7g,NdZddlmZddlmZddlmZddlmZGddZ Gd d e Z Gd d e Z Gd de Z Gdde Z Gdde ZedddgZGddeZGddeZGddZdS)z Modern, adaptable authentication machinery. Replaces certain parts of `.SSHClient`. For a concrete implementation, see the ``OpenSSHAuthStrategy`` class in `Fabric `_. ) namedtuple)AgentKey) get_logger)AuthenticationExceptionc*eZdZdZdZdZdZdZdS) AuthSourcez Some SSH authentication source, such as a password, private key, or agent. See subclasses in this module for concrete implementations. All implementations must accept at least a ``username`` (``str``) kwarg. c||_dSNusername)selfr s P/var/www/html/syslog/venv/lib/python3.11/site-packages/paramiko/auth_strategy.py__init__zAuthSource.__init__s   c d|D}d|}|jjd|dS)Nc"g|] \}}|d| S)=).0kvs r z$AuthSource._repr..s&999$!QA999rz, ())itemsjoin __class____name__)rkwargspairsjoineds r_reprzAuthSource._reprsL:9&,,..9995!!.)55F5555rc*|Sr )r#rs r__repr__zAuthSource.__repr__"szz||rct)z) Perform authentication. NotImplementedErrorr transports r authenticatezAuthSource.authenticate%s "!rN)r __module__ __qualname____doc__rr#r&r,rrrr r sZ!!!666"""""rr ceZdZdZdZdS)NoneAuthzS Auth type "none", ie https://www.rfc-editor.org/rfc/rfc4252#section-5.2 . c6||jSr ) auth_noner r*s rr,zNoneAuth.authenticate1s""4=111rNrr-r.r/r,rrrr1r1,s-22222rr1c2eZdZdZfdZfdZdZxZS)Passworda Password authentication. :param callable password_getter: A lazy callable that should return a `str` password value at authentication time, such as a `functools.partial` wrapping `getpass.getpass`, an API call to a secrets store, or similar. If you already know the password at instantiation time, you should simply use something like ``lambda: "my literal"`` (for a literal, but also, shame on you!) or ``lambda: variable_name`` (for something stored in a variable). cZt|||_dSNr )superrpassword_getter)rr r:rs rrzPassword.__init__Ds, (+++.rcRt|jS)N)user)r9r#r )rrs rr&zPassword.__repr__Hsww}}$-}000rc`|}||j|Sr )r: auth_passwordr )rr+passwords rr,zPassword.authenticateMs-''))&&t}h???r)rr-r.r/rr&r, __classcell__rs@rr6r65sq  /////11111 @@@@@@@rr6ceZdZdZdZdS) PrivateKeya Essentially a mixin for private keys. Knows how to auth, but leaves key material discovery/loading/decryption to subclasses. Subclasses **must** ensure that they've set ``self.pkey`` to a decrypted `.PKey` instance before calling ``super().authenticate``; typically either in their ``__init__``, or in an overridden ``authenticate`` prior to its `super` call. cB||j|jSr )auth_publickeyr pkeyr*s rr,zPrivateKey.authenticatees'' tyAAArNr4rrrrCrCXs2  BBBBBrrCc,eZdZdZfdZfdZxZS)InMemoryPrivateKeyz1 An in-memory, decrypted `.PKey` object. cZt|||_dSr8)r9rrF)rr rFrs rrzInMemoryPrivateKey.__init__ns) (+++ rct|j}t|jtr|dz }|S)N)rFz [agent])r9r#rF isinstancer)rreprs rr&zInMemoryPrivateKey.__repr__ssAggmmm++ di * *  : C rrr-r.r/rr&r@rAs@rrHrHis[ rrHc(eZdZdZfdZdZxZS)OnDiskPrivateKeya Some on-disk private key that needs opening and possibly decrypting. :param str source: String tracking where this key's path was specified; should be one of ``"ssh-config"``, ``"python-config"``, or ``"implicit-home"``. :param Path path: The filesystem path this key was loaded from. :param PKey pkey: The `PKey` object this auth source uses/represents. ct|||_d}||vrtd|||_||_dS)Nr )z ssh-configz python-configz implicit-homez source argument must be one of: )r9rsource ValueErrorpathrF)rr rQrSrFallowedrs rrzOnDiskPrivateKey.__init__s^ (+++ B  KKKLL L  rcj||j|jt|jS)N)keyrQrS)r#rFrQstrrSr%s rr&zOnDiskPrivateKey.__repr__s0zz $+C NN   rrMrAs@rrOrO|sQ         rrO SourceResultrQresultc(eZdZdZfdZdZxZS) AuthResulta Represents a partial or complete SSH authentication attempt. This class conceptually extends `AuthStrategy` by pairing the former's authentication **sources** with the **results** of trying to authenticate with them. `AuthResult` is a (subclass of) `list` of `namedtuple`, which are of the form ``namedtuple('SourceResult', 'source', 'result')`` (where the ``source`` member is an `AuthSource` and the ``result`` member is either a return value from the relevant `.Transport` method, or an exception object). .. note:: Transport auth method results are always themselves a ``list`` of "next allowable authentication methods". In the simple case of "you just authenticated successfully", it's an empty list; if your auth was rejected but you're allowed to try again, it will be a list of string method names like ``pubkey`` or ``password``. The ``__str__`` of this class represents the empty-list scenario as the word ``success``, which should make reading the result of an authentication session more obvious to humans. Instances also have a `strategy` attribute referencing the `AuthStrategy` which was attempted. cH||_tj|i|dSr )strategyr9r)rr]argsr rs rrzAuthResult.__init__s,  $)&)))))rc@dd|DS)N c3<K|]}|jd|jpdVdS)z -> successN)rQrY)rxs r z%AuthResult.__str__..sJ  9:qx 4 4QX2 4 4      r)rr%s r__str__zAuthResult.__str__s6 yy  >B      r)rr-r.r/rrer@rAs@rr[r[sQ<*****       rr[ceZdZdZdZdZdS) AuthFailurea Basic exception wrapping an `AuthResult` indicating overall auth failure. Note that `AuthFailure` descends from `AuthenticationException` but is generally "higher level"; the latter is now only raised by individual `AuthSource` attempts and should typically only be seen by users when encapsulated in this class. It subclasses `AuthenticationException` primarily for backwards compatibility reasons. c||_dSr rY)rrYs rrzAuthFailure.__init__s  rc0dt|jzS)Nr`)rWrYr%s rrezAuthFailure.__str__sc$+&&&&rN)rr-r.r/rrerrrrgrgs<'''''rrgc$eZdZdZdZdZdZdS) AuthStrategya This class represents one or more attempts to auth with an SSH server. By default, subclasses must at least accept an ``ssh_config`` (`.SSHConfig`) keyword argument, but may opt to accept more as needed for their particular strategy. cF||_tt|_dSr ) ssh_configrrlog)rrns rrzAuthStrategy.__init__s%h''rct)a[ Generator yielding `AuthSource` instances, in the order to try. This is the primary override point for subclasses: you figure out what sources you need, and ``yield`` them. Subclasses _of_ subclasses may find themselves wanting to do things like filtering or discarding around a call to `super`. r(r%s r get_sourceszAuthStrategy.get_sourcess "!rcd}t|}|D]}|jd| ||}d}nE#t $r8}|}|jj}|jd|d|Yd}~nd}~wwxYw| t|||rn|st||S) z Handles attempting `AuthSource` instances yielded from `get_sources`. You *normally* won't need to override this, but it's an option for advanced users. F)r]zTrying TzAuthentication via z failed with Nri) r[rqrodebugr, ExceptionrrinfoappendrXrg)rr+ succeededoverall_resultrQrYe source_classs rr,zAuthStrategy.authenticates; #T222 &&((  F HNN-V-- . . . ,,Y77     !{3  M&MM|MM   ! !,vv">"> ? ? ?   5^444 4sA B!).BB!N)rr-r.r/rrqr,rrrrlrlsK((( " " "+++++rrlN)r/ collectionsragentrutilr ssh_exceptionrr r1r6rCrHrOrXlistr[rgrlrrrrs#"""""222222"""""""":22222z222@@@@@z@@@FBBBBBBBB"&     z   Bz.8X*>?? * * * * * * * * \''''')'''$GGGGGGGGGGr