Class: Kerberos::Krb5::Keytab
- Inherits:
-
Object
- Object
- Kerberos::Krb5::Keytab
- Defined in:
- ext/rkerberos/keytab.c
Defined Under Namespace
Classes: Exception
Instance Attribute Summary collapse
-
#name ⇒ Object
readonly
The name of the keytab associated with the current keytab object.
Class Method Summary collapse
Instance Method Summary collapse
-
#close ⇒ Object
Close the keytab object.
-
#default_name ⇒ Object
Returns the default keytab name.
-
#each {|entry| ... } ⇒ Object
Iterates over each entry, and yield the principal name.
-
#get_entry(principal, vno = 0, encoding_type = nil) ⇒ Object
(also: #find)
Searches the keytab by
principal
,vno
andencoding_type
. -
#Kerberos::Krb5::Keytab.new(name = nil) ⇒ Object
constructor
Creates and returns a new Kerberos::Krb5::Keytab object.
Constructor Details
#Kerberos::Krb5::Keytab.new(name = nil) ⇒ Object
Creates and returns a new Kerberos::Krb5::Keytab object. This initializes the context and keytab for future method calls on that object.
A keytab file name
may be provided. If not, the system’s default keytab name is used. If a name
is provided it must be in the form ‘type:residual’ where ‘type’ is a type known to the Kerberos library.
Examples:
# Using the default keytab
keytab = Kerberos::Krb5::Keytab.new
# Using an explicit keytab
keytab = Kerberos::Krb5::Keytab.new('FILE:/etc/krb5.keytab')
308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 |
# File 'ext/rkerberos/keytab.c', line 308
static VALUE rkrb5_keytab_initialize(int argc, VALUE* argv, VALUE self){
RUBY_KRB5_KEYTAB* ptr;
krb5_error_code kerror;
char keytab_name[MAX_KEYTAB_NAME_LEN];
VALUE v_keytab_name = Qnil;
Data_Get_Struct(self, RUBY_KRB5_KEYTAB, ptr);
rb_scan_args(argc, argv, "01", &v_keytab_name);
kerror = krb5_init_context(&ptr->ctx);
if(kerror)
rb_raise(cKrb5Exception, "krb5_init_context: %s", error_message(kerror));
// Use the default keytab name if one isn't provided.
if(NIL_P(v_keytab_name)){
kerror = krb5_kt_default_name(ptr->ctx, keytab_name, MAX_KEYTAB_NAME_LEN);
if(kerror)
rb_raise(cKrb5Exception, "krb5_kt_default_name: %s", error_message(kerror));
rb_iv_set(self, "@name", rb_str_new2(keytab_name));
}
else{
Check_Type(v_keytab_name, T_STRING);
strncpy(keytab_name, StringValuePtr(v_keytab_name), MAX_KEYTAB_NAME_LEN);
rb_iv_set(self, "@name", v_keytab_name);
}
kerror = krb5_kt_resolve(
ptr->ctx,
keytab_name,
&ptr->keytab
);
if(kerror)
rb_raise(cKrb5KeytabException, "krb5_kt_resolve: %s", error_message(kerror));
return self;
}
|
Instance Attribute Details
#name ⇒ Object (readonly)
The name of the keytab associated with the current keytab object.
Class Method Details
.Kerberos::Krb5::Keytab.foreach(keytab = nil) ⇒ Object .entry.inspect ⇒ Object
}
Iterate over each entry in the keytab
and yield a Krb5::Keytab::Entry object for each entry found.
If no keytab
is provided, then the default keytab is used.
363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 |
# File 'ext/rkerberos/keytab.c', line 363
static VALUE rkrb5_s_keytab_foreach(int argc, VALUE* argv, VALUE klass){
VALUE v_kt_entry;
VALUE v_keytab_name;
krb5_error_code kerror;
krb5_kt_cursor cursor;
krb5_keytab keytab;
krb5_keytab_entry entry;
krb5_context context;
char* principal;
char keytab_name[MAX_KEYTAB_NAME_LEN];
rb_scan_args(argc, argv, "01", &v_keytab_name);
kerror = krb5_init_context(&context);
if(kerror)
rb_raise(cKrb5Exception, "krb5_init_context: %s", error_message(kerror));
// Use the default keytab name if one isn't provided.
if(NIL_P(v_keytab_name)){
kerror = krb5_kt_default_name(context, keytab_name, MAX_KEYTAB_NAME_LEN);
if(kerror){
if(context)
krb5_free_context(context);
rb_raise(cKrb5Exception, "krb5_kt_default_name: %s", error_message(kerror));
}
}
else{
Check_Type(v_keytab_name, T_STRING);
strncpy(keytab_name, StringValuePtr(v_keytab_name), MAX_KEYTAB_NAME_LEN);
}
kerror = krb5_kt_resolve(
context,
keytab_name,
&keytab
);
if(kerror){
if(context)
krb5_free_context(context);
rb_raise(cKrb5Exception, "krb5_kt_resolve: %s", error_message(kerror));
}
kerror = krb5_kt_start_seq_get(
context,
keytab,
&cursor
);
if(kerror){
if(context)
krb5_free_context(context);
if(keytab)
krb5_kt_close(context, keytab);
rb_raise(cKrb5Exception, "krb5_kt_start_seq_get: %s", error_message(kerror));
}
while((kerror = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
krb5_unparse_name(context, entry.principal, &principal);
v_kt_entry = rb_class_new_instance(0, NULL, cKrb5KtEntry);
rb_iv_set(v_kt_entry, "@principal", rb_str_new2(principal));
rb_iv_set(v_kt_entry, "@timestamp", rb_time_new(entry.timestamp, 0));
rb_iv_set(v_kt_entry, "@vno", INT2FIX(entry.vno));
rb_iv_set(v_kt_entry, "@key", INT2FIX(entry.key.enctype));
rb_yield(v_kt_entry);
free(principal);
krb5_kt_free_entry(context, &entry);
}
kerror = krb5_kt_end_seq_get(
context,
keytab,
&cursor
);
if(kerror){
if(context)
krb5_free_context(context);
if(keytab)
krb5_kt_close(context, keytab);
rb_raise(cKrb5Exception, "krb5_kt_end_seq_get: %s", error_message(kerror));
}
if(keytab)
krb5_kt_close(context, keytab);
if(context)
krb5_free_context(context);
return Qnil;
}
|
Instance Method Details
#close ⇒ Object
Close the keytab object. Internally this frees up any associated credential contents and the Kerberos context. Once a keytab object is closed it cannot be reused.
116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 |
# File 'ext/rkerberos/keytab.c', line 116
static VALUE rkrb5_keytab_close(VALUE self){
RUBY_KRB5_KEYTAB* ptr;
Data_Get_Struct(self, RUBY_KRB5_KEYTAB, ptr);
if(ptr->ctx)
krb5_free_cred_contents(ptr->ctx, &ptr->creds);
if(ptr->ctx)
krb5_free_context(ptr->ctx);
ptr->ctx = NULL;
return Qtrue;
}
|
#default_name ⇒ Object
Returns the default keytab name.
90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 |
# File 'ext/rkerberos/keytab.c', line 90
static VALUE rkrb5_keytab_default_name(VALUE self){
char default_name[MAX_KEYTAB_NAME_LEN];
krb5_error_code kerror;
RUBY_KRB5_KEYTAB* ptr;
VALUE v_default_name;
Data_Get_Struct(self, RUBY_KRB5_KEYTAB, ptr);
kerror = krb5_kt_default_name(ptr->ctx, default_name, MAX_KEYTAB_NAME_LEN);
if(kerror)
rb_raise(cKrb5Exception, "krb5_kt_default_name: %s", error_message(kerror));
v_default_name = rb_str_new2(default_name);
return v_default_name;
}
|
#each {|entry| ... } ⇒ Object
Iterates over each entry, and yield the principal name.
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
# File 'ext/rkerberos/keytab.c', line 35
static VALUE rkrb5_keytab_each(VALUE self){
RUBY_KRB5_KEYTAB* ptr;
VALUE v_kt_entry;
krb5_error_code kerror;
krb5_kt_cursor cursor;
krb5_keytab_entry entry;
char* principal;
Data_Get_Struct(self, RUBY_KRB5_KEYTAB, ptr);
kerror = krb5_kt_start_seq_get(
ptr->ctx,
ptr->keytab,
&cursor
);
if(kerror)
rb_raise(cKrb5Exception, "krb5_kt_start_seq_get: %s", error_message(kerror));
while((kerror = krb5_kt_next_entry(ptr->ctx, ptr->keytab, &entry, &cursor)) == 0){
krb5_unparse_name(ptr->ctx, entry.principal, &principal);
v_kt_entry = rb_class_new_instance(0, NULL, cKrb5KtEntry);
rb_iv_set(v_kt_entry, "@principal", rb_str_new2(principal));
rb_iv_set(v_kt_entry, "@timestamp", rb_time_new(entry.timestamp, 0));
rb_iv_set(v_kt_entry, "@vno", INT2FIX(entry.vno));
rb_iv_set(v_kt_entry, "@key", INT2FIX(entry.key.enctype));
rb_yield(v_kt_entry);
free(principal);
krb5_kt_free_entry(ptr->ctx, &entry);
}
kerror = krb5_kt_end_seq_get(
ptr->ctx,
ptr->keytab,
&cursor
);
if(kerror)
rb_raise(cKrb5Exception, "krb5_kt_end_seq_get: %s", error_message(kerror));
return self;
}
|
#get_entry(principal, vno = 0, encoding_type = nil) ⇒ Object Also known as: find
Searches the keytab by principal
, vno
and encoding_type
. If the vno
is zero (the default), then the first entry that matches principal
is returned.
Returns a Kerberos::Krb5::KeytabEntry object if the entry is found.
Raises an exception if no entry is found.
240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 |
# File 'ext/rkerberos/keytab.c', line 240
static VALUE rkrb5_keytab_get_entry(int argc, VALUE* argv, VALUE self){
RUBY_KRB5_KEYTAB* ptr;
krb5_error_code kerror;
krb5_principal principal;
krb5_kvno vno;
krb5_enctype enctype;
krb5_keytab_entry entry;
char* name;
VALUE v_principal, v_vno, v_enctype, v_entry;
Data_Get_Struct(self, RUBY_KRB5_KEYTAB, ptr);
rb_scan_args(argc, argv, "12", &v_principal, &v_vno, &v_enctype);
Check_Type(v_principal, T_STRING);
name = StringValuePtr(v_principal);
kerror = krb5_parse_name(ptr->ctx, name, &principal);
if(kerror)
rb_raise(cKrb5Exception, "krb5_unparse_name: %s", error_message(kerror));
vno = 0;
enctype = 0;
kerror = krb5_kt_get_entry(
ptr->ctx,
ptr->keytab,
principal,
vno,
enctype,
&entry
);
if(kerror)
rb_raise(cKrb5Exception, "krb5_kt_get_entry: %s", error_message(kerror));
v_entry = rb_class_new_instance(0, NULL, cKrb5KtEntry);
rb_iv_set(v_entry, "@principal", rb_str_new2(name));
rb_iv_set(v_entry, "@timestamp", rb_time_new(entry.timestamp, 0));
rb_iv_set(v_entry, "@vno", INT2FIX(entry.vno));
rb_iv_set(v_entry, "@key", INT2FIX(entry.key.enctype));
krb5_kt_free_entry(ptr->ctx, &entry);
return v_entry;
}
|