Z[c@s|dZddlZddlmZmZmZmZmZmZm Z m Z m Z m Z m Z mZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(ddl)m*Z*ddl+m,Z,ddl-m.Z.m/Z/m0Z0m1Z1ddl2m3Z3ddl4m5Z5d e6fd YZ7dS( s `.AuthHandler` iN(&tcMSG_SERVICE_REQUESTtcMSG_DISCONNECTt DISCONNECT_SERVICE_NOT_AVAILABLEt)DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLEtcMSG_USERAUTH_REQUESTtcMSG_SERVICE_ACCEPTtDEBUGtAUTH_SUCCESSFULtINFOtcMSG_USERAUTH_SUCCESStcMSG_USERAUTH_FAILUREtAUTH_PARTIALLY_SUCCESSFULtcMSG_USERAUTH_INFO_REQUESTtWARNINGt AUTH_FAILEDtcMSG_USERAUTH_PK_OKtcMSG_USERAUTH_INFO_RESPONSEtMSG_SERVICE_REQUESTtMSG_SERVICE_ACCEPTtMSG_USERAUTH_REQUESTtMSG_USERAUTH_SUCCESStMSG_USERAUTH_FAILUREtMSG_USERAUTH_BANNERtMSG_USERAUTH_INFO_REQUESTtMSG_USERAUTH_INFO_RESPONSEtcMSG_USERAUTH_GSSAPI_RESPONSEtcMSG_USERAUTH_GSSAPI_TOKENt&cMSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETEtcMSG_USERAUTH_GSSAPI_ERRORtcMSG_USERAUTH_GSSAPI_ERRTOKtcMSG_USERAUTH_GSSAPI_MICtMSG_USERAUTH_GSSAPI_RESPONSEtMSG_USERAUTH_GSSAPI_TOKENt%MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETEtMSG_USERAUTH_GSSAPI_ERRORtMSG_USERAUTH_GSSAPI_ERRTOKtMSG_USERAUTH_GSSAPI_MICt MSG_NAMES(tMessage(t bytestring(t SSHExceptiontAuthenticationExceptiontBadAuthenticationTypetPartialAuthentication(tInteractiveQuery(tGSSAutht AuthHandlercBsEeZdZdZdZdZdZdZdZddZ d Z d Z d Z d Z d ZdZdZdZdZdZdZdZdZdZdZdZdZdZiee6ee6ee6Ziee 6ee!6ee"6ee#6ee$6Z%e&dZ'RS(sC Internal class to handle the mechanics of authentication. cCstj||_d|_t|_d|_d|_d|_ d|_ d|_ d|_ d|_ d|_d|_d|_t|_dS(Nti(tweakreftproxyt transporttNonetusernametFalset authenticatedt auth_eventt auth_methodtbannertpasswordt private_keytinteractive_handlert submethodst auth_usernametauth_fail_counttgss_hosttTruetgss_deleg_creds(tselfR2((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt__init__4s            cCs|jS(N(R6(RC((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pytis_authenticatedFscCs|jjr|jS|jSdS(N(R2t server_modeR>R4(RC((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt get_usernameIs cCsQ|jjjz)||_d|_||_|jWd|jjjXdS(Ntnone(R2tlocktacquireR7R8R4t _request_authtrelease(RCR4tevent((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt auth_noneOs   cCsZ|jjjz2||_d|_||_||_|jWd|jjjXdS(Nt publickey( R2RIRJR7R8R4R;RKRL(RCR4tkeyRM((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pytauth_publickeyYs    cCsZ|jjjz2||_d|_||_||_|jWd|jjjXdS(NR:( R2RIRJR7R8R4R:RKRL(RCR4R:RM((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt auth_passwordds    R/cCsc|jjjz;||_d|_||_||_||_|jWd|jjj XdS(sK response_list = handler(title, instructions, prompt_list) skeyboard-interactiveN( R2RIRJR7R8R4R<R=RKRL(RCR4thandlerRMR=((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pytauth_interactiveos     cCsc|jjjz;||_d|_||_||_||_|jWd|jjj XdS(Nsgssapi-with-mic( R2RIRJR7R8R4R@RBRKRL(RCR4R@RBRM((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pytauth_gssapi_with_mic~s     cCsQ|jjjz)||_d|_||_|jWd|jjjXdS(Ns gssapi-keyex(R2RIRJR7R8R4RKRL(RCR4RM((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pytauth_gssapi_keyexs   cCs#|jdk r|jjndS(N(R7R3tset(RC((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pytabortscCs7t}|jt|jd|jj|dS(Ns ssh-userauth(R&tadd_byteRt add_stringR2t _send_message(RCtm((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyRKs   cCs^t}|jt|jt|jd|jd|jj||jjdS(NsService not availableten( R&RYRtadd_intRRZR2R[tclose(RCR\((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt!_disconnect_service_not_availables     cCs^t}|jt|jt|jd|jd|jj||jjdS(NsNo more auth methods availableR]( R&RYRR^RRZR2R[R_(RCR\((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_disconnect_no_more_auths     cCst}|j|jj|jt|j||j||jd|jt|j|j|j||j S(NRO( R&RZR2t session_idRYRt add_booleanRAtget_nametasbytes(RCRPtserviceR4R\((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_get_session_blobs       cCsx{tr}|jd|jjsj|jj}|dksRt|jtrat d}n|n|j rPqqW|j s|jj}|dkrt d}nt|jt r|j S|ngS(Ng?sAuthentication failed.(RAtwaitR2t is_activet get_exceptionR3t issubclasst __class__tEOFErrorR)tis_setRER+t allowed_types(RCRMte((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pytwait_for_responses"       cCsi|j}|jjr[|dkr[t}|jt|j||jj|dS|jdS(Ns ssh-userauth( tget_textR2RFR&RYRRZR[R`(RCR\Rf((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_parse_service_requests    cCs|j}|dkr{|jjtdt}|jt|j|j|jd|j|j |j dkr|j t t |j }|j|n|j dkr(|j t|j|jj|j|j|j|jd|j}|jj|}|j|n@|j dkrW|jd|j|jn|j dkrt|j |j}|j|j|jj||jjj\}}|tkr|j||jjj\}}n|tkr4|j}t}|jt|j|j |j!||j|jj|xtr|jjj\}}|t"krM|j} |j |j!||j| } | dkrPqt}|jt|j| |jj$|qMqMWt%d t&|t}|jt'|j|j(|jj)qh|t*krOt%d qh|t+kr|j,} |j,} |j} |j}t%d t-| t-| | fqh|t.kr|j/|dSt%d t&|n|j d krC|jj0rC|jj1}|j2|j|j(|jj)}|j|n%|j d krUnt%d|j |jj|n|jjtd|dS(Ns ssh-userauthsuserauth is OKsssh-connectionR:ROskeyboard-interactiveR/sgssapi-with-micsReceived Package: %ssServer returned an error tokensGSS-API Error: Major Status: %s Minor Status: %s\ Error Message: %s s gssapi-keyexRHsUnknown auth method "%s"s!Service request "%s" accepted (?)(3RrR2t_logRR&RYRRZR4R8RcR5R'R:RAR;RdRgt sign_ssh_dataR=R-RBt add_bytest ssh_gss_oidsR[t packetizert read_messageRt_parse_userauth_bannerRt get_stringRtssh_init_sec_contextR@R R3t send_messageR(R%Rt ssh_get_micRbR#R"tget_inttstrRt_parse_userauth_failuret gss_kex_usedt kexgss_ctxtt set_username(RCR\RfR:tblobtsigtsshgsstptypetmecht srv_tokent next_tokent maj_statust min_statusterr_msgtlang_tagtkexgsst mic_token((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_parse_service_accepts                                      cCs t}|tkrE|jjtd||jtt|_nx|jjtd||jt |j |jj j ||t kr|jtn|jt|jd7_|jj||jdkr|jn|tkr|jjndS(NsAuth granted (%s).sAuth rejected (%s).ii (R&RR2RtRRYR RAR6R RZt server_objecttget_allowed_authsR RcR5R?R[Rat _auth_trigger(RCR4tmethodtresultR\((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_send_auth_resultEs"         cCst}|jt|j|j|j|j|jt|jt|j x3|j D](}|j|d|j |dqfW|j j |dS(Nii( R&RYR RZtnamet instructionstbytesR^tlentpromptsRcR2R[(RCtqR\tp((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_interactive_query[s  cCs2|jjsPt}|jt|jd|jt|jj|dS|j r]dS|j }|j }|j }|jj t d|||f|dkr|j dS|jdk r|j|kr|jj td|jdS||_|jjj}|dkr9|jjj|}n|dkr|j}|j}y|jd}Wntk rnX|r|jj t d|j} y| jdd} Wntk rnXt}q|jjj||}n$|d kr|j} |j } |j} y |jj| t| } WnUtk r}|jj td t|d} n |jj td d} nX| dkr|jdS|jjj|| }|tkr| s't}|jt |j| |j| |jj|dSt|j}|j!| ||}| j"||s|jj td t}qqn|d kr|j#}|j#}|jjj$||}t%|t&r|j'|dSn:|dkrE|rEt(|}|j)}|dkr7|jj td|jn|j#}|j*|}|sx|jj td|jn|j+d}xCt,rt}|jt-|j.||jj||jj/j0\}}|t1kr|j#}y|j2|j3||}Wn-t4k r>t}|j5|||nX|dk rt}|jt6|j||jj|qnt}|j5|||dS|jj/j0\}}|t7krPqqW|j#}y|j8||jj9|Wn-t4k r%t}|j5|||nXt:}|jjj;||n|dkr|r|j#}|jj<}|dkrt}|j5|||ny |j8||jj9|jWn-t4k rt}|j5|||nXt:}|jjj=||n|jjj|}|j5|||dS(NRHs.Auth request (type=%s) service=%s, username=%ssssh-connectionsKAuth rejected because the client attempted to change username in mid-flightR:sUTF-8s+Auth request to change passwords (rejected)treplaceROsAuth rejected: public key: %ss0Auth rejected: unsupported or mangled public keys Auth rejected: invalid signatureskeyboard-interactivesgssapi-with-micis8Disconnect: Received more than one GSS-API OID mechanisms5Disconnect: Received an invalid GSS-API OID mechanismtservers gssapi-keyex(>R2RFR&RYR RZRcR5R[R6RrRtRR`R>R3R RaRtenable_auth_gssapitcheck_auth_nonet get_booleant get_binarytdecodet UnicodeErrorRtcheck_auth_passwordt _key_infoR(RRtcheck_auth_publickeyRRgtverify_ssh_sigR{tcheck_auth_interactivet isinstanceR,RR-Rtssh_check_mechRwRARRvRxRyR tssh_accept_sec_contextR@t ExceptionRRR$t ssh_check_micRbRtcheck_auth_gssapi_with_micRtcheck_auth_gssapi_keyex(RCR\R4RfRtgss_authRt changereqR:t newpasswordt sig_attachedtkeytypetkeyblobRPRpRRtlangR=Rtmechst desired_mechtmech_oktsupported_mechRt client_tokenttokenR((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_parse_userauth_requesths$                                                                         cCsS|jjtd|jt|_|jj|jdk rO|jj ndS(NsAuthentication (%s) successful!( R2RtRR8RAR6RR7R3RW(RCR\((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_parse_userauth_successs   cCs|j}|j}|rc|jjtd|jjtdt|t||j_nx|j |kr|jjtd|j |jjtdt|t d||j_n|jjtd|j t |_ d|_|jdk r |jjndS(NsAuthentication continues...s Methods: s'Authentication type (%s) not permitted.sAllowed methods: sBad authentication typesAuthentication (%s) failed.(tget_listRR2RtRRRR+tsaved_exceptionR8R*R5R6R3R4R7RW(RCR\tauthlisttpartial((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyR$s    cCs<|j}||_|j}|jjtd|dS(NsAuth banner: %s(R{R9R2RtR(RCR\R9R((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyRz6s   c Cs|jdkrtdn|j}|j}|j|j}g}x3t|D]%}|j|j|jfq_W|j|||}t }|j t |j t |x|D]}|j|qW|jj|dS(Nskeyboard-interactives Illegal info request from server(R8R(RrRRtrangetappendRR<R&RYRR^RRZR2R[( RCR\ttitleRRt prompt_listtit response_listtr((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_parse_userauth_info_request=s     #   cCs|jjstdn|j}g}x't|D]}|j|jq:W|jjj|}t t |t r|j |dS|j |jd|dS(Ns!Illegal info response from serverskeyboard-interactive(R2RFR(RRRRrRtcheck_auth_interactive_responseRttypeR,RRR>(RCR\tnt responsesRR((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_parse_userauth_info_responsePs   cCs|jjr|jS|jSdS(N(R2RFt_server_handler_tablet_client_handler_table(RC((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyt_handler_tablens ((t__name__t __module__t__doc__RDRERGRNRQRRRTRURVRXRKR`RaRgRqRsRRRRRRRzRRRRRRRRRRRRtpropertyR(((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyR./sJ        f        (8RR0tparamiko.commonRRRRRRRRRR R R R R RRRRRRRRRRRRRRRRRRR R!R"R#R$R%tparamiko.messageR&tparamiko.py3compatR'tparamiko.ssh_exceptionR(R)R*R+tparamiko.serverR,tparamiko.ssh_gssR-tobjectR.(((s9/usr/lib/python2.7/site-packages/paramiko/auth_handler.pyts "