Class: Kerberos::Krb5

Inherits:
Object
  • Object
show all
Defined in:
lib/kerberos.rb,
ext/ruby_kerberos.c

Overview

Krb5 contains the kerberos end user functionality, such as user authentication and password changes.

Instance Method Summary collapse

Constructor Details

#initializeObject 



320
321
322
323
 
# File 'ext/ruby_kerberos.c', line 320

VALUE Krb5_init(VALUE self)
{
  return self;
}

Instance Method Details

#change_password(_user, _pass, _newpass) ⇒ Object

Change password of an existing user. Returns true on success, false on failure. p1=username p2=current password p3=new password



229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
 
# File 'ext/ruby_kerberos.c', line 229

static VALUE Krb5_change_password(VALUE self, VALUE _user, VALUE _pass, VALUE _newpass) {
  Check_Type(_user,T_STRING);
  Check_Type(_pass,T_STRING);
  Check_Type(_newpass,T_STRING);
  char * user = STR2CSTR(_user);
  char * pass = STR2CSTR(_pass);
  char * newpass = STR2CSTR(_newpass);

  krb5_error_code             krbret;
  krb5_context                ctx;
  krb5_creds                  creds;
  krb5_principal              princ;
  int pw_result;
  krb5_data       pw_res_string, res_string;

  if ((krbret = krb5_init_context(&ctx))) {
    Krb5_register_error(krbret);
    return Qfalse;
  }

  if ((krbret = krb5_parse_name(ctx, user, &princ))) {
    krb5_free_context(ctx);
    Krb5_register_error(krbret);
    return Qfalse;
  }

  if ((krbret = krb5_get_init_creds_password( ctx, &creds, princ, pass, NULL, NULL, 0, KADM5_CHANGEPW_SERVICE, NULL))) {
    krb5_free_principal(ctx, princ);
    krb5_free_context(ctx);
    Krb5_register_error(krbret);
    return Qfalse;
  }

  krbret = krb5_change_password(ctx, &creds, newpass, &pw_result, &pw_res_string, &res_string );
  if (pw_result) {
    krb5_free_cred_contents(ctx, &creds);
    krb5_free_principal(ctx, princ);
    krb5_free_context(ctx);
    Krb5_register_error(pw_result);
    return Qfalse;
  }

  krb5_free_cred_contents(ctx, &creds);
  krb5_free_principal(ctx, princ);
  krb5_free_context(ctx);
  return Qtrue;

}

#errstrObject

returns the last error message generated or nil



51
52
53
54
55
56
57
58
59
60
 
# File 'ext/ruby_kerberos.c', line 51

static VALUE Krb5_errstr(VALUE self) {
  char error[255];
  if (kadm5_error_number == 0) {
    return Qnil;
  }
  strncpy(error,error_message(krb5_error_number), sizeof(error));
  error[sizeof(error) - 1] = '\0';
  VALUE kerror = rb_str_new2(error);
  return kerror;
}

#get_init_creds_password(_user, _pass) ⇒ Object

Kerberos user authentication. Returns true on success, false on failure. p1=username p2=password



283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
 
# File 'ext/ruby_kerberos.c', line 283

static VALUE Krb5_get_init_creds_password(VALUE self, VALUE _user, VALUE _pass) {
  Check_Type(_user,T_STRING);
  Check_Type(_pass,T_STRING);
  char * user = STR2CSTR(_user);
  char * pass = STR2CSTR(_pass);

  krb5_error_code             krbret;
  krb5_context                ctx;
  krb5_creds                  creds;
  krb5_principal              princ;

  if ((krbret = krb5_init_context(&ctx))) {
    Krb5_register_error(krbret);
    return Qfalse;
  }

  memset(&creds, 0, sizeof(krb5_creds));
  if ((krbret = krb5_parse_name(ctx, user, &princ))) {
    krb5_free_context(ctx);
    Krb5_register_error(krbret);
    return Qfalse;
  }

  if ((krbret = krb5_get_init_creds_password( ctx, &creds, princ, pass, 0, NULL, 0, NULL, NULL))) {
    krb5_free_context(ctx);
    krb5_free_principal(ctx, princ);
    Krb5_register_error(krbret);
    return Qfalse;
  }

    krb5_free_cred_contents(ctx, &creds);
    krb5_free_principal(ctx, princ);
    krb5_free_context(ctx);
   
    return Qtrue;
}