⚠️ VeridianOS Kernel Documentation - This is low-level kernel code. All functions are unsafe unless explicitly marked otherwise. no_std

KerberosClient

veridian_kernel::net::kerberos::protocol

Struct KerberosClient 

Source 
pub struct KerberosClient {
    pub client_principal: PrincipalName,
    pub realm: String,
    /* private fields */
}
Expand description

Kerberos v5 client.

Handles AS-REQ (initial authentication) and TGS-REQ (service ticket request) flows.

Fields§

§client_principal: PrincipalName

Client principal

§realm: String

Realm

Implementations§

Source§

impl KerberosClient

Source

pub fn new(username: &str, realm: &str, password: &str) -> Self

Create a new Kerberos client.

Derives a long-term key from the password using string2key.

Source

pub fn has_valid_tgt(&self) -> bool

Whether the client has a valid (non-expired) TGT.

Source

pub fn tgt(&self) -> Option<&Ticket>

Get the TGT, if present.

Source

pub fn session_key(&self) -> Option<&[u8]>

Get the session key, if present.

Source

pub fn request_tgt(&mut self) -> Vec<u8>

Build an AS-REQ message to request a TGT.

Returns BER-encoded bytes ready to send to the KDC.

Source

pub fn parse_as_rep(&mut self, _data: &[u8]) -> Result<AsRepParts, KernelError>

Parse an AS-REP message.

Extracts the TGT and encrypted part. The caller must decrypt the encrypted part using the client’s long-term key to obtain the session key.

Source

pub fn store_tgt( &mut self, ticket: Ticket, session_key: Vec<u8>, expiry: KerberosTime, )

Store a TGT obtained from an AS-REP.

Source

pub fn request_service_ticket( &mut self, service: &str, hostname: &str, ) -> Result<Vec<u8>, KernelError>

Build a TGS-REQ message to request a service ticket.

Requires a valid TGT (obtained via request_tgt + parse_as_rep).

Source

pub fn parse_tgs_rep( &mut self, _data: &[u8], ) -> Result<TgsRepParts, KernelError>

Parse a TGS-REP message.

Source

pub fn key(&self) -> &[u8]

Get the client’s derived key.

Source

pub fn realm(&self) -> &str

Get the realm.

Auto Trait Implementations§

§

impl Freeze for KerberosClient

§

impl RefUnwindSafe for KerberosClient

§

impl Send for KerberosClient

§

impl Sync for KerberosClient

§

impl Unpin for KerberosClient

§

impl UnwindSafe for KerberosClient

Blanket Implementations§

§

impl<T> Any for T
where T: 'static + ?Sized,

§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
§

impl<T> Borrow<T> for T
where T: ?Sized,

§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
§

impl<T> BorrowMut<T> for T
where T: ?Sized,

§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<T> From<T> for T

§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T, U> Into<U> for T
where U: From<T>,

§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of [From]<T> for U chooses to do.

§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.