_e[c@sdZddlZddlZddlmZmZmZmZmZm Z m Z m Z m Z m Z mZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&ddl'm(Z(ddl)m*Z*ddl+m,Z,m-Z-m.Z.m/Z/ddl0m1Z1ddl2m3Z3m4Z4d e5fd YZ6d e5fd YZ7dS( s `.AuthHandler` iN(#tcMSG_SERVICE_REQUESTtcMSG_DISCONNECTt DISCONNECT_SERVICE_NOT_AVAILABLEt)DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLEtcMSG_USERAUTH_REQUESTtcMSG_SERVICE_ACCEPTtDEBUGtAUTH_SUCCESSFULtINFOtcMSG_USERAUTH_SUCCESStcMSG_USERAUTH_FAILUREtAUTH_PARTIALLY_SUCCESSFULtcMSG_USERAUTH_INFO_REQUESTtWARNINGt AUTH_FAILEDtcMSG_USERAUTH_PK_OKtcMSG_USERAUTH_INFO_RESPONSEtMSG_SERVICE_REQUESTtMSG_SERVICE_ACCEPTtMSG_USERAUTH_REQUESTtMSG_USERAUTH_SUCCESStMSG_USERAUTH_FAILUREtMSG_USERAUTH_BANNERtMSG_USERAUTH_INFO_REQUESTtMSG_USERAUTH_INFO_RESPONSEtcMSG_USERAUTH_GSSAPI_RESPONSEtcMSG_USERAUTH_GSSAPI_TOKENtcMSG_USERAUTH_GSSAPI_MICtMSG_USERAUTH_GSSAPI_RESPONSEtMSG_USERAUTH_GSSAPI_TOKENtMSG_USERAUTH_GSSAPI_ERRORtMSG_USERAUTH_GSSAPI_ERRTOKtMSG_USERAUTH_GSSAPI_MICt MSG_NAMEStcMSG_USERAUTH_BANNER(tMessage(t bytestring(t SSHExceptiontAuthenticationExceptiontBadAuthenticationTypetPartialAuthentication(tInteractiveQuery(tGSSAuthtGSS_EXCEPTIONSt AuthHandlercBsBeZdZdZdZdZdZdZdZdZ dd Z d Z d Z d Z d ZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZiee6ee6ee 6ee!6ee"6ee#6ee$6ee%6Z&RS(sC Internal class to handle the mechanics of authentication. cCstj||_d|_t|_d|_d|_d|_ d|_ d|_ d|_ d|_ d|_d|_d|_t|_dS(Nti(tweakreftproxyt transporttNonetusernametFalset authenticatedt auth_eventt auth_methodtbannertpasswordt private_keytinteractive_handlert submethodst auth_usernametauth_fail_counttgss_hosttTruetgss_deleg_creds(tselfR0((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyt__init__8s            cGs|jj|S(N(R0t_log(RAtargs((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyRCJscCs|jS(N(R4(RA((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pytis_authenticatedMscCs|jjr|jS|jSdS(N(R0t server_modeR<R2(RA((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyt get_usernamePs cCsQ|jjjz)||_d|_||_|jWd|jjjXdS(Ntnone(R0tlocktacquireR5R6R2t _request_authtrelease(RAR2tevent((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyt auth_noneVs   cCsZ|jjjz2||_d|_||_||_|jWd|jjjXdS(Nt publickey( R0RIRJR5R6R2R9RKRL(RAR2tkeyRM((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pytauth_publickey`s    cCsZ|jjjz2||_d|_||_||_|jWd|jjjXdS(NR8( R0RIRJR5R6R2R8RKRL(RAR2R8RM((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyt auth_passwordks    R-cCsc|jjjz;||_d|_||_||_||_|jWd|jjj XdS(sK response_list = handler(title, instructions, prompt_list) skeyboard-interactiveN( R0RIRJR5R6R2R:R;RKRL(RAR2thandlerRMR;((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pytauth_interactivevs     cCsc|jjjz;||_d|_||_||_||_|jWd|jjj XdS(Nsgssapi-with-mic( R0RIRJR5R6R2R>R@RKRL(RAR2R>R@RM((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pytauth_gssapi_with_mics     cCsQ|jjjz)||_d|_||_|jWd|jjjXdS(Ns gssapi-keyex(R0RIRJR5R6R2RKRL(RAR2RM((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pytauth_gssapi_keyexs   cCs#|jdk r|jjndS(N(R5R1tset(RA((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pytabortscCs7t}|jt|jd|jj|dS(Ns ssh-userauth(R#tadd_byteRt add_stringR0t _send_message(RAtm((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyRKs   cCs^t}|jt|jt|jd|jd|jj||jjdS(NsService not availableten( R#RYRtadd_intRRZR0R[tclose(RAR\((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyt!_disconnect_service_not_availables     cCs^t}|jt|jt|jd|jd|jj||jjdS(NsNo more auth methods availableR]( R#RYRR^RRZR0R[R_(RAR\((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyt_disconnect_no_more_auths     cCst}|j|jj|jt|j||j||jd|jt|jr|j|jj |j|jj n |j|j |j||j S(NRO( R#RZR0t session_idRYRt add_booleanR?t public_blobtkey_typetkey_blobtget_nametasbytes(RARPtserviceR2R\((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyt_get_session_blobs        cCs8d}|jjdk r1tj|jj}nxtr|jd|jjs|jj}|dkst|j t rt d}n|n|j rPn|dk r4|tjkr4t dq4q4W|j s4|jj}|dkrt d}nt|j tr+|jS|ngS(Ng?sAuthentication failed.sAuthentication timeout.(R1R0t auth_timeoutttimeR?twaitt is_activet get_exceptiont issubclasst __class__tEOFErrorR&tis_setRER(t allowed_types(RARMtmax_tste((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pytwait_for_responses,       cCs|j}|jjr|dkrt}|jt|j||jj||jjj \}}|rt}|jt |j||j||jj|ndS|j dS(Ns ssh-userauth( tget_textR0RFR#RYRRZR[t server_objectt get_bannerR"R`(RAR\RiR7tlanguage((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyt_parse_service_requests        cCs|j}|dkr|jtdt}|jt|j|j|jd|j|j|jdkr|j t t |j }|j|nE|jdkr`|j t |jjr|j|jjj|j|jjjn&|j|jj|j|j|j|jd|j}|jj|}|j|n|jdkr|jd|j|jn\|jdkret|j|j}|j|j|jj||jjj\}}|tkr"|j||jjj\}}n|t kr|j!}t}|jt"y&|j|j#|j$||jWnt%k r} |j&| SX|jj|xt rj|jjj\}}|t'kr|j!} y"|j#|j$||j| } Wnt%k r } |j&| SX| dkr1Pqgt}|jt"|j| |jj)|qqWt*d j+t,|t}|jt-|j|j.|jj/q|t0krt*d q|t1kr,|j2} |j2} |j!}|j!t*d j+| | |q|t3krI|j4|dSt*d j+t,|n|jd kr|jj5r|jj6}|j7|j|j.|jj/}|j|n*|jd krnt*dj+|j|jj|n|jtdj+|dS(Ns ssh-userauthsuserauth is OKsssh-connectionR8ROskeyboard-interactiveR-sgssapi-with-micsReceived Package: {}sServer returned an error tokensCGSS-API Error: Major Status: {} Minor Status: {} Error Message: {} s gssapi-keyexRHsUnknown auth method "{}"s!Service request "{}" accepted (?)(8RxRCRR#RYRRZR2R6RcR3R$R8R?R9RdReRfRgRjt sign_ssh_dataR;R*R@t add_bytest ssh_gss_oidsR0R[t packetizert read_messageRt_parse_userauth_bannerRt get_stringRtssh_init_sec_contextR>R+t_handle_local_gss_failureRR1t send_messageR%tformatR!Rt ssh_get_micRbRRtget_intRt_parse_userauth_failuret gss_kex_usedt kexgss_ctxtt set_username(RAR\RiR8tblobtsigtsshgsstptypetmechRvt srv_tokent next_tokent maj_statust min_statusterr_msgtkexgsst mic_token((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyt_parse_service_accepts                                    cCs t}|tkrG|jtdj||jtt|_nz|jtdj||jt |j |j j j ||tkr|jtn|jt|jd7_|j j||jdkr|jn|tkr |j jndS(NsAuth granted ({}).sAuth rejected ({}).ii (R#RRCRRRYR R?R4R RZR0Rytget_allowed_authsR RcR3R=R[Rat _auth_trigger(RAR2tmethodtresultR\((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyt_send_auth_resultus$         cCst}|jt|j|j|j|j|jt|jt|j x3|j D](}|j|d|j |dqfW|j j |dS(Nii( R#RYR RZtnamet instructionstbytesR^tlentpromptsRcR0R[(RAtqR\tp((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyt_interactive_querys  cCs|jjsPt}|jt|jd|jt|jj|dS|j r]dS|j }|j }|j }|j t dj ||||dkr|jdS|jdk r|j|kr|j td|jdS||_|jjj}|dkr5|jjj|}n|dkr|j}|j}y|jd}Wntk rnX|r|j t d|j} y| jdd} Wntk rnXt}q|jjj||}n|d kr|j} |j } |j} y |jj| t| } Wnxtk rz}|j td j t|d} nAt k r}d }|j t|j |j!j"|d} nX| dkr|jdS|jjj#|| }|tkr| sCt}|jt$|j| |j| |jj|dSt|j}|j%| ||}| j&||s|j td t}qqn*|d kr|j'}|jjj(||}t)|t*r|j+|dSn|dkr|rt,|}|j-}|dkrA|j td|jn|j'}|j.|}|s|j td|jn|j/d}t}|jt0|j1|t2|||j_3t4t5t6f|j_7|jj|dS|dkr|r|j'}|jj8}|dkrAt}|j9|||ny |j:||jj;|jWn-t k rt}|j9|||nXt<}|jjj=||n|jjj|}|j9|||dS(NRHs.Auth request (type={}) service={}, username={}sssh-connectionsKAuth rejected because the client attempted to change username in mid-flightR8sUTF-8s+Auth request to change passwords (rejected)treplaceROsAuth rejected: public key: {}s9Auth rejected: unsupported or mangled public key ({}: {})s Auth rejected: invalid signatureskeyboard-interactivesgssapi-with-micis8Disconnect: Received more than one GSS-API OID mechanisms5Disconnect: Received an invalid GSS-API OID mechanismtservers gssapi-keyex(>R0RFR#RYR RZRcR3R[R4RxRCRRR`R<R1R RaRytenable_auth_gssapitcheck_auth_nonet get_booleant get_binarytdecodet UnicodeErrorRtcheck_auth_passwordt _key_infoR%Rtstrt ExceptionRqt__name__tcheck_auth_publickeyRRjtverify_ssh_sigRtcheck_auth_interactivet isinstanceR)RR*Rtssh_check_mechRRR~tGssapiWithMicAuthHandlert auth_handlerRRRt_expected_packetRRt ssh_check_micRbRtcheck_auth_gssapi_keyex(RAR\R2RiRtgss_authRt changereqR8t newpasswordt sig_attachedtkeytypetkeyblobRPRvtmsgRRR;Rtmechst desired_mechtmech_oktsupported_mechR((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyt_parse_userauth_requests                            "                                cCsU|jtdj|jt|_|jj|jdk rQ|jj ndS(NsAuthentication ({}) successful!( RCRRR6R?R4R0RR5R1RW(RAR\((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyt_parse_userauth_successAs  cCs|j}|j}|r]|jtd|jtdt|t||j_n|j |krx9dj |j dj |fD]}|jt|qWt d||j_n|jtdj |j t |_ d|_|jdk r |jjndS(NsAuthentication continues...s Methods: s'Authentication type ({}) not permitted.sAllowed methods: {}sBad authentication typesAuthentication ({}) failed.(tget_listRRCRRRR(R0tsaved_exceptionR6RR'R3R4R1R2R5RW(RAR\tauthlisttpartialR((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyRJs*     cCs2|j}||_|jtdj|dS(NsAuth banner: {}(RR7RCRR(RAR\R7((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyRfs  c Cs|jdkrtdn|j}|j}|j|j}g}x3t|D]%}|j|j|jfq_W|j|||}t }|j t |j t |x|D]}|j|qW|jj|dS(Nskeyboard-interactives Illegal info request from server(R6R%RxRRtrangetappendRR:R#RYRR^RRZR0R[( RAR\ttitleRRt prompt_listtit response_listtr((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyt_parse_userauth_info_requestls"    #   cCs|jjstdn|j}g}x't|D]}|j|jq:W|jjj|}t |t r|j |dS|j |j d|dS(Ns!Illegal info response from serverskeyboard-interactive(R0RFR%RRRRxRytcheck_auth_interactive_responseRR)RRR<(RAR\tnt responsesRR((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyt_parse_userauth_info_responses     cCsv||j_|jtdj||jtdj|jt|_d|_ |j dk rr|j j ndS(NsGSSAPI failure: {}sAuthentication ({}) failed.( R0RRCRRRR6R3R4R1R2R5RW(RARv((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyRs    ('Rt __module__t__doc__RBRCRERGRNRQRRRTRURVRXRKR`RaRjRwR|RRRRRRRRRRRRRRRRRRt_handler_table(((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyR,3sJ           }      RcBseZdZdZdZdZedZedZedZ edZ dZ d Z d Z d Zd Ziee6ee6e e6e e6ZRS( sA specialized Auth handler for gssapi-with-mic During the GSSAPI token exchange we need a modified dispatch table, because the packet type numbers are not unique. sgssapi-with-miccCs||_||_dS(N(t _delegateR(RAtdelegateR((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyRBs cCs|j|jjS(N(t_restore_delegate_auth_handlerRRX(RA((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyRXs cCs |jjS(N(RR0(RA((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyR0scCs |jjS(N(RR(RA((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyRscCs |jjS(N(RR<(RA((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyR<scCs |jjS(N(RR>(RA((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyR>scCs|j|j_dS(N(RR0R(RA((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyRscCs|j}|j}y|j|j||j}WnKtk r}||j_t}|j |j |j|j |nX|dk rt }|jt|j|tttf|j_|jj|ndS(N(RRtssh_accept_sec_contextR>R<RR0RRRRRR1R#RYRRZRR RRR[(RAR\t client_tokenRttokenRvR((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyt_parse_userauth_gssapi_tokens(         cCs|j}|j}|j}|jy|j||jj|Wn>tk r}||j_t }|j ||j |nXt }|jj j|||j ||j |dS(N(RRR<RRR0RbRRRRRRRytcheck_auth_gssapi_with_mic(RAR\RRR2RvR((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyt_parse_userauth_gssapi_mics"        cCs|j|jj|S(N(RRR|(RAR\((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyR|s cCs|j|jj|S(N(RRR(RAR\((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyRs (RRRRRBRXtpropertyR0RR<R>RRRR|RRRRR R(((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyRs$       (8RR.Rltparamiko.commonRRRRRRRRRR R R R R RRRRRRRRRRRRRRRRRRR R!R"tparamiko.messageR#tparamiko.py3compatR$tparamiko.ssh_exceptionR%R&R'R(tparamiko.serverR)tparamiko.ssh_gssR*R+tobjectR,R(((s9/tmp/pip-install-KP2Jbq/paramiko/paramiko/auth_handler.pyts  "v