l8'hB \UdZddlmZddlZddlZddlZddlZddlmZm Z ddl m Z m Z m Z mZmZmZmZmZddlmZddlmZddlmZdd lmZmZdd lmZmZmZm Z dd l!m"Z"m#Z#dd l$m%Z%e r dd l&m'Z'ddl(m)Z)dZ*dZ+ ddl,Z-e.e/e0e-jbjeddddk\rdZ+dZ4 d/dZ5d0dZ6d1dZ7d2dZ8d3dZ9d3dZ:d3dZ;d3dZ*>?FFwO   F   E IIE --C s&&(#}---~~)))NNz**!:; !Rz3LL-- ??y>L "< 0FVD\"JDLMM $>@J-d:z.JKKL99m\:;L#E*h $J$Q$Q$STJ./,' C  VS) )C "3y> 2F   vd|Z 8FGG v;!"23c{  LL--6{"#JK K _.N *.s8D'M)M*F#M M A"M0M 1M M Mc6t|ts tdt|dk(r t dt|ts tdt j }|d|}|j|jd|jS)z0Get a password digest to use for authentication.z#password must be an instance of strrzpassword can't be emptyz#username must be an instance of strz:mongo:r") r;str TypeErrorlen ValueErrorr1md5updater3 hexdigest)r0r2md5hashrBs rbr4r4s h $=>> 8}233 h $=>>kkmGZwxj )D NN4;;w'(    r/ct||}tj}|||}|j|j d|j S)z*Get an auth key to use for authentication.r")r4r1rirjr3rk)rMr0r2rDrlrBs rb _auth_keyrnsO h 1FkkmGWXJvh 'D NN4;;w'(    r/cBtj|dddtjtjd\}}}}} tj|tj }|djS#tj $r|jcYSwxYw)z2Canonicalize hostname following MIT-krb5 behavior.Nr)socket getaddrinfo IPPROTO_TCP AI_CANONNAME getnameinfo NI_NAMEREQDgaierrorlower)hostnameafsocktypeproto canonnamesockaddrnames rb_canonicalize_hostnamers06/A/A$1f00&2E2E00 ,B%H!!!(F,>,>? 7==? ??!  !s$A88#BBcKts td |j}|j}|j}|j d}|j r t|}|jdz|z}|j|dz|jz}|trOdjt|t|f}tj||tj\}} nrd|vr|j!dd\} } n|d} } tj|tj| | |\}} n(tj|tj\}} |tj"k7r t%d  tj&| d dk7r t%d tj(| } dd | dd } |j+d| d{}t-dD]}tj&| t/|d}|dk(r t%d tj(| xsd } d|d| d} |j+d| d{}|tj"k(sn t%dtj0| t/|ddk7r t%dtj2| tj(| |dk7r t%dtj(| } d|d| d} |j+d| d{tj4| y7Y77#tj4| wxYw#tj6$r}t%t/|dd}~wwxYww)zAuthenticate using GSSAPI.zEThe "kerberos" module must be installed to use GSSAPI authentication.r@N:)gssflagsr))ruserdomainr2z&Kerberos context failed to initialize.z*Unknown kerberos failure in step function.GSSAPI saslStartrIr$ autoAuthorize $external r$r*r+z+Kerberos authentication failed to complete.z0Unknown kerberos failure during GSS_Unwrap step.z.Unknown kerberos failure during GSS_Wrap step.) HAVE_KERBEROSrr0r2mechanism_propertiesaddresscanonicalize_host_namer service_name service_realm_USE_PRINCIPALrErkerberosauthGSSClientInitGSS_C_MUTUAL_FLAGsplitAUTH_GSS_COMPLETErauthGSSClientStepauthGSSClientResponser?rangereauthGSSClientUnwrapauthGSSClientWrapauthGSSClientCleanKrbError)rGrHr0r2propshostservice principalresultrLrrr$rPresponse_excs rb_authenticate_gssapirsa  S  e3''''00||A  ' ')$/D$$s*T1    *me&9&99G   HHeHouX%GH &88Y1K1K (?#+>>#q#9LD&#+T&D&88%77!%  #44WxGaGabKFC X// /"#KL L: - ))#r2a7&'STT 44S9G%"!" C "\\+s;;H2Y V!33CXi=P9QRR<*+WXX"88=C%&&./?&@& "&k3!??X777 V"''TUU++CXi5H1IJaO&'YZZ))#x/M/Mc/RT\]abb&'WXX44S9G !"*+;"<"C ,,{C0 0 0  ' ' ,O<@* 1  ' ' ,   3s3x(d23sM6E!M7AL, L% A;L,L( L,!B)L, L* L,M$M6%L,(L,*L,,MMM3M..M33M6cK|j}|j}|j}d|d|j}ddt |dd}|j ||d{y7w)z(Authenticate using SASL PLAIN (RFC 4616)r)PLAINrN)r5r0r2r3rr?)rGrHr5r0r2r$rPs rb_authenticate_plainr2so   F##H##HhZtH:.668G'?  C ,,vs ###sA A*"A(#A*cK|j}|r|jryt||jj }|j d|d{y7w)z Authenticate using MONGODB-X509.Nr)r9r: _X509Contextrspeculate_commandr?)rGrHrLrPs rb_authenticate_x509rAsM --C s&&( {DLL 1 C C EC ,,{C (((sAA#A!A#cK|j}|j}|j}|j|ddid{}|d}t |||}d|||d}|j||d{y787w)zAuthenticate using MONGODB-CR.getnoncer)NrM) authenticaterrMkey)r5r0r2r?rn) rGrHr5r0r2rrMrquerys rb_authenticate_mongo_crrLs   F##H##H\\&:q/::H W E E8X .C5 ME ,,vu %%% ; &s!r)selfrGrs rb__init__z_AuthContext.__init__|s&EI% r/cttj|j}|rtt|||Syr)_SPECULATIVE_AUTH_MAPrrIr r)credsrspec_clss rbfrom_credentialsz_AuthContext.from_credentialss2),,U__=  hug&>? ?r/ctr)NotImplementedErrorrs rbrz_AuthContext.speculate_commands!!r/c&|j|_yr)r>)rhellos rbparse_responsez_AuthContext.parse_responses(-(F(F%r/c,t|jSr)boolr>rs rbr:z _AuthContext.speculate_succeededsD1122r/N)rGrrtuple[str, int]returnNone)rrrrrzOptional[_AuthContext]rz"Optional[MutableMapping[str, Any]])rzHello[Mapping[str, Any]]rr)rr) __name__ __module__ __qualname__r staticmethodrrrr:r/rbrr{sC )8 "G3r/rc8eZdZ dfd ZddZxZS)r<cBt|||d|_||_yr)superrr=rI)rrGrrI __class__s rbrz_ScramContext.__init__s" g.9="r/ct|j|j\}}}|jj|d<||f|_|SNdb)rrGrIr5r=)rrMrNrPs rbrz_ScramContext.speculate_commandsE!:4;K;KT^^!\z3$$++D  *- r/)rGrrrrIrerrr)rrrrr __classcell__)rs@rbr<r<s-#*#5D#QT# #r/r<ceZdZddZy)rcnddd}|jj|jj|d<|S)Nr)r)rrIr)rGr0)rrPs rbrz_X509Context.speculate_commands8 ~>    $ $ 0**33CK r/N)rzMutableMapping[str, Any]rrrrrr/rbrrsr/rceZdZddZy) _OIDCContextct|j|j}|j}|y|jj|d<|Sr)rrGrget_spec_auth_cmdr5)r authenticatorrPs rbrz_OIDCContext.speculate_commandsH*4+;+;T\\J --/ ;$$++D  r/Nrrrr/rbrrsr/r)rrr rrzMapping[str, Any]rcK|j}t|}|dk(rt|||d{y|||d{y77w)zAuthenticate connection.rN)rIrr)rGrHreauthenticaterI auth_funcs rbrrsQ%%I)$IN" dNCCC T*** D*s +A AA AA A )rGrrHrrIrerr)r0rer2rerre)rMrer0rer2rerre)rxrerre)rGrrHrrr)F)rGrrHrrrrr)G__doc__ __future__r functoolsr1r7rpbase64rrtypingrrrr r r r r urllib.parser bson.binaryrpymongo.asynchronous.auth_awsrpymongo.asynchronous.auth_oidcrrpymongo.auth_sharedrrrrpymongo.errorsrrpymongo.saslpreprpymongo.asynchronous.poolr pymongo.hellorrr winkerberosrtuplemapr@ __version__r ImportError_IS_SYNCrcr4rnrrrrrrpartialr__annotations__rr<rrrrrr/rbr s" 9   ; @%9#  " Sh**005bq9 :;vE RL RL(7RLDGRL RLj  l3^ $) &K(#(&$& $9$$%8MR&Y&&':oV$ E A 332L"<<!$9$$]mL&Y&&}P  y  /J ,(QV +  +(7 +IM +  +G   s6=4FF+FF+F%"F+$F%%F+*F+