### Example: Obtain Client P2P Certificate Source: https://github.com/devolutions/sspi-rs/blob/master/tools/aadjoin/README.md Demonstrates how to obtain a P2P client authentication certificate using an existing device PFX file. Requires device PFX path, password, domain, username, and password. ```bash AADJoin.exe --existing-device 03b8620d-12ff-48ee-b036-e1cf4c598609.pfx --pfx-key-password 03b8620d-12ff-48ee-b036-e1cf4c598609 --domain dataans.com --username s10@dataans.com --password wwwWWW222@@@ --client-p2p-cert ``` -------------------------------- ### Example: Join New Device to Azure AD Source: https://github.com/devolutions/sspi-rs/blob/master/tools/aadjoin/README.md Demonstrates how to use the AADJoin tool to create and join a new device to Azure AD. This command requires domain, username, and password. ```bash AADJoin.exe --join-new-device --domain dataans.com --username s10@dataans.com --password wwwWWW222@@@ ``` -------------------------------- ### Example: Obtain Server P2P Certificate Source: https://github.com/devolutions/sspi-rs/blob/master/tools/aadjoin/README.md Shows how to obtain a P2P server authentication certificate using an existing device PFX file. Requires device PFX path, password, domain, username, and password. ```bash AADJoin.exe --existing-device 03b8620d-12ff-48ee-b036-e1cf4c598609.pfx --pfx-key-password 03b8620d-12ff-48ee-b036-e1cf4c598609 --domain dataans.com --username s10@dataans.com --password wwwWWW222@@@ --server-p2p-cert ``` -------------------------------- ### Acquire Credentials and Initialize Security Context with NTLM Source: https://github.com/devolutions/sspi-rs/blob/master/README.md Demonstrates acquiring credentials handle and initializing a security context using the NTLM Security Support Provider. This example shows the builder pattern for setting context requirements and target information. ```rust use sspi::{CredentialUse, Ntlm, Sspi, Username, builders::EmptyInitializeSecurityContext, SecurityBuffer, ClientRequestFlags, DataRepresentation, BufferType, SspiImpl}; fn main() { let account_name = "example_user"; let computer_name = "example_computer"; let mut ntlm = Ntlm::new(); let username = Username::new(&account_name, Some(&computer_name)).unwrap(); let identity = sspi::AuthIdentity { username, password: String::from("example_password").into(), }; let mut acq_cred_result = ntlm .acquire_credentials_handle() .with_credential_use(CredentialUse::Outbound) .with_auth_data(&identity) .execute() .unwrap(); let mut output_buffer = vec![SecurityBuffer::new(Vec::new(), BufferType::Token)]; // first time calling initialize_security_context, the input buffer should be empty let mut input_buffer = vec![SecurityBuffer::new(Vec::new(), BufferType::Token)]; // create a builder for the first call to initialize_security_context // the target should start with the protocol name, e.g. "HTTP/example.com" or "LDAP/example.com" let mut builder = EmptyInitializeSecurityContext::<::CredentialsHandle>::new() .with_credentials_handle(&mut acq_cred_result.credentials_handle) .with_context_requirements(ClientRequestFlags::CONFIDENTIALITY | ClientRequestFlags::ALLOCATE_MEMORY) .with_target_data_representation(DataRepresentation::Native) .with_target_name("LDAP/example.com") .with_input(&mut input_buffer) .with_output(&mut output_buffer); // call initialize_security_context // Note: the initialize_security_context_impl returns a generator, for NTLM, // this generator will never yield as NTLM requires no network communication to a third party // but negotiate and kerberos do require network communication, so the generator is used to // allow the caller to provide the network information through the generator.resume() method // take a look at the examples/kerberos.rs for more information let _result = ntlm .initialize_security_context_impl(&mut builder) .resolve_to_result() .unwrap(); // ... exchange your token in output buffer with the server and repeat the process until either server is satisfied or an error is thrown } ``` -------------------------------- ### Acquire Negotiate Security Package Source: https://github.com/devolutions/sspi-rs/blob/master/README.md Shows how to acquire a security package provided by Windows, specifically the 'Negotiate' package. This is useful for interacting with native Windows security mechanisms. ```rust let mut negotiate = SecurityPackage::from_package_type( SecurityPackageType::Other(String::from("Negotiate")) ); ``` -------------------------------- ### Generated Files for New Device Join Source: https://github.com/devolutions/sspi-rs/blob/master/tools/aadjoin/README.md Lists the files generated after successfully joining a new device to Azure AD, including the device key, certificate request (CSR), and device certificate. ```text 03b8620d-12ff-48ee-b036-e1cf4c598609.key 007bfc57-2504-404c-99f4-6160d1bfe2cb.csr 03b8620d-12ff-48ee-b036-e1cf4c598609.cer ``` -------------------------------- ### AADJoin Command-Line Arguments Source: https://github.com/devolutions/sspi-rs/blob/master/tools/aadjoin/README.md Lists the available command-line options for the AADJoin tool, including flags for joining a new device, obtaining P2P certificates, and providing authentication details. ```bash AADJoin 1.0.0 Copyright (C) 2022 AADJoin -j, --join-new-device Join new device to the Azure AD -c, --client-p2p-cert Obtain P2P certificate for the client authorization -s, --server-p2p-cert Obtain P2P certificate for the server authorization -d, --domain Required. Azure AD domain -u, --username Required. User Azure AD username in FQDN format -p, --password Required. User password -e, --existing-device Path to the PFX file with the device key + certificate -f, --pfx-key-password PFX file password --help Display this help screen. --version Display version information. ``` -------------------------------- ### Existing P2P Certificates Source: https://github.com/devolutions/sspi-rs/blob/master/tools/aadjoin/README.md Lists the P2P certificates that may exist after running the client and server P2P certificate generation commands. ```text 03b8620d-12ff-48ee-b036-e1cf4c598609_client_auth_p2p.cer 03b8620d-12ff-48ee-b036-e1cf4c598609_client_auth_p2p_ca.cer 03b8620d-12ff-48ee-b036-e1cf4c598609_server_auth_p2p.cer 03b8620d-12ff-48ee-b036-e1cf4c598609_server_auth_p2p_ca.cer ``` -------------------------------- ### Generated Files for Client P2P Certificate Source: https://github.com/devolutions/sspi-rs/blob/master/tools/aadjoin/README.md Lists the files generated when obtaining a P2P client authentication certificate, including the client certificate and its CA certificate. ```text 03b8620d-12ff-48ee-b036-e1cf4c598609_client_auth_p2p.cer 03b8620d-12ff-48ee-b036-e1cf4c598609_client_auth_p2p_ca.cer ``` -------------------------------- ### Generated Files for Server P2P Certificate Source: https://github.com/devolutions/sspi-rs/blob/master/tools/aadjoin/README.md Lists the files generated when obtaining a P2P server authentication certificate, including the server certificate and its CA certificate. ```text 03b8620d-12ff-48ee-b036-e1cf4c598609_server_auth_p2p.cer 03b8620d-12ff-48ee-b036-e1cf4c598609_server_auth_p2p_ca.cer ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.