search

jborean93 / pyspnego

Python SPNEGO authentication library
MIT License
52 stars 11 forks source link

Fix up WinRM wrapping on SSPI #4

Closed jborean93 closed 4 years ago

jborean93 commented 4 years ago

WSMV when using SSPI does not actually provide a padding buffer to the SSPI call so we should not do so ourselves. There has been a long internal conversation with the protocol team for WSMV and they have confirmed that when it calls SSPI it does it with the headers

  1. SECBUFFER_TOKEN
  2. SECBUFFER_DATA

This is cause of the weird hacks in gssapi to deal with RC4 when the padding is expected by GSSAPI but SSPI does not provide it in this protocol. So while we must still supply the padding buffer for GSSAPI we can replicate the exact behaviour when running on Windows. I'm not sure how I tested this before but I can confirm that this works with both AES and RC4 on Windows.

Fixes https://github.com/jborean93/pypsrp/issues/90

codecov[bot] commented 4 years ago

Codecov Report

Merging #4 into main will decrease coverage by 0.00%. The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main       #4      +/-   ##
==========================================
- Coverage   99.51%   99.51%   -0.01%     
==========================================
  Files          21       21              
  Lines        3688     3687       -1     
==========================================
- Hits         3670     3669       -1     
  Misses         18       18
Impacted Files Coverage Δ
spnego/_version.py 100.00% <100.00%> (ø)
spnego/sspi.py 98.84% <100.00%> (-0.01%) :arrow_down:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 04c9d18...82933a0. Read the comment docs.