) return;
   RUBY_KRB5_KEYTAB *kt = (RUBY_KRB5_KEYTAB *)ptr;
-  if (kt->keytab)
+  if (kt->keytab && kt->ctx)
     krb5_kt_close(kt->ctx, kt->keytab);
   if (kt->ctx)
     krb5_free_cred_contents(kt->ctx, &kt->creds);
@@ -35,6 +35,61 @@ VALUE rkrb5_keytab_allocate(VALUE klass){
 // Allocation function for the Kerberos::Krb5::Keytab class.
+// Struct for rb_ensure in each()
+typedef struct {
+  krb5_context ctx;
+  krb5_keytab keytab;
+  krb5_kt_cursor cursor;
+  int cursor_active;
+} keytab_each_arg;
+static VALUE rkrb5_keytab_each_body(VALUE arg){
+  keytab_each_arg* ea = (keytab_each_arg*)arg;
+  krb5_keytab_entry entry;
+  krb5_error_code kerror;
+  char* principal;
+  VALUE v_kt_entry;
+  while((kerror = krb5_kt_next_entry(ea->ctx, ea->keytab, &entry, &ea->cursor)) == 0){
+    kerror = krb5_unparse_name(ea->ctx, entry.principal, &principal);
+    if(kerror){
+      krb5_kt_free_entry(ea->ctx, &entry);
+      rb_raise(cKrb5Exception, "krb5_unparse_name: %s", error_message(kerror));
+    }
+    v_kt_entry = rb_class_new_instance(0, NULL, cKrb5KtEntry);
+    rb_iv_set(v_kt_entry, "@principal", rb_str_new2(principal));
+    rb_iv_set(v_kt_entry, "@timestamp", rb_time_new(entry.timestamp, 0));
+    rb_iv_set(v_kt_entry, "@vno", INT2FIX(entry.vno));
+    rb_iv_set(v_kt_entry, "@key", INT2FIX(entry.key.enctype));
+    krb5_free_unparsed_name(ea->ctx, principal);
+    krb5_kt_free_entry(ea->ctx, &entry);
+    rb_yield(v_kt_entry);
+  }
+  ea->cursor_active = 0;
+  kerror = krb5_kt_end_seq_get(ea->ctx, ea->keytab, &ea->cursor);
+  if(kerror)
+    rb_raise(cKrb5Exception, "krb5_kt_end_seq_get: %s", error_message(kerror));
+  return Qnil;
+}
+static VALUE rkrb5_keytab_each_ensure(VALUE arg){
+  keytab_each_arg* ea = (keytab_each_arg*)arg;
+  if(ea->cursor_active)
+    krb5_kt_end_seq_get(ea->ctx, ea->keytab, &ea->cursor);
+  return Qnil;
+}
 /*
  * call-seq:
  *
@@ -46,48 +101,22 @@ VALUE rkrb5_keytab_allocate(VALUE klass){
  */
 static VALUE rkrb5_keytab_each(VALUE self){
   RUBY_KRB5_KEYTAB* ptr;
-  VALUE v_kt_entry;
   krb5_error_code kerror;
-  krb5_kt_cursor cursor;
-  krb5_keytab_entry entry;
-  char* principal;
+  keytab_each_arg ea;
   TypedData_Get_Struct(self, RUBY_KRB5_KEYTAB, &rkrb5_keytab_data_type, ptr);
-  kerror = krb5_kt_start_seq_get(
-    ptr->ctx,
-    ptr->keytab,
-    &cursor
-  );
+  ea.ctx = ptr->ctx;
+  ea.keytab = ptr->keytab;
+  kerror = krb5_kt_start_seq_get(ea.ctx, ea.keytab, &ea.cursor);
   if(kerror)
     rb_raise(cKrb5Exception, "krb5_kt_start_seq_get: %s", error_message(kerror));
-  while((kerror = krb5_kt_next_entry(ptr->ctx, ptr->keytab, &entry, &cursor)) == 0){
-    krb5_unparse_name(ptr->ctx, entry.principal, &principal);
+  ea.cursor_active = 1;
-    v_kt_entry = rb_class_new_instance(0, NULL, cKrb5KtEntry);
-    rb_iv_set(v_kt_entry, "@principal", rb_str_new2(principal));
-    rb_iv_set(v_kt_entry, "@timestamp", rb_time_new(entry.timestamp, 0));
-    rb_iv_set(v_kt_entry, "@vno", INT2FIX(entry.vno));
-    rb_iv_set(v_kt_entry, "@key", INT2FIX(entry.key.enctype));
-    rb_yield(v_kt_entry);
-    free(principal);
-    krb5_kt_free_entry(ptr->ctx, &entry);
-  }
-  kerror = krb5_kt_end_seq_get(
-    ptr->ctx,
-    ptr->keytab,
-    &cursor
-  );
-  if(kerror)
-    rb_raise(cKrb5Exception, "krb5_kt_end_seq_get: %s", error_message(kerror));
+  rb_ensure(rkrb5_keytab_each_body, (VALUE)&ea, rkrb5_keytab_each_ensure, (VALUE)&ea);
   return self;
 }
@@ -130,6 +159,11 @@ static VALUE rkrb5_keytab_close(VALUE self){
   TypedData_Get_Struct(self, RUBY_KRB5_KEYTAB, &rkrb5_keytab_data_type, ptr);
+  if(ptr->keytab && ptr->ctx){
+    krb5_kt_close(ptr->ctx, ptr->keytab);
+    ptr->keytab = NULL;
+  }
   if(ptr->ctx)
     krb5_free_cred_contents(ptr->ctx, &ptr->creds);
@@ -241,8 +275,8 @@ static VALUE rkrb5_keytab_add_entry(int argc, VALUE* argv, VALUE self){
  * call-seq:
  *   keytab.get_entry(principal, vno = 0, encoding_type = nil)
  *
- * Searches the keytab by +principal+, +vno+ and +encoding_type+. If the
- * +vno+ is zero (the default), then the first entry that matches +principal+
+ * Searches the keytab by +principal+, +vno+ (version number) and +encoding_type+.
+ * If the +vno+ is zero (the default), then the first entry that matches +principal+
  * is returned.
  *
  * Returns a Kerberos::Krb5::KeytabEntry object if the entry is found.
@@ -269,10 +303,17 @@ static VALUE rkrb5_keytab_get_entry(int argc, VALUE* argv, VALUE self){
   kerror = krb5_parse_name(ptr->ctx, name, &principal);
   if(kerror)
-    rb_raise(cKrb5Exception, "krb5_unparse_name: %s", error_message(kerror));
+    rb_raise(cKrb5Exception, "krb5_parse_name: %s", error_message(kerror));
+  if(NIL_P(v_vno))
+    vno = 0;
+  else
+    vno = NUM2INT(v_vno);
-  vno = 0;
-  enctype = 0;
+  if(NIL_P(v_enctype))
+    enctype = 0;
+  else
+    enctype = NUM2INT(v_enctype);
   kerror = krb5_kt_get_entry(
     ptr->ctx,
@@ -283,6 +324,8 @@ static VALUE rkrb5_keytab_get_entry(int argc, VALUE* argv, VALUE self){
     &entry
   );
+  krb5_free_principal(ptr->ctx, principal);
   if(kerror)
     rb_raise(cKrb5Exception, "krb5_kt_get_entry: %s", error_message(kerror));
@@ -298,6 +341,93 @@ static VALUE rkrb5_keytab_get_entry(int argc, VALUE* argv, VALUE self){
   return v_entry;
 }
+/*
+ * call-seq:
+ *   keytab.keytab_name
+ *
+ * Return the name associated with the open keytab. This returns the canonical
+ * type:residual string used internally by the library. It will usually be the
+ * same as the +name+ method, but could be different.
+ */
+static VALUE rkrb5_keytab_get_name(VALUE self){
+  RUBY_KRB5_KEYTAB* ptr;
+  krb5_error_code kerror;
+  char name[MAX_KEYTAB_NAME_LEN];
+  TypedData_Get_Struct(self, RUBY_KRB5_KEYTAB, &rkrb5_keytab_data_type, ptr);
+  if(!ptr->ctx)
+    rb_raise(cKrb5Exception, "no context has been established");
+  kerror = krb5_kt_get_name(ptr->ctx, ptr->keytab, name, MAX_KEYTAB_NAME_LEN);
+  if(kerror)
+    rb_raise(cKrb5Exception, "krb5_kt_get_name: %s", error_message(kerror));
+  return rb_str_new2(name);
+}
+/*
+ * call-seq:
+ *   keytab.keytab_type
+ *
+ * Return the keytab type portion, e.g. "FILE". Raises an error if nil.
+ */
+static VALUE rkrb5_keytab_get_type(VALUE self){
+  RUBY_KRB5_KEYTAB* ptr;
+  const char *type;
+  TypedData_Get_Struct(self, RUBY_KRB5_KEYTAB, &rkrb5_keytab_data_type, ptr);
+  if(!ptr->ctx)
+    rb_raise(cKrb5Exception, "no context has been established");
+  type = krb5_kt_get_type(ptr->ctx, ptr->keytab);
+  if(!type)
+    rb_raise(cKrb5Exception, "krb5_kt_get_type returned NULL");
+  return rb_str_new2(type);
+}
+/*
+ * call-seq:
+ *   keytab.dup -> new_keytab
+ *
+ * Duplicate the keytab object so that both handles may be closed
+ * independently.  Underlying data is shared by the krb5 library; the
+ * new Ruby object receives a fresh context.
+ */
+static VALUE rkrb5_keytab_dup(VALUE self){
+  RUBY_KRB5_KEYTAB *ptr, *newptr;
+  krb5_error_code kerror;
+  VALUE newobj;
+  TypedData_Get_Struct(self, RUBY_KRB5_KEYTAB, &rkrb5_keytab_data_type, ptr);
+  if(!ptr->ctx)
+    rb_raise(cKrb5Exception, "no context has been established");
+  newobj = rkrb5_keytab_allocate(CLASS_OF(self));
+  TypedData_Get_Struct(newobj, RUBY_KRB5_KEYTAB, &rkrb5_keytab_data_type, newptr);
+  kerror = krb5_init_context(&newptr->ctx);
+  if(kerror){
+    rb_raise(cKrb5Exception, "krb5_init_context: %s", error_message(kerror));
+  }
+  kerror = krb5_kt_dup(newptr->ctx, ptr->keytab, &newptr->keytab);
+  if(kerror){
+    krb5_free_context(newptr->ctx);
+    newptr->ctx = NULL;
+    rb_raise(cKrb5Exception, "krb5_kt_dup: %s", error_message(kerror));
+  }
+  rb_iv_set(newobj, "@name", rb_iv_get(self, "@name"));
+  return newobj;
+}
 /*
  * call-seq:
  *   Kerberos::Krb5::Keytab.new(name = nil)
@@ -362,6 +492,67 @@ static VALUE rkrb5_keytab_initialize(int argc, VALUE* argv, VALUE self){
 // Singleton Methods
+// Struct for rb_ensure in foreach()
+typedef struct {
+  krb5_context ctx;
+  krb5_keytab keytab;
+  krb5_kt_cursor cursor;
+  int cursor_active;
+} keytab_foreach_arg;
+static VALUE rkrb5_s_keytab_foreach_body(VALUE arg){
+  keytab_foreach_arg* fa = (keytab_foreach_arg*)arg;
+  krb5_keytab_entry entry;
+  krb5_error_code kerror;
+  char* principal;
+  VALUE v_kt_entry;
+  while((kerror = krb5_kt_next_entry(fa->ctx, fa->keytab, &entry, &fa->cursor)) == 0){
+    kerror = krb5_unparse_name(fa->ctx, entry.principal, &principal);
+    if(kerror){
+      krb5_kt_free_entry(fa->ctx, &entry);
+      rb_raise(cKrb5Exception, "krb5_unparse_name: %s", error_message(kerror));
+    }
+    v_kt_entry = rb_class_new_instance(0, NULL, cKrb5KtEntry);
+    rb_iv_set(v_kt_entry, "@principal", rb_str_new2(principal));
+    rb_iv_set(v_kt_entry, "@timestamp", rb_time_new(entry.timestamp, 0));
+    rb_iv_set(v_kt_entry, "@vno", INT2FIX(entry.vno));
+    rb_iv_set(v_kt_entry, "@key", INT2FIX(entry.key.enctype));
+    krb5_free_unparsed_name(fa->ctx, principal);
+    krb5_kt_free_entry(fa->ctx, &entry);
+    rb_yield(v_kt_entry);
+  }
+  fa->cursor_active = 0;
+  kerror = krb5_kt_end_seq_get(fa->ctx, fa->keytab, &fa->cursor);
+  if(kerror)
+    rb_raise(cKrb5Exception, "krb5_kt_end_seq_get: %s", error_message(kerror));
+  return Qnil;
+}
+static VALUE rkrb5_s_keytab_foreach_ensure(VALUE arg){
+  keytab_foreach_arg* fa = (keytab_foreach_arg*)arg;
+  if(fa->cursor_active)
+    krb5_kt_end_seq_get(fa->ctx, fa->keytab, &fa->cursor);
+  if(fa->keytab)
+    krb5_kt_close(fa->ctx, fa->keytab);
+  if(fa->ctx)
+    krb5_free_context(fa->ctx);
+  return Qnil;
+}
 /*
  * call-seq:
  *   Kerberos::Krb5::Keytab.foreach(keytab = nil){ |entry|
@@ -374,31 +565,26 @@ static VALUE rkrb5_keytab_initialize(int argc, VALUE* argv, VALUE self){
  * If no +keytab+ is provided, then the default keytab is used.
  */
 static VALUE rkrb5_s_keytab_foreach(int argc, VALUE* argv, VALUE klass){
-  VALUE v_kt_entry;
   VALUE v_keytab_name;
   krb5_error_code kerror;
-  krb5_kt_cursor cursor;
-  krb5_keytab keytab;
-  krb5_keytab_entry entry;
-  krb5_context context;
-  char* principal;
+  keytab_foreach_arg fa;
   char keytab_name[MAX_KEYTAB_NAME_LEN];
+  memset(&fa, 0, sizeof(fa));
   rb_scan_args(argc, argv, "01", &v_keytab_name);
-  kerror = krb5_init_context(&context);
+  kerror = krb5_init_context(&fa.ctx);
   if(kerror)
     rb_raise(cKrb5Exception, "krb5_init_context: %s", error_message(kerror));
   // Use the default keytab name if one isn't provided.
   if(NIL_P(v_keytab_name)){
-    kerror = krb5_kt_default_name(context, keytab_name, MAX_KEYTAB_NAME_LEN);
+    kerror = krb5_kt_default_name(fa.ctx, keytab_name, MAX_KEYTAB_NAME_LEN);
     if(kerror){
-      if(context)
-        krb5_free_context(context);
+      krb5_free_context(fa.ctx);
       rb_raise(cKrb5Exception, "krb5_kt_default_name: %s", error_message(kerror));
     }
   }
@@ -408,73 +594,24 @@ static VALUE rkrb5_s_keytab_foreach(int argc, VALUE* argv, VALUE klass){
     keytab_name[MAX_KEYTAB_NAME_LEN - 1] = '\0';
   }
-  kerror = krb5_kt_resolve(
-    context,
-    keytab_name,
-    &keytab
-  );
+  kerror = krb5_kt_resolve(fa.ctx, keytab_name, &fa.keytab);
   if(kerror){
-    if(context)
-      krb5_free_context(context);
+    krb5_free_context(fa.ctx);
     rb_raise(cKrb5Exception, "krb5_kt_resolve: %s", error_message(kerror));
   }
-  kerror = krb5_kt_start_seq_get(
-    context,
-    keytab,
-    &cursor
-  );
+  kerror = krb5_kt_start_seq_get(fa.ctx, fa.keytab, &fa.cursor);
   if(kerror){
-    if(context)
-      krb5_free_context(context);
-    if(keytab)
-      krb5_kt_close(context, keytab);
+    krb5_kt_close(fa.ctx, fa.keytab);
+    krb5_free_context(fa.ctx);
     rb_raise(cKrb5Exception, "krb5_kt_start_seq_get: %s", error_message(kerror));
   }
-  while((kerror = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
-    krb5_unparse_name(context, entry.principal, &principal);
-    v_kt_entry = rb_class_new_instance(0, NULL, cKrb5KtEntry);
-    rb_iv_set(v_kt_entry, "@principal", rb_str_new2(principal));
-    rb_iv_set(v_kt_entry, "@timestamp", rb_time_new(entry.timestamp, 0));
-    rb_iv_set(v_kt_entry, "@vno", INT2FIX(entry.vno));
-    rb_iv_set(v_kt_entry, "@key", INT2FIX(entry.key.enctype));
-    rb_yield(v_kt_entry);
-    free(principal);
-    krb5_kt_free_entry(context, &entry);
-  }
-  kerror = krb5_kt_end_seq_get(
-    context,
-    keytab,
-    &cursor
-  );
-  if(kerror){
-    if(context)
-      krb5_free_context(context);
-    if(keytab)
-      krb5_kt_close(context, keytab);
-    rb_raise(cKrb5Exception, "krb5_kt_end_seq_get: %s", error_message(kerror));
-  }
-  if(keytab)
-    krb5_kt_close(context, keytab);
+  fa.cursor_active = 1;
-  if(context)
-    krb5_free_context(context);
+  rb_ensure(rkrb5_s_keytab_foreach_body, (VALUE)&fa, rkrb5_s_keytab_foreach_ensure, (VALUE)&fa);
   return Qnil;
 }
@@ -504,6 +641,10 @@ void Init_keytab(void){
   rb_define_method(cKrb5Keytab, "close", rkrb5_keytab_close, 0);
   rb_define_method(cKrb5Keytab, "each", rkrb5_keytab_each, 0);
   rb_define_method(cKrb5Keytab, "get_entry", rkrb5_keytab_get_entry, -1);
+  rb_define_method(cKrb5Keytab, "keytab_name", rkrb5_keytab_get_name, 0);
+  rb_define_method(cKrb5Keytab, "keytab_type", rkrb5_keytab_get_type, 0);
+  rb_define_method(cKrb5Keytab, "dup", rkrb5_keytab_dup, 0);
+  rb_define_alias(cKrb5Keytab, "clone", "dup");
   // TODO: Move these into Kadm5 and/or figure out how to set the vno properly.
   // rb_define_method(cKrb5Keytab, "add_entry", rkrb5_keytab_add_entry, -1);

data/ext/rkerberos/keytab_entry.c CHANGED Viewed

@@ -63,7 +63,8 @@ static VALUE rkrb5_kt_entry_inspect(VALUE self){
   rb_str_buf_cat2(v_str, "key=");
   rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@key")));
-  rb_str_buf_cat2(v_str, " ");
+  rb_str_buf_cat2(v_str, ">");
   return v_str;
 }

data/ext/rkerberos/principal.c CHANGED Viewed

@@ -49,22 +49,30 @@ static VALUE rkrb5_princ_allocate(VALUE klass){
 static VALUE rkrb5_princ_initialize(VALUE self, VALUE v_name){
   RUBY_KRB5_PRINC* ptr;
   krb5_error_code kerror;
   TypedData_Get_Struct(self, RUBY_KRB5_PRINC, &rkrb5_princ_data_type, ptr);
   kerror = krb5_init_context(&ptr->ctx);
   if(kerror)
     rb_raise(cKrb5Exception, "krb5_init_context failed: %s", error_message(kerror));
   if(NIL_P(v_name)){
     rb_iv_set(self, "@principal", Qnil);
   }
   else{
     char* name;
     Check_Type(v_name, T_STRING);
     name = StringValueCStr(v_name);
     kerror = krb5_parse_name(ptr->ctx, name, &ptr->principal);
     if(kerror)
       rb_raise(cKrb5Exception, "krb5_parse_name failed: %s", error_message(kerror));
     rb_iv_set(self, "@principal", v_name);
   }
   rb_iv_set(self, "@attributes", Qnil);
   rb_iv_set(self, "@aux_attributes", Qnil);
   rb_iv_set(self, "@expire_time", Qnil);
@@ -79,8 +87,10 @@ static VALUE rkrb5_princ_initialize(VALUE self, VALUE v_name){
   rb_iv_set(self, "@password_expiration", Qnil);
   rb_iv_set(self, "@policy", Qnil);
   rb_iv_set(self, "@kvno", Qnil);
   if(rb_block_given_p())
     rb_yield(self);
   return self;
 }
@@ -92,7 +102,12 @@ static VALUE rkrb5_princ_initialize(VALUE self, VALUE v_name){
  */
 static VALUE rkrb5_princ_get_realm(VALUE self){
   RUBY_KRB5_PRINC* ptr;
   TypedData_Get_Struct(self, RUBY_KRB5_PRINC, &rkrb5_princ_data_type, ptr);
+  if(!ptr->principal)
+    rb_raise(cKrb5Exception, "no principal has been established");
   return rb_str_new2(krb5_princ_realm(ptr->ctx, ptr->principal)->data);
 }
@@ -104,9 +119,16 @@ static VALUE rkrb5_princ_get_realm(VALUE self){
  */
 static VALUE rkrb5_princ_set_realm(VALUE self, VALUE v_realm){
   RUBY_KRB5_PRINC* ptr;
   TypedData_Get_Struct(self, RUBY_KRB5_PRINC, &rkrb5_princ_data_type, ptr);
+  if(!ptr->principal)
+    rb_raise(cKrb5Exception, "no principal has been established");
   Check_Type(v_realm, T_STRING);
   krb5_set_principal_realm(ptr->ctx, ptr->principal, StringValueCStr(v_realm));
   return v_realm;
 }
@@ -120,10 +142,16 @@ static VALUE rkrb5_princ_equal(VALUE self, VALUE v_other){
   RUBY_KRB5_PRINC* ptr1;
   RUBY_KRB5_PRINC* ptr2;
   VALUE v_bool = Qfalse;
   TypedData_Get_Struct(self, RUBY_KRB5_PRINC, &rkrb5_princ_data_type, ptr1);
   TypedData_Get_Struct(v_other, RUBY_KRB5_PRINC, &rkrb5_princ_data_type, ptr2);
+  if(!ptr1->principal || !ptr2->principal)
+    return Qfalse;
   if(krb5_principal_compare(ptr1->ctx, ptr1->principal, ptr2->principal))
     v_bool = Qtrue;
   return v_bool;
 }