h%=dZddlZddlmZddlmZmZddlmZm Z m Z ddl m Z ddl mZddlmZmZmZdd lmZdd lmZmZmZmZdd lmZdd lmZmZmZm Z Gd de Z!GddeZ"Gdde Z#GddeZ$iZ%iZ&GddeZ'GddeZ(GddeZ)dZ*dZ+dZ,dZ-de+zZ.de+zZ/de+zZ0de,zZ1de,zZ2de,zZ3d e,zZ4d!e,zZ5d"e,zZ6e6Z7d#e,zZ8d$e,zZ9d%e,zZ:d&e,zZ;d'e,zZd*e,zZ?d+e,zZ@de,zZAd,e,zZBd-e,zZCde-dzzZDde-dzzZEde-dzzZFde-dzzZGde-d zzZHidd.dd/dd0dd1d d2d!d3d"d4d#d5d$d6d%d7d&d8d'd9d(d:d)d;d*d<d+d=dd>d?d@dAdBdCdDZIGdEdFeZJGdGdHeZKGdIdJeZLGdKdLZMdS)Ma Generic Security Services (GSS) API Implements parts of: - GSSAPI: RFC4121 / RFC2743 - GSSAPI C bindings: RFC2744 This is implemented in the following SSPs: - :class:`~scapy.layers.ntlm.NTLMSSP` - :class:`~scapy.layers.kerberos.KerberosSSP` - :class:`~scapy.layers.spnego.SPNEGOSSP` - :class:`~scapy.layers.msrpce.msnrpc.NetlogonSSP` .. note:: You will find more complete documentation for this layer over at `GSSAPI `_ N) dataclass)IntEnumIntFlag) ASN1_SEQUENCEASN1_Class_UNIVERSAL ASN1_Codecs)BERcodec_SEQUENCE)conf) ASN1F_OID ASN1F_PACKETASN1F_SEQUENCE) ASN1_Packet) FieldLenFieldLEIntEnumField PacketField StrLenField)Packet)AnyListOptionalTupleceZdZdZdZdS)ASN1_Class_GSSAPIGSSAPI`N)__name__ __module__ __qualname__name APPLICATIONW/mounts/lovelace/software/anaconda3/lib/python3.11/site-packages/scapy/layers/gssapi.pyrr?s DKKKr"rceZdZejZdS)ASN1_GSSAPI_APPLICATIONNrrrrr tagr!r"r#r%r%D  'CCCr"r%ceZdZejZdS)BERcodec_GSSAPI_APPLICATIONNr&r!r"r#r*r*Hr(r"r*ceZdZejZdS)ASN1F_GSSAPI_APPLICATIONN)rrrrr ASN1_tagr!r"r#r,r,Ls ,HHHr"r,c |eZdZejZeeddeddddZ e ddZ dS) GSSAPI_BLOBMechType 1.3.6.1.5.5.2 innerTokenNc`t|jjtjSN) _GSSAPI_OIDSgetr0valr raw_layerpkts r#zGSSAPI_BLOB.bsL$4$4S\5Et~$V$Vr" next_cls_cbc|r\t|dkrIt|dddzdkrddlm}|S|dddkrddlm}|j|d|i|S|S) Nr)SPNEGO_negTokensNTLMSSP) NTLM_Header_pkt)lenordscapy.layers.spnegorAscapy.layers.ntlmrC dispatch_hook)clsrDargskargsrArCs r#rIzGSSAPI_BLOB.dispatch_hookfs  LCIINN48}}t#t++?????? '&BQBx:%%9999991{0TKdKUKKK r"r4 rrrrBER ASN1_codecr,r r ASN1_root classmethodrIr!r"r#r/r/ZsJ(( *o..   VV    I[r"r/c |eZdZejZeeddeddddZ e ddZ dS) GSSAPI_BLOB_SIGNATUREr0r1r2Nc`t|jjtjSr4)_GSSAPI_SIGNATURE_OIDSr6r0r7r r8r9s r#r;zGSSAPI_BLOB_SIGNATURE.s#$:$>$>  $.%%r"r<c|rPt|dkr=|dddvrddlm}|St|dkr|dddkrddlm}|S|S)N)ssr)KRB_InnerTokens)NTLMSSP_MESSAGE_SIGNATURE)rEscapy.layers.kerberosrXrHrZ)rJrDrKrLrXrZs r#rIz#GSSAPI_BLOB_SIGNATURE.dispatch_hooks  1CIINNBQBx555@@@@@@%%TaD!H0C$C$CGGGGGG00 r"r4rMr!r"r#rSrS|sJ(( *o..         I   [   r"rSc2eZdZdZdgZfdZfdZxZS) _GSSAPI_Fieldzt PacketField that contains a GSSAPI_BLOB_SIGNATURE, but one that can have a payload when not encrypted. pay_clscf||_t|dtdSr4)r^super__init__rS)selfrr^ __class__s r#raz_GSSAPI_Field.__init__s9     !     r"ct||\}}|r |r|||_d|fS||fS)Nr")r`getfieldr^payload)rbr:sremainr7rcs r#rez_GSSAPI_Field.getfieldsUgg&&sA..   c ,,v..CK8Os{r")rrr__doc__ __slots__rare __classcell__)rcs@r#r]r]sd I     r"r]r?rWrYrB GSS_C_AF_UNSPECGSS_C_AF_LOCAL GSS_C_AF_INETGSS_C_AF_IMPLINK GSS_C_AF_PUPGSS_C_AF_CHAOS GSS_C_AF_NS GSS_C_AF_NBS GSS_C_AF_ECMAGSS_C_AF_DATAKITGSS_C_AF_CCITT GSS_C_AF_SNAGSS_C_AF_DECnet GSS_C_AF_DLI GSS_C_AF_LATGSS_C_AF_HYLINKGSS_C_AF_APPLETALK GSS_C_AF_BSC GSS_C_AF_DSS GSS_C_AF_OSI GSS_C_AF_X25GSS_C_AF_NULLADDR)ryrzcTeZdZdZeddddeddd gZd ZdS) GssBufferDescgss_buffer_desclengthNvaluezsr") length_fromctjSr4)r padding_layer)rbrfs r#default_payload_classz#GssBufferDesc.default_payload_class s !!r")rrrrrr fields_descrr!r"r#rrs] D hTBBB GR-C-CDDDK """""r"rc eZdZdZeddeedeeeddeedeeeddegZdS) GssChannelBindingsgss_channel_bindings_structinitiator_addrtyperinitiator_addressacceptor_addrtypeacceptor_addressapplication_dataN) rrrrr _GSS_ADDRTYPErrrr!r"r#rrs (D+Q >> '-HH*A}== & GG &m<< KKKr"rc6eZdZdZdZdZdZdZdZdZ dZ d Z d Z d S) GSS_C_FLAGSz3 Authenticator Flags per RFC2744 req_flags r?rWrYrqrm ii i@N) rrrriGSS_C_DELEG_FLAGGSS_C_MUTUAL_FLAGGSS_C_REPLAY_FLAGGSS_C_SEQUENCE_FLAGGSS_C_CONF_FLAGGSS_C_INTEG_FLAGGSS_C_DCE_STYLEGSS_C_IDENTIFY_FLAGGSS_C_EXTENDED_ERROR_FLAGr!r"r#rrsPOO  &r"rc eZdZdZdZdZdZGddZGddeZ e j d)d ed e e fd Ze j d*d efd Ze j d*d efdZd+d efdZeGddZe j d,d edeededeeeeffdZe j d edeedeefdZeGddZe j d,d edeededefdZe j d edeedd fdZe j d efdZd,d ededefdZd edefdZ d,d ed ed!e!defd"Z"d efd#Z#d$Z$d efd%Z%d&Z&d'Z'd efd(Z(d S)-SSPz The general SSP class rc n|r2tddt|zdS)NzUnknown SSP parameters: ,) ValueErrorjoinlist)rbkwargss r#raz SSP.__init__4s=  R7#((4<<:P:PPQQ Q R Rr"c d|jjzS)Nz<%s>)rcrrbs r#__repr__z SSP.__repr__8s///r"cveZdZdZgdZd deefdZdZe dZ e j dZ d Z dS) SSP.CONTEXTzO A Security context i.e. the 'state' of the secure negotiation )state_flagspassiveN req_flagscX|tjtjz}||_d|_dS)NF)rrrflagsr)rbrs r#razSSP.CONTEXT.__init__Bs4  9!34#DJ DLLLr"cdSr4r!rs r# clifailurezSSP.CONTEXT.clifailureLs Dr"c|jSr4)rrs r#rzSSP.CONTEXT.flagsRs ; r"cHtt||_dSr4)rintr)rbxs r#rzSSP.CONTEXT.flagsVs%c!ff--DKKKr"cdS)Nz [Default SSP]r!rs r#rzSSP.CONTEXT.__repr__Zs"?r"r4) rrrrirjrrrarpropertyrsetterrr!r"r#CONTEXTr;s  322  ! !h{&; ! ! ! !          . .  . # # # # #r"rceZdZdZdS) SSP.STATEz< An Enum that contains the states of an SSP N)rrrrir!r"r#STATEr]s    r"rNContextrct)zD GSS_Init_sec_context: client-side call for the SSP NotImplementedError)rbrr7rs r#GSS_Init_sec_contextzSSP.GSS_Init_sec_contextbs "!r"ct)zF GSS_Accept_sec_context: server-side call for the SSP rrbrr7s r#GSS_Accept_sec_contextzSSP.GSS_Accept_sec_contextk "!r"ct)zM GSS_Passive: client/server call for the SSP in passive mode rrs r# GSS_PassivezSSP.GSS_Passivetrr"FcdS)zW GSS_Passive_set_Direction: used to swap the direction in passive mode Nr!)rbr IsAcceptors r#GSS_Passive_set_DirectionzSSP.GSS_Passive_set_Direction{s  r"c.eZdZUeed<eed<eed<dS) SSP.WRAP_MSG conf_req_flagsigndataNrrrbool__annotations__bytesr!r"r#WRAP_MSGrs.  r"rmsgsqop_reqreturnct)z GSS_WrapEx :param Context: the SSP context :param qop_req: int (0 specifies default QOP) :param msgs: list of WRAP_MSG :returns: (data, signature) rrbrrrs r# GSS_WrapExzSSP.GSS_WrapEx "!r"ct)z :param Context: the SSP context :param msgs: list of WRAP_MSG :param signature: the signature :raises ValueError: if MIC failure. :returns: data rrbrr signatures r# GSS_UnwrapExzSSP.GSS_UnwrapExs "!r"c$eZdZUeed<eed<dS) SSP.MIC_MSGrrNrr!r"r#MIC_MSGrs"  r"rct)z GSS_GetMICEx :param Context: the SSP context :param qop_req: int (0 specifies default QOP) :param msgs: list of VERIF_MSG :returns: signature rrs r# GSS_GetMICExzSSP.GSS_GetMICExrr"ct)z :param Context: the SSP context :param msgs: list of VERIF_MSG :param signature: the signature :raises ValueError: if MIC failure. rrs r#GSS_VerifyMICExzSSP.GSS_VerifyMICExs "!r"ct)z Returns the Maximum Signature length. This will be used in auth_len in DceRpc5, and is necessary for PFC_SUPPORT_HEADER_SIGN to work properly. rrbrs r#MaximumSignatureLengthzSSP.MaximumSignatureLengths "!r"messagec^|||d|g|S)NTrrr)rr)rbrrrs r# GSS_GetMICzSSP.GSS_GetMICsH      !   r"c`|||d|g|dS)NTr)rr)rbrrrs r# GSS_VerifyMICzSSP.GSS_VerifyMICsM       r" input_messagerc||||d|g|\}}|djr||djz}|S)NTrrrrr)rrr)rbrr rr_msgsrs r#GSS_Wrapz SSP.GSS_Wrapss ??  "/& +   y 8= ' q &Ir"c0d}|jrU|jjr |jj}nt|j}|}||||dd|g|djS)Nr"Tr r)rforiginalrcopyremove_payloadrrr)rbrrrs r# GSS_UnwrapzSSP.GSS_Unwraps   ' ) 0 (1Y.//!((I  $ $ & & &   "&         r"cdS)zF Server-Initiation See [MS-SPNG] sect 3.2.5.2 NNr!rs r# NegTokenInit2zSSP.NegTokenInit2 s zr"cdS)zD Returns whether or not mechListMIC can be computed Fr!rs r#canMechListMICzSSP.canMechListMIC's ur"cHt|||S)z% Compute mechListMIC )rr)rbrinputs r#getMechListMICzSSP.getMechListMIC-s T__We44555r"c0||||S)z$ Verify mechListMIC )r )rbrotherMICrs r#verifyMechListMICzSSP.verifyMechListMIC3s!!'5(;;;r"cdS)z Returns the amount of 'legs' (how MS calls it) of the SSP. i.e. 2 for Kerberos, 3 for NTLM and Netlogon rWr!rs r# LegsAmountzSSP.LegsAmount9s qr"rr4)F)r))rrrri auth_typerarrrrabcabstractmethodrrrrrrrrrrrrrrrrrrrrr rrrrrrrr!r!r"r#rr-s/IRRR000 # # # # # # # #D         MQ"""5=k5J"""" ""g"""" ""7""""       Y  EF " " "&*8n "?B " tH~s" # " " " "  " "&*8n " h " " " "Y DE " " "&*7m ">A "  " " " " "w"d7m"SW"""" "g""""   '  E  C       W  u     &    0'2g 666 <<< 'r"r)Nrir# dataclassesrenumrrscapy.asn1.asn1rrrscapy.asn1.berr scapy.asn1.mibr scapy.asn1fieldsr r r scapy.asn1packetr scapy.fieldsrrrr scapy.packetrtypingrrrrrr%r*r,r5rUr/rSr]GSS_S_COMPLETEGSS_C_CALLING_ERROR_OFFSETGSS_C_ROUTINE_ERROR_OFFSETGSS_C_SUPPLEMENTARY_OFFSETGSS_S_CALL_INACCESSIBLE_READGSS_S_CALL_INACCESSIBLE_WRITEGSS_S_CALL_BAD_STRUCTUREGSS_S_BAD_MECHGSS_S_BAD_NAMEGSS_S_BAD_NAMETYPEGSS_S_BAD_BINDINGSGSS_S_BAD_STATUS GSS_S_BAD_SIG GSS_S_BAD_MIC GSS_S_NO_CREDGSS_S_NO_CONTEXTGSS_S_DEFECTIVE_TOKENGSS_S_DEFECTIVE_CREDENTIALGSS_S_CREDENTIALS_EXPIREDGSS_S_CONTEXT_EXPIRED GSS_S_FAILURE GSS_S_BAD_QOPGSS_S_UNAUTHORIZEDGSS_S_UNAVAILABLEGSS_S_DUPLICATE_ELEMENTGSS_S_NAME_NOT_MNGSS_S_CONTINUE_NEEDEDGSS_S_DUPLICATE_TOKENGSS_S_OLD_TOKENGSS_S_UNSEQ_TOKENGSS_S_GAP_TOKENrrrrrr!r"r#rNs ( !!!!!!!!!!!!!! -,,,,, )(((((  , (((((m(((((((("3(((-----~---  +DK<K2  !$>> !%? ? ::0000444422//  // 2277#=="<<8800 00 5544 ::4481<=81<=2Q674q892Q67  ~   }~ !"#$  - :"""""F"""'''''''''"RRRRRRRRRRr"