i}MjSSKJr SSKrSSKrSSKrSSKrSSKrSSK J r J r J r J r JrJrJrJrJrJrJr SSKJrJrJrJrJr SSKJr SSKJrJrJ r J!r! SSKJ"r# SSK$J%r%J&r&J'r' \RP"\)5r*\RVS :XaSSK,r,S r-OS r-SS jr.SS jr/SSjr0"SS\ 5r1g)) annotationsN) IOV ContextProxy ContextReqIOVUnwrapResult IOVWrapResultSecPkgContextSizes UnwrapResultWinRMWrapResult WrapResultsplit_usernamewrap_system_error) CredentialCredentialCacheKerberosKeytabPasswordunify_credentials)GssChannelBindings)InvalidCredentialErrorNegotiateOptionsNoContextError SpnegoError)WinError) BufferType IOVBuffer IOVResBufferntTFc$[(a/SQ$/$)z4Return a list of protocols that SSPIProxy can offer.)kerberos negotiatentlm)HAS_SSPIF/home/james-whalen/.local/lib/python3.13/site-packages/spnego/_sspi.py_available_protocolsr&4sx00 r$c/nUHn[UR5nUR[RR R -(a[RnOFUR[RR R-(a[Rn[[U5URS9nURU5 M [U5$)z5Converts SSPI IOV buffer to generic IOVBuffer result.)typedata)int buffer_type buffer_flagssspilibrawSecBufferFlags SECBUFFER_READONLY_WITH_CHECKSUMr sign_onlySECBUFFER_READONLY data_readonlyrr)appendtuple)iovbuffersir+ buffer_entrys r%_create_iov_resultr:<sG !--( >>GKK66WW W$..K ^^gkk88KK K$22K#K)@qvvN |$ >r$cDUUUS:Xa$[RRRO#[RRRS.nUGHn[ U[ 5(ap[UR5upg[RRUUURS9n[RR"S 0UDSU0D6Rs $[ U[5(a,[RR"S 0UD6Rs $[ U[5(dMUR(d [!SS9e[UR5upg[#UR$SS9n U R'5n S S S 5 [RR)[RR*R,W UUS 9n [RR"S 0UDSU 0D6Rs $ [!S S9e!,(df  N=f) aGet the SSPI credential. Will get an SSPI credential for the protocol specified. Currently only supports Password or CredentialCache credential types. Args: principal: The principal to use for the AcquireCredentialsHandle call protocol: The protocol of the credential. usage: Either `initiate` for a client context or `accept` for a server context. credentials: List of credentials to retrieve from. Returns: sspilib.raw.CredHandle: The handle to the SSPI credential to use. initiate)package principalcredential_use)usernamedomainpassword auth_dataz6KerberosKeytab for SSPI requires a principal to be set context_msgrb)modeN)credential_type credentialr@rAz#No applicable credentials availabler#)r-r. CredentialUseSECPKG_CRED_OUTBOUNDSECPKG_CRED_INBOUND isinstancerr r@WinNTAuthIdentityrBacquire_credentials_handlerIrrr>ropenkeytabread!WinNTAuthIdentityPackedCredentialWinNTAuthCredentialTypeSEC_WINNT_AUTH_DATA_TYPE_KEYTAB) r>protocolusage credentialscredential_kwargscredrAr@ pass_datakt_filerQkt_datas r%_get_sspi_credentialr^Ls, " KK % % : :**>> + dH % %-dmm< F 55!6I ;;99c>,9qrr-dnn= Fdkk- .kkCC ' C C c c!! DG;;99a !-R SS.-s ;H H c ^\rSrSrSrSSSSS\R SS\R4 S#U4Sjjjr \ S$S%Sjj5r \ S&Sj5r \ S'S j5r\ S&S j5r\ \"\S 5S(S j55rS)S jr\"\S5S$SS.S*Sjjj5rS+SjrS,S-Sjjr\"\S5S,S.Sjj5rS/SjrS0Sjr\"\S5S1Sj5rS2Sjr\"\S5S$S3Sjj5r\"\S5S4Sj5r\ S5Sj5r\ S6Sj5rS7S jr S8S!jr!S"r"U=r#$)9 SSPIProxyaSSPI proxy class for pure SSPI on Windows. This proxy class for SSPI exposes this library into a common interface for SPNEGO authentication. This context uses compiled C code to interface directly into the SSPI functions on Windows to provide a native SPNEGO implementation. Nr<r c >[(d [S5e[X5n [[U]XXEXgX5 U U(aUR U5UlOSUlSUlSUl SUl SUl SUl SUl U RSS5n U (d!US:Xa UROSn [!XX{5n Xlg!["an[%USS9UeSnAff=f)Nz:SSPIProxy requires the Windows only sspilib python packagerF_sspi_credentialacceptzGetting SSPI credential) base_errorrE)r" ImportErrorrsuperr`__init___get_native_bindings_native_channel_bindings _block_size_max_signature_security_trailer _complete_context_SSPIProxy__seq_numgetspnr^ NativeErrorr _credential)selfr@rBhostnameservicechannel_bindings context_reqrWrVoptionskwargsrXsspi_credentialr>win_err __class__s r%rhSSPIProxy.__init__sxZ[ [';  i' 7kRZ  ,0,E,EFV,WD ),0D )!"7;  **%7> j(-(9DHHt "6yE"_+ j!WB[\bii js$ C C% C  C%c[5$N)r&)clsrzs r%available_protocolsSSPIProxy.available_protocolss $%%r$cURS:Xa{[RR[R "[RR UR5[RR5nUR$g)Nrd) rWr-r.query_context_attributestcast CtxtHandleroSecPkgContextNamesr@)runamess r%client_principalSSPIProxy.client_principalsZ :: !KK88w{{--t}}= ..E>> !r$cUR$r)rnrus r%completeSSPIProxy.completes ~~r$c[RR[R"[RR UR 5[RR5nURR5$r) r-r.rrrrroSecPkgContextPackageInfonamelower)ru package_infos r%negotiated_protocolSSPIProxy.negotiated_protocolsX{{;; FF7;;))4== 9 KK 0 0   &&((r$zRetrieving session keyc[RR[R"[RR UR 5[RR5nUR$r) r-r.rrrrroSecPkgContextSessionKey session_key)rurs r%rSSPIProxy.session_keysOkk:: FF7;;))4== 9 KK / / &&&r$c [URURURURUR UR URURS9$)N)rvrwrxryrWrVrzrc) r` _hostname_servicerxryrWrVrzrtrs r% new_contextSSPIProxy.new_contextsM^^MM!22((**]]LL!--  r$zProcessing security token)rxc $UR(dA[RS[R"U=(d S5R 55 /nU(a\[ U5nUR[RRU[RRR55 U(aURU5nO URnU(aURUR55 SnU(a[RR!U5n[RR![RRS[RRR5/5nUR"S:XaUR$[R&R(-n[RR+UR,UR.UR0=(d SU[RR2R4UUS9nUR6n UR8UlOUR$[R:R<-n[RR?UR,UR.UU[RR2R4US9nUR6n UR8UlUSR@=(d Sn [CURD5Ul#U [RRHRJ:Xa|SUl&[RROUR.[RRP5n U RRUl*U RVUl,U RZUl.UR(dA[RS [R"U =(d S5R 55 U $) NzSSPI step input: %sr$r<)rIcontext target_namerytarget_data_rep input_buffersoutput_buffers)rIrrryrrrTzSSPI step output: %s)/ _is_wrappedlogdebugbase64 b64encodedecode bytearrayr4r-r. SecBuffer SecBufferTypeSECBUFFER_TOKENrirjdangerous_get_sec_buffer SecBufferDescrW _context_reqIscReqISC_REQ_ALLOCATE_MEMORYinitialize_security_contextrtrorr TargetDataRepSECURITY_NATIVE_DREPstatusrAscReqASC_REQ_ALLOCATE_MEMORYaccept_security_contextr)r* attributes _context_attrNtStatusSEC_E_OKrnrr block_sizerk max_signaturerlsecurity_trailerrm) ruin_tokenrx sec_tokensnative_channel_bindings in_buffer out_bufferryresr out_token attr_sizess r%stepSSPIProxy.steps II+V-=-=ho#-N-U-U-W X24  *H   gkk33Hgkk>W>W>g>gh i &*&?&?@P&Q #&*&C&C # "   5NNP Q6:  11*=I[[.. %%dGKK,E,E,U,UV   :: #++gnn.T.TTK++99++  HHN' ' 9 9 N N'):CZZFKKDM++gnn.T.TTK++55++ '' ' 9 9 N N) 6CZZFKKDMqM&&.$  0 W[[))22 2!DN ==dmmW[[MkMklJ)44D ",":":D %/%@%@D " II,f.>.>y?OC.P.W.W.Y Zr$c\UR(d [SS9e[URS9$)Nz;Cannot get message sizes until context has been establishedrD)header)rmrr rs r%query_message_sizesSSPIProxy.query_message_sizesGs(%% -jk k!)?)?@@r$cUR[RU[R/X#S9n[ SR UR Vs/sH!oUR(dMURPM# sn5URS9$s snf)N)encryptqopr$)r) encrypted) wrap_iovrrpaddingr joinr7r)r)rur)rrrrs r%wrapSSPIProxy.wrapMsg mmZ..j6H6HISZmdsxx(OA(OP\_\i\ijj(Os B &B zWrapping IOV buffercLU=(d SnU(a7U[RRR-(a [ S5eU(d'U[RRR-nUR XR 5n[RRU5n[RR[R"[RRUR5UUURS9 [[U5US9$)Nrz;Cannot set qop with SECQOP_WRAP_NO_ENCRYPT and encrypt=True)rmessageseq_no)r7r)r-r.QopFlagsSECQOP_WRAP_NO_ENCRYPT ValueError_build_iov_list_convert_iov_bufferrencrypt_messagerrrro_seq_numrr:)rur6rrr7 iov_buffers r%rSSPIProxy.wrap_iovVshQ sW[[11HHHZ[ [ 7;;''>> >C&&s,D,DE[[..w7  ## FF7;;))4== 9== $ %7 %CwWWr$cUR[RU/5RnUSR=(d SnUSR=(d Sn[ X4SS9$)Nrr$)rr)padding_length)rrrr7r)r )rur)r6renc_datas r% wrap_winrmSSPIProxy.wrap_winrmosRmmZ..56>>Q#q6;;%#fANNr$cUR[RU4[R/5nURSR=(d Sn[ X2R URS9$)Nrr$)r)rr) unwrap_iovrstreamr)r7r rr)rur)rdec_datas r%unwrapSSPIProxy.unwrapvsQoo 1 148*//JK;;q>&&-#]]PPr$zUnwrapping IOV buffercURXR5n[RR U5n[RR [ R"[RRUR5UURS9nU[RRR-S:Hn[[U5XTS9$)N)rr)r7rr)rrr-r.rdecrypt_messagerrrrorrrrr:)rur6r7rrrs r%rSSPIProxy.unwrap_iov|s &&s,D,DE[[..w7 kk)) FF7;;))4== 9 ==*  '++..EEEJ '9*'EQZddr$cUR[RU4U/5RnUSR=(d S$)Nrr$)rrrr7r))rurr)r6s r% unwrap_winrmSSPIProxy.unwrap_winrms9oo 1 16:DABJJ1v{{!c!r$zSigning messagecz[U5n[UR5n[RR [RR U[RR R5[RR U[RR R5/5n[RR[R"[RRUR5U=(d SUUR5 USR$)Nrr)rrlr-r.rrrSECBUFFER_DATArmake_signaturerrrrorr))rur)r signaturer6s r%signSSPIProxy.signs d112 kk'' %%dGKK,E,E,T,TU %%i1J1J1Z1Z[    "" FF7;;))4== 9 H1  MM  1v{{r$zVerifying messagec4[U5n[U5n[RR[RR U[RR R 5[RR U[RR R5/5n[RR[R"[RRUR5UUR5$r)rr-r.rrrrrverify_signaturerrrror)rur)micr6s r%verifySSPIProxy.verifysnkk'' %%dGKK,E,E,T,TU %%c7;;+D+D+T+TU  {{++ FF7;;))4== 9  MM  r$c f/nURS:Xa4UR[RS45 [R nSnO[R nSnUR[RS4[RS4[RS4[RS4[RS4[RS 4[RS 4[RS 4[R S 4/ 5 /nUH&upVURU[#X#S U3545 M( U$)Nr<REQ_NO_INTEGRITYISCASC REQ_DELEGATEREQ_MUTUAL_AUTHREQ_REPLAY_DETECTREQ_SEQUENCE_DETECTREQ_CONFIDENTIALITY REQ_INTEGRITYREQ_USE_DCE_STYLE REQ_IDENTIFY_)rWr4r no_integrityr-rrextenddelegatedelegate_policy mutual_auth replay_detectsequence_detectconfidentiality integrity dce_styleidentifygetattr)ruattr_mapsspi_req sspi_prefixattrs spnego_flag gssapi_names r%_context_attr_mapSSPIProxy._context_attr_maps :: # OOZ446HI J~~HK~~HK$$n5++^<''):;))+>?++-BC++-BC%%7%%':;$$n5  (0 $K LL+wx=+9W'XY Z)1 r$cHURnU=RS- slU$)Nr)rp)runums r%rSSPIProxy._seq_numsnn ! r$c[5n[UR[5(a[UR5nGO4[UR[5(a5[UR[ 5(d[UR5nO[ RUR[ RUR[ RUR0nURnUcURU;nU(akURU;aD[S[UR5R<SURR<35e[X1R5n[ UR5nSnU[ R :XaI["R$R&R(n["R$R*R,nO\U[ R.:XaH["R$R&R(n["R$R*R0n["R$R3X%U5$)Nz$Cannot auto allocate buffer of type .r)rrMr)bytesr*boolrrrmrrktrailerr(r__name__rr1r-r.rrr/r0r3r2r)rubufferr)auto_alloc_sizeallocr+r,s r%rSSPIProxy._convert_iov_buffers{ fkk5 ) )V[[)D  S ) )*V[[$2O2OV[[)D!!4#9#9""D$4$4""D$:$:OKKE} 6;;o5$GKFKKGXGaGacicncncscst!!=>&++&  *.. .!++33BBK";;55VVL J44 4!++33BBK";;55HHL{{$$T EEr$c[R"[UR5UR[UR 5UR URS9$)z>Gets the raw byte value of the SEC_CHANNEL_BINDINGS structure.)initiator_addr_typeinitiator_addracceptor_addr_type acceptor_addrapplication_data)r-SecChannelBindingsr*initiator_addrtypeinitiator_addressacceptor_addrtypeacceptor_addressr:)rurxs r%riSSPIProxy._get_native_bindings sP )) #$4$G$G H+=="#3#E#EF*;;->>   r$) __seq_numrkrnrorrtrlrjrm)r@z*str | Credential | list[Credential] | NonerB str | NonervrBrwrBrxGssChannelBindings | NoneryrrWstrrVrDrzrr{zt.AnyreturnNoner)rzzNegotiateOptions | NonerE list[str])rErB)rEr.)rEr-)rEr`)r bytes | NonerxrCrErH)rEr )TN)r)r-rr.r int | NonerEr )r6collections.abc.Iterable[IOV]rr.rrIrEr)r)r-rEr )r)r-rEr )r6rJrEr)rr-r)r-rEr-)r)r-rrIrEr-)r)r-rr-rEr*)rEzlist[tuple[ContextReq, int]])rEr*)r1rrEzsspilib.raw.SecBuffer)rxrrEzsspilib.SecChannelBindings)$r0 __module__ __qualname____firstlineno____doc__rdefaultrnonerh classmethodrpropertyrrrrrsrrrrrrrrrrrrr&rrri__static_attributes__ __classcell__)r~s@r%r`r`s@D##"6:","4"4#$4$9$9,+<,+,+ ,+  ,+ 4 ,+ ,+,+,+",+,+ ,+,+\,0&(& && )){$<='>'  {$?@"&L7; LL4 L  LAL\A kkk k  k{$9: X *XX X  X;X0OQ {$;<e *e e=e "{$56  7,{$78 9   D &FP  ,   $   r$r`)rErG)r6zsspilib.raw.SecBufferDescrEztuple[IOVResBuffer, ...]) r>rBrVrDrWrDrXzlist[Credential]rEzsspilib.raw.CredHandle)2 __future__rrcollections.abc collectionsloggingostypingrspnego._contextrrrrrr r r r r rspnego._credentialrrrrrspnego.channel_bindingsrspnego.exceptionsrrrrrrs spnego.iovrrr getLoggerr0rrr-r"r&r:r^r`r#r$r%ras#      7 6:: !77d?HH  >T>T>T >T" >T  >TBH H r$