sspi 0.20.0

A Rust implementation of the Security Support Provider Interface (SSPI) API
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182

use std::fmt::Debug;
use std::marker::PhantomData;

use time::OffsetDateTime;

use super::{Assigned, NotAssigned, ToAssign};
use crate::{CredentialUse, Luid, SspiPackage};

pub type EmptyAcquireCredentialsHandle<'a, C, A> = AcquireCredentialsHandle<'a, C, A, WithoutCredentialUse>;
pub type FilledAcquireCredentialsHandle<'a, C, A> = AcquireCredentialsHandle<'a, C, A, WithCredentialUse>;

/// Contains data returned by calling the `execute` method of
/// the `AcquireCredentialsHandleBuilder` structure. The builder is returned by calling
/// the `acquire_credentials_handle` method.
#[derive(Debug, Clone)]
pub struct AcquireCredentialsHandleResult<C> {
    pub credentials_handle: C,
    pub expiry: Option<OffsetDateTime>,
}

// we cannot replace it with the `From` trait implementation due to conflict with blanked impl in the std
impl<T> AcquireCredentialsHandleResult<T> {
    pub fn transform_credentials_handle<T2>(self, transformer: &dyn Fn(T) -> T2) -> AcquireCredentialsHandleResult<T2> {
        let Self {
            credentials_handle,
            expiry,
        } = self;
        AcquireCredentialsHandleResult {
            credentials_handle: transformer(credentials_handle),
            expiry,
        }
    }
}

/// A builder to execute one of the SSPI functions. Returned by the `acquire_credentials_handle` method.
///
/// # Requirements for execution
///
/// These methods are required to be called before calling the `execute` method
/// * [`with_credential_use`](struct.AcquireCredentialsHandle.html#method.with_credential_use)
pub struct AcquireCredentialsHandle<'a, CredsHandle, AuthData, CredentialUseSet>
where
    CredentialUseSet: ToAssign,
{
    pub(crate) phantom_cred_handle: PhantomData<CredsHandle>,
    pub(crate) phantom_cred_use_set: PhantomData<CredentialUseSet>,

    pub credential_use: CredentialUse,

    pub principal_name: Option<&'a str>,
    pub logon_id: Option<Luid>,
    pub auth_data: Option<&'a AuthData>,
}

impl<CredsHandle, AuthData, CredentialUseSet> Debug
    for AcquireCredentialsHandle<'_, CredsHandle, AuthData, CredentialUseSet>
where
    CredentialUseSet: ToAssign,
    AuthData: Debug,
{
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("AcquireCredentialsHandle")
            .field("phantom_cred_handle", &self.phantom_cred_handle)
            .field("phantom_cred_use_set", &self.phantom_cred_use_set)
            .field("credential_use", &self.credential_use)
            .field("principal_name", &self.principal_name)
            .field("logon_id", &self.logon_id)
            .field("auth_data", &self.auth_data)
            .finish()
    }
}

impl<'a, CredsHandle, AuthData, CredentialUseSet> AcquireCredentialsHandle<'a, CredsHandle, AuthData, CredentialUseSet>
where
    CredentialUseSet: ToAssign,
{
    pub fn new() -> Self {
        Self {
            phantom_cred_handle: PhantomData,
            phantom_cred_use_set: PhantomData,

            principal_name: None,
            credential_use: CredentialUse::Inbound,
            logon_id: None,
            auth_data: None,
        }
    }

    /// Specifies a flag that indicates how these credentials will be used.
    pub fn with_credential_use(
        self,
        credential_use: CredentialUse,
    ) -> AcquireCredentialsHandle<'a, CredsHandle, AuthData, WithCredentialUse> {
        AcquireCredentialsHandle {
            phantom_cred_handle: PhantomData,
            phantom_cred_use_set: PhantomData,

            principal_name: self.principal_name,
            credential_use,
            logon_id: self.logon_id,
            auth_data: self.auth_data,
        }
    }

    /// Specifies a string that specifies the name of the principal whose credentials the handle will reference.
    pub fn with_principal_name(self, principal_name: &'a str) -> Self {
        Self {
            principal_name: Some(principal_name),
            ..self
        }
    }

    /// Specifies a LUID that identifies the user. This parameter is provided for file-system processes such as network
    /// redirectors.
    pub fn with_logon_id(self, logon_id: Luid) -> Self {
        Self {
            logon_id: Some(logon_id),
            ..self
        }
    }

    /// Specifies a reference to the structure that specifies authentication data for both Schannel and Negotiate packages.
    pub fn with_auth_data(self, auth_data: &'a AuthData) -> Self {
        Self {
            auth_data: Some(auth_data),
            ..self
        }
    }
}

impl<CredsHandle, AuthData, CredentialUseSet> Default
    for AcquireCredentialsHandle<'_, CredsHandle, AuthData, CredentialUseSet>
where
    CredentialUseSet: ToAssign,
{
    fn default() -> Self {
        Self::new()
    }
}

impl<'b, CredsHandle, AuthData> FilledAcquireCredentialsHandle<'b, CredsHandle, AuthData> {
    /// Transforms the builder into new one with the other `AuthData` and `CredsHandle` types.
    /// Useful when we need to pass the builder into the security package with other `AuthData` and `CredsHandle` types.
    pub(crate) fn full_transform<NewCredsHandle, NewAuthData>(
        self,
        auth_data: Option<&'b NewAuthData>,
    ) -> FilledAcquireCredentialsHandle<'b, NewCredsHandle, NewAuthData> {
        AcquireCredentialsHandle {
            phantom_cred_handle: PhantomData,
            phantom_cred_use_set: PhantomData,

            principal_name: self.principal_name,
            credential_use: self.credential_use,
            logon_id: self.logon_id,
            auth_data,
        }
    }
}

impl<CredsHandle, AuthData> FilledAcquireCredentialsHandle<'_, CredsHandle, AuthData> {
    /// Executes the SSPI function that the builder represents.
    pub fn execute(
        self,
        inner: SspiPackage<'_, CredsHandle, AuthData>,
    ) -> crate::Result<AcquireCredentialsHandleResult<CredsHandle>> {
        inner.acquire_credentials_handle_impl(self)
    }
}

/// Simulates the presence of the `credential_use` value of the
/// `AcquireCredentialsHandle` builder.
#[derive(Debug)]
pub struct WithCredentialUse;
impl ToAssign for WithCredentialUse {}
impl Assigned for WithCredentialUse {}

/// Simulates the absence of the `credential_use` value of the
/// `AcquireCredentialsHandle` builder.
#[derive(Debug)]
pub struct WithoutCredentialUse;
impl ToAssign for WithoutCredentialUse {}
impl NotAssigned for WithoutCredentialUse {}