|
Server : Apache System : Linux cvar2.toservers.com 3.10.0-962.3.2.lve1.5.73.el7.x86_64 #1 SMP Wed Aug 24 21:31:23 UTC 2022 x86_64 User : njnconst ( 1116) PHP Version : 8.4.18 Disable Function : NONE Directory : /proc/self/root/lib/python2.7/site-packages/paramiko/ |
Upload File : |
�
x�\c�����������@���sd��d��Z��d�d�l�Z�d�d�l�Z�d�d�l�Z�e�Z�d�Z�d�d�l�m�Z�d�d�l �m
�Z
�m
�Z
�d�Z
�y
�d�d�l
�Z
�e
�j�f�Z�Wnq�e�e�f�k
�r��y:�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�Z
�e�j�f�Z�Wq��e�k
�r��e�Z�d�Z
�q��Xn�Xd�d�l�m�Z�d�d�l�m�Z�e�d ���Z�d
�e
�f�d
�������YZ
�d
�e
�f�d
�������YZ
�d�e
�f�d�������YZ �d�S(���s����
This module provides GSS-API / SSPI authentication as defined in :rfc:`4462`.
.. note:: Credential delegation is not supported in server mode.
.. seealso:: :doc:`/api/kex_gss`
.. versionadded:: 1.15
i����N(���t���ObjectIdentifier(���t���encodert���decodert���MITt���SSPI(���t���MSG_USERAUTH_REQUEST(���t
���SSHExceptionc���������C���sQ���t��d�k�r�t�|��|���St��d�k�rA�t�j�d�k�rA�t�|��|���St�d�����d�S(���s���
Provide SSH2 GSS-API / SSPI authentication.
:param str auth_method: The name of the SSH authentication mechanism
(gssapi-with-mic or gss-keyex)
:param bool gss_deleg_creds: Delegate client credentials or not.
We delegate credentials by default.
:return: Either an `._SSH_GSSAPI` (Unix) object or an
`_SSH_SSPI` (Windows) object
:raises: ``ImportError`` -- If no GSS-API / SSPI module could be imported.
:see: `RFC 4462 <http://www.ietf.org/rfc/rfc4462.txt>`_
:note: Check for the available API and return either an `._SSH_GSSAPI`
(MIT GSSAPI) object or an `._SSH_SSPI` (MS SSPI) object. If you
get python-gssapi working on Windows, python-gssapi
will be used and a `._SSH_GSSAPI` object will be returned.
If there is no supported API available,
``None`` will be returned.
R���R���t���nts)���Unable to import a GSS-API / SSPI module!N(���t���_APIt
���_SSH_GSSAPIt���ost���namet ���_SSH_SSPIt
���ImportError(���t
���auth_methodt���gss_deleg_creds(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyt���GSSAuthH���s
����
t
���_SSH_GSSAuthc�����������B���sP���e��Z�d��Z�d����Z�d����Z�d����Z�d�d���Z�d����Z�d����Z�d����Z �RS( ���s[���
Contains the shared variables and methods of `._SSH_GSSAPI` and
`._SSH_SSPI`.
c���������C���sp���|�|��_��|�|��_�d�|��_�d�|��_�d�|��_�d�|��_�d�|��_�d�|��_�t �|��_
�d�|��_
�t �|��_
�d�|��_
�d�S(���s����
:param str auth_method: The name of the SSH authentication mechanism
(gssapi-with-mic or gss-keyex)
:param bool gss_deleg_creds: Delegate client credentials or not
s���ssh-connections���1.2.840.113554.1.2.2N(���t
���_auth_methodt���_gss_deleg_credst���Nonet ���_gss_hostt ���_usernamet
���_session_idt���_servicet
���_krb5_mecht ���_gss_ctxtt���Falset���_gss_ctxt_statust
���_gss_srv_ctxtt���_gss_srv_ctxt_statust���cc_file(���t���selfR���R���(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyt���__init__k���s���� c���������C���s ���|�j��d���r�|�|��_�n��d�S(���s����
This is just a setter to use a non default service.
I added this method, because RFC 4462 doesn't specify "ssh-connection"
as the only service value.
:param str service: The desired SSH service
s���ssh-N(���t���findR���(���R ���t���service(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyt
���set_service����s����c���������C���s
���|�|��_��d�S(���s����
Setter for C{username}. If GSS-API Key Exchange is performed, the
username is not set by C{ssh_init_sec_context}.
:param str username: The name of the user who attempts to login
N(���R���(���R ���t���username(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyt
���set_username����s����t���clientc���������C���s\���|��j��d���}�t�j�t�|��j�����}�|��j��t�|�����}�|�d�k�rP�|�|�S|�|�|�S(���s���
This method returns a single OID, because we only support the
Kerberos V5 mechanism.
:param str mode: Client for client mode and server for server mode
:return: A byte sequence containing the number of supported
OIDs, the length of the OID and the actual OID encoded with
DER
:note: In server mode we just return the OID length and the DER encoded
OID.
i���t���server(���t
���_make_uint32R���t���encodeR����R���t���len(���R ���t���modet���OIDst���krb5_OIDt���OID_len(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyt
���ssh_gss_oids����s
����
c���������C���s2���t��j�|���\�}�}�|�j����|��j�k�r.�t�St�S(���s����
Check if the given OID is the Kerberos V5 OID (server mode).
:param str desired_mech: The desired GSS-API mechanism of the client
:return: ``True`` if the given OID is supported, otherwise C{False}
(���R���t���decodet���__str__R���R���t���True(���R ���t
���desired_mecht���mecht���__(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyt���ssh_check_mech����s����c���������C���s���t��j�d�|���S(���s����
Create a 32 bit unsigned integer (The byte sequence of an integer).
:param int integer: The integer value to convert
:return: The byte sequence of an 32 bit integer
s���!I(���t���structt���pack(���R ���t���integer(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyR)�������s����c���������C���s����|��j��t�|�����}�|�|�7}�|�t�j�d�t���7}�|�|��j��t�|�����7}�|�|�j����7}�|�|��j��t�|�����7}�|�|�j����7}�|�|��j��t�|�����7}�|�|�j����7}�|�S(���s���
Create the SSH2 MIC filed for gssapi-with-mic.
:param str session_id: The SSH session ID
:param str username: The name of the user who attempts to login
:param str service: The requested SSH service
:param str auth_method: The requested SSH authentication mechanism
:return: The MIC as defined in RFC 4462. The contents of the
MIC field are:
string session_identifier,
byte SSH_MSG_USERAUTH_REQUEST,
string user-name,
string service (ssh-connection),
string authentication-method
(gssapi-with-mic or gssapi-keyex)
t���B(���R)���R+���R8���R9���R���R*���(���R ���t
���session_idR%���R#���R���t���mic(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyt���_ssh_build_mic����s����
(
���t���__name__t
���__module__t���__doc__R!���R$���R&���R0���R7���R)���R>���(����(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyR���e���s���
R ���c�����������B���se���e��Z�d��Z�d����Z�d�d�d�d���Z�e�d���Z�d�d���Z�d�d���Z �e
�d������Z
�d����Z
�RS( ���sc���
Implementation of the GSS-API MIT Kerberos Authentication for SSH2.
:see: `.GSSAuth`
c���������C���s_���t��j�|��|�|���|��j�r@�t�j�t�j�t�j�t�j�f�|��_�n�t�j�t�j�t�j�f�|��_�d�S(���s����
:param str auth_method: The name of the SSH authentication mechanism
(gssapi-with-mic or gss-keyex)
:param bool gss_deleg_creds: Delegate client credentials or not
N( ���R���R!���R���t���gssapit���C_PROT_READY_FLAGt
���C_INTEG_FLAGt
���C_MUTUAL_FLAGt
���C_DELEG_FLAGt
���_gss_flags(���R ���R���R���(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyR!�������s���� c���
������C���sq��|�|��_��|�|��_�t�j�d�|��j�t�j���}�t�j����}�|��j�|�_�|�d�k�rj�t�j �j
�|��j
���}�nN�t
�j
�|���\�}�} �|�j����|��j
�k�r��t�d�����n�t�j �j
�|��j
���}�d�}
�y[�|�d�k�rt�j�d�|�d�|�d�|�j���|��_�|��j�j�|
���}
�n�|��j�j�|���}
�WnB�t�j�k
�r]d�j�t�j����d�|��j���}
�t�j�|
�����n�X|��j�j�|��_�|
�S( ���s���
Initialize a GSS-API context.
:param str username: The name of the user who attempts to login
:param str target: The hostname of the target to connect to
:param str desired_mech: The negotiated GSS-API mechanism
("pseudo negotiated" mechanism, because we
support just the krb5 mechanism :-))
:param str recv_token: The GSS-API token received from the Server
:raises:
`.SSHException` -- Is raised if the desired mechanism of the client
is not supported
:return: A ``String`` if the GSS-API has returned a token or
``None`` if no token was returned
s���host@s���Unsupported mechanism OID.t ���peer_namet ���mech_typet ���req_flagss
���{} Target: {}i���N(���R���R���RB���t���Namet���C_NT_HOSTBASED_SERVICEt���ContextRG���t���flagsR���t���OIDt���mech_from_stringR���R���R1���R2���R���t
���InitContextR���t���stept
���GSSExceptiont���formatt���syst���exc_infot
���establishedR
���(
���R ���t���targetR4���R%���t
���recv_tokent ���targ_namet���ctxt ���krb5_mechR5���R6���t���tokent���message(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyt���ssh_init_sec_context����s4����
c���������C���sa���|�|��_��|�sH�|��j�|��j��|��j�|��j�|��j���}�|��j�j�|���}�n�|��j�j�|��j����}�|�S(���s���
Create the MIC token for a SSH2 message.
:param str session_id: The SSH session ID
:param bool gss_kex: Generate the MIC for GSS-API Key Exchange or not
:return: gssapi-with-mic:
Returns the MIC token from GSS-API for the message we created
with ``_ssh_build_mic``.
gssapi-keyex:
Returns the MIC token from GSS-API with the SSH session ID as
message.
(���R���R>���R���R���R���R���t���get_micR
���(���R ���R<���t���gss_kext ���mic_fieldt ���mic_token(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyt
���ssh_get_mic0��s����
c���������C���sX���|�|��_��|�|��_�|��j�d�k�r3�t�j����|��_�n��|��j�j�|���}�|��j�j�|��_�|�S(���s���
Accept a GSS-API context (server mode).
:param str hostname: The servers hostname
:param str username: The name of the user who attempts to login
:param str recv_token: The GSS-API Token received from the server,
if it's not the initial call.
:return: A ``String`` if the GSS-API has returned a token or ``None``
if no token was returned
N( ���R���R���R
���R���RB���t
���AcceptContextRR���RW���R
���(���R ���t���hostnameRY���R%���R]���(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyt���ssh_accept_sec_contextK��s����
c���������C���su���|�|��_��|�|��_�|��j�d�k �r[�|��j�|��j��|��j�|��j�|��j���}�|��j�j�|�|���n�|��j�j�|��j��|���d�S(���st��
Verify the MIC token for a SSH2 message.
:param str mic_token: The MIC token received from the client
:param str session_id: The SSH session ID
:param str username: The name of the user who attempts to login
:return: None if the MIC check was successful
:raises: ``gssapi.GSSException`` -- if the MIC check failed
N( ���R���R���R���R>���R���R���R
���t
���verify_micR���(���R ���Rc���R<���R%���Rb���(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyt
���ssh_check_mic_��s����
c���������C���s���|��j��j�d�k �r�t�St�S(���s����
Checks if credentials are delegated (server mode).
:return: ``True`` if credentials are delegated, otherwise ``False``
N(���R
���t���delegated_credR���R3���R���(���R ���(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyt���credentials_delegatedy��s����c���������C���s
���t����d�S(���s~��
Save the Client token in a file. This is used by the SSH server
to store the client credentials if credentials are delegated
(server mode).
:param str client_token: The GSS-API token received form the client
:raises:
``NotImplementedError`` -- Credential delegation is currently not
supported in server mode
N(���t���NotImplementedError(���R ���t
���client_token(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyt���save_client_creds���s����
N(
���R?���R@���RA���R!���R���R_���R���Rd���Rg���Ri���t���propertyRk���Rn���(����(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyR �������s��� 1
R
���c�����������B���sb���e��Z�d��Z�d����Z�d�d�d�d���Z�e�d���Z�d����Z�d�d���Z �e
�d������Z
�d����Z
�RS( ���sf���
Implementation of the Microsoft SSPI Kerberos Authentication for SSH2.
:see: `.GSSAuth`
c���������C���sP���t��j�|��|�|���|��j�r9�t�j�t�j�Bt�j�B|��_�n�t�j�t�j�B|��_�d�S(���s����
:param str auth_method: The name of the SSH authentication mechanism
(gssapi-with-mic or gss-keyex)
:param bool gss_deleg_creds: Delegate client credentials or not
N(���R���R!���R���t���sspicont���ISC_REQ_INTEGRITYt���ISC_REQ_MUTUAL_AUTHt���ISC_REQ_DELEGATERG���(���R ���R���R���(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyR!������s����
c���
������C���s"��|�|��_��|�|��_�d�}�d�|��j�}�|�d�k �rm�t�j�|���\�}�}�|�j����|��j�k�rm�t�d�����qm�n��yY�|�d�k�r��t�j �d�d�|��j
�d�|��|��_
�n��|��j
�j
�|���\�}�} �| �d�j
�} �Wn7�t�j�k
�r��}
�|
�j�d�j�|
�|��j���7_����n�X|�d�k�r
t�|��_�d�} �n��| �S( ���s���
Initialize a SSPI context.
:param str username: The name of the user who attempts to login
:param str target: The FQDN of the target to connect to
:param str desired_mech: The negotiated SSPI mechanism
("pseudo negotiated" mechanism, because we
support just the krb5 mechanism :-))
:param recv_token: The SSPI token received from the Server
:raises:
`.SSHException` -- Is raised if the desired mechanism of the client
is not supported
:return: A ``String`` if the SSPI has returned a token or ``None`` if
no token was returned
i����s���host/s���Unsupported mechanism OID.t���Kerberost���scflagst ���targetspns
���, Target: {}N(���R���R���R���R���R1���R2���R���R���t���sspit
���ClientAuthRG���R���t ���authorizet���Buffert
���pywintypest���errort���strerrorRT���R3���R
���(
���R ���RX���R4���R%���RY���R|���RZ���R5���R6���R]���t���e(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyR_������s,����
c���������C���sa���|�|��_��|�sH�|��j�|��j��|��j�|��j�|��j���}�|��j�j�|���}�n�|��j�j�|��j����}�|�S(���s���
Create the MIC token for a SSH2 message.
:param str session_id: The SSH session ID
:param bool gss_kex: Generate the MIC for Key Exchange with SSPI or not
:return: gssapi-with-mic:
Returns the MIC token from SSPI for the message we created
with ``_ssh_build_mic``.
gssapi-keyex:
Returns the MIC token from SSPI with the SSH session ID as
message.
(���R���R>���R���R���R���R���t���signR
���(���R ���R<���Ra���Rb���Rc���(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyRd������s����
c���������C���s~���|�|��_��|�|��_�d�|��j��}�t�j�d�d�|��|��_�|��j�j�|���\�}�}�|�d�j�}�|�d�k�rz�t�|��_�d�}�n��|�S(���s���
Accept a SSPI context (server mode).
:param str hostname: The servers FQDN
:param str username: The name of the user who attempts to login
:param str recv_token: The SSPI Token received from the server,
if it's not the initial call.
:return: A ``String`` if the SSPI has returned a token or ``None`` if
no token was returned
s���host/Rt���t���spni����N(
���R���R���Rw���t
���ServerAuthR
���Ry���Rz���R3���R
���R���(���R ���Rf���R%���RY���RZ���R|���R]���(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyRg������s����
c���������C���sr���|�|��_��|�|��_�|�d�k �rX�|��j�|��j��|��j�|��j�|��j���}�|��j�j�|�|���n�|��j�j�|��j��|���d�S(���sk��
Verify the MIC token for a SSH2 message.
:param str mic_token: The MIC token received from the client
:param str session_id: The SSH session ID
:param str username: The name of the user who attempts to login
:return: None if the MIC check was successful
:raises: ``sspi.error`` -- if the MIC check failed
N( ���R���R���R���R>���R���R���R
���t���verifyR���(���R ���Rc���R<���R%���Rb���(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyRi�����s����
c���������C���s ���|��j��t�j�@o �|��j�p �|��j��S(���s����
Checks if credentials are delegated (server mode).
:return: ``True`` if credentials are delegated, otherwise ``False``
(���RG���Rp���Rs���R
���(���R ���(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyRk���-��s����c���������C���s
���t����d�S(���s{��
Save the Client token in a file. This is used by the SSH server
to store the client credentails if credentials are delegated
(server mode).
:param str client_token: The SSPI token received form the client
:raises:
``NotImplementedError`` -- Credential delegation is currently not
supported in server mode
N(���Rl���(���R ���Rm���(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyRn���8��s����
N(
���R?���R@���RA���R!���R���R_���R���Rd���Rg���Ri���Ro���Rk���Rn���(����(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyR
������s��� 1
(����( ���RA���R8���R
���RU���R3���t���GSS_AUTH_AVAILABLEt���GSS_EXCEPTIONSt���pyasn1.type.univR����t���pyasn1.codec.derR���R���R���RB���RS���R
���t���OSErrorR{���Rp���Rw���R|���R���R���t���paramiko.commonR���t���paramiko.ssh_exceptionR���R���t���objectR���R ���R
���(����(����(����s4���/tmp/pip-install-A1qMVe/paramiko/paramiko/ssh_gss.pyt���<module>
���s6���
|�