Class: Kerberos::Kadm5

Inherits:

Object

Object
Kerberos::Kadm5

show all

Defined in:: lib/kerberos.rb,
ext/ruby_kerberos.c

Overview

Kadm5 contains the administrative functions, such as adding/deleting/modifying principals.

Constant Summary collapse

KRB5_KDB_PWCHANGE_SERVICE = Principal primary attributes

INT2NUM(KRB5_KDB_PWCHANGE_SERVICE)

KRB5_KDB_DISALLOW_POSTDATED =

INT2NUM(KRB5_KDB_DISALLOW_POSTDATED)

KRB5_KDB_DISALLOW_FORWARDABLE =

INT2NUM(KRB5_KDB_DISALLOW_FORWARDABLE)

KRB5_KDB_DISALLOW_TGT_BASED =

INT2NUM(KRB5_KDB_DISALLOW_TGT_BASED)

KRB5_KDB_DISALLOW_RENEWABLE =

INT2NUM(KRB5_KDB_DISALLOW_RENEWABLE)

KRB5_KDB_DISALLOW_PROXIABLE =

INT2NUM(KRB5_KDB_DISALLOW_PROXIABLE)

KRB5_KDB_DISALLOW_DUP_SKEY =

INT2NUM(KRB5_KDB_DISALLOW_DUP_SKEY)

KRB5_KDB_DISALLOW_ALL_TIX =

INT2NUM(KRB5_KDB_DISALLOW_ALL_TIX)

KRB5_KDB_REQUIRES_PRE_AUTH =

INT2NUM(KRB5_KDB_REQUIRES_PRE_AUTH)

KRB5_KDB_REQUIRES_HW_AUTH =

INT2NUM(KRB5_KDB_REQUIRES_HW_AUTH)

KRB5_KDB_DISALLOW_SVR =

INT2NUM(KRB5_KDB_DISALLOW_SVR)

KRB5_KDB_REQUIRES_PWCHANGE =

INT2NUM(KRB5_KDB_REQUIRES_PWCHANGE)

KRB5_KDB_SUPPORT_DESMD5 =

INT2NUM(KRB5_KDB_SUPPORT_DESMD5)

KRB5_KDB_NEW_PRINC =

INT2NUM(KRB5_KDB_NEW_PRINC)

Instance Method Summary collapse

#create_principal(_user, _pass, options) ⇒ Object

Create a kerberos principal.
#delete_principal(_user) ⇒ Object

Deletes a principal from the kerberos database.
#errstr ⇒ Object

returns the last error message generated or nil.
#init_with_password(_auser, _apass) ⇒ Object

Initializes a connection to the kdc using an administrative user.

Instance Method Details

#create_principal(_user, _pass, options) ⇒ `Object`

Create a kerberos principal. p1 = username p2 = password p3 = options hash

Options hash can contain any of the following keys: kvno attributes max_renewable_life pw_expiration max_life princ_expire_time policy

attributes is a bitmask of the above KRB5_KDB_* constants.

# File 'ext/ruby_kerberos.c', line 100

static VALUE Kadm5_create_principal(VALUE self, VALUE _user, VALUE _pass, VALUE options) {
  Check_Type(options,T_HASH);
  Check_Type(_user,T_STRING);
  Check_Type(_pass,T_STRING);
  char * user = STR2CSTR(_user);
  char * pass = STR2CSTR(_pass);

  VALUE hval;
  long mask =0;
  krb5_error_code  krbret;
  kadm5_ret_t rc;
  krb5_context  ctx;
  kadm5_principal_ent_rec princ;

  memset(&princ, 0, sizeof(princ));
  if ((krbret = krb5_init_context(&ctx))) {
    Kadm5_register_error(krbret);
    return Qfalse;
  }

  if ((krbret = krb5_parse_name(ctx, user, &princ.principal))) {
    krb5_free_context(ctx);
    Kadm5_register_error(krbret);
    return Qfalse;
  }

  if (st_lookup(RHASH(options)->tbl, rb_str_new2(OP_KVNO), &hval)) {
    Check_Type(hval,T_FIXNUM);
    mask |= KADM5_KVNO;
    princ.kvno = FIX2LONG(hval);
  }

  if (st_lookup(RHASH(options)->tbl, rb_str_new2(OP_ATTRIBUTES), &hval)) {
    Check_Type(hval,T_FIXNUM);
    princ.attributes = FIX2LONG(hval);
    mask |= KADM5_ATTRIBUTES;
  }

  if (st_lookup(RHASH(options)->tbl, rb_str_new2(OP_MAX_RLIFE), &hval)) {
    Check_Type(hval,T_FIXNUM);
    mask |= KADM5_MAX_RLIFE;
    princ.max_renewable_life = FIX2LONG(hval);
  }

  if (st_lookup(RHASH(options)->tbl, rb_str_new2(OP_PW_EXPIRATION), &hval)) {
    Check_Type(hval,T_FIXNUM);
    mask |= KADM5_PW_EXPIRATION;
    princ.pw_expiration = FIX2LONG(hval);
  }

  if (st_lookup(RHASH(options)->tbl, rb_str_new2(OP_PRINC_EXPIRE_TIME), &hval)) {
    Check_Type(hval,T_FIXNUM);
    mask |= KADM5_PRINC_EXPIRE_TIME;
    princ.princ_expire_time = FIX2LONG(hval);
  }

  if (st_lookup(RHASH(options)->tbl, rb_str_new2(OP_MAX_LIFE), &hval)) {
    Check_Type(hval,T_FIXNUM);
    mask |= KADM5_MAX_LIFE;
    princ.max_life = FIX2LONG(hval);
  }

  if (st_lookup(RHASH(options)->tbl, rb_str_new2(OP_POLICY), &hval)) {
    Check_Type(hval,T_STRING);
    mask |= KADM5_POLICY;
    princ.policy = RSTRING(hval)->ptr;
  }


  mask |= KADM5_PRINCIPAL;
  rc = kadm5_create_principal(kadm5_handle, &princ, mask, pass);
  if (rc) {
    krb5_free_principal(ctx, princ.principal);
    krb5_free_context(ctx);
    Kadm5_register_error(rc);
    return Qfalse;
  }

  krb5_free_principal(ctx, princ.principal);
  krb5_free_context(ctx);
  return Qtrue;

}

#delete_principal(_user) ⇒ `Object`

Deletes a principal from the kerberos database. Takes the username to delete as it’s sole argument. Returns true on success, false on failure.

# File 'ext/ruby_kerberos.c', line 189

static VALUE Kadm5_delete_principal(VALUE self, VALUE _user) {
  Check_Type(_user,T_STRING);
  char * user = STR2CSTR(_user);

  krb5_error_code             krbret;
  kadm5_ret_t                 rc;
  krb5_context                ctx;
  krb5_principal              princ;

  if ((krbret = krb5_init_context(&ctx))) {
    Kadm5_register_error(krbret);
    return Qfalse;
  }
  if ((krbret = krb5_parse_name(ctx, user, &princ))) {
    krb5_free_context(ctx);
    Kadm5_register_error(krbret);
    return Qfalse;
  }

  rc = kadm5_delete_principal(kadm5_handle, princ);
  if (rc) {
    krb5_free_principal(ctx, princ);
    krb5_free_context(ctx);
    Kadm5_register_error(rc);
    return Qfalse;
  }

  krb5_free_principal(ctx, princ);
  krb5_free_context(ctx);
  return Qtrue;

}

#errstr ⇒ `Object`

returns the last error message generated or nil

# File 'ext/ruby_kerberos.c', line 38

static VALUE Kadm5_errstr(VALUE self) {
  char error[255];
  if (kadm5_error_number == 0) {
    return Qnil;
  }
  strncpy(error,error_message(kadm5_error_number), sizeof(error));
  error[sizeof(error) - 1] = '\0';
  VALUE kerror = rb_str_new2(error);
  return kerror;
}

#init_with_password(_auser, _apass) ⇒ `Object`

Initializes a connection to the kdc using an administrative user. This method must be called before any other Kadm5 methods. Returns true on success, false on falure. The reason for a failure can be found in Kadm5.errstr p1 = username p2 = password

# File 'ext/ruby_kerberos.c', line 68

static VALUE Kadm5_init_with_password(VALUE self, VALUE _auser, VALUE _apass) {
  Check_Type(_auser,T_STRING);
  Check_Type(_apass,T_STRING);
  char * auser = STR2CSTR(_auser);
  char * apass = STR2CSTR(_apass);
  kadm5_ret_t ret;

  ret = kadm5_init_with_password(auser, apass, KADM5_ADMIN_SERVICE, NULL, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, &kadm5_handle);
  if (ret) {
    Kadm5_register_error(ret);
    return Qfalse;
  }
  return Qtrue;
}

Class: Kerberos::Kadm5

Overview

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#create_principal(_user, _pass, options) ⇒ Object

#delete_principal(_user) ⇒ Object

#errstr ⇒ Object

#init_with_password(_auser, _apass) ⇒ Object

#create_principal(_user, _pass, options) ⇒ `Object`

#delete_principal(_user) ⇒ `Object`

#errstr ⇒ `Object`

#init_with_password(_auser, _apass) ⇒ `Object`