Devolutions
diff --git a/‎.github/workflows/ci.yml
Lines changed: 40 additions & 6 deletions b/‎.github/workflows/ci.yml
Lines changed: 40 additions & 6 deletions
diff --git a/‎Cargo.toml
Lines changed: 3 additions & 0 deletions b/‎Cargo.toml
Lines changed: 3 additions & 0 deletions
diff --git a/‎ffi/Cargo.toml
Lines changed: 5 additions & 1 deletion b/‎ffi/Cargo.toml
Lines changed: 5 additions & 1 deletion
diff --git a/‎ffi/src/common.rs
Lines changed: 4 additions & 2 deletions b/‎ffi/src/common.rs
Lines changed: 4 additions & 2 deletions
diff --git a/‎ffi/src/sec_buffer.rs
Lines changed: 4 additions & 2 deletions b/‎ffi/src/sec_buffer.rs
Lines changed: 4 additions & 2 deletions
@@ -26,26 +26,60 @@ jobs:
           }
   
   lints:
-    name: Lints
-    runs-on: ubuntu-latest
+    name: Lints [${{ matrix.os }}]
+    runs-on: ${{ matrix.runner }}
     needs: formatting
+    strategy:
+      fail-fast: true
+      matrix:
+        os: [ win, osx, linux ]
+        include:
+          - os: win
+            runner: windows-2022
+            features: tsssp,debug_mode
+          - os: osx
+            runner: macos-12
+            features: debug_mode
+          - os: linux
+            runner: ubuntu-20.04
+            features: debug_mode
 
     steps:
       - uses: actions/checkout@v3
 
+      # Compiling the ffi module is enough to lint the whole sspi workspace
       - name: Check clippy
-        run: cargo clippy --workspace --all-features -- -D warnings
+        run: cargo clippy --manifest-path ffi/Cargo.toml --features ${{ matrix.features }} -- -D warnings
 
   tests:
-    name: Tests
-    runs-on: ubuntu-latest
+    name: Tests [${{ matrix.os }}] [${{ matrix.crate-name }}]
+    runs-on: ${{ matrix.runner }}
     needs: formatting
+    strategy:
+      fail-fast: true
+      matrix:
+        os: [ win, osx, linux ]
+        manifest: [ Cargo.toml, ffi/Cargo.toml ]
+        include:
+          - manifest: Cargo.toml
+            crate-name: sspi
+          - manifest: ffi/Cargo.toml
+            crate-name: sspi-ffi
+          - os: win
+            runner: windows-2022
+            features: tsssp
+          - os: osx
+            runner: macos-12
+            features: default
+          - os: linux
+            runner: ubuntu-20.04
+            features: default
 
     steps:
       - uses: actions/checkout@v3
 
       - name: Test
-        run: cargo test --workspace --all-features
+        run: cargo test --manifest-path ${{ matrix.manifest }} --features ${{ matrix.features }}
 
   wasm:
     name: WASM target
 
@@ -24,6 +24,8 @@ exclude = [
 default = []
 network_client = ["dep:reqwest", "dep:portpicker"]
 dns_resolver = ["dep:trust-dns-resolver"]
+# TSSSP should be used only on Windows as a native CREDSSP replacement
+tsssp = ["dep:rustls"]
 
 [dependencies]
 byteorder = "1.2.7"
@@ -55,6 +57,7 @@ trust-dns-resolver = { version = "0.21.2", optional = true }
 portpicker = { version = "0.1.1", optional = true }
 num-bigint-dig = "0.8.1"
 tracing = { version = "0.1.37" }
+rustls = { version = "0.20.7", features = ["dangerous_configuration"], optional = true }
 
 [target.'cfg(windows)'.dependencies]
 winreg = "0.10"
 
@@ -13,18 +13,22 @@ name = "sspi"
 crate-type = ["cdylib"]
 
 [features]
+default = []
 debug_mode = ["dep:tracing", "dep:tracing-subscriber"]
+tsssp = ["sspi/tsssp"]
 
 [dependencies]
 cfg-if = "0.1"
-sspi = { path = "..", features = ["network_client", "dns_resolver"] }
 libc = "0.2"
 num-traits = "0.2"
 whoami = "1.2.3"
+sspi = { path = "..", features = ["network_client", "dns_resolver"] }
 
 # For debugging only
 tracing = { version = "0.1.37", optional = true }
 tracing-subscriber = { version = "0.3.16", features = ["std", "fmt", "local-time", "env-filter"], optional = true }
 
 [target.'cfg(windows)'.dependencies]
 symbol-rename-macro = { path = "./symbol-rename-macro" }
+winapi = "0.3.9"
+windows-sys = { version = "0.42.0", features = ["Win32_Security_Authentication_Identity", "Win32_Security_Credentials", "Win32_Foundation"] }
@@ -308,7 +308,6 @@ pub unsafe extern "system" fn DecryptMessage(
     catch_panic! {
         check_null!(ph_context);
         check_null!(p_message);
-        check_null!(pf_qop);
 
         let sspi_context = try_execute!(p_ctxt_handle_to_sspi_context(
             &mut ph_context,
@@ -329,7 +328,10 @@ pub unsafe extern "system" fn DecryptMessage(
             };
 
         copy_to_c_sec_buffer((*p_message).p_buffers, &message, false);
-        *pf_qop = decryption_flags.bits().try_into().unwrap();
+        // `pf_qop` can be null if this library is used as a CredSsp security package
+        if !pf_qop.is_null() {
+            *pf_qop = decryption_flags.bits().try_into().unwrap();
+        }
 
         try_execute!(result_status);
 
 
@@ -6,7 +6,7 @@ use libc::c_char;
 use libc::c_uint;
 #[cfg(target_os = "windows")]
 use libc::c_ulong;
-use num_traits::FromPrimitive;
+use num_traits::{FromPrimitive, ToPrimitive};
 use sspi::{SecurityBuffer, SecurityBufferType};
 
 #[cfg(target_os = "windows")]
@@ -18,6 +18,7 @@ pub struct SecBuffer {
 }
 
 #[cfg(not(target_os = "windows"))]
+#[derive(Debug)]
 #[repr(C)]
 pub struct SecBuffer {
     pub cb_buffer: c_uint,
@@ -66,7 +67,8 @@ pub(crate) unsafe fn copy_to_c_sec_buffer(to_buffers: PSecBuffer, from_buffers:
         let buffer = &from_buffers[i];
         let buffer_size = buffer.buffer.len();
         to_buffers[i].cb_buffer = buffer_size.try_into().unwrap();
-        if allocate {
+        to_buffers[i].buffer_type = buffer.buffer_type.to_u32().unwrap();
+        if allocate || to_buffers[i].pv_buffer.is_null() {
             let memory_layout = Layout::from_size_align_unchecked(buffer_size, 8);
             to_buffers[i].pv_buffer = alloc(memory_layout) as *mut c_char;
         }