ó Zäò[c@s|dZddlZddlmZmZmZmZmZmZm Z m Z m Z m Z m Z mZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(ddl)m*Z*ddl+m,Z,ddl-m.Z.m/Z/m0Z0m1Z1ddl2m3Z3ddl4m5Z5d e6fd „ƒYZ7dS( s `.AuthHandler` iÿÿÿÿN(&tcMSG_SERVICE_REQUESTtcMSG_DISCONNECTt DISCONNECT_SERVICE_NOT_AVAILABLEt)DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLEtcMSG_USERAUTH_REQUESTtcMSG_SERVICE_ACCEPTtDEBUGtAUTH_SUCCESSFULtINFOtcMSG_USERAUTH_SUCCESStcMSG_USERAUTH_FAILUREtAUTH_PARTIALLY_SUCCESSFULtcMSG_USERAUTH_INFO_REQUESTtWARNINGt AUTH_FAILEDtcMSG_USERAUTH_PK_OKtcMSG_USERAUTH_INFO_RESPONSEtMSG_SERVICE_REQUESTtMSG_SERVICE_ACCEPTtMSG_USERAUTH_REQUESTtMSG_USERAUTH_SUCCESStMSG_USERAUTH_FAILUREtMSG_USERAUTH_BANNERtMSG_USERAUTH_INFO_REQUESTtMSG_USERAUTH_INFO_RESPONSEtcMSG_USERAUTH_GSSAPI_RESPONSEtcMSG_USERAUTH_GSSAPI_TOKENt&cMSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETEtcMSG_USERAUTH_GSSAPI_ERRORtcMSG_USERAUTH_GSSAPI_ERRTOKtcMSG_USERAUTH_GSSAPI_MICtMSG_USERAUTH_GSSAPI_RESPONSEtMSG_USERAUTH_GSSAPI_TOKENt%MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETEtMSG_USERAUTH_GSSAPI_ERRORtMSG_USERAUTH_GSSAPI_ERRTOKtMSG_USERAUTH_GSSAPI_MICt MSG_NAMES(tMessage(t bytestring(t SSHExceptiontAuthenticationExceptiontBadAuthenticationTypetPartialAuthentication(tInteractiveQuery(tGSSAutht AuthHandlercBsEeZdZd„Zd„Zd„Zd„Zd„Zd„Zdd„Z d „Z d „Z d „Z d „Z d „Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Ziee6ee6ee6Ziee 6ee!6ee"6ee#6ee$6Z%e&d„ƒZ'RS(sC Internal class to handle the mechanics of authentication. cCs‹tj|ƒ|_d|_t|_d|_d|_d|_ d|_ d|_ d|_ d|_ d|_d|_d|_t|_dS(Nti(tweakreftproxyt transporttNonetusernametFalset authenticatedt auth_eventt auth_methodtbannertpasswordt private_keytinteractive_handlert submethodst auth_usernametauth_fail_counttgss_hosttTruetgss_deleg_creds(tselfR2((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt__init__4s            cCs|jS(N(R6(RC((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pytis_authenticatedFscCs|jjr|jS|jSdS(N(R2t server_modeR>R4(RC((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt get_usernameIs cCsQ|jjjƒz)||_d|_||_|jƒWd|jjjƒXdS(Ntnone(R2tlocktacquireR7R8R4t _request_authtrelease(RCR4tevent((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt auth_noneOs   cCsZ|jjjƒz2||_d|_||_||_|jƒWd|jjjƒXdS(Nt publickey( R2RIRJR7R8R4R;RKRL(RCR4tkeyRM((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pytauth_publickeyYs    cCsZ|jjjƒz2||_d|_||_||_|jƒWd|jjjƒXdS(NR:( R2RIRJR7R8R4R:RKRL(RCR4R:RM((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt auth_passwordds    R/cCsc|jjjƒz;||_d|_||_||_||_|jƒWd|jjj ƒXdS(sK response_list = handler(title, instructions, prompt_list) skeyboard-interactiveN( R2RIRJR7R8R4R<R=RKRL(RCR4thandlerRMR=((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pytauth_interactiveos     cCsc|jjjƒz;||_d|_||_||_||_|jƒWd|jjj ƒXdS(Nsgssapi-with-mic( R2RIRJR7R8R4R@RBRKRL(RCR4R@RBRM((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pytauth_gssapi_with_mic~s     cCsQ|jjjƒz)||_d|_||_|jƒWd|jjjƒXdS(Ns gssapi-keyex(R2RIRJR7R8R4RKRL(RCR4RM((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pytauth_gssapi_keyexŠs   cCs#|jdk r|jjƒndS(N(R7R3tset(RC((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pytabort”scCs7tƒ}|jtƒ|jdƒ|jj|ƒdS(Ns ssh-userauth(R&tadd_byteRt add_stringR2t _send_message(RCtm((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyRKšs   cCs^tƒ}|jtƒ|jtƒ|jdƒ|jdƒ|jj|ƒ|jjƒdS(NsService not availableten( R&RYRtadd_intRRZR2R[tclose(RCR\((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt!_disconnect_service_not_available s     cCs^tƒ}|jtƒ|jtƒ|jdƒ|jdƒ|jj|ƒ|jjƒdS(NsNo more auth methods availableR]( R&RYRR^RRZR2R[R_(RCR\((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_disconnect_no_more_auth©s     cCs‡tƒ}|j|jjƒ|jtƒ|j|ƒ|j|ƒ|jdƒ|jtƒ|j|jƒƒ|j|ƒ|j ƒS(NRO( R&RZR2t session_idRYRt add_booleanRAtget_nametasbytes(RCRPtserviceR4R\((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_get_session_blob²s       cCsÚx{tr}|jdƒ|jjƒsj|jjƒ}|dksRt|jtƒrat dƒ}n|‚n|j ƒrPqqW|j ƒsÖ|jjƒ}|dkr´t dƒ}nt|jt ƒrÍ|j S|‚ngS(Ngš™™™™™¹?sAuthentication failed.(RAtwaitR2t is_activet get_exceptionR3t issubclasst __class__tEOFErrorR)tis_setRER+t allowed_types(RCRMte((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pytwait_for_response¾s"       cCsi|jƒ}|jjr[|dkr[tƒ}|jtƒ|j|ƒ|jj|ƒdS|jƒdS(Ns ssh-userauth( tget_textR2RFR&RYRRZR[R`(RCR\Rf((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_parse_service_requestÓs    cCs–|jƒ}|dkr{|jjtdƒtƒ}|jtƒ|j|jƒ|jdƒ|j|j ƒ|j dkr©|j t ƒt |j ƒ}|j|ƒn¿|j dkr(|j tƒ|j|jjƒƒ|j|jƒ|j|jd|jƒ}|jj|ƒ}|j|ƒn@|j dkrW|jdƒ|j|jƒn|j dkrçt|j |jƒ}|j|jƒƒ|jj|ƒ|jjjƒ\}}|tkrê|j|ƒ|jjjƒ\}}n|tkr4|jƒ}tƒ}|jtƒ|j|j |j!||jƒƒ|jj|ƒx²trê|jjjƒ\}}|t"krM|jƒ} |j |j!||j| ƒ} | dkr±Pqçtƒ}|jtƒ|j| ƒ|jj$|ƒqMqMWt%d t&|ƒ‚tƒ}|jt'ƒ|j|j(|jj)ƒƒqh|t*krOt%d ƒ‚qh|t+kr³|j,ƒ} |j,ƒ} |jƒ} |jƒ}t%d ƒt-| ƒt-| ƒ| f‚qh|t.krÐ|j/|ƒdSt%d t&|ƒ‚n|j d krC|jj0rC|jj1}|j2|jƒ|j(|jj)ƒ}|j|ƒn%|j d krUnt%d|j ƒ‚|jj|ƒn|jjtd|ƒdS(Ns ssh-userauthsuserauth is OKsssh-connectionR:ROskeyboard-interactiveR/sgssapi-with-micsReceived Package: %ssServer returned an error tokens•GSS-API Error: Major Status: %s Minor Status: %s\ Error Message: %s s gssapi-keyexRHsUnknown auth method "%s"s!Service request "%s" accepted (?)(3RrR2t_logRR&RYRRZR4R8RcR5R'R:RAR;RdRgt sign_ssh_dataR=R-RBt add_bytest ssh_gss_oidsR[t packetizert read_messageRt_parse_userauth_bannerRt get_stringRtssh_init_sec_contextR@R R3t send_messageR(R%Rt ssh_get_micRbR#R"tget_inttstrRt_parse_userauth_failuret gss_kex_usedt kexgss_ctxtt set_username(RCR\RfR:tblobtsigtsshgsstptypetmecht srv_tokent next_tokent maj_statust min_statusterr_msgtlang_tagtkexgsst mic_token((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_parse_service_acceptßs¤                                      cCs tƒ}|tkrE|jjtd|ƒ|jtƒt|_nx|jjtd|ƒ|jt ƒ|j |jj j |ƒƒ|t kr¡|jtƒn|jtƒ|jd7_|jj|ƒ|jdkré|jƒn|tkr|jjƒndS(NsAuth granted (%s).sAuth rejected (%s).ii (R&RR2RtRRYR RAR6R RZt server_objecttget_allowed_authsR RcR5R?R[Rat _auth_trigger(RCR4tmethodtresultR\((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_send_auth_resultEs"         cCs¦tƒ}|jtƒ|j|jƒ|j|jƒ|jtƒƒ|jt|j ƒƒx3|j D](}|j|dƒ|j |dƒqfW|j j |ƒdS(Nii( R&RYR RZtnamet instructionstbytesR^tlentpromptsRcR2R[(RCtqR\tp((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_interactive_query[s  cCs2|jjsPtƒ}|jtƒ|jdƒ|jtƒ|jj|ƒdS|j r]dS|j ƒ}|j ƒ}|j ƒ}|jj t d|||fƒ|dkr»|j ƒdS|jdk rú|j|krú|jj tdƒ|jƒdS||_|jjjƒ}|dkr9|jjj|ƒ}nâ|dkr÷|jƒ}|jƒ}y|jdƒ}Wntk rƒnX|rÜ|jj t dƒ|jƒ} y| jddƒ} Wntk rÒnXt}q|jjj||ƒ}n$|d kr‚|jƒ} |j ƒ} |jƒ} y |jj| t| ƒƒ} WnUtk r}|jj td t|ƒƒd} n |jj td ƒd} nX| dkr¹|jƒdS|jjj|| ƒ}|tkr| s'tƒ}|jt ƒ|j| ƒ|j| ƒ|jj|ƒdSt|jƒƒ}|j!| ||ƒ}| j"||ƒs|jj td ƒt}qqn™|d krá|j#ƒ}|j#ƒ}|jjj$||ƒ}t%|t&ƒr|j'|ƒdSn:|dkrE|rEt(|ƒ}|j)ƒ}|dkr7|jj tdƒ|jƒn|j#ƒ}|j*|ƒ}|sx|jj tdƒ|jƒn|j+dƒ}xCt,rÌtƒ}|jt-ƒ|j.|ƒ|jj|ƒ|jj/j0ƒ\}}|t1kr„|j#ƒ}y|j2|j3||ƒ}Wn-t4k r>t}|j5|||ƒ‚nX|dk r¡tƒ}|jt6ƒ|j|ƒ|jj|ƒq¡nt}|j5|||ƒdS|jj/j0ƒ\}}|t7krŠPqŠqŠW|j#ƒ}y|j8||jj9|ƒWn-t4k r%t}|j5|||ƒ‚nXt:}|jjj;||ƒnÖ|dkr|r|j#ƒ}|jj<}|dkr—t}|j5|||ƒny |j8||jj9|jƒWn-t4k ræt}|j5|||ƒ‚nXt:}|jjj=||ƒn|jjj|ƒ}|j5|||ƒdS(NRHs.Auth request (type=%s) service=%s, username=%ssssh-connectionsKAuth rejected because the client attempted to change username in mid-flightR:sUTF-8s+Auth request to change passwords (rejected)treplaceROsAuth rejected: public key: %ss0Auth rejected: unsupported or mangled public keys Auth rejected: invalid signatureskeyboard-interactivesgssapi-with-micis8Disconnect: Received more than one GSS-API OID mechanisms5Disconnect: Received an invalid GSS-API OID mechanismtservers gssapi-keyex(>R2RFR&RYR RZRcR5R[R6RrRtRR`R>R3R RaR“tenable_auth_gssapitcheck_auth_nonet get_booleant get_binarytdecodet UnicodeErrorRtcheck_auth_passwordt _key_infoR(RR€tcheck_auth_publickeyRRgtverify_ssh_sigR{tcheck_auth_interactivet isinstanceR,R R-Rtssh_check_mechRwRARRvRxRyR tssh_accept_sec_contextR@t ExceptionR˜RR$t ssh_check_micRbRtcheck_auth_gssapi_with_micRƒtcheck_auth_gssapi_keyex(RCR\R4RfR–tgss_authR—t changereqR:t newpasswordt sig_attachedtkeytypetkeyblobRPRpR†R…tlangR=R‡tmechst desired_mechtmech_oktsupported_mechRˆt client_tokenttokenR‘((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_parse_userauth_requesths$                                                                         cCsS|jjtd|jƒt|_|jjƒ|jdk rO|jj ƒndS(NsAuthentication (%s) successful!( R2RtRR8RAR6R•R7R3RW(RCR\((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_parse_userauth_successs   cCs|jƒ}|jƒ}|rc|jjtdƒ|jjtdt|ƒƒt|ƒ|j_nx|j |krÁ|jjtd|j ƒ|jjtdt|ƒƒt d|ƒ|j_n|jjtd|j ƒt |_ d|_|jdk r |jjƒndS(NsAuthentication continues...s Methods: s'Authentication type (%s) not permitted.sAllowed methods: sBad authentication typesAuthentication (%s) failed.(tget_listR¥R2RtRRR€R+tsaved_exceptionR8R*R5R6R3R4R7RW(RCR\tauthlisttpartial((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyR$s    cCs<|jƒ}||_|jƒ}|jjtd|ƒdS(NsAuth banner: %s(R{R9R2RtR(RCR\R9R»((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyRz6s   c Csø|jdkrtdƒ‚n|jƒ}|jƒ}|jƒ|jƒ}g}x3t|ƒD]%}|j|jƒ|jƒfƒq_W|j|||ƒ}t ƒ}|j t ƒ|j t |ƒƒx|D]}|j|ƒqÍW|jj|ƒdS(Nskeyboard-interactives Illegal info request from server(R8R(RrR¦RtrangetappendR¥R<R&RYRR^RœRZR2R[( RCR\ttitleRšRt prompt_listtit response_listtr((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_parse_userauth_info_request=s     #   cCs¬|jjstdƒ‚n|jƒ}g}x't|ƒD]}|j|jƒƒq:W|jjj|ƒ}t t |ƒt ƒr’|j |ƒdS|j |jd|ƒdS(Ns!Illegal info response from serverskeyboard-interactive(R2RFR(RRÈRÉRrR“tcheck_auth_interactive_responseR®ttypeR,R R˜R>(RCR\tnt responsesRÌR—((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_parse_userauth_info_responsePs   cCs|jjr|jS|jSdS(N(R2RFt_server_handler_tablet_client_handler_table(RC((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_handler_tablens ((t__name__t __module__t__doc__RDRERGRNRQRRRTRURVRXRKR`RaRgRqRsR’R˜R RÂRÃRRzRÏRÔRRRRÕRRRRRRÖtpropertyR×(((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyR./sJ        f  µ       (8RÚR0tparamiko.commonRRRRRRRRRR R R R R RRRRRRRRRRRRRRRRRRR R!R"R#R$R%tparamiko.messageR&tparamiko.py3compatR'tparamiko.ssh_exceptionR(R)R*R+tparamiko.serverR,tparamiko.ssh_gssR-tobjectR.(((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyts î"