Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
triliodata-3-3 / contego deb
Repository URL to install this package:
|
Version:
3.3.29 ▾
|
ó
°EYc�����������@���s:��d��Z��d�d�l�Z�d�d�l�Z�d�d�l�Z�e�Z�d�d�l�m�Z�d�d�l�m �Z �m
�Z
�d�d�l
�m
�Z
�d�d�l
�m�Z�d�Z�y�d�d�l�Z�WnY�e�e�f�k
�rç�y"�d�d�l�Z�d�d�l�Z�d�Z�Wqè�e�k
�rã�e�Z�d�Z�qè�Xn�Xe�d ��Z�d
�e�f�d
�����YZ�d
�e�f�d
�����YZ�d�e�f�d�����YZ�d�S(���s���
This module provides GSS-API / SSPI authentication as defined in :rfc:`4462`.
.. note:: Credential delegation is not supported in server mode.
.. seealso:: :doc:`/api/kex_gss`
.. versionadded:: 1.15
iÿÿÿÿN(���t���ObjectIdentifier(���t���encodert���decoder(���t���MSG_USERAUTH_REQUEST(���t
���SSHExceptiont���MITt���SSPIc���������C���sQ���t��d�k�r�t�|��|��St��d�k�rA�t�j�d�k�rA�t�|��|��St�d���d�S(���s©��
Provide SSH2 GSS-API / SSPI authentication.
:param str auth_method: The name of the SSH authentication mechanism
(gssapi-with-mic or gss-keyex)
:param bool gss_deleg_creds: Delegate client credentials or not.
We delegate credentials by default.
:return: Either an `._SSH_GSSAPI` (Unix) object or an
`_SSH_SSPI` (Windows) object
:raises: ``ImportError`` -- If no GSS-API / SSPI module could be imported.
:see: `RFC 4462 <http://www.ietf.org/rfc/rfc4462.txt>`_
:note: Check for the available API and return either an `._SSH_GSSAPI`
(MIT GSSAPI) object or an `._SSH_SSPI` (MS SSPI) object. If you
get python-gssapi working on Windows, python-gssapi
will be used and a `._SSH_GSSAPI` object will be returned.
If there is no supported API available,
``None`` will be returned.
R���R���t���nts)���Unable to import a GSS-API / SSPI module!N(���t���_APIt
���_SSH_GSSAPIt���ost���namet ���_SSH_SSPIt
���ImportError(���t
���auth_methodt���gss_deleg_creds(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyt���GSSAuthA���s
����
t
���_SSH_GSSAuthc�����������B���sP���e��Z�d��Z�d���Z�d���Z�d���Z�d�d��Z�d���Z�d���Z�d���Z �RS( ���s[���
Contains the shared variables and methods of `._SSH_GSSAPI` and
`._SSH_SSPI`.
c���������C���sp���|�|��_��|�|��_�d�|��_�d�|��_�d�|��_�d�|��_�d�|��_�d�|��_�t �|��_
�d�|��_
�t �|��_
�d�|��_
�d�S(���s���
:param str auth_method: The name of the SSH authentication mechanism
(gssapi-with-mic or gss-keyex)
:param bool gss_deleg_creds: Delegate client credentials or not
s���ssh-connections���1.2.840.113554.1.2.2N(���t
���_auth_methodt���_gss_deleg_credst���Nonet ���_gss_hostt ���_usernamet
���_session_idt���_servicet
���_krb5_mecht ���_gss_ctxtt���Falset���_gss_ctxt_statust
���_gss_srv_ctxtt���_gss_srv_ctxt_statust���cc_file(���t���selfR���R���(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyt���__init__c���s���� c���������C���s ���|�j��d��r�|�|��_�n��d�S(���s��
This is just a setter to use a non default service.
I added this method, because RFC 4462 doesn't specify "ssh-connection"
as the only service value.
:param str service: The desired SSH service
s���ssh-N(���t���findR���(���R ���t���service(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyt
���set_service~���s����c���������C���s
���|�|��_��d�S(���s���
Setter for C{username}. If GSS-API Key Exchange is performed, the
username is not set by C{ssh_init_sec_context}.
:param str username: The name of the user who attempts to login
N(���R���(���R ���t���username(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyt
���set_username���s����t���clientc���������C���s\���|��j��d��}�t�j�t�|��j���}�|��j��t�|���}�|�d�k�rP�|�|�S|�|�|�S(���s��
This method returns a single OID, because we only support the
Kerberos V5 mechanism.
:param str mode: Client for client mode and server for server mode
:return: A byte sequence containing the number of supported
OIDs, the length of the OID and the actual OID encoded with
DER
:note: In server mode we just return the OID length and the DER encoded
OID.
i���t���server(���t
���_make_uint32R���t���encodeR����R���t���len(���R ���t���modet���OIDst���krb5_OIDt���OID_len(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyt
���ssh_gss_oids���s
����
c���������C���s2���t��j�|��\�}�}�|�j���|��j�k�r.�t�St�S(���s��
Check if the given OID is the Kerberos V5 OID (server mode).
:param str desired_mech: The desired GSS-API mechanism of the client
:return: ``True`` if the given OID is supported, otherwise C{False}
(���R���t���decodet���__str__R���R���t���True(���R ���t
���desired_mecht���mecht���__(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyt���ssh_check_mech¥���s����c���������C���s���t��j�d�|��S(���sÇ���
Create a 32 bit unsigned integer (The byte sequence of an integer).
:param int integer: The integer value to convert
:return: The byte sequence of an 32 bit integer
s���!I(���t���structt���pack(���R ���t���integer(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyR)���³���s����c���������C���s´���|��j��t�|���}�|�|�7}�|�t�j�d�t��7}�|�|��j��t�|���7}�|�|�j���7}�|�|��j��t�|���7}�|�|�j���7}�|�|��j��t�|���7}�|�|�j���7}�|�S(���sÎ��
Create the SSH2 MIC filed for gssapi-with-mic.
:param str session_id: The SSH session ID
:param str username: The name of the user who attempts to login
:param str service: The requested SSH service
:param str auth_method: The requested SSH authentication mechanism
:return: The MIC as defined in RFC 4462. The contents of the
MIC field are:
string session_identifier,
byte SSH_MSG_USERAUTH_REQUEST,
string user-name,
string service (ssh-connection),
string authentication-method
(gssapi-with-mic or gssapi-keyex)
t���B(���R)���R+���R8���R9���R���R*���(���R ���t
���session_idR%���R#���R���t���mic(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyt���_ssh_build_mic¼���s����
(
���t���__name__t
���__module__t���__doc__R!���R$���R&���R0���R7���R)���R>���(����(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyR���^���s���
R ���c�����������B���se���e��Z�d��Z�d���Z�d�d�d�d��Z�e�d��Z�d�d��Z�d�d��Z �e
�d����Z
�d���Z
�RS( ���sc���
Implementation of the GSS-API MIT Kerberos Authentication for SSH2.
:see: `.GSSAuth`
c���������C���s_���t��j�|��|�|��|��j�r@�t�j�t�j�t�j�t�j�f�|��_�n�t�j�t�j�t�j�f�|��_�d�S(���s���
:param str auth_method: The name of the SSH authentication mechanism
(gssapi-with-mic or gss-keyex)
:param bool gss_deleg_creds: Delegate client credentials or not
N( ���R���R!���R���t���gssapit���C_PROT_READY_FLAGt
���C_INTEG_FLAGt
���C_MUTUAL_FLAGt
���C_DELEG_FLAGt
���_gss_flags(���R ���R���R���(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyR!������s���� c���
������C���sq��|�|��_��|�|��_�t�j�d�|��j�t�j��}�t�j���}�|��j�|�_�|�d�k�rj�t�j �j
�|��j
��}�nN�t
�j
�|��\�}�} �|�j���|��j
�k�r£�t�d���n�t�j �j
�|��j
��}�d�}
�y[�|�d�k�rt�j�d�|�d�|�d�|�j��|��_�|��j�j�|
��}
�n�|��j�j�|��}
�WnB�t�j�k
�r]d�j�t�j���d�|��j��}
�t�j�|
���n�X|��j�j�|��_�|
�S( ���s��
Initialize a GSS-API context.
:param str username: The name of the user who attempts to login
:param str target: The hostname of the target to connect to
:param str desired_mech: The negotiated GSS-API mechanism
("pseudo negotiated" mechanism, because we
support just the krb5 mechanism :-))
:param str recv_token: The GSS-API token received from the Server
:raises:
`.SSHException` -- Is raised if the desired mechanism of the client
is not supported
:return: A ``String`` if the GSS-API has returned a token or
``None`` if no token was returned
s���host@s���Unsupported mechanism OID.t ���peer_namet ���mech_typet ���req_flagss���{0} Target: {1}i���N(���R���R���RB���t���Namet���C_NT_HOSTBASED_SERVICEt���ContextRG���t���flagsR���t���OIDt���mech_from_stringR���R���R1���R2���R���t
���InitContextR���t���stept
���GSSExceptiont���formatt���syst���exc_infot
���establishedR
���(
���R ���t���targetR4���R%���t
���recv_tokent ���targ_namet���ctxt ���krb5_mechR5���R6���t���tokent���message(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyt���ssh_init_sec_context�s4����
c���������C���sa���|�|��_��|�sH�|��j�|��j��|��j�|��j�|��j��}�|��j�j�|��}�n�|��j�j�|��j���}�|�S(���s��
Create the MIC token for a SSH2 message.
:param str session_id: The SSH session ID
:param bool gss_kex: Generate the MIC for GSS-API Key Exchange or not
:return: gssapi-with-mic:
Returns the MIC token from GSS-API for the message we created
with ``_ssh_build_mic``.
gssapi-keyex:
Returns the MIC token from GSS-API with the SSH session ID as
message.
(���R���R>���R���R���R���R���t���get_micR
���(���R ���R<���t���gss_kext ���mic_fieldt ���mic_token(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyt
���ssh_get_mic ��s����
c���������C���sX���|�|��_��|�|��_�|��j�d�k�r3�t�j���|��_�n��|��j�j�|��}�|��j�j�|��_�|�S(���s³��
Accept a GSS-API context (server mode).
:param str hostname: The servers hostname
:param str username: The name of the user who attempts to login
:param str recv_token: The GSS-API Token received from the server,
if it's not the initial call.
:return: A ``String`` if the GSS-API has returned a token or ``None``
if no token was returned
N( ���R���R���R
���R���RB���t
���AcceptContextRR���RW���R
���(���R ���t���hostnameRY���R%���R]���(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyt���ssh_accept_sec_context9��s����
c���������C���su���|�|��_��|�|��_�|��j�d�k �r[�|��j�|��j��|��j�|��j�|��j��}�|��j�j�|�|��n�|��j�j�|��j��|��d�S(���st��
Verify the MIC token for a SSH2 message.
:param str mic_token: The MIC token received from the client
:param str session_id: The SSH session ID
:param str username: The name of the user who attempts to login
:return: None if the MIC check was successful
:raises: ``gssapi.GSSException`` -- if the MIC check failed
N( ���R���R���R���R>���R���R���R
���t
���verify_micR���(���R ���Rc���R<���R%���Rb���(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyt
���ssh_check_micM��s����
c���������C���s���|��j��j�d�k �r�t�St�S(���s���
Checks if credentials are delegated (server mode).
:return: ``True`` if credentials are delegated, otherwise ``False``
N(���R
���t���delegated_credR���R3���R���(���R ���(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyt���credentials_delegatedf��s����c���������C���s
���t���d�S(���s~��
Save the Client token in a file. This is used by the SSH server
to store the client credentials if credentials are delegated
(server mode).
:param str client_token: The GSS-API token received form the client
:raises:
``NotImplementedError`` -- Credential delegation is currently not
supported in server mode
N(���t���NotImplementedError(���R ���t
���client_token(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyt���save_client_credsq��s����
N(
���R?���R@���RA���R!���R���R_���R���Rd���Rg���Ri���t���propertyRk���Rn���(����(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyR ������s��� .
R
���c�����������B���sb���e��Z�d��Z�d���Z�d�d�d�d��Z�e�d��Z�d���Z�d�d��Z �e
�d����Z
�d���Z
�RS( ���sf���
Implementation of the Microsoft SSPI Kerberos Authentication for SSH2.
:see: `.GSSAuth`
c���������C���sP���t��j�|��|�|��|��j�r9�t�j�t�j�Bt�j�B|��_�n�t�j�t�j�B|��_�d�S(���s���
:param str auth_method: The name of the SSH authentication mechanism
(gssapi-with-mic or gss-keyex)
:param bool gss_deleg_creds: Delegate client credentials or not
N(���R���R!���R���t���sspicont���ISC_REQ_INTEGRITYt���ISC_REQ_MUTUAL_AUTHt���ISC_REQ_DELEGATERG���(���R ���R���R���(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyR!���
��s
����
c���
������C���s��|�|��_��|�|��_�d�}�d�|��j�}�|�d �k �rm�t�j�|��\�}�}�|�j���|��j�k�rm�t�d���qm�n��yY�|�d �k�r �t�j �d�d�|��j
�d�|�|��_
�n��|��j
�j
�|��\�}�} �| �d�j
�} �Wn,�t�d�j�t�j���d�|��j����n�X|�d�k�rt�|��_�d �} �n��| �S(
���s¼��
Initialize a SSPI context.
:param str username: The name of the user who attempts to login
:param str target: The FQDN of the target to connect to
:param str desired_mech: The negotiated SSPI mechanism
("pseudo negotiated" mechanism, because we
support just the krb5 mechanism :-))
:param recv_token: The SSPI token received from the Server
:raises:
`.SSHException` -- Is raised if the desired mechanism of the client
is not supported
:return: A ``String`` if the SSPI has returned a token or ``None`` if
no token was returned
i����s���host/s���Unsupported mechanism OID.t���Kerberost���scflagst ���targetspns���{0}, Target: {1}i���N(���R���R���R���R���R1���R2���R���R���t���sspit
���ClientAuthRG���R���t ���authorizet���Buffert ���ExceptionRT���RU���RV���R3���R
���(
���R ���RX���R4���R%���RY���t���errorRZ���R5���R6���R]���(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyR_�����s.����
c���������C���sa���|�|��_��|�sH�|��j�|��j��|��j�|��j�|��j��}�|��j�j�|��}�n�|��j�j�|��j���}�|�S(���s��
Create the MIC token for a SSH2 message.
:param str session_id: The SSH session ID
:param bool gss_kex: Generate the MIC for Key Exchange with SSPI or not
:return: gssapi-with-mic:
Returns the MIC token from SSPI for the message we created
with ``_ssh_build_mic``.
gssapi-keyex:
Returns the MIC token from SSPI with the SSH session ID as
message.
(���R���R>���R���R���R���R���t���signR
���(���R ���R<���Ra���Rb���Rc���(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyRd�����s����
c���������C���s~���|�|��_��|�|��_�d�|��j��}�t�j�d�d�|�|��_�|��j�j�|��\�}�}�|�d�j�}�|�d�k�rz�t�|��_�d�}�n��|�S(���s§��
Accept a SSPI context (server mode).
:param str hostname: The servers FQDN
:param str username: The name of the user who attempts to login
:param str recv_token: The SSPI Token received from the server,
if it's not the initial call.
:return: A ``String`` if the SSPI has returned a token or ``None`` if
no token was returned
s���host/Rt���t���spni����N(
���R���R���Rw���t
���ServerAuthR
���Ry���Rz���R3���R
���R���(���R ���Rf���R%���RY���RZ���R|���R]���(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyRg����s����
c���������C���sr���|�|��_��|�|��_�|�d�k �rX�|��j�|��j��|��j�|��j�|��j��}�|��j�j�|�|��n�|��j�j�|��j��|��d�S(���sk��
Verify the MIC token for a SSH2 message.
:param str mic_token: The MIC token received from the client
:param str session_id: The SSH session ID
:param str username: The name of the user who attempts to login
:return: None if the MIC check was successful
:raises: ``sspi.error`` -- if the MIC check failed
N( ���R���R���R���R>���R���R���R
���t���verifyR���(���R ���Rc���R<���R%���Rb���(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyRi���ø��s����
c���������C���s ���|��j��t�j�@o �|��j�p �|��j��S(���s���
Checks if credentials are delegated (server mode).
:return: ``True`` if credentials are delegated, otherwise ``False``
(���RG���Rp���Rs���R
���(���R ���(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyRk�����s����c���������C���s
���t���d�S(���s{��
Save the Client token in a file. This is used by the SSH server
to store the client credentails if credentials are delegated
(server mode).
:param str client_token: The SSPI token received form the client
:raises:
``NotImplementedError`` -- Credential delegation is currently not
supported in server mode
N(���Rl���(���R ���Rm���(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyRn��� ��s����
N(
���R?���R@���RA���R!���R���R_���R���Rd���Rg���Ri���Ro���Rk���Rn���(����(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyR
�����s��� /
(
���RA���R8���R
���RU���R3���t���GSS_AUTH_AVAILABLEt���pyasn1.type.univR����t���pyasn1.codec.derR���R���t���paramiko.commonR���t���paramiko.ssh_exceptionR���R���RB���R
���t���OSErrorRp���Rw���R���R���R���t���objectR���R ���R
���(����(����(����sE���/home/tvault/.virtenv/lib/python2.7/site-packages/paramiko/ssh_gss.pyt���<module>
���s.���
{¦