h>SrSSKrSSKr\Rr"SS5r"SS\5r"SS\5r\S :XGaS r\R\R-\R-\R-\R-r\R"S\\R SS5urr\R'\R(5r\"S \5 \"\\\S 9r\"\\S 9r\"SR3\R4S\R4S55 SrSrSr\R<(a!\(a\"\SR@5(a\S- r\RC\5ur"r\"S\-5 \R<(a\"\SR@5S:XaOZ\S- r\RC\5ur"r\"S\-5 \R<(dM\(a\"\SR@5(aM\"S\RF5 \"S\RH5 Sr%\RM\%5r'\RQ\%\'5 \RS\%5ur*r'\RW\*\'5r,\,\%:Xde\R[\%5r.\R_\.5ur0r1\"S\15 \%\0:Xde\R[\%SS9r.\R_\.5ur0r1\"S\15 \%\0:Xde\"S5 gg)a6 Helper classes for SSPI authentication via the win32security module. SSPI authentication involves a token-exchange "dance", the exact details of which depends on the authentication provider used. There are also a number of complex flags and constants that need to be used - in most cases, there are reasonable defaults. These classes attempt to hide these details from you until you really need to know. They are not designed to handle all cases, just the common ones. If you need finer control than offered here, just use the win32security functions directly. NcT\rSrSrSrSrSrSrSrSr Sr S r SS jr S r S rg ) _BaseAuthc$UR5 g)N)resetselfs aC:\Users\julio\OneDrive\Documentos\Trabajo\Ideas Frescas\venv\Lib\site-packages\win32/lib/sspi.py__init___BaseAuth.__init__s  cJSUlSUlSUlSUlSUlg)z)Reset everything to an unauthorized stateNFr)ctxt authenticatedinitiator_name service_name next_seq_numrs r r_BaseAuth.resets+;? "" r cHURnU=RS- slU$)zcGet the next sequence number for a transmission. Default implementation is to increment a counter )r)r rets r _get_next_seq_num_BaseAuth._get_next_seq_num%s% Q r c URR[R5nUSn[R "5nUR [R"[U5[R55 UR [R"U[R55 XSl URRSX@R55 USRUSR4$)zEncrypt a string, returning a tuple of (encrypted_data, trailer). These can be passed to decrypt to get back the original string. SecurityTrailerrr)rQueryContextAttributessspiconSECPKG_ATTR_SIZES win32securityPySecBufferDescTypeappendPySecBufferTypelenSECBUFFER_DATASECBUFFER_TOKENBufferEncryptMessager)r data pkg_size_info trailersizeencbufs r encrypt_BaseAuth.encrypt-s 889R9RS #$56 224 m33CIw?U?UVW  ) )+w7N7N O  q    F,B,B,DEay!1!111r c[R"5nUR[R"[ U5[ R 55 UR[R"[ U5[ R55 XSlX#SlURRX0R55 USR$)zADecrypt a previously encrypted string, returning the orignal datarr) rr r!r"r#rr$r%r&rDecryptMessager)r r(trailerr+s r decrypt_BaseAuth.decrypt=s224 m33CIw?U?UVW  ) )#g,8O8O P  q "q    )?)?)ABayr cURR[R5nUSn[R "5nUR [R"[U5[R55 UR [R"U[R55 XSl URRSX@R55 USR$)zsign a string suitable for transmission, returning the signature. Passing the data and signature to verify will determine if the data is unchanged. MaxSignaturerr)rrrrrr r!r"r#r$r%r& MakeSignaturer)r r(r)sigsizesigbufs r sign_BaseAuth.signIs  889R9RS /224 m33CIw?U?UVW m33GW=T=TUVq  6+A+A+CDayr c[R"5nUR[R"[ U5[ R 55 UR[R"[ U5[ R55 XSlX#SlURRX0R55 g)zWVerifies data and its signature. If verification fails, an sspi.error will be raised. rrN) rr r!r"r#rr$r%r&rVerifySignaturer)r r(sigr7s r verify_BaseAuth.verifyXs224 m33CIw?U?UVW m33CHg>U>UVWq q  !!&*@*@*BCr c[R"5nUR[R"[ U5[ R 55 XSlUR[R"S[ R55 URRX R55nUSRnXC[ R:X+4$)a GSSAPI's unwrap with SSPI. https://learn.microsoft.com/en-us/windows/win32/secauthn/sspi-kerberos-interoperability-with-gssapi Usable mainly with Kerberos SSPI package, but this is not enforced. Return the clear text, and a boolean that is True if the token was encrypted. rr) rr r!r"r#rSECBUFFER_STREAMr&r$rr/rSECQOP_WRAP_NO_ENCRYPT)r tokenbufferpfQOPrs r unwrap_BaseAuth.unwrapds224  ) )#e*g6N6N O !q   m33Aw7M7MNO ((1G1G1IJ 1I   > >???r cURR[R5nUSnUSn[R "5nUR [R"[U5[R55 XSl UR [R"U[R55 UR [R"U[R55 U(aSO[RnURRXvUR55 USRUSR-USR-nU$)a GSSAPI's wrap with SSPI. https://learn.microsoft.com/en-us/windows/win32/secauthn/sspi-kerberos-interoperability-with-gssapi Usable mainly with Kerberos SSPI package, but this is not enforced. Wrap a message to be sent to the other side. Encrypted if encrypt is True. r BlockSizerr)rrrrrr r!r"r#r$r&r%SECBUFFER_PADDINGrAr'r) r msgr, size_info trailer_size block_sizerCfQOPrEs r wrap_BaseAuth.wrap}sII44W5N5NO  !23 {+ 224  m33CHg>T>TUVq    ) ),8O8O P   ) )*g6O6O P q!?!?   t/E/E/GH 1I  vay// /&)2B2B Br cUR(d [S5eURR[R 5nUuUlUlg![a gf=f)zHAdds initiator and service names in the security context for ease of usez+Sec context is not completely authenticatedN) r ValueErrorrrrSECPKG_ATTR_NATIVE_NAMESrrerror)r namess r _amend_ctx_name_BaseAuth._amend_ctx_names\!!JK K ;II44W5U5UVE 6; 2D !2    s)A A$#A$)rrrrrN)F)__name__ __module__ __qualname____firstlineno__r rrr,r1r8r=rFrQrX__static_attributes__r r rrs72     D@2#J ;r rcF\rSrSrSrSSSS\R 4SjrSrSr g) ClientAuthz;Manages the client side of an SSPI authentication handshakeNcUcC[R[R-[R-[R-nXPlX`lX@l[R"U5Ul [R"UURS[RSU5uUl Ul[R!U5 gNName)rISC_REQ_INTEGRITYISC_REQ_SEQUENCE_DETECTISC_REQ_REPLAY_DETECTISC_REQ_CONFIDENTIALITYscflagsdatarep targetspnrQuerySecurityPackageInfopkg_infoAcquireCredentialsHandleSECPKG_CRED_OUTBOUND credentialscredentials_expiryrr )r pkg_name client_name auth_inforlrjrks r r ClientAuth.__init__s ?))112//0112    "%>>xH   2 2  MM& !  ( (        # 4 r c Ub[U[R5(d`[R"5n[R"URS[ R 5nXlURU5 Un[R"5n[R"URS[ R 5nURU5 URnURc[R"5Ul [R"URUURURURUURU5upgnXplXlU[ R$[ R&4;aURR)U5 US:HUlUR*(aUR-5 Xd4$)zVPerform *one* step of the client authentication process. Pass None for the first roundMaxTokenr) isinstancerr r"rnrr%r&r!rPyCtxtHandleTypeInitializeSecurityContextrqrlrjrk ctxt_attr ctxt_expirySEC_I_COMPLETE_NEEDEDSEC_I_COMPLETE_AND_CONTINUECompleteAuthTokenrrX r sec_buffer_insec_buffer_newtokenbufsec_buffer_outctxtinerrattrexps r authorizeClientAuth.authorizesv  $Z =<<. . +>>@N$44 j)7+B+BH,O  ! !( +*M&::< 00 MM* %w'>'>  h' 99 %668DI&@@     NN LL LL  II   3 700'2U2UV V II ' ' 7 AX     """r ) rrqrrrr|r}rkrnrjrl rZr[r\r]__doc__rSECURITY_NETWORK_DREPr rr^r_r r raras'E --!@,#r racB\rSrSrSrSS\R 4SjrSrSr g) ServerAuthiz;Manages the server side of an SSPI authentication handshakeNcX lX@lUcC[R[R-[R -[R -nX0l[R"U5Ul [R"X RS[RSS5uUl Ul[R!U5 grd)spnrkrASC_REQ_INTEGRITYASC_REQ_SEQUENCE_DETECTASC_REQ_REPLAY_DETECTASC_REQ_CONFIDENTIALITYrjrrmrnroSECPKG_CRED_INBOUNDrqrrrr )r rsrrjrks r r ServerAuth.__init__s ?))112//0112  %>>xH  2 2 v&(C(CT4     # 4 r c Ub[U[R5(d`[R"5n[R"URS[ R 5nXlURU5 Un[R"5n[R"URS[ R 5nURU5 URnURc[R"5Ul [R"URUUURURURU5upgnXplXlU[ R"[ R$4;aURR'U5 US:HUlUR((aUR+5 Xd4$)z8Perform *one* step of the server authentication process.rxr)ryrr r"rnrr%r&r!rrzAcceptSecurityContextrqrjrkr|r}r~rrrrXrs r rServerAuth.authorize so  $Z =<<. . +>>@N$44 j)7+B+BH,O  ! !( +*M&::< 00 MM* %w'>'>  h' 99 %668DI&<<      LL LL II  3 700'2U2UV V II ' ' 7 AX     """r ) rrqrrrr|r}rkrnrjrrr_r r rrsE!$8U8U!6-#r r__main__KerberoszWe are:)rjrl)rjz SSP : {} ({})reCommentrzClient step %szServer step %sz%Initiator name from the service side:z%Service name from the client side: shelloz encrypted ?T)r,zcool!)2rrrrVrrarrZsspISC_REQ_MUTUAL_AUTHrfrgrirhflagsror cred_handlerQueryCredentialsAttributesSECPKG_CRED_ATTR_NAMEScredprint sspiclient sspiserverformatrn sec_buffer client_step server_steprr#r&rrrrr(r8r<r=r, encryptedr1 decryptedrQwrappedrF unwrapped was_encryptedr_r r rs  V;V;rO#O#dK#K#\ z C ##  # # $  ) ) *  ) ) *  ' '  ( %== c7..dK  1 1'2P2P QD )TC$?JC/J     ')<)R>R:S:Sq $..z:Z ,-  # #JqM,@,@(AQ(F q $..z:Z ,-&&&:#jm>R>R:S:S 1:3L3LM 1:3J3JK D //$ CdC  ''-NIs""9c2I   ood#G)009I} -' 9  oodDo1G)009I} -' 9   'N[r