Skip to content

Commit

Permalink
Fix up deprecated usage of pyspnego feature (#24)
Browse files Browse the repository at this point in the history
  • Loading branch information
jborean93 authored Feb 16, 2022
1 parent bf64668 commit e004dca
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 15 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
# Changelog

## 1.3.1 - 2022-02-16

* Fix usage of recently removed pyspnego feature


## 1.3.0 - 2021-10-22

* Dropped Python 2.7 and 3.5, new minimum is 3.6
Expand Down
14 changes: 7 additions & 7 deletions requests_credssp/credssp.py
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ def credssp_generator(self):
self._verify_public_keys(nonce, response_key, server_public_key)

log.debug("Sending encrypted credentials")
enc_credentials = self._get_encrypted_credentials(context)
enc_credentials = self._get_encrypted_credentials(context, self.username, self.password)

yield self.wrap(enc_credentials), "Step 5. Delegate Credentials"

Expand Down Expand Up @@ -253,7 +253,7 @@ def _verify_public_keys(self, nonce, server_key, public_key):
raise AuthenticationException("Could not verify key sent from the server, potential man in the middle "
"attack")

def _get_encrypted_credentials(self, context):
def _get_encrypted_credentials(self, context, username, password):
"""
[MS-CSSP] 3.1.5 Processing Events and Sequencing Rules - Step 5
https://msdn.microsoft.com/en-us/library/cc226791.aspx
Expand All @@ -265,18 +265,18 @@ def _get_encrypted_credentials(self, context):
server
:param context: The authenticated security context
:param username: The username to encrypt.
:param password: The password to encrypt.
:return: The encrypted TSRequest that contains the user's credentials
"""
domain = u""
if "\\" in context.username:
domain, username = context.username.split('\\', 1)
else:
username = context.username
if "\\" in username:
domain, username = username.split('\\', 1)

ts_password = TSPasswordCreds()
ts_password['domainName'] = domain.encode('utf-16-le')
ts_password['userName'] = username.encode('utf-16-le')
ts_password['password'] = context.password.encode('utf-16-le')
ts_password['password'] = password.encode('utf-16-le')

ts_credentials = TSCredentials()
ts_credentials['credType'] = ts_password.CRED_TYPE
Expand Down
5 changes: 2 additions & 3 deletions setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ def abs_path(rel_path):

setup(
name='requests-credssp',
version='1.3.0',
version='1.3.1',
packages=['requests_credssp'],
install_requires=[
"cryptography",
Expand All @@ -30,8 +30,7 @@ def abs_path(rel_path):
extras_require={
'kerberos:sys_platform=="win32"': [],
'kerberos:sys_platform!="win32"': [
'gssapi>=1.5.0',
'krb5',
'pyspnego[kerberos]',
]
},
python_requires='>=3.6',
Expand Down
6 changes: 1 addition & 5 deletions tests/test_credssp.py
Original file line number Diff line number Diff line change
Expand Up @@ -635,10 +635,6 @@ def test_verify_pub_key_new_mismatch(self):

def test_get_encrypted_credentials(self):
class FakeContext(object):
def __init__(self):
self.username = "domain\\username"
self.password = "password"

def wrap(self, data):
return WrapResult(data + (b"\x00" * 4))

Expand Down Expand Up @@ -670,7 +666,7 @@ def wrap(self, data):
b"\x70\x00\x61\x00\x73\x00\x73\x00" \
b"\x77\x00\x6f\x00\x72\x00\x64\x00" \
b"\x00\x00\x00\x00"
actual = credssp._get_encrypted_credentials(context)
actual = credssp._get_encrypted_credentials(context, "domain\\username", "password")
assert actual == expected


Expand Down

0 comments on commit e004dca

Please sign in to comment.