Class: KerberosAuthenticator::Krb5::Keytab

Inherits:
Object
  • Object
show all
Defined in:
lib/kerberos_authenticator/krb5/keytab.rb

Overview

Storage for locally-stored keys.

Constant Summary collapse

GET_NAME_MAX_LENGTH =

The maximum length, in bytes, that can be read by #name . HACK: Any value here might not be long enough. The value here is based on a maximum prefix/type length of 30 and a maximum residual/path length of 1024

30 + 1024
FULL_NAME_DELIMITER =

The seperator between the type and the residual in a keytab’s name

':'.freeze

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(pointer) ⇒ Keytab

Initializes a new Keytab with a pointer to a pointer to a krb5_keytab structure.

Parameters:

  • pointer (FFI::Buffer) 


59
60
61
62
63
 
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 59

def initialize(pointer)
  @ptr = FFI::AutoPointer.new pointer.get_pointer(0), self.class.method(:release)

  self
end

Instance Attribute Details

#ptrFFI::Pointer (readonly)

Returns the pointer to the wrapped krb5_keytab struct.

Returns:

  • (FFI::Pointer)

    the pointer to the wrapped krb5_keytab struct




# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 26

Class Method Details

.defaultKeytab

Resolves the default keytab, usually the file at ‘/etc/krb5.keytab`. The keytab is not opened and may not be accessible or contain any entries. (Use #has_content? to check.)

Returns:

  • (Keytab)

    the default keytab

See Also:



49
50
51
52
53
54
 
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 49

def self.default
  pointer = FFI::MemoryPointer.new :pointer
  Krb5.kt_default(Context.context.ptr, pointer)

  new(pointer)
end

.new_with_name(name) ⇒ Keytab

Resolves a keytab identified by name. The keytab is not opened and may not be accessible or contain any entries. (Use #has_content? to check.)

Parameters:

  • name (String)

    a name of the form ‘type:residual’, where usually type is ‘FILE’ and residual the path to that file

Returns:

  • (Keytab)

    a resolved, but not opened, keytab

Raises:

  • (Error)

    if the type is unknown

See Also:



38
39
40
41
42
43
 
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 38

def self.new_with_name(name)
  pointer = FFI::MemoryPointer.new :pointer
  Krb5.kt_resolve(Context.context.ptr, name, pointer)

  new(pointer)
end

.release(pointer) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Closes a Keytab

See Also:



140
141
142
 
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 140

def self.release(pointer)
  Krb5.kt_close(Context.context.ptr, pointer)
end

Instance Method Details

#assert_has_contentTrueClass

Checks if the underlying keytab file or other store exists and contains entries. (When ‘krb5_kt_have_content` isn’t provided by the Kerberos library, then only some very limited checks are performed.)

Returns:

  • (TrueClass)

    if the keytab exists and contains entries

Raises:

  • (Error)

    if there is a problem finding entries in the keytab

See Also:



70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 70

def assert_has_content
  if defined?(Krb5.kt_have_content)
    Krb5.kt_have_content(Context.context.ptr, ptr)
  else # HACK
    if file?
      raise Error, "Could not read #{name}" if !FileTest.readable?(path)
      raise Error, "#{name} does not appear to be a MIT keytab file" if File.read(path).unpack('C').first != 5
    end
  end
  true
end

#file?Boolean

Returns if the keytab has a type of ‘FILE’ or ‘file’.

Returns:

  • (Boolean)

    if the keytab has a type of ‘FILE’ or ‘file’



128
129
130
 
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 128

def file?
  type =~ /^FILE$/i
end

#has_content?Boolean

Returns whether the keytab exists and contains entries.

Returns:

  • (Boolean)

    whether the keytab exists and contains entries

See Also:



84
85
86
87
88
89
 
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 84

def has_content?
  assert_has_content
  true
rescue Error
  false
end

#nameString

Returns the name of the key table.

Returns:

  • (String)

    the name of the key table

See Also:



102
103
104
105
106
107
108
109
110
111
112
113
114
115
 
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 102

def name
  if defined?(Krb5.kt_get_full_name)
    pointer = FFI::MemoryPointer.new :pointer
    Krb5.kt_get_full_name(Context.context.ptr, ptr, pointer)
    pointer = pointer.read_pointer
    copy = String.new(pointer.read_string).force_encoding('UTF-8')
    Krb5.xfree(pointer)
    copy
  else
    buffer = FFI::Buffer.new :char, GET_NAME_MAX_LENGTH
    Krb5.kt_get_name(Context.context.ptr, ptr, buffer, GET_NAME_MAX_LENGTH)
    buffer.read_bytes(GET_NAME_MAX_LENGTH).force_encoding('UTF-8').rstrip
  end
end

#pathString?

Returns the path to the keytab file if the keytab is a file, nil otherwise.

Returns:

  • (String, nil)

    the path to the keytab file if the keytab is a file, nil otherwise



133
134
135
 
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 133

def path
  file? ? residual : nil
end

#residualString

Returns the residual of the key table, which means different things depending on the type.

Returns:

  • (String)

    the residual of the key table, which means different things depending on the type



123
124
125
 
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 123

def residual
  name.split(FULL_NAME_DELIMITER, 2).last
end

#typeString

Returns the type of the key table.

Returns:

  • (String)

    the type of the key table



118
119
120
 
# File 'lib/kerberos_authenticator/krb5/keytab.rb', line 118

def type
  name.split(FULL_NAME_DELIMITER, 2).first
end