Expand description
sspi-rs is a Rust implementation of Security Support Provider Interface (SSPI). It ships with platform-independent implementations of Security Support Providers (SSP), and is able to utilize native Microsoft libraries when ran under Windows.
The purpose of sspi-rs is to clean the original interface from cluttering and provide users with Rust-friendly SSPs for execution under Linux or any other platform that is able to compile Rust.
§Getting started
Here is a quick example how to start working with the crate. This is the first stage of the client-server authentication performed on the client side.
use sspi::Sspi;
use sspi::Username;
use sspi::Ntlm;
use sspi::builders::EmptyInitializeSecurityContext;
use sspi::SspiImpl;
let mut ntlm = Ntlm::new();
let identity = sspi::AuthIdentity {
username: Username::parse("user").unwrap(),
password: "password".to_string().into(),
};
let mut acq_creds_handle_result = ntlm
.acquire_credentials_handle()
.with_credential_use(sspi::CredentialUse::Outbound)
.with_auth_data(&identity)
.execute(&mut ntlm)
.expect("AcquireCredentialsHandle resulted in error");
let mut output = vec![sspi::SecurityBuffer::new(
Vec::new(),
sspi::BufferType::Token,
)];
let mut builder = ntlm.initialize_security_context()
.with_credentials_handle(&mut acq_creds_handle_result.credentials_handle)
.with_context_requirements(
sspi::ClientRequestFlags::CONFIDENTIALITY | sspi::ClientRequestFlags::ALLOCATE_MEMORY
)
.with_target_data_representation(sspi::DataRepresentation::Native)
.with_output(&mut output);
let result = ntlm.initialize_security_context_impl(&mut builder)
.expect("InitializeSecurityContext resulted in error")
.resolve_to_result()
.expect("InitializeSecurityContext resulted in error");
println!("Initialized security context with result status: {:?}", result.status);Re-exports§
pub use self::builders::AcceptSecurityContextResult;pub use self::builders::AcquireCredentialsHandleResult;pub use self::builders::InitializeSecurityContextResult;pub use self::kerberos::config::KerberosConfig;pub use self::kerberos::Kerberos;pub use self::kerberos::KerberosState;pub use self::kerberos::KERBEROS_VERSION;pub use self::negotiate::Negotiate;pub use self::negotiate::NegotiateConfig;pub use self::negotiate::NegotiatedProtocol;pub use self::ntlm::Ntlm;pub use self::pku2u::Pku2u;pub use self::pku2u::Pku2uConfig;pub use self::pku2u::Pku2uState;
Modules§
- builders
- The builders are required to compose and execute some of the
Sspimethods. - channel_
bindings - credssp
- generator
- kerberos
- negotiate
- network_
client - ntlm
- pku2u
Macros§
Structs§
- Auth
Identity - Allows you to pass a particular user name and password to the run-time library for the purpose of authentication
- Auth
Identity Buffers - Cert
Context - The CERT_CONTEXT structure contains both the encoded and decoded representations of a certificate.
- Cert
Trust Error Status - Flags representing the error status codes used in
CertTrustStatus. - Cert
Trust Info Status - Flags representing the info status codes used in
CertTrustStatus. - Cert
Trust Status - Contains trust information about a certificate in a certificate chain,
summary trust information about a simple chain of certificates, or summary information about an array of simple chains.
query_context_cert_trust_statusfunction returns this structure. - Client
Request Flags - Indicate requests for the context. Not all packages can support all requirements. Bit flags can be combined by using bitwise-OR operations.
- Client
Response Flags - Indicate the attributes of the established context.
- Connection
Info - This structure contains protocol and cipher information.
- Context
Names - Indicates the name of the user associated with a security context.
query_context_namesfunction returns this structure. - Context
Sizes - Indicates the sizes of important structures used in the message support functions.
query_context_sizesfunction returns this structure. - Decryption
Flags - Indicate the quality of protection. Returned by the
decrypt_messagemethod. - Encryption
Flags - Indicate the quality of protection. Used in the
encrypt_messagemethod. - Error
- Holds the
ErrorKindand the description of the SSPI-related error. - Package
Capabilities - Set of bit flags that describes the capabilities of the security package. It is possible to combine them.
- Package
Info - General security principal information
- Secret
- Security
Buffer - Describes a buffer allocated by a transport application to pass to a security package.
- Security
Buffer Flags - Security buffer flags.
- Security
Buffer Ref - A special security buffer type is used for the data decryption. Basically, it’s almost the same
as
SecurityBufferbut for decryption. - Security
Buffer Type - Security buffer type.
- Server
Request Flags - Specify the attributes required by the server to establish the context. Bit flags can be combined by using bitwise-OR operations.
- Server
Response Flags - Indicate the attributes of the established context.
- Smart
Card Identity - Represents data needed for smart card authentication
- Smart
Card Identity Buffers - Represents raw data needed for smart card authentication
- Stream
Sizes - Indicates the sizes of the various parts of a stream for use with the message support functions.
query_context_stream_sizesfunction returns this structure. - Username
- A username formatted as either UPN or Down-Level Logon Name
Enums§
- Buffer
Type - Bit flags that indicate the type of buffer.
- Cert
Encoding Type - Type of certificate encoding used.
- Connection
Cipher - Algorithm identifier for the bulk encryption cipher used by the connection.
- Connection
Hash - ALG_ID indicating the hash used for generating Message Authentication Codes (MACs).
- Connection
KeyExchange - ALG_ID indicating the key exchange algorithm used to generate the shared master secret.
- Connection
Protocol - Protocol used to establish connection.
- Credential
Use - A flag that indicates how the credentials are used.
- Credentials
- Generic enum that encapsulates credentials for any type of authentication
- Credentials
Buffers - Generic enum that encapsulates raw credentials for any type of authentication
- Data
Representation - The data representation, such as byte ordering, on the target.
- Error
Kind - The kind of an SSPI related error. Enables to specify an error based on its type.
- Security
Package Type - Represents the security principal in use.
- Security
Status - The success status of SSPI-related operation.
- User
Name Format - Enumeration of the supported User Name Formats.
Traits§
- Sspi
- This trait provides interface for all available SSPI functions. The
acquire_credentials_handle,initialize_security_context, andaccept_security_contextmethods return Builders that make it easier to assemble the list of arguments for the function and then execute it. - SspiEx
- Sspi
Impl - Trait for performing authentication on the client or server side
Functions§
- detect_
kdc_ host - detect_
kdc_ url - enumerate_
security_ packages - Returns an array of
PackageInfostructures that provide information about the security packages available to the client. - query_
security_ package_ info - Retrieves information about a specified security package. This information includes credentials and contexts.
- string_
to_ utf16
Type Aliases§
- Luid
- Result
- Representation of SSPI-related result operation. Makes it easier to return a
Resultwith SSPI-relatedError. - Sspi
Package