aRVdZddlZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z m Z mZmZmZmZmZddlmZmZddlmZmZddlmZd ZGd d eZd ZGd deZ y)z Packet handling N)HMAC)util) linefeed_byte cr_byte_valueasbytes MSG_NAMESDEBUG xffffffff zero_byte)ubyte_ord) SSHExceptionProxyCommandFailure)Messagec8t|||jSN)rdigest)keymessage digest_classs /lib/python3.12/site-packages/paramiko/packet.py compute_hmacr.s Wl + 2 2 44ceZdZdZy)NeedRekeyExceptionz1 Exception indicating a rekey is needed. N)__name__ __module__ __qualname____doc__rrrr2s  rrcd}t|jtur't|jdkDr|jd}|S)Nr)typeargstuplelen)eargs r first_argr(:s7 C AFF|uQVVqffQi JrceZdZdZeddZeddZeddZeddZdZ e dZ dZ d!dZ d"dZd Zd Zd Zd Zd ZdZdZdZdZdZdZdZdZd"dZdZdZdZdZ dZ!dZ"dZ#dZ$dZ%y )# Packetizerz9 Implementation of the base SSH packet protocol. c||_d|_d|_d|_d|_d|_t |_d|_d|_ d|_ d|_ d|_ d|_ d|_d|_d|_d|_d|_d|_d|_d|_d|_t |_t |_d|_d|_d|_d|_d|_d|_t?j@|_!d|_"tGjF|_$d|_%d|_&d|_'d|_(y)NFr))_Packetizer__socket_Packetizer__logger_Packetizer__closed_Packetizer__dump_packets_Packetizer__need_rekey_Packetizer__init_countbytes_Packetizer__remainder_Packetizer__sent_bytes_Packetizer__sent_packets_Packetizer__received_bytes_Packetizer__received_packets$_Packetizer__received_bytes_overflow&_Packetizer__received_packets_overflow_Packetizer__block_size_out_Packetizer__block_size_in_Packetizer__mac_size_out_Packetizer__mac_size_in_Packetizer__block_engine_out_Packetizer__block_engine_in_Packetizer__sdctr_out_Packetizer__mac_engine_out_Packetizer__mac_engine_in_Packetizer__mac_key_out_Packetizer__mac_key_in _Packetizer__compress_engine_out_Packetizer__compress_engine_in _Packetizer__sequence_number_out_Packetizer__sequence_number_in_Packetizer__etm_out_Packetizer__etm_in threadingRLock_Packetizer__write_lock_Packetizer__keepalive_intervaltime_Packetizer__keepalive_last_Packetizer__keepalive_callback_Packetizer__timer_Packetizer__handshake_complete_Packetizer__timer_expired)selfsockets r__init__zPacketizer.__init__Qs?   #! 7 !"#)*&+,(!" "&!%  $#"W!G%)"$(!%&"$%! &OO-%&! $ $(! $)!$rc|jSr)r1rXs rclosedzPacketizer.closeds }}rc||_y)z? Set the Python log object to use for logging. N)r0)rXlogs rset_logzPacketizer.set_logs  rc||_||_||_||_||_||_d|_d|_||_|xjdzc_ |jdk(rd|_ d|_ yy)zd Switch outbound data cipher. :param etm: Set encrypt-then-mac from OpenSSH rFN) rArCr=rDr?rFr7r8rLr4r3)rX block_engine block_size mac_enginemac_sizemac_keysdctretms rset_outbound_cipherzPacketizer.set_outbound_ciphers#/  * *&$ Q    ! !D  %D  "rc||_||_||_||_||_d|_d|_d|_d|_||_ |xjdzc_ |jdk(rd|_ d|_ yy)zc Switch inbound data cipher. :param etm: Set encrypt-then-mac from OpenSSH rr+rcFN) rBr>rEr@rGr9r:r;r<rMr4r3)rXrdrerfrgrhrjs rset_inbound_cipherzPacketizer.set_inbound_ciphers".))%# !"#)*&+,(  Q    ! !D  %D  "rc||_yr)rHrX compressors rset_outbound_compressorz"Packetizer.set_outbound_compressors %/"rc||_yr)rIros rset_inbound_compressorz!Packetizer.set_inbound_compressors $.!rcFd|_|jjyNT)r1r/closer\s rrvzPacketizer.closes  rc||_yrr2)rXhexdumps r set_hexdumpzPacketizer.set_hexdumps %rc|jSrrxr\s r get_hexdumpzPacketizer.get_hexdump"""rc|jSr)r@r\s rget_mac_size_inzPacketizer.get_mac_size_ins!!!rc|jSr)r?r\s rget_mac_size_outzPacketizer.get_mac_size_outr}rc|jS)z Returns ``True`` if a new set of keys needs to be negotiated. This will be triggered during a packet read or write, so it should be checked after every read or write, or at least after every few. r3r\s r need_rekeyzPacketizer.need_rekeys    rcR||_||_tj|_y)z Turn on/off the callback keepalive. If ``interval`` seconds pass with no data read from or written to the socket, the callback will be executed and the timer will be reset. N)rQrTrRrS)rXintervalcallbacks r set_keepalivezPacketizer.set_keepalives" %-!$,! $ rcd|_yru)rWr\s r read_timerzPacketizer.read_timers #rc|jsItjt||j|_|jj yy)z Tells `Packetizer` that the handshake process started. Starts a book keeping timer that can signal a timeout in the handshake process. :param float timeout: amount of seconds to wait before timing out N)rUrNTimerfloatrstart)rXtimeouts rstart_handshakezPacketizer.start_handshakes:||$??5>4??KDL LL   rcN|jsy|jry|jS)aR Checks if the handshake has timed out. If `start_handshake` wasn't called before the call to this function, the return value will always be `False`. If the handshake completed before a timeout was reached, the return value will be `False` :return: handshake time out status, as a `bool` F)rUrVrWr\s rhandshake_timed_outzPacketizer.handshake_timed_outs&||  $ $###rcn|jr)|jjd|_d|_yy)zF Tells `Packetizer` that the handshake has completed. FTN)rUcancelrWrVr\s rcomplete_handshakezPacketizer.complete_handshakes0 << LL   !#(D (,D % rc(t}t|jdkDr1|jd|}|j|d|_|t|z}|dkDrd}|jr t  |j j |}t|dk(r t ||z }|t|z}|rL|jr t |r$t|dk(r|jr t!|j#|dkDr|S#tj$rd}Ymtj$rV}t|}|tjk(rd}n+|tjk(rn|jr t Yd}~d}~wwxYw)a& Read as close to N bytes as possible, blocking as long as necessary. :param int n: number of bytes to read :return: the data read, as a `str` :raises: ``EOFError`` -- if the socket was closed before all the bytes could be read rNFT)r5r%r6rEOFErrorr/recvrYrerrorr(errnoEAGAINEINTRr1r3r_check_keepalive)rXn check_rekeyout got_timeoutxr&r's rread_allzPacketizer.read_allshg t 1 $""2A&C#//3D  SMA!eK'')j  MM&&q)q6Q;"*$qSV "=="*$CHMt7H7H,..%%'?!e@ ->> #" <<  l%,,&"&KEKK']]"*$ s 6ADF)F;A F  FcHtj|_d}t|dkDrud} |jj |}|rd}|jrd}ndk(r|dkDrd}|dz }|dkr t|t|k(r y||d}t|dkDruy#t j $rd}Yot j$rC}t|}|tjk(rd}n|tjk(rd}nd}Yd}~d}~wt$rt$rd}YwxYw)NrFT rb)rRrSr%r/sendrYrrr(rrrr Exceptionr1r)rXr#iteration_with_zero_as_return_value retry_writerr&r's r write_allzPacketizer.write_allJs( $ ./+#hlK MM&&s+"==A6ABF A3q831uj CH}ab'CK#hlL E>> #" << l%,,&"&KEKK'"&KA&   s#B D!7D! 9DD! D!c|j}t|vr||j|z }t|vr|jt}||dzd|_|d|}t |dkDr|dt k(r|dd}t |S)z Read a line from the socket. We assume no data is pending after the line, so it's okay to attempt large reads. rbNrr)r6r _read_timeoutindexr%rr )rXrbufrs rreadlinezPacketizer.readlineus 3& 4%%g. .C3& IIm $q1uw<"1g HqLs2w-7cr(Cv rct|}t|d}|tvr t|}ndj|}t |}|j j  |j|j|}|j|}|jrP|jtdj|||jttj|d|jM|jr%|dd|jj!|ddz}n|jj!|}n|}|jdt#j$d|j&}||jr|n|z}|t)|j*||j,d|j.z }|j&dzt0z|_|j3||xj4t |z c_|xj6dz c_|j6|j8k\xs|j4|j:k\} | rf|j<sZd } |jt| j|j6|j4d|_d|_ |jC|j jEy#|j jEwxYw) zR Write a block of data using the current cipher, as an SSH block. r${:x}NzWrite packet <{}>, length {}zOUT: >Irbz(Rekeying (hit {} packets, {} bytes sent))#rr rformatr%rPacquirerH _build_packetr2_logr r format_binaryrArLupdatestructpackrJrrFrDr?r rr7r8 REKEY_PACKETS REKEY_BYTESr3r;r<_trigger_rekeyrelease) rXdatacmdcmd_nameorig_lenpacketrpackedpayload sent_too_muchmsgs r send_messagezPacketizer.send_messages t}tAw )  ~H~~c*Ht9 !!#0 ())511$7''-F"" 299(HM %!3!3FG!DE&&2>> 1+(?(?(F(Fqr )C1188@C&&2T4+E+EF 4>>CvF|&&1F1F'D''))**Q.*D & NN3    S )    1 $ ##t'9'999$$(8(88 T%6%6@ 3::d&9&94;L;LM23.340##%    % % 'D   % % 's #IKK*c  |j|jd}|jrtjd|ddd}||jz dz}|dd|j|dz}|j|j d}tj d|j||z}t|j||jd|j }tj||s td |}|j|jj|}|j r*|j#t$tj&|d |jr|}ntjd|ddd}|dd}|t)|z |jzdk7r td |j||j zt)|z } | d|t)|z }| |t)|z d} |j|jj|}||z}|j r*|j#t$tj&|d |j dkDr|js d|j }tj d|j|z}t|j||jd|j }tj||s td t+|d} |d | z } |j r&|j#t$d j-|| |j.|j/| } t1| d d} |j| _|jd zt4z|_||j zdz}|xj6|z c_|xj8d z c_|j:rg|xj<|z c_|xj>d z c_|j>|j@k\s|j<|jBk\rtd|j8|jDk\s|j6|jFk\rZd}|j#t$|j-|j8|j6d|_d|_|jIt+| d}|tJvr tJ|}ndj-|}|j r/|j#t$dj-|t)| || fS)z Only one thread should ever be in this function (no other locking is done). :raises: `.SSHException` -- if the packet is mangled :raises: `.NeedRekeyException` -- if the transport should rekey T)rrNrrFz>IIzMismatched MACzIN: zInvalid packet blockingrbz"Got payload ({} bytes, {} padding)z+Remote transport is ignoring rekey requestsz,Rekeying (hit {} packets, {} bytes received)rzRead packet <{}>, length {})&rr>rMrunpackr@rrKrrGrErconstant_time_bytes_eqrrBrr2rr rr%r rrIrseqnor r9r:r3r;r<REKEY_PACKETS_OVERFLOW_MAXREKEY_BYTES_OVERFLOW_MAXrrrr)rXheader packet_size remainingrmac mac_payloadmy_macleftoverr post_packetpaddingrrraw_packet_sizeerrrrs r read_messagezPacketizer.read_messagest33F == --fRaj9!IABZ$-- u-"MMF-- 2 2-FC E4#<#&F    IIeT//? @    !$--2 2 23C E4#<#%>%Bi$O!&(:(::Q> 0 1$     * *o = *  , , 1 ,00223..$2O2OO"A%%););;  ! !T%5%5 5AC II 422D4I4IJ ./D */0D ,    !wqz" )  ~H~~c*H    II-44Xs7|L Cxrc|jytt|tr$|D]}|jj || y|jj ||yr)r0 issubclassr"listr_)rXlevelrms rrzPacketizer._logEsV ==  d3i & , !!%+ , MM  eS )rc|jr|jr |jrytj}||j|jzkDr|j ||_yyr)rQrAr3rRrSrT)rXnows rrzPacketizer._check_keepaliveNs`))**   iik &&)B)BB B  % % '$'D ! Crctj} |jjd}t|dk(r t  |S#t j $rYn3t$r(}t|tjk(rnYd}~nd}~wwxYw|jr t tj}||z |k\rt j )Nr) rRr/rr%rrYrEnvironmentErrorr(rrr1)rXrrrr&rs rrzPacketizer._read_timeout[s  MM&&s+q6Q;"*$>> # Q<5;;.  }}j ))+CU{g%nn&&#s3A B"B*B  Bc>|j}|jrdnd}d|zt||z|zz }tjdt||zdz|}||z }|j s |j |t|zz }|S|tj|z }|S)Nrr.rcz>IBrb) r=rLr%rrrCrAr osurandom)rXrbsizeaddlenrrs rrzPacketizer._build_packetqs%%nn!e)G v 5>?UCL7$:Q$>H'   t66> i') )F  bjj) )F rcd|_yrurr\s rrzPacketizer._trigger_rekeys  rN)FF)F)&rrrrpowrrrrrZpropertyr]r`rkrmrqrsrvrzr|rrrrrrrrrrrrrrrrrrr rrr*r*As 2JMa*K"%Q"1bz.%` &J &<0/&#"#!,$ !$ -1f)V =(~~D* (,$!rr*)!rrrrYrrNrRhmacrparamikorparamiko.commonrrrrr r r paramiko.py3compatr r paramiko.ssh_exceptionrrparamiko.messagerrrrr(objectr*r rrrsb&  +D$5  D !D !r