ó Ú_e[c@s~dZddlZddlmZddlmZmZmZddlm Z ddl m Z ddl m Z mZmZddlmZed d ƒ\ZZZZZed d ƒ\ZZged d ƒD]Ze eƒ^qÍ\ZZZZZged d ƒD]Ze eƒ^q\Z Z!d e"fd„ƒYZ#de#fd„ƒYZ$de"fd„ƒYZ%de"fd„ƒYZ&dS(sõ This module provides GSS-API / SSPI Key Exchange as defined in :rfc:`4462`. .. note:: Credential delegation is not supported in server mode. .. note:: `RFC 4462 Section 2.2 `_ says we are not required to implement GSS-API error messages. Thus, in many methods within this module, if an error occurs an exception will be thrown and the connection will be terminated. .. seealso:: :doc:`/api/ssh_gss` .. versionadded:: 1.15 iÿÿÿÿN(tsha1(tDEBUGtmax_bytet zero_byte(tutil(tMessage(tbyte_chrt byte_masktbyte_ord(t SSHExceptionii#i(i*t KexGSSGroup1cBseZdZdZdZedƒedZedZ dZ d„Z d„Z d „Z d „Zd „Zd „Zd „Zd„Zd„ZRS(sŸ GSS-API / SSPI Authenticated Diffie-Hellman Key Exchange as defined in `RFC 4462 Section 2 `_ lEÿÿÿÿ8Ê{3If?ñE yéZô3¢Vý58nÛoP·eõ?a-û ÓtBLè ûy3W[<‘p¨6m5ÂÝPøß&aÌF!Í33*¾w& ãAR‘M;L}. c|&A“@”h\Š&&# -D¨v‡dÿÿÿÿiiiis(gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==cCs@||_|jj|_d|_d|_d|_d|_dS(Ni(t transportt kexgss_ctxttkexgsstNonetgss_hosttxtetf(tselfR ((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyt__init__Js     cCsç|jƒ|jjrHt|j|j|jƒ|_|jjt ƒdSt|j|j|jƒ|_ |jj |_ t ƒ}|j tƒ|j|jjd|j ƒƒ|j|j ƒ|jj|ƒ|jjttttƒdS(sU Start the GSS-API / SSPI Authenticated Diffie-Hellman Key Exchange. Nttarget(t _generate_xR t server_modetpowtGRtPRt_expect_packettMSG_KEXGSS_INITRRRtadd_bytetc_MSG_KEXGSS_INITt add_stringR tssh_init_sec_contextt add_mpintt _send_messagetMSG_KEXGSS_HOSTKEYtMSG_KEXGSS_CONTINUEtMSG_KEXGSS_COMPLETEtMSG_KEXGSS_ERROR(Rtm((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyt start_kexRs      cCsÎ|jjr%|tkr%|j|ƒS|jj rK|tkrK|j|ƒS|jjrp|tkrp|j|ƒS|jj r–|tkr–|j |ƒS|t kr¯|j |ƒSd}t |j |ƒƒ‚dS(s— Parse the next packet. :param ptype: The (string) type of the incoming packet :param `.Message` m: The paket content s.GSS KexGroup1 asked to handle packet type {:d}N(R RRt_parse_kexgss_initR#t_parse_kexgss_hostkeyR$t_parse_kexgss_continueR%t_parse_kexgss_completeR&t_parse_kexgss_errorR tformat(RtptypeR'tmsg((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyt parse_nextjs      cCsmxTtjdƒ}t|ddƒ|d}|d }||j|jfkrPqqWtj|ƒ|_dS(sp generate an "x" (1 < x < q), where q is (p-1)/2. p is a 128-byte (1024-bit) number, where the first 64 bits are 1. therefore q can be approximated as a 2^1023. we drop the subset of potential x where the first 63 bits are 1, because some of those will be larger than q (but this is a tiny tiny subset of potential x). i€iiiiN(tosturandomRtb7ffffffffffffffftb0000000000000000Rt inflate_longR(Rtx_bytestfirst((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyR€s cCsN|jƒ}||j_|jƒ}|jj||ƒ|jjttƒdS(s› Parse the SSH2_MSG_KEXGSS_HOSTKEY message (client mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_HOSTKEY message N(t get_stringR thost_keyt _verify_keyRR$R%(RR'R:tsig((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyR*s     cCs€|jjs||jƒ}tƒ}|jtƒ|j|jjd|j d|ƒƒ|jj |ƒ|jj t t tƒndS(s› Parse the SSH2_MSG_KEXGSS_CONTINUE message. :param `.Message` m: The content of the SSH2_MSG_KEXGSS_CONTINUE message Rt recv_tokenN(R RR9RRtc_MSG_KEXGSS_CONTINUERR R Rt send_messageRR$R%R&(RR't srv_token((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyR+žs      cCsË|jjdkr$tƒ|j_n|jƒ|_|jdksX|j|jdkrgtdƒ‚n|jƒ}|j ƒ}d}|rš|jƒ}nt |j|j |jƒ}t ƒ}|j |jj|jj|jj|jjƒ|j|jjjƒƒ|j|jƒ|j|jƒ|j|ƒtt|ƒƒjƒ}|jj||ƒ|dk r›|jjd|jd|ƒ|jj||ƒn|jj||ƒt|j_|jj ƒdS(s© Parse the SSH2_MSG_KEXGSS_COMPLETE message (client mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_COMPLETE message isServer kex "f" is out of rangeRR=N(!R R:Rt NullHostKeyt get_mpintRRR R9t get_booleanRRRtaddt local_versiontremote_versiontlocal_kex_inittremote_kex_initRt__str__R!RRtstrtdigestt_set_K_HR R Rt ssh_check_mictTruet gss_kex_usedt_activate_outbound(RR't mic_tokentboolR@tKthmtH((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyR,´s6%      c CsB|jƒ}|jƒ|_|jdks@|j|jdkrOtdƒ‚nt|j|j|jƒ}tƒ|j_ |jj j ƒ}t ƒ}|j |jj |jj|jj|jjƒ|j|ƒ|j|jƒ|j|jƒ|j|ƒt|jƒƒjƒ}|jj||ƒ|jj|j|ƒ}t ƒ}|jjrþ|jj|jjdtƒ}|jt ƒ|j|jƒ|j|ƒ|dk rÅ|j"tƒ|j|ƒn |j"t#ƒ|jj$|ƒt|j_%|jj&ƒn@|jt'ƒ|j|ƒ|jj$|ƒ|jj(t)t*t+ƒdS(s• Parse the SSH2_MSG_KEXGSS_INIT message (server mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_INIT message isClient kex "e" is out of rangetgss_kexN(,R9RBRRR RRRAR R:RIRRDRFRERHRGRR!RRtasbytesRKRLR tssh_accept_sec_contextRt_gss_srv_ctxt_statust ssh_get_mict session_idRNRtc_MSG_KEXGSS_COMPLETERt add_booleantFalseR"RORPR>RR$R%R&( RR't client_tokenRStkeyRTRUR@RQ((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyR)ÜsL %                cCsM|jƒ}|jƒ}|jƒ}|jƒtdj|||ƒƒ‚dS(sÝ Parse the SSH2_MSG_KEXGSS_ERROR message (client mode). The server may send a GSS-API error message. if it does, we display the error by throwing an exception (client mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_ERROR message :raise SSHException: Contains GSS-API major and minor status as well as the error message and the language tag of the message sCGSS-API Error: Major Status: {} Minor Status: {} Error Message: {} N(tget_intR9R R.(RR't maj_statust min_statusterr_msg((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyR-s    (t__name__t __module__t__doc__RRRRR4RR5tNAMERR(R1RR*R+R,R)R-(((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyR >s        ( 2t KexGSSGroup14cBs eZdZdZdZdZRS(s« GSS-API / SSPI Authenticated Diffie-Hellman Group14 Key Exchange as defined in `RFC 4462 Section 2 `_ l‰ÿÿÿÿ&•U¢G9 tcb0]Q\-¥:¾$•90.`U´_¼b;YS7x]EkŠ`:xds€! ,wÂ=¶H³G2C’düc_Ÿ.K?&jÚ_†c½}­z[\Vµ_1M.D‰^±/1v5 I ŽjÖV&|Ó Š/òmVÀlRÓ<6#å{n4ó(EY91ÇTï:Ìg8 H ÍAp¢cb4BÑBˆj~Hüÿÿÿÿis)gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==(ReRfRgRRRh(((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyRi$st KexGSSGexcBs‰eZdZdZdZdZdZd„Zd„Zd„Z d„Z d „Z d „Z d „Z d „Zd „Zd„Zd„ZRS(s¡ GSS-API / SSPI Authenticated Diffie-Hellman Group Exchange as defined in `RFC 4462 Section 2 `_ s%gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==ii icCsd||_|jj|_d|_d|_d|_d|_d|_d|_ d|_ t |_ dS(N( R R R RRtptqtgRRRR^t old_style(RR ((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyR9s        cCs™|jjr |jjtƒdS|jj|_tƒ}|jtƒ|j|j ƒ|j|j ƒ|j|j ƒ|jj |ƒ|jjt ƒdS(sV Start the GSS-API / SSPI Authenticated Diffie-Hellman Group Exchange N(R RRtMSG_KEXGSS_GROUPREQRRRtc_MSG_KEXGSS_GROUPREQtadd_inttmin_bitstpreferred_bitstmax_bitsR"tMSG_KEXGSS_GROUP(RR'((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyR(Es   cCsÎ|tkr|j|ƒS|tkr2|j|ƒS|tkrK|j|ƒS|tkrd|j|ƒS|tkr}|j |ƒS|t kr–|j |ƒS|t kr¯|j |ƒSd}t|j|ƒƒ‚dS(s— Parse the next packet. :param ptype: The (string) type of the incoming packet :param `.Message` m: The paket content s'KexGex asked to handle packet type {:d}N(Rot_parse_kexgss_groupreqRut_parse_kexgss_groupRt_parse_kexgss_gex_initR#R*R$R+R%R,R&R-R R.(RR/R'R0((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyR1Xs               cCsÜ|jdd}tj|dƒ}t|dƒ}t|ƒ}d}x"|d@si|dK}|dL}qHWxbtrÎtj|ƒ}t|d|ƒ|d}tj |dƒ}|dkrm||krmPqmqmW||_ dS(Niiiiÿi€( RkRt deflate_longRtlenRNR2R3RR6R(RRltqnormtqhbytet byte_counttqmaskR7R((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyRrs    cCsf|jƒ}|jƒ}|jƒ}||jkr?|j}n||jkrZ|j}n||kro|}n||kr„|}n||_||_||_|jjƒ}|dkrÉtdƒ‚n|jjt dj |||ƒƒ|j |||ƒ\|_ |_ tƒ}|jtƒ|j|j ƒ|j|j ƒ|jj|ƒ|jjtƒdS(s© Parse the SSH2_MSG_KEXGSS_GROUPREQ message (server mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_GROUPREQ message s-Can't do server-side gex with no modulus packsPicking p ({} <= {} <= {} bits)N(RaRtRrRsR t_get_modulus_packRR t_logRR.t get_modulusRmRkRRtc_MSG_KEXGSS_GROUPR!R"RR(RR'tminbitst preferredbitstmaxbitstpack((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyRv„s:               !  cCs|jƒ|_|jƒ|_tj|jƒ}|dksH|dkr`tdj|ƒƒ‚n|jjt dj|ƒƒ|j ƒt |j|j |jƒ|_ tƒ}|jtƒ|j|jjd|jƒƒ|j|j ƒ|jj|ƒ|jjttttƒdS(s– Parse the SSH2_MSG_KEXGSS_GROUP message (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_GROUP message ii s<Server-generated gex p (don't ask) is out of range ({} bits)sGot server p ({} bits)RN(RBRkRmRt bit_lengthR R.R R€RRRRRRRRRR R RR!R"RR#R$R%R&(RR'tbitlen((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyRw±s&    c Cs°|jƒ}|jƒ|_|jdks@|j|jdkrOtdƒ‚n|jƒt|j|j|jƒ|_ t|j|j|jƒ}t ƒ|j _ |j j j ƒ}tƒ}|j|j j|j j|j j|j j|ƒ|j|jƒ|j|jƒ|j|jƒ|j|jƒ|j|jƒ|j|jƒ|j|j ƒ|j|ƒt|jƒƒjƒ}|j j||ƒ|jj|j|ƒ}tƒ}|jj rl|jj!|j j"dt#ƒ}|j$t%ƒ|j|j ƒ|j&|ƒ|dk r3|j(t#ƒ|j&|ƒn |j(t)ƒ|j j*|ƒt#|j _+|j j,ƒn@|j$t-ƒ|j&|ƒ|j j*|ƒ|j j.t/t0t1ƒdS(s” Parse the SSH2_MSG_KEXGSS_INIT message (server mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_INIT message isClient kex "e" is out of rangeRVN(2R9RBRRkR RRRmRRRAR R:RIRRDRFRERHRGRqRrRsRtR!RRWRKRLR RXRRYRZR[RNRR\RRR]R^R"RORPR>RR$R%R&( RR'R_RSR`RTRUR@RQ((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyRxÍsZ %                cCsN|jƒ}||j_|jƒ}|jj||ƒ|jjttƒdS(sš Parse the SSH2_MSG_KEXGSS_HOSTKEY message (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_HOSTKEY message N(R9R R:R;RR$R%(RR'R:R<((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyR*s     cCs€|jjs||jƒ}tƒ}|jtƒ|j|jjd|j d|ƒƒ|jj |ƒ|jj t t tƒndS(sŽ Parse the SSH2_MSG_KEXGSS_CONTINUE message. :param `Message` m: The content of the SSH2_MSG_KEXGSS_CONTINUE message RR=N(R RR9RRR>RR R RR?RR$R%R&(RR'R@((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyR+s       cCs)|jjdkr$tƒ|j_n|jƒ|_|jƒ}|jƒ}d}|rf|jƒ}n|jdks‹|j|jdkršt dƒ‚nt |j|j |jƒ}t ƒ}|j |jj|jj|jj|jj|jjjƒƒ|js|j|jƒn|j|jƒ|jsC|j|jƒn|j|jƒ|j|jƒ|j|jƒ|j|jƒ|j|ƒt|jƒƒjƒ}|jj||ƒ|dk rù|jj d|j!d|ƒ|jj"||ƒn|jj"||ƒt#|j_$|jj%ƒdS(sœ Parse the SSH2_MSG_KEXGSS_COMPLETE message (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_COMPLETE message isServer kex "f" is out of rangeRR=N(&R R:RRARBRR9RCRkR RRRRDRERFRGRHRIRnRqRrRsRtR!RmRRRWRKRLR R RRMRNRORP(RR'RQRRR@RSRTRU((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyR,&sD  %      cCsM|jƒ}|jƒ}|jƒ}|jƒtdj|||ƒƒ‚dS(sÝ Parse the SSH2_MSG_KEXGSS_ERROR message (client mode). The server may send a GSS-API error message. if it does, we display the error by throwing an exception (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_ERROR message :raise SSHException: Contains GSS-API major and minor status as well as the error message and the language tag of the message sCGSS-API Error: Major Status: {} Minor Status: {} Error Message: {} N(RaR9R R.(RR'RbRcRd((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyR-Ss    (ReRfRgRhRrRtRsRR(R1RRvRwRxR*R+R,R-(((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyRj/s     -  8   -RAcBs)eZdZd„Zd„Zd„ZRS(s« This class represents the Null Host Key for GSS-API Key Exchange as defined in `RFC 4462 Section 5 `_ cCs d|_dS(Nt(R`(R((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyRoscCs|jS(N(R`(R((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyRIrscCs|jS(N(R`(R((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pytget_nameus(ReRfRgRRIRŠ(((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyRAis  ('RgR2thashlibRtparamiko.commonRRRtparamikoRtparamiko.messageRtparamiko.py3compatRRRtparamiko.ssh_exceptionR trangeRR$R%R#R&RoRutcRR>R\tc_MSG_KEXGSS_HOSTKEYtc_MSG_KEXGSS_ERRORRpR‚tobjectR RiRjRA(((s4/tmp/pip-install-KP2Jbq/paramiko/paramiko/kex_gss.pyt&s  7.æ ÿ;