shell bypass 403
a
�����
�g�'����������������������@���sL���d�dl�Z�d�dlZd�dlmZmZ�d�dlmZ�ddlmZ�G�dd��de�Z dS�)�����N)�CalledProcessError�call)�mkstemp����)�ConfigGeneratorc����������������%���@���s|��e�Zd�ZdZh�d�Zddddddd�Zdddd d
d
dd
d
ddddd�
Zdddddddddd
d
�
Zd
d d d!d"d#d$�Zd%d&d'�Z d(gd)gd*gd+gd,gd-gd.gd/gd0gd1d2gd3gd4gd5d6gd7gd8gd9d:gd;gd<gd=gd>gd?gd@gdAgdBgdCgdDgdEgdFgdGgdHgdIgdJgdKgdLgdMgdNgdO�$Z
dPdPdQdRdSdTdUdVdWdXdYdZd[d\d]d^�Z
d_d`dadbdc�Z
dddedfdgdhdidjdkdl�Z
edmdn���Zedodp���ZdS�)q�GnuTLSGenerator�gnutls>���ZsslZtlsr����AEAD�SHA1�MD5NZSHA512)r ���z HMAC-SHA1zHMAC-MD5z
HMAC-SHA2-256z
HMAC-SHA2-384z
HMAC-SHA2-512ZSHA224ZSHA256ZSHA384�SHA3-224�SHA3-256�SHA3-384�SHA3-512� SHAKE-128� SHAKE-256)
r ���r
���r
���zSHA2-224zSHA2-256zSHA2-384zSHA2-512r
���r
���r���r���r���r���z
GROUP-X448z
GROUP-X25519zGROUP-SECP256R1zGROUP-SECP384R1zGROUP-SECP521R1zGROUP-FFDHE6144zGROUP-FFDHE2048zGROUP-FFDHE3072zGROUP-FFDHE4096zGROUP-FFDHE8192)
�X448�X25519� SECP256R1� SECP384R1� SECP521R1z
FFDHE-6144z
FFDHE-2048z
FFDHE-3072z
FFDHE-4096z
FFDHE-8192r���r���� SECP224R1r���r���r���)r���r���r���r���r���r���ZEd448ZEd25519)�
EDDSA-ED448�
EDDSA-ED25519�RSA-MD5�RSA-SHA1�DSA-SHA1�
ECDSA-SHA1z
RSA-SHA224z
DSA-SHA224z
ECDSA-SHA224z
RSA-SHA256z
DSA-SHA256z
ECDSA-SHA256zECDSA-SECP256R1-SHA256z
RSA-SHA384z
DSA-SHA384z
ECDSA-SHA384zECDSA-SECP384R1-SHA384z
RSA-SHA512z
DSA-SHA512z
ECDSA-SHA512zECDSA-SECP521R1-SHA512zRSA-PSS-SHA256zRSA-PSS-SHA384zRSA-PSS-SHA512zRSA-PSS-RSAE-SHA256zRSA-PSS-RSAE-SHA384zRSA-PSS-RSAE-SHA512�
RSA-SHA3-224�
DSA-SHA3-224�ECDSA-SHA3-224�
RSA-SHA3-256�
DSA-SHA3-256�ECDSA-SHA3-256�
RSA-SHA3-384�
DSA-SHA3-384�ECDSA-SHA3-384�
RSA-SHA3-512�
DSA-SHA3-512�ECDSA-SHA3-512z
EdDSA-Ed448z
EdDSA-Ed25519)$r���r���r
���r
���z
RSA-SHA2-224z
DSA-SHA2-224zECDSA-SHA2-224z
RSA-SHA2-256z
DSA-SHA2-256zECDSA-SHA2-256z
RSA-SHA2-384z
DSA-SHA2-384zECDSA-SHA2-384z
RSA-SHA2-512z
DSA-SHA2-512zECDSA-SHA2-512zRSA-PSS-SHA2-256zRSA-PSS-SHA2-384zRSA-PSS-SHA2-512zRSA-PSS-RSAE-SHA2-256zRSA-PSS-RSAE-SHA2-384zRSA-PSS-RSAE-SHA2-512r
���r ���r ���r!���r"���r#���r$���r%���r&���r'���r(���r)���r���r������
AES-256-GCM�
AES-128-GCM�
AES-256-CCM�
AES-128-CCM�
AES-256-CBC�
AES-128-CBC�CAMELLIA-256-GCM�CAMELLIA-128-GCM�CAMELLIA-256-CBC�CAMELLIA-128-CBC�CHACHA20-POLY1305�3DES-CBCz
ARCFOUR-128)z
AES-256-CTRz
AES-128-CTRr+���r,���r-���r.���r/���r0���r1���r2���r3���r4���r5���r6���zRC4-128)z ECDHE-RSAz
ECDHE-ECDSA)�RSA)�DHE-RSA)�DHE-DSS)ZECDHEr7���r8���r9����SSL3.0�TLS1.0�TLS1.1�TLS1.2�TLS1.3�DTLS0.9�DTLS1.0�DTLS1.2)r:���r;���r<���r=���r>���r?���r@���rA���c�����������
��� ������s���|j�}t�d����}|d�rj|d�D�]D}z,��j|�rR|d7�}|��j|�7�}|d7�}W�q$�tyf���Y�q$0�q$|d�r�|d�D�]D}z,��j|�r�|d7�}|��j|�7�}|d7�}W�qz�ty����Y�qz0�qz|d�D�]$}|��jv�r�|d��j|���d�7�}qȇ�fd d
�|d
�D��}|D�]"}|D�]}|d
|��d�7�}�q�q|D�]"}|D�]}|d
|��d�7�}�q8�q0|jd��rx|d7�}|d7�}|d7�}|d�D�](}|��j v��r�|d��j |���d�7�}�q�|d
�D�](}|��j
v��r�|d��j
|���d�7�}�q�|d��r:|d�D�]J}z.��j
|��r
|d7�}|��j
|�7�}|d7�}W�n�t�y4���Y�n0��q�|d�D�]4}|��j
v��rB��j
|�D�]}|d|��d�7�}�q\�qB|d�D�](}|��j
v��r�|d��j
|���d�7�}�q�t�dd�dk}|�s|jd
�d
k�r�|d
7�}n*|jd
�d k�r�|d 7�}n|jd
�d!k�r|jd"�} |jd#�}
| d$k�s,|
d$k�r6|d%7�}n�| d&k�sJ|
d&k�rT|d'7�}nb| d(k�sh|
d(k�rr|d)7�}nD| d*k�s�|
d*k�r�|d+7�}n&| d,k�s�|
d,k�r�|d-7�}n|d.7�}|d/7�}|S�)0Nz]
[global]
override-mode = allowlist
[overrides]
�hashzsecure-hash = �
Zmacztls-enabled-mac = �groupztls-enabled-group = c��������������������s ���g�|�]}|��j�v�r��j�|��qS���)�sign_map)�.0�i��clsrE����</usr/share/crypto-policies/python/policygenerators/gnutls.py�
<listcomp>���������z3GnuTLSGenerator.generate_config.<locals>.<listcomp>�signz
secure-sig = zsecure-sig-for-cert = Z
sha1_in_certsz secure-sig-for-cert = rsa-sha1
z secure-sig-for-cert = dsa-sha1
z!secure-sig-for-cert = ecdsa-sha1
zenabled-curve = Zcipherztls-enabled-cipher = Z
key_exchangeztls-enabled-kx = Zprotocolzenabled-version = ZGNUTLS_NO_TLS_SESSION_HASH�0�1Z__emsZENFORCEztls-session-hash = require
ZRELAXztls-session-hash = request
ZDEFAULT�
min_dh_size�
min_rsa_sizei���z$min-verification-profile = very_weaki���z
min-verification-profile = lowi���z!min-verification-profile = mediumi�
��z min-verification-profile = highi� ��z min-verification-profile = ultraz!min-verification-profile = futurez
[priorities]
SYSTEM=NONE
)Zenabled�textwrap�dedent�lstrip�hash_map�KeyError�mac_map� group_mapZintegers�group_curve_map�sign_curve_map�
cipher_map�key_exchange_map�
protocol_map�os�getenvZenums)
rJ���Zpolicy�p�srH���Zsigs�jZkxZno_tls_session_hashrQ���rR���rE���rI���rK����generate_config����s�����
�
z GnuTLSGenerator.generate_configc�������������� ���C���s(��t��d�dkrdS�t��dt�j�s$dS�t��\}}d}z�t��|d��}|�|��W�d�����n1�s`0����Y��z.|t�jd<�dt�jd <�dt�jd
<�td
dd
�}W�n
�t y����|��
d
��Y�n0�W�t�jd=�t�jd =�t�jd
=�t��
|��n$t�jd=�t�jd =�t�jd
=�t��
|��0�|�r$|��
d��|��
d|�����dS�dS�)NZ
OLD_GNUTLSrP���Tz/usr/bin/gnutls-cli�����wZGNUTLS_SYSTEM_PRIORITY_FILE�3ZGNUTLS_DEBUG_LEVELZ&GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALIDz!/usr/bin/gnutls-cli -l >/dev/null)�shellz%/usr/bin/gnutls-cli: Execution failedz,There is an error in gnutls generated policyzPolicy:
F)
r_���r`����access�X_OKr����fdopen�write�environr���r���Zeprint�unlink)rJ���Zconfig�fd�path�ret�frE���rE���rK����
test_config
��s>����
(
�
�
zGnuTLSGenerator.test_config)�__name__�
__module__�
__qualname__Z
CONFIG_NAMEZSCOPESrX���rV���rY���rZ���r[���rF���r\���r]���r^����
classmethodrd���rs���rE���rE���rE���rK���r������s�����
���
��,���
ir���)
r_���rS����
subprocessr���r���Ztempfiler���Zconfiggeneratorr���r���rE���rE���rE���rK����<module>���s
���