Expand description
sspi-rs is a Rust implementation of Security Support Provider Interface (SSPI). It ships with platform-independent implementations of Security Support Providers (SSP), and is able to utilize native Microsoft libraries when ran under Windows.
The purpose of sspi-rs is to clean the original interface from cluttering and provide users with Rust-friendly SSPs for execution under Linux or any other platform that is able to compile Rust.
Getting started
Here is a quick example how to start working with the crate. This is the first stage of the client-server authentication performed on the client side. It includes calling several SSPI functions and choosing between our own and WinAPI implementations of NTLM SSP depending on the system:
use sspi::Sspi;
#[cfg(windows)]
use sspi::winapi::Ntlm;
#[cfg(not(windows))]
use sspi::Ntlm;
use sspi::builders::EmptyInitializeSecurityContext;
use sspi::SspiImpl;
let mut ntlm = Ntlm::new();
let identity = sspi::AuthIdentity {
username: "user".to_string(),
password: "password".to_string(),
domain: None,
};
let mut acq_creds_handle_result = ntlm
.acquire_credentials_handle()
.with_credential_use(sspi::CredentialUse::Outbound)
.with_auth_data(&identity)
.execute()
.expect("AcquireCredentialsHandle resulted in error");
let mut output = vec![sspi::SecurityBuffer::new(
Vec::new(),
sspi::SecurityBufferType::Token,
)];
let mut builder = EmptyInitializeSecurityContext::<<Ntlm as SspiImpl>::CredentialsHandle>::new()
.with_credentials_handle(&mut acq_creds_handle_result.credentials_handle)
.with_context_requirements(
sspi::ClientRequestFlags::CONFIDENTIALITY | sspi::ClientRequestFlags::ALLOCATE_MEMORY
)
.with_target_data_representation(sspi::DataRepresentation::Native)
.with_output(&mut output);
let result = ntlm.initialize_security_context_impl(&mut builder)
.expect("InitializeSecurityContext resulted in error");
println!("Initialized security context with result status: {:?}", result.status);
It is also possible to use any of the Windows SSPs that we do not implement. Here is an example of querying all available SSPs and acquiring Negotiate SSP on Windows:
let package_name = "Negotiate";
// Get information about the specified security package
let package = sspi::winapi::query_security_package_info(sspi::SecurityPackageType::Other(package_name.to_string()))
.expect("query_security_package_info resulted in error");
// Acquire the SSP using its name
let pack = sspi::winapi::SecurityPackage::from_package_type(package.name);
Re-exports
pub use self::kerberos::config::KerberosConfig;
pub use self::kerberos::Kerberos;
pub use self::kerberos::KerberosState;
pub use self::kerberos::KERBEROS_VERSION;
pub use self::negotiate::Negotiate;
pub use self::negotiate::NegotiateConfig;
pub use self::negotiate::NegotiatedProtocol;
pub use self::ntlm::AuthIdentity;
pub use self::ntlm::AuthIdentityBuffers;
pub use self::ntlm::Ntlm;
pub use self::pku2u::Pku2u;
pub use self::pku2u::Pku2uState;
Modules
Sspi
methods.Structs
execute
method of
the AcceptSecurityContextBuilder
structure. The builder is returned by calling
the accept_security_context
method.execute
method of
the AcquireCredentialsHandleBuilder
structure. The builder is returned by calling
the acquire_credentials_handle
method.CertTrustStatus
.CertTrustStatus
.query_context_cert_trust_status
function returns this structure.query_context_names
function returns this structure.query_context_sizes
function returns this structure.decrypt_message
method.encrypt_message
method.ErrorKind
and the description of the SSPI-related error.execute
method of
the InitializeSecurityContextBuilder
structure. The builder is returned by calling
the initialize_security_context
method.Enums
Traits
acquire_credentials_handle
,
initialize_security_context
, and accept_security_context
methods return Builders that make it
easier to assemble the list of arguments for the function and then execute it.Functions
PackageInfo
structures that provide information about the security packages available to the client.Type Definitions
Result
with SSPI-related Error
.