Crate sspi

sspi-rs is a Rust implementation of Security Support Provider Interface (SSPI). It ships with platform-independent implementations of Security Support Providers (SSP), and is able to utilize native Microsoft libraries when ran under Windows.

The purpose of sspi-rs is to clean the original interface from cluttering and provide users with Rust-friendly SSPs for execution under Linux or any other platform that is able to compile Rust.

Getting started

Here is a quick example how to start working with the crate. This is the first stage of the client-server authentication performed on the client side.

use sspi::Sspi;
use sspi::Username;
use sspi::Ntlm;
use sspi::builders::EmptyInitializeSecurityContext;
use sspi::SspiImpl;

let mut ntlm = Ntlm::new();

let identity = sspi::AuthIdentity {
    username: Username::parse("user").unwrap(),
    password: "password".to_string().into(),
};

let mut acq_creds_handle_result = ntlm
    .acquire_credentials_handle()
    .with_credential_use(sspi::CredentialUse::Outbound)
    .with_auth_data(&identity)
    .execute(&mut ntlm)
    .expect("AcquireCredentialsHandle resulted in error");

let mut output = vec![sspi::SecurityBuffer::new(
    Vec::new(),
    sspi::SecurityBufferType::Token,
)];

let mut builder = ntlm.initialize_security_context()
    .with_credentials_handle(&mut acq_creds_handle_result.credentials_handle)
    .with_context_requirements(
        sspi::ClientRequestFlags::CONFIDENTIALITY | sspi::ClientRequestFlags::ALLOCATE_MEMORY
    )
    .with_target_data_representation(sspi::DataRepresentation::Native)
    .with_output(&mut output);

let result = ntlm.initialize_security_context_impl(&mut builder)
    .expect("InitializeSecurityContext resulted in error")
    .resolve_to_result()
    .expect("InitializeSecurityContext resulted in error");

println!("Initialized security context with result status: {:?}", result.status);

Re-exports

• pub use self::builders::AcceptSecurityContextResult;
• pub use self::builders::AcquireCredentialsHandleResult;
• pub use self::builders::InitializeSecurityContextResult;
• pub use self::kerberos::config::KerberosConfig;
• pub use self::kerberos::Kerberos;
• pub use self::kerberos::KerberosState;
• pub use self::kerberos::KERBEROS_VERSION;
• pub use self::negotiate::Negotiate;
• pub use self::negotiate::NegotiateConfig;
• pub use self::negotiate::NegotiatedProtocol;
• pub use self::ntlm::Ntlm;
• pub use self::pku2u::Pku2u;
• pub use self::pku2u::Pku2uConfig;
• pub use self::pku2u::Pku2uState;

Modules

• builders
  The builders are required to compose and execute some of the Sspi methods.
• channel_bindings
• credssp
• generator
• kerberos
• negotiate
• network_client
• ntlm
• pku2u

Macros

• check_if_empty

Structs

• AuthIdentity
  Allows you to pass a particular user name and password to the run-time library for the purpose of authentication
• AuthIdentityBuffers
• CertContext
  The CERT_CONTEXT structure contains both the encoded and decoded representations of a certificate.
• CertTrustErrorStatus
  Flags representing the error status codes used in CertTrustStatus.
• CertTrustInfoStatus
  Flags representing the info status codes used in CertTrustStatus.
• CertTrustStatus
  Contains trust information about a certificate in a certificate chain, summary trust information about a simple chain of certificates, or summary information about an array of simple chains. query_context_cert_trust_status function returns this structure.
• ClientRequestFlags
  Indicate requests for the context. Not all packages can support all requirements. Bit flags can be combined by using bitwise-OR operations.
• ClientResponseFlags
  Indicate the attributes of the established context.
• ConnectionInfo
  This structure contains protocol and cipher information.
• ContextNames
  Indicates the name of the user associated with a security context. query_context_names function returns this structure.
• ContextSizes
  Indicates the sizes of important structures used in the message support functions. query_context_sizes function returns this structure.
• DecryptionFlags
  Indicate the quality of protection. Returned by the decrypt_message method.
• EncryptionFlags
  Indicate the quality of protection. Used in the encrypt_message method.
• Error
  Holds the ErrorKind and the description of the SSPI-related error.
• PackageCapabilities
  Set of bit flags that describes the capabilities of the security package. It is possible to combine them.
• PackageInfo
  General security principal information
• Secret
• SecurityBuffer
  Describes a buffer allocated by a transport application to pass to a security package.
• ServerRequestFlags
  Specify the attributes required by the server to establish the context. Bit flags can be combined by using bitwise-OR operations.
• ServerResponseFlags
  Indicate the attributes of the established context.
• StreamSizes
  Indicates the sizes of the various parts of a stream for use with the message support functions. query_context_stream_sizes function returns this structure.
• Username
  A username formatted as either UPN or Down-Level Logon Name

Enums

• CertEncodingType
  Type of certificate encoding used.
• ConnectionCipher
  Algorithm identifier for the bulk encryption cipher used by the connection.
• ConnectionHash
  ALG_ID indicating the hash used for generating Message Authentication Codes (MACs).
• ConnectionKeyExchange
  ALG_ID indicating the key exchange algorithm used to generate the shared master secret.
• ConnectionProtocol
  Protocol used to establish connection.
• CredentialUse
  A flag that indicates how the credentials are used.
• Credentials
  Generic enum that encapsulates credentials for any type of authentication
• CredentialsBuffers
  Generic enum that encapsulates raw credentials for any type of authentication
• DataRepresentation
  The data representation, such as byte ordering, on the target.
• DecryptBuffer
  A special security buffer type is used for the data decryption. Basically, it’s almost the same as [SecurityBuffer] but for decryption.
• ErrorKind
  The kind of an SSPI related error. Enables to specify an error based on its type.
• SecurityBufferType
  Bit flags that indicate the type of buffer.
• SecurityPackageType
  Represents the security principal in use.
• SecurityStatus
  The success status of SSPI-related operation.

Traits

• Sspi
  This trait provides interface for all available SSPI functions. The acquire_credentials_handle, initialize_security_context, and accept_security_context methods return Builders that make it easier to assemble the list of arguments for the function and then execute it.
• SspiEx
• SspiImpl
  Trait for performing authentication on the client or server side

Functions

• detect_kdc_host
• detect_kdc_url
• enumerate_security_packages
  Returns an array of PackageInfo structures that provide information about the security packages available to the client.
• query_security_package_info
  Retrieves information about a specified security package. This information includes credentials and contexts.
• string_to_utf16

Type Aliases

• Luid
• Result
  Representation of SSPI-related result operation. Makes it easier to return a Result with SSPI-related Error.
• SspiPackage