hoSrSSKJr SSKrSSKJrJrJr SSKJ r J r SSK J r J r Jr SSKJrJr SSKJr SS KJr SS KJr SS KJrJr SS KJr SS KJr SSKJ r SSK!J"r" SSK#J$r$ \\\ RJ\ RJ\/S44r&"SS\ RN5r("SS\ RN5r)Sr*Sr+Sr,Sr-Sr.Sr/0r0\1"\2"5Rg55Hur4r5\4SSS:XdM\4\0\5'M \0\(l6\0\)l6C0C5Sr7Sr8g)z Implementation of the ssh-userauth service. Currently implemented authentication types are public-key and password. Maintainer: Paul Swartz ) annotationsN)CallableTupleType)error interfaces)keysservice transport)NSgetNS)Key) credentials)UnauthorizedLogin)deferreactor)Deferred) IReactorTime)Logger)failure) nativeStringc\rSrSr%SrSrSrSrSr\ "\ 5r S\ S'\ RS \ RS 0r\"5rS rS rS rSSjrSSjrSSjrSrSrSSjrSSjrSrSrSrg)SSHUserAuthServer"a A service implementing the server side of the 'ssh-userauth' service. It is used to authenticate the user on the other side as being able to access this server. @ivar name: the name of this service: 'ssh-userauth' @type name: L{bytes} @ivar authenticatedWith: a list of authentication methods that have already been used. @type authenticatedWith: L{list} @ivar loginTimeout: the number of seconds we wait before disconnecting the user for taking too long to authenticate @type loginTimeout: L{int} @ivar attemptsBeforeDisconnect: the number of failed login attempts we allow before disconnecting. @type attemptsBeforeDisconnect: L{int} @ivar loginAttempts: the number of login attempts that have been made @type loginAttempts: L{int} @ivar passwordDelay: the number of seconds to delay when the user gives an incorrect password @type passwordDelay: L{int} @ivar interfaceToMethod: a L{dict} mapping credential interfaces to authentication methods. The server checks to see which of the cred interfaces have checkers and tells the client that those methods are valid for authentication. @type interfaceToMethod: L{dict} @ivar supportedAuthentications: A list of the supported authentication methods. @type supportedAuthentications: L{list} of L{bytes} @ivar user: the last username the client tried to authenticate with @type user: L{bytes} @ivar method: the current authentication method @type method: L{bytes} @ivar nextService: the service the user wants started after authentication has been completed. @type nextService: L{bytes} @ivar portal: the L{twisted.cred.portal.Portal} we are using for authentication @type portal: L{twisted.cred.portal.Portal} @ivar clock: an object with a callLater method. Stubbed out for testing. ssh-userauthirclock publickeypasswordcH/UlSUlSUlSUlURR R Ul/UlUR R5H<nXR;dMURRURU5 M> URRS5(d+SUR;aURRS5 URRURUR 5Ulg)z Called when the userauth service is started. Set up instance variables, check if we should allow password authentication (only allow if the outgoing connection is encrypted) and set up a login timeout. rNinr )authenticatedWith loginAttemptsuser nextServicer factoryportalsupportedAuthenticationslistCredentialsInterfacesinterfaceToMethodappend isEncryptedremover callLater loginTimeouttimeoutAuthentication_cancelLoginTimeout)selfis a/root/1688_scrapy/alibaba-scraper/venv/lib/python3.13/site-packages/twisted/conch/ssh/userauth.pyserviceStarted SSHUserAuthServer.serviceStartedZs"$ nn,,33 (*%668A***--44T5K5KA5NO9~~))$//d;;;--44[A#'::#7#7   t99$  cjUR(a"URR5 SUlgg)z] Called when the userauth service is stopped. Cancel the login timeout if it's still going. N)r2cancelr3s r5serviceStopped SSHUserAuthServer.serviceStoppedts,  # #  $ $ + + -'+D $ $r8cfSUlURR[RS5 g)z} Called when the user has timed out on authentication. Disconnect with a DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE message. Nsyou took too long)r2r sendDisconnect)DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLEr;s r5r1'SSHUserAuthServer.timeoutAuthentication}s* $(  %%  ? ?AU r8cURRSX!S9 XR;a*[R"[ R "S55$URSS5RS5n[USU3S5nUb:U"U5nUc-[R"[ R "US 355$U$[R"[ R "S U355$) a\ Try to authenticate the user with the given method. Dispatches to a auth_* method. @param kind: the authentication method to try. @param user: the username the client is authenticating with. @param data: authentication specific data sent by the client. @return: A Deferred called back if the method succeeded, or erred back if it failed. z{user!r} trying auth {kind!r})r%kindz#unsupported authentication, failing-_asciiauth_Nz" return None instead of a Deferredzbad auth type: ) _logdebugr)rfailr ConchErrorreplacedecodegetattr)r3rCr%datastrkindfrets r5tryAuthSSHUserAuthServer.tryAuths 7dN 44 4::e../TUV V,,tT*11':JQ E'#TK  =D'C{zz$$y0R%ST zz%**_WI+FGHHr8c[US5up#pEX R:wdX0R:wa/UlX lX0lX@lUR XBU5nU(d:UR [R"[R"S555 gURUR5RUR5RUR 5$)z The client has requested authentication. Payload:: string user string next service string method @type packet: L{bytes} zauth returned noneN)r r%r&r#methodrS _ebBadAuthrFailurerrK addCallback_cbFinishedAuth addErrback_ebMaybeBadAuth)r3packetr%r&rWrestds r5ssh_USERAUTH_REQUEST&SSHUserAuthServer.ssh_USERAUTH_REQUESTs+0*:'6 99  /?/? ?%'D " & LLt , OOGOOE,<,<=Q,RS T MM$.. / Z,, - Z ( r8cUup#nURceX0RlX@RlURRR URUR 5nU(d#[ R"SUR 35eURRSURURS9 URR[S5 URRU"55 g)z The callback when user has successfully been authenticated. For a description of the arguments, see L{twisted.cred.portal.Portal.login}. We start the service requested by the user. Nzcould not get next service: z&{user!r} authenticated with {method!r}r%rWr8)r avatarlogoutFunctionr' getServicer&rrKrHrIr%rW sendPacketMSG_USERAUTH_SUCCESS setService)r3result interfacerelogoutr s r5r[!SSHUserAuthServer._cbFinishedAuths '-#F~~))) &(.%..((33DNNDDTDTU""%A$BRBRAS#TU U  4499T[[   !!"6< !!'),r8cUR[R5 URR [ [ SRUR55S-5 g)z An intermediate errback. If the reason is error.NotEnoughAuthentication, we send a MSG_USERAUTH_FAILURE, but with the partial success indicator set. @type reason: L{twisted.python.failure.Failure} ,N) traprNotEnoughAuthenticationr rhMSG_USERAUTH_FAILUREr joinr)r3reasons r5r]!SSHUserAuthServer._ebMaybeBadAuthsG  E112 !! "TYYt/L/L%M"NQX"X r8cvUR[R5(agURS:wGa>URR SUR URS9 UR[5(a)URR SUR5S9 OrUR[R5(a)URR SUR5S9 O%URRS UUR S 9 U=RS - sl URUR:a+URR[RS 5 gURR!["[%S R'UR(55S-5 g)aC The final errback in the authentication chain. If the reason is error.IgnoreAuthentication, we simply return; the authentication method has sent its own response. Otherwise, send a failure message and (if the method is not 'none') increment the number of login attempts. @type reason: L{twisted.python.failure.Failure} Nnonez{user!r} failed auth {method!r}rdzunauthorized login: {message})messagezreason: {reason})rwz#Error checking auth for user {user})rr%rstoo many bad authsrp)checkrIgnoreAuthenticationrWrHrIr%rgetErrorMessagerKrr$attemptsBeforeDisconnectr r?r@rhrtr rur)rvs r5rXSSHUserAuthServer._ebBadAuthsU <<22 3 3  ;;' ! IIOO1 $++  ||-.. 3V=S=S=U e..//  26;Q;Q;ST !!9""   ! # !!D$A$AA--GG) !! "TYYt/L/L%M"NQX"X r8c[USS5n[USSS5up4n[RR U5 U=(a [U5S=(d SnU(GaURcS5eURRcS5e[URR5[!["45-[UR$5-[UR&5-[S 5-[!U45-[U5-[U5-n[(R*"UR$X4X5n UR,R/U S[0R25n U $[(R*"UR$X4SS5n UR,R/U S[0R25R5UR6USS5n U $![R a] SR URS55nURRU5 [R"[U55s$f=f) z Public key authentication. Payload:: byte has signature string algorithm name string key blob [string signature] (if has signature is True) Create a SSHPublicKey credential and verify it using our portal. rrNz"Unsupported key type {} or bad keyrFzmust have transport for authzmust have session for authr)ordr r r fromString BadKeyErrorformatrMrHrrrJrr sessionIDr bytesMSG_USERAUTH_REQUESTr%r&r SSHPrivateKeyr(loginr IConchUserr\ _ebCheckKey) r3r^hasSigalgNameblobr_r signaturebcrks r5auth_publickey SSHUserAuthServer.auth_publickey s VAa[!#F12J2t 8 HH   % -uT{1~5 >>- M/M M->>++7 U9U U74>>++,-/01TYY- T%%&'\" #  " # W+ T( ))$))WAQA[[&&q$ 0E0EFF  ))$))WD$OA[[&&q$ 0E0EFQQ  &*F 5 88??w@WXE IIOOE "::/67 7 8sG$$A.IIcURceUR[R5 URR [ U5 [ R"[R"55$)z Called back if the user did not sent a signature. If reason is error.ValidPublicKey then this key is valid for the user to authenticate with. Send MSG_USERAUTH_PK_OK. ) r rrrValidPublicKeyrhMSG_USERAUTH_PK_OKrrYr~)r3rwr^s r5rSSHUserAuthServer._ebCheckKey5sS ~~))) E(() !!"4f=u99;<UTR;aTRRU5$[TR5$)z Invoked once per authentication method in order to extract a comparison key which is then used for sorting. @param meth: the authentication method. @type meth: L{bytes} @return: the comparison key for C{meth}. @rtype: L{int} )rindexlen)methr3s r5orderByPreferenceASSHUserAuthClient.ssh_USERAUTH_FAILURE..orderByPreferences=t*****00664..//r8c3L># UHnUTR;dMUv M g7fr)r#).0rr3s r5 9SSHUserAuthClient.ssh_USERAUTH_FAILURE..s( 3Dt5553s$ $rp)keyzcan continue with: {methods})methodsN) r rr#r,rsortedsplitrHrI_cbUserauthFailureiter)r3r^ canContinuepartialrs` r5ssh_USERAUTH_FAILURE&SSHUserAuthClient.ssh_USERAUTH_FAILUREs, %V} g,   " " ) )$-- 8 0" '--d3  "   6 L&&tT+->??r8cU(ag[U5n[R"URU5nUR UR U5 U$![ a- URR[RS5 gf=f)Ns(no more authentication methods available) nextr maybeDeferredrSrZr StopIterationr r?r@)r3rkiteratorrWr`s r5r$SSHUserAuthClient._cbUserauthFailuresv   (^F##DLL&9A MM$118 <H  NN ) )CC;  s A4B  B c [US[URRSS55-S5nUbU"U5$UR SS5 g)z This message (number 60) can mean several different messages depending on the current authentication type. We dispatch to individual methods in order to handle this request. zssh_USERAUTH_PK_OK_%srDrENrzr8)rNrrrLr)r3r^funcs r5ssh_USERAUTH_PK_OK$SSHUserAuthClient.ssh_USERAUTH_PK_OKsR   #l4==3H3Ht3T&U U    <  OOGS )r8c0URn[URR5[ [ 45-[UR 5-[URR5-[S5-S-[UR55-[UR55-nURX#5nU(dURSS5 gURUR5 URUR 5 g)zn This is MSG_USERAUTH_PK. Our public key is valid, so we create a signature and try to authenticate with it. rrzr8N)rr r rrrr%rrsshTypersignDatarrZ _cbSignedDatar\r)r3r^ publicKeyrr`s r5ssh_USERAUTH_PK_OK_publickey.SSHUserAuthClient.ssh_USERAUTH_PK_OK_publickeys && t~~'' ()+, -m ##$ %      ""$%  &!" #  MM) ' OOGS )  d(() T\\"r8c(^^[US5ump#S=TlTlTRS5nUR TR TR 5nURUU4Sj5 UR TRTR 5 g)z This is MSG_USERAUTH_PASSWD_CHANGEREQ. The password given has expired. We ask for an old password and a new password, then send both back to the server. rNsOld Password: c&>TRT5$r) getPassword)rpromptr3s r5?SSHUserAuthClient.ssh_USERAUTH_PK_OK_password..%sd&6&6v&>r8) r _oldPass_newPassr addCallbacks _setOldPassrrZ _setNewPass)r3r^languager_r`rs` @r5ssh_USERAUTH_PK_OK_password-SSHUserAuthClient.ssh_USERAUTH_PK_OK_passwordst "'vq!1(,,    . / NN4++T\\ : >? t''6r8c[US5up#pE[R"SUSS5SnUSSn/n[U5H>n[U5up[ [ USS55n USSnUR X45 M@ URX#U5n U RUR5 U RUR5 g)z This is MSG_USERAUTH_INFO_RESPONSE. The server has sent us the questions it wants us to answer, so we ask the user and sent the responses. rV!LNrr) r structunpackrangeboolrr,getGenericAnswersrZ_cbGenericAnswersr\r) r3r^r instructionlangrO numPromptspromptsr4rechor`s r5'ssh_USERAUTH_PK_OK_keyboard_interactive9SSHUserAuthClient.ssh_USERAUTH_PK_OK_keyboard_interactive(s ).fa(8%4]]4bq215 ABxz"A ;LFD1I'D8D NNF> * #  " "4g > d,,- T\\"r8cURnURSS[UR55-[UR 55-[U5-5 g)z Called back out of self.signData with the signed data. Send the authentication request with the signature. @param signedData: the data signed by the user's private key. @type signedData: L{bytes} rrN)rrr rr)r3 signedDatars r5rSSHUserAuthClient._cbSignedData;sN&&    b**,- -9>>3C0D Dr*~ U r8cXlg)z Called back when we are choosing a new password. Simply store the old password for now. @param op: the old password as entered by the user @type op: L{bytes} N)r)r3ops r5rSSHUserAuthClient._setOldPassIs  r8c~URnSUlURSS[U5-[U5-5 g)z Called back when we are choosing a new password. Get the old password and send the authentication message with both. @param np: the new password as entered by the user @type np: L{bytes} Nr rq)rrr )r3nprs r5rSSHUserAuthClient._setNewPassSs4]]   Wr"v%52%>?r8c[R"S[U55nUH nU[UR S55- nM" UR R [U5 g)z Called back when we are finished answering keyboard-interactive questions. Send the info back to the server in a MSG_USERAUTH_INFO_RESPONSE. @param responses: a list of L{bytes} responses @type responses: L{list} rUTF8N)r packrr encoder rhMSG_USERAUTH_INFO_RESPONSE)r3 responsesrOrs r5r#SSHUserAuthClient._cbGenericAnswers_sO{{4Y0A Bqxx'( (D !!"R>RSSr8cl[U[R5(dSnUbXlURR U5 UR RSUR5S9 URSS[UR55-[UR55-5 gg)Nzusing key of type {keyType})keyTyperr|TF) isinstancer rrrr,rHrItyperr rr)r3rs r5r*!SSHUserAuthClient._cbGetPublicKeyus)TXX..I  !*   ' ' 2 IIOO99>>CSO T OOg9+<+<+>(??"Y^^EUBVV r8cUR5nU(a'URURUR5 gg)z Try to authenticate with a password. Ask the user for a password. If the user will return a password, return True. Otherwise, return False. TF)rr _cbPasswordr)r3r`s r5rSSHUserAuthClient.auth_passwords3     NN4++T\\ :r8cURRS5 URS[S5[S5-5 g)zp Try to authenticate with keyboard-interactive authentication. Send the request to the server and return True. z!authing with keyboard-interactiverr8T)rHrIrr r;s r5auth_keyboard_interactive+SSHUserAuthClient.auth_keyboard_interactives4 ;< /C2c71BCr8c@URSS[U5-5 g)z~ Called back when the user gives a password. Send the request to the server. @param password: the password the user entered r r|N)rr )r3rs r5r2SSHUserAuthClient._cbPasswords  Wr(|%;[R"[55$)z Return a L{Deferred} that will be called back with the private key object corresponding to the last public key from getPublicKey(). If the private key is not available, errback on the Deferred. rrJNotImplementedErrorr;s r5r:SSHUserAuthClient.getPrivateKeys zz-/00r8Nc>[R"[55$)z Return a L{Deferred} that will be called back with a password. prompt is a string to display for the password, or None for a generic 'user@hostname's password: '. @type prompt: L{bytes}/L{None} @rtype: L{defer.Deferred} rD)r3rs r5rSSHUserAuthClient.getPasswordszz-/00r8c>[R"[55$)ao Returns a L{Deferred} with the responses to the promopts. @param name: The name of the authentication currently in progress. @param instruction: Describes what the authentication wants. @param prompts: A list of (prompt, echo) pairs, where prompt is a string to display and echo is a boolean indicating whether the user's response should be echoed as they type it. rD)r3rrrs r5r #SSHUserAuthClient.getGenericAnswersszz-/00r8)rrr#rrrrr%)r%rrzservice.SSHService)rr)rCrrrrr)rCrrzNone | Deferred[bool])rzDeferred[bool])rzKey | failure.Failure | Nonerr )rr )rrrr)rkeys.KeyrrrzDeferred[bytes] | None)r?rKrrrr)rz Key | None)rz Deferred[Key]r)$rrrrrrrrrr6rrSrrrrrrrrrrrrrr*rr5r2rr;r(r:rr rrr8r5rrXs2"D%!#NK !&   .&16@p * #0 7#&   @ DT $ =;* )1 1 1r8r2345=<rMSG_)9r __future__rr typingrrr twisted.conchrrtwisted.conch.sshr r r twisted.conch.ssh.commonr r twisted.conch.ssh.keysr twisted.credrtwisted.cred.errorrtwisted.internetrrtwisted.internet.deferrtwisted.internet.interfacesrtwisted.loggerrtwisted.pythonrtwisted.python.compatrrr SSHServicerrrrtriMSG_USERAUTH_BANNERr#rmessageslistlocalsitemskvprotocolMessagesMSG_USERAUTH_PASSWD_CHANGEREQMSG_USERAUTH_INFO_REQUESTrr8r5rls  # ((+66.&$0++4!".  !6!6T8JJ s**sl Y1**Y1x   ! "DAq!u  #&."%-" !#r8