oh,dZddlmZddlmZddlmZddlmZGddZ Gd d e Z Gd d e Z Gd de Z Gdde Z Gdde ZedddgZGddeZGddeZGddZy)z Modern, adaptable authentication machinery. Replaces certain parts of `.SSHClient`. For a concrete implementation, see the ``OpenSSHAuthStrategy`` class in `Fabric `_. ) namedtuple)AgentKey) get_logger)AuthenticationExceptionc(eZdZdZdZdZdZdZy) AuthSourcez Some SSH authentication source, such as a password, private key, or agent. See subclasses in this module for concrete implementations. All implementations must accept at least a ``username`` (``str``) kwarg. c||_yNusername)selfr s h/var/www/pru.catia.catastroantioquia-mas.com/tasa/lib/python3.12/site-packages/paramiko/auth_strategy.py__init__zAuthSource.__init__s   c |jDcgc] \}}|d|}}}dj|}|jjd|dScc}}w)N=z, ())itemsjoin __class____name__)rkwargskvpairsjoineds r_reprzAuthSource._reprs\+1,,.9$!QA3au995!..))*!F8155:sAc"|jSr )rrs r__repr__zAuthSource.__repr__"szz|rct)z) Perform authentication. NotImplementedErrorr transports r authenticatezAuthSource.authenticate%s "!rN)r __module__ __qualname____doc__rrr"r(rrr r s!6"rr ceZdZdZdZy)NoneAuthzS Auth type "none", ie https://www.rfc-editor.org/rfc/rfc4252#section-5.2 . c8|j|jSr ) auth_noner r&s rr(zNoneAuth.authenticate1s""4==11rNrr)r*r+r(r,rrr.r.,s 2rr.c2eZdZdZfdZfdZdZxZS)Passworda Password authentication. :param callable password_getter: A lazy callable that should return a `str` password value at authentication time, such as a `functools.partial` wrapping `getpass.getpass`, an API call to a secrets store, or similar. If you already know the password at instantiation time, you should simply use something like ``lambda: "my literal"`` (for a literal, but also, shame on you!) or ``lambda: variable_name`` (for something stored in a variable). c4t||||_yNr )superrpassword_getter)rr r7rs rrzPassword.__init__Ds (+.rc8t||jS)N)user)r6rr )rrs rr"zPassword.__repr__Hsw}$--}00rcZ|j}|j|j|Sr )r7 auth_passwordr )rr'passwords rr(zPassword.authenticateMs)'')&&t}}h??r)rr)r*r+rr"r( __classcell__rs@rr3r35s /1 @rr3ceZdZdZdZy) PrivateKeya Essentially a mixin for private keys. Knows how to auth, but leaves key material discovery/loading/decryption to subclasses. Subclasses **must** ensure that they've set ``self.pkey`` to a decrypted `.PKey` instance before calling ``super().authenticate``; typically either in their ``__init__``, or in an overridden ``authenticate`` prior to its `super` call. cN|j|j|jSr )auth_publickeyr pkeyr&s rr(zPrivateKey.authenticatees'' tyyAArNr1r,rrr@r@Xs  Brr@c,eZdZdZfdZfdZxZS)InMemoryPrivateKeyz1 An in-memory, decrypted `.PKey` object. c4t||||_yr5)r6rrC)rr rCrs rrzInMemoryPrivateKey.__init__ns (+ rczt||j}t|jtr|dz }|S)N)rCz [agent])r6rrC isinstancer)rreprs rr"zInMemoryPrivateKey.__repr__ss6gmm+ dii * : C rrr)r*r+rr"r=r>s@rrErEis rrEc(eZdZdZfdZdZxZS)OnDiskPrivateKeya Some on-disk private key that needs opening and possibly decrypting. :param str source: String tracking where this key's path was specified; should be one of ``"ssh-config"``, ``"python-config"``, or ``"implicit-home"``. :param Path path: The filesystem path this key was loaded from. :param PKey pkey: The `PKey` object this auth source uses/represents. cxt||||_d}||vrtd|||_||_y)Nr )z ssh-configz python-configz implicit-homez source argument must be one of: )r6rsource ValueErrorpathrC)rr rNrPrCallowedrs rrzOnDiskPrivateKey.__init__sH (+ B  ?{KL L  rcx|j|j|jt|jS)N)keyrNrP)rrCrNstrrPr!s rr"zOnDiskPrivateKey.__repr__s/zz $++C N  rrJr>s@rrLrL|s  rrL SourceResultrNresultc(eZdZdZfdZdZxZS) AuthResulta Represents a partial or complete SSH authentication attempt. This class conceptually extends `AuthStrategy` by pairing the former's authentication **sources** with the **results** of trying to authenticate with them. `AuthResult` is a (subclass of) `list` of `namedtuple`, which are of the form ``namedtuple('SourceResult', 'source', 'result')`` (where the ``source`` member is an `AuthSource` and the ``result`` member is either a return value from the relevant `.Transport` method, or an exception object). .. note:: Transport auth method results are always themselves a ``list`` of "next allowable authentication methods". In the simple case of "you just authenticated successfully", it's an empty list; if your auth was rejected but you're allowed to try again, it will be a list of string method names like ``pubkey`` or ``password``. The ``__str__`` of this class represents the empty-list scenario as the word ``success``, which should make reading the result of an authentication session more obvious to humans. Instances also have a `strategy` attribute referencing the `AuthStrategy` which was attempted. c2||_t||i|yr )strategyr6r)rrZargsrrs rrzAuthResult.__init__s   $)&)rc2djd|DS)N c3ZK|]#}|jd|jxsd%yw)z -> successN)rNrV).0xs r z%AuthResult.__str__..s. 9:qxxjQXX23 4 s)+)rr!s r__str__zAuthResult.__str__s" yy >B   r)rr)r*r+rrcr=r>s@rrXrXs<* rrXceZdZdZdZdZy) AuthFailurea Basic exception wrapping an `AuthResult` indicating overall auth failure. Note that `AuthFailure` descends from `AuthenticationException` but is generally "higher level"; the latter is now only raised by individual `AuthSource` attempts and should typically only be seen by users when encapsulated in this class. It subclasses `AuthenticationException` primarily for backwards compatibility reasons. c||_yr rV)rrVs rrzAuthFailure.__init__s  rc2dt|jzS)Nr])rTrVr!s rrczAuthFailure.__str__sc$++&&&rN)rr)r*r+rrcr,rrreres'rrec"eZdZdZdZdZdZy) AuthStrategya This class represents one or more attempts to auth with an SSH server. By default, subclasses must at least accept an ``ssh_config`` (`.SSHConfig`) keyword argument, but may opt to accept more as needed for their particular strategy. c:||_tt|_yr ) ssh_configrrlog)rrls rrzAuthStrategy.__init__s%h'rct)a[ Generator yielding `AuthSource` instances, in the order to try. This is the primary override point for subclasses: you figure out what sources you need, and ``yield`` them. Subclasses _of_ subclasses may find themselves wanting to do things like filtering or discarding around a call to `super`. r$r!s r get_sourceszAuthStrategy.get_sourcess "!rcd}t|}|jD]S}|jjd| |j |}d}|jt|||sSn|s t||S#t $rC}|}|j j}|jjd|d|Yd}~xd}~wwxYw) z Handles attempting `AuthSource` instances yielded from `get_sources`. You *normally* won't need to override this, but it's an option for advanced users. F)rZzTrying TzAuthentication via z failed with Nrg) rXrormdebugr( ExceptionrrinfoappendrUre)rr' succeededoverall_resultrNrVe source_classs rr(zAuthStrategy.authenticates #T2 &&( F HHNNWVH- . ,,Y7 "  ! !,vv"> ?/ 4^4 4)  !{{33  )&|nM sB C9C  CN)rr)r*r+rror(r,rrrjrjs( "+rrjN)r+ collectionsragentrutilr ssh_exceptionrr r.r3r@rErLrUlistrXrerjr,rrr~s#2"":2z2@z@FBB"& z B.8X*>? * * \')'$GGr