8 unstable releases (3 breaking)

0.4.2 Sep 11, 2020
0.4.1 Apr 22, 2020
0.4.0 Mar 23, 2020
0.3.0 Mar 21, 2020
0.1.1 Mar 18, 2020

#49 in Unix APIs

Download history 20/week @ 2020-05-28 23/week @ 2020-06-04 1/week @ 2020-06-11 2/week @ 2020-06-18 1/week @ 2020-06-25 19/week @ 2020-07-02 9/week @ 2020-07-09 21/week @ 2020-07-16 3/week @ 2020-07-23 10/week @ 2020-08-06 25/week @ 2020-08-13 15/week @ 2020-08-20 24/week @ 2020-08-27 42/week @ 2020-09-03 30/week @ 2020-09-10

58 downloads per month
Used in 4 crates (2 directly)

MIT license

71KB
1.5K SLoC

libgssapi

A safe MIT licensed binding to gssapi

see rfc2744 for more info

gssapi is a huge and complex beast that is also very old (like Computer Chronicles old). So while this library might work for lots of mechanisms it has only been tested (so far) with MIT kerberos 5.

Example KRB5 Mutual Authentication Between Client and Server

use libgssapi::{
    name::Name,
    credential::{Cred, CredUsage},
    error::Error,
    context::{CtxFlags, ClientCtx, ServerCtx, SecurityContext},
    util::Buf,
    oid::{OidSet, GSS_NT_HOSTBASED_SERVICE, GSS_MECH_KRB5},
};

fn setup_server_ctx(
    service_name: &[u8],
    desired_mechs: &OidSet
) -> Result<(ServerCtx, Name), Error> {
    let name = Name::new(service_name, Some(&GSS_NT_HOSTBASED_SERVICE))?;
    let cname = name.canonicalize(Some(&GSS_MECH_KRB5))?;
    let server_cred = Cred::acquire(
        Some(&cname), None, CredUsage::Accept, Some(desired_mechs)
    )?;
    Ok((ServerCtx::new(&server_cred), cname))
}

fn run(service_name: &[u8]) -> Result<(), Error> {
    let desired_mechs = {
        let mut s = OidSet::new()?;
        s.add(&GSS_MECH_KRB5)?;
        s
    };
    let (server_ctx, cname) = setup_server_ctx(service_name, &desired_mechs)?;
    let client_cred = Cred::acquire(
        None, None, CredUsage::Initiate, Some(&desired_mechs)
    )?;
    let client_ctx = ClientCtx::new(
        &client_cred, service_name, CtxFlags::GSS_C_MUTUAL_FLAG, Some(&GSS_MECH_KRB5)
    ))
    let mut server_tok: Option<Buf> = None;
    loop {
        match client_ctx.step(server_tok.as_ref().map(|b| &**b))? {
            None => break,
            Some(client_tok) => match server_ctx.step(&*client_tok)? {
                None => break,
                Some(tok) => { server_tok = Some(tok); }
            }
        }
    }
    let secret_msg = client_ctx.wrap(true, b"super secret message")?;
    let decoded_msg = server_ctx.unwrap(&*secret_msg)?;
    Ok(())
}

Dependencies

~0.7–2.1MB
~43K SLoC