File: //usr/local/CyberCP/lib64/python3.10/site-packages/paramiko/__pycache__/ssh_gss.cpython-310.pyc
o
�h�p � @ sD d Z ddlZddlZddlZdZdZdZz"ddlZeed�r*ej dkr*dZej
fZndZejjej
jjfZW n- eefyc zddlZddlZddlZd ZejfZW n
ey` d
ZdZY nw Y nw ddlmZ ddlmZ dd
lmZ ddd�ZG dd� d�ZG dd� de�Zedk r�eZG dd� de�Z G dd� de�Z!dS )z�
This module provides GSS-API / SSPI authentication as defined in :rfc:`4462`.
.. note:: Credential delegation is not supported in server mode.
.. seealso:: :doc:`/api/kex_gss`
.. versionadded:: 1.15
� NT� � __title__z
python-gssapi�MIT�PYTHON-GSSAPI-NEW�SSPIF)�MSG_USERAUTH_REQUEST)�SSHException)�__version_info__c C sH t dkr t| |�S t dkrt| |�S t dkr tjdkr t| |�S td��)a�
Provide SSH2 GSS-API / SSPI authentication.
:param str auth_method: The name of the SSH authentication mechanism
(gssapi-with-mic or gss-keyex)
:param bool gss_deleg_creds: Delegate client credentials or not.
We delegate credentials by default.
:return: Either an `._SSH_GSSAPI_OLD` or `._SSH_GSSAPI_NEW` (Unix)
object or an `_SSH_SSPI` (Windows) object
:rtype: object
:raises: ``ImportError`` -- If no GSS-API / SSPI module could be imported.
:see: `RFC 4462 <http://www.ietf.org/rfc/rfc4462.txt>`_
:note: Check for the available API and return either an `._SSH_GSSAPI_OLD`
(MIT GSSAPI using python-gssapi package) object, an
`._SSH_GSSAPI_NEW` (MIT GSSAPI using gssapi package) object
or an `._SSH_SSPI` (MS SSPI) object.
If there is no supported API available,
``None`` will be returned.
r r r �ntz)Unable to import a GSS-API / SSPI module!)�_API�_SSH_GSSAPI_OLD�_SSH_GSSAPI_NEW�os�name� _SSH_SSPI�ImportError)�auth_method�gss_deleg_credsr r �C/usr/local/CyberCP/lib/python3.10/site-packages/paramiko/ssh_gss.py�GSSAuthN s
r c @ sJ e Zd ZdZdd� Zdd� Zdd� Zdd d
�Zdd� Zd
d� Z dd� Z
dS )�_SSH_GSSAuthzs
Contains the shared variables and methods of `._SSH_GSSAPI_OLD`,
`._SSH_GSSAPI_NEW` and `._SSH_SSPI`.
c C sN || _ || _d| _d| _d| _d| _ d| _d| _d| _d| _ d| _
d| _dS )��
:param str auth_method: The name of the SSH authentication mechanism
(gssapi-with-mic or gss-keyex)
:param bool gss_deleg_creds: Delegate client credentials or not
Nzssh-connectionz1.2.840.113554.1.2.2F)�_auth_method�_gss_deleg_creds� _gss_host� _username�_session_id�_service�
_krb5_mech� _gss_ctxt�_gss_ctxt_status�
_gss_srv_ctxt�_gss_srv_ctxt_status�cc_file��selfr r r r r �__init__t s
z_SSH_GSSAuth.__init__c C s |� d�r
|| _dS dS )z�
This is just a setter to use a non default service.
I added this method, because RFC 4462 doesn't specify "ssh-connection"
as the only service value.
:param str service: The desired SSH service
zssh-N)�findr )r% �servicer r r �set_service� s
�z_SSH_GSSAuth.set_servicec C s
|| _ dS )z�
Setter for C{username}. If GSS-API Key Exchange is performed, the
username is not set by C{ssh_init_sec_context}.
:param str username: The name of the user who attempts to login
N)r )r% �usernamer r r �set_username� s
z_SSH_GSSAuth.set_username�clientc C s\ ddl m} ddlm} | �d�}|�|| j��}| �t|��}|dkr(|| S || | S )a�
This method returns a single OID, because we only support the
Kerberos V5 mechanism.
:param str mode: Client for client mode and server for server mode
:return: A byte sequence containing the number of supported
OIDs, the length of the OID and the actual OID encoded with
DER
:note: In server mode we just return the OID length and the DER encoded
OID.
r )�ObjectIdentifier)�encoder� �server)�pyasn1.type.univr- �pyasn1.codec.derr. �_make_uint32�encoder �len)r% �moder- r. �OIDs�krb5_OID�OID_lenr r r �ssh_gss_oids� s
z_SSH_GSSAuth.ssh_gss_oidsc C s0 ddl m} |�|�\}}|�� | jkrdS dS )z�
Check if the given OID is the Kerberos V5 OID (server mode).
:param str desired_mech: The desired GSS-API mechanism of the client
:return: ``True`` if the given OID is supported, otherwise C{False}
r ��decoderFT)r2 r<