3 O6b`7@sdZddlZddlZddlZddlZddlZyddlmZWn ek r\ddl mZYnXdZ dZ y2ddl Z eeee jjdddd`krdZ Wn:ek ry ddl Z Wnek rdZ YnXYnXdd lmZmZdd lmZdd lmZdd lmZmZmZdd lmZddl m!Z!ddl"m#Z#m$Z$ddl%m&Z&e'ddddddddgZ(Gddde)Z*edddddd d!gZ+ed"d#d$d%gZ,ed&d'gZ-d(d)Z.erd*d+Z/ej0Z1ej2Z3n2dd,l4m5Z6m7Z8d-d+Z/ee6fd.d/Z1e8fd0d1Z3ydd2l9m:Z;WnFek rJydd2lm:Z;Wnek rDd3d4Z;YnXYnXydd5lmek rer~d6d7Z=n e>fd8d7Z=e=fd9d:ZZ@d?d@ZAdAdBZBdCdDZCdEdFZDdGdHZEdIdJZFdKdLZGdMdNZHdOdPZIdQdRZJeGeEeIeHe!eFejKeAddSejKeAddSeJdT ZLGdUdVdVe)ZMGdWdXdXeMZNGdYdZdZeMZOeOejKeNddSejKeNddSejKeNddSd[ZPd\d]ZQd^d_ZRdS)azAuthentication helpers.N)quoteTF.)standard_b64decodestandard_b64encode) namedtuple)Binary) string_type_unicodePY3)SON)_authenticate_aws)ConfigurationErrorOperationFailure)saslprepGSSAPIz MONGODB-CRz MONGODB-X509z MONGODB-AWSPLAINz SCRAM-SHA-1z SCRAM-SHA-256DEFAULTc@s8eZdZd ZedZddZddZddZdd Z d S) _CachedatacCs d|_dS)N)r)selfrK/var/www/html/sandeepIITI/myenv/lib/python3.6/site-packages/pymongo/auth.py__init__Dsz_Cache.__init__cCst|trdStS)NT) isinstancerNotImplemented)rotherrrr__eq__Gs z _Cache.__eq__cCst|trdStS)NF)rrr)rrrrr__ne__Ms z _Cache.__ne__cCs|jS)N) _hash_val)rrrr__hash__Rsz_Cache.__hash__N)r) __name__ __module__ __qualname__ __slots__hashr rrrr!rrrrr?s rMongoCredential mechanismsourceusernamepasswordmechanism_propertiescacheGSSAPIProperties service_namecanonicalize_host_name service_realmZ AWSPropertiesaws_session_tokenc Cs|dkr|dkrtd|f|dkr|dk r>|dkr>td|jdi}|jd d }|jd d }|jd } t||| d} t|d||| dS|dkr|dk rtd|dk r|dkrtdt|d|dddS|dkr>|dk r|dkrtd|dk r |dkr td|jdi}|jd} t| d} t|d||| dS|dkrj|pV|pVd} t|| ||ddS|px|pxd} |dkrtdt|| ||dtSdS)z=Build and return a mechanism specific credentials tuple. MONGODB-X509 MONGODB-AWSNz%s requires a username.rz $externalz:authentication source must be $external or None for GSSAPIZauthmechanismpropertiesZ SERVICE_NAMEZmongodbZCANONICALIZE_HOST_NAMEFZ SERVICE_REALM)r/r0r1z+Passwords are not supported by MONGODB-X509z@authentication source must be $external or None for MONGODB-X509z;username without a password is not supported by MONGODB-AWSz?authentication source must be $external or None for MONGODB-AWSZAWS_SESSION_TOKEN)r2rZadminzA password is required.)r3r4)r ValueErrorgetr.r'_AWSPropertiesr) Zmechr)userpasswdextraZdatabaseZ propertiesr/Z canonicalizer1propsr2Zsource_databaserrr_build_credentials_tuplemsR          r<cCsdjddt||DS)z+XOR two byte strings together (python 3.x).cSsg|]\}}t||AgqSr)bytes).0xyrrr sz_xor..)joinzip)firsecrrr_xorsrG)hexlify unhexlifycCsdjddt||DS)z+XOR two byte strings together (python 2.x).r=cSs$g|]\}}tt|t|AqSr)chrord)r?r@rArrrrBsz_xor..)rCrD)rErFrrrrGscCs|||dS)z3An implementation of int.from_bytes for python 2.x.r)valuedummy_int_hexlifyrrr _from_bytessrQcCsdd|f}|||S)z1An implementation of int.to_bytes for python 2.x.z%%0%dxrr)rMlengthrN _unhexlifyfmtrrr _to_bytessrU) pbkdf2_hmacc Csxtj|dtt|}|fdd}t}t}||d}||d} x*t|dD]} ||}| ||dN} qLW|| |jdS)z'A simple implementation of PBKDF2-HMAC.NcSs|j}|j||jS)zGet a digest for msg.)copyupdatedigest)msgmacZ_macrrr_digests z_hi.._digestsbig)hmacHMACgetattrhashlibrQrUrange digest_size) hash_namersalt iterationsr[r\ from_bytesto_bytesZ_u1Z_ui_rrr_his   rk)compare_digestcCs||AS)Nr)abrrr _xor_bytessrocCs||||AS)Nr)rmrn_ordrrrroscCsfd}|}t|t|kr |}d}t|t|kr8|}d}x$t||D]\}}||||O}qDW|dkS)Nrr^)lenrD)rmrnroleftrightresultr@rArrrrlsrlcCstdd|jdDS)z-Split a scram response into key, value pairs.css|]}|jddVqdS)=r^N)split)r?itemrrr sz(_parse_scram_response..,)dictrv)responserrr_parse_scram_responsesr|cCsr|j}|jdjddjdd}ttjd}d|d|}tdd |fd td |fddddifg}|||fS)Nzutf-8rus=3Drys=2C sn=s,r= saslStartr^r(payloadsn,, autoAuthorizeoptionsZskipEmptyExchangeT)r~r^)rr^)r*encodereplacerosurandomr r ) credentialsr(r*r8nonce first_barecmdrrr_authenticate_scram_startsrc Csl|j}|dkr*d}tj}t|jjd}nd}tj}t||jjd}|j}|j }t j } |j j |} | r| jr| j\} } | j} nt||\} } }|j||} | d}t|}t|d}|dkrtd|d }|d }|j| std d |}|jr |j\}}}}n d\}}}}| s4||ks4||krtt||t||}| |d|j}| |d|j}||||f|_||j}dj| ||f}| |||j}dtt||}dj||f}t| |||j}tdd| dfdt|fg}|j||} t| d}t |d|s"td| dshtdd| dfdtdfg}|j||} | dshtdd S)zAuthenticate using SCRAM.z SCRAM-SHA-256sha256zutf-8sha1riiz+Server returned an invalid iteration count.srz!Server returned an invalid nonce.s c=biws,r=Ns Client Keys Server Keyrysp= saslContinuer^conversationIdvz%Server returned an invalid signature.doner=z%SASL conversation failed to complete.)NNNN)rr^)rr^)!r*rbrrr+rr_password_digestr)r-r_r`auth_ctxr6speculate_succeeded scram_dataspeculative_authenticatercommandr|intr startswithrrkrrYrCrrGr r rl) r sock_infor(r*rY digestmodrr)r-Z_hmacctxrrresrZ server_firstparsedrgrfZrnonceZ without_proofZ client_keyZ server_keyZcsaltZ citerationsZ salted_passZ stored_keyZauth_msgZ client_sigZ client_proofZ client_finalZ server_sigrrr_authenticate_scramst               rcCsxt|tstdtjft|dkr.tdt|tsHtdtjftj}d||f}|j|j dt |j S)z5Get a password digest to use for authentication. z"password must be an instance of %srzpassword can't be emptyz#password must be an instance of %sz %s:mongo:%szutf-8) rr TypeErrorr"rqr5rbmd5rXrr hexdigest)r*r+md5hashrrrrr^s      rcCs<t||}tj}d|||f}|j|jdt|jS)z/Get an auth key to use for authentication. z%s%s%szutf-8)rrbrrXrr r)rr*r+rYrrrrr _auth_keyps  rc Cs`tj|dddtjtjd\}}}}}ytj|tj}Wntjk rR|jSX|djS)z2Canonicalize hostname following MIT-krb5 behavior.Nr)socket getaddrinfo IPPROTO_TCP AI_CANONNAME getnameinfo NI_NAMEREQDgaierrorlower)hostnameafsocktypeproto canonnamesockaddrnamerrr_canonicalize_hostnamezs" rcCsts tdyH|j}|j}|j}|jd}|jr:t|}|jd|}|j dk r`|d|j }|dk rt rdj t |t |f}t j||t jd\}} qd|kr|jdd\} } n |d} } t j|t j| | |d\}} nt j|t jd\}} |t jkrtd zBt j| d dkr td t j| } tddd| fdg} |jd| }xtdD]p}t j| t|d}|dkr~td t j| pd } tdd|dfd| fg} |jd| }|t jkrTPqTWtdt j| t|ddkrtdt j| t j| |dkrtdt j| } tdd|dfd| fg} |jd| Wdt j| XWn2t jk r}ztt|WYdd}~XnXdS)zAuthenticate using GSSAPI. zEThe "kerberos" module must be installed to use GSSAPI authentication.r@N:)gssflagsr^)rr8domainr+z&Kerberos context failed to initialize.z*Unknown kerberos failure in step function.r~r(rrrz $external rrz+Kerberos authentication failed to complete.z0Unknown kerberos failure during GSS_Unwrap step.z.Unknown kerberos failure during GSS_Wrap step.)r~r^)r(r)rr^)rr^)rr^) HAVE_KERBEROSrr*r+r,addressr0rr/r1_USE_PRINCIPALrCrkerberosZauthGSSClientInitZGSS_C_MUTUAL_FLAGrvZAUTH_GSS_COMPLETErZauthGSSClientStepZauthGSSClientResponser rrcstrZauthGSSClientUnwrapZauthGSSClientWrapZauthGSSClientCleanZKrbError)rrr*r+r;hostZserviceZ principalrtrr8rrrr{rjexcrrr_authenticate_gssapis               rcCsL|j}|j}|j}d||fjd}td d dt|fd g}|j||d S) z-Authenticate using SASL PLAIN (RFC 4616) z%s%szutf-8r~r^r(rrrN)r~r^)r(r)rr^)r)r*r+rr r r)rrr)r*r+rrrrr_authenticate_plains rc Cs|j}|j}|j}t||}tdddtdfdg}|j||}tj|j dt j d }|j |d|j dd |j j d} tdd |d fdt| fg}|j||d S)z+Authenticate using CRAM-MD5 (RFC 2195) r~r^r(CRAM-MD5rr=rzutf-8)keyr rrN)r~r^)r(r)rr^)rr^)r)r*r+rr r rr_r`rrbrrXr) rrr)r*r+r9rr{r[ challengerrr_authenticate_cram_md5s     rcCsT|jj|}|r|jrdSt|j}|jdkrD|jdkrDtd|jd|dS)z%Authenticate using MONGODB-X509. NrziA username is required for MONGODB-X509 authentication when connected to MongoDB versions older than 3.4.z $external) rr6r _X509Contextspeculate_commandr*max_wire_versionrr)rrrrrrr_authenticate_x509s   rc Csb|j}|j}|j}|j|ddi}|d}t|||}tdd|fd|fd|fg}|j||dS) z#Authenticate using MONGODB-CR. Zgetnoncer^r authenticater8rN)rr^)r)r*r+rrr ) rrr)r*r+r{rrqueryrrr_authenticate_mongo_cr-s  rcCs|jdkrz||jkr |j|}n8|j}|j}|d|j|d<|j||ddjdg}d|krlt||dSt||dSn |jdkrt||dSt||SdS) NrZsaslSupportedMechsF)Zpublish_eventsz SCRAM-SHA-256z SCRAM-SHA-1) rZnegotiated_mechanismsr)Z hello_cmdr*rr6rr)rrZmechsr)rrrr_authenticate_default@s       r)r() zCRAM-MD5rz MONGODB-CRz MONGODB-X509z MONGODB-AWSrz SCRAM-SHA-1z SCRAM-SHA-256rc@s8eZdZddZeddZddZddZd d Zd S) _AuthContextcCs||_d|_dS)N)rr)rrrrrresz_AuthContext.__init__cCstj|j}|r||SdS)N)_SPECULATIVE_AUTH_MAPr6r()credsZspec_clsrrrfrom_credentialsis z_AuthContext.from_credentialscCstdS)N)NotImplementedError)rrrrrpsz_AuthContext.speculate_commandcCs |j|_dS)N)r)rZhellorrrparse_responsessz_AuthContext.parse_responsecCs t|jS)N)boolr)rrrrrvsz _AuthContext.speculate_succeededN) r"r#r$r staticmethodrrrrrrrrrds  rcs$eZdZfddZddZZS) _ScramContextcs tt|j|d|_||_dS)N)superrrrr()rrr() __class__rrr{sz_ScramContext.__init__cCs.t|j|j\}}}|jj|d<||f|_|S)Ndb)rrr(r)r)rrrrrrrrs   z_ScramContext.speculate_command)r"r#r$rr __classcell__rr)rrrzs rc@seZdZddZdS)rcCs(tddg}|jjdk r$|jj|d<|S)Nrr^r( MONGODB-X509r8)rr^)r(r)r rr*)rrrrrrs   z_X509Context.speculate_commandN)r"r#r$rrrrrrsr)z MONGODB-X509z SCRAM-SHA-1z SCRAM-SHA-256rcCs|j}tj|}|||dS)zAuthenticate sock_info.N)r( _AUTH_MAPr6)rrr(Z auth_funcrrrrs rcCs|j|ddidS)zLog out from a database.logoutr^N)r)r)rrrrrsr)rr)S__doc__ functoolsrbr_rrurllibr ImportError urllib.parserrZ winkerberosrtuplemapr __version__rvbase64rr collectionsrZ bson.binaryr Zbson.py3compatr r r Zbson.sonr Zpymongo.auth_awsrZpymongo.errorsrrZpymongo.saslprepr frozensetZ MECHANISMSobjectrr'r.r7r<rGrhrQrirUbinasciirHrPrIrSZbackports.pbkdf2rVrkrlrorKr|rrrrrrrrrrrpartialrrrrrrrrrrrs"       5   O n