Struct ClientCtx 

pub struct ClientCtx(/* private fields */);

A Kerberos client context

Implementations

impl ClientCtx

pub fn new( flags: InitiateFlags, principal: Option<&str>, target_principal: &str, channel_bindings: Option<&[u8]>, ) -> Result<(PendingClientCtx, impl Deref<Target = [u8]>)>

create a new client context for speaking to target_principal. If principal is None then the credentials of the user running current process will be used. target_principal must be the service principal name of the service you intend to communicate with. This should be an spn as described by GSSAPI, e.g. service/host@REALM. If present, channel_bindings is a service-specific channel binding token which will be part of the initial communication with the server.

On success a PendingClientCtx and a token to be sent to the server will be returned. The server and client may generate multiple additional tokens, which must be passed to the their respective step methods until the initialization is complete.

Examples found in repository

examples/auth.rs (line 41)

fn client(spn: &str, input: mpsc::Receiver<Msg>, output: mpsc::Sender<Msg>) {
    let (mut client, token) =
        ClientCtx::new(InitiateFlags::empty(), None, spn, None).expect("new");
    output.send(Msg::Token(Bytes::copy_from_slice(&*token))).expect("send");
    let mut client = loop {
        let token = match input.recv().expect("expected data") {
            Msg::Msg(_) => panic!("client not finished initializing"),
            Msg::Token(t) => t,
        };
        match client.step(&*token).expect("step") {
            Step::Finished((ctx, token)) => {
                if let Some(token) = token {
                    output.send(Msg::Token(Bytes::copy_from_slice(&*token))).expect("send");
                }
                break ctx
            },
            Step::Continue((ctx, token)) => {
                output.send(Msg::Token(Bytes::copy_from_slice(&*token))).expect("send");
                client = ctx;
            }
        }
    };
    let msg = client.wrap(true, b"super secret message").expect("wrap");
    output.send(Msg::Msg(Bytes::copy_from_slice(&*msg))).expect("send");
}

pub fn new_with_cred( cred: Cred, target_principal: &str, channel_bindings: Option<&[u8]>, ) -> Result<(PendingClientCtx, impl Deref<Target = [u8]>)>

Trait Implementations

impl Debug for ClientCtx

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl K5Ctx for ClientCtx

type Buffer = <ClientCtx as K5Ctx>::Buffer

type IOVBuffer = <ClientCtx as K5Ctx>::IOVBuffer

fn wrap(&mut self, encrypt: bool, msg: &[u8]) -> Result<Self::Buffer>

Wrap the specified message for sending to the other side. If encrypt is true then the contents will be encrypted. Even if encrypt is false the integrity of the contents are protected, if the message is altered in transit the other side will know.

fn wrap_iov(&mut self, encrypt: bool, msg: BytesMut) -> Result<Self::IOVBuffer>

Wrap data in place using the underlying wrap_iov facility. If encrypt is true then the contents of data will be encrypted in place. The returned buffer is NOT contiguous, and as such you must use some kind of writev implementation to properly send it. You can use tokio’s write_buf directly, or you can extract the iovecs for a direct call to writev using bytes::Buf::chunks_vectored.

fn unwrap(&mut self, msg: &[u8]) -> Result<Self::Buffer>

Unwrap the specified message returning it’s decrypted and verified contents

fn unwrap_iov(&mut self, len: usize, msg: &mut BytesMut) -> Result<BytesMut>

Unwrap in place the message at the beginning of the specified BytesMut and then split it off and return it. This won’t copy or allocate, it just looks that way because the bytes crate is awesome.

fn ttl(&mut self) -> Result<Duration>

Return the remaining time this session has to live