Revisions of python-pyspnego
- update to 0.10.2: * Another rename of the `sspi` package dependency to `sspilib` * Rename `sspi` package dependency to `sspic` to avoid conflicts with pywin32 * Drop support for Python 3.7 - new minimum is 3.8+ * Moved SSPI bindings out into a separate package called `sspi` This simplifies this project as it doesn't have to worry about SSPI correctness. The `sspi` package improves performance and memory allocation with a more robust API * Fixes an issue with Cython 3 allowing it to align with more modern versions going forward - Update to 0.6.1 - Update to 0.6.0 of `NegotiateProxy` before any contexts have been set up
- update to 0.9.0: * Added the `spnego.ContextReq.dce_style` flag to enable DCE authentication mode * The value for `spnego.iov.BufferType.sign_only` on SSPI has changed from representing `SECBUFFER_MECHLIST` to `SECBUFFER_READONLY_WITH_CHECKSUM` * Added the IOV buffer type `spnego.iov.BufferType.data_readonly` * Added limited support for `wrap_iov` and `unwrap_iov` in the Python NTLM context provider. * Added the `query_message_sizes()` function on a context to retrieve the important message sizes Currently this only contains the size of the message `header`, also known as the signature or security trailer * Added the `spnego.ContextReq.no_integrity` flag to disable integrity/confidentiality on Kerberos/Negotiate contexts * Added optional kwargs to `step()` on a security context `channel_bindings` * Added support for decoding the following TLS payloads with `python -m spnego --token ...` * Client Hello * Server Hello * Certificate * Server Key Exchange * Client Key Exchange * Certificate Request * Added the `new_context()` method on the context proxies to provide an easy and efficient way to re-use the context credentials and options for a new context * Removed use of `gssntlmssp` to simplify codebase and ensure a
- update to 0.5.0: * Added the `auth_stage` extra_info for a CredSSP context to give a human friendly indication of what sub auth stage it is up to. * Added the `protocol_version` extra_info for a CredSSP context to return the negotiated CredSSP protocol version. * Added the `credssp_min_protocol` keyword argument for a CredSSP context to set a minimum version the caller will accept of the peer. * This can be set to `5+` to ensure the peer supports and applies the mitigations for CVE-2018-0886. * Added safeguards when trying to retrieve the completed context attributes of `NegotiateProxy` before any contexts have been set up
- update to 0.4.0: * Add `usage` argument for `tls.default_tls_context` to control whether the context is for a initiator or acceptor * Add type annotations and include `py.typed` in the package for downstream library use * Expose the `ContextProxy` class for type annotation use * Added `get_extra_info` to `ContextProxy` to expose a common way to retrieve context specific information, this is currently used by CredSSP to retrieve * `client_credential`: The delegated client credential for acceptors once the context is complete * `sslcontext`: The SSL context used to create the TLS object * `ssl_object`: The TLS object used during the CredSSP exchange * The `client_credential` property on `CredSSP` has been removed in favour of `context.get_extra_info('client_credential') * Added support for custom credential types * Can be used to for things like NTLM authentication with NT/LM hashes, Kerberos with a keytab or from an explicit CCache, etc * Support calling SSPI through `pyspnego`'s Negotiate proxy context * This allows users on Windows to still use Negotiate auth but with a complex set of credentials * Also opens up the ability to use Negotiate but only with Kerberos auth * The `username` and `password` property on the auth context object are deprecated and will return `None` until it is removed in a future release
Displaying all 15 revisions