=OXc@srdZddlZddlmZddlTddlmZddlmZddl m Z m Z m Z m Z ddlmZed d \ZZZZZed d \ZZged d D]Ze e^q\ZZZZZged d D]Ze e^q\ZZd e fdYZ!de!fdYZ"de fdYZ#de fdYZ$dS(s This module provides GSS-API / SSPI Key Exchange as defined in :rfc:`4462`. .. note:: Credential delegation is not supported in server mode. .. note:: `RFC 4462 Section 2.2 `_ says we are not required to implement GSS-API error messages. Thus, in many methods within this module, if an error occurs an exception will be thrown and the connection will be terminated. .. seealso:: :doc:`/api/ssh_gss` .. versionadded:: 1.15 iN(tsha1(t*(tutil(tMessage(tbyte_chrtlongt byte_masktbyte_ord(t SSHExceptionii#i(i*t KexGSSGroup1cBseZdZdZdZededZedZ dZ dZ dZ d Z d Zd Zd Zd ZdZdZRS(s GSS-API / SSPI Authenticated Diffie-Hellman Key Exchange as defined in `RFC 4462 Section 2 `_ lE8{3If?E yZ3V58noPe?a- tBL y3W[tKthm((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyR-s6%    %    c Cs6|j}|j|_|jdks@|j|jdkrOtdnt|j|j|j}t|j_ |jj j }t }|j |jj |jj|jj|jj|j||j|j|j|j|j|t|jj}|jj|||jj|j|}t }|jjr|jj|jjdt}|jt |j|j|j||dk r|j"t|j|n |j"t#|jj$||jj%n@|jt&|j||jj$||jj't(t)t*dS(s Parse the SSH2_MSG_KEXGSS_INIT message (server mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_INIT message isClient kex "e" is out of rangetgss_kexN(+R7R@RRRRRR?R R8RGRRBRDRCRFRER R"RRtasbytesRJRHR tssh_accept_sec_contextRt_gss_srv_ctxt_statust ssh_get_micRLRRtc_MSG_KEXGSS_COMPLETER t add_booleantFalseR#RMR<RR%R&R'( RR(t client_tokenRPtkeyRQtHR>RN((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyR*sJ %               cCsY|j}|j}|j}|j}tdt|t||fdS(s Parse the SSH2_MSG_KEXGSS_ERROR message (client mode). The server may send a GSS-API error message. if it does, we display the error by throwing an exception (client mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_ERROR message :raise SSHException: Contains GSS-API major and minor status as well as the error message and the language tag of the message s_GSS-API Error: Major Status: %s Minor Status: %s Error Message: %s N(tget_intR7RRI(RR(t maj_statust min_statusterr_msgtlang_tag((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyR.s     (t__name__t __module__t__doc__RRRtmax_byteR3t zero_byteR4tNAMERR)R0RR+R,R-R*R.(((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyR :s        & 0t KexGSSGroup14cBs eZdZdZdZdZRS(s GSS-API / SSPI Authenticated Diffie-Hellman Group14 Key Exchange as defined in `RFC 4462 Section 2 `_ l&UG9 tcb0]Q\-:$90.`U_b;YS7x]Ek`:xds! ,w=HG2Cdc_.K?&j_c}z[\V_1M.D^/1v5 I jV&| /mVlR<6#{n4(EY91T:g8 H Apcb4BBj~His)gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==(RbRcRdRRRg(((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyRhst KexGSSGexcBseZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZRS(s GSS-API / SSPI Authenticated Diffie-Hellman Group Exchange as defined in `RFC 4462 Section 2 `_ s%gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==ii icCsd||_|jj|_d|_d|_d|_d|_d|_d|_ d|_ t |_ dS(N( R R R R RtptqtgRRRRYt old_style(RR ((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyR.s        cCst|j_|jjr,|jjtdS|jj|_t}|jt |j |j |j |j |j |j |jj||jjtdS(sV Start the GSS-API / SSPI Authenticated Diffie-Hellman Group Exchange N(RR RRRtMSG_KEXGSS_GROUPREQRRRtc_MSG_KEXGSS_GROUPREQtadd_inttmin_bitstpreferred_bitstmax_bitsR#tMSG_KEXGSS_GROUP(RR(((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyR):s    cCs|tkr|j|S|tkr2|j|S|tkrK|j|S|tkrd|j|S|tkr}|j |S|t kr|j |S|t kr|j |Std|dS(s Parse the next packet. :param char ptype: The type of the incomming packet :param `.Message` m: The paket content s%KexGex asked to handle packet type %dN(Rnt_parse_kexgss_groupreqRtt_parse_kexgss_groupRt_parse_kexgss_gex_initR$R+R%R,R&R-R'R.R(RR/R(((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyR0Ns              cCs|jdd}tj|d}t|d}t|}d}x"|d@si|dK}|dL}qHWxbtrtj|}t|d||d}tj |d}|dkrm||krmPqmqmW||_ dS(Niiiii( RjRt deflate_longRtlenRR1R2RR5R(RRktqnormtqhbytet byte_counttqmaskR6R((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyRgs    cCsd|j}|j}|j}||jkr?|j}n||jkrZ|j}n||kro|}n||kr|}n||_||_||_|jj}|dkrtdn|jjt d|||f|j |||\|_ |_ t }|jt|j|j |j|j |jj||jjtdS(s Parse the SSH2_MSG_KEXGSS_GROUPREQ message (server mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_GROUPREQ message s-Can't do server-side gex with no modulus packsPicking p (%d <= %d <= %d bits)N(R]RsRqRrR t_get_modulus_packR Rt_logtDEBUGt get_modulusRlRjRRtc_MSG_KEXGSS_GROUPR"R#RR(RR(tminbitst preferredbitstmaxbitstpack((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyRuys2              !  cCs |j|_|j|_tj|j}|dksH|dkr[td|n|jjtd||j t |j|j |j|_ t }|jt|j|jjd|j|j|j |jj||jjttttdS(s Parse the SSH2_MSG_KEXGSS_GROUP message (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_GROUP message ii s<Server-generated gex p (don't ask) is out of range (%d bits)sGot server p (%d bits)RN(R@RjRlRt bit_lengthRR RRRRRRRRRR R R!RR"R#RR$R%R&R'(RR(tbitlen((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyRvs"    c Cs|j}|j|_|jdks@|j|jdkrOtdn|jt|j|j|j|_ t|j|j|j}t |j _ |j j j }t}|j|j j|j j|j j|j j||j|j|j|j|j|j|j|j|j|j|j|j|j|j |j|t|jj}|j j|||jj|j|}t}|jj r`|jj!|j j"dt#}|j$t%|j|j |j&||dk r3|j(t#|j&|n |j(t)|j j*||j j+n@|j$t,|j&||j j*||j j-t.t/t0dS(s Parse the SSH2_MSG_KEXGSS_INIT message (server mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_INIT message isClient kex "e" is out of rangeRRN(1R7R@RRjRRRRlRRR?R R8RGRRBRDRCRFRERpRqRrRsR"RRSRJRHR RTRRURVRLRRRWR R RXRYR#RMR<RR%R&R'( RR(RZRPR[RQR\R>RN((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyRwsX %               cCsN|j}||j_|j}|jj|||jjttdS(s Parse the SSH2_MSG_KEXGSS_HOSTKEY message (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_HOSTKEY message N(R7R R8R9RR%R&(RR(R8R:((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyR+s     cCs|jjs||j}t}|jt|j|jjd|j d||jj ||jj t t tndS(s Parse the SSH2_MSG_KEXGSS_CONTINUE message. :param `Message` m: The content of the SSH2_MSG_KEXGSS_CONTINUE message RR;N(R RR7RRR<R R R!RR=RR%R&R'(RR(R>((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyR,s       cCs)|jjdkr$t|j_n|j|_|j}|j}d}|rf|j}n|jdks|j|jdkrt dnt |j|j |j}t }|j |jj|jj|jj|jj|jjj|js|j|jn|j|j|jsC|j|jn|j|j|j|j|j|j|j|j|j|t|jj}|jj|||dk r|jj d|j!d||jj"||jj#n|jj"||jj#|jj$dS(s Parse the SSH2_MSG_KEXGSS_COMPLETE message (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_COMPLETE message isServer kex "f" is out of rangeRR;N(%R R8R R?R@RR7RARjRRRRRBRCRDRERFRGRmRpRqRrRsR"RlRRRSRJRHR R!RRKRLRM(RR(RNROR>RPRQR\((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyR-sF  %        cCsY|j}|j}|j}|j}tdt|t||fdS(s Parse the SSH2_MSG_KEXGSS_ERROR message (client mode). The server may send a GSS-API error message. if it does, we display the error by throwing an exception (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_ERROR message :raise SSHException: Contains GSS-API major and minor status as well as the error message and the language tag of the message s_GSS-API Error: Major Status: %s Minor Status: %s Error Message: %s N(R]R7RRI(RR(R^R_R`Ra((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyR.=s     (RbRcRdRgRqRsRrRR)R0RRuRvRwR+R,R-R.(((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyRi$s     &  6   -R?cBs)eZdZdZdZdZRS(s This class represents the Null Host Key for GSS-API Key Exchange as defined in `RFC 4462 Section 5 `_ cCs d|_dS(Nt(R[(R((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyRXscCs|jS(N(R[(R((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyRG[scCs|jS(N(R[(R((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pytget_name^s(RbRcRdRRGR(((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyR?Rs  (%RdR1thashlibRtparamiko.commontparamikoRtparamiko.messageRtparamiko.py3compatRRRRtparamiko.ssh_exceptionRtrangeRR%R&R$R'RnRttcRR<RWtc_MSG_KEXGSS_HOSTKEYtc_MSG_KEXGSS_ERRORRoRtobjectR RhRiR?(((s4/usr/lib/python2.7/site-packages/paramiko/kex_gss.pyt&s   "7. /