3 L]|@sdZddlZddlZddlmZmZmZmZmZm Z m Z m Z m Z m Z mZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&ddl'm(Z(ddl)m*Z*ddl+m,Z,m-Z-m.Z.m/Z/ddl0m1Z1ddl2m3Z3m4Z4Gd d d e5Z6Gd d d e5Z7dS) z `.AuthHandler` N)#cMSG_SERVICE_REQUESTcMSG_DISCONNECT DISCONNECT_SERVICE_NOT_AVAILABLE)DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLEcMSG_USERAUTH_REQUESTcMSG_SERVICE_ACCEPTDEBUGAUTH_SUCCESSFULINFOcMSG_USERAUTH_SUCCESScMSG_USERAUTH_FAILUREAUTH_PARTIALLY_SUCCESSFULcMSG_USERAUTH_INFO_REQUESTWARNING AUTH_FAILEDcMSG_USERAUTH_PK_OKcMSG_USERAUTH_INFO_RESPONSEMSG_SERVICE_REQUESTMSG_SERVICE_ACCEPTMSG_USERAUTH_REQUESTMSG_USERAUTH_SUCCESSMSG_USERAUTH_FAILUREMSG_USERAUTH_BANNERMSG_USERAUTH_INFO_REQUESTMSG_USERAUTH_INFO_RESPONSEcMSG_USERAUTH_GSSAPI_RESPONSEcMSG_USERAUTH_GSSAPI_TOKENcMSG_USERAUTH_GSSAPI_MICMSG_USERAUTH_GSSAPI_RESPONSEMSG_USERAUTH_GSSAPI_TOKENMSG_USERAUTH_GSSAPI_ERRORMSG_USERAUTH_GSSAPI_ERRTOKMSG_USERAUTH_GSSAPI_MIC MSG_NAMEScMSG_USERAUTH_BANNER)Message)b) SSHExceptionAuthenticationExceptionBadAuthenticationTypePartialAuthentication)InteractiveQuery)GSSAuthGSS_EXCEPTIONSc @seZdZdZddZddZddZdd Zd d Zd d Z ddZ d|jjjz||_d|_||_|jWd|jjjXdS)Nnone)r2lockacquirer5r6r3 _request_authrelease)r@r3eventrArArB auth_nonens  zAuthHandler.auth_nonec CsD|jjjz$||_d|_||_||_|jWd|jjjXdS)N publickey) r2rJrKr5r6r3r9rLrM)r@r3keyrNrArArBauth_publickeyxs  zAuthHandler.auth_publickeyc CsD|jjjz$||_d|_||_||_|jWd|jjjXdS)Nr8) r2rJrKr5r6r3r8rLrM)r@r3r8rNrArArB auth_passwords  zAuthHandler.auth_passwordr/c CsJ|jjjz*||_d|_||_||_||_|jWd|jjj XdS)zK response_list = handler(title, instructions, prompt_list) zkeyboard-interactiveN) r2rJrKr5r6r3r:r;rLrM)r@r3handlerrNr;rArArBauth_interactives  zAuthHandler.auth_interactivec CsJ|jjjz*||_d|_||_||_||_|jWd|jjj XdS)Nzgssapi-with-mic) r2rJrKr5r6r3r>r?rLrM)r@r3r>r?rNrArArBauth_gssapi_with_mics  z AuthHandler.auth_gssapi_with_micc Cs>|jjjz||_d|_||_|jWd|jjjXdS)Nz gssapi-keyex)r2rJrKr5r6r3rLrM)r@r3rNrArArBauth_gssapi_keyexs  zAuthHandler.auth_gssapi_keyexcCs|jdk r|jjdS)N)r5set)r@rArArBaborts zAuthHandler.abortcCs*t}|jt|jd|jj|dS)Nz ssh-userauth)r%add_byter add_stringr2 _send_message)r@mrArArBrLs  zAuthHandler._request_authcCsHt}|jt|jt|jd|jd|jj||jjdS)NzService not availableen) r%rZradd_intrr[r2r\close)r@r]rArArB!_disconnect_service_not_availables     z-AuthHandler._disconnect_service_not_availablecCsHt}|jt|jt|jd|jd|jj||jjdS)NzNo more auth methods availabler^) r%rZrr_rr[r2r\r`)r@r]rArArB_disconnect_no_more_auths     z$AuthHandler._disconnect_no_more_authcCst}|j|jj|jt|j||j||jd|jd|jrj|j|jj|j|jj n|j|j |j||j S)NrPT) r%r[r2 session_idrZr add_boolean public_blobkey_typekey_blobget_nameZasbytes)r@rQservicer3r]rArArB_get_session_blobs      zAuthHandler._get_session_blobcCsd}|jjdk r tj|jj}xh|jd|jjs`|jj}|dksTt|jtr\t d}||j rjP|dk r"|tjkr"t dq"W|j s|jj}|dkrt d}t|jt r|j S|gS)Ng?zAuthentication failed.zAuthentication timeout.)r2Z auth_timeouttimewaitZ is_activeZ get_exception issubclass __class__EOFErrorr(is_setrFr*Z allowed_types)r@rNZmax_tserArArBwait_for_responses,       zAuthHandler.wait_for_responsecCs|j}|jjr|dkrt}|jt|j||jj||jjj \}}|rt}|jt |j||j||jj|dS|j dS)Nz ssh-userauth) get_textr2rGr%rZrr[r\ server_objectZ get_bannerr$ra)r@r]rir7languagerArArB_parse_service_requests       z"AuthHandler._parse_service_requestcCs|j}|dkr|jtdt}|jt|j|j|jd|j|j|jdkr||j dt |j }|j|nB|jdkr|j d|j j r|j|j j j|j|j j jn|j|j j|j|j |j|j d|j}|j j|}|j|n|jdkr*|jd |j|jn|jd kr\t|j|j}|j|j|jj||jjj\}}|tkr|j||jjj\}}|tkr|j}t}|jt y|j|j!|j"||jWn(t#k r} z |j$| Sd} ~ XnX|jj|x|jjj\}}|t%kr|j} y|j!|j"||j| } Wn(t#k rj} z |j$| Sd} ~ XnX| dkrzPn&t}|jt |j| |jj&|qWt'd j(t)|t}|jt*|j|j+|jj,n||t-krt'd nh|t.kr0|j/} |j/} |j}|jt'd j(| | |n*|t0krH|j1|dSt'd j(t)|nb|jdkr|jj2r|jj3}|j4|j|j+|jj,}|j|n|jdkrnt'dj(|j|jj|n|jtdj(|dS)Nz ssh-userauthzuserauth is OKzssh-connectionr8FrPTzkeyboard-interactiver/zgssapi-with-miczReceived Package: {}zServer returned an error tokenzCGSS-API Error: Major Status: {} Minor Status: {} Error Message: {} z gssapi-keyexrIzUnknown auth method "{}"z!Service request "{}" accepted (?))5rsrDrr%rZrr[r3r6rdr&r8r9rerfrgrhrjZ sign_ssh_datar;r,r? add_bytes ssh_gss_oidsr2r\Z packetizerZ read_messager_parse_userauth_bannerr get_stringrZssh_init_sec_contextr>r-_handle_local_gss_failurer send_messager'formatr#rZ ssh_get_micrcr!r get_intr_parse_userauth_failureZ gss_kex_used kexgss_ctxtZ set_username)r@r]rir8blobsigsshgssptypeZmechrqZ srv_tokenZ next_tokenZ maj_statusZ min_statuserr_msgZkexgss mic_tokenrArArB_parse_service_accepts                                      z!AuthHandler._parse_service_acceptcCst}|tkr2|jtdj||jtd|_n\|jtdj||jt|j |j j j ||t krv|jdn|jd|jd7_|j j||jdkr|j|tkr|j jdS)NzAuth granted ({}).TzAuth rejected ({}).F )r%r rDr r}rZr r4r r[r2rtZget_allowed_authsr rdr=r\rb _auth_trigger)r@r3methodresultr]rArArB_send_auth_results$      zAuthHandler._send_auth_resultcCst}|jt|j|j|j|j|jt|jt|j x*|j D] }|j|d|j |dqLW|j j |dS)Nrr) r%rZrr[name instructionsbytesr_lenpromptsrdr2r\)r@qr]prArArB_interactive_querys     zAuthHandler._interactive_querycCs|jjs)r@rArArBr>sz!GssapiWithMicAuthHandler.gss_hostcCs|j|j_dS)N)rr2r)r@rArArBrsz7GssapiWithMicAuthHandler._restore_delegate_auth_handlercCs|j}|j}y|j|j||j}WnJtk rn}z.||j_t}|j |j |j|j |WYdd}~XnX|dk rt }|j t|j|tttf|j_|jj|dS)N)rzrZssh_accept_sec_contextr>r<rr2rrrrrr%rZrr[rr"rrr\)r@r]Z client_tokenrtokenrqrrArArB_parse_userauth_gssapi_token s&   z5GssapiWithMicAuthHandler._parse_userauth_gssapi_tokencCs|j}|j}|j}|jy|j||jj|Wn@tk rr}z$||j_t }|j ||j |WYdd}~XnXt }|jj j|||j ||j |dS)N)rzrr<rrr2rcrrrrrr rtZcheck_auth_gssapi_with_mic)r@r]rrr3rqrrArArB_parse_userauth_gssapi_mic$s z3GssapiWithMicAuthHandler._parse_userauth_gssapi_miccCs|j|jj|S)N)rrrv)r@r]rArArBrv<sz/GssapiWithMicAuthHandler._parse_service_requestcCs|j|jj|S)N)rrr)r@r]rArArBr@sz0GssapiWithMicAuthHandler._parse_userauth_requestcCs|jS)N)(_GssapiWithMicAuthHandler__handler_table)r@rArArBrKsz'GssapiWithMicAuthHandler._handler_tableN)rrrrrrCrYrr2rr<r>rrrrvrrrrr"rrrArArArBrs$    r)8rr0rkZparamiko.commonrrrrrrrr r r r r rrrrrrrrrrrrrrrrrrr r!r"r#r$Zparamiko.messager%Zparamiko.py3compatr&Zparamiko.ssh_exceptionr'r(r)r*Zparamiko.serverr+Zparamiko.ssh_gssr,r-objectr.rrArArArBs%