- Bump minimum Python version to 3.8
- Use setuptools with
pyproject.toml
as the project definition - Ensure the outgoing send buffer won't get too small to fit extra fragments
- Fix up certificate authentication over TLS 1.3 connections
- Cache Kerberos credentials to speed up re-authentication when starting a new WSMan connection on another thread
- Fix deadlock when receiving certain WSManFault errors outside of a close operation
- Fix invalid selector error when connecting to Exchange Online by re-using proper cookies
- Fix connection info URI builder when targeting the default HTTP and HTTPS port 80/443
- There should be no breaking changes in this release as the
pypsrp
namespace will continue to work as it had. - The
pypsrp
namespace is going to be deprecated going forward and all work moving to the stuff in thepsrp
namespace.
- Added the
psrp
namespace which includes a sync and asyncio runspace pools and powershell pipelines - This also includes a new set of connection types such as:
psrp.NamedPipeInfo
- asyncio only connection for named pipes such as the management pipe pwsh createspsrp.ProcessInfo
- connection to start a new pwsh pwsh process locallypsrp.SSHInfo
- asyncio only SSH connection for remote pwsh communicationpsrp.WinPSSSHInfo
- asyncio only SSH connection for remote Windows PowerShell communicationpsrp.WSManInfo
- connection for WSMan based remote targets
- Also includes a base connection type class for Out of Process connections to help building your own
- Bump
requests-credssp
minimum to new version to support newer encryption format and simpler dependencies
- The
CommandParameter
class now uses named keyword arguments - The
cmd
parameter forCommand
class is now a positional argument - Ensure each
ps.streams.error
entry contains aMESSAGE_TYPE
value just like the other stream objects - Use a default of
None
if a complex custom object has noToString
property defined. - Moved back to using
setuptools
instead ofpoetry
as the build system - Added type annotations to most public classes and methods
- Add
pypsrp.serializer.TaggedValue
which allows the marking of a value with a tag that controls which serialization routine to apply.- This only applys to primitive objects, like
U32
asSystem.UInt32
,SS
asSystem.Security.SecureString
, etc - For a full list of primitive tags see https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-psrp/c8c85974-ffd7-4455-84a8-e49016c20683
- This only applys to primitive objects, like
- Fix
no_proxy
to actually ignore environment proxy settings
- Dropped support for Python 2.7 and Python 3.5
- Added support for Python 3.10
- Use
poetry
as the packaging and dependency management tool - Added pykrb5 as extra dependency for Kerberos auth on non-Windows due to a dependecy change on
pyspnego
- Use File.Move when calling
Client.copy()
to optimistically speed up server side operations
- Dropped support for Python 2.6 and Python 3.4
- Using
Client.copy()
andClient.fetch()
doesn't expand variables in the local path by default.
- Support endpoints that only have
Kerberos
enabled and not justNegotiate
. Client.copy()
andClient.fetch()
methods have newexpand_variables
parameter. This can be used to expand variables both in local and remote path.- Changed authentication library for
Kerberos
andNTLM
auth to pyspnego. - Added a context manager for
pypsrp.client.Client
andpypsrp.wsman.WSMan
. This ensures any resources that the transport utilises will be closed if possible
- On Linux, use Kerberos if the
auto
auth provider is specified and no username or password is set. There is still noNTLM
fallback butKerberos
is ideal in this scenario. - Use SHA256 when calculating the channel bindings token hash if an unknown algorithm is encountered.
- Handle warning messages that are sent to the RunspacePool instead of raising an exception.
- Fixed an issue when escaping string in PowerShell that start with
_X
. - Base relative paths off the PowerShell location and not the process location for file copy and fetch operations.
- Fixed problem when using
fetch()
on PowerShell v2 hosts. - Changed
Client.copy()
to use PSRP instead of WinRS to better support non-admin scenarios. - Added explicit
environment
settings forClient.execute_cmd()
andClient.execute_ps()
. - Added
configuration_name
kwargs onClient.execute_ps()
,Client.copy()
, andClient.fetch()
to configure the configuration endpoint it connects to. - Fixed up message encryption with
gss-ntlmssp
on Linux
- Fix issue where
negotiate_delegate=True
did nothing withpywin32
on Windows - Fix instances of invalid escape sequences in strings that will break in future Python versions - https://bugs.python.org/issue27364
- Added warning if requests version is older than 2.14.0 as it does not support status retries. Pypsrp will continue but without supporting status retries.
- Fix byte ordering for the PID and RPID values of each PSRP message. This should not be an existing issue on normal hosts but it will make the move to SSH easier in the future
- Support using a direct IPv6 address as the server name
- Manually get Kerberos ticket if the one in the cache has expired and the password is set
- Added explicit documentation to state that on MacOS/Heimdal KRB5 implementations, the Kerberos ticket will persist after running
- Added
FEATURE
dict to module to denote whether a feature has been added in installed pypsrp - Added
read_timeout
topypsrp.wsman.WSMan
to control the timeout when waiting for a HTTP response from the server - Added
reconnection_retries
andreconnection_backoff
to control reconnection attempts on connection failures - Changed a few log entries from
info
todebug
as some of those log entries were quite verbose
- Fix issue when deserialising a circular reference in a PSRP object
- Added the ability to specify the
Locale
andDataLocale
values when creating theWSMan
object - Update the max envelope size default if the negotiated version is greater than or equal to
2.2
(PowerShell v3+)
Initial release of pypsrp, it contains the following features
- Basic Windows Remote Shell over WinRM to execute raw cmd command or processes
- Various WSMan methods that can be used to execute WSMan commands
- A mostly complete implementation of the PowerShell Remoting Protocol that mimics the .NET System.Management.Automation.Runspaces interface
- Support for a reference host base implementation of PSRP for interactive scripts
- Support for all WinRM authentication protocols like Basic, Certificate, Negotiate, Kerberos, and CredSSP
- Implementation of the Windows Negotiate auth protocol to negotiate between NTLM and Kerberos auth
- Support for message encryption of HTTP with the Negotiate (NTLM/Kerberos) and CredSSP protocol