U 7Ódþ§ã@s8dZddlZddlZddlZddlZddlmZmZmZm Z m Z m Z m Z m Z mZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(ddl)m*Z*ddl+m,Z,m-Z-ddl.m/Z/m0Z0m1Z1m2Z2ddl3m4Z4ddl5m6Z6m7Z7Gd d „d ƒZ8Gd d „d ƒZ9Gd d„de8ƒZ:dS)z `.AuthHandler` éN)#ÚcMSG_SERVICE_REQUESTÚcMSG_DISCONNECTÚ DISCONNECT_SERVICE_NOT_AVAILABLEÚ)DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLEÚcMSG_USERAUTH_REQUESTÚcMSG_SERVICE_ACCEPTÚDEBUGÚAUTH_SUCCESSFULÚINFOÚcMSG_USERAUTH_SUCCESSÚcMSG_USERAUTH_FAILUREÚAUTH_PARTIALLY_SUCCESSFULÚcMSG_USERAUTH_INFO_REQUESTÚWARNINGÚ AUTH_FAILEDÚcMSG_USERAUTH_PK_OKÚcMSG_USERAUTH_INFO_RESPONSEÚMSG_SERVICE_REQUESTÚMSG_SERVICE_ACCEPTÚMSG_USERAUTH_REQUESTÚMSG_USERAUTH_SUCCESSÚMSG_USERAUTH_FAILUREÚMSG_USERAUTH_BANNERÚMSG_USERAUTH_INFO_REQUESTÚMSG_USERAUTH_INFO_RESPONSEÚcMSG_USERAUTH_GSSAPI_RESPONSEÚcMSG_USERAUTH_GSSAPI_TOKENÚcMSG_USERAUTH_GSSAPI_MICÚMSG_USERAUTH_GSSAPI_RESPONSEÚMSG_USERAUTH_GSSAPI_TOKENÚMSG_USERAUTH_GSSAPI_ERRORÚMSG_USERAUTH_GSSAPI_ERRTOKÚMSG_USERAUTH_GSSAPI_MICÚ MSG_NAMESÚcMSG_USERAUTH_BANNER)ÚMessage)ÚbÚu)Ú SSHExceptionÚAuthenticationExceptionÚBadAuthenticationTypeÚPartialAuthentication)ÚInteractiveQuery)ÚGSSAuthÚGSS_EXCEPTIONSc@s.eZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd d „Z dd„Z dHdd„Z dd„Z dd„Z dd„Zdd„Zdd„Zdd„Zdd „Zd!d"„Zd#d$„Zd%d&„Zd'd(„Zd)d*„Zd+d,„Zd-d.„Zd/d0„Zd1d2„Zd3d4„Zd5d6„Zd7d8„Zd9d:„Zd;d<„Z d=d>„Z!d?d@„Z"e#dAdB„ƒZ$e#dCdD„ƒZ%e#dEdF„ƒZ&dGS)IÚ AuthHandlerzC Internal class to handle the mechanics of authentication. cCs^t |¡|_d|_d|_d|_d|_d|_d|_d|_ d|_ d|_ d|_ d|_ d|_d|_dS)NFÚrT)ÚweakrefÚproxyÚ transportÚusernameÚ authenticatedÚ auth_eventÚ auth_methodÚbannerÚpasswordÚ private_keyÚinteractive_handlerÚ submethodsÚ auth_usernameÚauth_fail_countÚgss_hostÚgss_deleg_creds)Úselfr3©rBúW/var/www/html/alexa-login-pro/venv/lib/python3.8/site-packages/paramiko/auth_handler.pyÚ__init__Rs zAuthHandler.__init__cGs |jj|ŽS©N)r3Ú_log)rAÚargsrBrBrCrFdszAuthHandler._logcCs|jSrE)r5©rArBrBrCÚis_authenticatedgszAuthHandler.is_authenticatedcCs|jjr|jS|jSdSrE)r3Ú server_moder=r4rHrBrBrCÚ get_usernamejszAuthHandler.get_usernamecCs>|jj ¡z||_d|_||_| ¡W5|jj ¡XdS©NÚnone©r3ÚlockÚacquireÚreleaser6r7r4Ú _request_auth©rAr4ÚeventrBrBrCÚ auth_noneps  zAuthHandler.auth_nonecCsD|jj ¡z$||_d|_||_||_| ¡W5|jj ¡XdS)NÚ publickey) r3rOrPrQr6r7r4r:rR)rAr4ÚkeyrTrBrBrCÚauth_publickeyzs  zAuthHandler.auth_publickeycCsD|jj ¡z$||_d|_||_||_| ¡W5|jj ¡XdS)Nr9) r3rOrPrQr6r7r4r9rR)rAr4r9rTrBrBrCÚ auth_password…s  zAuthHandler.auth_passwordr0cCsJ|jj ¡z*||_d|_||_||_||_|  ¡W5|jj ¡XdS)úK response_list = handler(title, instructions, prompt_list) úkeyboard-interactiveN) r3rOrPrQr6r7r4r;r<rR)rAr4ÚhandlerrTr<rBrBrCÚauth_interactives  zAuthHandler.auth_interactivecCsJ|jj ¡z*||_d|_||_||_||_|  ¡W5|jj ¡XdS)Núgssapi-with-mic) r3rOrPrQr6r7r4r?r@rR)rAr4r?r@rTrBrBrCÚauth_gssapi_with_micŸs  z AuthHandler.auth_gssapi_with_miccCs>|jj ¡z||_d|_||_| ¡W5|jj ¡XdS)Nú gssapi-keyexrNrSrBrBrCÚauth_gssapi_keyex«s  zAuthHandler.auth_gssapi_keyexcCs|jdk r|j ¡dSrE)r6ÚsetrHrBrBrCÚabortµs zAuthHandler.abortcCs*tƒ}| t¡| d¡|j |¡dS©Nú ssh-userauth)r%Úadd_byterÚ add_stringr3Ú _send_message©rAÚmrBrBrCrR»s  zAuthHandler._request_authcCsHtƒ}| t¡| t¡| d¡| d¡|j |¡|j ¡dS)NzService not availableÚen) r%rfrÚadd_intrrgr3rhÚcloserirBrBrCÚ!_disconnect_service_not_availableÁs     z-AuthHandler._disconnect_service_not_availablecCsHtƒ}| t¡| t¡| d¡| d¡|j |¡|j ¡dS)NzNo more auth methods availablerk) r%rfrrlrrgr3rhrmrirBrBrCÚ_disconnect_no_more_authÊs     z$AuthHandler._disconnect_no_more_authcCs&|jr|jj|jjfS| ¡|fSdS)z Given any key, return its type/algorithm & bits-to-sign. Intended for input to or verification of, key signatures. N)Z public_blobÚkey_typeZkey_blobÚget_name)rArWrBrBrCÚ_get_key_type_and_bitsÓsz"AuthHandler._get_key_type_and_bitscCsptƒ}| |jj¡| t¡| |¡| |¡| d¡| d¡| |¡\}}| |¡| |¡| ¡S)NrVT) r%rgr3Ú session_idrfrÚ add_booleanrrZasbytes)rArWÚservicer4Ú algorithmrjÚ_ÚbitsrBrBrCÚ_get_session_blobßs       zAuthHandler._get_session_blobcCsÂd}|jjdk r t ¡|jj}| d¡|j ¡s^|j ¡}|dksRt|jtƒrZt dƒ}|‚|  ¡rhq†|dk r |t ¡kr t dƒ‚q |  ¡s¾|j ¡}|dkr¨t dƒ}t|jt ƒrº|j S|‚gS)Ngš™™™™™¹?z5Authentication failed: transport shut down or saw EOFzAuthentication timeout.zAuthentication failed.)r3Z auth_timeoutÚtimeÚwaitÚ is_activeZ get_exceptionÚ issubclassÚ __class__ÚEOFErrorr)Úis_setrIr+Z allowed_types)rArTZmax_tsÚerBrBrCÚwait_for_responseìs.    ÿ   zAuthHandler.wait_for_responsecCs’| ¡}|jjr†|dkr†tƒ}| t¡| |¡|j |¡|jj  ¡\}}|r‚tƒ}| t ¡| |¡| |¡|j |¡dS|  ¡dSrd) Úget_textr3rJr%rfrrgrhÚ server_objectZ get_bannerr$rn)rArjrur8ÚlanguagerBrBrCÚ_parse_service_request s       z"AuthHandler._parse_service_requestcCsF|jj}| dd¡|kr2d}| t| |¡¡dS|jj|t|ƒƒS)Nú-cert-v01@openssh.comr0zOsz:AuthHandler._finalize_pubkey_algorithm..zOur pubkey algorithm list: {}zFAn RSA key was specified, but no RSA pubkey algorithms are configured!zserver-sig-algsr0ú,zServer-side algorithm list: {}rz)No common pubkey algorithms exist! Dying.z=Unable to agree on a pubkey algorithm for signing a {!r} key!)rFrrŠÚendswithÚreÚsearchr3Úremote_versionZ_agreed_pubkey_algorithmrˆr(r'Zserver_extensionsÚgetr&ÚsplitÚlistÚfilterÚ __contains__r)r’)rArprrZserver_algo_strZ server_algosZ agreementrrBrBrCÚ_finalize_pubkey_algorithm3slÿþ ÿ ÿÿÿ ÿþ ÿ z&AuthHandler._finalize_pubkey_algorithmc CsÞ| ¡}|dkrÈ| td¡tƒ}| t¡| |j¡| d¡| |j¡|jdkr||  d¡t |j ƒ}| |¡n>|jdkrî|  d¡|  |j ¡\}}| |¡}| |¡| |¡| |j d|j|¡}|j  ||¡}| |¡nÌ|jdkr| d ¡| |j¡n¦|jd krXt|j|jƒ} | |  ¡¡|j |¡|jj ¡\} }| tkr|| |¡|jj ¡\} }| tkrÚ| ¡} tƒ}| t¡z| |  |j | |j¡¡Wn2t!k rì} z| "| ¡WY¢Sd} ~ XYnX|j |¡|jj ¡\} }| t#krú| ¡} z|  |j | |j| ¡}Wn2t!k rf} z| "| ¡WY¢Sd} ~ XYnX|dkrxq´n&tƒ}| t¡| |¡|j $|¡qút%d  &t'| ¡ƒ‚tƒ}| t(¡| |  )|jj*¡¡n|| t+krît%d ƒ‚nh| t,kr,| -¡}| -¡}| ¡}| ¡t%d  &|||¡ƒ‚n*| t.krD| /|¡dSt%d  &t'| ¡ƒ‚nb|jdkrœ|jj0rœ|jj1}| 2|j¡| )|jj*¡}| |¡n|jdkrªnt%d &|j¡ƒ‚|j |¡n| td &|¡¡dS)Nrezuserauth is OKússh-connectionr9FrVTr[r0r^zReceived Package: {}zServer returned an error tokenzCGSS-API Error: Major Status: {} Minor Status: {} Error Message: {} r`rMzUnknown auth method "{}"z!Service request "{}" accepted (?))3rƒrFrr%rfrrgr4r7rtr&r9rrr:r¡ryÚ sign_ssh_datar<r-r@Ú add_bytesÚ ssh_gss_oidsr3rhZ packetizerZ read_messagerÚ_parse_userauth_bannerrÚ get_stringrZssh_init_sec_contextr?r.Ú_handle_local_gss_failurerÚ send_messager(rŠr#rZ ssh_get_micrsr!r Úget_intrÚ_parse_userauth_failureZ gss_kex_usedÚ kexgss_ctxtZ set_username)rArjrur9rprxrvÚblobÚsigÚsshgssÚptypeZmechrZ srv_tokenZ next_tokenZ maj_statusZ min_statusÚerr_msgZkexgssÚ mic_tokenrBrBrCÚ_parse_service_accept{sä              ü        ÿÿ   ü     ÿ    ûÿ   ÿÿþ    ÿÿz!AuthHandler._parse_service_acceptcCsÂtƒ}|tkr2| td |¡¡| t¡d|_n\| td |¡¡| t¡|  |j j   |¡¡|t krv| d¡n| d¡|jd7_|j  |¡|jdkr¬| ¡|tkr¾|j  ¡dS)NzAuth granted ({}).TzAuth rejected ({}).Féé )r%r rFr rŠrfr r5r rgr3r„Zget_allowed_authsr rtr>rhroÚ _auth_trigger)rAr4ÚmethodÚresultrjrBrBrCÚ_send_auth_results&   ÿ    zAuthHandler._send_auth_resultcCs|tƒ}| t¡| |j¡| |j¡| tƒ¡| t|j ƒ¡|j D] }| |d¡|  |d¡qJ|j   |¡dS)Nrr´) r%rfrrgÚnameÚ instructionsÚbytesrlÚlenÚpromptsrtr3rh)rAÚqrjÚprBrBrCÚ_interactive_querys     zAuthHandler._interactive_queryc Csˆ|jjs| |||¡}t ƒ}|  t ¡|  t |ƒ¡|D]}| |¡qŠ|j |¡dS)Nr[z Illegal info request from server)r7r(rƒrÄrªÚrangeÚappendrÃr;r%rfrrlr½rgr3rh) rArjÚtitler»r¾Z prompt_listÚiZ response_listÚrrBrBrCÚ_parse_userauth_info_requests(  ÿ  z(AuthHandler._parse_userauth_info_requestcCsr|jjstdƒ‚| ¡}g}t|ƒD]}| | ¡¡q$|jj |¡}t |t ƒr^|  |¡dS|  |j d|¡dS)Nz!Illegal info response from serverr[)r3rJr(rªrÔrÕrƒr„Zcheck_auth_interactive_responserÊr,rÁr¹r=)rArjÚnÚ responsesr×r¸rBrBrCÚ_parse_userauth_info_responses" ÿ  ÿz)AuthHandler._parse_userauth_info_responsecCsR||j_| td |¡¡| td |j¡¡d|_d|_|j dk rN|j   ¡dS)NzGSSAPI failure: {}rÑF) r3rÒrFrrŠr r7r5r4r6rb)rArrBrBrCr¨*s  z%AuthHandler._handle_local_gss_failurecCst|jt|jt|jiSrE)rr†rrÏrrÜrHrBrBrCÚ_server_handler_table<súz!AuthHandler._server_handler_tablec Cs"t|jt|jt|jt|jt|j iSrE) rr³rrÐrr«rr¦rrÙrHrBrBrCÚ_client_handler_tableHsûz!AuthHandler._client_handler_tablecCs|jjr|jS|jSdSrE)r3rJrÝrÞrHrBrBrCÚ_handler_tableTszAuthHandler._handler_tableN)r0)'rÉÚ __module__Ú __qualname__Ú__doc__rDrFrIrKrUrXrYr]r_rarcrRrnrorrryr‚r†rŽr’r¡r³r¹rÁrÏrÐr«r¦rÙrÜr¨ÚpropertyrÝrÞrßrBrBrBrCr/MsP           H 2   r/c@sœeZdZdZdZdd„Zdd„Zedd„ƒZed d „ƒZ ed d „ƒZ ed d„ƒZ dd„Z dd„Z dd„Zdd„Zdd„Zeeeeee eeiZedd„ƒZdS)rËz°A specialized Auth handler for gssapi-with-mic During the GSSAPI token exchange we need a modified dispatch table, because the packet type numbers are not unique. r^cCs||_||_dSrE)Ú _delegater¯)rAZdelegater¯rBrBrCrDesz!GssapiWithMicAuthHandler.__init__cCs| ¡|j ¡SrE)Ú_restore_delegate_auth_handlerrärcrHrBrBrCrciszGssapiWithMicAuthHandler.abortcCs|jjSrE)rär3rHrBrBrCr3msz"GssapiWithMicAuthHandler.transportcCs|jjSrE)rär¹rHrBrBrCr¹qsz*GssapiWithMicAuthHandler._send_auth_resultcCs|jjSrE)rär=rHrBrBrCr=usz&GssapiWithMicAuthHandler.auth_usernamecCs|jjSrE)rär?rHrBrBrCr?ysz!GssapiWithMicAuthHandler.gss_hostcCs|j|j_dSrE)rär3rÌrHrBrBrCrå}sz7GssapiWithMicAuthHandler._restore_delegate_auth_handlerc Cs°| ¡}|j}z| |j||j¡}WnJtk rn}z,||j_t}|  ¡|  |j|j |¡‚W5d}~XYnX|dk r¬t ƒ}|  t¡| |¡tttf|j_|j |¡dSrE)r§r¯Zssh_accept_sec_contextr?r=rÈr3rÒrrår¹r·r%rfrrgrr"rrÍrh)rArjZ client_tokenr¯Útokenrr¸rBrBrCÚ_parse_userauth_gssapi_token€s.ÿ  ýz5GssapiWithMicAuthHandler._parse_userauth_gssapi_tokenc Csœ| ¡}|j}|j}| ¡z| ||jj|¡Wn@tk rr}z"||j_t }|  ||j |¡‚W5d}~XYnXt }|jj  ||¡|  ||j |¡dSrE)r§r¯r=rårÎr3rsrÈrÒrr¹r·r r„Zcheck_auth_gssapi_with_mic)rArjr²r¯r4rr¸rBrBrCÚ_parse_userauth_gssapi_micšs*ÿÿz3GssapiWithMicAuthHandler._parse_userauth_gssapi_miccCs| ¡|j |¡SrE)rårär†rirBrBrCr†²sz/GssapiWithMicAuthHandler._parse_service_requestcCs| ¡|j |¡SrE)rårärÏrirBrBrCr϶sz0GssapiWithMicAuthHandler._parse_userauth_requestcCs|jSrE)Ú(_GssapiWithMicAuthHandler__handler_tablerHrBrBrCrßÁsz'GssapiWithMicAuthHandler._handler_tableN)rÉràrárâr·rDrcrãr3r¹r=r?rårçrèr†rÏrrrr"rérßrBrBrBrCrË\s8    ürËcsXeZdZdZe‡fdd„ƒZddd„Zdd„Zd d „Zd d „Z ddd„Z dd„Z ‡Z S)ÚAuthOnlyHandlerzU AuthHandler, and just auth, no service requests! .. versionadded:: 3.2 cstƒj ¡}|t=|SrE)ÚsuperrÞÚcopyr)rAZmy_table©r~rBrCrÞÓs z%AuthOnlyHandler._client_handler_tableNc Csx||_||_tƒ}| t¡| |¡| d¡| |¡||ƒ|jj|j |¡W5QRXt   ¡|_ |  |j ¡S)a³ Submit a userauth request message & wait for response. Performs the transport message send call, sets self.auth_event, and will lock-n-block as necessary to both send, and wait for response to, the USERAUTH_REQUEST. Most callers will want to supply a callback to ``finish_message``, which accepts a Message ``m`` and may call mutator methods on it to add more fields. r¢) r7r4r%rfrrgr3rOrhÚ threadingÚEventr6r‚)rAr4r·Zfinish_messagerjrBrBrCÚsend_auth_requestÙs      z!AuthOnlyHandler.send_auth_requestcCs | |d¡SrL©rð)rAr4rBrBrCrUszAuthOnlyHandler.auth_nonecsH| ˆ¡\}‰| |¡‰| ˆd|ˆ¡‰‡‡‡‡fdd„}| |d|¡S)Nr¢cs4| d¡| ˆ¡| ˆ¡| ˆ ˆˆ¡¡dS)NT)rtrgr£©rj©rvrxr­rWrBrCÚfinishs   z.AuthOnlyHandler.auth_publickey..finishrV)rrr¡ryrð)rAr4rWrprôrBrórCrXs ü zAuthOnlyHandler.auth_publickeycs‡fdd„}| |d|¡S)Ncs| d¡| tˆƒ¡dS)NF)rtrgr&rò©r9rBrCrôs z-AuthOnlyHandler.auth_password..finishr9rñ)rAr4r9rôrBrõrCrYs zAuthOnlyHandler.auth_passwordr0cs&d|_||_‡fdd„}| |d|¡S)rZZkeyboard_interactivecs| d¡| ˆ¡dS)Nr0)rgrò©r<rBrCrô/s z0AuthOnlyHandler.auth_interactive..finishr[)r7r;rð)rAr4r\r<rôrBrörCr]%s z AuthOnlyHandler.auth_interactivecCstd}| t|¡| dd¡}||ks,||krN||kr8|n|}d|›d}|}n|d}|›d|›}| t|¡|S)NzdServer did not send a server-sig-algs list; defaulting to something in our preferred algorithms listr‡r0zCurrent key type, z&, is in our preferred list; using thatrz3 not in our list - trying first list item instead, )rFrr‰)rArprr‘Znoncert_key_typeÚactualÚalgorBrBrCr’8s    z1AuthOnlyHandler._choose_fallback_pubkey_algorithm)N)r0) rÉràrárârãrÞrðrUrXrYr]r’Ú __classcell__rBrBrírCrêÈs  ) rê);râr1rîrzr™Zparamiko.commonrrrrrrrr r r r r rrrrrrrrrrrrrrrrrrr r!r"r#r$Zparamiko.messager%Z paramiko.utilr&r'Zparamiko.ssh_exceptionr(r)r*r+Zparamiko.serverr,Zparamiko.ssh_gssr-r.r/rËrêrBrBrBrCÚs&”%  l