7g_xdZddlZddlmZddlmZmZmZmZm Z m Z ddl m Z ddl mZddlmZedd \ZZZZZed d \ZZd edd D\ZZZZZd ed d D\ZZGddZ Gdde Z!GddZ"GddZ#dS)a This module provides GSS-API / SSPI Key Exchange as defined in :rfc:`4462`. .. note:: Credential delegation is not supported in server mode. .. note:: `RFC 4462 Section 2.2 `_ says we are not required to implement GSS-API error messages. Thus, in many methods within this module, if an error occurs an exception will be thrown and the connection will be terminated. .. seealso:: :doc:`/api/ssh_gss` .. versionadded:: 1.15 N)sha1)DEBUGmax_byte zero_bytebyte_chr byte_maskbyte_ord)util)Message) SSHException#(*c,g|]}t|Sr.0cs J/var/www/html/syslog/venv/lib/python3.11/site-packages/paramiko/kex_gss.py rFs(((QXa[[(((c,g|]}t|Srrrs rrrGs+///HQKK///rceZdZdZdZdZededzzZe dzZ dZ dZ d Z d Zd Zd Zd ZdZdZdZdS) KexGSSGroup1z GSS-API / SSPI Authenticated Diffie-Hellman Key Exchange as defined in `RFC 4462 Section 2 `_ lE8{3If?E yZ3V58noPe?a- tBL y3W[ % 00DF N ) )/ : : : FTVTVTV,,/ II $%%% T[55T]5KKLLL DF $$Q''' %%          rc|jjr |tkr||S|jjs |tkr||S|jjr |t kr||S|jjs |tkr| |S|tkr| |Sd}t| |) Parse the next packet. :param ptype: The (string) type of the incoming packet :param `.Message` m: The packet content z.GSS KexGroup1 asked to handle packet type {:d})r"r0r5_parse_kexgss_initr<_parse_kexgss_hostkeyr=_parse_kexgss_continuer>_parse_kexgss_completer?_parse_kexgss_errorr formatr*ptyperAmsgs r parse_nextzKexGSSGroup1.parse_next{s > % /5O+C+C**1-- -+ /:L1L1L--a00 0 ^ ' /U6I-I-I..q11 1+ /:M1M1M..q11 1 & & &++A.. .>3::e,,---rc tjd}t|dd|ddz}|dd}||j|jfvrnQt j||_dS)ap generate an "x" (1 < x < q), where q is (p-1)/2. p is a 128-byte (1024-bit) number, where the first 64 bits are 1. therefore q can be approximated as a 2^1023. we drop the subset of potential x where the first 63 bits are 1, because some of those will be larger than q (but this is a tiny tiny subset of potential x). rrNr )osurandomrb7fffffffffffffffb0000000000000000r inflate_longr&)r*x_bytesfirsts rr/zKexGSSGroup1._generate_xsw jooG D11GABBK?GBQBKET3T5KLLL   "7++rc|}||j_|}|j|||jt t dS)z Parse the SSH2_MSG_KEXGSS_HOSTKEY message (client mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_HOSTKEY message N get_stringr"host_key _verify_keyr4r=r>r*rAr\sigs rrFz"KexGSSGroup1._parse_kexgss_hostkey`<<>>"*llnn ""8S111 %%&9;NOOOOOrc|jjs|}t}|t ||j|j ||j ||j tttdSdS)z Parse the SSH2_MSG_KEXGSS_CONTINUE message. :param `.Message` m: The content of the SSH2_MSG_KEXGSS_CONTINUE message r. recv_tokenNr"r0r[r r6c_MSG_KEXGSS_CONTINUEr8r$r9r% send_messager4r=r>r?r*rA srv_tokens rrGz#KexGSSGroup1._parse_kexgss_continues~)  I A JJ, - - - LL 00=Y1    N ' ' * * * N ) )#%8:J      Drc|jjt|j_||_|jdks|j|jdz krt d|}|}d}|r|}t|j|j |j}t}| |jj |jj|jj|jj||jj||j||j||t+t-|}|j|||=|j|j||j||n|j||d|j_|jdS)z Parse the SSH2_MSG_KEXGSS_COMPLETE message (client mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_COMPLETE message NrPServer kex "f" is out of rangerbT)r"r\ NullHostKey get_mpintr(r3r r[ get_booleanr1r&r add local_versionremote_versionlocal_kex_initremote_kex_initr8__str__r:r'rstrdigest_set_K_Hr$r9r% ssh_check_mic gss_kex_used_activate_outboundr*rA mic_tokenboolrhKhmHs rrHz#KexGSSGroup1._parse_kexgss_completes > " *&1mmDN # FQJJDFTVaZ//?@@ @LLNN }}  ' I  ' 'YY  N ( N ) N ) N *    dn-5577888 TV TV Q RMM " " 1%%%  K , ,} -    K % %i 3 3 3 3 K % %i 3 3 3&*# ))+++++rc|}||_|jdks|j|jdz krt dt |j|j|j}t|j_ |jj }t}| |jj |jj|jj|jj||||j||j||t)|}|j|||j|j|}t}|jjr|j|jjd}|t>||j|||+| d||n| d|j!|d|j_"|j#dS|tH|||j!||j%tLtNtPdS)z Parse the SSH2_MSG_KEXGSS_INIT message (server mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_INIT message rPClient kex "e" is out of rangeTgss_kexNF))r[rlr'r3r r1r&rkr"r\rsr rnrprorrrqr8r:r(rasbytesrurvr$ssh_accept_sec_contextr%_gss_srv_ctxt_status ssh_get_mic session_idr6c_MSG_KEXGSS_COMPLETE add_booleanr;rxryrer4r=r>r? r*rA client_tokenr}keyr~rrhr{s rrEzKexGSSGroup1._parse_kexgss_inits||~~  FQJJDFTVaZ//?@@ @  ' '"---n%--//YY  N ) N ( N * N )    c TV TV Q    % % ' ' 1%%%K66 M<   II ; +  //)40I JJ, - - - KK    LL # # #$ d### Y'''' e$$$ N ( ( + + +*.DN ' N - - / / / / / JJ, - - - LL # # # N ( ( + + + N ) )#%8:J     rc|}|}|}|td|||)a Parse the SSH2_MSG_KEXGSS_ERROR message (client mode). The server may send a GSS-API error message. if it does, we display the error by throwing an exception (client mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_ERROR message :raise SSHException: Contains GSS-API major and minor status as well as the error message and the language tag of the message CGSS-API Error: Major Status: {} Minor Status: {} Error Message: {} get_intr[r rJr*rA maj_status min_statuserr_msgs rrIz KexGSSGroup1._parse_kexgss_error*gYY[[ YY[[ ,,..   FJ    rN)__name__ __module__ __qualname____doc__r3r2rrrTrrUNAMEr+rBrNr/rFrGrHrErIrrrrrLs KA A A5!A  5D   4...,,,, P P P.+,+,+,Z666p     rrceZdZdZdZdZdZdS) KexGSSGroup14z GSS-API / SSPI Authenticated Diffie-Hellman Group14 Key Exchange as defined in `RFC 4462 Section 2 `_ l&UG9 tcb0]Q\-:$90.`U_b;YS7x]Ek`:xds! ,w=HG2Cdc_.K?&j_c}z[\V_1M.D^/1v5 I jV&| /mVlR<6#{n4(EY91T:g8 H Apcb4BBj~Hrz)gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==N)rrrrr3r2rrrrrrDs* KA A 6DDDrrcdeZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdZdS) KexGSSGexz GSS-API / SSPI Authenticated Diffie-Hellman Group Exchange as defined in `RFC 4462 Section 2 `_ z%gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g== ic||_|jj|_d|_d|_d|_d|_d|_d|_d|_ d|_ dS)NF) r"r#r$r%pqgr&r'r( old_styler)s rr+zKexGSSGex.__init__[sQ"n0  rc|jjr!|jtdS|jj|_t }|t||j ||j ||j |j ||jtdS)zV Start the GSS-API / SSPI Authenticated Diffie-Hellman Group Exchange N)r"r0r4MSG_KEXGSS_GROUPREQr%r r6c_MSG_KEXGSS_GROUPREQadd_intmin_bitspreferred_bitsmax_bitsr;MSG_KEXGSS_GROUPr@s rrBzKexGSSGex.start_kexgs > %  N ) )*= > > > F/ II ())) $-    $%&&& $-    $$Q''' %%&677777rc |tkr||S|tkr||S|tkr||S|t kr||S|tkr| |S|tkr| |S|tkr| |Sd}t||)rDz'KexGex asked to handle packet type {:d})r_parse_kexgss_groupreqr_parse_kexgss_groupr5_parse_kexgss_gex_initr<rFr=rGr>rHr?rIr rJrKs rrNzKexGSSGex.parse_nextzs ' ' '..q11 1 & & &++A.. . o % %..q11 1 ( ( (--a00 0 ) ) )..q11 1 ) ) )..q11 1 & & &++A.. .73::e,,---rc~|jdz dz}tj|d}t|d}t |}d}|dzs|dz}|dz}|dz t j|}t|d||ddz}tj|d}|dkr||krnX||_ dS)NrPrrrQ) rr deflate_longr lenrRrSrrVr&)r*rqnormqhbyte byte_countqmaskrWr&s rr/zKexGSSGex._generate_xs VaZA !!Q''%(##ZZ D=  qLF aKED=  j,,G E22WQRR[@G!'1--AAAEE   rc@|}|}|}||jkr|j}||jkr|j}||kr|}||kr|}||_||_||_|j}|t d|jtd |||| |||\|_ |_ t}|t||j ||j |j||jt&dS)z Parse the SSH2_MSG_KEXGSS_GROUPREQ message (server mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_GROUPREQ message Nz-Can't do server-side gex with no modulus packzPicking p ({} <= {} <= {} bits))rrrrr"_get_modulus_packr _logrrJ get_modulusrrr r6c_MSG_KEXGSS_GROUPr:r;r4r5)r*rAminbits preferredbitsmaxbitspacks rrz KexGSSGex._parse_kexgss_groupreqs))++ ))++ 4= ( ( MM 4= ( ( MM ] " "#G ] " "#G + ~//11 <NOO O   - 4 4     ))'='JJ II %&&& DF DF $$Q''' %%o66666rcP||_||_tj|j}|dks|dkr"t d||jtd|| t|j|j |j|_ t}|t ||j|j||j |j||jt0t2t4t6dS)z Parse the SSH2_MSG_KEXGSS_GROUP message (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_GROUP message rrzr?)r*rAbitlens rrzKexGSSGex._parse_kexgss_groups` (( TMMv}}"F6NN   +226::    TVTVTV,, II $%%% T[55T]5KKLLL DF $$Q''' %%          rc|}||_|jdks|j|jdz krt d|t |j|j|j|_ t |j|j|j}t|j _ |j j }t}||j j|j j|j j|j j|||j||j||j||j||j||j||j ||t3|}|j |||j|j|}t}|jj r|j!|j j"d}|#tH||j |%||+|&d|%|n|&d|j '|d|j _(|j )dS|#tT|%||j '||j +tXtZt\dS)z Parse the SSH2_MSG_KEXGSS_INIT message (server mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_INIT message rPrTrNF)/r[rlr'rr r/r1rr&r(rkr"r\rsr rnrprorrrqrrrrr:rrrurvr$rr%rrrr6rr8rr;rxryrer4r=r>r?rs rrz KexGSSGex._parse_kexgss_gex_initsE ||~~  FQJJDFTVaZ//?@@ @ TVTVTV,,  ' '"---n%--//YY  N ) N ( N * N )      4=!!! 4&''' 4=!!! TV TV TV TV Q    % % ' ' 1%%%K66 M<   II ; +  //)40I JJ, - - - KK    LL # # #$ d### Y'''' e$$$ N ( ( + + +*.DN ' N - - / / / / / JJ, - - - LL # # # N ( ( + + + N ) )#%8:J     rc|}||j_|}|j|||jt t dS)z Parse the SSH2_MSG_KEXGSS_HOSTKEY message (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_HOSTKEY message NrZr^s rrFzKexGSSGex._parse_kexgss_hostkey1r`rc|jjs|}t}|t ||j|j ||j ||j tttdSdS)z Parse the SSH2_MSG_KEXGSS_CONTINUE message. :param `Message` m: The content of the SSH2_MSG_KEXGSS_CONTINUE message rbNrdrgs rrGz KexGSSGex._parse_kexgss_continue>s ~)  I A JJ, - - - LL 00=Y1    N ' ' * * * N ) )#%8:J      Drc|jjt|j_||_|}|}d}|r|}|jdks|j|jdz krtdt|j|j |j}t}| |jj |jj|jj|jj|jj|js||j||j|js||j||j||j||j||j||t5|}|j|||=|j|j ||j!||n|j!||d|j_"|j#dS)z Parse the SSH2_MSG_KEXGSS_COMPLETE message (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_COMPLETE message NrPrjrbT)$r"r\rkrlr(r[rmrr r1r&r rnrorprqrrrsrrrrrr:rr'rrrurvr$r9r%rwrxryrzs rrHz KexGSSGex._parse_kexgss_completeTsh > " *&1mmDN #LLNN }}  ' I FQJJDFTVaZ//?@@ @  ' 'YY  N ( N ) N ) N * N # + + - -    ~ & JJt} % % % 4&'''~ & JJt} % % % TV TV TV TV Q    % % ' ' 1%%%  K , ,} -    K % %i 3 3 3 3 K % %i 3 3 3&*# ))+++++rc|}|}|}|td|||)a Parse the SSH2_MSG_KEXGSS_ERROR message (client mode). The server may send a GSS-API error message. if it does, we display the error by throwing an exception (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_ERROR message :raise SSHException: Contains GSS-API major and minor status as well as the error message and the language tag of the message rrrs rrIzKexGSSGex._parse_kexgss_errorrrN)rrrrrrrrr+rBrNr/rrrrFrGrHrIrrrrrPs 3DHHN   888&...4$*7*7*7X   B<<<| P P P,0,0,0,d     rrc$eZdZdZdZdZdZdS)rkz This class represents the Null Host Key for GSS-API Key Exchange as defined in `RFC 4462 Section 5 `_ cd|_dS)Nrr*s rr+zNullHostKey.__init__s rc|jSNrrs rrszNullHostKey.__str__ xrc|jSrrrs rget_namezNullHostKey.get_namerrN)rrrrr+rsrrrrrkrksK rrk)$rrRhashlibrparamiko.commonrrrrrr paramikor paramiko.messager paramiko.ssh_exceptionr ranger5r=r>r<r?rrr7rerc_MSG_KEXGSS_HOSTKEYc_MSG_KEXGSS_ERRORrrrrrrkrrrrs ." $$$$$$////// E"bMM */%B--'&)(%%B--((( //r2///+* u u u u u u u u p 7 7 7 7 7L 7 7 7M M M M M M M M ` r