mssql_auth/
lib.rs

1//! # mssql-auth
2//!
3//! Authentication strategies for SQL Server connections.
4//!
5//! This crate provides various authentication methods, isolated from
6//! connection logic for better modularity and testing.
7//!
8//! ## Supported Authentication Methods
9//!
10//! | Method | Feature Flag | Status | Description |
11//! |--------|--------------|--------|-------------|
12//! | SQL Authentication | default | ✅ Implemented | Username/password |
13//! | Azure AD Token | default | ✅ Implemented | Pre-obtained access token |
14//! | Azure Managed Identity | `azure-identity` | ✅ Implemented | VM/container identity |
15//! | Service Principal | `azure-identity` | ✅ Implemented | App credentials |
16//! | Integrated (Kerberos) | `integrated-auth` | ✅ Implemented | GSSAPI/Kerberos (Linux/macOS) |
17//! | Windows SSPI | `sspi-auth` | ✅ Implemented | Native Windows SSPI |
18//! | Certificate | `cert-auth` | ✅ Implemented | Client certificate (mTLS) |
19//!
20//! ## Authentication Tiers
21//!
22//! Per ARCHITECTURE.md, authentication is tiered:
23//!
24//! ### Tier 1 (Core - Pure Rust, Default) ✅ Implemented
25//!
26//! - [`SqlServerAuth`] - Username/password via Login7
27//! - [`AzureAdAuth`] - Pre-acquired access token
28//!
29//! ### Tier 2 (Azure Native - `azure-identity` feature) ✅ Implemented
30//!
31//! - `ManagedIdentityAuth` - Azure VM/Container identity
32//! - `ServicePrincipalAuth` - Client ID + Secret
33//!
34//! ### Tier 3 (Enterprise - `integrated-auth` or `sspi-auth` feature) ✅ Implemented
35//!
36//! - `IntegratedAuth` - Kerberos (Linux/macOS via GSSAPI)
37//! - `SspiAuth` - Windows SSPI (native Windows, cross-platform via sspi-rs)
38//!
39//! ### Tier 4 (Certificate - `cert-auth` feature) ✅ Implemented
40//!
41//! - `CertificateAuth` - Client certificate authentication (mTLS)
42//!
43//! ## Secure Credential Handling
44//!
45//! Enable the `zeroize` feature for secure credential handling:
46//!
47//! ```toml
48//! mssql-auth = { version = "0.1", features = ["zeroize"] }
49//! ```
50//!
51//! This enables secure credential handling that automatically zeroes
52//! sensitive data from memory when dropped.
53//!
54//! ## Example
55//!
56//! ```rust
57//! use mssql_auth::{SqlServerAuth, AzureAdAuth, AuthProvider};
58//!
59//! // SQL Server authentication
60//! let sql_auth = SqlServerAuth::new("sa", "Password123!");
61//! let auth_data = sql_auth.authenticate().unwrap();
62//!
63//! // Azure AD authentication with pre-acquired token
64//! let azure_auth = AzureAdAuth::with_token("eyJ0eXAi...");
65//! ```
66
67#![warn(missing_docs)]
68#![deny(unsafe_code)]
69
70pub mod azure_ad;
71#[cfg(feature = "azure-identity")]
72pub mod azure_identity_auth;
73#[cfg(feature = "cert-auth")]
74pub mod cert_auth;
75pub mod credentials;
76pub mod encryption;
77pub mod error;
78#[cfg(feature = "integrated-auth")]
79pub mod integrated_auth;
80pub mod provider;
81pub mod sql_auth;
82#[cfg(feature = "sspi-auth")]
83pub mod sspi_auth;
84
85// Always Encrypted cryptography
86#[cfg(feature = "always-encrypted")]
87pub mod aead;
88#[cfg(feature = "always-encrypted")]
89pub mod key_store;
90#[cfg(feature = "always-encrypted")]
91pub mod key_unwrap;
92
93// Core types
94pub use credentials::Credentials;
95pub use error::AuthError;
96pub use provider::{AsyncAuthProvider, AuthData, AuthMethod, AuthProvider};
97
98// Authentication providers
99pub use azure_ad::{AzureAdAuth, FedAuthLibrary};
100pub use sql_auth::SqlServerAuth;
101
102// Legacy API (deprecated)
103#[allow(deprecated)]
104pub use sql_auth::SqlAuthenticator;
105
106// Secure credential types (with zeroize feature)
107#[cfg(feature = "zeroize")]
108pub use credentials::{SecretString, SecureCredentials};
109
110// Azure Identity authentication (with azure-identity feature)
111#[cfg(feature = "azure-identity")]
112pub use azure_identity_auth::{ManagedIdentityAuth, ServicePrincipalAuth};
113
114// Integrated authentication (Kerberos/GSSAPI - with integrated-auth feature)
115#[cfg(feature = "integrated-auth")]
116pub use integrated_auth::IntegratedAuth;
117
118// Certificate authentication (Azure AD with X.509 certificate - with cert-auth feature)
119#[cfg(feature = "cert-auth")]
120pub use cert_auth::CertificateAuth;
121
122// Windows SSPI authentication (with sspi-auth feature)
123#[cfg(feature = "sspi-auth")]
124pub use sspi_auth::SspiAuth;
125
126// Always Encrypted infrastructure
127pub use encryption::{
128    CekMetadata, ColumnEncryptionConfig, ColumnEncryptionInfo, EncryptedValue, EncryptionError,
129    EncryptionType, KeyStoreProvider,
130};
131
132// Always Encrypted cryptography (with always-encrypted feature)
133#[cfg(feature = "always-encrypted")]
134pub use aead::AeadEncryptor;
135#[cfg(feature = "always-encrypted")]
136pub use key_store::{CekCache, CekCacheKey, InMemoryKeyStore};
137#[cfg(feature = "always-encrypted")]
138pub use key_unwrap::RsaKeyUnwrapper;
mssql_auth/lib.rs

mssql_auth/
lib.rs
