Class: Kerberos::Kadm5
- Inherits:
-
Object
- Object
- Kerberos::Kadm5
- Defined in:
- ext/rkerberos/kadm5.c
Defined Under Namespace
Classes: Exception, PrincipalNotFoundException
Constant Summary collapse
- DISALLOW_POSTDATED =
Constants
INT2FIX(KRB5_KDB_DISALLOW_POSTDATED)
- DISALLOW_FORWARDABLE =
INT2FIX(KRB5_KDB_DISALLOW_FORWARDABLE)
- DISALLOW_TGT_BASED =
INT2FIX(KRB5_KDB_DISALLOW_TGT_BASED)
- DISALLOW_RENEWABLE =
INT2FIX(KRB5_KDB_DISALLOW_RENEWABLE)
- DISALLOW_PROXIABLE =
INT2FIX(KRB5_KDB_DISALLOW_PROXIABLE)
- DISALLOW_DUP_SKEY =
INT2FIX(KRB5_KDB_DISALLOW_DUP_SKEY)
- DISALLOW_ALL_TIX =
INT2FIX(KRB5_KDB_DISALLOW_ALL_TIX)
- REQUIRES_PRE_AUTH =
INT2FIX(KRB5_KDB_REQUIRES_PRE_AUTH)
- REQUIRES_HW_AUTH =
INT2FIX(KRB5_KDB_REQUIRES_HW_AUTH)
- REQUIRES_PWCHANGE =
INT2FIX(KRB5_KDB_REQUIRES_PWCHANGE)
- DISALLOW_SVR =
INT2FIX(KRB5_KDB_DISALLOW_SVR)
- PWCHANGE_SERVICE =
INT2FIX(KRB5_KDB_PWCHANGE_SERVICE)
- SUPPORT_DESMD5 =
INT2FIX(KRB5_KDB_SUPPORT_DESMD5)
- NEW_PRINC =
INT2FIX(KRB5_KDB_NEW_PRINC)
Instance Method Summary collapse
-
#close ⇒ Object
Closes the kadm5 object.
-
#create_policy(policy) ⇒ Object
Creates a new Kerberos policy based on the Policy object.
-
#create_principal(v_user, v_pass) ⇒ Object
Creates a new principal
name
with an initial password ofpassword
. -
#delete_policy(name) ⇒ Object
Deletes the Kerberos policy
name
. -
#delete_principal(name) ⇒ Object
Deletes the principal
name
from the Kerberos database. -
#find_policy(name) ⇒ Object
Get and return a Policy object for
name
. -
#find_principal(principal_name) ⇒ Object
Returns a Principal object for
principal_name
containing various bits of information regarding that principal, such as policy, attributes, expiration information, etc. -
#generate_random_key(principal) ⇒ Object
Generates and assigns a new random key to the named
principal
and returns the number of generated keys. -
#get_policies(expr = nil) ⇒ Object
Returns a list of policy names matching
expr
, or all policy names ifexpr
is nil. -
#get_policy(name) ⇒ Object
Get and return a Policy object for
name
. -
#get_principal(principal_name) ⇒ Object
Returns a Principal object for
principal_name
containing various bits of information regarding that principal, such as policy, attributes, expiration information, etc. -
#get_principals(expr = nil) ⇒ Object
Returns a list of principals matching
expr
, or all principals ifexpr
is nil. -
#get_privileges(: strings) ⇒ Object
Returns a numeric bitmask indicating the caller’s privileges.
-
#initialize(v_opts) ⇒ Object
constructor
Creates and returns a new Kerberos::Kadm5 object.
-
#modify_policy(policy) ⇒ Object
Modify an existing Kerberos policy using a
policy
object. -
#set_password(user, password) ⇒ Object
Set the password for
user
(i.e. the principal) topassword
.
Constructor Details
#Kerberos::Kadm5.new(: principal) ⇒ Object #Kerberos::Kadm5.new(: principal) ⇒ Object #Kerberos::Kadm5.new(: principal) ⇒ Object
Creates and returns a new Kerberos::Kadm5 object. A hash argument is accepted that allows you to specify a principal and a password, or a keytab file.
If you pass a string as the :keytab value it will attempt to use that file for the keytab. If you pass true as the value it will attempt to use the default keytab file, typically /etc/krb5.keytab.
You may also pass the :service option to specify the service name. The default is kadmin/admin.
48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 |
# File 'ext/rkerberos/kadm5.c', line 48
static VALUE rkadm5_initialize(VALUE self, VALUE v_opts){
RUBY_KADM5* ptr;
VALUE v_principal, v_password, v_keytab, v_service;
char* user;
char* pass = NULL;
char* keytab = NULL;
char* service = NULL;
krb5_error_code kerror;
Data_Get_Struct(self, RUBY_KADM5, ptr);
Check_Type(v_opts, T_HASH);
v_principal = rb_hash_aref2(v_opts, "principal");
// Principal must be specified
if(NIL_P(v_principal))
rb_raise(rb_eArgError, "principal must be specified");
Check_Type(v_principal, T_STRING);
user = StringValuePtr(v_principal);
v_password = rb_hash_aref2(v_opts, "password");
v_keytab = rb_hash_aref2(v_opts, "keytab");
if(RTEST(v_password) && RTEST(v_keytab))
rb_raise(rb_eArgError, "cannot use both a password and a keytab");
if(RTEST(v_password)){
Check_Type(v_password, T_STRING);
pass = StringValuePtr(v_password);
}
v_service = rb_hash_aref2(v_opts, "service");
if(NIL_P(v_service)){
service = "kadmin/admin";
}
else{
Check_Type(v_service, T_STRING);
service = StringValuePtr(v_service);
}
// Normally I would wait to initialize the context, but we might need it
// to get the default keytab file name.
kerror = krb5_init_context(&ptr->ctx);
if(kerror)
rb_raise(cKadm5Exception, "krb5_init_context: %s", error_message(kerror));
// The docs say I can use NULL to get the default, but reality appears to be otherwise.
if(RTEST(v_keytab)){
if(TYPE(v_keytab) == T_TRUE){
char default_name[MAX_KEYTAB_NAME_LEN];
kerror = krb5_kt_default_name(ptr->ctx, default_name, MAX_KEYTAB_NAME_LEN);
if(kerror)
rb_raise(cKrb5Exception, "krb5_kt_default_name: %s", error_message(kerror));
keytab = default_name;
}
else{
Check_Type(v_keytab, T_STRING);
keytab = StringValuePtr(v_keytab);
}
}
if(RTEST(v_password)){
#ifdef KADM5_API_VERSION_3
kerror = kadm5_init_with_password(
ptr->ctx,
user,
pass,
service,
NULL,
KADM5_STRUCT_VERSION,
KADM5_API_VERSION_3,
NULL,
&ptr->handle
);
#else
kerror = kadm5_init_with_password(
user,
pass,
service,
NULL,
KADM5_STRUCT_VERSION,
KADM5_API_VERSION_2,
NULL,
&ptr->handle
);
#endif
if(kerror)
rb_raise(cKadm5Exception, "kadm5_init_with_password: %s", error_message(kerror));
}
else if(RTEST(v_keytab)){
#ifdef KADM5_API_VERSION_3
kerror = kadm5_init_with_skey(
ptr->ctx,
user,
keytab,
service,
NULL,
KADM5_STRUCT_VERSION,
KADM5_API_VERSION_3,
NULL,
&ptr->handle
);
#else
kerror = kadm5_init_with_skey(
user,
keytab,
service,
NULL,
KADM5_STRUCT_VERSION,
KADM5_API_VERSION_2,
NULL,
&ptr->handle
);
#endif
if(kerror)
rb_raise(cKadm5Exception, "kadm5_init_with_skey: %s", error_message(kerror));
}
else{
// TODO: Credentials cache.
}
if(rb_block_given_p()){
rb_ensure(rb_yield, self, rkadm5_close, self);
return Qnil;
}
return self;
}
|
Instance Method Details
#close ⇒ Object
Closes the kadm5 object. Specifically, it frees the principal and context associated with the kadm5 object, as well as the server handle.
Any attempt to call a method on a kadm5 object after it has been closed will fail with an error message indicating a lack of context.
303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 |
# File 'ext/rkerberos/kadm5.c', line 303
static VALUE rkadm5_close(VALUE self){
RUBY_KADM5* ptr;
Data_Get_Struct(self, RUBY_KADM5, ptr);
if(ptr->princ)
krb5_free_principal(ptr->ctx, ptr->princ);
if(ptr->ctx)
krb5_free_context(ptr->ctx);
if(ptr->handle)
kadm5_destroy(ptr->handle);
ptr->ctx = NULL;
ptr->princ = NULL;
ptr->handle = NULL;
return self;
}
|
#create_policy(policy) ⇒ Object
501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 |
# File 'ext/rkerberos/kadm5.c', line 501
static VALUE rkadm5_create_policy(VALUE self, VALUE v_policy){
RUBY_KADM5* ptr;
kadm5_ret_t kerror;
kadm5_policy_ent_rec ent;
long mask = KADM5_POLICY;
VALUE v_name, v_min_classes, v_min_life, v_max_life, v_min_length, v_history_num;
Data_Get_Struct(self, RUBY_KADM5, ptr);
// Allow a hash or a Policy object
if(rb_obj_is_kind_of(v_policy, rb_cHash)){
VALUE v_args[1];
v_args[0] = v_policy;
v_policy = rb_class_new_instance(1, v_args, cKadm5Policy);
}
v_name = rb_iv_get(v_policy, "@policy");
v_min_classes = rb_iv_get(v_policy, "@min_classes");
v_min_length = rb_iv_get(v_policy, "@min_length");
v_min_life = rb_iv_get(v_policy, "@min_life");
v_max_life = rb_iv_get(v_policy, "@max_life");
v_history_num = rb_iv_get(v_policy, "@history_num");
ent.policy = StringValuePtr(v_name);
if(RTEST(v_min_classes)){
mask |= KADM5_PW_MIN_CLASSES;
ent.pw_min_classes = NUM2LONG(v_min_classes);
}
if(RTEST(v_min_length)){
mask |= KADM5_PW_MIN_LENGTH;
ent.pw_min_length = NUM2LONG(v_min_length);
}
if(RTEST(v_min_life)){
mask |= KADM5_PW_MIN_LIFE;
ent.pw_min_life = NUM2LONG(v_min_life);
}
if(RTEST(v_max_life)){
mask |= KADM5_PW_MAX_LIFE;
ent.pw_max_life = NUM2LONG(v_max_life);
}
if(RTEST(v_history_num)){
mask |= KADM5_PW_HISTORY_NUM;
ent.pw_max_life = NUM2LONG(v_history_num);
}
kerror = kadm5_create_policy(ptr->handle, &ent, mask);
if(kerror)
rb_raise(cKadm5Exception, "kadm5_create_policy: %s (%li)", error_message(kerror), kerror);
return self;
}
|
#create_principal(name, password) ⇒ Object #create_principal(principal) ⇒ Object
Creates a new principal name
with an initial password of password
.
226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 |
# File 'ext/rkerberos/kadm5.c', line 226
static VALUE rkadm5_create_principal(VALUE self, VALUE v_user, VALUE v_pass){
RUBY_KADM5* ptr;
char* user;
char* pass;
int mask;
kadm5_principal_ent_rec princ;
krb5_error_code kerror;
Data_Get_Struct(self, RUBY_KADM5, ptr);
Check_Type(v_user, T_STRING);
Check_Type(v_pass, T_STRING);
memset(&princ, 0, sizeof(princ));
mask = KADM5_PRINCIPAL;
user = StringValuePtr(v_user);
pass = StringValuePtr(v_pass);
if(!ptr->ctx)
rb_raise(cKadm5Exception, "no context has been established");
kerror = krb5_parse_name(ptr->ctx, user, &princ.principal);
if(kerror)
rb_raise(cKadm5Exception, "krb5_parse_name: %s", error_message(kerror));
kerror = kadm5_create_principal(ptr->handle, &princ, mask, pass);
if(kerror)
rb_raise(cKadm5Exception, "kadm5_create_principal: %s", error_message(kerror));
krb5_free_principal(ptr->ctx, princ.principal);
return self;
}
|
#delete_policy(name) ⇒ Object
Deletes the Kerberos policy name
.
Example:
kadm5.delete_policy('test')
569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 |
# File 'ext/rkerberos/kadm5.c', line 569
static VALUE rkadm5_delete_policy(VALUE self, VALUE v_policy){
RUBY_KADM5* ptr;
kadm5_ret_t kerror;
char* policy;
Data_Get_Struct(self, RUBY_KADM5, ptr);
policy = StringValuePtr(v_policy);
kerror = kadm5_delete_policy(ptr->handle, policy);
if(kerror)
rb_raise(cKadm5Exception, "kadm5_delete_policy: %s (%li)", error_message(kerror), kerror);
return self;
}
|
#delete_principal(name) ⇒ Object
Deletes the principal name
from the Kerberos database.
268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 |
# File 'ext/rkerberos/kadm5.c', line 268
static VALUE rkadm5_delete_principal(VALUE self, VALUE v_user){
RUBY_KADM5* ptr;
char* user;
krb5_error_code kerror;
Data_Get_Struct(self, RUBY_KADM5, ptr);
Check_Type(v_user, T_STRING);
user = StringValuePtr(v_user);
if(!ptr->ctx)
rb_raise(cKadm5Exception, "no context has been established");
kerror = krb5_parse_name(ptr->ctx, user, &ptr->princ);
if(kerror)
rb_raise(cKadm5Exception, "krb5_parse_name: %s", error_message(kerror));
kerror = kadm5_delete_principal(ptr->handle, ptr->princ);
if(kerror)
rb_raise(cKadm5Exception, "kadm5_delete_principal: %s", error_message(kerror));
return self;
}
|
#find_policy(name) ⇒ Object
Get and return a Policy object for name
. If the name
cannot be found, then nil is returned.
This method is nearly identical to kadm5.get_policy, except that method raises an exception if not found.
648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 |
# File 'ext/rkerberos/kadm5.c', line 648
static VALUE rkadm5_find_policy(VALUE self, VALUE v_name){
RUBY_KADM5* ptr;
VALUE v_policy = Qnil;
kadm5_policy_ent_rec ent;
kadm5_ret_t kerror;
char* policy_name;
Data_Get_Struct(self, RUBY_KADM5, ptr);
memset(&ent, 0, sizeof(ent));
if(!ptr->ctx)
rb_raise(cKadm5Exception, "no context has been established");
policy_name = StringValuePtr(v_name);
kerror = kadm5_get_policy(ptr->handle, policy_name, &ent);
// Return nil if not found rather than raising an error.
if(kerror){
if(kerror != KADM5_UNK_POLICY){
rb_raise(
cKadm5Exception,
"kadm5_get_policy: %s (%li)", error_message(kerror), kerror
);
}
}
else{
VALUE v_arg[1];
VALUE v_hash = rb_hash_new();
rb_hash_aset(v_hash, rb_str_new2("name"), rb_str_new2(ent.policy));
rb_hash_aset(v_hash, rb_str_new2("min_life"), LONG2FIX(ent.pw_min_life));
rb_hash_aset(v_hash, rb_str_new2("max_life"), LONG2FIX(ent.pw_max_life));
rb_hash_aset(v_hash, rb_str_new2("min_length"), LONG2FIX(ent.pw_min_length));
rb_hash_aset(v_hash, rb_str_new2("min_classes"), LONG2FIX(ent.pw_min_classes));
rb_hash_aset(v_hash, rb_str_new2("history_num"), LONG2FIX(ent.pw_history_num));
v_arg[0] = v_hash;
v_policy = rb_class_new_instance(1, v_arg, cKadm5Policy);
}
return v_policy;
}
|
#find_principal(principal_name) ⇒ Object
Returns a Principal object for principal_name
containing various bits of information regarding that principal, such as policy, attributes, expiration information, etc.
Unlike the get_principal method, this method returns nil if the principal cannot be found instead of raising an error.
387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 |
# File 'ext/rkerberos/kadm5.c', line 387
static VALUE rkadm5_find_principal(VALUE self, VALUE v_user){
RUBY_KADM5* ptr;
VALUE v_principal;
char* user;
int mask;
kadm5_principal_ent_rec ent;
krb5_error_code kerror;
Data_Get_Struct(self, RUBY_KADM5, ptr);
Check_Type(v_user, T_STRING);
user = StringValuePtr(v_user);
memset(&ent, 0, sizeof(ent));
if(!ptr->ctx)
rb_raise(cKadm5Exception, "no context has been established");
kerror = krb5_parse_name(ptr->ctx, user, &ptr->princ);
if(kerror)
rb_raise(cKadm5Exception, "krb5_parse_name: %s", error_message(kerror));
mask = KADM5_PRINCIPAL_NORMAL_MASK;
kerror = kadm5_get_principal(
ptr->handle,
ptr->princ,
&ent,
mask
);
// Return nil if not found instead of raising an error.
if(kerror){
if(kerror == KADM5_UNK_PRINC)
v_principal = Qnil;
else
rb_raise(cKadm5Exception, "kadm5_get_principal: %s", error_message(kerror));
}
else{
v_principal = create_principal_from_entry(v_user, ptr, &ent);
}
return v_principal;
}
|
#generate_random_key(principal) ⇒ Object
Generates and assigns a new random key to the named principal
and returns the number of generated keys.
904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 |
# File 'ext/rkerberos/kadm5.c', line 904
static VALUE rkadm5_randkey_principal(VALUE self, VALUE v_user){
RUBY_KADM5* ptr;
krb5_keyblock* keys;
kadm5_ret_t kerror;
krb5_principal princ;
char* user;
int n_keys, i;
Data_Get_Struct(self, RUBY_KADM5, ptr);
user = StringValuePtr(v_user);
if(!ptr->ctx)
rb_raise(cKadm5Exception, "no context has been established");
kerror = krb5_parse_name(ptr->ctx, user, &princ);
if(kerror)
rb_raise(cKadm5Exception, "krb5_parse_name: %s", error_message(kerror));
kerror = kadm5_randkey_principal(ptr->handle, princ, &keys, &n_keys);
if(kerror)
rb_raise(cKadm5Exception, "kadm5_randkey_principal: %s (%li)", error_message(kerror), kerror);
for(i = 0; i < n_keys; i++)
krb5_free_keyblock_contents(ptr->ctx, &keys[i]);
free(keys);
return INT2NUM(n_keys);
}
|
#get_policies(expr = nil) ⇒ Object
Returns a list of policy names matching expr
, or all policy names if expr
is nil.
The valid characters for expr
are ‘*’, ‘?’, ‘[]’ and ‘'. All other characters match themselves.
kadm5.get_policies # => Get all policies
kadm5.get_policies('test*') # => Get all policies that start with 'test'
750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 |
# File 'ext/rkerberos/kadm5.c', line 750
static VALUE rkadm5_get_policies(int argc, VALUE* argv, VALUE self){
RUBY_KADM5* ptr;
VALUE v_array, v_expr;
kadm5_ret_t kerror;
char** pols;
char* expr;
int i, count;
Data_Get_Struct(self, RUBY_KADM5, ptr);
rb_scan_args(argc, argv, "01", &v_expr);
if(NIL_P(v_expr))
expr = NULL;
else
expr = StringValuePtr(v_expr);
kerror = kadm5_get_policies(ptr->handle, expr, &pols, &count);
if(kerror)
rb_raise(cKadm5Exception, "kadm5_get_policies: %s (%li)", error_message(kerror), kerror);
v_array = rb_ary_new();
for(i = 0; i < count; i++){
rb_ary_push(v_array, rb_str_new2(pols[i]));
}
kadm5_free_name_list(ptr->handle, pols, count);
return v_array;
}
|
#get_policy(name) ⇒ Object
Get and return a Policy object for name
. If the name
cannot be found, then an exception is raised.
This method is nearly identical to kadm5.find_policy, except that method returns nil if not found.
596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 |
# File 'ext/rkerberos/kadm5.c', line 596
static VALUE rkadm5_get_policy(VALUE self, VALUE v_name){
RUBY_KADM5* ptr;
VALUE v_policy = Qnil;
kadm5_policy_ent_rec ent;
kadm5_ret_t kerror;
char* policy_name;
Data_Get_Struct(self, RUBY_KADM5, ptr);
memset(&ent, 0, sizeof(ent));
if(!ptr->ctx)
rb_raise(cKadm5Exception, "no context has been established");
policy_name = StringValuePtr(v_name);
kerror = kadm5_get_policy(ptr->handle, policy_name, &ent);
if(kerror){
rb_raise(
cKadm5Exception,
"kadm5_get_policy: %s (%li)", error_message(kerror), kerror
);
}
else{
VALUE v_arg[1];
VALUE v_hash = rb_hash_new();
rb_hash_aset(v_hash, rb_str_new2("name"), rb_str_new2(ent.policy));
rb_hash_aset(v_hash, rb_str_new2("min_life"), LONG2FIX(ent.pw_min_life));
rb_hash_aset(v_hash, rb_str_new2("max_life"), LONG2FIX(ent.pw_max_life));
rb_hash_aset(v_hash, rb_str_new2("min_length"), LONG2FIX(ent.pw_min_length));
rb_hash_aset(v_hash, rb_str_new2("min_classes"), LONG2FIX(ent.pw_min_classes));
rb_hash_aset(v_hash, rb_str_new2("history_num"), LONG2FIX(ent.pw_history_num));
v_arg[0] = v_hash;
v_policy = rb_class_new_instance(1, v_arg, cKadm5Policy);
}
return v_policy;
}
|
#get_principal(principal_name) ⇒ Object
Returns a Principal object for principal_name
containing various bits of information regarding that principal, such as policy, attributes, expiration information, etc.
If the principal_name
cannot be found then a PrincipalNotFoundException is raised.
443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 |
# File 'ext/rkerberos/kadm5.c', line 443
static VALUE rkadm5_get_principal(VALUE self, VALUE v_user){
RUBY_KADM5* ptr;
VALUE v_principal;
char* user;
int mask;
kadm5_principal_ent_rec ent;
krb5_error_code kerror;
Data_Get_Struct(self, RUBY_KADM5, ptr);
Check_Type(v_user, T_STRING);
user = StringValuePtr(v_user);
memset(&ent, 0, sizeof(ent));
if(!ptr->ctx)
rb_raise(cKadm5Exception, "no context has been established");
kerror = krb5_parse_name(ptr->ctx, user, &ptr->princ);
if(kerror)
rb_raise(cKadm5Exception, "krb5_parse_name: %s", error_message(kerror));
mask = KADM5_PRINCIPAL_NORMAL_MASK;
kerror = kadm5_get_principal(
ptr->handle,
ptr->princ,
&ent,
mask
);
if(kerror){
if(kerror == KADM5_UNK_PRINC)
rb_raise(cKadm5PrincipalNotFoundException, "principal not found");
else
rb_raise(cKadm5Exception, "kadm5_get_principal: %s", error_message(kerror));
}
v_principal = create_principal_from_entry(v_user, ptr, &ent);
return v_principal;
}
|
#get_principals(expr = nil) ⇒ Object
Returns a list of principals matching expr
, or all principals if expr
is nil.
The valid characters for expr
are ‘*’, ‘?’, ‘[]’ and ‘'. All other characters match themselves.
Example:
kadm5.get_principals # => Get all principals
kadm5.get_principals('test*') # => Get all principals that start with 'test'
798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 |
# File 'ext/rkerberos/kadm5.c', line 798
static VALUE rkadm5_get_principals(int argc, VALUE* argv, VALUE self){
RUBY_KADM5* ptr;
VALUE v_array, v_expr;
kadm5_ret_t kerror;
char** princs;
char* expr;
int i, count;
Data_Get_Struct(self, RUBY_KADM5, ptr);
rb_scan_args(argc, argv, "01", &v_expr);
if(NIL_P(v_expr))
expr = NULL;
else
expr = StringValuePtr(v_expr);
kerror = kadm5_get_principals(ptr->handle, expr, &princs, &count);
if(kerror)
rb_raise(cKadm5Exception, "kadm5_get_principals: %s (%li)", error_message(kerror), kerror);
v_array = rb_ary_new();
for(i = 0; i < count; i++){
rb_ary_push(v_array, rb_str_new2(princs[i]));
}
kadm5_free_name_list(ptr->handle, princs, count);
return v_array;
}
|
#get_privileges(: strings) ⇒ Object
Returns a numeric bitmask indicating the caller’s privileges. If the strings
option is true, then an array of human readable strings are returned instead.
The possible values, and their string equivalent, are:
KADM5_PRIV_GET (0x01) => “GET” KADM5_PRIV_ADD (0x02) => “ADD” KADM5_PRIV_MODIFY (0x04) => “MODIFY” KADM5_PRIV_DELETE (0x08) => “DELETE”
846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 |
# File 'ext/rkerberos/kadm5.c', line 846
static VALUE rkadm5_get_privs(int argc, VALUE* argv, VALUE self){
RUBY_KADM5* ptr;
VALUE v_return = Qnil;
VALUE v_strings = Qfalse;
kadm5_ret_t kerror;
int i;
long privs;
int result = 0;
Data_Get_Struct(self, RUBY_KADM5, ptr);
rb_scan_args(argc, argv, "01", &v_strings);
kerror = kadm5_get_privs(ptr->handle, &privs);
if(kerror)
rb_raise(cKadm5Exception, "kadm5_get_privs: %s (%li)", error_message(kerror), kerror);
if(RTEST(v_strings)){
v_return = rb_ary_new();
for(i = 0; i < sizeof(privs); i++){
result |= (privs & 1 << i);
switch(privs & 1 << i){
case KADM5_PRIV_GET:
rb_ary_push(v_return, rb_str_new2("GET"));
break;
case KADM5_PRIV_ADD:
rb_ary_push(v_return, rb_str_new2("ADD"));
break;
case KADM5_PRIV_MODIFY:
rb_ary_push(v_return, rb_str_new2("MODIFY"));
break;
case KADM5_PRIV_DELETE:
rb_ary_push(v_return, rb_str_new2("DELETE"));
break;
default:
rb_ary_push(v_return, rb_str_new2("UNKNOWN"));
};
}
}
else{
for(i = 0; i < sizeof(privs); i++){
result |= (privs & 1 << i);
}
v_return = INT2FIX(result);
}
return v_return;
}
|
#modify_policy(policy) ⇒ Object
705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 |
# File 'ext/rkerberos/kadm5.c', line 705
static VALUE rkadm5_modify_policy(VALUE self, VALUE v_policy){
RUBY_KADM5* ptr;
RUBY_KADM5_POLICY* pptr;
kadm5_ret_t kerror;
long mask = KADM5_POLICY;
Data_Get_Struct(self, RUBY_KADM5, ptr);
Data_Get_Struct(v_policy, RUBY_KADM5_POLICY, pptr);
if(!ptr->ctx)
rb_raise(cKadm5Exception, "no context has been established");
if(pptr->policy.pw_min_classes)
mask |= KADM5_PW_MIN_CLASSES;
if(pptr->policy.pw_min_length)
mask |= KADM5_PW_MIN_LENGTH;
if(pptr->policy.pw_min_life)
mask |= KADM5_PW_MIN_LIFE;
if(pptr->policy.pw_max_life)
mask |= KADM5_PW_MAX_LIFE;
kerror = kadm5_modify_policy(ptr->handle, &pptr->policy, mask);
if(kerror)
rb_raise(cKadm5Exception, "kadm5_modify_policy: %s (%li)", error_message(kerror), kerror);
return self;
}
|
#set_password(user, password) ⇒ Object
Set the password for user
(i.e. the principal) to password
.
190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 |
# File 'ext/rkerberos/kadm5.c', line 190
static VALUE rkadm5_set_password(VALUE self, VALUE v_user, VALUE v_pass){
Check_Type(v_user, T_STRING);
Check_Type(v_pass, T_STRING);
RUBY_KADM5* ptr;
char* user = StringValuePtr(v_user);
char* pass = StringValuePtr(v_pass);
krb5_error_code kerror;
Data_Get_Struct(self, RUBY_KADM5, ptr);
if(!ptr->ctx)
rb_raise(cKadm5Exception, "no context has been established");
kerror = krb5_parse_name(ptr->ctx, user, &ptr->princ);
if(kerror)
rb_raise(cKadm5Exception, "krb5_parse_name: %s", error_message(kerror));
kerror = kadm5_chpass_principal(ptr->handle, ptr->princ, pass);
if(kerror)
rb_raise(cKadm5Exception, "kadm5_chpass_principal: %s", error_message(kerror));
return self;
}
|