Add: static krb5 lib and openvas implementation

This will now automatically:
- download krb5 source
- build static krb5 libs from source
- compile openvas-krb5 implementation
- generate bindings to use openvas-krb5 implementation

Author: Kraemii

rust/Cargo.lock

@@ -6,6 +6,7 @@ edition = "2024"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [dependencies]
 libgcrypt-sys = { path = "libgcrypt-sys" }
+libopenvas-krb5-sys = { path = "libopenvas-krb5-sys" }
 
 [build-dependencies]
 cc = { workspace = true }

rust/crates/nasl-c-lib/Cargo.toml

@@ -5,10 +5,7 @@
 use std::env;
 use std::fs::canonicalize;
 
-fn main() {
-    println!("cargo:rerun-if-changed=c/cryptographic/gcrypt_mac.c");
-    println!("cargo:rerun-if-changed=c/cryptographic/gcrypt_error.c");
-
+fn build_crypt() {
     let include_dir = env::var("DEP_GCRYPT_INCLUDE").unwrap();
     let lib_dir = env::var("DEP_GCRYPT_LIB").unwrap();
 
@@ -22,4 +19,14 @@ fn main() {
         .include(canonicalize(include_dir).unwrap())
         .opt_level(2)
         .compile("crypt");
+
+    println!("cargo:rerun-if-changed=c/cryptographic/gcrypt_mac.c");
+    println!("cargo:rerun-if-changed=c/cryptographic/gcrypt_error.c");
+}
+
+fn build_openvas_krb5() {}
+
+fn main() {
+    build_crypt();
+    build_openvas_krb5();
 }

rust/crates/nasl-c-lib/build.rs

@@ -0,0 +1,10 @@
+[package]
+name = "libopenvas-krb5-sys"
+version = "0.1.0"
+edition = "2024"
+links = "openvas-krb5"
+
+[build-dependencies]
+cc = "1.0"
+autotools = "0.2"
+bindgen = "0.72"

rust/crates/nasl-c-lib/libopenvas-krb5-sys/Cargo.toml

@@ -0,0 +1,127 @@
+// SPDX-FileCopyrightText: 2026 Greenbone AG
+//
+// SPDX-License-Identifier: GPL-2.0-or-later WITH x11vnc-openssl-exception
+
+use std::env;
+use std::path::{Path, PathBuf};
+use std::process::Command;
+
+const KRB5_VERSION: &str = "1.20";
+const KRB5_PATCH: &str = "1";
+
+fn main() {
+    println!("cargo:rerun-if-changed=build.rs");
+    println!("cargo:rerun-if-changed=../../../../misc/openvas-krb5.c");
+    println!("cargo:rerun-if-changed=../../../../misc/openvas-krb5.h");
+    println!("cargo::rerun-if-env-changed=TARGET");
+
+    let target = env::var("TARGET").unwrap();
+
+    // Try to find static Kerberos libraries via pkg-config
+    let build_path = build_krb5_from_source(&target);
+
+    // Link against the built static libraries
+    println!(
+        "cargo:rustc-link-search=native={}",
+        build_path.join("lib").display()
+    );
+    println!("cargo:rustc-link-lib=static=krb5");
+    println!("cargo:rustc-link-lib=static=k5crypto");
+    println!("cargo:rustc-link-lib=static=com_err");
+    println!("cargo:rustc-link-lib=static=gssapi_krb5");
+    println!("cargo:rustc-link-lib=static=krb5support");
+
+    // Link system dependencies
+    println!("cargo:rustc-link-lib=keyutils");
+    println!("cargo:rustc-link-lib=resolv");
+
+    let mut build = cc::Build::new();
+    build
+        .file("../../../../misc/openvas-krb5.c")
+        .include("../../../../misc")
+        .include(build_path.join("include"))
+        .opt_level(2);
+
+    build.compile("openvas-krb5");
+
+    let bindings = bindgen::Builder::default()
+        .header("../../../../misc/openvas-krb5.h")
+        .parse_callbacks(Box::new(bindgen::CargoCallbacks::new()))
+        .generate()
+        .expect("Unable to generate bindings");
+
+    let out_path = PathBuf::from(env::var("OUT_DIR").unwrap());
+    bindings
+        .write_to_file(out_path.join("bindings.rs"))
+        .expect("Unable to write bindings")
+}
+
+fn build_krb5_from_source(target: &str) -> PathBuf {
+    let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap());
+    let install_dir = out_dir.join("krb5-build");
+
+    let extract_dir = fetch_krb5(&out_dir);
+
+    build_krb5(&extract_dir.join("src"), &install_dir, target);
+
+    install_dir
+}
+
+fn fetch_krb5(destination: &Path) -> PathBuf {
+    let folder_name = format!("krb5-{}.{}", KRB5_VERSION, KRB5_PATCH);
+    let extract_path = destination.join(&folder_name);
+
+    // Check if already downloaded and extracted
+    if extract_path.join("src/configure").exists() {
+        println!("cargo:warning=Kerberos source already downloaded, skipping");
+        return extract_path;
+    }
+
+    let tar_path = extract_path.with_added_extension("tar.gz");
+
+    let url = format!(
+        "https://kerberos.org/dist/krb5/{}/{}.tar.gz",
+        KRB5_VERSION, folder_name
+    );
+
+    Command::new("curl")
+        .args(["--fail", "-L", "-O", &url])
+        .current_dir(destination)
+        .status()
+        .unwrap();
+
+    Command::new("tar")
+        .args(["-xzf", &tar_path.to_string_lossy()])
+        .current_dir(destination)
+        .status()
+        .unwrap();
+
+    extract_path
+}
+
+fn build_krb5(src: &Path, install_prefix: &Path, target: &str) {
+    // Configure with prefix pointing to install location
+    let status = Command::new("sh")
+        .arg("-c")
+        .arg(format!(
+            "./configure --prefix={} --enable-static --disable-shared --without-system-verto --without-libedit --disable-rpath --host={}",
+            install_prefix.display(),
+            target
+        ))
+        .current_dir(src)
+        .status()
+        .expect("Failed to run configure");
+
+    if !status.success() {
+        panic!("Configure failed");
+    }
+
+    // Build everything (this may fail on utilities but libraries will build)
+    let _ = Command::new("make").arg("-j").current_dir(src).status();
+
+    // Install what was built successfully
+    let _ = Command::new("make")
+        .arg("install")
+        .current_dir(src)
+        .status();
+}

rust/crates/nasl-c-lib/libopenvas-krb5-sys/build.rs

@@ -0,0 +1,9 @@
+// SPDX-FileCopyrightText: 2026 Greenbone AG
+//
+// SPDX-License-Identifier: GPL-2.0-or-later WITH x11vnc-openssl-exception
+
+#![allow(non_upper_case_globals)]
+#![allow(non_camel_case_types)]
+#![allow(non_snake_case)]
+
+include!(concat!(env!("OUT_DIR"), "/bindings.rs"));