Server : Apache/2.4.52 (Ubuntu) System : Linux webserver 6.8.0-49-generic #49~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Nov 6 17:42:15 UTC 2 x86_64 User : www-data ( 33) PHP Version : 8.1.2-1ubuntu2.21 Disable Function : NONE Directory : /lib/python3/dist-packages/twisted/conch/client/__pycache__/ |
o
�����b�.����������������������@���s����d�Z�ddlZddlZddlZddlZddlZddlmZ�ddlm Z �ddl
m
Z
m
Z
�ddl
mZ�ddlmZmZmZ�ddlmZmZmZ�dd lmZ�dd
lmZ�d
Ze
Z
e
Z d
d
��Z dd��Z!dd��Z"G�dd��dej#�Z#dS�)aN��
Various classes and functions for implementing user-interaction in the
command-line conch client.
You probably shouldn't use anything in this module directly, since it assumes
you are sitting at an interactive terminal. For example, to programmatically
interact with a known_hosts database, use L{twisted.conch.client.knownhosts}.
�����N)�
decodebytes)�agent)� ConsoleUI�KnownHostsFile)�
ConchError)�common�keys�userauth)�defer�protocol�reactor)�
nativeString)�FilePathz~/.ssh/known_hostsc�����������������C���sV���|�j�jd�}tj�|�}t�t|�j�jd�ptj �
t
���}t
dd���}|�
||||�S�)a%��
Verify a host's key.
This function is a gross vestige of some bad factoring in the client
internals. The actual implementation, and a better signature of this logic
is in L{KnownHostsFile.verifyHostKey}. This function is not deprecated yet
because the callers have not yet been rehabilitated, but they should
eventually be changed to call that method instead.
However, this function does perform two functions not implemented by
L{KnownHostsFile.verifyHostKey}. It determines the path to the user's
known_hosts file based on the options (which should really be the options
object's job), and it provides an opener to L{ConsoleUI} which opens
'/dev/tty' so that the user will be prompted on the tty of the process even
if the input and output of the process has been redirected. This latter
part is, somewhat obviously, not portable, but I don't know of a portable
equivalent that could be used.
@param host: Due to a bug in L{SSHClientTransport.verifyHostKey}, this is
always the dotted-quad IP address of the host being connected to.
@type host: L{str}
@param transport: the client transport which is attempting to connect to
the given host.
@type transport: L{SSHClientTransport}
@param fingerprint: the fingerprint of the given public key, in
xx:xx:xx:... format. This is ignored in favor of getting the fingerprint
from the key itself.
@type fingerprint: L{str}
@param pubKey: The public key of the server being connected to.
@type pubKey: L{str}
@return: a L{Deferred} which fires with C{1} if the key was successfully
verified, or fails if the key could not be successfully verified. Failure
types may include L{HostKeyChanged}, L{UserRejectedKey}, L{IOError} or
L{KeyboardInterrupt}.
�host�
known-hostsc�������������������S���s���t�dddd�S�)N�/dev/ttyzr+br���)� buffering)�_open��r���r����>/usr/lib/python3/dist-packages/twisted/conch/client/default.py�<lambda>V���s����z verifyHostKey.<locals>.<lambda>)�factory�optionsr����Key�
fromStringr����fromPathr����os�path�
expanduser�
_KNOWN_HOSTSr����
verifyHostKey)� transportr����pubKey�
fingerprint�
actualHost� actualKey�kh�uir���r���r���r ���'���s���
(
��
r ���c�����������
���
���C���s8��t��|�d�}d}|d�s$tj�tj�d��s$td��t�tj�d���|d�p)t}z
t tj�|�d�}W�n
�t
y?���Y�dS�w�|�P�|�
��D�]B}|�
��}t
|�dk�rTqG|dd��\} }
}
|�| �
d �vreqG|
|krjqGzt|
�}
W�n �tyy���Y�qGw�|
|kr��W�d����d
S�d
}qGW�d����|S�1�s�w���Y��|S�)
z�
Checks to see if host is in the known_hosts file for the user.
@return: 0 if it isn't, 1 if it is and is the same, 2 if it's changed.
@rtype: L{int}
r���r���z~/.ssh/z
Creating ~/.ssh directory...z~/.ssh�rb����N����,��������)r����getNSr
���r
����existsr
����print�mkdirr ����open�OSError� readlines�split�lenr����
BaseException)
r���r"���r����keyType�retVal�kh_file�
known_hosts�liner4����hosts�
hostKeyType�
encodedKey�
decodedKeyr���r���r����isInKnownHostsZ���sF���
�
���
��r@���c�����������������C���sX���t��t|d�p
tj�t���}g�}|���D�]}|�|��r'|j |vr'|�
|j ��q|p+dS�)a���
Look in known_hosts for a key corresponding to C{host}.
This can be used to change the order of supported key types
in the KEXINIT packet.
@type host: L{str}
@param host: the host to check in known_hosts
@type options: L{twisted.conch.client.options.ConchOptions}
@param options: options passed to client
@return: L{list} of L{str} representing key types or L{None}.
r���N)
r���r���r���r
���r
���r
���r ����
iterentries�
matchesHostr7����append)r���r����
knownHosts�keyTypes�entryr���r���r����getHostKeyAlgorithms����s���
�
�rG���c�������������������@���s����e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d
��Zd
d
��Zd
dd�Z dd��Z
dd��Z
dd��Z
dd��Z
edd���Zeejdd����Zd
S�)
�SSHUserAuthClientc�����������������G���s@���t�jj|�|g|�R����d�|�_||�_g�|�_|js
ddg|_d�S�d�S�)Nz
~/.ssh/id_rsaz
~/.ssh/id_dsa)r ���rH����__init__�keyAgentr���� usedFiles� identitys)�self�userr����argsr���r���r���rI�������s����zSSHUserAuthClient.__init__c�����������������C���st���dt�jv�r2|�jd�s2|�jjdt�jd�d��t�ttj �}|�
t�jd��}|�
|�j
��|�
|�j��d�S�tj�|���d�S�)N�
SSH_AUTH_SOCK�noagentz
using SSH agent {authSock!r})�authSock)r
����environr����_log�debugr
����
ClientCreatorr
���r����SSHAgentClient�
connectUNIX�
addCallback� _setAgent�
addErrback�
_ebSetAgentr ���rH����serviceStarted)rM����cc�dr���r���r���r]�������s���
�
z SSHUserAuthClient.serviceStartedc�����������������C���s ���|�j�r|�j�j����d�|�_�d�S�d�S��N)rJ���r!����loseConnection�rM���r���r���r����serviceStopped����s���
�z SSHUserAuthClient.serviceStoppedc�����������������C���s ���||�_�|�j����}|�|�j��|S�r`���)rJ����
getPublicKeys�addBothr\���)rM����ar_���r���r���r���rZ�������s���
zSSHUserAuthClient._setAgentc�����������������C���s���t�j�|���d�S�r`���)r ���rH���r]���)rM����fr���r���r���r\�������s���z
SSHUserAuthClient._ebSetAgentc��������������
���C���s^���|������!�zt�|�}|W�W��d����S��ttfy$���t���td��w�1�s(w���Y��dS�)z�
Prompt for a password using L{getpass.getpass}.
@param prompt: Written on tty to ask for the input.
@type prompt: L{str}
@return: The input.
@rtype: L{str}
N�PEBKAC)�_replaceStdoutStdin�getpass�KeyboardInterruptr2���r/���r����rM����prompt�pr���r���r����
_getPassword����s���
���z
SSHUserAuthClient._getPasswordNc�����������������C���sf���|rt�|�}nd�t�|�j�|�jj���j�}z|��|��t� ���}t
�
|�W�S��t
y2���t
�
���Y�S�w�)Nz{}@{}'s password: )r
����formatrN���r!����getPeerr���ro����encode�sys�getdefaultencodingr
����succeedr����failrl���r���r���r����
getPassword����s���
�
�z
SSHUserAuthClient.getPasswordc��������������������s������j�r��j����}|dur|S���fdd���jjD��}��jjd��jj|d��|s(dS�|d�}��j�|��tj �
|�}|d7�}tj �
|�sF�����S�zt
j
�|�W�S��t
jy[���������Y�S�w�)z�
Get a public key from the key agent if possible, otherwise look in
the next configured identity file for one.
Nc��������������������s���g�|�] }|��j�vr|�qS�r���)rK���)�.0�xrb���r���r����
<listcomp>����s����z2SSHUserAuthClient.getPublicKey.<locals>.<listcomp>z+public key identities: {identities}
{files})�
identities�filesr���z.pub)rJ����
getPublicKeyr���rL���rT���rU���rK���rC���r
���r
���r
���r.���r���r����fromFile�
BadKeyError)rM����keyr|����filer���rb���r���r}�������s.���
�
�z
SSHUserAuthClient.getPublicKeyc�����������������C���s(���|�j�s
|�j�|���|�S�tj�|�||�S�)z�
Extend the base signing behavior by using an SSH agent to sign the
data, if one is available.
@type publicKey: L{Key}
@type signData: L{bytes}
)rK���rJ����signData�blobr ���rH���)rM���� publicKeyr����r���r���r���r��������s���zSSHUserAuthClient.signDatac��������������
���C���s����t�j�|�jd��}t�j�|�sdS�z
t�tj� |��W�S��tj
yc���t
d�D�]:}d|�jd��}z|��
|��
t����}t�tjj ||d��W����Y�S��tjtfyV���Y�nw�t�td�����Y�S����tys���t���t����Y�dS�w�)z�
Try to load the private key from the last used file identified by
C{getPublicKey}, potentially asking for the passphrase if the key is
encrypted.
���Nr)���z Enter passphrase for key '%s': )�
passphrasez
bad password)r
���r
���r
���rK���r.���r
���ru���r���r���r~����EncryptedKeyError�rangero���rr���rs����getfilesystemencodingr���r���rv���rk���r/���r
����stop)rM���r�����irm���rn���r���r���r����
getPrivateKey��s(���
�
�z SSHUserAuthClient.getPrivateKeyc�����������������C���s����g�}|������8�|rt|�d���|rt|�d���|D�]\}}|�d�}|r.|�t|���q|�t�|���qW�d�����n1�sAw���Y��t�|�S�)Nzutf-8)ri���r/����decoderC����_inputrj���r
���ru���)rM����name�
instruction�prompts� responsesrm����echor���r���r����getGenericAnswers ��s
���
�
�
z#SSHUserAuthClient.getGenericAnswersc�����������������C���s(���t��tdd��}t��tdd��}||fS�)a0��
Open /dev/tty as two streams one in read, one in write mode,
and return them.
@return: File objects for reading and writing to /dev/tty,
corresponding to standard input and standard output.
@rtype: A L{tuple} of L{io.TextIOWrapper} on Python 3.
r���r(����wb)�io�
TextIOWrapperr1���)�cls�stdin�stdoutr���r���r����_openTty/��s���
zSSHUserAuthClient._openTtyc�������������� ���c���st�����t�jt�j}}|����\t�_t�_zdV��W�t�j����t�j����||t�_t�_dS�t�j����t�j����||t�_t�_w�)zv
Contextmanager that replaces stdout and stdin with /dev/tty
and resets them when it is done.
N)rs���r����r����r�����close)r�����oldout�oldinr���r���r���ri���=��s����
�
z%SSHUserAuthClient._replaceStdoutStdinr`���)�__name__�
__module__�
__qualname__rI���r]���rc���rZ���r\���ro���rw���r}���r����r����r�����
classmethodr�����
contextlib�contextmanagerri���r���r���r���r���rH�������s"����
rH���)$�__doc__r����rj���r����r
���rs����base64r����twisted.conch.clientr���� twisted.conch.client.knownhostsr���r����twisted.conch.errorr����twisted.conch.sshr���r���r ����twisted.internetr
���r
���r
����twisted.python.compatr
����twisted.python.filepathr���r ���r1���r����inputr����r ���r@���rG���rH���r���r���r���r����<module>���s*���
3'