sspi-rs

sspi-rs copied to clipboard

According to the documentation, all encryption should be in place ([src](https://learn.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-encryptmessage)): > The message is encrypted in place, overwriting the original contents of the structure. But the current implementation can...

TheBestTvarynka

Null Identity on AcquireCredentialsHandle results in error

2

If I pass a null identity to AcquireCredentialsHandle I get an error, which is different than what happens in the windows sspi. AcquireCredentialsHandle failed (One or more of the parameters...

pauldumais

Improve Kerberos SSPI and GSSAPI Related Issues

1

> Note: This change might be breaking. Confidentiality and integrity is not implied anymore. User needs to actively specify these two flag to get sign and seal. Don't you always...

irvingoujAtDevolution

Currently, in our [`ffi`](https://github.com/Devolutions/sspi-rs/tree/master/ffi) crate we are using two crates for communication with Windows API: * [winapi](https://docs.rs/winapi/latest/winapi/) * [windows-sys](https://docs.rs/windows-sys/latest/windows_sys/) But the `winapi` crate is abandoned. So we need to remove...

TheBestTvarynka

Maybe I'm doing something wrong here but it doesn't look like the NTLM security package is validating the credentials at all as an acceptor. It does a few things like...

jborean93

If [SEC_WINNT_AUTH_IDENTITY_EXW](https://learn.microsoft.com/en-us/windows/win32/api/sspi/ns-sspi-sec_winnt_auth_identity_exw) PackageList is set to a combination which can't be fulfilled (e.g. only unknown packages are set) then it should fail with `SEC_E_NO_CREDENTIALS`. Currently SSPI fails during the first...

jborean93

Currently when calling `AcquireCredentialsHandle` with an invalid package name it returns `SEC_E_INVALID_PARAMETER` / `InvalidParameter`. When using SSPI actual the return value is actually `SEC_E_SECPKG_NOT_FOUND` / `SecurityPackageNotFound`. It would be great...

jborean93

Support SECBUFFER_READONLY_WITH_CHECKSUM in EncryptMessage and DecryptMessage

1

In order to support RPC message encryption and signing, the `EncryptMessage` and `DecryptMessage` needs to support security buffers marked as `SECBUFFER_READONLY_WITH_CHECKSUM`. This flag indicates the bytes in that buffer are...

jborean93

Would be great to support `SECPKG_ATTR_NAMES` with [QueryContextAttributesW](https://learn.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-querycontextattributesw) to retrieve the client principal name from the authentication context. This is mostly just a helpful function to easily debug/log the username...

jborean93

Would be great to support `SECPKG_ATTR_SESSION_KEY` with [QueryContextAttributesW](https://learn.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-querycontextattributesw) to retrieve the generated session key for the security context. This is needed if you ever want to implement support for SMB...

jborean93