o hA @sxUdZddlmZddlZddlZddlZddlZddlmZm Z ddl m Z m Z m Z mZmZmZmZmZddlmZddlmZddlmZdd lmZmZdd lmZdd lmZm Z m!Z!m"Z"dd l#m$Z$m%Z%dd l&m'Z'e r}ddl(m)Z)ddl*m+Z+dZ,dZ-zddl.Z/e0e1e2e/j34ddddkrdZ-Wne5yzddl/Z/Wn e5ydZ,YnwYnwdZ6dHddZ7dId!d"Z8dJd$d%Z9dKd)d*Z:dLd+d,Z;dLd-d.Ze;e=eeed6Z@d7eAd8<Gd9d:d:ZBGd;d<dd>eBZDGd?d@d@eBZEeDej?eCd3d4ej?eCd5d4eEej?eCd5d4dAZFdBeAdC< dMdNdFdGZGdS)OzAuthentication helpers.) annotationsN)standard_b64decodestandard_b64encode) TYPE_CHECKINGAnyCallable CoroutineMappingMutableMappingOptionalcast)quote)Binary)_authenticate_aws)_authenticate_oidc_get_authenticator) _getaddrinfo)MongoCredential_authenticate_scram_start_parse_scram_response_xor)ConfigurationErrorOperationFailure)saslprep)AsyncConnection)HelloTF.)r credentialsrconnr mechanismstrreturnNonec s|j}|dkrd}tj}t|jd}nd}tj}t||jd}|j}|j }t j } |j } | rM| rMt| ts=J| jdusDJ| j\} } | j} nt||\} } }|||IdH} | dusdJ| d}t|}t|d}|dkrztd |d }|d }|| std d |}|jr|j\}}}}nd\}}}}|r||ks||krt||t||}| |d|}| |d|}||||f|_||}d| ||f}| |||}dtt||}d||f}t| |||}d| dt|d}|||IdH} t| d}t |d|s!td| dsBd| dtdd}|||IdH} | dsDtddSdS)zAuthenticate using SCRAM. SCRAM-SHA-256sha256utf-8sha1Npayloadiiz+Server returned an invalid iteration count.srz!Server returned an invalid nonce.s c=biws,r=)NNNNs Client Keys Server Key,sp=conversationIdZ saslContinuer/r)vz%Server returned an invalid signature.donez%SASL conversation failed to complete.)!usernamehashlibr&rpasswordencoder(_password_digestsourcecachehmacHMACauth_ctxspeculate_succeeded isinstance _ScramContext scram_dataspeculative_authenticatercommandrintr startswithdata pbkdf2_hmacrdigestjoinrrrcompare_digest) rr r!r4rH digestmodrFr9r:_hmacctxnonce first_barerescmdZ server_firstparsedZ iterationssaltZrnonceZ without_proofZ client_keyZ server_keyZcsaltZ citerationsZ salted_passZ stored_keyZauth_msgZ client_sigZ client_proofZ client_finalZ server_sigrTL/var/www/html/venv/lib/python3.10/site-packages/pymongo/asynchronous/auth.py_authenticate_scramHs~          rVr4r6cCspt|ts tdt|dkrtdt|ts!tdt|t}|d|}|| d| S)z0Get a password digest to use for authentication.z#password must be an instance of strrzpassword can't be emptyz)username must be an instance of str, not z:mongo:r') r?r" TypeErrorlen ValueErrortyper5md5updater7 hexdigest)r4r6md5hashrFrTrTrUr8s   r8rNcCs:t||}t}|||}||d|S)z*Get an auth key to use for authentication.r')r8r5r[r\r7r])rNr4r6rHr^rFrTrTrU _auth_keys r_hostnameoption str | boolcs|dvr|St|dddtjtjdIdHd\}}}}}|dkr%|Sz t|tj}Wntjy<|YSw|dS)z2Canonicalize hostname following MIT-krb5 behavior.)FnoneNr)familyrZprotoflagsforward)rsocket IPPROTO_TCP AI_CANONNAMElower getnameinfo NI_NAMEREQDgaierror)r`raafsocktypere canonnameZsockaddrnamerTrTrU_canonicalize_hostnames*    rsc s~tstdz!|j}|j}|j}|jp|jd}t||jIdH}|j d|}|j dur6|d|j }|durst rSd t |t |f}tj||tjd\}} n*d|vr`|dd\} } n|d} } tj|tj| | |d\}} n tj|tjd\}} |tjkrtd zt| d dkrtd t| } dd | dd } |d| IdH}tdD]3}t| t|d}|dkrtd t| pd } d|d| d} |d| IdH}|tjkrnqtdt| t|ddkrtdt| t| |dkrtdt| } d|d| d} |d| IdHWt| WdSt| wtjy>}ztt|dd}~ww)zAuthenticate using GSSAPI.zEThe "kerberos" module must be installed to use GSSAPI authentication.rN@:)gssflagsr.)rvuserdomainr6z&Kerberos context failed to initialize.z*Unknown kerberos failure in step function.GSSAPIZ saslStartr!r)Z autoAuthorize $external r)r/r0z+Kerberos authentication failed to complete.z0Unknown kerberos failure during GSS_Unwrap step.z.Unknown kerberos failure during GSS_Wrap step.) HAVE_KERBEROSrr4r6Zmechanism_propertiesZ service_hostaddressrsZcanonicalize_host_name service_nameZ service_realm_USE_PRINCIPALrIr kerberosZauthGSSClientInitZGSS_C_MUTUAL_FLAGsplitZAUTH_GSS_COMPLETErZauthGSSClientStepZauthGSSClientResponserCranger"ZauthGSSClientUnwrapZauthGSSClientWrapZauthGSSClientCleanZKrbError)rr r4r6propshostZserviceZ principalresultrMrwrxr)rQresponse_excrTrTrU_authenticate_gssapis         rcsP|j}|j}|j}d|d|}ddt|dd}|||IdHdS)z(Authenticate using SASL PLAIN (RFC 4616)r.PLAINr{N)r9r4r6r7rrC)rr r9r4r6r)rQrTrTrU_authenticate_plain@srcs>|j}|r |r dSt||j}|d|IdHdS)z Authenticate using MONGODB-X509.Nr|)r=r> _X509Contextrspeculate_commandrC)rr rMrQrTrTrU_authenticate_x509Os  rcs|jdkrB|jr |j}n|j}|}|d|j|d<|j||ddIdHdg}d|vr9t||dIdHSt||dIdHSt||dIdHS)NrZsaslSupportedMechsF)Zpublish_eventsr% SCRAM-SHA-1)Zmax_wire_versionZnegotiated_mechsr9Z hello_cmdr4rCgetrV)rr Zmechsr9rQrTrTrU_authenticate_defaultZs rr)r!r%)rz MONGODB-X509z MONGODB-AWS MONGODB-OIDCrrr%DEFAULTz6Mapping[str, Callable[..., Coroutine[Any, Any, None]]] _AUTH_MAPc@sBeZdZdddZedd d ZdddZdddZdddZdS) _AuthContextrrrtuple[str, int]r#r$cCs||_d|_||_dSN)rrBr)selfrrrTrTrU__init__zs z_AuthContext.__init__credsOptional[_AuthContext]cCs$t|j}|rtt|||SdSr)_SPECULATIVE_AUTH_MAPrr!r r)rrZspec_clsrTrTrUfrom_credentialss z_AuthContext.from_credentials"Optional[MutableMapping[str, Any]]cCstr)NotImplementedErrorrrTrTrUrsz_AuthContext.speculate_commandhelloHello[Mapping[str, Any]]cCs |j|_dSr)rB)rrrTrTrUparse_responses z_AuthContext.parse_responseboolcCs t|jSr)rrBrrTrTrUr>s z _AuthContext.speculate_succeededN)rrrrr#r$)rrrrr#rr#r)rrr#r$)r#r) __name__ __module__ __qualname__r staticmethodrrrr>rTrTrTrUrys    rcs(eZdZdfd d Zdd d ZZS)r@rrrrr!r"r#r$cst||d|_||_dSr)superrrAr!)rrrr! __class__rTrUrs z_ScramContext.__init__rcCs.t|j|j\}}}|jj|d<||f|_|SNdb)rrr!r9rA)rrNrOrQrTrTrUrs  z_ScramContext.speculate_command)rrrrr!r"r#r$r)rrrrr __classcell__rTrTrrUr@sr@c@eZdZdddZdS)rr#MutableMapping[str, Any]cCs&ddd}|jjdur|jj|d<|S)Nr.r) authenticater!rw)rr4)rrQrTrTrUrs   z_X509Context.speculate_commandN)r#rrrrrrTrTrTrUrrc@r) _OIDCContextr#rcCs2t|j|j}|}|durdS|jj|d<|Sr)rrrZget_spec_auth_cmdr9)rZ authenticatorrQrTrTrUrs  z_OIDCContext.speculate_commandNrrrTrTrTrUrrr)rrr%rrzMapping[str, Any]rreauthenticatercsB|j}t|}|dkrt|||IdHdS|||IdHdS)zAuthenticate connection.rN)r!rr)rr rr!Z auth_funcrTrTrUrs r)rrr rr!r"r#r$)r4r"r6r"r#r")rNr"r4r"r6r"r#r")r`r"rarbr#r")rrr rr#r$)F)rrr rrrr#r$)H__doc__ __future__r functoolsr5r;rhbase64rrtypingrrrrr r r r urllib.parser Z bson.binaryrZpymongo.asynchronous.auth_awsrZpymongo.asynchronous.auth_oidcrrZpymongo.asynchronous.helpersrZpymongo.auth_sharedrrrrZpymongo.errorsrrZpymongo.saslpreprZpymongo.asynchronous.poolrZ pymongo.hellorrrZ winkerberosrtuplemaprD __version__r ImportErrorZ_IS_SYNCrVr8r_rsrrrrpartialr__annotations__rr@rrrrrTrTrTrUs (      "     U   n