Expand description
Safe, idiomatic Rust API for writing MIT Kerberos KDB driver plugins.
§Overview
A KDB plugin is a shared library loaded by libkdb5 at runtime. It must
export the C symbol kdb_function_table containing a filled-in
kdb_vftabl struct. This crate hides all of that plumbing
behind a single trait and a macro.
§Quick start
ⓘ
use kurbu5_kdb_rs::{kdb_plugin, KdbModule, KdbContext, KdbError, LookupFlags, OpenMode};
use kurbu5_kdb_rs::{PrincipalRef, PrincipalEntry};
pub struct MyKdb { path: String }
impl KdbModule for MyKdb {
fn open(
_ctx: &KdbContext<'_>,
conf_section: &str,
_args: &[&str],
_mode: OpenMode,
) -> Result<Self, KdbError> {
Ok(MyKdb { path: format!("/var/kerberos/{}.db", conf_section) })
}
fn get_principal(
&self,
_ctx: &KdbContext<'_>,
_search_for: PrincipalRef<'_>,
_flags: LookupFlags,
) -> Result<Option<PrincipalEntry>, KdbError>
{
Ok(None) // not found
}
}
kdb_plugin!(mykdb, MyKdb);
// Exports C symbol: kdb_function_table (libkdb5 selects the .so by the
// name given in krb5.conf db_library, then dlsym's this fixed symbol)§Safety model
Unsafe code in this crate is confined to [glue], context, and
backing_db; every unsafe block carries a // SAFETY: comment.
Plugin authors never need to write unsafe themselves.
Re-exports§
pub use backing_db::BackingDb;pub use context::KdbContext;pub use context::Krb5Context;pub use error::KdbError;pub use error::PolicyDenied;pub use key_data::DecryptKeyRequest;pub use key_data::EncryptKeyRequest;pub use key_data::KeyBlock;pub use key_data::KeyDataBuilder;pub use key_data::KeyDataOwned;pub use key_data::KeyDataRef;pub use key_data::KeyDataSlice;pub use key_data::KeySalt;pub use module::AddressRef;pub use module::AsAuditEvent;pub use module::AsPolicyRequest;pub use module::AuthIndicators;pub use module::DelegationRequest;pub use module::KdbModule;pub use module::KdcRequestRef;pub use module::PaDataIter;pub use module::PacBuilder;pub use module::PacIssuanceOutput;pub use module::PacIssuanceRequest;pub use module::PacRef;pub use module::ResourceDelegationRequest;pub use module::S4uX509Request;pub use module::TgsPolicyRequest;pub use module::TicketRef;pub use policy::PolicyEntry;pub use policy::PolicyEntryRef;pub use principal::OwnedPrincipal;pub use principal::PrincipalEntry;pub use principal::PrincipalEntryRef;pub use principal::PrincipalRef;pub use tl_data::KdbFree;pub use tl_data::KdbTlDataList;pub use types::AccessMode;pub use types::IterFlags;pub use types::KdcOptions;pub use types::LockMode;pub use types::LookupFlags;pub use types::OpenMode;pub use types::PrincipalAttributes;pub use types::ServerType;pub use types::TicketFlags;pub use types::Timestamp;pub use types::TlDataType;
Modules§
- backing_
db BackingDb— an ownedkrb5_contextwith a delegated KDB module loaded.- context
KdbContext— a safe wrapper aroundkrb5_contextfor use inside driver callbacks.- error
- Error types for the KDB driver API.
- key_
data - Zero-copy views and owned types for
krb5_key_dataarrays. - module
- The
KdbModuletrait — the primary user-facing API for KDB driver authors. - policy
- Zero-copy views and owned types for
osa_policy_ent_recpassword policies. - principal
- Zero-copy views and owned types for Kerberos principals and DB entries.
- tl_data
- KDB-layer re-exports and
KdbFreepolicy forkrb5_tl_data. - types
- Foundational types and flag enumerations for the KDB driver API.
Macros§
- kdb_
plugin - Register a KDB plugin module and export the C vtable symbol.
Structs§
- Generic
Free - Default free policy: walk the list freeing each node with
libc::free. - Owned
TlData List - An owned
krb5_tl_datalinked list whose drop behaviour is controlled by the free policyP. - TlData
Builder - Builder for constructing a
krb5_tl_datalinked list. - TlData
Iter - An iterator over a
krb5_tl_datalinked list. - TlData
Ref - A zero-copy reference to one node in a
krb5_tl_datalinked list.
Traits§
- TlData
Free Policy - Controls how an
OwnedTlDataListis freed on drop.
Type Aliases§
- TlData
List - Owned
krb5_tl_datalist for generic and KADM5 contexts.