class KerberosAuthenticator::Krb5::Keytab

Storage for locally-stored keys.

Constants

FULL_NAME_DELIMITER

The seperator between the type and the residual in a keytab's name

GET_NAME_MAX_LENGTH

The maximum length, in bytes, that can be read by name .

Attributes

ptr[R]

@!attribute [r] ptr

@return [FFI::Pointer] the pointer to the wrapped krb5_keytab struct

Public Class Methods

default() click to toggle source

Resolves the default keytab, usually the file at `/etc/krb5.keytab`. The keytab is not opened and may not be accessible or contain any entries. (Use has_content? to check.) @return [Keytab] the default keytab @see web.mit.edu/Kerberos/krb5-1.14/doc/appdev/refs/api/krb5_kt_default.html krb5_kt_default

# File lib/kerberos_authenticator/krb5/keytab.rb, line 49
def self.default
  pointer = FFI::MemoryPointer.new :pointer
  Krb5.kt_default(Context.context.ptr, pointer)

  new(pointer)
end
new(pointer) click to toggle source

Initializes a new Keytab with a pointer to a pointer to a krb5_keytab structure. @param pointer [FFI::Buffer] @return [Keytab]

# File lib/kerberos_authenticator/krb5/keytab.rb, line 59
def initialize(pointer)
  @ptr = FFI::AutoPointer.new pointer.get_pointer(0), self.class.method(:release)

  self
end
new_with_name(name) click to toggle source

Resolves a keytab identified by name. The keytab is not opened and may not be accessible or contain any entries. (Use has_content? to check.) @param name [String] a name of the form 'type:residual', where usually type is 'FILE' and residual the path to that file @raises [Error] if the type is unknown @return [Keytab] a resolved, but not opened, keytab @see web.mit.edu/Kerberos/krb5-1.14/doc/appdev/refs/api/krb5_kt_resolve.html krb5_kt_resolve

# File lib/kerberos_authenticator/krb5/keytab.rb, line 38
def self.new_with_name(name)
  pointer = FFI::MemoryPointer.new :pointer
  Krb5.kt_resolve(Context.context.ptr, name, pointer)

  new(pointer)
end
release(pointer) click to toggle source

Closes a Keytab @api private @see web.mit.edu/kerberos/krb5-1.14/doc/appdev/refs/api/krb5_kt_close.html krb5_kt_close

# File lib/kerberos_authenticator/krb5/keytab.rb, line 133
def self.release(pointer)
  Krb5.kt_close(Context.context.ptr, pointer)
end

Public Instance Methods

assert_has_content() click to toggle source

Checks if the underlying keytab file or other store exists and contains entries. (When `krb5_kt_have_content` isn't provided by the Kerberos library, then only some very limited checks are performed.) @return [TrueClass] if the keytab exists and contains entries @raises [Error] if there is a problem finding entries in the keytab @see web.mit.edu/Kerberos/krb5-1.14/doc/appdev/refs/api/krb5_kt_have_content.html krb5_kt_have_content

# File lib/kerberos_authenticator/krb5/keytab.rb, line 70
def assert_has_content
  if defined?(Krb5.kt_have_content)
    Krb5.kt_have_content(Context.context.ptr, ptr)
  else # HACK
    raise Error, "Could not read #{name}" if file? and !FileTest.readable?(path)
  end
  true
end
file?() click to toggle source

@return [Boolean] if the keytab has a type of 'FILE' or 'file'

# File lib/kerberos_authenticator/krb5/keytab.rb, line 121
def file?
  type =~ /^FILE$/i
end
has_content?() click to toggle source

@return [Boolean] whether the keytab exists and contains entries

# File lib/kerberos_authenticator/krb5/keytab.rb, line 80
def has_content?
  assert_has_content
  true
rescue Error
  false
end
name() click to toggle source

@return [String] the name of the key table @see web.mit.edu/Kerberos/krb5-1.14/doc/appdev/refs/api/krb5_kt_get_name.html kt_get_name

# File lib/kerberos_authenticator/krb5/keytab.rb, line 95
def name
  if defined?(Krb5.kt_get_full_name)
    pointer = FFI::MemoryPointer.new :pointer
    Krb5.kt_get_full_name(Context.context.ptr, ptr, pointer)
    pointer = pointer.read_pointer
    copy = String.new(pointer.read_string).force_encoding('UTF-8')
    Krb5.xfree(pointer)
    copy
  else
    buffer = FFI::Buffer.new :char, GET_NAME_MAX_LENGTH
    Krb5.kt_get_name(Context.context.ptr, ptr, buffer, GET_NAME_MAX_LENGTH)
    buffer.read_bytes(255).force_encoding('UTF-8').split("\x00", 2)[0]
  end
end
path() click to toggle source

@return [String, nil] the path to the keytab file if the keytab is a file, nil otherwise

# File lib/kerberos_authenticator/krb5/keytab.rb, line 126
def path
  file? ? residual : nil
end
residual() click to toggle source

@return [String] the residual of the key table, which means different things depending on the type

# File lib/kerberos_authenticator/krb5/keytab.rb, line 116
def residual
  name.split(FULL_NAME_DELIMITER, 2).last
end
type() click to toggle source

@return [String] the type of the key table

# File lib/kerberos_authenticator/krb5/keytab.rb, line 111
def type
  name.split(FULL_NAME_DELIMITER, 2).first
end