Expand description
sspi-rs is a Rust implementation of Security Support Provider Interface (SSPI). It ships with platform-independent implementations of Security Support Providers (SSP), and is able to utilize native Microsoft libraries when ran under Windows.
The purpose of sspi-rs is to clean the original interface from cluttering and provide users with Rust-friendly SSPs for execution under Linux or any other platform that is able to compile Rust.
§Getting started
Here is a quick example how to start working with the crate. This is the first stage of the client-server authentication performed on the client side.
use sspi::Sspi;
use sspi::Username;
use sspi::Ntlm;
use sspi::builders::EmptyInitializeSecurityContext;
use sspi::SspiImpl;
let mut ntlm = Ntlm::new();
let identity = sspi::AuthIdentity {
    username: Username::parse("user").unwrap(),
    password: "password".to_string().into(),
};
let mut acq_creds_handle_result = ntlm
    .acquire_credentials_handle()
    .with_credential_use(sspi::CredentialUse::Outbound)
    .with_auth_data(&identity)
    .execute(&mut ntlm)
    .expect("AcquireCredentialsHandle resulted in error");
let mut output = vec![sspi::SecurityBuffer::new(
    Vec::new(),
    sspi::BufferType::Token,
)];
let mut builder = ntlm.initialize_security_context()
    .with_credentials_handle(&mut acq_creds_handle_result.credentials_handle)
    .with_context_requirements(
        sspi::ClientRequestFlags::CONFIDENTIALITY | sspi::ClientRequestFlags::ALLOCATE_MEMORY
    )
    .with_target_data_representation(sspi::DataRepresentation::Native)
    .with_output(&mut output);
let result = ntlm.initialize_security_context_impl(&mut builder)
    .expect("InitializeSecurityContext resulted in error")
    .resolve_to_result()
    .expect("InitializeSecurityContext resulted in error");
println!("Initialized security context with result status: {:?}", result.status);Re-exports§
- pub use generator::NetworkRequest;
- pub use network_client::NetworkProtocol;
- pub use self::builders::AcceptSecurityContextResult;
- pub use self::builders::AcquireCredentialsHandleResult;
- pub use self::builders::InitializeSecurityContextResult;
- pub use self::kerberos::config::KerberosConfig;
- pub use self::kerberos::config::KerberosServerConfig;
- pub use self::kerberos::Kerberos;
- pub use self::kerberos::KerberosState;
- pub use self::kerberos::KERBEROS_VERSION;
- pub use self::negotiate::Negotiate;
- pub use self::negotiate::NegotiateConfig;
- pub use self::negotiate::NegotiatedProtocol;
- pub use self::ntlm::Ntlm;
- pub use self::pku2u::Pku2u;
- pub use self::pku2u::Pku2uConfig;
- pub use self::pku2u::Pku2uState;
Modules§
- builders
- The builders are required to compose and execute some of the Sspimethods.
- channel_bindings 
- credssp
- generator
- kerberos
- negotiate
- network_client 
- ntlm
- pku2u
Macros§
Structs§
- AuthIdentity 
- Allows you to pass a particular user name and password to the run-time library for the purpose of authentication
- AuthIdentity Buffers 
- Auth identity buffers for password-based logon.
- CertContext 
- The CERT_CONTEXT structure contains both the encoded and decoded representations of a certificate.
- CertTrust Error Status 
- Flags representing the error status codes used in CertTrustStatus.
- CertTrust Info Status 
- Flags representing the info status codes used in CertTrustStatus.
- CertTrust Status 
- Contains trust information about a certificate in a certificate chain,
summary trust information about a simple chain of certificates, or summary information about an array of simple chains.
query_context_cert_trust_statusfunction returns this structure.
- ClientRequest Flags 
- Indicate requests for the context. Not all packages can support all requirements. Bit flags can be combined by using bitwise-OR operations.
- ClientResponse Flags 
- Indicate the attributes of the established context.
- ConnectionInfo 
- This structure contains protocol and cipher information.
- ContextNames 
- Indicates the name of the user associated with a security context.
query_context_namesfunction returns this structure.
- ContextSizes 
- Indicates the sizes of important structures used in the message support functions.
query_context_sizesfunction returns this structure.
- DecryptionFlags 
- Indicate the quality of protection. Returned by the decrypt_messagemethod.
- EncryptionFlags 
- Indicate the quality of protection. Used in the encrypt_messagemethod.
- Error
- Holds the ErrorKindand the description of the SSPI-related error.
- PackageCapabilities 
- Set of bit flags that describes the capabilities of the security package. It is possible to combine them.
- PackageInfo 
- General security principal information
- Secret
- SecurityBuffer 
- Describes a buffer allocated by a transport application to pass to a security package.
- SecurityBuffer Flags 
- Security buffer flags.
- SecurityBuffer Ref 
- A special security buffer type is used for the data decryption. Basically, it’s almost the same
as SecurityBufferbut for decryption.
- SecurityBuffer Type 
- Security buffer type.
- ServerRequest Flags 
- Specify the attributes required by the server to establish the context. Bit flags can be combined by using bitwise-OR operations.
- ServerResponse Flags 
- Indicate the attributes of the established context.
- SessionKeys 
- Contains information about the session key used for the security context.
query_context_session_keyfunction returns this structure.
- StreamSizes 
- Indicates the sizes of the various parts of a stream for use with the message support functions.
query_context_stream_sizesfunction returns this structure.
- Username
- A username formatted as either UPN or Down-Level Logon Name
Enums§
- BufferType 
- Bit flags that indicate the type of buffer.
- CertEncoding Type 
- Type of certificate encoding used.
- ConnectionCipher 
- Algorithm identifier for the bulk encryption cipher used by the connection.
- ConnectionHash 
- ALG_ID indicating the hash used for generating Message Authentication Codes (MACs).
- ConnectionKeyExchange 
- ALG_ID indicating the key exchange algorithm used to generate the shared master secret.
- ConnectionProtocol 
- Protocol used to establish connection.
- CredentialUse 
- A flag that indicates how the credentials are used.
- Credentials
- Generic enum that encapsulates credentials for any type of authentication
- CredentialsBuffers 
- Generic enum that encapsulates raw credentials for any type of authentication
- DataRepresentation 
- The data representation, such as byte ordering, on the target.
- ErrorKind 
- The kind of an SSPI related error. Enables to specify an error based on its type.
- SecurityPackage Type 
- Represents the security principal in use.
- SecurityStatus 
- The success status of SSPI-related operation.
- UserName Format 
- Enumeration of the supported User Name Formats.
Traits§
- Sspi
- This trait provides interface for all available SSPI functions. The acquire_credentials_handle,initialize_security_context, andaccept_security_contextmethods return Builders that make it easier to assemble the list of arguments for the function and then execute it.
- SspiEx
- SspiImpl 
- Trait for performing authentication on the client or server side
Functions§
- detect_kdc_ host 
- detect_kdc_ url 
- enumerate_security_ packages 
- Returns an array of PackageInfostructures that provide information about the security packages available to the client.
- modpow
- query_security_ package_ info 
- Retrieves information about a specified security package. This information includes credentials and contexts.
- str_to_ w_ buff 
- string_to_ utf16 
- utf16_bytes_ to_ utf8_ string 
Type Aliases§
- Luid
- Result
- Representation of SSPI-related result operation. Makes it easier to return a Resultwith SSPI-relatedError.
- SspiPackage