U ~fhB @sUdZddlmZddlZddlZddlZddlZddlmZm Z ddl m Z m Z m Z mZmZmZmZmZddlmZddlmZddlmZdd lmZmZdd lmZmZmZm Z dd l!m"Z"m#Z#dd l$m%Z%e rdd l&m'Z'ddl(m)Z)dZ*dZ+z4ddl,Z-e.e/e0e-j12ddddkr(dZ+Wn>e3k rhz ddl-Z-Wne3k rbdZ*YnXYnXdZ4dddddddZ5ddddddZ6ddddddd Z7ddd!d"d#Z8dddd$d%d&Z9dddd$d'd(Z:dddd$d)d*Z;dddd$d+d,Ze5d/d0ej>e5d1d0e=d2 Z?d3e@d4<Gd5d6d6ZAGd7d8d8eAZBGd9d:d:eAZCGd;d<deBd/d0ej>eBd1d0eDej>eBd1d0d=ZEd>e@d?<dDddd@ddAdBdCZFdS)EzAuthentication helpers.) annotationsN)standard_b64decodestandard_b64encode) TYPE_CHECKINGAnyCallable CoroutineMappingMutableMappingOptionalcast)quote)Binary)_authenticate_aws)_authenticate_oidc_get_authenticator)MongoCredential_authenticate_scram_start_parse_scram_response_xor)ConfigurationErrorOperationFailure)saslprep)AsyncConnection)HelloTF.)rrrstrNone) credentialsconn mechanismreturnc s|j}|dkr*d}tj}t|jd}nd}tj}t||jd}|j}|j }t j } |j } | r| rt| tsxt| jdk st| j\} } | j} n"t||\} } }|||IdH} | dk st| d}t|}t|d}|dkrtd |d }|d }|| std d |}|jr6|j\}}}}n d\}}}}|r\||ks\||krt||t||}| |d|}| |d|}||||f|_||}d| ||f}| |||}dtt||}d||f}t| |||}d| dt |d}|||IdH} t| d}t !|d|sJtd| dsd| dt dd}|||IdH} | dstddS)zAuthenticate using SCRAM. SCRAM-SHA-256sha256utf-8sha1Npayloadiiz+Server returned an invalid iteration count.srz!Server returned an invalid nonce.s c=biws,r=)NNNNs Client Keys Server Key,sp=conversationIdZ saslContinuer.r(vz%Server returned an invalid signature.donez%SASL conversation failed to complete.)"usernamehashlibr%rpasswordencoder'_password_digestsourcecachehmacHMACauth_ctxspeculate_succeeded isinstance _ScramContextAssertionError scram_dataspeculative_authenticatercommandrintr startswithdata pbkdf2_hmacrdigestjoinrrrcompare_digest) r r!r"r3rH digestmodrFr8r9Z_hmacctxnonce first_barerescmdZ server_firstparsedZ iterationsZsaltZrnonceZ without_proofZ client_keyZ server_keyZcsaltZ citerationsZ salted_passZ stored_keyZauth_msgZ client_sigZ client_proofZ client_finalZ server_sigrR=/tmp/pip-unpacked-wheel-36gvocj8/pymongo/asynchronous/auth.py_authenticate_scramGsx          rT)r3r5r#cCsft|tstdt|dkr&tdt|ts8tdt}|d|}||d| S)z0Get a password digest to use for authentication.z#password must be an instance of strrzpassword can't be emptyz#username must be an instance of strz:mongo:r&) r>r TypeErrorlen ValueErrorr4md5updater6 hexdigest)r3r5md5hashrFrRrRrSr7s   r7)rMr3r5r#cCs:t||}t}|||}||d|S)z*Get an auth key to use for authentication.r&)r7r4rXrYr6rZ)rMr3r5rHr[rFrRrRrS _auth_keys  r\)hostnamer#cCsdt|dddtjtjd\}}}}}zt|tj}Wntjk rV|YSX|dS)z2Canonicalize hostname following MIT-krb5 behavior.Nr)socket getaddrinfo IPPROTO_TCP AI_CANONNAME getnameinfo NI_NAMEREQDgaierrorlower)r]afsocktypeproto canonnameZsockaddrnamerRrRrS_canonicalize_hostnamesrk)r r!r#c sts tdz@|j}|j}|j}|jd}|jr:t|}|jd|}|j dk r`|d|j }|dk rt rd t |t |f}t j||t jd\}} qd|kr|dd\} } n |d} } t j|t j| | |d\}} nt j|t jd\}} |t jkrtd z:t | d dkr td t | } dd | dd } |d| IdH}tdD]p}t | t|d}|dkr|td t | pd } d|d| d} |d| IdH}|t jkrRq̐qRtdt | t|ddkrtdt | t | |dkrtdt | } d|d| d} |d| IdHW5t | XWn4t jk r}ztt|dW5d}~XYnXdS)zAuthenticate using GSSAPI.zEThe "kerberos" module must be installed to use GSSAPI authentication.r@N:)gssflagsr-)rnuserdomainr5z&Kerberos context failed to initialize.z*Unknown kerberos failure in step function.GSSAPIZ saslStartr"r(Z autoAuthorize $external r(r.r/z+Kerberos authentication failed to complete.z0Unknown kerberos failure during GSS_Unwrap step.z.Unknown kerberos failure during GSS_Wrap step.) HAVE_KERBEROSrr3r5Zmechanism_propertiesaddressZcanonicalize_host_namerkZ service_nameZ service_realm_USE_PRINCIPALrIr kerberosZauthGSSClientInitZGSS_C_MUTUAL_FLAGsplitZAUTH_GSS_COMPLETErZauthGSSClientCleanZauthGSSClientStepZauthGSSClientResponserCrangerZauthGSSClientUnwrapZauthGSSClientWrapZKrbError)r r!r3r5propshostZserviceZ principalresultrLrorpr(rPresponse_excrRrRrS_authenticate_gssapis            rcsN|j}|j}|j}d|d|}ddt|dd}|||IdHdS)z(Authenticate using SASL PLAIN (RFC 4616)r-PLAINrsN)r8r3r5r6rrC)r r!r8r3r5r(rPrRrRrS_authenticate_plain2srcs<|j}|r|rdSt||j}|d|IdHdS)z Authenticate using MONGODB-X509.Nrt)r<r= _X509Contextrxspeculate_commandrC)r r!rLrPrRrRrS_authenticate_x509As  rc s`|j}|j}|j}||ddiIdH}|d}t|||}d|||d}|||IdHdS)zAuthenticate using MONGODB-CR.Zgetnoncer-NrM) authenticaterorMkey)r8r3r5rCr\) r r!r8r3r5rrMrqueryrRrRrS_authenticate_mongo_crLs rcs|jdkr|jr|j}n>|j}|}|d|j|d<|j||ddIdHdg}d|krpt||dIdHSt||dIdHSnt||dIdHSdS)NrZsaslSupportedMechsF)Zpublish_eventsr$ SCRAM-SHA-1)Zmax_wire_versionZnegotiated_mechsr8Z hello_cmdr3rCgetrT)r r!Zmechsr8rPrRrRrS_authenticate_default[s rr)r"r$) rrz MONGODB-CR MONGODB-X509z MONGODB-AWS MONGODB-OIDCrrr$DEFAULTz6Mapping[str, Callable[..., Coroutine[Any, Any, None]]] _AUTH_MAPc@s`eZdZddddddZeddddd d Zd d d dZdddddZdd ddZdS) _AuthContextrtuple[str, int]r)r rxr#cCs||_d|_||_dSN)r rBrx)selfr rxrRrRrS__init__|sz_AuthContext.__init__zOptional[_AuthContext])credsrxr#cCs$t|j}|r tt|||SdSr)_SPECULATIVE_AUTH_MAPrr"r r)rrxZspec_clsrRrRrSfrom_credentialss z_AuthContext.from_credentials"Optional[MutableMapping[str, Any]]r#cCstdSr)NotImplementedErrorrrRrRrSrsz_AuthContext.speculate_commandzHello[Mapping[str, Any]])hellor#cCs |j|_dSr)rB)rrrRrRrSparse_responsesz_AuthContext.parse_responseboolcCs t|jSr)rrBrrRrRrSr=sz _AuthContext.speculate_succeededN) __name__ __module__ __qualname__r staticmethodrrrr=rRrRrRrSr{s rcs6eZdZdddddfdd Zdd d d ZZS) r?rrrr)r rxr"r#cst||d|_||_dSr)superrrAr")rr rxr" __class__rRrSrsz_ScramContext.__init__rrcCs.t|j|j\}}}|jj|d<||f|_|SNdb)rr r"r8rA)rrMrNrPrRrRrSrs  z_ScramContext.speculate_command)rrrrr __classcell__rRrRrrSr?sr?c@seZdZddddZdS)rzMutableMapping[str, Any]rcCs&ddd}|jjdk r"|jj|d<|S)Nr-r)rr"ro)r r3)rrPrRrRrSrs   z_X509Context.speculate_commandNrrrrrRrRrRrSrsrc@seZdZddddZdS) _OIDCContextrrcCs2t|j|j}|}|dkr"dS|jj|d<|Sr)rr rxZget_spec_auth_cmdr8)rZ authenticatorrPrRrRrSrs  z_OIDCContext.speculate_commandNrrRrRrRrSrsr)rrr$rrzMapping[str, Any]rr)r r!reauthenticater#cs>|j}t|}|dkr*t|||IdHn|||IdHdS)zAuthenticate connection.rN)r"rr)r r!rr"Z auth_funcrRrRrSrs r)F)G__doc__ __future__r functoolsr4r:r^base64rrtypingrrrrr r r r urllib.parser Z bson.binaryrZpymongo.asynchronous.auth_awsrZpymongo.asynchronous.auth_oidcrrZpymongo.auth_sharedrrrrZpymongo.errorsrrZpymongo.saslpreprZpymongo.asynchronous.poolrZ pymongo.hellorrwryZ winkerberosrztuplemaprD __version__r{ ImportErrorZ_IS_SYNCrTr7r\rkrrrrrpartialr__annotations__rr?rrrrrRrRrRrSsx (      $ U o