* Support input password string encoded with the
`surrogatepass` error option
* This allows the caller to provide a password for a gMSA or
machine account that could contain invalid surrogate pairs
for both NTLM and Kerberos auth.
* Stop using deprecated `datetime.dateime.utcnow()` for CredSSP
acceptor context
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyspnego?expand=0&rev=29
* Another rename of the `sspi` package dependency to `sspilib`
* Rename `sspi` package dependency to `sspic` to avoid
conflicts with pywin32
* Drop support for Python 3.7 - new minimum is 3.8+
* Moved SSPI bindings out into a separate package called `sspi`
This simplifies this project as it doesn't have to worry
about SSPI correctness. The `sspi` package improves
performance and memory allocation with a more robust API
* Fixes an issue with Cython 3 allowing it to align with more
modern versions going forward
- Update to 0.6.1
- Update to 0.6.0
of `NegotiateProxy` before any contexts have been set up
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyspnego?expand=0&rev=27
* Added the `spnego.ContextReq.dce_style` flag to enable DCE
authentication mode
* The value for `spnego.iov.BufferType.sign_only` on SSPI has
changed from representing `SECBUFFER_MECHLIST` to
`SECBUFFER_READONLY_WITH_CHECKSUM`
* Added the IOV buffer type
`spnego.iov.BufferType.data_readonly`
* Added limited support for `wrap_iov` and `unwrap_iov` in the
Python NTLM context provider.
* Added the `query_message_sizes()` function on a context to
retrieve the important message sizes
Currently this only contains the size of the message
`header`, also known as the signature or security trailer
* Added the `spnego.ContextReq.no_integrity` flag to disable
integrity/confidentiality on Kerberos/Negotiate contexts
* Added optional kwargs to `step()` on a security context
`channel_bindings`
* Added support for decoding the following TLS payloads with
`python -m spnego --token ...`
* Client Hello
* Server Hello
* Certificate
* Server Key Exchange
* Client Key Exchange
* Certificate Request
* Added the `new_context()` method on the context proxies to
provide an easy and efficient way to re-use the context
credentials and options for a new context
* Removed use of `gssntlmssp` to simplify codebase and ensure a
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyspnego?expand=0&rev=23
- Update to 0.6.0
* Drop support for Python 3.6 - new minimum is 3.7+
* Moved setuptools config into pyproject.toml and made Cython a build requirement for Windows
For most users this is a hidden change
If a tool follows the PEP 517 standard, like pip, this build dependency will work automatically
The pre cythonised files are no longer included in the sdist going forward
- Update to 0.5.4
* Fix str of enum values when running in Python 3.11 to be consistent with older versions
* Support gssapi on 1.5.x which comes with RHEL 8.
- Update to 0.5.3
* Fix heap allocation errors when running with heap allocation monitoring on Windows
- Update to 0.5.2
* Added custom MD4 hashing code for NTLM to use.
Newer Linux distributions ship with OpenSSL 3.x which typically disables MD4 breaking the use of hashlib.new('md4', b"")
Using this custom code allows NTLM to continue to work
While it's bad to continue to use older hashing mechanisms in this case there is no valid alternative available
- Update to 0.5.1
* Call gss_inquire_sec_context_by_oid(ctx, spnego_req_mechlistMIC_oid) when using pure NTLM over GSSAPI to ensure the token contains a MIC
OBS-URL: https://build.opensuse.org/request/show/1032054
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyspnego?expand=0&rev=18
* Added the `auth_stage` extra_info for a CredSSP context to give a human
friendly indication of what sub auth stage it is up to.
* Added the `protocol_version` extra_info for a CredSSP context to return the
negotiated CredSSP protocol version.
* Added the `credssp_min_protocol` keyword argument for a CredSSP context to
set a minimum version the caller will accept of the peer.
* This can be set to `5+` to ensure the peer supports and applies the mitigations for CVE-2018-0886.
* Added safeguards when trying to retrieve the completed context attributes
of `NegotiateProxy` before any contexts have been set up
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyspnego?expand=0&rev=16
* Add `usage` argument for `tls.default_tls_context` to control whether the
context is for a initiator or acceptor
* Add type annotations and include `py.typed` in the package for downstream
library use
* Expose the `ContextProxy` class for type annotation use
* Added `get_extra_info` to `ContextProxy` to expose a common way to retrieve
context specific information, this is currently used by CredSSP to retrieve
* `client_credential`: The delegated client credential for acceptors
once the context is complete
* `sslcontext`: The SSL context used to create the TLS object
* `ssl_object`: The TLS object used during the CredSSP exchange
* The `client_credential` property on `CredSSP` has been removed in
favour of `context.get_extra_info('client_credential')
* Added support for custom credential types
* Can be used to for things like NTLM authentication with NT/LM hashes,
Kerberos with a keytab or from an explicit CCache, etc
* Support calling SSPI through `pyspnego`'s Negotiate proxy context
* This allows users on Windows to still use Negotiate auth but with a
complex set of credentials
* Also opens up the ability to use Negotiate but only with Kerberos auth
* The `username` and `password` property on the auth context object are
deprecated and will return `None` until it is removed in a future release
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyspnego?expand=0&rev=15
- Update to version 0.3.1
* Do not convert GSSAPI service to lowercase for GSSAPI and
uppercase for SSPI
* SPNs are case insensitive on Windows but case sensitive on
Linux
* Convering the service portion to upper or lower case could
cause problems finding the target server on non-Windows
GSSAPI implementations
- Update to version 0.3.0
Packaging Changes
* Changed project structure to a src layout
* Include both Cython pyx/pyd and C files for SSPI in the
sdist generated
* Added Python 3.10 wheel
Bugfixes
* Ensure bad SPNEGO token inputs are raised as InvalidTokenError
rather than struct.error
- Update to version 0.2.0
Breaking Changes
* Drop support for Python 2.7 and 3.5 - new minimum is 3.6+
* Made the gss, negotiate, ntlm, sspi exports private, use the
spnego.client and spnego.server functions instead
+ A deprecation warning is raised when importing from these
package directly and this will be removed in the next major
release
Features
* Added support for CredSSP authentication using
protocol='credssp'
* Allow optional keyword arguments to be used with spnego.client
OBS-URL: https://build.opensuse.org/request/show/928206
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyspnego?expand=0&rev=13
