{"id":23009550,"url":"https://github.com/devolutions/sspi-rs","last_synced_at":"2025-05-16T14:04:30.107Z","repository":{"id":34917086,"uuid":"189276743","full_name":"Devolutions/sspi-rs","owner":"Devolutions","description":"A Rust implementation of the Security Support Provider Interface (SSPI) API","archived":false,"fork":false,"pushed_at":"2025-05-15T12:15:59.000Z","size":1842,"stargazers_count":59,"open_issues_count":28,"forks_count":22,"subscribers_count":15,"default_branch":"master","last_synced_at":"2025-05-16T14:02:23.888Z","etag":null,"topics":["authentication","cross-platform","kerberos","ntlm","rust","sspi"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Devolutions.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-05-29T18:17:56.000Z","updated_at":"2025-05-12T10:17:02.000Z","dependencies_parsed_at":"2023-02-12T22:00:35.806Z","dependency_job_id":"776f88d6-c947-40f5-ae95-1edeb6ead6c9","html_url":"https://github.com/Devolutions/sspi-rs","commit_stats":{"total_commits":154,"total_committers":19,"mean_commits":8.105263157894736,"dds":0.7922077922077921,"last_synced_commit":"e301fc2254a329aa349e9207f0bc17332b46bf46"},"previous_names":[],"tags_count":26,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Devolutions%2Fsspi-rs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Devolutions%2Fsspi-rs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Devolutions%2Fsspi-rs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Devolutions%2Fsspi-rs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Devolutions","download_url":"https://codeload.github.com/Devolutions/sspi-rs/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254544146,"owners_count":22088807,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","cross-platform","kerberos","ntlm","rust","sspi"],"created_at":"2024-12-15T09:14:55.030Z","updated_at":"2025-05-16T14:04:30.088Z","avatar_url":"https://github.com/Devolutions.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# sspi-rs\n\n**sspi-rs** is a Rust implementation of [Security Support Provider Interface (SSPI)](https://docs.microsoft.com/en-us/windows/win32/rpc/security-support-provider-interface-sspi-). It ships with platform-independent implementations of [Security Support Providers (SSP)](https://docs.microsoft.com/en-us/windows/win32/rpc/security-support-providers-ssps-), and is able to utilize native Microsoft libraries when ran under Windows.\n\nThe purpose of sspi-rs is to clean the original interface from cluttering and provide users with Rust-friendly SSPs for execution under *nix or any other platform that is able to compile Rust.\n\n## Overview\n\nThe sspi-rs works in accordance with the MSDN documentation. At the moment, [NT LAN Manager (NTLM)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/b38c36ed-2804-4868-a9ff-8dd3182128e4) is implemented and available for platform independent execution. It is also possible to create your own SSPs by implementing the [`SspiImpl`]() trait. More on that in the [Documentation](target/doc/sspi/index.html).\n\n###### Ease of use\n\nSome SSPI functions tend to be cumbersome, that's why sspi-rs allows to use SSPI in a convenient way by utilizing builders. Examples are available in the [examples](examples), [example section](#example), and [Documentation](target/doc/sspi/index.html).\n\n## Documentation\n\nDocumentation will give you a comprehensive overlook of the crate. For the example of a simple use case, visit the [examples](examples) folder.\n\n## Example\n\nThe usage of the SSPs is as simple as creating an instance of the security provider and calling its functions.\n\nHere is an example of acquiring a credentials handle and a timestamp of their validity:\n```rust\nuse sspi::{CredentialUse, Ntlm, Sspi, Username, builders::EmptyInitializeSecurityContext, SecurityBuffer, ClientRequestFlags, DataRepresentation, BufferType, SspiImpl};\n\nfn main() {\n    let account_name = \"example_user\";\n    let computer_name = \"example_computer\";\n    let mut ntlm = Ntlm::new();\n    let username = Username::new(\u0026account_name, Some(\u0026computer_name)).unwrap();\n    let identity = sspi::AuthIdentity {\n        username,\n        password: String::from(\"example_password\").into(),\n    };\n\n    let mut acq_cred_result = ntlm\n        .acquire_credentials_handle()\n        .with_credential_use(CredentialUse::Outbound)\n        .with_auth_data(\u0026identity)\n        .execute()\n        .unwrap();\n\n    let mut output_buffer = vec![SecurityBuffer::new(Vec::new(), BufferType::Token)];\n    // first time calling initialize_security_context, the input buffer should be empty\n    let mut input_buffer = vec![SecurityBuffer::new(Vec::new(), BufferType::Token)];\n\n    // create a builder for the first call to initialize_security_context\n    // the target should start with the protocol name, e.g. \"HTTP/example.com\" or \"LDAP/example.com\"\n    let mut builder = EmptyInitializeSecurityContext::\u003c\u003cNtlm as SspiImpl\u003e::CredentialsHandle\u003e::new()\n        .with_credentials_handle(\u0026mut acq_cred_result.credentials_handle)\n        .with_context_requirements(ClientRequestFlags::CONFIDENTIALITY | ClientRequestFlags::ALLOCATE_MEMORY)\n        .with_target_data_representation(DataRepresentation::Native)\n        .with_target_name(\"LDAP/example.com\")\n        .with_input(\u0026mut input_buffer)\n        .with_output(\u0026mut output_buffer);\n\n    // call initialize_security_context\n    // Note: the initialize_security_context_impl returns a generator, for NTLM, \n    // this generator will never yield as NTLM requires no network communication to a third party\n    // but negotiate and kerberos do require network communication, so the generator is used to\n    // allow the caller to provide the network information through the generator.resume() method\n    // take a look at the examples/kerberos.rs for more information\n    let _result = ntlm\n        .initialize_security_context_impl(\u0026mut builder)\n        .resolve_to_result()\n        .unwrap();\n    // ... exchange your token in output buffer with the server and repeat the process until either server is satisfied or an error is thrown\n}\n\n```\n\nExample of acquiring an SSP provided by Windows:\n```Rust\nlet mut negotiate = SecurityPackage::from_package_type(\n    SecurityPackageType::Other(String::from(\"Negotiate\"))\n);\n```\n\n## Projects using sspi-rs\n\n* [Devolutions Gateway](https://github.com/Devolutions/devolutions-gateway)\n* [IronRDP](https://github.com/Devolutions/IronRDP)\n* [Python SSPI Library](https://github.com/jborean93/sspilib)\n* [NetExec](https://github.com/Pennyw0rth/NetExec)\n* [LDAP client library](https://github.com/kanidm/ldap3/blob/master/proto/examples/sasltest/main.rs)\n* [Remote Desktop Manager](https://devolutions.net/remote-desktop-manager/)\n\n(Feel free to open a PR if you know about other projects!)\n\n## License\n\nLicensed under either of:\n\n * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)\n * [MIT license](http://opensource.org/licenses/MIT)\n\nat your option.\n\n### Contribution\n\nUnless you explicitly state otherwise, any contribution intentionally submitted\nfor inclusion in the work by you, as defined in the Apache-2.0 license, shall be\ndual licensed as above, without any additional terms or conditions.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevolutions%2Fsspi-rs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdevolutions%2Fsspi-rs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevolutions%2Fsspi-rs/lists"}