ohJdZddlZddlZddlZddlZddlmZmZmZm Z m Z m Z m Z m Z mZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(ddl)m*Z*ddl+m,Z,m-Z-ddl.m/Z/m0Z0m1Z1m2Z2ddl3m4Z4ddl5m6Z6m7Z7Gd d Z8Gd d Z9Gd de8Z:y)z `.AuthHandler` N)#cMSG_SERVICE_REQUESTcMSG_DISCONNECT DISCONNECT_SERVICE_NOT_AVAILABLE)DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLEcMSG_USERAUTH_REQUESTcMSG_SERVICE_ACCEPTDEBUGAUTH_SUCCESSFULINFOcMSG_USERAUTH_SUCCESScMSG_USERAUTH_FAILUREAUTH_PARTIALLY_SUCCESSFULcMSG_USERAUTH_INFO_REQUESTWARNING AUTH_FAILEDcMSG_USERAUTH_PK_OKcMSG_USERAUTH_INFO_RESPONSEMSG_SERVICE_REQUESTMSG_SERVICE_ACCEPTMSG_USERAUTH_REQUESTMSG_USERAUTH_SUCCESSMSG_USERAUTH_FAILUREMSG_USERAUTH_BANNERMSG_USERAUTH_INFO_REQUESTMSG_USERAUTH_INFO_RESPONSEcMSG_USERAUTH_GSSAPI_RESPONSEcMSG_USERAUTH_GSSAPI_TOKENcMSG_USERAUTH_GSSAPI_MICMSG_USERAUTH_GSSAPI_RESPONSEMSG_USERAUTH_GSSAPI_TOKENMSG_USERAUTH_GSSAPI_ERRORMSG_USERAUTH_GSSAPI_ERRTOKMSG_USERAUTH_GSSAPI_MIC MSG_NAMEScMSG_USERAUTH_BANNER)Message)bu) SSHExceptionAuthenticationExceptionBadAuthenticationTypePartialAuthentication)InteractiveQuery)GSSAuthGSS_EXCEPTIONSceZdZdZdZdZdZdZdZdZ dZ d%d Z d Z d Z d Zd ZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZ dZ!d Z"e#d!Z$e#d"Z%e#d#Z&y$)& AuthHandlerzC Internal class to handle the mechanics of authentication. ctj||_d|_d|_d|_d|_d|_d|_d|_ d|_ d|_ d|_ d|_ d|_d|_y)NFrT)weakrefproxy transportusername authenticated auth_event auth_methodbannerpassword private_keyinteractive_handler submethods auth_usernameauth_fail_countgss_hostgss_deleg_creds)selfr6s g/var/www/pru.catia.catastroantioquia-mas.com/tasa/lib/python3.12/site-packages/paramiko/auth_handler.py__init__zAuthHandler.__init__Rst y1 "  #' !  #c4|jj|SN)r6_log)rDargss rErJzAuthHandler._logds"t~~""D))rGc|jSrI)r8rDs rEis_authenticatedzAuthHandler.is_authenticatedgs!!!rGc^|jjr |jS|jSrI)r6 server_moder@r7rMs rE get_usernamezAuthHandler.get_usernamejs% >> % %%% %== rGc2|jjj ||_d|_||_|j |jjjy#|jjjwxYwNnoner6lockacquirer9r:r7 _request_authreleaserDr7events rE auth_nonezAuthHandler.auth_nonepsl ##% *#DO%D $DM    NN   ' ' )DNN   ' ' ) %A00&Bc@|jjj ||_d|_||_||_|j|jjjy#|jjjwxYw)N publickey) r6rVrWr9r:r7r=rXrY)rDr7keyr[s rEauth_publickeyzAuthHandler.auth_publickeyzst ##% *#DO*D $DM"D     NN   ' ' )DNN   ' ' ) ,A77&Bc@|jjj ||_d|_||_||_|j|jjjy#|jjjwxYw)Nr<) r6rVrWr9r:r7r<rXrY)rDr7r<r[s rE auth_passwordzAuthHandler.auth_passwordss ##% *#DO)D $DM$DM    NN   ' ' )DNN   ' ' )rbcN|jjj ||_d|_||_||_||_|j|jjjy#|jjjwxYw)K response_list = handler(title, instructions, prompt_list) keyboard-interactiveN) r6rVrWr9r:r7r>r?rXrY)rDr7handlerr[r?s rEauth_interactivezAuthHandler.auth_interactives} ##% *#DO5D $DM'.D $(DO    NN   ' ' )DNN   ' ' ) 3A>>&B$cN|jjj ||_d|_||_||_||_|j|jjjy#|jjjwxYw)Ngssapi-with-mic) r6rVrWr9r:r7rBrCrXrY)rDr7rBrCr[s rEauth_gssapi_with_micz AuthHandler.auth_gssapi_with_mics{ ##% *#DO0D $DM$DM#2D    NN   ' ' )DNN   ' ' )rjc2|jjj ||_d|_||_|j |jjjy#|jjjwxYw)N gssapi-keyexrUrZs rEauth_gssapi_keyexzAuthHandler.auth_gssapi_keyexsl ##% *#DO-D $DM    NN   ' ' )DNN   ' ' )r]cR|j|jjyyrI)r9setrMs rEabortzAuthHandler.aborts! ?? & OO   ! 'rGct}|jt|jd|jj |yN ssh-userauth)r&add_byter add_stringr6 _send_messagerDms rErXzAuthHandler._request_auths4 I '( ^$ $$Q'rGct}|jt|jt|j d|j d|j j||j jy)NzService not availableen) r&rwradd_intrrxr6rycloserzs rE!_disconnect_service_not_availablez-AuthHandler._disconnect_service_not_availables] I ?# 23 ,- T $$Q' rGct}|jt|jt|j d|j d|j j||j jy)NzNo more auth methods availabler}) r&rwrr~rrxr6ryrrzs rE_disconnect_no_more_authz$AuthHandler._disconnect_no_more_auths] I ?# ;< 56 T $$Q' rGc|jr,|jj|jjfS|j|fS)z Given any key, return its type/algorithm & bits-to-sign. Intended for input to or verification of, key signatures. ) public_blobkey_typekey_blobget_name)rDr`s rE_get_key_type_and_bitsz"AuthHandler._get_key_type_and_bitss; ????++S__-E-EE E<<>3& &rGct}|j|jj|j t |j||j||jd|j d|j|\}}|j||j||jS)Nr_T) r&rxr6 session_idrwr add_booleanrasbytes)rDr`servicer7 algorithmr{_bitss rE_get_session_blobzAuthHandler._get_session_blobs I T^^../ () X W [! d--c24 Y Tyy{rGcd}|jj+tj|jjz} |jd|jj sC|jj }|t |jtr td}||jrn%|"|tjkr td|jsO|jj }| td}t |jtr |jS|gS)Ng?z5Authentication failed: transport shut down or saw EOFzAuthentication timeout.zAuthentication failed.)r6 auth_timeouttimewait is_active get_exception issubclass __class__EOFErrorr*is_setrNr, allowed_types)rDr[max_tses rEwait_for_responsezAuthHandler.wait_for_responses  >> & & 2YY[4>>#>#>>F JJsO>>++-NN002I*Q[[("C/OA||~!f &;-.GHH$$&,,.Ay+,DE!++'<=&G rGc|j}|jjr|dk(rt}|j t |j ||jj||jjj\}}|r\t}|j t|j ||j ||jj|y|jyru) get_textr6rPr&rwrrxry server_object get_bannerr%r)rDr{rr;languages rE_parse_service_requestz"AuthHandler._parse_service_request s**, >> % %7n+D A JJ* + LL ! NN ( ( +#~~;;FFH FHI /0 V$ X&,,Q/  ..0rGc|jj}|jdd|vr(d}|jt|j |y|jj |t|S)N-cert-v01@openssh.comr3z E E     4 5")) *DNN,I,I; 9K6ADNN 3 IIeH I II:AA+N   $~~??N!5A:ANN %8??IJX  NN , , 0 01BAbE J  *005L II7>>|L  VL$=$=xHII'l  7>>{K  %!LMV-cjj.BCC@@(K   4 5 2 2K2=/UOs  H<H<c |j}|dk(r|jtdt}|j t |j |j|j d|j |j|jdk(r9|jdt|j}|j |n|jdk(r|jd|j|j\}}|j|}|j ||j ||j|jd|j|}|jj!||}|j |n|jdk(r.|j d |j |j"n|jd k(rt%|j|j&} |j)| j+|j,j/||j,j0j3\} }| t4k(r8|j7||j,j0j3\} }| t8k(r|j;} t}|j t< |j | j?|j@| |j|j,j/| |j,j0j3\} }| tFk(r|j;} | j?|j@| |j| }|nLt}|j t<|j ||j,jI|t}|j tP|j | jS|j,jTnv| tVk(r tKd | tXk(r\|j[}|j[}|j;}|j;tKd jM|||| t\k(r|j_|ytKd jMtN| |jdk(r~|j,j`rh|j,jb}|je|j|jS|j,jT}|j |n4|jdk(rn$tKdjM|j|j,j/|y|jtdjM|y#tB$r} |jE| cYd} ~ Sd} ~ wwxYw#tB$r} |jE| cYd} ~ Sd} ~ wwxYw)Nrvzuserauth is OKssh-connectionr<Fr_Trgr3rlzReceived Package: {}zServer returned an error tokenzCGSS-API Error: Major Status: {} Minor Status: {} Error Message: {} rorTzUnknown auth method "{}"z!Service request "{}" accepted (?))3rrJr r&rwrrxr7r:rr'r<rr=rr sign_ssh_datar?r.rC add_bytes ssh_gss_oidsr6ry packetizer read_messager_parse_userauth_bannerr get_stringrssh_init_sec_contextrBr/_handle_local_gss_failurer send_messager)rr$r ssh_get_micrr"r!get_intr_parse_userauth_failure gss_kex_used kexgss_ctxt set_username)rDr{rr<rrrblobsigsshgssptypemechr srv_token next_token maj_status min_statuserr_msgkexgss mic_tokens rE_parse_service_acceptz!AuthHandler._parse_service_accept{s **, n $ IIe- . A JJ, - LL ' LL) * LL)) *:- e$T]]+ X&!![0 d#!%!>44AACq////2#~~88EEGHE188<<>D AJJ9:A "77 $ tT]]NN003#'>>#<#<#I#I#Kq $==() II-3-H-H$(MM$($(MM$- ."  *1 %$+I ! +E F ! Z 8 $ ; ;A >-6 AJJ78LL!3!3DNN4M4M!NO88 ''GHH77!"J!"JllnGLLN& F& G 22003&.55i6FG  N2NN//33##DMM2"..t~~/H/HI  Y'!!V+".55d6F6FG NN ( ( + II:AA'J [*A#==a@@A$2I'+'E'Ea'H HIs<,6X?(X* X' X"X'"X'* Y3Y Y Yct}|tk(rB|jtdj ||j t d|_n|jtdj ||j t|j|jjj||tk(r|jdn&|jd|xjdz c_|jj!||jdk\r|j#|tk(r|jj%yy)NzAuth granted ({}).TzAuth rejected ({}).F )r&r rJr rrwr r8r rxr6rget_allowed_authsrrrAryr _auth_trigger)rDr7methodresultr{s rE_send_auth_resultzAuthHandler._send_auth_results I _ $ IId077? @ JJ, -!%D  IId188@ A JJ, - LL,,>>xH 22 d# e$$$)$ $$Q'   2 %  ) ) + _ $ NN ( ( * %rGct}|jt|j|j|j|j |jt |jt|j|jD]*}|j|d|j|d,|jj|y)Nrr) r&rwrrxname instructionsbytesr~lenpromptsrr6ry)rDqr{ps rE_interactive_queryzAuthHandler._interactive_querys I -. QVV Q^^$ UW #aii.! A LL1  MM!A$   $$Q'rGc | |jjs]t}|jt|j d|j d|jj|y|jry|j}|j}|j}|jtdj||||dk7r|jy|j6|j|k7r'|jtd|j!y||_|jj"j%}|dk(r'|jj"j'|}nE|dk(r|j)}|j+} |j-d}|rA|jtd|j+} | j-dd } t0}n|jj"j3||}n|d k(rC|j)} |j} |j+} |j5| | } | |j!y|jj"jC|| }|t0k7r| s]t}|jtD|j | |j | |jj|yt|j+}|jG| ||| }| jI||sx|jt8d t0}nZ|dk(rY|jK}|jj"jM||}tO|tPr|jS|y|dk(r*|r'tU|}|jW}|dkDr&|jt8d|j!|jK}|jY|}|s&|jt8d|j!|j[d}t}|jt\|j_|ta|||j_1tdtfthf|j_5|jj|y|dk(r|r|jK}|jjl}|t0}|jo||| |jq||jjr|jtt}|jj"jw||n%|jj"j'|}|jo|||y#t.$rY.wxYw#t.$rYwxYw#t6$r;}|jt8d jt;|d} Yd}~d}~wt<$rI}d }|jt8|j|j>j@|d} Yd}~d}~wwxYw#t<$rt0}|jo|||wxYw)NrTFz.Auth request (type={}) service={}, username={}rzKAuth rejected because the client attempted to change username in mid-flightr<zUTF-8z+Auth request to change passwords (rejected)rr_zAuth rejected: public key: {}z9Auth rejected: unsupported or mangled public key ({}: {})z Auth rejected: invalid signaturergrlrz8Disconnect: Received more than one GSS-API OID mechanismz5Disconnect: Received an invalid GSS-API OID mechanismserverro)>//BBD V ^^11AA(KF z ! I||~H #??73  %!NOlln "-"4"4Wi"HK%55IIh{ "==?L IllnG 55iI{--/^^11FF#F$# AJJ23LL+LL)NN003alln---(I))$4IId$FG(F - -J^^11HH*F&"23''/ ( (XV_FIIKEqy N--/<<>L++L9G K--/#00:N A JJ4 5 KK '*Bf+DNN '*$#/DNN + NN ( ( +  ~ %( I^^//F~$&&x@ $$t~~88$:L:L%F NN ( ( @ @& ^^11AA(KF x8G   $    $ ? F Fs1v NO Q $ 1;;+?+? CD r $&&x@ sT-W 'W0 X 1Z W-,W-0 W=<W= Z 0X?? Z >ZZ$Z;c|jtdj|jd|_|j j |j|jjyy)NzAuthentication ({}) successful!T) rJr rr:r8r6rr9rrrzs rE_parse_userauth_successz#AuthHandler._parse_userauth_successs^ 3::4;K;KL " $$& ?? & OO   ! 'rGc|j}|j}|rS|jtd|jtdt |zt ||j_n|j|vrcdj|jdj|fD]}|jt|td||j_n/|jtdj|jd|_ d|_ |j|jjyy)NzAuthentication continues...z Methods: z'Authentication type ({}) not permitted.zAllowed methods: {}zBad authentication typeAuthentication ({}) failed.F)get_listrrJr r rr,r6saved_exceptionr:rr+r8r7r9rr)rDr{authlistpartialrs rErz#AuthHandler._parse_userauth_failures::<--/  IId9 : IIe[3x=8 9-B8-LDNN *   X -9@@$$&,,X6  &  %%  &.C)8.DNN * II3::4;K;KL # ?? & OO   ! 'rGc||j}||_|jtdj |y)NzAuth banner: {})rr;rJr r)rDr{r;s rErz"AuthHandler._parse_userauth_banners.  $)0089rGc8|jdk7r td|j}|j}|j|j }g}t |D]1}|j |j|jf3|j|||}t}|jt|jt||D]}|j||jj!|y)Nrgz Illegal info request from server)r:r)rrrrangeappendrr>r&rwrr~rrxr6ry) rDr{titlerr prompt_listi response_listrs rE_parse_userauth_info_requestz(AuthHandler._parse_userauth_info_requests   5 5AB B zz|  ))+ w @A    ammo> ? @00 <  I ./ #m$% A LLO  $$Q'rGc|jjs td|j}g}t |D]!}|j |j #|jjj|}t|tr|j|y|j|jd|y)Nz!Illegal info response from serverrg)r6rPr)rr!r"rrcheck_auth_interactive_responserr-rrr@)rDr{n responsesr%rs rE_parse_userauth_info_responsez)AuthHandler._parse_userauth_info_responses~~))BC C IIK q +A   QZZ\ * +--MM   f. /  # #F +      6 rGc6||j_|jtdj ||jt dj |j d|_d|_|j|jjy)NzGSSAPI failure: {}rF) r6rrJr rr r:r8r7r9rr)rDrs rErz%AuthHandler._handle_local_gss_failure*st)*& %-44Q78 $5<"> &(J(J   rGc t|jt|jt|j t |jt|jiSrI) rrrrrrrrrr(rMs rE_client_handler_tablez!AuthHandler._client_handler_tableHsE  : : $">"> $">"> !> % %-- --- -rGNr3)'r __module__ __qualname____doc__rFrJrNrQr\rardrirmrprsrXrrrrrrrrrrrrrrrrr(r-rpropertyr0r2r4rGrEr1r1Ms$$*"! * * * * **" (  ' <1& E FPCJ+0 (o9b""<: (* $$    ..rGr1ceZdZdZdZdZdZedZedZ edZ edZ d Z d Z d Zd Zd Zeeeeee eeiZedZy)r zA specialized Auth handler for gssapi-with-mic During the GSSAPI token exchange we need a modified dispatch table, because the packet type numbers are not unique. rlc ||_||_yrI) _delegater)rDdelegaters rErFz!GssapiWithMicAuthHandler.__init__es! rGcV|j|jjSrI)_restore_delegate_auth_handlerr=rsrMs rErszGssapiWithMicAuthHandler.abortis! ++-~~##%%rGc.|jjSrI)r=r6rMs rEr6z"GssapiWithMicAuthHandler.transportms~~'''rGc.|jjSrI)r=rrMs rErz*GssapiWithMicAuthHandler._send_auth_resultqs~~///rGc.|jjSrI)r=r@rMs rEr@z&GssapiWithMicAuthHandler.auth_usernameus~~+++rGc.|jjSrI)r=rBrMs rErBz!GssapiWithMicAuthHandler.gss_hostys~~&&&rGc:|j|j_yrI)r=r6r rMs rEr@z7GssapiWithMicAuthHandler._restore_delegate_auth_handler}s&*nn#rGc(|j}|j} |j|j||j}|lt}|jt|j|t t"t$f|j _|j j)|yy#t $rT}||j _t}|j|j|j|j|d}~wwxYwrI)rrssh_accept_sec_contextrBr@rr6rrr@rrr&rwrrxr r#rr ry)rDr{ client_tokenrtokenrrs rE_parse_userauth_gssapi_tokenz5GssapiWithMicAuthHandler._parse_userauth_gssapi_tokens||~  11 |T-?-?E   A JJ1 2 LL )'$/DNN + NN ( ( +   -.DNN * F  / / 1  " "4#5#5t{{F K   s'B44 D=AD  Dc|j}|j}|j}|j |j ||j j |t}|j jj|||j||j|y#t$r:}||j _t}|j||j|d}~wwxYwrI)rrr@r@r r6rrrrrrr rcheck_auth_gssapi_with_mic)rDr{rrr7rrs rE_parse_userauth_gssapi_micz3GssapiWithMicAuthHandler._parse_userauth_gssapi_micsLLN %% ++-   4>>44h ! $$?? f  xf= -.DNN * F  " "8T[[& A   s'B++ C.45C))C.cX|j|jj|SrI)r@r=rrzs rErz/GssapiWithMicAuthHandler._parse_service_requests# ++-~~44Q77rGcX|j|jj|SrI)r@r=rrzs rErz0GssapiWithMicAuthHandler._parse_userauth_requests# ++-~~55a88rGc|jSrI)(_GssapiWithMicAuthHandler__handler_tablerMs rEr4z'GssapiWithMicAuthHandler._handler_tables###rGN)rr6r7r8rrFrsr9r6rr@rBr@rJrMrrrrr r#rQr4r:rGrEr r \s F&((00,,''5,4>089 35!#?!; O$$rGr cTeZdZdZefdZd dZdZdZdZ d dZ dZ xZ S) AuthOnlyHandlerzU AuthHandler, and just auth, no service requests! .. versionadded:: 3.2 cFt|j}|t=|SrI)superr2copyr)rDmy_tablers rEr2z%AuthOnlyHandler._client_handler_tables$70557 ' (rGc||_||_t}|jt|j ||j d|j ||||j j5|j j|dddtj|_ |j|jS#1swY=xYw)a Submit a userauth request message & wait for response. Performs the transport message send call, sets self.auth_event, and will lock-n-block as necessary to both send, and wait for response to, the USERAUTH_REQUEST. Most callers will want to supply a callback to ``finish_message``, which accepts a Message ``m`` and may call mutator methods on it to add more fields. rN) r:r7r&rwrrxr6rVry threadingEventr9r)rDr7rfinish_messager{s rEsend_auth_requestz!AuthOnlyHandler.send_auth_requests"  I () X %& Vq^^  , NN ( ( + ,$//+%%doo66 , ,s ?CC c&|j|dSrSr\)rDr7s rEr\zAuthOnlyHandler.auth_nones%%h77rGc|j\}|j||jd|fd}|j|d|S)Nrc|jd|j|j|jjy)NT)rrxr)r{rrrr`s rEfinishz.AuthOnlyHandler.auth_publickey..finishsB MM$  LL # LL  LL**4; .finishs! MM% LL8 %rGr<r^)rDr7r<ras ` rErdzAuthOnlyHandler.auth_passwords &%%h FCCrGcPd|_||_fd}|j|d|S)rfkeyboard_interactivecJ|jd|jy)Nr3)rx)r{r?s rEraz0AuthOnlyHandler.auth_interactive..finish/s LL  LL $rGrg)r:r>r\)rDr7rhr?ras ` rEriz AuthOnlyHandler.auth_interactive%s22#*  % %%h0FOOrGcd}|jt||jdd}||vs||vr||vr|n|}d|d}|}n |d}|d|}|jt||S)NzdServer did not send a server-sig-algs list; defaulting to something in our preferred algorithms listrr3zCurrent key type, z&, is in our preferred list; using thatrz3 not in our list - trying first list item instead, )rJr r)rDrrrnoncert_key_typeactualalgos rErz1AuthOnlyHandler._choose_fallback_pubkey_algorithm8st %#++,CRH x #3x#?!)X!5X;KF&vj0VWCDA;DL STXS[\C % rGrIr5) rr6r7r8r9r2r\r\rardrir __classcell__)rs@rErSrSs> '7R8E,DP& rGrS);r8r4rYrrparamiko.commonrrrrrrr r r r r rrrrrrrrrrrrrrrrrrr r!r"r#r$r%paramiko.messager& paramiko.utilr'r(paramiko.ssh_exceptionr)r*r+r,paramiko.serverr-paramiko.ssh_gssr.r/r1r rSr:rGrErrs& $$$$$$$$$$J% -4L .L .^i$i$X|k|rG