Class: KerberosAuthenticator::Krb5::Keytab

Inherits:

Object

• Object
• KerberosAuthenticator::Krb5::Keytab

Defined in:

lib/kerberos_authenticator/krb5/keytab.rb

Overview

Storage for locally-stored keys.

Constant Summary

GET_NAME_MAX_LENGTH =

The maximum length, in bytes, that can be read by #name .

512

FULL_NAME_DELIMITER =

The seperator between the type and the residual in a keytab’s name

':'

Instance Attribute Summary

• #ptr ⇒ FFI::Pointer readonly

  The pointer to the wrapped krb5_keytab struct.

Class Method Summary

• .default ⇒ Keytab

  Resolves the default keytab, usually the file at ‘/etc/krb5.keytab`.

• .new_with_name(name) ⇒ Keytab

  Resolves a keytab identified by name.

• .release(pointer) ⇒ Object private

  Closes a Keytab.

Instance Method Summary

• #assert_has_content ⇒ TrueClass

  Checks if the underlying keytab file or other store exists and contains entries.

• #file? ⇒ Boolean

  If the keytab has a type of ‘FILE’ or ‘file’.

• #has_content? ⇒ Boolean

  Whether the keytab exists and contains entries.

• #initialize(pointer) ⇒ Keytab constructor

  Initializes a new Keytab with a pointer to a pointer to a krb5_keytab structure.

• #name ⇒ String

  The name of the key table.

• #path ⇒ String^?

  The path to the keytab file if the keytab is a file, nil otherwise.

• #residual ⇒ String

  The residual of the key table, which means different things depending on the type.

• #type ⇒ String

  The type of the key table.

Constructor Details

#initialize(pointer) ⇒ Keytab

Initializes a new Keytab with a pointer to a pointer to a krb5_keytab structure.

Parameters:

• pointer (FFI::Buffer)

# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 59

def initialize(pointer)
  @ptr = FFI::AutoPointer.new pointer.get_pointer(0), self.class.method(:release)

  self
end

Instance Attribute Details

#ptr ⇒ FFI::Pointer (readonly)

Returns the pointer to the wrapped krb5_keytab struct.

Returns:

• (FFI::Pointer) —

  the pointer to the wrapped krb5_keytab struct

# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 26

Class Method Details

.default ⇒ Keytab

Resolves the default keytab, usually the file at ‘/etc/krb5.keytab`. The keytab is not opened and may not be accessible or contain any entries. (Use #has_content? to check.)

Returns:

• (Keytab) —

  the default keytab

See Also:

• krb5_kt_default

# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 49

def self.default
  pointer = FFI::MemoryPointer.new :pointer
  Krb5.kt_default(Context.context.ptr, pointer)

  new(pointer)
end

.new_with_name(name) ⇒ Keytab

Resolves a keytab identified by name. The keytab is not opened and may not be accessible or contain any entries. (Use #has_content? to check.)

Parameters:

• name (String) —

  a name of the form ‘type:residual’, where usually type is ‘FILE’ and residual the path to that file

Returns:

• (Keytab) —

  a resolved, but not opened, keytab

See Also:

• krb5_kt_resolve

# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 38

def self.new_with_name(name)
  pointer = FFI::MemoryPointer.new :pointer
  Krb5.kt_resolve(Context.context.ptr, name, pointer)

  new(pointer)
end

.release(pointer) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Closes a Keytab

See Also:

• krb5_kt_close

# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 133

def self.release(pointer)
  Krb5.kt_close(Context.context.ptr, pointer)
end

Instance Method Details

#assert_has_content ⇒ TrueClass

Checks if the underlying keytab file or other store exists and contains entries. (When ‘krb5_kt_have_content` isn’t provided by the Kerberos library, then only some very limited checks are performed.)

Returns:

• (TrueClass) —

  if the keytab exists and contains entries

See Also:

• krb5_kt_have_content

# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 70

def assert_has_content
  if defined?(Krb5.kt_have_content)
    Krb5.kt_have_content(Context.context.ptr, ptr)
  else # HACK
    raise Error, "Could not read #{name}" if file? and !FileTest.readable?(path)
  end
  true
end

#file? ⇒ Boolean

Returns if the keytab has a type of ‘FILE’ or ‘file’.

Returns:

• (Boolean) —

  if the keytab has a type of ‘FILE’ or ‘file’

# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 121

def file?
  type =~ /^FILE$/i
end

#has_content? ⇒ Boolean

Returns whether the keytab exists and contains entries.

Returns:

• (Boolean) —

  whether the keytab exists and contains entries

# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 80

def has_content?
  assert_has_content
  true
rescue Error
  false
end

#name ⇒ String

Returns the name of the key table.

Returns:

• (String) —

  the name of the key table

See Also:

• kt_get_name

# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 95

def name
  if defined?(Krb5.kt_get_full_name)
    pointer = FFI::MemoryPointer.new :pointer
    Krb5.kt_get_full_name(Context.context.ptr, ptr, pointer)
    pointer = pointer.read_pointer
    copy = String.new(pointer.read_string).force_encoding('UTF-8')
    Krb5.xfree(pointer)
    copy
  else
    buffer = FFI::Buffer.new :char, GET_NAME_MAX_LENGTH
    Krb5.kt_get_name(Context.context.ptr, ptr, buffer, GET_NAME_MAX_LENGTH)
    buffer.read_bytes(255).force_encoding('UTF-8').split("\x00", 2)[0]
  end
end

#path ⇒ String^?

Returns the path to the keytab file if the keytab is a file, nil otherwise.

Returns:

• (String, nil) —

  the path to the keytab file if the keytab is a file, nil otherwise

# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 126

def path
  file? ? residual : nil
end

#residual ⇒ String

Returns the residual of the key table, which means different things depending on the type.

Returns:

• (String) —

  the residual of the key table, which means different things depending on the type

# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 116

def residual
  name.split(FULL_NAME_DELIMITER, 2).last
end

#type ⇒ String

Returns the type of the key table.

Returns:

• (String) —

  the type of the key table

# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 111

def type
  name.split(FULL_NAME_DELIMITER, 2).first
end