관리-도구

편집 파일: openssh.cpython-39.pyc

a ����٠�g}.����������������������@���st���d�d
l�Z�d�d
l
Z
d�d
lZd�dlmZ
�ddlmZ
�G�dd��de�ZG�dd��de�ZG�d d ��d e�Z dd��Z d d��Zd
S�)�����N)
�mkstemp�
���)
�ConfigGeneratorc�������������������@���s����e�Z
d�Zd
ddddddddddddd d ddddddd�Zd dddddd�Zddddddd�Zddddddd d!d"d#d$� Zd%d&d'�Zd(d)d*d+d,d-d.d/�Zd0d1d2d3d4d5d6d7d8d9d:� Z d;d<d=d>d?d@dAdBdCdDd:� Z edEdF���
ZdGS�)H�OpenSSHGeneratorzaes256-gcm@openssh.comz aes256-ctr��z aes192-ctrzaes128-gcm@openssh.comz aes128-ctrzchacha20-poly1305@openssh.comz aes256-cbcz aes192-cbcz aes128-cbcz3des-cbc)zAES-256-GCMzAES-256-CTRzAES-192-GCMzAES-192-CTRzAES-128-GCMzAES-128-CTRzCHACHA20-POLY1305zCAMELLIA-256-GCMzAES-256-CCMzAES-192-CCMzAES-128-CCMzCAMELLIA-128-GCMzAES-256-CBCzAES-192-CBCzAES-128-CBCzCAMELLIA-256-CBCzCAMELLIA-128-CBCzRC4-128zDES-CBCzCAMELLIA-128-CTSz3DES-CBCzhmac-md5-etm@openssh.comzumac-64-etm@openssh.comzumac-128-etm@openssh.comzhmac-sha1-etm@openssh.comzhmac-sha2-256-etm@openssh.comzhmac-sha2-512-etm@openssh.com)zHMAC-MD5zUMAC-64zUMAC-128z HMAC-SHA1z HMAC-SHA2-256z HMAC-SHA2-512zhmac-md5zumac-64@openssh.comzumac-128@openssh.comz hmac-sha1z hmac-sha2-256z hmac-sha2-512zecdh-sha2-nistp521zecdh-sha2-nistp384zecdh-sha2-nistp256z.curve25519-sha256,curve25519-sha256@libssh.orgzdiffie-hellman-group1-sha1zdiffie-hellman-group14-sha1zdiffie-hellman-group14-sha256zdiffie-hellman-group16-sha512zdiffie-hellman-group18-sha512z"sntrup761x25519-sha512@openssh.com) zECDHE-SECP521R1-SHA2-512zECDHE-SECP384R1-SHA2-384zECDHE-SECP256R1-SHA2-256zECDHE-X25519-SHA2-256zDHE-FFDHE-1024-SHA1zDHE-FFDHE-2048-SHA1zDHE-FFDHE-2048-SHA2-256zDHE-FFDHE-4096-SHA2-512zDHE-FFDHE-8192-SHA2-512zSNTRUP-X25519-SHA2-512z"diffie-hellman-group-exchange-sha1z$diffie-hellman-group-exchange-sha256)zDHE-SHA1zDHE-SHA2-256z gss-gex-sha1-zgss-group1-sha1-zgss-group14-sha1-zgss-group14-sha256-zgss-nistp256-sha256-zgss-curve25519-sha256-zgss-group16-sha512-)zDHE-GSS-SHA1zDHE-GSS-FFDHE-1024-SHA1zDHE-GSS-FFDHE-2048-SHA1zDHE-GSS-FFDHE-2048-SHA2-256zECDHE-GSS-SECP256R1-SHA2-256zECDHE-GSS-X25519-SHA2-256zDHE-GSS-FFDHE-4096-SHA2-512zssh-rsazssh-dsszrsa-sha2-256zrsa-sha2-512zecdsa-sha2-nistp256z"sk-ecdsa-sha2-nistp256@openssh.comzecdsa-sha2-nistp384zecdsa-sha2-nistp521zssh-ed25519zsk-ssh-ed25519@openssh.com) zRSA-SHA1zDSA-SHA1zRSA-SHA2-256zRSA-SHA2-512zECDSA-SHA2-256zECDSA-SHA2-256-FIDOzECDSA-SHA2-384zECDSA-SHA2-512z EDDSA-ED25519zEDDSA-ED25519-FIDOzssh-rsa-cert-v01@openssh.comzssh-dss-cert-v01@openssh.comz!rsa-sha2-256-cert-v01@openssh.comz!rsa-sha2-512-cert-v01@openssh.comz(ecdsa-sha2-nistp256-cert-v01@openssh.comz+sk-ecdsa-sha2-nistp256-cert-v01@openssh.comz(ecdsa-sha2-nistp384-cert-v01@openssh.comz(ecdsa-sha2-nistp521-cert-v01@openssh.comz ssh-ed25519-cert-v01@openssh.comz#sk-ssh-ed25519-cert-v01@openssh.comc�����������������C���s���|
j�}d
}d}d
}|d�D�]0} z|��
||�j| �|�}W�q�tyH
�
�
�Y�q0�q|r`|d|��d�7�}d
}|
jd�dkr�|d�D�]0} z|��
||�j| �|�}W�qz�ty�
�
�
�Y�qz0�qz|
jd�d kr�|d�D�]0} z|��
||�j| �|�}W�q��ty�
�
�
�Y�q�0�q�|�
r |d |��d�7�}d
}d
} |d�D��
]&}|d�D��
]}|
jd ��
r�z$|�j|d�|��} |��
|| |�}W�n�t�
yr
�
�
�Y�n0�z"||d�|��} |��
| | |�} W�n�t�
y�
�
�
�Y�n0�|d�D�]�}z*||d�|�d�|��} |��
|| |�}W�n�t�
y�
�
�
�Y�n0�z*||d�|�d�|��} |��
| | |�} W�n�t�y6
�
�
�Y�n0��
q��
q(�
q| �r\|d| ��d�7�}n|d7�}|�rz|d|��d�7�}d
}|d�D�]n} z|��
||�j | �|�}W�n�t�y�
�
�
�Y�n0�|
jd��r�z|��
||�j | �|�}W�n�t�y�
�
�
�Y�n0��q�|�r"|�r|d|��d�7�}|d|��d�7�}d
}|d�D�]4} z|��
||�j | �|�}W�n�t�y^
�
�
�Y�n0��q.|�rz|d|��d�7�}|
jd�dk�r�t��}|d�u
�r�||��d|
jd���d�7�}|S�)Nr����
,ZcipherzCiphers �
ZetmZDISABLE_ETMZmacZDISABLE_NON_ETMzMACs Zkey_exchange�hashZarbitrary_dh_groups�
-�groupzGSSAPIKexAlgorithms zGSSAPIKeyExchange no zKexAlgorithms �signZ ssh_certszHostKeyAlgorithms zPubkeyAcceptedAlgorithms zCASignatureAlgorithms Zmin_rsa_sizer
����
)Zenabled�append� cipher_map�KeyErrorZenums�mac_map_etm�mac_mapZintegers�gx_map�sign_map�sign_map_certs�_min_rsa_size_option)�cls�policy�local_kx_map�local_gss_kx_map�do_host_key�
pZcfg�sep�
s�
iZgssZkx�
h�val�
gZmin_rsa_optname��r#����=/usr/share/crypto-policies/python/policygenerators/openssh.py�generate_optionsr���s�����




































































z!OpenSSHGenerator.generate_optionsN) �__name__� __module__�__qualname__r���r���r����kx_mapr���� gss_kx_mapr���r����classmethodr%���r#���r#���r#���r$���r������s����



















�




� 




� 






�
�





�








�








� 
r���c�������������������@���s0���e�Z
d�Zd
Zh�d�
Zedd���
Zedd���
ZdS�)�OpenSSHClientGenerator�openssh>���zopenssh-client�sshr-���c�����������������C���s&���t�|�j
�
}t�|�j�
}|�j|
||d
d�S�)NF�
r���)�dictr)���r*���r%���)r���r���r���r���r#���r#���r$����generate_config����s ����

�z&OpenSSHClientGenerator.generate_configc�������������� ���C���s
��t��
d
�
dkrdS�t��dt�j�s$dS�t��
d�
dkrHt�t����d�d|
�}
t��\}}d}z~t��|d ��}|� |
�

�W�d����
�n1�s�0�
�
�
�Y�
�zt jd |��d�dd�}W�n�t jy�
�
�
�|�� d �

�Y�n0�W�t��|�

�nt��|�

�0�|�
r|�� d�

�|�� d|
����

�dS�dS�)N�OLD_OPENSSH�
1T�/usr/bin/ssh�OPENSSH_MIN_RSA_SIZE_FORCE�.*r��������
wz/usr/bin/ssh -G -F z bogus654_server >/dev/null�
�shellz/usr/bin/ssh: Execution failed�4There is an error in OpenSSH server generated policy�Policy: F)�os�getenv�access�X_OK�re�subr���r����fdopen�write� subprocess�call�CalledProcessError�eprint�unlink)r����config�fd�path�ret�
fr#���r#���r$����test_config����s.����



 


(


� 




z"OpenSSHClientGenerator.test_configN)r&���r'���r(����CONFIG_NAME�SCOPESr+���r1���rO���r#���r#���r#���r$���r,�������s���



r,���c�������������������@���sL���e�Z
d�Zd
Zh�d�
ZdZedd���
Zedd���
Zedd ���
Z ed d���
Z dS�) �OpenSSHServerGeneratorZ opensshserver>���r.���r-���zopenssh-serverz4systemctl try-restart sshd.service 2>/dev/null || : c�����������������C���s���|�j�|
|�j
|�jd
d�S�)NTr/���)r%���r)���r*���)r���r���r#���r#���r$���r1���
��s����
�z&OpenSSHServerGenerator.generate_configc
�����������������C���sh���t���\}
}t
�|�

�d
}ztjd|��d�dd�}W�n�tjyP
�
�
�|��d�

�Y�n0�|rd|��d�

�dS�|S�) Nr7���z&/usr/bin/ssh-keygen -t rsa -b 3072 -f z -N "" >/dev/nullTr9���z%/usr/bin/ssh-keygen: Execution failedz4SSH Keygen failed when testing OpenSSH server policyr���)r���r=���rI���rE���rF���rG���rH���)r���Z_fdrL���rM���r#���r#���r$����_test_setup
��s����




�
� 



z"OpenSSHServerGenerator._test_setupc�����������������C���s���|
rt��
|
�

�d�S��
N)r=���rI���)r���rL���r#���r#���r$���� _test_cleanup%
��s����
z$OpenSSHServerGenerator._test_cleanupc�������������� ���C���s4
��t��
d
�
dkrdS�t��dt�j�s$dS�t��
d�
dkrHt�t����d�d|
�}
|����}|sXdS�t��\}}d }z�t�� |d ��}|� |
�

�W�d����
�n1�s�0�
�
�
�Y�
�z tjd|��d|��d �dd�}W�n�tj y�
�
�
�|��d�

�Y�n0�W�t��|�

�|��|�

�nt��|�

�|��|�

�0�|�
r0|��d�

�|��d|
����

�dS�dS�)Nr2���r3���Tz/usr/sbin/sshdr5���r6���r���Fr7���r8���z/usr/sbin/sshd -T -h z -f z >/dev/nullr9���z /usr/sbin/sshd: Execution failedr;���r<���)r=���r>���r?���r@���rA���rB���r���rS���r���rC���rD���rE���rF���rG���rH���rI���rU���)r���rJ���Zhost_key_filenamerK���rL���rM���rN���r#���r#���r$���rO���*
��sB����





 


(


�
�� 

�




z"OpenSSHServerGenerator.test_configN)r&���r'���r(���rP���rQ���Z RELOAD_CMDr+���r1���rS���rU���rO���r#���r#���r#���r$���rR���
��s���





rR���c��������������� ���C���sf���zHt�j
d
dgdt�jd�j���}�t�d|��}
|
rFtdd��|
���D��
�
W�S�W�n�t t fy`
�
�
�Y�d�S�0�d�S�)Nr4���z-VF)�check�stderrzOpenSSH_(\d+).(\d+)p.*c
�����������������s���s���|�]}
t�|
�
V�
�qd�S�rT���)
�int)�.0�
nr#���r#���r$���� <genexpr>V
�������z#_openssh_version.<locals>.<genexpr>)rE����run�PIPErW����decoderA����match�tuple�groups�FileNotFoundError�PermissionError)Zssh_versionZverr#���r#���r$����_openssh_versionP
��s����


�




re���c������������������C���sB���d
}�t��
d|��}
|
dkrd�S�|
dkr>t��}|r:|dkr:d
S�d�S�|
S�)NZRequiredRSASizeZOPENSSH_MIN_RSA_SIZEZnone�auto)� ���r
���)r=���r>���re���)ZMIN_RSA_DEFAULTZmin_rsa_size_forceZopenssh_versionr#���r#���r$���r���\
��s����









r���)r=���rA���rE���Ztempfiler���Zconfiggeneratorr���r���r,���rR���re���r���r#���r#���r#���r$����<module>���s���


�P+H