+\hA ^UdZddlmZddlZddlZddlZddlZddlmZm Z ddl m Z m Z m Z mZmZmZmZmZddlmZddlmZddlmZdd lmZmZdd lmZdd lmZm Z m!Z!m"Z"dd l#m$Z$m%Z%dd l&m'Z'e r ddl(m)Z)ddl*m+Z+dZ,dZ- ddl.Z/e0e1e2e/jfjiddddk\rdZ-dZ6 d/dZ7d0dZ8d1dZ9d2dZ:d3dZ;d3dZe;e=eee<ej~e7dej~e7de>d Z@d!eAd"<Gd#d$ZBGd%d&eBZCGd'd(eBZDGd)d*eBZEeDej~eCdej~eCdeEej~eCdd+ZFd,eAd-< d4 d5d.ZGy#e5$r ddl/Z/n #e5$rdZ,YnwxYwYwxYw)6zAuthentication helpers.) annotationsN)standard_b64decodestandard_b64encode) TYPE_CHECKINGAnyCallable CoroutineMappingMutableMappingOptionalcast)quote)Binary)_authenticate_aws)_authenticate_oidc_get_authenticator) _getaddrinfo)MongoCredential_authenticate_scram_start_parse_scram_response_xor)ConfigurationErrorOperationFailure)saslprep)AsyncConnection)HelloTF.)rcK|j}|dk(r7d}tj}t|jj d}n7d}tj }t||jj d}|j}|j}tj} |j} | rL| jr*>?FFwO   F   E IIE --C s&&(#}---~~)))NNz**!:; !Rz3LL-- ??y>L "< 0FVD\"JDLMM $>@J-d:z.JKKL99m\:;L#E*h $J$Q$Q$STJ./,' C  VS) )C "3y> 2F   vd|Z 8FGG v;!"23c{  LL--6{"#JK K _.N *.s8D'M)M*F#M M A"M0M 1M M McNt|ts tdt|dk(r t dt|tstdt |t j}|d|}|j|jd|jS)z0Get a password digest to use for authentication.z#password must be an instance of strrzpassword can't be emptyz)username must be an instance of str, not z:mongo:r#) r<str TypeErrorlen ValueErrortyper2md5updater4 hexdigest)r1r3md5hashrCs rcr5r5s h $=>> 8}233 h $CDNCSTUUkkmGZwxj )D NN4;;w'(    r0ct||}tj}|||}|j|j d|j S)z*Get an auth key to use for authentication.r#)r5r2rkrlr4rm)rNr1r3rErnrCs rc _auth_keyrpsO h 1FkkmGWXJvh 'D NN4;;w'(    r0cK|dvr|St|dddtjtjd{d\}}}}}|dk(r|j S tj |tj }|dj S7Z#tj$r|j cYSwxYww)z2Canonicalize hostname following MIT-krb5 behavior.)FnoneNr)familyrjprotoflagsforward)rsocket IPPROTO_TCP AI_CANONNAMElower getnameinfo NI_NAMEREQDgaierror)hostnameoptionafsocktypert canonnamesockaddrnames rc_canonicalize_hostnamers   $$%%    0 ,B%H  !!!(F,>,>? 7==?' ??!  !s37B?B"B?$BB?#B<9B?;B<<B?c Kts td |j}|j}|j}|j xs|j d}t||jd{}|jdz|z}|j|dz|jz}|trOdjt|t|f}tj||tj \}} nrd|vr|j#dd\} } n|d} } tj|tj | | |\}} n(tj|tj \}} |tj$k7r t'd  tj(| d dk7r t'd tj*| } dd | dd } |j-d| d{}t/dD]}tj(| t1|d}|dk(r t'd tj*| xsd } d|d| d} |j-d| d{}|tj$k(sn t'dtj2| t1|ddk7r t'dtj4| tj*| |dk7r t'dtj*| } d|d| d} |j-d| d{tj6| y77\77"#tj6| wxYw#tj8$r}t't1|dd}~wwxYww)zAuthenticate using GSSAPI.zEThe "kerberos" module must be installed to use GSSAPI authentication.rN@:)gssflagsr*)ruserdomainr3z&Kerberos context failed to initialize.z*Unknown kerberos failure in step function.GSSAPI saslStartrJr% autoAuthorize $external r%r+r,z+Kerberos authentication failed to complete.z0Unknown kerberos failure during GSS_Unwrap step.z.Unknown kerberos failure during GSS_Wrap step.) HAVE_KERBEROSrr1r3mechanism_properties service_hostaddressrcanonicalize_host_name service_name service_realm_USE_PRINCIPALrFrkerberosauthGSSClientInitGSS_C_MUTUAL_FLAGsplitAUTH_GSS_COMPLETErauthGSSClientStepauthGSSClientResponser@rangerfauthGSSClientUnwrapauthGSSClientWrapauthGSSClientCleanKrbError)rHrIr1r3propshostservice principalresultrMrrr%rQresponse_excs rc_authenticate_gssapirsv  S  d3''''00!!4T\\!_+D%2N2NOO$$s*T1    *me&9&99G   HHeHouX%GH &88Y1K1K (?#+>>#q#9LD&#+T&D&88%77!%  #44WxGaGabKFC X// /"#KL L: - ))#r2a7&'STT 44S9G%"!" C "\\+s;;H2Y V!33CXi=P9QRR<*+WXX"88=C%&&./?&@& "&k3!??X777 V"''TUU++CXi5H1IJaO&'YZZ))#x/M/Mc/RT\]abb&'WXX44S9G !"*+;"<"C ,,{C0 0 0  ' ' ,uPf<@* 1  ' ' ,   3s3x(d23sNAM/L:0DM AM!L="A;MMM6B)MM M$M9N:M=MMMMMN 1NN  NcK|j}|j}|j}d|d|j}ddt |dd}|j ||d{y7w)z(Authenticate using SASL PLAIN (RFC 4616)r*PLAINrN)r6r1r3r4rr@)rHrIr6r1r3r%rQs rc_authenticate_plainr@so   F##H##HhZtH:.668G'?  C ,,vs ###sA A*"A(#A*cK|j}|r|jryt||jj }|j d|d{y7w)z Authenticate using MONGODB-X509.Nr)r:r; _X509Contextrspeculate_commandr@)rHrIrMrQs rc_authenticate_x509rOsM --C s&&( {DLL 1 C C EC ,,{C (((sAA#A!A#cK|jdk\r|jr |j}n]|j}|j}|dz|jz|d<|j ||dd{j dg}d|vrt||dd{St||dd{St||dd{S7W7077 w)NrsaslSupportedMechsF)publish_eventsr! SCRAM-SHA-1)max_wire_versionnegotiated_mechsr6 hello_cmdr1r@getrd)rHrImechsr6rQs rc_authenticate_defaultrZs !  ))E ''F.."C(. {7K7K(KC$ %<<E<JJOO$bE e #,[$PP P,[$ NN N(dMJJJKQNJsHA1C3C 4(CC C1C2CCC CCCr)rJr!)r MONGODB-X509z MONGODB-AWS MONGODB-OIDCrrr!DEFAULTz6Mapping[str, Callable[..., Coroutine[Any, Any, None]]] _AUTH_MAPcJeZdZddZe ddZd dZd dZd dZy) _AuthContextc.||_d|_||_yN)rHr?r)selfrHrs rc__init__z_AuthContext.__init__zs&EI% r0cttj|j}|rtt|||Syr)_SPECULATIVE_AUTH_MAPrrJr r)credsrspec_clss rcfrom_credentialsz_AuthContext.from_credentialss2),,U__=  hug&>? ?r0ctr)NotImplementedErrorrs rcrz_AuthContext.speculate_commands!!r0c&|j|_yr)r?)rhellos rcparse_responsez_AuthContext.parse_responses(-(F(F%r0c,t|jSr)boolr?rs rcr;z _AuthContext.speculate_succeededsD1122r0N)rHrrtuple[str, int]returnNone)rrrrrzOptional[_AuthContext]rz"Optional[MutableMapping[str, Any]])rzHello[Mapping[str, Any]]rr)rr) __name__ __module__ __qualname__r staticmethodrrrr;r0rcrrysC )8 "G3r0rc8eZdZ dfd ZddZxZS)r=cBt|||d|_||_yr)superrr>rJ)rrHrrJ __class__s rcrz_ScramContext.__init__s" g.9="r0ct|j|j\}}}|jj|d<||f|_|SNdb)rrHrJr6r>)rrNrOrQs rcrz_ScramContext.speculate_commandsE!:4;K;KT^^!\z3$$++D  *- r0)rHrrrrJrfrrr)rrrrr __classcell__)rs@rcr=r=s-#*#5D#QT# #r0r=ceZdZddZy)rcnddd}|jj|jj|d<|S)Nr*r) authenticaterJr)rHr1)rrQs rcrz_X509Context.speculate_commands8 ~>    $ $ 0**33CK r0N)rzMutableMapping[str, Any]rrrrrr0rcrrsr0rceZdZddZy) _OIDCContextct|j|j}|j}|y|jj|d<|Sr)rrHrget_spec_auth_cmdr6)r authenticatorrQs rcrz_OIDCContext.speculate_commandsH*4+;+;T\\J --/ ;$$++D  r0Nrrrr0rcrrsr0r)rrr!rrzMapping[str, Any]rcK|j}t|}|dk(rt|||d{y|||d{y77w)zAuthenticate connection.rN)rJrr)rHrIreauthenticaterJ auth_funcs rcrrsQ%%I)$IN" dNCCC T*** D*s +A AA AA A )rHrrIrrJrfrr)r1rfr3rfrrf)rNrfr1rfr3rfrrf)r~rfrz str | boolrrf)rHrrIrrr)F)rHrrIrrrrr)H__doc__ __future__r functoolsr2r8rwbase64rrtypingrrrr r r r r urllib.parser bson.binaryrpymongo.asynchronous.auth_awsrpymongo.asynchronous.auth_oidcrrpymongo.asynchronous.helpersrpymongo.auth_sharedrrrrpymongo.errorsrrpymongo.saslpreprpymongo.asynchronous.poolr pymongo.hellorrr winkerberosrtuplemaprA __version__r ImportError_IS_SYNCrdr5rprrrrrpartialr__annotations__rr=rrrrrr0rcrs" 9   ;6 @%9#  " Sh**005bq9 :;vE RL RL(7RLDGRL RLj :k3\ $)K(#&$& $9$$%8MR&Y&&':oV$ E A 332L"<<!$9$$]mL&Y&&}P  y  /J ,(QV +  +(7 +IM +  +A   s64FF,FF,F&#F,%F&&F,+F,