VhOdZddlmZddlZddlZddlmZmZm Z ddl m Z ddl m Z ddlmZmZmZmZddlmZdd lmZmZmZdd lmZdd lmZmZmZdd lm Z dd l!m"Z"ddl#m$Z$ddl%m&Z&ddl'm(Z(ddl)m*Z*ddl+m,Z,e$Z-d"dZ.d#dZ/GddZ0eeGdde0Z1eeGddZ2d$dZ3eeGdde0e,Z4GddZ5Gd d!Z6y)%zE An implementation of the OpenSSH known_hosts database. @since: 8.2 ) annotationsN)Error a2b_base64 b2a_base64)closing)sha1)IOCallableIterableLiteral) implementer)HostKeyChanged InvalidEntryUserRejectedKey)IKnownHostEntry) BadKeyErrorFingerprintFormatsKey)defer)Deferred)Logger) nativeString)FilePath) secureRandom) FancyEqMixinc4t|jS)z Encode a binary string as base64 with no trailing newline. @param s: The string to encode. @return: The base64-encoded string. )rstrip)ss O/home/dcms/DCMS/lib/python3.12/site-packages/twisted/conch/client/knownhosts.py _b64encoder $s a=    c&|jdd}t|dk7r t|\}}}|jdd}t|dk(r|\}}|jd}n|d}d}t j t |}||||fS)a Extract common elements of base64 keys from an entry in a hosts file. @param string: A known hosts file entry (a single line). @return: a 4-tuple of hostname data (L{bytes}), ssh key type (L{bytes}), key (L{Key}), and comment (L{bytes} or L{None}). The hostname data is simply the beginning of the line up to the first occurrence of whitespace. N r)splitlenrrstripr fromStringr) stringelements hostnameskeyType keyAndCommentsplitkey keyStringcommentkeys r_extractCommonr4/s||D!$H 8}n(0%Iw ""4+H 8}% 7..'QK  ..I. /C gsG ++r!c eZdZdZddZddZy) _BaseEntrya Abstract base of both hashed and non-hashed entry objects, since they represent keys and key types the same way. @ivar keyType: The type of the key; either ssh-dss or ssh-rsa. @type keyType: L{bytes} @ivar publicKey: The server public key indicated by this line. @type publicKey: L{twisted.conch.ssh.keys.Key} @ivar comment: Trailing garbage after the key line. @type comment: L{bytes} or C{None} c.||_||_||_yN)r. publicKeyr2)selfr.r9r2s r__init__z_BaseEntry.__init__Xs " r!c$|j|k(}|S)z Check to see if this entry matches a given key object. @param keyObject: A public key object to check. @return: C{True} if this entry's key matches C{keyObject}, C{False} otherwise. )r9)r: keyObjectresults r matchesKeyz_BaseEntry.matchesKey]s9, r!N)r.bytesr9rr2 bytes | NonereturnNone)r=rrBbool)__name__ __module__ __qualname____doc__r;r?r!rr6r6Is  r!r6cVeZdZdZ dfd ZeddZddZd dZxZ S) PlainEntryz A L{PlainEntry} is a representation of a plain-text entry in a known_hosts file. @ivar _hostnames: the list of all host-names associated with this entry. c6||_t| |||yr8) _hostnamessuperr;)r:r-r.r9r2 __class__s rr;zPlainEntry.__init__ss(1 )W5r!cZt|\}}}}||jd|||}|S)a Parse a plain-text entry in a known_hosts file, and return a corresponding L{PlainEntry}. @param string: a space-separated string formatted like "hostname key-type base64-key-data comment". @raise DecodeError: if the key is not valid encoded as valid base64. @raise InvalidEntry: if the entry does not have the right number of elements and is therefore invalid. @raise BadKeyError: if the key, once decoded from base64, is not actually an SSH key. @return: an IKnownHostEntry representing the hostname and key in the input line. @rtype: L{PlainEntry} ,)r4r')clsr+r-r.r3r2r:s rr*zPlainEntry.fromString}s5,,:&+A( 7C9??4('3@ r!c`t|tr|jd}||jvS)a Check to see if this entry matches a given hostname. @param hostname: A hostname or IP address literal to check against this entry. @return: C{True} if this entry is for the given hostname or IP address, C{False} otherwise. utf-8) isinstancestrencoderMr:hostnames r matchesHostzPlainEntry.matchesHosts+ h $w/H4??**r!cdj|j|jt|jj g}|j |j|j dj|S)z Implement L{IKnownHostEntry.toString} by recording the comma-separated hostnames, key type, and base-64 encoded key. @return: The string representation of this entry, with unhashed hostname information. rQ )joinrMr.r r9blobr2appendr:fieldss rtoStringzPlainEntry.toStringsb IIdoo & LL t~~**, -  << # MM$,, 'yy  r!)r-z list[bytes]r.r@r9rr2rA)r+r@rBrK)rY bytes | strrBrDrBr@) rErFrGrHr; classmethodr*rZrb __classcell__rOs@rrKrKjsQ666 6  62 +!r!rKc@eZdZUdZdZded<d dZd dZd dZd dZ y) UnparsedEntryz L{UnparsedEntry} is an entry in a L{KnownHostsFile} which can't actually be parsed; therefore it matches no keys and no hosts. NrCr.c||_y)zv Create an unparsed entry from a line in a known_hosts file which cannot otherwise be parsed. N)_string)r:r+s rr;zUnparsedEntry.__init__s  r!cyz' Always returns False. FrIrXs rrZzUnparsedEntry.matchesHostr!cyrmrI)r:r3s rr?zUnparsedEntry.matchesKeyrnr!c8|jjdS)a Returns the input line, without its newline if one was given. @return: The string representation of this entry, almost exactly as was used to initialize this entry but without a trailing newline. @rtype: L{bytes} r&)rkr)r:s rrbzUnparsedEntry.toStrings||""5))r!)r+r@rBrCrYr@rBrD)r3rrBrDrd) rErFrGrHr.__annotations__r;rZr?rbrIr!rriris' GT  *r!rictj|t}t|tr|j d}|j ||jS)z Return the SHA-1 HMAC hash of the given key and string. @param key: The HMAC key. @param string: The string to be hashed. @return: The keyed hash value. ) digestmodrT)hmacHMACrrUrVrWupdatedigest)r3r+hashs r _hmacedStringr{sD 99SD )D&#w'KK ;;=r!cfeZdZdZdZdZ dfd Zed dZd dZ d dZ xZ S) HashedEntrya A L{HashedEntry} is a representation of an entry in a known_hosts file where the hostname has been hashed and salted. @ivar _hostSalt: the salt to combine with a hostname for hashing. @ivar _hostHash: the hashed representation of the hostname. @cvar MAGIC: the 'hash magic' string used to identify a hashed line in a known_hosts file as opposed to a plaintext one. s|1|) _hostSalt _hostHashr.r9r2cD||_||_t| |||yr8)r~rrNr;)r:hostSalthostHashr.r9r2rOs rr;zHashedEntry.__init__s$"! )W5r!ct|\}}}}|t|jdjd}t|dk7r t |\}}|t |t ||||} | S)a Load a hashed entry from a string representing a line in a known_hosts file. @param string: A complete single line from a I{known_hosts} file, formatted as defined by OpenSSH. @raise DecodeError: if the key, the hostname, or the is not valid encoded as valid base64 @raise InvalidEntry: if the entry does not have the right number of elements and is therefore invalid, or the host/hash portion contains more items than just the host and hash. @raise BadKeyError: if the key, once decoded from base64, is not actually an SSH key. @return: The newly created L{HashedEntry} instance, initialized with the information from C{string}. N|r#)r4r(MAGICr'rr) rRr+stuffr.r3r2 saltAndHashrrr:s rr*zHashedEntry.fromString sw,(6f'=$wWC N,-33D9 { q . ((:h'H)=wWU r!cjtjt|j||jS)a Implement L{IKnownHostEntry.matchesHost} to compare the hash of the input to the stored hash. @param hostname: A hostname or IP address literal to check against this entry. @type hostname: L{bytes} @return: C{True} if this entry is for the given hostname or IP address, C{False} otherwise. @rtype: L{bool} )rvcompare_digestr{r~rrXs rrZzHashedEntry.matchesHost+s+"" $..( 3T^^  r!cZ|jdjt|jt|jgz|j t|j jg}|j|j|jdj|S)z Implement L{IKnownHostEntry.toString} by base64-encoding the salt, host hash, and key. @return: The string representation of this entry, with the hostname part hashed. @rtype: L{bytes} rr\) rr]r r~rr.r9r^r2r_r`s rrbzHashedEntry.toString<s JJiiDNN3Z5OPQ R LL t~~**, -   << # MM$,, 'yy  r!) rr@rr@r.r@r9rr2rArBrC)r+r@rBr}rrrd) rErFrGrHrcompareAttributesr;rer*rZrbrfrgs@rr}r}sr  EU 6 6 6 6  6  6  6: "!r!r}cxeZdZdZd dZed dZd dZddZ ddZ ddZ ddZ e dd Z y )KnownHostsFileaz A structured representation of an OpenSSH-format ~/.ssh/known_hosts file. @ivar _added: A list of L{IKnownHostEntry} providers which have been added to this instance in memory but not yet saved. @ivar _clobber: A flag indicating whether the current contents of the save path will be disregarded and potentially overwritten or not. If C{True}, this will be done. If C{False}, entries in the save path will be read and new entries will be saved by appending rather than overwriting. @type _clobber: L{bool} @ivar _savePath: See C{savePath} parameter of L{__init__}. c.g|_||_d|_y)a$ Create a new, empty KnownHostsFile. Unless you want to erase the current contents of C{savePath}, you want to use L{KnownHostsFile.fromPath} instead. @param savePath: The L{FilePath} to which to save new entries. @type savePath: L{FilePath} TN)_added _savePath_clobber)r:savePaths rr;zKnownHostsFile.__init__as.0 ! r!c|jS)z< @see: C{savePath} parameter of L{__init__} )rrqs rrzKnownHostsFile.savePathos ~~r!c#K|jD]}||jry |jj}|5|D]Q} |j t jrt j|}ntj|}|S dddy#t$rYywxYw#tttf$rt|}Y@wxYw#1swYyxYww)aK Iterate over the host entries in this file. @return: An iterable the elements of which provide L{IKnownHostEntry}. There is an element for each entry in the file as well as an element for each added but not yet saved entry. @rtype: iterable of L{IKnownHostEntry} providers N)rrropenOSError startswithr}rr*rK DecodeErrorrrri)r:entryfplines r iterentrieszKnownHostsFile.iterentriesvs[[ EK  ==  $$&B  0{'8'89 + 6 6t < * 5 5d ;       $\;?0)$/E0  se#C#B#C#C A B2C C## B/,C#.B//C#2CCCCC C#cDt|jt|j D]o\}}|j|j k(s$|j |s6|j|ry|dkrd}d}n|dz}|j}t|||y)a Check for an entry with matching hostname and key. @param hostname: A hostname or IP address literal to check for. @param key: The public key to check for. @return: C{True} if the given hostname and key are present in this file, C{False} if they are not. @raise HostKeyChanged: if the host key found for the given hostname does not match the given key. TrNr%F) enumeraterr(rr.sshTyperZr?rr)r:rYr3lineidxrrpaths r hasHostKeyzKnownHostsFile.hasHostKeys((8(8(:S=M.gotHasKey..promptResponses9#6C0 '-//r!ECECDSAzThe authenticity of host 'z (z)' can't be established. z key fingerprint is SHA256:)formatz9. Are you sure you want to continue connecting (yes/no)? )rrDrBrD)rtypedecodewarnrWrrr fingerprintr SHA256_BASE64promptsysgetdefaultencoding addCallback) r> addMessagerkeytyperproceedrYrr3r:uis r gotHasKeyz/KnownHostsFile.verifyHostKey..gotHasKeysr3/9#((*F,,.IIK=9$$ GGJ--g67OOB,IIK 00 #xxzd?%G%X.$R(/A/O/OP ))FMM#2H2H2J$KL**>::r!)r>rDrBzbool | Deferred[bool])rexecuterr)r:rrYrr3hhkrs````` r verifyHostKeyzKnownHostsFile.verifyHostKeys7,mmDOOXs;) ;) ;Vy))r!ctd}|j}t|t||||d}|jj ||S)a Add a new L{HashedEntry} to the key database. Note that you still need to call L{KnownHostsFile.save} if you wish these changes to be persisted. @param hostname: A hostname or IP address literal to associate with the new entry. @type hostname: L{bytes} @param key: The public key to associate with the new entry. @type key: L{Key} @return: The L{HashedEntry} that was added. @rtype: L{HashedEntry} N)rrr}r{rr_)r:rYr3saltr.rs rrzKnownHostsFile.addHostKeysI"B++-D-h"?#tT 5! r!c |jj}|js|j|jrdnd}|jj |5}|j rP|jdj|j Dcgc]}|jc}dzg|_dddd|_ycc}w#1swYd|_yxYw)zM Save this L{KnownHostsFile} to the path it was loaded from. war&NF) rparentisdirmakedirsrrrwriter]rb)r:pmode hostsFileObjrs rrzKnownHostsFile.saves NN ! ! #wwy JJL)-#C ^^  & !,{{""JJdkkJU 0JKeS!  !   K !  s&1CC.CCC(c$||}d|_|S)a Create a new L{KnownHostsFile}, potentially reading existing known hosts information from the given file. @param path: A path object to use for both reading contents from and later saving to. If no file exists at this path, it is not an error; a L{KnownHostsFile} with no entries is returned. @return: A L{KnownHostsFile} initialized with entries from C{path}. F)r)rRr knownHostss rfromPathzKnownHostsFile.fromPath sY # r!N)r FilePath[str]rBrC)rBr)rBzIterable[IKnownHostEntry])rYr@r3rrBrD) r ConsoleUIrYr@rr@r3rrBDeferred[bool])rYr@r3rrBr})rBrC)rrrBr)rErFrGrHr;propertyrrrrrrrerrIr!rrrPs|  >AC* C*J."  r!rc(eZdZdZddZddZddZy) rz A UI object that can ask true/false questions and post notifications on the console, to be used during key verification. c||_y)aA @param opener: A no-argument callable which should open a console binary-mode file-like object to be used for reading and writing. This initializes the C{opener} attribute. @type opener: callable taking no arguments and returning a read/write file-like object N)opener)r:rs rr;zConsoleUI.__init__7s  r!c^tjd}fd}|j|S)a Write the given text as a prompt to the console output, then read a result from the console input. @param text: Something to present to a user to solicit a yes or no response. @type text: L{bytes} @return: a L{Deferred} which fires with L{True} when the user answers 'yes' and L{False} when the user answers 'no'. It may errback if there were any I/O errors. Nc*tj5}|j |jj j }|dk(r dddy|dvr dddy|jd[#1swYyxYw)NTsyes>nor!FsPlease type 'yes' or 'no': )rrrreadlinerlower)ignoredfanswerr:texts rbodyzConsoleUI.prompt..bodyPs' @1 ZZ\//1779F'# @ @  </$ @ @ >? @ @sAB )B 7B  B)rsucceedr)r:rdrs`` rrzConsoleUI.promptAs* MM$  @}}T""r!c t|j5}|j|dddy#1swYyxYw#t$rtj dYywxYw)z Notify the user (non-interactively) of the provided text, by writing it to the console. @param text: Some information the user is to be made aware of. NzFailed to write to console)rrr Exceptionlogfailure)r:rrs rrzConsoleUI.warn^sR 6' 1     6 KK4 5 6s(A6A?AAA#"A#N)rzCallable[[], IO[bytes]]rBrC)rr@rBr)rr@rBrC)rErFrGrHr;rrrIr!rrr1s #: 6r!r)rr@rBr@)r+r@rBz&tuple[bytes, bytes, Key, bytes | None])r3r@r+rcrBr@)7rH __future__rrvrbinasciirrrr contextlibrhashlibrtypingr r r r zope.interfacer twisted.conch.errorrrrtwisted.conch.interfacesrtwisted.conch.ssh.keysrrrtwisted.internetrtwisted.internet.deferrtwisted.loggerrtwisted.python.compatrtwisted.python.filepathrtwisted.python.randbytesrtwisted.python.utilrrr r4r6rKrir{r}rrrIr!rrs  # AA22&MM4GG"+!.,1, h!,4B _I!I!I!X _#*#*#*L" _]!*l]!]!@^^B8686r!