!:ZH ddlZn#e$rddlZYnwxYwddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl mZddlmZddlmZddlmZmZdd lmZdd lmZdd lmZd d lmZmZeje Z!d Z"dZ#dZ$Gdde%Z&Gdde%Z'GddeZ(dZ)dZ*dZ+GddeZ,dS)N)x509)default_backend)hashes)UnsupportedAlgorithm)AuthBase)Response)urlparseStringIO)CaseInsensitiveDict)cookiejar_from_dict) HTTPResponse)MutualAuthenticationErrorKerberosExchangeErrorceZdZdS)NoCertificateRetrievedWarningN__name__ __module__ __qualname__=/usr/lib/python3/dist-packages/requests_kerberos/kerberos_.pyrr*DrrceZdZdS)UnknownSignatureAlgorithmOIDNrrrrrr-rrrc"eZdZdZfdZxZS)SanitizedResponseaTThe :class:`Response ` object, which contains a server's response to an HTTP request. This differs from `requests.models.Response` in that it's headers and content have been sanitized. This is only used for HTTP Error messages which do not support mutual authentication when mutual authentication is required.ctt||j|_|j|_|j|_|j|_|j|_|j|_|j |_ d|_ d|_ ti|_ t|_d|jd<dD] }||jvr|j||j|<!dS)NT0zcontent-length)dateserver)superr __init__ status_codeencodingrawreasonurlrequest connection_content_consumed_contentr cookiesr headers)selfresponseheader __class__s rr'zSanitizedResponse.__init__:s &&//111#/ ) <o <' "-!% *2.. *,, ), %&( @ @F)))'/'7'? V$ @ @r)rrr__doc__r' __classcell__)r6s@rr r 1sK@@@@@@@@@rr c2ttdr tj}n+tjdtj}|t_|jdd}|r,||}|r| dSdS)zDExtracts the gssapi authentication token from the appropriate headerregexz (?:.*,)*\s*Negotiate\s*([^,]*),?zwww-authenticateNr) hasattr_negotiate_valuer:recompileIr2getsearchgroup)r4r:authreq match_objs rr<r<Ns))' & =rtDD!&""#5t<A"ggFGc e e ettttto--V]__o.?.?@@^_->->?? MM/"""(( s+ A**A%%A*cd}|j}t|tr tjdkr|jjjj}n|jjj} |d}t|}d|z}nT#t$rYnHwxYw#t$rtj dtYnwxYwtj dt|S)a https://tools.ietf.org/html/rfc5929 4. The 'tls-server-end-point' Channel Binding Type Gets the application_data value for the 'tls-server-end-point' CBT Type. This is ultimately the SHA256 hash of the certificate of the HTTPS endpoint appended onto tls-server-end-point. This value is then passed along to the kerberos library to bind to the auth response. If the socket is not an SSL socket or the raw HTTP object is not a urllib3 HTTPResponse then None will be returned and the Kerberos auth will use GSS_C_NO_CHANNEL_BINDINGS :param response: The original 401 response from the server :return: byte string used on the application_data.value field on the CBT struct N)rrTstls-server-end-point:z:Failed to get raw socket for CBT; has urllib3 impl changedzZRequests is running with a non urllib3 backend, cannot retrieve server certificate for CBT)r* isinstancer sys version_info_fpfp_sock getpeercertrXAttributeErrorrJrKr)r4application_data raw_responsesocketserver_certificaterWs r&_get_channel_bindings_application_datarfzsN#N  "      9 9 9 MV7 9 9 9 9 9 9  h ) + + + s#8BB BB$B:9B:cheZdZdZedddddddfdZddZdZd Zd Z d Z d Z d Z dZ dZdZdS)HTTPKerberosAuthzMAttaches HTTP GSSAPI/Kerberos Authentication to the given Request object.HTTPFNTc i|_||_||_d|_||_||_||_||_||_d|_ ttd|_ ||_ d|_d|_dS)NFauthGSSWinRMEncryptMessage)contextmutual_authenticationdelegateposserviceforce_preemptive principalhostname_overridesanitize_mutual_error_response auth_doner;kerberoswinrm_encryption_availablesend_cbtcbt_binding_tried cbt_struct) r3rmrprnrqrrrsrtrxs rr'zHTTPKerberosAuth.__init__s}  %:"   0"!2.L+*1(> ? ? ?I II? @ @ @ II3::8DD E E EOrctd|jz|jtt fvrr|jsj|jdk}t|td||sPd&e&e&eDOO%+++&*DOOO+&*D " 8    ! & &tx 0 0 0  3 & &8a<<!44V44B II7 < < < IICX N N N MH'4'HHXHHH H  !S ( (X]] II;X F F FO""8,,B II7 < < <IsAA&%A&cF|jd|jdS)z Deregisters the response handlerr4N)r-deregister_hookr)r3r4s r deregisterzHTTPKerberosAuth.deregisters$((T5IJJJJJrcn|jstdtj|j||SNzHWinRM encryption is not available on the installed version of pykerberos)rwNotImplementedErrorrvrkrl)r3rrs r wrap_winrmzHTTPKerberosAuth.wrap_winrms7. r%&pqq q24<3EwOOOrcp|jstdtj|j|||Sr)rwrrvauthGSSWinRMDecryptMessagerl)r3rrr5s r unwrap_winrmzHTTPKerberosAuth.unwrap_winrms:. r%&pqq q24<3EwPVWWWrc|jro|jsht|jj}|d|d}t d|||j d<| d|j  |j |_n#t$r d|_YnwxYw|S)NT)rz6HTTPKerberosAuth: Preemptive Authorization header: {0}rr4)rqrur r,rrrrrr2 register_hookrrtellrora)r3r-rrs r__call__zHTTPKerberosAuth.__call__s  ; ;GK((1D66tTQU6VVK IINUUVabb c c c/:GOO ,j$*>??? |((**DHH    DHHH   sB22CC)F)rrrr7rr'rrrrrrrrrrrrrrhrhs)1UUd+/$ ,@1@1@1@1D4   ---^B'''RKKKPPP XXX rrh)-rv ImportError winkerberosloggingr=r[rJ cryptographyrcryptography.hazmat.backendsrcryptography.hazmat.primitivesrcryptography.exceptionsr requests.authrrequests.modelsrrequests.compatr r requests.structuresr requests.cookiesr requests.packages.urllib3r exceptionsrr getLoggerrrrrDISABLEDWarningrrr r<rXrfrhrrrrsM#OOOO###""""""# 888888111111888888""""""$$$$$$........333333000000222222HHHHHHHHg!!        G        7   @@@@@@@@:(0(((T`````x`````s