o ÞÜgþ§ã@s8dZddlZddlZddlZddlZddlmZmZmZm Z m Z m Z m Z m Z mZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(ddl)m*Z*ddl+m,Z,m-Z-ddl.m/Z/m0Z0m1Z1m2Z2ddl3m4Z4ddl5m6Z6m7Z7Gd d „d ƒZ8Gd d „d ƒZ9Gd d„de8ƒZ:dS)z `.AuthHandler` éN)#ÚcMSG_SERVICE_REQUESTÚcMSG_DISCONNECTÚ DISCONNECT_SERVICE_NOT_AVAILABLEÚ)DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLEÚcMSG_USERAUTH_REQUESTÚcMSG_SERVICE_ACCEPTÚDEBUGÚAUTH_SUCCESSFULÚINFOÚcMSG_USERAUTH_SUCCESSÚcMSG_USERAUTH_FAILUREÚAUTH_PARTIALLY_SUCCESSFULÚcMSG_USERAUTH_INFO_REQUESTÚWARNINGÚ AUTH_FAILEDÚcMSG_USERAUTH_PK_OKÚcMSG_USERAUTH_INFO_RESPONSEÚMSG_SERVICE_REQUESTÚMSG_SERVICE_ACCEPTÚMSG_USERAUTH_REQUESTÚMSG_USERAUTH_SUCCESSÚMSG_USERAUTH_FAILUREÚMSG_USERAUTH_BANNERÚMSG_USERAUTH_INFO_REQUESTÚMSG_USERAUTH_INFO_RESPONSEÚcMSG_USERAUTH_GSSAPI_RESPONSEÚcMSG_USERAUTH_GSSAPI_TOKENÚcMSG_USERAUTH_GSSAPI_MICÚMSG_USERAUTH_GSSAPI_RESPONSEÚMSG_USERAUTH_GSSAPI_TOKENÚMSG_USERAUTH_GSSAPI_ERRORÚMSG_USERAUTH_GSSAPI_ERRTOKÚMSG_USERAUTH_GSSAPI_MICÚ MSG_NAMESÚcMSG_USERAUTH_BANNER)ÚMessage)ÚbÚu)Ú SSHExceptionÚAuthenticationExceptionÚBadAuthenticationTypeÚPartialAuthentication)ÚInteractiveQuery)ÚGSSAuthÚGSS_EXCEPTIONSc@s.eZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd d „Z dd„Z dHdd„Z dd„Z dd„Z dd„Zdd„Zdd„Zdd„Zdd „Zd!d"„Zd#d$„Zd%d&„Zd'd(„Zd)d*„Zd+d,„Zd-d.„Zd/d0„Zd1d2„Zd3d4„Zd5d6„Zd7d8„Zd9d:„Zd;d<„Z d=d>„Z!d?d@„Z"e#dAdB„ƒZ$e#dCdD„ƒZ%e#dEdF„ƒZ&dGS)IÚ AuthHandlerzC Internal class to handle the mechanics of authentication. cCs^t |¡|_d|_d|_d|_d|_d|_d|_d|_ d|_ d|_ d|_ d|_ d|_d|_dS)NFÚrT)ÚweakrefÚproxyÚ transportÚusernameÚ authenticatedÚ auth_eventÚ auth_methodÚbannerÚpasswordÚ private_keyÚinteractive_handlerÚ submethodsÚ auth_usernameÚauth_fail_countÚgss_hostÚgss_deleg_creds)Úselfr3©rBúO/var/www/html/api-tag/env/lib/python3.10/site-packages/paramiko/auth_handler.pyÚ__init__Rs  zAuthHandler.__init__cGs |jj|ŽS©N)r3Ú_log)rAÚargsrBrBrCrFdó zAuthHandler._logcCó|jSrE)r5©rArBrBrCÚis_authenticatedgszAuthHandler.is_authenticatedcCó|jjr|jS|jSrE)r3Ú server_moder=r4rJrBrBrCÚ get_usernamejszAuthHandler.get_usernamecCóH|jj ¡z||_d|_||_| ¡W|jj ¡dS|jj ¡w©NÚnone©r3ÚlockÚacquirer6r7r4Ú _request_authÚrelease©rAr4ÚeventrBrBrCÚ auth_nonepó  zAuthHandler.auth_nonecCóN|jj ¡z||_d|_||_||_| ¡W|jj ¡dS|jj ¡w)NÚ publickey) r3rSrTr6r7r4r:rUrV)rAr4ÚkeyrXrBrBrCÚauth_publickeyzó  zAuthHandler.auth_publickeycCr[)Nr9) r3rSrTr6r7r4r9rUrV)rAr4r9rXrBrBrCÚ auth_password…r_zAuthHandler.auth_passwordr0cCsT|jj ¡z||_d|_||_||_||_| ¡W|jj  ¡dS|jj  ¡w)úK response_list = handler(title, instructions, prompt_list) úkeyboard-interactiveN) r3rSrTr6r7r4r;r<rUrV)rAr4ÚhandlerrXr<rBrBrCÚauth_interactives  zAuthHandler.auth_interactivecCsT|jj ¡z||_d|_||_||_||_| ¡W|jj  ¡dS|jj  ¡w)Núgssapi-with-mic) r3rSrTr6r7r4r?r@rUrV)rAr4r?r@rXrBrBrCÚauth_gssapi_with_micŸs  z AuthHandler.auth_gssapi_with_miccCrO)Nú gssapi-keyexrRrWrBrBrCÚauth_gssapi_keyex«rZzAuthHandler.auth_gssapi_keyexcCs|jdur |j ¡dSdSrE)r6ÚsetrJrBrBrCÚabortµs ÿzAuthHandler.abortcCs*tƒ}| t¡| d¡|j |¡dS©Nú ssh-userauth)r%Úadd_byterÚ add_stringr3Ú _send_message©rAÚmrBrBrCrU»s  zAuthHandler._request_authcCóHtƒ}| t¡| t¡| d¡| d¡|j |¡|j ¡dS)NzService not availableÚen) r%rmrÚadd_intrrnr3roÚcloserprBrBrCÚ!_disconnect_service_not_availableÁó     z-AuthHandler._disconnect_service_not_availablecCrr)NzNo more auth methods availablers) r%rmrrtrrnr3rorurprBrBrCÚ_disconnect_no_more_authÊrwz$AuthHandler._disconnect_no_more_authcCs"|jr |jj|jjfS| ¡|fS)z Given any key, return its type/algorithm & bits-to-sign. Intended for input to or verification of, key signatures. )Ú public_blobÚkey_typeÚkey_blobÚget_name)rAr]rBrBrCÚ_get_key_type_and_bitsÓs z"AuthHandler._get_key_type_and_bitscCsptƒ}| |jj¡| t¡| |¡| |¡| d¡| d¡| |¡\}}| |¡| |¡| ¡S)Nr\T) r%rnr3Ú session_idrmrÚ add_booleanr}Úasbytes)rAr]Úservicer4Ú algorithmrqÚ_ÚbitsrBrBrCÚ_get_session_blobßs       zAuthHandler._get_session_blobcCsÄd}|jjdurt ¡|jj} | d¡|j ¡s0|j ¡}|dus*t|jtƒr.t dƒ}|‚|  ¡r5n|durC|t ¡krCt dƒ‚q|  ¡s`|j ¡}|durUt dƒ}t|jt ƒr^|j S|‚gS)NTgš™™™™™¹?z5Authentication failed: transport shut down or saw EOFzAuthentication timeout.zAuthentication failed.)r3Ú auth_timeoutÚtimeÚwaitÚ is_activeÚ get_exceptionÚ issubclassÚ __class__ÚEOFErrorr)Úis_setrKr+Ú allowed_types)rArXÚmax_tsÚerBrBrCÚwait_for_responseìs2    ÿô  zAuthHandler.wait_for_responsecCs’| ¡}|jjrC|dkrCtƒ}| t¡| |¡|j |¡|jj  ¡\}}|rAtƒ}| t ¡| |¡| |¡|j |¡dS|  ¡dSrk) Úget_textr3rMr%rmrrnroÚ server_objectÚ get_bannerr$rv)rArqrr8ÚlanguagerBrBrCÚ_parse_service_request s        z"AuthHandler._parse_service_requestcCsF|jj}| dd¡|vrd}| t| |¡¡dS|jj|t|ƒƒS)Nú-cert-v01@openssh.comr0zOsz:AuthHandler._finalize_pubkey_algorithm..zOur pubkey algorithm list: {}zFAn RSA key was specified, but no RSA pubkey algorithms are configured!zserver-sig-algsr0ú,zServer-side algorithm list: {}rz)No common pubkey algorithms exist! Dying.z=Unable to agree on a pubkey algorithm for signing a {!r} key!)rFrr›ÚendswithÚreÚsearchr3Úremote_versionÚ_agreed_pubkey_algorithmr™r(r'Úserver_extensionsÚgetr&ÚsplitÚlistÚfilterÚ __contains__r)r¤)rArzr¢r¡Úserver_algo_strÚ server_algosÚ agreementrŸrBrBrCÚ_finalize_pubkey_algorithm3sdÿþ ÿ  ÿÿÿ  ÿþ ÿ z&AuthHandler._finalize_pubkey_algorithmc Csº| ¡}|dkrÒ| td¡tƒ}| t¡| |j¡| d¡| |j¡|jdkr>|  d¡t |j ƒ}| |¡nŒ|jdkrw|  d¡|  |j ¡\}}| |¡}| |¡| |¡| |j d|j|¡}|j  ||¡}| |¡nS|jdkr‰| d ¡| |j¡nA|jd kr™t|j|jƒ} | |  ¡¡|j |¡|jj ¡\} }| tkr¼| |¡|jj ¡\} }| tkr]| ¡} tƒ}| t¡z| |  |j | |j¡¡Wnt!yò} z | "| ¡WYd} ~ Sd} ~ ww|j |¡ |jj ¡\} }| t#krI| ¡} z |  |j | |j| ¡}Wnt!y/} z | "| ¡WYd} ~ Sd} ~ ww|dur6ntƒ}| t¡| |¡|j $|¡qútƒ}| t(¡| |  )|jj*¡¡nm| t+krft%d ƒ‚| t,kr„| -¡}| -¡}| ¡}| ¡t%d  &|||¡ƒ‚| t.kr| /|¡dSt%d  &t'| ¡ƒ‚|jdkr»|jj0r»|jj1}| 2|j¡| )|jj*¡}| |¡n|jdkrÂnt%d &|j¡ƒ‚|j |¡dS| td &|¡¡dS)Nrlzuserauth is OKússh-connectionr9Fr\Trbr0rezReceived Package: {}zServer returned an error tokenzCGSS-API Error: Major Status: {} Minor Status: {} Error Message: {} rgrQzUnknown auth method "{}"z!Service request "{}" accepted (?))3r“rFrr%rmrrnr4r7rr&r9r}r:r¸r…Ú sign_ssh_datar<r-r@Ú add_bytesÚ ssh_gss_oidsr3roÚ packetizerÚ read_messagerÚ_parse_userauth_bannerrÚ get_stringrÚssh_init_sec_contextr?r.Ú_handle_local_gss_failurerÚ send_messager(r›r#rÚ ssh_get_micr~r!r Úget_intrÚ_parse_userauth_failureÚ gss_kex_usedÚ kexgss_ctxtÚ set_username)rArqrr9rzr„r‚ÚblobÚsigÚsshgssÚptypeÚmechr‘Ú srv_tokenÚ next_tokenÚ maj_statusÚ min_statusÚerr_msgÚkexgssÚ mic_tokenrBrBrCÚ_parse_service_accept{sà              ü        ÿÿ€ÿ  ü€ÿ    ê   ÿû  ÿ ÿ    ÿ ÿz!AuthHandler._parse_service_acceptcCsÆtƒ}|tkr| td |¡¡| t¡d|_n.| td |¡¡| t¡|  |j j   |¡¡|t kr;| d¡n | d¡|jd7_|j  |¡|jdkrV| ¡|tkra|j  ¡dSdS)NzAuth granted ({}).TzAuth rejected ({}).Féé )r%r rFr r›rmr r5r rnr3r”Úget_allowed_authsr rr>rorxÚ _auth_trigger)rAr4ÚmethodÚresultrqrBrBrCÚ_send_auth_results(   ÿ    ÿzAuthHandler._send_auth_resultcCs|tƒ}| t¡| |j¡| |j¡| tƒ¡| t|j ƒ¡|j D]}| |d¡|  |d¡q%|j   |¡dS)Nrr×) r%rmrrnÚnameÚ instructionsÚbytesrtÚlenÚpromptsrr3ro)rAÚqrqÚprBrBrCÚ_interactive_querys     zAuthHandler._interactive_queryc Csv|jjstƒ}| t¡| d¡| d¡|j |¡dS|jr#dS|  ¡}|  ¡}|  ¡}|  t d  |||¡¡|dkrD|  ¡dS|jdurZ|j|krZ|  td¡| ¡dS||_|jj ¡}|dkrp|jj |¡}nÂ|dkr¹| ¡}| ¡}z| d¡}Wn tyŒYnw|r¯|  t d¡| ¡} z|  dd ¡} Wn tyªYnwt}nƒ|jj ||¡}ny|d krg| ¡} |  ¡} | ¡} z| | | ¡} WnAtyñ}z|  td   t|ƒ¡¡d} WYd}~n'd}~wty}zd }|  t|  |jj |¡¡d} WYd}~nd}~ww| dur| ¡dS|jj !|| ¡}|tkrf| sItƒ}| t"¡| | ¡| | ¡|j |¡dSt| ¡ƒ}| #| ||| ¡}|  $||¡sf|  td ¡t}nË|dkr†| %¡}|jj &||¡}t'|t(ƒr…| )|¡dSn¬|dkrã|rãt*|ƒ}| +¡}|dkr¥|  td¡| ¡| %¡}| ,|¡}|s»|  td¡| ¡| -d¡}tƒ}| t.¡| /|¡t0||ƒ|j_1t2t3t4f|j_5|j |¡dS|dkr+|r+| %¡}|jj6}|durt}| 7|||¡z | 8||jj9|j¡Wntyt}| 7|||¡‚wt:}|jj ;||¡n|jj |¡}| 7|||¡dS)NrQFz.Auth request (type={}) service={}, username={}r¹zKAuth rejected because the client attempted to change username in mid-flightr9zUTF-8z+Auth request to change passwords (rejected)ršr\zAuth rejected: public key: {}z9Auth rejected: unsupported or mangled public key ({}: {})z Auth rejected: invalid signaturerbrer×z8Disconnect: Received more than one GSS-API OID mechanismz5Disconnect: Received an invalid GSS-API OID mechanismÚserverrg).finishr\)r}r¸r…r4)rAr4r]rzr8rBr7rCr^s ü zAuthOnlyHandler.auth_publickeycs‡fdd„}| |d|¡S)Ncs| d¡| tˆƒ¡dS)NF)rrnr&r6©r9rBrCr8s z-AuthOnlyHandler.auth_password..finishr9r5)rAr4r9r8rBr9rCr`s zAuthOnlyHandler.auth_passwordr0cs&d|_||_‡fdd„}| |d|¡S)raÚkeyboard_interactivecs| d¡| ˆ¡dS)Nr0)rnr6©r<rBrCr8/s z0AuthOnlyHandler.auth_interactive..finishrb)r7r;r4)rAr4rcr<r8rBr;rCrd%s z AuthOnlyHandler.auth_interactivecCstd}| t|¡| dd¡}||vs||vr'||vr|n|}d|›d}|}n |d}|›d|›}| t|¡|S)NzdServer did not send a server-sig-algs list; defaulting to something in our preferred algorithms listr˜r0zCurrent key type, z&, is in our preferred list; using thatrz3 not in our list - trying first list item instead, )rFrrš)rArzr¡r£Únoncert_key_typeÚactualÚalgorBrBrCr¤8s    z1AuthOnlyHandler._choose_fallback_pubkey_algorithmrEr) rðrrrrrr4rYr^r`rdr¤Ú __classcell__rBrBr0rCr,Ès  ) r,);rr1r1r‡r«Úparamiko.commonrrrrrrrr r r r r rrrrrrrrrrrrrrrrrrr r!r"r#r$Úparamiko.messager%Ú paramiko.utilr&r'Úparamiko.ssh_exceptionr(r)r*r+Úparamiko.serverr,Úparamiko.ssh_gssr-r.r/rör,rBrBrBrCÚs(” % l