(Xc/JddlZddlmZddlmZddlmZddlm Z ddl m Z m Z ddlmZe dZe dZe d Ze d ZGd d ej&Zy) N)creds) named_tuples)names)oids)import_gssapi_extension _encode_dict cred_imp_exps4u cred_storerfc5588cPeZdZdZdZ ddej ejdej e dej e jdej e dej ejejd ed ej ej"ej$e efej$e effd dffd Zed e jfd Zed e fdZed ej.ejfdZed efdZe d dej e jdej e dej ejejd ed ej ej"ej$e efej$e effd ej8f dZ d!d ej ej"ej$e efej$e effd edej ejdeded ej>f dZ d"dej e jdej e dej ejejd ed df dZ! d#deded eded ejDf dZ# d#dejdededed ed ejHf dZ% d$de jdejd edej e dej e dej ejd ej ej"ej$e efej$e effd dfdZ&d e fdZ'd ejPejRdejPde fffdZ*xZ+S)% CredentialsaGSSAPI Credentials This class represents a set of GSSAPI credentials which may be used with and/or returned by other GSSAPI methods. It inherits from the low-level GSSAPI :class:`~gssapi.raw.creds.Creds` class, and thus may used with both low-level and high-level API methods. If your implementation of GSSAPI supports the credentials import-export extension, you may pickle and unpickle this object. The constructor either acquires or imports a set of GSSAPI credentials. If the `base` argument is used, an existing :class:`~gssapi.raw.creds.Creds` object from the low-level API is converted into a high-level object. If the `token` argument is used, the credentials are imported using the token, if the credentials import-export extension is supported (:requires-ext:`cred_imp_exp`). Otherwise, the credentials are acquired as per the :meth:`acquire` method. Raises: ~gssapi.exceptions.BadMechanismError ~gssapi.exceptions.BadNameTypeError ~gssapi.exceptions.BadNameError ~gssapi.exceptions.ExpiredCredentialsError ~gssapi.exceptions.MissingCredentialsError Nbasetokennamelifetimemechsusagestorereturnc||}nK|'t tdtj|}n"|j|||||} | j}t j dtt|'||S)NWYour GSSAPI implementation does not have support for importing and exporting creditials)rr) rcred_imp_expNotImplementedError import_credacquirertcastsuperr__new__) clsrrrrrrr base_credsres __class__s ./usr/lib/python3/dist-packages/gssapi/creds.pyr!zCredentials.__new__5s  J  $)+ABB'2259J++dHeU$)+CJvvmK5c:FH Hc tjtj|j ddddj S)z.Get the name associated with these credentialsTFrrrr)rrrnamesNameinquirerselfs r&rzCredentials.nameTs:vvfkklluE).#0046 6r'c ptjt|jddddjS)z;Get the remaining lifetime of these credentials, in secondsFTr))rrintr,rr-s r&rzCredentials.lifetime[s8vvcll).e#==EXG Gr'c tjtjtj|j ddddj S)z(Get the mechanisms for these credentialsFTr))rrSetroidsOIDr,rr-s r&rzCredentials.mechsbsEvvaeeEII&ll).d#<Get the usage (initiate, accept, or both) of these credentialsFTr))rrstrr,rr-s r&rzCredentials.usageis8vvcll)-U#<??#5)G"44Wd5=u5: >55dD6>6;=tDzsyy))r'ctj|||||}|j tj|j}nd}t j ||j|j|jS)aInspect these credentials for information This method inspects these credentials for information about them. Args: name (bool): get the name associated with the credentials lifetime (bool): get the remaining lifetime for the credentials usage (bool): get the usage for the credentials mechs (bool): get the mechanisms associated with the credentials Returns: InquireCredResult: the information about the credentials, with None used when the corresponding argument was False Raises: ~gssapi.exceptions.MissingCredentialsError ~gssapi.exceptions.InvalidCredentialsError ~gssapi.exceptions.ExpiredCredentialsError N) r: inquire_credrrr+r>InquireCredResultrrr)r.rrrrr$res_names r&r,zCredentials.inquirese6!!$huE 88 zz#((+HH''#,,(+ 399> >r' init_lifetimeaccept_lifetimectj||||||}|j tj|j}nd}t j ||j|j|jS)a$Inspect these credentials for per-mechanism information This method inspects these credentials for per-mechanism information about them. Args: mech (~gssapi.OID): the mechanism for which to retrieve the information name (bool): get the name associated with the credentials init_lifetime (bool): get the remaining initiate lifetime for the credentials in seconds accept_lifetime (bool): get the remaining accept lifetime for the credentials in seconds usage (bool): get the usage for the credentials Returns: InquireCredByMechResult: the information about the credentials, with None used when the corresponding argument was False N) r:inquire_cred_by_mechrrr+r>InquireCredByMechResultrRrSr)r.rArrRrSrr$rQs r&inquire_by_mechzCredentials.inquire_by_mech;ss8))$dM*95B 88 zz#((+HH--h.1.?.?.1.A.A.1ii9 9r' impersonatorc P| | td|8t tdt|}tj |||||||} nI|-t tdt j |||||||} ntj||||||} t| jS)a Acquire more credentials to add to the current set This method works like :meth:`acquire`, except that it adds the acquired credentials for a single mechanism to a copy of the current set, instead of creating a new set for multiple mechanisms. Unlike :meth:`acquire`, you cannot pass None desired name or mechanism. If the `impersonator` argument is used, the credentials will impersonate the given name using the impersonator credentials (:requires-ext:`s4u`). If the `store` argument is used, the credentials will be acquired from the given credential store (:requires-ext:`cred_store`). Otherwise, the credentials are acquired from the default store. The credential store information is a dictionary containing mechanisms-specific keys and values pointing to a credential store or stores. Note that the `store` argument is not compatible with the `impersonator` argument. Args: name (~gssapi.names.Name): the name associated with the credentials mech (~gssapi.OID): the desired :class:`MechType` to be used with the credentials usage (str): the usage for the credentials -- either 'both', 'initiate', or 'accept' init_lifetime (int): the desired initiate lifetime of the credentials in seconds, or None for indefinite accept_lifetime (int): the desired accept lifetime of the credentials in seconds, or None for indefinite impersonator (Credentials): the credentials to use to impersonate the given name, or None to not acquire normally (:requires-ext:`s4u`) store (dict): the credential store information pointing to the credential store from which to acquire the credentials, or None for the default store (:requires-ext:`cred_store`) Returns: Credentials: the credentials set containing the current credentials and the newly acquired ones. Raises: ~gssapi.exceptions.BadMechanismError ~gssapi.exceptions.BadNameTypeError ~gssapi.exceptions.BadNameError ~gssapi.exceptions.DuplicateCredentialsElementError ~gssapi.exceptions.ExpiredCredentialsError ~gssapi.exceptions.MissingCredentialsError zMYou cannot use both the `impersonator` and `store` arguments at the same timer8rI) ValueErrorr<rr add_cred_fromrJadd_cred_impersonate_namer:add_credrr) r.rrArrRrSrXrr@r$s r&addzCredentials.adddsD  !9BC C  ')+>??#5)G"00$d16 1@BC % )+EFF55dL6:D%6C6EGC //$dE="13C399%%r'cNt tdtj|S)ayExport these credentials into a token This method exports the current credentials to a token that can then be imported by passing the `token` argument to the constructor. This is often used to pass credentials between processes. :requires-ext:`cred_imp_exp` Returns: bytes: the exported credentials in token form r)rr export_credr-s r&exportzCredentials.exports/  %'=> >((..r'c<t|d|jffS)N)rLrar-s r& __reduce__zCredentials.__reduce__sT T4;;=122r')NNNNNbothN)NNNrdN)NrdNFF)NNNinitiate)TTTT)rdNNNN),__name__ __module__ __qualname____doc__ __slots__rOptionalr:Credsbytesr*r+r0Iterabler3r4r6DictUnionr!propertyrrr2rr classmethodr>r?rboolStoreCredResultrrMrPr,rVrWr^raTupleTyperc __classcell__)r%s@r&rrsBI*.#'(,$(37 Hjj&Hzz% Hjj% H **S/ H zz!**UYY/0 HHzz FF1775#:&s (;; < H H>6fkk66 G#GG CquuUYY'CC CsCC )-$(37 A6jj%A6**S/A6zz!**UYY/0 A6  A6 zz FF1775#:&s (;; < A6  ! !A6A6N &*!:Lzz FF1775#:&s (;; < :L  :L jj# :L:L:L   :L|)-$(37 $*jj%$***S/$*zz!**UYY/0 $*  $*  $*P #>#>#> #>  #>  ! ! #>P" $ '9ii'9'9 '9  '9  '9  ' ''9Z)-+/15 \&kk\&ii\& \& zz# \& C \&jj.\&zz FF1775#:&s (;; < \& \&|//,3  &e (<< =3r'r)typingr gssapi.rawrr:rr>rr*rr3 gssapi._utilsrrgssapirrJr<rErlrrr'r&r|sU&-&$?'7 #E * *<8' 2 K3&,,K3r'