Version 0.5.0 Release Notes

Highlights

• Added support for client and server authentication using Winbind as credentials provider
• Added NTLMv1 server support
• Added additional GSSAPI functions: gss_localname, gss_wrap_size_limit, gss_display_error
• Added debug logging and custom errors for mechanism error reporting
• Added internationalization support
• Lowered default LM_COMPAT_LEVEL to 3 for broader interoperability
• Fixed important sign/sealing interoperability bugs
• Fixed flags negotiation in some corner cases

Detailed Changelog

David Woodhouse (9):

• Move all message structures to ntlm_common.h
• Move local key and flags computations to the end
• Add gssntlm_display_status()
• Include config.h in gss_err.c, fix GNU strerror_r() code path
• Add support for building with NLS
• Use NLS for translating error messages in gssntlm_display_status()
• Fix typos in error strings
• Put comments before translatable strings
• Add en_GB translation

Simo Sorce (58):

• Handle missing name calling acquire creds.
• Add gss_localname support
• Cast to (char ) not (void ) to do pointer math
• Silence const errors
• Install mechanism configuration in mech.d
• Bump up to pre-release status
• Fix rpmbuild
• Generate LM hash when getting pwd from cred_store
• Fix flag clearing
• Fix unsealing without extended session security
• Fix sealing key regen with shorter keys
• Implement gss_wrap_size_limit()
• Use a macro to define the ntlm signature size
• Introduce ntlm_signseal_state
• Internalize extended security and datagram status
• Fix order of signature vs payload
• Let caller decide whether to (un)seal or not
• Add support to perform external operations
• Use helpers to get the local netbios names
• Move sec_req flags in the context handler
• Move client auth bits to gss_auth
• Initial build support for detecting and using libwbclient
• Add external server auth support via Winbind
• Add call to get creds from winbind
• Add call to get names from winbind
• Support client authentication using Winbind
• Pass ctx and cred to external_xxx_auth functions
• Fix NTLMv1 client auth
• Add functions to verify NTLMv1 responses
• Add support for NTLMv1 auth to the server
• Add helper to compute extended security challenge
• Fix winbindd NTLMv1 Extended Security auth
• Test both NTLMv1 and NTLMv2
• Formal adjustment of ntlmv1_sign
• tests: Remove unused field
• Add test to check gss_wrap with no SEAL negotiated
• Add helper to check for allowed ntlm versions
• Set the domain name only when available.
• Fix target info check
• Fetch server names much earier in the process
• Improve role management
• Bump version to 5.0 rc1
• Very old NTLM servers may omit target_info
• Ignore domain and workstation in negotiate message
• Do not send domain/workstation name in nego_msg
• Offer OEM charset support in the negotiate packet
• We can handle only mech status codes
• Add support for both strerror_r variants
• Use gssntlm_display_error in tests
• Simplify test checking and unify display format
• Add debug helpers to be used to trace gss-ntlmssp
• Add macros to handle returning errors
• Add support for printing internal NTLM error codes
• Add more custom error message
• Add --with-wbclient configure flag
• 0.5.0 - Release Candidate 2
• Always send NetBIOS Domain Name
• Rleasese 0.5.0