Expand description
sspi-rs is a Rust implementation of Security Support Provider Interface (SSPI). It ships with platform-independent implementations of Security Support Providers (SSP), and is able to utilize native Microsoft libraries when ran under Windows.
The purpose of sspi-rs is to clean the original interface from cluttering and provide users with Rust-friendly SSPs for execution under Linux or any other platform that is able to compile Rust.
§Getting started
Here is a quick example how to start working with the crate. This is the first stage of the client-server authentication performed on the client side.
use sspi::Sspi;
use sspi::Username;
use sspi::Ntlm;
use sspi::builders::EmptyInitializeSecurityContext;
use sspi::SspiImpl;
let mut ntlm = Ntlm::new();
let identity = sspi::AuthIdentity {
username: Username::parse("user").unwrap(),
password: "password".to_string().into(),
};
let mut acq_creds_handle_result = ntlm
.acquire_credentials_handle()
.with_credential_use(sspi::CredentialUse::Outbound)
.with_auth_data(&identity)
.execute(&mut ntlm)
.expect("AcquireCredentialsHandle resulted in error");
let mut output = vec![sspi::OwnedSecurityBuffer::new(
Vec::new(),
sspi::SecurityBufferType::Token,
)];
let mut builder = ntlm.initialize_security_context()
.with_credentials_handle(&mut acq_creds_handle_result.credentials_handle)
.with_context_requirements(
sspi::ClientRequestFlags::CONFIDENTIALITY | sspi::ClientRequestFlags::ALLOCATE_MEMORY
)
.with_target_data_representation(sspi::DataRepresentation::Native)
.with_output(&mut output);
let result = ntlm.initialize_security_context_impl(&mut builder)
.expect("InitializeSecurityContext resulted in error")
.resolve_to_result()
.expect("InitializeSecurityContext resulted in error");
println!("Initialized security context with result status: {:?}", result.status);
Re-exports§
pub use self::builders::AcceptSecurityContextResult;
pub use self::builders::AcquireCredentialsHandleResult;
pub use self::builders::InitializeSecurityContextResult;
pub use self::kerberos::config::KerberosConfig;
pub use self::kerberos::Kerberos;
pub use self::kerberos::KerberosState;
pub use self::kerberos::KERBEROS_VERSION;
pub use self::negotiate::Negotiate;
pub use self::negotiate::NegotiateConfig;
pub use self::negotiate::NegotiatedProtocol;
pub use self::ntlm::Ntlm;
pub use self::pku2u::Pku2u;
pub use self::pku2u::Pku2uConfig;
pub use self::pku2u::Pku2uState;
Modules§
- The builders are required to compose and execute some of the
Sspi
methods.
Macros§
Structs§
- Allows you to pass a particular user name and password to the run-time library for the purpose of authentication
- The CERT_CONTEXT structure contains both the encoded and decoded representations of a certificate.
- Flags representing the error status codes used in
CertTrustStatus
. - Flags representing the info status codes used in
CertTrustStatus
. - Contains trust information about a certificate in a certificate chain, summary trust information about a simple chain of certificates, or summary information about an array of simple chains.
query_context_cert_trust_status
function returns this structure. - Indicate requests for the context. Not all packages can support all requirements. Bit flags can be combined by using bitwise-OR operations.
- Indicate the attributes of the established context.
- This structure contains protocol and cipher information.
- Indicates the name of the user associated with a security context.
query_context_names
function returns this structure. - Indicates the sizes of important structures used in the message support functions.
query_context_sizes
function returns this structure. - Indicate the quality of protection. Returned by the
decrypt_message
method. - Indicate the quality of protection. Used in the
encrypt_message
method. - Holds the
ErrorKind
and the description of the SSPI-related error. - Describes a buffer allocated by a transport application to pass to a security package.
- Set of bit flags that describes the capabilities of the security package. It is possible to combine them.
- General security principal information
- Specify the attributes required by the server to establish the context. Bit flags can be combined by using bitwise-OR operations.
- Indicate the attributes of the established context.
- Represents data needed for smart card authentication
- Represents raw data needed for smart card authentication
- Indicates the sizes of the various parts of a stream for use with the message support functions.
query_context_stream_sizes
function returns this structure. - A username formatted as either UPN or Down-Level Logon Name
Enums§
- Type of certificate encoding used.
- Algorithm identifier for the bulk encryption cipher used by the connection.
- ALG_ID indicating the hash used for generating Message Authentication Codes (MACs).
- ALG_ID indicating the key exchange algorithm used to generate the shared master secret.
- Protocol used to establish connection.
- A flag that indicates how the credentials are used.
- Generic enum that encapsulates credentials for any type of authentication
- Generic enum that encapsulates raw credentials for any type of authentication
- The data representation, such as byte ordering, on the target.
- The kind of an SSPI related error. Enables to specify an error based on its type.
- A special security buffer type is used for the data decryption. Basically, it’s almost the same as [OwnedSecurityBuffer] but for decryption.
- Bit flags that indicate the type of buffer.
- Represents the security principal in use.
- The success status of SSPI-related operation.
Traits§
- This trait provides interface for all available SSPI functions. The
acquire_credentials_handle
,initialize_security_context
, andaccept_security_context
methods return Builders that make it easier to assemble the list of arguments for the function and then execute it. - Trait for performing authentication on the client or server side
Functions§
- Returns an array of
PackageInfo
structures that provide information about the security packages available to the client. - Retrieves information about a specified security package. This information includes credentials and contexts.
Type Aliases§
- Representation of SSPI-related result operation. Makes it easier to return a
Result
with SSPI-relatedError
.