/rust/registry/src/index.crates.io-1949cf8c6b5b557f/kerberos-parser-0.7.1/src/krb5.rs

Source
//! Kerberos 5 structures
//!
//! - [RFC1510](https://tools.ietf.org/html/rfc1510) The Kerberos Network Authentication Service (V5)
//! - [RFC3961](https://tools.ietf.org/html/rfc3961) Encryption and Checksum Specifications for Kerberos 5
//! - [RFC3962](https://tools.ietf.org/html/rfc3962) Advanced Encryption Standard (AES) Encryption for Kerberos 5
//! - [RFC4120](https://tools.ietf.org/html/rfc4120) The Kerberos Network Authentication Service (V5)
//! - [RFC6803](https://tools.ietf.org/html/rfc6803) Camellia Encryption for Kerberos 5
//! - [RFC8009](https://tools.ietf.org/html/rfc8009) AES Encryption with HMAC-SHA2 for Kerberos 5

use der_parser::der::DerObject;
use std::fmt;

pub use crate::krb5_constants::*;
pub use crate::krb5_errors::*;

/// Kerberos Realm
///
/// A Kerberos realm is a set of managed nodes that share the same Kerberos database.
#[derive(Debug, PartialEq)]
pub struct Realm(pub String);

/// Kerberos PrincipalName
///
/// A Kerberos principal is a service or user that is known to the Kerberos system. Each Kerberos
/// principal is identified by its principal name. Principal names consist of three parts: a
/// service or user name, an instance name, and a realm name in the following form:
///
/// <pre>
/// principal-name.instance-name@realm-name
/// </pre>
#[derive(Debug, PartialEq)]
pub struct PrincipalName {
    pub name_type: NameType,
    pub name_string: Vec<String>,
}

impl fmt::Display for PrincipalName {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        f.write_str(&self.name_string.join("/"))
    }
}

/// Kerberos Ticket
///
/// A record that helps a client authenticate itself to a server; it
/// contains the client's identity, a session key, a timestamp, and
/// other information, all sealed using the server's secret key.  It
/// only serves to authenticate a client when presented along with a
/// fresh Authenticator.
#[derive(Debug, PartialEq)]
pub struct Ticket<'a> {
    /// Version number for the ticket format (5)
    pub tkt_vno: u32,
    /// Realm that issued a ticket
    pub realm: Realm,
    /// Components of the name part of the server's identity
    pub sname: PrincipalName,
    /// Encrypted encoding of the EncTicketPart sequence
    pub enc_part: EncryptedData<'a>,
}

/// Kerberos EncryptedData
#[derive(Debug, PartialEq)]
pub struct EncryptedData<'a> {
    /// EncryptionType
    pub etype: EncryptionType,
    /// Version number of the key under which data is encrypted
    pub kvno: Option<u32>,
    /// Ciphertext
    pub cipher: &'a [u8],
}

/// Key Distribution Center (KDC) Request Message
#[derive(Debug, PartialEq)]
pub struct KdcReq<'a> {
    pub pvno: u32,
    pub msg_type: MessageType,
    pub padata: Vec<PAData<'a>>,
    pub req_body: KdcReqBody<'a>,
}

/// Key Distribution Center (KDC) Request Message Body
#[derive(Debug, PartialEq)]
pub struct KdcReqBody<'a> {
    /// Options requested by the client
    pub kdc_options: DerObject<'a>,
    /// Client name (only for AS-REQ)
    pub cname: Option<PrincipalName>,
    /// Server's realm
    pub realm: Realm,
    /// Server name
    pub sname: Option<PrincipalName>,
    /// Desired starttime for the requested ticket
    pub from: Option<DerObject<'a>>,
    /// Expiration date requested by the client
    pub till: DerObject<'a>,
    /// Requested renew-till time
    pub rtime: Option<DerObject<'a>>,
    /// Random number generated by the client
    pub nonce: u32,
    /// Desired encryption algorithm to be used in the response
    pub etype: Vec<EncryptionType>,
    /// Addresses from which the requested ticket is to be valid
    pub addresses: Vec<HostAddress<'a>>,
    /// Encoding of the desired authorization-data encrypted under the sub-session key if present
    /// in the Authenticator, or alternatively from the session key in the TGT
    pub enc_authorization_data: Option<EncryptedData<'a>>,
    /// Additional tickets MAY be optionally included in a request to the ticket-granting server
    pub additional_tickets: Vec<Ticket<'a>>,
}

/// Kerberos HostAddress
#[derive(Debug, PartialEq)]
pub struct HostAddress<'a> {
    pub addr_type: AddressType,
    pub address: &'a [u8],
}

/// Key Distribution Center (KDC) Reply Message
#[derive(Debug, PartialEq)]
pub struct KdcRep<'a> {
    pub pvno: u32,
    pub msg_type: MessageType,
    pub padata: Vec<PAData<'a>>,
    pub crealm: Realm,
    pub cname: PrincipalName,
    pub ticket: Ticket<'a>,
    pub enc_part: EncryptedData<'a>,
}

/// Kerberos Error message
#[derive(Debug, PartialEq)]
pub struct KrbError<'a> {
    pub pvno: u32,
    pub msg_type: MessageType,
    pub ctime: Option<DerObject<'a>>,
    pub cusec: Option<u32>,
    pub stime: DerObject<'a>,
    pub susec: u32,
    pub error_code: ErrorCode,
    pub crealm: Option<Realm>,
    pub cname: Option<PrincipalName>,
    pub realm: Realm,
    pub sname: PrincipalName,
    pub etext: Option<String>,
    pub edata: Option<DerObject<'a>>,
}

/// Kerberos PA-Data
#[derive(Debug, PartialEq)]
pub struct PAData<'a> {
    pub padata_type: PAType,
    pub padata_value: &'a [u8],
}

/// Kerberos AP Request
#[derive(Debug, PartialEq)]
pub struct ApReq<'a> {
    pub pvno: u32,
    pub msg_type: MessageType,
    pub ap_options: DerObject<'a>, // KerberosFlags
    pub ticket: Ticket<'a>,
    pub authenticator: EncryptedData<'a>,
}

/// Kerberos AP Reply
#[derive(Debug, PartialEq)]
pub struct ApRep<'a> {
    pub pvno: u32,
    pub msg_type: MessageType,
    pub enc_part: EncryptedData<'a>,
}

Coverage Report

Created: 2025-11-16 07:09

Line	Count	Source
1		//! Kerberos 5 structures
2		//!
3		//! - [RFC1510](https://tools.ietf.org/html/rfc1510) The Kerberos Network Authentication Service (V5)
4		//! - [RFC3961](https://tools.ietf.org/html/rfc3961) Encryption and Checksum Specifications for Kerberos 5
5		//! - [RFC3962](https://tools.ietf.org/html/rfc3962) Advanced Encryption Standard (AES) Encryption for Kerberos 5
6		//! - [RFC4120](https://tools.ietf.org/html/rfc4120) The Kerberos Network Authentication Service (V5)
7		//! - [RFC6803](https://tools.ietf.org/html/rfc6803) Camellia Encryption for Kerberos 5
8		//! - [RFC8009](https://tools.ietf.org/html/rfc8009) AES Encryption with HMAC-SHA2 for Kerberos 5
9
10		use der_parser::der::DerObject;
11		use std::fmt;
12
13		pub use crate::krb5_constants::*;
14		pub use crate::krb5_errors::*;
15
16		/// Kerberos Realm
17		///
18		/// A Kerberos realm is a set of managed nodes that share the same Kerberos database.
19		#[derive(Debug, PartialEq)]
20		pub struct Realm(pub String);
21
22		/// Kerberos PrincipalName
23		///
24		/// A Kerberos principal is a service or user that is known to the Kerberos system. Each Kerberos
25		/// principal is identified by its principal name. Principal names consist of three parts: a
26		/// service or user name, an instance name, and a realm name in the following form:
27		///
28		/// <pre>
29		/// principal-name.instance-name@realm-name
30		/// </pre>
31		#[derive(Debug, PartialEq)]
32		pub struct PrincipalName {
33		pub name_type: NameType,
34		pub name_string: Vec<String>,
35		}
36
37		impl fmt::Display for PrincipalName {
38	858	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
39	858	f.write_str(&self.name_string.join("/"))
40	858	}
41		}
42
43		/// Kerberos Ticket
44		///
45		/// A record that helps a client authenticate itself to a server; it
46		/// contains the client's identity, a session key, a timestamp, and
47		/// other information, all sealed using the server's secret key. It
48		/// only serves to authenticate a client when presented along with a
49		/// fresh Authenticator.
50		#[derive(Debug, PartialEq)]
51		pub struct Ticket<'a> {
52		/// Version number for the ticket format (5)
53		pub tkt_vno: u32,
54		/// Realm that issued a ticket
55		pub realm: Realm,
56		/// Components of the name part of the server's identity
57		pub sname: PrincipalName,
58		/// Encrypted encoding of the EncTicketPart sequence
59		pub enc_part: EncryptedData<'a>,
60		}
61
62		/// Kerberos EncryptedData
63		#[derive(Debug, PartialEq)]
64		pub struct EncryptedData<'a> {
65		/// EncryptionType
66		pub etype: EncryptionType,
67		/// Version number of the key under which data is encrypted
68		pub kvno: Option<u32>,
69		/// Ciphertext
70		pub cipher: &'a [u8],
71		}
72
73		/// Key Distribution Center (KDC) Request Message
74		#[derive(Debug, PartialEq)]
75		pub struct KdcReq<'a> {
76		pub pvno: u32,
77		pub msg_type: MessageType,
78		pub padata: Vec<PAData<'a>>,
79		pub req_body: KdcReqBody<'a>,
80		}
81
82		/// Key Distribution Center (KDC) Request Message Body
83		#[derive(Debug, PartialEq)]
84		pub struct KdcReqBody<'a> {
85		/// Options requested by the client
86		pub kdc_options: DerObject<'a>,
87		/// Client name (only for AS-REQ)
88		pub cname: Option<PrincipalName>,
89		/// Server's realm
90		pub realm: Realm,
91		/// Server name
92		pub sname: Option<PrincipalName>,
93		/// Desired starttime for the requested ticket
94		pub from: Option<DerObject<'a>>,
95		/// Expiration date requested by the client
96		pub till: DerObject<'a>,
97		/// Requested renew-till time
98		pub rtime: Option<DerObject<'a>>,
99		/// Random number generated by the client
100		pub nonce: u32,
101		/// Desired encryption algorithm to be used in the response
102		pub etype: Vec<EncryptionType>,
103		/// Addresses from which the requested ticket is to be valid
104		pub addresses: Vec<HostAddress<'a>>,
105		/// Encoding of the desired authorization-data encrypted under the sub-session key if present
106		/// in the Authenticator, or alternatively from the session key in the TGT
107		pub enc_authorization_data: Option<EncryptedData<'a>>,
108		/// Additional tickets MAY be optionally included in a request to the ticket-granting server
109		pub additional_tickets: Vec<Ticket<'a>>,
110		}
111
112		/// Kerberos HostAddress
113		#[derive(Debug, PartialEq)]
114		pub struct HostAddress<'a> {
115		pub addr_type: AddressType,
116		pub address: &'a [u8],
117		}
118
119		/// Key Distribution Center (KDC) Reply Message
120		#[derive(Debug, PartialEq)]
121		pub struct KdcRep<'a> {
122		pub pvno: u32,
123		pub msg_type: MessageType,
124		pub padata: Vec<PAData<'a>>,
125		pub crealm: Realm,
126		pub cname: PrincipalName,
127		pub ticket: Ticket<'a>,
128		pub enc_part: EncryptedData<'a>,
129		}
130
131		/// Kerberos Error message
132		#[derive(Debug, PartialEq)]
133		pub struct KrbError<'a> {
134		pub pvno: u32,
135		pub msg_type: MessageType,
136		pub ctime: Option<DerObject<'a>>,
137		pub cusec: Option<u32>,
138		pub stime: DerObject<'a>,
139		pub susec: u32,
140		pub error_code: ErrorCode,
141		pub crealm: Option<Realm>,
142		pub cname: Option<PrincipalName>,
143		pub realm: Realm,
144		pub sname: PrincipalName,
145		pub etext: Option<String>,
146		pub edata: Option<DerObject<'a>>,
147		}
148
149		/// Kerberos PA-Data
150		#[derive(Debug, PartialEq)]
151		pub struct PAData<'a> {
152		pub padata_type: PAType,
153		pub padata_value: &'a [u8],
154		}
155
156		/// Kerberos AP Request
157		#[derive(Debug, PartialEq)]
158		pub struct ApReq<'a> {
159		pub pvno: u32,
160		pub msg_type: MessageType,
161		pub ap_options: DerObject<'a>, // KerberosFlags
162		pub ticket: Ticket<'a>,
163		pub authenticator: EncryptedData<'a>,
164		}
165
166		/// Kerberos AP Reply
167		#[derive(Debug, PartialEq)]
168		pub struct ApRep<'a> {
169		pub pvno: u32,
170		pub msg_type: MessageType,
171		pub enc_part: EncryptedData<'a>,
172		}