Class: KerberosAuthenticator::Krb5::Keytab

Inherits:
Object
  • Object
show all
Defined in:
lib/kerberos_authenticator/krb5/keytab.rb

Overview

Storage for locally-stored keys.

Constant Summary collapse

GET_NAME_MAX_LENGTH =

The maximum length, in bytes, that can be read by #name .

512
FULL_NAME_DELIMITER =

The seperator between the type and the residual in a keytab’s name

':'

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(pointer) ⇒ Keytab

Initializes a new Keytab with a pointer to a pointer to a krb5_keytab structure.

Parameters:

  • pointer (FFI::Buffer)


59
60
61
62
63
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 59

def initialize(pointer)
  @ptr = FFI::AutoPointer.new pointer.get_pointer(0), self.class.method(:release)

  self
end

Instance Attribute Details

#ptrFFI::Pointer (readonly)

Returns the pointer to the wrapped krb5_keytab struct.

Returns:

  • (FFI::Pointer)

    the pointer to the wrapped krb5_keytab struct



# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 26

Class Method Details

.defaultKeytab

Resolves the default keytab, usually the file at ‘/etc/krb5.keytab`. The keytab is not opened and may not be accessible or contain any entries. (Use #has_content? to check.)

Returns:

  • (Keytab)

    the default keytab

See Also:



49
50
51
52
53
54
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 49

def self.default
  pointer = FFI::MemoryPointer.new :pointer
  Krb5.kt_default(Context.context.ptr, pointer)

  new(pointer)
end

.new_with_name(name) ⇒ Keytab

Resolves a keytab identified by name. The keytab is not opened and may not be accessible or contain any entries. (Use #has_content? to check.)

Parameters:

  • name (String)

    a name of the form ‘type:residual’, where usually type is ‘FILE’ and residual the path to that file

Returns:

  • (Keytab)

    a resolved, but not opened, keytab

See Also:



38
39
40
41
42
43
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 38

def self.new_with_name(name)
  pointer = FFI::MemoryPointer.new :pointer
  Krb5.kt_resolve(Context.context.ptr, name, pointer)

  new(pointer)
end

.release(pointer) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Closes a Keytab

See Also:



133
134
135
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 133

def self.release(pointer)
  Krb5.kt_close(Context.context.ptr, pointer)
end

Instance Method Details

#assert_has_contentTrueClass

Checks if the underlying keytab file or other store exists and contains entries. (When ‘krb5_kt_have_content` isn’t provided by the Kerberos library, then only some very limited checks are performed.)

Returns:

  • (TrueClass)

    if the keytab exists and contains entries

See Also:



70
71
72
73
74
75
76
77
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 70

def assert_has_content
  if defined?(Krb5.kt_have_content)
    Krb5.kt_have_content(Context.context.ptr, ptr)
  else # HACK
    raise Error, "Could not read #{name}" if file? and !FileTest.readable?(path)
  end
  true
end

#file?Boolean

Returns if the keytab has a type of ‘FILE’ or ‘file’.

Returns:

  • (Boolean)

    if the keytab has a type of ‘FILE’ or ‘file’



121
122
123
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 121

def file?
  type =~ /^FILE$/i
end

#has_content?Boolean

Returns whether the keytab exists and contains entries.

Returns:

  • (Boolean)

    whether the keytab exists and contains entries



80
81
82
83
84
85
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 80

def has_content?
  assert_has_content
  true
rescue Error
  false
end

#nameString

Returns the name of the key table.

Returns:

  • (String)

    the name of the key table

See Also:



95
96
97
98
99
100
101
102
103
104
105
106
107
108
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 95

def name
  if defined?(Krb5.kt_get_full_name)
    pointer = FFI::MemoryPointer.new :pointer
    Krb5.kt_get_full_name(Context.context.ptr, ptr, pointer)
    pointer = pointer.read_pointer
    copy = String.new(pointer.read_string).force_encoding('UTF-8')
    Krb5.xfree(pointer)
    copy
  else
    buffer = FFI::Buffer.new :char, GET_NAME_MAX_LENGTH
    Krb5.kt_get_name(Context.context.ptr, ptr, buffer, GET_NAME_MAX_LENGTH)
    buffer.read_bytes(255).force_encoding('UTF-8').split("\x00", 2)[0]
  end
end

#pathString?

Returns the path to the keytab file if the keytab is a file, nil otherwise.

Returns:

  • (String, nil)

    the path to the keytab file if the keytab is a file, nil otherwise



126
127
128
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 126

def path
  file? ? residual : nil
end

#residualString

Returns the residual of the key table, which means different things depending on the type.

Returns:

  • (String)

    the residual of the key table, which means different things depending on the type



116
117
118
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 116

def residual
  name.split(FULL_NAME_DELIMITER, 2).last
end

#typeString

Returns the type of the key table.

Returns:

  • (String)

    the type of the key table



111
112
113
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 111

def type
  name.split(FULL_NAME_DELIMITER, 2).first
end