%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/
Upload File :
Create Path :
Current File : //opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyc

�
��Abc@s�dZddlZddlZddlZeZdZdZydddl	Z	e
e	d�r~e	jdkr~dZe	jfZn!dZe	j
je	jjjfZWnqeefk
ry:ddlZddlZddlZdZejfZWqek
reZdZqXnXddlmZdd	lmZdd
lmZed�Zde fd
��YZ!de!fd��YZ"edkr�e"Z#nde!fd��YZ$de!fd��YZ%dS(s�
This module provides GSS-API / SSPI  authentication as defined in :rfc:`4462`.

.. note:: Credential delegation is not supported in server mode.

.. seealso:: :doc:`/api/kex_gss`

.. versionadded:: 1.15
i����Nt	__title__s
python-gssapitMITsPYTHON-GSSAPI-NEWtSSPI(tMSG_USERAUTH_REQUEST(tSSHException(t__version_info__cCsjtdkrt||�Stdkr2t||�StdkrZtjdkrZt||�Std��dS(s�
    Provide SSH2 GSS-API / SSPI authentication.

    :param str auth_method: The name of the SSH authentication mechanism
                            (gssapi-with-mic or gss-keyex)
    :param bool gss_deleg_creds: Delegate client credentials or not.
                                 We delegate credentials by default.
    :return: Either an `._SSH_GSSAPI_OLD` or `._SSH_GSSAPI_NEW` (Unix)
             object or an `_SSH_SSPI` (Windows) object
    :rtype: object

    :raises: ``ImportError`` -- If no GSS-API / SSPI module could be imported.

    :see: `RFC 4462 <http://www.ietf.org/rfc/rfc4462.txt>`_
    :note: Check for the available API and return either an `._SSH_GSSAPI_OLD`
           (MIT GSSAPI using python-gssapi package) object, an
           `._SSH_GSSAPI_NEW` (MIT GSSAPI using gssapi package) object
           or an `._SSH_SSPI` (MS SSPI) object.
           If there is no supported API available,
           ``None`` will be returned.
    RsPYTHON-GSSAPI-NEWRtnts)Unable to import a GSS-API / SSPI module!N(t_APIt_SSH_GSSAPI_OLDt_SSH_GSSAPI_NEWtostnamet	_SSH_SSPItImportError(tauth_methodtgss_deleg_creds((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pytGSSAuthNs


t_SSH_GSSAuthcBsPeZdZd�Zd�Zd�Zdd�Zd�Zd�Zd�Z	RS(	ss
    Contains the shared variables and methods of `._SSH_GSSAPI_OLD`,
    `._SSH_GSSAPI_NEW` and `._SSH_SSPI`.
    cCsp||_||_d|_d|_d|_d|_d|_d|_t	|_
d|_t	|_d|_
dS(s�
        :param str auth_method: The name of the SSH authentication mechanism
                                (gssapi-with-mic or gss-keyex)
        :param bool gss_deleg_creds: Delegate client credentials or not
        sssh-connections1.2.840.113554.1.2.2N(t_auth_methodt_gss_deleg_credstNonet	_gss_hostt	_usernamet_session_idt_servicet
_krb5_mecht	_gss_ctxttFalset_gss_ctxt_statust
_gss_srv_ctxtt_gss_srv_ctxt_statustcc_file(tselfRR((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyt__init__ts											cCs|jd�r||_ndS(s�
        This is just a setter to use a non default service.
        I added this method, because RFC 4462 doesn't specify "ssh-connection"
        as the only service value.

        :param str service: The desired SSH service
        sssh-N(tfindR(R tservice((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pytset_service�scCs
||_dS(s�
        Setter for C{username}. If GSS-API Key Exchange is performed, the
        username is not set by C{ssh_init_sec_context}.

        :param str username: The name of the user who attempts to login
        N(R(R tusername((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pytset_username�stclientcCs|ddlm}ddlm}|jd�}|j||j��}|jt|��}|dkrp||S|||S(s�
        This method returns a single OID, because we only support the
        Kerberos V5 mechanism.

        :param str mode: Client for client mode and server for server mode
        :return: A byte sequence containing the number of supported
                 OIDs, the length of the OID and the actual OID encoded with
                 DER
        :note: In server mode we just return the OID length and the DER encoded
               OID.
        i����(tObjectIdentifier(tencoderitserver(tpyasn1.type.univR(tpyasn1.codec.derR)t_make_uint32tencodeRtlen(R tmodeR(R)tOIDstkrb5_OIDtOID_len((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pytssh_gss_oids�scCsBddlm}|j|�\}}|j�|jkr>tStS(s�
        Check if the given OID is the Kerberos V5 OID (server mode).

        :param str desired_mech: The desired GSS-API mechanism of the client
        :return: ``True`` if the given OID is supported, otherwise C{False}
        i����(tdecoder(R,R5tdecodet__str__RRtTrue(R tdesired_mechR5tmecht__((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pytssh_check_mech�s
cCstjd|�S(s�
        Create a 32 bit unsigned integer (The byte sequence of an integer).

        :param int integer: The integer value to convert
        :return: The byte sequence of an 32 bit integer
        s!I(tstructtpack(R tinteger((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyR-�scCs�|jt|��}||7}|tjdt�7}||jt|��7}||j�7}||jt|��7}||j�7}||jt|��7}||j�7}|S(s�
        Create the SSH2 MIC filed for gssapi-with-mic.

        :param str session_id: The SSH session ID
        :param str username: The name of the user who attempts to login
        :param str service: The requested SSH service
        :param str auth_method: The requested SSH authentication mechanism
        :return: The MIC as defined in RFC 4462. The contents of the
                 MIC field are:
                 string    session_identifier,
                 byte      SSH_MSG_USERAUTH_REQUEST,
                 string    user-name,
                 string    service (ssh-connection),
                 string    authentication-method
                           (gssapi-with-mic or gssapi-keyex)
        tB(R-R/R=R>RR.(R t
session_idR%R#Rtmic((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyt_ssh_build_mic�s
(
t__name__t
__module__t__doc__R!R$R&R4R<R-RC(((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyRns							RcBseeZdZd�Zdddd�Zed�Zdd�Zdd�Z	e
d��Zd�ZRS(	s�
    Implementation of the GSS-API MIT Kerberos Authentication for SSH2,
    using the older (unmaintained) python-gssapi package.

    :see: `.GSSAuth`
    cCs_tj|||�|jr@tjtjtjtjf|_ntjtjtjf|_dS(s�
        :param str auth_method: The name of the SSH authentication mechanism
                                (gssapi-with-mic or gss-keyex)
        :param bool gss_deleg_creds: Delegate client credentials or not
        N(	RR!RtgssapitC_PROT_READY_FLAGtC_INTEG_FLAGt
C_MUTUAL_FLAGtC_DELEG_FLAGt
_gss_flags(R RR((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyR!�s	c
Cs�ddlm}||_||_tjd|jtj�}tj�}|j|_	|d
krztjj|j
�}nN|j|�\}	}
|	j�|j
kr�td��ntjj|j
�}d
}y[|d
krtjd|d|d|j	�|_|jj|�}n|jj|�}WnBtjk
rmdjtj�d	|j�}tj|��nX|jj|_|S(s�
        Initialize a GSS-API context.

        :param str username: The name of the user who attempts to login
        :param str target: The hostname of the target to connect to
        :param str desired_mech: The negotiated GSS-API mechanism
                                 ("pseudo negotiated" mechanism, because we
                                 support just the krb5 mechanism :-))
        :param str recv_token: The GSS-API token received from the Server
        :raises:
            `.SSHException` -- Is raised if the desired mechanism of the client
            is not supported
        :return: A ``String`` if the GSS-API has returned a token or
            ``None`` if no token was returned
        i����(R5shost@sUnsupported mechanism OID.t	peer_namet	mech_typet	req_flagss
{} Target: {}iN(R,R5RRRGtNametC_NT_HOSTBASED_SERVICEtContextRLtflagsRtOIDtmech_from_stringRR6R7RtInitContextRtsteptGSSExceptiontformattsystexc_infotestablishedR(
R ttargetR9R%t
recv_tokenR5t	targ_nametctxt	krb5_mechR:R;ttokentmessage((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pytssh_init_sec_context
s6			cCsa||_|sH|j|j|j|j|j�}|jj|�}n|jj|j�}|S(s�
        Create the MIC token for a SSH2 message.

        :param str session_id: The SSH session ID
        :param bool gss_kex: Generate the MIC for GSS-API Key Exchange or not
        :return: gssapi-with-mic:
                 Returns the MIC token from GSS-API for the message we created
                 with ``_ssh_build_mic``.
                 gssapi-keyex:
                 Returns the MIC token from GSS-API with the SSH session ID as
                 message.
        (RRCRRRRtget_micR(R RAtgss_kext	mic_fieldt	mic_token((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pytssh_get_micAs
	cCsX||_||_|jdkr3tj�|_n|jj|�}|jj|_|S(s�
        Accept a GSS-API context (server mode).

        :param str hostname: The servers hostname
        :param str username: The name of the user who attempts to login
        :param str recv_token: The GSS-API Token received from the server,
                               if it's not the initial call.
        :return: A ``String`` if the GSS-API has returned a token or ``None``
                if no token was returned
        N(	RRRRRGt
AcceptContextRWR\R(R thostnameR^R%Rb((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pytssh_accept_sec_context\s		cCsu||_||_|jdk	r[|j|j|j|j|j�}|jj||�n|jj|j|�dS(st
        Verify the MIC token for a SSH2 message.

        :param str mic_token: The MIC token received from the client
        :param str session_id: The SSH session ID
        :param str username: The name of the user who attempts to login
        :return: None if the MIC check was successful
        :raises: ``gssapi.GSSException`` -- if the MIC check failed
        N(	RRRRCRRRt
verify_micR(R RhRAR%Rg((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyt
ssh_check_micps
		cCs|jjdk	rtStS(s�
        Checks if credentials are delegated (server mode).

        :return: ``True`` if credentials are delegated, otherwise ``False``
        N(Rtdelegated_credRR8R(R ((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pytcredentials_delegated�scCs
t�dS(s~
        Save the Client token in a file. This is used by the SSH server
        to store the client credentials if credentials are delegated
        (server mode).

        :param str client_token: The GSS-API token received form the client
        :raises:
            ``NotImplementedError`` -- Credential delegation is currently not
            supported in server mode
        N(tNotImplementedError(R tclient_token((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pytsave_client_creds�sN(
RDRERFR!RRdRRiRlRntpropertyRpRs(((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyR�s	3iiR	cBseeZdZd�Zdddd�Zed�Zdd�Zdd�Z	e
d��Zd�ZRS(	s�
    Implementation of the GSS-API MIT Kerberos Authentication for SSH2,
    using the newer, currently maintained gssapi package.

    :see: `.GSSAuth`
    cCsttj|||�|jrLtjjtjjtjjtjjf|_	n$tjjtjjtjjf|_	dS(s�
        :param str auth_method: The name of the SSH authentication mechanism
                                (gssapi-with-mic or gss-keyex)
        :param bool gss_deleg_creds: Delegate client credentials or not
        N(
RR!RRGtRequirementFlagtprotection_readyt	integritytmutual_authenticationtdelegate_to_peerRL(R RR((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyR!�s						c	Csddlm}||_||_tjd|jdtjj�}|dk	r�|j	|�\}}|j
�|jkr�td��q�ntj
j}	d}
|dkr�tjd|d|jd|	d	d
�|_|jj|
�}
n|jj|�}
|jj|_|
S(se
        Initialize a GSS-API context.

        :param str username: The name of the user who attempts to login
        :param str target: The hostname of the target to connect to
        :param str desired_mech: The negotiated GSS-API mechanism
                                 ("pseudo negotiated" mechanism, because we
                                 support just the krb5 mechanism :-))
        :param str recv_token: The GSS-API token received from the Server
        :raises: `.SSHException` -- Is raised if the desired mechanism of the
                 client is not supported
        :raises: ``gssapi.exceptions.GSSError`` if there is an error signaled
                                                by the GSS-API implementation
        :return: A ``String`` if the GSS-API has returned a token or ``None``
                 if no token was returned
        i����(R5shost@t	name_typesUnsupported mechanism OID.RRSR:tusagetinitiateN(R,R5RRRGRPtNameTypethostbased_serviceRR6R7RRtMechTypetkerberostSecurityContextRLRRWtcompleteR(R R]R9R%R^R5R_R:R;RaRb((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyRd�s,		
		cCsa||_|sH|j|j|j|j|j�}|jj|�}n|jj|j�}|S(s�
        Create the MIC token for a SSH2 message.

        :param str session_id: The SSH session ID
        :param bool gss_kex: Generate the MIC for GSS-API Key Exchange or not
        :return: gssapi-with-mic:
                 Returns the MIC token from GSS-API for the message we created
                 with ``_ssh_build_mic``.
                 gssapi-keyex:
                 Returns the MIC token from GSS-API with the SSH session ID as
                 message.
        :rtype: str
        (RRCRRRRt
get_signatureR(R RARfRgRh((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyRi�s	cCs^||_||_|jdkr9tjdd�|_n|jj|�}|jj|_|S(s�
        Accept a GSS-API context (server mode).

        :param str hostname: The servers hostname
        :param str username: The name of the user who attempts to login
        :param str recv_token: The GSS-API Token received from the server,
                               if it's not the initial call.
        :return: A ``String`` if the GSS-API has returned a token or ``None``
                if no token was returned
        R{tacceptN(	RRRRRGR�RWR�R(R RkR^R%Rb((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyRls		cCsu||_||_|jdk	r[|j|j|j|j|j�}|jj||�n|jj|j|�dS(s{
        Verify the MIC token for a SSH2 message.

        :param str mic_token: The MIC token received from the client
        :param str session_id: The SSH session ID
        :param str username: The name of the user who attempts to login
        :return: None if the MIC check was successful
        :raises: ``gssapi.exceptions.GSSError`` -- if the MIC check failed
        N(	RRRRCRRRtverify_signatureR(R RhRAR%Rg((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyRn$s
		cCs|jjdk	rtStS(s�
        Checks if credentials are delegated (server mode).

        :return: ``True`` if credentials are delegated, otherwise ``False``
        :rtype: bool
        N(Rtdelegated_credsRR8R(R ((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyRp>scCs
t�dS(sw
        Save the Client token in a file. This is used by the SSH server
        to store the client credentials if credentials are delegated
        (server mode).

        :param str client_token: The GSS-API token received form the client
        :raises: ``NotImplementedError`` -- Credential delegation is currently
                 not supported in server mode
        N(Rq(R Rr((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyRsJs
N(
RDRERFR!RRdRRiRlRnRtRpRs(((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyR	�s	-RcBsbeZdZd�Zdddd�Zed�Zd�Zdd�Z	e
d��Zd�ZRS(	sf
    Implementation of the Microsoft SSPI Kerberos Authentication for SSH2.

    :see: `.GSSAuth`
    cCsPtj|||�|jr9tjtjBtjB|_ntjtjB|_dS(s�
        :param str auth_method: The name of the SSH authentication mechanism
                                (gssapi-with-mic or gss-keyex)
        :param bool gss_deleg_creds: Delegate client credentials or not
        N(RR!RtsspicontISC_REQ_INTEGRITYtISC_REQ_MUTUAL_AUTHtISC_REQ_DELEGATERL(R RR((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyR!^s	cCs/ddlm}||_||_d}d|j}|d
k	r}|j|�\}}	|j�|jkr}td��q}nyY|d
kr�t	j
dd|jd|�|_n|jj
|�\}}
|
dj}
Wn4tjk
r}|jd	j|j�7_�nX|dkr+t|_d
}
n|
S(s�
        Initialize a SSPI context.

        :param str username: The name of the user who attempts to login
        :param str target: The FQDN of the target to connect to
        :param str desired_mech: The negotiated SSPI mechanism
                                 ("pseudo negotiated" mechanism, because we
                                 support just the krb5 mechanism :-))
        :param recv_token: The SSPI token received from the Server
        :raises:
            `.SSHException` -- Is raised if the desired mechanism of the client
            is not supported
        :return: A ``String`` if the SSPI has returned a token or ``None`` if
                 no token was returned
        i����(R5ishost/sUnsupported mechanism OID.tKerberostscflagst	targetspns, Target: {}N(R,R5RRRR6R7RRtsspit
ClientAuthRLRt	authorizetBuffert
pywintypesterrortstrerrorRYR8R(R R]R9R%R^R5R�R_R:R;Rbte((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyRdqs.		
	cCsa||_|sH|j|j|j|j|j�}|jj|�}n|jj|j�}|S(s�
        Create the MIC token for a SSH2 message.

        :param str session_id: The SSH session ID
        :param bool gss_kex: Generate the MIC for Key Exchange with SSPI or not
        :return: gssapi-with-mic:
                 Returns the MIC token from SSPI for the message we created
                 with ``_ssh_build_mic``.
                 gssapi-keyex:
                 Returns the MIC token from SSPI with the SSH session ID as
                 message.
        (RRCRRRRtsignR(R RARfRgRh((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyRi�s
	cCs~||_||_d|j}tjdd|�|_|jj|�\}}|dj}|dkrzt|_d}n|S(s�
        Accept a SSPI context (server mode).

        :param str hostname: The servers FQDN
        :param str username: The name of the user who attempts to login
        :param str recv_token: The SSPI Token received from the server,
                               if it's not the initial call.
        :return: A ``String`` if the SSPI has returned a token or ``None`` if
                 no token was returned
        shost/R�tspniN(
RRR�t
ServerAuthRR�R�R8RR(R RkR%R^R_R�Rb((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyRl�s		

		cCsr||_||_|dk	rX|j|j|j|j|j�}|jj||�n|jj|j|�dS(sk
        Verify the MIC token for a SSH2 message.

        :param str mic_token: The MIC token received from the client
        :param str session_id: The SSH session ID
        :param str username: The name of the user who attempts to login
        :return: None if the MIC check was successful
        :raises: ``sspi.error`` -- if the MIC check failed
        N(	RRRRCRRRtverifyR(R RhRAR%Rg((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyRn�s
		cCs |jtj@o|jp|jS(s�
        Checks if credentials are delegated (server mode).

        :return: ``True`` if credentials are delegated, otherwise ``False``
        (RLR�R�R(R ((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyRp�scCs
t�dS(s{
        Save the Client token in a file. This is used by the SSH server
        to store the client credentails if credentials are delegated
        (server mode).

        :param str client_token: The SSPI token received form the client
        :raises:
            ``NotImplementedError`` -- Credential delegation is currently not
            supported in server mode
        N(Rq(R Rr((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyRs�sN(
RDRERFR!RRdRRiRlRnRtRpRs(((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyRWs	3	((ii(&RFR=R
RZR8tGSS_AUTH_AVAILABLEtGSS_EXCEPTIONSRRRGthasattrRRXt
exceptionstGeneralErrortrawtmisctGSSErrorR
tOSErrorR�R�R�R�Rtparamiko.commonRtparamiko.ssh_exceptionRtparamiko._versionRRtobjectRRt_SSH_GSSAPIR	R(((sE/opt/plesk/python/2.7/lib/python2.7/site-packages/paramiko/ssh_gss.pyt<module>sD	
 ��	�

Zerion Mini Shell 1.0