2022-10-01 12:15:51 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Oct 1 12:14:25 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
|
|
- update to 0.5.0:
|
|
|
|
|
* Added the `auth_stage` extra_info for a CredSSP context to give a human
|
|
|
|
|
friendly indication of what sub auth stage it is up to.
|
|
|
|
|
* Added the `protocol_version` extra_info for a CredSSP context to return the
|
|
|
|
|
negotiated CredSSP protocol version.
|
|
|
|
|
* Added the `credssp_min_protocol` keyword argument for a CredSSP context to
|
|
|
|
|
set a minimum version the caller will accept of the peer.
|
|
|
|
|
* This can be set to `5+` to ensure the peer supports and applies the mitigations for CVE-2018-0886.
|
|
|
|
|
* Added safeguards when trying to retrieve the completed context attributes
|
|
|
|
|
of `NegotiateProxy` before any contexts have been set up
|
|
|
|
|
|
2022-02-22 09:29:14 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Feb 22 09:26:20 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
|
|
- update to 0.4.0:
|
|
|
|
|
* Add `usage` argument for `tls.default_tls_context` to control whether the
|
|
|
|
|
context is for a initiator or acceptor
|
|
|
|
|
* Add type annotations and include `py.typed` in the package for downstream
|
|
|
|
|
library use
|
|
|
|
|
* Expose the `ContextProxy` class for type annotation use
|
|
|
|
|
* Added `get_extra_info` to `ContextProxy` to expose a common way to retrieve
|
|
|
|
|
context specific information, this is currently used by CredSSP to retrieve
|
|
|
|
|
* `client_credential`: The delegated client credential for acceptors
|
|
|
|
|
once the context is complete
|
|
|
|
|
* `sslcontext`: The SSL context used to create the TLS object
|
|
|
|
|
* `ssl_object`: The TLS object used during the CredSSP exchange
|
|
|
|
|
* The `client_credential` property on `CredSSP` has been removed in
|
|
|
|
|
favour of `context.get_extra_info('client_credential')
|
|
|
|
|
* Added support for custom credential types
|
|
|
|
|
* Can be used to for things like NTLM authentication with NT/LM hashes,
|
|
|
|
|
Kerberos with a keytab or from an explicit CCache, etc
|
|
|
|
|
* Support calling SSPI through `pyspnego`'s Negotiate proxy context
|
|
|
|
|
* This allows users on Windows to still use Negotiate auth but with a
|
|
|
|
|
complex set of credentials
|
|
|
|
|
* Also opens up the ability to use Negotiate but only with Kerberos auth
|
|
|
|
|
* The `username` and `password` property on the auth context object are
|
|
|
|
|
deprecated and will return `None` until it is removed in a future release
|
|
|
|
|
|
2021-11-07 14:31:24 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Nov 6 11:10:17 UTC 2021 - Ben Greiner <code@bnavigator.de>
|
|
|
|
|
|
|
|
|
|
- Reactivate python36 build
|
|
|
|
|
|
2021-11-02 18:10:15 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Oct 29 18:44:17 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.3.1
|
|
|
|
|
* Do not convert GSSAPI service to lowercase for GSSAPI and
|
|
|
|
|
uppercase for SSPI
|
|
|
|
|
* SPNs are case insensitive on Windows but case sensitive on
|
|
|
|
|
Linux
|
|
|
|
|
* Convering the service portion to upper or lower case could
|
|
|
|
|
cause problems finding the target server on non-Windows
|
|
|
|
|
GSSAPI implementations
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Oct 25 19:41:06 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.3.0
|
|
|
|
|
Packaging Changes
|
|
|
|
|
* Changed project structure to a src layout
|
|
|
|
|
* Include both Cython pyx/pyd and C files for SSPI in the
|
|
|
|
|
sdist generated
|
|
|
|
|
* Added Python 3.10 wheel
|
|
|
|
|
Bugfixes
|
|
|
|
|
* Ensure bad SPNEGO token inputs are raised as InvalidTokenError
|
|
|
|
|
rather than struct.error
|
|
|
|
|
- Update to version 0.2.0
|
|
|
|
|
Breaking Changes
|
|
|
|
|
* Drop support for Python 2.7 and 3.5 - new minimum is 3.6+
|
|
|
|
|
* Made the gss, negotiate, ntlm, sspi exports private, use the
|
|
|
|
|
spnego.client and spnego.server functions instead
|
|
|
|
|
+ A deprecation warning is raised when importing from these
|
|
|
|
|
package directly and this will be removed in the next major
|
|
|
|
|
release
|
|
|
|
|
Features
|
|
|
|
|
* Added support for CredSSP authentication using
|
|
|
|
|
protocol='credssp'
|
|
|
|
|
* Allow optional keyword arguments to be used with spnego.client
|
|
|
|
|
and spnego.server to control authentication specific options
|
|
|
|
|
Bugfixes
|
|
|
|
|
* Use Kerberos API to acquire Kerberos credential to get a
|
|
|
|
|
forwardable token in a thread safe manner
|
|
|
|
|
* Fix default credential logic when no username is provided
|
|
|
|
|
based on GSSAPI rules rather than just the default principal
|
|
|
|
|
* Ignore SPNEGO mechListMIC if it contains the same value as
|
|
|
|
|
the responseToken due to an old Windows SPNEGO logic bug.
|
|
|
|
|
* Do not use SSPI when auth='ntlm' and the password is in the
|
|
|
|
|
form {lm_hash}:{nt_hash}
|
|
|
|
|
|
2021-05-14 06:52:22 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu May 13 16:27:28 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.1.6
|
|
|
|
|
* Change enum type of iov.BufferType to IntEnum to fix load on
|
|
|
|
|
Python 3.10 - #10
|
|
|
|
|
* Make pyspnego-parse and entry point which uses __main__.py in
|
|
|
|
|
the spnego package. This allows users to use the parser script
|
|
|
|
|
by running python -m spnego --token ...
|
|
|
|
|
|
2021-01-12 14:25:49 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 12 09:47:29 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.1.5
|
|
|
|
|
* Respect NETBIOS_COMPUTER_NAME when getting the workstation
|
|
|
|
|
name for NTLM tokens. This matches the behaviour of gss-ntlmssp
|
|
|
|
|
to ensure a consistent approach.
|
|
|
|
|
|
2020-12-04 09:52:01 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Dec 4 08:13:16 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.1.4
|
|
|
|
|
* Only send negState: request-mic for the first reply from an
|
|
|
|
|
acceptor for Negotiate auth.
|
|
|
|
|
* Strict interpretations of SPNEGO will fail if the initiator
|
|
|
|
|
sends this state as it is against the RFC.
|
|
|
|
|
|
2020-10-30 12:31:31 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Oct 29 16:47:02 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.1.3
|
|
|
|
|
* Added Python 3.9 to CI
|
|
|
|
|
|
2020-10-25 17:24:13 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Oct 25 15:53:36 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.1.2
|
|
|
|
|
* Fix up WinRM wrapping on SSPI
|
|
|
|
|
- Update to version 0.1.1
|
|
|
|
|
* Include the cython files in the built sdist
|
|
|
|
|
|
2020-08-25 11:32:01 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Aug 22 14:27:14 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
|
|
|
|
|
|
- Initial package, version 0.1.0
|
