Ii,SrSSKJr SSKJr SSKJr SSKJr "SS5r "S S \ 5r "S S \ 5r "S S\ 5r "SS\ 5r "SS\ 5r\"SSS/5r"SS\5r"SS\5r"SS5rg)z Modern, adaptable authentication machinery. Replaces certain parts of `.SSHClient`. For a concrete implementation, see the ``OpenSSHAuthStrategy`` class in `Fabric `_. ) namedtuple)AgentKey) get_logger)AuthenticationExceptionc0\rSrSrSrSrSrSrSrSr g) AuthSourcez Some SSH authentication source, such as a password, private key, or agent. See subclasses in this module for concrete implementations. All implementations must accept at least a ``username`` (``str``) kwarg. cXlgNusername)selfrs ^\rSrSrSrU4SjrU4SjrSrSrU=r $)Password5a Password authentication. :param callable password_getter: A lazy callable that should return a `str` password value at authentication time, such as a `functools.partial` wrapping `getpass.getpass`, an API call to a secrets store, or similar. If you already know the password at instantiation time, you should simply use something like ``lambda: "my literal"`` (for a literal, but also, shame on you!) or ``lambda: variable_name`` (for something stored in a variable). c,>[TU]US9 X lgNr )superrpassword_getter)rrrArs rrPassword.__init__Ds (+.rc2>[TU]URS9$)N)user)r@r!r)rrs rr%Password.__repr__Hsw}$--}00rcZUR5nURURU5$r )rA auth_passwordr)rr+passwords rr,Password.authenticateMs)'')&&t}}h??r)rA) rr.r/r0r1rr%r,r2 __classcell__rs@rr<r<5s /1 @@rr<c\rSrSrSrSrSrg) PrivateKeyXak Essentially a mixin for private keys. Knows how to auth, but leaves key material discovery/loading/decryption to subclasses. Subclasses **must** ensure that they've set ``self.pkey`` to a decrypted `.PKey` instance before calling ``super().authenticate``; typically either in their ``__init__``, or in an overridden ``authenticate`` prior to its `super` call. cNURURUR5$r )auth_publickeyrpkeyr*s rr,PrivateKey.authenticatees'' tyyAArr3Nr:r3rrrMrMXs  BrrMc8^\rSrSrSrU4SjrU4SjrSrU=r$)InMemoryPrivateKeyiz) An in-memory, decrypted `.PKey` object. c,>[TU]US9 X lgr?)r@rrQ)rrrQrs rrInMemoryPrivateKey.__init__ns (+ rc~>[TU]URS9n[UR[5(aUS- nU$)NrQz [agent])r@r!rQ isinstancer)rreprs rr%InMemoryPrivateKey.__repr__ss9gmm+ dii * * : C rrY rr.r/r0r1rr%r2rJrKs@rrTrTis rrTc2^\rSrSrSrU4SjrSrSrU=r$)OnDiskPrivateKey|au Some on-disk private key that needs opening and possibly decrypting. :param str source: String tracking where this key's path was specified; should be one of ``"ssh-config"``, ``"python-config"``, or ``"implicit-home"``. :param Path path: The filesystem path this key was loaded from. :param PKey pkey: The `PKey` object this auth source uses/represents. cp>[TU]US9 X lSnX%;a[SU<35eX0lX@lg)Nr )z ssh-configz python-configz implicit-homez source argument must be one of: )r@rsource ValueErrorpathrQ)rrrbrdrQallowedrs rrOnDiskPrivateKey.__init__s@ (+ B  ?{KL L  rcrURURUR[UR5S9$)N)keyrbrd)r!rQrbstrrdr$s rr%OnDiskPrivateKey.__repr__s/zz $++C N  r)rdrQrbr]rKs@rr_r_|s   rr_ SourceResultrbresultc2^\rSrSrSrU4SjrSrSrU=r$) AuthResulta Represents a partial or complete SSH authentication attempt. This class conceptually extends `AuthStrategy` by pairing the former's authentication **sources** with the **results** of trying to authenticate with them. `AuthResult` is a (subclass of) `list` of `namedtuple`, which are of the form ``namedtuple('SourceResult', 'source', 'result')`` (where the ``source`` member is an `AuthSource` and the ``result`` member is either a return value from the relevant `.Transport` method, or an exception object). .. note:: Transport auth method results are always themselves a ``list`` of "next allowable authentication methods". In the simple case of "you just authenticated successfully", it's an empty list; if your auth was rejected but you're allowed to try again, it will be a list of string method names like ``pubkey`` or ``password``. The ``__str__`` of this class represents the empty-list scenario as the word ``success``, which should make reading the result of an authentication session more obvious to humans. Instances also have a `strategy` attribute referencing the `AuthStrategy` which was attempted. c2>Xl[TU]"U0UD6 gr )strategyr@r)rrqargsrrs rrAuthResult.__init__s  $)&)rc2SRSU55$)N c3h# UH(oRSUR=(d S3v M* g7f)z -> successN)rbrl).0xs r %AuthResult.__str__..s* >BxxjQXX23 4ds02)rr$s r__str__AuthResult.__str__s" yy >B   rrq) rr.r/r0r1rr|r2rJrKs@rrnrns<*  rrnc$\rSrSrSrSrSrSrg) AuthFailurea Basic exception wrapping an `AuthResult` indicating overall auth failure. Note that `AuthFailure` descends from `AuthenticationException` but is generally "higher level"; the latter is now only raised by individual `AuthSource` attempts and should typically only be seen by users when encapsulated in this class. It subclasses `AuthenticationException` primarily for backwards compatibility reasons. cXlgr rl)rrls rrAuthFailure.__init__s rc2S[UR5-$)Nru)rirlr$s rr|AuthFailure.__str__sc$++&&&rrN)rr.r/r0r1rr|r2r3rrrrs'rrc*\rSrSrSrSrSrSrSrg) AuthStrategyz This class represents one or more attempts to auth with an SSH server. By default, subclasses must at least accept an ``ssh_config`` (`.SSHConfig`) keyword argument, but may opt to accept more as needed for their particular strategy. c8Xl[[5Ulgr ) ssh_configrrlog)rrs rrAuthStrategy.__init__s%h'rc[e)a+ Generator yielding `AuthSource` instances, in the order to try. This is the primary override point for subclasses: you figure out what sources you need, and ``yield`` them. Subclasses _of_ subclasses may find themselves wanting to do things like filtering or discarding around a call to `super`. r(r$s r get_sourcesAuthStrategy.get_sourcess "!rcSn[US9nUR5HXnURRSU35 UR U5nSnUR[XE55 U(dMX O U(d [US9eU$![ aCnUnUR RnURRSUSU35 SnANSnAff=f) z Handles attempting `AuthSource` instances yielded from `get_sources`. You *normally* won't need to override this, but it's an option for advanced users. Fr~zTrying TzAuthentication via z failed with Nr) rnrrdebugr, Exceptionrrinfoappendrkr)rr+ succeededoverall_resultrbrle source_classs rr,AuthStrategy.authenticates #T2 &&(F HHNNWVH- . ,,Y7 "  ! !,v"> ?y/)4^4 4)  !{{33  )&|nM sB  C9CC)rrN) rr.r/r0r1rrr,r2r3rrrrs( "+rrN)r1 collectionsragentrutilr ssh_exceptionrr r5r<rMrTr_rklistrnrrr3rrrs#2"":2z2@z@FBB"& z B.8X*>? * * \')'$GGr