o

�h���@sxUdZd
dl
mZmZmZmZmZ
d
dl
mZmZm	Z	m
Z
mZ
ddlm
Z

ddlmZmZ
ddlmZ
ddlmZmZmZ
dd	lmZ
dd
lmZmZmZmZmZ
ddlmZ
ddl m Z m!Z!
ersd
d
l"Z"ddl#m$Z$m%Z%
ddl#m&Z&
eee'e(fZ)ee'e'e'e)fZ*e
e(e*fZ+ee'Z,ee'e'fZ-dZ.dZ/dZ0dZ1dZ2dZ3dZ4dZ5dZ6dZ7gZ8ee9e:d<iZ;ee9e	dfe:d<iZ<ee9e	dfe:d<Gdd�de�Z=Gdd�de=�Z>Gdd�de>�Z?Gd d!�d!e>�Z@Gd"d#�d#e>�ZAGd$d%�d%e>�ZBGd&d'�d'e>�ZCGd(d)�d)e>�ZDGd*d+�d+e>�ZEGd,d�de=�ZFGd-d.�d.eF�ZGGd/d0�d0eF�ZHGd1d2�d2eF�ZIGd3d4�d4eF�ZJGd5d6�d6eF�ZKGd7d8�d8eF�ZLGd9d:�d:eF�ZMd;e9d<e	e>d=e	eFd>d
fd?d@�ZNd>ee9fdAdB�ZOdCdDdEe9d>ee>fdFdG�ZPdCdHd>ee9fdIdJ�ZQdCdHdKe'dEe9dLed>eeFf
dMdN�ZRdOe?eGfdPe@eHfdQeAeIfdReBeJfdSeCeKfdTeDeLfdUeEeMffZSeSD]ZTeNeT�
�
q�d
S)VzSSH authentication handlers�)�
TYPE_CHECKING�	Awaitable�Dict�List�Optional)�Sequence�Tuple�Type�Union�cast�
)
�DEFAULT_LANG)�GSSBase�GSSError)
�	SSHLogger)�
ProtocolError�PasswordChangeRequired�get_symbol_names)
�run_in_executor)�Boolean�String�UInt32�	SSHPacket�SSHPacketHandler)
�
SigningKey)�saslprep�
SASLPrepErrorN)�
SSHConnection�SSHClientConnection)
�SSHServerConnection�<�=�?�@�A�B�
_auth_methods�
ClientAuth�_client_auth_handlers�
ServerAuth�_server_auth_handlersc	@sxeZ
dZd
Zdddedfdd�Zdd	�
d
ededed
dfdd�Z	e
d
efdd��
Zdedd
dfdd�Z
ddd�ZdS)�AuthzParent class for authentication�connr�coroNcCs|
|_|
j
|_|
�|�
|_dS�
N)�_conn�logger�_logger�create_task�_coro)�selfr,r-�r5�@/usr/local/CyberCP/lib/python3.10/site-packages/asyncssh/auth.py�__init__Ns


z
Auth.__init__T�
�trivial�pkttype�argsr9�returnc
Gs |jj
|
g
|�
R||d
��

dS)zSend an auth packet)�handlerr9N)r/�send_userauth_packet)r4r:r9r;r5r5r6�send_packetSs
�zAuth.send_packetc


Cs|jS)
z4A logger associated with this authentication handler)
r1�
r4r5r5r6r0ZszAuth.loggercCs|��
|j
�|
�
|_d
S)z Create an asynchronous auth taskN)�cancelr/r2r3)r4r-r5r5r6r2`s
zAuth.create_taskc

Cs|jr
|j�
�
d
|_d
Sd
S)z%Cancel any authentication in progressN)r3rAr@r5r5r6rAfs



�zAuth.cancel�r<N)�__name__�
__module__�__qualname__�__doc__rr7�int�bytes�boolr?�propertyrr0r2rAr5r5r5r6r+Ks
�
�

�
r+c	sxeZ
dZUd
Zded<dddef�f
dd�Zdd
d�Zddd
�Zddd�Z	d	dd�dede
ededd	fdd�Z
�ZS)r'z&Parent class for client authenticationrr/r,�methodcs||_t
��|
|���
dSr.)�_method�superr7�_start�r4r,rK�
�	__class__r5r6r7ss
zClientAuth.__init__r<Nc


���
t�
)
z2Abstract method for starting client authentication�
�NotImplementedErrorr@r5r5r6rNx��zClientAuth._startc


C�d
S)zCallback when auth succeedsNr5r@r5r5r6�auth_succeeded~�zClientAuth.auth_succeededc


CrV)zCallback when auth failsNr5r@r5r5r6�auth_failed�rXzClientAuth.auth_failedT��keyr9r;r[r9c
�s*�
|jj
|jg
|�
R|
|d
��
IdH
dS)z"Send a user authentication requestrZN)r/�send_userauth_requestrL)r4r[r9r;r5r5r6�send_request�s�
�zClientAuth.send_requestrB)rCrDrErF�__annotations__rHr7rNrWrYrrrIr]�
__classcell__r5r5rPr6r'ns 






�
���c@�eZ
dZd
Zddd�ZdS)�_ClientNullAuthz'Client side implementation of null authr<Nc

�s�
|��Id
H
d
S)z Start client null authenticationN)
r]r@r5r5r6rN�s�z_ClientNullAuth._startrB�rCrDrErFrNr5r5r5r6ra��
rac@r`)�_ClientGSSKexAuthz3Client side implementation of GSS key exchange authr<Nc

�sH�
|j�
�r|j�d
�

|j|j��dd�IdH
dS|jjdd�

dS)z,Start client GSS key exchange authentication�Trying GSS key exchange authFrZNT�
�next_method)r/�gss_kex_auth_requestedr0�debug1r]�get_gss_context�
try_next_authr@r5r5r6rN�s�


�z_ClientGSSKexAuth._startrBrbr5r5r5r6rd�rcrdcs�eZ
dZd
Zee�d�Zdddef�f
dd�Zdd
d�Z	ddd
�Z
dedededd	fdd�Z
dedededd	fdd�Zdedededd	fdd�Zdedededd	fdd�Zee
eeeeeeiZ�ZS)�_ClientGSSMICAuthz*Client side implementation of GSS MIC auth�MSG_USERAUTH_GSSAPI_r,rrKcst��
|
|�
d|_d
|_dS�NF)rMr7�_gss�
_got_errorrOrPr5r6r7�s


z_ClientGSSMICAuth.__init__r<Nc
�sz�
|j�
�r4|j�d
�

|j��|_|j��
d�dd�|jjD�
�
}
|�	t
t|jj�
�
|
�IdH
dS|jjdd�

dS)z#Start client GSS MIC authentication�Trying GSS MIC auth�c
s��|]}
t|
�
V
qdSr.�
r)�.0�mechr5r5r6�	<genexpr>���z+_ClientGSSMICAuth._start.<locals>.<genexpr>NTrf)
r/�gss_mic_auth_requestedr0rirjro�reset�join�mechsr]r�lenrk)r4r|r5r5r6rN�s�




"
z_ClientGSSMICAuth._startc
CsR|jd
u
sJ�
|jj
r"|j�|j�
}
|jtt|j�|
�
�
dd�
d
S|�t	�

d
S)z$Finish client GSS MIC authenticationNFr8)
ro�provides_integrityr/�get_userauth_request_datarLr?�MSG_USERAUTH_GSSAPI_MICr�sign�%MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE)r4�datar5r5r6�_finish�s



�z_ClientGSSMICAuth._finish�_pkttype�_pktid�packetc
�s��
|��}|�
�
|jd
u
sJ�
||jjv
rtd�
�
z%t|jj�
Id
H}|d
u
s*J�
|�tt	|�
�
|jj
r=|��
Wd
SWd
Stye
}
z|j
rS|�tt	|j
�
�
|jjdd�

WYd
}~d
Sd
}~w
w)z&Process a GSS response from the serverNzMechanism mismatchTrf)�
get_string�	check_endror|rr�stepr?�MSG_USERAUTH_GSSAPI_TOKENr�completer�r�token�MSG_USERAUTH_GSSAPI_ERRTOKr/rk)r4r�r�r�rvr��excr5r5r6�_process_response�s&�




�

��z#_ClientGSSMICAuth._process_responsec
�s��
|��}|�
�
|jd
u
sJ�
z"t|jj|�Id
H}|r%|�tt|�
�
|jjr0|�	�
Wd
SWd
St
yX
}
z|jrF|�tt|j�
�
|j
jdd�

WYd
}~d
Sd
}~w
w)z#Process a GSS token from the serverNTrf)r�r�rorr�r?r�rr�r�rr�r�r/rk�r4r�r�r�r�r�r5r5r6�_process_token�s"�



�

��z _ClientGSSMICAuth._process_tokencCs@|��}|��}|�
�}|�
�}|��
|j�d
|�
d|_dS)z#Process a GSS error from the server�GSS error from server: %sTN)�
get_uint32r�r�r0rirp)r4r�r�r��
_�msgr5r5r6�_process_error�s





z _ClientGSSMICAuth._process_errorc
�s��
|��}|�
�
|jd
u
sJ�
z
t|jj|�Id
H
Wd
StyC
}
z|js8|j�dt	|�
�
WYd
}~d
SWYd
}~d
Sd
}~w
w)z)Process a GSS error token from the serverNr�)
r�r�rorr�rrpr0ri�strr�r5r5r6�_process_error_token	
s�



 
���z&_ClientGSSMICAuth._process_error_tokenrB)rCrDrErFr�globals�_handler_namesrHr7rNr�rGrr�r�r�r��MSG_USERAUTH_GSSAPI_RESPONSEr��MSG_USERAUTH_GSSAPI_ERRORr��_packet_handlersr_r5r5rPr6rl�s>




�

�

�

�

�

�


�

�


�rlc@r`)�_ClientHostBasedAuthz-Client side implementation of host based authr<Nc

�s��
|j�
�Id
H\}
}}|
d
ur|jjdd�

d
S|j�d|||
j�
z|jt|
j�
t|
j�
t|�
t|�
|
d�Id
H
Wd
St	y^
}
z|j�dt
|�
�
|j��
WYd
}~d
Sd
}~w
w)z&Start client host based authenticationNTrfz=Trying host based auth of user %s on host %s with %s host key)
r[zHost based auth failed: %s)r/�host_based_auth_requestedrkr0ri�	algorithmr]r�public_data�
ValueErrorr�)r4�keypair�client_host�client_usernamer�r5r5r6rN#
s*��



�



�

��z_ClientHostBasedAuth._startrBrbr5r5r5r6r� 
rcr�c@sReZ
dZd
Zee�d�Zddd�Zddd�Zd	e	d
e	de
ddfdd
�Zeei
Z
dS)�_ClientPublicKeyAuthz-Client side implementation of public key auth�MSG_USERAUTH_PK_r<Nc

�sn�
|j�
�Id
H|_|jd
ur|jjdd�

d
S|j�d|jj�
|�td�
t	|jj�
t	|jj
�
�Id
H
d
S)z&Start client public key authenticationNTrf�"Trying public key auth with %s keyF)r/�public_key_auth_requested�_keypairrkr0rir�r]rrr�r@r5r5r6rN@
s�



�




�z_ClientPublicKeyAuth._startc

�s��
|jd
u
sJ�
|j
�d|jj�
z|jtd�
t|jj�
t|jj�
|jdd�Id
H
Wd
StyM
}

z|j
�dt	|
�
�
|j
��
WYd
}
~
d
Sd
}
~
w
w)zSend signed public key requestNzSigning request with %s keyTFrZzPublic key auth failed: %s)r�r0rir�r]rrr�r�r�r/rk)r4r�r5r5r6�_send_signed_requestP
s �
�






�

��z)_ClientPublicKeyAuth._send_signed_requestr�r�r�cCsX|��}|��}|�
�
|jd
u
sJ�
||jjks||jjkr#td�
�
|�|���

d
S)z Process a public key ok responseNzKey mismatch)r�r�r�r�r�rr2r�)r4r�r�r�r��key_datar5r5r6�_process_public_key_oka
s



z+_ClientPublicKeyAuth._process_public_key_okrB)rCrDrErFrr�r�rNr�rGrr��MSG_USERAUTH_PK_OKr�r5r5r5r6r�;
s




�

��r�c
@sfeZ
dZd
Zee�d�Zddd�Zdeded	ed
e	ddf
dd�Z
d
edededdfdd�Z
ee
i
ZdS)�_ClientKbdIntAuthz7Client side implementation of keyboard-interactive auth�MSG_USERAUTH_INFO_r<Nc
�sV�
|j�
�Id
H}
|
d
ur|jjdd�

d
S|j�d�

|�td�
t|
�
�Id
H
d
S)z0Start client keyboard interactive authenticationNTrf� Trying keyboard-interactive auth�)r/�kbdint_auth_requestedrkr0rir]r)r4�
submethodsr5r5r6rN{
s�

z_ClientKbdIntAuth._start�name�instruction�lang�promptsc�sd�
|j�
|
|||�Id
H}|d
ur|jjdd�

d
S|jttt|�
�
d�dd�|D�
�
|d�
d
S)z7Receive and respond to a keyboard interactive challengeNTrfrrc
srsr.rt)ru�
rr5r5r6rw�
rxz7_ClientKbdIntAuth._receive_challenge.<locals>.<genexpr>r8)r/�kbdint_challenge_receivedrkr?�MSG_USERAUTH_INFO_RESPONSErr}r{)r4r�r�r�r��	responsesr5r5r6�_receive_challenge�
s�

��




�z$_ClientKbdIntAuth._receive_challenger�r�r�c	Cs�|��}|��}|��}z|�
d
�
}|�
d
�
}|�
d�
}	Wnty)


td�
d�w|��}
g}t|
�
D]%}|��}
|��}z|
�
d
�
}WntyQ


td�
d�w|�||f�

q4|�|�	|||	|��

dS)z5Process a keyboard interactive authentication request�utf-8�asciiz)Invalid keyboard interactive info requestN)
r��decode�UnicodeDecodeErrorrr��range�get_boolean�appendr2r�)r4r�r�r��
name_bytes�instruction_bytes�
lang_bytesr�r�r��num_promptsr�r��prompt_bytes�echo�promptr5r5r6�_process_info_request�
s8









��







��

�z'_ClientKbdIntAuth._process_info_requestrB)rCrDrErFrr�r�rNr��
KbdIntPromptsr�rGrr��MSG_USERAUTH_INFO_REQUESTr�r5r5r5r6r�v
s 



�

�

�

�"�r�cs�eZ
dZd
Zee�d�Zdddef�f
dd�Zdd
d�Z	de
d
e
dd	fdd�Zddd�Zddd�Z
dedededd	fdd�Zeei
Z�ZS)�_ClientPasswordAuthz+Client side implementation of password auth�MSG_USERAUTH_PASSWD_r,rrKcst��
|
|�
d
|_dSrn)rMr7�_password_changerOrPr5r6r7�
s

z_ClientPasswordAuth.__init__r<Nc
�sZ�
|j�
�Id
H}
|
d
ur|jjdd�

d
S|j�d�

|jtd�
t|
�
dd�Id
H
d
S)z$Start client password authenticationNTrf�Trying password authFr8)r/�password_auth_requestedrkr0rir]rr)r4�passwordr5r5r6rN�
s�


�z_ClientPasswordAuth._startr�r�c�s��
|j�
|
|�Id
H}|tkr|jjdd�

d
S|j�d�

tt|�\}}d|_|j	t
d�
t|�d�
�
t|�d�
�
dd�Id
H
d
S)zStart password changeNTrf�Trying to chsnge passwordr�Fr8)
r/�password_change_requested�NotImplementedrkr0rir�PasswordChangeResponser�r]rr�encode)r4r�r��result�old_password�new_passwordr5r5r6�_change_password�
s�




�z$_ClientPasswordAuth._change_passwordc

C�|jr
d
|_|j
��
dSdSrn)r�r/�password_changedr@r5r5r6rW�
�


�z"_ClientPasswordAuth.auth_succeededc

Cr�rn)r�r/�password_change_failedr@r5r5r6rY�
r�z_ClientPasswordAuth.auth_failedr�r�r�cCs`|��}|��}z|�
d
�
}|�
d�
}Wnty 


td�
d�w|��
|�|�||��

dS)z!Process a password change requestr�r�zInvalid password change requestN)r�r�r�rrYr2r�)r4r�r�r�r�r�r�r�r5r5r6�_process_password_change�
s






�
z,_ClientPasswordAuth._process_password_changerB)rCrDrErFrr�r�rHr7rNr�r�rWrYrGrr��MSG_USERAUTH_PASSWD_CHANGEREQr�r_r5r5rPr6r��
s





�

��r�cs�eZ
dZUd
Zded<dddededef�f
dd	�Ze	ddd
e
fdd��
Zded
d
fdd�Zdde
d
d
fdd�Z
ddd�Z�ZS)r)z&Parent class for server authenticationrr/r,�usernamerKr�cs$||_||_
t��|
|�|�
�
dSr.)�	_usernamerLrMr7rN�r4r,r�rKr�rPr5r6r7s
zServerAuth.__init__r<c
Cst�
)
z6Return whether this authentication method is supportedrS��clsr,r5r5r6�	supported�zServerAuth.supportedNc
�rR)
z2Abstract method for starting server authenticationrS�r4r�r5r5r6rNrUzServerAuth._startF�partial_successcCs|j�
|
�

d
S)z+Send a user authentication failure responseN)r/�send_userauth_failure)r4r�r5r5r6�send_failure"szServerAuth.send_failurec

�s�
|j�
�Id
H
d
S)z+Send a user authentication success responseN)r/�send_userauth_successr@r5r5r6�send_success's�zServerAuth.send_success)
FrB)rCrDrErFr^r�rHrr7�classmethodrIr�rNr�r�r_r5r5rPr6r)
s



�
�
c@�8eZ
dZd
Zedddefdd��
Zdeddfd	d
�ZdS)�_ServerNullAuthz'Server side implementation of null authr,rr<c
CrV)z>Return that null authentication is never a supported auth modeFr5r�r5r5r6r�0r�z_ServerNullAuth.supportedr�Nc
�s�
d
S)z4Supported always returns false, so we never get hereNr5r�r5r5r6rN6sz_ServerNullAuth._start�	rCrDrErFr�rIr�rrNr5r5r5r6r�-�


r�csZeZ
dZd
Zdddededef�f
dd�Zeddd	e	fd
d��
Z
ded	dfd
d�Z�ZS)�_ServerGSSKexAuthz3Server side implementation of GSS key exchange authr,rr�rKr�c� t��
|
|||�
|
��|_dSr.�rMr7rjror�rPr5r6r7=�z_ServerGSSKexAuth.__init__r<cC�|
��S)
z;Return whether GSS key exchange authentication is supported)
�gss_kex_auth_supportedr�r5r5r6r�C�z_ServerGSSKexAuth.supportedNc�s��
|
��}|
�
�
|j�d
�

|j�|j�
}|jjr:|j�	||�r:|j�
|j|jj|jj
�IdHr:|��IdH
dS|��
dS)z,Start server GSS key exchange authenticationreN)r�r�r0rir/rrLror��verify�validate_gss_principalr��user�hostr�r�)r4r��micr�r5r5r6rNIs�




��z_ServerGSSKexAuth._start)
rCrDrErFr�rHrr7r�rIr�rNr_r5r5rPr6r�:s


�
�
r�c
s�eZ
dZd
Zee�d�Zdddedede	dd	f
�f
d
d�Z
edddefdd
��
Z
de	dd	fdd�Zddd�Zdedede	dd	fdd�Zdedede	dd	fdd�Zdedede	dd	fdd�Zdedede	dd	fdd�ZeeeeeeeeiZ�ZS)�_ServerGSSMICAuthz*Server side implementation of GSS MIC authrmr,rr�rKr�r<Ncr�r.r�r�rPr5r6r7ar�z_ServerGSSMICAuth.__init__cCr�)
z2Return whether GSS MIC authentication is supported)
�gss_mic_auth_supportedr�r5r5r6r�gr�z_ServerGSSMICAuth.supportedc�s��
t�}|
�
�}t|�
D]	}|�|
���

q|
��
d
}|jjD]
}||vr*|}
n
q |s3|��
d
S|j	�
d�

|j��
|�t
t|�
�
d
S)z#Start server GSS MIC authenticationNrq)�setr�r��addr�r�ror|r�r0rirzr?r�r)r4r�r|�
nr��matchrvr5r5r6rNms$�





�



z_ServerGSSMICAuth._startc

�s@�
|j�
|j|jj|jj�Id
Hr|��Id
H
d
S|��
d
S)z$Finish server GSS MIC authenticationN)r/r�r�ror
r

r�r�r@r5r5r6r��s�



�z_ServerGSSMICAuth._finishr�r�c�s��
|��}|�
�
zt|jj|�Id
H}|r!|�tt|�
�
Wd
SWd
Sty[
}
z,|�t	t
|j�
t
|j�
tt
|�
�
tt�
�
|jrL|�tt|j�
�
|��
WYd
}~d
Sd
}~w
w)z#Process a GSS token from the clientN)r�r�rror�r?r�rrr�r�maj_code�min_coder�r
r�r�r�r�r5r5r6r��s$�


�


�
��z _ServerGSSMICAuth._process_tokencCs6|��
|j
jr|j
js|�|���

d
S|��
d
S)z7Process a GSS exchange complete message from the clientN)r�ror�r~r2r�r�)r4r�r�r�r5r5r6�_process_exchange_complete�s
z,_ServerGSSMICAuth._process_exchange_completec
�sf�
|��}|�
�
z
t|jj|�Id
H
Wd
Sty2
}
z|j�dt|�
�
WYd
}~d
Sd
}~w
w)z)Process a GSS error token from the clientNzGSS error from client: %s)	r�r�rror�rr0rir�r�r5r5r6r��s�


 
��z&_ServerGSSMICAuth._process_error_tokencCsZ|��}|�
�
|j�|j�
}|jjr'|jjr'|j�||�r'|�	|�
��

d
S|��
d
S)z!Process a GSS MIC from the clientN)r�r�r/rrLror�r~r�r2r�r�)r4r�r�r�r
r�r5r5r6�_process_mic�s

�z_ServerGSSMICAuth._process_micrB)rCrDrErFrr�r�r�rHrr7r�rIr�rNr�rGr�r
r�r
r�r�r�r�r�r_r5r5rPr6r
\sN


�
�
�




�

�

�

�

�

�

�

�


�r
c@r�)�_ServerHostBasedAuthz-Server side implementation of host based authr,rr<cCr�)
z5Return whether host based authentication is supported)
�host_based_auth_supportedr�r5r5r6r��r�z_ServerHostBasedAuth.supportedr�Nc
	�s��
|
��}|
��}|
��}|
��}|
�
�}|
��}|
��
z|�d
�
}t|�d
�
�
}	Wnttfy9


td�
d�w|j�	d|	||�
|j
�|j|||	||�IdHr[|�
�IdH
dS|��
dS)z&Start server host based authenticationr�zInvalid host-based auth requestNz@Verifying host based auth of user %s on host %s with %s host key)r��get_consumed_payloadr�r�rr�rrr0rir/�validate_host_based_authr�r�r�)
r4r�r�r��client_host_bytes�client_username_bytesr��	signaturer�r�r5r5r6rN�s2�










�

�




�z_ServerHostBasedAuth._startr�r5r5r5r6r

�r�r

c@r�)�_ServerPublicKeyAuthz-Server side implementation of public key authr,rr<cCr�)
z5Return whether public key authentication is supported)
�public_key_auth_supportedr�r5r5r6r�r�z_ServerPublicKeyAuth.supportedr�Nc�s��
|
��}|
�
�}|
�
�}|r|
��}|
�
�}nd
}d
}|
��
|r*|j�d|�
n|j�d|�
|j�|j|||�IdHrV|rI|�	�IdH
dS|�
tt|�
t|�
�
dS|�
�
dS)z&Start server public key authenticationrrzVerifying request with %s keyr�N)r�r�r
r�r0rir/�validate_public_keyr�r�r?r�rr�)r4r��sig_presentr�r�r�r
r5r5r6rNs,�








�

�z_ServerPublicKeyAuth._startr�r5r5r5r6r
�r�r
c@s�eZ
dZd
Zee�d�Zedddefdd��
Z	de
dd	fd
d�Zdedd	fd
d�Z
dedd	fdd�Zdedede
dd	fdd�Zeei
Zd	S)�_ServerKbdIntAuthz7Server side implementation of keyboard-interactive authr�r,rr<cCr�)
z?Return whether keyboard interactive authentication is supported)
�kbdint_auth_supportedr�r5r5r6r�+r�z_ServerKbdIntAuth.supportedr�Nc�s��
|
��}|
��}|
�
�
z|�d
�
}|�d�
}Wnty%


td�
d�w|j�d�

|j�|j	||�IdH}|�
|�
IdH
dS)z0Start server keyboard interactive authenticationr�r�z)Invalid keyboard interactive auth requestNr�)r�r�r�r�rr0rir/�get_kbdint_challenger��_send_challenge)r4r�r��submethods_bytesr�r��	challenger5r5r6rN1s"�







��


�z_ServerKbdIntAuth._startr
c�s��
t|
t
tf�r0|
\}}}}t|�
}d
d�|D�
}|jtt|�
t|�
t|�
t|�
g|�
R�
dS|
r;|��IdH
dS|�	�
dS)z2Send a keyboard interactive authentication requestc
ss$�|]
\}
}t|
�
t
|�
V
qdSr.)rr)rur�r�r5r5r6rwLs�
�z4_ServerKbdIntAuth._send_challenge.<locals>.<genexpr>N)
�
isinstance�tuple�listr}r?r�rrr�r�)r4r
r�r�r�r�r��
prompts_bytesr5r5r6r
Es �


�

��
z!_ServerKbdIntAuth._send_challenger�c�s,�
|j�
|j|
�Id
H}|�|�
Id
H
d
S)z7Validate a keyboard interactive authentication responseN)r/�validate_kbdint_responser�r
)r4r��next_challenger5r5r6�_validate_responseWs��z$_ServerKbdIntAuth._validate_responser�r�c		Csp|��}g}t
|�
D]}|��}z|�d
�
}Wnty#


td�
d�w|�|�

q
|��
|�|�	|�
�

dS)z6Process a keyboard interactive authentication responser�z*Invalid keyboard interactive info responseN)
r�r�r�r�r�rr�r�r2r$
)	r4r�r�r��
num_responsesr�r��response_bytes�responser5r5r6�_process_info_response^s






��z(_ServerKbdIntAuth._process_info_response)rCrDrErFrr�r�r�rIr�rrN�KbdIntChallenger
�KbdIntResponser$
rGr(
r�r�r5r5r5r6r
&s



�

��r
c@r�)�_ServerPasswordAuthz+Server side implementation of password authr,rr<cCr�)
z3Return whether password authentication is supported)
�password_auth_supportedr�r5r5r6r�{r�z_ServerPasswordAuth.supportedr�Nc	
�s
�
|
��}|
�
�}|r|
�
�n
d
}|
��
zt|�d�
�
}t|�d�
�
}Wnttfy3


td�
d�wz9|rJ|j�	d�

|j
�|j||�IdH}n|j�	d�

|j
�
|j|�IdH}|rg|��IdH
WdS|��
WdSty�
}
z|�tt|j�
t|j�
�
WYd}~dSd}~w
w)z$Start server password authenticationrrr�zInvalid password auth requestNr�r�)r�r�r�rr�r�rrr0rir/�change_passwordr��validate_passwordr�r�rr?r�rr�r�)	r4r��password_change�password_bytes�new_password_bytesr�r�r�r�r5r5r6rN�s<�







�




��



���z_ServerPasswordAuth._startr�r5r5r5r6r+
xr�r+
�alg�client_handler�server_handlerr<cCst�
|�

|
t|<|t|<d
S)z!Register an authentication methodN)r&r�r(r*)r2
r3
r4
r5r5r6�register_auth_method�s


r5
cCsd
d�tD�
S)z.Return a list of supported client auth methodsc
Ssg|]}
|
dkr|
�qS)
�noner5)rurKr5r5r6�
<listcomp>�s
�
z5get_supported_client_auth_methods.<locals>.<listcomp>)
r(r5r5r5r6�!get_supported_client_auth_methods�sr8
r,rrKcCs|
tvrt
|
||
�Sd
S)z/Look up the client authentication method to useN)r&r()r,rKr5r5r6�lookup_client_auth�s
r9
rc
Cs*g}
tD]}t
|�|�
r|
�|�

q|
S)
z.Return a list of supported server auth methods)r&r*r�r�)r,�auth_methodsrKr5r5r6�!get_supported_server_auth_methods�s


�r;
r�r�cCs4t�
|�
}|r|�|�
r|||
||�S|�d
�

dS)z/Look up the server authentication method to useFN)r*�getr�r�)r,r�rKr�r=r5r5r6�lookup_server_auth�s




r=
r6
sgssapi-keyexsgssapi-with-mics	hostbaseds	publickeyskeyboard-interactivespassword)UrF�typingrrrrrrrr	r
r�	constantsr
�gssrr�loggingr�miscrrrrr�rrrrr�
public_keyrrr�asyncio�
connectionrrrr�rIr��KbdIntNewChallenger)
r*
r�r�r�r�r�r�r�r�r�r�r�r&rHr^r(r*r+r'rardrlr�r�r�r�r)r�r�r
r

r
r
r+
r5
r8
r9
r;
r=
�_auth_method_list�_argsr5r5r5r6�<module>
s�




















#	{;HL#
"y()R-
�

�	
�

�


�


�
�
�





�

�