libgssapi/lib.rs
1//! Gssapi is the standard way of using Kerberos to build and use
2//! Kerberized services on unix. It has other uses, but Kerberos is by
3//! far the most common (and making Kerberos work well is the focus of
4//! this library).
5//!
6//! For a simpler cross platform interface to Kerberos 5 see
7//! [cross-krb5](https://crates.io/crates/cross-krb5).
8//!
9//! ## Contexts
10//!
11//! Gssapi is used through contexts which are connected to each other
12//! in a mechanism specific way. In the case of Kerberos once you have
13//! a context set up you can use to to send and receive encrypted
14//! messages that only the other side can read. Other mechanisms may
15//! or may not provide this feature.
16//!
17//! * Initiate a new connection with a [`ClientCtx`](context/struct.ClientCtx.html)
18//! * Accept a client connection with a [`ServerCtx`](context/struct.ServerCtx.html)
19//! * Both types implement [`SecurityContext`](context/trait.SecurityContext.html)
20//!
21//! Unlike SSL Gssapi is completely independent of the transport. It
22//! will give you tokens to send to the other side, and tell you when
23//! the context is established, it's up to you to decide how the data
24//! gets there.
25//!
26//! ```
27//! use std::env::args;
28//! use libgssapi::{
29//! name::Name,
30//! credential::{Cred, CredUsage},
31//! error::Error,
32//! context::{CtxFlags, ClientCtx, ServerCtx, SecurityContext},
33//! util::Buf,
34//! oid::{OidSet, GSS_NT_HOSTBASED_SERVICE, GSS_MECH_KRB5},
35//! };
36//!
37//! fn setup_server_ctx(
38//! service_name: &[u8],
39//! desired_mechs: &OidSet
40//! ) -> Result<(ServerCtx, Name), Error> {
41//! let name = Name::new(service_name, Some(&GSS_NT_HOSTBASED_SERVICE))?;
42//! let cname = name.canonicalize(Some(&GSS_MECH_KRB5))?;
43//! let server_cred = Cred::acquire(
44//! Some(&cname), None, CredUsage::Accept, Some(desired_mechs)
45//! )?;
46//! Ok((ServerCtx::new(server_cred), cname))
47//! }
48//!
49//! fn setup_client_ctx(
50//! service_name: Name,
51//! desired_mechs: &OidSet
52//! ) -> Result<ClientCtx, Error> {
53//! let client_cred = Cred::acquire(
54//! None, None, CredUsage::Initiate, Some(&desired_mechs)
55//! )?;
56//! Ok(ClientCtx::new(
57//! Some(client_cred), service_name, CtxFlags::GSS_C_MUTUAL_FLAG, Some(&GSS_MECH_KRB5)
58//! ))
59//! }
60//!
61//! fn run(service_name: &[u8]) -> Result<(), Error> {
62//! let desired_mechs = {
63//! let mut s = OidSet::new()?;
64//! s.add(&GSS_MECH_KRB5)?;
65//! s
66//! };
67//! let (mut server_ctx, cname) = setup_server_ctx(service_name, &desired_mechs)?;
68//! let mut client_ctx = setup_client_ctx(cname, &desired_mechs)?;
69//! let mut server_tok: Option<Buf> = None;
70//! loop {
71//! match client_ctx.step(server_tok.as_ref().map(|b| &**b), None)? {
72//! None => break,
73//! Some(client_tok) => match server_ctx.step(&*client_tok)? {
74//! None => break,
75//! Some(tok) => { server_tok = Some(tok); }
76//! }
77//! }
78//! }
79//! let secret_msg = client_ctx.wrap(true, b"super secret message")?;
80//! let decoded_msg = server_ctx.unwrap(&*secret_msg)?;
81//! println!("the decrypted message is: '{}'", String::from_utf8_lossy(&*decoded_msg));
82//! Ok(())
83//! }
84//! ```
85#[macro_use] extern crate bitflags;
86#[macro_use] extern crate lazy_static;
87
88pub mod oid;
89pub mod error;
90pub mod util;
91pub mod name;
92pub mod credential;
93pub mod context;
94