rkerberos 0.1.3 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fad6b2ef21cbb2b32b0e4e3f82bf721bc9f2657d
-  data.tar.gz: f24b854f2280641f2637007142a94a765f95682a
+  metadata.gz: b3bb9284b0e33854b70e8b3bb81a363ef17d431d
+  data.tar.gz: 144e3ceffc05e362b6a1ca016ceae205771bca77
 SHA512:
-  metadata.gz: e4c5d5c5e95e59d2916f2e0cdc77df87c6df0e23b0d6f0c4edf148cc62316f6d150665de63d61f7954c25b5b7f5802e4ff970a5865b82857607af126403f68c6
-  data.tar.gz: b0c3e66a5d700d4426a05b801124309411bfe78bb60dce5d2cc90f92a3c399b31c4c5eb13892751a7085d23416049d90840a89a818bce1544799181139f768bf
+  metadata.gz: 1795e8628f251b6283e8290d7af9d9379682ee599d2f94521b3d90d7d34651fbea4d71f373acd9da87482ad8c40126e36d0799613be6a2f47aad2d07643a1c64
+  data.tar.gz: 6f876d9ec6e2fc8baade8be576a8247b5e6f8a5f0444af14c3618020d8fd51bffa377e5e1dff9d3de8a224e2f8b8a8ed9846a2551c4bd4faf4ce26f947a77adc

data/CHANGES

@@ -1,3 +1,9 @@
+= 0.1.4 - 14-Oct-2016
+* Implement db_args functionality in kadmin (fixes #8)
+* Fix a double-free error when setting the realm for a principal
+* Fix an error in policy creation that would sometimes cause a communication failure
+* Set C99 as the C Standard and fix all compiler warnings at this level
+
 = 0.1.3 - 07-Sep-2013
 * Add optional 'service' argument to get_init_creds_password (fixes #3)
 * Artistic License 2.0 text now included (fixes #2)

data/README.md

@@ -4,13 +4,15 @@
 # Requirements
   Kerberos 1.7.0 or later, including admin header and library files.
 
-# OSX
+# OS X (10.11)
   krb5 must be installed from source before installing the rkerberos gem:
 ```
-  wget http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10.2-signed.tar
-  tar -xf krb5-1.10.2-signed.tar
-  tar -xf krb5-1.10.2-signed.tar.gz
-  cd krb5-1.10.2
+  brew install openssl
+  curl -0 http://web.mit.edu/kerberos/dist/krb5/1.14/krb5-1.14.tar.gz
+  tar -xzf krb5-1.14.tar.gz
+  cd krb5-1.14/src
+  export CPPFLAGS='-I/usr/local/opt/openssl/include'
+  export LDFLAGS='-L/usr/local/opt/openssl/lib'
   ./configure
   make
   make install
@@ -60,6 +62,7 @@
 # Authors
 * Daniel Berger
 * Dominic Cleal (maintainer)
+* Simon Levermann (maintainer)
 
 # License
   rkerberos is distributed under the Artistic 2.0 license.

data/Rakefile

@@ -3,6 +3,7 @@ require 'rake/testtask'
 require 'rake/extensiontask'
 require 'rake/clean'
 require 'rbconfig'
+require 'rubygems/package'
 
 Rake::ExtensionTask.new('rkerberos')
 
@@ -36,7 +37,7 @@ namespace :gem do
   desc 'Create the gem'
   task :create => [:clean] do
     spec = eval(IO.read('rkerberos.gemspec'))
-    Gem::Builder.new(spec).build
+    Gem::Package.build(spec)
   end
 
   desc 'Install the gem'

data/ext/rkerberos/ccache.c

@@ -56,7 +56,7 @@ static VALUE rkrb5_ccache_initialize(int argc, VALUE* argv, VALUE self){
 
     kerror = krb5_parse_name(
       ptr->ctx,
-      StringValuePtr(v_principal),
+      StringValueCStr(v_principal),
       &ptr->principal
     );
 
@@ -79,7 +79,7 @@ static VALUE rkrb5_ccache_initialize(int argc, VALUE* argv, VALUE self){
   }
   else{
     Check_Type(v_name, T_STRING);
-    kerror = krb5_cc_resolve(ptr->ctx, StringValuePtr(v_name), &ptr->ccache);
+    kerror = krb5_cc_resolve(ptr->ctx, StringValueCStr(v_name), &ptr->ccache);
 
     if(kerror)
       rb_raise(cKrb5Exception, "krb5_cc_resolve: %s", error_message(kerror));

data/ext/rkerberos/config.c

@@ -163,11 +163,8 @@ static VALUE rkadm5_config_initialize(VALUE self){
 }
 
 static VALUE rkadm5_config_inspect(VALUE self){
-  RUBY_KADM5_CONFIG* ptr;
   VALUE v_str;
 
-  Data_Get_Struct(self, RUBY_KADM5_CONFIG, ptr); 
-
   v_str = rb_str_new2("#<");
   rb_str_buf_cat2(v_str, rb_obj_classname(self));
   rb_str_buf_cat2(v_str, " ");

data/ext/rkerberos/extconf.rb

@@ -15,4 +15,11 @@ else
   raise "kadm5clnt library not found"
 end
 
+if have_header('kdb.h')
+  have_library('libkdb5')
+else
+  raise 'kdb5 library not found'
+end
+
+$CFLAGS << '-std=c99 -Wall -pedantic'
 create_makefile('rkerberos')

data/ext/rkerberos/kadm5.c

@@ -1,4 +1,5 @@
 #include <rkerberos.h>
+#include <kdb.h>
 
 VALUE cKadm5;
 VALUE cKadm5Exception;
@@ -6,6 +7,10 @@ VALUE cKadm5PrincipalNotFoundException;
 
 // Prototype
 static VALUE rkadm5_close(VALUE);
+char** parse_db_args(VALUE v_db_args);
+void add_db_args(kadm5_principal_ent_rec*, char**);
+void add_tl_data(krb5_int16 *, krb5_tl_data **,
+  krb5_int16, krb5_ui_2, krb5_octet *);
 
 // Free function for the Kerberos::Kadm5 class.
 static void rkadm5_free(RUBY_KADM5* ptr){
@@ -18,6 +23,7 @@ static void rkadm5_free(RUBY_KADM5* ptr){
   if(ptr->ctx)
     krb5_free_context(ptr->ctx);
 
+  free(ptr->db_args);
   free(ptr);
 }
 
@@ -44,10 +50,15 @@ static VALUE rkadm5_allocate(VALUE klass){
  *
  * You may also pass the :service option to specify the service name. The
  * default is kadmin/admin.
+ *
+ * There is also a :db_args option, which is a single string or array of strings
+ * containing options usually passed to kadmin with the -x switch. For a list of
+ * available options, see the kadmin manpage
+ *
  */
 static VALUE rkadm5_initialize(VALUE self, VALUE v_opts){
   RUBY_KADM5* ptr;
-  VALUE v_principal, v_password, v_keytab, v_service;
+  VALUE v_principal, v_password, v_keytab, v_service, v_db_args;
   char* user;
   char* pass = NULL;
   char* keytab = NULL;
@@ -64,7 +75,7 @@ static VALUE rkadm5_initialize(VALUE self, VALUE v_opts){
     rb_raise(rb_eArgError, "principal must be specified");
 
   Check_Type(v_principal, T_STRING);
-  user = StringValuePtr(v_principal);
+  user = StringValueCStr(v_principal);
 
   v_password = rb_hash_aref2(v_opts, "password");
   v_keytab = rb_hash_aref2(v_opts, "keytab");
@@ -74,19 +85,22 @@ static VALUE rkadm5_initialize(VALUE self, VALUE v_opts){
 
   if(RTEST(v_password)){
     Check_Type(v_password, T_STRING);
-    pass = StringValuePtr(v_password);
+    pass = StringValueCStr(v_password);
   }
 
   v_service = rb_hash_aref2(v_opts, "service");
 
   if(NIL_P(v_service)){
-    service = "kadmin/admin";
+    service = (char *) "kadmin/admin";
   }
   else{
     Check_Type(v_service, T_STRING);
-    service = StringValuePtr(v_service);
+    service = StringValueCStr(v_service);
   }
 
+  v_db_args = rb_hash_aref2(v_opts, "db_args");
+  ptr->db_args = parse_db_args(v_db_args);
+
   // Normally I would wait to initialize the context, but we might need it
   // to get the default keytab file name.
   kerror = krb5_init_context(&ptr->ctx);
@@ -108,7 +122,7 @@ static VALUE rkadm5_initialize(VALUE self, VALUE v_opts){
     }
     else{
       Check_Type(v_keytab, T_STRING);
-      keytab = StringValuePtr(v_keytab);
+      keytab = StringValueCStr(v_keytab);
     }
   }
 
@@ -122,7 +136,7 @@ static VALUE rkadm5_initialize(VALUE self, VALUE v_opts){
       NULL,
       KADM5_STRUCT_VERSION,
       KADM5_API_VERSION_3,
-      NULL,
+      ptr->db_args,
       &ptr->handle
     );
 #else
@@ -133,7 +147,7 @@ static VALUE rkadm5_initialize(VALUE self, VALUE v_opts){
       NULL,
       KADM5_STRUCT_VERSION,
       KADM5_API_VERSION_2,
-      NULL,
+      ptr->db_args,
       &ptr->handle
     );
 #endif
@@ -151,7 +165,7 @@ static VALUE rkadm5_initialize(VALUE self, VALUE v_opts){
       NULL,
       KADM5_STRUCT_VERSION,
       KADM5_API_VERSION_3,
-      NULL,
+      ptr->db_args,
       &ptr->handle
     );
 #else
@@ -162,7 +176,7 @@ static VALUE rkadm5_initialize(VALUE self, VALUE v_opts){
       NULL,
       KADM5_STRUCT_VERSION,
       KADM5_API_VERSION_2,
-      NULL,
+      ptr->db_args,
       &ptr->handle
     );
 #endif
@@ -188,15 +202,17 @@ static VALUE rkadm5_initialize(VALUE self, VALUE v_opts){
  * Set the password for +user+ (i.e. the principal) to +password+.
  */
 static VALUE rkadm5_set_password(VALUE self, VALUE v_user, VALUE v_pass){
-  Check_Type(v_user, T_STRING);
-  Check_Type(v_pass, T_STRING);
-
   RUBY_KADM5* ptr;
-  char* user = StringValuePtr(v_user);
-  char* pass = StringValuePtr(v_pass);
   krb5_error_code kerror;
+  char *user;
+  char *pass;
+
+  Check_Type(v_user, T_STRING);
+  Check_Type(v_pass, T_STRING);
 
   Data_Get_Struct(self, RUBY_KADM5, ptr);
+  user = StringValueCStr(v_user);
+  pass = StringValueCStr(v_pass);
 
   if(!ptr->ctx)
     rb_raise(cKadm5Exception, "no context has been established");
@@ -216,31 +232,41 @@ static VALUE rkadm5_set_password(VALUE self, VALUE v_user, VALUE v_pass){
 
 /*
  * call-seq:
- *   kadm5.create_principal(name, password)
+ *   kadm5.create_principal(name, password, db_args=nil)
  *   kadm5.create_principal(principal)
  *
  * Creates a new principal +name+ with an initial password of +password+.
+ * +db_args+ is an optional string or array of strings containing options that are usually
+ * passed to add_principal with the -x option. For a list of options, see the kadmin manpage,
+ * in the add_principal section.
  *--
  * TODO: Allow a Principal object to be passed in as an argument.
  */
-static VALUE rkadm5_create_principal(VALUE self, VALUE v_user, VALUE v_pass){
+static VALUE rkadm5_create_principal(int argc, VALUE* argv, VALUE self){
   RUBY_KADM5* ptr;
   char* user;
   char* pass;
+  char** db_args;
   int mask;
   kadm5_principal_ent_rec princ;
   krb5_error_code kerror;
+  VALUE v_user, v_pass, v_db_args;
 
   Data_Get_Struct(self, RUBY_KADM5, ptr);
 
+  rb_scan_args(argc, argv, "21", &v_user, &v_pass, &v_db_args);
   Check_Type(v_user, T_STRING);
   Check_Type(v_pass, T_STRING);
 
   memset(&princ, 0, sizeof(princ));
 
-  mask = KADM5_PRINCIPAL;
-  user = StringValuePtr(v_user);
-  pass = StringValuePtr(v_pass);
+  mask = KADM5_PRINCIPAL | KADM5_TL_DATA;
+  user = StringValueCStr(v_user);
+  pass = StringValueCStr(v_pass);
+
+  db_args = parse_db_args(v_db_args);
+  add_db_args(&princ, db_args);
+  free(db_args);
 
   if(!ptr->ctx)
     rb_raise(cKadm5Exception, "no context has been established");
@@ -272,7 +298,7 @@ static VALUE rkadm5_delete_principal(VALUE self, VALUE v_user){
 
   Data_Get_Struct(self, RUBY_KADM5, ptr);
   Check_Type(v_user, T_STRING);
-  user = StringValuePtr(v_user);
+  user = StringValueCStr(v_user);
 
   if(!ptr->ctx)
     rb_raise(cKadm5Exception, "no context has been established");
@@ -313,6 +339,9 @@ static VALUE rkadm5_close(VALUE self){
   if(ptr->handle)
     kadm5_destroy(ptr->handle);
 
+  free(ptr->db_args);
+
+  ptr->db_args = NULL;
   ptr->ctx    = NULL;
   ptr->princ  = NULL;
   ptr->handle = NULL;
@@ -394,7 +423,7 @@ static VALUE rkadm5_find_principal(VALUE self, VALUE v_user){
 
   Data_Get_Struct(self, RUBY_KADM5, ptr);
   Check_Type(v_user, T_STRING);
-  user = StringValuePtr(v_user);
+  user = StringValueCStr(v_user);
 
   memset(&ent, 0, sizeof(ent));
 
@@ -450,7 +479,7 @@ static VALUE rkadm5_get_principal(VALUE self, VALUE v_user){
 
   Data_Get_Struct(self, RUBY_KADM5, ptr);
   Check_Type(v_user, T_STRING);
-  user = StringValuePtr(v_user);
+  user = StringValueCStr(v_user);
 
   memset(&ent, 0, sizeof(ent));
 
@@ -521,7 +550,8 @@ static VALUE rkadm5_create_policy(VALUE self, VALUE v_policy){
   v_max_life    = rb_iv_get(v_policy, "@max_life");
   v_history_num = rb_iv_get(v_policy, "@history_num");
 
-  ent.policy = StringValuePtr(v_name);
+  memset(&ent, 0, sizeof(ent));
+  ent.policy = StringValueCStr(v_name);
 
   if(RTEST(v_min_classes)){
     mask |= KADM5_PW_MIN_CLASSES;
@@ -573,7 +603,7 @@ static VALUE rkadm5_delete_policy(VALUE self, VALUE v_policy){
 
   Data_Get_Struct(self, RUBY_KADM5, ptr);
 
-  policy = StringValuePtr(v_policy);
+  policy = StringValueCStr(v_policy);
 
   kerror = kadm5_delete_policy(ptr->handle, policy);
 
@@ -606,7 +636,7 @@ static VALUE rkadm5_get_policy(VALUE self, VALUE v_name){
   if(!ptr->ctx)
     rb_raise(cKadm5Exception, "no context has been established");
 
-  policy_name = StringValuePtr(v_name);
+  policy_name = StringValueCStr(v_name);
 
   kerror = kadm5_get_policy(ptr->handle, policy_name, &ent); 
 
@@ -658,7 +688,7 @@ static VALUE rkadm5_find_policy(VALUE self, VALUE v_name){
   if(!ptr->ctx)
     rb_raise(cKadm5Exception, "no context has been established");
 
-  policy_name = StringValuePtr(v_name);
+  policy_name = StringValueCStr(v_name);
 
   kerror = kadm5_get_policy(ptr->handle, policy_name, &ent); 
 
@@ -762,7 +792,7 @@ static VALUE rkadm5_get_policies(int argc, VALUE* argv, VALUE self){
   if(NIL_P(v_expr))
     expr = NULL;
   else
-    expr = StringValuePtr(v_expr);
+    expr = StringValueCStr(v_expr);
 
   kerror = kadm5_get_policies(ptr->handle, expr, &pols, &count);
 
@@ -810,7 +840,7 @@ static VALUE rkadm5_get_principals(int argc, VALUE* argv, VALUE self){
   if(NIL_P(v_expr))
     expr = NULL;
   else
-    expr = StringValuePtr(v_expr);
+    expr = StringValueCStr(v_expr);
 
   kerror = kadm5_get_principals(ptr->handle, expr, &princs, &count);
 
@@ -848,7 +878,7 @@ static VALUE rkadm5_get_privs(int argc, VALUE* argv, VALUE self){
   VALUE v_return = Qnil;
   VALUE v_strings = Qfalse;
   kadm5_ret_t kerror;
-  int i;
+  unsigned int i;
   long privs;
   int result = 0;
 
@@ -911,7 +941,7 @@ static VALUE rkadm5_randkey_principal(VALUE self, VALUE v_user){
 
   Data_Get_Struct(self, RUBY_KADM5, ptr);
 
-  user = StringValuePtr(v_user);
+  user = StringValueCStr(v_user);
 
   if(!ptr->ctx)
     rb_raise(cKadm5Exception, "no context has been established");
@@ -934,6 +964,75 @@ static VALUE rkadm5_randkey_principal(VALUE self, VALUE v_user){
   return INT2NUM(n_keys);
 }
 
+/**
+ * Parses an array or a single string containing database arguments for kerberos functions.
+ * Returns NULL if v_db_args is nil, otherwise returns a NULL-Terminated array of NULL-Terminated strings
+ */
+char** parse_db_args(VALUE v_db_args){
+  long array_length;
+  char** db_args;
+  switch(TYPE(v_db_args)){
+    case T_STRING:
+      db_args = (char **) malloc(2 * sizeof(char *));
+      db_args[0] = StringValueCStr(v_db_args);
+      db_args[1] = NULL;
+      break;
+    case T_ARRAY:
+      // Multiple arguments
+      array_length = RARRAY_LEN(v_db_args);
+      db_args = (char **) malloc(array_length * sizeof(char *) + 1);
+      for(long i = 0; i < array_length; ++i){
+        VALUE elem = rb_ary_entry(v_db_args, i);
+        Check_Type(elem, T_STRING);
+        db_args[i] = StringValueCStr(elem);
+      }
+      db_args[array_length] = NULL;
+      break;
+    case T_NIL:
+      db_args = NULL;
+      break;
+    default:
+      rb_raise(rb_eTypeError, "Need Single String or Array of Strings for db_args");
+  }
+  return db_args;
+}
+
+/**
+ * Add parsed db-args to principal entry
+ */
+void add_db_args(kadm5_principal_ent_rec* entry, char** db_args){
+  if (db_args){
+    int i;
+    for(i = 0; db_args[i] != NULL; i++){
+      add_tl_data(&entry->n_tl_data, &entry->tl_data, KRB5_TL_DB_ARGS, strlen(db_args[i]) + 1, (krb5_octet*)db_args[i]);
+    }
+  }
+}
+
+/**
+ * Source code taken from kadmin source code at https://github.com/krb5/krb5/blob/master/src/kadmin/cli/kadmin.c
+ */
+void add_tl_data(krb5_int16 *n_tl_datap, krb5_tl_data **tl_datap,
+  krb5_int16 tl_type, krb5_ui_2 len, krb5_octet *contents){
+  krb5_tl_data* tl_data;
+  krb5_octet* copy;
+
+  copy = malloc(len);
+  tl_data = calloc(1, sizeof(*tl_data));
+  memcpy(copy, contents, len);
+
+  tl_data->tl_data_type = tl_type;
+  tl_data->tl_data_length = len;
+  tl_data->tl_data_contents = copy;
+  tl_data->tl_data_next = NULL;
+
+  // Forward to end of tl_data
+  for(; *tl_datap != NULL; tl_datap = &(*tl_datap)->tl_data_next);
+
+  *tl_datap = tl_data;
+  (*n_tl_datap)++;
+}
+
 void Init_kadm5(){
   /* The Kadm5 class encapsulates administrative Kerberos functions. */
   cKadm5 = rb_define_class_under(mKerberos, "Kadm5", rb_cObject);
@@ -958,7 +1057,7 @@ void Init_kadm5(){
 
   rb_define_method(cKadm5, "close", rkadm5_close, 0);
   rb_define_method(cKadm5, "create_policy", rkadm5_create_policy, 1);
-  rb_define_method(cKadm5, "create_principal", rkadm5_create_principal, 2);
+  rb_define_method(cKadm5, "create_principal", rkadm5_create_principal, -1);
   rb_define_method(cKadm5, "delete_policy", rkadm5_delete_policy, 1);
   rb_define_method(cKadm5, "delete_principal", rkadm5_delete_principal, 1);
   rb_define_method(cKadm5, "find_principal", rkadm5_find_principal, 1);

data/ext/rkerberos/keytab.c

@@ -143,7 +143,7 @@ static VALUE rkrb5_keytab_remove_entry(int argc, VALUE* argv, VALUE self){
 
   Check_Type(v_name, T_STRING);
 
-  name = StringValuePtr(v_name);
+  name = StringValueCStr(v_name);
 
   if(!ptr->ctx)
     rb_raise(cKrb5Exception, "no context has been established");
@@ -190,7 +190,7 @@ static VALUE rkrb5_keytab_add_entry(int argc, VALUE* argv, VALUE self){
 
   Check_Type(v_name, T_STRING);
 
-  name = StringValuePtr(v_name);
+  name = StringValueCStr(v_name);
 
   if(!ptr->ctx)
     rb_raise(cKrb5Exception, "no context has been established");
@@ -252,7 +252,7 @@ static VALUE rkrb5_keytab_get_entry(int argc, VALUE* argv, VALUE self){
   rb_scan_args(argc, argv, "12", &v_principal, &v_vno, &v_enctype);
 
   Check_Type(v_principal, T_STRING);
-  name = StringValuePtr(v_principal);
+  name = StringValueCStr(v_principal);
 
   kerror = krb5_parse_name(ptr->ctx, name, &principal);
 
@@ -331,7 +331,7 @@ static VALUE rkrb5_keytab_initialize(int argc, VALUE* argv, VALUE self){
   } 
   else{
     Check_Type(v_keytab_name, T_STRING);
-    strncpy(keytab_name, StringValuePtr(v_keytab_name), MAX_KEYTAB_NAME_LEN);
+    strncpy(keytab_name, StringValueCStr(v_keytab_name), MAX_KEYTAB_NAME_LEN);
     rb_iv_set(self, "@name", v_keytab_name);
   }
 
@@ -391,7 +391,7 @@ static VALUE rkrb5_s_keytab_foreach(int argc, VALUE* argv, VALUE klass){
   } 
   else{
     Check_Type(v_keytab_name, T_STRING);
-    strncpy(keytab_name, StringValuePtr(v_keytab_name), MAX_KEYTAB_NAME_LEN);
+    strncpy(keytab_name, StringValueCStr(v_keytab_name), MAX_KEYTAB_NAME_LEN);
   }
 
   kerror = krb5_kt_resolve(

data/ext/rkerberos/keytab_entry.c

@@ -27,8 +27,6 @@ static VALUE rkrb5_kt_entry_allocate(VALUE klass){
  * methods.
  */
 static VALUE rkrb5_kt_entry_initialize(VALUE self){
-  RUBY_KRB5_KT_ENTRY* ptr;
-  Data_Get_Struct(self, RUBY_KRB5_KT_ENTRY, ptr); 
   return self;
 }
 
@@ -36,8 +34,6 @@ static VALUE rkrb5_kt_entry_initialize(VALUE self){
  * A custom inspect method for nicer output.
  */
 static VALUE rkrb5_kt_entry_inspect(VALUE self){
-  RUBY_KRB5_KT_ENTRY* ptr;
-  Data_Get_Struct(self, RUBY_KRB5_KT_ENTRY, ptr);
   VALUE v_str;
 
   v_str = rb_str_new2("#<"); 

data/ext/rkerberos/policy.c

@@ -63,7 +63,7 @@ static VALUE rkadm5_policy_init(VALUE self, VALUE v_options){
     rb_raise(rb_eArgError, "name policy option is mandatory");
   }
   else{
-    ptr->policy.policy = StringValuePtr(v_name);
+    ptr->policy.policy = StringValueCStr(v_name);
     rb_iv_set(self, "@policy", v_name);
   }
 
@@ -117,11 +117,8 @@ static VALUE rkadm5_policy_init(VALUE self, VALUE v_options){
  * A custom inspect method for Policy objects.
  */
 static VALUE rkadm5_policy_inspect(VALUE self){
-  RUBY_KADM5_POLICY* ptr;
   VALUE v_str;
 
-  Data_Get_Struct(self, RUBY_KADM5_POLICY, ptr);
-
   v_str = rb_str_new2("#<");
   rb_str_buf_cat2(v_str, rb_obj_classname(self));
   rb_str_buf_cat2(v_str, " ");

data/ext/rkerberos/principal.c

@@ -55,7 +55,7 @@ static VALUE rkrb5_princ_initialize(VALUE self, VALUE v_name){
   else{
     char* name;
     Check_Type(v_name, T_STRING);
-    name = StringValuePtr(v_name);
+    name = StringValueCStr(v_name);
     kerror = krb5_parse_name(ptr->ctx, name, &ptr->principal);
 
     if(kerror)
@@ -106,15 +106,12 @@ static VALUE rkrb5_princ_get_realm(VALUE self){
  */
 static VALUE rkrb5_princ_set_realm(VALUE self, VALUE v_realm){
   RUBY_KRB5_PRINC* ptr;
-  krb5_data kdata;
 
-  memset(&kdata, 0, sizeof(kdata));
   Data_Get_Struct(self, RUBY_KRB5_PRINC, ptr); 
 
   Check_Type(v_realm, T_STRING);
-  kdata.data = StringValuePtr(v_realm);
 
-  krb5_princ_set_realm(ptr->ctx, ptr->principal, &kdata);
+  krb5_set_principal_realm(ptr->ctx, ptr->principal, StringValueCStr(v_realm));
 
   return v_realm;
 }
@@ -146,11 +143,8 @@ static VALUE rkrb5_princ_equal(VALUE self, VALUE v_other){
  * A custom inspect method for the Principal object.
  */
 static VALUE rkrb5_princ_inspect(VALUE self){
-  RUBY_KRB5_PRINC* ptr;
   VALUE v_str;
 
-  Data_Get_Struct(self, RUBY_KRB5_PRINC, ptr); 
-
   v_str = rb_str_new2("#<");
   rb_str_buf_cat2(v_str, rb_obj_classname(self));
   rb_str_buf_cat2(v_str, " ");

data/ext/rkerberos/rkerberos.c

@@ -7,7 +7,7 @@ VALUE cKrb5Exception;
 // Function prototypes
 static VALUE rkrb5_close(VALUE);
 
-VALUE rb_hash_aref2(VALUE v_hash, char* key){
+VALUE rb_hash_aref2(VALUE v_hash, const char* key){
   VALUE v_key, v_val;
 
   v_key = rb_str_new2(key);
@@ -115,7 +115,7 @@ static VALUE rkrb5_set_default_realm(int argc, VALUE* argv, VALUE self){
   }
   else{
     Check_Type(v_realm, T_STRING);
-    realm = StringValuePtr(v_realm);
+    realm = StringValueCStr(v_realm);
   }
 
   kerror = krb5_set_default_realm(ptr->ctx, realm);
@@ -167,7 +167,7 @@ static VALUE rkrb5_get_init_creds_keytab(int argc, VALUE* argv, VALUE self){
   }
   else{
     Check_Type(v_service, T_STRING);
-    service = StringValuePtr(v_service);
+    service = StringValueCStr(v_service);
   }
 
   // Convert the name (or service name) to a kerberos principal.
@@ -187,7 +187,7 @@ static VALUE rkrb5_get_init_creds_keytab(int argc, VALUE* argv, VALUE self){
   }
   else{
     Check_Type(v_user, T_STRING);
-    user = StringValuePtr(v_user);
+    user = StringValueCStr(v_user);
 
     kerror = krb5_parse_name(ptr->ctx, user, &ptr->princ); 
 
@@ -208,7 +208,7 @@ static VALUE rkrb5_get_init_creds_keytab(int argc, VALUE* argv, VALUE self){
   }
   else{
     Check_Type(v_keytab_name, T_STRING);
-    strncpy(keytab_name, StringValuePtr(v_keytab_name), MAX_KEYTAB_NAME_LEN);
+    strncpy(keytab_name, StringValueCStr(v_keytab_name), MAX_KEYTAB_NAME_LEN);
   }
 
   kerror = krb5_kt_resolve(
@@ -270,17 +270,21 @@ static VALUE rkrb5_get_init_creds_keytab(int argc, VALUE* argv, VALUE self){
  * krb5.change_password('XXXXXX', 'YYYYYY')      # Change password for 'foo'
  */
 static VALUE rkrb5_change_password(VALUE self, VALUE v_old, VALUE v_new){
-  Check_Type(v_old, T_STRING);
-  Check_Type(v_new, T_STRING);
 
   RUBY_KRB5* ptr;
   krb5_data result_string;
   krb5_data pw_result_string;
   krb5_error_code kerror;
+  char *old_passwd;
+  char *new_passwd;
 
   int pw_result;
-  char* old_passwd = StringValuePtr(v_old);
-  char* new_passwd = StringValuePtr(v_new);
+
+  Check_Type(v_old, T_STRING);
+  Check_Type(v_new, T_STRING);
+
+  old_passwd = StringValueCStr(v_old);
+  new_passwd = StringValueCStr(v_new);
 
   Data_Get_Struct(self, RUBY_KRB5, ptr); 
 
@@ -345,15 +349,15 @@ static VALUE rkrb5_get_init_creds_passwd(int argc, VALUE* argv, VALUE self){
 
   Check_Type(v_user, T_STRING);
   Check_Type(v_pass, T_STRING);
-  user = StringValuePtr(v_user);
-  pass = StringValuePtr(v_pass);
+  user = StringValueCStr(v_user);
+  pass = StringValueCStr(v_pass);
 
   if(NIL_P(v_service)){
     service = NULL;
   }
   else{
     Check_Type(v_service, T_STRING);
-    service = StringValuePtr(v_service);
+    service = StringValueCStr(v_service);
   }
 
   kerror = krb5_parse_name(ptr->ctx, user, &ptr->princ); 

data/ext/rkerberos/rkerberos.h

@@ -20,7 +20,7 @@ void Init_keytab_entry();
 void Init_ccache();
 
 // Defined in rkerberos.c
-VALUE rb_hash_aref2(VALUE, char*);
+VALUE rb_hash_aref2(VALUE, const char*);
 
 // Variable declarations
 extern VALUE mKerberos;
@@ -55,6 +55,7 @@ typedef struct {
   krb5_context ctx;
   krb5_principal princ;
   void* handle;
+  char** db_args;
 } RUBY_KADM5;
 
 // Kerberos::Krb5::Keytab::Entry

data/rkerberos.gemspec

@@ -2,23 +2,24 @@ require 'rubygems'
 
 Gem::Specification.new do |spec|
   spec.name       = 'rkerberos'
-  spec.version    = '0.1.3'
-  spec.authors    = ['Daniel Berger', 'Dominic Cleal']
+  spec.version    = '0.1.4'
+  spec.authors    = ['Daniel Berger', 'Dominic Cleal', 'Simon Levermann']
   spec.license    = 'Artistic 2.0'
-  spec.email      = ['djberg96@gmail.com', 'dcleal@redhat.com']
+  spec.email      = ['djberg96@gmail.com', 'dcleal@redhat.com', 'simon-rubygems@slevermann.de']
   spec.homepage   = 'http://github.com/domcleal/rkerberos'
   spec.summary    = 'A Ruby interface for the the Kerberos library'
   spec.test_files = Dir['test/test*']
   spec.extensions = ['ext/rkerberos/extconf.rb']
   spec.files      = `git ls-files`.split("\n").reject { |f| f.include?('git') }
-  
+
   spec.extra_rdoc_files  = ['README.md', 'CHANGES', 'MANIFEST', 'LICENSE'] + Dir['ext/rkerberos/*.c']
 
   spec.add_dependency('rake-compiler')
-  
+
   spec.add_development_dependency('test-unit', '>= 2.1.0')
   spec.add_development_dependency('dbi-dbrc', '>= 1.1.6')
-   
+  spec.add_development_dependency('net-ldap')
+
   spec.description = <<-EOF
     The rkerberos library is an interface for the Kerberos 5 network
     authentication protocol. It wraps the Kerberos C API.

data/test/test_credentials_cache.rb

@@ -39,13 +39,13 @@ class TC_Krb5_Credentials_Cache < Test::Unit::TestCase
 
   test "calling constructor with no arguments does not create a cache" do
     assert_nothing_raised{ @ccache = Kerberos::Krb5::CredentialsCache.new }
-    assert_false(File.exists?(@cfile))
+    assert_false(File.exist?(@cfile))
     assert_false(cache_found)
   end
 
   test "calling constructor with a principal argument creates a credentials cache" do
     assert_nothing_raised{ @ccache = Kerberos::Krb5::CredentialsCache.new(@princ) }
-    assert_true(File.exists?(@cfile))
+    assert_true(File.exist?(@cfile))
     assert_true(cache_found)
   end
 

data/test/test_kadm5.rb

@@ -23,6 +23,11 @@ class TC_Kerberos_Kadm5 < Test::Unit::TestCase
     @@server = Kerberos::Kadm5::Config.new.admin_server
     @@info = DBI::DBRC.new('local-kerberos')
     @@host = Socket.gethostname
+    begin
+      @@ldap_info = DBI::DBRC.new('kerberos-ldap')
+    rescue DBI::DBRC::Error
+      @@ldap_info = nil
+    end
 
     # For local testing the FQDN may or may not be available, so let's assume
     # that hosts with the same name are on the same domain.
@@ -42,9 +47,26 @@ class TC_Kerberos_Kadm5 < Test::Unit::TestCase
     @test_princ = "zztop"
     @test_policy = "test_policy"
 
+    if @@ldap_info
+      gem 'net-ldap'
+      require 'net/ldap'
+
+      username = @@ldap_info.user.split('@')
+      @bind_dn = username[0]
+      @ldap_host = username[1]
+      @ldap_password = @@ldap_info.password
+      driver = @@ldap_info.driver.split(':')
+      @subtree_dn = driver[0]
+      @existing_ldap = driver[1]
+      @userprefix = driver[2]
+      @ldap_test_princ = 'martymcfly'
+
+      @ldap = Net::LDAP.new(host: @ldap_host)
+      @ldap.authenticate(@bind_dn, @ldap_password)
+    end
     @keytab = Kerberos::Krb5::Keytab.new.default_name.split(':').last
 
-    unless File.exists?(@keytab)
+    unless File.exist?(@keytab)
       @keytab = '/etc/krb5.keytab'
     end
   end
@@ -71,7 +93,7 @@ class TC_Kerberos_Kadm5 < Test::Unit::TestCase
 
   test "constructor with valid user and default keytab works as expected" do
     omit_unless(@@host == @@server, "keytab on different host, skipping")
-    omit_unless(File.exists?(@keytab), "default keytab file '#{@keytab}' not found")
+    omit_unless(File.exist?(@keytab), "default keytab file '#{@keytab}' not found")
 
     assert_nothing_raised{
       @kadm = Kerberos::Kadm5.new(:principal => @user, :keytab => true)
@@ -80,7 +102,7 @@ class TC_Kerberos_Kadm5 < Test::Unit::TestCase
 
   test "constructor with valid user and explicit keytab works as expected" do
     omit_unless(@@host == @@server, "keytab on different host, skipping")
-    omit_unless(File.exists?(@keytab), "keytab file '#{@keytab}' not found")
+    omit_unless(File.exist?(@keytab), "keytab file '#{@keytab}' not found")
 
     assert_nothing_raised{
       @kadm = Kerberos::Kadm5.new(:principal => @user, :keytab => @keytab)
@@ -247,11 +269,51 @@ class TC_Kerberos_Kadm5 < Test::Unit::TestCase
     assert_nothing_raised{ @kadm.create_principal(@test_princ, "changeme") }
   end
 
-  test "create_principal requires two arguments" do
+  ##
+  # The following two tests are skipped if there is no .dbrc entry for 'kerberos-ldap'
+  # The expected format for the entries is as follows
+  #   username: <bind_dn>@<ldap.hostname>
+  #   password: <ldap_bind_password>
+  #   driver: <krbSubtreeDn>:<user>:<userprefix>
+  # Username must be an LDAP user that has access to read attributes of objects under krbSubtreeDn,
+  # so possibly an administrative user.
+  # Password must be the LDAP bind password for that user
+  # krbSubtreeDn must be configured in kerberos as a subtree that contains kerberos principals
+  # user must be an existing ldap user that does not yet have kerberos information attached to them
+  # user must be accessible in LDAP as <userprefix>=<user>,<krbSubtreeDn>, so if userprefix is uid,
+  # user is foobar, and krbSubtreeDn is ou=People,dc=example,dc=com, the driver variable should read
+  # ou=People,dc=example.com:foobar:uid
+  # The user in the driver must not be the same as the user that is used to connect to kerberos, as it 
+  # is deleted after each test.
+  # If the entry is present, but the format is not matched (or LDAP is misconfigured), theses tests fail.
+  ##
+  test "create_principal with db_princ_args creates a user under the expected subtree" do
+    omit_unless(@@ldap_info, "No LDAP info specified, skipping db_args tests")
+    assert_nothing_raised { @kadm = Kerberos::Kadm5.new(:principal => @user, :password => @pass) }
+    assert_nothing_raised { @kadm.create_principal(@ldap_test_princ, "changeme", "containerdn=#{@subtree_dn}") }
+    @ldap.open do |ldap|
+      filter = Net::LDAP::Filter.eq(:krbPrincipalName, "#{@ldap_test_princ}@*")
+      base = @subtree_dn
+      assert_not_empty(ldap.search(:base => base, :filter => filter, :return_result => true))
+    end
+  end
+
+  test "create_principal with a dn db_princ_args correctly adds kerberos information to existing user" do
+    omit_unless(@@ldap_info, "No LDAP info specified, skipping db_princ_args tests")
+    assert_nothing_raised { @kadm = Kerberos::Kadm5.new(:principal => @user, :password => @pass) }
+    assert_nothing_raised { @kadm.create_principal(@existing_ldap, "changeme", "dn=#{@userprefix}=#{@existing_ldap},#{@subtree_dn}") }
+    @ldap.open do |ldap|
+      filter = Net::LDAP::Filter.eq(:uid, @existing_ldap) & Net::LDAP::Filter.eq(:objectclass, 'krbPrincipalAux')
+      base = @subtree_dn
+      assert_not_empty(ldap.search(:base => base, :filter => filter, :return_result => true))
+    end
+  end
+
+  test "create_principal requires two or three arguments" do
     assert_nothing_raised{ @kadm = Kerberos::Kadm5.new(:principal => @user, :password => @pass) }
     assert_raise(ArgumentError){ @kadm.create_principal }
     assert_raise(ArgumentError){ @kadm.create_principal(@user) }
-    assert_raise(ArgumentError){ @kadm.create_principal(@user, @pass, @pass) }
+    assert_raise(ArgumentError){ @kadm.create_principal(@user, @pass, @pass, @pass) }
   end
 
   test "attempting to create a principal that already exists raises an error" do
@@ -406,6 +468,10 @@ class TC_Kerberos_Kadm5 < Test::Unit::TestCase
     if @kadm
       @kadm.delete_principal(@test_princ) rescue nil
       @kadm.delete_policy(@test_policy) rescue nil
+      if @@ldap_info
+        @kadm.delete_principal(@ldap_test_princ) rescue nil
+        @kadm.delete_principal(@existing_ldap) rescue nil
+      end
       @kadm.close
     end
 

data/test/test_krb5.rb

@@ -21,7 +21,7 @@ class TC_Krb5 < Test::Unit::TestCase
     end
 
     @@krb5_conf = ENV['KRB5_CONFIG'] || '/etc/krb5.conf'
-    @@realm = IO.read(@@krb5_conf).grep(/default_realm/).first.split('=').last.lstrip.chomp
+    @@realm = IO.read(@@krb5_conf).split("\n").grep(/default_realm/).first.split('=').last.lstrip.chomp
   end
 
   def setup
@@ -111,33 +111,33 @@ class TC_Krb5 < Test::Unit::TestCase
   end
 
   test "get_init_creds_keytab uses a default keytab if no keytab file is specified" do
-    omit_unless(File.exists?(@keytab), "keytab file not found, skipping")
+    omit_unless(File.exist?(@keytab), "keytab file not found, skipping")
     assert_nothing_raised{ @krb5.get_init_creds_keytab(@user) }
   end
 
   test "get_init_creds_keytab accepts a keytab" do
-    omit_unless(File.exists?(@keytab), "keytab file not found, skipping")
+    omit_unless(File.exist?(@keytab), "keytab file not found, skipping")
     assert_nothing_raised{ @krb5.get_init_creds_keytab(@user, @keytab) }
   end
 
   # This test will probably fail (since it defaults to "host") so I've commented it out for now.
   #test "get_init_creds_keytab uses default service principal if no arguments are provided" do
-  #  omit_unless(File.exists?(@keytab), "keytab file not found, skipping")
+  #  omit_unless(File.exist?(@keytab), "keytab file not found, skipping")
   #  assert_nothing_raised{ @krb5.get_init_creds_keytab }
   #end
 
   test "get_init_creds_keytab accepts a service name" do
-    omit_unless(File.exists?(@keytab), "keytab file not found, skipping")
+    omit_unless(File.exist?(@keytab), "keytab file not found, skipping")
     assert_nothing_raised{ @krb5.get_init_creds_keytab(@user, @keytab, @service) }
   end
 
   test "get_init_creds_keytab accepts a credential cache" do
-    omit_unless(File.exists?(@keytab), "keytab file not found, skipping")
+    omit_unless(File.exist?(@keytab), "keytab file not found, skipping")
     assert_nothing_raised{ @krb5.get_init_creds_keytab(@user, @keytab, @service, @ccache) }
   end
 
   test "get_init_creds_keytab stores credentials in the credential cache" do
-    omit_unless(File.exists?(@keytab), "keytab file not found, skipping")
+    omit_unless(File.exist?(@keytab), "keytab file not found, skipping")
     ccache = Kerberos::Krb5::CredentialsCache.new
     assert_nothing_raised{ @krb5.get_init_creds_keytab(@user, @keytab, @service, @ccache) }
     assert_equal @user, ccache.primary_principal

data/test/test_krb5_keytab.rb

@@ -23,16 +23,24 @@ class TC_Krb5_Keytab < Test::Unit::TestCase
 
     @@key_file = "FILE:" + file
     @@home_dir = ENV['HOME'] || ENV['USER_PROFILE']
+    realm = Kerberos::Kadm5::Config.new.realm
 
-    PTY.spawn('kadmin.local') do |reader, writer, pid|
-      reader.gets
-      reader.expect(/local:\s+/)
+    PTY.spawn('ktutil') do |reader, writer, pid|
+      reader.expect(/ktutil:\s+/)
+      writer.puts("add_entry -password -p testuser1@#{realm} -k 1 -e aes128-cts-hmac-sha1-96")
+      reader.expect(/Password for testuser1@#{Regexp.quote(realm)}:\s+/)
+      writer.puts("asdfasdfasdf")
 
-      writer.puts("ktadd -k #{file} testuser1")
-      reader.expect(/local:\s+/)
+      reader.expect(/ktutil:\s+/)
 
-      writer.puts("ktadd -k #{file} testuser2")
-      reader.expect(/local:\s+/)
+      writer.puts("add_entry -password -p testuser2@#{realm} -k 1 -e aes128-cts-hmac-sha1-96")
+      reader.expect(/Password for testuser2@#{Regexp.quote(realm)}:\s+/)
+      writer.puts("asdfasdfasdf")
+
+      reader.expect(/ktutil:\s+/)
+
+      writer.puts("wkt #{file}")
+      reader.expect(/ktutil:\s+/)
     end
   end
 
@@ -287,7 +295,7 @@ class TC_Krb5_Keytab < Test::Unit::TestCase
   end
 
   def self.shutdown
-    File.delete(@@key_file) if File.exists?(@@key_file)
+    File.delete(@@key_file) if File.exist?(@@key_file)
     @@key_file = nil
     @@home_dir = nil
   end

metadata

@@ -1,64 +1,80 @@
 --- !ruby/object:Gem::Specification
 name: rkerberos
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.1.4
 platform: ruby
 authors:
 - Daniel Berger
 - Dominic Cleal
+- Simon Levermann
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-09-07 00:00:00.000000000 Z
+date: 2016-10-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake-compiler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: test-unit
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.1.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.1.0
 - !ruby/object:Gem::Dependency
   name: dbi-dbrc
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.1.6
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.1.6
+- !ruby/object:Gem::Dependency
+  name: net-ldap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: |2
       The rkerberos library is an interface for the Kerberos 5 network
       authentication protocol. It wraps the Kerberos C API.
 email:
 - djberg96@gmail.com
 - dcleal@redhat.com
+- simon-rubygems@slevermann.de
 executables: []
 extensions:
 - ext/rkerberos/extconf.rb
@@ -67,15 +83,15 @@ extra_rdoc_files:
 - CHANGES
 - MANIFEST
 - LICENSE
-- ext/rkerberos/ccache.c
-- ext/rkerberos/context.c
-- ext/rkerberos/rkerberos.c
 - ext/rkerberos/config.c
+- ext/rkerberos/rkerberos.c
+- ext/rkerberos/keytab.c
+- ext/rkerberos/keytab_entry.c
 - ext/rkerberos/principal.c
+- ext/rkerberos/ccache.c
 - ext/rkerberos/kadm5.c
 - ext/rkerberos/policy.c
-- ext/rkerberos/keytab.c
-- ext/rkerberos/keytab_entry.c
+- ext/rkerberos/context.c
 files:
 - CHANGES
 - Gemfile
@@ -114,27 +130,27 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.5
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: A Ruby interface for the the Kerberos library
 test_files:
-- test/test_policy.rb
-- test/test_keytab_entry.rb
-- test/test_context.rb
+- test/test_krb5.rb
 - test/test_kadm5.rb
-- test/test_principal.rb
+- test/test_krb5_keytab.rb
 - test/test_credentials_cache.rb
+- test/test_policy.rb
 - test/test_config.rb
-- test/test_krb5.rb
-- test/test_krb5_keytab.rb
+- test/test_principal.rb
+- test/test_context.rb
+- test/test_keytab_entry.rb