• Files Changed
• Browse Source

- update to 0.9.0:
  * Added the `spnego.ContextReq.dce_style` flag to enable DCE
    authentication mode
  * The value for `spnego.iov.BufferType.sign_only` on SSPI has
    changed from representing `SECBUFFER_MECHLIST` to
    `SECBUFFER_READONLY_WITH_CHECKSUM`
  * Added the IOV buffer type
    `spnego.iov.BufferType.data_readonly`
  * Added limited support for `wrap_iov` and `unwrap_iov` in the
    Python NTLM context provider.
  * Added the `query_message_sizes()` function on a context to
    retrieve the important message sizes
    Currently this only contains the size of the message
    `header`, also known as the signature or security trailer
  * Added the `spnego.ContextReq.no_integrity` flag to disable
    integrity/confidentiality on Kerberos/Negotiate contexts
  * Added optional kwargs to `step()` on a security context
    `channel_bindings`
  * Added support for decoding the following TLS payloads with
    `python -m spnego --token ...`
          * Client Hello
          * Server Hello
          * Certificate
          * Server Key Exchange
          * Client Key Exchange
          * Certificate Request
  * Added the `new_context()` method on the context proxies to
    provide an easy and efficient way to re-use the context
    credentials and options for a new context
  * Removed use of `gssntlmssp` to simplify codebase and ensure a

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- update to 0.5.0:
  * Added the `auth_stage` extra_info for a CredSSP context to give a human
    friendly indication of what sub auth stage it is up to.
  * Added the `protocol_version` extra_info for a CredSSP context to return the
    negotiated CredSSP protocol version.
  * Added the `credssp_min_protocol` keyword argument for a CredSSP context to
    set a minimum version the caller will accept of the peer.
    * This can be set to `5+` to ensure the peer supports and applies the mitigations for CVE-2018-0886.
  * Added safeguards when trying to retrieve the completed context attributes
    of `NegotiateProxy` before any contexts have been set up

• Files Changed
• Browse Source

- update to 0.4.0:
  * Add `usage` argument for `tls.default_tls_context` to control whether the
    context is for a initiator or acceptor
  * Add type annotations and include `py.typed` in the package for downstream
    library use
  * Expose the `ContextProxy` class for type annotation use
  * Added `get_extra_info` to `ContextProxy` to expose a common way to retrieve
    context specific information, this is currently used by CredSSP to retrieve
    * `client_credential`: The delegated client credential for acceptors
      once the context is complete
    * `sslcontext`: The SSL context used to create the TLS object
    * `ssl_object`: The TLS object used during the CredSSP exchange
  * The `client_credential` property on `CredSSP` has been removed in
    favour of `context.get_extra_info('client_credential')
  * Added support for custom credential types
    * Can be used to for things like NTLM authentication with NT/LM hashes,
      Kerberos with a keytab or from an explicit CCache, etc
  * Support calling SSPI through `pyspnego`'s Negotiate proxy context
    * This allows users on Windows to still use Negotiate auth but with a
       complex set of credentials
    * Also opens up the ability to use Negotiate but only with Kerberos auth
  * The `username` and `password` property on the auth context object are
    deprecated and will return `None` until it is removed in a future release

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Browse Source