iw,SSKJr SSKrSSKrSSKrSSKJr SSKrSSK r SSK J r SSK J r SSKJr SSKJr SSKJr SS KJr "S S 5r"S S \5rSSjrSSjr"SS\5r"SS\5rg)) annotationsN)urlparse)x509)UnsupportedAlgorithm)default_backend)hashes)AuthBase) HTTPResponsecJ\rSrSrSrS SjrS SjrS SjrS SjrSSjr Sr g )ShimSessionSecurityz5Shim used for backwards compatibility with ntlm-auth.cXlgN_context)selfcontexts U/home/james-whalen/.local/lib/python3.13/site-packages/requests_ntlm/requests_ntlm.py__init__ShimSessionSecurity.__init__s cxURRUSS9nURSSnURSSnXC4$)NT)encrypt)rwrapdata)rmessagewrap_res signaturers rrShimSessionSecurity.wrapsC==%%gt%<MM#2& }}RS!rcTX!-nURRU5R$r)runwrapr)rrrrs rr"ShimSessionSecurity.unwraps%"}}##D)...rc8URRU5$r)rsign)rrs r get_signature!ShimSessionSecurity.get_signature#s}}!!'**rc:URRX5 gr)rverify)rrrs rverify_signature$ShimSessionSecurity.verify_signature&s W0rrN)rzspnego.ContextProxyreturnNone)rbytesr,ztuple[bytes, bytes])rr.rr.r,r.)rr.r,r.)rr.rr.r,r-) __name__ __module__ __qualname____firstlineno____doc__rrr"r&r*__static_attributes__rrr r s? /+1rr c|\rSrSrSrS S SjjrS SjrS SjrSSjrSSjr S r g) HttpNtlmAuth*zI HTTP NTLM Authentication Handler for Requests. Supports pass-the-hash. Nc6XlX lX@lSUlg)a&Create an authentication handler for NTLM over HTTP. :param str username: Username in 'domain\username' format :param str password: Password :param str session: Unused. Kept for backwards-compatibility. :param bool send_cbt: Will send the channel bindings over a HTTPS channel (Default: True) N)usernamepasswordsend_cbtsession_security)rr:r;sessionr<s rrHttpNtlmAuth.__init__1s!   =Arc ^URU5nSnU(a [RRSU-S9nX#RR ;aU$[ URR RSS5SS9nURR(ay[URRS5(aTUS:a(URRRU*S 5 O&URRRSS5 UR URR5 URR5n [R "["[%UR&5R(5n [R*R,n UR.(a+UR0(a[R*R2n [R4"UR.UR0S UU S U S 9n [6R8"U R;5=(d S 5R=5n U<SU <3nXR U'[?USS9nUR@RB"U 40UD6nUR URR5 URR5n UR RS5(a(UR RS5U R S'UR UnUS-m[EU4SjSURGS555S5nU(d [IS5e[6RJ"U[MT5SRO55n[6R8"U R;U5=(d S 5R=5nU<SU<3nXR U'UR@RB"U 40UD6nURPRSU5 URPRSU5 [UU 5Ul+U$)Nstls-server-end-point:)application_datazContent-Length0 )baseseekrntlmhttp)protocolchannel_bindingshostnameserviceoptionsr F)streamz set-cookieCookiec3t># UH-nURT5(dMUR5v M/ g7fr) startswithstrip).0s auth_strips r :HttpNtlmAuth.retry_using_http_NTLM_auth..s. OA<< + Os88c3@# UHoR5v M g7fr)lstrip)rTvals rrWrXsO2N3**,,2Ns,z?Access denied: Server did not respond with NTLM challenge token),_get_server_certspnegorJGssChannelBindingsrequestheadersintgetbodyhasattrrEcontentraw release_conncopytcaststrrurlrKNegotiateOptionsnoner:r;use_ntlmclientbase64 b64encodestepdecodedict connectionsendnextsplitPermissionError b64decodelenencodehistoryappendr r=)rauth_header_field auth_headerresponse auth_typeargsserver_certificate_hashcbtcontent_lengthr`target_hostnamespnego_optionsrqnegotiate_messageauth args_nostream response2auth_header_valuentlm_header_valuer[authenticate_message response3rVs @rretry_using_http_NTLM_auth'HttpNtlmAuth.retry_using_http_NTLM_authHs#'"7"7"A "))<  %%**1a0  !!#""'')&&hx||&<&E&EF0055 ==T]]$44==N MM MM $" #,,V[[]-AcBIIK#%67'+ $T%0 '',,WF F  ""$##((*     . .(1(9(9(=(=l(KGOOH %&--.?@_   O2C2I2I#2NO    !!Q  0Z1BCJJLM%// C0@0GCHOOQ#%9:'+ $((--g>>   *  + 3F ;rc URS:XaPURRSS5R5n[ U5nUbUR SSUUU5$U$URS:XaMURRSS5R5n[ U5nUbUR SSUUU5$U$)zThe actual hook handler.izwww-authenticate Authorizationizproxy-authenticatezProxy-authorization) status_coderarclower_auth_type_from_headerr)rrkwargswww_authenticaterproxy_authenticates r response_hookHttpNtlmAuth.response_hooks ==C  yy}}-?DJJL ./?@I$66&# %*]]c !!"/CR!H!N!N!P ./ABI$66() rcLUR(aURn[U[5(aGURR RR nURS5n[U5$[R"S[5 g![a gf=f)aX Get the certificate at the request_url and return it as a hash. Will get the raw socket from the original response from the server. This socket is then checked if it is an SSL socket and then used to get the hash of the certificate. The certificate hash is then used with NTLMv2 authentication for Channel Binding Tokens support. If the raw object is not a urllib3 HTTPReponse (default with requests) then no certificate will be returned. :param response: The original 401 response from the server :return: The hash of the DER encoded certificate at the request_url or None if not a HTTPS endpoint TzZRequests is running with a non urllib3 backend, cannot retrieve server certificate for CBTN) r<rg isinstancer _fpfp_sock getpeercert_get_certificate_hashAttributeErrorwarningswarnNoCertificateRetrievedWarning)rr raw_responsesocketserver_certificates rr]HttpNtlmAuth._get_server_certs ==#<r-r<boolr,r-) rrlrrlrrequests.Responserrlrt.Anyr,r)rrrrr,r)rrr, bytes | None)rrequests.PreparedRequestr,r) r/r0r1r2r3rrrr]rr4r5rrr7r7*s AAA A  A  A.vvv$ v  v  v vp<>rr7c SU;agSU;agg)z Given a WWW-Authenticate or Proxy-Authenticate header, returns the authentication type to use. We prefer NTLM over Negotiate if the server suppports it. rGNTLM negotiate NegotiateNr5)headers rrrs    rc[R"U[55nURnU(aURS;a3[R"[R"5[55nO[R"U[55nURU5 UR5nU$![a1n[ R "S[U5-[5 SnAgSnAff=f)NzWFailed to get signature algorithm from certificate, unable to pass channel bindings: %s)md5sha1)rload_der_x509_certificatersignature_hash_algorithmrrrrlUnknownSignatureAlgorithmOIDnamerHashSHA256updatefinalize)certificate_dercerthash_algorithmexdigestcertificate_hash_bytess rrrs  ) )/?;L MD66 ^00OCV]]_o.?@^_->? MM/"#__. !!%   247G < (  s B99 C4'C//C4c\rSrSrSrg)ri/r5Nr/r0r1r2r4r5rrrr/rrc\rSrSrSrg)ri3r5Nrr5rrrr3rrr)rrlr,r)rr.r,r) __future__rrrtypingrjr urllib.parserrequestsr^ cryptographyrcryptography.exceptionsrcryptography.hazmat.backendsrcryptography.hazmat.primitivesr requests.authr "requests.packages.urllib3.responser r r7rrWarningrrr5rrrsg" ! 881";110Y8Yx "6 G  7 r