Tidy up NTLM error messages and update changelog (#84)

This also updates the integration tests to include Python 3.12 and an explicit tests for gMSA password encoding.
jborean93 · Jun 12, 2024 · b1c8fd1 · b1c8fd1
1 parent fc93d03
commit b1c8fd1
Show file tree

Hide file tree

Showing 7 changed files with 332 additions and 95 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,10 +1,12 @@
 # Changelog
 
-## 0.10.3 - TBD
+## 0.11.0 - TBD
 
 * Support input password string encoded with the `surrogatepass` error option
   * This allows the caller to provide a password for a gMSA or machine account that could contain invalid surrogate pairs for both NTLM and Kerberos auth.
 * Stop using deprecated `datetime.dateime.utcnow()` for CredSSP acceptor context
+* Treat an empty string as a valid password, `None` is kept as use the cached credential
+* Improve the exception shown when no password was provided and no cached credential was available
 
 ## 0.10.2 - 2023-10-04
 

diff --git a/src/spnego/_ntlm.py b/src/spnego/_ntlm.py
@@ -135,7 +135,9 @@ def _get_credential(
         https://asecuritysite.com/encryption/lmhash
     """
     if not store:
-        raise OperationNotAvailableError(context_msg="Retrieving NTLM store without NTLM_USER_FILE set to a filepath")
+        raise OperationNotAvailableError(
+            context_msg="No username or password was specified and the credential cache did not exist or contained no credentials"
+        )
 
     domain = domain or ""
 
@@ -178,7 +180,7 @@ def store_lines(
         else:
             raise SpnegoError(
                 ErrorCode.failure,
-                context_msg="Failed to find any matching credential in " "NTLM_USER_FILE credential store.",
+                context_msg="Failed to find any matching credential in NTLM_USER_FILE credential store.",
             )
 
 
@@ -306,7 +308,7 @@ def __init__(
             # Make sure that the credential file is set and exists
             if not _get_credential_file():
                 raise OperationNotAvailableError(
-                    context_msg="Retrieving NTLM store without NTLM_USER_FILE set to a " "filepath"
+                    context_msg="NTLM acceptor requires NTLM credential cache to be provided through the env var NTLM_USER_FILE set to a filepath"
                 )
 
         self._temp_negotiate: typing.Optional[Negotiate] = None

diff --git a/src/spnego/_version.py b/src/spnego/_version.py
@@ -1,4 +1,4 @@
 # Copyright: (c) 2020, Jordan Borean (@jborean93) <jborean93@gmail.com>
 # MIT License (see LICENSE or https://opensource.org/licenses/MIT)
 
-__version__ = "0.10.3"
+__version__ = "0.11.0"
diff --git a/tests/integration/inventory.yml b/tests/integration/inventory.yml
@@ -27,6 +27,8 @@ all:
         - C:\Program Files (x86)\Python310-32
         - C:\Program Files\Python311
         - C:\Program Files (x86)\Python311-32
+        - C:\Program Files\Python312
+        - C:\Program Files (x86)\Python312-32
         python_venv_path: C:\temp\venv
         krb_provider: SSPI
 
@@ -65,3 +67,4 @@ all:
     domain_username: spnego
     domain_password: Password01
     domain_upn: '{{ domain_username }}@{{ domain_name | upper }}'
+    gmsa_username: MyGMSA