rkerberos 0.2.2 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 10c43a653634532f7c52f8156f9ea2c9b5646d9bdff60866f8dde301c1abe5e7
-  data.tar.gz: 99021863b149758d3231938481736878027ad99ef8b4056d3d994e0b0a8dbffb
+  metadata.gz: 71575b32bb628b8425101d837de9c86ce1dd5e865a5db93462457266c8eb4d2c
+  data.tar.gz: 99128f7462ed48175619b224d838f2dd00b7d7f972963530c1276037fe299792
 SHA512:
-  metadata.gz: c74926903cdbbcafe0e756189b0e5b53308fc30f4808d090d8091e92941c28f9c7e4629f61c9fb30df130990574bec809f42cfccee9d75d9b697e27e5654889f
-  data.tar.gz: 798be63f34c776a54d1ea54556edc36d965ac0149b7a04414f37b16db3439f8ea1dc8ae7d0f64a0c826c3f80d7cdea0818f5c519a2a77bac0495fa3cb4a44317
+  metadata.gz: d90e4d248f40ae3cd13d02febfe71cd92e0dbc4712f37326444eff8368e5326a55980424263f30d8983a1ddd674b948034cbad0c3ce3e6606649e72feb77ca57
+  data.tar.gz: aa5bd082185a5e8b11b4d50d9e58e3fc76f954b9694d5f00aa5c53e4aeca5739c737a4c4477cc028b374391b108b4a4d166c25ce557b4a39eee39f5a1758ad16

data/CHANGES.md

@@ -1,3 +1,10 @@
+# 0.2.3 - 8-Mar-2026
+* All Kadm5 related classes are skipped if not found.
+* Several updates to the spec helper that mainly revolved around supporting
+  MS Windows and/or skipping specs when Kadm5 classes aren't found.
+* More potential memory issues addressed, mainly stuff that only happened
+  on an error path.
+
 # 0.2.2 - 3-Mar-2026
 * Added custom .dup methods for CredentialsCache and Keytab.
 * Added the keytab_name and keytab_type methods to Keytab.

data/ext/rkerberos/ccache.c

@@ -267,6 +267,10 @@ static VALUE rkrb5_ccache_destroy(VALUE self){
       if(ptr->ctx)
         krb5_free_context(ptr->ctx);
 
+      ptr->ccache = NULL;
+      ptr->ctx = NULL;
+      ptr->principal = NULL;
+
       rb_raise(cKrb5Exception, "krb5_cc_destroy: %s", error_message(kerror));
     }
   }

data/ext/rkerberos/config.c

@@ -1,3 +1,4 @@
+#ifdef HAVE_KADM5_ADMIN_H
 #include <rkerberos.h>
 
 VALUE cKadm5Config;
@@ -8,9 +9,10 @@ VALUE cKeySalt;
 static void rkadm5_config_typed_free(void *ptr) {
   if (!ptr) return;
   RUBY_KADM5_CONFIG *c = (RUBY_KADM5_CONFIG *)ptr;
-  kadm5_free_config_params(c->ctx, &c->config);
-  if (c->ctx)
+  if (c->ctx) {
+    kadm5_free_config_params(c->ctx, &c->config);
     krb5_free_context(c->ctx);
+  }
   free(c);
 }
 
@@ -332,4 +334,5 @@ void Init_config(void){
   cKeySalt = rb_define_class_under(cKadm5, "KeySalt", rb_cObject);
   rb_define_attr(cKeySalt, "enctype", 1, 0);
   rb_define_attr(cKeySalt, "salttype", 1, 0);
-}
+}
+#endif

data/ext/rkerberos/context.c

@@ -61,6 +61,8 @@ static VALUE rkrb5_context_close(VALUE self){
  *
  *   :secure  => true|false           # Use config files only, ignore env variables
  *   :profile => '/path/to/krb5.conf' # Use the specified profile file
+ *
+ * Note that the profile option may not be supported on your platform.
  */
 static VALUE rkrb5_context_initialize(int argc, VALUE *argv, VALUE self){
   RUBY_KRB5_CONTEXT* ptr;
@@ -92,6 +94,9 @@ static VALUE rkrb5_context_initialize(int argc, VALUE *argv, VALUE self){
    * is used when the :secure option is truthy.
    */
   if (!NIL_P(v_profile)){
+#ifndef HAVE_PROFILE_INIT_PATH
+    rb_raise(rb_eArgError, "profile option not supported on this platform");
+#else
     Check_Type(v_profile, T_STRING);
 
     const char *profile_path = StringValueCStr(v_profile);
@@ -110,6 +115,7 @@ static VALUE rkrb5_context_initialize(int argc, VALUE *argv, VALUE self){
       rb_raise(cKrb5Exception, "krb5_init_context_profile: %s", error_message(kerror));
 
     return self;
+#endif
   }
 
   // No profile given, choose secure or normal init.

data/ext/rkerberos/extconf.rb

@@ -14,8 +14,19 @@ else
   else
     dir_config('rkerberos', '/usr/local')
   end
+
+  if File::ALT_SEPARATOR
+    kfw_dir = ENV['KRB5_DIR'] || 'C:/Program Files/MIT/Kerberos'
+    kfw_inc = ENV['KRB5_INCLUDE'] || File.join(kfw_dir, 'include')
+    kfw_lib = ENV['KRB5_LIB'] || File.join(kfw_dir, 'lib')
+    $INCFLAGS << " -I\"#{kfw_inc}\""
+    $LDFLAGS << " -L\"#{kfw_lib}\""
+  end
+
   have_header('krb5.h')
-  have_library('krb5')
+
+  have_library('krb5') || have_library('krb5_64')
+  have_library('comerr') || have_library('comerr64')
 end
 
 pkg_config('com_err') || have_library('com_err')
@@ -26,8 +37,10 @@ end
 
 if pkg_config('kdb5') || have_library('kdb5')
   have_header('kdb.h')
-else
-  raise 'kdb5 library not found'
+end
+
+if have_header('profile.h')
+  have_func('profile_init_path')
 end
 
 create_makefile('rkerberos')

data/ext/rkerberos/kadm5.c

@@ -9,6 +9,7 @@ VALUE cKadm5PrincipalNotFoundException;
 // Prototype
 static VALUE rkadm5_close(VALUE);
 static void free_tl_data(krb5_tl_data *);
+static void free_db_args(char**);
 char** parse_db_args(VALUE v_db_args);
 void add_db_args(kadm5_principal_ent_rec*, char**);
 void add_tl_data(krb5_int16 *, krb5_tl_data **,
@@ -25,7 +26,7 @@ static void rkadm5_typed_free(void *ptr) {
     krb5_free_principal(k->ctx, k->princ);
   if (k->ctx)
     krb5_free_context(k->ctx);
-  free(k->db_args);
+  free_db_args(k->db_args);
   free(k);
 }
 
@@ -314,7 +315,7 @@ static VALUE rkadm5_create_principal(int argc, VALUE* argv, VALUE self){
 
   db_args = parse_db_args(v_db_args);
   add_db_args(&princ, db_args);
-  free(db_args);
+  free_db_args(db_args);
 
   if(!ptr->ctx)
     rb_raise(cKadm5Exception, "no context has been established");
@@ -398,7 +399,7 @@ static VALUE rkadm5_close(VALUE self){
   if(ptr->ctx)
     krb5_free_context(ptr->ctx);
 
-  free(ptr->db_args);
+  free_db_args(ptr->db_args);
 
   ptr->db_args = NULL;
   ptr->ctx    = NULL;
@@ -446,8 +447,10 @@ static VALUE create_principal_from_entry(VALUE v_name, RUBY_KADM5* ptr, kadm5_pr
     char* mod_name;
     kerror = krb5_unparse_name(ptr->ctx, ent->mod_name, &mod_name);
 
-    if(kerror)
+    if(kerror){
+      kadm5_free_principal_ent(ptr->handle, ent);
       rb_raise(cKadm5Exception, "krb5_unparse_name: %s", error_message(kerror));
+    }
 
     rb_iv_set(v_principal, "@mod_name", rb_str_new2(mod_name));
     krb5_free_unparsed_name(ptr->ctx, mod_name);
@@ -459,6 +462,8 @@ static VALUE create_principal_from_entry(VALUE v_name, RUBY_KADM5* ptr, kadm5_pr
   if(ent->policy)
     rb_iv_set(v_principal, "@policy", rb_str_new2(ent->policy));
 
+  kadm5_free_principal_ent(ptr->handle, ent);
+
   return v_principal;
 }
 
@@ -518,7 +523,6 @@ static VALUE rkadm5_find_principal(VALUE self, VALUE v_user){
   }
   else{
     v_principal = create_principal_from_entry(v_user, ptr, &ent);
-    kadm5_free_principal_ent(ptr->handle, &ent);
   }
 
   return v_principal;
@@ -580,8 +584,6 @@ static VALUE rkadm5_get_principal(VALUE self, VALUE v_user){
 
   v_principal = create_principal_from_entry(v_user, ptr, &ent);
 
-  kadm5_free_principal_ent(ptr->handle, &ent);
-
   return v_principal;
 }
 
@@ -1039,7 +1041,7 @@ char** parse_db_args(VALUE v_db_args){
   switch(TYPE(v_db_args)){
     case T_STRING:
       db_args = (char **) malloc(2 * sizeof(char *));
-      db_args[0] = StringValueCStr(v_db_args);
+      db_args[0] = strdup(StringValueCStr(v_db_args));
       db_args[1] = NULL;
       break;
     case T_ARRAY:
@@ -1049,7 +1051,7 @@ char** parse_db_args(VALUE v_db_args){
       for(long i = 0; i < array_length; ++i){
         VALUE elem = rb_ary_entry(v_db_args, i);
         Check_Type(elem, T_STRING);
-        db_args[i] = StringValueCStr(elem);
+        db_args[i] = strdup(StringValueCStr(elem));
       }
       db_args[array_length] = NULL;
       break;
@@ -1062,6 +1064,16 @@ char** parse_db_args(VALUE v_db_args){
   return db_args;
 }
 
+/**
+ * Free a NULL-terminated array of strings returned by parse_db_args.
+ */
+static void free_db_args(char** db_args){
+  if(!db_args) return;
+  for(int i = 0; db_args[i] != NULL; i++)
+    free(db_args[i]);
+  free(db_args);
+}
+
 /**
  * Add parsed db-args to principal entry
  */

data/ext/rkerberos/keytab.c

@@ -51,7 +51,12 @@ static VALUE rkrb5_keytab_each_body(VALUE arg){
   VALUE v_kt_entry;
 
   while((kerror = krb5_kt_next_entry(ea->ctx, ea->keytab, &entry, &ea->cursor)) == 0){
-    krb5_unparse_name(ea->ctx, entry.principal, &principal);
+    kerror = krb5_unparse_name(ea->ctx, entry.principal, &principal);
+
+    if(kerror){
+      krb5_kt_free_entry(ea->ctx, &entry);
+      rb_raise(cKrb5Exception, "krb5_unparse_name: %s", error_message(kerror));
+    }
 
     v_kt_entry = rb_class_new_instance(0, NULL, cKrb5KtEntry);
 
@@ -503,7 +508,12 @@ static VALUE rkrb5_s_keytab_foreach_body(VALUE arg){
   VALUE v_kt_entry;
 
   while((kerror = krb5_kt_next_entry(fa->ctx, fa->keytab, &entry, &fa->cursor)) == 0){
-    krb5_unparse_name(fa->ctx, entry.principal, &principal);
+    kerror = krb5_unparse_name(fa->ctx, entry.principal, &principal);
+
+    if(kerror){
+      krb5_kt_free_entry(fa->ctx, &entry);
+      rb_raise(cKrb5Exception, "krb5_unparse_name: %s", error_message(kerror));
+    }
 
     v_kt_entry = rb_class_new_instance(0, NULL, cKrb5KtEntry);
 

data/ext/rkerberos/keytab_entry.c

@@ -63,7 +63,8 @@ static VALUE rkrb5_kt_entry_inspect(VALUE self){
 
   rb_str_buf_cat2(v_str, "key=");
   rb_str_buf_append(v_str, rb_inspect(rb_iv_get(self, "@key")));
-  rb_str_buf_cat2(v_str, " ");
+
+  rb_str_buf_cat2(v_str, ">");
 
   return v_str;
 }

data/ext/rkerberos/principal.c

@@ -49,22 +49,30 @@ static VALUE rkrb5_princ_allocate(VALUE klass){
 static VALUE rkrb5_princ_initialize(VALUE self, VALUE v_name){
   RUBY_KRB5_PRINC* ptr;
   krb5_error_code kerror;
+
   TypedData_Get_Struct(self, RUBY_KRB5_PRINC, &rkrb5_princ_data_type, ptr);
+
   kerror = krb5_init_context(&ptr->ctx);
+
   if(kerror)
     rb_raise(cKrb5Exception, "krb5_init_context failed: %s", error_message(kerror));
+
   if(NIL_P(v_name)){
     rb_iv_set(self, "@principal", Qnil);
   }
   else{
     char* name;
     Check_Type(v_name, T_STRING);
+
     name = StringValueCStr(v_name);
     kerror = krb5_parse_name(ptr->ctx, name, &ptr->principal);
+
     if(kerror)
       rb_raise(cKrb5Exception, "krb5_parse_name failed: %s", error_message(kerror));
+
     rb_iv_set(self, "@principal", v_name);
   }
+
   rb_iv_set(self, "@attributes", Qnil);
   rb_iv_set(self, "@aux_attributes", Qnil);
   rb_iv_set(self, "@expire_time", Qnil);
@@ -79,8 +87,10 @@ static VALUE rkrb5_princ_initialize(VALUE self, VALUE v_name){
   rb_iv_set(self, "@password_expiration", Qnil);
   rb_iv_set(self, "@policy", Qnil);
   rb_iv_set(self, "@kvno", Qnil);
+
   if(rb_block_given_p())
     rb_yield(self);
+
   return self;
 }
 
@@ -92,7 +102,12 @@ static VALUE rkrb5_princ_initialize(VALUE self, VALUE v_name){
  */
 static VALUE rkrb5_princ_get_realm(VALUE self){
   RUBY_KRB5_PRINC* ptr;
+
   TypedData_Get_Struct(self, RUBY_KRB5_PRINC, &rkrb5_princ_data_type, ptr);
+
+  if(!ptr->principal)
+    rb_raise(cKrb5Exception, "no principal has been established");
+
   return rb_str_new2(krb5_princ_realm(ptr->ctx, ptr->principal)->data);
 }
 
@@ -104,9 +119,16 @@ static VALUE rkrb5_princ_get_realm(VALUE self){
  */
 static VALUE rkrb5_princ_set_realm(VALUE self, VALUE v_realm){
   RUBY_KRB5_PRINC* ptr;
+
   TypedData_Get_Struct(self, RUBY_KRB5_PRINC, &rkrb5_princ_data_type, ptr);
+
+  if(!ptr->principal)
+    rb_raise(cKrb5Exception, "no principal has been established");
+
   Check_Type(v_realm, T_STRING);
+
   krb5_set_principal_realm(ptr->ctx, ptr->principal, StringValueCStr(v_realm));
+
   return v_realm;
 }
 
@@ -120,10 +142,16 @@ static VALUE rkrb5_princ_equal(VALUE self, VALUE v_other){
   RUBY_KRB5_PRINC* ptr1;
   RUBY_KRB5_PRINC* ptr2;
   VALUE v_bool = Qfalse;
+
   TypedData_Get_Struct(self, RUBY_KRB5_PRINC, &rkrb5_princ_data_type, ptr1);
   TypedData_Get_Struct(v_other, RUBY_KRB5_PRINC, &rkrb5_princ_data_type, ptr2);
+
+  if(!ptr1->principal || !ptr2->principal)
+    return Qfalse;
+
   if(krb5_principal_compare(ptr1->ctx, ptr1->principal, ptr2->principal))
     v_bool = Qtrue;
+
   return v_bool;
 }
 

data/ext/rkerberos/rkerberos.c

@@ -181,18 +181,27 @@ static VALUE rkrb5_get_init_creds_keytab(int argc, VALUE* argv, VALUE self){
   krb5_free_cred_contents(ptr->ctx, &ptr->creds);
   memset(&ptr->creds, 0, sizeof(ptr->creds));
 
+  rb_scan_args(argc, argv, "04", &v_user, &v_keytab_name, &v_service, &v_ccache);
+
+  // Validate argument types before allocating opt, so type errors don't leak it.
+  if(!NIL_P(v_user))
+    Check_Type(v_user, T_STRING);
+
+  if(!NIL_P(v_keytab_name))
+    Check_Type(v_keytab_name, T_STRING);
+
+  if(!NIL_P(v_service))
+    Check_Type(v_service, T_STRING);
+
   kerror = krb5_get_init_creds_opt_alloc(ptr->ctx, &opt);
   if(kerror)
     rb_raise(cKrb5Exception, "krb5_get_init_creds_opt_alloc: %s", error_message(kerror));
 
-  rb_scan_args(argc, argv, "04", &v_user, &v_keytab_name, &v_service, &v_ccache);
-
   // We need the service information for later.
   if(NIL_P(v_service)){
     service = NULL;
   }
   else{
-    Check_Type(v_service, T_STRING);
     service = StringValueCStr(v_service);
   }
 
@@ -212,7 +221,6 @@ static VALUE rkrb5_get_init_creds_keytab(int argc, VALUE* argv, VALUE self){
     }
   }
   else{
-    Check_Type(v_user, T_STRING);
     user = StringValueCStr(v_user);
 
     kerror = krb5_parse_name(ptr->ctx, user, &ptr->princ);
@@ -233,7 +241,6 @@ static VALUE rkrb5_get_init_creds_keytab(int argc, VALUE* argv, VALUE self){
     }
   }
   else{
-    Check_Type(v_keytab_name, T_STRING);
     strncpy(keytab_name, StringValueCStr(v_keytab_name), MAX_KEYTAB_NAME_LEN - 1);
     keytab_name[MAX_KEYTAB_NAME_LEN - 1] = '\0';
   }
@@ -678,8 +685,10 @@ static VALUE rkrb5_get_permitted_enctypes(VALUE self){
     v_enctypes = rb_hash_new();
 
     for(i = 0; ktypes[i]; i++){
-      if(krb5_enctype_to_string(ktypes[i], encoding, 128)){
-        rb_raise(cKrb5Exception, "krb5_enctype_to_string: %s", error_message(kerror));
+      krb5_error_code enc_err = krb5_enctype_to_string(ktypes[i], encoding, 128);
+      if(enc_err){
+        krb5_free_enctypes(ptr->ctx, ktypes);
+        rb_raise(cKrb5Exception, "krb5_enctype_to_string: %s", error_message(enc_err));
       }
       rb_hash_aset(v_enctypes, INT2FIX(ktypes[i]), rb_str_new2(encoding));
     }
@@ -799,8 +808,8 @@ void Init_rkerberos(void){
   rb_define_alias(cKrb5, "default_realm", "get_default_realm");
   rb_define_alias(cKrb5, "default_principal", "get_default_principal");
 
-  /* 0.2.1: The version of the custom rkerberos library */
-  rb_define_const(cKrb5, "VERSION", rb_str_new2("0.2.2"));
+  /* 0.2.3: The version of the custom rkerberos library */
+  rb_define_const(cKrb5, "VERSION", rb_str_new2("0.2.3"));
 
   // Encoding type constants
 

data/rkerberos.gemspec

@@ -2,7 +2,7 @@ require 'rubygems'
 
 Gem::Specification.new do |spec|
   spec.name       = 'rkerberos'
-  spec.version    = '0.2.2'
+  spec.version    = '0.2.3'
   spec.authors    = ['Daniel Berger', 'Dominic Cleal', 'Simon Levermann']
   spec.license    = 'Artistic-2.0'
   spec.email      = ['djberg96@gmail.com', 'dominic@cleal.org', 'simon-rubygems@slevermann.de']

data/spec/config_spec.rb

@@ -1,10 +1,11 @@
 # spec/config_spec.rb
 # RSpec tests for Kerberos::Kadm5::Config
 
-require 'rkerberos'
+require 'spec_helper'
 
-RSpec.describe Kerberos::Kadm5::Config do
-  subject(:config) { described_class.new }
+RSpec.describe 'Kerberos::Kadm5::Config', :kadm5 do
+  subject(:klass){ Kerberos::Kadm5::Config }
+  let(:config) { klass.new }
 
   it 'is frozen' do
     expect(config).to be_frozen
@@ -14,6 +15,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to realm' do
       expect(config).to respond_to(:realm)
     end
+
     it 'returns a String' do
       expect(config.realm).to be_a(String)
     end
@@ -23,6 +25,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to kadmind_port' do
       expect(config).to respond_to(:kadmind_port)
     end
+
     it 'returns an Integer' do
       expect(config.kadmind_port).to be_a(Integer)
     end
@@ -32,6 +35,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to kpasswd_port' do
       expect(config).to respond_to(:kpasswd_port)
     end
+
     it 'returns an Integer' do
       expect(config.kpasswd_port).to be_a(Integer)
     end
@@ -41,6 +45,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to admin_server' do
       expect(config).to respond_to(:admin_server)
     end
+
     it 'returns a String' do
       expect(config.admin_server).to be_a(String)
     end
@@ -50,6 +55,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to acl_file' do
       expect(config).to respond_to(:acl_file)
     end
+
     it 'returns a String' do
       expect(config.acl_file).to be_a(String)
     end
@@ -59,6 +65,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to dict_file' do
       expect(config).to respond_to(:dict_file)
     end
+
     it 'returns a String or nil' do
       expect([String, NilClass]).to include(config.dict_file.class)
     end
@@ -68,6 +75,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to stash_file' do
       expect(config).to respond_to(:stash_file)
     end
+
     it 'returns a String or nil' do
       expect([String, NilClass]).to include(config.stash_file.class)
     end
@@ -77,6 +85,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to mkey_name' do
       expect(config).to respond_to(:mkey_name)
     end
+
     it 'returns a String or nil' do
       expect([String, NilClass]).to include(config.mkey_name.class)
     end
@@ -86,6 +95,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to mkey_from_kbd' do
       expect(config).to respond_to(:mkey_from_kbd)
     end
+
     it 'returns an Integer or nil' do
       expect([Integer, NilClass]).to include(config.mkey_from_kbd.class)
     end
@@ -95,6 +105,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to enctype' do
       expect(config).to respond_to(:enctype)
     end
+
     it 'returns an Integer' do
       expect(config.enctype).to be_a(Integer)
     end
@@ -104,6 +115,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to max_life' do
       expect(config).to respond_to(:max_life)
     end
+
     it 'returns an Integer' do
       expect(config.max_life).to be_a(Integer)
     end
@@ -113,6 +125,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to max_rlife' do
       expect(config).to respond_to(:max_rlife)
     end
+
     it 'returns an Integer' do
       expect(config.max_rlife).to be_a(Integer)
     end
@@ -122,6 +135,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to expiration' do
       expect(config).to respond_to(:expiration)
     end
+
     it 'returns a Time or nil' do
       expect([Time, NilClass]).to include(config.expiration.class)
     end
@@ -131,6 +145,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to kvno' do
       expect(config).to respond_to(:kvno)
     end
+
     it 'returns an Integer or nil' do
       expect([Integer, NilClass]).to include(config.kvno.class)
     end
@@ -140,6 +155,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to iprop_enabled' do
       expect(config).to respond_to(:iprop_enabled)
     end
+
     it 'returns a boolean' do
       expect(!!config.iprop_enabled == config.iprop_enabled).to be true
     end
@@ -149,6 +165,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to iprop_logfile' do
       expect(config).to respond_to(:iprop_logfile)
     end
+
     it 'returns a String' do
       expect(config.iprop_logfile).to be_a(String)
     end
@@ -158,6 +175,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to iprop_poll_time' do
       expect(config).to respond_to(:iprop_poll_time)
     end
+
     it 'returns an Integer' do
       expect(config.iprop_poll_time).to be_a(Integer)
     end
@@ -167,6 +185,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to iprop_port' do
       expect(config).to respond_to(:iprop_port)
     end
+
     it 'returns an Integer or nil' do
       expect([Integer, NilClass]).to include(config.iprop_port.class)
     end
@@ -176,6 +195,7 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to num_keysalts' do
       expect(config).to respond_to(:num_keysalts)
     end
+
     it 'returns an Integer' do
       expect(config.num_keysalts).to be_a(Integer)
     end
@@ -185,9 +205,11 @@ RSpec.describe Kerberos::Kadm5::Config do
     it 'responds to keysalts' do
       expect(config).to respond_to(:keysalts)
     end
+
     it 'returns an Array' do
       expect(config.keysalts).to be_a(Array)
     end
+
     it 'contains KeySalt objects if not empty' do
       unless config.keysalts.empty?
         expect(config.keysalts.first).to be_a(Kerberos::Kadm5::KeySalt)

data/spec/context_spec.rb

@@ -1,7 +1,7 @@
 # spec/context_spec.rb
 # RSpec tests for Kerberos::Krb5::Context
 
-require 'rkerberos'
+require 'spec_helper'
 
 RSpec.describe Kerberos::Krb5::Context do
   subject(:context) { described_class.new }
@@ -19,17 +19,18 @@ RSpec.describe Kerberos::Krb5::Context do
   end
 
   describe 'constructor options' do
+    let(:profile_path){ RSpec.configuration.krb5_conf }
+
     it 'accepts secure: true to use a secure context' do
       expect { described_class.new(secure: true) }.not_to raise_error
     end
 
-    it 'accepts a profile path via :profile' do
-      profile_path = ENV['KRB5_CONFIG'] || '/etc/krb5.conf'
+    it 'accepts a profile path via :profile', :unix do
       expect(File).to exist(profile_path)
       expect { described_class.new(profile: profile_path) }.not_to raise_error
     end
 
-    it 'validates profile argument type' do
+    it 'validates profile argument type', :unix do
       expect { described_class.new(profile: 123) }.to raise_error(TypeError)
     end
 
@@ -43,10 +44,8 @@ RSpec.describe Kerberos::Krb5::Context do
       end
     end
 
-    it 'accepts secure: true together with profile' do
-      profile_path = ENV['KRB5_CONFIG'] || '/etc/krb5.conf'
+    it 'accepts secure: true together with profile', :unix do
       expect(File).to exist(profile_path)
-
       ctx = nil
       expect { ctx = described_class.new(secure: true, profile: profile_path) }.not_to raise_error
       expect(ctx).to be_a(described_class)

data/spec/credentials_cache_spec.rb

@@ -1,51 +1,55 @@
 # spec/credentials_cache_spec.rb
 # RSpec tests for Kerberos::Krb5::CredentialsCache
 
-require 'rkerberos'
-require 'etc'
+require 'spec_helper'
 require 'open3'
-require 'tmpdir'
 
 RSpec.describe Kerberos::Krb5::CredentialsCache do
-  let(:login) do
-    Etc.getlogin || ENV['USER'] || (Etc.getpwuid(Process.uid).name rescue nil)
-  end
   let(:realm) { Kerberos::Krb5.new.default_realm }
-  let(:princ) { "#{login}@#{realm}" }
-  let(:cfile) { File.join(Dir.tmpdir, "krb5cc_#{Etc.getpwnam(login).uid}") }
+  let(:princ) { RSpec.configuration.login + '@' + realm }
+  let(:cfile) { RSpec.configuration.krb5_cc_name }
   let(:ccache) { described_class.new }
 
   def cache_found?
-    found = true
-    Open3.popen3('klist') { |_, _, stderr| found = false unless stderr.gets.nil? }
-    found
+    if File::ALT_SEPARATOR
+      File.exist?(cfile)
+    else
+      found = true
+      Open3.popen3('klist') { |_, _, stderr| found = false unless stderr.gets.nil? }
+      found
+    end
   end
 
   after(:each) do
-    Open3.popen3('kdestroy') { sleep 0.1 }
+    Open3.popen3('kdestroy -q') { sleep 0.1 } if cache_found?
   end
 
   describe 'constructor' do
     it 'can be called with no arguments' do
       expect { described_class.new }.not_to raise_error
     end
+
     it 'does not create a cache with no arguments' do
       described_class.new
       expect(File.exist?(cfile)).to be false
       expect(cache_found?).to be false
     end
+
     it 'creates a cache with a principal' do
       expect { described_class.new(princ) }.not_to raise_error
       expect(File.exist?(cfile)).to be true
       expect(cache_found?).to be true
     end
+
     it 'accepts an explicit cache name' do
       expect { described_class.new(princ, cfile) }.not_to raise_error
       expect { described_class.new(nil, cfile) }.not_to raise_error
     end
+
     it 'raises error for non-string argument' do
       expect { described_class.new(true) }.to raise_error(TypeError)
     end
+
     it 'accepts only up to two arguments' do
       expect { described_class.new(princ, cfile, cfile) }.to raise_error(ArgumentError)
     end
@@ -55,15 +59,18 @@ RSpec.describe Kerberos::Krb5::CredentialsCache do
     it 'responds to close' do
       expect(described_class.new(princ)).to respond_to(:close)
     end
+
     it 'does not delete credentials cache' do
       c = described_class.new(princ)
       expect { c.close }.not_to raise_error
       expect(cache_found?).to be true
     end
+
     it 'can be called multiple times without error' do
       c = described_class.new(princ)
       expect { 3.times { c.close } }.not_to raise_error
     end
+
     it 'raises error when calling method on closed object' do
       c = described_class.new(princ)
       c.close
@@ -77,6 +84,7 @@ RSpec.describe Kerberos::Krb5::CredentialsCache do
       expect(c).to respond_to(:default_name)
       expect { c.default_name }.not_to raise_error
     end
+
     it 'returns a string' do
       c = described_class.new(princ)
       expect(c.default_name).to be_a(String)
@@ -94,7 +102,7 @@ RSpec.describe Kerberos::Krb5::CredentialsCache do
 
       # cache_name returns the residual portion of the cache name; default_name
       # may include the type prefix (e.g. "FILE:"). ensure the suffix matches.
-      expect(c.cache_name).to eq(c.default_name.split(':').last)
+      expect(c.cache_name).to eq(c.default_name.split(/\w{2,}:/).last)
     end
   end
 
@@ -112,6 +120,7 @@ RSpec.describe Kerberos::Krb5::CredentialsCache do
       expect(c).to respond_to(:primary_principal)
       expect { c.primary_principal }.not_to raise_error
     end
+
     it 'returns expected results' do
       c = described_class.new(princ)
       expect(c.primary_principal).to be_a(String)
@@ -125,25 +134,30 @@ RSpec.describe Kerberos::Krb5::CredentialsCache do
       c = described_class.new(princ)
       expect(c).to respond_to(:destroy)
     end
+
     it 'deletes credentials cache' do
       c = described_class.new(princ)
       expect { c.destroy }.not_to raise_error
       expect(cache_found?).to be false
     end
+
     it 'delete is an alias for destroy' do
       c = described_class.new(princ)
       expect(c).to respond_to(:delete)
       expect(c.method(:delete)).to eq(c.method(:destroy))
     end
+
     it 'returns false if no credentials cache' do
       c = described_class.new
       expect(c.destroy).to be false
     end
+
     it 'raises error when calling method on destroyed object' do
       c = described_class.new(princ)
       c.destroy
       expect { c.default_name }.to raise_error(Kerberos::Krb5::Exception)
     end
+
     it 'does not accept arguments' do
       c = described_class.new(princ)
       expect { c.destroy(true) }.to raise_error(ArgumentError)

data/spec/kadm5_spec.rb

@@ -1,12 +1,14 @@
 # spec/kadm5_spec.rb
 # RSpec tests for Kerberos::Kadm5
 
-require 'rkerberos'
+require 'spec_helper'
 require 'socket'
 
-RSpec.describe Kerberos::Kadm5 do
+RSpec.describe 'Kerberos::Kadm5', :kadm5 do
+  let(:server){ Kerberos::Kadm5::Config.new.admin_server }
+  subject(:klass){ Kerberos::Kadm5 }
+
   before(:all) do
-    @server = Kerberos::Kadm5::Config.new.admin_server
     @host = Socket.gethostname
     @user = ENV['KRB5_ADMIN_PRINCIPAL']
     @pass = ENV['KRB5_ADMIN_PASSWORD']
@@ -23,44 +25,44 @@ RSpec.describe Kerberos::Kadm5 do
 
   describe 'constructor' do
     it 'responds to .new' do
-      expect(described_class).to respond_to(:new)
+      expect(subject).to respond_to(:new)
     end
     it 'works with valid user and password' do
-      expect { described_class.new(principal: user, password: pass) }.not_to raise_error
+      expect { subject.new(principal: user, password: pass) }.not_to raise_error
     end
     it 'works with valid service' do
       expect {
-        described_class.new(principal: user, password: pass, service: 'kadmin/admin')
+        subject.new(principal: user, password: pass, service: 'kadmin/admin')
       }.not_to raise_error
     end
     it 'only accepts a hash argument' do
-      expect { described_class.new(user) }.to raise_error(TypeError)
-      expect { described_class.new(1) }.to raise_error(TypeError)
+      expect { subject.new(user) }.to raise_error(TypeError)
+      expect { subject.new(1) }.to raise_error(TypeError)
     end
     it 'accepts a block and yields itself' do
-      expect { described_class.new(principal: user, password: pass) {} }.not_to raise_error
-      described_class.new(principal: user, password: pass) { |kadm5| expect(kadm5).to be_a(described_class) }
+      expect { subject.new(principal: user, password: pass) {} }.not_to raise_error
+      subject.new(principal: user, password: pass) { |kadm5| expect(kadm5).to be_a(subject) }
     end
     it 'requires principal to be specified' do
-      expect { described_class.new({}) }.to raise_error(ArgumentError)
+      expect { subject.new({}) }.to raise_error(ArgumentError)
     end
     it 'requires principal to be a string' do
-      expect { described_class.new(principal: 1) }.to raise_error(TypeError)
+      expect { subject.new(principal: 1) }.to raise_error(TypeError)
     end
     it 'requires password to be a string' do
-      expect { described_class.new(principal: user, password: 1) }.to raise_error(TypeError)
+      expect { subject.new(principal: user, password: 1) }.to raise_error(TypeError)
     end
     it 'requires keytab to be a string or boolean' do
-      expect { described_class.new(principal: user, keytab: 1) }.to raise_error(TypeError)
+      expect { subject.new(principal: user, keytab: 1) }.to raise_error(TypeError)
     end
     it 'requires service to be a string' do
-      expect { described_class.new(principal: user, password: pass, service: 1) }.to raise_error(TypeError)
+      expect { subject.new(principal: user, password: pass, service: 1) }.to raise_error(TypeError)
     end
   end
 
   describe '#get_privileges' do
     before(:each) do
-      @kadm5 = described_class.new(principal: user, password: pass)
+      @kadm5 = subject.new(principal: user, password: pass)
     end
 
     after(:each) do

data/spec/krb5_keytab_spec.rb

@@ -4,12 +4,13 @@
 require 'rkerberos'
 require 'tmpdir'
 require 'fileutils'
-require 'pty'
-require 'expect'
-
 
+unless File::ALT_SEPARATOR
+  require 'pty'
+  require 'expect'
+end
 
-RSpec.describe Kerberos::Krb5::Keytab do
+RSpec.describe Kerberos::Krb5::Keytab, :kadm5 do
   before(:all) do
     @realm = Kerberos::Kadm5::Config.new.realm
     @keytab_file = File.join(Dir.tmpdir, 'test.keytab')

data/spec/krb5_spec.rb

@@ -1,18 +1,20 @@
 # spec/krb5_spec.rb
 # RSpec tests for Kerberos::Krb5
 
-require 'rkerberos'
+require 'spec_helper'
 require 'open3'
-require 'pty'
-require 'expect'
+
+unless File::ALT_SEPARATOR
+  require 'pty'
+  require 'expect'
+end
 
 RSpec.describe Kerberos::Krb5 do
   before(:all) do
+    krb5_conf = RSpec.configuration.krb5_conf
     @cache_found = true
     Open3.popen3('klist') { |_, _, stderr| @cache_found = false unless stderr.gets.nil? }
-    @krb5_conf = ENV['KRB5_CONFIG'] || '/etc/krb5.conf'
-    @realm = IO.read(@krb5_conf).split("\n").grep(/default_realm/).first.split('=').last.lstrip.chomp
-
+    @realm = IO.read(krb5_conf).split("\n").grep(/default_realm/).first.split('=').last.lstrip.chomp
   end
 
   subject(:krb5) { described_class.new }
@@ -21,7 +23,7 @@ RSpec.describe Kerberos::Krb5 do
   let(:service) { 'kadmin/admin' }
 
   it 'has the correct version constant' do
-    expect(Kerberos::Krb5::VERSION).to eq('0.2.2')
+    expect(Kerberos::Krb5::VERSION).to eq('0.2.3')
   end
 
   it 'accepts a block and yields itself' do
@@ -48,7 +50,7 @@ RSpec.describe Kerberos::Krb5 do
     end
   end
 
-  describe '#verify_init_creds' do
+  describe '#verify_init_creds', :kadm5 do
     # Some KDC setups may not correctly set the initial password during
     # entrypoint startup; enforce it here via the admin API so the test is
     # deterministic.
@@ -116,7 +118,7 @@ RSpec.describe Kerberos::Krb5 do
     end
   end
 
-  describe '#change_password' do
+  describe '#change_password', :kadm5 do
     before do
       # Ensure testuser1 has a known password before each test.
       Kerberos::Kadm5.new(
@@ -186,7 +188,7 @@ RSpec.describe Kerberos::Krb5 do
     end
   end
 
-  describe '#get_init_creds_keytab' do
+  describe '#get_init_creds_keytab', :unix do
     before(:each) do
       @kt_file = File.join(Dir.tmpdir, "test_get_init_creds_#{Process.pid}_#{rand(10000)}.keytab")
 

data/spec/policy_spec.rb

@@ -1,10 +1,11 @@
 # spec/policy_spec.rb
 # RSpec tests for Kerberos::Kadm5::Policy
 
-require 'rkerberos'
+require 'spec_helper'
 
-RSpec.describe Kerberos::Kadm5::Policy do
-  subject(:policy) { described_class.new(name: 'test', max_life: 10000) }
+RSpec.describe 'Kerberos::Kadm5::Policy', :kadm5 do
+  subject(:klass){ Kerberos::Kadm5::Policy }
+  let(:policy) { klass.new(name: 'test', max_life: 10000) }
 
   describe 'name' do
     it 'responds to policy' do
@@ -15,10 +16,10 @@ RSpec.describe Kerberos::Kadm5::Policy do
       expect(policy.method(:name)).to eq(policy.method(:policy))
     end
     it 'must be a string' do
-      expect { described_class.new(name: 1) }.to raise_error(TypeError)
+      expect { klass.new(name: 1) }.to raise_error(TypeError)
     end
     it 'must be present' do
-      expect { described_class.new(max_life: 10000) }.to raise_error(ArgumentError)
+      expect { klass.new(max_life: 10000) }.to raise_error(ArgumentError)
     end
   end
 
@@ -28,7 +29,7 @@ RSpec.describe Kerberos::Kadm5::Policy do
       expect { policy.min_life }.not_to raise_error
     end
     it 'must be a number if not nil' do
-      expect { described_class.new(name: 'test', min_life: 'test') }.to raise_error(TypeError)
+      expect { klass.new(name: 'test', min_life: 'test') }.to raise_error(TypeError)
     end
   end
 
@@ -38,7 +39,7 @@ RSpec.describe Kerberos::Kadm5::Policy do
       expect { policy.max_life }.not_to raise_error
     end
     it 'must be a number if not nil' do
-      expect { described_class.new(name: 'test', max_life: 'test') }.to raise_error(TypeError)
+      expect { klass.new(name: 'test', max_life: 'test') }.to raise_error(TypeError)
     end
   end
 

data/spec/principal_spec.rb

@@ -12,6 +12,24 @@ RSpec.describe Kerberos::Krb5::Principal do
       expect { described_class.new(1) }.to raise_error(TypeError)
       expect { described_class.new(true) }.to raise_error(TypeError)
     end
+
+    it 'accepts an explicit nil argument' do
+      expect{ described_class.new(nil) }.not_to raise_error
+    end
+
+    it 'works as expected with a nil argument to the constructor' do
+      expect(described_class.new(nil).principal).to be_nil
+    end
+  end
+
+  describe '#realm' do
+    it 'returns the expected value' do
+      expect(subject.realm).to eq('EXAMPLE.COM')
+    end
+
+    it 'raises an error if the constructor argument was nil' do
+      expect{ described_class.new(nil).realm }.to raise_error(Kerberos::Krb5::Exception, /no principal/)
+    end
   end
 
   describe '#name' do

data/spec/spec_helper.rb

@@ -0,0 +1,34 @@
+require 'rkerberos'
+require 'rspec'
+require 'etc'
+require 'tmpdir'
+
+RSpec.configure do |config|
+  config.filter_run_excluding :kadm5 => true unless defined?(Kerberos::Kadm5::Config)
+  config.filter_run_excluding :unix => true if File::ALT_SEPARATOR
+
+  krb5_conf = ENV['KRB5_CONFIG']
+  krb5_cc_name = ENV['KRB5CCNAME']
+  login = Etc.getlogin || ENV['USER'] || (Etc.getpwuid(Process.uid).name rescue nil)
+
+  if File::ALT_SEPARATOR
+    krb5_conf ||= 'C:\\ProgramData\\MIT\\Kerberos5\\krb5.ini'
+    krb5_cc_name ||= File.join(ENV['USERPROFILE'], 'krb5cache')
+  else
+    krb5_conf ||= '/etc/krb5.conf'
+    krb5_cc_name ||= File.join(Dir.tmpdir, "krb5cc_#{Etc.getpwnam(login).uid}")
+  end
+
+  config.add_setting :krb5_conf
+  config.krb5_conf = krb5_conf
+
+  config.add_setting :krb5_cc_name
+  config.krb5_cc_name = krb5_cc_name
+
+  config.add_setting :login
+  config.login = login
+
+  unless File.exist?(krb5_conf)
+    config.filter_run_excluding :krb5_config => true
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rkerberos
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.2.3
 platform: ruby
 authors:
 - Daniel Berger
@@ -92,6 +92,7 @@ files:
 - spec/krb5_spec.rb
 - spec/policy_spec.rb
 - spec/principal_spec.rb
+- spec/spec_helper.rb
 homepage: http://github.com/rkerberos/rkerberos
 licenses:
 - Artistic-2.0