lib/paramiko/__pycache__/auth_strategy.cpython-314.pyc

+
u<10>i<EFBFBD>,<00><00><00>Rt^RIHt^RIHt^RIHt^RIHt!RR4t	!RR]	4t
!R	R
]	4t!RR]	4t!R
R]4t
!RR]4t]!RRR.4t!RR]4t!RR]4t!RR4tR#)z<>
Modern, adaptable authentication machinery.

Replaces certain parts of `.SSHClient`. For a concrete implementation, see the
``OpenSSHAuthStrategy`` class in `Fabric <https://fabfile.org>`_.
)<01>
namedtuple)<01>AgentKey)<01>
get_logger)<01>AuthenticationExceptionc<00><a<00>]tRt^toRtRtRtRtRtRt	Vt
R#)<08>
AuthSourcez<EFBFBD>
Some SSH authentication source, such as a password, private key, or agent.

See subclasses in this module for concrete implementations.

All implementations must accept at least a ``username`` (``str``) kwarg.
c<08><00>WnR#<00>N<><01>username)<02>selfrs&&<26>=/tmp/pip-target-zhdecbcm/lib/python/paramiko/auth_strategy.py<70>__init__<5F>AuthSource.__init__s<00><00> <20>
<0A>c<08><><00>VP4UUu.uF
wr#VRV:2NK	pppRPV4pVPPRVR2#uuppi)<04>=z, <20>(<28>))<04>items<6D>join<69>	__class__<5F>__name__)r<00>kwargs<67>k<>v<>pairs<72>joineds&,    r
<00>_repr<70>AuthSource._reprs[<00><00>+1<>,<2C>,<2C>.<2E>9<>.<2E>$<24>!<21>A<EFBFBD>3<EFBFBD>a<EFBFBD><01>u<EFBFBD><1C>.<2E><05>9<><15><19><19>5<EFBFBD>!<21><06><16>.<2E>.<2E>)<29>)<29>*<2A>!<21>F<EFBFBD>8<EFBFBD>1<EFBFBD>5<>5<><35>:s<00>Ac<08>"<00>VP4#r	)r<00>rs&r
<00>__repr__<5F>AuthSource.__repr__"s<00><00><13>z<EFBFBD>z<EFBFBD>|<7C>rc<0C><00>\h)z
Perform authentication.
<EFBFBD><01>NotImplementedError<6F>r<00>	transports&&r
<00>authenticate<74>AuthSource.authenticate%s
<00><00>"<22>!rr
N)r<00>
__module__<EFBFBD>__qualname__<5F>__firstlineno__<5F>__doc__rrr"r)<00>__static_attributes__<5F>__classdictcell__<5F><01>
__classdict__s@r
rrs#<00><><00><00><08>!<21>6<><1C>"<22>"rrc<00>*a<00>]tRt^,toRtRtRtVtR#)<05>NoneAuthzK
Auth type "none", ie https://www.rfc-editor.org/rfc/rfc4252#section-5.2 .
c<08>8<00>VPVP4#r	)<02>	auth_nonerr's&&r
r)<00>NoneAuth.authenticate1s<00><00><18>"<22>"<22>4<EFBFBD>=<3D>=<3D>1<>1r<00>N<>rr+r,r-r.r)r/r0r1s@r
r4r4,s<00><><00><00><08>2<>2rr4c<00>Haa<01>]tRt^5toRtV3RltV3RltRtRtVt	V;t
#)<06>Passworda<64>
Password authentication.

:param callable password_getter:
    A lazy callable that should return a `str` password value at
    authentication time, such as a `functools.partial` wrapping
    `getpass.getpass`, an API call to a secrets store, or similar.

    If you already know the password at instantiation time, you should
    simply use something like ``lambda: "my literal"`` (for a literal, but
    also, shame on you!) or ``lambda: variable_name`` (for something stored
    in a variable).
c<08>4<<01>\SV`VR7W nR#<00>r
N)<03>superr<00>password_getter)rrr?rs&&&<26>r
r<00>Password.__init__Ds<00><><00>
<0A><07><18>(<28><18>+<2B>.<2E>rc<08>8<<01>\SV`VPR7#))<01>user)r>rr)rrs&<26>r
r"<00>Password.__repr__Hs<00><><00><15>w<EFBFBD>}<7D>$<24>-<2D>-<2D>}<7D>0<>0rc<08>Z<00>VP4pVPVPV4#r	)r?<00>
auth_passwordr)rr(<00>passwords&& r
r)<00>Password.authenticateMs)<00><00><18>'<27>'<27>)<29><08><18>&<26>&<26>t<EFBFBD>}<7D>}<7D>h<EFBFBD>?<3F>?r)r?)rr+r,r-r.rr"r)r/r0<00>
__classcell__<5F>rr2s@@r
r;r;5s <00><><00><00><08>/<2F>1<>
@<01>@rr;c<00>*a<00>]tRt^XtoRtRtRtVtR#)<05>
PrivateKeyak
Essentially a mixin for private keys.

Knows how to auth, but leaves key material discovery/loading/decryption to
subclasses.

Subclasses **must** ensure that they've set ``self.pkey`` to a decrypted
`.PKey` instance before calling ``super().authenticate``; typically
either in their ``__init__``, or in an overridden ``authenticate`` prior to
its `super` call.
c<08>N<00>VPVPVP4#r	)<03>auth_publickeyr<00>pkeyr's&&r
r)<00>PrivateKey.authenticatees<00><00><18>'<27>'<27><04>
<0A>
<0A>t<EFBFBD>y<EFBFBD>y<EFBFBD>A<>Arr8Nr9r1s@r
rKrKXs<00><><00><00>
<08>B<01>BrrKc<00>Baa<01>]tRt^itoRtV3RltV3RltRtVtV;t	#)<05>InMemoryPrivateKeyz)
An in-memory, decrypted `.PKey` object.
c<08>4<<01>\SV`VR7W nR#r=)r>rrN)rrrNrs&&&<26>r
r<00>InMemoryPrivateKey.__init__ns<00><><00>
<0A><07><18>(<28><18>+<2B><18>	rc<08><><<01>\SV`VPR7p\VP\4'd
VR,
pV#)<02>rNz [agent])r>rrN<00>
isinstancer)r<00>reprs& <20>r
r"<00>InMemoryPrivateKey.__repr__ss9<00><><00><14>g<EFBFBD>m<EFBFBD><14><19><19>m<EFBFBD>+<2B><03><15>d<EFBFBD>i<EFBFBD>i<EFBFBD><18>*<2A>*<2A><0F>:<3A><1D>C<EFBFBD><12>
rrU<00>
rr+r,r-r.rr"r/r0rHrIs@@r
rQrQis<00><><00><00><08><19>
<13>rrQc<00><aa<01>]tRt^|toRtV3RltRtRtVtV;t	#)<05>OnDiskPrivateKeyau
Some on-disk private key that needs opening and possibly decrypting.

:param str source:
    String tracking where this key's path was specified; should be one of
    ``"ssh-config"``, ``"python-config"``, or ``"implicit-home"``.
:param Path path:
    The filesystem path this key was loaded from.
:param PKey pkey:
    The `PKey` object this auth source uses/represents.
c<08>z<<01>\SV`VR7W nRpW%9d\RV:24hW0nW@nR#)r
z source argument must be one of: N)z
ssh-configz
python-configz
implicit-home)r>r<00>source<63>
ValueError<EFBFBD>pathrN)rrr]r_rN<00>allowedrs&&&&& <20>r
r<00>OnDiskPrivateKey.__init__<5F>s@<00><><00>
<0A><07><18>(<28><18>+<2B><1C><0B>B<><07><11> <20><1C>?<3F><07>{<7B>K<>L<>L<><18>	<09><18>	rc<08>x<00>VPVPVP\VP4R7#))<03>keyr]r_)rrNr]<00>strr_r!s&r
r"<00>OnDiskPrivateKey.__repr__<5F>s/<00><00><13>z<EFBFBD>z<EFBFBD><14>	<09>	<09>$<24>+<2B>+<2B>C<EFBFBD><04>	<09>	<09>N<EFBFBD><1A>
<EFBFBD>	
r)r_rNr]rYrIs@@r
r[r[|s<00><><00><00>
<08><19>
<EFBFBD>
rr[<00>SourceResultr]<00>resultc<00><aa<01>]tRt^<5E>toRtV3RltRtRtVtV;t	#)<05>
AuthResulta<EFBFBD>
Represents a partial or complete SSH authentication attempt.

This class conceptually extends `AuthStrategy` by pairing the former's
authentication **sources** with the **results** of trying to authenticate
with them.

`AuthResult` is a (subclass of) `list` of `namedtuple`, which are of the
form ``namedtuple('SourceResult', 'source', 'result')`` (where the
``source`` member is an `AuthSource` and the ``result`` member is either a
return value from the relevant `.Transport` method, or an exception
object).

.. note::
    Transport auth method results are always themselves a ``list`` of "next
    allowable authentication methods".

    In the simple case of "you just authenticated successfully", it's an
    empty list; if your auth was rejected but you're allowed to try again,
    it will be a list of string method names like ``pubkey`` or
    ``password``.

    The ``__str__`` of this class represents the empty-list scenario as the
    word ``success``, which should make reading the result of an
    authentication session more obvious to humans.

Instances also have a `strategy` attribute referencing the `AuthStrategy`
which was attempted.
c<08>4<<01>Wn\SV`!V/VBR#r	)<03>strategyr>r)rrk<00>argsrrs&&*,<2C>r
r<00>AuthResult.__init__<5F>s<00><><00> <20>
<0A>
<0A><07><18>$<24>)<29>&<26>)rc<08>2<00>RPRV44#)<02>
c3<00>j"<00>TF)qPRVP;'gR2x<00>K+	R#5i)z -> <20>successN)r]rg)<02>.0<EFBFBD>xs& r
<00>	<genexpr><3E>%AuthResult.__str__.<locals>.<genexpr><3E>s-<00><00><00>
<EFBFBD>>B<><11>x<EFBFBD>x<EFBFBD>j<EFBFBD><04>Q<EFBFBD>X<EFBFBD>X<EFBFBD>2<>2<><19>3<>4<>d<EFBFBD>s<00>#3<01>
3)rr!s&r
<00>__str__<5F>AuthResult.__str__<5F>s"<00><00>
<14>y<EFBFBD>y<EFBFBD>
<EFBFBD>>B<>
<EFBFBD>
<EFBFBD>	
r<00>rk)
rr+r,r-r.rrvr/r0rHrIs@@r
riri<00>s<00><><00><00><08><*<2A>
<EFBFBD>
rric<00>0a<00>]tRt^<5E>toRtRtRtRtVtR#)<06>AuthFailurea<65>
Basic exception wrapping an `AuthResult` indicating overall auth failure.

Note that `AuthFailure` descends from `AuthenticationException` but is
generally "higher level"; the latter is now only raised by individual
`AuthSource` attempts and should typically only be seen by users when
encapsulated in this class. It subclasses `AuthenticationException`
primarily for backwards compatibility reasons.
c<08><00>WnR#r	<00>rg)rrgs&&r
r<00>AuthFailure.__init__<5F>s<00><00><1C>rc<08>:<00>R\VP4,#)ro)rdrgr!s&r
rv<00>AuthFailure.__str__<5F>s<00><00><13>c<EFBFBD>$<24>+<2B>+<2B>&<26>&<26>&rr|N)	rr+r,r-r.rrvr/r0r1s@r
rzrz<00>s<00><><00><00><08><1D>'<27>'rrzc<00>6a<00>]tRt^<5E>toRtRtRtRtRtVt	R#)<07>AuthStrategyz<79>
This class represents one or more attempts to auth with an SSH server.

By default, subclasses must at least accept an ``ssh_config``
(`.SSHConfig`) keyword argument, but may opt to accept more as needed for
their particular strategy.
c<08>:<00>Wn\\4VnR#r	)<04>
ssh_configrr<00>log)rr<>s&&r
r<00>AuthStrategy.__init__<5F>s<00><00>%<25><0F><1D>h<EFBFBD>'<27><04>rc<0C><00>\h)a+
Generator yielding `AuthSource` instances, in the order to try.

This is the primary override point for subclasses: you figure out what
sources you need, and ``yield`` them.

Subclasses _of_ subclasses may find themselves wanting to do things
like filtering or discarding around a call to `super`.
r%r!s&r
<00>get_sources<65>AuthStrategy.get_sources<65>s
<00><00>"<22>!rc<0C><><00>Rp\VR7pVP4FYpVPPRV24VP	V4pRpVP\WE44V'gKYM	V'g
\VR7hV# \
dDpTpTPPpTPPRTRT24Rp?L<>Rp?ii;i)	z<>
Handles attempting `AuthSource` instances yielded from `get_sources`.

You *normally* won't need to override this, but it's an option for
advanced users.
FrxzTrying TzAuthentication via z
 failed with Nr|)rir<>r<><00>debugr)<00>	Exceptionrr<00>info<66>appendrfrz)rr(<00>	succeeded<65>overall_resultr]rg<00>e<>source_classs&&      r
r)<00>AuthStrategy.authenticates<><00><00><1A>	<09>#<23>T<EFBFBD>2<><0E><1B>&<26>&<26>(<28>F<EFBFBD><10>H<EFBFBD>H<EFBFBD>N<EFBFBD>N<EFBFBD>W<EFBFBD>V<EFBFBD>H<EFBFBD>-<2D>.<2E>
<12><1F>,<2C>,<2C>Y<EFBFBD>7<><06> <20>	<09>"
<1B>!<21>!<21>,<2C>v<EFBFBD>"><3E>?<3F><18>y<EFBFBD><15>/)<29>4<19><1D>^<5E>4<>4<><1D><1D><>)<1D>
<12><1A><06> !<21>{<7B>{<7B>3<>3<><0C><14><08><08>
<0A>
<0A>)<29>&<26><18><1D>|<7C>n<EFBFBD>M<><12><12><>
<12>s<00>B<02>C <05>9C<05>C )r<>r<>N)
rr+r,r-r.rr<>r)r/r0r1s@r
r<>r<><00>s<00><><00><00><08>(<28>
"<22>+<1E>+rr<>N)r.<00>collectionsr<00>agentr<00>utilr<00>
ssh_exceptionrrr4r;rKrQr[rf<00>listrirzr<>r8rr
<00><module>r<>s<><00><01><04>#<23><1B><1C>2<>"<22>"<22>:2<>z<EFBFBD>2<>@<01>z<EFBFBD>@<01>FB<01><1A>B<01>"<13><1A><13>&
<EFBFBD>z<EFBFBD>
<EFBFBD>B<1A>.<2E>8<EFBFBD>X<EFBFBD>*><3E>?<3F><0C>*
<EFBFBD><14>*
<EFBFBD>\'<27>)<29>'<27>$G<1E>Gr