Version 0.5.0 Release Notes
Highlights
- Added support for client and server authentication using Winbind as credentials provider
- Added NTLMv1 server support
- Added additional GSSAPI functions: gss_localname, gss_wrap_size_limit, gss_display_error
- Added debug logging and custom errors for mechanism error reporting
- Added internationalization support
- Lowered default LM_COMPAT_LEVEL to 3 for broader interoperability
- Fixed important sign/sealing interoperability bugs
- Fixed flags negotiation in some corner cases
Detailed Changelog
David Woodhouse (9):
- Move all message structures to ntlm_common.h
- Move local key and flags computations to the end
- Add gssntlm_display_status()
- Include config.h in gss_err.c, fix GNU strerror_r() code path
- Add support for building with NLS
- Use NLS for translating error messages in gssntlm_display_status()
- Fix typos in error strings
- Put comments before translatable strings
- Add en_GB translation
Simo Sorce (58):
- Handle missing name calling acquire creds.
- Add gss_localname support
- Cast to (char ) not (void ) to do pointer math
- Silence const errors
- Install mechanism configuration in mech.d
- Bump up to pre-release status
- Fix rpmbuild
- Generate LM hash when getting pwd from cred_store
- Fix flag clearing
- Fix unsealing without extended session security
- Fix sealing key regen with shorter keys
- Implement gss_wrap_size_limit()
- Use a macro to define the ntlm signature size
- Introduce ntlm_signseal_state
- Internalize extended security and datagram status
- Fix order of signature vs payload
- Let caller decide whether to (un)seal or not
- Add support to perform external operations
- Use helpers to get the local netbios names
- Move sec_req flags in the context handler
- Move client auth bits to gss_auth
- Initial build support for detecting and using libwbclient
- Add external server auth support via Winbind
- Add call to get creds from winbind
- Add call to get names from winbind
- Support client authentication using Winbind
- Pass ctx and cred to external_xxx_auth functions
- Fix NTLMv1 client auth
- Add functions to verify NTLMv1 responses
- Add support for NTLMv1 auth to the server
- Add helper to compute extended security challenge
- Fix winbindd NTLMv1 Extended Security auth
- Test both NTLMv1 and NTLMv2
- Formal adjustment of ntlmv1_sign
- tests: Remove unused field
- Add test to check gss_wrap with no SEAL negotiated
- Add helper to check for allowed ntlm versions
- Set the domain name only when available.
- Fix target info check
- Fetch server names much earier in the process
- Improve role management
- Bump version to 5.0 rc1
- Very old NTLM servers may omit target_info
- Ignore domain and workstation in negotiate message
- Do not send domain/workstation name in nego_msg
- Offer OEM charset support in the negotiate packet
- We can handle only mech status codes
- Add support for both strerror_r variants
- Use gssntlm_display_error in tests
- Simplify test checking and unify display format
- Add debug helpers to be used to trace gss-ntlmssp
- Add macros to handle returning errors
- Add support for printing internal NTLM error codes
- Add more custom error message
- Add --with-wbclient configure flag
- 0.5.0 - Release Candidate 2
- Always send NetBIOS Domain Name
- Rleasese 0.5.0