------------------------------------------------------------------- Sat Oct 1 12:14:25 UTC 2022 - Dirk Müller - update to 0.5.0: * Added the `auth_stage` extra_info for a CredSSP context to give a human friendly indication of what sub auth stage it is up to. * Added the `protocol_version` extra_info for a CredSSP context to return the negotiated CredSSP protocol version. * Added the `credssp_min_protocol` keyword argument for a CredSSP context to set a minimum version the caller will accept of the peer. * This can be set to `5+` to ensure the peer supports and applies the mitigations for CVE-2018-0886. * Added safeguards when trying to retrieve the completed context attributes of `NegotiateProxy` before any contexts have been set up ------------------------------------------------------------------- Tue Feb 22 09:26:20 UTC 2022 - Dirk Müller - update to 0.4.0: * Add `usage` argument for `tls.default_tls_context` to control whether the context is for a initiator or acceptor * Add type annotations and include `py.typed` in the package for downstream library use * Expose the `ContextProxy` class for type annotation use * Added `get_extra_info` to `ContextProxy` to expose a common way to retrieve context specific information, this is currently used by CredSSP to retrieve * `client_credential`: The delegated client credential for acceptors once the context is complete * `sslcontext`: The SSL context used to create the TLS object * `ssl_object`: The TLS object used during the CredSSP exchange * The `client_credential` property on `CredSSP` has been removed in favour of `context.get_extra_info('client_credential') * Added support for custom credential types * Can be used to for things like NTLM authentication with NT/LM hashes, Kerberos with a keytab or from an explicit CCache, etc * Support calling SSPI through `pyspnego`'s Negotiate proxy context * This allows users on Windows to still use Negotiate auth but with a complex set of credentials * Also opens up the ability to use Negotiate but only with Kerberos auth * The `username` and `password` property on the auth context object are deprecated and will return `None` until it is removed in a future release ------------------------------------------------------------------- Sat Nov 6 11:10:17 UTC 2021 - Ben Greiner - Reactivate python36 build ------------------------------------------------------------------- Fri Oct 29 18:44:17 UTC 2021 - Martin Hauke - Update to version 0.3.1 * Do not convert GSSAPI service to lowercase for GSSAPI and uppercase for SSPI * SPNs are case insensitive on Windows but case sensitive on Linux * Convering the service portion to upper or lower case could cause problems finding the target server on non-Windows GSSAPI implementations ------------------------------------------------------------------- Mon Oct 25 19:41:06 UTC 2021 - Martin Hauke - Update to version 0.3.0 Packaging Changes * Changed project structure to a src layout * Include both Cython pyx/pyd and C files for SSPI in the sdist generated * Added Python 3.10 wheel Bugfixes * Ensure bad SPNEGO token inputs are raised as InvalidTokenError rather than struct.error - Update to version 0.2.0 Breaking Changes * Drop support for Python 2.7 and 3.5 - new minimum is 3.6+ * Made the gss, negotiate, ntlm, sspi exports private, use the spnego.client and spnego.server functions instead + A deprecation warning is raised when importing from these package directly and this will be removed in the next major release Features * Added support for CredSSP authentication using protocol='credssp' * Allow optional keyword arguments to be used with spnego.client and spnego.server to control authentication specific options Bugfixes * Use Kerberos API to acquire Kerberos credential to get a forwardable token in a thread safe manner * Fix default credential logic when no username is provided based on GSSAPI rules rather than just the default principal * Ignore SPNEGO mechListMIC if it contains the same value as the responseToken due to an old Windows SPNEGO logic bug. * Do not use SSPI when auth='ntlm' and the password is in the form {lm_hash}:{nt_hash} ------------------------------------------------------------------- Thu May 13 16:27:28 UTC 2021 - Martin Hauke - Update to version 0.1.6 * Change enum type of iov.BufferType to IntEnum to fix load on Python 3.10 - #10 * Make pyspnego-parse and entry point which uses __main__.py in the spnego package. This allows users to use the parser script by running python -m spnego --token ... ------------------------------------------------------------------- Tue Jan 12 09:47:29 UTC 2021 - Martin Hauke - Update to version 0.1.5 * Respect NETBIOS_COMPUTER_NAME when getting the workstation name for NTLM tokens. This matches the behaviour of gss-ntlmssp to ensure a consistent approach. ------------------------------------------------------------------- Fri Dec 4 08:13:16 UTC 2020 - Martin Hauke - Update to version 0.1.4 * Only send negState: request-mic for the first reply from an acceptor for Negotiate auth. * Strict interpretations of SPNEGO will fail if the initiator sends this state as it is against the RFC. ------------------------------------------------------------------- Thu Oct 29 16:47:02 UTC 2020 - Martin Hauke - Update to version 0.1.3 * Added Python 3.9 to CI ------------------------------------------------------------------- Sun Oct 25 15:53:36 UTC 2020 - Martin Hauke - Update to version 0.1.2 * Fix up WinRM wrapping on SSPI - Update to version 0.1.1 * Include the cython files in the built sdist ------------------------------------------------------------------- Sat Aug 22 14:27:14 UTC 2020 - Martin Hauke - Initial package, version 0.1.0