YfO(dZddlmZddlZddlZddlmZmZm Z ddl m Z ddl m Z ddlmZmZmZddlmZdd lmZmZmZdd lmZdd lmZmZmZdd lmZdd l m!Z!ddl"m#Z#ddl$m%Z%ddl&m'Z'ddl(m)Z)ddl*m+Z+e#Z,dZ-dZ.GddZ/eeGdde/Z0eeGddZ1dZ2eeGdde/e+Z3GddZ4Gd d!Z5dS)"zE An implementation of the OpenSSH known_hosts database. @since: 8.2 ) annotationsN)Error a2b_base64 b2a_base64)closing)sha1)IOCallableLiteral) implementer)HostKeyChanged InvalidEntryUserRejectedKey)IKnownHostEntry) BadKeyErrorFingerprintFormatsKey)defer)Deferred)Logger) nativeString)FilePath) secureRandom) FancyEqMixincDt|S)z Encode a binary string as base64 with no trailing newline. @param s: The string to encode. @type s: L{bytes} @return: The base64-encoded string. @rtype: L{bytes} )rstrip)ss Q/var/www/html/env/lib/python3.11/site-packages/twisted/conch/client/knownhosts.py _b64encoder$s a==    cf|dd}t|dkrt|\}}}|dd}t|dkr|\}}|d}n |d}d}t jt |}||||fS)a Extract common elements of base64 keys from an entry in a hosts file. @param string: A known hosts file entry (a single line). @type string: L{bytes} @return: a 4-tuple of hostname data (L{bytes}), ssh key type (L{bytes}), key (L{Key}), and comment (L{bytes} or L{None}). The hostname data is simply the beginning of the line up to the first occurrence of whitespace. @rtype: L{tuple} N r)splitlenrrstripr fromStringr) stringelements hostnameskeyType keyAndCommentsplitkey keyStringcommentkeys r_extractCommonr31s||D!$$H 8}}nn(0%Iw ""4++H 8}}% 7..''QK  .I.. / /C gsG ++r ceZdZdZdZdZdS) _BaseEntrya Abstract base of both hashed and non-hashed entry objects, since they represent keys and key types the same way. @ivar keyType: The type of the key; either ssh-dss or ssh-rsa. @type keyType: L{bytes} @ivar publicKey: The server public key indicated by this line. @type publicKey: L{twisted.conch.ssh.keys.Key} @ivar comment: Trailing garbage after the key line. @type comment: L{bytes} c0||_||_||_dSN)r- publicKeyr1)selfr-r8r1s r__init__z_BaseEntry.__init__\s " r c|j|kS)a Check to see if this entry matches a given key object. @param keyObject: A public key object to check. @type keyObject: L{Key} @return: C{True} if this entry's key matches C{keyObject}, C{False} otherwise. @rtype: L{bool} )r8)r9 keyObjects r matchesKeyz_BaseEntry.matchesKeyas~**r N)__name__ __module__ __qualname____doc__r:r=r rr5r5Ms<   + + + + +r r5cLeZdZdZdfd Zedd ZddZddZxZ S) PlainEntryz A L{PlainEntry} is a representation of a plain-text entry in a known_hosts file. @ivar _hostnames: the list of all host-names associated with this entry. r, list[bytes]r-bytesr8rr1c\||_t|||dSr7) _hostnamessuperr:)r9r,r-r8r1 __class__s rr:zPlainEntry.__init__xs.(1 )W55555r r*returncpt|\}}}}||d|||}|S)a Parse a plain-text entry in a known_hosts file, and return a corresponding L{PlainEntry}. @param string: a space-separated string formatted like "hostname key-type base64-key-data comment". @raise DecodeError: if the key is not valid encoded as valid base64. @raise InvalidEntry: if the entry does not have the right number of elements and is therefore invalid. @raise BadKeyError: if the key, once decoded from base64, is not actually an SSH key. @return: an IKnownHostEntry representing the hostname and key in the input line. @rtype: L{PlainEntry} ,)r3r&)clsr*r,r-r2r1r9s rr)zPlainEntry.fromString~s@,,:&+A+A( 7Cs9??4(('3@@ r hostname bytes | strboolcht|tr|d}||jvS)a Check to see if this entry matches a given hostname. @param hostname: A hostname or IP address literal to check against this entry. @return: C{True} if this entry is for the given hostname or IP address, C{False} otherwise. utf-8) isinstancestrencoderHr9rOs r matchesHostzPlainEntry.matchesHosts4 h $ $ 0w//H4?**r cd|j|jt|jg}|j||jd|S)z Implement L{IKnownHostEntry.toString} by recording the comma-separated hostnames, key type, and base-64 encoded key. @return: The string representation of this entry, with unhashed hostname information. rMN )joinrHr-rr8blobr1appendr9fieldss rtoStringzPlainEntry.toStringsj IIdo & & L t~**,, - -  < # MM$, ' ' 'yy   r )r,rEr-rFr8rr1rF)r*rFrKrD)rOrPrKrQ)rKrF) r>r?r@rAr: classmethodr)rXr` __classcell__rJs@rrDrDos666666 [2 + + + +!!!!!!!!r rDc*eZdZdZdZdZdZdZdS) UnparsedEntryz L{UnparsedEntry} is an entry in a L{KnownHostsFile} which can't actually be parsed; therefore it matches no keys and no hosts. c||_dS)zv Create an unparsed entry from a line in a known_hosts file which cannot otherwise be parsed. N)_string)r9r*s rr:zUnparsedEntry.__init__s  r cdSz' Always returns False. FrBrWs rrXzUnparsedEntry.matchesHost ur cdSrirB)r9r2s rr=zUnparsedEntry.matchesKeyrjr c6|jdS)a Returns the input line, without its newline if one was given. @return: The string representation of this entry, almost exactly as was used to initialize this entry but without a trailing newline. @rtype: L{bytes} r%)rgr(r9s rr`zUnparsedEntry.toStrings|""5)))r N)r>r?r@rAr:rXr=r`rBr rreresZ   *****r rectj|t}t|tr|d}|||S)z Return the SHA-1 HMAC hash of the given key and string. @param key: The HMAC key. @type key: L{bytes} @param string: The string to be hashed. @type string: L{bytes} @return: The keyed hash value. @rtype: L{bytes} ) digestmodrS)hmacHMACrrTrUrVupdatedigest)r2r*hashs r _hmacedStringrus[ 9SD ) ) )D&#(w''KK ;;==r cPeZdZdZdZdZdfd ZeddZdZ dZ xZ S) HashedEntrya A L{HashedEntry} is a representation of an entry in a known_hosts file where the hostname has been hashed and salted. @ivar _hostSalt: the salt to combine with a hostname for hashing. @ivar _hostHash: the hashed representation of the hostname. @cvar MAGIC: the 'hash magic' string used to identify a hashed line in a known_hosts file as opposed to a plaintext one. s|1|) _hostSalt _hostHashr-r8r1hostSaltrFhostHashr-r8rr1 bytes | NonerKNonecj||_||_t|||dSr7)rxryrIr:)r9rzr{r-r8r1rJs rr:zHashedEntry.__init__s5"! )W55555r r*c*t|\}}}}|t|jdd}t|dkrt |\}}|t |t ||||} | S)a Load a hashed entry from a string representing a line in a known_hosts file. @param string: A complete single line from a I{known_hosts} file, formatted as defined by OpenSSH. @raise DecodeError: if the key, the hostname, or the is not valid encoded as valid base64 @raise InvalidEntry: if the entry does not have the right number of elements and is therefore invalid, or the host/hash portion contains more items than just the host and hash. @raise BadKeyError: if the key, once decoded from base64, is not actually an SSH key. @return: The newly created L{HashedEntry} instance, initialized with the information from C{string}. N|r")r3r'MAGICr&rr) rNr*stuffr-r2r1 saltAndHashrzr{r9s rr)zHashedEntry.fromStrings,(6f'='=$wWC NN,,-33D99 {  q .. ((s:h''H)=)=wWUU r c\tjt|j||jS)a Implement L{IKnownHostEntry.matchesHost} to compare the hash of the input to the stored hash. @param hostname: A hostname or IP address literal to check against this entry. @type hostname: L{bytes} @return: C{True} if this entry is for the given hostname or IP address, C{False} otherwise. @rtype: L{bool} )rpcompare_digestrurxryrWs rrXzHashedEntry.matchesHost-s," $.( 3 3T^   r cL|jdt|jt|jgz|jt|jg}|j| |jd|S)z Implement L{IKnownHostEntry.toString} by base64-encoding the salt, host hash, and key. @return: The string representation of this entry, with the hostname part hashed. @rtype: L{bytes} rNrZ) rr[rrxryr-r8r\r1r]r^s rr`zHashedEntry.toString>s JiiDN33Z5O5OPQQ R L t~**,, - -   < # MM$, ' ' 'yy   r ) rzrFr{rFr-rFr8rr1r|rKr})r*rFrKrw) r>r?r@rArcompareAttributesr:rar)rXr`rbrcs@rrwrws   EU 6 6 6 6 6 6[:   "!!!!!!!r rwcneZdZdZddZeddZdZd ZddZ ddZ ddZ e ddZ dS)KnownHostsFileaz A structured representation of an OpenSSH-format ~/.ssh/known_hosts file. @ivar _added: A list of L{IKnownHostEntry} providers which have been added to this instance in memory but not yet saved. @ivar _clobber: A flag indicating whether the current contents of the save path will be disregarded and potentially overwritten or not. If C{True}, this will be done. If C{False}, entries in the save path will be read and new entries will be saved by appending rather than overwriting. @type _clobber: L{bool} @ivar _savePath: See C{savePath} parameter of L{__init__}. savePath FilePath[str]rKr}c0g|_||_d|_dS)a$ Create a new, empty KnownHostsFile. Unless you want to erase the current contents of C{savePath}, you want to use L{KnownHostsFile.fromPath} instead. @param savePath: The L{FilePath} to which to save new entries. @type savePath: L{FilePath} TN)_added _savePath_clobber)r9rs rr:zKnownHostsFile.__init__cs.0 ! r c|jS)z< @see: C{savePath} parameter of L{__init__} )rrms rrzKnownHostsFile.savePathqs ~r c#K|jD]}|V|jrdS |j}n#t$rYdSwxYw|5|D]} |t jrt |}nt|}n,#tttf$rt|}YnwxYw|V ddddS#1swxYwYdS)aK Iterate over the host entries in this file. @return: An iterable the elements of which provide L{IKnownHostEntry}. There is an element for each entry in the file as well as an element for each added but not yet saved entry. @rtype: iterable of L{IKnownHostEntry} providers N)rrropenOSError startswithrwrr)rD DecodeErrorrrre)r9entryfplines r iterentrieszKnownHostsFile.iterentriesxsr[  EKKKK =  F $$&&BB    FF     0{'899< + 6 6t < < * 5 5d ; ;#\;?000)$//EEE0                    sF5 AAC"AB#"C"#&C  C" C  C""C&)C&c`t|t|j D]w\}}||r]|j|kr@||rdS|dkrd}d}n |dz}|j}t|||xdS)a Check for an entry with matching hostname and key. @param hostname: A hostname or IP address literal to check for. @type hostname: L{bytes} @param key: The public key to check for. @type key: L{Key} @return: C{True} if the given hostname and key are present in this file, C{False} if they are not. @rtype: L{bool} @raise HostKeyChanged: if the host key found for the given hostname does not match the given key. TrNr$F) enumeraterr'rrXr-sshTyper=rr )r9rOr2lineidxrrpaths r hasHostKeyzKnownHostsFile.hasHostKeys"((8(8(:(:S=M=M.gotHasKey..promptResponsesQ0#666C000 '-///r ECECDSAzThe authenticity of host 'z (z)' can't be established. z key fingerprint is SHA256:)formatz9. Are you sure you want to continue connecting (yes/no)? )rrQrKrQ)rtypedecodewarnrVrrr fingerprintr SHA256_BASE64promptsysgetdefaultencoding addCallback) r addMessagerkeytyperproceedrOrr2r9rs r gotHasKeyz/KnownHostsFile.verifyHostKey..gotHasKeysx( ;r3// $#((**$$,.IIKK$$$ GGJ--g66777OOB,,,IIKKK 000000000 #xxzzd??%G%X....$R((((/A/OPPPP ))FMM#2H2J2J$K$KLL**>:::r )rrQrKr)rexecuterr)r9rrOrr2hhkrs````` r verifyHostKeyzKnownHostsFile.verifyHostKeyse,mDOXs;;) ;) ;) ;) ;) ;) ;) ;) ;) ;) ;Vy)))r rwctd}|}t|t||||d}|j||S)a Add a new L{HashedEntry} to the key database. Note that you still need to call L{KnownHostsFile.save} if you wish these changes to be persisted. @param hostname: A hostname or IP address literal to associate with the new entry. @type hostname: L{bytes} @param key: The public key to associate with the new entry. @type key: L{Key} @return: The L{HashedEntry} that was added. @rtype: L{HashedEntry} N)rrrwrurr])r9rOr2saltr-rs rrzKnownHostsFile.addHostKeysX"B++--D-h"?"?#tTT 5!!! r c|j}|s||jrdnd}|j|5}|jrA|dd|jDdzg|_dddn #1swxYwYd|_dS)zM Save this L{KnownHostsFile} to the path it was loaded from. war%c6g|]}|SrB)r`).0rs r z'KnownHostsFile.save.. s"JJJU 0 0JJJr NF) rparentisdirmakedirsrrrwriter[)r9pmode hostsFileObjs rrzKnownHostsFile.saves  N ! ! # #wwyy  JJLLL)-"?##C ^  & & !,{ !""JJJJdkJJJKKeS!  ! ! ! ! ! ! ! ! ! ! ! ! ! ! !  s'A B<<CCrc*||}d|_|S)a Create a new L{KnownHostsFile}, potentially reading existing known hosts information from the given file. @param path: A path object to use for both reading contents from and later saving to. If no file exists at this path, it is not an error; a L{KnownHostsFile} with no entries is returned. @return: A L{KnownHostsFile} initialized with entries from C{path}. F)r)rNr knownHostss rfromPathzKnownHostsFile.fromPath%sSYY # r N)rrrKr})rKr) rrrOrFrrFr2rrKr)rOrFr2rrKrw)rKr})rrrKr)r>r?r@rAr:propertyrrrrrrrarrBr rrrRs    X >BC*C*C*C*J."   [   r rc*eZdZdZd dZdd Zdd Zd S)rz A UI object that can ask true/false questions and post notifications on the console, to be used during key verification. openerCallable[[], IO[bytes]]c||_dS)aA @param opener: A no-argument callable which should open a console binary-mode file-like object to be used for reading and writing. This initializes the C{opener} attribute. @type opener: callable taking no arguments and returning a read/write file-like object N)r)r9rs rr:zConsoleUI.__init__<s r textrFrKrcdtjd}fd}||S)a Write the given text as a prompt to the console output, then read a result from the console input. @param text: Something to present to a user to solicit a yes or no response. @type text: L{bytes} @return: a L{Deferred} which fires with L{True} when the user answers 'yes' and L{False} when the user answers 'no'. It may errback if there were any I/O errors. Ncvt5}| |}|dkr ddddS|dvr ddddS|dt#1swxYwYdS)NTsyes>nor FsPlease type 'yes' or 'no': )rrrreadlinerlower)ignoredfanswerr9rs rbodyzConsoleUI.prompt..bodyUs0'' @1 @ZZ\\//117799F''# @ @ @ @ @ @ @ @  <//$ @ @ @ @ @ @ @ @ >???@ @ @ @ @ @ @ @ @ @ @sAB.B.B..B25B2)rsucceedr)r9rdrs`` rrzConsoleUI.promptFsM M$   @ @ @ @ @ @}}T"""r r}c t|5}||ddddS#1swxYwYdS#t$rtdYdSwxYw)z Notify the user (non-interactively) of the provided text, by writing it to the console. @param text: Some information the user is to be made aware of. NzFailed to write to console)rrr Exceptionlogfailure)r9rrs rrzConsoleUI.warncs 6'' 1                    6 6 6 KK4 5 5 5 5 5 5 6s3!AA AA  A A A$A;:A;N)rr)rrFrKr)rrFrKr})r>r?r@rAr:rrrBr rrr6sZ ####: 6 6 6 6 6 6r r)6rA __future__rrprbinasciirrrr contextlibrhashlibrtypingr r r zope.interfacer twisted.conch.errorr rrtwisted.conch.interfacesrtwisted.conch.ssh.keysrrrtwisted.internetrtwisted.internet.deferrtwisted.loggerrtwisted.python.compatrtwisted.python.filepathrtwisted.python.randbytesrtwisted.python.utilrrrr3r5rDrerurwrrrBr rrs   #""""" AAAAAAAAAA((((((((((&&&&&&MMMMMMMMMM444444GGGGGGGGGG""""""++++++!!!!!!......,,,,,,111111,,,,,, fhh ! ! !,,,8++++++++D _E!E!E!E!E!E!E!E!P _!*!*!*!*!*!*!*!*H( _]!]!]!]!]!*l]!]!]!@aaaaaaaaH86868686868686868686r