U q``@sdZddlZddlmZddlmZmZmZddlm Z ddl m Z ddl m Z mZmZddlmZed d \ZZZZZed d \ZZd ded d D\ZZZZZdded d D\ZZ Gddde!Z"Gddde"Z#Gddde!Z$Gddde!Z%dS)a This module provides GSS-API / SSPI Key Exchange as defined in :rfc:`4462`. .. note:: Credential delegation is not supported in server mode. .. note:: `RFC 4462 Section 2.2 `_ says we are not required to implement GSS-API error messages. Thus, in many methods within this module, if an error occurs an exception will be thrown and the connection will be terminated. .. seealso:: :doc:`/api/ssh_gss` .. versionadded:: 1.15 N)sha1)DEBUGmax_byte zero_byte)util)Message)byte_chr byte_maskbyte_ord) SSHException#(*cCsg|] }t|qSr.0crr7/tmp/pip-target-nv4zd3e_/lib/python/paramiko/kex_gss.py @srcCsg|] }t|qSrrrrrrrAsc@s|eZdZdZdZdZededZe dZ dZ dd Z d d Z d d ZddZddZddZddZddZddZdS) KexGSSGroup1z GSS-API / SSPI Authenticated Diffie-Hellman Key Exchange as defined in `RFC 4462 Section 2 `_ lE8{3If?E yZ3V58noPe?a- tBL y3W[s z"KexGSSGroup1._parse_kexgss_hostkeycCsZ|jjsV|}t}|t||jj|j |d|j ||j t t tndS)z Parse the SSH2_MSG_KEXGSS_CONTINUE message. :param `.Message` m: The content of the SSH2_MSG_KEXGSS_CONTINUE message r'Z recv_tokenNrr)rQrr/c_MSG_KEXGSS_CONTINUEr1rr2r send_messager-r6r7r8r$r: srv_tokenrrrr?s"  z#KexGSSGroup1._parse_kexgss_continuecCs<|jjdkrt|j_||_|jdks:|j|jdkrBtd|}|}d}|rb|}t |j|j |j}t }| |jj |jj|jj|jj||jj||j||j||tt|}|j|||dk r|jj|j|d|j||n|j||d|j_|jdS)z Parse the SSH2_MSG_KEXGSS_COMPLETE message (client mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_COMPLETE message NrHServer kex "f" is out of rangerUT)rrR NullHostKey get_mpintr"r,r rQ get_booleanr*r radd local_versionremote_versionlocal_kex_initremote_kex_initr1__str__r3r!rstrdigest_set_K_Hrr2r ssh_check_mic gss_kex_used_activate_outboundr$r: mic_tokenboolrZKhmHrrrr@sB       z#KexGSSGroup1._parse_kexgss_completec Cs|}||_|jdks,|j|jdkr4tdt|j|j|j}t|j_ |jj }t }| |jj |jj|jj|jj||||j||j||t|}|j|||j|j|}t }|jjrj|jj|jjdd}|t||j|||dk r@| d||n | d|j!|d|j_"|j#n0|t$|||j!||j%t&t't(dS)z Parse the SSH2_MSG_KEXGSS_INIT message (server mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_INIT message rHClient kex "e" is out of rangeTZgss_kexNF))rQr]r!r,r r*r r\rrRrdrr_rar`rcrbr1r3r"rasbytesrfrgrssh_accept_sec_contextr_gss_srv_ctxt_status ssh_get_mic session_idr/c_MSG_KEXGSS_COMPLETE add_booleanr4rirjrWr-r6r7r8 r$r:Z client_tokenrnkeyrorprZrlrrrr=s`                    zKexGSSGroup1._parse_kexgss_initcCs6|}|}|}|td|||dS)a Parse the SSH2_MSG_KEXGSS_ERROR message (client mode). The server may send a GSS-API error message. if it does, we display the error by throwing an exception (client mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_ERROR message :raise SSHException: Contains GSS-API major and minor status as well as the error message and the language tag of the message CGSS-API Error: Major Status: {} Minor Status: {} Error Message: {} Nget_intrQr rBr$r:Z maj_statusZ min_statuserr_msgrrrrA$s z KexGSSGroup1._parse_kexgss_errorN)__name__ __module__ __qualname____doc__r,r+rrrKrrLNAMEr%r;rFr(r>r?r@r=rArrrrrFs -8rc@seZdZdZdZdZdZdS) KexGSSGroup14z GSS-API / SSPI Authenticated Diffie-Hellman Group14 Key Exchange as defined in `RFC 4462 Section 2 `_ l&UG9 tcb0]Q\-:$90.`U_b;YS7x]Ek`:xds! ,w=HG2Cdc_.K?&j_c}z[\V_1M.D^/1v5 I jV&| /mVlR<6#{n4(EY91T:g8 H Apcb4BBj~Hrz)gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==N)rrrrr,r+rrrrrr>src@sxeZdZdZdZdZdZdZddZdd Z d d Z d d Z ddZ ddZ ddZddZddZddZddZdS) KexGSSGexz GSS-API / SSPI Authenticated Diffie-Hellman Group Exchange as defined in `RFC 4462 Section 2 `_ z%gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g== icCsD||_|jj|_d|_d|_d|_d|_d|_d|_d|_ d|_ dS)NF) rrrrpqgr r!r" old_styler#rrrr%Us zKexGSSGex.__init__cCsr|jjr|jtdS|jj|_t}|t||j ||j ||j |j ||jt dS)zV Start the GSS-API / SSPI Authenticated Diffie-Hellman Group Exchange N)rr)r-MSG_KEXGSS_GROUPREQrrr/c_MSG_KEXGSS_GROUPREQadd_intmin_bitspreferred_bitsmax_bitsr4MSG_KEXGSS_GROUPr9rrrr;as       zKexGSSGex.start_kexcCs|tkr||S|tkr$||S|tkr6||S|tkrH||S|tkrZ| |S|t krl| |S|t kr~| |Sd}t||dS)r<z'KexGex asked to handle packet type {:d}N)r_parse_kexgss_groupreqr_parse_kexgss_groupr._parse_kexgss_gex_initr5r>r6r?r7r@r8rAr rBrCrrrrFts        zKexGSSGex.parse_nextcCs|jdd}t|d}t|d}t|}d}|d@sL|dK}|dL}q2t|}t|d||dd}t|d}|dkrL||krLqqL||_ dS)NrHrrrG) rrZ deflate_longr lenrIrJr rMr )r$rZqnormZqhbyteZ byte_countZqmaskrNr rrrr(s     zKexGSSGex._generate_xcCs|}|}|}||jkr(|j}||jkr8|j}||krD|}||krP|}||_||_||_|j}|dkr|td|jtd |||| |||\|_ |_ t }|t||j ||j |j||jtdS)z Parse the SSH2_MSG_KEXGSS_GROUPREQ message (server mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_GROUPREQ message Nz-Can't do server-side gex with no modulus packzPicking p ({} <= {} <= {} bits))r~rrrrZ_get_modulus_packr _logrrBZ get_modulusrrrr/c_MSG_KEXGSS_GROUPr3r4r-r.)r$r:ZminbitsZ preferredbitsZmaxbitspackrrrrs@       z KexGSSGex._parse_kexgss_groupreqcCs||_||_t|j}|dks0|dkr>td||jt d|| t |j|j |j|_ t}|t||jj|jd||j |j||jttttdS)z Parse the SSH2_MSG_KEXGSS_GROUP message (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_GROUP message rrz+s zKexGSSGex._parse_kexgss_hostkeycCsZ|jjsV|}t}|t||jj|j |d|j ||j t t tndS)z Parse the SSH2_MSG_KEXGSS_CONTINUE message. :param `Message` m: The content of the SSH2_MSG_KEXGSS_CONTINUE message rUNrVrYrrrr?8s"  z KexGSSGex._parse_kexgss_continuecCs||jjdkrt|j_||_|}|}d}|r@|}|jdksZ|j|jdkrbtdt |j|j |j}t }| |jj |jj|jj|jj|jj|js||j||j|js||j||j||j||j||j||t|}|j|||dk rX|jj|j |d|j!||n|j!||d|j_"|j#dS)z Parse the SSH2_MSG_KEXGSS_COMPLETE message (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_COMPLETE message NrHr[rUT)$rrRr\r]r"rQr^rr r*r rr_r`rarbrcrdrrrrrr3rr!rrsrfrgrr2rrhrirjrkrrrr@NsP             z KexGSSGex._parse_kexgss_completecCs6|}|}|}|td|||dS)a Parse the SSH2_MSG_KEXGSS_ERROR message (client mode). The server may send a GSS-API error message. if it does, we display the error by throwing an exception (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_ERROR message :raise SSHException: Contains GSS-API major and minor status as well as the error message and the language tag of the message r|Nr}rrrrrAs zKexGSSGex._parse_kexgss_errorN)rrrrrrrrr%r;rFr(rrrr>r?r@rArrrrrJs  ,!> 2rc@s(eZdZdZddZddZddZdS) r\z This class represents the Null Host Key for GSS-API Key Exchange as defined in `RFC 4462 Section 5 `_ cCs d|_dS)Nr{r$rrrr%szNullHostKey.__init__cCs|jSNrrrrrrdszNullHostKey.__str__cCs|jSrrrrrrget_nameszNullHostKey.get_nameN)rrrrr%rdrrrrrr\sr\)&rrIhashlibrZparamiko.commonrrrZparamikorZparamiko.messagerZparamiko.py3compatrr r Zparamiko.ssh_exceptionr ranger.r6r7r5r8rrr0rWrxZc_MSG_KEXGSS_HOSTKEYZc_MSG_KEXGSS_ERRORrrobjectrrrr\rrrrs@     y R