+\h@ JUdZddlmZddlZddlZddlZddlZddlmZm Z ddl m Z m Z m Z mZmZmZmZddlmZddlmZddlmZmZmZmZdd lmZmZdd lmZdd l m!Z!dd l"m#Z#m$Z$dd l%m&Z&e r ddl'm(Z(ddl)m*Z*dZ+dZ, ddl-Z.e/e0e1e.jdjgddddk\rdZ,dZ5d/dZ6d0dZ7d1dZ8d2dZ9d3dZ:d3dZ;d3dZ*>?FFwO   F   E IIE --C s&&(#}---~~)))NNz**!:; !Rz3ll63' ??y>L "< 0FVD\"JDLMM $>@J-d:z.JKKL99m\:;L#E*h $J$Q$Q$STJ./,' C ,,vs #C "3y> 2F   vd|Z 8FGG v;!"23c{  ll63'6{"#JK K r/cNt|ts tdt|dk(r t dt|tstdt |t j}|d|}|j|jd|jS)z0Get a password digest to use for authentication.z#password must be an instance of strrzpassword can't be emptyz)username must be an instance of str, not z:mongo:r") r;str TypeErrorlen ValueErrortyper1md5updater3 hexdigest)r0r2md5hashrBs rbr4r4s h $=>> 8}233 h $CDNCSTUUkkmGZwxj )D NN4;;w'(    r/ct||}tj}|||}|j|j d|j S)z*Get an auth key to use for authentication.r")r4r1rjrkr3rl)rMr0r2rDrmrBs rb _auth_keyrosO h 1FkkmGWXJvh 'D NN4;;w'(    r/cf|dvr|St|dddtjtjd\}}}}}|dk(r|j S tj |tj }|dj S#tj$r|j cYSwxYw)z2Canonicalize hostname following MIT-krb5 behavior.)FnoneNr)familyriprotoflagsforward)rsocket IPPROTO_TCP AI_CANONNAMElower getnameinfo NI_NAMEREQDgaierror)hostnameoptionafsocktypers canonnamesockaddrnames rb_canonicalize_hostnamers    $$%%   0 ,B%H  !!!(F,>,>? 7==? ??!  !s$B #B0/B0cts td |j}|j}|j}|j xs|j d}t||j}|jdz|z}|j|dz|jz}|trOdjt|t|f}tj||tj \}} nrd|vr|j#dd\} } n|d} } tj|tj | | |\}} n(tj|tj \}} |tj$k7r t'd  tj(| d dk7r t'd tj*| } dd | dd } |j-d| }t/dD]}}tj(| t1|d}|dk(r t'd tj*| xsd } d|d| d} |j-d| }|tj$k(s}n t'dtj2| t1|ddk7r t'dtj4| tj*| |dk7r t'dtj*| } d|d| d} |j-d| tj6| y#tj6| wxYw#tj8$r}t't1|dd}~wwxYw)zAuthenticate using GSSAPI.zEThe "kerberos" module must be installed to use GSSAPI authentication.r@N:)gssflagsr))ruserdomainr2z&Kerberos context failed to initialize.z*Unknown kerberos failure in step function.GSSAPI saslStartrIr$ autoAuthorize $external r$r*r+z+Kerberos authentication failed to complete.z0Unknown kerberos failure during GSS_Unwrap step.z.Unknown kerberos failure during GSS_Wrap step.) HAVE_KERBEROSrr0r2mechanism_properties service_hostaddressrcanonicalize_host_name service_name service_realm_USE_PRINCIPALrEr kerberosauthGSSClientInitGSS_C_MUTUAL_FLAGsplitAUTH_GSS_COMPLETErauthGSSClientStepauthGSSClientResponser?rangereauthGSSClientUnwrapauthGSSClientWrapauthGSSClientCleanKrbError)rGrHr0r2propshostservice principalresultrLrrr$rPresponse_excs rb_authenticate_gssapirsF  S  d3''''00!!4T\\!_%dE,H,HI$$s*T1    *me&9&99G   HHeHouX%GH &88Y1K1K (?#+>>#q#9LD&#+T&D&88%77!%  #44WxGaGabKFC X// /"#KL L: - ))#r2a7&'STT 44S9G%"!" C ||K5H2Y V!33CXi=P9QRR<*+WXX"88=C%&&./?&@&  << S9X777 V"''TUU++CXi5H1IJaO&'YZZ))#x/M/Mc/RT\]abb&'WXX44S9G !"*+;"<"C LLc *  ' ' ,H ' ' ,   3s3x(d23s8E.L2CLB&LL2L//L22MMMc|j}|j}|j}d|d|j}ddt |dd}|j ||y)z(Authenticate using SASL PLAIN (RFC 4616)r)PLAINrN)r5r0r2r3rr?)rGrHr5r0r2r$rPs rb_authenticate_plainr=se   F##H##HhZtH:.668G'?  C  LLr/c|j}|r|jryt||jj }|j d|y)z Authenticate using MONGODB-X509.Nr)r9r: _X509Contextrspeculate_commandr?)rGrHrLrPs rb_authenticate_x509rLsC --C s&&( {DLL 1 C C ECLLc"r/cR|jdk\r|jr |j}nU|j}|j}|dz|jz|d<|j ||dj dg}d|vr t||dSt||dSt||dS)NrsaslSupportedMechsF)publish_eventsr SCRAM-SHA-1)max_wire_versionnegotiated_mechsr5 hello_cmdr0r?getrc)rGrHmechsr5rPs rb_authenticate_defaultrWs !  ))E ''F.."C(. {7K7K(KC$ %\\&#e\DIIJ^`bcE e #&{D/J J&{D-H H";mDDr/r)rIr )r MONGODB-X509z MONGODB-AWS MONGODB-OIDCrrr DEFAULTz!Mapping[str, Callable[..., None]] _AUTH_MAPcJeZdZddZe ddZd dZd dZd dZy) _AuthContextc.||_d|_||_yN)rGr>r)selfrGrs rb__init__z_AuthContext.__init__us&EI% r/cttj|j}|rtt|||Syr)_SPECULATIVE_AUTH_MAPrrIr r)credsrspec_clss rbfrom_credentialsz_AuthContext.from_credentialszs2),,U__=  hug&>? ?r/ctr)NotImplementedErrorrs rbrz_AuthContext.speculate_commands!!r/c&|j|_yr)r>)rhellos rbparse_responsez_AuthContext.parse_responses(-(F(F%r/c,t|jSr)boolr>rs rbr:z _AuthContext.speculate_succeededsD1122r/N)rGrrtuple[str, int]returnNone)rrrrrzOptional[_AuthContext]rz"Optional[MutableMapping[str, Any]])rzHello[Mapping[str, Any]]rr)rr) __name__ __module__ __qualname__r staticmethodrrrr:r/rbrrtsC )8 "G3r/rc8eZdZ dfd ZddZxZS)r<cBt|||d|_||_yr)superrr=rI)rrGrrI __class__s rbrz_ScramContext.__init__s" g.9="r/ct|j|j\}}}|jj|d<||f|_|SNdb)rrGrIr5r=)rrMrNrPs rbrz_ScramContext.speculate_commandsE!:4;K;KT^^!\z3$$++D  *- r/)rGrrrrIrerrr)rrrrr __classcell__)rs@rbr<r<s-#*#5D#QT# #r/r<ceZdZddZy)rcnddd}|jj|jj|d<|S)Nr)r) authenticaterIr)rGr0)rrPs rbrz_X509Context.speculate_commands8 ~>    $ $ 0**33CK r/N)rzMutableMapping[str, Any]rrrrrr/rbrrsr/rceZdZddZy) _OIDCContextct|j|j}|j}|y|jj|d<|Sr)rrGrget_spec_auth_cmdr5)r authenticatorrPs rbrz_OIDCContext.speculate_commandsH*4+;+;T\\J --/ ;$$++D  r/Nrrrr/rbrrsr/r)rrr rrzMapping[str, Any]rcf|j}t|}|dk(rt|||y|||y)zAuthenticate connection.rN)rIrr)rGrHreauthenticaterI auth_funcs rbrrs7%%I)$IN";n=+t$r/)rGrrHrrIrerr)r0rer2rerre)rMrer0rer2rerre)r}rer~z str | boolrre)rGrrHrrr)F)rGrrHrrrrr)G__doc__ __future__r functoolsr1r7rvbase64rrtypingrrrr r r r urllib.parser bson.binaryrpymongo.auth_sharedrrrrpymongo.errorsrrpymongo.saslpreprpymongo.synchronous.auth_awsrpymongo.synchronous.auth_oidcrrpymongo.synchronous.helpersr pymongo.hellorpymongo.synchronous.poolrrr winkerberosrtuplemapr@ __version__r ImportError_IS_SYNCrcr4rorrrrrpartialr__annotations__rr<rrrrrr/rbrs" 9 @%:5#3  " Sh**005bq9 :;vE PLf :k3\ #E$#&$& $9$$%8MR&Y&&':oV$ 0 , 332L"<<!$9$$]mL&Y&&}P  y  /J ,(LQ %  %(2 %DH %  %y   s64FF" FF"FF"FF"!F"