d10b4b9921
- Update to version 0.12.0 * Drop support for Python 3.7 - new minimum is 3.9+. * Add official support for Python 3.14. * Fix CredSSP server certificate generation to limit CN name to 64 characters. * Added support for specifying credentials for spnego.server using the credentials kwarg. This currently only works on Windows/SSPI when specifying a keytab credential for the service.
Matej Cepl2025-09-12 21:45:41 +00:00
8814032a95
Accepting request 1301254 from devel:languages:python
Ana Guerrero2025-08-25 18:39:22 +00:00
992423b8e1
- Convert to libalternatives on SLE-16-based and newer systems
Markéta Machová2025-08-25 11:40:46 +00:00
ecf2d9a7a3
- Update to version 0.11.2 * Fix CredSSP acceptor with LibreSSL. * Bump dev deps and add 3.13 support. * Update integration tests for 3.13.
Matej Cepl2024-11-12 01:22:32 +00:00
ad422dc163
- update to 0.11.1: * Import ARC4 cipher from the new decrepits module sub- package, this removes the warning issued in newer versions of the cryptography library
Dirk Mueller2024-08-05 19:05:00 +00:00
0082384201
Accepting request 1183547 from devel:languages:python
Ana Guerrero2024-06-27 14:04:51 +00:00
f37b1961cd
- update to 0.11.0: * Support input password string encoded with the surrogatepass error option * This allows the caller to provide a password for a gMSA or machine account that could contain invalid surrogate pairs for both NTLM and Kerberos auth. * Stop using deprecated datetime.dateime.utcnow() for CredSSP acceptor context
Dirk Mueller2024-06-20 07:38:04 +00:00
69fc699358
Accepting request 1179527 from devel:languages:python
Ana Guerrero2024-06-09 18:23:20 +00:00
825ed23247
- update to 0.10.2: * Another rename of the sspi package dependency to sspilib * Rename sspi package dependency to sspic to avoid conflicts with pywin32 * Drop support for Python 3.7 - new minimum is 3.8+ * Moved SSPI bindings out into a separate package called sspi This simplifies this project as it doesn't have to worry about SSPI correctness. The sspi package improves performance and memory allocation with a more robust API * Fixes an issue with Cython 3 allowing it to align with more modern versions going forward - Update to 0.6.1 - Update to 0.6.0 of NegotiateProxy before any contexts have been set up
Dirk Mueller2024-06-08 22:37:38 +00:00
783f33c9a1
Accepting request 1109000 from devel:languages:python
Ana Guerrero2023-09-06 16:56:56 +00:00
8454540d22
- update to 0.9.0: * Added the spnego.ContextReq.dce_style flag to enable DCE authentication mode * The value for spnego.iov.BufferType.sign_only on SSPI has changed from representing SECBUFFER_MECHLIST to SECBUFFER_READONLY_WITH_CHECKSUM * Added the IOV buffer type spnego.iov.BufferType.data_readonly * Added limited support for wrap_iov and unwrap_iov in the Python NTLM context provider. * Added the query_message_sizes() function on a context to retrieve the important message sizes Currently this only contains the size of the message header, also known as the signature or security trailer * Added the spnego.ContextReq.no_integrity flag to disable integrity/confidentiality on Kerberos/Negotiate contexts * Added optional kwargs to step() on a security context channel_bindings * Added support for decoding the following TLS payloads with python -m spnego --token ... * Client Hello * Server Hello * Certificate * Server Key Exchange * Client Key Exchange * Certificate Request * Added the new_context() method on the context proxies to provide an easy and efficient way to re-use the context credentials and options for a new context * Removed use of gssntlmssp to simplify codebase and ensure a
Dirk Mueller2023-05-10 07:05:37 +00:00
9daa847c76
Accepting request 1085736 from home:ojkastl_buildservice:Branch_devel_languages_python
Dirk Mueller2023-05-09 20:48:09 +00:00
10eb0f3d90
- update to 0.5.0: * Added the auth_stage extra_info for a CredSSP context to give a human friendly indication of what sub auth stage it is up to. * Added the protocol_version extra_info for a CredSSP context to return the negotiated CredSSP protocol version. * Added the credssp_min_protocol keyword argument for a CredSSP context to set a minimum version the caller will accept of the peer. * This can be set to 5+ to ensure the peer supports and applies the mitigations for CVE-2018-0886. * Added safeguards when trying to retrieve the completed context attributes of NegotiateProxy before any contexts have been set up
Dirk Mueller2022-10-01 12:15:51 +00:00
70dcd9cebe
- update to 0.4.0: * Add usage argument for tls.default_tls_context to control whether the context is for a initiator or acceptor * Add type annotations and include py.typed in the package for downstream library use * Expose the ContextProxy class for type annotation use * Added get_extra_info to ContextProxy to expose a common way to retrieve context specific information, this is currently used by CredSSP to retrieve * client_credential: The delegated client credential for acceptors once the context is complete * sslcontext: The SSL context used to create the TLS object * ssl_object: The TLS object used during the CredSSP exchange * The client_credential property on CredSSP has been removed in favour of context.get_extra_info('client_credential') * Added support for custom credential types * Can be used to for things like NTLM authentication with NT/LM hashes, Kerberos with a keytab or from an explicit CCache, etc * Support calling SSPI through pyspnego's Negotiate proxy context * This allows users on Windows to still use Negotiate auth but with a complex set of credentials * Also opens up the ability to use Negotiate but only with Kerberos auth * The username and password property on the auth context object are deprecated and will return None` until it is removed in a future release
Dirk Mueller2022-02-22 09:29:14 +00:00
Daniel Garcia Moreno
Ana Guerrero
Matej Cepl
Markéta Machová
Dominique Leuenberger
Dirk Mueller
Martin Hauke
Tomáš Chvátal