Ii_SrSSKrSSKJr SSKJrJrJrJrJ r J r SSK J r SSK Jr SSKJr \"SS 5urrrrr\"S S 5urr\"SS 5Vs/sH n\"U5PM snurrrrr\"S S 5Vs/sH n\"U5PM snurr"S S 5r "SS\ 5r!"SS5r""SS5r#gs snfs snf)a This module provides GSS-API / SSPI Key Exchange as defined in :rfc:`4462`. .. note:: Credential delegation is not supported in server mode. .. note:: `RFC 4462 Section 2.2 `_ says we are not required to implement GSS-API error messages. Thus, in many methods within this module, if an error occurs an exception will be thrown and the connection will be terminated. .. seealso:: :doc:`/api/ssh_gss` .. versionadded:: 1.15 N)sha1)DEBUGmax_byte zero_bytebyte_chr byte_maskbyte_ord)util)Message) SSHException#(*c\rSrSrSrSrSr\"S5\S--r \ S-r Sr S r S rS rS rS rSrSrSrSrSrg) KexGSSGroup1Lz GSS-API / SSPI Authenticated Diffie-Hellman Key Exchange as defined in `RFC 4462 Section 2 `_ lE8{3If?E yZ3V58noPe?a- tBL y3W[> % %0DF NN ) )/ : TVVTVVTVV,// I $% T[[55T]]5KL DFF $$Q' %%      r%c URR(aU[:XaURU5$URR(dU[:XaUR U5$URR(aU[ :XaURU5$URR(dU[:XaURU5$U[:XaURU5$Sn[URU55e)x Parse the next packet. :param ptype: The (string) type of the incoming packet :param `.Message` m: The packet content z.GSS KexGroup1 asked to handle packet type {:d})rr*r/_parse_kexgss_initr6_parse_kexgss_hostkeyr7_parse_kexgss_continuer8_parse_kexgss_completer9_parse_kexgss_errorr formatr!ptyper;msgs r" parse_nextKexGSSGroup1.parse_next{s >> % %5O+C**1- -++:L1L--a0 0 ^^ ' 'U6I-I..q1 1++:M1M..q1 1 & &++A. .>3::e,--r%c[R"S5n[USS5USS-nUSSnX RUR4;aOMN[ R "U5Ulg)a@ generate an "x" (1 < x < q), where q is (p-1)/2. p is a 128-byte (1024-bit) number, where the first 64 bits are 1. therefore q can be approximated as a 2^1023. we drop the subset of potential x where the first 63 bits are 1, because some of those will be larger than q (but this is a tiny tiny subset of potential x). rrNr)osurandomrb7fffffffffffffffb0000000000000000r inflate_longr)r!x_bytesfirsts r"r)KexGSSGroup1._generate_xsmjjoG D1GABK?GBQKE33T5K5KLL  ""7+r%cUR5nX RlUR5nURRX#5 URR [ [ 5 g)z Parse the SSH2_MSG_KEXGSS_HOSTKEY message (client mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_HOSTKEY message N get_stringrhost_key _verify_keyr.r7r8r!r;rYsigs r"rA"KexGSSGroup1._parse_kexgss_hostkeyL<<>"*lln ""81 %%&9;NOr%cURR(dUR5n[5nUR [ 5 UR URRURUS95 URRU5 URR[[[5 gg)z{ Parse the SSH2_MSG_KEXGSS_CONTINUE message. :param `.Message` m: The content of the SSH2_MSG_KEXGSS_CONTINUE message r( recv_tokenNrr*rXr r0c_MSG_KEXGSS_CONTINUEr2rr3r send_messager.r7r8r9r!r; srv_tokens r"rB#KexGSSGroup1._parse_kexgss_continues~~)) I A JJ, - LL 00==Y1  NN ' ' * NN ) )#%8:J  r%c"URRc[5URlUR5UlURS:dURUR S- :a [ S5eUR5nUR5nSnU(aUR5n[URURUR 5n[5nURURRURRURRURR 5 UR#URRR%55 UR'UR(5 UR'UR5 UR'U5 [+[-U55R/5nURR1XW5 Ub@UR2R5UR6US9 UR2R9X'5 OUR2R9X'5 SURlURR=5 g)z Parse the SSH2_MSG_KEXGSS_COMPLETE message (client mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_COMPLETE message NrLServer kex "f" is out of ranger`T)rrY NullHostKey get_mpintrr-r rX get_booleanr+rr add local_versionremote_versionlocal_kex_initremote_kex_initr2__str__r4rrstrdigest_set_K_Hrr3r ssh_check_mic gss_kex_used_activate_outboundr!r; mic_tokenboolrfKhmHs r"rC#KexGSSGroup1._parse_kexgss_completes >> " " *&1mDNN # FFQJDFFTVVaZ/?@ @LLN }}  I  'Y  NN ( ( NN ) ) NN ) ) NN * *  dnn--5578 TVV TVV Q RM " %  KK , ,}} -  KK % %i 3 KK % %i 3&*# ))+r%cUR5nUR5UlURS:dURURS- :a [ S5e[ URUR UR5n[5URl URRR5n[5nURURRURRURRURR 5 UR#U5 UR%UR5 UR%UR&5 UR%U5 [)UR+55R-5nURR/X65 UR0R3UR4U5n[5nUR0R6(aUR0R9URR:SS9nUR=[>5 UR%UR&5 UR#U5 Ub#URAS5 UR#U5 OURAS5 URRCU5 SURl"URRG5 gUR=[H5 UR#U5 URRCU5 URRK[L[N[P5 g)z} Parse the SSH2_MSG_KEXGSS_INIT message (server mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_INIT message rLClient kex "e" is out of rangeTgss_kexNF))rXrkrr-r r+rrjrrYrrr rmrornrqrpr2r4rrasbytesrtrurssh_accept_sec_contextr_gss_srv_ctxt_status ssh_get_mic session_idr0c_MSG_KEXGSS_COMPLETE add_booleanr5rwrxrcr.r7r8r9 r!r; client_tokenr|keyr}r~rfrzs r"r@KexGSSGroup1._parse_kexgss_initsW||~  FFQJDFFTVVaZ/?@ @  '"--nn%%--/Y  NN ) ) NN ( ( NN * * NN ) )  c TVV TVV Q   % % ' %KK66 MM<  I ;; + + //))40I JJ, - KK  LL #$ d# Y' e$ NN ( ( +*.DNN ' NN - - / JJ, - LL # NN ( ( + NN ) )#%8:J r%cUR5nUR5nUR5nUR5 [SRX#U55e)a Parse the SSH2_MSG_KEXGSS_ERROR message (client mode). The server may send a GSS-API error message. if it does, we display the error by throwing an exception (client mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_ERROR message :raise SSHException: Contains GSS-API major and minor status as well as the error message and the language tag of the message CGSS-API Error: Major Status: {} Minor Status: {} Error Message: {} get_intrXr rEr!r; maj_status min_statuserr_msgs r"rD KexGSSGroup1._parse_kexgss_error*QYY[ YY[ ,,.   F   r%)rrrrrrN)__name__ __module__ __qualname____firstlineno____doc__r-r,rrrPrrQNAMEr#r<rIr)rArBrCr@rD__static_attributes__r%r"rrLsf KA A A5!A  5D 4.,, P.+,Z6p r%rc$\rSrSrSrSrSrSrSrg) KexGSSGroup14iDz GSS-API / SSPI Authenticated Diffie-Hellman Group14 Key Exchange as defined in `RFC 4462 Section 2 `_ l&UG9 tcb0]Q\-:$90.`U_b;YS7x]Ek`:xds! ,w=HG2Cdc_.K?&j_c}z[\V_1M.D^/1v5 I jV&| /mVlR<6#{n4(EY91T:g8 H Apcb4BBj~Hrz)gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==rN) rrrrrr-r,rrrr%r"rrDs KA A 6Dr%rcj\rSrSrSrSrSrSrSrSr Sr S r S r S r S rS rSrSrSrSrSrg) KexGSSGexiPz GSS-API / SSPI Authenticated Diffie-Hellman Group Exchange as defined in `RFC 4462 Section 2 `_ z%gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g== icXlURRUlSUlSUlSUlSUlSUlSUlSUl SUl g)NF) rrrrpqgrrr old_styler s r"r#KexGSSGex.__init__[sP"nn00  r%cURR(a URR[5 gURRUl[ 5nUR [5 URUR5 URUR5 URUR5 URRU5 URR[5 g)zF Start the GSS-API / SSPI Authenticated Diffie-Hellman Group Exchange N)rr*r.MSG_KEXGSS_GROUPREQrr r0c_MSG_KEXGSS_GROUPREQadd_intmin_bitspreferred_bitsmax_bitsr5MSG_KEXGSS_GROUPr:s r"r<KexGSSGex.start_kexgs >> % % NN ) )*= > // I () $--  $%%& $--  $$Q' %%&67r%cU[:XaURU5$U[:XaURU5$U[:XaUR U5$U[ :XaURU5$U[:XaURU5$U[:XaURU5$U[:XaURU5$Sn[URU55e)r?z'KexGex asked to handle packet type {:d})r_parse_kexgss_groupreqr_parse_kexgss_groupr/_parse_kexgss_gex_initr6rAr7rBr8rCr9rDr rErFs r"rIKexGSSGex.parse_nextzs ' '..q1 1 & &++A. . o %..q1 1 ( (--a0 0 ) )..q1 1 ) )..q1 1 & &++A. .73::e,--r%czURS- S-n[R"US5n[US5n[ U5nSnUS-(dUS-nUS-nUS-(dM[ R "U5n[USU5USS-n[R"US5nUS:aXq:aOMPXpl g)NrLrrrM) rr deflate_longr lenrNrOrrRr)r!rqnormqhbyte byte_countqmaskrSrs r"r)KexGSSGex._generate_xs VVaZA !!!Q'%(#Z D= qLF aKED==jj,G E2WQR[@G!!'1-AAAE  r%cUR5nUR5nUR5nX0R:a URnX0R:a URnX#:aUnXC:aUnX lX0lX@lURR 5nUc [ S5eURR[SRX#U55 URX#U5uUl Ul [5nUR[5 UR!UR5 UR!UR5 URR#U5 URR%[&5 g)z Parse the SSH2_MSG_KEXGSS_GROUPREQ message (server mode). :param `.Message` m: The content of the SSH2_MSG_KEXGSS_GROUPREQ message Nz-Can't do server-side gex with no modulus packzPicking p ({} <= {} <= {} bits))rrrrr_get_modulus_packr _logrrE get_modulusrrr r0c_MSG_KEXGSS_GROUPr4r5r.r/)r!r;minbits preferredbitsmaxbitspacks r"r KexGSSGex._parse_kexgss_groupreqs2))+ ))+ == ( MMM == ( MMM  "#G  "#G + ~~//1 <NO O   - 4 4  ))''J I %& DFF DFF $$Q' %%o6r%c,UR5UlUR5Ul[R"UR5nUS:dUS:a[ SR U55eURR[SR U55 UR5 [URURUR5Ul [5nUR[ 5 UR#UR$R'UR(S95 UR+UR5 URR-U5 URR/[0[2[4[65 g)z~ Parse the SSH2_MSG_KEXGSS_GROUP message (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_GROUP message rrzU5n[5nUR:R@(aUR:RCURRDSS9nURG[H5 UR1UR5 URKU5 Ub#URMS5 URKU5 OURMS5 URROU5 SURl(URRS5 gURG[T5 URKU5 URROU5 URRW[X[Z[\5 g)z| Parse the SSH2_MSG_KEXGSS_INIT message (server mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_INIT message rLrTrNF)/rXrkrrr r)r+rrrrjrrYrrr rmrornrqrprrrrr4rrrtrurrrrrrr0rr2rr5rwrxrcr.r7r8r9rs r"r KexGSSGex._parse_kexgss_gex_inits ||~  FFQJDFFTVVaZ/?@ @ TVVTVVTVV,  '"--nn%%--/Y  NN ) ) NN ( ( NN * * NN ) )    4==! 4&&' 4==! TVV TVV TVV TVV Q   % % ' %KK66 MM<  I ;; + + //))40I JJ, - KK  LL #$ d# Y' e$ NN ( ( +*.DNN ' NN - - / JJ, - LL # NN ( ( + NN ) )#%8:J r%cUR5nX RlUR5nURRX#5 URR [ [ 5 g)z Parse the SSH2_MSG_KEXGSS_HOSTKEY message (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_HOSTKEY message NrWr[s r"rAKexGSSGex._parse_kexgss_hostkey1r^r%cURR(dUR5n[5nUR [ 5 UR URRURUS95 URRU5 URR[[[5 gg)zv Parse the SSH2_MSG_KEXGSS_CONTINUE message. :param `Message` m: The content of the SSH2_MSG_KEXGSS_CONTINUE message r`Nrbres r"rB KexGSSGex._parse_kexgss_continue>s ~~)) I A JJ, - LL 00==Y1  NN ' ' * NN ) )#%8:J  r%c^URRc[5URlUR5UlUR 5nUR 5nSnU(aUR 5nURS:dURURS- :a [S5e[URURUR5n[5nURURRURRURRURR URRR#55 UR$(dUR'UR(5 UR'UR*5 UR$(dUR'UR,5 UR/UR5 UR/UR05 UR/UR25 UR/UR5 UR/U5 [5UR755R95nURR;XW5 Ub@UR<R?UR@US9 UR<RCX'5 OUR<RCX'5 SURl"URRG5 g)z Parse the SSH2_MSG_KEXGSS_COMPLETE message (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_COMPLETE message NrLrir`T)$rrYrjrkrrXrlrr r+rr rmrnrorprqrrrrrrrr4rrrrrtrurr3rrvrwrxrys r"rC KexGSSGex._parse_kexgss_completeTs >> " " *&1mDNN #LLN }}  I FFQJDFFTVVaZ/?@ @  'Y  NN ( ( NN ) ) NN ) ) NN * * NN # # + + -  ~~ JJt}} % 4&&'~~ JJt}} % TVV TVV TVV TVV Q   % % ' %  KK , ,}} -  KK % %i 3 KK % %i 3&*# ))+r%cUR5nUR5nUR5nUR5 [SRX#U55e)a Parse the SSH2_MSG_KEXGSS_ERROR message (client mode). The server may send a GSS-API error message. if it does, we display the error by throwing an exception (client mode). :param `Message` m: The content of the SSH2_MSG_KEXGSS_ERROR message :raise SSHException: Contains GSS-API major and minor status as well as the error message and the language tag of the message rrrs r"rDKexGSSGex._parse_kexgss_errorrr%) rrrrrrrrrrrrrN)rrrrrrrrrr#r<rIr)rrrrArBrCrDrrr%r"rrPsY 3DHHN 8&.4$*7X B<| P,0,d r%rc*\rSrSrSrSrSrSrSrg)rjiz This class represents the Null Host Key for GSS-API Key Exchange as defined in `RFC 4462 Section 5 `_ cSUlg)Nrr!s r"r#NullHostKey.__init__s r%cUR$Nrrs r"rrNullHostKey.__str__ xxr%cUR$rrrs r"get_nameNullHostKey.get_namerr%rN) rrrrrr#rrrrrr%r"rjrjs r%rj)$rrNhashlibrparamiko.commonrrrrrr paramikor paramiko.messager paramiko.ssh_exceptionr ranger/r7r8r6r9rrr1rcrc_MSG_KEXGSS_HOSTKEYc_MSG_KEXGSS_ERRORrrrrrrj)cs0r"rs." $/ "bM */B-'& B-(-QXa[-( r2/&AHQK/+* u u p 7L 7M M ` u)/s B=;C