File manager

File manager - Edit - /home/newsbmcs.com/public_html/static/img/logo/conch.tar

Back
checkers.py��0000644��00000045736�15027667726�0006746 0��ustar�00��# -- test-case-name: twisted.conch.test.test_checkers -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Provide L{ICredentialsChecker} implementations to be used in Conch protocols. """ import binascii import errno import sys from base64 import decodebytes from typing import BinaryIO, Callable, Iterator try: import pwd as _pwd except ImportError: pwd = None else: pwd = _pwd try: import spwd as _spwd except ImportError: spwd = None else: spwd = _spwd from zope.interface import Interface, implementer, providedBy from incremental import Version from twisted.conch import error from twisted.conch.ssh import keys from twisted.cred.checkers import ICredentialsChecker from twisted.cred.credentials import ISSHPrivateKey, IUsernamePassword from twisted.cred.error import UnauthorizedLogin, UnhandledCredentials from twisted.internet import defer from twisted.logger import Logger from twisted.plugins.cred_unix import verifyCryptedPassword from twisted.python import failure, reflect from twisted.python.deprecate import deprecatedModuleAttribute from twisted.python.filepath import FilePath from twisted.python.util import runAsEffectiveUser _log = Logger() def _pwdGetByName(username): """ Look up a user in the /etc/passwd database using the pwd module. If the pwd module is not available, return None. @param username: the username of the user to return the passwd database information for. @type username: L{str} """ if pwd is None: return None return pwd.getpwnam(username) def _shadowGetByName(username): """ Look up a user in the /etc/shadow database using the spwd module. If it is not available, return L{None}. @param username: the username of the user to return the shadow database information for. @type username: L{str} """ if spwd is not None: f = spwd.getspnam else: return None return runAsEffectiveUser(0, 0, f, username) @implementer(ICredentialsChecker) class UNIXPasswordDatabase: """ A checker which validates users out of the UNIX password databases, or databases of a compatible format. @ivar _getByNameFunctions: a C{list} of functions which are called in order to valid a user. The default value is such that the C{/etc/passwd} database will be tried first, followed by the C{/etc/shadow} database. """ credentialInterfaces = (IUsernamePassword,) def __init__(self, getByNameFunctions=None): if getByNameFunctions is None: getByNameFunctions = [_pwdGetByName, _shadowGetByName] self._getByNameFunctions = getByNameFunctions def requestAvatarId(self, credentials): # We get bytes, but the Py3 pwd module uses str. So attempt to decode # it using the same method that CPython does for the file on disk. username = credentials.username.decode(sys.getfilesystemencoding()) password = credentials.password.decode(sys.getfilesystemencoding()) for func in self._getByNameFunctions: try: pwnam = func(username) except KeyError: return defer.fail(UnauthorizedLogin("invalid username")) else: if pwnam is not None: crypted = pwnam[1] if crypted == "": continue if verifyCryptedPassword(crypted, password): return defer.succeed(credentials.username) # fallback return defer.fail(UnauthorizedLogin("unable to verify password")) @implementer(ICredentialsChecker) class SSHPublicKeyDatabase: """ Checker that authenticates SSH public keys, based on public keys listed in authorized_keys and authorized_keys2 files in user .ssh/ directories. """ credentialInterfaces = (ISSHPrivateKey,) _userdb = pwd def requestAvatarId(self, credentials): d = defer.maybeDeferred(self.checkKey, credentials) d.addCallback(self._cbRequestAvatarId, credentials) d.addErrback(self._ebRequestAvatarId) return d def _cbRequestAvatarId(self, validKey, credentials): """ Check whether the credentials themselves are valid, now that we know if the key matches the user. @param validKey: A boolean indicating whether or not the public key matches a key in the user's authorized_keys file. @param credentials: The credentials offered by the user. @type credentials: L{ISSHPrivateKey} provider @raise UnauthorizedLogin: (as a failure) if the key does not match the user in C{credentials}. Also raised if the user provides an invalid signature. @raise ValidPublicKey: (as a failure) if the key matches the user but the credentials do not include a signature. See L{error.ValidPublicKey} for more information. @return: The user's username, if authentication was successful. """ if not validKey: return failure.Failure(UnauthorizedLogin("invalid key")) if not credentials.signature: return failure.Failure(error.ValidPublicKey()) else: try: pubKey = keys.Key.fromString(credentials.blob) if pubKey.verify(credentials.signature, credentials.sigData): return credentials.username except Exception: # any error should be treated as a failed login _log.failure("Error while verifying key") return failure.Failure(UnauthorizedLogin("error while verifying key")) return failure.Failure(UnauthorizedLogin("unable to verify key")) def getAuthorizedKeysFiles(self, credentials): """ Return a list of L{FilePath} instances for I{authorized_keys} files which might contain information about authorized keys for the given credentials. On OpenSSH servers, the default location of the file containing the list of authorized public keys is U{$HOME/.ssh/authorized_keys<http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config>}. I{$HOME/.ssh/authorized_keys2} is also returned, though it has been U{deprecated by OpenSSH since 2001<http://marc.info/?m=100508718416162>}. @return: A list of L{FilePath} instances to files with the authorized keys. """ pwent = self._userdb.getpwnam(credentials.username) root = FilePath(pwent.pw_dir).child(".ssh") files = ["authorized_keys", "authorized_keys2"] return [root.child(f) for f in files] def checkKey(self, credentials): """ Retrieve files containing authorized keys and check against user credentials. """ ouid, ogid = self._userdb.getpwnam(credentials.username)[2:4] for filepath in self.getAuthorizedKeysFiles(credentials): if not filepath.exists(): continue try: lines = filepath.open() except OSError as e: if e.errno == errno.EACCES: lines = runAsEffectiveUser(ouid, ogid, filepath.open) else: raise with lines: for l in lines: l2 = l.split() if len(l2) < 2: continue try: if decodebytes(l2[1]) == credentials.blob: return True except binascii.Error: continue return False def _ebRequestAvatarId(self, f): if not f.check(UnauthorizedLogin): _log.error( "Unauthorized login due to internal error: {error}", error=f.value ) return failure.Failure(UnauthorizedLogin("unable to get avatar id")) return f @implementer(ICredentialsChecker) class SSHProtocolChecker: """ SSHProtocolChecker is a checker that requires multiple authentications to succeed. To add a checker, call my registerChecker method with the checker and the interface. After each successful authenticate, I call my areDone method with the avatar id. To get a list of the successful credentials for an avatar id, use C{SSHProcotolChecker.successfulCredentials[avatarId]}. If L{areDone} returns True, the authentication has succeeded. """ def __init__(self): self.checkers = {} self.successfulCredentials = {} @property def credentialInterfaces(self): return list(self.checkers.keys()) def registerChecker(self, checker, credentialInterfaces): if not credentialInterfaces: credentialInterfaces = checker.credentialInterfaces for credentialInterface in credentialInterfaces: self.checkers[credentialInterface] = checker def requestAvatarId(self, credentials): """ Part of the L{ICredentialsChecker} interface. Called by a portal with some credentials to check if they'll authenticate a user. We check the interfaces that the credentials provide against our list of acceptable checkers. If one of them matches, we ask that checker to verify the credentials. If they're valid, we call our L{_cbGoodAuthentication} method to continue. @param credentials: the credentials the L{Portal} wants us to verify """ ifac = providedBy(credentials) for i in ifac: c = self.checkers.get(i) if c is not None: d = defer.maybeDeferred(c.requestAvatarId, credentials) return d.addCallback(self._cbGoodAuthentication, credentials) return defer.fail( UnhandledCredentials( "No checker for %s" % ", ".join(map(reflect.qual, ifac)) ) ) def _cbGoodAuthentication(self, avatarId, credentials): """ Called if a checker has verified the credentials. We call our L{areDone} method to see if the whole of the successful authentications are enough. If they are, we return the avatar ID returned by the first checker. """ if avatarId not in self.successfulCredentials: self.successfulCredentials[avatarId] = [] self.successfulCredentials[avatarId].append(credentials) if self.areDone(avatarId): del self.successfulCredentials[avatarId] return avatarId else: raise error.NotEnoughAuthentication() def areDone(self, avatarId): """ Override to determine if the authentication is finished for a given avatarId. @param avatarId: the avatar returned by the first checker. For this checker to function correctly, all the checkers must return the same avatar ID. """ return True deprecatedModuleAttribute( Version("Twisted", 15, 0, 0), ( "Please use twisted.conch.checkers.SSHPublicKeyChecker, " "initialized with an instance of " "twisted.conch.checkers.UNIXAuthorizedKeysFiles instead." ), __name__, "SSHPublicKeyDatabase", ) class IAuthorizedKeysDB(Interface): """ An object that provides valid authorized ssh keys mapped to usernames. @since: 15.0 """ def getAuthorizedKeys(avatarId): """ Gets an iterable of authorized keys that are valid for the given C{avatarId}. @param avatarId: the ID of the avatar @type avatarId: valid return value of L{twisted.cred.checkers.ICredentialsChecker.requestAvatarId} @return: an iterable of L{twisted.conch.ssh.keys.Key} """ def readAuthorizedKeyFile( fileobj: BinaryIO, parseKey: Callable[[bytes], keys.Key] = keys.Key.fromString ) -> Iterator[keys.Key]: """ Reads keys from an authorized keys file. Any non-comment line that cannot be parsed as a key will be ignored, although that particular line will be logged. @param fileobj: something from which to read lines which can be parsed as keys @param parseKey: a callable that takes bytes and returns a L{twisted.conch.ssh.keys.Key}, mainly to be used for testing. The default is L{twisted.conch.ssh.keys.Key.fromString}. @return: an iterable of L{twisted.conch.ssh.keys.Key} @since: 15.0 """ for line in fileobj: line = line.strip() if line and not line.startswith(b"#"): # for comments try: yield parseKey(line) except keys.BadKeyError as e: _log.error( "Unable to parse line {line!r} as a key: {error!s}", line=line, error=e, ) def _keysFromFilepaths(filepaths, parseKey): """ Helper function that turns an iterable of filepaths into a generator of keys. If any file cannot be read, a message is logged but it is otherwise ignored. @param filepaths: iterable of L{twisted.python.filepath.FilePath}. @type filepaths: iterable @param parseKey: a callable that takes a string and returns a L{twisted.conch.ssh.keys.Key} @type parseKey: L{callable} @return: generator of L{twisted.conch.ssh.keys.Key} @rtype: generator @since: 15.0 """ for fp in filepaths: if fp.exists(): try: with fp.open() as f: yield from readAuthorizedKeyFile(f, parseKey) except OSError as e: _log.error("Unable to read {path!r}: {error!s}", path=fp.path, error=e) @implementer(IAuthorizedKeysDB) class InMemorySSHKeyDB: """ Object that provides SSH public keys based on a dictionary of usernames mapped to L{twisted.conch.ssh.keys.Key}s. @since: 15.0 """ def __init__(self, mapping): """ Initializes a new L{InMemorySSHKeyDB}. @param mapping: mapping of usernames to iterables of L{twisted.conch.ssh.keys.Key}s @type mapping: L{dict} """ self._mapping = mapping def getAuthorizedKeys(self, username): return self._mapping.get(username, []) @implementer(IAuthorizedKeysDB) class UNIXAuthorizedKeysFiles: """ Object that provides SSH public keys based on public keys listed in authorized_keys and authorized_keys2 files in UNIX user .ssh/ directories. If any of the files cannot be read, a message is logged but that file is otherwise ignored. @since: 15.0 """ def __init__(self, userdb=None, parseKey=keys.Key.fromString): """ Initializes a new L{UNIXAuthorizedKeysFiles}. @param userdb: access to the Unix user account and password database (default is the Python module L{pwd}) @type userdb: L{pwd}-like object @param parseKey: a callable that takes a string and returns a L{twisted.conch.ssh.keys.Key}, mainly to be used for testing. The default is L{twisted.conch.ssh.keys.Key.fromString}. @type parseKey: L{callable} """ self._userdb = userdb self._parseKey = parseKey if userdb is None: self._userdb = pwd def getAuthorizedKeys(self, username): try: passwd = self._userdb.getpwnam(username) except KeyError: return () root = FilePath(passwd.pw_dir).child(".ssh") files = ["authorized_keys", "authorized_keys2"] return _keysFromFilepaths((root.child(f) for f in files), self._parseKey) @implementer(ICredentialsChecker) class SSHPublicKeyChecker: """ Checker that authenticates SSH public keys, based on public keys listed in authorized_keys and authorized_keys2 files in user .ssh/ directories. Initializing this checker with a L{UNIXAuthorizedKeysFiles} should be used instead of L{twisted.conch.checkers.SSHPublicKeyDatabase}. @since: 15.0 """ credentialInterfaces = (ISSHPrivateKey,) def __init__(self, keydb): """ Initializes a L{SSHPublicKeyChecker}. @param keydb: a provider of L{IAuthorizedKeysDB} @type keydb: L{IAuthorizedKeysDB} provider """ self._keydb = keydb def requestAvatarId(self, credentials): d = defer.maybeDeferred(self._sanityCheckKey, credentials) d.addCallback(self._checkKey, credentials) d.addCallback(self._verifyKey, credentials) return d def _sanityCheckKey(self, credentials): """ Checks whether the provided credentials are a valid SSH key with a signature (does not actually verify the signature). @param credentials: the credentials offered by the user @type credentials: L{ISSHPrivateKey} provider @raise ValidPublicKey: the credentials do not include a signature. See L{error.ValidPublicKey} for more information. @raise BadKeyError: The key included with the credentials is not recognized as a key. @return: the key in the credentials @rtype: L{twisted.conch.ssh.keys.Key} """ if not credentials.signature: raise error.ValidPublicKey() return keys.Key.fromString(credentials.blob) def _checkKey(self, pubKey, credentials): """ Checks the public key against all authorized keys (if any) for the user. @param pubKey: the key in the credentials (just to prevent it from having to be calculated again) @type pubKey: @param credentials: the credentials offered by the user @type credentials: L{ISSHPrivateKey} provider @raise UnauthorizedLogin: If the key is not authorized, or if there was any error obtaining a list of authorized keys for the user. @return: C{pubKey} if the key is authorized @rtype: L{twisted.conch.ssh.keys.Key} """ if any( key == pubKey for key in self._keydb.getAuthorizedKeys(credentials.username) ): return pubKey raise UnauthorizedLogin("Key not authorized") def _verifyKey(self, pubKey, credentials): """ Checks whether the credentials themselves are valid, now that we know if the key matches the user. @param pubKey: the key in the credentials (just to prevent it from having to be calculated again) @type pubKey: L{twisted.conch.ssh.keys.Key} @param credentials: the credentials offered by the user @type credentials: L{ISSHPrivateKey} provider @raise UnauthorizedLogin: If the key signature is invalid or there was any error verifying the signature. @return: The user's username, if authentication was successful @rtype: L{bytes} """ try: if pubKey.verify(credentials.signature, credentials.sigData): return credentials.username except Exception as e: # Any error should be treated as a failed login raise UnauthorizedLogin("Error while verifying key") from e raise UnauthorizedLogin("Key signature invalid.") ��telnet.py��0000644��00000112246�15027667726�0006441 0��ustar�00��# -- test-case-name: twisted.conch.test.test_telnet -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Telnet protocol implementation. @author: Jean-Paul Calderone """ import struct from zope.interface import implementer from twisted.internet import defer, interfaces as iinternet, protocol from twisted.logger import Logger from twisted.python.compat import iterbytes def _chr(i: int) -> bytes: """Create a byte sequence of length 1. U{RFC 854<https://tools.ietf.org/html/rfc854>} specifies codes in decimal, but Python can only handle L{bytes} literals in octal or hexadecimal. This helper function bridges that gap. @param i: The value of the only byte in the sequence. """ return bytes((i,)) MODE = _chr(1) EDIT = 1 TRAPSIG = 2 MODE_ACK = 4 SOFT_TAB = 8 LIT_ECHO = 16 # Characters gleaned from the various (and conflicting) RFCs. Not all of these # are correct. NULL = _chr(0) # No operation. BEL = _chr(7) # Produces an audible or visible signal (which does NOT move the # print head). BS = _chr(8) # Moves the print head one character position towards the left # margin. HT = _chr(9) # Moves the printer to the next horizontal tab stop. It remains # unspecified how either party determines or establishes where such tab stops # are located. LF = _chr(10) # Moves the printer to the next print line, keeping the same # horizontal position. VT = _chr(11) # Moves the printer to the next vertical tab stop. It remains # unspecified how either party determines or establishes where such tab stops # are located. FF = _chr(12) # Moves the printer to the top of the next page, keeping the same # horizontal position. CR = _chr(13) # Moves the printer to the left margin of the current line. ECHO = _chr(1) # User-to-Server: Asks the server to send Echos of the # transmitted data. SGA = _chr(3) # Suppress Go Ahead. Go Ahead is silly and most modern servers # should suppress it. NAWS = _chr(31) # Negotiate About Window Size. Indicate that information about # the size of the terminal can be communicated. LINEMODE = _chr(34) # Allow line buffering to be negotiated about. EOR = _chr(239) # End of Record (RFC 885) SE = _chr(240) # End of subnegotiation parameters. NOP = _chr(241) # No operation. DM = _chr(242) # "Data Mark": The data stream portion of a Synch. This should # always be accompanied by a TCP Urgent notification. BRK = _chr(243) # NVT character Break. IP = _chr(244) # The function Interrupt Process. AO = _chr(245) # The function Abort Output AYT = _chr(246) # The function Are You There. EC = _chr(247) # The function Erase Character. EL = _chr(248) # The function Erase Line GA = _chr(249) # The Go Ahead signal. SB = _chr(250) # Indicates that what follows is subnegotiation of the indicated # option. WILL = _chr(251) # Indicates the desire to begin performing, or confirmation # that you are now performing, the indicated option. WONT = _chr(252) # Indicates the refusal to perform, or continue performing, # the indicated option. DO = _chr(253) # Indicates the request that the other party perform, or # confirmation that you are expecting the other party to perform, the indicated # option. DONT = _chr(254) # Indicates the demand that the other party stop performing, # or confirmation that you are no longer expecting the other party to perform, # the indicated option. IAC = _chr(255) # Data Byte 255. Introduces a telnet command. LINEMODE_MODE = _chr(1) LINEMODE_EDIT = _chr(1) LINEMODE_TRAPSIG = _chr(2) LINEMODE_MODE_ACK = _chr(4) LINEMODE_SOFT_TAB = _chr(8) LINEMODE_LIT_ECHO = _chr(16) LINEMODE_FORWARDMASK = _chr(2) LINEMODE_SLC = _chr(3) LINEMODE_SLC_SYNCH = _chr(1) LINEMODE_SLC_BRK = _chr(2) LINEMODE_SLC_IP = _chr(3) LINEMODE_SLC_AO = _chr(4) LINEMODE_SLC_AYT = _chr(5) LINEMODE_SLC_EOR = _chr(6) LINEMODE_SLC_ABORT = _chr(7) LINEMODE_SLC_EOF = _chr(8) LINEMODE_SLC_SUSP = _chr(9) LINEMODE_SLC_EC = _chr(10) LINEMODE_SLC_EL = _chr(11) LINEMODE_SLC_EW = _chr(12) LINEMODE_SLC_RP = _chr(13) LINEMODE_SLC_LNEXT = _chr(14) LINEMODE_SLC_XON = _chr(15) LINEMODE_SLC_XOFF = _chr(16) LINEMODE_SLC_FORW1 = _chr(17) LINEMODE_SLC_FORW2 = _chr(18) LINEMODE_SLC_MCL = _chr(19) LINEMODE_SLC_MCR = _chr(20) LINEMODE_SLC_MCWL = _chr(21) LINEMODE_SLC_MCWR = _chr(22) LINEMODE_SLC_MCBOL = _chr(23) LINEMODE_SLC_MCEOL = _chr(24) LINEMODE_SLC_INSRT = _chr(25) LINEMODE_SLC_OVER = _chr(26) LINEMODE_SLC_ECR = _chr(27) LINEMODE_SLC_EWR = _chr(28) LINEMODE_SLC_EBOL = _chr(29) LINEMODE_SLC_EEOL = _chr(30) LINEMODE_SLC_DEFAULT = _chr(3) LINEMODE_SLC_VALUE = _chr(2) LINEMODE_SLC_CANTCHANGE = _chr(1) LINEMODE_SLC_NOSUPPORT = _chr(0) LINEMODE_SLC_LEVELBITS = _chr(3) LINEMODE_SLC_ACK = _chr(128) LINEMODE_SLC_FLUSHIN = _chr(64) LINEMODE_SLC_FLUSHOUT = _chr(32) LINEMODE_EOF = _chr(236) LINEMODE_SUSP = _chr(237) LINEMODE_ABORT = _chr(238) class ITelnetProtocol(iinternet.IProtocol): def unhandledCommand(command, argument): """ A command was received but not understood. @param command: the command received. @type command: L{str}, a single character. @param argument: the argument to the received command. @type argument: L{str}, a single character, or None if the command that was unhandled does not provide an argument. """ def unhandledSubnegotiation(command, data): """ A subnegotiation command was received but not understood. @param command: the command being subnegotiated. That is, the first byte after the SB command. @type command: L{str}, a single character. @param data: all other bytes of the subneogation. That is, all but the first bytes between SB and SE, with IAC un-escaping applied. @type data: L{bytes}, each a single character """ def enableLocal(option): """ Enable the given option locally. This should enable the given option on this side of the telnet connection and return True. If False is returned, the option will be treated as still disabled and the peer will be notified. @param option: the option to be enabled. @type option: L{bytes}, a single character. """ def enableRemote(option): """ Indicate whether the peer should be allowed to enable this option. Returns True if the peer should be allowed to enable this option, False otherwise. @param option: the option to be enabled. @type option: L{bytes}, a single character. """ def disableLocal(option): """ Disable the given option locally. Unlike enableLocal, this method cannot fail. The option must be disabled. @param option: the option to be disabled. @type option: L{bytes}, a single character. """ def disableRemote(option): """ Indicate that the peer has disabled this option. @param option: the option to be disabled. @type option: L{bytes}, a single character. """ class ITelnetTransport(iinternet.ITransport): def do(option): """ Indicate a desire for the peer to begin performing the given option. Returns a Deferred that fires with True when the peer begins performing the option, or fails with L{OptionRefused} when the peer refuses to perform it. If the peer is already performing the given option, the Deferred will fail with L{AlreadyEnabled}. If a negotiation regarding this option is already in progress, the Deferred will fail with L{AlreadyNegotiating}. Note: It is currently possible that this Deferred will never fire, if the peer never responds, or if the peer believes the option to already be enabled. """ def dont(option): """ Indicate a desire for the peer to cease performing the given option. Returns a Deferred that fires with True when the peer ceases performing the option. If the peer is not performing the given option, the Deferred will fail with L{AlreadyDisabled}. If negotiation regarding this option is already in progress, the Deferred will fail with L{AlreadyNegotiating}. Note: It is currently possible that this Deferred will never fire, if the peer never responds, or if the peer believes the option to already be disabled. """ def will(option): """ Indicate our willingness to begin performing this option locally. Returns a Deferred that fires with True when the peer agrees to allow us to begin performing this option, or fails with L{OptionRefused} if the peer refuses to allow us to begin performing it. If the option is already enabled locally, the Deferred will fail with L{AlreadyEnabled}. If negotiation regarding this option is already in progress, the Deferred will fail with L{AlreadyNegotiating}. Note: It is currently possible that this Deferred will never fire, if the peer never responds, or if the peer believes the option to already be enabled. """ def wont(option): """ Indicate that we will stop performing the given option. Returns a Deferred that fires with True when the peer acknowledges we have stopped performing this option. If the option is already disabled locally, the Deferred will fail with L{AlreadyDisabled}. If negotiation regarding this option is already in progress, the Deferred will fail with L{AlreadyNegotiating}. Note: It is currently possible that this Deferred will never fire, if the peer never responds, or if the peer believes the option to already be disabled. """ def requestNegotiation(about, data): """ Send a subnegotiation request. @param about: A byte indicating the feature being negotiated. @param data: Any number of L{bytes} containing specific information about the negotiation being requested. No values in this string need to be escaped, as this function will escape any value which requires it. """ class TelnetError(Exception): pass class NegotiationError(TelnetError): def __str__(self) -> str: return ( self.__class__.__module__ + "." + self.__class__.__name__ + ":" + repr(self.args[0]) ) class OptionRefused(NegotiationError): pass class AlreadyEnabled(NegotiationError): pass class AlreadyDisabled(NegotiationError): pass class AlreadyNegotiating(NegotiationError): pass @implementer(ITelnetProtocol) class TelnetProtocol(protocol.Protocol): _log = Logger() def unhandledCommand(self, command, argument): pass def unhandledSubnegotiation(self, command, data): pass def enableLocal(self, option): pass def enableRemote(self, option): pass def disableLocal(self, option): pass def disableRemote(self, option): pass class Telnet(protocol.Protocol): """ @ivar commandMap: A mapping of bytes to callables. When a telnet command is received, the command byte (the first byte after IAC) is looked up in this dictionary. If a callable is found, it is invoked with the argument of the command, or None if the command takes no argument. Values should be added to this dictionary if commands wish to be handled. By default, only WILL, WONT, DO, and DONT are handled. These should not be overridden, as this class handles them correctly and provides an API for interacting with them. @ivar negotiationMap: A mapping of bytes to callables. When a subnegotiation command is received, the command byte (the first byte after SB) is looked up in this dictionary. If a callable is found, it is invoked with the argument of the subnegotiation. Values should be added to this dictionary if subnegotiations are to be handled. By default, no values are handled. @ivar options: A mapping of option bytes to their current state. This state is likely of little use to user code. Changes should not be made to it. @ivar state: A string indicating the current parse state. It can take on the values "data", "escaped", "command", "newline", "subnegotiation", and "subnegotiation-escaped". Changes should not be made to it. @ivar transport: This protocol's transport object. """ # One of a lot of things state = "data" def __init__(self): self.options = {} self.negotiationMap = {} self.commandMap = { WILL: self.telnet_WILL, WONT: self.telnet_WONT, DO: self.telnet_DO, DONT: self.telnet_DONT, } def _write(self, data): self.transport.write(data) class _OptionState: """ Represents the state of an option on both sides of a telnet connection. @ivar us: The state of the option on this side of the connection. @ivar him: The state of the option on the other side of the connection. """ class _Perspective: """ Represents the state of an option on side of the telnet connection. Some options can be enabled on a particular side of the connection (RFC 1073 for example: only the client can have NAWS enabled). Other options can be enabled on either or both sides (such as RFC 1372: each side can have its own flow control state). @ivar state: C{'yes'} or C{'no'} indicating whether or not this option is enabled on one side of the connection. @ivar negotiating: A boolean tracking whether negotiation about this option is in progress. @ivar onResult: When negotiation about this option has been initiated by this side of the connection, a L{Deferred} which will fire with the result of the negotiation. L{None} at other times. """ state = "no" negotiating = False onResult = None def __str__(self) -> str: return self.state + ("" * self.negotiating) def __init__(self): self.us = self._Perspective() self.him = self._Perspective() def __repr__(self) -> str: return f"<_OptionState us={self.us} him={self.him}>" def getOptionState(self, opt): return self.options.setdefault(opt, self._OptionState()) def _do(self, option): self._write(IAC + DO + option) def _dont(self, option): self._write(IAC + DONT + option) def _will(self, option): self._write(IAC + WILL + option) def _wont(self, option): self._write(IAC + WONT + option) def will(self, option): """ Indicate our willingness to enable an option. """ s = self.getOptionState(option) if s.us.negotiating or s.him.negotiating: return defer.fail(AlreadyNegotiating(option)) elif s.us.state == "yes": return defer.fail(AlreadyEnabled(option)) else: s.us.negotiating = True s.us.onResult = d = defer.Deferred() self._will(option) return d def wont(self, option): """ Indicate we are not willing to enable an option. """ s = self.getOptionState(option) if s.us.negotiating or s.him.negotiating: return defer.fail(AlreadyNegotiating(option)) elif s.us.state == "no": return defer.fail(AlreadyDisabled(option)) else: s.us.negotiating = True s.us.onResult = d = defer.Deferred() self._wont(option) return d def do(self, option): s = self.getOptionState(option) if s.us.negotiating or s.him.negotiating: return defer.fail(AlreadyNegotiating(option)) elif s.him.state == "yes": return defer.fail(AlreadyEnabled(option)) else: s.him.negotiating = True s.him.onResult = d = defer.Deferred() self._do(option) return d def dont(self, option): s = self.getOptionState(option) if s.us.negotiating or s.him.negotiating: return defer.fail(AlreadyNegotiating(option)) elif s.him.state == "no": return defer.fail(AlreadyDisabled(option)) else: s.him.negotiating = True s.him.onResult = d = defer.Deferred() self._dont(option) return d def requestNegotiation(self, about, data): """ Send a negotiation message for the option C{about} with C{data} as the payload. @param data: the payload @type data: L{bytes} @see: L{ITelnetTransport.requestNegotiation} """ data = data.replace(IAC, IAC * 2) self._write(IAC + SB + about + data + IAC + SE) def dataReceived(self, data): appDataBuffer = [] for b in iterbytes(data): if self.state == "data": if b == IAC: self.state = "escaped" elif b == b"\r": self.state = "newline" else: appDataBuffer.append(b) elif self.state == "escaped": if b == IAC: appDataBuffer.append(b) self.state = "data" elif b == SB: self.state = "subnegotiation" self.commands = [] elif b in (EOR, NOP, DM, BRK, IP, AO, AYT, EC, EL, GA): self.state = "data" if appDataBuffer: self.applicationDataReceived(b"".join(appDataBuffer)) del appDataBuffer[:] self.commandReceived(b, None) elif b in (WILL, WONT, DO, DONT): self.state = "command" self.command = b else: raise ValueError("Stumped", b) elif self.state == "command": self.state = "data" command = self.command del self.command if appDataBuffer: self.applicationDataReceived(b"".join(appDataBuffer)) del appDataBuffer[:] self.commandReceived(command, b) elif self.state == "newline": self.state = "data" if b == b"\n": appDataBuffer.append(b"\n") elif b == b"\0": appDataBuffer.append(b"\r") elif b == IAC: # IAC isn't really allowed after \r, according to the # RFC, but handling it this way is less surprising than # delivering the IAC to the app as application data. # The purpose of the restriction is to allow terminals # to unambiguously interpret the behavior of the CR # after reading only one more byte. CR LF is supposed # to mean one thing (cursor to next line, first column), # CR NUL another (cursor to first column). Absent the # NUL, it still makes sense to interpret this as CR and # then apply all the usual interpretation to the IAC. appDataBuffer.append(b"\r") self.state = "escaped" else: appDataBuffer.append(b"\r" + b) elif self.state == "subnegotiation": if b == IAC: self.state = "subnegotiation-escaped" else: self.commands.append(b) elif self.state == "subnegotiation-escaped": if b == SE: self.state = "data" commands = self.commands del self.commands if appDataBuffer: self.applicationDataReceived(b"".join(appDataBuffer)) del appDataBuffer[:] self.negotiate(commands) else: self.state = "subnegotiation" self.commands.append(b) else: raise ValueError("How'd you do this?") if appDataBuffer: self.applicationDataReceived(b"".join(appDataBuffer)) def connectionLost(self, reason): for state in self.options.values(): if state.us.onResult is not None: d = state.us.onResult state.us.onResult = None d.errback(reason) if state.him.onResult is not None: d = state.him.onResult state.him.onResult = None d.errback(reason) def applicationDataReceived(self, data): """ Called with application-level data. """ def unhandledCommand(self, command, argument): """ Called for commands for which no handler is installed. """ def commandReceived(self, command, argument): cmdFunc = self.commandMap.get(command) if cmdFunc is None: self.unhandledCommand(command, argument) else: cmdFunc(argument) def unhandledSubnegotiation(self, command, data): """ Called for subnegotiations for which no handler is installed. """ def negotiate(self, data): command, data = data[0], data[1:] cmdFunc = self.negotiationMap.get(command) if cmdFunc is None: self.unhandledSubnegotiation(command, data) else: cmdFunc(data) def telnet_WILL(self, option): s = self.getOptionState(option) self.willMap[s.him.state, s.him.negotiating](self, s, option) def will_no_false(self, state, option): # He is unilaterally offering to enable an option. if self.enableRemote(option): state.him.state = "yes" self._do(option) else: self._dont(option) def will_no_true(self, state, option): # Peer agreed to enable an option in response to our request. state.him.state = "yes" state.him.negotiating = False d = state.him.onResult state.him.onResult = None d.callback(True) assert self.enableRemote( option ), "enableRemote must return True in this context (for option {!r})".format( option ) def will_yes_false(self, state, option): # He is unilaterally offering to enable an already-enabled option. # Ignore this. pass def will_yes_true(self, state, option): # This is a bogus state. It is here for completeness. It will # never be entered. assert ( False ), "will_yes_true can never be entered, but was called with {!r}, {!r}".format( state, option, ) willMap = { ("no", False): will_no_false, ("no", True): will_no_true, ("yes", False): will_yes_false, ("yes", True): will_yes_true, } def telnet_WONT(self, option): s = self.getOptionState(option) self.wontMap[s.him.state, s.him.negotiating](self, s, option) def wont_no_false(self, state, option): # He is unilaterally demanding that an already-disabled option be/remain disabled. # Ignore this (although we could record it and refuse subsequent enable attempts # from our side - he can always refuse them again though, so we won't) pass def wont_no_true(self, state, option): # Peer refused to enable an option in response to our request. state.him.negotiating = False d = state.him.onResult state.him.onResult = None d.errback(OptionRefused(option)) def wont_yes_false(self, state, option): # Peer is unilaterally demanding that an option be disabled. state.him.state = "no" self.disableRemote(option) self._dont(option) def wont_yes_true(self, state, option): # Peer agreed to disable an option at our request. state.him.state = "no" state.him.negotiating = False d = state.him.onResult state.him.onResult = None d.callback(True) self.disableRemote(option) wontMap = { ("no", False): wont_no_false, ("no", True): wont_no_true, ("yes", False): wont_yes_false, ("yes", True): wont_yes_true, } def telnet_DO(self, option): s = self.getOptionState(option) self.doMap[s.us.state, s.us.negotiating](self, s, option) def do_no_false(self, state, option): # Peer is unilaterally requesting that we enable an option. if self.enableLocal(option): state.us.state = "yes" self._will(option) else: self._wont(option) def do_no_true(self, state, option): # Peer agreed to allow us to enable an option at our request. state.us.state = "yes" state.us.negotiating = False d = state.us.onResult state.us.onResult = None d.callback(True) self.enableLocal(option) def do_yes_false(self, state, option): # Peer is unilaterally requesting us to enable an already-enabled option. # Ignore this. pass def do_yes_true(self, state, option): # This is a bogus state. It is here for completeness. It will never be # entered. assert ( False ), "do_yes_true can never be entered, but was called with {!r}, {!r}".format( state, option, ) doMap = { ("no", False): do_no_false, ("no", True): do_no_true, ("yes", False): do_yes_false, ("yes", True): do_yes_true, } def telnet_DONT(self, option): s = self.getOptionState(option) self.dontMap[s.us.state, s.us.negotiating](self, s, option) def dont_no_false(self, state, option): # Peer is unilaterally demanding us to disable an already-disabled option. # Ignore this. pass def dont_no_true(self, state, option): # Offered option was refused. Fail the Deferred returned by the # previous will() call. state.us.negotiating = False d = state.us.onResult state.us.onResult = None d.errback(OptionRefused(option)) def dont_yes_false(self, state, option): # Peer is unilaterally demanding we disable an option. state.us.state = "no" self.disableLocal(option) self._wont(option) def dont_yes_true(self, state, option): # Peer acknowledged our notice that we will disable an option. state.us.state = "no" state.us.negotiating = False d = state.us.onResult state.us.onResult = None d.callback(True) self.disableLocal(option) dontMap = { ("no", False): dont_no_false, ("no", True): dont_no_true, ("yes", False): dont_yes_false, ("yes", True): dont_yes_true, } def enableLocal(self, option): """ Reject all attempts to enable options. """ return False def enableRemote(self, option): """ Reject all attempts to enable options. """ return False def disableLocal(self, option): """ Signal a programming error by raising an exception. L{enableLocal} must return true for the given value of C{option} in order for this method to be called. If a subclass of L{Telnet} overrides enableLocal to allow certain options to be enabled, it must also override disableLocal to disable those options. @raise NotImplementedError: Always raised. """ raise NotImplementedError( f"Don't know how to disable local telnet option {option!r}" ) def disableRemote(self, option): """ Signal a programming error by raising an exception. L{enableRemote} must return true for the given value of C{option} in order for this method to be called. If a subclass of L{Telnet} overrides enableRemote to allow certain options to be enabled, it must also override disableRemote tto disable those options. @raise NotImplementedError: Always raised. """ raise NotImplementedError( f"Don't know how to disable remote telnet option {option!r}" ) class ProtocolTransportMixin: def write(self, data): self.transport.write(data.replace(b"\n", b"\r\n")) def writeSequence(self, seq): self.transport.writeSequence(seq) def loseConnection(self): self.transport.loseConnection() def getHost(self): return self.transport.getHost() def getPeer(self): return self.transport.getPeer() class TelnetTransport(Telnet, ProtocolTransportMixin): """ @ivar protocol: An instance of the protocol to which this transport is connected, or None before the connection is established and after it is lost. @ivar protocolFactory: A callable which returns protocol instances which provide L{ITelnetProtocol}. This will be invoked when a connection is established. It is passed protocolArgs and protocolKwArgs. @ivar protocolArgs: A tuple of additional arguments to pass to protocolFactory. @ivar protocolKwArgs: A dictionary of additional arguments to pass to protocolFactory. """ disconnecting = False protocolFactory = None protocol = None def __init__(self, protocolFactory=None, a, *kw): Telnet.__init__(self) if protocolFactory is not None: self.protocolFactory = protocolFactory self.protocolArgs = a self.protocolKwArgs = kw def connectionMade(self): if self.protocolFactory is not None: self.protocol = self.protocolFactory( self.protocolArgs, *self.protocolKwArgs ) assert ITelnetProtocol.providedBy(self.protocol) try: factory = self.factory except AttributeError: pass else: self.protocol.factory = factory self.protocol.makeConnection(self) def connectionLost(self, reason): Telnet.connectionLost(self, reason) if self.protocol is not None: try: self.protocol.connectionLost(reason) finally: del self.protocol def enableLocal(self, option): return self.protocol.enableLocal(option) def enableRemote(self, option): return self.protocol.enableRemote(option) def disableLocal(self, option): return self.protocol.disableLocal(option) def disableRemote(self, option): return self.protocol.disableRemote(option) def unhandledSubnegotiation(self, command, data): self.protocol.unhandledSubnegotiation(command, data) def unhandledCommand(self, command, argument): self.protocol.unhandledCommand(command, argument) def applicationDataReceived(self, data): self.protocol.dataReceived(data) def write(self, data): ProtocolTransportMixin.write(self, data.replace(b"\xff", b"\xff\xff")) class TelnetBootstrapProtocol(TelnetProtocol, ProtocolTransportMixin): protocol = None def __init__(self, protocolFactory, args, *kw): self.protocolFactory = protocolFactory self.protocolArgs = args self.protocolKwArgs = kw def connectionMade(self): self.transport.negotiationMap[NAWS] = self.telnet_NAWS self.transport.negotiationMap[LINEMODE] = self.telnet_LINEMODE for opt in (LINEMODE, NAWS, SGA): self.transport.do(opt).addErrback( lambda f: self._log.failure("Error do {opt!r}", f, opt=opt) ) for opt in (ECHO,): self.transport.will(opt).addErrback( lambda f: self._log.failure("Error setting will {opt!r}", f, opt=opt) ) self.protocol = self.protocolFactory(self.protocolArgs, *self.protocolKwArgs) try: factory = self.factory except AttributeError: pass else: self.protocol.factory = factory self.protocol.makeConnection(self) def connectionLost(self, reason): if self.protocol is not None: try: self.protocol.connectionLost(reason) finally: del self.protocol def dataReceived(self, data): self.protocol.dataReceived(data) def enableLocal(self, opt): if opt == ECHO: return True elif opt == SGA: return True else: return False def enableRemote(self, opt): if opt == LINEMODE: self.transport.requestNegotiation(LINEMODE, MODE + LINEMODE_TRAPSIG) return True elif opt == NAWS: return True elif opt == SGA: return True else: return False def telnet_NAWS(self, data): # NAWS is client -> server only. self.protocol will # therefore be an ITerminalTransport, the `.protocol' # attribute of which will be an ITerminalProtocol. Maybe. # You know what, XXX TODO clean this up. if len(data) == 4: width, height = struct.unpack("!HH", b"".join(data)) self.protocol.terminalProtocol.terminalSize(width, height) else: self._log.error("Wrong number of NAWS bytes: {nbytes}", nbytes=len(data)) linemodeSubcommands = {LINEMODE_SLC: "SLC"} def telnet_LINEMODE(self, data): # linemodeSubcommand = data[0] # # XXX TODO: This should be enabled to parse linemode subnegotiation. # getattr(self, "linemode_" + self.linemodeSubcommands[linemodeSubcommand])( # data[1:] # ) pass def linemode_SLC(self, data): chunks = zip([iter(data)] * 3) for slcFunction, slcValue, slcWhat in chunks: # Later, we should parse stuff. "SLC", ord(slcFunction), ord(slcValue), ord(slcWhat) from twisted.protocols import basic class StatefulTelnetProtocol(basic.LineReceiver, TelnetProtocol): delimiter = b"\n" state = "Discard" def connectionLost(self, reason): basic.LineReceiver.connectionLost(self, reason) TelnetProtocol.connectionLost(self, reason) def lineReceived(self, line): oldState = self.state newState = getattr(self, "telnet_" + oldState)(line) if newState is not None: if self.state == oldState: self.state = newState else: self._log.warn("state changed and new state returned") def telnet_Discard(self, line): pass from twisted.cred import credentials class AuthenticatingTelnetProtocol(StatefulTelnetProtocol): """ A protocol which prompts for credentials and attempts to authenticate them. Username and password prompts are given (the password is obscured). When the information is collected, it is passed to a portal and an avatar implementing L{ITelnetProtocol} is requested. If an avatar is returned, it connected to this protocol's transport, and this protocol's transport is connected to it. Otherwise, the user is re-prompted for credentials. """ state = "User" protocol = None def __init__(self, portal): self.portal = portal def connectionMade(self): self.transport.write(b"Username: ") def connectionLost(self, reason): StatefulTelnetProtocol.connectionLost(self, reason) if self.protocol is not None: try: self.protocol.connectionLost(reason) self.logout() finally: del self.protocol, self.logout def telnet_User(self, line): self.username = line self.transport.will(ECHO) self.transport.write(b"Password: ") return "Password" def telnet_Password(self, line): username, password = self.username, line del self.username def login(ignored): creds = credentials.UsernamePassword(username, password) d = self.portal.login(creds, None, ITelnetProtocol) d.addCallback(self._cbLogin) d.addErrback(self._ebLogin) self.transport.wont(ECHO).addCallback(login) return "Discard" def _cbLogin(self, ial): interface, protocol, logout = ial assert interface is ITelnetProtocol self.protocol = protocol self.logout = logout self.state = "Command" protocol.makeConnection(self.transport) self.transport.protocol = protocol def _ebLogin(self, failure): self.transport.write(b"\nAuthentication failed\n") self.transport.write(b"Username: ") self.state = "User" __all__ = [ # Exceptions "TelnetError", "NegotiationError", "OptionRefused", "AlreadyNegotiating", "AlreadyEnabled", "AlreadyDisabled", # Interfaces "ITelnetProtocol", "ITelnetTransport", # Other stuff, protocols, etc. "Telnet", "TelnetProtocol", "TelnetTransport", "TelnetBootstrapProtocol", ] ��ssh/agent.py��0000644��00000022454�15027667726�0007042 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Implements the SSH v2 key agent protocol. This protocol is documented in the SSH source code, in the file U{PROTOCOL.agent<http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.agent>}. Maintainer: Paul Swartz """ import struct from twisted.conch.error import ConchError, MissingKeyStoreError from twisted.conch.ssh import keys from twisted.conch.ssh.common import NS, getMP, getNS from twisted.internet import defer, protocol class SSHAgentClient(protocol.Protocol): """ The client side of the SSH agent protocol. This is equivalent to ssh-add(1) and can be used with either ssh-agent(1) or the SSHAgentServer protocol, also in this package. """ def __init__(self): self.buf = b"" self.deferreds = [] def dataReceived(self, data): self.buf += data while 1: if len(self.buf) <= 4: return packLen = struct.unpack("!L", self.buf[:4])[0] if len(self.buf) < 4 + packLen: return packet, self.buf = self.buf[4 : 4 + packLen], self.buf[4 + packLen :] reqType = ord(packet[0:1]) d = self.deferreds.pop(0) if reqType == AGENT_FAILURE: d.errback(ConchError("agent failure")) elif reqType == AGENT_SUCCESS: d.callback(b"") else: d.callback(packet) def sendRequest(self, reqType, data): pack = struct.pack("!LB", len(data) + 1, reqType) + data self.transport.write(pack) d = defer.Deferred() self.deferreds.append(d) return d def requestIdentities(self): """ @return: A L{Deferred} which will fire with a list of all keys found in the SSH agent. The list of keys is comprised of (public key blob, comment) tuples. """ d = self.sendRequest(AGENTC_REQUEST_IDENTITIES, b"") d.addCallback(self._cbRequestIdentities) return d def _cbRequestIdentities(self, data): """ Unpack a collection of identities into a list of tuples comprised of public key blobs and comments. """ if ord(data[0:1]) != AGENT_IDENTITIES_ANSWER: raise ConchError("unexpected response: %i" % ord(data[0:1])) numKeys = struct.unpack("!L", data[1:5])[0] result = [] data = data[5:] for i in range(numKeys): blob, data = getNS(data) comment, data = getNS(data) result.append((blob, comment)) return result def addIdentity(self, blob, comment=b""): """ Add a private key blob to the agent's collection of keys. """ req = blob req += NS(comment) return self.sendRequest(AGENTC_ADD_IDENTITY, req) def signData(self, blob, data): """ Request that the agent sign the given C{data} with the private key which corresponds to the public key given by C{blob}. The private key should have been added to the agent already. @type blob: L{bytes} @type data: L{bytes} @return: A L{Deferred} which fires with a signature for given data created with the given key. """ req = NS(blob) req += NS(data) req += b"\000\000\000\000" # flags return self.sendRequest(AGENTC_SIGN_REQUEST, req).addCallback(self._cbSignData) def _cbSignData(self, data): if ord(data[0:1]) != AGENT_SIGN_RESPONSE: raise ConchError("unexpected data: %i" % ord(data[0:1])) signature = getNS(data[1:])[0] return signature def removeIdentity(self, blob): """ Remove the private key corresponding to the public key in blob from the running agent. """ req = NS(blob) return self.sendRequest(AGENTC_REMOVE_IDENTITY, req) def removeAllIdentities(self): """ Remove all keys from the running agent. """ return self.sendRequest(AGENTC_REMOVE_ALL_IDENTITIES, b"") class SSHAgentServer(protocol.Protocol): """ The server side of the SSH agent protocol. This is equivalent to ssh-agent(1) and can be used with either ssh-add(1) or the SSHAgentClient protocol, also in this package. """ def __init__(self): self.buf = b"" def dataReceived(self, data): self.buf += data while 1: if len(self.buf) <= 4: return packLen = struct.unpack("!L", self.buf[:4])[0] if len(self.buf) < 4 + packLen: return packet, self.buf = self.buf[4 : 4 + packLen], self.buf[4 + packLen :] reqType = ord(packet[0:1]) reqName = messages.get(reqType, None) if not reqName: self.sendResponse(AGENT_FAILURE, b"") else: f = getattr(self, "agentc_%s" % reqName) if getattr(self.factory, "keys", None) is None: self.sendResponse(AGENT_FAILURE, b"") raise MissingKeyStoreError() f(packet[1:]) def sendResponse(self, reqType, data): pack = struct.pack("!LB", len(data) + 1, reqType) + data self.transport.write(pack) def agentc_REQUEST_IDENTITIES(self, data): """ Return all of the identities that have been added to the server """ assert data == b"" numKeys = len(self.factory.keys) resp = [] resp.append(struct.pack("!L", numKeys)) for key, comment in self.factory.keys.values(): resp.append(NS(key.blob())) # yes, wrapped in an NS resp.append(NS(comment)) self.sendResponse(AGENT_IDENTITIES_ANSWER, b"".join(resp)) def agentc_SIGN_REQUEST(self, data): """ Data is a structure with a reference to an already added key object and some data that the clients wants signed with that key. If the key object wasn't loaded, return AGENT_FAILURE, else return the signature. """ blob, data = getNS(data) if blob not in self.factory.keys: return self.sendResponse(AGENT_FAILURE, b"") signData, data = getNS(data) assert data == b"\000\000\000\000" self.sendResponse( AGENT_SIGN_RESPONSE, NS(self.factory.keys[blob][0].sign(signData)) ) def agentc_ADD_IDENTITY(self, data): """ Adds a private key to the agent's collection of identities. On subsequent interactions, the private key can be accessed using only the corresponding public key. """ # need to pre-read the key data so we can get past it to the comment string keyType, rest = getNS(data) if keyType == b"ssh-rsa": nmp = 6 elif keyType == b"ssh-dss": nmp = 5 else: raise keys.BadKeyError("unknown blob type: %s" % keyType) rest = getMP(rest, nmp)[ -1 ] # ignore the key data for now, we just want the comment comment, rest = getNS(rest) # the comment, tacked onto the end of the key blob k = keys.Key.fromString(data, type="private_blob") # not wrapped in NS here self.factory.keys[k.blob()] = (k, comment) self.sendResponse(AGENT_SUCCESS, b"") def agentc_REMOVE_IDENTITY(self, data): """ Remove a specific key from the agent's collection of identities. """ blob, _ = getNS(data) k = keys.Key.fromString(blob, type="blob") del self.factory.keys[k.blob()] self.sendResponse(AGENT_SUCCESS, b"") def agentc_REMOVE_ALL_IDENTITIES(self, data): """ Remove all keys from the agent's collection of identities. """ assert data == b"" self.factory.keys = {} self.sendResponse(AGENT_SUCCESS, b"") # v1 messages that we ignore because we don't keep v1 keys # open-ssh sends both v1 and v2 commands, so we have to # do no-ops for v1 commands or we'll get "bad request" errors def agentc_REQUEST_RSA_IDENTITIES(self, data): """ v1 message for listing RSA1 keys; superseded by agentc_REQUEST_IDENTITIES, which handles different key types. """ self.sendResponse(AGENT_RSA_IDENTITIES_ANSWER, struct.pack("!L", 0)) def agentc_REMOVE_RSA_IDENTITY(self, data): """ v1 message for removing RSA1 keys; superseded by agentc_REMOVE_IDENTITY, which handles different key types. """ self.sendResponse(AGENT_SUCCESS, b"") def agentc_REMOVE_ALL_RSA_IDENTITIES(self, data): """ v1 message for removing all RSA1 keys; superseded by agentc_REMOVE_ALL_IDENTITIES, which handles different key types. """ self.sendResponse(AGENT_SUCCESS, b"") AGENTC_REQUEST_RSA_IDENTITIES = 1 AGENT_RSA_IDENTITIES_ANSWER = 2 AGENT_FAILURE = 5 AGENT_SUCCESS = 6 AGENTC_REMOVE_RSA_IDENTITY = 8 AGENTC_REMOVE_ALL_RSA_IDENTITIES = 9 AGENTC_REQUEST_IDENTITIES = 11 AGENT_IDENTITIES_ANSWER = 12 AGENTC_SIGN_REQUEST = 13 AGENT_SIGN_RESPONSE = 14 AGENTC_ADD_IDENTITY = 17 AGENTC_REMOVE_IDENTITY = 18 AGENTC_REMOVE_ALL_IDENTITIES = 19 messages = {} for name, value in locals().copy().items(): if name[:7] == "AGENTC_": messages[value] = name[7:] # doesn't handle doubles ��ssh/channel.py��0000644��00000023360�15027667726�0007351 0��ustar�00��# -- test-case-name: twisted.conch.test.test_channel -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ The parent class for all the SSH Channels. Currently implemented channels are session, direct-tcp, and forwarded-tcp. Maintainer: Paul Swartz """ from zope.interface import implementer from twisted.internet import interfaces from twisted.logger import Logger from twisted.python import log @implementer(interfaces.ITransport) class SSHChannel(log.Logger): """ A class that represents a multiplexed channel over an SSH connection. The channel has a local window which is the maximum amount of data it will receive, and a remote which is the maximum amount of data the remote side will accept. There is also a maximum packet size for any individual data packet going each way. @ivar name: the name of the channel. @type name: L{bytes} @ivar localWindowSize: the maximum size of the local window in bytes. @type localWindowSize: L{int} @ivar localWindowLeft: how many bytes are left in the local window. @type localWindowLeft: L{int} @ivar localMaxPacket: the maximum size of packet we will accept in bytes. @type localMaxPacket: L{int} @ivar remoteWindowLeft: how many bytes are left in the remote window. @type remoteWindowLeft: L{int} @ivar remoteMaxPacket: the maximum size of a packet the remote side will accept in bytes. @type remoteMaxPacket: L{int} @ivar conn: the connection this channel is multiplexed through. @type conn: L{SSHConnection} @ivar data: any data to send to the other side when the channel is requested. @type data: L{bytes} @ivar avatar: an avatar for the logged-in user (if a server channel) @ivar localClosed: True if we aren't accepting more data. @type localClosed: L{bool} @ivar remoteClosed: True if the other side isn't accepting more data. @type remoteClosed: L{bool} """ _log = Logger() name: bytes = None # type: ignore[assignment] # only needed for client channels def __init__( self, localWindow=0, localMaxPacket=0, remoteWindow=0, remoteMaxPacket=0, conn=None, data=None, avatar=None, ): self.localWindowSize = localWindow or 131072 self.localWindowLeft = self.localWindowSize self.localMaxPacket = localMaxPacket or 32768 self.remoteWindowLeft = remoteWindow self.remoteMaxPacket = remoteMaxPacket self.areWriting = 1 self.conn = conn self.data = data self.avatar = avatar self.specificData = b"" self.buf = b"" self.extBuf = [] self.closing = 0 self.localClosed = 0 self.remoteClosed = 0 self.id = None # gets set later by SSHConnection def __str__(self) -> str: return self.__bytes__().decode("ascii") def __bytes__(self) -> bytes: """ Return a byte string representation of the channel """ name = self.name if not name: name = b"None" return b"<SSHChannel %b (lw %d rw %d)>" % ( name, self.localWindowLeft, self.remoteWindowLeft, ) def logPrefix(self): id = (self.id is not None and str(self.id)) or "unknown" if self.name: name = self.name.decode("ascii") else: name = "None" return f"SSHChannel {name} ({id}) on {self.conn.logPrefix()}" def channelOpen(self, specificData): """ Called when the channel is opened. specificData is any data that the other side sent us when opening the channel. @type specificData: L{bytes} """ self._log.info("channel open") def openFailed(self, reason): """ Called when the open failed for some reason. reason.desc is a string descrption, reason.code the SSH error code. @type reason: L{error.ConchError} """ self._log.error("other side refused open\nreason: {reason}", reason=reason) def addWindowBytes(self, data): """ Called when bytes are added to the remote window. By default it clears the data buffers. @type data: L{bytes} """ self.remoteWindowLeft = self.remoteWindowLeft + data if not self.areWriting and not self.closing: self.areWriting = True self.startWriting() if self.buf: b = self.buf self.buf = b"" self.write(b) if self.extBuf: b = self.extBuf self.extBuf = [] for (type, data) in b: self.writeExtended(type, data) def requestReceived(self, requestType, data): """ Called when a request is sent to this channel. By default it delegates to self.request_<requestType>. If this function returns true, the request succeeded, otherwise it failed. @type requestType: L{bytes} @type data: L{bytes} @rtype: L{bool} """ foo = requestType.replace(b"-", b"_").decode("ascii") f = getattr(self, "request_" + foo, None) if f: return f(data) self._log.info("unhandled request for {requestType}", requestType=requestType) return 0 def dataReceived(self, data): """ Called when we receive data. @type data: L{bytes} """ self._log.debug("got data {data}", data=data) def extReceived(self, dataType, data): """ Called when we receive extended data (usually standard error). @type dataType: L{int} @type data: L{str} """ self._log.debug( "got extended data {dataType} {data!r}", dataType=dataType, data=data ) def eofReceived(self): """ Called when the other side will send no more data. """ self._log.info("remote eof") def closeReceived(self): """ Called when the other side has closed the channel. """ self._log.info("remote close") self.loseConnection() def closed(self): """ Called when the channel is closed. This means that both our side and the remote side have closed the channel. """ self._log.info("closed") def write(self, data): """ Write some data to the channel. If there is not enough remote window available, buffer until it is. Otherwise, split the data into packets of length remoteMaxPacket and send them. @type data: L{bytes} """ if self.buf: self.buf += data return top = len(data) if top > self.remoteWindowLeft: data, self.buf = ( data[: self.remoteWindowLeft], data[self.remoteWindowLeft :], ) self.areWriting = 0 self.stopWriting() top = self.remoteWindowLeft rmp = self.remoteMaxPacket write = self.conn.sendData r = range(0, top, rmp) for offset in r: write(self, data[offset : offset + rmp]) self.remoteWindowLeft -= top if self.closing and not self.buf: self.loseConnection() # try again def writeExtended(self, dataType, data): """ Send extended data to this channel. If there is not enough remote window available, buffer until there is. Otherwise, split the data into packets of length remoteMaxPacket and send them. @type dataType: L{int} @type data: L{bytes} """ if self.extBuf: if self.extBuf[-1][0] == dataType: self.extBuf[-1][1] += data else: self.extBuf.append([dataType, data]) return if len(data) > self.remoteWindowLeft: data, self.extBuf = ( data[: self.remoteWindowLeft], [[dataType, data[self.remoteWindowLeft :]]], ) self.areWriting = 0 self.stopWriting() while len(data) > self.remoteMaxPacket: self.conn.sendExtendedData(self, dataType, data[: self.remoteMaxPacket]) data = data[self.remoteMaxPacket :] self.remoteWindowLeft -= self.remoteMaxPacket if data: self.conn.sendExtendedData(self, dataType, data) self.remoteWindowLeft -= len(data) if self.closing: self.loseConnection() # try again def writeSequence(self, data): """ Part of the Transport interface. Write a list of strings to the channel. @type data: C{list} of L{str} """ self.write(b"".join(data)) def loseConnection(self): """ Close the channel if there is no buferred data. Otherwise, note the request and return. """ self.closing = 1 if not self.buf and not self.extBuf: self.conn.sendClose(self) def getPeer(self): """ See: L{ITransport.getPeer} @return: The remote address of this connection. @rtype: L{SSHTransportAddress}. """ return self.conn.transport.getPeer() def getHost(self): """ See: L{ITransport.getHost} @return: An address describing this side of the connection. @rtype: L{SSHTransportAddress}. """ return self.conn.transport.getHost() def stopWriting(self): """ Called when the remote buffer is full, as a hint to stop writing. This can be ignored, but it can be helpful. """ def startWriting(self): """ Called when the remote buffer has more room, as a hint to continue writing. """ ��ssh/factory.py��0000644��00000007372�15027667726�0007415 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ A Factory for SSH servers. See also L{twisted.conch.openssh_compat.factory} for OpenSSH compatibility. Maintainer: Paul Swartz """ import random from twisted.conch import error from twisted.conch.ssh import _kex, connection, transport, userauth from twisted.internet import protocol from twisted.logger import Logger class SSHFactory(protocol.Factory): """ A Factory for SSH servers. """ _log = Logger() protocol = transport.SSHServerTransport services = { b"ssh-userauth": userauth.SSHUserAuthServer, b"ssh-connection": connection.SSHConnection, } def startFactory(self): """ Check for public and private keys. """ if not hasattr(self, "publicKeys"): self.publicKeys = self.getPublicKeys() if not hasattr(self, "privateKeys"): self.privateKeys = self.getPrivateKeys() if not self.publicKeys or not self.privateKeys: raise error.ConchError("no host keys, failing") if not hasattr(self, "primes"): self.primes = self.getPrimes() def buildProtocol(self, addr): """ Create an instance of the server side of the SSH protocol. @type addr: L{twisted.internet.interfaces.IAddress} provider @param addr: The address at which the server will listen. @rtype: L{twisted.conch.ssh.transport.SSHServerTransport} @return: The built transport. """ t = protocol.Factory.buildProtocol(self, addr) t.supportedPublicKeys = self.privateKeys.keys() if not self.primes: self._log.info( "disabling non-fixed-group key exchange algorithms " "because we cannot find moduli file" ) t.supportedKeyExchanges = [ kexAlgorithm for kexAlgorithm in t.supportedKeyExchanges if _kex.isFixedGroup(kexAlgorithm) or _kex.isEllipticCurve(kexAlgorithm) ] return t def getPublicKeys(self): """ Called when the factory is started to get the public portions of the servers host keys. Returns a dictionary mapping SSH key types to public key strings. @rtype: L{dict} """ raise NotImplementedError("getPublicKeys unimplemented") def getPrivateKeys(self): """ Called when the factory is started to get the private portions of the servers host keys. Returns a dictionary mapping SSH key types to L{twisted.conch.ssh.keys.Key} objects. @rtype: L{dict} """ raise NotImplementedError("getPrivateKeys unimplemented") def getPrimes(self): """ Called when the factory is started to get Diffie-Hellman generators and primes to use. Returns a dictionary mapping number of bits to lists of tuple of (generator, prime). @rtype: L{dict} """ def getDHPrime(self, bits): """ Return a tuple of (g, p) for a Diffe-Hellman process, with p being as close to bits bits as possible. @type bits: L{int} @rtype: L{tuple} """ primesKeys = sorted(self.primes.keys(), key=lambda i: abs(i - bits)) realBits = primesKeys[0] return random.choice(self.primes[realBits]) def getService(self, transport, service): """ Return a class to use as a service for the given transport. @type transport: L{transport.SSHServerTransport} @type service: L{bytes} @rtype: subclass of L{service.SSHService} """ if service == b"ssh-userauth" or hasattr(transport, "avatar"): return self.services[service] ��ssh/service.py��0000644��00000003024�15027667726�0007374 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ The parent class for all the SSH services. Currently implemented services are ssh-userauth and ssh-connection. Maintainer: Paul Swartz """ from typing import Dict from twisted.logger import Logger class SSHService: # this is the ssh name for the service: name: bytes = None # type:ignore[assignment] protocolMessages: Dict[int, str] = {} # map #'s -> protocol names transport = None # gets set later _log = Logger() def serviceStarted(self): """ called when the service is active on the transport. """ def serviceStopped(self): """ called when the service is stopped, either by the connection ending or by another service being started """ def logPrefix(self): return "SSHService {!r} on {}".format( self.name, self.transport.transport.logPrefix() ) def packetReceived(self, messageNum, packet): """ called when we receive a packet on the transport """ # print self.protocolMessages if messageNum in self.protocolMessages: messageType = self.protocolMessages[messageNum] f = getattr(self, "ssh_%s" % messageType[4:], None) if f is not None: return f(packet) self._log.info( "couldn't handle {messageNum} {packet!r}", messageNum=messageNum, packet=packet, ) self.transport.sendUnimplemented() ��ssh/__pycache__/forwarding.cpython-310.pyc��0000644��00000020714�15027667726�0014442 0��ustar�00��o ��b! ��@��s��d�Z�ddlZddlmZmZ�ddlmZmZ�ddlm Z m Z �G�dd��dej�ZG�dd ��d ej �ZG�d d��de�ZG�dd ��d e�ZG�dd��dej �Zdd��ZG�dd��dej�Zdd��ZeZdd��ZeZdd��Zdd��ZdS�)z� This module contains the implementation of the TCP forwarding, which allows clients and servers to forward arbitrary TCP data across the connection. Maintainer: Paul Swartz ��N)�channel�common)�protocol�reactor)�HostnameEndpoint�connectProtocolc��@��s��e�Zd�Zdd��Zdd��ZdS�)�SSHListenForwardingFactoryc��C��s��\|\|�_�\|\|�_\|\|�_d�S��N)�conn�hostport�klass)�self� connectionr��r��r��>/usr/lib/python3/dist-packages/twisted/conch/ssh/forwarding.py�__init__��s�� z#SSHListenForwardingFactory.__init__c��C��sF��\|�j�\|�jd�}t\|�}\|\|_\|j\|jf}t\|�j\|�}\|�j�\|\|��\|S�)N)r ��) r��r ��SSHForwardingClient�client�host�port�packOpen_direct_tcpipr��openChannel)r ��addrr��r�� addrTuple�channelOpenDatar��r��r�� buildProtocol��s��z(SSHListenForwardingFactory.buildProtocolN)�__name__� __module__�__qualname__r��r��r��r��r��r��r��s��r��c��@��s4��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��ZdS�)�SSHListenForwardingChannelc��C��sH��\|�j�jd\|�jd��t\|�jj�dkr\|�jjdd��}\|��\|��d\|�j_d�S�)Nzopened forwarding channel {id}��id��)�_log�infor!��lenr��buf�write)r ��specificData�br��r��r��channelOpen$��s �� z&SSHListenForwardingChannel.channelOpenc��C��s��\|��d�S�r ��)�closed�r ��reasonr��r��r�� openFailed+��s��z%SSHListenForwardingChannel.openFailedc��C��s��\|�j�j�\|��d�S�r ��)r�� transportr(��r ��datar��r��r��dataReceived.��s��z'SSHListenForwardingChannel.dataReceivedc��C��s��\|�j�j��d�S�r ��)r��r0��loseConnection�r ��r��r��r��eofReceived1��s��z&SSHListenForwardingChannel.eofReceivedc��C��s4��t�\|�d�r\|�jjd\|�jd��\|�jj��\|�`d�S�d�S�)Nr��z%closing local forwarding channel {id}r ��)�hasattrr$��r%��r!��r��r0��r4��r5��r��r��r��r,��4��s �� z!SSHListenForwardingChannel.closedN)r��r��r��r+��r/��r3��r6��r,��r��r��r��r��r��#��s��r��c��@��e�Zd�ZdZdS�)� SSHListenClientForwardingChannels��direct-tcpipN�r��r��r��namer��r��r��r��r9��;��r9��c��@��r8��)� SSHListenServerForwardingChannels��forwarded-tcpipNr:��r��r��r��r��r=��@��r<��r=��c��@��sD��e�Zd�ZdZeZdd��Zdd��Zdd��Zdd ��Z d d��Z dd ��ZdS�)�SSHConnectForwardingChannela�� Channel used for handling server side forwarding request. It acts as a client for the remote forwarding destination. @ivar hostport: C{(host, port)} requested by client as forwarding destination. @type hostport: L{tuple} or a C{sequence} @ivar client: Protocol connected to the forwarding destination. @type client: L{protocol.Protocol} @ivar clientBuf: Data received while forwarding channel is not yet connected. @type clientBuf: L{bytes} @var _reactor: Reactor used for TCP connections. @type _reactor: A reactor. @ivar _channelOpenDeferred: Deferred used in testing to check the result of C{channelOpen}. @type _channelOpenDeferred: L{twisted.internet.defer.Deferred} c��O��s0��t�jj\|�g\|�R�i�\|��\|\|�_d�\|�_d\|�_d�S�)Nr#��)r�� SSHChannelr��r��r�� clientBuf)r ��r��args�kwr��r��r��r��_��s�� z$SSHConnectForwardingChannel.__init__c��C��s`��\|�j�jd\|�jd�\|�jd�d��t\|�j\|�jd�\|�jd��}t\|t\|��}\|�\|�j\|�j ��\|\|�_ dS�)�, See: L{channel.SSHChannel} zconnecting to {host}:{port}r��r"��r��r��N)r$��r%��r��r��_reactorr��r��addCallbacks� _setClient�_close�_channelOpenDeferred)r ��r)��ep�dr��r��r��r+��e��s�� z'SSHConnectForwardingChannel.channelOpenc��C��sr��\|\|�_�\|�jjd\|�jd�\|�jd�d��\|�jr \|�j�j�\|�j��d\|�_\|�j�jdd��r3\|��\|�j�jdd��d\|�j�_dS�)z� Called when the connection was established to the forwarding destination. @param client: Client protocol connected to the forwarding destination. @type client: L{protocol.Protocol} zconnected to {host}:{port}r��r"��rD��Nr#��)r��r$��r%��r��r@��r0��r(��r'��)r ��r��r��r��r��rG��q��s��z&SSHConnectForwardingChannel._setClientc��C��s,��\|�j�jd\|�jd�\|�jd�\|d��\|��dS�)z� Called when failed to connect to the forwarding destination. @param reason: Reason why connection failed. @type reason: L{twisted.python.failure.Failure} z,failed to connect to {host}:{port}: {reason}r��r"��)r��r��r.��N)r$��errorr��r4��r-��r��r��r��rH��s��z"SSHConnectForwardingChannel._closec��C��s��\|�j�r\|�j�j�\|��dS�\|��j\|7��_dS�)rC��N)r��r0��r(��r@��r1��r��r��r��r3��s��z(SSHConnectForwardingChannel.dataReceivedc��C��s@��\|�j�r\|�jjd\|�jd��\|�j�jr\|��\|�j�j��\|�`�dS�dS�)rC��z%closed remote forwarding channel {id}r ��N)r��r$��r%��r!��r��r4��r0��r5��r��r��r��r,��s��z"SSHConnectForwardingChannel.closedN)r��r��r��__doc__r��rE��r��r+��rG��rH��r3��r,��r��r��r��r��r>��E��s�� r>��c��C��s��t�\|�\}}t\|\|�\|\|d�S�)N)�remoteWindow�remoteMaxPacket�avatar)�unpackOpen_direct_tcpipr>��)rN��rO��r2��rP��remoteHP�origHPr��r��r��openConnectForwardingClient��s��rT��c��@��s$��e�Zd�Zdd��Zdd��Zdd��ZdS�)r��c��C��s��\|\|�_�d\|�_d�S�)N��)r��r'��)r ��r��r��r��r��r��s�� zSSHForwardingClient.__init__c��C��s(��\|�j�r\|��j�\|7��_�d�S�\|�j�\|��d�S�r ��)r'��r��r(��r1��r��r��r��r3��s��z SSHForwardingClient.dataReceivedc��C��s��\|�j�r \|�j��d�\|�_�d�S�d�S�r ��)r��r4��r-��r��r��r��connectionLost��s�� z"SSHForwardingClient.connectionLostN)r��r��r��r��r3��rV��r��r��r��r��r��s��r��c��C��sl��\|�\}}\|\}}t�\|t�r\|�d�}t�\|t�r\|�d�}t�\|�t�d\|��}t�\|�t�d\|��}\|\|�S�)a�� Pack the data suitable for sending in a CHANNEL_OPEN packet. @type destination: L{tuple} @param destination: A tuple of the (host, port) of the destination host. @type source: L{tuple} @param source: A tuple of the (host, port) of the source host. �utf-8�>L)� isinstance�str�encoder��NS�struct�pack)�destination�source�connHost�connPort�origHost�origPortr ��origr��r��r��r��s�� r��c��C��s��t��\|��\}}t\|t�r\|�d�}tt�d\|dd��d��}t��\|dd��\}}t\|t�r4\|�d�}tt�d\|dd��d��}\|\|f\|\|ffS�)z#Unpack the data to a usable format.rW��rX��N��r��r��getNSrY��bytes�decode�intr]��unpack)r2��ra��restrb��rc��rd��r��r��r��rQ��s�� rQ��c��C��s��\|�\}}t��\|�t�d\|��S�)zv Pack the data for tcpip forwarding. @param peer: A tuple of the (host, port) . @type peer: L{tuple} rX��)r��r\��r]��r^��)�peerr��r��r��r��r��packGlobal_tcpip_forward��s��ro��c��C��sF��t��\|��\}}t\|t�r\|�d�}tt�d\|d�d��d��}\|\|fS�)NrW��rX��rf��r��rg��)r2��r��rm��r��r��r��r��unpackGlobal_tcpip_forward��s �� rp��)rM��r]��twisted.conch.sshr��r��twisted.internetr��r��twisted.internet.endpointsr��r��Factoryr��r?��r��r9��r=��r>��rT��Protocolr��r��packOpen_forwarded_tcpiprQ��unpackOpen_forwarded_tcpipro��rp��r��r��r��r��<module>��s&��c ��ssh/__pycache__/channel.cpython-310.pyc��0000644��00000023326�15027667726�0013712 0��ustar�00��o ��b�&��@��sT��d�Z�ddlmZ�ddlmZ�ddlmZ�ddlmZ�eej �G�dd��dej��Z dS�) z� The parent class for all the SSH Channels. Currently implemented channels are session, direct-tcp, and forwarded-tcp. Maintainer: Paul Swartz ��)�implementer)� interfaces)�Logger)�logc��@��s��e�Zd�ZU�dZe��ZdZeed<� d0dd�Z de fdd �Zdefd d�Zdd ��Z dd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��Zd d!��Zd"d#��Zd$d%��Zd&d'��Zd(d)��Zdd+��Zd,d-��Zd.d/��ZdS�)1� SSHChannela�� A class that represents a multiplexed channel over an SSH connection. The channel has a local window which is the maximum amount of data it will receive, and a remote which is the maximum amount of data the remote side will accept. There is also a maximum packet size for any individual data packet going each way. @ivar name: the name of the channel. @type name: L{bytes} @ivar localWindowSize: the maximum size of the local window in bytes. @type localWindowSize: L{int} @ivar localWindowLeft: how many bytes are left in the local window. @type localWindowLeft: L{int} @ivar localMaxPacket: the maximum size of packet we will accept in bytes. @type localMaxPacket: L{int} @ivar remoteWindowLeft: how many bytes are left in the remote window. @type remoteWindowLeft: L{int} @ivar remoteMaxPacket: the maximum size of a packet the remote side will accept in bytes. @type remoteMaxPacket: L{int} @ivar conn: the connection this channel is multiplexed through. @type conn: L{SSHConnection} @ivar data: any data to send to the other side when the channel is requested. @type data: L{bytes} @ivar avatar: an avatar for the logged-in user (if a server channel) @ivar localClosed: True if we aren't accepting more data. @type localClosed: L{bool} @ivar remoteClosed: True if the other side isn't accepting more data. @type remoteClosed: L{bool} N�namer��c��C��sn��\|pd\|�_�\|�j�\|�_\|pd\|�_\|\|�_\|\|�_d\|�_\|\|�_\|\|�_\|\|�_d\|�_ d\|�_ g�\|�_d\|�_d\|�_ d\|�_d�\|�_d�S�)Ni��i��r��)�localWindowSize�localWindowLeft�localMaxPacket�remoteWindowLeft�remoteMaxPacket� areWriting�conn�data�avatar�specificData�buf�extBuf�closing�localClosed�remoteClosed�id)�self�localWindowr��remoteWindowr��r��r��r��r��;/usr/lib/python3/dist-packages/twisted/conch/ssh/channel.py�__init__9��s �� zSSHChannel.__init__�returnc��C��s��\|��d�S�)N�ascii)� __bytes__�decode�r��r��r��r��__str__T��s��zSSHChannel.__str__c��C��s ��\|�j�}\|sd}d\|\|�j\|�jf�S�)zD Return a byte string representation of the channel s��Nones��<SSHChannel %b (lw %d rw %d)>)r��r��r ��)r��r��r��r��r��r"��W��s��zSSHChannel.__bytes__c��C��sL��\|�j�d�ur t\|�j��pd}\|�jr\|�j�d�}nd}d\|��d\|��d\|�j��S�)N�unknownr!��NonezSSHChannel z (z) on )r��strr��r#��r�� logPrefix)r��r��r��r��r��r��r)��e��s ��zSSHChannel.logPrefixc��C��\|�j��d��dS�)z� Called when the channel is opened. specificData is any data that the other side sent us when opening the channel. @type specificData: L{bytes} zchannel openN��_log�info)r��r��r��r��r��channelOpenm��s��zSSHChannel.channelOpenc��C��\|�j�jd\|d��dS�)z� Called when the open failed for some reason. reason.desc is a string descrption, reason.code the SSH error code. @type reason: L{error.ConchError} z(other side refused open reason: {reason})�reasonN)r,��error)r��r0��r��r��r�� openFailedv��zSSHChannel.openFailedc��C��sv��\|�j�\|�\|�_�\|�js\|�jsd\|�_\|��\|�jr!\|�j}d\|�_\|��\|��\|�jr7\|�j}g�\|�_\|D�]\}}\|��\|\|��q,dS�dS�)z� Called when bytes are added to the remote window. By default it clears the data buffers. @type data: L{bytes} Tr ��N)r ��r��r��startWritingr��writer�� writeExtended)r��r��b�typer��r��r��addWindowBytes��s�� zSSHChannel.addWindowBytesc��C��sB��\|��dd��d�}t\|�d\|�d�}\|r\|\|�S�\|�jjd\|d��dS�) aJ�� Called when a request is sent to this channel. By default it delegates to self.request_<requestType>. If this function returns true, the request succeeded, otherwise it failed. @type requestType: L{bytes} @type data: L{bytes} @rtype: L{bool} ��-��_r!��request_Nz#unhandled request for {requestType})�requestTyper��)�replacer#��getattrr,��r-��)r��r=��r��foo�fr��r��r��requestReceived��s��zSSHChannel.requestReceivedc��C��r/��)zL Called when we receive data. @type data: L{bytes} zgot data {data})r��N�r,��debug�r��r��r��r��r��dataReceived��s��zSSHChannel.dataReceivedc��C��s��\|�j�jd\|\|d��dS�)z� Called when we receive extended data (usually standard error). @type dataType: L{int} @type data: L{str} z%got extended data {dataType} {data!r})�dataTyper��NrC��r��rG��r��r��r��r��extReceived��s�� zSSHChannel.extReceivedc��C��r��)zD Called when the other side will send no more data. z remote eofNr+��r$��r��r��r��eofReceived��s��zSSHChannel.eofReceivedc��C��s��\|�j��d��\|��dS�)zD Called when the other side has closed the channel. zremote closeN)r,��r-��loseConnectionr$��r��r��r�� closeReceived��s��zSSHChannel.closeReceivedc��C��r��)z� Called when the channel is closed. This means that both our side and the remote side have closed the channel. �closedNr+��r$��r��r��r��rM��s��zSSHChannel.closedc��C��s��\|�j�r\|��j�\|7��_�dS�t\|�}\|\|�jkr/\|d\|�j��\|\|�jd��}\|�_�d\|�_\|��\|�j}\|�j}\|�jj}td\|\|�}\|D�] }\|\|�\|\|\|\|��q>\|��j\|8��_\|�j r_\|�j�sa\|�� dS�dS�dS�)z� Write some data to the channel. If there is not enough remote window available, buffer until it is. Otherwise, split the data into packets of length remoteMaxPacket and send them. @type data: L{bytes} Nr��)r��lenr ��r��stopWritingr��r��sendData�ranger��rK��)r��r��top�rmpr5��r�offsetr��r��r��r5��s(�� zSSHChannel.writec��C��s��\|�j�r#\|�j�d�d�\|kr\|�j�d�d��\|7��<�dS�\|�j��\|\|g��dS�t\|�\|�jkrD\|d\|�j��\|\|\|�jd��gg}\|�_�d\|�_\|��t\|�\|�jkrn\|�j�\|�\|\|d\|�j��\|\|�jd��}\|��j\|�j8��_t\|�\|�jksK\|r�\|�j�\|�\|\|��\|��jt\|�8��_\|�j r�\|�� dS�dS�)a�� Send extended data to this channel. If there is not enough remote window available, buffer until there is. Otherwise, split the data into packets of length remoteMaxPacket and send them. @type dataType: L{int} @type data: L{bytes} ��r��r��N)r��appendrN��r ��r��rO��r��r��sendExtendedDatar��rK��rH��r��r��r��r6��s.�� zSSHChannel.writeExtendedc��C��s��\|��d�\|��dS�)z� Part of the Transport interface. Write a list of strings to the channel. @type data: C{list} of L{str} r ��N)r5��joinrE��r��r��r�� writeSequence ��r3��zSSHChannel.writeSequencec��C��s��d\|�_�\|�js\|�js\|�j�\|��dS�dS�dS�)zr Close the channel if there is no buferred data. Otherwise, note the request and return. r��N)r��r��r��r�� sendCloser$��r��r��r��rK��s��zSSHChannel.loseConnectionc��C��\|�j�j��S�)z� See: L{ITransport.getPeer} @return: The remote address of this connection. @rtype: L{SSHTransportAddress}. )r�� transport�getPeerr$��r��r��r��r^��zSSHChannel.getPeerc��C��r\��)z� See: L{ITransport.getHost} @return: An address describing this side of the connection. @rtype: L{SSHTransportAddress}. )r��r]��getHostr$��r��r��r��r`��%��r_��zSSHChannel.getHostc��C��dS�)z� Called when the remote buffer is full, as a hint to stop writing. This can be ignored, but it can be helpful. Nr��r$��r��r��r��rO��.��zSSHChannel.stopWritingc��C��ra��)ze Called when the remote buffer has more room, as a hint to continue writing. Nr��r$��r��r��r��r4��4��rb��zSSHChannel.startWriting)r��r��r��r��NNN)�__name__� __module__�__qualname__�__doc__r��r,��r��bytes�__annotations__r��r(��r%��r"��r)��r.��r2��r9��rB��rF��rI��rJ��rL��rM��r5��r6��rZ��rK��r^��r`��rO��r4��r��r��r��r��r��s@�� r��N)rf��zope.interfacer��twisted.internetr��twisted.loggerr��twisted.pythonr�� ITransportr��r��r��r��r��<module>��s��ssh/__pycache__/connection.cpython-310.pyc��0000644��00000054120�15027667726�0014435 0��ustar�00��o ��b�c��@��s"��d�Z�ddlZddlZddlZddlmZ�ddlmZm Z �ddl mZ�ddlm Z �ddlmZmZ�G�dd ��d e j�Zd ZdZdZd ZdZdZdZdZdZdZdZdZdZdZ dZ!dZ"dZ#dZ$dZ%i�Z&e'��(��)��D�]\ZZ+edd��dkrxee&e+<�qheej,ej-��Z.e/dd��e0d�D��Z1e&e_2dS�) z� This module contains the implementation of the ssh-connection service, which allows access to the shell and port-forwarding. Maintainer: Paul Swartz ��N)�error)�common�service)�defer)�Logger)�nativeString� networkStringc��@��s��e�Zd�ZdZdZe��Zdd��Zdd��Zdd��Z d d ��Z dd��Zd d��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd ��Zd!d"��Zd#d$��Zd%d&��Zd'd(��Zd)d��ZdDd,d-�ZdEd/d0�ZdDd1d2�Zd3d4��Zd5d6��Zd7d8��Z d9d:��Z!d;d<��Z"d=d>��Z#d?d@��Z$dAdB��Z%dCS�)F� SSHConnectionao�� An implementation of the 'ssh-connection' service. It is used to multiplex multiple channels over the single SSH connection. @ivar localChannelID: the next number to use as a local channel ID. @type localChannelID: L{int} @ivar channels: a L{dict} mapping a local channel ID to C{SSHChannel} subclasses. @type channels: L{dict} @ivar localToRemoteChannel: a L{dict} mapping a local channel ID to a remote channel ID. @type localToRemoteChannel: L{dict} @ivar channelsToRemoteChannel: a L{dict} mapping a C{SSHChannel} subclass to remote channel ID. @type channelsToRemoteChannel: L{dict} @ivar deferreds: a L{dict} mapping a local channel ID to a C{list} of C{Deferreds} for outstanding channel requests. Also, the 'global' key stores the C{list} of pending global request C{Deferred}s. s��ssh-connectionc��C��s,��d\|�_�i�\|�_i�\|�_i�\|�_dg�i\|�_d�\|�_d�S�)Nr��global)�localChannelID�localToRemoteChannel�channels�channelsToRemoteChannel� deferreds� transport��self��r��>/usr/lib/python3/dist-packages/twisted/conch/ssh/connection.py�__init__/��s�� zSSHConnection.__init__c��C��s��t�\|�jd�r \|�\|�jj_d�S�d�S�)N�avatar)�hasattrr��r��connr��r��r��r��serviceStarted=��s��zSSHConnection.serviceStartedc��C��sV��t�\|�j��D�]}\|��\|��q\|�jr%\|�j��\}}\|�tjj � ��\|�js\|��dS�)z8 Called when the connection is stopped. N)�listr��keys� channelClosedr ��popitem� openFailed�twisted�internetr��ConnectionLost�_cleanupGlobalDeferreds)r��channel�_r��r��r��serviceStoppedA��s��zSSHConnection.serviceStoppedc��C��s4��\|�j�d�D�] }\|�t�d��q\|�j�d�dd�=�dS�)z� All pending requests that have returned a deferred must be errbacked when this service is stopped, otherwise they might be left uncalled and uncallable. r ��zConnection stopped.N)r��errbackr�� ConchError)r��dr��r��r��r"��P��s��z%SSHConnection._cleanupGlobalDeferredsc��C��sx��t��\|�\}}t\|dd��\|dd��}}\|��\|\|�}\|r:t}d}\|r1t}t\|ttf�r1\|d�}\|�j � \|\|��dS�dS�)z� The other side has made a global request. Payload:: string request type bool want reply <request specific data> This dispatches to self.gotGlobalRequest. r��N��)r��getNS�ord�gotGlobalRequest�MSG_REQUEST_FAILURE�MSG_REQUEST_SUCCESS� isinstance�tupler��r�� sendPacket)r��packet�requestType�rest� wantReply�ret�reply�datar��r��r��ssh_GLOBAL_REQUEST[��s�� z SSHConnection.ssh_GLOBAL_REQUESTc��C��s&��\|�j��d��\|�jd��d��\|��dS�)z� Our global request succeeded. Get the appropriate Deferred and call it back with the packet we received. zglobal request successr ��r��N)�_log�debugr��pop�callback�r��r3��r��r��r��ssh_REQUEST_SUCCESSp��s��z!SSHConnection.ssh_REQUEST_SUCCESSc��C��s.��\|�j��d��\|�jd��d��t�d\|��dS�)z~ Our global request failed. Get the appropriate Deferred and errback it with the packet we received. zglobal request failurer ��r��zglobal request failedN)r;��r<��r��r=��r&��r��r'��r?��r��r��r��ssh_REQUEST_FAILUREx��s�� z!SSHConnection.ssh_REQUEST_FAILUREc�� C��sN��t��\|�\}}t�d\|dd��\}}}\|dd��}zA\|��\|\|\|\|�}\|�j}\|��jd7��_\|\|_\|\|�j\|<�\|\|�j\|<�\|\|�j \|<�t� d\|\|\|j\|j�\|j �} \|�j�t\| ��\|�\|��W�dS��ty��} �z?\|�j�d��t\| tj�r\| j\}}t\|t�r~\|\|}}nt}d}\|�j�tt� d\|\|�t��t\|��t��d ��W�Y�d} ~ dS�d} ~ ww�) a�� The other side wants to get a channel. Payload:: string channel name uint32 remote channel number uint32 remote window size uint32 remote maximum packet size <channel specific data> We get a channel from self.getChannel(), give it a local channel number and notify the other side. Then notify the channel by calling its channelOpen method. �>3LN��r)��>4Lzchannel open failedzunknown failure�>2Lr��)r��r+��struct�unpack� getChannelr��idr ��r��r��pack�localWindowSize�localMaxPacket�specificDatar��r2��MSG_CHANNEL_OPEN_CONFIRMATION�channelOpen� Exceptionr;��failurer0��r��r'��args�int�OPEN_CONNECT_FAILED�MSG_CHANNEL_OPEN_FAILURE�NSr��) r��r3��channelTyper5�� senderChannel� windowSize� maxPacketr#��localChannel�openConfirmPacket�e�textualInfo�reasonr��r��r��ssh_CHANNEL_OPEN��sT�� zSSHConnection.ssh_CHANNEL_OPENc��C��sf��t��d\|dd��\}}}}\|dd��}\|�j\|�}\|�\|_\|\|�j\|<�\|\|�j\|<�\|\|_\|\|_\|�\|��dS�)a�� The other side accepted our MSG_CHANNEL_OPEN request. Payload:: uint32 local channel number uint32 remote channel number uint32 remote window size uint32 remote maximum packet size <channel specific data> Find the channel using the local channel number and notify its channelOpen method. rD��N��) rF��rG��r ��r��r��r��remoteWindowLeft�remoteMaxPacketrO��)r��r3��r[�� remoteChannelrY��rZ��rM��r#��r��r��r��ssh_CHANNEL_OPEN_CONFIRMATION��s�� z+SSHConnection.ssh_CHANNEL_OPEN_CONFIRMATIONc��C��s`��t��d\|dd��\}}t�\|dd��d�}\|�j\|�}\|�j\|=�\|�\|_t�\|\|�}\|�\|��dS�)a;�� The other side did not accept our MSG_CHANNEL_OPEN request. Payload:: uint32 local channel number uint32 reason code string reason description Find the channel using the local channel number and notify it by calling its openFailed() method. rE��N��r��) rF��rG��r��r+��r ��r��r��r'��r��)r��r3��r[�� reasonCode� reasonDescr#��r_��r��r��r��ssh_CHANNEL_OPEN_FAILURE��s�� z&SSHConnection.ssh_CHANNEL_OPEN_FAILUREc��C��s0��t��d\|dd��\}}\|�j\|�}\|�\|��dS�)z� The other side is adding bytes to its window. Payload:: uint32 local channel number uint32 bytes to add Call the channel's addWindowBytes() method to add new bytes to the remote window. rE��Nrf��)rF��rG��r ��addWindowBytes)r��r3��r[�� bytesToAddr#��r��r��r��ssh_CHANNEL_WINDOW_ADJUST��s�� z'SSHConnection.ssh_CHANNEL_WINDOW_ADJUSTc��C��s��t��d\|dd��\}}\|�j\|�}\|\|jks\|\|jkr(\|�j�d��\|��\|��dS�t� \|dd��d�}\|�j\|8��_\|j\|j d�k�rL\|��\|\|j \|j��\|�\|��dS�)a�� The other side is sending us data. Payload:: uint32 local channel number string data Check to make sure the other side hasn't sent too much data (more than what's in the window, or more than the maximum packet size). If they have, close the channel. Otherwise, decrease the available window and pass the data to the channel's dataReceived(). rE��Nrf��z too much data��r��) rF��rG��r ��localWindowLeftrL��r;��r�� sendCloser��r+��rK��adjustWindow�dataReceived)r��r3��r[�� dataLengthr#��r9��r��r��r��ssh_CHANNEL_DATA��s�� zSSHConnection.ssh_CHANNEL_DATAc��C��s��t��d\|dd��\}}}\|�j\|�}\|\|jks\|\|jkr)\|�j�d��\|��\|��dS�t� \|dd��d�}\|�j\|8��_\|j\|j d�k�rM\|��\|\|j \|j��\|�\|\|��dS�)a�� The other side is sending us exteneded data. Payload:: uint32 local channel number uint32 type code string data Check to make sure the other side hasn't sent too much data (more than what's in the window, or than the maximum packet size). If they have, close the channel. Otherwise, decrease the available window and pass the data and type code to the channel's extReceived(). rB��NrC��ztoo much extdatarf��r��rn��) rF��rG��r ��ro��rL��r;��r��rp��r��r+��rK��rq��extReceived)r��r3��r[��typeCoders��r#��r9��r��r��r��ssh_CHANNEL_EXTENDED_DATA��s�� z'SSHConnection.ssh_CHANNEL_EXTENDED_DATAc��C��s.��t��d\|dd��d�}\|�j\|�}\|��dS�)z� The other side is not sending any more data. Payload:: uint32 local channel number Notify the channel by calling its eofReceived() method. �>LNrm��r��)rF��rG��r ��eofReceived�r��r3��r[��r#��r��r��r��ssh_CHANNEL_EOF&��s�� zSSHConnection.ssh_CHANNEL_EOFc��C��sR��t��d\|dd��d�}\|�j\|�}\|��d\|_\|jr%\|jr'\|��\|��dS�dS�dS�)a1�� The other side is closing its end; it does not want to receive any more data. Payload:: uint32 local channel number Notify the channnel by calling its closeReceived() method. If the channel has also sent a close message, call self.channelClosed(). rx��Nrm��r��T)rF��rG��r �� closeReceived�remoteClosed�localClosedr��rz��r��r��r��ssh_CHANNEL_CLOSE1��s�� zSSHConnection.ssh_CHANNEL_CLOSEc��C��s��t��d\|dd��d�}t�\|dd��\}}t\|dd��}\|�j\|�}t�\|j\|\|dd��}\|rB\|� \|�j \|��\|�\|�j\|��\|S�dS�)ay�� The other side is sending a request to a channel. Payload:: uint32 local channel number string request name bool want reply <request specific data> Pass the message to the channel's requestReceived method. If the other side wants a reply, add callbacks which will send the reply. rx��Nrm��r��r)��) rF��rG��r��r+��r,��r ��r�� maybeDeferred�requestReceived�addCallback�_cbChannelRequest� addErrback�_ebChannelRequest)r��r3��r[��r4��r5��r6��r#��r(��r��r��r��ssh_CHANNEL_REQUESTA��s�� z!SSHConnection.ssh_CHANNEL_REQUESTc��C��s.��\|st��d��\|�j�tt�d\|�j\|��dS�)a)�� Called back if the other side wanted a reply to a channel request. If the result is true, send a MSG_CHANNEL_SUCCESS. Otherwise, raise a C{error.ConchError} @param result: the value returned from the channel's requestReceived() method. If it's False, the request failed. @type result: L{bool} @param localChannel: the local channel ID of the channel to which the request was made. @type localChannel: L{int} @raises ConchError: if the result is False. zfailed requestrx��N)r��r'��r��r2��MSG_CHANNEL_SUCCESSrF��rJ��r��r��resultr[��r��r��r��r��W��s�� zSSHConnection._cbChannelRequestc��C��s ��\|�j��tt�d\|�j\|��dS�)a?�� Called if the other wisde wanted a reply to the channel requeset and the channel request failed. @param result: a Failure, but it's not used. @param localChannel: the local channel ID of the channel to which the request was made. @type localChannel: L{int} rx��N)r��r2��MSG_CHANNEL_FAILURErF��rJ��r��r��r��r��r��r��l��s�� zSSHConnection._ebChannelRequestc��C��sF��t��d\|dd��d�}\|�j�\|�r!\|�j\|��d�}\|�d��dS�dS�)z� Our channel request to the other side succeeded. Payload:: uint32 local channel number Get the C{Deferred} out of self.deferreds and call it back. rx��Nrm��r��)rF��rG��r��getr=��r>��r��r3��r[��r(��r��r��r��ssh_CHANNEL_SUCCESS{��s ��z!SSHConnection.ssh_CHANNEL_SUCCESSc��C��sL��t��d\|dd��d�}\|�j�\|�r$\|�j\|��d�}\|�t�d��dS�dS�)z� Our channel request to the other side failed. Payload:: uint32 local channel number Get the C{Deferred} out of self.deferreds and errback it with a C{error.ConchError}. rx��Nrm��r��zchannel request failed)rF��rG��r��r��r=��r&��r��r'��r��r��r��r��ssh_CHANNEL_FAILURE��s ��z!SSHConnection.ssh_CHANNEL_FAILUREr��c��C��sH��\|�j��tt�\|�\|rdp d�\|��\|r"t��}\|�jd��\|��\|S�dS�)a �� Send a global request for this connection. Current this is only used for remote->local TCP forwarding. @type request: L{bytes} @type data: L{bytes} @type wantReply: L{bool} @rtype: C{Deferred}/L{None} ��r ��N) r��r2��MSG_GLOBAL_REQUESTr��rV��r��Deferredr��append)r��requestr9��r6��r(��r��r��r��sendGlobalRequest��s�� zSSHConnection.sendGlobalRequestr��c�� C��sp��\|�j�jd\|�j\|j\|jd��\|�j�tt� \|j �t�d\|�j\|j\|j��\|��\|�j\|_ \|\|�j\|�j<�\|��jd7��_dS�)z� Open a new channel on this connection. @type channel: subclass of C{SSHChannel} @type extra: L{bytes} z<opening channel {id} with {localWindowSize} {localMaxPacket})rI��rK��rL��rB��r)��N)r;��infor��rK��rL��r��r2��MSG_CHANNEL_OPENr��rV��namerF��rJ��rI��r ��)r��r#��extrar��r��r��openChannel��s,�� zSSHConnection.openChannelc��C��sz��\|j�rdS�\|�jjd\|d��\|�j�tt�d\|�j\|��t � \|��\|r"dnd�\|��\|r;t��}\|�j �\|jg��\|��\|S�dS�)a�� Send a request to a channel. @type channel: subclass of C{SSHChannel} @type requestType: L{bytes} @type data: L{bytes} @type wantReply: L{bool} @rtype: C{Deferred}/L{None} Nzsending request {requestType}�r4��rx��r��)r~��r;��r<��r��r2��MSG_CHANNEL_REQUESTrF��rJ��r��r��rV��r��r��r�� setdefaultrI��r��)r��r#��r4��r9��r6��r(��r��r��r��sendRequest��s$�� zSSHConnection.sendRequestc��C��sV��\|j�rdS�t�d\|�j\|�\|�}\|�j�t\|��\|�jjd\|\|j \|j d��\|�j \|7��_ dS�)z� Tell the other side that we will receive more data. This should not normally need to be called as it is managed automatically. @type channel: subclass of L{SSHChannel} @type bytesToAdd: L{int} NrE��z8adding {bytesToAdd} to {localWindowLeft} in channel {id})rk��ro��rI��)r~��rF��rJ��r��r��r2��MSG_CHANNEL_WINDOW_ADJUSTr;��r<��ro��rI��)r��r#��rk��r3��r��r��r��rq��s��zSSHConnection.adjustWindowc��C��s4��\|j�rdS�\|�j�tt�d\|�j\|��t�\|��dS�)z� Send data to a channel. This should not normally be used: instead use channel.write(data) as it manages the window automatically. @type channel: subclass of L{SSHChannel} @type data: L{bytes} Nrx��) r~��r��r2��MSG_CHANNEL_DATArF��rJ��r��r��rV��)r��r#��r9��r��r��r��sendData��s��zSSHConnection.sendDatac��C��s6��\|j�rdS�\|�j�tt�d\|�j\|�\|�t�\|��dS�)a6�� Send extended data to a channel. This should not normally be used: instead use channel.writeExtendedData(data, dataType) as it manages the window automatically. @type channel: subclass of L{SSHChannel} @type dataType: L{int} @type data: L{bytes} NrE��) r~��r��r2��MSG_CHANNEL_EXTENDED_DATArF��rJ��r��r��rV��)r��r#��dataTyper9��r��r��r��sendExtendedData��s�� zSSHConnection.sendExtendedDatac��C��s6��\|j�rdS�\|�j�d��\|�j�tt�d\|�j\|��dS�)zm Send an EOF (End of File) for a channel. @type channel: subclass of L{SSHChannel} Nzsending eofrx��) r~��r;��r<��r��r2��MSG_CHANNEL_EOFrF��rJ��r��r��r#��r��r��r��sendEOF��s��zSSHConnection.sendEOFc��C��s`��\|j�rdS�\|�jjd\|jd��\|�j�tt�d\|�j \|��d\|_�\|j�r,\|j r.\|��\|��dS�dS�dS�)zU Close a channel. @type channel: subclass of L{SSHChannel} Nzsending close {id})rI��rx��T)r~��r;��r��rI��r��r2��MSG_CHANNEL_CLOSErF��rJ��r��r}��r��r��r��r��r��rp�� s��zSSHConnection.sendClosec��C��s��\|�j�jd\|d��t\|�jd�r\|�jj�\|\|\|\|�}n\|�t�}dt\|��}t \|�\|d�}\|dur5\|\|\|\|�}nd}\|du�rAt �dt��\|�\|_ \|S�)ab�� The other side requested a channel of some sort. channelType is the type of channel being requested, windowSize is the initial size of the remote window, maxPacket is the largest packet we should send, data is any other packet data (often nothing). We return a subclass of L{SSHChannel}. By default, this dispatches to a method 'channel_channelType' with any non-alphanumerics in the channelType replace with _'s. If it cannot find a suitable method, it returns an OPEN_UNKNOWN_CHANNEL_TYPE error. The method is called with arguments of windowSize, maxPacket, data. @type channelType: L{bytes} @type windowSize: L{int} @type maxPacket: L{int} @type data: L{bytes} @rtype: subclass of L{SSHChannel}/L{tuple} z#got channel {channelType!r} request)rW��r��z channel_%sNzunknown channel)r;��r<��r��r��r�� lookupChannel� translate�TRANSLATE_TABLEr��getattrr��r'��OPEN_UNKNOWN_CHANNEL_TYPEr��)r��rW��rY��rZ��r9��chan�attr�fr��r��r��rH��1��s�� zSSHConnection.getChannelc��C��s\��\|�j�jd\|d��t\|�jd�r\|�jj�\|\|�S�t\|�dd��}t\|�d\|�d�}\|sdS�\|\|�S�) a�� We got a global request. pretty much, this is just used by the client to request that we forward a port from the server to the client. Returns either: - 1: request accepted - 1, <data>: request accepted with request specific data - 0: request denied By default, this dispatches to a method 'global_requestType' with -'s in requestType replaced with _'s. The found method is passed data. If this method cannot be found, this method returns 0. Otherwise, it returns the return value of that method. @type requestType: L{bytes} @type data: L{bytes} @rtype: L{int}/L{tuple} z got global {requestType} requestr��r��-��_z global_%sNr��) r;��r<��r��r��r��r-��r��replacer��)r��r4��r9��r��r��r��r��r-��Y��s��zSSHConnection.gotGlobalRequestc��C��sh��\|\|�j�v�r2d�\|_\|_\|�j\|j=�\|�j\|j=�\|�j�\|=�\|�j�\|jg��D�] }\|�t � d��q!\|��dS�dS�)a;�� Called when a channel is closed. It clears the local state related to the channel, and calls channel.closed(). MAKE SURE YOU CALL THIS METHOD, even if you subclass L{SSHConnection}. If you don't, things will break mysteriously. @type channel: L{SSHChannel} TzChannel closed.N)r��r~��r}��r��rI��r ��r��r=��r&��r��r'��closed)r��r#��r(��r��r��r��r��u��s�� zSSHConnection.channelClosedN)r��)r��)&�__name__� __module__�__qualname__�__doc__r��r��r;��r��r��r%��r"��r:��r@��rA��r`��re��ri��rl��rt��rw��r{��r��r��r��r��r��r��r��r��r��rq��r��r��r��rp��rH��r-��r��r��r��r��r��r ��sF�� 5 (r ��P��Q��R��Z��[��\��]��^��_��`��a��b��c��d��r)��rn��rm��MSG_c��c��s$��\|�] }\|t�v�r \|ntd��V��qdS�)r$��N)� alphanumsr,��)�.0�ir��r��r�� <genexpr>��s��"�r��)3r��stringrF��twisted.internet.errorr�� twisted.conchr��twisted.conch.sshr��r��twisted.internetr��twisted.loggerr��twisted.python.compatr��r�� SSHServicer ��r��r/��r.��r��rN��rU��r��r��r��r��r��r��r��r�� OPEN_ADMINISTRATIVELY_PROHIBITEDrT��r��OPEN_RESOURCE_SHORTAGE�EXTENDED_DATA_STDERR�messages�locals�copy�itemsr��value� ascii_letters�digitsr��bytes�ranger��protocolMessagesr��r��r��r��<module>��sR��v� ��ssh/__pycache__/__init__.cpython-310.pyc��0000644��00000000410�15027667726�0014026 0��ustar�00��o ��b��@��s��d�Z�dS�)zc An SSHv2 implementation for Twisted. Part of the Twisted.Conch package. Maintainer: Paul Swartz N)�__doc__��r��r��</usr/lib/python3/dist-packages/twisted/conch/ssh/__init__.py�<module>��s��ssh/__pycache__/userauth.cpython-310.pyc��0000644��00000064437�15027667726�0014152 0��ustar�00��o ��bSl��@��s��d�Z�ddlZddlmZmZ�ddlmZmZmZ�ddl m Z mZ�ddlm Z �ddlmZ�ddlmZmZ�dd lmZ�dd lmZ�ddlmZ�G�dd ��d ej�ZG�dd��dej�ZdZdZdZdZdZ dZ!i�Z"e#e$��%��D�]\Z&Z'e&dd��dkr}e&e"e'<�qme"e_(e"e_(["['dZ)dZdS�)z� Implementation of the ssh-userauth service. Currently implemented authentication types are public-key and password. Maintainer: Paul Swartz ��N)�error� interfaces)�keys�service� transport)�NS�getNS)�credentials)�UnauthorizedLogin)�defer�reactor)�Logger)�failure)�nativeStringc��@��s��e�Zd�ZdZdZdZdZdZeZ e jde jdiZ e��Zdd ��Zd d��Zdd ��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��Zd S�)!�SSHUserAuthServera�� A service implementing the server side of the 'ssh-userauth' service. It is used to authenticate the user on the other side as being able to access this server. @ivar name: the name of this service: 'ssh-userauth' @type name: L{bytes} @ivar authenticatedWith: a list of authentication methods that have already been used. @type authenticatedWith: L{list} @ivar loginTimeout: the number of seconds we wait before disconnecting the user for taking too long to authenticate @type loginTimeout: L{int} @ivar attemptsBeforeDisconnect: the number of failed login attempts we allow before disconnecting. @type attemptsBeforeDisconnect: L{int} @ivar loginAttempts: the number of login attempts that have been made @type loginAttempts: L{int} @ivar passwordDelay: the number of seconds to delay when the user gives an incorrect password @type passwordDelay: L{int} @ivar interfaceToMethod: a L{dict} mapping credential interfaces to authentication methods. The server checks to see which of the cred interfaces have checkers and tells the client that those methods are valid for authentication. @type interfaceToMethod: L{dict} @ivar supportedAuthentications: A list of the supported authentication methods. @type supportedAuthentications: L{list} of L{bytes} @ivar user: the last username the client tried to authenticate with @type user: L{bytes} @ivar method: the current authentication method @type method: L{bytes} @ivar nextService: the service the user wants started after authentication has been completed. @type nextService: L{bytes} @ivar portal: the L{twisted.cred.portal.Portal} we are using for authentication @type portal: L{twisted.cred.portal.Portal} @ivar clock: an object with a callLater method. Stubbed out for testing. ��ssh-userauthi�� publickey��passwordc��C��s��g�\|�_�d\|�_d\|�_d\|�_\|�jjj\|�_g�\|�_\|�j��D�]}\|\|�j v�r\|�j� \|�j \|��q\|�j�d�s<d\|�jv�r<\|�j�d��\|�j �\|�j\|�j�\|�_dS�)z� Called when the userauth service is started. Set up instance variables, check if we should allow password authentication (only allow if the outgoing connection is encrypted) and set up a login timeout. r��N�inr��)�authenticatedWith� loginAttempts�user�nextServicer��factory�portal�supportedAuthentications�listCredentialsInterfaces�interfaceToMethod�append�isEncrypted�remove�clock� callLater�loginTimeout�timeoutAuthentication�_cancelLoginTimeout)�self�i��r��</usr/lib/python3/dist-packages/twisted/conch/ssh/userauth.py�serviceStartedR��s �� z SSHUserAuthServer.serviceStartedc��C��s��\|�j�r \|�j��d\|�_�dS�dS�)zu Called when the userauth service is stopped. Cancel the login timeout if it's still going. N)r'��cancel�r(��r��r��r+��serviceStoppedl��s�� z SSHUserAuthServer.serviceStoppedc��C��s��d\|�_�\|�j�tjd��dS�)z� Called when the user has timed out on authentication. Disconnect with a DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE message. Ns��you took too long)r'��r��sendDisconnect�)DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLEr.��r��r��r+��r&��u��s��z'SSHUserAuthServer.timeoutAuthenticationc��C��s��\|�j�jd\|\|d��\|\|�jvrt�t�d��S�t\|�dd��}t \|�d\|��d�}\|r<\|\|�}\|s:t�t�\|��d��S�\|S�t�t�d \|��S�) a�� Try to authenticate the user with the given method. Dispatches to a auth_* method. @param kind: the authentication method to try. @type kind: L{bytes} @param user: the username the client is authenticating with. @type user: L{bytes} @param data: authentication specific data sent by the client. @type data: L{bytes} @return: A Deferred called back if the method succeeded, or erred back if it failed. @rtype: C{defer.Deferred} z{user!r} trying auth {kind!r})r��kindz#unsupported authentication, failing��-��_�auth_Nz" return None instead of a Deferredzbad auth type: ) �_log�debugr��r��failr�� ConchErrorr��replace�getattr)r(��r2��r��data�f�retr��r��r+��tryAuth��s�� zSSHUserAuthServer.tryAuthc��C��s��t�\|d�\}}}}\|\|�jks\|\|�jkrg�\|�_\|\|�_\|\|�_\|\|�_\|��\|\|\|�}\|s5\|��t�t � d��dS�\|�\|�j��\|� \|�j��\|� \|�j��\|S�)z� The client has requested authentication. Payload:: string user string next service string method <authentication specific data> @type packet: L{bytes} ��zauth returned noneN)r��r��r��r��methodr?�� _ebBadAuthr��Failurer��r9��addCallback�_cbFinishedAuth� addErrback�_ebMaybeBadAuth)r(��packetr��r��rA��rest�dr��r��r+��ssh_USERAUTH_REQUEST��s�� z&SSHUserAuthServer.ssh_USERAUTH_REQUESTc��C��sz��\|\}}}\|\|�j�_\|\|�j�_\|�j�j�\|�j�\|�j�}\|s"t�d\|�j��\|�jj d\|�j \|�jd��\|�j��t d��\|�j��\|��dS�)z� The callback when user has successfully been authenticated. For a description of the arguments, see L{twisted.cred.portal.Portal.login}. We start the service requested by the user. zcould not get next service: z&{user!r} authenticated with {method!r}�r��rA��N)r��avatar�logoutFunctionr�� getServicer��r��r9��r6��r7��r��rA�� sendPacket�MSG_USERAUTH_SUCCESS� setService)r(��result� interfacerN��logoutr��r��r��r+��rE��s�� z!SSHUserAuthServer._cbFinishedAuthc��C��s.��\|��tj��\|�j�ttd�\|�j��d��dS�)z� An intermediate errback. If the reason is error.NotEnoughAuthentication, we send a MSG_USERAUTH_FAILURE, but with the partial success indicator set. @type reason: L{twisted.python.failure.Failure} ��,��N) �trapr��NotEnoughAuthenticationr��rQ��MSG_USERAUTH_FAILUREr��joinr��r(��reasonr��r��r+��rG��s��z!SSHUserAuthServer._ebMaybeBadAuthc��C��s��\|��tj�rdS�\|�jdkrZ\|�jjd\|�j\|�jd��\|��t�r(\|�jjd\|��d��n\|��tj �r9\|�jjd\|��d��n \|�jj d \|\|�jd ��\|��jd7��_\|�j\|�jkrZ\|�j �t jd��dS�\|�j �ttd �\|�j��d��dS�)a{�� The final errback in the authentication chain. If the reason is error.IgnoreAuthentication, we simply return; the authentication method has sent its own response. Otherwise, send a failure message and (if the method is not 'none') increment the number of login attempts. @type reason: L{twisted.python.failure.Failure} N��nonez{user!r} failed auth {method!r}rL��zunauthorized login: {message})�messagezreason: {reason})r^��z#Error checking auth for user {user})r��r��r��s��too many bad authsrW��)�checkr��IgnoreAuthenticationrA��r6��r7��r��r ��getErrorMessager9��r��r��attemptsBeforeDisconnectr��r0��r1��rQ��r[��r��r\��r��r]��r��r��r+��rB��s6�� zSSHUserAuthServer._ebBadAuthc��C��s>��t�\|dd��}t\|dd��d�\}}}ztj�\|�}W�n�tjy;��d�\|�d��}\|�j� \|��t �t\|��Y�S�w�\|rDt\|�d�pEd}\|r�t \|�jj�ttf��t \|�j��t \|�j��t d��t\|f��t \|��t \|��} t�\|�j\|\|\| \|�} \|�j�\| dtj�S�t�\|�j\|\|dd�} \|�j�\| dtj��\|�j\|dd��S�)a�� Public key authentication. Payload:: byte has signature string algorithm name string key blob [string signature] (if has signature is True) Create a SSHPublicKey credential and verify it using our portal. r��r��N��z"Unsupported key type {} or bad key�asciir��)�ordr��r��Key� fromString�BadKeyError�format�decoder6��r��r��r8��r ��r��r�� sessionID�bytes�MSG_USERAUTH_REQUESTr��r��sshTyper �� SSHPrivateKeyr��loginr�� IConchUserrF��_ebCheckKey)r(��rH��hasSig�algName�blobrI��pubKeyr�� signature�b�cr��r��r+��auth_publickey��sB�� z SSHUserAuthServer.auth_publickeyc��C��s(��\|��tj��\|�j�t\|��t�t��S�)z� Called back if the user did not sent a signature. If reason is error.ValidPublicKey then this key is valid for the user to authenticate with. Send MSG_USERAUTH_PK_OK. ) rY��r��ValidPublicKeyr��rQ��MSG_USERAUTH_PK_OKr��rC��rc��)r(��r^��rH��r��r��r+��ru��$��s��zSSHUserAuthServer._ebCheckKeyc��C��s<��t�\|dd��d�}t�\|�j\|�}\|�j�\|dtj��\|�j �S�)z� Password authentication. Payload:: string password Make a UsernamePassword credential and verify it with our portal. r��Nr��) r��r ��UsernamePasswordr��r��rs��r��rt��rF��_ebPassword)r(��rH��passwordr\|��r��r��r+�� auth_password/��s ��zSSHUserAuthServer.auth_passwordc��C��s ��t��}\|�j�\|�j\|j\|��\|S�)z� If the password is invalid, wait before sending the failure in order to delay brute-force password guessing. )r��Deferredr#��r$�� passwordDelay�callback)r(��r=��rJ��r��r��r+��r��<��s��zSSHUserAuthServer._ebPasswordN)�__name__� __module__�__qualname__�__doc__�namer%��re��r��r��r#��r ��ISSHPrivateKey�IUsernamePasswordr��r ��r6��r,��r/��r&��r?��rK��rE��rG��rB��r}��ru��r��r��r��r��r��r+��r��s.��� '( r��c��@��s��e�Zd�ZdZdZg�d�Zdd��Zdd��Zdd ��Zd d��Z dd ��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zdd��Zd d!��Zd"d#��Zd$d%��Zd&d'��Zd(d)��Zdd+��Zd,d-��Zd.d/��Zd0d1��Zd2d3��Zd4d5��Zd;d7d8�Zd9d:��Z d6S�)<�SSHUserAuthClienta+�� A service implementing the client side of 'ssh-userauth'. This service will try all authentication methods provided by the server, making callbacks for more information when necessary. @ivar name: the name of this service: 'ssh-userauth' @type name: L{str} @ivar preferredOrder: a list of authentication methods that should be used first, in order of preference, if supported by the server @type preferredOrder: L{list} @ivar user: the name of the user to authenticate as @type user: L{bytes} @ivar instance: the service to start after authentication has finished @type instance: L{service.SSHService} @ivar authenticatedWith: a list of strings of authentication methods we've tried @type authenticatedWith: L{list} of L{bytes} @ivar triedPublicKeys: a list of public key objects that we've tried to authenticate with @type triedPublicKeys: L{list} of L{Key} @ivar lastPublicKey: the last public key object we've tried to authenticate with @type lastPublicKey: L{Key} r��)r��r��keyboard-interactivec��C��s��\|\|�_�\|\|�_d�S��N)r��instance)r(��r��r��r��r��r+��__init__c��s�� zSSHUserAuthClient.__init__c��C��s"��g�\|�_�g�\|�_d�\|�_\|��dd��d�S�)Nr_��rM��)r��triedPublicKeys� lastPublicKey� askForAuthr.��r��r��r+��r,��g��s��z SSHUserAuthClient.serviceStartedc��C��s6��\|\|�_�\|�j�tt\|�j�t\|�jj��t\|��\|��dS�)z� Send a MSG_USERAUTH_REQUEST. @param kind: the authentication method to try. @type kind: L{bytes} @param extraData: method-specific data to go in the packet @type extraData: L{bytes} N)�lastAuthr��rQ��rp��r��r��r��r��)r(��r2�� extraDatar��r��r+��r��m��s �� zSSHUserAuthClient.askForAuthc��C��s>��t�\|�dd��}\|�jjd\|d��t\|�d\|�d�}\|r\|��S�dS�)z� Dispatch to an authentication method. @param kind: the authentication method @type kind: L{bytes} r3��r4��ztrying to auth with {kind})r2��r5��N)r��r:��r6��r7��r;��)r(��r2��r=��r��r��r+��r?��\|��s��zSSHUserAuthClient.tryAuthc��G��s��\|��dd��dS�)z� Generic callback for a failed authentication attempt. Respond by asking for the list of accepted methods (the 'none' method) r_��rM��N)r��)r(��ignored�argsr��r��r+��_ebAuth��s��zSSHUserAuthClient._ebAuthc��C��s��\|�j��\|�j��dS�)z� We received a MSG_USERAUTH_SUCCESS. The server has accepted our authentication, so start the next service. N)r��rS��r��)r(��rH��r��r��r+��ssh_USERAUTH_SUCCESS��s��z&SSHUserAuthClient.ssh_USERAUTH_SUCCESSc��sr��t�\|�\}}t\|�}\|r��j��j��fdd�}t��fdd�\|�d�D��\|d�}��jjd\|d�� d t \|��S�) av�� We received a MSG_USERAUTH_FAILURE. Payload:: string methods byte partial success If partial success is C{True}, then the previous method succeeded but is not sufficient for authentication. C{methods} is a comma-separated list of accepted authentication methods. We sort the list of methods by their position in C{self.preferredOrder}, removing methods that have already succeeded. We then call C{self.tryAuth} with the most preferred method. @param packet: the C{MSG_USERAUTH_FAILURE} payload. @type packet: L{bytes} @return: a L{defer.Deferred} that will be callbacked with L{None} as soon as all authentication methods have been tried, or L{None} if no more authentication methods are available. @rtype: C{defer.Deferred} or L{None} c��s ��\|��j�v�r��j��\|��S�t��j��S�)a8�� Invoked once per authentication method in order to extract a comparison key which is then used for sorting. @param meth: the authentication method. @type meth: L{bytes} @return: the comparison key for C{meth}. @rtype: L{int} )�preferredOrder�index�len)�methr.��r��r+��orderByPreference��s�� zASSHUserAuthClient.ssh_USERAUTH_FAILURE.<locals>.orderByPreferencec��3��s��\|�] }\|��j�vr\|V��qd�S�r��)r��)�.0r��r.��r��r+�� <genexpr>��s�� z9SSHUserAuthClient.ssh_USERAUTH_FAILURE.<locals>.<genexpr>rW��)�keyzcan continue with: {methods})�methodsN)r��rh��r��r ��r��sorted�splitr6��r7��_cbUserauthFailure�iter)r(��rH��canContinue�partialr��r��r.��r+��ssh_USERAUTH_FAILURE��s�� z&SSHUserAuthClient.ssh_USERAUTH_FAILUREc��C��sZ��\|rd�S�zt�\|�}W�n�ty��\|�j�tjd��Y�d�S�w�t�\|�j\|�}\|�\|�j \|��\|S�)Ns(��no more authentication methods available) �next� StopIterationr��r0��r1��r�� maybeDeferredr?��rD��r��)r(��rT��iteratorrA��rJ��r��r��r+��r��s�� z$SSHUserAuthClient._cbUserauthFailurec��C��s>��t�\|�dt\|�j�dd��d�}\|dur\|\|�S�\|��dd��dS�)z� This message (number 60) can mean several different messages depending on the current authentication type. We dispatch to individual methods in order to handle this request. zssh_USERAUTH_PK_OK_%sr3��r4��Nr_��rM��)r;��r��r��r:��r��)r(��rH��funcr��r��r+��ssh_USERAUTH_PK_OK��s��z$SSHUserAuthClient.ssh_USERAUTH_PK_OKc��C��s��\|�j�}t\|�jj�ttf��t\|�j��t\|�jj��td��d�t\|� ��t\|� ��}\|��\|\|�}\|s;\|��dd��dS�\|� \|�j��\|�\|�j��dS�)z� This is MSG_USERAUTH_PK. Our public key is valid, so we create a signature and try to authenticate with it. r��r_��rM��N)r��r��r��rn��ro��rp��r��r��r��rq��rx��signDatar��rD�� _cbSignedDatarF��r��)r(��rH�� publicKeyr{��rJ��r��r��r+��ssh_USERAUTH_PK_OK_publickey��s.�� z.SSHUserAuthClient.ssh_USERAUTH_PK_OK_publickeyc��s^��t�\|d�\��}}d��_�_��d�}\|��j�j�}\|��fdd��\|��j�j��dS�)z� This is MSG_USERAUTH_PASSWD_CHANGEREQ. The password given has expired. We ask for an old password and a new password, then send both back to the server. rf��Ns��Old Password: c��s ��S�r��)�getPassword)r��promptr(��r��r+��<lambda>��s�� z?SSHUserAuthClient.ssh_USERAUTH_PK_OK_password.<locals>.<lambda>) r��_oldPass�_newPassr��addCallbacks�_setOldPassr��rD��_setNewPass)r(��rH��languagerI��rJ��r��r��r+��ssh_USERAUTH_PK_OK_password��s�� z-SSHUserAuthClient.ssh_USERAUTH_PK_OK_passwordc��C��s��t�\|d�\}}}}t�d\|dd��d�}\|dd��}g�}t\|�D�]}t�\|�\} }tt\|dd��} \|dd��}\|�\| \| f��q!\|��\|\|\|�}\|�\|�j ��\|� \|�j��dS�)z� This is MSG_USERAUTH_INFO_RESPONSE. The server has sent us the questions it wants us to answer, so we ask the user and sent the responses. r@��!LN��r��r��)r��struct�unpack�range�boolrh��r ��getGenericAnswersrD��_cbGenericAnswersrF��r��)r(��rH��r��instruction�langr<�� numPrompts�promptsr)��r��echorJ��r��r��r+��'ssh_USERAUTH_PK_OK_keyboard_interactive��s��z9SSHUserAuthClient.ssh_USERAUTH_PK_OK_keyboard_interactivec��C��s6��\|�j�}\|��ddt\|��t\|��t\|��dS�)z� Called back out of self.signData with the signed data. Send the authentication request with the signature. @param signedData: the data signed by the user's private key. @type signedData: L{bytes} r��r��N)r��r��r��rq��rx��)r(�� signedDatar��r��r��r+��r��&��s ��"�zSSHUserAuthClient._cbSignedDatac��C��s ��\|\|�_�dS�)z� Called back when we are choosing a new password. Simply store the old password for now. @param op: the old password as entered by the user @type op: L{bytes} N)r��)r(��opr��r��r+��r��4��s�� zSSHUserAuthClient._setOldPassc��C��s,��\|�j�}d\|�_�\|��ddt\|��t\|��dS�)z� Called back when we are choosing a new password. Get the old password and send the authentication message with both. @param np: the new password as entered by the user @type np: L{bytes} Nr��rX��)r��r��r��)r(��npr��r��r��r+��r��>��s�� zSSHUserAuthClient._setNewPassc��C��s>��t��dt\|��}\|D�]}\|t\|�d��7�}q \|�j�t\|��dS�)a�� Called back when we are finished answering keyboard-interactive questions. Send the info back to the server in a MSG_USERAUTH_INFO_RESPONSE. @param responses: a list of L{bytes} responses @type responses: L{list} r��UTF8N)r��packr��r��encoder��rQ��MSG_USERAUTH_INFO_RESPONSE)r(�� responsesr<��rr��r��r+��r��J��s�� z#SSHUserAuthClient._cbGenericAnswersc��C��s��t��\|�j�}\|�\|�j��\|S�)z� Try to authenticate with a public key. Ask the user for a public key; if the user has one, send the request to the server and return True. Otherwise, return False. @rtype: L{bool} )r��r��getPublicKey�addBoth�_cbGetPublicKey�r(��rJ��r��r��r+��r}��X��s��z SSHUserAuthClient.auth_publickeyc��C��sj��t�\|tj�sd�}\|d�ur3\|\|�_\|�j�\|��\|�jjd\|��d��\|�� ddt \|��t \|��dS�dS�)Nzusing key of type {keyType})�keyTyper��ra��TF) � isinstancer��ri��r��r��r ��r6��r7��typer��r��rq��rx��)r(��r��r��r��r+��r��d��s��z!SSHUserAuthClient._cbGetPublicKeyc��C��s$��\|��}\|r\|�\|�j\|�j��dS�dS�)z� Try to authenticate with a password. Ask the user for a password. If the user will return a password, return True. Otherwise, return False. @rtype: L{bool} TF)r��r��_cbPasswordr��r��r��r��r+��r��r��s ��zSSHUserAuthClient.auth_passwordc��C��s(��\|�j��d��\|��dtd�td��dS�)z� Try to authenticate with keyboard-interactive authentication. Send the request to the server and return True. @rtype: L{bool} z!authing with keyboard-interactiver��rM��T)r6��r7��r��r��r.��r��r��r+��auth_keyboard_interactive��s��z+SSHUserAuthClient.auth_keyboard_interactivec��C��s��\|��ddt\|��dS�)z� Called back when the user gives a password. Send the request to the server. @param password: the password the user entered @type password: L{bytes} r��ra��N)r��r��)r(��r��r��r��r+��r��s��zSSHUserAuthClient._cbPasswordc��C��s��\|��}\|sdS�\|�\|�j\|�S�)am�� Sign the given data with the given public key. By default, this will call getPrivateKey to get the private key, then sign the data using Key.sign(). This method is factored out so that it can be overridden to use alternate methods, such as a key agent. @param publicKey: The public key object returned from L{getPublicKey} @type publicKey: L{keys.Key} @param signData: the data to be signed by the private key. @type signData: L{bytes} @return: a Deferred that's called back with the signature @rtype: L{defer.Deferred} N)� getPrivateKeyrD��_cbSignData)r(��r��r��r��r��r��r+��r��s��zSSHUserAuthClient.signDatac��C��s ��\|��\|�S�)ae�� Called back when the private key is returned. Sign the data and return the signature. @param privateKey: the private key object @type privateKey: L{keys.Key} @param signData: the data to be signed by the private key. @type signData: L{bytes} @return: the signature @rtype: L{bytes} )�sign)r(�� privateKeyr��r��r��r+��r��s�� zSSHUserAuthClient._cbSignDatac��C��s��dS�)a�� Return a public key for the user. If no more public keys are available, return L{None}. This implementation always returns L{None}. Override it in a subclass to actually find and return a public key object. @rtype: L{Key} or L{None} Nr��r.��r��r��r+��r��s�� zSSHUserAuthClient.getPublicKeyc��C��t��t��S�)a�� Return a L{Deferred} that will be called back with the private key object corresponding to the last public key from getPublicKey(). If the private key is not available, errback on the Deferred. @rtype: L{Deferred} called back with L{Key} �r��r8��NotImplementedErrorr.��r��r��r+��r��s��zSSHUserAuthClient.getPrivateKeyNc��C��r��)a�� Return a L{Deferred} that will be called back with a password. prompt is a string to display for the password, or None for a generic 'user@hostname's password: '. @type prompt: L{bytes}/L{None} @rtype: L{defer.Deferred} r��)r(��r��r��r��r+��r��s�� zSSHUserAuthClient.getPasswordc��C��r��)a�� Returns a L{Deferred} with the responses to the promopts. @param name: The name of the authentication currently in progress. @param instruction: Describes what the authentication wants. @param prompts: A list of (prompt, echo) pairs, where prompt is a string to display and echo is a boolean indicating whether the user's response should be echoed as they type it. r��)r(��r��r��r��r��r��r+��r��s�� z#SSHUserAuthClient.getGenericAnswersr��)!r��r��r��r��r��r��r��r,��r��r?��r��r��r��r��r��r��r��r��r��r��r��r��r}��r��r��r��r��r��r��r��r��r��r��r��r��r��r+��r��F��s>�� 8 r��2��3��4��5��=��<��r��MSG_)+r��r�� twisted.conchr��r��twisted.conch.sshr��r��r��twisted.conch.ssh.commonr��r��twisted.credr ��twisted.cred.errorr ��twisted.internetr��r��twisted.loggerr ��twisted.pythonr��twisted.python.compatr�� SSHServicer��r��rp��r[��rR��MSG_USERAUTH_BANNERr��r��messages�list�locals�items�k�v�protocolMessages�MSG_USERAUTH_PASSWD_CHANGEREQ�MSG_USERAUTH_INFO_REQUESTr��r��r��r+��<module>��sF��.��&��ssh/__pycache__/filetransfer.cpython-310.pyc��0000644��00000104437�15027667726�0014771 0��ustar�00��o ��bɔ��@��s&��d�dl�Z�d�dlZd�dlZd�dlZd�dlmZ�d�dlmZ�d�dlm Z m Z �d�dlmZm Z �d�dlmZmZmZ�d�dlmZ�d�dlmZ�d�d lmZmZ�G�d d��dej�ZG�dd ��d e�ZG�dd��de�Zee �G�dd��d��ZG�dd��d�ZG�dd��de�Z dZ!dZ"dZ#dZ$dZ%dZ&dZ'dZ(dZ)dZd Z+d!Z,d"Z-d#Z.d$Z/d%Z0d&Z1d'Z2d(Z3d)Z4dZ5d+Z6d,Z7d-Z8d.Z9d/Z:d0Z;dZ<dZ=e=Z>dZ?dZ@d1ZAdZBdZCdZDdZEdZFdZGdZHdZIdZJd%ZKd2ZLd3ZMd�ZNdZOdZPdZQdZRdZSdZTdZUdZVd ZWeRZXeRZYeZ��Z[e\e[�]��D�]Z^e^�_d4��r e[e^�Z`e^dd��ejae`<�q�[[[^[`dS�)5��N)�Dict)�implementer)� ISFTPFile�ISFTPServer)�NS�getNS)�defer�error�protocol)�Logger)�failure)�nativeString� networkStringc��sd��e�Zd�ZU�e��ZdZi�Zeee f�e d<�dd��Zdd��Zdd��Z d d ��Zdd��Z��fd d�Z��ZS�)�FileTransferBase)��packetTypesc��C��s��d\|�_�d�\|�_d�S��N��)�buf�otherVersion��self��r��@/usr/lib/python3/dist-packages/twisted/conch/ssh/filetransfer.py�__init__��s�� zFileTransferBase.__init__c��C��s&��\|�j��t�dt\|�d�\|�\|��d�S�)Nz!LB��)� transport�write�struct�pack�len)r��kind�datar��r��r�� sendPacket"��s��&zFileTransferBase.sendPacketc��C��s<��\|��j�\|7��_�t\|�j��dkr�\|�j�d�d��}t�d\|�\}}}t\|�j��d\|�k�r)d�S�\|�j�dd\|��\|�j�d\|�d��}\|�_�\|�j�\|d��}\|sO\|�jjd\|d��qt\|�d\|��d��}\|sr\|�jjd\|\|dd��d ��\|�� \|t d \|��q\|�jjd\|\|d��z\|\|��W�n�ty��\|�jjd \|d��Y�qw�t\|�j��dksd�S�d�S�)N� ��z!LBL��zno packet type for {kind})r!��packet_z+not implemented: {packetType} data={data!r})� packetTyper"��zdon't understand z+dispatching: {packetType} requestId={reqId})r(��reqIdz,Failed to handle packet of type {packetType})r(��) r��r ��r��unpackr��get�_log�info�getattr�_sendStatus�FX_OP_UNSUPPORTED� Exceptionr��)r��r"��header�lengthr!��r)��r(��fr��r��r��dataReceived%��sJ�� ( ��zFileTransferBase.dataReceivedc��C��s��t��d\|d�d��\}i�}\|dd��}\|t@�tkr.t��d\|d�d��\}\|\|d<�\|dd��}\|t@�tkrNt��d\|d�d��\}}\|\|d<�\|\|d<�\|dd��}\|t@�tkrit��d\|d�d��\}\|\|d <�\|dd��}\|t@�tkr�t��d\|d�d��\}} \|\|d <�\| \|d<�\|dd��}\|t@�tkr�t��d\|d�d��\} \|dd��}t\| �D�]}t\|�\}}t\|�\} }\| \|dt \|��<�q�\|\|fS�) N�!Lr%��!Q��size�!2L�uid�gid�permissions�atime�mtime�ext_) r��r��FILEXFER_ATTR_SIZE�FILEXFER_ATTR_OWNERGROUP�FILEXFER_ATTR_PERMISSIONS�FILEXFER_ATTR_ACMODTIME�FILEXFER_ATTR_EXTENDED�ranger��r ��)r��r"��flags�attrsr9��r;��r<��permsr>��r?�� extendedCount�i�extendedType�extendedDatar��r��r��_parseAttributes`��s:��z!FileTransferBase._parseAttributesc��C��s8��d}d}d\|v�r\|t��d\|d��7�}\|tO�}d\|v�r/d\|v�r/\|t��d\|d�\|d��7�}\|tO�}d\|v�rA\|t��d \|d��7�}\|tO�}d \|v�rZd\|v�rZ\|t��d\|d �\|d��7�}\|tO�}g�}\|D�]}\|�d�r\|tt\|d d��}t\|\|��}\|� \|\|��q^\|r�\|t��d t \|��7�}\|d�\|�7�}\|tO�}t��d \|�\|�S�)Nr��r��r9��r7��r;��r<��r:��r=��r6��r>��r?��r@��r%��) r��r��rA��rB��rC��rD�� startswithr��r��appendr ��joinrE��)r��rH��rG��r"��extended�k�extType�extDatar��r��r��_packAttributes��s4�� z FileTransferBase._packAttributesc��s��t��\|��d\|�_dS�)zJ Called when connection to the remote subsystem was lost. FN)�super�connectionLost� connected�r��reason�� __class__r��r��rX��s�� zFileTransferBase.connectionLost)�__name__� __module__�__qualname__r��r,��versionsr��r��int�str�__annotations__r��r#��r5��rN��rV��rX�� __classcell__r��r��r\��r��r��s�� ;r��c��@��s0��e�Zd�ZdMdd�Zdd��Zdd��Zdd ��Zd d��ZdNd d�Zdd��Z dd��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd ��Zd!d"��Zd#d$��Zd%d&��Zd'd(��ZdOdd+�Zd,d-��Zd.d/��Zd0d1��Zd2d3��Zd4d5��Zd6d7��Zd8d9��Zd:d;��Zd<d=��Zd>d?��Z d@dA��Z!dPdCdD�Z"dQdFdG�Z#dRdIdJ�Z$dKdL��Z%dS�)S�FileTransferServerNc��C��s$��t��\|��t\|�\|�_i�\|�_i�\|�_d�S��N)r��r��r��client� openFiles�openDirs)r��r"��avatarr��r��r��r��s�� zFileTransferServer.__init__c�� C��s��t��d\|d�d��\}tt\|�j�\|g��\|�_\|dd��}i�}\|r2t\|�\}}t\|�\}}\|\|\|<�\|s \|�j�\|\|�}d}\|� ��D�]\}} \|t \|�t \| ��7�}q?\|��tt�� d\|�j�\|��d�S��Nr6��r%��r��)r��r��min�listra��versionr��rh�� gotVersion�itemsr��r#��FXP_VERSIONr��) r��r"��ro��ext�extNamerU��ourExt� ourExtDatarS��vr��r��r��packet_INIT��s��zFileTransferServer.packet_INITc��C��s��\|d�d��}\|dd��}t�\|�\}}t�d\|d�d��\}\|dd��}\|��\|�\}}\|dks5J�d\|��t�\|�jj\|\|\|�}\|�\|�j \|��\|� \|�j\|d��d�S�)Nr%��r6��r��zstill have data in OPEN: s��open failed)r��r��r��rN��r�� maybeDeferredrh��openFile�addCallback�_cbOpenFile� addErrback� _ebStatus)r��r"�� requestId�filenamerG��rH��dr��r��r��packet_OPEN��s��zFileTransferServer.packet_OPENc��C��sD��t�tt\|��}\|\|�jv�rtd��\|\|�j\|<�\|��t\|t\|��d�S�)Nzid already open)r��rc��hashri��KeyErrorr#�� FXP_HANDLEr��)r��fileObjr��fileIdr��r��r��r\|��s �� zFileTransferServer._cbOpenFilec�� C��s ��\|d�d��}\|dd��}t�\|�\}}\|�jjd\|\|d��\|dks&J�d\|��\|\|�jv�rH\|�j\|�}t�\|j�}\|�\|�j\|\|��\|� \|�j \|d��d�S�\|\|�jv�rm\|�j\|�d�}t�\|j�}\|�\|�j\|\|d��\|� \|�j \|d��d�S�tj }t�\|�}t\|\|�} \|�� t�\| �\|��d�S�) Nr%��z!closing: {requestId!r} {handle!r})r��handler��zstill have data in CLOSE: s��close failedr��r��)r��r,��r-��ri��r��ry��closer{��_cbCloser}��r~��rj��errno�ENOENT�os�strerror�OSErrorr��Failure) r��r"��r��r��r��r��dirObj�code�text�errr��r��r��packet_CLOSE��s.�� zFileTransferServer.packet_CLOSEr��c��C��s(��\|r\|�j�\|=�n\|�j\|=�\|��\|td��d�S�)Ns��file closed)rj��ri��r/��FX_OK)r��resultr��r��isDirr��r��r��r��s�� zFileTransferServer._cbClosec��C��s��\|d�d��}\|dd��}t�\|�\}}t�d\|d�d��\|dd��\}}}\|dks0J�d\|��\|\|�jvrA\|��t�t��\|��d�S�\|�j\|�}t� \|j \|\|�}\|�\|�j\|��\|� \|�j\|d��d�S�)Nr%��!QL��r��zstill have data in READ: s��read failed)r��r��r��ri��_ebReadr��r��r��r��ry�� readChunkr{��_cbReadr}��r~��)r��r"��r��r��offsetr3��r��r��r��r��r��packet_READ��s��& zFileTransferServer.packet_READc��C��s&��\|dkrt��\|��t\|t\|��d�S�r��)�EOFErrorr#��FXP_DATAr��r��r��r��r��r��r��r��s��zFileTransferServer._cbReadc��C��s��\|d�d��}\|dd��}t�\|�\}}t�d\|d�d��\}\|dd��}t�\|�\}}\|dks4J�d\|��\|\|�jvrE\|��t�t��\|��d�S�\|�j\|�}t� \|j \|\|�}\|�\|�j\|d��\|� \|�j\|d��d�S�)Nr%��r7��r8��r��zstill have data in WRITE: s��write succeededs��write failed)r��r��r��ri��_ebWriter��r��r��r��ry�� writeChunkr{�� _cbStatusr}��r~��)r��r"��r��r��r�� writeDatar��r��r��r��r��packet_WRITE��s�� zFileTransferServer.packet_WRITEc��C��n��\|d�d��}\|dd��}t�\|�\}}\|dksJ�d\|��t�\|�jj\|�}\|�\|�j\|d��\|�\|�j\|d��d�S�)Nr%��r��zstill have data in REMOVE: s��remove succeededs ��remove failed) r��r��ry��rh�� removeFiler{��r��r}��r~��)r��r"��r��r��r��r��r��r�� packet_REMOVE��z FileTransferServer.packet_REMOVEc��C��s\|��\|d�d��}\|dd��}t�\|�\}}t�\|�\}}\|dks#J�d\|��t�\|�jj\|\|�}\|�\|�j\|d��\|�\|�j\|d��d�S�)Nr%��r��zstill have data in RENAME: s��rename succeededs ��rename failed) r��r��ry��rh�� renameFiler{��r��r}��r~��)r��r"��r��oldPath�newPathr��r��r��r�� packet_RENAME��s��z FileTransferServer.packet_RENAMEc��C��s~��\|d�d��}\|dd��}t�\|�\}}\|��\|�\}}\|dks$J�d\|��t�\|�jj\|\|�}\|�\|�j\|d��\|�\|�j \|d��d�S�)Nr%��r��zstill have data in MKDIR: s��mkdir succeededs��mkdir failed) r��rN��r��ry��rh�� makeDirectoryr{��r��r}��r~��r��r"��r��pathrH��r��r��r��r��packet_MKDIR#��s��zFileTransferServer.packet_MKDIRc��C��r��)Nr%��r��zstill have data in RMDIR: s��rmdir succeededs��rmdir failed) r��r��ry��rh��removeDirectoryr{��r��r}��r~��r��r"��r��r��r��r��r��r��packet_RMDIR-��r��zFileTransferServer.packet_RMDIRc��C��l��\|d�d��}\|dd��}t�\|�\}}\|dksJ�d\|��t�\|�jj\|�}\|�\|�j\|��\|�\|�j\|d��d�S�)Nr%��r��zstill have data in OPENDIR: s��opendir failed) r��r��ry��rh�� openDirectoryr{��_cbOpenDirectoryr}��r~��r��r��r��r��packet_OPENDIR6��z!FileTransferServer.packet_OPENDIRc��C��sL��t�tt\|��}\|\|�jv�rtd��\|t\|�g\|�j\|<�\|��t\|t\|��d�S�)Nzalready opened this directory) r��rc��r��rj��r��iterr#��r��r��)r��r��r��r��r��r��r��r��?��s �� z#FileTransferServer._cbOpenDirectoryc��C��s��\|d�d��}\|dd��}t�\|�\}}\|dksJ�d\|��\|\|�jvr.\|��t�t��\|��d�S�\|�j\|�\}}t�\|�j\|g��}\|� \|�j \|��\|�\|�j\|d��d�S�)Nr%��r��zstill have data in READDIR: s��scan directory failed)r��rj��r~��r��r��r��r��ry��_scanDirectoryr{��_cbSendDirectoryr}��)r��r"��r��r��r��dirIterr��r��r��r��packet_READDIRF��s�� z!FileTransferServer.packet_READDIRc��C��sr��t�\|�dk�r7zt\|�}W�n�ty��\|st�\|�Y�S�w�t\|tj�r,\|�\|�j\|\|��d�S�\|� \|��t�\|�dk�s\|S�)N��) r ��next� StopIterationr�� isinstancer��Deferredr{��_cbScanDirectoryrP��)r��r��r4��r-��r��r��r��r��S��s�� z!FileTransferServer._scanDirectoryc��C��s��\|��\|��\|��\|\|�S�rg��)rP��r��)r��r��r��r4��r��r��r��r��b��s�� z#FileTransferServer._cbScanDirectoryc�� C��s^��d}\|D�]\}}}\|t�\|�7�}\|t�\|�7�}\|\|��\|�7�}q\|��t\|t�dt\|��\|��d�S�)Nr��r6��)r��rV��r#��FXP_NAMEr��r��r ��)r��r��r��r"��r��longnamerH��r��r��r��r��f��s��$z#FileTransferServer._cbSendDirectoryr��c��C��sn��\|d�d��}\|dd��}t�\|�\}}\|dksJ�d\|��t�\|�jj\|\|�}\|�\|�j\|��\|�\|�j\|d��d�S�)Nr%��r��zstill have data in STAT/LSTAT: s��stat/lstat failed) r��r��ry��rh��getAttrsr{��_cbStatr}��r~��)r��r"��followLinksr��r��r��r��r��r��packet_STATn��s��zFileTransferServer.packet_STATc��C��s��\|��\|d��d�S��Nr��)r��)r��r"��r��r��r��packet_LSTATw��zFileTransferServer.packet_LSTATc��C��s��\|d�d��}\|dd��}t�\|�\}}\|dksJ�d\|��\|\|�jvr2\|��t�t\|��d��\|��d�S�\|�j\|�}t�\|j�}\|� \|�j \|��\|�\|�j\|d��d�S�)Nr%��r��zstill have data in FSTAT: z not in self.openFiless��fstat failed)r��ri��r~��r��r��r��r��ry��r��r{��r��r}��)r��r"��r��r��r��r��r��r��r��packet_FSTATz��s�� zFileTransferServer.packet_FSTATc��C��s��\|\|��\|��}\|��t\|��d�S�rg��)rV��r#�� FXP_ATTRS)r��r��r��r"��r��r��r��r��s��zFileTransferServer._cbStatc��C��s��\|d�d��}\|dd��}t�\|�\}}\|��\|�\}}\|dkr%\|�jjd\|d��t�\|�jj\|\|�}\|�\|�j \|d��\|� \|�j\|d��d�S�)Nr%��r��z$Still have data in SETSTAT: {data!r})r"��s��setstat succeededs��setstat failed)r��rN��r,��warnr��ry��rh��setAttrsr{��r��r}��r~��r��r��r��r��packet_SETSTAT��s��z!FileTransferServer.packet_SETSTATc��C��s��\|d�d��}\|dd��}t�\|�\}}\|��\|�\}}\|dks$J�d\|��\|\|�jvr5\|��t�t��\|��d�S�\|�j\|�}t�\|j \|�}\|� \|�j\|d��\|�\|�j\|d��d�S�)Nr%��r��zstill have data in FSETSTAT: s��fsetstat succeededs��fsetstat failed) r��rN��ri��r~��r��r��r��r��ry��r��r{��r��r}��)r��r"��r��r��rH��r��r��r��r��r��packet_FSETSTAT��s�� z"FileTransferServer.packet_FSETSTATc��C��r��)Nr%��r��zstill have data in READLINK: s��readlink failed) r��r��ry��rh��readLinkr{��_cbReadLinkr}��r~��r��r��r��r��packet_READLINK��r��z"FileTransferServer.packet_READLINKc��C��s��\|��\|di�fg\|��d�S�r��)r��r��r��r��r��r��s��zFileTransferServer._cbReadLinkc��C��sf��\|d�d��}\|dd��}t�\|�\}}t�\|�\}}t�\|�jj\|\|�}\|�\|�j\|d��\|�\|�j\|d��d�S�)Nr%��s��symlink succeededs��symlink failed) r��r��ry��rh��makeLinkr{��r��r}��r~��)r��r"��r��linkPath� targetPathr��r��r��r��packet_SYMLINK��s��z!FileTransferServer.packet_SYMLINKc��C��r��)Nr%��r��zstill have data in REALPATH: s��realpath failed) r��r��ry��rh��realPathr{��r��r}��r~��r��r��r��r��packet_REALPATH��r��z"FileTransferServer.packet_REALPATHc��C��s`��\|d�d��}\|dd��}t�\|�\}}t�\|�jj\|\|�}\|�\|�j\|��\|�\|�j\|d\|�d��d�S�)Nr%��s ��extended s�� failed) r��r��ry��rh��extendedRequestr{��_cbExtendedr}��r~��)r��r"��r��rt��rU��r��r��r��r��packet_EXTENDED��s��z"FileTransferServer.packet_EXTENDEDc��C��s��\|��t\|\|��d�S�rg��)r#��FXP_EXTENDED_REPLY)r��r"��r��r��r��r��r��zFileTransferServer._cbExtended��request succeededc��C��s��\|��\|t\|��d�S�rg��)r/��r��)r��r��r��msgr��r��r��r��s��zFileTransferServer._cbStatus��request failedc��C��s��t�}\|}t\|jttf�rA\|jjtjkrt}t\|jj �}nj\|jjtj kr,t}t\|jj �}nZ\|jjtjkr6t }nP\|�jjd\|\|\|d��nEt\|jt�rVt}\|jjrUt\|jjd��}n0t\|jt�rkt}\|jjrjt\|jjd��}nt\|jt�r\|\|jj}t\|jj�}n \|�jjd\|\|\|d��\|��\|\|\|��d�S�)Nz%Request {requestId} failed: {message})r��r��messager��z8Request {requestId} failed with unknown error: {message})� FX_FAILUREr��value�IOErrorr��r��r��FX_NO_SUCH_FILEr��r��EACCES�FX_PERMISSION_DENIED�EEXIST�FX_FILE_ALREADY_EXISTSr,��r��r��FX_EOF�args�NotImplementedErrorr0�� SFTPErrorr��r��r/��)r��r[��r��r��r��r��r��r��r��r~��sJ��zFileTransferServer._ebStatusr��c��C��s8��\|t��d\|��}\|t\|�7�}\|t\|�7�}\|��t\|��dS�)z= Helper method to send a FXP_STATUS message. r6��N)r��r��r��r#�� FXP_STATUS)r��r��r��r��langr"��r��r��r��r/��s��zFileTransferServer._sendStatusc��C��sP��t��\|�\|��\|�j��D�]}\|��qi�\|�_\|�j��D�]\}}\|��qi�\|�_dS�)z{ Called when connection to the remote subsystem was lost. Clean all opened files and directories. N)r��rX��ri��valuesr��rj��)r��r[��r��r��r��r��r��r��rX��s�� z!FileTransferServer.connectionLost)NN�r��)r��)r��)r��)r��)&r^��r_��r`��r��rx��r��r\|��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r~��r/��rX��r��r��r��r��rf��sH�� ' rf��c��@��s��e�Zd�Zi�fdd�Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dd��Z dd��Zdd��Zdd��Z dd��Zd9dd�Zdd��Zdd��Zd d!��Zd"d#��Zd$d%��Zd&d'��Zd(d)��Zdd+��Zd,d-��Zd.d/��Zd0d1��Zd2d3��Zd4d5��Zd6d7��Zd8S�):�FileTransferClientc��C��s ��t��\|��i�\|�_d\|�_i�\|�_dS�)zq @param extData: a dict of extended_name : extended_data items to be sent to the server. r��N)r��r��rU��counter�openRequests)r��rU��r��r��r��r��s�� zFileTransferClient.__init__c��C��sJ��t��dt\|�j��}\|�j��D�]\}}\|t\|�t\|��7�}q\|��t\|��d�S�)Nr6��) r��r��maxra��rU��r��r��r#��FXP_INIT)r��r"��rS��rw��r��r��r��connectionMade��s��z!FileTransferClient.connectionMadec��C��s\��t��\|�\|��\|�jrt��}\|j\|_t�\|�}\|�jr,\|�j� ��\}}\|� \|��\|�jsdS�dS�dS�)zu Called when connection to the remote subsystem was lost. Any pending requests are aborted. N)r��rX��r��r ��ConnectionLostr�� __cause__r��r��popitem�errback)r��r[��requestError�requestFailure�_�deferredr��r��r��rX��%��s�� z!FileTransferClient.connectionLostc��C��sX��\|�j�s t�t��S�t�d\|�j�\|�}t��}\|\|�j \|�j<�\|��jd7��_\|�� \|\|��\|S�)z� Send a request and return a deferred which waits for the result. @type msg: L{int} @param msg: The request type (e.g., C{FXP_READ}). @type data: L{bytes} @param data: The body of the request. r6��r��)rY��r��failr ��r��r��r��r��r��r��r#��)r��r��r"��r��r��r��r��_sendRequest;��s�� zFileTransferClient._sendRequestc��C��s8��t��d\|d�d��\}\|�j\|�}\|�j\|=�\|\|dd��fS��Nr6��r%��)r��r��r��)r��r"��idr��r��r��r�� _parseRequestO��s�� z FileTransferClient._parseRequestc��C��s>��t�\|�t�d\|��\|��\|��}\|��t\|�}\|�\|�jt\|��\|S�)a�� Open a file. This method returns a L{Deferred} that is called back with an object that provides the L{ISFTPFile} interface. @type filename: L{bytes} @param filename: a string representing the file to open. @param flags: an integer of the flags to open the file with, ORed together. The flags and their values are listed at the bottom of this file. @param attrs: a list of attributes to open the file with. It is a dictionary, consisting of 0 or more keys. The possible keys are:: size: the size of the file in bytes uid: the user ID of the file as an integer gid: the group ID of the file as an integer permissions: the permissions of the file with as an integer. the bit representation of this field is defined by POSIX. atime: the access time of the file as seconds since the epoch. mtime: the modification time of the file as seconds since the epoch. ext_: extended attributes. The server is not required to understand this, but it may. NOTE: there is no way to indicate text or binary files. it is up to the SFTP client to deal with this. r6��) r��r��r��rV��r��FXP_OPENr{�� _cbOpenHandle� ClientFile)r��r��rG��rH��r"��r��r��r��r��rz��U��s��zFileTransferClient.openFilec��C��s��\|\|�\|�}\|\|_�\|S�)a�� Callback invoked when an OPEN or OPENDIR request succeeds. @param handle: The handle returned by the server @type handle: L{bytes} @param handleClass: The class that will represent the newly-opened file or directory to the user (either L{ClientFile} or L{ClientDirectory}). @param name: The name of the file or directory represented by C{handle}. @type name: L{bytes} )�name)r��r��handleClassr��cbr��r��r��r��w��s�� z FileTransferClient._cbOpenHandlec��C��\|��tt\|��S�)z� Remove the given file. This method returns a Deferred that is called back when it succeeds. @type filename: L{bytes} @param filename: the name of the file as a string. )r�� FXP_REMOVEr��)r��r��r��r��r��r��s�� zFileTransferClient.removeFilec��C��\|��tt\|�t\|��S�)a�� Rename the given file. This method returns a Deferred that is called back when it succeeds. @type oldpath: L{bytes} @param oldpath: the current location of the file. @type newpath: L{bytes} @param newpath: the new file name. )r�� FXP_RENAMEr��)r��oldpath�newpathr��r��r��r��s��zFileTransferClient.renameFilec��C��s��\|��tt\|�\|��\|��S�)au�� Make a directory. This method returns a Deferred that is called back when it is created. @type path: L{bytes} @param path: the name of the directory to create as a string. @param attrs: a dictionary of attributes to create the directory with. Its meaning is the same as the attrs in the openFile method. )r�� FXP_MKDIRr��rV��)r��r��rH��r��r��r��r��s�� z FileTransferClient.makeDirectoryc��C��r��)a-�� Remove a directory (non-recursively) It is an error to remove a directory that has files or directories in it. This method returns a Deferred that is called back when it is removed. @type path: L{bytes} @param path: the directory to remove. )r�� FXP_RMDIRr��)r��r��r��r��r��r��s��z"FileTransferClient.removeDirectoryc��C��s$��\|��tt\|��}\|�\|�jt\|��\|S�)a�� Open a directory for scanning. This method returns a Deferred that is called back with an iterable object that has a close() method. The close() method is called when the client is finished reading from the directory. At this point, the iterable will no longer be used. The iterable returns triples of the form (filename, longname, attrs) or a Deferred that returns the same. The sequence must support __getitem__, but otherwise may be any 'sequence-like' object. filename is the name of the file relative to the directory. logname is an expanded format of the filename. The recommended format is: -rwxr-xr-x 1 mjos staff 348911 Mar 25 14:29 t-filexfer 1234567890 123 12345678 12345678 12345678 123456789012 The first line is sample output, the second is the length of the field. The fields are: permissions, link count, user owner, group owner, size in bytes, modification time. attrs is a dictionary in the format of the attrs argument to openFile. @type path: L{bytes} @param path: the directory to open. )r��FXP_OPENDIRr��r{��r��ClientDirectory�r��r��r��r��r��r��r��s��z FileTransferClient.openDirectoryr��c��C��s��\|rt�}nt}\|��\|t\|��S�)a�� Return the attributes for the given path. This method returns a dictionary in the same format as the attrs argument to openFile or a Deferred that is called back with same. @type path: L{bytes} @param path: the path to return attributes for as a string. @param followLinks: a boolean. if it is True, follow symbolic links and return attributes for the real path at the base. if it is False, return attributes for the specified path. )�FXP_STAT� FXP_LSTATr��r��)r��r��r��mr��r��r��r��s�� zFileTransferClient.getAttrsc��C��s��t�\|�\|��\|��}\|��t\|�S�)ad�� Set the attributes for the path. This method returns when the attributes are set or a Deferred that is called back when they are. @type path: L{bytes} @param path: the path to set attributes for as a string. @param attrs: a dictionary in the same format as the attrs argument to openFile. )r��rV��r��FXP_SETSTAT)r��r��rH��r"��r��r��r��r��s��zFileTransferClient.setAttrsc��C��\|��tt\|��}\|�\|�j�S�)z� Find the root of a set of symbolic links. This method returns the target of the link, or a Deferred that returns the same. @type path: L{bytes} @param path: the path of the symlink to read. )r��FXP_READLINKr��r{��_cbRealPathr��r��r��r��r�� zFileTransferClient.readLinkc��C��r��)a[�� Create a symbolic link. This method returns when the link is made, or a Deferred that returns the same. @type linkPath: L{bytes} @param linkPath: the pathname of the symlink as a string @type targetPath: L{bytes} @param targetPath: the path of the target of the link as a string. )r��FXP_SYMLINKr��)r��r��r��r��r��r��r��s��zFileTransferClient.makeLinkc��C��r ��)z� Convert any path to an absolute path. This method returns the absolute path as a string, or a Deferred that returns the same. @type path: L{bytes} @param path: the path to convert as a string. )r��FXP_REALPATHr��r{��r"��r��r��r��r��r��r#��zFileTransferClient.realPathc��C��s��\|d�\}}}\|��d�}\|S�)Nr��zutf-8)�decode)r��r��r��r��rH��r��r��r��r"��)��s�� zFileTransferClient._cbRealPathc��C��s��\|��tt\|�\|��S�)ak�� Make an extended request of the server. The method returns a Deferred that is called back with the result of the extended request. @type request: L{bytes} @param request: the name of the extended request to make. @type data: L{bytes} @param data: any other data that goes along with the request. )r��FXP_EXTENDEDr��)r��requestr"��r��r��r��r��.��s��z"FileTransferClient.extendedRequestc��C��sd��t��d\|d�d��\}\|dd��}i�}\|r't\|�\}}t\|�\}}\|\|\|<�\|s\|\|�_\|��\|\|��d�S�r��)r��r��r��ro��gotServerVersion)r��r"��ro��r��rS��rw��r��r��r��packet_VERSION<��s��z!FileTransferClient.packet_VERSIONc��C��s��\|��\|�\}}t�d\|d�d��\}\|dd��}t\|�dkr4t\|�\}}t\|�dkr1t\|�\}}nd}nd}d}\|tkrE\|�\|\|f��d�S�\|tkrR\|�t \|��d�S�\|t kr_\|�t\|��d�S�\|�t\|t \|�\|��d�S�rl��)r ��r��r��r ��r��r��callbackr��r��r��r0��r��r��r ��)r��r"��r��r��r��r��r��r��r�� packet_STATUSG��s"��z FileTransferClient.packet_STATUSc��C��s(��\|��\|�\}}t\|�\}}\|�\|��d�S�rg��)r ��r��r+��)r��r"��r��r��r��r��r��r�� packet_HANDLE]��s��z FileTransferClient.packet_HANDLEc��C��s$��\|��\|�\}}\|�t\|�d��d�S�r��)r ��r+��r��r��r"��r��r��r��r��packet_DATAb��s��zFileTransferClient.packet_DATAc�� C��s��\|��\|�\}}t�d\|d�d��\}\|dd��}g�}t\|�D�]}t\|�\}}t\|�\}}\|��\|�\}}\|�\|\|\|f��q\|�\|��d�S�r��)r ��r��r��rF��r��rN��rP��r+��) r��r"��r��count�filesrK��r��r��rH��r��r��r��packet_NAMEf��s��zFileTransferClient.packet_NAMEc��C��s&��\|��\|�\}}\|�\|��\|�d��d�S�r��)r ��r+��rN��r.��r��r��r��packet_ATTRSr��s��zFileTransferClient.packet_ATTRSc��C��s��\|��\|�\}}\|�\|��d�S�rg��)r ��r+��r.��r��r��r��packet_EXTENDED_REPLYv��s��z(FileTransferClient.packet_EXTENDED_REPLYc��C��s��dS�)aN�� Called when the client sends their version info. @param serverVersion: an integer representing the version of the SFTP protocol they are claiming. @param extData: a dictionary of extended_name : extended_data items. These items are sent by the client to indicate additional features. Nr��)r�� serverVersionrU��r��r��r��r)��z��s��z#FileTransferClient.gotServerVersionNr��)r^��r_��r`��r��r��rX��r��r ��rz��r��r��r��r��r��r��r��r��r��r��r��r"��r��r��r,��r-��r/��r2��r3��r4��r)��r��r��r��r��r��s8�� " " r��c��@��s<��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd S�)r ��c��C��s��\|\|�_�t\|�\|�_d�S�rg��)�parentr��r��r��r6��r��r��r��r��r��s��zClientFile.__init__c��C��\|�j��t\|�j�S�rg��)r6��r�� FXP_CLOSEr��r��r��r��r��r��r��zClientFile.closec��C��s"��\|�j�t�d\|\|��}\|�j�t\|�S�)Nr��)r��r��r��r6��r��FXP_READ)r��r��r3��r"��r��r��r��r��s��zClientFile.readChunkc��C��s(��\|�j�t�d\|��t\|��}\|�j�t\|�S�)Nr7��)r��r��r��r��r6��r�� FXP_WRITE)r��r��chunkr"��r��r��r��r��s��zClientFile.writeChunkc��C��r8��rg��)r6��r�� FXP_FSTATr��r��r��r��r��r��r��zClientFile.getAttrsc��C��s ��\|�j�\|�j�\|��}\|�j�t\|�S�rg��)r��r6��rV��r��r=��)r��rH��r"��r��r��r��r��s��zClientFile.setAttrsN) r^��r_��r`��r��r��r��r��r��r��r��r��r��r��r ��s��r ��c��@��sH��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��ZeZdd��Z d d��Z dS�)r��c��C��s��\|\|�_�t\|�\|�_g�\|�_d�S�rg��)r6��r��r�� filesCacher7��r��r��r��r��s�� zClientDirectory.__init__c��C��r8��rg��)r6��r��FXP_READDIRr��r��r��r��r��read��r��zClientDirectory.readc��C��s.��\|�j�d�u�r t�d��S�\|�j�t\|�j��}d�\|�_�\|S�rg��)r��r��succeedr6��r��r9��r��r��r��r��r��r��s �� zClientDirectory.closec��C��s��\|�S�rg��r��r��r��r��r��__iter__��s��zClientDirectory.__iter__c��C��sN��t�jdtdd��\|�jr\|�j�d�S�\|�jd�u�rt��\|��}\|�\|�j\|�j ��\|S�)NzeUsing twisted.conch.ssh.filetransfer.ClientDirectory as an iterator was deprecated in Twisted 18.9.0.��)�category� stacklevelr��) �warningsr��DeprecationWarningr>��popr��r@��addCallbacks� _cbReadDir� _ebReadDirrB��r��r��r��__next__��s�� zClientDirectory.__next__c��C��s��\|dd��\|�_�\|d�S�)Nr��r��)r>��)r��namesr��r��r��rK��s��zClientDirectory._cbReadDirc��C��s��\|��t��d�\|�_t�t��S�rg��)�trapr��r>��r��r��r��rZ��r��r��r��rL��s�� zClientDirectory._ebReadDirN)r^��r_��r`��r��r@��r��rC��rM��r��rK��rL��r��r��r��r��r��s��r��c��@��s0��e�Zd�Zd dd�Zedd��Zdefdd�Zd S�)r��c��C��s ��t��\|��\|\|�_\|\|�_\|\|�_d�S�rg��)r1��r��r��_messager��)r�� errorCode�errorMessager��r��r��r��r��s�� zSFTPError.__init__c��C��s��\|�j�S�)zX A string received over the network that explains the error to a human. )rQ��r��r��r��r��r��s�� zSFTPError.message�returnc��C��s��d\|�j��d\|�j��S�)Nz SFTPError z: )r��r��r��r��r��r��__str__��r��zSFTPError.__str__N)rP��)r^��r_��r`��r��propertyr��rc��rU��r��r��r��r��r��s �� r��r��rD��r��r%��r&��r8��r$�� r�� e��f��g��h��i��l�� @��FXP_)br��r��r��rG��typingr��zope.interfacer��twisted.conch.interfacesr��r��twisted.conch.ssh.commonr��r��twisted.internetr��r ��r ��twisted.loggerr��twisted.pythonr��twisted.python.compatr ��r��Protocolr��rf��r��r ��r��r1��r��r��rr��r��r9��r:��r;��r��r=��r��FXP_FSETSTATr��r?��r��r��r��r%��r��r��r!��r$��r��r��r��r��r��r'��r��rA��FILEXFER_ATTR_UIDGIDrB��rC��rD��rE��FILEXFER_TYPE_REGULAR�FILEXFER_TYPE_DIRECTORY�FILEXFER_TYPE_SYMLINK�FILEXFER_TYPE_SPECIAL�FILEXFER_TYPE_UNKNOWN�FXF_READ� FXF_WRITE� FXF_APPEND� FXF_CREAT� FXF_TRUNC�FXF_EXCL�FXF_TEXTr��r��r��r��r��FX_BAD_MESSAGE�FX_NO_CONNECTION�FX_CONNECTION_LOSTr0��r��FX_NOT_A_DIRECTORY�FX_FILE_IS_A_DIRECTORY�globals�grn��keysr��rO��r��r��r��r��r��r��<module>��s�� s��s0� ��ssh/__pycache__/agent.cpython-310.pyc��0000644��00000023141�15027667726�0013373 0��ustar�00��o ��b,%��@��s��d�Z�ddlZddlmZmZ�ddlmZ�ddlmZm Z m Z �ddlmZm Z �G�dd��de j�ZG�d d ��d e j�ZdZdZd ZdZdZdZdZdZdZdZdZdZdZi�Ze�� !��D�]\Z"Z#e"dd��dkroe"dd��ee#<�q[dS�)z� Implements the SSH v2 key agent protocol. This protocol is documented in the SSH source code, in the file U{PROTOCOL.agent<http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.agent>}. Maintainer: Paul Swartz ��N)� ConchError�MissingKeyStoreError)�keys)�NS�getMP�getNS)�defer�protocolc��@��sb��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd d�Z dd��Z dd��Zdd��Zdd��Z dS�)�SSHAgentClientz� The client side of the SSH agent protocol. This is equivalent to ssh-add(1) and can be used with either ssh-agent(1) or the SSHAgentServer protocol, also in this package. c��C��s��d\|�_�g�\|�_d�S��N��)�buf� deferreds��self��r��9/usr/lib/python3/dist-packages/twisted/conch/ssh/agent.py�__init__��s�� zSSHAgentClient.__init__c��C��s��\|��j�\|7��_� �t\|�j��dkrd�S�t�d\|�j�d�d��d�}t\|�j��d\|�k�r)d�S�\|�j�dd\|��\|�j�d\|�d��}\|�_�t\|dd��}\|�j�d�}\|tkrW\|�t d��n\|t kra\|�d��n\|�\|��q)N��!Lr��z agent failurer��)r ��len�struct�unpack�ordr��pop� AGENT_FAILURE�errbackr�� AGENT_SUCCESS�callback)r��data�packLen�packet�reqType�dr��r��r��dataReceived ��s ��( �zSSHAgentClient.dataReceivedc��C��s>��t��dt\|�d�\|�\|�}\|�j�\|��t��}\|�j�\|��\|S��Nz!LBr��) r��packr�� transport�writer��Deferredr��append)r��r#��r ��r'��r$��r��r��r��sendRequest2��s ��zSSHAgentClient.sendRequestc��C��s��\|��td�}\|�\|�j��\|S�)z� @return: A L{Deferred} which will fire with a list of all keys found in the SSH agent. The list of keys is comprised of (public key blob, comment) tuples. r��)r,��AGENTC_REQUEST_IDENTITIES�addCallback�_cbRequestIdentities)r��r$��r��r��r��requestIdentities9��s��z SSHAgentClient.requestIdentitiesc��C��s��t�\|dd��tkrtdt�\|dd��t�d\|dd��d�}g�}\|dd��}t\|�D�]}t\|�\}}t\|�\}}\|�\|\|f��q.\|S�)z} Unpack a collection of identities into a list of tuples comprised of public key blobs and comments. r��r��zunexpected response: %ir��N)r��AGENT_IDENTITIES_ANSWERr��r��r��ranger��r+��)r��r ��numKeys�result�i�blob�commentr��r��r��r/��C��s��z#SSHAgentClient._cbRequestIdentitiesr��c��C��s��\|}\|t�\|�7�}\|��t\|�S�)zK Add a private key blob to the agent's collection of keys. )r��r,��AGENTC_ADD_IDENTITY)r��r7��r8��reqr��r��r��addIdentityS��s��zSSHAgentClient.addIdentityc��C��s0��t�\|�}\|t�\|�7�}\|d7�}\|��t\|��\|�j�S�)a�� Request that the agent sign the given C{data} with the private key which corresponds to the public key given by C{blob}. The private key should have been added to the agent already. @type blob: L{bytes} @type data: L{bytes} @return: A L{Deferred} which fires with a signature for given data created with the given key. ��)r��r,��AGENTC_SIGN_REQUESTr.��_cbSignData)r��r7��r ��r:��r��r��r��signData[��s��zSSHAgentClient.signDatac��C��sD��t�\|dd��tkrtdt�\|dd��t\|dd��d�}\|S�)Nr��r��zunexpected data: %i)r��AGENT_SIGN_RESPONSEr��r��)r��r �� signaturer��r��r��r>��k��s��zSSHAgentClient._cbSignDatac��C��s��t�\|�}\|��t\|�S�)zp Remove the private key corresponding to the public key in blob from the running agent. )r��r,��AGENTC_REMOVE_IDENTITY)r��r7��r:��r��r��r��removeIdentityq��s��zSSHAgentClient.removeIdentityc��C��s��\|��td�S�)z9 Remove all keys from the running agent. r��)r,��AGENTC_REMOVE_ALL_IDENTITIESr��r��r��r��removeAllIdentitiesy��s��z"SSHAgentClient.removeAllIdentitiesN)r��)�__name__� __module__�__qualname__�__doc__r��r%��r,��r0��r/��r;��r?��r>��rC��rE��r��r��r��r��r ��s�� r ��c��@��sh��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zdd��Zdd��Z dd��ZdS�)�SSHAgentServerz� The server side of the SSH agent protocol. This is equivalent to ssh-agent(1) and can be used with either ssh-add(1) or the SSHAgentClient protocol, also in this package. c��C��s ��d\|�_�d�S�r��)r ��r��r��r��r��r��s�� zSSHAgentServer.__init__c��C��s��\|��j�\|7��_� �t\|�j��dkrd�S�t�d\|�j�d�d��d�}t\|�j��d\|�k�r)d�S�\|�j�dd\|��\|�j�d\|�d��}\|�_�t\|dd��}t�\|d��}\|sT\|��td��n!t \|�d\|��}t \|�j dd��d�u�rm\|��td��t��\|\|dd��q)Nr��r��r��r��r��z agentc_%sr��)r ��r��r��r��r��messages�get�sendResponser��getattr�factoryr��)r��r ��r!��r"��r#��reqName�fr��r��r��r%��s$��(�zSSHAgentServer.dataReceivedc��C��s��t��dt\|�d�\|�\|�}\|�j�\|��d�S�r&��)r��r'��r��r(��r)��)r��r#��r ��r'��r��r��r��rM��s��zSSHAgentServer.sendResponsec��C��sz��\|dksJ��t�\|�jj�}g�}\|�t�d\|��\|�jj��D�]\}}\|�t\|��\|�t\|��q\|�� t d�\|��dS�)zQ Return all of the identities that have been added to the server r��r��N)r��rO��r��r+��r��r'��valuesr��r7��rM��r2��join)r��r ��r4��resp�keyr8��r��r��r��agentc_REQUEST_IDENTITIES��s��z(SSHAgentServer.agentc_REQUEST_IDENTITIESc��C��sb��t�\|�\}}\|\|�jjvr\|��td�S�t�\|�\}}\|dksJ��\|��tt\|�jj\|�d��\|��dS�)z� Data is a structure with a reference to an already added key object and some data that the clients wants signed with that key. If the key object wasn't loaded, return AGENT_FAILURE, else return the signature. r��r<��r��N)r��rO��r��rM��r��r@��r��sign)r��r ��r7��r?��r��r��r��agentc_SIGN_REQUEST��s��z"SSHAgentServer.agentc_SIGN_REQUESTc��C��s��t�\|�\}}\|dkr d}n\|dkrd}nt�d\|��t\|\|�d�}t�\|�\}}tjj\|dd�}\|\|f\|�jj\|��<�\|��t d ��d S�)z� Adds a private key to the agent's collection of identities. On subsequent interactions, the private key can be accessed using only the corresponding public key. s��ssh-rsa��s��ssh-dssr1��zunknown blob type: %s��private_blob��typer��N) r��r��BadKeyErrorr��Key� fromStringrO��r7��rM��r��)r��r ��keyType�rest�nmpr8��kr��r��r��agentc_ADD_IDENTITY��s��z"SSHAgentServer.agentc_ADD_IDENTITYc��C��s:��t�\|�\}}tjj\|dd�}\|�jj\|��=�\|��td��dS�)zR Remove a specific key from the agent's collection of identities. r7��r\��r��N)r��r��r_��r`��rO��r7��rM��r��)r��r ��r7��_rd��r��r��r��agentc_REMOVE_IDENTITY��s��z%SSHAgentServer.agentc_REMOVE_IDENTITYc��C��s$��\|dksJ��i�\|�j�_\|��td��dS�)zL Remove all keys from the agent's collection of identities. r��N)rO��r��rM��r��r��r ��r��r��r��agentc_REMOVE_ALL_IDENTITIES��s��z+SSHAgentServer.agentc_REMOVE_ALL_IDENTITIESc��C��s��\|��tt�dd��dS�)z� v1 message for listing RSA1 keys; superseded by agentc_REQUEST_IDENTITIES, which handles different key types. r��r��N)rM��AGENT_RSA_IDENTITIES_ANSWERr��r'��rh��r��r��r��agentc_REQUEST_RSA_IDENTITIES��s��z,SSHAgentServer.agentc_REQUEST_RSA_IDENTITIESc��C��\|��td��dS�)z� v1 message for removing RSA1 keys; superseded by agentc_REMOVE_IDENTITY, which handles different key types. r��N�rM��r��rh��r��r��r��agentc_REMOVE_RSA_IDENTITY��z)SSHAgentServer.agentc_REMOVE_RSA_IDENTITYc��C��rl��)z� v1 message for removing all RSA1 keys; superseded by agentc_REMOVE_ALL_IDENTITIES, which handles different key types. r��Nrm��rh��r��r��r�� agentc_REMOVE_ALL_RSA_IDENTITIES��ro��z/SSHAgentServer.agentc_REMOVE_ALL_RSA_IDENTITIESN)rF��rG��rH��rI��r��r%��rM��rV��rX��re��rg��ri��rk��rn��rp��r��r��r��r��rJ��s�� rJ��r��r1��rY�� AGENTC_)$rI��r��twisted.conch.errorr��r��twisted.conch.sshr��twisted.conch.ssh.commonr��r��r��twisted.internetr��r ��Protocolr ��rJ��AGENTC_REQUEST_RSA_IDENTITIESrj��r��r��AGENTC_REMOVE_RSA_IDENTITY� AGENTC_REMOVE_ALL_RSA_IDENTITIESr-��r2��r=��r@��r9��rB��rD��rK��locals�copy�items�name�valuer��r��r��r��<module>��s8�� k��ssh/__pycache__/transport.cpython-310.pyc��0000644��00000200755�15027667726�0014341 0��ustar�00��o ��5�@gR:��@��s~��d�Z�ddlZddlZddlZddlZddlmZmZmZm Z m Z �ddlmZ�ddl mZ�ddlmZ�ddlmZ�ddlmZmZmZ�dd lmZmZmZ�dd lmZ�ddlmZm Z m!Z!�ddl"m#Z#m$Z$m%Z%m&Z&m'Z'�dd l(m)Z)mZ�ddl+m,Z,�ddl-m.Z.�ddl/m0Z0m1Z1�dd��Z2G�dd��de3�Z4G�dd��d�Z5dd��Z6G�dd��dej7�Z8G�dd��de8�Z9G�dd��de8�Z:G�dd ��d �Z;G�d!d"��d"�Z<G�d#d$��d$�Z=e�>d%�\Z?Z@d&ZAd'ZBd(ZCd)ZDdZEd+ZFd,ZGd-ZHd.ZId/ZJd0ZKd/ZLd1ZMd0ZNd2ZOd3ZPd&ZQd'ZRd(ZSd)ZTdZUd+ZVd,ZWd4ZXd5ZYd6ZZd7Z[d8Z\d9Z]d:Z^d;Z_i�Z`eaeb��c��D�]\ZdZeed�fd<��r-ed�fd=��s-ede`ee<��qd>e`v��s9d?e`v��r=egd@��dS�)Az� The lowest level SSH protocol. This handles the key negotiation, the encryption and the compression. The transport layer is described in RFC 4253. Maintainer: Paul Swartz ��N)�md5�sha1�sha256�sha384�sha512)�Dict)�UnsupportedAlgorithm)�default_backend)� serialization)�dh�ec�x25519)�Cipher� algorithms�modes)�__version__)�_kex�address�keys)�MP�NS�ffs�getMP�getNS)�defer�protocol)�Logger)� randbytes)� iterbytes� networkStringc��C��s��t�t�\|�d��S�)a��Make an SSH multiple-precision integer from big-endian L{bytes}. Used in ECDH key exchange. @type data: L{bytes} @param data: The input data, interpreted as a big-endian octet string. @rtype: L{bytes} @return: The given data encoded as an SSH multiple-precision integer. �big)r��int� from_bytes)�data��r$��=/usr/lib/python3/dist-packages/twisted/conch/ssh/transport.py�_mpFromBytes'��s��r&��c��@��s��e�Zd�ZdZdS�)� _MACParamsaP�� L{_MACParams} represents the parameters necessary to compute SSH MAC (Message Authenticate Codes). L{_MACParams} is a L{tuple} subclass to maintain compatibility with older versions of the code. The elements of a L{_MACParams} are:: 0. The digest object used for the MAC 1. The inner pad ("ipad") string 2. The outer pad ("opad") string 3. The size of the digest produced by the digest object L{_MACParams} is also an object lesson in why tuples are a bad type for public APIs. @ivar key: The HMAC key which will be used. N)�__name__� __module__�__qualname__�__doc__r$��r$��r$��r%��r'��5��s��r'��c��@��s��e�Zd�ZdZejdejfejdejfej dejfej dejfej dejfej dejfej dejfej dejfej dejfejdejfejdejfej dejfddejfd� Ze eeeedd�Zd d ��Zdd��Zd d��Zdd��Zdd��Zdd��Zdd��Zdd��ZdS�)� SSHCiphersa�� SSHCiphers represents all the encryption operations that need to occur to encrypt and authenticate the SSH connection. @cvar cipherMap: A dictionary mapping SSH encryption names to 3-tuples of (<cryptography.hazmat.primitives.interfaces.CipherAlgorithm>, <block size>, <cryptography.hazmat.primitives.interfaces.Mode>) @cvar macMap: A dictionary mapping SSH MAC names to hash modules. @ivar outCipType: the string type of the outgoing cipher. @ivar inCipType: the string type of the incoming cipher. @ivar outMACType: the string type of the incoming MAC. @ivar inMACType: the string type of the incoming MAC. @ivar encBlockSize: the block size of the outgoing cipher. @ivar decBlockSize: the block size of the incoming cipher. @ivar verifyDigestSize: the size of the incoming MAC. @ivar outMAC: a tuple of (<hash module>, <inner key>, <outer key>, <digest size>) representing the outgoing MAC. @ivar inMAc: see outMAC, but for the incoming MAC. �� Nr��) ��3des-cbc��blowfish-cbc� ��aes256-cbc� ��aes192-cbc� ��aes128-cbc��cast128-cbc� ��aes128-ctr� ��aes192-ctr� ��aes256-ctr��3des-ctr��blowfish-ctr��cast128-ctr��none)� ��hmac-sha2-512� ��hmac-sha2-384� ��hmac-sha2-256� ��hmac-sha1��hmac-md5r<��c��C��s:��\|\|�_�\|\|�_\|\|�_\|\|�_d\|�_d\|�_d\|�_d\|�_d\|�_d�S�)Nr��N��rC��r��) � outCipType� inCipType� outMACType� inMACType�encBlockSize�decBlockSize�verifyDigestSize�outMAC�inMAC)�self�outCip�inCip�outMac�inMacr$��r$��r%��__init__w��s�� zSSHCiphers.__init__c��C��s��\|��\|�j\|\|�}\|��\|�_\|jjd�\|�_\|��\|�j\|\|�}\|��\|�_\|jjd�\|�_\|�� \|�j \|�\|�_\|�� \|�j\|�\|�_ \|�j rC\|�j d�\|�_dS�dS�)a�� Set up the ciphers and hashes using the given keys, @param outIV: the outgoing initialization vector @param outKey: the outgoing encryption key @param inIV: the incoming initialization vector @param inKey: the incoming encryption key @param outInteg: the outgoing integrity key @param inInteg: the incoming integrity key. ��N)� _getCipherrD�� encryptor� algorithm� block_sizerH��rE�� decryptorrI��_getMACrF��rK��rG��rL��rJ��)rM��outIV�outKey�inIV�inKey�outInteg�inInteg�or$��r$��r%��setKeys��s�� zSSHCiphers.setKeysc��C��sL��\|�j�\|�\}}}\|du�rt��S�t\|\|d\|��\|\|d\|jd��t��d�S�)z� Creates an initialized cipher object. @param cip: the name of the cipher, maps into cipherMap @param iv: the initialzation vector @param key: the encryption key @return: the cipher object. NrS��backend)� cipherMap�_DummyCipherr��rX��r ��)rM��cip�iv�key�algorithmClass�keySize� modeClassr$��r$��r%��rU��s�� zSSHCiphers._getCipherc�� C��sn��\|�j�\|�}\|s dS�\|��}\|j}\|j}\|d\|��d\|\|��}\|�tj�}\|�tj�}t\|\|\|\|f�} \|\| _\| S�)am�� Gets a 4-tuple representing the message authentication code. (<hash module>, <inner hash value>, <outer hash value>, <digest size>) @type mac: L{bytes} @param mac: a key mapping into macMap @type key: L{bytes} @param key: the MAC key. @rtype: L{bytes} @return: The MAC components. rB��N��) �macMap�digest_sizerX�� translate�hmac�trans_36�trans_5Cr'��ri��) rM��macri��mod� hashObject� digestSize� blockSize�ira��resultr$��r$��r%��rZ��s�� zSSHCiphers._getMACc��C��\|�j��\|�S�)z� Encrypt some data. @type blocks: L{bytes} @param blocks: The data to encrypt. @rtype: L{bytes} @return: The encrypted data. )rV��update�rM��blocksr$��r$��r%��encrypt�� zSSHCiphers.encryptc��C��r{��)z� Decrypt some data. @type blocks: L{bytes} @param blocks: The data to decrypt. @rtype: L{bytes} @return: The decrypted data. )rY��r\|��r}��r$��r$��r%��decrypt��r��zSSHCiphers.decryptc��C��s:��\|�j�d�sdS�t�d\|�\|�}t�\|�j�j\|\|�j�d��S�)aa�� Create a message authentication code (MAC) for the given packet using the outgoing MAC values. @type seqid: L{int} @param seqid: The sequence ID of the outgoing packet. @type data: L{bytes} @param data: The data to create a MAC for. @rtype: L{str} @return: The serialized MAC. r��rC��>L)rK��struct�packrq��HMACri��digest)rM��seqidr#��r$��r$��r%��makeMAC��s�� zSSHCiphers.makeMACc��C��sJ��\|�j�d�s \|dkS�t�d\|�\|�}t�\|�j�j\|\|�j�d��}t�\|\|�S�)a�� Verify an incoming MAC using the incoming MAC values. @type seqid: L{int} @param seqid: The sequence ID of the incoming packet. @type data: L{bytes} @param data: The packet data to verify. @type mac: L{bytes} @param mac: The MAC sent with the packet. @rtype: L{bool} @return: C{True} if the MAC is valid. r��rC��r��)rL��r��r��rq��r��ri��r��compare_digest)rM��r��r#��rt��outerr$��r$��r%��verify��s �� zSSHCiphers.verify)r(��r)��r��r+��r�� TripleDESr��CBC�Blowfish�AES�CAST5�CTRre��r��r��r��r��r��rn��rR��rb��rU��rZ��r��r��r��r��r$��r$��r$��r%��r,��I��s>�� "r,��c�� C��sv��g�}�g�d�}\|D�]0}t�j\|�\}}}zt\|d\|��\|d\|jd��t��d��W�n �ty2��Y�qw�\|��\|��q\|�S�)z� Build a list of ciphers that are supported by the backend in use. @return: a list of supported ciphers. @rtype: L{list} of L{str} )r8��r2��r7��r3��r6��r4��r;��r5��r:��r1��r9��r0�� rS��rc��)r,��re��r��rX��r ��rV��r��append)�supportedCiphers�cs�cipherrj��rk��rl��r$��r$��r%��_getSupportedCiphers��s �� r��c��@��s^��e�Zd�ZU�dZe��ZdZde�d��Z dZ de�d�e �d�e ��Ze ��Zg�d �Ze��Zg�ZeD�]Ze�d �dkrDee�d d�g7�Zq2ed dg7�Ze��rUe�d��ddgZdZdZdZdZdZdZ dZ!dZ"dZ#dZ$dZ%dZ&dZ'dZ(e&Z)dZdZ+dZ,dZ-i�Z.e/e0e0f�e1d<�dd��Z2dd ��Z3d!d"��Z4d#d$��Z5d%d&��Z6d'd(��Z7d)d��Z8d+d,��Z9d-d.��Z:d/d0��Z;d1d2��Z<e=d3d4��Z>e>j?d5d4��Z>d6d7��Z@d8d9��ZAd:d;��ZBd<d=��ZCd>d?��ZDd@dA��ZEdBdC��ZFdkdDdE�ZGdFdG��ZHdHdI��ZIdJdK��ZJdLdM��ZKdNdO��ZLdPdQ��ZMdRdS��ZNdTdU��ZOdVdW��ZPdldYdZ�ZQdld[d\�ZRd]d^��ZSd_d`��ZTdadb��ZUdcdd��ZVdedf��ZWdgdh��ZXdidj��ZYdS�)m�SSHTransportBasea�� Protocol supporting basic SSH functionality: sending/receiving packets and message dispatch. To connect to or run a server, you must use SSHClientTransport or SSHServerTransport. @ivar protocolVersion: A string representing the version of the SSH protocol we support. Currently defaults to '2.0'. @ivar version: A string representing the version of the server or client. Currently defaults to 'Twisted'. @ivar comment: An optional string giving more information about the server or client. @ivar supportedCiphers: A list of strings representing the encryption algorithms supported, in order from most-preferred to least. @ivar supportedMACs: A list of strings representing the message authentication codes (hashes) supported, in order from most-preferred to least. Both this and supportedCiphers can include 'none' to use no encryption or authentication, but that must be done manually, @ivar supportedKeyExchanges: A list of strings representing the key exchanges supported, in order from most-preferred to least. @ivar supportedPublicKeys: A list of strings representing the public key types supported, in order from most-preferred to least. @ivar supportedCompressions: A list of strings representing compression types supported, from most-preferred to least. @ivar supportedLanguages: A list of strings representing languages supported, from most-preferred to least. @ivar supportedVersions: A container of strings representing supported ssh protocol version numbers. @ivar isClient: A boolean indicating whether this is a client or server. @ivar gotVersion: A boolean indicating whether we have received the version string from the other side. @ivar buf: Data we've received but hasn't been parsed into a packet. @ivar outgoingPacketSequence: the sequence number of the next packet we will send. @ivar incomingPacketSequence: the sequence number of the next packet we are expecting from the other side. @ivar outgoingCompression: an object supporting the .compress(str) and .flush() methods, or None if there is no outgoing compression. Used to compress outgoing data. @ivar outgoingCompressionType: A string representing the outgoing compression type. @ivar incomingCompression: an object supporting the .decompress(str) method, or None if there is no incoming compression. Used to decompress incoming data. @ivar incomingCompressionType: A string representing the incoming compression type. @ivar ourVersionString: the version string that we sent to the other side. Used in the key exchange. @ivar otherVersionString: the version string sent by the other side. Used in the key exchange. @ivar ourKexInitPayload: the MSG_KEXINIT payload we sent. Used in the key exchange. @ivar otherKexInitPayload: the MSG_KEXINIT payload we received. Used in the key exchange @ivar sessionID: a string that is unique to this SSH session. Created as part of the key exchange, sessionID is used to generate the various encryption and authentication keys. @ivar service: an SSHService instance, or None. If it's set to an object, it's the currently running service. @ivar kexAlg: the agreed-upon key exchange algorithm. @ivar keyAlg: the agreed-upon public key type for the key exchange. @ivar currentEncryptions: an SSHCiphers instance. It represents the current encryption and authentication options for the transport. @ivar nextEncryptions: an SSHCiphers instance. Held here until the MSG_NEWKEYS messages are exchanged, when nextEncryptions is transitioned to currentEncryptions. @ivar first: the first bytes of the next packet. In order to avoid decrypting data twice, the first bytes are decrypted and stored until the whole packet is available. @ivar _keyExchangeState: The current protocol state with respect to key exchange. This is either C{_KEY_EXCHANGE_NONE} if no key exchange is in progress (and returns to this value after any key exchange completqes), C{_KEY_EXCHANGE_REQUESTED} if this side of the connection initiated a key exchange, and C{_KEY_EXCHANGE_PROGRESSING} if the other side of the connection initiated a key exchange. C{_KEY_EXCHANGE_NONE} is the initial value (however SSH connections begin with key exchange, so it will quickly change to another state). @ivar _blockedByKeyExchange: Whenever C{_keyExchangeState} is not C{_KEY_EXCHANGE_NONE}, this is a C{list} of pending messages which were passed to L{sendPacket} but could not be sent because it is not legal to send them while a key exchange is in progress. When the key exchange completes, another attempt is made to send these messages. @ivar _peerSupportsExtensions: a boolean indicating whether the other side of the connection supports RFC 8308 extension negotiation. @ivar peerExtensions: a dict of extensions supported by the other side of the connection. ��2.0s��Twisted_�asciirC��SSH-��-r��)r=��r>��r?��r@��rA��s��ecdh��ecdsas��ssh-rsas��ssh-dsss��ssh-ed25519r<��zlibr$��)s��1.99r��Fr��N�_KEY_EXCHANGE_NONE�_KEY_EXCHANGE_REQUESTED�_KEY_EXCHANGE_PROGRESSINGs ��ext-info-cs ��ext-info-s�peerExtensionsc��C��s2��\|�j�r\|�j��t\|�d�r\|��\|�j�d��dS�)a�� When the underlying connection is closed, stop the running service (if any), and log out the avatar (if any). @type reason: L{twisted.python.failure.Failure} @param reason: The cause of the connection being closed. �avatarzconnection lostN)�service�serviceStopped�hasattr�logoutFunction�_log�info)rM��reasonr$��r$��r%��connectionLost��s �� zSSHTransportBase.connectionLostc��C��sD��\|�j��\|�jd��tdddd�\|�_\|�j�dddddd��\|��dS�)z� Called when the connection is made to the other side. We sent our version and the MSG_KEXINIT packet. s�� r<��rC��N)� transport�write�ourVersionStringr,��currentEncryptionsrb��sendKexInit�rM��r$��r$��r%��connectionMade��s��zSSHTransportBase.connectionMadec��C��s��\|�j�\|�jkrtd\|�j�f��t\|�j�}\|�\|�jr\|�jn\|�j��d� t tf�t� d�td� \|��td� \|�j��td� \|�j��td� \|�j��td� \|�j��td� \|�j��td� \|�j��td� \|�j��td� \|�j��td� \|�j��dg �\|�_\|��t\|�jdd��\|�j\|�_�g�\|�_dS�)a7�� Send a I{KEXINIT} message to initiate key exchange or to respond to a key exchange initiated by the peer. @raise RuntimeError: If a key exchange has already been started and it is not appropriate to send a I{KEXINIT} message at this time. @return: L{None} z2Cannot send KEXINIT while key exchange state is %rrC��r.��,s��N)�_keyExchangeStater��RuntimeError�list�supportedKeyExchangesr��isClient�_EXT_INFO_C�_EXT_INFO_S�join�bytes�MSG_KEXINITr��secureRandomr��supportedPublicKeysr�� supportedMACs�supportedCompressions�supportedLanguages�ourKexInitPayload� sendPacketr��_blockedByKeyExchange)rM��r��r$��r$��r%��r��s:�� zSSHTransportBase.sendKexInitc��C��s`��d\|��kr dkrn�n\|t�ttfvS�d\|��krdkr$n�n\|tfvS�d\|��ko-dkS��S�)a�� Determine if the given message type may be sent while key exchange is in progress. @param messageType: The type of message @type messageType: L{int} @return: C{True} if the given type of message may be sent while key exchange is in progress, C{False} if it may not. @rtype: L{bool} @see: U{http://tools.ietf.org/html/rfc4253#section-7.1} r��1��)�MSG_SERVICE_REQUEST�MSG_SERVICE_ACCEPT�MSG_EXT_INFOr��)rM��messageTyper$��r$��r%��_allowedKeyExchangeMessageTypeD��s�� z/SSHTransportBase._allowedKeyExchangeMessageTypec��C��s��\|�j�\|�jkr\|��\|�s\|�j�\|\|f��dS�t\|f�\|�}\|�jr+\|�j�\|�\|�j�d��}\|�j j }dt\|��}\|\|\|��}\|dk�rC\|\|�}t� d\|\|�d�\|�\|�t�\|��}\|�j �\|�\|�j �\|�j\|��}\|�j�\|��\|��jd7��_dS�)a�� Sends a packet. If it's been set up, compress the data, encrypt it, and authenticate it before sending. If key exchange is in progress and the message is not part of key exchange, queue it to be sent later. @param messageType: The type of the packet; generally one of the MSG_ values. @type messageType: L{int} @param payload: The payload for the message. @type payload: L{str} N��!LBr��)r��r��r��r��r��r��outgoingCompression�compress�flushr��rH��lenr��r��r��r��r��r��outgoingPacketSequencer��r��)rM��r��payload�bs� totalSize�lenPad�packet� encPacketr$��r$��r%��r��^��s:�� zSSHTransportBase.sendPacketc�� C��s��\|�j�j}\|�j�j}t\|�j�\|k�rdS�t\|�d�s"\|�j��\|�jd\|��}n\|�j}\|�`t� d\|dd��\}}\|dkrD\|�� ttd\|��dS�t\|�j�\|d�\|�k�rT\|\|�_dS�\|d�\|�dkrq\|�� ttd \|d�\|\|d�\|�f��dS�\|�jdd\|��\|�jd\|�d��}\|�_\|\|�j��\|\|d��}t\|�d\|�kr�\|�� td ��dS�\|r�\|�jd\|��\|�j\|d��}\|�_\|�j�� \|�j\|\|�s�\|�� td��dS�\|d\|��} \|�jr�z\|�j�\| �} W�n�ty��\|�j�d��\|�� td ��Y�dS�w�\|��jd7��_\| S�)z� Try to return a decrypted, authenticated, and decompressed packet out of the buffer. If there is not enough data, return None. @rtype: L{str} or L{None} @return: The decoded packet, if any. N�firstr��r��i��zbad packet length r��r��zbad packet mod (%i%%%i == %i)s��bad decryptions��bad MACzError decompressing payloads��compression errorr��)r��rI��rJ��r��bufr��r��r��r��unpack�sendDisconnect�DISCONNECT_PROTOCOL_ERRORr��r��incomingPacketSequence�DISCONNECT_MAC_ERROR�incomingCompression� decompress� Exceptionr��failure�DISCONNECT_COMPRESSION_ERROR) rM��r��msr�� packetLen� paddingLen�encDatar��macDatar��r$��r$��r%�� getPacket��sf�� ( ��zSSHTransportBase.getPacketc��C��s��\|��td\|��dS�)z� Called when an unsupported version of the ssh protocol is received from the remote endpoint. @param remoteVersion: remote ssh protocol version which is unsupported by us. @type remoteVersion: L{str} s��bad version N)r��)DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED)rM�� remoteVersionr$��r$��r%��_unsupportedVersionReceived��s�� z,SSHTransportBase._unsupportedVersionReceivedc��C��s��\|�j�\|�\|�_�\|�jset\|�j��dkr\|��td��dS�\|�j��d\|�j��d��dkr'dS�\|�j��d�}\|D�]5}\|�d�rdd\|�_\|�d�\|�_ \|�d �d �}\|\|�j vrS\|��\|��dS�\|�\|�}d� \|\|d �d��\|�_�q/\|��}\|r�t\|dd ��}\|��\|\|d d��\|��}\|skdS�dS�)a�� First, check for the version string (SSH-2.0-). After that has been received, this method adds data to the buffer, and pulls out any packets. @type data: L{bytes} @param data: The data that was received. i��sK��Peer version string longer than 4KB. Preventing a denial of service attack.N�� r��r��T�� r��r��r��)r�� gotVersionr��r��DISCONNECT_CONNECTION_LOST�find�split� startswith�rstrip�otherVersionString�supportedVersionsr��indexr��r��ord�dispatchMessage)rM��r#��lines�pr��ry��r�� messageNumr$��r$��r%��dataReceived��s8�� zSSHTransportBase.dataReceivedc��C��s��\|dk�r2\|t�v�r2t�\|�dd��}t\|�d\|��d�}\|dur#\|\|��dS�\|�jjd\|\|d��\|��dS�\|�jr>\|�j�\|\|��dS�\|�jjd\|\|d��\|��dS�) z� Send a received message to the appropriate method. @type messageNum: L{int} @param messageNum: The message number. @type payload: L{bytes} @param payload: The message payload. �2��r��N�ssh_zcouldn't handle {messageType}: {payload!r})r��r��z)couldn't handle {messageNum}: {payload!r})r��r��)�messages�getattrr��debug�sendUnimplementedr��packetReceived)rM��r��r��r��fr$��r$��r%��r��s&�� z SSHTransportBase.dispatchMessagec��C��t��\|�j��S�)z� Returns an L{SSHTransportAddress} corresponding to the other (peer) side of this transport. @return: L{SSHTransportAddress} for the peer @rtype: L{SSHTransportAddress} @since: 12.1 )r��SSHTransportAddressr��getPeerr��r$��r$��r%��r�� zSSHTransportBase.getPeerc��C��r��)z� Returns an L{SSHTransportAddress} corresponding to the this side of transport. @return: L{SSHTransportAddress} for the peer @rtype: L{SSHTransportAddress} @since: 12.1 )r��r��r��getHostr��r$��r$��r%��r��)��r��zSSHTransportBase.getHostc��C��s��\|�j�S�)zS The key exchange algorithm name agreed between client and server. ��_kexAlgr��r$��r$��r%��kexAlg4��zSSHTransportBase.kexAlgc��C��s ��\|\|�_�dS�)z6 Set the key exchange algorithm name. Nr��)rM��valuer$��r$��r%��r��;��s�� c�� C��sd��t�tf�\|�\|�_t\|dd��d�}\|dd��\|d�}}dd��\|D��\ }}}}} } }}} }\|\| \|g}\|\| \|g}\|�jr?\|\|}}\|�j\|�j\|�j\|�j\|�j\|�j\|�j \|�j f}\|\|\|d�\|d�\|d�\|d�\|d �\|d �f}\|�jro\|\|}}t \|d�\|d��\|�_t \|d�\|d��\|�_t t \|d �\|d ��t \|d �\|d ��t \|d�\|d��t \|d�\|d��\|�_t \|d �\|d ��\|�_t \|d�\|d��\|�_d\|�j\|�j\|�j\|�jfv�s�\|�j\|�j\|�jfv�r�\|��td��dS�d\|�jj��v�r�\|��td��dS�\|�jr�\|�jn\|�j\|v�\|�_\|�jjd\|�j\|�jd��\|�jjd\|�jj\|�jj\|�jd��\|�jjd\|�jj\|�jj\|�jd��\|�j\|�jk�r)\|�j \|�_n\|��!��\|\|\|fS�)a�� Called when we receive a MSG_KEXINIT message. Payload:: bytes[16] cookie string keyExchangeAlgorithms string keyAlgorithms string incomingEncryptions string outgoingEncryptions string incomingAuthentications string outgoingAuthentications string incomingCompressions string outgoingCompressions string incomingLanguages string outgoingLanguages bool firstPacketFollows unit32 0 (reserved) Starts setting up the key exchange, keys, encryptions, and authentications. Extended by ssh_KEXINIT in SSHServerTransport and SSHClientTransport. @type packet: L{bytes} @param packet: The message data. @return: A L{tuple} of negotiated key exchange algorithms, key algorithms, and unhandled data, or L{None} if something went wrong. r.��N� ��r��c��s��s��\|�]}\|��d��V��qdS�)r��N)r��)�.0�sr$��r$��r%�� <genexpr>{��s��z/SSHTransportBase.ssh_KEXINIT.<locals>.<genexpr>r��r��r��rT��r��r��s��couldn't match all kex partsz%kex alg={kexAlg!r} key alg={keyAlg!r})r��keyAlgz)outgoing: {cip!r} {mac!r} {compression!r})rg��rt��compressionz)incoming: {cip!r} {mac!r} {compression!r})"r��r��otherKexInitPayloadr��r��r��r��r��r��r��r��r��r��r,��nextEncryptions�outgoingCompressionType�incomingCompressionTyper��r��r��DISCONNECT_KEY_EXCHANGE_FAILED�__dict__�values�_peerSupportsExtensionsr��r��rD��rF��rE��rG��r��r��r��r��)rM��r��k�strings�rest�kexAlgs�keyAlgs�encCS�encSC�macCS�macSC�compCS�compSC�langCS�langSC�outs�ins�server�clientr$��r$��r%��ssh_KEXINITP��s�� , �� zSSHTransportBase.ssh_KEXINITc��C��sF��t��d\|dd��d�}t\|dd��\}}\|��\|\|��\|�j��dS�)a<�� Called when we receive a MSG_DISCONNECT message. Payload:: long code string description This means that the other side has disconnected. Pass the message up and disconnect ourselves. @type packet: L{bytes} @param packet: The message data. r��Nr��r��)r��r��r��receiveErrorr��loseConnection)rM��r�� reasonCode�description�foor$��r$��r%��ssh_DISCONNECT��s��zSSHTransportBase.ssh_DISCONNECTc��C��s��dS�)z� Called when we receive a MSG_IGNORE message. No payload. This means nothing; we simply return. @type packet: L{bytes} @param packet: The message data. Nr$��rM��r��r$��r$��r%�� ssh_IGNORE��s��zSSHTransportBase.ssh_IGNOREc��C��s��t��d\|�\}\|��\|��dS�)z� Called when we receive a MSG_UNIMPLEMENTED message. Payload:: long packet This means that the other side did not implement one of our packets. @type packet: L{bytes} @param packet: The message data. r��N)r��r��receiveUnimplemented)rM��r��seqnumr$��r$��r%��ssh_UNIMPLEMENTED��s�� z"SSHTransportBase.ssh_UNIMPLEMENTEDc��C��s>��t�t\|dd��}t\|dd��d�\}}}\|��\|\|\|��dS�)a0�� Called when we receive a MSG_DEBUG message. Payload:: bool alwaysDisplay string message string language This means the other side has passed along some debugging info. @type packet: L{bytes} @param packet: The message data. r��r��Nr��)�boolr��r��receiveDebug)rM��r�� alwaysDisplay�message�langr?��r$��r$��r%�� ssh_DEBUG��s��zSSHTransportBase.ssh_DEBUGc��C��sV��t��d\|dd��\}\|dd��}i�}t\|�D�]}t\|d�\}}}\|\|\|<�q\|\|�_dS�)aD�� Called when we get a MSG_EXT_INFO message. Payload:: uint32 nr-extensions repeat the following 2 fields "nr-extensions" times: string extension-name string extension-value (binary) @type packet: L{bytes} @param packet: The message data. r��Nr��r��)r��r��ranger��r��)rM��r�� numExtensions� extensions�_�extName�extValuer$��r$��r%��ssh_EXT_INFO��s�� zSSHTransportBase.ssh_EXT_INFOc��C��s<��\|�j�jd\|jd��\|�jr\|�j��\|\|�_\|�\|_\|�j��dS�)z� Set our service to service and start it running. If we were running a service previously, stop it first. @type service: C{SSHService} @param service: The service to attach. zstarting service {service!r})r��N)r��r��namer��r��r��serviceStarted)rM��r��r$��r$��r%�� setService��s�� zSSHTransportBase.setServicec��C��s(��\|��t\|rdndt\|��t\|��dS�)a�� Send a debug message to the other side. @param message: the message to send. @type message: L{str} @param alwaysDisplay: if True, tell the other side to always display this message. @type alwaysDisplay: L{bool} @param language: optionally, the language the message is in. @type language: L{str} ��rm��N)r�� MSG_DEBUGr��)rM��rI��rH��languager$��r$��r%�� sendDebug#��s��zSSHTransportBase.sendDebugc��C��s��\|��tt\|��dS�)a�� Send a message that will be ignored by the other side. This is useful to fool attacks based on guessing packet sizes in the encrypted stream. @param message: data to send with the message @type message: L{str} N)r�� MSG_IGNOREr��)rM��rI��r$��r$��r%�� sendIgnore3��s�� zSSHTransportBase.sendIgnorec��C��s��\|�j�}\|��tt�d\|��dS�)zc Send a message to the other side that the last packet was not understood. z!LN)r��r��MSG_UNIMPLEMENTEDr��r��rM��rD��r$��r$��r%��r��>��s��z"SSHTransportBase.sendUnimplementedc��C��sD��\|��tt�d\|�t\|��td��\|�jjd\|\|d��\|�j��dS�)aJ�� Send a disconnect message to the other side and then disconnect. @param reason: the reason for the disconnect. Should be one of the DISCONNECT_* values. @type reason: L{int} @param desc: a descrption of the reason for the disconnection. @type desc: L{str} r��rC��z;Disconnecting with error, code {code} reason: {description}��coder>��N) r��MSG_DISCONNECTr��r��r��r��r��r��r<��)rM��r��descr$��r$��r%��r��F��s��$ �zSSHTransportBase.sendDisconnectc��C��s@��\|�j�rd�t�dt\|��gdd��\|D��}\|��t\|��dS�dS�)a�� Send an RFC 8308 extension advertisement to the remote peer. Nothing is sent if the peer doesn't support negotiations. @type extensions: L{list} of (L{bytes}, L{bytes}) @param extensions: a list of (extension-name, extension-value) pairs. rC��r��c��S��s ��g�\|�]\}}t�\|�t�\|��qS�r$��)r��)r��rS��r��r$��r$��r%�� <listcomp>c��s�� z0SSHTransportBase.sendExtInfo.<locals>.<listcomp>N)r(��r��r��r��r��r��r��)rM��rN��r��r$��r$��r%��sendExtInfoX��s��zSSHTransportBase.sendExtInfoc��C��sD��t��\|�j\|�j�}\|�t��}\|��\|�_\|�j�� j }t\|�\|�_dS�)z� Prepares for a Diffie-Hellman key agreement exchange. Creates an ephemeral keypair in the group defined by (self.g, self.p) and stores it. N) r��DHParameterNumbersr��g� parametersr ��generate_private_key�dhSecretKey� public_key�public_numbers�yr��dhSecretKeyPublicMP)rM��numbersrf��rk��r$��r$��r%��_startEphemeralDHg��s �� z"SSHTransportBase._startEphemeralDHc��C��s��t��\|t��\|�j\|�j��t��}\|�j�\|�}\|�`\|� d�}t \|dd��}\|d@�r9t�dt \|�d��d�}\|\|�S�t�dt \|��}\|\|�S�)a�� Completes the Diffie-Hellman key agreement started by _startEphemeralDH, and forgets the ephemeral secret key. @type remoteDHpublicKey: L{int} @rtype: L{bytes} @return: The new shared secret, in SSH C{mpint} format. rm��r��r��r��)r��DHPublicNumbersrd��r��re��ri��r ��rh��exchange�lstripr��r��r��r��)rM��remoteDHpublicKey� remoteKey�secret�ch�prefixr$��r$��r%��_finishEphemeralDHu��s�� z#SSHTransportBase._finishEphemeralDHc�� C��s��t��\|�j�}\|\|\|�\|�\|�j��}\|��}\|\|\|�\|��}\|\|\|�\|�\|��}\|\|\|�\|�\|�\|��}\|\|�\|�\|�S�)a�� Get one of the keys for authentication/encryption. @type c: L{bytes} @param c: The letter identifying which key this is. @type sharedSecret: L{bytes} @param sharedSecret: The shared secret K. @type exchangeHash: L{bytes} @param exchangeHash: The hash H from key exchange. @rtype: L{bytes} @return: The derived key. )r��getHashProcessorr�� sessionIDr��) rM��c�sharedSecret�exchangeHash� hashProcessor�k1�k2�k3�k4r$��r$��r%��_getKey��s��zSSHTransportBase._getKeyc�� C��s��\|�j�s\|\|�_�\|��d\|\|�}\|��d\|\|�}\|��d\|\|�}\|��d\|\|�}\|��d\|\|�}\|��d\|\|�}\|\|\|g} \|\|\|g} \|�jrB\| \| } } \|�j�\| d�\| d�\| d�\| d�\| d �\| d ��\|��td ��dS�)a�� Set up the keys for the connection and sends MSG_NEWKEYS when finished, @param sharedSecret: a secret string agreed upon using a Diffie- Hellman exchange, so it is only shared between the server and the client. @type sharedSecret: L{str} @param exchangeHash: A hash of various data known by both sides. @type exchangeHash: L{str} ��A��B��C��D��E��Fr��r��r��rC��N)rz��r��r��r"��rb��r��MSG_NEWKEYS)rM��r\|��r}��initIVCS�initIVSC�encKeyCS�encKeySC� integKeyCS� integKeySCr6��r7��r$��r$��r%�� _keySetup��s�� .zSSHTransportBase._keySetupc��C��sp��\|�j��d��\|�j\|�_\|�jdkrt�d�\|�_\|�jdkrt� ��\|�_ \|�j\|�_\|�j }d\|�_ \|D�] \}}\|��\|\|��q+dS�)a�� Called back by a subclass once a I{MSG_NEWKEYS} message has been received. This indicates key exchange has completed and new encryption and compression parameters should be adopted. Any messages which were queued during key exchange will also be flushed. zNEW KEYSr��r��N)r��r��r"��r��r#��zlib�compressobjr��r$�� decompressobjr��r��r��r��r��)rM��r ��r��r��r$��r$��r%��_newKeys��s�� zSSHTransportBase._newKeys�outc��C��L��\|dkr \|�j�jdkS�\|dkr\|�j�jdkS�\|dkr"\|��d�o!\|��d�S�td��)z� Check if the connection is encrypted in the given direction. @type direction: L{str} @param direction: The direction: one of 'out', 'in', or 'both'. @rtype: L{bool} @return: C{True} if it is encrypted. r��r<��in�both�(direction must be "out", "in", or "both")r��rD��rE��isEncrypted� TypeError�rM�� directionr$��r$��r%��r�� zSSHTransportBase.isEncryptedc��C��r��)a �� Check if the connection is verified/authentication in the given direction. @type direction: L{str} @param direction: The direction: one of 'out', 'in', or 'both'. @rtype: L{bool} @return: C{True} if it is verified. r��r<��r��r��r��)r��rF��rG�� isVerifiedr��r��r$��r$��r%��r��r��zSSHTransportBase.isVerifiedc��C��s��\|��td��dS�)zn Lose the connection to the other side, sending a DISCONNECT_CONNECTION_LOST message. s��user closed connectionN)r��r��r��r$��r$��r%��r<��s��zSSHTransportBase.loseConnectionc��C��s��\|�j�jd\|\|d��dS�)a�� Called when we receive a disconnect error message from the other side. @param reasonCode: the reason for the disconnect, one of the DISCONNECT_ values. @type reasonCode: L{int} @param description: a human-readable description of the disconnection. @type description: L{str} z3Got remote error, code {code} reason: {description}r^��N)r��error)rM��r=��r>��r$��r$��r%��r;�� s �� zSSHTransportBase.receiveErrorc��C��s��\|�j�jd\|d��dS�)z� Called when we receive an unimplemented packet message from the other side. @param seqnum: the sequence number that was not understood. @type seqnum: L{int} z)other side unimplemented packet #{seqnum})rD��N)r��warnr]��r$��r$��r%��rC��s��z%SSHTransportBase.receiveUnimplementedc��C��s��\|r\|�j�jd\|d��dS�dS�)a�� Called when we receive a debug message from the other side. @param alwaysDisplay: if True, this message should always be displayed. @type alwaysDisplay: L{bool} @param message: the debug message @type message: L{str} @param lang: optionally the language the message is in. @type lang: L{str} zRemote Debug Message: {message})rI��N)r��r��)rM��rH��rI��rJ��r$��r$��r%��rG��%��s��zSSHTransportBase.receiveDebugc��C��sr��\|�j��d�r'ztjd\|�j�dd��}W�n�ty��td��w�t�\|t��S�\|�j�dv�r1t j ��S�td�\|�j��)a>�� Generate an private key for ECDH key exchange. @rtype: The appropriate private key type matching C{self.kexAlg}: L{ec.EllipticCurvePrivateKey} for C{ecdh-sha2-nistp}, or L{x25519.X25519PrivateKey} for C{curve25519-sha256}. @return: The generated private key. ��ecdh-sha2-nistpr��r��N� unused-key�s��curve25519-sha256s��curve25519-sha256@libssh.orgz3Cannot generate elliptic curve private key for {!r}) r��r��r��_curveTable�KeyErrorr��r��rg��r ��r ��X25519PrivateKey�generate�format)rM��curver$��r$��r%��_generateECPrivateKey4��s�� z&SSHTransportBase._generateECPrivateKeyc��C��sN��\|�j��d�r\|�tjjtjj�S�\|�j�dv�r\|�tjjtjj�S�t d\|�j��)a�� Encode an elliptic curve public key to bytes. @type ecPub: The appropriate public key type matching C{self.kexAlg}: L{ec.EllipticCurvePublicKey} for C{ecdh-sha2-nistp}, or L{x25519.X25519PublicKey} for C{curve25519-sha256}. @param ecPub: The public key to encode. @rtype: L{bytes} @return: The encoded public key. r��r��z,Cannot encode elliptic curve public key for ) r��r��public_bytesr ��Encoding�X962�PublicFormat�UncompressedPoint�Rawr��)rM��ecPubr$��r$��r%��_encodeECPublicKeyM��s�� z#SSHTransportBase._encodeECPublicKeyc��C��s��\|�j��d�r3ztjd\|�j�dd��}W�n�ty��td��w�tj�\|\|�}\|� t� ��\|�}t\|�S�\|�j�dv�rGtj� \|�}\|� \|�}t\|�S�td�\|�j��)a�� Generate a shared secret for ECDH key exchange. @type ecPriv: The appropriate private key type matching C{self.kexAlg}: L{ec.EllipticCurvePrivateKey} for C{ecdh-sha2-nistp}, or L{x25519.X25519PrivateKey} for C{curve25519-sha256}. @param ecPriv: Our private key. @rtype: L{bytes} @return: The generated shared secret, as an SSH multiple-precision integer. r��r��r��Nr��r��z5Cannot generate elliptic curve shared secret for {!r})r��r��r��r��r��r��r��EllipticCurvePublicKey�from_encoded_pointrq��ECDHr ��X25519PublicKey�from_public_bytesr��r&��)rM��ecPriv�theirECPubBytesr�� theirECPubr\|��r$��r$��r%��_generateECSharedSecreth��s(�� z(SSHTransportBase._generateECSharedSecret)FrC��)r��)Zr(��r)��r��r+��r��r��protocolVersion�twisted_version�encode�version�comment�stripr��r��r��r��r��getSupportedKeyExchangesr��r��eckeyr��replacer ��ed25519_supportedr��r��r��r��r��r��r��r��r��r��r��rz��r��r��r��r��r��r��r��r��r(��r��r��r��__annotations__r��r��r��r��r��r��r��r��r��r��r��propertyr��setterr:��r@��rB��rE��rK��rR��rU��rY��r[��r��r��rc��rn��rx��r��r��r��r��r��r<��r;��rC��rG��r��r��r��r$��r$��r$��r%��r��5��s�� x� � 2'> . z r��c��@��s`��e�Zd�ZdZdZdZdd��Zdd��Zdd ��Zd d��Z dd ��Z dd��Zdd��Zdd��Z dd��ZdS�)�SSHServerTransporta/�� SSHServerTransport implements the server side of the SSH protocol. @ivar isClient: since we are never the client, this is always False. @ivar ignoreNextPacket: if True, ignore the next key exchange packet. This is set when the client sends a guessed key exchange packet but with an incorrect guess. @ivar dhGexRequest: the KEX_DH_GEX_REQUEST(_OLD) that the client sent. The key generation needs this to be stored. @ivar g: the Diffie-Hellman group generator. @ivar p: the Diffie-Hellman group prime. Fr��c��C��sd��t��\|�\|�}\|s dS�\|\}}}t\|dd��r.\|d�\|�jd�ks)\|d�\|�jd�kr0d\|�_dS�dS�dS�)aM�� Called when we receive a MSG_KEXINIT message. For a description of the packet, see SSHTransportBase.ssh_KEXINIT(). Additionally, this method checks if a guessed key exchange packet was sent. If it was sent, and it guessed incorrectly, the next key exchange packet MUST be ignored. Nr��r��T)r��r:��r��r��r��ignoreNextPacket)rM��r��retvalr,��r-��r+��r$��r$��r%��r:��s�� zSSHServerTransport.ssh_KEXINITc�� C��s��t�\|�\}}\|�jj\|�j�}\|�jj\|�j�}\|��}\|��\|�_\|��\|�j�}\|�� \|\|�}t �\|�j��}\|� t\|�j��\|� t\|�j��\|� t\|�j��\|� t\|�j��\|� t\|��\|� t\|��\|� t\|��\|� \|��\|��} \|��tt\|��t\|��t\|�\| ��\|��\|\| ��dS�)a�� Called from L{ssh_KEX_DH_GEX_REQUEST_OLD} to handle elliptic curve key exchanges. Payload:: string client Elliptic Curve Diffie-Hellman public key Just like L{_ssh_KEXDH_INIT} this message type is also not dispatched directly. Extra check to determine if this is really KEX_ECDH_INIT is required. First we load the host's public/private keys. Then we generate the ECDH public/private keypair for the given curve. With that we generate the shared secret key. Then we compute the hash to sign and send back to the client Along with the server's public key and the ECDH public key. @type packet: L{bytes} @param packet: The message data. @return: None. N)r��factory� publicKeysr��privateKeysr��ri��r��r��r��r��ry��r��r\|��r��r��r��r!��r��blobr��r��MSG_KEXDH_REPLY�signr��) rM��r��pktPub� pubHostKey�privHostKeyr��encPubr\|��hr}��r$��r$��r%��_ssh_KEX_ECDH_INIT��s,�� z%SSHServerTransport._ssh_KEX_ECDH_INITc��C��s��t�\|�\}}t�\|�j�\\|�_\|�_\|��\|��\|�}t�\|�j��}\|� t \|�j��\|� t \|�j��\|� t \|�j ��\|� t \|�j��\|� t \|�jj\|�j��\|� t\|��\|� \|�j��\|� \|��\|��}\|��tt \|�jj\|�j��\|�j�t \|�jj\|�j��\|��\|��\|\|��dS�)aW�� Called to handle the beginning of a non-group key exchange. Unlike other message types, this is not dispatched automatically. It is called from C{ssh_KEX_DH_GEX_REQUEST_OLD} because an extra check is required to determine if this is really a KEXDH_INIT message or if it is a KEX_DH_GEX_REQUEST_OLD message. The KEXDH_INIT payload:: integer e (the client's Diffie-Hellman public key) We send the KEXDH_REPLY with our host key and signature. @type packet: L{bytes} @param packet: The message data. N)r��r��getDHGeneratorAndPrimer��re��r��rn��rx��ry��r\|��r��r��r��r!��r��r��r��r��r��r��rl��r��r��r��r��r��r��rM��r��clientDHpublicKeyr?��r\|��r��r}��r$��r$��r%��_ssh_KEXDH_INIT��s.�� z"SSHServerTransport._ssh_KEXDH_INITc��C��s��\|�j�rd\|�_�dS�t�\|�j�r\|��\|�S�t�\|�j�r\|��\|�S�\|\|�_t� d\|�d�}\|�j �\|�\\|�_\|�_ \|��\|��tt\|�j �t\|�j��dS�)a�� This represents different key exchange methods that share the same integer value. If the message is determined to be a KEXDH_INIT, L{_ssh_KEXDH_INIT} is called to handle it. If it is a KEX_ECDH_INIT, L{_ssh_KEX_ECDH_INIT} is called. Otherwise, for KEX_DH_GEX_REQUEST_OLD payload:: integer ideal (ideal size for the Diffie-Hellman prime) We send the KEX_DH_GEX_GROUP message with the group that is closest in size to ideal. If we were told to ignore the next key exchange packet by ssh_KEXINIT, drop it on the floor and return. @type packet: L{bytes} @param packet: The message data. r��Nr��)r��r��isFixedGroupr��r��isEllipticCurver��dhGexRequestr��r��r�� getDHPrimere��r��rn��r��MSG_KEX_DH_GEX_GROUPr��)rM��r��idealr$��r$��r%��ssh_KEX_DH_GEX_REQUEST_OLD��s�� z-SSHServerTransport.ssh_KEX_DH_GEX_REQUEST_OLDc��C��sd��\|�j�rd\|�_�dS�\|\|�_t�d\|�\}}}\|�j�\|�\\|�_\|�_\|��\|�� t t\|�j�t\|�j��dS�)a#�� Called when we receive a MSG_KEX_DH_GEX_REQUEST message. Payload:: integer minimum integer ideal integer maximum The client is asking for a Diffie-Hellman group between minimum and maximum size, and close to ideal if possible. We reply with a MSG_KEX_DH_GEX_GROUP message. If we were told to ignore the next key exchange packet by ssh_KEXINIT, drop it on the floor and return. @type packet: L{bytes} @param packet: The message data. r��Nz>3L)r��r��r��r��r��r��re��r��rn��r��r��r��)rM��r��minr��maxr$��r$��r%��ssh_KEX_DH_GEX_REQUEST>��s�� z)SSHServerTransport.ssh_KEX_DH_GEX_REQUESTc��C��s$��t�\|�\}}\|��\|�}t�\|�j��}\|�t\|�j��\|�t\|�j��\|�t\|�j ��\|�t\|�j ��\|�t\|�jj\|�j ��\|�\|�j��\|�t\|�j��\|�t\|�j��\|�t\|��\|�\|�j��\|�\|��\|��}\|��tt\|�jj\|�j ��\|�j�t\|�jj\|�j ��\|��\|��\|\|��dS�)a�� Called when we get a MSG_KEX_DH_GEX_INIT message. Payload:: integer e (client DH public key) We send the MSG_KEX_DH_GEX_REPLY message with our host key and signature. @type packet: L{bytes} @param packet: The message data. N)r��rx��r��ry��r��r\|��r��r��r��r!��r��r��r��r��r��r��r��r��re��rl��r��r��MSG_KEX_DH_GEX_REPLYr��r��r��r��r$��r$��r%��ssh_KEX_DH_GEX_INITX��s0�� z&SSHServerTransport.ssh_KEX_DH_GEX_INITc��C��s<��\|�j�du�}t�\|�\|\|��\|r\|��dd�\|�j�fg��dS�dS�)�3 See SSHTransportBase._keySetup(). Ns��server-sig-algsr��)rz��r��r��rc��r��r��)rM��r\|��r}��firstKeyr$��r$��r%��r��s�� zSSHServerTransport._keySetupc��C��s$��\|dkr\|��td��dS�\|��dS�)a�� Called when we get a MSG_NEWKEYS message. No payload. When we get this, the keys have been set on both sides, and we start using them to encrypt and authenticate the connection. @type packet: L{bytes} @param packet: The message data. rC��NEWKEYS takes no dataN)r��r��r��rA��r$��r$��r%��ssh_NEWKEYS��s�� zSSHServerTransport.ssh_NEWKEYSc��C��sR��t�\|�\}}\|�j�\|�\|�}\|s\|��td\|��dS�\|��tt\|��\|��\|��dS�)aX�� Called when we get a MSG_SERVICE_REQUEST message. Payload:: string serviceName The client has requested a service. If we can start the service, start it; otherwise, disconnect with DISCONNECT_SERVICE_NOT_AVAILABLE. @type packet: L{bytes} @param packet: The message data. s��don't have service N) r��r�� getServicer�� DISCONNECT_SERVICE_NOT_AVAILABLEr��r��r��rU��)rM��r��r��r+��clsr$��r$��r%��ssh_SERVICE_REQUEST��s��z&SSHServerTransport.ssh_SERVICE_REQUESTN)r(��r)��r��r+��r��r��r:��r��r��r��r��r��r��r��r��r$��r$��r$��r%��r��s��;(%)r��c��@��s��e�Zd�ZdZdZdZdZdZdd��Zdd ��Z d d��Z dd ��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��Zd d!��Zd"S�)#�SSHClientTransporta)�� SSHClientTransport implements the client side of the SSH protocol. @ivar isClient: since we are always the client, this is always True. @ivar _gotNewKeys: if we receive a MSG_NEWKEYS message before we are ready to transition to the new keys, this is set to True so we can transition when the keys are ready locally. @ivar x: our Diffie-Hellman private key. @ivar e: our Diffie-Hellman public key. @ivar g: the Diffie-Hellman group generator. @ivar p: the Diffie-Hellman group prime @ivar instance: the SSHService object we are requesting. @ivar _dhMinimalGroupSize: Minimal acceptable group size advertised by the client in MSG_KEX_DH_GEX_REQUEST. @type _dhMinimalGroupSize: int @ivar _dhMaximalGroupSize: Maximal acceptable group size advertised by the client in MSG_KEX_DH_GEX_REQUEST. @type _dhMaximalGroupSize: int @ivar _dhPreferredGroupSize: Preferred group size advertised by the client in MSG_KEX_DH_GEX_REQUEST. @type _dhPreferredGroupSize: int Ti��i� ��i��c��C��s��t��\|��d\|�_dS�)z{ Called when the connection is started with the server. Just sets up a private instance variable. r��N)r��r��_gotNewKeysr��r$��r$��r%��r��s�� z!SSHClientTransport.connectionMadec�� C��s��t��\|�\|�du�r dS�t�\|�j�r)\|��\|�_\|�j��\|�_\|�� t t\|��\|�j��dS�t� \|�j�rFt�\|�j�\\|�_\|�_\|��\|�� t\|�j��dS�\|�� tt�d\|�j\|�j\|�j��dS�)a>�� Called when we receive a MSG_KEXINIT message. For a description of the packet, see SSHTransportBase.ssh_KEXINIT(). Additionally, this method sends the first key exchange packet. If the agreed-upon exchange is ECDH, generate a key pair for the corresponding curve and send the public key. If the agreed-upon exchange has a fixed prime/generator group, generate a public key and send it in a MSG_KEXDH_INIT message. Otherwise, ask for a 2048 bit group with a MSG_KEX_DH_GEX_REQUEST message. N�!LLL)r��r:��r��r��r��r��r��ri��r��r��MSG_KEX_DH_GEX_REQUEST_OLDr��r��r��r��re��r��rn��MSG_KEXDH_INITrl��MSG_KEX_DH_GEX_REQUESTr��r��_dhMinimalGroupSize�_dhPreferredGroupSize�_dhMaximalGroupSizerA��r$��r$��r%��r:��s�� zSSHClientTransport.ssh_KEXINITc��sp��fdd�}t�\|d�\}}}}d�dd��tt\|��D��}��\|\|�}\|�\|\|\|\|��\|��fdd��\|S�) a�� Called to handle a reply to a ECDH exchange message(KEX_ECDH_INIT). Like the handler for I{KEXDH_INIT}, this message type has an overlapping value. This method is called from C{ssh_KEX_DH_GEX_GROUP} if that method detects a non-group key exchange is in progress. Payload:: string serverHostKey string server Elliptic Curve Diffie-Hellman public key string signature We verify the host key and continue if it passes verificiation. Otherwise raise an exception and return. @type packet: L{bytes} @param packet: The message data. @return: A deferred firing when key exchange is complete. c��s��\|}��j\|�}t��j��}\|�t��j��\|�t��j��\|�t��j ��\|�t��j ��\|�t\|��\|�t��j��\|�t\|��\|�\|��\|� ��}tj�\|��\|\|�sd��td��d�S��\|\|��d�S�)N� ��bad signature)r��r��r��ry��r��r\|��r��r��r��r��r!��r��r��r��r��Key� fromStringr��r��r%��r��)�ignored�hostKey�pubKey� signature�theirECHostr\|��r��r}��r��r$��r%��_continue_KEX_ECDH_REPLY0��s�� zHSSHClientTransport._ssh_KEX_ECDH_REPLY.<locals>._continue_KEX_ECDH_REPLYrT��:c��S��g�\|�]}t��\|��qS�r$��binascii�hexlify�r��rv��r$��r$��r%��rb��P��z:SSHClientTransport._ssh_KEX_ECDH_REPLY.<locals>.<listcomp>c��td�S��Ns��bad host key�r��"DISCONNECT_HOST_KEY_NOT_VERIFIABLE��unusedr��r$��r%��<lambda>U��z8SSHClientTransport._ssh_KEX_ECDH_REPLY.<locals>.<lambda>)r��r��r��r��r�� verifyHostKey�addCallback� addErrback)rM��r��r��r��r��r��fingerprint�dr$��r��r%��_ssh_KEX_ECDH_REPLY��s�� z&SSHClientTransport._ssh_KEX_ECDH_REPLYc��x��t�\|�\}}t\|�\}}t�\|�\}}d�dd��tt\|��D��}��\|\|�}\|��j\|\|\|��\|� ��fdd��\|S�)a�� Called to handle a reply to a non-group key exchange message (KEXDH_INIT). Like the handler for I{KEXDH_INIT}, this message type has an overlapping value. This method is called from C{ssh_KEX_DH_GEX_GROUP} if that method detects a non-group key exchange is in progress. Payload:: string serverHostKey integer f (server Diffie-Hellman public key) string signature We verify the host key by calling verifyHostKey, then continue in _continueKEXDH_REPLY. @type packet: L{bytes} @param packet: The message data. @return: A deferred firing when key exchange is complete. r��c��S��r��r$��r��r ��r$��r$��r%��rb��v��r ��z7SSHClientTransport._ssh_KEXDH_REPLY.<locals>.<listcomp>c��r��r��r ��r��r��r$��r%��r��{��r��z5SSHClientTransport._ssh_KEXDH_REPLY.<locals>.<lambda>) r��r��r��r��r��r��r��r��_continueKEXDH_REPLYr��rM��r��r��r��r��r��r��r$��r��r%��_ssh_KEXDH_REPLY[��s�� z#SSHClientTransport._ssh_KEXDH_REPLYc��C��sb��t��\|�j�r\|��\|�S�t��\|�j�r\|��\|�S�t\|�\\|�_}t\|�\\|�_}\|�� \|�� t\|�j��dS�)a�� This handles different messages which share an integer value. If the key exchange does not have a fixed prime/generator group, we generate a Diffie-Hellman public key and send it in a MSG_KEX_DH_GEX_INIT message. Payload:: string g (group generator) string p (group prime) @type packet: L{bytes} @param packet: The message data. N) r��r��r��r��r��r��r��r��re��rn��r��MSG_KEX_DH_GEX_INITrl��)rM��r��r+��r$��r$��r%��ssh_KEX_DH_GEX_GROUP��s�� z'SSHClientTransport.ssh_KEX_DH_GEX_GROUPc�� C��s��t�j�\|�}\|��\|�}t�\|�j��}\|�t\|�j ��\|�t\|�j ��\|�t\|�j��\|�t\|�j��\|�t\|��\|�\|�j ��\|�t\|��\|�\|��\|��}\|�\|\|�s]\|��td��dS�\|��\|\|��dS�)�� The host key has been verified, so we generate the keys. @param ignored: Ignored. @param pubKey: the public key blob for the server's public key. @type pubKey: L{str} @param f: the server's Diffie-Hellman public key. @type f: L{int} @param signature: the server's signature, verifying that it has the correct private key. @type signature: L{str} r��N)r��r��r��rx��r��ry��r��r\|��r��r��r��r��r!��rl��r��r��r��r��r%��r�� rM��r��r��r��r�� serverKeyr\|��r��r}��r$��r$��r%��r��s �� z'SSHClientTransport._continueKEXDH_REPLYc��r��)a�� Called when we receive a MSG_KEX_DH_GEX_REPLY message. Payload:: string server host key integer f (server DH public key) We verify the host key by calling verifyHostKey, then continue in _continueGEX_REPLY. @type packet: L{bytes} @param packet: The message data. @return: A deferred firing once key exchange is complete. r��c��S��r��r$��r��)r��r{��r$��r$��r%��rb��r ��z;SSHClientTransport.ssh_KEX_DH_GEX_REPLY.<locals>.<listcomp>c��r��r��r ��r��r��r$��r%��r��r��z9SSHClientTransport.ssh_KEX_DH_GEX_REPLY.<locals>.<lambda>) r��r��r��r��r��r��r��r��_continueGEX_REPLYr��r��r$��r��r%��ssh_KEX_DH_GEX_REPLY��s�� z'SSHClientTransport.ssh_KEX_DH_GEX_REPLYc�� C��s��t�j�\|�}\|��\|�}t�\|�j��}\|�t\|�j ��\|�t\|�j ��\|�t\|�j��\|�t\|�j��\|�t\|��\|�t �d\|�j\|�j\|�j��\|�t\|�j��\|�t\|�j��\|�\|�j��\|�t\|��\|�\|��\|��}\|�\|\|�s{\|��td��dS�\|��\|\|��dS�)r��r��r��N)r��r��r��rx��r��ry��r��r\|��r��r��r��r��r!��r��r��r��r��r��r��r��re��rl��r��r��r��r%��r��r ��r$��r$��r%��r"��s4�� z%SSHClientTransport._continueGEX_REPLYc��C��s&��t��\|�\|\|��\|�jr\|��d��dS�dS�)r��rC��N)r��r��r��r��)rM��r\|��r}��r$��r$��r%��r��s��zSSHClientTransport._keySetupc��C��s>��\|dkr\|��td��dS�\|�jjsd\|�_dS�\|��\|��dS�)a�� Called when we receive a MSG_NEWKEYS message. No payload. If we've finished setting up our own keys, start using them. Otherwise, remember that we've received this message. @type packet: L{bytes} @param packet: The message data. rC��r��Nr��)r��r��r"��rH��r��r��connectionSecurerA��r$��r$��r%��r��s�� zSSHClientTransport.ssh_NEWKEYSc��C��sJ��\|dkr\|�j��d��nt\|�d�}\|\|�jjkr\|��td��\|��\|�j��dS�)z� Called when we receive a MSG_SERVICE_ACCEPT message. Payload:: string service name Start the service we requested. @type packet: L{bytes} @param packet: The message data. rC��z"got SERVICE_ACCEPT without payloadr��s.��received accept for service we did not requestN)r��r��r��instancerS��r��r��rU��)rM��r��rS��r$��r$��r%��ssh_SERVICE_ACCEPT��s�� z%SSHClientTransport.ssh_SERVICE_ACCEPTc��C��s��\|��tt\|j��\|\|�_dS�)z� Request that a service be run over this transport. @type instance: subclass of L{twisted.conch.ssh.service.SSHService} @param instance: The service to run. N)r��r��r��rS��r%��)rM��r%��r$��r$��r%��requestService.��s�� z!SSHClientTransport.requestServicec��C��s��t��t��S�)aa�� Returns a Deferred that gets a callback if it is a valid key, or an errback if not. @type hostKey: L{bytes} @param hostKey: The host key to verify. @type fingerprint: L{bytes} @param fingerprint: The fingerprint of the key. @return: A deferred firing with C{True} if the key is valid. )r��fail�NotImplementedError)rM��r��r��r$��r$��r%��r��:��s�� z SSHClientTransport.verifyHostKeyc��C��s��t��)z� Called when the encryption has been set up. Generally, requestService() is called to run another service over the transport. )r)��r��r$��r$��r%��r$��I��r��z#SSHClientTransport.connectionSecureN)r(��r)��r��r+��r��r��r��r��r��r:��r��r��r��r��r#��r"��r��r��r&��r'��r��r$��r$��r$��r$��r%��r��s(�� /B&)r��c��@��s��e�Zd�ZdZdd��ZdS�)�_NullEncryptionContextzH An encryption context that does not actually encrypt anything. c��C��s��\|S�)z� 'Encrypt' new data by doing nothing. @type data: L{bytes} @param data: The data to 'encrypt'. @rtype: L{bytes} @return: The 'encrypted' data. r$��)rM��r#��r$��r$��r%��r\|��V��s�� z_NullEncryptionContext.updateN)r(��r)��r��r+��r\|��r$��r$��r$��r%��r��Q��s��r��c��@��s��e�Zd�ZdZdZdS�)�_DummyAlgorithmzJ An encryption algorithm that does not actually encrypt anything. �@��N)r(��r)��r��r+��rX��r$��r$��r$��r%��r+��c��s��r+��c��@��s&��e�Zd�ZdZe��Zdd��Zdd��ZdS�)rf��z� A cipher for the none encryption method. @ivar block_size: the block size of the encryption. In the case of the none cipher, this is 8 bytes. c��C��t��S�)zN Construct a noop encryptor. @return: The encryptor. �r��r��r$��r$��r%��rV��u��z_DummyCipher.encryptorc��C��r-��)zN Construct a noop decryptor. @return: The decryptor. r.��r��r$��r$��r%��rY��}��r/��z_DummyCipher.decryptorN)r(��r)��r��r+��r+��rW��rV��rY��r$��r$��r$��r%��rf��k��s ��rf��s��diffie-hellman-group14-sha1r��r��rT��r��r��r��r��r��r��"��r/��!��rS�� r�� MSG_� MSG_KEXDH_r��r��z7legacy SSH mnemonics should not end up in messages dict)hr+��r��rq��r��r��hashlibr��r��r��r��r��typingr��cryptography.exceptionsr��cryptography.hazmat.backendsr ��cryptography.hazmat.primitivesr ��)cryptography.hazmat.primitives.asymmetricr��r��r ��&cryptography.hazmat.primitives.ciphersr��r��r��twistedr��r��twisted.conch.sshr��r��r��twisted.conch.ssh.commonr��r��r��r��r��twisted.internetr��r��twisted.loggerr��twisted.pythonr��twisted.python.compatr��r��r&��tupler'��r,��r��Protocolr��r��r��r��r+��rf��r��DH_GENERATOR�DH_PRIMEr`��rZ��r\��rW��r��r��r��r��r��r��r��r��r��r��r��r��&DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECTr��r%��DISCONNECT_RESERVEDr��r��r��r��r��r��DISCONNECT_BY_APPLICATION�DISCONNECT_TOO_MANY_CONNECTIONS�!DISCONNECT_AUTH_CANCELLED_BY_USER�)DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE�DISCONNECT_ILLEGAL_USER_NAMEr ��r��globals�itemsrS��r��r��r��r$��r$��r$��r%��<module>��s�� H%��`��,��ssh/__pycache__/keys.cpython-310.pyc��0000644��00000141331�15027667726�0013252 0��ustar�00��o ��bV��@��s��d�Z�ddlZddlZddlZddlZddlZddlmZmZm Z �ddl mZmZ�ddl Z ddlmZ�ddlmZ�ddlmZ�ddlmZmZ�dd lmZmZmZmZmZ�dd lmZmZm Z �ddl!m"Z"m#Z#�ddl$m%Z&m'Z(�dd l)mZ�ddl+m,Z,�ddl-m.Z.m/Z/�ddl0m1Z1�ddl2m3Z3�ddl4m5Z5m6Z6�ddl7m8Z8m9Z9�ddl:m;Z;�z ddl<m=Z=m>Z>�W�n�e?y��ddl<m@Z=mAZ>�Y�nw�e�B��e�C��e�D��d�ZEdddd�ZFG�dd��deG�ZHG�dd��deG�ZIG�d d!��d!eG�ZJG�d"d#��d#e9�ZKG�d$d%��d%eG�ZLd&d'��ZMG�d(d)��d)�ZNd-d+d,�ZOdS�).z0 Handling of RSA, DSA, ECDSA, and Ed25519 keys. ��N)� b64encode�decodebytes�encodebytes)�md5�sha256)�utils)�InvalidSignature)�default_backend)�hashes� serialization)�dsa�ec�ed25519�padding�rsa)�Cipher� algorithms�modes)�load_pem_private_key�load_ssh_public_key)�decoder�encoder)�PyAsn1Error)�univ)�common�sexpy)�int_to_bytes)� randbytes)� iterbytes�nativeString)� NamedConstant�Names)�_mutuallyExclusiveArguments)�decode_dss_signature�encode_dss_signature)�decode_rfc6979_signature�encode_rfc6979_signature)s��ecdsa-sha2-nistp256s��ecdsa-sha2-nistp384s��ecdsa-sha2-nistp521s��nistp256s��nistp384s��nistp521)s ��secp256r1s ��secp384r1s ��secp521r1c��@��e�Zd�ZdZdS�)�BadKeyErrorzj Raised when a key isn't what we expected from it. XXX: we really need to check for bad keys N��__name__� __module__�__qualname__�__doc__��r.��r.��8/usr/lib/python3/dist-packages/twisted/conch/ssh/keys.pyr(��F��r(��c��@��r'��)�EncryptedKeyErrorzb Raised when an encrypted key is presented to fromString/fromFile without a password. Nr)��r.��r.��r.��r/��r1��N��r0��r1��c��@��r'��)�BadFingerPrintFormatzS Raises when unsupported fingerprint formats are presented to fingerprint. Nr)��r.��r.��r.��r/��r2��U��r0��r2��c��@��s��e�Zd�ZdZe��Ze��ZdS�)�FingerprintFormatsa�� Constants representing the supported formats of key fingerprints. @cvar MD5_HEX: Named constant representing fingerprint format generated using md5[RFC1321] algorithm in hexadecimal encoding. @type MD5_HEX: L{twisted.python.constants.NamedConstant} @cvar SHA256_BASE64: Named constant representing fingerprint format generated using sha256[RFC4634] algorithm in base64 encoding @type SHA256_BASE64: L{twisted.python.constants.NamedConstant} N)r��r+��r,��r-��r ��MD5_HEX� SHA256_BASE64r.��r.��r.��r/��r3��[��s�� r3��c��@��r'��)�PassphraseNormalizationErrorz� Raised when a passphrase contains Unicode characters that cannot be normalized using the available Unicode character database. Nr)��r.��r.��r.��r/��r6��l��r0��r6��c��C��s8��t�\|�t�rtdd��\|�D��rt��t�d\|��d�S�\|�S�)a�� Normalize a passphrase, which may be Unicode. If the passphrase is Unicode, this follows the requirements of U{NIST 800-63B, section 5.1.1.2<https://pages.nist.gov/800-63-3/sp800-63b.html#memsecretver>} for Unicode characters in memorized secrets: it applies the Normalization Process for Stabilized Strings using NFKC normalization. The passphrase is then encoded using UTF-8. @type passphrase: L{bytes} or L{unicode} or L{None} @param passphrase: The passphrase to normalize. @return: The normalized passphrase, if any. @rtype: L{bytes} or L{None} @raises PassphraseNormalizationError: if the passphrase is Unicode and cannot be normalized using the available Unicode character database. c��s��s��\|�] }t��\|�d�kV��qdS�)�CnN)�unicodedata�category)�.0�cr.��r.��r/�� <genexpr>��s��z'_normalizePassphrase.<locals>.<genexpr>�NFKCzUTF-8)� isinstance�str�anyr6��r8�� normalize�encode�� passphraser.��r.��r/��_normalizePassphrases��s �� rE��c��@��s��e�Zd�ZdZedTdd��ZedTdd��Zedd��Zed d ��Zedd��Z ed d��Z edd��Zedd��Zedd��Z edd��Zedd��Zedd��ZedUdd��ZedVdd��ZedVdd ��ZedVd!d"��ZedVd#d$��Zd%d&��Zd'ed(efd)d�Zd(efd+d,�Zd-d.��Zd/d0��Zejfd1d2�Z d3d4��Z!d5d6��Z"d7d8��Z#d9d:��Z$d;d<��Z%d=d>��Z&e'd?d@gd?dAgg�dUdBdC��Z(dVdDdE�Z)dTdFdG�ZdVdHdI�Z+dWdJdK�Z,dLdM��Z-dNdO��Z.dPdQ��Z/dRdS��Z0dS�)X�Keyau�� An object representing a key. A key can be either a public or private key. A public key can verify a signature; a private key can create or verify a signature. To generate a string that can be stored on disk, use the toString method. If you have a private key, but want the string representation of the public key, use Key.public().toString(). Nc��C��s@��t�\|d��}\|��\|��\|\|�W��d��S�1�sw��Y��dS�)a�� Load a key from a file. @param filename: The path to load key data from. @type type: L{str} or L{None} @param type: A string describing the format the key data is in, or L{None} to attempt detection of the type. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if there is no encryption. @rtype: L{Key} @return: The loaded key. �rbN)�open� fromString�read)�cls�filename�typerD��fr.��r.��r/��fromFile��s��$�zKey.fromFilec��C��s��t�\|t�r \|�d�}t\|�}\|du�r\|��\|�}\|du�r"td\|��t\|�d\|��d�}\|du�r8td\|��\|jj dkrH\|rDtd��\|\|�S�\|\|\|�S�)a�� Return a Key object corresponding to the string data. type is optionally the type of string, matching a _fromString_* method. Otherwise, the _guessStringType() classmethod will be used to guess a type. If the key is encrypted, passphrase is used as the decryption key. @type data: L{bytes} @param data: The key data. @type type: L{str} or L{None} @param type: A string describing the format the key data is in, or L{None} to attempt detection of the type. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if there is no encryption. @rtype: L{Key} @return: The loaded key. �utf-8Nzcannot guess the type of �_fromString_zno _fromString method for ��zkey not encrypted) r>��r?��rB��rE��_guessStringTyper(��getattr�upper�__code__�co_argcount)rK��datarM��rD��methodr.��r.��r/��rI��s�� zKey.fromStringc��C��s��t��\|�\}}\|dkr t��\|d�\}}}\|�t�\|\|��t��S�\|dkrBt��\|d�\}}}} }\|�tj\| tj \|\|\|d�d��t��S�\|t v�rW\|�tj� t \|�t��\|d�d��S�\|dkrgt��\|�\} }\|��\| �S�td \|��) a�� Return a public key object corresponding to this public key blob. The format of a RSA public key blob is:: string 'ssh-rsa' integer e integer n The format of a DSA public key blob is:: string 'ssh-dss' integer p integer q integer g integer y The format of ECDSA-SHA2-* public key blob is:: string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name. The format of an Ed25519 public key blob is:: string 'ssh-ed25519' string a @type blob: L{bytes} @param blob: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type (the first string) is unknown. ��ssh-rsarR��ssh-dss��p�q�g��y�parameter_numbers��ssh-ed25519�unknown blob type: )r��getNS�getMPr��RSAPublicNumbers� public_keyr ��r��DSAPublicNumbers�DSAParameterNumbers�_curveTabler ��EllipticCurvePublicKey�from_encoded_point�_fromEd25519Componentsr(��)rK��blob�keyType�rest�e�nr^��r_��r`��rb��ar.��r.��r/��_fromString_BLOB��s,��"�� zKey._fromString_BLOBc��C��s��t��\|�\}}\|dkr"t��\|d�\}}}}}} }\|�j\|\|\|\|\| d�S�\|dkr<t��\|d�\}} } }}}\|�j\|\| \|\| \|d�S�\|tv�rnt\|�} t��\|d�\}} }\|t\| j�d��kr_t d \|\|f��t��\|�\}}\|�j \| \|\|d �S�\|dkr�t��\|d�\}}}\|dd ��}\|�j\|\|d�S�t d\|��)a6�� Return a private key object corresponding to this private key blob. The blob formats are as follows: RSA keys:: string 'ssh-rsa' integer n integer e integer d integer u integer p integer q DSA keys:: string 'ssh-dss' integer p integer q integer g integer y integer x EC keys:: string 'ecdsa-sha2-[identifier]' string identifier string q integer privateValue identifier is the standard NIST curve name. Ed25519 keys:: string 'ssh-ed25519' string a string k \|\| a @type blob: L{bytes} @param blob: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * the key type (the first string) is unknown * the curve name of an ECDSA key does not match the key type rZ��ru��rt��dr^��r_��r[��rb��r`��r^��r_��xrR��asciiz.ECDSA curve name %r does not match key type %r)�encodedPoint�curve�privateValuere��N� ��)�krf��)r��rg��rh��_fromRSAComponents�_fromDSAComponentsrm�� _secToNist�namerB��r(��_fromECEncodedPointrp��)rK��rq��rr��rs��ru��rt��rz��ur^��r_��r`��rb��r}��r�� curveNamer��rv��combinedr��r.��r.��r/��_fromString_PRIVATE_BLOB��s2��.��zKey._fromString_PRIVATE_BLOBc��C��s4��\|��d�r \|�t\|t��S�t\|��d��}\|��\|�S�)a�� Return a public key object corresponding to this OpenSSH public key string. The format of an OpenSSH public key string is:: <key type> <base64-encoded public key blob> @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the blob type is unknown. s ��ecdsa-sha2rd��)� startswithr��r ��r��splitrw��)rK��rX��rq��r.��r.��r/��_fromString_PUBLIC_OPENSSH\��s�� zKey._fromString_PUBLIC_OPENSSHc��C��s��\|��}td�\|dd��}\|�d�std��\|td�d��}t�\|d�\}}}}t � d\|dd ��d �} \| dkr@td��t�\|d d��d�\} }} \|d kr�\|sWtd��\|dv�rmtj }d} t\|dd��d�}\| }ntd\|��\|dkr�t�\|�\}}t � d\|dd ��d �}tj\|\|\|\|�\|dd�}ntd\|��t\|�\| �d kr�td��t\|\|d\|��t�\|\|\|\|��t��d��}\|�\|�\|��}n \|d kr�td\|f��\|}t � d\|dd ��d �}t � d\|d d��d �}\|\|kr�td\|\|f��\|��\|dd��S�)a�� Return a private key object corresponding to this OpenSSH private key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5. The format of an openssh-key-v1 private key string is:: -----BEGIN OPENSSH PRIVATE KEY----- <base64-encoded SSH protocol string> -----END OPENSSH PRIVATE KEY----- The SSH protocol string is as described in U{PROTOCOL.key<https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key>}. @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if a passphrase is provided for an unencrypted key * the SSH protocol encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key ��rd��openssh-key-v1�z"unknown OpenSSH private key formatN��!Lr\��r��zDonly OpenSSH private key files containing a single key are supportedrR��none�0Passphrase must be provided for an encrypted key)s ��aes128-ctrs ��aes192-ctr� ��aes256-ctr��rx��unknown encryption type ��bcryptT)�ignore_few_roundszunknown KDF type zbad padding��backendzprivate key specifies KDF %r but no cipherz#check values do not match: %d != %d)�strip� splitlinesr��joinr��r(��lenr��rg��struct�unpackr1��r��AES�int�bcrypt�kdfr��r��CTRr �� decryptor�update�finalizer��)rK��rX��rD��lines�keyList�cipherr�� kdfOptionsrs��ru��_�encPrivKeyList�algorithmClass� blockSize�keySize�ivSize�salt�rounds�decKeyr��privKeyList�check1�check2r.��r.��r/��_fromPrivateOpenSSH_v1q��sl�� zKey._fromPrivateOpenSSH_v1c��s@��\|��}\|d�dd��}\|d��d�r�\|std��z\|d��dd�\}}\|��d d�\}��W�n�tyA��td \|d��w�\|dv�r_tj }t \|�d�d��d �} t��dkr^td��n\|dkrstj}d} t��dkrrtd��ntd\|��t t��fdd�tdt��d�D��} t\|\| dd ��}t\|\|�\| dd ��}\|\|�d\| ��} td�\|dd��}t\|\| �t�\| �t��d��}\|�\|�\|��}t\|dd��}\|d\|��}n d�\|dd��}t\|�}z t�\|�d�}W�n�t�y�}�ztd\|��d}~ww�\|dk�r\|�t\|\|t��S�\|dk�r`t\|�dk�r+\|d�}t\|�dk��r6td ��d!d��\|dd"��D��\}}}}}}}}\|�t j!\|\|\|\|\|\|t j"\|\|d#�d$��#t��S�\|d%k�r�d&d��\|dd��D��\}}}}}t\|�dk��r�td'��\|�t$j%\|t$j&\|t$j'\|\|\|d(�d)�d�j#t��d��S�td+\|��),a�� Return a private key object corresponding to this OpenSSH private key string, in the old PEM-based format. The format of a PEM-based OpenSSH private key string is:: -----BEGIN <key type> PRIVATE KEY----- [Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,<initialization value>] <base64-encoded ASN.1 structure> ------END <key type> PRIVATE KEY------ The ASN.1 structure of a RSA key is:: (0, n, e, d, p, q) The ASN.1 structure of a DSA key is:: (0, p, q, g, y, x) The ASN.1 structure of a ECDSA key is:: (ECParameters, OID, NULL) @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * a passphrase is provided for an unencrypted key * the ASN.1 encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key r��rd��Proc-Type: 4,ENCRYPTEDr��rR�� ,zinvalid DEK-info )s��AES-128-CBCs��AES-256-CBC��-r��r��zAES encrypted key with a bad IVs��DES-EDE3-CBC��r��zDES encrypted key with a bad IVr��c��3��s&��\|�]}t��\|\|d��d�V��qdS�)rR��r��N�r��r:��i��ivdatar.��r/��r<�� s��$�z.Key._fromPrivateOpenSSH_PEM.<locals>.<genexpr>Nr��r��r��r��z(Failed to decode key (Bad Passphrase?): s��ECs��RSArx��z!RSA key failed to decode properlyc��s��\|�]}t�\|�V��qd�S��Nr��r:��valuer.��r.��r/��r<��-�� rt��ru��r^��r_��rz��dmp1�dmq1�iqmp�public_numberss��DSAc��s��r��r��r��r��r.��r.��r/��r<��:��r��z!DSA key failed to decode properlyr]��ra��r}��r��unknown key type )(r��r��r��r1��r��rstrip� ValueErrorr(��r��r��r��r�� TripleDES�bytes� bytearray�ranger��digestr��r��r��r��CBCr ��r��r��r��ord� berDecoder�decoder��r��r��RSAPrivateNumbersri��private_keyr��DSAPrivateNumbersrk��rl��)rK��rX��rD��r��kindr��cipherIVInfor��r��r��iv�ba�bbr��b64Datar��keyData� removeLen� decodedKey� asn1Errorru��rt��rz��r^��r_��r��r��r��r`��rb��r}��r.��r��r/��_fromPrivateOpenSSH_PEM��s��%�� &�� zKey._fromPrivateOpenSSH_PEMc��C��s4��\|��d�dd��dkr\|��\|\|�S�\|��\|\|�S�)a�� Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error. @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * a passphrase is provided for an unencrypted key * the encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key r��r��r��s��OPENSSH)r��r��r��r��)rK��rX��rD��r.��r.��r/��_fromString_PRIVATE_OPENSSHH��s��zKey._fromString_PRIVATE_OPENSSHc��C��s��t��t\|dd��}\|d�dksJ��i�}\|d�dd��D�]\}}t�t�\|��d�\|\|<�q\|d�d�dkrG\|�j\|d�\|d�\|d �\|d �d�S�\|d�d�dkrZ\|�j\|d �\|d�d�S�td\|d�d��)a�� Return a public key corresponding to this LSH public key string. The LSH public key string format is:: <s-expression: ('public-key', (<key type>, (<name, <value>)+))> The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e. The names for a DSA (key type 'dsa') key are: y, g, p, q. @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type is unknown rd��r��r�� public-keyN��dsa��y��g��p��q�rb��r`��r^��r_��rsa-pkcs1-sha1��n��e�ru��rt��unknown lsh key type ) r��parser��r��rh��NSr��r��r(��rK��rX��sexp�kdr��r.��r.��r/��_fromString_PUBLIC_LSHe��s��zKey._fromString_PUBLIC_LSHc��C��s0��t��\|�}\|d�dks J��i�}\|d�dd��D�]\}}t�t�\|��d�\|\|<�q\|d�d�dkrPt\|�dks<J�t\|��\|�j\|d�\|d�\|d �\|d �\|d�d�S�\|d�d�d kr�t\|�dksdJ�t\|��\|d �\|d �kry\|d �\|d �\|d <�\|d <�\|�j\|d�\|d�\|d�\|d �\|d �d�S�td\|d�d��)a+�� Return a private key corresponding to this LSH private key string. The LSH private key string format is:: <s-expression: ('private-key', (<key type>, (<name>, <value>)+))> The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e, d, p, q. The names for a DSA (key type 'dsa') key are: y, g, p, q, x. @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type is unknown r��private-keyrd��Nr��r{��r��r��r��r��xr\|�� rsa-pkcs1r��r��r��dry��r��) r��r��r��rh��r��r��r��r��r(��r��r.��r.��r/��_fromString_PRIVATE_LSH��s$�� zKey._fromString_PRIVATE_LSHc��C��s��t��\|�\}}\|dkr8t��\|�\}}t��\|�\}}t��\|�\}}t��\|�\}}t��\|�\}}\|�j\|\|\|\|\|d�S�\|dkrqt��\|�\}}t��\|�\} }t��\|�\} }t��\|�\}}t��\|�\}}t��\|�\}}\|�j\| \|\| \|\|\|d�S�td\|��)a�� Return a private key object corresponsing to the Secure Shell Key Agent v3 format. The SSH Key Agent v3 format for a RSA key is:: string 'ssh-rsa' integer e integer d integer n integer u integer p integer q The SSH Key Agent v3 format for a DSA key is:: string 'ssh-dss' integer p integer q integer g integer y integer x @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type (the first string) is unknown r[��r\|��rZ��ru��rt��rz��r^��r_��r��r��)r��rg��rh��r��r��r(��)rK��rX��rr��r^��r_��r`��rb��r}��rt��rz��ru��r��r.��r.��r/��_fromString_AGENTV3��s"��zKey._fromString_AGENTV3c��C��s��\|��d�s \|��d�rdS�\|��d�rdS�\|��d�rdS�\|��d�r!d S�\|��d �s0\|��d�s0\|��d�rPt�\|�\}}d }\|rH\|d7�}t�\|�\}}\|s;\|dkrNdS�dS�dS�)z� Guess the type of key in data. The types map to _fromString_* methods. @type data: L{bytes} @param data: The key data. s��ssh-��ecdsa-sha2-�public_opensshs ��-----BEGIN�private_openssh��{� public_lsh��(�private_lshs��ssh-s ��ecdsa-s��ssh-ed25519r��rd��r\��agentv3rq��N)r��r��rg��rh��)rK��rX��ignoredrs��countr.��r.��r/��rS��s0�� zKey._guessStringTypec�� C��sn��t�j\|\|d�}\|du�r\|�t��}\|�\|�S�t�j\|\|\|t��\|\|�t��\|\|�t��\|\|�\|d�} \| �t��}\|�\|�S�)a�� Build a key from RSA numerical components. @type n: L{int} @param n: The 'n' RSA variable. @type e: L{int} @param e: The 'e' RSA variable. @type d: L{int} or L{None} @param d: The 'd' RSA variable (optional for a public key). @type p: L{int} or L{None} @param p: The 'p' RSA variable (optional for a public key). @type q: L{int} or L{None} @param q: The 'q' RSA variable (optional for a public key). @type u: L{int} or L{None} @param u: The 'u' RSA variable. Ignored, as its value is determined by p and q. @rtype: L{Key} @return: An RSA key constructed from the values as given. r��Nr��) r��ri��rj��r ��r��rsa_crt_dmp1�rsa_crt_dmq1�rsa_crt_iqmpr��) rK��ru��rt��rz��r^��r_��r�� publicNumbers� keyObject�privateNumbersr.��r.��r/��r��s�� zKey._fromRSAComponentsc�� C��sX��t�j\|t�j\|\|\|d�d�}\|du�r\|�t��}\|�\|�S�t�j\|\|d�}\|�t��}\|�\|�S�)a�� Build a key from DSA numerical components. @type y: L{int} @param y: The 'y' DSA variable. @type p: L{int} @param p: The 'p' DSA variable. @type q: L{int} @param q: The 'q' DSA variable. @type g: L{int} @param g: The 'g' DSA variable. @type x: L{int} or L{None} @param x: The 'x' DSA variable (optional for a public key) @rtype: L{Key} @return: A DSA key constructed from the values as given. r]��ra��Nr��)r��rk��rl��rj��r ��r��r��) rK��rb��r^��r_��r`��r}��r��r��r��r.��r.��r/��r��)��s��zKey._fromDSAComponentsc��C��sR��t�j\|\|t\|�d�}\|du�r\|�t��}\|�\|�S�t�j\|\|d�}\|�t��}\|�\|�S�)a�� Build a key from EC components. @param x: The affine x component of the public point used for verifying. @type x: L{int} @param y: The affine y component of the public point used for verifying. @type y: L{int} @param curve: NIST name of elliptic curve. @type curve: L{bytes} @param privateValue: The private value. @type privateValue: L{int} �r}��rb��r��N)� private_valuer��)r ��EllipticCurvePublicNumbersrm��rj��r ��EllipticCurvePrivateNumbersr��)rK��r}��rb��r��r��r��r��r��r.��r.��r/��_fromECComponentsL��s�� zKey._fromECComponentsc��C��s>��\|du�rt�j�t\|�\|�}\|�\|�S�t��\|t\|�t��}\|�\|�S�)aa�� Build a key from an EC encoded point. @param encodedPoint: The public point encoded as in SEC 1 v2.0 section 2.3.3. @type encodedPoint: L{bytes} @param curve: NIST name of elliptic curve. @type curve: L{bytes} @param privateValue: The private value. @type privateValue: L{int} N)r ��rn��ro��rm��derive_private_keyr ��)rK��r��r��r��r��r.��r.��r/��r��l��s��zKey._fromECEncodedPointc��C��s0��\|du�rt�j�\|�}\|�\|�S�t�j�\|�}\|�\|�S�)a��Build a key from Ed25519 components. @param a: The Ed25519 public key, as defined in RFC 8032 section 5.1.5. @type a: L{bytes} @param k: The Ed25519 private key, as defined in RFC 8032 section 5.1.5. @type k: L{bytes} N)r��Ed25519PublicKey�from_public_bytes�Ed25519PrivateKey�from_private_bytes)rK��rv��r��r��r.��r.��r/��rp��s �� zKey._fromEd25519Componentsc��C��s ��\|\|�_�dS�)z� Initialize with a private or public C{cryptography.hazmat.primitives.asymmetric} key. @param keyObject: Low level key. @type keyObject: C{cryptography.hazmat.primitives.asymmetric} key. N)� _keyObject)�selfr��r.��r.��r/��__init__��s�� zKey.__init__�other�returnc��C��s.��t�\|t�r\|��\|��ko\|��\|��kS�tS�)zN Return True if other represents an object with the same key. )r>��rF��rM��rX��NotImplemented)r&��r(��r.��r.��r/��__eq__��s�� z Key.__eq__c��C��s��\|��dkrO\|��}\|d��d�}\|��r d\|dd��d�}n d\|dd��d�}t\|��D�]\}}\|dkr@\|d \|��7�}q0\|d \|��d\|��7�}q0\|d�S�d t\|��\|��r[dp\d\|��f�g}t\|��D�]T\}}\|�d\|��d��\|��dkr�\|nt � \|�dd��}\|r�\|dd��}\|dd��}d} t\|�D�]} \| t\| �d�d��} q�t \|�dk�r�\| dd��} \|�d\| ��\|s�qk\|d�d�\|d<�d �\|�S�)z@ Return a pretty representation of this object. �ECr��rP��z<Elliptic Curve Public Key (��Nz bits)z<Elliptic Curve Private Key (z curve: � z: z> z<%s %s (%s bits)z Public KeyzPrivate Keyzattr �:�Ed25519r\��02xr�� >)rM��rX��r��isPublic�sorted�itemsr��size�appendr��MPr��r��r��r��)r&��rX��r��outr��vr��by�m�or;��r.��r.��r/��__repr__��sD�� "�� zKey.__repr__c��C��s��t�\|�jtjtjtjtj f�S�)zl Check if this instance is a public key. @return: C{True} if this is a public key. ) r>��r%��r��RSAPublicKeyr��DSAPublicKeyr ��rn��r��r!��r&��r.��r.��r/��r6��s��zKey.isPublicc��C��s��\|��r\|�S�t\|�j��S�)z� Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self. @rtype: L{Key} @return: A public key. )r6��rF��r%��rj��rD��r.��r.��r/��public��s�� z Key.publicc��C��sb��\|t�ju�rttt\|��S�\|t�ju�rtd�dd��t t \|��D��S�td\|��)aO�� The fingerprint of a public key consists of the output of the message-digest algorithm in the specified format. Supported formats include L{FingerprintFormats.MD5_HEX} and L{FingerprintFormats.SHA256_BASE64} The input to the algorithm is the public key data as specified by [RFC4253]. The output of sha256[RFC4634] algorithm is presented to the user in the form of base64 encoded sha256 hashes. Example: C{US5jTUa0kgX5ZxdqaGF0yGRu8EgKXHNmoT8jHKo1StM=} The output of the MD5[RFC1321](default) algorithm is presented to the user as a sequence of 16 octets printed as hexadecimal with lowercase letters and separated by colons. Example: C{c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87} @param format: Format for fingerprint generation. Consists hash function and representation format. Default is L{FingerprintFormats.MD5_HEX} @since: 8.2 @return: the user presentation of this L{Key}'s fingerprint, as a string. @rtype: L{str} ��:c��S��s��g�\|�]}t��\|��qS�r.��)�binascii�hexlify�r:��r}��r.��r.��r/�� <listcomp>��s��z#Key.fingerprint.<locals>.<listcomp>z Unsupported fingerprint format: )r3��r5��r��r��r��rq��r��r4��r��r��r��r2��)r&��formatr.��r.��r/��fingerprint��s�� zKey.fingerprintc��C��sp��t�\|�jtjtjf�rdS�t�\|�jtjtjf�rdS�t�\|�jtj tj f�r$dS�t�\|�jtjtj f�r0dS�td\|�j��)z� Return the type of the object we wrap. Currently this can only be 'RSA', 'DSA', 'EC', or 'Ed25519'. @rtype: L{str} @raises RuntimeError: If the object type is unknown. �RSA�DSAr,��r0��zunknown type of object: )r>��r%��r��rB�� RSAPrivateKeyr��rC�� DSAPrivateKeyr ��rn��EllipticCurvePrivateKeyr��r!��r#��RuntimeErrorrD��r.��r.��r/��rM��!��s��zKey.typec��C��s8��\|��dkrdt\|�jjj�d��S�dddd�\|��S�)aK�� Get the type of the object we wrap as defined in the SSH protocol, defined in RFC 4253, Section 6.6. Currently this can only be b'ssh-rsa', b'ssh-dss' or b'ecdsa-sha2-[identifier]'. identifier is the standard NIST curve name @return: The key type format. @rtype: L{bytes} r,��r��r~��rZ��r[��re��)rM��rN��r0��)rM��r��r%��r��r��rB��rD��r.��r.��r/��sshType8��s��zKey.sshTypec��C��s<��\|�j�du�rdS�\|��dkr\|�j�jjS�\|��dkrdS�\|�j�jS�)zv Return the size of the object we wrap. @return: The size of the key. @rtype: L{int} Nr��r,��r0��)r%��rM��r��key_sizerD��r.��r.��r/��r9��N��s�� zKey.sizec�� C��s��t�\|�jtj�r\|�j��}\|j\|jd�S�t�\|�jtj�r5\|�j��}\|jj\|jj\|j \|j \|jt�\|j\|j �d�S�t�\|�jt j�rO\|�j��}\|j\|jj\|jj \|jjd�S�t�\|�jt j�ro\|�j��}\|j\|jj\|jjj\|jjj \|jjjd�S�t�\|�jtj�r�\|�j��}\|j\|j\|��d�S�t�\|�jtj�r�\|�j��}\|jj\|jj\|j\|��d�S�t�\|�jtj�r�d\|�j�tjjtjj�iS�t�\|�jtj �r�\|�j�!��tjjtjj�\|�j�"tjjtj#jt�$��d�S�t%d \|�j��) z_ Return the values of the public key as a dictionary. @rtype: L{dict} r��r ��r��)r}��rb��r`��r^��r_��r��)r}��rb��r��r��rv��)rv��r��zUnexpected key type: )&r>��r%��r��rB��r��ru��rt��rO��private_numbersrz��r^��r_��r��r��rC��rb��rc��r`��rP��r}��r ��rn��rS��rQ��r��r��r!��public_bytesr��Encoding�Raw�PublicFormatr#��rj�� private_bytes� PrivateFormat�NoEncryptionrR��)r&��numbersr.��r.��r/��rX��]��st�� zKey.datac��C��s��\|��}\|��}\|dkrt�d�t�\|d��t�\|d��S�\|dkrDt�d�t�\|d��t�\|d��t�\|d ��t�\|d ��S�\|dkrx\|�jjjd�d �}t�\|d��t�\|d�dd��t�dt� \|d�\|��t� \|d �\|��S�\|dkr�t�d�t�\|d��S�t d\|��)a�� Return the public key blob for this key. The blob is the over-the-wire format for public keys. SECSH-TRANS RFC 4253 Section 6.6. RSA keys:: string 'ssh-rsa' integer e integer n DSA keys:: string 'ssh-dss' integer p integer q integer g integer y EC keys:: string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name Ed25519 keys:: string 'ssh-ed25519' string a @rtype: L{bytes} rM��rZ��rt��ru��rN��r[��r^��r_��r`��rb��r,��r��r��N��r}��r0��re��rv��unknown key type: )rM��rX��r��r��r;��r%��r��rU��r��r��r(��)r&��rM��rX�� byteLengthr.��r.��r/��rq��s@�� &�� zKey.blobc��C��s��\|��}\|��}\|dkrCt�\|d�\|d��}t�d�t�\|d��t�\|d��t�\|d��t�\|��t�\|d��t�\|d��S�\|dkrot�d �t�\|d��t�\|d��t�\|d ��t�\|d��t�\|d��S�\|d kr�\|�j�� t jjt j j�}t�\|d��t�\|d�dd��t�\|��t�\|d��S�\|dkr�t�d�t�\|d��t�\|d�\|d��S�td\|��)a1�� Return the private key blob for this key. The blob is the over-the-wire format for private keys: Specification in OpenSSH PROTOCOL.agent RSA keys:: string 'ssh-rsa' integer n integer e integer d integer u integer p integer q DSA keys:: string 'ssh-dss' integer p integer q integer g integer y integer x EC keys:: string 'ecdsa-sha2-[identifier]' integer x integer y integer privateValue identifier is the NIST standard curve name. Ed25519 keys:: string 'ssh-ed25519' string a string k \|\| a rM��r^��r_��rZ��ru��rt��rz��rN��r[��r`��rb��r}��r,��r��r`��Nr��r0��re��rv��r��rb��)rM��rX��r��r��r��r��r;��r%��rj��rW��r��rX��X962rZ��UncompressedPointr(��)r&��rM��rX��r��encPubr.��r.��r/��privateBlob��sh��)�� zKey.privateBlob�extra�commentrD��c��C��s��\|durt�jdtdd��\|��r\|}n\|}t\|t�r\|�d�}t\|�}t\|�d\|� ��d�}\|du�r9t d\|��\|\|\|\|d�S�) a�� Create a string representation of this key. If the key is a private key and you want the representation of its public key, use C{key.public().toString()}. type maps to a _toString_ method. @param type: The type of string to emit. Currently supported values are C{'OPENSSH'}, C{'LSH'}, and C{'AGENTV3'}. @type type: L{str} @param extra: Any extra data supported by the selected format which is not part of the key itself. For public OpenSSH keys, this is a comment. For private OpenSSH keys, this is a passphrase to encrypt with. (Deprecated since Twisted 20.3.0; use C{comment} or C{passphrase} as appropriate instead.) @type extra: L{bytes} or L{unicode} or L{None} @param subtype: A subtype of the requested C{type} to emit. Only supported for private OpenSSH keys, for which the currently supported subtypes are C{'PEM'} and C{'v1'}. If not given, an appropriate default is used. @type subtype: L{str} or L{None} @param comment: A comment to include with the key. Only supported for OpenSSH keys. Present since Twisted 20.3.0. @type comment: L{bytes} or L{unicode} or L{None} @param passphrase: A passphrase to encrypt the key with. Only supported for private OpenSSH keys. Present since Twisted 20.3.0. @type passphrase: L{bytes} or L{unicode} or L{None} @rtype: L{bytes} Nz�The 'extra' argument to twisted.conch.ssh.keys.Key.toString was deprecated in Twisted 20.3.0; use 'comment' or 'passphrase' instead.r��)� stacklevelrP�� _toString_rb��)�subtyperi��rD��)�warnings�warn�DeprecationWarningr6��r>��r?��rB��rE��rT��rU��r(��)r&��rM��rh��rl��ri��rD��rY��r.��r.��r/��toString8��s ��-� zKey.toStringc��C��sn��\|��dkr\|s d}\|�j�tjjtjj�d�\|��S�t\|�� dd�}\|s)d}\|��d�\|�d�\|��S�)a�� Return a public OpenSSH key string. See _fromString_PUBLIC_OPENSSH for the string format. @type comment: L{bytes} or L{None} @param comment: A comment to include with the key, or L{None} to omit the comment. r,��r��r�� )rM��r%��rW��r��rX��OpenSSHrZ��r��r��rq��replacerS��)r&��ri��r��r.��r.��r/��_toPublicOpenSSHz��s �� zKey._toPublicOpenSSHc��s��\|r%t�j}d}d}\|jd�}d}\|}t�\|�} d} t�\| �t�d\| ��}nd}d}d}d}t�d �}\|\|�\|�� t�\|p>d��} d }t \| �\|�r\\|d7�}\| t\|d@�f�7�} t \| �\|�sI\|r�t� \|\| \|\|�d�}t\|\|d \|��t�\|\|\|\|��t��d��}\|�\| �\|��}n\| }dt�\|��t�\|��t�\|��t�dd��t�\|��t�\|��}t\|��dd��dg��fdd�td t ��d�D��dg�}d�\|�d�S�)aP�� Return a private OpenSSH key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5. See _fromPrivateOpenSSH_v1 for the string format. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase to encrypt the key with, or L{None} if it is not encrypted. r��r��r��r��d��r��r��r��r\��r��rd��Nr��r��rq��s#��-----BEGIN OPENSSH PRIVATE KEY-----c��g�\|�] }��\|\|d��qS��@��r.��r��r��r.��r/��rJ��z,Key._toPrivateOpenSSH_v1.<locals>.<listcomp>ry��s!��-----END OPENSSH PRIVATE KEY-----)r��r�� block_sizer��secureRandomr��r��r��packrg��r��r��r��r��r��r��r��r �� encryptorr��r��rq��r��rs��r��r��)r&��ri��rD��r�� cipherName�kdfNamer��r��r��r��r��r��checkr��padByte�encKeyr��r��rq��r��r.��rz��r/��_toPrivateOpenSSH_v1��sl�� zKey._toPrivateOpenSSH_v1c�� sl��\|��dkr\|s t��}nt�\|�}\|�j�tjjtjj \|�S�\|��dkr(t d��\|��}d�d\|�� d�df�g}\|��dkrm\|d �\|d �}}t�\|\|�}d\|d�\|d �\|d�\|\|\|d�\|d��\|d�\|d��\|f }nd\|d �\|d �\|d�\|d�\|d�f}t��} tt��\|�D�] \} }\| �\| t�\|��q�t� \| �}\|�rt�d�} d�dd��t\| �D��}\|� d�}\|�d��\|�d\|�d��t\|\| ��}t\|\|�\| ��}\|\|�dd��}dt\|�d��}\|t\|f�\|�7�}t t!�"\|�t#�$\| �t%��d��&��}\|�'\|�\|�(��}t)\|��dd��\|��fdd�t+dt��d�D��7�}\|�d�d\|�� d�df��d�\|�S�) a,�� Return a private OpenSSH key string, in the old PEM-based format. See _fromPrivateOpenSSH_PEM for the string format. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase to encrypt the key with, or L{None} if it is not encrypted. r,��r0��zBcannot serialize Ed25519 key to OpenSSH PEM format; use v1 insteadr��s��-----BEGIN r~��s�� PRIVATE KEY-----rM��r^��r_��r��ru��rt��rz��rd��r`��rb��r}��r��r2��c��S��s��g�\|�]}t�\|�d��qS�)�02X)r��rI��r.��r.��r/��rJ�� s��z-Key._toPrivateOpenSSH_PEM.<locals>.<listcomp>r��s��DEK-Info: DES-EDE3-CBC,rq��Nr��r��c��rw��rx��r.��r��rz��r.��r/��rJ��r{��ry��s ��-----END ),rM��r��r]��BestAvailableEncryptionr%��r[��rX��PEMr\��TraditionalOpenSSLr��rX��r��rB��r��r��r��Sequence�zip� itertoolsr��setComponentByPosition�Integer� berEncoderr��r}��r��r:��r��r��r��r��r��r��r��r��r��r ��r��r��r��r��rs��r��)r&��rD��r��rX��r��r^��r_��r��objData�asn1Sequence�indexr��asn1Datar��hexivr��r��r��padLenr.��rz��r/��_toPrivateOpenSSH_PEM��sv�� $ ��"� zKey._toPrivateOpenSSH_PEMc��C��sh��\|��r \|�j\|d�S�\|dks\|du�r\|��dkr\|�j\|\|d�S�\|du�s'\|dkr-\|�j\|d�S�td\|��) ar�� Return a public or private OpenSSH string. See L{_fromString_PUBLIC_OPENSSH} and L{_fromPrivateOpenSSH_PEM} for the string formats. @param subtype: A subtype to emit. Only supported for private keys, for which the currently supported subtypes are C{'PEM'} and C{'v1'}. If not given, an appropriate default is used. @type subtype: L{str} or L{None} @param comment: Comment for a public key. @type comment: L{bytes} @param passphrase: Passphrase for a private key. @type passphrase: L{bytes} @rtype: L{bytes} )ri��v1Nr0��)ri��rD��r��rC��zunknown subtype )r6��rt��rM��r��r��r��)r&��rl��ri��rD��r.��r.��r/��_toString_OPENSSH!��s��zKey._toString_OPENSSHc��K��s��\|��}\|��}\|��r�\|dkr2t�dddt�\|d��dd��gdt�\|d ��dd��gggg�}nE\|d krpt�dddt�\|d ��dd��gdt�\|d��dd��gdt�\|d��dd��gdt�\|d��dd��gggg�}ntd\|��dt\|�� dd��d�S�\|dk�r\|d �\|d�}}t �\|\|�}t�dddt�\|d��dd��gdt�\|d ��dd��gdt�\|d��dd��gdt�\|�dd��gdt�\|�dd��gdt�\|d�\|d��dd��gdt�\|d�\|d��dd��gd t�\|�dd��gg gg�S�\|d k�rLt�dddt�\|d ��dd��gdt�\|d��dd��gdt�\|d��dd��gdt�\|d��dd��gd!t�\|d"��dd��gggg�S�td\|��d#��)$z� Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats. @rtype: L{bytes} rM��r��r��r��ru��r\��Nr��rt��rN��r��r��r^��r��r_��r��r`��r��rb��r��r��rq��r��}r��r��r��rz��ard��b��cr��r}��')rX��rM��r6��r��r~��r��r;��r(��r��rs��r��r��)r&��kwargsrX��rM��r��r^��r_��r��r.��r.��r/�� _toString_LSH>��sv�� zKey._toString_LSHc��K��s��\|��}\|��sJ\|��dkr#\|d�\|d�\|d�\|d�\|d�\|d�f}n\|��dkr:\|d�\|d�\|d �\|d �\|d�f}t�\|��d�ttj\|��S�d S�)z� Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format. @rtype: L{bytes} rM��rt��rz��ru��r��r^��r_��rN��r`��rb��r}��r��N) rX��r6��rM��r��r��rS��r��mapr;��)r&��r��rX��valuesr.��r.��r/��_toString_AGENTV3��s��" �zKey._toString_AGENTV3c��C��s��\|��}\|dkr\|�j�\|t��t��}t�\|�}n�\|dkr;\|�j�\|t��}t \|�\}}t�t \|d�t \|d��}n�\|dkr�\|��}\|dkrLt��}n \|dkrUt� ��}nt��}\|�j�\|t�\|��} t \| �\}}t \|�} t \|�}t�\| d��tu�r�t\| d��}n\| d�}\|d@�r�d \| �} t�\|d��tu�r�t\|d��} n\|d�} \| d@�r�d \|�}t�t�\| �t�\|��}n \|d kr�t�\|�j�\|��}t�\|��\|�S�)z� Sign some data with this key. SECSH-TRANS RFC 4253 Section 6.6. @type data: L{bytes} @param data: The data to sign. @rtype: L{bytes} @return: A signature for the given data. rM��rN��r,��rT��r��r0��)rM��r%��signr��PKCS1v15r ��SHA1r��r��r#��r��r9��SHA256�SHA384�SHA512r ��ECDSAr?��r��rS��)r&��rX��rr��sig�ret�r�sr��hashSize� signaturerG��sb�rcomp�scompr.��r.��r/��r��sB�� zKey.signc��C��s��t�\|�dkrdt�\|�}}nt�\|�\}}\|\|��krdS�\|��}\|dkrA\|�j}\|��s1\|��}t�\|�d�\|t � ��t��f}n�\|dkrxt�\|�d�}t �\|dd��d �}t �\|dd��d �} t\|\| �}\|�j}\|��sp\|��}\|\|t��f}nk\|d kr�t�\|�d�}t�\|d�\} }}t �\| d �}t �\|d �} t\|\| �}\|�j}\|��s�\|��}\|��} \| dkr�t��}n \| d kr�t��}nt��}\|\|t�\|�f}n\|dkr�\|�j}\|��s�\|��}t�\|�d�\|f}z\|j\|��W�dS��ty��Y�dS�w�)a�� Verify a signature using this key. @type signature: L{bytes} @param signature: The signature to verify. @type data: L{bytes} @param data: The signed data. @rtype: L{bool} @return: C{True} if the signature is valid. �(��r[��FrM��r��rN��Nr��bigr,��rR��rT��r��r0��T)r��r��r��rg��rS��rM��r%��r6��rj��r��r��r ��r��r�� from_bytesr$��r9��r��r��r��r ��r��verifyr��)r&��r��rX�� signatureTyperr��r��args�concatenatedSignaturer��r��rstr�sstrrs��r��r��r.��r.��r/��r��sf�� z Key.verify)NN)NNNNr��)NNN)1r��r+��r,��r-��classmethodrO��rI��rw��r��r��r��r��r��r��r��r ��rS��r��r��r��r��rp��r'��object�boolr+��r?��rA��r6��rE��r3��r4��rL��rM��rS��r9��rX��rq��rg��r"��rp��rt��r��r��r��r��r��r��r��r.��r.��r.��r/��rF��s\|��' 8 J X } % 0 ," ,(L<S�� < > ORBrF��c��C��s��\|��jdd��\|��s(tjd\|t��d�}\|jtjj tj jt��d�}\|�� \|��\|��d��}tj\|��dt��d�}t\|�W��d��S�1�sGw��Y��dS�) a�� This function returns a persistent L{Key}. The key is loaded from a PEM file in C{location}. If it does not exist, a key with the key size of C{keySize} is generated and saved. @param location: Where the key is stored. @type location: L{twisted.python.filepath.FilePath} @param keySize: The size of the key, if it needs to be generated. @type keySize: L{int} @returns: A persistent key. @rtype: L{Key} T)�ignoreExistingDirectoryi��)�public_exponentrU��r��)�encodingrK��encryption_algorithmrG��N)�passwordr��)�parent�makedirs�existsr��generate_private_keyr ��r[��r��rX��r��r\��r��r]�� setContentrH��r��rJ��rF��)�locationr�� privateKey�pem�keyFiler.��r.��r/��_getPersistentRSAKey5��s"�� $�r��)r��)Pr-��rG��r��r��r8��rm��base64r��r��r��hashlibr��r��r��cryptographyr��cryptography.exceptionsr��cryptography.hazmat.backendsr ��cryptography.hazmat.primitivesr ��r��)cryptography.hazmat.primitives.asymmetricr��r ��r��r��r��&cryptography.hazmat.primitives.ciphersr��r��r��,cryptography.hazmat.primitives.serializationr��r��pyasn1.codec.berr��r��r��r��pyasn1.errorr��pyasn1.typer��twisted.conch.sshr��r��twisted.conch.ssh.commonr��twisted.pythonr��twisted.python.compatr��r��twisted.python.constantsr ��r!��twisted.python.deprecater"��/cryptography.hazmat.primitives.asymmetric.utilsr#��r$��ImportErrorr%��r&�� SECP256R1� SECP384R1� SECP521R1rm��r�� Exceptionr(��r1��r2��r3��r6��rE��rF��r��r.��r.��r.��r/��<module>��sv�� 0��ssh/__pycache__/address.cpython-310.pyc��0000644��00000003007�15027667726�0013721 0��ustar�00��o ��bN��@��sF��d�Z�ddlmZ�ddlmZ�ddlmZ�ee�G�dd��dej��ZdS�)zT Address object for SSH network connections. Maintainer: Paul Swartz @since: 12.1 ��)�implementer)�IAddress)�utilc��@��s2��e�Zd�ZdZdZdd��Zdefdd�Zdd ��Zd S�)�SSHTransportAddressa�� Object representing an SSH Transport endpoint. This is used to ensure that any code inspecting this address and attempting to construct a similar connection based upon it is not mislead into creating a transport which is not similar to the one it is indicating. @ivar address: An instance of an object which implements I{IAddress} to which this transport address is connected. ��addressc��C��s ��\|\|�_�d�S�)Nr��)�selfr��r ��;/usr/lib/python3/dist-packages/twisted/conch/ssh/address.py�__init__$��s�� zSSHTransportAddress.__init__�returnc��C��s��d\|�j��d�S�)NzSSHTransportAddress(�)r��r��r ��r ��r ��__repr__'��zSSHTransportAddress.__repr__c��C��s��t�d\|�jf�S�)N�SSH)�hashr��r��r ��r ��r ��__hash__��r��zSSHTransportAddress.__hash__N) �__name__� __module__�__qualname__�__doc__�compareAttributesr��strr��r��r ��r ��r ��r ��r��s��r��N) r��zope.interfacer��twisted.internet.interfacesr��twisted.pythonr��FancyEqMixinr��r ��r ��r ��r ��<module>��s�� ssh/__pycache__/service.cpython-310.pyc��0000644��00000003403�15027667726�0013734 0��ustar�00��o ��b��@��s.��d�Z�ddlmZ�ddlmZ�G�dd��d�ZdS�)z� The parent class for all the SSH services. Currently implemented services are ssh-userauth and ssh-connection. Maintainer: Paul Swartz ��)�Dict)�Loggerc��@��sX��e�Zd�ZU�dZeed<�i�Zeee f�ed<�dZ e��Zdd��Z dd��Zdd ��Zd d��ZdS�)� SSHServiceN�name�protocolMessagesc��C��dS�)zE called when the service is active on the transport. N��selfr��r��;/usr/lib/python3/dist-packages/twisted/conch/ssh/service.py�serviceStarted��zSSHService.serviceStartedc��C��r��)z� called when the service is stopped, either by the connection ending or by another service being started Nr��r ��r��r��r��serviceStopped��r ��zSSHService.serviceStoppedc��C��s��d��\|�j\|�jj��S�)NzSSHService {!r} on {})�formatr�� transport� logPrefixr ��r��r��r��r��$��s��zSSHService.logPrefixc��C��s\��\|\|�j�v�r\|�j�\|�}t\|�d\|dd��d�}\|dur\|\|�S�\|�jjd\|\|d��\|�j��dS�)zB called when we receive a packet on the transport zssh_%s��Nz'couldn't handle {messageNum} {packet!r})� messageNum�packet)r��getattr�_log�infor��sendUnimplemented)r ��r��r��messageType�fr��r��r��packetReceived)��s�� zSSHService.packetReceived)�__name__� __module__�__qualname__r��bytes�__annotations__r��r��int�strr��r��r��r��r��r��r��r��r��r��r��r��s�� r��N)�__doc__�typingr��twisted.loggerr��r��r��r��r��r��<module>��s��ssh/__pycache__/session.cpython-310.pyc��0000644��00000034123�15027667726�0013762 0��ustar�00��o ��b�5��@��s"��d�Z�ddlZddlZddlZddlZddlmZ�ddlmZm Z m Z �ddlmZm Z mZ�ddlmZmZ�ddlmZ�ddlmZ�e��ZG�d d ��d ej�ZG�dd��dej�ZG�d d��d�Zdd��Zdd��Zg�d�Zeej�G�dd��dej��Z G�dd��dej!�Z"dd��Z#dd��Z$dd��Z%dd��Z&dS�) z� This module contains the implementation of SSHSession, which (by default) allows access to a shell and a python interpreter over SSH. Maintainer: Paul Swartz ��N)�implementer)�EnvironmentVariableNotPermitted�ISession�ISessionSetEnv)�channel�common� connection)� interfaces�protocol)�Logger)� networkStringc��@��st��e�Zd�ZdZdZdd��Zdd��Zdd��Zd d ��Zdd��Z d d��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��ZdS�)� SSHSessiona�� A generalized implementation of an SSH session. See RFC 4254, section 6. The precise implementation of the various operations that the remote end can send is left up to the avatar, usually via an adapter to an interface such as L{ISession}. @ivar buf: a buffer for data received before making a connection to a client. @type buf: L{bytes} @ivar client: a protocol for communication with a shell, an application program, or a subsystem (see RFC 4254, section 6.5). @type client: L{SSHSessionProcessProtocol} @ivar session: an object providing concrete implementations of session operations. @type session: L{ISession} s��sessionc��O��s0��t�jj\|�g\|�R�i�\|��d\|�_d�\|�_d�\|�_d�S��N��)r�� SSHChannel�__init__�buf�client�session)�self�args�kw��r��;/usr/lib/python3/dist-packages/twisted/conch/ssh/session.pyr��8��s�� zSSHSession.__init__c��C��sn��t��\|�\}}tjd\|d��\|�j�\|\|�}\|r0t\|��}t\|�}\|�\|��\|�t \|��\|\|�_ dS�t�d��dS�)Nz"Asking for subsystem "{subsystem}")� subsystem��zFailed to get subsystemr��)r��getNS�log�info�avatar�lookupSubsystem�SSHSessionProcessProtocol�wrapProcessProtocol�makeConnection�wrapProtocolr��error)r��datar��ignoredr��pp�protor��r��r��request_subsystem>��s�� zSSHSession.request_subsystemc��C��s^��t��d��\|�jst\|�j�\|�_zt\|��}\|�j�\|��W�n�ty)��t��d��Y�dS�w�\|\|�_ dS�)Nz Getting shellzError getting shellr��r��) r��r��r��r��r��r!�� openShell� Exception�failurer��)r��r&��r(��r��r��r�� request_shellM��s�� zSSHSession.request_shellc��C��sv��\|�j�s t\|�j�\|�_�t�\|�\}}tjd\|d��z t\|��}\|�j��\|\|��W�n�t y5��tj d\|d��Y�dS�w�\|\|�_dS�)NzExecuting command "{f}")�fzError executing command "{f}"r��r��)r��r��r��r��r��r��r��r!��execCommandr,��r-��r��)r��r&��r/��r(��r��r��r��request_exec[��s��zSSHSession.request_execc��C��sf��\|�j�s t\|�j�\|�_�t\|�\}}}tjd\|\|d��z\|�j��\|\|\|��W�dS��ty2��t�d��Y�dS�w�)Nz-Handling pty request: {term!r} {windowSize!r})�term� windowSizezError handling pty requestr��r��) r��r��r��parseRequest_pty_reqr��r��getPtyr,��r-��)r��r&��r2��r3��modesr��r��r��request_pty_reqj��s�� zSSHSession.request_pty_reqc��C��s��\|�j�s t\|�j�\|�_�t�\|�j��stjd\|�j\|�j�d��dS�t�\|d�\}}}z \|�j�� \|\|��W�dS��t y8��Y�dS��tyH��tjd\|d��Y�dS�w�)ag�� Process a request to pass an environment variable. @param data: The environment variable name and value, each encoded as an SSH protocol string and concatenated. @type data: L{bytes} @return: A true value if the request to pass this environment variable was accepted, otherwise a false value. z�Can't handle environment variables for SSH avatar {avatar}: {session} does not provide ISessionSetEnv interface. It should be decorated with @implementer(ISession, ISessionSetEnv) to support env variables.)r��r��r��z)Error setting environment variable {name})�namer��) r��r��r��r�� providedByr��warnr��r��setEnvr��r,��r-��)r��r&��r9��valuer��r��r��request_env{��s&�� zSSHSession.request_envc��C��sL��\|�j�s t\|�j�\|�_�t\|�}z \|�j��\|��W�dS��ty%��t�d��Y�dS�w�)NzError changing window sizer��r��)r��r��r��parseRequest_window_change� windowChangedr,��r��r-��)r��r&��winSizer��r��r��request_window_change��s�� z SSHSession.request_window_changec��C��s��\|�j�s\|��j\|7��_d�S�\|�j�j�\|��d�S��N)r��r�� transport�write�r��r&��r��r��r��dataReceived��s��zSSHSession.dataReceivedc��C��sJ��\|t�jkr\|�jrt\|�jjd�r\|�jj�\|��d�S�d�S�d�S�tjd\|d��d�S�)N�writeErrzWeird extended data: {dataType})�dataType)r��EXTENDED_DATA_STDERRr��hasattrrD��rH��r��r;��)r��rI��r&��r��r��r��extReceived��s �� zSSHSession.extReceivedc��C��s.��\|�j�r \|�j��d�S�\|�jr\|�j�\|��d�S�d�S�rC��)r��eofReceivedr��conn� sendClose�r��r��r��r��rM�� zSSHSession.eofReceivedc��C��s.��\|�j�r \|�j��d�S�\|�jr\|�jj��d�S�d�S�rC��)r��closedr��rD��loseConnectionrP��r��r��r��rR��rQ��zSSHSession.closedc��C��s"��\|�j�r \|�j�j��tj�\|��d�S�rC��)r��rD��rS��r��r��rP��r��r��r��rS��s��zSSHSession.loseConnectionN)�__name__� __module__�__qualname__�__doc__r9��r��r��r.��r1��r7��r>��rB��rG��rL��rM��rR��rS��r��r��r��r��r ��!��s��! r ��c��@��s0��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd S�)�_ProtocolWrapperzS This class wraps a L{Protocol} instance in a L{ProcessProtocol} instance. c��C�� \|\|�_�d�S�rC��r)��r��r)��r��r��r��r�� z_ProtocolWrapper.__init__c��C��\|�j��d�S�rC��)r)��connectionMaderP��r��r��r��r^��z_ProtocolWrapper.connectionMadec��C��\|�j��\|��d�S�rC��r)��rG��rF��r��r��r��outReceived��z_ProtocolWrapper.outReceivedc��C��r`��rC��)r)��connectionLost�r��reasonr��r��r��processEnded��rc��z_ProtocolWrapper.processEndedN)rT��rU��rV��rW��r��r^��rb��rg��r��r��r��r��rX��s��rX��c��@��s4��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��ZdS�)�_DummyTransportc��C��rY��rC��rZ��r[��r��r��r��r��r\��z_DummyTransport.__init__c��C��s��\|�j�j�\|��d�S�rC��)r)��rD��rE��rF��r��r��r��rG��z_DummyTransport.dataReceivedc��C��r`��rC��ra��rF��r��r��r��rE��rc��z_DummyTransport.writec��C��s��\|��d�\|��d�S�r��)rE��join�r��seqr��r��r�� writeSequence��z_DummyTransport.writeSequencec��C��s��\|�j��tj��d�S�rC��)r)��rd��r ��connectionDonerP��r��r��r��rS��ri��z_DummyTransport.loseConnectionN)rT��rU��rV��r��rG��rE��rm��rS��r��r��r��r��rh��s��rh��c��C��s��t�\|�tj�r t\|��S�\|�S�rC��)� isinstancer ��ProtocolrX��)�instr��r��r��r"��s��r"��c��C��s��t�\|��S�rC��)rh��rZ��r��r��r��r$��s��r$��) �ABRT�ALRM�FPE�HUP�ILL�INT�KILL�PIPE�QUIT�SEGV�TERM�USR1�USR2c��@��s��e�Zd�ZdZdZdd��Zdd��Zdd��Zd d ��Zdd��Z d d��Z ddd�Zdd��Zddd�Z dd��Zdd��Zdd��Zdd��Zdd��ZdS�) r!��z�I am both an L{IProcessProtocol} and an L{ITransport}. I am a transport to the remote endpoint and a process protocol to the local subsystem. Nc��C��s��\|\|�_�d\|�_d�S�)NF)r��lostOutOrErrFlag)r��r��r��r��r��r��s�� z"SSHSessionProcessProtocol.__init__c��C��s(��\|�j�jr\|�j�\|�j�j��d�\|�j�_d�S�d�S�rC��)r��r��rD��rE��rP��r��r��r��r^��s��z(SSHSessionProcessProtocol.connectionMadec��C��r`��rC��r��rE��rF��r��r��r��rb��!��rc��z%SSHSessionProcessProtocol.outReceivedc��C��s��\|�j��tj\|��d�S�rC��)r�� writeExtendedr��rJ��)r��errr��r��r��errReceived$��rn��z%SSHSessionProcessProtocol.errReceivedc��C��s$��\|�j�r \|�jj�\|�j��dS�d\|�_�dS�)zW EOF should only be sent when both STDOUT and STDERR have been closed. TN)r��r��rN��sendEOFrP��r��r��r��outConnectionLost'��s�� z+SSHSessionProcessProtocol.outConnectionLostc��C��s��\|��dS�)z See outConnectionLost(). N)r��rP��r��r��r��errConnectionLost0��s��z+SSHSessionProcessProtocol.errConnectionLostc��C��r]��rC��r��rS��re��r��r��r��rd��6��r_��z(SSHSessionProcessProtocol.connectionLostc��C��s��\|�j�du�rCi�\|�_�tD�]}d\|�}tt\|d�}\|dur\|\|�j�\|<�q tj��D�]\}}\|�d�rB\|�d�sB\|\|�j�vrB\|d�tj�\|�j�\|<�q%\|�j�\|�S�)z: Get a signal name given a signal number. N�SIG�SIG_�@) �_signalValuesToNames�SUPPORTED_SIGNALS�getattr�signal�__dict__�items� startswith�sys�platform)r��signum�signame�sigvalue�k�vr��r��r��_getSignalName9��s�� z(SSHSessionProcessProtocol._getSignalNamec�� C��s��\|durs\|j�}\|jdurW\|��\|j�}ttdd�durt�\|j�rtjd\|d��d}n tjd\|d��d}\|�j j �\|�j dt� t\|d d��\|rHd nd�t� d��t� d��n\|jdurstjd \|jd��\|�j j �\|�j dt�d\|j��\|�j ��dS�)z� When we are told the process ended, try to notify the other side about how the process ended using the exit-signal or exit-status requests. Also, close the channel. N� WCOREDUMPz#exitSignal: {signame} (core dumped))r��TzexitSignal: {}Fs��exit-signal��r��zexitCode: {exitCode!r})�exitCodes��exit-status�>L)r=��r��r��r��osr��statusr��r��r��rN��sendRequestr��NSr��r��struct�packrS��)r��rf��r��r�� coreDumpedr��r��r��rg��M��s8�� z&SSHSessionProcessProtocol.processEndedc��C��\|�j�jj��S�)z> Return the host from my session's transport. )r��rN��rD��getHostrP��r��r��r��r��n��z!SSHSessionProcessProtocol.getHostc��C��r��)z> Return the peer from my session's transport. )r��rN��rD��getPeerrP��r��r��r��r��t��r��z!SSHSessionProcessProtocol.getPeerc��C��r`��rC��r��rF��r��r��r��rE��z��rc��zSSHSessionProcessProtocol.writec��C��s��\|�j��d�\|��d�S�r��)r��rE��rj��rk��r��r��r��rm��}��s��z'SSHSessionProcessProtocol.writeSequencec��C��r]��rC��r��rP��r��r��r��rS��r_��z(SSHSessionProcessProtocol.loseConnectionrC��)rT��rU��rV��rW��r��r��r^��rb��r��r��r��rd��r��rg��r��r��rE��rm��rS��r��r��r��r��r!��s"�� !r!��c��@��s��e�Zd�Zdd��ZdS�)�SSHSessionClientc��C��s��\|�j�r\|�j��\|��d�S�d�S�rC��)rD��rE��rF��r��r��r��rG��s��zSSHSessionClient.dataReceivedN)rT��rU��rV��rG��r��r��r��r��r��s��r��c�� sx��t��\|��\}}t�d\|dd��\}}}}t��\|dd��\��}\|\|\|\|f}��fdd�tdt��d�d�D��\|\|��fS�) z�Parse the data from a pty-req request into usable data. @returns: a tuple of (terminal type, (rows, cols, xpixel, ypixel), modes) �>4LN��c�� s@��g�\|�]}t��\|\|d��t�d��\|d��\|d��d�f�qS�)r��r��r��)�ordr��unpack)�.0�i�r6��r��r�� <listcomp>��s��2��z(parseRequest_pty_req.<locals>.<listcomp>r��r��r��)r��r��r��r��range�len) r&��r2��rest�cols�rows�xpixel�ypixelr'��rA��r��r��r��r4��s�� r4��c�� C��s>��\|\}}}}t��\|��}t�d\|\|\|\|�}t��\|�} \|\|�\| �S�)z� Pack a pty-req request so that it is suitable for sending. NOTE: modes must be packed before being sent here. @type geometry: L{tuple} @param geometry: A tuple of (rows, columns, xpixel, ypixel) r��)r��r��r��r��) r2��geometryr6��r��r��r��r�� termPacked� winSizePacked�modesPackedr��r��r��packRequest_pty_req��s �� r��c��C��s ��t��d\|��\}}}}\|\|\|\|fS�)zzParse the data from a window-change request into usuable data. @returns: a tuple of (rows, cols, xpixel, ypixel) r��)r��r��)r&��r��r��r��r��r��r��r��r?��s��r?��c��C��s��\|�\}}}}t��d\|\|\|\|�S�)z� Pack a window-change request so that it is suitable for sending. @type geometry: L{tuple} @param geometry: A tuple of (rows, columns, xpixel, ypixel) r��)r��r��)r��r��r��r��r��r��r��r��packRequest_window_change��s��r��)'rW��r��r��r��r��zope.interfacer��twisted.conch.interfacesr��r��r��twisted.conch.sshr��r��r��twisted.internetr ��r ��twisted.loggerr��twisted.python.compatr��r��r��r ��ProcessProtocolrX��rh��r"��r$��r�� ITransportr!��rq��r��r4��r��r?��r��r��r��r��r��<module>��s4��+w ��ssh/__pycache__/sexpy.cpython-310.pyc��0000644��00000002035�15027667726�0013444 0��ustar�00��o ��b��@��s��d�d��Z�dd��ZdS�)c��C��s��\|��}�g�}\|�r�\|�dd��dkr'g�}\|r\|d��\|��\|�\|��\|�dd��}�q\|�dd��dkrB\|��}\|�dd��}�\|sA\|�r?J��\|S�qd}\|�\|\|d��r\\|d7�}\|�\|\|d��sN\|s`J��t\|�d�\|��}\|�\|d�\|d�\|��}\|d��\|��\|�\|d�\|�d��}�\|�sJ�d��)N��(��)Fzthis should not happen)�strip�append�pop�isdigit�int)�s�expr�newSexp�aList�i�length�data��r��9/usr/lib/python3/dist-packages/twisted/conch/ssh/sexpy.py�parse��s8�� r��c��C��s��d��dd��\|�D��S�)N��c��s��sF��\|�]}t�\|�t�d��t�g��fv�rdt\|�f�ndt\|�\|f�V��qdS�)r��s��(%b)s��%d:%bN)�type�pack�len)�.0�or��r��r�� <genexpr>#��s�� zpack.<locals>.<genexpr>)�join)�sexpr��r��r��r��"��s�� r��N)r��r��r��r��r��r��<module>��s��ssh/__pycache__/_kex.cpython-310.pyc��0000644��00000021110�15027667726�0013215 0��ustar�00��o ��bw!�� @��s��d�Z�ddlmZmZmZmZ�ddlmZmZm Z �ddl mZ�G�dd��de�ZG�dd��de�Z G�d d ��d e�ZG�dd��de�Ze e�G�d d��d��Ze e�G�dd��d��Ze e�G�dd��d��Ze e�G�dd��d��Ze e�G�dd��d��Ze e�G�dd��d��Ze e�G�dd��d��Ze e �G�dd��d��Ze��e��e��e��e��e��e��e��d�Zdd��Zd d!��Zd"d#��Zd$d%��Zd&d'��Zd(d)��ZdS�)+z SSH key exchange handling. ��)�sha1�sha256�sha384�sha512)� Attribute� Interface�implementer)�errorc��@�� e�Zd�ZdZed�Zed�ZdS�)�_IKexAlgorithmzB An L{_IKexAlgorithm} describes a key exchange algorithm. z�An L{int} giving the preference of the algorithm when negotiating key exchange. Algorithms with lower precedence values are more preferred.zqA callable hash algorithm constructor (e.g. C{hashlib.sha256}) suitable for use with this key exchange algorithm.N)�__name__� __module__�__qualname__�__doc__r�� preference� hashProcessor��r��r��8/usr/lib/python3/dist-packages/twisted/conch/ssh/_kex.pyr��s��r��c��@��r ��)�_IFixedGroupKexAlgorithmzu An L{_IFixedGroupKexAlgorithm} describes a key exchange algorithm with a fixed prime / generator group. zdAn L{int} giving the prime number used in Diffie-Hellman key exchange, or L{None} if not applicable.z�An L{int} giving the generator number used in Diffie-Hellman key exchange, or L{None} if not applicable. (This is not related to Python generator functions.)N)r��r ��r��r��r��prime� generatorr��r��r��r��r��"��s��r��c��@��e�Zd�ZdZdS�)�#_IEllipticCurveExchangeKexAlgorithmz� An L{_IEllipticCurveExchangeKexAlgorithm} describes a key exchange algorithm that uses an elliptic curve exchange between the client and server. N�r��r ��r��r��r��r��r��r��r��4��r��c��@��r��)�_IGroupExchangeKexAlgorithmz� An L{_IGroupExchangeKexAlgorithm} describes a key exchange algorithm that uses group exchange between the client and server. A prime / generator group should be chosen at run time based on the requested size. See RFC 4419. Nr��r��r��r��r��r��;��r��r��c��@��e�Zd�ZdZdZeZdS�)�_Curve25519SHA256z� Elliptic Curve Key Exchange using Curve25519 and SHA256. Defined in U{https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-curves/}. ��N�r��r ��r��r��r��r��r��r��r��r��r��r��E��r��c��@��r��)�_Curve25519SHA256LibSSHzN As L{_Curve25519SHA256}, but with a pre-standardized algorithm name. ��Nr��r��r��r��r��r!��P��s��r!��c��@��r��)�_ECDH256aX�� Elliptic Curve Key Exchange with SHA-256 as HASH. Defined in RFC 5656. Note that C{ecdh-sha2-nistp256} takes priority over nistp384 or nistp512. This is the same priority from OpenSSH. C{ecdh-sha2-nistp256} is considered preety good cryptography. If you need something better consider using C{curve25519-sha256}. ��Nr��r��r��r��r��r#��Z��s��r#��c��@��r��)�_ECDH384zT Elliptic Curve Key Exchange with SHA-384 as HASH. Defined in RFC 5656. ��N)r��r ��r��r��r��r��r��r��r��r��r��r%��k��r ��r%��c��@��r��)�_ECDH512zT Elliptic Curve Key Exchange with SHA-512 as HASH. Defined in RFC 5656. ��N)r��r ��r��r��r��r��r��r��r��r��r��r'��v��r ��r'��c��@��r��)�_DHGroupExchangeSHA256zc Diffie-Hellman Group and Key Exchange with SHA-256 as HASH. Defined in RFC 4419, 4.2. ��Nr��r��r��r��r��r)��r ��r)��c��@��r��)�_DHGroupExchangeSHA1za Diffie-Hellman Group and Key Exchange with SHA-1 as HASH. Defined in RFC 4419, 4.1. ��N)r��r ��r��r��r��r��r��r��r��r��r��r+��r ��r+��c��@��s$��e�Zd�ZdZdZeZed�ZdZ dS�)�_DHGroup14SHA1z� Diffie-Hellman key exchange with SHA-1 as HASH and Oakley Group 14 (2048-bit MODP Group). Defined in RFC 4253, 8.2. ��i��32317006071311007300338913926423828248817941241140239112842009751400741706634354222619689417363569347117901737909704191754605873209195028853758986185622153212175412514901774520270235796078236248884246189477587641105928646099411723245426622522193230540919037680524235519125679715870117001058055877651038861847280257976054903569732561526167081339361799541336476559160368317896729073178384589680639671900977202194168647225871031411336429319536193471636533209717077448227988588565369208645296636077250268955505928362751121174096972998068410554359584866583291642136218231078990999448652468262416972035911852507045361090559r"��N) r��r ��r��r��r��r��r��intr��r��r��r��r��r��r-��s�� r-��)��curve25519-sha256s��curve25519-sha256@libssh.orgs$��diffie-hellman-group-exchange-sha256s"��diffie-hellman-group-exchange-sha1s��diffie-hellman-group14-sha1s��ecdh-sha2-nistp256s��ecdh-sha2-nistp384s��ecdh-sha2-nistp521c��C��s ��\|�t�vrt�d\|��t�\|��S�)aY�� Get a description of a named key exchange algorithm. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: A description of the key exchange algorithm named by C{kexAlgorithm}. @rtype: L{_IKexAlgorithm} @raises ConchError: if the key exchange algorithm is not found. z$Unsupported key exchange algorithm: )�_kexAlgorithmsr �� ConchError��kexAlgorithmr��r��r��getKex��s�� r6��c��C��t��t\|��S�)a�� Returns C{True} if C{kexAlgorithm} is an elliptic curve. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: C{str} @return: C{True} if C{kexAlgorithm} is an elliptic curve, otherwise C{False}. @rtype: C{bool} )r�� providedByr6��r4��r��r��r��isEllipticCurve��r9��c��C��r7��)a+�� Returns C{True} if C{kexAlgorithm} has a fixed prime / generator group. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: C{True} if C{kexAlgorithm} has a fixed prime / generator group, otherwise C{False}. @rtype: L{bool} )r��r8��r6��r4��r��r��r��isFixedGroup��r:��r;��c��C��s��t�\|��}\|jS�)a�� Get the hash algorithm callable to use in key exchange. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: A callable hash algorithm constructor (e.g. C{hashlib.sha256}). @rtype: C{callable} )r6��r��r5��kexr��r��r��getHashProcessor��s�� r>��c��C��s��t�\|��}\|j\|jfS�)z� Get the generator and the prime to use in key exchange. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: A L{tuple} containing L{int} generator and L{int} prime. @rtype: L{tuple} )r6��r��r��r<��r��r��r��getDHGeneratorAndPrime��s�� r?��c��s��ddl�m}��ddlm}�ddlm}�\|��}t��t��D�]+}\|� d�r5\|� dd�}\|�\|��\|\|��}n\|� d�r?\|� ��}nd}\|sH��\|��qt��fd d �d�S�)z� Get a list of supported key exchange algorithm names in order of preference. @return: A C{list} of supported key exchange algorithm names. @rtype: C{list} of L{bytes} r��)�default_backend)�ec)�_curveTables��ecdhs��ecdsar1��Tc��s ��\|��j�S�)N)r��r4�� kexAlgorithmsr��r��<lambda>$��s�� zgetSupportedKeyExchanges.<locals>.<lambda>)�key)�cryptography.hazmat.backendsr@��)cryptography.hazmat.primitives.asymmetricrA��twisted.conch.ssh.keysrB��r2��copy�list� startswith�replace�+elliptic_curve_exchange_algorithm_supported�ECDH�x25519_supported�pop�sorted)r@��rA��rB��backend�keyAlgorithm�keyAlgorithmDsa� supportedr��rC��r��getSupportedKeyExchanges��s(�� rW��N)r��hashlibr��r��r��r��zope.interfacer��r��r�� twisted.conchr ��r��r��r��r��r��r!��r#��r%��r'��r)��r+��r-��r2��r6��r9��r;��r>��r?��rW��r��r��r��r��<module>��sN�� ssh/__pycache__/factory.cpython-310.pyc��0000644��00000010474�15027667726�0013751 0��ustar�00��o ��b��@��s^��d�Z�ddlZddlmZ�ddlmZmZmZmZ�ddl m Z �ddlmZ�G�dd��de j �ZdS�) z� A Factory for SSH servers. See also L{twisted.conch.openssh_compat.factory} for OpenSSH compatibility. Maintainer: Paul Swartz ��N)�error)�_kex� connection� transport�userauth)�protocol)�Loggerc��@��sb��e�Zd�ZdZe��ZejZe j ejd�Z dd��Zdd��Zdd��Zd d ��Zdd��Zd d��Zdd��ZdS�)� SSHFactoryz$ A Factory for SSH servers. )��ssh-userauths��ssh-connectionc��C��sZ��t�\|�d�s \|��\|�_t�\|�d�s\|��\|�_\|�jr\|�jst�d��t�\|�d�s+\|��\|�_dS�dS�)z4 Check for public and private keys. � publicKeys�privateKeyszno host keys, failing�primesN) �hasattr� getPublicKeysr��getPrivateKeysr��r�� ConchError� getPrimesr ��self��r��;/usr/lib/python3/dist-packages/twisted/conch/ssh/factory.py�startFactory"��s�� zSSHFactory.startFactoryc��C��sB��t�j�\|�\|�}\|�j��\|_\|�js\|�j�d��dd��\|j D��\|_ \|S�)a=�� Create an instance of the server side of the SSH protocol. @type addr: L{twisted.internet.interfaces.IAddress} provider @param addr: The address at which the server will listen. @rtype: L{twisted.conch.ssh.transport.SSHServerTransport} @return: The built transport. zTdisabling non-fixed-group key exchange algorithms because we cannot find moduli filec��S��s$��g�\|�]}t��\|�st��\|�r\|�qS�r��)r��isFixedGroup�isEllipticCurve)�.0�kexAlgorithmr��r��r�� <listcomp>@��s��z,SSHFactory.buildProtocol.<locals>.<listcomp>) r��Factory� buildProtocolr��keys�supportedPublicKeysr ��_log�info�supportedKeyExchanges)r��addr�tr��r��r��r��/��s�� zSSHFactory.buildProtocolc��C��t�d��)z� Called when the factory is started to get the public portions of the servers host keys. Returns a dictionary mapping SSH key types to public key strings. @rtype: L{dict} zgetPublicKeys unimplemented��NotImplementedErrorr��r��r��r��r��G��zSSHFactory.getPublicKeysc��C��r&��)z� Called when the factory is started to get the private portions of the servers host keys. Returns a dictionary mapping SSH key types to L{twisted.conch.ssh.keys.Key} objects. @rtype: L{dict} zgetPrivateKeys unimplementedr'��r��r��r��r��r��Q��r)��zSSHFactory.getPrivateKeysc��C��s��dS�)z� Called when the factory is started to get Diffie-Hellman generators and primes to use. Returns a dictionary mapping number of bits to lists of tuple of (generator, prime). @rtype: L{dict} Nr��r��r��r��r��r��[��s��zSSHFactory.getPrimesc��s2��t�\|�j��fdd�d�}\|d�}t�\|�j\|��S�)z� Return a tuple of (g, p) for a Diffe-Hellman process, with p being as close to bits bits as possible. @type bits: L{int} @rtype: L{tuple} c��s��t�\|��S�)N)�abs)�i��bitsr��r��<lambda>l��s��z'SSHFactory.getDHPrime.<locals>.<lambda>)�keyr��)�sortedr ��r��random�choice)r��r-�� primesKeys�realBitsr��r,��r�� getDHPrimed��s��zSSHFactory.getDHPrimec��C��s ��\|dks t�\|d�r\|�j\|�S�dS�)z� Return a class to use as a service for the given transport. @type transport: L{transport.SSHServerTransport} @type service: L{bytes} @rtype: subclass of L{service.SSHService} r ��avatarN)r��services)r��r��servicer��r��r�� getServicep��s�� zSSHFactory.getServiceN)�__name__� __module__�__qualname__�__doc__r��r!��r��SSHServerTransportr��r��SSHUserAuthServerr�� SSHConnectionr7��r��r��r��r��r��r5��r9��r��r��r��r��r ��s�� r ��)r=��r1�� twisted.conchr��twisted.conch.sshr��r��r��r��twisted.internetr��twisted.loggerr��r��r ��r��r��r��r��<module>��s�� ssh/__pycache__/common.cpython-310.pyc��0000644��00000004364�15027667726�0013573 0��ustar�00��o ��b��@��s��d�Z�ddlZddlmZ�ddlmZ�ddlmZ�g�d�Zdd��Z dd d�Z dd ��Zddd�Zdd��Z eedddd��dd��ZdS�)z@ Common functions for the SSH classes. Maintainer: Paul Swartz ��N)�int_to_bytes)� deprecated)�Version)�NS�getNS�MP�getMP�ffsc��C��s(��t�\|�t�r \|��d�}�t�dt\|��\|��S�)z net string zutf-8�!L)� isinstance�str�encode�struct�pack�len)�t��r��:/usr/lib/python3/dist-packages/twisted/conch/ssh/common.pyr��s�� r��c��C��sp��g�}d}t�\|�D�]$}t�d\|�\|\|d��\}\|�\|�\|d�d\|�\|��\|d\|�7�}qt\|�\|�\|d��f�S�)z get net string r��r ��N)�ranger��unpack�append�tuple)�s�count�ns�c�i�lr��r��r��r��s��r��c��C��sP��\|�dkrdS�\|�dksJ��t�\|��}t\|dd��d@�rd\|�}t�dt\|��\|�S�)Nr��s��r��>L)r��ordr��r��r��)�number�bnr��r��r��r��,��s��r��c�� C��sx��g�}d}t�\|�D�](}t�d\|�\|\|d��\}\|�t�\|�\|d�\|d�\|��d��\|d\|�7�}qt\|�\|�\|d��f�S�)a=�� Get multiple precision integer out of the string. A multiple precision integer is stored as a 4-byte length followed by length bytes of the integer. If count is specified, get count integers out of the string. The return value is a tuple of count integers followed by the rest of the data. r��r"��r��bigN)r��r��r��r��int� from_bytesr��)�datar��mpr��r��lengthr��r��r��r��6��s��&r��c��C��s��\|�D�] }\|\|v�r\|��S�qdS�)zs first from second goes through the first list, looking for items in the second, returns the first one Nr��)r��r��r��r��r��r��r ��G��s ��r ��Twisted��c��C��s��d�S�)Nr��r��r��r��r��installQ��s��r/��)r��)�__doc__r��cryptography.utilsr��twisted.python.deprecater��twisted.python.versionsr��__all__r��r��r��r��r ��r/��r��r��r��r��<module>��s�� ssh/sexpy.py��0000644��00000001660�15027667726�0007110 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. def parse(s): s = s.strip() expr = [] while s: if s[0:1] == b"(": newSexp = [] if expr: expr[-1].append(newSexp) expr.append(newSexp) s = s[1:] continue if s[0:1] == b")": aList = expr.pop() s = s[1:] if not expr: assert not s return aList continue i = 0 while s[i : i + 1].isdigit(): i += 1 assert i length = int(s[:i]) data = s[i + 1 : i + 1 + length] expr[-1].append(data) s = s[i + 1 + length :] assert False, "this should not happen" def pack(sexp): return b"".join( b"(%b)" % (pack(o),) if type(o) in (type(()), type([])) else b"%d:%b" % (len(o), o) for o in sexp ) ��ssh/connection.py��0000644��00000061706�15027667726�0010106 0��ustar�00��# -- test-case-name: twisted.conch.test.test_connection -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ This module contains the implementation of the ssh-connection service, which allows access to the shell and port-forwarding. Maintainer: Paul Swartz """ import string import struct import twisted.internet.error from twisted.conch import error from twisted.conch.ssh import common, service from twisted.internet import defer from twisted.logger import Logger from twisted.python.compat import nativeString, networkString class SSHConnection(service.SSHService): """ An implementation of the 'ssh-connection' service. It is used to multiplex multiple channels over the single SSH connection. @ivar localChannelID: the next number to use as a local channel ID. @type localChannelID: L{int} @ivar channels: a L{dict} mapping a local channel ID to C{SSHChannel} subclasses. @type channels: L{dict} @ivar localToRemoteChannel: a L{dict} mapping a local channel ID to a remote channel ID. @type localToRemoteChannel: L{dict} @ivar channelsToRemoteChannel: a L{dict} mapping a C{SSHChannel} subclass to remote channel ID. @type channelsToRemoteChannel: L{dict} @ivar deferreds: a L{dict} mapping a local channel ID to a C{list} of C{Deferreds} for outstanding channel requests. Also, the 'global' key stores the C{list} of pending global request C{Deferred}s. """ name = b"ssh-connection" _log = Logger() def __init__(self): self.localChannelID = 0 # this is the current # to use for channel ID # local channel ID -> remote channel ID self.localToRemoteChannel = {} # local channel ID -> subclass of SSHChannel self.channels = {} # subclass of SSHChannel -> remote channel ID self.channelsToRemoteChannel = {} # local channel -> list of deferreds for pending requests # or 'global' -> list of deferreds for global requests self.deferreds = {"global": []} self.transport = None # gets set later def serviceStarted(self): if hasattr(self.transport, "avatar"): self.transport.avatar.conn = self def serviceStopped(self): """ Called when the connection is stopped. """ # Close any fully open channels for channel in list(self.channelsToRemoteChannel.keys()): self.channelClosed(channel) # Indicate failure to any channels that were in the process of # opening but not yet open. while self.channels: (_, channel) = self.channels.popitem() channel.openFailed(twisted.internet.error.ConnectionLost()) # Errback any unfinished global requests. self._cleanupGlobalDeferreds() def _cleanupGlobalDeferreds(self): """ All pending requests that have returned a deferred must be errbacked when this service is stopped, otherwise they might be left uncalled and uncallable. """ for d in self.deferreds["global"]: d.errback(error.ConchError("Connection stopped.")) del self.deferreds["global"][:] # packet methods def ssh_GLOBAL_REQUEST(self, packet): """ The other side has made a global request. Payload:: string request type bool want reply <request specific data> This dispatches to self.gotGlobalRequest. """ requestType, rest = common.getNS(packet) wantReply, rest = ord(rest[0:1]), rest[1:] ret = self.gotGlobalRequest(requestType, rest) if wantReply: reply = MSG_REQUEST_FAILURE data = b"" if ret: reply = MSG_REQUEST_SUCCESS if isinstance(ret, (tuple, list)): data = ret[1] self.transport.sendPacket(reply, data) def ssh_REQUEST_SUCCESS(self, packet): """ Our global request succeeded. Get the appropriate Deferred and call it back with the packet we received. """ self._log.debug("global request success") self.deferreds["global"].pop(0).callback(packet) def ssh_REQUEST_FAILURE(self, packet): """ Our global request failed. Get the appropriate Deferred and errback it with the packet we received. """ self._log.debug("global request failure") self.deferreds["global"].pop(0).errback( error.ConchError("global request failed", packet) ) def ssh_CHANNEL_OPEN(self, packet): """ The other side wants to get a channel. Payload:: string channel name uint32 remote channel number uint32 remote window size uint32 remote maximum packet size <channel specific data> We get a channel from self.getChannel(), give it a local channel number and notify the other side. Then notify the channel by calling its channelOpen method. """ channelType, rest = common.getNS(packet) senderChannel, windowSize, maxPacket = struct.unpack(">3L", rest[:12]) packet = rest[12:] try: channel = self.getChannel(channelType, windowSize, maxPacket, packet) localChannel = self.localChannelID self.localChannelID += 1 channel.id = localChannel self.channels[localChannel] = channel self.channelsToRemoteChannel[channel] = senderChannel self.localToRemoteChannel[localChannel] = senderChannel openConfirmPacket = ( struct.pack( ">4L", senderChannel, localChannel, channel.localWindowSize, channel.localMaxPacket, ) + channel.specificData ) self.transport.sendPacket(MSG_CHANNEL_OPEN_CONFIRMATION, openConfirmPacket) channel.channelOpen(packet) except Exception as e: self._log.failure("channel open failed") if isinstance(e, error.ConchError): textualInfo, reason = e.args if isinstance(textualInfo, int): # See #3657 and #3071 textualInfo, reason = reason, textualInfo else: reason = OPEN_CONNECT_FAILED textualInfo = "unknown failure" self.transport.sendPacket( MSG_CHANNEL_OPEN_FAILURE, struct.pack(">2L", senderChannel, reason) + common.NS(networkString(textualInfo)) + common.NS(b""), ) def ssh_CHANNEL_OPEN_CONFIRMATION(self, packet): """ The other side accepted our MSG_CHANNEL_OPEN request. Payload:: uint32 local channel number uint32 remote channel number uint32 remote window size uint32 remote maximum packet size <channel specific data> Find the channel using the local channel number and notify its channelOpen method. """ (localChannel, remoteChannel, windowSize, maxPacket) = struct.unpack( ">4L", packet[:16] ) specificData = packet[16:] channel = self.channels[localChannel] channel.conn = self self.localToRemoteChannel[localChannel] = remoteChannel self.channelsToRemoteChannel[channel] = remoteChannel channel.remoteWindowLeft = windowSize channel.remoteMaxPacket = maxPacket channel.channelOpen(specificData) def ssh_CHANNEL_OPEN_FAILURE(self, packet): """ The other side did not accept our MSG_CHANNEL_OPEN request. Payload:: uint32 local channel number uint32 reason code string reason description Find the channel using the local channel number and notify it by calling its openFailed() method. """ localChannel, reasonCode = struct.unpack(">2L", packet[:8]) reasonDesc = common.getNS(packet[8:])[0] channel = self.channels[localChannel] del self.channels[localChannel] channel.conn = self reason = error.ConchError(reasonDesc, reasonCode) channel.openFailed(reason) def ssh_CHANNEL_WINDOW_ADJUST(self, packet): """ The other side is adding bytes to its window. Payload:: uint32 local channel number uint32 bytes to add Call the channel's addWindowBytes() method to add new bytes to the remote window. """ localChannel, bytesToAdd = struct.unpack(">2L", packet[:8]) channel = self.channels[localChannel] channel.addWindowBytes(bytesToAdd) def ssh_CHANNEL_DATA(self, packet): """ The other side is sending us data. Payload:: uint32 local channel number string data Check to make sure the other side hasn't sent too much data (more than what's in the window, or more than the maximum packet size). If they have, close the channel. Otherwise, decrease the available window and pass the data to the channel's dataReceived(). """ localChannel, dataLength = struct.unpack(">2L", packet[:8]) channel = self.channels[localChannel] # XXX should this move to dataReceived to put client in charge? if ( dataLength > channel.localWindowLeft or dataLength > channel.localMaxPacket ): # more data than we want self._log.error("too much data") self.sendClose(channel) return # packet = packet[:channel.localWindowLeft+4] data = common.getNS(packet[4:])[0] channel.localWindowLeft -= dataLength if channel.localWindowLeft < channel.localWindowSize // 2: self.adjustWindow( channel, channel.localWindowSize - channel.localWindowLeft ) channel.dataReceived(data) def ssh_CHANNEL_EXTENDED_DATA(self, packet): """ The other side is sending us exteneded data. Payload:: uint32 local channel number uint32 type code string data Check to make sure the other side hasn't sent too much data (more than what's in the window, or than the maximum packet size). If they have, close the channel. Otherwise, decrease the available window and pass the data and type code to the channel's extReceived(). """ localChannel, typeCode, dataLength = struct.unpack(">3L", packet[:12]) channel = self.channels[localChannel] if dataLength > channel.localWindowLeft or dataLength > channel.localMaxPacket: self._log.error("too much extdata") self.sendClose(channel) return data = common.getNS(packet[8:])[0] channel.localWindowLeft -= dataLength if channel.localWindowLeft < channel.localWindowSize // 2: self.adjustWindow( channel, channel.localWindowSize - channel.localWindowLeft ) channel.extReceived(typeCode, data) def ssh_CHANNEL_EOF(self, packet): """ The other side is not sending any more data. Payload:: uint32 local channel number Notify the channel by calling its eofReceived() method. """ localChannel = struct.unpack(">L", packet[:4])[0] channel = self.channels[localChannel] channel.eofReceived() def ssh_CHANNEL_CLOSE(self, packet): """ The other side is closing its end; it does not want to receive any more data. Payload:: uint32 local channel number Notify the channnel by calling its closeReceived() method. If the channel has also sent a close message, call self.channelClosed(). """ localChannel = struct.unpack(">L", packet[:4])[0] channel = self.channels[localChannel] channel.closeReceived() channel.remoteClosed = True if channel.localClosed and channel.remoteClosed: self.channelClosed(channel) def ssh_CHANNEL_REQUEST(self, packet): """ The other side is sending a request to a channel. Payload:: uint32 local channel number string request name bool want reply <request specific data> Pass the message to the channel's requestReceived method. If the other side wants a reply, add callbacks which will send the reply. """ localChannel = struct.unpack(">L", packet[:4])[0] requestType, rest = common.getNS(packet[4:]) wantReply = ord(rest[0:1]) channel = self.channels[localChannel] d = defer.maybeDeferred(channel.requestReceived, requestType, rest[1:]) if wantReply: d.addCallback(self._cbChannelRequest, localChannel) d.addErrback(self._ebChannelRequest, localChannel) return d def _cbChannelRequest(self, result, localChannel): """ Called back if the other side wanted a reply to a channel request. If the result is true, send a MSG_CHANNEL_SUCCESS. Otherwise, raise a C{error.ConchError} @param result: the value returned from the channel's requestReceived() method. If it's False, the request failed. @type result: L{bool} @param localChannel: the local channel ID of the channel to which the request was made. @type localChannel: L{int} @raises ConchError: if the result is False. """ if not result: raise error.ConchError("failed request") self.transport.sendPacket( MSG_CHANNEL_SUCCESS, struct.pack(">L", self.localToRemoteChannel[localChannel]), ) def _ebChannelRequest(self, result, localChannel): """ Called if the other wisde wanted a reply to the channel requeset and the channel request failed. @param result: a Failure, but it's not used. @param localChannel: the local channel ID of the channel to which the request was made. @type localChannel: L{int} """ self.transport.sendPacket( MSG_CHANNEL_FAILURE, struct.pack(">L", self.localToRemoteChannel[localChannel]), ) def ssh_CHANNEL_SUCCESS(self, packet): """ Our channel request to the other side succeeded. Payload:: uint32 local channel number Get the C{Deferred} out of self.deferreds and call it back. """ localChannel = struct.unpack(">L", packet[:4])[0] if self.deferreds.get(localChannel): d = self.deferreds[localChannel].pop(0) d.callback("") def ssh_CHANNEL_FAILURE(self, packet): """ Our channel request to the other side failed. Payload:: uint32 local channel number Get the C{Deferred} out of self.deferreds and errback it with a C{error.ConchError}. """ localChannel = struct.unpack(">L", packet[:4])[0] if self.deferreds.get(localChannel): d = self.deferreds[localChannel].pop(0) d.errback(error.ConchError("channel request failed")) # methods for users of the connection to call def sendGlobalRequest(self, request, data, wantReply=0): """ Send a global request for this connection. Current this is only used for remote->local TCP forwarding. @type request: L{bytes} @type data: L{bytes} @type wantReply: L{bool} @rtype: C{Deferred}/L{None} """ self.transport.sendPacket( MSG_GLOBAL_REQUEST, common.NS(request) + (wantReply and b"\xff" or b"\x00") + data, ) if wantReply: d = defer.Deferred() self.deferreds["global"].append(d) return d def openChannel(self, channel, extra=b""): """ Open a new channel on this connection. @type channel: subclass of C{SSHChannel} @type extra: L{bytes} """ self._log.info( "opening channel {id} with {localWindowSize} {localMaxPacket}", id=self.localChannelID, localWindowSize=channel.localWindowSize, localMaxPacket=channel.localMaxPacket, ) self.transport.sendPacket( MSG_CHANNEL_OPEN, common.NS(channel.name) + struct.pack( ">3L", self.localChannelID, channel.localWindowSize, channel.localMaxPacket, ) + extra, ) channel.id = self.localChannelID self.channels[self.localChannelID] = channel self.localChannelID += 1 def sendRequest(self, channel, requestType, data, wantReply=0): """ Send a request to a channel. @type channel: subclass of C{SSHChannel} @type requestType: L{bytes} @type data: L{bytes} @type wantReply: L{bool} @rtype: C{Deferred}/L{None} """ if channel.localClosed: return self._log.debug("sending request {requestType}", requestType=requestType) self.transport.sendPacket( MSG_CHANNEL_REQUEST, struct.pack(">L", self.channelsToRemoteChannel[channel]) + common.NS(requestType) + (b"\1" if wantReply else b"\0") + data, ) if wantReply: d = defer.Deferred() self.deferreds.setdefault(channel.id, []).append(d) return d def adjustWindow(self, channel, bytesToAdd): """ Tell the other side that we will receive more data. This should not normally need to be called as it is managed automatically. @type channel: subclass of L{SSHChannel} @type bytesToAdd: L{int} """ if channel.localClosed: return # we're already closed packet = struct.pack(">2L", self.channelsToRemoteChannel[channel], bytesToAdd) self.transport.sendPacket(MSG_CHANNEL_WINDOW_ADJUST, packet) self._log.debug( "adding {bytesToAdd} to {localWindowLeft} in channel {id}", bytesToAdd=bytesToAdd, localWindowLeft=channel.localWindowLeft, id=channel.id, ) channel.localWindowLeft += bytesToAdd def sendData(self, channel, data): """ Send data to a channel. This should not normally be used: instead use channel.write(data) as it manages the window automatically. @type channel: subclass of L{SSHChannel} @type data: L{bytes} """ if channel.localClosed: return # we're already closed self.transport.sendPacket( MSG_CHANNEL_DATA, struct.pack(">L", self.channelsToRemoteChannel[channel]) + common.NS(data), ) def sendExtendedData(self, channel, dataType, data): """ Send extended data to a channel. This should not normally be used: instead use channel.writeExtendedData(data, dataType) as it manages the window automatically. @type channel: subclass of L{SSHChannel} @type dataType: L{int} @type data: L{bytes} """ if channel.localClosed: return # we're already closed self.transport.sendPacket( MSG_CHANNEL_EXTENDED_DATA, struct.pack(">2L", self.channelsToRemoteChannel[channel], dataType) + common.NS(data), ) def sendEOF(self, channel): """ Send an EOF (End of File) for a channel. @type channel: subclass of L{SSHChannel} """ if channel.localClosed: return # we're already closed self._log.debug("sending eof") self.transport.sendPacket( MSG_CHANNEL_EOF, struct.pack(">L", self.channelsToRemoteChannel[channel]) ) def sendClose(self, channel): """ Close a channel. @type channel: subclass of L{SSHChannel} """ if channel.localClosed: return # we're already closed self._log.info("sending close {id}", id=channel.id) self.transport.sendPacket( MSG_CHANNEL_CLOSE, struct.pack(">L", self.channelsToRemoteChannel[channel]) ) channel.localClosed = True if channel.localClosed and channel.remoteClosed: self.channelClosed(channel) # methods to override def getChannel(self, channelType, windowSize, maxPacket, data): """ The other side requested a channel of some sort. channelType is the type of channel being requested, windowSize is the initial size of the remote window, maxPacket is the largest packet we should send, data is any other packet data (often nothing). We return a subclass of L{SSHChannel}. By default, this dispatches to a method 'channel_channelType' with any non-alphanumerics in the channelType replace with _'s. If it cannot find a suitable method, it returns an OPEN_UNKNOWN_CHANNEL_TYPE error. The method is called with arguments of windowSize, maxPacket, data. @type channelType: L{bytes} @type windowSize: L{int} @type maxPacket: L{int} @type data: L{bytes} @rtype: subclass of L{SSHChannel}/L{tuple} """ self._log.debug("got channel {channelType!r} request", channelType=channelType) if hasattr(self.transport, "avatar"): # this is a server! chan = self.transport.avatar.lookupChannel( channelType, windowSize, maxPacket, data ) else: channelType = channelType.translate(TRANSLATE_TABLE) attr = "channel_%s" % nativeString(channelType) f = getattr(self, attr, None) if f is not None: chan = f(windowSize, maxPacket, data) else: chan = None if chan is None: raise error.ConchError("unknown channel", OPEN_UNKNOWN_CHANNEL_TYPE) else: chan.conn = self return chan def gotGlobalRequest(self, requestType, data): """ We got a global request. pretty much, this is just used by the client to request that we forward a port from the server to the client. Returns either: - 1: request accepted - 1, <data>: request accepted with request specific data - 0: request denied By default, this dispatches to a method 'global_requestType' with -'s in requestType replaced with _'s. The found method is passed data. If this method cannot be found, this method returns 0. Otherwise, it returns the return value of that method. @type requestType: L{bytes} @type data: L{bytes} @rtype: L{int}/L{tuple} """ self._log.debug("got global {requestType} request", requestType=requestType) if hasattr(self.transport, "avatar"): # this is a server! return self.transport.avatar.gotGlobalRequest(requestType, data) requestType = nativeString(requestType.replace(b"-", b"_")) f = getattr(self, "global_%s" % requestType, None) if not f: return 0 return f(data) def channelClosed(self, channel): """ Called when a channel is closed. It clears the local state related to the channel, and calls channel.closed(). MAKE SURE YOU CALL THIS METHOD, even if you subclass L{SSHConnection}. If you don't, things will break mysteriously. @type channel: L{SSHChannel} """ if channel in self.channelsToRemoteChannel: # actually open channel.localClosed = channel.remoteClosed = True del self.localToRemoteChannel[channel.id] del self.channels[channel.id] del self.channelsToRemoteChannel[channel] for d in self.deferreds.pop(channel.id, []): d.errback(error.ConchError("Channel closed.")) channel.closed() MSG_GLOBAL_REQUEST = 80 MSG_REQUEST_SUCCESS = 81 MSG_REQUEST_FAILURE = 82 MSG_CHANNEL_OPEN = 90 MSG_CHANNEL_OPEN_CONFIRMATION = 91 MSG_CHANNEL_OPEN_FAILURE = 92 MSG_CHANNEL_WINDOW_ADJUST = 93 MSG_CHANNEL_DATA = 94 MSG_CHANNEL_EXTENDED_DATA = 95 MSG_CHANNEL_EOF = 96 MSG_CHANNEL_CLOSE = 97 MSG_CHANNEL_REQUEST = 98 MSG_CHANNEL_SUCCESS = 99 MSG_CHANNEL_FAILURE = 100 OPEN_ADMINISTRATIVELY_PROHIBITED = 1 OPEN_CONNECT_FAILED = 2 OPEN_UNKNOWN_CHANNEL_TYPE = 3 OPEN_RESOURCE_SHORTAGE = 4 EXTENDED_DATA_STDERR = 1 messages = {} for name, value in locals().copy().items(): if name[:4] == "MSG_": messages[value] = name # Doesn't handle doubles alphanums = networkString(string.ascii_letters + string.digits) TRANSLATE_TABLE = bytes(i if i in alphanums else ord("_") for i in range(256)) SSHConnection.protocolMessages = messages ��ssh/forwarding.py��0000644��00000020041�15027667726�0010074 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ This module contains the implementation of the TCP forwarding, which allows clients and servers to forward arbitrary TCP data across the connection. Maintainer: Paul Swartz """ import struct from twisted.conch.ssh import channel, common from twisted.internet import protocol, reactor from twisted.internet.endpoints import HostnameEndpoint, connectProtocol class SSHListenForwardingFactory(protocol.Factory): def __init__(self, connection, hostport, klass): self.conn = connection self.hostport = hostport # tuple self.klass = klass def buildProtocol(self, addr): channel = self.klass(conn=self.conn) client = SSHForwardingClient(channel) channel.client = client addrTuple = (addr.host, addr.port) channelOpenData = packOpen_direct_tcpip(self.hostport, addrTuple) self.conn.openChannel(channel, channelOpenData) return client class SSHListenForwardingChannel(channel.SSHChannel): def channelOpen(self, specificData): self._log.info("opened forwarding channel {id}", id=self.id) if len(self.client.buf) > 1: b = self.client.buf[1:] self.write(b) self.client.buf = b"" def openFailed(self, reason): self.closed() def dataReceived(self, data): self.client.transport.write(data) def eofReceived(self): self.client.transport.loseConnection() def closed(self): if hasattr(self, "client"): self._log.info("closing local forwarding channel {id}", id=self.id) self.client.transport.loseConnection() del self.client class SSHListenClientForwardingChannel(SSHListenForwardingChannel): name = b"direct-tcpip" class SSHListenServerForwardingChannel(SSHListenForwardingChannel): name = b"forwarded-tcpip" class SSHConnectForwardingChannel(channel.SSHChannel): """ Channel used for handling server side forwarding request. It acts as a client for the remote forwarding destination. @ivar hostport: C{(host, port)} requested by client as forwarding destination. @type hostport: L{tuple} or a C{sequence} @ivar client: Protocol connected to the forwarding destination. @type client: L{protocol.Protocol} @ivar clientBuf: Data received while forwarding channel is not yet connected. @type clientBuf: L{bytes} @var _reactor: Reactor used for TCP connections. @type _reactor: A reactor. @ivar _channelOpenDeferred: Deferred used in testing to check the result of C{channelOpen}. @type _channelOpenDeferred: L{twisted.internet.defer.Deferred} """ _reactor = reactor def __init__(self, hostport, args, kw): channel.SSHChannel.__init__(self, args, *kw) self.hostport = hostport self.client = None self.clientBuf = b"" def channelOpen(self, specificData): """ See: L{channel.SSHChannel} """ self._log.info( "connecting to {host}:{port}", host=self.hostport[0], port=self.hostport[1] ) ep = HostnameEndpoint(self._reactor, self.hostport[0], self.hostport[1]) d = connectProtocol(ep, SSHForwardingClient(self)) d.addCallbacks(self._setClient, self._close) self._channelOpenDeferred = d def _setClient(self, client): """ Called when the connection was established to the forwarding destination. @param client: Client protocol connected to the forwarding destination. @type client: L{protocol.Protocol} """ self.client = client self._log.info( "connected to {host}:{port}", host=self.hostport[0], port=self.hostport[1] ) if self.clientBuf: self.client.transport.write(self.clientBuf) self.clientBuf = None if self.client.buf[1:]: self.write(self.client.buf[1:]) self.client.buf = b"" def _close(self, reason): """ Called when failed to connect to the forwarding destination. @param reason: Reason why connection failed. @type reason: L{twisted.python.failure.Failure} """ self._log.error( "failed to connect to {host}:{port}: {reason}", host=self.hostport[0], port=self.hostport[1], reason=reason, ) self.loseConnection() def dataReceived(self, data): """ See: L{channel.SSHChannel} """ if self.client: self.client.transport.write(data) else: self.clientBuf += data def closed(self): """ See: L{channel.SSHChannel} """ if self.client: self._log.info("closed remote forwarding channel {id}", id=self.id) if self.client.channel: self.loseConnection() self.client.transport.loseConnection() del self.client def openConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar): remoteHP, origHP = unpackOpen_direct_tcpip(data) return SSHConnectForwardingChannel( remoteHP, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket, avatar=avatar, ) class SSHForwardingClient(protocol.Protocol): def __init__(self, channel): self.channel = channel self.buf = b"\000" def dataReceived(self, data): if self.buf: self.buf += data else: self.channel.write(data) def connectionLost(self, reason): if self.channel: self.channel.loseConnection() self.channel = None def packOpen_direct_tcpip(destination, source): """ Pack the data suitable for sending in a CHANNEL_OPEN packet. @type destination: L{tuple} @param destination: A tuple of the (host, port) of the destination host. @type source: L{tuple} @param source: A tuple of the (host, port) of the source host. """ (connHost, connPort) = destination (origHost, origPort) = source if isinstance(connHost, str): connHost = connHost.encode("utf-8") if isinstance(origHost, str): origHost = origHost.encode("utf-8") conn = common.NS(connHost) + struct.pack(">L", connPort) orig = common.NS(origHost) + struct.pack(">L", origPort) return conn + orig packOpen_forwarded_tcpip = packOpen_direct_tcpip def unpackOpen_direct_tcpip(data): """Unpack the data to a usable format.""" connHost, rest = common.getNS(data) if isinstance(connHost, bytes): connHost = connHost.decode("utf-8") connPort = int(struct.unpack(">L", rest[:4])[0]) origHost, rest = common.getNS(rest[4:]) if isinstance(origHost, bytes): origHost = origHost.decode("utf-8") origPort = int(struct.unpack(">L", rest[:4])[0]) return (connHost, connPort), (origHost, origPort) unpackOpen_forwarded_tcpip = unpackOpen_direct_tcpip def packGlobal_tcpip_forward(peer): """ Pack the data for tcpip forwarding. @param peer: A tuple of the (host, port) . @type peer: L{tuple} """ (host, port) = peer return common.NS(host) + struct.pack(">L", port) def unpackGlobal_tcpip_forward(data): host, rest = common.getNS(data) if isinstance(host, bytes): host = host.decode("utf-8") port = int(struct.unpack(">L", rest[:4])[0]) return host, port """This is how the data -> eof -> close stuff /should/ work. debug3: channel 1: waiting for connection debug1: channel 1: connected debug1: channel 1: read<=0 rfd 7 len 0 debug1: channel 1: read failed debug1: channel 1: close_read debug1: channel 1: input open -> drain debug1: channel 1: ibuf empty debug1: channel 1: send eof debug1: channel 1: input drain -> closed debug1: channel 1: rcvd eof debug1: channel 1: output open -> drain debug1: channel 1: obuf empty debug1: channel 1: close_write debug1: channel 1: output drain -> closed debug1: channel 1: rcvd close debug3: channel 1: will not send data after close debug1: channel 1: send close debug1: channel 1: is dead """ ��ssh/_kex.py��0000644��00000020567�15027667726�0006675 0��ustar�00��# -- test-case-name: twisted.conch.test.test_transport -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ SSH key exchange handling. """ from hashlib import sha1, sha256, sha384, sha512 from zope.interface import Attribute, Interface, implementer from twisted.conch import error class _IKexAlgorithm(Interface): """ An L{_IKexAlgorithm} describes a key exchange algorithm. """ preference = Attribute( "An L{int} giving the preference of the algorithm when negotiating " "key exchange. Algorithms with lower precedence values are more " "preferred." ) hashProcessor = Attribute( "A callable hash algorithm constructor (e.g. C{hashlib.sha256}) " "suitable for use with this key exchange algorithm." ) class _IFixedGroupKexAlgorithm(_IKexAlgorithm): """ An L{_IFixedGroupKexAlgorithm} describes a key exchange algorithm with a fixed prime / generator group. """ prime = Attribute( "An L{int} giving the prime number used in Diffie-Hellman key " "exchange, or L{None} if not applicable." ) generator = Attribute( "An L{int} giving the generator number used in Diffie-Hellman key " "exchange, or L{None} if not applicable. (This is not related to " "Python generator functions.)" ) class _IEllipticCurveExchangeKexAlgorithm(_IKexAlgorithm): """ An L{_IEllipticCurveExchangeKexAlgorithm} describes a key exchange algorithm that uses an elliptic curve exchange between the client and server. """ class _IGroupExchangeKexAlgorithm(_IKexAlgorithm): """ An L{_IGroupExchangeKexAlgorithm} describes a key exchange algorithm that uses group exchange between the client and server. A prime / generator group should be chosen at run time based on the requested size. See RFC 4419. """ @implementer(_IEllipticCurveExchangeKexAlgorithm) class _Curve25519SHA256: """ Elliptic Curve Key Exchange using Curve25519 and SHA256. Defined in U{https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-curves/}. """ preference = 1 hashProcessor = sha256 @implementer(_IEllipticCurveExchangeKexAlgorithm) class _Curve25519SHA256LibSSH: """ As L{_Curve25519SHA256}, but with a pre-standardized algorithm name. """ preference = 2 hashProcessor = sha256 @implementer(_IEllipticCurveExchangeKexAlgorithm) class _ECDH256: """ Elliptic Curve Key Exchange with SHA-256 as HASH. Defined in RFC 5656. Note that C{ecdh-sha2-nistp256} takes priority over nistp384 or nistp512. This is the same priority from OpenSSH. C{ecdh-sha2-nistp256} is considered preety good cryptography. If you need something better consider using C{curve25519-sha256}. """ preference = 3 hashProcessor = sha256 @implementer(_IEllipticCurveExchangeKexAlgorithm) class _ECDH384: """ Elliptic Curve Key Exchange with SHA-384 as HASH. Defined in RFC 5656. """ preference = 4 hashProcessor = sha384 @implementer(_IEllipticCurveExchangeKexAlgorithm) class _ECDH512: """ Elliptic Curve Key Exchange with SHA-512 as HASH. Defined in RFC 5656. """ preference = 5 hashProcessor = sha512 @implementer(_IGroupExchangeKexAlgorithm) class _DHGroupExchangeSHA256: """ Diffie-Hellman Group and Key Exchange with SHA-256 as HASH. Defined in RFC 4419, 4.2. """ preference = 6 hashProcessor = sha256 @implementer(_IGroupExchangeKexAlgorithm) class _DHGroupExchangeSHA1: """ Diffie-Hellman Group and Key Exchange with SHA-1 as HASH. Defined in RFC 4419, 4.1. """ preference = 7 hashProcessor = sha1 @implementer(_IFixedGroupKexAlgorithm) class _DHGroup14SHA1: """ Diffie-Hellman key exchange with SHA-1 as HASH and Oakley Group 14 (2048-bit MODP Group). Defined in RFC 4253, 8.2. """ preference = 8 hashProcessor = sha1 # Diffie-Hellman primes from Oakley Group 14 (RFC 3526, 3). prime = int( "323170060713110073003389139264238282488179412411402391128420" "097514007417066343542226196894173635693471179017379097041917" "546058732091950288537589861856221532121754125149017745202702" "357960782362488842461894775876411059286460994117232454266225" "221932305409190376805242355191256797158701170010580558776510" "388618472802579760549035697325615261670813393617995413364765" "591603683178967290731783845896806396719009772021941686472258" "710314113364293195361934716365332097170774482279885885653692" "086452966360772502689555059283627511211740969729980684105543" "595848665832916421362182310789909994486524682624169720359118" "52507045361090559" ) generator = 2 # Which ECDH hash function to use is dependent on the size. _kexAlgorithms = { b"curve25519-sha256": _Curve25519SHA256(), b"curve25519-sha256@libssh.org": _Curve25519SHA256LibSSH(), b"diffie-hellman-group-exchange-sha256": _DHGroupExchangeSHA256(), b"diffie-hellman-group-exchange-sha1": _DHGroupExchangeSHA1(), b"diffie-hellman-group14-sha1": _DHGroup14SHA1(), b"ecdh-sha2-nistp256": _ECDH256(), b"ecdh-sha2-nistp384": _ECDH384(), b"ecdh-sha2-nistp521": _ECDH512(), } def getKex(kexAlgorithm): """ Get a description of a named key exchange algorithm. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: A description of the key exchange algorithm named by C{kexAlgorithm}. @rtype: L{_IKexAlgorithm} @raises ConchError: if the key exchange algorithm is not found. """ if kexAlgorithm not in _kexAlgorithms: raise error.ConchError(f"Unsupported key exchange algorithm: {kexAlgorithm}") return _kexAlgorithms[kexAlgorithm] def isEllipticCurve(kexAlgorithm): """ Returns C{True} if C{kexAlgorithm} is an elliptic curve. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: C{str} @return: C{True} if C{kexAlgorithm} is an elliptic curve, otherwise C{False}. @rtype: C{bool} """ return _IEllipticCurveExchangeKexAlgorithm.providedBy(getKex(kexAlgorithm)) def isFixedGroup(kexAlgorithm): """ Returns C{True} if C{kexAlgorithm} has a fixed prime / generator group. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: C{True} if C{kexAlgorithm} has a fixed prime / generator group, otherwise C{False}. @rtype: L{bool} """ return _IFixedGroupKexAlgorithm.providedBy(getKex(kexAlgorithm)) def getHashProcessor(kexAlgorithm): """ Get the hash algorithm callable to use in key exchange. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: A callable hash algorithm constructor (e.g. C{hashlib.sha256}). @rtype: C{callable} """ kex = getKex(kexAlgorithm) return kex.hashProcessor def getDHGeneratorAndPrime(kexAlgorithm): """ Get the generator and the prime to use in key exchange. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: A L{tuple} containing L{int} generator and L{int} prime. @rtype: L{tuple} """ kex = getKex(kexAlgorithm) return kex.generator, kex.prime def getSupportedKeyExchanges(): """ Get a list of supported key exchange algorithm names in order of preference. @return: A C{list} of supported key exchange algorithm names. @rtype: C{list} of L{bytes} """ from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.asymmetric import ec from twisted.conch.ssh.keys import _curveTable backend = default_backend() kexAlgorithms = _kexAlgorithms.copy() for keyAlgorithm in list(kexAlgorithms): if keyAlgorithm.startswith(b"ecdh"): keyAlgorithmDsa = keyAlgorithm.replace(b"ecdh", b"ecdsa") supported = backend.elliptic_curve_exchange_algorithm_supported( ec.ECDH(), _curveTable[keyAlgorithmDsa] ) elif keyAlgorithm.startswith(b"curve25519-sha256"): supported = backend.x25519_supported() else: supported = True if not supported: kexAlgorithms.pop(keyAlgorithm) return sorted( kexAlgorithms, key=lambda kexAlgorithm: kexAlgorithms[kexAlgorithm].preference ) ��ssh/address.py��0000644��00000002116�15027667726�0007362 0��ustar�00��# -- test-case-name: twisted.conch.test.test_address -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Address object for SSH network connections. Maintainer: Paul Swartz @since: 12.1 """ from zope.interface import implementer from twisted.internet.interfaces import IAddress from twisted.python import util @implementer(IAddress) class SSHTransportAddress(util.FancyEqMixin): """ Object representing an SSH Transport endpoint. This is used to ensure that any code inspecting this address and attempting to construct a similar connection based upon it is not mislead into creating a transport which is not similar to the one it is indicating. @ivar address: An instance of an object which implements I{IAddress} to which this transport address is connected. """ compareAttributes = ("address",) def __init__(self, address): self.address = address def __repr__(self) -> str: return f"SSHTransportAddress({self.address!r})" def __hash__(self): return hash(("SSH", self.address)) ��ssh/session.py��0000644��00000032642�15027667726�0007427 0��ustar�00��# -- test-case-name: twisted.conch.test.test_session -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ This module contains the implementation of SSHSession, which (by default) allows access to a shell and a python interpreter over SSH. Maintainer: Paul Swartz """ import os import signal import struct import sys from zope.interface import implementer from twisted.conch.interfaces import ( EnvironmentVariableNotPermitted, ISession, ISessionSetEnv, ) from twisted.conch.ssh import channel, common, connection from twisted.internet import interfaces, protocol from twisted.logger import Logger from twisted.python.compat import networkString log = Logger() class SSHSession(channel.SSHChannel): """ A generalized implementation of an SSH session. See RFC 4254, section 6. The precise implementation of the various operations that the remote end can send is left up to the avatar, usually via an adapter to an interface such as L{ISession}. @ivar buf: a buffer for data received before making a connection to a client. @type buf: L{bytes} @ivar client: a protocol for communication with a shell, an application program, or a subsystem (see RFC 4254, section 6.5). @type client: L{SSHSessionProcessProtocol} @ivar session: an object providing concrete implementations of session operations. @type session: L{ISession} """ name = b"session" def __init__(self, args, *kw): channel.SSHChannel.__init__(self, args, *kw) self.buf = b"" self.client = None self.session = None def request_subsystem(self, data): subsystem, ignored = common.getNS(data) log.info('Asking for subsystem "{subsystem}"', subsystem=subsystem) client = self.avatar.lookupSubsystem(subsystem, data) if client: pp = SSHSessionProcessProtocol(self) proto = wrapProcessProtocol(pp) client.makeConnection(proto) pp.makeConnection(wrapProtocol(client)) self.client = pp return 1 else: log.error("Failed to get subsystem") return 0 def request_shell(self, data): log.info("Getting shell") if not self.session: self.session = ISession(self.avatar) try: pp = SSHSessionProcessProtocol(self) self.session.openShell(pp) except Exception: log.failure("Error getting shell") return 0 else: self.client = pp return 1 def request_exec(self, data): if not self.session: self.session = ISession(self.avatar) f, data = common.getNS(data) log.info('Executing command "{f}"', f=f) try: pp = SSHSessionProcessProtocol(self) self.session.execCommand(pp, f) except Exception: log.failure('Error executing command "{f}"', f=f) return 0 else: self.client = pp return 1 def request_pty_req(self, data): if not self.session: self.session = ISession(self.avatar) term, windowSize, modes = parseRequest_pty_req(data) log.info( "Handling pty request: {term!r} {windowSize!r}", term=term, windowSize=windowSize, ) try: self.session.getPty(term, windowSize, modes) except Exception: log.failure("Error handling pty request") return 0 else: return 1 def request_env(self, data): """ Process a request to pass an environment variable. @param data: The environment variable name and value, each encoded as an SSH protocol string and concatenated. @type data: L{bytes} @return: A true value if the request to pass this environment variable was accepted, otherwise a false value. """ if not self.session: self.session = ISession(self.avatar) if not ISessionSetEnv.providedBy(self.session): log.warn( "Can't handle environment variables for SSH avatar {avatar}: " "{session} does not provide ISessionSetEnv interface. " "It should be decorated with @implementer(ISession, " "ISessionSetEnv) to support env variables.", avatar=self.avatar, session=self.session, ) return 0 name, value, data = common.getNS(data, 2) try: self.session.setEnv(name, value) except EnvironmentVariableNotPermitted: return 0 except Exception: log.failure("Error setting environment variable {name}", name=name) return 0 else: return 1 def request_window_change(self, data): if not self.session: self.session = ISession(self.avatar) winSize = parseRequest_window_change(data) try: self.session.windowChanged(winSize) except Exception: log.failure("Error changing window size") return 0 else: return 1 def dataReceived(self, data): if not self.client: # self.conn.sendClose(self) self.buf += data return self.client.transport.write(data) def extReceived(self, dataType, data): if dataType == connection.EXTENDED_DATA_STDERR: if self.client and hasattr(self.client.transport, "writeErr"): self.client.transport.writeErr(data) else: log.warn("Weird extended data: {dataType}", dataType=dataType) def eofReceived(self): if self.session: self.session.eofReceived() elif self.client: self.conn.sendClose(self) def closed(self): if self.session: self.session.closed() elif self.client: self.client.transport.loseConnection() # def closeReceived(self): # self.loseConnection() # don't know what to do with this def loseConnection(self): if self.client: self.client.transport.loseConnection() channel.SSHChannel.loseConnection(self) class _ProtocolWrapper(protocol.ProcessProtocol): """ This class wraps a L{Protocol} instance in a L{ProcessProtocol} instance. """ def __init__(self, proto): self.proto = proto def connectionMade(self): self.proto.connectionMade() def outReceived(self, data): self.proto.dataReceived(data) def processEnded(self, reason): self.proto.connectionLost(reason) class _DummyTransport: def __init__(self, proto): self.proto = proto def dataReceived(self, data): self.proto.transport.write(data) def write(self, data): self.proto.dataReceived(data) def writeSequence(self, seq): self.write(b"".join(seq)) def loseConnection(self): self.proto.connectionLost(protocol.connectionDone) def wrapProcessProtocol(inst): if isinstance(inst, protocol.Protocol): return _ProtocolWrapper(inst) else: return inst def wrapProtocol(proto): return _DummyTransport(proto) # SUPPORTED_SIGNALS is a list of signals that every session channel is supposed # to accept. See RFC 4254 SUPPORTED_SIGNALS = [ "ABRT", "ALRM", "FPE", "HUP", "ILL", "INT", "KILL", "PIPE", "QUIT", "SEGV", "TERM", "USR1", "USR2", ] @implementer(interfaces.ITransport) class SSHSessionProcessProtocol(protocol.ProcessProtocol): """I am both an L{IProcessProtocol} and an L{ITransport}. I am a transport to the remote endpoint and a process protocol to the local subsystem. """ # once initialized, a dictionary mapping signal values to strings # that follow RFC 4254. _signalValuesToNames = None def __init__(self, session): self.session = session self.lostOutOrErrFlag = False def connectionMade(self): if self.session.buf: self.transport.write(self.session.buf) self.session.buf = None def outReceived(self, data): self.session.write(data) def errReceived(self, err): self.session.writeExtended(connection.EXTENDED_DATA_STDERR, err) def outConnectionLost(self): """ EOF should only be sent when both STDOUT and STDERR have been closed. """ if self.lostOutOrErrFlag: self.session.conn.sendEOF(self.session) else: self.lostOutOrErrFlag = True def errConnectionLost(self): """ See outConnectionLost(). """ self.outConnectionLost() def connectionLost(self, reason=None): self.session.loseConnection() def _getSignalName(self, signum): """ Get a signal name given a signal number. """ if self._signalValuesToNames is None: self._signalValuesToNames = {} # make sure that the POSIX ones are the defaults for signame in SUPPORTED_SIGNALS: signame = "SIG" + signame sigvalue = getattr(signal, signame, None) if sigvalue is not None: self._signalValuesToNames[sigvalue] = signame for k, v in signal.__dict__.items(): # Check for platform specific signals, ignoring Python specific # SIG_DFL and SIG_IGN if k.startswith("SIG") and not k.startswith("SIG_"): if v not in self._signalValuesToNames: self._signalValuesToNames[v] = k + "@" + sys.platform return self._signalValuesToNames[signum] def processEnded(self, reason=None): """ When we are told the process ended, try to notify the other side about how the process ended using the exit-signal or exit-status requests. Also, close the channel. """ if reason is not None: err = reason.value if err.signal is not None: signame = self._getSignalName(err.signal) if getattr(os, "WCOREDUMP", None) is not None and os.WCOREDUMP( err.status ): log.info("exitSignal: {signame} (core dumped)", signame=signame) coreDumped = True else: log.info("exitSignal: {}", signame=signame) coreDumped = False self.session.conn.sendRequest( self.session, b"exit-signal", common.NS(networkString(signame[3:])) + (b"\1" if coreDumped else b"\0") + common.NS(b"") + common.NS(b""), ) elif err.exitCode is not None: log.info("exitCode: {exitCode!r}", exitCode=err.exitCode) self.session.conn.sendRequest( self.session, b"exit-status", struct.pack(">L", err.exitCode) ) self.session.loseConnection() def getHost(self): """ Return the host from my session's transport. """ return self.session.conn.transport.getHost() def getPeer(self): """ Return the peer from my session's transport. """ return self.session.conn.transport.getPeer() def write(self, data): self.session.write(data) def writeSequence(self, seq): self.session.write(b"".join(seq)) def loseConnection(self): self.session.loseConnection() class SSHSessionClient(protocol.Protocol): def dataReceived(self, data): if self.transport: self.transport.write(data) # methods factored out to make live easier on server writers def parseRequest_pty_req(data): """Parse the data from a pty-req request into usable data. @returns: a tuple of (terminal type, (rows, cols, xpixel, ypixel), modes) """ term, rest = common.getNS(data) cols, rows, xpixel, ypixel = struct.unpack(">4L", rest[:16]) modes, ignored = common.getNS(rest[16:]) winSize = (rows, cols, xpixel, ypixel) modes = [ (ord(modes[i : i + 1]), struct.unpack(">L", modes[i + 1 : i + 5])[0]) for i in range(0, len(modes) - 1, 5) ] return term, winSize, modes def packRequest_pty_req(term, geometry, modes): """ Pack a pty-req request so that it is suitable for sending. NOTE: modes must be packed before being sent here. @type geometry: L{tuple} @param geometry: A tuple of (rows, columns, xpixel, ypixel) """ (rows, cols, xpixel, ypixel) = geometry termPacked = common.NS(term) winSizePacked = struct.pack(">4L", cols, rows, xpixel, ypixel) modesPacked = common.NS(modes) # depend on the client packing modes return termPacked + winSizePacked + modesPacked def parseRequest_window_change(data): """Parse the data from a window-change request into usuable data. @returns: a tuple of (rows, cols, xpixel, ypixel) """ cols, rows, xpixel, ypixel = struct.unpack(">4L", data) return rows, cols, xpixel, ypixel def packRequest_window_change(geometry): """ Pack a window-change request so that it is suitable for sending. @type geometry: L{tuple} @param geometry: A tuple of (rows, columns, xpixel, ypixel) """ (rows, cols, xpixel, ypixel) = geometry return struct.pack(">4L", cols, rows, xpixel, ypixel) ��ssh/transport.py��0000644��00000235122�15027667726�0007776 0��ustar�00��# -- test-case-name: twisted.conch.test.test_transport -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ The lowest level SSH protocol. This handles the key negotiation, the encryption and the compression. The transport layer is described in RFC 4253. Maintainer: Paul Swartz """ import binascii import hmac import struct import zlib from hashlib import md5, sha1, sha256, sha384, sha512 from typing import Dict from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import dh, ec, x25519 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from twisted import __version__ as twisted_version from twisted.conch.ssh import _kex, address, keys from twisted.conch.ssh.common import MP, NS, ffs, getMP, getNS from twisted.internet import defer, protocol from twisted.logger import Logger from twisted.python import randbytes from twisted.python.compat import iterbytes, networkString # This import is needed if SHA256 hashing is used. # from twisted.python.compat import nativeString def _mpFromBytes(data): """Make an SSH multiple-precision integer from big-endian L{bytes}. Used in ECDH key exchange. @type data: L{bytes} @param data: The input data, interpreted as a big-endian octet string. @rtype: L{bytes} @return: The given data encoded as an SSH multiple-precision integer. """ return MP(int.from_bytes(data, "big")) class _MACParams(tuple): """ L{_MACParams} represents the parameters necessary to compute SSH MAC (Message Authenticate Codes). L{_MACParams} is a L{tuple} subclass to maintain compatibility with older versions of the code. The elements of a L{_MACParams} are:: 0. The digest object used for the MAC 1. The inner pad ("ipad") string 2. The outer pad ("opad") string 3. The size of the digest produced by the digest object L{_MACParams} is also an object lesson in why tuples are a bad type for public APIs. @ivar key: The HMAC key which will be used. """ class SSHCiphers: """ SSHCiphers represents all the encryption operations that need to occur to encrypt and authenticate the SSH connection. @cvar cipherMap: A dictionary mapping SSH encryption names to 3-tuples of (<cryptography.hazmat.primitives.interfaces.CipherAlgorithm>, <block size>, <cryptography.hazmat.primitives.interfaces.Mode>) @cvar macMap: A dictionary mapping SSH MAC names to hash modules. @ivar outCipType: the string type of the outgoing cipher. @ivar inCipType: the string type of the incoming cipher. @ivar outMACType: the string type of the incoming MAC. @ivar inMACType: the string type of the incoming MAC. @ivar encBlockSize: the block size of the outgoing cipher. @ivar decBlockSize: the block size of the incoming cipher. @ivar verifyDigestSize: the size of the incoming MAC. @ivar outMAC: a tuple of (<hash module>, <inner key>, <outer key>, <digest size>) representing the outgoing MAC. @ivar inMAc: see outMAC, but for the incoming MAC. """ cipherMap = { b"3des-cbc": (algorithms.TripleDES, 24, modes.CBC), b"blowfish-cbc": (algorithms.Blowfish, 16, modes.CBC), b"aes256-cbc": (algorithms.AES, 32, modes.CBC), b"aes192-cbc": (algorithms.AES, 24, modes.CBC), b"aes128-cbc": (algorithms.AES, 16, modes.CBC), b"cast128-cbc": (algorithms.CAST5, 16, modes.CBC), b"aes128-ctr": (algorithms.AES, 16, modes.CTR), b"aes192-ctr": (algorithms.AES, 24, modes.CTR), b"aes256-ctr": (algorithms.AES, 32, modes.CTR), b"3des-ctr": (algorithms.TripleDES, 24, modes.CTR), b"blowfish-ctr": (algorithms.Blowfish, 16, modes.CTR), b"cast128-ctr": (algorithms.CAST5, 16, modes.CTR), b"none": (None, 0, modes.CBC), } macMap = { b"hmac-sha2-512": sha512, b"hmac-sha2-384": sha384, b"hmac-sha2-256": sha256, b"hmac-sha1": sha1, b"hmac-md5": md5, b"none": None, } def __init__(self, outCip, inCip, outMac, inMac): self.outCipType = outCip self.inCipType = inCip self.outMACType = outMac self.inMACType = inMac self.encBlockSize = 0 self.decBlockSize = 0 self.verifyDigestSize = 0 self.outMAC = (None, b"", b"", 0) self.inMAC = (None, b"", b"", 0) def setKeys(self, outIV, outKey, inIV, inKey, outInteg, inInteg): """ Set up the ciphers and hashes using the given keys, @param outIV: the outgoing initialization vector @param outKey: the outgoing encryption key @param inIV: the incoming initialization vector @param inKey: the incoming encryption key @param outInteg: the outgoing integrity key @param inInteg: the incoming integrity key. """ o = self._getCipher(self.outCipType, outIV, outKey) self.encryptor = o.encryptor() self.encBlockSize = o.algorithm.block_size // 8 o = self._getCipher(self.inCipType, inIV, inKey) self.decryptor = o.decryptor() self.decBlockSize = o.algorithm.block_size // 8 self.outMAC = self._getMAC(self.outMACType, outInteg) self.inMAC = self._getMAC(self.inMACType, inInteg) if self.inMAC: self.verifyDigestSize = self.inMAC[3] def _getCipher(self, cip, iv, key): """ Creates an initialized cipher object. @param cip: the name of the cipher, maps into cipherMap @param iv: the initialzation vector @param key: the encryption key @return: the cipher object. """ algorithmClass, keySize, modeClass = self.cipherMap[cip] if algorithmClass is None: return _DummyCipher() return Cipher( algorithmClass(key[:keySize]), modeClass(iv[: algorithmClass.block_size // 8]), backend=default_backend(), ) def _getMAC(self, mac, key): """ Gets a 4-tuple representing the message authentication code. (<hash module>, <inner hash value>, <outer hash value>, <digest size>) @type mac: L{bytes} @param mac: a key mapping into macMap @type key: L{bytes} @param key: the MAC key. @rtype: L{bytes} @return: The MAC components. """ mod = self.macMap[mac] if not mod: return (None, b"", b"", 0) # With stdlib we can only get attributes fron an instantiated object. hashObject = mod() digestSize = hashObject.digest_size blockSize = hashObject.block_size # Truncation here appears to contravene RFC 2104, section 2. However, # implementing the hashing behavior prescribed by the RFC breaks # interoperability with OpenSSH (at least version 5.5p1). key = key[:digestSize] + (b"\x00" (blockSize - digestSize)) i = key.translate(hmac.trans_36) o = key.translate(hmac.trans_5C) result = _MACParams((mod, i, o, digestSize)) result.key = key return result def encrypt(self, blocks): """ Encrypt some data. @type blocks: L{bytes} @param blocks: The data to encrypt. @rtype: L{bytes} @return: The encrypted data. """ return self.encryptor.update(blocks) def decrypt(self, blocks): """ Decrypt some data. @type blocks: L{bytes} @param blocks: The data to decrypt. @rtype: L{bytes} @return: The decrypted data. """ return self.decryptor.update(blocks) def makeMAC(self, seqid, data): """ Create a message authentication code (MAC) for the given packet using the outgoing MAC values. @type seqid: L{int} @param seqid: The sequence ID of the outgoing packet. @type data: L{bytes} @param data: The data to create a MAC for. @rtype: L{str} @return: The serialized MAC. """ if not self.outMAC[0]: return b"" data = struct.pack(">L", seqid) + data return hmac.HMAC(self.outMAC.key, data, self.outMAC[0]).digest() def verify(self, seqid, data, mac): """ Verify an incoming MAC using the incoming MAC values. @type seqid: L{int} @param seqid: The sequence ID of the incoming packet. @type data: L{bytes} @param data: The packet data to verify. @type mac: L{bytes} @param mac: The MAC sent with the packet. @rtype: L{bool} @return: C{True} if the MAC is valid. """ if not self.inMAC[0]: return mac == b"" data = struct.pack(">L", seqid) + data outer = hmac.HMAC(self.inMAC.key, data, self.inMAC[0]).digest() return hmac.compare_digest(mac, outer) def _getSupportedCiphers(): """ Build a list of ciphers that are supported by the backend in use. @return: a list of supported ciphers. @rtype: L{list} of L{str} """ supportedCiphers = [] cs = [ b"aes256-ctr", b"aes256-cbc", b"aes192-ctr", b"aes192-cbc", b"aes128-ctr", b"aes128-cbc", b"cast128-ctr", b"cast128-cbc", b"blowfish-ctr", b"blowfish-cbc", b"3des-ctr", b"3des-cbc", ] for cipher in cs: algorithmClass, keySize, modeClass = SSHCiphers.cipherMap[cipher] try: Cipher( algorithmClass(b" " * keySize), modeClass(b" " * (algorithmClass.block_size // 8)), backend=default_backend(), ).encryptor() except UnsupportedAlgorithm: pass else: supportedCiphers.append(cipher) return supportedCiphers class SSHTransportBase(protocol.Protocol): """ Protocol supporting basic SSH functionality: sending/receiving packets and message dispatch. To connect to or run a server, you must use SSHClientTransport or SSHServerTransport. @ivar protocolVersion: A string representing the version of the SSH protocol we support. Currently defaults to '2.0'. @ivar version: A string representing the version of the server or client. Currently defaults to 'Twisted'. @ivar comment: An optional string giving more information about the server or client. @ivar supportedCiphers: A list of strings representing the encryption algorithms supported, in order from most-preferred to least. @ivar supportedMACs: A list of strings representing the message authentication codes (hashes) supported, in order from most-preferred to least. Both this and supportedCiphers can include 'none' to use no encryption or authentication, but that must be done manually, @ivar supportedKeyExchanges: A list of strings representing the key exchanges supported, in order from most-preferred to least. @ivar supportedPublicKeys: A list of strings representing the public key types supported, in order from most-preferred to least. @ivar supportedCompressions: A list of strings representing compression types supported, from most-preferred to least. @ivar supportedLanguages: A list of strings representing languages supported, from most-preferred to least. @ivar supportedVersions: A container of strings representing supported ssh protocol version numbers. @ivar isClient: A boolean indicating whether this is a client or server. @ivar gotVersion: A boolean indicating whether we have received the version string from the other side. @ivar buf: Data we've received but hasn't been parsed into a packet. @ivar outgoingPacketSequence: the sequence number of the next packet we will send. @ivar incomingPacketSequence: the sequence number of the next packet we are expecting from the other side. @ivar outgoingCompression: an object supporting the .compress(str) and .flush() methods, or None if there is no outgoing compression. Used to compress outgoing data. @ivar outgoingCompressionType: A string representing the outgoing compression type. @ivar incomingCompression: an object supporting the .decompress(str) method, or None if there is no incoming compression. Used to decompress incoming data. @ivar incomingCompressionType: A string representing the incoming compression type. @ivar ourVersionString: the version string that we sent to the other side. Used in the key exchange. @ivar otherVersionString: the version string sent by the other side. Used in the key exchange. @ivar ourKexInitPayload: the MSG_KEXINIT payload we sent. Used in the key exchange. @ivar otherKexInitPayload: the MSG_KEXINIT payload we received. Used in the key exchange @ivar sessionID: a string that is unique to this SSH session. Created as part of the key exchange, sessionID is used to generate the various encryption and authentication keys. @ivar service: an SSHService instance, or None. If it's set to an object, it's the currently running service. @ivar kexAlg: the agreed-upon key exchange algorithm. @ivar keyAlg: the agreed-upon public key type for the key exchange. @ivar currentEncryptions: an SSHCiphers instance. It represents the current encryption and authentication options for the transport. @ivar nextEncryptions: an SSHCiphers instance. Held here until the MSG_NEWKEYS messages are exchanged, when nextEncryptions is transitioned to currentEncryptions. @ivar first: the first bytes of the next packet. In order to avoid decrypting data twice, the first bytes are decrypted and stored until the whole packet is available. @ivar _keyExchangeState: The current protocol state with respect to key exchange. This is either C{_KEY_EXCHANGE_NONE} if no key exchange is in progress (and returns to this value after any key exchange completqes), C{_KEY_EXCHANGE_REQUESTED} if this side of the connection initiated a key exchange, and C{_KEY_EXCHANGE_PROGRESSING} if the other side of the connection initiated a key exchange. C{_KEY_EXCHANGE_NONE} is the initial value (however SSH connections begin with key exchange, so it will quickly change to another state). @ivar _blockedByKeyExchange: Whenever C{_keyExchangeState} is not C{_KEY_EXCHANGE_NONE}, this is a C{list} of pending messages which were passed to L{sendPacket} but could not be sent because it is not legal to send them while a key exchange is in progress. When the key exchange completes, another attempt is made to send these messages. @ivar _peerSupportsExtensions: a boolean indicating whether the other side of the connection supports RFC 8308 extension negotiation. @ivar peerExtensions: a dict of extensions supported by the other side of the connection. """ _log = Logger() protocolVersion = b"2.0" version = b"Twisted_" + twisted_version.encode("ascii") comment = b"" ourVersionString = ( b"SSH-" + protocolVersion + b"-" + version + b" " + comment ).strip() # L{None} is supported as cipher and hmac. For security they are disabled # by default. To enable them, subclass this class and add it, or do: # SSHTransportBase.supportedCiphers.append('none') # List ordered by preference. supportedCiphers = _getSupportedCiphers() supportedMACs = [ b"hmac-sha2-512", b"hmac-sha2-384", b"hmac-sha2-256", b"hmac-sha1", b"hmac-md5", # `none`, ] supportedKeyExchanges = _kex.getSupportedKeyExchanges() supportedPublicKeys = [] # Add the supported EC keys, and change the name from ecdh* to ecdsa* for eckey in supportedKeyExchanges: if eckey.find(b"ecdh") != -1: supportedPublicKeys += [eckey.replace(b"ecdh", b"ecdsa")] supportedPublicKeys += [b"ssh-rsa", b"ssh-dss"] if default_backend().ed25519_supported(): supportedPublicKeys.append(b"ssh-ed25519") supportedCompressions = [b"none", b"zlib"] supportedLanguages = () supportedVersions = (b"1.99", b"2.0") isClient = False gotVersion = False buf = b"" outgoingPacketSequence = 0 incomingPacketSequence = 0 outgoingCompression = None incomingCompression = None sessionID = None service = None # There is no key exchange activity in progress. _KEY_EXCHANGE_NONE = "_KEY_EXCHANGE_NONE" # Key exchange is in progress and we started it. _KEY_EXCHANGE_REQUESTED = "_KEY_EXCHANGE_REQUESTED" # Key exchange is in progress and both sides have sent KEXINIT messages. _KEY_EXCHANGE_PROGRESSING = "_KEY_EXCHANGE_PROGRESSING" # There is a fourth conceptual state not represented here: KEXINIT received # but not sent. Since we always send a KEXINIT as soon as we get it, we # can't ever be in that state. # The current key exchange state. _keyExchangeState = _KEY_EXCHANGE_NONE _blockedByKeyExchange = None # Added to key exchange algorithms by a client to indicate support for # extension negotiation. _EXT_INFO_C = b"ext-info-c" # Added to key exchange algorithms by a server to indicate support for # extension negotiation. _EXT_INFO_S = b"ext-info-s" _peerSupportsExtensions = False peerExtensions: Dict[bytes, bytes] = {} def connectionLost(self, reason): """ When the underlying connection is closed, stop the running service (if any), and log out the avatar (if any). @type reason: L{twisted.python.failure.Failure} @param reason: The cause of the connection being closed. """ if self.service: self.service.serviceStopped() if hasattr(self, "avatar"): self.logoutFunction() self._log.info("connection lost") def connectionMade(self): """ Called when the connection is made to the other side. We sent our version and the MSG_KEXINIT packet. """ self.transport.write(self.ourVersionString + b"\r\n") self.currentEncryptions = SSHCiphers(b"none", b"none", b"none", b"none") self.currentEncryptions.setKeys(b"", b"", b"", b"", b"", b"") self.sendKexInit() def sendKexInit(self): """ Send a I{KEXINIT} message to initiate key exchange or to respond to a key exchange initiated by the peer. @raise RuntimeError: If a key exchange has already been started and it is not appropriate to send a I{KEXINIT} message at this time. @return: L{None} """ if self._keyExchangeState != self._KEY_EXCHANGE_NONE: raise RuntimeError( "Cannot send KEXINIT while key exchange state is %r" % (self._keyExchangeState,) ) supportedKeyExchanges = list(self.supportedKeyExchanges) # Advertise extension negotiation (RFC 8308, section 2.1). At # present, the Conch client processes the "server-sig-algs" # extension (section 3.1), and the Conch server sends that but # ignores any extensions sent by the client, so strictly speaking at # the moment we only need to send this in the client case; however, # there's nothing to forbid the server from sending it as well, and # doing so makes things easier if it needs to process extensions # sent by clients in future. supportedKeyExchanges.append( self._EXT_INFO_C if self.isClient else self._EXT_INFO_S ) self.ourKexInitPayload = b"".join( [ bytes((MSG_KEXINIT,)), randbytes.secureRandom(16), NS(b",".join(supportedKeyExchanges)), NS(b",".join(self.supportedPublicKeys)), NS(b",".join(self.supportedCiphers)), NS(b",".join(self.supportedCiphers)), NS(b",".join(self.supportedMACs)), NS(b",".join(self.supportedMACs)), NS(b",".join(self.supportedCompressions)), NS(b",".join(self.supportedCompressions)), NS(b",".join(self.supportedLanguages)), NS(b",".join(self.supportedLanguages)), b"\000\000\000\000\000", ] ) self.sendPacket(MSG_KEXINIT, self.ourKexInitPayload[1:]) self._keyExchangeState = self._KEY_EXCHANGE_REQUESTED self._blockedByKeyExchange = [] def _allowedKeyExchangeMessageType(self, messageType): """ Determine if the given message type may be sent while key exchange is in progress. @param messageType: The type of message @type messageType: L{int} @return: C{True} if the given type of message may be sent while key exchange is in progress, C{False} if it may not. @rtype: L{bool} @see: U{http://tools.ietf.org/html/rfc4253#section-7.1} """ # Written somewhat peculularly to reflect the way the specification # defines the allowed message types. if 1 <= messageType <= 19: return messageType not in ( MSG_SERVICE_REQUEST, MSG_SERVICE_ACCEPT, MSG_EXT_INFO, ) if 20 <= messageType <= 29: return messageType not in (MSG_KEXINIT,) return 30 <= messageType <= 49 def sendPacket(self, messageType, payload): """ Sends a packet. If it's been set up, compress the data, encrypt it, and authenticate it before sending. If key exchange is in progress and the message is not part of key exchange, queue it to be sent later. @param messageType: The type of the packet; generally one of the MSG_* values. @type messageType: L{int} @param payload: The payload for the message. @type payload: L{str} """ if self._keyExchangeState != self._KEY_EXCHANGE_NONE: if not self._allowedKeyExchangeMessageType(messageType): self._blockedByKeyExchange.append((messageType, payload)) return payload = bytes((messageType,)) + payload if self.outgoingCompression: payload = self.outgoingCompression.compress( payload ) + self.outgoingCompression.flush(2) bs = self.currentEncryptions.encBlockSize # 4 for the packet length and 1 for the padding length totalSize = 5 + len(payload) lenPad = bs - (totalSize % bs) if lenPad < 4: lenPad = lenPad + bs packet = ( struct.pack("!LB", totalSize + lenPad - 4, lenPad) + payload + randbytes.secureRandom(lenPad) ) encPacket = self.currentEncryptions.encrypt( packet ) + self.currentEncryptions.makeMAC(self.outgoingPacketSequence, packet) self.transport.write(encPacket) self.outgoingPacketSequence += 1 def getPacket(self): """ Try to return a decrypted, authenticated, and decompressed packet out of the buffer. If there is not enough data, return None. @rtype: L{str} or L{None} @return: The decoded packet, if any. """ bs = self.currentEncryptions.decBlockSize ms = self.currentEncryptions.verifyDigestSize if len(self.buf) < bs: # Not enough data for a block return if not hasattr(self, "first"): first = self.currentEncryptions.decrypt(self.buf[:bs]) else: first = self.first del self.first packetLen, paddingLen = struct.unpack("!LB", first[:5]) if packetLen > 1048576: # 1024 ** 2 self.sendDisconnect( DISCONNECT_PROTOCOL_ERROR, networkString(f"bad packet length {packetLen}"), ) return if len(self.buf) < packetLen + 4 + ms: # Not enough data for a packet self.first = first return if (packetLen + 4) % bs != 0: self.sendDisconnect( DISCONNECT_PROTOCOL_ERROR, networkString( "bad packet mod (%i%%%i == %i)" % (packetLen + 4, bs, (packetLen + 4) % bs) ), ) return encData, self.buf = self.buf[: 4 + packetLen], self.buf[4 + packetLen :] packet = first + self.currentEncryptions.decrypt(encData[bs:]) if len(packet) != 4 + packetLen: self.sendDisconnect(DISCONNECT_PROTOCOL_ERROR, b"bad decryption") return if ms: macData, self.buf = self.buf[:ms], self.buf[ms:] if not self.currentEncryptions.verify( self.incomingPacketSequence, packet, macData ): self.sendDisconnect(DISCONNECT_MAC_ERROR, b"bad MAC") return payload = packet[5:-paddingLen] if self.incomingCompression: try: payload = self.incomingCompression.decompress(payload) except Exception: # Tolerate any errors in decompression self._log.failure("Error decompressing payload") self.sendDisconnect(DISCONNECT_COMPRESSION_ERROR, b"compression error") return self.incomingPacketSequence += 1 return payload def _unsupportedVersionReceived(self, remoteVersion): """ Called when an unsupported version of the ssh protocol is received from the remote endpoint. @param remoteVersion: remote ssh protocol version which is unsupported by us. @type remoteVersion: L{str} """ self.sendDisconnect( DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED, b"bad version " + remoteVersion ) def dataReceived(self, data): """ First, check for the version string (SSH-2.0-). After that has been received, this method adds data to the buffer, and pulls out any packets. @type data: L{bytes} @param data: The data that was received. """ self.buf = self.buf + data if not self.gotVersion: if len(self.buf) > 4096: self.sendDisconnect( DISCONNECT_CONNECTION_LOST, b"Peer version string longer than 4KB. " b"Preventing a denial of service attack.", ) return if self.buf.find(b"\n", self.buf.find(b"SSH-")) == -1: return # RFC 4253 section 4.2 ask for strict `\r\n` line ending. # Here we are a bit more relaxed and accept implementations ending # only in '\n'. # https://tools.ietf.org/html/rfc4253#section-4.2 lines = self.buf.split(b"\n") for p in lines: if p.startswith(b"SSH-"): self.gotVersion = True # Since the line was split on '\n' and most of the time # it uses '\r\n' we may get an extra '\r'. self.otherVersionString = p.rstrip(b"\r") remoteVersion = p.split(b"-")[1] if remoteVersion not in self.supportedVersions: self._unsupportedVersionReceived(remoteVersion) return i = lines.index(p) self.buf = b"\n".join(lines[i + 1 :]) packet = self.getPacket() while packet: messageNum = ord(packet[0:1]) self.dispatchMessage(messageNum, packet[1:]) packet = self.getPacket() def dispatchMessage(self, messageNum, payload): """ Send a received message to the appropriate method. @type messageNum: L{int} @param messageNum: The message number. @type payload: L{bytes} @param payload: The message payload. """ if messageNum < 50 and messageNum in messages: messageType = messages[messageNum][4:] f = getattr(self, f"ssh_{messageType}", None) if f is not None: f(payload) else: self._log.debug( "couldn't handle {messageType}: {payload!r}", messageType=messageType, payload=payload, ) self.sendUnimplemented() elif self.service: self.service.packetReceived(messageNum, payload) else: self._log.debug( "couldn't handle {messageNum}: {payload!r}", messageNum=messageNum, payload=payload, ) self.sendUnimplemented() def getPeer(self): """ Returns an L{SSHTransportAddress} corresponding to the other (peer) side of this transport. @return: L{SSHTransportAddress} for the peer @rtype: L{SSHTransportAddress} @since: 12.1 """ return address.SSHTransportAddress(self.transport.getPeer()) def getHost(self): """ Returns an L{SSHTransportAddress} corresponding to the this side of transport. @return: L{SSHTransportAddress} for the peer @rtype: L{SSHTransportAddress} @since: 12.1 """ return address.SSHTransportAddress(self.transport.getHost()) @property def kexAlg(self): """ The key exchange algorithm name agreed between client and server. """ return self._kexAlg @kexAlg.setter def kexAlg(self, value): """ Set the key exchange algorithm name. """ self._kexAlg = value # Client-initiated rekeying looks like this: # # C> MSG_KEXINIT # S> MSG_KEXINIT # C> MSG_KEX_DH_GEX_REQUEST or MSG_KEXDH_INIT # S> MSG_KEX_DH_GEX_GROUP or MSG_KEXDH_REPLY # C> MSG_KEX_DH_GEX_INIT or -- # S> MSG_KEX_DH_GEX_REPLY or -- # C> MSG_NEWKEYS # S> MSG_NEWKEYS # # Server-initiated rekeying is the same, only the first two messages are # switched. def ssh_KEXINIT(self, packet): """ Called when we receive a MSG_KEXINIT message. Payload:: bytes[16] cookie string keyExchangeAlgorithms string keyAlgorithms string incomingEncryptions string outgoingEncryptions string incomingAuthentications string outgoingAuthentications string incomingCompressions string outgoingCompressions string incomingLanguages string outgoingLanguages bool firstPacketFollows unit32 0 (reserved) Starts setting up the key exchange, keys, encryptions, and authentications. Extended by ssh_KEXINIT in SSHServerTransport and SSHClientTransport. @type packet: L{bytes} @param packet: The message data. @return: A L{tuple} of negotiated key exchange algorithms, key algorithms, and unhandled data, or L{None} if something went wrong. """ self.otherKexInitPayload = bytes((MSG_KEXINIT,)) + packet # This is useless to us: # cookie = packet[: 16] k = getNS(packet[16:], 10) strings, rest = k[:-1], k[-1] ( kexAlgs, keyAlgs, encCS, encSC, macCS, macSC, compCS, compSC, langCS, langSC, ) = (s.split(b",") for s in strings) # These are the server directions outs = [encSC, macSC, compSC] ins = [encCS, macCS, compCS] if self.isClient: outs, ins = ins, outs # Switch directions server = ( self.supportedKeyExchanges, self.supportedPublicKeys, self.supportedCiphers, self.supportedCiphers, self.supportedMACs, self.supportedMACs, self.supportedCompressions, self.supportedCompressions, ) client = (kexAlgs, keyAlgs, outs[0], ins[0], outs[1], ins[1], outs[2], ins[2]) if self.isClient: server, client = client, server self.kexAlg = ffs(client[0], server[0]) self.keyAlg = ffs(client[1], server[1]) self.nextEncryptions = SSHCiphers( ffs(client[2], server[2]), ffs(client[3], server[3]), ffs(client[4], server[4]), ffs(client[5], server[5]), ) self.outgoingCompressionType = ffs(client[6], server[6]) self.incomingCompressionType = ffs(client[7], server[7]) if ( None in ( self.kexAlg, self.keyAlg, self.outgoingCompressionType, self.incomingCompressionType, ) # We MUST disconnect if an extension negotiation indication ends # up being negotiated as a key exchange method (RFC 8308, # section 2.2). or self.kexAlg in (self._EXT_INFO_C, self._EXT_INFO_S) ): self.sendDisconnect( DISCONNECT_KEY_EXCHANGE_FAILED, b"couldn't match all kex parts" ) return if None in self.nextEncryptions.__dict__.values(): self.sendDisconnect( DISCONNECT_KEY_EXCHANGE_FAILED, b"couldn't match all kex parts" ) return self._peerSupportsExtensions = ( self._EXT_INFO_S if self.isClient else self._EXT_INFO_C ) in kexAlgs self._log.debug( "kex alg={kexAlg!r} key alg={keyAlg!r}", kexAlg=self.kexAlg, keyAlg=self.keyAlg, ) self._log.debug( "outgoing: {cip!r} {mac!r} {compression!r}", cip=self.nextEncryptions.outCipType, mac=self.nextEncryptions.outMACType, compression=self.outgoingCompressionType, ) self._log.debug( "incoming: {cip!r} {mac!r} {compression!r}", cip=self.nextEncryptions.inCipType, mac=self.nextEncryptions.inMACType, compression=self.incomingCompressionType, ) if self._keyExchangeState == self._KEY_EXCHANGE_REQUESTED: self._keyExchangeState = self._KEY_EXCHANGE_PROGRESSING else: self.sendKexInit() return kexAlgs, keyAlgs, rest # For SSHServerTransport to use def ssh_DISCONNECT(self, packet): """ Called when we receive a MSG_DISCONNECT message. Payload:: long code string description This means that the other side has disconnected. Pass the message up and disconnect ourselves. @type packet: L{bytes} @param packet: The message data. """ reasonCode = struct.unpack(">L", packet[:4])[0] description, foo = getNS(packet[4:]) self.receiveError(reasonCode, description) self.transport.loseConnection() def ssh_IGNORE(self, packet): """ Called when we receive a MSG_IGNORE message. No payload. This means nothing; we simply return. @type packet: L{bytes} @param packet: The message data. """ def ssh_UNIMPLEMENTED(self, packet): """ Called when we receive a MSG_UNIMPLEMENTED message. Payload:: long packet This means that the other side did not implement one of our packets. @type packet: L{bytes} @param packet: The message data. """ (seqnum,) = struct.unpack(">L", packet) self.receiveUnimplemented(seqnum) def ssh_DEBUG(self, packet): """ Called when we receive a MSG_DEBUG message. Payload:: bool alwaysDisplay string message string language This means the other side has passed along some debugging info. @type packet: L{bytes} @param packet: The message data. """ alwaysDisplay = bool(ord(packet[0:1])) message, lang, foo = getNS(packet[1:], 2) self.receiveDebug(alwaysDisplay, message, lang) def ssh_EXT_INFO(self, packet): """ Called when we get a MSG_EXT_INFO message. Payload:: uint32 nr-extensions repeat the following 2 fields "nr-extensions" times: string extension-name string extension-value (binary) @type packet: L{bytes} @param packet: The message data. """ (numExtensions,) = struct.unpack(">L", packet[:4]) packet = packet[4:] extensions = {} for _ in range(numExtensions): extName, extValue, packet = getNS(packet, 2) extensions[extName] = extValue self.peerExtensions = extensions def setService(self, service): """ Set our service to service and start it running. If we were running a service previously, stop it first. @type service: C{SSHService} @param service: The service to attach. """ self._log.debug("starting service {service!r}", service=service.name) if self.service: self.service.serviceStopped() self.service = service service.transport = self self.service.serviceStarted() def sendDebug(self, message, alwaysDisplay=False, language=b""): """ Send a debug message to the other side. @param message: the message to send. @type message: L{str} @param alwaysDisplay: if True, tell the other side to always display this message. @type alwaysDisplay: L{bool} @param language: optionally, the language the message is in. @type language: L{str} """ self.sendPacket( MSG_DEBUG, (b"\1" if alwaysDisplay else b"\0") + NS(message) + NS(language) ) def sendIgnore(self, message): """ Send a message that will be ignored by the other side. This is useful to fool attacks based on guessing packet sizes in the encrypted stream. @param message: data to send with the message @type message: L{str} """ self.sendPacket(MSG_IGNORE, NS(message)) def sendUnimplemented(self): """ Send a message to the other side that the last packet was not understood. """ seqnum = self.incomingPacketSequence self.sendPacket(MSG_UNIMPLEMENTED, struct.pack("!L", seqnum)) def sendDisconnect(self, reason, desc): """ Send a disconnect message to the other side and then disconnect. @param reason: the reason for the disconnect. Should be one of the DISCONNECT_ values. @type reason: L{int} @param desc: a descrption of the reason for the disconnection. @type desc: L{str} """ self.sendPacket(MSG_DISCONNECT, struct.pack(">L", reason) + NS(desc) + NS(b"")) self._log.info( "Disconnecting with error, code {code}\nreason: {description}", code=reason, description=desc, ) self.transport.loseConnection() def sendExtInfo(self, extensions): """ Send an RFC 8308 extension advertisement to the remote peer. Nothing is sent if the peer doesn't support negotiations. @type extensions: L{list} of (L{bytes}, L{bytes}) @param extensions: a list of (extension-name, extension-value) pairs. """ if self._peerSupportsExtensions: payload = b"".join( [struct.pack(">L", len(extensions))] + [NS(name) + NS(value) for name, value in extensions] ) self.sendPacket(MSG_EXT_INFO, payload) def _startEphemeralDH(self): """ Prepares for a Diffie-Hellman key agreement exchange. Creates an ephemeral keypair in the group defined by (self.g, self.p) and stores it. """ numbers = dh.DHParameterNumbers(self.p, self.g) parameters = numbers.parameters(default_backend()) self.dhSecretKey = parameters.generate_private_key() y = self.dhSecretKey.public_key().public_numbers().y self.dhSecretKeyPublicMP = MP(y) def _finishEphemeralDH(self, remoteDHpublicKey): """ Completes the Diffie-Hellman key agreement started by _startEphemeralDH, and forgets the ephemeral secret key. @type remoteDHpublicKey: L{int} @rtype: L{bytes} @return: The new shared secret, in SSH C{mpint} format. """ remoteKey = dh.DHPublicNumbers( remoteDHpublicKey, dh.DHParameterNumbers(self.p, self.g) ).public_key(default_backend()) secret = self.dhSecretKey.exchange(remoteKey) del self.dhSecretKey # The result of a Diffie-Hellman exchange is an integer, but # the Cryptography module returns it as bytes in a form that # is only vaguely documented. We fix it up to match the SSH # MP-integer format as described in RFC4251. secret = secret.lstrip(b"\x00") ch = ord(secret[0:1]) if ch & 0x80: # High bit set? # Make room for the sign bit prefix = struct.pack(">L", len(secret) + 1) + b"\x00" else: prefix = struct.pack(">L", len(secret)) return prefix + secret def _getKey(self, c, sharedSecret, exchangeHash): """ Get one of the keys for authentication/encryption. @type c: L{bytes} @param c: The letter identifying which key this is. @type sharedSecret: L{bytes} @param sharedSecret: The shared secret K. @type exchangeHash: L{bytes} @param exchangeHash: The hash H from key exchange. @rtype: L{bytes} @return: The derived key. """ hashProcessor = _kex.getHashProcessor(self.kexAlg) k1 = hashProcessor(sharedSecret + exchangeHash + c + self.sessionID) k1 = k1.digest() k2 = hashProcessor(sharedSecret + exchangeHash + k1).digest() k3 = hashProcessor(sharedSecret + exchangeHash + k1 + k2).digest() k4 = hashProcessor(sharedSecret + exchangeHash + k1 + k2 + k3).digest() return k1 + k2 + k3 + k4 def _keySetup(self, sharedSecret, exchangeHash): """ Set up the keys for the connection and sends MSG_NEWKEYS when finished, @param sharedSecret: a secret string agreed upon using a Diffie- Hellman exchange, so it is only shared between the server and the client. @type sharedSecret: L{str} @param exchangeHash: A hash of various data known by both sides. @type exchangeHash: L{str} """ if not self.sessionID: self.sessionID = exchangeHash initIVCS = self._getKey(b"A", sharedSecret, exchangeHash) initIVSC = self._getKey(b"B", sharedSecret, exchangeHash) encKeyCS = self._getKey(b"C", sharedSecret, exchangeHash) encKeySC = self._getKey(b"D", sharedSecret, exchangeHash) integKeyCS = self._getKey(b"E", sharedSecret, exchangeHash) integKeySC = self._getKey(b"F", sharedSecret, exchangeHash) outs = [initIVSC, encKeySC, integKeySC] ins = [initIVCS, encKeyCS, integKeyCS] if self.isClient: # Reverse for the client outs, ins = ins, outs self.nextEncryptions.setKeys(outs[0], outs[1], ins[0], ins[1], outs[2], ins[2]) self.sendPacket(MSG_NEWKEYS, b"") def _newKeys(self): """ Called back by a subclass once a I{MSG_NEWKEYS} message has been received. This indicates key exchange has completed and new encryption and compression parameters should be adopted. Any messages which were queued during key exchange will also be flushed. """ self._log.debug("NEW KEYS") self.currentEncryptions = self.nextEncryptions if self.outgoingCompressionType == b"zlib": self.outgoingCompression = zlib.compressobj(6) if self.incomingCompressionType == b"zlib": self.incomingCompression = zlib.decompressobj() self._keyExchangeState = self._KEY_EXCHANGE_NONE messages = self._blockedByKeyExchange self._blockedByKeyExchange = None for (messageType, payload) in messages: self.sendPacket(messageType, payload) def isEncrypted(self, direction="out"): """ Check if the connection is encrypted in the given direction. @type direction: L{str} @param direction: The direction: one of 'out', 'in', or 'both'. @rtype: L{bool} @return: C{True} if it is encrypted. """ if direction == "out": return self.currentEncryptions.outCipType != b"none" elif direction == "in": return self.currentEncryptions.inCipType != b"none" elif direction == "both": return self.isEncrypted("in") and self.isEncrypted("out") else: raise TypeError('direction must be "out", "in", or "both"') def isVerified(self, direction="out"): """ Check if the connection is verified/authentication in the given direction. @type direction: L{str} @param direction: The direction: one of 'out', 'in', or 'both'. @rtype: L{bool} @return: C{True} if it is verified. """ if direction == "out": return self.currentEncryptions.outMACType != b"none" elif direction == "in": return self.currentEncryptions.inMACType != b"none" elif direction == "both": return self.isVerified("in") and self.isVerified("out") else: raise TypeError('direction must be "out", "in", or "both"') def loseConnection(self): """ Lose the connection to the other side, sending a DISCONNECT_CONNECTION_LOST message. """ self.sendDisconnect(DISCONNECT_CONNECTION_LOST, b"user closed connection") # Client methods def receiveError(self, reasonCode, description): """ Called when we receive a disconnect error message from the other side. @param reasonCode: the reason for the disconnect, one of the DISCONNECT_ values. @type reasonCode: L{int} @param description: a human-readable description of the disconnection. @type description: L{str} """ self._log.error( "Got remote error, code {code}\nreason: {description}", code=reasonCode, description=description, ) def receiveUnimplemented(self, seqnum): """ Called when we receive an unimplemented packet message from the other side. @param seqnum: the sequence number that was not understood. @type seqnum: L{int} """ self._log.warn("other side unimplemented packet #{seqnum}", seqnum=seqnum) def receiveDebug(self, alwaysDisplay, message, lang): """ Called when we receive a debug message from the other side. @param alwaysDisplay: if True, this message should always be displayed. @type alwaysDisplay: L{bool} @param message: the debug message @type message: L{str} @param lang: optionally the language the message is in. @type lang: L{str} """ if alwaysDisplay: self._log.debug("Remote Debug Message: {message}", message=message) def _generateECPrivateKey(self): """ Generate an private key for ECDH key exchange. @rtype: The appropriate private key type matching C{self.kexAlg}: L{ec.EllipticCurvePrivateKey} for C{ecdh-sha2-nistp}, or L{x25519.X25519PrivateKey} for C{curve25519-sha256}. @return: The generated private key. """ if self.kexAlg.startswith(b"ecdh-sha2-nistp"): try: curve = keys._curveTable[b"ecdsa" + self.kexAlg[4:]] except KeyError: raise UnsupportedAlgorithm("unused-key") return ec.generate_private_key(curve, default_backend()) elif self.kexAlg in (b"curve25519-sha256", b"curve25519-sha256@libssh.org"): return x25519.X25519PrivateKey.generate() else: raise UnsupportedAlgorithm( "Cannot generate elliptic curve private key for {!r}".format( self.kexAlg ) ) def _encodeECPublicKey(self, ecPub): """ Encode an elliptic curve public key to bytes. @type ecPub: The appropriate public key type matching C{self.kexAlg}: L{ec.EllipticCurvePublicKey} for C{ecdh-sha2-nistp}, or L{x25519.X25519PublicKey} for C{curve25519-sha256}. @param ecPub: The public key to encode. @rtype: L{bytes} @return: The encoded public key. """ if self.kexAlg.startswith(b"ecdh-sha2-nistp"): return ecPub.public_bytes( serialization.Encoding.X962, serialization.PublicFormat.UncompressedPoint, ) elif self.kexAlg in (b"curve25519-sha256", b"curve25519-sha256@libssh.org"): return ecPub.public_bytes( serialization.Encoding.Raw, serialization.PublicFormat.Raw ) else: raise UnsupportedAlgorithm( f"Cannot encode elliptic curve public key for {self.kexAlg!r}" ) def _generateECSharedSecret(self, ecPriv, theirECPubBytes): """ Generate a shared secret for ECDH key exchange. @type ecPriv: The appropriate private key type matching C{self.kexAlg}: L{ec.EllipticCurvePrivateKey} for C{ecdh-sha2-nistp}, or L{x25519.X25519PrivateKey} for C{curve25519-sha256}. @param ecPriv: Our private key. @rtype: L{bytes} @return: The generated shared secret, as an SSH multiple-precision integer. """ if self.kexAlg.startswith(b"ecdh-sha2-nistp"): try: curve = keys._curveTable[b"ecdsa" + self.kexAlg[4:]] except KeyError: raise UnsupportedAlgorithm("unused-key") theirECPub = ec.EllipticCurvePublicKey.from_encoded_point( curve, theirECPubBytes ) sharedSecret = ecPriv.exchange(ec.ECDH(), theirECPub) elif self.kexAlg in (b"curve25519-sha256", b"curve25519-sha256@libssh.org"): theirECPub = x25519.X25519PublicKey.from_public_bytes(theirECPubBytes) sharedSecret = ecPriv.exchange(theirECPub) else: raise UnsupportedAlgorithm( "Cannot generate elliptic curve shared secret for {!r}".format( self.kexAlg ) ) return _mpFromBytes(sharedSecret) class SSHServerTransport(SSHTransportBase): """ SSHServerTransport implements the server side of the SSH protocol. @ivar isClient: since we are never the client, this is always False. @ivar ignoreNextPacket: if True, ignore the next key exchange packet. This is set when the client sends a guessed key exchange packet but with an incorrect guess. @ivar dhGexRequest: the KEX_DH_GEX_REQUEST(_OLD) that the client sent. The key generation needs this to be stored. @ivar g: the Diffie-Hellman group generator. @ivar p: the Diffie-Hellman group prime. """ isClient = False ignoreNextPacket = 0 def ssh_KEXINIT(self, packet): """ Called when we receive a MSG_KEXINIT message. For a description of the packet, see SSHTransportBase.ssh_KEXINIT(). Additionally, this method checks if a guessed key exchange packet was sent. If it was sent, and it guessed incorrectly, the next key exchange packet MUST be ignored. """ retval = SSHTransportBase.ssh_KEXINIT(self, packet) if not retval: # Disconnected return else: kexAlgs, keyAlgs, rest = retval if ord(rest[0:1]): # Flag first_kex_packet_follows? if ( kexAlgs[0] != self.supportedKeyExchanges[0] or keyAlgs[0] != self.supportedPublicKeys[0] ): self.ignoreNextPacket = True # Guess was wrong def _ssh_KEX_ECDH_INIT(self, packet): """ Called from L{ssh_KEX_DH_GEX_REQUEST_OLD} to handle elliptic curve key exchanges. Payload:: string client Elliptic Curve Diffie-Hellman public key Just like L{_ssh_KEXDH_INIT} this message type is also not dispatched directly. Extra check to determine if this is really KEX_ECDH_INIT is required. First we load the host's public/private keys. Then we generate the ECDH public/private keypair for the given curve. With that we generate the shared secret key. Then we compute the hash to sign and send back to the client Along with the server's public key and the ECDH public key. @type packet: L{bytes} @param packet: The message data. @return: None. """ # Get the raw client public key. pktPub, packet = getNS(packet) # Get the host's public and private keys pubHostKey = self.factory.publicKeys[self.keyAlg] privHostKey = self.factory.privateKeys[self.keyAlg] # Generate the private key ecPriv = self._generateECPrivateKey() # Get the public key self.ecPub = ecPriv.public_key() encPub = self._encodeECPublicKey(self.ecPub) # Generate the shared secret sharedSecret = self._generateECSharedSecret(ecPriv, pktPub) # Finish update and digest h = _kex.getHashProcessor(self.kexAlg)() h.update(NS(self.otherVersionString)) h.update(NS(self.ourVersionString)) h.update(NS(self.otherKexInitPayload)) h.update(NS(self.ourKexInitPayload)) h.update(NS(pubHostKey.blob())) h.update(NS(pktPub)) h.update(NS(encPub)) h.update(sharedSecret) exchangeHash = h.digest() self.sendPacket( MSG_KEXDH_REPLY, NS(pubHostKey.blob()) + NS(encPub) + NS(privHostKey.sign(exchangeHash)), ) self._keySetup(sharedSecret, exchangeHash) def _ssh_KEXDH_INIT(self, packet): """ Called to handle the beginning of a non-group key exchange. Unlike other message types, this is not dispatched automatically. It is called from C{ssh_KEX_DH_GEX_REQUEST_OLD} because an extra check is required to determine if this is really a KEXDH_INIT message or if it is a KEX_DH_GEX_REQUEST_OLD message. The KEXDH_INIT payload:: integer e (the client's Diffie-Hellman public key) We send the KEXDH_REPLY with our host key and signature. @type packet: L{bytes} @param packet: The message data. """ clientDHpublicKey, foo = getMP(packet) self.g, self.p = _kex.getDHGeneratorAndPrime(self.kexAlg) self._startEphemeralDH() sharedSecret = self._finishEphemeralDH(clientDHpublicKey) h = _kex.getHashProcessor(self.kexAlg)() h.update(NS(self.otherVersionString)) h.update(NS(self.ourVersionString)) h.update(NS(self.otherKexInitPayload)) h.update(NS(self.ourKexInitPayload)) h.update(NS(self.factory.publicKeys[self.keyAlg].blob())) h.update(MP(clientDHpublicKey)) h.update(self.dhSecretKeyPublicMP) h.update(sharedSecret) exchangeHash = h.digest() self.sendPacket( MSG_KEXDH_REPLY, NS(self.factory.publicKeys[self.keyAlg].blob()) + self.dhSecretKeyPublicMP + NS(self.factory.privateKeys[self.keyAlg].sign(exchangeHash)), ) self._keySetup(sharedSecret, exchangeHash) def ssh_KEX_DH_GEX_REQUEST_OLD(self, packet): """ This represents different key exchange methods that share the same integer value. If the message is determined to be a KEXDH_INIT, L{_ssh_KEXDH_INIT} is called to handle it. If it is a KEX_ECDH_INIT, L{_ssh_KEX_ECDH_INIT} is called. Otherwise, for KEX_DH_GEX_REQUEST_OLD payload:: integer ideal (ideal size for the Diffie-Hellman prime) We send the KEX_DH_GEX_GROUP message with the group that is closest in size to ideal. If we were told to ignore the next key exchange packet by ssh_KEXINIT, drop it on the floor and return. @type packet: L{bytes} @param packet: The message data. """ if self.ignoreNextPacket: self.ignoreNextPacket = 0 return # KEXDH_INIT, KEX_ECDH_INIT, and KEX_DH_GEX_REQUEST_OLD # have the same value, so use another cue # to decide what kind of message the peer sent us. if _kex.isFixedGroup(self.kexAlg): return self._ssh_KEXDH_INIT(packet) elif _kex.isEllipticCurve(self.kexAlg): return self._ssh_KEX_ECDH_INIT(packet) else: self.dhGexRequest = packet ideal = struct.unpack(">L", packet)[0] self.g, self.p = self.factory.getDHPrime(ideal) self._startEphemeralDH() self.sendPacket(MSG_KEX_DH_GEX_GROUP, MP(self.p) + MP(self.g)) def ssh_KEX_DH_GEX_REQUEST(self, packet): """ Called when we receive a MSG_KEX_DH_GEX_REQUEST message. Payload:: integer minimum integer ideal integer maximum The client is asking for a Diffie-Hellman group between minimum and maximum size, and close to ideal if possible. We reply with a MSG_KEX_DH_GEX_GROUP message. If we were told to ignore the next key exchange packet by ssh_KEXINIT, drop it on the floor and return. @type packet: L{bytes} @param packet: The message data. """ if self.ignoreNextPacket: self.ignoreNextPacket = 0 return self.dhGexRequest = packet min, ideal, max = struct.unpack(">3L", packet) self.g, self.p = self.factory.getDHPrime(ideal) self._startEphemeralDH() self.sendPacket(MSG_KEX_DH_GEX_GROUP, MP(self.p) + MP(self.g)) def ssh_KEX_DH_GEX_INIT(self, packet): """ Called when we get a MSG_KEX_DH_GEX_INIT message. Payload:: integer e (client DH public key) We send the MSG_KEX_DH_GEX_REPLY message with our host key and signature. @type packet: L{bytes} @param packet: The message data. """ clientDHpublicKey, foo = getMP(packet) # TODO: we should also look at the value they send to us and reject # insecure values of f (if g==2 and f has a single '1' bit while the # rest are '0's, then they must have used a small y also). # TODO: This could be computed when self.p is set up # or do as openssh does and scan f for a single '1' bit instead sharedSecret = self._finishEphemeralDH(clientDHpublicKey) h = _kex.getHashProcessor(self.kexAlg)() h.update(NS(self.otherVersionString)) h.update(NS(self.ourVersionString)) h.update(NS(self.otherKexInitPayload)) h.update(NS(self.ourKexInitPayload)) h.update(NS(self.factory.publicKeys[self.keyAlg].blob())) h.update(self.dhGexRequest) h.update(MP(self.p)) h.update(MP(self.g)) h.update(MP(clientDHpublicKey)) h.update(self.dhSecretKeyPublicMP) h.update(sharedSecret) exchangeHash = h.digest() self.sendPacket( MSG_KEX_DH_GEX_REPLY, NS(self.factory.publicKeys[self.keyAlg].blob()) + self.dhSecretKeyPublicMP + NS(self.factory.privateKeys[self.keyAlg].sign(exchangeHash)), ) self._keySetup(sharedSecret, exchangeHash) def _keySetup(self, sharedSecret, exchangeHash): """ See SSHTransportBase._keySetup(). """ firstKey = self.sessionID is None SSHTransportBase._keySetup(self, sharedSecret, exchangeHash) # RFC 8308 section 2.4 says that the server MAY send EXT_INFO at # zero, one, or both of the following opportunities: the next packet # following the server's first MSG_NEWKEYS, or immediately preceding # the server's MSG_USERAUTH_SUCCESS. We have no need for the # latter, so make sure we only send it in the former case. if firstKey: self.sendExtInfo( [(b"server-sig-algs", b",".join(self.supportedPublicKeys))] ) def ssh_NEWKEYS(self, packet): """ Called when we get a MSG_NEWKEYS message. No payload. When we get this, the keys have been set on both sides, and we start using them to encrypt and authenticate the connection. @type packet: L{bytes} @param packet: The message data. """ if packet != b"": self.sendDisconnect(DISCONNECT_PROTOCOL_ERROR, b"NEWKEYS takes no data") return self._newKeys() def ssh_SERVICE_REQUEST(self, packet): """ Called when we get a MSG_SERVICE_REQUEST message. Payload:: string serviceName The client has requested a service. If we can start the service, start it; otherwise, disconnect with DISCONNECT_SERVICE_NOT_AVAILABLE. @type packet: L{bytes} @param packet: The message data. """ service, rest = getNS(packet) cls = self.factory.getService(self, service) if not cls: self.sendDisconnect( DISCONNECT_SERVICE_NOT_AVAILABLE, b"don't have service " + service ) return else: self.sendPacket(MSG_SERVICE_ACCEPT, NS(service)) self.setService(cls()) class SSHClientTransport(SSHTransportBase): """ SSHClientTransport implements the client side of the SSH protocol. @ivar isClient: since we are always the client, this is always True. @ivar _gotNewKeys: if we receive a MSG_NEWKEYS message before we are ready to transition to the new keys, this is set to True so we can transition when the keys are ready locally. @ivar x: our Diffie-Hellman private key. @ivar e: our Diffie-Hellman public key. @ivar g: the Diffie-Hellman group generator. @ivar p: the Diffie-Hellman group prime @ivar instance: the SSHService object we are requesting. @ivar _dhMinimalGroupSize: Minimal acceptable group size advertised by the client in MSG_KEX_DH_GEX_REQUEST. @type _dhMinimalGroupSize: int @ivar _dhMaximalGroupSize: Maximal acceptable group size advertised by the client in MSG_KEX_DH_GEX_REQUEST. @type _dhMaximalGroupSize: int @ivar _dhPreferredGroupSize: Preferred group size advertised by the client in MSG_KEX_DH_GEX_REQUEST. @type _dhPreferredGroupSize: int """ isClient = True # Recommended minimal and maximal values from RFC 4419, 3. _dhMinimalGroupSize = 1024 _dhMaximalGroupSize = 8192 # FIXME: https://twistedmatrix.com/trac/ticket/8103 # This may need to be more dynamic; compare kexgex_client in # OpenSSH. _dhPreferredGroupSize = 2048 def connectionMade(self): """ Called when the connection is started with the server. Just sets up a private instance variable. """ SSHTransportBase.connectionMade(self) self._gotNewKeys = 0 def ssh_KEXINIT(self, packet): """ Called when we receive a MSG_KEXINIT message. For a description of the packet, see SSHTransportBase.ssh_KEXINIT(). Additionally, this method sends the first key exchange packet. If the agreed-upon exchange is ECDH, generate a key pair for the corresponding curve and send the public key. If the agreed-upon exchange has a fixed prime/generator group, generate a public key and send it in a MSG_KEXDH_INIT message. Otherwise, ask for a 2048 bit group with a MSG_KEX_DH_GEX_REQUEST message. """ if SSHTransportBase.ssh_KEXINIT(self, packet) is None: # Connection was disconnected while doing base processing. # Maybe no common protocols were agreed. return # Are we using ECDH? if _kex.isEllipticCurve(self.kexAlg): # Generate the keys self.ecPriv = self._generateECPrivateKey() self.ecPub = self.ecPriv.public_key() # DH_GEX_REQUEST_OLD is the same number we need. self.sendPacket( MSG_KEX_DH_GEX_REQUEST_OLD, NS(self._encodeECPublicKey(self.ecPub)) ) elif _kex.isFixedGroup(self.kexAlg): # We agreed on a fixed group key exchange algorithm. self.g, self.p = _kex.getDHGeneratorAndPrime(self.kexAlg) self._startEphemeralDH() self.sendPacket(MSG_KEXDH_INIT, self.dhSecretKeyPublicMP) else: # We agreed on a dynamic group. Tell the server what range of # group sizes we accept, and what size we prefer; the server # will then select a group. self.sendPacket( MSG_KEX_DH_GEX_REQUEST, struct.pack( "!LLL", self._dhMinimalGroupSize, self._dhPreferredGroupSize, self._dhMaximalGroupSize, ), ) def _ssh_KEX_ECDH_REPLY(self, packet): """ Called to handle a reply to a ECDH exchange message(KEX_ECDH_INIT). Like the handler for I{KEXDH_INIT}, this message type has an overlapping value. This method is called from C{ssh_KEX_DH_GEX_GROUP} if that method detects a non-group key exchange is in progress. Payload:: string serverHostKey string server Elliptic Curve Diffie-Hellman public key string signature We verify the host key and continue if it passes verificiation. Otherwise raise an exception and return. @type packet: L{bytes} @param packet: The message data. @return: A deferred firing when key exchange is complete. """ def _continue_KEX_ECDH_REPLY(ignored, hostKey, pubKey, signature): # Save off the host public key. theirECHost = hostKey sharedSecret = self._generateECSharedSecret(self.ecPriv, pubKey) h = _kex.getHashProcessor(self.kexAlg)() h.update(NS(self.ourVersionString)) h.update(NS(self.otherVersionString)) h.update(NS(self.ourKexInitPayload)) h.update(NS(self.otherKexInitPayload)) h.update(NS(theirECHost)) h.update(NS(self._encodeECPublicKey(self.ecPub))) h.update(NS(pubKey)) h.update(sharedSecret) exchangeHash = h.digest() if not keys.Key.fromString(theirECHost).verify(signature, exchangeHash): self.sendDisconnect(DISCONNECT_KEY_EXCHANGE_FAILED, b"bad signature") else: self._keySetup(sharedSecret, exchangeHash) # Get the host public key, # the raw ECDH public key bytes and the signature hostKey, pubKey, signature, packet = getNS(packet, 3) # Easier to comment this out for now than to update all of the tests. # fingerprint = nativeString(base64.b64encode( # sha256(hostKey).digest())) fingerprint = b":".join( [binascii.hexlify(ch) for ch in iterbytes(md5(hostKey).digest())] ) d = self.verifyHostKey(hostKey, fingerprint) d.addCallback(_continue_KEX_ECDH_REPLY, hostKey, pubKey, signature) d.addErrback( lambda unused: self.sendDisconnect( DISCONNECT_HOST_KEY_NOT_VERIFIABLE, b"bad host key" ) ) return d def _ssh_KEXDH_REPLY(self, packet): """ Called to handle a reply to a non-group key exchange message (KEXDH_INIT). Like the handler for I{KEXDH_INIT}, this message type has an overlapping value. This method is called from C{ssh_KEX_DH_GEX_GROUP} if that method detects a non-group key exchange is in progress. Payload:: string serverHostKey integer f (server Diffie-Hellman public key) string signature We verify the host key by calling verifyHostKey, then continue in _continueKEXDH_REPLY. @type packet: L{bytes} @param packet: The message data. @return: A deferred firing when key exchange is complete. """ pubKey, packet = getNS(packet) f, packet = getMP(packet) signature, packet = getNS(packet) fingerprint = b":".join( [binascii.hexlify(ch) for ch in iterbytes(md5(pubKey).digest())] ) d = self.verifyHostKey(pubKey, fingerprint) d.addCallback(self._continueKEXDH_REPLY, pubKey, f, signature) d.addErrback( lambda unused: self.sendDisconnect( DISCONNECT_HOST_KEY_NOT_VERIFIABLE, b"bad host key" ) ) return d def ssh_KEX_DH_GEX_GROUP(self, packet): """ This handles different messages which share an integer value. If the key exchange does not have a fixed prime/generator group, we generate a Diffie-Hellman public key and send it in a MSG_KEX_DH_GEX_INIT message. Payload:: string g (group generator) string p (group prime) @type packet: L{bytes} @param packet: The message data. """ if _kex.isFixedGroup(self.kexAlg): return self._ssh_KEXDH_REPLY(packet) elif _kex.isEllipticCurve(self.kexAlg): return self._ssh_KEX_ECDH_REPLY(packet) else: self.p, rest = getMP(packet) self.g, rest = getMP(rest) self._startEphemeralDH() self.sendPacket(MSG_KEX_DH_GEX_INIT, self.dhSecretKeyPublicMP) def _continueKEXDH_REPLY(self, ignored, pubKey, f, signature): """ The host key has been verified, so we generate the keys. @param ignored: Ignored. @param pubKey: the public key blob for the server's public key. @type pubKey: L{str} @param f: the server's Diffie-Hellman public key. @type f: L{int} @param signature: the server's signature, verifying that it has the correct private key. @type signature: L{str} """ serverKey = keys.Key.fromString(pubKey) sharedSecret = self._finishEphemeralDH(f) h = _kex.getHashProcessor(self.kexAlg)() h.update(NS(self.ourVersionString)) h.update(NS(self.otherVersionString)) h.update(NS(self.ourKexInitPayload)) h.update(NS(self.otherKexInitPayload)) h.update(NS(pubKey)) h.update(self.dhSecretKeyPublicMP) h.update(MP(f)) h.update(sharedSecret) exchangeHash = h.digest() if not serverKey.verify(signature, exchangeHash): self.sendDisconnect(DISCONNECT_KEY_EXCHANGE_FAILED, b"bad signature") return self._keySetup(sharedSecret, exchangeHash) def ssh_KEX_DH_GEX_REPLY(self, packet): """ Called when we receive a MSG_KEX_DH_GEX_REPLY message. Payload:: string server host key integer f (server DH public key) We verify the host key by calling verifyHostKey, then continue in _continueGEX_REPLY. @type packet: L{bytes} @param packet: The message data. @return: A deferred firing once key exchange is complete. """ pubKey, packet = getNS(packet) f, packet = getMP(packet) signature, packet = getNS(packet) fingerprint = b":".join( [binascii.hexlify(c) for c in iterbytes(md5(pubKey).digest())] ) d = self.verifyHostKey(pubKey, fingerprint) d.addCallback(self._continueGEX_REPLY, pubKey, f, signature) d.addErrback( lambda unused: self.sendDisconnect( DISCONNECT_HOST_KEY_NOT_VERIFIABLE, b"bad host key" ) ) return d def _continueGEX_REPLY(self, ignored, pubKey, f, signature): """ The host key has been verified, so we generate the keys. @param ignored: Ignored. @param pubKey: the public key blob for the server's public key. @type pubKey: L{str} @param f: the server's Diffie-Hellman public key. @type f: L{int} @param signature: the server's signature, verifying that it has the correct private key. @type signature: L{str} """ serverKey = keys.Key.fromString(pubKey) sharedSecret = self._finishEphemeralDH(f) h = _kex.getHashProcessor(self.kexAlg)() h.update(NS(self.ourVersionString)) h.update(NS(self.otherVersionString)) h.update(NS(self.ourKexInitPayload)) h.update(NS(self.otherKexInitPayload)) h.update(NS(pubKey)) h.update( struct.pack( "!LLL", self._dhMinimalGroupSize, self._dhPreferredGroupSize, self._dhMaximalGroupSize, ) ) h.update(MP(self.p)) h.update(MP(self.g)) h.update(self.dhSecretKeyPublicMP) h.update(MP(f)) h.update(sharedSecret) exchangeHash = h.digest() if not serverKey.verify(signature, exchangeHash): self.sendDisconnect(DISCONNECT_KEY_EXCHANGE_FAILED, b"bad signature") return self._keySetup(sharedSecret, exchangeHash) def _keySetup(self, sharedSecret, exchangeHash): """ See SSHTransportBase._keySetup(). """ SSHTransportBase._keySetup(self, sharedSecret, exchangeHash) if self._gotNewKeys: self.ssh_NEWKEYS(b"") def ssh_NEWKEYS(self, packet): """ Called when we receive a MSG_NEWKEYS message. No payload. If we've finished setting up our own keys, start using them. Otherwise, remember that we've received this message. @type packet: L{bytes} @param packet: The message data. """ if packet != b"": self.sendDisconnect(DISCONNECT_PROTOCOL_ERROR, b"NEWKEYS takes no data") return if not self.nextEncryptions.encBlockSize: self._gotNewKeys = 1 return self._newKeys() self.connectionSecure() def ssh_SERVICE_ACCEPT(self, packet): """ Called when we receive a MSG_SERVICE_ACCEPT message. Payload:: string service name Start the service we requested. @type packet: L{bytes} @param packet: The message data. """ if packet == b"": self._log.info("got SERVICE_ACCEPT without payload") else: name = getNS(packet)[0] if name != self.instance.name: self.sendDisconnect( DISCONNECT_PROTOCOL_ERROR, b"received accept for service we did not request", ) self.setService(self.instance) def requestService(self, instance): """ Request that a service be run over this transport. @type instance: subclass of L{twisted.conch.ssh.service.SSHService} @param instance: The service to run. """ self.sendPacket(MSG_SERVICE_REQUEST, NS(instance.name)) self.instance = instance # Client methods def verifyHostKey(self, hostKey, fingerprint): """ Returns a Deferred that gets a callback if it is a valid key, or an errback if not. @type hostKey: L{bytes} @param hostKey: The host key to verify. @type fingerprint: L{bytes} @param fingerprint: The fingerprint of the key. @return: A deferred firing with C{True} if the key is valid. """ return defer.fail(NotImplementedError()) def connectionSecure(self): """ Called when the encryption has been set up. Generally, requestService() is called to run another service over the transport. """ raise NotImplementedError() class _NullEncryptionContext: """ An encryption context that does not actually encrypt anything. """ def update(self, data): """ 'Encrypt' new data by doing nothing. @type data: L{bytes} @param data: The data to 'encrypt'. @rtype: L{bytes} @return: The 'encrypted' data. """ return data class _DummyAlgorithm: """ An encryption algorithm that does not actually encrypt anything. """ block_size = 64 class _DummyCipher: """ A cipher for the none encryption method. @ivar block_size: the block size of the encryption. In the case of the none cipher, this is 8 bytes. """ algorithm = _DummyAlgorithm() def encryptor(self): """ Construct a noop encryptor. @return: The encryptor. """ return _NullEncryptionContext() def decryptor(self): """ Construct a noop decryptor. @return: The decryptor. """ return _NullEncryptionContext() DH_GENERATOR, DH_PRIME = _kex.getDHGeneratorAndPrime(b"diffie-hellman-group14-sha1") MSG_DISCONNECT = 1 MSG_IGNORE = 2 MSG_UNIMPLEMENTED = 3 MSG_DEBUG = 4 MSG_SERVICE_REQUEST = 5 MSG_SERVICE_ACCEPT = 6 MSG_EXT_INFO = 7 MSG_KEXINIT = 20 MSG_NEWKEYS = 21 MSG_KEXDH_INIT = 30 MSG_KEXDH_REPLY = 31 MSG_KEX_DH_GEX_REQUEST_OLD = 30 MSG_KEX_DH_GEX_REQUEST = 34 MSG_KEX_DH_GEX_GROUP = 31 MSG_KEX_DH_GEX_INIT = 32 MSG_KEX_DH_GEX_REPLY = 33 DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT = 1 DISCONNECT_PROTOCOL_ERROR = 2 DISCONNECT_KEY_EXCHANGE_FAILED = 3 DISCONNECT_RESERVED = 4 DISCONNECT_MAC_ERROR = 5 DISCONNECT_COMPRESSION_ERROR = 6 DISCONNECT_SERVICE_NOT_AVAILABLE = 7 DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED = 8 DISCONNECT_HOST_KEY_NOT_VERIFIABLE = 9 DISCONNECT_CONNECTION_LOST = 10 DISCONNECT_BY_APPLICATION = 11 DISCONNECT_TOO_MANY_CONNECTIONS = 12 DISCONNECT_AUTH_CANCELLED_BY_USER = 13 DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE = 14 DISCONNECT_ILLEGAL_USER_NAME = 15 messages = {} for name, value in list(globals().items()): # Avoid legacy messages which overlap with never ones if name.startswith("MSG_") and not name.startswith("MSG_KEXDH_"): messages[value] = name # Check for regressions (#5352) if "MSG_KEXDH_INIT" in messages or "MSG_KEXDH_REPLY" in messages: raise RuntimeError("legacy SSH mnemonics should not end up in messages dict") ��ssh/filetransfer.py��0000644��00000112311�15027667726�0010420 0��ustar�00��# -- test-case-name: twisted.conch.test.test_filetransfer -- # # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. import errno import os import struct import warnings from typing import Dict from zope.interface import implementer from twisted.conch.interfaces import ISFTPFile, ISFTPServer from twisted.conch.ssh.common import NS, getNS from twisted.internet import defer, error, protocol from twisted.logger import Logger from twisted.python import failure from twisted.python.compat import nativeString, networkString class FileTransferBase(protocol.Protocol): _log = Logger() versions = (3,) packetTypes: Dict[int, str] = {} def __init__(self): self.buf = b"" self.otherVersion = None # This gets set def sendPacket(self, kind, data): self.transport.write(struct.pack("!LB", len(data) + 1, kind) + data) def dataReceived(self, data): self.buf += data # Continue processing the input buffer as long as there is a chance it # could contain a complete request. The "General Packet Format" # (format all requests follow) is a 4 byte length prefix, a 1 byte # type field, and a 4 byte request id. If we have fewer than 4 + 1 + # 4 == 9 bytes we cannot possibly have a complete request. while len(self.buf) >= 9: header = self.buf[:9] length, kind, reqId = struct.unpack("!LBL", header) # From draft-ietf-secsh-filexfer-13 (the draft we implement): # # The `length' is the length of the data area [including the # kind byte], and does not include the `length' field itself. # # If the input buffer doesn't have enough bytes to satisfy the # full length then we cannot process it now. Wait until we have # more bytes. if len(self.buf) < 4 + length: return # We parsed the request id out of the input buffer above but the # interface to the `packet_TYPE` methods involves passing them a # data buffer which still includes the request id ... So leave # those bytes in the `data` we slice off here. data, self.buf = self.buf[5 : 4 + length], self.buf[4 + length :] packetType = self.packetTypes.get(kind, None) if not packetType: self._log.info("no packet type for {kind}", kind=kind) continue f = getattr(self, f"packet_{packetType}", None) if not f: self._log.info( "not implemented: {packetType} data={data!r}", packetType=packetType, data=data[4:], ) self._sendStatus( reqId, FX_OP_UNSUPPORTED, f"don't understand {packetType}" ) # XXX not implemented continue self._log.info( "dispatching: {packetType} requestId={reqId}", packetType=packetType, reqId=reqId, ) try: f(data) except Exception: self._log.failure( "Failed to handle packet of type {packetType}", packetType=packetType, ) continue def _parseAttributes(self, data): (flags,) = struct.unpack("!L", data[:4]) attrs = {} data = data[4:] if flags & FILEXFER_ATTR_SIZE == FILEXFER_ATTR_SIZE: (size,) = struct.unpack("!Q", data[:8]) attrs["size"] = size data = data[8:] if flags & FILEXFER_ATTR_OWNERGROUP == FILEXFER_ATTR_OWNERGROUP: uid, gid = struct.unpack("!2L", data[:8]) attrs["uid"] = uid attrs["gid"] = gid data = data[8:] if flags & FILEXFER_ATTR_PERMISSIONS == FILEXFER_ATTR_PERMISSIONS: (perms,) = struct.unpack("!L", data[:4]) attrs["permissions"] = perms data = data[4:] if flags & FILEXFER_ATTR_ACMODTIME == FILEXFER_ATTR_ACMODTIME: atime, mtime = struct.unpack("!2L", data[:8]) attrs["atime"] = atime attrs["mtime"] = mtime data = data[8:] if flags & FILEXFER_ATTR_EXTENDED == FILEXFER_ATTR_EXTENDED: (extendedCount,) = struct.unpack("!L", data[:4]) data = data[4:] for i in range(extendedCount): (extendedType, data) = getNS(data) (extendedData, data) = getNS(data) attrs[f"ext_{nativeString(extendedType)}"] = extendedData return attrs, data def _packAttributes(self, attrs): flags = 0 data = b"" if "size" in attrs: data += struct.pack("!Q", attrs["size"]) flags \|= FILEXFER_ATTR_SIZE if "uid" in attrs and "gid" in attrs: data += struct.pack("!2L", attrs["uid"], attrs["gid"]) flags \|= FILEXFER_ATTR_OWNERGROUP if "permissions" in attrs: data += struct.pack("!L", attrs["permissions"]) flags \|= FILEXFER_ATTR_PERMISSIONS if "atime" in attrs and "mtime" in attrs: data += struct.pack("!2L", attrs["atime"], attrs["mtime"]) flags \|= FILEXFER_ATTR_ACMODTIME extended = [] for k in attrs: if k.startswith("ext_"): extType = NS(networkString(k[4:])) extData = NS(attrs[k]) extended.append(extType + extData) if extended: data += struct.pack("!L", len(extended)) data += b"".join(extended) flags \|= FILEXFER_ATTR_EXTENDED return struct.pack("!L", flags) + data def connectionLost(self, reason): """ Called when connection to the remote subsystem was lost. """ super().connectionLost(reason) self.connected = False class FileTransferServer(FileTransferBase): def __init__(self, data=None, avatar=None): FileTransferBase.__init__(self) self.client = ISFTPServer(avatar) # yay interfaces self.openFiles = {} self.openDirs = {} def packet_INIT(self, data): (version,) = struct.unpack("!L", data[:4]) self.version = min(list(self.versions) + [version]) data = data[4:] ext = {} while data: extName, data = getNS(data) extData, data = getNS(data) ext[extName] = extData ourExt = self.client.gotVersion(version, ext) ourExtData = b"" for (k, v) in ourExt.items(): ourExtData += NS(k) + NS(v) self.sendPacket(FXP_VERSION, struct.pack("!L", self.version) + ourExtData) def packet_OPEN(self, data): requestId = data[:4] data = data[4:] filename, data = getNS(data) (flags,) = struct.unpack("!L", data[:4]) data = data[4:] attrs, data = self._parseAttributes(data) assert data == b"", f"still have data in OPEN: {data!r}" d = defer.maybeDeferred(self.client.openFile, filename, flags, attrs) d.addCallback(self._cbOpenFile, requestId) d.addErrback(self._ebStatus, requestId, b"open failed") def _cbOpenFile(self, fileObj, requestId): fileId = networkString(str(hash(fileObj))) if fileId in self.openFiles: raise KeyError("id already open") self.openFiles[fileId] = fileObj self.sendPacket(FXP_HANDLE, requestId + NS(fileId)) def packet_CLOSE(self, data): requestId = data[:4] data = data[4:] handle, data = getNS(data) self._log.info( "closing: {requestId!r} {handle!r}", requestId=requestId, handle=handle, ) assert data == b"", f"still have data in CLOSE: {data!r}" if handle in self.openFiles: fileObj = self.openFiles[handle] d = defer.maybeDeferred(fileObj.close) d.addCallback(self._cbClose, handle, requestId) d.addErrback(self._ebStatus, requestId, b"close failed") elif handle in self.openDirs: dirObj = self.openDirs[handle][0] d = defer.maybeDeferred(dirObj.close) d.addCallback(self._cbClose, handle, requestId, 1) d.addErrback(self._ebStatus, requestId, b"close failed") else: code = errno.ENOENT text = os.strerror(code) err = OSError(code, text) self._ebStatus(failure.Failure(err), requestId) def _cbClose(self, result, handle, requestId, isDir=0): if isDir: del self.openDirs[handle] else: del self.openFiles[handle] self._sendStatus(requestId, FX_OK, b"file closed") def packet_READ(self, data): requestId = data[:4] data = data[4:] handle, data = getNS(data) (offset, length), data = struct.unpack("!QL", data[:12]), data[12:] assert data == b"", f"still have data in READ: {data!r}" if handle not in self.openFiles: self._ebRead(failure.Failure(KeyError()), requestId) else: fileObj = self.openFiles[handle] d = defer.maybeDeferred(fileObj.readChunk, offset, length) d.addCallback(self._cbRead, requestId) d.addErrback(self._ebStatus, requestId, b"read failed") def _cbRead(self, result, requestId): if result == b"": # Python's read will return this for EOF raise EOFError() self.sendPacket(FXP_DATA, requestId + NS(result)) def packet_WRITE(self, data): requestId = data[:4] data = data[4:] handle, data = getNS(data) (offset,) = struct.unpack("!Q", data[:8]) data = data[8:] writeData, data = getNS(data) assert data == b"", f"still have data in WRITE: {data!r}" if handle not in self.openFiles: self._ebWrite(failure.Failure(KeyError()), requestId) else: fileObj = self.openFiles[handle] d = defer.maybeDeferred(fileObj.writeChunk, offset, writeData) d.addCallback(self._cbStatus, requestId, b"write succeeded") d.addErrback(self._ebStatus, requestId, b"write failed") def packet_REMOVE(self, data): requestId = data[:4] data = data[4:] filename, data = getNS(data) assert data == b"", f"still have data in REMOVE: {data!r}" d = defer.maybeDeferred(self.client.removeFile, filename) d.addCallback(self._cbStatus, requestId, b"remove succeeded") d.addErrback(self._ebStatus, requestId, b"remove failed") def packet_RENAME(self, data): requestId = data[:4] data = data[4:] oldPath, data = getNS(data) newPath, data = getNS(data) assert data == b"", f"still have data in RENAME: {data!r}" d = defer.maybeDeferred(self.client.renameFile, oldPath, newPath) d.addCallback(self._cbStatus, requestId, b"rename succeeded") d.addErrback(self._ebStatus, requestId, b"rename failed") def packet_MKDIR(self, data): requestId = data[:4] data = data[4:] path, data = getNS(data) attrs, data = self._parseAttributes(data) assert data == b"", f"still have data in MKDIR: {data!r}" d = defer.maybeDeferred(self.client.makeDirectory, path, attrs) d.addCallback(self._cbStatus, requestId, b"mkdir succeeded") d.addErrback(self._ebStatus, requestId, b"mkdir failed") def packet_RMDIR(self, data): requestId = data[:4] data = data[4:] path, data = getNS(data) assert data == b"", f"still have data in RMDIR: {data!r}" d = defer.maybeDeferred(self.client.removeDirectory, path) d.addCallback(self._cbStatus, requestId, b"rmdir succeeded") d.addErrback(self._ebStatus, requestId, b"rmdir failed") def packet_OPENDIR(self, data): requestId = data[:4] data = data[4:] path, data = getNS(data) assert data == b"", f"still have data in OPENDIR: {data!r}" d = defer.maybeDeferred(self.client.openDirectory, path) d.addCallback(self._cbOpenDirectory, requestId) d.addErrback(self._ebStatus, requestId, b"opendir failed") def _cbOpenDirectory(self, dirObj, requestId): handle = networkString(str(hash(dirObj))) if handle in self.openDirs: raise KeyError("already opened this directory") self.openDirs[handle] = [dirObj, iter(dirObj)] self.sendPacket(FXP_HANDLE, requestId + NS(handle)) def packet_READDIR(self, data): requestId = data[:4] data = data[4:] handle, data = getNS(data) assert data == b"", f"still have data in READDIR: {data!r}" if handle not in self.openDirs: self._ebStatus(failure.Failure(KeyError()), requestId) else: dirObj, dirIter = self.openDirs[handle] d = defer.maybeDeferred(self._scanDirectory, dirIter, []) d.addCallback(self._cbSendDirectory, requestId) d.addErrback(self._ebStatus, requestId, b"scan directory failed") def _scanDirectory(self, dirIter, f): while len(f) < 250: try: info = next(dirIter) except StopIteration: if not f: raise EOFError return f if isinstance(info, defer.Deferred): info.addCallback(self._cbScanDirectory, dirIter, f) return else: f.append(info) return f def _cbScanDirectory(self, result, dirIter, f): f.append(result) return self._scanDirectory(dirIter, f) def _cbSendDirectory(self, result, requestId): data = b"" for (filename, longname, attrs) in result: data += NS(filename) data += NS(longname) data += self._packAttributes(attrs) self.sendPacket(FXP_NAME, requestId + struct.pack("!L", len(result)) + data) def packet_STAT(self, data, followLinks=1): requestId = data[:4] data = data[4:] path, data = getNS(data) assert data == b"", f"still have data in STAT/LSTAT: {data!r}" d = defer.maybeDeferred(self.client.getAttrs, path, followLinks) d.addCallback(self._cbStat, requestId) d.addErrback(self._ebStatus, requestId, b"stat/lstat failed") def packet_LSTAT(self, data): self.packet_STAT(data, 0) def packet_FSTAT(self, data): requestId = data[:4] data = data[4:] handle, data = getNS(data) assert data == b"", f"still have data in FSTAT: {data!r}" if handle not in self.openFiles: self._ebStatus( failure.Failure(KeyError(f"{handle} not in self.openFiles")), requestId, ) else: fileObj = self.openFiles[handle] d = defer.maybeDeferred(fileObj.getAttrs) d.addCallback(self._cbStat, requestId) d.addErrback(self._ebStatus, requestId, b"fstat failed") def _cbStat(self, result, requestId): data = requestId + self._packAttributes(result) self.sendPacket(FXP_ATTRS, data) def packet_SETSTAT(self, data): requestId = data[:4] data = data[4:] path, data = getNS(data) attrs, data = self._parseAttributes(data) if data != b"": self._log.warn("Still have data in SETSTAT: {data!r}", data=data) d = defer.maybeDeferred(self.client.setAttrs, path, attrs) d.addCallback(self._cbStatus, requestId, b"setstat succeeded") d.addErrback(self._ebStatus, requestId, b"setstat failed") def packet_FSETSTAT(self, data): requestId = data[:4] data = data[4:] handle, data = getNS(data) attrs, data = self._parseAttributes(data) assert data == b"", f"still have data in FSETSTAT: {data!r}" if handle not in self.openFiles: self._ebStatus(failure.Failure(KeyError()), requestId) else: fileObj = self.openFiles[handle] d = defer.maybeDeferred(fileObj.setAttrs, attrs) d.addCallback(self._cbStatus, requestId, b"fsetstat succeeded") d.addErrback(self._ebStatus, requestId, b"fsetstat failed") def packet_READLINK(self, data): requestId = data[:4] data = data[4:] path, data = getNS(data) assert data == b"", f"still have data in READLINK: {data!r}" d = defer.maybeDeferred(self.client.readLink, path) d.addCallback(self._cbReadLink, requestId) d.addErrback(self._ebStatus, requestId, b"readlink failed") def _cbReadLink(self, result, requestId): self._cbSendDirectory([(result, b"", {})], requestId) def packet_SYMLINK(self, data): requestId = data[:4] data = data[4:] linkPath, data = getNS(data) targetPath, data = getNS(data) d = defer.maybeDeferred(self.client.makeLink, linkPath, targetPath) d.addCallback(self._cbStatus, requestId, b"symlink succeeded") d.addErrback(self._ebStatus, requestId, b"symlink failed") def packet_REALPATH(self, data): requestId = data[:4] data = data[4:] path, data = getNS(data) assert data == b"", f"still have data in REALPATH: {data!r}" d = defer.maybeDeferred(self.client.realPath, path) d.addCallback(self._cbReadLink, requestId) # Same return format d.addErrback(self._ebStatus, requestId, b"realpath failed") def packet_EXTENDED(self, data): requestId = data[:4] data = data[4:] extName, extData = getNS(data) d = defer.maybeDeferred(self.client.extendedRequest, extName, extData) d.addCallback(self._cbExtended, requestId) d.addErrback(self._ebStatus, requestId, b"extended " + extName + b" failed") def _cbExtended(self, data, requestId): self.sendPacket(FXP_EXTENDED_REPLY, requestId + data) def _cbStatus(self, result, requestId, msg=b"request succeeded"): self._sendStatus(requestId, FX_OK, msg) def _ebStatus(self, reason, requestId, msg=b"request failed"): code = FX_FAILURE message = msg if isinstance(reason.value, (IOError, OSError)): if reason.value.errno == errno.ENOENT: # No such file code = FX_NO_SUCH_FILE message = networkString(reason.value.strerror) elif reason.value.errno == errno.EACCES: # Permission denied code = FX_PERMISSION_DENIED message = networkString(reason.value.strerror) elif reason.value.errno == errno.EEXIST: code = FX_FILE_ALREADY_EXISTS else: self._log.failure( "Request {requestId} failed: {message}", failure=reason, requestId=requestId, message=message, ) elif isinstance(reason.value, EOFError): # EOF code = FX_EOF if reason.value.args: message = networkString(reason.value.args[0]) elif isinstance(reason.value, NotImplementedError): code = FX_OP_UNSUPPORTED if reason.value.args: message = networkString(reason.value.args[0]) elif isinstance(reason.value, SFTPError): code = reason.value.code message = networkString(reason.value.message) else: self._log.failure( "Request {requestId} failed with unknown error: {message}", failure=reason, requestId=requestId, message=message, ) self._sendStatus(requestId, code, message) def _sendStatus(self, requestId, code, message, lang=b""): """ Helper method to send a FXP_STATUS message. """ data = requestId + struct.pack("!L", code) data += NS(message) data += NS(lang) self.sendPacket(FXP_STATUS, data) def connectionLost(self, reason): """ Called when connection to the remote subsystem was lost. Clean all opened files and directories. """ FileTransferBase.connectionLost(self, reason) for fileObj in self.openFiles.values(): fileObj.close() self.openFiles = {} for (dirObj, dirIter) in self.openDirs.values(): dirObj.close() self.openDirs = {} class FileTransferClient(FileTransferBase): def __init__(self, extData={}): """ @param extData: a dict of extended_name : extended_data items to be sent to the server. """ FileTransferBase.__init__(self) self.extData = {} self.counter = 0 self.openRequests = {} # id -> Deferred def connectionMade(self): data = struct.pack("!L", max(self.versions)) for k, v in self.extData.values(): data += NS(k) + NS(v) self.sendPacket(FXP_INIT, data) def connectionLost(self, reason): """ Called when connection to the remote subsystem was lost. Any pending requests are aborted. """ FileTransferBase.connectionLost(self, reason) # If there are still requests waiting for responses when the # connection is lost, fail them. if self.openRequests: # Even if our transport was lost "cleanly", our # requests were still not cancelled "cleanly". requestError = error.ConnectionLost() requestError.__cause__ = reason.value requestFailure = failure.Failure(requestError) while self.openRequests: _, deferred = self.openRequests.popitem() deferred.errback(requestFailure) def _sendRequest(self, msg, data): """ Send a request and return a deferred which waits for the result. @type msg: L{int} @param msg: The request type (e.g., C{FXP_READ}). @type data: L{bytes} @param data: The body of the request. """ if not self.connected: return defer.fail(error.ConnectionLost()) data = struct.pack("!L", self.counter) + data d = defer.Deferred() self.openRequests[self.counter] = d self.counter += 1 self.sendPacket(msg, data) return d def _parseRequest(self, data): (id,) = struct.unpack("!L", data[:4]) d = self.openRequests[id] del self.openRequests[id] return d, data[4:] def openFile(self, filename, flags, attrs): """ Open a file. This method returns a L{Deferred} that is called back with an object that provides the L{ISFTPFile} interface. @type filename: L{bytes} @param filename: a string representing the file to open. @param flags: an integer of the flags to open the file with, ORed together. The flags and their values are listed at the bottom of this file. @param attrs: a list of attributes to open the file with. It is a dictionary, consisting of 0 or more keys. The possible keys are:: size: the size of the file in bytes uid: the user ID of the file as an integer gid: the group ID of the file as an integer permissions: the permissions of the file with as an integer. the bit representation of this field is defined by POSIX. atime: the access time of the file as seconds since the epoch. mtime: the modification time of the file as seconds since the epoch. ext_: extended attributes. The server is not required to understand this, but it may. NOTE: there is no way to indicate text or binary files. it is up to the SFTP client to deal with this. """ data = NS(filename) + struct.pack("!L", flags) + self._packAttributes(attrs) d = self._sendRequest(FXP_OPEN, data) d.addCallback(self._cbOpenHandle, ClientFile, filename) return d def _cbOpenHandle(self, handle, handleClass, name): """ Callback invoked when an OPEN or OPENDIR request succeeds. @param handle: The handle returned by the server @type handle: L{bytes} @param handleClass: The class that will represent the newly-opened file or directory to the user (either L{ClientFile} or L{ClientDirectory}). @param name: The name of the file or directory represented by C{handle}. @type name: L{bytes} """ cb = handleClass(self, handle) cb.name = name return cb def removeFile(self, filename): """ Remove the given file. This method returns a Deferred that is called back when it succeeds. @type filename: L{bytes} @param filename: the name of the file as a string. """ return self._sendRequest(FXP_REMOVE, NS(filename)) def renameFile(self, oldpath, newpath): """ Rename the given file. This method returns a Deferred that is called back when it succeeds. @type oldpath: L{bytes} @param oldpath: the current location of the file. @type newpath: L{bytes} @param newpath: the new file name. """ return self._sendRequest(FXP_RENAME, NS(oldpath) + NS(newpath)) def makeDirectory(self, path, attrs): """ Make a directory. This method returns a Deferred that is called back when it is created. @type path: L{bytes} @param path: the name of the directory to create as a string. @param attrs: a dictionary of attributes to create the directory with. Its meaning is the same as the attrs in the openFile method. """ return self._sendRequest(FXP_MKDIR, NS(path) + self._packAttributes(attrs)) def removeDirectory(self, path): """ Remove a directory (non-recursively) It is an error to remove a directory that has files or directories in it. This method returns a Deferred that is called back when it is removed. @type path: L{bytes} @param path: the directory to remove. """ return self._sendRequest(FXP_RMDIR, NS(path)) def openDirectory(self, path): """ Open a directory for scanning. This method returns a Deferred that is called back with an iterable object that has a close() method. The close() method is called when the client is finished reading from the directory. At this point, the iterable will no longer be used. The iterable returns triples of the form (filename, longname, attrs) or a Deferred that returns the same. The sequence must support __getitem__, but otherwise may be any 'sequence-like' object. filename is the name of the file relative to the directory. logname is an expanded format of the filename. The recommended format is: -rwxr-xr-x 1 mjos staff 348911 Mar 25 14:29 t-filexfer 1234567890 123 12345678 12345678 12345678 123456789012 The first line is sample output, the second is the length of the field. The fields are: permissions, link count, user owner, group owner, size in bytes, modification time. attrs is a dictionary in the format of the attrs argument to openFile. @type path: L{bytes} @param path: the directory to open. """ d = self._sendRequest(FXP_OPENDIR, NS(path)) d.addCallback(self._cbOpenHandle, ClientDirectory, path) return d def getAttrs(self, path, followLinks=0): """ Return the attributes for the given path. This method returns a dictionary in the same format as the attrs argument to openFile or a Deferred that is called back with same. @type path: L{bytes} @param path: the path to return attributes for as a string. @param followLinks: a boolean. if it is True, follow symbolic links and return attributes for the real path at the base. if it is False, return attributes for the specified path. """ if followLinks: m = FXP_STAT else: m = FXP_LSTAT return self._sendRequest(m, NS(path)) def setAttrs(self, path, attrs): """ Set the attributes for the path. This method returns when the attributes are set or a Deferred that is called back when they are. @type path: L{bytes} @param path: the path to set attributes for as a string. @param attrs: a dictionary in the same format as the attrs argument to openFile. """ data = NS(path) + self._packAttributes(attrs) return self._sendRequest(FXP_SETSTAT, data) def readLink(self, path): """ Find the root of a set of symbolic links. This method returns the target of the link, or a Deferred that returns the same. @type path: L{bytes} @param path: the path of the symlink to read. """ d = self._sendRequest(FXP_READLINK, NS(path)) return d.addCallback(self._cbRealPath) def makeLink(self, linkPath, targetPath): """ Create a symbolic link. This method returns when the link is made, or a Deferred that returns the same. @type linkPath: L{bytes} @param linkPath: the pathname of the symlink as a string @type targetPath: L{bytes} @param targetPath: the path of the target of the link as a string. """ return self._sendRequest(FXP_SYMLINK, NS(linkPath) + NS(targetPath)) def realPath(self, path): """ Convert any path to an absolute path. This method returns the absolute path as a string, or a Deferred that returns the same. @type path: L{bytes} @param path: the path to convert as a string. """ d = self._sendRequest(FXP_REALPATH, NS(path)) return d.addCallback(self._cbRealPath) def _cbRealPath(self, result): name, longname, attrs = result[0] name = name.decode("utf-8") return name def extendedRequest(self, request, data): """ Make an extended request of the server. The method returns a Deferred that is called back with the result of the extended request. @type request: L{bytes} @param request: the name of the extended request to make. @type data: L{bytes} @param data: any other data that goes along with the request. """ return self._sendRequest(FXP_EXTENDED, NS(request) + data) def packet_VERSION(self, data): (version,) = struct.unpack("!L", data[:4]) data = data[4:] d = {} while data: k, data = getNS(data) v, data = getNS(data) d[k] = v self.version = version self.gotServerVersion(version, d) def packet_STATUS(self, data): d, data = self._parseRequest(data) (code,) = struct.unpack("!L", data[:4]) data = data[4:] if len(data) >= 4: msg, data = getNS(data) if len(data) >= 4: lang, data = getNS(data) else: lang = b"" else: msg = b"" lang = b"" if code == FX_OK: d.callback((msg, lang)) elif code == FX_EOF: d.errback(EOFError(msg)) elif code == FX_OP_UNSUPPORTED: d.errback(NotImplementedError(msg)) else: d.errback(SFTPError(code, nativeString(msg), lang)) def packet_HANDLE(self, data): d, data = self._parseRequest(data) handle, _ = getNS(data) d.callback(handle) def packet_DATA(self, data): d, data = self._parseRequest(data) d.callback(getNS(data)[0]) def packet_NAME(self, data): d, data = self._parseRequest(data) (count,) = struct.unpack("!L", data[:4]) data = data[4:] files = [] for i in range(count): filename, data = getNS(data) longname, data = getNS(data) attrs, data = self._parseAttributes(data) files.append((filename, longname, attrs)) d.callback(files) def packet_ATTRS(self, data): d, data = self._parseRequest(data) d.callback(self._parseAttributes(data)[0]) def packet_EXTENDED_REPLY(self, data): d, data = self._parseRequest(data) d.callback(data) def gotServerVersion(self, serverVersion, extData): """ Called when the client sends their version info. @param serverVersion: an integer representing the version of the SFTP protocol they are claiming. @param extData: a dictionary of extended_name : extended_data items. These items are sent by the client to indicate additional features. """ @implementer(ISFTPFile) class ClientFile: def __init__(self, parent, handle): self.parent = parent self.handle = NS(handle) def close(self): return self.parent._sendRequest(FXP_CLOSE, self.handle) def readChunk(self, offset, length): data = self.handle + struct.pack("!QL", offset, length) return self.parent._sendRequest(FXP_READ, data) def writeChunk(self, offset, chunk): data = self.handle + struct.pack("!Q", offset) + NS(chunk) return self.parent._sendRequest(FXP_WRITE, data) def getAttrs(self): return self.parent._sendRequest(FXP_FSTAT, self.handle) def setAttrs(self, attrs): data = self.handle + self.parent._packAttributes(attrs) return self.parent._sendRequest(FXP_FSTAT, data) class ClientDirectory: def __init__(self, parent, handle): self.parent = parent self.handle = NS(handle) self.filesCache = [] def read(self): return self.parent._sendRequest(FXP_READDIR, self.handle) def close(self): if self.handle is None: return defer.succeed(None) d = self.parent._sendRequest(FXP_CLOSE, self.handle) self.handle = None return d def __iter__(self): return self def __next__(self): warnings.warn( ( "Using twisted.conch.ssh.filetransfer.ClientDirectory " "as an iterator was deprecated in Twisted 18.9.0." ), category=DeprecationWarning, stacklevel=2, ) if self.filesCache: return self.filesCache.pop(0) if self.filesCache is None: raise StopIteration() d = self.read() d.addCallbacks(self._cbReadDir, self._ebReadDir) return d next = __next__ def _cbReadDir(self, names): self.filesCache = names[1:] return names[0] def _ebReadDir(self, reason): reason.trap(EOFError) self.filesCache = None return failure.Failure(StopIteration()) class SFTPError(Exception): def __init__(self, errorCode, errorMessage, lang=""): Exception.__init__(self) self.code = errorCode self._message = errorMessage self.lang = lang @property def message(self): """ A string received over the network that explains the error to a human. """ # Python 2.6 deprecates assigning to the 'message' attribute of an # exception. We define this read-only property here in order to # prevent the warning about deprecation while maintaining backwards # compatibility with object clients that rely on the 'message' # attribute being set correctly. See bug #3897. return self._message def __str__(self) -> str: return f"SFTPError {self.code}: {self.message}" FXP_INIT = 1 FXP_VERSION = 2 FXP_OPEN = 3 FXP_CLOSE = 4 FXP_READ = 5 FXP_WRITE = 6 FXP_LSTAT = 7 FXP_FSTAT = 8 FXP_SETSTAT = 9 FXP_FSETSTAT = 10 FXP_OPENDIR = 11 FXP_READDIR = 12 FXP_REMOVE = 13 FXP_MKDIR = 14 FXP_RMDIR = 15 FXP_REALPATH = 16 FXP_STAT = 17 FXP_RENAME = 18 FXP_READLINK = 19 FXP_SYMLINK = 20 FXP_STATUS = 101 FXP_HANDLE = 102 FXP_DATA = 103 FXP_NAME = 104 FXP_ATTRS = 105 FXP_EXTENDED = 200 FXP_EXTENDED_REPLY = 201 FILEXFER_ATTR_SIZE = 0x00000001 FILEXFER_ATTR_UIDGID = 0x00000002 FILEXFER_ATTR_OWNERGROUP = FILEXFER_ATTR_UIDGID FILEXFER_ATTR_PERMISSIONS = 0x00000004 FILEXFER_ATTR_ACMODTIME = 0x00000008 FILEXFER_ATTR_EXTENDED = 0x80000000 FILEXFER_TYPE_REGULAR = 1 FILEXFER_TYPE_DIRECTORY = 2 FILEXFER_TYPE_SYMLINK = 3 FILEXFER_TYPE_SPECIAL = 4 FILEXFER_TYPE_UNKNOWN = 5 FXF_READ = 0x00000001 FXF_WRITE = 0x00000002 FXF_APPEND = 0x00000004 FXF_CREAT = 0x00000008 FXF_TRUNC = 0x00000010 FXF_EXCL = 0x00000020 FXF_TEXT = 0x00000040 FX_OK = 0 FX_EOF = 1 FX_NO_SUCH_FILE = 2 FX_PERMISSION_DENIED = 3 FX_FAILURE = 4 FX_BAD_MESSAGE = 5 FX_NO_CONNECTION = 6 FX_CONNECTION_LOST = 7 FX_OP_UNSUPPORTED = 8 FX_FILE_ALREADY_EXISTS = 11 # http://tools.ietf.org/wg/secsh/draft-ietf-secsh-filexfer/ defines more # useful error codes, but so far OpenSSH doesn't implement them. We use them # internally for clarity, but for now define them all as FX_FAILURE to be # compatible with existing software. FX_NOT_A_DIRECTORY = FX_FAILURE FX_FILE_IS_A_DIRECTORY = FX_FAILURE # initialize FileTransferBase.packetTypes: g = globals() for name in list(g.keys()): if name.startswith("FXP_"): value = g[name] FileTransferBase.packetTypes[value] = name[4:] del g, name, value ��ssh/common.py��0000644��00000003642�15027667726�0007232 0��ustar�00��# -- test-case-name: twisted.conch.test.test_ssh -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Common functions for the SSH classes. Maintainer: Paul Swartz """ import struct from cryptography.utils import int_to_bytes from twisted.python.deprecate import deprecated from twisted.python.versions import Version __all__ = ["NS", "getNS", "MP", "getMP", "ffs"] def NS(t): """ net string """ if isinstance(t, str): t = t.encode("utf-8") return struct.pack("!L", len(t)) + t def getNS(s, count=1): """ get net string """ ns = [] c = 0 for i in range(count): (l,) = struct.unpack("!L", s[c : c + 4]) ns.append(s[c + 4 : 4 + l + c]) c += 4 + l return tuple(ns) + (s[c:],) def MP(number): if number == 0: return b"\000" * 4 assert number > 0 bn = int_to_bytes(number) if ord(bn[0:1]) & 128: bn = b"\000" + bn return struct.pack(">L", len(bn)) + bn def getMP(data, count=1): """ Get multiple precision integer out of the string. A multiple precision integer is stored as a 4-byte length followed by length bytes of the integer. If count is specified, get count integers out of the string. The return value is a tuple of count integers followed by the rest of the data. """ mp = [] c = 0 for i in range(count): (length,) = struct.unpack(">L", data[c : c + 4]) mp.append(int.from_bytes(data[c + 4 : c + 4 + length], "big")) c += 4 + length return tuple(mp) + (data[c:],) def ffs(c, s): """ first from second goes through the first list, looking for items in the second, returns the first one """ for i in c: if i in s: return i @deprecated(Version("Twisted", 16, 5, 0)) def install(): # This used to install gmpy, but is technically public API, so just do # nothing. pass ��ssh/keys.py��0000644��00000201126�15027667726�0006712 0��ustar�00��# -- test-case-name: twisted.conch.test.test_keys -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Handling of RSA, DSA, ECDSA, and Ed25519 keys. """ import binascii import itertools import struct import unicodedata import warnings from base64 import b64encode, decodebytes, encodebytes from hashlib import md5, sha256 import bcrypt from cryptography import utils from cryptography.exceptions import InvalidSignature from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import dsa, ec, ed25519, padding, rsa from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from cryptography.hazmat.primitives.serialization import ( load_pem_private_key, load_ssh_public_key, ) from pyasn1.codec.ber import ( # type: ignore[import] decoder as berDecoder, encoder as berEncoder, ) from pyasn1.error import PyAsn1Error # type: ignore[import] from pyasn1.type import univ # type: ignore[import] from twisted.conch.ssh import common, sexpy from twisted.conch.ssh.common import int_to_bytes from twisted.python import randbytes from twisted.python.compat import iterbytes, nativeString from twisted.python.constants import NamedConstant, Names from twisted.python.deprecate import _mutuallyExclusiveArguments try: from cryptography.hazmat.primitives.asymmetric.utils import ( decode_dss_signature, encode_dss_signature, ) except ImportError: from cryptography.hazmat.primitives.asymmetric.utils import ( # type: ignore[no-redef,attr-defined] decode_rfc6979_signature as decode_dss_signature, encode_rfc6979_signature as encode_dss_signature, ) # Curve lookup table _curveTable = { b"ecdsa-sha2-nistp256": ec.SECP256R1(), b"ecdsa-sha2-nistp384": ec.SECP384R1(), b"ecdsa-sha2-nistp521": ec.SECP521R1(), } _secToNist = { b"secp256r1": b"nistp256", b"secp384r1": b"nistp384", b"secp521r1": b"nistp521", } class BadKeyError(Exception): """ Raised when a key isn't what we expected from it. XXX: we really need to check for bad keys """ class EncryptedKeyError(Exception): """ Raised when an encrypted key is presented to fromString/fromFile without a password. """ class BadFingerPrintFormat(Exception): """ Raises when unsupported fingerprint formats are presented to fingerprint. """ class FingerprintFormats(Names): """ Constants representing the supported formats of key fingerprints. @cvar MD5_HEX: Named constant representing fingerprint format generated using md5[RFC1321] algorithm in hexadecimal encoding. @type MD5_HEX: L{twisted.python.constants.NamedConstant} @cvar SHA256_BASE64: Named constant representing fingerprint format generated using sha256[RFC4634] algorithm in base64 encoding @type SHA256_BASE64: L{twisted.python.constants.NamedConstant} """ MD5_HEX = NamedConstant() SHA256_BASE64 = NamedConstant() class PassphraseNormalizationError(Exception): """ Raised when a passphrase contains Unicode characters that cannot be normalized using the available Unicode character database. """ def _normalizePassphrase(passphrase): """ Normalize a passphrase, which may be Unicode. If the passphrase is Unicode, this follows the requirements of U{NIST 800-63B, section 5.1.1.2<https://pages.nist.gov/800-63-3/sp800-63b.html#memsecretver>} for Unicode characters in memorized secrets: it applies the Normalization Process for Stabilized Strings using NFKC normalization. The passphrase is then encoded using UTF-8. @type passphrase: L{bytes} or L{unicode} or L{None} @param passphrase: The passphrase to normalize. @return: The normalized passphrase, if any. @rtype: L{bytes} or L{None} @raises PassphraseNormalizationError: if the passphrase is Unicode and cannot be normalized using the available Unicode character database. """ if isinstance(passphrase, str): # The Normalization Process for Stabilized Strings requires aborting # with an error if the string contains any unassigned code point. if any(unicodedata.category(c) == "Cn" for c in passphrase): # Perhaps not very helpful, but we don't want to leak any other # information about the passphrase. raise PassphraseNormalizationError() return unicodedata.normalize("NFKC", passphrase).encode("UTF-8") else: return passphrase class Key: """ An object representing a key. A key can be either a public or private key. A public key can verify a signature; a private key can create or verify a signature. To generate a string that can be stored on disk, use the toString method. If you have a private key, but want the string representation of the public key, use Key.public().toString(). """ @classmethod def fromFile(cls, filename, type=None, passphrase=None): """ Load a key from a file. @param filename: The path to load key data from. @type type: L{str} or L{None} @param type: A string describing the format the key data is in, or L{None} to attempt detection of the type. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if there is no encryption. @rtype: L{Key} @return: The loaded key. """ with open(filename, "rb") as f: return cls.fromString(f.read(), type, passphrase) @classmethod def fromString(cls, data, type=None, passphrase=None): """ Return a Key object corresponding to the string data. type is optionally the type of string, matching a _fromString_* method. Otherwise, the _guessStringType() classmethod will be used to guess a type. If the key is encrypted, passphrase is used as the decryption key. @type data: L{bytes} @param data: The key data. @type type: L{str} or L{None} @param type: A string describing the format the key data is in, or L{None} to attempt detection of the type. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if there is no encryption. @rtype: L{Key} @return: The loaded key. """ if isinstance(data, str): data = data.encode("utf-8") passphrase = _normalizePassphrase(passphrase) if type is None: type = cls._guessStringType(data) if type is None: raise BadKeyError(f"cannot guess the type of {data!r}") method = getattr(cls, f"_fromString_{type.upper()}", None) if method is None: raise BadKeyError(f"no _fromString method for {type}") if method.__code__.co_argcount == 2: # No passphrase if passphrase: raise BadKeyError("key not encrypted") return method(data) else: return method(data, passphrase) @classmethod def _fromString_BLOB(cls, blob): """ Return a public key object corresponding to this public key blob. The format of a RSA public key blob is:: string 'ssh-rsa' integer e integer n The format of a DSA public key blob is:: string 'ssh-dss' integer p integer q integer g integer y The format of ECDSA-SHA2-* public key blob is:: string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name. The format of an Ed25519 public key blob is:: string 'ssh-ed25519' string a @type blob: L{bytes} @param blob: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type (the first string) is unknown. """ keyType, rest = common.getNS(blob) if keyType == b"ssh-rsa": e, n, rest = common.getMP(rest, 2) return cls(rsa.RSAPublicNumbers(e, n).public_key(default_backend())) elif keyType == b"ssh-dss": p, q, g, y, rest = common.getMP(rest, 4) return cls( dsa.DSAPublicNumbers( y=y, parameter_numbers=dsa.DSAParameterNumbers(p=p, q=q, g=g) ).public_key(default_backend()) ) elif keyType in _curveTable: return cls( ec.EllipticCurvePublicKey.from_encoded_point( _curveTable[keyType], common.getNS(rest, 2)[1] ) ) elif keyType == b"ssh-ed25519": a, rest = common.getNS(rest) return cls._fromEd25519Components(a) else: raise BadKeyError(f"unknown blob type: {keyType}") @classmethod def _fromString_PRIVATE_BLOB(cls, blob): """ Return a private key object corresponding to this private key blob. The blob formats are as follows: RSA keys:: string 'ssh-rsa' integer n integer e integer d integer u integer p integer q DSA keys:: string 'ssh-dss' integer p integer q integer g integer y integer x EC keys:: string 'ecdsa-sha2-[identifier]' string identifier string q integer privateValue identifier is the standard NIST curve name. Ed25519 keys:: string 'ssh-ed25519' string a string k \|\| a @type blob: L{bytes} @param blob: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * the key type (the first string) is unknown * the curve name of an ECDSA key does not match the key type """ keyType, rest = common.getNS(blob) if keyType == b"ssh-rsa": n, e, d, u, p, q, rest = common.getMP(rest, 6) return cls._fromRSAComponents(n=n, e=e, d=d, p=p, q=q) elif keyType == b"ssh-dss": p, q, g, y, x, rest = common.getMP(rest, 5) return cls._fromDSAComponents(y=y, g=g, p=p, q=q, x=x) elif keyType in _curveTable: curve = _curveTable[keyType] curveName, q, rest = common.getNS(rest, 2) if curveName != _secToNist[curve.name.encode("ascii")]: raise BadKeyError( "ECDSA curve name %r does not match key " "type %r" % (curveName, keyType) ) privateValue, rest = common.getMP(rest) return cls._fromECEncodedPoint( encodedPoint=q, curve=keyType, privateValue=privateValue ) elif keyType == b"ssh-ed25519": # OpenSSH's format repeats the public key bytes for some reason. # We're only interested in the private key here anyway. a, combined, rest = common.getNS(rest, 2) k = combined[:32] return cls._fromEd25519Components(a, k=k) else: raise BadKeyError(f"unknown blob type: {keyType}") @classmethod def _fromString_PUBLIC_OPENSSH(cls, data): """ Return a public key object corresponding to this OpenSSH public key string. The format of an OpenSSH public key string is:: <key type> <base64-encoded public key blob> @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the blob type is unknown. """ # ECDSA keys don't need base64 decoding which is required # for RSA or DSA key. if data.startswith(b"ecdsa-sha2"): return cls(load_ssh_public_key(data, default_backend())) blob = decodebytes(data.split()[1]) return cls._fromString_BLOB(blob) @classmethod def _fromPrivateOpenSSH_v1(cls, data, passphrase): """ Return a private key object corresponding to this OpenSSH private key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5. The format of an openssh-key-v1 private key string is:: -----BEGIN OPENSSH PRIVATE KEY----- <base64-encoded SSH protocol string> -----END OPENSSH PRIVATE KEY----- The SSH protocol string is as described in U{PROTOCOL.key<https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key>}. @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * a passphrase is provided for an unencrypted key * the SSH protocol encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key """ lines = data.strip().splitlines() keyList = decodebytes(b"".join(lines[1:-1])) if not keyList.startswith(b"openssh-key-v1\0"): raise BadKeyError("unknown OpenSSH private key format") keyList = keyList[len(b"openssh-key-v1\0") :] cipher, kdf, kdfOptions, rest = common.getNS(keyList, 3) n = struct.unpack("!L", rest[:4])[0] if n != 1: raise BadKeyError( "only OpenSSH private key files containing " "a single key are supported" ) # Ignore public key _, encPrivKeyList, _ = common.getNS(rest[4:], 2) if cipher != b"none": if not passphrase: raise EncryptedKeyError( "Passphrase must be provided " "for an encrypted key" ) # Determine cipher if cipher in (b"aes128-ctr", b"aes192-ctr", b"aes256-ctr"): algorithmClass = algorithms.AES blockSize = 16 keySize = int(cipher[3:6]) // 8 ivSize = blockSize else: raise BadKeyError(f"unknown encryption type {cipher!r}") if kdf == b"bcrypt": salt, rest = common.getNS(kdfOptions) rounds = struct.unpack("!L", rest[:4])[0] decKey = bcrypt.kdf( passphrase, salt, keySize + ivSize, rounds, # We can only use the number of rounds that OpenSSH used. ignore_few_rounds=True, ) else: raise BadKeyError(f"unknown KDF type {kdf!r}") if (len(encPrivKeyList) % blockSize) != 0: raise BadKeyError("bad padding") decryptor = Cipher( algorithmClass(decKey[:keySize]), modes.CTR(decKey[keySize : keySize + ivSize]), backend=default_backend(), ).decryptor() privKeyList = decryptor.update(encPrivKeyList) + decryptor.finalize() else: if kdf != b"none": raise BadKeyError( "private key specifies KDF %r but no " "cipher" % (kdf,) ) privKeyList = encPrivKeyList check1 = struct.unpack("!L", privKeyList[:4])[0] check2 = struct.unpack("!L", privKeyList[4:8])[0] if check1 != check2: raise BadKeyError("check values do not match: %d != %d" % (check1, check2)) return cls._fromString_PRIVATE_BLOB(privKeyList[8:]) @classmethod def _fromPrivateOpenSSH_PEM(cls, data, passphrase): """ Return a private key object corresponding to this OpenSSH private key string, in the old PEM-based format. The format of a PEM-based OpenSSH private key string is:: -----BEGIN <key type> PRIVATE KEY----- [Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,<initialization value>] <base64-encoded ASN.1 structure> ------END <key type> PRIVATE KEY------ The ASN.1 structure of a RSA key is:: (0, n, e, d, p, q) The ASN.1 structure of a DSA key is:: (0, p, q, g, y, x) The ASN.1 structure of a ECDSA key is:: (ECParameters, OID, NULL) @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * a passphrase is provided for an unencrypted key * the ASN.1 encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key """ lines = data.strip().splitlines() kind = lines[0][11:-17] if lines[1].startswith(b"Proc-Type: 4,ENCRYPTED"): if not passphrase: raise EncryptedKeyError( "Passphrase must be provided " "for an encrypted key" ) # Determine cipher and initialization vector try: _, cipherIVInfo = lines[2].split(b" ", 1) cipher, ivdata = cipherIVInfo.rstrip().split(b",", 1) except ValueError: raise BadKeyError(f"invalid DEK-info {lines[2]!r}") if cipher in (b"AES-128-CBC", b"AES-256-CBC"): algorithmClass = algorithms.AES keySize = int(cipher.split(b"-")[1]) // 8 if len(ivdata) != 32: raise BadKeyError("AES encrypted key with a bad IV") elif cipher == b"DES-EDE3-CBC": algorithmClass = algorithms.TripleDES keySize = 24 if len(ivdata) != 16: raise BadKeyError("DES encrypted key with a bad IV") else: raise BadKeyError(f"unknown encryption type {cipher!r}") # Extract keyData for decoding iv = bytes( bytearray(int(ivdata[i : i + 2], 16) for i in range(0, len(ivdata), 2)) ) ba = md5(passphrase + iv[:8]).digest() bb = md5(ba + passphrase + iv[:8]).digest() decKey = (ba + bb)[:keySize] b64Data = decodebytes(b"".join(lines[3:-1])) decryptor = Cipher( algorithmClass(decKey), modes.CBC(iv), backend=default_backend() ).decryptor() keyData = decryptor.update(b64Data) + decryptor.finalize() removeLen = ord(keyData[-1:]) keyData = keyData[:-removeLen] else: b64Data = b"".join(lines[1:-1]) keyData = decodebytes(b64Data) try: decodedKey = berDecoder.decode(keyData)[0] except PyAsn1Error as asn1Error: raise BadKeyError(f"Failed to decode key (Bad Passphrase?): {asn1Error}") if kind == b"EC": return cls(load_pem_private_key(data, passphrase, default_backend())) if kind == b"RSA": if len(decodedKey) == 2: # Alternate RSA key decodedKey = decodedKey[0] if len(decodedKey) < 6: raise BadKeyError("RSA key failed to decode properly") n, e, d, p, q, dmp1, dmq1, iqmp = (int(value) for value in decodedKey[1:9]) return cls( rsa.RSAPrivateNumbers( p=p, q=q, d=d, dmp1=dmp1, dmq1=dmq1, iqmp=iqmp, public_numbers=rsa.RSAPublicNumbers(e=e, n=n), ).private_key(default_backend()) ) elif kind == b"DSA": p, q, g, y, x = (int(value) for value in decodedKey[1:6]) if len(decodedKey) < 6: raise BadKeyError("DSA key failed to decode properly") return cls( dsa.DSAPrivateNumbers( x=x, public_numbers=dsa.DSAPublicNumbers( y=y, parameter_numbers=dsa.DSAParameterNumbers(p=p, q=q, g=g) ), ).private_key(backend=default_backend()) ) else: raise BadKeyError(f"unknown key type {kind}") @classmethod def _fromString_PRIVATE_OPENSSH(cls, data, passphrase): """ Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error. @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * a passphrase is provided for an unencrypted key * the encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key """ if data.strip().splitlines()[0][11:-17] == b"OPENSSH": # New-format (openssh-key-v1) key return cls._fromPrivateOpenSSH_v1(data, passphrase) else: # Old-format (PEM) key return cls._fromPrivateOpenSSH_PEM(data, passphrase) @classmethod def _fromString_PUBLIC_LSH(cls, data): """ Return a public key corresponding to this LSH public key string. The LSH public key string format is:: <s-expression: ('public-key', (<key type>, (<name, <value>)+))> The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e. The names for a DSA (key type 'dsa') key are: y, g, p, q. @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type is unknown """ sexp = sexpy.parse(decodebytes(data[1:-1])) assert sexp[0] == b"public-key" kd = {} for name, data in sexp[1][1:]: kd[name] = common.getMP(common.NS(data))[0] if sexp[1][0] == b"dsa": return cls._fromDSAComponents( y=kd[b"y"], g=kd[b"g"], p=kd[b"p"], q=kd[b"q"] ) elif sexp[1][0] == b"rsa-pkcs1-sha1": return cls._fromRSAComponents(n=kd[b"n"], e=kd[b"e"]) else: raise BadKeyError(f"unknown lsh key type {sexp[1][0]}") @classmethod def _fromString_PRIVATE_LSH(cls, data): """ Return a private key corresponding to this LSH private key string. The LSH private key string format is:: <s-expression: ('private-key', (<key type>, (<name>, <value>)+))> The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e, d, p, q. The names for a DSA (key type 'dsa') key are: y, g, p, q, x. @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type is unknown """ sexp = sexpy.parse(data) assert sexp[0] == b"private-key" kd = {} for name, data in sexp[1][1:]: kd[name] = common.getMP(common.NS(data))[0] if sexp[1][0] == b"dsa": assert len(kd) == 5, len(kd) return cls._fromDSAComponents( y=kd[b"y"], g=kd[b"g"], p=kd[b"p"], q=kd[b"q"], x=kd[b"x"] ) elif sexp[1][0] == b"rsa-pkcs1": assert len(kd) == 8, len(kd) if kd[b"p"] > kd[b"q"]: # Make p smaller than q kd[b"p"], kd[b"q"] = kd[b"q"], kd[b"p"] return cls._fromRSAComponents( n=kd[b"n"], e=kd[b"e"], d=kd[b"d"], p=kd[b"p"], q=kd[b"q"] ) else: raise BadKeyError(f"unknown lsh key type {sexp[1][0]}") @classmethod def _fromString_AGENTV3(cls, data): """ Return a private key object corresponsing to the Secure Shell Key Agent v3 format. The SSH Key Agent v3 format for a RSA key is:: string 'ssh-rsa' integer e integer d integer n integer u integer p integer q The SSH Key Agent v3 format for a DSA key is:: string 'ssh-dss' integer p integer q integer g integer y integer x @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type (the first string) is unknown """ keyType, data = common.getNS(data) if keyType == b"ssh-dss": p, data = common.getMP(data) q, data = common.getMP(data) g, data = common.getMP(data) y, data = common.getMP(data) x, data = common.getMP(data) return cls._fromDSAComponents(y=y, g=g, p=p, q=q, x=x) elif keyType == b"ssh-rsa": e, data = common.getMP(data) d, data = common.getMP(data) n, data = common.getMP(data) u, data = common.getMP(data) p, data = common.getMP(data) q, data = common.getMP(data) return cls._fromRSAComponents(n=n, e=e, d=d, p=p, q=q, u=u) else: raise BadKeyError(f"unknown key type {keyType}") @classmethod def _guessStringType(cls, data): """ Guess the type of key in data. The types map to _fromString_* methods. @type data: L{bytes} @param data: The key data. """ if data.startswith(b"ssh-") or data.startswith(b"ecdsa-sha2-"): return "public_openssh" elif data.startswith(b"-----BEGIN"): return "private_openssh" elif data.startswith(b"{"): return "public_lsh" elif data.startswith(b"("): return "private_lsh" elif ( data.startswith(b"\x00\x00\x00\x07ssh-") or data.startswith(b"\x00\x00\x00\x13ecdsa-") or data.startswith(b"\x00\x00\x00\x0bssh-ed25519") ): ignored, rest = common.getNS(data) count = 0 while rest: count += 1 ignored, rest = common.getMP(rest) if count > 4: return "agentv3" else: return "blob" @classmethod def _fromRSAComponents(cls, n, e, d=None, p=None, q=None, u=None): """ Build a key from RSA numerical components. @type n: L{int} @param n: The 'n' RSA variable. @type e: L{int} @param e: The 'e' RSA variable. @type d: L{int} or L{None} @param d: The 'd' RSA variable (optional for a public key). @type p: L{int} or L{None} @param p: The 'p' RSA variable (optional for a public key). @type q: L{int} or L{None} @param q: The 'q' RSA variable (optional for a public key). @type u: L{int} or L{None} @param u: The 'u' RSA variable. Ignored, as its value is determined by p and q. @rtype: L{Key} @return: An RSA key constructed from the values as given. """ publicNumbers = rsa.RSAPublicNumbers(e=e, n=n) if d is None: # We have public components. keyObject = publicNumbers.public_key(default_backend()) else: privateNumbers = rsa.RSAPrivateNumbers( p=p, q=q, d=d, dmp1=rsa.rsa_crt_dmp1(d, p), dmq1=rsa.rsa_crt_dmq1(d, q), iqmp=rsa.rsa_crt_iqmp(p, q), public_numbers=publicNumbers, ) keyObject = privateNumbers.private_key(default_backend()) return cls(keyObject) @classmethod def _fromDSAComponents(cls, y, p, q, g, x=None): """ Build a key from DSA numerical components. @type y: L{int} @param y: The 'y' DSA variable. @type p: L{int} @param p: The 'p' DSA variable. @type q: L{int} @param q: The 'q' DSA variable. @type g: L{int} @param g: The 'g' DSA variable. @type x: L{int} or L{None} @param x: The 'x' DSA variable (optional for a public key) @rtype: L{Key} @return: A DSA key constructed from the values as given. """ publicNumbers = dsa.DSAPublicNumbers( y=y, parameter_numbers=dsa.DSAParameterNumbers(p=p, q=q, g=g) ) if x is None: # We have public components. keyObject = publicNumbers.public_key(default_backend()) else: privateNumbers = dsa.DSAPrivateNumbers(x=x, public_numbers=publicNumbers) keyObject = privateNumbers.private_key(default_backend()) return cls(keyObject) @classmethod def _fromECComponents(cls, x, y, curve, privateValue=None): """ Build a key from EC components. @param x: The affine x component of the public point used for verifying. @type x: L{int} @param y: The affine y component of the public point used for verifying. @type y: L{int} @param curve: NIST name of elliptic curve. @type curve: L{bytes} @param privateValue: The private value. @type privateValue: L{int} """ publicNumbers = ec.EllipticCurvePublicNumbers( x=x, y=y, curve=_curveTable[curve] ) if privateValue is None: # We have public components. keyObject = publicNumbers.public_key(default_backend()) else: privateNumbers = ec.EllipticCurvePrivateNumbers( private_value=privateValue, public_numbers=publicNumbers ) keyObject = privateNumbers.private_key(default_backend()) return cls(keyObject) @classmethod def _fromECEncodedPoint(cls, encodedPoint, curve, privateValue=None): """ Build a key from an EC encoded point. @param encodedPoint: The public point encoded as in SEC 1 v2.0 section 2.3.3. @type encodedPoint: L{bytes} @param curve: NIST name of elliptic curve. @type curve: L{bytes} @param privateValue: The private value. @type privateValue: L{int} """ if privateValue is None: # We have public components. keyObject = ec.EllipticCurvePublicKey.from_encoded_point( _curveTable[curve], encodedPoint ) else: keyObject = ec.derive_private_key( privateValue, _curveTable[curve], default_backend() ) return cls(keyObject) @classmethod def _fromEd25519Components(cls, a, k=None): """Build a key from Ed25519 components. @param a: The Ed25519 public key, as defined in RFC 8032 section 5.1.5. @type a: L{bytes} @param k: The Ed25519 private key, as defined in RFC 8032 section 5.1.5. @type k: L{bytes} """ if k is None: keyObject = ed25519.Ed25519PublicKey.from_public_bytes(a) else: keyObject = ed25519.Ed25519PrivateKey.from_private_bytes(k) return cls(keyObject) def __init__(self, keyObject): """ Initialize with a private or public C{cryptography.hazmat.primitives.asymmetric} key. @param keyObject: Low level key. @type keyObject: C{cryptography.hazmat.primitives.asymmetric} key. """ self._keyObject = keyObject def __eq__(self, other: object) -> bool: """ Return True if other represents an object with the same key. """ if isinstance(other, Key): return self.type() == other.type() and self.data() == other.data() else: return NotImplemented def __repr__(self) -> str: """ Return a pretty representation of this object. """ if self.type() == "EC": data = self.data() name = data["curve"].decode("utf-8") if self.isPublic(): out = f"<Elliptic Curve Public Key ({name[-3:]} bits)" else: out = f"<Elliptic Curve Private Key ({name[-3:]} bits)" for k, v in sorted(data.items()): if k == "curve": out += f"\ncurve:\n\t{name}" else: out += f"\n{k}:\n\t{v}" return out + ">\n" else: lines = [ "<%s %s (%s bits)" % ( nativeString(self.type()), self.isPublic() and "Public Key" or "Private Key", self.size(), ) ] for k, v in sorted(self.data().items()): lines.append(f"attr {k}:") by = v if self.type() == "Ed25519" else common.MP(v)[4:] while by: m = by[:15] by = by[15:] o = "" for c in iterbytes(m): o = o + f"{ord(c):02x}:" if len(m) < 15: o = o[:-1] lines.append("\t" + o) lines[-1] = lines[-1] + ">" return "\n".join(lines) def isPublic(self): """ Check if this instance is a public key. @return: C{True} if this is a public key. """ return isinstance( self._keyObject, ( rsa.RSAPublicKey, dsa.DSAPublicKey, ec.EllipticCurvePublicKey, ed25519.Ed25519PublicKey, ), ) def public(self): """ Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self. @rtype: L{Key} @return: A public key. """ if self.isPublic(): return self else: return Key(self._keyObject.public_key()) def fingerprint(self, format=FingerprintFormats.MD5_HEX): """ The fingerprint of a public key consists of the output of the message-digest algorithm in the specified format. Supported formats include L{FingerprintFormats.MD5_HEX} and L{FingerprintFormats.SHA256_BASE64} The input to the algorithm is the public key data as specified by [RFC4253]. The output of sha256[RFC4634] algorithm is presented to the user in the form of base64 encoded sha256 hashes. Example: C{US5jTUa0kgX5ZxdqaGF0yGRu8EgKXHNmoT8jHKo1StM=} The output of the MD5[RFC1321](default) algorithm is presented to the user as a sequence of 16 octets printed as hexadecimal with lowercase letters and separated by colons. Example: C{c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87} @param format: Format for fingerprint generation. Consists hash function and representation format. Default is L{FingerprintFormats.MD5_HEX} @since: 8.2 @return: the user presentation of this L{Key}'s fingerprint, as a string. @rtype: L{str} """ if format is FingerprintFormats.SHA256_BASE64: return nativeString(b64encode(sha256(self.blob()).digest())) elif format is FingerprintFormats.MD5_HEX: return nativeString( b":".join( [binascii.hexlify(x) for x in iterbytes(md5(self.blob()).digest())] ) ) else: raise BadFingerPrintFormat(f"Unsupported fingerprint format: {format}") def type(self): """ Return the type of the object we wrap. Currently this can only be 'RSA', 'DSA', 'EC', or 'Ed25519'. @rtype: L{str} @raises RuntimeError: If the object type is unknown. """ if isinstance(self._keyObject, (rsa.RSAPublicKey, rsa.RSAPrivateKey)): return "RSA" elif isinstance(self._keyObject, (dsa.DSAPublicKey, dsa.DSAPrivateKey)): return "DSA" elif isinstance( self._keyObject, (ec.EllipticCurvePublicKey, ec.EllipticCurvePrivateKey) ): return "EC" elif isinstance( self._keyObject, (ed25519.Ed25519PublicKey, ed25519.Ed25519PrivateKey) ): return "Ed25519" else: raise RuntimeError(f"unknown type of object: {self._keyObject!r}") def sshType(self): """ Get the type of the object we wrap as defined in the SSH protocol, defined in RFC 4253, Section 6.6. Currently this can only be b'ssh-rsa', b'ssh-dss' or b'ecdsa-sha2-[identifier]'. identifier is the standard NIST curve name @return: The key type format. @rtype: L{bytes} """ if self.type() == "EC": return ( b"ecdsa-sha2-" + _secToNist[self._keyObject.curve.name.encode("ascii")] ) else: return { "RSA": b"ssh-rsa", "DSA": b"ssh-dss", "Ed25519": b"ssh-ed25519", }[self.type()] def size(self): """ Return the size of the object we wrap. @return: The size of the key. @rtype: L{int} """ if self._keyObject is None: return 0 elif self.type() == "EC": return self._keyObject.curve.key_size elif self.type() == "Ed25519": return 256 return self._keyObject.key_size def data(self): """ Return the values of the public key as a dictionary. @rtype: L{dict} """ if isinstance(self._keyObject, rsa.RSAPublicKey): numbers = self._keyObject.public_numbers() return { "n": numbers.n, "e": numbers.e, } elif isinstance(self._keyObject, rsa.RSAPrivateKey): numbers = self._keyObject.private_numbers() return { "n": numbers.public_numbers.n, "e": numbers.public_numbers.e, "d": numbers.d, "p": numbers.p, "q": numbers.q, # Use a trick: iqmp is q^-1 % p, u is p^-1 % q "u": rsa.rsa_crt_iqmp(numbers.q, numbers.p), } elif isinstance(self._keyObject, dsa.DSAPublicKey): numbers = self._keyObject.public_numbers() return { "y": numbers.y, "g": numbers.parameter_numbers.g, "p": numbers.parameter_numbers.p, "q": numbers.parameter_numbers.q, } elif isinstance(self._keyObject, dsa.DSAPrivateKey): numbers = self._keyObject.private_numbers() return { "x": numbers.x, "y": numbers.public_numbers.y, "g": numbers.public_numbers.parameter_numbers.g, "p": numbers.public_numbers.parameter_numbers.p, "q": numbers.public_numbers.parameter_numbers.q, } elif isinstance(self._keyObject, ec.EllipticCurvePublicKey): numbers = self._keyObject.public_numbers() return { "x": numbers.x, "y": numbers.y, "curve": self.sshType(), } elif isinstance(self._keyObject, ec.EllipticCurvePrivateKey): numbers = self._keyObject.private_numbers() return { "x": numbers.public_numbers.x, "y": numbers.public_numbers.y, "privateValue": numbers.private_value, "curve": self.sshType(), } elif isinstance(self._keyObject, ed25519.Ed25519PublicKey): return { "a": self._keyObject.public_bytes( serialization.Encoding.Raw, serialization.PublicFormat.Raw ), } elif isinstance(self._keyObject, ed25519.Ed25519PrivateKey): return { "a": self._keyObject.public_key().public_bytes( serialization.Encoding.Raw, serialization.PublicFormat.Raw ), "k": self._keyObject.private_bytes( serialization.Encoding.Raw, serialization.PrivateFormat.Raw, serialization.NoEncryption(), ), } else: raise RuntimeError(f"Unexpected key type: {self._keyObject}") def blob(self): """ Return the public key blob for this key. The blob is the over-the-wire format for public keys. SECSH-TRANS RFC 4253 Section 6.6. RSA keys:: string 'ssh-rsa' integer e integer n DSA keys:: string 'ssh-dss' integer p integer q integer g integer y EC keys:: string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name Ed25519 keys:: string 'ssh-ed25519' string a @rtype: L{bytes} """ type = self.type() data = self.data() if type == "RSA": return common.NS(b"ssh-rsa") + common.MP(data["e"]) + common.MP(data["n"]) elif type == "DSA": return ( common.NS(b"ssh-dss") + common.MP(data["p"]) + common.MP(data["q"]) + common.MP(data["g"]) + common.MP(data["y"]) ) elif type == "EC": byteLength = (self._keyObject.curve.key_size + 7) // 8 return ( common.NS(data["curve"]) + common.NS(data["curve"][-8:]) + common.NS( b"\x04" + utils.int_to_bytes(data["x"], byteLength) + utils.int_to_bytes(data["y"], byteLength) ) ) elif type == "Ed25519": return common.NS(b"ssh-ed25519") + common.NS(data["a"]) else: raise BadKeyError(f"unknown key type: {type}") def privateBlob(self): """ Return the private key blob for this key. The blob is the over-the-wire format for private keys: Specification in OpenSSH PROTOCOL.agent RSA keys:: string 'ssh-rsa' integer n integer e integer d integer u integer p integer q DSA keys:: string 'ssh-dss' integer p integer q integer g integer y integer x EC keys:: string 'ecdsa-sha2-[identifier]' integer x integer y integer privateValue identifier is the NIST standard curve name. Ed25519 keys:: string 'ssh-ed25519' string a string k \|\| a """ type = self.type() data = self.data() if type == "RSA": iqmp = rsa.rsa_crt_iqmp(data["p"], data["q"]) return ( common.NS(b"ssh-rsa") + common.MP(data["n"]) + common.MP(data["e"]) + common.MP(data["d"]) + common.MP(iqmp) + common.MP(data["p"]) + common.MP(data["q"]) ) elif type == "DSA": return ( common.NS(b"ssh-dss") + common.MP(data["p"]) + common.MP(data["q"]) + common.MP(data["g"]) + common.MP(data["y"]) + common.MP(data["x"]) ) elif type == "EC": encPub = self._keyObject.public_key().public_bytes( serialization.Encoding.X962, serialization.PublicFormat.UncompressedPoint, ) return ( common.NS(data["curve"]) + common.NS(data["curve"][-8:]) + common.NS(encPub) + common.MP(data["privateValue"]) ) elif type == "Ed25519": return ( common.NS(b"ssh-ed25519") + common.NS(data["a"]) + common.NS(data["k"] + data["a"]) ) else: raise BadKeyError(f"unknown key type: {type}") @_mutuallyExclusiveArguments( [ ["extra", "comment"], ["extra", "passphrase"], ] ) def toString(self, type, extra=None, subtype=None, comment=None, passphrase=None): """ Create a string representation of this key. If the key is a private key and you want the representation of its public key, use C{key.public().toString()}. type maps to a _toString_* method. @param type: The type of string to emit. Currently supported values are C{'OPENSSH'}, C{'LSH'}, and C{'AGENTV3'}. @type type: L{str} @param extra: Any extra data supported by the selected format which is not part of the key itself. For public OpenSSH keys, this is a comment. For private OpenSSH keys, this is a passphrase to encrypt with. (Deprecated since Twisted 20.3.0; use C{comment} or C{passphrase} as appropriate instead.) @type extra: L{bytes} or L{unicode} or L{None} @param subtype: A subtype of the requested C{type} to emit. Only supported for private OpenSSH keys, for which the currently supported subtypes are C{'PEM'} and C{'v1'}. If not given, an appropriate default is used. @type subtype: L{str} or L{None} @param comment: A comment to include with the key. Only supported for OpenSSH keys. Present since Twisted 20.3.0. @type comment: L{bytes} or L{unicode} or L{None} @param passphrase: A passphrase to encrypt the key with. Only supported for private OpenSSH keys. Present since Twisted 20.3.0. @type passphrase: L{bytes} or L{unicode} or L{None} @rtype: L{bytes} """ if extra is not None: # Compatibility with old parameter format. warnings.warn( "The 'extra' argument to " "twisted.conch.ssh.keys.Key.toString was deprecated in " "Twisted 20.3.0; use 'comment' or 'passphrase' instead.", DeprecationWarning, stacklevel=3, ) if self.isPublic(): comment = extra else: passphrase = extra if isinstance(comment, str): comment = comment.encode("utf-8") passphrase = _normalizePassphrase(passphrase) method = getattr(self, f"_toString_{type.upper()}", None) if method is None: raise BadKeyError(f"unknown key type: {type}") return method(subtype=subtype, comment=comment, passphrase=passphrase) def _toPublicOpenSSH(self, comment=None): """ Return a public OpenSSH key string. See _fromString_PUBLIC_OPENSSH for the string format. @type comment: L{bytes} or L{None} @param comment: A comment to include with the key, or L{None} to omit the comment. """ if self.type() == "EC": if not comment: comment = b"" return ( self._keyObject.public_bytes( serialization.Encoding.OpenSSH, serialization.PublicFormat.OpenSSH ) + b" " + comment ).strip() b64Data = encodebytes(self.blob()).replace(b"\n", b"") if not comment: comment = b"" return (self.sshType() + b" " + b64Data + b" " + comment).strip() def _toPrivateOpenSSH_v1(self, comment=None, passphrase=None): """ Return a private OpenSSH key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5. See _fromPrivateOpenSSH_v1 for the string format. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase to encrypt the key with, or L{None} if it is not encrypted. """ if passphrase: # For now we just hardcode the cipher to the one used by # OpenSSH. We could make this configurable later if it's # needed. cipher = algorithms.AES cipherName = b"aes256-ctr" kdfName = b"bcrypt" blockSize = cipher.block_size // 8 keySize = 32 ivSize = blockSize salt = randbytes.secureRandom(ivSize) rounds = 100 kdfOptions = common.NS(salt) + struct.pack("!L", rounds) else: cipherName = b"none" kdfName = b"none" blockSize = 8 kdfOptions = b"" check = randbytes.secureRandom(4) privKeyList = check + check + self.privateBlob() + common.NS(comment or b"") padByte = 0 while len(privKeyList) % blockSize: padByte += 1 privKeyList += bytes((padByte & 0xFF,)) if passphrase: encKey = bcrypt.kdf(passphrase, salt, keySize + ivSize, 100) encryptor = Cipher( cipher(encKey[:keySize]), modes.CTR(encKey[keySize : keySize + ivSize]), backend=default_backend(), ).encryptor() encPrivKeyList = encryptor.update(privKeyList) + encryptor.finalize() else: encPrivKeyList = privKeyList blob = ( b"openssh-key-v1\0" + common.NS(cipherName) + common.NS(kdfName) + common.NS(kdfOptions) + struct.pack("!L", 1) + common.NS(self.blob()) + common.NS(encPrivKeyList) ) b64Data = encodebytes(blob).replace(b"\n", b"") lines = ( [b"-----BEGIN OPENSSH PRIVATE KEY-----"] + [b64Data[i : i + 64] for i in range(0, len(b64Data), 64)] + [b"-----END OPENSSH PRIVATE KEY-----"] ) return b"\n".join(lines) + b"\n" def _toPrivateOpenSSH_PEM(self, passphrase=None): """ Return a private OpenSSH key string, in the old PEM-based format. See _fromPrivateOpenSSH_PEM for the string format. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase to encrypt the key with, or L{None} if it is not encrypted. """ if self.type() == "EC": # EC keys has complex ASN.1 structure hence we do this this way. if not passphrase: # unencrypted private key encryptor = serialization.NoEncryption() else: encryptor = serialization.BestAvailableEncryption(passphrase) return self._keyObject.private_bytes( serialization.Encoding.PEM, serialization.PrivateFormat.TraditionalOpenSSL, encryptor, ) elif self.type() == "Ed25519": raise ValueError( "cannot serialize Ed25519 key to OpenSSH PEM format; use v1 " "instead" ) data = self.data() lines = [ b"".join( (b"-----BEGIN ", self.type().encode("ascii"), b" PRIVATE KEY-----") ) ] if self.type() == "RSA": p, q = data["p"], data["q"] iqmp = rsa.rsa_crt_iqmp(p, q) objData = ( 0, data["n"], data["e"], data["d"], p, q, data["d"] % (p - 1), data["d"] % (q - 1), iqmp, ) else: objData = (0, data["p"], data["q"], data["g"], data["y"], data["x"]) asn1Sequence = univ.Sequence() for index, value in zip(itertools.count(), objData): asn1Sequence.setComponentByPosition(index, univ.Integer(value)) asn1Data = berEncoder.encode(asn1Sequence) if passphrase: iv = randbytes.secureRandom(8) hexiv = "".join([f"{ord(x):02X}" for x in iterbytes(iv)]) hexiv = hexiv.encode("ascii") lines.append(b"Proc-Type: 4,ENCRYPTED") lines.append(b"DEK-Info: DES-EDE3-CBC," + hexiv + b"\n") ba = md5(passphrase + iv).digest() bb = md5(ba + passphrase + iv).digest() encKey = (ba + bb)[:24] padLen = 8 - (len(asn1Data) % 8) asn1Data += bytes((padLen,)) * padLen encryptor = Cipher( algorithms.TripleDES(encKey), modes.CBC(iv), backend=default_backend() ).encryptor() asn1Data = encryptor.update(asn1Data) + encryptor.finalize() b64Data = encodebytes(asn1Data).replace(b"\n", b"") lines += [b64Data[i : i + 64] for i in range(0, len(b64Data), 64)] lines.append( b"".join((b"-----END ", self.type().encode("ascii"), b" PRIVATE KEY-----")) ) return b"\n".join(lines) def _toString_OPENSSH(self, subtype=None, comment=None, passphrase=None): """ Return a public or private OpenSSH string. See L{_fromString_PUBLIC_OPENSSH} and L{_fromPrivateOpenSSH_PEM} for the string formats. @param subtype: A subtype to emit. Only supported for private keys, for which the currently supported subtypes are C{'PEM'} and C{'v1'}. If not given, an appropriate default is used. @type subtype: L{str} or L{None} @param comment: Comment for a public key. @type comment: L{bytes} @param passphrase: Passphrase for a private key. @type passphrase: L{bytes} @rtype: L{bytes} """ if self.isPublic(): return self._toPublicOpenSSH(comment=comment) # No pre-v1 format is defined for Ed25519 keys. elif subtype == "v1" or (subtype is None and self.type() == "Ed25519"): return self._toPrivateOpenSSH_v1(comment=comment, passphrase=passphrase) elif subtype is None or subtype == "PEM": return self._toPrivateOpenSSH_PEM(passphrase=passphrase) else: raise ValueError(f"unknown subtype {subtype}") def _toString_LSH(self, kwargs): """ Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats. @rtype: L{bytes} """ data = self.data() type = self.type() if self.isPublic(): if type == "RSA": keyData = sexpy.pack( [ [ b"public-key", [ b"rsa-pkcs1-sha1", [b"n", common.MP(data["n"])[4:]], [b"e", common.MP(data["e"])[4:]], ], ] ] ) elif type == "DSA": keyData = sexpy.pack( [ [ b"public-key", [ b"dsa", [b"p", common.MP(data["p"])[4:]], [b"q", common.MP(data["q"])[4:]], [b"g", common.MP(data["g"])[4:]], [b"y", common.MP(data["y"])[4:]], ], ] ] ) else: raise BadKeyError(f"unknown key type {type}") return b"{" + encodebytes(keyData).replace(b"\n", b"") + b"}" else: if type == "RSA": p, q = data["p"], data["q"] iqmp = rsa.rsa_crt_iqmp(p, q) return sexpy.pack( [ [ b"private-key", [ b"rsa-pkcs1", [b"n", common.MP(data["n"])[4:]], [b"e", common.MP(data["e"])[4:]], [b"d", common.MP(data["d"])[4:]], [b"p", common.MP(q)[4:]], [b"q", common.MP(p)[4:]], [b"a", common.MP(data["d"] % (q - 1))[4:]], [b"b", common.MP(data["d"] % (p - 1))[4:]], [b"c", common.MP(iqmp)[4:]], ], ] ] ) elif type == "DSA": return sexpy.pack( [ [ b"private-key", [ b"dsa", [b"p", common.MP(data["p"])[4:]], [b"q", common.MP(data["q"])[4:]], [b"g", common.MP(data["g"])[4:]], [b"y", common.MP(data["y"])[4:]], [b"x", common.MP(data["x"])[4:]], ], ] ] ) else: raise BadKeyError(f"unknown key type {type}'") def _toString_AGENTV3(self, kwargs): """ Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format. @rtype: L{bytes} """ data = self.data() if not self.isPublic(): if self.type() == "RSA": values = ( data["e"], data["d"], data["n"], data["u"], data["p"], data["q"], ) elif self.type() == "DSA": values = (data["p"], data["q"], data["g"], data["y"], data["x"]) return common.NS(self.sshType()) + b"".join(map(common.MP, values)) def sign(self, data): """ Sign some data with this key. SECSH-TRANS RFC 4253 Section 6.6. @type data: L{bytes} @param data: The data to sign. @rtype: L{bytes} @return: A signature for the given data. """ keyType = self.type() if keyType == "RSA": sig = self._keyObject.sign(data, padding.PKCS1v15(), hashes.SHA1()) ret = common.NS(sig) elif keyType == "DSA": sig = self._keyObject.sign(data, hashes.SHA1()) (r, s) = decode_dss_signature(sig) # SSH insists that the DSS signature blob be two 160-bit integers # concatenated together. The sig[0], [1] numbers from obj.sign # are just numbers, and could be any length from 0 to 160 bits. # Make sure they are padded out to 160 bits (20 bytes each) ret = common.NS(int_to_bytes(r, 20) + int_to_bytes(s, 20)) elif keyType == "EC": # Pragma: no branch # Hash size depends on key size keySize = self.size() if keySize <= 256: hashSize = hashes.SHA256() elif keySize <= 384: hashSize = hashes.SHA384() else: hashSize = hashes.SHA512() signature = self._keyObject.sign(data, ec.ECDSA(hashSize)) (r, s) = decode_dss_signature(signature) rb = int_to_bytes(r) sb = int_to_bytes(s) # Int_to_bytes returns rb[0] as a str in python2 # and an as int in python3 if type(rb[0]) is str: rcomp = ord(rb[0]) else: rcomp = rb[0] # If the MSB is set, prepend a null byte for correct formatting. if rcomp & 0x80: rb = b"\x00" + rb if type(sb[0]) is str: scomp = ord(sb[0]) else: scomp = sb[0] if scomp & 0x80: sb = b"\x00" + sb ret = common.NS(common.NS(rb) + common.NS(sb)) elif keyType == "Ed25519": ret = common.NS(self._keyObject.sign(data)) return common.NS(self.sshType()) + ret def verify(self, signature, data): """ Verify a signature using this key. @type signature: L{bytes} @param signature: The signature to verify. @type data: L{bytes} @param data: The signed data. @rtype: L{bool} @return: C{True} if the signature is valid. """ if len(signature) == 40: # DSA key with no padding signatureType, signature = b"ssh-dss", common.NS(signature) else: signatureType, signature = common.getNS(signature) if signatureType != self.sshType(): return False keyType = self.type() if keyType == "RSA": k = self._keyObject if not self.isPublic(): k = k.public_key() args = ( common.getNS(signature)[0], data, padding.PKCS1v15(), hashes.SHA1(), ) elif keyType == "DSA": concatenatedSignature = common.getNS(signature)[0] r = int.from_bytes(concatenatedSignature[:20], "big") s = int.from_bytes(concatenatedSignature[20:], "big") signature = encode_dss_signature(r, s) k = self._keyObject if not self.isPublic(): k = k.public_key() args = (signature, data, hashes.SHA1()) elif keyType == "EC": # Pragma: no branch concatenatedSignature = common.getNS(signature)[0] rstr, sstr, rest = common.getNS(concatenatedSignature, 2) r = int.from_bytes(rstr, "big") s = int.from_bytes(sstr, "big") signature = encode_dss_signature(r, s) k = self._keyObject if not self.isPublic(): k = k.public_key() keySize = self.size() if keySize <= 256: # Hash size depends on key size hashSize = hashes.SHA256() elif keySize <= 384: hashSize = hashes.SHA384() else: hashSize = hashes.SHA512() args = (signature, data, ec.ECDSA(hashSize)) elif keyType == "Ed25519": k = self._keyObject if not self.isPublic(): k = k.public_key() args = (common.getNS(signature)[0], data) try: k.verify(args) except InvalidSignature: return False else: return True def _getPersistentRSAKey(location, keySize=4096): """ This function returns a persistent L{Key}. The key is loaded from a PEM file in C{location}. If it does not exist, a key with the key size of C{keySize} is generated and saved. @param location: Where the key is stored. @type location: L{twisted.python.filepath.FilePath} @param keySize: The size of the key, if it needs to be generated. @type keySize: L{int} @returns: A persistent key. @rtype: L{Key} """ location.parent().makedirs(ignoreExistingDirectory=True) # If it doesn't exist, we want to generate a new key and save it if not location.exists(): privateKey = rsa.generate_private_key( public_exponent=65537, key_size=keySize, backend=default_backend() ) pem = privateKey.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption(), ) location.setContent(pem) # By this point (save any hilarious race conditions) we should have a # working PEM file. Load it! # (Future archaeological readers: I chose not to short circuit above, # because then there's two exit paths to this code!) with location.open("rb") as keyFile: privateKey = serialization.load_pem_private_key( keyFile.read(), password=None, backend=default_backend() ) return Key(privateKey) ��ssh/userauth.py��0000644��00000066123�15027667726�0007605 0��ustar�00��# -- test-case-name: twisted.conch.test.test_userauth -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Implementation of the ssh-userauth service. Currently implemented authentication types are public-key and password. Maintainer: Paul Swartz """ import struct from twisted.conch import error, interfaces from twisted.conch.ssh import keys, service, transport from twisted.conch.ssh.common import NS, getNS from twisted.cred import credentials from twisted.cred.error import UnauthorizedLogin from twisted.internet import defer, reactor from twisted.logger import Logger from twisted.python import failure from twisted.python.compat import nativeString class SSHUserAuthServer(service.SSHService): """ A service implementing the server side of the 'ssh-userauth' service. It is used to authenticate the user on the other side as being able to access this server. @ivar name: the name of this service: 'ssh-userauth' @type name: L{bytes} @ivar authenticatedWith: a list of authentication methods that have already been used. @type authenticatedWith: L{list} @ivar loginTimeout: the number of seconds we wait before disconnecting the user for taking too long to authenticate @type loginTimeout: L{int} @ivar attemptsBeforeDisconnect: the number of failed login attempts we allow before disconnecting. @type attemptsBeforeDisconnect: L{int} @ivar loginAttempts: the number of login attempts that have been made @type loginAttempts: L{int} @ivar passwordDelay: the number of seconds to delay when the user gives an incorrect password @type passwordDelay: L{int} @ivar interfaceToMethod: a L{dict} mapping credential interfaces to authentication methods. The server checks to see which of the cred interfaces have checkers and tells the client that those methods are valid for authentication. @type interfaceToMethod: L{dict} @ivar supportedAuthentications: A list of the supported authentication methods. @type supportedAuthentications: L{list} of L{bytes} @ivar user: the last username the client tried to authenticate with @type user: L{bytes} @ivar method: the current authentication method @type method: L{bytes} @ivar nextService: the service the user wants started after authentication has been completed. @type nextService: L{bytes} @ivar portal: the L{twisted.cred.portal.Portal} we are using for authentication @type portal: L{twisted.cred.portal.Portal} @ivar clock: an object with a callLater method. Stubbed out for testing. """ name = b"ssh-userauth" loginTimeout = 10 60 * 60 # 10 minutes before we disconnect them attemptsBeforeDisconnect = 20 # 20 login attempts before a disconnect passwordDelay = 1 # number of seconds to delay on a failed password clock = reactor interfaceToMethod = { credentials.ISSHPrivateKey: b"publickey", credentials.IUsernamePassword: b"password", } _log = Logger() def serviceStarted(self): """ Called when the userauth service is started. Set up instance variables, check if we should allow password authentication (only allow if the outgoing connection is encrypted) and set up a login timeout. """ self.authenticatedWith = [] self.loginAttempts = 0 self.user = None self.nextService = None self.portal = self.transport.factory.portal self.supportedAuthentications = [] for i in self.portal.listCredentialsInterfaces(): if i in self.interfaceToMethod: self.supportedAuthentications.append(self.interfaceToMethod[i]) if not self.transport.isEncrypted("in"): # don't let us transport password in plaintext if b"password" in self.supportedAuthentications: self.supportedAuthentications.remove(b"password") self._cancelLoginTimeout = self.clock.callLater( self.loginTimeout, self.timeoutAuthentication ) def serviceStopped(self): """ Called when the userauth service is stopped. Cancel the login timeout if it's still going. """ if self._cancelLoginTimeout: self._cancelLoginTimeout.cancel() self._cancelLoginTimeout = None def timeoutAuthentication(self): """ Called when the user has timed out on authentication. Disconnect with a DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE message. """ self._cancelLoginTimeout = None self.transport.sendDisconnect( transport.DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE, b"you took too long" ) def tryAuth(self, kind, user, data): """ Try to authenticate the user with the given method. Dispatches to a auth_* method. @param kind: the authentication method to try. @type kind: L{bytes} @param user: the username the client is authenticating with. @type user: L{bytes} @param data: authentication specific data sent by the client. @type data: L{bytes} @return: A Deferred called back if the method succeeded, or erred back if it failed. @rtype: C{defer.Deferred} """ self._log.debug("{user!r} trying auth {kind!r}", user=user, kind=kind) if kind not in self.supportedAuthentications: return defer.fail(error.ConchError("unsupported authentication, failing")) kind = nativeString(kind.replace(b"-", b"_")) f = getattr(self, f"auth_{kind}", None) if f: ret = f(data) if not ret: return defer.fail( error.ConchError(f"{kind} return None instead of a Deferred") ) else: return ret return defer.fail(error.ConchError(f"bad auth type: {kind}")) def ssh_USERAUTH_REQUEST(self, packet): """ The client has requested authentication. Payload:: string user string next service string method <authentication specific data> @type packet: L{bytes} """ user, nextService, method, rest = getNS(packet, 3) if user != self.user or nextService != self.nextService: self.authenticatedWith = [] # clear auth state self.user = user self.nextService = nextService self.method = method d = self.tryAuth(method, user, rest) if not d: self._ebBadAuth(failure.Failure(error.ConchError("auth returned none"))) return d.addCallback(self._cbFinishedAuth) d.addErrback(self._ebMaybeBadAuth) d.addErrback(self._ebBadAuth) return d def _cbFinishedAuth(self, result): """ The callback when user has successfully been authenticated. For a description of the arguments, see L{twisted.cred.portal.Portal.login}. We start the service requested by the user. """ (interface, avatar, logout) = result self.transport.avatar = avatar self.transport.logoutFunction = logout service = self.transport.factory.getService(self.transport, self.nextService) if not service: raise error.ConchError(f"could not get next service: {self.nextService}") self._log.debug( "{user!r} authenticated with {method!r}", user=self.user, method=self.method ) self.transport.sendPacket(MSG_USERAUTH_SUCCESS, b"") self.transport.setService(service()) def _ebMaybeBadAuth(self, reason): """ An intermediate errback. If the reason is error.NotEnoughAuthentication, we send a MSG_USERAUTH_FAILURE, but with the partial success indicator set. @type reason: L{twisted.python.failure.Failure} """ reason.trap(error.NotEnoughAuthentication) self.transport.sendPacket( MSG_USERAUTH_FAILURE, NS(b",".join(self.supportedAuthentications)) + b"\xff" ) def _ebBadAuth(self, reason): """ The final errback in the authentication chain. If the reason is error.IgnoreAuthentication, we simply return; the authentication method has sent its own response. Otherwise, send a failure message and (if the method is not 'none') increment the number of login attempts. @type reason: L{twisted.python.failure.Failure} """ if reason.check(error.IgnoreAuthentication): return if self.method != b"none": self._log.debug( "{user!r} failed auth {method!r}", user=self.user, method=self.method ) if reason.check(UnauthorizedLogin): self._log.debug( "unauthorized login: {message}", message=reason.getErrorMessage() ) elif reason.check(error.ConchError): self._log.debug("reason: {reason}", reason=reason.getErrorMessage()) else: self._log.failure( "Error checking auth for user {user}", failure=reason, user=self.user, ) self.loginAttempts += 1 if self.loginAttempts > self.attemptsBeforeDisconnect: self.transport.sendDisconnect( transport.DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE, b"too many bad auths", ) return self.transport.sendPacket( MSG_USERAUTH_FAILURE, NS(b",".join(self.supportedAuthentications)) + b"\x00" ) def auth_publickey(self, packet): """ Public key authentication. Payload:: byte has signature string algorithm name string key blob [string signature] (if has signature is True) Create a SSHPublicKey credential and verify it using our portal. """ hasSig = ord(packet[0:1]) algName, blob, rest = getNS(packet[1:], 2) try: pubKey = keys.Key.fromString(blob) except keys.BadKeyError: error = "Unsupported key type {} or bad key".format(algName.decode("ascii")) self._log.error(error) return defer.fail(UnauthorizedLogin(error)) signature = hasSig and getNS(rest)[0] or None if hasSig: b = ( NS(self.transport.sessionID) + bytes((MSG_USERAUTH_REQUEST,)) + NS(self.user) + NS(self.nextService) + NS(b"publickey") + bytes((hasSig,)) + NS(pubKey.sshType()) + NS(blob) ) c = credentials.SSHPrivateKey(self.user, algName, blob, b, signature) return self.portal.login(c, None, interfaces.IConchUser) else: c = credentials.SSHPrivateKey(self.user, algName, blob, None, None) return self.portal.login(c, None, interfaces.IConchUser).addErrback( self._ebCheckKey, packet[1:] ) def _ebCheckKey(self, reason, packet): """ Called back if the user did not sent a signature. If reason is error.ValidPublicKey then this key is valid for the user to authenticate with. Send MSG_USERAUTH_PK_OK. """ reason.trap(error.ValidPublicKey) # if we make it here, it means that the publickey is valid self.transport.sendPacket(MSG_USERAUTH_PK_OK, packet) return failure.Failure(error.IgnoreAuthentication()) def auth_password(self, packet): """ Password authentication. Payload:: string password Make a UsernamePassword credential and verify it with our portal. """ password = getNS(packet[1:])[0] c = credentials.UsernamePassword(self.user, password) return self.portal.login(c, None, interfaces.IConchUser).addErrback( self._ebPassword ) def _ebPassword(self, f): """ If the password is invalid, wait before sending the failure in order to delay brute-force password guessing. """ d = defer.Deferred() self.clock.callLater(self.passwordDelay, d.callback, f) return d class SSHUserAuthClient(service.SSHService): """ A service implementing the client side of 'ssh-userauth'. This service will try all authentication methods provided by the server, making callbacks for more information when necessary. @ivar name: the name of this service: 'ssh-userauth' @type name: L{str} @ivar preferredOrder: a list of authentication methods that should be used first, in order of preference, if supported by the server @type preferredOrder: L{list} @ivar user: the name of the user to authenticate as @type user: L{bytes} @ivar instance: the service to start after authentication has finished @type instance: L{service.SSHService} @ivar authenticatedWith: a list of strings of authentication methods we've tried @type authenticatedWith: L{list} of L{bytes} @ivar triedPublicKeys: a list of public key objects that we've tried to authenticate with @type triedPublicKeys: L{list} of L{Key} @ivar lastPublicKey: the last public key object we've tried to authenticate with @type lastPublicKey: L{Key} """ name = b"ssh-userauth" preferredOrder = [b"publickey", b"password", b"keyboard-interactive"] def __init__(self, user, instance): self.user = user self.instance = instance def serviceStarted(self): self.authenticatedWith = [] self.triedPublicKeys = [] self.lastPublicKey = None self.askForAuth(b"none", b"") def askForAuth(self, kind, extraData): """ Send a MSG_USERAUTH_REQUEST. @param kind: the authentication method to try. @type kind: L{bytes} @param extraData: method-specific data to go in the packet @type extraData: L{bytes} """ self.lastAuth = kind self.transport.sendPacket( MSG_USERAUTH_REQUEST, NS(self.user) + NS(self.instance.name) + NS(kind) + extraData, ) def tryAuth(self, kind): """ Dispatch to an authentication method. @param kind: the authentication method @type kind: L{bytes} """ kind = nativeString(kind.replace(b"-", b"_")) self._log.debug("trying to auth with {kind}", kind=kind) f = getattr(self, "auth_" + kind, None) if f: return f() def _ebAuth(self, ignored, args): """ Generic callback for a failed authentication attempt. Respond by asking for the list of accepted methods (the 'none' method) """ self.askForAuth(b"none", b"") def ssh_USERAUTH_SUCCESS(self, packet): """ We received a MSG_USERAUTH_SUCCESS. The server has accepted our authentication, so start the next service. """ self.transport.setService(self.instance) def ssh_USERAUTH_FAILURE(self, packet): """ We received a MSG_USERAUTH_FAILURE. Payload:: string methods byte partial success If partial success is C{True}, then the previous method succeeded but is not sufficient for authentication. C{methods} is a comma-separated list of accepted authentication methods. We sort the list of methods by their position in C{self.preferredOrder}, removing methods that have already succeeded. We then call C{self.tryAuth} with the most preferred method. @param packet: the C{MSG_USERAUTH_FAILURE} payload. @type packet: L{bytes} @return: a L{defer.Deferred} that will be callbacked with L{None} as soon as all authentication methods have been tried, or L{None} if no more authentication methods are available. @rtype: C{defer.Deferred} or L{None} """ canContinue, partial = getNS(packet) partial = ord(partial) if partial: self.authenticatedWith.append(self.lastAuth) def orderByPreference(meth): """ Invoked once per authentication method in order to extract a comparison key which is then used for sorting. @param meth: the authentication method. @type meth: L{bytes} @return: the comparison key for C{meth}. @rtype: L{int} """ if meth in self.preferredOrder: return self.preferredOrder.index(meth) else: # put the element at the end of the list. return len(self.preferredOrder) canContinue = sorted( ( meth for meth in canContinue.split(b",") if meth not in self.authenticatedWith ), key=orderByPreference, ) self._log.debug("can continue with: {methods}", methods=canContinue) return self._cbUserauthFailure(None, iter(canContinue)) def _cbUserauthFailure(self, result, iterator): if result: return try: method = next(iterator) except StopIteration: self.transport.sendDisconnect( transport.DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE, b"no more authentication methods available", ) else: d = defer.maybeDeferred(self.tryAuth, method) d.addCallback(self._cbUserauthFailure, iterator) return d def ssh_USERAUTH_PK_OK(self, packet): """ This message (number 60) can mean several different messages depending on the current authentication type. We dispatch to individual methods in order to handle this request. """ func = getattr( self, "ssh_USERAUTH_PK_OK_%s" % nativeString(self.lastAuth.replace(b"-", b"_")), None, ) if func is not None: return func(packet) else: self.askForAuth(b"none", b"") def ssh_USERAUTH_PK_OK_publickey(self, packet): """ This is MSG_USERAUTH_PK. Our public key is valid, so we create a signature and try to authenticate with it. """ publicKey = self.lastPublicKey b = ( NS(self.transport.sessionID) + bytes((MSG_USERAUTH_REQUEST,)) + NS(self.user) + NS(self.instance.name) + NS(b"publickey") + b"\x01" + NS(publicKey.sshType()) + NS(publicKey.blob()) ) d = self.signData(publicKey, b) if not d: self.askForAuth(b"none", b"") # this will fail, we'll move on return d.addCallback(self._cbSignedData) d.addErrback(self._ebAuth) def ssh_USERAUTH_PK_OK_password(self, packet): """ This is MSG_USERAUTH_PASSWD_CHANGEREQ. The password given has expired. We ask for an old password and a new password, then send both back to the server. """ prompt, language, rest = getNS(packet, 2) self._oldPass = self._newPass = None d = self.getPassword(b"Old Password: ") d = d.addCallbacks(self._setOldPass, self._ebAuth) d.addCallback(lambda ignored: self.getPassword(prompt)) d.addCallbacks(self._setNewPass, self._ebAuth) def ssh_USERAUTH_PK_OK_keyboard_interactive(self, packet): """ This is MSG_USERAUTH_INFO_RESPONSE. The server has sent us the questions it wants us to answer, so we ask the user and sent the responses. """ name, instruction, lang, data = getNS(packet, 3) numPrompts = struct.unpack("!L", data[:4])[0] data = data[4:] prompts = [] for i in range(numPrompts): prompt, data = getNS(data) echo = bool(ord(data[0:1])) data = data[1:] prompts.append((prompt, echo)) d = self.getGenericAnswers(name, instruction, prompts) d.addCallback(self._cbGenericAnswers) d.addErrback(self._ebAuth) def _cbSignedData(self, signedData): """ Called back out of self.signData with the signed data. Send the authentication request with the signature. @param signedData: the data signed by the user's private key. @type signedData: L{bytes} """ publicKey = self.lastPublicKey self.askForAuth( b"publickey", b"\x01" + NS(publicKey.sshType()) + NS(publicKey.blob()) + NS(signedData), ) def _setOldPass(self, op): """ Called back when we are choosing a new password. Simply store the old password for now. @param op: the old password as entered by the user @type op: L{bytes} """ self._oldPass = op def _setNewPass(self, np): """ Called back when we are choosing a new password. Get the old password and send the authentication message with both. @param np: the new password as entered by the user @type np: L{bytes} """ op = self._oldPass self._oldPass = None self.askForAuth(b"password", b"\xff" + NS(op) + NS(np)) def _cbGenericAnswers(self, responses): """ Called back when we are finished answering keyboard-interactive questions. Send the info back to the server in a MSG_USERAUTH_INFO_RESPONSE. @param responses: a list of L{bytes} responses @type responses: L{list} """ data = struct.pack("!L", len(responses)) for r in responses: data += NS(r.encode("UTF8")) self.transport.sendPacket(MSG_USERAUTH_INFO_RESPONSE, data) def auth_publickey(self): """ Try to authenticate with a public key. Ask the user for a public key; if the user has one, send the request to the server and return True. Otherwise, return False. @rtype: L{bool} """ d = defer.maybeDeferred(self.getPublicKey) d.addBoth(self._cbGetPublicKey) return d def _cbGetPublicKey(self, publicKey): if not isinstance(publicKey, keys.Key): # failure or None publicKey = None if publicKey is not None: self.lastPublicKey = publicKey self.triedPublicKeys.append(publicKey) self._log.debug("using key of type {keyType}", keyType=publicKey.type()) self.askForAuth( b"publickey", b"\x00" + NS(publicKey.sshType()) + NS(publicKey.blob()) ) return True else: return False def auth_password(self): """ Try to authenticate with a password. Ask the user for a password. If the user will return a password, return True. Otherwise, return False. @rtype: L{bool} """ d = self.getPassword() if d: d.addCallbacks(self._cbPassword, self._ebAuth) return True else: # returned None, don't do password auth return False def auth_keyboard_interactive(self): """ Try to authenticate with keyboard-interactive authentication. Send the request to the server and return True. @rtype: L{bool} """ self._log.debug("authing with keyboard-interactive") self.askForAuth(b"keyboard-interactive", NS(b"") + NS(b"")) return True def _cbPassword(self, password): """ Called back when the user gives a password. Send the request to the server. @param password: the password the user entered @type password: L{bytes} """ self.askForAuth(b"password", b"\x00" + NS(password)) def signData(self, publicKey, signData): """ Sign the given data with the given public key. By default, this will call getPrivateKey to get the private key, then sign the data using Key.sign(). This method is factored out so that it can be overridden to use alternate methods, such as a key agent. @param publicKey: The public key object returned from L{getPublicKey} @type publicKey: L{keys.Key} @param signData: the data to be signed by the private key. @type signData: L{bytes} @return: a Deferred that's called back with the signature @rtype: L{defer.Deferred} """ key = self.getPrivateKey() if not key: return return key.addCallback(self._cbSignData, signData) def _cbSignData(self, privateKey, signData): """ Called back when the private key is returned. Sign the data and return the signature. @param privateKey: the private key object @type privateKey: L{keys.Key} @param signData: the data to be signed by the private key. @type signData: L{bytes} @return: the signature @rtype: L{bytes} """ return privateKey.sign(signData) def getPublicKey(self): """ Return a public key for the user. If no more public keys are available, return L{None}. This implementation always returns L{None}. Override it in a subclass to actually find and return a public key object. @rtype: L{Key} or L{None} """ return None def getPrivateKey(self): """ Return a L{Deferred} that will be called back with the private key object corresponding to the last public key from getPublicKey(). If the private key is not available, errback on the Deferred. @rtype: L{Deferred} called back with L{Key} """ return defer.fail(NotImplementedError()) def getPassword(self, prompt=None): """ Return a L{Deferred} that will be called back with a password. prompt is a string to display for the password, or None for a generic 'user@hostname's password: '. @type prompt: L{bytes}/L{None} @rtype: L{defer.Deferred} """ return defer.fail(NotImplementedError()) def getGenericAnswers(self, name, instruction, prompts): """ Returns a L{Deferred} with the responses to the promopts. @param name: The name of the authentication currently in progress. @param instruction: Describes what the authentication wants. @param prompts: A list of (prompt, echo) pairs, where prompt is a string to display and echo is a boolean indicating whether the user's response should be echoed as they type it. """ return defer.fail(NotImplementedError()) MSG_USERAUTH_REQUEST = 50 MSG_USERAUTH_FAILURE = 51 MSG_USERAUTH_SUCCESS = 52 MSG_USERAUTH_BANNER = 53 MSG_USERAUTH_INFO_RESPONSE = 61 MSG_USERAUTH_PK_OK = 60 messages = {} for k, v in list(locals().items()): if k[:4] == "MSG_": messages[v] = k SSHUserAuthServer.protocolMessages = messages SSHUserAuthClient.protocolMessages = messages del messages del v # Doubles, not included in the protocols' mappings MSG_USERAUTH_PASSWD_CHANGEREQ = 60 MSG_USERAUTH_INFO_REQUEST = 60 ��ssh/__init__.py��0000644��00000000266�15027667726�0007500 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. # """ An SSHv2 implementation for Twisted. Part of the Twisted.Conch package. Maintainer: Paul Swartz """ ��recvline.py��0000644��00000045333�15027667726�0006757 0��ustar�00��# -- test-case-name: twisted.conch.test.test_recvline -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Basic line editing support. @author: Jp Calderone """ import string from typing import Dict from zope.interface import implementer from twisted.conch.insults import helper, insults from twisted.logger import Logger from twisted.python import reflect from twisted.python.compat import iterbytes _counters: Dict[str, int] = {} class Logging: """ Wrapper which logs attribute lookups. This was useful in debugging something, I guess. I forget what. It can probably be deleted or moved somewhere more appropriate. Nothing special going on here, really. """ def __init__(self, original): self.original = original key = reflect.qual(original.__class__) count = _counters.get(key, 0) _counters[key] = count + 1 self._logFile = open(key + "-" + str(count), "w") def __str__(self) -> str: return str(super().__getattribute__("original")) def __repr__(self) -> str: return repr(super().__getattribute__("original")) def __getattribute__(self, name): original = super().__getattribute__("original") logFile = super().__getattribute__("_logFile") logFile.write(name + "\n") return getattr(original, name) @implementer(insults.ITerminalTransport) class TransportSequence: """ An L{ITerminalTransport} implementation which forwards calls to one or more other L{ITerminalTransport}s. This is a cheap way for servers to keep track of the state they expect the client to see, since all terminal manipulations can be send to the real client and to a terminal emulator that lives in the server process. """ for keyID in ( b"UP_ARROW", b"DOWN_ARROW", b"RIGHT_ARROW", b"LEFT_ARROW", b"HOME", b"INSERT", b"DELETE", b"END", b"PGUP", b"PGDN", b"F1", b"F2", b"F3", b"F4", b"F5", b"F6", b"F7", b"F8", b"F9", b"F10", b"F11", b"F12", ): execBytes = keyID + b" = object()" execStr = execBytes.decode("ascii") exec(execStr) TAB = b"\t" BACKSPACE = b"\x7f" def __init__(self, transports): assert transports, "Cannot construct a TransportSequence with no transports" self.transports = transports for method in insults.ITerminalTransport: exec( """\ def %s(self, a, kw): for tpt in self.transports: result = tpt.%s(a, *kw) return result """ % (method, method) ) def getHost(self): # ITransport.getHost raise NotImplementedError("Unimplemented: TransportSequence.getHost") def getPeer(self): # ITransport.getPeer raise NotImplementedError("Unimplemented: TransportSequence.getPeer") def loseConnection(self): # ITransport.loseConnection raise NotImplementedError("Unimplemented: TransportSequence.loseConnection") def write(self, data): # ITransport.write raise NotImplementedError("Unimplemented: TransportSequence.write") def writeSequence(self, data): # ITransport.writeSequence raise NotImplementedError("Unimplemented: TransportSequence.writeSequence") def cursorUp(self, n=1): # ITerminalTransport.cursorUp raise NotImplementedError("Unimplemented: TransportSequence.cursorUp") def cursorDown(self, n=1): # ITerminalTransport.cursorDown raise NotImplementedError("Unimplemented: TransportSequence.cursorDown") def cursorForward(self, n=1): # ITerminalTransport.cursorForward raise NotImplementedError("Unimplemented: TransportSequence.cursorForward") def cursorBackward(self, n=1): # ITerminalTransport.cursorBackward raise NotImplementedError("Unimplemented: TransportSequence.cursorBackward") def cursorPosition(self, column, line): # ITerminalTransport.cursorPosition raise NotImplementedError("Unimplemented: TransportSequence.cursorPosition") def cursorHome(self): # ITerminalTransport.cursorHome raise NotImplementedError("Unimplemented: TransportSequence.cursorHome") def index(self): # ITerminalTransport.index raise NotImplementedError("Unimplemented: TransportSequence.index") def reverseIndex(self): # ITerminalTransport.reverseIndex raise NotImplementedError("Unimplemented: TransportSequence.reverseIndex") def nextLine(self): # ITerminalTransport.nextLine raise NotImplementedError("Unimplemented: TransportSequence.nextLine") def saveCursor(self): # ITerminalTransport.saveCursor raise NotImplementedError("Unimplemented: TransportSequence.saveCursor") def restoreCursor(self): # ITerminalTransport.restoreCursor raise NotImplementedError("Unimplemented: TransportSequence.restoreCursor") def setModes(self, modes): # ITerminalTransport.setModes raise NotImplementedError("Unimplemented: TransportSequence.setModes") def resetModes(self, mode): # ITerminalTransport.resetModes raise NotImplementedError("Unimplemented: TransportSequence.resetModes") def setPrivateModes(self, modes): # ITerminalTransport.setPrivateModes raise NotImplementedError("Unimplemented: TransportSequence.setPrivateModes") def resetPrivateModes(self, modes): # ITerminalTransport.resetPrivateModes raise NotImplementedError("Unimplemented: TransportSequence.resetPrivateModes") def applicationKeypadMode(self): # ITerminalTransport.applicationKeypadMode raise NotImplementedError( "Unimplemented: TransportSequence.applicationKeypadMode" ) def numericKeypadMode(self): # ITerminalTransport.numericKeypadMode raise NotImplementedError("Unimplemented: TransportSequence.numericKeypadMode") def selectCharacterSet(self, charSet, which): # ITerminalTransport.selectCharacterSet raise NotImplementedError("Unimplemented: TransportSequence.selectCharacterSet") def shiftIn(self): # ITerminalTransport.shiftIn raise NotImplementedError("Unimplemented: TransportSequence.shiftIn") def shiftOut(self): # ITerminalTransport.shiftOut raise NotImplementedError("Unimplemented: TransportSequence.shiftOut") def singleShift2(self): # ITerminalTransport.singleShift2 raise NotImplementedError("Unimplemented: TransportSequence.singleShift2") def singleShift3(self): # ITerminalTransport.singleShift3 raise NotImplementedError("Unimplemented: TransportSequence.singleShift3") def selectGraphicRendition(self, attributes): # ITerminalTransport.selectGraphicRendition raise NotImplementedError( "Unimplemented: TransportSequence.selectGraphicRendition" ) def horizontalTabulationSet(self): # ITerminalTransport.horizontalTabulationSet raise NotImplementedError( "Unimplemented: TransportSequence.horizontalTabulationSet" ) def tabulationClear(self): # ITerminalTransport.tabulationClear raise NotImplementedError("Unimplemented: TransportSequence.tabulationClear") def tabulationClearAll(self): # ITerminalTransport.tabulationClearAll raise NotImplementedError("Unimplemented: TransportSequence.tabulationClearAll") def doubleHeightLine(self, top=True): # ITerminalTransport.doubleHeightLine raise NotImplementedError("Unimplemented: TransportSequence.doubleHeightLine") def singleWidthLine(self): # ITerminalTransport.singleWidthLine raise NotImplementedError("Unimplemented: TransportSequence.singleWidthLine") def doubleWidthLine(self): # ITerminalTransport.doubleWidthLine raise NotImplementedError("Unimplemented: TransportSequence.doubleWidthLine") def eraseToLineEnd(self): # ITerminalTransport.eraseToLineEnd raise NotImplementedError("Unimplemented: TransportSequence.eraseToLineEnd") def eraseToLineBeginning(self): # ITerminalTransport.eraseToLineBeginning raise NotImplementedError( "Unimplemented: TransportSequence.eraseToLineBeginning" ) def eraseLine(self): # ITerminalTransport.eraseLine raise NotImplementedError("Unimplemented: TransportSequence.eraseLine") def eraseToDisplayEnd(self): # ITerminalTransport.eraseToDisplayEnd raise NotImplementedError("Unimplemented: TransportSequence.eraseToDisplayEnd") def eraseToDisplayBeginning(self): # ITerminalTransport.eraseToDisplayBeginning raise NotImplementedError( "Unimplemented: TransportSequence.eraseToDisplayBeginning" ) def eraseDisplay(self): # ITerminalTransport.eraseDisplay raise NotImplementedError("Unimplemented: TransportSequence.eraseDisplay") def deleteCharacter(self, n=1): # ITerminalTransport.deleteCharacter raise NotImplementedError("Unimplemented: TransportSequence.deleteCharacter") def insertLine(self, n=1): # ITerminalTransport.insertLine raise NotImplementedError("Unimplemented: TransportSequence.insertLine") def deleteLine(self, n=1): # ITerminalTransport.deleteLine raise NotImplementedError("Unimplemented: TransportSequence.deleteLine") def reportCursorPosition(self): # ITerminalTransport.reportCursorPosition raise NotImplementedError( "Unimplemented: TransportSequence.reportCursorPosition" ) def reset(self): # ITerminalTransport.reset raise NotImplementedError("Unimplemented: TransportSequence.reset") def unhandledControlSequence(self, seq): # ITerminalTransport.unhandledControlSequence raise NotImplementedError( "Unimplemented: TransportSequence.unhandledControlSequence" ) class LocalTerminalBufferMixin: """ A mixin for RecvLine subclasses which records the state of the terminal. This is accomplished by performing all L{ITerminalTransport} operations on both the transport passed to makeConnection and an instance of helper.TerminalBuffer. @ivar terminalCopy: A L{helper.TerminalBuffer} instance which efforts will be made to keep up to date with the actual terminal associated with this protocol instance. """ def makeConnection(self, transport): self.terminalCopy = helper.TerminalBuffer() self.terminalCopy.connectionMade() return super().makeConnection(TransportSequence(transport, self.terminalCopy)) def __str__(self) -> str: return str(self.terminalCopy) class RecvLine(insults.TerminalProtocol): """ L{TerminalProtocol} which adds line editing features. Clients will be prompted for lines of input with all the usual features: character echoing, left and right arrow support for moving the cursor to different areas of the line buffer, backspace and delete for removing characters, and insert for toggling between typeover and insert mode. Tabs will be expanded to enough spaces to move the cursor to the next tabstop (every four characters by default). Enter causes the line buffer to be cleared and the line to be passed to the lineReceived() method which, by default, does nothing. Subclasses are responsible for redrawing the input prompt (this will probably change). """ width = 80 height = 24 TABSTOP = 4 ps = (b">>> ", b"... ") pn = 0 _printableChars = string.printable.encode("ascii") _log = Logger() def connectionMade(self): # A list containing the characters making up the current line self.lineBuffer = [] # A zero-based (wtf else?) index into self.lineBuffer. # Indicates the current cursor position. self.lineBufferIndex = 0 t = self.terminal # A map of keyIDs to bound instance methods. self.keyHandlers = { t.LEFT_ARROW: self.handle_LEFT, t.RIGHT_ARROW: self.handle_RIGHT, t.TAB: self.handle_TAB, # Both of these should not be necessary, but figuring out # which is necessary is a huge hassle. b"\r": self.handle_RETURN, b"\n": self.handle_RETURN, t.BACKSPACE: self.handle_BACKSPACE, t.DELETE: self.handle_DELETE, t.INSERT: self.handle_INSERT, t.HOME: self.handle_HOME, t.END: self.handle_END, } self.initializeScreen() def initializeScreen(self): # Hmm, state sucks. Oh well. # For now we will just take over the whole terminal. self.terminal.reset() self.terminal.write(self.ps[self.pn]) # XXX Note: I would prefer to default to starting in insert # mode, however this does not seem to actually work! I do not # know why. This is probably of interest to implementors # subclassing RecvLine. # XXX XXX Note: But the unit tests all expect the initial mode # to be insert right now. Fuck, there needs to be a way to # query the current mode or something. # self.setTypeoverMode() self.setInsertMode() def currentLineBuffer(self): s = b"".join(self.lineBuffer) return s[: self.lineBufferIndex], s[self.lineBufferIndex :] def setInsertMode(self): self.mode = "insert" self.terminal.setModes([insults.modes.IRM]) def setTypeoverMode(self): self.mode = "typeover" self.terminal.resetModes([insults.modes.IRM]) def drawInputLine(self): """ Write a line containing the current input prompt and the current line buffer at the current cursor position. """ self.terminal.write(self.ps[self.pn] + b"".join(self.lineBuffer)) def terminalSize(self, width, height): # XXX - Clear the previous input line, redraw it at the new # cursor position self.terminal.eraseDisplay() self.terminal.cursorHome() self.width = width self.height = height self.drawInputLine() def unhandledControlSequence(self, seq): pass def keystrokeReceived(self, keyID, modifier): m = self.keyHandlers.get(keyID) if m is not None: m() elif keyID in self._printableChars: self.characterReceived(keyID, False) else: self._log.warn("Received unhandled keyID: {keyID!r}", keyID=keyID) def characterReceived(self, ch, moreCharactersComing): if self.mode == "insert": self.lineBuffer.insert(self.lineBufferIndex, ch) else: self.lineBuffer[self.lineBufferIndex : self.lineBufferIndex + 1] = [ch] self.lineBufferIndex += 1 self.terminal.write(ch) def handle_TAB(self): n = self.TABSTOP - (len(self.lineBuffer) % self.TABSTOP) self.terminal.cursorForward(n) self.lineBufferIndex += n self.lineBuffer.extend(iterbytes(b" " * n)) def handle_LEFT(self): if self.lineBufferIndex > 0: self.lineBufferIndex -= 1 self.terminal.cursorBackward() def handle_RIGHT(self): if self.lineBufferIndex < len(self.lineBuffer): self.lineBufferIndex += 1 self.terminal.cursorForward() def handle_HOME(self): if self.lineBufferIndex: self.terminal.cursorBackward(self.lineBufferIndex) self.lineBufferIndex = 0 def handle_END(self): offset = len(self.lineBuffer) - self.lineBufferIndex if offset: self.terminal.cursorForward(offset) self.lineBufferIndex = len(self.lineBuffer) def handle_BACKSPACE(self): if self.lineBufferIndex > 0: self.lineBufferIndex -= 1 del self.lineBuffer[self.lineBufferIndex] self.terminal.cursorBackward() self.terminal.deleteCharacter() def handle_DELETE(self): if self.lineBufferIndex < len(self.lineBuffer): del self.lineBuffer[self.lineBufferIndex] self.terminal.deleteCharacter() def handle_RETURN(self): line = b"".join(self.lineBuffer) self.lineBuffer = [] self.lineBufferIndex = 0 self.terminal.nextLine() self.lineReceived(line) def handle_INSERT(self): assert self.mode in ("typeover", "insert") if self.mode == "typeover": self.setInsertMode() else: self.setTypeoverMode() def lineReceived(self, line): pass class HistoricRecvLine(RecvLine): """ L{TerminalProtocol} which adds both basic line-editing features and input history. Everything supported by L{RecvLine} is also supported by this class. In addition, the up and down arrows traverse the input history. Each received line is automatically added to the end of the input history. """ def connectionMade(self): RecvLine.connectionMade(self) self.historyLines = [] self.historyPosition = 0 t = self.terminal self.keyHandlers.update( {t.UP_ARROW: self.handle_UP, t.DOWN_ARROW: self.handle_DOWN} ) def currentHistoryBuffer(self): b = tuple(self.historyLines) return b[: self.historyPosition], b[self.historyPosition :] def _deliverBuffer(self, buf): if buf: for ch in iterbytes(buf[:-1]): self.characterReceived(ch, True) self.characterReceived(buf[-1:], False) def handle_UP(self): if self.lineBuffer and self.historyPosition == len(self.historyLines): self.historyLines.append(b"".join(self.lineBuffer)) if self.historyPosition > 0: self.handle_HOME() self.terminal.eraseToLineEnd() self.historyPosition -= 1 self.lineBuffer = [] self._deliverBuffer(self.historyLines[self.historyPosition]) def handle_DOWN(self): if self.historyPosition < len(self.historyLines) - 1: self.handle_HOME() self.terminal.eraseToLineEnd() self.historyPosition += 1 self.lineBuffer = [] self._deliverBuffer(self.historyLines[self.historyPosition]) else: self.handle_HOME() self.terminal.eraseToLineEnd() self.historyPosition = len(self.historyLines) self.lineBuffer = [] self.lineBufferIndex = 0 def handle_RETURN(self): if self.lineBuffer: self.historyLines.append(b"".join(self.lineBuffer)) self.historyPosition = len(self.historyLines) return RecvLine.handle_RETURN(self) ��tap.py��0000644��00000006166�15027667726�0005735 0��ustar�00��# -- test-case-name: twisted.conch.test.test_tap -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Support module for making SSH servers with twistd. """ from twisted.application import strports from twisted.conch import checkers as conch_checkers, unix from twisted.conch.openssh_compat import factory from twisted.cred import portal, strcred from twisted.python import usage class Options(usage.Options, strcred.AuthOptionMixin): synopsis = "[-i <interface>] [-p <port>] [-d <dir>] " longdesc = ( "Makes a Conch SSH server. If no authentication methods are " "specified, the default authentication methods are UNIX passwords " "and SSH public keys. If --auth options are " "passed, only the measures specified will be used." ) optParameters = [ ["interface", "i", "", "local interface to which we listen"], ["port", "p", "tcp:22", "Port on which to listen"], ["data", "d", "/etc", "directory to look for host keys in"], [ "moduli", "", None, "directory to look for moduli in " "(if different from --data)", ], ] compData = usage.Completions( optActions={ "data": usage.CompleteDirs(descr="data directory"), "moduli": usage.CompleteDirs(descr="moduli directory"), "interface": usage.CompleteNetInterfaces(), } ) def __init__(self, a, kw): usage.Options.__init__(self, a, *kw) # Call the default addCheckers (for backwards compatibility) that will # be used if no --auth option is provided - note that conch's # UNIXPasswordDatabase is used, instead of twisted.plugins.cred_unix's # checker super().addChecker(conch_checkers.UNIXPasswordDatabase()) super().addChecker( conch_checkers.SSHPublicKeyChecker(conch_checkers.UNIXAuthorizedKeysFiles()) ) self._usingDefaultAuth = True def addChecker(self, checker): """ Add the checker specified. If any checkers are added, the default checkers are automatically cleared and the only checkers will be the specified one(s). """ if self._usingDefaultAuth: self["credCheckers"] = [] self["credInterfaces"] = {} self._usingDefaultAuth = False super().addChecker(checker) def makeService(config): """ Construct a service for operating a SSH server. @param config: An L{Options} instance specifying server options, including where server keys are stored and what authentication methods to use. @return: A L{twisted.application.service.IService} provider which contains the requested SSH server. """ t = factory.OpenSSHFactory() r = unix.UnixSSHRealm() t.portal = portal.Portal(r, config.get("credCheckers", [])) t.dataRoot = config["data"] t.moduliRoot = config["moduli"] or config["data"] port = config["port"] if config["interface"]: # Add warning here port += ":interface=" + config["interface"] return strports.service(port, t) ��__pycache__/ls.cpython-310.pyc��0000644��00000003710�15027667726�0012116 0��ustar�00��o ��b� ��@��sV��d�dl�Z�d�dlZd�dlmZmZmZ�eeeeedd��d� ��Z dd��ZdgZdS�)��N)� localtime�strftime�time�� z/Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Decc�� C��s��\|j�}t�dd�}t�\|�}t�\|�rtd�\|d<�nNt�\|�r&td�\|d<�nBt�\|�r2td�\|d<�n6t�\|�r>td�\|d<�nt� \|�rJtd�\|d<�nt� \|�rVtd �\|d<�nt�\|�rbtd �\|d<�ntd�\|d<�\|tj@�rstd�\|d <�\|tj @�r~td�\|d<�\|tj@�r�td�\|d<�\|tj@�r�td�\|d<�\|tj@�r�td�\|d<�\|tj@�r�td�\|d<�\|tj@�r�td�\|d<�\|tj@�r�td�\|d<�\|tj@�r�td�\|d<�\|tj@�r�\|d�td�kr�td �\|d<�ntd�\|d<�\|tj@�r�\|d�td�kr�td �\|d<�ntd�\|d<�t\|�t��r \|��d�}�\|��}\|�d�}\|t\|j��d�dt\|j��d�t\|j ��d�t\|j!��d�dg}t"\|j#�}d}\|j#\|�t$��k��rJt%d\|�} nt%d\|�} \|�&\| t'\|d ��f��\|�&\|��d�(\|�S�)za Build an 'ls' line for a file ('file' in its generic sense, it can be of any type). �Bs ��----------�dr��c�b�-�f�l�s�!�rr��w��x�� Szutf-8� i��z%%s %d %Y z %%s %d %H:%M ��))�st_mode�array�stat�S_IFMT�S_ISDIR�ord�S_ISCHR�S_ISBLK�S_ISREG�S_ISFIFO�S_ISLNK�S_ISSOCK�S_IRUSR�S_IWUSR�S_IXUSR�S_IRGRP�S_IWGRP�S_IXGRP�S_IROTH�S_IWOTH�S_IXOTH�S_ISUID�S_ISGID� isinstance�bytes�decode�tobytes�str�st_nlink�rjust�st_uid�ljust�st_gid�st_sizer��st_mtimer��r��append�_MONTH_NAMES�join) �namer��mode�perms�ft�lsPerms�lsresult�ttup� sixmonths�strtime��rM��2/usr/lib/python3/dist-packages/twisted/conch/ls.py�lsLine��s�� rO��) r��r ��r��r��r��dict�list�zip�range�splitrB��rO��__all__rM��rM��rM��rN��<module>��s�� T��__pycache__/telnet.cpython-310.pyc��0000644��00000104427�15027667726�0013002 0��ustar�00��o ��b��@��s��d�Z�ddlZddlmZ�ddlmZmZmZ�ddl m Z �ddlmZ�de defd d �Zed�ZdZdZd ZdZdZed�Zed�Zed�Zed�Zed�Zed�Zed�Zed�Zed�Zed�Zed�Z ed�Z!ed�Z"ed�Z#ed�Z$ed�Z%ed�Z&ed�Z'ed�Z(ed �Z)ed!�Zed"�Z+ed#�Z,ed$�Z-ed%�Z.ed&�Z/ed'�Z0ed(�Z1ed)�Z2ed�Z3ed�Z4ed�Z5ed �Z6ed�Z7ed�Z8ed�Z9ed�Z:ed�Z;ed�Z<ed�Z=ed �Z>ed�Z?ed+�Z@ed�ZAed�ZBed�ZCed�ZDed�ZEed�ZFed�ZGed,�ZHed-�ZIed�ZJed.�ZKed/�ZLed0�ZMed1�ZNed2�ZOed3�ZPed4�ZQed5�ZRed6�ZSed7�ZTed8�ZUed9�ZVed:�ZWed;�ZXed�ZYed�ZZed�Z[ed�Z\ed�Z]ed<�Z^ed=�Z_ed>�Z`ed?�Zaed@�ZbedA�ZcG�dBdC��dCejd�ZeG�dDdE��dEejf�ZgG�dFdG��dGeh�ZiG�dHdI��dIei�ZjG�dJdK��dKej�ZkG�dLdM��dMej�ZlG�dNdO��dOej�ZmG�dPdQ��dQej�Zneee�G�dRdS��dSejo��ZpG�dTdU��dUejo�ZqG�dVdW��dW�ZrG�dXdY��dYeqer�ZsG�dZd[��d[eper�Ztdd\lumvZv�G�d]d^��d^evjwep�Zxdd_lymzZz�G�d`da��daex�Z{g�db�Z\|dS�)cz? Telnet protocol implementation. @author: Jean-Paul Calderone ��N)�implementer)�defer� interfaces�protocol)�Logger)� iterbytes�i�returnc��C��s ��t�\|�f�S�)a(��Create a byte sequence of length 1. U{RFC 854<https://tools.ietf.org/html/rfc854>} specifies codes in decimal, but Python can only handle L{bytes} literals in octal or hexadecimal. This helper function bridges that gap. @param i: The value of the only byte in the sequence. )�bytes)r��r��6/usr/lib/python3/dist-packages/twisted/conch/telnet.py�_chr��s�� r �� "��@�� c��@��s<��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd S�)�ITelnetProtocolc��C��dS�)ae�� A command was received but not understood. @param command: the command received. @type command: L{str}, a single character. @param argument: the argument to the received command. @type argument: L{str}, a single character, or None if the command that was unhandled does not provide an argument. Nr��)�command�argumentr��r��r��unhandledCommand��z ITelnetProtocol.unhandledCommandc��C��rF��)a�� A subnegotiation command was received but not understood. @param command: the command being subnegotiated. That is, the first byte after the SB command. @type command: L{str}, a single character. @param data: all other bytes of the subneogation. That is, all but the first bytes between SB and SE, with IAC un-escaping applied. @type data: L{bytes}, each a single character Nr��)rG��datar��r��r��unhandledSubnegotiation��rJ��z'ITelnetProtocol.unhandledSubnegotiationc��C��rF��)aw�� Enable the given option locally. This should enable the given option on this side of the telnet connection and return True. If False is returned, the option will be treated as still disabled and the peer will be notified. @param option: the option to be enabled. @type option: L{bytes}, a single character. Nr��optionr��r��r��enableLocal��rJ��zITelnetProtocol.enableLocalc��C��rF��)a�� Indicate whether the peer should be allowed to enable this option. Returns True if the peer should be allowed to enable this option, False otherwise. @param option: the option to be enabled. @type option: L{bytes}, a single character. Nr��rM��r��r��r��enableRemote��rJ��zITelnetProtocol.enableRemotec��C��rF��)z� Disable the given option locally. Unlike enableLocal, this method cannot fail. The option must be disabled. @param option: the option to be disabled. @type option: L{bytes}, a single character. Nr��rM��r��r��r��disableLocal��rJ��zITelnetProtocol.disableLocalc��C��rF��)z� Indicate that the peer has disabled this option. @param option: the option to be disabled. @type option: L{bytes}, a single character. Nr��rM��r��r��r�� disableRemote��rJ��zITelnetProtocol.disableRemoteN) �__name__� __module__�__qualname__rI��rL��rO��rP��rQ��rR��r��r��r��r��rE��s�� rE��c��@��4��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��ZdS�)�ITelnetTransportc��C��rF��)a�� Indicate a desire for the peer to begin performing the given option. Returns a Deferred that fires with True when the peer begins performing the option, or fails with L{OptionRefused} when the peer refuses to perform it. If the peer is already performing the given option, the Deferred will fail with L{AlreadyEnabled}. If a negotiation regarding this option is already in progress, the Deferred will fail with L{AlreadyNegotiating}. Note: It is currently possible that this Deferred will never fire, if the peer never responds, or if the peer believes the option to already be enabled. Nr��rM��r��r��r��do��rJ��zITelnetTransport.doc��C��rF��)aX�� Indicate a desire for the peer to cease performing the given option. Returns a Deferred that fires with True when the peer ceases performing the option. If the peer is not performing the given option, the Deferred will fail with L{AlreadyDisabled}. If negotiation regarding this option is already in progress, the Deferred will fail with L{AlreadyNegotiating}. Note: It is currently possible that this Deferred will never fire, if the peer never responds, or if the peer believes the option to already be disabled. Nr��rM��r��r��r��dont��rJ��zITelnetTransport.dontc��C��rF��)a�� Indicate our willingness to begin performing this option locally. Returns a Deferred that fires with True when the peer agrees to allow us to begin performing this option, or fails with L{OptionRefused} if the peer refuses to allow us to begin performing it. If the option is already enabled locally, the Deferred will fail with L{AlreadyEnabled}. If negotiation regarding this option is already in progress, the Deferred will fail with L{AlreadyNegotiating}. Note: It is currently possible that this Deferred will never fire, if the peer never responds, or if the peer believes the option to already be enabled. Nr��rM��r��r��r��will��rJ��zITelnetTransport.willc��C��rF��)a\�� Indicate that we will stop performing the given option. Returns a Deferred that fires with True when the peer acknowledges we have stopped performing this option. If the option is already disabled locally, the Deferred will fail with L{AlreadyDisabled}. If negotiation regarding this option is already in progress, the Deferred will fail with L{AlreadyNegotiating}. Note: It is currently possible that this Deferred will never fire, if the peer never responds, or if the peer believes the option to already be disabled. Nr��rM��r��r��r��wont��rJ��zITelnetTransport.wontc��C��rF��)aj�� Send a subnegotiation request. @param about: A byte indicating the feature being negotiated. @param data: Any number of L{bytes} containing specific information about the negotiation being requested. No values in this string need to be escaped, as this function will escape any value which requires it. Nr��)�aboutrK��r��r��r��requestNegotiation��rJ��z#ITelnetTransport.requestNegotiationN)rS��rT��rU��rX��rY��rZ��r[��r]��r��r��r��r��rW��s��rW��c��@��e�Zd�ZdS�)�TelnetErrorN�rS��rT��rU��r��r��r��r��r_��#��r_��c��@��s��e�Zd�Zdefdd�ZdS�)�NegotiationErrorr ��c��C��s&��\|�j�jd�\|�j�j�d�t\|�jd��S�)N�.�:r��)� __class__rT��rS��repr�args��selfr��r��r��__str__(��s��zNegotiationError.__str__N)rS��rT��rU��strrj��r��r��r��r��rb��'��s��rb��c��@��r^��)� OptionRefusedNr`��r��r��r��r��rl��2��ra��rl��c��@��r^��)�AlreadyEnabledNr`��r��r��r��r��rm��6��ra��rm��c��@��r^��)�AlreadyDisabledNr`��r��r��r��r��rn��:��ra��rn��c��@��r^��)�AlreadyNegotiatingNr`��r��r��r��r��ro��>��ra��ro��c��@��sB��e�Zd�Ze��Zdd��Zdd��Zdd��Zdd��Zd d ��Z dd��Z d S�)�TelnetProtocolc��C��d�S��Nr��ri��rG��rH��r��r��r��rI��F��zTelnetProtocol.unhandledCommandc��C��rq��rr��r��ri��rG��rK��r��r��r��rL��I��rt��z&TelnetProtocol.unhandledSubnegotiationc��C��rq��rr��r��ri��rN��r��r��r��rO��L��rt��zTelnetProtocol.enableLocalc��C��rq��rr��r��rv��r��r��r��rP��O��rt��zTelnetProtocol.enableRemotec��C��rq��rr��r��rv��r��r��r��rQ��R��rt��zTelnetProtocol.disableLocalc��C��rq��rr��r��rv��r��r��r��rR��U��rt��zTelnetProtocol.disableRemoteN)rS��rT��rU��r��_logrI��rL��rO��rP��rQ��rR��r��r��r��r��rp��B��s��rp��c��@��s��e�Zd�ZdZdZdd��Zdd��ZG�dd��d�Zd d ��Zdd��Z d d��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zdd ��Zd!d"��Zd#d$��Zd%d&��Zd'd(��Zd)d��Zd+d,��Zd-d.��Zd/d0��Zd1d2��Zd3d4��Zeeeed5�Zd6d7��Zd8d9��Z d:d;��Z!d<d=��Z"d>d?��Z#e e!e"e#d5�Z$d@dA��Z%dBdC��Z&dDdE��Z'dFdG��Z(dHdI��Z)e&e'e(e)d5�ZdJdK��Z+dLdM��Z,dNdO��Z-dPdQ��Z.dRdS��Z/e,e-e.e/d5�Z0dTdU��Z1dVdW��Z2dXdY��Z3dZd[��Z4d\S�)]�Telneta�� @ivar commandMap: A mapping of bytes to callables. When a telnet command is received, the command byte (the first byte after IAC) is looked up in this dictionary. If a callable is found, it is invoked with the argument of the command, or None if the command takes no argument. Values should be added to this dictionary if commands wish to be handled. By default, only WILL, WONT, DO, and DONT are handled. These should not be overridden, as this class handles them correctly and provides an API for interacting with them. @ivar negotiationMap: A mapping of bytes to callables. When a subnegotiation command is received, the command byte (the first byte after SB) is looked up in this dictionary. If a callable is found, it is invoked with the argument of the subnegotiation. Values should be added to this dictionary if subnegotiations are to be handled. By default, no values are handled. @ivar options: A mapping of option bytes to their current state. This state is likely of little use to user code. Changes should not be made to it. @ivar state: A string indicating the current parse state. It can take on the values "data", "escaped", "command", "newline", "subnegotiation", and "subnegotiation-escaped". Changes should not be made to it. @ivar transport: This protocol's transport object. rK��c��C��s.��i�\|�_�i�\|�_t\|�jt\|�jt\|�jt\|�j i\|�_ d�S�rr��)�options�negotiationMap�WILL�telnet_WILL�WONT�telnet_WONT�DO� telnet_DO�DONT�telnet_DONT� commandMaprh��r��r��r��__init__\|��s�� zTelnet.__init__c��C��\|�j��\|��d�S�rr�� transport�write�ri��rK��r��r��r��_write��z Telnet._writec��@��s4��e�Zd�ZdZG�dd��d�Zdd��Zdefdd�Zd S�) zTelnet._OptionStatea �� Represents the state of an option on both sides of a telnet connection. @ivar us: The state of the option on this side of the connection. @ivar him: The state of the option on the other side of the connection. c��@��s��e�Zd�ZdZdZdZdZdefdd�ZdS�)z Telnet._OptionState._Perspectivea�� Represents the state of an option on side of the telnet connection. Some options can be enabled on a particular side of the connection (RFC 1073 for example: only the client can have NAWS enabled). Other options can be enabled on either or both sides (such as RFC 1372: each side can have its own flow control state). @ivar state: C{'yes'} or C{'no'} indicating whether or not this option is enabled on one side of the connection. @ivar negotiating: A boolean tracking whether negotiation about this option is in progress. @ivar onResult: When negotiation about this option has been initiated by this side of the connection, a L{Deferred} which will fire with the result of the negotiation. L{None} at other times. �noFNr ��c��C��s��\|�j�d\|�j��S�)N�)�state�negotiatingrh��r��r��r��rj��r��z(Telnet._OptionState._Perspective.__str__) rS��rT��rU��__doc__r��r��onResultrk��rj��r��r��r��r��_Perspective��s��r��c��C��s��\|��\|�_\|��\|�_d�S�rr��)r��us�himrh��r��r��r��r��s�� zTelnet._OptionState.__init__r ��c��C��s��d\|�j��d\|�j��d�S�)Nz<_OptionState us=z him=�>)r��r��rh��r��r��r��__repr__��zTelnet._OptionState.__repr__N)rS��rT��rU��r��r��r��rk��r��r��r��r��r��_OptionState��s �� r��c��C��s��\|�j��\|\|��S�rr��)ry�� setdefaultr��ri��optr��r��r��getOptionState��zTelnet.getOptionStatec��C��\|��tt�\|��d�S�rr��)r��IACr��rv��r��r��r��_do��r��z Telnet._doc��C��r��rr��)r��r��r��rv��r��r��r��_dont��r��zTelnet._dontc��C��r��rr��)r��r��r{��rv��r��r��r��_will��r��zTelnet._willc��C��r��rr��)r��r��r}��rv��r��r��r��_wont��r��zTelnet._wontc��C��h��\|��\|�}\|jjs \|jjrt�t\|��S�\|jjdkr!t�t\|��S�d\|j_t� ��\|j_ }\|��\|��\|S�)z? Indicate our willingness to enable an option. �yesT)r��r��r��r��r��failro��r��rm��Deferredr��r��ri��rN��s�dr��r��r��rZ�� zTelnet.willc��C��r��)zB Indicate we are not willing to enable an option. r��T)r��r��r��r��r��r��ro��r��rn��r��r��r��r��r��r��r��r[��r��zTelnet.wontc��C��h��\|��\|�}\|jjs \|jjrt�t\|��S�\|jjdkr!t�t\|��S�d\|j_t� ��\|j_ }\|��\|��\|S�)Nr��T)r��r��r��r��r��r��ro��r��rm��r��r��r��r��r��r��r��rX�� z Telnet.doc��C��r��)Nr��T)r��r��r��r��r��r��ro��r��rn��r��r��r��r��r��r��r��rY��r��zTelnet.dontc��C��s2��\|��ttd��}\|��tt�\|�\|�t�t��dS�)z� Send a negotiation message for the option C{about} with C{data} as the payload. @param data: the payload @type data: L{bytes} @see: L{ITelnetTransport.requestNegotiation} r��N)�replacer��r��SB�SE)ri��r\��rK��r��r��r��r]��s�� "zTelnet.requestNegotiationc��C��sT��g�}t�\|�D��]}\|�jdkr$\|tkrd\|�_q\|dkrd\|�_q\|�\|��q\|�jdkr\|\|tkr6\|�\|��d\|�_q\|tkrAd\|�_g�\|�_q\|tttt t ttt ttf v�rhd\|�_\|ra\|��d�\|��\|d�d��=�\|��\|d��q\|ttttfv�rwd\|�_\|\|�_qtd\|��\|�jdkr�d\|�_\|�j}\|�`\|r�\|��d�\|��\|d�d��=�\|��\|\|��q\|�jdkr�d\|�_\|d kr�\|�d ��q\|d kr�\|�d��q\|tkr�\|�d��d\|�_q\|�d\|��q\|�jdkr�\|tkr�d\|�_q\|�j�\|��q\|�jdk�r\|tk�r d\|�_\|�j}\|�`\|�r\|��d�\|��\|d�d��=�\|��\|��qd\|�_\|�j�\|��qtd��\|�r(\|��d�\|��d�S�d�S�) NrK��escaped�� newline�subnegotiation��rG��Stumped�� zsubnegotiation-escapedzHow'd you do this?)r��r��r��appendr��commands�EOR�NOP�DM�BRK�IP�AO�AYT�EC�EL�GA�applicationDataReceived�join�commandReceivedr{��r}��r��r��rG�� ValueErrorr�� negotiate)ri��rK�� appDataBuffer�brG��r��r��r��r��dataReceived��s\|�� zTelnet.dataReceivedc��C��s`��\|�j��D�](}\|jjd�ur\|jj}d�\|j_\|�\|��\|jjd�ur-\|jj}d�\|j_\|�\|��qd�S�rr��)ry��valuesr��r��errbackr��)ri��reasonr��r��r��r��r��connectionLostY��s�� zTelnet.connectionLostc��C��rF��)z5 Called with application-level data. Nr��r��r��r��r��r��d��rJ��zTelnet.applicationDataReceivedc��C��rF��)zH Called for commands for which no handler is installed. Nr��rs��r��r��r��rI��i��rJ��zTelnet.unhandledCommandc��C��s0��\|�j��\|�}\|d�u�r\|��\|\|��d�S�\|\|��d�S�rr��)r��getrI��)ri��rG��rH��cmdFuncr��r��r��r��n��s��zTelnet.commandReceivedc��C��rF��)zO Called for subnegotiations for which no handler is installed. Nr��ru��r��r��r��rL��u��rJ��zTelnet.unhandledSubnegotiationc��C��sF��\|d�\|dd��}}\|�j��\|�}\|d�u�r\|��\|\|��d�S�\|\|��d�S�)Nr��r��)rz��r��rL��)ri��rK��rG��r��r��r��r��r��z��s ��zTelnet.negotiatec��C��,��\|��\|�}\|�j\|jj\|jjf�\|�\|\|��d�S�rr��)r��willMapr��r��r��ri��rN��r��r��r��r��r\|�� "zTelnet.telnet_WILLc��C��.��\|��\|�rd\|j_\|��\|��d�S�\|��\|��d�S��Nr��)rP��r��r��r��r��ri��r��rN��r��r��r�� will_no_false�� zTelnet.will_no_falsec��C��sF��d\|j�_d\|j�_\|j�j}d�\|j�_\|�d��\|��\|�s!J�d�\|��d�S�)Nr��FTz?enableRemote must return True in this context (for option {!r}))r��r��r��r��callbackrP��format�ri��r��rN��r��r��r��r��will_no_true��s�� zTelnet.will_no_truec��C��rq��rr��r��r��r��r��r��will_yes_false��zTelnet.will_yes_falsec��C�� J�d��\|\|��)NFzBwill_yes_true can never be entered, but was called with {!r}, {!r}�r��r��r��r��r�� will_yes_true��zTelnet.will_yes_true))r��F)r��T)r��F)r��Tc��C��r��rr��)r��wontMapr��r��r��r��r��r��r��r~��r��zTelnet.telnet_WONTc��C��rq��rr��r��r��r��r��r�� wont_no_false��zTelnet.wont_no_falsec��C����d\|j�_\|j�j}d�\|j�_\|�t\|��d�S��NF)r��r��r��r��rl��r��r��r��r��wont_no_true��s��zTelnet.wont_no_truec��C�� d\|j�_\|��\|��\|��\|��d�S��Nr��)r��r��rR��r��r��r��r��r��wont_yes_false�� zTelnet.wont_yes_falsec��C��8��d\|j�_d\|j�_\|j�j}d�\|j�_\|�d��\|��\|��d�S��Nr��FT)r��r��r��r��r��rR��r��r��r��r�� wont_yes_true�� zTelnet.wont_yes_truec��C��r��rr��)r��doMapr��r��r��r��r��r��r��r��r��zTelnet.telnet_DOc��C��r��r��)rO��r��r��r��r��r��r��r��r��do_no_false��r��zTelnet.do_no_falsec��C��r��)Nr��FT)r��r��r��r��r��rO��r��r��r��r�� do_no_true��r��zTelnet.do_no_truec��C��rq��rr��r��r��r��r��r��do_yes_false��r��zTelnet.do_yes_falsec��C��r��)NFz@do_yes_true can never be entered, but was called with {!r}, {!r}r��r��r��r��r��do_yes_true��r��zTelnet.do_yes_truec��C��r��rr��)r��dontMapr��r��r��r��r��r��r��r��r��zTelnet.telnet_DONTc��C��rq��rr��r��r��r��r��r�� dont_no_false��r��zTelnet.dont_no_falsec��C��r��r��)r��r��r��r��rl��r��r��r��r��dont_no_true��s��zTelnet.dont_no_truec��C��r��r��)r��r��rQ��r��r��r��r��r��dont_yes_false��r��zTelnet.dont_yes_falsec��C��r��r��)r��r��r��r��r��rQ��r��r��r��r�� dont_yes_true��r��zTelnet.dont_yes_truec��C��rF��z8 Reject all attempts to enable options. Fr��rv��r��r��r��rO����r��zTelnet.enableLocalc��C��rF��r��r��rv��r��r��r��rP��0��r��zTelnet.enableRemotec��C��t�d\|��)a�� Signal a programming error by raising an exception. L{enableLocal} must return true for the given value of C{option} in order for this method to be called. If a subclass of L{Telnet} overrides enableLocal to allow certain options to be enabled, it must also override disableLocal to disable those options. @raise NotImplementedError: Always raised. z.Don't know how to disable local telnet option ��NotImplementedErrorrv��r��r��r��rQ��6��zTelnet.disableLocalc��C��r��)a�� Signal a programming error by raising an exception. L{enableRemote} must return true for the given value of C{option} in order for this method to be called. If a subclass of L{Telnet} overrides enableRemote to allow certain options to be enabled, it must also override disableRemote tto disable those options. @raise NotImplementedError: Always raised. z/Don't know how to disable remote telnet option r��rv��r��r��r��rR��E��r��zTelnet.disableRemoteN)5rS��rT��rU��r��r��r��r��r��r��r��r��r��r��rZ��r[��rX��rY��r]��r��r��r��rI��r��rL��r��r\|��r��r��r��r��r��r~��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��rO��rP��rQ��rR��r��r��r��r��rx��Y��s�� .Q � � � �rx��c��@��rV��)�ProtocolTransportMixinc��C��s��\|�j��\|�dd��d�S�)Nr��s�� )r��r��r��r��r��r��r��r��V��zProtocolTransportMixin.writec��C��r��rr��)r�� writeSequence)ri��seqr��r��r��r��Y��r��z$ProtocolTransportMixin.writeSequencec��C��s��\|�j��d�S�rr��)r��loseConnectionrh��r��r��r��r��\��s��z%ProtocolTransportMixin.loseConnectionc��C�� \|�j��S�rr��)r��getHostrh��r��r��r��r ��_�� zProtocolTransportMixin.getHostc��C��r��rr��)r��getPeerrh��r��r��r��r��b��r ��zProtocolTransportMixin.getPeerN)rS��rT��rU��r��r��r��r ��r��r��r��r��r��r��U��s��r��c��@��sv��e�Zd�ZdZdZdZdZddd�Zdd��Zdd ��Z d d��Z dd ��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��ZdS�)�TelnetTransporta?�� @ivar protocol: An instance of the protocol to which this transport is connected, or None before the connection is established and after it is lost. @ivar protocolFactory: A callable which returns protocol instances which provide L{ITelnetProtocol}. This will be invoked when a connection is established. It is passed protocolArgs and protocolKwArgs. @ivar protocolArgs: A tuple of additional arguments to pass to protocolFactory. @ivar protocolKwArgs: A dictionary of additional arguments to pass to protocolFactory. FNc��O��s,��t��\|��\|d�ur\|\|�_\|\|�_\|\|�_d�S�d�S�rr��)rx��r��protocolFactory�protocolArgs�protocolKwArgs)ri��r ��a�kwr��r��r��r��}��s�� zTelnetTransport.__init__c��C��sj��\|�j�d�ur3\|�j�\|�ji�\|�j��\|�_t�\|�j�sJ��z\|�j}W�n �ty&��Y�nw�\|\|�j_\|�j�\|��d�S�d�S�rr��) r ��r��r��r��rE�� providedBy�factory�AttributeError�makeConnection�ri��r��r��r��r��connectionMade��s�� zTelnetTransport.connectionMadec��C��s8��t��\|�\|��\|�jd�urz\|�j�\|��W�\|�`d�S�\|�`w�d�S�rr��)rx��r��r��ri��r��r��r��r��r��s�� zTelnetTransport.connectionLostc��C��\|�j��\|�S�rr��)r��rO��rv��r��r��r��rO��zTelnetTransport.enableLocalc��C��r��rr��)r��rP��rv��r��r��r��rP��r��zTelnetTransport.enableRemotec��C��r��rr��)r��rQ��rv��r��r��r��rQ��r��zTelnetTransport.disableLocalc��C��r��rr��)r��rR��rv��r��r��r��rR��r��zTelnetTransport.disableRemotec��C��\|�j��\|\|��d�S�rr��)r��rL��ru��r��r��r��rL��r��z'TelnetTransport.unhandledSubnegotiationc��C��r��rr��)r��rI��rs��r��r��r��rI��r��z TelnetTransport.unhandledCommandc��C��r��rr��r��r��r��r��r��r��r��r��z'TelnetTransport.applicationDataReceivedc��C��s��t��\|�\|�dd��d�S�)N��s��)r��r��r��r��r��r��r��r��r��zTelnetTransport.writerr��)rS��rT��rU��r�� disconnectingr ��r��r��r��r��rO��rP��rQ��rR��rL��rI��r��r��r��r��r��r��r��f��s �� r��c��@��s`��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z ediZdd��Z dd��ZdS�)�TelnetBootstrapProtocolNc��O��s��\|\|�_�\|\|�_\|\|�_d�S�rr��)r ��r��r��)ri��r ��rg��r��r��r��r��r��s�� z TelnetBootstrapProtocol.__init__c��s��j��jjt<��j�jjt<�tttfD�]��j��fdd��qt fD�]��j� ��fdd��q'�j�ji��j ��_z�j}W�n �tyQ��Y�nw�\|�j_�j��d�S�)Nc��j�jd\|��d�S�)NzError do {opt!r}�r��rw��failure��f�r��ri��r��r��<lambda>��z8TelnetBootstrapProtocol.connectionMade.<locals>.<lambda>c��r ��)NzError setting will {opt!r}r!��r"��r$��r&��r��r��r'��r(��)�telnet_NAWSr��rz��NAWS�telnet_LINEMODE�LINEMODE�SGArX�� addErrback�ECHOrZ��r ��r��r��r��r��r��r��r��r��r&��r��r��s$�� z&TelnetBootstrapProtocol.connectionMadec��C��s,��\|�j�d�urz\|�j��\|��W�\|�`�d�S�\|�`�w�d�S�rr��)r��r��r��r��r��r��r��s �� z&TelnetBootstrapProtocol.connectionLostc��C��r��rr��r��r��r��r��r��r��r��z$TelnetBootstrapProtocol.dataReceivedc��C��s��\|t�krdS�\|tkrdS�dS��NTF)r/��r-��r��r��r��r��rO��s ��z#TelnetBootstrapProtocol.enableLocalc��C��s:��\|t�kr\|�j�t�tt��dS�\|tkrdS�\|tkrdS�dS�r0��)r,��r��r]��MODE�LINEMODE_TRAPSIGr��r-��r��r��r��r��rP��s��z$TelnetBootstrapProtocol.enableRemotec��C��sN��t�\|�dkrt�dd�\|��\}}\|�jj�\|\|��d�S�\|�jjdt�\|�d��d�S�)Nr��z!HHr��z$Wrong number of NAWS bytes: {nbytes})�nbytes) �len�struct�unpackr��r��terminalProtocol�terminalSizerw��error)ri��rK��width�heightr��r��r��r)��s��z#TelnetBootstrapProtocol.telnet_NAWS�SLCc��C��rq��rr��r��r��r��r��r��r+��s��z'TelnetBootstrapProtocol.telnet_LINEMODEc��C��s>��t�t\|�gd��}\|D�]\}}}dt\|�t\|�t\|�f�qd�S�)Nr��r<��)�zip�iter�ord)ri��rK��chunks�slcFunction�slcValue�slcWhatr��r��r��linemode_SLC��s��z$TelnetBootstrapProtocol.linemode_SLC)rS��rT��rU��r��r��r��r��r��rO��rP��r)��LINEMODE_SLC�linemodeSubcommandsr+��rD��r��r��r��r��r��s��r��)�basicc��@��s,��e�Zd�ZdZdZdd��Zdd��Zdd��Zd S�) �StatefulTelnetProtocolr��Discardc��C��s��t�j�\|�\|��t�\|�\|��d�S�rr��)rG��LineReceiverr��rp��r��r��r��r��r��s��z%StatefulTelnetProtocol.connectionLostc��C��sH��\|�j�}t\|�d\|��\|�}\|d�ur"\|�j�\|kr\|\|�_�d�S�\|�j�d��d�S�d�S�)N�telnet_z$state changed and new state returned)r��getattrrw��warn)ri��line�oldState�newStater��r��r��lineReceived��s�� z#StatefulTelnetProtocol.lineReceivedc��C��rq��rr��r��ri��rN��r��r��r��telnet_Discard!��rt��z%StatefulTelnetProtocol.telnet_DiscardN)rS��rT��rU�� delimiterr��r��rQ��rS��r��r��r��r��rH��s�� rH��)�credentialsc��@��sP��e�Zd�ZdZdZdZdd��Zdd��Zdd ��Zd d��Z dd ��Z dd��Zdd��ZdS�)�AuthenticatingTelnetProtocola�� A protocol which prompts for credentials and attempts to authenticate them. Username and password prompts are given (the password is obscured). When the information is collected, it is passed to a portal and an avatar implementing L{ITelnetProtocol} is requested. If an avatar is returned, it connected to this protocol's transport, and this protocol's transport is connected to it. Otherwise, the user is re-prompted for credentials. �UserNc��C��s ��\|\|�_�d�S�rr��)�portal)ri��rX��r��r��r��r��6��r ��z%AuthenticatingTelnetProtocol.__init__c��C��s��\|�j��d��d�S�)N� ��Username: r��rh��r��r��r��r��9��r��z+AuthenticatingTelnetProtocol.connectionMadec��C��sH��t��\|�\|��\|�jd�ur"z\|�j�\|��\|��W�\|�`\|�`d�S�\|�`\|�`w�d�S�rr��)rH��r��r��logoutr��r��r��r��r��<��s�� z+AuthenticatingTelnetProtocol.connectionLostc��C��s"��\|\|�_�\|�j�t��\|�j�d��dS�)Ns ��Password: �Password)�usernamer��rZ��r/��r��rR��r��r��r��telnet_UserE��s��z(AuthenticatingTelnetProtocol.telnet_Userc��s6��j�\|��`��fdd�}�j�t��\|��dS�)Nc��s8��t��}�j�\|d�t�}\|��j��\|��j��d�S�rr��) rU��UsernamePasswordrX��loginrE��addCallback�_cbLoginr.��_ebLogin)�ignored�credsr��passwordri��r\��r��r��r_��O��s��z;AuthenticatingTelnetProtocol.telnet_Password.<locals>.loginrI��)r\��r��r[��r/��r`��)ri��rN��r_��r��re��r��telnet_PasswordK��s ��z,AuthenticatingTelnetProtocol.telnet_Passwordc��C��s@��\|\}}}\|t�u�sJ��\|\|�_\|\|�_d\|�_\|�\|�j��\|\|�j_d�S�)N�Command)rE��r��rZ��r��r��r��)ri��ial� interfacer��rZ��r��r��r��ra��X��s�� z%AuthenticatingTelnetProtocol._cbLoginc��C��s"��\|�j��d��\|�j��d��d\|�_d�S�)Ns�� Authentication failed rY��rW��)r��r��r��)ri��r#��r��r��r��rb��b��s�� z%AuthenticatingTelnetProtocol._ebLogin) rS��rT��rU��r��r��r��r��r��r��r]��rg��ra��rb��r��r��r��r��rV��(��s�� rV��)r_��rb��rl��ro��rm��rn��rE��rW��rx��rp��r��r��)}r��r5��zope.interfacer��twisted.internetr��r�� iinternetr��twisted.loggerr��twisted.python.compatr��intr ��r ��r1��EDIT�TRAPSIG�MODE_ACK�SOFT_TAB�LIT_ECHO�NULL�BEL�BS�HT�LF�VT�FF�CRr/��r-��r��r,��r��r��r��r��r��r��r��r��r��r��r��r��r{��r}��r��r��r�� LINEMODE_MODE� LINEMODE_EDITr2��LINEMODE_MODE_ACK�LINEMODE_SOFT_TAB�LINEMODE_LIT_ECHO�LINEMODE_FORWARDMASKrE��LINEMODE_SLC_SYNCH�LINEMODE_SLC_BRK�LINEMODE_SLC_IP�LINEMODE_SLC_AO�LINEMODE_SLC_AYT�LINEMODE_SLC_EOR�LINEMODE_SLC_ABORT�LINEMODE_SLC_EOF�LINEMODE_SLC_SUSP�LINEMODE_SLC_EC�LINEMODE_SLC_EL�LINEMODE_SLC_EW�LINEMODE_SLC_RP�LINEMODE_SLC_LNEXT�LINEMODE_SLC_XON�LINEMODE_SLC_XOFF�LINEMODE_SLC_FORW1�LINEMODE_SLC_FORW2�LINEMODE_SLC_MCL�LINEMODE_SLC_MCR�LINEMODE_SLC_MCWL�LINEMODE_SLC_MCWR�LINEMODE_SLC_MCBOL�LINEMODE_SLC_MCEOL�LINEMODE_SLC_INSRT�LINEMODE_SLC_OVER�LINEMODE_SLC_ECR�LINEMODE_SLC_EWR�LINEMODE_SLC_EBOL�LINEMODE_SLC_EEOL�LINEMODE_SLC_DEFAULT�LINEMODE_SLC_VALUE�LINEMODE_SLC_CANTCHANGE�LINEMODE_SLC_NOSUPPORT�LINEMODE_SLC_LEVELBITS�LINEMODE_SLC_ACK�LINEMODE_SLC_FLUSHIN�LINEMODE_SLC_FLUSHOUT�LINEMODE_EOF� LINEMODE_SUSP�LINEMODE_ABORT� IProtocolrE�� ITransportrW�� Exceptionr_��rb��rl��rm��rn��ro��Protocolrp��rx��r��r��r��twisted.protocolsrG��rJ��rH��twisted.credrU��rV��__all__r��r��r��r��<module>��s��DK��MY@��__pycache__/stdio.cpython-310.pyc��0000644��00000007435�15027667726�0012632 0��ustar�00��o ��b� ��@��s��d�Z�ddlZddlZddlZddlZddlmZ�ddlmZ�ddl m Z mZmZm Z �ddlmZmZmZ�G�dd��de�ZG�d d ��d ej�ZG�dd��de�Zd d��Zddd�Zedkr_e��dS�dS�)zC Asynchronous local terminal input handling @author: Jp Calderone ��N)�ServerProtocol)�ColoredManhole)�defer�protocol�reactor�stdio)�failure�log�reflectc��@��s��e�Zd�ZdS�)�UnexpectedOutputErrorN)�__name__� __module__�__qualname__��r��r��5/usr/lib/python3/dist-packages/twisted/conch/stdio.pyr��s��r��c��@��sD��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dS�)�TerminalProcessProtocolc��C��s��\|\|�_�t��\|�_d�S��N)�protor��Deferred�onConnection)�selfr��r��r��r��__init__��s��z TerminalProcessProtocol.__init__c��C��s"��\|�j��\|��\|�j�d��d�\|�_d�S�r��)r��makeConnectionr��callback)r��r��r��r��connectionMade��s�� z&TerminalProcessProtocol.connectionMadec��C��\|�j��\|��dS�)zj Write to the terminal. @param data: Data to write. @type data: L{bytes} N)� transport�write�r��datar��r��r��r��$��zTerminalProcessProtocol.writec��C��r��)zs Receive data from the terminal. @param data: Data received. @type data: L{bytes} N)r��dataReceivedr��r��r��r��outReceived-��r ��z#TerminalProcessProtocol.outReceivedc��C��s8��\|�j��\|�jdur\|�j�t�t\|��d\|�_dS�dS�)zt Report an error. @param data: Data to include in L{Failure}. @type data: L{bytes} N)r��loseConnectionr��connectionLostr��Failurer��r��r��r��r��errReceived6��s �� z#TerminalProcessProtocol.errReceivedc��C��s��\|�j�d�ur \|�j��\|��d�S�d�S�r��)r��childConnectionLost)r��childFDr��r��r��r'��B��s�� z+TerminalProcessProtocol.childConnectionLostc��C��s$��\|�j�d�ur\|�j��\|��d�\|�_�d�S�d�S�r��)r��r$��r��reasonr��r��r��processEndedF��s�� z$TerminalProcessProtocol.processEndedN) r��r ��r��r��r��r��r"��r&��r'��r+��r��r��r��r��r��s�� r��c��@��s��e�Zd�ZdZdd��ZdS�)�ConsoleManholezK A manhole protocol specifically for use with L{stdio.StandardIO}. c��C��s��t��dS�)z� When the connection is lost, there is nothing more to do. Stop the reactor so that the process can exit. N)r��stopr)��r��r��r��r$��Q��s��zConsoleManhole.connectionLostN)r��r ��r��__doc__r$��r��r��r��r��r,��L��s��r,��c��C��sv��t�j��}t�\|�}t�\|��zt�t \|��t ��W�t�\|tj \|��t�\|d��d�S�t�\|tj \|��t�\|d��w�)Ns�� c )�sys� __stdin__�fileno�termios� tcgetattr�tty�setrawr�� StandardIOr��r��run� tcsetattr�TCSANOW�osr��)�klass�fd�oldSettingsr��r��r��runWithProtocolY��s�� r>��c��C��sJ��t��tdd��\|�d�u�rtjdd��}�\|�rt�\|�d��}nt}t\|��d�S�)Nz child.log�w��r��) r ��startLogging�openr/��argvr �� namedClassr,��r>��)rC��r;��r��r��r��maine��s��rE��__main__r��)r.��r:��r/��r2��r4��twisted.conch.insults.insultsr��twisted.conch.manholer��twisted.internetr��r��r��r��twisted.pythonr��r ��r �� Exceptionr��ProcessProtocolr��r,��r>��rE��r��r��r��r��r��<module>��s"��2 ��__pycache__/__init__.cpython-310.pyc��0000644��00000000352�15027667726�0013236 0��ustar�00��o ��b��@��s��d�Z�dS�)zI Twisted Conch: The Twisted Shell. Terminal emulation, SSHv2 and telnet. N)�__doc__��r��r��8/usr/lib/python3/dist-packages/twisted/conch/__init__.py�<module>��s��__pycache__/manhole_ssh.cpython-310.pyc��0000644��00000012423�15027667726�0014001 0��ustar�00��o ��bK��@��s��d�Z�ddlmZ�ddlmZ�ddlmZmZm Z �ddlmZ�ddl mZmZ�ddlmZ�G�dd ��d �ZG�d d��d�Zee j�G�dd ��d ej��ZG�dd��dejej�ZG�dd��d�ZG�dd��dej�ZdS�)z9 insults/SSH integration support. @author: Jp Calderone ��)�Dict)�implementer)�avatar�error� interfaces)�insults)�factory�session)� componentsc��@��s ��e�Zd�ZdZdd��Zdd��ZdS�)�_Gluez� A feeble class for making one attribute look like another. This should be replaced with a real class at some point, probably. Try not to write new code that uses it. c��K��s��\|�j��\|��d�S��N)�__dict__�update)�self�kw��r��;/usr/lib/python3/dist-packages/twisted/conch/manhole_ssh.py�__init__��s��z_Glue.__init__c��C��s��t�\|�jd\|��)Nzhas no attribute)�AttributeError�name)r��r��r��r��r��__getattr__ ��z_Glue.__getattr__N)�__name__� __module__�__qualname__�__doc__r��r��r��r��r��r��r��s��r��c��@��e�Zd�Zdd��ZdS�)�TerminalSessionTransportc��sx��\|�_��_\|�_�j�j��j��t�jj��fdd�dd��fdd�}�j�t�j�j\|dd��jj� \|\|��d�S�)Nc��s��j��S�r��)�conn� sendCloser��)r��protoSessionr��r��<lambda>/��s��z3TerminalSessionTransport.__init__.<locals>.<lambda>zSSH Proto Transport)�write�loseConnectionr��c��s��j��d�S�r��)�protor#��r��r��r��r��r#��4��r��z9TerminalSessionTransport.__init__.<locals>.loseConnectionzChained Proto Transport) r$��r��chainedProtocolr ��makeConnectionr��dataReceivedr"��terminalProtocol�terminalSize)r��r$��r&��r��width�heightr#��r��)r��r ��r��r��r��%��s(��z!TerminalSessionTransport.__init__N�r��r��r��r��r��r��r��r��r��$��r��c��@��sF��e�Zd�ZeZejZdd��Zdd��Z dd��Z dd��Zd d ��Zdd��Z d S�)�TerminalSessionc��C��s��\|d�d��\\|�_�\|�_d�S�)N��)r,��r+��)r��term� windowSize�attrsr��r��r��getPtyM��s��zTerminalSession.getPtyc��C��s&��\|��\|\|��t�\|�j�\|�j\|�j��d�S�r��)�transportFactory�chainedProtocolFactory�iconch� IConchUser�originalr+��r,��)r��r$��r��r��r�� openShellP��s�� zTerminalSession.openShellc��C��s ��t��d��)NzCannot execute commands)�econch� ConchError)r��r$��cmdr��r��r��execCommandY�� zTerminalSession.execCommandc��C��t�d��)Nz,Unimplemented: TerminalSession.windowChanged��NotImplementedError)r�� newWindowSizer��r��r�� windowChanged\��zTerminalSession.windowChangedc��C��r@��)NzUnimplemented: TerminalSession.eofReceivedrA��r%��r��r��r��eofReceived`��rE��zTerminalSession.eofReceivedc��C��d�S�r��r��r%��r��r��r��closedd��s��zTerminalSession.closedN)r��r��r��r��r5��r��ServerProtocolr6��r4��r:��r>��rD��rF��rH��r��r��r��r��r/��H��s�� r/��c��@��r��)�TerminalUserc��C��s��t�j�\|�\|��tj�\|��tj\|�jd<�d�S�)Ns��session)r ��Adapterr��r�� ConchUserr �� SSHSession� channelLookup)r��r9��avatarIdr��r��r��r��j��s��zTerminalUser.__init__Nr-��r��r��r��r��rJ��i��r.��rJ��c��@��s8��e�Zd�ZeZeZeZe j Zdd��Zddd�Z dd��ZdS�) � TerminalRealmc��C��sN��t��}\|��\|\|�}\|��\|�}\|�j\|_\|�j\|_\|�tj\|��\|�tj \|��\|S�r��) r �� Componentized�userFactory�sessionFactoryr5��r6��setComponentr7��r8��ISession)r��rO��comp�user�sessr��r��r�� _getAvatarw��s�� zTerminalRealm._getAvatarNc��C��s��\|d�ur \|\|�_�d�S�d�S�r��)r5��)r��r5��r��r��r��r��s�� zTerminalRealm.__init__c��G��s4��\|D�]}\|t�ju�rt�j\|��\|�dd��f��S�qt��)Nc��S��rG��r��r��r��r��r��r��r!��s��z-TerminalRealm.requestAvatar.<locals>.<lambda>)r7��r8��rY��rB��)r��rO��mindr��ir��r��r�� requestAvatar��s �� zTerminalRealm.requestAvatarr��)r��r��r��rJ��rR��r/��rS��r��r5��r��rI��r6��rY��r��r\��r��r��r��r��rP��p��s�� rP��c��@��s>��e�Zd�ZU�i�Zeeef�ed<�i�Zeeef�ed<�dd��ZdS�)�ConchFactory� publicKeys�privateKeysc��C��s ��\|\|�_�d�S�r��)�portal)r��r`��r��r��r��r��r?��zConchFactory.__init__N) r��r��r��r^��r��bytes�__annotations__r_��r��r��r��r��r��r]��s�� r]��N)r��typingr��zope.interfacer�� twisted.conchr��r��r;��r��r7��twisted.conch.insultsr��twisted.conch.sshr��r ��twisted.pythonr ��r��r��rU��rK��r/��rL��rJ��rP�� SSHFactoryr]��r��r��r��r��<module>��s��$ ��__pycache__/tap.cpython-310.pyc��0000644��00000005556�15027667726�0012276 0��ustar�00��o ��bv��@��sj��d�Z�ddlmZ�ddlmZmZ�ddlmZ�ddl m Z mZ�ddlm Z �G�dd��de jej�Zd d ��ZdS�)z4 Support module for making SSH servers with twistd. ��)�strports)�checkers�unix)�factory)�portal�strcred)�usagec��st��e�Zd�ZdZdZg�d�g�d�g�d�g�d�gZejejdd�ejd d�e� ��d �d�Z ��fdd �Z��fdd�Z��Z S�)�Optionsz([-i <interface>] [-p <port>] [-d <dir>] z�Makes a Conch SSH server. If no authentication methods are specified, the default authentication methods are UNIX passwords and SSH public keys. If --auth options are passed, only the measures specified will be used.)� interface�i��z"local interface to which we listen)�port�pztcp:22zPort on which to listen)�data�dz/etcz"directory to look for host keys in)�modulir��Nz:directory to look for moduli in (if different from --data)zdata directory)�descrzmoduli directory)r��r��r ��)� optActionsc��sJ��t�jj\|�g\|�R�i�\|��t��t��t��t�t��d\|�_ d�S�)NT) r��r ��__init__�super� addChecker�conch_checkers�UNIXPasswordDatabase�SSHPublicKeyChecker�UNIXAuthorizedKeysFiles�_usingDefaultAuth)�self�a�kw�� __class__��3/usr/lib/python3/dist-packages/twisted/conch/tap.pyr��+��s�� zOptions.__init__c��s,��\|�j�rg�\|�d<�i�\|�d<�d\|�_�t��\|��dS�)z� Add the checker specified. If any checkers are added, the default checkers are automatically cleared and the only checkers will be the specified one(s). �credCheckers�credInterfacesFN)r��r��r��)r��checkerr��r!��r"��r��8��s ��zOptions.addChecker)�__name__� __module__�__qualname__�synopsis�longdesc� optParametersr��Completions�CompleteDirs�CompleteNetInterfaces�compDatar��r�� __classcell__r!��r!��r��r"��r ��s"�� r ��c��C��sn��t��}t��}t�\|\|��dg��\|_\|�d�\|_\|�d�p\|�d�\|_\|�d�}\|�d�r1\|d\|�d��7�}t � \|\|�S�)aH�� Construct a service for operating a SSH server. @param config: An L{Options} instance specifying server options, including where server keys are stored and what authentication methods to use. @return: A L{twisted.application.service.IService} provider which contains the requested SSH server. r#��r��r��r ��r ��z:interface=)r��OpenSSHFactoryr��UnixSSHRealmr��Portal�get�dataRoot� moduliRootr��service)�config�t�rr ��r!��r!��r"��makeServiceE��s�� r;��N)�__doc__�twisted.applicationr�� twisted.conchr��r��r��twisted.conch.openssh_compatr��twisted.credr��r��twisted.pythonr��r ��AuthOptionMixinr;��r!��r!��r!��r"��<module>��s��5��__pycache__/avatar.cpython-310.pyc��0000644��00000003635�15027667726�0012764 0��ustar�00��o ��bi��@��sb��d�dl�mZ�d�dlmZ�d�dlmZ�d�dlmZ�d�dlm Z �d�dl mZ�ee�G�dd��d��Zd S�) ��)�implementer)� ConchError)� IConchUser)�OPEN_UNKNOWN_CHANNEL_TYPE)�Logger)�nativeStringc��@��sL��e�Zd�Ze��Zdd��Zedd��Zejdd��Zdd��Z dd ��Z d d��ZdS�) � ConchUserc��C��s��i�\|�_�i�\|�_d�S��N)� channelLookup�subsystemLookup��self��r��6/usr/lib/python3/dist-packages/twisted/conch/avatar.py�__init__��s�� zConchUser.__init__c��C��s��\|�j�S�r ��_connr��r��r��r��conn��s��zConchUser.connc��C��s ��\|\|�_�d�S�r ��r��)r ��valuer��r��r��r��s�� c��C��s,��\|�j��\|d��}\|sttd��\|\|\|\|\|�d�S�)Nzunknown channel)�remoteWindow�remoteMaxPacket�data�avatar)r ��getr��r��)r ��channelType� windowSize� maxPacketr��klassr��r��r�� lookupChannel��s�� zConchUser.lookupChannelc��C��s4��\|�j�jd\|�jd��\|�j�\|d��}\|sdS�\|\|\|�d�S�)NzSubsystem lookup: {subsystem!r})� subsystemF)r��)�_log�debugr��r��)r ��r��r��r��r��r��r��lookupSubsystem)��s��zConchUser.lookupSubsystemc��C��s0��t�\|�dd��}t\|�d\|�d��}\|sdS�\|\|�S�)N��-��_z global_%sr��)r��replace�getattr)r ��requestTyper��fr��r��r��gotGlobalRequest2��s ��zConchUser.gotGlobalRequestN)�__name__� __module__�__qualname__r��r ��r��propertyr��setterr��r"��r)��r��r��r��r��r�� s�� r��N) �zope.interfacer��twisted.conch.errorr��twisted.conch.interfacesr��twisted.conch.ssh.connectionr��twisted.loggerr��twisted.python.compatr��r��r��r��r��r��<module>��s��__pycache__/recvline.cpython-310.pyc��0000644��00000047225�15027667726�0013320 0��ustar�00��o ��b�J��@��s��U�d�Z�ddlZddlmZ�ddlmZ�ddlmZmZ�ddl m Z �ddlmZ�ddl mZ�i�Zeeef�ed <�G�d d��d�Zeej�G�dd ��d ��ZG�dd��d�ZG�dd��dej�ZG�dd��de�ZdS�)z4 Basic line editing support. @author: Jp Calderone ��N)�Dict)�implementer)�helper�insults)�Logger)�reflect)� iterbytes� _countersc��sL��e�Zd�ZdZdd��Zdef��fdd�Zdef��fdd�Z��fd d �Z��Z S�)�Loggingz� Wrapper which logs attribute lookups. This was useful in debugging something, I guess. I forget what. It can probably be deleted or moved somewhere more appropriate. Nothing special going on here, really. c��C��sF��\|\|�_�t�\|j�}t�\|d�}\|d�t\|<�t\|d�t\|��d�\|�_d�S�)Nr��-�w) �originalr��qual� __class__r ��get�open�str�_logFile)�selfr��key�count��r��8/usr/lib/python3/dist-packages/twisted/conch/recvline.py�__init__!��s ��zLogging.__init__�returnc��t�t��d��S��Nr��)r��super�__getattribute__�r��r��r��r��__str__(��zLogging.__str__c��r��r��)�reprr��r��r ��r!��r��r��__repr__+��r#��zLogging.__repr__c��s0��t��d�}t��d�}\|�\|d��t\|\|�S�)Nr��r�� )r��r��write�getattr)r��namer��logFiler!��r��r��r��.��s�� zLogging.__getattribute__) �__name__� __module__�__qualname__�__doc__r��r��r"��r%��r�� __classcell__r��r��r!��r��r ��s��r ��c��@��s��e�Zd�ZdZdD�]Zed�Ze�d�Zee��qdZ dZ dd��Zej D�] Zed eef��q#d d��Zdd ��Zdd��Zdd��Zdd��Zdidd�Zdidd�Zdidd�Zdidd�Zdd��Zdd ��Zd!d"��Zd#d$��Zd%d&��Zd'd(��Zd)d��Zd+d,��Zd-d.��Z d/d0��Z!d1d2��Z"d3d4��Z#d5d6��Z$d7d8��Z%d9d:��Z&d;d<��Z'd=d>��Z(d?d@��Z)dAdB��ZdCdD��Z+dEdF��Z,dGdH��Z-djdJdK�Z.dLdM��Z/dNdO��Z0dPdQ��Z1dRdS��Z2dTdU��Z3dVdW��Z4dXdY��Z5dZd[��Z6did\d]�Z7did^d_�Z8did`da�Z9dbdc��Z:ddde��Z;dfdg��Z<dhS�)k�TransportSequencea_�� An L{ITerminalTransport} implementation which forwards calls to one or more other L{ITerminalTransport}s. This is a cheap way for servers to keep track of the state they expect the client to see, since all terminal manipulations can be send to the real client and to a terminal emulator that lives in the server process. )s��UP_ARROWs ��DOWN_ARROWs��RIGHT_ARROWs ��LEFT_ARROWs��HOMEs��INSERTs��DELETEs��ENDs��PGUPs��PGDNs��F1s��F2s��F3s��F4s��F5s��F6s��F7s��F8s��F9s��F10s��F11s��F12s�� = object()�ascii�� c��G��s��\|sJ�d��\|\|�_�d�S�)Nz7Cannot construct a TransportSequence with no transports)� transports)r��r4��r��r��r��r��`��s�� zTransportSequence.__init__zldef %s(self, a, *kw): for tpt in self.transports: result = tpt.%s(a, *kw) return result c��C��t�d��)Nz(Unimplemented: TransportSequence.getHost��NotImplementedErrorr ��r��r��r��getHosto��zTransportSequence.getHostc��C��r5��)Nz(Unimplemented: TransportSequence.getPeerr6��r ��r��r��r��getPeers��r9��zTransportSequence.getPeerc��C��r5��)Nz/Unimplemented: TransportSequence.loseConnectionr6��r ��r��r��r��loseConnectionw��r9��z TransportSequence.loseConnectionc��C��r5��)Nz&Unimplemented: TransportSequence.writer6��r��datar��r��r��r'��{��r9��zTransportSequence.writec��C��r5��)Nz.Unimplemented: TransportSequence.writeSequencer6��r<��r��r��r�� writeSequence��r9��zTransportSequence.writeSequencer��c��C��r5��)Nz)Unimplemented: TransportSequence.cursorUpr6��r��nr��r��r��cursorUp��r9��zTransportSequence.cursorUpc��C��r5��)Nz+Unimplemented: TransportSequence.cursorDownr6��r?��r��r��r�� cursorDown��r9��zTransportSequence.cursorDownc��C��r5��)Nz.Unimplemented: TransportSequence.cursorForwardr6��r?��r��r��r�� cursorForward��r9��zTransportSequence.cursorForwardc��C��r5��)Nz/Unimplemented: TransportSequence.cursorBackwardr6��r?��r��r��r��cursorBackward��r9��z TransportSequence.cursorBackwardc��C��r5��)Nz/Unimplemented: TransportSequence.cursorPositionr6��)r��column�liner��r��r��cursorPosition��r9��z TransportSequence.cursorPositionc��C��r5��)Nz+Unimplemented: TransportSequence.cursorHomer6��r ��r��r��r�� cursorHome��r9��zTransportSequence.cursorHomec��C��r5��)Nz&Unimplemented: TransportSequence.indexr6��r ��r��r��r��index��r9��zTransportSequence.indexc��C��r5��)Nz-Unimplemented: TransportSequence.reverseIndexr6��r ��r��r��r��reverseIndex��r9��zTransportSequence.reverseIndexc��C��r5��)Nz)Unimplemented: TransportSequence.nextLiner6��r ��r��r��r��nextLine��r9��zTransportSequence.nextLinec��C��r5��)Nz+Unimplemented: TransportSequence.saveCursorr6��r ��r��r��r�� saveCursor��r9��zTransportSequence.saveCursorc��C��r5��)Nz.Unimplemented: TransportSequence.restoreCursorr6��r ��r��r��r�� restoreCursor��r9��zTransportSequence.restoreCursorc��C��r5��)Nz)Unimplemented: TransportSequence.setModesr6��r��modesr��r��r��setModes��r9��zTransportSequence.setModesc��C��r5��)Nz+Unimplemented: TransportSequence.resetModesr6��)r��moder��r��r�� resetModes��r9��zTransportSequence.resetModesc��C��r5��)Nz0Unimplemented: TransportSequence.setPrivateModesr6��rN��r��r��r��setPrivateModes��r9��z!TransportSequence.setPrivateModesc��C��r5��)Nz2Unimplemented: TransportSequence.resetPrivateModesr6��rN��r��r��r��resetPrivateModes��r9��z#TransportSequence.resetPrivateModesc��C��r5��)Nz6Unimplemented: TransportSequence.applicationKeypadModer6��r ��r��r��r��applicationKeypadMode��z'TransportSequence.applicationKeypadModec��C��r5��)Nz2Unimplemented: TransportSequence.numericKeypadModer6��r ��r��r��r��numericKeypadMode��r9��z#TransportSequence.numericKeypadModec��C��r5��)Nz3Unimplemented: TransportSequence.selectCharacterSetr6��)r��charSet�whichr��r��r��selectCharacterSet��r9��z$TransportSequence.selectCharacterSetc��C��r5��)Nz(Unimplemented: TransportSequence.shiftInr6��r ��r��r��r��shiftIn��r9��zTransportSequence.shiftInc��C��r5��)Nz)Unimplemented: TransportSequence.shiftOutr6��r ��r��r��r��shiftOut��r9��zTransportSequence.shiftOutc��C��r5��)Nz-Unimplemented: TransportSequence.singleShift2r6��r ��r��r��r��singleShift2��r9��zTransportSequence.singleShift2c��C��r5��)Nz-Unimplemented: TransportSequence.singleShift3r6��r ��r��r��r��singleShift3��r9��zTransportSequence.singleShift3c��G��r5��)Nz7Unimplemented: TransportSequence.selectGraphicRenditionr6��)r�� attributesr��r��r��selectGraphicRendition��rV��z(TransportSequence.selectGraphicRenditionc��C��r5��)Nz8Unimplemented: TransportSequence.horizontalTabulationSetr6��r ��r��r��r��horizontalTabulationSet��rV��z)TransportSequence.horizontalTabulationSetc��C��r5��)Nz0Unimplemented: TransportSequence.tabulationClearr6��r ��r��r��r��tabulationClear��r9��z!TransportSequence.tabulationClearc��C��r5��)Nz3Unimplemented: TransportSequence.tabulationClearAllr6��r ��r��r��r��tabulationClearAll��r9��z$TransportSequence.tabulationClearAllTc��C��r5��)Nz1Unimplemented: TransportSequence.doubleHeightLiner6��)r��topr��r��r��doubleHeightLine��r9��z"TransportSequence.doubleHeightLinec��C��r5��)Nz0Unimplemented: TransportSequence.singleWidthLiner6��r ��r��r��r��singleWidthLine��r9��z!TransportSequence.singleWidthLinec��C��r5��)Nz0Unimplemented: TransportSequence.doubleWidthLiner6��r ��r��r��r��doubleWidthLine��r9��z!TransportSequence.doubleWidthLinec��C��r5��)Nz/Unimplemented: TransportSequence.eraseToLineEndr6��r ��r��r��r��eraseToLineEnd��r9��z TransportSequence.eraseToLineEndc��C��r5��)Nz5Unimplemented: TransportSequence.eraseToLineBeginningr6��r ��r��r��r��eraseToLineBeginning��rV��z&TransportSequence.eraseToLineBeginningc��C��r5��)NzUnimplemented: TransportSequence.eraseLiner6��r ��r��r��r�� eraseLine��r9��zTransportSequence.eraseLinec��C��r5��)Nz2Unimplemented: TransportSequence.eraseToDisplayEndr6��r ��r��r��r��eraseToDisplayEnd��r9��z#TransportSequence.eraseToDisplayEndc��C��r5��)Nz8Unimplemented: TransportSequence.eraseToDisplayBeginningr6��r ��r��r��r��eraseToDisplayBeginning��rV��z)TransportSequence.eraseToDisplayBeginningc��C��r5��)Nz-Unimplemented: TransportSequence.eraseDisplayr6��r ��r��r��r��eraseDisplay��r9��zTransportSequence.eraseDisplayc��C��r5��)Nz0Unimplemented: TransportSequence.deleteCharacterr6��r?��r��r��r��deleteCharacter��r9��z!TransportSequence.deleteCharacterc��C��r5��)Nz+Unimplemented: TransportSequence.insertLiner6��r?��r��r��r�� insertLine��r9��zTransportSequence.insertLinec��C��r5��)Nz+Unimplemented: TransportSequence.deleteLiner6��r?��r��r��r�� deleteLine!��r9��zTransportSequence.deleteLinec��C��r5��)Nz5Unimplemented: TransportSequence.reportCursorPositionr6��r ��r��r��r��reportCursorPosition%��rV��z&TransportSequence.reportCursorPositionc��C��r5��)Nz&Unimplemented: TransportSequence.resetr6��r ��r��r��r��reset+��r9��zTransportSequence.resetc��C��r5��)Nz9Unimplemented: TransportSequence.unhandledControlSequencer6��r��seqr��r��r��unhandledControlSequence/��rV��zTransportSequence.unhandledControlSequenceN)r��)T)=r+��r,��r-��r.��keyID� execBytes�decode�execStr�exec�TAB� BACKSPACEr��r��ITerminalTransport�methodr8��r:��r;��r'��r>��rA��rB��rC��rD��rG��rH��rI��rJ��rK��rL��rM��rP��rR��rS��rT��rU��rW��rZ��r[��r\��r]��r^��r`��ra��rb��rc��re��rf��rg��rh��ri��rj��rk��rl��rm��rn��ro��rp��rq��rr��ru��r��r��r��r��r0��5��sz�� r0��c��s.��e�Zd�ZdZ��fdd�Zdefdd�Z��ZS�)�LocalTerminalBufferMixina�� A mixin for RecvLine subclasses which records the state of the terminal. This is accomplished by performing all L{ITerminalTransport} operations on both the transport passed to makeConnection and an instance of helper.TerminalBuffer. @ivar terminalCopy: A L{helper.TerminalBuffer} instance which efforts will be made to keep up to date with the actual terminal associated with this protocol instance. c��s(��t��\|�_\|�j��t��t\|\|�j��S��N)r��TerminalBuffer�terminalCopy�connectionMader��makeConnectionr0��)r�� transportr!��r��r��r��B��s�� z'LocalTerminalBufferMixin.makeConnectionr��c��C��s ��t�\|�j�S�r��)r��r��r ��r��r��r��r"��G��s�� z LocalTerminalBufferMixin.__str__)r+��r,��r-��r.��r��r��r"��r/��r��r��r!��r��r��6��s��r��c��@��s��e�Zd�ZdZdZdZdZdZdZe j �d�Ze ��Zdd ��Zd d��Zdd ��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��Zd d!��Zd"d#��Zd$d%��Zd&d'��Zd(d)��Zdd+��Z d,d-��Z!d.d/��Z"d0S�)1�RecvLinea�� L{TerminalProtocol} which adds line editing features. Clients will be prompted for lines of input with all the usual features: character echoing, left and right arrow support for moving the cursor to different areas of the line buffer, backspace and delete for removing characters, and insert for toggling between typeover and insert mode. Tabs will be expanded to enough spaces to move the cursor to the next tabstop (every four characters by default). Enter causes the line buffer to be cleared and the line to be passed to the lineReceived() method which, by default, does nothing. Subclasses are responsible for redrawing the input prompt (this will probably change). �P��)s��>>> s��... r��r1��c��C��sp��g�\|�_�d\|�_\|�j}\|j\|�j\|j\|�j\|j\|�jd\|�j d\|�j \|j \|�j\|j\|�j \|j\|�j\|j\|�j\|j\|�ji \|�_\|��d�S�)Nr�� )� lineBuffer�lineBufferIndex�terminal� LEFT_ARROW�handle_LEFT�RIGHT_ARROW�handle_RIGHTr{�� handle_TAB� handle_RETURNr\|��handle_BACKSPACE�DELETE� handle_DELETE�INSERT� handle_INSERT�HOME�handle_HOME�END� handle_END�keyHandlers�initializeScreen�r��tr��r��r��r��f��s��zRecvLine.connectionMadec��C��s��\|�j��\|�j��\|�j\|�j��\|��d�S�r��)r��rr��r'��ps�pn� setInsertModer ��r��r��r��r��s�� zRecvLine.initializeScreenc��C��s(��d��\|�j�}\|d�\|�j��\|\|�jd��fS��N��)�joinr��r��)r��sr��r��r��currentLineBuffer��s��zRecvLine.currentLineBufferc��C��d\|�_�\|�j�tjjg��d�S�)N�insert)rQ��r��rP��r��rO��IRMr ��r��r��r��r��zRecvLine.setInsertModec��C��r��)N�typeover)rQ��r��rR��r��rO��r��r ��r��r��r��setTypeoverMode��r��zRecvLine.setTypeoverModec��C��s$��\|�j��\|�j\|�j�d�\|�j��dS�)z� Write a line containing the current input prompt and the current line buffer at the current cursor position. r��N)r��r'��r��r��r��r��r ��r��r��r�� drawInputLine��s��$zRecvLine.drawInputLinec��C��s,��\|�j��\|�j��\|\|�_\|\|�_\|��d�S�r��)r��rm��rH��width�heightr��)r��r��r��r��r��r��terminalSize��s �� zRecvLine.terminalSizec��C��d�S�r��r��rs��r��r��r��ru��z!RecvLine.unhandledControlSequencec��C��sL��\|�j��\|�}\|d�ur\|��d�S�\|\|�jv�r\|��\|d��d�S�\|�jjd\|d��d�S�)NFz#Received unhandled keyID: {keyID!r})rv��)r��r��_printableChars�characterReceived�_log�warn)r��rv��modifier�mr��r��r��keystrokeReceived��s�� zRecvLine.keystrokeReceivedc��C��sR��\|�j�dkr\|�j�\|�j\|��n\|g\|�j\|�j\|�jd��<�\|��jd7��_\|�j�\|��d�S�)Nr��r��)rQ��r��r��r��r��r'��)r��ch�moreCharactersComingr��r��r��r��s �� zRecvLine.characterReceivedc��C��sH��\|�j�t\|�j�\|�j��}\|�j�\|��\|��j\|7��_\|�j�td\|��d�S�)N�� )�TABSTOP�lenr��r��rC��r��extendr��r?��r��r��r��r��s��zRecvLine.handle_TABc��C��s��\|�j�dkr\|��j�d8��_�\|�j��d�S�d�S��Nr��r��r��r��rD��r ��r��r��r��r��s�� zRecvLine.handle_LEFTc��C��s0��\|�j�t\|�j�k�r\|��j�d7��_�\|�j��d�S�d�S�)Nr��)r��r��r��r��rC��r ��r��r��r��r��s��zRecvLine.handle_RIGHTc��C��s"��\|�j�r\|�j�\|�j��d\|�_�d�S�d�S��Nr��r��r ��r��r��r��r��s�� zRecvLine.handle_HOMEc��C��s4��t�\|�j�\|�j�}\|r\|�j�\|��t�\|�j�\|�_d�S�d�S�r��)r��r��r��r��rC��)r��offsetr��r��r��r��s ��zRecvLine.handle_ENDc��C��s>��\|�j�dkr\|��j�d8��_�\|�j\|�j�=�\|�j��\|�j��d�S�d�S�r��)r��r��r��rD��rn��r ��r��r��r��r��s�� zRecvLine.handle_BACKSPACEc��C��s,��\|�j�t\|�j�k�r\|�j\|�j�=�\|�j��d�S�d�S�r��)r��r��r��r��rn��r ��r��r��r��r��s�� zRecvLine.handle_DELETEc��C��s0��d��\|�j�}g�\|�_d\|�_\|�j��\|��\|��d�S�)Nr��r��)r��r��r��r��rK��lineReceived�r��rF��r��r��r��r��s �� zRecvLine.handle_RETURNc��C��s0��\|�j�dv�sJ��\|�j�dkr\|��d�S�\|��d�S�)N)r��r��r��)rQ��r��r��r ��r��r��r��r��s�� zRecvLine.handle_INSERTc��C��r��r��r��r��r��r��r��r��r��zRecvLine.lineReceivedN)#r+��r,��r-��r.��r��r��r��r��r��string� printable�encoder��r��r��r��r��r��r��r��r��r��ru��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��K��s:�� r��c��@��s@��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dS�)�HistoricRecvLinea;�� L{TerminalProtocol} which adds both basic line-editing features and input history. Everything supported by L{RecvLine} is also supported by this class. In addition, the up and down arrows traverse the input history. Each received line is automatically added to the end of the input history. c��C��s<��t��\|��g�\|�_d\|�_\|�j}\|�j�\|j\|�j\|j \|�j i��d�S�r��)r��r��historyLines�historyPositionr��r��update�UP_ARROW� handle_UP� DOWN_ARROW�handle_DOWNr��r��r��r��r��s�� zHistoricRecvLine.connectionMadec��C��s&��t�\|�j�}\|d�\|�j��\|\|�jd��fS�r��)�tupler��r��)r��br��r��r��currentHistoryBuffer��s�� z%HistoricRecvLine.currentHistoryBufferc��C��sB��\|rt�\|d�d��D�]}\|��\|d��q \|��\|dd��d��d�S�d�S�)N��TF)r��r��)r��bufr��r��r��r��_deliverBuffer��s ��zHistoricRecvLine._deliverBufferc��C��st��\|�j�r\|�jt\|�j�kr\|�j�d�\|�j��\|�jdkr8\|��\|�j��\|��jd8��_g�\|�_�\|�� \|�j\|�j��d�S�d�S�)Nr��r��r��) r��r��r��r��appendr��r��r��rh��r��r ��r��r��r��r��s�� zHistoricRecvLine.handle_UPc��C��s~��\|�j�t\|�j�d�k�r(\|��\|�j��\|��j�d7��_�g�\|�_\|��\|�j\|�j��d�S�\|��\|�j��t\|�j�\|�_�g�\|�_d\|�_d�S�)Nr��r��) r��r��r��r��r��rh��r��r��r��r ��r��r��r��r��$��s�� zHistoricRecvLine.handle_DOWNc��C��s0��\|�j�r \|�j�d�\|�j��t\|�j�\|�_t�\|��S�r��)r��r��r��r��r��r��r��r��r ��r��r��r��r��5��s�� zHistoricRecvLine.handle_RETURNN) r+��r,��r-��r.��r��r��r��r��r��r��r��r��r��r��r��s��r��)r.��r��typingr��zope.interfacer��twisted.conch.insultsr��r��twisted.loggerr��twisted.pythonr��twisted.python.compatr��r ��r��int�__annotations__r ��r}��r0��r��TerminalProtocolr��r��r��r��r��r��<module>��s$��0��__pycache__/mixin.cpython-310.pyc��0000644��00000003244�15027667726�0012626 0��ustar�00��o ��b]��@��s"��d�Z�ddlmZ�G�dd��d�ZdS�)z� Experimental optimization This module provides a single mixin class which allows protocols to collapse numerous small writes into a single larger one. @author: Jp Calderone ��)�reactorc��@��s<��e�Zd�ZdZdZdZdZdd��Zdd��Zdd ��Z d d��Z dS�)�BufferingMixinz+ Mixin which adds write buffering. Ng��c��C��s��t��\|�j\|�j�S��N)r�� callLater�DELAY�flush��self��r ��5/usr/lib/python3/dist-packages/twisted/conch/mixin.py�schedule��zBufferingMixin.schedulec��C��s��\|��\|�j��d�S�r��)�resetr��)r ��tokenr ��r ��r�� reschedule��r ��zBufferingMixin.reschedulec��C��s8��\|�j�du�rg�\|�_\|��\|�_�n\|��\|�j��\|�j�\|��dS�)a�� Buffer some bytes to be written soon. Every call to this function delays the real write by C{self.DELAY} seconds. When the delay expires, all collected bytes are written to the underlying transport using L{ITransport.writeSequence}. N)�_delayedWriteCall�datar��r��append)r ��r��r ��r ��r��write!��s �� zBufferingMixin.writec��C��s��d\|�_�\|�j�\|�j��d\|�_dS�)z/ Flush the buffer immediately. N)r�� transport� writeSequencer��r��r ��r ��r��r��0��s�� zBufferingMixin.flush)�__name__� __module__�__qualname__�__doc__r��r��r��r��r��r��r��r ��r ��r ��r��r��s��r��N)r��twisted.internetr��r��r ��r ��r ��r��<module>��s�� __pycache__/manhole.cpython-310.pyc��0000644��00000027345�15027667726�0013135 0��ustar�00��o ��bD.��@��s��d�Z�ddlZddlZddlZddlmZ�ddlmZ�ddlm Z �ddl mZ�ddlm Z �G�dd ��d �ZG�d d��dej�ZdZd ZdZdZdZdZG�dd��dej�ZG�dd��d�Zdd��ZG�dd��de�ZdS�)aO�� Line-input oriented interactive interpreter loop. Provides classes for handling Python source input and arbitrary output interactively from a Twisted application. Also included is syntax coloring code with support for VT102 terminals, control code handling (^C, ^D, ^Q), and reasonable handling of Deferreds. @author: Jp Calderone ��N)�BytesIO)�recvline)�defer)�_get_async_param)�TokenPrinterc��@��s8��e�Zd�ZdZdZdZdd��Zdd��Zdd ��Zd d��Z dS�) �FileWrapperz� Minimal write-file-like object. Writes are translated into addOutput calls on an object passed to __init__. Newlines are also converted from network to local style. r��normalc��C��s ��\|\|�_�d�S��N)�o)�selfr ��r��7/usr/lib/python3/dist-packages/twisted/conch/manhole.py�__init__&�� zFileWrapper.__init__c��C��s��d�S�r ��r��r��r��r��r ��flush)��s��zFileWrapper.flushc��C��s��\|�j��\|�dd��d�S�)Nz � )r �� addOutput�replace)r��datar��r��r ��write,��s��zFileWrapper.writec��C��s��\|��d�\|��d�S�)N��)r��join)r��linesr��r��r �� writelines/��s��zFileWrapper.writelinesN) �__name__� __module__�__qualname__�__doc__� softspace�stater��r��r��r��r��r��r��r ��r��s��r��c��@��sX��e�Zd�ZdZdZddd�Zdd��Zd d ��Zdd��Zd d��Z dd��Z dd��Zddd�ZdS�)�ManholeInterpreteraf�� Interactive Interpreter with special output and Deferred support. Aside from the features provided by L{code.InteractiveInterpreter}, this class captures sys.stdout output and redirects it to the appropriate location (the Manhole protocol instance). It also treats Deferreds which reach the top-level specially: each is formatted to the user with a unique identifier and a new callback and errback added to it, each of which will format the unique identifier and the result with which the Deferred fires and then pass it on to the next participant in the callback chain. r��N� <console>c��C��s,��t�j�\|�\|��i�\|�_\|\|�_\|\|�_\|��d�S�r ��)�code�InteractiveInterpreterr��_pendingDeferreds�handler�filename�resetBuffer)r��r&��localsr'��r��r��r ��r��C��s ��zManholeInterpreter.__init__c��C��s ��g�\|�_�dS�)z) Reset the input buffer. N)�bufferr��r��r��r ��r(��J��s�� zManholeInterpreter.resetBufferc��C��s@��\|�j��\|��d�\|�j��}\|�d�}\|��\|\|�j�}\|s\|��\|S�)a�� Push a line to the interpreter. The line should not have a trailing newline; it may have internal newlines. The line is appended to a buffer and the interpreter's runsource() method is called with the concatenated contents of the buffer as source. If this indicates that the command was executed or invalid, the buffer is reset; otherwise, the command is incomplete, and the buffer is left as it was after the line was appended. The return value is 1 if more input is required, 0 if the line was dealt with in some way (this is the same as runsource()). @param line: line of text @type line: L{bytes} @return: L{bool} from L{code.InteractiveInterpreter.runsource} �� utf-8)r��appendr��decode� runsourcer'��r(��)r��line�source�morer��r��r ��pushP��s�� zManholeInterpreter.pushc��O��sh��t�j\|�j}t�_z't�jt\|�j�}t�_ztjj\|�g\|�R�i�\|��W�\|t�_n\|t�_w�W�\|t�_d�S�\|t�_w�r ��)�sys�displayhook�stdoutr��r&��r#��r$��runcode)r��a�kw�orighook�origoutr��r��r ��r7��j��s��zManholeInterpreter.runcodec��C��s��\|\|�j�d<�t\|tj�r_t\|d�r\|��t\|��d�S�t\|�\|�jv�r1\|��d\|�jt\|��d�f��d�S�\|�j}\|�j }\|\|f\|t\|�<�\|��j d7��_ \|j \|�j\|�j\|\|f\|\|fd��\|��d\|f��d�S�\|d�url\|��t\|��d�S�d�S�)N�_�resultz<Deferred #%d>r��)�callbackArgs�errbackArgs) r)�� isinstancer��Deferred�hasattrr��repr�idr%��numDeferreds�addCallbacks�_cbDisplayDeferred�_ebDisplayDeferred)r��obj�d�kr��r��r ��r5��u��s(�� "��zManholeInterpreter.displayhookc��C��s$��\|��d\|\|f�d��\|�jt\|�=�\|S�)NzDeferred #%d called back: %rT)r��r%��rE��)r��r=��rL��rJ��r��r��r ��rH��s��z%ManholeInterpreter._cbDisplayDeferredc��C��s(��\|��d\|\|��f�d��\|�jt\|�=�\|S�)NzDeferred #%d failed: %rT)r��getErrorMessager%��rE��)r��failurerL��rJ��r��r��r ��rI��s��z%ManholeInterpreter._ebDisplayDeferredc��K��s"��t�\|fi�\|��}\|�j�\|\|��d�S�r ��)r��r&��r��)r��r��isAsync�kwargsr��r��r ��r��s��zManholeInterpreter.write)Nr"��r ��) r��r��r��r��rF��r��r(��r3��r7��r5��rH��rI��r��r��r��r��r ��r!��3��s�� r!��c��@��s`��e�Zd�ZdZdZddd�Zdd��Zdd��Zd d ��Zdd��Z d d��Z dd��Zddd�Zdd��Z dS�)�Manholea�� Mediator between a fancy line source and an interactive interpreter. This accepts lines from its transport and passes them on to a L{ManholeInterpreter}. Control commands (^C, ^D, ^\) are also handled with something approximating their normal terminal-mode behavior. It can optionally be constructed with a dict which will be used as the local namespace for any code executed. Nc��C��s&��t�j�\|��\|d�ur\|��\|�_d�S�d�S�r ��)r��HistoricRecvLiner��copy� namespace)r��rZ��r��r��r ��r��s��zManhole.__init__c��C��sf��t�j�\|��t\|�\|�j�\|�_\|�j\|�jt<�\|�j \|�jt <�\|�j\|�jt<�\|�j \|�jt<�\|�j\|�jt<�\|�j\|�jt<�d�S�r ��)r��rX��connectionMader!��rZ��interpreter� handle_INT�keyHandlers�CTRL_C� handle_EOF�CTRL_D� handle_FF�CTRL_L�handle_HOME�CTRL_A� handle_END�CTRL_E�handle_QUIT�CTRL_BACKSLASHr��r��r��r ��r[��s��zManhole.connectionMadec��C��sT��d\|�_�g�\|�_d\|�_\|�j��\|�j��\|�j�d��\|�j��\|�j�\|�j\|�j��dS�)z~ Handle ^C as an interrupt keystroke by resetting the current input variables to their initial state. r��s��KeyboardInterruptN) �pn� lineBuffer�lineBufferIndexr\��r(��terminal�nextLiner��psr��r��r��r ��r]��s�� zManhole.handle_INTc��C��s"��\|�j�r\|�j�d��d�S�\|��d�S�)N��)rk��rm��r��rh��r��r��r��r ��r`��s��zManhole.handle_EOFc��C��s ��\|�j��\|�j��\|��dS�)zh Handle a 'form feed' byte - generally used to request a screen refresh/redraw. N)rm��eraseDisplay� cursorHome� drawInputLiner��r��r��r ��rb��s�� zManhole.handle_FFc��C��s��\|�j��d�S�r ��)rm��loseConnectionr��r��r��r ��rh��s��zManhole.handle_QUITc��C��s ��\|�j�j}\|�d��o\|�d��S�)Nr+��s��E)rm�� lastWrite�endswith)r��wr��r��r �� _needsNewline��s��zManhole._needsNewlinec��K��s��t�\|fi�\|��}\|r \|�j��\|�j�t\|�j�t\|�j\|�j��\|�j�\|��\|rN\|�� r1\|�j� ��\|�j�\|�j\|�j��\|�jrP\|�j}g�\|�_d\|�_\|��\|��d�S�d�S�d�S�)Nr��) r��rm�� eraseLine�cursorBackward�lenrk��ro��rj��r��rx��rn��rl��_deliverBuffer)r��r��rO��rP�� oldBufferr��r��r ��r��s �� " �zManhole.addOutputc��C��s@��\|�j��\|�}t\|�\|�_\|��r\|�j��\|�j�\|�j\|�j��d�S�r ��) r\��r3��boolrj��rx��rm��rn��r��ro��)r��r0��r2��r��r��r ��lineReceived��s �� zManhole.lineReceivedr ��)r��r��r��r��rZ��r��r[��r]��r`��rb��rh��rx��r��r��r��r��r��r ��rW��s�� rW��c��@��sZ��e�Zd�ZdZdddddddd �Zd Zdd��Zd d��Zddd�Zdd��Z e ekr+e ZdS�dS�)�VT102Writerz� Colorizer for Python tokens. A series of tokens are written to instances of this object. Each is colored in a particular way. The final line of the result of this is generally added to the output. s��[31ms��[32ms��[33ms��[1;33ms��[35ms��[36ms��[37m)� identifier�keyword� parameter�variable�string�number�ops��[0mc��C��s ��g�\|�_�d�S�r ��)�writtenr��r��r��r ��r��r��zVT102Writer.__init__c��C��s��\|�j��\|d�}\|S�)N��)�typeToColor�get)r��type�rr��r��r ��color��s��zVT102Writer.colorNc��C��sT��\|r$\|dkr&\|��\|�}\|r\|�j�\|��\|�j�\|��\|r(\|�j�\|�j��d�S�d�S�d�S�d�S�)N�� )r��r��r-��normalColor)r��tokenr��cr��r��r ��r��s�� zVT102Writer.writec��C��s��d��\|�j�}\|�d��d�S�)Nr��r+��)r��r��strip� splitlines)r��sr��r��r �� __bytes__&��s��zVT102Writer.__bytes__r ��) r��r��r��r��r��r��r��r��r��r��bytes�str�__str__r��r��r��r ��r��s$�� r��c�� C��sf��t�\|�t�s \|��d�}�t��}t\|j�j}t\|��}t�\|j �D�]}\|\}}}}} \|\|\|\|\|\| ��qt\|�S�)z� Tokenize and colorize the given Python source. Returns a VT102-format colorized version of the last line of C{source}. @param source: Python source code @type source: L{str} or L{bytes} @return: L{bytes} of colorized source r,��) rA��r��encoder��r��r�� printtokenr��tokenize�readline) r1��rw��pr��r�� tokenTyper��start�endr0��r��r��r ��lastColorizedLine/��s�� r��c��@��s ��e�Zd�ZdZdd��Zdd��ZdS�)�ColoredManholez< A REPL which syntax colors input as users type it. c��C��s��d��\|�jj�d�d��\|�j��S�)z� Return a string containing the currently entered source. This is only the code which will be considered for execution next. r+��r��)r��r\��r��rk��r��r��r��r �� getSourceK��s��zColoredManhole.getSourcec��C��s ��\|�j�dkr\|�j�\|�j\|��n\|g\|�j\|�j\|�jd��<�\|��jd7��_\|r%d�S�\|dkr1\|�j�\|��d�S�\|��}zt\|�}W�n�tj yL��\|�j�\|��Y�d�S�w�\|�j� ��\|�j�t\|�j�t\|�j \|�j��d��\|�j�\|�j \|�j�\|��t\|�j�\|�j�}\|r�\|�j�\|��d�S�d�S�)N�insertr>�� )�moderk��r��rl��rm��r��r��r��r�� TokenErrorry��rz��r{��ro��rj��)r��ch�moreCharactersComingr1��coloredLine�nr��r��r ��characterReceivedT��s0�� z ColoredManhole.characterReceivedN)r��r��r��r��r��r��r��r��r��r ��r��F��s�� r��)r��r#��r4��r��ior�� twisted.conchr��twisted.internetr��twisted.python.compatr��twisted.python.htmlizerr��r��r$��r!��r_��ra��ri��rc��re��rg��rX��rW��r��r��r��r��r��r��r ��<module>��s��h^.��__pycache__/checkers.cpython-310.pyc��0000644��00000046676�15027667726�0013311 0��ustar�00��o ��b�K��@��sF��d�Z�ddlZddlZddlZddlmZ�ddlmZmZm Z �zddl ZW�n�ey/��dZ Y�nw�eZ zddl ZW�n�eyC��dZ Y�nw�eZ ddlmZmZmZ�ddlmZ�ddlmZ�ddlmZ�dd lmZ�dd lmZmZ�ddlmZm Z �ddl!m"Z"�dd l#m$Z$�ddl%m&Z&�ddl'm(Z(m)Z)�ddlm+Z+�ddl,m-Z-�ddl.m/Z/�e$��Z0dd��Z1dd��Z2ee�G�dd��d��Z3ee�G�dd��d��Z4ee�G�dd��d��Z5e+edddd�de6d��G�d d!��d!e�Z7ej8j9fd"ed#ee:gej8f�d$e ej8�fd%d&�Z;d'd(��Z<ee7�G�d)d��d��Z=ee7�G�d+d,��d,��Z>ee�G�d-d.��d.��Z?dS�)/zO Provide L{ICredentialsChecker} implementations to be used in Conch protocols. ��N)�decodebytes)�BinaryIO�Callable�Iterator)� Interface�implementer� providedBy)�Version��error)�keys)�ICredentialsChecker)�ISSHPrivateKey�IUsernamePassword)�UnauthorizedLogin�UnhandledCredentials)�defer)�Logger)�verifyCryptedPassword)�failure�reflect)�deprecatedModuleAttribute)�FilePath)�runAsEffectiveUserc��C��s��t�du�rdS�t��\|��S�)a�� Look up a user in the /etc/passwd database using the pwd module. If the pwd module is not available, return None. @param username: the username of the user to return the passwd database information for. @type username: L{str} N)�pwd�getpwnam)�username��r��8/usr/lib/python3/dist-packages/twisted/conch/checkers.py� _pwdGetByName2��s�� r��c��C��s"��t�durt�j}ndS�tdd\|\|��S�)z� Look up a user in the /etc/shadow database using the spwd module. If it is not available, return L{None}. @param username: the username of the user to return the shadow database information for. @type username: L{str} Nr��)�spwd�getspnamr��)r��fr��r��r��_shadowGetByName@��s�� r#��c��@��s(��e�Zd�ZdZefZddd�Zdd��ZdS�)�UNIXPasswordDatabaseab�� A checker which validates users out of the UNIX password databases, or databases of a compatible format. @ivar _getByNameFunctions: a C{list} of functions which are called in order to valid a user. The default value is such that the C{/etc/passwd} database will be tried first, followed by the C{/etc/shadow} database. Nc��C��s��\|d�u�rt�tg}\|\|�_d�S��N)r��r#��_getByNameFunctions)�self�getByNameFunctionsr��r��r��__init__]��s�� zUNIXPasswordDatabase.__init__c�� C��s��\|j��t��}\|j�t��}\|�jD�]5}z\|\|�}W�n�ty-��t�t d��Y��S�w�\|d�urH\|d�}\|dkr;qt \|\|�rHt�\|j��S�qt�t d��S�)Nzinvalid username��zunable to verify password)r��decode�sys�getfilesystemencoding�passwordr&��KeyErrorr��failr��r��succeed)r'��credentialsr��r/��func�pwnam�cryptedr��r��r��requestAvatarIdb��s �� z$UNIXPasswordDatabase.requestAvatarIdr%��)�__name__� __module__�__qualname__�__doc__r��credentialInterfacesr)��r7��r��r��r��r��r$��P��s �� r$��c��@��sB��e�Zd�ZdZefZeZdd��Zdd��Z dd��Z dd ��Zd d��ZdS�) �SSHPublicKeyDatabasez� Checker that authenticates SSH public keys, based on public keys listed in authorized_keys and authorized_keys2 files in user .ssh/ directories. c��C��s,��t��\|�j\|�}\|�\|�j\|��\|�\|�j��\|S�r%��)r�� maybeDeferred�checkKey�addCallback�_cbRequestAvatarId� addErrback�_ebRequestAvatarId�r'��r3��dr��r��r��r7��s��z$SSHPublicKeyDatabase.requestAvatarIdc��C��s��\|s t��td��S�\|jst��t��S�ztj�\|j �}\|� \|j\|j�r'\|jW�S�W�n�t y=��t��d��t��td��Y�S�w�t��td��S�)aC�� Check whether the credentials themselves are valid, now that we know if the key matches the user. @param validKey: A boolean indicating whether or not the public key matches a key in the user's authorized_keys file. @param credentials: The credentials offered by the user. @type credentials: L{ISSHPrivateKey} provider @raise UnauthorizedLogin: (as a failure) if the key does not match the user in C{credentials}. Also raised if the user provides an invalid signature. @raise ValidPublicKey: (as a failure) if the key matches the user but the credentials do not include a signature. See L{error.ValidPublicKey} for more information. @return: The user's username, if authentication was successful. zinvalid key�Error while verifying keyzerror while verifying keyzunable to verify key)r��Failurer�� signaturer��ValidPublicKeyr��Key� fromString�blob�verify�sigDatar�� Exception�_log)r'��validKeyr3��pubKeyr��r��r��rA��s�� z'SSHPublicKeyDatabase._cbRequestAvatarIdc��s8��\|�j��\|j�}t\|j��d��ddg}��fdd�\|D��S�)a�� Return a list of L{FilePath} instances for I{authorized_keys} files which might contain information about authorized keys for the given credentials. On OpenSSH servers, the default location of the file containing the list of authorized public keys is U{$HOME/.ssh/authorized_keys<http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config>}. I{$HOME/.ssh/authorized_keys2} is also returned, though it has been U{deprecated by OpenSSH since 2001<http://marc.info/?m=100508718416162>}. @return: A list of L{FilePath} instances to files with the authorized keys. �.ssh�authorized_keys�authorized_keys2c��s��g�\|�]}��\|��qS�r��child��.0r"��rootr��r�� <listcomp>��s��z?SSHPublicKeyDatabase.getAuthorizedKeysFiles.<locals>.<listcomp>)�_userdbr��r��r��pw_dirrW��)r'��r3��pwent�filesr��rZ��r��getAuthorizedKeysFiles��s��z+SSHPublicKeyDatabase.getAuthorizedKeysFilesc�� C��s��\|�j��\|j�dd��\}}\|��\|�D�]q}\|��sqz\|��}W�n!�ty@�}�z\|jtjkr5t \|\|\|j�}n��W�Y�d}~nd}~ww�\|�8�\|D�]-}\|� ��}t\|�dk�rSqFzt\|d��\|j krhW��W�d��dS�W�qF�tjys��Y�qFw�W�d��n1�s~w��Y��qdS�)zg Retrieve files containing authorized keys and check against user credentials. ��Nr��TF)r]��r��r��ra��exists�open�OSError�errno�EACCESr��split�lenr��rL��binascii�Error) r'��r3��ouid�ogid�filepath�lines�e�l�l2r��r��r��r?��s<�� zSSHPublicKeyDatabase.checkKeyc��C��s,��\|��t�stjd\|jd��t�td��S�\|S�)Nz1Unauthorized login due to internal error: {error}r ��zunable to get avatar id)�checkr��rP��r��valuer��rG��)r'��r"��r��r��r��rC��s�� z'SSHPublicKeyDatabase._ebRequestAvatarIdN) r8��r9��r:��r;��r��r<��r��r]��r7��rA��ra��r?��rC��r��r��r��r��r=��y��s��#r=��c��@��sD��e�Zd�ZdZdd��Zedd��Zdd��Zdd ��Zd d��Z dd ��Z dS�)�SSHProtocolCheckera�� SSHProtocolChecker is a checker that requires multiple authentications to succeed. To add a checker, call my registerChecker method with the checker and the interface. After each successful authenticate, I call my areDone method with the avatar id. To get a list of the successful credentials for an avatar id, use C{SSHProcotolChecker.successfulCredentials[avatarId]}. If L{areDone} returns True, the authentication has succeeded. c��C��s��i�\|�_�i�\|�_d�S�r%��)�checkers�successfulCredentials�r'��r��r��r��r)��s�� zSSHProtocolChecker.__init__c��C��s��t�\|�j��S�r%��)�listrw��r��ry��r��r��r��r<��s��z'SSHProtocolChecker.credentialInterfacesc��G��s"��\|s\|j�}\|D�]}\|\|�j\|<�qd�S�r%��)r<��rw��)r'��checkerr<��credentialInterfacer��r��r��registerChecker��s ��z"SSHProtocolChecker.registerCheckerc�� C��sf��t�\|�}\|D�]}\|�j�\|�}\|dur"t�\|j\|�}\|�\|�j\|��S�qt�t dd� ttj \|��S�)a�� Part of the L{ICredentialsChecker} interface. Called by a portal with some credentials to check if they'll authenticate a user. We check the interfaces that the credentials provide against our list of acceptable checkers. If one of them matches, we ask that checker to verify the credentials. If they're valid, we call our L{_cbGoodAuthentication} method to continue. @param credentials: the credentials the L{Portal} wants us to verify NzNo checker for %sz, )r��rw��getr��r>��r7��r@��_cbGoodAuthenticationr1��r��join�mapr��qual)r'��r3��ifac�i�crE��r��r��r��r7��s��z"SSHProtocolChecker.requestAvatarIdc��C��sB��\|\|�j�vr g�\|�j�\|<�\|�j�\|��\|��\|��\|�r\|�j�\|=�\|S�t��)a�� Called if a checker has verified the credentials. We call our L{areDone} method to see if the whole of the successful authentications are enough. If they are, we return the avatar ID returned by the first checker. )rx��append�areDoner��NotEnoughAuthentication)r'��avatarIdr3��r��r��r��r��s�� z(SSHProtocolChecker._cbGoodAuthenticationc��C��dS�)a�� Override to determine if the authentication is finished for a given avatarId. @param avatarId: the avatar returned by the first checker. For this checker to function correctly, all the checkers must return the same avatar ID. Tr��)r'��r��r��r��r��r��)��s�� zSSHProtocolChecker.areDoneN)r8��r9��r:��r;��r)��propertyr<��r}��r7��r��r��r��r��r��r��rv��s�� rv��Twisted��z�Please use twisted.conch.checkers.SSHPublicKeyChecker, initialized with an instance of twisted.conch.checkers.UNIXAuthorizedKeysFiles instead.c��@��s��e�Zd�ZdZdd��ZdS�)�IAuthorizedKeysDBzb An object that provides valid authorized ssh keys mapped to usernames. @since: 15.0 c��C��r��)aL�� Gets an iterable of authorized keys that are valid for the given C{avatarId}. @param avatarId: the ID of the avatar @type avatarId: valid return value of L{twisted.cred.checkers.ICredentialsChecker.requestAvatarId} @return: an iterable of L{twisted.conch.ssh.keys.Key} Nr��)r��r��r��r��getAuthorizedKeysH��s��z#IAuthorizedKeysDB.getAuthorizedKeysN)r8��r9��r:��r;��r��r��r��r��r��r��A��s��r��fileobj�parseKey�returnc��c��sl��\|�D�]0}\|��}\|r3\|�d�s3z\|\|�V��W�q�tjy2�}�ztjd\|\|d��W�Y�d}~qd}~ww�qdS�)a�� Reads keys from an authorized keys file. Any non-comment line that cannot be parsed as a key will be ignored, although that particular line will be logged. @param fileobj: something from which to read lines which can be parsed as keys @param parseKey: a callable that takes bytes and returns a L{twisted.conch.ssh.keys.Key}, mainly to be used for testing. The default is L{twisted.conch.ssh.keys.Key.fromString}. @return: an iterable of L{twisted.conch.ssh.keys.Key} @since: 15.0 ��#z1Unable to parse line {line!r} as a key: {error!s})�liner��N)�strip� startswithr��BadKeyErrorrP��r��)r��r��r��rq��r��r��r��readAuthorizedKeyFileU��s ��r��c��c��s��\|�D�]@}\|��rCz\|��}t\|\|�E�dH��W�d��n1�s!w��Y��W�q�tyB�}�ztjd\|j\|d��W�Y�d}~qd}~ww�qdS�)a�� Helper function that turns an iterable of filepaths into a generator of keys. If any file cannot be read, a message is logged but it is otherwise ignored. @param filepaths: iterable of L{twisted.python.filepath.FilePath}. @type filepaths: iterable @param parseKey: a callable that takes a string and returns a L{twisted.conch.ssh.keys.Key} @type parseKey: L{callable} @return: generator of L{twisted.conch.ssh.keys.Key} @rtype: generator @since: 15.0 Nz"Unable to read {path!r}: {error!s})�pathr��)rd��re��r��rf��rP��r��r��)� filepathsr��fpr"��rq��r��r��r��_keysFromFilepathsr��s�� r��c��@��s ��e�Zd�ZdZdd��Zdd��ZdS�)�InMemorySSHKeyDBz� Object that provides SSH public keys based on a dictionary of usernames mapped to L{twisted.conch.ssh.keys.Key}s. @since: 15.0 c��C�� \|\|�_�dS�)z� Initializes a new L{InMemorySSHKeyDB}. @param mapping: mapping of usernames to iterables of L{twisted.conch.ssh.keys.Key}s @type mapping: L{dict} N)�_mapping)r'��mappingr��r��r��r)��s�� zInMemorySSHKeyDB.__init__c��C��s��\|�j��\|g��S�r%��)r��r~��)r'��r��r��r��r��r��s��z"InMemorySSHKeyDB.getAuthorizedKeysN)r8��r9��r:��r;��r)��r��r��r��r��r��r��s��r��c��@��s��e�Zd�ZdZdejjfdd�Zdd��ZdS�)�UNIXAuthorizedKeysFilesa�� Object that provides SSH public keys based on public keys listed in authorized_keys and authorized_keys2 files in UNIX user .ssh/ directories. If any of the files cannot be read, a message is logged but that file is otherwise ignored. @since: 15.0 Nc��C��s"��\|\|�_�\|\|�_\|du�rt\|�_�dS�dS�)a�� Initializes a new L{UNIXAuthorizedKeysFiles}. @param userdb: access to the Unix user account and password database (default is the Python module L{pwd}) @type userdb: L{pwd}-like object @param parseKey: a callable that takes a string and returns a L{twisted.conch.ssh.keys.Key}, mainly to be used for testing. The default is L{twisted.conch.ssh.keys.Key.fromString}. @type parseKey: L{callable} N)r]�� _parseKeyr��)r'��userdbr��r��r��r��r)��s �� z UNIXAuthorizedKeysFiles.__init__c��sX��z\|�j��\|�}W�n �ty��Y�dS�w�t\|j��d��ddg}t��fdd�\|D��\|�j�S�)Nr��rS��rT��rU��c��3��s��\|�]}��\|�V��qd�S�r%��rV��rX��rZ��r��r�� <genexpr>��s��z<UNIXAuthorizedKeysFiles.getAuthorizedKeys.<locals>.<genexpr>)r]��r��r0��r��r^��rW��r��r��)r'��r��passwdr`��r��rZ��r��r��s��z)UNIXAuthorizedKeysFiles.getAuthorizedKeys) r8��r9��r:��r;��r��rJ��rK��r)��r��r��r��r��r��r��s�� r��c��@��s>��e�Zd�ZdZefZdd��Zdd��Zdd��Zdd ��Z d d��Z dS�) �SSHPublicKeyCheckera?�� Checker that authenticates SSH public keys, based on public keys listed in authorized_keys and authorized_keys2 files in user .ssh/ directories. Initializing this checker with a L{UNIXAuthorizedKeysFiles} should be used instead of L{twisted.conch.checkers.SSHPublicKeyDatabase}. @since: 15.0 c��C��r��)z� Initializes a L{SSHPublicKeyChecker}. @param keydb: a provider of L{IAuthorizedKeysDB} @type keydb: L{IAuthorizedKeysDB} provider N)�_keydb)r'��keydbr��r��r��r)��s�� zSSHPublicKeyChecker.__init__c��C��s.��t��\|�j\|�}\|�\|�j\|��\|�\|�j\|��\|S�r%��)r��r>��_sanityCheckKeyr@�� _checkKey� _verifyKeyrD��r��r��r��r7��s��z#SSHPublicKeyChecker.requestAvatarIdc��C��s��\|j�st��tj�\|j�S�)aW�� Checks whether the provided credentials are a valid SSH key with a signature (does not actually verify the signature). @param credentials: the credentials offered by the user @type credentials: L{ISSHPrivateKey} provider @raise ValidPublicKey: the credentials do not include a signature. See L{error.ValidPublicKey} for more information. @raise BadKeyError: The key included with the credentials is not recognized as a key. @return: the key in the credentials @rtype: L{twisted.conch.ssh.keys.Key} )rH��r��rI��r��rJ��rK��rL��)r'��r3��r��r��r��r��s��z#SSHPublicKeyChecker._sanityCheckKeyc��s,��t��fdd�\|�j�\|j�D��r��S�td��)ab�� Checks the public key against all authorized keys (if any) for the user. @param pubKey: the key in the credentials (just to prevent it from having to be calculated again) @type pubKey: @param credentials: the credentials offered by the user @type credentials: L{ISSHPrivateKey} provider @raise UnauthorizedLogin: If the key is not authorized, or if there was any error obtaining a list of authorized keys for the user. @return: C{pubKey} if the key is authorized @rtype: L{twisted.conch.ssh.keys.Key} c��3��s��\|�]}\|��kV��qd�S�r%��r��)rY��key�rR��r��r��r��s�� z0SSHPublicKeyChecker._checkKey.<locals>.<genexpr>zKey not authorized)�anyr��r��r��r��)r'��rR��r3��r��r��r��r��s ��zSSHPublicKeyChecker._checkKeyc�� C��sF��z\|��\|j\|j�r \|jW�S�W�td��ty"�}�ztd�\|�d}~ww�)a~�� Checks whether the credentials themselves are valid, now that we know if the key matches the user. @param pubKey: the key in the credentials (just to prevent it from having to be calculated again) @type pubKey: L{twisted.conch.ssh.keys.Key} @param credentials: the credentials offered by the user @type credentials: L{ISSHPrivateKey} provider @raise UnauthorizedLogin: If the key signature is invalid or there was any error verifying the signature. @return: The user's username, if authentication was successful @rtype: L{bytes} rF��NzKey signature invalid.)rM��rH��rN��r��rO��r��)r'��rR��r3��rq��r��r��r��r��s�� zSSHPublicKeyChecker._verifyKeyN)r8��r9��r:��r;��r��r<��r)��r7��r��r��r��r��r��r��r��r��s�� r��)@r;��rk��rg��r-��base64r��typingr��r��r��r��_pwd�ImportErrorr ��_spwd�zope.interfacer��r��r��incrementalr �� twisted.conchr��twisted.conch.sshr��twisted.cred.checkersr ��twisted.cred.credentialsr��r��twisted.cred.errorr��r��twisted.internetr��twisted.loggerr��twisted.plugins.cred_unixr��twisted.pythonr��r��twisted.python.deprecater��twisted.python.filepathr��twisted.python.utilr��rP��r��r#��r$��r=��rv��r8��r��rJ��rK��bytesr��r��r��r��r��r��r��r��r��<module>��s~��(mM�� '��__pycache__/endpoints.cpython-310.pyc��0000644��00000074350�15027667726�0013513 0��ustar�00��o ��b u��@��s��d�Z�g�d�ZddlZddlmZ�ddlmZ�ddlmZm Z �ddl mZ�ddlm Z �dd lmZmZ�dd lmZ�ddlmZmZ�ddlmZ�dd lmZ�ddlmZ�ddlmZ�ddlmZm Z m!Z!�ddl"m#Z#m$Z$�ddl%m&Z&m'Z'�ddl(m)Z)�ddlm+Z+�ddl,m-Z-�ddl.m/Z/m0Z0�ddl1m2Z2�ddl3m4Z4�G�dd��de5�Z6G�dd��de�Z7G�dd��d�Z8G�dd ��d e�Z9G�d!d"��d"e�Z:G�d#d$��d$e�Z;G�d%d&��d&e�Z<e e)�G�d'd(��d(��Z=G�d)d��d�Z>e e7�G�d+d,��d,��Z?e e7�G�d-d.��d.��Z@dS�)/z7 Endpoint implementations of various SSH interactions. )�AuthenticationFailed�SSHCommandAddress�SSHCommandClientEndpoint��N)� expanduser)�unpack)� Interface�implementer)�SSHAgentClient)�_KNOWN_HOSTS)� ConsoleUI�KnownHostsFile)� SSHChannel)�NS�getNS)� SSHConnection)�Key)�SSHClientTransport)�SSHUserAuthClient)�CancelledError�Deferred�succeed)�TCP4ClientEndpoint�connectProtocol)�ConnectionDone�ProcessTerminated)�IStreamClientEndpoint)�Factory)�Logger)�nativeString� networkString)�Failure)�FilePathc��@��s��e�Zd�ZdZdS�)r��z` An SSH session could not be established because authentication was not successful. N)�__name__� __module__�__qualname__�__doc__��r&��r&��9/usr/lib/python3/dist-packages/twisted/conch/endpoints.pyr��%��s��r��c��@�� e�Zd�ZdZdd��Zdd��ZdS�)�_ISSHConnectionCreatorzS An L{_ISSHConnectionCreator} knows how to create SSH connections somehow. c��C��dS�)z� Return a new, connected, secured, but not yet authenticated instance of L{twisted.conch.ssh.transport.SSHServerTransport} or L{twisted.conch.ssh.transport.SSHClientTransport}. Nr&��r&��r&��r&��r'��secureConnection2��z'_ISSHConnectionCreator.secureConnectionc��C��r��)a�� Perform cleanup necessary for a connection object previously returned from this creator's C{secureConnection} method. @param connection: An L{twisted.conch.ssh.transport.SSHServerTransport} or L{twisted.conch.ssh.transport.SSHClientTransport} returned by a previous call to C{secureConnection}. It is no longer needed by the caller of that method and may be closed or otherwise cleaned up as necessary. @param immediate: If C{True} don't wait for any network communication, just close the connection immediately and as aggressively as necessary. Nr&��)� connection� immediater&��r&��r'��cleanupConnection9��r,��z(_ISSHConnectionCreator.cleanupConnectionN)r"��r#��r$��r%��r+��r/��r&��r&��r&��r'��r)��-��s��r)��c��@��s��e�Zd�ZdZdd��ZdS�)r��a$�� An L{SSHCommandAddress} instance represents the address of an SSH server, a username which was used to authenticate with that server, and a command which was run there. @ivar server: See L{__init__} @ivar username: See L{__init__} @ivar command: See L{__init__} c��C��s��\|\|�_�\|\|�_\|\|�_dS�)a�� @param server: The address of the SSH server on which the command is running. @type server: L{IAddress} provider @param username: An authentication username which was used to authenticate against the server at the given address. @type username: L{bytes} @param command: A command which was run in a session channel on the server at the given address. @type command: L{bytes} N)�server�username�command)�selfr0��r1��r2��r&��r&��r'��__init__U��s�� zSSHCommandAddress.__init__N)r"��r#��r$��r%��r4��r&��r&��r&��r'��r��J��s�� r��c��@��sb��e�Zd�ZdZdZe��Zdd��Zdd��Zdd��Z d d ��Z dd��Zd d��Zdd��Z dd��Zdd��ZdS�)�_CommandChannela�� A L{_CommandChannel} executes a command in a session channel and connects its input and output to an L{IProtocol} provider. @ivar _creator: See L{__init__} @ivar _command: See L{__init__} @ivar _protocolFactory: See L{__init__} @ivar _commandConnected: See L{__init__} @ivar _protocol: An L{IProtocol} provider created using C{_protocolFactory} which is hooked up to the running command's input and output streams. s��sessionc��C��s,��t��\|��\|\|�_\|\|�_\|\|�_\|\|�_d\|�_dS�)a�� @param creator: The L{_ISSHConnectionCreator} provider which was used to get the connection which this channel exists on. @type creator: L{_ISSHConnectionCreator} provider @param command: The command to be executed. @type command: L{bytes} @param protocolFactory: A client factory to use to build a L{IProtocol} provider to use to associate with the running command. @param commandConnected: A L{Deferred} to use to signal that execution of the command has failed or that it has succeeded and the command is now running. @type commandConnected: L{Deferred} N)r ��r4��_creator�_command�_protocolFactory�_commandConnected�_reason)r3��creatorr2��protocolFactory�commandConnectedr&��r&��r'��r4��x��s�� z_CommandChannel.__init__c��C��\|�j��\|��dS�)z� When the request to open a new channel to run this command in fails, fire the C{commandConnected} deferred with a failure indicating that. N�r9��errback�r3��reasonr&��r&��r'�� openFailed��s��z_CommandChannel.openFailedc��C��s.��\|�j�j\|�dt\|�j�dd�}\|�\|�j\|�j��dS�)z� When the request to open a new channel to run this command in succeeds, issue an C{"exec"} request to run the command. s��execT)� wantReplyN)�conn�sendRequestr��r7��addCallbacks�_execSuccess�_execFailure)r3��ignoredr2��r&��r&��r'��channelOpen��s��z_CommandChannel.channelOpenc��C��r>��)a�� When the request to execute the command in this channel fails, fire the C{commandConnected} deferred with a failure indicating this. @param reason: The cause of the command execution failure. @type reason: L{Failure} Nr?��rA��r&��r&��r'��rI��z_CommandChannel._execFailurec��C��sN��\|�j��t\|�jjj��\|�jjjj\|�jjjj��\|�_ \|�j � \|��\|�j�\|�j ��dS�)a�� When the request to execute the command in this channel succeeds, use C{protocolFactory} to build a protocol to handle the command's input and output and connect the protocol to a transport representing those streams. Also fire C{commandConnected} with the created protocol after it is connected to its transport. @param ignored: The (ignored) result of the execute request N) r8�� buildProtocolr��rE�� transport�getPeerr;��r1��r2�� _protocol�makeConnectionr9��callback)r3��rJ��r&��r&��r'��rH��s�� z_CommandChannel._execSuccessc��C��r>��)z� When the command's stdout data arrives over the channel, deliver it to the protocol instance. @param data: The bytes from the command's stdout. @type data: L{bytes} N)rP��dataReceived�r3��datar&��r&��r'��rS��rL��z_CommandChannel.dataReceivedc��C��s��t�d\|�\}\|dkrt\|dd�\|�_dS�dS�)a�� When the server sends the command's exit status, record it for later delivery to the protocol. @param data: The network-order four byte representation of the exit status of the command. @type data: L{bytes} z>Lr��N)r��r��r:��)r3��rU��statusr&��r&��r'��request_exit_status��s�� z#_CommandChannel.request_exit_statusc��C��s��t�\|�\}}tt\|dd��\|dd��}}t�\|�\}}t�\|�\}}dt\|��}tt\|d�}\|�jjd\|\|\|�d�\|d��t d\|d�\|�_ dS�) a�� When the server sends the command's exit status, record it for later delivery to the protocol. @param data: The network-order four byte representation of the exit signal of the command. @type data: L{bytes} r��N�SIG��z�Process exited with signal {shortSignalName!r}; core dumped: {coreDumped}; error message: {errorMessage}; language: {languageTag!r}zutf-8)�shortSignalName� coreDumped�errorMessage�languageTag)r��bool�ordr��getattr�signal�_log�info�decoder��r:��)r3��rU��r[��r\��r]��r^�� signalName�signalIDr&��r&��r'��request_exit_signal��s�� "� z#_CommandChannel.request_exit_signalc��C��s>��\|�j��\|�jd��\|�jdu�rtd�}n\|�j}\|�j�t\|��dS�)zf When the channel closes, deliver disconnection notification to the protocol. FNzssh channel closed)r6��r/��rE��r:��r��rP��connectionLostr ��rA��r&��r&��r'��closed��s �� z_CommandChannel.closedN)r"��r#��r$��r%��namer��rc��r4��rC��rK��rI��rH��rS��rW��rh��rj��r&��r&��r&��r'��r5��h��s�� r5��c��@��r(��)�_ConnectionReadyz� L{_ConnectionReady} is an L{SSHConnection} (an SSH service) which only propagates the I{serviceStarted} event to a L{Deferred} to be handled elsewhere. c��C��s��t��\|��\|\|�_dS�)zo @param ready: A L{Deferred} which should be fired when I{serviceStarted} happens. N)r��r4��_ready)r3��readyr&��r&��r'��r4��s�� z_ConnectionReady.__init__c��C��s��\|�j��\|��\|�`�dS�)z� When the SSH I{connection} I{service} this object represents is ready to be used, fire the C{connectionReady} L{Deferred} to publish that event to some other interested party. N)rm��rR��r3��r&��r&��r'��serviceStarted��s��z_ConnectionReady.serviceStartedN)r"��r#��r$��r%��r4��rp��r&��r&��r&��r'��rl��s��rl��c��@��sT��e�Zd�ZdZdZdZdZdd��Zdd��Zdd��Z d d ��Z dd��Zd d��Zdd��Z dS�)� _UserAuthaG�� L{_UserAuth} implements the client part of SSH user authentication in the convenient way a user might expect if they are familiar with the interactive I{ssh} command line client. L{_UserAuth} supports key-based authentication, password-based authentication, and delegating authentication to an agent. Nc��C��s:��\|�j�dur \|�j��S�\|�jr\|�j�d�\|�_nd\|�_\|�j��S�)a~�� Retrieve the next public key object to offer to the server, possibly delegating to an authentication agent if there is one. @return: The public part of a key pair that could be used to authenticate with the server, or L{None} if there are no more public keys to try. @rtype: L{twisted.conch.ssh.keys.Key} or L{None} Nr��)�agent�getPublicKey�keys�pop�key�publicro��r&��r&��r'��rs��(��s�� z_UserAuth.getPublicKeyc��C��s��\|�j�dur\|�j��\|��\|�S�t�\|�\|\|�S�)z� Extend the base signing behavior by using an SSH agent to sign the data, if one is available. @type publicKey: L{Key} @type signData: L{str} N)rr��signData�blobr��)r3�� publicKeyrx��r&��r&��r'��rx��;��s�� z_UserAuth.signDatac��C�� t�\|�j�S�)a�� Get the private part of a key pair to use for authentication. The key corresponds to the public part most recently returned from C{getPublicKey}. @return: A L{Deferred} which fires with the private key. @rtype: L{Deferred} )r��rv��ro��r&��r&��r'�� getPrivateKeyH��s�� z_UserAuth.getPrivateKeyc��C��s��\|�j�du�rdS�t\|�j��S�)z� Get the password to use for authentication. @return: A L{Deferred} which fires with the password, or L{None} if the password was not specified. N)�passwordr��ro��r&��r&��r'��getPasswordS��s�� z_UserAuth.getPasswordc��C��s��d\|�j�_t�\|�\|�S�)z� Handle user authentication success in the normal way, but also make a note of the state change on the L{_CommandTransport}. s��CHANNELLING)rN��_stater��ssh_USERAUTH_SUCCESS)r3��packetr&��r&��r'��r��^��s��z_UserAuth.ssh_USERAUTH_SUCCESSc��s0��t��}t\|_\|�\|�}��fdd�}\|�\|��\|S�)as�� Set up a connection to the authentication agent and trigger its initialization. @param endpoint: An endpoint which can be used to connect to the authentication agent. @type endpoint: L{IStreamClientEndpoint} provider @return: A L{Deferred} which fires when the agent connection is ready for use. c��s��\|��_�\|��S��N)rr�� getPublicKeys)rr��ro��r&��r'�� connectedv��s��z+_UserAuth.connectToAgent.<locals>.connected)r��r ��protocol�connect�addCallback)r3��endpoint�factory�dr��r&��ro��r'��connectToAgentf��s�� z_UserAuth.connectToAgentc��C��s��\|�j�du�rdS�\|�j�j��dS�)z' Disconnect the agent. N)rr��rN��loseConnectionro��r&��r&��r'��loseAgentConnection}��s�� z_UserAuth.loseAgentConnection)r"��r#��r$��r%��r}��rt��rr��rs��rx��r\|��r~��r��r��r��r&��r&��r&��r'��rq��s�� rq��c��@��sD��e�Zd�ZdZdZdZdZdd��Zdd��Zdd ��Z d d��Z dd ��ZdS�)�_CommandTransporta�� L{_CommandTransport} is an SSH client I{transport} which includes a host key verification step before it will proceed to secure the connection. L{_CommandTransport} also knows how to set up a connection to an authentication agent if it is told where it can connect to one. @ivar _userauth: The L{_UserAuth} instance which is in charge of the overall authentication process or L{None} if the SSH connection has not reach yet the C{user-auth} service. @type _userauth: L{_UserAuth} s��STARTINGNc��s4��t��fdd��_��fdd�}��j�\|��\|��_dS�)z� @param creator: The L{_NewConnectionHelper} that created this connection. @type creator: L{_NewConnectionHelper}. c��s ��j��S�r��)rN��abortConnection)r��ro��r&��r'��<lambda>��s�� z,_CommandTransport.__init__.<locals>.<lambda>c��s ��d��_�\|�S�r��)�connectionReady)�resultro��r&��r'�� readyFired��s��z._CommandTransport.__init__.<locals>.readyFiredN)r��r��addBothr;��)r3��r;��r��r&��ro��r'��r4��s�� z_CommandTransport.__init__c��C��sL��\|�j�j}t\|�j��j�}d\|�_\|�j�j�\|�j�j \|\|t �\|��}\|�\|�j ��\|S�)a �� Ask the L{KnownHostsFile} provider available on the factory which created this protocol this protocol to verify the given host key. @return: A L{Deferred} which fires with the result of L{KnownHostsFile.verifyHostKey}. ��SECURING)r;��hostnamer��rN��rO��hostr�� knownHosts� verifyHostKey�uir�� fromString� addErrback�_saveHostKeyFailure)r3��hostKey�fingerprintr��ipr��r&��r&��r'��r��s��z_CommandTransport.verifyHostKeyc��C��s ��\|\|�_�\|S�)a+�� When host key verification fails, record the reason for the failure in order to fire a L{Deferred} with it later. @param reason: The cause of the host key verification failure. @type reason: L{Failure} @return: C{reason} @rtype: L{Failure} )�_hostKeyFailurerA��r&��r&��r'��r��s��z%_CommandTransport._saveHostKeyFailurec��s��d��_�t��j�}t��jj\|��_��jj��j_��jjr"t ��jj��j_��jj dur1��j��jj �}ntd�}��fdd�}\|� \|��dS�)zR When the connection is secure, start the authentication process. ��AUTHENTICATINGNc��s��j��d�S�r��)�requestService� _userauth�rJ��ro��r&��r'�� maybeGotAgent��s��z9_CommandTransport.connectionSecure.<locals>.maybeGotAgent)r��rl��r��rq��r;��r1��r��r}��rt��list� agentEndpointr��r��r��)r3��r2��r��r��r&��ro��r'��connectionSecure��s�� z"_CommandTransport.connectionSecurec��C��sj��\|�j�r\|�j��\|�jdks\|�jdu�rdS�\|�jdkr"\|�jdur"\|�j}n\|�jdkr-ttd��}\|�j�\|��dS�)z� When the underlying connection to the SSH server is lost, if there were any connection setup errors, propagate them. Also, clean up the connection to the ssh agent if one was created. s��RUNNINGNr��r��z$Connection lost while authenticating)r��r��r��r��r��r ��r��r@��rA��r&��r&��r'��ri��s�� z _CommandTransport.connectionLost)r"��r#��r$��r%��r��r��r��r4��r��r��r��ri��r&��r&��r&��r'��r��s��r��c��@��sN��e�Zd�ZdZdd��Ze d dd��Zedd��Zd d ��Zdd��Z dS�)r��a�� L{SSHCommandClientEndpoint} exposes the command-executing functionality of SSH servers. L{SSHCommandClientEndpoint} can set up a new SSH connection, authenticate it in any one of a number of different ways (keys, passwords, agents), launch a command over that connection and then associate its input and output with a protocol. It can also re-use an existing, already-authenticated SSH connection (perhaps one which already has some SSH channels being used for other purposes). In this case it creates a new SSH channel to use to execute the command. Notably this means it supports multiplexing several different command invocations over a single SSH connection. c��C��s��\|\|�_�\|\|�_dS�)at�� @param creator: An L{_ISSHConnectionCreator} provider which will be used to set up the SSH connection which will be used to run a command. @type creator: L{_ISSHConnectionCreator} provider @param command: The command line to execute on the SSH server. This byte string is interpreted by a shell on the SSH server, so it may have a value like C{"ls /"}. Take care when trying to run a command like C{"/Volumes/My Stuff/a-program"} - spaces (and other special bytes) may require escaping. @type command: L{bytes} N)r6��r7��)r3��r;��r2��r&��r&��r'��r4��s�� z!SSHCommandClientEndpoint.__init__Nc��C��s$��t�\|\|\|\|\|\|\|\|\| \| � }\|�\|\|�S�)a�� Create and return a new endpoint which will try to create a new connection to an SSH server and run a command over it. It will also close the connection if there are problems leading up to the command being executed, after the command finishes, or if the connection L{Deferred} is cancelled. @param reactor: The reactor to use to establish the connection. @type reactor: L{IReactorTCP} provider @param command: See L{__init__}'s C{command} argument. @param username: The username with which to authenticate to the SSH server. @type username: L{bytes} @param hostname: The hostname of the SSH server. @type hostname: L{bytes} @param port: The port number of the SSH server. By default, the standard SSH port number is used. @type port: L{int} @param keys: Private keys with which to authenticate to the SSH server, if key authentication is to be attempted (otherwise L{None}). @type keys: L{list} of L{Key} @param password: The password with which to authenticate to the SSH server, if password authentication is to be attempted (otherwise L{None}). @type password: L{bytes} or L{None} @param agentEndpoint: An L{IStreamClientEndpoint} provider which may be used to connect to an SSH agent, if one is to be used to help with authentication. @type agentEndpoint: L{IStreamClientEndpoint} provider @param knownHosts: The currently known host keys, used to check the host key presented by the server we actually connect to. @type knownHosts: L{KnownHostsFile} @param ui: An object for interacting with users to make decisions about whether to accept the server host keys. If L{None}, a L{ConsoleUI} connected to /dev/tty will be used; if /dev/tty is unavailable, an object which answers C{b"no"} to all prompts will be used. @type ui: L{None} or L{ConsoleUI} @return: A new instance of C{cls} (probably L{SSHCommandClientEndpoint}). )�_NewConnectionHelper)�cls�reactorr2��r1��r��portrt��r}��r��r��r��helperr&��r&��r'�� newConnection��s��@� z&SSHCommandClientEndpoint.newConnectionc��C��s��t�\|�}\|�\|\|�S�)ar�� Create and return a new endpoint which will try to open a new channel on an existing SSH connection and run a command over it. It will B{not} close the connection if there is a problem executing the command or after the command finishes. @param connection: An existing connection to an SSH server. @type connection: L{SSHConnection} @param command: See L{SSHCommandClientEndpoint.newConnection}'s C{command} parameter. @type command: L{bytes} @return: A new instance of C{cls} (probably L{SSHCommandClientEndpoint}). )�_ExistingConnectionHelper)r��r-��r2��r��r&��r&��r'��existingConnectionl��s�� z+SSHCommandClientEndpoint.existingConnectionc��C��s��\|�j��}\|�\|�j\|��\|S�)a�� Set up an SSH connection, use a channel from that connection to launch a command, and hook the stdin and stdout of that command up as a transport for a protocol created by the given factory. @param protocolFactory: A L{Factory} to use to create the protocol which will be connected to the stdin and stdout of the command on the SSH server. @return: A L{Deferred} which will fire with an error if the connection cannot be set up for any reason or with the protocol instance created by C{protocolFactory} once it has been connected to the command. )r6��r+��r��_executeCommand)r3��r<��r��r&��r&��r'��r��s�� z SSHCommandClientEndpoint.connectc��s>��t��}��fdd�}\|�\|��t�j�j\|\|�}��\|��\|S�)a�� Given a secured SSH connection, try to execute a command in a new channel created on it and associate the result with a protocol from the given factory. @param connection: See L{SSHCommandClientEndpoint.existingConnection}'s C{connection} parameter. @param protocolFactory: See L{SSHCommandClientEndpoint.connect}'s C{protocolFactory} parameter. @return: See L{SSHCommandClientEndpoint.connect}'s return value. c��s��\|��t�}�j��\|��\|�S�r��)�checkr��r6��r/��)�passthroughr.��r-��r3��r&��r'��disconnectOnFailure��s�� zESSHCommandClientEndpoint._executeCommand.<locals>.disconnectOnFailure)r��r��r5��r6��r7��openChannel)r3��r-��r<��r=��r��channelr&��r��r'��r��s�� z(SSHCommandClientEndpoint._executeCommand)NNNNNN) r"��r#��r$��r%��r4��classmethodr��r��r��r��r&��r&��r&��r'��r��s��M r��c��@��s2��e�Zd�ZdZdd��Zdd��Zddd�Zd d ��ZdS�) � _ReadFilez� A weakly file-like object which can be used with L{KnownHostsFile} to respond in the negative to all prompts for decisions. c��C�� \|\|�_�dS�)zk @param contents: L{bytes} which will be returned from every C{readline} call. N�� _contents)r3��contentsr&��r&��r'��r4�� z_ReadFile.__init__c��C��r��)z6 No-op. @param data: ignored Nr&��rT��r&��r&��r'��write��r,��z_ReadFile.writerZ��c��C��s��\|�j�S�)z� Always give back the byte string that this L{_ReadFile} was initialized with. @param count: ignored @return: A fixed byte-string. @rtype: L{bytes} r��)r3��countr&��r&��r'��readline��s�� z_ReadFile.readlinec��C��r��)z No-op. Nr&��ro��r&��r&��r'��close��r,��z_ReadFile.closeN)rZ��)r"��r#��r$��r%��r4��r��r��r��r&��r&��r&��r'��r��s�� r��c��@��sL��e�Zd�ZdZeZdZed�fdd�Zdd��Ze dd ��Z d d��Zdd ��ZdS�)r��z� L{_NewConnectionHelper} implements L{_ISSHConnectionCreator} by establishing a brand new SSH connection, securing it, and authenticating. ��s��/dev/ttyc��C��sp��\|\|�_�\|\|�_\|dur \|\|�_\|\|�_\|\|�_\|\|�_\|\|�_\|\|�_\| du�r$\|��} \| \|�_ \| du�r0t \|�j�} \| \|�_\|\|�_ dS�)z� @param tty: The path of the tty device to use in case C{ui} is L{None}. @type tty: L{FilePath} @see: L{SSHCommandClientEndpoint.newConnection} N)r��r��r��r2��r1��rt��r}��r��_knownHostsr��r��_openerr��tty)r3��r��r��r��r2��r1��rt��r}��r��r��r��r��r&��r&��r'��r4��s �� z_NewConnectionHelper.__init__c��C��s��z\|�j��d�W�S��ty��td��Y�S�w�)z� Open the tty if possible, otherwise give back a file-like object from which C{b"no"} can be read. For use as the opener argument to L{ConsoleUI}. zrb+s��no)r��open� BaseExceptionr��ro��r&��r&��r'��r�� s ��z_NewConnectionHelper._openerc��C��s��t��tt\|�j��S�)z� @return: A L{KnownHostsFile} instance pointed at the user's personal I{known hosts} file. @rtype: L{KnownHostsFile} )r��fromPathr!��r��r ��)r��r&��r&��r'��r��s��z _NewConnectionHelper._knownHostsc��sD��t�\|��}\|j��t\|�jt\|�j�\|�j�}t\|\|�}\|��fdd��\|S�)aR�� Create and return a new SSH connection which has been secured and on which authentication has already happened. @return: A L{Deferred} which fires with the ready-to-use connection or with a failure if something prevents the connection from being setup, secured, or authenticated. c��s��S�r��r&��r��rn��r&��r'��r��3��r,��z7_NewConnectionHelper.secureConnection.<locals>.<lambda>) r��r��r��r��r��r��r��r��r��)r3��r�� sshClientr��r&��r��r'��r+��"��s�� z%_NewConnectionHelper.secureConnectionc��C��s"��\|r \|j�j��dS�\|j��dS�)ab�� Clean up the connection by closing it. The command running on the endpoint has ended so the connection is no longer needed. @param connection: The L{SSHConnection} to close. @type connection: L{SSHConnection} @param immediate: Whether to close connection immediately. @type immediate: L{bool}. N)rN��r��r��r3��r-��r.��r&��r&��r'��r/��6��s��z&_NewConnectionHelper.cleanupConnectionN) r"��r#��r$��r%��r ��r��r!��r4��r��r��r��r+��r/��r&��r&��r&��r'��r��s�� & r��c��@��s(��e�Zd�ZdZdd��Zdd��Zdd��ZdS�) r��z� L{_ExistingConnectionHelper} implements L{_ISSHConnectionCreator} by handing out an existing SSH connection which is supplied to its initializer. c��C��r��)z~ @param connection: See L{SSHCommandClientEndpoint.existingConnection}'s C{connection} parameter. N)r-��)r3��r-��r&��r&��r'��r4��Q��r��z"_ExistingConnectionHelper.__init__c��C��r{��)z~ @return: A L{Deferred} that fires synchronously with the already-established connection object. )r��r-��ro��r&��r&��r'��r+��X��s�� z_ExistingConnectionHelper.secureConnectionc��C��r��)a\|�� Do not do any cleanup on the connection. Leave that responsibility to whatever code created it in the first place. @param connection: The L{SSHConnection} which will not be modified in any way. @type connection: L{SSHConnection} @param immediate: An argument which will be ignored. @type immediate: L{bool}. Nr&��r��r&��r&��r'��r/��`��r,��z+_ExistingConnectionHelper.cleanupConnectionN)r"��r#��r$��r%��r4��r+��r/��r&��r&��r&��r'��r��I��s ��r��)Ar%��__all__rb��os.pathr��structr��zope.interfacer��r��twisted.conch.client.agentr ��twisted.conch.client.defaultr ��twisted.conch.client.knownhostsr��r��twisted.conch.ssh.channelr ��twisted.conch.ssh.commonr��r��twisted.conch.ssh.connectionr��twisted.conch.ssh.keysr��twisted.conch.ssh.transportr��twisted.conch.ssh.userauthr��twisted.internet.deferr��r��r��twisted.internet.endpointsr��r��twisted.internet.errorr��r��twisted.internet.interfacesr��twisted.internet.protocolr��twisted.loggerr��twisted.python.compatr��r��twisted.python.failurer ��twisted.python.filepathr!�� Exceptionr��r)��r��r5��rl��rq��r��r��r��r��r��r&��r&��r&��r'��<module>��sP��lt�:&n��__pycache__/unix.cpython-310.pyc��0000644��00000041053�15027667726�0012465 0��ustar�00��o ��b�@��@��s��d�Z�ddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl mZ�ddlm Z �ddlmZ�ddlmZ�ddlmZmZmZ�ddlmZ�dd lmZmZmZ�dd lmZmZmZm Z m!Z!m"Z"�ddl#m$Z$�ddl%m&Z&�dd l'm(Z(�ddl)mZ�ddl+m,Z,�zddl-Z-W�n�e.y��dZ-Y�nw�ee$j/�G�dd��d��Z0G�dd��de�Z1ee�G�dd��d��Z2ee�G�dd��d��Z3ee�G�dd��d��Z4G�dd��d�Z5e�6e3e1ej��e�6e2e1ej��dS�)z A UNIX SSH server. ��N)�implementer)�ttymodes)� ConchUser)� ConchError)�ISession� ISFTPFile�ISFTPServer)�lsLine)�filetransfer� forwarding�session)� FXF_APPEND� FXF_CREAT�FXF_EXCL�FXF_READ� FXF_TRUNC� FXF_WRITE)�portal)�ProcessExitedAlready)�Logger)� components)�nativeStringc��@��s��e�Zd�Zdd��ZdS�)�UnixSSHRealmc��G��s��t�\|�}\|d�\|\|jfS��Nr��)� UnixConchUser�logout)�self�username�mind� interfaces�user��r!��4/usr/lib/python3/dist-packages/twisted/conch/unix.py� requestAvatar0��s��zUnixSSHRealm.requestAvatarN)�__name__� __module__�__qualname__r#��r!��r!��r!��r"��r��.��s��r��c��@��sT��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dd��Z dd��ZdS�)r��c��C��s��t��\|��\|\|�_t�\|�j�\|�_\|�jd�g}t��D�]\}}}}\|\|v�r(\|�\|��q\|\|�_ i�\|�_ \|�j�t jtjd��\|�j�dtji��d�S�)N��)s��sessions��direct-tcpips��sftp)r��__init__r��pwd�getpwnam�pwdData�grp�getgrall�append�otherGroups� listeners� channelLookup�updater�� SSHSessionr��openConnectForwardingClient�subsystemLookupr ��FileTransferServer)r��r��l� groupname�password�gid�userlistr!��r!��r"��r(��6��s �� zUnixConchUser.__init__c��C��s��\|�j�dd��S�)N��r+��r��r!��r!��r"��getUserGroupIdI��s��zUnixConchUser.getUserGroupIdc��C��s��\|�j�S��N)r/��r?��r!��r!��r"��getOtherGroupsL��s��zUnixConchUser.getOtherGroupsc��C�� \|�j�d�S�)N��r>��r?��r!��r!��r"�� getHomeDirO�� zUnixConchUser.getHomeDirc��C��rC��)N��r>��r?��r!��r!��r"��getShellR��rF��zUnixConchUser.getShellc��C��s��t��\|�\}}ddlm}�z\|�j\|j\|t��\|�j\|\|ft�j�\|d�}W�n �t y,��Y�dS�w�\|\|�j \|\|f<�\|dkrF\|��d�}dt� d\|�fS�dS�)Nr��reactor)� interfacer<��z>L)r��unpackGlobal_tcpip_forward�twisted.internetrJ�� _runAsUser� listenTCP�SSHListenForwardingFactory�conn� SSHListenServerForwardingChannel� BaseExceptionr0��getHost�struct�pack)r��data� hostToBind� portToBindrJ��listenerr!��r!��r"��global_tcpip_forwardU��s�� z"UnixConchUser.global_tcpip_forwardc��C��sD��t��\|�\}}\|�j�\|\|fd��}\|sdS�\|�j\|\|f=�\|��\|j��dS�)Nr��rL��)r��rM��r0��getrO�� stopListening)r��rX��rY��rZ��r[��r!��r!��r"��global_cancel_tcpip_forwardn��s��z)UnixConchUser.global_cancel_tcpip_forwardc��C��s:��\|�j��D�]}\|��\|j��q\|�jjd\|�jt\|�j��d��d�S�)Nz,avatar {username} logging out ({nlisteners}))r�� nlisteners)r0��valuesrO��r^��_log�infor��len)r��r[��r!��r!��r"��r��w��s�� zUnixConchUser.logoutc�� O��sD��t��}t��}t��}\|��\}}t��d��t��d��t��\|��t��\|��t��\|��zt \|�}W�n�t yB��\|\|\|fg}Y�nw�zD\|D�]%} \| d�} t\| �dkrV\| d�pWd}t\| �dkrb\| d�pci�}\| \|i�\|��}qFW�t��d��t��d��t��\|��t��\|��t��\|��\|S�t��d��t��d��t��\|��t��\|��t��\|��w�)Nr��rL��r!��r<��)�os�geteuid�getegid� getgroupsr@��setegid�seteuid� setgroupsrB��iter� TypeErrorrd��)r��f�args�kw�euid�egid�groups�uidr:��i�func�rr!��r!��r"��rO��s@�� zUnixConchUser._runAsUserN)r$��r%��r&��r(��r@��rB��rE��rH��r\��r_��r��rO��r!��r!��r!��r"��r��5��s�� r��c��@��sn��e�Zd�Ze��Zddd�Zddd�Zdd��Zd d ��Zdd��Z d d��Z dd��Zdd��Zdd��Z dd��Zdd��ZdS�)�SSHSessionForUnixConchUserNc��C��s:��\|du�r ddl�m}�\|\|�_\|\|�_ddi\|�_d\|�_d\|�_dS�)a�� Construct an C{SSHSessionForUnixConchUser}. @param avatar: The L{UnixConchUser} for whom this is an SSH session. @param reactor: An L{IReactorProcess} used to handle shell and exec requests. Uses the default reactor if None. Nr��rI��PATHz/bin:/usr/bin:/usr/local/bin)rN��rJ��_reactor�avatar�environ�pty�ptyTuple)r��r{��rJ��r!��r!��r"��r(��s�� z#SSHSessionForUnixConchUser.__init__rL��c��C��s��t�sd�S�\|�jjjj��j}t�dt� \|��\}\|�j d�dd��}t��}t\|�}t\|\|�d��}t�� }\|r9t�jp;t�j\|_\|�jj\|_\|\|_\|dd��\|_\|\|f\|_\|rg\|�jj\|_t�\|�d�\|_\|dddf\|_t��t�j�} \| �\|��\| ��t��t�j �} \| �\|��\| ��d�S�)N�Lr<��rD��g��.A��r��)!�utmpr{��rR�� transport�getPeer�hostrV��unpack�socket� inet_atonr~��time�int� UtmpEntry�USER_PROCESS�DEAD_PROCESS�ut_typer}��pid�ut_pid�ut_line�ut_id�ut_tvr��ut_user� gethostbyaddr�ut_host� ut_addr_v6� UtmpRecord� UTMP_FILE� pututline�endutent� WTMP_FILE)r��loggedIn� ipAddress�packedIp�ttyName�t�t1�t2�entry�a�br!��r!��r"��addUTMPEntry��s0�� z'SSHSessionForUnixConchUser.addUTMPEntryc��C��sF��\|\|�j�d<�\|\|�_\|\|�_t��\}}t�\|�}\|\|�j�d<�\|\|\|f\|�_d�S�)N�TERM�SSH_TTY)r\|��winSize�modesr}��openptyre��ttynamer~��)r��term� windowSizer��master�slaver��r!��r!��r"��getPty��s�� z!SSHSessionForUnixConchUser.getPtyc�� C��sB��\|�j�s \|�j�d��td��\|�j��\}}\|�j��}\|�j��}\|�jj\|�j d<�\|\|�j d<�\|\|�j d<�t j�\|�}\|�jj jj��}\|�jj jj��}\|j��d\|j��d\|j��\|�j d<�\|��\|�jj\|\|d\|��g\|�j \|\|\|\|�j�d �\|�_\|��t�\|�j��tjtjd g\|�j�R��\|�j r�\|��!��\|jj"\|�_#\|�j$\|j_"\|�jj jj�%d��d�S�)Nz'tried to get shell without pty, failingzno pty�USER�HOME�SHELL� � SSH_CLIENT�-��usePTY�4HrL��)&r~��rb��errorr��r{��r@��rE��rH��r��r\|��re��path�basenamerR��r��r��rU��r��port�getPtyOwnershiprz��spawnProcessr}��r��fcntl�ioctl�fileno�tty� TIOCSWINSZrV��rW��r��r��setModes�write�oldWrite� _writeHack� setTcpNoDelay) r��protort��r:��homeDir�shell� shellExec�peerr��r!��r!��r"�� openShell��s>�� & z$SSHSessionForUnixConchUser.openShellc�� C��s��\|�j��\}}\|�j��}\|�j��pd}\|\|�jd<�\|d\|f}\|�j�jjj��}\|�j�jjj��} \|j ��d\|j ��d\| j ��\|�jd<�\|�jrD\|��\|�j j\|\|\|\|�j\|\|\|\|�jpSdd�\|�_\|�jre\|��\|�jre\|��\|�j�jjj�d��d�S�) Nz/bin/shr��z-cr��r��r��r��rL��)r{��r@��rE��rH��r\|��rR��r��r��rU��r��r��r~��r��rz��r��r}��r��r��r��r��) r��r��cmdrt��r:��r��r��commandr��r��r!��r!��r"��execCommand��s2�� z&SSHSessionForUnixConchUser.execCommandc�� C��s��t��\|�jd��d�}\|�j��\}}t��t��}}t��d��t��d��zt�� \|�jd�\|\|��W�t��\|��t��\|��d�S�t��\|��t��\|��w�)Nr<��rD��r��) re��statr~��r{��r@��rf��rg��ri��rj��chown)r��ttyGidrt��r:��rq��rr��r!��r!��r"��r��s�� zSSHSessionForUnixConchUser.getPtyOwnershipc�� C��s��\|�j�}t�\|��}\|�jD�]n\}}\|tjvrq tj\|�}t\|�dkrF\|\}}tt\|�s,q t t\|�}\|r<\|\|�\|B�\|\|<�q \|\|�\|�@�\|\|<�q \|dkrVt td\|��\|tj <�q \|dkrft td\|��\|tj<�q tt\|�slq t t\|�}t\|f�\|tj �\|<�q t�\|��tj\|��d�S�)Nr<��OSPEED�B�ISPEED)r}��r�� tcgetattrr��r��r��TTYMODESrd��hasattr�getattrr��r��bytes�CC� tcsetattr�TCSANOW) r��r}��attr�mode� modeValue�ttyMode�flag�ttyAttr�ttyvalr!��r!��r"��r��s.�� z#SSHSessionForUnixConchUser.setModesc��C��s��\|�j�r \|�j��d�S�d�S�rA��)r}�� closeStdinr?��r!��r!��r"��eofReceived8��s��z&SSHSessionForUnixConchUser.eofReceivedc�� C��s��\|�j�r tj�\|�j�d��r t�\|�j�d��d�}t�\|�j�d�d\|��\|�jrAz\|�j�d��W�n�tt fy6��Y�nw�\|�j� ��\|��d��\|�j� d��d�S�)Nr<��rD��r��HUPzshell closed)r~��re��r��existsr��r��r}�� signalProcess�OSErrorr��loseConnectionr��rb��rc��)r��ttyGIDr!��r!��r"��closed<��s�� z!SSHSessionForUnixConchUser.closedc��C��s0��\|\|�_�t�\|�j��tjtjdg\|�j��R��d�S�)Nr��) r��r��r��r}��r��r��r��rV��rW��)r��r��r!��r!��r"�� windowChangedI��s��z(SSHSessionForUnixConchUser.windowChangedc��C��s\��\|�j�dur't�\|�j��d�}\|tj@�s'\|tj@�r'\|�jjj� ddt \|��\|��\|��dS�)zF Hack to send ignore messages when we aren't echoing. Nr'��)r}��r��r��r��ECHO�ICANONr{��rR��r�� sendIgnorerd��r��)r��rX��r��r!��r!��r"��r��M��s �� z%SSHSessionForUnixConchUser._writeHackrA��)rL��)r$��r%��r&��r��rb��r(��r��r��r��r��r��r��r��r��r��r��r!��r!��r!��r"��rx��s�� ! rx��c��@��s��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dd��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd ��Zd!d"��Zd#S�)$�SFTPServerForUnixConchUserc��C��s ��\|\|�_�d�S�rA��)r{��)r��r{��r!��r!��r"��r(��Z��rF��z#SFTPServerForUnixConchUser.__init__c��C��sr��d\|v�rd\|v�rt��\|\|d�\|d��d\|v�rt��\|\|d��d\|v�r5d\|v�r7t��\|\|d�\|d�f��dS�dS�dS�)zl NOTE: this function assumes it runs as the logged-in user: i.e. under _runAsUser() rt��r:��permissions�atime�mtimeN)re��r��chmod�utime�r��r��attrsr!��r!��r"�� _setAttrs]��s��z$SFTPServerForUnixConchUser._setAttrsc��C��s&��\|j�\|j\|j\|jt\|j�t\|j�d�S�)N)�sizert��r:��r��r��r��)�st_size�st_uid�st_gid�st_moder��st_atime�st_mtime�r��sr!��r!��r"�� _getAttrsi��s��z$SFTPServerForUnixConchUser._getAttrsc��C��s"��\|�j��}tj�t\|j�t\|��S�rA��)r{��rE��re��r��joinr��)r��r��homer!��r!��r"��_absPaths��s�� z#SFTPServerForUnixConchUser._absPathc��C��s��i�S�rA��r!��)r��otherVersion�extDatar!��r!��r"�� gotVersionw��z%SFTPServerForUnixConchUser.gotVersionc��C��s��t�\|�\|��\|�\|\|�S�rA��)�UnixSFTPFiler ��)r��filename�flagsr��r!��r!��r"��openFilez��z#SFTPServerForUnixConchUser.openFilec��C��\|��\|�}\|�j�tj\|�S�rA��)r ��r{��rO��re��remove)r��r��r!��r!��r"�� removeFile}�� z%SFTPServerForUnixConchUser.removeFilec��C��s&��\|��\|�}\|��\|�}\|�j�tj\|\|�S�rA��)r ��r{��rO��re��rename)r��oldpath�newpathr!��r!��r"�� renameFile�� z%SFTPServerForUnixConchUser.renameFilec��C��s,��\|��\|�}\|�j�tj\|ff\|�j\|\|ffg�S�rA��)r ��r{��rO��re��mkdirr��r��r!��r!��r"�� makeDirectory��s�� z(SFTPServerForUnixConchUser.makeDirectoryc��C��s��\|��\|�}\|�j�tj\|��d�S�rA��)r ��r{��rO��re��rmdir�r��r��r!��r!��r"��removeDirectory��s�� zSFTPServerForUnixConchUser.removeDirectoryc��C��s��t�\|�\|��\|��S�rA��)�UnixSFTPDirectoryr ��r#��r!��r!��r"�� openDirectory��s��z(SFTPServerForUnixConchUser.openDirectoryc��C��s:��\|��\|�}\|r\|�j�tj\|�}n\|�j�tj\|�}\|��\|�S�rA��)r ��r{��rO��re��r��lstatr ��)r��r��followLinksr ��r!��r!��r"��getAttrs��s �� z#SFTPServerForUnixConchUser.getAttrsc��C��s ��\|��\|�}\|�j�\|�j\|\|��d�S�rA��)r ��r{��rO��r��r��r!��r!��r"��setAttrs��s�� z#SFTPServerForUnixConchUser.setAttrsc��C��r��rA��)r ��r{��rO��re��readlinkr#��r!��r!��r"��readLink��r��z#SFTPServerForUnixConchUser.readLinkc��C��s&��\|��\|�}\|��\|�}\|�j�tj\|\|�S�rA��)r ��r{��rO��re��symlink)r��linkPath� targetPathr!��r!��r"��makeLink��r��z#SFTPServerForUnixConchUser.makeLinkc��C��s��t�j�\|��\|��S�rA��)re��r��realpathr ��r#��r!��r!��r"��realPath��s��z#SFTPServerForUnixConchUser.realPathc��C��t��rA��NotImplementedError)r��extNamer��r!��r!��r"��extendedRequest��r��zSFTPServerForUnixConchUser.extendedRequestN)r$��r%��r&��r(��r��r ��r ��r��r��r��r��r!��r$��r&��r)��r��r,��r0��r2��r7��r!��r!��r!��r"��r��X��s$�� r��c��@��s<��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd S�)r��c��C��s��\|\|�_�d}\|t@�tkr\|t@�dkrtj}\|t@�tkr#\|t@�dkr#tj}\|t@�tkr2\|t@�tkr2tj}\|t@�tkr=\|tjO�}\|t @�t krH\|tj O�}\|t@�tkrS\|tjO�}\|t @�t kr^\|tjO�}d\|v�rj\|d�}\|d=�nd}\|j�tj\|\|\|�}\|r�\|j�\|j\|\|��\|\|�_d�S�)Nr��r��i��)�serverr��r��re��O_RDONLY�O_WRONLY�O_RDWRr ��O_APPENDr��O_CREATr��O_TRUNCr��O_EXCLr{��rO��openr��fd)r��r8��r��r��r�� openFlagsr��rA��r!��r!��r"��r(��s0�� zUnixSFTPFile.__init__c��C��s��\|�j�j�tj\|�j�S�rA��)r8��r{��rO��re��closerA��r?��r!��r!��r"��rC��r��zUnixSFTPFile.closec��C��,��\|�j�j�tj\|�j\|dfftj\|�j\|ffg�S�r��)r8��r{��rO��re��lseekrA��read)r��offset�lengthr!��r!��r"�� readChunk�� zUnixSFTPFile.readChunkc��C��rD��r��)r8��r{��rO��re��rE��rA��r��)r��rG��rX��r!��r!��r"�� writeChunk��rJ��zUnixSFTPFile.writeChunkc��C��s ��\|�j�j�tj\|�j�}\|�j��\|�S�rA��)r8��r{��rO��re��fstatrA��r ��r��r!��r!��r"��r)��s��zUnixSFTPFile.getAttrsc��C��r3��rA��r4��)r��r��r!��r!��r"��r��r��zUnixSFTPFile.setAttrsN) r$��r%��r&��r(��rC��rI��rK��r)��r��r!��r!��r!��r"��r��s��r��c��@��s0��e�Zd�Zdd��Zdd��Zdd��ZeZdd��Zd S�) r%��c��C��s"��\|\|�_�\|j�tj\|�\|�_\|\|�_d�S�rA��)r8��r{��rO��re��listdir�files�dir)r��r8�� directoryr!��r!��r"��r(��s�� zUnixSFTPDirectory.__init__c��C��s��\|�S�rA��r!��r?��r!��r!��r"��__iter__��r��zUnixSFTPDirectory.__iter__c��C��sb��z\|�j��d�}W�n �ty��t�w�\|�jj�tjtj � \|�j\|��}t\|\|�}\|�j� \|�}\|\|\|fS�r��)rN��pop� IndexError� StopIterationr8��r{��rO��re��r'��r��r��rO��r ��r ��)r��rn��r ��longnamer��r!��r!��r"��__next__��s�� zUnixSFTPDirectory.__next__c��C��s ��g�\|�_�d�S�rA��)rN��r?��r!��r!��r"��rC��rF��zUnixSFTPDirectory.closeN)r$��r%��r&��r(��rQ��rV��nextrC��r!��r!��r!��r"��r%��s��r%��)7�__doc__r��r,��re��r}��r)��r��rV��r��r��zope.interfacer�� twisted.conchr��twisted.conch.avatarr��twisted.conch.errorr��twisted.conch.interfacesr��r��r��twisted.conch.lsr ��twisted.conch.sshr ��r��r��twisted.conch.ssh.filetransferr ��r��r��r��r��r��twisted.credr��twisted.internet.errorr��twisted.loggerr��twisted.pythonr��twisted.python.compatr��r��ImportError�IRealmr��r��rx��r��r��r%��registerAdapterr!��r!��r!��r"��<module>��sV�� i�:V1��__pycache__/ttymodes.cpython-310.pyc��0000644��00000004315�15027667726�0013352 0��ustar�00��o ��b��@��s��d�dl�Z�dZdZdZdZdZdZdZd Zd Z dZ dZd ZdZ dZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZd Zd!Z d"Z!d#Z"d$Z#d%Z$d&Z%d'Z&d(Z'd)Z(dZ)d+Zd,Z+d-Z,d.Z-d/Z.d0Z/d1Z0d2Z1d3Z2d4Z3d5Z4d6Z5d7Z6d8Z7i�dd9�dd:�dd;�dd<�dd=�dd>�dd?�d d@�d dA�ddB�ddC�d dD�ddE�ddF�ddG�ddH�ddI�i�ddJ�de�j8dKf�de�j8dLf�de�j8dMf�de�j8dNf�de�j8dOf�de�j8dPf�de�j8dQf�de�j8dRf�de�j8dSf�de�j8dTf�de�j8dUf�de�j8dVf�d e�j9dWf�d!e�j9dXf�d"e�j9dYf�d#e�j9dZf��i�d$e�j9d[f�d%e�j9d\f�d&e�j9d]f�d'e�j9d^f�d(e�j9d_f�d)e�j9d`f�de�j9daf�d+e�j9dbf�d,e�j9dcf�d-e�j:ddf�d.e�j:def�d/e�j:dff�d0e�j:dgf�d1e�j:dhf�d2e�j:dif�d5e�j;djf�d6e�j;dkf��dldmdn��Z<dS�)o��N�� !��"��#��$��%��&��'��(��)��2��3��4��5��6��7��8��9��:��;��<��=��>��F��G��H��I��J��K��Z��[��\��]��VINTR�VQUIT�VERASE�VKILL�VEOF�VEOL�VEOL2�VSTART�VSTOP�VSUSP�VDSUSP�VREPRINT�VWERASE�VLNEXT�VFLUSH�VSWTCH�VSTATUS�VDISCARD�IGNPAR�PARMRK�INPCK�ISTRIP�INLCR�IGNCR�ICRNL�IUCLC�IXON�IXANY�IXOFF�IMAXBEL�ISIG�ICANON�XCASE�ECHO�ECHOE�ECHOK�ECHONL�NOFLSH�TOSTOP�IEXTEN�ECHOCTL�ECHOKE�PENDIN�OPOST�OLCUC�ONLCR�OCRNL�ONOCR�ONLRET�PARENB�PARODD�ISPEED�OSPEED)r7��r8��)=�ttyr9��r:��r;��r<��r=��r>��r?��r@��rA��rB��rC��rD��rE��rF��rG��rH��rI��rJ��rK��rL��rM��rN��rO��rP��rQ��rR��rS��rT��rU��rV��rW��rX��rY��rZ��r[��r\��r]��r^��r_��r`��ra��rb��rc��rd��re��rf��rg��rh��ri��CS7�CS8rj��rk�� TTY_OP_ISPEED� TTY_OP_OSPEED�IFLAG�LFLAG�OFLAG�CFLAG�TTYMODES��rx��rx��8/usr/lib/python3/dist-packages/twisted/conch/ttymodes.py�<module>��sD�� !� "� #� $� %� &� '� (� )� � +� ,� -� .� /� 0� 1� 4� 5�6��__pycache__/error.cpython-310.pyc��0000644��00000006720�15027667726�0012635 0��ustar�00��o ��bc ��@��s��d�Z�ddlmZ�G�dd��de�ZG�dd��de�ZG�dd��de�ZG�d d ��d e�ZG�dd��de�ZG�d d��de�Z G�dd��de�Z G�dd��de�ZdS�)zO An error to represent bad things happening in Conch. Maintainer: Paul Swartz ��)�UnauthorizedLoginc��@��s��e�Zd�Zddd�ZdS�)� ConchErrorNc��C��s��t��\|�\|\|��\|\|�_\|\|�_d�S��N)� Exception�__init__�value�data)�selfr��r��r ��5/usr/lib/python3/dist-packages/twisted/conch/error.pyr��s�� zConchError.__init__r��)�__name__� __module__�__qualname__r��r ��r ��r ��r��r��s��r��c��@��e�Zd�ZdZdS�)�NotEnoughAuthenticationz� This is thrown if the authentication is valid, but is not enough to successfully verify the user. i.e. don't retry this type of authentication, try another one. N�r��r ��r��__doc__r ��r ��r ��r��r��r��c��@��r��)�ValidPublicKeya�� Raised by public key checkers when they receive public key credentials that don't contain a signature at all, but are valid in every other way. (e.g. the public key matches one in the user's authorized_keys file). Protocol code (eg L{SSHUserAuthServer<twisted.conch.ssh.userauth.SSHUserAuthServer>}) which attempts to log in using L{ISSHPrivateKey<twisted.cred.credentials.ISSHPrivateKey>} credentials should be prepared to handle a failure of this type by telling the user to re-authenticate using the same key and to include a signature with the new attempt. See U{http://www.ietf.org/rfc/rfc4252.txt} section 7 for more details. Nr��r ��r ��r ��r��r��r��r��c��@��r��)�IgnoreAuthenticationzq This is thrown to let the UserAuthServer know it doesn't need to handle the authentication anymore. Nr��r ��r ��r ��r��r��/��r��r��c��@��r��)�MissingKeyStoreErrorz� Raised if an SSHAgentServer starts receiving data without its factory providing a keys dict on which to read/write key data. Nr��r ��r ��r ��r��r��6��r��r��c��@��r��)�UserRejectedKeyz0 The user interactively rejected a key. Nr��r ��r ��r ��r��r��=��r��r��c��@��r��)�InvalidEntryzS An entry in a known_hosts file could not be interpreted as a valid entry. Nr��r ��r ��r ��r��r��C��r��r��c��@��s��e�Zd�ZdZdd��ZdS�)�HostKeyChangeda�� The host key of a remote host has changed. @ivar offendingEntry: The entry which contains the persistent host key that disagrees with the given host key. @type offendingEntry: L{twisted.conch.interfaces.IKnownHostEntry} @ivar path: a reference to the known_hosts file that the offending entry was loaded from @type path: L{twisted.python.filepath.FilePath} @ivar lineno: The line number of the offending entry in the given path. @type lineno: L{int} c��C��s ��t��\|��\|\|�_\|\|�_\|\|�_d�S�r��)r��r��offendingEntry�path�lineno)r ��r��r��r��r ��r ��r��r��\��s�� zHostKeyChanged.__init__N)r��r ��r��r��r��r ��r ��r ��r��r��I��s��r��N)r��twisted.cred.errorr��r��r��r��r��r��r��r��r��r��r ��r ��r ��r��<module>��s��__pycache__/interfaces.cpython-310.pyc��0000644��00000043564�15027667726�0013636 0��ustar�00��o ��bF:��@��s��d�Z�ddlmZmZ�G�dd��de�ZG�dd��de�ZG�dd��de�ZG�d d ��d e�ZG�dd��de�Z G�d d��de�Z G�dd��de�ZdS�)zK This module contains interfaces defined for the L{twisted.conch} package. ��)� Attribute� Interfacec��@��s0��e�Zd�ZdZed�Zdd��Zdd��Zdd��Zd S�) � IConchUserz� A user who has been authenticated to Cred through Conch. This is the interface between the SSH connection and the user. z'The SSHConnection object for this user.c��C��dS�)a�� The other side requested a channel of some sort. C{channelType} is the type of channel being requested, as an ssh connection protocol channel type. C{data} is any other packet data (often nothing). We return a subclass of L{SSHChannel<ssh.channel.SSHChannel>}. If the channel type is unknown, we return C{None}. For other failures, we raise an exception. If a L{ConchError<error.ConchError>} is raised, the C{.value} will be the message, and the C{.data} will be the error code. @param channelType: The requested channel type @type channelType: L{bytes} @param windowSize: The initial size of the remote window @type windowSize: L{int} @param maxPacket: The largest packet we should send @type maxPacket: L{int} @param data: Additional request data @type data: L{bytes} @rtype: a subclass of L{SSHChannel} or L{None} N��)�channelType� windowSize� maxPacket�datar��r��:/usr/lib/python3/dist-packages/twisted/conch/interfaces.py� lookupChannel��zIConchUser.lookupChannelc��C��r��)a�� The other side requested a subsystem. We return a L{Protocol} implementing the requested subsystem. If the subsystem is not available, we return C{None}. @param subsystem: The name of the subsystem being requested @type subsystem: L{bytes} @param data: Additional request data (often nothing) @type data: L{bytes} @rtype: L{Protocol} or L{None} Nr��)� subsystemr ��r��r��r��lookupSubsystem-��r ��zIConchUser.lookupSubsystemc��C��r��)a�� A global request was sent from the other side. We return a true value on success or a false value on failure. If we indicate success by returning a tuple, its second item will be sent to the other side as additional response data. @param requestType: The type of the request @type requestType: L{bytes} @param data: Additional request data @type data: L{bytes} @rtype: boolean or L{tuple} Nr��)�requestTyper ��r��r��r��gotGlobalRequest;��r ��zIConchUser.gotGlobalRequestN) �__name__� __module__�__qualname__�__doc__r��connr��r��r��r��r��r��r��r��s��r��c��@��s<��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd S�)�ISessionc��C��r��)z� Get a pseudo-terminal for use by a shell or command. If a pseudo-terminal is not available, or the request otherwise fails, raise an exception. Nr��)�termr��modesr��r��r��getPtyL��r ��zISession.getPtyc��C��r��)zm Open a shell and connect it to proto. @param proto: a L{ProcessProtocol} instance. Nr��)�protor��r��r�� openShellT��r ��zISession.openShellc��C��r��)zZ Execute a command. @param proto: a L{ProcessProtocol} instance. Nr��)r��commandr��r��r��execCommand[��r ��zISession.execCommandc��C��r��)zH Called when the size of the remote screen has changed. Nr��)� newWindowSizer��r��r�� windowChangedb��r ��zISession.windowChangedc��C��r��)zU Called when the other side has indicated no more data will be sent. Nr��r��r��r��r��eofReceivedg��r ��zISession.eofReceivedc��C��r��)z4 Called when the session is closed. Nr��r��r��r��r��closedl��r ��zISession.closedN) r��r��r��r��r��r��r ��r!��r"��r��r��r��r��r��K��s��r��c��@��s��e�Zd�ZdZdS�)�EnvironmentVariableNotPermittedzCSetting this environment variable in this session is not permitted.N)r��r��r��r��r��r��r��r��r#��r��s��r#��c��@��s��e�Zd�ZdZdd��ZdS�)�ISessionSetEnvz-A session that can set environment variables.c��C��r��)a�� Set an environment variable for the shell or command to be started. From U{RFC 4254, section 6.4 <https://tools.ietf.org/html/rfc4254#section-6.4>}: "Uncontrolled setting of environment variables in a privileged process can be a security hazard. It is recommended that implementations either maintain a list of allowable variable names or only set environment variables after the server process has dropped sufficient privileges." (OpenSSH refuses all environment variables by default, but has an C{AcceptEnv} configuration option to select specific variables to accept.) @param name: The name of the environment variable to set. @type name: L{bytes} @param value: The value of the environment variable to set. @type value: L{bytes} @raise EnvironmentVariableNotPermitted: if setting this environment variable is not permitted. Nr��)�name�valuer��r��r��setEnvy��r ��zISessionSetEnv.setEnvN)r��r��r��r��r'��r��r��r��r��r$��v��s��r$��c��@��s��e�Zd�ZdZed�Zdd��Zdd��Zdd��Zd d ��Z dd��Z d d��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��ZdS�)�ISFTPServerz� SFTP subsystem for server-side communication. Each method should check to verify that the user has permission for their actions. z} The avatar returned by the Realm that we are authenticated with, and represents the logged-in user. c��C��s��i�S�)a�� Called when the client sends their version info. otherVersion is an integer representing the version of the SFTP protocol they are claiming. extData is a dictionary of extended_name : extended_data items. These items are sent by the client to indicate additional features. This method should return a dictionary of extended_name : extended_data items. These items are the additional features (if any) supported by the server. r��)�otherVersion�extDatar��r��r�� gotVersion��s�� zISFTPServer.gotVersionc��C��r��)aD�� Called when the clients asks to open a file. @param filename: a string representing the file to open. @param flags: an integer of the flags to open the file with, ORed together. The flags and their values are listed at the bottom of L{twisted.conch.ssh.filetransfer} as FXF_. @param attrs: a list of attributes to open the file with. It is a dictionary, consisting of 0 or more keys. The possible keys are:: size: the size of the file in bytes uid: the user ID of the file as an integer gid: the group ID of the file as an integer permissions: the permissions of the file with as an integer. the bit representation of this field is defined by POSIX. atime: the access time of the file as seconds since the epoch. mtime: the modification time of the file as seconds since the epoch. ext_: extended attributes. The server is not required to understand this, but it may. NOTE: there is no way to indicate text or binary files. it is up to the SFTP client to deal with this. This method returns an object that meets the ISFTPFile interface. Alternatively, it can return a L{Deferred} that will be called back with the object. Nr��)�filename�flags�attrsr��r��r��openFile��r ��zISFTPServer.openFilec��C��r��)z� Remove the given file. This method returns when the remove succeeds, or a Deferred that is called back when it succeeds. @param filename: the name of the file as a string. Nr��)r,��r��r��r�� removeFile��r ��zISFTPServer.removeFilec��C��r��)aa�� Rename the given file. This method returns when the rename succeeds, or a L{Deferred} that is called back when it succeeds. If the rename fails, C{renameFile} will raise an implementation-dependent exception. @param oldpath: the current location of the file. @param newpath: the new file name. Nr��)�oldpath�newpathr��r��r�� renameFile��r ��zISFTPServer.renameFilec��C��r��)a{�� Make a directory. This method returns when the directory is created, or a Deferred that is called back when it is created. @param path: the name of the directory to create as a string. @param attrs: a dictionary of attributes to create the directory with. Its meaning is the same as the attrs in the L{openFile} method. Nr��pathr.��r��r��r�� makeDirectory��r ��zISFTPServer.makeDirectoryc��C��r��)a:�� Remove a directory (non-recursively) It is an error to remove a directory that has files or directories in it. This method returns when the directory is removed, or a Deferred that is called back when it is removed. @param path: the directory to remove. Nr��r5��r��r��r��removeDirectory��r ��zISFTPServer.removeDirectoryc��C��r��)a�� Open a directory for scanning. This method returns an iterable object that has a close() method, or a Deferred that is called back with same. The close() method is called when the client is finished reading from the directory. At this point, the iterable will no longer be used. The iterable should return triples of the form (filename, longname, attrs) or Deferreds that return the same. The sequence must support __getitem__, but otherwise may be any 'sequence-like' object. filename is the name of the file relative to the directory. logname is an expanded format of the filename. The recommended format is: -rwxr-xr-x 1 mjos staff 348911 Mar 25 14:29 t-filexfer 1234567890 123 12345678 12345678 12345678 123456789012 The first line is sample output, the second is the length of the field. The fields are: permissions, link count, user owner, group owner, size in bytes, modification time. attrs is a dictionary in the format of the attrs argument to openFile. @param path: the directory to open. Nr��r7��r��r��r�� openDirectory��r ��zISFTPServer.openDirectoryc��C��r��)a�� Return the attributes for the given path. This method returns a dictionary in the same format as the attrs argument to openFile or a Deferred that is called back with same. @param path: the path to return attributes for as a string. @param followLinks: a boolean. If it is True, follow symbolic links and return attributes for the real path at the base. If it is False, return attributes for the specified path. Nr��)r5��followLinksr��r��r��getAttrs��r ��zISFTPServer.getAttrsc��C��r��)aJ�� Set the attributes for the path. This method returns when the attributes are set or a Deferred that is called back when they are. @param path: the path to set attributes for as a string. @param attrs: a dictionary in the same format as the attrs argument to L{openFile}. Nr��r4��r��r��r��setAttrs��r ��zISFTPServer.setAttrsc��C��r��)z� Find the root of a set of symbolic links. This method returns the target of the link, or a Deferred that returns the same. @param path: the path of the symlink to read. Nr��r7��r��r��r��readLink6��r ��zISFTPServer.readLinkc��C��r��)a�� Create a symbolic link. This method returns when the link is made, or a Deferred that returns the same. @param linkPath: the pathname of the symlink as a string. @param targetPath: the path of the target of the link as a string. Nr��)�linkPath� targetPathr��r��r��makeLink@��r ��zISFTPServer.makeLinkc��C��r��)z� Convert any path to an absolute path. This method returns the absolute path as a string, or a Deferred that returns the same. @param path: the path to convert as a string. Nr��r7��r��r��r��realPathK��r ��zISFTPServer.realPathc��C��r��)a�� This is the extension mechanism for SFTP. The other side can send us arbitrary requests. If we don't implement the request given by extendedName, raise NotImplementedError. The return value is a string, or a Deferred that will be called back with a string. @param extendedName: the name of the request as a string. @param extendedData: the data the other side sent with the request, as a string. Nr��)�extendedName�extendedDatar��r��r��extendedRequestU��r ��zISFTPServer.extendedRequestN)r��r��r��r��r��avatarr+��r/��r0��r3��r6��r8��r9��r;��r<��r=��r@��rA��rD��r��r��r��r��r(��s$�� r(��c��@��s(��e�Zd�ZdZdd��Zdd��Zdd��ZdS�) �IKnownHostEntryzl A L{IKnownHostEntry} is an entry in an OpenSSH-formatted C{known_hosts} file. @since: 8.2 c��C��r��)z� Return True if this entry matches the given Key object, False otherwise. @param key: The key object to match against. @type key: L{twisted.conch.ssh.keys.Key} Nr��)�keyr��r��r�� matchesKeyn��r ��zIKnownHostEntry.matchesKeyc��C��r��)a^�� Return True if this entry matches the given hostname, False otherwise. Note that this does no name resolution; if you want to match an IP address, you have to resolve it yourself, and pass it in as a dotted quad string. @param hostname: The hostname to match against. @type hostname: L{str} Nr��)�hostnamer��r��r��matchesHostw��r ��zIKnownHostEntry.matchesHostc��C��r��)z� @return: a serialized string representation of this entry, suitable for inclusion in a known_hosts file. (Newline not included.) @rtype: L{str} Nr��r��r��r��r��toString��r ��zIKnownHostEntry.toStringN)r��r��r��r��rH��rJ��rK��r��r��r��r��rF��f��s �� rF��c��@��s8��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��ZdS�) � ISFTPFilez� This represents an open file on the server. An object adhering to this interface should be returned from L{openFile}(). c��C��r��)z� Close the file. This method returns nothing if the close succeeds immediately, or a Deferred that is called back when the close succeeds. Nr��r��r��r��r��close��r ��zISFTPFile.closec��C��r��)a�� Read from the file. If EOF is reached before any data is read, raise EOFError. This method returns the data as a string, or a Deferred that is called back with same. @param offset: an integer that is the index to start from in the file. @param length: the maximum length of data to return. The actual amount returned may less than this. For normal disk files, however, this should read the requested number (up to the end of the file). Nr��)�offset�lengthr��r��r�� readChunk��r ��zISFTPFile.readChunkc��C��r��)a�� Write to the file. This method returns when the write completes, or a Deferred that is called when it completes. @param offset: an integer that is the index to start from in the file. @param data: a string that is the data to write. Nr��)rN��r ��r��r��r�� writeChunk��r ��zISFTPFile.writeChunkc��C��r��)z� Return the attributes for the file. This method returns a dictionary in the same format as the attrs argument to L{openFile} or a L{Deferred} that is called back with same. Nr��r��r��r��r��r;��r ��zISFTPFile.getAttrsc��C��r��)a �� Set the attributes for the file. This method returns when the attributes are set or a Deferred that is called back when they are. @param attrs: a dictionary in the same format as the attrs argument to L{openFile}. Nr��)r.��r��r��r��r<��r ��zISFTPFile.setAttrsN) r��r��r��r��rM��rP��rQ��r;��r<��r��r��r��r��rL��s��rL��N)r��zope.interfacer��r��r��r�� ValueErrorr#��r$��r(��rF��rL��r��r��r��r��<module>��s��@'�U'��__pycache__/manhole_tap.cpython-310.pyc��0000644��00000012747�15027667726�0014001 0��ustar�00��o ��bl��@��s��d�Z�ddlmZ�ddlmZmZ�ddlmZmZm Z �ddl mZ�ddlm Z �ddlmZmZ�ddlmZ�dd lmZmZ�G�d d��d�ZG�dd ��d �Zeej�G�dd��d��ZG�dd��dej�Zdd��ZdS�)z\ TAP plugin for creating telnet- and ssh-accessible manhole servers. @author: Jp Calderone ��)�implementer)�service�strports)�manhole�manhole_ssh�telnet)�insults)�keys)�checkers�portal)�protocol)�filepath�usagec��@��e�Zd�Zdd��Zdd��ZdS�)�makeTelnetProtocolc��C�� \|\|�_�d�S��N)r��)�selfr��r��;/usr/lib/python3/dist-packages/twisted/conch/manhole_tap.py�__init__�� zmakeTelnetProtocol.__init__c��C��s ��t�j}\|�jf}t�j\|g\|�R��S�r��)r��AuthenticatingTelnetProtocolr��TelnetTransport)r��auth�argsr��r��r��__call__��s��zmakeTelnetProtocol.__call__N��__name__� __module__�__qualname__r��r��r��r��r��r��r��r��c��@��r��)�chainedProtocolFactoryc��C��r��r��)� namespace)r��r#��r��r��r��r�� r��zchainedProtocolFactory.__init__c��C��s��t��tj\|�j�S�r��)r��ServerProtocolr��ColoredManholer#��r��r��r��r��r��#��s��zchainedProtocolFactory.__call__Nr��r��r��r��r��r"��r!��r"��c��@��r��)�_StupidRealmc��O��s��\|\|�_�\|\|�_\|\|�_d�S�r��)�protocolFactory�protocolArgs�protocolKwArgs)r��proto�a�kwr��r��r��r��)��s�� z_StupidRealm.__init__c��G��s0��t�j\|v�rt�j\|�j\|�ji�\|�j��dd��fS�t��)Nc��S��s��d�S�r��r��r��r��r��r��<lambda>3��s��z,_StupidRealm.requestAvatar.<locals>.<lambda>)r��ITelnetProtocolr(��r)��r��NotImplementedError)r��avatarId� interfacesr��r��r�� requestAvatar.��s�� z_StupidRealm.requestAvatarN)r��r��r ��r��r3��r��r��r��r��r'��'��s��r'��c��@��sD��e�Zd�Zg�d�g�d�g�d�g�d�g�d�g�d�gZdd��Zd d ��ZdS�)�Options)� telnetPort�tNzMstrports description of the address on which to listen for telnet connections)�sshPort�sNzJstrports description of the address on which to listen for ssh connections)�passwd�pz/etc/passwdz1name of a passwd(5)-format username/password file)� sshKeyDirN�<USER DATA DIR>z2Directory where the autogenerated SSH key is kept.)� sshKeyNameNz server.keyz&Filename of the autogenerated SSH key.)� sshKeySizeNi��z,Size of the automatically generated SSH key.c��C��s��t�j�\|��d�\|�d<�d�S�)Nr#��)r��r4��r��r&��r��r��r��r��\��s��zOptions.__init__c��C��s��\|�d�d�u�r\|�d�d�u�rt��d��d�S�d�S�)Nr5��r7��z<At least one of --telnetPort and --sshPort must be specified)r�� UsageErrorr&��r��r��r��postOptions`��s ��zOptions.postOptionsN)r��r��r �� optParametersr��r@��r��r��r��r��r4��8��s�� #r4��c��C��s4��t��}\|�d�}\|du�ri�}t�\|�d��}\|�d�r@ttjtjt j \|�}t�\|\|g�}t ��}t\|�\|_ t��\|�d�\|�}\|�\|��\|�d�r�t��}t\|�\|_t�\|\|g�} t�\| �} \|�d�dkrd\|�d�}n dd lm}�\|��}t�\|��\|�d ��} t�\| t\|�d��}\|\| jd<�\|\| jd<�t��\|�d�\| �}\|�\|��\|S�) a;�� Create a manhole server service. @type options: L{dict} @param options: A mapping describing the configuration of the desired service. Recognized key/value pairs are:: "telnetPort": strports description of the address on which to listen for telnet connections. If None, no telnet service will be started. "sshPort": strports description of the address on which to listen for ssh connections. If None, no ssh service will be started. "namespace": dictionary containing desired initial locals for manhole connections. If None, an empty dictionary will be used. "passwd": Name of a passwd(5)-format username/password file. "sshKeyDir": The folder that the SSH server key will be kept in. "sshKeyName": The filename of the key. "sshKeySize": The size of the key, in bits. Default is 4096. @rtype: L{twisted.application.service.IService} @return: A manhole service. r#��Nr9��r5��r7��r;��r<��r��)�getDataDirectoryr=��r>��s��ssh-rsa) r��MultiServicer ��FilePasswordDBr'��r��TelnetBootstrapProtocolr��r$��r��r%��r��Portalr�� ServerFactoryr��r��setServiceParentr�� TerminalRealmr"��ConchFactory�twisted.python._appdirsrB��r ��FilePath�childr ��_getPersistentRSAKey�int� publicKeys�privateKeys)�options�svcr#��checker�telnetRealm�telnetPortal� telnetFactory� telnetService�sshRealm� sshPortal� sshFactory�keyDirrB��keyLocation�sshKey� sshServicer��r��r��makeServiceg��sB�� r`��N)�__doc__�zope.interfacer��twisted.applicationr��r�� twisted.conchr��r��r��twisted.conch.insultsr��twisted.conch.sshr ��twisted.credr ��r��twisted.internetr��twisted.pythonr ��r��r��r"��IRealmr'��r4��r`��r��r��r��r��<module>��s�� /��scripts/__pycache__/conch.cpython-310.pyc��0000644��00000041257�15027667726�0014271 0��ustar�00��o ��bG��@��s��d�dl�Z�d�dlZd�dlZd�dlZd�dlZd�dlZd�dlZd�dlmZm Z �d�dl mZmZ�d�dl mZ�d�dlmZ�d�dlmZmZmZmZmZ�d�dlmZmZmZ�d�dlmZmZ�d�d lmZm Z �G�d d��de�Z!da"da#d�a$da%d�a&da'dd ��Z(dd��Z)dd��Zdd��Z+dd��Z,dd��Z-dd��Z.dd��Z/dd��Z0G�dd��d�Z1G�d d!��d!ej2�Z2G�d"d#��d#ej3�Z4G�d$d%��d%ej5�Z5G�d&d'��d'ej6�Z6d(d)��Z7dd+��Z8e9d,kr�e(��dS�dS�)-��N)�List�Tuple)�connect�default)�ConchOptions)� ConchError)�channel�common� connection� forwarding�session)�reactor�stdio�task)�log�usage)�ioType� networkStringc�� @��s��e�Zd�ZU�dZdZg�d�g�d�g�d�gZg�d�g�d�g�d�g�d �g�d �g�d�gZejdgej d d�ej d d�d�e� ��ej dd�ej ddd�gd�Zg�Ze eeeeef�f��ed<�g�Ze eeeeef�f��ed<�dd��Zdd��Zdd��Zdd��ZdS�) � ClientOptionsz(Usage: conch [options] host [command] zYconch is a SSHv2 client that allows logging into a remote machine and executing commands.)�escape�e�~)�localforward�LNz<listen-port:host:port Forward local port to remote address)� remoteforward�RNz<listen-port:host:port Forward remote port to local address)�null�nzRedirect input from /dev/null.)�fork�fz(Fork to background after authentication.)�tty�tz-Tty; allocate a tty even if command is given.)�notty�TzDo not allocate a tty.)�noshell�Nz"Do not execute a shell or command.)� subsystem�sz-Invoke command (mandatory) as SSH2 subsystem.)r ��r"��zlisten-port:host:port)�descr)r��r��command�argumentT)r(��repeat)�mutuallyExclusive� optActions�extraActions� localForwards�remoteForwardsc��C��sv��\|dkr d\|�d<�dS�\|d�dkr$t�\|�dkr$tt\|d��d��\|�d<�dS�t�\|�dkr0\|\|�d<�dS�t�d \|��d ��dS�)z: Set escape character; ``none'' = disable �noneNr��r��^��@��zBad escape character 'z'.)�len�chr�ord�sys�exit)�self�esc��r=��=/usr/lib/python3/dist-packages/twisted/conch/scripts/conch.py� opt_escapeP��s��zClientOptions.opt_escapec��C��8��\|��d�\}}}t\|�}t\|�}\|�j�\|\|\|ff��dS�)zH Forward local port to remote address (lport:host:port) �:N)�split�intr/��append)r;��r�� localPort� remoteHost� remotePortr=��r=��r>��opt_localforward]��zClientOptions.opt_localforwardc��C��r@��)zH Forward remote port to local address (rport:host:port) rA��N)rB��rC��r0��rD��)r;��r��rG��connHost�connPortr=��r=��r>��opt_remoteforwardf��rI��zClientOptions.opt_remoteforwardc��G��s��\|\|�d<�d��\|�\|�d<�d�S�)N�host� r)��)�join)r;��rM��r)��r=��r=��r>�� parseArgso��s��zClientOptions.parseArgsN)�__name__� __module__�__qualname__�synopsis�longdesc� optParameters�optFlagsr��Completions� Completer�CompleteUserAtHost�compDatar/��r��r��rC��__annotations__r0��r?��rH��rL��rP��r=��r=��r=��r>��r��s>�� r��c��C��s��t�jdd��}�d\|�v�r#\|��d�}\|�\|\|d��\|��}�\|�\|d�\|d��=�\|�d�d��D�],}z!\|��\|�}\|d�d��dkrK\|�\|d��d�dkrKg�\|�\|\|d��<�W�q)�tyU��Y�q)w�t��azt�\|��W�n#�tjy��}�zt d\|��t� ��t��d��W�Y�d�}~nd�}~ww�td �r�td �r�td �dkr�t�j}nt td �d�}nt�j}t�j}t�\|��\|t�_nt��t��t�j��}zt�\|�aW�n�ty��d�aY�nw�zt�tjdd ��}W�n�ty��d�}Y�nw�z0t��W�tr�t�\|tjt��\|r�t�tj\|��td��rtd��std��st�tjtj ��n.t�rt�\|tjt��\|�r)t�tj\|��td��r3td��s8td��sAt�tjtj ��w�w�t�j�!��rVtd��sVt d�"td��t��t#��d�S�)Nr4��z-lr3��z-or��-zERROR: r��logfileza+c��W��s��t��dt�S��Nr��)r �� callLater� reConnect)�ar=��r=��r>��<lambda>��s��zrun.<locals>.<lambda>r)��r ��r"��zConnection to {} closed.rM��)$r9��argv�index� ValueErrorr��options�parseOptionsr�� UsageError�print�opt_helpr:��stdout�open�stderrr��startLogging�discardLogs� doConnect�stdin�filenor �� tcgetattr�old� BaseException�signal�SIGUSR1r ��run� tcsetattr�TCSANOW�SIGWINCH�SIG_DFL�isatty�format� exitStatus)�args�i�arg�ur��realout�fd�oldUSR1r=��r=��r>��rz��}��s�� $�� rz��c��C��s,��ddl�m}��dat�dt��t�\|��)Nr��failurer3��g{�G�z�?) �twisted.pythonr��r��r ��ra��_stopReactorr��err�Failurer��r=��r=��r>��handleError��s ��r��c��C��s$��zt��W�d�S��ty��Y�d�S�w��N)r ��stoprw��r=��r=��r=��r>��r��s ��r��c��C��s��dt�d�v�rt�d��dd�\t�d<�t�d<�t�jsddgt�_t�d�}�t�d�st��t�d<�t�d�s3dt�d<�ntt�d��t�d<�t�d�}�t�d�}tj}t�d �sRt�\|�t��t�d <�t� t�d�t�t ��}t�\|�\|t�\|\|��t ��d�S�) N�@rM��r4��userz ~/.ssh/id_rsaz ~/.ssh/id_dsa�port��zhost-key-algorithms)rh��rB�� identitys�getpass�getuserrC��r�� verifyHostKey�getHostKeyAlgorithms�SSHUserAuthClient� SSHConnectionr�� addErrback�_ebExit)rM��r��vhk�uaor=��r=��r>��rr��s"�� rr��c��C��s��d\|��a�t�dt��d�S�)Nzconch: exiting with error 皙��?)r��r ��ra��r��)r��r=��r=��r>��r��s�� r��c��C��s.��t�tjd�r tt��tjr&tjD�]\}�}t�\|�t� t\|t ��}tj�\|��qtjrItjD�]\}}t �d\|��d\|��t�\|\|��q,t�ddt��td�rQtd�rWt�t��td�r�t��rdt�d ��t��td �D�](}zt�\|��W�ql�ty��}�zd d�l}\|j\|jkr��W�Y�d�}~qld�}~ww�d�S�d�S�)N� sendIgnorez!asking for remote forwarding for rA��before�shutdownr$��agentr��r��)�hasattr�conn� transport� _KeepAliverh��r/��r �� listenTCPr��SSHListenForwardingFactory� SSHListenClientForwardingChannelrD��r0��r��msg�requestRemoteForwarding�addSystemEventTrigger�beforeShutdown�openChannel� SSHSession�osr��_exit�setsid�range�close�OSError�errno�EBADF)rE��hostportr'��rG��r��r��r��r=��r=��r>�� onConnect��sD�� r��c��C��s��t��tjj��d�S�r��)r��r��r��loseConnectionr=��r=��r=��r>��rb�� s��rb��c��C��s8��t�j}�\|�D�]\}}t�d\|��d\|��t�\|��qd�S�)Nzcancelling rA��)rh��r0��r��r��r��cancelRemoteForwarding)r0��rG��r��r=��r=��r>��r��s ��r��c��C��s��t�d�st�dt��d�S�d�S�)N� reconnectr��)rh��r ��ra��r��r=��r=��r=��r>��stopConnection��s��r��c��@��s,��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd S�) r��c��C��s��\|\|�_�d�\|�_t�\|�j�\|�_\|�j�d��d�S�)Ni,��)r�� globalTimeoutr��LoopingCall� sendGlobal�lc�start)r;��r��r=��r=��r>��__init__��s��z_KeepAlive.__init__c��C��s2��\|�j�jdddd�}\|�\|�j��t�d\|�j�\|�_d�S�)Ns"��conch-keep-alive@twistedmatrix.com��r4�� wantReply��)r��sendGlobalRequest�addBoth� _cbGlobalr ��ra�� _ebGlobalr��)r;��dr=��r=��r>��r��!��s ��z_KeepAlive.sendGlobalc��C��s��\|�j�r \|�j��d�\|�_�d�S�d�S�r��)r��cancel)r;��resr=��r=��r>��r��(��s�� z_KeepAlive._cbGlobalc��C��s ��\|�j�rd�\|�_�\|�jj��d�S�d�S�r��)r��r��r��r��r;��r=��r=��r>��r��-��s��z_KeepAlive._ebGlobalN)rQ��rR��rS��r��r��r��r��r=��r=��r=��r>��r��s ��r��c��@��sL��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dd��Z dS�)r��c��C��s��\|�a�g�\|�_i�\|�_t��d�S�r��)r��r/��r0��r��r��r=��r=��r>��serviceStarted4��s�� zSSHConnection.serviceStartedc��C��s(��\|�j�}g�\|�_�\|D�]}\|��qt��d�S�r��)r/��r��r��)r;��lfr'��r=��r=��r>��serviceStopped;��s �� zSSHConnection.serviceStoppedc��C��sX��t��d\|f�}\|�jd\|dd�}t�d\|��d\|��\|�\|�j\|\|��\|�\|�j\|\|��d�S�)N�0.0.0.0s ��tcpip-forwardr4��r��zrequesting remote forwarding rA��) r��packGlobal_tcpip_forwardr��r��r��addCallback�_cbRemoteForwardingr��_ebRemoteForwarding)r;��rG��r��datar��r=��r=��r>��r��B��s ��z%SSHConnection.requestRemoteForwardingc��C��s4��t��d\|��d\|��\|\|�j\|<�t��t\|�j��d�S�)Nzaccepted remote forwarding rA��)r��r��r0��repr)r;��resultrG��r��r=��r=��r>��r��I��s�� z!SSHConnection._cbRemoteForwardingc��C��s&��t��d\|��d\|��d��t��\|��d�S�)Nzremote forwarding rA��z failed�r��r��)r;��r��rG��r��r=��r=��r>��r��N��s��z!SSHConnection._ebRemoteForwardingc��C��s^��t��d\|f�}\|��d\|��t�d\|��z\|�j\|=�W�n �ty$��Y�nw�t�t\|�j��d�S�)Nr��s��cancel-tcpip-forwardzcancelling remote forwarding )r��r��r��r��r��r0�� Exceptionr��)r;��rG��r��r=��r=��r>��r��R��s��z$SSHConnection.cancelRemoteForwardingc��C��s\|��t��d\|��t�\|�\}}t��\|�j��t��\|��\|d�\|�jv�r8\|�j\|d��}t��d\|��t\|\|\|\|�d�S�ttjd��)NzFTCP r4��zconnect forwarding )�remoteWindow�remoteMaxPacketr��zdon't know about that port) r��r��r��unpackOpen_forwarded_tcpipr0��SSHConnectForwardingChannelr��r ��OPEN_CONNECT_FAILED)r;�� windowSize� maxPacketr��remoteHP�origHP� connectHPr=��r=��r>��channel_forwarded_tcpip\��s�� z%SSHConnection.channel_forwarded_tcpipc��C��sV��t��d\|��t��\|�j��t\|�j�dkrt��d��t��d�S�\|�jjd��\|�\|��d�S�)Nzconnection closing r4��zstopping connectionr��)r��r��channelsr6��r�� __class__� __bases__� channelClosed)r;��r��r=��r=��r>��r��l��s�� zSSHConnection.channelClosedN)rQ��rR��rS��r��r��r��r��r��r��r��r��r=��r=��r=��r>��r��3��s�� r��c��@��sp��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zdd��Zdd��Z dd��Zdd��ZdS�)r��s��sessionc�� s��t��d��j��d��td�r��jj��dddd�}\|�dd ��td �r%d�S�td�r-td�s1td �s4t��t� ��}td�rHtd �sHd��_ ��j\|_n��j \|_��fdd �\|_t�\|��_d}td�rn��j��dt�td��d�S�td�r�td�r�tjd�}t�\|tjd�}t�d\|�}t�\|\|d�}��j��d\|��t�tj��j��j��dt�td��d�S�td �s�tjd�}t�\|tjd�}t�d\|�}t�\|\|d�}��j��d\|��t�tj��j��j��dd��d�S�)Nzsession z openr��s��auth-agent-req@openssh.comr��r4��r��c��S��s ��t��\|��S�r��r��xr=��r=��r>��rd��s�� z(SSHSession.channelOpen.<locals>.<lambda>r$��r)��r ��r"��r��c��s��S�r��)�sendEOFr��r��r=��r>��rd��s��r��r&��s ��subsystem�TERM�12345678�4H��s��pty-reqs��execs��shell)r��r��idrh��r��sendRequestr�� _enterRawModer��SSHSessionClient� escapeMode�handleInput�dataReceived�write�connectionLostr�� StandardIOr ��NSr��environ�fcntl�ioctlr �� TIOCGWINSZ�struct�unpack�packRequest_pty_reqrx��r}��_windowResized) r;��foor��cr��term�winsz�winSize� ptyReqDatar=��r��r>��channelOpen{��sJ�� zSSHSession.channelOpenc�� C��s&��\|dv�rd\|�_�\|��\|��d�S�\|�j�dkr\|td�krd\|�_�d�S�\|�j�dkr�d\|�_�\|dkr4t�d��t��d�S�\|dkrDdd ��}t�d \|��d�S�\|dkrUt�d��\|�jj � ��d�S�\|d kr�\|�j�d��\|�jj� ��}\|��\|D�]}\|�j�td�\|\|�jj\|��qkd�S�\|��d\|��d�S�d \|�_�\|��\|��d�S�)N)�� r4��r��r3��.zdisconnecting from escape��c��S��s6��t��tj��tj��t�t��tj ��t ��d�S�r��)� _leaveRawModer9��rm��flushrs��r��kill�getpidrx��SIGTSTPr��r=��r=��r=��r>��_��s �� z!SSHSession.handleInput.<locals>._r��Rzrekeying connection��#s'�� The following connections are open: z #{} {} ��~)r��r��rh��r��r��r��r ��ra��r��r��sendKexInitr��r��keys�sortr��r��)r;��charr��r�� channelIdr=��r=��r>��r��sF�� zSSHSession.handleInputc��C��s��\|�j��\|��d�S�r��)r��r��r;��r��r=��r=��r>��r��zSSHSession.dataReceivedc��C��sT��\|t�jkr(t�dt\|��d��ttj�tkr tjj � \|��d�S�tj� \|��d�S�d�S�)Nzgot z stderr data)r ��EXTENDED_DATA_STDERRr��r��r6��r��r9��ro��str�bufferr��)r;��r!��r��r=��r=��r>��extReceived��s�� zSSHSession.extReceivedc��C��s��t��d��\|�j��d�S�)Nzgot eof)r��r��r��loseWriteConnectionr��r=��r=��r>��eofReceived��s�� zSSHSession.eofReceivedc��C��s ��t��d\|��\|�j�\|��d�S�)Nzremote side closed )r��r��r�� sendCloser��r=��r=��r>�� closeReceived��s��zSSHSession.closeReceivedc��C��s&��t��d\|��t��t\|�jj��d�S�)Nzclosed )r��r��r��r��r��r��r=��r=��r>��closed��s��zSSHSession.closedc��C��s(��t�t�d\|�d��at�dt��d�S�)Nz>Lr��z exit status: )rC��r��r��r��r��r��r#��r=��r=��r>��request_exit_status��s��zSSHSession.request_exit_statusc��C��s��\|�j��\|��d�S�r��)r��r��r��r=��r=��r>��r��r$��zSSHSession.sendEOFc��C��\|�j��d�S�r��)r��pauseProducingr��r=��r=��r>��stopWriting��zSSHSession.stopWritingc��C��r/��r��)r��resumeProducingr��r=��r=��r>��startWriting��r2��zSSHSession.startWritingc��G��sZ��t��dtjd�}t�d\|�}\|d�\|d�\|d�\|d�f}\|�j�\|�dtjdg\|�R��d�S�) Nr��r��r��r4��r3��r��s ��window-changez!4L) r��r��r ��r��r��r��r��r��pack)r;��r��r ��r��newSizer=��r=��r>��r ��s��"zSSHSession._windowResizedN)rQ��rR��rS��namer��r��r��r(��r��r,��r-��r.��r��r1��r4��r ��r=��r=��r=��r>��r��w��s��+-r��c��@��e�Zd�ZdS�)r��N�rQ��rR��rS��r=��r=��r=��r>��r��r��c��@��r8��)r��Nr9��r=��r=��r=��r>��r��r:��r��c��C��s��t�sd�S�tj��}�t�\|�tjt��da�d�S�r`��)� _inRawModer9��rs��rt��r ��r{��r\|�� _savedRawMode)r��r=��r=��r>��r��s �� r��c��C��sV��t�rd�S�tj��}�z t�\|��}\|d�d��}W�n�ty%��t�d��Y�d�S�w�\|d�tj B�\|d<�\|d�tj tjB�tjB�tj B�tjB�tjB�tjB��@�\|d<�ttd�rZ\|d�tj�@�\|d<�\|d�tjtjB�tjB�tjB�tjB�tjB�tjB��@�\|d<�ttd�r�\|d�tj�@�\|d<�\|d�tj�@�\|d<�d\|d�tj<�d\|d�tj<�\|at�\|�tj\|��da�d�S�)Nznot a typewriter!r��IUCLCr��IEXTENr4��) r;��r9��rs��rt��r ��ru��rw��r��r��IGNPAR�ISTRIP�INLCR�IGNCR�ICRNL�IXON�IXANY�IXOFFr��r=��ISIG�ICANON�ECHO�ECHOE�ECHOK�ECHONLr>��OPOST�VMIN�VTIMEr<��r{��r\|��)r��rv��newr=��r=��r>��r��sd�� r��__main__):r��r��r��rx��r��r9��r ��typingr��r��twisted.conch.clientr��r��twisted.conch.client.optionsr��twisted.conch.errorr��twisted.conch.sshr��r ��r ��r��r��twisted.internetr ��r��r��r��r��r��twisted.python.compatr��r��r��rh��r��r��rv��r;��r<��rz��r��r��rr��r��r��rb��r��r��r��r�� SSHChannelr��r��r��r��r��rQ��r=��r=��r=��r>��<module>��sT��W< $D� 2 ��scripts/__pycache__/__init__.cpython-310.pyc��0000644��00000000266�15027667726�0014731 0��ustar�00��o ��b��@��s��d�Z�dS�)z conch scriptsN)�__doc__��r��r��@/usr/lib/python3/dist-packages/twisted/conch/scripts/__init__.py�<module>��s��scripts/__pycache__/tkconch.cpython-310.pyc��0000644��00000046612�15027667726�0014630 0��ustar�00��o ��b�\��@��s��d�Z�ddlZddlZddlZddlZddlZddlZddlZddl m Z�ddlm Z�ddlmZmZ�ddlmZ�ddlmZ�ddlmZmZmZmZmZmZmZmZ�ddlm Z �ddl!m"Z"m#Z#m$Z$m%Z%�dd l&m'Z'm(Z(�G�d d��dej)�ZG�dd ��d e(j+�Z,da-da.da/da0dd��Z1dd��Z2dd��Z3G�dd��de#j4�Z5G�dd��dej6�Z6G�dd��dej7�Z7G�dd��dej8�Z8G�dd��dej9�Z:e;dkr�e2��dS�dS�)z2 Implementation module for the `tkconch` command. ��N)�List�Tuple)�error)�isInKnownHosts)�channel�common� connection� forwarding�keys�session� transport�userauth)�tkvt100)�defer�protocol�reactor� tksupport)�log�usagec��@��s4��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��ZdS�)�TkConchMenuc��O��s��t�jj\|�g\|�R�i�\|��\|�j�d��t��\|�_\|�j�d��t�j\|�dddd�j dddd��t�� \|��\|�_\|�jj d d dd d��t�j\|�dddd�j dd dd��t�� \|��\|�_\|�jj d d d d d��t�j\|�ddd d�j dddd��t�� \|��\|�_ \|�j j d d dd d��t�j\|�dddd�j dddd��t�� \|��\|�_\|�jj d d dd d��t�j\|�dddd�j dddd��t�� \|��\|�_\|�jj d dd d��t�j\|�\|�jdd�j ddd d��t�j\|�dd�j dddd��t�j\|�ddd�\|�_\|�jj d d dd d��t�j\|�d\|�jd�j ddd��t�j\|�d\|�jd�j ddd��t�� \|��\|�_\|�jj d dd d��t�j\|�dd�j ddd d��t�� \|��\|�_\|�jj d dd d��t�j\|�d d�j ddd d��t�j\|�d!\|�jdd"�\|�_\|�jj d d#d��t�j\|�d$\|�jd%d"�\|�_\|�jj dd#d��t�j\|�d&d�j ddd'd d��t�j\|�ddd(d�j dd)dd��t�j \|�dd+�\|�_\|�jj d d d)d d��t�j\|�ddd,d�j dd-dd��t�j \|�d.d+�\|�_\|�jj d d d-d d��t�j\|�ddd/d�j dd0dd��t�j \|�d1d+�\|�_\|�jj d d d0d d��t�j\|�d2\|�jd�j ddd3d d��\|�jddd4d5��\|�j d dd d5��\|�j�!d6t"j#��d�S�)7N�TkConch�local�w�left�Hostname)�anchor�justify�text��)�column�row�sticky��nesw)r�� columnspanr ��r!��Port�Username��Command��Identity��Browse)�commandr��zPort Forwarding)r��r��)�height�width�Add)r��r-��)r��r ��Remove��Host�Local)r��variable�value� ��Remote�remotezAdvanced Options� ��Cipher��cipher)�name�MAC��maczEscape Char� ��escapezConnect!��@��)�weight�minsize�WM_DELETE_WINDOW)$�Tkinter�Frame�__init__�master�title� StringVar�localRemoteVar�set�Label�grid�Entry�host�port�userr-��identity�Button�getIdentityFile�Listbox�forwards� addForward� removeForward�forwardPort�forwardHost�Radiobutton�localForward� remoteForwardr?��rC��rE�� doConnect�grid_rowconfigure�grid_columnconfigurer��sys�exit)�self�args�params��rm��?/usr/lib/python3/dist-packages/twisted/conch/scripts/tkconch.pyrM��'��s�� zTkConchMenu.__init__c��C��s4��t��}\|r\|�j�dtj��\|�j�tj\|��d�S�d�S��Nr��)�tkFileDialog�askopenfilenamerY��deleterK��END�insert)rj��rrm��rm��rn��r[��s ��zTkConchMenu.getIdentityFilec��C��s��\|�j��}\|�j��dtj��\|�j��}\|�j�dtj��\|�j��dkr1\|�j�tjd\|��d\|��d�S�\|�j�tjd\|��d\|��d�S�)Nr��r��L:�:�R:) r`��getrr��rK��rs��ra��rQ��r]��rt��)rj��rW��rV��rm��rm��rn��r^��s�� zTkConchMenu.addForwardc��C��s&��\|�j��}\|r\|�j��\|d��d�S�d�S�ro��)r]��curselection�remove)rj��currm��rm��rn��r_��s�� zTkConchMenu.removeForwardc�� C��s��d}\|�j��td<�\|�j��td<�\|�j��td<�\|�j��td<�\|�j��}\|�j��}\|�j��}\|rA\|t j v�r9\|gt _ nt�dd��d}\|rW\|t j v�rM\|gt _ n \|rWt�dd ��d}\|r�\|d krbd�td<�n0\|d�dkr{t\|�d kr{tt\|d��d��td<�nt\|�dkr�\|td<�n\|r�t�dd\|��d}\|�j��r�tj�\|�j��\|�j�dtj�D�]}\|d�dkr�t�\|d d��q�t�\|d d��q�dtd�v�r�td��dd�\td<�td<�td�r�td�s�\|r�t�dd��d}\|�rJ\|�j��\|�j��td��r tj}t� tj!��\|t_nt�"��t#t_$tj�sddgt_td�}t%td��p$d�}t�&\|\|f��t'�(\|\|t)��tj�+��tj�,d�-td�td��d�S�\|��.��d�S�)Nr��rV��rW��rX��r-��r��zBad cipher.r��zBad MAC.�nonerE��^r"��rG��zBad escape character '%s'.�L�@zMissing host or username.r��z ~/.ssh/id_rsaz ~/.ssh/id_dsa��z{}@{} - TkConch)/rV��ry��optionsrW��rX��r-��r?��rC��rE��SSHClientTransport�supportedCiphers�tkMessageBox� showerror� supportedMACs�len�chr�ordrY�� identitys�appendr]��rK��rs��opt_localforward�opt_remoteforward�splitrN��quit�destroyrh��stdoutr��startLogging�stderr�discardLogs�handleError�deferr�int�msgr�� connectTCP�SSHClientFactory�frame� deiconifyrO��format�focus) rj��finishedr?��rC��rE��line�realoutrV��rW��rm��rm��rn��re��sx�� zTkConchMenu.doConnectN)�__name__� __module__�__qualname__rM��r[��r^��r_��re��rm��rm��rm��rn��r��&��s��^ r��c�� @��sj��e�Zd�ZU�dZg�d�g�d�g�d�g�d�g�d�g�d�g�d�g�d �gZg�d �g�d�g�d�g�d �g�d�g�d�g�d�g�d�gZejjZ ejj Zej dge�dd��e D��e�dd��eD��ejdd�ejdd�d�e��ejdd�ejddd�gd�Zg�Zee�ed<�g�Zeeeeeef�f��ed<�g�Zeeeeeef�f��ed <�d!d"��Zd#d$��Zd%d&��Zd'd(��Zd)d��Zd+S�),�GeneralOptionsz,Usage: tkconch [options] host [command] )rX��lNzLog in using this user name.)rY��iz~/.ssh/identityz&Identity for public key authentication)rE��e�~z(Set escape character; ``none'' = disable)r?��cNzSelect encryption algorithm.)�macs�mNz.Specify MAC algorithms for protocol version 2.)rW��pNz7Connect to this port. Server must be on the same port.)�localforwardr��Nz<listen-port:host:port Forward local port to remote address)� remoteforward�RNz<listen-port:host:port Forward remote port to local address)�tty�tz-Tty; allocate a tty even if command is given.)�notty�TzDo not allocate a tty.)�version�VzDisplay version number only.)�compress�CzEnable compression.)�noshell�Nz"Do not execute a shell or command.)� subsystem�sz-Invoke command (mandatory) as SSH2 subsystem.)r��vz Log to stderr)�ansilog�az!Print the received data to stdout)r��r��c��C��g�\|�]}\|��qS�rm��decode��.0r��rm��rm��rn�� <listcomp> ��zGeneralOptions.<listcomp>c��C��r��rm��r��r��rm��rm��rn��r��r��zlisten-port:host:port)�descr)r?��r��r��r��r-��argumentT)r��repeat)�mutuallyExclusive� optActions�extraActionsr�� localForwards�remoteForwardsc��C��s��\|�j��\|��d�S��N)r��r��)rj��r��rm��rm��rn��opt_identity��zGeneralOptions.opt_identityc��C��8��\|��d�\}}}t\|�}t\|�}\|�j�\|\|\|ff��d�S��Nrw��)r��r��r��r��)rj��f� localPort� remoteHost� remotePortrm��rm��rn��r�� zGeneralOptions.opt_localforwardc��C��r��r��)r��r��r��r��)rj��r��r��connHost�connPortrm��rm��rn��r��&��r��z GeneralOptions.opt_remoteforwardc��C��s��dgt�jdd�<�d�S�)N�zlibr��r��)r��supportedCompressions�rj��rm��rm��rn��opt_compress,��s��zGeneralOptions.opt_compressc��G��s>��\|r\|d�\|�d<�d��\|dd��\|�d<�d�S�d\|�d<�d\|�d<�d�S�)Nr��rV�� r��r-��)�join)rj��rk��rm��rm��rn�� parseArgs/��s ��zGeneralOptions.parseArgsN)r��r��r��synopsis� optParameters�optFlagsr��r��r��_ciphersr��_macsr��Completions�CompleteList� Completer�CompleteUserAtHost�compDatar��r��str�__annotations__r��r��r��r��r��r��r��r��r��rm��rm��rm��rn��r��sT�� r��c��sJ��t�jrtd��t��g�}\|f��fdd� }\|t�_t��\|��t�j��S�)Nzcan't ask 2 questions at once!c��s��\|�sd�S�\|�dkrt��\|�dkr%t�d��d�\|�}~d�t_��\|��d�S�dt\|��kr1dk�rCn�n\|�\|��rAt�\|��d�S�d�S�t\|��dkrX\|rZ�rRt�d��\|��d�S�d�S�d�S�) N�� z r�� r4��z ) r��stopr��writer��callbackr��r��pop)�ch�resp�stresp��d�echorm��rn��gotCharE��s�� z!deferredAskFrame.<locals>.gotChar)r��r�� ValueErrorr��Deferredr��canvas�focus_force)�questionr��r��r��rm��r��rn��deferredAskFrame?��s�� r��c�� C��s��t�jdd��}�d\|�v�r#\|��d�}\|�\|\|d��\|��}�\|�\|d�\|d��=�\|�d�d��D�],}z!\|��\|�}\|d�d��dkrK\|�\|d��d�dkrKg�\|�\|\|d��<�W�q)�tyU��Y�q)w�t��}\|��t��}t\|�a t j tjtjdd��t ��azt�\|��W�n"�tjy��}�ztd \|��t��t��d��W�Y�d�}~nd�}~ww�t��D�]\}}\|r�tt \|�r�tt \|��tj\|��q�tjD�]\}\} } t j�tjd \|��d\| ��d\| ��q�g�t_tjD�]\}\} } t j�tjd\|��d\| ��d\| ��q�g�t_tj\|d�d �a\|� dtj!tj"�d�tj#tj$�d�f��tj tjd��t%�&\|��\|��td��r)td��s0dtd�v��r5t �'��n\|�(��t)���t��t+��d�S�)Nr��z-lr"��r)��z-or��-)�side�fill�expandz ERROR: %srv��rw��rx��)r��z%dx%dr'��)r��rV��rX��r��),rh��argv�indexr��rK��Tk�withdraw�Toplevelr��menu�pack�TOP�BOTHr��r��parseOptionsr�� UsageError�print�opt_helpri��items�hasattr�getattrrt��rs��r��r]��r��r�� VT100Framer��geometry� fontWidthr0�� fontHeightr/��r��installre��mainloopr��run� exitStatus)rk��r��arg�root�top�u�kr��r��rh�rprm��rm��rn��r��`��sh�� $��$$�� " r��c��C��s(��ddl�m}��dat�\|��t��)Nr��failurer"��)�twisted.pythonr)��r ��r��err�Failurer��r��r(��rm��rm��rn��r��s ��r��c��@��s(��e�Zd�ZdZdd��Zdd��Zdd��ZdS�) r��Tc��C��s��t��d�S�r��)r��r��r��rm��rm��rn��stopFactory��s��zSSHClientFactory.stopFactoryc��C��s��t��S�r��)r��)rj��addrrm��rm��rn�� buildProtocol��s��zSSHClientFactory.buildProtocolc��C��s ��t��dd\|j��d\|j��d�S�)Nr��zConnection Failed, Reason: z: )r��showwarning�typer8��)rj�� connector�reasonrm��rm��rn��clientConnectionFailed��s��z'SSHClientFactory.clientConnectionFailedN)r��r��r��noisyr-��r/��r4��rm��rm��rm��rn��r��s ��r��c��@��s<��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd S�)r��c��C��s��d\|\|f�a�d�S�)NzDconch: Remote side disconnected with error code %i conch: reason: %s)r ��)rj��code�descrm��rm��rn��receiveError��s��zSSHClientTransport.receiveErrorc��C��s ��d\|\|f�a�tj�\|�\|\|��d�S�)Nz>conch: Sending disconnect with error code %i conch: reason: %s)r ��r��r��sendDisconnect)rj��r6��r3��rm��rm��rn��r9��s ��z!SSHClientTransport.sendDisconnectc��C��s"��\|st�d�rt�d\|��d�S�d�S�)Nr��zReceived Debug Message: %s)r��r��r��)rj�� alwaysDisplay�message�langrm��rm��rn��receiveDebug��s��zSSHClientTransport.receiveDebugc��C��s��t�td�\|dd�i�}\|dkrt�d�S�\|dkrt�t�d��S�td�\|�j��j kr2td�}td�}nd� td�\|�j��j �}d� td�\|�j��j �}t�\|�d�}d � \|d dd�\|�\|�}\|d 7�}t \|d��\|�j\|\|\|�S�)NrV��zknown-hostsr��r"��bad host keyz{} ({})z{},{}r��zNThe authenticity of host '{}' can't be established. {} key fingerprint is {}.�DSA�RSA�s��ssh-dsss��ssh-rsaz9 Are you sure you want to continue connecting (yes/no)? )r��r��r��succeed�failr�� ConchErrorr��getPeerrV��r��r��getNSr��addCallback�_cbVerifyHostKey)rj��pubKey�fingerprint�goodKeyrV��khHost�keyType�quesrm��rm��rn�� verifyHostKey��s,�� z SSHClientTransport.verifyHostKeyc�� C��s��\|��dvrtdd��\|�j\|\|\|�S�\|��dkr"t�d��t�d��z?t�d\|dd d �\|�f��tt j �d�d��}t� \|�}\|�d \|��d\|��d\|��W�d��W�d�S�1�sZw��Y��W�d�S��tyo��t��tj�w�)N)�yes�nozPlease type 'yes' or 'no': r��rQ��zHost key verification failed. r>��zBWarning: Permanently added '%s' (%s) to the list of known hosts. r?��r@��rA��z~/.ssh/known_hostsr�� r��)�lowerr��rG��rH��r��r��r��rD��open�os�path� expanduser�base64� b64encode� BaseExceptionr��r��)rj��ansrI��rL��rM��known_hosts� encodedKeyrm��rm��rn��rH��s�� &��z#SSHClientTransport._cbVerifyHostKeyc��C��s0��t�d�r t�d�}nt��}\|��t\|t��d�S�)NrX��)r��getpass�getuser�requestService�SSHUserAuthClient� SSHConnection)rj��rX��rm��rm��rn��connectionSecure��s�� z#SSHClientTransport.connectionSecureN) r��r��r��r8��r9��r=��rO��rH��rc��rm��rm��rm��rn��r��s��r��c��@��s@��e�Zd�ZU�g�Zee�ed<�ddd�Zdd��Zdd��Z d d ��Z dS�)ra�� usedFilesNc��C��s ��\|sd��\|�jtd��}t\|d�S�)Nz{}@{}'s password: rV��r��)r��rX��r��r��)rj��promptrm��rm��rn��getPassword��s�� zSSHUserAuthClient.getPasswordc��s��fdd�t�jD��}\|sd�S�\|d�}t�\|��j�\|��tj�\|�}\|d7�}tj� \|�s/d�S�z t j�\|�� W�S��tyE��Y�S�w�)Nc��s��g�\|�] }\|��j�vr\|�qS�rm��)rd��)r��xr��rm��rn��r��s��z2SSHUserAuthClient.getPublicKey.<locals>.<listcomp>r��z.pub)r��r��r��r��rd��r��rU��rV��rW��existsr ��Key�fromFile�blobrZ��getPublicKey)rj��files�filerm��r��rn��rl��s�� zSSHUserAuthClient.getPublicKeyc�� C��s��t�j�\|�jd��}t�j�\|�sd�S�zt�tj� \|�j �W�S��tjyN�}�z%\|jd�dkrCd\|�jd��}t \|d��\|�jd�W��Y�d�}~S�W�Y�d�}~d�S�d�}~ww�)N��r��zencrypted key with no password�Enter passphrase for key '%s': )rU��rV��rW��rd��rh��r��rB��r ��ri��rj�� keyObject�BadKeyErrorrk��r��rG��_cbGetPrivateKey)rj��rn��r��re��rm��rm��rn�� getPrivateKey��s�� zSSHUserAuthClient.getPrivateKeyc��C��sl��t�j�\|�jd��}z tjj\|\|d�jW�S��tjy5��\|dkr ��d\|�jd��}t \|d�� \|�j\|d��Y�S�w�)Nro��)�passwordr"��rp��r��r��)rU��rV��rW��rd��r ��ri��rj��rq��rr��r��rG��rs��)rj��r[��countrn��re��rm��rm��rn��rs��s�� z"SSHUserAuthClient._cbGetPrivateKeyr��)r��r��r��rd��r��r��r��rf��rl��rt��rs��rm��rm��rm��rn��ra��s�� ra��c��@��s��e�Zd�Zdd��ZdS�)rb��c�� C��s��t�d�s \|��t��t�jr!t�jD�]\}}t�\|t�\|�\|tj��qt�j rGt�j D�]!\}}t �d�\|\|��t� d\|f�}\|��d\|��\|\|�j \|<�q'd�S�d�S�)Nr��z&asking for remote forwarding for {}:{}z0.0.0.0z tcpip-forward)r��openChannel� SSHSessionr��r�� listenTCPr ��SSHListenForwardingFactory� SSHListenClientForwardingChannelr��r��r��r��packGlobal_tcpip_forward�sendGlobalRequest)rj��r��hostportr��datarm��rm��rn��serviceStarted-��s,��zSSHConnection.serviceStartedN)r��r��r��r��rm��rm��rm��rn��rb��,��s��rb��c��@��sP��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��ZdS�)rx��s��sessionc��C��s��d\|�_�t��}td�r\|�j\|_n\|�j\|_\|�j\|_\|jt _ t j��td�r3\|�j �\|�dt�td��nRtd�ratd�rStj�dd�}d }t�\|\|d �}\|�j �\|�d\|��\|�j �\|�dt�td��n$td �s}tj�dd�}d }t�\|\|d �}\|�j �\|�d\|��\|�j �\|�dd��\|�j jj�d��d�S�)Nr��rE��r��s ��subsystemr-��r��TERM�xterm)��P��r��r��r��s��pty-req�execr��s��shell��)� escapeModer��SSHSessionClientr��handleInput�dataReceivedr��sendEOF�connectionLostr��r��r��r��conn�sendRequestr��NSrU��environry��packRequest_pty_reqr�� setTcpNoDelay)rj��foor��term�winSize� ptyReqDatarm��rm��rn��channelOpenH��s0�� zSSHSession.channelOpenc��C��s��\|dv�rd\|�_�\|��\|��d�S�\|�j�dkr\|td�krd\|�_�d�S�\|�j�dkr^d\|�_�\|dkr5t�d��t��d�S�\|dkrDt�t� ��t j��d�S�\|dkrUt�d ��\|�jj ��d�S�\|��d \|��d�S�d\|�_�\|��\|��d�S�)N)rR��r��r��rE��r"��.zdisconnecting from escape�r��zrekeying connectionr��r��)r��r��r��r��r��r��r��rU��kill�getpid�signal�SIGSTOPr��r��sendKexInit)rj��charrm��rm��rn��r��i��s�� zSSHSession.handleInputc��C��s,��\|��d�}td�rtt\|��t�\|��d�S�)Nzutf-8r��)r��r��r��reprr��r��rj��r��rm��rm��rn��r��s�� zSSHSession.dataReceivedc��C��s:��\|t�jkrt�dt\|��tj�\|��tj��d�S�d�S�)Nzgot %s stderr data) r��EXTENDED_DATA_STDERRr��r��r��rh��r��r��flush)rj��r��r��rm��rm��rn��extReceived��s �� zSSHSession.extReceivedc��C��s��t��d��tj��d�S�)Nzgot eof)r��r��rh��stdin�closer��rm��rm��rn��eofReceived��s�� zSSHSession.eofReceivedc��C��s.��t��d\|��t\|�jj�dkrt��d�S�d�S�)Nz closed %sr��)r��r��r��r��channelsr��r��r��rm��rm��rn��closed��s��zSSHSession.closedc��C��s&��t�t�d\|�d��at�dt��d�S�)Nz>Lr��zexit status: %s)r��struct�unpackr ��r��r��r��rm��rm��rn��request_exit_status��s��zSSHSession.request_exit_statusc��C��s��\|�j��\|��d�S�r��)r��r��r��rm��rm��rn��r��r��zSSHSession.sendEOFN)r��r��r��r@��r��r��r��r��r��r��r��r��rm��rm��rm��rn��rx��D��s��!rx��__main__)<�__doc__rX��r^��rU��r��r��rh��tkinterrK��tkinter.filedialog� filedialogrp��tkinter.messagebox� messageboxr��typingr��r�� twisted.conchr��twisted.conch.client.defaultr��twisted.conch.sshr��r��r��r ��r ��r��r��r ��twisted.conch.uir��twisted.internetr��r��r��r��r��r��r��rL��r��Optionsr��r��r��r ��r��r��r��r�� ClientFactoryr��r��ra��rb�� SSHChannelrx��r��rm��rm��rm��rn��<module>��sF��( �>V!3 O0] ��scripts/__pycache__/cftp.cpython-310.pyc��0000644��00000072075�15027667726�0014135 0��ustar�00��o ��b�z��@��sz��d�Z�ddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddlmZm Z mZ�ddlmZmZmZ�ddlmZmZmZmZ�ddlmZmZmZmZ�ddlmZ�ddlm Z m!Z!m"Z"�dd l#m$Z$�G�d d��dej%�Z&dd ��Z'dd��Z(dd��Z)dd��Zdd��Z+G�dd��d�Z,G�dd��dej-�Z.e/e.de.j0��G�dd��dej1�Z1G�dd��dej2�Z3e4dkr�e'��dS�dS�) z0 Implementation module for the I{cftp} command. ��N)�List�Optional�Union)�connect�default�options)�channel�common� connection�filetransfer)�defer�reactor�stdio�utils)�basic)�failure�log�usage)�FilePathc��@��sz��e�Zd�ZU�dZdZg�d�g�d�g�d�g�d�gZeeeee e f��ed<�ej dd ie��ejd d�gd�Zddd�Zd S�)� ClientOptionsz�Usage: cftp [options] [user@]host cftp [options] [user@]host[:dir[/]] cftp [options] [user@]host[:file [localfile]] zncftp is a client for logging into a remote machine and executing commands to send and receive file information)� buffersize�Bi��z0Size of the buffer to use for sending/receiving.)� batchfile�bNz-File to read commands from, or '-' for stdin.)�requests�R��z6Number of requests to make before waiting for a reply.)� subsystem�s�sftpz'Subsystem/server program to connect to.� optParametersr��z,Size of send/receive buffer (default: 32768)z local file)�descr)�descriptions�extraActionsNc��C��sF��d\|�d<�d\|v�r\|��dd�\}\|�d<�\|�d��d��\|\|�d<�\|\|�d<�d�S�)N�� remotePath�:��/�host� localPath)�split�rstrip)�selfr)��r��r.��</usr/lib/python3/dist-packages/twisted/conch/scripts/cftp.py� parseArgs6��s��zClientOptions.parseArgs�N)�__name__� __module__�__qualname__�synopsis�longdescr ��r��r��r��str�int�__annotations__r��Completions�CompleteUserAtHost� CompleteFiles�compDatar0��r.��r.��r.��r/��r��s �� r��c�� C��s��t�jdd��}�d\|�v�r#\|��d�}\|�\|\|d��\|��}�\|�\|d�\|d��=�t��}z\|�\|��W�n�tjyK�}�ztd\|��t��d��W�Y�d�}~nd�}~ww�\|d�r]t�j }t �t�j��\|t�_ nt � ��t\|��t��d�S�)Nr'��z-l��z ERROR: %sr��)�sys�argv�indexr��parseOptionsr�� UsageError�print�exit�stdoutr��startLogging�stderr�discardLogs� doConnectr ��run)�args�ir��u�realoutr.��r.��r/��rL��?��s(�� rL��c��C��s4��da�zt��W�n �ty��Y�nw�t�t��)Nr>��)� exitStatusr ��stop� BaseExceptionr��errr��Failurer.��r.��r.��r/��handleErrorU��s��rV��c��C��s��d\|�d�v�r\|�d��dd�\\|�d<�\|�d<�\|�d�}\|�d�s"t��\|�d<�\|�d�s+d\|�d<�nt\|�d��\|�d<�\|�d�}\|�d�}t��}\|�\|_tj}t�\|�d�\|�\|�}t � \|\|\|�\|\|�� t��d�S�)N�@r)��r'��user�port��)r+��getpass�getuserr8�� SSHConnectionr��r�� verifyHostKey�SSHUserAuthClientr�� addErrback�_ebExit)r��r)��rY��conn�vhk�uaor.��r.��r/��rK��`��s�� rK��c��C��sJ��t�\|�jd�r\|�jj}nt\|��}t\|��zt��W�d�S��ty$��Y�d�S�w�)N�value)�hasattrre��r7��rE��r ��rR��rS��)�fr��r.��r.��r/��ra��s��s�� ra��c��G��s��d�S�r1��r.��)rM��r.��r.��r/��_ignore��rh��c��@��s��e�Zd�Zdd��Zdd��ZdS�)�FileWrapperc��C��s&��\|\|�_�d\|�_\|�dd��\|��\|�_d�S�)N��r��r>��)rg��total�seek�tell�size�r-��rg��r.��r.��r/��__init__��s��zFileWrapper.__init__c��C��s��t�\|�j\|�S�r1��)�getattrrg��)r-��attrr.��r.��r/��__getattr__��s��zFileWrapper.__getattr__N)r2��r3��r4��rq��rt��r.��r.��r.��r/��rj��s��rj��c��@��s��e�Zd�ZeZdZdZeZd{dd�Zdd��Z dd ��Z d d��Zdd ��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��Zd d!��Zd"d#��Zd\|d$d%�Zd&d'��Zd(d)��Zdd+��Zd,d-��Zd.d/��Zd0d1��Zd2d3��Zd4d5��Z d6d7��Z!d8d9��Z"d:d;��Z#d<d=��Z$d}d?d@�Z%dAdB��Z&dCdD��Z'dEdF��Z(dGdH��Z)dIdJ��ZdKdL��Z+dMdN��Z,dOdP��Z-dQdR��Z.dSdT��Z/dUdV��Z0dWdX��Z1dYdZ��Z2d[d\��Z3d]d^��Z4e4Z5d_d`��Z6dadb��Z7dcdd��Z8dedf��Z9dgdh��Z:didj��Z;dkdl��Z<dmdn��Z=dodp��Z>dqdr��Z?dsdt��Z@dudv��ZAdwdx��ZBdydz��ZCdS�)~�StdioClientzcftp> �� Nc��C��s&��\|\|�_�d\|�_\|\|�_\|�rdpd\|�_d�S�)Nr$��r'��r��)�client�currentDirectory�file�useProgressBar)r-��rw��rg��r.��r.��r/��rq��s��zStdioClient.__init__c��C��s��\|�j��d��\|�j��d�S�)Nr$��)rw��realPath�addCallback�_cbSetCurDir�r-��r.��r.��r/��connectionMade��s��zStdioClient.connectionMadec��C��s��\|\|�_�\|��d�S�r1��)rx��_newLine�r-��pathr.��r.��r/��r}��s��zStdioClient._cbSetCurDirc��C��s ��t�\|t�r \|�d�}\|�j�\|�S�)N�utf-8)� isinstancer7��encode� transport�write)r-��msgr.��r.��r/��_writeToTransport��s�� zStdioClient._writeToTransportc��C��s��\|�j�jjrd�S�t\|t�r\|�d�}t�d\|��\|��}\|s$\|�� d�S�\|�j r6\|�d�r6d\|�_\|dd��}nd\|�_\|�� \|�}\|d�urP\|�\|�j��\|�\|�j��d�S�d�S�)Nr��zgot line %s�-r'��r��)rw��r��localClosedr��bytes�decoder��r��lstripr��ry�� startswith�ignoreErrors�_dispatchCommandr\|�� _cbCommandr`�� _ebCommand)r-��line�dr.��r.��r/��lineReceived��s$�� zStdioClient.lineReceivedc��C��s��d\|v�r\|��dd�\}}\|��}n\|d}}\|�d�r+\|�j}\|dd��d�\|��}n\|��}t�d\|��t\|�d\|�d��}\|d�urHt � \|\|�S�d\|�}\|��t� t\|��\|��d�S�)N� r'��r$��!zlooking up cmd %szcmd_%szNo command called `%s')r+��r��r��cmd_EXEC�strip�upperr��r��rr��r�� maybeDeferredr��r��rU��NotImplementedErrorr��)r-��r��command�restrg��errMsgr.��r.��r/��r��s�� zStdioClient._dispatchCommandc��C��s��t��\|��\|�ttjtt�}\|tkr\|��\|�� d��d�S�\|tjkr2d\|j j\|j jf�}\|��\|��d�S�\|ttfv�rId\|j j \|j jf�}\|��\|��d�S�d�S�)Nr$��zremote error %i: %s zlocal error %i: %s )r��r��trapr��r�� SFTPError�OSError�IOErrorr��cmd_HELPre��code�message�errno�strerror)r-��rg��er��r.��r.��r/�� _printFailure��s�� zStdioClient._printFailurec��C��sd��\|�j�jjrd�S�\|��\|�j��d\|�_\|�jr0\|�j��}\|s"\|�j�j��d�S�\|��\|��\|�� \|� ��d�S�d�S�)Nr��)rw��r��r��r��psr��ry��readline�loseConnectionr��r��)r-��lr.��r.��r/��r��s�� zStdioClient._newLinec��C��sF��\|d�urt�\|t�r\|�d�}\|��\|��\|�d�s\|��d��\|��d�S�)Nr��rv��)r��r7��r��r��endswithr��)r-��resultr.��r.��r/��r��s�� zStdioClient._cbCommandc��C��s.��\|��\|��\|�jr\|�js\|�jj��\|��d�S�r1��)r��ry��r��rw��r��r��r��rp��r.��r.��r/��r��s�� zStdioClient._ebCommandc��C��s`��\|��\|�\}}\|�d�s\|d7�}\|rtj�\|�j\|�pd}\|�j�\|�}\|�\|�j ��\|� \|�j��\|S�)Nr(��r$��)�_getFilenamer��osr��joinrx��rw�� openDirectoryr\|��_cbCdr`��r��)r-��r��r��newPathr��r.��r.��r/��cmd_CD��s�� zStdioClient.cmd_CDc��C��s&��\|��\|�j�\|j�}\|�\|�j��\|S�r1��)�closerw��r{��namer\|�� _cbCurDir)r-�� directoryr��r.��r.��r/��r��s��zStdioClient._cbCdc��C��s ��\|\|�_�d�S�r1��rx��r��r.��r.��r/��r�� s�� zStdioClient._cbCurDirc��C��H��\|��d�d�\}}\|��\|�\}}t\|�}\|�j�\|�}\|j\|�j\|\|d��\|S�)Nr'��)�grp�r+��r��r8��rw��getAttrsr\|��_cbSetUsrGrp)r-��r��r��r��r��r.��r.��r/�� cmd_CHGRP��zStdioClient.cmd_CHGRPc��C��sH��\|��d�d�\}}\|��\|�\}}t\|d�}\|�j�\|d\|i�}\|�t��\|S�)Nr'��permissions)r+��r��r8��rw��setAttrsr\|��rh��)r-��r��modr��r��r.��r.��r/�� cmd_CHMOD��s�� zStdioClient.cmd_CHMODc��C��r��)Nr'��)�usrr��)r-��r��r��r��r��r.��r.��r/�� cmd_CHOWN��r��zStdioClient.cmd_CHOWNc��C��sP��i�}\|d�ur\|p\|d�\|d<�\|d�ur\|p\|d�\|d<�\|�j��\|\|�}\|�t��\|S�)N�uid�gid)rw��r��r\|��rh��)r-��attrsr��r��r��newr��r.��r.��r/��r��$��s�� zStdioClient._cbSetUsrGrpc��C��s��\|��\|�\}}d\|v�sd\|v�r1\|r!\|��\|�\}}tj�\|�s dS�nd}\|��\|�}\|�\|�j\|��\|S�\|r;\|��\|�\}}ntj�\|�d�}t� \|\|f��t \|dd�}t\|�j�� \|�}\|�j�\|jtji��}\|�\|�j\|��\|�\|�j\|��\|S�)N��?z'Wildcard get with non-directory target.��r'��wbr��)r��r��r��isdir�_remoteGlobr\|��_cbGetMultipler+��r��r��openr��rx��childrw��openFiler��FXF_READ�_cbGetOpenFiler`�� _ebCloseLf)r-��r��remote�localr��lfr��r.��r.��r/��cmd_GET,��s�� zStdioClient.cmd_GETc��C��s��\|��d�\|\|�S�r1��)�_cbGetMultipleNext)r-��filesr��r.��r.��r/��r��D��s��zStdioClient._cbGetMultiplec��C��s��t�\|tj�r\|��\|��n\|r\|��\|��\|�d�s\|��d��\|s!d�S�\|�d�d�}ttj � \|tj �\|�d��dd�}t\|�j ��\|�}\|�j�\|j tji��}\|�\|�j\|��\|�\|�j\|��\|�\|�j\|\|��\|S�)N� r��r'��r��)r��r��rU��r��r��r��popr��r��r��r��r+��r��rx��r��rw��r��r��r��r\|��r��r`��r��addBothr��)r-��resr��r��rg��r��r��r��r.��r.��r/��r��H��s �� "zStdioClient._cbGetMultipleNextc��C��s��\|��\|S�r1��)r��)r-��rg��r��r.��r.��r/��r��Z��s��zStdioClient._ebCloseLfc��C��s��\|��\|�j\|\|�S�r1��)r��r\|��_cbGetFileSize)r-��rfr��r.��r.��r/��r��^��s��zStdioClient._cbGetOpenFilec�� C��s��t��\|d��s\|��\|��d\|j�S�\|d�\|_\|�jjjjd�}\|�jjjjd�}d\|_ g�}g�}\|�j ��}t\|�D�]} \|�� d\|\|\|d\|\|�} \|�\| ��q9tj\|d d �}\|�\|�j\|\|��\|S�)Nr��zCan't get non-regular file: %sro��r��r��rk��r$��r��r'��fireOnOneErrback)�stat�S_ISREGr��r��ro��rw��r��rb��r��rl��r ��seconds�range� _cbGetRead�appendr��DeferredListr\|�� _cbGetDone)r-��r��r��r�� bufferSize�numRequests�dList�chunks� startTimerN��r��dlr.��r.��r/��r��a��s"�� zStdioClient._cbGetFileSizec��C��s��d}\|D�],}\|dkr �d�S�\|\|d�kr,\|��\|�}\|�\|\|\|d�f��\|\|d�\|�f��S�\|d�}qt\|�jjjjd��}\|�\|\|\|�f��\|\|fS�)Nr��eofr'��r��)rB��insertr8��rw��r��rb��r��r��)r-��r��end�chunkrN��bufSizer.��r.��r/�� _getNextChunkt��s�� zStdioClient._getNextChunkc�� C��sN��\|r+t�\|tj�r+t�d\|��\|}\|�t��\|�\|\|\|�f�} \|\| =�\|�\| \|df��nG\|rrt�dt \|��\|� \|��\|�\|��t \|�\|krit�dt \|�\|f��\|�\|\|\|�f�} \|\| =�\|�\| \|\|t \|��f��\|�jt \|�7��_\|�j r{\|��\|\|��\|��\|�} \| s�d�S�\| \}}t�d\|\|\|�f��\|�\|\|�}\|�\|�j\|\|\|\|\|\|��\|S�)Nzget read err: %sr��zget read data: %iz#got less than we asked for: %i < %izasking for %i -> %i)r��r��rU��r��r��r��EOFErrorrB��r��lenrm��r��rl��rz��_printProgressBarr�� readChunkr��r��) r-��datar��r��r��startro��r��reasonrN��r��lengthr��r.��r.��r/��r��s6�� zStdioClient._cbGetReadc��C��s>��t��d��\|��\|��\|�jr\|��d��d\|j��d\|j��S�)Nzget doner��Transferred � to )r��r��r��rz��r��r��r-��ignoredr��r��r.��r.��r/��r��s�� zStdioClient._cbGetDonec��C��s��\|��\|�\}}d\|v�sd\|v�r.\|r!\|��\|�\}}tj�\|�j\|�}nd}t�\|�}\|��\|\|�S�\|r8\|��\|�\}}ntj�\|�d�}\|��\|\|�S�)a#�� Do an upload request for a single local file or a globing expression. @param rest: Requested command line for the PUT command. @type rest: L{str} @return: A deferred which fires with L{None} when transfer is done. @rtype: L{defer.Deferred} r��r��r$��r'��) r��r��r��r��rx��glob�_putMultipleFilesr+��_putSingleFile)r-��r��r��r��r��r.��r.��r/��cmd_PUT��s�� zStdioClient.cmd_PUTc��C��s��\|�j�d\|g\|dd�S�)aB�� Perform an upload for a single file. @param local: Path to local file. @type local: L{str}. @param remote: Remote path for the request relative to current working directory. @type remote: L{str} @return: A deferred which fires when transfer is done. NT)�single��_cbPutMultipleNext)r-��r��r��r.��r.��r/��r ��s�� zStdioClient._putSingleFilec��C��s��\|��d\|\|�S�)aV�� Perform an upload for a list of local files. @param files: List of local files. @type files: C{list} of L{str}. @param remote: Remote path for the request relative to current working directory. @type remote: L{str} @return: A deferred which fires when transfer is done. Nr��)r-��r��r��r.��r.��r/��r��s�� zStdioClient._putMultipleFilesFc�� C��s��t�\|tj�r\|��\|��n\|r't�\|t�r\|�d�}\|��\|��\|�d�s'\|��d��d}\|rP\|sPz\|�d�}t \|d�}W�n�t yK��\|��t��d}Y�nw�\|rP\|r-\|sTdS�\|rY\|}ntj� \|�d�}tj�\|\|�}t�\|\|\|f��\|��\|\|�} \| �\|�j\|\|��\| S�)a�� Perform an upload for the next file in the list of local files. @param previousResult: Result form previous file form the list. @type previousResult: L{str} @param files: List of local files. @type files: C{list} of L{str} @param remotePath: Remote path for the request relative to current working directory. @type remotePath: L{str} @param single: A flag which signals if this is a transfer for a single file in which case we use the exact remote path @type single: L{bool} @return: A deferred which fires when transfer is done. r��rv��Nr��rbr'��)r��r��rU��r��r7��r��r��r��r��r��rS��r��r��r+��r��r��r��_putRemoteFiler��r��) r-��previousResultr��r%��r��currentFile�localStreamr��r��r��r.��r.��r/��r��s8�� zStdioClient._cbPutMultipleNextc��C��sR��t�j�\|�j\|�}tjtjB�tjB�}\|�j� \|\|i��}\|� \|�j\|��\|�\|�j \|��\|S�)aW�� Do an upload request. @param localStream: Local stream from where data is read. @type localStream: File like object. @param remotePath: Remote path for the request relative to current working directory. @type remotePath: L{str} @return: A deferred which fires when transfer is done. )r��r��r��rx��r�� FXF_WRITE� FXF_CREAT� FXF_TRUNCrw��r��r\|��_cbPutOpenFiler`��r��)r-��r��r%��r��flagsr��r.��r.��r/��r��s��zStdioClient._putRemoteFilec�� C��s��\|�j�jjjd�}\|�jrt\|�}g�}g�}\|�j��}t\|�D�]}\|�� d�\|\|\|\|�}\|r.\|� \|��qtj\|dd�} \| � \|�j\|\|��\| S�)Nr��r'��r��)rw��r��rb��r��rz��rj��r ��r��r��_cbPutWriter��r��r��r\|�� _cbPutDone) r-��r��r��r��r��r��r��rN��r��r��r.��r.��r/��r��-��s�� zStdioClient._cbPutOpenFilec��C��sv��\|��\|�}\|\}}\|�\|��\|�\|�} \|�jr%\|�jt\| �7��_\|��\|\|��\| r9\|�\|\| �} \| �\|�j \|\|\|\|��\| S�d�S�r1��) r��rm��readrz��rl��r��r�� writeChunkr\|��r��)r-��r ��r��r��r��r��r��r��ro��r��r��r.��r.��r/��r��<��s�� zStdioClient._cbPutWritec��C��s4��\|��\|��\|�jr\|��d��d\|j��d\|j��S�)Nr��r��r��)r��rz��r��r��r ��r.��r.��r/��r��K��s �� zStdioClient._cbPutDonec��C��s��t��\|��d�S�r1��)r��chdirr��r.��r.��r/��cmd_LCDR��zStdioClient.cmd_LCDc��J��\|�\}}��\|�\}}t��fdd�\|\|f�\}}��j�\|\|��t�S�)Nc��t�j��j\|��S�r1��r��r��r��rx��xr~��r.��r/��<lambda>Y��z$StdioClient.cmd_LN.<locals>.<lambda>)r��maprw��makeLinkr\|��rh��)r-��r��linkpath� targetpathr.��r~��r/��cmd_LNU��zStdioClient.cmd_LNc��C��s��g�}\|��}\|rC\|d�rC\|d�d�dkrC\|�d�dd��}\|D�]}\|dkr+\|�d��q\|dkr4\|�d��q\|rC\|d�rC\|d�d�dksd�\|�}\|��\|�\}}\|sW\|�jd �}ntj�\|�j\|�}\|��\|�}\|� \|�j \|��\|S�) Nr��r��r'��r��verbose�a�allr��r(��)r+��r��r��r��r��rx��r��r��r��r\|��_cbDisplayFiles)r-��r��r��opts�or��fullPathr��r.��r.��r/��cmd_LS]��s&�� zStdioClient.cmd_LSc��C��sV��\|��d\|vrdd��\|D��}d\|v�rdd��\|D��}ndd��\|D��}\|s&d�S�d�\|�S�)Nr2��c��S��s��g�\|�]}\|d��d�s\|�qS�)r��.)r��.0rg��r.��r.��r/�� <listcomp>y��s��z/StdioClient._cbDisplayFiles.<locals>.<listcomp>r0��c��S��g�\|�]}\|d��qS�)r'��r.��r9��r.��r.��r/��r;��{��c��S��r<��r��r.��r9��r.��r.��r/��r;��}��r=��rv��)�sortr��)r-��r��r��linesr.��r.��r/��r3��v��s�� zStdioClient._cbDisplayFilesc��C��s2��\|��\|�\}}tj�\|�j\|�}\|�j�\|i��t�S�r1��) r��r��r��r��rx��rw�� makeDirectoryr\|��rh��r-��r��r��r.��r.��r/�� cmd_MKDIR��s��zStdioClient.cmd_MKDIRc��C��0��\|��\|�\}}tj�\|�j\|�}\|�j�\|��t�S�r1��) r��r��r��r��rx��rw��removeDirectoryr\|��rh��rB��r.��r.��r/�� cmd_RMDIR��zStdioClient.cmd_RMDIRc��C��t��d\|��d�S�)Nzmkdir %s�r��systemr��r.��r.��r/�� cmd_LMKDIR��zStdioClient.cmd_LMKDIRc��C��rD��r1��) r��r��r��r��rx��rw�� removeFiler\|��rh��rB��r.��r.��r/��cmd_RM��rG��zStdioClient.cmd_RMc��C��rH��)Nzls %srI��)r-��r��r.��r.��r/��cmd_LLS��rL��zStdioClient.cmd_LLSc��r#��)Nc��r$��r1��r%��r&��r~��r.��r/��r(��r)��z(StdioClient.cmd_RENAME.<locals>.<lambda>)r��r��rw�� renameFiler\|��rh��)r-��r��oldpath�newpathr.��r~��r/�� cmd_RENAME��r/��zStdioClient.cmd_RENAMEc��C��s��\|�j�j��d�S�r1��)rw��r��r��r-��r ��r.��r.��r/��cmd_EXIT��zStdioClient.cmd_EXITc��C��s$��d\|�j�j�}t\|t�r\|�d�}\|S�)NzSFTP version %ir��)rw��versionr��r7��r��)r-��r ��rW��r.��r.��r/��cmd_VERSION��s�� zStdioClient.cmd_VERSIONc��C��s��dS�)Nae��Available commands: cd path Change remote directory to 'path'. chgrp gid path Change gid of 'path' to 'gid'. chmod mode path Change mode of 'path' to 'mode'. chown uid path Change uid of 'path' to 'uid'. exit Disconnect from the server. get remote-path [local-path] Get remote file. help Get a list of available commands. lcd path Change local directory to 'path'. lls [ls-options] [path] Display local directory listing. lmkdir path Create local directory. ln linkpath targetpath Symlink remote file. lpwd Print the local working directory. ls [-l] [path] Display remote directory listing. mkdir path Create remote directory. progress Toggle progress bar. put local-path [remote-path] Put local file. pwd Print the remote working directory. quit Disconnect from the server. rename oldpath newpath Rename remote file. rmdir path Remove remote directory. rm path Remove remote file. version Print the SFTP version. ? Synonym for 'help'. r.��rT��r.��r.��r/��r��ri��zStdioClient.cmd_HELPc��C��s��\|�j�S�r1��r��rT��r.��r.��r/��cmd_PWD��s��zStdioClient.cmd_PWDc��C��s��t��S�r1��)r��getcwdrT��r.��r.��r/��cmd_LPWD��s��zStdioClient.cmd_LPWDc��C��s��\|�j��\|�_�d\|�j�rdpd�S�)Nz%ssing progess bar.�UzNot u)rz��rT��r.��r.��r/��cmd_PROGRESS��s�� zStdioClient.cmd_PROGRESSc��C��sF��\|�j��t��d�}\|sd}\|rd\|g}tj\|\|dd�S�t�\|��dS�)zb Run C{rest} using the user's shell (or /bin/sh if they do not have one). ��z/bin/shz-cr'��)�errortooN)�_pwd�getpwnamr[��r\��r��getProcessOutputr��rJ��)r-��r��shell�cmdsr.��r.��r/��r��s��zStdioClient.cmd_EXECc��C��s��t��d\|��tj�\|�\}}d\|v�sd\|v�rd}nd}\|r7\|s7\|�j�\|�}\|�\|�jd��\|� \|�j \|\|��\|S�\|�j�\|�}\|�\|�j\|��\|S�)Nz looking up %sr��r��r'��r��r$��)r��r��r��r��r+��rw��r��r\|��_cbOpenListr`��_ebNotADirectory)r-��r6��head�tailr��r��r.��r.��r/��r��s��zStdioClient._remoteGlobc��C��s"��g�}\|��}\|�\|�j\|\|\|��\|S�r1��)r��r��_cbReadFile)r-��r��r��r��r��r.��r.��r/��re��s��zStdioClient._cbOpenListc��C��s��\|�j��\|�}\|�\|�j\|��\|S�r1��)rw��r��r\|��re��)r-��r��r��r��r��r.��r.��r/��rf��s��zStdioClient._ebNotADirectoryc��sv��t�\|tj�s.��r��d��\|��fdd�\|D��n\|�\|��\|��}\|�\|�j\|\|��\|S�\|}\|�t ��\|� ��\|S�)Nr��c��s ��g�\|�]}t��\|d��r\|�qS�r>��)�fnmatchr9��r��r.��r/��r;��s�� z+StdioClient._cbReadFile.<locals>.<listcomp>)r��r��rU��r��extendr��r��ri��r��r��r��)r-��r��matchedFilesr��r��r��r��r.��rk��r/��ri��s�� zStdioClient._cbReadFilec��C��s2��g�d�}\|D�] \}}\|\|kr�nqd\|\|��\|�S�)N))l�� PB)l��TB)i��@�GB)i��MB)i��kB)r'��r��z%.1fr.��)r-��ro��_abbrevs�factor�suffixr.��r.��r/��_abbrevSize��s�� zStdioClient._abbrevSizec��C��sj��\|dkr#t�\|d��}\|d\|�8�}t�\|d��}\|d\|�8�}d\|\|\|f�S�t�\|d��}\|d\|�8�}d\|\|f�S�)Ni��<��z%i:%02i:%02iz %02i:%02i)r8��)r-��t�hours�minsr.��r.��r/��_abbrevTime��s��zStdioClient._abbrevTimec�� C��s��\|�j��\|�}\|j}zt�dt�dtjd��}W�n �t y%��ddg}Y�nw�\|dkr-d}n\|\|�}\|r;\|j \|�\|�}nd}\|j}\|j rK\|\|j �d�} nd} d\| \|��\|�\|��\|�\|�� \|�f�} \|d �t\|�t\| ��d ��d �}d\|��\|��\| ��}\|��\|��dS�)a�� Update a console progress bar on this L{StdioClient}'s transport, based on the difference between the start time of the operation and the current time according to the reactor, and appropriate to the size of the console window. @param f: a wrapper around the file which is being written or read @type f: L{FileWrapper} @param startTime: The time at which the operation being tracked began. @type startTime: L{float} �4Hr��12345679N�P��rk��d��z%3i%% %s %sps %s r'��r�� )r ��r��rl��struct�unpack�fcntl�ioctl�tty� TIOCGWINSZr��ro��r��rv��r{��r��r��) r-��rg��r��diffrl��winSize�speed�timeLeft�front� percentage�back�spacesr��r.��r.��r/��r��(��s4�� zStdioClient._printProgressBarc��C��s��\|��}\|sdS�\|d�dv�rpg�}t\|�}zPtdt\|��D�]F}\|\|�}\|\|d�kr=d�\|�d�\|\|d�d��f��W�S�\|dkr[\|\|=�\|\|�dvrStd \|\|��\|�\|\|��q\|�\|\|��qW�n�tyo��td ��w�\|�dd�}t\|�dkr�\|d�dfS�\|d�\|d�fS�)aW�� Parse line received as command line input and return first filename together with the remaining line. @param line: Arguments received from command line input. @type line: L{str} @return: Tupple with filename and rest. Return empty values when no path was not found. @rtype: C{tupple} )r$��r$��r��z'"r'��r$��N�\z'"\zbad quote: \zunterminated quote) r��listr��r��r��r�� IndexErrorr��r+��)r-��r��retrN��cr.��r.��r/��r��R��s2����zStdioClient._getFilenamer1��)NN)F)Dr2��r3��r4��pwdr`��r�� delimiterr ��rq��r��r}��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r ��r��r��r��r��r��r��r!��r.��r7��r3��rC��rF��rK��rN��rO��rS��rU��cmd_QUITrX��r��rY��r[��r]��r��r��re��rf��ri��rv��r{��r��r��r.��r.��r.��r/��ru��s�� 5 ru��zcmd_?c��@��s��e�Zd�Zdd��ZdS�)r]��c��C��s��\|��t��d�S�r1��)�openChannel� SSHSessionr~��r.��r.��r/��serviceStarted\|��rV��zSSHConnection.serviceStartedN)r2��r3��r4��r��r.��r.��r.��r/��r]��{��s��r]��c��@��sP��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��ZdS�)r��s��sessionc��C��sh��t��d\|�j��\|�jjd��d�rd}nd}\|�jj\|�\|t�\|�jjd��dd�}\|� \|�j ��\|�t��d�S�)Nzsession %s openr��r(��execr'��)� wantReply) r��r��idrb��r��r��sendRequestr ��NSr\|��_cbSubsystemr`��ra��)r-��foo�requestr��r.��r.��r/��channelOpen��s��zSSHSession.channelOpenc��C��sd��t��\|�_\|�j�\|��\|�jj\|�_d�}\|�jjd�r&\|�jjd�}\|dkr&t\|�}t� t \|�j\|��\|�_d�S�)Nr��r��)r��FileTransferClientrw��makeConnection�dataReceivedrb��r��r��r�� StandardIOru��)r-��r��rg��fnr.��r.��r/��r��s�� zSSHSession._cbSubsystemc��C��s:��\|t�jkrt�dt\|��tj�\|��tj��d�S�d�S�)Nzgot %s stderr data) r ��EXTENDED_DATA_STDERRr��r��r��r@��rI��r��flush)r-��rx��r��r.��r.��r/��extReceived��s �� zSSHSession.extReceivedc��C��s��t��d��\|�j��d�S�)Nzgot eof)r��r��r��loseWriteConnectionr~��r.��r.��r/��eofReceived��s�� zSSHSession.eofReceivedc��C��s��t��d\|��\|�j�\|��d�S�)Nzremote side closed %s)r��r��rb�� sendCloser~��r.��r.��r/�� closeReceived��s��zSSHSession.closeReceivedc��C��s$��zt��W�d�S��ty��Y�d�S�w�r1��)r ��rR��rS��r~��r.��r.��r/��closed��s ��zSSHSession.closedc��C��\|�j��d�S�r1��)r��pauseProducingr~��r.��r.��r/��stopWriting��r"��zSSHSession.stopWritingc��C��r��r1��)r��resumeProducingr~��r.��r.��r/��startWriting��r"��zSSHSession.startWritingN)r2��r3��r4��r��r��r��r��r��r��r��r��r��r.��r.��r.��r/��r��s��r��__main__)5�__doc__r��rj��r[��r��r��r��r��r��r@��r��typingr��r��r��twisted.conch.clientr��r��r��twisted.conch.sshr��r ��r ��r��twisted.internetr��r ��r��r��twisted.protocolsr��twisted.pythonr��r��r��twisted.python.filepathr��ConchOptionsr��rL��rV��rK��ra��rh��rj��LineReceiverru��setattrr��r]�� SSHChannelr��r2��r.��r.��r.��r/��<module>��sJ��#��o6 ��scripts/__pycache__/ckeygen.cpython-310.pyc��0000644��00000022617�15027667726�0014623 0��ustar�00��o ��b1-�� @��sv��d�Z�ddlZddlZddlZddlZddlmZ�ddlmZ�ddl m Z �ddlmZm Z mZmZ�ejejkrWzddlZejejf�W�n�eefyV��dejd<�ee��Y�nw�e��Zdd ��ZG�d d��dej�Zdd ��Zdd��Zdd��Zed�dd��Zed�dd��Z ed�dd��Z!ed�dd��Z"dd��Z#d d!��Z$d"d#��Z%d$d%��Z&d&e'd'e'fd(d)�Z(dd+��Z)ed,kr�e��dS�dS�)-z2 Implementation module for the `ckeygen` command. ��N)�wraps)�reload)�keys)�failure�filepath�log�usage�termiosc��s��fdd�}\|S�)Nc��s ��t��fdd��}\|t�<�\|S�)Nc��s��\|�i�\|��S�)N��)�args�kwargs��keygeneratorr ��?/usr/lib/python3/dist-packages/twisted/conch/scripts/ckeygen.py�wrapper"��s��z:_keyGenerator.<locals>.assignkeygenerator.<locals>.wrapper)r��supportedKeyTypes)r��r��keyTyper ��r��assignkeygenerator!��s��z)_keyGenerator.<locals>.assignkeygeneratorr ��)r��r��r ��r��r�� _keyGenerator ��s��r��c�� @��s��e�Zd�ZdZdZg�d�g�d�g�d�g�d�g�d�g�d�g�d �g�d �gZg�d�g�d�g�d �g�d�g�d�gZeje� e e��e� ddg�d�d�Z dS�)�GeneralOptionszUsage: ckeygen [options] z8ckeygen manipulates public/private keys in various ways.)�bits�bNz$Number of bits in the key to create.)�filename�fNzFilename of the key file.)�type�tNzSpecify type of key to create.)�comment�CNzProvide new comment.)�newpass�NNzProvide new passphrase.)�pass�PNzProvide old passphrase.)�format�o� sha256-base64zFingerprint format of key file.)�private-key-subtypeNNz5OpenSSH private key subtype to write ("PEM" or "v1").)�fingerprint�lzShow fingerprint of key file.)� changepass�pz&Change passphrase of private key file.)�quiet�qzQuiet.)� no-passphraseNz"Create the key with no passphrase.)�showpub�yz+Read private key file and print public key.�PEM�v1)r��r&��)� optActionsN)�__name__� __module__�__qualname__�synopsis�longdesc� optParameters�optFlagsr��Completions�CompleteList�listr��r��compDatar ��r ��r ��r��r��,��s.�� r��c�� C��s(��t��}�z\|��tjdd��W�n"�tjy1�}�ztd\|��\|��t�d��W�Y�d�}~nd�}~ww�t � ��tt _\|�d�rk\|�d�� tv�rYtd\|�d��t\|�d�� \|��d�S�t�d\|�d�d�t��f��d�S�\|�d�rut\|��d�S�\|�d�rt\|��d�S�\|�d �r�t\|��d�S�\|��t�d��d�S�) N��z ERROR: %sr��z&Generating public/private %s key pair.z"Key type was %s, must be one of %sz, r'��r)��r.��)r��parseOptions�sys�argvr�� UsageError�print�opt_help�exitr��discardLogs�handleError�deferr�lowerr��joinr��printFingerprint�changePassPhrase�displayPublicKey)�options�ur ��r ��r��runR��s8��rP��c��C��sL��\|�d�dkrt�jj\|�d<�\|�S�\|�d�dkrt�jj\|�d<�\|�S�t��d�\|�d��)Nr#��zmd5-hexr%��z"Unsupported fingerprint format: {})r��FingerprintFormats�MD5_HEX� SHA256_BASE64�BadFingerPrintFormatr#��)rN��r ��r ��r��enumrepresentationp��s��rU��c��C��s��da�t�t��)N��)� exitStatusr��errr��Failurer ��r ��r ��r��rG��}��s��rG��rsac��C��sZ��ddl�m}�ddlm}�\|�d�sd\|�d<�\|jt\|�d��d\|��d�}t�\|�}t\|\|��d�S�)Nr��default_backend)rZ��r��i��)�key_size�public_exponent�backend) �cryptography.hazmat.backendsr\��)cryptography.hazmat.primitives.asymmetricrZ��generate_private_key�intr��Key�_saveKey)rN��r\��rZ��keyPrimitive�keyr ��r ��r��generateRSAkey��s�� ri��dsac��C��sX��ddl�m}�ddlm}�\|�d�sd\|�d<�\|jt\|�d��\|��d�}t�\|�}t\|\|��d�S�)Nr��r[��)rj��r��r]��)r^��r`��) ra��r\��rb��rj��rc��rd��r��re��rf��)rN��r\��rj��rg��rh��r ��r ��r��generateDSAkey��s�� rk��ecdsac��C��sl��ddl�m}�ddlm}�\|�d�sd\|�d<�dt\|�d��d��}\|jtj\|�\|��d�}t� \|�}t \|\|��d�S�) Nr��r[��)�ecr��s��ecdsa-sha2-nistp�ascii)�curver`��)ra��r\��rb��rm��str�encoderc��r��_curveTablere��rf��)rN��r\��rm��rp��rg��rh��r ��r ��r��generateECDSAkey��s�� rt��ed25519c��C��s.��ddl�m}�\|j��}t�\|�}t\|\|��d�S�)Nr��)ru��)rb��ru��Ed25519PrivateKey�generater��re��rf��)rN��ru��rg��rh��r ��r ��r��generateEd25519key��s�� rx��c��C��s��\|�dkrdS�dS�)a�� Return a reasonable default private key subtype for a given key type. @type keyType: L{str} @param keyType: A key type, as returned by L{twisted.conch.ssh.keys.Key.type}. @rtype: L{str} @return: A private OpenSSH key subtype (C{'PEM'} or C{'v1'}). �Ed25519r1��r0��r ��r��r ��r ��r��_defaultPrivateKeySubtype��s��rz��c��C��s��\|�d�st�j�d�}td\|��\|�d<�t�j�\|�d�d��r$\|�d��d7��<�t\|��}�z!tj�\|�d��}t d\|� ��\|�\|�d��t�j�\|�d��f��W�d�S��tj yY��t�d��Y�d�S�w�)Nr�� ~/.ssh/id_rsa�%Enter file in which the key is (%s): �.pubz%s %s %sr#��zbad key)�os�path� expanduser�input�existsrU��r��re��fromFilerC��sizer'��basename�BadKeyErrorr@��rE��)rN��r��rh��r ��r ��r��rK��s&�� rK��c�� C��sT��\|�d�st�j�d�}td\|��\|�d<�z tj�\|�d��}W�nh�tjyj��\|��d�s0t � d�\|�d<�ztjj\|�d�\|�d�d�}W�n)�tj yM��t�d��Y�n�tjyg�}�zt�d\|��W�Y�d�}~nd�}~ww�Y�n�tj y��}�zt�d\|��W�Y�d�}~nd�}~ww�\|��d �s� �t � d�}t � d�}\|\|kr�nt d ��q�\|\|�d <�\|��d�d�u�r�t\|��\|�d<�z\|jd\|�d�\|�d �d�}W�n�ty��}�zt�d\|��W�Y�d�}~nd�}~ww�ztjj\|\|�d �d��W�n�tjtj f�y�}�zt�d\|��W�Y�d�}~nd�}~ww�t\|�d�d�� }\|�\|��W�d��n 1��sw��Y��t d��d�S�)Nr��r{��r\|��r!��zEnter old passphrase: �� passphrasez1Could not change passphrase: old passphrase errorzCould not change passphrase: r��r>��z0Enter new passphrase (empty for no passphrase): �Enter same passphrase again: �%Passphrases do not match. Try again.r&��openssh��subtyper��wbz;Your identification has been saved with the new passphrase.)r~��r��r��r��r��re��r��EncryptedKeyError�get�getpassr��r@��rE��rC��rz��r��toString� Exception� fromString�open�write)rN��r��rh��e�p1�p2� newkeydata�fdr ��r ��r��rL��sh�� rL��c��C��s��\|�d�st�j�d�}td\|��\|�d<�z tj�\|�d��}W�n"�tjy>��\|��d�s0t � d�\|�d<�tjj\|�d�\|�d�d�}Y�nw�\|� ��d��d�}t \|��d�S�) Nr��r{��r\|��r!��zEnter passphrase: r��r��ro��)r~��r��r��r��r��re��r��r��r��r��publicr��decoderC��)rN��r��rh�� displayKeyr ��r ��r��rM��s�� rM��prompt�returnc��C��s��t�\|��S�)zv Ask the user where to save the key. This needs to be a separate function so the unit test can patch it. )r��)r��r ��r ��r��_inputSaveFile%��s��r��c�� C��s��ddddd�}\|\|��}\|d�stj�d\|��}td\|��d ��}\|��p'\|\|d<�tj�\|d��rKtd �\|d��t d�}\|d�� d krKt��\|� d�rUd\|d<�n\|d�sr �t�d�}t�d�}\|\|krintd��qZ\|\|d<�\|� d�du�r�t\|��\|d<�t��dt��} t�\|d��\|�jd\|d�\|d�d��t�\|d�d��t�\|d�d��\|��jd\| d��t\|�}td�\|d��td�\|d��td�\|d ��t\|��\|d ��dS�)!z� Persist a SSH key on local filesystem. @param key: Key which is persisted on local filesystem. @type key: C{keys.Key} implementation. @param options: @type options: L{dict} rl��ru��rZ��rj��)�ECry��RSA�DSAr��z ~/.ssh/id_z%Enter file in which to save the key (z): z{} already exists.zOverwrite (y/n)? r��r/��r-��r!��r>��z,Enter passphrase (empty for no passphrase): r��r��r&��N�@r��r��i��r}��)r��z(Your identification has been saved in {}z(Your public key has been saved in {}.pubzThe key fingerprint in {} is:r#��)r��r~��r��r��r��stripr��rC��r#��r��rI��r@��rE��r��r��rz��getuser�socket�gethostnamer��FilePath� setContentr��chmodr��rU��r'��) rh��rN��KeyTypeMapping�keyTypeName�defaultPath�newPath�ynr��r��r��r ��r ��r��rf��.��sV�� rf��__main__)+�__doc__r��r~��r��r@�� functoolsr��impr��twisted.conch.sshr��twisted.pythonr��r��r��r��unix_getpassr �� tcgetattr� tcsetattr�ImportError�AttributeError�modules�dictr��r��Optionsr��rP��rU��rG��ri��rk��rt��rx��rz��rK��rL��rM��rq��r��rf��r3��r ��r ��r ��r��<module>��sP�� & 3 > ��scripts/ckeygen.py��0000644��00000026461�15027667726�0010265 0��ustar�00��# -- test-case-name: twisted.conch.test.test_ckeygen -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Implementation module for the `ckeygen` command. """ import getpass import os import socket import sys from functools import wraps from imp import reload from twisted.conch.ssh import keys from twisted.python import failure, filepath, log, usage if getpass.getpass == getpass.unix_getpass: # type: ignore[attr-defined] try: import termios # hack around broken termios termios.tcgetattr, termios.tcsetattr except (ImportError, AttributeError): sys.modules["termios"] = None # type: ignore[assignment] reload(getpass) supportedKeyTypes = dict() def _keyGenerator(keyType): def assignkeygenerator(keygenerator): @wraps(keygenerator) def wrapper(args, kwargs): return keygenerator(args, *kwargs) supportedKeyTypes[keyType] = wrapper return wrapper return assignkeygenerator class GeneralOptions(usage.Options): synopsis = """Usage: ckeygen [options] """ longdesc = "ckeygen manipulates public/private keys in various ways." optParameters = [ ["bits", "b", None, "Number of bits in the key to create."], ["filename", "f", None, "Filename of the key file."], ["type", "t", None, "Specify type of key to create."], ["comment", "C", None, "Provide new comment."], ["newpass", "N", None, "Provide new passphrase."], ["pass", "P", None, "Provide old passphrase."], ["format", "o", "sha256-base64", "Fingerprint format of key file."], [ "private-key-subtype", None, None, 'OpenSSH private key subtype to write ("PEM" or "v1").', ], ] optFlags = [ ["fingerprint", "l", "Show fingerprint of key file."], ["changepass", "p", "Change passphrase of private key file."], ["quiet", "q", "Quiet."], ["no-passphrase", None, "Create the key with no passphrase."], ["showpub", "y", "Read private key file and print public key."], ] compData = usage.Completions( optActions={ "type": usage.CompleteList(list(supportedKeyTypes.keys())), "private-key-subtype": usage.CompleteList(["PEM", "v1"]), } ) def run(): options = GeneralOptions() try: options.parseOptions(sys.argv[1:]) except usage.UsageError as u: print("ERROR: %s" % u) options.opt_help() sys.exit(1) log.discardLogs() log.deferr = handleError # HACK if options["type"]: if options["type"].lower() in supportedKeyTypes: print("Generating public/private %s key pair." % (options["type"])) supportedKeyTypes[options["type"].lower()](options) else: sys.exit( "Key type was %s, must be one of %s" % (options["type"], ", ".join(supportedKeyTypes.keys())) ) elif options["fingerprint"]: printFingerprint(options) elif options["changepass"]: changePassPhrase(options) elif options["showpub"]: displayPublicKey(options) else: options.opt_help() sys.exit(1) def enumrepresentation(options): if options["format"] == "md5-hex": options["format"] = keys.FingerprintFormats.MD5_HEX return options elif options["format"] == "sha256-base64": options["format"] = keys.FingerprintFormats.SHA256_BASE64 return options else: raise keys.BadFingerPrintFormat( "Unsupported fingerprint format: {}".format(options["format"]) ) def handleError(): global exitStatus exitStatus = 2 log.err(failure.Failure()) raise @_keyGenerator("rsa") def generateRSAkey(options): from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.asymmetric import rsa if not options["bits"]: options["bits"] = 1024 keyPrimitive = rsa.generate_private_key( key_size=int(options["bits"]), public_exponent=65537, backend=default_backend(), ) key = keys.Key(keyPrimitive) _saveKey(key, options) @_keyGenerator("dsa") def generateDSAkey(options): from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.asymmetric import dsa if not options["bits"]: options["bits"] = 1024 keyPrimitive = dsa.generate_private_key( key_size=int(options["bits"]), backend=default_backend(), ) key = keys.Key(keyPrimitive) _saveKey(key, options) @_keyGenerator("ecdsa") def generateECDSAkey(options): from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.asymmetric import ec if not options["bits"]: options["bits"] = 256 # OpenSSH supports only mandatory sections of RFC5656. # See https://www.openssh.com/txt/release-5.7 curve = b"ecdsa-sha2-nistp" + str(options["bits"]).encode("ascii") keyPrimitive = ec.generate_private_key( curve=keys._curveTable[curve], backend=default_backend() ) key = keys.Key(keyPrimitive) _saveKey(key, options) @_keyGenerator("ed25519") def generateEd25519key(options): from cryptography.hazmat.primitives.asymmetric import ed25519 keyPrimitive = ed25519.Ed25519PrivateKey.generate() key = keys.Key(keyPrimitive) _saveKey(key, options) def _defaultPrivateKeySubtype(keyType): """ Return a reasonable default private key subtype for a given key type. @type keyType: L{str} @param keyType: A key type, as returned by L{twisted.conch.ssh.keys.Key.type}. @rtype: L{str} @return: A private OpenSSH key subtype (C{'PEM'} or C{'v1'}). """ if keyType == "Ed25519": # No PEM format is defined for Ed25519 keys. return "v1" else: return "PEM" def printFingerprint(options): if not options["filename"]: filename = os.path.expanduser("~/.ssh/id_rsa") options["filename"] = input("Enter file in which the key is (%s): " % filename) if os.path.exists(options["filename"] + ".pub"): options["filename"] += ".pub" options = enumrepresentation(options) try: key = keys.Key.fromFile(options["filename"]) print( "%s %s %s" % ( key.size(), key.fingerprint(options["format"]), os.path.basename(options["filename"]), ) ) except keys.BadKeyError: sys.exit("bad key") def changePassPhrase(options): if not options["filename"]: filename = os.path.expanduser("~/.ssh/id_rsa") options["filename"] = input("Enter file in which the key is (%s): " % filename) try: key = keys.Key.fromFile(options["filename"]) except keys.EncryptedKeyError: # Raised if password not supplied for an encrypted key if not options.get("pass"): options["pass"] = getpass.getpass("Enter old passphrase: ") try: key = keys.Key.fromFile(options["filename"], passphrase=options["pass"]) except keys.BadKeyError: sys.exit("Could not change passphrase: old passphrase error") except keys.EncryptedKeyError as e: sys.exit(f"Could not change passphrase: {e}") except keys.BadKeyError as e: sys.exit(f"Could not change passphrase: {e}") if not options.get("newpass"): while 1: p1 = getpass.getpass("Enter new passphrase (empty for no passphrase): ") p2 = getpass.getpass("Enter same passphrase again: ") if p1 == p2: break print("Passphrases do not match. Try again.") options["newpass"] = p1 if options.get("private-key-subtype") is None: options["private-key-subtype"] = _defaultPrivateKeySubtype(key.type()) try: newkeydata = key.toString( "openssh", subtype=options["private-key-subtype"], passphrase=options["newpass"], ) except Exception as e: sys.exit(f"Could not change passphrase: {e}") try: keys.Key.fromString(newkeydata, passphrase=options["newpass"]) except (keys.EncryptedKeyError, keys.BadKeyError) as e: sys.exit(f"Could not change passphrase: {e}") with open(options["filename"], "wb") as fd: fd.write(newkeydata) print("Your identification has been saved with the new passphrase.") def displayPublicKey(options): if not options["filename"]: filename = os.path.expanduser("~/.ssh/id_rsa") options["filename"] = input("Enter file in which the key is (%s): " % filename) try: key = keys.Key.fromFile(options["filename"]) except keys.EncryptedKeyError: if not options.get("pass"): options["pass"] = getpass.getpass("Enter passphrase: ") key = keys.Key.fromFile(options["filename"], passphrase=options["pass"]) displayKey = key.public().toString("openssh").decode("ascii") print(displayKey) def _inputSaveFile(prompt: str) -> str: """ Ask the user where to save the key. This needs to be a separate function so the unit test can patch it. """ return input(prompt) def _saveKey(key, options): """ Persist a SSH key on local filesystem. @param key: Key which is persisted on local filesystem. @type key: C{keys.Key} implementation. @param options: @type options: L{dict} """ KeyTypeMapping = {"EC": "ecdsa", "Ed25519": "ed25519", "RSA": "rsa", "DSA": "dsa"} keyTypeName = KeyTypeMapping[key.type()] if not options["filename"]: defaultPath = os.path.expanduser(f"~/.ssh/id_{keyTypeName}") newPath = _inputSaveFile( f"Enter file in which to save the key ({defaultPath}): " ) options["filename"] = newPath.strip() or defaultPath if os.path.exists(options["filename"]): print("{} already exists.".format(options["filename"])) yn = input("Overwrite (y/n)? ") if yn[0].lower() != "y": sys.exit() if options.get("no-passphrase"): options["pass"] = b"" elif not options["pass"]: while 1: p1 = getpass.getpass("Enter passphrase (empty for no passphrase): ") p2 = getpass.getpass("Enter same passphrase again: ") if p1 == p2: break print("Passphrases do not match. Try again.") options["pass"] = p1 if options.get("private-key-subtype") is None: options["private-key-subtype"] = _defaultPrivateKeySubtype(key.type()) comment = f"{getpass.getuser()}@{socket.gethostname()}" filepath.FilePath(options["filename"]).setContent( key.toString( "openssh", subtype=options["private-key-subtype"], passphrase=options["pass"], ) ) os.chmod(options["filename"], 33152) filepath.FilePath(options["filename"] + ".pub").setContent( key.public().toString("openssh", comment=comment) ) options = enumrepresentation(options) print("Your identification has been saved in {}".format(options["filename"])) print("Your public key has been saved in {}.pub".format(options["filename"])) print("The key fingerprint in {} is:".format(options["format"])) print(key.fingerprint(options["format"])) if __name__ == "__main__": run() ��scripts/conch.py��0000644��00000043430�15027667726�0007725 0��ustar�00��# -- test-case-name: twisted.conch.test.test_conch -- # # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. # # $Id: conch.py,v 1.65 2004/03/11 00:29:14 z3p Exp $ # Implementation module for the `conch` command. # import fcntl import getpass import os import signal import struct import sys import tty from typing import List, Tuple from twisted.conch.client import connect, default from twisted.conch.client.options import ConchOptions from twisted.conch.error import ConchError from twisted.conch.ssh import channel, common, connection, forwarding, session from twisted.internet import reactor, stdio, task from twisted.python import log, usage from twisted.python.compat import ioType, networkString class ClientOptions(ConchOptions): synopsis = """Usage: conch [options] host [command] """ longdesc = ( "conch is a SSHv2 client that allows logging into a remote " "machine and executing commands." ) optParameters = [ ["escape", "e", "~"], [ "localforward", "L", None, "listen-port:host:port Forward local port to remote address", ], [ "remoteforward", "R", None, "listen-port:host:port Forward remote port to local address", ], ] optFlags = [ ["null", "n", "Redirect input from /dev/null."], ["fork", "f", "Fork to background after authentication."], ["tty", "t", "Tty; allocate a tty even if command is given."], ["notty", "T", "Do not allocate a tty."], ["noshell", "N", "Do not execute a shell or command."], ["subsystem", "s", "Invoke command (mandatory) as SSH2 subsystem."], ] compData = usage.Completions( mutuallyExclusive=[("tty", "notty")], optActions={ "localforward": usage.Completer(descr="listen-port:host:port"), "remoteforward": usage.Completer(descr="listen-port:host:port"), }, extraActions=[ usage.CompleteUserAtHost(), usage.Completer(descr="command"), usage.Completer(descr="argument", repeat=True), ], ) localForwards: List[Tuple[int, Tuple[int, int]]] = [] remoteForwards: List[Tuple[int, Tuple[int, int]]] = [] def opt_escape(self, esc): """ Set escape character; ``none'' = disable """ if esc == "none": self["escape"] = None elif esc[0] == "^" and len(esc) == 2: self["escape"] = chr(ord(esc[1]) - 64) elif len(esc) == 1: self["escape"] = esc else: sys.exit(f"Bad escape character '{esc}'.") def opt_localforward(self, f): """ Forward local port to remote address (lport:host:port) """ localPort, remoteHost, remotePort = f.split(":") # Doesn't do v6 yet localPort = int(localPort) remotePort = int(remotePort) self.localForwards.append((localPort, (remoteHost, remotePort))) def opt_remoteforward(self, f): """ Forward remote port to local address (rport:host:port) """ remotePort, connHost, connPort = f.split(":") # Doesn't do v6 yet remotePort = int(remotePort) connPort = int(connPort) self.remoteForwards.append((remotePort, (connHost, connPort))) def parseArgs(self, host, command): self["host"] = host self["command"] = " ".join(command) # Rest of code in "run" options = None conn = None exitStatus = 0 old = None _inRawMode = 0 _savedRawMode = None def run(): global options, old args = sys.argv[1:] if "-l" in args: # CVS is an idiot i = args.index("-l") args = args[i : i + 2] + args del args[i + 2 : i + 4] for arg in args[:]: try: i = args.index(arg) if arg[:2] == "-o" and args[i + 1][0] != "-": args[i : i + 2] = [] # Suck on it scp except ValueError: pass options = ClientOptions() try: options.parseOptions(args) except usage.UsageError as u: print(f"ERROR: {u}") options.opt_help() sys.exit(1) if options["log"]: if options["logfile"]: if options["logfile"] == "-": f = sys.stdout else: f = open(options["logfile"], "a+") else: f = sys.stderr realout = sys.stdout log.startLogging(f) sys.stdout = realout else: log.discardLogs() doConnect() fd = sys.stdin.fileno() try: old = tty.tcgetattr(fd) except BaseException: old = None try: oldUSR1 = signal.signal( signal.SIGUSR1, lambda a: reactor.callLater(0, reConnect) ) except BaseException: oldUSR1 = None try: reactor.run() finally: if old: tty.tcsetattr(fd, tty.TCSANOW, old) if oldUSR1: signal.signal(signal.SIGUSR1, oldUSR1) if (options["command"] and options["tty"]) or not options["notty"]: signal.signal(signal.SIGWINCH, signal.SIG_DFL) if sys.stdout.isatty() and not options["command"]: print("Connection to {} closed.".format(options["host"])) sys.exit(exitStatus) def handleError(): from twisted.python import failure global exitStatus exitStatus = 2 reactor.callLater(0.01, _stopReactor) log.err(failure.Failure()) raise def _stopReactor(): try: reactor.stop() except BaseException: pass def doConnect(): if "@" in options["host"]: options["user"], options["host"] = options["host"].split("@", 1) if not options.identitys: options.identitys = ["~/.ssh/id_rsa", "~/.ssh/id_dsa"] host = options["host"] if not options["user"]: options["user"] = getpass.getuser() if not options["port"]: options["port"] = 22 else: options["port"] = int(options["port"]) host = options["host"] port = options["port"] vhk = default.verifyHostKey if not options["host-key-algorithms"]: options["host-key-algorithms"] = default.getHostKeyAlgorithms(host, options) uao = default.SSHUserAuthClient(options["user"], options, SSHConnection()) connect.connect(host, port, options, vhk, uao).addErrback(_ebExit) def _ebExit(f): global exitStatus exitStatus = f"conch: exiting with error {f}" reactor.callLater(0.1, _stopReactor) def onConnect(): # if keyAgent and options['agent']: # cc = protocol.ClientCreator(reactor, SSHAgentForwardingLocal, conn) # cc.connectUNIX(os.environ['SSH_AUTH_SOCK']) if hasattr(conn.transport, "sendIgnore"): _KeepAlive(conn) if options.localForwards: for localPort, hostport in options.localForwards: s = reactor.listenTCP( localPort, forwarding.SSHListenForwardingFactory( conn, hostport, SSHListenClientForwardingChannel ), ) conn.localForwards.append(s) if options.remoteForwards: for remotePort, hostport in options.remoteForwards: log.msg(f"asking for remote forwarding for {remotePort}:{hostport}") conn.requestRemoteForwarding(remotePort, hostport) reactor.addSystemEventTrigger("before", "shutdown", beforeShutdown) if not options["noshell"] or options["agent"]: conn.openChannel(SSHSession()) if options["fork"]: if os.fork(): os._exit(0) os.setsid() for i in range(3): try: os.close(i) except OSError as e: import errno if e.errno != errno.EBADF: raise def reConnect(): beforeShutdown() conn.transport.transport.loseConnection() def beforeShutdown(): remoteForwards = options.remoteForwards for remotePort, hostport in remoteForwards: log.msg(f"cancelling {remotePort}:{hostport}") conn.cancelRemoteForwarding(remotePort) def stopConnection(): if not options["reconnect"]: reactor.callLater(0.1, _stopReactor) class _KeepAlive: def __init__(self, conn): self.conn = conn self.globalTimeout = None self.lc = task.LoopingCall(self.sendGlobal) self.lc.start(300) def sendGlobal(self): d = self.conn.sendGlobalRequest( b"conch-keep-alive@twistedmatrix.com", b"", wantReply=1 ) d.addBoth(self._cbGlobal) self.globalTimeout = reactor.callLater(30, self._ebGlobal) def _cbGlobal(self, res): if self.globalTimeout: self.globalTimeout.cancel() self.globalTimeout = None def _ebGlobal(self): if self.globalTimeout: self.globalTimeout = None self.conn.transport.loseConnection() class SSHConnection(connection.SSHConnection): def serviceStarted(self): global conn conn = self self.localForwards = [] self.remoteForwards = {} onConnect() def serviceStopped(self): lf = self.localForwards self.localForwards = [] for s in lf: s.loseConnection() stopConnection() def requestRemoteForwarding(self, remotePort, hostport): data = forwarding.packGlobal_tcpip_forward(("0.0.0.0", remotePort)) d = self.sendGlobalRequest(b"tcpip-forward", data, wantReply=1) log.msg(f"requesting remote forwarding {remotePort}:{hostport}") d.addCallback(self._cbRemoteForwarding, remotePort, hostport) d.addErrback(self._ebRemoteForwarding, remotePort, hostport) def _cbRemoteForwarding(self, result, remotePort, hostport): log.msg(f"accepted remote forwarding {remotePort}:{hostport}") self.remoteForwards[remotePort] = hostport log.msg(repr(self.remoteForwards)) def _ebRemoteForwarding(self, f, remotePort, hostport): log.msg(f"remote forwarding {remotePort}:{hostport} failed") log.msg(f) def cancelRemoteForwarding(self, remotePort): data = forwarding.packGlobal_tcpip_forward(("0.0.0.0", remotePort)) self.sendGlobalRequest(b"cancel-tcpip-forward", data) log.msg(f"cancelling remote forwarding {remotePort}") try: del self.remoteForwards[remotePort] except Exception: pass log.msg(repr(self.remoteForwards)) def channel_forwarded_tcpip(self, windowSize, maxPacket, data): log.msg(f"FTCP {data!r}") remoteHP, origHP = forwarding.unpackOpen_forwarded_tcpip(data) log.msg(self.remoteForwards) log.msg(remoteHP) if remoteHP[1] in self.remoteForwards: connectHP = self.remoteForwards[remoteHP[1]] log.msg(f"connect forwarding {connectHP}") return SSHConnectForwardingChannel( connectHP, remoteWindow=windowSize, remoteMaxPacket=maxPacket, conn=self ) else: raise ConchError( connection.OPEN_CONNECT_FAILED, "don't know about that port" ) def channelClosed(self, channel): log.msg(f"connection closing {channel}") log.msg(self.channels) if len(self.channels) == 1: # Just us left log.msg("stopping connection") stopConnection() else: # Because of the unix thing self.__class__.__bases__[0].channelClosed(self, channel) class SSHSession(channel.SSHChannel): name = b"session" def channelOpen(self, foo): log.msg(f"session {self.id} open") if options["agent"]: d = self.conn.sendRequest( self, b"auth-agent-req@openssh.com", b"", wantReply=1 ) d.addBoth(lambda x: log.msg(x)) if options["noshell"]: return if (options["command"] and options["tty"]) or not options["notty"]: _enterRawMode() c = session.SSHSessionClient() if options["escape"] and not options["notty"]: self.escapeMode = 1 c.dataReceived = self.handleInput else: c.dataReceived = self.write c.connectionLost = lambda x: self.sendEOF() self.stdio = stdio.StandardIO(c) fd = 0 if options["subsystem"]: self.conn.sendRequest(self, b"subsystem", common.NS(options["command"])) elif options["command"]: if options["tty"]: term = os.environ["TERM"] winsz = fcntl.ioctl(fd, tty.TIOCGWINSZ, "12345678") winSize = struct.unpack("4H", winsz) ptyReqData = session.packRequest_pty_req(term, winSize, "") self.conn.sendRequest(self, b"pty-req", ptyReqData) signal.signal(signal.SIGWINCH, self._windowResized) self.conn.sendRequest(self, b"exec", common.NS(options["command"])) else: if not options["notty"]: term = os.environ["TERM"] winsz = fcntl.ioctl(fd, tty.TIOCGWINSZ, "12345678") winSize = struct.unpack("4H", winsz) ptyReqData = session.packRequest_pty_req(term, winSize, "") self.conn.sendRequest(self, b"pty-req", ptyReqData) signal.signal(signal.SIGWINCH, self._windowResized) self.conn.sendRequest(self, b"shell", b"") # if hasattr(conn.transport, 'transport'): # conn.transport.transport.setTcpNoDelay(1) def handleInput(self, char): if char in (b"\n", b"\r"): self.escapeMode = 1 self.write(char) elif self.escapeMode == 1 and char == options["escape"]: self.escapeMode = 2 elif self.escapeMode == 2: self.escapeMode = 1 # So we can chain escapes together if char == b".": # Disconnect log.msg("disconnecting from escape") stopConnection() return elif char == b"\x1a": # ^Z, suspend def _(): _leaveRawMode() sys.stdout.flush() sys.stdin.flush() os.kill(os.getpid(), signal.SIGTSTP) _enterRawMode() reactor.callLater(0, _) return elif char == b"R": # Rekey connection log.msg("rekeying connection") self.conn.transport.sendKexInit() return elif char == b"#": # Display connections self.stdio.write(b"\r\nThe following connections are open:\r\n") channels = self.conn.channels.keys() channels.sort() for channelId in channels: self.stdio.write( networkString( " #{} {}\r\n".format( channelId, self.conn.channels[channelId] ) ) ) return self.write(b"~" + char) else: self.escapeMode = 0 self.write(char) def dataReceived(self, data): self.stdio.write(data) def extReceived(self, t, data): if t == connection.EXTENDED_DATA_STDERR: log.msg(f"got {len(data)} stderr data") if ioType(sys.stderr) == str: sys.stderr.buffer.write(data) else: sys.stderr.write(data) def eofReceived(self): log.msg("got eof") self.stdio.loseWriteConnection() def closeReceived(self): log.msg(f"remote side closed {self}") self.conn.sendClose(self) def closed(self): global old log.msg(f"closed {self}") log.msg(repr(self.conn.channels)) def request_exit_status(self, data): global exitStatus exitStatus = int(struct.unpack(">L", data)[0]) log.msg(f"exit status: {exitStatus}") def sendEOF(self): self.conn.sendEOF(self) def stopWriting(self): self.stdio.pauseProducing() def startWriting(self): self.stdio.resumeProducing() def _windowResized(self, args): winsz = fcntl.ioctl(0, tty.TIOCGWINSZ, "12345678") winSize = struct.unpack("4H", winsz) newSize = winSize[1], winSize[0], winSize[2], winSize[3] self.conn.sendRequest(self, b"window-change", struct.pack("!4L", newSize)) class SSHListenClientForwardingChannel(forwarding.SSHListenClientForwardingChannel): pass class SSHConnectForwardingChannel(forwarding.SSHConnectForwardingChannel): pass def _leaveRawMode(): global _inRawMode if not _inRawMode: return fd = sys.stdin.fileno() tty.tcsetattr(fd, tty.TCSANOW, _savedRawMode) _inRawMode = 0 def _enterRawMode(): global _inRawMode, _savedRawMode if _inRawMode: return fd = sys.stdin.fileno() try: old = tty.tcgetattr(fd) new = old[:] except BaseException: log.msg("not a typewriter!") else: # iflage new[0] = new[0] \| tty.IGNPAR new[0] = new[0] & ~( tty.ISTRIP \| tty.INLCR \| tty.IGNCR \| tty.ICRNL \| tty.IXON \| tty.IXANY \| tty.IXOFF ) if hasattr(tty, "IUCLC"): new[0] = new[0] & ~tty.IUCLC # lflag new[3] = new[3] & ~( tty.ISIG \| tty.ICANON \| tty.ECHO \| tty.ECHO \| tty.ECHOE \| tty.ECHOK \| tty.ECHONL ) if hasattr(tty, "IEXTEN"): new[3] = new[3] & ~tty.IEXTEN # oflag new[1] = new[1] & ~tty.OPOST new[6][tty.VMIN] = 1 new[6][tty.VTIME] = 0 _savedRawMode = old tty.tcsetattr(fd, tty.TCSANOW, new) # tty.setraw(fd) _inRawMode = 1 if __name__ == "__main__": run() ��scripts/cftp.py��0000644��00000075225�15027667726�0007576 0��ustar�00��# -- test-case-name: twisted.conch.test.test_cftp -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Implementation module for the I{cftp} command. """ import fcntl import fnmatch import getpass import glob import os import pwd import stat import struct import sys import tty from typing import List, Optional, Union from twisted.conch.client import connect, default, options from twisted.conch.ssh import channel, common, connection, filetransfer from twisted.internet import defer, reactor, stdio, utils from twisted.protocols import basic from twisted.python import failure, log, usage from twisted.python.filepath import FilePath class ClientOptions(options.ConchOptions): synopsis = """Usage: cftp [options] [user@]host cftp [options] [user@]host[:dir[/]] cftp [options] [user@]host[:file [localfile]] """ longdesc = ( "cftp is a client for logging into a remote machine and " "executing commands to send and receive file information" ) optParameters: List[List[Optional[Union[str, int]]]] = [ ["buffersize", "B", 32768, "Size of the buffer to use for sending/receiving."], ["batchfile", "b", None, "File to read commands from, or '-' for stdin."], ["requests", "R", 5, "Number of requests to make before waiting for a reply."], ["subsystem", "s", "sftp", "Subsystem/server program to connect to."], ] compData = usage.Completions( descriptions={"buffersize": "Size of send/receive buffer (default: 32768)"}, extraActions=[ usage.CompleteUserAtHost(), usage.CompleteFiles(descr="local file"), ], ) def parseArgs(self, host, localPath=None): self["remotePath"] = "" if ":" in host: host, self["remotePath"] = host.split(":", 1) self["remotePath"].rstrip("/") self["host"] = host self["localPath"] = localPath def run(): args = sys.argv[1:] if "-l" in args: # cvs is an idiot i = args.index("-l") args = args[i : i + 2] + args del args[i + 2 : i + 4] options = ClientOptions() try: options.parseOptions(args) except usage.UsageError as u: print("ERROR: %s" % u) sys.exit(1) if options["log"]: realout = sys.stdout log.startLogging(sys.stderr) sys.stdout = realout else: log.discardLogs() doConnect(options) reactor.run() def handleError(): global exitStatus exitStatus = 2 try: reactor.stop() except BaseException: pass log.err(failure.Failure()) raise def doConnect(options): if "@" in options["host"]: options["user"], options["host"] = options["host"].split("@", 1) host = options["host"] if not options["user"]: options["user"] = getpass.getuser() if not options["port"]: options["port"] = 22 else: options["port"] = int(options["port"]) host = options["host"] port = options["port"] conn = SSHConnection() conn.options = options vhk = default.verifyHostKey uao = default.SSHUserAuthClient(options["user"], options, conn) connect.connect(host, port, options, vhk, uao).addErrback(_ebExit) def _ebExit(f): if hasattr(f.value, "value"): s = f.value.value else: s = str(f) print(s) try: reactor.stop() except BaseException: pass def _ignore(args): pass class FileWrapper: def __init__(self, f): self.f = f self.total = 0.0 f.seek(0, 2) # seek to the end self.size = f.tell() def __getattr__(self, attr): return getattr(self.f, attr) class StdioClient(basic.LineReceiver): _pwd = pwd ps = "cftp> " delimiter = b"\n" reactor = reactor def __init__(self, client, f=None): self.client = client self.currentDirectory = "" self.file = f self.useProgressBar = (not f and 1) or 0 def connectionMade(self): self.client.realPath("").addCallback(self._cbSetCurDir) def _cbSetCurDir(self, path): self.currentDirectory = path self._newLine() def _writeToTransport(self, msg): if isinstance(msg, str): msg = msg.encode("utf-8") return self.transport.write(msg) def lineReceived(self, line): if self.client.transport.localClosed: return if isinstance(line, bytes): line = line.decode("utf-8") log.msg("got line %s" % line) line = line.lstrip() if not line: self._newLine() return if self.file and line.startswith("-"): self.ignoreErrors = 1 line = line[1:] else: self.ignoreErrors = 0 d = self._dispatchCommand(line) if d is not None: d.addCallback(self._cbCommand) d.addErrback(self._ebCommand) def _dispatchCommand(self, line): if " " in line: command, rest = line.split(" ", 1) rest = rest.lstrip() else: command, rest = line, "" if command.startswith("!"): # command f = self.cmd_EXEC rest = (command[1:] + " " + rest).strip() else: command = command.upper() log.msg("looking up cmd %s" % command) f = getattr(self, "cmd_%s" % command, None) if f is not None: return defer.maybeDeferred(f, rest) else: errMsg = "No command called `%s'" % (command) self._ebCommand(failure.Failure(NotImplementedError(errMsg))) self._newLine() def _printFailure(self, f): log.msg(f) e = f.trap(NotImplementedError, filetransfer.SFTPError, OSError, IOError) if e == NotImplementedError: self._writeToTransport(self.cmd_HELP("")) elif e == filetransfer.SFTPError: errMsg = "remote error %i: %s\n" % (f.value.code, f.value.message) self._writeToTransport(errMsg) elif e in (OSError, IOError): errMsg = "local error %i: %s\n" % (f.value.errno, f.value.strerror) self._writeToTransport(errMsg) def _newLine(self): if self.client.transport.localClosed: return self._writeToTransport(self.ps) self.ignoreErrors = 0 if self.file: l = self.file.readline() if not l: self.client.transport.loseConnection() else: self._writeToTransport(l) self.lineReceived(l.strip()) def _cbCommand(self, result): if result is not None: if isinstance(result, str): result = result.encode("utf-8") self._writeToTransport(result) if not result.endswith(b"\n"): self._writeToTransport(b"\n") self._newLine() def _ebCommand(self, f): self._printFailure(f) if self.file and not self.ignoreErrors: self.client.transport.loseConnection() self._newLine() def cmd_CD(self, path): path, rest = self._getFilename(path) if not path.endswith("/"): path += "/" newPath = path and os.path.join(self.currentDirectory, path) or "" d = self.client.openDirectory(newPath) d.addCallback(self._cbCd) d.addErrback(self._ebCommand) return d def _cbCd(self, directory): directory.close() d = self.client.realPath(directory.name) d.addCallback(self._cbCurDir) return d def _cbCurDir(self, path): self.currentDirectory = path def cmd_CHGRP(self, rest): grp, rest = rest.split(None, 1) path, rest = self._getFilename(rest) grp = int(grp) d = self.client.getAttrs(path) d.addCallback(self._cbSetUsrGrp, path, grp=grp) return d def cmd_CHMOD(self, rest): mod, rest = rest.split(None, 1) path, rest = self._getFilename(rest) mod = int(mod, 8) d = self.client.setAttrs(path, {"permissions": mod}) d.addCallback(_ignore) return d def cmd_CHOWN(self, rest): usr, rest = rest.split(None, 1) path, rest = self._getFilename(rest) usr = int(usr) d = self.client.getAttrs(path) d.addCallback(self._cbSetUsrGrp, path, usr=usr) return d def _cbSetUsrGrp(self, attrs, path, usr=None, grp=None): new = {} new["uid"] = (usr is not None) and usr or attrs["uid"] new["gid"] = (grp is not None) and grp or attrs["gid"] d = self.client.setAttrs(path, new) d.addCallback(_ignore) return d def cmd_GET(self, rest): remote, rest = self._getFilename(rest) if "" in remote or "?" in remote: # wildcard if rest: local, rest = self._getFilename(rest) if not os.path.isdir(local): return "Wildcard get with non-directory target." else: local = b"" d = self._remoteGlob(remote) d.addCallback(self._cbGetMultiple, local) return d if rest: local, rest = self._getFilename(rest) else: local = os.path.split(remote)[1] log.msg((remote, local)) lf = open(local, "wb", 0) path = FilePath(self.currentDirectory).child(remote) d = self.client.openFile(path.path, filetransfer.FXF_READ, {}) d.addCallback(self._cbGetOpenFile, lf) d.addErrback(self._ebCloseLf, lf) return d def _cbGetMultiple(self, files, local): # XXX this can be optimized for times w/o progress bar return self._cbGetMultipleNext(None, files, local) def _cbGetMultipleNext(self, res, files, local): if isinstance(res, failure.Failure): self._printFailure(res) elif res: self._writeToTransport(res) if not res.endswith("\n"): self._writeToTransport("\n") if not files: return f = files.pop(0)[0] lf = open(os.path.join(local, os.path.split(f)[1]), "wb", 0) path = FilePath(self.currentDirectory).child(f) d = self.client.openFile(path.path, filetransfer.FXF_READ, {}) d.addCallback(self._cbGetOpenFile, lf) d.addErrback(self._ebCloseLf, lf) d.addBoth(self._cbGetMultipleNext, files, local) return d def _ebCloseLf(self, f, lf): lf.close() return f def _cbGetOpenFile(self, rf, lf): return rf.getAttrs().addCallback(self._cbGetFileSize, rf, lf) def _cbGetFileSize(self, attrs, rf, lf): if not stat.S_ISREG(attrs["permissions"]): rf.close() lf.close() return "Can't get non-regular file: %s" % rf.name rf.size = attrs["size"] bufferSize = self.client.transport.conn.options["buffersize"] numRequests = self.client.transport.conn.options["requests"] rf.total = 0.0 dList = [] chunks = [] startTime = self.reactor.seconds() for i in range(numRequests): d = self._cbGetRead("", rf, lf, chunks, 0, bufferSize, startTime) dList.append(d) dl = defer.DeferredList(dList, fireOnOneErrback=1) dl.addCallback(self._cbGetDone, rf, lf) return dl def _getNextChunk(self, chunks): end = 0 for chunk in chunks: if end == "eof": return # nothing more to get if end != chunk[0]: i = chunks.index(chunk) chunks.insert(i, (end, chunk[0])) return (end, chunk[0] - end) end = chunk[1] bufSize = int(self.client.transport.conn.options["buffersize"]) chunks.append((end, end + bufSize)) return (end, bufSize) def _cbGetRead(self, data, rf, lf, chunks, start, size, startTime): if data and isinstance(data, failure.Failure): log.msg("get read err: %s" % data) reason = data reason.trap(EOFError) i = chunks.index((start, start + size)) del chunks[i] chunks.insert(i, (start, "eof")) elif data: log.msg("get read data: %i" % len(data)) lf.seek(start) lf.write(data) if len(data) != size: log.msg("got less than we asked for: %i < %i" % (len(data), size)) i = chunks.index((start, start + size)) del chunks[i] chunks.insert(i, (start, start + len(data))) rf.total += len(data) if self.useProgressBar: self._printProgressBar(rf, startTime) chunk = self._getNextChunk(chunks) if not chunk: return else: start, length = chunk log.msg("asking for %i -> %i" % (start, start + length)) d = rf.readChunk(start, length) d.addBoth(self._cbGetRead, rf, lf, chunks, start, length, startTime) return d def _cbGetDone(self, ignored, rf, lf): log.msg("get done") rf.close() lf.close() if self.useProgressBar: self._writeToTransport("\n") return f"Transferred {rf.name} to {lf.name}" def cmd_PUT(self, rest): """ Do an upload request for a single local file or a globing expression. @param rest: Requested command line for the PUT command. @type rest: L{str} @return: A deferred which fires with L{None} when transfer is done. @rtype: L{defer.Deferred} """ local, rest = self._getFilename(rest) # FIXME: https://twistedmatrix.com/trac/ticket/7241 # Use a better check for globbing expression. if "" in local or "?" in local: if rest: remote, rest = self._getFilename(rest) remote = os.path.join(self.currentDirectory, remote) else: remote = "" files = glob.glob(local) return self._putMultipleFiles(files, remote) else: if rest: remote, rest = self._getFilename(rest) else: remote = os.path.split(local)[1] return self._putSingleFile(local, remote) def _putSingleFile(self, local, remote): """ Perform an upload for a single file. @param local: Path to local file. @type local: L{str}. @param remote: Remote path for the request relative to current working directory. @type remote: L{str} @return: A deferred which fires when transfer is done. """ return self._cbPutMultipleNext(None, [local], remote, single=True) def _putMultipleFiles(self, files, remote): """ Perform an upload for a list of local files. @param files: List of local files. @type files: C{list} of L{str}. @param remote: Remote path for the request relative to current working directory. @type remote: L{str} @return: A deferred which fires when transfer is done. """ return self._cbPutMultipleNext(None, files, remote) def _cbPutMultipleNext(self, previousResult, files, remotePath, single=False): """ Perform an upload for the next file in the list of local files. @param previousResult: Result form previous file form the list. @type previousResult: L{str} @param files: List of local files. @type files: C{list} of L{str} @param remotePath: Remote path for the request relative to current working directory. @type remotePath: L{str} @param single: A flag which signals if this is a transfer for a single file in which case we use the exact remote path @type single: L{bool} @return: A deferred which fires when transfer is done. """ if isinstance(previousResult, failure.Failure): self._printFailure(previousResult) elif previousResult: if isinstance(previousResult, str): previousResult = previousResult.encode("utf-8") self._writeToTransport(previousResult) if not previousResult.endswith(b"\n"): self._writeToTransport(b"\n") currentFile = None while files and not currentFile: try: currentFile = files.pop(0) localStream = open(currentFile, "rb") except BaseException: self._printFailure(failure.Failure()) currentFile = None # No more files to transfer. if not currentFile: return None if single: remote = remotePath else: name = os.path.split(currentFile)[1] remote = os.path.join(remotePath, name) log.msg((name, remote, remotePath)) d = self._putRemoteFile(localStream, remote) d.addBoth(self._cbPutMultipleNext, files, remotePath) return d def _putRemoteFile(self, localStream, remotePath): """ Do an upload request. @param localStream: Local stream from where data is read. @type localStream: File like object. @param remotePath: Remote path for the request relative to current working directory. @type remotePath: L{str} @return: A deferred which fires when transfer is done. """ remote = os.path.join(self.currentDirectory, remotePath) flags = filetransfer.FXF_WRITE \| filetransfer.FXF_CREAT \| filetransfer.FXF_TRUNC d = self.client.openFile(remote, flags, {}) d.addCallback(self._cbPutOpenFile, localStream) d.addErrback(self._ebCloseLf, localStream) return d def _cbPutOpenFile(self, rf, lf): numRequests = self.client.transport.conn.options["requests"] if self.useProgressBar: lf = FileWrapper(lf) dList = [] chunks = [] startTime = self.reactor.seconds() for i in range(numRequests): d = self._cbPutWrite(None, rf, lf, chunks, startTime) if d: dList.append(d) dl = defer.DeferredList(dList, fireOnOneErrback=1) dl.addCallback(self._cbPutDone, rf, lf) return dl def _cbPutWrite(self, ignored, rf, lf, chunks, startTime): chunk = self._getNextChunk(chunks) start, size = chunk lf.seek(start) data = lf.read(size) if self.useProgressBar: lf.total += len(data) self._printProgressBar(lf, startTime) if data: d = rf.writeChunk(start, data) d.addCallback(self._cbPutWrite, rf, lf, chunks, startTime) return d else: return def _cbPutDone(self, ignored, rf, lf): lf.close() rf.close() if self.useProgressBar: self._writeToTransport("\n") return f"Transferred {lf.name} to {rf.name}" def cmd_LCD(self, path): os.chdir(path) def cmd_LN(self, rest): linkpath, rest = self._getFilename(rest) targetpath, rest = self._getFilename(rest) linkpath, targetpath = map( lambda x: os.path.join(self.currentDirectory, x), (linkpath, targetpath) ) return self.client.makeLink(linkpath, targetpath).addCallback(_ignore) def cmd_LS(self, rest): # possible lines: # ls current directory # ls name_of_file that file # ls name_of_directory that directory # ls some_glob_string current directory, globbed for that string options = [] rest = rest.split() while rest and rest[0] and rest[0][0] == "-": opts = rest.pop(0)[1:] for o in opts: if o == "l": options.append("verbose") elif o == "a": options.append("all") rest = " ".join(rest) path, rest = self._getFilename(rest) if not path: fullPath = self.currentDirectory + "/" else: fullPath = os.path.join(self.currentDirectory, path) d = self._remoteGlob(fullPath) d.addCallback(self._cbDisplayFiles, options) return d def _cbDisplayFiles(self, files, options): files.sort() if "all" not in options: files = [f for f in files if not f[0].startswith(b".")] if "verbose" in options: lines = [f[1] for f in files] else: lines = [f[0] for f in files] if not lines: return None else: return b"\n".join(lines) def cmd_MKDIR(self, path): path, rest = self._getFilename(path) path = os.path.join(self.currentDirectory, path) return self.client.makeDirectory(path, {}).addCallback(_ignore) def cmd_RMDIR(self, path): path, rest = self._getFilename(path) path = os.path.join(self.currentDirectory, path) return self.client.removeDirectory(path).addCallback(_ignore) def cmd_LMKDIR(self, path): os.system("mkdir %s" % path) def cmd_RM(self, path): path, rest = self._getFilename(path) path = os.path.join(self.currentDirectory, path) return self.client.removeFile(path).addCallback(_ignore) def cmd_LLS(self, rest): os.system("ls %s" % rest) def cmd_RENAME(self, rest): oldpath, rest = self._getFilename(rest) newpath, rest = self._getFilename(rest) oldpath, newpath = map( lambda x: os.path.join(self.currentDirectory, x), (oldpath, newpath) ) return self.client.renameFile(oldpath, newpath).addCallback(_ignore) def cmd_EXIT(self, ignored): self.client.transport.loseConnection() cmd_QUIT = cmd_EXIT def cmd_VERSION(self, ignored): version = "SFTP version %i" % self.client.version if isinstance(version, str): version = version.encode("utf-8") return version def cmd_HELP(self, ignored): return """Available commands: cd path Change remote directory to 'path'. chgrp gid path Change gid of 'path' to 'gid'. chmod mode path Change mode of 'path' to 'mode'. chown uid path Change uid of 'path' to 'uid'. exit Disconnect from the server. get remote-path [local-path] Get remote file. help Get a list of available commands. lcd path Change local directory to 'path'. lls [ls-options] [path] Display local directory listing. lmkdir path Create local directory. ln linkpath targetpath Symlink remote file. lpwd Print the local working directory. ls [-l] [path] Display remote directory listing. mkdir path Create remote directory. progress Toggle progress bar. put local-path [remote-path] Put local file. pwd Print the remote working directory. quit Disconnect from the server. rename oldpath newpath Rename remote file. rmdir path Remove remote directory. rm path Remove remote file. version Print the SFTP version. ? Synonym for 'help'. """ def cmd_PWD(self, ignored): return self.currentDirectory def cmd_LPWD(self, ignored): return os.getcwd() def cmd_PROGRESS(self, ignored): self.useProgressBar = not self.useProgressBar return "%ssing progess bar." % (self.useProgressBar and "U" or "Not u") def cmd_EXEC(self, rest): """ Run C{rest} using the user's shell (or /bin/sh if they do not have one). """ shell = self._pwd.getpwnam(getpass.getuser())[6] if not shell: shell = "/bin/sh" if rest: cmds = ["-c", rest] return utils.getProcessOutput(shell, cmds, errortoo=1) else: os.system(shell) # accessory functions def _remoteGlob(self, fullPath): log.msg("looking up %s" % fullPath) head, tail = os.path.split(fullPath) if "" in tail or "?" in tail: glob = 1 else: glob = 0 if tail and not glob: # could be file or directory # try directory first d = self.client.openDirectory(fullPath) d.addCallback(self._cbOpenList, "") d.addErrback(self._ebNotADirectory, head, tail) else: d = self.client.openDirectory(head) d.addCallback(self._cbOpenList, tail) return d def _cbOpenList(self, directory, glob): files = [] d = directory.read() d.addBoth(self._cbReadFile, files, directory, glob) return d def _ebNotADirectory(self, reason, path, glob): d = self.client.openDirectory(path) d.addCallback(self._cbOpenList, glob) return d def _cbReadFile(self, files, matchedFiles, directory, glob): if not isinstance(files, failure.Failure): if glob: glob = glob.encode("utf-8") matchedFiles.extend([f for f in files if fnmatch.fnmatch(f[0], glob)]) else: matchedFiles.extend(files) d = directory.read() d.addBoth(self._cbReadFile, matchedFiles, directory, glob) return d else: reason = files reason.trap(EOFError) directory.close() return matchedFiles def _abbrevSize(self, size): # from http://mail.python.org/pipermail/python-list/1999-December/018395.html _abbrevs = [ (1 << 50, "PB"), (1 << 40, "TB"), (1 << 30, "GB"), (1 << 20, "MB"), (1 << 10, "kB"), (1, "B"), ] for factor, suffix in _abbrevs: if size > factor: break return "%.1f" % (size / factor) + suffix def _abbrevTime(self, t): if t > 3600: # 1 hour hours = int(t / 3600) t -= 3600 hours mins = int(t / 60) t -= 60 * mins return "%i:%02i:%02i" % (hours, mins, t) else: mins = int(t / 60) t -= 60 * mins return "%02i:%02i" % (mins, t) def _printProgressBar(self, f, startTime): """ Update a console progress bar on this L{StdioClient}'s transport, based on the difference between the start time of the operation and the current time according to the reactor, and appropriate to the size of the console window. @param f: a wrapper around the file which is being written or read @type f: L{FileWrapper} @param startTime: The time at which the operation being tracked began. @type startTime: L{float} """ diff = self.reactor.seconds() - startTime total = f.total try: winSize = struct.unpack("4H", fcntl.ioctl(0, tty.TIOCGWINSZ, "12345679")) except OSError: winSize = [None, 80] if diff == 0.0: speed = 0.0 else: speed = total / diff if speed: timeLeft = (f.size - total) / speed else: timeLeft = 0 front = f.name if f.size: percentage = (total / f.size) * 100 else: percentage = 100 back = "%3i%% %s %sps %s " % ( percentage, self._abbrevSize(total), self._abbrevSize(speed), self._abbrevTime(timeLeft), ) spaces = (winSize[1] - (len(front) + len(back) + 1)) * " " command = f"\r{front}{spaces}{back}" self._writeToTransport(command) def _getFilename(self, line): """ Parse line received as command line input and return first filename together with the remaining line. @param line: Arguments received from command line input. @type line: L{str} @return: Tupple with filename and rest. Return empty values when no path was not found. @rtype: C{tupple} """ line = line.strip() if not line: return "", "" if line[0] in "'\"": ret = [] line = list(line) try: for i in range(1, len(line)): c = line[i] if c == line[0]: return "".join(ret), "".join(line[i + 1 :]).lstrip() elif c == "\\": # quoted character del line[i] if line[i] not in "'\"\\": raise IndexError(f"bad quote: \\{line[i]}") ret.append(line[i]) else: ret.append(line[i]) except IndexError: raise IndexError("unterminated quote") ret = line.split(None, 1) if len(ret) == 1: return ret[0], "" else: return ret[0], ret[1] setattr(StdioClient, "cmd_?", StdioClient.cmd_HELP) class SSHConnection(connection.SSHConnection): def serviceStarted(self): self.openChannel(SSHSession()) class SSHSession(channel.SSHChannel): name = b"session" def channelOpen(self, foo): log.msg("session %s open" % self.id) if self.conn.options["subsystem"].startswith("/"): request = "exec" else: request = "subsystem" d = self.conn.sendRequest( self, request, common.NS(self.conn.options["subsystem"]), wantReply=1 ) d.addCallback(self._cbSubsystem) d.addErrback(_ebExit) def _cbSubsystem(self, result): self.client = filetransfer.FileTransferClient() self.client.makeConnection(self) self.dataReceived = self.client.dataReceived f = None if self.conn.options["batchfile"]: fn = self.conn.options["batchfile"] if fn != "-": f = open(fn) self.stdio = stdio.StandardIO(StdioClient(self.client, f)) def extReceived(self, t, data): if t == connection.EXTENDED_DATA_STDERR: log.msg("got %s stderr data" % len(data)) sys.stderr.write(data) sys.stderr.flush() def eofReceived(self): log.msg("got eof") self.stdio.loseWriteConnection() def closeReceived(self): log.msg("remote side closed %s" % self) self.conn.sendClose(self) def closed(self): try: reactor.stop() except BaseException: pass def stopWriting(self): self.stdio.pauseProducing() def startWriting(self): self.stdio.resumeProducing() if __name__ == "__main__": run() ��scripts/tkconch.py��0000644��00000056336�15027667726�0010275 0��ustar�00��# -- test-case-name: twisted.conch.test.test_scripts -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Implementation module for the `tkconch` command. """ import base64 import getpass import os import signal import struct import sys import tkinter as Tkinter import tkinter.filedialog as tkFileDialog import tkinter.messagebox as tkMessageBox from typing import List, Tuple from twisted.conch import error from twisted.conch.client.default import isInKnownHosts from twisted.conch.ssh import ( channel, common, connection, forwarding, keys, session, transport, userauth, ) from twisted.conch.ui import tkvt100 from twisted.internet import defer, protocol, reactor, tksupport from twisted.python import log, usage class TkConchMenu(Tkinter.Frame): def __init__(self, args, params): ## Standard heading: initialization Tkinter.Frame.__init__(self, args, *params) self.master.title("TkConch") self.localRemoteVar = Tkinter.StringVar() self.localRemoteVar.set("local") Tkinter.Label(self, anchor="w", justify="left", text="Hostname").grid( column=1, row=1, sticky="w" ) self.host = Tkinter.Entry(self) self.host.grid(column=2, columnspan=2, row=1, sticky="nesw") Tkinter.Label(self, anchor="w", justify="left", text="Port").grid( column=1, row=2, sticky="w" ) self.port = Tkinter.Entry(self) self.port.grid(column=2, columnspan=2, row=2, sticky="nesw") Tkinter.Label(self, anchor="w", justify="left", text="Username").grid( column=1, row=3, sticky="w" ) self.user = Tkinter.Entry(self) self.user.grid(column=2, columnspan=2, row=3, sticky="nesw") Tkinter.Label(self, anchor="w", justify="left", text="Command").grid( column=1, row=4, sticky="w" ) self.command = Tkinter.Entry(self) self.command.grid(column=2, columnspan=2, row=4, sticky="nesw") Tkinter.Label(self, anchor="w", justify="left", text="Identity").grid( column=1, row=5, sticky="w" ) self.identity = Tkinter.Entry(self) self.identity.grid(column=2, row=5, sticky="nesw") Tkinter.Button(self, command=self.getIdentityFile, text="Browse").grid( column=3, row=5, sticky="nesw" ) Tkinter.Label(self, text="Port Forwarding").grid(column=1, row=6, sticky="w") self.forwards = Tkinter.Listbox(self, height=0, width=0) self.forwards.grid(column=2, columnspan=2, row=6, sticky="nesw") Tkinter.Button(self, text="Add", command=self.addForward).grid(column=1, row=7) Tkinter.Button(self, text="Remove", command=self.removeForward).grid( column=1, row=8 ) self.forwardPort = Tkinter.Entry(self) self.forwardPort.grid(column=2, row=7, sticky="nesw") Tkinter.Label(self, text="Port").grid(column=3, row=7, sticky="nesw") self.forwardHost = Tkinter.Entry(self) self.forwardHost.grid(column=2, row=8, sticky="nesw") Tkinter.Label(self, text="Host").grid(column=3, row=8, sticky="nesw") self.localForward = Tkinter.Radiobutton( self, text="Local", variable=self.localRemoteVar, value="local" ) self.localForward.grid(column=2, row=9) self.remoteForward = Tkinter.Radiobutton( self, text="Remote", variable=self.localRemoteVar, value="remote" ) self.remoteForward.grid(column=3, row=9) Tkinter.Label(self, text="Advanced Options").grid( column=1, columnspan=3, row=10, sticky="nesw" ) Tkinter.Label(self, anchor="w", justify="left", text="Cipher").grid( column=1, row=11, sticky="w" ) self.cipher = Tkinter.Entry(self, name="cipher") self.cipher.grid(column=2, columnspan=2, row=11, sticky="nesw") Tkinter.Label(self, anchor="w", justify="left", text="MAC").grid( column=1, row=12, sticky="w" ) self.mac = Tkinter.Entry(self, name="mac") self.mac.grid(column=2, columnspan=2, row=12, sticky="nesw") Tkinter.Label(self, anchor="w", justify="left", text="Escape Char").grid( column=1, row=13, sticky="w" ) self.escape = Tkinter.Entry(self, name="escape") self.escape.grid(column=2, columnspan=2, row=13, sticky="nesw") Tkinter.Button(self, text="Connect!", command=self.doConnect).grid( column=1, columnspan=3, row=14, sticky="nesw" ) # Resize behavior(s) self.grid_rowconfigure(6, weight=1, minsize=64) self.grid_columnconfigure(2, weight=1, minsize=2) self.master.protocol("WM_DELETE_WINDOW", sys.exit) def getIdentityFile(self): r = tkFileDialog.askopenfilename() if r: self.identity.delete(0, Tkinter.END) self.identity.insert(Tkinter.END, r) def addForward(self): port = self.forwardPort.get() self.forwardPort.delete(0, Tkinter.END) host = self.forwardHost.get() self.forwardHost.delete(0, Tkinter.END) if self.localRemoteVar.get() == "local": self.forwards.insert(Tkinter.END, f"L:{port}:{host}") else: self.forwards.insert(Tkinter.END, f"R:{port}:{host}") def removeForward(self): cur = self.forwards.curselection() if cur: self.forwards.remove(cur[0]) def doConnect(self): finished = 1 options["host"] = self.host.get() options["port"] = self.port.get() options["user"] = self.user.get() options["command"] = self.command.get() cipher = self.cipher.get() mac = self.mac.get() escape = self.escape.get() if cipher: if cipher in SSHClientTransport.supportedCiphers: SSHClientTransport.supportedCiphers = [cipher] else: tkMessageBox.showerror("TkConch", "Bad cipher.") finished = 0 if mac: if mac in SSHClientTransport.supportedMACs: SSHClientTransport.supportedMACs = [mac] elif finished: tkMessageBox.showerror("TkConch", "Bad MAC.") finished = 0 if escape: if escape == "none": options["escape"] = None elif escape[0] == "^" and len(escape) == 2: options["escape"] = chr(ord(escape[1]) - 64) elif len(escape) == 1: options["escape"] = escape elif finished: tkMessageBox.showerror("TkConch", "Bad escape character '%s'." % escape) finished = 0 if self.identity.get(): options.identitys.append(self.identity.get()) for line in self.forwards.get(0, Tkinter.END): if line[0] == "L": options.opt_localforward(line[2:]) else: options.opt_remoteforward(line[2:]) if "@" in options["host"]: options["user"], options["host"] = options["host"].split("@", 1) if (not options["host"] or not options["user"]) and finished: tkMessageBox.showerror("TkConch", "Missing host or username.") finished = 0 if finished: self.master.quit() self.master.destroy() if options["log"]: realout = sys.stdout log.startLogging(sys.stderr) sys.stdout = realout else: log.discardLogs() log.deferr = handleError # HACK if not options.identitys: options.identitys = ["~/.ssh/id_rsa", "~/.ssh/id_dsa"] host = options["host"] port = int(options["port"] or 22) log.msg((host, port)) reactor.connectTCP(host, port, SSHClientFactory()) frame.master.deiconify() frame.master.title( "{}@{} - TkConch".format(options["user"], options["host"]) ) else: self.focus() class GeneralOptions(usage.Options): synopsis = """Usage: tkconch [options] host [command] """ optParameters = [ ["user", "l", None, "Log in using this user name."], ["identity", "i", "~/.ssh/identity", "Identity for public key authentication"], ["escape", "e", "~", "Set escape character; ``none'' = disable"], ["cipher", "c", None, "Select encryption algorithm."], ["macs", "m", None, "Specify MAC algorithms for protocol version 2."], ["port", "p", None, "Connect to this port. Server must be on the same port."], [ "localforward", "L", None, "listen-port:host:port Forward local port to remote address", ], [ "remoteforward", "R", None, "listen-port:host:port Forward remote port to local address", ], ] optFlags = [ ["tty", "t", "Tty; allocate a tty even if command is given."], ["notty", "T", "Do not allocate a tty."], ["version", "V", "Display version number only."], ["compress", "C", "Enable compression."], ["noshell", "N", "Do not execute a shell or command."], ["subsystem", "s", "Invoke command (mandatory) as SSH2 subsystem."], ["log", "v", "Log to stderr"], ["ansilog", "a", "Print the received data to stdout"], ] _ciphers = transport.SSHClientTransport.supportedCiphers _macs = transport.SSHClientTransport.supportedMACs compData = usage.Completions( mutuallyExclusive=[("tty", "notty")], optActions={ "cipher": usage.CompleteList([v.decode() for v in _ciphers]), "macs": usage.CompleteList([v.decode() for v in _macs]), "localforward": usage.Completer(descr="listen-port:host:port"), "remoteforward": usage.Completer(descr="listen-port:host:port"), }, extraActions=[ usage.CompleteUserAtHost(), usage.Completer(descr="command"), usage.Completer(descr="argument", repeat=True), ], ) identitys: List[str] = [] localForwards: List[Tuple[int, Tuple[int, int]]] = [] remoteForwards: List[Tuple[int, Tuple[int, int]]] = [] def opt_identity(self, i): self.identitys.append(i) def opt_localforward(self, f): localPort, remoteHost, remotePort = f.split(":") # doesn't do v6 yet localPort = int(localPort) remotePort = int(remotePort) self.localForwards.append((localPort, (remoteHost, remotePort))) def opt_remoteforward(self, f): remotePort, connHost, connPort = f.split(":") # doesn't do v6 yet remotePort = int(remotePort) connPort = int(connPort) self.remoteForwards.append((remotePort, (connHost, connPort))) def opt_compress(self): SSHClientTransport.supportedCompressions[0:1] = ["zlib"] def parseArgs(self, args): if args: self["host"] = args[0] self["command"] = " ".join(args[1:]) else: self["host"] = "" self["command"] = "" # Rest of code in "run" options = None menu = None exitStatus = 0 frame = None def deferredAskFrame(question, echo): if frame.callback: raise ValueError("can't ask 2 questions at once!") d = defer.Deferred() resp = [] def gotChar(ch, resp=resp): if not ch: return if ch == "\x03": # C-c reactor.stop() if ch == "\r": frame.write("\r\n") stresp = "".join(resp) del resp frame.callback = None d.callback(stresp) return elif 32 <= ord(ch) < 127: resp.append(ch) if echo: frame.write(ch) elif ord(ch) == 8 and resp: # BS if echo: frame.write("\x08 \x08") resp.pop() frame.callback = gotChar frame.write(question) frame.canvas.focus_force() return d def run(): global menu, options, frame args = sys.argv[1:] if "-l" in args: # cvs is an idiot i = args.index("-l") args = args[i : i + 2] + args del args[i + 2 : i + 4] for arg in args[:]: try: i = args.index(arg) if arg[:2] == "-o" and args[i + 1][0] != "-": args[i : i + 2] = [] # suck on it scp except ValueError: pass root = Tkinter.Tk() root.withdraw() top = Tkinter.Toplevel() menu = TkConchMenu(top) menu.pack(side=Tkinter.TOP, fill=Tkinter.BOTH, expand=1) options = GeneralOptions() try: options.parseOptions(args) except usage.UsageError as u: print("ERROR: %s" % u) options.opt_help() sys.exit(1) for k, v in options.items(): if v and hasattr(menu, k): getattr(menu, k).insert(Tkinter.END, v) for (p, (rh, rp)) in options.localForwards: menu.forwards.insert(Tkinter.END, f"L:{p}:{rh}:{rp}") options.localForwards = [] for (p, (rh, rp)) in options.remoteForwards: menu.forwards.insert(Tkinter.END, f"R:{p}:{rh}:{rp}") options.remoteForwards = [] frame = tkvt100.VT100Frame(root, callback=None) root.geometry( "%dx%d" % (tkvt100.fontWidth * frame.width + 3, tkvt100.fontHeight * frame.height + 3) ) frame.pack(side=Tkinter.TOP) tksupport.install(root) root.withdraw() if (options["host"] and options["user"]) or "@" in options["host"]: menu.doConnect() else: top.mainloop() reactor.run() sys.exit(exitStatus) def handleError(): from twisted.python import failure global exitStatus exitStatus = 2 log.err(failure.Failure()) reactor.stop() raise class SSHClientFactory(protocol.ClientFactory): noisy = True def stopFactory(self): reactor.stop() def buildProtocol(self, addr): return SSHClientTransport() def clientConnectionFailed(self, connector, reason): tkMessageBox.showwarning( "TkConch", f"Connection Failed, Reason:\n {reason.type}: {reason.value}", ) class SSHClientTransport(transport.SSHClientTransport): def receiveError(self, code, desc): global exitStatus exitStatus = ( "conch:\tRemote side disconnected with error code %i\nconch:\treason: %s" % (code, desc) ) def sendDisconnect(self, code, reason): global exitStatus exitStatus = ( "conch:\tSending disconnect with error code %i\nconch:\treason: %s" % (code, reason) ) transport.SSHClientTransport.sendDisconnect(self, code, reason) def receiveDebug(self, alwaysDisplay, message, lang): global options if alwaysDisplay or options["log"]: log.msg("Received Debug Message: %s" % message) def verifyHostKey(self, pubKey, fingerprint): # d = defer.Deferred() # d.addCallback(lambda x:defer.succeed(1)) # d.callback(2) # return d goodKey = isInKnownHosts(options["host"], pubKey, {"known-hosts": None}) if goodKey == 1: # good key return defer.succeed(1) elif goodKey == 2: # AAHHHHH changed return defer.fail(error.ConchError("bad host key")) else: if options["host"] == self.transport.getPeer().host: host = options["host"] khHost = options["host"] else: host = "{} ({})".format(options["host"], self.transport.getPeer().host) khHost = "{},{}".format(options["host"], self.transport.getPeer().host) keyType = common.getNS(pubKey)[0] ques = """The authenticity of host '{}' can't be established.\r {} key fingerprint is {}.""".format( host, {b"ssh-dss": "DSA", b"ssh-rsa": "RSA"}[keyType], fingerprint, ) ques += "\r\nAre you sure you want to continue connecting (yes/no)? " return deferredAskFrame(ques, 1).addCallback( self._cbVerifyHostKey, pubKey, khHost, keyType ) def _cbVerifyHostKey(self, ans, pubKey, khHost, keyType): if ans.lower() not in ("yes", "no"): return deferredAskFrame("Please type 'yes' or 'no': ", 1).addCallback( self._cbVerifyHostKey, pubKey, khHost, keyType ) if ans.lower() == "no": frame.write("Host key verification failed.\r\n") raise error.ConchError("bad host key") try: frame.write( "Warning: Permanently added '%s' (%s) to the list of " "known hosts.\r\n" % (khHost, {b"ssh-dss": "DSA", b"ssh-rsa": "RSA"}[keyType]) ) with open(os.path.expanduser("~/.ssh/known_hosts"), "a") as known_hosts: encodedKey = base64.b64encode(pubKey) known_hosts.write(f"\n{khHost} {keyType} {encodedKey}") except BaseException: log.deferr() raise error.ConchError def connectionSecure(self): if options["user"]: user = options["user"] else: user = getpass.getuser() self.requestService(SSHUserAuthClient(user, SSHConnection())) class SSHUserAuthClient(userauth.SSHUserAuthClient): usedFiles: List[str] = [] def getPassword(self, prompt=None): if not prompt: prompt = "{}@{}'s password: ".format(self.user, options["host"]) return deferredAskFrame(prompt, 0) def getPublicKey(self): files = [x for x in options.identitys if x not in self.usedFiles] if not files: return None file = files[0] log.msg(file) self.usedFiles.append(file) file = os.path.expanduser(file) file += ".pub" if not os.path.exists(file): return try: return keys.Key.fromFile(file).blob() except BaseException: return self.getPublicKey() # try again def getPrivateKey(self): file = os.path.expanduser(self.usedFiles[-1]) if not os.path.exists(file): return None try: return defer.succeed(keys.Key.fromFile(file).keyObject) except keys.BadKeyError as e: if e.args[0] == "encrypted key with no password": prompt = "Enter passphrase for key '%s': " % self.usedFiles[-1] return deferredAskFrame(prompt, 0).addCallback(self._cbGetPrivateKey, 0) def _cbGetPrivateKey(self, ans, count): file = os.path.expanduser(self.usedFiles[-1]) try: return keys.Key.fromFile(file, password=ans).keyObject except keys.BadKeyError: if count == 2: raise prompt = "Enter passphrase for key '%s': " % self.usedFiles[-1] return deferredAskFrame(prompt, 0).addCallback( self._cbGetPrivateKey, count + 1 ) class SSHConnection(connection.SSHConnection): def serviceStarted(self): if not options["noshell"]: self.openChannel(SSHSession()) if options.localForwards: for localPort, hostport in options.localForwards: reactor.listenTCP( localPort, forwarding.SSHListenForwardingFactory( self, hostport, forwarding.SSHListenClientForwardingChannel ), ) if options.remoteForwards: for remotePort, hostport in options.remoteForwards: log.msg( "asking for remote forwarding for {}:{}".format( remotePort, hostport ) ) data = forwarding.packGlobal_tcpip_forward(("0.0.0.0", remotePort)) self.sendGlobalRequest("tcpip-forward", data) self.remoteForwards[remotePort] = hostport class SSHSession(channel.SSHChannel): name = b"session" def channelOpen(self, foo): # global globalSession # globalSession = self # turn off local echo self.escapeMode = 1 c = session.SSHSessionClient() if options["escape"]: c.dataReceived = self.handleInput else: c.dataReceived = self.write c.connectionLost = self.sendEOF frame.callback = c.dataReceived frame.canvas.focus_force() if options["subsystem"]: self.conn.sendRequest(self, b"subsystem", common.NS(options["command"])) elif options["command"]: if options["tty"]: term = os.environ.get("TERM", "xterm") # winsz = fcntl.ioctl(fd, tty.TIOCGWINSZ, '12345678') winSize = (25, 80, 0, 0) # struct.unpack('4H', winsz) ptyReqData = session.packRequest_pty_req(term, winSize, "") self.conn.sendRequest(self, b"pty-req", ptyReqData) self.conn.sendRequest(self, "exec", common.NS(options["command"])) else: if not options["notty"]: term = os.environ.get("TERM", "xterm") # winsz = fcntl.ioctl(fd, tty.TIOCGWINSZ, '12345678') winSize = (25, 80, 0, 0) # struct.unpack('4H', winsz) ptyReqData = session.packRequest_pty_req(term, winSize, "") self.conn.sendRequest(self, b"pty-req", ptyReqData) self.conn.sendRequest(self, b"shell", b"") self.conn.transport.transport.setTcpNoDelay(1) def handleInput(self, char): # log.msg('handling %s' % repr(char)) if char in ("\n", "\r"): self.escapeMode = 1 self.write(char) elif self.escapeMode == 1 and char == options["escape"]: self.escapeMode = 2 elif self.escapeMode == 2: self.escapeMode = 1 # so we can chain escapes together if char == ".": # disconnect log.msg("disconnecting from escape") reactor.stop() return elif char == "\x1a": # ^Z, suspend # following line courtesy of Erwin@freenode os.kill(os.getpid(), signal.SIGSTOP) return elif char == "R": # rekey connection log.msg("rekeying connection") self.conn.transport.sendKexInit() return self.write("~" + char) else: self.escapeMode = 0 self.write(char) def dataReceived(self, data): data = data.decode("utf-8") if options["ansilog"]: print(repr(data)) frame.write(data) def extReceived(self, t, data): if t == connection.EXTENDED_DATA_STDERR: log.msg("got %s stderr data" % len(data)) sys.stderr.write(data) sys.stderr.flush() def eofReceived(self): log.msg("got eof") sys.stdin.close() def closed(self): log.msg("closed %s" % self) if len(self.conn.channels) == 1: # just us left reactor.stop() def request_exit_status(self, data): global exitStatus exitStatus = int(struct.unpack(">L", data)[0]) log.msg("exit status: %s" % exitStatus) def sendEOF(self): self.conn.sendEOF(self) if __name__ == "__main__": run() ��scripts/__init__.py��0000644��00000000020�15027667726�0010356 0��ustar�00��"conch scripts" ��openssh_compat/factory.py��0000644��00000004704�15027667726�0011636 0��ustar�00��# -- test-case-name: twisted.conch.test.test_openssh_compat -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Factory for reading openssh configuration files: public keys, private keys, and moduli file. """ import errno import os from twisted.conch.openssh_compat import primes from twisted.conch.ssh import common, factory, keys from twisted.python.util import runAsEffectiveUser class OpenSSHFactory(factory.SSHFactory): dataRoot = "/usr/local/etc" # For openbsd which puts moduli in a different directory from keys. moduliRoot = "/usr/local/etc" def getPublicKeys(self): """ Return the server public keys. """ ks = {} for filename in os.listdir(self.dataRoot): if filename[:9] == "ssh_host_" and filename[-8:] == "_key.pub": try: k = keys.Key.fromFile(os.path.join(self.dataRoot, filename)) t = common.getNS(k.blob())[0] ks[t] = k except Exception as e: self._log.error( "bad public key file {filename}: {error}", filename=filename, error=e, ) return ks def getPrivateKeys(self): """ Return the server private keys. """ privateKeys = {} for filename in os.listdir(self.dataRoot): if filename[:9] == "ssh_host_" and filename[-4:] == "_key": fullPath = os.path.join(self.dataRoot, filename) try: key = keys.Key.fromFile(fullPath) except OSError as e: if e.errno == errno.EACCES: # Not allowed, let's switch to root key = runAsEffectiveUser(0, 0, keys.Key.fromFile, fullPath) privateKeys[key.sshType()] = key else: raise except Exception as e: self._log.error( "bad public key file {filename}: {error}", filename=filename, error=e, ) else: privateKeys[key.sshType()] = key return privateKeys def getPrimes(self): try: return primes.parseModuliFile(self.moduliRoot + "/moduli") except OSError: return None ��openssh_compat/__pycache__/__init__.cpython-310.pyc��0000644��00000000363�15027667726�0016262 0��ustar�00��o ��b��@��s��d�Z�dS�)zC Support for OpenSSH configuration files. Maintainer: Paul Swartz N)�__doc__��r��r��G/usr/lib/python3/dist-packages/twisted/conch/openssh_compat/__init__.py�<module>��s��openssh_compat/__pycache__/primes.cpython-310.pyc��0000644��00000001306�15027667726�0016020 0��ustar�00��o ��b��@��s��d�Z�dd��ZdS�)zc Parsing for the moduli file, which contains Diffie-Hellman prime groups. Maintainer: Paul Swartz c��C��s��t�\|��}\|��}W�d��n1�sw��Y��i�}\|D�]:}\|��}\|r\|d�dkr+q\|��\}}}}} } }t\| �d�} t\| �} t\|d�}\| \|vrMg�\|\| <�\|\| ��\| \|f��q\|S�)N��#��)�open� readlines�strip�split�int�append)�filename�f�lines�primes�l�tim�typ�tst�tri�size�gen�mod��r��E/usr/lib/python3/dist-packages/twisted/conch/openssh_compat/primes.py�parseModuliFile ��s �� r��N)�__doc__r��r��r��r��r��<module>��s��openssh_compat/__pycache__/factory.cpython-310.pyc��0000644��00000004155�15027667726�0016175 0��ustar�00��o ��b� ��@��sV��d�Z�ddlZddlZddlmZ�ddlmZmZmZ�ddl m Z �G�dd��dej�ZdS�)z^ Factory for reading openssh configuration files: public keys, private keys, and moduli file. ��N)�primes)�common�factory�keys)�runAsEffectiveUserc��@��s,��e�Zd�ZdZdZdd��Zdd��Zdd��ZdS�) �OpenSSHFactoryz/usr/local/etcc��C��s��i�}t��\|�j�D�]I}\|dd��dkrQ\|dd��dkrQztj�t�j�\|�j\|��}t� \|� ��d�}\|\|\|<�W�q�tyP�}�z\|�jj d\|\|d��W�Y�d}~qd}~ww�q\|S�) z0 Return the server public keys. N� �� ssh_host_i��z_key.pubr��'bad public key file {filename}: {error}��filename�error)�os�listdir�dataRootr��Key�fromFile�path�joinr��getNS�blob� Exception�_logr ��)�self�ksr��k�t�e��r��F/usr/lib/python3/dist-packages/twisted/conch/openssh_compat/factory.py� getPublicKeys��s"�� zOpenSSHFactory.getPublicKeysc��C��s��i�}t��\|�j�D�]l}\|dd��dkrt\|dd��dkrtt�j�\|�j\|�}ztj�\|�}W�nC�tyS�}�z\|j t j krHtddtjj\|�}\|\|\|��<�n��W�Y�d}~qd}~w�t ym�}�z\|�jjd\|\|d��W�Y�d}~qd}~ww�\|\|\|��<�q\|S�) z1 Return the server private keys. Nr��r ��_keyr��r ��r��)r��r��r��r��r��r��r��r��OSError�errno�EACCESr��sshTyper��r��r ��)r��privateKeysr��fullPath�keyr��r��r��r��getPrivateKeys��s0�� zOpenSSHFactory.getPrivateKeysc��C��s(��z t��\|�jd��W�S��ty��Y�d�S�w�)Nz/moduli)r��parseModuliFile� moduliRootr#��)r��r��r��r�� getPrimesE��s ��zOpenSSHFactory.getPrimesN)�__name__� __module__�__qualname__r��r,��r ��r��r-��r��r��r��r��r��s��r��) �__doc__r$��r��twisted.conch.openssh_compatr��twisted.conch.sshr��r��r��twisted.python.utilr�� SSHFactoryr��r��r��r��r��<module>��s��openssh_compat/primes.py��0000644��00000001200�15027667726�0011452 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. # """ Parsing for the moduli file, which contains Diffie-Hellman prime groups. Maintainer: Paul Swartz """ def parseModuliFile(filename): with open(filename) as f: lines = f.readlines() primes = {} for l in lines: l = l.strip() if not l or l[0] == "#": continue tim, typ, tst, tri, size, gen, mod = l.split() size = int(size) + 1 gen = int(gen) mod = int(mod, 16) if size not in primes: primes[size] = [] primes[size].append((gen, mod)) return primes ��openssh_compat/__init__.py��0000644��00000000226�15027667726�0011721 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. # """ Support for OpenSSH configuration files. Maintainer: Paul Swartz """ ��ui/__pycache__/tkvt100.cpython-310.pyc��0000644��00000014664�15027667726�0013340 0��ustar�00��o ��b$��@��s��d�Z�ddlZddlZddlmZ�ddlmZ�da d\a adZi�dd�d d �dd�d d�dd�dd�dd�dd�dd�dd�dd�dd�dd �d!d"�d#d$�d%d&�Z G�d'd(��d(ej�ZdS�))zHModule to emulate a VT100 terminal in Tkinter. Maintainer: Paul Swartz ��N��)�ansi)NN)�b�r�g�y�l�m�c�w�B�R�G�Y�L�M�C�Wr��#000000r��z#c40000r��z#00c400r��z#c4c400r��z#000080r ��z#c400c4r ��z#00c4c4r��z#c4c4c4r��z#626262r ��z#ff0000r��z#00ff00r��z#ffff00r��z#0000ffr��z#ff00ffr��z#00ffffr��z#ffffffc��@��sl��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dd��Z dd��Zdd��Zdd��Z dd��ZdS�)� VT100Framec��O��s��t�jddd�atttjtjtj��a t t��d��a\|� dd�\|�_\|� dd�\|�_\|d �\|�_\|d =�t \|�j��\|d<�}t\|�j��\|d<�}tjj\|�g\|�R�i�\|��tjd \|\|d�\|�_\|�jjtjtjdd ��\|�j�d\|�j��\|�j�ddd��\|�j�d\|�j��\|�j�d\|�j��\|�j�d\|�j��\|�j�d\|�j��\|�j��t �!t j"j#t j"j$�\|�_%\|�j&\|�j%_&\|�j'\|�j%_'\|�j(\|�j%_(d\|�_)d\|�_\|�jj+ddt d�td�ddd�\|�_,d�S�)N�Courier� ��)�family�size� linespace�width�P��height��callbackr��)�bgr��r��r��)�side�fill�expandz<Key>z<1>c��S��s��dS��N�break��)�xr&��r&��:/usr/lib/python3/dist-packages/twisted/conch/ui/tkvt100.py�<lambda>N��s��z%VT100Frame.__init__.<locals>.<lambda>z<Up>z<Down>z<Left>z<Right>r��green�r"��outline)-�tkFont�Font�ttyFont�max�map�measure�string� ascii_letters�digits� fontWidth�int�metrics� fontHeight�getr��r��r��Tkinter�Frame�__init__�Canvas�canvas�pack�TOP�BOTH�bind� keyPressed� upPressed�downPressed�leftPressed�rightPressed�focusr�� AnsiParser� ColorText�WHITE�BLACK� ansiParser�writeString�parseCursor� parseEraser'��r��create_rectangle�cursor)�self�args�kwr��hr&��r&��r(��r=��?��s8�� zVT100Frame.__init__c��C��s\��\|t��d�}\|t�d�}\|t��d�}\|t�d�}\|�j�\|\|\|\|�} \| D�]} \|�j�\| ��q#d�S�)Nr��)r6��r9��r?��find_overlapping�delete)rT��sx�sy�ex�ey�csx�csy�cex�cey�items�itemr&��r&��r(��_deleted��s��zVT100Frame._deletec��s��j��jkr)d��_��jd7��_��j��jkr)��fdd��j��D��jd8��_��j�t�d�}��jt�d�}��j�\|\|\|d�\|d��}\|rO��fdd�\|D��\|re��jj \|\|\|t�d�\|t�d�\|\|d��jj \|\|tjt \|\|d��j�d7��_�d�S�) Nr��r��c��g�\|�]}��j��\|d�t��qS��r��r?��mover9��.0r'��rT��r&��r(�� <listcomp>r��s��z%VT100Frame._write.<locals>.<listcomp>��c��s��g�\|�]}��j��\|��qS�r&��)r?��rZ��)rk��rd��rl��r&��r(��rm��x��s��r+��)�anchor�font�textr"��)r'��r��r��r��r?��find_allr6��r9��rY��rR��create_textr;��NWr/��)rT��ch�fgr ��canvasX�canvasYrc��r&��rl��r(��_writem��s0�� zVT100Frame._writec��C��sr��\|�j��\|��\|�j�\|�j��\|�jt�d�}\|�jt�d�}\|�jj \|\|\|t�d�\|t�d�ddd�\|�_\|�j� \|�j��d�S�)Nr��r��r+��)rN��parseStringr?��rZ��rS��r'��r6��r��r9��rR��lower)rT��datarw��rx��r&��r&��r(��write��s�� zVT100Frame.writec��s��\|j�sd�S�t\|j��\|jdkot\|j��\|jD�]u}t\|�}\|dkr&��q\|dkr5�jr4��jd8��_q\|dkrG��fdd�td�D��q\|dkrq�j �j d�kri��d d �jd ��fd d��j ��D��q��j d7��_ q\|dkryd �_qd\|��kr�d k�r�n�q��\|��qd�S�)Nr��r�� c��s��g�\|�] }��d��qS�)� )ry��)rk��index�r ��rv��rT��r&��r(��rm��zVT100Frame.writeString.<locals>.<listcomp>r��r��c��rf��rg��rh��rj��rl��r&��r(��rm��s�� )�display�colorMaprv��r ��rq��ord�bellr'��ranger��r��re��r��r?��rr��ry��)rT��iru��r��r&��r��r(��rO��s6�� zVT100Frame.writeStringc��sH��d\|v�r\|d��\|d�d��d�}��fdd�\|D��d�S�d}�j�j}}t\|�dkr4t\|d�d��}\|d�dkr\\|dkrJ��\|\|�j�j��d�S��dd�j�j��d�_d�_d�S�\|d�dkr�\|dkrq��\|\|�j\|��d�S�\|dkr��d\|\|\|��d�_d�S��d\|�j\|��d�_d�S�\|d�d kr��\|\|\|\|�\|��d�S�d�S�) N�;��c��s��g�\|�] }��\|��qS�r&��)rQ��rj��endrT��r&��r(��rm��r��z)VT100Frame.parseErase.<locals>.<listcomp>r��r��J�K�P)�splitr'��r��lenr7��re��r��r��)rT��erase�parts�startr'��r��r&��r��r(��rQ��s4�� zVT100Frame.parseErasec��C��s��d}t�\|�dkr\|d�dkrt\|d�d��}\|d�dkr%\|��j\|7��_d�S�\|d�dkr4\|��j\|8��_d�S�\|d�dkrA\|d�\|�_d�S�\|d�dkrN\|d�\|�_d�S�\|d�dkr}t�\|�dkrqtt\|d�d��d��\}}\|d8�}\|d8�}nd \}}\|\|�_\|\|�_d�S�d�S�) Nr��r��Hr��D�dr��r��)r��r��)r��r7��r'��r��r1��r��)rT��rS��r��r��r'��r&��r&��r(��rP��s(�� zVT100Frame.parseCursorc��C��s��\|�j�r\|jr\|��\|j��dS�r$��)r��char�rT��eventr&��r&��r(��rD��s��zVT100Frame.keyPressedc��C��\|��d��d�S�)NzOA�r��r��r&��r&��r(��rE��zVT100Frame.upPressedc��C��r��)NzOBr��r��r&��r&��r(��rF��r��zVT100Frame.downPressedc��C��r��)NzOCr��r��r&��r&��r(��rH��r��zVT100Frame.rightPressedc��C��r��)NzODr��r��r&��r&��r(��rG��r��zVT100Frame.leftPressedN)�__name__� __module__�__qualname__r=��re��ry��r}��rO��rQ��rP��rD��rE��rF��rH��rG��r&��r&��r&��r(��r��>��s��% r��)�__doc__r3��tkinterr;��tkinter.fontrp��r-��r��r/��r6��r9�� colorKeysr��r<��r��r&��r&��r&��r(��<module>��sT�� ui/__pycache__/__init__.cpython-310.pyc��0000644��00000000367�15027667726�0013661 0��ustar�00��o ��b��@��s��d�Z�dS�)zS twisted.conch.ui is home to the UI elements for tkconch. Maintainer: Paul Swartz N)�__doc__��r��r��;/usr/lib/python3/dist-packages/twisted/conch/ui/__init__.py�<module>��s��ui/__pycache__/ansi.cpython-310.pyc��0000644��00000012643�15027667726�0013054 0��ustar�00��o ��b��@��sv��d�Z�ddlZddlmZ�e��ZG�dd��d�ZG�dd��d�Zd�edjej ��Z i�Zej D�]ZeD�]Z eee <�q0q,[dS�) zGModule to parse ANSI escape sequences Maintainer: Jean-Paul Calderone ��N)�Loggerc��@��sN��e�Zd�ZdZdZedd��eD��Zeee��\Z Z ZZZ ZZZdZdd��ZdS�) � ColorTextzb Represents an element of text along with the texts colors and additional attributes. )�b�r�g�y�l�m�c�wc��c��s��\|�]}\|��V��qd�S��N)�upper)�.0�x��r��7/usr/lib/python3/dist-packages/twisted/conch/ui/ansi.py� <genexpr>��s��zColorText.<genexpr>)�Black�Red�Green�Yellow�Blue�Magenta�Cyan�Whitec �� C��sT��\|\|\|\|�_�\|�_\|�_\|\|�_\|\|�_\|\|�_\|\|�_\|\|�_\|�jr(\|�j\|�j\|�_\|�_d�S�d�S�r��)�text�fg�bg�display�bold� underline�flash�reverse) �selfr��r��r��r��r��r ��r!��r"��r��r��r��__init__)��s��zColorText.__init__N)�__name__� __module__�__qualname__�__doc__�COLORS�tuple�BOLD_COLORS�range�len�BLACK�RED�GREEN�YELLOW�BLUE�MAGENTA�CYAN�WHITE�COLOR_NAMESr$��r��r��r��r��r��s��r��c��@��s��e�Zd�ZdZdZdZdZdZdZeeeeefZ dd��Z d d ��Zdd��Zd d��Z dd��Zdd��Zdd��Zejfdd�Zdd��ZdS�)� AnsiParserz& Parser class for ANSI codes. )�H�f�A�B�C�D�R�s�u�d�G)�J�K�P)�hr��)�p)r ��c��C��sD��\|\|\|�_�\|�_\|�j�\|�j\|�_\|�_d\\|�_\|�_\|�_\|�_d\|�_d\|�_ d�S�)N�r��r��r��r��) � defaultFG� defaultBG� currentFG� currentBGr��r!��r ��r"��r��prepend)r#��rK��rL��r��r��r��r$��J��s �� zAnsiParser.__init__c��C��s��d}d}d}t�\|�}\|\|k�rC\|dkr\|\|�tv�rd}n \|r;\|�d\|�}\|dkr/\|\|\|d��S�\|\|\|\|��}\|}d}\|d�}\|\|k�s\|S�)zF Remove all ANSI color escapes from the given string. rJ��rI��r��N)r-��_sets�find)r#��string�result�show�i�L�nr��r��r��stripEscapesQ��s"��zAnsiParser.stripEscapesc��C��d�S�r��r��)r#��colorstrr��r��r��writeStringg��zAnsiParser.writeStringc�� C��st��\|�j�r\|�j�\|�}d\|�_�\|�d�}t\|�dkr"\|��\|��\|d��dS�\|��\|��\|d��\|dd��D��]}t\|�}d}d}\|\|k�rS\|\|�tjd�vrKn\|d7�}\|\|k�sA\|s[d\|�_��dS�\|d�dkrp\|��\|��\|\|d�d��q2\|dd��}\|d8�}\|\|d�kr�d\|�_��dS�t�\|\|�d�}\|du�r�q2\|t j kr�\|��\|d\|d��\|\|d�d��}\|��\|��\|��q2\|t jkr�\|d\|d��\|\|d�d��}}\|�� \|��\|��\|��\|��q2\|t jkr�\|d\|d��\|\|d�d��}}\|��\|��\|��\|��\|��q2\|t jk�r\|\|d�d��}\|��\|��\|��q2\|\|k�rd\|�\|�_�q2tjd \|\|�d ��\|\|d�d��}\|��\|��\|��q2dS�)zK Turn a string input into a list of L{ColorText} elements. rJ��rP��rI��r��Nz[;?�[z[z+Unhandled ANSI control type: {control_type})�control_type)rO��splitr-��r]�� formatTextrT��digits�_setmap�getr7�� COLOR_SET� parseColor� CURSOR_SET�parseCursor� ERASE_SET� parseErase�MODE_SET�_log�warn) r#��str�partsr?��rX��rW��type�cursor�eraser��r��r��parseStringj��sj�� " " ��zAnsiParser.parseStringc��C��s��\|dd��}\|s d}z t�t\|�d��}W�n�ty.��tjd\|d��\|�j\|�j\|�_\|�_ Y�dS�w�\|D�]�}\|dkrN\|�j\|�j\|�_\|�_ d\\|�_ \|�_\|�_\|�_ d \|�_q1\|d krVd \|�_ q1d \|��kr`dkrhn�n\|d �\|�_q1d\|��krrd krzn�n\|d�\|�_ q1\|dkr�\|�j\|�_q1\|dkr�\|�j\|�_ q1\|dkr�d \|�_q1\|dkr�d \|�_q1\|dkr�d \|�_ q1\|dkr�d\|�_q1\|dkr�d\|�_ q1\|dkr�d\|�_q1\|dkr�d\|�_q1\|dkr�d\|�_ q1\|dkr�d \|�_q1tjd\|d��q1dS�)z5 Handle a single ANSI color sequence NrQ��0�;z)Invalid ANSI color sequence: {sequence!r})�sequencer��rH��rI��%��(��/��'��1��zUnrecognised ANSI color command: {command})�command)�map�intra�� ValueErrorrm��errorrK��rL��rM��rN��r��r!��r ��r"��r��blink)r#��ro��rp��r��r��r��r��rg��sZ�� zAnsiParser.parseColorc��C��r[��r��r��)r#��rr��r��r��r��ri��r^��zAnsiParser.parseCursorc��C��r[��r��r��)r#��rs��r��r��r��rk��r^��zAnsiParser.parseErasec��C��s&��\|rt�j\|�S�\|�jr\|\|�pt�j\|�S�r��)r��r)��r��)r#��value�mode�BOLDr��r��r�� pickColor��s�� zAnsiParser.pickColorc�� C��s4��t�\|\|��\|�jd�\|��\|�jd�\|�j\|�j\|�j\|�j\|�j�S�)Nr��rI��) r��r��rM��rN��r��r��r ��r!��r"��)r#��r��r��r��r��rb��s��zAnsiParser.formatTextN)r%��r&��r'��r(��rh��rj��rl�� ASSIGN_SETrf��SETSr$��rZ��r]��rt��rg��ri��rk��r��r+��r��rb��r��r��r��r��r7��4��s"��?5r7��rJ��)r(��rT��twisted.loggerr��rm��r��r7��joinr��r��rR��rd��r?��r��r��r��r��r��<module>��s��"�D ��ui/ansi.py��0000644��00000016401�15027667726�0006511 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. # """Module to parse ANSI escape sequences Maintainer: Jean-Paul Calderone """ import string # Twisted imports from twisted.logger import Logger _log = Logger() class ColorText: """ Represents an element of text along with the texts colors and additional attributes. """ # The colors to use COLORS = ("b", "r", "g", "y", "l", "m", "c", "w") BOLD_COLORS = tuple(x.upper() for x in COLORS) BLACK, RED, GREEN, YELLOW, BLUE, MAGENTA, CYAN, WHITE = range(len(COLORS)) # Color names COLOR_NAMES = ( "Black", "Red", "Green", "Yellow", "Blue", "Magenta", "Cyan", "White", ) def __init__(self, text, fg, bg, display, bold, underline, flash, reverse): self.text, self.fg, self.bg = text, fg, bg self.display = display self.bold = bold self.underline = underline self.flash = flash self.reverse = reverse if self.reverse: self.fg, self.bg = self.bg, self.fg class AnsiParser: """ Parser class for ANSI codes. """ # Terminators for cursor movement ansi controls - unsupported CURSOR_SET = ("H", "f", "A", "B", "C", "D", "R", "s", "u", "d", "G") # Terminators for erasure ansi controls - unsupported ERASE_SET = ("J", "K", "P") # Terminators for mode change ansi controls - unsupported MODE_SET = ("h", "l") # Terminators for keyboard assignment ansi controls - unsupported ASSIGN_SET = ("p",) # Terminators for color change ansi controls - supported COLOR_SET = ("m",) SETS = (CURSOR_SET, ERASE_SET, MODE_SET, ASSIGN_SET, COLOR_SET) def __init__(self, defaultFG, defaultBG): self.defaultFG, self.defaultBG = defaultFG, defaultBG self.currentFG, self.currentBG = self.defaultFG, self.defaultBG self.bold, self.flash, self.underline, self.reverse = 0, 0, 0, 0 self.display = 1 self.prepend = "" def stripEscapes(self, string): """ Remove all ANSI color escapes from the given string. """ result = "" show = 1 i = 0 L = len(string) while i < L: if show == 0 and string[i] in _sets: show = 1 elif show: n = string.find("\x1B", i) if n == -1: return result + string[i:] else: result = result + string[i:n] i = n show = 0 i = i + 1 return result def writeString(self, colorstr): pass def parseString(self, str): """ Turn a string input into a list of L{ColorText} elements. """ if self.prepend: str = self.prepend + str self.prepend = "" parts = str.split("\x1B") if len(parts) == 1: self.writeString(self.formatText(parts[0])) else: self.writeString(self.formatText(parts[0])) for s in parts[1:]: L = len(s) i = 0 type = None while i < L: if s[i] not in string.digits + "[;?": break i += 1 if not s: self.prepend = "\x1b" return if s[0] != "[": self.writeString(self.formatText(s[i + 1 :])) continue else: s = s[1:] i -= 1 if i == L - 1: self.prepend = "\x1b[" return type = _setmap.get(s[i], None) if type is None: continue if type == AnsiParser.COLOR_SET: self.parseColor(s[: i + 1]) s = s[i + 1 :] self.writeString(self.formatText(s)) elif type == AnsiParser.CURSOR_SET: cursor, s = s[: i + 1], s[i + 1 :] self.parseCursor(cursor) self.writeString(self.formatText(s)) elif type == AnsiParser.ERASE_SET: erase, s = s[: i + 1], s[i + 1 :] self.parseErase(erase) self.writeString(self.formatText(s)) elif type == AnsiParser.MODE_SET: s = s[i + 1 :] # self.parseErase('2J') self.writeString(self.formatText(s)) elif i == L: self.prepend = "\x1B[" + s else: _log.warn( "Unhandled ANSI control type: {control_type}", control_type=s[i] ) s = s[i + 1 :] self.writeString(self.formatText(s)) def parseColor(self, str): """ Handle a single ANSI color sequence """ # Drop the trailing 'm' str = str[:-1] if not str: str = "0" try: parts = map(int, str.split(";")) except ValueError: _log.error("Invalid ANSI color sequence: {sequence!r}", sequence=str) self.currentFG, self.currentBG = self.defaultFG, self.defaultBG return for x in parts: if x == 0: self.currentFG, self.currentBG = self.defaultFG, self.defaultBG self.bold, self.flash, self.underline, self.reverse = 0, 0, 0, 0 self.display = 1 elif x == 1: self.bold = 1 elif 30 <= x <= 37: self.currentFG = x - 30 elif 40 <= x <= 47: self.currentBG = x - 40 elif x == 39: self.currentFG = self.defaultFG elif x == 49: self.currentBG = self.defaultBG elif x == 4: self.underline = 1 elif x == 5: self.flash = 1 elif x == 7: self.reverse = 1 elif x == 8: self.display = 0 elif x == 22: self.bold = 0 elif x == 24: self.underline = 0 elif x == 25: self.blink = 0 elif x == 27: self.reverse = 0 elif x == 28: self.display = 1 else: _log.error("Unrecognised ANSI color command: {command}", command=x) def parseCursor(self, cursor): pass def parseErase(self, erase): pass def pickColor(self, value, mode, BOLD=ColorText.BOLD_COLORS): if mode: return ColorText.COLORS[value] else: return self.bold and BOLD[value] or ColorText.COLORS[value] def formatText(self, text): return ColorText( text, self.pickColor(self.currentFG, 0), self.pickColor(self.currentBG, 1), self.display, self.bold, self.underline, self.flash, self.reverse, ) _sets = "".join(map("".join, AnsiParser.SETS)) _setmap = {} for s in AnsiParser.SETS: for r in s: _setmap[r] = s del s ��ui/tkvt100.py��0000644��00000016444�15027667726�0006777 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. # """Module to emulate a VT100 terminal in Tkinter. Maintainer: Paul Swartz """ import string import tkinter as Tkinter import tkinter.font as tkFont from . import ansi ttyFont = None # tkFont.Font(family = 'Courier', size = 10) fontWidth, fontHeight = ( None, None, ) # max(map(ttyFont.measure, string.letters+string.digits)), int(ttyFont.metrics()['linespace']) colorKeys = ( "b", "r", "g", "y", "l", "m", "c", "w", "B", "R", "G", "Y", "L", "M", "C", "W", ) colorMap = { "b": "#000000", "r": "#c40000", "g": "#00c400", "y": "#c4c400", "l": "#000080", "m": "#c400c4", "c": "#00c4c4", "w": "#c4c4c4", "B": "#626262", "R": "#ff0000", "G": "#00ff00", "Y": "#ffff00", "L": "#0000ff", "M": "#ff00ff", "C": "#00ffff", "W": "#ffffff", } class VT100Frame(Tkinter.Frame): def __init__(self, args, *kw): global ttyFont, fontHeight, fontWidth ttyFont = tkFont.Font(family="Courier", size=10) fontWidth = max(map(ttyFont.measure, string.ascii_letters + string.digits)) fontHeight = int(ttyFont.metrics()["linespace"]) self.width = kw.get("width", 80) self.height = kw.get("height", 25) self.callback = kw["callback"] del kw["callback"] kw["width"] = w = fontWidth self.width kw["height"] = h = fontHeight * self.height Tkinter.Frame.__init__(self, args, kw) self.canvas = Tkinter.Canvas(bg="#000000", width=w, height=h) self.canvas.pack(side=Tkinter.TOP, fill=Tkinter.BOTH, expand=1) self.canvas.bind("<Key>", self.keyPressed) self.canvas.bind("<1>", lambda x: "break") self.canvas.bind("<Up>", self.upPressed) self.canvas.bind("<Down>", self.downPressed) self.canvas.bind("<Left>", self.leftPressed) self.canvas.bind("<Right>", self.rightPressed) self.canvas.focus() self.ansiParser = ansi.AnsiParser(ansi.ColorText.WHITE, ansi.ColorText.BLACK) self.ansiParser.writeString = self.writeString self.ansiParser.parseCursor = self.parseCursor self.ansiParser.parseErase = self.parseErase # for (a, b) in colorMap.items(): # self.canvas.tag_config(a, foreground=b) # self.canvas.tag_config('b'+a, background=b) # self.canvas.tag_config('underline', underline=1) self.x = 0 self.y = 0 self.cursor = self.canvas.create_rectangle( 0, 0, fontWidth - 1, fontHeight - 1, fill="green", outline="green" ) def _delete(self, sx, sy, ex, ey): csx = sx fontWidth + 1 csy = sy * fontHeight + 1 cex = ex * fontWidth + 3 cey = ey * fontHeight + 3 items = self.canvas.find_overlapping(csx, csy, cex, cey) for item in items: self.canvas.delete(item) def _write(self, ch, fg, bg): if self.x == self.width: self.x = 0 self.y += 1 if self.y == self.height: [self.canvas.move(x, 0, -fontHeight) for x in self.canvas.find_all()] self.y -= 1 canvasX = self.x * fontWidth + 1 canvasY = self.y * fontHeight + 1 items = self.canvas.find_overlapping(canvasX, canvasY, canvasX + 2, canvasY + 2) if items: [self.canvas.delete(item) for item in items] if bg: self.canvas.create_rectangle( canvasX, canvasY, canvasX + fontWidth - 1, canvasY + fontHeight - 1, fill=bg, outline=bg, ) self.canvas.create_text( canvasX, canvasY, anchor=Tkinter.NW, font=ttyFont, text=ch, fill=fg ) self.x += 1 def write(self, data): self.ansiParser.parseString(data) self.canvas.delete(self.cursor) canvasX = self.x * fontWidth + 1 canvasY = self.y * fontHeight + 1 self.cursor = self.canvas.create_rectangle( canvasX, canvasY, canvasX + fontWidth - 1, canvasY + fontHeight - 1, fill="green", outline="green", ) self.canvas.lower(self.cursor) def writeString(self, i): if not i.display: return fg = colorMap[i.fg] bg = i.bg != "b" and colorMap[i.bg] for ch in i.text: b = ord(ch) if b == 7: # bell self.bell() elif b == 8: # BS if self.x: self.x -= 1 elif b == 9: # TAB [self._write(" ", fg, bg) for index in range(8)] elif b == 10: if self.y == self.height - 1: self._delete(0, 0, self.width, 0) [ self.canvas.move(x, 0, -fontHeight) for x in self.canvas.find_all() ] else: self.y += 1 elif b == 13: self.x = 0 elif 32 <= b < 127: self._write(ch, fg, bg) def parseErase(self, erase): if ";" in erase: end = erase[-1] parts = erase[:-1].split(";") [self.parseErase(x + end) for x in parts] return start = 0 x, y = self.x, self.y if len(erase) > 1: start = int(erase[:-1]) if erase[-1] == "J": if start == 0: self._delete(x, y, self.width, self.height) else: self._delete(0, 0, self.width, self.height) self.x = 0 self.y = 0 elif erase[-1] == "K": if start == 0: self._delete(x, y, self.width, y) elif start == 1: self._delete(0, y, x, y) self.x = 0 else: self._delete(0, y, self.width, y) self.x = 0 elif erase[-1] == "P": self._delete(x, y, x + start, y) def parseCursor(self, cursor): # if ';' in cursor and cursor[-1]!='H': # end = cursor[-1] # parts = cursor[:-1].split(';') # [self.parseCursor(x+end) for x in parts] # return start = 1 if len(cursor) > 1 and cursor[-1] != "H": start = int(cursor[:-1]) if cursor[-1] == "C": self.x += start elif cursor[-1] == "D": self.x -= start elif cursor[-1] == "d": self.y = start - 1 elif cursor[-1] == "G": self.x = start - 1 elif cursor[-1] == "H": if len(cursor) > 1: y, x = map(int, cursor[:-1].split(";")) y -= 1 x -= 1 else: x, y = 0, 0 self.x = x self.y = y def keyPressed(self, event): if self.callback and event.char: self.callback(event.char) return "break" def upPressed(self, event): self.callback("\x1bOA") def downPressed(self, event): self.callback("\x1bOB") def rightPressed(self, event): self.callback("\x1bOC") def leftPressed(self, event): self.callback("\x1bOD") ��ui/__init__.py��0000644��00000000247�15027667726�0007317 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. # """ twisted.conch.ui is home to the UI elements for tkconch. Maintainer: Paul Swartz """ ��ttymodes.py��0000644��00000004223�15027667726�0007011 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. # import tty # this module was autogenerated. VINTR = 1 VQUIT = 2 VERASE = 3 VKILL = 4 VEOF = 5 VEOL = 6 VEOL2 = 7 VSTART = 8 VSTOP = 9 VSUSP = 10 VDSUSP = 11 VREPRINT = 12 VWERASE = 13 VLNEXT = 14 VFLUSH = 15 VSWTCH = 16 VSTATUS = 17 VDISCARD = 18 IGNPAR = 30 PARMRK = 31 INPCK = 32 ISTRIP = 33 INLCR = 34 IGNCR = 35 ICRNL = 36 IUCLC = 37 IXON = 38 IXANY = 39 IXOFF = 40 IMAXBEL = 41 ISIG = 50 ICANON = 51 XCASE = 52 ECHO = 53 ECHOE = 54 ECHOK = 55 ECHONL = 56 NOFLSH = 57 TOSTOP = 58 IEXTEN = 59 ECHOCTL = 60 ECHOKE = 61 PENDIN = 62 OPOST = 70 OLCUC = 71 ONLCR = 72 OCRNL = 73 ONOCR = 74 ONLRET = 75 CS7 = 90 CS8 = 91 PARENB = 92 PARODD = 93 TTY_OP_ISPEED = 128 TTY_OP_OSPEED = 129 TTYMODES = { 1: "VINTR", 2: "VQUIT", 3: "VERASE", 4: "VKILL", 5: "VEOF", 6: "VEOL", 7: "VEOL2", 8: "VSTART", 9: "VSTOP", 10: "VSUSP", 11: "VDSUSP", 12: "VREPRINT", 13: "VWERASE", 14: "VLNEXT", 15: "VFLUSH", 16: "VSWTCH", 17: "VSTATUS", 18: "VDISCARD", 30: (tty.IFLAG, "IGNPAR"), 31: (tty.IFLAG, "PARMRK"), 32: (tty.IFLAG, "INPCK"), 33: (tty.IFLAG, "ISTRIP"), 34: (tty.IFLAG, "INLCR"), 35: (tty.IFLAG, "IGNCR"), 36: (tty.IFLAG, "ICRNL"), 37: (tty.IFLAG, "IUCLC"), 38: (tty.IFLAG, "IXON"), 39: (tty.IFLAG, "IXANY"), 40: (tty.IFLAG, "IXOFF"), 41: (tty.IFLAG, "IMAXBEL"), 50: (tty.LFLAG, "ISIG"), 51: (tty.LFLAG, "ICANON"), 52: (tty.LFLAG, "XCASE"), 53: (tty.LFLAG, "ECHO"), 54: (tty.LFLAG, "ECHOE"), 55: (tty.LFLAG, "ECHOK"), 56: (tty.LFLAG, "ECHONL"), 57: (tty.LFLAG, "NOFLSH"), 58: (tty.LFLAG, "TOSTOP"), 59: (tty.LFLAG, "IEXTEN"), 60: (tty.LFLAG, "ECHOCTL"), 61: (tty.LFLAG, "ECHOKE"), 62: (tty.LFLAG, "PENDIN"), 70: (tty.OFLAG, "OPOST"), 71: (tty.OFLAG, "OLCUC"), 72: (tty.OFLAG, "ONLCR"), 73: (tty.OFLAG, "OCRNL"), 74: (tty.OFLAG, "ONOCR"), 75: (tty.OFLAG, "ONLRET"), # 90 : (tty.CFLAG, 'CS7'), # 91 : (tty.CFLAG, 'CS8'), 92: (tty.CFLAG, "PARENB"), 93: (tty.CFLAG, "PARODD"), 128: "ISPEED", 129: "OSPEED", } ��mixin.py��0000644��00000002535�15027667726�0006271 0��ustar�00��# -- test-case-name: twisted.conch.test.test_mixin -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Experimental optimization This module provides a single mixin class which allows protocols to collapse numerous small writes into a single larger one. @author: Jp Calderone """ from twisted.internet import reactor class BufferingMixin: """ Mixin which adds write buffering. """ _delayedWriteCall = None data = None DELAY = 0.0 def schedule(self): return reactor.callLater(self.DELAY, self.flush) def reschedule(self, token): token.reset(self.DELAY) def write(self, data): """ Buffer some bytes to be written soon. Every call to this function delays the real write by C{self.DELAY} seconds. When the delay expires, all collected bytes are written to the underlying transport using L{ITransport.writeSequence}. """ if self._delayedWriteCall is None: self.data = [] self._delayedWriteCall = self.schedule() else: self.reschedule(self._delayedWriteCall) self.data.append(data) def flush(self): """ Flush the buffer immediately. """ self._delayedWriteCall = None self.transport.writeSequence(self.data) self.data = None ��endpoints.py��0000644��00000072411�15027667726�0007150 0��ustar�00��# -- test-case-name: twisted.conch.test.test_endpoints -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Endpoint implementations of various SSH interactions. """ __all__ = ["AuthenticationFailed", "SSHCommandAddress", "SSHCommandClientEndpoint"] import signal from os.path import expanduser from struct import unpack from zope.interface import Interface, implementer from twisted.conch.client.agent import SSHAgentClient from twisted.conch.client.default import _KNOWN_HOSTS from twisted.conch.client.knownhosts import ConsoleUI, KnownHostsFile from twisted.conch.ssh.channel import SSHChannel from twisted.conch.ssh.common import NS, getNS from twisted.conch.ssh.connection import SSHConnection from twisted.conch.ssh.keys import Key from twisted.conch.ssh.transport import SSHClientTransport from twisted.conch.ssh.userauth import SSHUserAuthClient from twisted.internet.defer import CancelledError, Deferred, succeed from twisted.internet.endpoints import TCP4ClientEndpoint, connectProtocol from twisted.internet.error import ConnectionDone, ProcessTerminated from twisted.internet.interfaces import IStreamClientEndpoint from twisted.internet.protocol import Factory from twisted.logger import Logger from twisted.python.compat import nativeString, networkString from twisted.python.failure import Failure from twisted.python.filepath import FilePath class AuthenticationFailed(Exception): """ An SSH session could not be established because authentication was not successful. """ # This should be public. See #6541. class _ISSHConnectionCreator(Interface): """ An L{_ISSHConnectionCreator} knows how to create SSH connections somehow. """ def secureConnection(): """ Return a new, connected, secured, but not yet authenticated instance of L{twisted.conch.ssh.transport.SSHServerTransport} or L{twisted.conch.ssh.transport.SSHClientTransport}. """ def cleanupConnection(connection, immediate): """ Perform cleanup necessary for a connection object previously returned from this creator's C{secureConnection} method. @param connection: An L{twisted.conch.ssh.transport.SSHServerTransport} or L{twisted.conch.ssh.transport.SSHClientTransport} returned by a previous call to C{secureConnection}. It is no longer needed by the caller of that method and may be closed or otherwise cleaned up as necessary. @param immediate: If C{True} don't wait for any network communication, just close the connection immediately and as aggressively as necessary. """ class SSHCommandAddress: """ An L{SSHCommandAddress} instance represents the address of an SSH server, a username which was used to authenticate with that server, and a command which was run there. @ivar server: See L{__init__} @ivar username: See L{__init__} @ivar command: See L{__init__} """ def __init__(self, server, username, command): """ @param server: The address of the SSH server on which the command is running. @type server: L{IAddress} provider @param username: An authentication username which was used to authenticate against the server at the given address. @type username: L{bytes} @param command: A command which was run in a session channel on the server at the given address. @type command: L{bytes} """ self.server = server self.username = username self.command = command class _CommandChannel(SSHChannel): """ A L{_CommandChannel} executes a command in a session channel and connects its input and output to an L{IProtocol} provider. @ivar _creator: See L{__init__} @ivar _command: See L{__init__} @ivar _protocolFactory: See L{__init__} @ivar _commandConnected: See L{__init__} @ivar _protocol: An L{IProtocol} provider created using C{_protocolFactory} which is hooked up to the running command's input and output streams. """ name = b"session" _log = Logger() def __init__(self, creator, command, protocolFactory, commandConnected): """ @param creator: The L{_ISSHConnectionCreator} provider which was used to get the connection which this channel exists on. @type creator: L{_ISSHConnectionCreator} provider @param command: The command to be executed. @type command: L{bytes} @param protocolFactory: A client factory to use to build a L{IProtocol} provider to use to associate with the running command. @param commandConnected: A L{Deferred} to use to signal that execution of the command has failed or that it has succeeded and the command is now running. @type commandConnected: L{Deferred} """ SSHChannel.__init__(self) self._creator = creator self._command = command self._protocolFactory = protocolFactory self._commandConnected = commandConnected self._reason = None def openFailed(self, reason): """ When the request to open a new channel to run this command in fails, fire the C{commandConnected} deferred with a failure indicating that. """ self._commandConnected.errback(reason) def channelOpen(self, ignored): """ When the request to open a new channel to run this command in succeeds, issue an C{"exec"} request to run the command. """ command = self.conn.sendRequest( self, b"exec", NS(self._command), wantReply=True ) command.addCallbacks(self._execSuccess, self._execFailure) def _execFailure(self, reason): """ When the request to execute the command in this channel fails, fire the C{commandConnected} deferred with a failure indicating this. @param reason: The cause of the command execution failure. @type reason: L{Failure} """ self._commandConnected.errback(reason) def _execSuccess(self, ignored): """ When the request to execute the command in this channel succeeds, use C{protocolFactory} to build a protocol to handle the command's input and output and connect the protocol to a transport representing those streams. Also fire C{commandConnected} with the created protocol after it is connected to its transport. @param ignored: The (ignored) result of the execute request """ self._protocol = self._protocolFactory.buildProtocol( SSHCommandAddress( self.conn.transport.transport.getPeer(), self.conn.transport.creator.username, self.conn.transport.creator.command, ) ) self._protocol.makeConnection(self) self._commandConnected.callback(self._protocol) def dataReceived(self, data): """ When the command's stdout data arrives over the channel, deliver it to the protocol instance. @param data: The bytes from the command's stdout. @type data: L{bytes} """ self._protocol.dataReceived(data) def request_exit_status(self, data): """ When the server sends the command's exit status, record it for later delivery to the protocol. @param data: The network-order four byte representation of the exit status of the command. @type data: L{bytes} """ (status,) = unpack(">L", data) if status != 0: self._reason = ProcessTerminated(status, None, None) def request_exit_signal(self, data): """ When the server sends the command's exit status, record it for later delivery to the protocol. @param data: The network-order four byte representation of the exit signal of the command. @type data: L{bytes} """ shortSignalName, data = getNS(data) coreDumped, data = bool(ord(data[0:1])), data[1:] errorMessage, data = getNS(data) languageTag, data = getNS(data) signalName = f"SIG{nativeString(shortSignalName)}" signalID = getattr(signal, signalName, -1) self._log.info( "Process exited with signal {shortSignalName!r};" " core dumped: {coreDumped};" " error message: {errorMessage};" " language: {languageTag!r}", shortSignalName=shortSignalName, coreDumped=coreDumped, errorMessage=errorMessage.decode("utf-8"), languageTag=languageTag, ) self._reason = ProcessTerminated(None, signalID, None) def closed(self): """ When the channel closes, deliver disconnection notification to the protocol. """ self._creator.cleanupConnection(self.conn, False) if self._reason is None: reason = ConnectionDone("ssh channel closed") else: reason = self._reason self._protocol.connectionLost(Failure(reason)) class _ConnectionReady(SSHConnection): """ L{_ConnectionReady} is an L{SSHConnection} (an SSH service) which only propagates the I{serviceStarted} event to a L{Deferred} to be handled elsewhere. """ def __init__(self, ready): """ @param ready: A L{Deferred} which should be fired when I{serviceStarted} happens. """ SSHConnection.__init__(self) self._ready = ready def serviceStarted(self): """ When the SSH I{connection} I{service} this object represents is ready to be used, fire the C{connectionReady} L{Deferred} to publish that event to some other interested party. """ self._ready.callback(self) del self._ready class _UserAuth(SSHUserAuthClient): """ L{_UserAuth} implements the client part of SSH user authentication in the convenient way a user might expect if they are familiar with the interactive I{ssh} command line client. L{_UserAuth} supports key-based authentication, password-based authentication, and delegating authentication to an agent. """ password = None keys = None agent = None def getPublicKey(self): """ Retrieve the next public key object to offer to the server, possibly delegating to an authentication agent if there is one. @return: The public part of a key pair that could be used to authenticate with the server, or L{None} if there are no more public keys to try. @rtype: L{twisted.conch.ssh.keys.Key} or L{None} """ if self.agent is not None: return self.agent.getPublicKey() if self.keys: self.key = self.keys.pop(0) else: self.key = None return self.key.public() def signData(self, publicKey, signData): """ Extend the base signing behavior by using an SSH agent to sign the data, if one is available. @type publicKey: L{Key} @type signData: L{str} """ if self.agent is not None: return self.agent.signData(publicKey.blob(), signData) else: return SSHUserAuthClient.signData(self, publicKey, signData) def getPrivateKey(self): """ Get the private part of a key pair to use for authentication. The key corresponds to the public part most recently returned from C{getPublicKey}. @return: A L{Deferred} which fires with the private key. @rtype: L{Deferred} """ return succeed(self.key) def getPassword(self): """ Get the password to use for authentication. @return: A L{Deferred} which fires with the password, or L{None} if the password was not specified. """ if self.password is None: return return succeed(self.password) def ssh_USERAUTH_SUCCESS(self, packet): """ Handle user authentication success in the normal way, but also make a note of the state change on the L{_CommandTransport}. """ self.transport._state = b"CHANNELLING" return SSHUserAuthClient.ssh_USERAUTH_SUCCESS(self, packet) def connectToAgent(self, endpoint): """ Set up a connection to the authentication agent and trigger its initialization. @param endpoint: An endpoint which can be used to connect to the authentication agent. @type endpoint: L{IStreamClientEndpoint} provider @return: A L{Deferred} which fires when the agent connection is ready for use. """ factory = Factory() factory.protocol = SSHAgentClient d = endpoint.connect(factory) def connected(agent): self.agent = agent return agent.getPublicKeys() d.addCallback(connected) return d def loseAgentConnection(self): """ Disconnect the agent. """ if self.agent is None: return self.agent.transport.loseConnection() class _CommandTransport(SSHClientTransport): """ L{_CommandTransport} is an SSH client I{transport} which includes a host key verification step before it will proceed to secure the connection. L{_CommandTransport} also knows how to set up a connection to an authentication agent if it is told where it can connect to one. @ivar _userauth: The L{_UserAuth} instance which is in charge of the overall authentication process or L{None} if the SSH connection has not reach yet the C{user-auth} service. @type _userauth: L{_UserAuth} """ # STARTING -> SECURING -> AUTHENTICATING -> CHANNELLING -> RUNNING _state = b"STARTING" _hostKeyFailure = None _userauth = None def __init__(self, creator): """ @param creator: The L{_NewConnectionHelper} that created this connection. @type creator: L{_NewConnectionHelper}. """ self.connectionReady = Deferred(lambda d: self.transport.abortConnection()) # Clear the reference to that deferred to help the garbage collector # and to signal to other parts of this implementation (in particular # connectionLost) that it has already been fired and does not need to # be fired again. def readyFired(result): self.connectionReady = None return result self.connectionReady.addBoth(readyFired) self.creator = creator def verifyHostKey(self, hostKey, fingerprint): """ Ask the L{KnownHostsFile} provider available on the factory which created this protocol this protocol to verify the given host key. @return: A L{Deferred} which fires with the result of L{KnownHostsFile.verifyHostKey}. """ hostname = self.creator.hostname ip = networkString(self.transport.getPeer().host) self._state = b"SECURING" d = self.creator.knownHosts.verifyHostKey( self.creator.ui, hostname, ip, Key.fromString(hostKey) ) d.addErrback(self._saveHostKeyFailure) return d def _saveHostKeyFailure(self, reason): """ When host key verification fails, record the reason for the failure in order to fire a L{Deferred} with it later. @param reason: The cause of the host key verification failure. @type reason: L{Failure} @return: C{reason} @rtype: L{Failure} """ self._hostKeyFailure = reason return reason def connectionSecure(self): """ When the connection is secure, start the authentication process. """ self._state = b"AUTHENTICATING" command = _ConnectionReady(self.connectionReady) self._userauth = _UserAuth(self.creator.username, command) self._userauth.password = self.creator.password if self.creator.keys: self._userauth.keys = list(self.creator.keys) if self.creator.agentEndpoint is not None: d = self._userauth.connectToAgent(self.creator.agentEndpoint) else: d = succeed(None) def maybeGotAgent(ignored): self.requestService(self._userauth) d.addBoth(maybeGotAgent) def connectionLost(self, reason): """ When the underlying connection to the SSH server is lost, if there were any connection setup errors, propagate them. Also, clean up the connection to the ssh agent if one was created. """ if self._userauth: self._userauth.loseAgentConnection() if self._state == b"RUNNING" or self.connectionReady is None: return if self._state == b"SECURING" and self._hostKeyFailure is not None: reason = self._hostKeyFailure elif self._state == b"AUTHENTICATING": reason = Failure( AuthenticationFailed("Connection lost while authenticating") ) self.connectionReady.errback(reason) @implementer(IStreamClientEndpoint) class SSHCommandClientEndpoint: """ L{SSHCommandClientEndpoint} exposes the command-executing functionality of SSH servers. L{SSHCommandClientEndpoint} can set up a new SSH connection, authenticate it in any one of a number of different ways (keys, passwords, agents), launch a command over that connection and then associate its input and output with a protocol. It can also re-use an existing, already-authenticated SSH connection (perhaps one which already has some SSH channels being used for other purposes). In this case it creates a new SSH channel to use to execute the command. Notably this means it supports multiplexing several different command invocations over a single SSH connection. """ def __init__(self, creator, command): """ @param creator: An L{_ISSHConnectionCreator} provider which will be used to set up the SSH connection which will be used to run a command. @type creator: L{_ISSHConnectionCreator} provider @param command: The command line to execute on the SSH server. This byte string is interpreted by a shell on the SSH server, so it may have a value like C{"ls /"}. Take care when trying to run a command like C{"/Volumes/My Stuff/a-program"} - spaces (and other special bytes) may require escaping. @type command: L{bytes} """ self._creator = creator self._command = command @classmethod def newConnection( cls, reactor, command, username, hostname, port=None, keys=None, password=None, agentEndpoint=None, knownHosts=None, ui=None, ): """ Create and return a new endpoint which will try to create a new connection to an SSH server and run a command over it. It will also close the connection if there are problems leading up to the command being executed, after the command finishes, or if the connection L{Deferred} is cancelled. @param reactor: The reactor to use to establish the connection. @type reactor: L{IReactorTCP} provider @param command: See L{__init__}'s C{command} argument. @param username: The username with which to authenticate to the SSH server. @type username: L{bytes} @param hostname: The hostname of the SSH server. @type hostname: L{bytes} @param port: The port number of the SSH server. By default, the standard SSH port number is used. @type port: L{int} @param keys: Private keys with which to authenticate to the SSH server, if key authentication is to be attempted (otherwise L{None}). @type keys: L{list} of L{Key} @param password: The password with which to authenticate to the SSH server, if password authentication is to be attempted (otherwise L{None}). @type password: L{bytes} or L{None} @param agentEndpoint: An L{IStreamClientEndpoint} provider which may be used to connect to an SSH agent, if one is to be used to help with authentication. @type agentEndpoint: L{IStreamClientEndpoint} provider @param knownHosts: The currently known host keys, used to check the host key presented by the server we actually connect to. @type knownHosts: L{KnownHostsFile} @param ui: An object for interacting with users to make decisions about whether to accept the server host keys. If L{None}, a L{ConsoleUI} connected to /dev/tty will be used; if /dev/tty is unavailable, an object which answers C{b"no"} to all prompts will be used. @type ui: L{None} or L{ConsoleUI} @return: A new instance of C{cls} (probably L{SSHCommandClientEndpoint}). """ helper = _NewConnectionHelper( reactor, hostname, port, command, username, keys, password, agentEndpoint, knownHosts, ui, ) return cls(helper, command) @classmethod def existingConnection(cls, connection, command): """ Create and return a new endpoint which will try to open a new channel on an existing SSH connection and run a command over it. It will B{not} close the connection if there is a problem executing the command or after the command finishes. @param connection: An existing connection to an SSH server. @type connection: L{SSHConnection} @param command: See L{SSHCommandClientEndpoint.newConnection}'s C{command} parameter. @type command: L{bytes} @return: A new instance of C{cls} (probably L{SSHCommandClientEndpoint}). """ helper = _ExistingConnectionHelper(connection) return cls(helper, command) def connect(self, protocolFactory): """ Set up an SSH connection, use a channel from that connection to launch a command, and hook the stdin and stdout of that command up as a transport for a protocol created by the given factory. @param protocolFactory: A L{Factory} to use to create the protocol which will be connected to the stdin and stdout of the command on the SSH server. @return: A L{Deferred} which will fire with an error if the connection cannot be set up for any reason or with the protocol instance created by C{protocolFactory} once it has been connected to the command. """ d = self._creator.secureConnection() d.addCallback(self._executeCommand, protocolFactory) return d def _executeCommand(self, connection, protocolFactory): """ Given a secured SSH connection, try to execute a command in a new channel created on it and associate the result with a protocol from the given factory. @param connection: See L{SSHCommandClientEndpoint.existingConnection}'s C{connection} parameter. @param protocolFactory: See L{SSHCommandClientEndpoint.connect}'s C{protocolFactory} parameter. @return: See L{SSHCommandClientEndpoint.connect}'s return value. """ commandConnected = Deferred() def disconnectOnFailure(passthrough): # Close the connection immediately in case of cancellation, since # that implies user wants it gone immediately (e.g. a timeout): immediate = passthrough.check(CancelledError) self._creator.cleanupConnection(connection, immediate) return passthrough commandConnected.addErrback(disconnectOnFailure) channel = _CommandChannel( self._creator, self._command, protocolFactory, commandConnected ) connection.openChannel(channel) return commandConnected class _ReadFile: """ A weakly file-like object which can be used with L{KnownHostsFile} to respond in the negative to all prompts for decisions. """ def __init__(self, contents): """ @param contents: L{bytes} which will be returned from every C{readline} call. """ self._contents = contents def write(self, data): """ No-op. @param data: ignored """ def readline(self, count=-1): """ Always give back the byte string that this L{_ReadFile} was initialized with. @param count: ignored @return: A fixed byte-string. @rtype: L{bytes} """ return self._contents def close(self): """ No-op. """ @implementer(_ISSHConnectionCreator) class _NewConnectionHelper: """ L{_NewConnectionHelper} implements L{_ISSHConnectionCreator} by establishing a brand new SSH connection, securing it, and authenticating. """ _KNOWN_HOSTS = _KNOWN_HOSTS port = 22 def __init__( self, reactor, hostname, port, command, username, keys, password, agentEndpoint, knownHosts, ui, tty=FilePath(b"/dev/tty"), ): """ @param tty: The path of the tty device to use in case C{ui} is L{None}. @type tty: L{FilePath} @see: L{SSHCommandClientEndpoint.newConnection} """ self.reactor = reactor self.hostname = hostname if port is not None: self.port = port self.command = command self.username = username self.keys = keys self.password = password self.agentEndpoint = agentEndpoint if knownHosts is None: knownHosts = self._knownHosts() self.knownHosts = knownHosts if ui is None: ui = ConsoleUI(self._opener) self.ui = ui self.tty = tty def _opener(self): """ Open the tty if possible, otherwise give back a file-like object from which C{b"no"} can be read. For use as the opener argument to L{ConsoleUI}. """ try: return self.tty.open("rb+") except BaseException: # Give back a file-like object from which can be read a byte string # that KnownHostsFile recognizes as rejecting some option (b"no"). return _ReadFile(b"no") @classmethod def _knownHosts(cls): """ @return: A L{KnownHostsFile} instance pointed at the user's personal I{known hosts} file. @rtype: L{KnownHostsFile} """ return KnownHostsFile.fromPath(FilePath(expanduser(cls._KNOWN_HOSTS))) def secureConnection(self): """ Create and return a new SSH connection which has been secured and on which authentication has already happened. @return: A L{Deferred} which fires with the ready-to-use connection or with a failure if something prevents the connection from being setup, secured, or authenticated. """ protocol = _CommandTransport(self) ready = protocol.connectionReady sshClient = TCP4ClientEndpoint( self.reactor, nativeString(self.hostname), self.port ) d = connectProtocol(sshClient, protocol) d.addCallback(lambda ignored: ready) return d def cleanupConnection(self, connection, immediate): """ Clean up the connection by closing it. The command running on the endpoint has ended so the connection is no longer needed. @param connection: The L{SSHConnection} to close. @type connection: L{SSHConnection} @param immediate: Whether to close connection immediately. @type immediate: L{bool}. """ if immediate: # We're assuming the underlying connection is an ITCPTransport, # which is what the current implementation is restricted to: connection.transport.transport.abortConnection() else: connection.transport.loseConnection() @implementer(_ISSHConnectionCreator) class _ExistingConnectionHelper: """ L{_ExistingConnectionHelper} implements L{_ISSHConnectionCreator} by handing out an existing SSH connection which is supplied to its initializer. """ def __init__(self, connection): """ @param connection: See L{SSHCommandClientEndpoint.existingConnection}'s C{connection} parameter. """ self.connection = connection def secureConnection(self): """ @return: A L{Deferred} that fires synchronously with the already-established connection object. """ return succeed(self.connection) def cleanupConnection(self, connection, immediate): """ Do not do any cleanup on the connection. Leave that responsibility to whatever code created it in the first place. @param connection: The L{SSHConnection} which will not be modified in any way. @type connection: L{SSHConnection} @param immediate: An argument which will be ignored. @type immediate: L{bool}. """ ��client/agent.py��0000644��00000003351�15027667726�0007516 0��ustar�00��# -- test-case-name: twisted.conch.test.test_default -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Accesses the key agent for user authentication. Maintainer: Paul Swartz """ import os from twisted.conch.ssh import agent, channel, keys from twisted.internet import protocol, reactor from twisted.logger import Logger class SSHAgentClient(agent.SSHAgentClient): _log = Logger() def __init__(self): agent.SSHAgentClient.__init__(self) self.blobs = [] def getPublicKeys(self): return self.requestIdentities().addCallback(self._cbPublicKeys) def _cbPublicKeys(self, blobcomm): self._log.debug("got {num_keys} public keys", num_keys=len(blobcomm)) self.blobs = [x[0] for x in blobcomm] def getPublicKey(self): """ Return a L{Key} from the first blob in C{self.blobs}, if any, or return L{None}. """ if self.blobs: return keys.Key.fromString(self.blobs.pop(0)) return None class SSHAgentForwardingChannel(channel.SSHChannel): def channelOpen(self, specificData): cc = protocol.ClientCreator(reactor, SSHAgentForwardingLocal) d = cc.connectUNIX(os.environ["SSH_AUTH_SOCK"]) d.addCallback(self._cbGotLocal) d.addErrback(lambda x: self.loseConnection()) self.buf = "" def _cbGotLocal(self, local): self.local = local self.dataReceived = self.local.transport.write self.local.dataReceived = self.write def dataReceived(self, data): self.buf += data def closed(self): if self.local: self.local.loseConnection() self.local = None class SSHAgentForwardingLocal(protocol.Protocol): pass ��client/__pycache__/knownhosts.cpython-310.pyc��0000644��00000047302�15027667726�0015200 0��ustar�00��o ��b�M��@��sP��d�Z�ddlZddlZddlmZmZmZ�ddlm Z �ddl mZ�ddlm Z �ddlmZmZmZ�ddlmZ�dd lmZmZmZ�dd lmZ�ddlmZ�ddlmZ�dd lmZ�ddl m!Z!�e��Z"dd��Z#dd��Z$G�dd��d�Z%e e�G�dd��de%��Z&e e�G�dd��d��Z'dd��Z(e e�G�dd��de%e!��Z)G�dd��d�ZG�dd ��d �Z+dS�)!zE An implementation of the OpenSSH known_hosts database. @since: 8.2 ��N)�Error� a2b_base64� b2a_base64)�closing)�sha1)�implementer)�HostKeyChanged�InvalidEntry�UserRejectedKey)�IKnownHostEntry)�BadKeyError�FingerprintFormats�Key)�defer)�Logger)�nativeString)�secureRandom)�FancyEqMixinc��C��s��t�\|��S�)z� Encode a binary string as base64 with no trailing newline. @param s: The string to encode. @type s: L{bytes} @return: The base64-encoded string. @rtype: L{bytes} )r��strip)�s��r��A/usr/lib/python3/dist-packages/twisted/conch/client/knownhosts.py� _b64encode ��s�� r��c�� C��sz��\|��dd�}t\|�dkrt��\|\}}}\|��dd�}t\|�dkr\|\}}\|�d�}n\|d�}d}t�t\|��}\|\|\|\|fS�)a�� Extract common elements of base64 keys from an entry in a hosts file. @param string: A known hosts file entry (a single line). @type string: L{bytes} @return: a 4-tuple of hostname data (L{bytes}), ssh key type (L{bytes}), key (L{Key}), and comment (L{bytes} or L{None}). The hostname data is simply the beginning of the line up to the first occurrence of whitespace. @rtype: L{tuple} N�� r��)�split�lenr ��rstripr�� fromStringr��) �string�elements� hostnames�keyType� keyAndComment�splitkey� keyString�comment�keyr��r��r��_extractCommon-��s�� r��c��@��s ��e�Zd�ZdZdd��Zdd��ZdS�)� _BaseEntrya�� Abstract base of both hashed and non-hashed entry objects, since they represent keys and key types the same way. @ivar keyType: The type of the key; either ssh-dss or ssh-rsa. @type keyType: L{bytes} @ivar publicKey: The server public key indicated by this line. @type publicKey: L{twisted.conch.ssh.keys.Key} @ivar comment: Trailing garbage after the key line. @type comment: L{bytes} c��C��s��\|\|�_�\|\|�_\|\|�_d�S��N)r$�� publicKeyr(��)�selfr$��r-��r(��r��r��r��__init__X��s�� z_BaseEntry.__init__c��C��s ��\|�j�\|kS�)a�� Check to see if this entry matches a given key object. @param keyObject: A public key object to check. @type keyObject: L{Key} @return: C{True} if this entry's key matches C{keyObject}, C{False} otherwise. @rtype: L{bool} )r-��)r.�� keyObjectr��r��r�� matchesKey]��s�� z_BaseEntry.matchesKeyN)�__name__� __module__�__qualname__�__doc__r/��r1��r��r��r��r��r+��I��s��r+��c��s<��e�Zd�ZdZ��fdd�Zedd��Zdd��Zdd ��Z��Z S�) � PlainEntryz� A L{PlainEntry} is a representation of a plain-text entry in a known_hosts file. @ivar _hostnames: the list of all host-names associated with this entry. @type _hostnames: L{list} of L{bytes} c��s��\|\|�_�t��\|\|\|��d�S�r,��)� _hostnames�superr/��)r.��r#��r$��r-��r(�� __class__r��r��r/��u��s��zPlainEntry.__init__c��C��s(��t�\|�\}}}}\|�\|�d�\|\|\|�}\|S�)a�� Parse a plain-text entry in a known_hosts file, and return a corresponding L{PlainEntry}. @param string: a space-separated string formatted like "hostname key-type base64-key-data comment". @type string: L{bytes} @raise DecodeError: if the key is not valid encoded as valid base64. @raise InvalidEntry: if the entry does not have the right number of elements and is therefore invalid. @raise BadKeyError: if the key, once decoded from base64, is not actually an SSH key. @return: an IKnownHostEntry representing the hostname and key in the input line. @rtype: L{PlainEntry} ��,)r��r��)�clsr!��r#��r$��r)��r(��r.��r��r��r��r ��y��s��zPlainEntry.fromStringc��C��s��t�\|t�r \|�d�}\|\|�jv�S�)aT�� Check to see if this entry matches a given hostname. @param hostname: A hostname or IP address literal to check against this entry. @type hostname: L{bytes} @return: C{True} if this entry is for the given hostname or IP address, C{False} otherwise. @rtype: L{bool} �utf-8)� isinstance�str�encoder7��r.��hostnamer��r��r��matchesHost��s�� zPlainEntry.matchesHostc��C��s>��d��\|�j�\|�jt\|�j��g}\|�jdur\|�\|�j��d��\|�S�)a�� Implement L{IKnownHostEntry.toString} by recording the comma-separated hostnames, key type, and base-64 encoded key. @return: The string representation of this entry, with unhashed hostname information. @rtype: L{bytes} r;��N�� )�joinr7��r$��r��r-��blobr(��append�r.��fieldsr��r��r��toString��s�� zPlainEntry.toString) r2��r3��r4��r5��r/��classmethodr ��rC��rJ�� __classcell__r��r��r9��r��r6��k��s�� r6��c��@��s0��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd S�)� UnparsedEntryz� L{UnparsedEntry} is an entry in a L{KnownHostsFile} which can't actually be parsed; therefore it matches no keys and no hosts. c��C�� \|\|�_�dS�)zv Create an unparsed entry from a line in a known_hosts file which cannot otherwise be parsed. N)�_string)r.��r!��r��r��r��r/��s�� zUnparsedEntry.__init__c��C��dS��z' Always returns False. Fr��rA��r��r��r��rC��zUnparsedEntry.matchesHostc��C��rP��rQ��r��)r.��r)��r��r��r��r1��rR��zUnparsedEntry.matchesKeyc��C��s��\|�j��d�S�)a�� Returns the input line, without its newline if one was given. @return: The string representation of this entry, almost exactly as was used to initialize this entry but without a trailing newline. @rtype: L{bytes} r��)rO��r��r.��r��r��r��rJ��s��zUnparsedEntry.toStringN)r2��r3��r4��r5��r/��rC��r1��rJ��r��r��r��r��rM��s��rM��c��C��s4��t�j\|�td�}t\|t�r\|�d�}\|�\|��\|��S�)z� Return the SHA-1 HMAC hash of the given key and string. @param key: The HMAC key. @type key: L{bytes} @param string: The string to be hashed. @type string: L{bytes} @return: The keyed hash value. @rtype: L{bytes} )� digestmodr=��)�hmac�HMACr��r>��r?��r@��update�digest)r)��r!��hashr��r��r�� _hmacedString��s �� rZ��c��sD��e�Zd�ZdZdZdZ��fdd�Zedd��Zdd ��Z d d��Z ��ZS�)�HashedEntrya�� A L{HashedEntry} is a representation of an entry in a known_hosts file where the hostname has been hashed and salted. @ivar _hostSalt: the salt to combine with a hostname for hashing. @ivar _hostHash: the hashed representation of the hostname. @cvar MAGIC: the 'hash magic' string used to identify a hashed line in a known_hosts file as opposed to a plaintext one. s��\|1\|)� _hostSalt� _hostHashr$��r-��r(��c��s ��\|\|�_�\|\|�_t��\|\|\|��d�S�r,��)r\��r]��r8��r/��)r.��hostSalt�hostHashr$��r-��r(��r9��r��r��r/��s��zHashedEntry.__init__c�� C��s^��t�\|�\}}}}\|t\|�j�d��d�}t\|�dkrt��\|\}}\|�t\|�t\|�\|\|\|�} \| S�)a#�� Load a hashed entry from a string representing a line in a known_hosts file. @param string: A complete single line from a I{known_hosts} file, formatted as defined by OpenSSH. @type string: L{bytes} @raise DecodeError: if the key, the hostname, or the is not valid encoded as valid base64 @raise InvalidEntry: if the entry does not have the right number of elements and is therefore invalid, or the host/hash portion contains more items than just the host and hash. @raise BadKeyError: if the key, once decoded from base64, is not actually an SSH key. @return: The newly created L{HashedEntry} instance, initialized with the information from C{string}. N��\|r��)r��r��MAGICr��r ��r��) r<��r!��stuffr$��r)��r(��saltAndHashr^��r_��r.��r��r��r��r ��s��zHashedEntry.fromStringc��C��s��t��t\|�j\|�\|�j�S�)a�� Implement L{IKnownHostEntry.matchesHost} to compare the hash of the input to the stored hash. @param hostname: A hostname or IP address literal to check against this entry. @type hostname: L{bytes} @return: C{True} if this entry is for the given hostname or IP address, C{False} otherwise. @rtype: L{bool} )rU��compare_digestrZ��r\��r]��rA��r��r��r��rC��'��s�� zHashedEntry.matchesHostc��C��sR��\|�j�d�t\|�j�t\|�j�g��\|�jt\|�j��g}\|�jdur$\|� \|�j��d�\|�S�)z� Implement L{IKnownHostEntry.toString} by base64-encoding the salt, host hash, and key. @return: The string representation of this entry, with the hostname part hashed. @rtype: L{bytes} r`��NrD��) ra��rE��r��r\��r]��r$��r-��rF��r(��rG��rH��r��r��r��rJ��8��s�� zHashedEntry.toString)r2��r3��r4��r5��ra��compareAttributesr/��rK��r ��rC��rJ��rL��r��r��r9��r��r[��s�� r[��c��@��sX��e�Zd�ZdZdd��Zedd��Zdd��Zdd ��Zd d��Z dd ��Z dd��Zedd��Z dS�)�KnownHostsFileaz�� A structured representation of an OpenSSH-format ~/.ssh/known_hosts file. @ivar _added: A list of L{IKnownHostEntry} providers which have been added to this instance in memory but not yet saved. @ivar _clobber: A flag indicating whether the current contents of the save path will be disregarded and potentially overwritten or not. If C{True}, this will be done. If C{False}, entries in the save path will be read and new entries will be saved by appending rather than overwriting. @type _clobber: L{bool} @ivar _savePath: See C{savePath} parameter of L{__init__}. c��C��s��g�\|�_�\|\|�_d\|�_dS�)a$�� Create a new, empty KnownHostsFile. Unless you want to erase the current contents of C{savePath}, you want to use L{KnownHostsFile.fromPath} instead. @param savePath: The L{FilePath} to which to save new entries. @type savePath: L{FilePath} TN)�_added� _savePath�_clobber)r.��savePathr��r��r��r/��]��s�� zKnownHostsFile.__init__c��C��s��\|�j�S�)z< @see: C{savePath} parameter of L{__init__} )rh��rS��r��r��r��rj��k��s��zKnownHostsFile.savePathc��c��s��\|�j�D�]}\|V��q\|�jrdS�z\|�j��}W�n �ty ��Y�dS�w�\|�5�\|D�])}z\|�tj�r5t�\|�}nt �\|�}W�n�t ttfyK��t \|�}Y�nw�\|V��q&W�d��dS�1�s[w��Y��dS�)aK�� Iterate over the host entries in this file. @return: An iterable the elements of which provide L{IKnownHostEntry}. There is an element for each entry in the file as well as an element for each added but not yet saved entry. @rtype: iterable of L{IKnownHostEntry} providers N)rg��ri��rh��open�OSError� startswithr[��ra��r ��r6��DecodeErrorr ��r��rM��)r.��entry�fp�liner��r��r��iterentriesr��s.�� "�zKnownHostsFile.iterentriesc��C��sx��t�\|��t\|�j��D�].\}}\|�\|�r9\|j\|��kr9\|�\|�r#�dS�\|dk�r,d}d}n\|d�}\|�j}t \|\|\|��qdS�)a�� Check for an entry with matching hostname and key. @param hostname: A hostname or IP address literal to check for. @type hostname: L{bytes} @param key: The public key to check for. @type key: L{Key} @return: C{True} if the given hostname and key are present in this file, C{False} if they are not. @rtype: L{bool} @raise HostKeyChanged: if the host key found for the given hostname does not match the given key. Tr��Nr��F) � enumeraterr��r��rg��rC��r$��sshTyper1��rh��r��)r.��rB��r)��lineidxro��rq��pathr��r��r�� hasHostKey��s�� zKnownHostsFile.hasHostKeyc��s.��t��j��}��fdd�}\|�\|�S�)a�� Verify the given host key for the given IP and host, asking for confirmation from, and notifying, the given UI about changes to this file. @param ui: The user interface to request an IP address from. @param hostname: The hostname that the user requested to connect to. @param ip: The string representation of the IP address that is actually being connected to. @param key: The public key of the server. @return: a L{Deferred} that fires with True when the key has been verified, or fires with an errback when the key either cannot be verified or has changed. @rtype: L{Deferred} c��s��\|�r!��s��d��t��f��\|�S��fdd�}��}\|dkr4d}dt��t��\|�jtjd�f�}�� \|� t��}\|� \|�S�)NzZWarning: Permanently added the %s host key for IP address '%s' to the list of known hosts.c��s.��\|�r��\|�S�t��r,��)� addHostKey�saver ��)�response)rB��ipr)��r.��r��r��promptResponse��s��zGKnownHostsFile.verifyHostKey.<locals>.gotHasKey.<locals>.promptResponse�EC�ECDSAz�The authenticity of host '%s (%s)' can't be established. %s key fingerprint is SHA256:%s. Are you sure you want to continue connecting (yes/no)? )�format)rw��warn�typer��rx��ry��fingerprintr �� SHA256_BASE64�promptr@��sys�getdefaultencoding�addCallback)�resultr\|��keytyper��proceed�rB��r{��r)��r.��uir��r�� gotHasKey��s0�� z/KnownHostsFile.verifyHostKey.<locals>.gotHasKey)r�� maybeDeferredrw��r��)r.��r��rB��r{��r)��hhkr��r��r��r�� verifyHostKey��s�� zKnownHostsFile.verifyHostKeyc��C��s6��t�d�}\|��}t\|t\|\|�\|\|d�}\|�j�\|��\|S�)a�� Add a new L{HashedEntry} to the key database. Note that you still need to call L{KnownHostsFile.save} if you wish these changes to be persisted. @param hostname: A hostname or IP address literal to associate with the new entry. @type hostname: L{bytes} @param key: The public key to associate with the new entry. @type key: L{Key} @return: The L{HashedEntry} that was added. @rtype: L{HashedEntry} ��N)r��rt��r[��rZ��rg��rG��)r.��rB��r)��saltr$��ro��r��r��r��rx��s ��zKnownHostsFile.addHostKeyc��C��s��\|�j��}\|��s \|��\|�jrd}nd}\|�j��\|��}\|�jr2\|�d�dd��\|�jD��d��g�\|�_W�d��n1�s<w��Y��d\|�_dS�)zM Save this L{KnownHostsFile} to the path it was loaded from. �wb�abr��c��S��s��g�\|�]}\|��qS�r��)rJ��)�.0ro��r��r��r�� <listcomp>��s��z'KnownHostsFile.save.<locals>.<listcomp>NF) rh��parent�isdir�makedirsri��rk��rg��writerE��)r.��p�mode�hostsFileObjr��r��r��ry��s�� zKnownHostsFile.savec��C��s��\|�\|�}d\|_�\|S�)a�� Create a new L{KnownHostsFile}, potentially reading existing known hosts information from the given file. @param path: A path object to use for both reading contents from and later saving to. If no file exists at this path, it is not an error; a L{KnownHostsFile} with no entries is returned. @type path: L{FilePath} @return: A L{KnownHostsFile} initialized with entries from C{path}. @rtype: L{KnownHostsFile} F)ri��)r<��rv�� knownHostsr��r��r��fromPath ��s��zKnownHostsFile.fromPathN)r2��r3��r4��r5��r/��propertyrj��rr��rw��r��rx��ry��rK��r��r��r��r��r��rf��L��s�� !Brf��c��@��s(��e�Zd�ZdZdd��Zdd��Zdd��ZdS�) � ConsoleUIz� A UI object that can ask true/false questions and post notifications on the console, to be used during key verification. c��C��rN��)aA�� @param opener: A no-argument callable which should open a console binary-mode file-like object to be used for reading and writing. This initializes the C{opener} attribute. @type opener: callable taking no arguments and returning a read/write file-like object N)�opener)r.��r��r��r��r��r/��9��s�� zConsoleUI.__init__c��s"��t��d�}��fdd�}\|�\|�S�)a�� Write the given text as a prompt to the console output, then read a result from the console input. @param text: Something to present to a user to solicit a yes or no response. @type text: L{bytes} @return: a L{Deferred} which fires with L{True} when the user answers 'yes' and L{False} when the user answers 'no'. It may errback if there were any I/O errors. Nc��s~��t��/}\|�� \|��}\|dkr" �W�d��dS�\|dkr/ �W�d��dS�\|�d��q 1�s8w��Y��d�S�)NTs��yess��noFs��Please type 'yes' or 'no': )r��r��r��readliner��lower)�ignored�f�answer�r.��textr��r��bodyR��s�� zConsoleUI.prompt.<locals>.body)r��succeedr��)r.��r��dr��r��r��r��r��C��s�� zConsoleUI.promptc��C��s`��z t�\|��}\|�\|��W�d��W�dS�1�sw��Y��W�dS��ty/��t�d��Y�dS�w�)z� Notify the user (non-interactively) of the provided text, by writing it to the console. @param text: Some information the user is to be made aware of. @type text: L{bytes} NzFailed to write to console)r��r��r�� Exception�log�failure)r.��r��r��r��r��r��r��`��s��&��zConsoleUI.warnN)r2��r3��r4��r5��r/��r��r��r��r��r��r��r��3��s �� r��),r5��rU��r��binasciir��rn��r��r�� contextlibr��hashlibr��zope.interfacer��twisted.conch.errorr��r ��r ��twisted.conch.interfacesr��twisted.conch.ssh.keysr��r ��r��twisted.internetr��twisted.loggerr��twisted.python.compatr��twisted.python.randbytesr��twisted.python.utilr��r��r��r��r+��r6��rM��rZ��r[��rf��r��r��r��r��r��<module>��s:�� "L$Z�h��client/__pycache__/__init__.cpython-310.pyc��0000644��00000000341�15027667726�0014512 0��ustar�00��o ��b��@��s��d�Z�dS�)z9 Client support code for Conch. Maintainer: Paul Swartz N)�__doc__��r��r��?/usr/lib/python3/dist-packages/twisted/conch/client/__init__.py�<module>��s��client/__pycache__/connect.cpython-310.pyc��0000644��00000001264�15027667726�0014411 0��ustar�00��o ��b��@��s��d�dl�mZ�dejiZdd��Zdd��ZdS�)��)�directr��c��C��s��dg}t�d�\|\|�\|\|\|\|�S�)Nr��)� _ebConnect)�host�port�options� verifyHostKey�userAuthObject�useConnects��r ��>/usr/lib/python3/dist-packages/twisted/conch/client/connect.py�connect ��s��r��c�� C��sD��\|s\|�S�\|��d�}t\|�}�\|�\|\|\|\|\|�}\|�t\|\|\|\|\|\|��\|S�)Nr��)�pop�connectTypes� addErrbackr��) �fr ��r��r��r��vhk�uao�connectType�dr ��r ��r��r��s�� r��N)�twisted.conch.clientr��r��r��r��r ��r ��r ��r��<module>��s�� client/__pycache__/agent.cpython-310.pyc��0000644��00000005761�15027667726�0014064 0��ustar�00��o ��b��@��sv��d�Z�ddlZddlmZmZmZ�ddlmZmZ�ddl m Z �G�dd��dej�ZG�dd ��d ej�Z G�d d��dej�ZdS�)zJ Accesses the key agent for user authentication. Maintainer: Paul Swartz ��N)�agent�channel�keys)�protocol�reactor)�Loggerc��@��s2��e�Zd�Ze��Zdd��Zdd��Zdd��Zdd��Zd S�) �SSHAgentClientc��C��s��t�j�\|��g�\|�_d�S��N)r��r��__init__�blobs��self��r��</usr/lib/python3/dist-packages/twisted/conch/client/agent.pyr ��s�� zSSHAgentClient.__init__c��C��s��\|��\|�j�S�r ��)�requestIdentities�addCallback� _cbPublicKeysr��r��r��r�� getPublicKeys��s��zSSHAgentClient.getPublicKeysc��C��s(��\|�j�jdt\|�d��dd��\|D��\|�_d�S�)Nzgot {num_keys} public keys)�num_keysc��S��s��g�\|�]}\|d��qS�)r��r��)�.0�xr��r��r�� <listcomp>��s��z0SSHAgentClient._cbPublicKeys.<locals>.<listcomp>)�_log�debug�lenr��)r ��blobcommr��r��r��r��s��zSSHAgentClient._cbPublicKeysc��C��s��\|�j�r tj�\|�j��d��S�dS�)zj Return a L{Key} from the first blob in C{self.blobs}, if any, or return L{None}. r��N)r��r��Key� fromString�popr��r��r��r��getPublicKey ��s��zSSHAgentClient.getPublicKeyN) �__name__� __module__�__qualname__r��r��r ��r��r��r��r��r��r��r��r��s��r��c��@��s,��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd S�) �SSHAgentForwardingChannelc��sD��t��tt�}\|�tjd��}\|��j��\|� ��fdd��d��_ d�S�)N� SSH_AUTH_SOCKc��s��S�r ��)�loseConnection)r��r��r��r��<lambda>/��s��z7SSHAgentForwardingChannel.channelOpen.<locals>.<lambda>��)r�� ClientCreatorr��SSHAgentForwardingLocal�connectUNIX�os�environr��_cbGotLocal� addErrback�buf)r ��specificData�cc�dr��r��r��channelOpen+��s �� z%SSHAgentForwardingChannel.channelOpenc��C��s ��\|\|�_�\|�j�jj\|�_\|�j\|�j�_d�S�r ��)�local� transport�write�dataReceived)r ��r4��r��r��r��r-��2��s��z%SSHAgentForwardingChannel._cbGotLocalc��C��s��\|��j�\|7��_�d�S�r ��)r/��)r ��datar��r��r��r7��7��s��z&SSHAgentForwardingChannel.dataReceivedc��C��s��\|�j�r \|�j��d�\|�_�d�S�d�S�r ��)r4��r%��r��r��r��r��closed:��s�� z SSHAgentForwardingChannel.closedN)r ��r!��r"��r3��r-��r7��r9��r��r��r��r��r#����s ��r#��c��@��s��e�Zd�ZdS�)r)��N)r ��r!��r"��r��r��r��r��r)��@��s��r)��)�__doc__r+��twisted.conch.sshr��r��r��twisted.internetr��r��twisted.loggerr��r�� SSHChannelr#��Protocolr)��r��r��r��r��<module>��s��client/__pycache__/options.cpython-310.pyc��0000644��00000007555�15027667726�0014464 0��ustar�00��o ��b��@��sN��d�dl�Z�d�dlmZmZmZ�d�dlmZmZ�d�dlm Z �G�dd��de j �ZdS�)��N)�List�Optional�Union)� SSHCiphers�SSHClientTransport)�usagec��@��sN��e�Zd�ZU�g�d�g�d�g�d�g�d�g�d�g�d�g�d�g�d�g�d �g�d �g Zeeeeeef��e d<�g�d�g�d �g�d�g�d�g�d�g�d�g�d�gZ ejdge� ��ejdd��ej��D��dd�ejdd��ej��D��dd�ejdd��ejD��dd�d�e��ejdd�ejddd �gd!�Zd"d#��Zd$d%��Zd&d'��Zd(d)��Zdd+��Zd,d-��Zd.S�)/�ConchOptions)�user�lNzLog in using this user name.)�identity�iN)�ciphers�cN)�macs�mN)�port�pNz7Connect to this port. Server must be on the same port.)�option�oNzIgnored OpenSSH options)�host-key-algorithms��N)zknown-hostsr��NzFile to check for host keys)�user-authenticationsr��Nz%Types of user authentications to use.)�logfiler��NzFile to log to, or - for stdout� optParameters)�version�VzDisplay version number only.)�compress�CzEnable compression.)�log�vz#Enable logging (defaults to stderr))�nox11�xz+Disable X11 connection forwarding (default))�agent�Az&Enable authentication agent forwarding)�noagent�az1Disable authentication agent forwarding (default))� reconnect�rz2Reconnect to the server if the connection is lost.)r"��r$��c��C��g�\|�]}\|��qS��decode��.0r��r)��r)��>/usr/lib/python3/dist-packages/twisted/conch/client/options.py� <listcomp>��zConchOptions.<listcomp>zciphers to choose from)�descrc��C��r(��r)��r��r,��r)��r)��r.��r/��.��r0��zmacs to choose fromc��C��r(��r)��r��r,��r)��r)��r.��r/��2��r0��z"host key algorithms to choose from)r ��r ��r��r��command�argumentT)r1��repeat)�mutuallyExclusive� optActions�extraActionsc��O��s��t�jj\|�g\|�R�i�\|��g�\|�_d�\|�_d�S�)N)r��Options�__init__� identitys�conns)�self�args�kwr)��r)��r.��r9��?��s�� zConchOptions.__init__c��C��s��\|�j��\|��dS�)z&Identity for public-key authenticationN)r:��append)r<��r��r)��r)��r.��opt_identityD��s��zConchOptions.opt_identityc��C��s8��\|��d�}\|D�]}\|tjvrt�d\|��q\|\|�d<�dS�)zSelect encryption algorithms�,zUnknown cipher type '%s'r ��N)�splitr�� cipherMap�sys�exit)r<��r ��cipherr)��r)��r.��opt_ciphersH��s�� zConchOptions.opt_ciphersc��C��L��t�\|t�r \|�d�}\|�d�}\|D�]}\|tjvrt�d\|��q\|\|�d<�dS�)zSpecify MAC algorithms�utf-8��,zUnknown mac type '%r'r��N)� isinstance�str�encoderB��r��macMaprD��rE��)r<��r��macr)��r)��r.��opt_macsP�� zConchOptions.opt_macsc��C��rH��)zSelect host key algorithmsrI��rJ��zUnknown host key type '%r'r��N)rK��rL��rM��rB��r��supportedPublicKeysrD��rE��)r<��hkas�hkar)��r)��r.��opt_host_key_algorithmsZ��rQ��z$ConchOptions.opt_host_key_algorithmsc��C��s&��t�\|t�r \|�d�}\|�d�\|�d<�dS�)z/Choose how to authenticate to the remote serverrI��rJ��r��N)rK��rL��rM��rB��)r<��uasr)��r)��r.��opt_user_authenticationsd��s�� z%ConchOptions.opt_user_authenticationsN)�__name__� __module__�__qualname__r��r��r��r��rL��int�__annotations__�optFlagsr��Completions�CompleteUsernames�CompleteMultiListr��rC��keysrN��r��rR��CompleteUserAtHost� Completer�compDatar9��r@��rG��rP��rU��rW��r)��r)��r)��r.��r��s^�� r��)rD��typingr��r��r��twisted.conch.ssh.transportr��r��twisted.pythonr��r8��r��r)��r)��r)��r.��<module>��s ��client/__pycache__/direct.cpython-310.pyc��0000644��00000007760�15027667726�0014241 0��ustar�00��o ��b��@��s\��d�dl�mZ�d�dlmZ�d�dlmZmZmZ�G�dd��dej�Z G�dd��dej �Z dd ��Zd S�)��)�error)� transport)�defer�protocol�reactorc��@��s,��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd S�) �SSHClientFactoryc��C��s��\|\|�_�\|\|�_\|\|�_\|\|�_d�S��N)�d�options� verifyHostKey�userAuthObject)�selfr ��r ��r��r��r��=/usr/lib/python3/dist-packages/twisted/conch/client/direct.py�__init__��s�� zSSHClientFactory.__init__c��C��s��\|�j�d�r\|��d�S�d�S�)N� reconnect)r ��connect)r �� connector�reasonr��r��r��clientConnectionLost��s�� z%SSHClientFactory.clientConnectionLostc��C��s��\|�j�d�u�rd�S�\|�j�d�}\|�_�\|�\|��d�S�r��)r ��errback)r ��r��r��r ��r��r��r��clientConnectionFailed��s�� z'SSHClientFactory.clientConnectionFailedc��C��sh��t�\|��}\|�jd�r\|�jd�\|_\|�jd�r\|�jd�\|_\|�jd�r'dg\|jdd�<�\|�jd�r2\|�jd�\|_\|S�)N�ciphers�macs�compress�zlibr��zhost-key-algorithms)�SSHClientTransportr ��supportedCiphers� supportedMACs�supportedCompressions�supportedPublicKeys)r ��addr�transr��r��r�� buildProtocol��s�� zSSHClientFactory.buildProtocolN)�__name__� __module__�__qualname__r��r��r��r$��r��r��r��r��r�� s ��r��c��@��sL��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dd��Z dS�)r��c��C��s��\|\|�_�d�\|�_d�S�r��)�factory� unixServer)r ��r(��r��r��r��r��)��s�� zSSHClientTransport.__init__c��s:��j�r�j��}d��_�nt�d��}\|��fdd��d�S�)Nc��s��t�j��S�r��)r��r��connectionLost)�x�r��r ��r��r��<lambda>4��s��z3SSHClientTransport.connectionLost.<locals>.<lambda>)r)�� stopListeningr��succeed�addCallback)r ��r��r ��r��r,��r��r��-��s�� z!SSHClientTransport.connectionLostc��C��s8��\|�j�jd�u�rd�S�\|�j�jd�}\|�j�_\|�t�\|\|��d�S�r��)r(��r ��r��r�� ConchError)r ��code�descr ��r��r��r��receiveError7��s��zSSHClientTransport.receiveErrorc��C��sH��\|�j�jd�u�rd�S�\|�j�jd�}\|�j�_tj�\|�\|\|��\|�t�\|\|��d�S�r��)r(��r ��r��r��sendDisconnectr��r��r1��)r ��r2��r��r ��r��r��r��r5��=��s ��z!SSHClientTransport.sendDisconnectc��C��s(��\|�j�jd\|\|\|d��\|rt\|��d�S�d�S�)Nz!Received Debug Message: {message})�message� alwaysDisplay�lang)�_log�debug�print)r ��r7��r6��r8��r��r��r��receiveDebugD��s��zSSHClientTransport.receiveDebugc��C��s��\|�j��\|�\|�j��j\|\|�S�r��)r(��r��r��getPeer�host)r ��pubKey�fingerprintr��r��r��r��N��s��z SSHClientTransport.verifyHostKeyc��C��s\��\|�j�jd\|d��tj�\|�\|��\|jdkr\|�jjd�ur,\|�jjd�}\|�j_\|�d��d�S�d�S�d�S�)Nz"setting client server to {service})�servicezssh-userauth) r9��infor��r�� setService�namer(��r ��callback)r ��rA��r ��r��r��r��rC��S��s��zSSHClientTransport.setServicec��C��s��\|��\|�jj��d�S�r��)�requestServicer(��r��)r ��r��r��r��connectionSecureZ��s��z#SSHClientTransport.connectionSecureN)r%��r&��r'��r��r��r4��r5��r<��r��rC��rG��r��r��r��r��r��(��s�� r��c��C��s(��t��}t\|\|\|\|�}t�\|�\|\|��\|S�r��)r��Deferredr��r�� connectTCP)r>��portr ��r��r��r ��r(��r��r��r��r��^��s��r��N)� twisted.conchr��twisted.conch.sshr��twisted.internetr��r��r�� ClientFactoryr��r��r��r��r��r��r��<module>��s��6��client/__pycache__/default.cpython-310.pyc��0000644��00000025624�15027667726�0014412 0��ustar�00��o ��b�.��@��s��d�Z�ddlZddlZddlZddlZddlZddlmZ�ddlm Z �ddl mZmZ�ddl mZ�ddlmZmZmZ�ddlmZmZmZ�dd lmZ�dd lmZ�dZeZeZdd ��Z dd��Z!dd��Z"G�dd��dej#�Z#dS�)aN�� Various classes and functions for implementing user-interaction in the command-line conch client. You probably shouldn't use anything in this module directly, since it assumes you are sitting at an interactive terminal. For example, to programmatically interact with a known_hosts database, use L{twisted.conch.client.knownhosts}. ��N)�decodebytes)�agent)� ConsoleUI�KnownHostsFile)� ConchError)�common�keys�userauth)�defer�protocol�reactor)�nativeString)�FilePathz~/.ssh/known_hostsc��C��sV��\|�j�jd�}tj�\|�}t�t\|�j�jd�ptj � t��}tdd��}\|� \|\|\|\|�S�)a%�� Verify a host's key. This function is a gross vestige of some bad factoring in the client internals. The actual implementation, and a better signature of this logic is in L{KnownHostsFile.verifyHostKey}. This function is not deprecated yet because the callers have not yet been rehabilitated, but they should eventually be changed to call that method instead. However, this function does perform two functions not implemented by L{KnownHostsFile.verifyHostKey}. It determines the path to the user's known_hosts file based on the options (which should really be the options object's job), and it provides an opener to L{ConsoleUI} which opens '/dev/tty' so that the user will be prompted on the tty of the process even if the input and output of the process has been redirected. This latter part is, somewhat obviously, not portable, but I don't know of a portable equivalent that could be used. @param host: Due to a bug in L{SSHClientTransport.verifyHostKey}, this is always the dotted-quad IP address of the host being connected to. @type host: L{str} @param transport: the client transport which is attempting to connect to the given host. @type transport: L{SSHClientTransport} @param fingerprint: the fingerprint of the given public key, in xx:xx:xx:... format. This is ignored in favor of getting the fingerprint from the key itself. @type fingerprint: L{str} @param pubKey: The public key of the server being connected to. @type pubKey: L{str} @return: a L{Deferred} which fires with C{1} if the key was successfully verified, or fails if the key could not be successfully verified. Failure types may include L{HostKeyChanged}, L{UserRejectedKey}, L{IOError} or L{KeyboardInterrupt}. �host�known-hostsc��S��s��t�dddd�S�)N�/dev/ttyzr+br��)� buffering)�_open��r��r��>/usr/lib/python3/dist-packages/twisted/conch/client/default.py�<lambda>V��s��zverifyHostKey.<locals>.<lambda>)�factory�optionsr��Key� fromStringr��fromPathr��os�path� expanduser�_KNOWN_HOSTSr�� verifyHostKey)� transportr��pubKey�fingerprint� actualHost� actualKey�kh�uir��r��r��r ��'��s��(��r ��c�� C��s8��t��\|�d�}d}\|d�s$tj�tj�d��s$td��t�tj�d��\|d�p)t}zt tj�\|�d�}W�n �t y?��Y�dS�w�\|�P�\|��D�]B}\|��}t \|�dk�rTqG\|dd��\} } }\|�\| �d �vreqG\| \|krjqGzt\|�}W�n �tyy��Y�qGw�\|\|kr��W�d��d S�d}qGW�d��\|S�1�s�w��Y��\|S�)z� Checks to see if host is in the known_hosts file for the user. @return: 0 if it isn't, 1 if it is and is the same, 2 if it's changed. @rtype: L{int} r��r��z~/.ssh/zCreating ~/.ssh directory...z~/.ssh�rb��N��,��)r��getNSr��r��existsr��print�mkdirr��open�OSError� readlines�split�lenr�� BaseException) r��r"��r��keyType�retVal�kh_file�known_hosts�liner4��hosts�hostKeyType� encodedKey� decodedKeyr��r��r��isInKnownHostsZ��sF�� r@��c��C��sX��t��t\|d�ptj�t��}g�}\|��D�]}\|�\|��r'\|j \|vr'\|� \|j ��q\|p+dS�)a�� Look in known_hosts for a key corresponding to C{host}. This can be used to change the order of supported key types in the KEXINIT packet. @type host: L{str} @param host: the host to check in known_hosts @type options: L{twisted.conch.client.options.ConchOptions} @param options: options passed to client @return: L{list} of L{str} representing key types or L{None}. r��N)r��r��r��r��r��r��r��iterentries�matchesHostr7��append)r��r�� knownHosts�keyTypes�entryr��r��r��getHostKeyAlgorithms��s�� rG��c��@��s��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zddd�Z dd��Z dd��Zdd��Zdd��Z edd��Zeejdd��Zd S�)�SSHUserAuthClientc��G��s@��t�jj\|�\|g\|�R��d�\|�_\|\|�_g�\|�_\|jsddg\|_d�S�d�S�)Nz ~/.ssh/id_rsaz ~/.ssh/id_dsa)r ��rH��__init__�keyAgentr�� usedFiles� identitys)�self�userr��argsr��r��r��rI��s��zSSHUserAuthClient.__init__c��C��st��dt�jv�r2\|�jd�s2\|�jjdt�jd�d��t�ttj �}\|� t�jd��}\|�\|�j��\|� \|�j��d�S�tj�\|��d�S�)N� SSH_AUTH_SOCK�noagentzusing SSH agent {authSock!r})�authSock)r��environr��_log�debugr�� ClientCreatorr��r��SSHAgentClient�connectUNIX�addCallback� _setAgent� addErrback�_ebSetAgentr ��rH��serviceStarted)rM��cc�dr��r��r��r]��s�� z SSHUserAuthClient.serviceStartedc��C��s ��\|�j�r\|�j�j��d�\|�_�d�S�d�S��N)rJ��r!��loseConnection�rM��r��r��r��serviceStopped��s�� z SSHUserAuthClient.serviceStoppedc��C��s ��\|\|�_�\|�j��}\|�\|�j��\|S�r`��)rJ�� getPublicKeys�addBothr\��)rM��ar_��r��r��r��rZ��s�� zSSHUserAuthClient._setAgentc��C��s��t�j�\|��d�S�r`��)r ��rH��r]��)rM��fr��r��r��r\��s��zSSHUserAuthClient._ebSetAgentc�� C��s^��\|��!�zt�\|�}\|W�W��d��S��ttfy$��t��td��w�1�s(w��Y��dS�)z� Prompt for a password using L{getpass.getpass}. @param prompt: Written on tty to ask for the input. @type prompt: L{str} @return: The input. @rtype: L{str} N�PEBKAC)�_replaceStdoutStdin�getpass�KeyboardInterruptr2��r/��r��rM��prompt�pr��r��r��_getPassword��s�� zSSHUserAuthClient._getPasswordNc��C��sf��\|rt�\|�}nd�t�\|�j�\|�jj��j�}z\|��\|��t� ��}t �\|�W�S��ty2��t � ��Y�S�w�)Nz{}@{}'s password: )r ��formatrN��r!��getPeerr��ro��encode�sys�getdefaultencodingr ��succeedr��failrl��r��r��r��getPassword��s�� zSSHUserAuthClient.getPasswordc��s��j�r��j��}\|dur\|S��fdd��jjD��}��jjd��jj\|d��\|s(dS�\|d�}��j�\|��tj � \|�}\|d7�}tj �\|�sF��S�ztj �\|�W�S��tjy[��Y�S�w�)z� Get a public key from the key agent if possible, otherwise look in the next configured identity file for one. Nc��s��g�\|�] }\|��j�vr\|�qS�r��)rK��)�.0�xrb��r��r�� <listcomp>��s��z2SSHUserAuthClient.getPublicKey.<locals>.<listcomp>z+public key identities: {identities} {files})� identities�filesr��z.pub)rJ��getPublicKeyr��rL��rT��rU��rK��rC��r��r��r��r.��r��r��fromFile�BadKeyError)rM��keyr\|��filer��rb��r��r}��s.�� zSSHUserAuthClient.getPublicKeyc��C��s(��\|�j�s\|�j�\|��\|�S�tj�\|�\|\|�S�)z� Extend the base signing behavior by using an SSH agent to sign the data, if one is available. @type publicKey: L{Key} @type signData: L{bytes} )rK��rJ��signData�blobr ��rH��)rM�� publicKeyr��r��r��r��r��s��zSSHUserAuthClient.signDatac�� C��s��t�j�\|�jd��}t�j�\|�sdS�z t�tj� \|��W�S��tj yc��td�D�]:}d\|�jd��}z\|��\|�� t��}t�tjj \|\|d��W��Y�S��tjtfyV��Y�nw�t�td��Y�S��tys��t��t��Y�dS�w�)z� Try to load the private key from the last used file identified by C{getPublicKey}, potentially asking for the passphrase if the key is encrypted. ��Nr)��zEnter passphrase for key '%s': )� passphrasezbad password)r��r��r��rK��r.��r ��ru��r��r��r~��EncryptedKeyError�rangero��rr��rs��getfilesystemencodingr��r��rv��rk��r/��r��stop)rM��r��irm��rn��r��r��r�� getPrivateKey��s(�� zSSHUserAuthClient.getPrivateKeyc��C��s��g�}\|��8�\|rt\|�d��\|rt\|�d��\|D�]\}}\|�d�}\|r.\|�t\|��q\|�t�\|��qW�d��n1�sAw��Y��t�\|�S�)Nzutf-8)ri��r/��decoderC��_inputrj��r ��ru��)rM��name�instruction�prompts� responsesrm��echor��r��r��getGenericAnswers ��s�� z#SSHUserAuthClient.getGenericAnswersc��C��s(��t��tdd��}t��tdd��}\|\|fS�)a0�� Open /dev/tty as two streams one in read, one in write mode, and return them. @return: File objects for reading and writing to /dev/tty, corresponding to standard input and standard output. @rtype: A L{tuple} of L{io.TextIOWrapper} on Python 3. r��r(��wb)�io� TextIOWrapperr1��)�cls�stdin�stdoutr��r��r��_openTty/��s�� zSSHUserAuthClient._openTtyc�� c��st��t�jt�j}}\|��\t�_t�_zdV��W�t�j��t�j��\|\|t�_t�_dS�t�j��t�j��\|\|t�_t�_w�)zv Contextmanager that replaces stdout and stdin with /dev/tty and resets them when it is done. N)rs��r��r��r��close)r��oldout�oldinr��r��r��ri��=��s�� z%SSHUserAuthClient._replaceStdoutStdinr`��)�__name__� __module__�__qualname__rI��r]��rc��rZ��r\��ro��rw��r}��r��r��r��classmethodr�� contextlib�contextmanagerri��r��r��r��r��rH��s"�� rH��)$�__doc__r��rj��r��r��rs��base64r��twisted.conch.clientr��twisted.conch.client.knownhostsr��r��twisted.conch.errorr��twisted.conch.sshr��r��r ��twisted.internetr ��r��r��twisted.python.compatr ��twisted.python.filepathr��r��r1��r��inputr��r ��r@��rG��rH��r��r��r��r��<module>��s�� 3'��client/default.py��0000644��00000027227�15027667726�0010054 0��ustar�00��# -- test-case-name: twisted.conch.test.test_knownhosts,twisted.conch.test.test_default -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Various classes and functions for implementing user-interaction in the command-line conch client. You probably shouldn't use anything in this module directly, since it assumes you are sitting at an interactive terminal. For example, to programmatically interact with a known_hosts database, use L{twisted.conch.client.knownhosts}. """ import contextlib import getpass import io import os import sys from base64 import decodebytes from twisted.conch.client import agent from twisted.conch.client.knownhosts import ConsoleUI, KnownHostsFile from twisted.conch.error import ConchError from twisted.conch.ssh import common, keys, userauth from twisted.internet import defer, protocol, reactor from twisted.python.compat import nativeString from twisted.python.filepath import FilePath # The default location of the known hosts file (probably should be parsed out # of an ssh config file someday). _KNOWN_HOSTS = "~/.ssh/known_hosts" # This name is bound so that the unit tests can use 'patch' to override it. _open = open _input = input def verifyHostKey(transport, host, pubKey, fingerprint): """ Verify a host's key. This function is a gross vestige of some bad factoring in the client internals. The actual implementation, and a better signature of this logic is in L{KnownHostsFile.verifyHostKey}. This function is not deprecated yet because the callers have not yet been rehabilitated, but they should eventually be changed to call that method instead. However, this function does perform two functions not implemented by L{KnownHostsFile.verifyHostKey}. It determines the path to the user's known_hosts file based on the options (which should really be the options object's job), and it provides an opener to L{ConsoleUI} which opens '/dev/tty' so that the user will be prompted on the tty of the process even if the input and output of the process has been redirected. This latter part is, somewhat obviously, not portable, but I don't know of a portable equivalent that could be used. @param host: Due to a bug in L{SSHClientTransport.verifyHostKey}, this is always the dotted-quad IP address of the host being connected to. @type host: L{str} @param transport: the client transport which is attempting to connect to the given host. @type transport: L{SSHClientTransport} @param fingerprint: the fingerprint of the given public key, in xx:xx:xx:... format. This is ignored in favor of getting the fingerprint from the key itself. @type fingerprint: L{str} @param pubKey: The public key of the server being connected to. @type pubKey: L{str} @return: a L{Deferred} which fires with C{1} if the key was successfully verified, or fails if the key could not be successfully verified. Failure types may include L{HostKeyChanged}, L{UserRejectedKey}, L{IOError} or L{KeyboardInterrupt}. """ actualHost = transport.factory.options["host"] actualKey = keys.Key.fromString(pubKey) kh = KnownHostsFile.fromPath( FilePath( transport.factory.options["known-hosts"] or os.path.expanduser(_KNOWN_HOSTS) ) ) ui = ConsoleUI(lambda: _open("/dev/tty", "r+b", buffering=0)) return kh.verifyHostKey(ui, actualHost, host, actualKey) def isInKnownHosts(host, pubKey, options): """ Checks to see if host is in the known_hosts file for the user. @return: 0 if it isn't, 1 if it is and is the same, 2 if it's changed. @rtype: L{int} """ keyType = common.getNS(pubKey)[0] retVal = 0 if not options["known-hosts"] and not os.path.exists(os.path.expanduser("~/.ssh/")): print("Creating ~/.ssh directory...") os.mkdir(os.path.expanduser("~/.ssh")) kh_file = options["known-hosts"] or _KNOWN_HOSTS try: known_hosts = open(os.path.expanduser(kh_file), "rb") except OSError: return 0 with known_hosts: for line in known_hosts.readlines(): split = line.split() if len(split) < 3: continue hosts, hostKeyType, encodedKey = split[:3] if host not in hosts.split(b","): # incorrect host continue if hostKeyType != keyType: # incorrect type of key continue try: decodedKey = decodebytes(encodedKey) except BaseException: continue if decodedKey == pubKey: return 1 else: retVal = 2 return retVal def getHostKeyAlgorithms(host, options): """ Look in known_hosts for a key corresponding to C{host}. This can be used to change the order of supported key types in the KEXINIT packet. @type host: L{str} @param host: the host to check in known_hosts @type options: L{twisted.conch.client.options.ConchOptions} @param options: options passed to client @return: L{list} of L{str} representing key types or L{None}. """ knownHosts = KnownHostsFile.fromPath( FilePath(options["known-hosts"] or os.path.expanduser(_KNOWN_HOSTS)) ) keyTypes = [] for entry in knownHosts.iterentries(): if entry.matchesHost(host): if entry.keyType not in keyTypes: keyTypes.append(entry.keyType) return keyTypes or None class SSHUserAuthClient(userauth.SSHUserAuthClient): def __init__(self, user, options, args): userauth.SSHUserAuthClient.__init__(self, user, args) self.keyAgent = None self.options = options self.usedFiles = [] if not options.identitys: options.identitys = ["~/.ssh/id_rsa", "~/.ssh/id_dsa"] def serviceStarted(self): if "SSH_AUTH_SOCK" in os.environ and not self.options["noagent"]: self._log.debug( "using SSH agent {authSock!r}", authSock=os.environ["SSH_AUTH_SOCK"] ) cc = protocol.ClientCreator(reactor, agent.SSHAgentClient) d = cc.connectUNIX(os.environ["SSH_AUTH_SOCK"]) d.addCallback(self._setAgent) d.addErrback(self._ebSetAgent) else: userauth.SSHUserAuthClient.serviceStarted(self) def serviceStopped(self): if self.keyAgent: self.keyAgent.transport.loseConnection() self.keyAgent = None def _setAgent(self, a): self.keyAgent = a d = self.keyAgent.getPublicKeys() d.addBoth(self._ebSetAgent) return d def _ebSetAgent(self, f): userauth.SSHUserAuthClient.serviceStarted(self) def _getPassword(self, prompt): """ Prompt for a password using L{getpass.getpass}. @param prompt: Written on tty to ask for the input. @type prompt: L{str} @return: The input. @rtype: L{str} """ with self._replaceStdoutStdin(): try: p = getpass.getpass(prompt) return p except (KeyboardInterrupt, OSError): print() raise ConchError("PEBKAC") def getPassword(self, prompt=None): if prompt: prompt = nativeString(prompt) else: prompt = "{}@{}'s password: ".format( nativeString(self.user), self.transport.transport.getPeer().host, ) try: # We don't know the encoding the other side is using, # signaling that is not part of the SSH protocol. But # using our defaultencoding is better than just going for # ASCII. p = self._getPassword(prompt).encode(sys.getdefaultencoding()) return defer.succeed(p) except ConchError: return defer.fail() def getPublicKey(self): """ Get a public key from the key agent if possible, otherwise look in the next configured identity file for one. """ if self.keyAgent: key = self.keyAgent.getPublicKey() if key is not None: return key files = [x for x in self.options.identitys if x not in self.usedFiles] self._log.debug( "public key identities: {identities}\n{files}", identities=self.options.identitys, files=files, ) if not files: return None file = files[0] self.usedFiles.append(file) file = os.path.expanduser(file) file += ".pub" if not os.path.exists(file): return self.getPublicKey() # try again try: return keys.Key.fromFile(file) except keys.BadKeyError: return self.getPublicKey() # try again def signData(self, publicKey, signData): """ Extend the base signing behavior by using an SSH agent to sign the data, if one is available. @type publicKey: L{Key} @type signData: L{bytes} """ if not self.usedFiles: # agent key return self.keyAgent.signData(publicKey.blob(), signData) else: return userauth.SSHUserAuthClient.signData(self, publicKey, signData) def getPrivateKey(self): """ Try to load the private key from the last used file identified by C{getPublicKey}, potentially asking for the passphrase if the key is encrypted. """ file = os.path.expanduser(self.usedFiles[-1]) if not os.path.exists(file): return None try: return defer.succeed(keys.Key.fromFile(file)) except keys.EncryptedKeyError: for i in range(3): prompt = "Enter passphrase for key '%s': " % self.usedFiles[-1] try: p = self._getPassword(prompt).encode(sys.getfilesystemencoding()) return defer.succeed(keys.Key.fromFile(file, passphrase=p)) except (keys.BadKeyError, ConchError): pass return defer.fail(ConchError("bad password")) raise except KeyboardInterrupt: print() reactor.stop() def getGenericAnswers(self, name, instruction, prompts): responses = [] with self._replaceStdoutStdin(): if name: print(name.decode("utf-8")) if instruction: print(instruction.decode("utf-8")) for prompt, echo in prompts: prompt = prompt.decode("utf-8") if echo: responses.append(_input(prompt)) else: responses.append(getpass.getpass(prompt)) return defer.succeed(responses) @classmethod def _openTty(cls): """ Open /dev/tty as two streams one in read, one in write mode, and return them. @return: File objects for reading and writing to /dev/tty, corresponding to standard input and standard output. @rtype: A L{tuple} of L{io.TextIOWrapper} on Python 3. """ stdin = io.TextIOWrapper(open("/dev/tty", "rb")) stdout = io.TextIOWrapper(open("/dev/tty", "wb")) return stdin, stdout @classmethod @contextlib.contextmanager def _replaceStdoutStdin(cls): """ Contextmanager that replaces stdout and stdin with /dev/tty and resets them when it is done. """ oldout, oldin = sys.stdout, sys.stdin sys.stdin, sys.stdout = cls._openTty() try: yield finally: sys.stdout.close() sys.stdin.close() sys.stdout, sys.stdin = oldout, oldin ��client/direct.py��0000644��00000006360�15027667726�0007675 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. from twisted.conch import error from twisted.conch.ssh import transport from twisted.internet import defer, protocol, reactor class SSHClientFactory(protocol.ClientFactory): def __init__(self, d, options, verifyHostKey, userAuthObject): self.d = d self.options = options self.verifyHostKey = verifyHostKey self.userAuthObject = userAuthObject def clientConnectionLost(self, connector, reason): if self.options["reconnect"]: connector.connect() def clientConnectionFailed(self, connector, reason): if self.d is None: return d, self.d = self.d, None d.errback(reason) def buildProtocol(self, addr): trans = SSHClientTransport(self) if self.options["ciphers"]: trans.supportedCiphers = self.options["ciphers"] if self.options["macs"]: trans.supportedMACs = self.options["macs"] if self.options["compress"]: trans.supportedCompressions[0:1] = ["zlib"] if self.options["host-key-algorithms"]: trans.supportedPublicKeys = self.options["host-key-algorithms"] return trans class SSHClientTransport(transport.SSHClientTransport): def __init__(self, factory): self.factory = factory self.unixServer = None def connectionLost(self, reason): if self.unixServer: d = self.unixServer.stopListening() self.unixServer = None else: d = defer.succeed(None) d.addCallback( lambda x: transport.SSHClientTransport.connectionLost(self, reason) ) def receiveError(self, code, desc): if self.factory.d is None: return d, self.factory.d = self.factory.d, None d.errback(error.ConchError(desc, code)) def sendDisconnect(self, code, reason): if self.factory.d is None: return d, self.factory.d = self.factory.d, None transport.SSHClientTransport.sendDisconnect(self, code, reason) d.errback(error.ConchError(reason, code)) def receiveDebug(self, alwaysDisplay, message, lang): self._log.debug( "Received Debug Message: {message}", message=message, alwaysDisplay=alwaysDisplay, lang=lang, ) if alwaysDisplay: # XXX what should happen here? print(message) def verifyHostKey(self, pubKey, fingerprint): return self.factory.verifyHostKey( self, self.transport.getPeer().host, pubKey, fingerprint ) def setService(self, service): self._log.info("setting client server to {service}", service=service) transport.SSHClientTransport.setService(self, service) if service.name != "ssh-userauth" and self.factory.d is not None: d, self.factory.d = self.factory.d, None d.callback(None) def connectionSecure(self): self.requestService(self.factory.userAuthObject) def connect(host, port, options, verifyHostKey, userAuthObject): d = defer.Deferred() factory = SSHClientFactory(d, options, verifyHostKey, userAuthObject) reactor.connectTCP(host, port, factory) return d ��client/knownhosts.py��0000644��00000046706�15027667726�0010650 0��ustar�00��# -- test-case-name: twisted.conch.test.test_knownhosts -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ An implementation of the OpenSSH known_hosts database. @since: 8.2 """ import hmac import sys from binascii import Error as DecodeError, a2b_base64, b2a_base64 from contextlib import closing from hashlib import sha1 from zope.interface import implementer from twisted.conch.error import HostKeyChanged, InvalidEntry, UserRejectedKey from twisted.conch.interfaces import IKnownHostEntry from twisted.conch.ssh.keys import BadKeyError, FingerprintFormats, Key from twisted.internet import defer from twisted.logger import Logger from twisted.python.compat import nativeString from twisted.python.randbytes import secureRandom from twisted.python.util import FancyEqMixin log = Logger() def _b64encode(s): """ Encode a binary string as base64 with no trailing newline. @param s: The string to encode. @type s: L{bytes} @return: The base64-encoded string. @rtype: L{bytes} """ return b2a_base64(s).strip() def _extractCommon(string): """ Extract common elements of base64 keys from an entry in a hosts file. @param string: A known hosts file entry (a single line). @type string: L{bytes} @return: a 4-tuple of hostname data (L{bytes}), ssh key type (L{bytes}), key (L{Key}), and comment (L{bytes} or L{None}). The hostname data is simply the beginning of the line up to the first occurrence of whitespace. @rtype: L{tuple} """ elements = string.split(None, 2) if len(elements) != 3: raise InvalidEntry() hostnames, keyType, keyAndComment = elements splitkey = keyAndComment.split(None, 1) if len(splitkey) == 2: keyString, comment = splitkey comment = comment.rstrip(b"\n") else: keyString = splitkey[0] comment = None key = Key.fromString(a2b_base64(keyString)) return hostnames, keyType, key, comment class _BaseEntry: """ Abstract base of both hashed and non-hashed entry objects, since they represent keys and key types the same way. @ivar keyType: The type of the key; either ssh-dss or ssh-rsa. @type keyType: L{bytes} @ivar publicKey: The server public key indicated by this line. @type publicKey: L{twisted.conch.ssh.keys.Key} @ivar comment: Trailing garbage after the key line. @type comment: L{bytes} """ def __init__(self, keyType, publicKey, comment): self.keyType = keyType self.publicKey = publicKey self.comment = comment def matchesKey(self, keyObject): """ Check to see if this entry matches a given key object. @param keyObject: A public key object to check. @type keyObject: L{Key} @return: C{True} if this entry's key matches C{keyObject}, C{False} otherwise. @rtype: L{bool} """ return self.publicKey == keyObject @implementer(IKnownHostEntry) class PlainEntry(_BaseEntry): """ A L{PlainEntry} is a representation of a plain-text entry in a known_hosts file. @ivar _hostnames: the list of all host-names associated with this entry. @type _hostnames: L{list} of L{bytes} """ def __init__(self, hostnames, keyType, publicKey, comment): self._hostnames = hostnames super().__init__(keyType, publicKey, comment) @classmethod def fromString(cls, string): """ Parse a plain-text entry in a known_hosts file, and return a corresponding L{PlainEntry}. @param string: a space-separated string formatted like "hostname key-type base64-key-data comment". @type string: L{bytes} @raise DecodeError: if the key is not valid encoded as valid base64. @raise InvalidEntry: if the entry does not have the right number of elements and is therefore invalid. @raise BadKeyError: if the key, once decoded from base64, is not actually an SSH key. @return: an IKnownHostEntry representing the hostname and key in the input line. @rtype: L{PlainEntry} """ hostnames, keyType, key, comment = _extractCommon(string) self = cls(hostnames.split(b","), keyType, key, comment) return self def matchesHost(self, hostname): """ Check to see if this entry matches a given hostname. @param hostname: A hostname or IP address literal to check against this entry. @type hostname: L{bytes} @return: C{True} if this entry is for the given hostname or IP address, C{False} otherwise. @rtype: L{bool} """ if isinstance(hostname, str): hostname = hostname.encode("utf-8") return hostname in self._hostnames def toString(self): """ Implement L{IKnownHostEntry.toString} by recording the comma-separated hostnames, key type, and base-64 encoded key. @return: The string representation of this entry, with unhashed hostname information. @rtype: L{bytes} """ fields = [ b",".join(self._hostnames), self.keyType, _b64encode(self.publicKey.blob()), ] if self.comment is not None: fields.append(self.comment) return b" ".join(fields) @implementer(IKnownHostEntry) class UnparsedEntry: """ L{UnparsedEntry} is an entry in a L{KnownHostsFile} which can't actually be parsed; therefore it matches no keys and no hosts. """ def __init__(self, string): """ Create an unparsed entry from a line in a known_hosts file which cannot otherwise be parsed. """ self._string = string def matchesHost(self, hostname): """ Always returns False. """ return False def matchesKey(self, key): """ Always returns False. """ return False def toString(self): """ Returns the input line, without its newline if one was given. @return: The string representation of this entry, almost exactly as was used to initialize this entry but without a trailing newline. @rtype: L{bytes} """ return self._string.rstrip(b"\n") def _hmacedString(key, string): """ Return the SHA-1 HMAC hash of the given key and string. @param key: The HMAC key. @type key: L{bytes} @param string: The string to be hashed. @type string: L{bytes} @return: The keyed hash value. @rtype: L{bytes} """ hash = hmac.HMAC(key, digestmod=sha1) if isinstance(string, str): string = string.encode("utf-8") hash.update(string) return hash.digest() @implementer(IKnownHostEntry) class HashedEntry(_BaseEntry, FancyEqMixin): """ A L{HashedEntry} is a representation of an entry in a known_hosts file where the hostname has been hashed and salted. @ivar _hostSalt: the salt to combine with a hostname for hashing. @ivar _hostHash: the hashed representation of the hostname. @cvar MAGIC: the 'hash magic' string used to identify a hashed line in a known_hosts file as opposed to a plaintext one. """ MAGIC = b"\|1\|" compareAttributes = ("_hostSalt", "_hostHash", "keyType", "publicKey", "comment") def __init__(self, hostSalt, hostHash, keyType, publicKey, comment): self._hostSalt = hostSalt self._hostHash = hostHash super().__init__(keyType, publicKey, comment) @classmethod def fromString(cls, string): """ Load a hashed entry from a string representing a line in a known_hosts file. @param string: A complete single line from a I{known_hosts} file, formatted as defined by OpenSSH. @type string: L{bytes} @raise DecodeError: if the key, the hostname, or the is not valid encoded as valid base64 @raise InvalidEntry: if the entry does not have the right number of elements and is therefore invalid, or the host/hash portion contains more items than just the host and hash. @raise BadKeyError: if the key, once decoded from base64, is not actually an SSH key. @return: The newly created L{HashedEntry} instance, initialized with the information from C{string}. """ stuff, keyType, key, comment = _extractCommon(string) saltAndHash = stuff[len(cls.MAGIC) :].split(b"\|") if len(saltAndHash) != 2: raise InvalidEntry() hostSalt, hostHash = saltAndHash self = cls(a2b_base64(hostSalt), a2b_base64(hostHash), keyType, key, comment) return self def matchesHost(self, hostname): """ Implement L{IKnownHostEntry.matchesHost} to compare the hash of the input to the stored hash. @param hostname: A hostname or IP address literal to check against this entry. @type hostname: L{bytes} @return: C{True} if this entry is for the given hostname or IP address, C{False} otherwise. @rtype: L{bool} """ return hmac.compare_digest( _hmacedString(self._hostSalt, hostname), self._hostHash ) def toString(self): """ Implement L{IKnownHostEntry.toString} by base64-encoding the salt, host hash, and key. @return: The string representation of this entry, with the hostname part hashed. @rtype: L{bytes} """ fields = [ self.MAGIC + b"\|".join([_b64encode(self._hostSalt), _b64encode(self._hostHash)]), self.keyType, _b64encode(self.publicKey.blob()), ] if self.comment is not None: fields.append(self.comment) return b" ".join(fields) class KnownHostsFile: """ A structured representation of an OpenSSH-format ~/.ssh/known_hosts file. @ivar _added: A list of L{IKnownHostEntry} providers which have been added to this instance in memory but not yet saved. @ivar _clobber: A flag indicating whether the current contents of the save path will be disregarded and potentially overwritten or not. If C{True}, this will be done. If C{False}, entries in the save path will be read and new entries will be saved by appending rather than overwriting. @type _clobber: L{bool} @ivar _savePath: See C{savePath} parameter of L{__init__}. """ def __init__(self, savePath): """ Create a new, empty KnownHostsFile. Unless you want to erase the current contents of C{savePath}, you want to use L{KnownHostsFile.fromPath} instead. @param savePath: The L{FilePath} to which to save new entries. @type savePath: L{FilePath} """ self._added = [] self._savePath = savePath self._clobber = True @property def savePath(self): """ @see: C{savePath} parameter of L{__init__} """ return self._savePath def iterentries(self): """ Iterate over the host entries in this file. @return: An iterable the elements of which provide L{IKnownHostEntry}. There is an element for each entry in the file as well as an element for each added but not yet saved entry. @rtype: iterable of L{IKnownHostEntry} providers """ for entry in self._added: yield entry if self._clobber: return try: fp = self._savePath.open() except OSError: return with fp: for line in fp: try: if line.startswith(HashedEntry.MAGIC): entry = HashedEntry.fromString(line) else: entry = PlainEntry.fromString(line) except (DecodeError, InvalidEntry, BadKeyError): entry = UnparsedEntry(line) yield entry def hasHostKey(self, hostname, key): """ Check for an entry with matching hostname and key. @param hostname: A hostname or IP address literal to check for. @type hostname: L{bytes} @param key: The public key to check for. @type key: L{Key} @return: C{True} if the given hostname and key are present in this file, C{False} if they are not. @rtype: L{bool} @raise HostKeyChanged: if the host key found for the given hostname does not match the given key. """ for lineidx, entry in enumerate(self.iterentries(), -len(self._added)): if entry.matchesHost(hostname) and entry.keyType == key.sshType(): if entry.matchesKey(key): return True else: # Notice that lineidx is 0-based but HostKeyChanged.lineno # is 1-based. if lineidx < 0: line = None path = None else: line = lineidx + 1 path = self._savePath raise HostKeyChanged(entry, path, line) return False def verifyHostKey(self, ui, hostname, ip, key): """ Verify the given host key for the given IP and host, asking for confirmation from, and notifying, the given UI about changes to this file. @param ui: The user interface to request an IP address from. @param hostname: The hostname that the user requested to connect to. @param ip: The string representation of the IP address that is actually being connected to. @param key: The public key of the server. @return: a L{Deferred} that fires with True when the key has been verified, or fires with an errback when the key either cannot be verified or has changed. @rtype: L{Deferred} """ hhk = defer.maybeDeferred(self.hasHostKey, hostname, key) def gotHasKey(result): if result: if not self.hasHostKey(ip, key): ui.warn( "Warning: Permanently added the %s host key for " "IP address '%s' to the list of known hosts." % (key.type(), nativeString(ip)) ) self.addHostKey(ip, key) self.save() return result else: def promptResponse(response): if response: self.addHostKey(hostname, key) self.addHostKey(ip, key) self.save() return response else: raise UserRejectedKey() keytype = key.type() if keytype == "EC": keytype = "ECDSA" prompt = ( "The authenticity of host '%s (%s)' " "can't be established.\n" "%s key fingerprint is SHA256:%s.\n" "Are you sure you want to continue connecting (yes/no)? " % ( nativeString(hostname), nativeString(ip), keytype, key.fingerprint(format=FingerprintFormats.SHA256_BASE64), ) ) proceed = ui.prompt(prompt.encode(sys.getdefaultencoding())) return proceed.addCallback(promptResponse) return hhk.addCallback(gotHasKey) def addHostKey(self, hostname, key): """ Add a new L{HashedEntry} to the key database. Note that you still need to call L{KnownHostsFile.save} if you wish these changes to be persisted. @param hostname: A hostname or IP address literal to associate with the new entry. @type hostname: L{bytes} @param key: The public key to associate with the new entry. @type key: L{Key} @return: The L{HashedEntry} that was added. @rtype: L{HashedEntry} """ salt = secureRandom(20) keyType = key.sshType() entry = HashedEntry(salt, _hmacedString(salt, hostname), keyType, key, None) self._added.append(entry) return entry def save(self): """ Save this L{KnownHostsFile} to the path it was loaded from. """ p = self._savePath.parent() if not p.isdir(): p.makedirs() if self._clobber: mode = "wb" else: mode = "ab" with self._savePath.open(mode) as hostsFileObj: if self._added: hostsFileObj.write( b"\n".join([entry.toString() for entry in self._added]) + b"\n" ) self._added = [] self._clobber = False @classmethod def fromPath(cls, path): """ Create a new L{KnownHostsFile}, potentially reading existing known hosts information from the given file. @param path: A path object to use for both reading contents from and later saving to. If no file exists at this path, it is not an error; a L{KnownHostsFile} with no entries is returned. @type path: L{FilePath} @return: A L{KnownHostsFile} initialized with entries from C{path}. @rtype: L{KnownHostsFile} """ knownHosts = cls(path) knownHosts._clobber = False return knownHosts class ConsoleUI: """ A UI object that can ask true/false questions and post notifications on the console, to be used during key verification. """ def __init__(self, opener): """ @param opener: A no-argument callable which should open a console binary-mode file-like object to be used for reading and writing. This initializes the C{opener} attribute. @type opener: callable taking no arguments and returning a read/write file-like object """ self.opener = opener def prompt(self, text): """ Write the given text as a prompt to the console output, then read a result from the console input. @param text: Something to present to a user to solicit a yes or no response. @type text: L{bytes} @return: a L{Deferred} which fires with L{True} when the user answers 'yes' and L{False} when the user answers 'no'. It may errback if there were any I/O errors. """ d = defer.succeed(None) def body(ignored): with closing(self.opener()) as f: f.write(text) while True: answer = f.readline().strip().lower() if answer == b"yes": return True elif answer == b"no": return False else: f.write(b"Please type 'yes' or 'no': ") return d.addCallback(body) def warn(self, text): """ Notify the user (non-interactively) of the provided text, by writing it to the console. @param text: Some information the user is to be made aware of. @type text: L{bytes} """ try: with closing(self.opener()) as f: f.write(text) except Exception: log.failure("Failed to write to console") ��client/connect.py��0000644��00000001231�15027667726�0010044 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. # from twisted.conch.client import direct connectTypes = {"direct": direct.connect} def connect(host, port, options, verifyHostKey, userAuthObject): useConnects = ["direct"] return _ebConnect( None, useConnects, host, port, options, verifyHostKey, userAuthObject ) def _ebConnect(f, useConnects, host, port, options, vhk, uao): if not useConnects: return f connectType = useConnects.pop(0) f = connectTypes[connectType] d = f(host, port, options, vhk, uao) d.addErrback(_ebConnect, useConnects, host, port, options, vhk, uao) return d ��client/options.py��0000644��00000007742�15027667726�0010123 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. import sys from typing import List, Optional, Union # from twisted.conch.ssh.transport import SSHCiphers, SSHClientTransport from twisted.python import usage class ConchOptions(usage.Options): optParameters: List[List[Optional[Union[str, int]]]] = [ ["user", "l", None, "Log in using this user name."], ["identity", "i", None], ["ciphers", "c", None], ["macs", "m", None], ["port", "p", None, "Connect to this port. Server must be on the same port."], ["option", "o", None, "Ignored OpenSSH options"], ["host-key-algorithms", "", None], ["known-hosts", "", None, "File to check for host keys"], ["user-authentications", "", None, "Types of user authentications to use."], ["logfile", "", None, "File to log to, or - for stdout"], ] optFlags = [ ["version", "V", "Display version number only."], ["compress", "C", "Enable compression."], ["log", "v", "Enable logging (defaults to stderr)"], ["nox11", "x", "Disable X11 connection forwarding (default)"], ["agent", "A", "Enable authentication agent forwarding"], ["noagent", "a", "Disable authentication agent forwarding (default)"], ["reconnect", "r", "Reconnect to the server if the connection is lost."], ] compData = usage.Completions( mutuallyExclusive=[("agent", "noagent")], optActions={ "user": usage.CompleteUsernames(), "ciphers": usage.CompleteMultiList( [v.decode() for v in SSHCiphers.cipherMap.keys()], descr="ciphers to choose from", ), "macs": usage.CompleteMultiList( [v.decode() for v in SSHCiphers.macMap.keys()], descr="macs to choose from", ), "host-key-algorithms": usage.CompleteMultiList( [v.decode() for v in SSHClientTransport.supportedPublicKeys], descr="host key algorithms to choose from", ), # "user-authentications": usage.CompleteMultiList(? # descr='user authentication types' ), }, extraActions=[ usage.CompleteUserAtHost(), usage.Completer(descr="command"), usage.Completer(descr="argument", repeat=True), ], ) def __init__(self, args, *kw): usage.Options.__init__(self, args, *kw) self.identitys = [] self.conns = None def opt_identity(self, i): """Identity for public-key authentication""" self.identitys.append(i) def opt_ciphers(self, ciphers): "Select encryption algorithms" ciphers = ciphers.split(",") for cipher in ciphers: if cipher not in SSHCiphers.cipherMap: sys.exit("Unknown cipher type '%s'" % cipher) self["ciphers"] = ciphers def opt_macs(self, macs): "Specify MAC algorithms" if isinstance(macs, str): macs = macs.encode("utf-8") macs = macs.split(b",") for mac in macs: if mac not in SSHCiphers.macMap: sys.exit("Unknown mac type '%r'" % mac) self["macs"] = macs def opt_host_key_algorithms(self, hkas): "Select host key algorithms" if isinstance(hkas, str): hkas = hkas.encode("utf-8") hkas = hkas.split(b",") for hka in hkas: if hka not in SSHClientTransport.supportedPublicKeys: sys.exit("Unknown host key type '%r'" % hka) self["host-key-algorithms"] = hkas def opt_user_authentications(self, uas): "Choose how to authenticate to the remote server" if isinstance(uas, str): uas = uas.encode("utf-8") self["user-authentications"] = uas.split(b",") # def opt_compress(self): # "Enable compression" # self.enableCompression = 1 # SSHClientTransport.supportedCompressions[0:1] = ['zlib'] ��client/__init__.py��0000644��00000000213�15027667726�0010151 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. # """ Client support code for Conch. Maintainer: Paul Swartz """ ��test/test_insults.py��0000644��00000076604�15027667726�0010674 0��ustar�00��# -- test-case-name: twisted.conch.test.test_insults -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. import textwrap from typing import Optional, Type from twisted.conch.insults.insults import ( BLINK, CS_ALTERNATE, CS_ALTERNATE_SPECIAL, CS_DRAWING, CS_UK, CS_US, G0, G1, UNDERLINE, ClientProtocol, ServerProtocol, modes, privateModes, ) from twisted.internet.protocol import Protocol from twisted.python.compat import iterbytes from twisted.python.constants import ValueConstant, Values from twisted.test.proto_helpers import StringTransport from twisted.trial import unittest def _getattr(mock, name): return super(Mock, mock).__getattribute__(name) def occurrences(mock): return _getattr(mock, "occurrences") def methods(mock): return _getattr(mock, "methods") def _append(mock, obj): occurrences(mock).append(obj) default = object() def _ecmaCodeTableCoordinate(column, row): """ Return the byte in 7- or 8-bit code table identified by C{column} and C{row}. "An 8-bit code table consists of 256 positions arranged in 16 columns and 16 rows. The columns and rows are numbered 00 to 15." "A 7-bit code table consists of 128 positions arranged in 8 columns and 16 rows. The columns are numbered 00 to 07 and the rows 00 to 15 (see figure 1)." p.5 of "Standard ECMA-35: Character Code Structure and Extension Techniques", 6th Edition (December 1994). """ # 8 and 15 both happen to take up 4 bits, so the first number # should be shifted by 4 for both the 7- and 8-bit tables. return bytes(bytearray([(column << 4) \| row])) def _makeControlFunctionSymbols(name, colOffset, names, doc): # the value for each name is the concatenation of the bit values # of its x, y locations, with an offset of 4 added to its x value. # so CUP is (0 + 4, 8) = (4, 8) = 4\|\|8 = 1001000 = 72 = b"H" # this is how it's defined in the standard! attrs = { name: ValueConstant(_ecmaCodeTableCoordinate(i + colOffset, j)) for j, row in enumerate(names) for i, name in enumerate(row) if name } attrs["__doc__"] = doc return type(name, (Values,), attrs) CSFinalByte = _makeControlFunctionSymbols( "CSFinalByte", colOffset=4, names=[ # 4, 5, 6 ["ICH", "DCH", "HPA"], ["CUU", "SSE", "HPR"], ["CUD", "CPR", "REP"], ["CUF", "SU", "DA"], ["CUB", "SD", "VPA"], ["CNL", "NP", "VPR"], ["CPL", "PP", "HVP"], ["CHA", "CTC", "TBC"], ["CUP", "ECH", "SM"], ["CHT", "CVT", "MC"], ["ED", "CBT", "HPB"], ["EL", "SRS", "VPB"], ["IL", "PTX", "RM"], ["DL", "SDS", "SGR"], ["EF", "SIMD", "DSR"], ["EA", None, "DAQ"], ], doc=textwrap.dedent( """ Symbolic constants for all control sequence final bytes that do not imply intermediate bytes. This happens to cover movement control sequences. See page 11 of "Standard ECMA 48: Control Functions for Coded Character Sets", 5th Edition (June 1991). Each L{ValueConstant} maps a control sequence name to L{bytes} """ ), ) C1SevenBit = _makeControlFunctionSymbols( "C1SevenBit", colOffset=4, names=[ [None, "DCS"], [None, "PU1"], ["BPH", "PU2"], ["NBH", "STS"], [None, "CCH"], ["NEL", "MW"], ["SSA", "SPA"], ["ESA", "EPA"], ["HTS", "SOS"], ["HTJ", None], ["VTS", "SCI"], ["PLD", "CSI"], ["PLU", "ST"], ["RI", "OSC"], ["SS2", "PM"], ["SS3", "APC"], ], doc=textwrap.dedent( """ Symbolic constants for all 7 bit versions of the C1 control functions See page 9 "Standard ECMA 48: Control Functions for Coded Character Sets", 5th Edition (June 1991). Each L{ValueConstant} maps a control sequence name to L{bytes} """ ), ) class Mock: callReturnValue = default def __init__(self, methods=None, callReturnValue=default): """ @param methods: Mapping of names to return values @param callReturnValue: object __call__ should return """ self.occurrences = [] if methods is None: methods = {} self.methods = methods if callReturnValue is not default: self.callReturnValue = callReturnValue def __call__(self, a, *kw): returnValue = _getattr(self, "callReturnValue") if returnValue is default: returnValue = Mock() # _getattr(self, 'occurrences').append(('__call__', returnValue, a, kw)) _append(self, ("__call__", returnValue, a, kw)) return returnValue def __getattribute__(self, name): methods = _getattr(self, "methods") if name in methods: attrValue = Mock(callReturnValue=methods[name]) else: attrValue = Mock() # _getattr(self, 'occurrences').append((name, attrValue)) _append(self, (name, attrValue)) return attrValue class MockMixin: def assertCall( self, occurrence, methodName, expectedPositionalArgs=(), expectedKeywordArgs={} ): attr, mock = occurrence self.assertEqual(attr, methodName) self.assertEqual(len(occurrences(mock)), 1) [(call, result, args, kw)] = occurrences(mock) self.assertEqual(call, "__call__") self.assertEqual(args, expectedPositionalArgs) self.assertEqual(kw, expectedKeywordArgs) return result _byteGroupingTestTemplate = """\ def testByte%(groupName)s(self): transport = StringTransport() proto = Mock() parser = self.protocolFactory(lambda: proto) parser.factory = self parser.makeConnection(transport) bytes = self.TEST_BYTES while bytes: chunk = bytes[:%(bytesPer)d] bytes = bytes[%(bytesPer)d:] parser.dataReceived(chunk) self.verifyResults(transport, proto, parser) """ class ByteGroupingsMixin(MockMixin): protocolFactory: Optional[Type[Protocol]] = None for word, n in [ ("Pairs", 2), ("Triples", 3), ("Quads", 4), ("Quints", 5), ("Sexes", 6), ]: exec(_byteGroupingTestTemplate % {"groupName": word, "bytesPer": n}) del word, n def verifyResults(self, transport, proto, parser): result = self.assertCall(occurrences(proto).pop(0), "makeConnection", (parser,)) self.assertEqual(occurrences(result), []) del _byteGroupingTestTemplate class ServerArrowKeysTests(ByteGroupingsMixin, unittest.TestCase): protocolFactory = ServerProtocol # All the arrow keys once TEST_BYTES = b"\x1b[A\x1b[B\x1b[C\x1b[D" def verifyResults(self, transport, proto, parser): ByteGroupingsMixin.verifyResults(self, transport, proto, parser) for arrow in ( parser.UP_ARROW, parser.DOWN_ARROW, parser.RIGHT_ARROW, parser.LEFT_ARROW, ): result = self.assertCall( occurrences(proto).pop(0), "keystrokeReceived", (arrow, None) ) self.assertEqual(occurrences(result), []) self.assertFalse(occurrences(proto)) class PrintableCharactersTests(ByteGroupingsMixin, unittest.TestCase): protocolFactory = ServerProtocol # Some letters and digits, first on their own, then capitalized, # then modified with alt TEST_BYTES = b"abc123ABC!@#\x1ba\x1bb\x1bc\x1b1\x1b2\x1b3" def verifyResults(self, transport, proto, parser): ByteGroupingsMixin.verifyResults(self, transport, proto, parser) for char in iterbytes(b"abc123ABC!@#"): result = self.assertCall( occurrences(proto).pop(0), "keystrokeReceived", (char, None) ) self.assertEqual(occurrences(result), []) for char in iterbytes(b"abc123"): result = self.assertCall( occurrences(proto).pop(0), "keystrokeReceived", (char, parser.ALT) ) self.assertEqual(occurrences(result), []) occs = occurrences(proto) self.assertFalse(occs, f"{occs!r} should have been []") class ServerFunctionKeysTests(ByteGroupingsMixin, unittest.TestCase): """Test for parsing and dispatching function keys (F1 - F12)""" protocolFactory = ServerProtocol byteList = [] for byteCodes in ( b"OP", b"OQ", b"OR", b"OS", # F1 - F4 b"15~", b"17~", b"18~", b"19~", # F5 - F8 b"20~", b"21~", b"23~", b"24~", ): # F9 - F12 byteList.append(b"\x1b[" + byteCodes) TEST_BYTES = b"".join(byteList) del byteList, byteCodes def verifyResults(self, transport, proto, parser): ByteGroupingsMixin.verifyResults(self, transport, proto, parser) for funcNum in range(1, 13): funcArg = getattr(parser, "F%d" % (funcNum,)) result = self.assertCall( occurrences(proto).pop(0), "keystrokeReceived", (funcArg, None) ) self.assertEqual(occurrences(result), []) self.assertFalse(occurrences(proto)) class ClientCursorMovementTests(ByteGroupingsMixin, unittest.TestCase): protocolFactory = ClientProtocol d2 = b"\x1b[2B" r4 = b"\x1b[4C" u1 = b"\x1b[A" l2 = b"\x1b[2D" # Move the cursor down two, right four, up one, left two, up one, left two TEST_BYTES = d2 + r4 + u1 + l2 + u1 + l2 del d2, r4, u1, l2 def verifyResults(self, transport, proto, parser): ByteGroupingsMixin.verifyResults(self, transport, proto, parser) for (method, count) in [ ("Down", 2), ("Forward", 4), ("Up", 1), ("Backward", 2), ("Up", 1), ("Backward", 2), ]: result = self.assertCall( occurrences(proto).pop(0), "cursor" + method, (count,) ) self.assertEqual(occurrences(result), []) self.assertFalse(occurrences(proto)) class ClientControlSequencesTests(unittest.TestCase, MockMixin): def setUp(self): self.transport = StringTransport() self.proto = Mock() self.parser = ClientProtocol(lambda: self.proto) self.parser.factory = self self.parser.makeConnection(self.transport) result = self.assertCall( occurrences(self.proto).pop(0), "makeConnection", (self.parser,) ) self.assertFalse(occurrences(result)) def testSimpleCardinals(self): self.parser.dataReceived( b"".join( b"\x1b[" + n + ch for ch in iterbytes(b"BACD") for n in (b"", b"2", b"20", b"200") ) ) occs = occurrences(self.proto) for meth in ("Down", "Up", "Forward", "Backward"): for count in (1, 2, 20, 200): result = self.assertCall(occs.pop(0), "cursor" + meth, (count,)) self.assertFalse(occurrences(result)) self.assertFalse(occs) def testScrollRegion(self): self.parser.dataReceived(b"\x1b[5;22r\x1b[r") occs = occurrences(self.proto) result = self.assertCall(occs.pop(0), "setScrollRegion", (5, 22)) self.assertFalse(occurrences(result)) result = self.assertCall(occs.pop(0), "setScrollRegion", (None, None)) self.assertFalse(occurrences(result)) self.assertFalse(occs) def testHeightAndWidth(self): self.parser.dataReceived(b"\x1b#3\x1b#4\x1b#5\x1b#6") occs = occurrences(self.proto) result = self.assertCall(occs.pop(0), "doubleHeightLine", (True,)) self.assertFalse(occurrences(result)) result = self.assertCall(occs.pop(0), "doubleHeightLine", (False,)) self.assertFalse(occurrences(result)) result = self.assertCall(occs.pop(0), "singleWidthLine") self.assertFalse(occurrences(result)) result = self.assertCall(occs.pop(0), "doubleWidthLine") self.assertFalse(occurrences(result)) self.assertFalse(occs) def testCharacterSet(self): self.parser.dataReceived( b"".join( [ b"".join([b"\x1b" + g + n for n in iterbytes(b"AB012")]) for g in iterbytes(b"()") ] ) ) occs = occurrences(self.proto) for which in (G0, G1): for charset in ( CS_UK, CS_US, CS_DRAWING, CS_ALTERNATE, CS_ALTERNATE_SPECIAL, ): result = self.assertCall( occs.pop(0), "selectCharacterSet", (charset, which) ) self.assertFalse(occurrences(result)) self.assertFalse(occs) def testShifting(self): self.parser.dataReceived(b"\x15\x14") occs = occurrences(self.proto) result = self.assertCall(occs.pop(0), "shiftIn") self.assertFalse(occurrences(result)) result = self.assertCall(occs.pop(0), "shiftOut") self.assertFalse(occurrences(result)) self.assertFalse(occs) def testSingleShifts(self): self.parser.dataReceived(b"\x1bN\x1bO") occs = occurrences(self.proto) result = self.assertCall(occs.pop(0), "singleShift2") self.assertFalse(occurrences(result)) result = self.assertCall(occs.pop(0), "singleShift3") self.assertFalse(occurrences(result)) self.assertFalse(occs) def testKeypadMode(self): self.parser.dataReceived(b"\x1b=\x1b>") occs = occurrences(self.proto) result = self.assertCall(occs.pop(0), "applicationKeypadMode") self.assertFalse(occurrences(result)) result = self.assertCall(occs.pop(0), "numericKeypadMode") self.assertFalse(occurrences(result)) self.assertFalse(occs) def testCursor(self): self.parser.dataReceived(b"\x1b7\x1b8") occs = occurrences(self.proto) result = self.assertCall(occs.pop(0), "saveCursor") self.assertFalse(occurrences(result)) result = self.assertCall(occs.pop(0), "restoreCursor") self.assertFalse(occurrences(result)) self.assertFalse(occs) def testReset(self): self.parser.dataReceived(b"\x1bc") occs = occurrences(self.proto) result = self.assertCall(occs.pop(0), "reset") self.assertFalse(occurrences(result)) self.assertFalse(occs) def testIndex(self): self.parser.dataReceived(b"\x1bD\x1bM\x1bE") occs = occurrences(self.proto) result = self.assertCall(occs.pop(0), "index") self.assertFalse(occurrences(result)) result = self.assertCall(occs.pop(0), "reverseIndex") self.assertFalse(occurrences(result)) result = self.assertCall(occs.pop(0), "nextLine") self.assertFalse(occurrences(result)) self.assertFalse(occs) def testModes(self): self.parser.dataReceived( b"\x1b[" + b";".join(b"%d" % (m,) for m in [modes.KAM, modes.IRM, modes.LNM]) + b"h" ) self.parser.dataReceived( b"\x1b[" + b";".join(b"%d" % (m,) for m in [modes.KAM, modes.IRM, modes.LNM]) + b"l" ) occs = occurrences(self.proto) result = self.assertCall( occs.pop(0), "setModes", ([modes.KAM, modes.IRM, modes.LNM],) ) self.assertFalse(occurrences(result)) result = self.assertCall( occs.pop(0), "resetModes", ([modes.KAM, modes.IRM, modes.LNM],) ) self.assertFalse(occurrences(result)) self.assertFalse(occs) def testErasure(self): self.parser.dataReceived(b"\x1b[K\x1b[1K\x1b[2K\x1b[J\x1b[1J\x1b[2J\x1b[3P") occs = occurrences(self.proto) for meth in ( "eraseToLineEnd", "eraseToLineBeginning", "eraseLine", "eraseToDisplayEnd", "eraseToDisplayBeginning", "eraseDisplay", ): result = self.assertCall(occs.pop(0), meth) self.assertFalse(occurrences(result)) result = self.assertCall(occs.pop(0), "deleteCharacter", (3,)) self.assertFalse(occurrences(result)) self.assertFalse(occs) def testLineDeletion(self): self.parser.dataReceived(b"\x1b[M\x1b[3M") occs = occurrences(self.proto) for arg in (1, 3): result = self.assertCall(occs.pop(0), "deleteLine", (arg,)) self.assertFalse(occurrences(result)) self.assertFalse(occs) def testLineInsertion(self): self.parser.dataReceived(b"\x1b[L\x1b[3L") occs = occurrences(self.proto) for arg in (1, 3): result = self.assertCall(occs.pop(0), "insertLine", (arg,)) self.assertFalse(occurrences(result)) self.assertFalse(occs) def testCursorPosition(self): methods(self.proto)["reportCursorPosition"] = (6, 7) self.parser.dataReceived(b"\x1b[6n") self.assertEqual(self.transport.value(), b"\x1b[7;8R") occs = occurrences(self.proto) result = self.assertCall(occs.pop(0), "reportCursorPosition") # This isn't really an interesting assert, since it only tests that # our mock setup is working right, but I'll include it anyway. self.assertEqual(result, (6, 7)) def test_applicationDataBytes(self): """ Contiguous non-control bytes are passed to a single call to the C{write} method of the terminal to which the L{ClientProtocol} is connected. """ occs = occurrences(self.proto) self.parser.dataReceived(b"a") self.assertCall(occs.pop(0), "write", (b"a",)) self.parser.dataReceived(b"bc") self.assertCall(occs.pop(0), "write", (b"bc",)) def _applicationDataTest(self, data, calls): occs = occurrences(self.proto) self.parser.dataReceived(data) while calls: self.assertCall(occs.pop(0), calls.pop(0)) self.assertFalse(occs, f"No other calls should happen: {occs!r}") def test_shiftInAfterApplicationData(self): """ Application data bytes followed by a shift-in command are passed to a call to C{write} before the terminal's C{shiftIn} method is called. """ self._applicationDataTest(b"ab\x15", [("write", (b"ab",)), ("shiftIn",)]) def test_shiftOutAfterApplicationData(self): """ Application data bytes followed by a shift-out command are passed to a call to C{write} before the terminal's C{shiftOut} method is called. """ self._applicationDataTest(b"ab\x14", [("write", (b"ab",)), ("shiftOut",)]) def test_cursorBackwardAfterApplicationData(self): """ Application data bytes followed by a cursor-backward command are passed to a call to C{write} before the terminal's C{cursorBackward} method is called. """ self._applicationDataTest(b"ab\x08", [("write", (b"ab",)), ("cursorBackward",)]) def test_escapeAfterApplicationData(self): """ Application data bytes followed by an escape character are passed to a call to C{write} before the terminal's handler method for the escape is called. """ # Test a short escape self._applicationDataTest(b"ab\x1bD", [("write", (b"ab",)), ("index",)]) # And a long escape self._applicationDataTest( b"ab\x1b[4h", [("write", (b"ab",)), ("setModes", ([4],))] ) # There's some other cases too, but they're all handled by the same # codepaths as above. class ServerProtocolOutputTests(unittest.TestCase): """ Tests for the bytes L{ServerProtocol} writes to its transport when its methods are called. """ # From ECMA 48: CSI is represented by bit combinations 01/11 # (representing ESC) and 05/11 in a 7-bit code or by bit # combination 09/11 in an 8-bit code ESC = _ecmaCodeTableCoordinate(1, 11) CSI = ESC + _ecmaCodeTableCoordinate(5, 11) def setUp(self): self.protocol = ServerProtocol() self.transport = StringTransport() self.protocol.makeConnection(self.transport) def test_cursorUp(self): """ L{ServerProtocol.cursorUp} writes the control sequence ending with L{CSFinalByte.CUU} to its transport. """ self.protocol.cursorUp(1) self.assertEqual( self.transport.value(), self.CSI + b"1" + CSFinalByte.CUU.value ) def test_cursorDown(self): """ L{ServerProtocol.cursorDown} writes the control sequence ending with L{CSFinalByte.CUD} to its transport. """ self.protocol.cursorDown(1) self.assertEqual( self.transport.value(), self.CSI + b"1" + CSFinalByte.CUD.value ) def test_cursorForward(self): """ L{ServerProtocol.cursorForward} writes the control sequence ending with L{CSFinalByte.CUF} to its transport. """ self.protocol.cursorForward(1) self.assertEqual( self.transport.value(), self.CSI + b"1" + CSFinalByte.CUF.value ) def test_cursorBackward(self): """ L{ServerProtocol.cursorBackward} writes the control sequence ending with L{CSFinalByte.CUB} to its transport. """ self.protocol.cursorBackward(1) self.assertEqual( self.transport.value(), self.CSI + b"1" + CSFinalByte.CUB.value ) def test_cursorPosition(self): """ L{ServerProtocol.cursorPosition} writes a control sequence ending with L{CSFinalByte.CUP} and containing the expected coordinates to its transport. """ self.protocol.cursorPosition(0, 0) self.assertEqual( self.transport.value(), self.CSI + b"1;1" + CSFinalByte.CUP.value ) def test_cursorHome(self): """ L{ServerProtocol.cursorHome} writes a control sequence ending with L{CSFinalByte.CUP} and no parameters, so that the client defaults to (1, 1). """ self.protocol.cursorHome() self.assertEqual(self.transport.value(), self.CSI + CSFinalByte.CUP.value) def test_index(self): """ L{ServerProtocol.index} writes the control sequence ending in the 8-bit code table coordinates 4, 4. Note that ECMA48 5th Edition removes C{IND}. """ self.protocol.index() self.assertEqual( self.transport.value(), self.ESC + _ecmaCodeTableCoordinate(4, 4) ) def test_reverseIndex(self): """ L{ServerProtocol.reverseIndex} writes the control sequence ending in the L{C1SevenBit.RI}. """ self.protocol.reverseIndex() self.assertEqual(self.transport.value(), self.ESC + C1SevenBit.RI.value) def test_nextLine(self): """ L{ServerProtocol.nextLine} writes C{"\r\n"} to its transport. """ # Why doesn't it write ESC E? Because ESC E is poorly supported. For # example, gnome-terminal (many different versions) fails to scroll if # it receives ESC E and the cursor is already on the last row. self.protocol.nextLine() self.assertEqual(self.transport.value(), b"\r\n") def test_setModes(self): """ L{ServerProtocol.setModes} writes a control sequence containing the requested modes and ending in the L{CSFinalByte.SM}. """ modesToSet = [modes.KAM, modes.IRM, modes.LNM] self.protocol.setModes(modesToSet) self.assertEqual( self.transport.value(), self.CSI + b";".join(b"%d" % (m,) for m in modesToSet) + CSFinalByte.SM.value, ) def test_setPrivateModes(self): """ L{ServerProtocol.setPrivatesModes} writes a control sequence containing the requested private modes and ending in the L{CSFinalByte.SM}. """ privateModesToSet = [ privateModes.ERROR, privateModes.COLUMN, privateModes.ORIGIN, ] self.protocol.setModes(privateModesToSet) self.assertEqual( self.transport.value(), self.CSI + b";".join(b"%d" % (m,) for m in privateModesToSet) + CSFinalByte.SM.value, ) def test_resetModes(self): """ L{ServerProtocol.resetModes} writes the control sequence ending in the L{CSFinalByte.RM}. """ modesToSet = [modes.KAM, modes.IRM, modes.LNM] self.protocol.resetModes(modesToSet) self.assertEqual( self.transport.value(), self.CSI + b";".join(b"%d" % (m,) for m in modesToSet) + CSFinalByte.RM.value, ) def test_singleShift2(self): """ L{ServerProtocol.singleShift2} writes an escape sequence followed by L{C1SevenBit.SS2} """ self.protocol.singleShift2() self.assertEqual(self.transport.value(), self.ESC + C1SevenBit.SS2.value) def test_singleShift3(self): """ L{ServerProtocol.singleShift3} writes an escape sequence followed by L{C1SevenBit.SS3} """ self.protocol.singleShift3() self.assertEqual(self.transport.value(), self.ESC + C1SevenBit.SS3.value) def test_selectGraphicRendition(self): """ L{ServerProtocol.selectGraphicRendition} writes a control sequence containing the requested attributes and ending with L{CSFinalByte.SGR} """ self.protocol.selectGraphicRendition(str(BLINK), str(UNDERLINE)) self.assertEqual( self.transport.value(), self.CSI + b"%d;%d" % (BLINK, UNDERLINE) + CSFinalByte.SGR.value, ) def test_horizontalTabulationSet(self): """ L{ServerProtocol.horizontalTabulationSet} writes the escape sequence ending in L{C1SevenBit.HTS} """ self.protocol.horizontalTabulationSet() self.assertEqual(self.transport.value(), self.ESC + C1SevenBit.HTS.value) def test_eraseToLineEnd(self): """ L{ServerProtocol.eraseToLineEnd} writes the control sequence sequence ending in L{CSFinalByte.EL} and no parameters, forcing the client to default to 0 (from the active present position's current location to the end of the line.) """ self.protocol.eraseToLineEnd() self.assertEqual(self.transport.value(), self.CSI + CSFinalByte.EL.value) def test_eraseToLineBeginning(self): """ L{ServerProtocol.eraseToLineBeginning} writes the control sequence sequence ending in L{CSFinalByte.EL} and a parameter of 1 (from the beginning of the line up to and include the active present position's current location.) """ self.protocol.eraseToLineBeginning() self.assertEqual(self.transport.value(), self.CSI + b"1" + CSFinalByte.EL.value) def test_eraseLine(self): """ L{ServerProtocol.eraseLine} writes the control sequence sequence ending in L{CSFinalByte.EL} and a parameter of 2 (the entire line.) """ self.protocol.eraseLine() self.assertEqual(self.transport.value(), self.CSI + b"2" + CSFinalByte.EL.value) def test_eraseToDisplayEnd(self): """ L{ServerProtocol.eraseToDisplayEnd} writes the control sequence sequence ending in L{CSFinalByte.ED} and no parameters, forcing the client to default to 0 (from the active present position's current location to the end of the page.) """ self.protocol.eraseToDisplayEnd() self.assertEqual(self.transport.value(), self.CSI + CSFinalByte.ED.value) def test_eraseToDisplayBeginning(self): """ L{ServerProtocol.eraseToDisplayBeginning} writes the control sequence sequence ending in L{CSFinalByte.ED} a parameter of 1 (from the beginning of the page up to and include the active present position's current location.) """ self.protocol.eraseToDisplayBeginning() self.assertEqual(self.transport.value(), self.CSI + b"1" + CSFinalByte.ED.value) def test_eraseToDisplay(self): """ L{ServerProtocol.eraseDisplay} writes the control sequence sequence ending in L{CSFinalByte.ED} a parameter of 2 (the entire page) """ self.protocol.eraseDisplay() self.assertEqual(self.transport.value(), self.CSI + b"2" + CSFinalByte.ED.value) def test_deleteCharacter(self): """ L{ServerProtocol.deleteCharacter} writes the control sequence containing the number of characters to delete and ending in L{CSFinalByte.DCH} """ self.protocol.deleteCharacter(4) self.assertEqual( self.transport.value(), self.CSI + b"4" + CSFinalByte.DCH.value ) def test_insertLine(self): """ L{ServerProtocol.insertLine} writes the control sequence containing the number of lines to insert and ending in L{CSFinalByte.IL} """ self.protocol.insertLine(5) self.assertEqual(self.transport.value(), self.CSI + b"5" + CSFinalByte.IL.value) def test_deleteLine(self): """ L{ServerProtocol.deleteLine} writes the control sequence containing the number of lines to delete and ending in L{CSFinalByte.DL} """ self.protocol.deleteLine(6) self.assertEqual(self.transport.value(), self.CSI + b"6" + CSFinalByte.DL.value) def test_setScrollRegionNoArgs(self): """ With no arguments, L{ServerProtocol.setScrollRegion} writes a control sequence with no parameters, but a parameter separator, and ending in C{b'r'}. """ self.protocol.setScrollRegion() self.assertEqual(self.transport.value(), self.CSI + b";" + b"r") def test_setScrollRegionJustFirst(self): """ With just a value for its C{first} argument, L{ServerProtocol.setScrollRegion} writes a control sequence with that parameter, a parameter separator, and finally a C{b'r'}. """ self.protocol.setScrollRegion(first=1) self.assertEqual(self.transport.value(), self.CSI + b"1;" + b"r") def test_setScrollRegionJustLast(self): """ With just a value for its C{last} argument, L{ServerProtocol.setScrollRegion} writes a control sequence with a parameter separator, that parameter, and finally a C{b'r'}. """ self.protocol.setScrollRegion(last=1) self.assertEqual(self.transport.value(), self.CSI + b";1" + b"r") def test_setScrollRegionFirstAndLast(self): """ When given both C{first} and C{last} L{ServerProtocol.setScrollRegion} writes a control sequence with the first parameter, a parameter separator, the last parameter, and finally a C{b'r'}. """ self.protocol.setScrollRegion(first=1, last=2) self.assertEqual(self.transport.value(), self.CSI + b"1;2" + b"r") def test_reportCursorPosition(self): """ L{ServerProtocol.reportCursorPosition} writes a control sequence ending in L{CSFinalByte.DSR} with a parameter of 6 (the Device Status Report returns the current active position.) """ self.protocol.reportCursorPosition() self.assertEqual( self.transport.value(), self.CSI + b"6" + CSFinalByte.DSR.value ) ��test/test_ckeygen.py��0000644��00000057423�15027667726�0010616 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for L{twisted.conch.scripts.ckeygen}. """ import getpass import subprocess import sys import os from io import StringIO from twisted.conch.test.keydata import ( privateECDSA_openssh, privateEd25519_openssh_new, privateRSA_openssh, privateRSA_openssh_encrypted, publicRSA_openssh, ) from twisted.python.filepath import FilePath from twisted.python.reflect import requireModule from twisted.trial.unittest import TestCase if requireModule("cryptography") and requireModule("pyasn1"): from twisted.conch.scripts.ckeygen import ( _saveKey, changePassPhrase, displayPublicKey, enumrepresentation, printFingerprint, ) from twisted.conch.ssh.keys import ( BadFingerPrintFormat, BadKeyError, FingerprintFormats, Key, ) else: skip = "cryptography and pyasn1 required for twisted.conch.scripts.ckeygen" def makeGetpass(passphrases): """ Return a callable to patch C{getpass.getpass}. Yields a passphrase each time called. Use case is to provide an old, then new passphrase(s) as if requested interactively. @param passphrases: The list of passphrases returned, one per each call. @return: A callable to patch C{getpass.getpass}. """ passphrases = iter(passphrases) def fakeGetpass(_): return next(passphrases) return fakeGetpass class KeyGenTests(TestCase): """ Tests for various functions used to implement the I{ckeygen} script. """ def setUp(self): """ Patch C{sys.stdout} so tests can make assertions about what's printed. """ self.stdout = StringIO() self.patch(sys, "stdout", self.stdout) def _testrun(self, keyType, keySize=None, privateKeySubtype=None): filename = self.mktemp() args = ["ckeygen", "-t", keyType, "-f", filename, "--no-passphrase"] if keySize is not None: args.extend(["-b", keySize]) if privateKeySubtype is not None: args.extend(["--private-key-subtype", privateKeySubtype]) try: subprocess.call(args) except FileNotFoundError: args[0] = 'ckeygen3' subprocess.call(args) privKey = Key.fromFile(filename) pubKey = Key.fromFile(filename + ".pub") if keyType == "ecdsa": self.assertEqual(privKey.type(), "EC") elif keyType == "ed25519": self.assertEqual(privKey.type(), "Ed25519") else: self.assertEqual(privKey.type(), keyType.upper()) self.assertTrue(pubKey.isPublic()) def test_keygeneration(self): self._testrun("ecdsa", "384") self._testrun("ecdsa", "384", privateKeySubtype="v1") self._testrun("ecdsa") self._testrun("ecdsa", privateKeySubtype="v1") self._testrun("ed25519") self._testrun("dsa", "2048") self._testrun("dsa", "2048", privateKeySubtype="v1") self._testrun("dsa") self._testrun("dsa", privateKeySubtype="v1") self._testrun("rsa", "2048") self._testrun("rsa", "2048", privateKeySubtype="v1") self._testrun("rsa") self._testrun("rsa", privateKeySubtype="v1") def test_runBadKeytype(self): filename = self.mktemp() with self.assertRaises(subprocess.CalledProcessError): with open(os.devnull, "rb") as devnull: try: subprocess.check_call( ['ckeygen', '-t', 'foo', '-f', filename], stderr=devnull) except FileNotFoundError: subprocess.check_call( ['ckeygen3', '-t', 'foo', '-f', filename], stderr=devnull) def test_enumrepresentation(self): """ L{enumrepresentation} takes a dictionary as input and returns a dictionary with its attributes changed to enum representation. """ options = enumrepresentation({"format": "md5-hex"}) self.assertIs(options["format"], FingerprintFormats.MD5_HEX) def test_enumrepresentationsha256(self): """ Test for format L{FingerprintFormats.SHA256-BASE64}. """ options = enumrepresentation({"format": "sha256-base64"}) self.assertIs(options["format"], FingerprintFormats.SHA256_BASE64) def test_enumrepresentationBadFormat(self): """ Test for unsupported fingerprint format """ with self.assertRaises(BadFingerPrintFormat) as em: enumrepresentation({"format": "sha-base64"}) self.assertEqual( "Unsupported fingerprint format: sha-base64", em.exception.args[0] ) def test_printFingerprint(self): """ L{printFingerprint} writes a line to standard out giving the number of bits of the key, its fingerprint, and the basename of the file from it was read. """ filename = self.mktemp() FilePath(filename).setContent(publicRSA_openssh) printFingerprint({"filename": filename, "format": "md5-hex"}) self.assertEqual( self.stdout.getvalue(), "2048 85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:da temp\n", ) def test_printFingerprintsha256(self): """ L{printFigerprint} will print key fingerprint in L{FingerprintFormats.SHA256-BASE64} format if explicitly specified. """ filename = self.mktemp() FilePath(filename).setContent(publicRSA_openssh) printFingerprint({"filename": filename, "format": "sha256-base64"}) self.assertEqual( self.stdout.getvalue(), "2048 FBTCOoknq0mHy+kpfnY9tDdcAJuWtCpuQMaV3EsvbUI= temp\n", ) def test_printFingerprintBadFingerPrintFormat(self): """ L{printFigerprint} raises C{keys.BadFingerprintFormat} when unsupported formats are requested. """ filename = self.mktemp() FilePath(filename).setContent(publicRSA_openssh) with self.assertRaises(BadFingerPrintFormat) as em: printFingerprint({"filename": filename, "format": "sha-base64"}) self.assertEqual( "Unsupported fingerprint format: sha-base64", em.exception.args[0] ) def test_saveKey(self): """ L{_saveKey} writes the private and public parts of a key to two different files and writes a report of this to standard out. """ base = FilePath(self.mktemp()) base.makedirs() filename = base.child("id_rsa").path key = Key.fromString(privateRSA_openssh) _saveKey(key, {"filename": filename, "pass": "passphrase", "format": "md5-hex"}) self.assertEqual( self.stdout.getvalue(), "Your identification has been saved in %s\n" "Your public key has been saved in %s.pub\n" "The key fingerprint in <FingerprintFormats=MD5_HEX> is:\n" "85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:da\n" % (filename, filename), ) self.assertEqual( key.fromString(base.child("id_rsa").getContent(), None, "passphrase"), key ) self.assertEqual( Key.fromString(base.child("id_rsa.pub").getContent()), key.public() ) def test_saveKeyECDSA(self): """ L{_saveKey} writes the private and public parts of a key to two different files and writes a report of this to standard out. Test with ECDSA key. """ base = FilePath(self.mktemp()) base.makedirs() filename = base.child("id_ecdsa").path key = Key.fromString(privateECDSA_openssh) _saveKey(key, {"filename": filename, "pass": "passphrase", "format": "md5-hex"}) self.assertEqual( self.stdout.getvalue(), "Your identification has been saved in %s\n" "Your public key has been saved in %s.pub\n" "The key fingerprint in <FingerprintFormats=MD5_HEX> is:\n" "1e:ab:83:a6:f2:04:22:99:7c:64:14:d2:ab:fa:f5:16\n" % (filename, filename), ) self.assertEqual( key.fromString(base.child("id_ecdsa").getContent(), None, "passphrase"), key ) self.assertEqual( Key.fromString(base.child("id_ecdsa.pub").getContent()), key.public() ) def test_saveKeyEd25519(self): """ L{_saveKey} writes the private and public parts of a key to two different files and writes a report of this to standard out. Test with Ed25519 key. """ base = FilePath(self.mktemp()) base.makedirs() filename = base.child("id_ed25519").path key = Key.fromString(privateEd25519_openssh_new) _saveKey(key, {"filename": filename, "pass": "passphrase", "format": "md5-hex"}) self.assertEqual( self.stdout.getvalue(), "Your identification has been saved in %s\n" "Your public key has been saved in %s.pub\n" "The key fingerprint in <FingerprintFormats=MD5_HEX> is:\n" "ab:ee:c8:ed:e5:01:1b:45:b7:8d:b2:f0:8f:61:1c:14\n" % (filename, filename), ) self.assertEqual( key.fromString(base.child("id_ed25519").getContent(), None, "passphrase"), key, ) self.assertEqual( Key.fromString(base.child("id_ed25519.pub").getContent()), key.public() ) def test_saveKeysha256(self): """ L{_saveKey} will generate key fingerprint in L{FingerprintFormats.SHA256-BASE64} format if explicitly specified. """ base = FilePath(self.mktemp()) base.makedirs() filename = base.child("id_rsa").path key = Key.fromString(privateRSA_openssh) _saveKey( key, {"filename": filename, "pass": "passphrase", "format": "sha256-base64"} ) self.assertEqual( self.stdout.getvalue(), "Your identification has been saved in %s\n" "Your public key has been saved in %s.pub\n" "The key fingerprint in <FingerprintFormats=SHA256_BASE64> is:\n" "FBTCOoknq0mHy+kpfnY9tDdcAJuWtCpuQMaV3EsvbUI=\n" % (filename, filename), ) self.assertEqual( key.fromString(base.child("id_rsa").getContent(), None, "passphrase"), key ) self.assertEqual( Key.fromString(base.child("id_rsa.pub").getContent()), key.public() ) def test_saveKeyBadFingerPrintformat(self): """ L{_saveKey} raises C{keys.BadFingerprintFormat} when unsupported formats are requested. """ base = FilePath(self.mktemp()) base.makedirs() filename = base.child("id_rsa").path key = Key.fromString(privateRSA_openssh) with self.assertRaises(BadFingerPrintFormat) as em: _saveKey( key, {"filename": filename, "pass": "passphrase", "format": "sha-base64"}, ) self.assertEqual( "Unsupported fingerprint format: sha-base64", em.exception.args[0] ) def test_saveKeyEmptyPassphrase(self): """ L{_saveKey} will choose an empty string for the passphrase if no-passphrase is C{True}. """ base = FilePath(self.mktemp()) base.makedirs() filename = base.child("id_rsa").path key = Key.fromString(privateRSA_openssh) _saveKey( key, {"filename": filename, "no-passphrase": True, "format": "md5-hex"} ) self.assertEqual( key.fromString(base.child("id_rsa").getContent(), None, b""), key ) def test_saveKeyECDSAEmptyPassphrase(self): """ L{_saveKey} will choose an empty string for the passphrase if no-passphrase is C{True}. """ base = FilePath(self.mktemp()) base.makedirs() filename = base.child("id_ecdsa").path key = Key.fromString(privateECDSA_openssh) _saveKey( key, {"filename": filename, "no-passphrase": True, "format": "md5-hex"} ) self.assertEqual(key.fromString(base.child("id_ecdsa").getContent(), None), key) def test_saveKeyEd25519EmptyPassphrase(self): """ L{_saveKey} will choose an empty string for the passphrase if no-passphrase is C{True}. """ base = FilePath(self.mktemp()) base.makedirs() filename = base.child("id_ed25519").path key = Key.fromString(privateEd25519_openssh_new) _saveKey( key, {"filename": filename, "no-passphrase": True, "format": "md5-hex"} ) self.assertEqual( key.fromString(base.child("id_ed25519").getContent(), None), key ) def test_saveKeyNoFilename(self): """ When no path is specified, it will ask for the path used to store the key. """ base = FilePath(self.mktemp()) base.makedirs() keyPath = base.child("custom_key").path import twisted.conch.scripts.ckeygen self.patch(twisted.conch.scripts.ckeygen, "_inputSaveFile", lambda _: keyPath) key = Key.fromString(privateRSA_openssh) _saveKey(key, {"filename": None, "no-passphrase": True, "format": "md5-hex"}) persistedKeyContent = base.child("custom_key").getContent() persistedKey = key.fromString(persistedKeyContent, None, b"") self.assertEqual(key, persistedKey) def test_saveKeySubtypeV1(self): """ L{_saveKey} can be told to write the new private key file in OpenSSH v1 format. """ base = FilePath(self.mktemp()) base.makedirs() filename = base.child("id_rsa").path key = Key.fromString(privateRSA_openssh) _saveKey( key, { "filename": filename, "pass": "passphrase", "format": "md5-hex", "private-key-subtype": "v1", }, ) self.assertEqual( self.stdout.getvalue(), "Your identification has been saved in %s\n" "Your public key has been saved in %s.pub\n" "The key fingerprint in <FingerprintFormats=MD5_HEX> is:\n" "85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:da\n" % (filename, filename), ) privateKeyContent = base.child("id_rsa").getContent() self.assertEqual(key.fromString(privateKeyContent, None, "passphrase"), key) self.assertTrue( privateKeyContent.startswith(b"-----BEGIN OPENSSH PRIVATE KEY-----\n") ) self.assertEqual( Key.fromString(base.child("id_rsa.pub").getContent()), key.public() ) def test_displayPublicKey(self): """ L{displayPublicKey} prints out the public key associated with a given private key. """ filename = self.mktemp() pubKey = Key.fromString(publicRSA_openssh) FilePath(filename).setContent(privateRSA_openssh) displayPublicKey({"filename": filename}) displayed = self.stdout.getvalue().strip("\n") if isinstance(displayed, str): displayed = displayed.encode("ascii") self.assertEqual(displayed, pubKey.toString("openssh")) def test_displayPublicKeyEncrypted(self): """ L{displayPublicKey} prints out the public key associated with a given private key using the given passphrase when it's encrypted. """ filename = self.mktemp() pubKey = Key.fromString(publicRSA_openssh) FilePath(filename).setContent(privateRSA_openssh_encrypted) displayPublicKey({"filename": filename, "pass": "encrypted"}) displayed = self.stdout.getvalue().strip("\n") if isinstance(displayed, str): displayed = displayed.encode("ascii") self.assertEqual(displayed, pubKey.toString("openssh")) def test_displayPublicKeyEncryptedPassphrasePrompt(self): """ L{displayPublicKey} prints out the public key associated with a given private key, asking for the passphrase when it's encrypted. """ filename = self.mktemp() pubKey = Key.fromString(publicRSA_openssh) FilePath(filename).setContent(privateRSA_openssh_encrypted) self.patch(getpass, "getpass", lambda x: "encrypted") displayPublicKey({"filename": filename}) displayed = self.stdout.getvalue().strip("\n") if isinstance(displayed, str): displayed = displayed.encode("ascii") self.assertEqual(displayed, pubKey.toString("openssh")) def test_displayPublicKeyWrongPassphrase(self): """ L{displayPublicKey} fails with a L{BadKeyError} when trying to decrypt an encrypted key with the wrong password. """ filename = self.mktemp() FilePath(filename).setContent(privateRSA_openssh_encrypted) self.assertRaises( BadKeyError, displayPublicKey, {"filename": filename, "pass": "wrong"} ) def test_changePassphrase(self): """ L{changePassPhrase} allows a user to change the passphrase of a private key interactively. """ oldNewConfirm = makeGetpass("encrypted", "newpass", "newpass") self.patch(getpass, "getpass", oldNewConfirm) filename = self.mktemp() FilePath(filename).setContent(privateRSA_openssh_encrypted) changePassPhrase({"filename": filename}) self.assertEqual( self.stdout.getvalue().strip("\n"), "Your identification has been saved with the new passphrase.", ) self.assertNotEqual( privateRSA_openssh_encrypted, FilePath(filename).getContent() ) def test_changePassphraseWithOld(self): """ L{changePassPhrase} allows a user to change the passphrase of a private key, providing the old passphrase and prompting for new one. """ newConfirm = makeGetpass("newpass", "newpass") self.patch(getpass, "getpass", newConfirm) filename = self.mktemp() FilePath(filename).setContent(privateRSA_openssh_encrypted) changePassPhrase({"filename": filename, "pass": "encrypted"}) self.assertEqual( self.stdout.getvalue().strip("\n"), "Your identification has been saved with the new passphrase.", ) self.assertNotEqual( privateRSA_openssh_encrypted, FilePath(filename).getContent() ) def test_changePassphraseWithBoth(self): """ L{changePassPhrase} allows a user to change the passphrase of a private key by providing both old and new passphrases without prompting. """ filename = self.mktemp() FilePath(filename).setContent(privateRSA_openssh_encrypted) changePassPhrase( {"filename": filename, "pass": "encrypted", "newpass": "newencrypt"} ) self.assertEqual( self.stdout.getvalue().strip("\n"), "Your identification has been saved with the new passphrase.", ) self.assertNotEqual( privateRSA_openssh_encrypted, FilePath(filename).getContent() ) def test_changePassphraseWrongPassphrase(self): """ L{changePassPhrase} exits if passed an invalid old passphrase when trying to change the passphrase of a private key. """ filename = self.mktemp() FilePath(filename).setContent(privateRSA_openssh_encrypted) error = self.assertRaises( SystemExit, changePassPhrase, {"filename": filename, "pass": "wrong"} ) self.assertEqual( "Could not change passphrase: old passphrase error", str(error) ) self.assertEqual(privateRSA_openssh_encrypted, FilePath(filename).getContent()) def test_changePassphraseEmptyGetPass(self): """ L{changePassPhrase} exits if no passphrase is specified for the C{getpass} call and the key is encrypted. """ self.patch(getpass, "getpass", makeGetpass("")) filename = self.mktemp() FilePath(filename).setContent(privateRSA_openssh_encrypted) error = self.assertRaises(SystemExit, changePassPhrase, {"filename": filename}) self.assertEqual( "Could not change passphrase: Passphrase must be provided " "for an encrypted key", str(error), ) self.assertEqual(privateRSA_openssh_encrypted, FilePath(filename).getContent()) def test_changePassphraseBadKey(self): """ L{changePassPhrase} exits if the file specified points to an invalid key. """ filename = self.mktemp() FilePath(filename).setContent(b"foobar") error = self.assertRaises(SystemExit, changePassPhrase, {"filename": filename}) expected = "Could not change passphrase: cannot " "guess the type of b'foobar'" self.assertEqual(expected, str(error)) self.assertEqual(b"foobar", FilePath(filename).getContent()) def test_changePassphraseCreateError(self): """ L{changePassPhrase} doesn't modify the key file if an unexpected error happens when trying to create the key with the new passphrase. """ filename = self.mktemp() FilePath(filename).setContent(privateRSA_openssh) def toString(args, *kwargs): raise RuntimeError("oops") self.patch(Key, "toString", toString) error = self.assertRaises( SystemExit, changePassPhrase, {"filename": filename, "newpass": "newencrypt"}, ) self.assertEqual("Could not change passphrase: oops", str(error)) self.assertEqual(privateRSA_openssh, FilePath(filename).getContent()) def test_changePassphraseEmptyStringError(self): """ L{changePassPhrase} doesn't modify the key file if C{toString} returns an empty string. """ filename = self.mktemp() FilePath(filename).setContent(privateRSA_openssh) def toString(args, *kwargs): return "" self.patch(Key, "toString", toString) error = self.assertRaises( SystemExit, changePassPhrase, {"filename": filename, "newpass": "newencrypt"}, ) expected = "Could not change passphrase: cannot guess the type of b''" self.assertEqual(expected, str(error)) self.assertEqual(privateRSA_openssh, FilePath(filename).getContent()) def test_changePassphrasePublicKey(self): """ L{changePassPhrase} exits when trying to change the passphrase on a public key, and doesn't change the file. """ filename = self.mktemp() FilePath(filename).setContent(publicRSA_openssh) error = self.assertRaises( SystemExit, changePassPhrase, {"filename": filename, "newpass": "pass"} ) self.assertEqual("Could not change passphrase: key not encrypted", str(error)) self.assertEqual(publicRSA_openssh, FilePath(filename).getContent()) def test_changePassphraseSubtypeV1(self): """ L{changePassPhrase} can be told to write the new private key file in OpenSSH v1 format. """ oldNewConfirm = makeGetpass("encrypted", "newpass", "newpass") self.patch(getpass, "getpass", oldNewConfirm) filename = self.mktemp() FilePath(filename).setContent(privateRSA_openssh_encrypted) changePassPhrase({"filename": filename, "private-key-subtype": "v1"}) self.assertEqual( self.stdout.getvalue().strip("\n"), "Your identification has been saved with the new passphrase.", ) privateKeyContent = FilePath(filename).getContent() self.assertNotEqual(privateRSA_openssh_encrypted, privateKeyContent) self.assertTrue( privateKeyContent.startswith(b"-----BEGIN OPENSSH PRIVATE KEY-----\n") ) ��test/test_scripts.py��0000644��00000003365�15027667726�0010654 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for the command-line interfaces to conch. """ from unittest import skipIf from twisted.python.reflect import requireModule from twisted.python.test.test_shellcomp import ZshScriptTestMixin from twisted.scripts.test.test_scripts import ScriptTestsMixin from twisted.trial.unittest import TestCase doSkip = False skipReason = "" if not requireModule("pyasn1"): doSkip = True skipReason = "Cannot run without PyASN1" if not requireModule("cryptography"): doSkip = True cryptoSkip = "can't run w/o cryptography" if not requireModule("tty"): doSkip = True ttySkip = "can't run w/o tty" try: import tkinter except ImportError: doSkip = True skipReason = "can't run w/o tkinter" else: try: tkinter.Tk().destroy() except tkinter.TclError as e: doSkip = True skipReason = "Can't test Tkinter: " + str(e) @skipIf(doSkip, skipReason) class ScriptTests(TestCase, ScriptTestsMixin): """ Tests for the Conch scripts. """ def test_conch(self): self.scriptTest("conch/conch") def test_cftp(self): self.scriptTest("conch/cftp") def test_ckeygen(self): self.scriptTest("conch/ckeygen") def test_tkconch(self): self.scriptTest("conch/tkconch") class ZshIntegrationTests(TestCase, ZshScriptTestMixin): """ Test that zsh completion functions are generated without error """ generateFor = [ ("conch", "twisted.conch.scripts.conch.ClientOptions"), ("cftp", "twisted.conch.scripts.cftp.ClientOptions"), ("ckeygen", "twisted.conch.scripts.ckeygen.GeneralOptions"), ("tkconch", "twisted.conch.scripts.tkconch.GeneralOptions"), ] ��test/test_conch.py��0000644��00000062214�15027667726�0010255 0��ustar�00��# -- test-case-name: twisted.conch.test.test_conch -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. import os import socket import subprocess import sys from itertools import count from unittest import skipIf from zope.interface import implementer from twisted.conch.error import ConchError from twisted.conch.test.keydata import ( privateDSA_openssh, privateRSA_openssh, publicDSA_openssh, publicRSA_openssh, ) from twisted.conch.test.test_ssh import ConchTestRealm from twisted.cred import portal from twisted.internet import defer, protocol, reactor from twisted.internet.error import ProcessExitedAlready from twisted.internet.task import LoopingCall from twisted.internet.utils import getProcessValue from twisted.python import filepath, log, runtime from twisted.python.filepath import FilePath from twisted.python.procutils import which from twisted.python.reflect import requireModule from twisted.trial.unittest import SkipTest, TestCase try: from twisted.conch.test.test_ssh import ( ConchTestServerFactory, conchTestPublicKeyChecker, ) except ImportError: pass pyasn1 = requireModule("pyasn1") cryptography = requireModule("cryptography") if cryptography: from twisted.conch.avatar import ConchUser from twisted.conch.ssh.session import ISession, SSHSession, wrapProtocol else: from twisted.conch.interfaces import ISession class ConchUser: # type: ignore[no-redef] pass try: from twisted.conch.scripts.conch import SSHSession as _StdioInteractingSession except ImportError as e: StdioInteractingSession = None _reason = str(e) del e else: StdioInteractingSession = _StdioInteractingSession def _has_ipv6(): """Returns True if the system can bind an IPv6 address.""" sock = None has_ipv6 = False try: sock = socket.socket(socket.AF_INET6) sock.bind(("::1", 0)) has_ipv6 = True except OSError: pass if sock: sock.close() return has_ipv6 HAS_IPV6 = _has_ipv6() class FakeStdio: """ A fake for testing L{twisted.conch.scripts.conch.SSHSession.eofReceived} and L{twisted.conch.scripts.cftp.SSHSession.eofReceived}. @ivar writeConnLost: A flag which records whether L{loserWriteConnection} has been called. """ writeConnLost = False def loseWriteConnection(self): """ Record the call to loseWriteConnection. """ self.writeConnLost = True class StdioInteractingSessionTests(TestCase): """ Tests for L{twisted.conch.scripts.conch.SSHSession}. """ if StdioInteractingSession is None: skip = _reason def test_eofReceived(self): """ L{twisted.conch.scripts.conch.SSHSession.eofReceived} loses the write half of its stdio connection. """ stdio = FakeStdio() channel = StdioInteractingSession() channel.stdio = stdio channel.eofReceived() self.assertTrue(stdio.writeConnLost) class Echo(protocol.Protocol): def connectionMade(self): log.msg("ECHO CONNECTION MADE") def connectionLost(self, reason): log.msg("ECHO CONNECTION DONE") def dataReceived(self, data): self.transport.write(data) if b"\n" in data: self.transport.loseConnection() class EchoFactory(protocol.Factory): protocol = Echo class ConchTestOpenSSHProcess(protocol.ProcessProtocol): """ Test protocol for launching an OpenSSH client process. @ivar deferred: Set by whatever uses this object. Accessed using L{_getDeferred}, which destroys the value so the Deferred is not fired twice. Fires when the process is terminated. """ deferred = None buf = b"" problems = b"" def _getDeferred(self): d, self.deferred = self.deferred, None return d def outReceived(self, data): self.buf += data def errReceived(self, data): self.problems += data def processEnded(self, reason): """ Called when the process has ended. @param reason: a Failure giving the reason for the process' end. """ if reason.value.exitCode != 0: self._getDeferred().errback( ConchError( "exit code was not 0: {} ({})".format( reason.value.exitCode, self.problems.decode("charmap"), ) ) ) else: buf = self.buf.replace(b"\r\n", b"\n") self._getDeferred().callback(buf) class ConchTestForwardingProcess(protocol.ProcessProtocol): """ Manages a third-party process which launches a server. Uses L{ConchTestForwardingPort} to connect to the third-party server. Once L{ConchTestForwardingPort} has disconnected, kill the process and fire a Deferred with the data received by the L{ConchTestForwardingPort}. @ivar deferred: Set by whatever uses this object. Accessed using L{_getDeferred}, which destroys the value so the Deferred is not fired twice. Fires when the process is terminated. """ deferred = None def __init__(self, port, data): """ @type port: L{int} @param port: The port on which the third-party server is listening. (it is assumed that the server is running on localhost). @type data: L{str} @param data: This is sent to the third-party server. Must end with '\n' in order to trigger a disconnect. """ self.port = port self.buffer = None self.data = data def _getDeferred(self): d, self.deferred = self.deferred, None return d def connectionMade(self): self._connect() def _connect(self): """ Connect to the server, which is often a third-party process. Tries to reconnect if it fails because we have no way of determining exactly when the port becomes available for listening -- we can only know when the process starts. """ cc = protocol.ClientCreator(reactor, ConchTestForwardingPort, self, self.data) d = cc.connectTCP("127.0.0.1", self.port) d.addErrback(self._ebConnect) return d def _ebConnect(self, f): reactor.callLater(0.1, self._connect) def forwardingPortDisconnected(self, buffer): """ The network connection has died; save the buffer of output from the network and attempt to quit the process gracefully, and then (after the reactor has spun) send it a KILL signal. """ self.buffer = buffer self.transport.write(b"\x03") self.transport.loseConnection() reactor.callLater(0, self._reallyDie) def _reallyDie(self): try: self.transport.signalProcess("KILL") except ProcessExitedAlready: pass def processEnded(self, reason): """ Fire the Deferred at self.deferred with the data collected from the L{ConchTestForwardingPort} connection, if any. """ self._getDeferred().callback(self.buffer) class ConchTestForwardingPort(protocol.Protocol): """ Connects to server launched by a third-party process (managed by L{ConchTestForwardingProcess}) sends data, then reports whatever it received back to the L{ConchTestForwardingProcess} once the connection is ended. """ def __init__(self, protocol, data): """ @type protocol: L{ConchTestForwardingProcess} @param protocol: The L{ProcessProtocol} which made this connection. @type data: str @param data: The data to be sent to the third-party server. """ self.protocol = protocol self.data = data def connectionMade(self): self.buffer = b"" self.transport.write(self.data) def dataReceived(self, data): self.buffer += data def connectionLost(self, reason): self.protocol.forwardingPortDisconnected(self.buffer) def _makeArgs(args, mod="conch"): start = [ sys.executable, "-c" """ ### Twisted Preamble import sys, os path = os.path.abspath(sys.argv[0]) while os.path.dirname(path) != path: if os.path.basename(path).startswith('Twisted'): sys.path.insert(0, path) break path = os.path.dirname(path) from twisted.conch.scripts.%s import run run()""" % mod, ] madeArgs = [] for arg in start + list(args): if isinstance(arg, str): arg = arg.encode("utf-8") madeArgs.append(arg) return madeArgs class ConchServerSetupMixin: if not cryptography: skip = "can't run without cryptography" if not pyasn1: skip = "Cannot run without PyASN1" @staticmethod def realmFactory(): return ConchTestRealm(b"testuser") def _createFiles(self): for f in ["rsa_test", "rsa_test.pub", "dsa_test", "dsa_test.pub", "kh_test"]: if os.path.exists(f): os.remove(f) with open("rsa_test", "wb") as f: f.write(privateRSA_openssh) with open("rsa_test.pub", "wb") as f: f.write(publicRSA_openssh) with open("dsa_test.pub", "wb") as f: f.write(publicDSA_openssh) with open("dsa_test", "wb") as f: f.write(privateDSA_openssh) os.chmod("dsa_test", 0o600) os.chmod("rsa_test", 0o600) permissions = FilePath("dsa_test").getPermissions() if permissions.group.read or permissions.other.read: raise SkipTest( "private key readable by others despite chmod;" " possible windows permission issue?" " see https://tm.tl/9767" ) with open("kh_test", "wb") as f: f.write(b"127.0.0.1 " + publicRSA_openssh) def _getFreePort(self): s = socket.socket() s.bind(("", 0)) port = s.getsockname()[1] s.close() return port def _makeConchFactory(self): """ Make a L{ConchTestServerFactory}, which allows us to start a L{ConchTestServer} -- i.e. an actually listening conch. """ realm = self.realmFactory() p = portal.Portal(realm) p.registerChecker(conchTestPublicKeyChecker()) factory = ConchTestServerFactory() factory.portal = p return factory def setUp(self): self._createFiles() self.conchFactory = self._makeConchFactory() self.conchFactory.expectedLoseConnection = 1 self.conchServer = reactor.listenTCP( 0, self.conchFactory, interface="127.0.0.1" ) self.echoServer = reactor.listenTCP(0, EchoFactory()) self.echoPort = self.echoServer.getHost().port if HAS_IPV6: self.echoServerV6 = reactor.listenTCP(0, EchoFactory(), interface="::1") self.echoPortV6 = self.echoServerV6.getHost().port def tearDown(self): try: self.conchFactory.proto.done = 1 except AttributeError: pass else: self.conchFactory.proto.transport.loseConnection() deferreds = [ defer.maybeDeferred(self.conchServer.stopListening), defer.maybeDeferred(self.echoServer.stopListening), ] if HAS_IPV6: deferreds.append(defer.maybeDeferred(self.echoServerV6.stopListening)) return defer.gatherResults(deferreds) class ForwardingMixin(ConchServerSetupMixin): """ Template class for tests of the Conch server's ability to forward arbitrary protocols over SSH. These tests are integration tests, not unit tests. They launch a Conch server, a custom TCP server (just an L{EchoProtocol}) and then call L{execute}. L{execute} is implemented by subclasses of L{ForwardingMixin}. It should cause an SSH client to connect to the Conch server, asking it to forward data to the custom TCP server. """ def test_exec(self): """ Test that we can use whatever client to send the command "echo goodbye" to the Conch server. Make sure we receive "goodbye" back from the server. """ d = self.execute("echo goodbye", ConchTestOpenSSHProcess()) return d.addCallback(self.assertEqual, b"goodbye\n") def test_localToRemoteForwarding(self): """ Test that we can use whatever client to forward a local port to a specified port on the server. """ localPort = self._getFreePort() process = ConchTestForwardingProcess(localPort, b"test\n") d = self.execute( "", process, sshArgs="-N -L%i:127.0.0.1:%i" % (localPort, self.echoPort) ) d.addCallback(self.assertEqual, b"test\n") return d def test_remoteToLocalForwarding(self): """ Test that we can use whatever client to forward a port from the server to a port locally. """ localPort = self._getFreePort() process = ConchTestForwardingProcess(localPort, b"test\n") d = self.execute( "", process, sshArgs="-N -R %i:127.0.0.1:%i" % (localPort, self.echoPort) ) d.addCallback(self.assertEqual, b"test\n") return d # Conventionally there is a separate adapter object which provides ISession for # the user, but making the user provide ISession directly works too. This isn't # a full implementation of ISession though, just enough to make these tests # pass. @implementer(ISession) class RekeyAvatar(ConchUser): """ This avatar implements a shell which sends 60 numbered lines to whatever connects to it, then closes the session with a 0 exit status. 60 lines is selected as being enough to send more than 2kB of traffic, the amount the client is configured to initiate a rekey after. """ def __init__(self): ConchUser.__init__(self) self.channelLookup[b"session"] = SSHSession def openShell(self, transport): """ Write 60 lines of data to the transport, then exit. """ proto = protocol.Protocol() proto.makeConnection(transport) transport.makeConnection(wrapProtocol(proto)) # Send enough bytes to the connection so that a rekey is triggered in # the client. def write(counter): i = next(counter) if i == 60: call.stop() transport.session.conn.sendRequest( transport.session, b"exit-status", b"\x00\x00\x00\x00" ) transport.loseConnection() else: line = "line #%02d\n" % (i,) line = line.encode("utf-8") transport.write(line) # The timing for this loop is an educated guess (and/or the result of # experimentation) to exercise the case where a packet is generated # mid-rekey. Since the other side of the connection is (so far) the # OpenSSH command line client, there's no easy way to determine when the # rekey has been initiated. If there were, then generating a packet # immediately at that time would be a better way to test the # functionality being tested here. call = LoopingCall(write, count()) call.start(0.01) def closed(self): """ Ignore the close of the session. """ def eofReceived(self): # ISession.eofReceived pass def execCommand(self, proto, command): # ISession.execCommand pass def getPty(self, term, windowSize, modes): # ISession.getPty pass def windowChanged(self, newWindowSize): # ISession.windowChanged pass class RekeyRealm: """ This realm gives out new L{RekeyAvatar} instances for any avatar request. """ def requestAvatar(self, avatarID, mind, interfaces): return interfaces[0], RekeyAvatar(), lambda: None class RekeyTestsMixin(ConchServerSetupMixin): """ TestCase mixin which defines tests exercising L{SSHTransportBase}'s handling of rekeying messages. """ realmFactory = RekeyRealm def test_clientRekey(self): """ After a client-initiated rekey is completed, application data continues to be passed over the SSH connection. """ process = ConchTestOpenSSHProcess() d = self.execute("", process, "-o RekeyLimit=2K") def finished(result): expectedResult = "\n".join(["line #%02d" % (i,) for i in range(60)]) + "\n" expectedResult = expectedResult.encode("utf-8") self.assertEqual(result, expectedResult) d.addCallback(finished) return d class OpenSSHClientMixin: if not which("ssh"): skip = "no ssh command-line client available" def execute(self, remoteCommand, process, sshArgs=""): """ Connects to the SSH server started in L{ConchServerSetupMixin.setUp} by running the 'ssh' command line tool. @type remoteCommand: str @param remoteCommand: The command (with arguments) to run on the remote end. @type process: L{ConchTestOpenSSHProcess} @type sshArgs: str @param sshArgs: Arguments to pass to the 'ssh' process. @return: L{defer.Deferred} """ # PubkeyAcceptedKeyTypes does not exist prior to OpenSSH 7.0 so we # first need to check if we can set it. If we can, -V will just print # the version without doing anything else; if we can't, we will get a # configuration error. d = getProcessValue( which("ssh")[0], ("-o", "PubkeyAcceptedKeyTypes=ssh-dss", "-V") ) def hasPAKT(status): if status == 0: opts = "-oPubkeyAcceptedKeyTypes=ssh-dss " else: opts = "" process.deferred = defer.Deferred() # Pass -F /dev/null to avoid the user's configuration file from # being loaded, as it may contain settings that cause our tests to # fail or hang. cmdline = ( ( "ssh -2 -l testuser -p %i " "-F /dev/null " "-oUserKnownHostsFile=kh_test " "-oPasswordAuthentication=no " # Always use the RSA key, since that's the one in kh_test. "-oHostKeyAlgorithms=ssh-rsa " "-a " "-i dsa_test " ) + opts + sshArgs + " 127.0.0.1 " + remoteCommand ) port = self.conchServer.getHost().port cmds = (cmdline % port).split() encodedCmds = [] for cmd in cmds: if isinstance(cmd, str): cmd = cmd.encode("utf-8") encodedCmds.append(cmd) reactor.spawnProcess(process, which("ssh")[0], encodedCmds) return process.deferred return d.addCallback(hasPAKT) class OpenSSHKeyExchangeTests(ConchServerSetupMixin, OpenSSHClientMixin, TestCase): """ Tests L{SSHTransportBase}'s key exchange algorithm compatibility with OpenSSH. """ def assertExecuteWithKexAlgorithm(self, keyExchangeAlgo): """ Call execute() method of L{OpenSSHClientMixin} with an ssh option that forces the exclusive use of the key exchange algorithm specified by keyExchangeAlgo @type keyExchangeAlgo: L{str} @param keyExchangeAlgo: The key exchange algorithm to use @return: L{defer.Deferred} """ kexAlgorithms = [] try: output = subprocess.check_output( [which("ssh")[0], "-Q", "kex"], stderr=subprocess.STDOUT ) if not isinstance(output, str): output = output.decode("utf-8") kexAlgorithms = output.split() except BaseException: pass if keyExchangeAlgo not in kexAlgorithms: raise SkipTest(f"{keyExchangeAlgo} not supported by ssh client") d = self.execute( "echo hello", ConchTestOpenSSHProcess(), "-oKexAlgorithms=" + keyExchangeAlgo, ) return d.addCallback(self.assertEqual, b"hello\n") def test_ECDHSHA256(self): """ The ecdh-sha2-nistp256 key exchange algorithm is compatible with OpenSSH """ return self.assertExecuteWithKexAlgorithm("ecdh-sha2-nistp256") def test_ECDHSHA384(self): """ The ecdh-sha2-nistp384 key exchange algorithm is compatible with OpenSSH """ return self.assertExecuteWithKexAlgorithm("ecdh-sha2-nistp384") def test_ECDHSHA521(self): """ The ecdh-sha2-nistp521 key exchange algorithm is compatible with OpenSSH """ return self.assertExecuteWithKexAlgorithm("ecdh-sha2-nistp521") def test_DH_GROUP14(self): """ The diffie-hellman-group14-sha1 key exchange algorithm is compatible with OpenSSH. """ return self.assertExecuteWithKexAlgorithm("diffie-hellman-group14-sha1") def test_DH_GROUP_EXCHANGE_SHA1(self): """ The diffie-hellman-group-exchange-sha1 key exchange algorithm is compatible with OpenSSH. """ return self.assertExecuteWithKexAlgorithm("diffie-hellman-group-exchange-sha1") def test_DH_GROUP_EXCHANGE_SHA256(self): """ The diffie-hellman-group-exchange-sha256 key exchange algorithm is compatible with OpenSSH. """ return self.assertExecuteWithKexAlgorithm( "diffie-hellman-group-exchange-sha256" ) def test_unsupported_algorithm(self): """ The list of key exchange algorithms supported by OpenSSH client is obtained with C{ssh -Q kex}. """ self.assertRaises( SkipTest, self.assertExecuteWithKexAlgorithm, "unsupported-algorithm" ) class OpenSSHClientForwardingTests(ForwardingMixin, OpenSSHClientMixin, TestCase): """ Connection forwarding tests run against the OpenSSL command line client. """ @skipIf(not HAS_IPV6, "Requires IPv6 support") def test_localToRemoteForwardingV6(self): """ Forwarding of arbitrary IPv6 TCP connections via SSH. """ localPort = self._getFreePort() process = ConchTestForwardingProcess(localPort, b"test\n") d = self.execute( "", process, sshArgs="-N -L%i:[::1]:%i" % (localPort, self.echoPortV6) ) d.addCallback(self.assertEqual, b"test\n") return d class OpenSSHClientRekeyTests(RekeyTestsMixin, OpenSSHClientMixin, TestCase): """ Rekeying tests run against the OpenSSL command line client. """ class CmdLineClientTests(ForwardingMixin, TestCase): """ Connection forwarding tests run against the Conch command line client. """ if runtime.platformType == "win32": skip = "can't run cmdline client on win32" def execute(self, remoteCommand, process, sshArgs="", conchArgs=None): """ As for L{OpenSSHClientTestCase.execute}, except it runs the 'conch' command line tool, not 'ssh'. """ if conchArgs is None: conchArgs = [] process.deferred = defer.Deferred() port = self.conchServer.getHost().port cmd = ( "-p {} -l testuser " "--known-hosts kh_test " "--user-authentications publickey " "-a " "-i dsa_test " "-v ".format(port) + sshArgs + " 127.0.0.1 " + remoteCommand ) cmds = _makeArgs(conchArgs + cmd.split()) env = os.environ.copy() env["PYTHONPATH"] = os.pathsep.join(sys.path) encodedCmds = [] encodedEnv = {} for cmd in cmds: if isinstance(cmd, str): cmd = cmd.encode("utf-8") encodedCmds.append(cmd) for var in env: val = env[var] if isinstance(var, str): var = var.encode("utf-8") if isinstance(val, str): val = val.encode("utf-8") encodedEnv[var] = val reactor.spawnProcess(process, sys.executable, encodedCmds, env=encodedEnv) return process.deferred def test_runWithLogFile(self): """ It can store logs to a local file. """ def cb_check_log(result): logContent = logPath.getContent() self.assertIn(b"Log opened.", logContent) logPath = filepath.FilePath(self.mktemp()) d = self.execute( remoteCommand="echo goodbye", process=ConchTestOpenSSHProcess(), conchArgs=[ "--log", "--logfile", logPath.path, "--host-key-algorithms", "ssh-rsa", ], ) d.addCallback(self.assertEqual, b"goodbye\n") d.addCallback(cb_check_log) return d def test_runWithNoHostAlgorithmsSpecified(self): """ Do not use --host-key-algorithms flag on command line. """ d = self.execute( remoteCommand="echo goodbye", process=ConchTestOpenSSHProcess() ) d.addCallback(self.assertEqual, b"goodbye\n") return d ��test/test_session.py��0000644��00000127371�15027667726�0010654 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for the 'session' channel implementation in twisted.conch.ssh.session. See also RFC 4254. """ import os import signal import struct import sys from unittest import skipIf from zope.interface import implementer from twisted.internet import defer, error, protocol from twisted.internet.address import IPv4Address from twisted.internet.error import ProcessDone, ProcessTerminated from twisted.python import components, failure from twisted.python.failure import Failure from twisted.python.reflect import requireModule from twisted.python.test.test_components import RegistryUsingMixin from twisted.trial.unittest import TestCase cryptography = requireModule("cryptography") if cryptography: from twisted.conch.ssh import common, connection, session else: class session: # type: ignore[no-redef] from twisted.conch.interfaces import ( EnvironmentVariableNotPermitted, ISession, ISessionSetEnv, ) class SubsystemOnlyAvatar: """ A stub class representing an avatar that is only useful for getting a subsystem. """ def lookupSubsystem(self, name, data): """ If the other side requests the 'subsystem' subsystem, allow it by returning a MockProtocol to implement it. Otherwise raise an assertion. """ assert name == b"subsystem" return MockProtocol() class StubAvatar: """ A stub class representing the avatar representing the authenticated user. It implements the I{ISession} interface. """ def lookupSubsystem(self, name, data): """ If the user requests the TestSubsystem subsystem, connect them to a MockProtocol. If they request neither, then None is returned which is interpreted by SSHSession as a failure. """ if name == b"TestSubsystem": self.subsystem = MockProtocol() self.subsystem.packetData = data return self.subsystem @implementer(session.ISession) class StubSessionForStubAvatar: """ A stub ISession implementation for our StubAvatar. The instance variables generally keep track of method invocations so that we can test that the methods were called. @ivar avatar: the L{StubAvatar} we are adapting. @ivar ptyRequest: if present, the terminal, window size, and modes passed to the getPty method. @ivar windowChange: if present, the window size passed to the windowChangned method. @ivar shellProtocol: if present, the L{SSHSessionProcessProtocol} passed to the openShell method. @ivar shellTransport: if present, the L{EchoTransport} connected to shellProtocol. @ivar execProtocol: if present, the L{SSHSessionProcessProtocol} passed to the execCommand method. @ivar execTransport: if present, the L{EchoTransport} connected to execProtocol. @ivar execCommandLine: if present, the command line passed to the execCommand method. @ivar gotEOF: if present, an EOF message was received. @ivar gotClosed: if present, a closed message was received. """ def __init__(self, avatar): """ Store the avatar we're adapting. """ self.avatar = avatar self.shellProtocol = None def getPty(self, terminal, window, modes): """ If the terminal is 'bad', fail. Otherwise, store the information in the ptyRequest variable. """ if terminal != b"bad": self.ptyRequest = (terminal, window, modes) else: raise RuntimeError("not getting a pty") def windowChanged(self, window): """ If all the window sizes are 0, fail. Otherwise, store the size in the windowChange variable. """ if window == (0, 0, 0, 0): raise RuntimeError("not changing the window size") else: self.windowChange = window def openShell(self, pp): """ If we have gotten a shell request before, fail. Otherwise, store the process protocol in the shellProtocol variable, connect it to the EchoTransport and store that as shellTransport. """ if self.shellProtocol is not None: raise RuntimeError("not getting a shell this time") else: self.shellProtocol = pp self.shellTransport = EchoTransport(pp) def execCommand(self, pp, command): """ If the command is 'true', store the command, the process protocol, and the transport we connect to the process protocol. Otherwise, just store the command and raise an error. """ self.execCommandLine = command if command == b"success": self.execProtocol = pp elif command[:6] == b"repeat": self.execProtocol = pp self.execTransport = EchoTransport(pp) pp.outReceived(command[7:]) else: raise RuntimeError("not getting a command") def eofReceived(self): """ Note that EOF has been received. """ self.gotEOF = True def closed(self): """ Note that close has been received. """ self.gotClosed = True @implementer(session.ISessionSetEnv) class StubSessionForStubAvatarWithEnv(StubSessionForStubAvatar): """ Same as StubSessionForStubAvatar, but supporting environment variables setting. End users would want to have the same class annotated with C{@implementer(session.ISession, session.ISessionSetEnv)}. The interfaces are split for backwards compatibility, so we split it here to test this compatibility too. @ivar environ: a L{dict} of environment variables passed to the setEnv method. """ def __init__(self, avatar): super().__init__(avatar) # The representation of the environment as updated by remote requests. self.environ = {} # A snapshot of the environment when PTY request is received. self.environAtPty = {} def setEnv(self, name, value): """ If the requested environment variable is 'FAIL', fail. If it is 'IGNORED', raise EnvironmentVariableNotPermitted, which should cause it to be silently ignored. Otherwise, store the requested environment variable. (Real applications should normally implement an allowed list rather than a blocked list.) """ if name == b"FAIL": raise RuntimeError("disallowed environment variable name") elif name == b"IGNORED": raise session.EnvironmentVariableNotPermitted( "ignored environment variable name" ) else: self.environ[name] = value def getPty(self, term, windowSize, modes): """ Just a simple implementation which records the current environment when PTY is requested. """ self.environAtPty = self.environ.copy() class EchoTransport: """ A transport for a ProcessProtocol which echos data that is sent to it with a Window newline (CR LF) appended to it. If a null byte is in the data, disconnect. When we are asked to disconnect, disconnect the C{ProcessProtocol} with a 0 exit code. @ivar proto: the C{ProcessProtocol} connected to us. @ivar data: a L{bytes} of data written to us. """ def __init__(self, processProtocol): """ Initialize our instance variables. @param processProtocol: a C{ProcessProtocol} to connect to ourself. """ self.proto = processProtocol self.closed = False self.data = b"" processProtocol.makeConnection(self) def write(self, data): """ We got some data. Give it back to our C{ProcessProtocol} with a newline attached. Disconnect if there's a null byte. """ self.data += data self.proto.outReceived(data) self.proto.outReceived(b"\r\n") if b"\x00" in data: # mimic 'exit' for the shell test self.loseConnection() def loseConnection(self): """ If we're asked to disconnect (and we haven't already) shut down the C{ProcessProtocol} with a 0 exit code. """ if self.closed: return self.closed = 1 self.proto.inConnectionLost() self.proto.outConnectionLost() self.proto.errConnectionLost() self.proto.processEnded(failure.Failure(error.ProcessTerminated(0, None, None))) class MockProtocol(protocol.Protocol): """ A sample Protocol which stores the data passed to it. @ivar packetData: a L{bytes} of data to be sent when the connection is made. @ivar data: a L{bytes} of the data passed to us. @ivar open: True if the channel is open. @ivar reason: if not None, the reason the protocol was closed. """ packetData = b"" def connectionMade(self): """ Set up the instance variables. If we have any packetData, send it along. """ self.data = b"" self.open = True self.reason = None if self.packetData: self.dataReceived(self.packetData) def dataReceived(self, data): """ Store the received data and write it back with a tilde appended. The tilde is appended so that the tests can verify that we processed the data. """ self.data += data self.transport.write(data + b"~") def connectionLost(self, reason): """ Close the protocol and store the reason. """ self.open = False self.reason = reason class StubConnection: """ A stub for twisted.conch.ssh.connection.SSHConnection. Record the data that channels send, and when they try to close the connection. @ivar data: a L{dict} mapping C{SSHChannel}s to a C{list} of L{bytes} of data they sent. @ivar extData: a L{dict} mapping L{SSHChannel}s to a C{list} of L{tuple} of (L{int}, L{bytes}) of extended data they sent. @ivar requests: a L{dict} mapping L{SSHChannel}s to a C{list} of L{tuple} of (L{str}, L{bytes}) of channel requests they made. @ivar eofs: a L{dict} mapping L{SSHChannel}s to C{true} if they have sent an EOF. @ivar closes: a L{dict} mapping L{SSHChannel}s to C{true} if they have sent a close. """ def __init__(self, transport=None): """ Initialize our instance variables. """ self.data = {} self.extData = {} self.requests = {} self.eofs = {} self.closes = {} self.transport = transport def logPrefix(self): """ Return our logging prefix. """ return "MockConnection" def sendData(self, channel, data): """ Record the sent data. """ self.data.setdefault(channel, []).append(data) def sendExtendedData(self, channel, type, data): """ Record the sent extended data. """ self.extData.setdefault(channel, []).append((type, data)) def sendRequest(self, channel, request, data, wantReply=False): """ Record the sent channel request. """ self.requests.setdefault(channel, []).append((request, data, wantReply)) if wantReply: return defer.succeed(None) def sendEOF(self, channel): """ Record the sent EOF. """ self.eofs[channel] = True def sendClose(self, channel): """ Record the sent close. """ self.closes[channel] = True class StubTransport: """ A stub transport which records the data written. @ivar buf: the data sent to the transport. @type buf: L{bytes} @ivar close: flags indicating if the transport has been closed. @type close: L{bool} """ buf = b"" close = False def getPeer(self): """ Return an arbitrary L{IAddress}. """ return IPv4Address("TCP", "remotehost", 8888) def getHost(self): """ Return an arbitrary L{IAddress}. """ return IPv4Address("TCP", "localhost", 9999) def write(self, data): """ Record data in the buffer. """ self.buf += data def loseConnection(self): """ Note that the connection was closed. """ self.close = True def setTcpNoDelay(self, enabled): """ Pretend to set C{TCP_NODELAY}. """ # Required for testing SSHSessionForUnixConchUser. class StubTransportWithWriteErr(StubTransport): """ A version of StubTransport which records the error data sent to it. @ivar err: the extended data sent to the transport. @type err: L{bytes} """ err = b"" def writeErr(self, data): """ Record the extended data in the buffer. This was an old interface that allowed the Transports from ISession.openShell() or ISession.execCommand() to receive extended data from the client. """ self.err += data class StubClient: """ A stub class representing the client to a SSHSession. @ivar transport: A L{StubTransport} object which keeps track of the data passed to it. """ def __init__(self): self.transport = StubTransportWithWriteErr() class SessionInterfaceTests(RegistryUsingMixin, TestCase): """ Tests for the SSHSession class interface. This interface is not ideal, but it is tested in order to maintain backwards compatibility. """ if not cryptography: skip = "cannot run without cryptography" def setUp(self, register_adapters=True): """ Make an SSHSession object to test. Give the channel some window so that it's allowed to send packets. 500 and 100 are arbitrary values. """ RegistryUsingMixin.setUp(self) self.session = self.getSSHSession() if register_adapters: components.registerAdapter( StubSessionForStubAvatarWithEnv, StubAvatar, session.ISession ) self.session = self.getSSHSession() def getSSHSession(self, register_adapters=True): """ Return a new SSH session. """ return session.SSHSession( remoteWindow=500, remoteMaxPacket=100, conn=StubConnection(), avatar=StubAvatar(), ) def assertSessionIsStubSession(self): """ Asserts that self.session.session is an instance of StubSessionForStubOldAvatar. """ self.assertIsInstance(self.session.session, StubSessionForStubAvatar) def test_init(self): """ SSHSession initializes its buffer (buf), client, and ISession adapter. The avatar should not need to be adaptable to an ISession immediately. """ s = session.SSHSession(avatar=object) # use object because it doesn't # have an adapter self.assertEqual(s.buf, b"") self.assertIsNone(s.client) self.assertIsNone(s.session) def test_client_dataReceived(self): """ SSHSession.dataReceived() passes data along to a client. If the data comes before there is a client, the data should be discarded. """ self.session.dataReceived(b"1") self.session.client = StubClient() self.session.dataReceived(b"2") self.assertEqual(self.session.client.transport.buf, b"2") def test_client_extReceived(self): """ SSHSession.extReceived() passed data of type EXTENDED_DATA_STDERR along to the client. If the data comes before there is a client, or if the data is not of type EXTENDED_DATA_STDERR, it is discared. """ self.session.extReceived(connection.EXTENDED_DATA_STDERR, b"1") self.session.extReceived(255, b"2") # 255 is arbitrary self.session.client = StubClient() self.session.extReceived(connection.EXTENDED_DATA_STDERR, b"3") self.assertEqual(self.session.client.transport.err, b"3") def test_client_extReceivedWithoutWriteErr(self): """ SSHSession.extReceived() should handle the case where the transport on the client doesn't have a writeErr method. """ client = self.session.client = StubClient() client.transport = StubTransport() # doesn't have writeErr # should not raise an error self.session.extReceived(connection.EXTENDED_DATA_STDERR, b"ignored") def test_client_closed(self): """ SSHSession.closed() should tell the transport connected to the client that the connection was lost. """ self.session.client = StubClient() self.session.closed() self.assertTrue(self.session.client.transport.close) self.session.client.transport.close = False def test_badSubsystemDoesNotCreateClient(self): """ When a subsystem request fails, SSHSession.client should not be set. """ ret = self.session.requestReceived(b"subsystem", common.NS(b"BadSubsystem")) self.assertFalse(ret) self.assertIsNone(self.session.client) def test_lookupSubsystem(self): """ When a client requests a subsystem, the SSHSession object should get the subsystem by calling avatar.lookupSubsystem, and attach it as the client. """ ret = self.session.requestReceived( b"subsystem", common.NS(b"TestSubsystem") + b"data" ) self.assertTrue(ret) self.assertIsInstance(self.session.client, protocol.ProcessProtocol) self.assertIs( self.session.client.transport.proto, self.session.avatar.subsystem ) def test_lookupSubsystemDoesNotNeedISession(self): """ Previously, if one only wanted to implement a subsystem, an ISession adapter wasn't needed because subsystems were looked up using the lookupSubsystem method on the avatar. """ s = session.SSHSession(avatar=SubsystemOnlyAvatar(), conn=StubConnection()) ret = s.request_subsystem(common.NS(b"subsystem") + b"data") self.assertTrue(ret) self.assertIsNotNone(s.client) self.assertIsNone(s.conn.closes.get(s)) s.eofReceived() self.assertTrue(s.conn.closes.get(s)) # these should not raise errors s.loseConnection() s.closed() def test_lookupSubsystem_data(self): """ After having looked up a subsystem, data should be passed along to the client. Additionally, subsystems were passed the entire request packet as data, instead of just the additional data. We check for the additional tidle to verify that the data passed through the client. """ # self.session.dataReceived('1') # subsystems didn't get extended data # self.session.extReceived(connection.EXTENDED_DATA_STDERR, '2') self.session.requestReceived( b"subsystem", common.NS(b"TestSubsystem") + b"data" ) self.assertEqual( self.session.conn.data[self.session], [b"\x00\x00\x00\x0dTestSubsystemdata~"], ) self.session.dataReceived(b"more data") self.assertEqual(self.session.conn.data[self.session][-1], b"more data~") def test_lookupSubsystem_closeReceived(self): """ SSHSession.closeReceived() should sent a close message to the remote side. """ self.session.requestReceived( b"subsystem", common.NS(b"TestSubsystem") + b"data" ) self.session.closeReceived() self.assertTrue(self.session.conn.closes[self.session]) def assertRequestRaisedRuntimeError(self): """ Assert that the request we just made raised a RuntimeError (and only a RuntimeError). """ errors = self.flushLoggedErrors(RuntimeError) self.assertEqual( len(errors), 1, "Multiple RuntimeErrors raised: %s" % "\n".join([repr(error) for error in errors]), ) errors[0].trap(RuntimeError) def test_requestShell(self): """ When a client requests a shell, the SSHSession object should get the shell by getting an ISession adapter for the avatar, then calling openShell() with a ProcessProtocol to attach. """ # gets a shell the first time ret = self.session.requestReceived(b"shell", b"") self.assertTrue(ret) self.assertSessionIsStubSession() self.assertIsInstance(self.session.client, session.SSHSessionProcessProtocol) self.assertIs(self.session.session.shellProtocol, self.session.client) # doesn't get a shell the second time self.assertFalse(self.session.requestReceived(b"shell", b"")) self.assertRequestRaisedRuntimeError() def test_requestShellWithData(self): """ When a client executes a shell, it should be able to give pass data back and forth between the local and the remote side. """ ret = self.session.requestReceived(b"shell", b"") self.assertTrue(ret) self.assertSessionIsStubSession() self.session.dataReceived(b"some data\x00") self.assertEqual(self.session.session.shellTransport.data, b"some data\x00") self.assertEqual( self.session.conn.data[self.session], [b"some data\x00", b"\r\n"] ) self.assertTrue(self.session.session.shellTransport.closed) self.assertEqual( self.session.conn.requests[self.session], [(b"exit-status", b"\x00\x00\x00\x00", False)], ) def test_requestExec(self): """ When a client requests a command, the SSHSession object should get the command by getting an ISession adapter for the avatar, then calling execCommand with a ProcessProtocol to attach and the command line. """ ret = self.session.requestReceived(b"exec", common.NS(b"failure")) self.assertFalse(ret) self.assertRequestRaisedRuntimeError() self.assertIsNone(self.session.client) self.assertTrue(self.session.requestReceived(b"exec", common.NS(b"success"))) self.assertSessionIsStubSession() self.assertIsInstance(self.session.client, session.SSHSessionProcessProtocol) self.assertIs(self.session.session.execProtocol, self.session.client) self.assertEqual(self.session.session.execCommandLine, b"success") def test_requestExecWithData(self): """ When a client executes a command, it should be able to give pass data back and forth. """ ret = self.session.requestReceived(b"exec", common.NS(b"repeat hello")) self.assertTrue(ret) self.assertSessionIsStubSession() self.session.dataReceived(b"some data") self.assertEqual(self.session.session.execTransport.data, b"some data") self.assertEqual( self.session.conn.data[self.session], [b"hello", b"some data", b"\r\n"] ) self.session.eofReceived() self.session.closeReceived() self.session.closed() self.assertTrue(self.session.session.execTransport.closed) self.assertEqual( self.session.conn.requests[self.session], [(b"exit-status", b"\x00\x00\x00\x00", False)], ) def test_requestPty(self): """ When a client requests a PTY, the SSHSession object should make the request by getting an ISession adapter for the avatar, then calling getPty with the terminal type, the window size, and any modes the client gave us. """ # Cleanup the registered adapters from setUp. self.doCleanups() self.setUp(register_adapters=False) components.registerAdapter( StubSessionForStubAvatar, StubAvatar, session.ISession ) test_session = self.getSSHSession() # 'bad' terminal type fails ret = test_session.requestReceived( b"pty_req", session.packRequest_pty_req(b"bad", (1, 2, 3, 4), b"") ) self.assertFalse(ret) self.assertIsInstance(test_session.session, StubSessionForStubAvatar) self.assertRequestRaisedRuntimeError() # 'good' terminal type succeeds self.assertTrue( test_session.requestReceived( b"pty_req", session.packRequest_pty_req(b"good", (1, 2, 3, 4), b"") ) ) self.assertEqual(test_session.session.ptyRequest, (b"good", (1, 2, 3, 4), [])) def test_setEnv(self): """ When a client requests passing an environment variable, the SSHSession object should make the request by getting an ISessionSetEnv adapter for the avatar, then calling setEnv with the environment variable name and value. """ # Blocked environment variable name fails. self.assertFalse( self.session.requestReceived(b"env", common.NS(b"FAIL") + common.NS(b"bad")) ) self.assertIsInstance(self.session.session, StubSessionForStubAvatarWithEnv) self.assertRequestRaisedRuntimeError() # An environment variable name for which setEnv raises # EnvironmentVariableNotPermitted is silently ignored. self.assertFalse( self.session.requestReceived( b"env", common.NS(b"IGNORED") + common.NS(b"ignored") ) ) self.assertEqual(self.flushLoggedErrors(), []) # Allowed environment variable name succeeds. self.assertTrue( self.session.requestReceived( b"env", common.NS(b"NAME") + common.NS(b"value") ) ) self.assertEqual(self.session.session.environ, {b"NAME": b"value"}) def test_setEnvSessionShare(self): """ Multiple setenv requests will share the same session. """ test_session = self.getSSHSession() self.assertTrue( test_session.requestReceived( b"env", common.NS(b"Key1") + common.NS(b"Value 1") ) ) self.assertTrue( test_session.requestReceived( b"env", common.NS(b"Key2") + common.NS(b"Value2") ) ) self.assertIsInstance(test_session.session, StubSessionForStubAvatarWithEnv) self.assertEqual( {b"Key1": b"Value 1", b"Key2": b"Value2"}, test_session.session.environ ) def test_setEnvMultiplexShare(self): """ Calling another session service after setenv will provide the previous session with the environment variables. """ test_session = self.getSSHSession() test_session.requestReceived(b"env", common.NS(b"Key1") + common.NS(b"Value 1")) test_session.requestReceived(b"env", common.NS(b"Key2") + common.NS(b"Value2")) test_session.requestReceived( b"pty_req", session.packRequest_pty_req(b"term", (0, 0, 0, 0), b"") ) self.assertIsInstance(test_session.session, StubSessionForStubAvatarWithEnv) self.assertEqual( {b"Key1": b"Value 1", b"Key2": b"Value2"}, test_session.session.environAtPty ) def test_setEnvNotProvidingISessionSetEnv(self): """ If the avatar does not have an ISessionSetEnv adapter, then a request to pass an environment variable fails gracefully. """ # Cleanup the registered adapters. self.doCleanups() self.setUp(register_adapters=False) # Register a ISession adapter that does not support ISessionSetEnv. components.registerAdapter( StubSessionForStubAvatar, StubAvatar, session.ISession ) self.assertFalse( self.session.requestReceived( b"env", common.NS(b"NAME") + common.NS(b"value") ) ) def test_requestWindowChange(self): """ When the client requests to change the window size, the SSHSession object should make the request by getting an ISession adapter for the avatar, then calling windowChanged with the new window size. """ ret = self.session.requestReceived( b"window_change", session.packRequest_window_change((0, 0, 0, 0)) ) self.assertFalse(ret) self.assertRequestRaisedRuntimeError() self.assertSessionIsStubSession() self.assertTrue( self.session.requestReceived( b"window_change", session.packRequest_window_change((1, 2, 3, 4)) ) ) self.assertEqual(self.session.session.windowChange, (1, 2, 3, 4)) def test_eofReceived(self): """ When an EOF is received and an ISession adapter is present, it should be notified of the EOF message. """ self.session.session = session.ISession(self.session.avatar) self.session.eofReceived() self.assertTrue(self.session.session.gotEOF) def test_closeReceived(self): """ When a close is received, the session should send a close message. """ ret = self.session.closeReceived() self.assertIsNone(ret) self.assertTrue(self.session.conn.closes[self.session]) def test_closed(self): """ When a close is received and an ISession adapter is present, it should be notified of the close message. """ self.session.session = session.ISession(self.session.avatar) self.session.closed() self.assertTrue(self.session.session.gotClosed) class SessionWithNoAvatarTests(RegistryUsingMixin, TestCase): """ Test for the SSHSession interface. Several of the methods (request_shell, request_exec, request_pty_req, request_env, request_window_change) would create a 'session' instance variable from the avatar if one didn't exist when they were called. """ if not cryptography: skip = "cannot run without cryptography" def setUp(self): RegistryUsingMixin.setUp(self) components.registerAdapter( StubSessionForStubAvatar, StubAvatar, session.ISession ) self.session = session.SSHSession() self.session.avatar = StubAvatar() self.assertIsNone(self.session.session) def assertSessionProvidesISession(self): """ self.session.session should provide I{ISession}. """ self.assertTrue( session.ISession.providedBy(self.session.session), "ISession not provided by %r" % self.session.session, ) def test_requestShellGetsSession(self): """ If an ISession adapter isn't already present, request_shell should get one. """ self.session.requestReceived(b"shell", b"") self.assertSessionProvidesISession() def test_requestExecGetsSession(self): """ If an ISession adapter isn't already present, request_exec should get one. """ self.session.requestReceived(b"exec", common.NS(b"success")) self.assertSessionProvidesISession() def test_requestPtyReqGetsSession(self): """ If an ISession adapter isn't already present, request_pty_req should get one. """ self.session.requestReceived( b"pty_req", session.packRequest_pty_req(b"term", (0, 0, 0, 0), b"") ) self.assertSessionProvidesISession() def test_requestWindowChangeGetsSession(self): """ If an ISession adapter isn't already present, request_window_change should get one. """ self.session.requestReceived( b"window_change", session.packRequest_window_change((1, 1, 1, 1)) ) self.assertSessionProvidesISession() class WrappersTests(TestCase): """ A test for the wrapProtocol and wrapProcessProtocol functions. """ if not cryptography: skip = "cannot run without cryptography" def test_wrapProtocol(self): """ L{wrapProtocol}, when passed a L{Protocol} should return something that has write(), writeSequence(), loseConnection() methods which call the Protocol's dataReceived() and connectionLost() methods, respectively. """ protocol = MockProtocol() protocol.transport = StubTransport() protocol.connectionMade() wrapped = session.wrapProtocol(protocol) wrapped.dataReceived(b"dataReceived") self.assertEqual(protocol.transport.buf, b"dataReceived") wrapped.write(b"data") wrapped.writeSequence([b"1", b"2"]) wrapped.loseConnection() self.assertEqual(protocol.data, b"data12") protocol.reason.trap(error.ConnectionDone) def test_wrapProcessProtocol_Protocol(self): """ L{wrapPRocessProtocol}, when passed a L{Protocol} should return something that follows the L{IProcessProtocol} interface, with connectionMade() mapping to connectionMade(), outReceived() mapping to dataReceived() and processEnded() mapping to connectionLost(). """ protocol = MockProtocol() protocol.transport = StubTransport() process_protocol = session.wrapProcessProtocol(protocol) process_protocol.connectionMade() process_protocol.outReceived(b"data") self.assertEqual(protocol.transport.buf, b"data~") process_protocol.processEnded( failure.Failure(error.ProcessTerminated(0, None, None)) ) protocol.reason.trap(error.ProcessTerminated) class HelpersTests(TestCase): """ Tests for the 4 helper functions: parseRequest_* and packRequest_. """ if not cryptography: skip = "cannot run without cryptography" def test_parseRequest_pty_req(self): """ The payload of a pty-req message is:: string terminal uint32 columns uint32 rows uint32 x pixels uint32 y pixels string modes Modes are:: byte mode number uint32 mode value """ self.assertEqual( session.parseRequest_pty_req( common.NS(b"xterm") + struct.pack(">4L", 1, 2, 3, 4) + common.NS(struct.pack(">BL", 5, 6)) ), (b"xterm", (2, 1, 3, 4), [(5, 6)]), ) def test_packRequest_pty_req_old(self): """ See test_parseRequest_pty_req for the payload format. """ packed = session.packRequest_pty_req( b"xterm", (2, 1, 3, 4), b"\x05\x00\x00\x00\x06" ) self.assertEqual( packed, common.NS(b"xterm") + struct.pack(">4L", 1, 2, 3, 4) + common.NS(struct.pack(">BL", 5, 6)), ) def test_packRequest_pty_req(self): """ See test_parseRequest_pty_req for the payload format. """ packed = session.packRequest_pty_req( b"xterm", (2, 1, 3, 4), b"\x05\x00\x00\x00\x06" ) self.assertEqual( packed, common.NS(b"xterm") + struct.pack(">4L", 1, 2, 3, 4) + common.NS(struct.pack(">BL", 5, 6)), ) def test_parseRequest_window_change(self): """ The payload of a window_change request is:: uint32 columns uint32 rows uint32 x pixels uint32 y pixels parseRequest_window_change() returns (rows, columns, x pixels, y pixels). """ self.assertEqual( session.parseRequest_window_change(struct.pack(">4L", 1, 2, 3, 4)), (2, 1, 3, 4), ) def test_packRequest_window_change(self): """ See test_parseRequest_window_change for the payload format. """ self.assertEqual( session.packRequest_window_change((2, 1, 3, 4)), struct.pack(">4L", 1, 2, 3, 4), ) class SSHSessionProcessProtocolTests(TestCase): """ Tests for L{SSHSessionProcessProtocol}. """ if not cryptography: skip = "cannot run without cryptography" def setUp(self): self.transport = StubTransport() self.session = session.SSHSession( conn=StubConnection(self.transport), remoteWindow=500, remoteMaxPacket=100 ) self.pp = session.SSHSessionProcessProtocol(self.session) self.pp.makeConnection(self.transport) def assertSessionClosed(self): """ Assert that C{self.session} is closed. """ self.assertTrue(self.session.conn.closes[self.session]) def assertRequestsEqual(self, expectedRequests): """ Assert that C{self.session} has sent the C{expectedRequests}. """ self.assertEqual(self.session.conn.requests[self.session], expectedRequests) def test_init(self): """ SSHSessionProcessProtocol should set self.session to the session passed to the __init__ method. """ self.assertEqual(self.pp.session, self.session) def test_getHost(self): """ SSHSessionProcessProtocol.getHost() just delegates to its session.conn.transport.getHost(). """ self.assertEqual(self.session.conn.transport.getHost(), self.pp.getHost()) def test_getPeer(self): """ SSHSessionProcessProtocol.getPeer() just delegates to its session.conn.transport.getPeer(). """ self.assertEqual(self.session.conn.transport.getPeer(), self.pp.getPeer()) def test_connectionMade(self): """ SSHSessionProcessProtocol.connectionMade() should check if there's a 'buf' attribute on its session and write it to the transport if so. """ self.session.buf = b"buffer" self.pp.connectionMade() self.assertEqual(self.transport.buf, b"buffer") @skipIf(not hasattr(signal, "SIGALRM"), "Not all signals available") def test_getSignalName(self): """ _getSignalName should return the name of a signal when given the signal number. """ for signalName in session.SUPPORTED_SIGNALS: signalName = "SIG" + signalName signalValue = getattr(signal, signalName) sshName = self.pp._getSignalName(signalValue) self.assertEqual( sshName, signalName, "%i: %s != %s" % (signalValue, sshName, signalName) ) @skipIf(not hasattr(signal, "SIGALRM"), "Not all signals available") def test_getSignalNameWithLocalSignal(self): """ If there are signals in the signal module which aren't in the SSH RFC, we map their name to [signal name]@[platform]. """ signal.SIGTwistedTest = signal.NSIG + 1 # value can't exist normally # Force reinitialization of signals self.pp._signalValuesToNames = None self.assertEqual( self.pp._getSignalName(signal.SIGTwistedTest), "SIGTwistedTest@" + sys.platform, ) def test_outReceived(self): """ When data is passed to the outReceived method, it should be sent to the session's write method. """ self.pp.outReceived(b"test data") self.assertEqual(self.session.conn.data[self.session], [b"test data"]) def test_write(self): """ When data is passed to the write method, it should be sent to the session channel's write method. """ self.pp.write(b"test data") self.assertEqual(self.session.conn.data[self.session], [b"test data"]) def test_writeSequence(self): """ When a sequence is passed to the writeSequence method, it should be joined together and sent to the session channel's write method. """ self.pp.writeSequence([b"test ", b"data"]) self.assertEqual(self.session.conn.data[self.session], [b"test data"]) def test_errReceived(self): """ When data is passed to the errReceived method, it should be sent to the session's writeExtended method. """ self.pp.errReceived(b"test data") self.assertEqual(self.session.conn.extData[self.session], [(1, b"test data")]) def test_outConnectionLost(self): """ When outConnectionLost and errConnectionLost are both called, we should send an EOF message. """ self.pp.outConnectionLost() self.assertFalse(self.session in self.session.conn.eofs) self.pp.errConnectionLost() self.assertTrue(self.session.conn.eofs[self.session]) def test_errConnectionLost(self): """ Make sure reverse ordering of events in test_outConnectionLost also sends EOF. """ self.pp.errConnectionLost() self.assertFalse(self.session in self.session.conn.eofs) self.pp.outConnectionLost() self.assertTrue(self.session.conn.eofs[self.session]) def test_loseConnection(self): """ When loseConnection() is called, it should call loseConnection on the session channel. """ self.pp.loseConnection() self.assertTrue(self.session.conn.closes[self.session]) def test_connectionLost(self): """ When connectionLost() is called, it should call loseConnection() on the session channel. """ self.pp.connectionLost(failure.Failure(ProcessDone(0))) def test_processEndedWithExitCode(self): """ When processEnded is called, if there is an exit code in the reason it should be sent in an exit-status method. The connection should be closed. """ self.pp.processEnded(Failure(ProcessDone(None))) self.assertRequestsEqual([(b"exit-status", struct.pack(">I", 0), False)]) self.assertSessionClosed() @skipIf(not hasattr(os, "WCOREDUMP"), "can't run this w/o os.WCOREDUMP") def test_processEndedWithExitSignalCoreDump(self): """ When processEnded is called, if there is an exit signal in the reason it should be sent in an exit-signal message. The connection should be closed. """ self.pp.processEnded( Failure(ProcessTerminated(1, signal.SIGTERM, 1 << 7)) ) # 7th bit means core dumped self.assertRequestsEqual( [ ( b"exit-signal", common.NS(b"TERM") # signal name + b"\x01" # core dumped is true + common.NS(b"") # error message + common.NS(b""), # language tag False, ) ] ) self.assertSessionClosed() @skipIf(not hasattr(os, "WCOREDUMP"), "can't run this w/o os.WCOREDUMP") def test_processEndedWithExitSignalNoCoreDump(self): """ When processEnded is called, if there is an exit signal in the reason it should be sent in an exit-signal message. If no core was dumped, don't set the core-dump bit. """ self.pp.processEnded(Failure(ProcessTerminated(1, signal.SIGTERM, 0))) # see comments in test_processEndedWithExitSignalCoreDump for the # meaning of the parts in the request self.assertRequestsEqual( [ ( b"exit-signal", common.NS(b"TERM") + b"\x00" + common.NS(b"") + common.NS(b""), False, ) ] ) self.assertSessionClosed() class SSHSessionClientTests(TestCase): """ SSHSessionClient is an obsolete class used to connect standard IO to an SSHSession. """ if not cryptography: skip = "cannot run without cryptography" def test_dataReceived(self): """ When data is received, it should be sent to the transport. """ client = session.SSHSessionClient() client.transport = StubTransport() client.dataReceived(b"test data") self.assertEqual(client.transport.buf, b"test data") ��test/test_mixin.py��0000644��00000002036�15027667726�0010303 0��ustar�00��# -- twisted.conch.test.test_mixin -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. from twisted.conch import mixin from twisted.test.proto_helpers import StringTransport from twisted.trial import unittest class TestBufferingProto(mixin.BufferingMixin): scheduled = False rescheduled = 0 def schedule(self): self.scheduled = True return object() def reschedule(self, token): self.rescheduled += 1 class BufferingTests(unittest.TestCase): def testBuffering(self): p = TestBufferingProto() t = p.transport = StringTransport() self.assertFalse(p.scheduled) L = [b"foo", b"bar", b"baz", b"quux"] p.write(b"foo") self.assertTrue(p.scheduled) self.assertFalse(p.rescheduled) for s in L: n = p.rescheduled p.write(s) self.assertEqual(p.rescheduled, n + 1) self.assertEqual(t.value(), b"") p.flush() self.assertEqual(t.value(), b"foo" + b"".join(L)) ��test/test_manhole_tap.py��0000644��00000010377�15027667726�0011455 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for L{twisted.conch.manhole_tap}. """ from twisted.application.internet import StreamServerEndpointService from twisted.application.service import MultiService from twisted.conch import telnet from twisted.cred import error from twisted.cred.credentials import UsernamePassword from twisted.python import usage from twisted.python.reflect import requireModule from twisted.trial.unittest import TestCase cryptography = requireModule("cryptography") pyasn1 = requireModule("pyasn1") if cryptography and pyasn1: from twisted.conch import manhole_ssh, manhole_tap class MakeServiceTests(TestCase): """ Tests for L{manhole_tap.makeService}. """ if not cryptography: skip = "can't run without cryptography" if not pyasn1: skip = "Cannot run without PyASN1" usernamePassword = (b"iamuser", b"thisispassword") def setUp(self): """ Create a passwd-like file with a user. """ self.filename = self.mktemp() with open(self.filename, "wb") as f: f.write(b":".join(self.usernamePassword)) self.options = manhole_tap.Options() def test_requiresPort(self): """ L{manhole_tap.makeService} requires either 'telnetPort' or 'sshPort' to be given. """ with self.assertRaises(usage.UsageError) as e: manhole_tap.Options().parseOptions([]) self.assertEqual( e.exception.args[0], ("At least one of --telnetPort " "and --sshPort must be specified"), ) def test_telnetPort(self): """ L{manhole_tap.makeService} will make a telnet service on the port defined by C{--telnetPort}. It will not make a SSH service. """ self.options.parseOptions(["--telnetPort", "tcp:222"]) service = manhole_tap.makeService(self.options) self.assertIsInstance(service, MultiService) self.assertEqual(len(service.services), 1) self.assertIsInstance(service.services[0], StreamServerEndpointService) self.assertIsInstance( service.services[0].factory.protocol, manhole_tap.makeTelnetProtocol ) self.assertEqual(service.services[0].endpoint._port, 222) def test_sshPort(self): """ L{manhole_tap.makeService} will make a SSH service on the port defined by C{--sshPort}. It will not make a telnet service. """ # Why the sshKeyDir and sshKeySize params? To prevent it stomping over # (or using!) the user's private key, we just make a super small one # which will never be used in a temp directory. self.options.parseOptions( [ "--sshKeyDir", self.mktemp(), "--sshKeySize", "512", "--sshPort", "tcp:223", ] ) service = manhole_tap.makeService(self.options) self.assertIsInstance(service, MultiService) self.assertEqual(len(service.services), 1) self.assertIsInstance(service.services[0], StreamServerEndpointService) self.assertIsInstance(service.services[0].factory, manhole_ssh.ConchFactory) self.assertEqual(service.services[0].endpoint._port, 223) def test_passwd(self): """ The C{--passwd} command-line option will load a passwd-like file. """ self.options.parseOptions(["--telnetPort", "tcp:22", "--passwd", self.filename]) service = manhole_tap.makeService(self.options) portal = service.services[0].factory.protocol.portal self.assertEqual(len(portal.checkers.keys()), 2) # Ensure it's the passwd file we wanted by trying to authenticate self.assertTrue( self.successResultOf( portal.login( UsernamePassword(self.usernamePassword), None, telnet.ITelnetProtocol, ) ) ) self.assertIsInstance( self.failureResultOf( portal.login( UsernamePassword(b"wrong", b"user"), None, telnet.ITelnetProtocol ) ).value, error.UnauthorizedLogin, ) ��test/test_text.py��0000644��00000007665�15027667726�0010160 0��ustar�00��# -- test-case-name: twisted.conch.test.test_text -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. from twisted.conch.insults import text from twisted.conch.insults.text import attributes as A from twisted.trial import unittest class FormattedTextTests(unittest.TestCase): """ Tests for assembling formatted text. """ def test_trivial(self): """ Using no formatting attributes produces no VT102 control sequences in the flattened output. """ self.assertEqual( text.assembleFormattedText(A.normal["Hello, world."]), "Hello, world." ) def test_bold(self): """ The bold formatting attribute, L{A.bold}, emits the VT102 control sequence to enable bold when flattened. """ self.assertEqual( text.assembleFormattedText(A.bold["Hello, world."]), "\x1b[1mHello, world." ) def test_underline(self): """ The underline formatting attribute, L{A.underline}, emits the VT102 control sequence to enable underlining when flattened. """ self.assertEqual( text.assembleFormattedText(A.underline["Hello, world."]), "\x1b[4mHello, world.", ) def test_blink(self): """ The blink formatting attribute, L{A.blink}, emits the VT102 control sequence to enable blinking when flattened. """ self.assertEqual( text.assembleFormattedText(A.blink["Hello, world."]), "\x1b[5mHello, world." ) def test_reverseVideo(self): """ The reverse-video formatting attribute, L{A.reverseVideo}, emits the VT102 control sequence to enable reversed video when flattened. """ self.assertEqual( text.assembleFormattedText(A.reverseVideo["Hello, world."]), "\x1b[7mHello, world.", ) def test_minus(self): """ Formatting attributes prefixed with a minus (C{-}) temporarily disable the prefixed attribute, emitting no VT102 control sequence to enable it in the flattened output. """ self.assertEqual( text.assembleFormattedText( A.bold[A.blink["Hello", -A.bold[" world"], "."]] ), "\x1b[1;5mHello\x1b[0;5m world\x1b[1;5m.", ) def test_foreground(self): """ The foreground color formatting attribute, L{A.fg}, emits the VT102 control sequence to set the selected foreground color when flattened. """ self.assertEqual( text.assembleFormattedText( A.normal[A.fg.red["Hello, "], A.fg.green["world!"]] ), "\x1b[31mHello, \x1b[32mworld!", ) def test_background(self): """ The background color formatting attribute, L{A.bg}, emits the VT102 control sequence to set the selected background color when flattened. """ self.assertEqual( text.assembleFormattedText( A.normal[A.bg.red["Hello, "], A.bg.green["world!"]] ), "\x1b[41mHello, \x1b[42mworld!", ) def test_flattenDeprecated(self): """ L{twisted.conch.insults.text.flatten} emits a deprecation warning when imported or accessed. """ warningsShown = self.flushWarnings([self.test_flattenDeprecated]) self.assertEqual(len(warningsShown), 0) # Trigger the deprecation warning. text.flatten warningsShown = self.flushWarnings([self.test_flattenDeprecated]) self.assertEqual(len(warningsShown), 1) self.assertEqual(warningsShown[0]["category"], DeprecationWarning) self.assertEqual( warningsShown[0]["message"], "twisted.conch.insults.text.flatten was deprecated in Twisted " "13.1.0: Use twisted.conch.insults.text.assembleFormattedText " "instead.", ) ��test/__pycache__/test_openssh_compat.cpython-310.pyc��0000644��00000011047�15027667726�0016542 0��ustar�00��o ��b��@��s��d�Z�ddlZddlmZ�ddlmZ�ddlmZ�ddlm Z �ddl mZ�ddlm Z �dd lmZ�d ZdZed�rCed �rCddlmZ�ndZdZeed�sPdZdZeee�G�dd��de��ZdS�)z, Tests for L{twisted.conch.openssh_compat}. ��N)�skipIf)�getDHGeneratorAndPrime)�keydata)�FilePath)� requireModule)�MockOS)�TestCaseF��cryptography�pyasn1)�OpenSSHFactoryTz)Cannot run without cryptography or PyASN1�geteuidzgeteuid/seteuid not availablec��@��s8��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��ZdS�) �OpenSSHFactoryTestsz& Tests for L{OpenSSHFactory}. c��C��s��t��\|�_t\|��\|�_\|�j��\|�jj\|�j_t\|��\|�_\|�j��\|�jj\|�j_ \|�j� d��d��\|�j� d��d��\|�j� d��tj ��\|�j� d��tj��\|�j� d��d��\|�j� d��tj��\|�j� d ��d ��t��\|�_\|��td\|�jj��\|��td\|�jj��d�S�) N�ssh_host_foos��foo�bar_key�ssh_host_one_key�ssh_host_two_key�ssh_host_three_keys��not a key contentzssh_host_one_key.pub�modulis�� # $OpenBSD: moduli,v 1.xx 2016/07/26 12:34:56 jhacker Exp $i # Time Type Tests Tries Size Generator Modulus 20030501000000 2 6 100 2047 2 FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF �seteuid�setegid)r��factoryr��mktemp�keysDir�makedirs�path�dataRoot� moduliDir� moduliRoot�child� setContentr��privateRSA_openssh�privateDSA_openssh�publicRSA_opensshr��mockos�patch�osr��r��)�self��r(��H/usr/lib/python3/dist-packages/twisted/conch/test/test_openssh_compat.py�setUp%��s&�� zOpenSSHFactoryTests.setUpc��C��s8��\|�j��}\|��t\|�d��\|��}\|��t\|�dg��dS�)zw L{OpenSSHFactory.getPublicKeys} should return the available public keys in the data directory ��ssh-rsaN)r�� getPublicKeys�assertEqual�len�keys�list�r'��r0��keyTypesr(��r(��r)��test_getPublicKeysJ��s�� z&OpenSSHFactoryTests.test_getPublicKeysc��C��sZ��\|�j��}\|��t\|�d��\|��}\|��t\|�ddh��\|��\|�jjg��\|��\|�jjg��dS�)z� Will return the available private keys in the data directory, ignoring key files which failed to be loaded. ��r,��ssh-dssN) r��getPrivateKeysr.��r/��r0��setr$��seteuidCalls�setegidCallsr2��r(��r(��r)��test_getPrivateKeysT��s�� z'OpenSSHFactoryTests.test_getPrivateKeysc��s��\|�j��d��d��\|��jd��tj��fdd�}\|��td\|��\|�j��}\|�� t \|�d��\|��}\|�� t\|�dd h��\|�� \|�j jdt��g��\|�� \|�j jdt��g��d S�)z� L{OpenSSHFactory.getPrivateKeys} should switch to root if the keys aren't readable by the current user. r��r��c��s��d��\|��S�)Nr<��)�chmod)�euid��keyFile�savedSeteuidr(��r)��r��l��s�� z>OpenSSHFactoryTests.test_getPrivateKeysAsRoot.<locals>.seteuidr��r5��r,��r6��N)r��r��r=�� addCleanupr&��r��r%��r��r7��r.��r/��r0��r8��r$��r9��r ��r:��getegid)r'��r��r0��r3��r(��r?��r)��test_getPrivateKeysAsRoot`��s�� z-OpenSSHFactoryTests.test_getPrivateKeysAsRootc��C��s$��\|�j��}\|��\|dtd�gi��dS�)zq L{OpenSSHFactory.getPrimes} should return the available primes in the moduli directory. i��s��diffie-hellman-group14-sha1N)r�� getPrimesr.��r��)r'��primesr(��r(��r)��test_getPrimesx��s�� z"OpenSSHFactoryTests.test_getPrimesN) �__name__� __module__�__qualname__�__doc__r��r4��r;��rD��rG��r(��r(��r(��r)��r��s��% r��)rK��r&��unittestr��twisted.conch.ssh._kexr��twisted.conch.testr��twisted.python.filepathr��twisted.python.reflectr��twisted.test.test_processr��twisted.trial.unittestr��doSkip� skipReason�$twisted.conch.openssh_compat.factoryr��hasattrr��r(��r(��r(��r)��<module>��s(�� test/__pycache__/test_unix.cpython-310.pyc��0000644��00000006021�15027667726�0014477 0��ustar�00��o ��b( ��@��sz��d�dl�mZ�d�dlmZ�d�dlmZ�d�dlmZ�ed�Zed�Z ee�G�dd��d��Z G�d d ��d �ZG�dd��dej�Z d S�)��)�implementer)�IReactorProcess)� requireModule)�unittest�cryptographyztwisted.conch.unixc��@��s0��e�Zd�ZdZdd��Zdi�dddddfdd�ZdS�) �MockProcessSpawnerzC An L{IReactorProcess} that logs calls to C{spawnProcess}. c��C��s ��g�\|�_�d�S��N)�_spawnProcessCalls��self��r��>/usr/lib/python3/dist-packages/twisted/conch/test/test_unix.py�__init__��s�� zMockProcessSpawner.__init__r��Nr��c �� C��s$��\|�j��\|\|\|\|\|\|\|\|\| d� ��dS�)zQ Log a call to C{spawnProcess}. Do not actually spawn a process. ) �processProtocol� executable�args�env�path�uid�gid�usePTY�childFDsN)r ��append) r��r��r��r��r��r��r��r��r��r��r��r��r ��spawnProcess��s��zMockProcessSpawner.spawnProcess)�__name__� __module__�__qualname__�__doc__r��r��r��r��r��r ��r��s��r��c��@��s0��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd S�)�StubUnixConchUserz` Enough of UnixConchUser to exercise SSHSessionForUnixConchUser in the tests below. c��C��s(��ddl�m}m}�\|\|�_\|\|��d�\|�_d�S�)N��)� StubClient�StubConnection)� transport)�test_sessionr ��r!��_homeDirectory�conn)r�� homeDirectoryr ��r!��r��r��r ��r��=��s��zStubUnixConchUser.__init__c��C��s��dS�)N)NNr��r ��r��r��r ��getUserGroupIdC��z StubUnixConchUser.getUserGroupIdc��C��s��\|�j�S�r��)r$��r ��r��r��r �� getHomeDirF��s��zStubUnixConchUser.getHomeDirc��C��s��d�S�r��r��r ��r��r��r ��getShellI��r(��zStubUnixConchUser.getShellN)r��r��r��r��r��r'��r)��r��r��r��r��r ��r��7��s��r��c��@��s.��e�Zd�Zedu�rdZnedu�rdZdd��ZdS�)�TestSSHSessionForUnixConchUserNzCannot run without cryptographyzUnix system requiredc��C��sV��t��}d}t\|�}tj\|\|d�}d}dg}\|�\|\|��\|j\}\|��\|\|d�d��dS�)zn C{execCommand} sets the C{HOME} environment variable to the avatar's home directory. z/made/up/path/)�reactorNznot-actually-executedr��HOME)r��r��unix�SSHSessionForUnixConchUser�execCommandr ��assertEqual)r��mockReactorr&��avatar�session�protocol�command�callr��r��r ��testExecCommandEnvironmentT��s��z9TestSSHSessionForUnixConchUser.testExecCommandEnvironment)r��r��r��r��skipr.��r8��r��r��r��r ��r+��M��s��r+��N)�zope.interfacer��twisted.internet.interfacesr��twisted.python.reflectr�� twisted.trialr��r��r.��r��r��TestCaser+��r��r��r��r ��<module>��s��&��test/__pycache__/loopback.cpython-310.pyc��0000644��00000002101�15027667726�0014242 0��ustar�00��o ��b��@��s&��d�Z�ddlmZ�G�dd��dej�ZdS�)z4 Loopback helper used in test_ssh and test_recvline ��)�loopbackc��@��s(��e�Zd�ZdZdd��Zdd��Zdd��ZdS�)� LoopbackRelayNc��C��s��d\|�j�jj�d�S�)NzLoopbackRelay(�))�target� __class__�__name__��self��r ��=/usr/lib/python3/dist-packages/twisted/conch/test/loopback.py� logPrefix��s��zLoopbackRelay.logPrefixc��C��sB��t�j�\|�\|��\|�jd�ur\|�j��ddlm}�\|�d\|�j�\|�_d�S�)Nr��)�reactor) r��r��write� clearCall�cancel�twisted.internetr �� callLater�_clearBuffer)r ��datar ��r ��r ��r��r��s �� zLoopbackRelay.writec��C��s��d�\|�_�tj�\|��d�S�)N)r��r��r��clearBufferr��r ��r ��r��r��s��zLoopbackRelay._clearBuffer)r�� __module__�__qualname__r��r��r��r��r ��r ��r ��r��r��s �� r��N)�__doc__�twisted.protocolsr��r��r ��r ��r ��r��<module>��s��test/__pycache__/test_ssh.cpython-310.pyc��0000644��00000103105�15027667726�0014312 0��ustar�00��o ��b��@��s��d�Z�ddlZddlmZmZmZmZ�ddlmZ�ddl m Z �ddlmZ�ddl mZmZmZ�ddlmZ�dd lmZmZ�dd lmZ�ddlmZ�ed�Zed �ZergddlmZmZ�ddlm Z m!Z!m"Z"m#Z#�nG�dd��d�ZG�dd��d�Z$G�dd��dej%�Z&G�dd��d�Z'ddlm(Z(�er�e(�)e'e&e#j��G�dd��dej+�Z,G�dd��d�Z-G�dd��d�Z.G�dd ��d �Z/G�d!d"��d"�Z0edu�r-edu�r-dd#lm1Z1�dd$lm2Z2m3Z3m4Z4m5Z5m6Z6m7Z7�G�d%d&��d&�Z8G�d'd(��d(e1j9�Z:G�d)d��de4j;�Z<G�d+d,��d,�Z=G�d-d.��d.e=e6j>�Z?G�d/d0��d0e=e6j@�ZAG�d1d2��d2e7jB�ZCG�d3d4��d4e3jD�ZEG�d5d6��d6e2jF�ZGd7d8��ZHG�d9d:��d:ejI�ZJG�d;d<��d<ejI�ZKG�d=d>��d>ejI�ZLG�d?d@��d@ejI�ZMdS�)Az! Tests for L{twisted.conch.ssh}. ��N)�privateDSA_openssh�privateRSA_openssh�publicDSA_openssh�publicRSA_openssh)� LoopbackRelay)�portal)�UnauthorizedLogin)�defer�protocol�reactor)�ProcessTerminated)�failure�log)� requireModule)�unittest�cryptography�pyasn1)�avatar�error)�_kex�common� forwarding�sessionc��@��s��e�Zd�ZG�dd��d�ZdS�)r��c��@��s��e�Zd�ZdS�)zavatar.ConchUserN)�__name__� __module__�__qualname__��r��r��=/usr/lib/python3/dist-packages/twisted/conch/test/test_ssh.py� ConchUser#��s��r��N)r��r��r��r��r��r��r��r��r��"��s��r��c��@��s$��e�Zd�ZdZdZdd��Zdd��ZdS�)�ConchTestRealma"�� A realm which expects a particular avatarId to log in once and creates a L{ConchTestAvatar} for that request. @ivar expectedAvatarID: The only avatarID that this realm will produce an avatar for. @ivar avatar: A reference to the avatar after it is requested. Nc��C�� \|\|�_�d�S��N)�expectedAvatarID)�selfr"��r��r��r��__init__4�� zConchTestRealm.__init__c��G��sN��\|\|�j�kr\|�jdurtd��t��\|�_\|d�\|�j\|�jjfS�td\|�j��d\|��)z� Return a new L{ConchTestAvatar} if the avatarID matches the expected one and this is the first avatar request. NzOnly one login allowedr��zOnly z may log in, not )r"��r��r��ConchTestAvatar�logout)r#��avatarID�mind� interfacesr��r��r�� requestAvatar7��s�� zConchTestRealm.requestAvatar)r��r��r��__doc__r��r$��r+��r��r��r��r��r��'��s �� r��c��@��sL��e�Zd�ZdZes dZdZdd��Zdd��Zdd ��Z d d��Z dd ��Zdd��ZdS�)r&��z� An avatar against which various SSH features can be tested. @ivar loggedOut: A flag indicating whether the avatar logout method has been called. �cannot run without cryptographyFc��C��sB��t�j�\|��i�\|�_i�\|�_\|�j�tjt j d��\|�j�dti��d�S�)N)��sessions��direct-tcpip��crazy) r��r��r$�� listeners�globalRequests� channelLookup�updater�� SSHSessionr��openConnectForwardingClient�subsystemLookup�CrazySubsystem�r#��r��r��r��r$��S��s��zConchTestAvatar.__init__c��C��\|\|�j�d<�dS�)N�foo��r1��r#��datar��r��r�� global_foo_�� zConchTestAvatar.global_fooc��C��r9��)N�foo_2)r;��datar<��r=��r��r��r��global_foo_2c��r@��zConchTestAvatar.global_foo_2c��C��sh��t��\|�\}}ztj\|t��\|�j\|\|ft�j�\|d�}W�n�ty��t� d�d��Y�dS�w�\|\|�j \|\|f<�dS�)N)� interfacez2something went wrong with remote->local forwardingr��r;��)r��unpackGlobal_tcpip_forwardr�� listenTCP�SSHListenForwardingFactory�conn� SSHListenServerForwardingChannel� BaseExceptionr��errr0��r#��r>��host�port�listenerr��r��r��global_tcpip_forwardg��s�� z$ConchTestAvatar.global_tcpip_forwardc��C��s@��t��\|�\}}\|�j�\|\|fd��}\|sdS�\|�j\|\|f=�\|��dS�)Nr��r;��)r��rE��r0��get� stopListeningrL��r��r��r��global_cancel_tcpip_forwardx��s��z+ConchTestAvatar.global_cancel_tcpip_forwardc��C��s0��d\|�_�\|�j��D�] }t�d\|��\|��qd�S�)NTzstopListening %s)� loggedOutr0��valuesr��msgrR��)r#��rO��r��r��r��r'��s �� zConchTestAvatar.logoutN) r��r��r��r,��r��skiprT��r$��r?��rC��rP��rS��r'��r��r��r��r��r&��F��s�� r&��c��@��s@��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dS�)�ConchSessionForTestAvatarz2 An ISession adapter for ConchTestAvatar. c��C��s4��\|\|�_�\|�\|�j�_d\|�_d\|�_d\|�_d\|�_t��\|�_dS�)zq Initialize the session and create a reference to it on the avatar for later inspection. NFr��) r��_testSession�cmd�proto�ptyReq�eofr ��Deferred�onClose)r#��r��r��r��r��r$��s��z"ConchSessionForTestAvatar.__init__c��C��s ��t��d��\|\|�_\|\|�_d\|�_d�S�)Nzpty reqT)r��rV�� _terminalType�_windowSizer\��)r#��term� windowSize�attrsr��r��r��getPty��s�� z ConchSessionForTestAvatar.getPtyc��C��s"��t��d��\|\|�_t\|��d\|�_d�S�)Nz opening shell��shell)r��rV��r[�� EchoTransportrZ��)r#��r[��r��r��r�� openShell��s�� z#ConchSessionForTestAvatar.openShellc��C��s��\|\|�_�\|\|�_\|��d�}\|dkrt\|�}t�d\|j��nG\|dkr2t\|�}\|�\|dd��\|��n1\|dkrHt \|�}\|�\|dd��\|��n\|dkr^t \|�}\|�\|dd��\|��nt�d��d \|�j jj_d�S�) Nr��falses��echo��s��secho��s��eecho�bad execr;��)rZ��r[��split�FalseTransportr�� callLater�loseConnectionrg��write�SuperEchoTransport�ErrEchoTransportr�� ConchErrorr��rH�� transport�expectedLoseConnection)r#��r[��rZ��f�tr��r��r��execCommand��s(�� z%ConchSessionForTestAvatar.execCommandc��C�� d\|�_�d�S��Nr;��)r]��r8��r��r��r��eofReceived��r%��z%ConchSessionForTestAvatar.eofReceivedc��C��s,��t��d\|�j��\|�jjj\|�_\|�j�d��d�S�)Nzclosed cmd "%s") r��rV��rZ��r[��r��remoteWindowLeft�remoteWindowLeftAtCloser_��callbackr8��r��r��r��closed��s��z ConchSessionForTestAvatar.closedN) r��r��r��r,��r$��re��rh��ry��r\|��r��r��r��r��r��rX��s�� rX��)� componentsc��@��s��e�Zd�Zdd��Zdd��ZdS�)r7��c��O��s��d�S�r!��r��)r#��args�kwr��r��r��r$��s��zCrazySubsystem.__init__c��C��s��dS�)z good ... good Nr��r8��r��r��r��connectionMade��zCrazySubsystem.connectionMadeN)r��r��r��r$��r��r��r��r��r��r7��s��r7��c��@��s ��e�Zd�ZdZdd��Zdd��ZdS�)rn��a�� False transport should act like a /bin/false execution, i.e. just exit with nonzero status, writing nothing to the terminal. @ivar proto: The protocol associated with this transport. @ivar closed: A flag tracking whether C{loseConnection} has been called yet. c��C��s��\|\|�_�\|�\|��d\|�_dS�)zY @type p L{twisted.conch.ssh.session.SSHSessionProcessProtocol} instance r��N�r[��makeConnectionr��r#��pr��r��r��r$��s�� zFalseTransport.__init__c��C��sL��\|�j�rdS�d\|�_�\|�j��\|�j��\|�j��\|�j�t�tddd��dS�)zI Disconnect the protocol associated with this transport. Nr;�� r��r[��inConnectionLost�outConnectionLost�errConnectionLost�processEndedr ��Failurer��r8��r��r��r��rp��s�� zFalseTransport.loseConnectionN)r��r��r��r,��r$��rp��r��r��r��r��rn��s��rn��c��@��$��e�Zd�Zdd��Zdd��Zdd��ZdS�)rg��c��C��\|\|�_�\|�\|��d\|�_d�S��Nr��r��r��r��r��r��r$�� zEchoTransport.__init__c��C��s>��t��t\|��\|�j�\|��\|�j�d��d\|v�r\|��d�S�d�S�)N�� )r��rV��reprr[��outReceivedrp��r=��r��r��r��rq��s��zEchoTransport.writec��C��L��\|�j�rd�S�d\|�_�\|�j��\|�j��\|�j��\|�j�t�tdd�d��d�S��Nr;��r��r��r8��r��r��r��rp�� zEchoTransport.loseConnectionN�r��r��r��r$��rq��rp��r��r��r��r��rg��s��rg��c��@��r��)rs��c��C��r��r��r��r��r��r��r��r$��r��zErrEchoTransport.__init__c��C��s��\|�j��\|��\|�j��d��d�S��Nr��)r[��errReceivedr=��r��r��r��rq��s��zErrEchoTransport.writec��C��r��r��r��r8��r��r��r��rp��r��zErrEchoTransport.loseConnectionNr��r��r��r��r��rs��s��rs��c��@��r��)rr��c��C��r��r��r��r��r��r��r��r$��$��r��zSuperEchoTransport.__init__c��C��s4��\|�j��\|��\|�j��d��\|�j��\|��\|�j��d��d�S�r��)r[��r��r��r=��r��r��r��rq��)��s��zSuperEchoTransport.writec��C��r��r��r��r8��r��r��r��rp��/��r��z!SuperEchoTransport.loseConnectionNr��r��r��r��r��rr��#��s��rr��)�checkers)�channel� connection�factory�keysru��userauthc��@��s��e�Zd�ZejfZdd��ZdS�)�ConchTestPasswordCheckerc��C��s.��\|j�dkr\|jdkrt�\|j��S�t�td��S�)N��testuser��testpasszBad credentials)�username�passwordr ��succeed�fail� Exception)r#��credentialsr��r��r��requestAvatarIdG��s�� z(ConchTestPasswordChecker.requestAvatarIdN)r��r��r��r��IUsernamePassword�credentialInterfacesr��r��r��r��r��r��D��s��r��c��@��e�Zd�Zdd��ZdS�)�ConchTestSSHCheckerc��C��s"��\|dks t�\|�j\|��dk�rdS�dS�)Nr��FT)�len�successfulCredentials)r#��avatarIdr��r��r��areDoneP��s��zConchTestSSHChecker.areDoneN)r��r��r��r��r��r��r��r��r��O��r��c��@��sF��e�Zd�ZdZejejd�Zdd��Z dd��Z dd��Zd d ��Zdd��Z d S�)�ConchTestServerFactoryF)s��ssh-userauth��ssh-connectionc��C��s4��t��}\|�j��\|_\|�\|_t\|�d�r\|�j\|_\|\|�_\|S�)Nrv��)�ConchTestServer�privateKeysr��supportedPublicKeysr��hasattrrv��r[��)r#��addrr[��r��r��r�� buildProtocol]��s�� z$ConchTestServerFactory.buildProtocolc��C��t�j�t�t�j�t�d�S��N)s��ssh-rsas��ssh-dss)r��Key� fromStringr��r��r8��r��r��r�� getPublicKeysh�� z$ConchTestServerFactory.getPublicKeysc��C��r��r��)r��r��r��r��r��r8��r��r��r��getPrivateKeysn��r��z%ConchTestServerFactory.getPrivateKeysc��C��s��dt��d�giS�)a%�� Diffie-Hellman primes that can be used for the diffie-hellman-group-exchange-sha1 key exchange. @return: The primes and generators. @rtype: L{dict} mapping the key size to a C{list} of C{(generator, prime)} tupple. i��s��diffie-hellman-group14-sha1)r��getDHGeneratorAndPrimer8��r��r��r�� getPrimest��s�� z ConchTestServerFactory.getPrimesc��C��s��t�j�\|�\|\|�S�r!��)r�� SSHFactory� getService)r#��trans�namer��r��r��r��z!ConchTestServerFactory.getServiceN)r��r��r��noisyr��SSHUserAuthServerr�� SSHConnection�servicesr��r��r��r��r��r��r��r��r��r��U��s��r��c��@��s(��e�Zd�ZdZdd��Zdd��Zdd��ZdS�) � ConchTestBaser��c��C��s4��\|�j�rd�S�t\|�d�st�d\|��d\|��d\|�_�d�S�)Nrv��zunexpectedly lost connection � r;��)�doner��r��FailTest�r#��reasonr��r��r��connectionLost��s�� zConchTestBase.connectionLostc��C��s4��d\|�_�\|tjkrt�td\|�\|\|f��\|��d�S�)Nr;��zgot disconnect for %s: reason %s, desc: %s)rv��ru��DISCONNECT_BY_APPLICATIONr��rK��r��rp��)r#�� reasonCode�descr��r��r��receiveError��s�� zConchTestBase.receiveErrorc��C��s��t��d\|��)Nzgot unimplemented: seqid )r��r��)r#��seqIDr��r��r��receiveUnimplemented��r��z"ConchTestBase.receiveUnimplementedN)r��r��r��r��r��r��r��r��r��r��r��r��s �� r��c��@��r��)r��c��C��t��\|�\|��tj�\|�\|��d�S�r!��)r��r��ru��SSHServerTransportr��r��r��r��r��zConchTestServer.connectionLostN)r��r��r��r��r��r��r��r��r��r��r��c��@��s0��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd S�)�ConchTestClientz� @ivar _channelFactory: A callable which accepts an SSH connection and returns a channel which will be attached to a new channel on that connection. c��C��r ��r!��)�_channelFactory�r#��channelFactoryr��r��r��r$��r%��zConchTestClient.__init__c��C��r��r!��)r��r��ru��SSHClientTransportr��r��r��r��r��r��zConchTestClient.connectionLostc��C��s<��\|t�j�t��k}\|dk}\|r\|rt�d�S�t�td��S�)Ns/��85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:dar;��zKey or fingerprint mismatch) r��r��r��r��blobr ��r��r��r��)r#��key�fp�keyMatch�fingerprintMatchr��r��r�� verifyHostKey��s �� zConchTestClient.verifyHostKeyc��C��s��\|��tdt\|�j��d�S�)Nr��)�requestService�ConchTestClientAuth�ConchTestClientConnectionr��r8��r��r��r��connectionSecure��s �� z ConchTestClient.connectionSecureN)r��r��r��r,��r$��r��r��r��r��r��r��r��r��s��r��c��@��s8��e�Zd�ZdZdZdZdd��Zdd��Zdd��Zdd ��Z d S�)r��r��c��C��s(��\|�j�s\|�jrt�d��tj�\|�\|��d�S�)Nz2got USERAUTH_SUCCESS before password and publickey)�canSucceedPassword�canSucceedPublicKeyr��r��r��SSHUserAuthClient�ssh_USERAUTH_SUCCESS)r#��packetr��r��r��r��s ��z(ConchTestClientAuth.ssh_USERAUTH_SUCCESSc��C��s��d\|�_�t�d�S�)Nr;��r��)r��r ��r��r8��r��r��r��getPassword��s�� zConchTestClientAuth.getPasswordc��C��s��d\|�_�t�tj�t��S�r{��)r��r ��r��r��r��r��r��r8��r��r��r�� getPrivateKey��z!ConchTestClientAuth.getPrivateKeyc��C��s��t�j�t�S�r!��)r��r��r��r��r8��r��r��r��getPublicKey��s��z ConchTestClientAuth.getPublicKeyN) r��r��r��hasTriedNoner��r��r��r��r��r��r��r��r��r��r��s��r��c��@��s,��e�Zd�ZdZdZdZdZdd��Zdd��Zd S�) r��z� @ivar _completed: A L{Deferred} which will be fired when the number of results collected reaches C{totalResults}. r��r��c��C��s��t�j�\|��\|\|�_d�S�r!��)r��r��r$��r��r��r��r��r��r$��s�� z"ConchTestClientConnection.__init__c��C��s��\|��\|�j\|�d��d�S�)N�rH��)�openChannelr��r8��r��r��r��serviceStarted��s��z(ConchTestClientConnection.serviceStartedN) r��r��r��r,��r��results�totalResultsr$��r��r��r��r��r��r��s��r��c��@��sL��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dd��Z dS�)�SSHTestChannelc��O��s@��\|\|�_�\|\|�_g�\|�_g�\|�_t��\|�_tjj \|�g\|�R�i�\|��d�S�r!��) r��_opened�received�receivedExtr ��r^��r_��r�� SSHChannelr$��)r#��r��openedr��kwargsr��r��r��r$��s�� zSSHTestChannel.__init__c��C��\|�j��\|��d�S�r!��)r��errbackr��r��r��r�� openFailed��r��zSSHTestChannel.openFailedc��C��s��\|�j��\|��d�S�r!��)r��r��)r#��ignorer��r��r��channelOpen��r��zSSHTestChannel.channelOpenc��C��r ��r!��)r��appendr=��r��r��r��dataReceived��r��zSSHTestChannel.dataReceivedc��C��s.��\|t�jkr \|�j�\|��d�S�t�d\|��d�S�)NzUnrecognized extended data: )r��EXTENDED_DATA_STDERRr��r��r��rV��)r#��dataTyper>��r��r��r��extReceived��s�� zSSHTestChannel.extReceivedc��C��s��t��d\|�\\|�_d�S�)Nz>L)�struct�unpack�status)r#��r��r��r��r��request_exit_status��s��z"SSHTestChannel.request_exit_statusc��C��rz��)NT)� eofCalledr8��r��r��r��r\|��r%��zSSHTestChannel.eofReceivedc��C��s��\|�j��d��d�S�r!��)r_��r��r8��r��r��r��r��r��zSSHTestChannel.closedN)r��r��r��r$��r��r ��r��r��r��r\|��r��r��r��r��r��r��s��r��c��C��s"��t��dtj�t�gi�}�t��\|��S�)z� Produces a SSHPublicKeyChecker with an in-memory key mapping with a single use: 'testuser' @return: L{twisted.conch.checkers.SSHPublicKeyChecker} r��)r��InMemorySSHKeyDBr��r��r��r��SSHPublicKeyChecker)�conchTestPublicKeyDBr��r��r��conchTestPublicKeyChecker��s�� r��c��@��sj��e�Zd�ZdZes dZesdZddd�Zdd��Zd d ��Z dd��Z d d��Zdd��Zdd��Z dd��Zdd��ZdS�)�SSHProtocolTestsz^ Tests for communication between L{SSHServerTransport} and L{SSHClientTransport}. �can't run without cryptography�Cannot run without PyASN1r.��c��s��t��td�\|�_t�\|�j�}t��}\|�t��\|�t ��\|�\|��t ��}\|\|_\|��\|�d�\|�_ t\|�j �\|�_t��fdd��\|�_t\|�j�\|�_\|�j �\|�j��\|�j�\|�j��S�)z� Create a connected SSH client and server protocol pair and return a L{Deferred} which fires with an L{SSHTestChannel} instance connected to a channel on that SSH connection. r��Nc��s��t��fd\|�i��S�)NrH��)r��r��r��r��resultr��r��<lambda>=��s��z:SSHProtocolTests._ourServerOurClientTest.<locals>.<lambda>)r ��r^��r��realmr��Portalr��registerCheckerr��r��r��startFactoryr��serverr��clientTransportr��client�serverTransportr��)r#��r��r��r��sshpc�facr��r��r��_ourServerOurClientTest��s&�� z(SSHProtocolTests._ourServerOurClientTestc��sd��}��fdd�}\|�\|��fdd�}\|�\|��fdd�}\|�\|��fdd�}\|�\|��\|S�) z� Run the Conch server against the Conch client. Set up several different channels which exercise different behaviors and wait for them to complete. Verify that the channels with errors log them. c�� &��\|��_��\|�j�\|�dt�d�d�t�S�)N� ��subsystems ��not-crazyr;��r�� assertFailurerH��sendRequestr��NSr��r��r8��r��r��cbSubsystemN��s��zFSSHProtocolTests.test_subsystemsAndGlobalRequests.<locals>.cbSubsystemc��s��j�}\|j�\|dt�d�d�S�)Nr.��r/��r;��r��rH��r1��r��r2��ignoredr��r8��r��r��cbNotCrazyFailedY��zKSSHProtocolTests.test_subsystemsAndGlobalRequests.<locals>.cbNotCrazyFailedc��s\��j�}\|j�ddd�}\|j�ddd�}\|��jd��\|j�ddd�t�}t�\|\|\|g�S�)N��foo��barr;��s��foo-2��bar2rB��) r��rH��sendGlobalRequest�addCallback�assertEqualr0��r��r �� gatherResults)r7��r��d1�d2�d3r8��r��r��cbGlobalRequestsa��s��zKSSHProtocolTests.test_subsystemsAndGlobalRequests.<locals>.cbGlobalRequestsc��s>��jjjddd��j}d\|jj_\|j��\|� ��d�S�)Nr;��r<��)r:��rA��T) r?��r"��r��r1��r��rH��ru��rv��serviceStoppedrp��r6��r8��r��r�� disconnectp��s�� zESSHProtocolTests.test_subsystemsAndGlobalRequests.<locals>.disconnect�r,��r>��)r#��r��r4��r8��rD��rF��r��r8��r�� test_subsystemsAndGlobalRequestsF��s�� z1SSHProtocolTests.test_subsystemsAndGlobalRequestsc��st��}t�ddd��fdd�}\|�\|��fdd�}\|�\|��fdd �}\|�\|��fd d�}\|�\|��\|S�)z� L{SSHChannel.sendRequest} can open a shell with a I{pty-req} request, specifying a terminal type and window size. ��conch-test-term��P��r��r��c��s��\|��_�\|�j�\|�d��d�S�)Ns��pty-reqr;��)r��rH��r1��r3��r>��r#��r��r�� cbChannel��r��z.SSHProtocolTests.test_shell.<locals>.cbChannelc��sd��j�jjjd�j}��\|j��j�j��\|jd��\|jd�� \|j ��j}\|j�\|ddd�S�)Nr��rI��rJ��rf��rM��r;��) r"��r��rH��channelsr��assertIsr?��r`��ra�� assertTruer\��r��r1��)r7��r��r��r8��r��r��cbPty��s��zSSHProtocolTests.test_shell.<locals>.cbPtyc��s6��j��d��j�j��j��t��j�j��jjj jg�S�)Ns��testing the shell!�) r��rq��rH��sendEOFr ��r@��r_��r"��r��rY��r7��r8��r��r��cbShell��s ��z,SSHProtocolTests.test_shell.<locals>.cbShellc��sZ��j�jdkrt�d��j�jf��d��j�j�d��j�j��j j jj��d�S�)Nr��zshell exit status was not 0: %irM��s��testing the shell!� ) r��r��r��rV��r?��joinr��rR��r��r"��r��rY��r]��rU��r8��r��r��cbExited��s��z-SSHProtocolTests.test_shell.<locals>.cbExited)r,��r��packRequest_pty_reqr>��)r#��r��rO��rS��rV��rX��r��rN��r�� test_shell}��s�� zSSHProtocolTests.test_shellc��s8��}��fdd�}\|�\|��fdd�}\|�\|��\|S�)z� If L{SSHChannel.sendRequest} issues an exec which the server responds to with an error, the L{Deferred} it returns fires its errback. c�� r-��)N��execs ��jumboliahr;��r/��r3��r8��r��r��rO��s ��z3SSHProtocolTests.test_failedExec.<locals>.cbChannelc��s$��tj�}��\|d�jjd��d�S�)Nr��)rl��N)�flushLoggedErrorsr��rt��r?��valuer��r7��errorsr8��r��r��cbFailed��s��z2SSHProtocolTests.test_failedExec.<locals>.cbFailedrG��)r#��r��rO��r`��r��r8��r��test_failedExec��s�� z SSHProtocolTests.test_failedExecc��sN��}��fdd�}\|�\|��fdd�}\|�\|��fdd�}\|�\|��\|S�)z� When the process started by a L{SSHChannel.sendRequest} exec request exits, the exit status is reported to the channel. c��\|��_�\|�j�\|�dt�d�d�S�)Nr[��ri��r;��r5��r3��r8��r��r��rO��s��z5SSHProtocolTests.test_falseChannel.<locals>.cbChannelc��j�jS�r!��r��r_��rU��r8��r��r��cbExec��z2SSHProtocolTests.test_falseChannel.<locals>.cbExecc��s$��jjg��jjd��d�S�r��)r?��r��r��assertNotEqualr��rU��r8��r��r��cbClosed��s��z4SSHProtocolTests.test_falseChannel.<locals>.cbClosedrG��r#��r��rO��re��rh��r��r8��r��test_falseChannel��s�� z"SSHProtocolTests.test_falseChannelc��T��j�ddd�}��fdd�}\|�\|��fdd�}\|�\|��fdd �}\|�\|��\|S�) z� Bytes sent over the extended channel for stderr data are delivered to the channel's C{extReceived} method. ��rj��localWindow�localMaxPacketc��rb��)Nr[��s��eecho hellor;��r5��r3��r8��r��r��rO��r9��z5SSHProtocolTests.test_errorChannel.<locals>.cbChannelc��t��jj��jjjjg�S�r!��r ��r@��r��r_��r"��r��rY��rU��r8��r��r��re��z2SSHProtocolTests.test_errorChannel.<locals>.cbExecc��sp��jjg��d��jj�d��jjd��jj��jjd��jj��j j jj��d�S�)NrM��hello r��rl��) r?��r��r��rW��r��r��rR��r��localWindowLeftr"��r��rY��r~��rU��r8��r��r��rh��s�� z4SSHProtocolTests.test_errorChannel.<locals>.cbClosedrG��ri��r��r8��r��test_errorChannel��s�� z"SSHProtocolTests.test_errorChannelc��s,��d�t�}��fdd�}\|�\|��\|S�)z� When an attempt is made to open an unknown channel type, the L{Deferred} returned by L{SSHChannel.sendRequest} fires its errback. s��crazy-unknown-channelc��s4��tj�}��\|d�jjd��t\|�d��d�S�)Nr��)��zunknown channelr;��)r\��r��rt��r?��r]��r��r��r^��r8��r��r��r`�� s��z6SSHProtocolTests.test_unknownChannel.<locals>.cbFailed)r0��r,��r��r>��)r#��dr`��r��r8��r��test_unknownChannel��s�� z$SSHProtocolTests.test_unknownChannelc��rk��) zc An L{SSHChannel} can be configured with a maximum packet size to receive. ��r;��rm��c��rb��)Nr[��s��secho hellor;��r5��r3��r8��r��r��rO��r9��z2SSHProtocolTests.test_maxPacket.<locals>.cbChannelc��rc��r!��rd��rU��r8��r��r��re��&��rf��z/SSHProtocolTests.test_maxPacket.<locals>.cbExecc��s^��jjd��d��jj�d��d��jj�d��jjd��jj��d�S�)Nr��rM��rs��ry��) r?��r��r��rW��r��r��rt��rR��r��rU��r8��r��r��rh��+��s ��z1SSHProtocolTests.test_maxPacket.<locals>.cbClosedrG��ri��r��r8��r��test_maxPacket��s�� zSSHProtocolTests.test_maxPacketc��rk��) ze Normal standard out bytes are sent to the channel's C{dataReceived} method. rl��rj��rm��c��rb��)Nr[��s ��echo hellor;��r5��r3��r8��r��r��rO��<��r9��z-SSHProtocolTests.test_echo.<locals>.cbChannelc��rp��r!��rq��rU��r8��r��r��cbEchoD��rr��zSSHProtocolTests.test_echo.<locals>.cbEchoc��s`��jjd��d��jj�d��jjd��jj��jj��jj j j��d�S�)Nr��rM��rs��rl��)r?��r��r��rW��r��rt��rR��r��r"��r��rY��r~��rU��r8��r��r��rh��K��s�� z,SSHProtocolTests.test_echo.<locals>.cbClosedrG��)r#��r��rO��r{��rh��r��r8��r�� test_echo5��s�� zSSHProtocolTests.test_echoN)r.��)r��r��r��r,��r��rW��r��r,��rH��rZ��ra��rj��ru��rx��rz��r\|��r��r��r��r��r��s�� 70$ r��c��@��sN��e�Zd�ZesdZesdZddd�Zdd��Zdd ��Zd d��Z dd ��Z dd��ZdS�)�SSHFactoryTestsr��r��Nc��s6��t��}dd��}��fdd�\|_\|�\|_\|_\|��\|S�)Nc��S��s��dt��d��iS�)Nzssh-rsa)r��r��r��r��r��r��r!��c��s��z0SSHFactoryTests.makeSSHFactory.<locals>.<lambda>c��s��S�r!��r��r��primesr��r��r!��d��r��)r��r��r��r��r��r%��)r#��r�� sshFactory�gpkr��r~��r��makeSSHFactorya��s��zSSHFactoryTests.makeSSHFactoryc��C��s$��\|��}\|�d�}\|��\|tj��dS�)zc By default, buildProtocol() constructs an instance of SSHServerTransport. N)r��r��assertIsInstanceru��r��)r#��r��r ��r��r��r��test_buildProtocoli��s�� z"SSHFactoryTests.test_buildProtocolc��s:��g��fdd�}\|��}\|\|_\|�d��\|��dg��dS�)zc buildProtocol() calls 'self.protocol()' to construct a protocol instance. c��s��\|��t��S�r!��)r��ru��r��)r��callsr��r��makeProtocoly��s�� zHSSHFactoryTests.test_buildProtocolRespectsProtocol.<locals>.makeProtocolNr��)r��r ��r��r?��)r#��r��r��r��r��r��"test_buildProtocolRespectsProtocolr��s�� z2SSHFactoryTests.test_buildProtocolRespectsProtocolc��C��s6��\|�j�dd�}\|�d�}\|��d\|j��\|��d\|j��dS�)zg Group key exchanges are not supported when we don't have the primes database. Nr~��"��diffie-hellman-group-exchange-sha1�$��diffie-hellman-group-exchange-sha256)r��r��assertNotIn�supportedKeyExchanges)r#��f1�p1r��r��r��test_buildProtocolNoPrimes��s�� zSSHFactoryTests.test_buildProtocolNoPrimesc��C��s:��\|�j�ddid�}\|�d�}\|��d\|j��\|��d\|j��dS�)zU Group key exchanges are supported when we have the primes database. r;��)r��rv��r~��Nr��r��)r��r��assertInr��r#��f2�p2r��r��r��test_buildProtocolWithPrimes��s�� z,SSHFactoryTests.test_buildProtocolWithPrimesc��C��s��\|��}\|�d�}\|��dd�\|j��dS�)z_ ECDSA key exchanges are listed with 256 having a higher priority among ECDSA. Ns8��ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521��,)r��r��r��rW��r��r��r��r��r��test_buildProtocolKexECDSA��s�� zSSHFactoryTests.test_buildProtocolKexECDSAr!��)r��r��r��r��rW��r��r��r��r��r��r��r��r��r��r��r��r}��Y��s�� r}��c��@��sV��e�Zd�ZdZes dZesdZereej �Z dd��Z dd��Zdd ��Zd d��Z dd ��ZdS�)�MPTestszs Tests for L{common.getMP}. @cvar getMP: a method providing a MP parser. @type getMP: C{callable} r��r��c��C��\|��\|��d�d��dS�)z� L{common.getMP} should parse the a multiple precision integer from a string: a 4-byte length followed by length bytes of the integer. s��)r;��rM��N�r?��getMPr8��r��r��r�� test_getMP��zMPTests.test_getMPc��C��r��)zv L{common.getMP} should be able to parse a big enough integer (that doesn't fit on one byte). s��)irM��Nr��r8��r��r��r��test_getMPBigInteger�� zMPTests.test_getMPBigIntegerc��C��s��\|��\|��dd�d��dS�)zg L{common.getMP} has the ability to parse multiple integer in the same string. s��r��)r;��r��rM��Nr��r8��r��r��r��test_multipleGetMP��s��zMPTests.test_multipleGetMPc��C��r��)zu When more data than needed is sent to L{common.getMP}, it should return the remaining data. s��foo)r;��r:��Nr��r8��r��r��r��test_getMPRemainingData��r��zMPTests.test_getMPRemainingDatac��C��s��\|��tj\|�jd��dS�)z� When the string passed to L{common.getMP} doesn't even make 5 bytes, it should raise a L{struct.error}. s��N)�assertRaisesr��r��r��r8��r��r��r��test_notEnoughData��r��zMPTests.test_notEnoughDataN)r��r��r��r,��r��rW��r��staticmethodr��r��r��r��r��r��r��r��r��r��r��r��s�� r��c��@��s ��e�Zd�ZdZes dZdd��ZdS�)�GMPYInstallDeprecationTestszI Tests for the deprecation of former GMPY accidental public API. r-��c��C��s>��t��\|��\|�jg�}\|��t\|�d��\|��\|d�d�d��dS�)zD L{twisted.conch.ssh.common.install} is deprecated. r;��r��messagezAtwisted.conch.ssh.common.install was deprecated in Twisted 16.5.0N)r��install� flushWarnings�test_deprecatedr?��r��)r#��warningsr��r��r��r��s�� z+GMPYInstallDeprecationTests.test_deprecatedN)r��r��r��r,��r��rW��r��r��r��r��r��r��s ��r��)Nr,��r��twisted.conch.test.keydatar��r��r��r��twisted.conch.test.loopbackr��twisted.credr��twisted.cred.errorr��twisted.internetr ��r ��r��twisted.internet.errorr��twisted.pythonr ��r��twisted.python.reflectr�� twisted.trialr��r��r�� twisted.conchr��r��twisted.conch.sshr��r��r��r��r��r��r&��rX��r��registerAdapter�ISession�Protocolr7��rn��rg��rs��rr��r��r��r��r��r��ru��r��r��SSHProtocolCheckerr��r��r��r��r��r��r��r��r��r��r��r��r��r��r��TestCaser��r}��r��r��r��r��r��r��<module>��sb��B@� 1 ! ��=T?��test/__pycache__/test_conch.cpython-310.pyc��0000644��00000064666�15027667726�0014631 0��ustar�00��o ��b�d�� @��s��d�dl�Z�d�dlZd�dlZd�dlZd�dlmZ�d�dlmZ�d�dlm Z �d�dl mZ�d�dlm Z mZmZmZ�d�dlmZ�d�dlmZ�d�d lmZmZmZ�d�d lmZ�d�dlmZ�d�dlmZ�d�d lm Z m!Z!m"Z"�d�dl#m$Z$�d�dl%m&Z&�d�dl'm(Z(�d�dl)mZm+Z+�z d�dlm,Z,m-Z-�W�n �e.y��Y�nw�e(d�Z/e(d�Z0e0r�d�dl1m2Z2�d�dl3m4Z4m5Z5m6Z6�n d�dl7m4Z4�G�dd��d�Z2zd�dl8m5Z9�W�n�e.y��Z:�z dZ;e<e:�Z=[:W�Y�dZ:[:ndZ:[:ww�e9Z;dd��Z>e>��Z?G�dd��d�Z@G�dd ��d e+�ZAG�d!d"��d"ejB�ZCG�d#d$��d$ejD�ZEG�d%d&��d&ejF�ZGG�d'd(��d(ejF�ZHG�d)d��dejB�ZIdBd,d-�ZJG�d.d/��d/�ZKG�d0d1��d1eK�ZLe e4�G�d2d3��d3e2��ZMG�d4d5��d5�ZNG�d6d7��d7eK�ZOG�d8d9��d9�ZPG�d:d;��d;eKePe+�ZQG�d<d=��d=eLePe+�ZRG�d>d?��d?eOePe+�ZSG�d@dA��dAeLe+�ZTdS�)C��N)�count)�skipIf)�implementer)� ConchError)�privateDSA_openssh�privateRSA_openssh�publicDSA_openssh�publicRSA_openssh��ConchTestRealm)�portal)�defer�protocol�reactor)�ProcessExitedAlready)�LoopingCall)�getProcessValue)�filepath�log�runtime)�FilePath)�which)� requireModule)�SkipTest�TestCase)�ConchTestServerFactory�conchTestPublicKeyChecker�pyasn1�cryptography)� ConchUser)�ISession� SSHSession�wrapProtocol)r ��c��@��s��e�Zd�ZdS�)r��N)�__name__� __module__�__qualname__��r&��r&��?/usr/lib/python3/dist-packages/twisted/conch/test/test_conch.pyr��2��s��r��)r!��c��C��sJ��d}�d}zt��t�j�}�\|��d��d}W�n �ty��Y�nw�\|�r#\|��\|S�)z4Returns True if the system can bind an IPv6 address.NF)�::1r��T)�socket�AF_INET6�bind�OSError�close)�sock�has_ipv6r&��r&��r'�� _has_ipv6@��s�� r0��c��@��s��e�Zd�ZdZdZdd��ZdS�)� FakeStdioz� A fake for testing L{twisted.conch.scripts.conch.SSHSession.eofReceived} and L{twisted.conch.scripts.cftp.SSHSession.eofReceived}. @ivar writeConnLost: A flag which records whether L{loserWriteConnection} has been called. Fc��C��s ��d\|�_�dS�)z9 Record the call to loseWriteConnection. TN)� writeConnLost��selfr&��r&��r'��loseWriteConnection_��s�� zFakeStdio.loseWriteConnectionN)r#��r$��r%��__doc__r2��r5��r&��r&��r&��r'��r1��T��s��r1��c��@��s$��e�Zd�ZdZedu�reZdd��ZdS�)�StdioInteractingSessionTestsz> Tests for L{twisted.conch.scripts.conch.SSHSession}. Nc��C��s��t��}t��}\|\|_\|��\|��\|j��dS�)z} L{twisted.conch.scripts.conch.SSHSession.eofReceived} loses the write half of its stdio connection. N)r1��StdioInteractingSession�stdio�eofReceived� assertTruer2��)r4��r9��channelr&��r&��r'��test_eofReceivedn��s ��z-StdioInteractingSessionTests.test_eofReceived)r#��r$��r%��r6��r8��_reason�skipr=��r&��r&��r&��r'��r7��f��s ��r7��c��@��s$��e�Zd�Zdd��Zdd��Zdd��ZdS�)�Echoc��C��t��d��d�S�)NzECHO CONNECTION MADE�r��msgr3��r&��r&��r'��connectionMade{��zEcho.connectionMadec��C��rA��)NzECHO CONNECTION DONErB��r4��reasonr&��r&��r'��connectionLost~��rE��zEcho.connectionLostc��C��s&��\|�j��\|��d\|v�r\|�j��d�S�d�S�)N�� )� transport�write�loseConnection�r4��datar&��r&��r'��dataReceived��s��zEcho.dataReceivedN)r#��r$��r%��rD��rH��rO��r&��r&��r&��r'��r@��z��s��r@��c��@��s��e�Zd�ZeZdS�)�EchoFactoryN)r#��r$��r%��r@��r��r&��r&��r&��r'��rP��rP��c��@��s<��e�Zd�ZdZdZdZdZdd��Zdd��Zdd ��Z d d��Z dS�)�ConchTestOpenSSHProcessa�� Test protocol for launching an OpenSSH client process. @ivar deferred: Set by whatever uses this object. Accessed using L{_getDeferred}, which destroys the value so the Deferred is not fired twice. Fires when the process is terminated. N��c��C��\|�j�d�}\|�_�\|S��N��deferred�r4��dr&��r&��r'��_getDeferred��z$ConchTestOpenSSHProcess._getDeferredc��C��\|��j�\|7��_�d�S�rU��)�bufrM��r&��r&��r'��outReceived��z#ConchTestOpenSSHProcess.outReceivedc��C��r\��rU��)�problemsrM��r&��r&��r'��errReceived��r_��z#ConchTestOpenSSHProcess.errReceivedc�� C��sV��\|j�jdkr\|��td�\|j�j\|�j�d��dS�\|�j� dd�}\|�� \|��dS�)z~ Called when the process has ended. @param reason: a Failure giving the reason for the process' end. r��zexit code was not 0: {} ({})�charmaps�� rI��N)�value�exitCoderZ��errbackr��formatr`��decoder]��replace�callback)r4��rG��r]��r&��r&��r'��processEnded��s�� z$ConchTestOpenSSHProcess.processEnded)r#��r$��r%��r6��rW��r]��r`��rZ��r^��ra��rj��r&��r&��r&��r'��rR��s��rR��c��@��sT��e�Zd�ZdZdZdd��Zdd��Zdd��Zd d ��Zdd��Z d d��Z dd��Zdd��ZdS�)�ConchTestForwardingProcessa�� Manages a third-party process which launches a server. Uses L{ConchTestForwardingPort} to connect to the third-party server. Once L{ConchTestForwardingPort} has disconnected, kill the process and fire a Deferred with the data received by the L{ConchTestForwardingPort}. @ivar deferred: Set by whatever uses this object. Accessed using L{_getDeferred}, which destroys the value so the Deferred is not fired twice. Fires when the process is terminated. Nc��C��s��\|\|�_�d\|�_\|\|�_dS�)aF�� @type port: L{int} @param port: The port on which the third-party server is listening. (it is assumed that the server is running on localhost). @type data: L{str} @param data: This is sent to the third-party server. Must end with ' ' in order to trigger a disconnect. N)�port�bufferrN��)r4��rl��rN��r&��r&��r'��__init__��s�� z#ConchTestForwardingProcess.__init__c��C��rT��rU��rV��rX��r&��r&��r'��rZ��r[��z'ConchTestForwardingProcess._getDeferredc��C��s��\|��d�S�rU��)�_connectr3��r&��r&��r'��rD��s��z)ConchTestForwardingProcess.connectionMadec��C��s0��t��tt\|�\|�j�}\|�d\|�j�}\|�\|�j��\|S�)a�� Connect to the server, which is often a third-party process. Tries to reconnect if it fails because we have no way of determining exactly when the port becomes available for listening -- we can only know when the process starts. � 127.0.0.1) r�� ClientCreatorr��ConchTestForwardingPortrN�� connectTCPrl�� addErrback� _ebConnect)r4��ccrY��r&��r&��r'��ro��s��z#ConchTestForwardingProcess._connectc��C��s��t��d\|�j��d�S�)Ng��?)r�� callLaterro��)r4��fr&��r&��r'��ru��r_��z%ConchTestForwardingProcess._ebConnectc��C��s.��\|\|�_�\|�j�d��\|�j��t�d\|�j��dS�)z� The network connection has died; save the buffer of output from the network and attempt to quit the process gracefully, and then (after the reactor has spun) send it a KILL signal. ��r��N)rm��rJ��rK��rL��r��rw�� _reallyDie)r4��rm��r&��r&��r'��forwardingPortDisconnected��s�� z5ConchTestForwardingProcess.forwardingPortDisconnectedc��C��s(��z \|�j��d��W�d�S��ty��Y�d�S�w�)N�KILL)rJ�� signalProcessr��r3��r&��r&��r'��rz��s ��z%ConchTestForwardingProcess._reallyDiec��C��s��\|��\|�j��dS�)z� Fire the Deferred at self.deferred with the data collected from the L{ConchTestForwardingPort} connection, if any. N)rZ��ri��rm��rF��r&��r&��r'��rj��s��z'ConchTestForwardingProcess.processEnded) r#��r$��r%��r6��rW��rn��rZ��rD��ro��ru��r{��rz��rj��r&��r&��r&��r'��rk��s��rk��c��@��s0��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd S�)rr��z� Connects to server launched by a third-party process (managed by L{ConchTestForwardingProcess}) sends data, then reports whatever it received back to the L{ConchTestForwardingProcess} once the connection is ended. c��C��s��\|\|�_�\|\|�_dS�)z� @type protocol: L{ConchTestForwardingProcess} @param protocol: The L{ProcessProtocol} which made this connection. @type data: str @param data: The data to be sent to the third-party server. N)r��rN��)r4��r��rN��r&��r&��r'��rn�� s�� z ConchTestForwardingPort.__init__c��C��s��d\|�_�\|�j�\|�j��d�S�)NrS��)rm��rJ��rK��rN��r3��r&��r&��r'��rD��s��z&ConchTestForwardingPort.connectionMadec��C��r\��rU��)rm��rM��r&��r&��r'��rO��r_��z$ConchTestForwardingPort.dataReceivedc��C��s��\|�j��\|�j��d�S�rU��)r��r{��rm��rF��r&��r&��r'��rH��r_��z&ConchTestForwardingPort.connectionLostN)r#��r$��r%��r6��rn��rD��rO��rH��r&��r&��r&��r'��rr��s��rr��conchc��C��sF��t�jd\|�g}g�}\|t\|��D�]}t\|t�r\|�d�}\|�\|��q\|S�)Na$��-c ### Twisted Preamble import sys, os path = os.path.abspath(sys.argv[0]) while os.path.dirname(path) != path: if os.path.basename(path).startswith('Twisted'): sys.path.insert(0, path) break path = os.path.dirname(path) from twisted.conch.scripts.%s import run run()�utf-8)�sys� executable�list� isinstance�str�encode�append)�args�mod�start�madeArgs�argr&��r&��r'�� _makeArgs ��s�� r��c��@��sP��e�Zd�ZesdZesdZedd��Zdd��Zdd��Z d d ��Z dd��Zd d��ZdS�)�ConchServerSetupMixinzcan't run without cryptographyzCannot run without PyASN1c��C��s��t�d�S�)Ns��testuserr ��r&��r&��r&��r'��realmFactoryA��s��z"ConchServerSetupMixin.realmFactoryc��C��sj��dD�] }t�j�\|�rt��\|��qtdd�� }\|�t��W�d��n1�s%w��Y��tdd�� }\|�t��W�d��n1�s?w��Y��tdd�� }\|�t��W�d��n1�sYw��Y��tdd�� }\|�t ��W�d��n1�ssw��Y��t�� dd��t�� dd��td��}\|j js�\|jjr�td��td d��}\|�d t��W�d��d�S�1�s�w��Y��d�S�)N)�rsa_test�rsa_test.pub�dsa_test�dsa_test.pub�kh_testr��wbr��r��r��i��zgprivate key readable by others despite chmod; possible windows permission issue? see https://tm.tl/9767r��s ��127.0.0.1 )�os�path�exists�remove�openrK��r��r ��r��r��chmodr��getPermissions�group�read�otherr��)r4��rx��permissionsr&��r&��r'��_createFilesE��s4�� "�z"ConchServerSetupMixin._createFilesc��C��s��t��}\|�d��\|��d�}\|��\|S�)N)��r��)r)��r+��getsocknamer-��)r4��srl��r&��r&��r'��_getFreePort]��s �� z"ConchServerSetupMixin._getFreePortc��C��s.��\|��}t�\|�}\|�t��t��}\|\|_\|S�)z� Make a L{ConchTestServerFactory}, which allows us to start a L{ConchTestServer} -- i.e. an actually listening conch. )r��r��Portal�registerCheckerr��r��)r4��realm�p�factoryr&��r&��r'��_makeConchFactoryd��s�� z'ConchServerSetupMixin._makeConchFactoryc��C��sz��\|��\|��\|�_d\|�j_tjd\|�jdd�\|�_t�dt��\|�_\|�j� ��j \|�_tr;tjdt��dd�\|�_ \|�j � ��j \|�_d�S�d�S�)Nr��r��rp��)� interfacer(��)r��r��conchFactory�expectedLoseConnectionr�� listenTCP�conchServerrP�� echoServer�getHostrl��echoPort�HAS_IPV6�echoServerV6� echoPortV6r3��r&��r&��r'��setUpp��s�� zConchServerSetupMixin.setUpc��C��sn��zd\|�j�j_W�n �ty��Y�nw�\|�j�jj��t�\|�jj �t�\|�j j �g}tr2\|�t�\|�j j ��t�\|�S�)Nr��)r��proto�done�AttributeErrorrJ��rL��r �� maybeDeferredr�� stopListeningr��r��r��r�� gatherResults)r4�� deferredsr&��r&��r'��tearDown}��s�� zConchServerSetupMixin.tearDownN) r#��r$��r%��r��r?��r��staticmethodr��r��r��r��r��r��r&��r&��r&��r'��r��:��s�� r��c��@��s(��e�Zd�ZdZdd��Zdd��Zdd��ZdS�) �ForwardingMixina�� Template class for tests of the Conch server's ability to forward arbitrary protocols over SSH. These tests are integration tests, not unit tests. They launch a Conch server, a custom TCP server (just an L{EchoProtocol}) and then call L{execute}. L{execute} is implemented by subclasses of L{ForwardingMixin}. It should cause an SSH client to connect to the Conch server, asking it to forward data to the custom TCP server. c��C��s��\|��dt��}\|�\|�jd�S�)z� Test that we can use whatever client to send the command "echo goodbye" to the Conch server. Make sure we receive "goodbye" back from the server. �echo goodbye��goodbye ��executerR��addCallback�assertEqualrX��r&��r&��r'�� test_exec��s��zForwardingMixin.test_execc��C��>��\|��}t\|d�}\|�jd\|d\|\|�jf�d�}\|�\|�jd��\|S�)zy Test that we can use whatever client to forward a local port to a specified port on the server. ��test r��z-N -L%i:127.0.0.1:%i��sshArgs�r��rk��r��r��r��r��r4�� localPort�processrY��r&��r&��r'��test_localToRemoteForwarding�� z,ForwardingMixin.test_localToRemoteForwardingc��C��r��)zs Test that we can use whatever client to forward a port from the server to a port locally. r��r��z-N -R %i:127.0.0.1:%ir��r��r��r&��r&��r'��test_remoteToLocalForwarding��r��z,ForwardingMixin.test_remoteToLocalForwardingN)r#��r$��r%��r6��r��r��r��r&��r&��r&��r'��r��s �� r��c��@��sH��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dS�)�RekeyAvatara#�� This avatar implements a shell which sends 60 numbered lines to whatever connects to it, then closes the session with a 0 exit status. 60 lines is selected as being enough to send more than 2kB of traffic, the amount the client is configured to initiate a rekey after. c��C��s��t��\|��t\|�jd<�d�S�)Ns��session)r��rn��r!�� channelLookupr3��r&��r&��r'��rn��s�� zRekeyAvatar.__init__c��sH��t��}\|��t\|��fdd�}t\|t��d��dS�)zE Write 60 lines of data to the transport, then exit. c��sZ��t�\|��}\|dkr��jj��jdd��d�S�d\|f�}\|�d�}��\|��d�S�)N�<��s��exit-statuss��zline #%02d r��)�next�stop�session�conn�sendRequestrL��r��rK��)�counter�i�line��callrJ��r&��r'��rK��s�� z$RekeyAvatar.openShell.<locals>.writeg{�G�z�?N)r��Protocol�makeConnectionr"��r��r��r��)r4��rJ��r��rK��r&��r��r'�� openShell��s�� zRekeyAvatar.openShellc��C��s��dS�)z2 Ignore the close of the session. Nr&��r3��r&��r&��r'��closed��zRekeyAvatar.closedc��C��d�S�rU��r&��r3��r&��r&��r'��r:��zRekeyAvatar.eofReceivedc��C��r��rU��r&��)r4��r��commandr&��r&��r'��execCommand��r��zRekeyAvatar.execCommandc��C��r��rU��r&��)r4��term� windowSize�modesr&��r&��r'��getPty��r��zRekeyAvatar.getPtyc��C��r��rU��r&��)r4�� newWindowSizer&��r&��r'�� windowChanged��r��zRekeyAvatar.windowChangedN)r#��r$��r%��r6��rn��r��r��r:��r��r��r��r&��r&��r&��r'��r��s��!r��c��@��s��e�Zd�ZdZdd��ZdS�)� RekeyRealmzS This realm gives out new L{RekeyAvatar} instances for any avatar request. c��G��s��\|d�t��dd��fS�)Nr��c��S��r��rU��r&��r&��r&��r&��r'��<lambda>��r��zRekeyRealm.requestAvatar.<locals>.<lambda>)r��)r4��avatarID�mind� interfacesr&��r&��r'�� requestAvatar ��s��zRekeyRealm.requestAvatarN)r#��r$��r%��r6��r��r&��r&��r&��r'��r��s��r��c��@��s��e�Zd�ZdZeZdd��ZdS�)�RekeyTestsMixinzp TestCase mixin which defines tests exercising L{SSHTransportBase}'s handling of rekeying messages. c��s.��t��}��d\|d�}��fdd�}\|�\|��\|S�)z� After a client-initiated rekey is completed, application data continues to be passed over the SSH connection. r��z-o RekeyLimit=2Kc��s6��d��dd��td�D��d�}\|�d�}��\|�\|��d�S�)N� c��S��s��g�\|�]}d�\|f��qS�)z line #%02dr&��)�.0r��r&��r&��r'�� <listcomp>"��s��zFRekeyTestsMixin.test_clientRekey.<locals>.finished.<locals>.<listcomp>r��r��)�join�ranger��r��)�result�expectedResultr3��r&��r'��finished!��s�� z2RekeyTestsMixin.test_clientRekey.<locals>.finished)rR��r��r��)r4��r��rY��r��r&��r3��r'��test_clientRekey��s �� z RekeyTestsMixin.test_clientRekeyN)r#��r$��r%��r6��r��r��r��r&��r&��r&��r'��r��s��r��c��@��s"��e�Zd�Zed�s dZddd�ZdS�)�OpenSSHClientMixin�sshz$no ssh command-line client availabler��c��s.��t�td�d�d�}��fdd�}\|�\|�S�)a�� Connects to the SSH server started in L{ConchServerSetupMixin.setUp} by running the 'ssh' command line tool. @type remoteCommand: str @param remoteCommand: The command (with arguments) to run on the remote end. @type process: L{ConchTestOpenSSHProcess} @type sshArgs: str @param sshArgs: Arguments to pass to the 'ssh' process. @return: L{defer.Deferred} r��r��)z-ozPubkeyAcceptedKeyTypes=ssh-dssz-Vc��s��\|�dkrd}nd}t��_d\|��d��}�j��j}\|\|��}g�}\|D�]}t\|t�r4\|� d�}\|� \|��q(t��t d�d�\|��jS�)Nr��z!-oPubkeyAcceptedKeyTypes=ssh-dss r��z�ssh -2 -l testuser -p %i -F /dev/null -oUserKnownHostsFile=kh_test -oPasswordAuthentication=no -oHostKeyAlgorithms=ssh-rsa -a -i dsa_test � 127.0.0.1 r��r��)r ��DeferredrW��r��r��rl��splitr��r��r��r��r��spawnProcessr��)�status�opts�cmdlinerl��cmds�encodedCmds�cmd�r�� remoteCommandr4��r��r&��r'��hasPAKTF��s.�� z+OpenSSHClientMixin.execute.<locals>.hasPAKT)r��r��r��)r4��r ��r��r��rY��r��r&��r��r'��r��.��s �� $zOpenSSHClientMixin.executeN)r��)r#��r$��r%��r��r?��r��r&��r&��r&��r'��r����s��r��c��@��sP��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��ZdS�)�OpenSSHKeyExchangeTestsz\ Tests L{SSHTransportBase}'s key exchange algorithm compatibility with OpenSSH. c��C��s��g�}zt�jtd�d�ddgt�jd�}t\|t�s\|�d�}\|��}W�n �ty��Y�nw�\|\|vr6t \|��d��\|�� dt��d \|��}\|�\|�j d �S�)aI�� Call execute() method of L{OpenSSHClientMixin} with an ssh option that forces the exclusive use of the key exchange algorithm specified by keyExchangeAlgo @type keyExchangeAlgo: L{str} @param keyExchangeAlgo: The key exchange algorithm to use @return: L{defer.Deferred} r��r��z-Q�kex)�stderrr��z not supported by ssh clientz echo helloz-oKexAlgorithms=s��hello )� subprocess�check_outputr��STDOUTr��r��rg��r�� BaseExceptionr��r��rR��r��r��)r4��keyExchangeAlgo� kexAlgorithms�outputrY��r&��r&��r'��assertExecuteWithKexAlgorithms��s&�� z5OpenSSHKeyExchangeTests.assertExecuteWithKexAlgorithmc��C�� \|��d�S�)zb The ecdh-sha2-nistp256 key exchange algorithm is compatible with OpenSSH zecdh-sha2-nistp256�r��r3��r&��r&��r'��test_ECDHSHA256�� z'OpenSSHKeyExchangeTests.test_ECDHSHA256c��C��r��)zb The ecdh-sha2-nistp384 key exchange algorithm is compatible with OpenSSH zecdh-sha2-nistp384r��r3��r&��r&��r'��test_ECDHSHA384��r��z'OpenSSHKeyExchangeTests.test_ECDHSHA384c��C��r��)zb The ecdh-sha2-nistp521 key exchange algorithm is compatible with OpenSSH zecdh-sha2-nistp521r��r3��r&��r&��r'��test_ECDHSHA521��r��z'OpenSSHKeyExchangeTests.test_ECDHSHA521c��C��r��)zl The diffie-hellman-group14-sha1 key exchange algorithm is compatible with OpenSSH. zdiffie-hellman-group14-sha1r��r3��r&��r&��r'��test_DH_GROUP14��r��z'OpenSSHKeyExchangeTests.test_DH_GROUP14c��C��r��)zs The diffie-hellman-group-exchange-sha1 key exchange algorithm is compatible with OpenSSH. z"diffie-hellman-group-exchange-sha1r��r3��r&��r&��r'��test_DH_GROUP_EXCHANGE_SHA1��r��z3OpenSSHKeyExchangeTests.test_DH_GROUP_EXCHANGE_SHA1c��C��r��)zu The diffie-hellman-group-exchange-sha256 key exchange algorithm is compatible with OpenSSH. z$diffie-hellman-group-exchange-sha256r��r3��r&��r&��r'��test_DH_GROUP_EXCHANGE_SHA256��s��z5OpenSSHKeyExchangeTests.test_DH_GROUP_EXCHANGE_SHA256c��C��s��\|��t\|�jd��dS�)zy The list of key exchange algorithms supported by OpenSSH client is obtained with C{ssh -Q kex}. zunsupported-algorithmN)�assertRaisesr��r��r3��r&��r&��r'��test_unsupported_algorithm��s��z2OpenSSHKeyExchangeTests.test_unsupported_algorithmN)r#��r$��r%��r6��r��r��r��r��r ��r!��r"��r$��r&��r&��r&��r'��r��m��s�� r��c��@��s$��e�Zd�ZdZee�d�dd��ZdS�)�OpenSSHClientForwardingTestszR Connection forwarding tests run against the OpenSSL command line client. zRequires IPv6 supportc��C��r��)zG Forwarding of arbitrary IPv6 TCP connections via SSH. r��r��z-N -L%i:[::1]:%ir��)r��rk��r��r��r��r��r��r&��r&��r'��test_localToRemoteForwardingV6��r��z;OpenSSHClientForwardingTests.test_localToRemoteForwardingV6N)r#��r$��r%��r6��r��r��r&��r&��r&��r&��r'��r%��s�� r%��c��@��s��e�Zd�ZdZdS�)�OpenSSHClientRekeyTestszE Rekeying tests run against the OpenSSL command line client. N)r#��r$��r%��r6��r&��r&��r&��r'��r'��rQ��r'��c��@��s8��e�Zd�ZdZejdkr dZddd�Zdd ��Zd d��Z dS�) �CmdLineClientTestszP Connection forwarding tests run against the Conch command line client. �win32z!can't run cmdline client on win32r��Nc�� C��s��\|du�rg�}t��\|_\|�j��j}d�\|�\|�d�\|�}t\|\|��}t j ��}t j� tj�\|d<�g�} i�} \|D�]}t\|t�rD\|�d�}\| �\|��q8\|D�]}\|\|�}t\|t�r\\|�d�}t\|t�rf\|�d�}\|\| \|<�qLtj\|tj\| \| d��\|jS�)z{ As for L{OpenSSHClientTestCase.execute}, except it runs the 'conch' command line tool, not 'ssh'. Nz[-p {} -l testuser --known-hosts kh_test --user-authentications publickey -a -i dsa_test -v r�� PYTHONPATHr��)�env)r ��r��rW��r��r��rl��rf��r��r��r��environ�copy�pathsepr��r��r��r��r��r��r��r��r��r��) r4��r ��r��r�� conchArgsrl��r��r ��r+��r �� encodedEnv�var�valr&��r&��r'��r��s<�� zCmdLineClientTests.executec��sV��fdd�}t��jdt��dd��jddgd�}\|��jd ��\|�\|��\|S�) z4 It can store logs to a local file. c��s��}��d\|��d�S�)Ns��Log opened.)� getContent�assertIn)r�� logContent��logPathr4��r&��r'��cb_check_log��s��z<CmdLineClientTests.test_runWithLogFile.<locals>.cb_check_logr��z--logz --logfilez--host-key-algorithmszssh-rsa)r ��r��r/��r��)r��r��mktempr��rR��r��r��r��)r4��r8��rY��r&��r6��r'��test_runWithLogFile��s�� z&CmdLineClientTests.test_runWithLogFilec��C��s"��\|�j�dt��d�}\|�\|�jd��\|S�)zH Do not use --host-key-algorithms flag on command line. r��)r ��r��r��r��rX��r&��r&��r'��%test_runWithNoHostAlgorithmsSpecified��s ��z8CmdLineClientTests.test_runWithNoHostAlgorithmsSpecified)r��N) r#��r$��r%��r6��r��platformTyper?��r��r:��r;��r&��r&��r&��r'��r(��s�� %r(��)r~��)Ur��r)��r��r�� itertoolsr��unittestr��zope.interfacer��twisted.conch.errorr��twisted.conch.test.keydatar��r��r��r ��twisted.conch.test.test_sshr��twisted.credr��twisted.internetr ��r��r��twisted.internet.errorr��twisted.internet.taskr��twisted.internet.utilsr��twisted.pythonr��r��r��twisted.python.filepathr��twisted.python.procutilsr��twisted.python.reflectr��twisted.trial.unittestr��r��r��r��ImportErrorr��r��twisted.conch.avatarr��twisted.conch.ssh.sessionr ��r!��r"��twisted.conch.interfaces�twisted.conch.scripts.conch�_StdioInteractingSession�er8��r��r>��r0��r��r1��r7��r��r@��FactoryrP��ProcessProtocolrR��rk��rr��r��r��r��r��r��r��r��r��r%��r'��r(��r&��r&��r&��r'��<module>��s\|�� +L S6D C\��test/__pycache__/test_ckeygen.cpython-310.pyc��0000644��00000046547�15027667726�0015162 0��ustar�00��o ��5�@g_��@��s��d�Z�ddlZddlZddlZddlZddlmZ�ddlmZm Z m Z mZmZ�ddl mZ�ddlmZ�ddlmZ�ed�r[ed �r[dd lmZmZmZmZmZ�ddlmZmZmZmZ�ndZd d��ZG�dd��de�Z dS�)z- Tests for L{twisted.conch.scripts.ckeygen}. ��N)�StringIO)�privateECDSA_openssh�privateEd25519_openssh_new�privateRSA_openssh�privateRSA_openssh_encrypted�publicRSA_openssh)�FilePath)� requireModule)�TestCase�cryptography�pyasn1)�_saveKey�changePassPhrase�displayPublicKey�enumrepresentation�printFingerprint)�BadFingerPrintFormat�BadKeyError�FingerprintFormats�KeyzBcryptography and pyasn1 required for twisted.conch.scripts.ckeygenc��s��t��fdd�}\|S�)a@�� Return a callable to patch C{getpass.getpass}. Yields a passphrase each time called. Use case is to provide an old, then new passphrase(s) as if requested interactively. @param passphrases: The list of passphrases returned, one per each call. @return: A callable to patch C{getpass.getpass}. c��s��t��S��N)�next��_��passphrases��A/usr/lib/python3/dist-packages/twisted/conch/test/test_ckeygen.py�fakeGetpass7��z makeGetpass.<locals>.fakeGetpass)�iter)r��r��r��r��r��makeGetpass+��s�� r!��c��@��s"��e�Zd�ZdZdd��ZdGdd�Zdd��Zd d ��Zdd��Zd d��Z dd��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd ��Zd!d"��Zd#d$��Zd%d&��Zd'd(��Zd)d��Zd+d,��Zd-d.��Zd/d0��Zd1d2��Zd3d4��Zd5d6��Zd7d8��Zd9d:��Zd;d<��Z d=d>��Z!d?d@��Z"dAdB��Z#dCdD��Z$dEdF��Z%dS�)H�KeyGenTestszN Tests for various functions used to implement the I{ckeygen} script. c��C��s��t��\|�_\|��td\|�j��dS�)zX Patch C{sys.stdout} so tests can make assertions about what's printed. �stdoutN)r��r#��patch�sys��selfr��r��r��setUpB��s��zKeyGenTests.setUpNc��C��s��\|��}dd\|d\|dg}\|d�ur\|�d\|g��\|d�ur"\|�d\|g��zt�\|��W�n�ty;��d\|d<�t�\|��Y�nw�t�\|�}t�\|d ��}\|d krU\|��\|��d��n\|dkrb\|��\|��d ��n \|��\|��\|� ��\|�� \|��d�S�)N�ckeygen�-t�-fz--no-passphrasez-bz--private-key-subtype�ckeygen3r��z.pub�ecdsa�EC�ed25519�Ed25519)�mktemp�extend� subprocess�call�FileNotFoundErrorr��fromFile�assertEqual�type�upper� assertTrue�isPublic)r'��keyType�keySize�privateKeySubtype�filename�args�privKey�pubKeyr��r��r��_testrunI��s(�� zKeyGenTests._testrunc��C��s��\|��dd��\|�j�dddd��\|��d��\|�j�ddd��\|��d��\|��dd��\|�j�dddd��\|��d��\|�j�ddd��\|��dd��\|�j�dddd��\|��d��\|�j�ddd��d�S�) Nr-��384�v1)r>��r/��dsa�2048�rsa)rC��r&��r��r��r��test_keygeneration_��s�� zKeyGenTests.test_keygenerationc��C��s��\|��}\|��tj��K�ttjd��,}ztjdddd\|g\|d��W�n�ty5��tjdddd\|g\|d��Y�nw�W�d��n1�s@w��Y��W�d��d�S�W�d��d�S�1�sXw��Y��d�S�)N�rbr)��r��foor+��)�stderrr,��) r1��assertRaisesr3��CalledProcessError�open�os�devnull� check_callr5��)r'��r?��rQ��r��r��r��test_runBadKeytypen��s&�� "�zKeyGenTests.test_runBadKeytypec��C��"��t�ddi�}\|��\|d�tj��dS�)z� L{enumrepresentation} takes a dictionary as input and returns a dictionary with its attributes changed to enum representation. �format�md5-hexN)r��assertIsr��MD5_HEX�r'��optionsr��r��r��test_enumrepresentation{��s��z#KeyGenTests.test_enumrepresentationc��C��rT��)zF Test for format L{FingerprintFormats.SHA256-BASE64}. rU�� sha256-base64N)r��rW��r�� SHA256_BASE64rY��r��r��r��test_enumrepresentationsha256��s��z)KeyGenTests.test_enumrepresentationsha256c��C��sN��\|��t��}tddi��W�d��n1�sw��Y��\|��d\|jjd��dS�)z9 Test for unsupported fingerprint format rU�� sha-base64N�Unsupported fingerprint format: sha-base64r��)rM��r��r��r7�� exceptionr@��)r'��emr��r��r�� test_enumrepresentationBadFormat��s��z,KeyGenTests.test_enumrepresentationBadFormatc��C��:��\|��}t\|��t��t\|dd��\|��\|�j��d��dS�)z� L{printFingerprint} writes a line to standard out giving the number of bits of the key, its fingerprint, and the basename of the file from it was read. rV��r?��rU��z:2048 85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:da temp N�r1��r�� setContentr��r��r7��r#��getvalue�r'��r?��r��r��r��test_printFingerprint��s��z!KeyGenTests.test_printFingerprintc��C��rd��)z� L{printFigerprint} will print key fingerprint in L{FingerprintFormats.SHA256-BASE64} format if explicitly specified. r\��re��z72048 FBTCOoknq0mHy+kpfnY9tDdcAJuWtCpuQMaV3EsvbUI= temp Nrf��ri��r��r��r��test_printFingerprintsha256��s��z'KeyGenTests.test_printFingerprintsha256c��C��sf��\|��}t\|��t��\|��t��}t\|dd��W�d��n1�s"w��Y��\|��d\|jj d��dS�)zx L{printFigerprint} raises C{keys.BadFingerprintFormat} when unsupported formats are requested. r_��re��Nr`��r��) r1��r��rg��r��rM��r��r��r7��ra��r@��)r'��r?��rb��r��r��r��)test_printFingerprintBadFingerPrintFormat��s��z5KeyGenTests.test_printFingerprintBadFingerPrintFormatc��C��t�\|��}\|��\|�d�j}t�t�}t\|\|ddd��\|�� \|�j ��d\|\|f��\|�� \|�\|�d��dd�\|��\|�� t�\|�d��\|� ��dS�)z� L{_saveKey} writes the private and public parts of a key to two different files and writes a report of this to standard out. �id_rsa� passphraserV��r?��passrU��Your identification has been saved in %s Your public key has been saved in %s.pub The key fingerprint in <FingerprintFormats=MD5_HEX> is: 85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:da N� id_rsa.pub�r��r1��makedirs�child�pathr�� fromStringr��r ��r7��r#��rh�� getContent�public�r'��baser?��keyr��r��r��test_saveKey��s"�� zKeyGenTests.test_saveKeyc��C��rm��)z� L{_saveKey} writes the private and public parts of a key to two different files and writes a report of this to standard out. Test with ECDSA key. �id_ecdsaro��rV��rp��z�Your identification has been saved in %s Your public key has been saved in %s.pub The key fingerprint in <FingerprintFormats=MD5_HEX> is: 1e:ab:83:a6:f2:04:22:99:7c:64:14:d2:ab:fa:f5:16 Nzid_ecdsa.pub)r��r1��ru��rv��rw��r��rx��r��r ��r7��r#��rh��ry��rz��r{��r��r��r��test_saveKeyECDSA��s"�� zKeyGenTests.test_saveKeyECDSAc��C��rm��)z� L{_saveKey} writes the private and public parts of a key to two different files and writes a report of this to standard out. Test with Ed25519 key. � id_ed25519ro��rV��rp��z�Your identification has been saved in %s Your public key has been saved in %s.pub The key fingerprint in <FingerprintFormats=MD5_HEX> is: ab:ee:c8:ed:e5:01:1b:45:b7:8d:b2:f0:8f:61:1c:14 Nzid_ed25519.pub)r��r1��ru��rv��rw��r��rx��r��r ��r7��r#��rh��ry��rz��r{��r��r��r��test_saveKeyEd25519��s$�� zKeyGenTests.test_saveKeyEd25519c��C��rm��)z� L{_saveKey} will generate key fingerprint in L{FingerprintFormats.SHA256-BASE64} format if explicitly specified. rn��ro��r\��rp��z�Your identification has been saved in %s Your public key has been saved in %s.pub The key fingerprint in <FingerprintFormats=SHA256_BASE64> is: FBTCOoknq0mHy+kpfnY9tDdcAJuWtCpuQMaV3EsvbUI= Nrs��rt��r{��r��r��r��test_saveKeysha256��s&�� zKeyGenTests.test_saveKeysha256c��C��s~��t�\|��}\|��\|�d�j}t�t�}\|��t ��}t \|\|ddd��W�d��n1�s.w��Y��\|��d\|jj d��dS�)zq L{_saveKey} raises C{keys.BadFingerprintFormat} when unsupported formats are requested. rn��ro��r_��rp��Nr`��r��)r��r1��ru��rv��rw��r��rx��r��rM��r��r ��r7��ra��r@��)r'��r\|��r?��r}��rb��r��r��r�� test_saveKeyBadFingerPrintformat!��s�� z,KeyGenTests.test_saveKeyBadFingerPrintformatc��C��s`��t�\|��}\|��\|�d�j}t�t�}t\|\|ddd��\|�� \|�\|�d�� dd�\|��dS�)�q L{_saveKey} will choose an empty string for the passphrase if no-passphrase is C{True}. rn��TrV��r?��z no-passphraserU��N��)r��r1��ru��rv��rw��r��rx��r��r ��r7��ry��r{��r��r��r��test_saveKeyEmptyPassphrase3��s�� z'KeyGenTests.test_saveKeyEmptyPassphrasec��C��^��t�\|��}\|��\|�d�j}t�t�}t\|\|ddd��\|�� \|�\|�d�� d�\|��dS�)r��r��TrV��r��N)r��r1��ru��rv��rw��r��rx��r��r ��r7��ry��r{��r��r��r�� test_saveKeyECDSAEmptyPassphraseC��s�� "z,KeyGenTests.test_saveKeyECDSAEmptyPassphrasec��C��r��)r��r��TrV��r��N)r��r1��ru��rv��rw��r��rx��r��r ��r7��ry��r{��r��r��r��"test_saveKeyEd25519EmptyPassphraseQ��s�� z.KeyGenTests.test_saveKeyEd25519EmptyPassphrasec��s��t�\|��}\|��\|�d�j��ddl}\|��\|jjj d��fdd��t �t�}t \|dddd ��\|�d��}\|�\|dd �}\|��\|\|��dS�)zd When no path is specified, it will ask for the path used to store the key. � custom_keyr��N�_inputSaveFilec��s��S�r��r��r��keyPathr��r��<lambda>l��z4KeyGenTests.test_saveKeyNoFilename.<locals>.<lambda>TrV��r��r��)r��r1��ru��rv��rw��twisted.conch.scripts.ckeygenr$��conch�scriptsr)��r��rx��r��r ��ry��r7��)r'��r\|��twistedr}��persistedKeyContent�persistedKeyr��r��r��test_saveKeyNoFilenamea��s�� z"KeyGenTests.test_saveKeyNoFilenamec��C��s��t�\|��}\|��\|�d�j}t�t�}t\|\|dddd��\|�� \|�j ��d\|\|f��\|�d��}\|�� \|�\|dd�\|��\|�� \|�d��\|�� t�\|�d ��\|��dS�) zi L{_saveKey} can be told to write the new private key file in OpenSSH v1 format. rn��ro��rV��rE��)r?��rq��rU��private-key-subtyperr��N�$��-----BEGIN OPENSSH PRIVATE KEY----- rs��)r��r1��ru��rv��rw��r��rx��r��r ��r7��r#��rh��ry��r:�� startswithrz��)r'��r\|��r?��r}��privateKeyContentr��r��r��test_saveKeySubtypeV1t��s4�� z!KeyGenTests.test_saveKeySubtypeV1c��C��sf��\|��}t�t�}t\|��t��td\|i��\|�j� �� d�}t\|t�r(\|� d�}\|��\|\|�d��dS�)zl L{displayPublicKey} prints out the public key associated with a given private key. r?�� ascii�opensshN)r1��r��rx��r��r��rg��r��r��r#��rh��strip� isinstance�str�encoder7��toString�r'��r?��rB�� displayedr��r��r��test_displayPublicKey��s�� z!KeyGenTests.test_displayPublicKeyc��C��sh��\|��}t�t�}t\|��t��t\|dd��\|�j� �� d�}t\|t�r)\|� d�}\|��\|\|�d��dS�)z� L{displayPublicKey} prints out the public key associated with a given private key using the given passphrase when it's encrypted. � encrypted�r?��rq��r��r��r��N)r1��r��rx��r��r��rg��r��r��r#��rh��r��r��r��r��r7��r��r��r��r��r��test_displayPublicKeyEncrypted��s�� zKeyGenTests.test_displayPublicKeyEncryptedc��C��sx��\|��}t�t�}t\|��t��\|��tddd��t d\|i��\|�j ��d�}t \|t�r1\|�d�}\|��\|\|�d��dS�) z� L{displayPublicKey} prints out the public key associated with a given private key, asking for the passphrase when it's encrypted. �getpassc��S��dS�)Nr��r��)�xr��r��r��r��r��zLKeyGenTests.test_displayPublicKeyEncryptedPassphrasePrompt.<locals>.<lambda>r?��r��r��r��N)r1��r��rx��r��r��rg��r��r$��r��r��r#��rh��r��r��r��r��r7��r��r��r��r��r��.test_displayPublicKeyEncryptedPassphrasePrompt��s�� z:KeyGenTests.test_displayPublicKeyEncryptedPassphrasePromptc��C��s.��\|��}t\|��t��\|��tt\|dd��dS�)z� L{displayPublicKey} fails with a L{BadKeyError} when trying to decrypt an encrypted key with the wrong password. �wrongr��N)r1��r��rg��r��rM��r��r��ri��r��r��r��$test_displayPublicKeyWrongPassphrase��s ��z0KeyGenTests.test_displayPublicKeyWrongPassphrasec��C��sl��t�ddd�}\|��td\|��\|��}t\|��t��td\|i��\|��\|�j � ��d�d��\|��tt\|�� dS�)zt L{changePassPhrase} allows a user to change the passphrase of a private key interactively. r��newpassr��r?��r��;Your identification has been saved with the new passphrase.N�r!��r$��r��r1��r��rg��r��r��r7��r#��rh��r��assertNotEqualry��)r'�� oldNewConfirmr?��r��r��r��test_changePassphrase��s��z!KeyGenTests.test_changePassphrasec��C��sl��t�dd�}\|��td\|��\|��}t\|��t��t\|dd��\|��\|�j � ��d�d��\|��tt\|�� dS�)z� L{changePassPhrase} allows a user to change the passphrase of a private key, providing the old passphrase and prompting for new one. r��r��r��r��r��r��Nr��)r'�� newConfirmr?��r��r��r��test_changePassphraseWithOld��s�� z(KeyGenTests.test_changePassphraseWithOldc��C��sV��\|��}t\|��t��t\|ddd��\|��\|�j��d�d��\|�� tt\|�� dS�)z� L{changePassPhrase} allows a user to change the passphrase of a private key by providing both old and new passphrases without prompting. r�� newencrypt)r?��rq��r��r��r��N)r1��r��rg��r��r��r7��r#��rh��r��r��ry��ri��r��r��r��test_changePassphraseWithBoth��s�� z)KeyGenTests.test_changePassphraseWithBothc��C��R��\|��}t\|��t��\|��tt\|dd��}\|��dt\|��\|��tt\|�� dS�)z� L{changePassPhrase} exits if passed an invalid old passphrase when trying to change the passphrase of a private key. r��r��z1Could not change passphrase: old passphrase errorN) r1��r��rg��r��rM�� SystemExitr��r7��r��ry��r'��r?��errorr��r��r��$test_changePassphraseWrongPassphrase��s��z0KeyGenTests.test_changePassphraseWrongPassphrasec��C��sb��\|��tdtd��\|��}t\|��t��\|��tt d\|i�}\|�� dt\|��\|�� tt\|��dS�)z� L{changePassPhrase} exits if no passphrase is specified for the C{getpass} call and the key is encrypted. r��r?��zMCould not change passphrase: Passphrase must be provided for an encrypted keyN) r$��r��r!��r1��r��rg��r��rM��r��r��r7��r��ry��r��r��r��r��!test_changePassphraseEmptyGetPass��s��z-KeyGenTests.test_changePassphraseEmptyGetPassc��C��sT��\|��}t\|��d��\|��ttd\|i�}d}\|��\|t\|��\|��dt\|��dS�)zc L{changePassPhrase} exits if the file specified points to an invalid key. s��foobarr?��z?Could not change passphrase: cannot guess the type of b'foobar'N) r1��r��rg��rM��r��r��r7��r��ry��)r'��r?��r��expectedr��r��r��test_changePassphraseBadKey&��s��z'KeyGenTests.test_changePassphraseBadKeyc��C��sh��\|��}t\|��t��dd��}\|��td\|��\|��tt\|dd��}\|�� dt \|��\|�� tt\|��dS�)z� L{changePassPhrase} doesn't modify the key file if an unexpected error happens when trying to create the key with the new passphrase. c��_��s��t�d��)N�oops)�RuntimeError�r@��kwargsr��r��r��r��;��r��z>KeyGenTests.test_changePassphraseCreateError.<locals>.toStringr��r��r?��r��z!Could not change passphrase: oopsN�r1��r��rg��r��r$��r��rM��r��r��r7��r��ry��)r'��r?��r��r��r��r��r�� test_changePassphraseCreateError3��s��z,KeyGenTests.test_changePassphraseCreateErrorc��C��sl��\|��}t\|��t��dd��}\|��td\|��\|��tt\|dd��}d}\|�� \|t \|��\|�� tt\|��dS�)zq L{changePassPhrase} doesn't modify the key file if C{toString} returns an empty string. c��_��r��)Nr��r��r��r��r��r��r��R��s��zCKeyGenTests.test_changePassphraseEmptyStringError.<locals>.toStringr��r��r��z9Could not change passphrase: cannot guess the type of b''Nr��)r'��r?��r��r��r��r��r��r��%test_changePassphraseEmptyStringErrorJ��s��z1KeyGenTests.test_changePassphraseEmptyStringErrorc��C��r��)z� L{changePassPhrase} exits when trying to change the passphrase on a public key, and doesn't change the file. rq��r��z.Could not change passphrase: key not encryptedN) r1��r��rg��r��rM��r��r��r7��r��ry��r��r��r��r��test_changePassphrasePublicKeyb��s��zKeyGenTests.test_changePassphrasePublicKeyc��C��s��t�ddd�}\|��td\|��\|��}t\|��t��t\|dd��\|��\|�j � ��d�d��t\|��}\|�� t\|��\|��\|�d��d S�) zq L{changePassPhrase} can be told to write the new private key file in OpenSSH v1 format. r��r��r��rE��)r?��r��r��r��r��N)r!��r$��r��r1��r��rg��r��r��r7��r#��rh��r��ry��r��r:��r��)r'��r��r?��r��r��r��r��test_changePassphraseSubtypeV1o��s��zKeyGenTests.test_changePassphraseSubtypeV1)NN)&�__name__� __module__�__qualname__�__doc__r(��rC��rI��rS��r[��r^��rc��rj��rk��rl��r~��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r"��=��sH�� " r"��)!r��r��r3��r%��rP��ior��twisted.conch.test.keydatar��r��r��r��r��twisted.python.filepathr��twisted.python.reflectr ��twisted.trial.unittestr ��r��r ��r��r��r��r��twisted.conch.ssh.keysr��r��r��r��skipr!��r"��r��r��r��r��<module>��s ��test/__pycache__/__init__.cpython-310.pyc��0000644��00000000261�15027667726�0014214 0��ustar�00��o ��b��@��s��d�Z�dS�)zconch testsN)�__doc__��r��r��=/usr/lib/python3/dist-packages/twisted/conch/test/__init__.py�<module>��s��test/__pycache__/test_manhole_tap.cpython-310.pyc��0000644��00000007446�15027667726�0016017 0��ustar�00��o ��b��@��s��d�Z�ddlmZ�ddlmZ�ddlmZ�ddlmZ�ddl m Z �ddlmZ�ddl mZ�dd lmZ�ed �Zed�ZerFerFddlmZmZ�G�d d��de�ZdS�)z) Tests for L{twisted.conch.manhole_tap}. ��)�StreamServerEndpointService)�MultiService)�telnet)�error)�UsernamePassword)�usage)� requireModule)�TestCase�cryptography�pyasn1)�manhole_ssh�manhole_tapc��@��sL��e�Zd�ZdZes dZesdZdZdd��Zdd��Z d d ��Z dd��Zd d��ZdS�)�MakeServiceTestsz/ Tests for L{manhole_tap.makeService}. zcan't run without cryptographyzCannot run without PyASN1)s��iamusers��thisispasswordc��C��sV��\|��\|�_t\|�jd��}\|�d�\|�j��W�d��n1�sw��Y��t��\|�_dS�)z8 Create a passwd-like file with a user. �wb��:N) �mktemp�filename�open�write�join�usernamePasswordr ��Options�options)�self�f��r��E/usr/lib/python3/dist-packages/twisted/conch/test/test_manhole_tap.py�setUp%��s �� zMakeServiceTests.setUpc��C��sR��\|��tj��}t��g��W�d��n1�sw��Y��\|��\|jjd�d��dS�)zk L{manhole_tap.makeService} requires either 'telnetPort' or 'sshPort' to be given. Nr��z<At least one of --telnetPort and --sshPort must be specified) �assertRaisesr�� UsageErrorr ��r��parseOptions�assertEqual� exception�args)r��er��r��r��test_requiresPort.��s�� z"MakeServiceTests.test_requiresPortc��C��s~��\|�j��ddg��t�\|�j��}\|��\|t��\|��t\|j�d��\|��\|jd�t ��\|��\|jd�j jtj��\|��\|jd�j jd��dS�)z� L{manhole_tap.makeService} will make a telnet service on the port defined by C{--telnetPort}. It will not make a SSH service. �--telnetPortztcp:222��r��N)r��r ��r ��makeService�assertIsInstancer��r!��len�servicesr��factory�protocol�makeTelnetProtocol�endpoint�_port�r��servicer��r��r��test_telnetPort;��s��z MakeServiceTests.test_telnetPortc��C��s��\|�j��d\|��ddddg��t�\|�j��}\|��\|t��\|��t\|j �d��\|��\|j d�t ��\|��\|j d�jtj ��\|��\|j d�jjd��d S�) z� L{manhole_tap.makeService} will make a SSH service on the port defined by C{--sshPort}. It will not make a telnet service. z--sshKeyDirz--sshKeySize�512z --sshPortztcp:223r'��r��N)r��r ��r��r ��r)��r��r��r!��r+��r,��r��r-��r��ConchFactoryr0��r1��r2��r��r��r��test_sshPortJ��s�� zMakeServiceTests.test_sshPortc�� C��s��\|�j��ddd\|�jg��t�\|�j��}\|jd�jjj}\|�� t \|j��d��\|�� \|��\|�t\|�j��dtj��\|��\|��\|�tdd�dtj��jtj��dS�) zS The C{--passwd} command-line option will load a passwd-like file. r&��ztcp:22z--passwdr��Ns��wrongs��user)r��r ��r��r ��r)��r,��r-��r.��portalr!��r+��checkers�keys� assertTrue�successResultOf�loginr��r��r��ITelnetProtocolr��failureResultOf�valuer��UnauthorizedLogin)r��r3��r:��r��r��r��test_passwdc��s,�� zMakeServiceTests.test_passwdN) �__name__� __module__�__qualname__�__doc__r ��skipr��r��r��r%��r4��r8��rD��r��r��r��r��r��s�� r��N)rH��twisted.application.internetr��twisted.application.servicer�� twisted.conchr��twisted.credr��twisted.cred.credentialsr��twisted.pythonr��twisted.python.reflectr��twisted.trial.unittestr ��r ��r��r��r ��r��r��r��r��r��<module>��s��test/__pycache__/test_agent.cpython-310.pyc��0000644��00000033336�15027667726�0014623 0��ustar�00��o ��b�3��@��sx��d�Z�ddlZddlmZ�ddlmZ�zddlZW�n�ey#��dZY�nw�eZzddl Z W�n�ey7��dZ Y�nw�e Z z ddlmZ mZ�W�n �eyQ��d�ZZY�nw�ee ZZddlmZmZ�ddlmZ�G�dd ��d �ZG�d d��dej�ZG�dd ��d e�ZG�dd��de�Zedur�G�dd��dej�ZG�dd��de�ZG�dd��de�ZG�dd��de�ZG�dd��de�ZG�dd��de�Z dS�)z' Tests for L{twisted.conch.ssh.agent}. ��N)�iosim)�unittest)�agent�keys)� ConchError�MissingKeyStoreError)�keydatac��@��e�Zd�ZdZdd��ZdS�)�StubFactoryzb Mock factory that provides the keys attribute required by the SSHAgentServerProtocol c��C��s ��i�\|�_�d�S��N)r��self��r��?/usr/lib/python3/dist-packages/twisted/conch/test/test_agent.py�__init__,��s�� zStubFactory.__init__N)�__name__� __module__�__qualname__�__doc__r��r��r��r��r��r ��&��s��r ��c��@��s,��e�Zd�ZdZedu�sedu�rdZdd��ZdS�)� AgentTestBasez Tests for SSHAgentServer/Client. Nz)Cannot run without cryptography or PyASN1c��C��sj��t��tjtj�\\|�_\|�_\|�_t��\|�j_ t j�t j�\|�_t j�t j�\|�_t j�t j�\|�_t j�t j�\|�_d�S�r��)r��connectedServerAndClientr��SSHAgentServer�SSHAgentClient�client�server�pumpr ��factoryr��Key� fromStringr��privateRSA_openssh� rsaPrivate�privateDSA_openssh� dsaPrivate�publicRSA_openssh� rsaPublic�publicDSA_openssh� dsaPublicr��r��r��r��setUp8��s�� zAgentTestBase.setUp)r��r��r��r��r��r��skipr'��r��r��r��r��r��0��s ��r��c��@��r ��)�&ServerProtocolContractWithFactoryTestsz� The server protocol is stateful and so uses its factory to track state across requests. This test asserts that the protocol raises if its factory doesn't provide the necessary storage for that state. c��C��s2��t��ddtj�}\|�jjjd=�\|��t\|�jj \|��d�S�)Nz!LB��r��) �struct�packr��AGENTC_REQUEST_IDENTITIESr��r��__dict__�assertRaisesr��dataReceived)r ��msgr��r��r��/test_factorySuppliesKeyStorageForServerProtocolQ��s��zVServerProtocolContractWithFactoryTests.test_factorySuppliesKeyStorageForServerProtocolN)r��r��r��r��r2��r��r��r��r��r)��J��s��r)��c��@��(��e�Zd�ZdZdd��Zdd��Zdd��ZdS�) �"UnimplementedVersionOneServerTestsa!�� Tests for methods with no-op implementations on the server. We need these for clients, such as openssh, that try v1 methods before going to v2. Because the client doesn't expose these operations with nice method names, we invoke sendRequest directly with an op code. c��s0��j��tjd�}��j��fdd�}\|�\|�S�)zV assert that we get the correct op code for an RSA identities request ��c��s��tjt\|�dd��d�S�)Nr��r��)�assertEqualr��AGENT_RSA_IDENTITIES_ANSWER�ord)�packetr��r��r��_cbh��s��zRUnimplementedVersionOneServerTests.test_agentc_REQUEST_RSA_IDENTITIES.<locals>._cb)r��sendRequestr��AGENTC_REQUEST_RSA_IDENTITIESr��flush�addCallback)r ��dr:��r��r��r��"test_agentc_REQUEST_RSA_IDENTITIESa��s�� zEUnimplementedVersionOneServerTests.test_agentc_REQUEST_RSA_IDENTITIESc��C��(��\|�j��tjd�}\|�j��\|�\|�jd�S�)z[ assert that we get the correct op code for an RSA remove identity request r5��)r��r;��r��AGENTC_REMOVE_RSA_IDENTITYr��r=��r>��r6��r ��r?��r��r��r��test_agentc_REMOVE_RSA_IDENTITYm��s�� zBUnimplementedVersionOneServerTests.test_agentc_REMOVE_RSA_IDENTITYc��C��rA��)zj assert that we get the correct op code for an RSA remove all identities request. r5��)r��r;��r�� AGENTC_REMOVE_ALL_RSA_IDENTITIESr��r=��r>��r6��rC��r��r��r��%test_agentc_REMOVE_ALL_RSA_IDENTITIESu��s�� zHUnimplementedVersionOneServerTests.test_agentc_REMOVE_ALL_RSA_IDENTITIESN)r��r��r��r��r@��rD��rF��r��r��r��r��r4��X��s ��r4��c��@��s ��e�Zd�ZdZdd��Zdd��ZdS�)� CorruptServerz� A misbehaving server that returns bogus response op codes so that we can verify that our callbacks that deal with these op codes handle such miscreants. c��C��\|��dd��d�S��N��r5��sendResponse�r ��datar��r��r��agentc_REQUEST_IDENTITIES��z'CorruptServer.agentc_REQUEST_IDENTITIESc��C��rH��rI��rK��rM��r��r��r��agentc_SIGN_REQUEST��rP��z!CorruptServer.agentc_SIGN_REQUESTN)r��r��r��r��rO��rQ��r��r��r��r��rG��s��rG��c��@��r3��) �ClientWithBrokenServerTestszM verify error handling code in the client using a misbehaving server c��C��s2��t��\|��t�ttj�\\|�_\|�_\|�_ t ��\|�j_d�S�r��)r��r'��r��r��rG��r��r��r��r��r��r ��r��r��r��r��r��r'��s �� z!ClientWithBrokenServerTests.setUpc��C��s��\|�j��\|�j��d�}\|�j��\|��\|t�S�)z� Assert that L{SSHAgentClient.signData} raises a ConchError if we get a response from the server whose opcode doesn't match the protocol for data signing requests. ��John Hancock)r��signDatar$��blobr��r=�� assertFailurer��rC��r��r��r��"test_signDataCallbackErrorHandling��s�� z>ClientWithBrokenServerTests.test_signDataCallbackErrorHandlingc��C��s ��\|�j��}\|�j��\|��\|t�S�)z� Assert that L{SSHAgentClient.requestIdentities} raises a ConchError if we get a response from the server whose opcode doesn't match the protocol for identity requests. )r��requestIdentitiesr��r=��rV��r��rC��r��r��r��+test_requestIdentitiesCallbackErrorHandling��s�� zGClientWithBrokenServerTests.test_requestIdentitiesCallbackErrorHandlingN)r��r��r��r��r'��rW��rY��r��r��r��r��rR��s �� rR��c��@��0��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd S�)�AgentKeyAdditionTestsz< Test adding different flavors of keys to an agent. c��2��j��j��}��j��fdd�}\|�\|�S�)�@�� L{SSHAgentClient.addIdentity} adds the private key it is called with to the SSH agent server to which it is connected, associating it with the comment it is called with. This test asserts that omitting the comment produces an empty string for the comment on the server. c��:��j�jj��j��}��j\|d��d\|d��d�S��Nr��r5��r��r��r��r��r ��rU��r6��ignored� serverKeyr��r��r��_check��zBAgentKeyAdditionTests.test_addRSAIdentityNoComment.<locals>._check�r��addIdentityr ��privateBlobr��r=��r>��r ��r?��rd��r��r��r��test_addRSAIdentityNoComment�� z2AgentKeyAdditionTests.test_addRSAIdentityNoCommentc��r\��)r]��c��r^��r_��r��r��r��r"��rU��r6��ra��r��r��r��rd��re��zBAgentKeyAdditionTests.test_addDSAIdentityNoComment.<locals>._check�r��rg��r"��rh��r��r=��r>��ri��r��r��r��test_addDSAIdentityNoComment��rk��z2AgentKeyAdditionTests.test_addDSAIdentityNoCommentc��6��j�j��j��dd�}��j��fdd�}\|�\|�S�)�1�� L{SSHAgentClient.addIdentity} adds the private key it is called with to the SSH agent server to which it is connected, associating it with the comment it is called with. This test asserts that the server receives/stores the comment as sent by the client. ��My special key��commentc��r^��Nr��rq��r��r`��ra��r��r��r��rd��re��zDAgentKeyAdditionTests.test_addRSAIdentityWithComment.<locals>._checkrf��ri��r��r��r��test_addRSAIdentityWithComment�� z4AgentKeyAdditionTests.test_addRSAIdentityWithCommentc��ro��)rp��rq��rr��c��r^��rt��rl��ra��r��r��r��rd��re��zDAgentKeyAdditionTests.test_addDSAIdentityWithComment.<locals>._checkrm��ri��r��r��r��test_addDSAIdentityWithComment��rv��z4AgentKeyAdditionTests.test_addDSAIdentityWithCommentN)r��r��r��r��rj��rn��ru��rw��r��r��r��r��r[��s��r[��c��@��s��e�Zd�Zdd��ZdS�)�AgentClientFailureTestsc��C��s$��\|�j��dd�}\|�j��\|��\|t�S�)zK verify that the client raises ConchError on AGENT_FAILURE rJ��r5��)r��r;��r��r=��rV��r��rC��r��r��r��test_agentFailure ��s�� z)AgentClientFailureTests.test_agentFailureN)r��r��r��ry��r��r��r��r��rx��s��rx��c��@��s8��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��ZdS�) �AgentIdentityRequestsTestszJ Test operations against a server with identities already loaded. c��C��B��t��\|��\|�jdf\|�jjj\|�j��<�\|�jdf\|�jjj\|�j��<�d�S��N� ��a comment��another comment�r��r'��r"��r��r��r��rU��r ��r��r��r��r��r'�� z AgentIdentityRequestsTests.setUpc��C��sX��\|�j��\|�j��d�}\|�j��\|��\|�}\|�j�d�}\|�� \|\|��\|�� \|�j�\|d��dS�)zc Sign data with an RSA private key and then verify it with the public key. rS��N)r��rT��r$��rU��r��r=��successResultOfr ��signr6�� assertTrue�verify)r ��r?�� signature�expectedr��r��r��test_signDataRSA"��s�� z+AgentIdentityRequestsTests.test_signDataRSAc��s4��j��j��d�}��j��fdd�}\|�\|�S�)zb Sign data with a DSA private key and then verify it with the public key. rS��c��s��j�\|�d��d�S�)NrS��)r��r&��r��)�sigr��r��r��rd��7��s��z;AgentIdentityRequestsTests.test_signDataDSA.<locals>._check)r��rT��r&��rU��r��r=��r>��ri��r��r��r��test_signDataDSA/��s�� z+AgentIdentityRequestsTests.test_signDataDSAc��C��s<��\|�j�jj\|�j��=�\|�j�\|�j��d�}\|�j��\|�� \|t �S�)zm Assert that we get an errback if we try to sign data using a key that wasn't added. rS��)r��r��r��r$��rU��r��rT��r��r=��rV��r��rC��r��r��r��$test_signDataRSAErrbackOnUnknownBlob?��s�� z?AgentIdentityRequestsTests.test_signDataRSAErrbackOnUnknownBlobc����j��}��j��fdd�}\|�\|�S�)z} Assert that we get all of the keys/comments that we add when we issue a request for all identities. c��s^��i�}d\|��j��<�d\|��j��<�i�}\|�D�]}\|d�\|tjj\|d�dd��<�q��\|\|��d�S�)Nr}��r~��r��r��rU��)�type)r&��rU��r$��r��r��r��r6��)�keytr��received�kr��r��r��rd��Q��s��"zAAgentIdentityRequestsTests.test_requestIdentities.<locals>._check)r��rX��r��r=��r>��ri��r��r��r��test_requestIdentitiesI��s�� z1AgentIdentityRequestsTests.test_requestIdentitiesN) r��r��r��r��r'��r��r��r��r��r��r��r��r��rz��s�� rz��c��@��rZ��)�AgentKeyRemovalTestsz< Test support for removing keys in a remote server. c��C��r{��r\|��r��r��r��r��r��r'��c��r��zAgentKeyRemovalTests.setUpc��r\��)z< Assert that we can remove an RSA identity. c��sJ��dt��jjj��j��jjj��j ��jjj��d�S��Nr��) r6��lenr��r��r��assertInr"��rU��assertNotInr ��rb��r��r��r��rd��v��s��z;AgentKeyRemovalTests.test_removeRSAIdentity.<locals>._check)r��removeIdentityr ��rU��r��r=��r>��ri��r��r��r��test_removeRSAIdentityn��s�� z+AgentKeyRemovalTests.test_removeRSAIdentityc��r\��)z; Assert that we can remove a DSA identity. c��s2��dt��jjj��j��jjj��d�S�r��)r6��r��r��r��r��r��r ��rU��r��r��r��r��rd��s��z;AgentKeyRemovalTests.test_removeDSAIdentity.<locals>._check)r��r��r"��rU��r��r=��r>��ri��r��r��r��test_removeDSAIdentity}��s�� z+AgentKeyRemovalTests.test_removeDSAIdentityc��r��)z; Assert that we can remove all identities. c��s��dt��jjj��d�S�)Nr��)r6��r��r��r��r��r��r��r��r��rd��s��z=AgentKeyRemovalTests.test_removeAllIdentities.<locals>._check)r��removeAllIdentitiesr��r=��r>��ri��r��r��r��test_removeAllIdentities��s�� z-AgentKeyRemovalTests.test_removeAllIdentitiesN)r��r��r��r��r'��r��r��r��r��r��r��r��r��^��s��r��)!r��r+��twisted.testr�� twisted.trialr��cryptography� _cryptography�ImportError�pyasn1�_pyasn1�twisted.conch.sshr��_agentr��_keys�twisted.conch.errorr��r��twisted.conch.testr��r ��TestCaser��r)��r4��r��rG��rR��r[��rx��rz��r��r��r��r��r��<module>��sF�� '#V L��test/__pycache__/test_mixin.cpython-310.pyc��0000644��00000002721�15027667726�0014643 0��ustar�00��o ��b��@��sL��d�dl�mZ�d�dlmZ�d�dlmZ�G�dd��dej�ZG�dd��dej�Z dS�) ��)�mixin)�StringTransport)�unittestc��@��s$��e�Zd�ZdZdZdd��Zdd��ZdS�)�TestBufferingProtoFr��c��C��s��d\|�_�t��S�)NT)� scheduled�object)�self��r ��?/usr/lib/python3/dist-packages/twisted/conch/test/test_mixin.py�schedule��s��zTestBufferingProto.schedulec��C��s��\|��j�d7��_�d�S�)N��)�rescheduled)r��tokenr ��r ��r �� reschedule��s��zTestBufferingProto.rescheduleN)�__name__� __module__�__qualname__r��r ��r��r��r ��r ��r ��r ��r�� s ��r��c��@��s��e�Zd�Zdd��ZdS�)�BufferingTestsc��C��s��t��}t��}\|_\|��\|j��g�d�}\|�d��\|��\|j��\|��\|j��\|D�]}\|j}\|�\|��\|��\|j\|d��\|��\|� ��d��q&\|� ��\|��\|� ��dd�\|��d�S�)N)��foos��bars��bazs��quuxr��r��)r��r�� transport�assertFalser��write� assertTruer ��assertEqual�value�flush�join)r��p�t�L�s�nr ��r ��r �� testBuffering��s�� zBufferingTests.testBufferingN)r��r��r��r#��r ��r ��r ��r ��r��s��r��N) � twisted.conchr��twisted.test.proto_helpersr�� twisted.trialr��BufferingMixinr��TestCaser��r ��r ��r ��r ��<module>��s ��test/__pycache__/test_endpoints.cpython-310.pyc��0000644��00000134714�15027667726�0015532 0��ustar�00��o ��bP��@��s��d�Z�ddlZddlmZ�ddlmZ�ddlmZ�ddl m Z mZ�ddlZddl mZmZmZ�ddlmZ�dd lmZ�dd lmZ�ddlmZ�ddlmZmZmZmZ�dd lmZm Z m!Z!m"Z"�ddl#m$Z$m%Z%�ddl&m'Z'm(Z(�ddl)mZm+Z+�ddl,m-Z-�ddl.m/Z/�ddl0m1Z1�ddl2m3Z3�ddl4m5Z5�ddl6m7Z7m8Z8�ddl9m:Z:�e5d��re5d��rddl;m<Z<�ddl=m>Z>m?Z?�ddl@mAZAmBZB�ddlCmDZDmEZEmFZFmGZGmHZHmIZImJZJ�ddlKmLZL�ddlMmNZN�dd lOmPZP�dd!lQmRZR�dd"lSmTZT�dd#lUmVZV�dd$lWmXZX�dd%lYmZZZ�dd&l[m\Z\m]Z]m^Z^m_Z_�nd'Z`eaZTeaZZeaZReaZVeaZPeaZNeaZBeaZ?eaZ<dd(lbmcZcmdZd�dd)l6meZe�G�dd+��d+ec�ZfG�d,d-��d-eP�ZgG�d.d/��d/eP�ZhG�d0d1��d1eP�ZiG�d2d3��d3�ZjG�d4d5��d5e'�ZkG�d6d7��d7�ZlG�d8d9��d9eZ�ZmG�d:d;��d;eT�Znee$�G�d<d=��d=��Zoee%�G�d>d?��d?��ZpG�d@dA��dA�ZqG�dBdC��dCe:eq�ZrG�dDdE��dEe:eq�ZsG�dFdG��dGe:�ZtG�dHdI��dI�ZuG�dJdK��dKe:�ZvdS�)Lz' Tests for L{twisted.conch.endpoints}. ��N)�ENOSYS)�pack)�implementer)�verifyClass�verifyObject)� ConchError�HostKeyChanged�UserRejectedKey)� IConchUser)�'InMemoryUsernamePasswordDatabaseDontUse)�Portal)�IPv4Address)�CancelledError�Deferred�fail�succeed)�ConnectingCancelledError�ConnectionDone�ConnectionRefusedError�ProcessTerminated)�IAddress�IStreamClientEndpoint)�Factory�Protocol)�LogLevel�globalLogPublisher)� networkString)�Failure)�FilePath)�msg)� requireModule)�EventLoggingObserver�MemoryReactorClock)�TestCase�cryptographyzpyasn1.type)� ConchUser)�InMemorySSHKeyDB�SSHPublicKeyChecker)� ConsoleUI�KnownHostsFile)�AuthenticationFailed�SSHCommandAddress�SSHCommandClientEndpoint�_ExistingConnectionHelper�_ISSHConnectionCreator�_NewConnectionHelper� _ReadFile)�common)�SSHAgentServer)� SSHChannel)� SSHConnection)� SSHFactory)�Key)�SSHClientTransport)�SSHUserAuthServer)�privateDSA_openssh�privateRSA_openssh� privateRSA_openssh_encrypted_aes�publicRSA_opensshz%can't run w/o cryptography and pyasn1)� FakeTransport�connect)�StringTransportc��@��s��e�Zd�ZdZdZdd��ZdS�)�AbortableFakeTransportzC A L{FakeTransport} with added C{abortConnection} support. Fc��C�� d\|�_�dS�)z} Abort the connection in a fake manner. This should really be implemented in the underlying module. TN��aborted��self��rF��C/usr/lib/python3/dist-packages/twisted/conch/test/test_endpoints.py�abortConnectionZ�� z&AbortableFakeTransport.abortConnectionN)�__name__� __module__�__qualname__�__doc__rC��rH��rF��rF��rF��rG��r@��S��s��r@��c��@��e�Zd�ZdZdd��ZdS�)�BrokenExecSessionzO L{BrokenExecSession} is a session on which exec requests always fail. c��C��dS�)z� Fail all exec requests. @param data: Information about what is being executed. @type data: L{bytes} @return: C{0} to indicate failure @rtype: L{int} r��rF��rE��datarF��rF��rG��request_exech�� zBrokenExecSession.request_execN�rJ��rK��rL��rM��rS��rF��rF��rF��rG��rO��c��rO��c��@��rN��)�WorkingExecSessionzS L{WorkingExecSession} is a session on which exec requests always succeed. c��C��rP��)z� Succeed all exec requests. @param data: Information about what is being executed. @type data: L{bytes} @return: C{1} to indicate success @rtype: L{int} ��rF��rQ��rF��rF��rG��rS��z��rT��zWorkingExecSession.request_execNrU��rF��rF��rF��rG��rW��u��rV��rW��c��@��rN��)�UnsatisfiedExecSessionz� L{UnsatisfiedExecSession} is a session on which exec requests are always delayed indefinitely, never succeeding or failing. c��C��s��t��S�)z� Delay all exec requests indefinitely. @param data: Information about what is being executed. @type data: L{bytes} @return: A L{Deferred} which will never fire. @rtype: L{Deferred} )r��rQ��rF��rF��rG��rS��s�� z#UnsatisfiedExecSession.request_execNrU��rF��rF��rF��rG��rY��s��rY��c��@��s��e�Zd�Zdd��Zdd��ZdS�)�TrivialRealmc��C��s ��i�\|�_�d�S��N)� channelLookuprD��rF��rF��rG��__init__�� zTrivialRealm.__init__c��G��s��t��}\|�j\|_t\|dd��fS�)Nc��S��d�S�r[��rF��rF��rF��rF��rG��<lambda>��z,TrivialRealm.requestAvatar.<locals>.<lambda>)r%��r\��r ��)rE��avatarId�mind� interfaces�avatarrF��rF��rG�� requestAvatar��s��zTrivialRealm.requestAvatarN)rJ��rK��rL��r]��rf��rF��rF��rF��rG��rZ��s��rZ��c��@��s��e�Zd�ZdZdd��ZdS�)�AddressSpyFactoryNc��C��s��\|\|�_�t�\|�\|�S�r[��)�addressr�� buildProtocol)rE��rh��rF��rF��rG��ri��s��zAddressSpyFactory.buildProtocol)rJ��rK��rL��rh��ri��rF��rF��rF��rG��rg��rg��c��@��s$��e�Zd�Zdd��Zdd��Zdd��ZdS�)�FixedResponseUIc��C��s ��\|\|�_�d�S�r[��result)rE��rm��rF��rF��rG��r]��r^��zFixedResponseUI.__init__c��C��s ��t�\|�j�S�r[��)r��rm��rE��textrF��rF��rG��prompt��r^��zFixedResponseUI.promptc��C��r_��r[��rF��rn��rF��rF��rG��warn��s��zFixedResponseUI.warnN)rJ��rK��rL��r]��rp��rq��rF��rF��rF��rG��rk��s��rk��c��@��s$��e�Zd�Zedd��Zedd��ZdS�)�FakeClockSSHUserAuthServerc��C�� \|�j�jjS�)zy Use the C{attemptsBeforeDisconnect} value defined by the factory to make it easier to override. )� transport�factory�attemptsBeforeDisconnectrD��rF��rF��rG��rv��rI��z3FakeClockSSHUserAuthServer.attemptsBeforeDisconnectc��C��rs��)z� Use the reactor defined by the factory, rather than the default global reactor, to simplify testing (by allowing an alternate implementation to be supplied by tests). )rt��ru��reactorrD��rF��rF��rG��clock��s�� z FakeClockSSHUserAuthServer.clockN)rJ��rK��rL��propertyrv��rx��rF��rF��rF��rG��rr��s �� rr��c��@��s2��e�Zd�Zedd��Zedd��Zeed�ZdZ dS�)�CommandFactoryc��C��dt�jtd�iS��N��ssh-rsa)rR��)r6�� fromStringr<��rD��rF��rF��rG�� publicKeys��zCommandFactory.publicKeysc��C��r{��r\|��)r6��r~��r:��rD��rF��rF��rG��privateKeys��r��zCommandFactory.privateKeys)s��ssh-userauths��ssh-connectionr��N) rJ��rK��rL��ry��r��r��rr��r4��servicesrv��rF��rF��rF��rG��rz��s�� rz��c��@��s��e�Zd�ZdS�)� MemoryAddressN)rJ��rK��rL��rF��rF��rF��rG��r��s��r��c��@�� e�Zd�ZdZdd��Zdd��ZdS�)�SingleUseMemoryEndpointa]�� L{SingleUseMemoryEndpoint} is a client endpoint which allows one connection to be set up and then exposes an API for moving around bytes related to that connection. @ivar pump: L{None} until a connection is attempted, then a L{IOPump} instance associated with the protocol which is connected. @type pump: L{IOPump} c��C��s��d\|�_�\|\|�_dS�)z� @param server: An L{IProtocol} provider to which the client will be connected. @type server: L{IProtocol} provider N)�pump�_server)rE��serverrF��rF��rG��r]��s�� z SingleUseMemoryEndpoint.__init__c��C��sh��\|�j�d�ur td��z\|�t��}W�n�ty��t��Y�S�w�t\|�jt\|�jdd�\|t\|dd��\|�_�t \|�S�)Nz(SingleUseMemoryEndpoint was already usedT��isServerF) r�� Exceptionri��r�� BaseExceptionr��r>��r��r@��r��)rE��ru��protocolrF��rF��rG��r>��s�� zSingleUseMemoryEndpoint.connectN)rJ��rK��rL��rM��r]��r>��rF��rF��rF��rG��r��s�� r��c��@��s��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zd d!��Zdd#d$�Zd%d&��Zd'd(��Zd)S�)+�"SSHCommandClientEndpointTestsMixina�� Tests for L{SSHCommandClientEndpoint}, an L{IStreamClientEndpoint} implementations which connects a protocol with the stdin and stdout of a command running in an SSH session. These tests apply to L{SSHCommandClientEndpoint} whether it is constructed using L{SSHCommandClientEndpoint.existingConnection} or L{SSHCommandClientEndpoint.newConnection}. Subclasses must override L{create}, L{assertClientTransportState}, and L{finishConnection}. c��C��s��d\|�_�d\|�_d\|�_d\|�_t��\|�_t��\|�_t\|�j�\|�_ t ��\|�_\|�j�\|�j\|�j��\|�j � \|�j��t��\|�_\|�j\|�j_\|�j \|�j_ \|�j��\|��\|�jj��tddd�\|�_tddd �\|�_d�S�) Ns��ssh.example.comi&��s��users��password�TCPz10.0.0.1i90��z192.168.100.200i1��)�hostname�port�user�passwordr"��rw��rZ��realmr��portalr��passwdDB�addUser�registerCheckerrz��ru��doStart� addCleanup�doStopr �� clientAddress� serverAddressrD��rF��rF��rG��setUp��s"�� z(SSHCommandClientEndpointTestsMixin.setUpc��C��t�\|�jj�d��)z� Create and return a new L{SSHCommandClientEndpoint} to be tested. Override this to implement creation in an interesting way the endpoint. z did not implement create��NotImplementedError� __class__rJ��rD��rF��rF��rG��create/��z)SSHCommandClientEndpointTestsMixin.createc��C��s��t�d\|�jjf��)a�� Make an assertion about the connectedness of the given protocol's transport. Override this to implement either a check for the connection still being open or having been closed as appropriate. @param client: The client whose state is being checked. @param immediateClose: Boolean indicating whether the connection was closed immediately or not. z/%r did not implement assertClientTransportStater��rE��client�immediateCloserF��rF��rG��assertClientTransportState8��s ��z=SSHCommandClientEndpointTestsMixin.assertClientTransportStatec��C��r��)z� Do any remaining work necessary to complete an in-memory connection attempted initiated using C{self.reactor}. z# did not implement finishConnectionr��rD��rF��rF��rG��finishConnectionH��r��z3SSHCommandClientEndpointTestsMixin.finishConnectionc��C��sT��\|��d�}\|��d�}t\|d\|�j\|�jd�}t\|d\|�j\|�jd�}t\|\|\|\|�}\|\|\|fS�)aw�� Set up an in-memory connection between protocols created by C{serverFactory} and C{clientFactory}. @return: A three-tuple. The first element is the protocol created by C{serverFactory}. The second element is the protocol created by C{clientFactory}. The third element is the L{IOPump} connecting them. NF)r��hostAddress�peerAddressT)ri��r@��r��r��r>��)rE�� serverFactory� clientFactory�clientProtocol�serverProtocol�clientTransport�serverTransportr��rF��rF��rG��connectedServerAndClientQ��s �� z;SSHCommandClientEndpointTestsMixin.connectedServerAndClientc�� C��s��\|��}t��}t\|_\|�\|�}\|��\}}}\|��t�}\|��d\|d�j j \|d�j j f��\|��dt\|��\|�� \|�}\|�t��\|��d\|j j ��\|��\|d��dS�)z� If a channel cannot be opened on the authenticated SSH connection, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping the reason given by the server. �unknown channelr��rX��unknown channelFN)r��r��r��r��r>��r��flushLoggedErrorsr��assertIn�valuerR��assertEqual�len�failureResultOf�trapr��) rE��endpointru�� connectedr��r��r��errors�frF��rF��rG��test_channelOpenFailuren��s�� z:SSHCommandClientEndpointTestsMixin.test_channelOpenFailurec��C��sl��t�\|�jjd<�\|��}t��}t\|_\|�\|�}\|��\}}}\|�� \|�}\|� t��\|��d\|j j ��\|��\|d��dS�)z� If execution of the command fails, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping the reason given by the server. ��sessionzchannel request failedFN)rO��r��r\��r��r��r��r��r>��r��r��r��r��r��r��r��rE��r��ru��r��r��r��r��r��rF��rF��rG��test_execFailure��s�� z3SSHCommandClientEndpointTestsMixin.test_execFailurec��C��sd��t�\|�jjd<�\|��}t��}t\|_\|�\|�}\|��\}}}\|� ��\|�� \|�}\|�t��\|�� \|d��dS�)z� If execution of the command is cancelled via the L{Deferred} returned by L{SSHCommandClientEndpoint.connect}, the connection is closed immediately. r��TN)rY��r��r\��r��r��r��r��r>��r��cancelr��r��r��r��r��rF��rF��rG��test_execCancelled��s�� z5SSHCommandClientEndpointTestsMixin.test_execCancelledc��C��s��t�\|�jjd<�\|��}t��}t\|_\|�\|��\|��\}}}\|�� \|j t��\|��\|j ��\|j j��\|��\|�j\|j j��\|��d\|j j��dS�)aD�� Once the necessary SSH actions have completed successfully, L{SSHCommandClientEndpoint.connect} uses the factory passed to it to construct a protocol instance by calling its C{buildProtocol} method with an address object representing the SSH connection and command executed. r�� /bin/ls -lN)rW��r��r\��r��rg��r��r��r>��r��assertIsInstancerh��r+��r��rt��getHostr��r��username�command)rE��r��ru��r��r��r��rF��rF��rG��test_buildProtocol��s�� z5SSHCommandClientEndpointTestsMixin.test_buildProtocolc��C��sR��t�\|�jjd<�\|��}t��}t\|_\|�\|�}\|��\}}}\|�� \|�}\|�� \|j��dS�)a�� L{SSHCommandClientEndpoint} establishes an SSH connection, creates a channel in it, runs a command in that channel, and uses the protocol's C{makeConnection} to associate it with a protocol representing that command's stdin and stdout. r��N)rW��r��r\��r��r��r��r��r>��r��successResultOf�assertIsNotNonert��rE��r��ru��r��r��r��r��r��rF��rF��rG��test_makeConnection��s�� z6SSHCommandClientEndpointTestsMixin.test_makeConnectionc�� C��s��t�\|�jjd<�\|��}t��}t\|_\|�\|�}\|��\}}}\|�� \|�}g�}\|j \|_\|jj } \|jj\| ��d��\|��\|��dd�\|��dS�)z� After establishing the connection, when the command on the SSH server produces output, it is delivered to the protocol's C{dataReceived} method. r��hello, world��N)rW��r��r\��r��r��r��r��r>��r��r��append�dataReceivedrt��id�service�channels�writer��r��join) rE��r��ru��r��r��r��r��r��r�� channelIdrF��rF��rG��test_dataReceived��s�� z4SSHCommandClientEndpointTestsMixin.test_dataReceivedc�� C��s��t�\|�jjd<�\|��}t��}t\|_\|�\|�}\|��\}}}\|�� \|�}g�}\|j \|_\|jj } \|jj\| ��\|��\|d��t��\|��\|d��dS�)zq When the command closes the channel, the protocol's C{connectionLost} method is called. r��r��FN)rW��r��r\��r��r��r��r��r>��r��r��r��connectionLostrt��r��r��r��loseConnectionr��r��r��r��) rE��r��ru��r��r��r��r��r��r��r��rF��rF��rG��test_connectionLost��s�� z6SSHCommandClientEndpointTestsMixin.test_connectionLostc�� C��s��t�\|�jjd<�\|��}t��}t\|_\|�\|�}\|��\}}}\|�� \|�} g�} \| j \| _\| jj }\|jj\|�}\|j�\|\|\|��\|��\|��\|��\|d��\| d�S�)zJ Test handling of non-zero exit statuses or exit signals. r��Fr��)rW��r��r\��r��r��r��r��r>��r��r��r��r��rt��r��r��r��sendRequestr��r��r��) rE��request� requestArgr��ru��r��r��r��r��r��r��r��channelrF��rF��rG��_exitStatusTest��s �� z2SSHCommandClientEndpointTestsMixin._exitStatusTestc��C��s$��d}\|��dtd\|��}\|�t��dS�)�� When the command exits with a non-zero status, the protocol's C{connectionLost} method is called with a L{Failure} wrapping an exception which encapsulates that status. r��exit-status�>LN)r��r��r��r��)rE��exitCode�excrF��rF��rG��test_zeroExitCode0��s��z4SSHCommandClientEndpointTestsMixin.test_zeroExitCodec��C��sH��d}d}\|��dtd\|��}\|�t��\|��\|\|jj��\|��\|\|jj��dS�)r��{��Nr��r��)r��r��r��r��r��r��r��signal)rE��r��r��r��rF��rF��rG��test_nonZeroExitStatus:��s�� z9SSHCommandClientEndpointTestsMixin.test_nonZeroExitStatusc��C��s��t��}t�\|��\|��tj\|��d}d}d�t�d�dt�d�t�d�g�}\|��d\|�}\|� t ��\|��\|\|jj ��\|��\|\|jj��d }t�\|t�t�t�tj�\|dd ddd��dS�) a�� When the command exits with a non-zero signal, the protocol's C{connectionLost} method is called with a L{Failure} wrapping an exception which encapsulates that status. Additional packet contents are logged at the C{info} level. N��r��s��TERM��s��messages��en-USs��exit-signalz'twisted.conch.endpoints._CommandChannelT�message)� log_level� log_namespace�shortSignalName� coreDumped�errorMessage�languageTag)r!��r��addObserverr��removeObserverr��r1��NSr��r��r��r��r��r��r��hamcrest�assert_that�has_item�has_entries�equal_tor��info)rE��logObserverr��r��packetr��logNamespacerF��rF��rG��test_nonZeroExitSignalG��s>�� z9SSHCommandClientEndpointTestsMixin.test_nonZeroExitSignalFc��s<��\|j�j}g��\|r��fdd�}n��j}t\|jj\|�\|\|��S�)a�� Hook into and record events which happen to C{protocol}. @param server: The SSH server protocol over which C{protocol} is running. @type server: L{IProtocol} provider @param protocol: @param event: @param noArgs: c��s ��d��S�r[��)r��rF��recorderrF��rG��r`��s�� z;SSHCommandClientEndpointTestsMixin.record.<locals>.<lambda>)rt��r��r��setattrr��r��)rE��r��r��event�noArgsr��r��rF��r��rG��recordu��s��z)SSHCommandClientEndpointTestsMixin.recordc�� C��sz��t�\|�jjd<�\|��}t��}t\|_\|�\|�}\|��\}}}\|�� \|�}\|�� \|\|d�}\|j�d��\|� ��\|��dd�\|��dS�)z� The transport connected to the protocol has a C{write} method which sends bytes to the input of the command executing on the SSH server. r��r��r��r��N)rW��r��r\��r��r��r��r��r>��r��r��r��rt��r��r��r��r�� rE��r��ru��r��r��r��r��r��r��rF��rF��rG�� test_write��s�� z-SSHCommandClientEndpointTestsMixin.test_writec�� C��s\|��t�\|�jjd<�\|��}t��}t\|_\|�\|�}\|��\}}}\|�� \|�}\|�� \|\|d�}\|j�dg��\|� ��\|��dd�\|��dS�)z� The transport connected to the protocol has a C{writeSequence} method which sends bytes to the input of the command executing on the SSH server. r��r��r��r��N)rW��r��r\��r��r��r��r��r>��r��r��r��rt�� writeSequencer��r��r��r��rF��rF��rG��test_writeSequence��s�� z5SSHCommandClientEndpointTestsMixin.test_writeSequenceN)F)rJ��rK��rL��rM��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r ��r��rF��rF��rF��rG��r�� s�� .r��c��@��s��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zd d!��Zd"d#��Zd$d%��Zd&d'��Zd(d)��Zdd+��Zd,d-��Zd.d/��Zd0S�)1�NewConnectionTestsz` Tests for L{SSHCommandClientEndpoint} when using the C{newConnection} constructor. c��C��sh��t��\|��t\|��\|�_t\|�j�\|�_\|�j�\|�j\|�j j d��\|�j�t\|�jj �\|�j j d��\|�j��dS�)� Configure an SSH server with password authentication enabled for a well-known (to the tests) account. r}��N)r��r��r��mktemp�hostKeyPathr)�� knownHosts� addHostKeyr��ru��r��r��r��host�saverD��rF��rF��rG��r��s�� zNewConnectionTests.setUpc�� C��s��t�j\|�jd\|�j\|�j\|�j\|�j\|�jtd�d�S�)zu Create and return a new L{SSHCommandClientEndpoint} using the C{newConnection} constructor. r��F�r��r��ui) r,�� newConnectionrw��r��r��r��r��r��rk��rD��rF��rF��rG��r��s��zNewConnectionTests.createc��C��s��\|��\|�j\|�jjd�d��S�)z} Establish the first attempted TCP connection using the SSH server which C{self.factory} can create. r��)r��ru��rw�� tcpClientsrD��rF��rF��rG��r��s��z#NewConnectionTests.finishConnectionc��C��sH��\|�j�\|\|ddd�}\|j��\|��\|��dg\|��\|��\|j��dS�)a�� Lose the connection to a server and pump the L{IOPump} sufficiently for the client to handle the lost connection. Asserts that the client disconnects its transport. @param server: The SSH server protocol over which C{protocol} is running. @type server: L{IProtocol} provider @param client: The SSH client protocol over which C{protocol} is running. @type client: L{IProtocol} provider @param protocol: The protocol created by calling connect on the ssh endpoint under test. @type protocol: L{IProtocol} provider @param pump: The L{IOPump} connecting client to server. @type pump: L{IOPump} �closedT)r��N)r��rt��r��r��r��reportDisconnect)rE��r��r��r��r��r��rF��rF��rG��loseConnectionToServer��s�� z)NewConnectionTests.loseConnectionToServerc��C��s(��\|r\|��\|jj��dS�\|��\|jj��dS�)z� Assert that the transport for the given protocol has been disconnected. L{SSHCommandClientEndpoint.newConnection} creates a new dedicated SSH connection and cleans it up after the command exits. N)� assertTruert��rC�� disconnectingr��rF��rF��rG��r��s��z-NewConnectionTests.assertClientTransportStatec��C��s,��t��\|�jdd\|�j\|�j�}\|��tt\|��dS�)zY L{SSHCommandClientEndpoint} instances provide L{IStreamClientEndpoint}. � ��dummy command� ��dummy userN)r,��r��rw��r��r��r��r��r��rE��r��rF��rF��rG��test_interface��s��z!NewConnectionTests.test_interfacec��C��s(��t��\|�jdd\|�j�}\|��d\|jj��dS�)z� L{SSHCommandClientEndpoint} uses the default port number for SSH when the C{port} argument is not specified. r��r��N�r,��r��rw��r��r��_creatorr��r ��rF��rF��rG��test_defaultPort"��s��z#NewConnectionTests.test_defaultPortc��C��s,��t�j\|�jdd\|�jdd�}\|��d\|jj��dS�)zU L{SSHCommandClientEndpoint} uses the C{port} argument if specified. r��r��i��)r��Nr#��r ��rF��rF��rG��test_specifiedPort,��s��z%NewConnectionTests.test_specifiedPortc�� C��s��t�j\|�jd\|�j\|�j\|�j\|�j\|�jtd�d�}t ��}t \|_\|�\|��\|�jj d�\}}}}}\|��\|�jt\|��\|��\|�j\|��\|��dt\|�jj ��dS�)z� L{SSHCommandClientEndpoint} uses the L{IReactorTCP} passed to it to attempt a connection to the host/port address also passed to it. r��Fr��r��rX��N)r,��r��rw��r��r��r��r��r��rk��r��r��r��r>��r��r��r��r��)rE��r��ru��r��r��timeout�bindAddressrF��rF��rG��test_destination5��s"�� z#NewConnectionTests.test_destinationc�� C��sp��t�j\|�jdd\|�j\|�j\|�jtd�d�}t��}t\|_ \|� \|�}\|�jjd�d�}\|�dt t��\|��\|��t��dS�)z� If a connection cannot be established, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} representing the reason for the connection setup failure. r��r��F�r��r��r��r��N)r,��r��rw��r��r��r��rk��r��r��r��r>��r��clientConnectionFailedr��r��r��r��rE��r��ru��drF��rF��rG��test_connectionFailedM��s�� z(NewConnectionTests.test_connectionFailedc�� C��sx��t�j\|�jdd\|�j\|�jt\|��td�d�}t��}t \|_ \|�\|�}\|��\|�j \|�jjd�d��\}}}\|��\|�}\|�t��dS�)a"�� If the L{KnownHostsFile} instance used to construct L{SSHCommandClientEndpoint} rejects the SSH public key presented by the server, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping L{UserRejectedKey}. r��r��Fr��r��r��N)r,��r��rw��r��r��r)��r��rk��r��r��r��r>��r��ru��r��r��r��r ��r��rF��rF��rG��test_userRejectedHostKeye��s"�� z+NewConnectionTests.test_userRejectedHostKeyc�� C��s��t��t��}tt\|��}\|�t\|�j j �\|��t�jtdd��}\|�\|�j\|��t d�}tj\|�jdd\|�j\|�jd\|\|d�}t��}t\|_\|�\|�}\|��\|�j\|�jjd�d ��\}} } \|��\|�}\|�t��d S�)ac�� If the SSH public key presented by the SSH server does not match the previously remembered key, as reported by the L{KnownHostsFile} instance use to construct the endpoint, for that server, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping L{HostKeyChanged}. s��testxp)� passphraseTr��r��dummy passwordr��r��r��N)r6��r~��r:��publicr)��r��r��r��r��r��r��r;��r��rk��r,��r��rw��r��r��r��r��r>��r��ru��r��r��r��r��)rE��firstKeyr��differentKeyr��r��ru��r��r��r��r��r��rF��rF��rG��test_mismatchedHostKey��s8�� z)NewConnectionTests.test_mismatchedHostKeyc�� C��s��t�j\|�jdd\|�j\|�j\|�jtd�d�}t��}t\|_ \|� \|�}t��}\|�jjd�d�}\|� d�}\|�\|��\|�tt��\|��\|��t��dS�)aU�� If the connection closes at any point before the SSH transport layer has finished key exchange (ie, gotten to the point where we may attempt to authenticate), the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping the reason for the lost connection. r��r��Fr��r��r��N)r,��r��rw��r��r��r��rk��r��r��r��r>��r?��r��ri��makeConnectionr��r��r��r��r��rE��r��ru��r-��rt��r��rF��rF��rG��!test_connectionClosedBeforeSecure��s$�� z4NewConnectionTests.test_connectionClosedBeforeSecurec�� C��s��t�j\|�jdd\|�j\|�j\|�jtd�d�}t��}t\|_ \|� \|�}tddd�}\|�jjd�d�}\|� d�}\|�\|��\|��\|��\|��t��\|��\|j��\|�tt��dS�) a[�� If the connection is cancelled before the SSH transport layer has finished key exchange (ie, gotten to the point where we may attempt to authenticate), the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping L{CancelledError} and the connection is aborted. r��r��Fr��Nr��r��r��)r,��r��rw��r��r��r��rk��r��r��r��r>��r@��r��ri��r6��r��r��r��r��r��rC��r��r��r��r7��rF��rF��rG��$test_connectionCancelledBeforeSecure��s(�� z7NewConnectionTests.test_connectionCancelledBeforeSecurec�� C��sj��t�j\|�jdd\|�j\|�j\|�jtd�d�}t��}t\|_ \|� \|�}\|��\|��\|�� t��\|��\|�jjd�j��dS�)zz If the connection is cancelled before it finishes connecting, the connection attempt is stopped. r��r��Fr��r��N)r,��r��rw��r��r��r��rk��r��r��r��r>��r��r��r��r��r�� connectors�stoppedConnectingr,��rF��rF��rG��'test_connectionCancelledBeforeConnected��s�� z:NewConnectionTests.test_connectionCancelledBeforeConnectedc�� C��s��t�j\|�jdd\|�j\|�jd\|�jtd�d�}t��}t\|_ \|� \|�}\|��\|�j\|�jj d�d��\}}}\|�j�\|jj��\|��\|��\|�}\|�t��\|��\|d��dS�) z� If the SSH server rejects the password presented during authentication, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping L{AuthenticationFailed}. r��r��r1��Fr��r��r��N)r,��r��rw��r��r��r��rk��r��r��r��r>��r��ru��r��advancer�� passwordDelay�flushr��r��r��r��r��rF��rF��rG��"test_passwordAuthenticationFailure��s�� z5NewConnectionTests.test_passwordAuthenticationFailurec��C��s,��dd��\|��D��}tt\|��}\|�\|��dS�)a�� Create an L{ISSHPrivateKey} checker which recognizes C{users} and add it to C{portal}. @param portal: A L{Portal} to which to add the checker. @type portal: L{Portal} @param users: The users and their keys the checker will recognize. Keys are byte strings giving user names. Values are byte strings giving OpenSSH-formatted private keys. @type users: L{dict} c��S��s"��i�\|�] \}}\|t��\|��g�qS�rF��)r6��r~��r2��)�.0�k�vrF��rF��rG�� <dictcomp>8��s��"�z6NewConnectionTests.setupKeyChecker.<locals>.<dictcomp>N)�itemsr'��r&��r��)rE��r��users�mapping�checkerrF��rF��rG��setupKeyChecker+��s�� z"NewConnectionTests.setupKeyCheckerc�� C��s��t��t�}\|��\|�j\|�jti��tj\|�j d\|�j\|�j \|�j\|g\|�jt d�d�}t��}t\|_\|�\|�}\|��\|�j\|�j jd�d��\}}}\|��\|�}\|�t��\|��\|jj��dS�)z� If the SSH server rejects the key pair presented during authentication, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping L{AuthenticationFailed}. r��F��keysr��r��r��r��N)r6��r~��r:��rI��r��r��r9��r,��r��rw��r��r��r��rk��r��r��r��r>��r��ru��r��r��r��r��r��rt��r��) rE��badKeyr��ru��r��r��r��r��r��rF��rF��rG��#test_publicKeyAuthenticationFailure<��s�� z6NewConnectionTests.test_publicKeyAuthenticationFailurec�� C��s ��t��t�}\|��\|�j\|�jti��tj\|�j d\|�j\|�j \|�j\|g\|�j\|�j td�d� }t��}t\|_\|�\|�}\|�j�jd7��_\|��\|�j\|�j jd�d��\}}}\|��\|��t�}\|��d\|d�jj\|d�jjf��\|��dt\|��\|��\|�} \| � t��\|��d\| jj��\|��!\|j"j#��d S�) z{ If the SSH server does not accept any of the specified SSH keys, the specified password is tried. r��F)rK��r��r��r��rX��r��r��r��r��N)$r6��r~��r:��rI��r��r��r9��r,��r��rw��r��r��r��r��rk��r��r��r��r>��ru��rv��r��r��r��r��r��r��r��rR��r��r��r��r��r��rt��r��) rE��rL��r��ru��r��r��r��r��r��r��rF��rF��rG��test_authenticationFallbacka��s8�� z.NewConnectionTests.test_authenticationFallbackc�� C��s��t��t�}\|��\|�j\|�jti��t\|�jjd<�t j \|�jd\|�j\|�j\|�j \|g\|�jtd�d�}t��}t\|_\|�\|�}\|��\|�j\|�jjd�d��\}}}\|��\|�}\|��\|j��dS�)z� If L{SSHCommandClientEndpoint} is initialized with any private keys, it will try to use them to authenticate with the SSH server. r��r��FrJ��r��r��N)r6��r~��r9��rI��r��r��rW��r��r\��r,��r��rw��r��r��r��rk��r��r��r��r>��r��ru��r��r��r��rt��) rE��keyr��ru��r��r��r��r��r��rF��rF��rG��test_publicKeyAuthentication��s�� z/NewConnectionTests.test_publicKeyAuthenticationc�� C��s��t�j\|�jd\|�j\|�j\|�j\|�jtd�d�}t��}t \|_ \|�\|�}\|��\|�j \|�jjd�d��\}}}\|��\|��\|�}\|�t��\|��\|jj��dS�)z� If the password is not specified, L{SSHCommandClientEndpoint} doesn't try it as an authentication mechanism. r��Fr��r��r��N)r,��r��rw��r��r��r��r��rk��r��r��r��r>��r��ru��r��r��r��r��r��r��rt��r��r��rF��rF��rG��test_skipPasswordAuthentication��s&�� z2NewConnectionTests.test_skipPasswordAuthenticationc�� C��s��t��t�}t��}t��\|_\|��\|dfi\|j_\|��\|�j \|�j ti��t\|�}tj \|�jd\|�j \|�j\|�j\|�jtd�\|d�}t\|�jjd<�t��}t\|_\|�\|�}\|��\|�j\|�jjd�d��\}}} td�D�]} \|j��\| ��q]\|��\|�}\|��\|j��\|�� \|\|\|\| ��\|��!\|jj"��\|��!\|jj#j"��d S�) a �� If L{SSHCommandClientEndpoint} is initialized with an L{SSHAgentClient}, the agent is used to authenticate with the SSH server. Once the connection with the SSH server has concluded, the connection to the agent is disconnected. r��r��F)r��r�� agentEndpointr��r��r��N)$r6��r~��r:��r2��r��ru��blobrK��rI��r��r��r��r,��r��rw��r��r��r��rk��rW��r��r\��r��r��r>��r��r��ranger��r��r��rt��r��r��r��clientIO)rE��rO��agentServerrR��r��ru��r��r��r��r��ir��rF��rF��rG��test_agentAuthentication��s>�� z+NewConnectionTests.test_agentAuthenticationc��C��sd��t�\|�jjd<�\|��}t��}t\|_\|�\|�}\|��\}}}\|�� \|�}\|�� \|\|\|\|��\|��\|jj ��dS�)z� The transport connected to the protocol has a C{loseConnection} method which causes the channel in which the command is running to close and the overall connection to be closed. r��N)rW��r��r\��r��r��r��r��r>��r��r��r��r��rt��r��r��rF��rF��rG��test_loseConnection��s�� z&NewConnectionTests.test_loseConnectionN)rJ��rK��rL��rM��r��r��r��r��r��r!��r%��r&��r)��r.��r/��r5��r8��r9��r<��r@��rI��rM��rN��rP��rQ��rY��rZ��rF��rF��rF��rG��r��s2�� # ,"(%0!3r��c��@��0��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd S�)�ExistingConnectionTestsze Tests for L{SSHCommandClientEndpoint} when using the C{existingConnection} constructor. c�� C��sz��t��\|��tt\|��}\|�\|�j\|�jjd��\|�t \|�j j�\|�jjd��tj \|�jd\|�j\|�j\|�j\|�j\|td�d�\|�_dS�)r ��r}��r��Fr��N)r��r��r)��r��r��r��r��ru��r��r��r��r��r,��r��rw��r��r��r��rk��r��)rE��r��rF��rF��rG��r��!��s �� zExistingConnectionTests.setUpc�� C��s��t��}t\|_\|�j�\|�}\|�jj��}z%t\|�jjd<�\|�� \|�j \|�jjd�d��\}}}W�\|�jj� ��\|�jj�\|��n\|�jj� ��\|�jj�\|��w�\|\|�_\|\|�_\|\|�_\|��\|�}\|jj}t�\|d�S�)zz Create and return a new L{SSHCommandClientEndpoint} using the C{existingConnection} constructor. r��r��r��r��)r��r��r��r��r>��r��r\��copyrW��r��ru��rw��r��clear�updater��_client�_pumpr��rt��connr,��existingConnection) rE��ru��r��r\��r��r��r��r�� connectionrF��rF��rG��r��9��s&�� zExistingConnectionTests.createc��C��s8��\|�j��\|�j��\|�j��\|�j��\|�j\|�j\|�j�fS�)z� Give back the connection established in L{create} over which the new command channel being tested will exchange data. )ra��r��r��r`��rD��rF��rF��rG��r��W��s �� z(ExistingConnectionTests.finishConnectionc��C��s ��\|��\|jj��\|��\|jj��dS�)a�� Assert that the transport for the given protocol is still connected. L{SSHCommandClientEndpoint.existingConnection} re-uses an SSH connected created by some other code, so other code is responsible for cleaning it up. N)�assertFalsert��r��rC��r��rF��rF��rG��r��e��s��z2ExistingConnectionTests.assertClientTransportStateN)rJ��rK��rL��rM��r��r��r��r��rF��rF��rF��rG��r\��s��r\��c��@��r[��)�ExistingConnectionHelperTestsz1 Tests for L{_ExistingConnectionHelper}. c��C��\|��ttt��dS�)zT L{_ExistingConnectionHelper} implements L{_ISSHConnectionCreator}. N)r��r��r.��r-��rD��rF��rF��rG��r!��u��z,ExistingConnectionHelperTests.test_interfacec��C��s(��t��}t\|�}\|��\|\|��\|��dS�)z� L{_ExistingConnectionHelper.secureConnection} returns a L{Deferred} which fires with whatever object was fed to L{_ExistingConnectionHelper.__init__}. N)�objectr-��assertIsr��secureConnection)rE��rm��helperrF��rF��rG��test_secureConnection{��s��z3ExistingConnectionHelperTests.test_secureConnectionc��C��t�t��}\|�t��d��dS�)z� L{_ExistingConnectionHelper.cleanupConnection} does nothing to the existing connection if called with C{immediate} set to C{False}. FN�r-��ri��cleanupConnection�rE��rl��rF��rF��rG��$test_cleanupConnectionNotImmediately�� zBExistingConnectionHelperTests.test_cleanupConnectionNotImmediatelyc��C��rn��)z� L{_ExistingConnectionHelper.cleanupConnection} does nothing to the existing connection if called with C{immediate} set to C{True}. TNro��rq��rF��rF��rG��!test_cleanupConnectionImmediately��rs��z?ExistingConnectionHelperTests.test_cleanupConnectionImmediatelyN)rJ��rK��rL��rM��r!��rm��rr��rt��rF��rF��rF��rG��rf��p��s�� rf��c��@��r��)�_PTYPathzk A L{FilePath}-like object which can be opened to create a L{_ReadFile} with certain contents. c��C��s ��\|\|�_�dS�)zz @param contents: L{bytes} which will be the contents of the L{_ReadFile} this path can open. N)�contents)rE��rv��rF��rF��rG��r]��s�� z_PTYPath.__init__c��C��s��\|dkr t�\|�j�S�ttd��)z� If the mode is r+, return a L{_ReadFile} with the contents given to this path's initializer. @raise OSError: If the mode is unsupported. @return: A L{_ReadFile} instance zrb+zFunction not implemented)r0��rv��OSErrorr��)rE��moderF��rF��rG��open��s�� z _PTYPath.openN)rJ��rK��rL��rM��r]��ry��rF��rF��rF��rG��ru��s��ru��c��@��s`��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zdd��Zdd��Z dS�)�NewConnectionHelperTestsz, Tests for L{_NewConnectionHelper}. c��C��rg��)zO L{_NewConnectionHelper} implements L{_ISSHConnectionCreator}. N)r��r��r.��r/��rD��rF��rF��rG��r!��rh��z'NewConnectionHelperTests.test_interfacec��C��s��\|��dtj��dS�)zK The default I{known_hosts} path is I{~/.ssh/known_hosts}. z~/.ssh/known_hostsN)r��r/��_KNOWN_HOSTSrD��rF��rF��rG��test_defaultPath��s��z)NewConnectionHelperTests.test_defaultPathc��sH��t��\|��td��fdd��tdddddddddd� }\|��\|j��dS�)z� L{_NewConnectionHelper._knownHosts} is used to create a L{KnownHostsFile} if one is not passed to the initializer. �_knownHostsc��s��S�r[��rF��)�clsrl��rF��rG��r`��ra��zANewConnectionHelperTests.test_defaultKnownHosts.<locals>.<lambda>N)ri��patchr/��rj��r��rq��rF��rl��rG��test_defaultKnownHosts��s��z/NewConnectionHelperTests.test_defaultKnownHostsc��C��s��t��jd�}t\|��}t\|�}\|�d\|��\|��td\|j��t j� d�}\|j�\|d�}\|��t d\|��td\|��t ��}\|��\|�d\|��dS�)z� Existing entries in the I{known_hosts} file are reflected by the L{KnownHostsFile} created by L{_NewConnectionHelper} when none is supplied to it. r}��s ��127.0.0.1zCreated known_hosts file at z~/r{��zPatched _KNOWN_HOSTS with N)rz��r��r��r��r)��r��r��r��path�os� expanduser�replacer��r/��r}��r�� hasHostKey)rE��rO��r��r��home�default�loadedrF��rF��rG��test_readExisting��s��zNewConnectionHelperTests.test_readExistingc��C��s,��t�dddddddddd� }\|��\|jt��dS�)zz If L{None} is passed for the C{ui} parameter to L{_NewConnectionHelper}, a L{ConsoleUI} is used. N)r/��r��r��r(��rq��rF��rF��rG��test_defaultConsoleUI��s��z.NewConnectionHelperTests.test_defaultConsoleUIc��C��sD��t�d�}tdddddddddd\|�}\|��\|j�d��}\|��\|��dS�)z� If L{None} is passed for the C{ui} parameter to L{_NewConnectionHelper} and /dev/tty is available, the L{ConsoleUI} used is associated with /dev/tty. s��yesNs��does this work?)ru��r/��r��r��rp��r��rE��ttyrl��rm��rF��rF��rG��test_ttyConsoleUI��s��zNewConnectionHelperTests.test_ttyConsoleUIc��C��sH��t�\|��}tdddddddddd\|�}\|��\|j�d��}\|��\|��dS�)z� If L{None} is passed for the C{ui} parameter to L{_NewConnectionHelper} and /dev/tty is not available, the L{ConsoleUI} used is associated with some file which always produces a C{b"no"} response. Ns��did this break?)r��r��r/��r��r��rp��re��r��rF��rF��rG��test_nottyUI��s��z%NewConnectionHelperTests.test_nottyUIc��C��s0��t�dddddddddd� }\|��td�\|j��dS�)zy If not passed the name of a tty in the filesystem, L{_NewConnectionHelper} uses C{b"/dev/tty"}. Ns��/dev/tty)r/��r��r��r��rq��rF��rF��rG��test_defaultTTYFilename��s��z0NewConnectionHelperTests.test_defaultTTYFilenamec��C��sF��t�dddddddddd� }t��}t��\|_\|�\|d��\|��\|jj��dS�)z� L{_NewConnectionHelper.cleanupConnection} closes the transport cleanly if called with C{immediate} set to C{False}. NF)r/��r4��r?��rt��rp��r��r��)rE��rl��rd��rF��rF��rG��rr��s��z=NewConnectionHelperTests.test_cleanupConnectionNotImmediatelyc��C��s`��G�dd��d�}t�dddddddddd� }t��}t��\|_\|��\|j_\|�\|d��\|��\|jjj��dS�)z� L{_NewConnectionHelper.cleanupConnection} closes the transport with C{abortConnection} if called with C{immediate} set to C{True}. c��@��rN��)zMNewConnectionHelperTests.test_cleanupConnectionImmediately.<locals>.AbortableFc��S��rA��)z7 Abort the connection. TNrB��rD��rF��rF��rG��rH��1��s�� z]NewConnectionHelperTests.test_cleanupConnectionImmediately.<locals>.Abortable.abortConnectionN)rJ��rK��rL��rC��rH��rF��rF��rF��rG�� Abortable.��rj��r��NT)r/��r4��r7��rt��rp��r��rC��)rE��r��rl��rd��rF��rF��rG��rt��(��s�� z:NewConnectionHelperTests.test_cleanupConnectionImmediatelyN)rJ��rK��rL��rM��r!��r\|��r��r��r��r��r��r��rr��rt��rF��rF��rF��rG��rz��s�� rz��)wrM��os.pathr��errnor��structr��zope.interfacer��zope.interface.verifyr��r��r��twisted.conch.errorr��r��r ��twisted.conch.interfacesr ��twisted.cred.checkersr��twisted.cred.portalr��twisted.internet.addressr ��twisted.internet.deferr��r��r��r��twisted.internet.errorr��r��r��r��twisted.internet.interfacesr��r��twisted.internet.protocolr��r��twisted.loggerr��r��twisted.python.compatr��twisted.python.failurer��twisted.python.filepathr��twisted.python.logr��twisted.python.reflectr ��twisted.test.proto_helpersr!��r"��twisted.trial.unittestr#��twisted.conch.avatarr%��twisted.conch.checkersr&��r'��twisted.conch.client.knownhostsr(��r)��twisted.conch.endpointsr��r+��r,��r-��r.��r/��r0��twisted.conch.sshr1��twisted.conch.ssh.agentr2��twisted.conch.ssh.channelr3��twisted.conch.ssh.connectionr4��twisted.conch.ssh.factoryr5��twisted.conch.ssh.keysr6��twisted.conch.ssh.transportr7��twisted.conch.ssh.userauthr8��twisted.conch.test.keydatar9��r:��r;��r<��skipri��twisted.test.iosimr=��r>��r?��r@��rO��rW��rY��rZ��rg��rk��rr��rz��r��r��r��r��r\��rf��ru��rz��rF��rF��rF��rG��<module>��s��$ &��1��dU,��test/__pycache__/keydata.cpython-310.pyc��0000644��00000067130�15027667726�0014107 0��ustar�00��o ��b��@��s.��d�Z�ddlmZ�ed�ded�ed�ed�ed�d �Zed �ed�dd ed�d�Zed�ed�ed�dd�Zed�ed�ed�dd�Zed�ed�ed�dd�Zddd �Z d!Z d"Zd#Zd$Z d%Zd&Zd'Zd(Zd)ZdZd+Zd,Zd-Zd.Zd/Zd0Zd1Zd2Zd3Zd4Zd5Zd6Zd7Z d8Z!ed9�Z"ed:�Z#ed;�Z$g�d<�Z%d=S�)>z+ Data used by test_keys as well as others. ��)�decodebytes�i��26941361723811343819866101037675839921988027796838212268786269729694247120995560307112039197577328384456023037188438995206797878968413594751534120947806520945542732736910235620425910680704796413952531053913307374311617582141751307970630110060002581550978672180871930267106805241446648367682198750572038464556170842579437938319127485694162851261635543719756071289200110782824779256185832708552199140780701504775021850897161159085057587032100799190904325247073013454703884183936776407437943984310855088870943095814327141704475031474288054200294805383574542944648501531660749404403945254975473896534482849256068133525751i��h��4203357242869996956805024384854898198000024172950710597804898118408283516367542062349826827520762053970472184495045374765239609876131483075734873227204810666771052111553888020795198692497467740858822192444932906638025692012136764331594257829371597667863297420532149579339412600421013771755656838497323547005256289752390005486513466208261362009527404465627516909243353659408106589312384106125214417397021705035470250180168681160370530139354514779304260137038861930164164532159500721474403446561377189590538972686639694286801448419876249629285768083527396272629416756177724661940425316604626522633351193810751757014073�5��152689878451107675391723141129365667732639179427453246378763774448531436802867910180261906924087589684175595016060014593521649964959248408388984465569934780790357826811592229318702991401054226302790395714901636384511513449977061729214247279176398290513085108930550446985490864812445551198848562639933888780317�5��176444974592327996338888725079951900172097062203378367409936859072670162290963119826394224277287608693818012745872307600855894647300295516866118620024751601329775653542084052616260193174546400544176890518564317596334518015173606460860373958663673307503231977779632583864454001476729233959405710696795574874403�4��93601800238809584296951849856100709096513640338471561343936480322938679350640222284741501977205308045825703424183279521046061292444508537267852417684200791227665453277330154626999702097081815595682855341826611032986722267304009888565134822567329894852993885224775891490070400861134282266967852120152546563278)�n�e�d�p�q�u�5��102532613268641171576406907617235869673823343194357786952917153381541139247781992153835073240035039544621198205496512489289702949127531056893725702005035043292195216541115250589114284140427928363951954324455112005663182517891057569583666939618174684114192449854549414999828295140718645344764026044855941864175�5��102920317262317564432088500821911987877929665167903819917750207689976375116629109208566602236252561412937470263326262930887668422949051881895212412718444016917144560705456752517757471564532371459197940894961685025172028691607867489309937144494080086589760710215938634531338471675218590012064772045092956919481l��I'Bfa'�/� \|�P5#�l��-QKku[�!\|)�u q�sK 4W�3��1460442306266194757979024072033757031500854998345220801539426429789435409684914513123700756086453120500041882809102836102771941880716191917395123794084436959467635544938639859431446862982376796470255970943061826392752976576910270265745700231533660131769648708944711006508965764877684264272082256183140297951)�gr��r��x�y�M76282513020392096317118503144964731774299773481750550543382904345687059013883�M81543197864602852632265664769441647534344375894314319681061137159310646683104�M34638743477210341700964008455655698253555655678826059678074967909361042656500s��ecdsa-sha2-nistp256)r��r��privateValue�curve�t28081410713485847059875391639480752139823963353428163398257609908335787109896602102090002196616273211495718603965098�t10036914308591746758780165503819213553101287571902957054148542504671046744460374996612408381962208627004841444205030�t17337335659928075994560513699823544906448896792102247714689323575406618073069185107088229463828921069465902299522926s��ecdsa-sha2-nistp384)r��r��r��r��ڝ1294474282625742084665952775268376319340138427139151328602291729910013082920512632908350502247952686156279140016049549948975670668730618745449113644014505462ڝ1078410881027197618673758774943629578298556364036868908105288616296815984553198866894145509329328086635278430266482551941240591605833440825557820439734509311ڝ6627512352154608862902939026581288474953476911992147066970891407696722739507679613314422655305240639435488467243480486142397914984425997823106818915698960565s��ecdsa-sha2-nistp521s ��J^F��D �R��k#sE�@�W{�s ��7/%ڍԨ�x\|a��^mgi17Li U��DX)�a�ksl��-----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIAjn0lSVF6QweS4bjOGP9RHwqxUiTastSE0MVuLtFvkxygZqQ712oZ ewMvqKkxthMQgxzSpGtRBcmkL7RqZ94+18qgBwYFK4EEACOhgYkDgYYABAFpX/6B mxxglwD+VpEvw0hcyxVzLxNnMGzxZGF7xmNj8nlF7M+TQctdlR2Xv/J+AgIeVGmB j2p84bkV9jBzrUNJEACsJjttZw8NbUrhxjkLT/3rMNtuwjE4vLja0P7DMTE0EV8X f09ETdku/z/1tOSSrSvRwmUcM9nQUJtHHAZlr5Q0fw== -----END EC PRIVATE KEY-----s��-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAArAAAABNlY2RzYS 1zaGEyLW5pc3RwNTIxAAAACG5pc3RwNTIxAAAAhQQBaV/+gZscYJcA/laRL8NIXMsVcy8T ZzBs8WRhe8ZjY/J5RezPk0HLXZUdl7/yfgICHlRpgY9qfOG5FfYwc61DSRAArCY7bWcPDW 1K4cY5C0/96zDbbsIxOLy42tD+wzExNBFfF39PRE3ZLv8/9bTkkq0r0cJlHDPZ0FCbRxwG Za+UNH8AAAEAeRISlnkSEpYAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQ AAAIUEAWlf/oGbHGCXAP5WkS/DSFzLFXMvE2cwbPFkYXvGY2PyeUXsz5NBy12VHZe/8n4C Ah5UaYGPanzhuRX2MHOtQ0kQAKwmO21nDw1tSuHGOQtP/esw227CMTi8uNrQ/sMxMTQRXx d/T0RN2S7/P/W05JKtK9HCZRwz2dBQm0ccBmWvlDR/AAAAQgCOfSVJUXpDB5LhuM4Y/1Ef CrFSJNqy1ITQxW4u0W+THKBmpDvXahl7Ay+oqTG2ExCDHNKka1EFyaQvtGpn3j7XygAAAA ABAg== -----END OPENSSH PRIVATE KEY----- s��ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFpX/6BmxxglwD+VpEvw0hcyxVzLxNnMGzxZGF7xmNj8nlF7M+TQctdlR2Xv/J+AgIeVGmBj2p84bkV9jBzrUNJEACsJjttZw8NbUrhxjkLT/3rMNtuwjE4vLja0P7DMTE0EV8Xf09ETdku/z/1tOSSrSvRwmUcM9nQUJtHHAZlr5Q0fw== comments��-----BEGIN EC PRIVATE KEY----- MIGkAgEBBDAtAi7I8j73WCX20qUM5hhHwHuFzYWYYILs2Sh8UZ+awNkARZ/Fu2LU LLl5RtOQpbWgBwYFK4EEACKhZANiAATU17sA9P5FRwSknKcFsjjsk0+E3CeXPYX0 Tk/M0HK3PpWQWgrO8JdRHP9eFE9O/23P8BumwFt7F/AvPlCzVd35VfraFT0o4cCW G0RqpQ+np31aKmeJshkcYALEchnU+tQ= -----END EC PRIVATE KEY-----sN��-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS 1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQTU17sA9P5FRwSknKcFsjjsk0+E3CeX PYX0Tk/M0HK3PpWQWgrO8JdRHP9eFE9O/23P8BumwFt7F/AvPlCzVd35VfraFT0o4cCWG0 RqpQ+np31aKmeJshkcYALEchnU+tQAAADIiktpWIpLaVgAAAATZWNkc2Etc2hhMi1uaXN0 cDM4NAAAAAhuaXN0cDM4NAAAAGEE1Ne7APT+RUcEpJynBbI47JNPhNwnlz2F9E5PzNBytz 6VkFoKzvCXURz/XhRPTv9tz/AbpsBbexfwLz5Qs1Xd+VX62hU9KOHAlhtEaqUPp6d9Wipn ibIZHGACxHIZ1PrUAAAAMC0CLsjyPvdYJfbSpQzmGEfAe4XNhZhgguzZKHxRn5rA2QBFn8 W7YtQsuXlG05CltQAAAAA= -----END OPENSSH PRIVATE KEY----- s��ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNTXuwD0/kVHBKScpwWyOOyTT4TcJ5c9hfROT8zQcrc+lZBaCs7wl1Ec/14UT07/bc/wG6bAW3sX8C8+ULNV3flV+toVPSjhwJYbRGqlD6enfVoqZ4myGRxgAsRyGdT61A== comments��ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKimX1DZ7+Qj0SpfePMbo1pb6yGkAb5l7duC1l855yD7tEfQfqk7bc7v46We1hLMyz6ObUBYgkN/34n42F4vpeA= comments��-----BEGIN EC PRIVATE KEY----- MHcCAQEEIEyU1YOT2JxxofwbJXIjGftdNcJK55aQdNrhIt2xYQz0oAoGCCqGSM49 AwEHoUQDQgAEqKZfUNnv5CPRKl948xujWlvrIaQBvmXt24LWXznnIPu0R9B+qTtt zu/jpZ7WEszLPo5tQFiCQ3/fifjYXi+l4A== -----END EC PRIVATE KEY-----s��-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS 1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQSopl9Q2e/kI9EqX3jzG6NaW+shpAG+ Ze3bgtZfOecg+7RH0H6pO23O7+OlntYSzMs+jm1AWIJDf9+J+NheL6XgAAAAmCKU4hcilO IXAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKimX1DZ7+Qj0Spf ePMbo1pb6yGkAb5l7duC1l855yD7tEfQfqk7bc7v46We1hLMyz6ObUBYgkN/34n42F4vpe AAAAAgTJTVg5PYnHGh/BslciMZ+101wkrnlpB02uEi3bFhDPQAAAAA -----END OPENSSH PRIVATE KEY----- sX��ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPEW0RVKHhUOGV4ZRrXyRA2yUqCuKmsjE3NF/UDZV3uL comments��-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW QyNTUxOQAAACDxFtEVSh4VDhleGUa18kQNslKgriprIxNzRf1A2Vd7iwAAAJA61eMLOtXj CwAAAAtzc2gtZWQyNTUxOQAAACDxFtEVSh4VDhleGUa18kQNslKgriprIxNzRf1A2Vd7iw AAAEA3LyXajdSomnh8YfCYAcb0Xm1nBWkxN0xpDQVVu8lEWPEW0RVKHhUOGV4ZRrXyRA2y UqCuKmsjE3NF/UDZV3uLAAAAB2NvbW1lbnQBAgMEBQY= -----END OPENSSH PRIVATE KEY-----s��ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVaqx4I9bWG+wloVDEd2NQhEUBVUIUKirg0GDu1OmjrUr6OQZehFV1XwA2v2+qKj+DJjfBaS5b/fDz0n3WmM06QHjVyqgYwBGTJAkMgUyP95ztExZqpATpSXfD5FVks3loniwI66zoBC0hdwWnju9TMA2l5bs9auIJNm/9NNN9b0b/h9qpKSeq/631heY+Grh6HUqx6sBa9zDfH8Kk5O8/kUmWQNUZdy03w17snaY6RKXCpCnd1bqcPUWzxiwYZNW6Pd+rf81CrKfxGAugWBViC6QqbkPD5ASfNaNHjkbtM6Vlvbw7KW4CC1ffdOgTtDc1foNfICZgptyti8ZseZj3 comments��-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEA1WqseCPW1hvsJaFQxHdjUIRFAVVCFCoq4NBg7tTpo61K+jkG XoRVdV8ANr9vqio/gyY3wWkuW/3w89J91pjNOkB41cqoGMARkyQJDIFMj/ec7RMW aqQE6Ul3w+RVZLN5aJ4sCOus6AQtIXcFp47vUzANpeW7PWriCTZv/TTTfW9G/4fa qSknqv+t9YXmPhq4eh1KserAWvcw3x/CpOTvP5FJlkDVGXctN8Ne7J2mOkSlwqQp 3dW6nD1Fs8YsGGTVuj3fq3/NQqyn8RgLoFgVYgukKm5Dw+QEnzWjR45G7TOlZb28 OyluAgtX33ToE7Q3NX6DXyAmYKbcrYvGbHmY9wIDAQABAoIBACFMCGaiKNW0+44P chuFCQC58k438BxXS+NRf54jp+Q6mFUb6ot6mB682Lqx+YkSGGCs6MwLTglaQGq6 L5n4syRghLnOaZWa+eL8H1FNJxXbKyet77RprL59EOuGR3BztACHlRU7N/nnFOeA u2geG+bdu3NjuWfmsid/z88wm8KY/dkYNi82LvE9gXqf4QMtR9s0UWI53U/prKiL 2dbzhMQXuXGdBghCeE27xSr0w1jNVSvtvjNfBOp75gQkY/It1z0bbNWcY0MvkoiN Pm7aGDfYDyVniR25RjReyc7Ei+2SWjMHD9+GCPmS6dvrOAg2yc3NCgFIWzk+esrG gKnc1DkCgYEA2XAG2OK81HiRUJTUwRuJOGxGZFpRoJoHPUiPA1HMaxKOfRqxZedx dTngMgV1jRhMr5OxSbFmX3hietEMyuZNQ7Oc9Gt95gyY3M8hYo7VLhLeBK7XJG6D MaIVokQ9IqliJiK5su1UCp0Ig6cHDf8ZGI7Yqx3aSJwxaBGhZm3j2B0CgYEA+0QX i6Q2vh43Haf2YWwExKrdeD4HjB4zAq4DFIeDeuWefQhnqPKqvxJwz3Kpp8cLHYjV IP2cY8pHMFVOi8TP9H8WpJISdKEJwsRunIwz76Xl9+ArrU9cEaoahDdb/Xrqw818 sMjkH1Rjtcev3/QJp/zHJfxc6ZHXksWYHlbTsSMCgYBRr+mSn5QLSoRlPpSzO5IQ tXS4jMnvyQ4BMvovaBKhAyauz1FoFEwmmyikAjMIX+GncJgBNHleUo7Ezza8H0tV rOvBU4TH4WGoStSi/0ANgB8SqVDAKhh1lAwGmxZQqEvsQc177/dLyXUCaMSYuIaI GFpD5wIzlyJkk4MMRSp87QKBgGlmN8ZA3SHFBPOwuD5HlHx2/C3rPzk8lcNDAVHE Qpfz6Bakxu7s1EkQUDgE7jvN19DMzDJpkAegG1qf/jHNHjp+cR4ZlBpOTwzfX1LV 0Rdu7NectlWd244hX7wkiLb8r6vw76QssNyfhrADEriL4t0PwO4jPUpQ/i+4KUZY v7YnAoGAZhb5IDTQVCW8YTGsgvvvnDUefkpVAmiVDQqTvh6/4UD6kKdUcDHpePzg Zrcid5rr3dXSMEbK4tdeQZvPtUg1Uaol3N7bNClIIdvWdPx+5S9T95wJcLnkoHam rXp0IjScTxfLP+Cq5V6lJ94/pX8Ppoj1FdZfNxeS4NYFSRA7kvY= -----END RSA PRIVATE KEY-----s��-----BEGIN RSA PRIVATE KEY----- MIIEqDCCBKICAQACggEBANVqrHgj1tYb7CWhUMR3Y1CERQFVQhQqKuDQYO7U6aOt Svo5Bl6EVXVfADa/b6oqP4MmN8FpLlv98PPSfdaYzTpAeNXKqBjAEZMkCQyBTI/3 nO0TFmqkBOlJd8PkVWSzeWieLAjrrOgELSF3BaeO71MwDaXluz1q4gk2b/00031v Rv+H2qkpJ6r/rfWF5j4auHodSrHqwFr3MN8fwqTk7z+RSZZA1Rl3LTfDXuydpjpE pcKkKd3Vupw9RbPGLBhk1bo936t/zUKsp/EYC6BYFWILpCpuQ8PkBJ81o0eORu0z pWW9vDspbgILV9906BO0NzV+g18gJmCm3K2Lxmx5mPcCAwEAAQKCAQAhTAhmoijV tPuOD3IbhQkAufJON/AcV0vjUX+eI6fkOphVG+qLepgevNi6sfmJEhhgrOjMC04J WkBqui+Z+LMkYIS5zmmVmvni/B9RTScV2ysnre+0aay+fRDrhkdwc7QAh5UVOzf5 5xTngLtoHhvm3btzY7ln5rInf8/PMJvCmP3ZGDYvNi7xPYF6n+EDLUfbNFFiOd1P 6ayoi9nW84TEF7lxnQYIQnhNu8Uq9MNYzVUr7b4zXwTqe+YEJGPyLdc9G2zVnGND L5KIjT5u2hg32A8lZ4kduUY0XsnOxIvtklozBw/fhgj5kunb6zgINsnNzQoBSFs5 PnrKxoCp3NQ5AoGBANlwBtjivNR4kVCU1MEbiThsRmRaUaCaBz1IjwNRzGsSjn0a sWXncXU54DIFdY0YTK+TsUmxZl94YnrRDMrmTUOznPRrfeYMmNzPIWKO1S4S3gSu 1yRugzGiFaJEPSKpYiYiubLtVAqdCIOnBw3/GRiO2Ksd2kicMWgRoWZt49gdAoGB APtEF4ukNr4eNx2n9mFsBMSq3Xg+B4weMwKuAxSHg3rlnn0IZ6jyqr8ScM9yqafH Cx2I1SD9nGPKRzBVTovEz/R/FqSSEnShCcLEbpyMM++l5ffgK61PXBGqGoQ3W/16 6sPNfLDI5B9UY7XHr9/0Caf8xyX8XOmR15LFmB5W07EjAoGAUa/pkp+UC0qEZT6U szuSELV0uIzJ78kOATL6L2gSoQMmrs9RaBRMJpsopAIzCF/hp3CYATR5XlKOxM82 vB9LVazrwVOEx+FhqErUov9ADYAfEqlQwCoYdZQMBpsWUKhL7EHNe+/3S8l1AmjE mLiGiBhaQ+cCM5ciZJODDEUqfO0CgYBpZjfGQN0hxQTzsLg+R5R8dvwt6z85PJXD QwFRxEKX8+gWpMbu7NRJEFA4BO47zdfQzMwyaZAHoBtan/4xzR46fnEeGZQaTk8M 319S1dEXbuzXnLZVnduOIV+8JIi2/K+r8O+kLLDcn4awAxK4i+LdD8DuIz1KUP4v uClGWL+2JwKBgGYW+SA00FQlvGExrIL775w1Hn5KVQJolQ0Kk74ev+FA+pCnVHAx 6Xj84Ga3Inea693V0jBGyuLXXkGbz7VINVGqJdze2zQpSCHb1nT8fuUvU/ecCXC5 5KB2pq16dCI0nE8Xyz/gquVepSfeP6V/D6aI9RXWXzcXkuDWBUkQO5L2MAA= -----END RSA PRIVATE KEY-----s��-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn NhAAAAAwEAAQAAAQEA1WqseCPW1hvsJaFQxHdjUIRFAVVCFCoq4NBg7tTpo61K+jkGXoRV dV8ANr9vqio/gyY3wWkuW/3w89J91pjNOkB41cqoGMARkyQJDIFMj/ec7RMWaqQE6Ul3w+ RVZLN5aJ4sCOus6AQtIXcFp47vUzANpeW7PWriCTZv/TTTfW9G/4faqSknqv+t9YXmPhq4 eh1KserAWvcw3x/CpOTvP5FJlkDVGXctN8Ne7J2mOkSlwqQp3dW6nD1Fs8YsGGTVuj3fq3 /NQqyn8RgLoFgVYgukKm5Dw+QEnzWjR45G7TOlZb28OyluAgtX33ToE7Q3NX6DXyAmYKbc rYvGbHmY9wAAA7gXkBoMF5AaDAAAAAdzc2gtcnNhAAABAQDVaqx4I9bWG+wloVDEd2NQhE UBVUIUKirg0GDu1OmjrUr6OQZehFV1XwA2v2+qKj+DJjfBaS5b/fDz0n3WmM06QHjVyqgY wBGTJAkMgUyP95ztExZqpATpSXfD5FVks3loniwI66zoBC0hdwWnju9TMA2l5bs9auIJNm /9NNN9b0b/h9qpKSeq/631heY+Grh6HUqx6sBa9zDfH8Kk5O8/kUmWQNUZdy03w17snaY6 RKXCpCnd1bqcPUWzxiwYZNW6Pd+rf81CrKfxGAugWBViC6QqbkPD5ASfNaNHjkbtM6Vlvb w7KW4CC1ffdOgTtDc1foNfICZgptyti8ZseZj3AAAAAwEAAQAAAQAhTAhmoijVtPuOD3Ib hQkAufJON/AcV0vjUX+eI6fkOphVG+qLepgevNi6sfmJEhhgrOjMC04JWkBqui+Z+LMkYI S5zmmVmvni/B9RTScV2ysnre+0aay+fRDrhkdwc7QAh5UVOzf55xTngLtoHhvm3btzY7ln 5rInf8/PMJvCmP3ZGDYvNi7xPYF6n+EDLUfbNFFiOd1P6ayoi9nW84TEF7lxnQYIQnhNu8 Uq9MNYzVUr7b4zXwTqe+YEJGPyLdc9G2zVnGNDL5KIjT5u2hg32A8lZ4kduUY0XsnOxIvt klozBw/fhgj5kunb6zgINsnNzQoBSFs5PnrKxoCp3NQ5AAAAgQCFSxt6mxIQN54frV7a/s aW/t81a7k04haXkiYJvb1wIAOnNb0tG6DSB0cr1N6oqAcHG7gEIKcnQTxsOTnpQc7nFx3R TFy8PdImJv5q1v1Icq5G+nvD0xlgRB2lE6eA9WMp1HpdBgcWXfaLPctkOuKEWk2MBi0tnR zrg0x4PXlUzgAAAIEA2XAG2OK81HiRUJTUwRuJOGxGZFpRoJoHPUiPA1HMaxKOfRqxZedx dTngMgV1jRhMr5OxSbFmX3hietEMyuZNQ7Oc9Gt95gyY3M8hYo7VLhLeBK7XJG6DMaIVok Q9IqliJiK5su1UCp0Ig6cHDf8ZGI7Yqx3aSJwxaBGhZm3j2B0AAACBAPtEF4ukNr4eNx2n 9mFsBMSq3Xg+B4weMwKuAxSHg3rlnn0IZ6jyqr8ScM9yqafHCx2I1SD9nGPKRzBVTovEz/ R/FqSSEnShCcLEbpyMM++l5ffgK61PXBGqGoQ3W/166sPNfLDI5B9UY7XHr9/0Caf8xyX8 XOmR15LFmB5W07EjAAAAAAEC -----END OPENSSH PRIVATE KEY----- s��-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,FFFFFFFFFFFFFFFF p2A1YsHLXkpMVcsEqhh/nCYb5AqL0uMzfEIqc8hpZ/Ub8PtLsypilMkqzYTnZIGS ouyPjU/WgtR4VaDnutPWdgYaKdixSEmGhKghCtXFySZqCTJ4O8NCczsktYjUK3D4 Jtl90zL6O81WBY6xP76PBQo9lrI/heAetATeyqutc18bwQIGU+gKk32qvfo15DfS VYiY0Ds4D7F7fd9pz+f5+UbFUCgU+tfDvBrqodYrUgmH7jKoW/CRDCHHyeEIZDbF mcMwdcKOyw1sRLaPdihRSVx3kOMvIotHKVTkIDMp+0RTNeXzQnp5U2qzsxzTcG/M UyJN38XXkuvq5VMj2zmmjHzx34w3NK3ZxpZcoaFUqUBlNp2C8hkCLrAa/DWobKqN 5xA1ElrQvli9XXkT/RIuy4Gc10bbGEoJjuxNRibtSxxWd5Bd1E40ocOd4l1ebI8+ w69XvMTnsmHvkBEADGF2zfRszKnMelg+W5NER1UDuNT03i+1cuhp+2AZg8z7niTO M17XP3ScGVxrQAEYgtxPrPeIpFJvOx2j5Yt78U9Y2WlaAG6DrubbYv2RsMIibhOG yk139vMdD8FwCey6yMkkhFAJwnBtC22MAWgjmC5c6AF3SRQSjjQXepPsJcLgpOjy YwjhnL8w56x9kVDUNPw9A9Cqgxo2sty34ATnKrh4h59PsP83LOL6OC5WjbASgZRd OIBD8RloQPISo+RUF7X0i4kdaHVNPlR0KyapR+3M5BwhQuvEO99IArDV2LNKGzfc W4ssugm8iyAJlmwmb2yRXIDHXabInWY7XCdGk8J2qPFbDTvnPbiagJBimjVjgpWw tV3sVlJYqmOqmCDP78J6he04l0vaHtiOWTDEmNCrK7oFMXIIp3XWjOZGPSOJFdPs 6Go3YB+EGWfOQxqkFM28gcqmYfVPF2sa1FbZLz0ffO11Ma/rliZxZu7WdrAXe/tc BgIQ8etp2PwAK4jCwwVwjIO8FzqQGpS23Y9NY3rfi97ckgYXKESFtXPsMMA+drZd ThbXvccfh4EPmaqQXKf4WghHiVJ+/yuY1kUIDEl/O0jRZWT7STgBim/Aha1m6qRs zl1H7hkDbU4solb1GM5oPzbgGTzyBc+z0XxM9iFRM+fMzPB8+yYHTr4kPbVmKBjy SCovjQQVsHE4YeUGTq6k/NF5cVIRKTW/RlHvzxsky1Zj31MC736jrxGw4KG7VSLZ fP6F5jj+mXwS7m0v5to42JBZmRJdKUD88QaGE3ncyQ4yleW5bn9Lf9SuzQg1Dhao 3rSA1RuexsHlIAHvGxx/17X+pyygl8DJbt6TBfbLQk9wc707DJTfh5M/bnk9wwIX l/Hsa1WtylAMW/2MzgiVy83MbYz4+Ss6GQ5W66okWji+NxrnrYEy6q+WgVQanp7X D+D7oKykqE1Cdvvulvtfl5fh8wlAs8mrUnKPBBUru348u++2lfacLkxRXyT1ooqY uSNE5nlwFt08N2Ou/bl7yq6QNRMYrRkn+UEfHWCNYDoGMHln2/i6Z1RapQzNarik tJf7radBz5nBwBjP08YAEACNSQvpsUgdqiuYjLwX7efFXQva2RzqaQ== -----END RSA PRIVATE KEY-----s@��-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD0f9WAof DTbmwztb8pdrSeAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDVaqx4I9bW G+wloVDEd2NQhEUBVUIUKirg0GDu1OmjrUr6OQZehFV1XwA2v2+qKj+DJjfBaS5b/fDz0n 3WmM06QHjVyqgYwBGTJAkMgUyP95ztExZqpATpSXfD5FVks3loniwI66zoBC0hdwWnju9T MA2l5bs9auIJNm/9NNN9b0b/h9qpKSeq/631heY+Grh6HUqx6sBa9zDfH8Kk5O8/kUmWQN UZdy03w17snaY6RKXCpCnd1bqcPUWzxiwYZNW6Pd+rf81CrKfxGAugWBViC6QqbkPD5ASf NaNHjkbtM6Vlvbw7KW4CC1ffdOgTtDc1foNfICZgptyti8ZseZj3AAADwPQaac8s1xX3af hQTQexj0vEAWDQsLYzDHN9G7W+UP5WHUu7igeu2GqAC/TOnjUXDP73I+EN3n7T3JFeDRfs U1Z6Zqb0NKHSRVYwDIdIi8qVohFv85g6+xQ01OpaoOzz+vI34OUvCRHQGTgR6L9fQShZyC McopYMYfbIse6KcqkfxX3KSdG1Pao6Njx/ShFRbgvmALpR/z0EaGCzHCDxpfUyAdnxm621 Jzaf+LverWdN7sfrfMptaS9//9iJb70sL67K+YIB64qhDnA/w9UOQfXGQFL+AEtdM0BPv8 thP1bs7T0yucBl+ZXdrDKVLZfaS3S/w85Jlgfu+a1DG73pOBOuag435iEJ9EnspjXiiydx GrfSRk2C+/c4fBDZVGFscK5bfQuUUZyU1qOagekxX7WLHFKk9xajnud+nrAN070SeNwlX8 FZ2CI4KGlQfDvVUpKanYn8Kkj3fZ+YBGyx4M+19clF65FKSM0x1Rrh5tAmNT/SNDbSc28m ASxrBhztzxUFTrIn3tp+uqkJniFLmFsUtiAUmj8fNyE9blykU7dqq+CqpLA872nQ9bOHHA JsS1oBYmQ0n6AJz8WrYMdcepqWVld6Q8QSD1zdrY/sAWUovuBA1s4oIEXZhpXSS4ZJiMfh PVktKBwj5bmoG/mmwYLbo0JHntK8N3TGTzTGLq5TpSBBdVvWSWo7tnfEkrFObmhi1uJSrQ 3zfPVP6BguboxBv+oxhaUBK8UOANe6ZwM4vfiu+QN+sZqWymHIfAktz7eWzwlToe4cKpdG Uv+e3/7Lo2dyMl3nke5HsSUrlsMGPREuGkBih8+o85ii6D+cuCiVtus3f5c78Cir80zLIr Z0wWvEAjciEvml00DWaA+JIaOrWwvXySaOzFGpCqC9SQjao379bvn9P3b7kVZsy6zBfHqm bNEJUOuhBZaY8Okz36chh1xqh4sz7m3nsZ3GYGcvM+3mvRY72QnqsQEG0Sp1XYIn2bHa29 tqp7CG9X8J6dqMcPeoPRDWIX9gw7EPl/M0LP6xgewGJ9bgxwle6Mnr9kNITIswjAJqrLec zx7dfixjAPc42ADqrw/tEdFQcSqxigcfJNKO1LbDBjh+Hk/cSBou2PoxbIcl0qfQfbGcqI Dbpd695IEuiW9pYR22txNoIi+7cbMsuFHxQ/OqbrX/jCsprGNNJLAjgGsVEI1JnHWDH0db 3UbqbOHAeY3ufoYXNY1utVOIACpW3r9wBw3FjRi04d70VcKr16OXvOAHGN2G++Y+kMya84 Hl/Kt/gA== -----END OPENSSH PRIVATE KEY----- s��-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,0673309A6ACCAB4B77DEE1C1E536AC26 4Ed/a9OgJWHJsne7yOGWeWMzHYKsxuP9w1v0aYcp+puS75wvhHLiUnNwxz0KDi6n T3YkKLBsoCWS68ApR2J9yeQ6R+EyS+UQDrO9nwqo3DB5BT3Ggt8S1wE7vjNLQD0H g/SJnlqwsECNhh8aAx+Ag0m3ZKOZiRD5mCkcDQsZET7URSmFytDKOjhFn3u6ZFVB sXrfpYc6TJtOQlHd/52JB6aAbjt6afSv955Z7enIi+5yEJ5y7oYQTaE5zrFMP7N5 9LbfJFlKXxEddy/DErRLxEjmC+t4svHesoJKc2jjjyNPiOoGGF3kJXea62vsjdNV gMK5Eged3TBVIk2dv8rtJUvyFeCUtjQ1UJZIebScRR47KrbsIpCmU8I4/uHWm5hW 0mOwvdx1L/mqx/BHqVU9Dw2COhOdLbFxlFI92chkovkmNk4P48ziyVnpm7ME22sE vfCMsyirdqB1mrL4CSM7FXONv+CgfBfeYVkYW8RfJac9U1L/O+JNn7yee414O/rS hRYw4UdWnH6Gg6niklVKWNY0ZwUZC8zgm2iqy8YCYuneS37jC+OEKP+/s6HSKuqk 2bzcl3/TcZXNSM815hnFRpz0anuyAsvwPNRyvxG2/DacJHL1f6luV4B0o6W410yf qXQx01DLo7nuyhJqoH3UGCyyXB+/QUs0mbG2PAEn3f5dVs31JMdbt+PrxURXXjKk 4cexpUcIpqqlfpIRe3RD0sDVbH4OXsGhi2kiTfPZu7mgyFxKopRbn1KwU1qKinfY EU9O4PoTak/tPT+5jFNhaP+HrURoi/pU8EAUNSktl7xAkHYwkN/9Cm7DeBghgf3n 8+tyCGYDsB5utPD0/Xe9yx0Qhc/kMm4xIyQDyA937dk3mUvLC9vulnAP8I+Izim0 fZ182+D1bWwykoD0997mUHG/AUChWR01V1OLwRyPv2wUtiS8VNG76Y2aqKlgqP1P V+IvIEqR4ERvSBVFzXNF8Y6j/sVxo8+aZw+d0L1Ns/R55deErGg3B8i/2EqGd3r+ 0jps9BqFHHWW87n3VyEB3jWCMj8Vi2EJIfa/7pSaViFIQn8LiBLf+zxG5LTOToK5 xkN42fReDcqi3UNfKNGnv4dsplyTR2hyx65lsj4bRKDGLKOuB1y7iB0AGb0LtcAI dcsVlcCeUquDXtqKvRnwfIMg+ZunyjqHBhj3qgRgbXbT6zjaSdNnih569aTg0Vup VykzZ7+n/KVcGLmvX0NesdoI7TKbq4TnEIOynuG5Sf+2GpARO5bjcWKSZeN/Ybgk gccf8Cqf6XWqiwlWd0B7BR3SymeHIaSymC45wmbgdstrbk7Ppa2Tp9AZku8M2Y7c 8mY9b+onK075/ypiwBm4L4GRNTFLnoNQJXx0OSl4FNRWsn6ztbD+jZhu8Seu10Jw SEJVJ+gmTKdRLYORJKyqhDet6g7kAxs4EoJ25WsOnX5nNr00rit+NkMPA7xbJT+7 CfI51GQLw7pUPeO2WNt6yZO/YkzZrqvTj5FEwybkUyBv7L0gkqu9wjfDdUw0fVHE xEm4DxjEoaIp8dW/JOzXQ2EF+WaSOgdYsw3Ac+rnnjnNptCdOEDGP6QBkt+oXj4P -----END RSA PRIVATE KEY-----s��{KDEwOnB1YmxpYy1rZXkoMTQ6cnNhLXBrY3MxLXNoYTEoMTpuMjU3OgDVaqx4I9bWG+wloVDEd2NQhEUBVUIUKirg0GDu1OmjrUr6OQZehFV1XwA2v2+qKj+DJjfBaS5b/fDz0n3WmM06QHjVyqgYwBGTJAkMgUyP95ztExZqpATpSXfD5FVks3loniwI66zoBC0hdwWnju9TMA2l5bs9auIJNm/9NNN9b0b/h9qpKSeq/631heY+Grh6HUqx6sBa9zDfH8Kk5O8/kUmWQNUZdy03w17snaY6RKXCpCnd1bqcPUWzxiwYZNW6Pd+rf81CrKfxGAugWBViC6QqbkPD5ASfNaNHjkbtM6Vlvbw7KW4CC1ffdOgTtDc1foNfICZgptyti8ZseZj3KSgxOmUzOgEAASkpKQ==}s��(11:private-key(9:rsa-pkcs1(1:n257:��j�x#��%�P�wcP�EUB*��`��飭J�9^�Uu_�6�o�?�&7�i.[��}֘�:@x�ʨ��$ �L��j��Iw��Ud�yh�,��-!w��S0 ��=j� 6o�4�}oF��ک)'��>�zJ��Z�0�¤��?�I�@�w-7�^읦:D�¤)�պ�=E��,dպ=߫�B��Xb�nC��5�G�F�3�e��;)nW�t��75~�_ &`�ܭ��ly��)(1:e3:�)(1:d256:!Lf�(մ��r� ��N7�WK�Q�#��:�U�z��غ��`��N Z@j�/��$`��i��QM'�+'��i��}�Gps��;7��瀻h�ݻsc�g�'��0��6/6.�=�z��-G�4Qb9�O鬨��q�BxM����X�U+�3_�{�$c�-�=l՜cC/��>n�7�%g��F4^��ċ�Z3߆��86�� H[9>z�ƀ��9)(1:p129:��D��6�7��alĪ�x>�3��z�}g��p�r�� c�G0UN��t� ��n��3��+�O\��7[�z��\|��Tc�ǯ�� %�\�גŘVӱ#)(1:q129:��p��x�P��8lFdZQ��=H�Q�k�}�e�qu9�2u�L��I�f_xbz��MC��k}��!b��.��$n�1��D="�b&"��T �� ث�H�1h�fm��)(1:a128:if7�@�!��>G�\|v�-�?9<��CQ�B��IP8�;��2i��Z��1�:~q�NO�_R��n�ל�U�ێ!_�$��,�ܟ��#=JP�/�)FX��')(1:b128:Q�钟�J�e>��;��t��2�/h�&��QhL&�(�3_�p�4y^R��6�KU��S��a�JԢ�@ ��P�u��P�K�A�{�K�uhĘ��ZC�3�"d��E\|�)(1:c128:f� 4�T%�a1��5~JUh� ��@��Tp1�x��f�"w��0F��^A�ϵH5Q�%��4)H!��t�~�/S�� p��v��zt"4�O�?��^�'�?��_7��I;��)))s��ssh-rsa��!Lf�(մ��r� ��N7�WK�Q�#��:�U�z��غ��`��N Z@j�/��$`��i��QM'�+'��i��}�Gps��;7��瀻h�ݻsc�g�'��0��6/6.�=�z��-G�4Qb9�O鬨��q�BxM����X�U+�3_�{�$c�-�=l՜cC/��>n�7�%g��F4^��ċ�Z3߆��86�� H[9>z�ƀ��9��j�x#��%�P�wcP�EUB��`��飭J�9^�Uu_�6�o�?�&7�i.[��}֘�:@x�ʨ��$ �L��j��Iw��Ud�yh�,��-!w��S0 ��=j� 6o�4�}oF��ک)'��>�zJ��Z�0�¤��?�I�@�w-7�^읦:D�¤)�պ�=E��,dպ=߫�B��Xb�nC��5�G�F�3�e��;)nW�t��75~�_ &`�ܭ��ly��Kz�7��^�Ɩ��5k�4��& ��p �5�-��G+�ި�� 'A<l99�A��L\�=�&&�j�Hr�F�{��`D��c)�z]]��=�d:�ZM�--��Lx=yT��p��x�P��8lFdZQ��=H�Q�k�}�e�qu9�2u�L��I�f_xbz��MC��k}��!b��.��$n�1��D="�b&"��T �� ث�H�1h�fm��D��6�7��alĪ�x>�3��z�}g��p�r�� c�G0UN��t� ��n��3��+�O\��7[�z��\|��Tc�ǯ�� %�\�גŘVӱ#sT��ssh-dss AAAAB3NzaC1kc3MAAACBAJKQOsVERVDQIpANHH+JAAylo9LvFYmFFVMIuHFGlZpIL7sh3IMkqy+cssINM/lnHD3fmsAyLlUXZtt6PD9LgZRazsPOgptuH+Gu48G+yFuE8l0fVVUivos/MmYVJ66qT99htcZKatrTWZnpVW7gFABoqw+he2LZ0gkeU0+Sx9a5AAAAFQD0EYmTNaFJ8CS0+vFSF4nYcyEnSQAAAIEAkgLjxHJAE7qFWdTqf7EZngu7jAGmdB9k3YzMHe1ldMxEB7zNw5aOnxjhoYLtiHeoEcOk2XOyvnE+VfhIWwWAdOiKRTEZlmizkvhGbq0DCe2EPMXirjqWACI5nDioQX1oEMonR8N3AEO5v9SfBqS2Q9R6OBr6lf04RvwpHZ0UGu8AAACAAhRpxGMIWEyaEh8YnjiazQTNEpklRZqeBGo1gotJggNmVaIQNIClGlLyCi359efEUuQcZ9SXxM59P+hecc/GU/GHakW5YWE4dP2GgdgMQWC7S6WFIXePGGXqNQDdWxlX8umhenvQqa1PnKrFRhDrJw8Z7GjdHxflsxCEmXPoLN8= comments��-----BEGIN DSA PRIVATE KEY----- MIIBvAIBAAKBgQCSkDrFREVQ0CKQDRx/iQAMpaPS7xWJhRVTCLhxRpWaSC+7IdyD JKsvnLLCDTP5Zxw935rAMi5VF2bbejw/S4GUWs7DzoKbbh/hruPBvshbhPJdH1VV Ir6LPzJmFSeuqk/fYbXGSmra01mZ6VVu4BQAaKsPoXti2dIJHlNPksfWuQIVAPQR iZM1oUnwJLT68VIXidhzISdJAoGBAJIC48RyQBO6hVnU6n+xGZ4Lu4wBpnQfZN2M zB3tZXTMRAe8zcOWjp8Y4aGC7Yh3qBHDpNlzsr5xPlX4SFsFgHToikUxGZZos5L4 Rm6tAwnthDzF4q46lgAiOZw4qEF9aBDKJ0fDdwBDub/UnwaktkPUejga+pX9OEb8 KR2dFBrvAoGAAhRpxGMIWEyaEh8YnjiazQTNEpklRZqeBGo1gotJggNmVaIQNICl GlLyCi359efEUuQcZ9SXxM59P+hecc/GU/GHakW5YWE4dP2GgdgMQWC7S6WFIXeP GGXqNQDdWxlX8umhenvQqa1PnKrFRhDrJw8Z7GjdHxflsxCEmXPoLN8CFQDV2gbL czUdxCus0pfEP1bddaXRLQ== -----END DSA PRIVATE KEY-----sQ��-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABsgAAAAdzc2gtZH NzAAAAgQCSkDrFREVQ0CKQDRx/iQAMpaPS7xWJhRVTCLhxRpWaSC+7IdyDJKsvnLLCDTP5 Zxw935rAMi5VF2bbejw/S4GUWs7DzoKbbh/hruPBvshbhPJdH1VVIr6LPzJmFSeuqk/fYb XGSmra01mZ6VVu4BQAaKsPoXti2dIJHlNPksfWuQAAABUA9BGJkzWhSfAktPrxUheJ2HMh J0kAAACBAJIC48RyQBO6hVnU6n+xGZ4Lu4wBpnQfZN2MzB3tZXTMRAe8zcOWjp8Y4aGC7Y h3qBHDpNlzsr5xPlX4SFsFgHToikUxGZZos5L4Rm6tAwnthDzF4q46lgAiOZw4qEF9aBDK J0fDdwBDub/UnwaktkPUejga+pX9OEb8KR2dFBrvAAAAgAIUacRjCFhMmhIfGJ44ms0EzR KZJUWangRqNYKLSYIDZlWiEDSApRpS8got+fXnxFLkHGfUl8TOfT/oXnHPxlPxh2pFuWFh OHT9hoHYDEFgu0ulhSF3jxhl6jUA3VsZV/LpoXp70KmtT5yqxUYQ6ycPGexo3R8X5bMQhJ lz6CzfAAAB2MVcBjzFXAY8AAAAB3NzaC1kc3MAAACBAJKQOsVERVDQIpANHH+JAAylo9Lv FYmFFVMIuHFGlZpIL7sh3IMkqy+cssINM/lnHD3fmsAyLlUXZtt6PD9LgZRazsPOgptuH+ Gu48G+yFuE8l0fVVUivos/MmYVJ66qT99htcZKatrTWZnpVW7gFABoqw+he2LZ0gkeU0+S x9a5AAAAFQD0EYmTNaFJ8CS0+vFSF4nYcyEnSQAAAIEAkgLjxHJAE7qFWdTqf7EZngu7jA GmdB9k3YzMHe1ldMxEB7zNw5aOnxjhoYLtiHeoEcOk2XOyvnE+VfhIWwWAdOiKRTEZlmiz kvhGbq0DCe2EPMXirjqWACI5nDioQX1oEMonR8N3AEO5v9SfBqS2Q9R6OBr6lf04RvwpHZ 0UGu8AAACAAhRpxGMIWEyaEh8YnjiazQTNEpklRZqeBGo1gotJggNmVaIQNIClGlLyCi35 9efEUuQcZ9SXxM59P+hecc/GU/GHakW5YWE4dP2GgdgMQWC7S6WFIXePGGXqNQDdWxlX8u mhenvQqa1PnKrFRhDrJw8Z7GjdHxflsxCEmXPoLN8AAAAVANXaBstzNR3EK6zSl8Q/Vt11 pdEtAAAAAAE= -----END OPENSSH PRIVATE KEY----- sK��e0tERXdPbkIxWW14cFl5MXJaWGtvTXpwa2MyRW9NVHB3TVRJNU9nQ1NrRHJGUkVWUTBDS1FEUngv aVFBTXBhUFM3eFdKaFJWVENMaHhScFdhU0MrN0lkeURKS3N2bkxMQ0RUUDVaeHc5MzVyQU1pNVZG MmJiZWp3L1M0R1VXczdEem9LYmJoL2hydVBCdnNoYmhQSmRIMVZWSXI2TFB6Sm1GU2V1cWsvZlli WEdTbXJhMDFtWjZWVnU0QlFBYUtzUG9YdGkyZElKSGxOUGtzZld1U2tvTVRweE1qRTZBUFFSaVpN MW9VbndKTFQ2OFZJWGlkaHpJU2RKS1NneE9tY3hNams2QUpJQzQ4UnlRQk82aFZuVTZuK3hHWjRM dTR3QnBuUWZaTjJNekIzdFpYVE1SQWU4emNPV2pwOFk0YUdDN1loM3FCSERwTmx6c3I1eFBsWDRT RnNGZ0hUb2lrVXhHWlpvczVMNFJtNnRBd250aER6RjRxNDZsZ0FpT1p3NHFFRjlhQkRLSjBmRGR3 QkR1Yi9Vbndha3RrUFVlamdhK3BYOU9FYjhLUjJkRkJydktTZ3hPbmt4TWpnNkFoUnB4R01JV0V5 YUVoOFluamlhelFUTkVwa2xSWnFlQkdvMWdvdEpnZ05tVmFJUU5JQ2xHbEx5Q2kzNTllZkVVdVFj WjlTWHhNNTlQK2hlY2MvR1UvR0hha1c1WVdFNGRQMkdnZGdNUVdDN1M2V0ZJWGVQR0dYcU5RRGRX eGxYOHVtaGVudlFxYTFQbktyRlJoRHJKdzhaN0dqZEh4ZmxzeENFbVhQb0xOOHBLU2s9fQ== s��KDExOnByaXZhdGUta2V5KDM6ZHNhKDE6cDEyOToAkpA6xURFUNAikA0cf4kADKWj0u8ViYUVUwi4 cUaVmkgvuyHcgySrL5yywg0z+WccPd+awDIuVRdm23o8P0uBlFrOw86Cm24f4a7jwb7IW4TyXR9V VSK+iz8yZhUnrqpP32G1xkpq2tNZmelVbuAUAGirD6F7YtnSCR5TT5LH1rkpKDE6cTIxOgD0EYmT NaFJ8CS0+vFSF4nYcyEnSSkoMTpnMTI5OgCSAuPEckATuoVZ1Op/sRmeC7uMAaZ0H2TdjMwd7WV0 zEQHvM3Dlo6fGOGhgu2Id6gRw6TZc7K+cT5V+EhbBYB06IpFMRmWaLOS+EZurQMJ7YQ8xeKuOpYA IjmcOKhBfWgQyidHw3cAQ7m/1J8GpLZD1Ho4GvqV/ThG/CkdnRQa7ykoMTp5MTI4OgIUacRjCFhM mhIfGJ44ms0EzRKZJUWangRqNYKLSYIDZlWiEDSApRpS8got+fXnxFLkHGfUl8TOfT/oXnHPxlPx h2pFuWFhOHT9hoHYDEFgu0ulhSF3jxhl6jUA3VsZV/LpoXp70KmtT5yqxUYQ6ycPGexo3R8X5bMQ hJlz6CzfKSgxOngyMToA1doGy3M1HcQrrNKXxD9W3XWl0S0pKSk= sm��AAAAB3NzaC1kc3MAAACBAJKQOsVERVDQIpANHH+JAAylo9LvFYmFFVMIuHFGlZpIL7sh3IMkqy+c ssINM/lnHD3fmsAyLlUXZtt6PD9LgZRazsPOgptuH+Gu48G+yFuE8l0fVVUivos/MmYVJ66qT99h tcZKatrTWZnpVW7gFABoqw+he2LZ0gkeU0+Sx9a5AAAAFQD0EYmTNaFJ8CS0+vFSF4nYcyEnSQAA AIEAkgLjxHJAE7qFWdTqf7EZngu7jAGmdB9k3YzMHe1ldMxEB7zNw5aOnxjhoYLtiHeoEcOk2XOy vnE+VfhIWwWAdOiKRTEZlmizkvhGbq0DCe2EPMXirjqWACI5nDioQX1oEMonR8N3AEO5v9SfBqS2 Q9R6OBr6lf04RvwpHZ0UGu8AAACAAhRpxGMIWEyaEh8YnjiazQTNEpklRZqeBGo1gotJggNmVaIQ NIClGlLyCi359efEUuQcZ9SXxM59P+hecc/GU/GHakW5YWE4dP2GgdgMQWC7S6WFIXePGGXqNQDd WxlX8umhenvQqa1PnKrFRhDrJw8Z7GjdHxflsxCEmXPoLN8AAAAVANXaBstzNR3EK6zSl8Q/Vt11 pdEt ) �DSAData�RSAData�privateDSA_agentv3�privateDSA_lsh�privateDSA_openssh�privateRSA_agentv3�privateRSA_lsh�privateRSA_openssh� publicDSA_lsh�publicDSA_openssh� publicRSA_lsh�publicRSA_openssh�privateRSA_openssh_alternateN)&�__doc__�base64r��intr"��r!��ECDatanistp256�ECDatanistp384�ECDatanistp521�Ed25519Data�privateECDSA_openssh521�privateECDSA_openssh521_new�publicECDSA_openssh521�privateECDSA_openssh384�privateECDSA_openssh384_new�publicECDSA_openssh384�publicECDSA_openssh�privateECDSA_openssh�privateECDSA_openssh_new�publicEd25519_openssh�privateEd25519_openssh_newr,��r(��r-��privateRSA_openssh_new�privateRSA_openssh_encrypted� privateRSA_openssh_encrypted_new� privateRSA_openssh_encrypted_aesr+��r'��r&��r��r%��privateDSA_openssh_newr)��r$��r#��__all__��rF��rF��</usr/lib/python3/dist-packages/twisted/conch/test/keydata.py�<module>��s��2�� ! � �5���test/__pycache__/test_channel.cpython-310.pyc��0000644��00000027334�15027667726�0015136 0��ustar�00��o ��b�/��@��s��d�Z�ddlmZ�ddlmZ�z.ddlmZ�ddlmZ�ddl m Z �ddlmZ�ddl mZ�dd lmZ�dd lmZ�dZW�n �eyI��dZeZ Y�nw�dd lmZ�G�dd��de �Zddd�Zeee�G�dd��de��ZdS�)z Test ssh/channel.py. ��)�skipIf)�verifyObject)�channel)�SSHTransportAddress)� SSHService)�SSHServerTransport)� interfaces)�IPv4Address)�StringTransport��zConch SSH not supported.)�TestCasec��@��s8��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��ZdS�) �MockConnectiona�� A mock for twisted.conch.ssh.connection.SSHConnection. Record the data that channels send, and when they try to close the connection. @ivar data: a L{dict} mapping channel id #s to lists of data sent by that channel. @ivar extData: a L{dict} mapping channel id #s to lists of 2-tuples (extended data type, data) sent by that channel. @ivar closes: a L{dict} mapping channel id #s to True if that channel sent a close message. c��C��s��i�\|�_�i�\|�_i�\|�_d�S�)N)�data�extData�closes��self��r��A/usr/lib/python3/dist-packages/twisted/conch/test/test_channel.py�__init__��s�� zMockConnection.__init__c��C��s��dS�)z, Return our logging prefix. r ��r��r��r��r��r�� logPrefix/��s��zMockConnection.logPrefixc��C��s��\|�j��\|g��\|��dS�)z' Record the sent data. N)r�� setdefault�append)r��r��r��r��r��r��sendData5��zMockConnection.sendDatac��C��s��\|�j��\|g��\|\|f��dS�)z0 Record the sent extended data. N)r��r��r��)r��r��typer��r��r��r��sendExtendedData;��s��zMockConnection.sendExtendedDatac��C��s��d\|�j�\|<�dS�)z? Record that the channel sent a close message. TN)r��)r��r��r��r��r�� sendCloseA��s��zMockConnection.sendCloseN) �__name__� __module__�__qualname__�__doc__r��r��r��r��r��r��r��r��r��r ��s��r ��Nc��C��s&��t��}\|�t\|\|d��\|�\|��dS�)a�� Connect a SSHTransport which is already connected to a remote peer to the channel under test. @param service: Service used over the connected transport. @type service: L{SSHService} @param hostAddress: Local address of the connected transport. @type hostAddress: L{interfaces.IAddress} @param peerAddress: Remote address of the connected transport. @type peerAddress: L{interfaces.IAddress} )�hostAddress�peerAddressN)r��makeConnectionr �� setService)�servicer"��r#�� transportr��r��r��connectSSHTransportH��s �� r(��c��@��s��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zd S�)!�ChannelTestsz" Tests for L{SSHChannel}. c��C��s&��t��\|�_tj\|�jdd�\|�_d\|�j_dS�)z� Initialize the channel. remoteMaxPacket is 10 so that data is able to be sent (the default of 0 means no data is sent because no packets are made). � ��)�conn�remoteMaxPackets��channelN)r ��r+��r�� SSHChannel�namer��r��r��r��setUpc��s��zChannelTests.setUpc��C��s��\|��ttj\|�j��dS�)zK L{SSHChannel} instances provide L{interfaces.ITransport}. N)� assertTruer��r�� ITransportr��r��r��r��r��test_interfacem��r��zChannelTests.test_interfacec�� C��s��t�j\|�jd�}\|��\|jd��\|��\|jd��\|��\|jd��\|��\|jd��\|��\|jd��\|��\|j\|�j��\|�� \|j ��\|�� \|j��t��ddddd d d�}\|��\|jd��\|��\|jd��\|��\|jd��\|��\|jd��\|��\|jd��\|��\|jd ��\|��\|j d ��\|��\|jd��dS�) a�� Test that SSHChannel initializes correctly. localWindowSize defaults to 131072 (217) and localMaxPacket to 32768 (215) as reasonable defaults (what OpenSSH uses for those variables). The values in the second set of assertions are meaningless; they serve only to verify that the instance variables are assigned in the correct order. )r+��i��i��r��N)r��r-��r+��assertEqual�localWindowSize�localWindowLeft�localMaxPacket�remoteWindowLeftr,��assertIsNoner��avatar)r��c�c2r��r��r�� test_inits��s$�� zChannelTests.test_initc��C��s.��\|��t\|�j�d��\|��ttjdd��d��dS�)z{ Test that str(SSHChannel) works gives the channel name and local and remote windows at a glance.. z%<SSHChannel channel (lw 131072 rw 0)>r3��localWindowz<SSHChannel None (lw 1 rw 0)>N)r:��strr��r-��r��r��r��r��test_str��s��zChannelTests.test_strc��C��s.��\|��\|�j��d��\|��tjdd��d��dS�)z Test that bytes(SSHChannel) works, gives the channel name and local and remote windows at a glance.. s%��<SSHChannel channel (lw 131072 rw 0)>r3��rD��s��<SSHChannel None (lw 1 rw 0)>N)r:��r�� __bytes__r-��r��r��r��r�� test_bytes��s�� zChannelTests.test_bytesc��C��s��\|��\|�j��d��dS�)z� Test that SSHChannel.logPrefix gives the name of the channel, the local channel ID and the underlying connection. z.SSHChannel channel (unknown) on MockConnectionN)r:��r��r��r��r��r��r��test_logPrefix��s�� zChannelTests.test_logPrefixc��s��dg��fdd�}\|\|�j�_\|�j��d��\|�j��dd��\|�j��d��\|��\|�j�jd��\|��\|�j�j��\|��d��\|��\|�j�j d ��\|��\|�j j\|�j��dg��\|��\|�j�jg��\|��\|�j j \|�j��d g��d��d<�\|�j��d��\|��d��\|�j��d��\|�j��\|�j��d��\|��d��d S�)zq Test that addWindowBytes adds bytes to the window and resumes writing if it was paused. Fc��d��d<�d�S��NTr��r��r��cbr��r��stubStartWriting��z:ChannelTests.test_addWindowBytes.<locals>.stubStartWriting��testr3��2����r��)r3��rQ��sP��aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaN)r��startWriting�write� writeExtended�addWindowBytesr:��r>��r0�� areWriting�bufr+��r��extBufr��assertFalse�loseConnection)r��rO��r��rM��r��test_addWindowBytes��s(�� z ChannelTests.test_addWindowBytesc��C��sL��dd��\|�j�_\|��\|�j��dd��\|��\|�j��dd��\|��\|�j��dd��dS�)zn Test that requestReceived handles requests by dispatching them to request_ methods. c��S��s��\|�dkS�)NrT��r��)r��r��r��r��<lambda>��s��z3ChannelTests.test_requestReceived.<locals>.<lambda>s��test-methodrT��as ��bad-methodN)r��request_test_methodr0��requestReceivedr]��r��r��r��r��test_requestReceived��s��z!ChannelTests.test_requestReceivedc��C��s��\|��\|�jj��\|�j��\|��\|�jj��dS�)zM Test that the default closeReceieved closes the connection. N)r]��r��closing� closeReceivedr0��r��r��r��r��test_closeReceieved��s�� z ChannelTests.test_closeReceievedc��s$��dg��fdd�}\|\|�j�_\|�j��d��\|�j��d��\|��\|�j�j��\|��d��\|�j��d��\|�j��d��\|�jj\|�j��}\|�� \|d dg��\|�� \|�j�j d ��\|�j��d��\|�� \|g�d��\|�� \|�j�j d ��d��d<�\|�j��d��\|��\|�j�j��\|��d��\|�� \|g�d��\|�� \|�j�jd��\|�� \|�j�j d��dS�)z� Test that write handles data correctly. Send data up to the size of the remote window, splitting the data into packets of length remoteMaxPacket. Fc��rK��rL��r��r��rM��r��r��stubStopWriting��rP��z0ChannelTests.test_write.<locals>.stubStopWriting��dra��r��rU��ta��da��12345678901)rk��rj�� 1234567890��1r7��123456)rk��rj��rn��ro��12345��6N)r��stopWritingrW��r]��rZ��r0��rY��r+��r��r:��r>��r[��r��rh��r��r��rM��r�� test_write��s,��zChannelTests.test_writec��sB��dg��fdd�}\|\|�j�_\|�j��dd��\|�j��dd��\|�j��dd��\|��\|�j�j��\|��d ��\|�j��d ��\|�j��dd��\|�jj\|�j��}\|�� \|g�d��\|�� \|�j�j d��\|�j��d d��\|�� \|g�d��\|�� \|�j�j d��d��d <�\|�j��dd��\|��\|�j�j��\|��d ��\|�� \|g�d��\|�� \|�j�jddgg��\|�� \|�j�j d ��dS�)z� Test that writeExtended handles data correctly. Send extended data up to the size of the window, splitting the extended data into packets of length remoteMaxPacket. Fc��rK��rL��r��r��rM��r��r��rh��rP��z8ChannelTests.test_writeExtended.<locals>.stubStopWritingr3��ri��ra��r4��tr��rU��)�r3��rk��r4��rv��r4��ra��rl��r5��rm��)rw��rx��ry��r5��rn��r5��ro��r7��r6��rp��)rw��rx��ry��rz��r{��)r6��rq��rr��N)r��rs��rX��r]��rZ��r0��rY��r+��r��r:��r>��r\��rt��r��rM��r��test_writeExtended��s8��zChannelTests.test_writeExtendedc��C��sB��\|�j��d��\|�j��dd��td�D��\|��\|�jj\|�j��dg��dS�)zS Test that writeSequence is equivalent to write(''.join(sequece)). rU��c��s��s��\|�]}d�\|f�V��qdS�)s��%dNr��)�.0�ir��r��r�� <genexpr>=��s��z2ChannelTests.test_writeSequence.<locals>.<genexpr>r��s ��0123456789N)r��rY�� writeSequence�ranger:��r+��r��r��r��r��r��test_writeSequence8��s��zChannelTests.test_writeSequencec��C��s��\|�j��d��\|�j��dd��\|�j��\|��\|�jj�\|�j��\|�j��d��\|��\|�jj�\|�j��\|�j��d��\|�� \|�jj�\|�j��dS�)zk Tesyt that loseConnection() doesn't close the channel until all the data is sent. s��datar3��s��datadatar6��N) r��rW��rX��r^��r?��r+��r��getrY��r0��r��r��r��r��test_loseConnection@��s�� z ChannelTests.test_loseConnectionc��C��6��t�ddd�}t\|�jj\|d��\|��t\|�\|�j��dS�)z� L{SSHChannel.getPeer} returns the same object as the underlying transport's C{getPeer} method returns. �TCPz192.168.0.1i1��)r&��r#��N)r ��r(��r��r+��r:��r��getPeer)r��peerr��r��r��test_getPeerN��zChannelTests.test_getPeerc��C��r��)z� L{SSHChannel.getHost} returns the same object as the underlying transport's C{getHost} method returns. r��z 127.0.0.1i90��)r&��r"��N)r ��r(��r��r+��r:��r��getHost)r��hostr��r��r��test_getHostX��r��zChannelTests.test_getHostN)r��r��r ��r!��r/��r2��rC��rG��rI��rJ��r_��rd��rg��ru��r\|��r��r��r��r��r��r��r��r��r)��]��s"�� $1 r)��)NN)r!��unittestr��zope.interface.verifyr��twisted.conch.sshr��twisted.conch.ssh.addressr��twisted.conch.ssh.servicer��twisted.conch.ssh.transportr��twisted.internetr��twisted.internet.addressr ��twisted.test.proto_helpersr ��skipTest�ImportError�object�twisted.trial.unittestr��r ��r(��r)��r��r��r��r��<module>��s�� +��test/__pycache__/test_helper.cpython-310.pyc��0000644��00000045376�15027667726�0015013 0��ustar�00��o ��bAN��@��s��d�dl�mZ�d�dlmZmZmZmZmZmZm Z m Z mZmZm Z �d�dlmZ�dZdZG�dd��dej�ZG�dd ��d �ZG�d d��d�ZG�dd ��d ej�ZG�dd��dej�ZdS�)��)�helper)�BLINK�BOLD�G0�G1�G2�G3�NORMAL� REVERSE_VIDEO� UNDERLINE�modes�privateModes)�unittest�P��c��@��s��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dd��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd ��Zd!d"��Zd#d$��Zd%d&��Zd'd(��Zd)d��Zd+d,��Zd-d.��Zd/d0��Zd1d2��Zd3d4��Zd5d6��Zd7d8��Zd9d:��Zd;d<��Z d=d>��Z!d?d@��Z"dAdB��Z#dCdD��Z$dES�)F�BufferTestsc��C��s��t��\|�_\|�j��d�S��N)r��TerminalBuffer�term�connectionMade��self��r��@/usr/lib/python3/dist-packages/twisted/conch/test/test_helper.py�setUp��s�� zBufferTests.setUpc��C��sP��\|��\|�jjt��\|��\|�jjt��\|��\|�j��dtd��\|��\|�j��d��d�S�)N�� r��r��)�assertEqualr��width�WIDTH�height�HEIGHT� __bytes__�reportCursorPositionr��r��r��r��testInitialState��s��zBufferTests.testInitialStatec��C��s ��\|��tjdtjdi\|�jj��dS�)z� Verify that only DEC Auto Wrap Mode (DECAWM) and DEC Text Cursor Enable Mode (DECTCEM) are initially in the Set Mode (SM) state. TN)r��r �� AUTO_WRAP�CURSOR_MODEr��r��r��r��r��test_initialPrivateModes$��s��z$BufferTests.test_initialPrivateModesc��C��L��\|�j��d��\|�j��d��\|��\|�j��d��\|�j��d��\|��\|�j��d��dS�)zQ C{" "} moves the cursor to the first column in the current row. ��r��r+�� r��r+��N)r�� cursorForward� cursorDownr��r$��insertAtCursorr��r��r��r��test_carriageReturn.�� zBufferTests.test_carriageReturnc��C��s@��\|�j��d��\|��\|�j��d��\|�j��d��\|��\|�j��d��dS�)zV C{" "} moves the cursor to the next row without changing the column. r��)r��r��r��r��r��N)r��r/��r��r$��r1��r��r��r��r�� test_linefeed8��s��zBufferTests.test_linefeedc��C��r)��)z: C{write} transforms C{" "} into C{" "}. r��r+��r,��r��r��N)r��r/��r0��r��r$��writer��r��r��r��test_newlineA��r3��zBufferTests.test_newlinec��C��sH��\|�j�j��}\|�j��tjtjg��d\|tj<�d\|tj<�\|��\|\|�j�j��dS�)z� Verify that L{helper.TerminalBuffer.setPrivateModes} changes the Set Mode (SM) state to "set" for the private modes it is passed. TN)r��r ��copy�setPrivateModes�SCROLL�SCREENr��r��expectedr��r��r��test_setPrivateModesK��s �� z BufferTests.test_setPrivateModesc��C��sD��\|�j�j��}\|�j��tjtjg��\|tj=�\|tj=�\|��\|\|�j�j��dS�)z� Verify that L{helper.TerminalBuffer.resetPrivateModes} changes the Set Mode (SM) state to "reset" for the private modes it is passed. N)r��r ��r:��resetPrivateModesr&��r'��r��r>��r��r��r��test_resetPrivateModesV��s ��z"BufferTests.test_resetPrivateModesc��C��sd��\|�j��d��\|��\|�j��d��\|�j��\|��\|�j��d��\|�j��t��\|��\|�j��dtd�f��d�S�)Nr+��r.��r6��r��r��)r��r0��r��r$��r"��r��r��r��r��testCursorDowna��s�� zBufferTests.testCursorDownc��C��sj��\|�j��d��\|��\|�j��d��\|�j��d��\|�j��d��\|��\|�j��d��\|�j��d��\|��\|�j��d��d�S�)Nr��r��r��)r��rE��)r��cursorUpr��r$��r0��r��r��r��r��testCursorUpi��s��zBufferTests.testCursorUpc��C��sb��\|�j��d��\|��\|�j��d��\|�j��d��\|��\|�j��d��\|�j��t��\|��\|�j��tdf��d�S�)N��)rH��r��)r7��r��r��)r��r/��r��r$��r ��r��r��r��r��testCursorForwardt��s��zBufferTests.testCursorForwardc��C��s��\|�j��d��\|�j��d��\|��\|�j��d��\|�j��d��\|��\|�j��d��\|�j��d��\|��\|�j��d��\|�j��d��\|��\|�j��d��d�S�)N� ��rH��)��r��)r��r��r��r��)r��r/��cursorBackwardr��r$��r��r��r��r��testCursorBackward\|��s��zBufferTests.testCursorBackwardc��C��s$��\|�j��dd��\|��\|�j��d��d�S�)Nr+�� )r+��rO��)r��cursorPositionr��r$��r��r��r��r��testCursorPositioning��s��z!BufferTests.testCursorPositioningc��C��s6��d}\|�j��\|��\|��\|�j��\|d�dtd��d�S�)N� ��Hello, world.r��rH��)r��r8��r��r#��r"��r��sr��r��r��testSimpleWriting��s��&zBufferTests.testSimpleWritingc��C��sn��d}\|�j��\|��\|�j��t\|��\|�j��tjg��\|�j��d��\|��\|�j��d\|dd��d�dt d��d�S�)Ns ��hello, world.��Hr��r��rH��) r��r8��rM��len� resetModesr��IRMr��r#��r"��rS��r��r��r��testOvertype��s��&�zBufferTests.testOvertypec��C��sf��d}\|�j��\|��\|�j��t\|��\|�j��tjg��\|�j��d��\|��\|�j��d\|�d�dt d��d�S�)Ns��ello, world.rV��r��rH��) r��r8��rM��rW��setModesr��rY��r��r#��r"��rS��r��r��r�� testInsert��s��zBufferTests.testInsertc��C��s^��d}\|�j��d��\|�j��d��\|�j��\|��\|��\|�j��d\|�j�jd��\|�d�dtd��d�S�)NrR��r��s�� r��rL��)r��r0��r/��r8��r��r#��fillr"��rS��r��r��r��testWritingInTheMiddle��s��"�z"BufferTests.testWritingInTheMiddlec��C��sd��d}\|�j��td��\|�j��\|��\|��\|�j��\|d�d��t�d�\|dd��d�dtd��d�S�)NrR��r��r��r+��)r��r/��r ��r8��r��r#��rjustr"��rS��r��r��r��testWritingWrappedAtEndOfLine��s��0�z)BufferTests.testWritingWrappedAtEndOfLinec��C��sj��\|�j��\|��\|�j��d��\|�j��t��\|��\|�j��dtd�f��\|�j��\|��\|�j��dtd�f��d�S�)N�r��r��r��r��)r��indexr��r$��r0��r"��r��r��r��r�� testIndex��s�� zBufferTests.testIndexc��C��sZ��\|�j��\|��\|�j��d��\|�j��d��\|��\|�j��d��\|�j��\|��\|�j��d��d�S�)Nr��rH��r��rH��ra��)r��reverseIndexr��r$��r0��r��r��r��r��testReverseIndex��s�� zBufferTests.testReverseIndexc��C��sZ��\|�j��\|��\|�j��d��\|�j��d��\|��\|�j��d��\|�j��\|��\|�j��d��dS�)zm C{nextLine} positions the cursor at the beginning of the row below the current row. ra��r��r4��rd��N)r��nextLiner��r$��r/��r��r��r��r�� test_nextLine��s�� zBufferTests.test_nextLinec��C��s~��\|�j��d��\|�j��d��\|��\|�j��d��\|�j��\|�j��d��\|�j��d��\|��\|�j��d��\|�j��\|��\|�j��d��d�S�)Nr��rL��)rL��r��r+��)r7��)r��r0��r/��r��r$�� saveCursorrM�� restoreCursorr��r��r��r��testSaveCursor��s�� zBufferTests.testSaveCursorc��C��s��\|�j��\|�j��d��\|�j��dd�}\|��\|d�d��\|��\|d�jt��\|�j��dd�}\|��\|d�d��\|��\|d�jt��\|�j��\|�j��d��\|�j��dd�}\|��\|d�d��\|��\|d�jt ��\|�j��d d�}\|��\|d�d��\|��\|d�jt��d�S�) Ns��Hir��rV��r��is��!!rH��!r+��) r��singleShift2r8��getCharacterr��charsetr��r��singleShift3r��r��chr��r��r��testSingleShifts��s �� zBufferTests.testSingleShiftsc�� C��s��d}d}d}\|�j��d��\|�j��\|�j��d��\|�j��\|�j��d��t}d}\|\|\|fD�]5}tt\|��D�] }\|�j��\|\|�}\|��\|d�\|\|\|d��\|��\|d�j \|��q3\|tkrZt p[t}\|d7�}q+d�S�) Ns��Hellos��Worlds��Bye!s��Hello s��World s��Bye! r��r��)r��r8��shiftOut�shiftInr��rangerW��rp��r��rq��r��) r��s1�s2�s3�g�hrT��irt��r��r��r��testShifting��s$�� zBufferTests.testShiftingc��C��s��\|�j��tttt��\|�j��d��\|�j��t��\|�j��d��\|�j��t��\|�j��d��\|�j��t��\|�j��d��\|�j��dd�}\|�� \|d�d��\|�� \|d�j��\|�� \|d�j��\|�� \|d�j ��\|�� \|d�j��\|�j��dd�}\|�� \|d�d��\|��\|d�j��\|��\|d�j��\|��\|d�j ��\|��\|d�j��\|�j��dd�}\|�� \|d�d��\|�� \|d�j ��\|��\|d�j��\|��\|d�j��\|��\|d�j��\|�j��dd�}\|�� \|d�d��\|�� \|d�j ��\|�� \|d�j��\|��\|d�j��\|��\|d�j��d�S�) N��W��X��Y��Zr��r��rH��r+��)r��selectGraphicRenditionr��r��r��r ��r8��r ��rp��r�� assertTrue�bold� underline�blink�reverseVideo�assertFalsers��r��r��r��testGraphicRendition ��s@��z BufferTests.testGraphicRenditionc��C��s��d}d}\|�j��tjtj�tjtj��\|�j��\|d��\|�j��t��\|�j��\|d��t t \|��D�]T}\|�j��\|d�}\|��\|d�\|\|\|d��\|��\|d�j t��\|��\|d�j��\|��\|d�j��\|��\|d�j��\|��\|d�j��\|��\|d�jtj��\|��\|d�jtj��q/t t \|��D�]T}\|�j��\|d�}\|��\|d�\|\|\|d��\|��\|d�j t��\|��\|d�j��\|��\|d�j��\|��\|d�j��\|��\|d�j��\|��\|d�jtj��\|��\|d�jtj��q�d�S�)Ns ��Merry xmass��Just kiddingr��r��r��)r��r��r�� FOREGROUND�RED� BACKGROUND�GREENr8��r ��rx��rW��rp��r��rq��r��r��r��r��r��r�� foreground� background�WHITE�BLACK)r��ry��rz��r~��rt��r��r��r��testColorAttributes/��s:��zBufferTests.testColorAttributesc��C��sr��d}d}d}\|�j��d�\|\|\|f�d��\|�j��dd��\|�j��\|��\|�j��\|d�d�\|�d�dtd��d�S�)Ns��line 1s��line 2s��line 3r��r��r7��)r��r8��joinrP�� eraseLiner��r#��r"��r��ry��rz��r{��r��r��r�� testEraseLineO��s�� zBufferTests.testEraseLinec��C��sT��d}\|�j��\|��\|�j��d��\|�j��\|��\|�j��\|d�d��d�dtd��d�S�)NrR��r��r��rH��)r��r8��rM��eraseToLineEndr��r#��r"��rS��r��r��r��testEraseToLineEnd\��s �� .zBufferTests.testEraseToLineEndc��C��s^��d}\|�j��\|��\|�j��d��\|�j��\|��\|�j��\|dd��t\|��d�dtd��d�S�)NrR��r��r��rH��) r��r8��rM��eraseToLineBeginningr��r#��r_��rW��r"��rS��r��r��r��testEraseToLineBeginningc��s�� ,�z$BufferTests.testEraseToLineBeginningc��C��s@��\|�j��d��\|�j��d��\|�j��\|��\|�j��dtd��d�S�)Ns��Hello world s��Goodbye world r��r��)r��r8��eraseDisplayr��r#��r"��r��r��r��r��testEraseDisplayl��s�� zBufferTests.testEraseDisplayc��C��sn��d}d}\|�j��d�\|\|df��\|�j��dd��\|�j��\|��\|�j��\|d�\|d�d��d�dtd��d�S�)N��Hello world� ��Goodbye worldr��r��r��r+��)r��r8��r��rP��eraseToDisplayEndr��r#��r"��r��ry��rz��r��r��r��testEraseToDisplayEnds��s�� �z!BufferTests.testEraseToDisplayEndc��C��sr��d}d}\|�j��d�\|\|f��\|�j��dd��\|�j��\|��\|�j��d\|dd��t\|��d�dt d��d�S�)Nr��r��r��r��r��r+��) r��r8��r��rP��eraseToDisplayBeginningr��r#��r_��rW��r"��r��r��r��r��testEraseToDisplayBeginning~��s�� (�z'BufferTests.testEraseToDisplayBeginningc��C��sh��d}d}\|�j��d�\|\|f��\|�j��dd��\|�j��\|��\|�j��\|d�d�\|�d�dtd��d�S�)Nr��r��r��rL��r��r7��)r��r8��r��rP�� insertLiner��r#��r"��r��r��r��r��testLineInsertion��s�� zBufferTests.testLineInsertionc��C��sj��d}d}d}\|�j��d�\|\|\|f��\|�j��dd��\|�j��\|��\|�j��\|d�\|�d�dtd��d�S�)Nr��s��Middle wordsr��r��rO��r��r+��)r��r8��r��rP�� deleteLiner��r#��r"��r��r��r��r��testLineDeletion��s�� "�zBufferTests.testLineDeletionN)%�__name__� __module__�__qualname__r��r%��r(��r2��r5��r9��r@��rB��rC��rG��rI��rN��rQ��rU��rZ��r\��r^��r`��rc��rf��rh��rl��ru��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��sF�� & r��c��@��s4��e�Zd�ZdZdZdd��Zdd��Zdd��Zdd ��Zd S�)�FakeDelayedCallFc��C��s"��\|\|�_�\|\|�_\|\|�_\|\|�_\|\|�_d�S�r��)�fs�timeout�f�a�kw)r��r��r��r��r��r��r��r��r��__init__��s �� zFakeDelayedCall.__init__c��C��s��\|�j�p\|�j�S�r��)� cancelled�calledr��r��r��r��active��s��zFakeDelayedCall.activec��C��s ��d\|�_�d�S��NT)r��r��r��r��r��cancel�� zFakeDelayedCall.cancelc��C��s��d\|�_�\|�j\|�ji�\|�j��d�S�r��)r��r��r��r��r��r��r��r��call��s��zFakeDelayedCall.callN) r��r��r��r��r��r��r��r��r��r��r��r��r��r��s��r��c��@��s��e�Zd�Zdd��Zdd��ZdS�)� FakeSchedulerc��C��s ��g�\|�_�d�S�r��)�callsr��r��r��r��r��r��zFakeScheduler.__init__c��O��s"��\|�j��t\|�\|\|\|\|��\|�j�d�S�)N��)r��appendr��)r��r��r��r��r��r��r��r�� callLater��s�� zFakeScheduler.callLaterN)r��r��r��r��r��r��r��r��r��r��s��r��c��@��sT��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dd��Z dd��ZdS�)�ExpectTestsc��C��s ��t��\|�_\|�j��t��\|�_d�S�r��)r��ExpectableBufferr��r��r��r��r��r��r��r��r��s�� zExpectTests.setUpc��C��s��g�}\|�j�jdd\|�jd�}\|�\|j��\|�j��d��\|��\|��\|�j��d��\|��\|��\|��\|d�� d��\|��t \|�jj�d��\|��\|�jjd��d�S�)N��hello worldr��r�� schedulers��greeting puny earthlings s��hello world r��) r��expectr��addCallbackr��r8��r��r��r��grouprW��r��r��r��result�dr��r��r��testSimpleString��s�� zExpectTests.testSimpleStringc��C��s��g�}\|�j��d�}\|�\|j��\|��\|��\|�j��d��\|��\|��\|�j��d��\|��\|��\|�j��d��\|��\|��\|��\|d��d��d�S�)Nr��hello s��worl��dr��) r��r��r��r��r��r8��r��r��r��r��r��r��r��testBrokenUpString��s�� zExpectTests.testBrokenUpStringc��C��s��g�}\|�j��d�}\|�\|j��\|�j��d�}\|�\|j��\|��\|��\|�j��d��\|��\|��\|�j��d��\|��t\|�d��\|�j��d��\|��t\|�d��\|��\|d��d��\|��\|d��d��d�S�)Nr��worlds��hello�� r��rH��r��) r��r��r��r��r��r8��r��rW��r��r��r��d1�d2r��r��r��testMultiple��s�� zExpectTests.testMultiplec��C��sJ��\|�j��d��g�}\|�j��d�}\|�\|j��\|��\|��\|��\|d��d��d�S�)Nr��r��)r��r8��r��r��r��r��r��r��r��r��r��r��testSynchronous��s�� zExpectTests.testSynchronousc��C��s\|��\|�j��d��g�}\|�j��d�}\|�\|j��\|�j��d�}\|�\|j��\|��t\|�d��\|��\|d��d��\|��\|d��d��d�S�)Ns ��goodbye worlds��byer��rH��r��r��)r��r8��r��r��r��r��rW��r��r��r��r��r��testMultipleSynchronous��s��z#ExpectTests.testMultipleSynchronousc��C��s$��\|��t\|d��\|��\|jtj��d�S�)N�type)r��hasattrr��r��r��ExpectationTimeout)r��resr��r��r��_cbTestTimeoutFailure��s��z!ExpectTests._cbTestTimeoutFailurec��C��s4��\|�j�jdd\|�jd�}\|�\|�j��\|�jjd��d�S�)Nr��r��r��r��)r��r��r��addBothr��r��r��)r��r��r��r��r��testTimeoutFailure��s��zExpectTests.testTimeoutFailurec��C��s��\|�j��d��g�}\|�j�jdd\|�jd�}\|�\|�j��\|�j��d�}\|�\|j��\|�jjd�� \|�� t\|�d��\|�� \|d��d��d�S�)Ns��not zoomtasticr��r��r��s��zoomr��) r��r8��r��r��r��r��r��r��r��r��r��rW��r��r��r��r��r��testOverlappingTimeout��s��z"ExpectTests.testOverlappingTimeoutN)r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��s�� r��c��@��s ��e�Zd�ZdZdd��Zdd��ZdS�)�CharacterAttributeTestszG Tests for L{twisted.conch.insults.helper.CharacterAttribute}. c�� C��s��\|��t��t��\|��t��tjtd��\|��tjddddtjd�tjddddtjd��\|��t��tjtd��\|��tjdd�tjdd��dS�)z� L{CharacterAttribute}s must have matching character attribute values (bold, blink, underline, etc) with the same values to be considered equal. )rq��TF)r��r��r��r��r��r��N)r��r��CharacterAttributer��BLUE�assertNotEqualr��r��r��r��r�� test_equality)��s4��z%CharacterAttributeTests.test_equalityc��C��sb��t��jdd��\|��\|�jg�}\|��t\|�d��\|��\|d�d�t��d}\|��\|d�d�d\|��d S�) z~ L{twisted.conch.insults.helper.CharacterAttribute.wantOne} emits a deprecation warning when invoked. Tr��r��r��categoryz5twisted.conch.insults.helper._FormattingState.wantOne�messagez#%s was deprecated in Twisted 13.1.0N)r��_FormattingState�wantOne� flushWarnings�test_wantOneDeprecatedr��rW��DeprecationWarning)r�� warningsShown�deprecatedClassr��r��r��r��N��s�� z.CharacterAttributeTests.test_wantOneDeprecatedN)r��r��r��__doc__r��r��r��r��r��r��r��$��s��%r��N)�twisted.conch.insultsr��twisted.conch.insults.insultsr��r��r��r��r��r��r ��r ��r��r��r �� twisted.trialr��r ��r"��TestCaser��r��r��r��r��r��r��r��r��<module>��s��4 �� `��test/__pycache__/test_default.cpython-310.pyc��0000644��00000027502�15027667726�0015147 0��ustar�00��o ��bD-��@��s2��d�Z�ddlZddlmZ�ddlmZ�ddlmZ�ddlm Z �ddl mZ�ddlm Z �dd lmZ�dd lmZ�ddlmZ�dZd Ze d�rge d�rgddlmZ�ddlmZ�ddlmZ�ddlmZ�ddlmZ�ndZdZeZ e�!��rudZdZej"�#��s~dZdZej$�#��s�dZdZG�dd��de�Z%G�dd��de�Z&dS�)z, Tests for L{twisted.conch.client.default}. ��N)�skipIf)� ConchError)�keydata)�nativeString)�FilePath)� requireModule)�platform)�StringTransport)�TestCaseF��cryptography�pyasn1)�default)�SSHAgentClient)�SSHUserAuthClient)�ConchOptions)�KeyTzBcryptography and PyASN1 required for twisted.conch.client.default.zlgenericAnswers and getPassword does not work on Windows. Should be fixed as part of fixing bug 6409 and 6410z#sys.stdin is not an interactive ttyz$sys.stdout is not an interactive ttyc��@��s��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zee e�dd��Zee e�dd��Zee e�dd��Zee e�dd��ZdS�)�SSHUserAuthClientTestszm Tests for L{SSHUserAuthClient}. @type rsaPublic: L{Key} @ivar rsaPublic: A public RSA key. c��C��sZ��t��tj�\|�_t\|��\|�_\|�j��\|�j� d�\|�_ \|�j �tj��\|�j� d��tj��d�S�)N�id_rsa� id_rsa.pub) r�� fromStringr��publicRSA_openssh� rsaPublicr��mktemp�tmpdir�makedirs�child�rsaFile� setContent�privateRSA_openssh��self��r"��A/usr/lib/python3/dist-packages/twisted/conch/test/test_default.py�setUp:��s�� zSSHUserAuthClientTests.setUpc��C��sf��t�dt��d�}t��}t��}\|�\|��\|\|_d}\|�\|�j\|��\|��\|� ��d\|�j� ��d�\|�d��dS�)z� When connected to an agent, L{SSHUserAuthClient} can use it to request signatures of particular data with a particular L{Key}. ��userNs ��Sign heres ��- ��s�� s��)r��r��r��r ��makeConnection�keyAgent�signDatar��assertEqual�value�blob)r!��client�agent� transport� cleartextr"��r"��r#��test_signDataWithAgentB��s&�� z-SSHUserAuthClientTests.test_signDataWithAgentc��C��sJ��t��}\|�j��g\|_\|��}\|��\|��\|��\|\|�j��\|��\|��dS�)a�� L{SSHUserAuthClient} looks up public keys from the agent using the L{SSHAgentClient} class. That L{SSHAgentClient.getPublicKey} returns a L{Key} object with one of the public keys in the agent. If no more keys are present, it returns L{None}. N) r��r��r+��blobs�getPublicKey� assertTrue�isPublicr)��assertIsNone)r!��r-��keyr"��r"��r#��test_agentGetPublicKeyW��s��z-SSHUserAuthClientTests.test_agentGetPublicKeyc��C��sF��t��}\|�jjg\|_td\|d�}\|��}\|��\|��\|��\|\|�j ��dS�)z� L{SSHUserAuthClient.getPublicKey()} is able to get a public key from the first file described by its options' C{identitys} list, and return the corresponding public L{Key} object. r%��N) r��r��path� identitysr��r2��r3��r4��r)��r��)r!��optionsr,��r6��r"��r"��r#��test_getPublicKeyFromFilee��s��z0SSHUserAuthClientTests.test_getPublicKeyFromFilec��C��sR��t��}\|�jjg\|_t��}td\|d�}\|\|_\|��}\|��\|� ��\|�� \|\|�j��dS�)z� If an agent is present, but doesn't return a key, L{SSHUserAuthClient.getPublicKey} continue with the normal key lookup. r%��N)r��r��r8��r9��r��r��r'��r2��r3��r4��r)��r��)r!��r:��r-��r,��r6��r"��r"��r#��test_getPublicKeyAgentFallbackr��s��z5SSHUserAuthClientTests.test_getPublicKeyAgentFallbackc��C��s��t��}\|�j�d��tj��\|�j�d�}\|�tj��\|�jj\|jg\|_ \|�j�d��d��t d\|d�}\|��}\|��\|� ��\|��\|t�tj��\|��\|j\|�jj\|jg��dS�)z� If L{keys.Key.fromFile} raises a L{keys.BadKeyError}, the L{SSHUserAuthClient.getPublicKey} tries again to get a public key by calling itself recursively. z id_dsa.pub�id_dsar��s ��not a key!r%��N)r��r��r��r��r��publicDSA_openssh�privateDSA_opensshr��r8��r9��r��r2��r3��r4��r)��r��r�� usedFiles)r!��r:��dsaFiler,��r6��r"��r"��r#��test_getPublicKeyBadKeyError��s��z3SSHUserAuthClientTests.test_getPublicKeyBadKeyErrorc��sN��t��tj��t��}�jjg\|_td\|d�}\|� ��fdd�}\|� ��\|�S�)z� L{SSHUserAuthClient.getPrivateKey} will load a private key from the last used file populated by L{SSHUserAuthClient.getPublicKey}, and return a L{Deferred} which fires with the corresponding private L{Key}. r%��Nc��\|��\|��d�S��N��assertFalser4��r)��r6�� rsaPrivater!��r"��r#��_cbGetPrivateKey��zCSSHUserAuthClientTests.test_getPrivateKey.<locals>._cbGetPrivateKey)r��r��r��r��r��r��r8��r9��r��r2�� getPrivateKey�addCallback)r!��r:��r,��rJ��r"��rH��r#��test_getPrivateKey��s��z)SSHUserAuthClientTests.test_getPrivateKeyc��s��t��tj��d��j��jd��d��t��}�jjg\|_ t d\|d�}\|��fdd�}��fdd �}��\|d \|��\|� ��\|�S�)z� L{SSHUserAuthClient} can get a private key from a file, and return a Deferred called back with a private L{Key} object, even if the key is encrypted. s��this is the passphrase�openssh)� passphraser%��Nc��s ��\|�d�jj��d��t��S�)NzEnter passphrase for key 'z': )r)��r��r8��r��prompt)rP��r!��r"��r#��_getPassword��s��zISSHUserAuthClientTests.test_getPrivateKeyPassphrase.<locals>._getPasswordc��rC��rD��rE��rG��rH��r"��r#��rJ��rK��zMSSHUserAuthClientTests.test_getPrivateKeyPassphrase.<locals>._cbGetPrivateKeyrS��)r��r��r��r��r��r��toStringr��r8��r9��r��r2��patchrL��rM��)r!��r:��r,��rS��rJ��r"��)rP��rI��r!��r#��test_getPrivateKeyPassphrase��s��z3SSHUserAuthClientTests.test_getPrivateKeyPassphrasec��s`��G�dd��d�}t��}td\|d�}\|d�\|_��fdd�}��tjd\|��\|��}\|��jd ��\|S�) zn Get the password using L{twisted.conch.client.default.SSHUserAuthClient.getPassword} c��@��s��e�Zd�Zdd��Zdd��ZdS�)z>SSHUserAuthClientTests.test_getPassword.<locals>.FakeTransportc��S��s��\|�\|�_�\|\|�_d�S�rD��)r.��host)r!��rW��r"��r"��r#��__init__��s�� zGSSHUserAuthClientTests.test_getPassword.<locals>.FakeTransport.__init__c��S��s��\|�S�rD��r"��r ��r"��r"��r#��getPeer��s��zFSSHUserAuthClientTests.test_getPassword.<locals>.FakeTransport.getPeerN)�__name__� __module__�__qualname__rX��rY��r"��r"��r"��r#�� FakeTransport��s��r]��r%��Nz 127.0.0.1c��\|�d��dS�)Nzuser@127.0.0.1's password: �bad password�r)��rQ��r ��r"��r#��getpass��z8SSHUserAuthClientTests.test_getPassword.<locals>.getpassra��bad password) r��r��r.��rU��r��ra��getPasswordrM��r)��)r!��r]��r:��r,��ra��dr"��r ��r#��test_getPassword��s�� z'SSHUserAuthClientTests.test_getPasswordc��sP��t��}td\|d�}d��fdd�}��tjd\|��\|��}\|��jd��\|S�)z� Get the password using L{twisted.conch.client.default.SSHUserAuthClient.getPassword} using a different prompt. r%��Ns��Give up your passwordc��s��\|�t��dS�)Nr_��)r)��r��)�p�rR��r!��r"��r#��ra��s��z>SSHUserAuthClientTests.test_getPasswordPrompt.<locals>.getpassra��rc��)r��r��rU��r��ra��rd��rM��r)��)r!��r:��r,��ra��re��r"��rh��r#��test_getPasswordPrompt��s�� z-SSHUserAuthClientTests.test_getPasswordPromptc��sh��t��}td\|d�}dd��}��tjd\|��tjtj��\|�d�}\|j ��fdd��}�� \|t��dS�) z� Get the password using L{twisted.conch.client.default.SSHUserAuthClient.getPassword} and trigger a {twisted.conch.error import ConchError}. r%��Nc��S��s��t�d��)NzUser pressed CTRL-C)�KeyboardInterruptrQ��r"��r"��r#��ra��s��zBSSHUserAuthClientTests.test_getPasswordConchError.<locals>.getpassra��?c��s��gtjtjg��\|�S�rD��)r)��sys�stdout�stdin)�fail�r!��rn��rm��r"��r#�� check_sys��s��zDSSHUserAuthClientTests.test_getPasswordConchError.<locals>.check_sys)r��r��rU��r��ra��rl��rm��rn��rd�� addErrback� assertFailurer��)r!��r:��r,��ra��re��rq��r"��rp��r#��test_getPasswordConchError��s�� z1SSHUserAuthClientTests.test_getPasswordConchErrorc��sp��t��}td\|d�}��fdd�}��tjd\|��fdd�}��td\|��\|�d d ddg�}\|��jdd g��\|S�)zU L{twisted.conch.client.default.SSHUserAuthClient.getGenericAnswers} r%��Nc��r^��)Nzpass promptra��r`��rQ��r ��r"��r#��ra��rb��z>SSHUserAuthClientTests.test_getGenericAnswers.<locals>.getpassra��c��r^��)Nzraw_input prompt� raw_inputr`��rQ��r ��r"��r#��ru��rb��z@SSHUserAuthClientTests.test_getGenericAnswers.<locals>.raw_input�_inputs��Names��Instruction)s��pass promptF)s��raw_input promptTru��)r��r��rU��r��ra��getGenericAnswersrM��assertListEqual)r!��r:��r,��ra��ru��re��r"��r ��r#��test_getGenericAnswers ��s��z-SSHUserAuthClientTests.test_getGenericAnswersN)rZ��r[��r\��__doc__r$��r0��r7��r;��r<��rB��rN��rV��r��doSkip� skipReasonrf��ri��rt��ry��r"��r"��r"��r#��r��2��s$�� r��c��@��s ��e�Zd�ZdZdd��Zdd��ZdS�)�ConchOptionsParsingz Options parsing. c��C��s��t��}\|��t\|jd�}\|��d\|j��t��}\|�d��\|��\|d�dg��\|�d��\|��\|d�dg��\|�d��\|��\|d�g�d��dS�) z) Specify MAC algorithms. zinvalid-maczUnknown mac typez hmac-sha2-512�macss ��hmac-sha2-512z hmac-sha2-256,hmac-sha1,hmac-md5)s ��hmac-sha2-256s ��hmac-sha1s��hmac-md5N)r��assertRaises� SystemExit�opt_macs�assertIn�coder)��r!��opts�er"��r"��r#�� test_macs�� zConchOptionsParsing.test_macsc��C��s��t��}\|��t\|jd�}\|��d\|j��t��}\|�d��\|��\|d�dg��\|�d��\|��\|d�dg��\|�d��\|��\|d�ddg��dS�) z. Specify host key algorithms. zinvalid-keyzUnknown host key typezssh-rsazhost-key-algorithmss��ssh-rsas��ssh-dsszssh-rsa,ssh-dssN)r��r��r��opt_host_key_algorithmsr��r��r)��r��r"��r"��r#��test_host_key_algorithms9��r��z,ConchOptionsParsing.test_host_key_algorithmsN)rZ��r[��r\��rz��r��r��r"��r"��r"��r#��r}��%��s��r}��)'rz��rl��unittestr��twisted.conch.errorr��twisted.conch.testr��twisted.python.compatr��twisted.python.filepathr��twisted.python.reflectr��twisted.python.runtimer��twisted.test.proto_helpersr ��twisted.trial.unittestr ��r{��r\|��twisted.conch.clientr��twisted.conch.client.agentr��twisted.conch.client.defaultr��twisted.conch.client.optionsr��twisted.conch.ssh.keysr��skip� isWindowsrn��isattyrm��r��r}��r"��r"��r"��r#��<module>��sF�� t��test/__pycache__/test_text.cpython-310.pyc��0000644��00000010102�15027667726�0014473 0��ustar�00��o ��b��@��s:��d�dl�mZ�d�dlmZ�d�dlmZ�G�dd��dej�ZdS�)��)�text)� attributes)�unittestc��@��sX��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zdd��ZdS�)�FormattedTextTestsz. Tests for assembling formatted text. c��C��s��\|��t�tjd��d��dS�)zu Using no formatting attributes produces no VT102 control sequences in the flattened output. � Hello, world.N)�assertEqualr��assembleFormattedText�A�normal��self��r ��>/usr/lib/python3/dist-packages/twisted/conch/test/test_text.py�test_trivial��zFormattedTextTests.test_trivialc��C��\|��t�tjd��d��dS�)z� The bold formatting attribute, L{A.bold}, emits the VT102 control sequence to enable bold when flattened. r��z[1mHello, world.N)r��r��r��r ��boldr��r ��r ��r�� test_bold��r��zFormattedTextTests.test_boldc��C��r��)z� The underline formatting attribute, L{A.underline}, emits the VT102 control sequence to enable underlining when flattened. r��z[4mHello, world.N)r��r��r��r �� underliner��r ��r ��r��test_underline!��z!FormattedTextTests.test_underlinec��C��r��)z� The blink formatting attribute, L{A.blink}, emits the VT102 control sequence to enable blinking when flattened. r��z[5mHello, world.N)r��r��r��r ��blinkr��r ��r ��r�� test_blink+��r��zFormattedTextTests.test_blinkc��C��r��)z� The reverse-video formatting attribute, L{A.reverseVideo}, emits the VT102 control sequence to enable reversed video when flattened. r��z[7mHello, world.N)r��r��r��r ��reverseVideor��r ��r ��r��test_reverseVideo4��r��z$FormattedTextTests.test_reverseVideoc�� C��s0��\|��t�tjtjdtjd��df��d��dS�)z� Formatting attributes prefixed with a minus (C{-}) temporarily disable the prefixed attribute, emitting no VT102 control sequence to enable it in the flattened output. �Helloz world�.z[1;5mHello[0;5m world[1;5m.N)r��r��r��r ��r��r��r��r ��r ��r�� test_minus>��s��zFormattedTextTests.test_minusc��C��0��\|��t�tjtjjd�tjjd�f��d��dS�)z� The foreground color formatting attribute, L{A.fg}, emits the VT102 control sequence to set the selected foreground color when flattened. �Hello, �world!z[31mHello, [32mworld!N)r��r��r��r ��r ��fg�red�greenr��r ��r ��r��test_foregroundK��z"FormattedTextTests.test_foregroundc��C��r��)z� The background color formatting attribute, L{A.bg}, emits the VT102 control sequence to set the selected background color when flattened. r��r ��z[41mHello, [42mworld!N)r��r��r��r ��r ��bgr"��r#��r��r ��r ��r��test_backgroundW��r%��z"FormattedTextTests.test_backgroundc��C��sn��\|��\|�jg�}\|��t\|�d��tj�\|��\|�jg�}\|��t\|�d��\|��\|d�d�t��\|��\|d�d�d��dS�)zv L{twisted.conch.insults.text.flatten} emits a deprecation warning when imported or accessed. r��category�messagez�twisted.conch.insults.text.flatten was deprecated in Twisted 13.1.0: Use twisted.conch.insults.text.assembleFormattedText instead.N)� flushWarnings�test_flattenDeprecatedr��lenr��flatten�DeprecationWarning)r�� warningsShownr ��r ��r��r,��c��s�� z)FormattedTextTests.test_flattenDeprecatedN) �__name__� __module__�__qualname__�__doc__r��r��r��r��r��r��r$��r'��r,��r ��r ��r ��r��r�� s�� r��N) �twisted.conch.insultsr��twisted.conch.insults.textr��r �� twisted.trialr��TestCaser��r ��r ��r ��r��<module>��s��test/__pycache__/test_tap.cpython-310.pyc��0000644��00000012154�15027667726�0014304 0��ustar�00��o ��b��@��s��d�Z�ddlmZ�ddlmZ�ddlmZmZmZ�ddl m Z �ddlmZ�e d�Z e d�Ze d �Ze rBerBerBdd lmZ�ddlmZ�G�dd ��d e�ZdS�)z! Tests for L{twisted.conch.tap}. ��)�StreamServerEndpointService)�error)�ISSHPrivateKey�IUsernamePassword�UsernamePassword)� requireModule)�TestCase�cryptography�pyasn1ztwisted.conch.unix)�tap)�OpenSSHFactoryc��@��sl��e�Zd�ZdZes dZesdZesdZdZdd��Z dd ��Z d d��Zdd ��Zdd��Z dd��Zdd��Zdd��ZdS�)�MakeServiceTestsz' Tests for L{tap.makeService}. zcan't run without cryptographyzCannot run without PyASN1z can't run on non-posix computers)s��iamusers��thisispasswordc��C��sV��\|��\|�_t\|�jd��}\|�d�\|�j��W�d��n1�sw��Y��t��\|�_dS�)z/ Create a file with two users. zwb+��:N) �mktemp�filename�open�write�join�usernamePasswordr��Options�options)�self�f��r��=/usr/lib/python3/dist-packages/twisted/conch/test/test_tap.py�setUp(��s �� zMakeServiceTests.setUpc��C��s@��t��}t��\|�}\|��\|t��\|��\|jjd��\|��\|jt ��dS�)z� L{tap.makeService} returns a L{StreamServerEndpointService} instance running on TCP port 22, and the linked protocol factory is an instance of L{OpenSSHFactory}. ��N) r��r��makeService�assertIsInstancer��assertEqual�endpoint�_port�factoryr��)r��config�servicer��r��r�� test_basic1��s �� zMakeServiceTests.test_basicc��C��sN��d}\|��t\|�jd�d��\|��t\|�jd�d��\|��\|t\|�jd��d\|f��dS�)z� Make sure that if the C{--auth} command-line option is not passed, the default checkers are (for backwards compatibility): SSH and UNIX ��credInterfacesz)SSH should be one of the default checkerszUNIX should be one of the default checkers�credCheckersz&There should be %d checkers by defaultN)�assertInr��r��r��r��len)r��numCheckersr��r��r��test_defaultAuths=��s ��z"MakeServiceTests.test_defaultAuthsc��C��s0��\|�j��dd\|�j�g��\|��t\|�j�d��d��dS�)z� The C{--auth} command-line option will add a checker to the list of checkers, and it should be the only auth checker �--auth�file:r(��N�r��parseOptionsr��r��r��r��r��r��r��test_authAddedT��s��zMakeServiceTests.test_authAddedc��C��s4��\|�j��dd\|�j�ddg��\|��t\|�j�d��d��dS�)z� Multiple C{--auth} command-line options will add all checkers specified to the list ofcheckers, and there should only be the specified auth checkers (no default checkers). r-��r.��zmemory:testuser:testpasswordr(��r&��Nr0��r2��r��r��r��test_multipleAuthAdded\��s��z'MakeServiceTests.test_multipleAuthAddedc��C��sH��\|�j��dd\|�j�g��\|�j�d�d�}t\|�jd�d�}\|��\|�\|�tj�S�)z� The checker created by the C{--auth} command-line option returns a L{Deferred} that fails with L{UnauthorizedLogin} when presented with credentials that are unknown to that checker. r-��r.��r(��r��fake) r��r1��r��r��r�� assertFailure�requestAvatarIdr��UnauthorizedLogin)r��checker�invalidr��r��r��test_authFailurel��s��z!MakeServiceTests.test_authFailurec��sP��j��dd�j�g��j�d�d�}t�j��\|��}��fdd�}\|�\|�S�)z� The checker created by the C{--auth} command-line option returns a L{Deferred} that returns the avatar id when presented with credentials that are known to that checker. r-��r.��r(��r5��c��s��\|��j��d�S�)N)r��username)r=��correctr��r��r��checkSuccess��s��z7MakeServiceTests.test_authSuccess.<locals>.checkSuccess)r��r1��r��r��r��r8��addCallback)r��r:��dr@��r��r>��r��test_authSuccessz��s�� z!MakeServiceTests.test_authSuccessc��C��s8��t��}t��\|�}\|jj}\|��t\|j��t t h��dS�)z� The L{OpenSSHFactory} built by L{tap.makeService} has a portal with L{ISSHPrivateKey} and L{IUsernamePassword} interfaces registered as checkers. N)r��r��r��r"��portalr��set�checkers�keysr��r��)r��r#��r$��rD��r��r��r�� test_checkers��s�� zMakeServiceTests.test_checkersN)�__name__� __module__�__qualname__�__doc__r ��skipr ��unixr��r��r%��r,��r3��r4��r<��rC��rH��r��r��r��r��r ��s"�� r ��N)rL��twisted.application.internetr��twisted.credr��twisted.cred.credentialsr��r��r��twisted.python.reflectr��twisted.trial.unittestr��r ��r ��rN�� twisted.conchr��$twisted.conch.openssh_compat.factoryr��r ��r��r��r��r��<module>��s��test/__pycache__/test_keys.cpython-310.pyc��0000644��00000142466�15027667726�0014505 0��ustar�00��o ��b7��@��s��d�Z�ddlZddlZddlmZ�ddlmZ�ddlmZ�ddl m Z �ddlmZ�ddl mZ�ed �Zedu�r8d Zed�ZerVerVddlmZ�dd lmZmZmZ�e��ZndZdd��ZG�dd��dej�ZG�dd��dej�ZdS�)z& Tests for L{twisted.conch.ssh.keys}. ��N)�dedent)�keydata)� randbytes)�FilePath)� requireModule)�unittest�cryptographyz Cannot run without cryptography.�pyasn1)�default_backend)�common�keys�sexpyFc��C��s��t�sd\|�_\|�S�)Nz$ed25519 not supported on this system)�ED25519_SUPPORTED�skip)�f��r��>/usr/lib/python3/dist-packages/twisted/conch/test/test_keys.py�skipWithoutEd25519$��s��r��c��@��s��e�Zd�Zedu�r eZedu�rdZdd��Zdd��Zdd��Z d d ��Z dd��Zd d��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd ��Zd!d"��Zd#d$��Zd%d&��Zd'd(��Zd)d��Zd+d,��Zd-d.��Zd/d0��Zd1d2��Zd3d4��Zd5d6��Z d7d8��Z!d9d:��Z"d;d<��Z#d=d>��Z$d?d@��Z%dAdB��Z&dCdD��Z'dEdF��Z(dGdH��Z)dIdJ��Ze+dKdL��Z,dMdN��Z-dOdP��Z.dQdR��Z/dSdT��Z0e+dUdV��Z1dWdX��Z2dYdZ��Z3d[d\��Z4e+d]d^��Z5d_d`��Z6dadb��Z7dcdd��Z8dedf��Z9e+dgdh��Z:didj��Z;dkdl��Z<dmdn��Z=dodp��Z>dqdr��Z?dsdt��Z@dudv��ZAe+dwdx��ZBe+dydz��ZCd{d\|��ZDd}d~��ZEdd��ZFd�d��ZGd�d��ZHd�d��ZId�d��ZJd�d��ZKd�d��ZLe+d�d��ZMd�d��ZNd�d��ZOd�d��ZPd�d��ZQd�d��ZRd�d��ZSd�d��ZTe+d�d��ZUe+d�d��ZVdS�)��KeyTestsNzCannot run without PyASN1c��C��s��t�jjtjd�tjd�tjd�tjd�tjd�tjd�d�j\|�_t�jjtjd�tjd�tjd�tjd �tjd �d�j\|�_ t�jj tjd �tjd�tjd�tjd �d�j\|�_t�jj tj d �tj d�tj d�tj d �d�j\|�_t�jj tjd �tjd�tjd�tjd �d�j\|�_tr�t�jjtjd�tjd�d�j\|�_d\|�_d\|�_\|��tddd��\|��\|�_t\|�jd��}\|�tj��W�d��d�S�1�s�w��Y��d�S�)N�n�e�d�p�q�u)r��r��r��r��r��r��y�g�x)r��r��r��r��r��privateValue�curve)r��r��r��r��a�k)r ��r!��s��ssh-rsa��~Y��W�pu@�1�S�O�E�/x��G3��U��d��,'=Qg�x�j�I�ޯb�@�rΣzM1q5�{wjKN��C��i��}�RT�DJH�l�[��\|�^n��ъ�aY�B��Ǿ7�9j�.��9p�?�N��/) >Aµj�UWԮ�B�t�y��fˆ�k��u�N�ɓY�.V�L44`CǦ6��Y��%� 4^�rY� �.�%H��A�s7��ssh-dss��(?��;�TFA��E@4,d� ٮ�[�-�nQ�f��jrg�p<�secureRandomc��S��s��d\|��S�)N��r��)r��r��r��r��<lambda>k��s��z KeyTests.setUp.<locals>.<lambda>�wb)r��Key�_fromRSAComponentsr��RSAData� _keyObject�rsaObj�_fromDSAComponents�DSAData�dsaObj�_fromECComponents�ECDatanistp256�ecObj�ECDatanistp384�ecObj384�ECDatanistp521�ecObj521r��_fromEd25519Components�Ed25519Data� ed25519Obj�rsaSignature�dsaSignature�patchr��mktemp�keyFile�open�write�privateRSA_lsh)�selfr��r��r��r��setUp1��st�� "�zKeyTests.setUpc��C��s��t��\|�j��d�S��N)�os�unlinkr<��r@��r��r��r��tearDownp��s��zKeyTests.tearDownc��C��s��\|��t�\|�j��d��\|��t�\|�j��d��\|��t�\|�j��d��\|��t�\|�j��d��\|��t�\|�j��d��t rL\|��t�\|�j ��d��dS�dS�)zU The L{keys.Key.size} method returns the size of key object in bits. i��i��i ��N)�assertEqualr��r&��r��sizer-��r0��r2��r4��r��r7��rE��r��r��r�� test_sizes��s��zKeyTests.test_sizec��C��s��\|��tj�tj�d��\|��tj�tj�d��\|��tj�tj�d��tr.\|��tj�tj �d��\|��tj�tj �d��\|��tj�tj�d��\|��tj�tj�d��\|��tj�tj �d��\|��tj�tj�d��\|��tj�tj�d��tr}\|��tj�tj�d��\|��tj�tj�d��\|��tj�tj�d��\|��tj�tj�d��\|��tj�tj�d��\|��tj�tj�d��\|��tj�tj�d��\|��tj�d�d��\|��tj�d�d��\|��tj�d �d ��d S�)z_ Test that the _guessStringType method guesses string types correctly. �public_openssh�private_openssh� public_lsh�private_lsh�agentv3s��ssh-rsa��blobs��ssh-dss��s ��not a keyN)rI��r��r&��_guessStringTyper��publicRSA_openssh�publicDSA_openssh�publicECDSA_opensshr��publicEd25519_openssh�privateRSA_openssh�privateRSA_openssh_new�privateDSA_openssh�privateDSA_openssh_new�privateECDSA_openssh�privateECDSA_openssh_new�privateEd25519_openssh_new� publicRSA_lsh� publicDSA_lshr?��privateDSA_lsh�privateRSA_agentv3�privateDSA_agentv3rE��r��r��r��test__guessStringType��sz�� zKeyTests.test__guessStringTypec�� C��s��t�j�tj�}t�j�tj�}\|��\|��\|��t�j�tj�}t�j�tj �}\|��\|��\|��t�j�tj �}t�j�tj�}\|��\|��\|��trdt�j�tj �}t�j�tj�}\|��\|��\|��dS�dS�)zn The L{keys.Key.public} method returns a public key for both public and private keys. N)r��r&�� fromStringr��rW��rS��rI��publicrY��rT��r[��rU��r��r]��rV��) r@�� privateRSAKey�publicRSAKey� privateDSAKey�publicDSAKey�privateECDSAKey�publicECDSAKey�privateEd25519Key�publicEd25519Keyr��r��r��test_public��s��zKeyTests.test_publicc��C��s��t�j�tj�}t�j�tj�}t�j�tj�}\|��\|�� \|�� \|� ��\|��\|�� \|�� \|� ��\|��\|�� \|�� \|� ��tr`t�j�tj�}\|��\|�� \|�� \|� ��dS�dS�)zg The L{keys.Key.isPublic} method returns True for public keys otherwise False. N) r��r&��rd��r��rW��rY��r[�� assertTruere��isPublic�assertFalser��r]��)r@��rsaKey�dsaKey�ecdsaKey� ed25519Keyr��r��r�� test_isPublic��s��zKeyTests.test_isPublicc��C��s ��\|��\|\|\|��\|��\|\|\|��d�S�rB��)�_testPublicFromString�_testPrivateFromString)r@��re��private�type�datar��r��r��_testPublicPrivateFromString��s��z%KeyTests._testPublicPrivateFromStringc��C��sT��t�j�\|�}\|��\|��\|��\|��\|��\|��D�]\}}\|��\|\|�\|��qd�S�rB��) r��r&��rd��ro��rp��rI��rz��r{��items)r@��re��rz��r{�� publicKeyr!��vr��r��r��rw��s��zKeyTests._testPublicFromStringc��C��sT��t�j�\|�}\|��\|��\|��\|��\|��\|��D�]\}}\|��\|��\|�\|��qd�S�rB��) r��r&��rd��rq��rp��rI��rz��r}��r{��)r@��ry��rz��r{�� privateKeyr!��r��r��r��r��rx��s��zKeyTests._testPrivateFromStringc��C��s��\|��tjtjdtj��\|��tjtjdtj��\|��t j jtjdd�t j �tj��\|��t j �tj �t j �tj��\|��tjtjdtj��trR\|��tjtjdtj��dS�dS�)zN Test that keys are correctly generated from OpenSSH strings. �EC�RSA� ��encrypted�� passphrase�DSA�Ed25519N)r\|��r��rU��r[��r/��rS��rW��r(��rI��r��r&��rd��privateRSA_openssh_encrypted�privateRSA_openssh_alternaterT��rY��r,��r��rV��r]��r6��rE��r��r��r��test_fromOpenSSH��sH��zKeyTests.test_fromOpenSSHc��C��s��d}\|��tjtjj\|d��dS�)z. Tests for invalid key types. s ��-----BEGIN FOO PRIVATE KEY----- MIGkAgEBBDAtAi7I8j73WCX20qUM5hhHwHuFzYWYYILs2Sh8UZ+awNkARZ/Fu2LU LLl5RtOQpbWgBwYFK4EEACKhZANiAATU17sA9P5FRwSknKcFsjjsk0+E3CeXPYX0 Tk/M0HK3PpWQWgrO8JdRHP9eFE9O/23P8BumwFt7F/AvPlCzVd35VfraFT0o4cCW G0RqpQ+np31aKmeJshkcYALEchnU+tQ= -----END EC PRIVATE KEY-----N)�assertRaisesr��BadKeyErrorr&��_fromString_PRIVATE_OPENSSH�r@��badKeyr��r��r��test_fromOpenSSHErrors)��s��zKeyTests.test_fromOpenSSHErrorsc��C��s(��d}\|��tj�\|�tj�\|d��dS�)zP If key strings have trailing whitespace, it should be ignored. ��-----BEGIN DSA PRIVATE KEY----- MIIBuwIBAAKBgQDylESNuc61jq2yatCzZbenlr9llG+p9LhIpOLUbXhhHcwC6hrh EZIdCKqTO0USLrGoP5uS9UHAUoeN62Z0KXXWTwOWGEQn/syyPzNJtnBorHpNUT9D Qzwl1yUa53NNgEctpo4NoEFOx8PuU6iFLyvgHCjNn2MsuGuzkZm7sI9ZpQIVAJiR 9dPc08KLdpJyRxz8T74b4FQRAoGAGBc4Z5Y6R/HZi7AYM/iNOM8su6hrk8ypkBwR a3Dbhzk97fuV3SF1SDrcQu4zF7c4CtH609N5nfZs2SUjLLGPWln83Ysb8qhh55Em AcHXuROrHS/sDsnqu8FQp86MaudrqMExCOYyVPE7jaBWW+/JWFbKCxmgOCSdViUJ esJpBFsCgYEA7+jtVvSt9yrwsS/YU1QGP5wRAiDYB+T5cK4HytzAqJKRdC5qS4zf C7R0eKcDHHLMYO39aPnCwXjscisnInEhYGNblTDyPyiyNxAOXuC8x7luTmwzMbNJ /ow0IqSj0VF72VJN9uSoPpFd4lLT0zN8v42RWja0M8ohWNf+YNJluPgCFE0PT4Vm SUrCyZXsNh6VXwjs3gKQ -----END DSA PRIVATE KEY-----�� N)rI��r��r&��rd��r@��privateDSADatar��r��r�� test_fromOpenSSH_with_whitespace7��s �� z)KeyTests.test_fromOpenSSH_with_whitespacec��C��sH��t�jjtjdd�}\|��\|��d��t�jjtjd�dd�}\|��\|\|��dS�)z� Newer versions of OpenSSH generate encrypted keys which have a longer IV than the older versions. These newer keys are also loaded. s��testxpr��r��r��N)r��r&��rd��r�� privateRSA_openssh_encrypted_aesrI��rz��)r@��key�key2r��r��r��test_fromNewerOpenSSHN��s�� zKeyTests.test_fromNewerOpenSSHc��C��s��t�jt�jft�jt�jft�jt�jft�jt�jft�j t�j ffD�]\}}\|��tj �\|�tj �\|��q\|��tj jt�jdd�tj jt�jdd��dS�)z� OpenSSH 6.5 introduced a newer "openssh-key-v1" private key format (made the default in OpenSSH 7.8). Loading keys in this format produces identical results to loading the same keys in the old PEM-based format. r��r��N)r��rW��rX��rY��rZ��r[��r\��privateECDSA_openssh384�privateECDSA_openssh384_new�privateECDSA_openssh521�privateECDSA_openssh521_newrI��r��r&��rd�� privateRSA_openssh_encrypted_newr��)r@��old�newr��r��r��test_fromOpenSSH_v1_format\��s�� z#KeyTests.test_fromOpenSSH_v1_formatc�� C��s,��d}\|��tj�\|�tj�\|�dd��dS�)zp Test that keys are correctly generated from OpenSSH strings with Windows line endings. r��r��s�� N)rI��r��r&��rd��replacer��r��r��r��%test_fromOpenSSH_windows_line_endingst��s �� z.KeyTests.test_fromOpenSSH_windows_line_endingsc��C��s@��t��ddddgggg�}\|�jtjtjjdt�\|��d�d��dS�) za C{BadKeyError} exception is raised when public key has an unknown type. s ��public-key��bad-key��p��2��{��})r{��N) r ��packr��r��r��r&��rd��base64� b64encode�r@��sexpr��r��r��!test_fromLSHPublicUnsupportedType��s�� zKeyTests.test_fromLSHPublicUnsupportedTypec��C��s0��t��ddddgggg�}\|��tjtjj\|��dS�)zb C{BadKeyError} exception is raised when private key has an unknown type. s��private-keyr��r��r��N)r ��r��r��r��r��r&��rd��r��r��r��r��"test_fromLSHPrivateUnsupportedType��s��z+KeyTests.test_fromLSHPrivateUnsupportedTypec��C��\|��tjtjdtj��dS�)zR RSA public and private keys can be generated from a LSH strings. r��N)r\|��r��r^��r?��r(��rE��r��r��r��test_fromLSHRSA��zKeyTests.test_fromLSHRSAc��C��r��)zH DSA public and private key can be generated from LSHs. r��N)r\|��r��r_��r`��r,��rE��r��r��r��test_fromLSHDSA��r��zKeyTests.test_fromLSHDSAc��C��s<��\|��tjdtj��\|��tjdtj��\|��tjtj j d��dS�)zO Test that keys are correctly generated from Agent v3 strings. r��r��s$��ssh-foo��N)rx��r��ra��r(��rb��r,��r��r��r��r&��rd��rE��r��r��r��test_fromAgentv3��s��zKeyTests.test_fromAgentv3c��C��sR��t��\|�j�}\|jdd��d�}\|��t�jj\|dd�\|��\|�jt�jt�jj\|dd��dS�)zf L{keys.Key.fromString} applies Normalization Form KC to Unicode passphrases. �openssh��verschlüsseltr��verschlüsselt��unassigned N) r��r&��r��toString�encoderI��rd��r��PassphraseNormalizationError�r@��r��key_datar��r��r��test_fromStringNormalizesUnicodePassphrase��s�� z3KeyTests.test_fromStringNormalizesUnicodePassphrasec��C��s��\|��tjtjjd��\|��tjtjjdd��\|�j�tjtjjtjdd��\|��tjtjjt�\|�j�j ddd��\|��tjtjjd��\|�j�tjtjjdd d��\|�j�tjtjjd d d��\|�j�tjtjjdd d��\|�j�tjtjjdd d��d S�)zW keys.Key.fromString should raise BadKeyError when the key is invalid. ��bad_types��unencryptedr��r��r��s��-----BEGIN RSA KEY----- wA== s��-----BEGIN ENCRYPTED RSA KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: weird type 4Ed/a9OgJWHJsne7yOGWeWMzHYKsxuP9w1v0aYcp+puS75wvhHLiUnNwxz0KDi6n T3YkKLBsoCWS68ApR2J9yeQ6R+EyS+UQDrO9nwqo3DB5BT3Ggt8S1wE7vjNLQD0H g/SJnlqwsECNhh8aAx+Ag0m3ZKOZiRD5mCkcDQsZET7URSmFytDKOjhFn3u6ZFVB sXrfpYc6TJtOQlHd/52JB6aAbjt6afSv955Z7enIi+5yEJ5y7oYQTaE5zrFMP7N5 9LbfJFlKXxEddy/DErRLxEjmC+t4svHesoJKc2jjjyNPiOoGGF3kJXea62vsjdNV gMK5Eged3TBVIk2dv8rtJUvyFeCUtjQ1UJZIebScRR47KrbsIpCmU8I4/uHWm5hW 0mOwvdx1L/mqx/BHqVU9Dw2COhOdLbFxlFI92chkovkmNk4P48ziyVnpm7ME22sE vfCMsyirdqB1mrL4CSM7FXONv+CgfBfeYVkYW8RfJac9U1L/O+JNn7yee414O/rS hRYw4UdWnH6Gg6niklVKWNY0ZwUZC8zgm2iqy8YCYuneS37jC+OEKP+/s6HSKuqk 2bzcl3/TcZXNSM815hnFRpz0anuyAsvwPNRyvxG2/DacJHL1f6luV4B0o6W410yf qXQx01DLo7nuyhJqoH3UGCyyXB+/QUs0mbG2PAEn3f5dVs31JMdbt+PrxURXXjKk 4cexpUcIpqqlfpIRe3RD0sDVbH4OXsGhi2kiTfPZu7mgyFxKopRbn1KwU1qKinfY EU9O4PoTak/tPT+5jFNhaP+HrURoi/pU8EAUNSktl7xAkHYwkN/9Cm7DeBghgf3n 8+tyCGYDsB5utPD0/Xe9yx0Qhc/kMm4xIyQDyA937dk3mUvLC9vulnAP8I+Izim0 fZ182+D1bWwykoD0997mUHG/AUChWR01V1OLwRyPv2wUtiS8VNG76Y2aqKlgqP1P V+IvIEqR4ERvSBVFzXNF8Y6j/sVxo8+aZw+d0L1Ns/R55deErGg3B8i/2EqGd3r+ 0jps9BqFHHWW87n3VyEB3jWCMj8Vi2EJIfa/7pSaViFIQn8LiBLf+zxG5LTOToK5 xkN42fReDcqi3UNfKNGnv4dsplyTR2hyx65lsj4bRKDGLKOuB1y7iB0AGb0LtcAI dcsVlcCeUquDXtqKvRnwfIMg+ZunyjqHBhj3qgRgbXbT6zjaSdNnih569aTg0Vup VykzZ7+n/KVcGLmvX0NesdoI7TKbq4TnEIOynuG5Sf+2GpARO5bjcWKSZeN/Ybgk gccf8Cqf6XWqiwlWd0B7BR3SymeHIaSymC45wmbgdstrbk7Ppa2Tp9AZku8M2Y7c 8mY9b+onK075/ypiwBm4L4GRNTFLnoNQJXx0OSl4FNRWsn6ztbD+jZhu8Seu10Jw SEJVJ+gmTKdRLYORJKyqhDet6g7kAxs4EoJ25WsOnX5nNr00rit+NkMPA7xbJT+7 CfI51GQLw7pUPeO2WNt6yZO/YkzZrqvTj5FEwybkUyBv7L0gkqu9wjfDdUw0fVHE xEm4DxjEoaIp8dW/JOzXQ2EF+WaSOgdYsw3Ac+rnnjnNptCdOEDGP6QBkt+oXj4P -----END RSA PRIVATE KEY-----� encrypteds��-----BEGIN ENCRYPTED RSA KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: FOO-123-BAR,01234567 4Ed/a9OgJWHJsne7yOGWeWMzHYKsxuP9w1v0aYcp+puS75wvhHLiUnNwxz0KDi6n T3YkKLBsoCWS68ApR2J9yeQ6R+EyS+UQDrO9nwqo3DB5BT3Ggt8S1wE7vjNLQD0H g/SJnlqwsECNhh8aAx+Ag0m3ZKOZiRD5mCkcDQsZET7URSmFytDKOjhFn3u6ZFVB sXrfpYc6TJtOQlHd/52JB6aAbjt6afSv955Z7enIi+5yEJ5y7oYQTaE5zrFMP7N5 9LbfJFlKXxEddy/DErRLxEjmC+t4svHesoJKc2jjjyNPiOoGGF3kJXea62vsjdNV gMK5Eged3TBVIk2dv8rtJUvyFeCUtjQ1UJZIebScRR47KrbsIpCmU8I4/uHWm5hW 0mOwvdx1L/mqx/BHqVU9Dw2COhOdLbFxlFI92chkovkmNk4P48ziyVnpm7ME22sE vfCMsyirdqB1mrL4CSM7FXONv+CgfBfeYVkYW8RfJac9U1L/O+JNn7yee414O/rS hRYw4UdWnH6Gg6niklVKWNY0ZwUZC8zgm2iqy8YCYuneS37jC+OEKP+/s6HSKuqk 2bzcl3/TcZXNSM815hnFRpz0anuyAsvwPNRyvxG2/DacJHL1f6luV4B0o6W410yf qXQx01DLo7nuyhJqoH3UGCyyXB+/QUs0mbG2PAEn3f5dVs31JMdbt+PrxURXXjKk 4cexpUcIpqqlfpIRe3RD0sDVbH4OXsGhi2kiTfPZu7mgyFxKopRbn1KwU1qKinfY EU9O4PoTak/tPT+5jFNhaP+HrURoi/pU8EAUNSktl7xAkHYwkN/9Cm7DeBghgf3n 8+tyCGYDsB5utPD0/Xe9yx0Qhc/kMm4xIyQDyA937dk3mUvLC9vulnAP8I+Izim0 fZ182+D1bWwykoD0997mUHG/AUChWR01V1OLwRyPv2wUtiS8VNG76Y2aqKlgqP1P V+IvIEqR4ERvSBVFzXNF8Y6j/sVxo8+aZw+d0L1Ns/R55deErGg3B8i/2EqGd3r+ 0jps9BqFHHWW87n3VyEB3jWCMj8Vi2EJIfa/7pSaViFIQn8LiBLf+zxG5LTOToK5 xkN42fReDcqi3UNfKNGnv4dsplyTR2hyx65lsj4bRKDGLKOuB1y7iB0AGb0LtcAI dcsVlcCeUquDXtqKvRnwfIMg+ZunyjqHBhj3qgRgbXbT6zjaSdNnih569aTg0Vup VykzZ7+n/KVcGLmvX0NesdoI7TKbq4TnEIOynuG5Sf+2GpARO5bjcWKSZeN/Ybgk gccf8Cqf6XWqiwlWd0B7BR3SymeHIaSymC45wmbgdstrbk7Ppa2Tp9AZku8M2Y7c 8mY9b+onK075/ypiwBm4L4GRNTFLnoNQJXx0OSl4FNRWsn6ztbD+jZhu8Seu10Jw SEJVJ+gmTKdRLYORJKyqhDet6g7kAxs4EoJ25WsOnX5nNr00rit+NkMPA7xbJT+7 CfI51GQLw7pUPeO2WNt6yZO/YkzZrqvTj5FEwybkUyBv7L0gkqu9wjfDdUw0fVHE xEm4DxjEoaIp8dW/JOzXQ2EF+WaSOgdYsw3Ac+rnnjnNptCdOEDGP6QBkt+oXj4P -----END RSA PRIVATE KEY-----s��-----BEGIN ENCRYPTED RSA KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,01234 4Ed/a9OgJWHJsne7yOGWeWMzHYKsxuP9w1v0aYcp+puS75wvhHLiUnNwxz0KDi6n T3YkKLBsoCWS68ApR2J9yeQ6R+EyS+UQDrO9nwqo3DB5BT3Ggt8S1wE7vjNLQD0H g/SJnlqwsECNhh8aAx+Ag0m3ZKOZiRD5mCkcDQsZET7URSmFytDKOjhFn3u6ZFVB sXrfpYc6TJtOQlHd/52JB6aAbjt6afSv955Z7enIi+5yEJ5y7oYQTaE5zrFMP7N5 9LbfJFlKXxEddy/DErRLxEjmC+t4svHesoJKc2jjjyNPiOoGGF3kJXea62vsjdNV gMK5Eged3TBVIk2dv8rtJUvyFeCUtjQ1UJZIebScRR47KrbsIpCmU8I4/uHWm5hW 0mOwvdx1L/mqx/BHqVU9Dw2COhOdLbFxlFI92chkovkmNk4P48ziyVnpm7ME22sE vfCMsyirdqB1mrL4CSM7FXONv+CgfBfeYVkYW8RfJac9U1L/O+JNn7yee414O/rS hRYw4UdWnH6Gg6niklVKWNY0ZwUZC8zgm2iqy8YCYuneS37jC+OEKP+/s6HSKuqk 2bzcl3/TcZXNSM815hnFRpz0anuyAsvwPNRyvxG2/DacJHL1f6luV4B0o6W410yf qXQx01DLo7nuyhJqoH3UGCyyXB+/QUs0mbG2PAEn3f5dVs31JMdbt+PrxURXXjKk 4cexpUcIpqqlfpIRe3RD0sDVbH4OXsGhi2kiTfPZu7mgyFxKopRbn1KwU1qKinfY EU9O4PoTak/tPT+5jFNhaP+HrURoi/pU8EAUNSktl7xAkHYwkN/9Cm7DeBghgf3n 8+tyCGYDsB5utPD0/Xe9yx0Qhc/kMm4xIyQDyA937dk3mUvLC9vulnAP8I+Izim0 fZ182+D1bWwykoD0997mUHG/AUChWR01V1OLwRyPv2wUtiS8VNG76Y2aqKlgqP1P V+IvIEqR4ERvSBVFzXNF8Y6j/sVxo8+aZw+d0L1Ns/R55deErGg3B8i/2EqGd3r+ 0jps9BqFHHWW87n3VyEB3jWCMj8Vi2EJIfa/7pSaViFIQn8LiBLf+zxG5LTOToK5 xkN42fReDcqi3UNfKNGnv4dsplyTR2hyx65lsj4bRKDGLKOuB1y7iB0AGb0LtcAI dcsVlcCeUquDXtqKvRnwfIMg+ZunyjqHBhj3qgRgbXbT6zjaSdNnih569aTg0Vup VykzZ7+n/KVcGLmvX0NesdoI7TKbq4TnEIOynuG5Sf+2GpARO5bjcWKSZeN/Ybgk gccf8Cqf6XWqiwlWd0B7BR3SymeHIaSymC45wmbgdstrbk7Ppa2Tp9AZku8M2Y7c 8mY9b+onK075/ypiwBm4L4GRNTFLnoNQJXx0OSl4FNRWsn6ztbD+jZhu8Seu10Jw SEJVJ+gmTKdRLYORJKyqhDet6g7kAxs4EoJ25WsOnX5nNr00rit+NkMPA7xbJT+7 CfI51GQLw7pUPeO2WNt6yZO/YkzZrqvTj5FEwybkUyBv7L0gkqu9wjfDdUw0fVHE xEm4DxjEoaIp8dW/JOzXQ2EF+WaSOgdYsw3Ac+rnnjnNptCdOEDGP6QBkt+oXj4P -----END RSA PRIVATE KEY-----s��-----BEGIN ENCRYPTED RSA KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,01234 4Ed/a9OgJWHJsne7yOGWeWMzHYKsxuP9w1v0aYcp+puS75wvhHLiUnNwxz0KDi6n T3YkKLBsoCWS68ApR2J9yeQ6R+EyS+UQDrO9nwqo3DB5BT3Ggt8S1wE7vjNLQD0H g/SJnlqwsECNhh8aAx+Ag0m3ZKOZiRD5mCkcDQsZET7URSmFytDKOjhFn3u6ZFVB sXrfpYc6TJtOQlHd/52JB6aAbjt6afSv955Z7enIi+5yEJ5y7oYQTaE5zrFMP7N5 9LbfJFlKXxEddy/DErRLxEjmC+t4svHesoJKc2jjjyNPiOoGGF3kJXea62vsjdNV gMK5Eged3TBVIk2dv8rtJUvyFeCUtjQ1UJZIebScRR47KrbsIpCmU8I4/uHWm5hW 0mOwvdx1L/mqx/BHqVU9Dw2COhOdLbFxlFI92chkovkmNk4P48ziyVnpm7ME22sE vfCMsyirdqB1mrL4CSM7FXONv+CgfBfeYVkYW8RfJac9U1L/O+JNn7yee414O/rS hRYw4UdWnH6Gg6niklVKWNY0ZwUZC8zgm2iqy8YCYuneS37jC+OEKP+/s6HSKuqk 2bzcl3/TcZXNSM815hnFRpz0anuyAsvwPNRyvxG2/DacJHL1f6luV4B0o6W410yf qXQx01DLo7nuyhJqoH3UGCyyXB+/QUs0mbG2PAEn3f5dVs31JMdbt+PrxURXXjKk 4cexpUcIpqqlfpIRe3RD0sDVbH4OXsGhi2kiTfPZu7mgyFxKopRbn1KwU1qKinfY EU9O4PoTak/tPT+5jFNhaP+HrURoi/pU8EAUNSktl7xAkHYwkN/9Cm7DeBghgf3n 8+tyCGYDsB5utPD0/Xe9yx0Qhc/kMm4xIyQDyA937dk3mUvLC9vulnAP8I+Izim0 fZ182+D1bWwykoD0997mUHG/AUChWR01V1OLwRyPv2wUtiS8VNG76Y2aqKlgqP1P V+IvIEqR4ERvSBVFzXNF8Y6j/sVxo8+aZw+d0L1Ns/R55deErGg3B8i/2EqGd3r+ 0jps9BqFHHWW87n3VyEB3jWCMj8Vi2EJIfa/7pSaViFIQn8LiBLf+zxG5LTOToK5 xkN42fReDcqi3UNfKNGnv4dsplyTR2hyx65lsj4bRKDGLKOuB1y7iB0AGb0LtcAI dcsVlcCeUquDXtqKvRnwfIMg+ZunyjqHBhj3qgRgbXbT6zjaSdNnih569aTg0Vup VykzZ7+n/KVcGLmvX0NesdoI7TKbq4TnEIOynuG5Sf+2GpARO5bjcWKSZeN/Ybgk gccf8Cqf6XWqiwlWd0B7BR3SymeHIaSymC45wmbgdstrbk7Ppa2Tp9AZku8M2Y7c 8mY9b+onK075/ypiwBm4L4GRNTFLnoNQJXx0OSl4FNRWsn6ztbD+jZhu8Seu10Jw SEJVJ+gmTKdRLYORJKyqhDet6g7kAxs4EoJ25WsOnX5nNr00rit+NkMPA7xbJT+7 CfI51GQLw7pUPeO2WNt6yZO/YkzZrqvTj5FEwybkUyBv7L0gkqu9wjfDdUw0fVHE xEm4DxjEoaIp8dW/JOzXQ2EF+WaSOgdYsw3Ac+rnnjnNptCdOEDGP6QBkt+oXj4P -----END RSA PRIVATE KEY-----N) r��r��r��r&��rd��r��r^��EncryptedKeyErrorr��r��rE��r��r��r��test_fromStringErrors��sP��$�$�$ �zKeyTests.test_fromStringErrorsc��C��sV��\|��tj�\|�j�tj�tj��\|��tj tjj\|�jd��\|�jtj tjj\|�jdd��dS�)z5 Test that fromFile works correctly. r��unencryptedr��N) rI��r��r&��fromFiler<��rd��r��r?��r��r��rE��r��r��r�� test_fromFile��s�� zKeyTests.test_fromFilec��C��s.��t�jjddd�j}t��\|�}\|��\|j\|��dS�)zJ Test that the PublicKey object is initialized correctly. ��r��r��N)r��r&��r'��r)��rI��)r@��objr��r��r��r�� test_init��s�� zKeyTests.test_initc��C��s��t��\|�j�}t��\|�j�}t��t�jjddd�j�}t��\|�j�}\|��\|\|k��\|��\|\|k��\|��\|\|k��\|��\|tk��\|��\|dk��dS�)z? Test that Key objects are compared correctly. r��r��r��N) r��r&��r��r'��r)��r-��ro��rq��object�r@��rsa1�rsa2�rsa3�dsar��r��r�� test_equal��zKeyTests.test_equalc��C��s��t��\|�j�}t��\|�j�}t��t�jjddd�j�}t��\|�j�}\|��\|\|k��\|��\|\|k��\|��\|\|k��\|��\|tk��\|��\|dk��dS�)zC Test that Key objects are not-compared correctly. r��r��r��N) r��r&��r��r'��r)��r-��rq��ro��r��r��r��r��r�� test_notEqual��r��zKeyTests.test_notEqualc��C��s��t��d�}\|��t\|j��dS�)zO The L{keys.Key.data} method raises RuntimeError for bad keys. r��N)r��r&��r��RuntimeErrorr{��r��r��r��r��test_dataError��s�� zKeyTests.test_dataErrorc��C��s4��\|��t�\|�j��d��\|��t�\|�j��d��dS�)z� Test that the fingerprint method returns fingerprint in L{FingerprintFormats.MD5-HEX} format by default. �/85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:da�/63:15:b3:0e:e6:4f:50:de:91:48:3d:01:6b:b3:13:c1N)rI��r��r&��r��fingerprintr-��rE��r��r��r��test_fingerprintdefault��s��z KeyTests.test_fingerprintdefaultc��C��@��\|��t�\|�j��tjj�d��\|��t�\|�j��tjj�d��dS�)z� fingerprint method generates key fingerprint in L{FingerprintFormats.MD5-HEX} format if explicitly specified. r��r��N)rI��r��r&��r��r��FingerprintFormats�MD5_HEXr-��rE��r��r��r��test_fingerprint_md5_hex��z!KeyTests.test_fingerprint_md5_hexc��C��r��)z� fingerprint method generates key fingerprint in L{FingerprintFormats.SHA256-BASE64} format if explicitly specified. z,FBTCOoknq0mHy+kpfnY9tDdcAJuWtCpuQMaV3EsvbUI=z,Wz5o2YbKyxOEcJn1au/UaALSVruUzfz0vaLI1xiIGyY=N)rI��r��r&��r��r��r�� SHA256_BASE64r-��rE��r��r��r��test_fingerprintsha256��r��zKeyTests.test_fingerprintsha256c��C��sV��\|��tj��}t�\|�j��d��W�d��n1�sw��Y��\|��d\|jjd��dS�)zk A C{BadFingerPrintFormat} error is raised when unsupported formats are requested. zsha256-baseNz+Unsupported fingerprint format: sha256-baser��) r��r��BadFingerPrintFormatr&��r��r��rI�� exception�args)r@��emr��r��r��test_fingerprintBadFormat��s��z"KeyTests.test_fingerprintBadFormatc��C��s��\|��t�\|�j��d��\|��t�\|�j��d��\|��t�\|�j��d��\|��t�\|�j��d��\|��t�\|�j��d��\|��t�\|�j��tj d��t re\|��t�\|�j��d��\|��t�\|�j��d��\|��t t�d �j��\|��t t�d �j��\|��t t�\|��j��\|��t t�\|��j��d S�) zS Test that the type method returns the correct type for an object. r��ssh-rsar��ssh-dssr��r��r��ssh-ed25519N)rI��r��r&��r��rz��sshTyper-��r0��r��r/��r��r7��r��r��rE��r��r��r�� test_type��s��zKeyTests.test_typec��C��"��t��d�}\|��tjtjj\|��dS�)ze A C{BadKeyError} error is raised whey the blob has an unsupported key type. ��ssh-badN)r��NSr��r��r��r&��rd��r@��badBlobr��r��r��test_fromBlobUnsupportedType�� z%KeyTests.test_fromBlobUnsupportedTypec��C��sj��t�jd�t�jd�d�}t�d�t�\|d��t�\|d��}tj�\|�}\|��\|� ��\|�� \|\|��dS�)zQ A public RSA key is correctly generated from a public key blob. r��r��r��r��N)r��r(��r��r��MPr��r&��rd��ro��rp��rI��r{��)r@�� rsaPublicData�rsaBlobrr��r��r��r��test_fromBlobRSA��s��zKeyTests.test_fromBlobRSAc��C��s��t�jd�t�jd�t�jd�t�jd�d�}t�d�t�\|d��t�\|d��t�\|d��t�\|d��}tj�\|�}\|��\|� ��\|�� \|\|��dS�)zQ A public DSA key is correctly generated from a public key blob. r��r��r��r��)r��r��r��r��r��N)r��r,��r��r��r��r��r&��rd��ro��rp��rI��r{��)r@�� dsaPublicData�dsaBlobrs��r��r��r��test_fromBlobDSA��s$��zKeyTests.test_fromBlobDSAc��C��s��ddl�m}�tjd�tjd�tjd�d�}t�\|d��t�\|d�dd��t�d \|�\|d�d ��\|�\|d�d ��}tj� \|�}\|�� \|��\|��\|\|� ��dS�)zA Key.fromString generates ECDSA keys from blobs. r��utilsr��r��r��r��r��r��N�� )r��r��r��r/��r��r��int_to_bytesr��r&��rd��ro��rp��rI��r{��)r@��r��ecPublicData�ecblob�eckeyr��r��r��test_fromBlobECDSA5��s(�� zKeyTests.test_fromBlobECDSAc��C��sT��dt�jd�i}t�d�t�\|d��}tj�\|�}\|��\|��\|�� \|\|� ��dS�)zU A public Ed25519 key is correctly generated from a public key blob. r ��r��N)r��r6��r��r��r��r&��rd��ro��rp��rI��r{��)r@��ed25519PublicData�ed25519Blobru��r��r��r��test_fromBlobEd25519O��s�� zKeyTests.test_fromBlobEd25519c��C��r��)zh C{BadKeyError} is raised when loading a private blob with an unsupported type. r��N)r��r��r��r��r��r&��_fromString_PRIVATE_BLOBr��r��r��r��#test_fromPrivateBlobUnsupportedType_��r��z,KeyTests.test_fromPrivateBlobUnsupportedTypec��C��s��t��d�t��tjd��t��tjd��t��tjd��t��tjd��t��tjd��t��tjd��}tj�\|�}\|��\|� ��\|�� tj\|��\|�� \|tj�\|��dS�) zS A private RSA key is correctly generated from a private key blob. r��r��r��r��r��r��r��N) r��r��r��r��r(��r��r&��r��rq��rp��rI��r{��privateBlob)r@��r��rr��r��r��r��test_fromPrivateBlobRSAh��s(�� z KeyTests.test_fromPrivateBlobRSAc��C��s��t��d�t��tjd��t��tjd��t��tjd��t��tjd��t��tjd��}tj�\|�}\|��\|� ��\|�� tj\|��\|�� \|tj�\|��dS�)zS A private DSA key is correctly generated from a private key blob. r��r��r��r��r��r��N) r��r��r��r��r,��r��r&��r��rq��rp��rI��r{��r ��)r@��r��rs��r��r��r��test_fromPrivateBlobDSA~��s$�� z KeyTests.test_fromPrivateBlobDSAc��C��s��ddl�m}�ddlm}�\|jtjd�tjd�\|��d�}t� tjd��t� tjd�dd ��t� \|� t��\|j j\|jj��t�tjd ��}tj�\|�}\|��\|��\|��tj\|��\|��\|tj�\|��d S�)zR A private EC key is correctly generated from a private key blob. r�� serialization)�ecr��r��r��r��r��Nr��)�cryptography.hazmat.primitivesr��)cryptography.hazmat.primitives.asymmetricr��EllipticCurvePublicNumbersr��r/�� SECP256R1r��r�� public_keyr ��public_bytes�Encoding�X962�PublicFormat�UncompressedPointr��r��r&��r��rq��rp��rI��r{��r ��)r@��r��r�� publicNumbersr��r��r��r��r��test_fromPrivateBlobECDSA��s0��z"KeyTests.test_fromPrivateBlobECDSAc��C��s\|��t��d�t��tjd��t��tjd�tjd��}tj�\|�}\|��\|��\|�� tj\|� ��\|�� \|tj�\|��dS�)zW A private Ed25519 key is correctly generated from a private key blob. r��r ��r!��N)r��r��r��r6��r��r&��r��rq��rp��rI��r{��r ��)r@��r��ru��r��r��r��test_fromPrivateBlobEd25519��s��z$KeyTests.test_fromPrivateBlobEd25519c��C��sJ��\|��t�\|�j��t�d�t�\|�j��j j ��t�\|�j��j j��dS�)zL Return the over-the-wire SSH format of the RSA public key. r��N)rI��r��r&��r��rQ��r��r��r��private_numbers�public_numbersr��r��rE��r��r��r��test_blobRSA��s��zKeyTests.test_blobRSAc��C��sd��\|�j��j}\|��t�\|�j��t�d�t� \|j j��t� \|j j��t� \|j j ��t� \|j��dS�)zL Return the over-the-wire SSH format of the DSA public key. r��N)r-��r��r��rI��r��r&��rQ��r��r��r��parameter_numbersr��r��r��r��r@��r��r��r��r��test_blobDSA��s�� zKeyTests.test_blobDSAc��C��s��ddl�m}�\|�jjjd�d�}\|��t�\|�j��t � tjd��t � tjd�dd��t � d\|� \|�j��jj\|��\|� \|�j��jj\|��dS�) zK Return the over-the-wire SSH format of the EC public key. r��r��r��r��Nr��)r��r��r0��r��key_sizerI��r��r&��rQ��r��r��r��r/��r��r��r��r��r��)r@��r�� byteLengthr��r��r��test_blobEC��s(��zKeyTests.test_blobECc��C��sR��ddl�m}�\|�j��\|jj\|jj�}\|��t � \|�j��t� d�t� \|��dS�)zP Return the over-the-wire SSH format of the Ed25519 public key. r��r ��r��N)r��r��r7��r��r��r��Rawr��rI��r��r&��rQ��r��r��)r@��r��publicBytesr��r��r��test_blobEd25519��s�� zKeyTests.test_blobEd25519c��C��t��d�}\|��t\|j��dS�)zx C{RuntimeError} is raised when the blob is requested for a Key which is not wrapping anything. N)r��r&��r��r��rQ��r��r��r��r��test_blobNoKey��s�� zKeyTests.test_blobNoKeyc��C��sx��\|�j��}\|��t�\|�j��t�d�t�\|j j ��t�\|j j��t�\|j��t�\|j ��t�\|j��t�\|j��dS�)zn L{keys.Key.privateBlob} returns the SSH protocol-level format of an RSA private key. r��N)r��r��rI��r��r&��r ��r��r��r��r��r��r��r��iqmpr��r��)r@��numbersr��r��r��test_privateBlobRSA ��s"�� zKeyTests.test_privateBlobRSAc��C��sv��\|�j��j}\|��t�\|�j��t�d�t� \|j j��t� \|j j��t� \|j j ��t� \|j��t� \|�j��j��dS�)zm L{keys.Key.privateBlob} returns the SSH protocol-level format of a DSA private key. r��N)r-��r��r��rI��r��r&��r ��r��r��r��r ��r��r��r��r��r��r!��r��r��r��test_privateBlobDSA��s�� zKeyTests.test_privateBlobDSAc�� C��s~��ddl�m}�\|��t�\|�j��t�t j d��t�t j d�dd��t�\|�j��\|j j\|jj��t�\|�j��j��dS�)zj L{keys.Key.privateBlob} returns the SSH ptotocol-level format of EC private key. r��r ��r��r��N)r��r��rI��r��r&��r0��r ��r��r��r��r/��r��r��r��r��r��r��r��r�� private_value)r@��r��r��r��r��test_privateBlobEC/��s �� zKeyTests.test_privateBlobECc��C��s\|��ddl�m}�\|�j��\|jj\|jj�}\|�j�\|jj\|j j\|� ��}\|��t� \|�j��t�d�t�\|��t�\|\|��dS�)zr L{keys.Key.privateBlob} returns the SSH protocol-level format of an Ed25519 private key. r��r ��r��N)r��r��r7��r��r��r��r(��r�� private_bytes� PrivateFormat�NoEncryptionrI��r��r&��r ��r��r��)r@��r��r)��privateBytesr��r��r��test_privateBlobEd25519C��s"�� z KeyTests.test_privateBlobEd25519c��C��r+��)zV Raises L{RuntimeError} if the underlying key object does not exists. N)r��r&��r��r��r ��r��r��r��r��test_privateBlobNoKeyObject[��s�� z$KeyTests.test_privateBlobNoKeyObjectc��C��sz��t�j�tj�}\|��\|�d�tj��\|��\|jddd�tj��\|��\|� ��d�tj dd��\|��\|� ��jddd�tj ��dS�)zO L{keys.Key.toString} serializes an RSA key in OpenSSH format. r��r��r��Nr��comment��comment)r��r&��rd��r��ra��rI��r��rW��r��re��rS��r@��r��r��r��r��test_toOpenSSHRSAc��s��zKeyTests.test_toOpenSSHRSAc��C��t�j�tj�}\|jddd�}\|jdddd�}\|��d\|��d��\|��d\|��d��\|��\|t�j�\|��\|��\|t�jj\|dd��d S�) zT L{keys.Key.toString} serializes an RSA key in OpenSSH's v1 format. r��v1��subtyper��rA��r��#��-----BEGIN OPENSSH PRIVATE KEY-----r��r��N)r��r&��rd��r��rW��r��rI�� splitlines�r@��r��new_key_data�new_enc_key_datar��r��r��test_toOpenSSHRSA_v1_formatu��z$KeyTests.test_toOpenSSHRSA_v1_formatc��C��sb��t�j�tj�}\|��\|�d�tj��\|��\|��jddd�tj ��\|��\|��d�tj dd��dS�)zN L{keys.Key.toString} serializes a DSA key in OpenSSH format. r��r9��r:��Nr��) r��r&��rd��r��r`��rI��r��rY��re��rT��r<��r��r��r��test_toOpenSSHDSA��s��zKeyTests.test_toOpenSSHDSAc��C��r>��) zS L{keys.Key.toString} serializes a DSA key in OpenSSH's v1 format. r��r?��r@��r��rB��rC��r��r��N)r��r&��rd��r��rY��r��rI��rD��rE��r��r��r��test_toOpenSSHDSA_v1_format��rI��z$KeyTests.test_toOpenSSHDSA_v1_formatc��C��sN��t�j�tj�}\|��\|��jddd�tj��\|��\|��d�tjdd��dS�)zQ L{keys.Key.toString} serializes an ECDSA key in OpenSSH format. r��r9��r:��Nr��) r��r&��rd��r��r[��rI��re��r��rU��r<��r��r��r��test_toOpenSSHECDSA��s��zKeyTests.test_toOpenSSHECDSAc��C��r>��) zV L{keys.Key.toString} serializes an ECDSA key in OpenSSH's v1 format. r��r?��r@��r��rB��rC��r��r��N)r��r&��rd��r��r[��r��rI��rD��rE��r��r��r��test_toOpenSSHECDSA_v1_format��rI��z&KeyTests.test_toOpenSSHECDSA_v1_formatc��C��s��t�j�tj�}\|�d�}\|jddd�}\|��d\|��d��\|��d\|��d��\|��\|t�j�\|��\|��\|t�jj\|dd��\|��\|\|jddd��dS�) zX L{keys.Key.toString} serializes an Ed25519 key in OpenSSH's v1 format. r��r��r��rC��r��r?��r@��N)r��r&��rd��r��r]��r��rI��rD��rE��r��r��r��test_toOpenSSHEd25519��s�� zKeyTests.test_toOpenSSHEd25519c��C��s&��t�j�tj�}\|�jt\|jddd��dS�)z� L{keys.Key.toString} refuses to serialize an Ed25519 key in OpenSSH's old PEM format, as no encoding of Ed25519 is defined for that format. r��PEMr@��N)r��r&��rd��r��r]��r�� ValueErrorr��r<��r��r��r�� test_toOpenSSHEd25519_PEM_format��s��z)KeyTests.test_toOpenSSHEd25519_PEM_formatc��C��>��t�j�tj�}\|��\|�d�tj��\|��\|��d�tj ��dS�)zK L{keys.Key.toString} serializes an RSA key in LSH format. �lshN) r��r&��rd��r��rW��rI��r��r?��re��r^��r<��r��r��r�� test_toLSHRSA��zKeyTests.test_toLSHRSAc��C��rR��)zJ L{keys.Key.toString} serializes a DSA key in LSH format. rS��N) r��r&��rd��r��rY��rI��r��r`��re��r_��r<��r��r��r�� test_toLSHDSA��rU��zKeyTests.test_toLSHDSAc��C��&��t�j�tj�}\|��\|�d�tj��dS�)zP L{keys.Key.toString} serializes an RSA key in Agent v3 format. rP��N)r��r&��rd��r��rW��rI��r��ra��r<��r��r��r��test_toAgentv3RSA��zKeyTests.test_toAgentv3RSAc��C��rW��)zO L{keys.Key.toString} serializes a DSA key in Agent v3 format. rP��N)r��r&��rd��r��rY��rI��r��rb��r<��r��r��r��test_toAgentv3DSA��rY��zKeyTests.test_toAgentv3DSAc��C��sP��t��\|�j�}\|jddd�}\|��t�jj\|d��d�\|��\|�jt�j\|jddd��dS�)zd L{keys.Key.toString} applies Normalization Form KC to Unicode passphrases. r��r��r��r��r��N) r��r&��r��r��rI��rd��r��r��r��r��r��r��r��(test_toStringNormalizesUnicodePassphrase��s�� z1KeyTests.test_toStringNormalizesUnicodePassphrasec��C��s��\|��tjt�\|�j�jd��dS�)zm L{keys.Key.toString} raises L{keys.BadKeyError} when passed an invalid format type. r��N)r��r��r��r&��r��r��rE��r��r��r��test_toStringErrors��s��zKeyTests.test_toStringErrorsc��C��H��d}t�j�tj�}\|�\|�}\|��\|��\|\|��\|��\|�\|\|��dS�)z8 Signed data can be verified using RSA. � ��some-dataN) r��r&��rd��r��rW��signro��re��verify�r@��r{��r�� signaturer��r��r��test_signAndVerifyRSA�� zKeyTests.test_signAndVerifyRSAc��C��r]��)z8 Signed data can be verified using DSA. r^��N) r��r&��rd��r��rY��r_��ro��re��r`��ra��r��r��r��test_signAndVerifyDSA'��rd��zKeyTests.test_signAndVerifyDSAc��C��s��d}t�j�tj�}\|�\|�}t�j�tj�}\|�\|�}t�j�tj�}\|�\|�}\|��\|� �� \|\|��\|��\|� \|\|��\|��\|� �� \|\|��\|��\|� \|\|��\|��\|� �� \|\|��\|��\|� \|\|��dS�)z7 Signed data can be verified using EC. r^��N)r��r&��rd��r��r[��r_��r��r��ro��re��r`��)r@��r{��r��rb��key384�signature384�key521�signature521r��r��r��test_signAndVerifyEC1��s�� zKeyTests.test_signAndVerifyECc��C��r]��)z< Signed data can be verified using Ed25519. r^��N) r��r&��rd��r��r]��r_��ro��re��r`��ra��r��r��r��test_signAndVerifyEd25519F��s �� z"KeyTests.test_signAndVerifyEd25519c��C��N��t�j�tj�}\|��\|�\|�jd��\|��\|�\|�jd��\|��\|�\|�j d��dS�)zC A known-good RSA signature verifies successfully. r��aN) r��r&��rd��r��rS��ro��r`��r8��rq��r9��r<��r��r��r��test_verifyRSAQ��zKeyTests.test_verifyRSAc��C��rl��)zC A known-good DSA signature verifies successfully. r��rm��N) r��r&��rd��r��rT��ro��r`��r9��rq��r8��r<��r��r��r��test_verifyDSAZ��ro��zKeyTests.test_verifyDSAc��C��s.��t�j�tj�}\|��\|�\|�jdd��d��dS�)z� Some commercial SSH servers send DSA keys as 2 20-byte numbers; they are still verified as valid keys. i��Nr��)r��r&��rd��r��rT��ro��r`��r9��r<��r��r��r��test_verifyDSANoPrefixc��s�� zKeyTests.test_verifyDSANoPrefixc��C��s��\|��tt�\|�j��d��dS�)zn The repr of a L{keys.Key} contains all of the RSA components for an RSA private key. a\��<RSA Private Key (2048 bits) attr d: 21:4c:08:66:a2:28:d5:b4:fb:8e:0f:72:1b:85:09: 00:b9:f2:4e:37:f0:1c:57:4b:e3:51:7f:9e:23:a7: e4:3a:98:55:1b:ea:8b:7a:98:1e:bc:d8:ba:b1:f9: 89:12:18:60:ac:e8:cc:0b:4e:09:5a:40:6a:ba:2f: 99:f8:b3:24:60:84:b9:ce:69:95:9a:f9:e2:fc:1f: 51:4d:27:15:db:2b:27:ad:ef:b4:69:ac:be:7d:10: eb:86:47:70:73:b4:00:87:95:15:3b:37:f9:e7:14: e7:80:bb:68:1e:1b:e6:dd:bb:73:63:b9:67:e6:b2: 27:7f:cf:cf:30:9b:c2:98:fd:d9:18:36:2f:36:2e: f1:3d:81:7a:9f:e1:03:2d:47:db:34:51:62:39:dd: 4f:e9:ac:a8:8b:d9:d6:f3:84:c4:17:b9:71:9d:06: 08:42:78:4d:bb:c5:2a:f4:c3:58:cd:55:2b:ed:be: 33:5f:04:ea:7b:e6:04:24:63:f2:2d:d7:3d:1b:6c: d5:9c:63:43:2f:92:88:8d:3e:6e:da:18:37:d8:0f: 25:67:89:1d:b9:46:34:5e:c9:ce:c4:8b:ed:92:5a: 33:07:0f:df:86:08:f9:92:e9:db:eb:38:08:36:c9: cd:cd:0a:01:48:5b:39:3e:7a:ca:c6:80:a9:dc:d4: 39 attr e: 01:00:01 attr n: 00:d5:6a:ac:78:23:d6:d6:1b:ec:25:a1:50:c4:77: 63:50:84:45:01:55:42:14:2a:2a:e0:d0:60:ee:d4: e9:a3:ad:4a:fa:39:06:5e:84:55:75:5f:00:36:bf: 6f:aa:2a:3f:83:26:37:c1:69:2e:5b:fd:f0:f3:d2: 7d:d6:98:cd:3a:40:78:d5:ca:a8:18:c0:11:93:24: 09:0c:81:4c:8f:f7:9c:ed:13:16:6a:a4:04:e9:49: 77:c3:e4:55:64:b3:79:68:9e:2c:08:eb:ac:e8:04: 2d:21:77:05:a7:8e:ef:53:30:0d:a5:e5:bb:3d:6a: e2:09:36:6f:fd:34:d3:7d:6f:46:ff:87:da:a9:29: 27:aa:ff:ad:f5:85:e6:3e:1a:b8:7a:1d:4a:b1:ea: c0:5a:f7:30:df:1f:c2:a4:e4:ef:3f:91:49:96:40: d5:19:77:2d:37:c3:5e:ec:9d:a6:3a:44:a5:c2:a4: 29:dd:d5:ba:9c:3d:45:b3:c6:2c:18:64:d5:ba:3d: df:ab:7f:cd:42:ac:a7:f1:18:0b:a0:58:15:62:0b: a4:2a:6e:43:c3:e4:04:9f:35:a3:47:8e:46:ed:33: a5:65:bd:bc:3b:29:6e:02:0b:57:df:74:e8:13:b4: 37:35:7e:83:5f:20:26:60:a6:dc:ad:8b:c6:6c:79: 98:f7 attr p: 00:d9:70:06:d8:e2:bc:d4:78:91:50:94:d4:c1:1b: 89:38:6c:46:64:5a:51:a0:9a:07:3d:48:8f:03:51: cc:6b:12:8e:7d:1a:b1:65:e7:71:75:39:e0:32:05: 75:8d:18:4c:af:93:b1:49:b1:66:5f:78:62:7a:d1: 0c:ca:e6:4d:43:b3:9c:f4:6b:7d:e6:0c:98:dc:cf: 21:62:8e:d5:2e:12:de:04:ae:d7:24:6e:83:31:a2: 15:a2:44:3d:22:a9:62:26:22:b9:b2:ed:54:0a:9d: 08:83:a7:07:0d:ff:19:18:8e:d8:ab:1d:da:48:9c: 31:68:11:a1:66:6d:e3:d8:1d attr q: 00:fb:44:17:8b:a4:36:be:1e:37:1d:a7:f6:61:6c: 04:c4:aa:dd:78:3e:07:8c:1e:33:02:ae:03:14:87: 83:7a:e5:9e:7d:08:67:a8:f2:aa:bf:12:70:cf:72: a9:a7:c7:0b:1d:88:d5:20:fd:9c:63:ca:47:30:55: 4e:8b:c4:cf:f4:7f:16:a4:92:12:74:a1:09:c2:c4: 6e:9c:8c:33:ef:a5:e5:f7:e0:2b:ad:4f:5c:11:aa: 1a:84:37:5b:fd:7a:ea:c3:cd:7c:b0:c8:e4:1f:54: 63:b5:c7:af:df:f4:09:a7:fc:c7:25:fc:5c:e9:91: d7:92:c5:98:1e:56:d3:b1:23 attr u: 00:85:4b:1b:7a:9b:12:10:37:9e:1f:ad:5e:da:fe: c6:96:fe:df:35:6b:b9:34:e2:16:97:92:26:09:bd: bd:70:20:03:a7:35:bd:2d:1b:a0:d2:07:47:2b:d4: de:a8:a8:07:07:1b:b8:04:20:a7:27:41:3c:6c:39: 39:e9:41:ce:e7:17:1d:d1:4c:5c:bc:3d:d2:26:26: fe:6a:d6:fd:48:72:ae:46:fa:7b:c3:d3:19:60:44: 1d:a5:13:a7:80:f5:63:29:d4:7a:5d:06:07:16:5d: f6:8b:3d:cb:64:3a:e2:84:5a:4d:8c:06:2d:2d:9d: 1c:eb:83:4c:78:3d:79:54:ce>N)rI��reprr��r&��r��rE��r��r��r��test_reprPrivateRSAk��s��zKeyTests.test_reprPrivateRSAc��C��s ��\|��tt�\|�j��d��dS�)zm The repr of a L{keys.Key} contains all of the RSA components for an RSA public key. a\��<RSA Public Key (2048 bits) attr e: 01:00:01 attr n: 00:d5:6a:ac:78:23:d6:d6:1b:ec:25:a1:50:c4:77: 63:50:84:45:01:55:42:14:2a:2a:e0:d0:60:ee:d4: e9:a3:ad:4a:fa:39:06:5e:84:55:75:5f:00:36:bf: 6f:aa:2a:3f:83:26:37:c1:69:2e:5b:fd:f0:f3:d2: 7d:d6:98:cd:3a:40:78:d5:ca:a8:18:c0:11:93:24: 09:0c:81:4c:8f:f7:9c:ed:13:16:6a:a4:04:e9:49: 77:c3:e4:55:64:b3:79:68:9e:2c:08:eb:ac:e8:04: 2d:21:77:05:a7:8e:ef:53:30:0d:a5:e5:bb:3d:6a: e2:09:36:6f:fd:34:d3:7d:6f:46:ff:87:da:a9:29: 27:aa:ff:ad:f5:85:e6:3e:1a:b8:7a:1d:4a:b1:ea: c0:5a:f7:30:df:1f:c2:a4:e4:ef:3f:91:49:96:40: d5:19:77:2d:37:c3:5e:ec:9d:a6:3a:44:a5:c2:a4: 29:dd:d5:ba:9c:3d:45:b3:c6:2c:18:64:d5:ba:3d: df:ab:7f:cd:42:ac:a7:f1:18:0b:a0:58:15:62:0b: a4:2a:6e:43:c3:e4:04:9f:35:a3:47:8e:46:ed:33: a5:65:bd:bc:3b:29:6e:02:0b:57:df:74:e8:13:b4: 37:35:7e:83:5f:20:26:60:a6:dc:ad:8b:c6:6c:79: 98:f7>N)rI��rr��r��r&��r��re��rE��r��r��r��test_reprPublicRSA��s��zKeyTests.test_reprPublicRSAc��C��s2��\|��tt�\|�j��td�jdi�tj ��dS�)zl The repr of a L{keys.Key} contains all the OpenSSH format for an ECDSA public key. z� <Elliptic Curve Public Key (256 bits) curve: ecdsa-sha2-nistp256 x: {x} y: {y}> Nr��) rI��rr��r��r&��r0��re��r��formatr��r/��rE��r��r��r��test_reprPublicECDSA��s�� zKeyTests.test_reprPublicECDSAc��C��s.��\|��tt�\|�j��td�jdi�tj��dS�)zm The repr of a L{keys.Key} contains all the OpenSSH format for an ECDSA private key. a�� <Elliptic Curve Private Key (256 bits) curve: ecdsa-sha2-nistp256 privateValue: {privateValue} x: {x} y: {y}> Nr��) rI��rr��r��r&��r0��r��ru��r��r/��rE��r��r��r��test_reprPrivateECDSA��s��zKeyTests.test_reprPrivateECDSAc��C��s$��\|��tt�\|�j��td��dS�)zn The repr of a L{keys.Key} contains all the OpenSSH format for an Ed25519 public key. z� <Ed25519 Public Key (256 bits) attr a: f1:16:d1:15:4a:1e:15:0e:19:5e:19:46:b5:f2:44: 0d:b2:52:a0:ae:2a:6b:23:13:73:45:fd:40:d9:57: 7b:8b>N)rI��rr��r��r&��r7��re��r��rE��r��r��r��test_reprPublicEd25519��s��zKeyTests.test_reprPublicEd25519c��C��s ��\|��tt�\|�j��td��dS�)zo The repr of a L{keys.Key} contains all the OpenSSH format for an Ed25519 private key. a�� <Ed25519 Private Key (256 bits) attr a: f1:16:d1:15:4a:1e:15:0e:19:5e:19:46:b5:f2:44: 0d:b2:52:a0:ae:2a:6b:23:13:73:45:fd:40:d9:57: 7b:8b attr k: 37:2f:25:da:8d:d4:a8:9a:78:7c:61:f0:98:01:c6: f4:5e:6d:67:05:69:31:37:4c:69:0d:05:55:bb:c9: 44:58>N)rI��rr��r��r&��r7��r��rE��r��r��r��test_reprPrivateEd25519��s��z KeyTests.test_reprPrivateEd25519)W�__name__� __module__�__qualname__r��skipCryptographyr��r ��rA��rF��rK��rc��rn��rv��r\|��rw��rx��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r ��r��r��r��r��r��r"��r'��r��r,��r/��r0��r2��r7��r8��r=��rH��rJ��rK��rL��rM��rN��rQ��rT��rV��rX��rZ��r[��r\��rc��re��rj��rk��rn��rp��rq��rs��rt��rv��rw��rx��ry��r��r��r��r��r����s��?C) � P r��c��@��s4��e�Zd�ZdZedu�reZdd��Zdd��Zdd��Z dS�) �PersistentRSAKeyTestsz1 Tests for L{keys._getPersistentRSAKey}. Nc��C��sF��t�\|��}\|�d�}tj\|dd�}\|��\|��d��\|��\|��dS�)z� L{keys._getPersistentRSAKey} will put the key in C{directory}/C{filename}, with the key length of C{keySize}. � mykey.pem��keySizeN) r��r;��childr��_getPersistentRSAKeyrI��rJ��ro��exists�r@��tempDirr<��r��r��r��r��test_providedArguments5��s �� z,PersistentRSAKeyTests.test_providedArgumentsc��C��s\|��t�\|��}\|�d�}tj\|dd�}\|��\|��d��\|��\|��\|� ��}tj\|dd�}\|��\|��d��\|��\|� ��\|��dS�)zm L{keys._getPersistentRSAKey} will not regenerate the key if the key already exists. r��r��r��rG��N) r��r;��r��r��r��rI��rJ��ro��r�� getContent)r@��r��r<��r�� keyContentr��r��r��test_noRegenerationA��s�� z)PersistentRSAKeyTests.test_noRegenerationc��C��s>��t�\|��}\|�d�}tj\|dd�}d\|_\|��\|��d��dS�)z If the key generated by L{keys.getPersistentRSAKey} is set to None the key size should then become 0. r��r��r��Nr��)r��r;��r��r��r��r)��rI��rJ��r��r��r��r��test_keySizeZeroT��s �� z&PersistentRSAKeyTests.test_keySizeZero) rz��r{��r\|��__doc__r��r}��r��r��r��r��r��r��r��r��r~��-��s��r~��)r��r��rC��textwrapr��twisted.conch.testr��twisted.pythonr��twisted.python.filepathr��twisted.python.reflectr�� twisted.trialr��r��r}��r ��cryptography.hazmat.backendsr ��twisted.conch.sshr��r��r ��ed25519_supportedr��r��TestCaser��r~��r��r��r��r��<module>��sB��test/__pycache__/test_window.cpython-310.pyc��0000644��00000004123�15027667726�0015024 0��ustar�00��o ��bA��@��sH��d�Z�ddlmZmZmZ�ddlmZ�G�dd��de�ZG�dd��de�ZdS�) zJ Tests for the insults windowing module, L{twisted.conch.insults.window}. ��)�ScrolledArea� TextOutput� TopWindow)�TestCasec��@��e�Zd�ZdZdd��ZdS�)�TopWindowTestszB Tests for L{TopWindow}, the root window container class. c��s��g��g�}t��fdd�\|j�}\|��g��\|��\|g��\|��\|��g��\|��t\|�d��\|��\|��g��\|��t\|�d��\|��\|��t��d��\|��\|g��\|��\|��t��d��\|��t\|�d��dS�)z� Verify that L{TopWindow.repaint} schedules an actual paint to occur using the scheduling object passed to its initializer. c��s ��d��S�)N)�append��paintsr ��@/usr/lib/python3/dist-packages/twisted/conch/test/test_window.py�<lambda>��s�� z5TopWindowTests.test_paintScheduling.<locals>.<lambda>��N)r��r��assertEqual�repaint�len�pop)�self� scheduled�rootr ��r ��r��test_paintScheduling��s"�� z#TopWindowTests.test_paintSchedulingN)�__name__� __module__�__qualname__�__doc__r��r ��r ��r ��r��r�� s��r��c��@��r��)�ScrolledAreaTestsz� Tests for L{ScrolledArea}, a widget which creates a viewport containing another widget and can reposition that viewport using scrollbars. c��C��s2��t��}t\|�}\|��\|j\|j��\|��\|jj\|��dS�)z� The parent of the widget passed to L{ScrolledArea} is set to a new L{Viewport} created by the L{ScrolledArea} which itself has the L{ScrolledArea} instance as its parent. N)r��r��assertIs�parent� _viewport)r��widget�scrolledr ��r ��r��test_parent8��s��zScrolledAreaTests.test_parentN)r��r��r��r��r!��r ��r ��r ��r��r��2��s��r��N) r��twisted.conch.insults.windowr��r��r��twisted.trial.unittestr��r��r��r ��r ��r ��r��<module>��s ��)��test/__pycache__/test_cftp.cpython-310.pyc��0000644��00000137354�15027667726�0014466 0��ustar�00��o ��5�@gG��@��s��d�Z�ddlZddlZddlZddlZddlZddlZddlZddlm Z �ddl mZ�ddlm Z �ddlmZ�ddlmZ�ddlmZmZ�dd lmZ�dd lmZmZmZmZmZ�ddlmZ�ddlm Z m!Z!�dd l"m#Z#�ddl$m%Z%�ddl&m'Z'�ddl(m)Z)�ddlm+Z+�ddl,m-Z-�ddl.m/Z/�e+d�Z0e+d�Z1e+d�Z2e1r�e0r�z(ddl3m4Z4�ddl5m6Z6�ddl7m8Z8�ddl9m:Z:m;Z;�ddl<m=Z=�ddlm>Z>�W�n �e?y��Y�nw�dZ@de2e1e0e�Aed�fv�r�dZ@ee@d�G�d d!��d!e/��ZBG�d"d#��d#e/�ZCG�d$d%��d%e-�ZDG�d&d'��d'�ZEG�d(d)��d)�ZFe e�G�dd+��d+e ��ZGee@d�G�d,d-��d-e/��ZHG�d.d/��d/�ZIG�d0d1��d1ejJ�ZKG�d2d3��d3e�ZLee@d�G�d4d5��d5eL��ZMee@d�G�d6d7��d7eL��ZNee@d�ee)d8��d9�G�d:d;��d;eL��ZOdS�)<z* Tests for L{twisted.conch.scripts.cftp}. ��N)�BytesIO)�skipIf)�implementer)�ls)� ISFTPFile)�FileTransferTestAvatar�SFTPTestBase)�portal)�defer�error� interfaces�protocol�reactor)�Clock)�getProcessOutputAndValue�getProcessValue)�log)�UserDatabase)�FilePath)�which)� requireModule)�StringTransport)�TestCase�pyasn1�cryptographyztwisted.conch.unix)�cftp)� SSHSession)�filetransfer)� test_conch�test_ssh)� FakeStdio)�FileTransferForTestAvatarFTz4don't run w/o spawnProcess or cryptography or pyasn1c��@��s��e�Zd�ZdZdd��ZdS�)�SSHSessionTestsz= Tests for L{twisted.conch.scripts.cftp.SSHSession}. c��C��s��t��}t��}\|\|_\|��\|��\|j��dS�)z\| L{twisted.conch.scripts.cftp.SSHSession.eofReceived} loses the write half of its stdio connection. N)r ��r��stdio�eofReceived� assertTrue� writeConnLost)�selfr#��channel��r)��>/usr/lib/python3/dist-packages/twisted/conch/test/test_cftp.py�test_eofReceived>��s ��z SSHSessionTests.test_eofReceivedN)�__name__� __module__�__qualname__�__doc__r+��r)��r)��r)��r��r"��8��s��r"��c��@��s��e�Zd�ZdZeedd�du�rdZdd��Zdd��Zd d ��Z dd��Z d d��Ze� ��Zzz e�ejd��W�n�ejy>��dZY�nw�e�eje��W�n��Y�eed�dd��Zdd��ZdS�)�ListingTestsz� Tests for L{lsLine}, the function which generates an entry for a file or directory in an SFTP I{ls} command's output. �tzsetNz8Cannot test timestamp formatting code without time.tzsetc��sj��d��_��fdd�}��td\|��dtjv�r��tjtjdtjd��tj ��dS�dd��}��\|��dS�) zo Patch the L{ls} module's time function so the results of L{lsLine} are deterministic. i�[c��s��j�S��N)�nowr)��r'��r)��r��fakeTimeZ��s��z$ListingTests.setUp.<locals>.fakeTime�time�TZc��S��s,��zt�jd=�W�n �ty��Y�nw�t��d�S�)Nr7��)�os�environ�KeyErrorr6��r1��r)��r)��r)��r��cleanupf��s��z#ListingTests.setUp.<locals>.cleanupN) r3��patchr��r8��r9�� addCleanup�operator�setitemr6��r1��)r'��r5��r;��r)��r4��r��setUpS��s�� zListingTests.setUpc��C��s��\|t�jd<�t��t�d\|�S�)zl Call L{ls.lsLine} after setting the timezone to C{timezone} and return the result. r7��foo)r8��r9��r6��r1��r��lsLine)r'��timezone�statr)��r)��r�� _lsInTimezonep��s�� zListingTests._lsInTimezonec��C��T��\|�j�d�}t�dddddddd\|df �}\|��\|��d\|�d��\|��\|��d\|�d��dS�)z� A file with an mtime six months (approximately) or more in the past has a listing including a low-resolution timestamp. �r��America/New_Yorkz;!--------- 0 0 0 0 Apr 26 1973 foo�Pacific/Aucklandz;!--------- 0 0 0 0 Apr 27 1973 fooN�r3��r8��stat_result�assertEqualrE��r'��thenrD��r)��r)��r��test_oldFile{�� zListingTests.test_oldFilec��C��X��\|�j�d�d�}t�dddddddd\|df �}\|��\|��d\|�d��\|��\|��d\|�d��dS�) �� A file with a high-resolution timestamp which falls on a day of the month which can be represented by one decimal digit is formatted with one padding 0 to preserve the columns which come after it. rG��i��r��rH��z;!--------- 0 0 0 0 May 01 1973 foorI��z;!--------- 0 0 0 0 May 02 1973 fooNrJ��rM��r)��r)��r��test_oldSingleDigitDayOfMonth�� zListingTests.test_oldSingleDigitDayOfMonthc��C��rF��)z� A file with an mtime fewer than six months (approximately) in the past has a listing including a high-resolution timestamp excluding the year. 逛z�r��rH��;!--------- 0 0 0 0 Aug 28 17:33 foorI��;!--------- 0 0 0 0 Aug 29 09:33 fooNrJ��rM��r)��r)��r��test_newFile��rP��zListingTests.test_newFile� es_AR.UTF8Tz'The es_AR.UTF8 locale is not installed.c��C��s\|��\|�j�d�}t�dddddddd\|df �}t��}t�tjd��\|��tjtj\|��\|��\|�� d\|�d��\|��\|�� d\|�d��dS�) zC The month name in the date is locale independent. rU��r��rY��rH��rV��rI��rW��N) r3��r8��rK��locale� getlocale� setlocale�LC_ALLr=��rL��rE��)r'��rN��rD�� currentLocaler)��r)��r��test_localeIndependent��s�� z#ListingTests.test_localeIndependentc��C��rQ��) rR��rU��i�F�r��rH��z;!--------- 0 0 0 0 Sep 01 17:33 foorI��z;!--------- 0 0 0 0 Sep 02 09:33 fooNrJ��rM��r)��r)��r��test_newSingleDigitDayOfMonth��rT��zListingTests.test_newSingleDigitDayOfMonth)r,��r-��r.��r/��getattrr6��skipr@��rE��rO��rS��rX��rZ��r[��r^��r\��r]��Error� localeSkipr��r_��r`��r)��r)��r)��r��r0��J��s.�� r0��c��s ��e�Zd�ZdZ��fdd�Z��ZS�)�InMemorySSHChannelzp Minimal implementation of a L{SSHChannel} like class which only reads and writes data from memory. c��s��\|\|�_�d\|�_t��dS�)zt @param conn: The SSH connection associated with this channel. @type conn: L{SSHConnection} r��N)�conn�localClosed�super�__init__)r'��rf�� __class__r)��r��ri��s��zInMemorySSHChannel.__init__)r,��r-��r.��r/��ri�� __classcell__r)��r)��rj��r��re��s��re��c��@��(��e�Zd�ZdZdd��Zdd��Zdd��ZdS�) �FilesystemAccessExpectationszC A test helper used to support expected filesystem access. c��C��s ��i�\|�_�d�S�r2��_cacher4��r)��r)��r��ri�� z%FilesystemAccessExpectations.__init__c��C��s��\|\|�j�\|\|f<�dS�)z� @param path: Path at which the stream is requested. @type path: L{str} @param path: Flags with which the stream is requested. @type path: L{str} @param stream: A stream. @type stream: C{File} Nro��)r'��path�flags�streamr)��r)��r��put��s��z FilesystemAccessExpectations.putc��C��s��\|�j��\|\|f�S�)a�� Remove a stream from the memory. @param path: Path at which the stream is requested. @type path: L{str} @param path: Flags with which the stream is requested. @type path: L{str} @return: A stream. @rtype: C{File} )rp��pop)r'��rr��rs��r)��r)��r��rv��s�� z FilesystemAccessExpectations.popN)r,��r-��r.��r/��ri��ru��rv��r)��r)��r)��r��rn��s ��rn��c��@��s ��e�Zd�ZdZdd��Zdd��ZdS�)�InMemorySFTPClienta'�� A L{filetransfer.FileTransferClient} which does filesystem operations in memory, without touching the local disc or the network interface. @ivar _availableFiles: File like objects which are available to the SFTP client. @type _availableFiles: L{FilesystemRegister} c��C��s ��t�\|��\|�_ddd�\|�_\|\|�_d�S�)N�� )�requests� buffersize)re�� transport�options�_availableFiles)r'��availableFilesr)��r)��r��ri��,��s �� zInMemorySFTPClient.__init__c��C��s��\|�j��\|\|�S�)z} @see: L{filetransfer.FileTransferClient.openFile}. Retrieve and remove cached file based on flags. )r~��rv��)r'��filenamers��attrsr)��r)��r��openFile4��s��zInMemorySFTPClient.openFileN)r,��r-��r.��r/��ri��r��r)��r)��r)��r��rw��"��s�� rw��c��@��sH��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dS�)�InMemoryRemoteFilez; An L{ISFTPFile} which handles all data in memory. c��C��s��\|\|�_�t�\|��dS�)zL @param name: Name of this file. @type name: L{str} N)�namer��ri��)r'��r��r)��r)��r��ri��C��s��zInMemoryRemoteFile.__init__c��C��s��\|��\|��\|��\|��t�\|��S�)z/ @see: L{ISFTPFile.writeChunk} )�seek�writer ��succeed)r'��start�datar)��r)��r�� writeChunkK��s�� zInMemoryRemoteFile.writeChunkc��C��s ��d\|�_�dS�)zo @see: L{ISFTPFile.writeChunk} Keeps data after file was closed to help with testing. TN)�_closedr4��r)��r)��r��closeS�� zInMemoryRemoteFile.closec��C��d�S�r2��r)��r4��r)��r)��r��getAttrs[��zInMemoryRemoteFile.getAttrsc��C��r��r2��r)��)r'��offset�lengthr)��r)��r�� readChunk_��r��zInMemoryRemoteFile.readChunkc��C��r��r2��r)��)r'��r��r)��r)��r��setAttrsc��r��zInMemoryRemoteFile.setAttrsc��C��s ��t��\|��S�)zb Get current data of file. Allow reading data event when file is closed. )r��getvaluer4��r)��r)��r��r��g��r��zInMemoryRemoteFile.getvalueN)r,��r-��r.��r/��ri��r��r��r��r��r��r��r)��r)��r)��r��r��=��s��r��c��@��s��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zdd��Zdd��Z dd��Zdd��Zd)dd�Zddd �Zd!d"��Zd#d$��Zd%d&��Zd'd(��ZdS�)+�StdioClientTestsz( Tests for L{cftp.StdioClient}. c��C��sT��t��\|�_t\|�j�}t�\|�\|�_d\|�j_t��\|�_\|�j_ \|�� dd��\|�jjj\|�j_dS�)zm Create a L{cftp.StdioClient} hooked up to dummy transport and a fake user database. �/i��N)rn��fakeFilesystemrw��r��StdioClient�client�currentDirectoryr��database�_pwd�setKnownConsoleSizer\|��)r'�� sftpClientr)��r)��r��r@��v��s�� zStdioClientTests.setUpc�� C��s@��\|�j��t��dt��dddtj��\|�j� d�}\|� \|�jd��\|S�)zs The I{exec} command runs its arguments locally in a child process using the user's shell. �secret��rA��barzexec print(1 + 2)s��3 )r��addUser�getpass�getuserr8��getuid�sys� executabler��_dispatchCommand�addCallbackrL��r'��dr)��r)��r�� test_exec��s��zStdioClientTests.test_execc�� C��>��\|�j��t��dt��dddd��\|�j�d�}\|�\|�j d��\|S�)zr If the local user has no shell, the I{exec} command runs its arguments using I{/bin/sh}. r��r��rA��r��zexec echo hello��hello � r��r��r��r��r8��r��r��r��r��rL��r��r)��r)��r��test_execWithoutShell��s��z&StdioClientTests.test_execWithoutShellc�� C��r��)zO The I{exec} command is run for lines which start with C{"!"}. r��r��rA��r��z/bin/shz!echo hellor��r��r��r)��r)��r�� test_bang��s��zStdioClientTests.test_bangc��s2��ddl��G��fdd�d�}\|��td\|��dS�)a�� For the duration of this test, patch C{cftp}'s C{fcntl} module to return a fixed width and height. @param width: the width in characters @type width: L{int} @param height: the height in characters @type height: L{int} r��Nc��s��e�Zd�Z��fdd�ZdS�)z7StdioClientTests.setKnownConsoleSize.<locals>.FakeFcntlc��s&��\|�j�kr \|��d��t�d��dd�S�)Nz#Only window-size queries supported.�4Hr��)� TIOCGWINSZ�fail�struct�pack)r'��fd�opt�mutate��height�tty�widthr)��r��ioctl��s�� z=StdioClientTests.setKnownConsoleSize.<locals>.FakeFcntl.ioctlN)r,��r-��r.��r��r)��r��r)��r�� FakeFcntl��s��r��fcntl)r��r<��r��)r'��r��r��r��r)��r��r��r��s��z$StdioClientTests.setKnownConsoleSizec��C��s��\|��dd��t��}\|�j_td�}d\|_t�\|�}d\|_\|� ��}\|� d��\|�jd7��_\|�j�\|\|��d}\|�� \|�jj��\|��d S�) a(�� L{StdioClient._printProgressBar} prints a progress description, including percent done, amount transferred, transfer rate, and time remaining, all based the given start time, the given L{FileWrapper}'s progress information and the reactor's current time. ry��"��x��samplei�(��g��@i��s#�� b'sample' 40% 4.0kB 2.0kBps 00:03 N)r��r��r��r��r��r��r��FileWrapper�size�seconds�advance�total�_printProgressBarrL��r\|��value�r'��clock�wrapped�wrapper� startTime�resultr)��r)��r��test_printProgressBarReporting��s�� z/StdioClientTests.test_printProgressBarReportingc��C��sd��\|��dd��t��}\|�j_td�}d\|_t�\|�}\|��}\|�j� \|\|��d}\|�� \|�jj��\|��dS�)z� L{StdioClient._printProgressBar} prints a progress description that indicates 0 bytes transferred if no bytes have been transferred and no time has passed. ry��r��r��r��s!�� b'sample' 0% 0.0B 0.0Bps 00:00 N) r��r��r��r��r��r��r��r��r��r��rL��r\|��r��r��r)��r)��r��test_printProgressBarNoProgress��s�� z0StdioClientTests.test_printProgressBarNoProgressc��C��sL��\|��dd��t��}d\|_t�\|�}\|�j�\|d��d}\|��\|\|�jj� ��dS�)z5 Print the progress for empty files. ry��r��s ��empty-filer��s%�� b'empty-file'100% 0.0B 0.0Bps 00:00 N) r��r��r��r��r��r��r��rL��r\|��r��)r'��r��r��r��r)��r)��r��test_printProgressBarEmptyFile��s�� z/StdioClientTests.test_printProgressBarEmptyFilec��C��\|�j��d�}\|��d\|��dS�)zK Returns empty value for both filename and remaining data. z )r��r��N�r��_getFilenamerL��r'��r��r)��r)��r��test_getFilenameEmpty��s��z&StdioClientTests.test_getFilenameEmptyc��C��r��)zd Returns empty value for remaining data when line contains only a filename. � only-local)r��r��Nr��r��r)��r)��r��test_getFilenameOnlyLocal��zStdioClientTests.test_getFilenameOnlyLocalc��C��r��)ze Returns filename and remaining data striped of leading and trailing spaces. z local remote file )�localzremote fileNr��r��r)��r)��r��test_getFilenameNotQuoted ��r��zStdioClientTests.test_getFilenameNotQuotedc��C��r��)z� Returns filename and remaining data not striped of leading and trailing spaces when quoted paths are requested. z" " local file " " remote file " )z local file z" remote file "Nr��r��r)��r)��r��test_getFilenameQuoted��r��z'StdioClientTests.test_getFilenameQuotedN��c��C��sJ��\|du�r\|��}t\|d��}\|�\|��W�d��\|S�1�sw��Y��\|S�)ab�� Create a local file and return its path. When `path` is L{None}, it will create a new temporary file. @param path: Optional path for the new file. @type path: L{str} @param content: Content to be written in the new file. @type content: L{bytes} @return: Path to the newly create file. N�wb)�mktemp�openr��)r'��rr��content�filer)��r)��r��makeFile��s�� zStdioClientTests.makeFileFc��C��sh��\|�j�j��}\|�d�}\|�d�}g�}g�}\|D�]\}}}g�} \|D�]} \| �\|��d\| ��q\| �d\|��d\|��\|�\| ��\|�d��d��d�}\|dd ��}\|d ��d ��d �} \|�\| ��g�}\|dd ��D�]$} \| �� dd�d�} \| ��dd�} \|�\| d��d\| d��qd\|�\|d ��\|�\|��q\|r�\|�� t\|�t\|��n\|�� \|\|��\|�� dt\|�d ��dS�)a�� Check output of cftp client for a put request. @param transfers: List with tuple of (local, remote, progress). @param randomOrder: When set to C{True}, it will ignore the order in which put reposes are received �utf-8z � zTransferred z to r�� N�� rx��z5There are still put responses which were not checked.) r��r\|��r��decode�split�appendrv��strip�extend�rsplitrL��sorted�len)r'�� transfers�randomOrder�output�expectedOutput�actualOutputr��remote�expected�expectedTransfer�line� progressParts�actual�last�actualTransferr)��r)��r��checkPutMessage3��s<�� "�z StdioClientTests.checkPutMessagec��C��s��d}\|�j�\|d�}tjtjB�tjB�}tj�dtj�\|��}t \|�}\|�j �\|\|t� \|��d\|�jjjd<�\|�j�\|�}\|��\|��\|��\|\|��\|��\|j��\|��\|\|g�d�fg��dS�)z� A name based on local path is used when remote path is not provided. The progress is updated while chunks are transferred. s ��Test Content)r��r��ry��r{��)z 76% 10.0B� 100% 13.0Br��N)r��r�� FXF_WRITE� FXF_CREAT� FXF_TRUNCr8��rr��join�basenamer��r��ru��r ��r��r��r}��cmd_PUT�successResultOfrL��r��r%��r��r��)r'��r�� localPathrs�� remoteName� remoteFile�deferredr)��r)��r��test_cmd_PUTSingleNoRemotePathp��s�� z/StdioClientTests.test_cmd_PUTSingleNoRemotePathc��C��s��\|��}tjtjB�tjB�}d}t\|�}\|�j�\|\|t� \|��\|�j �\|��d\|��d��}\|��\|��\|�� \|\|dgfg��\|��\|j��\|��d\|��dS�)z� Remote path is extracted from first filename after local file. Any other data in the line is ignored. z/remote-pathr��z ignored� 100% 0.0Br��N)r��r��r��r��r��r��r��ru��r ��r��r��r��r��r��r%��r��rL��r��)r'��r ��rs��r��r��r��r)��r)��r��test_cmd_PUTSingleRemotePath��s�� z-StdioClientTests.test_cmd_PUTSingleRemotePathc��C��s��\|��}tj�\|�}d}tj�\|�}\|�j�tj�\|\|�d�}tjtjB�tj B�}d\|��}d\|��}t \|�} t \|�} \|�j�\|\|t �\| ��\|�j�\|\|t �\| ��\|�j�tj�\|d��}\|��\|��\|��\| j��\|��d\| ��\|��\| j��\|��d\| ��\|�j\|\|dgf\|\|dgfgdd��d S�) z� When a gobbing expression is used local files are transferred with remote file names based on local names. �second-name�rr��r��r��r��T�r��N)r��r8��rr��r ��dirnamer ��r��r��r��r��r��r��ru��r ��r��r��r��r��r%��r��rL��r��r��)r'��first� firstName� secondName�parent�secondrs��firstRemotePath�secondRemotePath�firstRemoteFile�secondRemoteFiler��r)��r)��r�� test_cmd_PUTMultipleNoRemotePath��s4�� z1StdioClientTests.test_cmd_PUTMultipleNoRemotePathc��C��s ��\|��}tj�\|�}d}tj�\|�}\|�j�tj�\|\|�d�}tjtjB�tj B�}t \|�}t \|�}d\|��} d\|��} \|�j�\| \|t �\|��\|�j�\| \|t �\|��\|�j�d�tj�\|d��}\|��\|��\|��\|j��\|��d\|��\|��\|j��\|��d\|��\|�j\|\|dgf\|\|dgfgdd ��d S�)z� When a gobbing expression is used local files are transferred with remote file names based on local names. when a remote folder is requested remote paths are composed from remote path and local filename. r��r��z/remote/z {} remoter��r��r��Tr��N)r��r8��rr��r ��r��r ��r��r��r��r��r��r��ru��r ��r��r��r��formatr��r%��r��rL��r��r��)r'��r��r��r��r��r��rs��r ��r!��r��r��r��r)��r)��r��"test_cmd_PUTMultipleWithRemotePath��s4�� z3StdioClientTests.test_cmd_PUTMultipleWithRemotePath)Nr��)F)r,��r-��r.��r/��r@��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r"��r$��r)��r)��r)��r��r��p��s(�� =#r��c��@��s��e�Zd�Zdd��Zdd��ZdS�)�FileTransferTestRealmc��C��s ��\|\|�_�d�S�r2��)�testDir)r'��r&��r)��r)��r��ri��rq��zFileTransferTestRealm.__init__c��G��s��t�\|�j�}\|d�\|dd��fS�)Nr��c��S��r��r2��r)��r)��r)��r)��r��<lambda>��s��z5FileTransferTestRealm.requestAvatar.<locals>.<lambda>)r��r&��)r'��avatarID�mindr��ar)��r)��r�� requestAvatar��s�� z#FileTransferTestRealm.requestAvatarN)r,��r-��r.��ri��r+��r)��r)��r)��r��r%��s��r%��c��@��s`��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zdd��Zdd��Z dS�)�SFTPTestProcessz� Protocol for testing cftp. Provides an interface between Python (where all the tests are) and the cftp client process (which does the work that is being tested). c��C��s$��\|��\|\|�_d\|�_d\|�_d\|�_dS�)zr @param onOutReceived: A L{Deferred} to be fired as soon as data is received from stdout. NF)�clearBuffer� onOutReceived�onProcessEnd�_expectingCommand� _processEnded)r'��r.��r)��r)��r��ri��s �� zSFTPTestProcess.__init__c��C��s��d\|�_�g�\|�_d\|�_dS�)zR Clear any buffered data received from stdout. Should be private. r��N)�buffer�_linesReceived�_lineBufferr4��r)��r)��r��r-��s�� zSFTPTestProcess.clearBufferc��C��sr��t��d\|��\|�j\|��d�}\|�d�\|�_\|�j�\|��\|�jdur,\|�jd}\|�_\|�\|��\|��j \|7��_ \|�� dS�)zO Called by Twisted when the cftp client prints data to stdout. zgot %r�� r��N)r��msgr4��r��rv��r3��r��r.��callbackr2��_checkForCommand)r'��r��linesr��r)��r)��r��outReceived��s�� zSFTPTestProcess.outReceivedc��C��sf��d}\|�j�r/\|�j\|kr1d�\|�j�}\|�\|�r\|t\|�d��}\|��\|�j�d�}\|�_�\|�\|��d�S�d�S�d�S�)Ns��cftp> r5��)r0��r4��r ��r3�� startswithr��r-��r7��)r'��prompt�bufr��r)��r)��r��r8��s�� z SFTPTestProcess._checkForCommandc��C��s��t��d\|��dS�)zO Called by Twisted when the cftp client prints data to stderr. zerr: %sN)r��r6��)r'��r��r)��r)��r��errReceived"��s��zSFTPTestProcess.errReceivedc��C��s��\|�j�S�)zQ Return the contents of the buffer of data received from stdout. )r2��r4��r)��r)��r�� getBuffer(��s��zSFTPTestProcess.getBufferc��C��s<��t��\|�_\|��t\|t�r\|�d�}\|�j�\|d��\|�jS�)a�� Issue the given command via the cftp client. Return a C{Deferred} that fires when the server returns a result. Note that the C{Deferred} will callback even if the server returns some kind of error. @param command: A string containing an sftp command. @return: A C{Deferred} that fires when the sftp server returns a result. The payload is the server's response string. r��r5��) r ��Deferredr0��r-�� isinstance�str�encoder\|��r��r'��commandr)��r)��r�� runCommand.��s�� zSFTPTestProcess.runCommandc��s(��t��d��fdd�\|D��}t��\|�S�)ax�� Run each command in sequence and return a Deferred that fires when all commands are completed. @param commands: A list of strings containing sftp commands. @return: A C{Deferred} that fires when all commands are completed. The payload is a list of response strings from the server, in the same order as the commands. rx��c��s��g�\|�] }��j\|��qS�r)��)�runrF��)�.0rE��r'��semr)��r�� <listcomp>L��s��z-SFTPTestProcess.runScript.<locals>.<listcomp>)r ��DeferredSemaphore� gatherResults)r'��commands�dlr)��rI��r�� runScript@��s�� zSFTPTestProcess.runScriptc��C��s,��\|�j�rt�d�S�t��\|�_\|�j�d��\|�jS�)z� Kill the process if it is still running. If the process is still running, sends a KILL signal to the transport and returns a C{Deferred} which fires when L{processEnded} is called. @return: a C{Deferred}. N�KILL)r1��r ��r��r@��r/��r\|�� signalProcessr4��r)��r)��r��killProcessO��s �� zSFTPTestProcess.killProcessc��C��s,��d\|�_�\|�jr\|�jd}\|�_\|�d��dS�dS�)zF Called by Twisted when the cftp client process ends. TN)r1��r/��r7��)r'��reasonr��r)��r)��r��processEnded^��s ��zSFTPTestProcess.processEndedN)r,��r-��r.��r/��ri��r-��r:��r8��r>��r?��rF��rP��rS��rU��r)��r)��r)��r��r,��s�� r,��c��@��s4��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��ZdS�)�CFTPClientTestBasec��C��s��t�dd��}\|�tj��W�d��n1�sw��Y��t�dd��}\|�tj��W�d��n1�s1w��Y��t�dd��t�dd��}\|�dtj��W�d��n1�sTw��Y��t� \|��S�)N�dsa_test.pubr��dsa_testi��kh_tests ��127.0.0.1 ) r��r��r��publicDSA_openssh�privateDSA_opensshr8��chmod�publicRSA_opensshr��r@��r'��fr)��r)��r��r@��i��s�� zCFTPClientTestBase.setUpc��C��sF��t�\|�j�}t�\|�}\|�t��t��}\|\|_tj d\|dd�\|�_ d�S�)Nr��z 127.0.0.1)� interface)r%��r&��r ��Portal�registerCheckerr��conchTestPublicKeyChecker�ConchTestServerFactoryr�� listenTCP�server)r'��realm�p�facr)��r)��r��startServers��s�� zCFTPClientTestBase.startServerc��C��sH��t�\|�jjd�s\|��d��S�d\|�jjj_t�\|�jjjjj �}\|� \|�j��\|S�)N�protorx��)�hasattrrf��factory� _cbStopServerrk��expectedLoseConnectionr �� maybeDeferredr\|��loseConnectionr��r��r)��r)��r�� stopServer{��s�� zCFTPClientTestBase.stopServerc��C��s��t��\|�jj�S�r2��)r ��rp��rf�� stopListening�r'��ignoredr)��r)��r��rn��s��z CFTPClientTestBase._cbStopServerc�� C��s4��dD�]}zt��\|��W�q�ty��Y�qw�t�\|��S�)N)rW��rX��rY��)r8��remove� BaseExceptionr��tearDownr^��r)��r)��r��rx��s�� zCFTPClientTestBase.tearDownN)r,��r-��r.��r@��rj��rr��rn��rx��r)��r)��r)��r��rV��h��s�� rV��c��@��s��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zdd��Zd-dd�Z dd��Zdd��Zdd��Zdd��Zdd ��Zd!d"��Zd#d$��Zd%d&��Zd'd(��Zd)d��Zd+d,��ZdS�).�OurServerCmdLineClientTestsz� Functional tests which launch a SFTP server over TCP on localhost and check cftp command line interface using a spawned process. Due to the spawned process you can not add a debugger breakpoint for the client code. c�� s0��t��d}��j��j}tj\|\|��dd�}t � dtj��d\|��t ��}t\|��_\|��fdd��tj��}tj�tj�\|d<�g�}i�}\|D�]}t\|t�rZ\|�d �}\|�\|��qN\|D�]}\|\|�} t\|t�rr\|�d �}t\| t�r\|\| �d �} \| \|\|<�qbt � \|��t � \|��tj��jtj\|\|d ��\|S�)Nz�-p %i -l testuser --known-hosts kh_test --user-authentications publickey --host-key-algorithms ssh-rsa -i dsa_test -a -v 127.0.0.1r��mod�running r��c�� j��S�r2��)�processProtocolr-��_r4��r)��r��r'�� z3OurServerCmdLineClientTests.setUp.<locals>.<lambda>� PYTHONPATHr��env)rV��r@��rj��rf��getHost�portr�� _makeArgsr��r��r6��r��r��r ��r@��r,��r~��r��r8��r9��copy�pathsepr ��rr��rA��rB��rC��r��r��spawnProcess) r'��cmdsr��r��r��encodedCmds� encodedEnv�cmd�var�valr)��r4��r��r@��s>�� z!OurServerCmdLineClientTests.setUpc��s��}\|��fdd��\|S�)Nc��r}��r2��)r~��rS��r��r4��r)��r��r'��r��z6OurServerCmdLineClientTests.tearDown.<locals>.<lambda>)rr��r��r��r)��r4��r��rx��s��z$OurServerCmdLineClientTests.tearDownc��C��s,��z \|�j�j�d��W�d�S��tjy��Y�d�S�w�)NrQ��)r~��r\|��rR��r��ProcessExitedAlreadyrt��r)��r)��r��_killProcess��s ��z(OurServerCmdLineClientTests._killProcessc��C��\|�j��\|�S�)z� Run the given command with the cftp client. Return a C{Deferred} that fires when the command is complete. Payload is the server's output for that command. )r~��rF��rD��r)��r)��r��rF��z&OurServerCmdLineClientTests.runCommandc��G��r��)z� Run the given commands with the cftp client. Returns a C{Deferred} that fires when the commands are all complete. The C{Deferred}'s payload is a list of output for each command. )r~��rP��)r'��rN��r)��r)��r��rP��r��z%OurServerCmdLineClientTests.runScriptc��C��sL��\|�j�}\|��ddddd�}dd��}\|�\|��\|�\|�j\|jt��d\|jg��\|S�)z� Test that 'pwd' reports the current remote directory, that 'lpwd' reports the current local directory, and that changing to a subdirectory then changing to its parent leaves you in the original remote directory. �pwd�lpwdzcd testDirectory�cd ..c��S��sD��g�}\|�D�]}t�\|t�r\|�d�}\|�\|��q\|dd��\|dd��S�)zH Callback function for handling command output. r��N��)rA��bytesr��r��)r��r��r��r)��r)��r�� cmdOutput��s�� z8OurServerCmdLineClientTests.testCdPwd.<locals>.cmdOutputr��)r&��rP��r��rL��rr��r8��getcwd)r'��homeDirr��r��r)��r)��r�� testCdPwd��s�� z%OurServerCmdLineClientTests.testCdPwdc��s&��fdd�}��dddd�}\|�\|�S�)z� Check that 'ls -l' output includes the access permissions and that this output changes appropriately with 'chmod'. c��sZ��\|�d��d��\|�d�d��\|�d��d�\|�d��\|�d�d��d�S�)Nr��s ��-rw-r--r--rx��r��r��s ��----------r��)�flushLoggedErrorsr%��r;��rL��resultsr4��r)��r��_check��s ��z7OurServerCmdLineClientTests.testChAttrs.<locals>._checkzls -l testfile1zchmod 0 testfile1zchmod 644 testfile1�rP��r��r'��r��r��r)��r4��r��testChAttrs��s�� z'OurServerCmdLineClientTests.testChAttrsc��s@��fdd�}��dd��j��ddd�}\|�dd ��\|�\|�S�) z� Check 'ls' works as expected. Checks for wildcards, hidden files, listing directories and listing empty directories. c��sf��\|�d�g�d��\|�d�g�d��\|�d�ddg��\|�d�g�d��\|�d �d g��d�S�)Nr��s ��testDirectory��testRemoveFile��testRenameFiles ��testfile1rx��r��r��r��r��)s��.testHiddenFiler��r��r��r��rL��r��r4��r)��r��r��s��z4OurServerCmdLineClientTests.testList.<locals>._checkr��zls ../zls Filezls -a Filezls -l testDirectoryc��S��s��dd��\|�D��S�)Nc��S��s��g�\|�]}\|��d��qS�)r5��)r��)rH��xr)��r)��r��rK����zJOurServerCmdLineClientTests.testList.<locals>.<lambda>.<locals>.<listcomp>r)��)�xsr)��r)��r��r'����s��z6OurServerCmdLineClientTests.testList.<locals>.<lambda>)rP��r&��r ��r��r��r)��r4��r��testList��s�� z$OurServerCmdLineClientTests.testListc��C��sD��\|��d�}t�d��d��}t\|t�r\|�d�}\|�\|�j \|��\|S�)zB Check that running the '?' command returns help. �?Nr��r��) rF��r��r��cmd_HELPr��rA��rB��rC��r��rL��)r'��r��helpTextr)��r)��r��testHelp-��s�� z$OurServerCmdLineClientTests.testHelpNc��C��s��\|��\|��\|��\|��dS�)zg Assert that the files at C{name1} and C{name2} contain exactly the same data. N)rL�� getContent)r'��name1�name2r6��r)��r)��r��assertFilesEqual9��s��z,OurServerCmdLineClientTests.assertFilesEqualc��sl��d��jj�jj��t��t�r��d��fdd�}��d�jj��d��}\|�\|��\|��fdd��\|S�) z� Test that 'get' saves the remote file to the correct local location, that the output of 'get' is correct and that 'rm' actually removes the file. z)Transferred {}/testfile1 to {}/test file2r��c��s8��\|��j�d��j�d�d��d�S�)N� testfile1� test file2z get failedzrm "test file2")r%��endswithr��r&��childrF��r��r��r'��r)��r�� _checkGetN��s�� z6OurServerCmdLineClientTests.testGet.<locals>._checkGetzget testfile1 "z/test file2"c��j�d��S�)Nr��assertFalser&��r��existsr��r4��r)��r��r'��Z��r��z5OurServerCmdLineClientTests.testGet.<locals>.<lambda>)r#��r&��rr��rA��rB��rC��rF��r��)r'��r��r��r)��r��r��testGet@��s�� z#OurServerCmdLineClientTests.testGetc��s ��fdd�}��d�}\|�\|�S�)zQ Test that 'get' works correctly when given wildcard parameters. c��s8��j�d�td�d��j�d�td�d��d�S�)N�testRemoveFile�testRemoveFile get failed�testRenameFile�testRenameFile get failed)r��r&��r��r��)ru��r4��r)��r��r��c��s�� z;OurServerCmdLineClientTests.testWildcardGet.<locals>._checkz get testR)rF��r��r��r)��r4��r��testWildcardGet^��s�� z+OurServerCmdLineClientTests.testWildcardGetc��sh��d�j��j�d��j��j�d��fdd�}��d�j�j��d��}\|�\|��\|��fdd ��\|S�) z� Check that 'put' uploads files correctly and that they can be successfully removed. Also check the output of the put command. s��Transferred s��/testfile1 to s��/test"file2c��s6��j�d��j�d��\|��d�S�)Nr�� test"file2zrm "test\"file2")r��r&��r��r%��r��rF��r��r��r)��r�� _checkPut��s �� z6OurServerCmdLineClientTests.testPut.<locals>._checkPut�put z/testfile1 "test\"file2"c��r��)Nr��r��r��r4��r)��r��r'��r��z5OurServerCmdLineClientTests.testPut.<locals>.<lambda>)r&��asBytesModerr��rF��r��)r'��r��r��r)��r��r��testPutr��s"�� z#OurServerCmdLineClientTests.testPutc��s��j��d�jdd�� }\|�d��W�d��n1�sw��Y��j��d�jdd�� }\|�d��W�d��n1�s9w��Y��fdd �}��d ��j�j��d��}\|�\|��\|S�)zb Check that 'put' uploads files correctly when overwriting a longer file. �shorterFile�w��mode��aN� longerFile��bbc��s ��j�d��j�d��d�S�)Nr��r��)r��r&��r��r��r4��r)��r��r��s��zEOurServerCmdLineClientTests.test_putOverLongerFile.<locals>._checkPutr��z/shorterFile longerFile)r&��r��r��r��rF��rr��r��r'��r_��r��r��r)��r4��r��test_putOverLongerFile��s�� z2OurServerCmdLineClientTests.test_putOverLongerFilec��s��j��d��d�jdd�� }\|�d��W�d��n1�s#w��Y��j��d�jdd�� }\|�d��W�d��n1�sBw��Y��fdd �}��d ��j�j��d��}\|�\|��\|S�)z� Check that 'put' uploads files correctly when overwriting a longer file and you use a wildcard to specify the files to upload. �dirr��r��r��r��Nr��c��s��d��j�d��d�S�)Nr��)r��r��r&��r��r'��someDirr)��r��r��s��zMOurServerCmdLineClientTests.test_putMultipleOverLongerFile.<locals>._checkPutr��z/dir/)r&��r��createDirectoryr��r��rF��rr��r��r��r)��r��r��test_putMultipleOverLongerFile��s�� z:OurServerCmdLineClientTests.test_putMultipleOverLongerFilec��s>��fdd�}��dd��jj��d�d��j��}\|�\|��\|S�)z� What happens if you issue a 'put' command and include a wildcard (i.e. '') in parameter? Check that all files matching the wildcard are uploaded to the correct directory. c��sh��\|�d�d��\|�d�d��j�d��j��d�d��j�d��j��d�d��d�S�)Nr��r��r��r��r��r��r��)rL��r��r&��r��r��r��r4��r)��r��check��s�� z:OurServerCmdLineClientTests.testWildcardPut.<locals>.checkr��r��z/testRzcd %s)rP��r&��rr��r ��r��)r'��r��r��r)��r4��r��testWildcardPut��s�� z+OurServerCmdLineClientTests.testWildcardPutc��4��fdd�}��dd�}\|�\|��\|��jd��\|S�)z� Test that 'ln' creates a file which appears as a link in the output of 'ls'. Check that removing the new file succeeds without output. c��s8��\|�d�d��\|�d��d�d��d�S�)Nr��r��rx��lzlink failedzrm testLink)r��rL��r%��r;��rF��r��r4��r)��r��r��s�� z4OurServerCmdLineClientTests.testLink.<locals>._checkzln testLink testfile1zls -l testLinkr��rP��r��rL��r��r)��r4��r��testLink��s �� z$OurServerCmdLineClientTests.testLinkc��r��)zV Test that we can create and remove directories with the cftp client. c��s.��\|�d�d��\|�d��d��d�S�)Nr��r��rx��dzrmdir testMakeDirectory)rL��r%��r;��rF��r��r4��r)��r��r��s�� z?OurServerCmdLineClientTests.testRemoteDirectory.<locals>._check�mkdir testMakeDirectoryzls -l testMakeDirector?r��r��r��r)��r4��r��testRemoteDirectory�� z/OurServerCmdLineClientTests.testRemoteDirectoryc��s&��fdd�}��dd�}\|�\|��\|S�)z� Test that a C{mkdir} on an existing directory fails with the appropriate error, and doesn't log an useless error server side. c��s$��\|�d�d��\|�d�d��d�S�)Nr��r��rx��s��remote error 11: mkdir failedr��r��r4��r)��r��r��s��zHOurServerCmdLineClientTests.test_existingRemoteDirectory.<locals>._checkr��r��r��r)��r4��r��test_existingRemoteDirectory��s�� z8OurServerCmdLineClientTests.test_existingRemoteDirectoryc��sH��d��jj��d��}\|��jd��\|��fdd��\|��jd��\|S�)z� Test that we can create a directory locally and remove it with the cftp client. This test works because the 'remote' server is running out of a local directory. zlmkdir z/testLocalDirectoryr��c��s ��d�S�)Nzrmdir testLocalDirectory)rF��r��r4��r)��r��r'�� r��z@OurServerCmdLineClientTests.testLocalDirectory.<locals>.<lambda>)rF��r&��rr��r��rL��r��r)��r4��r��testLocalDirectory��s ��z.OurServerCmdLineClientTests.testLocalDirectoryc��r��)z1 Test that we can rename a file. c��s��\|�d�d��\|�d�d��d�S�)Nr��r��rx��s ��testfile2zrename testfile2 testfile1)rL��rF��r��r4��r)��r��r��s�� z6OurServerCmdLineClientTests.testRename.<locals>._checkzrename testfile1 testfile2zls testfile?r��r��r��r)��r4��r�� testRename��r��z&OurServerCmdLineClientTests.testRenamer2��)r,��r-��r.��r/��r@��rx��r��rF��rP��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r)��r)��r)��r��ry��s.�� ry��c��@��s@��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dS�)�OurServerBatchFileTestszm Functional tests which launch a SFTP server over localhost and checks csftp in batch interface. c��C��s��t��\|��\|��d�S�r2��rV��r@��rj��r4��r)��r)��r��r@��%��s�� zOurServerBatchFileTests.setUpc��C��t��\|��\|��S�r2��)rV��rx��rr��r4��r)��r)��r��rx��)�� z OurServerBatchFileTests.tearDownc��s��\|��t��d�� }\|�\|��W�d��n1�sw��Y��\|�j��j}d\|��f�}tj\|��dd�dd��}t � dtj��d\|��t j��}t j�tj�\|d<�d\|�jj_ttj\|\|d �}��fd d�}\|�dd ��\|�\|��\|S�)Nr��z�-p %i -l testuser --known-hosts kh_test --user-authentications publickey --host-key-algorithms ssh-rsa -i dsa_test -a -v -b %s 127.0.0.1r��rz��rx��r\|��r��r��r��c��s��t��\|�S�r2��)r8��rv��res��fnr)��r��_cleanupD��s�� z9OurServerBatchFileTests._getBatchOutput.<locals>._cleanupc��S��s��\|�d�S�)Nr��r)��r��r)��r)��r��r'��H��s��z9OurServerBatchFileTests._getBatchOutput.<locals>.<lambda>)r��r��r��rf��r��r��r��r��r��r��r6��r��r��r8��r9��r��r��r ��rr��rm��ro��r��r��addBoth)r'��r_��fpr��r��r��r��r��r)��r��r��_getBatchOutput-��s$�� z'OurServerBatchFileTests._getBatchOutputc��(��d}��fdd�}��\|�}\|�\|��\|S�)z� Test whether batch file function of cftp ('cftp -b batchfile'). This works by treating the file as a list of commands to be run. zpwd ls exit c��sP��\|��d�}�t�dt\|��j��j\|�d��\|�dd��g�d��d�S�)Nr5��zRES %srx��r��r��) r��r��r6��repr�assertInr&��r��rr��rL��r��r4��r)��r��_cbCheckResultW��s�� z=OurServerBatchFileTests.testBatchFile.<locals>._cbCheckResult�r��r��r'��r��r��r��r)��r4��r�� testBatchFileM��s �� z%OurServerBatchFileTests.testBatchFilec��r��)zO Test that an error in the batch file stops running the batch. zchown 0 missingFile pwd exit c��j��j\|��d�S�r2��)�assertNotInr&��r��rr��r��r4��r)��r��r��m��z9OurServerBatchFileTests.testError.<locals>._cbCheckResultr��r��r)��r4��r�� testErrord��s �� z!OurServerBatchFileTests.testErrorc��r��)z_ Test that a minus sign '-' at the front of a line ignores any errors. z-chown 0 missingFile pwd exit c��r��r2��)r��r&��r��rr��r��r4��r)��r��r��~��r��z@OurServerBatchFileTests.testIgnoredError.<locals>._cbCheckResultr��r��r)��r4��r��testIgnoredErrort��s �� z(OurServerBatchFileTests.testIgnoredErrorN) r,��r-��r.��r/��r@��rx��r��r��r��r��r)��r)��r)��r��r��s�� r��sftpz%no sftp command-line client availablec��@��rm��) �OurServerSftpClientTestsz@ Test the sftp server against sftp command line client. c��C��r��r2��r��r4��r)��r)��r��r@��r��zOurServerSftpClientTests.setUpc��C��s��\|��S�r2��)rr��r4��r)��r)��r��rx��s��z!OurServerSftpClientTests.tearDownc��s��t��d�� }\|�d��W�d��n1�sw��Y��j��j�tj��fdd�}��td\|��d�jj _ tdd �}��fd d�}�fdd �}\|�\|��\|�dd��\|�\|�S�)a�� Test the return of extended attributes by the server: the sftp client should ignore them, but still be able to parse the response correctly. This test is mainly here to check that L{filetransfer.FILEXFER_ATTR_EXTENDED} has the correct value. r��z ls . exitNc��s��\|�\|�}d\|d<�\|S�)Nr��ext_foor)��)r'��sr��)� oldGetAttrr)��r�� _getAttrs��s�� zCOurServerSftpClientTests.test_extendedAttributes.<locals>._getAttrsr��T�ssh)�-o�PubkeyAcceptedKeyTypes=ssh-dssz-Vc��s>��\|�dkrd}nd}\|dddddddd dd �f�d��df 7�}\|S�) Nr��)r��r��r)��z-Fz /dev/nullr��zIdentityFile=dsa_testzUserKnownHostsFile=kh_testzHostKeyAlgorithms=ssh-rsazPort=%iz-bztestuser@127.0.0.1r)��)�status�args)r��r��r)��r��hasPAKT��s&��zAOurServerSftpClientTests.test_extendedAttributes.<locals>.hasPAKTc��s.��\|�d�d��dD�] }��\|\|�d��q d�S�)Nr��r��r��)rL��r��)r��ir4��r)��r��r��s��z?OurServerSftpClientTests.test_extendedAttributes.<locals>.checkc��S��s ��t�d\|��S�)Nr��)r��)r ��r)��r)��r��r'��r��zBOurServerSftpClientTests.test_extendedAttributes.<locals>.<lambda>) r��r��r��rf��r��r��r!��r��r<��rm��ro��r��r��)r'��r_��r��r��r��r��r)��)r��r��r��r'��r��test_extendedAttributes��s�� z0OurServerSftpClientTests.test_extendedAttributesN)r,��r-��r.��r/��r@��rx��r ��r)��r)��r)��r��r��s ��r��)Pr/��r��rZ��r>��r8��r��r��r6��ior��unittestr��zope.interfacer�� twisted.conchr��twisted.conch.interfacesr��$twisted.conch.test.test_filetransferr��r��twisted.credr ��twisted.internetr ��r��r��r ��r��twisted.internet.taskr��twisted.internet.utilsr��r��twisted.pythonr��twisted.python.fakepwdr��twisted.python.filepathr��twisted.python.procutilsr��twisted.python.reflectr��twisted.test.proto_helpersr��twisted.trial.unittestr��r��r��unix�twisted.conch.scriptsr��twisted.conch.scripts.cftpr��twisted.conch.sshr��twisted.conch.testr��r��twisted.conch.test.test_conchr ��r!��ImportError� skipTests�IReactorProcessr"��r0��re��rn��rw��r��r��r%��ProcessProtocolr,��rV��ry��r��r��r)��r)��r)��r��<module>��s��#&2��u {'��g��test/__pycache__/test_scripts.cpython-310.pyc��0000644��00000004312�15027667726�0015204 0��ustar�00��o ��b�� @��s��d�Z�ddlmZ�ddlmZ�ddlmZ�ddlmZ�ddl m Z �dZdZed �s,d ZdZed�s4d Zd Z ed�s<d ZdZzddlZW�n �eyO��d ZdZY�n%w�ze��W�n�ejys�Z�zd Zdee��ZW�Y�dZ[ndZ[ww�eee�G�dd��de e��ZG�dd��de e�ZdS�)z1 Tests for the command-line interfaces to conch. ��)�skipIf)� requireModule)�ZshScriptTestMixin)�ScriptTestsMixin)�TestCaseF��pyasn1TzCannot run without PyASN1�cryptographyzcan't run w/o cryptography�ttyzcan't run w/o ttyNzcan't run w/o tkinterzCan't test Tkinter: c��@��s0��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd S�)�ScriptTestsz& Tests for the Conch scripts. c��C��\|��d��d�S�)Nzconch/conch�� scriptTest��self��r��A/usr/lib/python3/dist-packages/twisted/conch/test/test_scripts.py� test_conch0��zScriptTests.test_conchc��C��r��)Nz conch/cftpr ��r��r��r��r�� test_cftp3��r��zScriptTests.test_cftpc��C��r��)Nz conch/ckeygenr ��r��r��r��r��test_ckeygen6��r��zScriptTests.test_ckeygenc��C��r��)Nz conch/tkconchr ��r��r��r��r��test_tkconch9��r��zScriptTests.test_tkconchN)�__name__� __module__�__qualname__�__doc__r��r��r��r��r��r��r��r��r����s��r��c��@��s��e�Zd�ZdZg�d�ZdS�)�ZshIntegrationTestszH Test that zsh completion functions are generated without error ))�conchz)twisted.conch.scripts.conch.ClientOptions)�cftpz(twisted.conch.scripts.cftp.ClientOptions)�ckeygenz,twisted.conch.scripts.ckeygen.GeneralOptions)�tkconchz,twisted.conch.scripts.tkconch.GeneralOptionsN)r��r��r��r��generateForr��r��r��r��r��=��s��r��)r��unittestr��twisted.python.reflectr��"twisted.python.test.test_shellcompr��!twisted.scripts.test.test_scriptsr��twisted.trial.unittestr��doSkip� skipReason� cryptoSkip�ttySkip�tkinter�ImportError�Tk�destroy�TclError�e�strr��r��r��r��r��r��<module>��sB��test/__pycache__/test_filetransfer.cpython-310.pyc��0000644��00000102213�15027667726�0016200 0��ustar�00��o ��bm��@��s��d�Z�ddlZddlZddlZddlmZ�ddlmZmZ�ddl m Z �ddlmZ�ddl mZ�ddlmZ�dd lmZ�dd lmZ�ddlmZ�ddlmZ�zdd lmZ�W�n�ey_��dZY�nw�eZzddlmZ�W�n�eyu��dZY�nw�eZzddl Z!W�n�ey��dZ Y�nw�e!Z zddl"m#Z$�W�n�ey��e%Z#Y�nw�e$Z#zddl&m'Z'm(Z(m)Z)mZ�W�n �ey��Y�nw�G�dd��de#�Z+G�dd��de+�Z,G�dd��d�Z-edu�r�ddl.Z.e.�/def��nG�dd��de�Z0e�1e0e+e)j2��G�dd��de�Z3ee�d�G�dd��de3��Z4G�dd ��d �Z5ee�d�G�d!d"��d"e��Z6ee �d#�G�d$d%��d%e��Z7ee �d#�G�d&d'��d'e��Z8ee �d#�G�d(d)��d)e��Z9dS�)z. Tests for L{twisted.conch.ssh.filetransfer}. ��N)�skipIf)�assert_that�equal_to)�defer)�ConnectionLost)�loopback)� components)� _PY37PLUS)�FilePath)�StringTransport)�TestCase)�unix)�SFTPServerForUnixConchUser)� ConchUser)�common� connection�filetransfer�sessionc��@��e�Zd�Zdd��Zdd��ZdS�)� TestAvatarc��C��s&��t��\|��tj\|�jd<�tj\|�jd<�d�S�)N��session��sftp)r��__init__r�� SSHSession� channelLookupr��FileTransferServer�subsystemLookup��self��r��F/usr/lib/python3/dist-packages/twisted/conch/test/test_filetransfer.pyr��?��s�� zTestAvatar.__init__c��O��s��zt�\|�}W�n�ty��\|\|\|fg}Y�nw�\|D�]%}\|d�}t\|�dkr(\|d�p)d}t\|�dkr4\|d�p5i�}\|\|i�\|��}q\|S�)Nr��r��)�iter� TypeError�len)r��f�args�kw�i�func�rr��r��r �� _runAsUserD��s��zTestAvatar._runAsUserN)�__name__� __module__�__qualname__r��r,��r��r��r��r ��r��>��s��r��c��@��r��)�FileTransferTestAvatarc��C��s��t��\|��\|\|�_d�S��N)r��r��homeDir)r��r2��r��r��r ��r��R��s�� zFileTransferTestAvatar.__init__c��C��s��t�t��\|�jj�S�r1��)r ��os�getcwd�preauthChildr2��pathr��r��r��r �� getHomeDirV��s��z!FileTransferTestAvatar.getHomeDirN)r-��r.��r/��r��r7��r��r��r��r ��r0��Q��s��r0��c��@��e�Zd�Zdd��ZdS�)�ConchSessionForTestAvatarc��C��s ��\|\|�_�d�S�r1��avatar)r��r;��r��r��r ��r��[�� z"ConchSessionForTestAvatar.__init__N)r-��r.��r/��r��r��r��r��r ��r9��Z��r9��zNtwisted.conch.unix imported %r, but doesn't define SFTPServerForUnixConchUser'c��@��r��)�FileTransferForTestAvatarc��C��s��ddiS�)N� ��conchTest��ext datar��)r��version�otherExtr��r��r �� gotVersionn��s��z$FileTransferForTestAvatar.gotVersionc��C��s��\|dkrdS�t��)N��testExtendedRequest��bar)�NotImplementedError)r��extName�extDatar��r��r ��extendedRequestq��s��z)FileTransferForTestAvatar.extendedRequestN)r-��r.��r/��rC��rI��r��r��r��r ��r>��m��s��r>��c��@��r8��)�SFTPTestBasec�� C��sx��t�\|��\|�_\|�j�d�\|�_\|�j�d��d��\|�j�d�jdd��}\|�d��tdd ��}\|�\|�d ��W�d��n1�s?w��Y��W�d��n1�sNw��Y��\|�j�d��d��\|�j�d�jdd�� }\|�d ��W�d��n1�svw��Y��\|�j�d�jdd�� }\|�d ��W�d��n1�s�w��Y��\|�j�d�jdd��}\|�d ��W�d��d�S�1�s�w��Y��d�S�)N�extra� testDirectoryT� testfile1�wb)�mode��aaaaaaaaaabbbbbbbbbbz/dev/urandom�rbi��i��testRemoveFile��a�testRenameFilez.testHiddenFile) r ��mktemp�testDir�child�makedirs�open�write�read�chmod)r��r&��f2r��r��r ��setUp\|��s(�� "�zSFTPTestBase.setUpN)r-��r.��r/��r^��r��r��r��r ��rJ��{��r=��rJ��z can't run on non-posix computersc��@��s��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dd��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd ��Zd!d"��Zd#d$��Zd%d&��Zd'd(��Zd)d��Zd+d,��Zejeed-�d.d/��Zejd0d1��Zejd2d3��Zd4S�)5�OurServerOurClientTestsc��s��t��t��j��_tj��jd��_t� ��j�}t� ��_d��_d��_ ��fdd�}\|��j_t� ��j�}��j�\|��j�\|��\|��_\|��_��d�S�)Nr:��c��s��\|��_�\|��_d�S�r1��)�_serverVersion�_extData)� serverVersionrH��r��r��r ��_��s�� z(OurServerOurClientTests.setUp.<locals>._)rJ��r^��r0��rV��r;��r��r��serverr�� LoopbackRelay�FileTransferClient�clientr`��ra��gotServerVersion�makeConnection�clientTransport�serverTransport� _emptyBuffers)r��rj��rc��rk��r��r��r ��r^��s�� zOurServerOurClientTests.setUpc��C��s<��\|�j�js\|�jjr\|�j��\|�j��\|�j�js\|�jjsd�S�d�S�r1��)rk��bufferrj��clearBufferr��r��r��r ��rl��s�� z%OurServerOurClientTests._emptyBuffersc��C��s,��\|�j��\|�j��\|�j��\|�j��d�S�r1��)rk��loseConnectionrj��rn��r��r��r��r ��tearDown��s�� z OurServerOurClientTests.tearDownc��C��s$��\|��\|�jd��\|��\|�jddi��d�S�)N��r?��r@��)�assertEqualr`��ra��r��r��r��r ��test_serverVersion��s��zOurServerOurClientTests.test_serverVersionc��C��s&��\|��tj�\|�jj�d\|�jj��dS�)z: It implements the ISFTPServer interface. zISFTPServer not provided by N)� assertTruer��ISFTPServer� providedByrd��rg��r��r��r��r ��test_interface_implementation��s��z5OurServerOurClientTests.test_interface_implementationc��sb��j��dtjtjB�i��}��tj�g��fdd�}��td\|��fdd�}\|� \|��\|S�)zW A file opened with C{openFile} is closed when the connection is lost. � ��testfile1c��s��\|��\|��d�S�r1��append)�fd)�closed�oldCloser��r ��close�� zJOurServerOurClientTests.test_openedFileClosedWithConnection.<locals>.closer~��c��s`��j�j\|�jdd��j}�j��j��j��j��j�ji�� \|��d�S�)N��) rd�� openFiles�handler{��rk��ro��rj��rn��rr��assertIn)�openFiler{��)r\|��r��r��r ��_fileOpened��s�� zPOurServerOurClientTests.test_openedFileClosedWithConnection.<locals>._fileOpened) rg��r��r��FXF_READ� FXF_WRITErl��r3��r~��patch�addCallback)r��dr~��r��r��)r\|��r}��r��r ��#test_openedFileClosedWithConnection��s�� z;OurServerOurClientTests.test_openedFileClosedWithConnectionc��s.��j��d�}��fdd�}\|�\|��\|S�)zh A directory opened with C{openDirectory} is close when the connection is lost. ��c��s<��j��j��j��j��jji��d�S�r1��)rk��ro��rj��rn��rr��rd��openDirs��openDirr��r��r �� _getFiles��s �� zSOurServerOurClientTests.test_openedDirectoryClosedWithConnection.<locals>._getFiles�rg�� openDirectoryrl��r��)r��r��r��r��r��r ��(test_openedDirectoryClosedWithConnection��s �� z@OurServerOurClientTests.test_openedDirectoryClosedWithConnectionc��sd��j��dtjtjB�i��}��fdd�}�fdd��fdd��fdd ��\|�\|��\|S�) Nrx��c��s��\|�t�\|��\|��}\|��\|��\|S�r1��)rr��r�� ISFTPFiler��r��r��)� _readChunk�_writeChunkr��r��r ��r��s��z<OurServerOurClientTests.test_openFileIO.<locals>._fileOpenedc��s&��\|��dd�}��\|��jd��\|S�)Nr��rP�� readChunkrl��r��rr��r��r��r��r ��r��z;OurServerOurClientTests.test_openFileIO.<locals>._readChunkc��s$��\|��dd�}��\|��\|��\|S�)Nr��s ��cccccccccc)� writeChunkrl��r��rc��r��r��)�_readChunk2r��r��r ��r��s��z<OurServerOurClientTests.test_openFileIO.<locals>._writeChunkc��s&��\|��dd�}��\|��jd��\|S�)Nr��s��aaaaaaaaaabbbbbbbbbbccccccccccr��r��r��r��r ��r��r��z<OurServerOurClientTests.test_openFileIO.<locals>._readChunk2�rg��r��r��r��r��rl��r��)r��r��r��r��)r��r��r��r��r ��test_openFileIO��s�� z'OurServerOurClientTests.test_openFileIOc��sV��j��dtjtjB�i��}��fdd��fdd��fdd�}\|�\|��\|S�)Nrx��c��\|��}��\|S�r1��)�getAttrsrl��r��r��r��r �� _getAttrs��zBOurServerOurClientTests.test_closedFileGetAttrs.<locals>._getAttrsc��s��\|�S�r1��)�flushLoggedErrors�r&��r��r��r ��_err��s��z=OurServerOurClientTests.test_closedFileGetAttrs.<locals>._errc��s4��\|��}��\|��\|��\|��\|tj�S�r1��)r~��rl��r�� addErrback� assertFailurer�� SFTPErrorr��r��r��r��r��r ��_close#��s �� z?OurServerOurClientTests.test_closedFileGetAttrs.<locals>._closer��)r��r��r��r��r��r ��test_closedFileGetAttrs��s�� z/OurServerOurClientTests.test_closedFileGetAttrsc��sD��j��dtjtjB�i��}��fdd�}�fdd��\|�\|�S�)Nrx��c��\|��}��\|��\|S�r1��r��rl��r��r�� _getAttrs2r��r��r ��r��3�� zBOurServerOurClientTests.test_openFileAttributes.<locals>._getAttrsc��&��j��d�}��\|��j\|��\|S��Nrx��rg��r��rl��r��rr��)�attrs1r��r��r��r ��r��9��r��zCOurServerOurClientTests.test_openFileAttributes.<locals>._getAttrs2r��r��r��r��r��r��r ��test_openFileAttributes-��s�� z/OurServerOurClientTests.test_openFileAttributesc��sV��j��dtjtjB�i��}��fdd�}��fdd��fdd��\|�\|��\|S�)Nrx��c��r��r1��r��r��)� _setAttrsr��r��r ��r��I��r��z@OurServerOurClientTests.test_openFileSetAttrs.<locals>._getAttrsc��s:��d\|�d<��j��d\|��}��\|��\|��j\|��\|S�)Nr��atimerx��)rg��setAttrsrl��r��rr��attrsr��r��r��r ��r��O��s�� z@OurServerOurClientTests.test_openFileSetAttrs.<locals>._setAttrsc��j��d�}��\|S�r��rg��r��rl��rc��r��r��r��r ��r��W��zAOurServerOurClientTests.test_openFileSetAttrs.<locals>._getAttrs2r��r��r��)r��r��r��r ��test_openFileSetAttrsA��s�� z-OurServerOurClientTests.test_openFileSetAttrsc��sb��i��j�jj��fdd�}\|�j�j_�j�dtjtjB�ddi�}��fdd�}\|�\|�S�)z� Check that L{filetransfer.FileTransferClient.openFile} can send extended attributes, that should be extracted server side. By default, they are ignored, so we just verify they are correctly parsed. c��s��\|��\|�\|\|�S�r1��)�update)�filename�flagsr��)�oldOpenFile�savedAttributesr��r ��r��h��r��zIOurServerOurClientTests.test_openFileExtendedAttributes.<locals>.openFilerx��ext_foorE��c��s��ddi��d�S�)Nr��rE��rr��)�ign)r��r��r��r ��checku��zFOurServerOurClientTests.test_openFileExtendedAttributes.<locals>.check)rd��rg��r��r��r��r��rl��r��)r��r��r��r��r��)r��r��r��r ��test_openFileExtendedAttributes_��s�� z7OurServerOurClientTests.test_openFileExtendedAttributesc��sB��j��d�}��fdd�}\|�\|��\|�\|��\|tj�S�)N��testRemoveFilec��r��)Nr��)rg�� removeFilerl��)�ignoredr��r��r��r ��_removeFile~��r��z<OurServerOurClientTests.test_removeFile.<locals>._removeFile)rg��r��rl��r��r��r��r��)r��r��r��r��r��r ��test_removeFilez��s�� z'OurServerOurClientTests.test_removeFilec��s8��j��d�}��fdd�}�fdd��\|�\|�S�)N��testRenameFilec��s&��j��dd�}��\|��\|��\|S�)Nr��testRenamedFile)rg�� renameFilerl��r��r��_testRenamedr��r��r ��_rename��s��z8OurServerOurClientTests.test_renameFile.<locals>._renamec��s&��j��d�}��\|��j\|��d�S�)Nr��r��)rc��r��r��r��r��r ��r��s��z=OurServerOurClientTests.test_renameFile.<locals>._testRenamed)rg��r��rl��r��)r��r��r��r��r��r ��test_renameFile��s �� z'OurServerOurClientTests.test_renameFilec��C��"��\|�j��d�}\|��\|��\|tj�S��N��testMakeDirectory�rg��r��rl��r��r��r��r��r��r��r��r ��test_directoryBad��z)OurServerOurClientTests.test_directoryBadc��sZ��j��di��}��fdd�}��fdd�}\|�\|��\|�\|��\|�\|��\|tj�S�)Nr��c��r��r��r��r��r��r��r ��r��r��zAOurServerOurClientTests.test_directoryCreation.<locals>._getAttrsc��r��r��)rg��removeDirectoryrl��r��r��r��r ��_removeDirectory��r��zHOurServerOurClientTests.test_directoryCreation.<locals>._removeDirectory)rg�� makeDirectoryrl��r��r��r��r��)r��r��r��r��r��r��r ��test_directoryCreation��s�� z.OurServerOurClientTests.test_directoryCreationc��s\��j��d�}��g��fdd��fdd�}�fdd��\|��\|�\|��\|S�)N��c��sF��fdd�}t��j�}��\|�\|��\|��\|��\|S�)Nc��s��\|��S�r1��ry��r��)�filesr��r��r ��rz��s�� zMOurServerOurClientTests.test_openDirectory.<locals>._getFiles.<locals>.append)r�� maybeDeferred�nextrl��r��r��)r��rz��r��r��r��r��r��r��r ��r��s�� z=OurServerOurClientTests.test_openDirectory.<locals>._getFilesc��s0��t�t�t��d��}\|��\|g�d��d�S�)Nr��)��.testHiddenFile� ��testDirectoryr��r��rx��)�list�zip�sortrr��)r��fs)r��r��r��r ��_checkFiles��s��z?OurServerOurClientTests.test_openDirectory.<locals>._checkFilesc��r��r1��)r~��rl��)rc��r��r��r��r��r ��r��r��z:OurServerOurClientTests.test_openDirectory.<locals>._closer��)r��r��r��r��r��r ��test_openDirectory��s�� zOurServerOurClientTests.test_openDirectoryc��C��r��)N��testLinkr��r��r��r��r ��test_linkDoesntExist��r��z,OurServerOurClientTests.test_linkDoesntExistc��sB��j��dd�}��fdd�}��fdd�}\|�\|��\|�\|�S�)Nr��rx��c��s��j��dd�}��\|S�)Nr��r!��r��r��r��r��r ��_getFirstAttrs��s��zDOurServerOurClientTests.test_linkSharesAttrs.<locals>._getFirstAttrsc��r��r��r��)� firstAttrsr��r��r��r ��_getSecondAttrs��r��zEOurServerOurClientTests.test_linkSharesAttrs.<locals>._getSecondAttrs�rg��makeLinkrl��r��)r��r��r��r��r��r��r ��test_linkSharesAttrs��s�� z,OurServerOurClientTests.test_linkSharesAttrsc��sF��j��dd�}��fdd�}��fdd�}\|�\|��\|�\|��\|S�)Nr��rx��c��H��j��d�}��tt��jj�}\|� d�}\|� ��j\|j��\|S��Nr��rM��)rg��readLinkrl��r ��r3��r4��r5��rV��r6��rW��r��rr��)rc��r��testFiler��r��r �� _readLink�� z8OurServerOurClientTests.test_linkPath.<locals>._readLinkc��r��r��)rg��realPathrl��r ��r3��r4��r5��rV��r6��rW��r��rr��)rc��r��testLinkr��r��r �� _realPath��r��z8OurServerOurClientTests.test_linkPath.<locals>._realPathr��)r��r��r��r��r��r��r �� test_linkPath��s�� z%OurServerOurClientTests.test_linkPathc��C��s4��\|�j��dd�}\|��\|�\|�jd��\|�\|�j��\|S�)NrD��s��foorE��)rg��rI��rl��r��rr��_cbTestExtendedRequestr��r��r��r ��test_extendedRequest��s ��z,OurServerOurClientTests.test_extendedRequestc��C��s"��\|�j��dd�}\|��\|��\|t�S�)Ns��testBadRequestr��)rg��rI��rl��r��rF��)r��r��r��r��r��r ��r��s��z.OurServerOurClientTests._cbTestExtendedRequestz!Broken by PEP 479 and deprecated.c��c��s��\|�j��d�}\|��\|V�}t��}z!\|D�]}\|��\|V�\}}}\|�\|��qW�\|��}\|��\|V��n\|��}\|��\|V��w�\|��\|��\|h�d��dS�)z� Check that the object returned by L{filetransfer.FileTransferClient.openDirectory} can be used as an iterator. r��>��rx��r��r��r��r��N)rg��r��rl��set�addr~��rr��)r��r��r�� filenamesr&��r��rc�� fileattrsr��r��r ��test_openDirectoryIterator��s,��z2OurServerOurClientTests.test_openDirectoryIteratorc��c��sz��\|�j��d�}\|��\|V�}\|��}\|��\|V��\|��}d}\|��dt\|��\|��t\|d�d��\|��\|\|d�d��dS�)zJ Using client.openDirectory as an iterator is deprecated. r��zeUsing twisted.conch.ssh.filetransfer.ClientDirectory as an iterator was deprecated in Twisted 18.9.0.r!��r��category�messageN)rg��r��rl��r�� flushWarningsrr��r%��DeprecationWarning)r��r��r��oneFile�warningsr ��r��r��r ��$test_openDirectoryIteratorDeprecatedA��s��z<OurServerOurClientTests.test_openDirectoryIteratorDeprecatedc��#��s��j��dtji��}��\|V�}g��fdd�}�jj��\}\|\|_~\|�dd�}�� t ��d��\|��j� ��j��j��j�j��\|t��\|��}��\|t��dS�)z{ If there are requests outstanding when the connection is closed for any reason, they should fail. rx��c��s"��g��t��}��\|��\|S�r1��)rr��r��Deferredrz��)�offset�lengthr��gotReadRequestr��r��r �� _slowReadd��s�� zOOurServerOurClientTests.test_closedConnectionCancelsRequests.<locals>._slowRead�d��r!��N)rg��r��r��r��rl��rd��r��valuesr��rr��r%��assertNoResultrk��ro��rn��rj��assertFalse� connected�failureResultOfr��r��)r��r��fhr��serverSideFhr��r��r ��$test_closedConnectionCancelsRequestsV��s�� z<OurServerOurClientTests.test_closedConnectionCancelsRequestsN) r-��r.��r/��r^��rl��rp��rs��rw��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��inlineCallbacksr��r ��r��r��r"��r��r��r��r ��r_��s<�� ! (( r_��c��@��r8��)�FakeConnc��C��d�S�r1��r��)r��channelr��r��r �� sendClose��zFakeConn.sendCloseN)r-��r.��r/��r'��r��r��r��r ��r$��r=��r$��c��@��sD��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dS�)�FileTransferCloseTestsc��C��s��t��\|�_d�S�r1��)r��r;��r��r��r��r ��r^��s��zFileTransferCloseTests.setUpc��C��s,��t��}G�dd��d�}\|��\|_\|�j\|j_\|S�)Nc��@��s$��e�Zd�Zdd��Zdd��Zdd��ZdS�)zDFileTransferCloseTests.buildServerConnection.<locals>.DummyTransportc��S��s ��\|�\|�_�d�S�r1��)� transportr��r��r��r ��r��r<��zMFileTransferCloseTests.buildServerConnection.<locals>.DummyTransport.__init__c��S��r%��r1��r��)r��kind�datar��r��r �� sendPacket��r(��zOFileTransferCloseTests.buildServerConnection.<locals>.DummyTransport.sendPacketc��S��s��dS�)Nzdummy transportr��r��r��r��r �� logPrefix��r(��zNFileTransferCloseTests.buildServerConnection.<locals>.DummyTransport.logPrefixN)r-��r.��r/��r��r-��r.��r��r��r��r ��DummyTransport��s��r/��)r�� SSHConnectionr��r;��)r��connr/��r��r��r ��buildServerConnection��s �� z,FileTransferCloseTests.buildServerConnectionc��s$��d�_�\|j��fdd�}\|\|_d�S�)NFc��s��d�_��\|��d�S�)NT)�connectionLostFired)�reason��origConnectionLostr��r��r ��connectionLost��s��zFFileTransferCloseTests.interceptConnectionLost.<locals>.connectionLost)r3��r7��)r�� sftpServerr7��r��r5��r ��interceptConnectionLost��s�� z.FileTransferCloseTests.interceptConnectionLostc��C��s��\|��\|�jd��d�S�)NzsftpServer's connectionLost was not called)rt��r3��r��r��r��r ��assertSFTPConnectionLost��s��z/FileTransferCloseTests.assertSFTPConnectionLostc��C��sJ��t�jt��\|�jd�}\|�t�d��\|jjj }\|�� \|��\|��\|��dS�)ze Closing a session should notify an SFTP subsystem launched by that session. )r1��r;��r��N) r��r��r$��r;��request_subsystemr��NSrg��r��protor9�� closeReceivedr:��)r��testSessionr8��r��r��r ��test_sessionClose��s�� z(FileTransferCloseTests.test_sessionClosec��C��s��\|��}t�d�t�dd�d��}\|�\|��\|jd�}\|�t�d��\|jj j }\|��\|��\|��\|��\|�t�dd��\|�� dS�)zy A client sending CHANNEL_CLOSE should trigger closeReceived on the associated channel instance. r��>Lr��rq��r��N)r2��r��r<��struct�pack�ssh_CHANNEL_OPEN�channelsr;��rg��r��r=��r9��ssh_CHANNEL_CLOSEr:��r��r1��packet�sessionChannelr8��r��r��r ��%test_clientClosesChannelOnConnnection��s�� z<FileTransferCloseTests.test_clientClosesChannelOnConnnectionc��C��sn��\|��}t�d�t�dd�d��}\|�\|��\|jd�}\|�t�d��\|jj j }\|��\|��\|��\|�� dS�)zP Closing an SSH connection should close all sessions within it. r��rA��r��rq��r��N)r2��r��r<��rB��rC��rD��rE��r;��rg��r��r=��r9��serviceStoppedr:��rG��r��r��r ��'test_stopConnectionServiceClosesChannel��s�� z>FileTransferCloseTests.test_stopConnectionServiceClosesChannelN) r-��r.��r/��r^��r2��r9��r:��r@��rJ��rL��r��r��r��r ��r)��s�� r)��zCannot run without cryptographyc��@��s ��e�Zd�ZdZg�d�Zdd��ZdS�)�ConstantsTestsag�� Tests for the constants used by the SFTP protocol implementation. @ivar filexferSpecExcerpts: Excerpts from the draft-ietf-secsh-filexfer-02.txt (draft) specification of the SFTP protocol. There are more recent drafts of the specification, but this one describes version 3, which is what conch (and OpenSSH) implements. )a�� The following values are defined for packet types. #define SSH_FXP_INIT 1 #define SSH_FXP_VERSION 2 #define SSH_FXP_OPEN 3 #define SSH_FXP_CLOSE 4 #define SSH_FXP_READ 5 #define SSH_FXP_WRITE 6 #define SSH_FXP_LSTAT 7 #define SSH_FXP_FSTAT 8 #define SSH_FXP_SETSTAT 9 #define SSH_FXP_FSETSTAT 10 #define SSH_FXP_OPENDIR 11 #define SSH_FXP_READDIR 12 #define SSH_FXP_REMOVE 13 #define SSH_FXP_MKDIR 14 #define SSH_FXP_RMDIR 15 #define SSH_FXP_REALPATH 16 #define SSH_FXP_STAT 17 #define SSH_FXP_RENAME 18 #define SSH_FXP_READLINK 19 #define SSH_FXP_SYMLINK 20 #define SSH_FXP_STATUS 101 #define SSH_FXP_HANDLE 102 #define SSH_FXP_DATA 103 #define SSH_FXP_NAME 104 #define SSH_FXP_ATTRS 105 #define SSH_FXP_EXTENDED 200 #define SSH_FXP_EXTENDED_REPLY 201 Additional packet types should only be defined if the protocol version number (see Section ``Protocol Initialization'') is incremented, and their use MUST be negotiated using the version number. However, the SSH_FXP_EXTENDED and SSH_FXP_EXTENDED_REPLY packets can be used to implement vendor-specific extensions. See Section ``Vendor-Specific-Extensions'' for more details. a�� The flags bits are defined to have the following values: #define SSH_FILEXFER_ATTR_SIZE 0x00000001 #define SSH_FILEXFER_ATTR_UIDGID 0x00000002 #define SSH_FILEXFER_ATTR_PERMISSIONS 0x00000004 #define SSH_FILEXFER_ATTR_ACMODTIME 0x00000008 #define SSH_FILEXFER_ATTR_EXTENDED 0x80000000 a�� The `pflags' field is a bitmask. The following bits have been defined. #define SSH_FXF_READ 0x00000001 #define SSH_FXF_WRITE 0x00000002 #define SSH_FXF_APPEND 0x00000004 #define SSH_FXF_CREAT 0x00000008 #define SSH_FXF_TRUNC 0x00000010 #define SSH_FXF_EXCL 0x00000020 a�� Currently, the following values are defined (other values may be defined by future versions of this protocol): #define SSH_FX_OK 0 #define SSH_FX_EOF 1 #define SSH_FX_NO_SUCH_FILE 2 #define SSH_FX_PERMISSION_DENIED 3 #define SSH_FX_FAILURE 4 #define SSH_FX_BAD_MESSAGE 5 #define SSH_FX_NO_CONNECTION 6 #define SSH_FX_CONNECTION_LOST 7 #define SSH_FX_OP_UNSUPPORTED 8 c��C��s��i�}\|�j�D�]}\|��D�]}t�d\|�}\|r"t\|�d�d�\|\|�d�<�qq\|��t\|�dkd��\|��D�] \}}\|�� \|t t\|��q2dS�)z� The constants used by the SFTP protocol implementation match those found by searching through the spec. z)^\s#define SSH_([A-Z_]+)\s+([0-9x])\s$r"��r��r!��z,No constants found (the test must be buggy).N)�filexferSpecExcerpts� splitlines�re�match�int�grouprt��r%��itemsrr��getattrr��)r�� constants�excerpt�line�m�k�vr��r��r ��test_constantsAgainstSpecH��s�� z(ConstantsTests.test_constantsAgainstSpecN)r-��r.��r/��__doc__rN��r\��r��r��r��r ��rM��s�� LrM��c��@��s ��e�Zd�ZdZdd��Zdd��ZdS�)�RawPacketDataServerTestsz� Tests for L{filetransfer.FileTransferServer} which explicitly craft certain less common situations to exercise their handling. c��C��s��t�jt��d�\|�_d�S�)Nr:��)r��r��r��ftsr��r��r��r ��r^��a��r��zRawPacketDataServerTests.setUpc��C��s��t��}\|�j�\|��d}d}t�tdg�\|�t�\|��}\|�j�\|��t�tdg�\|�tg�d��t�d��t�d��}t\|��t \|��dS�) zl A close request with an unknown handle receives an FX_NO_SUCH_FILE error response. s��1234s��invalid handler��e��)r��r��r��r"��s��No such file or directoryr��N) r��r_��ri��r��r<��bytes�dataReceivedr��valuer��)r��r�� requestIdr��r~��expectedr��r��r ��test_closeInvalidHandled��s6�� z0RawPacketDataServerTests.test_closeInvalidHandleN)r-��r.��r/��r]��r^��rf��r��r��r��r ��r^��Z��s��r^��c��@��sH��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dS�)�RawPacketDataTestsz� Tests for L{filetransfer.FileTransferClient} which explicitly craft certain less common protocol messages to exercise their handling. c��C��s��t��\|�_d�S�r1��)r��rf��ftcr��r��r��r ��r^��s��zRawPacketDataTests.setUpc��C��sT��t��}\|�\|�j��\|\|�jjd<�t�ddtj �t �d��t �d��}\|�j�\|��\|S�)a/�� A STATUS packet containing a result code, a message, and a language is parsed to produce the result of an outstanding request L{Deferred}. @see: U{section 9.1<http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-9.1>} of the SFTP Internet-Draft. r!��!LL��msg��lang) r��r��r��_cbTestPacketSTATUSrh��openRequestsrB��rC��r��FX_OKr��r<�� packet_STATUS�r��r��r,��r��r��r ��test_packetSTATUS��s��z$RawPacketDataTests.test_packetSTATUSc��C��$��\|��\|d�d��\|��\|d�d��dS�)z{ Assert that the result is a two-tuple containing the message and language from the STATUS packet. r��rj��r!��rk��Nr��r��resultr��r��r ��rl��z&RawPacketDataTests._cbTestPacketSTATUSc��C��s@��t��}\|�\|�j��\|\|�jjd<�t�ddtj �}\|�j� \|��\|S�)az�� A STATUS packet containing only a result code can also be parsed to produce the result of an outstanding request L{Deferred}. Such packets are sent by some SFTP implementations, though not strictly legal. @see: U{section 9.1<http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-9.1>} of the SFTP Internet-Draft. r!��ri��)r��r��r��_cbTestPacketSTATUSShortrh��rm��rB��rC��r��rn��ro��rp��r��r��r ��test_packetSTATUSShort��s�� z)RawPacketDataTests.test_packetSTATUSShortc��C��s$��\|��\|d�d��\|��\|d�d��dS�)z� Assert that the result is a two-tuple containing empty strings, since the STATUS packet had neither a message nor a language. r��r��r!��Nr��rs��r��r��r ��rv��ru��z+RawPacketDataTests._cbTestPacketSTATUSShortc��C��sJ��t��}\|�\|�j��\|\|�jjd<�t�ddtj �t �d��}\|�j�\|��\|S�)a�� A STATUS packet containing a result code and a message but no language can also be parsed to produce the result of an outstanding request L{Deferred}. Such packets are sent by some SFTP implementations, though not strictly legal. @see: U{section 9.1<http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-9.1>} of the SFTP Internet-Draft. r!��ri��rj��) r��r��r��_cbTestPacketSTATUSWithoutLangrh��rm��rB��rC��r��rn��r��r<��ro��rp��r��r��r ��test_packetSTATUSWithoutLang��s�� z/RawPacketDataTests.test_packetSTATUSWithoutLangc��C��rr��)z� Assert that the result is a two-tuple containing the message from the STATUS packet and an empty string, since the language was missing. r��rj��r!��r��Nr��rs��r��r��r ��rx��ru��z1RawPacketDataTests._cbTestPacketSTATUSWithoutLangN)r-��r.��r/��r]��r^��rq��rl��rw��rv��ry��rx��r��r��r��r ��rg��s��rg��):r]��r3��rP��rB��unittestr��hamcrestr��r��twisted.internetr��twisted.internet.errorr��twisted.protocolsr��twisted.pythonr��twisted.python.compatr ��twisted.python.filepathr ��twisted.test.proto_helpersr��twisted.trial.unittestr�� twisted.conchr ��_unix�ImportError�twisted.conch.unixr��_SFTPServerForUnixConchUser�cryptography� _cryptography�twisted.conch.avatarr�� _ConchUser�object�twisted.conch.sshr��r��r��r��r��r0��r9��r��warnr>��registerAdapterru��rJ��r_��r$��r)��rM��r^��rg��r��r��r��r ��<module>��s�� v g h =��test/__pycache__/test_manhole.cpython-310.pyc��0000644��00000034022�15027667726�0015141 0��ustar�00��o ��b�3��@��s0��U�d�Z�ddlZddlmZ�dZee�ed<�ddlmZ�ddl m Z �ddlmZm Z mZmZmZ�ddlmZmZ�dd lmZ�dd lmZ�dd��Ze��ZG�d d��dej�ZG�dd��dej�ZG�dd��dej�ZG�dd��d�ZG�dd��deeje�ZG�dd��deeje�ZG�dd��de eje�Z G�dd��dej�Z!dS�)z% Tests for L{twisted.conch.manhole}. ��N)�Optional�ssh)�manhole)�insults)� _SSHMixin�_StdioMixin�_TelnetMixinr��stdio)�defer�error)�StringTransport)�unittestc��C��s2��zdd��W�dS��t�y��t��d�d��Y�S�w�)z� Return the string used by Python as the name for code objects which are compiled from interactive input or at the top-level of modules. ��r��N)� BaseException� traceback� extract_stack��r��r��A/usr/lib/python3/dist-packages/twisted/conch/test/test_manhole.py�determineDefaultFunctionName��s ��r��c��@��e�Zd�ZdZdd��ZdS�)�ManholeInterpreterTestsz2 Tests for L{manhole.ManholeInterpreter}. c��C��s2��t��d�}\|j�ddg��\|��\|��\|j��dS�)zR L{ManholeInterpreter.resetBuffer} should empty the input buffer. N�1�2)r��ManholeInterpreter�buffer�extend�resetBuffer�assertFalse)�self�interpreterr��r��r��test_resetBuffer4��s�� z(ManholeInterpreterTests.test_resetBufferN)�__name__� __module__�__qualname__�__doc__r"��r��r��r��r��r��/��r��c��@��r��)�ManholeProtocolTestsz' Tests for L{manhole.Manhole}. c��C��sP��t��}t�tj�}\|�\|��\|j}\|j}\|j� ddg��\|� ��\|��\|j��dS�)zn L{manhole.Manhole.handle_INT} should cause the interpreter input buffer to be reset. r��r��N)r��r��ServerProtocolr��Manhole�makeConnection�terminalProtocolr!��r��r�� handle_INTr��)r �� transport�terminal�protocolr!��r��r��r��%test_interruptResetsInterpreterBufferC��s�� z:ManholeProtocolTests.test_interruptResetsInterpreterBufferN)r#��r$��r%��r&��r1��r��r��r��r��r(��>��r'��r(��c��@��s\��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dd��Z dd��Zdd��ZdS�)�WriterTestsc��C��t��d��dS�)z& Colorize an integer. r��N�r��lastColorizedLine�r ��r��r��r��test_IntegerS��zWriterTests.test_Integerc��C��r3��)z7 Colorize an integer in double quotes. z"1"Nr4��r6��r��r��r��test_DoubleQuoteStringY��r8��z"WriterTests.test_DoubleQuoteStringc��C��r3��)z7 Colorize an integer in single quotes. z'1'Nr4��r6��r��r��r��test_SingleQuoteString_��r8��z"WriterTests.test_SingleQuoteStringc��C��r3��)z7 Colorize an integer in triple quotes. z'''1'''Nr4��r6��r��r��r��test_TripleSingleQuotedStringe��r8��z)WriterTests.test_TripleSingleQuotedStringc��C��r3��)zB Colorize an integer in triple and double quotes. z"""1"""Nr4��r6��r��r��r��test_TripleDoubleQuotedStringk��r8��z)WriterTests.test_TripleDoubleQuotedStringc��C��r3��)z1 Colorize a function definition. z def foo():Nr4��r6��r��r��r��test_FunctionDefinitionq��r8��z#WriterTests.test_FunctionDefinitionc��C��r3��)z. Colorize a class definition. z class foo:Nr4��r6��r��r��r��test_ClassDefinitionw��r8��z WriterTests.test_ClassDefinitionc��C��t��d�}\|��t\|t��dS�)z, Colorize a Unicode string. ��иN�r��r5�� assertTrue� isinstance�bytes�r ��resr��r��r��test_unicode}�� zWriterTests.test_unicodec��C��r?��)z/ Colorize a UTF-8 byte string. ��иNrA��rE��r��r��r�� test_bytes��rH��zWriterTests.test_bytesc��C��s��\|��t�d�t�d��dS�)zT The output of UTF-8 bytestrings and Unicode strings are identical. rI��r@��N)�assertEqualr��r5��r6��r��r��r��test_identicalOutput��s��z WriterTests.test_identicalOutputN) r#��r$��r%��r7��r9��r:��r;��r<��r=��r>��rG��rJ��rL��r��r��r��r��r2��R��s��r2��c��@��s��e�Zd�ZejZdd��Zdd��Zdd��Zdd��Z d d ��Z dd��Zd d��Zdd��Z dd��Zejdd��Zejdd��Zdd��Zdd��Zejdd��ZdS�)�ManholeLoopbackMixinc��C��s ��t��\|�S�)N)r ��waitForDeferred�r ��dr��r��r��wfd��s�� zManholeLoopbackMixin.wfdc��,��j��d�}��d��fdd�}\|�\|�S�)z- Evaluate simple expression. ��dones ��1 + 1 donec��g�d��d�S�)N)� ��>>> 1 + 1��2��>>> done�� _assertBuffer��ignr6��r��r��finished��z<ManholeLoopbackMixin.test_SimpleExpression.<locals>.finished��recvlineClient�expect� _testwrite�addCallback�r ��doner\��r��r6��r��test_SimpleExpression�� zManholeLoopbackMixin.test_SimpleExpressionc��rR��)z> Evaluate line continuation in triple quotes. rS��s��''' ''' donec��rT��)N)s��>>> '''s��... '''s��'\n'rW��rX��rZ��r6��r��r��r\��r]��zGManholeLoopbackMixin.test_TripleQuoteLineContinuation.<locals>.finishedr^��rc��r��r6��r�� test_TripleQuoteLineContinuation��rf��z5ManholeLoopbackMixin.test_TripleQuoteLineContinuationc��rR��)z/ Evaluate function definition. rS��s'��def foo(bar): print(bar) foo(42) donec��rT��)N)s��>>> def foo(bar):s��... print(bar)��... s��>>> foo(42)s��42rW��rX��rZ��r6��r��r��r\��z>ManholeLoopbackMixin.test_FunctionDefinition.<locals>.finishedr^��rc��r��r6��r��r=�� z,ManholeLoopbackMixin.test_FunctionDefinitionc��rR��)z, Evaluate class definition. rS��sE��class Foo: def bar(self): print('Hello, world!') Foo().bar() donec��rT��)N)s��>>> class Foo:s��... def bar(self):s"��... print('Hello, world!')rh��s��>>> Foo().bar()s ��Hello, world!rW��rX��rZ��r6��r��r��r\��ri��z;ManholeLoopbackMixin.test_ClassDefinition.<locals>.finishedr^��rc��r��r6��r��r>��s�� z)ManholeLoopbackMixin.test_ClassDefinitionc��rR��)z0 Evaluate raising an exception. rS��s#��raise Exception('foo bar baz') donec��s"��dddt�d��ddg��d�S�)Ns"��>>> raise Exception('foo bar baz')s"��Traceback (most recent call last):s�� File "<console>", line 1, in zutf-8s��Exception: foo bar bazrW��)rY��defaultFunctionName�encoderZ��r6��r��r��r\��s��z5ManholeLoopbackMixin.test_Exception.<locals>.finishedr^��rc��r��r6��r��test_Exception��rj��z#ManholeLoopbackMixin.test_Exceptionc��s6��j��d�}��dtj�d��fdd�}\|�\|�S�)z4 Evaluate interrupting with CTRL-C. rS��cancelled linec��rT��)N)��>>> cancelled line��KeyboardInterruptrW��rX��rZ��r6��r��r��r\��ri��z4ManholeLoopbackMixin.test_ControlC.<locals>.finished)r_��r`��ra��r��CTRL_Crb��rc��r��r6��r�� test_ControlC��s�� z"ManholeLoopbackMixin.test_ControlCc��sF��j��d�}��d��fdd�}\|�\|��fdd�}\|�\|��\|S�)z� Sending ^C to Manhole while in a state where more input is required to complete a statement should discard the entire ongoing statement and reset the input prompt to the non-continuation prompt. s��thingss��( thingsc��s��ddg��j�d�}��tj��\|S�)N��>>> (� ��... things��>>> )rY��r_��r`��ra��r��rq��)�ignored�interruptedr6��r��r��gotContinuation��s��zNManholeLoopbackMixin.test_interruptDuringContinuation.<locals>.gotContinuationc��rT��)N)rs��rt��rp��ru��rX��)rv��r6��r��r��gotInterruption��r]��zNManholeLoopbackMixin.test_interruptDuringContinuation.<locals>.gotInterruptionr^��)r �� continuingrx��ry��r��r6��r�� test_interruptDuringContinuation��s�� z5ManholeLoopbackMixin.test_interruptDuringContinuationc��s>��d��j�d�}��fdd�}��fdd�}\|�\|��\|�S�)z2 Evaluate cancelling with CTRL-\. rn��c��s.��dg��tj��jj}��\|tj�S�)Nro��) rY��ra��r��CTRL_BACKSLASHr_��onDisconnection� assertFailurer��ConnectionDone)r[��rP��r6��r��r��gotPartialLine��s��zBManholeLoopbackMixin.test_ControlBackslash.<locals>.gotPartialLinec��dg��d�S�)N��rX��rZ��r6��r��r��gotClearedLine1��zBManholeLoopbackMixin.test_ControlBackslash.<locals>.gotClearedLine�ra��r_��r`��rb��)r ��partialLiner��r��r��r6��r��test_ControlBackslash#��s �� zManholeLoopbackMixin.test_ControlBackslashc��c��s��\|��d��\|�j�d�V��\|��dg��\|��tjd��\|�j�d�V��\|��dg��\|��d��\|�j�d�V��\|��tj��\|�jj}\|��\|tj �V��dS�) z~ A CTRL+D in the middle of a line doesn't close a connection, but at the beginning of a line it does. s��1 + 1��\+ 1rU�� + 1� ��>>> 1 + 1 + 1�� s��3 >>> N) ra��r_��r`��rY��r��CTRL_Dr}��r~��r��r��rO��r��r��r�� test_controlD6��s�� z"ManholeLoopbackMixin.test_controlDc��c��sV��\|��d��\|�j�d�V��\|��ddg��\|��tjd��\|�j�d�V��\|��dg��dS�) a�� CTRL+L is generally used as a redraw-screen command in terminal applications. Manhole doesn't currently respect this usage of it, but it should at least do something reasonable in response to this event (rather than, say, eating your face). s�� 1 + 1r��ru��rU��r��s��1 \+ 1 \+ 1r��N)ra��r_��r`��rY��r��CTRL_Lr6��r��r��r�� test_ControlLK��s�� z"ManholeLoopbackMixin.test_ControlLc��,��d��j�d�}��fdd�}\|�\|�S�)zl CTRL-A can be used as HOME - returning cursor to beginning of current line buffer. s��rint "hello"p� ��print "hello"c��r��Ns��>>> print "hello"rX��ignorer6��r��r��cbe��r��z.ManholeLoopbackMixin.test_controlA.<locals>.cbr��r ��rP��r��r��r6��r�� test_controlA]�� z"ManholeLoopbackMixin.test_controlAc��r��)zc CTRL-E can be used as END - setting cursor to end of current line buffer. s��rint "hellop"r��c��r��r��rX��r��r6��r��r��r��r��r��z.ManholeLoopbackMixin.test_controlE.<locals>.cbr��r��r��r6��r�� test_controlEj��r��z"ManholeLoopbackMixin.test_controlEc��c��sR��\|��d��\|�j�d�V��\|��d��\|�j�d�V��\|�j�d�V��\|��g�d��dS�)z� When a deferred is returned to the manhole REPL, it is displayed with a sequence number, and when the deferred fires, the result is printed. sC��from twisted.internet import defer, reactor d = defer.Deferred() d � ��<Deferred #0>s.��c = reactor.callLater(0.1, d.callback, 'Hi!') ru��s#��Deferred #0 called back: 'Hi!' >>> )s/��>>> from twisted.internet import defer, reactors��>>> d = defer.Deferred()s��>>> dr��s1��>>> c = reactor.callLater(0.1, d.callback, 'Hi!')s��Deferred #0 called back: 'Hi!'ru��N)ra��r_��r`��rY��r6��r��r��r�� test_deferredw��s�� z"ManholeLoopbackMixin.test_deferredN)r#��r$��r%��r��ColoredManhole�serverProtocolrQ��re��rg��r=��r>��rm��rr��r{��r��r ��inlineCallbacksr��r��r��r��r��r��r��r��r��rM��s&�� rM��c��@��s��e�Zd�ZdZdS�)�ManholeLoopbackTelnetTestsz, Test manhole loopback over Telnet. N)r#��r$��r%��r&��r��r��r��r��r��s��r��c��@��s ��e�Zd�ZdZedu�rdZdS�dS�)�ManholeLoopbackSSHTestsz) Test manhole loopback over SSH. Nz!cryptography requirements missing)r#��r$��r%��r&��r��skipr��r��r��r��r��s ��r��c��@��s&��e�Zd�ZdZedu�rdZdS�ejZdS�)�ManholeLoopbackStdioTestsz1 Test manhole loopback over standard IO. N�Terminal requirements missing)r#��r$��r%��r&��r ��r��ConsoleManholer��r��r��r��r��r��s �� r��c��@��s$��e�Zd�ZdZedu�rdZdd��ZdS�)�ManholeMainTestsz= Test the I{main} method from the I{manhole} module. Nr��c��C��s��\|�j�ttjdgd�}\|��d\|jd��dS�)z� Will raise an exception when called with an argument which is a dotted patch which can not be imported.. z no-such-class)�argvzEmpty module namer��N)�assertRaises� ValueErrorr ��mainrK��args)r �� exceptionr��r��r��test_mainClassNotFound��s��z'ManholeMainTests.test_mainClassNotFound)r#��r$��r%��r&��r ��r��r��r��r��r��r��r��s ��r��)"r&��r��typingr��r��bool�__annotations__� twisted.conchr��twisted.conch.insultsr�� twisted.conch.test.test_recvliner��r��r��r ��twisted.internetr ��r��twisted.test.proto_helpersr�� twisted.trialr ��r��rk��TestCaser��r(��r2��rM��r��r��r��r��r��r��r��r��<module>��s,��B�� test/__pycache__/test_userauth.cpython-310.pyc��0000644��00000102556�15027667726�0015366 0��ustar�00��o ��b��@��s��U�d�Z�ddlmZ�ddlmZ�ddlmZ�ddlmZm Z �ddl mZ�ddlm Z mZmZ�ddlmZ�dd lmZmZ�dd lmZmZ�ddlmZ�ddlmZ�dd lmZ�dZee�ed<�ed�r�ed�r�ddl m!Z!�ddl"mZm#Z#m$Z$�ddl%m&Z&�ddl'm(Z(�nG�dd��d�Z#G�dd��d�Z$G�dd��de$j)�ZG�dd��de$j)�Z+G�dd��de$j)�Z,G�d d!��d!e#j-�Z.ee�G�d"d#��d#��Z/ee�G�d$d%��d%��Z0ee�G�d&d'��d'��Z1ee�G�d(d)��d)��Z2G�dd+��d+ej3�Z4G�d,d-��d-ej3�Z5G�d.d/��d/ej3�Z6G�d0d1��d1ej3�Z7dS�)2zT Tests for the implementation of the ssh-userauth service. Maintainer: Paul Swartz ��)� ModuleType)�Optional)�implementer)� ConchError�ValidPublicKey)�ICredentialsChecker)� IAnonymous�ISSHPrivateKey�IUsernamePassword)�UnauthorizedLogin)�IRealm�Portal)�defer�task)�loopback)� requireModule)�unittestN�keys�cryptography�pyasn1)�SSHProtocolChecker)r�� transport�userauth)�NS)�keydatac��@��e�Zd�ZG�dd��d�ZdS�)r��c��@��e�Zd�ZdZdS�)ztransport.SSHTransportBase�Q A stub class so that later class definitions won't die. N��__name__� __module__�__qualname__�__doc__��r#��r#��B/usr/lib/python3/dist-packages/twisted/conch/test/test_userauth.py�SSHTransportBase"��r%��N)r��r ��r!��r%��r#��r#��r#��r$��r��!��r��c��@��r��)r��c��@��r��)zuserauth.SSHUserAuthClientr��Nr��r#��r#��r#��r$��SSHUserAuthClient(��r&��r(��N)r��r ��r!��r(��r#��r#��r#��r$��r��'��r'��r��c��@��s2��e�Zd�ZdZdd��Zdd��Zddd�Zd d ��ZdS�)�ClientUserAuthz" A mock user auth client. c��C��s(��\|�j�r tj�tj�S�t�tj�tj��S�)z� If this is the first time we've been called, return a blob for the DSA key. Otherwise, return a blob for the RSA key. ) � lastPublicKeyr��Key� fromStringr��publicRSA_opensshr��succeed�publicDSA_openssh��selfr#��r#��r$��getPublicKey3��s��zClientUserAuth.getPublicKeyc��C��s��t��tj�tj��S�)z@ Return the private key object for the RSA key. )r��r.��r��r+��r,��r��privateRSA_opensshr0��r#��r#��r$�� getPrivateKey>��zClientUserAuth.getPrivateKeyNc��C�� t��d�S�)z/ Return 'foo' as the password. ��foo�r��r.��)r1��promptr#��r#��r$��getPasswordD�� zClientUserAuth.getPasswordc��C��r6��)z> Return 'foo' as the answer to two questions. )�foor<��r8��)r1��name�information�answersr#��r#��r$��getGenericAnswersJ��r;��z ClientUserAuth.getGenericAnswers�N)r��r ��r!��r"��r2��r4��r:��r@��r#��r#��r#��r$��r)��.��s�� r)��c��@�� e�Zd�ZdZdd��Zdd��ZdS�)� OldClientAuthz~ The old SSHUserAuthClient returned a cryptography key object from getPrivateKey() and a string from getPublicKey c��C��s��t��tj�tj�j�S�rA��)r��r.��r��r+��r,��r��r3�� keyObjectr0��r#��r#��r$��r4��W��zOldClientAuth.getPrivateKeyc��C��s��t�j�tj��S�rA��)r��r+��r,��r��r-��blobr0��r#��r#��r$��r2��Z��s��zOldClientAuth.getPublicKeyN�r��r ��r!��r"��r4��r2��r#��r#��r#��r$��rC��Q��s��rC��c��@��rB��)�ClientAuthWithoutPrivateKeyzP This client doesn't have a private key, but it does have a public key. c��C��d�S�rA��r#��r0��r#��r#��r$��r4��c��z)ClientAuthWithoutPrivateKey.getPrivateKeyc��C��s��t�j�tj�S�rA��)r��r+��r,��r��r-��r0��r#��r#��r$��r2��f��z(ClientAuthWithoutPrivateKey.getPublicKeyNrG��r#��r#��r#��r$��rH��^��s��rH��c��@��sL��e�Zd�ZdZG�dd��d�ZG�dd��d�Zdd��Zdd ��Zd d��Zdd ��Z dS�)� FakeTransporta_�� L{userauth.SSHUserAuthServer} expects an SSH transport which has a factory attribute which has a portal attribute. Because the portal is important for testing authentication, we need to be able to provide an interesting portal object to the L{SSHUserAuthServer}. In addition, we want to be able to capture any packets sent over the transport. @ivar packets: a list of 2-tuples: (messageType, data). Each 2-tuple is a sent packet. @type packets: C{list} @param lostConnecion: True if loseConnection has been called on us. @type lostConnection: L{bool} c��@��s��e�Zd�ZdZdZdd��ZdS�)zFakeTransport.ServicezW A mock service, representing the other service offered by the server. ��nancyc��C��rI��rA��r#��r0��r#��r#��r$��serviceStarted��rJ��z$FakeTransport.Service.serviceStartedN)r��r ��r!��r"��r=��rN��r#��r#��r#��r$��Service{��s��rO��c��@��e�Zd�ZdZdd��ZdS�)zFakeTransport.Factoryzg A mock factory, representing the factory that spawned this user auth service. c��C��s��\|dkrt�jS�dS�)z2 Return our fake service. ��noneN)rL��rO��)r1��r��servicer#��r#��r$�� getService��s��z FakeTransport.Factory.getServiceN)r��r ��r!��r"��rS��r#��r#��r#��r$��Factory��s��rT��c��C��s(��\|��\|�_\|\|�j_d\|�_\|�\|�_g�\|�_d�S��NF)rT��factory�portal�lostConnectionr��packets)r1��rW��r#��r#��r$��__init__��s �� zFakeTransport.__init__c��C��s��\|�j��\|\|f��dS�)z8 Record the packet sent by the service. N)rY��append)r1��messageType�messager#��r#��r$�� sendPacket��r5��zFakeTransport.sendPacketc��C��dS�)z� Pretend that this transport encrypts traffic in both directions. The SSHUserAuthServer disables password authentication if the transport isn't encrypted. Tr#��)r1�� directionr#��r#��r$��isEncrypted��s��zFakeTransport.isEncryptedc��C��s ��d\|�_�d�S��NT)rX��r0��r#��r#��r$��loseConnection��s�� zFakeTransport.loseConnectionN) r��r ��r!��r"��rO��rT��rZ��r^��ra��rc��r#��r#��r#��r$��rL��j��s�� rL��c��@��rP��)�Realmz� A mock realm for testing L{userauth.SSHUserAuthServer}. This realm is not actually used in the course of testing, so it returns the simplest thing that could possibly work. c��G��s��t��\|d�d�dd��f�S�)Nr��c��S��rI��rA��r#��r#��r#��r#��r$��<lambda>��z%Realm.requestAvatar.<locals>.<lambda>r8��)r1��avatarId�mind� interfacesr#��r#��r$�� requestAvatar��s��zRealm.requestAvatarN)r��r ��r!��r"��rj��r#��r#��r#��r$��rd��s��rd��c��@��e�Zd�ZdZefZdd��ZdS�)�PasswordCheckerz� A very simple username/password checker which authenticates anyone whose password matches their username and rejects all others. c��C��s&��\|j�\|jkrt�\|j��S�t�td��S�)NzInvalid username/password pair)�username�passwordr��r.��failr��)r1��credsr#��r#��r$��requestAvatarId��s��zPasswordChecker.requestAvatarIdN)r��r ��r!��r"��r ��credentialInterfacesrq��r#��r#��r#��r$��rl��rl��c��@��rk��)�PrivateKeyCheckerz� A very simple public key checker which authenticates anyone whose public/private keypair is the same keydata.public/privateRSA_openssh. c��C��sX��\|j�tj�tj��kr)\|jd�ur&tj�\|j��}\|�\|j\|j�r#\|j S�t��t ��t��rA��)rF��r��r+��r,��r��r-�� signature�verify�sigDatarm��r��r��)r1��rp��objr#��r#��r$��rq��s�� z!PrivateKeyChecker.requestAvatarIdN)r��r ��r!��r"��r ��rr��rq��r#��r#��r#��r$��rt��rs��rt��c��@��rk��)�AnonymousCheckerzI A simple checker which isn't supported by L{SSHUserAuthServer}. c��C��rI��rA��r#��)r1��credentialsr#��r#��r$��rq��s��z AnonymousChecker.requestAvatarIdN)r��r ��r!��r"��r��rr��rq��r#��r#��r#��r$��ry��s��ry��c��@��s��e�Zd�ZdZedu�rdZdd��Zdd��Zdd ��Zd d��Z dd ��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zdd��Zd d!��Zd"d#��Zd$d%��Zd&d'��Zd(d)��Zdd+��ZdS�),�SSHUserAuthServerTestsz& Tests for SSHUserAuthServer. N�cannot run without cryptographyc��C��sb��t��\|�_t\|�j�\|�_\|�j�t��\|�j�t��t��\|�_ t \|�j�\|�j _\|�j ��\|�j j ��d�S�rA��)rd��realmr ��rW��registerCheckerrl��rt��r��SSHUserAuthServer� authServerrL��r��rN��supportedAuthentications�sortr0��r#��r#��r$��setUp��s�� zSSHUserAuthServerTests.setUpc��C��\|�j��d�\|�_�d�S�rA��)r��serviceStoppedr0��r#��r#��r$��tearDown�� zSSHUserAuthServerTests.tearDownc��C��s(��\|��\|�jjjd�tjtd�d�f��dS�)z; Check that the authentication has failed. ��s��password,publickey��N)�assertEqualr��r��rY��r��MSG_USERAUTH_FAILUREr��r1��ignoredr#��r#��r$��_checkFailed��s��z#SSHUserAuthServerTests._checkFailedc��C��s,��\|�j��td�td��td��}\|�\|�j�S�)z� A client may request a list of authentication 'method name' values that may continue by using the "none" authentication 'method name'. See RFC 4252 Section 5.2. r7��s��servicerQ��)r��ssh_USERAUTH_REQUESTr��addCallbackr��)r1��dr#��r#��r$��test_noneAuthentication��s��z.SSHUserAuthServerTests.test_noneAuthenticationc��sF��d��td�td�td�dtd�g�}��j�\|�}��fdd�}\|�\|�S�)z� When provided with correct password authentication information, the server should respond by sending a MSG_USERAUTH_SUCCESS message with no other data. See RFC 4252, Section 5.1. ��r7��rQ��passwordr��c��jjjtjdfg��d�S��Nr��r��r��r��rY��r��MSG_USERAUTH_SUCCESS�r��r0��r#��r$��check�� zKSSHUserAuthServerTests.test_successfulPasswordAuthentication.<locals>.check)�joinr��r��r��r��r1��packetr��r��r#��r0��r$��%test_successfulPasswordAuthentication��s��$ z<SSHUserAuthServerTests.test_successfulPasswordAuthenticationc��C��sh��d��td�td�td�dtd�g�}t��\|�j_\|�j�\|�}\|��\|�jjj g��\|�jj� d��\|�\|�j�S�)a;�� When provided with invalid authentication details, the server should respond by sending a MSG_USERAUTH_FAILURE message which states whether the authentication was partially successful, and provides other, open options for authentication. See RFC 4252, Section 5.1. r��r7��rQ��r��r��bar��) r��r��r��Clockr��clockr��r��r��rY��advancer��r��r1��r��r��r#��r#��r$��!test_failedPasswordAuthentication'��s��$ z8SSHUserAuthServerTests.test_failedPasswordAuthenticationc��s��t�j�tj��}t�j�tj�}td�td��td��d�t\|��t\|��}d��j j _\|�td�t tjf��\|��}\|t\|�7�}��j �\|�}��fdd�}\|�\|�S�)zN Test that private key authentication completes successfully, r7��rQ�� publickey��testc��r��r��r��r��r0��r#��r$��r��M��r��zMSSHUserAuthServerTests.test_successfulPrivateKeyAuthentication.<locals>.check)r��r+��r,��r��r-��rF��r3��r��sshTyper��r�� sessionID�sign�bytesr��MSG_USERAUTH_REQUESTr��r��)r1��rF��rx��r��ru��r��r��r#��r0��r$��'test_successfulPrivateKeyAuthentication8��s,�� z>SSHUserAuthServerTests.test_successfulPrivateKeyAuthenticationc��s��t��dd��}dd��}��fdd�}\|��\|�jd\|��\|��\|�jd\|��\|��\|�jd \|��td �td��td��td ��}\|�j�\|��\|��t�S�)z� ssh_USERAUTH_REQUEST should raise a ConchError if tryAuth returns None. Added to catch a bug noticed by pyflakes. c��S��s��\|��d��d�S�)Nz&request should have raised ConochError)ro��r��r#��r#��r$��mockCbFinishedAuth\��rK��zOSSHUserAuthServerTests.test_requestRaisesConchError.<locals>.mockCbFinishedAuthc��S��rI��rA��r#��)�kind�user�datar#��r#��r$��mockTryAuth_��rJ��zHSSHUserAuthServerTests.test_requestRaisesConchError.<locals>.mockTryAuthc��s��\|�j��d�S�rA��)�errback�value)�reason�r��r#��r$�� mockEbBadAuthb��s��zJSSHUserAuthServerTests.test_requestRaisesConchError.<locals>.mockEbBadAuth�tryAuth�_cbFinishedAuth� _ebBadAuths��userrQ��s ��public-keys��data)r��Deferred�patchr��r��r�� assertFailurer��)r1��r��r��r��r��r#��r��r$��test_requestRaisesConchErrorU��s�� z3SSHUserAuthServerTests.test_requestRaisesConchErrorc��sb��t�j�tj��td�td��td��d�td��t��}�j�\|�}��fdd�}\|� \|�S�)z@ Test that verifying a valid private key works. r7��rQ��r��r��ssh-rsac��s��jjjtjtd�t��fg��d�S�)Nr��)r��r��r��rY��r��MSG_USERAUTH_PK_OKr��r��rF��r1��r#��r$��r��~��s��z@SSHUserAuthServerTests.test_verifyValidPrivateKey.<locals>.check) r��r+��r,��r��r-��rF��r��r��r��r��r��r#��r��r$��test_verifyValidPrivateKeyo��s �� z1SSHUserAuthServerTests.test_verifyValidPrivateKeyc��C��sV��t�j�tj��}td�td��td��d�td��t\|��}\|�j�\|�}\|� \|�j �S�)�d Test that private key authentication fails when the public key is invalid. r7��rQ��r��r��s��ssh-dsa�r��r+��r,��r��r/��rF��r��r��r��r��r��r1��rF��r��r��r#��r#��r$��3test_failedPrivateKeyAuthenticationWithoutSignature��s��zJSSHUserAuthServerTests.test_failedPrivateKeyAuthenticationWithoutSignaturec��C��s\|��t�j�tj��}t�j�tj�}td�td��td��d�td��t\|��t\|�\|��}d\|�j j _\|�j �\|�}\|� \|�j�S�)r��r7��rQ��r��r��r��r��)r��r+��r,��r��r-��rF��r3��r��r��r��r��r��r��r��r��)r1��rF��rx��r��r��r#��r#��r$��0test_failedPrivateKeyAuthenticationWithSignature��s&�� zGSSHUserAuthServerTests.test_failedPrivateKeyAuthenticationWithSignaturec��C��sj��t�j�tj��}td�\|dd��}td�td��td��d�td��t\|��}\|�j�\|�}\|� \|�j �S�) z� Private key authentication fails when the public key type is unsupported or the public key is corrupt. s��ssh-bad-type��Nr7��rQ��r��r��r��r��r��r#��r#��r$��test_unsupported_publickey��s ��z1SSHUserAuthServerTests.test_unsupported_publickeyc��C��sR��t��}t\|�j�\|_\|�j�t��\|��\|��\|j � ��\|��\|j ddg��dS�)ah�� L{SSHUserAuthServer} sets up C{SSHUserAuthServer.supportedAuthentications} by checking the portal's credentials interfaces and mapping them to SSH authentication method strings. If the Portal advertises an interface that L{SSHUserAuthServer} can't map, it should be ignored. This is a white box test. r��r��N)r��r��rL��rW��r��r~��ry��rN��r��r��r��r��r1��serverr#��r#��r$�� test_ignoreUnknownCredInterfaces��s�� z7SSHUserAuthServerTests.test_ignoreUnknownCredInterfacesc��C��s��\|��d\|�jj��t��}t\|�j�\|_dd��\|j_\|� ��\|� ��\|��d\|j��t��}t\|�j�\|_dd��\|j_\|� ��\|� ��\|��d\|j��dS�)z� Test that the userauth service does not advertise password authentication if the password would be send in cleartext. r��c��S��r_��rU��r#��xr#��r#��r$��re��rf��zISSHUserAuthServerTests.test_removePasswordIfUnencrypted.<locals>.<lambda>c��S��\|�dkS��N�inr#��r��r#��r#��r$��re��N)�assertInr��r��r��r��rL��rW��r��ra��rN��r��assertNotIn)r1��clearAuthServer�halfAuthServerr#��r#��r$�� test_removePasswordIfUnencrypted��s��z7SSHUserAuthServerTests.test_removePasswordIfUnencryptedc��C��s��t�\|�j�}\|�t��t��}t\|�\|_dd��\|j_\|� ��\|� ��\|��\|jdg��t��}t\|�\|_dd��\|j_\|� ��\|� ��\|��\|jdg��dS�)z� If the L{SSHUserAuthServer} is not advertising passwords, then an unencrypted connection should not cause any warnings or exceptions. This is a white box test. c��S��r_��rU��r#��r��r#��r#��r$��re��rf��zSSSHUserAuthServerTests.test_unencryptedConnectionWithoutPasswords.<locals>.<lambda>r��c��S��r��r��r#��r��r#��r#��r$��re��r��N) r ��r}��r~��rt��r��r��rL��r��ra��rN��r��r��r��)r1��rW��r��r��r#��r#��r$��test_unencryptedConnectionWithoutPasswords��s�� zASSHUserAuthServerTests.test_unencryptedConnectionWithoutPasswordsc��C��s��t��}t��\|_t\|�j�\|_\|��\|j� d��\|� ��\|��\|jjtj dttjf��td��td��fg��\|��\|jj��dS�)z0 Test that the login times out. 鰚��s��you took too longr��N)r��r��r��r��r��rL��rW��r��rN��r��r��r��rY��MSG_DISCONNECTr��)DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLEr�� assertTruerX��r1��timeoutAuthServerr#��r#��r$��test_loginTimeout��s(�� z(SSHUserAuthServerTests.test_loginTimeoutc��C��s\��t��}t��\|_t\|�j�\|_\|��\|� ��\|j� d��\|��\|jjg��\|�� \|jj��dS�)zN Test that stopping the service also stops the login timeout. r��N)r��r��r��r��r��rL��rW��r��rN��r��r��r��rY��assertFalserX��r��r#��r#��r$��test_cancelLoginTimeout��s�� z.SSHUserAuthServerTests.test_cancelLoginTimeoutc��sn��d��td�td�td�dtd�g�}t��j_td�D�]}��j�\|�}��jj�d��q��fd d �}\|� \|�S�)zm Test that the server disconnects if the client fails authentication too many times. r��r7��rQ��r��r��r��r��c��s<��jjjd�tjdttjf��td��td��f��d�S�)Nr��r��s��too many bad authsr��)r��r��r��rY��r��r��r��r��r��r0��r#��r$��r��1��s�� z:SSHUserAuthServerTests.test_tooManyAttempts.<locals>.check) r��r��r��r��r��r��ranger��r��r��)r1��r��ir��r��r#��r0��r$��test_tooManyAttempts&��s��$ z+SSHUserAuthServerTests.test_tooManyAttemptsc��C��sH��t�d�t�d��t�d��d�t�d��}t��\|�j_\|�j�\|�}\|�\|�j�S�)zo If the user requests a service that we don't support, the authentication should fail. r7��r��r��r��)r��r��r��r��r��r��r��r��r��r#��r#��r$��test_failIfUnknownService?��s��$z0SSHUserAuthServerTests.test_failIfUnknownServicec��sV��dd��}��jd\|��jdd��fdd�}��j�ddd�}��\|t��\|�S�) aZ�� tryAuth() has two edge cases that are difficult to reach. 1) an authentication method auth_* returns None instead of a Deferred. 2) an authentication type that is defined does not have a matching auth_* method. Both these cases should return a Deferred which fails with a ConchError. c��S��rI��rA��r#��)r��r#��r#��r$��mockAuthU��rJ��z>SSHUserAuthServerTests.test_tryAuthEdgeCases.<locals>.mockAuth�auth_publickey� auth_passwordNc��s��j��dd�d��}��\|t�S�)Nr��)r��r��r��r��)r��d2r0��r#��r$�� secondTest[��s��z@SSHUserAuthServerTests.test_tryAuthEdgeCases.<locals>.secondTestr��)r��r��r��r��r��r��)r1��r��r��d1r#��r0��r$��test_tryAuthEdgeCasesI��s��z,SSHUserAuthServerTests.test_tryAuthEdgeCases)r��r ��r!��r"��r��skipr��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r#��r#��r#��r$��r{��s0�� r{��c��@��s��e�Zd�ZdZedu�rdZdd��Zdd��Zdd ��Zd d��Z dd ��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zdd��Zd d!��ZdS�)"�SSHUserAuthClientTestsz& Tests for SSHUserAuthClient. Nr\|��c��C��s4��t�dt��\|�_td��\|�j_d\|�jj_\|�j��d�S�)Nr7��r��)r)��rL��rO�� authClientr��r��rN��r0��r#��r#��r$��r��k��s�� zSSHUserAuthClientTests.setUpc��C��r��rA��)r��r��r0��r#��r#��r$��r��q��r��zSSHUserAuthClientTests.tearDownc��C��sT��\|��\|�jjd��\|��\|�jjjd��\|��\|�jjjtjt d�t d��t d��fg��dS�)z; Test that client is initialized properly. r7��rM��rQ��N) r��r��r��instancer=��r��rY��r��r��r��r0��r#��r#��r$�� test_initu��s��z SSHUserAuthClientTests.test_initc��s@��dg��fdd�}\|\|�j�j_\|�j��d��\|��d�\|�j�j��dS�)z9 Test that the client succeeds properly. Nc��s��\|��d<�d�S�)Nr��r#��)rR��r��r#��r$��stubSetService��s��zDSSHUserAuthClientTests.test_USERAUTH_SUCCESS.<locals>.stubSetServicer��r��)r��r�� setService�ssh_USERAUTH_SUCCESSr��r��)r1��r��r#��r��r$��test_USERAUTH_SUCCESS��s �� z,SSHUserAuthClientTests.test_USERAUTH_SUCCESSc�� C��s��\|�j��td�d��\|��\|�j�jjd�tjtd�td��td��d�td��ttj � tj�� f��\|�j��td�d��ttj � tj�� }\|��\|�j�jjd�tjtd�td��td��d�td��\|�f��\|�j��td�ttj � tj�� t\|�j�jj�ttjf��td��td��td��d�td��\|�}tj � tj�}\|��\|�j�jjd�tjtd�td��td��d�td��\|�t\|�\|��f��d S�) zJ Test that the client can authenticate with a public key. r��r��r��r7��rM��s��ssh-dssr��N)r��ssh_USERAUTH_FAILUREr��r��r��rY��r��r��r��r+��r,��r��r/��rF��r-��ssh_USERAUTH_PK_OKr��r��r3��r��)r1��rF��rw��rx��r#��r#��r$��test_publickey��s�� z%SSHUserAuthClientTests.test_publickeyc��C��sz��t�dt��}td�\|_d\|j_\|��\|�d��g�\|j_\|��\|� d��\|�� \|jjtjt d�t d��t d��fg��dS�)z� If the SSHUserAuthClient doesn't return anything from signData, the client should start the authentication over again by requesting 'none' authentication. r7��Nr��r��r��rM��rQ��)rH��rL��rO��r��r��rN��r��rY��assertIsNoner��r��r��r��r��)r1��r��r#��r#��r$��!test_publickey_without_privatekey��s�� z8SSHUserAuthClientTests.test_publickey_without_privatekeyc��s.��dd��j�_��j��d�}��fdd�}\|�\|�S�)z{ If there's no public key, auth_publickey should return a Deferred called back with a False value. c��S��rI��rA��r#��r��r#��r#��r$��re��rf��z:SSHUserAuthClientTests.test_no_publickey.<locals>.<lambda>r��c��s��\|��d�S�rA��)r��resultr0��r#��r$��r��rK��z7SSHUserAuthClientTests.test_no_publickey.<locals>.check)r��r2��r��r��)r1��r��r��r#��r0��r$��test_no_publickey��s�� z(SSHUserAuthClientTests.test_no_publickeyc��C��s��\|�j��td�d��\|��\|�j�jjd�tjtd�td��td��d�td��f��\|�j��td�td��\|��\|�j�jjd�tjtd�td��td��d�td�d��f��d S�) zx Test that the client can authentication with a password. This includes changing the password. r��r��r��r7��rM��r��r��r��N) r��r��r��r��r��rY��r��r��r��r0��r#��r#��r$�� test_password��s��"��&��z$SSHUserAuthClientTests.test_passwordc��C��s"��dd��\|�j�_\|��\|�j��d��dS�)zK If getPassword returns None, tryAuth should return False. c��S��rI��rA��r#��r#��r#��r#��r$��re��rf��z9SSHUserAuthClientTests.test_no_password.<locals>.<lambda>r��N)r��r:��r��r��r0��r#��r#��r$��test_no_password��s��z'SSHUserAuthClientTests.test_no_passwordc��C��s`��\|�j��td�td��td��d�td��d��\|��\|�j�jjd�tjdtd��td��f��dS�) zj Make sure that the client can authenticate with the keyboard interactive method. r��s��s ��Password: r��r��s��r7��N)r��'ssh_USERAUTH_PK_OK_keyboard_interactiver��r��r��rY��r��MSG_USERAUTH_INFO_RESPONSEr0��r#��r#��r$��test_keyboardInteractive��s&��z/SSHUserAuthClientTests.test_keyboardInteractivec��C��sP��d\|�j�_g�\|�j�j_\|�j��d��\|��\|�j�jjtjtd�td��td��fg��dS�)z� If C{SSHUserAuthClient} gets a MSG_USERAUTH_PK_OK packet when it's not expecting it, it should fail the current authentication and move on to the next type. s��unknownr��r7��rM��rQ��N) r��lastAuthr��rY��r��r��r��r��r��r0��r#��r#��r$��"test_USERAUTH_PK_OK_unknown_method��s�� z9SSHUserAuthClientTests.test_USERAUTH_PK_OK_unknown_methodc��s��fdd�}��fdd�}\|��j�_\|��j�_��j��td�d��j�jjd�tj td�td ��td ��d�td��f��j��td�d��j�jjd d��ddg��dS�)z� ssh_USERAUTH_FAILURE should sort the methods by their position in SSHUserAuthClient.preferredOrder. Methods that are not in preferredOrder should be sorted at the end of that list. c��s��j�j�dd��d�S�)N��here is data�r��r��r^��r#��r0��r#��r$��auth_firstmethod2��s��zNSSHUserAuthClientTests.test_USERAUTH_FAILURE_sorting.<locals>.auth_firstmethodc��s��j�j�dd��dS�)N�� other dataTr ��r#��r0��r#��r$��auth_anothermethod5��s��zPSSHUserAuthClientTests.test_USERAUTH_FAILURE_sorting.<locals>.auth_anothermethods��anothermethod,passwordr��r��r7��rM��r��s"��firstmethod,anothermethod,passwordr��N)r��r��)r��r��) r��r��r��r��r��r��r��rY��r��r��)r1��r��r��r#��r0��r$��test_USERAUTH_FAILURE_sorting+��s$��"�� z4SSHUserAuthClientTests.test_USERAUTH_FAILURE_sortingc��C��sT��\|�j��td�d��\|�j��td�d��\|��\|�j�jjd�tjdtd��d�f��dS�) z� If there are no more available user authentication messages, the SSHUserAuthClient should disconnect with code DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE. r��r��r��r��s��s(��no more authentication methods availables��N)r��r��r��r��r��rY��r��r0��r#��r#��r$��%test_disconnectIfNoMoreAuthenticationO��s��z<SSHUserAuthClientTests.test_disconnectIfNoMoreAuthenticationc��C��sH��g�\|�j�j_\|�j��d��\|��\|�j�jjtjtd�td��td��fg��dS�)z� _ebAuth (the generic authentication error handler) should send a request for the 'none' authentication method. Nr7��rM��rQ��)r��r��rY��_ebAuthr��r��r��r��r0��r#��r#��r$��test_ebAutha��s�� z"SSHUserAuthClientTests.test_ebAuthc��s`��t��dt��fdd�}��fdd��dd��}\|��j�� \|�S�)z� getPublicKey() should return None. getPrivateKey() should return a failed Deferred. getPassword() should return a failed Deferred. getGenericAnswers() should return a failed Deferred. r7��c��s$��\|��t��}\|��j��S�rA��)�trap�NotImplementedErrorr:��r��ro�� addErrback�r��r��)r��check2r1��r#��r$��r��v��s�� z3SSHUserAuthClientTests.test_defaults.<locals>.checkc��s��\|��t��d�d�d��}\|��j��S�rA��)r��r��r@��r��ro��r��r��)r��check3r1��r#��r$��r��{��s�� z4SSHUserAuthClientTests.test_defaults.<locals>.check2c��S��s��\|��t��d�S�rA��)r��r��r��r#��r#��r$��r��rK��z4SSHUserAuthClientTests.test_defaults.<locals>.check3) r��r(��rL��rO��r��r2��r4��r��ro��r��)r1��r��r��r#��)r��r��r��r1��r$�� test_defaultsm��s��z$SSHUserAuthClientTests.test_defaults)r��r ��r!��r"��r��r��r��r��r��r��r��r��r��r��r��r��r ��r��r��r��r��r#��r#��r#��r$��r��c��s&�� > $r��c��@��s.��e�Zd�Zedu�r dZG�dd��d�Zdd��ZdS�)� LoopbackTestsN�)cannot run without cryptography or PyASN1c��@��s"��e�Zd�ZG�dd��d�Zdd��ZdS�)zLoopbackTests.Factoryc��@��rB��)zLoopbackTests.Factory.Service��TestServicec��C��s��\|�j��d�S�rA��)r��rc��r0��r#��r#��r$��rN��rK��z,LoopbackTests.Factory.Service.serviceStartedc��C��rI��rA��r#��r0��r#��r#��r$��r��rJ��z,LoopbackTests.Factory.Service.serviceStoppedN)r��r ��r!��r=��rN��r��r#��r#��r#��r$��rO��s��rO��c��C��s��\|�j�S�rA��)rO��)r1��avatarr=��r#��r#��r$��rS��s��z LoopbackTests.Factory.getServiceN)r��r ��r!��rO��rS��r#��r#��r#��r$��rT��s�� rT��c��s ��t��td�j��}t��_��j_dd��j_t��\|_\|\|j_d��j_ \|j_ dd��j_ \|j_ ��j_d�_t ��}t\|�}t��t��t��fdd��_\|��\|�jj_t��j\|j�}dd��jj_d d��\|jj_��\|��fd d�}\|�\|�S�)zW Test that the userauth server and client play nicely with each other. r7��c��S��r_��rb��r#��r��r#��r#��r$��re��rf��z-LoopbackTests.test_loopback.<locals>.<lambda>r��c��S��rI��rA��r#��r#��r#��r#��r$��re��rf��r��c��s��t��j\|��dkS�)Nr��)�len�successfulCredentials)�aId)�checkerr#��r$��re��s��c��S��r_��)N�_ServerLoopbackr#��r#��r#��r#��r$��re��rf��c��S��r_��)N�_ClientLoopbackr#��r#��r#��r#��r$��re��rf��c��s��jjjd��d�S�)Nr ��)r��r��rR��r=��r��r��r#��r$��r��rE��zLoopbackTests.test_loopback.<locals>.check)r��r��r)��rT��rO��r��r%��rR��ra��r��sendKexInitrV�� passwordDelayrd��r ��r��r~��rl��rt��areDonerW��r�� loopbackAsync� logPrefixrN��r��)r1��clientr}��rW��r��r��r#��)r%��r1��r��r$�� test_loopback��s4�� zLoopbackTests.test_loopback)r��r ��r!��r��r��rT��r.��r#��r#��r#��r$��r��s �� r��c��@��s ��e�Zd�Zedu�r dZdd��ZdS�)�ModuleInitializationTestsNr��c��C��s,��\|��tjjd�d��\|��tjjd�d��d�S�)N�<��r��)r��r��r��protocolMessagesr(��r0��r#��r#��r$�� test_messages��s��z'ModuleInitializationTests.test_messages)r��r ��r!��r��r��r2��r#��r#��r#��r$��r/��s��r/��)8r"��typesr��typingr��zope.interfacer��twisted.conch.errorr��r��twisted.cred.checkersr��twisted.cred.credentialsr��r ��r ��twisted.cred.errorr��twisted.cred.portalr��r ��twisted.internetr��r��twisted.protocolsr��twisted.python.reflectr�� twisted.trialr��r��__annotations__�twisted.conch.checkersr��twisted.conch.sshr��r��twisted.conch.ssh.commonr��twisted.conch.testr��r(��r)��rC��rH��r%��rL��rd��rl��rt��ry��TestCaser{��r��r��r/��r#��r#��r#��r$��<module>��sR��# A��}��&<��test/__pycache__/test_transport.cpython-310.pyc��0000644��00000301565�15027667726�0015563 0��ustar�00��o ��5�@g��@��sv��U�d�Z�ddlZddlZddlZddlZddlZddlmZmZm Z m Z mZ�ddlm Z mZ�ddlmZ�ddlmZ�ddlmZmZmZ�ddlmZ�dd lmZ�dd lmZ�ddlmZ�ddl m!Z!�dd l"m#Z#�ddl$m%Z%�ddl&m'Z'�e#d�Z(e#d�Z)e e�e+d<�e(r�e)r�dZ,ddl-m.Z.�ddl/m0Z0�ddl1m2Z2�ddl3m4Z4m5Z5�ddlm6Z6m7Z7m8Z8m9Z9�ddl:m;Z;�e0��<��Z=n e(s�dZ,ne)s�dZ,dZ=G�dd��d�Z9G�dd��d�Z7G�d d!��d!�Z6d"d#��Z>d$d%��Z?G�d&d'��d'e9j@�ZAG�d(d)��d)�ZBG�dd+��d+�ZCG�d,d-��d-ejD�ZEG�d.d/��d/e7jF�ZGG�d0d1��d1eG�ZHG�d2d3��d3eG�ZId4d5��ZJG�d6d7��d7e'�ZKG�d8d9��d9�ZLG�d:d;��d;�ZMG�d<d=��d=�ZNG�d>d?��d?�ZOG�d@dA��dA�ZPG�dBdC��dCePeK�ZQG�dDdE��dEeP�ZRG�dFdG��dGeReLeK�ZSG�dHdI��dIeReMeK�ZTG�dJdK��dKeReNeK�ZUe>G�dLdM��dMeReOeK��ZVG�dNdO��dO�ZWG�dPdQ��dQeW�ZXG�dRdS��dSeXeK�ZYG�dTdU��dUeX�ZZG�dVdW��dWeZeLeK�Z[G�dXdY��dYeZeMeK�Z\G�dZd[��d[eX�Z]G�d\d]��d]e]eNeK�Z^e>G�d^d_��d_e]eOeK��Z_G�d`da��daeW�Z`G�dbdc��dce`eK�ZaG�ddde��dee`�ZbG�dfdg��dgebeLeK�ZcG�dhdi��diebeMeK�ZdG�djdk��dke`�ZeG�dldm��dmeeeNeK�Zfe>G�dndo��doeeeOeK��ZgG�dpdq��dqe'�ZhG�drds��dse'�ZiG�dtdu��due'�ZjdS�)vz5 Tests for ssh/transport.py and the classes therein. ��N)�md5�sha1�sha256�sha384�sha512)�Optional�Type)�__version__)� ConchError)�_kex�address�service)�defer)�loopback)� randbytes)� iterbytes��insecureRandom)� requireModule)� proto_helpers)�TestCase�pyasn1�cryptography�dependencySkip)�UnsupportedAlgorithm)�default_backend)� serialization)�dh�ec)�common�factory�keys� transport)�keydatazCannot run without PyASN1zcan't run without cryptographyFc��@��s6��e�Zd�ZG�dd��d�ZG�dd��d�ZG�dd��d�ZdS�)r"��c��@��e�Zd�ZdS�)ztransport.SSHTransportBaseN��__name__� __module__�__qualname__��r)��r)��C/usr/lib/python3/dist-packages/twisted/conch/test/test_transport.py�SSHTransportBase5��r+��c��@��r$��)ztransport.SSHServerTransportNr%��r)��r)��r)��r��SSHServerTransport8��r,��r-��c��@��r$��)ztransport.SSHClientTransportNr%��r)��r)��r)��r��SSHClientTransport;��r,��r.��N)r&��r'��r(��r+��r-��r.��r)��r)��r)��r��r"��4��s��r"��c��@��s��e�Zd�ZG�dd��d�ZdS�)r ��c��@��r$��)zfactory.SSHFactoryNr%��r)��r)��r)��r�� SSHFactory?��r,��r/��N)r&��r'��r(��r/��r)��r)��r)��r��r ��>��s��r ��c��@��s��e�Zd�Zedd��ZdS�)r��c��C��dS�)N��r)��)�self�argr)��r)��r��NSC��s��z common.NSN)r&��r'��r(��classmethodr4��r)��r)��r)��r��r��B��s��r��c��C��s��t�sd\|�_\|�S�)Nz#x25519 not supported on this system)�X25519_SUPPORTED�skip��fr)��r)��r��skipWithoutX25519H��s��r:��c��C��s��t��t\|�\|\|��S�)z3 Return the MP version of C{(x ** y) % z}. )r��MP�pow)�x�y�zr)��r)��r��_MPpowN��r@��c��@��s@��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dS�)�MockTransportBasean�� A base class for the client and server protocols. Stores the messages it receives instead of ignoring them. @ivar errors: a list of tuples: (reasonCode, description) @ivar unimplementeds: a list of integers: sequence number @ivar debugs: a list of tuples: (alwaysDisplay, message, lang) @ivar ignoreds: a list of strings: ignored data c��C��s.��t�j�\|��g�\|�_g�\|�_g�\|�_g�\|�_d\|�_dS�)z, Set up instance variables. N)r"��r+��connectionMade�errors�unimplementeds�debugs�ignoreds�gotUnsupportedVersion�r2��r)��r)��r��rC��`��s�� z MockTransportBase.connectionMadec��C��s��\|\|�_�tj�\|�\|�S�)zZ Intercept unsupported version call. @type remoteVersion: L{str} )rH��r"��r+��_unsupportedVersionReceived)r2�� remoteVersionr)��r)��r��rJ��k��s��z-MockTransportBase._unsupportedVersionReceivedc��C��s��\|�j��\|\|f��dS�)zp Store any errors received. @type reasonCode: L{int} @type description: L{str} N�rD��append)r2�� reasonCode�descriptionr)��r)��r��receiveErrorv��zMockTransportBase.receiveErrorc��C��\|�j��\|��dS�)zX Store any unimplemented packet messages. @type seqnum: L{int} N)rE��rM��)r2��seqnumr)��r)��r��receiveUnimplemented��z&MockTransportBase.receiveUnimplementedc��C��s��\|�j��\|\|\|f��dS�)z� Store any debug messages. @type alwaysDisplay: L{bool} @type message: L{str} @type lang: L{str} N)rF��rM��)r2�� alwaysDisplay�message�langr)��r)��r��receiveDebug��s��zMockTransportBase.receiveDebugc��C��rR��)zG Store any ignored data. @type packet: L{str} N)rG��rM��r2��packetr)��r)��r�� ssh_IGNORE��rU��zMockTransportBase.ssh_IGNOREN) r&��r'��r(��__doc__rC��rJ��rP��rT��rY��r\��r)��r)��r)��r��rB��U��s�� rB��c��@��sh��e�Zd�ZdZdZdZdZdZdZdZ dZ dZdZdZ dZdZdd ��Zd d��Zdd ��Zdd��Zdd��ZdS�)� MockCipherzH A mocked-up version of twisted.conch.ssh.transport.SSHCiphers. ��test��F)Nr1��r1��ra��r)��c��C��s>��d\|�_�t\|�\|�j�dkrtdt\|�\|�jt\|�\|�j�f��\|S�)z~ Called to encrypt the packet. Simply record that encryption was used and return the data unchanged. Tr��length %i modulo blocksize %i is not 0: %i)�usedEncrypt�len�encBlockSize�RuntimeError�r2��r=��r)��r)��r��encrypt��zMockCipher.encryptc��C��s>��d\|�_�t\|�\|�j�dkrtdt\|�\|�jt\|�\|�j�f��\|S�)z~ Called to decrypt the packet. Simply record that decryption was used and return the data unchanged. Tr��rb��)�usedDecryptrd��re��rf��decBlockSizerg��r)��r)��r��decrypt��ri��zMockCipher.decryptc��C��s ��t�\|f�S�)zs Make a Message Authentication Code by sending the character value of the outgoing packet. ��bytes)r2��outgoingPacketSequence�payloadr)��r)��r��makeMAC��s�� zMockCipher.makeMACc��C��s��t�\|f�\|kS�)zy Verify the Message Authentication Code by checking that the packet sequence number is the same. rm��)r2��incomingPacketSequencer[��macDatar)��r)��r��verify��s��zMockCipher.verifyc��C��s��\|\|\|\|\|\|f\|�_�dS�)z" Record the keys. N)r!��)r2��ivOut�keyOut�ivIn�keyIn�macIn�macOutr)��r)��r��setKeys��s��zMockCipher.setKeysN)r&��r'��r(��r]�� outCipTypere�� inCipTyperk�� inMACType� outMACType�verifyDigestSizerc��rj��outMAC�inMACr!��rh��rl��rq��rt��r{��r)��r)��r)��r��r^��s&�� r^��c��@��s(��e�Zd�ZdZdd��Zdd��Zdd��ZdS�) �MockCompressionz� A mocked-up compression, based on the zlib interface. Instead of compressing, it reverses the data and adds a 0x66 byte to the end. c��C��s��\|d�d�d��S��N��r)��r2��rp��r)��r)��r��compress��zMockCompression.compressc��C��s��\|d�d��d�d�d��S�r��r)��r��r)��r)��r�� decompress��zMockCompression.decompressc��C��r0��)N��fr)��r2��kindr)��r)��r��flush��zMockCompression.flushN)r&��r'��r(��r]��r��r��r��r)��r)��r)��r��r��s ��r��c��@��sF��e�Zd�ZdZdZdZdZddd�Zdd��Zd d ��Z dd��Z d d��ZdS�)�MockServicez� A mocked-up service, based on twisted.conch.ssh.service.SSHService. @ivar started: True if this service has been started. @ivar stopped: True if this service has been stopped. ��MockServiceF�MSG_TEST�MSG_fiction)��G��c��C��r0��)Nr��r)��rI��r)��r)��r�� logPrefix��r��zMockService.logPrefixc��C�� d\|�_�dS�)z6 Record that the service was started. TN)�startedrI��r)��r)��r��serviceStarted�� zMockService.serviceStartedc��C��r��)z6 Record that the service was stopped. TN)�stoppedrI��r)��r)��r��serviceStopped��r��zMockService.serviceStoppedc��C��s��\|�j��d\|��dS�)z: A message that this service responds to. r��N)r"�� sendPacketrZ��r)��r)��r��ssh_TEST��rA��zMockService.ssh_TESTN)r&��r'��r(��r]��namer��r��protocolMessagesr��r��r��r��r)��r)��r)��r��r��s�� r��c��@��s0��e�Zd�ZdZdeiZdd��Zdd��Zdd��Zd S�) �MockFactoryzL A mocked-up factory based on twisted.conch.ssh.factory.SSHFactory. ��ssh-userauthc��C��t�j�tj�t�j�tj�d�S�)zG Return the public keys that authenticate this server. ��ssh-rsas��ssh-dsa)r!��Key� fromStringr#��publicRSA_openssh�publicDSA_opensshrI��r)��r)��r�� getPublicKeys��zMockFactory.getPublicKeysc��C��r��)zH Return the private keys that authenticate this server. r��)r!��r��r��r#��privateRSA_openssh�privateDSA_opensshrI��r)��r)��r��getPrivateKeys��r��zMockFactory.getPrivateKeysc��C��s��t��d�}\|fdd�S�)a/�� Diffie-Hellman primes that can be used for key exchange algorithms that use group exchange to establish a prime / generator group. @return: The primes and generators. @rtype: L{dict} mapping the key size to a C{list} of C{(generator, prime)} tuple. ��diffie-hellman-group14-sha1))��)��i��)r��getDHGeneratorAndPrime)r2��group14r)��r)��r�� getPrimes'��s�� zMockFactory.getPrimesN) r&��r'��r(��r]��r��servicesr��r��r��r)��r)��r)��r��r��s�� r��c��@��e�Zd�ZdZdd��ZdS�)�MockOldFactoryPublicKeysz� The old SSHFactory returned mappings from key names to strings from getPublicKeys(). We return those here for testing. c��C��s4��t��\|��}\|��dd��D�] \}}\|��\|\|<�q \|S�)zJ We used to map key types to public key blobs as strings. N)r��r��items�blob�r2��r!��r��keyr)��r)��r��r��?��s�� z&MockOldFactoryPublicKeys.getPublicKeysN)r&��r'��r(��r]��r��r)��r)��r)��r��r��9��r��c��@��r��)�MockOldFactoryPrivateKeysz� The old SSHFactory returned mappings from key names to cryptography key objects from getPrivateKeys(). We return those here for testing. c��C��s2��t��\|��}\|��dd��D�] \}}\|j\|\|<�q \|S�)zG We used to map key types to cryptography key objects. N)r��r��r�� keyObjectr��r)��r)��r��r��O��s�� z(MockOldFactoryPrivateKeys.getPrivateKeysN)r&��r'��r(��r]��r��r)��r)��r)��r��r��I��r��r��c��C��s��\|�j�}\|�j}\|��}tdd��td\|d�d�D��}t\|\|\|�}zt�\|t�\|t� \|\|�� t��\|�_W�n�t yJ��td\|��d\|��d\|��d ��w�t�\|�j��j�\|�_d�S�) Nc��s��s��\|�]}d�\|>�V��qdS�)� ��Nr)��.0r=��r)��r)��r�� <genexpr>]��s��z)generatePredictableKey.<locals>.<genexpr>r��z p=z g=z x=� )�p�g� bit_length�sum�ranger<��r��DHPrivateNumbers�DHPublicNumbers�DHParameterNumbers�private_keyr��dhSecretKey� ValueError�printr��r;�� public_key�public_numbersr>��dhSecretKeyPublicMP)r"��r��r��bitsr=��r>��r)��r)��r��generatePredictableKeyY��s$�� r��c��@��sH��e�Zd�ZU�dZdZeeej��e d<�e re Zdd��Zdd��Z dd ��ZdS�) �TransportTestCasez. Base class for transport test cases. N�klassc��sh��t��_��_g��_dd��}��td\|��t� t ��j��j_��fdd�}��j��j��\|��j_ d�S�)Nc��S��s��d\|��S�)z; Return a consistent entropy value ��r)��)rd��r)��r)��r��secureRandom\|��s��z-TransportTestCase.setUp.<locals>.secureRandomr��c��s��j��\|�\|f��d�S��N)�packetsrM��)�messageTyperp��rI��r)��r��stubSendPacket��s��z/TransportTestCase.setUp.<locals>.stubSendPacket)r��StringTransportr"��r��protor��patchr��types� MethodTyper��_startEphemeralDH�makeConnectionr��)r2��r��r��r)��rI��r��setUpw��s�� zTransportTestCase.setUpc��C��s2��\|��d��\|�tj\|�j��\|�dd��\|j\|_dS�)z� Deliver enough additional messages to C{proto} so that the key exchange which is started in L{SSHTransportBase.connectionMade} completes and non-key exchange messages can be sent and received. s��SSH-2.0-BogoClient-1.2i ��foos��barN)�dataReceived�dispatchMessager"��MSG_KEXINIT�_A_KEXINIT_MESSAGE� _keySetup�_KEY_EXCHANGE_NONE�_keyExchangeState�r2��r��r)��r)��r��finishKeyExchange��s�� z#TransportTestCase.finishKeyExchangec��C��s&��\|�j�j\|�j�_g�\|�j�_\|�j��\|\|��dS�)z� Finish a key exchange by calling C{_keySetup} with the given arguments. Also do extra whitebox stuff to satisfy that method's assumption that some kind of key exchange has actually taken place. N)r��_KEY_EXCHANGE_REQUESTEDr��_blockedByKeyExchanger��)r2��sharedSecret�exchangeHashr)��r)��r��simulateKeyExchange��s��z%TransportTestCase.simulateKeyExchange)r&��r'��r(��r]��r��r��r��r"��r+��__annotations__r��r7��r��r��r��r)��r)��r)��r��r��m��s�� r��c��@��e�Zd�ZdZdZeZdS�)�DHGroupExchangeSHA1Mixinz= Mixin for diffie-hellman-group-exchange-sha1 tests. �"��diffie-hellman-group-exchange-sha1N)r&��r'��r(��r]��kexAlgorithmr�� hashProcessorr)��r)��r)��r��r��r��c��@��r��)�DHGroupExchangeSHA256Mixinz? Mixin for diffie-hellman-group-exchange-sha256 tests. �$��diffie-hellman-group-exchange-sha256N�r&��r'��r(��r]��r��r��r��r)��r)��r)��r��r��r��r��c��@��r��)� ECDHMixinz8 Mixin for elliptic curve diffie-hellman tests. ��ecdh-sha2-nistp256Nr��r)��r)��r)��r��r��r��r��c��@��r��)�Curve25519SHA256Mixinz, Mixin for curve25519-sha256 tests. s��curve25519-sha256Nr��r)��r)��r)��r��r��r��r��c��@��s(��e�Zd�ZU�dZeZeeej ��e d<�dS�)�BaseSSHTransportBaseCasez, Base case for TransportBase tests. r��N)r&��r'��r(��r]��rB��r��r��r��r"��r+��r��r)��r)��r)��r��r��s�� r��c��@��s��e�Zd�ZdZer eZde�d��e�d��e�d��e�d��e�d��e�d��e�d��e�d��e�d��e�d��d �d �Zdd��Z d d��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zdd ��Zd!d"��Zd#d$��Zd%d&��Zd'd(��Zd)d��Zd+d,��Zd-d.��Zd/d0��Zd1d2��Zd3d4��Zd5d6��Zd7d8��Zd9d:��Z d;d<��Z!d=d>��Z"d?d@��Z#dAdB��Z$dCdD��Z%dEdF��Z&dGdH��Z'dIdJ��Z(dKdL��Z)dMdN��ZdOdP��Z+dQdR��Z,dSdT��Z-dUdV��Z.dWdX��Z/dYdZ��Z0d[d\��Z1d]d^��Z2d_d`��Z3daS�)b�BaseSSHTransportTestszs Test TransportBase. It implements the non-server/client specific parts of the SSH transport protocol. ��r��r�� aes256-ctr� ��hmac-sha1��noner1��c��C��sp��\|�j��dd�d�}\|��\|dt�d��\|�d�td�d��}dd �d d��t j D��d�}\|��\|\|��dS�) a�� Test that the first thing sent over the connection is the version string. The 'softwareversion' part must consist of printable US-ASCII characters, with the exception of whitespace characters and the minus sign. RFC 4253, section 4.2. �� ra��r��s��SSH-2.0-Twisted_�asciizSSH-2.0-Nz^(�\|c��s��s��\|�]}\|d�kr\|��st�\|�V��qdS�)�-N)�isspace�re�escape�r��cr)��r)��r��r��s�� z9BaseSSHTransportTests.test_sendVersion.<locals>.<genexpr>z)$)r"��value�split�assertEqual�twisted_version�encode�decoderd��join�string� printable�assertRegex)r2��version�softwareVersion�softwareVersionRegexr)��r)��r��test_sendVersion��s�� z&BaseSSHTransportTests.test_sendVersionc��C��sl��t��}\|�\|�j��\|�d��\|�d��\|�d��\|��\|�jj��\|�d��\|��\|�jj��\|��d\|�j��dS�)z� When the peer is not sending its SSH version but keeps sending data, the connection is disconnected after 4KB to prevent buffering too much and running our of memory. s��SSH-2-Server-Identifiers��1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890s��1235678s��1234567s%��Preventing a denial of service attackN) rB��r��r"��r��assertFalse� disconnecting� assertTrue�assertInr��r2��sutr)��r)��r��'test_dataReceiveVersionNotSentMemoryDOS��s�� z=BaseSSHTransportTests.test_dataReceiveVersionNotSentMemoryDOSc��C��sX��t��}\|�\|�j��\|��\|��\|�j��td�}d}\|�\|\|��\|�j��}\|��\|d��dS�)a@�� Test that plain (unencrypted, uncompressed) packets are sent correctly. The format is:: uint32 length (including type and padding length) byte padding length byte type bytes[length-padding length-2] data bytes[padding length] padding �A��BCDEFGs��ABCDEFG��N) rB��r��r"��r��clear�ordr��r��r��)r2��r��rW��rp��r��r)��r)��r��test_sendPacketPlain��s�� zBaseSSHTransportTests.test_sendPacketPlainc��C��sp��t��}\|�\|�j��\|��\|��t��\|_}td�}d}\|�j��\|�\|\|��\|�� \|j ��\|�j��}\|��\|d��dS�)z� Test that packets sent while encryption is enabled are sent correctly. The whole packet should be encrypted. r��BCs ��ABC��N) rB��r��r"��r��r^��currentEncryptionsr-��r,��r��r%��rc��r��r��r2��r�� testCipherrW��rp��r��r)��r)��r��test_sendPacketEncrypted0��s�� z.BaseSSHTransportTests.test_sendPacketEncryptedc��C��sX��t��}\|�\|�j��\|��\|��t��\|_\|�j��\|�td�d��\|�j� ��}\|�� \|d��dS�)z� Test that packets sent while compression is enabled are sent correctly. The packet type and data should be encrypted. r��Bs��BAf��N)rB��r��r"��r��r��outgoingCompressionr,��r��r-��r��r��)r2��r��r��r)��r)��r��test_sendPacketCompressedM��s�� z/BaseSSHTransportTests.test_sendPacketCompressedc��C��sx��t��}\|�\|�j��\|��\|��t��\|_}t��\|_td�}d}\|�j� ��\|� \|\|��\|��\|j��\|�j� ��}\|��\|d��dS�)z� Test that packets sent while compression and encryption are enabled are sent correctly. The packet type and data should be compressed and then the whole packet should be encrypted. r��r/��s�� CBAf��N)rB��r��r"��r��r^��r0��r��r5��r-��r,��r��r%��rc��r��r��r1��r)��r)��r��test_sendPacketBoth]��s�� z)BaseSSHTransportTests.test_sendPacketBothc��C��sh��t��}\|�\|�j��\|��\|��\|�j��\|�td�d��\|�j��d�\|_\|�� \|� ��d��\|�� \|jd��dS�)zt Test that packets are retrieved correctly out of the buffer when no encryption is enabled. r��r/��s��extras��ABCN)rB��r��r"��r��r,��r��r-��r��bufr�� getPacketr��r)��r)��r��test_getPacketPlain\|��s�� z)BaseSSHTransportTests.test_getPacketPlainc��C��s��t��}dd��\|_\|�\|�j��\|�j��t��\|_}\|�td�d��\|�j� ��}\|dtj ��\|_\|��\|� ��\|��\|j��\|��\|jd��\|�j\|tj d��7��_\|��\|� ��d��\|��\|jd��dS�) zl Test that encrypted packets are retrieved correctly. See test_sendPacketEncrypted. c��S��d�S�r��r)��r)��r)��r)��r��<lambda>��z?BaseSSHTransportTests.test_getPacketEncrypted.<locals>.<lambda>r��BCDNs�� A��ABCDr1��)rB��sendKexInitr��r"��r,��r^��r0��r��r-��r��rk��r8��assertIsNoner9��r%��rj��r��first)r2��r��r2��r��r)��r)��r��test_getPacketEncrypted��s�� z-BaseSSHTransportTests.test_getPacketEncryptedc��C��sf��t��}\|�\|�j��\|��\|��\|�j��t��\|_\|j\|_\|�t d�d��\|�j� ��\|_\|��\|� ��d��dS�)zo Test that compressed packets are retrieved correctly. See test_sendPacketCompressed. r��r>��r?��N)rB��r��r"��r��r,��r��r5��incomingCompressionr��r-��r��r8��r��r9��r��r)��r)��r��test_getPacketCompressed��s�� z.BaseSSHTransportTests.test_getPacketCompressedc��C��sn��t��}dd��\|_\|�\|�j��\|�j��t��\|_t��\|_\|j\|_ \|� td�d��\|�j��\|_ \|��\|��d��dS�)zv Test that compressed and encrypted packets are retrieved correctly. See test_sendPacketBoth. c��S��r;��r��r)��r)��r)��r)��r��r<��r=��z:BaseSSHTransportTests.test_getPacketBoth.<locals>.<lambda>r��r+��s��ABCDEFGN)rB��r@��r��r"��r,��r^��r0��r��r5��rD��r��r-��r��r8��r��r9��r��r)��r)��r��test_getPacketBoth��s�� z(BaseSSHTransportTests.test_getPacketBothc��C��s>��t��dddd�}d�}}\|�jjD�]}\|��\|�\|\|\|��qdS�)z? Test that all the supportedCiphers are valid. ��Ar4��C��D��N)r"�� SSHCiphersr��supportedCiphersr%�� _getCipher)r2��ciphers�ivr��cipNamer)��r)��r��test_ciphersAreValid��s ��zBaseSSHTransportTests.test_ciphersAreValidc��C��st��\|�j��dd�d�}\|\|�j_\|�j��}\|��\|dd��tt�jf��\|��\|dd��d��t � \|dd��d�\}}}}}}} } }}} \|��\|d�\|�jjd g��\|��\|d�\|�jj ��\|��\|d�\|�jj��\|��\|d�\|�jj��\|��\|d�\|�jj��\|��\|d�\|�jj��\|��\| d�\|�jj��\|��\| d�\|�jj��\|��\|d�\|�jj��\|��\|d�\|�jj��\|��\| d ��dS�)a�� Test that the KEXINIT (key exchange initiation) message is sent correctly. Payload:: bytes[16] cookie string key exchange algorithms string public key algorithms string outgoing ciphers string incoming ciphers string outgoing MACs string incoming MACs string outgoing compressions string incoming compressions bool first packet follows uint32 0 r��ra��r��s��N� ��,s ��ext-info-ss��)r"��r��r��r��r8��r9��r��rn��r��r��getNSr��supportedKeyExchanges�supportedPublicKeysrL�� supportedMACs�supportedCompressions�supportedLanguages)r2��r��r[��keyExchanges�pubkeys�ciphers1�ciphers2�macs1�macs2� compressions1� compressions2� languages1� languages2r8��r)��r)��r��test_sendKexInit��s>�� z&BaseSSHTransportTests.test_sendKexInitc��C��s.��\|�j��\|�j�t�j\|�j��\|��\|�jg��dS�)zy Immediately after connecting, the transport expects a KEXINIT message and does not reply to it. N)r"��r,��r��r��r��r��r��r��rI��r)��r)��r��test_receiveKEXINITReply��s�� z.BaseSSHTransportTests.test_receiveKEXINITReplyc��C��sX��\|��\|�j��\|�jdd�=�\|�j�tj\|�j��\|��t\|�j�d��\|��\|�jd�d�tj��dS�)z� When a KEXINIT message is received which is not a reply to an earlier KEXINIT message which was sent, a KEXINIT reply is sent. Nra��r��) r��r��r��r��r"��r��r��r��rd��rI��r)��r)��r��test_sendKEXINITReply��s ��z+BaseSSHTransportTests.test_sendKEXINITReplyc��C��s��\|��t\|�jj��dS�)a(�� A new key exchange cannot be started while a key exchange is already in progress. If an attempt is made to send a I{KEXINIT} message using L{SSHTransportBase.sendKexInit} while a key exchange is in progress causes that method to raise a L{RuntimeError}. N)�assertRaisesrf��r��r@��rI��r)��r)��r��test_sendKexInitTwiceFails��rQ��z0BaseSSHTransportTests.test_sendKexInitTwiceFailsc��C��s��t�jt�jg}\|�j��\|�j`\|D�]}\|�j�\|d��\|��\|�j��d��q\|��\|�j��t ��\|�j_ \|�j��\|��\|�j��d�d��dS�)z� After L{SSHTransportBase.sendKexInit} has been called, messages types other than the following are queued and not sent until after I{NEWKEYS} is sent by L{SSHTransportBase._keySetup}. RFC 4253, section 7.1. r��r1��N) r"��MSG_SERVICE_REQUESTr��r,��r��r��r��r��r��r^��nextEncryptions�_newKeys�count)r2��disallowedMessageTypesr��r)��r)��r��test_sendKexInitBlocksOthers��s�� z2BaseSSHTransportTests.test_sendKexInitBlocksOthersc��C��sZ��d\|�j�_\|�j��ddg��\|��\|�jtjdt�d��t�d��t�d��t�d��fg��d S�) ze Test that EXT_INFO messages are sent correctly. See RFC 8308, section 2.3. T��server-sig-algs��ssh-rsa,rsa-sha2-256)� ��elevation��d��rr��rs��rt��ru��N) r��_peerSupportsExtensions�sendExtInfor��r��r"��MSG_EXT_INFOr��r4��rI��r)��r)��r��test_sendExtInfo9��s��z&BaseSSHTransportTests.test_sendExtInfoc��C��s ��\|�j��dg��\|��\|�jg��dS�)z� If the peer has not advertised support for extension negotiation, no EXT_INFO message is sent, since RFC 8308 only guarantees that the peer will be prepared to accept it if it has advertised support. rq��N)r��rx��r��r��rI��r)��r)��r��test_sendExtInfoUnsupportedS��s��z1BaseSSHTransportTests.test_sendExtInfoUnsupportedc��C��sR��\|�j��tjdt�d��t�d��t�d��t�d��\|��\|�j�jddd��dS�)z� When an EXT_INFO message is received, the transport stores a mapping of the peer's advertised extensions. See RFC 8308, section 2.3. rv��rr��!��ssh-rsa,rsa-sha2-256,rsa-sha2-512��no-flow-control��s)rr��r}��N)r��r��r"��ry��r��r4��r��peerExtensionsrI��r)��r)��r�� test_EXT_INFO\��s$��z#BaseSSHTransportTests.test_EXT_INFOc��C��s��\|�j��ddd��\|��\|�jtjdfg��dS�)z� Test that debug messages are sent correctly. Payload:: bool always display string debug message string language r_��T��en��test��enN)r�� sendDebugr��r��r"�� MSG_DEBUGrI��r)��r)��r��test_sendDebugq��s �� z$BaseSSHTransportTests.test_sendDebugc��C��s8��\|�j��tjd��\|�j��tjd��\|��\|�j�jddg��dS�)zW Test that debug messages are received correctly. See test_sendDebug. r��s��silent��en)Tr_��r��)Fs��silentr��N)r��r��r"��r��r��rF��rI��r)��r)��r��test_receiveDebug~��s��z'BaseSSHTransportTests.test_receiveDebugc��C��s&��\|�j��d��\|��\|�jtjdfg��dS�)zk Test that ignored messages are sent correctly. Payload:: string ignored data r_��s��testN)r�� sendIgnorer��r��r"�� MSG_IGNORErI��r)��r)��r��test_sendIgnore��s��z%BaseSSHTransportTests.test_sendIgnorec��C��s&��\|�j��tjd��\|��\|�j�jdg��dS�)zb Test that ignored messages are received correctly. See test_sendIgnore. r_��N)r��r��r"��r��r��rG��rI��r)��r)��r��test_receiveIgnore��z(BaseSSHTransportTests.test_receiveIgnorec��C��s$��\|�j��\|��\|�jtjdfg��dS�)zt Test that unimplemented messages are sent correctly. Payload:: uint32 sequence number r��N)r��sendUnimplementedr��r��r"��MSG_UNIMPLEMENTEDrI��r)��r)��r��test_sendUnimplemented��s�� z,BaseSSHTransportTests.test_sendUnimplementedc��C��s&��\|�j��tjd��\|��\|�j�jdg��dS�)zo Test that unimplemented messages are received correctly. See test_sendUnimplemented. s��r��N)r��r��r"��r��r��rE��rI��r)��r)��r��test_receiveUnimplemented��r��z/BaseSSHTransportTests.test_receiveUnimplementedc��sP��dg��fdd�}\|\|�j�_\|�j�dd��\|��\|�jt�jdfg��\|��d��dS�) z� Test that disconnection messages are sent correctly. Payload:: uint32 reason code string reason description string language Fc��d��d<�d�S��NTr��r)��r)��disconnectedr)��r��stubLoseConnection��zEBaseSSHTransportTests.test_sendDisconnect.<locals>.stubLoseConnectionr��r_��s��test��r��N)r"��loseConnectionr��sendDisconnectr��r��MSG_DISCONNECTr%��r2��r��r)��r��r��test_sendDisconnect��s�� z)BaseSSHTransportTests.test_sendDisconnectc��sN��dg��fdd�}\|\|�j�_\|�j�t�jd��\|��\|�jjdg��\|��d��dS�)zl Test that disconnection messages are received correctly. See test_sendDisconnect. Fc��r��r��r)��r)��r��r)��r��r��r��zHBaseSSHTransportTests.test_receiveDisconnect.<locals>.stubLoseConnections��test�r��r_��r��N)r"��r��r��r��r��r��rD��r%��r��r)��r��r��test_receiveDisconnect��s��z,BaseSSHTransportTests.test_receiveDisconnectc��s`��dg��fdd�}\|\|�j�_\|�j��\|�j��\|��\|�j�j��\|��\|�j�j\|�j�j ��\|��d��dS�)ze Test that dataReceived parses packets and dispatches them to ssh_* methods. Fc��r��r��r)��)r[��kexInitr)��r��stubKEXINIT��r��z<BaseSSHTransportTests.test_dataReceived.<locals>.stubKEXINITr��N) r��ssh_KEXINITr��r"��r��r%�� gotVersionr��ourVersionString�otherVersionString)r2��r��r)��r��r��test_dataReceived��s��z'BaseSSHTransportTests.test_dataReceivedc��C��s��t��}\|�j�\|��\|��\|�jj\|��\|��\|j��\|�j�dd��\|��\|�jdg��t��}\|�j�\|��\|��\|j��\|��\|j ��\|�j� d��\|��\|j ��dS�)z� Test that the transport can set the running service and dispatches packets to the service's packetReceived method. r��r_��r��N)r��r�� setServicer��r ��r%��r��r��r��r��connectionLost)r2��r ��service2r)��r)��r��test_service��s��z"BaseSSHTransportTests.test_servicec��s@��dg��fdd�}\|\|�j�_d\|�j�_\|�j��d��\|��d��dS�)zP Test that the transport notifies the avatar of disconnections. Fc��r��r��r)��r)��r��r)��r��logout��r��z1BaseSSHTransportTests.test_avatar.<locals>.logoutTNr��)r��logoutFunction�avatarr��r%��)r2��r��r)��r��r��test_avatar��s��z!BaseSSHTransportTests.test_avatarc��C��\|��\|�j�d��\|��\|�j�d��\|��\|�j�d��t��\|�j_\|��\|�j�d��\|��\|�j�d��\|��\|�j�d��t�dddd�\|�j_\|��\|�j�d��\|��\|�j�d��\|��\|�j�d��\|��t \|�jjd��dS�)zS Test that the transport accurately reflects its encrypted status. �in�out�bothr ��badN) r#��r��isEncryptedr^��r0��r%��r"��rK��rh�� TypeErrorrI��r)��r)��r��test_isEncrypted �� z&BaseSSHTransportTests.test_isEncryptedc��C��r��)zR Test that the transport accurately reflects its verified status. r��r��r��r ��r��N) r#��r�� isVerifiedr^��r0��r%��r"��rK��rh��r��rI��r)��r)��r��test_isVerified!��r��z%BaseSSHTransportTests.test_isVerifiedc��sf��dg��fdd�}\|\|�j�_\|�j��\|��\|�jd�d�t�j��\|��\|�jd�d�dd��tt�jf��dS�) zh Test that loseConnection sends a disconnect message and closes the connection. Fc��r��r��r)��r)��r��r)��r��r��<��r��zEBaseSSHTransportTests.test_loseConnection.<locals>.stubLoseConnectionr��ra��r��r��N)r"��r��r��r��r��r��rn��DISCONNECT_CONNECTION_LOSTr��r)��r��r��test_loseConnection5��s�� z)BaseSSHTransportTests.test_loseConnectionc��s(��fdd�}\|d��\|d��\|d��dS�)zU Test that the transport disconnects when it receives a bad version. c��s��g��_�d�j_dg��fdd�}\|�j_t\|�d��D�]}�j�\|��q��d��j�d�d�tj ��j�d�d�dd��t tjf��d�S�) NFc��r��r��r)��r)��r��r)��r��r��P��r��zRBaseSSHTransportTests.test_badVersion.<locals>.testBad.<locals>.stubLoseConnectionr��r��ra��r��r��)r��r��r��r"��r��r��r��r%��r��r��rn��)DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED)r��r��r��rI��r��r��testBadK��s�� z6BaseSSHTransportTests.test_badVersion.<locals>.testBads��SSH-1.5-OpenSSHs��SSH-3.0-Twisteds��GET / HTTP/1.1Nr)��)r2��r��r)��rI��r��test_badVersionF��s��z%BaseSSHTransportTests.test_badVersionc��sX��t��t��d��j�d�}��fdd�t\|�D��\|��j��\|��j ��j��dS�)zV Test that the transport ignores data sent before the version string. s5��here's some stuff beforehand here's some other stuff r��c��s��g�\|�]}��\|��qS�r)��)r��r��r��r)��r�� <listcomp>n��s��z@BaseSSHTransportTests.test_dataBeforeVersion.<locals>.<listcomp>N) rB��r��r��r��r��r��r%��r��r��r��r2��datar)��r��r��test_dataBeforeVersiona��s��z,BaseSSHTransportTests.test_dataBeforeVersionc��C��<��t��}\|�t��\|�d��\|��\|j��\|��\|jd��dS�)zw Test that the transport treats the compatibility version (1.99) as equivalent to version 2.0. s��SSH-1.99-OpenSSH s��SSH-1.99-OpenSSHN� rB��r��r��r��r��r%��r��r��r��r��r)��r)��r��test_compatabilityVersionr��s �� z/BaseSSHTransportTests.test_compatabilityVersionc��C��r��)z� It can parse the SSH version string even when it ends only in Unix newlines (CR) and does not follows the RFC 4253 to use network newlines (CR LF). s,��SSH-2.0-PoorSSHD Some-comment here more-datas"��SSH-2.0-PoorSSHD Some-comment hereNr��r'��r)��r)��r��&test_dataReceivedSSHVersionUnixNewline}��s �� z<BaseSSHTransportTests.test_dataReceivedSSHVersionUnixNewlinec��C��r��)a9�� The trailing spaces from SSH version comment are not removed. The SSH version string needs to be kept as received (without CR LF end of line) as they are used in the host authentication process. This can happen with a Bitvise SSH server which hides its version. s>��SSH-2.0-9.99 FlowSsh: Bitvise SSH Server (WinSSHD) more-datas3��SSH-2.0-9.99 FlowSsh: Bitvise SSH Server (WinSSHD) Nr��r'��r)��r)��r��)test_dataReceivedSSHVersionTrailingSpaces��s�� z?BaseSSHTransportTests.test_dataReceivedSSHVersionTrailingSpacesc��C��s4��t��}d\|_\|�t��\|�d��\|��\|j��dS�)z� If an unusual SSH version is received and is included in C{supportedVersions}, an unsupported version error is not emitted. )��9.99��SSH-9.99-OpenSSH N)rB��supportedVersionsr��r��r��r��r#��rH��r��r)��r)��r�� test_supportedVersionsAreAllowed��s �� z6BaseSSHTransportTests.test_supportedVersionsAreAllowedc��C��s6��t��}d\|_\|�t��\|�d��\|��d\|j��dS�)z� If an unusual SSH version is received and is not included in C{supportedVersions}, an unsupported version error is emitted. )s��2.0r��r��N)rB��r��r��r��r��r��r��rH��r��r)��r)��r��6test_unsupportedVersionsCallUnsupportedVersionReceived��s �� zLBaseSSHTransportTests.test_unsupportedVersionsCallUnsupportedVersionReceivedc��s��t�jf��fdd� }\|d��\|d��jj}t��j_\|dt�j��dd��jj_\|d��\|��j_t��j_d d ��}\|��jj_ \|dt�j ��dS�) zi Test that the transport disconnects with an error when it receives bad packets. c��sp��g��_�\|��j_��j��t��j��d��j�d�d�tj��j�d�d�dd��t \|f��d�S�)Nra��r��r��r��) r��r��r8��rA��r9��r��rd��r"��r��rn��)r[��errorrI��r)��r��r��s��(z6BaseSSHTransportTests.test_badPackets.<locals>.testBads��s ��BCDEs ��AB123456c��S��s��\|�d�d��S�r��r)��)r=��r)��r)��r��r<��z7BaseSSHTransportTests.test_badPackets.<locals>.<lambda>s��BCDEFGHIJKc��S��s��t�d��)Nzbad compression)� Exception)rp��r)��r)��r��stubDecompress��s��z=BaseSSHTransportTests.test_badPackets.<locals>.stubDecompresss ��BCDEN)r"��DISCONNECT_PROTOCOL_ERRORr��r0��r^��DISCONNECT_MAC_ERRORrl��r��rD��r��DISCONNECT_COMPRESSION_ERROR�flushLoggedErrors)r2��r��oldEncryptionsr��r)��rI��r��test_badPackets��s&�� z%BaseSSHTransportTests.test_badPacketsc��s��j�j}\|f��fdd� }��j��dd��\|��dtjd<��j��dd��\|��j��dd��\|��j��t��j��dd��\|��j��d d��\|��d S�)zj Test that unimplemented packet types cause MSG_UNIMPLEMENTED packets to be sent. c��sP��jd�d�tj��jd�d�dd��t\|�f��g��j_\|�d7�}�d�S�)Nr��ra��r��r��)r��r��r"��r��rn��r��)rS��rI��r)��r��checkUnimplemented��s��$zKBaseSSHTransportTests.test_unimplementedPackets.<locals>.checkUnimplemented�(��r1��s��MSG_fiction�)��<��F��r��N)r��rr��r��r"��messagesr��r��)r2��rS��r��r)��rI��r��test_unimplementedPackets��s�� z/BaseSSHTransportTests.test_unimplementedPacketsc��C��s��\|�j�}\|�\|�j��t��\|_t��\|_t��\|_\|� t ��t��}\|�t ��\|�d��\|��\|j\|j��\|��\|j\|j��\|��\|j\|j��\|��\|j\|j��\|��\|j\|j��\|��\|j\|j��dS�)zD Test that multiple instances have distinct states. r1��N)r��r��r"��r��r^��r0��r��r5��rD��r��r��rB��r��r��r��r��assertNotEqualr��ro��rr��r ��)r2��r��proto2r)��r)��r��test_multipleClasses��s�� zBaseSSHTransportTests.test_multipleClassesN)4r&��r'��r(��r]��r��r7��r��r4��r��r"��r)��r.��r3��r6��r7��r:��rC��rE��rF��rQ��re��rf��rg��ri��rp��rz��r{��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r)��r)��r)��r��r��s�� 1 $ $r��c��@��r��)�'BaseSSHTransportDHGroupExchangeBaseCasez@ Diffie-Hellman group exchange tests for TransportBase. c��C��s��\|�j�\|�j_d\|�j_\|��d\|�jj��}\|��d\|��}\|��d\|�\|��}\|��d\|�\|�\|��}\|��\|�j�ddd�\|\|�\|�\|��dS�)z? Test that _getKey generates the correct keys. ��EFs��ABCDKr?��K��AB��CDN)r��r��kexAlg� sessionIDr��digestr��_getKey)r2��k1�k2�k3�k4r)��r)��r��test_getKey��s�� (z3BaseSSHTransportDHGroupExchangeBaseCase.test_getKeyN)r&��r'��r(��r]��r��r)��r)��r)��r��r��r��c��@��e�Zd�ZdZdS�)�(BaseSSHTransportDHGroupExchangeSHA1TestszE diffie-hellman-group-exchange-sha1 tests for TransportBase. N�r&��r'��r(��r]��r)��r)��r)��r��r��r��c��@��r��)�BaseSSHTransportDHGroupExchangeSHA256TestszG diffie-hellman-group-exchange-sha256 tests for TransportBase. Nr��r)��r)��r)��r��r��&��r��c��@��r��)�"BaseSSHTransportEllipticCurveTestsz4 ecdh-sha2-nistp256 tests for TransportBase Nr��r)��r)��r)��r��r��0��r��r��c��@��r��)�%BaseSSHTransportCurve25519SHA256Testsz3 curve25519-sha256 tests for TransportBase Nr��r)��r)��r)��r��r��8��r��c��@��s\��e�Zd�ZdZddd�Zddd�Zdd��Zd d ��Zdd��Zd d��Z dd��Z dd��Zdd��ZdS�)�#ServerAndClientSSHTransportBaseCasezF Tests that need to be run on both the server and the client. Nc��C��sN��\|du�rt�j}\|��\|�jd�d�t�j��\|��\|�jd�d�dd��t\|f��dS�)zI Helper function to check if the transport disconnected. Nr��r��ra��r��r��)r"��r��r��r��r��rn��r��r)��r)��r��checkDisconnectedF��s��(z5ServerAndClientSSHTransportBaseCase.checkDisconnectedc��C��sP��\|du�rt�j}\|��}\|\|��\|�t��\|�j�\|j��\|r&\|�� \|��\|S�)zy Helper function to connect a modified protocol to the test protocol and test for disconnection. N) r"��DISCONNECT_KEY_EXCHANGE_FAILEDr��r��r��r��r��r��r��r��)r2��protoModificationr��r��r)��r)��r��connectModifiedProtocolO��s�� z;ServerAndClientSSHTransportBaseCase.connectModifiedProtocolc��C��dd��}\|��\|��dS�)z` Test that the transport disconnects if it can't match the key exchange c��S�� g�\|�_�d�S�r��rV��r��r)��r)��r��blankKeyExchangesd�� z\ServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchKex.<locals>.blankKeyExchangesN�r��)r2��r��r)��r)��r��test_disconnectIfCantMatchKex^��s��zAServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchKexc��C��r��)zP Like test_disconnectIfCantMatchKex, but for the key algorithm. c��S��r��r��)rW��r��r)��r)��r��blankPublicKeysn��r��z]ServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchKeyAlg.<locals>.blankPublicKeysNr��)r2��r��r)��r)��r�� test_disconnectIfCantMatchKeyAlgi��zDServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchKeyAlgc��C��r��)zN Like test_disconnectIfCantMatchKex, but for the compression. c��S��r��r��rY��r��r)��r)��r��blankCompressionsx��r��zdServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchCompression.<locals>.blankCompressionsNr��)r2��r ��r)��r)��r��%test_disconnectIfCantMatchCompressions��r��zIServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchCompressionc��C��r��)zM Like test_disconnectIfCantMatchKex, but for the encryption. c��S��r��r��rL��r��r)��r)��r��blankCiphers��r��zZServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchCipher.<locals>.blankCiphersNr��)r2��r��r)��r)��r�� test_disconnectIfCantMatchCipher}��r��zDServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchCipherc��C��r��)zF Like test_disconnectIfCantMatchKex, but for the MAC. c��S��r��r��rX��r��r)��r)��r�� blankMACs��r��zTServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchMAC.<locals>.blankMACsNr��)r2��r��r)��r)��r��test_disconnectIfCantMatchMAC��r��zAServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchMACc��C��$��\|��\|�j��t�\|�jj��dS�)z� Test that the transport's L{getPeer} method returns an L{SSHTransportAddress} with the L{IAddress} of the peer. N)r��r��getPeerr��SSHTransportAddressr"��rI��r)��r)��r��test_getPeer��z0ServerAndClientSSHTransportBaseCase.test_getPeerc��C��r��)z� Test that the transport's L{getHost} method returns an L{SSHTransportAddress} with the L{IAddress} of the host. N)r��r��getHostr��r��r"��rI��r)��r)��r��test_getHost��r��z0ServerAndClientSSHTransportBaseCase.test_getHostr��) r&��r'��r(��r]��r��r��r��r��r ��r ��r��r��r��r)��r)��r)��r��r��A��s�� r��c��@��:��e�Zd�ZU�dZejZeeej ��e d<�dd��Zdd��ZdS�)�ServerSSHTransportBaseCasez1 Base case for SSHServerTransport tests. r��c��C��s$��t��\|��t��\|�j_\|�jj��d�S�r��)r��r��r��r��r ��startFactoryrI��r)��r)��r��r��s�� z ServerSSHTransportBaseCase.setUpc��C��s ��t��\|��\|�jj��\|�j`d�S�r��)r��tearDownr��r ��stopFactoryrI��r)��r)��r��r��s�� z#ServerSSHTransportBaseCase.tearDownN) r&��r'��r(��r]��r"��r-��r��r��r��r+��r��r��r��r)��r)��r)��r��r��s �� r��c��@��s��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zd S�)!�ServerSSHTransportTestsz' Tests for SSHServerTransport. c��C��s��\|�j��d��\|��\|�j�jd��\|��\|�j�jd��\|��\|�j�jd��\|��\|�j�jd��\|��\|�j�j��\|�j�j }\|��\|j d��\|��\|jd��\|��\|jd��\|��\|j d��dS�)z� Receiving a KEXINIT packet listing multiple supported algorithms will set up the first common algorithm found in the client's preference list. s ��SSH-2.0-Twisted ��bdiffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256��ssh-dss,ssh-rsa��aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,cast128-ctr,cast128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc��aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,cast128-ctr,cast128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc��hmac-md5,hmac-sha1��hmac-md5,hmac-sha1�� none,zlib�� none,zlib��r��s��ssh-dssr ��s ��aes128-ctr��hmac-md5N)r��r��r��r��keyAlg�outgoingCompressionType�incomingCompressionTyper#��rw��rl��r\|��r}��r��r~��r2��ner)��r)��r��test_KEXINITMultipleAlgorithms��s��z6ServerSSHTransportTests.test_KEXINITMultipleAlgorithmsc��C��s��dt��d��t��d��t��d��t��d��t��d��t��d��t��d��t��d��t��d��t��d��d�d �}\|�j�\|��\|��\|�jjd ��\|��\|�jj��dS�)z� If the client sends "ext-info-c" in its key exchange algorithms, then the server notes that the client supports extension negotiation. See RFC 8308, section 2.1. rJ��s/��diffie-hellman-group-exchange-sha256,ext-info-cr��r��r��r ��r1��r ��r��r��N)r��r4��r��r��r��r��r%��rw��r2�� kexInitPacketr)��r)��r�� test_KEXINITExtensionNegotiation��s:�� z8ServerSSHTransportTests.test_KEXINITExtensionNegotiationc��C��s��dd��dd��dd��\|�jjddd��\|�jj\|�jj\|�jj\|�jj\|�jj\|�jj\|�jj\|�jj\|�jjf D��D��d�}\|�j�\|��\|�� \|�jj ��\|�j�d ��\|�� \|�jj ��\|�j�d ��\|�� \|�jj ��\|��\|�jg��d\|�j_ \|�j�d��\|�� \|�jj ��\|��\|�jg��dS�) a<�� The client is allowed to send a guessed key exchange packet after it sends the KEXINIT packet. However, if the key exchanges do not match, that guess packet must be ignored. This tests that the packet is ignored in the case of the key exchange method not matching. rJ��r1��c��S��g�\|�]}t��\|��qS�r)��r��r4��r��r)��r)��r��r��zEServerSSHTransportTests.test_ignoreGuessPacketKex.<locals>.<listcomp>c��S��g�\|�]}d��\|��qS��rT��r��r��r>��r)��r)��r��r��r��Nr�� test��T��r��r��rV��rW��rL��rX��rY��rZ��r��r%��ignoreNextPacket� ssh_DEBUG�ssh_KEX_DH_GEX_REQUEST_OLDr#��r��r��ssh_KEX_DH_GEX_REQUESTr%��r)��r)��r��test_ignoreGuessPacketKex��sB�� z1ServerSSHTransportTests.test_ignoreGuessPacketKexc��C��s��dd��dd��dd��\|�jj\|�jjddd��\|�jj\|�jj\|�jj\|�jj\|�jj\|�jj\|�jj\|�jjf D��D��d�}\|�j�\|��\|�� \|�jj ��\|�j�d ��\|�� \|�jj ��\|�j�d ��\|�� \|�jj ��\|��\|�jg��d\|�j_ \|�j�d��\|�� \|�jj ��\|��\|�jg��dS�) zk Like test_ignoreGuessPacketKex, but for an incorrectly guessed public key format. rJ��r1��c��S��r(��r)��r)��r��r)��r)��r��r��2��r��zEServerSSHTransportTests.test_ignoreGuessPacketKey.<locals>.<listcomp>c��S��r+��r,��r-��r.��r)��r)��r��r��4��r��Nr��r/��r0��r1��Tr2��r3��r%��r)��r)��r��test_ignoreGuessPacketKey)��sB��z1ServerSSHTransportTests.test_ignoreGuessPacketKeyc��C��sz��\|g\|�j�_dg\|�j�_\|�j��\|�j��t�\|�\}}t\|d\|�}\|�j�� t �\|��t �t � d\|d��d�}t\|�j�j\|\|�j�j�}\|��\|�j�j\|��t\|\|\|�j�j�}t��} \| �t � \|�j�j�d��\| �t � \|�j�j�d��\| �t � \|�j�jjd��\| �t �\|��\| �\|��\| �\|��\| ��} \|�j�jjd��\| �}\|��\|�jtjt � \|�j�jjd��\|�t � \|��ftjdfg��dS�) z� Test that the KEXDH_INIT packet causes the server to send a KEXDH_REPLY with the server's public key and a signature. @param kexAlgorithm: The key exchange algorithm to use. @type kexAlgorithm: L{str} r��i��r��r��rj��r1��N) r��rV��rW��r��r"��r��r��r��r<��r6��r��r;��getMPr4��r@��r��r��r��r��r��updater��ourKexInitPayloadr �� publicKeysr��r��privateKeys�signr��MSG_KEXDH_REPLY�MSG_NEWKEYS)r2��r��r��r��r��er>��r9��r��hr�� signaturer)��r)��r��assertKexDHInitResponseV��s>�� z/ServerSSHTransportTests.assertKexDHInitResponsec��C��s,��d\|�j�_d\|�j�_\|��t\|�j�jt�d��dS�)�� Test that if the server receives a KEX_DH_GEX_REQUEST_OLD message and the key exchange algorithm is not set, we raise a ConchError. s ��bad-curver��s ��unused-keyN)r��r��r��rh��r��_ssh_KEX_ECDH_INITr��r4��rI��r)��r)��r��%test_checkBad_KEX_ECDH_INIT_CurveName��s��z=ServerSSHTransportTests.test_checkBad_KEX_ECDH_INIT_CurveNamec��C��s��dt��d��t��d��t��d��t��d��t��d��t��d��t��d��t��d��t��d��t��d��d�d �}\|�j�\|��\|��t��\|��t��d S�)zy Test that if the server received a bad name for a curve we raise an UnsupportedAlgorithm error. r��r��r��r��r��r ��r1��r ��r��N)r��r4��r��r��rh��AttributeErrorr��)r2��kexmsgr)��r)��r�� test_checkBad_KEX_INIT_CurveName��s:�� z8ServerSSHTransportTests.test_checkBad_KEX_INIT_CurveNamec��C��\|��dd��dS�)z� KEXDH_INIT messages are processed when the diffie-hellman-group14-sha1 key exchange algorithm is requested. r��r��N)rF��rI��r)��r)��r��test_KEXDH_INIT_GROUP14��z/ServerSSHTransportTests.test_KEXDH_INIT_GROUP14c�� d��j�_t��j�_��dd��j�jd��dd��j�jd��jd�tj df��fdd�t d �D��}��j�jj\|d �\|d�\|d�\|d �\|d�\|d�f��dS�)�G Test that _keySetup sets up the next encryption keys. r��r��r��r��r��r1��c��g�\|�] }��j��\|d�d��qS��r��r��r��r��r��rI��r)��r��r��z9ServerSSHTransportTests.test_keySetup.<locals>.<listcomp>��ABCDEFra��r��r��rj��r��r��N�r��r��r^��rl��r��r��r��r��r"��rB��r��r!��r2��newKeysr)��rI��r�� test_keySetup�� &�z%ServerSSHTransportTests.test_keySetupc��C��s��g�d�\|�j�_d\|�j�_t��\|�j�_d\|�j�_\|��dd��\|��\|�jd�t j df��\|��\|�jd�t jd t� d ��t� d��f��\|��dd��\|��\|�jd�t j df��d S�)a�� If the client advertised support for extension negotiation, then _keySetup sends SSH_MSG_EXT_INFO with the "server-sig-algs" extension as the next packet following the server's first SSH_MSG_NEWKEYS. See RFC 8308, sections 2.4 and 3.1. )r��s��rsa-sha2-256s��rsa-sha2-512r��Tr��r��r1��r��s��rr��r\|��r��N)r��rW��r��r^��rl��rw��r��r��r��r"��rB��ry��r��r4��rI��r)��r)��r��test_keySetupWithExtInfo��s$�� z0ServerSSHTransportTests.test_keySetupWithExtInfoc�� rP��)rQ��r��r��r��r��r��r1��c��rR��rS��rT��r��rI��r)��r��r��rU��z>ServerSSHTransportTests.test_ECDH_keySetup.<locals>.<listcomp>rV��ra��r��r��rj��r��r��NrW��rX��r)��rI��r��test_ECDH_keySetup��r[��zServerSSHTransportTests.test_ECDH_keySetupc��C��s��\|��t�dddd�\|�j_\|�j�d��\|��\|�jj\|�jj��\|��\|�jj ��\|��\|�jj ��d\|�j_\|��dd��\|�j�d��\|�� \|�jj ��d\|�j_\|��dd��\|�j�d��\|�� \|�jj ��dS�)zj Test that NEWKEYS transitions the keys in nextEncryptions to currentEncryptions. r ��r1��zlibr��r��r��N)r$��r"��rK��r��rl��ssh_NEWKEYS�assertIsr0��rA��r5��rD��r ��r��assertIsNotNoner!��rI��r)��r)��r��test_NEWKEYS��s ��z$ServerSSHTransportTests.test_NEWKEYSc��C��sD��\|�j��t�d��\|��\|�jtjt�d�fg��\|��\|�j�jj d��dS�)z^ Test that the SERVICE_REQUEST message requests and starts a service. r��r��N) r��ssh_SERVICE_REQUESTr��r4��r��r��r"��MSG_SERVICE_ACCEPTr ��r��rI��r)��r)��r��test_SERVICE_REQUEST��s ��z,ServerSSHTransportTests.test_SERVICE_REQUESTc��C��\|�j��d��\|��dS��zD Test that NEWKEYS disconnects if it receives data. s ��bad packetN�r��r`��r��rI��r)��r)��r��test_disconnectNEWKEYSData ��z2ServerSSHTransportTests.test_disconnectNEWKEYSDatac��C��s"��\|�j��t�d��\|��tj��dS�)zd Test that SERVICE_REQUESTS disconnects if an unknown service is requested. s ��no serviceN)r��rd��r��r4��r��r"�� DISCONNECT_SERVICE_NOT_AVAILABLErI��r)��r)��r��(test_disconnectSERVICE_REQUESTBadService��s��z@ServerSSHTransportTests.test_disconnectSERVICE_REQUESTBadServiceN)r&��r'��r(��r]��r$��r'��r8��r9��rF��rI��rL��rN��rZ��r]��r^��rc��rf��rj��rm��r)��r)��r)��r��r��s"��#0-- r��c��@��s8��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��ZdS�) �)ServerSSHTransportDHGroupExchangeBaseCasezE Diffie-Hellman group exchange tests for SSHServerTransport. c��C��\|�j�g\|�j_dg\|�j_\|�j�\|�j��\|�j�d��\|�jj� �� d�d�\}}\|��\|�jtj t�\|�d�fg��\|��\|�jjd��\|��\|�jj\|��dS�)z� Test that the KEX_DH_GEX_REQUEST_OLD message causes the server to reply with a KEX_DH_GEX_GROUP message with the correct Diffie-Hellman group. r��r��r��rj��N)r��r��rV��rW��r��r"��r��r6��r ��r��getr��r��MSG_KEX_DH_GEX_GROUPr��r;��r��r��r2��dhGenerator�dhPrimer)��r)��r��test_KEX_DH_GEX_REQUEST_OLD"��s�� zEServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REQUEST_OLDc��C��s��d\|�j�_\|��t\|�j�jd��dS�)rG��N)r��r��rh��r ��r6��rI��r)��r)��r��%test_KEX_DH_GEX_REQUEST_OLD_badKexAlg9��s��zOServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REQUEST_OLD_badKexAlgc��C��ro��)z� Test that the KEX_DH_GEX_REQUEST message causes the server to reply with a KEX_DH_GEX_GROUP message with the correct Diffie-Hellman group. r��r��r��rq��rj��N)r��r��rV��rW��r��r"��r��r7��r ��r��rr��r��r��rs��r��r;��r��r��rt��r)��r)��r��test_KEX_DH_GEX_REQUESTA��s �� zAServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REQUESTc�� C��s��\|��t\|�jjd\|�jj�}t�d�d�}\|��\|�jj� ��j \|��t\|�jj\|\|�jj�}\|��\|�jj\|��t\|\|\|�jj�}\|�� }\|�t�\|�jj�d��\|�t�\|�jj�d��\|�t�\|�jjjd��\|�d��\|�t�\|�jj��\|�t�\|�jj��\|�t�\|��\|�\|��\|�\|��\|��}\|�j�t�\|��\|��\|�jdd��tjt�\|�jjjd��\|�t�\|�jjjd��\|��ftjd fg��dS�) z� Test that the KEX_DH_GEX_INIT message after the client sends KEX_DH_GEX_REQUEST_OLD causes the server to send a KEX_DH_GEX_INIT message with a public key and signature. r��s��r��rj��r��rp��ra��Nr1��)rw��r<��r��r��r��r��r;��r��r��private_numbersr=��r@��r��r��r<��r4��r��r=��r ��r>��r��r;��r��ssh_KEX_DH_GEX_INITr��r"��MSG_KEX_DH_GEX_REPLYr?��r@��rB��r2��rC��r>��r9��r��rD��r��r)��r)��r��&test_KEX_DH_GEX_INIT_after_REQUEST_OLDZ��sB�� zPServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_INIT_after_REQUEST_OLDc�� C��sb��\|��t\|�jjd\|�jj�}t�d�d�}t\|�jj\|\|�jj�}t\|\|\|�jj�}\|��}\|� t� \|�jj�d��\|� t� \|�jj�d��\|� t� \|�jj jd��\|� d��\|� t�\|�jj��\|� t�\|�jj��\|� t�\|��\|� \|��\|� \|��\|��}\|�j�t�\|��\|��\|�jd�tjt� \|�jj jd��\|�t� \|�jj jd��\|��f��dS�) z� Test that the KEX_DH_GEX_INIT message after the client sends KEX_DH_GEX_REQUEST causes the server to send a KEX_DH_GEX_INIT message with a public key and signature. r��s��r��rj��r��ry��ra��N)rz��r<��r��r��r��r��r;��r@��r��r<��r4��r��r=��r ��r>��r��r;��r��r\|��r��r��r"��r}��r?��r@��r~��r)��r)��r��"test_KEX_DH_GEX_INIT_after_REQUEST��s:�� zLServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_INIT_after_REQUESTN) r&��r'��r(��r]��rw��rx��rz��r��r��r)��r)��r)��r��rn��s��(rn��c��@��r��)�ServerSSHTransportDHGroupExchangeSHA1TestszJ diffie-hellman-group-exchange-sha1 tests for SSHServerTransport. Nr��r)��r)��r)��r��r��r��r��c��@��r��)�,ServerSSHTransportDHGroupExchangeSHA256TestszL diffie-hellman-group-exchange-sha256 tests for SSHServerTransport. Nr��r)��r)��r)��r��r��r��r��c��@��r��)�ServerSSHTransportECDHBaseCasezE Elliptic Curve Diffie-Hellman tests for SSHServerTransport. c�� C��s��\|�j�g\|�j_dg\|�j_\|�j�\|�j��\|�jjjd�}\|�jjj d�}\|�j� ��}\|��}\|�j�\|�}\|�j� t�\|��\|�j�\|\|�j�\|�jj��}\|��}\|�t�\|�jj��\|�t�\|�jj��\|�t�\|�jj��\|�t�\|�jj��\|�t�\|��\|�t�\|��\|�t�\|�j�\|�jj��\|�\|��\|��}\|�\|�} \|��\|�jtjt�\|��t�\|�j�\|�jj��t�\| ��ftjdfg��dS�)z� Test that the KEXDH_INIT message causes the server to send a KEXDH_REPLY with the server's public key and a signature. r��r1��N)r��r��rV��rW��r��r"��r��r ��r?��r>��_generateECPrivateKeyr��_encodeECPublicKeyr6��r��r4��_generateECSharedSecret�ecPubr��r<��r��r��otherKexInitPayloadr=��r��r��r@��r��r��rA��rB�� r2��privKey�pubKey�ecPrivr��encPubr��rD��r��rE��r)��r)��r��test_KEX_ECDH_INIT��sF�� z1ServerSSHTransportECDHBaseCase.test_KEX_ECDH_INITN)r&��r'��r(��r]��r��r)��r)��r)��r��r��r��r��c��@��r��)�ServerSSHTransportECDHTestsz: ecdh-sha2-nistp256 tests for SSHServerTransport. Nr��r)��r)��r)��r��r��r��r��c��@��r��)�'ServerSSHTransportCurve25519SHA256Testsz9 curve25519-sha256 tests for SSHServerTransport. Nr��r)��r)��r)��r��r��r��r��c��@��r��)�ClientSSHTransportBaseCasez1 Base case for SSHClientTransport tests. r��c��C��s@��d\|�_�\|��\|\|�j��\|��\|�dd�t�t\|��t� d�S�)zC Mock version of SSHClientTransport.verifyHostKey. T��:r1��) �calledVerifyHostKeyr��r��replace�binascii�hexlifyr��r��r��succeed)r2��r��fingerprintr)��r)��r�� verifyHostKey ��s�� z(ClientSSHTransportBaseCase.verifyHostKeyc��C��sB��t��\|��tj�tj��\|�_tj�tj�\|�_ d\|�_ \|�j\|�j_d�S�)NF) r��r��r!��r��r��r#��r��r��r��privObjr��r��r��rI��r)��r)��r��r��s �� z ClientSSHTransportBaseCase.setUpN) r&��r'��r(��r]��r"��r.��r��r��r��r+��r��r��r��r)��r)��r)��r��r��s �� r��c��@��s��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zd d!��Zd"d#��Zd$S�)%�ClientSSHTransportTestsz' Tests for SSHClientTransport. c��C��s��\|�j��d��\|��\|�j�jd��\|��\|�j�jd��\|��\|�j�jd��\|��\|�j�jd��\|�j�j}\|��\|jd��\|��\|j d��\|��\|j d��\|��\|jd��dS�)z� Receiving a KEXINIT packet listing multiple supported algorithms will set up the first common algorithm, ordered after our preference. s ��SSH-2.0-Twisted ��bdiffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256��ssh-dss,ssh-rsa��aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,cast128-ctr,cast128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc��aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,cast128-ctr,cast128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc��hmac-md5,hmac-sha1��hmac-md5,hmac-sha1�� zlib,none�� zlib,none��r��r��r ��r��r��N)r��r��r��r��r��r ��r!��rl��r\|��r}��r��r~��r"��r)��r)��r��r$��!��s��z6ClientSSHTransportTests.test_KEXINITMultipleAlgorithmsc��C��s<��\|��t\|��j��dd��}\|��dd�}\|�\|�j��\|�S�)z� verifyHostKey() should return a Deferred which fails with a NotImplementedError exception. connectionSecure() should raise NotImplementedError(). c��S��s��\|��t��d�S�r��)�trap�NotImplementedErrorr8��r)��r)��r��_checkRaisesK��r��zNClientSSHTransportTests.test_notImplementedClientMethods.<locals>._checkRaisesN)rh��r��r��connectionSecurer��addCallback�fail� addErrback)r2��r��dr)��r)��r�� test_notImplementedClientMethodsC��s��z8ClientSSHTransportTests.test_notImplementedClientMethodsc��C��sj��\|g\|�j�_\|�j��\|�j��\|�j�j��j}\|��t � \|�dd��d\|d��\|��\|�jtj\|�j�j fg��dS�)z� Test that a KEXINIT packet with a group1 or group14 key exchange results in a correct KEXDH_INIT response. @param kexAlgorithm: The key exchange algorithm to use @type kexAlgorithm: L{str} r��Nr��r:��)r��rV��r��r"��r��r��r{��r=��r��r��r;��r��MSG_KEXDH_INITr��)r2��r��r��r=��r)��r)��r��assertKexInitResponseForDHQ��s�� "�z2ClientSSHTransportTests.assertKexInitResponseForDHc��C��rM��)zq KEXINIT messages requesting diffie-hellman-group14-sha1 result in KEXDH_INIT responses. r��r��N)r��rI��r)��r)��r��test_KEXINIT_group14h��rO��z,ClientSSHTransportTests.test_KEXINIT_group14c��C��s2��dg\|�j�_\|�j��dd�}\|��t\|�j�j\|��dS�)z� Test that the client raises a ConchError if it receives a KEXINIT message but doesn't have a key exchange algorithm that we understand. s��diffie-hellman-group24-sha1s��group14s��group24N)r��rV��r"��r��r��rh��r ��r��r��r)��r)��r��test_KEXINIT_badKexAlgo��s�� z.ClientSSHTransportTests.test_KEXINIT_badKexAlgc��C��s��dt��d��t��d��t��d��t��d��t��d��t��d��t��d��t��d��t��d��t��d��d�d �}\|�j�\|��\|��\|�jj��d S�)z� If the server sends "ext-info-s" in its key exchange algorithms, then the client notes that the server supports extension negotiation. See RFC 8308, section 2.1. rJ��s/��diffie-hellman-group-exchange-sha256,ext-info-sr��r��r��r ��r1��r ��r��N)r��r4��r��r��r%��rw��r%��r)��r)��r��r'��y��s8�� z8ClientSSHTransportTests.test_KEXINITExtensionNegotiationc�� C��s��\|��d}t�\|�}\|�jj��j}\|�jj}t\|\|\|�}t ��}\|� t�\|�jj�d��\|� t�\|�jj �d��\|� t�\|�j��\|� \|�jj��\|� \|��\|� \|��\|��}\|�j�\|�}\|\|t�\|�j�\|�fS�)a�� Utility for test_KEXDH_REPLY and test_disconnectKEXDH_REPLYBadSignature. Begins a Diffie-Hellman key exchange in the named group Group-14 and computes information needed to return either a correct or incorrect signature. rj��)r��r��r;��r��r��r{��r=��r��r@��r��r<��r4��r��r=��r��r��r��r��r@��) r2��r9��fMPr=��r��r��rD��r��rE��r)��r)��r��begin_KEXDH_REPLY��s �� z)ClientSSHTransportTests.begin_KEXDH_REPLYc��@��\��}}��fdd�}�j�\|t�\|��}\|�\|��\|S�)zH Test that the KEXDH_REPLY message verifies the server. c����\|��j��jj��d�S�r��rA��r%��r��r��r��r��r��r��r2��r)��r��_cbTestKEXDH_REPLY�� zDClientSSHTransportTests.test_KEXDH_REPLY.<locals>._cbTestKEXDH_REPLY�r��r��ssh_KEX_DH_GEX_GROUPr��r4��r��r2��rE��packetStartr��r��r)��r��r��test_KEXDH_REPLY��s �� z(ClientSSHTransportTests.test_KEXDH_REPLYc�� rP��)rQ��r��r��r��r��r��r1��c��rR��rS��rT��r��rI��r)��r��r��rU��z9ClientSSHTransportTests.test_keySetup.<locals>.<listcomp>rV��r��rj��ra��r��r��r��NrW��rX��r)��rI��r��rZ��r[��z%ClientSSHTransportTests.test_keySetupc��s ��\|��dg��fdd�}\|\|�j_t�dddd�\|�j_\|��dd��\|��\|�jj\|�jj��t ��\|�j_\|�j� d��\|��\|�jj��\|��\|�jj ��\|��\|�jj\|�jj��\|��d��d \|�j_\|��dd ��\|�j� d��\|��\|�jj��d \|�j_\|��dd��\|�j� d��\|��\|�jj ��dS�) zl Test that NEWKEYS transitions the keys from nextEncryptions to currentEncryptions. Fc��r��r��r)��r)��securer)��r��stubConnectionSecure��r��zBClientSSHTransportTests.test_NEWKEYS.<locals>.stubConnectionSecurer ��r��r��r1��r��r_��s��GHs��IJN)r$��r��r��r"��rK��rl��r��assertIsNotr0��r^��r`��rA��r5��rD��ra��r%��r ��rb��r!��)r2��r��r)��r��r��rc��s.�� z$ClientSSHTransportTests.test_NEWKEYSc��C��s��t��\|�j_\|�j�d��\|��\|�jjj��dS�)zS Test that the SERVICE_ACCEPT packet starts the requested service. ��MockServiceN)r��r��instance�ssh_SERVICE_ACCEPTr%��r��rI��r)��r)��r��test_SERVICE_ACCEPT��s�� z+ClientSSHTransportTests.test_SERVICE_ACCEPTc��C��s(��\|�j��t��\|��\|�jtjdfg��dS�)zP Test that requesting a service sends a SERVICE_REQUEST packet. r��N)r��requestServicer��r��r��r"��rk��rI��r)��r)��r��test_requestService��s �� z+ClientSSHTransportTests.test_requestServicec��6��\}}}��j�\|t�d��}\|��fdd��S�)zL Test that KEXDH_REPLY disconnects if the signature is bad. � ��bad signaturec��tj�S�r��r��r"��r��_rI��r)��r��r<�� r��zPClientSSHTransportTests.test_disconnectKEXDH_REPLYBadSignature.<locals>.<lambda>r��r2��r��rE��r��r��r)��rI��r��&test_disconnectKEXDH_REPLYBadSignature �� z>ClientSSHTransportTests.test_disconnectKEXDH_REPLYBadSignaturec��C��4��dt��d��t��d��t��d��t��d��t��d��t��d��t��d��t��d��t��d��t��d��d�d �}\|�j�\|��\|�j�d ��t�t��t��\|�j_ \|�jj � ��\|�j_t�t��t��}\|� ��}\|�t jjt jj�}t��\|�j_d\|�j_\|�j�t��t��d��t��\|��t��d��\|��tj��dS�� O Test that KEX_ECDH_REPLY disconnects if the signature is bad. r��r��r��r��r��r ��r1��r ��r��s��SSH-2.0-OpenSSH s ��bad-signatureN�r��r4��r��r��r��r��generate_private_key� SECP256R1r��r��r��r��public_bytesr��Encoding�X962�PublicFormat�UncompressedPoint�curver��_ssh_KEX_ECDH_REPLYr��r��r��r��r"��r��r2��rK��thisPriv�thisPubr��r)��r)��r��)test_disconnectKEX_ECDH_REPLYBadSignature ��Z�� zAClientSSHTransportTests.test_disconnectKEX_ECDH_REPLYBadSignaturec��C��rg��rh��ri��rI��r)��r)��r��rj��= ��rk��z2ClientSSHTransportTests.test_disconnectNEWKEYSDatac��C��s"��t��\|�j_\|�j�d��\|��dS�)z� Test that SERVICE_ACCEPT disconnects if the accepted protocol is differet from the asked-for protocol. s��badN)r��r��r��r��r��rI��r)��r)��r��test_disconnectSERVICE_ACCEPTD ��s�� z5ClientSSHTransportTests.test_disconnectSERVICE_ACCEPTc��C��s<��t��\|�j_\|�j�d��\|��\|�jjj��\|��t\|�j�d��dS�)z� Some commercial SSH servers don't send a payload with the SERVICE_ACCEPT message. Conch pretends that it got the correct name of the service. r1��r��N) r��r��r��r��r%��r��r��rd��r��rI��r)��r)��r��test_noPayloadSERVICE_ACCEPTM ��s�� z4ClientSSHTransportTests.test_noPayloadSERVICE_ACCEPTN)r&��r'��r(��r]��r$��r��r��r��r��r'��r��r��rZ��rc��r��r��r��r��rj��r��r��r)��r)��r)��r��r��s&��" " . r��c��@��sL��e�Zd�ZdZ �edd�Zdd��Zdd��Zdd ��Zd d��Z dd ��Z dd��ZdS�)�)ClientSSHTransportDHGroupExchangeBaseCasezE Diffie-Hellman group exchange tests for SSHClientTransport. ��FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF��c��C��s8��\|�j�g\|�j_\|�j�\|�j��\|��\|�jtjdfg��dS�)zt KEXINIT packet with a group-exchange key exchange results in a KEX_DH_GEX_REQUEST message. �� N) r��r��rV��r��r"��r��r��r��MSG_KEX_DH_GEX_REQUESTrI��r)��r)��r��test_KEXINIT_groupexchangem ��s��zDClientSSHTransportDHGroupExchangeBaseCase.test_KEXINIT_groupexchangec�� C��s��\|��\|�j�t�\|�j�t�d��\|��\|�jj\|�j��\|��\|�jjd��\|�jj � ��j}\|��t�\|�dd��d��\|��\|�jjt�t d\|\|�j��\|��\|�jdd��tj\|�jjfg��dS�)z� Test that the KEX_DH_GEX_GROUP message results in a KEX_DH_GEX_INIT message with the client's Diffie-Hellman public key. rj��r��Ns��ra��)r��r��r��r��r;��P1536r��r��r��r��r{��r=��r��r<��r��r"��MSG_KEX_DH_GEX_INITrg��r)��r)��r��test_KEX_DH_GEX_GROUP ��s��z?ClientSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_GROUPc��C��s��\|��\|�jj}d}t�\|�}t\|\|�jj��j\|�}\|�� }\|� t�\|�jj�d��\|� t�\|�jj �d��\|� t�\|�j��\|� d��\|� t�\|�j�t�d��\|� \|�jj��\|� \|��\|� \|��\|��}\|�j�\|�}\|\|t�\|�j�\|�fS�)a�� Utility for test_KEX_DH_GEX_REPLY and test_disconnectGEX_REPLYBadSignature. Begins a Diffie-Hellman key exchange in an unnamed (server-specified) group and computes information needed to return either a correct or incorrect signature. r��rj��r��)r��r��r��r��r;��r@��r��r{��r=��r��r<��r4��r��r=��r��r��r��r��r��r@��)r2��r��r9��r��r��rD��r��rE��r)��r)��r��begin_KEX_DH_GEX_REPLY� ��s"�� z@ClientSSHTransportDHGroupExchangeBaseCase.begin_KEX_DH_GEX_REPLYc��r��)z^ Test that the KEX_DH_GEX_REPLY message results in a verified server. c��r��r��r��r��r��r)��r��_cbTestKEX_DH_GEX_REPLY� ��r��z`ClientSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REPLY.<locals>._cbTestKEX_DH_GEX_REPLY�r��r��ssh_KEX_DH_GEX_REPLYr��r4��r��)r2��rE��r��r��r��r)��r��r��test_KEX_DH_GEX_REPLY� ��s �� z?ClientSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REPLYc��r��)zQ Test that KEX_DH_GEX_REPLY disconnects if the signature is bad. r��c��r��r��r��r��rI��r)��r��r<�� r��z`ClientSSHTransportDHGroupExchangeBaseCase.test_disconnectGEX_REPLYBadSignature.<locals>.<lambda>r��r��r)��rI��r��$test_disconnectGEX_REPLYBadSignature� ��r��zNClientSSHTransportDHGroupExchangeBaseCase.test_disconnectGEX_REPLYBadSignaturec��C��r��r��r��r��r)��r)��r��r�� r��zSClientSSHTransportDHGroupExchangeBaseCase.test_disconnectKEX_ECDH_REPLYBadSignatureN)r&��r'��r(��r]��intr��r��r��r��r��r��r��r)��r)��r)��r��r��Y ��s��r��c��@��r��)�ClientSSHTransportDHGroupExchangeSHA1TestszJ diffie-hellman-group-exchange-sha1 tests for SSHClientTransport. Nr��r)��r)��r)��r��r�� r��r��c��@��r��)�,ClientSSHTransportDHGroupExchangeSHA256TestszL diffie-hellman-group-exchange-sha256 tests for SSHClientTransport. Nr��r)��r)��r)��r��r�� r��r��c��@��s0��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd S�)�ClientSSHTransportECDHBaseCasezE Elliptic Curve Diffie-Hellman tests for SSHClientTransport. c�� C��sJ��\|�j�g\|�j_\|�j�\|�j��\|��\|�jtjt � \|�j�\|�jj��fg��dS�)zm KEXINIT packet with an elliptic curve key exchange results in a KEXDH_INIT message. N) r��r��rV��r��r"��r��r��r��r��r��r4��r��r��rI��r)��r)��r��test_KEXINIT ��s��z+ClientSSHTransportECDHBaseCase.test_KEXINITc�� C��s.��\|��t��d�}t��d�}\|�j��}\|��}\|�j�\|�}\|�j�\|\|�j�\|�jj ��}\|�� }\|�t� \|�jj��\|�t� \|�jj��\|�t� \|�jj��\|�t� \|�jj��\|�t� \|��\|�t� \|�j�\|�jj ��\|�t� \|��\|�\|��\|��}\|�\|�} \|\| t� \|��t� \|��fS�)a�� Utility for test_KEXDH_REPLY and test_disconnectKEXDH_REPLYBadSignature. Begins an Elliptic Curve Diffie-Hellman key exchange and computes information needed to return either a correct or incorrect signature. r��)r��r��r��r��r��r��r��r��r��r��r��r<��r��r4��r��r��r=��r��r��r��r@��r��r)��r)��r��r��& ��s�� z0ClientSSHTransportECDHBaseCase.begin_KEXDH_REPLYc��r��)zO Test that the KEXDH_REPLY message completes the key exchange. c��r��r��r��r��r��r)��r��r��P ��r��zKClientSSHTransportECDHBaseCase.test_KEXDH_REPLY.<locals>._cbTestKEXDH_REPLYr��r��r)��r��r��r��J ��s �� z/ClientSSHTransportECDHBaseCase.test_KEXDH_REPLYc��r��)r��r��c��r��r��r��r��rI��r)��r��r<��a ��r��zWClientSSHTransportECDHBaseCase.test_disconnectKEXDH_REPLYBadSignature.<locals>.<lambda>r��r��r)��rI��r��r��Y ��r��zEClientSSHTransportECDHBaseCase.test_disconnectKEXDH_REPLYBadSignatureN)r&��r'��r(��r]��r��r��r��r��r)��r)��r)��r��r�� s��$r��c��@��r��)�ClientSSHTransportECDHTestsz: ecdh-sha2-nistp256 tests for SSHClientTransport. Nr��r)��r)��r)��r��r��e ��r��r��c��@��r��)�'ClientSSHTransportCurve25519SHA256Testsz9 curve25519-sha256 tests for SSHClientTransport. Nr��r)��r)��r)��r��r��m ��r��r��c��@��s`��e�Zd�ZdZer eZdd��Zdd��Zdd��Zdd ��Z d d��Z dd ��Zdd��Zdd��Z dd��ZdS�)�GetMACTestsz* Tests for L{SSHCiphers._getMAC}. c��C��s��t��dddd�\|�_d�S�)NrG��r4��rH��rI��)r"��rK��rN��rI��r)��r)��r��r��~ ��r��zGetMACTests.setUpc��C��s��t�d�S�)z� Generate a new shared secret to be used with the tests. @return: A new secret. @rtype: L{bytes} �@��r��rI��r)��r)��r��getSharedSecret� ��s��zGetMACTests.getSharedSecretc�� C��s\|��\|��}\|�j�\|\|�}\|d\|��d\|��}tdd��t\|�D��}tdd��t\|�D��} \|��\|\|\| \|f\|��\|��\|\|j��dS�)a�� Check that when L{SSHCiphers._getMAC} is called with a supportd HMAC algorithm name it returns a tuple of (digest object, inner pad, outer pad, digest size) with a C{key} attribute set to the value of the key supplied. @param hmacName: Identifier of HMAC algorithm. @type hmacName: L{bytes} @param hashProcessor: Callable for the hash algorithm. @type hashProcessor: C{callable} @param digestSize: Size of the digest for algorithm. @type digestSize: L{int} @param blockPadSize: Size of padding applied to the shared secret to match the block size. @type blockPadSize: L{int} Nr ��c��s��\|�] }t�\|�d�A�V��qdS�)�6��N�r-��r��br)��r)��r��r�� z+GetMACTests.assertGetMAC.<locals>.<genexpr>c��s��r��)�\��Nr��r��r)��r)��r��r�� r��)r��rN��_getMACrn��r��r��r��) r2��hmacNamer�� digestSize�blockPadSize�secret�paramsr��innerPad�outerPadr)��r)��r��assertGetMAC� ��s��zGetMACTests.assertGetMACc��C��\|�j�dtddd��dS�)a�� When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha2-512"} MAC algorithm name it returns a tuple of (sha512 digest object, inner pad, outer pad, sha512 digest size) with a C{key} attribute set to the value of the key supplied. s ��hmac-sha2-512r��r��r��N)r��r��rI��r)��r)��r��test_hmacsha2512� ��zGetMACTests.test_hmacsha2512c��C��\|�j�dtddd��dS�)a�� When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha2-384"} MAC algorithm name it returns a tuple of (sha384 digest object, inner pad, outer pad, sha384 digest size) with a C{key} attribute set to the value of the key supplied. s ��hmac-sha2-384�0��P��r��N)r��r��rI��r)��r)��r��test_hmacsha2384� ��r ��zGetMACTests.test_hmacsha2384c��C��r��)a�� When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha2-256"} MAC algorithm name it returns a tuple of (sha256 digest object, inner pad, outer pad, sha256 digest size) with a C{key} attribute set to the value of the key supplied. s ��hmac-sha2-256� ��r��N)r��r��rI��r)��r)��r��test_hmacsha2256� ��r ��zGetMACTests.test_hmacsha2256c��C��r��)a�� When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha1"} MAC algorithm name it returns a tuple of (sha1 digest object, inner pad, outer pad, sha1 digest size) with a C{key} attribute set to the value of the key supplied. r��,��r��N)r��r��rI��r)��r)��r�� test_hmacsha1� ��r ��zGetMACTests.test_hmacsha1c��C��r��)a�� When L{SSHCiphers._getMAC} is called with the C{b"hmac-md5"} MAC algorithm name it returns a tuple of (md5 digest object, inner pad, outer pad, md5 digest size) with a C{key} attribute set to the value of the key supplied. r��r��r��r��N)r��r��rI��r)��r)��r��test_hmacmd5� ��r ��zGetMACTests.test_hmacmd5c��C��s&��\|��}\|�j�d\|�}\|��d\|��dS�)z� When L{SSHCiphers._getMAC} is called with the C{b"none"} MAC algorithm name it returns a tuple of (None, "", "", 0). r ��)Nr1��r1��r��N)r��rN��r��r��)r2��r��r��r)��r)��r�� test_none� ��s��zGetMACTests.test_noneN)r&��r'��r(��r]��r��r7��r��r��r��r ��r��r��r��r��r��r)��r)��r)��r��r��v ��s�� r��c��@��@��e�Zd�ZdZer eZdd��Zdd��Zdd��Zdd ��Z d d��Z dS�) �SSHCiphersTestsz0 Tests for the SSHCiphers helper class. c��C��sL��t��dddd�}\|��\|jd��\|��\|jd��\|��\|jd��\|��\|jd��dS�)zJ Test that the initializer sets up the SSHCiphers object. rG��r4��rH��rI��N)r"��rK��r��r\|��r}��r��r~��)r2��rN��r)��r)��r�� test_init� ��s ��zSSHCiphersTests.test_initc�� C��sj��t��dddd�}d�}}\|j��D�]!\}\}}}\|�\|\|\|�}\|dkr+\|��\|t�j��q\|��\|j\|��qdS�)zM Test that the _getCipher method returns the correct cipher. rG��r4��rH��rI��rJ��r ��N)r"��rK�� cipherMapr��rM��assertIsInstance�_DummyCipher� algorithm) r2��rN��rO��r��rP��algClass�keySize�counter�cipr)��r)��r��test_getCipher� ��s��zSSHCiphersTests.test_getCipherc�� C��s:��d}t�jjD�]�}t�jj\|�\}}}t��\|ddd�}t��d\|dd�}\|�\|\|\|�}\|jjd�} \|�\|\|dddd��\|�dd\|\|dd��\|�� \|j \| ��\|�� \|j\| ��\|��} \| � \|d\| ��}\| � \|d\| ��}\|�� \|�\|d\| ��\|��\|�� \|�\|d\| ��\|��\|�� \|�\|�\|d\| ��\|�� \|�\|�\|d\| ��qdS�)z8 Test that setKeys sets up the ciphers. �@��r ��r:��r1��N)r"��r+��rL��rK��r��rM��r�� block_sizer{��r��re��rk�� encryptorr<��rh��rl��) r2��r��rP��modNamer��r�� encCipher� decCipherr ��bsr$��enc�enc2r)��r)��r��test_setKeysCiphers��s&��z#SSHCiphersTests.test_setKeysCiphersc�� C��s��d}t�jj��D�]s\}}t��dd\|d�}t��ddd\|�}\|�dddd\|d��\|�ddddd\|��\|r7\|��j}nd}\|��\|j\|��\|rL\|�\|\|�\}}}}d} \|} d\|�}\|re\|\|\|\|\|�� }nd}\|��\|� \| \| �\|��\|��\|�\| \| \|��qdS�)z5 Test that setKeys sets up the MACs. r"��r ��r1��r��r��N) r"��rK��macMapr��r{��digest_sizer��r��r��r��rq��r%��rt��) r2��r��macName�mod�outMac�inMac�ds�i�o�seqidr��r[��macr)��r)��r��test_setKeysMACs��s�� z SSHCiphersTests.test_setKeysMACsc�� C��s��g�d�}\|D�]9\}}}t��dddd�}\|�d\|�\|_t�d\|dd��\}\|dd��}\|��\|t�\|� \|\|��d\|�d\|��qdS�) z� L{SSHCiphers.makeMAC} computes the HMAC of an outgoing SSH message with a particular sequence id and content data. ))s��s��Hi Theres ��9294727a3638bb1c13f48ef8158bfc9d)s��Jefes��what do ya want for nothing?s ��750c783e6ab0b503eaa86e310a5db738)r��s2��s ��56be34521d144c88dbb8c733f0e8b3f6r ��r��z>LNr��zFailed HMAC test vector; key=z data=) r"��rK��r��r��struct�unpackr��r��r��rq��)r2��vectorsr��r��r6��r��r5�� shortenedr)��r)��r��test_makeMAC2��s�� zSSHCiphersTests.test_makeMACN)r&��r'��r(��r]��r��r7��r��r!��r+��r7��r<��r)��r)��r)��r��r�� s�� r��c��@��r��) �TransportLoopbackTestszL Test the server transport and client transport against each other, c��s��t��}t��\|�_\|��g��_�fdd��_t��dd��_g��_��fdd��_��fdd��_ t �j��_ \|��\|��fdd�}t��}\|�\|��\|S�)z� Run an async client and server, modifying each using the mod function provided. Returns a Deferred called back when both Protocols have disconnected. @type mod: C{func} @rtype: C{defer.Deferred} c��j��\|�\|f�S�r��rL��code�desc)�serverr)��r��r<��d��z9TransportLoopbackTests._runClientServer.<locals>.<lambda>c��S��s ��t��d��S�r��)r��r��)r=��r>��r)��r)��r��r<��f��s�� c��r>��r��rL��r?��clientr)��r��r<��h��rC��c��s��S�r��)r��r)��rD��r)��r��r<��i��s��c��s��t�\|jd�\|jd�\|jd�\|jd�g�}��\|jg��\|jtjdfg��\|jd�dkr>�� \|� ��\|�� \|� ��\|��n��\|� ��\|��\|� ��\|��\|jd�dkrg�� \|��\|�� \|��\|��d�S��\|��\|��\|��\|��d�S�)Nr��s��user closed connectionr ��) �reprrL��rX��rV��rY��r��rD��r"��r��r#��r��r%��r��)�ignoredrB��rE��r��rI��r)��r��checkn��s,�� z6TransportLoopbackTests._runClientServer.<locals>.check)r��r"��r-��r ��r��rD��rP��r.��r��r��listr��r!��rW��r�� loopbackAsyncr��)r2��r/��r ��rH��r��r)��)rE��r2��rB��r��_runClientServerV��s$�� z'TransportLoopbackTests._runClientServerc��B��g�}t�jjdg�D�]��fdd�}\|�\|��\|��q tj\|dd�S�)z{ Test that the client and server play nicely together, in all the various combinations of ciphers. r ��c��g\|�_�\|�S�r��r��r��cipherr)��r�� setCipher��z6TransportLoopbackTests.test_ciphers.<locals>.setCipherT��fireOnOneErrback)r"��r+��rL��rM��rK��r��DeferredList)r2�� deferredsrP��r)��rN��r��test_ciphers��s ��z#TransportLoopbackTests.test_ciphersc��rL��)z> Like test_ciphers, but for the various MACs. r ��c��rM��r��r��r��r6��r)��r��setMAC��rQ��z0TransportLoopbackTests.test_macs.<locals>.setMACTrR��)r"��r+��rX��rM��rK��r��rT��)r2��rU��rX��r)��rW��r�� test_macs��s ��z TransportLoopbackTests.test_macsc��<��g�}t�jjD�]��fdd�}\|�\|��\|��qtj\|dd�S�)zG Like test_ciphers, but for the various key exchanges. c��rM��r��r��r��r��r)��r��setKeyExchange��rQ��z@TransportLoopbackTests.test_keyexchanges.<locals>.setKeyExchangeTrR��)r"��r+��rV��rM��rK��r��rT��)r2��rU��r\��r)��r[��r��test_keyexchanges�� z(TransportLoopbackTests.test_keyexchangesc��rZ��)zF Like test_ciphers, but for the various compressions. c��rM��r��r��r��compressionr)��r��setCompression��rQ��z@TransportLoopbackTests.test_compressions.<locals>.setCompressionTrR��)r"��r+��rY��rM��rK��r��rT��)r2��rU��ra��r)��r_��r��test_compressions��r^��z(TransportLoopbackTests.test_compressionsN)r&��r'��r(��r]��r��r7��rK��rV��rY��r]��rb��r)��r)��r)��r��r=��N��s��7r=��)kr]��r��r��r��r8��r��hashlibr��r��r��r��r��typingr��r��twistedr ��r��twisted.conch.errorr ��twisted.conch.sshr��r��r ��twisted.internetr��twisted.protocolsr��twisted.pythonr��twisted.python.compatr��twisted.python.randbytesr��twisted.python.reflectr��twisted.testr��twisted.trial.unittestr��r��r��strr��r��cryptography.exceptionsr��cryptography.hazmat.backendsr��cryptography.hazmat.primitivesr��)cryptography.hazmat.primitives.asymmetricr��r��r��r ��r!��r"��twisted.conch.testr#��x25519_supportedr6��r:��r@��r+��rB��r^��r�� SSHServicer��r/��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��rn��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r=��r)��r)��r)��r��<module>��s�� EA#+= ��; � � � �e��g� � � 5� ��?� #� � V� �km��test/__pycache__/test_telnet.cpython-310.pyc��0000644��00000060235�15027667726�0015016 0��ustar�00��o ��b�h��@��s��d�Z�ddlmZ�ddlmZ�ddlmZ�ddlmZ�ddl m Z �ddlmZ�ddl mZ�eej�G�d d ��d ��ZG�dd��dej�ZG�d d��dej�ZG�dd��dej�ZG�dd��dej�ZdS�)z$ Tests for L{twisted.conch.telnet}. ��)�implementer)�verifyObject)�telnet)�defer)� iterbytes)� proto_helpers)�unittestc��@��st��e�Zd�ZdZdZdd��Zdd��Zdd��Zdd ��Zd d��Z dd ��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��ZdS�)�TestProtocol��c��C��s.��d\|�_�g�\|�_g�\|�_g�\|�_g�\|�_g�\|�_g�\|�_d�S�)N��)�data�subcmd�calls�enabledLocal� enabledRemote� disabledLocal�disabledRemote��selfr ��r ��@/usr/lib/python3/dist-packages/twisted/conch/test/test_telnet.py�__init__��s�� zTestProtocol.__init__c��sL��i��}\|_��j\|d<�\|j��}\|_dD�]}\|f��fdd� \|tt\|�<�qd�S�)N��) �EOR�NOP�DM�BRK�IP�AO�AYT�EC�EL�GAc��s��j��\|�S��N)r��append)�arg�cmdr��r ��r��<lambda>)��s��z-TestProtocol.makeConnection.<locals>.<lambda>)�negotiationMap�neg_TEST_COMMAND� commandMap�copy�getattrr��)r�� transport�dr%��r ��r��r��makeConnection#��s�� zTestProtocol.makeConnectionc��C��s��\|��j�\|7��_�d�S�r"��)r��r��r��r ��r ��r��dataReceived+��s��zTestProtocol.dataReceivedc��C��d�S�r"��r ��)r��reasonr ��r ��r��connectionLost.��s��zTestProtocol.connectionLostc��C��s ��\|\|�_�d�S�r"��)r ��)r��payloadr ��r ��r��r(��1��s�� zTestProtocol.neg_TEST_COMMANDc��C��\|\|�j�v�r \|�j�\|��dS�dS��NTF)�localEnableabler��r#��r��optionr ��r ��r��enableLocal4�� zTestProtocol.enableLocalc��C��\|�j��\|��d�S�r"��)r��r#��r8��r ��r ��r��disableLocal:��zTestProtocol.disableLocalc��C��r5��r6��)�remoteEnableabler��r#��r8��r ��r ��r��enableRemote=��r;��zTestProtocol.enableRemotec��C��r<��r"��)r��r#��r8��r ��r ��r�� disableRemoteC��r>��zTestProtocol.disableRemotec��C��r1��r"��r ��r��r ��r ��r��connectionMadeF��zTestProtocol.connectionMadec��C��r1��r"��r ��)r��command�argumentr ��r ��r��unhandledCommandJ��rC��zTestProtocol.unhandledCommandc��C��r1��r"��r ��r��rD��r��r ��r ��r��unhandledSubnegotiationN��rC��z$TestProtocol.unhandledSubnegotiationN)�__name__� __module__�__qualname__r7��r?��r��r.��r0��r3��r(��r:��r=��r@��rA��rB��rF��rH��r ��r ��r ��r��r ��s�� r ��c��@��s��e�Zd�Zdd��ZdS�)�InterfacesTestsc��C��s��t��}tt�j\|��dS�)zO L{telnet.TelnetProtocol} implements L{telnet.ITelnetProtocol} N)r��TelnetProtocolr��ITelnetProtocol)r��pr ��r ��r��test_interfaceT��s��zInterfacesTests.test_interfaceN)rI��rJ��rK��rP��r ��r ��r ��r��rL��S��s��rL��c��@��sB��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zd d!��Zd"d#��Zd$d%��Zg�g�g�g�fd&d'�Zd(d)��Zdd+��Zd,d-��Zd.d/��Zd0d1��Zd2d3��Zd4d5��Zd6d7��Zd8d9��Zd:d;��Z d<d=��Z!d>d?��Z"d@dA��Z#dBdC��Z$dDdE��Z%dFdG��Z&dHdI��Z'dJdK��Z(dLS�)M�TelnetTransportTestsz. Tests for L{telnet.TelnetTransport}. c��C��s(��t��t�\|�_t��\|�_\|�j�\|�j��d�S�r"��)r��TelnetTransportr ��rO��r��StringTransport�tr.��r��r ��r ��r��setUpa��s�� zTelnetTransportTests.setUpc��C��s>��\|�j�j}g�d�}\|D�]}\|�j��\|��q \|��\|jd�\|��d�S�)N)s��here are some bytes la la las��some more arrive heres��lots of bytes to play withs��la la las��ta de das��dumr��)rO��protocolr0��assertEqualr��join�r��h�L�br ��r ��r��testRegularBytesf��s ��z%TelnetTransportTests.testRegularBytesc��C��s��\|�j�j}g�d�}\|D�]}\|�j��\|��q \|��\|j\|d�d�d��d�\|d�d�d��d�\|d�d�d��d�\|d�d�d��d��d�S�) N)s��here is the first line s��here is the second line �s��here is the third line s��here is the last line �r�� )rO��rV��r0��rW��r��rY��r ��r ��r��testNewlineHandlingy��s,��z(TelnetTransportTests.testNewlineHandlingc��C��sF��\|�j�j}g�d�}\|D�]}\|�j��\|��q \|��\|jd�\|��dd��d�S�)N)s��here are some bytes�� with an embedded IACs&��and here is a test of a border escape�s�� did you get that IAC?r��s��)rO��rV��r0��rW��r��rX��replacerY��r ��r ��r�� testIACEscape��s �� z"TelnetTransportTests.testIACEscapec��C��sn��\|�j�j}tjtt\|��}dd\|�d�g}\|D�]}\|�j��\|��q\|��\|j\|g��\|��\|jd� \|�� \|d��d�S�)Ns��Here's some bytes, tra la las��But ono!s �� an interruptr��)rO��rV��r��IACr+��r0��rW��r��r��rX��rf��)r��cmdNamerZ��r%��r[��r\��r ��r ��r��_simpleCommandTest��s�� z'TelnetTransportTests._simpleCommandTestc��C��\|��d��d�S�)Nr��rj��r��r ��r ��r�� testInterrupt��z"TelnetTransportTests.testInterruptc��C��rk��)Nr��rl��r��r ��r ��r��testEndOfRecord��rn��z$TelnetTransportTests.testEndOfRecordc��C��rk��)Nr��rl��r��r ��r ��r��testNoOperation��rn��z$TelnetTransportTests.testNoOperationc��C��rk��)Nr��rl��r��r ��r ��r��testDataMark��rn��z!TelnetTransportTests.testDataMarkc��C��rk��)Nr��rl��r��r ��r ��r�� testBreak��rn��zTelnetTransportTests.testBreakc��C��rk��)Nr��rl��r��r ��r ��r��testAbortOutput��rn��z$TelnetTransportTests.testAbortOutputc��C��rk��)Nr��rl��r��r ��r ��r��testAreYouThere��rn��z$TelnetTransportTests.testAreYouTherec��C��rk��)Nr��rl��r��r ��r ��r��testEraseCharacter��rn��z'TelnetTransportTests.testEraseCharacterc��C��rk��)Nr ��rl��r��r ��r ��r�� testEraseLine��rn��z"TelnetTransportTests.testEraseLinec��C��rk��)Nr!��rl��r��r ��r ��r��testGoAhead��rn��z TelnetTransportTests.testGoAheadc��C��s\|��\|�j�j}tjtj�d�tj�tj�}d\|�dg}\|D�]}\|�j��\|��q\|��\|jd� \|�� \|d��\|��\|jtt d��d�S�)Ns��hello worlds��These are some bytes but soons��there will be some morer��s��hello world)rO��rV��r��rh��SB�SEr0��rW��r��rX��rf��r ��listr��r��rZ��r%��r[��r\��r ��r ��r��testSubnegotiation��s��z'TelnetTransportTests.testSubnegotiationc��C��s��\|�j�j}tjtj�d�tj�tj�tj�}d\|�d�dg}\|D�]}\|�j��\|��q\|��\|jd� \|�� \|d��\|��\|jtjg��d�S�)Nr��s��Some bytes are heres��and herer��)rO��rV��r��rh��rx��ry��r0��rW��r��rX��rf��r ��r{��r ��r ��r�� testSubnegotiationWithEmbeddedSE��s��"z5TelnetTransportTests.testSubnegotiationWithEmbeddedSEc��C��s��t�jt�j�d�t�j�d�t�j�t�j�}tt\|��D�]L}t��}\|�j_\|� \|�j��\|d�\|��\|\|d��}}d\|�\|d�g}\|D�]}\|�j� \|��q?\|��\|jd� \|��\|d��\|��\|jt�jgttd��qd�S�)Nr��s��hellos ��first parts ��last partr��)r��rh��rx��ry��range�lenr ��rO��rV��r.��r0��rW��r��rX��rf��r ��rz��r��)r��r%��irZ��ar\��r[��r��r ��r ��r��testBoundarySubnegotiation��s0�� z/TelnetTransportTests.testBoundarySubnegotiationc��C��s<��\|��\|j\|��\|��\|j\|��\|��\|j\|��\|��\|j\|��d�S�r"��)rW��r��r��r��r��)r��o�eL�eR�dL�dRr ��r ��r��_enabledHelper ��s��z#TelnetTransportTests._enabledHelperc��C��r��t�jt�j�d�}d\|�d�}\|�j�\|��\|��\|�jjj\|�\|d��\|��\|�j � ��t�jt�j�d��\|��\|�jj��d�S��Nr��s��surrounding bytess��to spice things upr��) r��rh��WILLrO��r0��rW��rV��r��rf��rT��value�DONTr��r��r%��r��r ��r ��r��testRefuseWill��z#TelnetTransportTests.testRefuseWillc��C��r��r��) r��rh��DOrO��r0��rW��rV��r��rf��rT��r��WONTr��r��r ��r ��r��testRefuseDo��r��z!TelnetTransportTests.testRefuseDoc��C��h��t�jt�j�d�}d\|�d�}\|�jj}d\|_\|�j�\|��\|��\|�j� ��t�jt�j �d��\|�j\|dgd��d�S�)N��paddings��trailer)r��)r��)r��rh��r��rO��rV��r7��r0��rW��rT��r��r��r��r��r%��r��rZ��r ��r ��r��testAcceptDo&��s��z!TelnetTransportTests.testAcceptDoc��C��r��)N��s��headerr��)r��r��)r��rh��r��rO��rV��r?��r0��rW��rT��r��r��r��r��r ��r ��r��testAcceptWill3��s��z#TelnetTransportTests.testAcceptWillc��C��t�jt�j�d�}\|�j�d�}d\|j_d\|�}\|�j�\|��\|��\|�jj j \|�\|d��\|��\|�j� ��t�jt�j�d��\|��\|jjd��\|�j\|�jj dgd��d�S�)N��)�yess ��fiddle deer��no�r��)r��rh��r��rO��getOptionState�him�stater0��rW��rV��r��rf��rT��r��r��r��r��r%��sr��r ��r ��r��testAcceptWont?��z#TelnetTransportTests.testAcceptWontc��C��r��)Nr��r��s��fiddle dum r��r��)r��)r��rh��r��rO��r��usr��r0��rW��rV��r��rf��rT��r��r��r��r��r ��r ��r��testAcceptDontS��r��z#TelnetTransportTests.testAcceptDontc��C��f��t�jt�j�d�}d\|�d�}\|�j�\|��\|��\|�jjj\|�\|d��\|��\|�j � ��d��\|��\|�jj��d�S��N��G� ��dum de dum� ��tra la lar��)r��rh��r��rO��r0��rW��rV��r��rf��rT��r��r��r��r ��r ��r��testIgnoreWontg��s��z#TelnetTransportTests.testIgnoreWontc��C��r��r��)r��rh��r��rO��r0��rW��rV��r��rf��rT��r��r��r��r ��r ��r��testIgnoreDonts��s��z#TelnetTransportTests.testIgnoreDontc��C��z��t�jt�j�d�}\|�j�d�}d\|j_d\|�d�}\|�j�\|��\|��\|�jj j \|�\|d��\|��\|�j� ��d��\|��\|�jj ��d�S��N��Vr��r��r��r��)r��rh��r��rO��r��r��r��r0��rW��rV��r��rf��rT��r��r��r��r ��r ��r��testIgnoreWill��z#TelnetTransportTests.testIgnoreWillc��C��r��r��)r��rh��r��rO��r��r��r��r0��rW��rV��r��rf��rT��r��r��r��r ��r ��r��testIgnoreDo��r��z!TelnetTransportTests.testIgnoreDoc��sv��j��d�}�j�j��d��_��j��tjtj �d��j�� tjtj�d��\|��jd��\|��fdd��\|S�)N��B�r��Tc��s��j��dgd�S�)Nr��r��)r��_�rZ��r��r ��r��r&��s��z@TelnetTransportTests.testAcceptedEnableRequest.<locals>.<lambda>) rO��dorV��r?��rW��rT��r��r��rh��r��r0��r��addCallback�r��r-��r ��r��r��testAcceptedEnableRequest��s��z.TelnetTransportTests.testAcceptedEnableRequestc��d�j�j_�j��d�}��j��tjtj �d��j�� d��jjd��j jd��jj��j j��j��tjtj�d��\|tj�}\|��fdd��\|��fdd��\|S�)z� If the peer refuses to enable an option we request it to enable, the L{Deferred} returned by L{TelnetProtocol.do} fires with an L{OptionRefused} L{Failure}. r��r��r��c��jj�S�r"��r��rO��rV��ignoredr��r ��r��r&��z@TelnetTransportTests.test_refusedEnableRequest.<locals>.<lambda>c��jj�S�r"��)�assertFalser��negotiatingr��r��r��r ��r��r&��r��)rO��rV��r?��r��rW��rT��r��r��rh��r��r��r��r��r�� assertTruer��r��r0��r�� assertFailure� OptionRefusedr��r��r ��r��r��test_refusedEnableRequest�� z.TelnetTransportTests.test_refusedEnableRequestc��r��)z� If the peer refuses to allow us to enable an option, the L{Deferred} returned by L{TelnetProtocol.will} fires with an L{OptionRefused} L{Failure}. r��r��r��c��r��r"��r��r��r��r ��r��r&��r��z>TelnetTransportTests.test_refusedEnableOffer.<locals>.<lambda>c��r��r"��)r��r��r��r��r��r ��r��r&��r��)rO��rV��r7��willrW��rT��r��r��rh��r��r��r��r��r��r��r��r��r0��r��r��r��r��r��r ��r��r��test_refusedEnableOffer��r��z,TelnetTransportTests.test_refusedEnableOfferc��sz��j��d�}d\|j_��j��d�}��j��tj tj �d��j��tj tj�d��\|� ��jd��\|� ��fdd��\|S�)Nr��r��Tc��s��j��jjdgd�S�)Nr��r��r��r��r��r ��r��r&��s��zATelnetTransportTests.testAcceptedDisableRequest.<locals>.<lambda>)rO��r��r��r��dontrW��rT��r��r��rh��r��r0��r��r��r��r��r-��r ��r��r��testAcceptedDisableRequest��s��z/TelnetTransportTests.testAcceptedDisableRequestc��sd��j��d�}d\|j_��j��d��fdd�}��fdd�}��fdd�}\|d��}\|�\|��\|�\|��\|S�) N��$r��c��j��d�}��\|tj�S��Nr��)rO��r��r��r��AlreadyNegotiating��xr-��r��r ��r��_do ��zITelnetTransportTests.testNegotiationBlocksFurtherNegotiation.<locals>._doc��r��r��)rO��r��r��r��r��r��r��r ��r��_dont��r��zKTelnetTransportTests.testNegotiationBlocksFurtherNegotiation.<locals>._dontc��s~��j��tjtj�d��j��j�jdgd��d��j�j_��j��d�}��j��tjtj �d��\|� ��jd��\|� ��fdd��\|S�)Nr��r��)r��Tc��s��j��jjdgdgd�S�)Nr��)r��r��r��r��r��r ��r��r&��s��z^TelnetTransportTests.testNegotiationBlocksFurtherNegotiation.<locals>._final.<locals>.<lambda>)rO��r0��r��rh��r��r��rV��r?��r��r��r��rW��r��r��r ��r��_final��s�� zLTelnetTransportTests.testNegotiationBlocksFurtherNegotiation.<locals>._final)rO��r��r��r��r��r��)r��r��r��r��r��r-��r ��r��r��'testNegotiationBlocksFurtherNegotiation��s�� z<TelnetTransportTests.testNegotiationBlocksFurtherNegotiationc��C��s��\|�j��d�}\|��\|tj�S�)N��)rO��r��r��r��AlreadyDisabledr��r ��r ��r��#testSuperfluousDisableRequestRaises'��s��z8TelnetTransportTests.testSuperfluousDisableRequestRaisesc��C��s.��\|�j��d�}d\|j_\|�j��d�}\|��\|tj�S�)Nr��r��)rO��r��r��r��r��r��r��AlreadyEnabledr��r ��r ��r��"testSuperfluousEnableRequestRaises,��s��z7TelnetTransportTests.testSuperfluousEnableRequestRaisesc��C��sx��\|�j��d�}\|�j��d�}\|�j��d�}G�dd��dt�}\|�j��\|d��\|��\|\|�}\|��\|\|�}\|��\|\|�}t�\|\|\|g�S�)Nr��#��4c��@��s��e�Zd�ZdS�)zLTelnetTransportTests.testLostConnectionFailsDeferreds.<locals>.TestExceptionN)rI��rJ��rK��r ��r ��r ��r�� TestException8��s��r��zTotal failure!)rO��r�� Exceptionr3��r��r�� gatherResults)r��d1�d2�d3r��r ��r ��r�� testLostConnectionFailsDeferreds3��s��z5TelnetTransportTests.testLostConnectionFailsDeferredsN))rI��rJ��rK��__doc__rU��r]��rd��rg��rj��rm��ro��rp��rq��rr��rs��rt��ru��rv��rw��r\|��r}��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r ��r ��r ��r��rQ��\��sN�� %rQ��c��@��s0��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd S�)� TestTelnetzP A trivial extension of the telnet protocol class useful to unit tests. c��C��s��t�j�\|��g�\|�_d�S�r"��)r��Telnetr��eventsr��r ��r ��r��r��H��s�� zTestTelnet.__init__c��C��s��\|�j��d\|f��dS�)z: Record the given data in C{self.events}. �bytesN�r��r#��r/��r ��r ��r��applicationDataReceivedL��s��z"TestTelnet.applicationDataReceivedc��C��\|�j��d\|\|f��dS�)z= Record the given command in C{self.events}. rD��Nr��rG��r ��r ��r��rF��R��zTestTelnet.unhandledCommandc��C��r��)zL Record the given subnegotiation command in C{self.events}. � negotiateNr��rG��r ��r ��r��rH��X��r��z"TestTelnet.unhandledSubnegotiationN)rI��rJ��rK��r��r��r��rF��rH��r ��r ��r ��r��r��C��s��r��c��@��s��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zd d!��Zd"S�)#�TelnetTestsz� Tests for L{telnet.Telnet}. L{telnet.Telnet} implements the TELNET protocol (RFC 854), including option and suboption negotiation, and option state tracking. c��C��s��t��\|�_dS�)zM Create an unconnected L{telnet.Telnet} to be used by tests. N)r��rV��r��r ��r ��r��rU��g��s��zTelnetTests.setUpc��C��\|��\|�j�d��dS�)z� L{telnet.Telnet.enableLocal} should reject all options, since L{telnet.Telnet} does not know how to implement any options. ��N)r��rV��r:��r��r ��r ��r��test_enableLocalm��zTelnetTests.test_enableLocalc��C��r��)z� L{telnet.Telnet.enableRemote} should reject all options, since L{telnet.Telnet} does not know how to implement any options. r��N)r��rV��r@��r��r ��r ��r��test_enableRemotet��r��zTelnetTests.test_enableRemotec��C��\|��t\|�jjd��dS�)a �� It is an error for L{telnet.Telnet.disableLocal} to be called, since L{telnet.Telnet.enableLocal} will never allow any options to be enabled locally. If a subclass overrides enableLocal, it must also override disableLocal. r��N)�assertRaises�NotImplementedErrorrV��r=��r��r ��r ��r��test_disableLocal{��zTelnetTests.test_disableLocalc��C��r��)a�� It is an error for L{telnet.Telnet.disableRemote} to be called, since L{telnet.Telnet.enableRemote} will never allow any options to be enabled remotely. If a subclass overrides enableRemote, it must also override disableRemote. r��N)r��r��rV��rA��r��r ��r ��r��test_disableRemote��r��zTelnetTests.test_disableRemotec��C��6��t��}\|�j�\|��\|�j�dd��\|��\|��d��dS�)z� L{telnet.Telnet.requestNegotiation} formats the feature byte and the payload bytes into the subnegotiation format and sends them. See RFC 855. ��s��s��N�r��rS��rV��r.��requestNegotiationrW��r��r��r,��r ��r ��r��test_requestNegotiation��s��z#TelnetTests.test_requestNegotiationc��C��r��)z� If the payload for a subnegotiation includes I{IAC}, it is escaped by L{telnet.Telnet.requestNegotiation} with another I{IAC}. See RFC 855. r��re��s��Nr��r��r ��r ��r��!test_requestNegotiationEscapesIAC��s��z-TelnetTests.test_requestNegotiationEscapesIACc��G��s,��g��}\|�j�_\|�j��\|��\|��\|t\|��dS�)z Pass the given bytes to the protocol's C{dataReceived} method and assert that the given events occur. N)rV��r��r0��rW��rz��)r��r��expected�receivedr ��r ��r��_deliver��s��zTelnetTests._deliverc��C��\|��dd��dS�)zc One application-data byte in the default state gets delivered right away. ��a)r��r��N�r��r��r ��r ��r��test_oneApplicationDataByte��z'TelnetTests.test_oneApplicationDataBytec��C��r ��)za Two application-data bytes in the default state get delivered together. ��bc)r��r��Nr��r��r ��r ��r��test_twoApplicationDataBytes��r��z(TelnetTests.test_twoApplicationDataBytesc��C��s��\|��dtj�d��dS�)z~ Three application-data bytes followed by a control byte get delivered, but the control byte doesn't. ��def)r��r��N�r��r��rh��r��r ��r ��r��test_threeApplicationDataBytes��r��zTelnetTests.test_threeApplicationDataBytesc��C��s,��\|��tj��\|��tjd�dtjd�f��dS�)zy IAC in the escaped state gets delivered and so does another application-data byte following it. ��gr��Nr��r��r ��r ��r��test_escapedControl��s�� zTelnetTests.test_escapedControlc��C��s��\|��d��\|��dd��\|��dd��\|��d��\|��dd��\|��dd��\|��d��\|��dd ��\|��d d ��\|��d��\|��tjtj�d�ddtj�d�f��d S�)a�� A carriage return only puts the protocol into the newline state. A linefeed in the newline state causes just the newline to be delivered. A nul in the newline state causes a carriage return to be delivered. An IAC in the newline state causes a carriage return to be delivered and puts the protocol into the escaped state. Anything else causes a carriage return and that thing to be delivered. ra��r_��)r��r_��s�� r��)r��ra��s�� r��)r�� ar��xr��Nr��r��r ��r ��r��test_carriageReturn��s�� zTelnetTests.test_carriageReturnc��C��s&��\|��dtj�tj�ddtjdf��dS�)zt Application bytes received before a command are delivered before the command is processed. r��)r��r��rD��N)r��r��rh��r��r��r ��r ��r��'test_applicationDataBeforeSimpleCommand��s �� z3TelnetTests.test_applicationDataBeforeSimpleCommandc��C��s2��i�\|�j�_\|��dtj�tj�d�ddtjdf��dS�)z~ Application bytes received before a WILL/WONT/DO/DONT are delivered before the command is processed. ��yr��)r��r��rD��N)rV��r)��r��r��rh��r��r��r ��r ��r��!test_applicationDataBeforeCommand��s�� z-TelnetTests.test_applicationDataBeforeCommandc��C��s6��\|��dtj�tj�d�tj�tj�ddddgf��dS�)z� Application bytes received before a subnegotiation command are delivered before the negotiation is processed. ��zs��Qx)r��r��r��Qr��N)r��r��rh��rx��ry��r��r ��r ��r��(test_applicationDataBeforeSubnegotiation��s �� z4TelnetTests.test_applicationDataBeforeSubnegotiationN)rI��rJ��rK��r��rU��r��r��r��r��r��r ��r��r��r��r��r��r��r��r��r!��r ��r ��r ��r��r��_��s$�� r��N)r��zope.interfacer��zope.interface.verifyr�� twisted.conchr��twisted.internetr��twisted.python.compatr��twisted.testr�� twisted.trialr��rN��r ��TestCaserL��rQ��r��r��r��r ��r ��r ��r��<module>��s"��> ��j��test/__pycache__/test_recvline.cpython-310.pyc��0000644��00000062023�15027667726�0015327 0��ustar�00��o ��bXc��@��sb��d�Z�ddlZddlZddlmZ�ddlmZ�ddlmZ�ddl m Z �ddlmZm Z �ddlmZmZmZ�dd lmZ�dd lmZ�ddlmZ�ddlmZmZ�ed �Zeej�Zej� ej!�ed<�G�dd��de�Z"ddlm#Z#�ddlm$Z$�ddl%m&Z&�G�dd��dej'�Z(dZ)dZdZ+dZ,dZ-dZ.dZ/dZ0dZ1ddl m2Z2�z dd l3m4Z4m5Z5m6Z6m7Z7m8Z8�dd!l9m:Z:m;Z;m<Z<m=Z=m>Z>m?Z?�W�n�e@y��d"ZAY�nGw�d#ZAG�d$d%��d%e:jB�ZCG�d&d'��d'e;jD�ZEG�d(d)��d)e?jF�ZGG�dd+��d+e>jH�ZIG�d,d-��d-e7�ZJG�d.d/��d/e6�ZKG�d0d1��d1e8�ZLe�MeKeLe=jN��G�d2d3��d3e$jO�ZPG�d4d5��d5�ZQG�d6d7��d7eQ�ZRdd8lSmTZT�G�d9d:��d:ejUeTjV�ZWG�d;d<��d<ejXeTjV�ZYG�d=d>��d>eQ�ZZG�d?d@��d@eQ�Z[G�dAdB��dB�Z\G�dCdD��dDeZee\�Z]G�dEdF��dFeRee\�Z^ee�dG�G�dHdI��dIe[ee\��Z_G�dJdK��dK�Z`G�dLdM��dMeZee`�ZaG�dNdO��dOeRee`�Zbee�dP�G�dQdR��dRe[ee`��ZcG�dSdT��dTe�ZddS�)UzU Tests for L{twisted.conch.recvline} and fixtures for testing related functionality. ��N)�skipIf)�recvline)�insults)�portal)�defer�error)� components�filepath�reflect)� iterbytes)� requireModule)�StringTransport)�SkipTest�TestCaseztwisted.conch.stdio� PYTHONPATHc��@��sl��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dd��Z dd��Zdd��Zdd��Z dd��ZdS�)�ArrowsTestsc��sF��t��_t��_t��_��fdd��j_��j_ ��j� ��j��d�S�)Nc��s��j�S��N)�p��selfr��B/usr/lib/python3/dist-packages/twisted/conch/test/test_recvline.py�<lambda>"��s��z#ArrowsTests.setUp.<locals>.<lambda>)r ��underlyingTransportr��ServerProtocol�ptr��HistoricRecvLiner��protocolFactory�factory�makeConnectionr��r��r��r��setUp��s�� zArrowsTests.setUpc��C��s@��\|�j��dd��\|�j��dd��\|�j��dd��\|��\|�j��d��dS�)zy When L{HistoricRecvLine} receives a printable character, it adds it to the current line buffer. ��xN��y��z��xyz��)r��keystrokeReceived�assertEqual�currentLineBufferr��r��r��r��test_printableCharacters&��s��z$ArrowsTests.test_printableCharactersc��sF��fdd�}t�d�D�]}\|\|��q ��j��d��\|��jj��j��d��\|��jj��j��d��\|��jj��j��d��\|��jj��j��d��\|��jj��j��d��\|��jj��j��d��\|��jj��j��d��\|��jj��j��d��\|��jj��j��d��dS�) z� When L{HistoricRecvLine} receives a LEFT_ARROW or RIGHT_ARROW keystroke it moves the cursor left or right in the current line buffer, respectively. c��j��\|�d��S�r��r��r'��chr��r��r��r��7��z3ArrowsTests.test_horizontalArrows.<locals>.<lambda>r%��r$��)��xyr#��)r!��s��yz)r&��r%��N)r��r(��r��r)��r��RIGHT_ARROW� LEFT_ARROW�r��kRr.��r��r��r��test_horizontalArrows1��s,�� z!ArrowsTests.test_horizontalArrowsc��s\|��fdd�}t�d�D�]}\|\|��q ��j��d��\|d��\|d��\|d��j��d��\|d��j��d ��d S�)z� When {HistoricRecvLine} receives a newline, it adds the current line buffer to the end of its history buffer. c��r+��r��r,��r-��r��r��r��r��]��r/��zArrowsTests.test_newline.<locals>.<lambda>��xyz abc 123 ��r%��abc��123r��c��b��a�� ))r%��r9��r:��s��cbar��N)r��r(��r��currentHistoryBufferr3��r��r��r��test_newlineX��s�� zArrowsTests.test_newlinec��s6��fdd�}t�d�D�]}\|\|��q ��j��d��j��d��\|��jj��j��d��j��d��\|��jj��j��d��j��d ��\|��jj��j��d ��j��d��\|��jj��j��d ��j��d��td�D�]}\|��jj��q��j��d��d S�)a�� When L{HistoricRecvLine} receives UP_ARROW or DOWN_ARROW keystrokes it move the current index in the current history buffer up or down, and resets the current line buffer to the previous or next line in history, respectively for each. c��r+��r��r,��r-��r��r��r��r��u��r/��z1ArrowsTests.test_verticalArrows.<locals>.<lambda>r6��r7��r&��r&��))r%��r9��)r:��)r:��r&��))r%��)r9��r:��)r9��r&��)r��r8��r$��N) r��r(��r��r?��r)��r��UP_ARROW�range� DOWN_ARROW)r��r4��r.��ir��r��r��test_verticalArrowsn��s(�� zArrowsTests.test_verticalArrowsc��sV��fdd�}t�d�D�]}\|\|��q ��j��d��\|��jj��j��d��dS�)z� When L{HistoricRecvLine} receives a HOME keystroke it moves the cursor to the beginning of the current line buffer. c��r+��r��r,��r-��r��r��r��r��r/��z'ArrowsTests.test_home.<locals>.<lambda>��hello, world�rH��r&��)r&��rH��N)r��r(��r��r)��r��HOMEr3��r��r��r�� test_home��s�� zArrowsTests.test_homec��sb��fdd�}t�d�D�]}\|\|��q ��j��d��\|��jj��\|��jj��j��d��dS�)z� When L{HistoricRecvLine} receives an END keystroke it moves the cursor to the end of the current line buffer. c��r+��r��r,��r-��r��r��r��r��r/��z&ArrowsTests.test_end.<locals>.<lambda>rH��rI��N)r��r(��r��r)��r��rJ��ENDr3��r��r��r��test_end��s�� zArrowsTests.test_endc��s��fdd�}t�d�D�]}\|\|��q ��j��d��\|��jj��j��d��\|��jj��\|��jj��j��d��\|��jj��j��d��dS�)z� When L{HistoricRecvLine} receives a BACKSPACE keystroke it deletes the character immediately before the cursor. c��r+��r��r,��r-��r��r��r��r��r/��z,ArrowsTests.test_backspace.<locals>.<lambda>r%��r$��r0��r&��)r&��r"��N)r��r(��r��r)��r�� BACKSPACEr2��r3��r��r��r��test_backspace��s�� zArrowsTests.test_backspacec��s��fdd�}t�d�D�]}\|\|��q ��j��d��\|��jj��j��d��\|��jj��\|��jj��j��d��\|��jj��\|��jj��j��d��\|��jj��\|��jj��j��d��\|��jj��j��d��dS�) z� When L{HistoricRecvLine} receives a DELETE keystroke, it delets the character immediately after the cursor. c��r+��r��r,��r-��r��r��r��r��r/��z)ArrowsTests.test_delete.<locals>.<lambda>r%��r$��rN��)r!��r&��rA��N)r��r(��r��r)��r��DELETEr2��r3��r��r��r��test_delete��s"�� zArrowsTests.test_deletec��sr��fdd�}t�d�D�]}\|\|��q \|��jj��\|d��j��d��\|��jj��\|d��j��d��dS�) z� When not in INSERT mode, L{HistoricRecvLine} inserts the typed character at the cursor before the next character. c��r+��r��r,��r-��r��r��r��r��r/��z)ArrowsTests.test_insert.<locals>.<lambda>r%��A)��xyAr#��B)��xyBs��AzN)r��r��r2��r(��r��r)��r3��r��r��r��test_insert��s�� zArrowsTests.test_insertc��s~��fdd�}t�d�D�]}\|\|��q \|��jj��\|��jj��\|d��j��d��\|��jj��\|d��j��d��dS�) a�� When in INSERT mode and upon receiving a keystroke with a printable character, L{HistoricRecvLine} replaces the character at the cursor with the typed character rather than inserting before. Ah, the ironies of INSERT mode. c��r+��r��r,��r-��r��r��r��r��r/��z+ArrowsTests.test_typeover.<locals>.<lambda>r%��rS��)rT��r&��rU��)rV��r&��N)r��r��INSERTr2��r(��r��r)��r3��r��r��r�� test_typeover��s�� zArrowsTests.test_typeoverc��sr��fdd�}��j�}\|j\|j\|j\|j\|j\|j\|j\|j\|j \|j \|j\|j\|j \|jfD�]}\|\|��j��d��q'dS�)z� When L{HistoricRecvLine} receives a keystroke for an unprintable function key with no assigned behavior, the line buffer is unmodified. c��r+��r��r,��r-��r��r��r��r�� r/��z8ArrowsTests.test_unprintableCharacters.<locals>.<lambda>rA��N)r��F1�F2�F3�F4�F5�F6�F7�F8�F9�F10�F11�F12�PGUP�PGDNr(��r��r)��)r��r4��r��r.��r��r��r��test_unprintableCharacters��s(��z&ArrowsTests.test_unprintableCharactersN)�__name__� __module__�__qualname__r ��r��r5��r@��rG��rK��rM��rP��rR��rW��rY��rh��r��r��r��r��r��s��'#r��)�telnet)�helper)� LoopbackRelayc��@��e�Zd�Zdd��ZdS�)� EchoServerc��C��s ��\|�j��\|d�\|�j\|�j��d�S�)Nr>��)�terminal�write�ps�pn)r��liner��r��r��lineReceived��s�� zEchoServer.lineReceivedN)ri��rj��rk��rv��r��r��r��r��rp��)��rp��s��[Ds��[Cs��[As��[Bs��[2~s��[1~s��[3~s��[4~��)�checkers)�ConchFactory� TerminalRealm�TerminalSession�TerminalSessionTransport�TerminalUser)�channel� connection�keys�session� transport�userauthFTc��@��s0��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd S�)�SessionChannels��sessionc��O��<��t�jj\|�g\|�R�i�\|��\|\|�_\|\|�_\|\|�_\|\|�_\|\|�_d�S�r��)r�� SSHChannel�__init__r��protocolArgs�protocolKwArgs�width�height�r��r��r��r��r��r��a�kwr��r��r��r��S�� zSessionChannel.__init__c��C��sh��t��d\|�j\|�jddfd�}\|�j�\|�d\|��\|�j�\|�dd��\|�j\|�ji�\|�j��\|�_ \|�\|�j _ \|�j �\|��d�S�)Ns��vt102r��r&��s��pty-reqs��shell)r��packRequest_pty_reqr��r��conn�sendRequestr��r��r��_protocolInstancer��r��)r��data�termr��r��r��channelOpen_��s��zSessionChannel.channelOpenc��C��s��\|�j��t��d�S�r��)r��connectionLostr��ConnectionDoner��r��r��r��closedl��s��zSessionChannel.closedc��C��\|�j��\|��d�S�r��)r��dataReceived�r��r��r��r��r��r��o��zSessionChannel.dataReceivedN)ri��rj��rk��namer��r��r��r��r��r��r��r��r��P��s�� r��c��@��$��e�Zd�Zdd��Zdd��Zdd��ZdS�)�TestConnectionc��O��r��r��)r�� SSHConnectionr��r��r��r��r��r��r��r��r��r��r��s��r��zTestConnection.__init__c��C��s,��t�\|�j\|�j\|�j\|�j\|�j�\|�_\|��\|�j��d�S�r��)r��r��r��r��r��r��_TestConnection__channel�openChannelr��r��r��r��serviceStarted��s��zTestConnection.serviceStartedc��C��\|�j��\|�S�r��)r��rr��r��r��r��r��rr��zTestConnection.writeN)ri��rj��rk��r��r��rr��r��r��r��r��r��r��s�� r��c��@��e�Zd�Zdd��Zdd��ZdS�)�TestAuthc��O��s&��t�jj\|�\|g\|�R�i�\|��\|\|�_d�S�r��)r��SSHUserAuthClientr��password)r��usernamer��r��r��r��r��r��r��s�� zTestAuth.__init__c��C��s��t��\|�j�S�r��)r��succeedr��r��r��r��r��getPassword��r��zTestAuth.getPasswordN)ri��rj��rk��r��r��r��r��r��r��r��s��r��c��@��s,��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd S�) � TestTransportc�� O��s.��\|\|�_�\|\|�_\|\|�_\|\|�_\|\|�_\|\|�_\|\|�_d�S�r��)r��r��r��r��r��r��r��) r��r��r��r��r��r��r��r��r��r��r��r��r��r��s�� zTestTransport.__init__c��C��s ��t��d�S�)NT)r��r��)r��hostKey�fingerprintr��r��r�� verifyHostKey��s�� zTestTransport.verifyHostKeyc��C��s8��t�\|�j\|�j\|�j\|�j\|�j�\|�_\|��t\|�j \|�j \|�j��d�S�r��)r��r��r��r��r��r��_TestTransport__connection�requestServicer��r��r��r��r��r��r��connectionSecure��s��zTestTransport.connectionSecurec��C��r��r��)r��rr��r��r��r��r��rr��r��zTestTransport.writeN)ri��rj��rk��r��r��r��rr��r��r��r��r��r��s ��r��c��@��ro��)�TestSessionTransportc��C��s��\|�j�jjj��S�r��)�avatarr��r��r��serverProtocolr��r��r��r��r��r��z$TestSessionTransport.protocolFactoryN)ri��rj��rk��r��r��r��r��r��r��rw��r��c��@��s��e�Zd�ZeZdS�)�TestSessionN)ri��rj��rk��r��transportFactoryr��r��r��r��r��s��r��c��@��e�Zd�ZdS�)�TestUserN�ri��rj��rk��r��r��r��r��r��r��c��@��r��)�NotifyingExpectableBufferc��C��s��t��\|�_t��\|�_d�S�r��)r��Deferred�onConnection�onDisconnectionr��r��r��r��r��s�� z"NotifyingExpectableBuffer.__init__c��C��s��t�j�\|��\|�j�\|��d�S�r��)rm��ExpectableBuffer�connectionMader��callbackr��r��r��r��r��s��z(NotifyingExpectableBuffer.connectionMadec��C��r��r��)r��errback)r��reasonr��r��r��r��r��z(NotifyingExpectableBuffer.connectionLostN)ri��rj��rk��r��r��r��r��r��r��r��r��s��r��c��@��s$��e�Zd�ZdZdZdd��Zdd��ZdS�)� _BaseMixin�P��c�� C��s��\|�j��}\|dg\|�jt\|��d��}\|��t\|�t\|��tt\|��D�]-}\|��\|\|�\|\|�d�\|td\|d��\|d��d�d�\|td\|d��\|d��q%d�S�)Nr&��r��s�� != ) �recvlineClient� __bytes__� splitlines�HEIGHT�lenr(��rD��join�max)r��lines� receivedLines� expectedLinesrF��r��r��r�� _assertBuffer��s��z_BaseMixin._assertBufferc��s.��j��d�}��\|��fdd�}\|�\|�S�)Ns��donec��s��d�S�r��)r��)�ign��outputr��r��r��finished��s��z)_BaseMixin._trivialTest.<locals>.finished)r��expect� _testwrite�addCallback)r�� inputLiner��doner��r��r��r��_trivialTest��s�� z_BaseMixin._trivialTestN)ri��rj��rk��WIDTHr��r��r��r��r��r��r��r��s �� r��c��@��r��)� _SSHMixinc��s>��t�std��d\}}t��}t\|_�fdd�\|_t��}\|�\|\|��t � \|�}\|�\|��t\|�}t jt�\|��dd�}\|\|jd<�\|\|jd<�\|�j\|_\|��\|��t��fdd��\|�d��}t\|�} t��t��fd d��t��fd d�di�\|\|\|�j\|�j�} t\| �}\| �\| ��\|�\|��\|�_ \| \|�_!\|\|�_"\| \|�_#\|\|�_$�j%S�)NzMcryptography requirements missing, can't run historic recvline tests over ssh)s��testusers��testpassc��S�r��r��r�� insultsServerr��r��r��z!_SSHMixin.setUp.<locals>.<lambda>i��)�keySizes��ssh-rsac��r��r��r��r��recvlineServerr��r��r��r��c��r��r��r��r��r��r��r��r��r��c��r��r��r��r�� insultsClientr��r��r��r��r��)&�sshr��r{��r��userFactory�chainedProtocolFactoryry��'InMemoryUsernamePasswordDatabaseDontUse�addUserr��Portal�registerCheckerrz��r��_getPersistentRSAKeyr ��FilePath�mktemp� publicKeys�privateKeysr��startFactoryr��r�� buildProtocolrn��r��ClientProtocolr��r��r��r��r�� sshClient� sshServer�clientTransport�serverTransportr��)r��ur��rlm�checker�ptl� sshFactory�sshKeyr��r��r��r��r��r��r��r��r��r��r ��sL�� z_SSHMixin.setUpc��C��r��r��)r��rr��r��r��r��r��r��$��r��z_SSHMixin._testwriteN�ri��rj��rk��r ��r��r��r��r��r��r��s��2r��)�test_telnetc��@��r��)�TestInsultsClientProtocolNr��r��r��r��r��r ��+��r��r ��c��@��r��)�TestInsultsServerProtocolNr��r��r��r��r��r ��/��r��r ��c��@��r��)�_TelnetMixinc��s��\|��t�fdd��t��fdd��}t\|�}t��t�fdd��t��fdd��}t\|�}\|�\|��\|�\|��\|��\|��\|�_ \|\|�_ \|\|�_\|\|�_�j S�)Nc��r��r��r��r��r��r��r��r��6��r��z$_TelnetMixin.setUp.<locals>.<lambda>c��r��r��r��r��r��r��r��r��7��r��c��r��r��r��r��r��r��r��r��;��r��c��r��r��r��r��r��r��r��r��<��r��)r��r ��rl��TelnetTransportrn��r��r ��r��clearBufferr��telnetClientr��r��r��)r��telnetServerr��r��r��r��r��r��r ��4��s"�� z_TelnetMixin.setUpc��C��r��r��)r��rr��r��r��r��r��r��L��r��z_TelnetMixin._testwriteNr��r��r��r��r��r��3��s��r��c��@��r��)�_StdioMixinc��s��t��t��fdd��}t�\|�}tj}tj}\|�d�s!\|�d�r'\|d�d��}\|\|t � \|�j�g}ddlm }�\|j\|\|\|tdd �}��\|�_\|�_\|\|�_\|\|�_t�td�\|j��d �g��S�)Nc��r��r��r��r��testTerminalr��r��r��[��r��z#_StdioMixin.setUp.<locals>.<lambda>z.pycz.pyo��r��)�reactorT)�env�usePTYs��>>> )r��r��r��stdio�TerminalProcessProtocol�sys� executable�__file__�endswithr ��qualr��twisted.internetr��spawnProcess� properEnvr��r�� processClientr��r�� gatherResults�filterr��r��)r��r��r!��exe�module�argsr��r��r��r��r��r ��Q��s$�� z_StdioMixin.setUpc�� sD��z��j��d��W�n�tjtfy��Y�nw��fdd�}��jj�\|�S�)N�KILLc��s.��\|��tj��\|�jj��\|�jjd��d�S�)N� ��)�trapr��ProcessTerminated�assertIsNone�value�exitCoder(��status)�failurer��r��r��r)��s��z"_StdioMixin.tearDown.<locals>.trap)r�� signalProcessr��ProcessExitedAlready�OSErrorr��r�� addErrback)r��r)��r��r��r��tearDown\|��s��z_StdioMixin.tearDownc��C��r��r��)r��rr��r��r��r��r��r��r��z_StdioMixin._testwriteN)ri��rj��rk��r ��r4��r��r��r��r��r��r��P��s��+r��c��@��sX��e�Zd�ZeZdd��Zdd��Zdd��Zdd��Zd d ��Z dd��Z d d��Zdd��Zdd��Z dS�)�RecvlineLoopbackMixinc��C��s��\|��dg�d��S�)Ns��first line done)��>>> first line� ��first line��>>> done)r��r��r��r��r�� testSimple��s��z RecvlineLoopbackMixin.testSimplec��C��s ��\|��td�td��d�g�d��S�)Nr7��rB�� xxxx done)s��>>> first xxxxs ��first xxxxr8��)r��insert�leftr��r��r��r�� testLeftArrow��z#RecvlineLoopbackMixin.testLeftArrowc��C��s(��\|��td�td��td��d�g�d��S�)Ns ��right linerB��s��xx done)s��>>> right lixxs ��right lixxr8��)r��r;��r<��rightr��r��r��r��testRightArrow��s��z$RecvlineLoopbackMixin.testRightArrowc��C��\|��dtd��d�g�d��S�)N��second linerB��r:��)s��>>> second xxxxs��second xxxxr8��)r�� backspacer��r��r��r�� testBackspace��z#RecvlineLoopbackMixin.testBackspacec��C��s$��\|��dtd��td��d�g�d��S�)Ns��delete xxxxrB�� line done)s��>>> delete lines��delete liner8��)r��r<��deleter��r��r��r�� testDelete��s��z RecvlineLoopbackMixin.testDeletec��C��rB��)Ns ��third ine��l done)s��>>> third lines ��third liner8��)r��r<��r��r��r��r�� testInsert��rF��z RecvlineLoopbackMixin.testInsertc��C�� \|��dtd��t�d�g�d��S�)Ns��fourth xinerB��rK��)s��>>> fourth lines��fourth liner8��)r��r<��r;��r��r��r��r��testTypeover��r>��z"RecvlineLoopbackMixin.testTypeoverc��C��s��\|��td�t�d�g�d��S�)Ns ��blah lines ��home done)s ��>>> home lines ��home liner8��)r��r;��homer��r��r��r��testHome��rF��zRecvlineLoopbackMixin.testHomec��C��rM��)Ns��end rB��rG��)s��>>> end lines��end liner8��)r��r<��endr��r��r��r��testEnd��r>��zRecvlineLoopbackMixin.testEndN)ri��rj��rk��rp��r��r9��r=��rA��rE��rI��rL��rN��rP��rR��r��r��r��r��r5��s��r5��c��@��r��)�RecvlineLoopbackTelnetTestsNr��r��r��r��r��rS��r��rS��c��@��r��)�RecvlineLoopbackSSHTestsNr��r��r��r��r��rT��r��rT��zBTerminal requirements missing, can't run recvline tests over stdioc��@��r��)�RecvlineLoopbackStdioTestsNr��r��r��r��r��rU��s��rU��c��@��s(��e�Zd�ZeZdd��Zdd��Zdd��ZdS�)�HistoricRecvlineLoopbackMixinc��C��s��\|��dt�d�g�d��S�)Ns��first line �� done)r6��r7��r6��r7��r8��)r��upr��r��r��r��testUpArrow��s�� z)HistoricRecvlineLoopbackMixin.testUpArrowc��C��s��\|��dt�t�d�g�d��S�)aH�� Pressing down arrow to visit an entry that was added to the history by pressing the up arrow instead of return does not raise a L{TypeError}. @see: U{http://twistedmatrix.com/trac/ticket/9031} @return: A L{defer.Deferred} that fires when C{b"done"} is echoed back. s��first line partial linerW��)r6��r7��s��>>> partial lines��partial liner8��r��rX��downr��r��r��r��$test_DownArrowToPartialLineInHistory��s��zBHistoricRecvlineLoopbackMixin.test_DownArrowToPartialLineInHistoryc��C��rM��)Ns��first line second line r?��rW��)r6��r7��>>> second linerC��r]��rC��r8��rZ��r��r��r��r�� testDownArrow��r>��z+HistoricRecvlineLoopbackMixin.testDownArrowN)ri��rj��rk��rp��r��rY��r\��r^��r��r��r��r��rV��s ��rV��c��@��r��)�#HistoricRecvlineLoopbackTelnetTestsNr��r��r��r��r��r_�� r_��c��@��r��)� HistoricRecvlineLoopbackSSHTestsNr��r��r��r��r��ra��r`��ra��zKTerminal requirements missing, can't run historic recvline tests over stdioc��@��r��)�"HistoricRecvlineLoopbackStdioTestsNr��r��r��r��r��rb��s��rb��c��@��s��e�Zd�ZdZdd��ZdS�)�TransportSequenceTestsz5 L{twisted.conch.recvline.TransportSequence} c��C��s��\|��ttj��dS�)zh Initializing a L{recvline.TransportSequence} with no args raises an assertion. N)�assertRaises�AssertionErrorr��TransportSequencer��r��r��r��test_invalidSequence$��s��z+TransportSequenceTests.test_invalidSequenceN)ri��rj��rk��__doc__rg��r��r��r��r��rc��s��rc��)erh��osr��unittestr�� twisted.conchr��twisted.conch.insultsr��twisted.credr��r��r��r��twisted.pythonr��r ��r ��twisted.python.compatr��twisted.python.reflectr��twisted.test.proto_helpersr ��twisted.trial.unittestr��r��r��dict�environr ��pathsepr��pathr��rl��rm��twisted.conch.test.loopbackrn��r��rp��r<��r@��rX��r[��r;��rO��rH��rQ��rD��ry��twisted.conch.manhole_sshrz��r{��r\|��r}��r~��twisted.conch.sshr��r��r��r��r��r��ImportErrorr��r��r��r��r��r��r��SSHClientTransportr��r��r��r��registerAdapter�ISessionr��r��r��r��twisted.conch.testr��r��TestProtocolr ��r��r ��r��r��r5��rS��rT��rU��rV��r_��ra��rb��rc��r��r��r��r��<module>��s�� $�"' 7>9 5� �� test/__pycache__/test_address.cpython-310.pyc��0000644��00000003640�15027667726�0015145 0��ustar�00��o ��b��@��sL��d�Z�ddlmZ�ddlmZ�ddlmZ�ddlmZ�G�dd��dej e�Z dS�) z5 Tests for L{SSHTransportAddrress} in ssh/address.py ��)�SSHTransportAddress)�IPv4Address)�AddressTestCaseMixin)�unittestc��@��s(��e�Zd�ZdZdd��Zdd��Zdd��ZdS�) �SSHTransportAddressTestsz� L{twisted.conch.ssh.address.SSHTransportAddress} is what Conch transports use to represent the other side of the SSH connection. This tests the basic functionality of that class (string representation, comparison, &c). c��C��s.��\|��}\|\|�}\|\|j�}\|��\|d\|��dS�)z� The string representation of C{SSHTransportAddress} should be "SSHTransportAddress(<stringFunction on address>)". zSSHTransportAddress(%s)N)�buildAddress�address�assertEqual)�self�stringFunction�addr�stringValue�addressValue��r��A/usr/lib/python3/dist-packages/twisted/conch/test/test_address.py�_stringRepresentation��s�� z.SSHTransportAddressTests._stringRepresentationc��C��t�tddd��S�)z� Create an arbitrary new C{SSHTransportAddress}. A new instance is created for each call, but always for the same address. �TCPz 127.0.0.1��r��r��r ��r��r��r��r�� s��z%SSHTransportAddressTests.buildAddressc��C��r��)zK Like C{buildAddress}, but with a different fixed address. r��z 127.0.0.2r��r��r��r��r��r��buildDifferentAddress'��s��z.SSHTransportAddressTests.buildDifferentAddressN)�__name__� __module__�__qualname__�__doc__r��r��r��r��r��r��r��r��s �� r��N)r��twisted.conch.ssh.addressr��twisted.internet.addressr��"twisted.internet.test.test_addressr�� twisted.trialr��TestCaser��r��r��r��r��<module>��s��test/__pycache__/test_insults.cpython-310.pyc��0000644��00000074174�15027667726�0015233 0��ustar�00��o ��b�}��@��sb��d�dl�Z�d�dlmZmZ�d�dlmZmZmZmZm Z m Z mZmZm Z mZmZmZmZ�d�dlmZ�d�dlmZ�d�dlmZmZ�d�dlmZ�d�dlmZ�d d ��Zdd��Zd d��Zdd��Z e!��Z"dd��Z#dd��Z$e$ddg�d�g�d�g�d�g�d�g�d�g�d�g�d�g�d�g�d�g�d �g�d!�g�d"�g�d#�g�d$�g�d%�g�d&�ge��%d'�d(�Z&e$d)dddgdd+gd,d-gd.d/gdd0gd1d2gd3d4gd5d6gd7d8gd9dgd:d;gd<d=gd>d?gd@dAgdBdCgdDdEgge��%dF�d(�Z'G�dGdH��dH�Z(G�dIdJ��dJ�Z)dKZG�dLdM��dMe)�Z+[G�dNdO��dOe+ej,�Z-G�dPdQ��dQe+ej,�Z.G�dRdS��dSe+ej,�Z/G�dTdU��dUe+ej,�Z0G�dVdW��dWej,e)�Z1G�dXdY��dYej,�Z2dS�)Z��N)�Optional�Type) �BLINK�CS_ALTERNATE�CS_ALTERNATE_SPECIAL� CS_DRAWING�CS_UK�CS_US�G0�G1� UNDERLINE�ClientProtocol�ServerProtocol�modes�privateModes)�Protocol)� iterbytes)� ValueConstant�Values)�StringTransport)�unittestc��C��s��t�t\|��\|�S��N)�super�Mock�__getattribute__)�mock�name��r��A/usr/lib/python3/dist-packages/twisted/conch/test/test_insults.py�_getattr��s��r��c��C�� t�\|�d�S�)N�occurrences�r��r��r��r��r��r!��"�� r!��c��C��r ��)N�methodsr"��r#��r��r��r��r%��&��r$��r%��c��C��s��t�\|��\|��d�S�r��)r!��append)r��objr��r��r��_append��s��r(��c��C��s��t�t\|�d>�\|B�g��S�)a�� Return the byte in 7- or 8-bit code table identified by C{column} and C{row}. "An 8-bit code table consists of 256 positions arranged in 16 columns and 16 rows. The columns and rows are numbered 00 to 15." "A 7-bit code table consists of 128 positions arranged in 8 columns and 16 rows. The columns are numbered 00 to 07 and the rows 00 to 15 (see figure 1)." p.5 of "Standard ECMA-35: Character Code Structure and Extension Techniques", 6th Edition (December 1994). ��)�bytes� bytearray)�column�rowr��r��r��_ecmaCodeTableCoordinate1��s��r.��c��s,��fdd�t�\|�D��}\|\|d<�t\|�tf\|�S�)Nc��s:��i�\|�]\}}t�\|�D�]\}}\|r \|tt\|��\|��q qS�r��)� enumerater��r.��)�.0�jr-��ir�� colOffsetr��r�� <dictcomp>J��s��z/_makeControlFunctionSymbols.<locals>.<dictcomp>�__doc__)r/��typer��)r��r4��names�doc�attrsr��r3��r��_makeControlFunctionSymbolsE��s �� r;��CSFinalByter)��)�ICH�DCH�HPA)�CUU�SSE�HPR)�CUD�CPR�REP)�CUF�SU�DA)�CUB�SD�VPA)�CNL�NP�VPR)�CPL�PP�HVP)�CHA�CTC�TBC)�CUP�ECH�SM)�CHT�CVT�MC)�ED�CBT�HPB)�EL�SRS�VPB)�IL�PTX�RM)�DL�SDS�SGR)�EF�SIMD�DSR)�EAN�DAQaW�� Symbolic constants for all control sequence final bytes that do not imply intermediate bytes. This happens to cover movement control sequences. See page 11 of "Standard ECMA 48: Control Functions for Coded Character Sets", 5th Edition (June 1991). Each L{ValueConstant} maps a control sequence name to L{bytes} )r4��r8��r9�� C1SevenBit�DCS�PU1�BPH�PU2�NBH�STS�CCH�NEL�MW�SSA�SPA�ESA�EPA�HTS�SOS�HTJ�VTS�SCI�PLD�CSI�PLU�ST�RI�OSC�SS2�PM�SS3�APCa�� Symbolic constants for all 7 bit versions of the C1 control functions See page 9 "Standard ECMA 48: Control Functions for Coded Character Sets", 5th Edition (June 1991). Each L{ValueConstant} maps a control sequence name to L{bytes} c��@��s.��e�Zd�ZeZdefdd�Zdd��Zdd��ZdS�)r��Nc��C��s.��g�\|�_�\|du�r i�}\|\|�_\|tur\|\|�_dS�dS�)z� @param methods: Mapping of names to return values @param callReturnValue: object __call__ should return N)r!��r%��default�callReturnValue)�selfr%��r��r��r��r��__init__��s�� z Mock.__init__c��O��s.��t�\|�d�}\|tu�rt��}t\|�d\|\|\|f��\|S�)Nr��__call__)r��r��r��r(��)r��a�kw�returnValuer��r��r��r��s �� z Mock.__call__c��C��s:��t�\|�d�}\|\|v�rt\|\|�d�}nt��}t\|�\|\|f��\|S�)Nr%��)r��)r��r��r(��)r��r��r%�� attrValuer��r��r��r��s�� zMock.__getattribute__)�__name__� __module__�__qualname__r��r��r��r��r��r��r��r��r��r��s ��r��c��@��s��e�Zd�Zdi�fdd�ZdS�)� MockMixinr��c��C��sb��\|\}}\|��\|\|��\|��tt\|��d��t\|�\\}}} } \|��\|d��\|��\| \|��\|��\| \|��\|S�)N��r��)�assertEqual�lenr!��)r�� occurrence� methodName�expectedPositionalArgs�expectedKeywordArgs�attrr��call�result�argsr��r��r��r�� assertCall��s��zMockMixin.assertCallN)r��r��r��r��r��r��r��r��r��s��r��a��def testByte%(groupName)s(self): transport = StringTransport() proto = Mock() parser = self.protocolFactory(lambda: proto) parser.factory = self parser.makeConnection(transport) bytes = self.TEST_BYTES while bytes: chunk = bytes[:%(bytesPer)d] bytes = bytes[%(bytesPer)d:] parser.dataReceived(chunk) self.verifyResults(transport, proto, parser) c��@��sN��e�Zd�ZU�dZeee��ed<�dD�] \ZZ e eee d��q[[ dd��ZdS�)�ByteGroupingsMixinN�protocolFactory))�Pairs��)�Triples��)�Quadsr)��)�Quints��)�Sexes��)� groupName�bytesPerc��C��s.��\|��t\|��d�d\|f�}\|��t\|�g��d�S�)Nr��makeConnection)r��r!��popr��)r�� transport�proto�parserr��r��r��r�� verifyResults��s��z ByteGroupingsMixin.verifyResults) r��r��r��r��r��r��r��__annotations__�word�n�exec�_byteGroupingTestTemplater��r��r��r��r��r��s�� r��c��@��e�Zd�ZeZdZdd��ZdS�)�ServerArrowKeysTestss��[A[B[C[Dc��C��sh��t��\|�\|\|\|��\|j\|j\|j\|jfD�]}\|��t\|��d�d\|d�f�}\|�� t\|�g��q\|�� t\|��d�S�)Nr��keystrokeReceived)r��r��UP_ARROW� DOWN_ARROW�RIGHT_ARROW� LEFT_ARROWr��r!��r��r��assertFalse)r��r��r��r��arrowr��r��r��r��r��s��z"ServerArrowKeysTests.verifyResultsN�r��r��r��r��r�� TEST_BYTESr��r��r��r��r��r��s��r��c��@��r��)�PrintableCharactersTestss��abc123ABC!@#abc123c��C��s��t��\|�\|\|\|��td�D�]}\|��t\|��d�d\|d�f�}\|��t\|�g��qtd�D�]}\|��t\|��d�d\|\|jf�}\|��t\|�g��q)t\|�}\|��\|\|�d��d�S�)Ns��abc123ABC!@#r��r��s��abc123z should have been []) r��r��r��r��r!��r��r��ALTr��)r��r��r��r��charr��occsr��r��r��r��s��z&PrintableCharactersTests.verifyResultsNr��r��r��r��r��r��s��r��c��@��sF��e�Zd�ZdZeZg�ZdD�] Ze�de��qd� e�Z [[dd��ZdS�)�ServerFunctionKeysTestsz9Test for parsing and dispatching function keys (F1 - F12))s��OPs��OQs��ORs��OSs��15~s��17~s��18~s��19~s��20~s��21~s��23~s��24~��[��c��C��sn��t��\|�\|\|\|��tdd�D�] }t\|d\|f��}\|��t\|��d�d\|d�f�}\|��t\|�g��q \|��t\|��d�S�)Nr�� zF%dr��r��) r��r��range�getattrr��r!��r��r��r��)r��r��r��r��funcNum�funcArgr��r��r��r��r��;��s��z%ServerFunctionKeysTests.verifyResultsN)r��r��r��r6��r��r��byteList� byteCodesr&��joinr��r��r��r��r��r��r��#��s�� r��c��@��sH��e�Zd�ZeZdZdZdZdZee�e�e�e�e�Z [[[[dd��Z dS�)�ClientCursorMovementTestss��[2Bs��[4Cs��[As��[2Dc��C��s^��t��\|�\|\|\|��dD�]\}}\|��t\|��d�d\|�\|f�}\|��t\|�g��q \|��t\|��d�S�)N))�Downr��)�Forwardr)��Upr��Backwardr��r��r��r��cursor)r��r��r��r!��r��r��r��)r��r��r��r��method�countr��r��r��r��r��Q��s��z'ClientCursorMovementTests.verifyResultsN)r��r��r��r ��r��d2�r4�u1�l2r��r��r��r��r��r��r��F��s��r��c��@��s��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dd��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd ��Zd!d"��Zd#d$��Zd%d&��Zd'd(��Zd)d��Zd+d,��Zd-S�).�ClientControlSequencesTestsc��sh��t��_t��_t��fdd��_��j_��j��j��t ��j�� d�d��jf�}��t \|��d�S�)Nc��s��j�S�r��)r��r��r��r��r��<lambda>g��s��z3ClientControlSequencesTests.setUp.<locals>.<lambda>r��r��)r��r��r��r��r ��r��factoryr��r��r!��r��r��)r��r��r��r��r��setUpd��s��z!ClientControlSequencesTests.setUpc��C��st��\|�j��d�dd��td�D��t\|�j�}dD�]}dD�]}\|��\|�d�d\|�\|f�}\|��t\|��qq\|��\|��d�S�) Nr��c��s��s&��\|�]}d�D�] }d\|�\|�V��qqdS�))r��2s��20s��200r��Nr��)r0��chr��r��r��r�� <genexpr>q��s�� zBClientControlSequencesTests.testSimpleCardinals.<locals>.<genexpr>s��BACD)r��r��r��r��)r��r��r��r��) r��dataReceivedr��r��r!��r��r��r��r��)r��r��methr��r��r��r��r��testSimpleCardinalso��s�� z/ClientControlSequencesTests.testSimpleCardinalsc��C��sh��\|�j��d��t\|�j�}\|��\|�d�dd�}\|��t\|��\|��\|�d�dd�}\|��t\|��\|��\|��d�S�)Ns ��[5;22r[rr��setScrollRegion)r��)NN�r��r��r!��r��r��r��r��r��r��r��r��r��r��testScrollRegion��s�� z,ClientControlSequencesTests.testScrollRegionc��C��s��\|�j��d��t\|�j�}\|��\|�d�dd�}\|��t\|��\|��\|�d�dd�}\|��t\|��\|��\|�d�d�}\|��t\|��\|��\|�d�d�}\|��t\|��\|��\|��d�S�)Ns��#3#4#5#6r��doubleHeightLine)T)F�singleWidthLine�doubleWidthLiner��r��r��r��r��testHeightAndWidth��s�� z.ClientControlSequencesTests.testHeightAndWidthc��C��s��\|�j��d�dd��td�D��t\|�j�}ttfD�]}tt t ttfD�]}\|�� \|�d�d\|\|f�}\|��t\|��q"q\|��\|��d�S�)Nr��c��s(��g�\|�]��d��fdd�td�D��qS�)r��c��s��g�\|�]}d��\|��qS�)��r��)r0��r��gr��r�� <listcomp>��s��zKClientControlSequencesTests.testCharacterSet.<locals>.<listcomp>.<listcomp>s��AB012)r��r��)r0��r��r��r��r��s��z@ClientControlSequencesTests.testCharacterSet.<locals>.<listcomp>s��()r��selectCharacterSet)r��r��r��r��r!��r��r ��r��r��r ��r��r��r��r��r��r��)r��r��which�charsetr��r��r��r��testCharacterSet��s�� z,ClientControlSequencesTests.testCharacterSetc��C��d��\|�j��d��t\|�j�}\|��\|�d�d�}\|��t\|��\|��\|�d�d�}\|��t\|��\|��\|��d�S�)Ns��r��shiftIn�shiftOutr��r��r��r��r��testShifting�� z(ClientControlSequencesTests.testShiftingc��C��r��)Ns��NOr��singleShift2�singleShift3r��r��r��r��r��testSingleShifts��r��z,ClientControlSequencesTests.testSingleShiftsc��C��r��)Ns��=>r��applicationKeypadMode�numericKeypadModer��r��r��r��r��testKeypadMode��r��zClientControlSequencesTests.testKeypadModec��C��r��)Ns��78r�� saveCursor� restoreCursorr��r��r��r��r�� testCursor��r��z&ClientControlSequencesTests.testCursorc��C��sD��\|�j��d��t\|�j�}\|��\|�d�d�}\|��t\|��\|��\|��d�S�)Ns��cr��resetr��r��r��r��r�� testReset��s �� z%ClientControlSequencesTests.testResetc��C��s��\|�j��d��t\|�j�}\|��\|�d�d�}\|��t\|��\|��\|�d�d�}\|��t\|��\|��\|�d�d�}\|��t\|��\|��\|��d�S�)Ns��DMEr��index�reverseIndex�nextLiner��r��r��r��r�� testIndex��s�� z%ClientControlSequencesTests.testIndexc�� C��s��\|�j��dd�dd��tjtjtjfD��d��\|�j��dd�dd��tjtjtjfD��d��t\|�j�}\|�� \|� d�d tjtjtjgf�}\|��t\|��\|�� \|� d�d tjtjtjgf�}\|��t\|��\|��\|��d�S�)Nr��;c��s��\|�]}d�\|f�V��qdS��s��%dNr��r0��mr��r��r��r��z8ClientControlSequencesTests.testModes.<locals>.<genexpr>��hc��s��r��r��r��r��r��r��r��r��r��lr��setModes� resetModes)r��r��r��r��KAM�IRM�LNMr!��r��r��r��r��r��r��r��r�� testModes��s0�� z%ClientControlSequencesTests.testModesc��C��sp��\|�j��d��t\|�j�}dD�]}\|��\|�d�\|�}\|��t\|��q \|��\|�d�dd�}\|��t\|��\|��\|��d�S�)Ns��[K[1K[2K[J[1J[2J[3P)�eraseToLineEnd�eraseToLineBeginning� eraseLine�eraseToDisplayEnd�eraseToDisplayBeginning�eraseDisplayr��deleteCharacter)r��r��)r��r��r��r��r��r��r��testErasure��s�� z'ClientControlSequencesTests.testErasurec��C��R��\|�j��d��t\|�j�}dD�]}\|��\|�d�d\|f�}\|��t\|��q \|��\|��d�S�)Ns��[M[3M�r��r��r�� deleteLiner��r��r��argr��r��r��r��testLineDeletion!�� z,ClientControlSequencesTests.testLineDeletionc��C��r��)Ns��[L[3Lr+��r�� insertLiner��r-��r��r��r��testLineInsertion��r0��z-ClientControlSequencesTests.testLineInsertionc��C��sX��dt�\|�j�d<�\|�j�d��\|��\|�j��d��t\|�j�}\|��\|� d�d�}\|��\|d��d�S�)N)r��reportCursorPositions��[6ns��[7;8Rr��) r%��r��r��r��r��r��valuer!��r��r��r��r��r��r��testCursorPosition3��s�� z.ClientControlSequencesTests.testCursorPositionc��C��sN��t�\|�j�}\|�j�d��\|��\|�d�dd��\|�j�d��\|��\|�d�dd��dS�)z� Contiguous non-control bytes are passed to a single call to the C{write} method of the terminal to which the L{ClientProtocol} is connected. ��ar��write)r7��bc)r9��N)r!��r��r��r��r��r��)r��r��r��r��r��test_applicationDataBytes>��s �� z5ClientControlSequencesTests.test_applicationDataBytesc��C��sR��t�\|�j�}\|�j�\|��\|r\|�j\|�d�g\|�d��R��\|s \|��\|d\|��d�S�)Nr��zNo other calls should happen: )r!��r��r��r��r��r��r��)r��data�callsr��r��r��r��_applicationDataTestJ��s�� z0ClientControlSequencesTests._applicationDataTestc��C��\|��dddg��dS�)z� Application data bytes followed by a shift-in command are passed to a call to C{write} before the terminal's C{shiftIn} method is called. s��ab�r8��)s��ab)r��N�r=��r��r��r��r�� test_shiftInAfterApplicationDataQ��z<ClientControlSequencesTests.test_shiftInAfterApplicationDatac��C��r>��)z� Application data bytes followed by a shift-out command are passed to a call to C{write} before the terminal's C{shiftOut} method is called. s��abr?��)r��Nr@��r��r��r��r��!test_shiftOutAfterApplicationDataX��rB��z=ClientControlSequencesTests.test_shiftOutAfterApplicationDatac��C��r>��)z� Application data bytes followed by a cursor-backward command are passed to a call to C{write} before the terminal's C{cursorBackward} method is called. s��abr?��)�cursorBackwardNr@��r��r��r��r��'test_cursorBackwardAfterApplicationData_��s��zCClientControlSequencesTests.test_cursorBackwardAfterApplicationDatac��C��s,��\|��dddg��\|��ddddgffg��dS�)z� Application data bytes followed by an escape character are passed to a call to C{write} before the terminal's handler method for the escape is called. s��abDr?��)r��s��ab[4hr��r)��Nr@��r��r��r��r��test_escapeAfterApplicationDatag��s��z;ClientControlSequencesTests.test_escapeAfterApplicationDataN)r��r��r��r��r��r��r��r��r��r��r ��r ��r��r��r!��r)��r/��r2��r6��r:��r=��rA��rC��rE��rF��r��r��r��r��r��c��s.�� r��c��@��s ��e�Zd�ZdZedd�Zeedd��Zdd��Zdd��Zd d ��Z dd��Z d d��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd ��Zd!d"��Zd#d$��Zd%d&��Zd'd(��Zd)d��Zd+d,��Zd-d.��Zd/d0��Zd1d2��Zd3d4��Zd5d6��Zd7d8��Z d9d:��Z!d;d<��Z"d=d>��Z#d?d@��Z$dAdB��Z%dCS�)D�ServerProtocolOutputTestszh Tests for the bytes L{ServerProtocol} writes to its transport when its methods are called. r��r��c��C��s"��t��\|�_t��\|�_\|�j�\|�j��d�S�r��)r��protocolr��r��r��r��r��r��r��r��s��zServerProtocolOutputTests.setUpc��C��0��\|�j��d��\|��\|�j��\|�jd�tjj��dS�)z� L{ServerProtocol.cursorUp} writes the control sequence ending with L{CSFinalByte.CUU} to its transport. r��1N)rI��cursorUpr��r��r5��r��r<��r@��r��r��r��r�� test_cursorUp��z'ServerProtocolOutputTests.test_cursorUpc��C��rJ��)z� L{ServerProtocol.cursorDown} writes the control sequence ending with L{CSFinalByte.CUD} to its transport. r��rK��N)rI�� cursorDownr��r��r5��r��r<��rC��r��r��r��r��test_cursorDown��rN��z)ServerProtocolOutputTests.test_cursorDownc��C��rJ��)z� L{ServerProtocol.cursorForward} writes the control sequence ending with L{CSFinalByte.CUF} to its transport. r��rK��N)rI�� cursorForwardr��r��r5��r��r<��rF��r��r��r��r��test_cursorForward��rN��z,ServerProtocolOutputTests.test_cursorForwardc��C��rJ��)z� L{ServerProtocol.cursorBackward} writes the control sequence ending with L{CSFinalByte.CUB} to its transport. r��rK��N)rI��rD��r��r��r5��r��r<��rI��r��r��r��r��test_cursorBackward��rN��z-ServerProtocolOutputTests.test_cursorBackwardc��C��s2��\|�j��dd��\|��\|�j��\|�jd�tjj��dS�)z� L{ServerProtocol.cursorPosition} writes a control sequence ending with L{CSFinalByte.CUP} and containing the expected coordinates to its transport. r��s��1;1N)rI��cursorPositionr��r��r5��r��r<��rU��r��r��r��r��test_cursorPosition��s��z-ServerProtocolOutputTests.test_cursorPositionc��C����\|�j��\|��\|�j��\|�jtjj��dS�)z� L{ServerProtocol.cursorHome} writes a control sequence ending with L{CSFinalByte.CUP} and no parameters, so that the client defaults to (1, 1). N)rI�� cursorHomer��r��r5��r��r<��rU��r��r��r��r��test_cursorHome�� z)ServerProtocolOutputTests.test_cursorHomec��C��s,��\|�j��\|��\|�j��\|�jtdd��dS�)z� L{ServerProtocol.index} writes the control sequence ending in the 8-bit code table coordinates 4, 4. Note that ECMA48 5th Edition removes C{IND}. r)��N)rI��r��r��r��r5��ESCr.��r��r��r��r�� test_index��s�� z$ServerProtocolOutputTests.test_indexc��C��rV��)zt L{ServerProtocol.reverseIndex} writes the control sequence ending in the L{C1SevenBit.RI}. N)rI��r��r��r��r5��rZ��rl��r��r��r��r��r��test_reverseIndex�� z+ServerProtocolOutputTests.test_reverseIndexc��C��s ��\|�j��\|��\|�j��d��dS�)zM L{ServerProtocol.nextLine} writes C{" "} to its transport. s�� N)rI��r��r��r��r5��r��r��r��r�� test_nextLine��s�� z'ServerProtocolOutputTests.test_nextLinec��C��P��t�jt�jt�jg}\|�j�\|��\|��\|�j��\|�j d� dd��\|D��tjj��dS�)z� L{ServerProtocol.setModes} writes a control sequence containing the requested modes and ending in the L{CSFinalByte.SM}. r��c��s��r��r��r��r��r��r��r��r��r��z:ServerProtocolOutputTests.test_setModes.<locals>.<genexpr>N) r��r��r��r ��rI��r��r��r��r5��r��r��r<��rW��r�� modesToSetr��r��r�� test_setModes��s��z'ServerProtocolOutputTests.test_setModesc��C��r_��)z� L{ServerProtocol.setPrivatesModes} writes a control sequence containing the requested private modes and ending in the L{CSFinalByte.SM}. r��c��s��r��r��r��r��r��r��r��r��r��zAServerProtocolOutputTests.test_setPrivateModes.<locals>.<genexpr>N) r��ERROR�COLUMN�ORIGINrI��r��r��r��r5��r��r��r<��rW��)r��privateModesToSetr��r��r��test_setPrivateModes��s��z.ServerProtocolOutputTests.test_setPrivateModesc��C��r_��)zs L{ServerProtocol.resetModes} writes the control sequence ending in the L{CSFinalByte.RM}. r��c��s��r��r��r��r��r��r��r��r��r��z<ServerProtocolOutputTests.test_resetModes.<locals>.<genexpr>N) r��r��r��r ��rI��r��r��r��r5��r��r��r<��rc��r`��r��r��r��test_resetModes��s��z)ServerProtocolOutputTests.test_resetModesc��C��rV��)zp L{ServerProtocol.singleShift2} writes an escape sequence followed by L{C1SevenBit.SS2} N)rI��r��r��r��r5��rZ��rl��r��r��r��r��r��test_singleShift2��r]��z+ServerProtocolOutputTests.test_singleShift2c��C��rV��)zp L{ServerProtocol.singleShift3} writes an escape sequence followed by L{C1SevenBit.SS3} N)rI��r��r��r��r5��rZ��rl��r��r��r��r��r��test_singleShift3��r]��z+ServerProtocolOutputTests.test_singleShift3c��C��sB��\|�j��tt�tt��\|��\|�j��\|�jdttf��t j j��dS�)z� L{ServerProtocol.selectGraphicRendition} writes a control sequence containing the requested attributes and ending with L{CSFinalByte.SGR} s��%d;%dN)rI��selectGraphicRendition�strr��r��r��r��r5��r��r<��rf��r��r��r��r��test_selectGraphicRendition$��s ��z5ServerProtocolOutputTests.test_selectGraphicRenditionc��C��rV��)zz L{ServerProtocol.horizontalTabulationSet} writes the escape sequence ending in L{C1SevenBit.HTS} N)rI��horizontalTabulationSetr��r��r5��rZ��rl��rz��r��r��r��r��test_horizontalTabulationSet0��r]��z6ServerProtocolOutputTests.test_horizontalTabulationSetc��C��rV��)a�� L{ServerProtocol.eraseToLineEnd} writes the control sequence sequence ending in L{CSFinalByte.EL} and no parameters, forcing the client to default to 0 (from the active present position's current location to the end of the line.) N)rI��r"��r��r��r5��r��r<��r^��r��r��r��r��test_eraseToLineEnd8�� z-ServerProtocolOutputTests.test_eraseToLineEndc��C��.��\|�j��\|��\|�j��\|�jd�tjj��dS�)a �� L{ServerProtocol.eraseToLineBeginning} writes the control sequence sequence ending in L{CSFinalByte.EL} and a parameter of 1 (from the beginning of the line up to and include the active present position's current location.) rK��N)rI��r#��r��r��r5��r��r<��r^��r��r��r��r��test_eraseToLineBeginningB�� $z3ServerProtocolOutputTests.test_eraseToLineBeginningc��C��rr��)z� L{ServerProtocol.eraseLine} writes the control sequence sequence ending in L{CSFinalByte.EL} and a parameter of 2 (the entire line.) r��N)rI��r$��r��r��r5��r��r<��r^��r��r��r��r��test_eraseLineL�� $z(ServerProtocolOutputTests.test_eraseLinec��C��rV��)a�� L{ServerProtocol.eraseToDisplayEnd} writes the control sequence sequence ending in L{CSFinalByte.ED} and no parameters, forcing the client to default to 0 (from the active present position's current location to the end of the page.) N)rI��r%��r��r��r5��r��r<��r[��r��r��r��r��test_eraseToDisplayEndU��rq��z0ServerProtocolOutputTests.test_eraseToDisplayEndc��C��rr��)a�� L{ServerProtocol.eraseToDisplayBeginning} writes the control sequence sequence ending in L{CSFinalByte.ED} a parameter of 1 (from the beginning of the page up to and include the active present position's current location.) rK��N)rI��r&��r��r��r5��r��r<��r[��r��r��r��r��test_eraseToDisplayBeginning_��rt��z6ServerProtocolOutputTests.test_eraseToDisplayBeginningc��C��rr��)z� L{ServerProtocol.eraseDisplay} writes the control sequence sequence ending in L{CSFinalByte.ED} a parameter of 2 (the entire page) r��N)rI��r'��r��r��r5��r��r<��r[��r��r��r��r��test_eraseToDisplayi��rv��z-ServerProtocolOutputTests.test_eraseToDisplayc��C��rJ��)z� L{ServerProtocol.deleteCharacter} writes the control sequence containing the number of characters to delete and ending in L{CSFinalByte.DCH} r)��4N)rI��r(��r��r��r5��r��r<��r>��r��r��r��r��test_deleteCharacterr��s��z.ServerProtocolOutputTests.test_deleteCharacterc��C��rJ��)z� L{ServerProtocol.insertLine} writes the control sequence containing the number of lines to insert and ending in L{CSFinalByte.IL} r��5N)rI��r1��r��r��r5��r��r<��ra��r��r��r��r��test_insertLine}��$z)ServerProtocolOutputTests.test_insertLinec��C��rJ��)z� L{ServerProtocol.deleteLine} writes the control sequence containing the number of lines to delete and ending in L{CSFinalByte.DL} r��6N)rI��r,��r��r��r5��r��r<��rd��r��r��r��r��test_deleteLine��r~��z)ServerProtocolOutputTests.test_deleteLinec��C��s��\|�j��\|��\|�j��\|�jd�d��dS�)z� With no arguments, L{ServerProtocol.setScrollRegion} writes a control sequence with no parameters, but a parameter separator, and ending in C{b'r'}. r��rN�rI��r��r��r��r5��r��r��r��r��r��test_setScrollRegionNoArgs��rY��z4ServerProtocolOutputTests.test_setScrollRegionNoArgsc��C��.��\|�j�jdd��\|��\|�j��\|�jd�d��dS�)z� With just a value for its C{first} argument, L{ServerProtocol.setScrollRegion} writes a control sequence with that parameter, a parameter separator, and finally a C{b'r'}. r��)�firsts��1;r��Nr��r��r��r��r��test_setScrollRegionJustFirst�� z7ServerProtocolOutputTests.test_setScrollRegionJustFirstc��C��r��)z� With just a value for its C{last} argument, L{ServerProtocol.setScrollRegion} writes a control sequence with a parameter separator, that parameter, and finally a C{b'r'}. r��)�lasts��;1r��Nr��r��r��r��r��test_setScrollRegionJustLast��r��z6ServerProtocolOutputTests.test_setScrollRegionJustLastc��C��s0��\|�j�jddd��\|��\|�j��\|�jd�d��dS�)z� When given both C{first} and C{last} L{ServerProtocol.setScrollRegion} writes a control sequence with the first parameter, a parameter separator, the last parameter, and finally a C{b'r'}. r��r��)r��r��s��1;2r��Nr��r��r��r��r�� test_setScrollRegionFirstAndLast��s�� z:ServerProtocolOutputTests.test_setScrollRegionFirstAndLastc��C��rr��)z� L{ServerProtocol.reportCursorPosition} writes a control sequence ending in L{CSFinalByte.DSR} with a parameter of 6 (the Device Status Report returns the current active position.) r��N)rI��r4��r��r��r5��r��r<��ri��r��r��r��r��test_reportCursorPosition��s�� z3ServerProtocolOutputTests.test_reportCursorPositionN)&r��r��r��r6��r.��rZ��r��r��rM��rP��rR��rS��rU��rX��r[��r\��r^��rb��rg��rh��ri��rj��rm��ro��rp��rs��ru��rw��rx��ry��r{��r}��r��r��r��r��r��r��r��r��r��r��rG��y��sF�� rG��)3�textwrap�typingr��r��twisted.conch.insults.insultsr��r��r��r��r��r ��r ��r��r��r ��r��r��r��twisted.internet.protocolr��twisted.python.compatr��twisted.python.constantsr��r��twisted.test.proto_helpersr�� twisted.trialr��r��r!��r%��r(��objectr��r.��r;��dedentr<��rl��r��r��r��r��TestCaser��r��r��r��r��rG��r��r��r��r��<module>��s��<��%��""#��test/__pycache__/test_knownhosts.cpython-310.pyc��0000644��00000133464�15027667726�0015745 0��ustar�00��o ��bY��@��sB��d�Z�ddlZddlmZmZmZ�ddlmZ�ddl m Z �ddlmZm Z mZ�ddlmZ�ddlmZ�dd lmZ�dd lmZ�ddlmZ�ddlmZ�dd lmZ�ed�r{ed�r{ddlmZ�ddlm Z m!Z!m"Z"m#Z#m$Z$�ddl%m&Z&m'Z'�ddl(m)Z)�ndZdZ+dZ,dZ-dZ.ee+�Z/ee,�Z0ee-�Z1ee.�Z2de+�d�Z3de,�d�Z4de+�d�Z5de+�d�Z6G�dd��d�Z7G�d d!��d!e7e�Z8G�d"d#��d#e8�Z9G�d$d%��d%e7ee�Z:G�d&d'��d'e:�Z;G�d(d)��d)ee7�Z<G�dd+��d+e�Z=G�d,d-��d-e�Z>G�d.d/��d/�Z?G�d0d1��d1e�Z@G�d2d3��d3�ZAG�d4d5��d5�ZBeed6��C��d7�G�d8d9��d9e��ZDdS�):z/ Tests for L{twisted.conch.client.knownhosts}. ��N)�Error� a2b_base64� b2a_base64)�skipIf)�verifyObject)�HostKeyChanged�InvalidEntry�UserRejectedKey)�IKnownHostEntry)�Deferred)� networkString)�FilePath)� requireModule)�ComparisonTestsMixin)�TestCase�cryptography�pyasn1)�default)� ConsoleUI�HashedEntry�KnownHostsFile� PlainEntry� UnparsedEntry)�BadKeyError�Key)�keydataz>cryptography and PyASN1 required for twisted.conch.knownhosts.st��AAAAB3NzaC1yc2EAAAABIwAAAQEAsV0VMRbGmzhqxxayLRHmvnFvtyNqgbNKV46dU1bVFB+3ytNvue4Riqv/SVkPRNwMb7eWH29SviXaBxUhYyzKkDoNUq3rTNnH1Vnif6d6X4JCrUb5d3W+DmYClyJrZ5HgD/hUpdSkTRqdbQ2TrvSAxRacj+vHHT4F4dm1bJSewm3B2D8HVOoi/CbVh3dsIiCdp8VltdZx4qYVfYe2LwVINCbAa3d3tj9ma7RVfw3OH2Mfb+toLd1N5tBQFb7oqTt2nC6I/6Bd4JwPUld+IEitw/suElq/AIJVQXXujeyiZlea90HE65U2mF1ytr17HTAIT2ySokJWyuBANGACk6iIaw==s��AAAAB3NzaC1yc2EAAAABIwAAAIEAwaeCZd3UCuPXhX39+/p9qO028jTF76DMVd9mPvYVDVXufWckKZauF7+0b7qm+ChT7kan6BzRVo4++gCVNfAlMzLysSt3ylmOR48tFpAfygg9UCX3DjHz0ElOOUKh3iifc9aUShD0OPaK3pR5JJ8jfiBfzSYWt/hDi/iZ4igsSs8=st��AAAAB3NzaC1yc2EAAAABIwAAAQEAl/TQakPkePlnwCBRPitIVUTg6Z8VzN1en+DGkyo/evkmLw7o4NWR5qbysk9A9jXW332nxnEuAnbcCam9SHe1su1liVfyIK0+3bdn0YRB0sXIbNEtMs2LtCho/aV3cXPS+Cf1yut3wvIpaRnAzXxuKPCTXQ7/y0IXa8TwkRBH58OJa3RqfQ/NsSp5SAfdsrHyH2aitiVKm2jfbTKzSEqOQG/zq4J9GXTkq61gZugory/Tvl5/yPgSnOR6C9jVOMHf27ZPoRtyj9SY343Hd2QHiIE0KPZJEgCynKeWoKz8v6eTSK8n4rBnaqWdp8MnGZK1WGy05MguXbyCDuTC8AmJXQ==s��AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIFwh3/zBANyPPIE60SMMfdKMYo3OvfvzGLZphzuKrzSt0q4uF+/iYqtYiHhryAwU/fDWlUQ9kck9f+IlpsNtY4=s��www.twistedmatrix.com ssh-rsa �� s��divmod.com ssh-rsa s-��www.twistedmatrix.com,198.49.126.131 ssh-rsa sE��\|1\|gJbSEPBG9ZSBoZpHNtZBD1bHKBA=\|bQv+0Xa0dByrwkA1EB0E7Xop/Fo= ssh-rsa c��@��0��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd S�)�EntryTestsMixina<�� Tests for implementations of L{IKnownHostEntry}. Subclasses must set the 'entry' attribute to a provider of that interface, the implementation of that interface under test. @ivar entry: a provider of L{IKnownHostEntry} with a hostname of www.twistedmatrix.com and an RSA key of sampleKey. c��C��s��t�t\|�j��dS�)zA The given entry should provide IKnownHostEntry. N)r��r ��entry��self��r"��D/usr/lib/python3/dist-packages/twisted/conch/test/test_knownhosts.py�test_providesInterfaceb��z&EntryTestsMixin.test_providesInterfacec��C��s,��\|�j�}\|��\|jt�t��\|��\|jd��dS�)a�� Constructing a plain text entry from an unhashed known_hosts entry will result in an L{IKnownHostEntry} provider with 'keyString', 'hostname', and 'keyType' attributes. While outside the interface in question, these attributes are held in common by L{PlainEntry} and L{HashedEntry} implementations; other implementations should override this method in subclasses. ��ssh-rsaN)r��assertEqual� publicKeyr�� fromString� sampleKey�keyType)r!��r��r"��r"��r#��test_fromStringh��s�� zEntryTestsMixin.test_fromStringc��C��s@��t��t�}t��t�}\|��d\|�j�\|��\|��d\|�j�\|��dS�)zj L{IKnownHostEntry.matchesKey} checks to see if an entry matches a given SSH key. TFN)r��r)��r��otherSampleKeyr'��r�� matchesKey)r!��twistedmatrixDotCom�divmodDotComr"��r"��r#��test_matchesKeyu��s�� zEntryTestsMixin.test_matchesKeyc��C��s(��\|��\|�j�d��\|��\|�j�d��dS�)zl L{IKnownHostEntry.matchesHost} checks to see if an entry matches a given hostname. ��www.twistedmatrix.coms��www.divmod.comN)� assertTruer��matchesHost�assertFalser ��r"��r"��r#��test_matchesHost��s��z EntryTestsMixin.test_matchesHostN)�__name__� __module__�__qualname__�__doc__r$��r,��r1��r6��r"��r"��r"��r#��r��X��s�� r��c��@��s0��e�Zd�ZdZeZeZdd��Zdd��Z dd��Z dS�) �PlainEntryTestsz' Test cases for L{PlainEntry}. c��C��t��\|�j�\|�_dS�)zU Set 'entry' to a sample plain-text entry with sampleKey as its key. N)r��r)�� plaintextLiner��r ��r"��r"��r#��setUp��s��zPlainEntryTests.setUpc��C��s,��t��\|�j�\|�_\|��\|�j�d��\|��dS�)zU A "hostname,ip" formatted line will match both the host and the IP. s��198.49.126.131N)r��r)�� hostIPLiner��r3��r4��r6��r ��r"��r"��r#��test_matchesHostIP��s��z"PlainEntryTests.test_matchesHostIPc��C��sB��\|��\|�j��\|�j�d��t�\|�j�}\|��\|��\|�j�d��dS�)z\| L{PlainEntry.toString} generates the serialized OpenSSL format string for the entry, sans newline. r��N)r'��r��toStringr=��rstripr��r)��r?��)r!��multiHostEntryr"��r"��r#�� test_toString��s��zPlainEntryTests.test_toStringN)r7��r8��r9��r:��samplePlaintextLiner=��sampleHostIPLiner?��r>��r@��rD��r"��r"��r"��r#��r;��s��r;��c��@��s0��e�Zd�ZdZedd��d�Zedd��d�ZdS�)�PlainTextWithCommentTests�N Test cases for L{PlainEntry} when parsed from a line with a comment. N�� plain text comment. s�� text following host/IP line )r7��r8��r9��r:��rE��r=��rF��r?��r"��r"��r"��r#��rG��s��rG��c��@��s,��e�Zd�ZdZeZdd��Zdd��Zdd��ZdS�) �HashedEntryTestsaF�� Tests for L{HashedEntry}. This suite doesn't include any tests for host/IP pairs because hashed entries store IP addresses the same way as hostnames and does not support comma-separated lists. (If you hash the IP and host together you can't tell if you've got the key already for one or the other.) c��C��r<��)zo Set 'entry' to a sample hashed entry for twistedmatrix.com with sampleKey as its key. N)r��r)�� hashedLiner��r ��r"��r"��r#��r>��s��zHashedEntryTests.setUpc��C��s��\|��\|�j��\|�j�d��dS�)z� L{HashedEntry.toString} generates the serialized OpenSSL format string for the entry, sans the newline. r��N)r'��r��rA��rL��rB��r ��r"��r"��r#��rD��s��zHashedEntryTests.test_toStringc�� C��s��d}d}t��t�}t\|��}d}t\|\|\|\|\|�}t\|\|\|\|\|�}\|��\|\|t\|ddd��\|\|\|\|��\|��\|\|t\|\|ddd��\|\|\|��\|��\|\|t\|\|\|ddd��\|\|��\|��\|\|t\|\|\|t��t�\|��\|��\|\|t\|\|\|\|\|ddd��dS�)z� Two L{HashedEntry} instances compare equal if and only if they represent the same host and key in exactly the same way: the host salt, host hash, public key type, public key, and comment fields must all be equal. s��gJbSEPBG9ZSBoZpHNtZBD1bHKBAs��bQv+0Xa0dByrwkA1EB0E7Xop/Fos��hello, worldNrI��)r��r)��r��r��typer��"assertNormalEqualityImplementationr-��)r!��hostSalt�hostHashr(��r+��commentr�� duplicater"��r"��r#�� test_equality��sD�� zHashedEntryTests.test_equalityN) r7��r8��r9��r:��sampleHashedLinerL��r>��rD��rS��r"��r"��r"��r#��rK��s�� rK��c��@��s ��e�Zd�ZdZedd��d�ZdS�)�HashedEntryWithCommentTestsrH��NrI��rJ��)r7��r8��r9��r:��rT��rL��r"��r"��r"��r#��rU��s��rU��c��@��s8��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��ZdS�) �UnparsedEntryTestsz$ Tests for L{UnparsedEntry} c��C��s��t�d�\|�_dS�)zR Set up the 'entry' to be an unparsed entry for some random text. �� This is a bogus entry. N)r��r��r ��r"��r"��r#��r>�� s��zUnparsedEntryTests.setUpc��C��s��\|��d\|�jj��dS�)ze Creating an L{UnparsedEntry} should simply record the string it was passed. rW��N)r'��r��_stringr ��r"��r"��r#��r,��z"UnparsedEntryTests.test_fromStringc��C��s��\|��\|�j�d��dS�)z: An unparsed entry can't match any hosts. r2��N)r5��r��r4��r ��r"��r"��r#��r6��s��z#UnparsedEntryTests.test_matchesHostc��C��s��\|��\|�j�t�t��dS�)z9 An unparsed entry can't match any keys. N)r5��r��r.��r��r)��r��r ��r"��r"��r#��r1�� s��z"UnparsedEntryTests.test_matchesKeyc��C��s��\|��d\|�j��dS�)zd L{UnparsedEntry.toString} returns its input string, sans trailing newline. s�� This is a bogus entry. N)r'��r��rA��r ��r"��r"��r#��rD��&��s��z UnparsedEntryTests.test_toStringN) r7��r8��r9��r:��r>��r,��r6��r1��rD��r"��r"��r"��r#��rV��s��rV��c��@��X��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zdd��ZdS�)�ParseErrorTestsa�� L{HashedEntry.fromString} and L{PlainEntry.fromString} can raise a variety of errors depending on misformattings of certain strings. These tests make sure those errors are caught. Since many of the ways that this can go wrong are in the lower-level APIs being invoked by the parsing logic, several of these are integration tests with the C{base64} and L{twisted.conch.ssh.keys} modules. c��C��\|��t\|jd��dS�)zm If there are fewer than three elements, C{fromString} should raise L{InvalidEntry}. s��invalidN)�assertRaisesr��r)��r!��clsr"��r"��r#��invalidEntryTest8��rY��z ParseErrorTests.invalidEntryTestc��C��r\��)zX If the key is not base64, C{fromString} should raise L{BinasciiError}. s��x x xN)r]�� BinasciiErrorr)��r^��r"��r"��r#�� notBase64Test?��s��zParseErrorTests.notBase64Testc�� C��s(��\|��t\|jd�\|dtd��g��dS�)z� If the key portion of the entry is valid base64, but is not actually an SSH key, C{fromString} should raise L{BadKeyError}. �� r&��s��Hey, this isn't an SSH key!N)r]��r��r)��joinr��strip)r!��r_��prefixr"��r"��r#�� badKeyTestE��s��zParseErrorTests.badKeyTestc��C��\|��t��dS�)z� If there are fewer than three whitespace-separated elements in an entry, L{PlainEntry.fromString} should raise L{InvalidEntry}. N)r`��r��r ��r"��r"��r#��test_invalidPlainEntryR��z&ParseErrorTests.test_invalidPlainEntryc�� C��s<��\|��t��t��\}}}\|��ttjd�\|d�\|\|g��dS�)z� If there are fewer than three whitespace-separated elements in an entry, or the hostname salt/hash portion has more than two elements, L{HashedEntry.fromString} should raise L{InvalidEntry}. rc��s��\|\|N)r`��r��rT��splitr]��r��r)��rd��r!��a�b�cr"��r"��r#��test_invalidHashedEntryY��s �� z'ParseErrorTests.test_invalidHashedEntryc��C��rh��)z� If the key portion of a plain entry is not decodable as base64, C{fromString} should raise L{BinasciiError}. N)rb��r��r ��r"��r"��r#��test_plainNotBase64e��rj��z#ParseErrorTests.test_plainNotBase64c�� C��s��\|��t��t��\}}}\|��ttjd�dtd�� \|\|g��\|��ttjd�tj td�� d�\|\|g��\|��ttjd�d\|\|g��dS�)z� If the key, host salt, or host hash portion of a hashed entry is not encoded, it will raise L{BinasciiError}. rc��s��\|1\|x\|��stuffs��\|xs��\|1\|x\|xN)rb��r��rT��rk��r]��ra��r)��rd��r��re��MAGICrl��r"��r"��r#��test_hashedNotBase64l��s�� z$ParseErrorTests.test_hashedNotBase64c��C��s��t��\}}}\|��t\|��dS�)z� If the key portion of the entry is valid base64, but is not actually an SSH key, C{HashedEntry.fromString} should raise L{BadKeyError}. N)rT��rk��rg��r��rl��r"��r"��r#��test_hashedBadKey��s��z!ParseErrorTests.test_hashedBadKeyc��C��s��\|��td��dS�)z� If the key portion of the entry is valid base64, but is not actually an SSH key, C{PlainEntry.fromString} should raise L{BadKeyError}. s��hostnameN)rg��r��r ��r"��r"��r#��test_plainBadKey��s��z ParseErrorTests.test_plainBadKeyN) r7��r8��r9��r:��r`��rb��rg��ri��rp��rq��rt��ru��rv��r"��r"��r"��r#��r[��.��s�� r[��c��@��s<��e�Zd�ZdZdd��Zee�d�fdd�Zdd��Zd d ��Z dd��Z d d��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd ��Zd!d"��Zd#d$��Zd%d&��Zd'd(��Zd)d��Zd+d,��Zd-d.��Zd/d0��Zd1d2��Zd3d4��Zd5d6��Zd7d8��Z d9d:��Z!d;d<��Z"d=d>��Z#d?d@��Z$dAdB��Z%dCdD��Z&dEdF��Z'dGdH��Z(dIdJ��Z)dKS�)L�KnownHostsDatabaseTestsz& Tests for L{KnownHostsFile}. c��C��s��t�\|��}\|�\|��\|S�)zC Return a FilePath with the given initial content. )r ��mktemp� setContent)r!��content�fpr"��r"��r#��pathWithContent��s�� z'KnownHostsDatabaseTests.pathWithContentsN�� # That was a blank line. This is just unparseable. \|1\|This also unparseable. c��C��s��t��\|��\|��S�)zq Return a sample hosts file, with keys for www.twistedmatrix.com and divmod.com present. )r��fromPathr\|��)r!��rz��r"��r"��r#��loadSampleHostsFile��s��z+KnownHostsDatabaseTests.loadSampleHostsFilec��C��sD��t�\|��}t�\|��}t\|�}\|��tt\|d\|��\|��\|\|j��dS�)z� L{KnownHostsFile.savePath} is read-only; if an assignment is made to it, L{AttributeError} is raised and the value is unchanged. �savePathN)r ��rx��r��r]��AttributeError�setattrr'��r��)r!��path�new� hostsFiler"��r"��r#��test_readOnlySavePath��s ��z-KnownHostsDatabaseTests.test_readOnlySavePathc��C��s&��t�\|��t��}\|��g�t\|��dS�)zz The default initializer for L{KnownHostsFile} disregards any existing contents in the save path. N)r��r\|��rT��r'��list�iterentries�r!��r��r"��r"��r#��&test_defaultInitializerIgnoresExisting��s��z>KnownHostsDatabaseTests.test_defaultInitializerIgnoresExistingc��C��s^��\|��t�}t\|�}\|�dt�t��}\|��\|��\|gt \|� ��\|��\|��d�\|��dS�)z� After using the default initializer for L{KnownHostsFile}, the first use of L{KnownHostsFile.save} overwrites any existing contents in the save path. ��www.example.comr��N) r\|��rT��r�� addHostKeyr��r)��r-��saver'��r��r��rA�� getContent)r!��r��r��r��r"��r"��r#��'test_defaultInitializerClobbersExisting��s�� z?KnownHostsDatabaseTests.test_defaultInitializerClobbersExistingc��C��s^��t�\|��t��}\|�dt�t��}\|��\|�dt�t��}\|��\|�� \|\|gt \|��dS�)z� After L{KnownHostsFile.save} is used once with an instance initialized by the default initializer, contents of the save path are respected and preserved. r��s��another.example.comN)r��r\|��rT��r��r��r)��r-��r��thirdSampleKeyr'��r��r��)r!��r��preSave�postSaver"��r"��r#��test_saveResetsClobberState��s�� z3KnownHostsDatabaseTests.test_saveResetsClobberStatec��C��s$��\|��}\|��dtt\|��dS�)z� Loading a L{KnownHostsFile} from a path with six entries in it will result in a L{KnownHostsFile} object with six L{IKnownHostEntry} providers in it. ��N)r~��r'��lenr��r��r��r"��r"��r#��test_loadFromPath��s��z)KnownHostsDatabaseTests.test_loadFromPathc��C��s>��t�t\|��}\|�dt�t��\|��dtt \|� ��dS�)z� If the save path for a L{KnownHostsFile} does not exist, L{KnownHostsFile.iterentries} still returns added but unsaved entries. r��N)r��r ��rx��r��r��r)��r��r'��r��r��r��r��r"��r"��r#��test_iterentriesUnsaved��s��z/KnownHostsDatabaseTests.test_iterentriesUnsavedc��C��N��\|��t�}t\|��}\|��\|d�t��\|��\|d��d��\|��dt \|��dS�)z� Loading a L{KnownHostsFile} from a path containing a single valid L{HashedEntry} entry will result in a L{KnownHostsFile} object with one L{IKnownHostEntry} provider. r��r2��r��N) r~��rT��r��r��assertIsInstancer��r3��r4��r'��r��r!��r��entriesr"��r"��r#��test_verifyHashedEntry�� z.KnownHostsDatabaseTests.test_verifyHashedEntryc��C��r��)z� Loading a L{KnownHostsFile} from a path containing a single valid L{PlainEntry} entry will result in a L{KnownHostsFile} object with one L{IKnownHostEntry} provider. r�� divmod.comr��N) r~��otherSamplePlaintextLiner��r��r��r��r3��r4��r'��r��r��r"��r"��r#��test_verifyPlainEntry��r��z-KnownHostsDatabaseTests.test_verifyPlainEntryc��C��N��\|��d�}t\|��}\|��\|d�t��\|��\|d��d��\|��dt\|��dS�)z� Loading a L{KnownHostsFile} from a path that only contains ' ' will result in a L{KnownHostsFile} object containing a L{UnparsedEntry} object. r��r��r��N�r~��r��r��r��r��r'��rA��r��r��r"��r"��r#��test_verifyUnparsedEntry��r��z0KnownHostsDatabaseTests.test_verifyUnparsedEntryc��C��s>��\|��d�}t\|��}\|��\|d�t��\|��\|d��d��dS�)z� Loading a L{KnownHostsFile} from a path that contains a comment will result in a L{KnownHostsFile} object containing a L{UnparsedEntry} object. s��# That was a blank line. r��s��# That was a blank line.N)r~��r��r��r��r��r'��rA��r��r"��r"��r#��test_verifyUnparsedComment��s�� z2KnownHostsDatabaseTests.test_verifyUnparsedCommentc��C��r��)z� Loading a L{KnownHostsFile} from a path that contains an unparseable line will be represented as an L{UnparsedEntry} instance. s��This is just unparseable. r��s��This is just unparseable.r��Nr��r��r"��r"��r#��test_verifyUnparsableLine&��s �� z1KnownHostsDatabaseTests.test_verifyUnparsableLinec��C��r��)z� Loading a L{KnownHostsFile} from a path containing an unparseable line that starts with an encryption marker will be represented as an L{UnparsedEntry} instance. s��\|1\|This is unparseable. r��s��\|1\|This is unparseable.r��Nr��r��r"��r"��r#��%test_verifyUnparsableEncryptionMarker1��r��z=KnownHostsDatabaseTests.test_verifyUnparsableEncryptionMarkerc��C��s^��\|��}t�t\|��}t\|��}\|��g�\|��\|��t\|��\|� ��\|�� t\|��dS�)z� Loading a L{KnownHostsFile} from a path that does not exist should result in an empty L{KnownHostsFile} that will save back to that path. N)rx��r��r}��r ��r��r��r'��r5��existsr��r3��)r!��pn�knownHostsFiler��r"��r"��r#��test_loadNonExistent=��s��z,KnownHostsDatabaseTests.test_loadNonExistentc��C��sJ��t�\|��}\|�d��d�}t�\|�}\|��\|�d��\|��\|��dS�)z� Loading a L{KnownHostsFile} from a path whose parent directory does not exist should result in an empty L{KnownHostsFile} that will save back to that path, creating its parent directory(ies) in the process. �foos��known_hostsFN) r ��rx��childr��r}��r��restatr3��r��)r!��thePath�knownHostsPathr��r"��r"��r#��test_loadNonExistentParentJ��s�� z2KnownHostsDatabaseTests.test_loadNonExistentParentc��C��s��\|��tt��}t�\|�}\|�dt�t��}tt�t j �t\|j�� d�t\|j�� d�t�d�}\|��d\|�d��\|��\|��\|\|��dS�)zq L{KnownHostsFile.save} will write out a new file with any entries that have been added. ��some.example.com��\|s �� ssh-rsa r��N)r\|��rT��r��r��r}��r��r��r)��r��r��rs��r�� _hostSaltre�� _hostHash�thirdSampleEncodedKeyr'��countr��r��)r!��r��r��newEntry�expectedContentr"��r"��r#��test_savingAddsEntryW��s4�� z,KnownHostsDatabaseTests.test_savingAddsEntryc��C��sZ��t�\|��}t\|�}\|�dt�t��}\|��\|��t�\|�}\|�� \|gt \|��dS�)z� L{KnownHostsFile.save} only writes new entries to the save path, not entries which were added and already written by a previous call to C{save}. r��N)r ��rx��r��r��r��r)��r��r��r}��r'��r��r��)r!��r�� knownHostsr��r"��r"��r#��test_savingAvoidsDuplications��s�� z4KnownHostsDatabaseTests.test_savingAvoidsDuplicationc�� C��s��\|��t�}t�\|�}\|�d�� }\|�t��W�d��n1�sw��Y��t�t �}\|� d\|��\|��t�\|�}\|��g�d�\|� dt�t��\|� dt�t��\|� d\|�g��dS�)z� L{KnownHostsFile.save} will not overwrite existing entries in its save path, even if they were only added after the L{KnownHostsFile} instance was initialized. rm��N��brandnew.example.com)TTTr2��r��)r\|��rT��r��r}��open�writer��r��r)��r��r��r��r'�� hasHostKeyr��r-��)r!��r��r��hostsFileObj�keyr"��r"��r#��test_savingsPreservesExisting��s$�� z5KnownHostsDatabaseTests.test_savingsPreservesExistingc��C��s$��\|��}\|��\|�dt�t��dS�)z� L{KnownHostsFile.hasHostKey} returns C{True} when a key for the given hostname is present and matches the expected key. r2��N)r~��r3��r��r��r)��r��r��r"��r"��r#��test_hasPresentKey��s��zKnownHostsDatabaseTests.test_hasPresentKeyc��C��sT��\|��}\|��\|�dt�t��\|��\|�dt�t��\|��\|�dt�t��dS�)zy L{KnownHostsFile.hasHostKey} returns C{False} when a key for the given hostname is not present. s��non-existent.example.comr2��N)r~��r5��r��r��r)��r��r3��ecdsaSampleKeyr��r"��r"��r#��test_notPresentKey��s�� zKnownHostsDatabaseTests.test_notPresentKeyc��C��s\|��t��t�}tdg\|��\|d�}\|��}\|j�d��}\|�\|� ��d��W�d��n1�s-w��Y��\|�� d\|�d\|��dS�)z� L{KnownHostsFile.hasHostKey} returns C{True} when a key for the given hostname is present in the file, even if it is only added to the file after the L{KnownHostsFile} instance is initialized. r��r��rm��r��NT)r��r)��r��r��sshTyper~��r��r��r��rA��r'��r��)r!��r��r��r��r��r"��r"��r#��test_hasLaterAddedKey��s�� z-KnownHostsDatabaseTests.test_hasLaterAddedKeyc��C��s`��\|��}t\|��}\|��t\|jdt�t��}\|�� \|j \|d��\|�� \|jd��\|�� \|j\|j ��dS�)a�� L{KnownHostsFile.hasHostKey} raises L{HostKeyChanged} if the host key is present in the underlying file, but different from the expected one. The resulting exception should have an C{offendingEntry} indicating the given entry. r2��r��r��N)r~��r��r��r]��r��r��r��r)��r-��r'��offendingEntry�linenor��r��)r!��r��r�� exceptionr"��r"��r#��test_savedEntryHasKeyMismatch��s��z5KnownHostsDatabaseTests.test_savedEntryHasKeyMismatchc��C��sT��\|��}\|�dt�t��\|��t\|jdt�t��}\|��\|j d��\|��\|j \|j��dS�)ai�� Even after a new entry has been added in memory but not yet saved, the L{HostKeyChanged} exception raised by L{KnownHostsFile.hasHostKey} has a C{lineno} attribute which indicates the 1-based line number of the offending entry in the underlying file when the given host key does not match the expected host key. r��r2��r��N)r~��r��r��r)��r-��r]��r��r��r'��r��r��r��)r!��r��r��r"��r"��r#��%test_savedEntryAfterAddHasKeyMismatch��s��z=KnownHostsDatabaseTests.test_savedEntryAfterAddHasKeyMismatchc��C��sd��t�t\|��}\|�dt�t��}\|��t\|j dt�t ��}\|��\|j\|��\|�� \|j��\|�� \|j��dS�)az�� L{KnownHostsFile.hasHostKey} raises L{HostKeyChanged} if the host key is present in memory (but not yet saved), but different from the expected one. The resulting exception has a C{offendingEntry} indicating the given entry, but no filename or line number information (reflecting the fact that the entry exists only in memory). r��N)r��r ��rx��r��r��r)��r-��r]��r��r��r��r'��r��assertIsNoner��r��)r!��r��r��r��r"��r"��r#��test_unsavedEntryHasKeyMismatch��s��z7KnownHostsDatabaseTests.test_unsavedEntryHasKeyMismatchc��C��s��\|��}t�t�}\|��d\|�d\|��\|�d\|�}\|��dt\|j��\|��d\|� d��\|��\|j d��\|��\|\|j��\|��d\|�d\|��dS�)zr L{KnownHostsFile.addHostKey} adds a new L{HashedEntry} to the host file, and returns it. F��somewhere.example.com��Tr&��N)r~��r��r)��r��r'��r��r��r��r��r4��r+��r(��)r!��r��aKeyr��r"��r"��r#��test_addHostKey��s�� z'KnownHostsDatabaseTests.test_addHostKeyc��C��s6��\|��}t�t�}\|��\|�d\|�j\|�d\|�j��dS�)z� L{KnownHostsFile.addHostKey} generates a random salt for each new key, so subsequent salts will be different. r��s��somewhere-else.example.comN)r~��r��r)��r��assertNotEqualr��r��)r!��r��r��r"��r"��r#��test_randomSalts��s�� z(KnownHostsDatabaseTests.test_randomSaltsc��C��sX��\|��}\|�dt�t��t��}\|�\|ddt�t��}g�}\|�\|j��\|�� \|dg��dS�)zb Verifying a valid key should return a L{Deferred} which fires with True. ��1.2.3.4r2��TN) r~��r��r��r)��r��FakeUI� verifyHostKey�addCallback�appendr'��)r!��r��ui�d�lr"��r"��r#��test_verifyValidKey%��s��z+KnownHostsDatabaseTests.test_verifyValidKeyc��C��sF��\|��}t�t�}t��}\|�dt�t��\|�\|dd\|�}\|��\|t �S�)z\| Verifying an invalid key should return a L{Deferred} which fires with a L{HostKeyChanged} failure. r��r2��) r~��r��r)��r��r��r��r��r�� assertFailurer��r!��r��wrongKeyr��r��r"��r"��r#��test_verifyInvalidKey4��s�� z-KnownHostsDatabaseTests.test_verifyInvalidKeyc��C��s\��\|��}t�t�}t��}g�}\|�\|dd\|�}\|�\|j��\|��g�\|��\|��\|j d��\|\|\|fS�)a�� Set up a test to verify a key that isn't present. Return a 3-tuple of the UI, a list set up to collect the result of the verifyHostKey call, and the sample L{KnownHostsFile} being used. This utility method avoids returning a L{Deferred}, and records results in the returned list instead, because the events which get generated here are pre-recorded in the 'ui' object. If the L{Deferred} in question does not fire, the it will fail quickly with an empty list. ��sample-host.example.com��4.3.2.1s��The authenticity of host 'sample-host.example.com (4.3.2.1)' can't be established. RSA key fingerprint is SHA256:mS7mDBGhewdzJkaKRkx+wMjUdZb/GzvgcdoYjX5Js9I=. Are you sure you want to continue connecting (yes/no)? ) r~��r��r)��r��r��r��addBothr��r'�� promptText)r!��r�� absentKeyr��r��r��r"��r"��r#��verifyNonPresentKey@��s�� z+KnownHostsDatabaseTests.verifyNonPresentKeyc�� C��sl��\|��\}}}\|j�d��\|��dg\|��t�\|j�}\|��d\|�dt� t ��\|��d\|�dt� t ��dS�)z� Verifying a key where neither the hostname nor the IP are present should result in the UI being prompted with a message explaining as much. If the UI says yes, the Deferred should fire with True. Tr��r��N)r��promptDeferred�callbackr'��r��r}��r��r��r��r)��r��)r!��r��r��r��reloadedr"��r"��r#��test_verifyNonPresentKey_Yes^��s�� z4KnownHostsDatabaseTests.test_verifyNonPresentKey_Yesc��C��s,��\|��\}}}\|j�d��\|d��t��dS�)z� Verifying a key where neither the hostname nor the IP are present should result in the UI being prompted with a message explaining as much. If the UI says no, the Deferred should fail with UserRejectedKey. Fr��N)r��r��r��trapr ��)r!��r��r��r��r"��r"��r#��test_verifyNonPresentKey_Nor��s��z3KnownHostsDatabaseTests.test_verifyNonPresentKey_Noc��C��sv��t�jtjd�tjd�tjd�tjd�d�}\|��}t��}g�}\|�\|dd\|�}\|�\|j��\|�� g�\|��\|�� \|j d��d S�) z� Set up a test to verify an ECDSA key that isn't present. Return a 3-tuple of the UI, a list set up to collect the result of the verifyHostKey call, and the sample L{KnownHostsFile} being used. �x�y�privateValue�curve)r��r��r��r��r��r��s��The authenticity of host 'sample-host.example.com (4.3.2.1)' can't be established. ECDSA key fingerprint is SHA256:fJnSpgCcYoYYsaBbnWj1YBghGh/QTDgfe4w4U5M5tEo=. Are you sure you want to continue connecting (yes/no)? N)r��_fromECComponentsr��ECDatanistp256r~��r��r��r��r��r'��r��)r!��ecObjr��r��r��r��r"��r"��r#��test_verifyNonPresentECKey}��s ��z2KnownHostsDatabaseTests.test_verifyNonPresentECKeyc��C��s4��\|��}t�t�}t��}\|�\|dd\|�}\|��\|t�S�)z� Verifying a key where the host is present (and correct), but the IP is present and different, should result the deferred firing in a HostKeyChanged failure. r2��r��)r~��r��r)��r��r��r��r��r��r��r"��r"��r#��test_verifyHostIPMismatch��s �� z1KnownHostsDatabaseTests.test_verifyHostIPMismatchc��C��sX��t��}\|��}t�t�}\|�\|dd\|��\|��dt�\|j �� d\|��\|��dg\|j��dS�)z� Verifying a key where the hostname is present but the IP is not should result in the key being added for the IP and the user being warned about the change. r2��s��5.4.3.2Tz`Warning: Permanently added the RSA host key for IP address '5.4.3.2' to the list of known hosts.N)r��r~��r��r)��r��r��r'��r��r}��r��r��userWarnings)r!��r��r��expectedKeyr"��r"��r#��test_verifyKeyForHostAndIP��s�� z2KnownHostsDatabaseTests.test_verifyKeyForHostAndIPc��C��sh��\|��}\|�dt�t��\|�dt�t��\|��i�}\|jj\|d<�t � d\|�}ddg}\|��\|\|��dS�)zn For a given host, get the host key algorithms for that host in the known_hosts file. r2��known-hostsr&��s��ecdsa-sha2-nistp256N)r~��r��r��r)��r-��r��r��r��r��r��getHostKeyAlgorithmsr'��)r!��r��options� algorithms�expectedAlgorithmsr"��r"��r#��test_getHostKeyAlgorithms��s��z1KnownHostsDatabaseTests.test_getHostKeyAlgorithmsN)r7��r8��r9��r:��r\|��rT��r��r~��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r"��r"��r"��r#��rw��sV�� ! rw��c��@��r��)�FakeFilez[ A fake file-like object that acts enough like a file for L{ConsoleUI.prompt}. c��C��s��g�\|�_�g�\|�_d\|�_d�S�)NF)�inlines� outchunks�closedr ��r"��r"��r#��__init__�� zFakeFile.__init__c��C��s��\|�j��d�S�)z8 Return a line from the 'inlines' list. r��)r��popr ��r"��r"��r#��readline��s��zFakeFile.readlinec��C��s��\|�j�rtd��\|�j�\|��dS�)z@ Append the given item to the 'outchunks' list. zthe file was closedN)r��OSErrorr��r��)r!��chunkr"��r"��r#��r��s��zFakeFile.writec��C��s ��d\|�_�dS�)zd Set the 'closed' flag to True, explicitly marking that it has been closed. TN)r��r ��r"��r"��r#��close��s�� zFakeFile.closeN)r7��r8��r9��r:��r��r ��r��r��r"��r"��r"��r#��r��s��r��c��@��rZ��)�ConsoleUITestsz& Test cases for L{ConsoleUI}. c��C��s��t��\|�_t\|�j�\|�_dS�)zA Create a L{ConsoleUI} pointed at a L{FakeFile}. N)r��fakeFiler��openFiler��r ��r"��r"��r#��r>��s��zConsoleUITests.setUpc��C��s��\|�j�S�)z/ Return the current fake file. )r��r ��r"��r"��r#��r��s��zConsoleUITests.openFilec��C��s��t��\|�_\|\|�j_dS�)z� Create a new fake file (the next file that self.ui will open) with the given list of lines to be returned from readline(). N)r��r��r��)r!��linesr"��r"��r#��newFile��s��zConsoleUITests.newFilec��C��`��dD�]+}\|��\|g��g�}\|�j�d��\|j��\|��dg\|�jj��\|��dg\|��\|��\|�jj ��qdS�)z� L{ConsoleUI.prompt} writes a message to the console, then reads a line. If that line is 'yes', then it returns a L{Deferred} that fires with True. )��yess��Yess��yes z Hello, world!TN� r��r��promptr��r��r'��r��r��r3��r��)r!��okYesr��r"��r"��r#��test_promptYes��zConsoleUITests.test_promptYesc��C��r��)z� L{ConsoleUI.prompt} writes a message to the console, then reads a line. If that line is 'no', then it returns a L{Deferred} that fires with False. )��nos��Nos��no zGoodbye, world!FNr��)r!��okNor��r"��r"��r#�� test_promptNo��r��zConsoleUITests.test_promptNoc��C��s��\|��g�d��g�}\|�j�d��\|j��\|��dg\|��\|��\|�jjdgdgd��\|��\|�jj ��\|��g�d��g�}\|�j�d��\|j��\|��dg\|��\|��\|�jjdgdgd��\|��\|�jj ��d S�) a,�� L{ConsoleUI.prompt} writes a message to the console, then reads a line. If that line is neither 'yes' nor 'no', then it says "Please enter 'yes' or 'no'" until it gets a 'yes' or a 'no', at which point it returns a Deferred that answers either True or False. )s��whats��uhs��okayr��s��Please say something useful.Ts��Please type 'yes' or 'no': r��)s��blahrr��s��fehr��s��Please say something negative.FNr��r!��r��r"��r"��r#��test_promptRepeatedly$��s$��z$ConsoleUITests.test_promptRepeatedlyc��C��s&��dd��}t�\|�}\|�d�}\|��\|t�S�)z� If the C{opener} passed to L{ConsoleUI} raises an exception, that exception will fail the L{Deferred} returned from L{ConsoleUI.prompt}. c��S��s��t��N)r ��r"��r"��r"��r#��raiseItD��s��z5ConsoleUITests.test_promptOpenFailed.<locals>.raiseItzThis is a test.)r��r��r��IOError)r!��r��r��r��r"��r"��r#��test_promptOpenFailed>��s�� z$ConsoleUITests.test_promptOpenFailedc��C��s0��\|�j��d��\|��dg\|�jj��\|��\|�jj��dS�)zR L{ConsoleUI.warn} should output a message to the console object. z Test message.N)r��warnr'��r��r��r3��r��r ��r"��r"��r#�� test_warnK��s��zConsoleUITests.test_warnc��C��s4��dd��}t�\|�}\|�d��\|��t\|��t��d��dS�)zY L{ConsoleUI.warn} should log a traceback if the output can't be opened. c��S��s��dd��d�S�)Nr��r��r"��r"��r"��r"��r#��r��X��s��z3ConsoleUITests.test_warnOpenFailed.<locals>.raiseItzThis message never makes it.r��N)r��r"��r'��r��flushLoggedErrors�ZeroDivisionError)r!��r��r��r"��r"��r#��test_warnOpenFailedS��s�� z"ConsoleUITests.test_warnOpenFailedN) r7��r8��r9��r:��r>��r��r��r��r��r��r!��r#��r&��r"��r"��r"��r#��r ��s�� r ��c��@��s(��e�Zd�ZdZdd��Zdd��Zdd��ZdS�) r��a�� A fake UI object, adhering to the interface expected by L{KnownHostsFile.verifyHostKey} @ivar userWarnings: inputs provided to 'warn'. @ivar promptDeferred: last result returned from 'prompt'. @ivar promptText: the last input provided to 'prompt'. c��C��s��g�\|�_�d�\|�_d�\|�_d�S�r��)r��r��r��r ��r"��r"��r#��r��l��r��zFakeUI.__init__c��C��s��\|\|�_�t��\|�_\|�jS�)zV Issue the user an interactive prompt, which they can accept or deny. )r��r��r��r!��textr"��r"��r#��r��q��s��z FakeUI.promptc��C��s��\|�j��\|��dS�)z> Issue a non-interactive warning to the user. N)r��r��r'��r"��r"��r#��r"��y��r%��zFakeUI.warnN)r7��r8��r9��r:��r��r��r"��r"��r"��r"��r#��r��`��s ��r��c��@��s��e�Zd�ZdZdS�)� FakeObjectzw A fake object that can have some attributes. Used to fake L{SSHClientTransport} and L{SSHClientFactory}. N)r7��r8��r9��r:��r"��r"��r"��r#��r)��s��r)��/dev/ttyzPlatform lacks /dev/ttyc��@��sh��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zdd��Zdd��Z dd��ZdS�)�DefaultAPITestsz� The API in L{twisted.conch.client.default.verifyHostKey} is the integration point between the code in the rest of conch and L{KnownHostsFile}. c��K��s.��\|��\|d��\|��\|d��\|��\|d�d��\|�jS�)z The patched version of 'open'; this returns a L{FakeFile} that the instantiated L{ConsoleUI} can use. r��zr+b� bufferingr��)r'��r��)r!��fname�mode�kwargsr"��r"��r#��patchedOpen��s��zDefaultAPITests.patchedOpenc��C��s��t��\|�_\|��td\|�j��\|��\|�_i�\|�_tt \|�j��}dD�]}\|� \|t�t ��}\|\|�j\|<�q\|��t��\|�_t��\|�j_d\|�jd��\|�_\|�jj_dS�)z0 Patch 'open' in verifyHostKey. �_open)��exists.example.comr��r2��)�hostr��N)r��r��patchr��r0��rx��hostsOption� hashedEntriesr��r ��r��r��r)��r��r��r)�� fakeTransport�factoryr��)r!��r��r3��r��r"��r"��r#��r>��s�� zDefaultAPITests.setUpc��C��s0��g�}t��\|�jdtd��\|j��\|��dg\|��dS�)z� L{default.verifyHostKey} should return a L{Deferred} which fires with C{1} when passed a host, IP, and key which already match the known_hosts file it is supposed to check. r�� I don't care.r��N)r��r��r7��r��r��r��r'��r��r"��r"��r#��test_verifyOKKey��s�� z DefaultAPITests.test_verifyOKKeyc��s0��t�j�d��fdd�}\|��\|��\|t�jd<�dS�)aC�� Replace the HOME environment variable until the end of the current test, with the given new home-directory, so that L{os.path.expanduser} will yield controllable, predictable results. @param tempHome: the pathname to replace the HOME variable with. @type tempHome: L{str} �HOMEc��s"��d�u�r t�jd=�d�S��t�jd<�d�S�)Nr;��)�os�environr"��oldHomer"��r#��cleanupHome��s��z0DefaultAPITests.replaceHome.<locals>.cleanupHomeN)r<��r=��get� addCleanup)r!��tempHomer@��r"��r>��r#��replaceHome��s�� zDefaultAPITests.replaceHomec��C��s��g�}\|��}\|�j}t\|��d��d�}\|��t\|��\|��\|��\|��d\|�jd<�t � \|�jdtd�� \|j��\|��dg\|��dS�)z� L{default.verifyHostKey} should find your known_hosts file in ~/.ssh/known_hosts if you don't specify one explicitly on the command line. z.ssh�known_hostsNr��r��r9��r��)rx��r5��r ��r��parent�makedirs�moveTorD��r��r��r��r7��r��r��r��r'��)r!��r��tmpdir�oldHostsOption�hostsNonOptionr"��r"��r#��test_noKnownHostsOption��s�� z'DefaultAPITests.test_noKnownHostsOptionc��C��sj��g�}t��\|�jdtd��\|j��\|��dg\|�jj��\|��dg\|��t � t\|�j��}\|�� \|�dt�t��dS�)a�� L{default.verifyHostKey} should return a L{Deferred} which fires with C{1} when passed a host which matches with an IP is not present in its known_hosts file, and should also warn the user that it has added the IP address. s��8.7.6.5s��Fingerprint not required.z`Warning: Permanently added the RSA host key for IP address '8.7.6.5' to the list of known hosts.r��N)r��r��r7��r��r��r��r'��r��r��r��r}��r ��r5��r3��r��r��r)��)r!��r��r��r"��r"��r#��test_verifyHostButNotIP��s�� z'DefaultAPITests.test_verifyHostButNotIPc��C��sL��d\|�j�jjd<�\|�jj�d��t�\|�j�dtd�}\|�� dg\|�jj ��\|��\|t�S�)z� L{default.verifyHostKey} should return a L{Default} which fires with C{0} when passed an unknown host that the user refuses to acknowledge. s��fake.example.comr3��r��s��9.8.7.6s��No fingerprint!s��The authenticity of host 'fake.example.com (9.8.7.6)' can't be established. RSA key fingerprint is SHA256:vD0YydsNIUYJa7yLZl3tIL8h0vZvQ8G+HPG7JLmQV0s=. Are you sure you want to continue connecting (yes/no)? ) r7��r8��r��r��r��r��r��r��r-��r'��r��r��r ��r!��r��r"��r"��r#��test_verifyQuestion��s�� z#DefaultAPITests.test_verifyQuestionc��C��s��t��\|�jdtd�}\|��\|t�S�)z� L{default.verifyHostKey} should return a L{Deferred} which fails with L{HostKeyChanged} if the host key is incorrect. r��zAgain, not required.)r��r��r7��r-��r��r��rN��r"��r"��r#��test_verifyBadKey��s�� z!DefaultAPITests.test_verifyBadKeyc��C��J��\|�j�d��d�}t�\|t�t��dt \|�j �ji�}\|��d\|��dS�)zy L{default.isInKnownHosts} should return C{1} when a host with a key is in the known hosts file. r��r��r��r��N) r6��rA��rk��r��isInKnownHostsr��r)��r��blobr ��r5��r��r'��r!��r3��rr"��r"��r#��test_inKnownHosts��z!DefaultAPITests.test_inKnownHostsc��C��s��t��dddt\|�j�ji�}\|��d\|��dS�)z} L{default.isInKnownHosts} should return C{0} when a host with a key is not in the known hosts file. z not.theres ��irrelevantr��r��N)r��rR��r ��r5��r��r'��)r!��rU��r"��r"��r#��test_notInKnownHosts%��s��z$DefaultAPITests.test_notInKnownHostsc��C��rQ��)z� L{default.isInKnownHosts} should return C{2} when a host with a key other than the given one is in the known hosts file. r��r��r��N) r6��rA��rk��r��rR��r��r)��r-��rS��r ��r5��r��r'��rT��r"��r"��r#��test_inKnownHostsKeyChanged/��rW��z+DefaultAPITests.test_inKnownHostsKeyChangedN)r7��r8��r9��r:��r0��r>��r:��rD��rL��rM��rO��rP��rV��rX��rZ��r"��r"��r"��r#��r+��s�� r+��)Er:��r<��binasciir��ra��r��r��unittestr��zope.interface.verifyr��twisted.conch.errorr��r��r ��twisted.conch.interfacesr ��twisted.internet.deferr��twisted.python.compatr��twisted.python.filepathr ��twisted.python.reflectr��twisted.test.testutilsr��twisted.trial.unittestr��twisted.conch.clientr��twisted.conch.client.knownhostsr��r��r��r��r��twisted.conch.ssh.keysr��r��twisted.conch.testr��skip�sampleEncodedKey�otherSampleEncodedKeyr��ecdsaSampleEncodedKeyr��r-��r��r��rE��r��rF��rT��r��r;��rG��rK��rU��rV��r[��rw��r��r ��r��r)��r��r+��r"��r"��r"��r#��<module>��sv�� 0 O&f��=!r ��test/__pycache__/test_forwarding.cpython-310.pyc��0000644��00000004361�15027667726�0015663 0��ustar�00��o ��br��@��sr��d�Z�ddlmZ�ed�ZerddlmZ�ddlmZ�ddlm Z �ddl mZmZ�ddl mZ�G�d d ��d ej�ZdS�)z, Tests for L{twisted.conch.ssh.forwarding}. ��)� requireModule�cryptography)� forwarding)�IPv6Address)�deterministicResolvingReactor)�MemoryReactorClock�StringTransport)�unittestc��@��s(��e�Zd�ZdZes dZdd��Zdd��ZdS�)�TestSSHConnectForwardingChannelzH Unit and integration tests for L{SSHConnectForwardingChannel}. zCannot run without cryptographyc��C��s>��\|j�d�d�}\|jd�}\|�d�}t\|��d�}\|�\|��dS�)z� Fake that connection was established for first connectTCP request made on C{reactor}. @param reactor: Reactor on which to fake the connection. @type reactor: A reactor. r��N)�peerAddress)� tcpClients� connectors� buildProtocolr��getDestination�makeConnection)�self�reactor�factory� connector�protocol� transport��r��D/usr/lib/python3/dist-packages/twisted/conch/test/test_forwarding.py�makeTCPConnection��s �� z1TestSSHConnectForwardingChannel.makeTCPConnectionc��C��sp��t�jdd�}t��}t\|dg�\|_\|�d��\|��\|��\|��\|j��\|�� \|j t�j��\|��t ddd�\|j j��dS�)z� When a hostname is sent as part of forwarding requests, it is resolved using HostnameEndpoint's resolver. )zfwd.example.org��)�hostportz::1N�TCPr��)r��SSHConnectForwardingChannelr��r��_reactor�channelOpenr��successResultOf�_channelOpenDeferred�assertIsInstance�client�SSHForwardingClient�assertEqualr��r��getPeer)r��sut� memoryReactorr��r��r�� test_channelOpenHostnameRequests+��s�� z@TestSSHConnectForwardingChannel.test_channelOpenHostnameRequestsN)�__name__� __module__�__qualname__�__doc__r��skipr��r��r��r��r��r��r ��s��r ��N)r.��twisted.python.reflectr��r��twisted.conch.sshr��twisted.internet.addressr��$twisted.internet.test.test_endpointsr��twisted.test.proto_helpersr��r�� twisted.trialr ��TestCaser ��r��r��r��r��<module>��s��test/__pycache__/test_checkers.cpython-310.pyc��0000644��00000102602�15027667726�0015305 0��ustar�00��o ��blz��@��s��d�Z�zddlZW�n�ey��dZY�nw�dZddlZddlmZ�ddlmZ�ddl m Z �ddlmZ�dd l mZ�dd lmZmZmZmZ�ddlmZmZ�ddlmZ�dd lmZ�ddlmZmZ�ddlmZ�ddl m!Z!�ddl"m#Z#�ddl$m%Z%�e!d�r�e!d�r�dZ&ddl'm(Z(�ddl)mZm+Z+�ddl,m-Z-�ddl.m/Z/�ndZ&e0edd�du�r�dZ1ndZ1G�dd��de%�Z2G�dd��de%�Z3G�d d!��d!e%�Z4G�d"d#��d#e%�Z5G�d$d%��d%e%�Z6G�d&d'��d'e%�Z7G�d(d)��d)e%�Z8edd+g�Z9G�d,d-��d-e:�Z;G�d.d/��d/e%�Z<dS�)0z& Tests for L{twisted.conch.checkers}. ��Nzcannot run without crypt module��)�encodebytes)� namedtuple)�BytesIO)�verifyObject)�'InMemoryUsernamePasswordDatabaseDontUse)�ISSHPrivateKey�IUsernamePassword� SSHPrivateKey�UsernamePassword)�UnauthorizedLogin�UnhandledCredentials)�util)�Failure)�ShadowDatabase�UserDatabase)�FilePath)� requireModule)�MockOS)�TestCase�cryptography�pyasn1)�checkers)�NotEnoughAuthentication�ValidPublicKey)�keys)�keydataz)can't run without cryptography and PyASN1�geteuidz0Cannot run without effective UIDs (questionable)c��@��sX��e�Zd�ZdZep eZdd��Zdd��Zdd��Z dd ��Z d d��Zdd ��Zdd��Z dd��ZdS�)�HelperTestszl Tests for helper functions L{verifyCryptedPassword}, L{_pwdGetByName} and L{_shadowGetByName}. c��C��s��t��\|�_d�S��N)r��mockos��self��r#��B/usr/lib/python3/dist-packages/twisted/conch/test/test_checkers.py�setUp>��s��zHelperTests.setUpc��C��4��d}d}t��\|\|�}\|��t�\|\|�d�\|\|��dS�)z� L{verifyCryptedPassword} returns C{True} if the plaintext password passed to it matches the encrypted password passed to it. � secret string�saltyz5{!r} supposed to be valid encrypted password for {!r}N��crypt� assertTruer��verifyCryptedPassword�format�r"��password�salt�cryptedr#��r#��r$��test_verifyCryptedPasswordA�� z&HelperTests.test_verifyCryptedPasswordc��C��r&��)z� L{verifyCryptedPassword} returns True if the provided cleartext password matches the provided MD5 password hash. r/��z$1$saltz3{!r} supposed to be valid encrypted password for {}Nr)��r.��r#��r#��r$��test_verifyCryptedPasswordMD5P��r3��z)HelperTests.test_verifyCryptedPasswordMD5c��C��s4��d}d}t��\|\|�}\|��t�\|\|�d�\|\|��dS�)z� L{verifyCryptedPassword} returns C{False} if the plaintext password passed to it does not match the encrypted password passed to it. z string secretr'��z7{!r} not supposed to be valid encrypted password for {}N)r��assertFalser��r,��r-��)r"��r/��wrongr1��r#��r#��r$��test_refuteCryptedPassword_��r3��z&HelperTests.test_refuteCryptedPasswordc�� C��sF��t��}\|�ddddddd��\|��td\|��\|��t�d�\|�d��d S�) z� L{_pwdGetByName} returns a tuple of items from the UNIX /etc/passwd database if the L{pwd} module is present. �alice�secrit��z first last�/foo�/bin/sh�pwdN)r��addUser�patchr��assertEqual� _pwdGetByName�getpwnam�r"��userdbr#��r#��r$��test_pwdGetByNamen��s��zHelperTests.test_pwdGetByNamec��C��s"��\|��tdd��\|��t�d��dS�)zW If the C{pwd} module isn't present, L{_pwdGetByName} returns L{None}. r>��Nr8��)r@��r��assertIsNonerB��r!��r#��r#��r$��test_pwdGetByNameWithoutPwdx��s��z'HelperTests.test_pwdGetByNameWithoutPwdc��C��s��t��}\|�ddddddddd � �\|��td \|��d\|�j_d\|�j_\|��td \|�j��\|��t� d�\|� d��\|��\|�jjddg��\|��\|�jjddg��dS�)z� L{_shadowGetByName} returns a tuple of items from the UNIX /etc/shadow database if the L{spwd} is present. �bob� passphraser:��r;��spwd�) ��osr��N) r��r?��r@��r��r ��euid�egidr��rA��_shadowGetByName�getspnam�seteuidCalls�setegidCallsrD��r#��r#��r$��test_shadowGetByName��s��z HelperTests.test_shadowGetByNamec��C��sB��\|��tdd��\|��t�d��\|��\|�jjg��\|��\|�jjg��dS�)zP L{_shadowGetByName} returns L{None} if C{spwd} is not present. rP��NrI��)r@��r��rG��rV��rA��r ��rX��rY��r!��r#��r#��r$��test_shadowGetByNameWithoutSpwd��s��z+HelperTests.test_shadowGetByNameWithoutSpwdN)�__name__� __module__�__qualname__�__doc__� cryptSkip�dependencySkip�skipr%��r2��r4��r7��rF��rH��rZ��r[��r#��r#��r#��r$��r��6��s�� r��c��@��sp��e�Zd�ZdZep eZdd��Zdd��Zdd��Z dd ��Z d d��Zdd ��Zdd��Z dd��Zdd��Zdd��Zdd��ZdS�)�SSHPublicKeyDatabaseTestsz, Tests for L{SSHPublicKeyDatabase}. c�� C��s��t��\|�_td�\|�_td�\|�_d\|�j�d�\|�j�d�\|�_t��\|�_t \|�� \|�j_\|�jj��\|�� td\|�j��\|�jj�d�\|�_\|�j��t��}\|�dd d dd\|�jjjd ��\|\|�j_d�S�)N��foobar��eggspams��t1 s�� foo t2 s�� egg rS��.ssh��user��passwordr:��r;��s ��first last� ��/bin/shell)r��SSHPublicKeyDatabase�checkerr��key1�key2�contentr��r ��r��mktemp�path�makedirsr@��r��child�sshDirr��r?��_userdbrD��r#��r#��r$��r%��s�� zSSHPublicKeyDatabaseTests.setUpc��C��sL��\|�j�\|�jgd�}\|��\|d�d�t��\|��\|d�d�d��\|��t\|�d��dS�)zJ L{SSHPublicKeyDatabase} is deprecated as of version 15.0 )�offendingFunctionsr��category�messagez�twisted.conch.checkers.SSHPublicKeyDatabase was deprecated in Twisted 15.0.0: Please use twisted.conch.checkers.SSHPublicKeyChecker, initialized with an instance of twisted.conch.checkers.UNIXAuthorizedKeysFiles instead.r:��N)� flushWarningsr%��rA��DeprecationWarning�len)r"�� warningsShownr#��r#��r$��test_deprecated��s�� z)SSHPublicKeyDatabaseTests.test_deprecatedc��C��sj��\|�j��\|��\|�j��tdd�}d\|_\|��\|�j�\|��d\|_\|��\|�j�\|��d\|_\|�� \|�j�\|��d�S�)Nrg��rh��rd��re��s ��notallowed) rs��rr�� setContentrn��r��blobr+��rk��checkKeyr5��)r"��filename�userr#��r#��r$�� _testCheckKey��s�� z'SSHPublicKeyDatabaseTests._testCheckKeyc��C��.��\|��d��\|��\|�jjg��\|��\|�jjg��dS�)z� L{SSHPublicKeyDatabase.checkKey} should retrieve the content of the authorized_keys file and check the keys against that file. �authorized_keysN�r��rA��r ��rX��rY��r!��r#��r#��r$�� test_checkKey�� z'SSHPublicKeyDatabaseTests.test_checkKeyc��C��r��)z� L{SSHPublicKeyDatabase.checkKey} should retrieve the content of the authorized_keys2 file and check the keys against that file. �authorized_keys2Nr��r!��r#��r#��r$��test_checkKey2��r��z(SSHPublicKeyDatabaseTests.test_checkKey2c��s��\|�j��d��\|�j��d��\|��jd��\|�jj��fdd�}d\|�j_d\|�j_ \|�� \|�jd\|��\|�� td \|�j��td d�}d\|_ \|��\|�j�\|��\|��\|�jjg�d ��\|��\|�jjddg��dS�)z� If the key file is readable, L{SSHPublicKeyDatabase.checkKey} should switch its uid/gid to the ones of the authenticated user. r��r��c��s��d��\|��S�)Nr��)�chmod)rT��keyFile�savedSeteuidr#��r$��seteuid��s�� z>SSHPublicKeyDatabaseTests.test_checkKeyAsRoot.<locals>.seteuidrQ��rR��r��rS��rg��rh��rd��)r��r:��r��rQ��r;��N)rs��rr��r}��rn��r�� addCleanupr ��r��rT��rU��r@��r��r��r~��r+��rk��r��rA��rX��rY��)r"��r��r��r#��r��r$��test_checkKeyAsRoot��s�� z-SSHPublicKeyDatabaseTests.test_checkKeyAsRootc��s\��dd��}��jd\|��tddtjdtj�tj�� d��}��j� \|�}��fdd�}\|�\|�S�) z� L{SSHPublicKeyDatabase.requestAvatarId} should return the avatar id passed in if its C{_checkKey} method returns True. c��S��dS��NTr#��ignoredr#��r#��r$�� _checkKey��zASSHPublicKeyDatabaseTests.test_requestAvatarId.<locals>._checkKeyr��test��ssh-rsa��fooc��\|�d��d�S��Nr��rA��avatarIdr!��r#��r$��_verify��z?SSHPublicKeyDatabaseTests.test_requestAvatarId.<locals>._verify)r@��rk��r ��r��publicRSA_opensshr��Key� fromString�privateRSA_openssh�sign�requestAvatarId�addCallback)r"��r��credentials�dr��r#��r!��r$��test_requestAvatarId��s�� z.SSHPublicKeyDatabaseTests.test_requestAvatarIdc��C��sB��dd��}\|��\|�jd\|��tddtjdd�}\|�j�\|�}\|��\|t�S�)a(�� L{SSHPublicKeyDatabase.requestAvatarId} should raise L{ValidPublicKey} if the credentials represent a valid key without a signature. This tells the user that the key is valid for login, but does not actually allow that user to do so without a signature. c��S��r��r��r#��r��r#��r#��r$��r��"��r��zQSSHPublicKeyDatabaseTests.test_requestAvatarIdWithoutSignature.<locals>._checkKeyr��r��r��N)r@��rk��r ��r��r��r�� assertFailurer��r"��r��r��r��r#��r#��r$��$test_requestAvatarIdWithoutSignature��s��z>SSHPublicKeyDatabaseTests.test_requestAvatarIdWithoutSignaturec��C��s0��dd��}\|��\|�jd\|��\|�j�d�}\|��\|t�S�)z� If L{SSHPublicKeyDatabase.checkKey} returns False, C{_cbRequestAvatarId} should raise L{UnauthorizedLogin}. c��S��r��NFr#��r��r#��r#��r$��r��2��r��zKSSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidKey.<locals>._checkKeyr��N)r@��rk��r��r��r��)r"��r��r��r#��r#��r$��test_requestAvatarIdInvalidKey,��s��z8SSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidKeyc��C��sR��dd��}\|��\|�jd\|��tddtjdtj�tj�� d��}\|�j� \|�}\|��\|t�S�)z� Valid keys with invalid signatures should cause L{SSHPublicKeyDatabase.requestAvatarId} to return a {UnauthorizedLogin} failure c��S��r��r��r#��r��r#��r#��r$��r��@��r��zQSSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidSignature.<locals>._checkKeyr��r��r��r��) r@��rk��r ��r��r��r��r��r��privateDSA_opensshr��r��r��r��r��r#��r#��r$��$test_requestAvatarIdInvalidSignature9��s��z>SSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidSignaturec��sV��dd��}��jd\|��tddddd�}��j�\|�}��fd d �}\|�\|��\|t�S�)z~ Exceptions raised while verifying the key should be normalized into an C{UnauthorizedLogin} failure. c��S��r��r��r#��r��r#��r#��r$��r��T��r��zSSSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeException.<locals>._checkKeyr��r��Ns��blobs��sigDatas��sigc��s ��tj�}��t\|�d��\|�S�)Nr:��)�flushLoggedErrorsr��BadKeyErrorrA��rz��)�failure�errorsr!��r#��r$��_verifyLoggedException[��z`SSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeException.<locals>._verifyLoggedException)r@��rk��r ��r�� addErrbackr��r��)r"��r��r��r��r��r#��r!��r$��&test_requestAvatarIdNormalizeExceptionN��s�� z@SSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeExceptionN)r\��r]��r^��r_��euidSkipra��rb��r%��r\|��r��r��r��r��r��r��r��r��r��r#��r#��r#��r$��rc��s�� rc��c��@��D��e�Zd�ZdZeZdd��Zdd��Zdd��Zdd ��Z d d��Z dd ��ZdS�)�SSHProtocolCheckerTestsz Tests for L{SSHProtocolChecker}. c��C��sL��t��}\|��\|jg��\|�t��\|��\|jtg��\|��\|j�t�t�j��dS�)z� L{SSHProcotolChecker.registerChecker} should add the given checker to the list of registered checkers. N)r��SSHProtocolCheckerrA��credentialInterfaces�registerCheckerrj��r��assertIsInstance�r"��rk��r#��r#��r$��test_registerCheckerk��s��z,SSHProtocolCheckerTests.test_registerCheckerc��C��sN��t��}\|��\|jg��\|�t��t��\|��\|jtg��\|��\|j�t�t�j��dS�)z� If a specific interface is passed into L{SSHProtocolChecker.registerChecker}, that interface should be registered instead of what the checker specifies in credentialIntefaces. N)r��r��rA��r��r��rj��r ��r��r��r#��r#��r$��!test_registerCheckerWithInterfacez��s��z9SSHProtocolCheckerTests.test_registerCheckerWithInterfacec��sJ��t��}t��}\|�dd��\|�\|��\|�tdd��}��fdd�}\|�\|�S�)z� L{SSHProtocolChecker.requestAvatarId} should defer to one if its registered checkers to authenticate a user. r��c��r��r��r��r��r!��r#��r$�� _callback��r��z?SSHProtocolCheckerTests.test_requestAvatarId.<locals>._callback)r��r��r��r?��r��r��r��r��)r"��rk��passwordDatabaser��r��r#��r!��r$��r��s�� z,SSHProtocolCheckerTests.test_requestAvatarIdc��C��sV��t��}dd��}\|��\|d\|��t��}\|�dd��\|�\|��\|�tdd��}\|��\|t �S�)z� If the client indicates that it is never satisfied, by always returning False from _areDone, then L{SSHProtocolChecker} should raise L{NotEnoughAuthentication}. c��S��r��r��r#��r��r#��r#��r$��_areDone��r��zYSSHProtocolCheckerTests.test_requestAvatarIdWithNotEnoughAuthentication.<locals>._areDone�areDoner��) r��r��r@��r��r?��r��r��r��r��r��)r"��rk��r��r��r��r#��r#��r$��/test_requestAvatarIdWithNotEnoughAuthentication��s�� zGSSHProtocolCheckerTests.test_requestAvatarIdWithNotEnoughAuthenticationc��C��s$��t��}\|�tdd��}\|��\|t�S�)z� If the passed credentials aren't handled by any registered checker, L{SSHProtocolChecker} should raise L{UnhandledCredentials}. r��)r��r��r��r��r��r ��)r"��rk��r��r#��r#��r$��%test_requestAvatarIdInvalidCredential��s��z=SSHProtocolCheckerTests.test_requestAvatarIdInvalidCredentialc��C��s��\|��t��d��dS�)zV The default L{SSHProcotolChecker.areDone} should simply return True. N)r+��r��r��r��r!��r#��r#��r$��test_areDone��s��z$SSHProtocolCheckerTests.test_areDoneN)r\��r]��r^��r_��ra��rb��r��r��r��r��r��r��r#��r#��r#��r$��r��d��s�� r��c��@��s`��e�Zd�ZdZep eZdd��Zdd��Zdd��Z dd ��Z d d��Zdd ��Zdd��Z dd��Zdd��ZdS�)�UNIXPasswordDatabaseTestsz, Tests for L{UNIXPasswordDatabase}. c��C��sP��g�}\|��\|j��\|��t\|�dd��t\|d�t�r\|d��\|��\|d�\|��dS�)a�� Assert that the L{Deferred} passed in is called back with the value 'username'. This represents a valid login for this TestCase. NOTE: To work, this method's return value must be returned from the test method, or otherwise hooked up to the test machinery. @param d: a L{Deferred} from an L{IChecker.requestAvatarId} method. @type d: L{Deferred} @rtype: L{Deferred} r:��zlogin incompleter��N)�addBoth�appendrA��rz�� isinstancer��raiseException)r"��r��username�resultr#��r#��r$��assertLoggedIn��s��z(UNIXPasswordDatabaseTests.assertLoggedInc��C��s<��t��}dd��}t��}\|�d\|dd�ddddd ��\|�d ddddd d ��t��}\|�ddddddddd� �\|�d \|d d�ddddddd� �\|��t�d\|��\|��t�d\|��t��}\|��td\|��d\|_d\|_ t d d!�}\|��\|�\|�d ��\|�� \|jg��\|�� \|jg��d"\|_\|��\|�\|�d"��\|�� \|jd#dg��\|�� \|jd#dg��d$S�)%z� L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database and then the C{spwd} database. c��S��s ��t��\|\|��}t��\|d\|��}\|S�)Nz$1$)r��)r��r/��r0��r1��r#��r#��r$��r1��r��z?UNIXPasswordDatabaseTests.test_defaultCheckers.<locals>.cryptedr8��r/��r:��r;��foor<��r=��rI��x�bar�/barr6��rK��rL��rM��rN��rO�� r>��rP��rS��rQ��rR��alicerh��bobr��N)r��UNIXPasswordDatabaser��r?��r��r@��r��r��rT��rU��r��r��r��rA��rX��rY��r��)r"��rk��r1��r>��rP��r ��credr#��r#��r$��test_defaultCheckers��s0�� z.UNIXPasswordDatabaseTests.test_defaultCheckersc��C��s��\|��tj\|�j\|d��dS�)a�� Asserts that the L{Deferred} passed in is erred back with an L{UnauthorizedLogin} L{Failure}. This reprsents an invalid login for this TestCase. NOTE: To work, this method's return value must be returned from the test method, or otherwise hooked up to the test machinery. @param d: a L{Deferred} from an L{IChecker.requestAvatarId} method. @type d: L{Deferred} @rtype: L{None} zbogus valueN)�assertRaisesr��r��r��r"��r��r#��r#��r$��assertUnauthorizedLogin��s�� z1UNIXPasswordDatabaseTests.assertUnauthorizedLoginc�� C��sR��t��dd�}t��}\|�d\|ddddd��t�\|jg�}\|��\|�tdd ��d��d S�)zo L{UNIXPasswordDatabase} takes a list of functions to check for UNIX user information. �secret�anybodyr:��r;��r��r��r=��s��anybodys��secretN) r��r��r?��r��r��rC��r��r��r��)r"��r/��rE��rk��r#��r#��r$��test_passInCheckers��s��z-UNIXPasswordDatabaseTests.test_passInCheckersc��C��sJ��dd��}dd��}\|��td\|��t�\|g�}tdd�}\|��\|�\|�d��dS�)z� If the encrypted password provided by the getpwnam function is valid (verified by the L{verifyCryptedPassword} function), we callback the C{requestAvatarId} L{Deferred} with the username. c��S��\|�\|kS�r��r#��r1��pwr#��r#��r$��r,��#��zLUNIXPasswordDatabaseTests.test_verifyPassword.<locals>.verifyCryptedPasswordc��S��\|�\|�gS�r��r#��r��r#��r#��r$��rC��&��r��z?UNIXPasswordDatabaseTests.test_verifyPassword.<locals>.getpwnamr,��usernameN�r@��r��r��r��r��r��r"��r,��rC��rk�� credentialr#��r#��r$��test_verifyPassword��s�� z-UNIXPasswordDatabaseTests.test_verifyPasswordc��C��s2��dd��}t��\|g�}tdd�}\|��\|�\|��dS�)z} If the getpwnam function raises a KeyError, the login fails with an L{UnauthorizedLogin} exception. c��S��s��t�\|��r��)�KeyErrorr��r#��r#��r$��rC��4��r��z?UNIXPasswordDatabaseTests.test_failOnKeyError.<locals>.getpwnamr��N)r��r��r��r��r��)r"��rC��rk��r��r#��r#��r$��test_failOnKeyError.��s�� z-UNIXPasswordDatabaseTests.test_failOnKeyErrorc��C��sH��dd��}dd��}\|��td\|��t�\|g�}tdd�}\|��\|�\|��dS�)z� If the verifyCryptedPassword function doesn't verify the password, the login fails with an L{UnauthorizedLogin} exception. c��S��r��r��r#��r��r#��r#��r$��r,��A��r��zOUNIXPasswordDatabaseTests.test_failOnBadPassword.<locals>.verifyCryptedPasswordc��S��r��r��r#��r��r#��r#��r$��rC��D��r��zBUNIXPasswordDatabaseTests.test_failOnBadPassword.<locals>.getpwnamr,��r��N)r@��r��r��r��r��r��r��r#��r#��r$��test_failOnBadPassword;��s�� z0UNIXPasswordDatabaseTests.test_failOnBadPasswordc��C��sT��dd��}dd��}dd��}\|��td\|��t�\|\|g�}tdd�}\|��\|�\|�d��d S�) a�� UNIXPasswordDatabase.requestAvatarId loops through each getpwnam function associated with it and returns a L{Deferred} which fires with the result of the first one which returns a value other than None. ones do not verify the password. c��S��r��r��r#��r��r#��r#��r$��r,��T��r��zRUNIXPasswordDatabaseTests.test_loopThroughFunctions.<locals>.verifyCryptedPasswordc��S��s��\|�dgS�)Nznot the passwordr#��r��r#��r#��r$�� getpwnam1W��r��zFUNIXPasswordDatabaseTests.test_loopThroughFunctions.<locals>.getpwnam1c��S��r��r��r#��r��r#��r#��r$�� getpwnam2Z��r��zFUNIXPasswordDatabaseTests.test_loopThroughFunctions.<locals>.getpwnam2r,��r��Nr��)r"��r,��r��r��rk��r��r#��r#��r$��test_loopThroughFunctionsL��s�� z3UNIXPasswordDatabaseTests.test_loopThroughFunctionsc�� C��s��t��}\|�ddddddd��\|�ddddddd��\|�d d ddddd��\|��td\|��t�tjg�}tdd �}\|��\|�\|��tdd�}\|��\|�\|��tdd�}\|��\|�\|��dS�)z� If the password returned by any function is C{""}, C{"x"}, or C{""} it is not compared against the supplied password. Instead it is skipped. r8��r��r:��r;��r��r��rI��r��carol�r>��r��r��xs��carol��N) r��r?��r@��r��r��rB��r��r��r��)r"��r>��rk��r��r#��r#��r$��test_failOnSpecialb��s�� z,UNIXPasswordDatabaseTests.test_failOnSpecialN)r\��r]��r^��r_��r`��ra��rb��r��r��r��r��r��r��r��r��r��r#��r#��r#��r$��r��s��( r��c��@��,��e�Zd�ZdZeZdd��Zdd��Zdd��ZdS�) �AuthorizedKeyFileReaderTestsz5 Tests for L{checkers.readAuthorizedKeyFile} c��C��s0��t�d�}t�\|dd��}\|��ddgt\|��dS�)zg L{checkers.readAuthorizedKeyFile} does not attempt to turn comments into keys sE��# this comment is ignored this is not # this is again and this is notc��S��\|�S�r��r#��r��r#��r#��r$��<lambda>��zCAuthorizedKeyFileReaderTests.test_ignoresComments.<locals>.<lambda>s��this is nots��and this is notN�r��r��readAuthorizedKeyFilerA��list�r"��fileobjr��r#��r#��r$��test_ignoresComments��s ��z1AuthorizedKeyFileReaderTests.test_ignoresCommentsc��C��s0��t�d�}tj\|dd��d�}\|��dgt\|��dS�)zw L{checkers.readAuthorizedKeyFile} ignores leading whitespace in lines, as well as empty lines sg�� # ignore not ignored c��S��r��r��r#��r��r#��r#��r$��r��r��zYAuthorizedKeyFileReaderTests.test_ignoresLeadingWhitespaceAndEmptyLines.<locals>.<lambda>��parseKeys��not ignoredNr��r ��r#��r#��r$��test_ignoresLeadingWhitespaceAndEmptyLines��s ��zGAuthorizedKeyFileReaderTests.test_ignoresLeadingWhitespaceAndEmptyLinesc��C��s4��dd��}t�d�}tj\|\|d�}\|��dgt\|��dS�)z� L{checkers.readAuthorizedKeyFile} does not raise an exception when a key fails to parse (raises a L{twisted.conch.ssh.keys.BadKeyError}), but rather just keeps going c��S��s��\|��d�r t�d��\|�S�)N��fzfailed to parse)� startswithr��r��)�liner#��r#��r$�� failOnSome��s�� zKAuthorizedKeyFileReaderTests.test_ignoresUnparsableKeys.<locals>.failOnSomes��failed key good keyr ��s��good keyNr��)r"��r��r��r��r#��r#��r$��test_ignoresUnparsableKeys��s��z7AuthorizedKeyFileReaderTests.test_ignoresUnparsableKeysN) r\��r]��r^��r_��ra��rb��r��r��r��r#��r#��r#��r$��r��x��s��r��c��@��r��) �InMemorySSHKeyDBTestsz0 Tests for L{checkers.InMemorySSHKeyDB} c��C��s ��t��ddgi�}tt�j\|��dS�)z_ L{checkers.InMemorySSHKeyDB} implements L{checkers.IAuthorizedKeysDB} r��s��keyN)r��InMemorySSHKeyDBr��IAuthorizedKeysDB�r"��keydbr#��r#��r$��test_implementsInterface��s��z.InMemorySSHKeyDBTests.test_implementsInterfacec��C��s��t��ddgi�}\|��g�t\|�d��dS�)z� If the user is not in the mapping provided to L{checkers.InMemorySSHKeyDB}, an empty iterator is returned by L{checkers.InMemorySSHKeyDB.getAuthorizedKeys} r��s��keysr��N�r��r��rA��r ��getAuthorizedKeysr��r#��r#��r$��test_noKeysForUnauthorizedUser��s��z4InMemorySSHKeyDBTests.test_noKeysForUnauthorizedUserc��C��s0��t��dddgi�}\|��ddgt\|�d��dS�)z� If the user is in the mapping provided to L{checkers.InMemorySSHKeyDB}, an iterator with all the keys is returned by L{checkers.InMemorySSHKeyDB.getAuthorizedKeys} r��a��bNr��r��r#��r#��r$��test_allKeysForAuthorizedUser��s��z3InMemorySSHKeyDBTests.test_allKeysForAuthorizedUserN) r\��r]��r^��r_��ra��rb��r��r��r ��r#��r#��r#��r$��r��s�� r��c��@��r��)�UNIXAuthorizedKeysFilesTestsz8 Tests for L{checkers.UNIXAuthorizedKeysFiles}. c�� C��s~��t��}t\|��\|_\|j��t��\|�_\|�j�ddddd\|jjd��\|j�d�\|�_ \|�j ��\|�j �d�}\|� d ��d dg\|�_d�S�)Nr��rh��r:��r;��s��alice lastnameri��rf��r��s��key 1 key 2s��key 1s��key 2)r��r��ro��rp��rq��r��rE��r?��rr��rs��r}��expectedKeys)r"��r ��authorizedKeysr#��r#��r$��r%��s$�� z"UNIXAuthorizedKeysFilesTests.setUpc��C��s��t��\|�j�}tt�j\|��dS�)zg L{checkers.UNIXAuthorizedKeysFiles} implements L{checkers.IAuthorizedKeysDB}. N)r��UNIXAuthorizedKeysFilesrE��r��r��r��r#��r#��r$��r��s��z5UNIXAuthorizedKeysFilesTests.test_implementsInterfacec��C��s.��t�j\|�jdd��d�}\|��g�t\|�d��dS�)z� If the user is not in the user database provided to L{checkers.UNIXAuthorizedKeysFiles}, an empty iterator is returned by L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys}. c��S��r��r��r#��r��r#��r#��r$��r��r��zMUNIXAuthorizedKeysFilesTests.test_noKeysForUnauthorizedUser.<locals>.<lambda>r ��rI��N)r��r$��rE��rA��r ��r��r��r#��r#��r$��r��s��z;UNIXAuthorizedKeysFilesTests.test_noKeysForUnauthorizedUserc��C��sH��\|�j��d��d��tj\|�jdd��d�}\|��\|�jdg�t\|� d��dS�)a�� If the user is in the user database provided to L{checkers.UNIXAuthorizedKeysFiles}, an iterator with all the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} is returned by L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys}. r��s��key 3c��S��r��r��r#��r��r#��r#��r$��r��r��z`UNIXAuthorizedKeysFilesTests.test_allKeysInAllAuthorizedFilesForAuthorizedUser.<locals>.<lambda>r ��r��N) rs��rr��r}��r��r$��rE��rA��r"��r ��r��r��r#��r#��r$��1test_allKeysInAllAuthorizedFilesForAuthorizedUser��s ��zNUNIXAuthorizedKeysFilesTests.test_allKeysInAllAuthorizedFilesForAuthorizedUserc��C��s0��t�j\|�jdd��d�}\|��\|�jt\|�d��dS�)z� L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys} returns only the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if they exist. c��S��r��r��r#��r��r#��r#��r$��r��r��zJUNIXAuthorizedKeysFilesTests.test_ignoresNonexistantFile.<locals>.<lambda>r ��r��N)r��r$��rE��rA��r"��r ��r��r��r#��r#��r$��test_ignoresNonexistantFile ��s��z8UNIXAuthorizedKeysFilesTests.test_ignoresNonexistantFilec��C��s@��\|�j��d��tj\|�jdd��d�}\|��\|�jt\|� d��dS�)z� L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys} returns only the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if they are readable. r��c��S��r��r��r#��r��r#��r#��r$��r��r��zIUNIXAuthorizedKeysFilesTests.test_ignoresUnreadableFile.<locals>.<lambda>r ��r��N) rs��rr��rq��r��r$��rE��rA��r"��r ��r��r��r#��r#��r$��test_ignoresUnreadableFile��s��z7UNIXAuthorizedKeysFilesTests.test_ignoresUnreadableFileN)r\��r]��r^��r_��ra��rb��r%��r��r��r%��r&��r'��r#��r#��r#��r$��r!��s�� r!��_KeyDBr��c��@��s��e�Zd�ZdZdS�)�_DummyExceptionz0 Fake exception to be used for testing. N)r\��r]��r^��r_��r#��r#��r#��r$��r)��!��s��r)��c��@��sL��e�Zd�ZdZeZdd��Zdd��Zdd��Zdd ��Z d d��Z dd ��Zdd��ZdS�)�SSHPublicKeyCheckerTestsz4 Tests for L{checkers.SSHPublicKeyChecker}. c��C��sD��t�ddtjdtj�tj��d��\|�_t dd��\|�_ t�\|�j �\|�_ d�S�)Nr��r��r��c��S��s��t�j�tj�gS�r��)r��r��r��r��r��)�_r#��r#��r$��r��8��s��z0SSHPublicKeyCheckerTests.setUp.<locals>.<lambda>)r ��r��r��r��r��r��r��r��r��r(��r��r��SSHPublicKeyCheckerrk��r!��r#��r#��r$��r%��0��s��zSSHPublicKeyCheckerTests.setUpc��C��s"��d\|�j�_\|��\|�j�\|�j��t��dS�)z� Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that do not have a signature fails with L{ValidPublicKey}. N)r�� signature�failureResultOfrk��r��r��r!��r#��r#��r$�� test_credentialsWithoutSignature;��s��z9SSHPublicKeyCheckerTests.test_credentialsWithoutSignaturec��C��s$��d\|�j�_\|��\|�j�\|�j��tj��dS�)z� Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that have a bad key fails with L{keys.BadKeyError}. r��N)r��r~��r.��rk��r��r��r��r!��r#��r#��r$��test_credentialsWithBadKeyE��s��z3SSHPublicKeyCheckerTests.test_credentialsWithBadKeyc��C��s$��t�j\|�j_\|��\|�j�\|�j�t��dS�)z� If L{checkers.IAuthorizedKeysDB.getAuthorizedKeys} returns no keys that match the credentials, L{checkers.SSHPublicKeyChecker.requestAvatarId} fails with L{UnauthorizedLogin}. N)r��publicDSA_opensshr��r~��r.��rk��r��r��r!��r#��r#��r$��test_credentialsNoMatchingKeyO��s�� z6SSHPublicKeyCheckerTests.test_credentialsNoMatchingKeyc��C��s2��t�j�tj��d�\|�j_\|��\|�j � \|�j�t��dS�)z� Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that are incorrectly signed fails with L{UnauthorizedLogin}. r��N)r��r��r��r��r��r��r��r-��r.��rk��r��r��r!��r#��r#��r$�� test_credentialsInvalidSignature[��s��z9SSHPublicKeyCheckerTests.test_credentialsInvalidSignaturec��C��s<��dd��}\|��tjd\|��\|��\|�j�\|�j�t��\|��t ��dS�)z� If L{keys.Key.verify} raises an exception, L{checkers.SSHPublicKeyChecker.requestAvatarId} fails with L{UnauthorizedLogin}. c��_��s��t��r��)r)��)�args�kwargsr#��r#��r$��failo��s��z?SSHPublicKeyCheckerTests.test_failureVerifyingKey.<locals>.fail�verifyN) r@��r��r��r.��rk��r��r��r��r��r)��)r"��r6��r#��r#��r$��test_failureVerifyingKeyh��s��z1SSHPublicKeyCheckerTests.test_failureVerifyingKeyc��C��s$��\|�j��\|�j�}\|��d\|��\|��dS�)zu L{checker.SSHPublicKeyChecker.requestAvatarId}, if successful, callbacks with the username. r��N)rk��r��r��rA��successResultOfr��r#��r#��r$��test_usernameReturnedOnSuccessy��s��z7SSHPublicKeyCheckerTests.test_usernameReturnedOnSuccessN) r\��r]��r^��r_��ra��rb��r%��r/��r0��r2��r3��r8��r:��r#��r#��r#��r$��r��)��s�� r��)=r_��r��ImportErrorr`��rS��base64r��collectionsr��ior��zope.interface.verifyr��twisted.cred.checkersr��twisted.cred.credentialsr��r ��r ��r��twisted.cred.errorr��r ��twisted.pythonr��twisted.python.failurer��twisted.python.fakepwdr��r��twisted.python.filepathr��twisted.python.reflectr��twisted.test.test_processr��twisted.trial.unittestr��ra�� twisted.conchr��twisted.conch.errorr��r��twisted.conch.sshr��twisted.conch.testr��getattrr��r��rc��r��r��r��r��r!��r(�� Exceptionr)��r��r#��r#��r#��r$��<module>��sX��e�JX�=4"P��test/__pycache__/test_connection.cpython-310.pyc��0000644��00000062510�15027667726�0015660 0��ustar�00��o ��bIr��@��s��d�Z�ddlZddlmZ�ddlmZ�ddlmZ�ddlm Z �ed�Z ddlmZ�e r3dd lm Z mZ�nG�d d��d�ZG�dd ��d ej�ZG�dd��d�ZG�dd��dej�ZG�dd��de j�ZG�dd��de j�ZdS�)z1 This module tests twisted.conch.ssh.connection. ��N)�channel)� test_userauth)� requireModule)�unittest�cryptography)�error)�common� connectionc��@��s��e�Zd�ZG�dd��d�ZdS�)r ��c��@��s��e�Zd�ZdS�)zconnection.SSHConnectionN)�__name__� __module__�__qualname__��r ��r ��D/usr/lib/python3/dist-packages/twisted/conch/test/test_connection.py� SSHConnection��s��r��N)r ��r��r��r��r ��r ��r ��r��r ��s��r ��c��@��sd��e�Zd�ZdZdZdZdZdd��Zdd��Zdd ��Z d d��Z dd ��Zdd��Zdd��Z dd��Zdd��ZdS�)�TestChannela�� A mocked-up version of twisted.conch.ssh.channel.SSHChannel. @ivar gotOpen: True if channelOpen has been called. @type gotOpen: L{bool} @ivar specificData: the specific channel open data passed to channelOpen. @type specificData: L{bytes} @ivar openFailureReason: the reason passed to openFailed. @type openFailed: C{error.ConchError} @ivar inBuffer: a C{list} of strings received by the channel. @type inBuffer: C{list} @ivar extBuffer: a C{list} of 2-tuples (type, extended data) of received by the channel. @type extBuffer: C{list} @ivar numberRequests: the number of requests that have been made to this channel. @type numberRequests: L{int} @ivar gotEOF: True if the other side sent EOF. @type gotEOF: L{bool} @ivar gotOneClose: True if the other side closed the connection. @type gotOneClose: L{bool} @ivar gotClosed: True if the channel is closed. @type gotClosed: L{bool} ��TestChannelFc��C��s ��d\|�j��S�)NzTestChannel %i)�id��selfr ��r ��r�� logPrefix:��s�� zTestChannel.logPrefixc��C��s4��d\|�_�\|\|�_g�\|�_g�\|�_d\|�_d\|�_d\|�_d\|�_dS�)zF The channel is open. Set up the instance variables. Tr��FN)�gotOpen�specificData�inBuffer� extBuffer�numberRequests�gotEOF�gotOneClose� gotClosed)r��r��r ��r ��r��channelOpen=��s�� zTestChannel.channelOpenc��C��s ��\|\|�_�dS�)zD Opening the channel failed. Store the reason why. N)�openFailureReason)r��reasonr ��r ��r�� openFailedJ�� zTestChannel.openFailedc��C��s��\|��j�d7��_�\|dkS�)z_ A test request. Return True if data is 'data'. @type data: L{bytes} ��data)r��r��datar ��r ��r��request_testP��s��zTestChannel.request_testc��C��s��\|�j��\|��dS�)z= Data was received. Store it in the buffer. N)r��appendr%��r ��r ��r��dataReceivedY��s��zTestChannel.dataReceivedc��C��s��\|�j��\|\|f��dS�)zF Extended data was received. Store it in the buffer. N)r��r(��)r��coder&��r ��r ��r��extReceived_��s��zTestChannel.extReceivedc��C�� d\|�_�dS�)z1 EOF was received. Remember it. TN)r��r��r ��r ��r��eofReceivede��r"��zTestChannel.eofReceivedc��C��r,��)z3 Close was received. Remember it. TN)r��r��r ��r ��r�� closeReceivedk��r"��zTestChannel.closeReceivedc��C��r,��)z7 The channel is closed. Rembember it. TN)r��r��r ��r ��r��closedq��r"��zTestChannel.closedN)r ��r��r��__doc__�namer��r��r��r��r!��r'��r)��r+��r-��r.��r/��r ��r ��r ��r��r��s�� r��c��@��s$��e�Zd�ZdZdZdd��Zdd��ZdS�)� TestAvatarz? A mocked-up version of twisted.conch.avatar.ConchUser �{��c��C��s4��\|t�jkr t�\|\|\|\|�d�S�\|dkrt�\|�jd��dS�)z� The server wants us to return a channel. If the requested channel is our TestChannel, return it, otherwise return None. )�remoteWindow�remoteMaxPacketr&��avatar��conch-error-args�error args in wrong orderN)r��r1��r�� ConchError�_ARGS_ERROR_CODE)r��channelType� windowSize� maxPacketr&��r ��r ��r�� lookupChannel��s�� zTestAvatar.lookupChannelc��C��s ��\|dkrdS�\|dkrd\|fS�dS�)z� The client has made a global request. If the global request is 'TestGlobal', return True. If the global request is 'TestData', return True and the request-specific data we received. Otherwise, return False. � ��TestGlobalT��TestDataFr ��)r��requestTyper&��r ��r ��r��gotGlobalRequest��s ��zTestAvatar.gotGlobalRequestN)r ��r��r��r0��r:��r>��rB��r ��r ��r ��r��r2��x��s ��r2��c��@��s@��e�Zd�ZdZes dZdd��Zdd��Zdd��Zd d ��Z dd��Z d S�)�TestConnectionz} A subclass of SSHConnection for testing. @ivar channel: the current channel. @type channel. C{TestChannel} �Cannot run without cryptographyc��C��dS�)NrC��r ��r��r ��r ��r��r��s��zTestConnection.logPrefixc��C��rE��)zT The other side made the 'TestGlobal' global request. Return True. Tr ��r%��r ��r ��r��global_TestGlobal��s��z TestConnection.global_TestGlobalc��C��s��d\|fS�)zt The other side made the 'Test-Data' global request. Return True and the data we received. Tr ��r%��r ��r ��r��global_Test_Data��s��zTestConnection.global_Test_Datac��C��s��t�\|\|\|d�\|�_\|�jS�)z� The other side is requesting the TestChannel. Create a C{TestChannel} instance, store it, and return it. )r4��r5��r&��)r��r��r��r<��r=��r&��r ��r ��r��channel_TestChannel��s��z"TestConnection.channel_TestChannelc��C��s��t�d��)zU The other side is requesting the ErrorChannel. Raise an exception. z no such thing)�AssertionErrorrH��r ��r ��r��channel_ErrorChannel��s��z#TestConnection.channel_ErrorChannelN)r ��r��r��r0��r��skipr��rF��rG��rI��rK��r ��r ��r ��r��rC��s�� rC��c��@��s��e�Zd�ZesdZdd��Zdd��Zdd��Zdd ��Zd d��Z dd ��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zdd��Zd d!��Zd"d#��Zd$d%��Zd&d'��Zd(d)��Zdd+��Zd,d-��Zd.d/��Zd0d1��Zd2d3��Zd4d5��Zd6d7��Zd8d9��Z d:d;��Z!d<d=��Z"d>d?��Z#d@dA��Z$dBdC��Z%dDS�)E�ConnectionTestsrD��c��C��s6��t��d��\|�_t��\|�j_t��\|�_\|�j\|�j_\|�j��d�S��N)r�� FakeTransport� transportr2��r6��rC��conn�serviceStartedr��r ��r ��r��setUp��s �� zConnectionTests.setUpc��C��s@��\|�j��\|��\|�jjdd��\|�j_\|�j��t�d\|jd�d��dS�)z? Open the channel with the default connection. N��z>2L��s��)rQ��openChannelrP��packets�ssh_CHANNEL_OPEN_CONFIRMATION�struct�packr��r��r��r ��r ��r��_openChannel��s ��zConnectionTests._openChannelc��C��s��\|�j��d�S�rN��)rQ��serviceStoppedr��r ��r ��r��tearDown��zConnectionTests.tearDownc��C��s��\|��\|�jjj\|�j��dS�)z_ Test that the connection links itself to the avatar in the transport. N)�assertIsrP��r6��rQ��r��r ��r ��r��test_linkAvatar��s��zConnectionTests.test_linkAvatarc��C��s��t��}t��}\|�j�\|��\|�j�\|��\|�j�d��\|��\|j��\|��\|j��\|��\|j��\|��\|j��\|�j��\|��\|j��\|��\|j��\|��\|j��ddl m }�\|��\|j\|��dS�)zF Test that serviceStopped() closes any open channels. s��r��)�ConnectionLostN) r��rQ��rV��rX�� assertTruer��assertFalser��r]��twisted.internet.errorrb��assertIsInstancer��)r��channel1�channel2rb��r ��r ��r��test_serviceStopped��s�� z#ConnectionTests.test_serviceStoppedc��C��s��\|�j��t�d�d��\|��\|�jjtjdfg��g�\|�j_\|�j��t�d�d�d��\|��\|�jjtjdfg��g�\|�j_\|�j��t�d�d��\|��\|�jjtj dfg��g�\|�j_\|�j��t�d�d��\|��\|�jjg��dS�) z� Test that global request packets are dispatched to the global_* methods and the return values are translated into success or failure messages. r?��r@��s ��test datas��TestBad��N) rQ��ssh_GLOBAL_REQUESTr��NS�assertEqualrP��rW��r ��MSG_REQUEST_SUCCESS�MSG_REQUEST_FAILUREr��r ��r ��r��test_GLOBAL_REQUEST��s"��z#ConnectionTests.test_GLOBAL_REQUESTc��sB��j��ddd�}��j��d��fdd�}\|�\|��\|��j��\|S�)zh Test that global request success packets cause the Deferred to be called back. ��requestr$��Tc��s��\|�d��d�S��Nr$��)ro��)r&��r��r ��r��check"��s��z3ConnectionTests.test_REQUEST_SUCCESS.<locals>.check)rQ��sendGlobalRequest�ssh_REQUEST_SUCCESS�addCallback� addErrback�fail�r��dru��r ��r��r��test_REQUEST_SUCCESS��s�� z$ConnectionTests.test_REQUEST_SUCCESSc��sB��j��ddd�}��j��d��fdd�}\|��j��\|�\|��\|S�)zg Test that global request failure packets cause the Deferred to be erred back. rs��r$��Tc��s��\|�jjd��d�S�rt��)ro��valuer&��)�fr��r ��r��ru��1��z3ConnectionTests.test_REQUEST_FAILURE.<locals>.check)rQ��rv��ssh_REQUEST_FAILURErx��rz��ry��r{��r ��r��r��test_REQUEST_FAILURE)��s�� z$ConnectionTests.test_REQUEST_FAILUREc��C��sH��\|�j�`\|�j�t�d�d��\|��\|�jjj��\|�� \|�jjj\|�j��\|�� \|�jjj d��\|�� \|�jjjd��\|�� \|�jjjd��\|�� \|�jjj d��\|�� \|�j�jtjdfg��g�\|�j�_\|�j�t�d�d��\|��\|�� \|�j�jtjdt�d ��t�d ��fg��g�\|�j�_\|�j�t�d�d��\|��\|�� \|�j�jtjdt�d ��t�d ��fg��dS�)z� Test that open channel packets cause a channel to be created and opened or a failure message to be returned. r��r#��s�� BadChannels��s��s��unknown channelrk��s��ErrorChannels��s��unknown failureN)rP��r6��rQ��ssh_CHANNEL_OPENr��rn��rc��r��r��ro��r&��r��remoteWindowLeftr5��rW��r ��MSG_CHANNEL_OPEN_CONFIRMATION�flushLoggedErrors�MSG_CHANNEL_OPEN_FAILUREr��r ��r ��r��test_CHANNEL_OPEN8��sV�� z!ConnectionTests.test_CHANNEL_OPENc��C��s��\|\|�j�j_\|�j�t�d�d��\|��tj �}\|�� t\|�dd\|��\|�� \|d�jj d��\|�� \|�j�jtjdt�d��t�d ��fg��d S�)z� Deliver a request for a channel open which will result in an exception being raised during channel lookup. Assert that an error response is delivered as a result. r7��r��r#��zExpected one error, got: r��)r3��r8��s��{s��error args in wrong orderrk��N)rP��r6��r:��rQ��r��r��rn��r��r��r9��ro��lenr~��argsrW��r ��r��)r��r��errorsr ��r ��r��_lookupChannelErrorTestl��s$�� z'ConnectionTests._lookupChannelErrorTestc��C��s��\|��d��dS�)a�� If a C{lookupChannel} implementation raises L{error.ConchError} with the arguments in the wrong order, a C{MSG_CHANNEL_OPEN} failure is still sent in response to the message. This is a temporary work-around until L{error.ConchError} is given better attributes and all of the Conch code starts constructing instances of it properly. Eventually this functionality should be deprecated and then removed. r3��N)r��r��r ��r ��r��test_lookupChannelError��s��z'ConnectionTests.test_lookupChannelErrorc��C��st��t��}\|�j�\|��\|�j�d��\|��\|jd��\|��\|jd��\|��\|jd��\|��\|�jj\|�d��\|��\|�jj d�d��dS�)zv Test that channel open confirmation packets cause the channel to be notified that it's open. s��r��N) r��rQ��rV��rX��ro��r��r5��r��channelsToRemoteChannel�localToRemoteChannelr[��r ��r ��r��test_CHANNEL_OPEN_CONFIRMATION��s��z.ConnectionTests.test_CHANNEL_OPEN_CONFIRMATIONc��C��sP��t��}\|�j�\|��\|�j�dt�d��\|��\|jjd��\|�� \|�jj �\|��dS�)zz Test that channel open failure packets cause the channel to be notified that its opening failed. ��failure!)r��r#��N)r��rQ��rV��ssh_CHANNEL_OPEN_FAILUREr��rn��ro��r��r��assertIsNone�channels�getr[��r ��r ��r��test_CHANNEL_OPEN_FAILURE��s��z)ConnectionTests.test_CHANNEL_OPEN_FAILUREc��C��s8��t��}\|��\|��\|j}\|�j�d��\|��\|j\|d��dS�)zc Test that channel window adjust messages add bytes to the channel window. r��r#��N)r��r\��r��rQ��ssh_CHANNEL_WINDOW_ADJUSTro��)r��r�� oldWindowSizer ��r ��r��test_CHANNEL_WINDOW_ADJUST��s �� zConnectionTests.test_CHANNEL_WINDOW_ADJUSTc��C��s��t�ddd�}\|��\|��\|�j�dt�d��\|��\|jdg��\|��\|�jj t jdfg��g�\|�j_ d\|jd��}\|�j�dt�\|��\|��\|jdg��\|��\|�jj t j d fg��t��}\|��\|��d\|jd��}g�\|�j_ \|�j�d t�\|��\|��\|jg��\|��\|�jj t j d fg��dS�)z� Test that channel data messages are passed up to the channel, or cause the channel to be closed if the data is too large. ��localWindow�localMaxPacketr��r$��ar#��r��N)r��r\��rQ��ssh_CHANNEL_DATAr��rn��ro��r��rP��rW��r ��MSG_CHANNEL_WINDOW_ADJUST�localWindowLeft�MSG_CHANNEL_CLOSEr��r��r��longData�bigDatar ��r ��r��test_CHANNEL_DATA��s:�� z!ConnectionTests.test_CHANNEL_DATAc��C��s��t�ddd�}\|��\|��\|�j�dt�d��\|��\|jdg��\|��\|�jj t jdfg��g�\|�j_ d\|jd ��}\|�j�dt�\|��\|��\|jdg��\|��\|�jj t j d fg��t��}\|��\|��d\|jd ��}g�\|�j_ \|�j�dt�\|��\|��\|jg��\|��\|�jj t j d fg��dS�) z� Test that channel extended data messages are passed up to the channel, or cause the channel to be closed if they're too big. r��r��r��s��r$��)r��r$��r��r��r#��r��s��N)r��r\��rQ��ssh_CHANNEL_EXTENDED_DATAr��rn��ro��r��rP��rW��r ��r��r��r��r��r��r ��r ��r��test_CHANNEL_EXTENDED_DATA��sF�� zConnectionTests.test_CHANNEL_EXTENDED_DATAc��C��s,��t��}\|��\|��\|�j�d��\|��\|j��dS�)zN Test that channel eof messages are passed up to the channel. r��N)r��r\��rQ��ssh_CHANNEL_EOFrc��r��r[��r ��r ��r��test_CHANNEL_EOF��s�� z ConnectionTests.test_CHANNEL_EOFc��C��sh��t��}\|��\|��\|��\|j��\|��\|j��\|��\|j��\|�j�\|��\|�j� d��\|��\|j��\|��\|j��dS�)z� Test that channel close messages are passed up to the channel. Also, test that channel.close() is called if both sides are closed when this message is received. r��N) r��r\��rc��r��rd��r��r��rQ�� sendClose�ssh_CHANNEL_CLOSEr[��r ��r ��r��test_CHANNEL_CLOSE��s�� z"ConnectionTests.test_CHANNEL_CLOSEc��sp��t��}��\|��j�dt�d��d��\|jd��j�dt�d��d�d��}��fdd�}\|�\|��\|S�) zS Test that channel requests that succeed send MSG_CHANNEL_SUCCESS. r��testrl��r#��rj��r$��c��jjtjdfg��d�S��Nr��)ro��rP��rW��r ��MSG_CHANNEL_SUCCESS��resultr��r ��r��ru��2�� z;ConnectionTests.test_CHANNEL_REQUEST_success.<locals>.check) r��r\��rQ��ssh_CHANNEL_REQUESTr��rn��ro��r��rx��r��r��r\|��ru��r ��r��r��test_CHANNEL_REQUEST_success$��s�� z,ConnectionTests.test_CHANNEL_REQUEST_successc��sP��t��}��\|��j�dt�d��d��}��fdd�}\|��j��\|�\|��\|S�)zP Test that channel requests that fail send MSG_CHANNEL_FAILURE. r��r��rj��c��r��r��)ro��rP��rW��r ��MSG_CHANNEL_FAILUREr��r��r ��r��ru��E��r��z;ConnectionTests.test_CHANNEL_REQUEST_failure.<locals>.check) r��r\��rQ��r��r��rn��rx��rz��ry��r��r ��r��r��test_CHANNEL_REQUEST_failure;��s�� z,ConnectionTests.test_CHANNEL_REQUEST_failurec��s>��t��}��\|��j�\|ddd�}��j�d��fdd�}\|S�)zj Test that channel request success messages cause the Deferred to be called back. r��r$��Tr��c��s��\|��d�S�rN��)rc��r��r��r ��r��ru��Y��r_��z;ConnectionTests.test_CHANNEL_REQUEST_SUCCESS.<locals>.check)r��r\��rQ��sendRequest�ssh_CHANNEL_SUCCESSr��r ��r��r��test_CHANNEL_REQUEST_SUCCESSO��s�� z,ConnectionTests.test_CHANNEL_REQUEST_SUCCESSc��sT��t��}��\|��j�\|ddd�}��j�d��fdd�}\|��j��\|�\|��\|S�)zi Test that channel request failure messages cause the Deferred to be erred back. r��rk��Tr��c��s��\|�jjd��d�S�)Nzchannel request failed)ro��r~��r��r��r ��r��ru��h��r��z;ConnectionTests.test_CHANNEL_REQUEST_FAILURE.<locals>.check)r��r\��rQ��r��ssh_CHANNEL_FAILURErx��rz��ry��r��r ��r��r��test_CHANNEL_REQUEST_FAILURE^��s�� z,ConnectionTests.test_CHANNEL_REQUEST_FAILUREc��C��s\|��\|�j��ddd�}\|�dd��\|�j��ddd��\|��\|�jjtjt� d�d �ftjt� d�d �fg��\|��\|�j�j d\|gi��dS�) zQ Test that global request messages are sent in the right format. s ��wantReplyr$��Tc��S��d�S�rN��r ��failurer ��r ��r��<lambda>u��z8ConnectionTests.test_sendGlobalRequest.<locals>.<lambda>s��noReplyrk��Fs��datarl��globalN)rQ��rv��ry��ro��rP��rW��r ��MSG_GLOBAL_REQUESTr��rn�� deferreds�r��r\|��r ��r ��r��test_sendGlobalRequesto��s��z&ConnectionTests.test_sendGlobalRequestc��C��sX��t��}\|�j�\|d��\|��\|�jjtjt� d�d�fg��\|��\|j d��\|��\|�jjd��dS�)zO Test that open channel messages are sent in the right format. s��aaaar��s��aaaar��r#��N)r��rQ��rV��ro��rP��rW��r ��MSG_CHANNEL_OPENr��rn��r��localChannelIDr[��r ��r ��r��test_openChannel��s�� z ConnectionTests.test_openChannelc�� C��s��t��}\|��\|��\|�j�\|ddd�}\|�dd��\|�j�\|ddd��d\|_\|�j�\|ddd��\|��\|�jjt j d t�d��d �ft j d t�d��d�fg��\|��\|�jj d�\|g��d S�)zR Test that channel request messages are sent in the right format. r��Tc��S��r��rN��r ��r��r ��r ��r��r��r��z2ConnectionTests.test_sendRequest.<locals>.<lambda>��test2rk��Fs��test3r��s��testrl��r��N)r��r\��rQ��r��ry��localClosedro��rP��rW��r ��MSG_CHANNEL_REQUESTr��rn��r��r��r��r\|��r ��r ��r��test_sendRequest��s$�� z ConnectionTests.test_sendRequestc��C��st��t�dd�}\|��\|��d\|_\|�j�\|d��\|��\|jd��d\|_\|�j�\|d��\|��\|jd��\|��\|�jjt j dfg��dS�) zi Test that channel window adjust messages cause bytes to be added to the window. r��)r��r��r#��T��N)r��r\��r��rQ��adjustWindowro��r��rP��rW��r ��r��r[��r ��r ��r��test_adjustWindow��s�� z!ConnectionTests.test_adjustWindowc��C��sX��t��}\|��\|��\|�j�\|d��d\|_\|�j�\|d��\|��\|�jjtj dt �d��fg��dS�)zO Test that channel data messages are sent in the right format. r��T��br��N)r��r\��rQ��sendDatar��ro��rP��rW��r ��MSG_CHANNEL_DATAr��rn��r[��r ��r ��r�� test_sendData��s�� zConnectionTests.test_sendDatac��C��s\��t��}\|��\|��\|�j�\|dd��d\|_\|�j�\|dd��\|��\|�jjtj dt �d��fg��dS�)zX Test that channel extended data messages are sent in the right format. r#��r��Tr��r��r��N)r��r\��rQ��sendExtendedDatar��ro��rP��rW��r ��MSG_CHANNEL_EXTENDED_DATAr��rn��r[��r ��r ��r��test_sendExtendedData��s�� z%ConnectionTests.test_sendExtendedDatac��C��sb��t��}\|��\|��\|�j�\|��\|��\|�jjtjdfg��d\|_ \|�j�\|��\|��\|�jjtjdfg��dS�)zN Test that channel EOF messages are sent in the right format. r��TN) r��r\��rQ��sendEOFro��rP��rW��r ��MSG_CHANNEL_EOFr��r[��r ��r ��r��test_sendEOF��s�� zConnectionTests.test_sendEOFc��C��s��t��}\|��\|��\|�j�\|��\|��\|j��\|��\|�jjt j dfg��\|�j�\|��\|��\|�jjt j dfg��t��}\|��\|��\|��\|j��\|��\|j ��d\|_\|�j�\|��\|��\|j ��dS�)zP Test that channel close messages are sent in the right format. r��TN)r��r\��rQ��r��rc��r��ro��rP��rW��r ��r��r��rd��r��remoteClosed)r��r��rh��r ��r ��r��test_sendClose��s(�� zConnectionTests.test_sendClosec��C��sZ��\|�j��dddd�}\|��\|jd��\|��\|jd��\|��\|jd��\|��tj\|�j�jdddd��dS�)z� Test that getChannel dispatches to the avatar when an avatar is present. Correct functioning without the avatar is verified in test_CHANNEL_OPEN. r��2��r$��r��N) rQ�� getChannelro��r&��r��r5��assertRaisesr��r9��r[��r ��r ��r��test_getChannelWithAvatar��s��z)ConnectionTests.test_getChannelWithAvatarc��C��sH��\|�j�`\|��\|�j�dd��\|��\|�j�dd�d��\|��\|�j�dd��dS�)zW Test that gotGlobalRequests dispatches to global_ without an avatar. r?��r$��s ��Test-Data)Tr$��s ��BadGlobalN)rP��r6��rc��rQ��rB��ro��rd��r��r ��r ��r��"test_gotGlobalRequestWithoutAvatar��s��z2ConnectionTests.test_gotGlobalRequestWithoutAvatarc��C��sB��t��}\|��\|��\|�jj\|dddd�}\|��\|tj�}\|�j�\|��\|S�)z� Whenever an SSH channel gets closed any Deferred that was returned by a sendRequest() on its parent connection must be errbacked. ��dummyrequest� ��dummydatar#�� wantReply)r��r\��rQ��r�� assertFailurer��r9�� channelClosedr��r ��r ��r��9test_channelClosedCausesLeftoverChannelDeferredsToErrback)��s�� zIConnectionTests.test_channelClosedCausesLeftoverChannelDeferredsToErrbackN)&r ��r��r��r��rL��rS��r\��r^��ra��ri��rr��r}��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r ��r ��r ��r��rM��sH�� 4 %+ rM��c��@��s(��e�Zd�ZdZes dZdd��Zdd��ZdS�)�CleanConnectionShutdownTestszL Check whether correct cleanup is performed on connection shutdown. rD��c��C��s,��t��d��\|�_t��\|�j_t��\|�_\|�j\|�j_d�S�rN��)r��rO��rP��r2��r6��rC��rQ��r��r ��r ��r��rS��?��s�� z"CleanConnectionShutdownTests.setUpc��C��s8��\|�j��\|�j�jdddd�}\|��\|tj�}\|�j��\|S�)z� Once the service is stopped any leftover global deferred returned by a sendGlobalRequest() call must be errbacked. r��r��r#��r��)rQ��rR��rv��r��r��r9��r]��r��r ��r ��r��9test_serviceStoppedCausesLeftoverGlobalDeferredsToErrbackE��s �� zVCleanConnectionShutdownTests.test_serviceStoppedCausesLeftoverGlobalDeferredsToErrbackN)r ��r��r��r0��r��rL��rS��r��r ��r ��r ��r��r��7��s��r��)r0��rY��twisted.conch.sshr��twisted.conch.testr��twisted.python.reflectr�� twisted.trialr��r�� twisted.conchr��r��r �� SSHChannelr��r2��r��rC��TestCaserM��r��r ��r ��r ��r��<module>��s(��\),��n��test/__pycache__/test_session.cpython-310.pyc��0000644��00000127704�15027667726�0015213 0��ustar�00��o ��b��@��s��d�Z�ddlZddlZddlZddlZddlmZ�ddlmZ�ddl m Z mZmZ�ddl mZ�ddlmZmZ�ddlmZmZ�dd lmZ�dd lmZ�ddlmZ�ddlmZ�ed �ZergddlmZm Z m!Z!�nG�dd��d�Z!G�dd��d�Z"G�dd��d�Z#ee!j$�G�dd��d��Z%ee!j&�G�dd��de%��Z'G�dd��d�Z(G�dd��dej)�ZG�dd��d�Z+G�dd ��d �Z,G�d!d"��d"e,�Z-G�d#d$��d$�Z.G�d%d&��d&ee�Z/G�d'd(��d(ee�Z0G�d)d��de�Z1G�d+d,��d,e�Z2G�d-d.��d.e�Z3G�d/d0��d0e�Z4dS�)1zb Tests for the 'session' channel implementation in twisted.conch.ssh.session. See also RFC 4254. ��N)�skipIf)�implementer)�defer�error�protocol��IPv4Address)�ProcessDone�ProcessTerminated)� components�failure)�Failure)� requireModule)�RegistryUsingMixin)�TestCase�cryptography)�common� connection�sessionc��@��s ��e�Zd�ZddlmZmZmZ�dS�)r��r��)�EnvironmentVariableNotPermitted�ISession�ISessionSetEnvN)�__name__� __module__�__qualname__�twisted.conch.interfacesr��r��r��r��r��A/usr/lib/python3/dist-packages/twisted/conch/test/test_session.pyr��"��s��r��c��@��e�Zd�ZdZdd��ZdS�)�SubsystemOnlyAvatarz^ A stub class representing an avatar that is only useful for getting a subsystem. c��C��s��\|dksJ��t��S�)z� If the other side requests the 'subsystem' subsystem, allow it by returning a MockProtocol to implement it. Otherwise raise an assertion. � ��subsystem)�MockProtocol��self�name�datar��r��r��lookupSubsystem0��s��z#SubsystemOnlyAvatar.lookupSubsystemN�r��r��r��__doc__r&��r��r��r��r��r����r��c��@��r��)� StubAvatarz� A stub class representing the avatar representing the authenticated user. It implements the I{ISession} interface. c��C��s"��\|dkrt��\|�_\|\|�j_\|�jS�dS�)z� If the user requests the TestSubsystem subsystem, connect them to a MockProtocol. If they request neither, then None is returned which is interpreted by SSHSession as a failure. � ��TestSubsystemN)r!�� subsystem� packetDatar"��r��r��r��r&��?��s ��zStubAvatar.lookupSubsystemNr'��r��r��r��r��r��9��r)��r��c��@��sH��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dS�)�StubSessionForStubAvatara2�� A stub ISession implementation for our StubAvatar. The instance variables generally keep track of method invocations so that we can test that the methods were called. @ivar avatar: the L{StubAvatar} we are adapting. @ivar ptyRequest: if present, the terminal, window size, and modes passed to the getPty method. @ivar windowChange: if present, the window size passed to the windowChangned method. @ivar shellProtocol: if present, the L{SSHSessionProcessProtocol} passed to the openShell method. @ivar shellTransport: if present, the L{EchoTransport} connected to shellProtocol. @ivar execProtocol: if present, the L{SSHSessionProcessProtocol} passed to the execCommand method. @ivar execTransport: if present, the L{EchoTransport} connected to execProtocol. @ivar execCommandLine: if present, the command line passed to the execCommand method. @ivar gotEOF: if present, an EOF message was received. @ivar gotClosed: if present, a closed message was received. c��C��s��\|\|�_�d\|�_dS�)z2 Store the avatar we're adapting. N)�avatar� shellProtocol�r#��r/��r��r��r��__init__e�� z!StubSessionForStubAvatar.__init__c��C��s ��\|dkr\|\|\|f\|�_�dS�td��)zw If the terminal is 'bad', fail. Otherwise, store the information in the ptyRequest variable. ��badznot getting a ptyN)� ptyRequest�RuntimeError)r#��terminal�window�modesr��r��r��getPtyl��s��zStubSessionForStubAvatar.getPtyc��C��s��\|dkrt�d��\|\|�_dS�)zw If all the window sizes are 0, fail. Otherwise, store the size in the windowChange variable. �r��r��r��r��znot changing the window sizeN)r6��windowChange)r#��r8��r��r��r�� windowChangedv��s�� z&StubSessionForStubAvatar.windowChangedc��C��s&��\|�j�dur td��\|\|�_�t\|�\|�_dS�)z� If we have gotten a shell request before, fail. Otherwise, store the process protocol in the shellProtocol variable, connect it to the EchoTransport and store that as shellTransport. Nznot getting a shell this time)r0��r6�� EchoTransport�shellTransport)r#��ppr��r��r�� openShell��s�� z"StubSessionForStubAvatar.openShellc��C��sV��\|\|�_�\|dkr\|\|�_dS�\|dd��dkr'\|\|�_t\|�\|�_\|�\|dd��dS�td��)z� If the command is 'true', store the command, the process protocol, and the transport we connect to the process protocol. Otherwise, just store the command and raise an error. ��successN��s��repeat��znot getting a command)�execCommandLine�execProtocolr>�� execTransport�outReceivedr6��)r#��r@��commandr��r��r��execCommand��s�� z$StubSessionForStubAvatar.execCommandc��C�� d\|�_�dS�)z2 Note that EOF has been received. TN)�gotEOF�r#��r��r��r��eofReceived�� z$StubSessionForStubAvatar.eofReceivedc��C��rK��)z4 Note that close has been received. TN)� gotClosedrM��r��r��r��closed��rO��zStubSessionForStubAvatar.closedN)r��r��r��r(��r2��r:��r=��rA��rJ��rN��rQ��r��r��r��r��r.��K��s�� r.��c��s0��e�Zd�ZdZ��fdd�Zdd��Zdd��Z��ZS�)�StubSessionForStubAvatarWithEnva�� Same as StubSessionForStubAvatar, but supporting environment variables setting. End users would want to have the same class annotated with C{@implementer(session.ISession, session.ISessionSetEnv)}. The interfaces are split for backwards compatibility, so we split it here to test this compatibility too. @ivar environ: a L{dict} of environment variables passed to the setEnv method. c��s��t��\|��i�\|�_i�\|�_d�S��N)�superr2��environ�environAtPtyr1�� __class__r��r��r2��s�� z(StubSessionForStubAvatarWithEnv.__init__c��C��s0��\|dkrt�d��\|dkrt�d��\|\|�j\|<�dS�)ak�� If the requested environment variable is 'FAIL', fail. If it is 'IGNORED', raise EnvironmentVariableNotPermitted, which should cause it to be silently ignored. Otherwise, store the requested environment variable. (Real applications should normally implement an allowed list rather than a blocked list.) ��FAILz$disallowed environment variable name��IGNOREDz!ignored environment variable nameN)r6��r��r��rU��)r#��r$��valuer��r��r��setEnv��s�� z&StubSessionForStubAvatarWithEnv.setEnvc��C��s��\|�j��\|�_dS�)zs Just a simple implementation which records the current environment when PTY is requested. N)rU��copyrV��)r#��term� windowSizer9��r��r��r��r:��s��z&StubSessionForStubAvatarWithEnv.getPty)r��r��r��r(��r2��r\��r:�� __classcell__r��r��rW��r��rR��s �� rR��c��@��s(��e�Zd�ZdZdd��Zdd��Zdd��ZdS�) r>��ay�� A transport for a ProcessProtocol which echos data that is sent to it with a Window newline (CR LF) appended to it. If a null byte is in the data, disconnect. When we are asked to disconnect, disconnect the C{ProcessProtocol} with a 0 exit code. @ivar proto: the C{ProcessProtocol} connected to us. @ivar data: a L{bytes} of data written to us. c��C��s ��\|\|�_�d\|�_d\|�_\|�\|��dS�)z� Initialize our instance variables. @param processProtocol: a C{ProcessProtocol} to connect to ourself. F��N)�protorQ��r%��makeConnection)r#��processProtocolr��r��r��r2��s��zEchoTransport.__init__c��C��s>��\|��j�\|7��_�\|�j�\|��\|�j�d��d\|v�r\|��dS�dS�)z� We got some data. Give it back to our C{ProcessProtocol} with a newline attached. Disconnect if there's a null byte. �� N)r%��rb��rH��loseConnection�r#��r%��r��r��r��write��s��zEchoTransport.writec�� C��sN��\|�j�rdS�d\|�_�\|�j��\|�j��\|�j��\|�j�t�t� ddd��dS�)z� If we're asked to disconnect (and we haven't already) shut down the C{ProcessProtocol} with a 0 exit code. N��r��) rQ��rb��inConnectionLost�outConnectionLost�errConnectionLost�processEndedr��r ��r��r ��rM��r��r��r��rg��s�� zEchoTransport.loseConnectionN)r��r��r��r(��r2��ri��rg��r��r��r��r��r>��s �� r>��c��@��s,��e�Zd�ZdZdZdd��Zdd��Zdd��Zd S�) r!��a>�� A sample Protocol which stores the data passed to it. @ivar packetData: a L{bytes} of data to be sent when the connection is made. @ivar data: a L{bytes} of the data passed to us. @ivar open: True if the channel is open. @ivar reason: if not None, the reason the protocol was closed. ra��c��C��s,��d\|�_�d\|�_d\|�_\|�jr\|��\|�j��dS�dS�)zc Set up the instance variables. If we have any packetData, send it along. ra��TN)r%��open�reasonr-��dataReceivedrM��r��r��r��connectionMade��s��zMockProtocol.connectionMadec��C��s"��\|��j�\|7��_�\|�j�\|d��dS�)z� Store the received data and write it back with a tilde appended. The tilde is appended so that the tests can verify that we processed the data. ��~N)r%�� transportri��rh��r��r��r��rq��"��s��zMockProtocol.dataReceivedc��C��s��d\|�_�\|\|�_dS�)z: Close the protocol and store the reason. FN)ro��rp��)r#��rp��r��r��r��connectionLost+��r3��zMockProtocol.connectionLostN)r��r��r��r(��r-��rr��rq��ru��r��r��r��r��r!�� s�� r!��c��@��sL��e�Zd�ZdZddd�Zdd��Zdd��Zd d ��Zddd �Zdd��Z dd��Z dS�)�StubConnectiona�� A stub for twisted.conch.ssh.connection.SSHConnection. Record the data that channels send, and when they try to close the connection. @ivar data: a L{dict} mapping C{SSHChannel}s to a C{list} of L{bytes} of data they sent. @ivar extData: a L{dict} mapping L{SSHChannel}s to a C{list} of L{tuple} of (L{int}, L{bytes}) of extended data they sent. @ivar requests: a L{dict} mapping L{SSHChannel}s to a C{list} of L{tuple} of (L{str}, L{bytes}) of channel requests they made. @ivar eofs: a L{dict} mapping L{SSHChannel}s to C{true} if they have sent an EOF. @ivar closes: a L{dict} mapping L{SSHChannel}s to C{true} if they have sent a close. Nc��C��s(��i�\|�_�i�\|�_i�\|�_i�\|�_i�\|�_\|\|�_dS�)z4 Initialize our instance variables. N)r%��extData�requests�eofs�closesrt��)r#��rt��r��r��r��r2��D��s�� zStubConnection.__init__c��C��dS�)z, Return our logging prefix. �MockConnectionr��rM��r��r��r�� logPrefixO��s��zStubConnection.logPrefixc��C��s��\|�j��\|g��\|��dS�)z' Record the sent data. N)r%�� setdefault�append)r#��channelr%��r��r��r��sendDataU��s��zStubConnection.sendDatac��C��s��\|�j��\|g��\|\|f��dS�)z0 Record the sent extended data. N)rw��r~��r��)r#��r��typer%��r��r��r��sendExtendedData[��zStubConnection.sendExtendedDataFc��C��s,��\|�j��\|g��\|\|\|f��\|rt�d�S�dS�)z2 Record the sent channel request. N)rx��r~��r��r��succeed)r#��r��requestr%�� wantReplyr��r��r��sendRequesta��s�� zStubConnection.sendRequestc��C��d\|�j�\|<�dS�)z& Record the sent EOF. TN)ry��r#��r��r��r��r��sendEOFi��zStubConnection.sendEOFc��C��r��)z( Record the sent close. TN)rz��r��r��r��r�� sendCloseo��r��zStubConnection.sendCloserS��)F)r��r��r��r(��r2��r}��r��r��r��r��r��r��r��r��r��rv��3��s�� rv��c��@��s@��e�Zd�ZdZdZdZdd��Zdd��Zdd ��Zd d��Z dd ��Z dS�)� StubTransportz� A stub transport which records the data written. @ivar buf: the data sent to the transport. @type buf: L{bytes} @ivar close: flags indicating if the transport has been closed. @type close: L{bool} ra��Fc��C��t�ddd�S�)�2 Return an arbitrary L{IAddress}. �TCP� remotehosti�"��r��rM��r��r��r��getPeer��zStubTransport.getPeerc��C��r��)r��r�� localhosti'��r��rM��r��r��r��getHost��r��zStubTransport.getHostc��C��\|��j�\|7��_�dS�)z, Record data in the buffer. N)�bufrh��r��r��r��ri��s��zStubTransport.writec��C��rK��)z6 Note that the connection was closed. TN)�closerM��r��r��r��rg��rO��zStubTransport.loseConnectionc��C��r{��)z0 Pretend to set C{TCP_NODELAY}. Nr��)r#��enabledr��r��r�� setTcpNoDelay��s��zStubTransport.setTcpNoDelayN)r��r��r��r(��r��r��r��r��ri��rg��r��r��r��r��r��r��v��s�� r��c��@��s��e�Zd�ZdZdZdd��ZdS�)�StubTransportWithWriteErrz� A version of StubTransport which records the error data sent to it. @ivar err: the extended data sent to the transport. @type err: L{bytes} ra��c��C��r��)z� Record the extended data in the buffer. This was an old interface that allowed the Transports from ISession.openShell() or ISession.execCommand() to receive extended data from the client. N)�errrh��r��r��r��writeErr��s��z"StubTransportWithWriteErr.writeErrN)r��r��r��r(��r��r��r��r��r��r��r��s��r��c��@��r��)� StubClientz� A stub class representing the client to a SSHSession. @ivar transport: A L{StubTransport} object which keeps track of the data passed to it. c��C��s��t��\|�_d�S�rS��)r��rt��rM��r��r��r��r2��s��zStubClient.__init__N)r��r��r��r(��r2��r��r��r��r��r��s��r��c��@��s��e�Zd�ZdZes dZd;dd�Zd;dd�Zdd ��Zd d��Z dd ��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zdd��Zdd��Zd d!��Zd"d#��Zd$d%��Zd&d'��Zd(d)��Zdd+��Zd,d-��Zd.d/��Zd0d1��Zd2d3��Zd4d5��Zd6d7��Zd8d9��Z d:S�)<�SessionInterfaceTestsz� Tests for the SSHSession class interface. This interface is not ideal, but it is tested in order to maintain backwards compatibility. �cannot run without cryptographyTc��C��s6��t��\|��\|��\|�_\|rt�tttj��\|��\|�_dS�)z� Make an SSHSession object to test. Give the channel some window so that it's allowed to send packets. 500 and 100 are arbitrary values. N) r��setUp� getSSHSessionr��r��registerAdapterrR��r��r��r#��register_adaptersr��r��r��r��s�� zSessionInterfaceTests.setUpc��C��s��t�jddt��t��d�S�)z+ Return a new SSH session. ��d��)�remoteWindow�remoteMaxPacket�connr/��)r�� SSHSessionrv��r��r��r��r��r��r��s��z#SessionInterfaceTests.getSSHSessionc��C��s��\|��\|�jjt��dS�)zj Asserts that self.session.session is an instance of StubSessionForStubOldAvatar. N)�assertIsInstancer��r.��rM��r��r��r��assertSessionIsStubSession��s��z0SessionInterfaceTests.assertSessionIsStubSessionc��C��s6��t�jtd�}\|��\|jd��\|��\|j��\|��\|j��dS�)z� SSHSession initializes its buffer (buf), client, and ISession adapter. The avatar should not need to be adaptable to an ISession immediately. )r/��ra��N)r��r��object�assertEqualr��assertIsNone�client)r#��sr��r��r�� test_init��s��zSessionInterfaceTests.test_initc��C��s:��\|�j��d��t��\|�j�_\|�j��d��\|��\|�j�jjjd��dS�)z� SSHSession.dataReceived() passes data along to a client. If the data comes before there is a client, the data should be discarded. ��1��2N)r��rq��r��r��r��rt��r��rM��r��r��r��test_client_dataReceived��s�� z.SessionInterfaceTests.test_client_dataReceivedc��C��sP��\|�j��tjd��\|�j��dd��t��\|�j�_\|�j��tjd��\|��\|�j�jjjd��dS�)z� SSHSession.extReceived() passed data of type EXTENDED_DATA_STDERR along to the client. If the data comes before there is a client, or if the data is not of type EXTENDED_DATA_STDERR, it is discared. r��r��3N) r��extReceivedr��EXTENDED_DATA_STDERRr��r��r��rt��r��rM��r��r��r��test_client_extReceived��s �� z-SessionInterfaceTests.test_client_extReceivedc��C��s��t��}\|�j_t��\|_\|�j�tjd��dS�)z� SSHSession.extReceived() should handle the case where the transport on the client doesn't have a writeErr method. ��ignoredN)r��r��r��r��rt��r��r��r��r#��r��r��r��r��&test_client_extReceivedWithoutWriteErr��s��z<SessionInterfaceTests.test_client_extReceivedWithoutWriteErrc��C��s6��t��\|�j_\|�j��\|��\|�jjjj��d\|�jjj_dS�)z} SSHSession.closed() should tell the transport connected to the client that the connection was lost. FN)r��r��r��rQ�� assertTruert��r��rM��r��r��r��test_client_closed��s�� z(SessionInterfaceTests.test_client_closedc��C��s0��\|�j��dt�d��}\|��\|��\|��\|�j�j��dS�)zV When a subsystem request fails, SSHSession.client should not be set. r ��s��BadSubsystemN)r��requestReceivedr��NS�assertFalser��r��r#��retr��r��r��$test_badSubsystemDoesNotCreateClient!��s�� z:SessionInterfaceTests.test_badSubsystemDoesNotCreateClientc��C��sR��\|�j��dt�d�d��}\|��\|��\|��\|�j�jtj��\|�� \|�j�jj j\|�j�jj ��dS�)z� When a client requests a subsystem, the SSHSession object should get the subsystem by calling avatar.lookupSubsystem, and attach it as the client. r ��r+��dataN)r��r��r��r��r��r��r��r��ProcessProtocol�assertIsrt��rb��r/��r,��r��r��r��r��test_lookupSubsystem)��s�� zSessionInterfaceTests.test_lookupSubsystemc��C��s��t�jt��t��d�}\|�t�d�d��}\|��\|��\|��\|j ��\|�� \|jj� \|��\|��\|��\|jj� \|��\|��\|��dS�)z� Previously, if one only wanted to implement a subsystem, an ISession adapter wasn't needed because subsystems were looked up using the lookupSubsystem method on the avatar. )r/��r��r ��r��N)r��r��r��rv��request_subsystemr��r��r��assertIsNotNoner��r��r��rz��getrN��rg��rQ��)r#��r��r��r��r��r��'test_lookupSubsystemDoesNotNeedISession8��s�� z=SessionInterfaceTests.test_lookupSubsystemDoesNotNeedISessionc��C��s^��\|�j��dt�d�d��\|��\|�j�jj\|�j��dg��\|�j��d��\|��\|�j�jj\|�j��d�d��dS�) aD�� After having looked up a subsystem, data should be passed along to the client. Additionally, subsystems were passed the entire request packet as data, instead of just the additional data. We check for the additional tidle to verify that the data passed through the client. r ��r+��r��s�� TestSubsystemdata~s ��more data��s ��more data~N)r��r��r��r��r��r��r%��rq��rM��r��r��r��test_lookupSubsystem_dataI��s�� z/SessionInterfaceTests.test_lookupSubsystem_datac��C��s<��\|�j��dt�d�d��\|�j��\|��\|�j�jj\|�j��dS�)zd SSHSession.closeReceived() should sent a close message to the remote side. r ��r+��r��N)r��r��r��r�� closeReceivedr��r��rz��rM��r��r��r��"test_lookupSubsystem_closeReceiveda��s �� z8SessionInterfaceTests.test_lookupSubsystem_closeReceivedc�� C��sB��\|��t�}\|��t\|�ddd�dd��\|D��\|d��t��dS�)zo Assert that the request we just made raised a RuntimeError (and only a RuntimeError). rj��z!Multiple RuntimeErrors raised: %s� c��S��s��g�\|�]}t�\|��qS�r��)�repr)�.0r��r��r��r�� <listcomp>w��s��zISessionInterfaceTests.assertRequestRaisedRuntimeError.<locals>.<listcomp>r��N)�flushLoggedErrorsr6��r��len�join�trap)r#��errorsr��r��r��assertRequestRaisedRuntimeErrorm��s�� z5SessionInterfaceTests.assertRequestRaisedRuntimeErrorc��C��sh��\|�j��dd�}\|��\|��\|��\|��\|�j�jt�j��\|��\|�j�j�j\|�j�j��\|�� \|�j��dd��\|�� dS�)z� When a client requests a shell, the SSHSession object should get the shell by getting an ISession adapter for the avatar, then calling openShell() with a ProcessProtocol to attach. ��shellra��N)r��r��r��r��r��r��SSHSessionProcessProtocolr��r0��r��r��r��r��r��r��test_requestShell{��s�� z'SessionInterfaceTests.test_requestShellc��C��s��\|�j��dd�}\|��\|��\|��\|�j��d��\|��\|�j�j�jjd��\|��\|�j�jj\|�j��ddg��\|��\|�j�j�jj ��\|��\|�j�jj \|�j��dg��dS�)z� When a client executes a shell, it should be able to give pass data back and forth between the local and the remote side. r��ra��s ��some data�re��exit-statuss��FN)r��r��r��r��rq��r��r?��r%��r��rQ��rx��r��r��r��r��test_requestShellWithData��s�� z/SessionInterfaceTests.test_requestShellWithDatac��C��s��\|�j��dt�d��}\|��\|��\|��\|��\|�j�j��\|��\|�j��dt�d��\|�� \|�� \|�j�jt�j��\|��\|�j�j�j \|�j�j��\|��\|�j�j�jd��dS�)z� When a client requests a command, the SSHSession object should get the command by getting an ISession adapter for the avatar, then calling execCommand with a ProcessProtocol to attach and the command line. ��execs��failurerB��N)r��r��r��r��r��r��r��r��r��r��r��r��r��rF��r��rE��r��r��r��r��test_requestExec��s�� z&SessionInterfaceTests.test_requestExecc��C��s��\|�j��dt�d��}\|��\|��\|��\|�j��d��\|��\|�j�j�jj d��\|��\|�j�j j \|�j��g�d��\|�j��\|�j��\|�j�� \|��\|�j�j�jj ��\|��\|�j�j j\|�j��dg��dS�)zo When a client executes a command, it should be able to give pass data back and forth. r��s��repeat hello� ��some data)s��hellor��re��r��N)r��r��r��r��r��r��rq��r��rG��r%��r��rN��r��rQ��rx��r��r��r��r��test_requestExecWithData��s �� z.SessionInterfaceTests.test_requestExecWithDatac�� C��s��\|��\|�jdd��t�tttj��\|��}\|� dt� ddd��}\|��\|��\|��\|jt��\|�� \|��\|� dt� ddd��\|��\|jjddg�f��dS�) a�� When a client requests a PTY, the SSHSession object should make the request by getting an ISession adapter for the avatar, then calling getPty with the terminal type, the window size, and any modes the client gave us. F�r��pty_reqr4��rj��ra��s��goodN)� doCleanupsr��r��r��r.��r��r��r��r��r��packRequest_pty_reqr��r��r��r��r��r5��)r#��test_sessionr��r��r��r��test_requestPty��s$�� z%SessionInterfaceTests.test_requestPtyc�� C��s��\|��\|�j�dt�d�t�d��\|��\|�jjt��\|��\|��\|�j�dt�d�t�d��\|��\|�� g��\|�� \|�j�dt�d�t�d��\|��\|�jjjddi��dS�) a�� When a client requests passing an environment variable, the SSHSession object should make the request by getting an ISessionSetEnv adapter for the avatar, then calling setEnv with the environment variable name and value. ��envrY��r4��rZ��r��NAME��valueN)r��r��r��r��r��r��rR��r��r��r��r��rU��rM��r��r��r��test_setEnv��s"��z!SessionInterfaceTests.test_setEnvc�� C��st��\|��}\|��\|�dt�d�t�d��\|��\|�dt�d�t�d��\|��\|jt��\|��ddd�\|jj ��dS�)zG Multiple setenv requests will share the same session. r��Key1��Value 1��Key2��Value2�r��r��N) r��r��r��r��r��r��r��rR��r��rU��r#��r��r��r��r��test_setEnvSessionShare��s��z-SessionInterfaceTests.test_setEnvSessionSharec��C��s~��\|��}\|�dt�d�t�d��\|�dt�d�t�d��\|�dt�ddd ��\|��\|jt��\|��ddd �\|jj ��dS�)z� Calling another session service after setenv will provide the previous session with the environment variables. r��r��r��r��r��r��termr;��ra��r��N) r��r��r��r��r��r��r��rR��r��rV��r��r��r��r��test_setEnvMultiplexShare��s��z/SessionInterfaceTests.test_setEnvMultiplexSharec�� C��sL��\|��\|�jdd��t�tttj��\|��\|�j� dt �d�t �d��dS�)z� If the avatar does not have an ISessionSetEnv adapter, then a request to pass an environment variable fails gracefully. Fr��r��r��r��N)r��r��r��r��r.��r��r��r��r��r��r��r��rM��r��r��r��%test_setEnvNotProvidingISessionSetEnv)��s��z;SessionInterfaceTests.test_setEnvNotProvidingISessionSetEnvc��C��s^��\|�j��dt��d��}\|��\|��\|��\|��\|��\|�j��dt��d��\|��\|�j�j�jd��dS�)z� When the client requests to change the window size, the SSHSession object should make the request by getting an ISession adapter for the avatar, then calling windowChanged with the new window size. � ��window_changer;��r��N) r��r��packRequest_window_changer��r��r��r��r��r<��r��r��r��r��test_requestWindowChange;��s�� z.SessionInterfaceTests.test_requestWindowChangec��C��0��t��\|�j�j�\|�j�_�\|�j��\|��\|�j�j�j��dS�)z When an EOF is received and an ISession adapter is present, it should be notified of the EOF message. N)r��r��r/��rN��r��rL��rM��r��r��r��test_eofReceivedN�� z&SessionInterfaceTests.test_eofReceivedc��C��s.��\|�j��}\|��\|��\|��\|�j�jj\|�j��dS�)zT When a close is received, the session should send a close message. N)r��r��r��r��r��rz��r��r��r��r��test_closeReceivedW��s�� z(SessionInterfaceTests.test_closeReceivedc��C��r��)z� When a close is received and an ISession adapter is present, it should be notified of the close message. N)r��r��r/��rQ��r��rP��rM��r��r��r��test_closed_��r��z!SessionInterfaceTests.test_closedN)T)!r��r��r��r(��r��skipr��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��s>�� r��c��@��sH��e�Zd�ZdZes dZdd��Zdd��Zdd��Zd d ��Z dd��Z d d��ZdS�)�SessionWithNoAvatarTestsa �� Test for the SSHSession interface. Several of the methods (request_shell, request_exec, request_pty_req, request_env, request_window_change) would create a 'session' instance variable from the avatar if one didn't exist when they were called. r��c��C��s@��t��\|��t�tttj��t��\|�_t��\|�j_ \|�� \|�jj��d�S�rS��)r��r��r��r��r.��r��r��r��r��r/��r��rM��r��r��r��r��t��s�� zSessionWithNoAvatarTests.setUpc��C��s$��\|��tj�\|�jj�d\|�jj��dS�)zB self.session.session should provide I{ISession}. zISession not provided by %rN)r��r��r�� providedByrM��r��r��r��assertSessionProvidesISession}��s�� z6SessionWithNoAvatarTests.assertSessionProvidesISessionc��C��s��\|�j��dd��\|��dS�)ze If an ISession adapter isn't already present, request_shell should get one. r��ra��N)r��r��r��rM��r��r��r��test_requestShellGetsSession��s��z5SessionWithNoAvatarTests.test_requestShellGetsSessionc��C��s ��\|�j��dt�d��\|��dS�)zd If an ISession adapter isn't already present, request_exec should get one. r��rB��N)r��r��r��r��r��rM��r��r��r��test_requestExecGetsSession��s��z4SessionWithNoAvatarTests.test_requestExecGetsSessionc��C��s$��\|�j��dt��ddd��\|��dS�)zg If an ISession adapter isn't already present, request_pty_req should get one. r��r��r;��ra��N)r��r��r��r��rM��r��r��r��test_requestPtyReqGetsSession��s��z6SessionWithNoAvatarTests.test_requestPtyReqGetsSessionc��C��s ��\|�j��dt��d��\|��dS�)zm If an ISession adapter isn't already present, request_window_change should get one. r��)rj��rj��rj��rj��N)r��r��r��r��rM��r��r��r��#test_requestWindowChangeGetsSession��s�� z<SessionWithNoAvatarTests.test_requestWindowChangeGetsSessionN)r��r��r��r(��r��r��r��r��r��r ��r��r��r��r��r��r��r ��i��s�� r ��c��@��s(��e�Zd�ZdZes dZdd��Zdd��ZdS�)� WrappersTestszH A test for the wrapProtocol and wrapProcessProtocol functions. r��c��C��sz��t��}t��\|_\|��t�\|�}\|�d��\|��\|jjd��\|� d��\|� ddg��\|��\|��\|jd��\|j �tj��dS�)z� L{wrapProtocol}, when passed a L{Protocol} should return something that has write(), writeSequence(), loseConnection() methods which call the Protocol's dataReceived() and connectionLost() methods, respectively. s��dataReceivedr��r��r��s��data12N)r!��r��rt��rr��r��wrapProtocolrq��r��r��ri�� writeSequencerg��r%��rp��r��r��ConnectionDone)r#��r��wrappedr��r��r��test_wrapProtocol��s�� zWrappersTests.test_wrapProtocolc�� C��sf��t��}t��\|_t�\|�}\|��\|�d��\|��\|jjd��\|� t �t� ddd��\|j�tj ��dS�)a.�� L{wrapPRocessProtocol}, when passed a L{Protocol} should return something that follows the L{IProcessProtocol} interface, with connectionMade() mapping to connectionMade(), outReceived() mapping to dataReceived() and processEnded() mapping to connectionLost(). r��s��data~r��N)r!��r��rt��r��wrapProcessProtocolrr��rH��r��r��rn��r��r ��r��r ��rp��r��)r#��r��process_protocolr��r��r��!test_wrapProcessProtocol_Protocol��s�� z/WrappersTests.test_wrapProcessProtocol_ProtocolN)r��r��r��r(��r��r��r��r��r��r��r��r��r��s��r��c��@��s@��e�Zd�ZdZes dZdd��Zdd��Zdd��Zd d ��Z dd��Z d S�)�HelpersTestszM Tests for the 4 helper functions: parseRequest_* and packRequest_. r��c��C��sJ��\|��t�t�d�t�ddddd��t�t�ddd ��dd dgf��dS�) a1�� The payload of a pty-req message is:: string terminal uint32 columns uint32 rows uint32 x pixels uint32 y pixels string modes Modes are:: byte mode number uint32 mode value ��xterm�>4Lrj��r��r��r��>BL��rC��r��rj��r��r��)r��rC��N)r��r��parseRequest_pty_reqr��r��struct�packrM��r��r��r��test_parseRequest_pty_req��s�� z&HelpersTests.test_parseRequest_pty_reqc��C��J��t��ddd�}\|��\|t�d�t�ddddd��t�t�d d d��dS�� zG See test_parseRequest_pty_req for the payload format. r��r��s��r��rj��r��r��r��r��r��rC��N�r��r��r��r��r��r ��r!��r#��packedr��r��r��test_packRequest_pty_req_old��s��z)HelpersTests.test_packRequest_pty_req_oldc��C��r#��r$��r%��r&��r��r��r��test_packRequest_pty_req��s��z%HelpersTests.test_packRequest_pty_reqc��C��s$��\|��t�t�ddddd��d��dS�)a�� The payload of a window_change request is:: uint32 columns uint32 rows uint32 x pixels uint32 y pixels parseRequest_window_change() returns (rows, columns, x pixels, y pixels). r��rj��r��r��r��r��N)r��r��parseRequest_window_changer ��r!��rM��r��r��r��test_parseRequest_window_change��s��z,HelpersTests.test_parseRequest_window_changec�� C��s$��\|��t�d�t�ddddd��dS�)zM See test_parseRequest_window_change for the payload format. r��r��rj��r��r��r��N)r��r��r��r ��r!��rM��r��r��r��test_packRequest_window_change$��s��z+HelpersTests.test_packRequest_window_changeN)r��r��r��r(��r��r��r"��r(��r)��r+��r,��r��r��r��r��r��s��r��c��@��s��e�Zd�ZdZes dZdd��Zdd��Zdd��Zd d ��Z dd��Z d d��Zdd��Ze eed��d�dd��Ze eed��d�dd��Zdd��Zdd��Zdd��Zdd��Zdd ��Zd!d"��Zd#d$��Zd%d&��Zd'd(��Ze eed)��d�d+d,��Ze eed)��d�d-d.��Zd/S�)0�SSHSessionProcessProtocolTestsz1 Tests for L{SSHSessionProcessProtocol}. r��c��C��s@��t��\|�_tjt\|�j�ddd�\|�_t�\|�j�\|�_\|�j�\|�j��d�S�)Nr��r��)r��r��r��)r��rt��r��r��rv��r��r@��rc��rM��r��r��r��r��6��s��z$SSHSessionProcessProtocolTests.setUpc��C��s��\|��\|�jjj\|�j��dS�)z8 Assert that C{self.session} is closed. N)r��r��r��rz��rM��r��r��r��assertSessionClosed>��s��z2SSHSessionProcessProtocolTests.assertSessionClosedc��C��s��\|��\|�jjj\|�j�\|��dS�)zO Assert that C{self.session} has sent the C{expectedRequests}. N)r��r��r��rx��)r#��expectedRequestsr��r��r��assertRequestsEqualD��r��z2SSHSessionProcessProtocolTests.assertRequestsEqualc��C��s��\|��\|�jj\|�j��dS�)zy SSHSessionProcessProtocol should set self.session to the session passed to the __init__ method. N)r��r@��r��rM��r��r��r��r��J��s��z(SSHSessionProcessProtocolTests.test_initc��C�� \|��\|�jjj��\|�j��dS�)zu SSHSessionProcessProtocol.getHost() just delegates to its session.conn.transport.getHost(). N)r��r��r��rt��r��r@��rM��r��r��r��test_getHostQ�� z+SSHSessionProcessProtocolTests.test_getHostc��C��r1��)zu SSHSessionProcessProtocol.getPeer() just delegates to its session.conn.transport.getPeer(). N)r��r��r��rt��r��r@��rM��r��r��r��test_getPeerX��r3��z+SSHSessionProcessProtocolTests.test_getPeerc��C��s&��d\|�j�_\|�j��\|��\|�jjd��dS�)z� SSHSessionProcessProtocol.connectionMade() should check if there's a 'buf' attribute on its session and write it to the transport if so. s��bufferN)r��r��r@��rr��r��rt��rM��r��r��r��test_connectionMade_��s�� z2SSHSessionProcessProtocolTests.test_connectionMade�SIGALRMzNot all signals availablec�� C��sF��t�jD�]}d\|�}tt\|�}\|�j�\|�}\|��\|\|d\|\|\|f��qdS�)zi _getSignalName should return the name of a signal when given the signal number. �SIGz%i: %s != %sN)r��SUPPORTED_SIGNALS�getattr�signalr@��_getSignalNamer��)r#�� signalName�signalValue�sshNamer��r��r��test_getSignalNameh��s�� z1SSHSessionProcessProtocolTests.test_getSignalNamec��C��s4��t�jd�t�_d\|�j_\|��\|�j�t�j�dtj��dS�)z� If there are signals in the signal module which aren't in the SSH RFC, we map their name to [signal name]@[platform]. rj��NzSIGTwistedTest@) r:��NSIG�SIGTwistedTestr@��_signalValuesToNamesr��r;��sys�platformrM��r��r��r��!test_getSignalNameWithLocalSignalv��s��z@SSHSessionProcessProtocolTests.test_getSignalNameWithLocalSignalc��C����\|�j��d��\|��\|�jjj\|�j�dg��dS�)zy When data is passed to the outReceived method, it should be sent to the session's write method. � ��test dataN)r@��rH��r��r��r��r%��rM��r��r��r��test_outReceived��z/SSHSessionProcessProtocolTests.test_outReceivedc��C��rF��)z{ When data is passed to the write method, it should be sent to the session channel's write method. rG��N)r@��ri��r��r��r��r%��rM��r��r��r�� test_write��rI��z)SSHSessionProcessProtocolTests.test_writec��C��s.��\|�j��ddg��\|��\|�jjj\|�j�dg��dS�)z� When a sequence is passed to the writeSequence method, it should be joined together and sent to the session channel's write method. s��test r��rG��N)r@��r��r��r��r��r%��rM��r��r��r��test_writeSequence��s��z1SSHSessionProcessProtocolTests.test_writeSequencec��C��s��\|�j��d��\|��\|�jjj\|�j�dg��dS�)z� When data is passed to the errReceived method, it should be sent to the session's writeExtended method. rG��)rj��rG��N)r@��errReceivedr��r��r��rw��rM��r��r��r��test_errReceived��rI��z/SSHSessionProcessProtocolTests.test_errReceivedc��C��D��\|�j��\|��\|�j\|�jjjv��\|�j��\|��\|�jjj\|�j��dS�)zv When outConnectionLost and errConnectionLost are both called, we should send an EOF message. N)r@��rl��r��r��r��ry��rm��r��rM��r��r��r��test_outConnectionLost�� z5SSHSessionProcessProtocolTests.test_outConnectionLostc��C��rN��)zh Make sure reverse ordering of events in test_outConnectionLost also sends EOF. N)r@��rm��r��r��r��ry��rl��r��rM��r��r��r��test_errConnectionLost��rP��z5SSHSessionProcessProtocolTests.test_errConnectionLostc��C��s$��\|�j��\|��\|�jjj\|�j��dS�)zp When loseConnection() is called, it should call loseConnection on the session channel. N)r@��rg��r��r��r��rz��rM��r��r��r��test_loseConnection��s�� z2SSHSessionProcessProtocolTests.test_loseConnectionc��C��s��\|�j��t�td��dS�)zr When connectionLost() is called, it should call loseConnection() on the session channel. r��N)r@��ru��r��r ��r ��rM��r��r��r��test_connectionLost��s��z2SSHSessionProcessProtocolTests.test_connectionLostc��C��s:��\|�j��ttd��\|��dt�dd�dfg��\|��dS�)z� When processEnded is called, if there is an exit code in the reason it should be sent in an exit-status method. The connection should be closed. Nr��z>Ir��F)r@��rn��r ��r ��r0��r ��r!��r.��rM��r��r��r��test_processEndedWithExitCode��s��z<SSHSessionProcessProtocolTests.test_processEndedWithExitCode� WCOREDUMPzcan't run this w/o os.WCOREDUMPc��C��V��\|�j��ttdtjd��\|��dt�d�d�t�d��t�d��dfg��\|�� dS�) z� When processEnded is called, if there is an exit signal in the reason it should be sent in an exit-signal message. The connection should be closed. rj��exit-signal��TERM��ra��FN� r@��rn��r ��r ��r:��SIGTERMr0��r��r��r.��rM��r��r��r��'test_processEndedWithExitSignalCoreDump��s"��zFSSHSessionProcessProtocolTests.test_processEndedWithExitSignalCoreDumpc��C��rV��) z� When processEnded is called, if there is an exit signal in the reason it should be sent in an exit-signal message. If no core was dumped, don't set the core-dump bit. rj��r��rX��rY��rf��ra��FNr[��rM��r��r��r��)test_processEndedWithExitSignalNoCoreDump��s�� zHSSHSessionProcessProtocolTests.test_processEndedWithExitSignalNoCoreDumpN)r��r��r��r(��r��r��r��r.��r0��r��r2��r4��r5��r��hasattrr:��r?��rE��rH��rJ��rK��rM��rO��rQ��rR��rS��rT��osr]��r^��r��r��r��r��r-��.��s8�� r-��c��@��s ��e�Zd�ZdZes dZdd��ZdS�)�SSHSessionClientTestsza SSHSessionClient is an obsolete class used to connect standard IO to an SSHSession. r��c��C��s.��t��}t��\|_\|�d��\|��\|jjd��dS�)zL When data is received, it should be sent to the transport. rG��N)r��SSHSessionClientr��rt��rq��r��r��r��r��r��r��test_dataReceived��s�� z'SSHSessionClientTests.test_dataReceivedN)r��r��r��r(��r��r��rc��r��r��r��r��ra��s ��ra��)5r(��r`��r:��r ��rC��unittestr��zope.interfacer��twisted.internetr��r��r��twisted.internet.addressr��twisted.internet.errorr ��r ��twisted.pythonr��r��twisted.python.failurer ��twisted.python.reflectr��#twisted.python.test.test_componentsr��twisted.trial.unittestr��r��twisted.conch.sshr��r��r��r��r��r��r.��r��rR��r>��Protocolr!��rv��r��r��r��r��r ��r��r��r-��ra��r��r��r��r��<module>��sR��]0/C-��B-V�R��test/loopback.py��0000644��00000001302�15027667726�0007705 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Loopback helper used in test_ssh and test_recvline """ from twisted.protocols import loopback class LoopbackRelay(loopback.LoopbackRelay): clearCall = None def logPrefix(self): return f"LoopbackRelay({self.target.__class__.__name__!r})" def write(self, data): loopback.LoopbackRelay.write(self, data) if self.clearCall is not None: self.clearCall.cancel() from twisted.internet import reactor self.clearCall = reactor.callLater(0, self._clearBuffer) def _clearBuffer(self): self.clearCall = None loopback.LoopbackRelay.clearBuffer(self) ��test/keydata.py��0000644��00000104610�15027667726�0007543 0��ustar�00��# -- test-case-name: twisted.conch.test.test_keys -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. # pylint: disable=I0011,C0103,W9401,W9402 """ Data used by test_keys as well as others. """ from base64 import decodebytes RSAData = { "n": int( "269413617238113438198661010376758399219880277968382122687862697" "296942471209955603071120391975773283844560230371884389952067978" "789684135947515341209478065209455427327369102356204259106807047" "964139525310539133073743116175821417513079706301100600025815509" "786721808719302671068052414466483676821987505720384645561708425" "794379383191274856941628512616355437197560712892001107828247792" "561858327085521991407807015047750218508971611590850575870321007" "991909043252470730134547038841839367764074379439843108550888709" "430958143271417044750314742880542002948053835745429446485015316" "60749404403945254975473896534482849256068133525751" ), "e": 65537, "d": int( "420335724286999695680502438485489819800002417295071059780489811" "840828351636754206234982682752076205397047218449504537476523960" "987613148307573487322720481066677105211155388802079519869249746" "774085882219244493290663802569201213676433159425782937159766786" "329742053214957933941260042101377175565683849732354700525628975" "239000548651346620826136200952740446562751690924335365940810658" "931238410612521441739702170503547025018016868116037053013935451" "477930426013703886193016416453215950072147440344656137718959053" "897268663969428680144841987624962928576808352739627262941675617" "7724661940425316604626522633351193810751757014073" ), "p": int( "152689878451107675391723141129365667732639179427453246378763774" "448531436802867910180261906924087589684175595016060014593521649" "964959248408388984465569934780790357826811592229318702991401054" "226302790395714901636384511513449977061729214247279176398290513" "085108930550446985490864812445551198848562639933888780317" ), "q": int( "176444974592327996338888725079951900172097062203378367409936859" "072670162290963119826394224277287608693818012745872307600855894" "647300295516866118620024751601329775653542084052616260193174546" "400544176890518564317596334518015173606460860373958663673307503" "231977779632583864454001476729233959405710696795574874403" ), "u": int( "936018002388095842969518498561007090965136403384715613439364803" "229386793506402222847415019772053080458257034241832795210460612" "924445085372678524176842007912276654532773301546269997020970818" "155956828553418266110329867222673040098885651348225673298948529" "93885224775891490070400861134282266967852120152546563278" ), } DSAData = { "g": int( "10253261326864117157640690761723586967382334319435778695" "29171533815411392477819921538350732400350395446211982054" "96512489289702949127531056893725702005035043292195216541" "11525058911428414042792836395195432445511200566318251789" "10575695836669396181746841141924498545494149998282951407" "18645344764026044855941864175" ), "p": int( "10292031726231756443208850082191198787792966516790381991" "77502076899763751166291092085666022362525614129374702633" "26262930887668422949051881895212412718444016917144560705" "45675251775747156453237145919794089496168502517202869160" "78674893099371444940800865897607102159386345313384716752" "18590012064772045092956919481" ), "q": 1393384845225358996250882900535419012502712821577, "x": 1220877188542930584999385210465204342686893855021, "y": int( "14604423062661947579790240720337570315008549983452208015" "39426429789435409684914513123700756086453120500041882809" "10283610277194188071619191739512379408443695946763554493" "86398594314468629823767964702559709430618263927529765769" "10270265745700231533660131769648708944711006508965764877" "684264272082256183140297951" ), } ECDatanistp256 = { "x": int( "762825130203920963171185031449647317742997734817505505433829043" "45687059013883" ), "y": int( "815431978646028526322656647694416475343443758943143196810611371" "59310646683104" ), "privateValue": int( "3463874347721034170096400845565569825355565567882605" "9678074967909361042656500" ), "curve": b"ecdsa-sha2-nistp256", } ECDatanistp384 = { "privateValue": int( "280814107134858470598753916394807521398239633534281" "633982576099083357871098966021020900021966162732114" "95718603965098" ), "x": int( "10036914308591746758780165503819213553101287571902957054148542" "504671046744460374996612408381962208627004841444205030" ), "y": int( "17337335659928075994560513699823544906448896792102247714689323" "575406618073069185107088229463828921069465902299522926" ), "curve": b"ecdsa-sha2-nistp384", } ECDatanistp521 = { "x": int( "12944742826257420846659527752683763193401384271391513286022917" "29910013082920512632908350502247952686156279140016049549948975" "670668730618745449113644014505462" ), "y": int( "10784108810271976186737587749436295782985563640368689081052886" "16296815984553198866894145509329328086635278430266482551941240" "591605833440825557820439734509311" ), "privateValue": int( "662751235215460886290293902658128847495347691199214" "706697089140769672273950767961331442265530524063943" "548846724348048614239791498442599782310681891569896" "0565" ), "curve": b"ecdsa-sha2-nistp521", } Ed25519Data = { "a": ( b"\xf1\x16\xd1\x15J\x1e\x15\x0e\x19^\x19F\xb5\xf2D\r\xb2R\xa0\xaek" b"#\x13sE\xfd@\xd9W{\x8b" ), "k": ( b"7/%\xda\x8d\xd4\xa8\x9ax\|a\xf0\x98\x01\xc6\xf4^mg\x05i17Li\r\x05U" b"\xbb\xc9DX" ), } privateECDSA_openssh521 = b"""-----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIAjn0lSVF6QweS4bjOGP9RHwqxUiTastSE0MVuLtFvkxygZqQ712oZ ewMvqKkxthMQgxzSpGtRBcmkL7RqZ94+18qgBwYFK4EEACOhgYkDgYYABAFpX/6B mxxglwD+VpEvw0hcyxVzLxNnMGzxZGF7xmNj8nlF7M+TQctdlR2Xv/J+AgIeVGmB j2p84bkV9jBzrUNJEACsJjttZw8NbUrhxjkLT/3rMNtuwjE4vLja0P7DMTE0EV8X f09ETdku/z/1tOSSrSvRwmUcM9nQUJtHHAZlr5Q0fw== -----END EC PRIVATE KEY-----""" # New format introduced in OpenSSH 6.5 privateECDSA_openssh521_new = b"""-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAArAAAABNlY2RzYS 1zaGEyLW5pc3RwNTIxAAAACG5pc3RwNTIxAAAAhQQBaV/+gZscYJcA/laRL8NIXMsVcy8T ZzBs8WRhe8ZjY/J5RezPk0HLXZUdl7/yfgICHlRpgY9qfOG5FfYwc61DSRAArCY7bWcPDW 1K4cY5C0/96zDbbsIxOLy42tD+wzExNBFfF39PRE3ZLv8/9bTkkq0r0cJlHDPZ0FCbRxwG Za+UNH8AAAEAeRISlnkSEpYAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQ AAAIUEAWlf/oGbHGCXAP5WkS/DSFzLFXMvE2cwbPFkYXvGY2PyeUXsz5NBy12VHZe/8n4C Ah5UaYGPanzhuRX2MHOtQ0kQAKwmO21nDw1tSuHGOQtP/esw227CMTi8uNrQ/sMxMTQRXx d/T0RN2S7/P/W05JKtK9HCZRwz2dBQm0ccBmWvlDR/AAAAQgCOfSVJUXpDB5LhuM4Y/1Ef CrFSJNqy1ITQxW4u0W+THKBmpDvXahl7Ay+oqTG2ExCDHNKka1EFyaQvtGpn3j7XygAAAA ABAg== -----END OPENSSH PRIVATE KEY----- """ publicECDSA_openssh521 = ( b"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACF" b"BAFpX/6BmxxglwD+VpEvw0hcyxVzLxNnMGzxZGF7xmNj8nlF7M+TQctdlR2Xv/J+AgIeVGmB" b"j2p84bkV9jBzrUNJEACsJjttZw8NbUrhxjkLT/3rMNtuwjE4vLja0P7DMTE0EV8Xf09ETdku" b"/z/1tOSSrSvRwmUcM9nQUJtHHAZlr5Q0fw== comment" ) privateECDSA_openssh384 = b"""-----BEGIN EC PRIVATE KEY----- MIGkAgEBBDAtAi7I8j73WCX20qUM5hhHwHuFzYWYYILs2Sh8UZ+awNkARZ/Fu2LU LLl5RtOQpbWgBwYFK4EEACKhZANiAATU17sA9P5FRwSknKcFsjjsk0+E3CeXPYX0 Tk/M0HK3PpWQWgrO8JdRHP9eFE9O/23P8BumwFt7F/AvPlCzVd35VfraFT0o4cCW G0RqpQ+np31aKmeJshkcYALEchnU+tQ= -----END EC PRIVATE KEY-----""" # New format introduced in OpenSSH 6.5 privateECDSA_openssh384_new = b"""-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS 1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQTU17sA9P5FRwSknKcFsjjsk0+E3CeX PYX0Tk/M0HK3PpWQWgrO8JdRHP9eFE9O/23P8BumwFt7F/AvPlCzVd35VfraFT0o4cCWG0 RqpQ+np31aKmeJshkcYALEchnU+tQAAADIiktpWIpLaVgAAAATZWNkc2Etc2hhMi1uaXN0 cDM4NAAAAAhuaXN0cDM4NAAAAGEE1Ne7APT+RUcEpJynBbI47JNPhNwnlz2F9E5PzNBytz 6VkFoKzvCXURz/XhRPTv9tz/AbpsBbexfwLz5Qs1Xd+VX62hU9KOHAlhtEaqUPp6d9Wipn ibIZHGACxHIZ1PrUAAAAMC0CLsjyPvdYJfbSpQzmGEfAe4XNhZhgguzZKHxRn5rA2QBFn8 W7YtQsuXlG05CltQAAAAA= -----END OPENSSH PRIVATE KEY----- """ publicECDSA_openssh384 = ( b"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABh" b"BNTXuwD0/kVHBKScpwWyOOyTT4TcJ5c9hfROT8zQcrc+lZBaCs7wl1Ec/14UT07/bc/wG6bA" b"W3sX8C8+ULNV3flV+toVPSjhwJYbRGqlD6enfVoqZ4myGRxgAsRyGdT61A== comment" ) publicECDSA_openssh = ( b"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABB" b"BKimX1DZ7+Qj0SpfePMbo1pb6yGkAb5l7duC1l855yD7tEfQfqk7bc7v46We1hLMyz6ObUBY" b"gkN/34n42F4vpeA= comment" ) privateECDSA_openssh = b"""-----BEGIN EC PRIVATE KEY----- MHcCAQEEIEyU1YOT2JxxofwbJXIjGftdNcJK55aQdNrhIt2xYQz0oAoGCCqGSM49 AwEHoUQDQgAEqKZfUNnv5CPRKl948xujWlvrIaQBvmXt24LWXznnIPu0R9B+qTtt zu/jpZ7WEszLPo5tQFiCQ3/fifjYXi+l4A== -----END EC PRIVATE KEY-----""" # New format introduced in OpenSSH 6.5 privateECDSA_openssh_new = b"""-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS 1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQSopl9Q2e/kI9EqX3jzG6NaW+shpAG+ Ze3bgtZfOecg+7RH0H6pO23O7+OlntYSzMs+jm1AWIJDf9+J+NheL6XgAAAAmCKU4hcilO IXAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKimX1DZ7+Qj0Spf ePMbo1pb6yGkAb5l7duC1l855yD7tEfQfqk7bc7v46We1hLMyz6ObUBYgkN/34n42F4vpe AAAAAgTJTVg5PYnHGh/BslciMZ+101wkrnlpB02uEi3bFhDPQAAAAA -----END OPENSSH PRIVATE KEY----- """ publicEd25519_openssh = ( b"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPEW0RVKHhUOGV4ZRrXyRA2yUqCuKmsjE3NF" b"/UDZV3uL comment" ) # OpenSSH has only ever supported the "new" (v1) format for Ed25519. privateEd25519_openssh_new = b"""-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW QyNTUxOQAAACDxFtEVSh4VDhleGUa18kQNslKgriprIxNzRf1A2Vd7iwAAAJA61eMLOtXj CwAAAAtzc2gtZWQyNTUxOQAAACDxFtEVSh4VDhleGUa18kQNslKgriprIxNzRf1A2Vd7iw AAAEA3LyXajdSomnh8YfCYAcb0Xm1nBWkxN0xpDQVVu8lEWPEW0RVKHhUOGV4ZRrXyRA2y UqCuKmsjE3NF/UDZV3uLAAAAB2NvbW1lbnQBAgMEBQY= -----END OPENSSH PRIVATE KEY-----""" publicRSA_openssh = ( b"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVaqx4I9bWG+wloVDEd2NQhEUBVUIUKirg" b"0GDu1OmjrUr6OQZehFV1XwA2v2+qKj+DJjfBaS5b/fDz0n3WmM06QHjVyqgYwBGTJAkMgUyP" b"95ztExZqpATpSXfD5FVks3loniwI66zoBC0hdwWnju9TMA2l5bs9auIJNm/9NNN9b0b/h9qp" b"KSeq/631heY+Grh6HUqx6sBa9zDfH8Kk5O8/kUmWQNUZdy03w17snaY6RKXCpCnd1bqcPUWz" b"xiwYZNW6Pd+rf81CrKfxGAugWBViC6QqbkPD5ASfNaNHjkbtM6Vlvbw7KW4CC1ffdOgTtDc1" b"foNfICZgptyti8ZseZj3 comment" ) privateRSA_openssh = b"""-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEA1WqseCPW1hvsJaFQxHdjUIRFAVVCFCoq4NBg7tTpo61K+jkG XoRVdV8ANr9vqio/gyY3wWkuW/3w89J91pjNOkB41cqoGMARkyQJDIFMj/ec7RMW aqQE6Ul3w+RVZLN5aJ4sCOus6AQtIXcFp47vUzANpeW7PWriCTZv/TTTfW9G/4fa qSknqv+t9YXmPhq4eh1KserAWvcw3x/CpOTvP5FJlkDVGXctN8Ne7J2mOkSlwqQp 3dW6nD1Fs8YsGGTVuj3fq3/NQqyn8RgLoFgVYgukKm5Dw+QEnzWjR45G7TOlZb28 OyluAgtX33ToE7Q3NX6DXyAmYKbcrYvGbHmY9wIDAQABAoIBACFMCGaiKNW0+44P chuFCQC58k438BxXS+NRf54jp+Q6mFUb6ot6mB682Lqx+YkSGGCs6MwLTglaQGq6 L5n4syRghLnOaZWa+eL8H1FNJxXbKyet77RprL59EOuGR3BztACHlRU7N/nnFOeA u2geG+bdu3NjuWfmsid/z88wm8KY/dkYNi82LvE9gXqf4QMtR9s0UWI53U/prKiL 2dbzhMQXuXGdBghCeE27xSr0w1jNVSvtvjNfBOp75gQkY/It1z0bbNWcY0MvkoiN Pm7aGDfYDyVniR25RjReyc7Ei+2SWjMHD9+GCPmS6dvrOAg2yc3NCgFIWzk+esrG gKnc1DkCgYEA2XAG2OK81HiRUJTUwRuJOGxGZFpRoJoHPUiPA1HMaxKOfRqxZedx dTngMgV1jRhMr5OxSbFmX3hietEMyuZNQ7Oc9Gt95gyY3M8hYo7VLhLeBK7XJG6D MaIVokQ9IqliJiK5su1UCp0Ig6cHDf8ZGI7Yqx3aSJwxaBGhZm3j2B0CgYEA+0QX i6Q2vh43Haf2YWwExKrdeD4HjB4zAq4DFIeDeuWefQhnqPKqvxJwz3Kpp8cLHYjV IP2cY8pHMFVOi8TP9H8WpJISdKEJwsRunIwz76Xl9+ArrU9cEaoahDdb/Xrqw818 sMjkH1Rjtcev3/QJp/zHJfxc6ZHXksWYHlbTsSMCgYBRr+mSn5QLSoRlPpSzO5IQ tXS4jMnvyQ4BMvovaBKhAyauz1FoFEwmmyikAjMIX+GncJgBNHleUo7Ezza8H0tV rOvBU4TH4WGoStSi/0ANgB8SqVDAKhh1lAwGmxZQqEvsQc177/dLyXUCaMSYuIaI GFpD5wIzlyJkk4MMRSp87QKBgGlmN8ZA3SHFBPOwuD5HlHx2/C3rPzk8lcNDAVHE Qpfz6Bakxu7s1EkQUDgE7jvN19DMzDJpkAegG1qf/jHNHjp+cR4ZlBpOTwzfX1LV 0Rdu7NectlWd244hX7wkiLb8r6vw76QssNyfhrADEriL4t0PwO4jPUpQ/i+4KUZY v7YnAoGAZhb5IDTQVCW8YTGsgvvvnDUefkpVAmiVDQqTvh6/4UD6kKdUcDHpePzg Zrcid5rr3dXSMEbK4tdeQZvPtUg1Uaol3N7bNClIIdvWdPx+5S9T95wJcLnkoHam rXp0IjScTxfLP+Cq5V6lJ94/pX8Ppoj1FdZfNxeS4NYFSRA7kvY= -----END RSA PRIVATE KEY-----""" # Some versions of OpenSSH generate these (slightly different keys): the PKCS#1 # structure is wrapped in an extra ASN.1 SEQUENCE and there's an empty SEQUENCE # following it. It is not any standard key format and was probably a bug in # OpenSSH at some point. privateRSA_openssh_alternate = b"""-----BEGIN RSA PRIVATE KEY----- MIIEqDCCBKICAQACggEBANVqrHgj1tYb7CWhUMR3Y1CERQFVQhQqKuDQYO7U6aOt Svo5Bl6EVXVfADa/b6oqP4MmN8FpLlv98PPSfdaYzTpAeNXKqBjAEZMkCQyBTI/3 nO0TFmqkBOlJd8PkVWSzeWieLAjrrOgELSF3BaeO71MwDaXluz1q4gk2b/00031v Rv+H2qkpJ6r/rfWF5j4auHodSrHqwFr3MN8fwqTk7z+RSZZA1Rl3LTfDXuydpjpE pcKkKd3Vupw9RbPGLBhk1bo936t/zUKsp/EYC6BYFWILpCpuQ8PkBJ81o0eORu0z pWW9vDspbgILV9906BO0NzV+g18gJmCm3K2Lxmx5mPcCAwEAAQKCAQAhTAhmoijV tPuOD3IbhQkAufJON/AcV0vjUX+eI6fkOphVG+qLepgevNi6sfmJEhhgrOjMC04J WkBqui+Z+LMkYIS5zmmVmvni/B9RTScV2ysnre+0aay+fRDrhkdwc7QAh5UVOzf5 5xTngLtoHhvm3btzY7ln5rInf8/PMJvCmP3ZGDYvNi7xPYF6n+EDLUfbNFFiOd1P 6ayoi9nW84TEF7lxnQYIQnhNu8Uq9MNYzVUr7b4zXwTqe+YEJGPyLdc9G2zVnGND L5KIjT5u2hg32A8lZ4kduUY0XsnOxIvtklozBw/fhgj5kunb6zgINsnNzQoBSFs5 PnrKxoCp3NQ5AoGBANlwBtjivNR4kVCU1MEbiThsRmRaUaCaBz1IjwNRzGsSjn0a sWXncXU54DIFdY0YTK+TsUmxZl94YnrRDMrmTUOznPRrfeYMmNzPIWKO1S4S3gSu 1yRugzGiFaJEPSKpYiYiubLtVAqdCIOnBw3/GRiO2Ksd2kicMWgRoWZt49gdAoGB APtEF4ukNr4eNx2n9mFsBMSq3Xg+B4weMwKuAxSHg3rlnn0IZ6jyqr8ScM9yqafH Cx2I1SD9nGPKRzBVTovEz/R/FqSSEnShCcLEbpyMM++l5ffgK61PXBGqGoQ3W/16 6sPNfLDI5B9UY7XHr9/0Caf8xyX8XOmR15LFmB5W07EjAoGAUa/pkp+UC0qEZT6U szuSELV0uIzJ78kOATL6L2gSoQMmrs9RaBRMJpsopAIzCF/hp3CYATR5XlKOxM82 vB9LVazrwVOEx+FhqErUov9ADYAfEqlQwCoYdZQMBpsWUKhL7EHNe+/3S8l1AmjE mLiGiBhaQ+cCM5ciZJODDEUqfO0CgYBpZjfGQN0hxQTzsLg+R5R8dvwt6z85PJXD QwFRxEKX8+gWpMbu7NRJEFA4BO47zdfQzMwyaZAHoBtan/4xzR46fnEeGZQaTk8M 319S1dEXbuzXnLZVnduOIV+8JIi2/K+r8O+kLLDcn4awAxK4i+LdD8DuIz1KUP4v uClGWL+2JwKBgGYW+SA00FQlvGExrIL775w1Hn5KVQJolQ0Kk74ev+FA+pCnVHAx 6Xj84Ga3Inea693V0jBGyuLXXkGbz7VINVGqJdze2zQpSCHb1nT8fuUvU/ecCXC5 5KB2pq16dCI0nE8Xyz/gquVepSfeP6V/D6aI9RXWXzcXkuDWBUkQO5L2MAA= -----END RSA PRIVATE KEY-----""" # New format introduced in OpenSSH 6.5 privateRSA_openssh_new = b"""-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn NhAAAAAwEAAQAAAQEA1WqseCPW1hvsJaFQxHdjUIRFAVVCFCoq4NBg7tTpo61K+jkGXoRV dV8ANr9vqio/gyY3wWkuW/3w89J91pjNOkB41cqoGMARkyQJDIFMj/ec7RMWaqQE6Ul3w+ RVZLN5aJ4sCOus6AQtIXcFp47vUzANpeW7PWriCTZv/TTTfW9G/4faqSknqv+t9YXmPhq4 eh1KserAWvcw3x/CpOTvP5FJlkDVGXctN8Ne7J2mOkSlwqQp3dW6nD1Fs8YsGGTVuj3fq3 /NQqyn8RgLoFgVYgukKm5Dw+QEnzWjR45G7TOlZb28OyluAgtX33ToE7Q3NX6DXyAmYKbc rYvGbHmY9wAAA7gXkBoMF5AaDAAAAAdzc2gtcnNhAAABAQDVaqx4I9bWG+wloVDEd2NQhE UBVUIUKirg0GDu1OmjrUr6OQZehFV1XwA2v2+qKj+DJjfBaS5b/fDz0n3WmM06QHjVyqgY wBGTJAkMgUyP95ztExZqpATpSXfD5FVks3loniwI66zoBC0hdwWnju9TMA2l5bs9auIJNm /9NNN9b0b/h9qpKSeq/631heY+Grh6HUqx6sBa9zDfH8Kk5O8/kUmWQNUZdy03w17snaY6 RKXCpCnd1bqcPUWzxiwYZNW6Pd+rf81CrKfxGAugWBViC6QqbkPD5ASfNaNHjkbtM6Vlvb w7KW4CC1ffdOgTtDc1foNfICZgptyti8ZseZj3AAAAAwEAAQAAAQAhTAhmoijVtPuOD3Ib hQkAufJON/AcV0vjUX+eI6fkOphVG+qLepgevNi6sfmJEhhgrOjMC04JWkBqui+Z+LMkYI S5zmmVmvni/B9RTScV2ysnre+0aay+fRDrhkdwc7QAh5UVOzf55xTngLtoHhvm3btzY7ln 5rInf8/PMJvCmP3ZGDYvNi7xPYF6n+EDLUfbNFFiOd1P6ayoi9nW84TEF7lxnQYIQnhNu8 Uq9MNYzVUr7b4zXwTqe+YEJGPyLdc9G2zVnGNDL5KIjT5u2hg32A8lZ4kduUY0XsnOxIvt klozBw/fhgj5kunb6zgINsnNzQoBSFs5PnrKxoCp3NQ5AAAAgQCFSxt6mxIQN54frV7a/s aW/t81a7k04haXkiYJvb1wIAOnNb0tG6DSB0cr1N6oqAcHG7gEIKcnQTxsOTnpQc7nFx3R TFy8PdImJv5q1v1Icq5G+nvD0xlgRB2lE6eA9WMp1HpdBgcWXfaLPctkOuKEWk2MBi0tnR zrg0x4PXlUzgAAAIEA2XAG2OK81HiRUJTUwRuJOGxGZFpRoJoHPUiPA1HMaxKOfRqxZedx dTngMgV1jRhMr5OxSbFmX3hietEMyuZNQ7Oc9Gt95gyY3M8hYo7VLhLeBK7XJG6DMaIVok Q9IqliJiK5su1UCp0Ig6cHDf8ZGI7Yqx3aSJwxaBGhZm3j2B0AAACBAPtEF4ukNr4eNx2n 9mFsBMSq3Xg+B4weMwKuAxSHg3rlnn0IZ6jyqr8ScM9yqafHCx2I1SD9nGPKRzBVTovEz/ R/FqSSEnShCcLEbpyMM++l5ffgK61PXBGqGoQ3W/166sPNfLDI5B9UY7XHr9/0Caf8xyX8 XOmR15LFmB5W07EjAAAAAAEC -----END OPENSSH PRIVATE KEY----- """ # Encrypted with the passphrase 'encrypted' privateRSA_openssh_encrypted = b"""-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,FFFFFFFFFFFFFFFF p2A1YsHLXkpMVcsEqhh/nCYb5AqL0uMzfEIqc8hpZ/Ub8PtLsypilMkqzYTnZIGS ouyPjU/WgtR4VaDnutPWdgYaKdixSEmGhKghCtXFySZqCTJ4O8NCczsktYjUK3D4 Jtl90zL6O81WBY6xP76PBQo9lrI/heAetATeyqutc18bwQIGU+gKk32qvfo15DfS VYiY0Ds4D7F7fd9pz+f5+UbFUCgU+tfDvBrqodYrUgmH7jKoW/CRDCHHyeEIZDbF mcMwdcKOyw1sRLaPdihRSVx3kOMvIotHKVTkIDMp+0RTNeXzQnp5U2qzsxzTcG/M UyJN38XXkuvq5VMj2zmmjHzx34w3NK3ZxpZcoaFUqUBlNp2C8hkCLrAa/DWobKqN 5xA1ElrQvli9XXkT/RIuy4Gc10bbGEoJjuxNRibtSxxWd5Bd1E40ocOd4l1ebI8+ w69XvMTnsmHvkBEADGF2zfRszKnMelg+W5NER1UDuNT03i+1cuhp+2AZg8z7niTO M17XP3ScGVxrQAEYgtxPrPeIpFJvOx2j5Yt78U9Y2WlaAG6DrubbYv2RsMIibhOG yk139vMdD8FwCey6yMkkhFAJwnBtC22MAWgjmC5c6AF3SRQSjjQXepPsJcLgpOjy YwjhnL8w56x9kVDUNPw9A9Cqgxo2sty34ATnKrh4h59PsP83LOL6OC5WjbASgZRd OIBD8RloQPISo+RUF7X0i4kdaHVNPlR0KyapR+3M5BwhQuvEO99IArDV2LNKGzfc W4ssugm8iyAJlmwmb2yRXIDHXabInWY7XCdGk8J2qPFbDTvnPbiagJBimjVjgpWw tV3sVlJYqmOqmCDP78J6he04l0vaHtiOWTDEmNCrK7oFMXIIp3XWjOZGPSOJFdPs 6Go3YB+EGWfOQxqkFM28gcqmYfVPF2sa1FbZLz0ffO11Ma/rliZxZu7WdrAXe/tc BgIQ8etp2PwAK4jCwwVwjIO8FzqQGpS23Y9NY3rfi97ckgYXKESFtXPsMMA+drZd ThbXvccfh4EPmaqQXKf4WghHiVJ+/yuY1kUIDEl/O0jRZWT7STgBim/Aha1m6qRs zl1H7hkDbU4solb1GM5oPzbgGTzyBc+z0XxM9iFRM+fMzPB8+yYHTr4kPbVmKBjy SCovjQQVsHE4YeUGTq6k/NF5cVIRKTW/RlHvzxsky1Zj31MC736jrxGw4KG7VSLZ fP6F5jj+mXwS7m0v5to42JBZmRJdKUD88QaGE3ncyQ4yleW5bn9Lf9SuzQg1Dhao 3rSA1RuexsHlIAHvGxx/17X+pyygl8DJbt6TBfbLQk9wc707DJTfh5M/bnk9wwIX l/Hsa1WtylAMW/2MzgiVy83MbYz4+Ss6GQ5W66okWji+NxrnrYEy6q+WgVQanp7X D+D7oKykqE1Cdvvulvtfl5fh8wlAs8mrUnKPBBUru348u++2lfacLkxRXyT1ooqY uSNE5nlwFt08N2Ou/bl7yq6QNRMYrRkn+UEfHWCNYDoGMHln2/i6Z1RapQzNarik tJf7radBz5nBwBjP08YAEACNSQvpsUgdqiuYjLwX7efFXQva2RzqaQ== -----END RSA PRIVATE KEY-----""" # Encrypted with the passphrase 'encrypted', and using the new format # introduced in OpenSSH 6.5 privateRSA_openssh_encrypted_new = b"""-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD0f9WAof DTbmwztb8pdrSeAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDVaqx4I9bW G+wloVDEd2NQhEUBVUIUKirg0GDu1OmjrUr6OQZehFV1XwA2v2+qKj+DJjfBaS5b/fDz0n 3WmM06QHjVyqgYwBGTJAkMgUyP95ztExZqpATpSXfD5FVks3loniwI66zoBC0hdwWnju9T MA2l5bs9auIJNm/9NNN9b0b/h9qpKSeq/631heY+Grh6HUqx6sBa9zDfH8Kk5O8/kUmWQN UZdy03w17snaY6RKXCpCnd1bqcPUWzxiwYZNW6Pd+rf81CrKfxGAugWBViC6QqbkPD5ASf NaNHjkbtM6Vlvbw7KW4CC1ffdOgTtDc1foNfICZgptyti8ZseZj3AAADwPQaac8s1xX3af hQTQexj0vEAWDQsLYzDHN9G7W+UP5WHUu7igeu2GqAC/TOnjUXDP73I+EN3n7T3JFeDRfs U1Z6Zqb0NKHSRVYwDIdIi8qVohFv85g6+xQ01OpaoOzz+vI34OUvCRHQGTgR6L9fQShZyC McopYMYfbIse6KcqkfxX3KSdG1Pao6Njx/ShFRbgvmALpR/z0EaGCzHCDxpfUyAdnxm621 Jzaf+LverWdN7sfrfMptaS9//9iJb70sL67K+YIB64qhDnA/w9UOQfXGQFL+AEtdM0BPv8 thP1bs7T0yucBl+ZXdrDKVLZfaS3S/w85Jlgfu+a1DG73pOBOuag435iEJ9EnspjXiiydx GrfSRk2C+/c4fBDZVGFscK5bfQuUUZyU1qOagekxX7WLHFKk9xajnud+nrAN070SeNwlX8 FZ2CI4KGlQfDvVUpKanYn8Kkj3fZ+YBGyx4M+19clF65FKSM0x1Rrh5tAmNT/SNDbSc28m ASxrBhztzxUFTrIn3tp+uqkJniFLmFsUtiAUmj8fNyE9blykU7dqq+CqpLA872nQ9bOHHA JsS1oBYmQ0n6AJz8WrYMdcepqWVld6Q8QSD1zdrY/sAWUovuBA1s4oIEXZhpXSS4ZJiMfh PVktKBwj5bmoG/mmwYLbo0JHntK8N3TGTzTGLq5TpSBBdVvWSWo7tnfEkrFObmhi1uJSrQ 3zfPVP6BguboxBv+oxhaUBK8UOANe6ZwM4vfiu+QN+sZqWymHIfAktz7eWzwlToe4cKpdG Uv+e3/7Lo2dyMl3nke5HsSUrlsMGPREuGkBih8+o85ii6D+cuCiVtus3f5c78Cir80zLIr Z0wWvEAjciEvml00DWaA+JIaOrWwvXySaOzFGpCqC9SQjao379bvn9P3b7kVZsy6zBfHqm bNEJUOuhBZaY8Okz36chh1xqh4sz7m3nsZ3GYGcvM+3mvRY72QnqsQEG0Sp1XYIn2bHa29 tqp7CG9X8J6dqMcPeoPRDWIX9gw7EPl/M0LP6xgewGJ9bgxwle6Mnr9kNITIswjAJqrLec zx7dfixjAPc42ADqrw/tEdFQcSqxigcfJNKO1LbDBjh+Hk/cSBou2PoxbIcl0qfQfbGcqI Dbpd695IEuiW9pYR22txNoIi+7cbMsuFHxQ/OqbrX/jCsprGNNJLAjgGsVEI1JnHWDH0db 3UbqbOHAeY3ufoYXNY1utVOIACpW3r9wBw3FjRi04d70VcKr16OXvOAHGN2G++Y+kMya84 Hl/Kt/gA== -----END OPENSSH PRIVATE KEY----- """ # Encrypted with the passphrase 'testxp'. NB: this key was generated by # OpenSSH, so it doesn't use the same key data as the other keys here. privateRSA_openssh_encrypted_aes = b"""-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,0673309A6ACCAB4B77DEE1C1E536AC26 4Ed/a9OgJWHJsne7yOGWeWMzHYKsxuP9w1v0aYcp+puS75wvhHLiUnNwxz0KDi6n T3YkKLBsoCWS68ApR2J9yeQ6R+EyS+UQDrO9nwqo3DB5BT3Ggt8S1wE7vjNLQD0H g/SJnlqwsECNhh8aAx+Ag0m3ZKOZiRD5mCkcDQsZET7URSmFytDKOjhFn3u6ZFVB sXrfpYc6TJtOQlHd/52JB6aAbjt6afSv955Z7enIi+5yEJ5y7oYQTaE5zrFMP7N5 9LbfJFlKXxEddy/DErRLxEjmC+t4svHesoJKc2jjjyNPiOoGGF3kJXea62vsjdNV gMK5Eged3TBVIk2dv8rtJUvyFeCUtjQ1UJZIebScRR47KrbsIpCmU8I4/uHWm5hW 0mOwvdx1L/mqx/BHqVU9Dw2COhOdLbFxlFI92chkovkmNk4P48ziyVnpm7ME22sE vfCMsyirdqB1mrL4CSM7FXONv+CgfBfeYVkYW8RfJac9U1L/O+JNn7yee414O/rS hRYw4UdWnH6Gg6niklVKWNY0ZwUZC8zgm2iqy8YCYuneS37jC+OEKP+/s6HSKuqk 2bzcl3/TcZXNSM815hnFRpz0anuyAsvwPNRyvxG2/DacJHL1f6luV4B0o6W410yf qXQx01DLo7nuyhJqoH3UGCyyXB+/QUs0mbG2PAEn3f5dVs31JMdbt+PrxURXXjKk 4cexpUcIpqqlfpIRe3RD0sDVbH4OXsGhi2kiTfPZu7mgyFxKopRbn1KwU1qKinfY EU9O4PoTak/tPT+5jFNhaP+HrURoi/pU8EAUNSktl7xAkHYwkN/9Cm7DeBghgf3n 8+tyCGYDsB5utPD0/Xe9yx0Qhc/kMm4xIyQDyA937dk3mUvLC9vulnAP8I+Izim0 fZ182+D1bWwykoD0997mUHG/AUChWR01V1OLwRyPv2wUtiS8VNG76Y2aqKlgqP1P V+IvIEqR4ERvSBVFzXNF8Y6j/sVxo8+aZw+d0L1Ns/R55deErGg3B8i/2EqGd3r+ 0jps9BqFHHWW87n3VyEB3jWCMj8Vi2EJIfa/7pSaViFIQn8LiBLf+zxG5LTOToK5 xkN42fReDcqi3UNfKNGnv4dsplyTR2hyx65lsj4bRKDGLKOuB1y7iB0AGb0LtcAI dcsVlcCeUquDXtqKvRnwfIMg+ZunyjqHBhj3qgRgbXbT6zjaSdNnih569aTg0Vup VykzZ7+n/KVcGLmvX0NesdoI7TKbq4TnEIOynuG5Sf+2GpARO5bjcWKSZeN/Ybgk gccf8Cqf6XWqiwlWd0B7BR3SymeHIaSymC45wmbgdstrbk7Ppa2Tp9AZku8M2Y7c 8mY9b+onK075/ypiwBm4L4GRNTFLnoNQJXx0OSl4FNRWsn6ztbD+jZhu8Seu10Jw SEJVJ+gmTKdRLYORJKyqhDet6g7kAxs4EoJ25WsOnX5nNr00rit+NkMPA7xbJT+7 CfI51GQLw7pUPeO2WNt6yZO/YkzZrqvTj5FEwybkUyBv7L0gkqu9wjfDdUw0fVHE xEm4DxjEoaIp8dW/JOzXQ2EF+WaSOgdYsw3Ac+rnnjnNptCdOEDGP6QBkt+oXj4P -----END RSA PRIVATE KEY-----""" publicRSA_lsh = ( b"{KDEwOnB1YmxpYy1rZXkoMTQ6cnNhLXBrY3MxLXNoYTEoMTpuMjU3OgDVaqx4I9bWG+wloVD" b"Ed2NQhEUBVUIUKirg0GDu1OmjrUr6OQZehFV1XwA2v2+qKj+DJjfBaS5b/fDz0n3WmM06QHj" b"VyqgYwBGTJAkMgUyP95ztExZqpATpSXfD5FVks3loniwI66zoBC0hdwWnju9TMA2l5bs9auI" b"JNm/9NNN9b0b/h9qpKSeq/631heY+Grh6HUqx6sBa9zDfH8Kk5O8/kUmWQNUZdy03w17snaY" b"6RKXCpCnd1bqcPUWzxiwYZNW6Pd+rf81CrKfxGAugWBViC6QqbkPD5ASfNaNHjkbtM6Vlvbw" b"7KW4CC1ffdOgTtDc1foNfICZgptyti8ZseZj3KSgxOmUzOgEAASkpKQ==}" ) privateRSA_lsh = ( b"(11:private-key(9:rsa-pkcs1(1:n257:\x00\xd5j\xacx#\xd6\xd6\x1b\xec%\xa1P" b"\xc4wcP\x84E\x01UB\x14\xe0\xd0`\xee\xd4\xe9\xa3\xadJ\xfa9\x06^\x84Uu_" b"\x006\xbfo\xaa?\x83&7\xc1i.[\xfd\xf0\xf3\xd2}\xd6\x98\xcd:@x\xd5\xca" b"\xa8\x18\xc0\x11\x93$\t\x0c\x81L\x8f\xf7\x9c\xed\x13\x16j\xa4\x04\xe9Iw" b"\xc3\xe4Ud\xb3yh\x9e,\x08\xeb\xac\xe8\x04-!w\x05\xa7\x8e\xefS0\r\xa5\xe5" b"\xbb=j\xe2\t6o\xfd4\xd3}oF\xff\x87\xda\xa9)'\xaa\xff\xad\xf5\x85\xe6>" b"\x1a\xb8z\x1dJ\xb1\xea\xc0Z\xf70\xdf\x1f\xc2\xa4\xe4\xef?\x91I\x96@\xd5" b"\x19w-7\xc3^\xec\x9d\xa6:D\xa5\xc2\xa4)\xdd\xd5\xba\x9c=E\xb3\xc6,\x18d" b"\xd5\xba=\xdf\xab\x7f\xcdB\xac\xa7\xf1\x18\x0b\xa0X\x15b\x0b\xa4nC\xc3" b"\xe4\x04\x9f5\xa3G\x8eF\xed3\xa5e\xbd\xbc;)n\x02\x0bW\xdft\xe8\x13\xb475" b"~\x83_ &`\xa6\xdc\xad\x8b\xc6ly\x98\xf7)(1:e3:\x01\x00\x01)(1:d256:!L" b"\x08f\xa2(\xd5\xb4\xfb\x8e\x0fr\x1b\x85\t\x00\xb9\xf2N7\xf0\x1cWK\xe3Q" b"\x7f\x9e#\xa7\xe4:\x98U\x1b\xea\x8bz\x98\x1e\xbc\xd8\xba\xb1\xf9\x89\x12" b"\x18`\xac\xe8\xcc\x0bN\tZ@j\xba/\x99\xf8\xb3$`\x84\xb9\xcei\x95\x9a\xf9" b"\xe2\xfc\x1fQM'\x15\xdb+'\xad\xef\xb4i\xac\xbe}\x10\xeb\x86Gps\xb4\x00" b"\x87\x95\x15;7\xf9\xe7\x14\xe7\x80\xbbh\x1e\x1b\xe6\xdd\xbbsc\xb9g\xe6" b"\xb2'\x7f\xcf\xcf0\x9b\xc2\x98\xfd\xd9\x186/6.\xf1=\x81z\x9f\xe1\x03-G" b"\xdb4Qb9\xddO\xe9\xac\xa8\x8b\xd9\xd6\xf3\x84\xc4\x17\xb9q\x9d\x06\x08Bx" b"M\xbb\xc5\xf4\xc3X\xcdU+\xed\xbe3_\x04\xea{\xe6\x04$c\xf2-\xd7=\x1bl" b"\xd5\x9ccC/\x92\x88\x8d>n\xda\x187\xd8\x0f%g\x89\x1d\xb9F4^\xc9\xce\xc4" b"\x8b\xed\x92Z3\x07\x0f\xdf\x86\x08\xf9\x92\xe9\xdb\xeb8\x086\xc9\xcd\xcd" b"\n\x01H[9>z\xca\xc6\x80\xa9\xdc\xd49)(1:p129:\x00\xfbD\x17\x8b\xa46\xbe" b"\x1e7\x1d\xa7\xf6al\x04\xc4\xaa\xddx>\x07\x8c\x1e3\x02\xae\x03\x14\x87" b"\x83z\xe5\x9e}\x08g\xa8\xf2\xaa\xbf\x12p\xcfr\xa9\xa7\xc7\x0b\x1d\x88" b"\xd5 \xfd\x9cc\xcaG0UN\x8b\xc4\xcf\xf4\x7f\x16\xa4\x92\x12t\xa1\t\xc2" b"\xc4n\x9c\x8c3\xef\xa5\xe5\xf7\xe0+\xadO\\\x11\xaa\x1a\x847[\xfdz\xea" b"\xc3\xcd\|\xb0\xc8\xe4\x1fTc\xb5\xc7\xaf\xdf\xf4\t\xa7\xfc\xc7%\xfc\\\xe9" b"\x91\xd7\x92\xc5\x98\x1eV\xd3\xb1#)(1:q129:\x00\xd9p\x06\xd8\xe2\xbc\xd4" b"x\x91P\x94\xd4\xc1\x1b\x898lFdZQ\xa0\x9a\x07=H\x8f\x03Q\xcck\x12\x8e}" b"\x1a\xb1e\xe7qu9\xe02\x05u\x8d\x18L\xaf\x93\xb1I\xb1f_xbz\xd1\x0c\xca" b"\xe6MC\xb3\x9c\xf4k}\xe6\x0c\x98\xdc\xcf!b\x8e\xd5.\x12\xde\x04\xae\xd7$" b'n\x831\xa2\x15\xa2D="\xa9b&"\xb9\xb2\xedT\n\x9d\x08\x83\xa7\x07\r\xff' b"\x19\x18\x8e\xd8\xab\x1d\xdaH\x9c1h\x11\xa1fm\xe3\xd8\x1d)(1:a128:if7" b"\xc6@\xdd!\xc5\x04\xf3\xb0\xb8>G\x94\|v\xfc-\xeb?9<\x95\xc3C\x01Q\xc4B" b"\x97\xf3\xe8\x16\xa4\xc6\xee\xec\xd4I\x10P8\x04\xee;\xcd\xd7\xd0\xcc\xcc" b"2i\x90\x07\xa0\x1bZ\x9f\xfe1\xcd\x1e:~q\x1e\x19\x94\x1aNO\x0c\xdf_R\xd5" b"\xd1\x17n\xec\xd7\x9c\xb6U\x9d\xdb\x8e!_\xbc$\x88\xb6\xfc\xaf\xab\xf0" b"\xef\xa4,\xb0\xdc\x9f\x86\xb0\x03\x12\xb8\x8b\xe2\xdd\x0f\xc0\xee#=JP" b"\xfe/\xb8)FX\xbf\xb6')(1:b128:Q\xaf\xe9\x92\x9f\x94\x0bJ\x84e>\x94\xb3;" b"\x92\x10\xb5t\xb8\x8c\xc9\xef\xc9\x0e\x012\xfa/h\x12\xa1\x03&\xae\xcfQh" b"\x14L&\x9b(\xa4\x023\x08_\xe1\xa7p\x98\x014y^R\x8e\xc4\xcf6\xbc\x1fKU" b"\xac\xeb\xc1S\x84\xc7\xe1a\xa8J\xd4\xa2\xff@\r\x80\x1f\x12\xa9P\xc0\x18" b"u\x94\x0c\x06\x9b\x16P\xa8K\xecA\xcd{\xef\xf7K\xc9u\x02h\xc4\x98\xb8\x86" b'\x88\x18ZC\xe7\x023\x97"d\x93\x83\x0cE\|\xed)(1:c128:f\x16\xf9 4\xd0T%' b"\xbca1\xac\x82\xfb\xef\x9c5\x1e~JU\x02h\x95\r\n\x93\xbe\x1e\xbf\xe1@\xfa" b'\x90\xa7Tp1\xe9x\xfc\xe0f\xb7"w\x9a\xeb\xdd\xd5\xd20F\xca\xe2\xd7^A\x9b' b"\xcf\xb5H5Q\xaa%\xdc\xde\xdb4)H!\xdb\xd6t\xfc~\xe5/S\xf7\x9c\tp\xb9\xe4" b"\xa0v\xa6\xadzt\"4\x9cO\x17\xcb?\xe0\xaa\xe5^\xa5'\xde?\xa5\x7f\x0f\xa6" b"\x88\xf5\x15\xd6_7\x17\x92\xe0\xd6\x05I\x10;\x92\xf6)))" ) privateRSA_agentv3 = ( b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00\x03\x01\x00\x01\x00\x00\x01\x00!L" b"\x08f\xa2(\xd5\xb4\xfb\x8e\x0fr\x1b\x85\t\x00\xb9\xf2N7\xf0\x1cWK\xe3Q" b"\x7f\x9e#\xa7\xe4:\x98U\x1b\xea\x8bz\x98\x1e\xbc\xd8\xba\xb1\xf9\x89\x12" b"\x18`\xac\xe8\xcc\x0bN\tZ@j\xba/\x99\xf8\xb3$`\x84\xb9\xcei\x95\x9a\xf9" b"\xe2\xfc\x1fQM'\x15\xdb+'\xad\xef\xb4i\xac\xbe}\x10\xeb\x86Gps\xb4\x00" b"\x87\x95\x15;7\xf9\xe7\x14\xe7\x80\xbbh\x1e\x1b\xe6\xdd\xbbsc\xb9g\xe6" b"\xb2'\x7f\xcf\xcf0\x9b\xc2\x98\xfd\xd9\x186/6.\xf1=\x81z\x9f\xe1\x03-G" b"\xdb4Qb9\xddO\xe9\xac\xa8\x8b\xd9\xd6\xf3\x84\xc4\x17\xb9q\x9d\x06\x08Bx" b"M\xbb\xc5\xf4\xc3X\xcdU+\xed\xbe3_\x04\xea{\xe6\x04$c\xf2-\xd7=\x1bl" b"\xd5\x9ccC/\x92\x88\x8d>n\xda\x187\xd8\x0f%g\x89\x1d\xb9F4^\xc9\xce\xc4" b"\x8b\xed\x92Z3\x07\x0f\xdf\x86\x08\xf9\x92\xe9\xdb\xeb8\x086\xc9\xcd\xcd" b"\n\x01H[9>z\xca\xc6\x80\xa9\xdc\xd49\x00\x00\x01\x01\x00\xd5j\xacx#\xd6" b"\xd6\x1b\xec%\xa1P\xc4wcP\x84E\x01UB\x14\xe0\xd0`\xee\xd4\xe9\xa3\xadJ" b"\xfa9\x06^\x84Uu_\x006\xbfo\xaa?\x83&7\xc1i.[\xfd\xf0\xf3\xd2}\xd6\x98" b"\xcd:@x\xd5\xca\xa8\x18\xc0\x11\x93$\t\x0c\x81L\x8f\xf7\x9c\xed\x13\x16j" b"\xa4\x04\xe9Iw\xc3\xe4Ud\xb3yh\x9e,\x08\xeb\xac\xe8\x04-!w\x05\xa7\x8e" b"\xefS0\r\xa5\xe5\xbb=j\xe2\t6o\xfd4\xd3}oF\xff\x87\xda\xa9)'\xaa\xff\xad" b"\xf5\x85\xe6>\x1a\xb8z\x1dJ\xb1\xea\xc0Z\xf70\xdf\x1f\xc2\xa4\xe4\xef?" b"\x91I\x96@\xd5\x19w-7\xc3^\xec\x9d\xa6:D\xa5\xc2\xa4)\xdd\xd5\xba\x9c=E" b"\xb3\xc6,\x18d\xd5\xba=\xdf\xab\x7f\xcdB\xac\xa7\xf1\x18\x0b\xa0X\x15b" b"\x0b\xa4nC\xc3\xe4\x04\x9f5\xa3G\x8eF\xed3\xa5e\xbd\xbc;)n\x02\x0bW\xdf" b"t\xe8\x13\xb475~\x83_ &`\xa6\xdc\xad\x8b\xc6ly\x98\xf7\x00\x00\x00\x81" b"\x00\x85K\x1bz\x9b\x12\x107\x9e\x1f\xad^\xda\xfe\xc6\x96\xfe\xdf5k\xb94" b"\xe2\x16\x97\x92&\t\xbd\xbdp \x03\xa75\xbd-\x1b\xa0\xd2\x07G+\xd4\xde" b"\xa8\xa8\x07\x07\x1b\xb8\x04 \xa7'A<l99\xe9A\xce\xe7\x17\x1d\xd1L\\\xbc=" b"\xd2&&\xfej\xd6\xfdHr\xaeF\xfa{\xc3\xd3\x19`D\x1d\xa5\x13\xa7\x80\xf5c)" b"\xd4z]\x06\x07\x16]\xf6\x8b=\xcbd:\xe2\x84ZM\x8c\x06--\x9d\x1c\xeb\x83Lx" b"=yT\xce\x00\x00\x00\x81\x00\xd9p\x06\xd8\xe2\xbc\xd4x\x91P\x94\xd4\xc1" b"\x1b\x898lFdZQ\xa0\x9a\x07=H\x8f\x03Q\xcck\x12\x8e}\x1a\xb1e\xe7qu9\xe02" b"\x05u\x8d\x18L\xaf\x93\xb1I\xb1f_xbz\xd1\x0c\xca\xe6MC\xb3\x9c\xf4k}\xe6" b'\x0c\x98\xdc\xcf!b\x8e\xd5.\x12\xde\x04\xae\xd7$n\x831\xa2\x15\xa2D="' b'\xa9b&"\xb9\xb2\xedT\n\x9d\x08\x83\xa7\x07\r\xff\x19\x18\x8e\xd8\xab' b"\x1d\xdaH\x9c1h\x11\xa1fm\xe3\xd8\x1d\x00\x00\x00\x81\x00\xfbD\x17\x8b" b"\xa46\xbe\x1e7\x1d\xa7\xf6al\x04\xc4\xaa\xddx>\x07\x8c\x1e3\x02\xae\x03" b"\x14\x87\x83z\xe5\x9e}\x08g\xa8\xf2\xaa\xbf\x12p\xcfr\xa9\xa7\xc7\x0b" b"\x1d\x88\xd5 \xfd\x9cc\xcaG0UN\x8b\xc4\xcf\xf4\x7f\x16\xa4\x92\x12t\xa1" b"\t\xc2\xc4n\x9c\x8c3\xef\xa5\xe5\xf7\xe0+\xadO\\\x11\xaa\x1a\x847[\xfdz" b"\xea\xc3\xcd\|\xb0\xc8\xe4\x1fTc\xb5\xc7\xaf\xdf\xf4\t\xa7\xfc\xc7%\xfc\\" b"\xe9\x91\xd7\x92\xc5\x98\x1eV\xd3\xb1#" ) publicDSA_openssh = b"""\ ssh-dss AAAAB3NzaC1kc3MAAACBAJKQOsVERVDQIpANHH+JAAylo9\ LvFYmFFVMIuHFGlZpIL7sh3IMkqy+cssINM/lnHD3fmsAyLlUXZtt6PD9LgZRazsPOgptuH+Gu48G\ +yFuE8l0fVVUivos/MmYVJ66qT99htcZKatrTWZnpVW7gFABoqw+he2LZ0gkeU0+Sx9a5AAAAFQD0\ EYmTNaFJ8CS0+vFSF4nYcyEnSQAAAIEAkgLjxHJAE7qFWdTqf7EZngu7jAGmdB9k3YzMHe1ldMxEB\ 7zNw5aOnxjhoYLtiHeoEcOk2XOyvnE+VfhIWwWAdOiKRTEZlmizkvhGbq0DCe2EPMXirjqWACI5nD\ ioQX1oEMonR8N3AEO5v9SfBqS2Q9R6OBr6lf04RvwpHZ0UGu8AAACAAhRpxGMIWEyaEh8YnjiazQT\ NEpklRZqeBGo1gotJggNmVaIQNIClGlLyCi359efEUuQcZ9SXxM59P+hecc/GU/GHakW5YWE4dP2G\ gdgMQWC7S6WFIXePGGXqNQDdWxlX8umhenvQqa1PnKrFRhDrJw8Z7GjdHxflsxCEmXPoLN8= \ comment\ """ privateDSA_openssh = b"""\ -----BEGIN DSA PRIVATE KEY----- MIIBvAIBAAKBgQCSkDrFREVQ0CKQDRx/iQAMpaPS7xWJhRVTCLhxRpWaSC+7IdyD JKsvnLLCDTP5Zxw935rAMi5VF2bbejw/S4GUWs7DzoKbbh/hruPBvshbhPJdH1VV Ir6LPzJmFSeuqk/fYbXGSmra01mZ6VVu4BQAaKsPoXti2dIJHlNPksfWuQIVAPQR iZM1oUnwJLT68VIXidhzISdJAoGBAJIC48RyQBO6hVnU6n+xGZ4Lu4wBpnQfZN2M zB3tZXTMRAe8zcOWjp8Y4aGC7Yh3qBHDpNlzsr5xPlX4SFsFgHToikUxGZZos5L4 Rm6tAwnthDzF4q46lgAiOZw4qEF9aBDKJ0fDdwBDub/UnwaktkPUejga+pX9OEb8 KR2dFBrvAoGAAhRpxGMIWEyaEh8YnjiazQTNEpklRZqeBGo1gotJggNmVaIQNICl GlLyCi359efEUuQcZ9SXxM59P+hecc/GU/GHakW5YWE4dP2GgdgMQWC7S6WFIXeP GGXqNQDdWxlX8umhenvQqa1PnKrFRhDrJw8Z7GjdHxflsxCEmXPoLN8CFQDV2gbL czUdxCus0pfEP1bddaXRLQ== -----END DSA PRIVATE KEY-----\ """ privateDSA_openssh_new = b"""\ -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABsgAAAAdzc2gtZH NzAAAAgQCSkDrFREVQ0CKQDRx/iQAMpaPS7xWJhRVTCLhxRpWaSC+7IdyDJKsvnLLCDTP5 Zxw935rAMi5VF2bbejw/S4GUWs7DzoKbbh/hruPBvshbhPJdH1VVIr6LPzJmFSeuqk/fYb XGSmra01mZ6VVu4BQAaKsPoXti2dIJHlNPksfWuQAAABUA9BGJkzWhSfAktPrxUheJ2HMh J0kAAACBAJIC48RyQBO6hVnU6n+xGZ4Lu4wBpnQfZN2MzB3tZXTMRAe8zcOWjp8Y4aGC7Y h3qBHDpNlzsr5xPlX4SFsFgHToikUxGZZos5L4Rm6tAwnthDzF4q46lgAiOZw4qEF9aBDK J0fDdwBDub/UnwaktkPUejga+pX9OEb8KR2dFBrvAAAAgAIUacRjCFhMmhIfGJ44ms0EzR KZJUWangRqNYKLSYIDZlWiEDSApRpS8got+fXnxFLkHGfUl8TOfT/oXnHPxlPxh2pFuWFh OHT9hoHYDEFgu0ulhSF3jxhl6jUA3VsZV/LpoXp70KmtT5yqxUYQ6ycPGexo3R8X5bMQhJ lz6CzfAAAB2MVcBjzFXAY8AAAAB3NzaC1kc3MAAACBAJKQOsVERVDQIpANHH+JAAylo9Lv FYmFFVMIuHFGlZpIL7sh3IMkqy+cssINM/lnHD3fmsAyLlUXZtt6PD9LgZRazsPOgptuH+ Gu48G+yFuE8l0fVVUivos/MmYVJ66qT99htcZKatrTWZnpVW7gFABoqw+he2LZ0gkeU0+S x9a5AAAAFQD0EYmTNaFJ8CS0+vFSF4nYcyEnSQAAAIEAkgLjxHJAE7qFWdTqf7EZngu7jA GmdB9k3YzMHe1ldMxEB7zNw5aOnxjhoYLtiHeoEcOk2XOyvnE+VfhIWwWAdOiKRTEZlmiz kvhGbq0DCe2EPMXirjqWACI5nDioQX1oEMonR8N3AEO5v9SfBqS2Q9R6OBr6lf04RvwpHZ 0UGu8AAACAAhRpxGMIWEyaEh8YnjiazQTNEpklRZqeBGo1gotJggNmVaIQNIClGlLyCi35 9efEUuQcZ9SXxM59P+hecc/GU/GHakW5YWE4dP2GgdgMQWC7S6WFIXePGGXqNQDdWxlX8u mhenvQqa1PnKrFRhDrJw8Z7GjdHxflsxCEmXPoLN8AAAAVANXaBstzNR3EK6zSl8Q/Vt11 pdEtAAAAAAE= -----END OPENSSH PRIVATE KEY----- """ publicDSA_lsh = decodebytes( b"""\ e0tERXdPbkIxWW14cFl5MXJaWGtvTXpwa2MyRW9NVHB3TVRJNU9nQ1NrRHJGUkVWUTBDS1FEUngv aVFBTXBhUFM3eFdKaFJWVENMaHhScFdhU0MrN0lkeURKS3N2bkxMQ0RUUDVaeHc5MzVyQU1pNVZG MmJiZWp3L1M0R1VXczdEem9LYmJoL2hydVBCdnNoYmhQSmRIMVZWSXI2TFB6Sm1GU2V1cWsvZlli WEdTbXJhMDFtWjZWVnU0QlFBYUtzUG9YdGkyZElKSGxOUGtzZld1U2tvTVRweE1qRTZBUFFSaVpN MW9VbndKTFQ2OFZJWGlkaHpJU2RKS1NneE9tY3hNams2QUpJQzQ4UnlRQk82aFZuVTZuK3hHWjRM dTR3QnBuUWZaTjJNekIzdFpYVE1SQWU4emNPV2pwOFk0YUdDN1loM3FCSERwTmx6c3I1eFBsWDRT RnNGZ0hUb2lrVXhHWlpvczVMNFJtNnRBd250aER6RjRxNDZsZ0FpT1p3NHFFRjlhQkRLSjBmRGR3 QkR1Yi9Vbndha3RrUFVlamdhK3BYOU9FYjhLUjJkRkJydktTZ3hPbmt4TWpnNkFoUnB4R01JV0V5 YUVoOFluamlhelFUTkVwa2xSWnFlQkdvMWdvdEpnZ05tVmFJUU5JQ2xHbEx5Q2kzNTllZkVVdVFj WjlTWHhNNTlQK2hlY2MvR1UvR0hha1c1WVdFNGRQMkdnZGdNUVdDN1M2V0ZJWGVQR0dYcU5RRGRX eGxYOHVtaGVudlFxYTFQbktyRlJoRHJKdzhaN0dqZEh4ZmxzeENFbVhQb0xOOHBLU2s9fQ== """ ) privateDSA_lsh = decodebytes( b"""\ KDExOnByaXZhdGUta2V5KDM6ZHNhKDE6cDEyOToAkpA6xURFUNAikA0cf4kADKWj0u8ViYUVUwi4 cUaVmkgvuyHcgySrL5yywg0z+WccPd+awDIuVRdm23o8P0uBlFrOw86Cm24f4a7jwb7IW4TyXR9V VSK+iz8yZhUnrqpP32G1xkpq2tNZmelVbuAUAGirD6F7YtnSCR5TT5LH1rkpKDE6cTIxOgD0EYmT NaFJ8CS0+vFSF4nYcyEnSSkoMTpnMTI5OgCSAuPEckATuoVZ1Op/sRmeC7uMAaZ0H2TdjMwd7WV0 zEQHvM3Dlo6fGOGhgu2Id6gRw6TZc7K+cT5V+EhbBYB06IpFMRmWaLOS+EZurQMJ7YQ8xeKuOpYA IjmcOKhBfWgQyidHw3cAQ7m/1J8GpLZD1Ho4GvqV/ThG/CkdnRQa7ykoMTp5MTI4OgIUacRjCFhM mhIfGJ44ms0EzRKZJUWangRqNYKLSYIDZlWiEDSApRpS8got+fXnxFLkHGfUl8TOfT/oXnHPxlPx h2pFuWFhOHT9hoHYDEFgu0ulhSF3jxhl6jUA3VsZV/LpoXp70KmtT5yqxUYQ6ycPGexo3R8X5bMQ hJlz6CzfKSgxOngyMToA1doGy3M1HcQrrNKXxD9W3XWl0S0pKSk= """ ) privateDSA_agentv3 = decodebytes( b"""\ AAAAB3NzaC1kc3MAAACBAJKQOsVERVDQIpANHH+JAAylo9LvFYmFFVMIuHFGlZpIL7sh3IMkqy+c ssINM/lnHD3fmsAyLlUXZtt6PD9LgZRazsPOgptuH+Gu48G+yFuE8l0fVVUivos/MmYVJ66qT99h tcZKatrTWZnpVW7gFABoqw+he2LZ0gkeU0+Sx9a5AAAAFQD0EYmTNaFJ8CS0+vFSF4nYcyEnSQAA AIEAkgLjxHJAE7qFWdTqf7EZngu7jAGmdB9k3YzMHe1ldMxEB7zNw5aOnxjhoYLtiHeoEcOk2XOy vnE+VfhIWwWAdOiKRTEZlmizkvhGbq0DCe2EPMXirjqWACI5nDioQX1oEMonR8N3AEO5v9SfBqS2 Q9R6OBr6lf04RvwpHZ0UGu8AAACAAhRpxGMIWEyaEh8YnjiazQTNEpklRZqeBGo1gotJggNmVaIQ NIClGlLyCi359efEUuQcZ9SXxM59P+hecc/GU/GHakW5YWE4dP2GgdgMQWC7S6WFIXePGGXqNQDd WxlX8umhenvQqa1PnKrFRhDrJw8Z7GjdHxflsxCEmXPoLN8AAAAVANXaBstzNR3EK6zSl8Q/Vt11 pdEt """ ) __all__ = [ "DSAData", "RSAData", "privateDSA_agentv3", "privateDSA_lsh", "privateDSA_openssh", "privateRSA_agentv3", "privateRSA_lsh", "privateRSA_openssh", "publicDSA_lsh", "publicDSA_openssh", "publicRSA_lsh", "publicRSA_openssh", "privateRSA_openssh_alternate", ] ��test/test_checkers.py��0000644��00000075154�15027667726�0010761 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for L{twisted.conch.checkers}. """ try: import crypt except ImportError: cryptSkip = "cannot run without crypt module" else: cryptSkip = "" import os from base64 import encodebytes from collections import namedtuple from io import BytesIO from zope.interface.verify import verifyObject from twisted.cred.checkers import InMemoryUsernamePasswordDatabaseDontUse from twisted.cred.credentials import ( ISSHPrivateKey, IUsernamePassword, SSHPrivateKey, UsernamePassword, ) from twisted.cred.error import UnauthorizedLogin, UnhandledCredentials from twisted.python import util from twisted.python.failure import Failure from twisted.python.fakepwd import ShadowDatabase, UserDatabase from twisted.python.filepath import FilePath from twisted.python.reflect import requireModule from twisted.test.test_process import MockOS from twisted.trial.unittest import TestCase if requireModule("cryptography") and requireModule("pyasn1"): dependencySkip = "" from twisted.conch import checkers from twisted.conch.error import NotEnoughAuthentication, ValidPublicKey from twisted.conch.ssh import keys from twisted.conch.test import keydata else: dependencySkip = "can't run without cryptography and PyASN1" if getattr(os, "geteuid", None) is None: euidSkip = "Cannot run without effective UIDs (questionable)" else: euidSkip = "" class HelperTests(TestCase): """ Tests for helper functions L{verifyCryptedPassword}, L{_pwdGetByName} and L{_shadowGetByName}. """ skip = cryptSkip or dependencySkip def setUp(self): self.mockos = MockOS() def test_verifyCryptedPassword(self): """ L{verifyCryptedPassword} returns C{True} if the plaintext password passed to it matches the encrypted password passed to it. """ password = "secret string" salt = "salty" crypted = crypt.crypt(password, salt) self.assertTrue( checkers.verifyCryptedPassword(crypted, password), "{!r} supposed to be valid encrypted password for {!r}".format( crypted, password ), ) def test_verifyCryptedPasswordMD5(self): """ L{verifyCryptedPassword} returns True if the provided cleartext password matches the provided MD5 password hash. """ password = "password" salt = "$1$salt" crypted = crypt.crypt(password, salt) self.assertTrue( checkers.verifyCryptedPassword(crypted, password), "{!r} supposed to be valid encrypted password for {}".format( crypted, password ), ) def test_refuteCryptedPassword(self): """ L{verifyCryptedPassword} returns C{False} if the plaintext password passed to it does not match the encrypted password passed to it. """ password = "string secret" wrong = "secret string" crypted = crypt.crypt(password, password) self.assertFalse( checkers.verifyCryptedPassword(crypted, wrong), "{!r} not supposed to be valid encrypted password for {}".format( crypted, wrong ), ) def test_pwdGetByName(self): """ L{_pwdGetByName} returns a tuple of items from the UNIX /etc/passwd database if the L{pwd} module is present. """ userdb = UserDatabase() userdb.addUser("alice", "secrit", 1, 2, "first last", "/foo", "/bin/sh") self.patch(checkers, "pwd", userdb) self.assertEqual(checkers._pwdGetByName("alice"), userdb.getpwnam("alice")) def test_pwdGetByNameWithoutPwd(self): """ If the C{pwd} module isn't present, L{_pwdGetByName} returns L{None}. """ self.patch(checkers, "pwd", None) self.assertIsNone(checkers._pwdGetByName("alice")) def test_shadowGetByName(self): """ L{_shadowGetByName} returns a tuple of items from the UNIX /etc/shadow database if the L{spwd} is present. """ userdb = ShadowDatabase() userdb.addUser("bob", "passphrase", 1, 2, 3, 4, 5, 6, 7) self.patch(checkers, "spwd", userdb) self.mockos.euid = 2345 self.mockos.egid = 1234 self.patch(util, "os", self.mockos) self.assertEqual(checkers._shadowGetByName("bob"), userdb.getspnam("bob")) self.assertEqual(self.mockos.seteuidCalls, [0, 2345]) self.assertEqual(self.mockos.setegidCalls, [0, 1234]) def test_shadowGetByNameWithoutSpwd(self): """ L{_shadowGetByName} returns L{None} if C{spwd} is not present. """ self.patch(checkers, "spwd", None) self.assertIsNone(checkers._shadowGetByName("bob")) self.assertEqual(self.mockos.seteuidCalls, []) self.assertEqual(self.mockos.setegidCalls, []) class SSHPublicKeyDatabaseTests(TestCase): """ Tests for L{SSHPublicKeyDatabase}. """ skip = euidSkip or dependencySkip def setUp(self): self.checker = checkers.SSHPublicKeyDatabase() self.key1 = encodebytes(b"foobar") self.key2 = encodebytes(b"eggspam") self.content = b"t1 " + self.key1 + b" foo\nt2 " + self.key2 + b" egg\n" self.mockos = MockOS() self.mockos.path = FilePath(self.mktemp()) self.mockos.path.makedirs() self.patch(util, "os", self.mockos) self.sshDir = self.mockos.path.child(".ssh") self.sshDir.makedirs() userdb = UserDatabase() userdb.addUser( b"user", b"password", 1, 2, b"first last", self.mockos.path.path, b"/bin/shell", ) self.checker._userdb = userdb def test_deprecated(self): """ L{SSHPublicKeyDatabase} is deprecated as of version 15.0 """ warningsShown = self.flushWarnings(offendingFunctions=[self.setUp]) self.assertEqual(warningsShown[0]["category"], DeprecationWarning) self.assertEqual( warningsShown[0]["message"], "twisted.conch.checkers.SSHPublicKeyDatabase " "was deprecated in Twisted 15.0.0: Please use " "twisted.conch.checkers.SSHPublicKeyChecker, " "initialized with an instance of " "twisted.conch.checkers.UNIXAuthorizedKeysFiles instead.", ) self.assertEqual(len(warningsShown), 1) def _testCheckKey(self, filename): self.sshDir.child(filename).setContent(self.content) user = UsernamePassword(b"user", b"password") user.blob = b"foobar" self.assertTrue(self.checker.checkKey(user)) user.blob = b"eggspam" self.assertTrue(self.checker.checkKey(user)) user.blob = b"notallowed" self.assertFalse(self.checker.checkKey(user)) def test_checkKey(self): """ L{SSHPublicKeyDatabase.checkKey} should retrieve the content of the authorized_keys file and check the keys against that file. """ self._testCheckKey("authorized_keys") self.assertEqual(self.mockos.seteuidCalls, []) self.assertEqual(self.mockos.setegidCalls, []) def test_checkKey2(self): """ L{SSHPublicKeyDatabase.checkKey} should retrieve the content of the authorized_keys2 file and check the keys against that file. """ self._testCheckKey("authorized_keys2") self.assertEqual(self.mockos.seteuidCalls, []) self.assertEqual(self.mockos.setegidCalls, []) def test_checkKeyAsRoot(self): """ If the key file is readable, L{SSHPublicKeyDatabase.checkKey} should switch its uid/gid to the ones of the authenticated user. """ keyFile = self.sshDir.child("authorized_keys") keyFile.setContent(self.content) # Fake permission error by changing the mode keyFile.chmod(0o000) self.addCleanup(keyFile.chmod, 0o777) # And restore the right mode when seteuid is called savedSeteuid = self.mockos.seteuid def seteuid(euid): keyFile.chmod(0o777) return savedSeteuid(euid) self.mockos.euid = 2345 self.mockos.egid = 1234 self.patch(self.mockos, "seteuid", seteuid) self.patch(util, "os", self.mockos) user = UsernamePassword(b"user", b"password") user.blob = b"foobar" self.assertTrue(self.checker.checkKey(user)) self.assertEqual(self.mockos.seteuidCalls, [0, 1, 0, 2345]) self.assertEqual(self.mockos.setegidCalls, [2, 1234]) def test_requestAvatarId(self): """ L{SSHPublicKeyDatabase.requestAvatarId} should return the avatar id passed in if its C{_checkKey} method returns True. """ def _checkKey(ignored): return True self.patch(self.checker, "checkKey", _checkKey) credentials = SSHPrivateKey( b"test", b"ssh-rsa", keydata.publicRSA_openssh, b"foo", keys.Key.fromString(keydata.privateRSA_openssh).sign(b"foo"), ) d = self.checker.requestAvatarId(credentials) def _verify(avatarId): self.assertEqual(avatarId, b"test") return d.addCallback(_verify) def test_requestAvatarIdWithoutSignature(self): """ L{SSHPublicKeyDatabase.requestAvatarId} should raise L{ValidPublicKey} if the credentials represent a valid key without a signature. This tells the user that the key is valid for login, but does not actually allow that user to do so without a signature. """ def _checkKey(ignored): return True self.patch(self.checker, "checkKey", _checkKey) credentials = SSHPrivateKey( b"test", b"ssh-rsa", keydata.publicRSA_openssh, None, None ) d = self.checker.requestAvatarId(credentials) return self.assertFailure(d, ValidPublicKey) def test_requestAvatarIdInvalidKey(self): """ If L{SSHPublicKeyDatabase.checkKey} returns False, C{_cbRequestAvatarId} should raise L{UnauthorizedLogin}. """ def _checkKey(ignored): return False self.patch(self.checker, "checkKey", _checkKey) d = self.checker.requestAvatarId(None) return self.assertFailure(d, UnauthorizedLogin) def test_requestAvatarIdInvalidSignature(self): """ Valid keys with invalid signatures should cause L{SSHPublicKeyDatabase.requestAvatarId} to return a {UnauthorizedLogin} failure """ def _checkKey(ignored): return True self.patch(self.checker, "checkKey", _checkKey) credentials = SSHPrivateKey( b"test", b"ssh-rsa", keydata.publicRSA_openssh, b"foo", keys.Key.fromString(keydata.privateDSA_openssh).sign(b"foo"), ) d = self.checker.requestAvatarId(credentials) return self.assertFailure(d, UnauthorizedLogin) def test_requestAvatarIdNormalizeException(self): """ Exceptions raised while verifying the key should be normalized into an C{UnauthorizedLogin} failure. """ def _checkKey(ignored): return True self.patch(self.checker, "checkKey", _checkKey) credentials = SSHPrivateKey(b"test", None, b"blob", b"sigData", b"sig") d = self.checker.requestAvatarId(credentials) def _verifyLoggedException(failure): errors = self.flushLoggedErrors(keys.BadKeyError) self.assertEqual(len(errors), 1) return failure d.addErrback(_verifyLoggedException) return self.assertFailure(d, UnauthorizedLogin) class SSHProtocolCheckerTests(TestCase): """ Tests for L{SSHProtocolChecker}. """ skip = dependencySkip def test_registerChecker(self): """ L{SSHProcotolChecker.registerChecker} should add the given checker to the list of registered checkers. """ checker = checkers.SSHProtocolChecker() self.assertEqual(checker.credentialInterfaces, []) checker.registerChecker( checkers.SSHPublicKeyDatabase(), ) self.assertEqual(checker.credentialInterfaces, [ISSHPrivateKey]) self.assertIsInstance( checker.checkers[ISSHPrivateKey], checkers.SSHPublicKeyDatabase ) def test_registerCheckerWithInterface(self): """ If a specific interface is passed into L{SSHProtocolChecker.registerChecker}, that interface should be registered instead of what the checker specifies in credentialIntefaces. """ checker = checkers.SSHProtocolChecker() self.assertEqual(checker.credentialInterfaces, []) checker.registerChecker(checkers.SSHPublicKeyDatabase(), IUsernamePassword) self.assertEqual(checker.credentialInterfaces, [IUsernamePassword]) self.assertIsInstance( checker.checkers[IUsernamePassword], checkers.SSHPublicKeyDatabase ) def test_requestAvatarId(self): """ L{SSHProtocolChecker.requestAvatarId} should defer to one if its registered checkers to authenticate a user. """ checker = checkers.SSHProtocolChecker() passwordDatabase = InMemoryUsernamePasswordDatabaseDontUse() passwordDatabase.addUser(b"test", b"test") checker.registerChecker(passwordDatabase) d = checker.requestAvatarId(UsernamePassword(b"test", b"test")) def _callback(avatarId): self.assertEqual(avatarId, b"test") return d.addCallback(_callback) def test_requestAvatarIdWithNotEnoughAuthentication(self): """ If the client indicates that it is never satisfied, by always returning False from _areDone, then L{SSHProtocolChecker} should raise L{NotEnoughAuthentication}. """ checker = checkers.SSHProtocolChecker() def _areDone(avatarId): return False self.patch(checker, "areDone", _areDone) passwordDatabase = InMemoryUsernamePasswordDatabaseDontUse() passwordDatabase.addUser(b"test", b"test") checker.registerChecker(passwordDatabase) d = checker.requestAvatarId(UsernamePassword(b"test", b"test")) return self.assertFailure(d, NotEnoughAuthentication) def test_requestAvatarIdInvalidCredential(self): """ If the passed credentials aren't handled by any registered checker, L{SSHProtocolChecker} should raise L{UnhandledCredentials}. """ checker = checkers.SSHProtocolChecker() d = checker.requestAvatarId(UsernamePassword(b"test", b"test")) return self.assertFailure(d, UnhandledCredentials) def test_areDone(self): """ The default L{SSHProcotolChecker.areDone} should simply return True. """ self.assertTrue(checkers.SSHProtocolChecker().areDone(None)) class UNIXPasswordDatabaseTests(TestCase): """ Tests for L{UNIXPasswordDatabase}. """ skip = cryptSkip or dependencySkip def assertLoggedIn(self, d, username): """ Assert that the L{Deferred} passed in is called back with the value 'username'. This represents a valid login for this TestCase. NOTE: To work, this method's return value must be returned from the test method, or otherwise hooked up to the test machinery. @param d: a L{Deferred} from an L{IChecker.requestAvatarId} method. @type d: L{Deferred} @rtype: L{Deferred} """ result = [] d.addBoth(result.append) self.assertEqual(len(result), 1, "login incomplete") if isinstance(result[0], Failure): result[0].raiseException() self.assertEqual(result[0], username) def test_defaultCheckers(self): """ L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database and then the C{spwd} database. """ checker = checkers.UNIXPasswordDatabase() def crypted(username, password): salt = crypt.crypt(password, username) crypted = crypt.crypt(password, "$1$" + salt) return crypted pwd = UserDatabase() pwd.addUser( "alice", crypted("alice", "password"), 1, 2, "foo", "/foo", "/bin/sh" ) # x and are convention for "look elsewhere for the password" pwd.addUser("bob", "x", 1, 2, "bar", "/bar", "/bin/sh") spwd = ShadowDatabase() spwd.addUser("alice", "wrong", 1, 2, 3, 4, 5, 6, 7) spwd.addUser("bob", crypted("bob", "password"), 8, 9, 10, 11, 12, 13, 14) self.patch(checkers, "pwd", pwd) self.patch(checkers, "spwd", spwd) mockos = MockOS() self.patch(util, "os", mockos) mockos.euid = 2345 mockos.egid = 1234 cred = UsernamePassword(b"alice", b"password") self.assertLoggedIn(checker.requestAvatarId(cred), b"alice") self.assertEqual(mockos.seteuidCalls, []) self.assertEqual(mockos.setegidCalls, []) cred.username = b"bob" self.assertLoggedIn(checker.requestAvatarId(cred), b"bob") self.assertEqual(mockos.seteuidCalls, [0, 2345]) self.assertEqual(mockos.setegidCalls, [0, 1234]) def assertUnauthorizedLogin(self, d): """ Asserts that the L{Deferred} passed in is erred back with an L{UnauthorizedLogin} L{Failure}. This reprsents an invalid login for this TestCase. NOTE: To work, this method's return value must be returned from the test method, or otherwise hooked up to the test machinery. @param d: a L{Deferred} from an L{IChecker.requestAvatarId} method. @type d: L{Deferred} @rtype: L{None} """ self.assertRaises( checkers.UnauthorizedLogin, self.assertLoggedIn, d, "bogus value" ) def test_passInCheckers(self): """ L{UNIXPasswordDatabase} takes a list of functions to check for UNIX user information. """ password = crypt.crypt("secret", "secret") userdb = UserDatabase() userdb.addUser("anybody", password, 1, 2, "foo", "/bar", "/bin/sh") checker = checkers.UNIXPasswordDatabase([userdb.getpwnam]) self.assertLoggedIn( checker.requestAvatarId(UsernamePassword(b"anybody", b"secret")), b"anybody" ) def test_verifyPassword(self): """ If the encrypted password provided by the getpwnam function is valid (verified by the L{verifyCryptedPassword} function), we callback the C{requestAvatarId} L{Deferred} with the username. """ def verifyCryptedPassword(crypted, pw): return crypted == pw def getpwnam(username): return [username, username] self.patch(checkers, "verifyCryptedPassword", verifyCryptedPassword) checker = checkers.UNIXPasswordDatabase([getpwnam]) credential = UsernamePassword(b"username", b"username") self.assertLoggedIn(checker.requestAvatarId(credential), b"username") def test_failOnKeyError(self): """ If the getpwnam function raises a KeyError, the login fails with an L{UnauthorizedLogin} exception. """ def getpwnam(username): raise KeyError(username) checker = checkers.UNIXPasswordDatabase([getpwnam]) credential = UsernamePassword(b"username", b"username") self.assertUnauthorizedLogin(checker.requestAvatarId(credential)) def test_failOnBadPassword(self): """ If the verifyCryptedPassword function doesn't verify the password, the login fails with an L{UnauthorizedLogin} exception. """ def verifyCryptedPassword(crypted, pw): return False def getpwnam(username): return [username, username] self.patch(checkers, "verifyCryptedPassword", verifyCryptedPassword) checker = checkers.UNIXPasswordDatabase([getpwnam]) credential = UsernamePassword(b"username", b"username") self.assertUnauthorizedLogin(checker.requestAvatarId(credential)) def test_loopThroughFunctions(self): """ UNIXPasswordDatabase.requestAvatarId loops through each getpwnam function associated with it and returns a L{Deferred} which fires with the result of the first one which returns a value other than None. ones do not verify the password. """ def verifyCryptedPassword(crypted, pw): return crypted == pw def getpwnam1(username): return [username, "not the password"] def getpwnam2(username): return [username, username] self.patch(checkers, "verifyCryptedPassword", verifyCryptedPassword) checker = checkers.UNIXPasswordDatabase([getpwnam1, getpwnam2]) credential = UsernamePassword(b"username", b"username") self.assertLoggedIn(checker.requestAvatarId(credential), b"username") def test_failOnSpecial(self): """ If the password returned by any function is C{""}, C{"x"}, or C{""} it is not compared against the supplied password. Instead it is skipped. """ pwd = UserDatabase() pwd.addUser("alice", "", 1, 2, "", "foo", "bar") pwd.addUser("bob", "x", 1, 2, "", "foo", "bar") pwd.addUser("carol", "", 1, 2, "", "foo", "bar") self.patch(checkers, "pwd", pwd) checker = checkers.UNIXPasswordDatabase([checkers._pwdGetByName]) cred = UsernamePassword(b"alice", b"") self.assertUnauthorizedLogin(checker.requestAvatarId(cred)) cred = UsernamePassword(b"bob", b"x") self.assertUnauthorizedLogin(checker.requestAvatarId(cred)) cred = UsernamePassword(b"carol", b"") self.assertUnauthorizedLogin(checker.requestAvatarId(cred)) class AuthorizedKeyFileReaderTests(TestCase): """ Tests for L{checkers.readAuthorizedKeyFile} """ skip = dependencySkip def test_ignoresComments(self): """ L{checkers.readAuthorizedKeyFile} does not attempt to turn comments into keys """ fileobj = BytesIO( b"# this comment is ignored\n" b"this is not\n" b"# this is again\n" b"and this is not" ) result = checkers.readAuthorizedKeyFile(fileobj, lambda x: x) self.assertEqual([b"this is not", b"and this is not"], list(result)) def test_ignoresLeadingWhitespaceAndEmptyLines(self): """ L{checkers.readAuthorizedKeyFile} ignores leading whitespace in lines, as well as empty lines """ fileobj = BytesIO( b""" # ignore not ignored """ ) result = checkers.readAuthorizedKeyFile(fileobj, parseKey=lambda x: x) self.assertEqual([b"not ignored"], list(result)) def test_ignoresUnparsableKeys(self): """ L{checkers.readAuthorizedKeyFile} does not raise an exception when a key fails to parse (raises a L{twisted.conch.ssh.keys.BadKeyError}), but rather just keeps going """ def failOnSome(line): if line.startswith(b"f"): raise keys.BadKeyError("failed to parse") return line fileobj = BytesIO(b"failed key\ngood key") result = checkers.readAuthorizedKeyFile(fileobj, parseKey=failOnSome) self.assertEqual([b"good key"], list(result)) class InMemorySSHKeyDBTests(TestCase): """ Tests for L{checkers.InMemorySSHKeyDB} """ skip = dependencySkip def test_implementsInterface(self): """ L{checkers.InMemorySSHKeyDB} implements L{checkers.IAuthorizedKeysDB} """ keydb = checkers.InMemorySSHKeyDB({b"alice": [b"key"]}) verifyObject(checkers.IAuthorizedKeysDB, keydb) def test_noKeysForUnauthorizedUser(self): """ If the user is not in the mapping provided to L{checkers.InMemorySSHKeyDB}, an empty iterator is returned by L{checkers.InMemorySSHKeyDB.getAuthorizedKeys} """ keydb = checkers.InMemorySSHKeyDB({b"alice": [b"keys"]}) self.assertEqual([], list(keydb.getAuthorizedKeys(b"bob"))) def test_allKeysForAuthorizedUser(self): """ If the user is in the mapping provided to L{checkers.InMemorySSHKeyDB}, an iterator with all the keys is returned by L{checkers.InMemorySSHKeyDB.getAuthorizedKeys} """ keydb = checkers.InMemorySSHKeyDB({b"alice": [b"a", b"b"]}) self.assertEqual([b"a", b"b"], list(keydb.getAuthorizedKeys(b"alice"))) class UNIXAuthorizedKeysFilesTests(TestCase): """ Tests for L{checkers.UNIXAuthorizedKeysFiles}. """ skip = dependencySkip def setUp(self): mockos = MockOS() mockos.path = FilePath(self.mktemp()) mockos.path.makedirs() self.userdb = UserDatabase() self.userdb.addUser( b"alice", b"password", 1, 2, b"alice lastname", mockos.path.path, b"/bin/shell", ) self.sshDir = mockos.path.child(".ssh") self.sshDir.makedirs() authorizedKeys = self.sshDir.child("authorized_keys") authorizedKeys.setContent(b"key 1\nkey 2") self.expectedKeys = [b"key 1", b"key 2"] def test_implementsInterface(self): """ L{checkers.UNIXAuthorizedKeysFiles} implements L{checkers.IAuthorizedKeysDB}. """ keydb = checkers.UNIXAuthorizedKeysFiles(self.userdb) verifyObject(checkers.IAuthorizedKeysDB, keydb) def test_noKeysForUnauthorizedUser(self): """ If the user is not in the user database provided to L{checkers.UNIXAuthorizedKeysFiles}, an empty iterator is returned by L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys}. """ keydb = checkers.UNIXAuthorizedKeysFiles(self.userdb, parseKey=lambda x: x) self.assertEqual([], list(keydb.getAuthorizedKeys("bob"))) def test_allKeysInAllAuthorizedFilesForAuthorizedUser(self): """ If the user is in the user database provided to L{checkers.UNIXAuthorizedKeysFiles}, an iterator with all the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} is returned by L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys}. """ self.sshDir.child("authorized_keys2").setContent(b"key 3") keydb = checkers.UNIXAuthorizedKeysFiles(self.userdb, parseKey=lambda x: x) self.assertEqual( self.expectedKeys + [b"key 3"], list(keydb.getAuthorizedKeys(b"alice")) ) def test_ignoresNonexistantFile(self): """ L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys} returns only the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if they exist. """ keydb = checkers.UNIXAuthorizedKeysFiles(self.userdb, parseKey=lambda x: x) self.assertEqual(self.expectedKeys, list(keydb.getAuthorizedKeys(b"alice"))) def test_ignoresUnreadableFile(self): """ L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys} returns only the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if they are readable. """ self.sshDir.child("authorized_keys2").makedirs() keydb = checkers.UNIXAuthorizedKeysFiles(self.userdb, parseKey=lambda x: x) self.assertEqual(self.expectedKeys, list(keydb.getAuthorizedKeys(b"alice"))) _KeyDB = namedtuple("_KeyDB", ["getAuthorizedKeys"]) class _DummyException(Exception): """ Fake exception to be used for testing. """ pass class SSHPublicKeyCheckerTests(TestCase): """ Tests for L{checkers.SSHPublicKeyChecker}. """ skip = dependencySkip def setUp(self): self.credentials = SSHPrivateKey( b"alice", b"ssh-rsa", keydata.publicRSA_openssh, b"foo", keys.Key.fromString(keydata.privateRSA_openssh).sign(b"foo"), ) self.keydb = _KeyDB(lambda _: [keys.Key.fromString(keydata.publicRSA_openssh)]) self.checker = checkers.SSHPublicKeyChecker(self.keydb) def test_credentialsWithoutSignature(self): """ Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that do not have a signature fails with L{ValidPublicKey}. """ self.credentials.signature = None self.failureResultOf( self.checker.requestAvatarId(self.credentials), ValidPublicKey ) def test_credentialsWithBadKey(self): """ Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that have a bad key fails with L{keys.BadKeyError}. """ self.credentials.blob = b"" self.failureResultOf( self.checker.requestAvatarId(self.credentials), keys.BadKeyError ) def test_credentialsNoMatchingKey(self): """ If L{checkers.IAuthorizedKeysDB.getAuthorizedKeys} returns no keys that match the credentials, L{checkers.SSHPublicKeyChecker.requestAvatarId} fails with L{UnauthorizedLogin}. """ self.credentials.blob = keydata.publicDSA_openssh self.failureResultOf( self.checker.requestAvatarId(self.credentials), UnauthorizedLogin ) def test_credentialsInvalidSignature(self): """ Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that are incorrectly signed fails with L{UnauthorizedLogin}. """ self.credentials.signature = keys.Key.fromString( keydata.privateDSA_openssh ).sign(b"foo") self.failureResultOf( self.checker.requestAvatarId(self.credentials), UnauthorizedLogin ) def test_failureVerifyingKey(self): """ If L{keys.Key.verify} raises an exception, L{checkers.SSHPublicKeyChecker.requestAvatarId} fails with L{UnauthorizedLogin}. """ def fail(args, *kwargs): raise _DummyException() self.patch(keys.Key, "verify", fail) self.failureResultOf( self.checker.requestAvatarId(self.credentials), UnauthorizedLogin ) self.flushLoggedErrors(_DummyException) def test_usernameReturnedOnSuccess(self): """ L{checker.SSHPublicKeyChecker.requestAvatarId}, if successful, callbacks with the username. """ d = self.checker.requestAvatarId(self.credentials) self.assertEqual(b"alice", self.successResultOf(d)) ��test/test_address.py��0000644��00000003016�15027667726�0010603 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for L{SSHTransportAddrress} in ssh/address.py """ from twisted.conch.ssh.address import SSHTransportAddress from twisted.internet.address import IPv4Address from twisted.internet.test.test_address import AddressTestCaseMixin from twisted.trial import unittest class SSHTransportAddressTests(unittest.TestCase, AddressTestCaseMixin): """ L{twisted.conch.ssh.address.SSHTransportAddress} is what Conch transports use to represent the other side of the SSH connection. This tests the basic functionality of that class (string representation, comparison, &c). """ def _stringRepresentation(self, stringFunction): """ The string representation of C{SSHTransportAddress} should be "SSHTransportAddress(<stringFunction on address>)". """ addr = self.buildAddress() stringValue = stringFunction(addr) addressValue = stringFunction(addr.address) self.assertEqual(stringValue, "SSHTransportAddress(%s)" % addressValue) def buildAddress(self): """ Create an arbitrary new C{SSHTransportAddress}. A new instance is created for each call, but always for the same address. """ return SSHTransportAddress(IPv4Address("TCP", "127.0.0.1", 22)) def buildDifferentAddress(self): """ Like C{buildAddress}, but with a different fixed address. """ return SSHTransportAddress(IPv4Address("TCP", "127.0.0.2", 22)) ��test/test_endpoints.py��0000644��00000155120�15027667726�0011165 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for L{twisted.conch.endpoints}. """ import os.path from errno import ENOSYS from struct import pack from zope.interface import implementer from zope.interface.verify import verifyClass, verifyObject import hamcrest from twisted.conch.error import ConchError, HostKeyChanged, UserRejectedKey from twisted.conch.interfaces import IConchUser from twisted.cred.checkers import InMemoryUsernamePasswordDatabaseDontUse from twisted.cred.portal import Portal from twisted.internet.address import IPv4Address from twisted.internet.defer import CancelledError, Deferred, fail, succeed from twisted.internet.error import ( ConnectingCancelledError, ConnectionDone, ConnectionRefusedError, ProcessTerminated, ) from twisted.internet.interfaces import IAddress, IStreamClientEndpoint from twisted.internet.protocol import Factory, Protocol from twisted.logger import LogLevel, globalLogPublisher from twisted.python.compat import networkString from twisted.python.failure import Failure from twisted.python.filepath import FilePath from twisted.python.log import msg from twisted.python.reflect import requireModule from twisted.test.proto_helpers import EventLoggingObserver, MemoryReactorClock from twisted.trial.unittest import TestCase if requireModule("cryptography") and requireModule("pyasn1.type"): from twisted.conch.avatar import ConchUser from twisted.conch.checkers import InMemorySSHKeyDB, SSHPublicKeyChecker from twisted.conch.client.knownhosts import ConsoleUI, KnownHostsFile from twisted.conch.endpoints import ( AuthenticationFailed, SSHCommandAddress, SSHCommandClientEndpoint, _ExistingConnectionHelper, _ISSHConnectionCreator, _NewConnectionHelper, _ReadFile, ) from twisted.conch.ssh import common from twisted.conch.ssh.agent import SSHAgentServer from twisted.conch.ssh.channel import SSHChannel from twisted.conch.ssh.connection import SSHConnection from twisted.conch.ssh.factory import SSHFactory from twisted.conch.ssh.keys import Key from twisted.conch.ssh.transport import SSHClientTransport from twisted.conch.ssh.userauth import SSHUserAuthServer from twisted.conch.test.keydata import ( privateDSA_openssh, privateRSA_openssh, privateRSA_openssh_encrypted_aes, publicRSA_openssh, ) else: skip = "can't run w/o cryptography and pyasn1" SSHFactory = object # type: ignore[assignment,misc] SSHUserAuthServer = object # type: ignore[assignment,misc] SSHConnection = object # type: ignore[assignment,misc] Key = object # type: ignore[assignment,misc,misc] SSHChannel = object # type: ignore[assignment,misc] SSHAgentServer = object # type: ignore[assignment,misc] KnownHostsFile = object # type: ignore[assignment,misc] SSHPublicKeyChecker = object # type: ignore[assignment,misc] ConchUser = object # type: ignore[assignment,misc] from twisted.test.iosim import FakeTransport, connect from twisted.test.proto_helpers import StringTransport class AbortableFakeTransport(FakeTransport): """ A L{FakeTransport} with added C{abortConnection} support. """ aborted = False def abortConnection(self): """ Abort the connection in a fake manner. This should really be implemented in the underlying module. """ self.aborted = True class BrokenExecSession(SSHChannel): """ L{BrokenExecSession} is a session on which exec requests always fail. """ def request_exec(self, data): """ Fail all exec requests. @param data: Information about what is being executed. @type data: L{bytes} @return: C{0} to indicate failure @rtype: L{int} """ return 0 class WorkingExecSession(SSHChannel): """ L{WorkingExecSession} is a session on which exec requests always succeed. """ def request_exec(self, data): """ Succeed all exec requests. @param data: Information about what is being executed. @type data: L{bytes} @return: C{1} to indicate success @rtype: L{int} """ return 1 class UnsatisfiedExecSession(SSHChannel): """ L{UnsatisfiedExecSession} is a session on which exec requests are always delayed indefinitely, never succeeding or failing. """ def request_exec(self, data): """ Delay all exec requests indefinitely. @param data: Information about what is being executed. @type data: L{bytes} @return: A L{Deferred} which will never fire. @rtype: L{Deferred} """ return Deferred() class TrivialRealm: def __init__(self): self.channelLookup = {} def requestAvatar(self, avatarId, mind, interfaces): avatar = ConchUser() avatar.channelLookup = self.channelLookup return (IConchUser, avatar, lambda: None) class AddressSpyFactory(Factory): address = None def buildProtocol(self, address): self.address = address return Factory.buildProtocol(self, address) class FixedResponseUI: def __init__(self, result): self.result = result def prompt(self, text): return succeed(self.result) def warn(self, text): pass class FakeClockSSHUserAuthServer(SSHUserAuthServer): # Delegate this setting to the factory to simplify tweaking it @property def attemptsBeforeDisconnect(self): """ Use the C{attemptsBeforeDisconnect} value defined by the factory to make it easier to override. """ return self.transport.factory.attemptsBeforeDisconnect @property def clock(self): """ Use the reactor defined by the factory, rather than the default global reactor, to simplify testing (by allowing an alternate implementation to be supplied by tests). """ return self.transport.factory.reactor class CommandFactory(SSHFactory): @property def publicKeys(self): return {b"ssh-rsa": Key.fromString(data=publicRSA_openssh)} @property def privateKeys(self): return {b"ssh-rsa": Key.fromString(data=privateRSA_openssh)} services = { b"ssh-userauth": FakeClockSSHUserAuthServer, b"ssh-connection": SSHConnection, } # Simplify the tests by disconnecting after the first authentication # failure. One attempt should be sufficient to test authentication success # and failure. There is an off-by-one in the implementation of this # feature in Conch, so set it to 0 in order to allow 1 attempt. attemptsBeforeDisconnect = 0 @implementer(IAddress) class MemoryAddress: pass @implementer(IStreamClientEndpoint) class SingleUseMemoryEndpoint: """ L{SingleUseMemoryEndpoint} is a client endpoint which allows one connection to be set up and then exposes an API for moving around bytes related to that connection. @ivar pump: L{None} until a connection is attempted, then a L{IOPump} instance associated with the protocol which is connected. @type pump: L{IOPump} """ def __init__(self, server): """ @param server: An L{IProtocol} provider to which the client will be connected. @type server: L{IProtocol} provider """ self.pump = None self._server = server def connect(self, factory): if self.pump is not None: raise Exception("SingleUseMemoryEndpoint was already used") try: protocol = factory.buildProtocol(MemoryAddress()) except BaseException: return fail() else: self.pump = connect( self._server, AbortableFakeTransport(self._server, isServer=True), protocol, AbortableFakeTransport(protocol, isServer=False), ) return succeed(protocol) class SSHCommandClientEndpointTestsMixin: """ Tests for L{SSHCommandClientEndpoint}, an L{IStreamClientEndpoint} implementations which connects a protocol with the stdin and stdout of a command running in an SSH session. These tests apply to L{SSHCommandClientEndpoint} whether it is constructed using L{SSHCommandClientEndpoint.existingConnection} or L{SSHCommandClientEndpoint.newConnection}. Subclasses must override L{create}, L{assertClientTransportState}, and L{finishConnection}. """ def setUp(self): self.hostname = b"ssh.example.com" self.port = 42022 self.user = b"user" self.password = b"password" self.reactor = MemoryReactorClock() self.realm = TrivialRealm() self.portal = Portal(self.realm) self.passwdDB = InMemoryUsernamePasswordDatabaseDontUse() self.passwdDB.addUser(self.user, self.password) self.portal.registerChecker(self.passwdDB) self.factory = CommandFactory() self.factory.reactor = self.reactor self.factory.portal = self.portal self.factory.doStart() self.addCleanup(self.factory.doStop) self.clientAddress = IPv4Address("TCP", "10.0.0.1", 12345) self.serverAddress = IPv4Address("TCP", "192.168.100.200", 54321) def create(self): """ Create and return a new L{SSHCommandClientEndpoint} to be tested. Override this to implement creation in an interesting way the endpoint. """ raise NotImplementedError( f"{self.__class__.__name__!r} did not implement create" ) def assertClientTransportState(self, client, immediateClose): """ Make an assertion about the connectedness of the given protocol's transport. Override this to implement either a check for the connection still being open or having been closed as appropriate. @param client: The client whose state is being checked. @param immediateClose: Boolean indicating whether the connection was closed immediately or not. """ raise NotImplementedError( "%r did not implement assertClientTransportState" % (self.__class__.__name__,) ) def finishConnection(self): """ Do any remaining work necessary to complete an in-memory connection attempted initiated using C{self.reactor}. """ raise NotImplementedError( f"{self.__class__.__name__!r} did not implement finishConnection" ) def connectedServerAndClient(self, serverFactory, clientFactory): """ Set up an in-memory connection between protocols created by C{serverFactory} and C{clientFactory}. @return: A three-tuple. The first element is the protocol created by C{serverFactory}. The second element is the protocol created by C{clientFactory}. The third element is the L{IOPump} connecting them. """ clientProtocol = clientFactory.buildProtocol(None) serverProtocol = serverFactory.buildProtocol(None) clientTransport = AbortableFakeTransport( clientProtocol, isServer=False, hostAddress=self.clientAddress, peerAddress=self.serverAddress, ) serverTransport = AbortableFakeTransport( serverProtocol, isServer=True, hostAddress=self.serverAddress, peerAddress=self.clientAddress, ) pump = connect(serverProtocol, serverTransport, clientProtocol, clientTransport) return serverProtocol, clientProtocol, pump def test_channelOpenFailure(self): """ If a channel cannot be opened on the authenticated SSH connection, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping the reason given by the server. """ endpoint = self.create() factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.finishConnection() # The server logs the channel open failure - this is expected. errors = self.flushLoggedErrors(ConchError) self.assertIn("unknown channel", (errors[0].value.data, errors[0].value.value)) self.assertEqual(1, len(errors)) # Now deal with the results on the endpoint side. f = self.failureResultOf(connected) f.trap(ConchError) self.assertEqual(b"unknown channel", f.value.value) self.assertClientTransportState(client, False) def test_execFailure(self): """ If execution of the command fails, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping the reason given by the server. """ self.realm.channelLookup[b"session"] = BrokenExecSession endpoint = self.create() factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.finishConnection() f = self.failureResultOf(connected) f.trap(ConchError) self.assertEqual("channel request failed", f.value.value) self.assertClientTransportState(client, False) def test_execCancelled(self): """ If execution of the command is cancelled via the L{Deferred} returned by L{SSHCommandClientEndpoint.connect}, the connection is closed immediately. """ self.realm.channelLookup[b"session"] = UnsatisfiedExecSession endpoint = self.create() factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.finishConnection() connected.cancel() f = self.failureResultOf(connected) f.trap(CancelledError) self.assertClientTransportState(client, True) def test_buildProtocol(self): """ Once the necessary SSH actions have completed successfully, L{SSHCommandClientEndpoint.connect} uses the factory passed to it to construct a protocol instance by calling its C{buildProtocol} method with an address object representing the SSH connection and command executed. """ self.realm.channelLookup[b"session"] = WorkingExecSession endpoint = self.create() factory = AddressSpyFactory() factory.protocol = Protocol endpoint.connect(factory) server, client, pump = self.finishConnection() self.assertIsInstance(factory.address, SSHCommandAddress) self.assertEqual(server.transport.getHost(), factory.address.server) self.assertEqual(self.user, factory.address.username) self.assertEqual(b"/bin/ls -l", factory.address.command) def test_makeConnection(self): """ L{SSHCommandClientEndpoint} establishes an SSH connection, creates a channel in it, runs a command in that channel, and uses the protocol's C{makeConnection} to associate it with a protocol representing that command's stdin and stdout. """ self.realm.channelLookup[b"session"] = WorkingExecSession endpoint = self.create() factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.finishConnection() protocol = self.successResultOf(connected) self.assertIsNotNone(protocol.transport) def test_dataReceived(self): """ After establishing the connection, when the command on the SSH server produces output, it is delivered to the protocol's C{dataReceived} method. """ self.realm.channelLookup[b"session"] = WorkingExecSession endpoint = self.create() factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.finishConnection() protocol = self.successResultOf(connected) dataReceived = [] protocol.dataReceived = dataReceived.append # Figure out which channel on the connection this protocol is # associated with so the test can do a write on it. channelId = protocol.transport.id server.service.channels[channelId].write(b"hello, world") pump.pump() self.assertEqual(b"hello, world", b"".join(dataReceived)) def test_connectionLost(self): """ When the command closes the channel, the protocol's C{connectionLost} method is called. """ self.realm.channelLookup[b"session"] = WorkingExecSession endpoint = self.create() factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.finishConnection() protocol = self.successResultOf(connected) connectionLost = [] protocol.connectionLost = connectionLost.append # Figure out which channel on the connection this protocol is # associated with so the test can do a write on it. channelId = protocol.transport.id server.service.channels[channelId].loseConnection() pump.pump() connectionLost[0].trap(ConnectionDone) self.assertClientTransportState(client, False) def _exitStatusTest(self, request, requestArg): """ Test handling of non-zero exit statuses or exit signals. """ self.realm.channelLookup[b"session"] = WorkingExecSession endpoint = self.create() factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.finishConnection() protocol = self.successResultOf(connected) connectionLost = [] protocol.connectionLost = connectionLost.append # Figure out which channel on the connection this protocol is # associated with so the test can simulate command exit and # channel close. channelId = protocol.transport.id channel = server.service.channels[channelId] server.service.sendRequest(channel, request, requestArg) channel.loseConnection() pump.pump() self.assertClientTransportState(client, False) return connectionLost[0] def test_zeroExitCode(self): """ When the command exits with a non-zero status, the protocol's C{connectionLost} method is called with a L{Failure} wrapping an exception which encapsulates that status. """ exitCode = 0 exc = self._exitStatusTest(b"exit-status", pack(">L", exitCode)) exc.trap(ConnectionDone) def test_nonZeroExitStatus(self): """ When the command exits with a non-zero status, the protocol's C{connectionLost} method is called with a L{Failure} wrapping an exception which encapsulates that status. """ exitCode = 123 signal = None exc = self._exitStatusTest(b"exit-status", pack(">L", exitCode)) exc.trap(ProcessTerminated) self.assertEqual(exitCode, exc.value.exitCode) self.assertEqual(signal, exc.value.signal) def test_nonZeroExitSignal(self): """ When the command exits with a non-zero signal, the protocol's C{connectionLost} method is called with a L{Failure} wrapping an exception which encapsulates that status. Additional packet contents are logged at the C{info} level. """ logObserver = EventLoggingObserver() globalLogPublisher.addObserver(logObserver) self.addCleanup(globalLogPublisher.removeObserver, logObserver) exitCode = None signal = 15 # See https://tools.ietf.org/html/rfc4254#section-6.10 packet = b"".join( [ common.NS(b"TERM"), # Signal name (without "SIG" prefix); # string b"\x01", # Core dumped; boolean common.NS(b"message"), # Error message; string (UTF-8 encoded) common.NS(b"en-US"), # Language tag; string ] ) exc = self._exitStatusTest(b"exit-signal", packet) exc.trap(ProcessTerminated) self.assertEqual(exitCode, exc.value.exitCode) self.assertEqual(signal, exc.value.signal) logNamespace = "twisted.conch.endpoints._CommandChannel" hamcrest.assert_that( logObserver, hamcrest.has_item( hamcrest.has_entries( { "log_level": hamcrest.equal_to(LogLevel.info), "log_namespace": logNamespace, "shortSignalName": b"TERM", "coreDumped": True, "errorMessage": "message", "languageTag": b"en-US", }, ) ), ) def record(self, server, protocol, event, noArgs=False): """ Hook into and record events which happen to C{protocol}. @param server: The SSH server protocol over which C{protocol} is running. @type server: L{IProtocol} provider @param protocol: @param event: @param noArgs: """ # Figure out which channel the test is going to send data over # so we can look for it to arrive at the right place on the server. channelId = protocol.transport.id recorder = [] if noArgs: f = lambda: recorder.append(None) else: f = recorder.append setattr(server.service.channels[channelId], event, f) return recorder def test_write(self): """ The transport connected to the protocol has a C{write} method which sends bytes to the input of the command executing on the SSH server. """ self.realm.channelLookup[b"session"] = WorkingExecSession endpoint = self.create() factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.finishConnection() protocol = self.successResultOf(connected) dataReceived = self.record(server, protocol, "dataReceived") protocol.transport.write(b"hello, world") pump.pump() self.assertEqual(b"hello, world", b"".join(dataReceived)) def test_writeSequence(self): """ The transport connected to the protocol has a C{writeSequence} method which sends bytes to the input of the command executing on the SSH server. """ self.realm.channelLookup[b"session"] = WorkingExecSession endpoint = self.create() factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.finishConnection() protocol = self.successResultOf(connected) dataReceived = self.record(server, protocol, "dataReceived") protocol.transport.writeSequence([b"hello, world"]) pump.pump() self.assertEqual(b"hello, world", b"".join(dataReceived)) class NewConnectionTests(TestCase, SSHCommandClientEndpointTestsMixin): """ Tests for L{SSHCommandClientEndpoint} when using the C{newConnection} constructor. """ def setUp(self): """ Configure an SSH server with password authentication enabled for a well-known (to the tests) account. """ SSHCommandClientEndpointTestsMixin.setUp(self) # Make the server's host key available to be verified by the client. self.hostKeyPath = FilePath(self.mktemp()) self.knownHosts = KnownHostsFile(self.hostKeyPath) self.knownHosts.addHostKey(self.hostname, self.factory.publicKeys[b"ssh-rsa"]) self.knownHosts.addHostKey( networkString(self.serverAddress.host), self.factory.publicKeys[b"ssh-rsa"] ) self.knownHosts.save() def create(self): """ Create and return a new L{SSHCommandClientEndpoint} using the C{newConnection} constructor. """ return SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", self.user, self.hostname, self.port, password=self.password, knownHosts=self.knownHosts, ui=FixedResponseUI(False), ) def finishConnection(self): """ Establish the first attempted TCP connection using the SSH server which C{self.factory} can create. """ return self.connectedServerAndClient( self.factory, self.reactor.tcpClients[0][2] ) def loseConnectionToServer(self, server, client, protocol, pump): """ Lose the connection to a server and pump the L{IOPump} sufficiently for the client to handle the lost connection. Asserts that the client disconnects its transport. @param server: The SSH server protocol over which C{protocol} is running. @type server: L{IProtocol} provider @param client: The SSH client protocol over which C{protocol} is running. @type client: L{IProtocol} provider @param protocol: The protocol created by calling connect on the ssh endpoint under test. @type protocol: L{IProtocol} provider @param pump: The L{IOPump} connecting client to server. @type pump: L{IOPump} """ closed = self.record(server, protocol, "closed", noArgs=True) protocol.transport.loseConnection() pump.pump() self.assertEqual([None], closed) # Let the last bit of network traffic flow. This lets the server's # close acknowledgement through, at which point the client can close # the overall SSH connection. pump.pump() # Given that the client transport is disconnecting, report the # disconnect from up to the ssh protocol. client.transport.reportDisconnect() def assertClientTransportState(self, client, immediateClose): """ Assert that the transport for the given protocol has been disconnected. L{SSHCommandClientEndpoint.newConnection} creates a new dedicated SSH connection and cleans it up after the command exits. """ # Nothing useful can be done with the connection at this point, so the # endpoint should close it. if immediateClose: self.assertTrue(client.transport.aborted) else: self.assertTrue(client.transport.disconnecting) def test_interface(self): """ L{SSHCommandClientEndpoint} instances provide L{IStreamClientEndpoint}. """ endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"dummy command", b"dummy user", self.hostname, self.port ) self.assertTrue(verifyObject(IStreamClientEndpoint, endpoint)) def test_defaultPort(self): """ L{SSHCommandClientEndpoint} uses the default port number for SSH when the C{port} argument is not specified. """ endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"dummy command", b"dummy user", self.hostname ) self.assertEqual(22, endpoint._creator.port) def test_specifiedPort(self): """ L{SSHCommandClientEndpoint} uses the C{port} argument if specified. """ endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"dummy command", b"dummy user", self.hostname, port=2222 ) self.assertEqual(2222, endpoint._creator.port) def test_destination(self): """ L{SSHCommandClientEndpoint} uses the L{IReactorTCP} passed to it to attempt a connection to the host/port address also passed to it. """ endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", self.user, self.hostname, self.port, password=self.password, knownHosts=self.knownHosts, ui=FixedResponseUI(False), ) factory = Factory() factory.protocol = Protocol endpoint.connect(factory) host, port, factory, timeout, bindAddress = self.reactor.tcpClients[0] self.assertEqual(self.hostname, networkString(host)) self.assertEqual(self.port, port) self.assertEqual(1, len(self.reactor.tcpClients)) def test_connectionFailed(self): """ If a connection cannot be established, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} representing the reason for the connection setup failure. """ endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", b"dummy user", self.hostname, self.port, knownHosts=self.knownHosts, ui=FixedResponseUI(False), ) factory = Factory() factory.protocol = Protocol d = endpoint.connect(factory) factory = self.reactor.tcpClients[0][2] factory.clientConnectionFailed(None, Failure(ConnectionRefusedError())) self.failureResultOf(d).trap(ConnectionRefusedError) def test_userRejectedHostKey(self): """ If the L{KnownHostsFile} instance used to construct L{SSHCommandClientEndpoint} rejects the SSH public key presented by the server, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping L{UserRejectedKey}. """ endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", b"dummy user", self.hostname, self.port, knownHosts=KnownHostsFile(self.mktemp()), ui=FixedResponseUI(False), ) factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.connectedServerAndClient( self.factory, self.reactor.tcpClients[0][2] ) f = self.failureResultOf(connected) f.trap(UserRejectedKey) def test_mismatchedHostKey(self): """ If the SSH public key presented by the SSH server does not match the previously remembered key, as reported by the L{KnownHostsFile} instance use to construct the endpoint, for that server, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping L{HostKeyChanged}. """ firstKey = Key.fromString(privateRSA_openssh).public() knownHosts = KnownHostsFile(FilePath(self.mktemp())) knownHosts.addHostKey(networkString(self.serverAddress.host), firstKey) # Add a different RSA key with the same hostname differentKey = Key.fromString( privateRSA_openssh_encrypted_aes, passphrase=b"testxp" ).public() knownHosts.addHostKey(self.hostname, differentKey) # The UI may answer true to any questions asked of it; they should # make no difference, since a mismatched key is not even optionally # allowed to complete a connection. ui = FixedResponseUI(True) endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", b"dummy user", self.hostname, self.port, password=b"dummy password", knownHosts=knownHosts, ui=ui, ) factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.connectedServerAndClient( self.factory, self.reactor.tcpClients[0][2] ) f = self.failureResultOf(connected) f.trap(HostKeyChanged) def test_connectionClosedBeforeSecure(self): """ If the connection closes at any point before the SSH transport layer has finished key exchange (ie, gotten to the point where we may attempt to authenticate), the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping the reason for the lost connection. """ endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", b"dummy user", self.hostname, self.port, knownHosts=self.knownHosts, ui=FixedResponseUI(False), ) factory = Factory() factory.protocol = Protocol d = endpoint.connect(factory) transport = StringTransport() factory = self.reactor.tcpClients[0][2] client = factory.buildProtocol(None) client.makeConnection(transport) client.connectionLost(Failure(ConnectionDone())) self.failureResultOf(d).trap(ConnectionDone) def test_connectionCancelledBeforeSecure(self): """ If the connection is cancelled before the SSH transport layer has finished key exchange (ie, gotten to the point where we may attempt to authenticate), the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping L{CancelledError} and the connection is aborted. """ endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", b"dummy user", self.hostname, self.port, knownHosts=self.knownHosts, ui=FixedResponseUI(False), ) factory = Factory() factory.protocol = Protocol d = endpoint.connect(factory) transport = AbortableFakeTransport(None, isServer=False) factory = self.reactor.tcpClients[0][2] client = factory.buildProtocol(None) client.makeConnection(transport) d.cancel() self.failureResultOf(d).trap(CancelledError) self.assertTrue(transport.aborted) # Make sure the connection closing doesn't result in unexpected # behavior when due to cancellation: client.connectionLost(Failure(ConnectionDone())) def test_connectionCancelledBeforeConnected(self): """ If the connection is cancelled before it finishes connecting, the connection attempt is stopped. """ endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", b"dummy user", self.hostname, self.port, knownHosts=self.knownHosts, ui=FixedResponseUI(False), ) factory = Factory() factory.protocol = Protocol d = endpoint.connect(factory) d.cancel() self.failureResultOf(d).trap(ConnectingCancelledError) self.assertTrue(self.reactor.connectors[0].stoppedConnecting) def test_passwordAuthenticationFailure(self): """ If the SSH server rejects the password presented during authentication, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping L{AuthenticationFailed}. """ endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", b"dummy user", self.hostname, self.port, password=b"dummy password", knownHosts=self.knownHosts, ui=FixedResponseUI(False), ) factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.connectedServerAndClient( self.factory, self.reactor.tcpClients[0][2] ) # For security, the server delays password authentication failure # response. Advance the simulation clock so the client sees the # failure. self.reactor.advance(server.service.passwordDelay) # Let the failure response traverse the "network" pump.flush() f = self.failureResultOf(connected) f.trap(AuthenticationFailed) # XXX Should assert something specific about the arguments of the # exception self.assertClientTransportState(client, False) def setupKeyChecker(self, portal, users): """ Create an L{ISSHPrivateKey} checker which recognizes C{users} and add it to C{portal}. @param portal: A L{Portal} to which to add the checker. @type portal: L{Portal} @param users: The users and their keys the checker will recognize. Keys are byte strings giving user names. Values are byte strings giving OpenSSH-formatted private keys. @type users: L{dict} """ mapping = {k: [Key.fromString(v).public()] for k, v in users.items()} checker = SSHPublicKeyChecker(InMemorySSHKeyDB(mapping)) portal.registerChecker(checker) def test_publicKeyAuthenticationFailure(self): """ If the SSH server rejects the key pair presented during authentication, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping L{AuthenticationFailed}. """ badKey = Key.fromString(privateRSA_openssh) self.setupKeyChecker(self.portal, {self.user: privateDSA_openssh}) endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", self.user, self.hostname, self.port, keys=[badKey], knownHosts=self.knownHosts, ui=FixedResponseUI(False), ) factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.connectedServerAndClient( self.factory, self.reactor.tcpClients[0][2] ) f = self.failureResultOf(connected) f.trap(AuthenticationFailed) # XXX Should assert something specific about the arguments of the # exception # Nothing useful can be done with the connection at this point, so the # endpoint should close it. self.assertTrue(client.transport.disconnecting) def test_authenticationFallback(self): """ If the SSH server does not accept any of the specified SSH keys, the specified password is tried. """ badKey = Key.fromString(privateRSA_openssh) self.setupKeyChecker(self.portal, {self.user: privateDSA_openssh}) endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", self.user, self.hostname, self.port, keys=[badKey], password=self.password, knownHosts=self.knownHosts, ui=FixedResponseUI(False), ) factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) # Exercising fallback requires a failed authentication attempt. Allow # one. self.factory.attemptsBeforeDisconnect += 1 server, client, pump = self.connectedServerAndClient( self.factory, self.reactor.tcpClients[0][2] ) pump.pump() # The server logs the channel open failure - this is expected. errors = self.flushLoggedErrors(ConchError) self.assertIn("unknown channel", (errors[0].value.data, errors[0].value.value)) self.assertEqual(1, len(errors)) # Now deal with the results on the endpoint side. f = self.failureResultOf(connected) f.trap(ConchError) self.assertEqual(b"unknown channel", f.value.value) # Nothing useful can be done with the connection at this point, so the # endpoint should close it. self.assertTrue(client.transport.disconnecting) def test_publicKeyAuthentication(self): """ If L{SSHCommandClientEndpoint} is initialized with any private keys, it will try to use them to authenticate with the SSH server. """ key = Key.fromString(privateDSA_openssh) self.setupKeyChecker(self.portal, {self.user: privateDSA_openssh}) self.realm.channelLookup[b"session"] = WorkingExecSession endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", self.user, self.hostname, self.port, keys=[key], knownHosts=self.knownHosts, ui=FixedResponseUI(False), ) factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.connectedServerAndClient( self.factory, self.reactor.tcpClients[0][2] ) protocol = self.successResultOf(connected) self.assertIsNotNone(protocol.transport) def test_skipPasswordAuthentication(self): """ If the password is not specified, L{SSHCommandClientEndpoint} doesn't try it as an authentication mechanism. """ endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", self.user, self.hostname, self.port, knownHosts=self.knownHosts, ui=FixedResponseUI(False), ) factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.connectedServerAndClient( self.factory, self.reactor.tcpClients[0][2] ) pump.pump() # Now deal with the results on the endpoint side. f = self.failureResultOf(connected) f.trap(AuthenticationFailed) # Nothing useful can be done with the connection at this point, so the # endpoint should close it. self.assertTrue(client.transport.disconnecting) def test_agentAuthentication(self): """ If L{SSHCommandClientEndpoint} is initialized with an L{SSHAgentClient}, the agent is used to authenticate with the SSH server. Once the connection with the SSH server has concluded, the connection to the agent is disconnected. """ key = Key.fromString(privateRSA_openssh) agentServer = SSHAgentServer() agentServer.factory = Factory() agentServer.factory.keys = {key.blob(): (key, b"")} self.setupKeyChecker(self.portal, {self.user: privateRSA_openssh}) agentEndpoint = SingleUseMemoryEndpoint(agentServer) endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", self.user, self.hostname, self.port, knownHosts=self.knownHosts, ui=FixedResponseUI(False), agentEndpoint=agentEndpoint, ) self.realm.channelLookup[b"session"] = WorkingExecSession factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.connectedServerAndClient( self.factory, self.reactor.tcpClients[0][2] ) # Let the agent client talk with the agent server and the ssh client # talk with the ssh server. for i in range(14): agentEndpoint.pump.pump() pump.pump() protocol = self.successResultOf(connected) self.assertIsNotNone(protocol.transport) # Ensure the connection with the agent is cleaned up after the # connection with the server is lost. self.loseConnectionToServer(server, client, protocol, pump) self.assertTrue(client.transport.disconnecting) self.assertTrue(agentEndpoint.pump.clientIO.disconnecting) def test_loseConnection(self): """ The transport connected to the protocol has a C{loseConnection} method which causes the channel in which the command is running to close and the overall connection to be closed. """ self.realm.channelLookup[b"session"] = WorkingExecSession endpoint = self.create() factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.finishConnection() protocol = self.successResultOf(connected) self.loseConnectionToServer(server, client, protocol, pump) # Nothing useful can be done with the connection at this point, so the # endpoint should close it. self.assertTrue(client.transport.disconnecting) class ExistingConnectionTests(TestCase, SSHCommandClientEndpointTestsMixin): """ Tests for L{SSHCommandClientEndpoint} when using the C{existingConnection} constructor. """ def setUp(self): """ Configure an SSH server with password authentication enabled for a well-known (to the tests) account. """ SSHCommandClientEndpointTestsMixin.setUp(self) knownHosts = KnownHostsFile(FilePath(self.mktemp())) knownHosts.addHostKey(self.hostname, self.factory.publicKeys[b"ssh-rsa"]) knownHosts.addHostKey( networkString(self.serverAddress.host), self.factory.publicKeys[b"ssh-rsa"] ) self.endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", self.user, self.hostname, self.port, password=self.password, knownHosts=knownHosts, ui=FixedResponseUI(False), ) def create(self): """ Create and return a new L{SSHCommandClientEndpoint} using the C{existingConnection} constructor. """ factory = Factory() factory.protocol = Protocol connected = self.endpoint.connect(factory) # Please, let me in. This kinda sucks. channelLookup = self.realm.channelLookup.copy() try: self.realm.channelLookup[b"session"] = WorkingExecSession server, client, pump = self.connectedServerAndClient( self.factory, self.reactor.tcpClients[0][2] ) finally: self.realm.channelLookup.clear() self.realm.channelLookup.update(channelLookup) self._server = server self._client = client self._pump = pump protocol = self.successResultOf(connected) connection = protocol.transport.conn return SSHCommandClientEndpoint.existingConnection(connection, b"/bin/ls -l") def finishConnection(self): """ Give back the connection established in L{create} over which the new command channel being tested will exchange data. """ # The connection was set up and the first command channel set up, but # some more I/O needs to happen for the second command channel to be # ready. Make that I/O happen before giving back the objects. self._pump.pump() self._pump.pump() self._pump.pump() self._pump.pump() return self._server, self._client, self._pump def assertClientTransportState(self, client, immediateClose): """ Assert that the transport for the given protocol is still connected. L{SSHCommandClientEndpoint.existingConnection} re-uses an SSH connected created by some other code, so other code is responsible for cleaning it up. """ self.assertFalse(client.transport.disconnecting) self.assertFalse(client.transport.aborted) class ExistingConnectionHelperTests(TestCase): """ Tests for L{_ExistingConnectionHelper}. """ def test_interface(self): """ L{_ExistingConnectionHelper} implements L{_ISSHConnectionCreator}. """ self.assertTrue(verifyClass(_ISSHConnectionCreator, _ExistingConnectionHelper)) def test_secureConnection(self): """ L{_ExistingConnectionHelper.secureConnection} returns a L{Deferred} which fires with whatever object was fed to L{_ExistingConnectionHelper.__init__}. """ result = object() helper = _ExistingConnectionHelper(result) self.assertIs(result, self.successResultOf(helper.secureConnection())) def test_cleanupConnectionNotImmediately(self): """ L{_ExistingConnectionHelper.cleanupConnection} does nothing to the existing connection if called with C{immediate} set to C{False}. """ helper = _ExistingConnectionHelper(object()) # Bit hard to test nothing happens. However, since object() has no # relevant methods or attributes, if the code is incorrect we can # expect an AttributeError. helper.cleanupConnection(object(), False) def test_cleanupConnectionImmediately(self): """ L{_ExistingConnectionHelper.cleanupConnection} does nothing to the existing connection if called with C{immediate} set to C{True}. """ helper = _ExistingConnectionHelper(object()) # Bit hard to test nothing happens. However, since object() has no # relevant methods or attributes, if the code is incorrect we can # expect an AttributeError. helper.cleanupConnection(object(), True) class _PTYPath: """ A L{FilePath}-like object which can be opened to create a L{_ReadFile} with certain contents. """ def __init__(self, contents): """ @param contents: L{bytes} which will be the contents of the L{_ReadFile} this path can open. """ self.contents = contents def open(self, mode): """ If the mode is r+, return a L{_ReadFile} with the contents given to this path's initializer. @raise OSError: If the mode is unsupported. @return: A L{_ReadFile} instance """ if mode == "rb+": return _ReadFile(self.contents) raise OSError(ENOSYS, "Function not implemented") class NewConnectionHelperTests(TestCase): """ Tests for L{_NewConnectionHelper}. """ def test_interface(self): """ L{_NewConnectionHelper} implements L{_ISSHConnectionCreator}. """ self.assertTrue(verifyClass(_ISSHConnectionCreator, _NewConnectionHelper)) def test_defaultPath(self): """ The default I{known_hosts} path is I{~/.ssh/known_hosts}. """ self.assertEqual("~/.ssh/known_hosts", _NewConnectionHelper._KNOWN_HOSTS) def test_defaultKnownHosts(self): """ L{_NewConnectionHelper._knownHosts} is used to create a L{KnownHostsFile} if one is not passed to the initializer. """ result = object() self.patch(_NewConnectionHelper, "_knownHosts", lambda cls: result) helper = _NewConnectionHelper( None, None, None, None, None, None, None, None, None, None ) self.assertIs(result, helper.knownHosts) def test_readExisting(self): """ Existing entries in the I{known_hosts} file are reflected by the L{KnownHostsFile} created by L{_NewConnectionHelper} when none is supplied to it. """ key = CommandFactory().publicKeys[b"ssh-rsa"] path = FilePath(self.mktemp()) knownHosts = KnownHostsFile(path) knownHosts.addHostKey(b"127.0.0.1", key) knownHosts.save() msg(f"Created known_hosts file at {path.path!r}") # Unexpand ${HOME} to make sure ~ syntax is respected. home = os.path.expanduser("~/") default = path.path.replace(home, "~/") self.patch(_NewConnectionHelper, "_KNOWN_HOSTS", default) msg(f"Patched _KNOWN_HOSTS with {default!r}") loaded = _NewConnectionHelper._knownHosts() self.assertTrue(loaded.hasHostKey(b"127.0.0.1", key)) def test_defaultConsoleUI(self): """ If L{None} is passed for the C{ui} parameter to L{_NewConnectionHelper}, a L{ConsoleUI} is used. """ helper = _NewConnectionHelper( None, None, None, None, None, None, None, None, None, None ) self.assertIsInstance(helper.ui, ConsoleUI) def test_ttyConsoleUI(self): """ If L{None} is passed for the C{ui} parameter to L{_NewConnectionHelper} and /dev/tty is available, the L{ConsoleUI} used is associated with /dev/tty. """ tty = _PTYPath(b"yes") helper = _NewConnectionHelper( None, None, None, None, None, None, None, None, None, None, tty ) result = self.successResultOf(helper.ui.prompt(b"does this work?")) self.assertTrue(result) def test_nottyUI(self): """ If L{None} is passed for the C{ui} parameter to L{_NewConnectionHelper} and /dev/tty is not available, the L{ConsoleUI} used is associated with some file which always produces a C{b"no"} response. """ tty = FilePath(self.mktemp()) helper = _NewConnectionHelper( None, None, None, None, None, None, None, None, None, None, tty ) result = self.successResultOf(helper.ui.prompt(b"did this break?")) self.assertFalse(result) def test_defaultTTYFilename(self): """ If not passed the name of a tty in the filesystem, L{_NewConnectionHelper} uses C{b"/dev/tty"}. """ helper = _NewConnectionHelper( None, None, None, None, None, None, None, None, None, None ) self.assertEqual(FilePath(b"/dev/tty"), helper.tty) def test_cleanupConnectionNotImmediately(self): """ L{_NewConnectionHelper.cleanupConnection} closes the transport cleanly if called with C{immediate} set to C{False}. """ helper = _NewConnectionHelper( None, None, None, None, None, None, None, None, None, None ) connection = SSHConnection() connection.transport = StringTransport() helper.cleanupConnection(connection, False) self.assertTrue(connection.transport.disconnecting) def test_cleanupConnectionImmediately(self): """ L{_NewConnectionHelper.cleanupConnection} closes the transport with C{abortConnection} if called with C{immediate} set to C{True}. """ class Abortable: aborted = False def abortConnection(self): """ Abort the connection. """ self.aborted = True helper = _NewConnectionHelper( None, None, None, None, None, None, None, None, None, None ) connection = SSHConnection() connection.transport = SSHClientTransport() connection.transport.transport = Abortable() helper.cleanupConnection(connection, True) self.assertTrue(connection.transport.transport.aborted) ��test/test_channel.py��0000644��00000027627�15027667726�0010604 0��ustar�00��# Copyright Twisted Matrix Laboratories. # See LICENSE for details. """ Test ssh/channel.py. """ from unittest import skipIf from zope.interface.verify import verifyObject try: from twisted.conch.ssh import channel from twisted.conch.ssh.address import SSHTransportAddress from twisted.conch.ssh.service import SSHService from twisted.conch.ssh.transport import SSHServerTransport from twisted.internet import interfaces from twisted.internet.address import IPv4Address from twisted.test.proto_helpers import StringTransport skipTest = "" except ImportError: skipTest = "Conch SSH not supported." SSHService = object # type: ignore[assignment,misc] from twisted.trial.unittest import TestCase class MockConnection(SSHService): """ A mock for twisted.conch.ssh.connection.SSHConnection. Record the data that channels send, and when they try to close the connection. @ivar data: a L{dict} mapping channel id #s to lists of data sent by that channel. @ivar extData: a L{dict} mapping channel id #s to lists of 2-tuples (extended data type, data) sent by that channel. @ivar closes: a L{dict} mapping channel id #s to True if that channel sent a close message. """ def __init__(self): self.data = {} self.extData = {} self.closes = {} def logPrefix(self): """ Return our logging prefix. """ return "MockConnection" def sendData(self, channel, data): """ Record the sent data. """ self.data.setdefault(channel, []).append(data) def sendExtendedData(self, channel, type, data): """ Record the sent extended data. """ self.extData.setdefault(channel, []).append((type, data)) def sendClose(self, channel): """ Record that the channel sent a close message. """ self.closes[channel] = True def connectSSHTransport(service, hostAddress=None, peerAddress=None): """ Connect a SSHTransport which is already connected to a remote peer to the channel under test. @param service: Service used over the connected transport. @type service: L{SSHService} @param hostAddress: Local address of the connected transport. @type hostAddress: L{interfaces.IAddress} @param peerAddress: Remote address of the connected transport. @type peerAddress: L{interfaces.IAddress} """ transport = SSHServerTransport() transport.makeConnection( StringTransport(hostAddress=hostAddress, peerAddress=peerAddress) ) transport.setService(service) @skipIf(skipTest, skipTest) class ChannelTests(TestCase): """ Tests for L{SSHChannel}. """ def setUp(self): """ Initialize the channel. remoteMaxPacket is 10 so that data is able to be sent (the default of 0 means no data is sent because no packets are made). """ self.conn = MockConnection() self.channel = channel.SSHChannel(conn=self.conn, remoteMaxPacket=10) self.channel.name = b"channel" def test_interface(self): """ L{SSHChannel} instances provide L{interfaces.ITransport}. """ self.assertTrue(verifyObject(interfaces.ITransport, self.channel)) def test_init(self): """ Test that SSHChannel initializes correctly. localWindowSize defaults to 131072 (217) and localMaxPacket to 32768 (215) as reasonable defaults (what OpenSSH uses for those variables). The values in the second set of assertions are meaningless; they serve only to verify that the instance variables are assigned in the correct order. """ c = channel.SSHChannel(conn=self.conn) self.assertEqual(c.localWindowSize, 131072) self.assertEqual(c.localWindowLeft, 131072) self.assertEqual(c.localMaxPacket, 32768) self.assertEqual(c.remoteWindowLeft, 0) self.assertEqual(c.remoteMaxPacket, 0) self.assertEqual(c.conn, self.conn) self.assertIsNone(c.data) self.assertIsNone(c.avatar) c2 = channel.SSHChannel(1, 2, 3, 4, 5, 6, 7) self.assertEqual(c2.localWindowSize, 1) self.assertEqual(c2.localWindowLeft, 1) self.assertEqual(c2.localMaxPacket, 2) self.assertEqual(c2.remoteWindowLeft, 3) self.assertEqual(c2.remoteMaxPacket, 4) self.assertEqual(c2.conn, 5) self.assertEqual(c2.data, 6) self.assertEqual(c2.avatar, 7) def test_str(self): """ Test that str(SSHChannel) works gives the channel name and local and remote windows at a glance.. """ self.assertEqual(str(self.channel), "<SSHChannel channel (lw 131072 rw 0)>") self.assertEqual( str(channel.SSHChannel(localWindow=1)), "<SSHChannel None (lw 1 rw 0)>" ) def test_bytes(self): """ Test that bytes(SSHChannel) works, gives the channel name and local and remote windows at a glance.. """ self.assertEqual( self.channel.__bytes__(), b"<SSHChannel channel (lw 131072 rw 0)>" ) self.assertEqual( channel.SSHChannel(localWindow=1).__bytes__(), b"<SSHChannel None (lw 1 rw 0)>", ) def test_logPrefix(self): """ Test that SSHChannel.logPrefix gives the name of the channel, the local channel ID and the underlying connection. """ self.assertEqual( self.channel.logPrefix(), "SSHChannel channel (unknown) on MockConnection" ) def test_addWindowBytes(self): """ Test that addWindowBytes adds bytes to the window and resumes writing if it was paused. """ cb = [False] def stubStartWriting(): cb[0] = True self.channel.startWriting = stubStartWriting self.channel.write(b"test") self.channel.writeExtended(1, b"test") self.channel.addWindowBytes(50) self.assertEqual(self.channel.remoteWindowLeft, 50 - 4 - 4) self.assertTrue(self.channel.areWriting) self.assertTrue(cb[0]) self.assertEqual(self.channel.buf, b"") self.assertEqual(self.conn.data[self.channel], [b"test"]) self.assertEqual(self.channel.extBuf, []) self.assertEqual(self.conn.extData[self.channel], [(1, b"test")]) cb[0] = False self.channel.addWindowBytes(20) self.assertFalse(cb[0]) self.channel.write(b"a" * 80) self.channel.loseConnection() self.channel.addWindowBytes(20) self.assertFalse(cb[0]) def test_requestReceived(self): """ Test that requestReceived handles requests by dispatching them to request_* methods. """ self.channel.request_test_method = lambda data: data == b"" self.assertTrue(self.channel.requestReceived(b"test-method", b"")) self.assertFalse(self.channel.requestReceived(b"test-method", b"a")) self.assertFalse(self.channel.requestReceived(b"bad-method", b"")) def test_closeReceieved(self): """ Test that the default closeReceieved closes the connection. """ self.assertFalse(self.channel.closing) self.channel.closeReceived() self.assertTrue(self.channel.closing) def test_write(self): """ Test that write handles data correctly. Send data up to the size of the remote window, splitting the data into packets of length remoteMaxPacket. """ cb = [False] def stubStopWriting(): cb[0] = True # no window to start with self.channel.stopWriting = stubStopWriting self.channel.write(b"d") self.channel.write(b"a") self.assertFalse(self.channel.areWriting) self.assertTrue(cb[0]) # regular write self.channel.addWindowBytes(20) self.channel.write(b"ta") data = self.conn.data[self.channel] self.assertEqual(data, [b"da", b"ta"]) self.assertEqual(self.channel.remoteWindowLeft, 16) # larger than max packet self.channel.write(b"12345678901") self.assertEqual(data, [b"da", b"ta", b"1234567890", b"1"]) self.assertEqual(self.channel.remoteWindowLeft, 5) # running out of window cb[0] = False self.channel.write(b"123456") self.assertFalse(self.channel.areWriting) self.assertTrue(cb[0]) self.assertEqual(data, [b"da", b"ta", b"1234567890", b"1", b"12345"]) self.assertEqual(self.channel.buf, b"6") self.assertEqual(self.channel.remoteWindowLeft, 0) def test_writeExtended(self): """ Test that writeExtended handles data correctly. Send extended data up to the size of the window, splitting the extended data into packets of length remoteMaxPacket. """ cb = [False] def stubStopWriting(): cb[0] = True # no window to start with self.channel.stopWriting = stubStopWriting self.channel.writeExtended(1, b"d") self.channel.writeExtended(1, b"a") self.channel.writeExtended(2, b"t") self.assertFalse(self.channel.areWriting) self.assertTrue(cb[0]) # regular write self.channel.addWindowBytes(20) self.channel.writeExtended(2, b"a") data = self.conn.extData[self.channel] self.assertEqual(data, [(1, b"da"), (2, b"t"), (2, b"a")]) self.assertEqual(self.channel.remoteWindowLeft, 16) # larger than max packet self.channel.writeExtended(3, b"12345678901") self.assertEqual( data, [(1, b"da"), (2, b"t"), (2, b"a"), (3, b"1234567890"), (3, b"1")] ) self.assertEqual(self.channel.remoteWindowLeft, 5) # running out of window cb[0] = False self.channel.writeExtended(4, b"123456") self.assertFalse(self.channel.areWriting) self.assertTrue(cb[0]) self.assertEqual( data, [ (1, b"da"), (2, b"t"), (2, b"a"), (3, b"1234567890"), (3, b"1"), (4, b"12345"), ], ) self.assertEqual(self.channel.extBuf, [[4, b"6"]]) self.assertEqual(self.channel.remoteWindowLeft, 0) def test_writeSequence(self): """ Test that writeSequence is equivalent to write(''.join(sequece)). """ self.channel.addWindowBytes(20) self.channel.writeSequence(b"%d" % (i,) for i in range(10)) self.assertEqual(self.conn.data[self.channel], [b"0123456789"]) def test_loseConnection(self): """ Tesyt that loseConnection() doesn't close the channel until all the data is sent. """ self.channel.write(b"data") self.channel.writeExtended(1, b"datadata") self.channel.loseConnection() self.assertIsNone(self.conn.closes.get(self.channel)) self.channel.addWindowBytes(4) # send regular data self.assertIsNone(self.conn.closes.get(self.channel)) self.channel.addWindowBytes(8) # send extended data self.assertTrue(self.conn.closes.get(self.channel)) def test_getPeer(self): """ L{SSHChannel.getPeer} returns the same object as the underlying transport's C{getPeer} method returns. """ peer = IPv4Address("TCP", "192.168.0.1", 54321) connectSSHTransport(service=self.channel.conn, peerAddress=peer) self.assertEqual(SSHTransportAddress(peer), self.channel.getPeer()) def test_getHost(self): """ L{SSHChannel.getHost} returns the same object as the underlying transport's C{getHost} method returns. """ host = IPv4Address("TCP", "127.0.0.1", 12345) connectSSHTransport(service=self.channel.conn, hostAddress=host) self.assertEqual(SSHTransportAddress(host), self.channel.getHost()) ��test/test_window.py��0000644��00000004101�15027667726�0010461 0��ustar�00��""" Tests for the insults windowing module, L{twisted.conch.insults.window}. """ from twisted.conch.insults.window import ScrolledArea, TextOutput, TopWindow from twisted.trial.unittest import TestCase class TopWindowTests(TestCase): """ Tests for L{TopWindow}, the root window container class. """ def test_paintScheduling(self): """ Verify that L{TopWindow.repaint} schedules an actual paint to occur using the scheduling object passed to its initializer. """ paints = [] scheduled = [] root = TopWindow(lambda: paints.append(None), scheduled.append) # Nothing should have happened yet. self.assertEqual(paints, []) self.assertEqual(scheduled, []) # Cause a paint to be scheduled. root.repaint() self.assertEqual(paints, []) self.assertEqual(len(scheduled), 1) # Do another one to verify nothing else happens as long as the previous # one is still pending. root.repaint() self.assertEqual(paints, []) self.assertEqual(len(scheduled), 1) # Run the actual paint call. scheduled.pop()() self.assertEqual(len(paints), 1) self.assertEqual(scheduled, []) # Do one more to verify that now that the previous one is finished # future paints will succeed. root.repaint() self.assertEqual(len(paints), 1) self.assertEqual(len(scheduled), 1) class ScrolledAreaTests(TestCase): """ Tests for L{ScrolledArea}, a widget which creates a viewport containing another widget and can reposition that viewport using scrollbars. """ def test_parent(self): """ The parent of the widget passed to L{ScrolledArea} is set to a new L{Viewport} created by the L{ScrolledArea} which itself has the L{ScrolledArea} instance as its parent. """ widget = TextOutput() scrolled = ScrolledArea(widget) self.assertIs(widget.parent, scrolled._viewport) self.assertIs(scrolled._viewport.parent, scrolled) ��test/test_manhole.py��0000644��00000031711�15027667726�0010604 0��ustar�00��# -- test-case-name: twisted.conch.test.test_manhole -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. # pylint: disable=I0011,W9401,W9402 """ Tests for L{twisted.conch.manhole}. """ import traceback from typing import Optional ssh: Optional[bool] = None from twisted.conch import manhole from twisted.conch.insults import insults from twisted.conch.test.test_recvline import ( _SSHMixin, _StdioMixin, _TelnetMixin, ssh, stdio, ) from twisted.internet import defer, error from twisted.test.proto_helpers import StringTransport from twisted.trial import unittest def determineDefaultFunctionName(): """ Return the string used by Python as the name for code objects which are compiled from interactive input or at the top-level of modules. """ try: 1 // 0 except BaseException: # The last frame is this function. The second to last frame is this # function's caller, which is module-scope, which is what we want, # so -2. return traceback.extract_stack()[-2][2] defaultFunctionName = determineDefaultFunctionName() class ManholeInterpreterTests(unittest.TestCase): """ Tests for L{manhole.ManholeInterpreter}. """ def test_resetBuffer(self): """ L{ManholeInterpreter.resetBuffer} should empty the input buffer. """ interpreter = manhole.ManholeInterpreter(None) interpreter.buffer.extend(["1", "2"]) interpreter.resetBuffer() self.assertFalse(interpreter.buffer) class ManholeProtocolTests(unittest.TestCase): """ Tests for L{manhole.Manhole}. """ def test_interruptResetsInterpreterBuffer(self): """ L{manhole.Manhole.handle_INT} should cause the interpreter input buffer to be reset. """ transport = StringTransport() terminal = insults.ServerProtocol(manhole.Manhole) terminal.makeConnection(transport) protocol = terminal.terminalProtocol interpreter = protocol.interpreter interpreter.buffer.extend(["1", "2"]) protocol.handle_INT() self.assertFalse(interpreter.buffer) class WriterTests(unittest.TestCase): def test_Integer(self): """ Colorize an integer. """ manhole.lastColorizedLine("1") def test_DoubleQuoteString(self): """ Colorize an integer in double quotes. """ manhole.lastColorizedLine('"1"') def test_SingleQuoteString(self): """ Colorize an integer in single quotes. """ manhole.lastColorizedLine("'1'") def test_TripleSingleQuotedString(self): """ Colorize an integer in triple quotes. """ manhole.lastColorizedLine("'''1'''") def test_TripleDoubleQuotedString(self): """ Colorize an integer in triple and double quotes. """ manhole.lastColorizedLine('"""1"""') def test_FunctionDefinition(self): """ Colorize a function definition. """ manhole.lastColorizedLine("def foo():") def test_ClassDefinition(self): """ Colorize a class definition. """ manhole.lastColorizedLine("class foo:") def test_unicode(self): """ Colorize a Unicode string. """ res = manhole.lastColorizedLine("\u0438") self.assertTrue(isinstance(res, bytes)) def test_bytes(self): """ Colorize a UTF-8 byte string. """ res = manhole.lastColorizedLine(b"\xd0\xb8") self.assertTrue(isinstance(res, bytes)) def test_identicalOutput(self): """ The output of UTF-8 bytestrings and Unicode strings are identical. """ self.assertEqual( manhole.lastColorizedLine(b"\xd0\xb8"), manhole.lastColorizedLine("\u0438") ) class ManholeLoopbackMixin: serverProtocol = manhole.ColoredManhole def wfd(self, d): return defer.waitForDeferred(d) def test_SimpleExpression(self): """ Evaluate simple expression. """ done = self.recvlineClient.expect(b"done") self._testwrite(b"1 + 1\n" b"done") def finished(ign): self._assertBuffer([b">>> 1 + 1", b"2", b">>> done"]) return done.addCallback(finished) def test_TripleQuoteLineContinuation(self): """ Evaluate line continuation in triple quotes. """ done = self.recvlineClient.expect(b"done") self._testwrite(b"'''\n'''\n" b"done") def finished(ign): self._assertBuffer([b">>> '''", b"... '''", b"'\\n'", b">>> done"]) return done.addCallback(finished) def test_FunctionDefinition(self): """ Evaluate function definition. """ done = self.recvlineClient.expect(b"done") self._testwrite(b"def foo(bar):\n" b"\tprint(bar)\n\n" b"foo(42)\n" b"done") def finished(ign): self._assertBuffer( [ b">>> def foo(bar):", b"... print(bar)", b"... ", b">>> foo(42)", b"42", b">>> done", ] ) return done.addCallback(finished) def test_ClassDefinition(self): """ Evaluate class definition. """ done = self.recvlineClient.expect(b"done") self._testwrite( b"class Foo:\n" b"\tdef bar(self):\n" b"\t\tprint('Hello, world!')\n\n" b"Foo().bar()\n" b"done" ) def finished(ign): self._assertBuffer( [ b">>> class Foo:", b"... def bar(self):", b"... print('Hello, world!')", b"... ", b">>> Foo().bar()", b"Hello, world!", b">>> done", ] ) return done.addCallback(finished) def test_Exception(self): """ Evaluate raising an exception. """ done = self.recvlineClient.expect(b"done") self._testwrite(b"raise Exception('foo bar baz')\n" b"done") def finished(ign): self._assertBuffer( [ b">>> raise Exception('foo bar baz')", b"Traceback (most recent call last):", b' File "<console>", line 1, in ' + defaultFunctionName.encode("utf-8"), b"Exception: foo bar baz", b">>> done", ] ) return done.addCallback(finished) def test_ControlC(self): """ Evaluate interrupting with CTRL-C. """ done = self.recvlineClient.expect(b"done") self._testwrite(b"cancelled line" + manhole.CTRL_C + b"done") def finished(ign): self._assertBuffer( [b">>> cancelled line", b"KeyboardInterrupt", b">>> done"] ) return done.addCallback(finished) def test_interruptDuringContinuation(self): """ Sending ^C to Manhole while in a state where more input is required to complete a statement should discard the entire ongoing statement and reset the input prompt to the non-continuation prompt. """ continuing = self.recvlineClient.expect(b"things") self._testwrite(b"(\nthings") def gotContinuation(ignored): self._assertBuffer([b">>> (", b"... things"]) interrupted = self.recvlineClient.expect(b">>> ") self._testwrite(manhole.CTRL_C) return interrupted continuing.addCallback(gotContinuation) def gotInterruption(ignored): self._assertBuffer([b">>> (", b"... things", b"KeyboardInterrupt", b">>> "]) continuing.addCallback(gotInterruption) return continuing def test_ControlBackslash(self): r""" Evaluate cancelling with CTRL-\. """ self._testwrite(b"cancelled line") partialLine = self.recvlineClient.expect(b"cancelled line") def gotPartialLine(ign): self._assertBuffer([b">>> cancelled line"]) self._testwrite(manhole.CTRL_BACKSLASH) d = self.recvlineClient.onDisconnection return self.assertFailure(d, error.ConnectionDone) def gotClearedLine(ign): self._assertBuffer([b""]) return partialLine.addCallback(gotPartialLine).addCallback(gotClearedLine) @defer.inlineCallbacks def test_controlD(self): """ A CTRL+D in the middle of a line doesn't close a connection, but at the beginning of a line it does. """ self._testwrite(b"1 + 1") yield self.recvlineClient.expect(br"\+ 1") self._assertBuffer([b">>> 1 + 1"]) self._testwrite(manhole.CTRL_D + b" + 1") yield self.recvlineClient.expect(br"\+ 1") self._assertBuffer([b">>> 1 + 1 + 1"]) self._testwrite(b"\n") yield self.recvlineClient.expect(b"3\n>>> ") self._testwrite(manhole.CTRL_D) d = self.recvlineClient.onDisconnection yield self.assertFailure(d, error.ConnectionDone) @defer.inlineCallbacks def test_ControlL(self): """ CTRL+L is generally used as a redraw-screen command in terminal applications. Manhole doesn't currently respect this usage of it, but it should at least do something reasonable in response to this event (rather than, say, eating your face). """ # Start off with a newline so that when we clear the display we can # tell by looking for the missing first empty prompt line. self._testwrite(b"\n1 + 1") yield self.recvlineClient.expect(br"\+ 1") self._assertBuffer([b">>> ", b">>> 1 + 1"]) self._testwrite(manhole.CTRL_L + b" + 1") yield self.recvlineClient.expect(br"1 \+ 1 \+ 1") self._assertBuffer([b">>> 1 + 1 + 1"]) def test_controlA(self): """ CTRL-A can be used as HOME - returning cursor to beginning of current line buffer. """ self._testwrite(b'rint "hello"' + b"\x01" + b"p") d = self.recvlineClient.expect(b'print "hello"') def cb(ignore): self._assertBuffer([b'>>> print "hello"']) return d.addCallback(cb) def test_controlE(self): """ CTRL-E can be used as END - setting cursor to end of current line buffer. """ self._testwrite(b'rint "hello' + b"\x01" + b"p" + b"\x05" + b'"') d = self.recvlineClient.expect(b'print "hello"') def cb(ignore): self._assertBuffer([b'>>> print "hello"']) return d.addCallback(cb) @defer.inlineCallbacks def test_deferred(self): """ When a deferred is returned to the manhole REPL, it is displayed with a sequence number, and when the deferred fires, the result is printed. """ self._testwrite( b"from twisted.internet import defer, reactor\n" b"d = defer.Deferred()\n" b"d\n" ) yield self.recvlineClient.expect(b"<Deferred #0>") self._testwrite(b"c = reactor.callLater(0.1, d.callback, 'Hi!')\n") yield self.recvlineClient.expect(b">>> ") yield self.recvlineClient.expect(b"Deferred #0 called back: 'Hi!'\n>>> ") self._assertBuffer( [ b">>> from twisted.internet import defer, reactor", b">>> d = defer.Deferred()", b">>> d", b"<Deferred #0>", b">>> c = reactor.callLater(0.1, d.callback, 'Hi!')", b"Deferred #0 called back: 'Hi!'", b">>> ", ] ) class ManholeLoopbackTelnetTests(_TelnetMixin, unittest.TestCase, ManholeLoopbackMixin): """ Test manhole loopback over Telnet. """ pass class ManholeLoopbackSSHTests(_SSHMixin, unittest.TestCase, ManholeLoopbackMixin): """ Test manhole loopback over SSH. """ if ssh is None: skip = "cryptography requirements missing" class ManholeLoopbackStdioTests(_StdioMixin, unittest.TestCase, ManholeLoopbackMixin): """ Test manhole loopback over standard IO. """ if stdio is None: skip = "Terminal requirements missing" else: serverProtocol = stdio.ConsoleManhole class ManholeMainTests(unittest.TestCase): """ Test the I{main} method from the I{manhole} module. """ if stdio is None: skip = "Terminal requirements missing" def test_mainClassNotFound(self): """ Will raise an exception when called with an argument which is a dotted patch which can not be imported.. """ exception = self.assertRaises( ValueError, stdio.main, argv=["no-such-class"], ) self.assertEqual("Empty module name", exception.args[0]) ��test/test_knownhosts.py��0000644��00000140531�15027667726�0011377 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for L{twisted.conch.client.knownhosts}. """ import os from binascii import Error as BinasciiError, a2b_base64, b2a_base64 from unittest import skipIf from zope.interface.verify import verifyObject from twisted.conch.error import HostKeyChanged, InvalidEntry, UserRejectedKey from twisted.conch.interfaces import IKnownHostEntry from twisted.internet.defer import Deferred from twisted.python.compat import networkString from twisted.python.filepath import FilePath from twisted.python.reflect import requireModule from twisted.test.testutils import ComparisonTestsMixin from twisted.trial.unittest import TestCase if requireModule("cryptography") and requireModule("pyasn1"): from twisted.conch.client import default from twisted.conch.client.knownhosts import ( ConsoleUI, HashedEntry, KnownHostsFile, PlainEntry, UnparsedEntry, ) from twisted.conch.ssh.keys import BadKeyError, Key from twisted.conch.test import keydata else: skip = "cryptography and PyASN1 required for twisted.conch.knownhosts." sampleEncodedKey = ( b"AAAAB3NzaC1yc2EAAAABIwAAAQEAsV0VMRbGmzhqxxayLRHmvnFvtyNqgbNKV46dU1bVFB+3y" b"tNvue4Riqv/SVkPRNwMb7eWH29SviXaBxUhYyzKkDoNUq3rTNnH1Vnif6d6X4JCrUb5d3W+Dm" b"YClyJrZ5HgD/hUpdSkTRqdbQ2TrvSAxRacj+vHHT4F4dm1bJSewm3B2D8HVOoi/CbVh3dsIiC" b"dp8VltdZx4qYVfYe2LwVINCbAa3d3tj9ma7RVfw3OH2Mfb+toLd1N5tBQFb7oqTt2nC6I/6Bd" b"4JwPUld+IEitw/suElq/AIJVQXXujeyiZlea90HE65U2mF1ytr17HTAIT2ySokJWyuBANGACk" b"6iIaw==" ) otherSampleEncodedKey = ( b"AAAAB3NzaC1yc2EAAAABIwAAAIEAwaeCZd3UCuPXhX39+/p9qO028jTF76DMVd9mPvYVDVXuf" b"WckKZauF7+0b7qm+ChT7kan6BzRVo4++gCVNfAlMzLysSt3ylmOR48tFpAfygg9UCX3DjHz0E" b"lOOUKh3iifc9aUShD0OPaK3pR5JJ8jfiBfzSYWt/hDi/iZ4igsSs8=" ) thirdSampleEncodedKey = ( b"AAAAB3NzaC1yc2EAAAABIwAAAQEAl/TQakPkePlnwCBRPitIVUTg6Z8VzN1en+DGkyo/evkmLw" b"7o4NWR5qbysk9A9jXW332nxnEuAnbcCam9SHe1su1liVfyIK0+3bdn0YRB0sXIbNEtMs2LtCho" b"/aV3cXPS+Cf1yut3wvIpaRnAzXxuKPCTXQ7/y0IXa8TwkRBH58OJa3RqfQ/NsSp5SAfdsrHyH2" b"aitiVKm2jfbTKzSEqOQG/zq4J9GXTkq61gZugory/Tvl5/yPgSnOR6C9jVOMHf27ZPoRtyj9SY" b"343Hd2QHiIE0KPZJEgCynKeWoKz8v6eTSK8n4rBnaqWdp8MnGZK1WGy05MguXbyCDuTC8AmJXQ" b"==" ) ecdsaSampleEncodedKey = ( b"AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIFwh3/zBANyPPIE60" b"SMMfdKMYo3OvfvzGLZphzuKrzSt0q4uF+/iYqtYiHhryAwU/fDWlUQ9kck9f+IlpsNtY4=" ) sampleKey = a2b_base64(sampleEncodedKey) otherSampleKey = a2b_base64(otherSampleEncodedKey) thirdSampleKey = a2b_base64(thirdSampleEncodedKey) ecdsaSampleKey = a2b_base64(ecdsaSampleEncodedKey) samplePlaintextLine = b"www.twistedmatrix.com ssh-rsa " + sampleEncodedKey + b"\n" otherSamplePlaintextLine = b"divmod.com ssh-rsa " + otherSampleEncodedKey + b"\n" sampleHostIPLine = ( b"www.twistedmatrix.com,198.49.126.131 ssh-rsa " + sampleEncodedKey + b"\n" ) sampleHashedLine = ( b"\|1\|gJbSEPBG9ZSBoZpHNtZBD1bHKBA=\|bQv+0Xa0dByrwkA1EB0E7Xop/Fo= ssh-rsa " + sampleEncodedKey + b"\n" ) class EntryTestsMixin: """ Tests for implementations of L{IKnownHostEntry}. Subclasses must set the 'entry' attribute to a provider of that interface, the implementation of that interface under test. @ivar entry: a provider of L{IKnownHostEntry} with a hostname of www.twistedmatrix.com and an RSA key of sampleKey. """ def test_providesInterface(self): """ The given entry should provide IKnownHostEntry. """ verifyObject(IKnownHostEntry, self.entry) def test_fromString(self): """ Constructing a plain text entry from an unhashed known_hosts entry will result in an L{IKnownHostEntry} provider with 'keyString', 'hostname', and 'keyType' attributes. While outside the interface in question, these attributes are held in common by L{PlainEntry} and L{HashedEntry} implementations; other implementations should override this method in subclasses. """ entry = self.entry self.assertEqual(entry.publicKey, Key.fromString(sampleKey)) self.assertEqual(entry.keyType, b"ssh-rsa") def test_matchesKey(self): """ L{IKnownHostEntry.matchesKey} checks to see if an entry matches a given SSH key. """ twistedmatrixDotCom = Key.fromString(sampleKey) divmodDotCom = Key.fromString(otherSampleKey) self.assertEqual(True, self.entry.matchesKey(twistedmatrixDotCom)) self.assertEqual(False, self.entry.matchesKey(divmodDotCom)) def test_matchesHost(self): """ L{IKnownHostEntry.matchesHost} checks to see if an entry matches a given hostname. """ self.assertTrue(self.entry.matchesHost(b"www.twistedmatrix.com")) self.assertFalse(self.entry.matchesHost(b"www.divmod.com")) class PlainEntryTests(EntryTestsMixin, TestCase): """ Test cases for L{PlainEntry}. """ plaintextLine = samplePlaintextLine hostIPLine = sampleHostIPLine def setUp(self): """ Set 'entry' to a sample plain-text entry with sampleKey as its key. """ self.entry = PlainEntry.fromString(self.plaintextLine) def test_matchesHostIP(self): """ A "hostname,ip" formatted line will match both the host and the IP. """ self.entry = PlainEntry.fromString(self.hostIPLine) self.assertTrue(self.entry.matchesHost(b"198.49.126.131")) self.test_matchesHost() def test_toString(self): """ L{PlainEntry.toString} generates the serialized OpenSSL format string for the entry, sans newline. """ self.assertEqual(self.entry.toString(), self.plaintextLine.rstrip(b"\n")) multiHostEntry = PlainEntry.fromString(self.hostIPLine) self.assertEqual(multiHostEntry.toString(), self.hostIPLine.rstrip(b"\n")) class PlainTextWithCommentTests(PlainEntryTests): """ Test cases for L{PlainEntry} when parsed from a line with a comment. """ plaintextLine = samplePlaintextLine[:-1] + b" plain text comment.\n" hostIPLine = sampleHostIPLine[:-1] + b" text following host/IP line\n" class HashedEntryTests(EntryTestsMixin, ComparisonTestsMixin, TestCase): """ Tests for L{HashedEntry}. This suite doesn't include any tests for host/IP pairs because hashed entries store IP addresses the same way as hostnames and does not support comma-separated lists. (If you hash the IP and host together you can't tell if you've got the key already for one or the other.) """ hashedLine = sampleHashedLine def setUp(self): """ Set 'entry' to a sample hashed entry for twistedmatrix.com with sampleKey as its key. """ self.entry = HashedEntry.fromString(self.hashedLine) def test_toString(self): """ L{HashedEntry.toString} generates the serialized OpenSSL format string for the entry, sans the newline. """ self.assertEqual(self.entry.toString(), self.hashedLine.rstrip(b"\n")) def test_equality(self): """ Two L{HashedEntry} instances compare equal if and only if they represent the same host and key in exactly the same way: the host salt, host hash, public key type, public key, and comment fields must all be equal. """ hostSalt = b"gJbSEPBG9ZSBoZpHNtZBD1bHKBA" hostHash = b"bQv+0Xa0dByrwkA1EB0E7Xop/Fo" publicKey = Key.fromString(sampleKey) keyType = networkString(publicKey.type()) comment = b"hello, world" entry = HashedEntry(hostSalt, hostHash, keyType, publicKey, comment) duplicate = HashedEntry(hostSalt, hostHash, keyType, publicKey, comment) # Vary the host salt self.assertNormalEqualityImplementation( entry, duplicate, HashedEntry(hostSalt[::-1], hostHash, keyType, publicKey, comment), ) # Vary the host hash self.assertNormalEqualityImplementation( entry, duplicate, HashedEntry(hostSalt, hostHash[::-1], keyType, publicKey, comment), ) # Vary the key type self.assertNormalEqualityImplementation( entry, duplicate, HashedEntry(hostSalt, hostHash, keyType[::-1], publicKey, comment), ) # Vary the key self.assertNormalEqualityImplementation( entry, duplicate, HashedEntry( hostSalt, hostHash, keyType, Key.fromString(otherSampleKey), comment ), ) # Vary the comment self.assertNormalEqualityImplementation( entry, duplicate, HashedEntry(hostSalt, hostHash, keyType, publicKey, comment[::-1]), ) class HashedEntryWithCommentTests(HashedEntryTests): """ Test cases for L{PlainEntry} when parsed from a line with a comment. """ hashedLine = sampleHashedLine[:-1] + b" plain text comment.\n" class UnparsedEntryTests(TestCase, EntryTestsMixin): """ Tests for L{UnparsedEntry} """ def setUp(self): """ Set up the 'entry' to be an unparsed entry for some random text. """ self.entry = UnparsedEntry(b" This is a bogus entry. \n") def test_fromString(self): """ Creating an L{UnparsedEntry} should simply record the string it was passed. """ self.assertEqual(b" This is a bogus entry. \n", self.entry._string) def test_matchesHost(self): """ An unparsed entry can't match any hosts. """ self.assertFalse(self.entry.matchesHost(b"www.twistedmatrix.com")) def test_matchesKey(self): """ An unparsed entry can't match any keys. """ self.assertFalse(self.entry.matchesKey(Key.fromString(sampleKey))) def test_toString(self): """ L{UnparsedEntry.toString} returns its input string, sans trailing newline. """ self.assertEqual(b" This is a bogus entry. ", self.entry.toString()) class ParseErrorTests(TestCase): """ L{HashedEntry.fromString} and L{PlainEntry.fromString} can raise a variety of errors depending on misformattings of certain strings. These tests make sure those errors are caught. Since many of the ways that this can go wrong are in the lower-level APIs being invoked by the parsing logic, several of these are integration tests with the C{base64} and L{twisted.conch.ssh.keys} modules. """ def invalidEntryTest(self, cls): """ If there are fewer than three elements, C{fromString} should raise L{InvalidEntry}. """ self.assertRaises(InvalidEntry, cls.fromString, b"invalid") def notBase64Test(self, cls): """ If the key is not base64, C{fromString} should raise L{BinasciiError}. """ self.assertRaises(BinasciiError, cls.fromString, b"x x x") def badKeyTest(self, cls, prefix): """ If the key portion of the entry is valid base64, but is not actually an SSH key, C{fromString} should raise L{BadKeyError}. """ self.assertRaises( BadKeyError, cls.fromString, b" ".join( [prefix, b"ssh-rsa", b2a_base64(b"Hey, this isn't an SSH key!").strip()] ), ) def test_invalidPlainEntry(self): """ If there are fewer than three whitespace-separated elements in an entry, L{PlainEntry.fromString} should raise L{InvalidEntry}. """ self.invalidEntryTest(PlainEntry) def test_invalidHashedEntry(self): """ If there are fewer than three whitespace-separated elements in an entry, or the hostname salt/hash portion has more than two elements, L{HashedEntry.fromString} should raise L{InvalidEntry}. """ self.invalidEntryTest(HashedEntry) a, b, c = sampleHashedLine.split() self.assertRaises( InvalidEntry, HashedEntry.fromString, b" ".join([a + b"\|\|", b, c]) ) def test_plainNotBase64(self): """ If the key portion of a plain entry is not decodable as base64, C{fromString} should raise L{BinasciiError}. """ self.notBase64Test(PlainEntry) def test_hashedNotBase64(self): """ If the key, host salt, or host hash portion of a hashed entry is not encoded, it will raise L{BinasciiError}. """ self.notBase64Test(HashedEntry) a, b, c = sampleHashedLine.split() # Salt not valid base64. self.assertRaises( BinasciiError, HashedEntry.fromString, b" ".join([b"\|1\|x\|" + b2a_base64(b"stuff").strip(), b, c]), ) # Host hash not valid base64. self.assertRaises( BinasciiError, HashedEntry.fromString, b" ".join([HashedEntry.MAGIC + b2a_base64(b"stuff").strip() + b"\|x", b, c]), ) # Neither salt nor hash valid base64. self.assertRaises( BinasciiError, HashedEntry.fromString, b" ".join([b"\|1\|x\|x", b, c]) ) def test_hashedBadKey(self): """ If the key portion of the entry is valid base64, but is not actually an SSH key, C{HashedEntry.fromString} should raise L{BadKeyError}. """ a, b, c = sampleHashedLine.split() self.badKeyTest(HashedEntry, a) def test_plainBadKey(self): """ If the key portion of the entry is valid base64, but is not actually an SSH key, C{PlainEntry.fromString} should raise L{BadKeyError}. """ self.badKeyTest(PlainEntry, b"hostname") class KnownHostsDatabaseTests(TestCase): """ Tests for L{KnownHostsFile}. """ def pathWithContent(self, content): """ Return a FilePath with the given initial content. """ fp = FilePath(self.mktemp()) fp.setContent(content) return fp def loadSampleHostsFile( self, content=( sampleHashedLine + otherSamplePlaintextLine + b"\n# That was a blank line.\n" b"This is just unparseable.\n" b"\|1\|This also unparseable.\n" ), ): """ Return a sample hosts file, with keys for www.twistedmatrix.com and divmod.com present. """ return KnownHostsFile.fromPath(self.pathWithContent(content)) def test_readOnlySavePath(self): """ L{KnownHostsFile.savePath} is read-only; if an assignment is made to it, L{AttributeError} is raised and the value is unchanged. """ path = FilePath(self.mktemp()) new = FilePath(self.mktemp()) hostsFile = KnownHostsFile(path) self.assertRaises(AttributeError, setattr, hostsFile, "savePath", new) self.assertEqual(path, hostsFile.savePath) def test_defaultInitializerIgnoresExisting(self): """ The default initializer for L{KnownHostsFile} disregards any existing contents in the save path. """ hostsFile = KnownHostsFile(self.pathWithContent(sampleHashedLine)) self.assertEqual([], list(hostsFile.iterentries())) def test_defaultInitializerClobbersExisting(self): """ After using the default initializer for L{KnownHostsFile}, the first use of L{KnownHostsFile.save} overwrites any existing contents in the save path. """ path = self.pathWithContent(sampleHashedLine) hostsFile = KnownHostsFile(path) entry = hostsFile.addHostKey(b"www.example.com", Key.fromString(otherSampleKey)) hostsFile.save() # Check KnownHostsFile to see what it thinks the state is self.assertEqual([entry], list(hostsFile.iterentries())) # And also directly check the underlying file itself self.assertEqual(entry.toString() + b"\n", path.getContent()) def test_saveResetsClobberState(self): """ After L{KnownHostsFile.save} is used once with an instance initialized by the default initializer, contents of the save path are respected and preserved. """ hostsFile = KnownHostsFile(self.pathWithContent(sampleHashedLine)) preSave = hostsFile.addHostKey( b"www.example.com", Key.fromString(otherSampleKey) ) hostsFile.save() postSave = hostsFile.addHostKey( b"another.example.com", Key.fromString(thirdSampleKey) ) hostsFile.save() self.assertEqual([preSave, postSave], list(hostsFile.iterentries())) def test_loadFromPath(self): """ Loading a L{KnownHostsFile} from a path with six entries in it will result in a L{KnownHostsFile} object with six L{IKnownHostEntry} providers in it. """ hostsFile = self.loadSampleHostsFile() self.assertEqual(6, len(list(hostsFile.iterentries()))) def test_iterentriesUnsaved(self): """ If the save path for a L{KnownHostsFile} does not exist, L{KnownHostsFile.iterentries} still returns added but unsaved entries. """ hostsFile = KnownHostsFile(FilePath(self.mktemp())) hostsFile.addHostKey(b"www.example.com", Key.fromString(sampleKey)) self.assertEqual(1, len(list(hostsFile.iterentries()))) def test_verifyHashedEntry(self): """ Loading a L{KnownHostsFile} from a path containing a single valid L{HashedEntry} entry will result in a L{KnownHostsFile} object with one L{IKnownHostEntry} provider. """ hostsFile = self.loadSampleHostsFile(sampleHashedLine) entries = list(hostsFile.iterentries()) self.assertIsInstance(entries[0], HashedEntry) self.assertTrue(entries[0].matchesHost(b"www.twistedmatrix.com")) self.assertEqual(1, len(entries)) def test_verifyPlainEntry(self): """ Loading a L{KnownHostsFile} from a path containing a single valid L{PlainEntry} entry will result in a L{KnownHostsFile} object with one L{IKnownHostEntry} provider. """ hostsFile = self.loadSampleHostsFile(otherSamplePlaintextLine) entries = list(hostsFile.iterentries()) self.assertIsInstance(entries[0], PlainEntry) self.assertTrue(entries[0].matchesHost(b"divmod.com")) self.assertEqual(1, len(entries)) def test_verifyUnparsedEntry(self): """ Loading a L{KnownHostsFile} from a path that only contains '\n' will result in a L{KnownHostsFile} object containing a L{UnparsedEntry} object. """ hostsFile = self.loadSampleHostsFile(b"\n") entries = list(hostsFile.iterentries()) self.assertIsInstance(entries[0], UnparsedEntry) self.assertEqual(entries[0].toString(), b"") self.assertEqual(1, len(entries)) def test_verifyUnparsedComment(self): """ Loading a L{KnownHostsFile} from a path that contains a comment will result in a L{KnownHostsFile} object containing a L{UnparsedEntry} object. """ hostsFile = self.loadSampleHostsFile(b"# That was a blank line.\n") entries = list(hostsFile.iterentries()) self.assertIsInstance(entries[0], UnparsedEntry) self.assertEqual(entries[0].toString(), b"# That was a blank line.") def test_verifyUnparsableLine(self): """ Loading a L{KnownHostsFile} from a path that contains an unparseable line will be represented as an L{UnparsedEntry} instance. """ hostsFile = self.loadSampleHostsFile(b"This is just unparseable.\n") entries = list(hostsFile.iterentries()) self.assertIsInstance(entries[0], UnparsedEntry) self.assertEqual(entries[0].toString(), b"This is just unparseable.") self.assertEqual(1, len(entries)) def test_verifyUnparsableEncryptionMarker(self): """ Loading a L{KnownHostsFile} from a path containing an unparseable line that starts with an encryption marker will be represented as an L{UnparsedEntry} instance. """ hostsFile = self.loadSampleHostsFile(b"\|1\|This is unparseable.\n") entries = list(hostsFile.iterentries()) self.assertIsInstance(entries[0], UnparsedEntry) self.assertEqual(entries[0].toString(), b"\|1\|This is unparseable.") self.assertEqual(1, len(entries)) def test_loadNonExistent(self): """ Loading a L{KnownHostsFile} from a path that does not exist should result in an empty L{KnownHostsFile} that will save back to that path. """ pn = self.mktemp() knownHostsFile = KnownHostsFile.fromPath(FilePath(pn)) entries = list(knownHostsFile.iterentries()) self.assertEqual([], entries) self.assertFalse(FilePath(pn).exists()) knownHostsFile.save() self.assertTrue(FilePath(pn).exists()) def test_loadNonExistentParent(self): """ Loading a L{KnownHostsFile} from a path whose parent directory does not exist should result in an empty L{KnownHostsFile} that will save back to that path, creating its parent directory(ies) in the process. """ thePath = FilePath(self.mktemp()) knownHostsPath = thePath.child("foo").child(b"known_hosts") knownHostsFile = KnownHostsFile.fromPath(knownHostsPath) knownHostsFile.save() knownHostsPath.restat(False) self.assertTrue(knownHostsPath.exists()) def test_savingAddsEntry(self): """ L{KnownHostsFile.save} will write out a new file with any entries that have been added. """ path = self.pathWithContent(sampleHashedLine + otherSamplePlaintextLine) knownHostsFile = KnownHostsFile.fromPath(path) newEntry = knownHostsFile.addHostKey( b"some.example.com", Key.fromString(thirdSampleKey) ) expectedContent = ( sampleHashedLine + otherSamplePlaintextLine + HashedEntry.MAGIC + b2a_base64(newEntry._hostSalt).strip() + b"\|" + b2a_base64(newEntry._hostHash).strip() + b" ssh-rsa " + thirdSampleEncodedKey + b"\n" ) # Sanity check, let's make sure the base64 API being used for the test # isn't inserting spurious newlines. self.assertEqual(3, expectedContent.count(b"\n")) knownHostsFile.save() self.assertEqual(expectedContent, path.getContent()) def test_savingAvoidsDuplication(self): """ L{KnownHostsFile.save} only writes new entries to the save path, not entries which were added and already written by a previous call to C{save}. """ path = FilePath(self.mktemp()) knownHosts = KnownHostsFile(path) entry = knownHosts.addHostKey(b"some.example.com", Key.fromString(sampleKey)) knownHosts.save() knownHosts.save() knownHosts = KnownHostsFile.fromPath(path) self.assertEqual([entry], list(knownHosts.iterentries())) def test_savingsPreservesExisting(self): """ L{KnownHostsFile.save} will not overwrite existing entries in its save path, even if they were only added after the L{KnownHostsFile} instance was initialized. """ # Start off with one host/key pair in the file path = self.pathWithContent(sampleHashedLine) knownHosts = KnownHostsFile.fromPath(path) # After initializing the KnownHostsFile instance, add a second host/key # pair to the file directly - without the instance's help or knowledge. with path.open("a") as hostsFileObj: hostsFileObj.write(otherSamplePlaintextLine) # Add a third host/key pair using the KnownHostsFile instance key = Key.fromString(thirdSampleKey) knownHosts.addHostKey(b"brandnew.example.com", key) knownHosts.save() # Check that all three host/key pairs are present. knownHosts = KnownHostsFile.fromPath(path) self.assertEqual( [True, True, True], [ knownHosts.hasHostKey( b"www.twistedmatrix.com", Key.fromString(sampleKey) ), knownHosts.hasHostKey(b"divmod.com", Key.fromString(otherSampleKey)), knownHosts.hasHostKey(b"brandnew.example.com", key), ], ) def test_hasPresentKey(self): """ L{KnownHostsFile.hasHostKey} returns C{True} when a key for the given hostname is present and matches the expected key. """ hostsFile = self.loadSampleHostsFile() self.assertTrue( hostsFile.hasHostKey(b"www.twistedmatrix.com", Key.fromString(sampleKey)) ) def test_notPresentKey(self): """ L{KnownHostsFile.hasHostKey} returns C{False} when a key for the given hostname is not present. """ hostsFile = self.loadSampleHostsFile() self.assertFalse( hostsFile.hasHostKey(b"non-existent.example.com", Key.fromString(sampleKey)) ) self.assertTrue( hostsFile.hasHostKey(b"www.twistedmatrix.com", Key.fromString(sampleKey)) ) self.assertFalse( hostsFile.hasHostKey( b"www.twistedmatrix.com", Key.fromString(ecdsaSampleKey) ) ) def test_hasLaterAddedKey(self): """ L{KnownHostsFile.hasHostKey} returns C{True} when a key for the given hostname is present in the file, even if it is only added to the file after the L{KnownHostsFile} instance is initialized. """ key = Key.fromString(sampleKey) entry = PlainEntry([b"brandnew.example.com"], key.sshType(), key, b"") hostsFile = self.loadSampleHostsFile() with hostsFile.savePath.open("a") as hostsFileObj: hostsFileObj.write(entry.toString() + b"\n") self.assertEqual(True, hostsFile.hasHostKey(b"brandnew.example.com", key)) def test_savedEntryHasKeyMismatch(self): """ L{KnownHostsFile.hasHostKey} raises L{HostKeyChanged} if the host key is present in the underlying file, but different from the expected one. The resulting exception should have an C{offendingEntry} indicating the given entry. """ hostsFile = self.loadSampleHostsFile() entries = list(hostsFile.iterentries()) exception = self.assertRaises( HostKeyChanged, hostsFile.hasHostKey, b"www.twistedmatrix.com", Key.fromString(otherSampleKey), ) self.assertEqual(exception.offendingEntry, entries[0]) self.assertEqual(exception.lineno, 1) self.assertEqual(exception.path, hostsFile.savePath) def test_savedEntryAfterAddHasKeyMismatch(self): """ Even after a new entry has been added in memory but not yet saved, the L{HostKeyChanged} exception raised by L{KnownHostsFile.hasHostKey} has a C{lineno} attribute which indicates the 1-based line number of the offending entry in the underlying file when the given host key does not match the expected host key. """ hostsFile = self.loadSampleHostsFile() hostsFile.addHostKey(b"www.example.com", Key.fromString(otherSampleKey)) exception = self.assertRaises( HostKeyChanged, hostsFile.hasHostKey, b"www.twistedmatrix.com", Key.fromString(otherSampleKey), ) self.assertEqual(exception.lineno, 1) self.assertEqual(exception.path, hostsFile.savePath) def test_unsavedEntryHasKeyMismatch(self): """ L{KnownHostsFile.hasHostKey} raises L{HostKeyChanged} if the host key is present in memory (but not yet saved), but different from the expected one. The resulting exception has a C{offendingEntry} indicating the given entry, but no filename or line number information (reflecting the fact that the entry exists only in memory). """ hostsFile = KnownHostsFile(FilePath(self.mktemp())) entry = hostsFile.addHostKey(b"www.example.com", Key.fromString(otherSampleKey)) exception = self.assertRaises( HostKeyChanged, hostsFile.hasHostKey, b"www.example.com", Key.fromString(thirdSampleKey), ) self.assertEqual(exception.offendingEntry, entry) self.assertIsNone(exception.lineno) self.assertIsNone(exception.path) def test_addHostKey(self): """ L{KnownHostsFile.addHostKey} adds a new L{HashedEntry} to the host file, and returns it. """ hostsFile = self.loadSampleHostsFile() aKey = Key.fromString(thirdSampleKey) self.assertEqual(False, hostsFile.hasHostKey(b"somewhere.example.com", aKey)) newEntry = hostsFile.addHostKey(b"somewhere.example.com", aKey) # The code in OpenSSH requires host salts to be 20 characters long. # This is the required length of a SHA-1 HMAC hash, so it's just a # sanity check. self.assertEqual(20, len(newEntry._hostSalt)) self.assertEqual(True, newEntry.matchesHost(b"somewhere.example.com")) self.assertEqual(newEntry.keyType, b"ssh-rsa") self.assertEqual(aKey, newEntry.publicKey) self.assertEqual(True, hostsFile.hasHostKey(b"somewhere.example.com", aKey)) def test_randomSalts(self): """ L{KnownHostsFile.addHostKey} generates a random salt for each new key, so subsequent salts will be different. """ hostsFile = self.loadSampleHostsFile() aKey = Key.fromString(thirdSampleKey) self.assertNotEqual( hostsFile.addHostKey(b"somewhere.example.com", aKey)._hostSalt, hostsFile.addHostKey(b"somewhere-else.example.com", aKey)._hostSalt, ) def test_verifyValidKey(self): """ Verifying a valid key should return a L{Deferred} which fires with True. """ hostsFile = self.loadSampleHostsFile() hostsFile.addHostKey(b"1.2.3.4", Key.fromString(sampleKey)) ui = FakeUI() d = hostsFile.verifyHostKey( ui, b"www.twistedmatrix.com", b"1.2.3.4", Key.fromString(sampleKey) ) l = [] d.addCallback(l.append) self.assertEqual(l, [True]) def test_verifyInvalidKey(self): """ Verifying an invalid key should return a L{Deferred} which fires with a L{HostKeyChanged} failure. """ hostsFile = self.loadSampleHostsFile() wrongKey = Key.fromString(thirdSampleKey) ui = FakeUI() hostsFile.addHostKey(b"1.2.3.4", Key.fromString(sampleKey)) d = hostsFile.verifyHostKey(ui, b"www.twistedmatrix.com", b"1.2.3.4", wrongKey) return self.assertFailure(d, HostKeyChanged) def verifyNonPresentKey(self): """ Set up a test to verify a key that isn't present. Return a 3-tuple of the UI, a list set up to collect the result of the verifyHostKey call, and the sample L{KnownHostsFile} being used. This utility method avoids returning a L{Deferred}, and records results in the returned list instead, because the events which get generated here are pre-recorded in the 'ui' object. If the L{Deferred} in question does not fire, the it will fail quickly with an empty list. """ hostsFile = self.loadSampleHostsFile() absentKey = Key.fromString(thirdSampleKey) ui = FakeUI() l = [] d = hostsFile.verifyHostKey( ui, b"sample-host.example.com", b"4.3.2.1", absentKey ) d.addBoth(l.append) self.assertEqual([], l) self.assertEqual( ui.promptText, b"The authenticity of host 'sample-host.example.com (4.3.2.1)' " b"can't be established.\n" b"RSA key fingerprint is " b"SHA256:mS7mDBGhewdzJkaKRkx+wMjUdZb/GzvgcdoYjX5Js9I=.\n" b"Are you sure you want to continue connecting (yes/no)? ", ) return ui, l, hostsFile def test_verifyNonPresentKey_Yes(self): """ Verifying a key where neither the hostname nor the IP are present should result in the UI being prompted with a message explaining as much. If the UI says yes, the Deferred should fire with True. """ ui, l, knownHostsFile = self.verifyNonPresentKey() ui.promptDeferred.callback(True) self.assertEqual([True], l) reloaded = KnownHostsFile.fromPath(knownHostsFile.savePath) self.assertEqual( True, reloaded.hasHostKey(b"4.3.2.1", Key.fromString(thirdSampleKey)) ) self.assertEqual( True, reloaded.hasHostKey( b"sample-host.example.com", Key.fromString(thirdSampleKey) ), ) def test_verifyNonPresentKey_No(self): """ Verifying a key where neither the hostname nor the IP are present should result in the UI being prompted with a message explaining as much. If the UI says no, the Deferred should fail with UserRejectedKey. """ ui, l, knownHostsFile = self.verifyNonPresentKey() ui.promptDeferred.callback(False) l[0].trap(UserRejectedKey) def test_verifyNonPresentECKey(self): """ Set up a test to verify an ECDSA key that isn't present. Return a 3-tuple of the UI, a list set up to collect the result of the verifyHostKey call, and the sample L{KnownHostsFile} being used. """ ecObj = Key._fromECComponents( x=keydata.ECDatanistp256["x"], y=keydata.ECDatanistp256["y"], privateValue=keydata.ECDatanistp256["privateValue"], curve=keydata.ECDatanistp256["curve"], ) hostsFile = self.loadSampleHostsFile() ui = FakeUI() l = [] d = hostsFile.verifyHostKey(ui, b"sample-host.example.com", b"4.3.2.1", ecObj) d.addBoth(l.append) self.assertEqual([], l) self.assertEqual( ui.promptText, b"The authenticity of host 'sample-host.example.com (4.3.2.1)' " b"can't be established.\n" b"ECDSA key fingerprint is " b"SHA256:fJnSpgCcYoYYsaBbnWj1YBghGh/QTDgfe4w4U5M5tEo=.\n" b"Are you sure you want to continue connecting (yes/no)? ", ) def test_verifyHostIPMismatch(self): """ Verifying a key where the host is present (and correct), but the IP is present and different, should result the deferred firing in a HostKeyChanged failure. """ hostsFile = self.loadSampleHostsFile() wrongKey = Key.fromString(thirdSampleKey) ui = FakeUI() d = hostsFile.verifyHostKey(ui, b"www.twistedmatrix.com", b"4.3.2.1", wrongKey) return self.assertFailure(d, HostKeyChanged) def test_verifyKeyForHostAndIP(self): """ Verifying a key where the hostname is present but the IP is not should result in the key being added for the IP and the user being warned about the change. """ ui = FakeUI() hostsFile = self.loadSampleHostsFile() expectedKey = Key.fromString(sampleKey) hostsFile.verifyHostKey(ui, b"www.twistedmatrix.com", b"5.4.3.2", expectedKey) self.assertEqual( True, KnownHostsFile.fromPath(hostsFile.savePath).hasHostKey( b"5.4.3.2", expectedKey ), ) self.assertEqual( [ "Warning: Permanently added the RSA host key for IP address " "'5.4.3.2' to the list of known hosts." ], ui.userWarnings, ) def test_getHostKeyAlgorithms(self): """ For a given host, get the host key algorithms for that host in the known_hosts file. """ hostsFile = self.loadSampleHostsFile() hostsFile.addHostKey(b"www.twistedmatrix.com", Key.fromString(otherSampleKey)) hostsFile.addHostKey(b"www.twistedmatrix.com", Key.fromString(ecdsaSampleKey)) hostsFile.save() options = {} options["known-hosts"] = hostsFile.savePath.path algorithms = default.getHostKeyAlgorithms(b"www.twistedmatrix.com", options) expectedAlgorithms = [b"ssh-rsa", b"ecdsa-sha2-nistp256"] self.assertEqual(algorithms, expectedAlgorithms) class FakeFile: """ A fake file-like object that acts enough like a file for L{ConsoleUI.prompt}. """ def __init__(self): self.inlines = [] self.outchunks = [] self.closed = False def readline(self): """ Return a line from the 'inlines' list. """ return self.inlines.pop(0) def write(self, chunk): """ Append the given item to the 'outchunks' list. """ if self.closed: raise OSError("the file was closed") self.outchunks.append(chunk) def close(self): """ Set the 'closed' flag to True, explicitly marking that it has been closed. """ self.closed = True class ConsoleUITests(TestCase): """ Test cases for L{ConsoleUI}. """ def setUp(self): """ Create a L{ConsoleUI} pointed at a L{FakeFile}. """ self.fakeFile = FakeFile() self.ui = ConsoleUI(self.openFile) def openFile(self): """ Return the current fake file. """ return self.fakeFile def newFile(self, lines): """ Create a new fake file (the next file that self.ui will open) with the given list of lines to be returned from readline(). """ self.fakeFile = FakeFile() self.fakeFile.inlines = lines def test_promptYes(self): """ L{ConsoleUI.prompt} writes a message to the console, then reads a line. If that line is 'yes', then it returns a L{Deferred} that fires with True. """ for okYes in [b"yes", b"Yes", b"yes\n"]: self.newFile([okYes]) l = [] self.ui.prompt("Hello, world!").addCallback(l.append) self.assertEqual(["Hello, world!"], self.fakeFile.outchunks) self.assertEqual([True], l) self.assertTrue(self.fakeFile.closed) def test_promptNo(self): """ L{ConsoleUI.prompt} writes a message to the console, then reads a line. If that line is 'no', then it returns a L{Deferred} that fires with False. """ for okNo in [b"no", b"No", b"no\n"]: self.newFile([okNo]) l = [] self.ui.prompt("Goodbye, world!").addCallback(l.append) self.assertEqual(["Goodbye, world!"], self.fakeFile.outchunks) self.assertEqual([False], l) self.assertTrue(self.fakeFile.closed) def test_promptRepeatedly(self): """ L{ConsoleUI.prompt} writes a message to the console, then reads a line. If that line is neither 'yes' nor 'no', then it says "Please enter 'yes' or 'no'" until it gets a 'yes' or a 'no', at which point it returns a Deferred that answers either True or False. """ self.newFile([b"what", b"uh", b"okay", b"yes"]) l = [] self.ui.prompt(b"Please say something useful.").addCallback(l.append) self.assertEqual([True], l) self.assertEqual( self.fakeFile.outchunks, [b"Please say something useful."] + [b"Please type 'yes' or 'no': "] * 3, ) self.assertTrue(self.fakeFile.closed) self.newFile([b"blah", b"stuff", b"feh", b"no"]) l = [] self.ui.prompt(b"Please say something negative.").addCallback(l.append) self.assertEqual([False], l) self.assertEqual( self.fakeFile.outchunks, [b"Please say something negative."] + [b"Please type 'yes' or 'no': "] * 3, ) self.assertTrue(self.fakeFile.closed) def test_promptOpenFailed(self): """ If the C{opener} passed to L{ConsoleUI} raises an exception, that exception will fail the L{Deferred} returned from L{ConsoleUI.prompt}. """ def raiseIt(): raise OSError() ui = ConsoleUI(raiseIt) d = ui.prompt("This is a test.") return self.assertFailure(d, IOError) def test_warn(self): """ L{ConsoleUI.warn} should output a message to the console object. """ self.ui.warn("Test message.") self.assertEqual(["Test message."], self.fakeFile.outchunks) self.assertTrue(self.fakeFile.closed) def test_warnOpenFailed(self): """ L{ConsoleUI.warn} should log a traceback if the output can't be opened. """ def raiseIt(): 1 / 0 ui = ConsoleUI(raiseIt) ui.warn("This message never makes it.") self.assertEqual(len(self.flushLoggedErrors(ZeroDivisionError)), 1) class FakeUI: """ A fake UI object, adhering to the interface expected by L{KnownHostsFile.verifyHostKey} @ivar userWarnings: inputs provided to 'warn'. @ivar promptDeferred: last result returned from 'prompt'. @ivar promptText: the last input provided to 'prompt'. """ def __init__(self): self.userWarnings = [] self.promptDeferred = None self.promptText = None def prompt(self, text): """ Issue the user an interactive prompt, which they can accept or deny. """ self.promptText = text self.promptDeferred = Deferred() return self.promptDeferred def warn(self, text): """ Issue a non-interactive warning to the user. """ self.userWarnings.append(text) class FakeObject: """ A fake object that can have some attributes. Used to fake L{SSHClientTransport} and L{SSHClientFactory}. """ @skipIf(not FilePath("/dev/tty").exists(), "Platform lacks /dev/tty") class DefaultAPITests(TestCase): """ The API in L{twisted.conch.client.default.verifyHostKey} is the integration point between the code in the rest of conch and L{KnownHostsFile}. """ def patchedOpen(self, fname, mode, *kwargs): """ The patched version of 'open'; this returns a L{FakeFile} that the instantiated L{ConsoleUI} can use. """ self.assertEqual(fname, "/dev/tty") self.assertEqual(mode, "r+b") self.assertEqual(kwargs["buffering"], 0) return self.fakeFile def setUp(self): """ Patch 'open' in verifyHostKey. """ self.fakeFile = FakeFile() self.patch(default, "_open", self.patchedOpen) self.hostsOption = self.mktemp() self.hashedEntries = {} knownHostsFile = KnownHostsFile(FilePath(self.hostsOption)) for host in (b"exists.example.com", b"4.3.2.1"): entry = knownHostsFile.addHostKey(host, Key.fromString(sampleKey)) self.hashedEntries[host] = entry knownHostsFile.save() self.fakeTransport = FakeObject() self.fakeTransport.factory = FakeObject() self.options = self.fakeTransport.factory.options = { "host": b"exists.example.com", "known-hosts": self.hostsOption, } def test_verifyOKKey(self): """ L{default.verifyHostKey} should return a L{Deferred} which fires with C{1} when passed a host, IP, and key which already match the known_hosts file it is supposed to check. """ l = [] default.verifyHostKey( self.fakeTransport, b"4.3.2.1", sampleKey, b"I don't care." ).addCallback(l.append) self.assertEqual([1], l) def replaceHome(self, tempHome): """ Replace the HOME environment variable until the end of the current test, with the given new home-directory, so that L{os.path.expanduser} will yield controllable, predictable results. @param tempHome: the pathname to replace the HOME variable with. @type tempHome: L{str} """ oldHome = os.environ.get("HOME") def cleanupHome(): if oldHome is None: del os.environ["HOME"] else: os.environ["HOME"] = oldHome self.addCleanup(cleanupHome) os.environ["HOME"] = tempHome def test_noKnownHostsOption(self): """ L{default.verifyHostKey} should find your known_hosts file in ~/.ssh/known_hosts if you don't specify one explicitly on the command line. """ l = [] tmpdir = self.mktemp() oldHostsOption = self.hostsOption hostsNonOption = FilePath(tmpdir).child(".ssh").child("known_hosts") hostsNonOption.parent().makedirs() FilePath(oldHostsOption).moveTo(hostsNonOption) self.replaceHome(tmpdir) self.options["known-hosts"] = None default.verifyHostKey( self.fakeTransport, b"4.3.2.1", sampleKey, b"I don't care." ).addCallback(l.append) self.assertEqual([1], l) def test_verifyHostButNotIP(self): """ L{default.verifyHostKey} should return a L{Deferred} which fires with C{1} when passed a host which matches with an IP is not present in its known_hosts file, and should also warn the user that it has added the IP address. """ l = [] default.verifyHostKey( self.fakeTransport, b"8.7.6.5", sampleKey, b"Fingerprint not required." ).addCallback(l.append) self.assertEqual( [ "Warning: Permanently added the RSA host key for IP address " "'8.7.6.5' to the list of known hosts." ], self.fakeFile.outchunks, ) self.assertEqual([1], l) knownHostsFile = KnownHostsFile.fromPath(FilePath(self.hostsOption)) self.assertTrue( knownHostsFile.hasHostKey(b"8.7.6.5", Key.fromString(sampleKey)) ) def test_verifyQuestion(self): """ L{default.verifyHostKey} should return a L{Default} which fires with C{0} when passed an unknown host that the user refuses to acknowledge. """ self.fakeTransport.factory.options["host"] = b"fake.example.com" self.fakeFile.inlines.append(b"no") d = default.verifyHostKey( self.fakeTransport, b"9.8.7.6", otherSampleKey, b"No fingerprint!" ) self.assertEqual( [ b"The authenticity of host 'fake.example.com (9.8.7.6)' " b"can't be established.\n" b"RSA key fingerprint is " b"SHA256:vD0YydsNIUYJa7yLZl3tIL8h0vZvQ8G+HPG7JLmQV0s=.\n" b"Are you sure you want to continue connecting (yes/no)? " ], self.fakeFile.outchunks, ) return self.assertFailure(d, UserRejectedKey) def test_verifyBadKey(self): """ L{default.verifyHostKey} should return a L{Deferred} which fails with L{HostKeyChanged} if the host key is incorrect. """ d = default.verifyHostKey( self.fakeTransport, b"4.3.2.1", otherSampleKey, "Again, not required." ) return self.assertFailure(d, HostKeyChanged) def test_inKnownHosts(self): """ L{default.isInKnownHosts} should return C{1} when a host with a key is in the known hosts file. """ host = self.hashedEntries[b"4.3.2.1"].toString().split()[0] r = default.isInKnownHosts( host, Key.fromString(sampleKey).blob(), {"known-hosts": FilePath(self.hostsOption).path}, ) self.assertEqual(1, r) def test_notInKnownHosts(self): """ L{default.isInKnownHosts} should return C{0} when a host with a key is not in the known hosts file. """ r = default.isInKnownHosts( "not.there", b"irrelevant", {"known-hosts": FilePath(self.hostsOption).path} ) self.assertEqual(0, r) def test_inKnownHostsKeyChanged(self): """ L{default.isInKnownHosts} should return C{2} when a host with a key other than the given one is in the known hosts file. """ host = self.hashedEntries[b"4.3.2.1"].toString().split()[0] r = default.isInKnownHosts( host, Key.fromString(otherSampleKey).blob(), {"known-hosts": FilePath(self.hostsOption).path}, ) self.assertEqual(2, r) ��test/test_connection.py��0000644��00000071111�15027667726�0011316 0��ustar�00��# Copyright (c) 2007-2010 Twisted Matrix Laboratories. # See LICENSE for details """ This module tests twisted.conch.ssh.connection. """ import struct from twisted.conch.ssh import channel from twisted.conch.test import test_userauth from twisted.python.reflect import requireModule from twisted.trial import unittest cryptography = requireModule("cryptography") from twisted.conch import error if cryptography: from twisted.conch.ssh import common, connection else: class connection: # type: ignore[no-redef] class SSHConnection: pass class TestChannel(channel.SSHChannel): """ A mocked-up version of twisted.conch.ssh.channel.SSHChannel. @ivar gotOpen: True if channelOpen has been called. @type gotOpen: L{bool} @ivar specificData: the specific channel open data passed to channelOpen. @type specificData: L{bytes} @ivar openFailureReason: the reason passed to openFailed. @type openFailed: C{error.ConchError} @ivar inBuffer: a C{list} of strings received by the channel. @type inBuffer: C{list} @ivar extBuffer: a C{list} of 2-tuples (type, extended data) of received by the channel. @type extBuffer: C{list} @ivar numberRequests: the number of requests that have been made to this channel. @type numberRequests: L{int} @ivar gotEOF: True if the other side sent EOF. @type gotEOF: L{bool} @ivar gotOneClose: True if the other side closed the connection. @type gotOneClose: L{bool} @ivar gotClosed: True if the channel is closed. @type gotClosed: L{bool} """ name = b"TestChannel" gotOpen = False gotClosed = False def logPrefix(self): return "TestChannel %i" % self.id def channelOpen(self, specificData): """ The channel is open. Set up the instance variables. """ self.gotOpen = True self.specificData = specificData self.inBuffer = [] self.extBuffer = [] self.numberRequests = 0 self.gotEOF = False self.gotOneClose = False self.gotClosed = False def openFailed(self, reason): """ Opening the channel failed. Store the reason why. """ self.openFailureReason = reason def request_test(self, data): """ A test request. Return True if data is 'data'. @type data: L{bytes} """ self.numberRequests += 1 return data == b"data" def dataReceived(self, data): """ Data was received. Store it in the buffer. """ self.inBuffer.append(data) def extReceived(self, code, data): """ Extended data was received. Store it in the buffer. """ self.extBuffer.append((code, data)) def eofReceived(self): """ EOF was received. Remember it. """ self.gotEOF = True def closeReceived(self): """ Close was received. Remember it. """ self.gotOneClose = True def closed(self): """ The channel is closed. Rembember it. """ self.gotClosed = True class TestAvatar: """ A mocked-up version of twisted.conch.avatar.ConchUser """ _ARGS_ERROR_CODE = 123 def lookupChannel(self, channelType, windowSize, maxPacket, data): """ The server wants us to return a channel. If the requested channel is our TestChannel, return it, otherwise return None. """ if channelType == TestChannel.name: return TestChannel( remoteWindow=windowSize, remoteMaxPacket=maxPacket, data=data, avatar=self, ) elif channelType == b"conch-error-args": # Raise a ConchError with backwards arguments to make sure the # connection fixes it for us. This case should be deprecated and # deleted eventually, but only after all of Conch gets the argument # order right. raise error.ConchError(self._ARGS_ERROR_CODE, "error args in wrong order") def gotGlobalRequest(self, requestType, data): """ The client has made a global request. If the global request is 'TestGlobal', return True. If the global request is 'TestData', return True and the request-specific data we received. Otherwise, return False. """ if requestType == b"TestGlobal": return True elif requestType == b"TestData": return True, data else: return False class TestConnection(connection.SSHConnection): """ A subclass of SSHConnection for testing. @ivar channel: the current channel. @type channel. C{TestChannel} """ if not cryptography: skip = "Cannot run without cryptography" def logPrefix(self): return "TestConnection" def global_TestGlobal(self, data): """ The other side made the 'TestGlobal' global request. Return True. """ return True def global_Test_Data(self, data): """ The other side made the 'Test-Data' global request. Return True and the data we received. """ return True, data def channel_TestChannel(self, windowSize, maxPacket, data): """ The other side is requesting the TestChannel. Create a C{TestChannel} instance, store it, and return it. """ self.channel = TestChannel( remoteWindow=windowSize, remoteMaxPacket=maxPacket, data=data ) return self.channel def channel_ErrorChannel(self, windowSize, maxPacket, data): """ The other side is requesting the ErrorChannel. Raise an exception. """ raise AssertionError("no such thing") class ConnectionTests(unittest.TestCase): if not cryptography: skip = "Cannot run without cryptography" def setUp(self): self.transport = test_userauth.FakeTransport(None) self.transport.avatar = TestAvatar() self.conn = TestConnection() self.conn.transport = self.transport self.conn.serviceStarted() def _openChannel(self, channel): """ Open the channel with the default connection. """ self.conn.openChannel(channel) self.transport.packets = self.transport.packets[:-1] self.conn.ssh_CHANNEL_OPEN_CONFIRMATION( struct.pack(">2L", channel.id, 255) + b"\x00\x02\x00\x00\x00\x00\x80\x00" ) def tearDown(self): self.conn.serviceStopped() def test_linkAvatar(self): """ Test that the connection links itself to the avatar in the transport. """ self.assertIs(self.transport.avatar.conn, self.conn) def test_serviceStopped(self): """ Test that serviceStopped() closes any open channels. """ channel1 = TestChannel() channel2 = TestChannel() self.conn.openChannel(channel1) self.conn.openChannel(channel2) self.conn.ssh_CHANNEL_OPEN_CONFIRMATION(b"\x00\x00\x00\x00" 4) self.assertTrue(channel1.gotOpen) self.assertFalse(channel1.gotClosed) self.assertFalse(channel2.gotOpen) self.assertFalse(channel2.gotClosed) self.conn.serviceStopped() self.assertTrue(channel1.gotClosed) self.assertFalse(channel2.gotOpen) self.assertFalse(channel2.gotClosed) from twisted.internet.error import ConnectionLost self.assertIsInstance(channel2.openFailureReason, ConnectionLost) def test_GLOBAL_REQUEST(self): """ Test that global request packets are dispatched to the global_* methods and the return values are translated into success or failure messages. """ self.conn.ssh_GLOBAL_REQUEST(common.NS(b"TestGlobal") + b"\xff") self.assertEqual( self.transport.packets, [(connection.MSG_REQUEST_SUCCESS, b"")] ) self.transport.packets = [] self.conn.ssh_GLOBAL_REQUEST(common.NS(b"TestData") + b"\xff" + b"test data") self.assertEqual( self.transport.packets, [(connection.MSG_REQUEST_SUCCESS, b"test data")] ) self.transport.packets = [] self.conn.ssh_GLOBAL_REQUEST(common.NS(b"TestBad") + b"\xff") self.assertEqual( self.transport.packets, [(connection.MSG_REQUEST_FAILURE, b"")] ) self.transport.packets = [] self.conn.ssh_GLOBAL_REQUEST(common.NS(b"TestGlobal") + b"\x00") self.assertEqual(self.transport.packets, []) def test_REQUEST_SUCCESS(self): """ Test that global request success packets cause the Deferred to be called back. """ d = self.conn.sendGlobalRequest(b"request", b"data", True) self.conn.ssh_REQUEST_SUCCESS(b"data") def check(data): self.assertEqual(data, b"data") d.addCallback(check) d.addErrback(self.fail) return d def test_REQUEST_FAILURE(self): """ Test that global request failure packets cause the Deferred to be erred back. """ d = self.conn.sendGlobalRequest(b"request", b"data", True) self.conn.ssh_REQUEST_FAILURE(b"data") def check(f): self.assertEqual(f.value.data, b"data") d.addCallback(self.fail) d.addErrback(check) return d def test_CHANNEL_OPEN(self): """ Test that open channel packets cause a channel to be created and opened or a failure message to be returned. """ del self.transport.avatar self.conn.ssh_CHANNEL_OPEN(common.NS(b"TestChannel") + b"\x00\x00\x00\x01" * 4) self.assertTrue(self.conn.channel.gotOpen) self.assertEqual(self.conn.channel.conn, self.conn) self.assertEqual(self.conn.channel.data, b"\x00\x00\x00\x01") self.assertEqual(self.conn.channel.specificData, b"\x00\x00\x00\x01") self.assertEqual(self.conn.channel.remoteWindowLeft, 1) self.assertEqual(self.conn.channel.remoteMaxPacket, 1) self.assertEqual( self.transport.packets, [ ( connection.MSG_CHANNEL_OPEN_CONFIRMATION, b"\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x00" b"\x00\x00\x80\x00", ) ], ) self.transport.packets = [] self.conn.ssh_CHANNEL_OPEN(common.NS(b"BadChannel") + b"\x00\x00\x00\x02" * 4) self.flushLoggedErrors() self.assertEqual( self.transport.packets, [ ( connection.MSG_CHANNEL_OPEN_FAILURE, b"\x00\x00\x00\x02\x00\x00\x00\x03" + common.NS(b"unknown channel") + common.NS(b""), ) ], ) self.transport.packets = [] self.conn.ssh_CHANNEL_OPEN(common.NS(b"ErrorChannel") + b"\x00\x00\x00\x02" * 4) self.flushLoggedErrors() self.assertEqual( self.transport.packets, [ ( connection.MSG_CHANNEL_OPEN_FAILURE, b"\x00\x00\x00\x02\x00\x00\x00\x02" + common.NS(b"unknown failure") + common.NS(b""), ) ], ) def _lookupChannelErrorTest(self, code): """ Deliver a request for a channel open which will result in an exception being raised during channel lookup. Assert that an error response is delivered as a result. """ self.transport.avatar._ARGS_ERROR_CODE = code self.conn.ssh_CHANNEL_OPEN( common.NS(b"conch-error-args") + b"\x00\x00\x00\x01" * 4 ) errors = self.flushLoggedErrors(error.ConchError) self.assertEqual(len(errors), 1, f"Expected one error, got: {errors!r}") self.assertEqual(errors[0].value.args, (123, "error args in wrong order")) self.assertEqual( self.transport.packets, [ ( connection.MSG_CHANNEL_OPEN_FAILURE, # The response includes some bytes which identifying the # associated request, as well as the error code (7b in hex) and # the error message. b"\x00\x00\x00\x01\x00\x00\x00\x7b" + common.NS(b"error args in wrong order") + common.NS(b""), ) ], ) def test_lookupChannelError(self): """ If a C{lookupChannel} implementation raises L{error.ConchError} with the arguments in the wrong order, a C{MSG_CHANNEL_OPEN} failure is still sent in response to the message. This is a temporary work-around until L{error.ConchError} is given better attributes and all of the Conch code starts constructing instances of it properly. Eventually this functionality should be deprecated and then removed. """ self._lookupChannelErrorTest(123) def test_CHANNEL_OPEN_CONFIRMATION(self): """ Test that channel open confirmation packets cause the channel to be notified that it's open. """ channel = TestChannel() self.conn.openChannel(channel) self.conn.ssh_CHANNEL_OPEN_CONFIRMATION(b"\x00\x00\x00\x00" * 5) self.assertEqual(channel.remoteWindowLeft, 0) self.assertEqual(channel.remoteMaxPacket, 0) self.assertEqual(channel.specificData, b"\x00\x00\x00\x00") self.assertEqual(self.conn.channelsToRemoteChannel[channel], 0) self.assertEqual(self.conn.localToRemoteChannel[0], 0) def test_CHANNEL_OPEN_FAILURE(self): """ Test that channel open failure packets cause the channel to be notified that its opening failed. """ channel = TestChannel() self.conn.openChannel(channel) self.conn.ssh_CHANNEL_OPEN_FAILURE( b"\x00\x00\x00\x00\x00\x00\x00" b"\x01" + common.NS(b"failure!") ) self.assertEqual(channel.openFailureReason.args, (b"failure!", 1)) self.assertIsNone(self.conn.channels.get(channel)) def test_CHANNEL_WINDOW_ADJUST(self): """ Test that channel window adjust messages add bytes to the channel window. """ channel = TestChannel() self._openChannel(channel) oldWindowSize = channel.remoteWindowLeft self.conn.ssh_CHANNEL_WINDOW_ADJUST(b"\x00\x00\x00\x00\x00\x00\x00" b"\x01") self.assertEqual(channel.remoteWindowLeft, oldWindowSize + 1) def test_CHANNEL_DATA(self): """ Test that channel data messages are passed up to the channel, or cause the channel to be closed if the data is too large. """ channel = TestChannel(localWindow=6, localMaxPacket=5) self._openChannel(channel) self.conn.ssh_CHANNEL_DATA(b"\x00\x00\x00\x00" + common.NS(b"data")) self.assertEqual(channel.inBuffer, [b"data"]) self.assertEqual( self.transport.packets, [ ( connection.MSG_CHANNEL_WINDOW_ADJUST, b"\x00\x00\x00\xff" b"\x00\x00\x00\x04", ) ], ) self.transport.packets = [] longData = b"a" * (channel.localWindowLeft + 1) self.conn.ssh_CHANNEL_DATA(b"\x00\x00\x00\x00" + common.NS(longData)) self.assertEqual(channel.inBuffer, [b"data"]) self.assertEqual( self.transport.packets, [(connection.MSG_CHANNEL_CLOSE, b"\x00\x00\x00\xff")], ) channel = TestChannel() self._openChannel(channel) bigData = b"a" * (channel.localMaxPacket + 1) self.transport.packets = [] self.conn.ssh_CHANNEL_DATA(b"\x00\x00\x00\x01" + common.NS(bigData)) self.assertEqual(channel.inBuffer, []) self.assertEqual( self.transport.packets, [(connection.MSG_CHANNEL_CLOSE, b"\x00\x00\x00\xff")], ) def test_CHANNEL_EXTENDED_DATA(self): """ Test that channel extended data messages are passed up to the channel, or cause the channel to be closed if they're too big. """ channel = TestChannel(localWindow=6, localMaxPacket=5) self._openChannel(channel) self.conn.ssh_CHANNEL_EXTENDED_DATA( b"\x00\x00\x00\x00\x00\x00\x00" b"\x00" + common.NS(b"data") ) self.assertEqual(channel.extBuffer, [(0, b"data")]) self.assertEqual( self.transport.packets, [ ( connection.MSG_CHANNEL_WINDOW_ADJUST, b"\x00\x00\x00\xff" b"\x00\x00\x00\x04", ) ], ) self.transport.packets = [] longData = b"a" * (channel.localWindowLeft + 1) self.conn.ssh_CHANNEL_EXTENDED_DATA( b"\x00\x00\x00\x00\x00\x00\x00" b"\x00" + common.NS(longData) ) self.assertEqual(channel.extBuffer, [(0, b"data")]) self.assertEqual( self.transport.packets, [(connection.MSG_CHANNEL_CLOSE, b"\x00\x00\x00\xff")], ) channel = TestChannel() self._openChannel(channel) bigData = b"a" * (channel.localMaxPacket + 1) self.transport.packets = [] self.conn.ssh_CHANNEL_EXTENDED_DATA( b"\x00\x00\x00\x01\x00\x00\x00" b"\x00" + common.NS(bigData) ) self.assertEqual(channel.extBuffer, []) self.assertEqual( self.transport.packets, [(connection.MSG_CHANNEL_CLOSE, b"\x00\x00\x00\xff")], ) def test_CHANNEL_EOF(self): """ Test that channel eof messages are passed up to the channel. """ channel = TestChannel() self._openChannel(channel) self.conn.ssh_CHANNEL_EOF(b"\x00\x00\x00\x00") self.assertTrue(channel.gotEOF) def test_CHANNEL_CLOSE(self): """ Test that channel close messages are passed up to the channel. Also, test that channel.close() is called if both sides are closed when this message is received. """ channel = TestChannel() self._openChannel(channel) self.assertTrue(channel.gotOpen) self.assertFalse(channel.gotOneClose) self.assertFalse(channel.gotClosed) self.conn.sendClose(channel) self.conn.ssh_CHANNEL_CLOSE(b"\x00\x00\x00\x00") self.assertTrue(channel.gotOneClose) self.assertTrue(channel.gotClosed) def test_CHANNEL_REQUEST_success(self): """ Test that channel requests that succeed send MSG_CHANNEL_SUCCESS. """ channel = TestChannel() self._openChannel(channel) self.conn.ssh_CHANNEL_REQUEST( b"\x00\x00\x00\x00" + common.NS(b"test") + b"\x00" ) self.assertEqual(channel.numberRequests, 1) d = self.conn.ssh_CHANNEL_REQUEST( b"\x00\x00\x00\x00" + common.NS(b"test") + b"\xff" + b"data" ) def check(result): self.assertEqual( self.transport.packets, [(connection.MSG_CHANNEL_SUCCESS, b"\x00\x00\x00\xff")], ) d.addCallback(check) return d def test_CHANNEL_REQUEST_failure(self): """ Test that channel requests that fail send MSG_CHANNEL_FAILURE. """ channel = TestChannel() self._openChannel(channel) d = self.conn.ssh_CHANNEL_REQUEST( b"\x00\x00\x00\x00" + common.NS(b"test") + b"\xff" ) def check(result): self.assertEqual( self.transport.packets, [(connection.MSG_CHANNEL_FAILURE, b"\x00\x00\x00\xff")], ) d.addCallback(self.fail) d.addErrback(check) return d def test_CHANNEL_REQUEST_SUCCESS(self): """ Test that channel request success messages cause the Deferred to be called back. """ channel = TestChannel() self._openChannel(channel) d = self.conn.sendRequest(channel, b"test", b"data", True) self.conn.ssh_CHANNEL_SUCCESS(b"\x00\x00\x00\x00") def check(result): self.assertTrue(result) return d def test_CHANNEL_REQUEST_FAILURE(self): """ Test that channel request failure messages cause the Deferred to be erred back. """ channel = TestChannel() self._openChannel(channel) d = self.conn.sendRequest(channel, b"test", b"", True) self.conn.ssh_CHANNEL_FAILURE(b"\x00\x00\x00\x00") def check(result): self.assertEqual(result.value.value, "channel request failed") d.addCallback(self.fail) d.addErrback(check) return d def test_sendGlobalRequest(self): """ Test that global request messages are sent in the right format. """ d = self.conn.sendGlobalRequest(b"wantReply", b"data", True) # must be added to prevent errbacking during teardown d.addErrback(lambda failure: None) self.conn.sendGlobalRequest(b"noReply", b"", False) self.assertEqual( self.transport.packets, [ (connection.MSG_GLOBAL_REQUEST, common.NS(b"wantReply") + b"\xffdata"), (connection.MSG_GLOBAL_REQUEST, common.NS(b"noReply") + b"\x00"), ], ) self.assertEqual(self.conn.deferreds, {"global": [d]}) def test_openChannel(self): """ Test that open channel messages are sent in the right format. """ channel = TestChannel() self.conn.openChannel(channel, b"aaaa") self.assertEqual( self.transport.packets, [ ( connection.MSG_CHANNEL_OPEN, common.NS(b"TestChannel") + b"\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x80\x00aaaa", ) ], ) self.assertEqual(channel.id, 0) self.assertEqual(self.conn.localChannelID, 1) def test_sendRequest(self): """ Test that channel request messages are sent in the right format. """ channel = TestChannel() self._openChannel(channel) d = self.conn.sendRequest(channel, b"test", b"test", True) # needed to prevent errbacks during teardown. d.addErrback(lambda failure: None) self.conn.sendRequest(channel, b"test2", b"", False) channel.localClosed = True # emulate sending a close message self.conn.sendRequest(channel, b"test3", b"", True) self.assertEqual( self.transport.packets, [ ( connection.MSG_CHANNEL_REQUEST, b"\x00\x00\x00\xff" + common.NS(b"test") + b"\x01test", ), ( connection.MSG_CHANNEL_REQUEST, b"\x00\x00\x00\xff" + common.NS(b"test2") + b"\x00", ), ], ) self.assertEqual(self.conn.deferreds[0], [d]) def test_adjustWindow(self): """ Test that channel window adjust messages cause bytes to be added to the window. """ channel = TestChannel(localWindow=5) self._openChannel(channel) channel.localWindowLeft = 0 self.conn.adjustWindow(channel, 1) self.assertEqual(channel.localWindowLeft, 1) channel.localClosed = True self.conn.adjustWindow(channel, 2) self.assertEqual(channel.localWindowLeft, 1) self.assertEqual( self.transport.packets, [ ( connection.MSG_CHANNEL_WINDOW_ADJUST, b"\x00\x00\x00\xff" b"\x00\x00\x00\x01", ) ], ) def test_sendData(self): """ Test that channel data messages are sent in the right format. """ channel = TestChannel() self._openChannel(channel) self.conn.sendData(channel, b"a") channel.localClosed = True self.conn.sendData(channel, b"b") self.assertEqual( self.transport.packets, [(connection.MSG_CHANNEL_DATA, b"\x00\x00\x00\xff" + common.NS(b"a"))], ) def test_sendExtendedData(self): """ Test that channel extended data messages are sent in the right format. """ channel = TestChannel() self._openChannel(channel) self.conn.sendExtendedData(channel, 1, b"test") channel.localClosed = True self.conn.sendExtendedData(channel, 2, b"test2") self.assertEqual( self.transport.packets, [ ( connection.MSG_CHANNEL_EXTENDED_DATA, b"\x00\x00\x00\xff" + b"\x00\x00\x00\x01" + common.NS(b"test"), ) ], ) def test_sendEOF(self): """ Test that channel EOF messages are sent in the right format. """ channel = TestChannel() self._openChannel(channel) self.conn.sendEOF(channel) self.assertEqual( self.transport.packets, [(connection.MSG_CHANNEL_EOF, b"\x00\x00\x00\xff")] ) channel.localClosed = True self.conn.sendEOF(channel) self.assertEqual( self.transport.packets, [(connection.MSG_CHANNEL_EOF, b"\x00\x00\x00\xff")] ) def test_sendClose(self): """ Test that channel close messages are sent in the right format. """ channel = TestChannel() self._openChannel(channel) self.conn.sendClose(channel) self.assertTrue(channel.localClosed) self.assertEqual( self.transport.packets, [(connection.MSG_CHANNEL_CLOSE, b"\x00\x00\x00\xff")], ) self.conn.sendClose(channel) self.assertEqual( self.transport.packets, [(connection.MSG_CHANNEL_CLOSE, b"\x00\x00\x00\xff")], ) channel2 = TestChannel() self._openChannel(channel2) self.assertTrue(channel2.gotOpen) self.assertFalse(channel2.gotClosed) channel2.remoteClosed = True self.conn.sendClose(channel2) self.assertTrue(channel2.gotClosed) def test_getChannelWithAvatar(self): """ Test that getChannel dispatches to the avatar when an avatar is present. Correct functioning without the avatar is verified in test_CHANNEL_OPEN. """ channel = self.conn.getChannel(b"TestChannel", 50, 30, b"data") self.assertEqual(channel.data, b"data") self.assertEqual(channel.remoteWindowLeft, 50) self.assertEqual(channel.remoteMaxPacket, 30) self.assertRaises( error.ConchError, self.conn.getChannel, b"BadChannel", 50, 30, b"data" ) def test_gotGlobalRequestWithoutAvatar(self): """ Test that gotGlobalRequests dispatches to global_* without an avatar. """ del self.transport.avatar self.assertTrue(self.conn.gotGlobalRequest(b"TestGlobal", b"data")) self.assertEqual( self.conn.gotGlobalRequest(b"Test-Data", b"data"), (True, b"data") ) self.assertFalse(self.conn.gotGlobalRequest(b"BadGlobal", b"data")) def test_channelClosedCausesLeftoverChannelDeferredsToErrback(self): """ Whenever an SSH channel gets closed any Deferred that was returned by a sendRequest() on its parent connection must be errbacked. """ channel = TestChannel() self._openChannel(channel) d = self.conn.sendRequest(channel, b"dummyrequest", b"dummydata", wantReply=1) d = self.assertFailure(d, error.ConchError) self.conn.channelClosed(channel) return d class CleanConnectionShutdownTests(unittest.TestCase): """ Check whether correct cleanup is performed on connection shutdown. """ if not cryptography: skip = "Cannot run without cryptography" def setUp(self): self.transport = test_userauth.FakeTransport(None) self.transport.avatar = TestAvatar() self.conn = TestConnection() self.conn.transport = self.transport def test_serviceStoppedCausesLeftoverGlobalDeferredsToErrback(self): """ Once the service is stopped any leftover global deferred returned by a sendGlobalRequest() call must be errbacked. """ self.conn.serviceStarted() d = self.conn.sendGlobalRequest(b"dummyrequest", b"dummydata", wantReply=1) d = self.assertFailure(d, error.ConchError) self.conn.serviceStopped() return d ��test/test_filetransfer.py��0000644��00000100555�15027667726�0011650 0��ustar�00��# -- test-case-name: twisted.conch.test.test_filetransfer -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE file for details. """ Tests for L{twisted.conch.ssh.filetransfer}. """ import os import re import struct from unittest import skipIf from hamcrest import assert_that, equal_to from twisted.internet import defer from twisted.internet.error import ConnectionLost from twisted.protocols import loopback from twisted.python import components from twisted.python.compat import _PY37PLUS from twisted.python.filepath import FilePath from twisted.test.proto_helpers import StringTransport from twisted.trial.unittest import TestCase try: from twisted.conch import unix as _unix except ImportError: unix = None else: unix = _unix try: from twisted.conch.unix import ( SFTPServerForUnixConchUser as _SFTPServerForUnixConchUser, ) except ImportError: SFTPServerForUnixConchUser = None else: SFTPServerForUnixConchUser = _SFTPServerForUnixConchUser try: import cryptography as _cryptography except ImportError: cryptography = None else: cryptography = _cryptography try: from twisted.conch.avatar import ConchUser as _ConchUser except ImportError: ConchUser = object else: ConchUser = _ConchUser # type: ignore[misc] try: from twisted.conch.ssh import common, connection, filetransfer, session except ImportError: pass class TestAvatar(ConchUser): def __init__(self): ConchUser.__init__(self) self.channelLookup[b"session"] = session.SSHSession self.subsystemLookup[b"sftp"] = filetransfer.FileTransferServer def _runAsUser(self, f, args, kw): try: f = iter(f) except TypeError: f = [(f, args, kw)] for i in f: func = i[0] args = len(i) > 1 and i[1] or () kw = len(i) > 2 and i[2] or {} r = func(args, *kw) return r class FileTransferTestAvatar(TestAvatar): def __init__(self, homeDir): TestAvatar.__init__(self) self.homeDir = homeDir def getHomeDir(self): return FilePath(os.getcwd()).preauthChild(self.homeDir.path) class ConchSessionForTestAvatar: def __init__(self, avatar): self.avatar = avatar if SFTPServerForUnixConchUser is None: # unix should either be a fully working module, or None. I'm not sure # how this happens, but on win32 it does. Try to cope. --spiv. import warnings warnings.warn( ( "twisted.conch.unix imported %r, " "but doesn't define SFTPServerForUnixConchUser'" ) % (unix,) ) else: class FileTransferForTestAvatar(SFTPServerForUnixConchUser): # type: ignore[misc,valid-type] def gotVersion(self, version, otherExt): return {b"conchTest": b"ext data"} def extendedRequest(self, extName, extData): if extName == b"testExtendedRequest": return b"bar" raise NotImplementedError components.registerAdapter( FileTransferForTestAvatar, TestAvatar, filetransfer.ISFTPServer ) class SFTPTestBase(TestCase): def setUp(self): self.testDir = FilePath(self.mktemp()) # Give the testDir another level so we can safely "cd .." from it in # tests. self.testDir = self.testDir.child("extra") self.testDir.child("testDirectory").makedirs(True) with self.testDir.child("testfile1").open(mode="wb") as f: f.write(b"a" 10 + b"b" * 10) with open("/dev/urandom", "rb") as f2: f.write(f2.read(1024 * 64)) # random data self.testDir.child("testfile1").chmod(0o644) with self.testDir.child("testRemoveFile").open(mode="wb") as f: f.write(b"a") with self.testDir.child("testRenameFile").open(mode="wb") as f: f.write(b"a") with self.testDir.child(".testHiddenFile").open(mode="wb") as f: f.write(b"a") @skipIf(not unix, "can't run on non-posix computers") class OurServerOurClientTests(SFTPTestBase): def setUp(self): SFTPTestBase.setUp(self) self.avatar = FileTransferTestAvatar(self.testDir) self.server = filetransfer.FileTransferServer(avatar=self.avatar) clientTransport = loopback.LoopbackRelay(self.server) self.client = filetransfer.FileTransferClient() self._serverVersion = None self._extData = None def _(serverVersion, extData): self._serverVersion = serverVersion self._extData = extData self.client.gotServerVersion = _ serverTransport = loopback.LoopbackRelay(self.client) self.client.makeConnection(clientTransport) self.server.makeConnection(serverTransport) self.clientTransport = clientTransport self.serverTransport = serverTransport self._emptyBuffers() def _emptyBuffers(self): while self.serverTransport.buffer or self.clientTransport.buffer: self.serverTransport.clearBuffer() self.clientTransport.clearBuffer() def tearDown(self): self.serverTransport.loseConnection() self.clientTransport.loseConnection() self.serverTransport.clearBuffer() self.clientTransport.clearBuffer() def test_serverVersion(self): self.assertEqual(self._serverVersion, 3) self.assertEqual(self._extData, {b"conchTest": b"ext data"}) def test_interface_implementation(self): """ It implements the ISFTPServer interface. """ self.assertTrue( filetransfer.ISFTPServer.providedBy(self.server.client), f"ISFTPServer not provided by {self.server.client!r}", ) def test_openedFileClosedWithConnection(self): """ A file opened with C{openFile} is closed when the connection is lost. """ d = self.client.openFile( b"testfile1", filetransfer.FXF_READ \| filetransfer.FXF_WRITE, {} ) self._emptyBuffers() oldClose = os.close closed = [] def close(fd): closed.append(fd) oldClose(fd) self.patch(os, "close", close) def _fileOpened(openFile): fd = self.server.openFiles[openFile.handle[4:]].fd self.serverTransport.loseConnection() self.clientTransport.loseConnection() self.serverTransport.clearBuffer() self.clientTransport.clearBuffer() self.assertEqual(self.server.openFiles, {}) self.assertIn(fd, closed) d.addCallback(_fileOpened) return d def test_openedDirectoryClosedWithConnection(self): """ A directory opened with C{openDirectory} is close when the connection is lost. """ d = self.client.openDirectory("") self._emptyBuffers() def _getFiles(openDir): self.serverTransport.loseConnection() self.clientTransport.loseConnection() self.serverTransport.clearBuffer() self.clientTransport.clearBuffer() self.assertEqual(self.server.openDirs, {}) d.addCallback(_getFiles) return d def test_openFileIO(self): d = self.client.openFile( b"testfile1", filetransfer.FXF_READ \| filetransfer.FXF_WRITE, {} ) self._emptyBuffers() def _fileOpened(openFile): self.assertEqual(openFile, filetransfer.ISFTPFile(openFile)) d = _readChunk(openFile) d.addCallback(_writeChunk, openFile) return d def _readChunk(openFile): d = openFile.readChunk(0, 20) self._emptyBuffers() d.addCallback(self.assertEqual, b"a" * 10 + b"b" * 10) return d def _writeChunk(_, openFile): d = openFile.writeChunk(20, b"c" * 10) self._emptyBuffers() d.addCallback(_readChunk2, openFile) return d def _readChunk2(_, openFile): d = openFile.readChunk(0, 30) self._emptyBuffers() d.addCallback(self.assertEqual, b"a" * 10 + b"b" * 10 + b"c" * 10) return d d.addCallback(_fileOpened) return d def test_closedFileGetAttrs(self): d = self.client.openFile( b"testfile1", filetransfer.FXF_READ \| filetransfer.FXF_WRITE, {} ) self._emptyBuffers() def _getAttrs(_, openFile): d = openFile.getAttrs() self._emptyBuffers() return d def _err(f): self.flushLoggedErrors() return f def _close(openFile): d = openFile.close() self._emptyBuffers() d.addCallback(_getAttrs, openFile) d.addErrback(_err) return self.assertFailure(d, filetransfer.SFTPError) d.addCallback(_close) return d def test_openFileAttributes(self): d = self.client.openFile( b"testfile1", filetransfer.FXF_READ \| filetransfer.FXF_WRITE, {} ) self._emptyBuffers() def _getAttrs(openFile): d = openFile.getAttrs() self._emptyBuffers() d.addCallback(_getAttrs2) return d def _getAttrs2(attrs1): d = self.client.getAttrs(b"testfile1") self._emptyBuffers() d.addCallback(self.assertEqual, attrs1) return d return d.addCallback(_getAttrs) def test_openFileSetAttrs(self): # XXX test setAttrs # Ok, how about this for a start? It caught a bug :) -- spiv. d = self.client.openFile( b"testfile1", filetransfer.FXF_READ \| filetransfer.FXF_WRITE, {} ) self._emptyBuffers() def _getAttrs(openFile): d = openFile.getAttrs() self._emptyBuffers() d.addCallback(_setAttrs) return d def _setAttrs(attrs): attrs["atime"] = 0 d = self.client.setAttrs(b"testfile1", attrs) self._emptyBuffers() d.addCallback(_getAttrs2) d.addCallback(self.assertEqual, attrs) return d def _getAttrs2(_): d = self.client.getAttrs(b"testfile1") self._emptyBuffers() return d d.addCallback(_getAttrs) return d def test_openFileExtendedAttributes(self): """ Check that L{filetransfer.FileTransferClient.openFile} can send extended attributes, that should be extracted server side. By default, they are ignored, so we just verify they are correctly parsed. """ savedAttributes = {} oldOpenFile = self.server.client.openFile def openFile(filename, flags, attrs): savedAttributes.update(attrs) return oldOpenFile(filename, flags, attrs) self.server.client.openFile = openFile d = self.client.openFile( b"testfile1", filetransfer.FXF_READ \| filetransfer.FXF_WRITE, {"ext_foo": b"bar"}, ) self._emptyBuffers() def check(ign): self.assertEqual(savedAttributes, {"ext_foo": b"bar"}) return d.addCallback(check) def test_removeFile(self): d = self.client.getAttrs(b"testRemoveFile") self._emptyBuffers() def _removeFile(ignored): d = self.client.removeFile(b"testRemoveFile") self._emptyBuffers() return d d.addCallback(_removeFile) d.addCallback(_removeFile) return self.assertFailure(d, filetransfer.SFTPError) def test_renameFile(self): d = self.client.getAttrs(b"testRenameFile") self._emptyBuffers() def _rename(attrs): d = self.client.renameFile(b"testRenameFile", b"testRenamedFile") self._emptyBuffers() d.addCallback(_testRenamed, attrs) return d def _testRenamed(_, attrs): d = self.client.getAttrs(b"testRenamedFile") self._emptyBuffers() d.addCallback(self.assertEqual, attrs) return d.addCallback(_rename) def test_directoryBad(self): d = self.client.getAttrs(b"testMakeDirectory") self._emptyBuffers() return self.assertFailure(d, filetransfer.SFTPError) def test_directoryCreation(self): d = self.client.makeDirectory(b"testMakeDirectory", {}) self._emptyBuffers() def _getAttrs(_): d = self.client.getAttrs(b"testMakeDirectory") self._emptyBuffers() return d # XXX not until version 4/5 # self.assertEqual(filetransfer.FILEXFER_TYPE_DIRECTORY&attrs['type'], # filetransfer.FILEXFER_TYPE_DIRECTORY) def _removeDirectory(_): d = self.client.removeDirectory(b"testMakeDirectory") self._emptyBuffers() return d d.addCallback(_getAttrs) d.addCallback(_removeDirectory) d.addCallback(_getAttrs) return self.assertFailure(d, filetransfer.SFTPError) def test_openDirectory(self): d = self.client.openDirectory(b"") self._emptyBuffers() files = [] def _getFiles(openDir): def append(f): files.append(f) return openDir d = defer.maybeDeferred(openDir.next) self._emptyBuffers() d.addCallback(append) d.addCallback(_getFiles) d.addErrback(_close, openDir) return d def _checkFiles(ignored): fs = list(list(zip(files))[0]) fs.sort() self.assertEqual( fs, [ b".testHiddenFile", b"testDirectory", b"testRemoveFile", b"testRenameFile", b"testfile1", ], ) def _close(_, openDir): d = openDir.close() self._emptyBuffers() return d d.addCallback(_getFiles) d.addCallback(_checkFiles) return d def test_linkDoesntExist(self): d = self.client.getAttrs(b"testLink") self._emptyBuffers() return self.assertFailure(d, filetransfer.SFTPError) def test_linkSharesAttrs(self): d = self.client.makeLink(b"testLink", b"testfile1") self._emptyBuffers() def _getFirstAttrs(_): d = self.client.getAttrs(b"testLink", 1) self._emptyBuffers() return d def _getSecondAttrs(firstAttrs): d = self.client.getAttrs(b"testfile1") self._emptyBuffers() d.addCallback(self.assertEqual, firstAttrs) return d d.addCallback(_getFirstAttrs) return d.addCallback(_getSecondAttrs) def test_linkPath(self): d = self.client.makeLink(b"testLink", b"testfile1") self._emptyBuffers() def _readLink(_): d = self.client.readLink(b"testLink") self._emptyBuffers() testFile = FilePath(os.getcwd()).preauthChild(self.testDir.path) testFile = testFile.child("testfile1") d.addCallback(self.assertEqual, testFile.path) return d def _realPath(_): d = self.client.realPath(b"testLink") self._emptyBuffers() testLink = FilePath(os.getcwd()).preauthChild(self.testDir.path) testLink = testLink.child("testfile1") d.addCallback(self.assertEqual, testLink.path) return d d.addCallback(_readLink) d.addCallback(_realPath) return d def test_extendedRequest(self): d = self.client.extendedRequest(b"testExtendedRequest", b"foo") self._emptyBuffers() d.addCallback(self.assertEqual, b"bar") d.addCallback(self._cbTestExtendedRequest) return d def _cbTestExtendedRequest(self, ignored): d = self.client.extendedRequest(b"testBadRequest", b"") self._emptyBuffers() return self.assertFailure(d, NotImplementedError) @defer.inlineCallbacks @skipIf(_PY37PLUS, "Broken by PEP 479 and deprecated.") def test_openDirectoryIterator(self): """ Check that the object returned by L{filetransfer.FileTransferClient.openDirectory} can be used as an iterator. """ # This function is a little more complicated than it would be # normally, since we need to call _emptyBuffers() after # creating any SSH-related Deferreds, but before waiting on # them via yield. d = self.client.openDirectory(b"") self._emptyBuffers() openDir = yield d filenames = set() try: for f in openDir: self._emptyBuffers() (filename, _, fileattrs) = yield f filenames.add(filename) finally: d = openDir.close() self._emptyBuffers() yield d self._emptyBuffers() self.assertEqual( filenames, { b".testHiddenFile", b"testDirectory", b"testRemoveFile", b"testRenameFile", b"testfile1", }, ) @defer.inlineCallbacks def test_openDirectoryIteratorDeprecated(self): """ Using client.openDirectory as an iterator is deprecated. """ d = self.client.openDirectory(b"") self._emptyBuffers() openDir = yield d oneFile = openDir.next() self._emptyBuffers() yield oneFile warnings = self.flushWarnings() message = ( "Using twisted.conch.ssh.filetransfer.ClientDirectory" " as an iterator was deprecated in Twisted 18.9.0." ) self.assertEqual(1, len(warnings)) self.assertEqual(DeprecationWarning, warnings[0]["category"]) self.assertEqual(message, warnings[0]["message"]) @defer.inlineCallbacks def test_closedConnectionCancelsRequests(self): """ If there are requests outstanding when the connection is closed for any reason, they should fail. """ d = self.client.openFile(b"testfile1", filetransfer.FXF_READ, {}) self._emptyBuffers() fh = yield d # Intercept the handling of the read request on the server side gotReadRequest = [] def _slowRead(offset, length): self.assertEqual(gotReadRequest, []) d = defer.Deferred() gotReadRequest.append(offset) return d [serverSideFh] = self.server.openFiles.values() serverSideFh.readChunk = _slowRead del serverSideFh # Make a read request, dropping the connection before the reply # is sent d = fh.readChunk(100, 200) self._emptyBuffers() self.assertEqual(len(gotReadRequest), 1) self.assertNoResult(d) # Lost connection should cause an errback self.serverTransport.loseConnection() self.serverTransport.clearBuffer() self.clientTransport.clearBuffer() self._emptyBuffers() self.assertFalse(self.client.connected) self.failureResultOf(d, ConnectionLost) # Further attempts to use the filetransfer session should fail # immediately d = fh.getAttrs() self.failureResultOf(d, ConnectionLost) class FakeConn: def sendClose(self, channel): pass @skipIf(not unix, "can't run on non-posix computers") class FileTransferCloseTests(TestCase): def setUp(self): self.avatar = TestAvatar() def buildServerConnection(self): # make a server connection conn = connection.SSHConnection() # server connections have a 'self.transport.avatar'. class DummyTransport: def __init__(self): self.transport = self def sendPacket(self, kind, data): pass def logPrefix(self): return "dummy transport" conn.transport = DummyTransport() conn.transport.avatar = self.avatar return conn def interceptConnectionLost(self, sftpServer): self.connectionLostFired = False origConnectionLost = sftpServer.connectionLost def connectionLost(reason): self.connectionLostFired = True origConnectionLost(reason) sftpServer.connectionLost = connectionLost def assertSFTPConnectionLost(self): self.assertTrue( self.connectionLostFired, "sftpServer's connectionLost was not called" ) def test_sessionClose(self): """ Closing a session should notify an SFTP subsystem launched by that session. """ # make a session testSession = session.SSHSession(conn=FakeConn(), avatar=self.avatar) # start an SFTP subsystem on the session testSession.request_subsystem(common.NS(b"sftp")) sftpServer = testSession.client.transport.proto # intercept connectionLost so we can check that it's called self.interceptConnectionLost(sftpServer) # close session testSession.closeReceived() self.assertSFTPConnectionLost() def test_clientClosesChannelOnConnnection(self): """ A client sending CHANNEL_CLOSE should trigger closeReceived on the associated channel instance. """ conn = self.buildServerConnection() # somehow get a session packet = common.NS(b"session") + struct.pack(">L", 0) 3 conn.ssh_CHANNEL_OPEN(packet) sessionChannel = conn.channels[0] sessionChannel.request_subsystem(common.NS(b"sftp")) sftpServer = sessionChannel.client.transport.proto self.interceptConnectionLost(sftpServer) # intercept closeReceived self.interceptConnectionLost(sftpServer) # close the connection conn.ssh_CHANNEL_CLOSE(struct.pack(">L", 0)) self.assertSFTPConnectionLost() def test_stopConnectionServiceClosesChannel(self): """ Closing an SSH connection should close all sessions within it. """ conn = self.buildServerConnection() # somehow get a session packet = common.NS(b"session") + struct.pack(">L", 0) * 3 conn.ssh_CHANNEL_OPEN(packet) sessionChannel = conn.channels[0] sessionChannel.request_subsystem(common.NS(b"sftp")) sftpServer = sessionChannel.client.transport.proto self.interceptConnectionLost(sftpServer) # close the connection conn.serviceStopped() self.assertSFTPConnectionLost() @skipIf(not cryptography, "Cannot run without cryptography") class ConstantsTests(TestCase): """ Tests for the constants used by the SFTP protocol implementation. @ivar filexferSpecExcerpts: Excerpts from the draft-ietf-secsh-filexfer-02.txt (draft) specification of the SFTP protocol. There are more recent drafts of the specification, but this one describes version 3, which is what conch (and OpenSSH) implements. """ filexferSpecExcerpts = [ """ The following values are defined for packet types. #define SSH_FXP_INIT 1 #define SSH_FXP_VERSION 2 #define SSH_FXP_OPEN 3 #define SSH_FXP_CLOSE 4 #define SSH_FXP_READ 5 #define SSH_FXP_WRITE 6 #define SSH_FXP_LSTAT 7 #define SSH_FXP_FSTAT 8 #define SSH_FXP_SETSTAT 9 #define SSH_FXP_FSETSTAT 10 #define SSH_FXP_OPENDIR 11 #define SSH_FXP_READDIR 12 #define SSH_FXP_REMOVE 13 #define SSH_FXP_MKDIR 14 #define SSH_FXP_RMDIR 15 #define SSH_FXP_REALPATH 16 #define SSH_FXP_STAT 17 #define SSH_FXP_RENAME 18 #define SSH_FXP_READLINK 19 #define SSH_FXP_SYMLINK 20 #define SSH_FXP_STATUS 101 #define SSH_FXP_HANDLE 102 #define SSH_FXP_DATA 103 #define SSH_FXP_NAME 104 #define SSH_FXP_ATTRS 105 #define SSH_FXP_EXTENDED 200 #define SSH_FXP_EXTENDED_REPLY 201 Additional packet types should only be defined if the protocol version number (see Section ``Protocol Initialization'') is incremented, and their use MUST be negotiated using the version number. However, the SSH_FXP_EXTENDED and SSH_FXP_EXTENDED_REPLY packets can be used to implement vendor-specific extensions. See Section ``Vendor-Specific-Extensions'' for more details. """, """ The flags bits are defined to have the following values: #define SSH_FILEXFER_ATTR_SIZE 0x00000001 #define SSH_FILEXFER_ATTR_UIDGID 0x00000002 #define SSH_FILEXFER_ATTR_PERMISSIONS 0x00000004 #define SSH_FILEXFER_ATTR_ACMODTIME 0x00000008 #define SSH_FILEXFER_ATTR_EXTENDED 0x80000000 """, """ The `pflags' field is a bitmask. The following bits have been defined. #define SSH_FXF_READ 0x00000001 #define SSH_FXF_WRITE 0x00000002 #define SSH_FXF_APPEND 0x00000004 #define SSH_FXF_CREAT 0x00000008 #define SSH_FXF_TRUNC 0x00000010 #define SSH_FXF_EXCL 0x00000020 """, """ Currently, the following values are defined (other values may be defined by future versions of this protocol): #define SSH_FX_OK 0 #define SSH_FX_EOF 1 #define SSH_FX_NO_SUCH_FILE 2 #define SSH_FX_PERMISSION_DENIED 3 #define SSH_FX_FAILURE 4 #define SSH_FX_BAD_MESSAGE 5 #define SSH_FX_NO_CONNECTION 6 #define SSH_FX_CONNECTION_LOST 7 #define SSH_FX_OP_UNSUPPORTED 8 """, ] def test_constantsAgainstSpec(self): """ The constants used by the SFTP protocol implementation match those found by searching through the spec. """ constants = {} for excerpt in self.filexferSpecExcerpts: for line in excerpt.splitlines(): m = re.match(r"^\s#define SSH_([A-Z_]+)\s+([0-9x])\s$", line) if m: constants[m.group(1)] = int(m.group(2), 0) self.assertTrue( len(constants) > 0, "No constants found (the test must be buggy)." ) for k, v in constants.items(): self.assertEqual(v, getattr(filetransfer, k)) @skipIf(not cryptography, "Cannot run without cryptography") class RawPacketDataServerTests(TestCase): """ Tests for L{filetransfer.FileTransferServer} which explicitly craft certain less common situations to exercise their handling. """ def setUp(self): self.fts = filetransfer.FileTransferServer(avatar=TestAvatar()) def test_closeInvalidHandle(self): """ A close request with an unknown handle receives an FX_NO_SUCH_FILE error response. """ transport = StringTransport() self.fts.makeConnection(transport) # any four bytes requestId = b"1234" # The handle to close, arbitrary bytes. handle = b"invalid handle" # Construct a message packet # https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13#section-4 close = common.NS( # Packet type - SSH_FXP_CLOSE # https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13#section-4.3 bytes([4]) + requestId + common.NS(handle) ) self.fts.dataReceived(close) # An SSH_FXP_STATUS message # https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13#section-9.1 expected = common.NS( # Packet type SSH_FXP_STATUS # https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13#section-4.3 bytes([101]) + # The same request id requestId + # A four byte status code. SSH_FX_NO_SUCH_FILE in this case. bytes([0, 0, 0, 2]) + # Error message common.NS(b"No such file or directory") + # error message language tag - conch doesn't send one at all, # though maybe it should common.NS(b"") ) assert_that( transport.value(), equal_to(expected), ) @skipIf(not cryptography, "Cannot run without cryptography") class RawPacketDataTests(TestCase): """ Tests for L{filetransfer.FileTransferClient} which explicitly craft certain less common protocol messages to exercise their handling. """ def setUp(self): self.ftc = filetransfer.FileTransferClient() def test_packetSTATUS(self): """ A STATUS packet containing a result code, a message, and a language is parsed to produce the result of an outstanding request L{Deferred}. @see: U{section 9.1<http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-9.1>} of the SFTP Internet-Draft. """ d = defer.Deferred() d.addCallback(self._cbTestPacketSTATUS) self.ftc.openRequests[1] = d data = ( struct.pack("!LL", 1, filetransfer.FX_OK) + common.NS(b"msg") + common.NS(b"lang") ) self.ftc.packet_STATUS(data) return d def _cbTestPacketSTATUS(self, result): """ Assert that the result is a two-tuple containing the message and language from the STATUS packet. """ self.assertEqual(result[0], b"msg") self.assertEqual(result[1], b"lang") def test_packetSTATUSShort(self): """ A STATUS packet containing only a result code can also be parsed to produce the result of an outstanding request L{Deferred}. Such packets are sent by some SFTP implementations, though not strictly legal. @see: U{section 9.1<http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-9.1>} of the SFTP Internet-Draft. """ d = defer.Deferred() d.addCallback(self._cbTestPacketSTATUSShort) self.ftc.openRequests[1] = d data = struct.pack("!LL", 1, filetransfer.FX_OK) self.ftc.packet_STATUS(data) return d def _cbTestPacketSTATUSShort(self, result): """ Assert that the result is a two-tuple containing empty strings, since the STATUS packet had neither a message nor a language. """ self.assertEqual(result[0], b"") self.assertEqual(result[1], b"") def test_packetSTATUSWithoutLang(self): """ A STATUS packet containing a result code and a message but no language can also be parsed to produce the result of an outstanding request L{Deferred}. Such packets are sent by some SFTP implementations, though not strictly legal. @see: U{section 9.1<http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-9.1>} of the SFTP Internet-Draft. """ d = defer.Deferred() d.addCallback(self._cbTestPacketSTATUSWithoutLang) self.ftc.openRequests[1] = d data = struct.pack("!LL", 1, filetransfer.FX_OK) + common.NS(b"msg") self.ftc.packet_STATUS(data) return d def _cbTestPacketSTATUSWithoutLang(self, result): """ Assert that the result is a two-tuple containing the message from the STATUS packet and an empty string, since the language was missing. """ self.assertEqual(result[0], b"msg") self.assertEqual(result[1], b"") ��test/test_unix.py��0000644��00000005050�15027667726�0010141 0��ustar�00��# -- test-case-name: twisted.conch.test.test_unix -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. from zope.interface import implementer from twisted.internet.interfaces import IReactorProcess from twisted.python.reflect import requireModule from twisted.trial import unittest cryptography = requireModule("cryptography") unix = requireModule("twisted.conch.unix") @implementer(IReactorProcess) class MockProcessSpawner: """ An L{IReactorProcess} that logs calls to C{spawnProcess}. """ def __init__(self): self._spawnProcessCalls = [] def spawnProcess( self, processProtocol, executable, args=(), env={}, path=None, uid=None, gid=None, usePTY=0, childFDs=None, ): """ Log a call to C{spawnProcess}. Do not actually spawn a process. """ self._spawnProcessCalls.append( { "processProtocol": processProtocol, "executable": executable, "args": args, "env": env, "path": path, "uid": uid, "gid": gid, "usePTY": usePTY, "childFDs": childFDs, } ) class StubUnixConchUser: """ Enough of UnixConchUser to exercise SSHSessionForUnixConchUser in the tests below. """ def __init__(self, homeDirectory): from .test_session import StubClient, StubConnection self._homeDirectory = homeDirectory self.conn = StubConnection(transport=StubClient()) def getUserGroupId(self): return (None, None) def getHomeDir(self): return self._homeDirectory def getShell(self): pass class TestSSHSessionForUnixConchUser(unittest.TestCase): if cryptography is None: skip = "Cannot run without cryptography" elif unix is None: skip = "Unix system required" def testExecCommandEnvironment(self): """ C{execCommand} sets the C{HOME} environment variable to the avatar's home directory. """ mockReactor = MockProcessSpawner() homeDirectory = "/made/up/path/" avatar = StubUnixConchUser(homeDirectory) session = unix.SSHSessionForUnixConchUser(avatar, reactor=mockReactor) protocol = None command = ["not-actually-executed"] session.execCommand(protocol, command) [call] = mockReactor._spawnProcessCalls self.assertEqual(homeDirectory, call["env"]["HOME"]) ��test/test_transport.py��0000644��00000321407�15027667726�0011221 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for ssh/transport.py and the classes therein. """ import binascii import re import string import struct import types from hashlib import md5, sha1, sha256, sha384, sha512 from typing import Optional, Type from twisted import __version__ as twisted_version from twisted.conch.error import ConchError from twisted.conch.ssh import _kex, address, service from twisted.internet import defer from twisted.protocols import loopback from twisted.python import randbytes from twisted.python.compat import iterbytes from twisted.python.randbytes import insecureRandom from twisted.python.reflect import requireModule from twisted.test import proto_helpers from twisted.trial.unittest import TestCase pyasn1 = requireModule("pyasn1") cryptography = requireModule("cryptography") dependencySkip: Optional[str] if pyasn1 and cryptography: dependencySkip = None from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import dh, ec from twisted.conch.ssh import common, factory, keys, transport from twisted.conch.test import keydata X25519_SUPPORTED = default_backend().x25519_supported() else: if not pyasn1: dependencySkip = "Cannot run without PyASN1" elif not cryptography: dependencySkip = "can't run without cryptography" X25519_SUPPORTED = False # fictional modules to make classes work class transport: # type: ignore[no-redef] class SSHTransportBase: pass class SSHServerTransport: pass class SSHClientTransport: pass class factory: # type: ignore[no-redef] class SSHFactory: pass class common: # type: ignore[no-redef] @classmethod def NS(self, arg): return b"" def skipWithoutX25519(f): if not X25519_SUPPORTED: f.skip = "x25519 not supported on this system" return f def _MPpow(x, y, z): """ Return the MP version of C{(x * y) % z}. """ return common.MP(pow(x, y, z)) class MockTransportBase(transport.SSHTransportBase): """ A base class for the client and server protocols. Stores the messages it receives instead of ignoring them. @ivar errors: a list of tuples: (reasonCode, description) @ivar unimplementeds: a list of integers: sequence number @ivar debugs: a list of tuples: (alwaysDisplay, message, lang) @ivar ignoreds: a list of strings: ignored data """ def connectionMade(self): """ Set up instance variables. """ transport.SSHTransportBase.connectionMade(self) self.errors = [] self.unimplementeds = [] self.debugs = [] self.ignoreds = [] self.gotUnsupportedVersion = None def _unsupportedVersionReceived(self, remoteVersion): """ Intercept unsupported version call. @type remoteVersion: L{str} """ self.gotUnsupportedVersion = remoteVersion return transport.SSHTransportBase._unsupportedVersionReceived( self, remoteVersion ) def receiveError(self, reasonCode, description): """ Store any errors received. @type reasonCode: L{int} @type description: L{str} """ self.errors.append((reasonCode, description)) def receiveUnimplemented(self, seqnum): """ Store any unimplemented packet messages. @type seqnum: L{int} """ self.unimplementeds.append(seqnum) def receiveDebug(self, alwaysDisplay, message, lang): """ Store any debug messages. @type alwaysDisplay: L{bool} @type message: L{str} @type lang: L{str} """ self.debugs.append((alwaysDisplay, message, lang)) def ssh_IGNORE(self, packet): """ Store any ignored data. @type packet: L{str} """ self.ignoreds.append(packet) class MockCipher: """ A mocked-up version of twisted.conch.ssh.transport.SSHCiphers. """ outCipType = b"test" encBlockSize = 6 inCipType = b"test" decBlockSize = 6 inMACType = b"test" outMACType = b"test" verifyDigestSize = 1 usedEncrypt = False usedDecrypt = False outMAC = (None, b"", b"", 1) inMAC = (None, b"", b"", 1) keys = () def encrypt(self, x): """ Called to encrypt the packet. Simply record that encryption was used and return the data unchanged. """ self.usedEncrypt = True if (len(x) % self.encBlockSize) != 0: raise RuntimeError( "length %i modulo blocksize %i is not 0: %i" % (len(x), self.encBlockSize, len(x) % self.encBlockSize) ) return x def decrypt(self, x): """ Called to decrypt the packet. Simply record that decryption was used and return the data unchanged. """ self.usedDecrypt = True if (len(x) % self.encBlockSize) != 0: raise RuntimeError( "length %i modulo blocksize %i is not 0: %i" % (len(x), self.decBlockSize, len(x) % self.decBlockSize) ) return x def makeMAC(self, outgoingPacketSequence, payload): """ Make a Message Authentication Code by sending the character value of the outgoing packet. """ return bytes((outgoingPacketSequence,)) def verify(self, incomingPacketSequence, packet, macData): """ Verify the Message Authentication Code by checking that the packet sequence number is the same. """ return bytes((incomingPacketSequence,)) == macData def setKeys(self, ivOut, keyOut, ivIn, keyIn, macIn, macOut): """ Record the keys. """ self.keys = (ivOut, keyOut, ivIn, keyIn, macIn, macOut) class MockCompression: """ A mocked-up compression, based on the zlib interface. Instead of compressing, it reverses the data and adds a 0x66 byte to the end. """ def compress(self, payload): return payload[::-1] # reversed def decompress(self, payload): return payload[:-1][::-1] def flush(self, kind): return b"\x66" class MockService(service.SSHService): """ A mocked-up service, based on twisted.conch.ssh.service.SSHService. @ivar started: True if this service has been started. @ivar stopped: True if this service has been stopped. """ name = b"MockService" started = False stopped = False protocolMessages = {0xFF: "MSG_TEST", 71: "MSG_fiction"} def logPrefix(self): return "MockService" def serviceStarted(self): """ Record that the service was started. """ self.started = True def serviceStopped(self): """ Record that the service was stopped. """ self.stopped = True def ssh_TEST(self, packet): """ A message that this service responds to. """ self.transport.sendPacket(0xFF, packet) class MockFactory(factory.SSHFactory): """ A mocked-up factory based on twisted.conch.ssh.factory.SSHFactory. """ services = {b"ssh-userauth": MockService} def getPublicKeys(self): """ Return the public keys that authenticate this server. """ return { b"ssh-rsa": keys.Key.fromString(keydata.publicRSA_openssh), b"ssh-dsa": keys.Key.fromString(keydata.publicDSA_openssh), } def getPrivateKeys(self): """ Return the private keys that authenticate this server. """ return { b"ssh-rsa": keys.Key.fromString(keydata.privateRSA_openssh), b"ssh-dsa": keys.Key.fromString(keydata.privateDSA_openssh), } def getPrimes(self): """ Diffie-Hellman primes that can be used for key exchange algorithms that use group exchange to establish a prime / generator group. @return: The primes and generators. @rtype: L{dict} mapping the key size to a C{list} of C{(generator, prime)} tuple. """ # In these tests, we hardwire the prime values to those # defined by the diffie-hellman-group14-sha1 key exchange # algorithm, to avoid requiring a moduli file when running # tests. # See OpenSSHFactory.getPrimes. group14 = _kex.getDHGeneratorAndPrime(b"diffie-hellman-group14-sha1") return {2048: (group14,), 4096: ((5, 7),)} class MockOldFactoryPublicKeys(MockFactory): """ The old SSHFactory returned mappings from key names to strings from getPublicKeys(). We return those here for testing. """ def getPublicKeys(self): """ We used to map key types to public key blobs as strings. """ keys = MockFactory.getPublicKeys(self) for name, key in keys.items()[:]: keys[name] = key.blob() return keys class MockOldFactoryPrivateKeys(MockFactory): """ The old SSHFactory returned mappings from key names to cryptography key objects from getPrivateKeys(). We return those here for testing. """ def getPrivateKeys(self): """ We used to map key types to cryptography key objects. """ keys = MockFactory.getPrivateKeys(self) for name, key in keys.items()[:]: keys[name] = key.keyObject return keys def generatePredictableKey(transport): p = transport.p g = transport.g bits = p.bit_length() x = sum(0x9 << x for x in range(0, bits - 3, 4)) # The cryptography module doesn't let us create a secret key directly from # an "x" value; we need to compute the public value ourselves. y = pow(g, x, p) try: transport.dhSecretKey = dh.DHPrivateNumbers( x, dh.DHPublicNumbers(y, dh.DHParameterNumbers(p, g)) ).private_key(default_backend()) except ValueError: print(f"\np={p}\ng={g}\nx={x}\n") raise transport.dhSecretKeyPublicMP = common.MP( transport.dhSecretKey.public_key().public_numbers().y ) class TransportTestCase(TestCase): """ Base class for transport test cases. """ klass: Optional[Type[transport.SSHTransportBase]] = None if dependencySkip: skip = dependencySkip def setUp(self): self.transport = proto_helpers.StringTransport() self.proto = self.klass() self.packets = [] def secureRandom(len): """ Return a consistent entropy value """ return b"\x99" * len self.patch(randbytes, "secureRandom", secureRandom) self.proto._startEphemeralDH = types.MethodType( generatePredictableKey, self.proto ) def stubSendPacket(messageType, payload): self.packets.append((messageType, payload)) self.proto.makeConnection(self.transport) # we just let the kex packet go into the transport self.proto.sendPacket = stubSendPacket def finishKeyExchange(self, proto): """ Deliver enough additional messages to C{proto} so that the key exchange which is started in L{SSHTransportBase.connectionMade} completes and non-key exchange messages can be sent and received. """ proto.dataReceived(b"SSH-2.0-BogoClient-1.2i\r\n") proto.dispatchMessage(transport.MSG_KEXINIT, self._A_KEXINIT_MESSAGE) proto._keySetup(b"foo", b"bar") # SSHTransportBase can't handle MSG_NEWKEYS, or it would be the right # thing to deliver next. _newKeys won't work either, because # sendKexInit (probably) hasn't been called. sendKexInit is # responsible for setting up certain state _newKeys relies on. So, # just change the key exchange state to what it would be when key # exchange is finished. proto._keyExchangeState = proto._KEY_EXCHANGE_NONE def simulateKeyExchange(self, sharedSecret, exchangeHash): """ Finish a key exchange by calling C{_keySetup} with the given arguments. Also do extra whitebox stuff to satisfy that method's assumption that some kind of key exchange has actually taken place. """ self.proto._keyExchangeState = self.proto._KEY_EXCHANGE_REQUESTED self.proto._blockedByKeyExchange = [] self.proto._keySetup(sharedSecret, exchangeHash) class DHGroupExchangeSHA1Mixin: """ Mixin for diffie-hellman-group-exchange-sha1 tests. """ kexAlgorithm = b"diffie-hellman-group-exchange-sha1" hashProcessor = sha1 class DHGroupExchangeSHA256Mixin: """ Mixin for diffie-hellman-group-exchange-sha256 tests. """ kexAlgorithm = b"diffie-hellman-group-exchange-sha256" hashProcessor = sha256 class ECDHMixin: """ Mixin for elliptic curve diffie-hellman tests. """ kexAlgorithm = b"ecdh-sha2-nistp256" hashProcessor = sha256 class Curve25519SHA256Mixin: """ Mixin for curve25519-sha256 tests. """ kexAlgorithm = b"curve25519-sha256" hashProcessor = sha256 class BaseSSHTransportBaseCase: """ Base case for TransportBase tests. """ klass: Optional[Type[transport.SSHTransportBase]] = MockTransportBase class BaseSSHTransportTests(BaseSSHTransportBaseCase, TransportTestCase): """ Test TransportBase. It implements the non-server/client specific parts of the SSH transport protocol. """ if dependencySkip: skip = dependencySkip _A_KEXINIT_MESSAGE = ( b"\xAA" * 16 + common.NS(b"diffie-hellman-group14-sha1") + common.NS(b"ssh-rsa") + common.NS(b"aes256-ctr") + common.NS(b"aes256-ctr") + common.NS(b"hmac-sha1") + common.NS(b"hmac-sha1") + common.NS(b"none") + common.NS(b"none") + common.NS(b"") + common.NS(b"") + b"\x00" + b"\x00\x00\x00\x00" ) def test_sendVersion(self): """ Test that the first thing sent over the connection is the version string. The 'softwareversion' part must consist of printable US-ASCII characters, with the exception of whitespace characters and the minus sign. RFC 4253, section 4.2. """ # the other setup was done in the setup method version = self.transport.value().split(b"\r\n", 1)[0] self.assertEqual(version, b"SSH-2.0-Twisted_" + twisted_version.encode("ascii")) softwareVersion = version.decode("ascii")[len("SSH-2.0-") :] # This is an inefficient regex, but it's simple to build. softwareVersionRegex = ( r"^(" + "\|".join( re.escape(c) for c in string.printable if c != "-" and not c.isspace() ) + r")$" ) self.assertRegex(softwareVersion, softwareVersionRegex) def test_dataReceiveVersionNotSentMemoryDOS(self): """ When the peer is not sending its SSH version but keeps sending data, the connection is disconnected after 4KB to prevent buffering too much and running our of memory. """ sut = MockTransportBase() sut.makeConnection(self.transport) # Data can be received over multiple chunks. sut.dataReceived(b"SSH-2-Server-Identifier") sut.dataReceived(b"1234567890" 406) sut.dataReceived(b"1235678") self.assertFalse(self.transport.disconnecting) # Here we are going over the limit. sut.dataReceived(b"1234567") # Once a lot of data is received without an SSH version string, # the transport is disconnected. self.assertTrue(self.transport.disconnecting) self.assertIn(b"Preventing a denial of service attack", self.transport.value()) def test_sendPacketPlain(self): """ Test that plain (unencrypted, uncompressed) packets are sent correctly. The format is:: uint32 length (including type and padding length) byte padding length byte type bytes[length-padding length-2] data bytes[padding length] padding """ proto = MockTransportBase() proto.makeConnection(self.transport) self.finishKeyExchange(proto) self.transport.clear() message = ord("A") payload = b"BCDEFG" proto.sendPacket(message, payload) value = self.transport.value() self.assertEqual(value, b"\x00\x00\x00\x0c\x04ABCDEFG\x99\x99\x99\x99") def test_sendPacketEncrypted(self): """ Test that packets sent while encryption is enabled are sent correctly. The whole packet should be encrypted. """ proto = MockTransportBase() proto.makeConnection(self.transport) self.finishKeyExchange(proto) proto.currentEncryptions = testCipher = MockCipher() message = ord("A") payload = b"BC" self.transport.clear() proto.sendPacket(message, payload) self.assertTrue(testCipher.usedEncrypt) value = self.transport.value() self.assertEqual( value, # Four byte length prefix b"\x00\x00\x00\x08" # One byte padding length b"\x04" # The actual application data b"ABC" # "Random" padding - see the secureRandom monkeypatch in setUp b"\x99\x99\x99\x99" # The MAC b"\x02", ) def test_sendPacketCompressed(self): """ Test that packets sent while compression is enabled are sent correctly. The packet type and data should be encrypted. """ proto = MockTransportBase() proto.makeConnection(self.transport) self.finishKeyExchange(proto) proto.outgoingCompression = MockCompression() self.transport.clear() proto.sendPacket(ord("A"), b"B") value = self.transport.value() self.assertEqual( value, b"\x00\x00\x00\x0c\x08BA\x66\x99\x99\x99\x99\x99\x99\x99\x99" ) def test_sendPacketBoth(self): """ Test that packets sent while compression and encryption are enabled are sent correctly. The packet type and data should be compressed and then the whole packet should be encrypted. """ proto = MockTransportBase() proto.makeConnection(self.transport) self.finishKeyExchange(proto) proto.currentEncryptions = testCipher = MockCipher() proto.outgoingCompression = MockCompression() message = ord("A") payload = b"BC" self.transport.clear() proto.sendPacket(message, payload) self.assertTrue(testCipher.usedEncrypt) value = self.transport.value() self.assertEqual( value, # Four byte length prefix b"\x00\x00\x00\x0e" # One byte padding length b"\x09" # Compressed application data b"CBA\x66" # "Random" padding - see the secureRandom monkeypatch in setUp b"\x99\x99\x99\x99\x99\x99\x99\x99\x99" # The MAC b"\x02", ) def test_getPacketPlain(self): """ Test that packets are retrieved correctly out of the buffer when no encryption is enabled. """ proto = MockTransportBase() proto.makeConnection(self.transport) self.finishKeyExchange(proto) self.transport.clear() proto.sendPacket(ord("A"), b"BC") proto.buf = self.transport.value() + b"extra" self.assertEqual(proto.getPacket(), b"ABC") self.assertEqual(proto.buf, b"extra") def test_getPacketEncrypted(self): """ Test that encrypted packets are retrieved correctly. See test_sendPacketEncrypted. """ proto = MockTransportBase() proto.sendKexInit = lambda: None # don't send packets proto.makeConnection(self.transport) self.transport.clear() proto.currentEncryptions = testCipher = MockCipher() proto.sendPacket(ord("A"), b"BCD") value = self.transport.value() proto.buf = value[: MockCipher.decBlockSize] self.assertIsNone(proto.getPacket()) self.assertTrue(testCipher.usedDecrypt) self.assertEqual(proto.first, b"\x00\x00\x00\x0e\x09A") proto.buf += value[MockCipher.decBlockSize :] self.assertEqual(proto.getPacket(), b"ABCD") self.assertEqual(proto.buf, b"") def test_getPacketCompressed(self): """ Test that compressed packets are retrieved correctly. See test_sendPacketCompressed. """ proto = MockTransportBase() proto.makeConnection(self.transport) self.finishKeyExchange(proto) self.transport.clear() proto.outgoingCompression = MockCompression() proto.incomingCompression = proto.outgoingCompression proto.sendPacket(ord("A"), b"BCD") proto.buf = self.transport.value() self.assertEqual(proto.getPacket(), b"ABCD") def test_getPacketBoth(self): """ Test that compressed and encrypted packets are retrieved correctly. See test_sendPacketBoth. """ proto = MockTransportBase() proto.sendKexInit = lambda: None proto.makeConnection(self.transport) self.transport.clear() proto.currentEncryptions = MockCipher() proto.outgoingCompression = MockCompression() proto.incomingCompression = proto.outgoingCompression proto.sendPacket(ord("A"), b"BCDEFG") proto.buf = self.transport.value() self.assertEqual(proto.getPacket(), b"ABCDEFG") def test_ciphersAreValid(self): """ Test that all the supportedCiphers are valid. """ ciphers = transport.SSHCiphers(b"A", b"B", b"C", b"D") iv = key = b"\x00" * 16 for cipName in self.proto.supportedCiphers: self.assertTrue(ciphers._getCipher(cipName, iv, key)) def test_sendKexInit(self): """ Test that the KEXINIT (key exchange initiation) message is sent correctly. Payload:: bytes[16] cookie string key exchange algorithms string public key algorithms string outgoing ciphers string incoming ciphers string outgoing MACs string incoming MACs string outgoing compressions string incoming compressions bool first packet follows uint32 0 """ value = self.transport.value().split(b"\r\n", 1)[1] self.proto.buf = value packet = self.proto.getPacket() self.assertEqual(packet[0:1], bytes((transport.MSG_KEXINIT,))) self.assertEqual(packet[1:17], b"\x99" * 16) ( keyExchanges, pubkeys, ciphers1, ciphers2, macs1, macs2, compressions1, compressions2, languages1, languages2, buf, ) = common.getNS(packet[17:], 10) self.assertEqual( keyExchanges, b",".join(self.proto.supportedKeyExchanges + [b"ext-info-s"]) ) self.assertEqual(pubkeys, b",".join(self.proto.supportedPublicKeys)) self.assertEqual(ciphers1, b",".join(self.proto.supportedCiphers)) self.assertEqual(ciphers2, b",".join(self.proto.supportedCiphers)) self.assertEqual(macs1, b",".join(self.proto.supportedMACs)) self.assertEqual(macs2, b",".join(self.proto.supportedMACs)) self.assertEqual(compressions1, b",".join(self.proto.supportedCompressions)) self.assertEqual(compressions2, b",".join(self.proto.supportedCompressions)) self.assertEqual(languages1, b",".join(self.proto.supportedLanguages)) self.assertEqual(languages2, b",".join(self.proto.supportedLanguages)) self.assertEqual(buf, b"\x00" * 5) def test_receiveKEXINITReply(self): """ Immediately after connecting, the transport expects a KEXINIT message and does not reply to it. """ self.transport.clear() self.proto.dispatchMessage(transport.MSG_KEXINIT, self._A_KEXINIT_MESSAGE) self.assertEqual(self.packets, []) def test_sendKEXINITReply(self): """ When a KEXINIT message is received which is not a reply to an earlier KEXINIT message which was sent, a KEXINIT reply is sent. """ self.finishKeyExchange(self.proto) del self.packets[:] self.proto.dispatchMessage(transport.MSG_KEXINIT, self._A_KEXINIT_MESSAGE) self.assertEqual(len(self.packets), 1) self.assertEqual(self.packets[0][0], transport.MSG_KEXINIT) def test_sendKexInitTwiceFails(self): """ A new key exchange cannot be started while a key exchange is already in progress. If an attempt is made to send a I{KEXINIT} message using L{SSHTransportBase.sendKexInit} while a key exchange is in progress causes that method to raise a L{RuntimeError}. """ self.assertRaises(RuntimeError, self.proto.sendKexInit) def test_sendKexInitBlocksOthers(self): """ After L{SSHTransportBase.sendKexInit} has been called, messages types other than the following are queued and not sent until after I{NEWKEYS} is sent by L{SSHTransportBase._keySetup}. RFC 4253, section 7.1. """ # sendKexInit is called by connectionMade, which is called in setUp. # So we're in the state already. disallowedMessageTypes = [ transport.MSG_SERVICE_REQUEST, transport.MSG_KEXINIT, ] # Drop all the bytes sent by setUp, they're not relevant to this test. self.transport.clear() # Get rid of the sendPacket monkey patch, we are testing the behavior # of sendPacket. del self.proto.sendPacket for messageType in disallowedMessageTypes: self.proto.sendPacket(messageType, b"foo") self.assertEqual(self.transport.value(), b"") self.finishKeyExchange(self.proto) # Make the bytes written to the transport cleartext so it's easier to # make an assertion about them. self.proto.nextEncryptions = MockCipher() # Pseudo-deliver the peer's NEWKEYS message, which should flush the # messages which were queued above. self.proto._newKeys() self.assertEqual(self.transport.value().count(b"foo"), 2) def test_sendExtInfo(self): """ Test that EXT_INFO messages are sent correctly. See RFC 8308, section 2.3. """ self.proto._peerSupportsExtensions = True self.proto.sendExtInfo( [ (b"server-sig-algs", b"ssh-rsa,rsa-sha2-256"), (b"elevation", b"d"), ] ) self.assertEqual( self.packets, [ ( transport.MSG_EXT_INFO, b"\x00\x00\x00\x02" + common.NS(b"server-sig-algs") + common.NS(b"ssh-rsa,rsa-sha2-256") + common.NS(b"elevation") + common.NS(b"d"), ) ], ) def test_sendExtInfoUnsupported(self): """ If the peer has not advertised support for extension negotiation, no EXT_INFO message is sent, since RFC 8308 only guarantees that the peer will be prepared to accept it if it has advertised support. """ self.proto.sendExtInfo([(b"server-sig-algs", b"ssh-rsa,rsa-sha2-256")]) self.assertEqual(self.packets, []) def test_EXT_INFO(self): """ When an EXT_INFO message is received, the transport stores a mapping of the peer's advertised extensions. See RFC 8308, section 2.3. """ self.proto.dispatchMessage( transport.MSG_EXT_INFO, b"\x00\x00\x00\x02" + common.NS(b"server-sig-algs") + common.NS(b"ssh-rsa,rsa-sha2-256,rsa-sha2-512") + common.NS(b"no-flow-control") + common.NS(b"s"), ) self.assertEqual( self.proto.peerExtensions, { b"server-sig-algs": b"ssh-rsa,rsa-sha2-256,rsa-sha2-512", b"no-flow-control": b"s", }, ) def test_sendDebug(self): """ Test that debug messages are sent correctly. Payload:: bool always display string debug message string language """ self.proto.sendDebug(b"test", True, b"en") self.assertEqual( self.packets, [(transport.MSG_DEBUG, b"\x01\x00\x00\x00\x04test\x00\x00\x00\x02en")], ) def test_receiveDebug(self): """ Test that debug messages are received correctly. See test_sendDebug. """ self.proto.dispatchMessage( transport.MSG_DEBUG, b"\x01\x00\x00\x00\x04test\x00\x00\x00\x02en" ) self.proto.dispatchMessage( transport.MSG_DEBUG, b"\x00\x00\x00\x00\x06silent\x00\x00\x00\x02en" ) self.assertEqual( self.proto.debugs, [(True, b"test", b"en"), (False, b"silent", b"en")] ) def test_sendIgnore(self): """ Test that ignored messages are sent correctly. Payload:: string ignored data """ self.proto.sendIgnore(b"test") self.assertEqual( self.packets, [(transport.MSG_IGNORE, b"\x00\x00\x00\x04test")] ) def test_receiveIgnore(self): """ Test that ignored messages are received correctly. See test_sendIgnore. """ self.proto.dispatchMessage(transport.MSG_IGNORE, b"test") self.assertEqual(self.proto.ignoreds, [b"test"]) def test_sendUnimplemented(self): """ Test that unimplemented messages are sent correctly. Payload:: uint32 sequence number """ self.proto.sendUnimplemented() self.assertEqual( self.packets, [(transport.MSG_UNIMPLEMENTED, b"\x00\x00\x00\x00")] ) def test_receiveUnimplemented(self): """ Test that unimplemented messages are received correctly. See test_sendUnimplemented. """ self.proto.dispatchMessage(transport.MSG_UNIMPLEMENTED, b"\x00\x00\x00\xff") self.assertEqual(self.proto.unimplementeds, [255]) def test_sendDisconnect(self): """ Test that disconnection messages are sent correctly. Payload:: uint32 reason code string reason description string language """ disconnected = [False] def stubLoseConnection(): disconnected[0] = True self.transport.loseConnection = stubLoseConnection self.proto.sendDisconnect(0xFF, b"test") self.assertEqual( self.packets, [ ( transport.MSG_DISCONNECT, b"\x00\x00\x00\xff\x00\x00\x00\x04test\x00\x00\x00\x00", ) ], ) self.assertTrue(disconnected[0]) def test_receiveDisconnect(self): """ Test that disconnection messages are received correctly. See test_sendDisconnect. """ disconnected = [False] def stubLoseConnection(): disconnected[0] = True self.transport.loseConnection = stubLoseConnection self.proto.dispatchMessage( transport.MSG_DISCONNECT, b"\x00\x00\x00\xff\x00\x00\x00\x04test" ) self.assertEqual(self.proto.errors, [(255, b"test")]) self.assertTrue(disconnected[0]) def test_dataReceived(self): """ Test that dataReceived parses packets and dispatches them to ssh_* methods. """ kexInit = [False] def stubKEXINIT(packet): kexInit[0] = True self.proto.ssh_KEXINIT = stubKEXINIT self.proto.dataReceived(self.transport.value()) self.assertTrue(self.proto.gotVersion) self.assertEqual(self.proto.ourVersionString, self.proto.otherVersionString) self.assertTrue(kexInit[0]) def test_service(self): """ Test that the transport can set the running service and dispatches packets to the service's packetReceived method. """ service = MockService() self.proto.setService(service) self.assertEqual(self.proto.service, service) self.assertTrue(service.started) self.proto.dispatchMessage(0xFF, b"test") self.assertEqual(self.packets, [(0xFF, b"test")]) service2 = MockService() self.proto.setService(service2) self.assertTrue(service2.started) self.assertTrue(service.stopped) self.proto.connectionLost(None) self.assertTrue(service2.stopped) def test_avatar(self): """ Test that the transport notifies the avatar of disconnections. """ disconnected = [False] def logout(): disconnected[0] = True self.proto.logoutFunction = logout self.proto.avatar = True self.proto.connectionLost(None) self.assertTrue(disconnected[0]) def test_isEncrypted(self): """ Test that the transport accurately reflects its encrypted status. """ self.assertFalse(self.proto.isEncrypted("in")) self.assertFalse(self.proto.isEncrypted("out")) self.assertFalse(self.proto.isEncrypted("both")) self.proto.currentEncryptions = MockCipher() self.assertTrue(self.proto.isEncrypted("in")) self.assertTrue(self.proto.isEncrypted("out")) self.assertTrue(self.proto.isEncrypted("both")) self.proto.currentEncryptions = transport.SSHCiphers( b"none", b"none", b"none", b"none" ) self.assertFalse(self.proto.isEncrypted("in")) self.assertFalse(self.proto.isEncrypted("out")) self.assertFalse(self.proto.isEncrypted("both")) self.assertRaises(TypeError, self.proto.isEncrypted, "bad") def test_isVerified(self): """ Test that the transport accurately reflects its verified status. """ self.assertFalse(self.proto.isVerified("in")) self.assertFalse(self.proto.isVerified("out")) self.assertFalse(self.proto.isVerified("both")) self.proto.currentEncryptions = MockCipher() self.assertTrue(self.proto.isVerified("in")) self.assertTrue(self.proto.isVerified("out")) self.assertTrue(self.proto.isVerified("both")) self.proto.currentEncryptions = transport.SSHCiphers( b"none", b"none", b"none", b"none" ) self.assertFalse(self.proto.isVerified("in")) self.assertFalse(self.proto.isVerified("out")) self.assertFalse(self.proto.isVerified("both")) self.assertRaises(TypeError, self.proto.isVerified, "bad") def test_loseConnection(self): """ Test that loseConnection sends a disconnect message and closes the connection. """ disconnected = [False] def stubLoseConnection(): disconnected[0] = True self.transport.loseConnection = stubLoseConnection self.proto.loseConnection() self.assertEqual(self.packets[0][0], transport.MSG_DISCONNECT) self.assertEqual( self.packets[0][1][3:4], bytes((transport.DISCONNECT_CONNECTION_LOST,)) ) def test_badVersion(self): """ Test that the transport disconnects when it receives a bad version. """ def testBad(version): self.packets = [] self.proto.gotVersion = False disconnected = [False] def stubLoseConnection(): disconnected[0] = True self.transport.loseConnection = stubLoseConnection for c in iterbytes(version + b"\r\n"): self.proto.dataReceived(c) self.assertTrue(disconnected[0]) self.assertEqual(self.packets[0][0], transport.MSG_DISCONNECT) self.assertEqual( self.packets[0][1][3:4], bytes((transport.DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED,)), ) testBad(b"SSH-1.5-OpenSSH") testBad(b"SSH-3.0-Twisted") testBad(b"GET / HTTP/1.1") def test_dataBeforeVersion(self): """ Test that the transport ignores data sent before the version string. """ proto = MockTransportBase() proto.makeConnection(proto_helpers.StringTransport()) data = ( b"""here's some stuff beforehand here's some other stuff """ + proto.ourVersionString + b"\r\n" ) [proto.dataReceived(c) for c in iterbytes(data)] self.assertTrue(proto.gotVersion) self.assertEqual(proto.otherVersionString, proto.ourVersionString) def test_compatabilityVersion(self): """ Test that the transport treats the compatibility version (1.99) as equivalent to version 2.0. """ proto = MockTransportBase() proto.makeConnection(proto_helpers.StringTransport()) proto.dataReceived(b"SSH-1.99-OpenSSH\n") self.assertTrue(proto.gotVersion) self.assertEqual(proto.otherVersionString, b"SSH-1.99-OpenSSH") def test_dataReceivedSSHVersionUnixNewline(self): """ It can parse the SSH version string even when it ends only in Unix newlines (CR) and does not follows the RFC 4253 to use network newlines (CR LF). """ sut = MockTransportBase() sut.makeConnection(proto_helpers.StringTransport()) sut.dataReceived(b"SSH-2.0-PoorSSHD Some-comment here\n" b"more-data") self.assertTrue(sut.gotVersion) self.assertEqual(sut.otherVersionString, b"SSH-2.0-PoorSSHD Some-comment here") def test_dataReceivedSSHVersionTrailingSpaces(self): """ The trailing spaces from SSH version comment are not removed. The SSH version string needs to be kept as received (without CR LF end of line) as they are used in the host authentication process. This can happen with a Bitvise SSH server which hides its version. """ sut = MockTransportBase() sut.makeConnection(proto_helpers.StringTransport()) sut.dataReceived( b"SSH-2.0-9.99 FlowSsh: Bitvise SSH Server (WinSSHD) \r\n" b"more-data" ) self.assertTrue(sut.gotVersion) self.assertEqual( sut.otherVersionString, b"SSH-2.0-9.99 FlowSsh: Bitvise SSH Server (WinSSHD) ", ) def test_supportedVersionsAreAllowed(self): """ If an unusual SSH version is received and is included in C{supportedVersions}, an unsupported version error is not emitted. """ proto = MockTransportBase() proto.supportedVersions = (b"9.99",) proto.makeConnection(proto_helpers.StringTransport()) proto.dataReceived(b"SSH-9.99-OpenSSH\n") self.assertFalse(proto.gotUnsupportedVersion) def test_unsupportedVersionsCallUnsupportedVersionReceived(self): """ If an unusual SSH version is received and is not included in C{supportedVersions}, an unsupported version error is emitted. """ proto = MockTransportBase() proto.supportedVersions = (b"2.0",) proto.makeConnection(proto_helpers.StringTransport()) proto.dataReceived(b"SSH-9.99-OpenSSH\n") self.assertEqual(b"9.99", proto.gotUnsupportedVersion) def test_badPackets(self): """ Test that the transport disconnects with an error when it receives bad packets. """ def testBad(packet, error=transport.DISCONNECT_PROTOCOL_ERROR): self.packets = [] self.proto.buf = packet self.assertIsNone(self.proto.getPacket()) self.assertEqual(len(self.packets), 1) self.assertEqual(self.packets[0][0], transport.MSG_DISCONNECT) self.assertEqual(self.packets[0][1][3:4], bytes((error,))) testBad(b"\xff" * 8) # big packet testBad(b"\x00\x00\x00\x05\x00BCDE") # length not modulo blocksize oldEncryptions = self.proto.currentEncryptions self.proto.currentEncryptions = MockCipher() testBad( b"\x00\x00\x00\x08\x06AB123456", transport.DISCONNECT_MAC_ERROR # bad MAC ) self.proto.currentEncryptions.decrypt = lambda x: x[:-1] testBad(b"\x00\x00\x00\x08\x06BCDEFGHIJK") # bad decryption self.proto.currentEncryptions = oldEncryptions self.proto.incomingCompression = MockCompression() def stubDecompress(payload): raise Exception("bad compression") self.proto.incomingCompression.decompress = stubDecompress testBad( b"\x00\x00\x00\x04\x00BCDE", # bad decompression transport.DISCONNECT_COMPRESSION_ERROR, ) self.flushLoggedErrors() def test_unimplementedPackets(self): """ Test that unimplemented packet types cause MSG_UNIMPLEMENTED packets to be sent. """ seqnum = self.proto.incomingPacketSequence def checkUnimplemented(seqnum=seqnum): self.assertEqual(self.packets[0][0], transport.MSG_UNIMPLEMENTED) self.assertEqual(self.packets[0][1][3:4], bytes((seqnum,))) self.proto.packets = [] seqnum += 1 self.proto.dispatchMessage(40, b"") checkUnimplemented() transport.messages[41] = b"MSG_fiction" self.proto.dispatchMessage(41, b"") checkUnimplemented() self.proto.dispatchMessage(60, b"") checkUnimplemented() self.proto.setService(MockService()) self.proto.dispatchMessage(70, b"") checkUnimplemented() self.proto.dispatchMessage(71, b"") checkUnimplemented() def test_multipleClasses(self): """ Test that multiple instances have distinct states. """ proto = self.proto proto.dataReceived(self.transport.value()) proto.currentEncryptions = MockCipher() proto.outgoingCompression = MockCompression() proto.incomingCompression = MockCompression() proto.setService(MockService()) proto2 = MockTransportBase() proto2.makeConnection(proto_helpers.StringTransport()) proto2.sendIgnore(b"") self.assertNotEqual(proto.gotVersion, proto2.gotVersion) self.assertNotEqual(proto.transport, proto2.transport) self.assertNotEqual(proto.outgoingPacketSequence, proto2.outgoingPacketSequence) self.assertNotEqual(proto.incomingPacketSequence, proto2.incomingPacketSequence) self.assertNotEqual(proto.currentEncryptions, proto2.currentEncryptions) self.assertNotEqual(proto.service, proto2.service) class BaseSSHTransportDHGroupExchangeBaseCase(BaseSSHTransportBaseCase): """ Diffie-Hellman group exchange tests for TransportBase. """ def test_getKey(self): """ Test that _getKey generates the correct keys. """ self.proto.kexAlg = self.kexAlgorithm self.proto.sessionID = b"EF" k1 = self.hashProcessor(b"AB" + b"CD" + b"K" + self.proto.sessionID).digest() k2 = self.hashProcessor(b"ABCD" + k1).digest() k3 = self.hashProcessor(b"ABCD" + k1 + k2).digest() k4 = self.hashProcessor(b"ABCD" + k1 + k2 + k3).digest() self.assertEqual(self.proto._getKey(b"K", b"AB", b"CD"), k1 + k2 + k3 + k4) class BaseSSHTransportDHGroupExchangeSHA1Tests( BaseSSHTransportDHGroupExchangeBaseCase, DHGroupExchangeSHA1Mixin, TransportTestCase ): """ diffie-hellman-group-exchange-sha1 tests for TransportBase. """ class BaseSSHTransportDHGroupExchangeSHA256Tests( BaseSSHTransportDHGroupExchangeBaseCase, DHGroupExchangeSHA256Mixin, TransportTestCase, ): """ diffie-hellman-group-exchange-sha256 tests for TransportBase. """ class BaseSSHTransportEllipticCurveTests( BaseSSHTransportDHGroupExchangeBaseCase, ECDHMixin, TransportTestCase ): """ ecdh-sha2-nistp256 tests for TransportBase """ @skipWithoutX25519 class BaseSSHTransportCurve25519SHA256Tests( BaseSSHTransportDHGroupExchangeBaseCase, Curve25519SHA256Mixin, TransportTestCase ): """ curve25519-sha256 tests for TransportBase """ class ServerAndClientSSHTransportBaseCase: """ Tests that need to be run on both the server and the client. """ def checkDisconnected(self, kind=None): """ Helper function to check if the transport disconnected. """ if kind is None: kind = transport.DISCONNECT_PROTOCOL_ERROR self.assertEqual(self.packets[-1][0], transport.MSG_DISCONNECT) self.assertEqual(self.packets[-1][1][3:4], bytes((kind,))) def connectModifiedProtocol(self, protoModification, kind=None): """ Helper function to connect a modified protocol to the test protocol and test for disconnection. """ if kind is None: kind = transport.DISCONNECT_KEY_EXCHANGE_FAILED proto2 = self.klass() protoModification(proto2) proto2.makeConnection(proto_helpers.StringTransport()) self.proto.dataReceived(proto2.transport.value()) if kind: self.checkDisconnected(kind) return proto2 def test_disconnectIfCantMatchKex(self): """ Test that the transport disconnects if it can't match the key exchange """ def blankKeyExchanges(proto2): proto2.supportedKeyExchanges = [] self.connectModifiedProtocol(blankKeyExchanges) def test_disconnectIfCantMatchKeyAlg(self): """ Like test_disconnectIfCantMatchKex, but for the key algorithm. """ def blankPublicKeys(proto2): proto2.supportedPublicKeys = [] self.connectModifiedProtocol(blankPublicKeys) def test_disconnectIfCantMatchCompression(self): """ Like test_disconnectIfCantMatchKex, but for the compression. """ def blankCompressions(proto2): proto2.supportedCompressions = [] self.connectModifiedProtocol(blankCompressions) def test_disconnectIfCantMatchCipher(self): """ Like test_disconnectIfCantMatchKex, but for the encryption. """ def blankCiphers(proto2): proto2.supportedCiphers = [] self.connectModifiedProtocol(blankCiphers) def test_disconnectIfCantMatchMAC(self): """ Like test_disconnectIfCantMatchKex, but for the MAC. """ def blankMACs(proto2): proto2.supportedMACs = [] self.connectModifiedProtocol(blankMACs) def test_getPeer(self): """ Test that the transport's L{getPeer} method returns an L{SSHTransportAddress} with the L{IAddress} of the peer. """ self.assertEqual( self.proto.getPeer(), address.SSHTransportAddress(self.proto.transport.getPeer()), ) def test_getHost(self): """ Test that the transport's L{getHost} method returns an L{SSHTransportAddress} with the L{IAddress} of the host. """ self.assertEqual( self.proto.getHost(), address.SSHTransportAddress(self.proto.transport.getHost()), ) class ServerSSHTransportBaseCase(ServerAndClientSSHTransportBaseCase): """ Base case for SSHServerTransport tests. """ klass: Optional[Type[transport.SSHTransportBase]] = transport.SSHServerTransport def setUp(self): TransportTestCase.setUp(self) self.proto.factory = MockFactory() self.proto.factory.startFactory() def tearDown(self): TransportTestCase.tearDown(self) self.proto.factory.stopFactory() del self.proto.factory class ServerSSHTransportTests(ServerSSHTransportBaseCase, TransportTestCase): """ Tests for SSHServerTransport. """ def test_KEXINITMultipleAlgorithms(self): """ Receiving a KEXINIT packet listing multiple supported algorithms will set up the first common algorithm found in the client's preference list. """ self.proto.dataReceived( b"SSH-2.0-Twisted\r\n\x00\x00\x01\xf4\x04\x14" b"\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99" b"\x99\x00\x00\x00bdiffie-hellman-group1-sha1,diffie-hellman-g" b"roup-exchange-sha1,diffie-hellman-group-exchange-sha256\x00" b"\x00\x00\x0fssh-dss,ssh-rsa\x00\x00\x00\x85aes128-ctr,aes128-" b"cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,cast128-ctr,c" b"ast128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc\x00" b"\x00\x00\x85aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes25" b"6-ctr,aes256-cbc,cast128-ctr,cast128-cbc,blowfish-ctr,blowfis" b"h-cbc,3des-ctr,3des-cbc\x00\x00\x00\x12hmac-md5,hmac-sha1\x00" b"\x00\x00\x12hmac-md5,hmac-sha1\x00\x00\x00\tnone,zlib\x00\x00" b"\x00\tnone,zlib\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" b"\x00\x00\x99\x99\x99\x99" ) # Even if as server we prefer diffie-hellman-group-exchange-sha256 the # client preference is used, after skipping diffie-hellman-group1-sha1 self.assertEqual(self.proto.kexAlg, b"diffie-hellman-group-exchange-sha1") self.assertEqual(self.proto.keyAlg, b"ssh-dss") self.assertEqual(self.proto.outgoingCompressionType, b"none") self.assertEqual(self.proto.incomingCompressionType, b"none") self.assertFalse(self.proto._peerSupportsExtensions) ne = self.proto.nextEncryptions self.assertEqual(ne.outCipType, b"aes128-ctr") self.assertEqual(ne.inCipType, b"aes128-ctr") self.assertEqual(ne.outMACType, b"hmac-md5") self.assertEqual(ne.inMACType, b"hmac-md5") def test_KEXINITExtensionNegotiation(self): """ If the client sends "ext-info-c" in its key exchange algorithms, then the server notes that the client supports extension negotiation. See RFC 8308, section 2.1. """ kexInitPacket = ( b"\x00" * 16 + common.NS(b"diffie-hellman-group-exchange-sha256,ext-info-c") + common.NS(b"ssh-rsa") + common.NS(b"aes256-ctr") + common.NS(b"aes256-ctr") + common.NS(b"hmac-sha1") + common.NS(b"hmac-sha1") + common.NS(b"none") + common.NS(b"none") + common.NS(b"") + common.NS(b"") + b"\x00" + b"\x00\x00\x00\x00" ) self.proto.ssh_KEXINIT(kexInitPacket) self.assertEqual(self.proto.kexAlg, b"diffie-hellman-group-exchange-sha256") self.assertTrue(self.proto._peerSupportsExtensions) def test_ignoreGuessPacketKex(self): """ The client is allowed to send a guessed key exchange packet after it sends the KEXINIT packet. However, if the key exchanges do not match, that guess packet must be ignored. This tests that the packet is ignored in the case of the key exchange method not matching. """ kexInitPacket = ( b"\x00" * 16 + ( b"".join( [ common.NS(x) for x in [ b",".join(y) for y in [ self.proto.supportedKeyExchanges[::-1], self.proto.supportedPublicKeys, self.proto.supportedCiphers, self.proto.supportedCiphers, self.proto.supportedMACs, self.proto.supportedMACs, self.proto.supportedCompressions, self.proto.supportedCompressions, self.proto.supportedLanguages, self.proto.supportedLanguages, ] ] ] ) ) + (b"\xff\x00\x00\x00\x00") ) self.proto.ssh_KEXINIT(kexInitPacket) self.assertTrue(self.proto.ignoreNextPacket) self.proto.ssh_DEBUG(b"\x01\x00\x00\x00\x04test\x00\x00\x00\x00") self.assertTrue(self.proto.ignoreNextPacket) self.proto.ssh_KEX_DH_GEX_REQUEST_OLD(b"\x00\x00\x08\x00") self.assertFalse(self.proto.ignoreNextPacket) self.assertEqual(self.packets, []) self.proto.ignoreNextPacket = True self.proto.ssh_KEX_DH_GEX_REQUEST(b"\x00\x00\x08\x00" * 3) self.assertFalse(self.proto.ignoreNextPacket) self.assertEqual(self.packets, []) def test_ignoreGuessPacketKey(self): """ Like test_ignoreGuessPacketKex, but for an incorrectly guessed public key format. """ kexInitPacket = ( b"\x00" * 16 + ( b"".join( [ common.NS(x) for x in [ b",".join(y) for y in [ self.proto.supportedKeyExchanges, self.proto.supportedPublicKeys[::-1], self.proto.supportedCiphers, self.proto.supportedCiphers, self.proto.supportedMACs, self.proto.supportedMACs, self.proto.supportedCompressions, self.proto.supportedCompressions, self.proto.supportedLanguages, self.proto.supportedLanguages, ] ] ] ) ) + (b"\xff\x00\x00\x00\x00") ) self.proto.ssh_KEXINIT(kexInitPacket) self.assertTrue(self.proto.ignoreNextPacket) self.proto.ssh_DEBUG(b"\x01\x00\x00\x00\x04test\x00\x00\x00\x00") self.assertTrue(self.proto.ignoreNextPacket) self.proto.ssh_KEX_DH_GEX_REQUEST_OLD(b"\x00\x00\x08\x00") self.assertFalse(self.proto.ignoreNextPacket) self.assertEqual(self.packets, []) self.proto.ignoreNextPacket = True self.proto.ssh_KEX_DH_GEX_REQUEST(b"\x00\x00\x08\x00" * 3) self.assertFalse(self.proto.ignoreNextPacket) self.assertEqual(self.packets, []) def assertKexDHInitResponse(self, kexAlgorithm, bits): """ Test that the KEXDH_INIT packet causes the server to send a KEXDH_REPLY with the server's public key and a signature. @param kexAlgorithm: The key exchange algorithm to use. @type kexAlgorithm: L{str} """ self.proto.supportedKeyExchanges = [kexAlgorithm] self.proto.supportedPublicKeys = [b"ssh-rsa"] self.proto.dataReceived(self.transport.value()) g, p = _kex.getDHGeneratorAndPrime(kexAlgorithm) e = pow(g, 5000, p) self.proto.ssh_KEX_DH_GEX_REQUEST_OLD(common.MP(e)) y = common.getMP(common.NS(b"\x99" * (bits // 8)))[0] f = _MPpow(self.proto.g, y, self.proto.p) self.assertEqual(self.proto.dhSecretKeyPublicMP, f) sharedSecret = _MPpow(e, y, self.proto.p) h = sha1() h.update(common.NS(self.proto.ourVersionString) * 2) h.update(common.NS(self.proto.ourKexInitPayload) * 2) h.update(common.NS(self.proto.factory.publicKeys[b"ssh-rsa"].blob())) h.update(common.MP(e)) h.update(f) h.update(sharedSecret) exchangeHash = h.digest() signature = self.proto.factory.privateKeys[b"ssh-rsa"].sign(exchangeHash) self.assertEqual( self.packets, [ ( transport.MSG_KEXDH_REPLY, common.NS(self.proto.factory.publicKeys[b"ssh-rsa"].blob()) + f + common.NS(signature), ), (transport.MSG_NEWKEYS, b""), ], ) def test_checkBad_KEX_ECDH_INIT_CurveName(self): """ Test that if the server receives a KEX_DH_GEX_REQUEST_OLD message and the key exchange algorithm is not set, we raise a ConchError. """ self.proto.kexAlg = b"bad-curve" self.proto.keyAlg = b"ssh-rsa" self.assertRaises( UnsupportedAlgorithm, self.proto._ssh_KEX_ECDH_INIT, common.NS(b"unused-key"), ) def test_checkBad_KEX_INIT_CurveName(self): """ Test that if the server received a bad name for a curve we raise an UnsupportedAlgorithm error. """ kexmsg = ( b"\xAA" * 16 + common.NS(b"ecdh-sha2-nistp256") + common.NS(b"ssh-rsa") + common.NS(b"aes256-ctr") + common.NS(b"aes256-ctr") + common.NS(b"hmac-sha1") + common.NS(b"hmac-sha1") + common.NS(b"none") + common.NS(b"none") + common.NS(b"") + common.NS(b"") + b"\x00" + b"\x00\x00\x00\x00" ) self.proto.ssh_KEXINIT(kexmsg) self.assertRaises(AttributeError) self.assertRaises(UnsupportedAlgorithm) def test_KEXDH_INIT_GROUP14(self): """ KEXDH_INIT messages are processed when the diffie-hellman-group14-sha1 key exchange algorithm is requested. """ self.assertKexDHInitResponse(b"diffie-hellman-group14-sha1", 2048) def test_keySetup(self): """ Test that _keySetup sets up the next encryption keys. """ self.proto.kexAlg = b"diffie-hellman-group14-sha1" self.proto.nextEncryptions = MockCipher() self.simulateKeyExchange(b"AB", b"CD") self.assertEqual(self.proto.sessionID, b"CD") self.simulateKeyExchange(b"AB", b"EF") self.assertEqual(self.proto.sessionID, b"CD") self.assertEqual(self.packets[-1], (transport.MSG_NEWKEYS, b"")) newKeys = [self.proto._getKey(c, b"AB", b"EF") for c in iterbytes(b"ABCDEF")] self.assertEqual( self.proto.nextEncryptions.keys, (newKeys[1], newKeys[3], newKeys[0], newKeys[2], newKeys[5], newKeys[4]), ) def test_keySetupWithExtInfo(self): """ If the client advertised support for extension negotiation, then _keySetup sends SSH_MSG_EXT_INFO with the "server-sig-algs" extension as the next packet following the server's first SSH_MSG_NEWKEYS. See RFC 8308, sections 2.4 and 3.1. """ self.proto.supportedPublicKeys = [b"ssh-rsa", b"rsa-sha2-256", b"rsa-sha2-512"] self.proto.kexAlg = b"diffie-hellman-group14-sha1" self.proto.nextEncryptions = MockCipher() self.proto._peerSupportsExtensions = True self.simulateKeyExchange(b"AB", b"CD") self.assertEqual(self.packets[-2], (transport.MSG_NEWKEYS, b"")) self.assertEqual( self.packets[-1], ( transport.MSG_EXT_INFO, b"\x00\x00\x00\x01" + common.NS(b"server-sig-algs") + common.NS(b"ssh-rsa,rsa-sha2-256,rsa-sha2-512"), ), ) self.simulateKeyExchange(b"AB", b"EF") self.assertEqual(self.packets[-1], (transport.MSG_NEWKEYS, b"")) def test_ECDH_keySetup(self): """ Test that _keySetup sets up the next encryption keys. """ self.proto.kexAlg = b"ecdh-sha2-nistp256" self.proto.nextEncryptions = MockCipher() self.simulateKeyExchange(b"AB", b"CD") self.assertEqual(self.proto.sessionID, b"CD") self.simulateKeyExchange(b"AB", b"EF") self.assertEqual(self.proto.sessionID, b"CD") self.assertEqual(self.packets[-1], (transport.MSG_NEWKEYS, b"")) newKeys = [self.proto._getKey(c, b"AB", b"EF") for c in iterbytes(b"ABCDEF")] self.assertEqual( self.proto.nextEncryptions.keys, (newKeys[1], newKeys[3], newKeys[0], newKeys[2], newKeys[5], newKeys[4]), ) def test_NEWKEYS(self): """ Test that NEWKEYS transitions the keys in nextEncryptions to currentEncryptions. """ self.test_KEXINITMultipleAlgorithms() self.proto.nextEncryptions = transport.SSHCiphers( b"none", b"none", b"none", b"none" ) self.proto.ssh_NEWKEYS(b"") self.assertIs(self.proto.currentEncryptions, self.proto.nextEncryptions) self.assertIsNone(self.proto.outgoingCompression) self.assertIsNone(self.proto.incomingCompression) self.proto.outgoingCompressionType = b"zlib" self.simulateKeyExchange(b"AB", b"CD") self.proto.ssh_NEWKEYS(b"") self.assertIsNotNone(self.proto.outgoingCompression) self.proto.incomingCompressionType = b"zlib" self.simulateKeyExchange(b"AB", b"EF") self.proto.ssh_NEWKEYS(b"") self.assertIsNotNone(self.proto.incomingCompression) def test_SERVICE_REQUEST(self): """ Test that the SERVICE_REQUEST message requests and starts a service. """ self.proto.ssh_SERVICE_REQUEST(common.NS(b"ssh-userauth")) self.assertEqual( self.packets, [(transport.MSG_SERVICE_ACCEPT, common.NS(b"ssh-userauth"))] ) self.assertEqual(self.proto.service.name, b"MockService") def test_disconnectNEWKEYSData(self): """ Test that NEWKEYS disconnects if it receives data. """ self.proto.ssh_NEWKEYS(b"bad packet") self.checkDisconnected() def test_disconnectSERVICE_REQUESTBadService(self): """ Test that SERVICE_REQUESTS disconnects if an unknown service is requested. """ self.proto.ssh_SERVICE_REQUEST(common.NS(b"no service")) self.checkDisconnected(transport.DISCONNECT_SERVICE_NOT_AVAILABLE) class ServerSSHTransportDHGroupExchangeBaseCase(ServerSSHTransportBaseCase): """ Diffie-Hellman group exchange tests for SSHServerTransport. """ def test_KEX_DH_GEX_REQUEST_OLD(self): """ Test that the KEX_DH_GEX_REQUEST_OLD message causes the server to reply with a KEX_DH_GEX_GROUP message with the correct Diffie-Hellman group. """ self.proto.supportedKeyExchanges = [self.kexAlgorithm] self.proto.supportedPublicKeys = [b"ssh-rsa"] self.proto.dataReceived(self.transport.value()) self.proto.ssh_KEX_DH_GEX_REQUEST_OLD(b"\x00\x00\x04\x00") dhGenerator, dhPrime = self.proto.factory.getPrimes().get(2048)[0] self.assertEqual( self.packets, [ ( transport.MSG_KEX_DH_GEX_GROUP, common.MP(dhPrime) + b"\x00\x00\x00\x01\x02", ) ], ) self.assertEqual(self.proto.g, 2) self.assertEqual(self.proto.p, dhPrime) def test_KEX_DH_GEX_REQUEST_OLD_badKexAlg(self): """ Test that if the server receives a KEX_DH_GEX_REQUEST_OLD message and the key exchange algorithm is not set, we raise a ConchError. """ self.proto.kexAlg = None self.assertRaises(ConchError, self.proto.ssh_KEX_DH_GEX_REQUEST_OLD, None) def test_KEX_DH_GEX_REQUEST(self): """ Test that the KEX_DH_GEX_REQUEST message causes the server to reply with a KEX_DH_GEX_GROUP message with the correct Diffie-Hellman group. """ self.proto.supportedKeyExchanges = [self.kexAlgorithm] self.proto.supportedPublicKeys = [b"ssh-rsa"] self.proto.dataReceived(self.transport.value()) self.proto.ssh_KEX_DH_GEX_REQUEST( b"\x00\x00\x04\x00\x00\x00\x08\x00" + b"\x00\x00\x0c\x00" ) dhGenerator, dhPrime = self.proto.factory.getPrimes().get(2048)[0] self.assertEqual( self.packets, [ ( transport.MSG_KEX_DH_GEX_GROUP, common.MP(dhPrime) + b"\x00\x00\x00\x01\x02", ) ], ) self.assertEqual(self.proto.g, 2) self.assertEqual(self.proto.p, dhPrime) def test_KEX_DH_GEX_INIT_after_REQUEST_OLD(self): """ Test that the KEX_DH_GEX_INIT message after the client sends KEX_DH_GEX_REQUEST_OLD causes the server to send a KEX_DH_GEX_INIT message with a public key and signature. """ self.test_KEX_DH_GEX_REQUEST_OLD() e = pow(self.proto.g, 3, self.proto.p) y = common.getMP(b"\x00\x00\x01\x00" + b"\x99" * 512)[0] self.assertEqual(self.proto.dhSecretKey.private_numbers().x, y) f = _MPpow(self.proto.g, y, self.proto.p) self.assertEqual(self.proto.dhSecretKeyPublicMP, f) sharedSecret = _MPpow(e, y, self.proto.p) h = self.hashProcessor() h.update(common.NS(self.proto.ourVersionString) * 2) h.update(common.NS(self.proto.ourKexInitPayload) * 2) h.update(common.NS(self.proto.factory.publicKeys[b"ssh-rsa"].blob())) h.update(b"\x00\x00\x04\x00") h.update(common.MP(self.proto.p)) h.update(common.MP(self.proto.g)) h.update(common.MP(e)) h.update(f) h.update(sharedSecret) exchangeHash = h.digest() self.proto.ssh_KEX_DH_GEX_INIT(common.MP(e)) self.assertEqual( self.packets[1:], [ ( transport.MSG_KEX_DH_GEX_REPLY, common.NS(self.proto.factory.publicKeys[b"ssh-rsa"].blob()) + f + common.NS( self.proto.factory.privateKeys[b"ssh-rsa"].sign(exchangeHash) ), ), (transport.MSG_NEWKEYS, b""), ], ) def test_KEX_DH_GEX_INIT_after_REQUEST(self): """ Test that the KEX_DH_GEX_INIT message after the client sends KEX_DH_GEX_REQUEST causes the server to send a KEX_DH_GEX_INIT message with a public key and signature. """ self.test_KEX_DH_GEX_REQUEST() e = pow(self.proto.g, 3, self.proto.p) y = common.getMP(b"\x00\x00\x01\x00" + b"\x99" * 256)[0] f = _MPpow(self.proto.g, y, self.proto.p) sharedSecret = _MPpow(e, y, self.proto.p) h = self.hashProcessor() h.update(common.NS(self.proto.ourVersionString) * 2) h.update(common.NS(self.proto.ourKexInitPayload) * 2) h.update(common.NS(self.proto.factory.publicKeys[b"ssh-rsa"].blob())) h.update(b"\x00\x00\x04\x00\x00\x00\x08\x00\x00\x00\x0c\x00") h.update(common.MP(self.proto.p)) h.update(common.MP(self.proto.g)) h.update(common.MP(e)) h.update(f) h.update(sharedSecret) exchangeHash = h.digest() self.proto.ssh_KEX_DH_GEX_INIT(common.MP(e)) self.assertEqual( self.packets[1], ( transport.MSG_KEX_DH_GEX_REPLY, common.NS(self.proto.factory.publicKeys[b"ssh-rsa"].blob()) + f + common.NS( self.proto.factory.privateKeys[b"ssh-rsa"].sign(exchangeHash) ), ), ) class ServerSSHTransportDHGroupExchangeSHA1Tests( ServerSSHTransportDHGroupExchangeBaseCase, DHGroupExchangeSHA1Mixin, TransportTestCase, ): """ diffie-hellman-group-exchange-sha1 tests for SSHServerTransport. """ class ServerSSHTransportDHGroupExchangeSHA256Tests( ServerSSHTransportDHGroupExchangeBaseCase, DHGroupExchangeSHA256Mixin, TransportTestCase, ): """ diffie-hellman-group-exchange-sha256 tests for SSHServerTransport. """ class ServerSSHTransportECDHBaseCase(ServerSSHTransportBaseCase): """ Elliptic Curve Diffie-Hellman tests for SSHServerTransport. """ def test_KEX_ECDH_INIT(self): """ Test that the KEXDH_INIT message causes the server to send a KEXDH_REPLY with the server's public key and a signature. """ self.proto.supportedKeyExchanges = [self.kexAlgorithm] self.proto.supportedPublicKeys = [b"ssh-rsa"] self.proto.dataReceived(self.transport.value()) privKey = self.proto.factory.privateKeys[b"ssh-rsa"] pubKey = self.proto.factory.publicKeys[b"ssh-rsa"] ecPriv = self.proto._generateECPrivateKey() ecPub = ecPriv.public_key() encPub = self.proto._encodeECPublicKey(ecPub) self.proto.ssh_KEX_DH_GEX_REQUEST_OLD(common.NS(encPub)) sharedSecret = self.proto._generateECSharedSecret( ecPriv, self.proto._encodeECPublicKey(self.proto.ecPub) ) h = self.hashProcessor() h.update(common.NS(self.proto.otherVersionString)) h.update(common.NS(self.proto.ourVersionString)) h.update(common.NS(self.proto.otherKexInitPayload)) h.update(common.NS(self.proto.ourKexInitPayload)) h.update(common.NS(pubKey.blob())) h.update(common.NS(encPub)) h.update(common.NS(self.proto._encodeECPublicKey(self.proto.ecPub))) h.update(sharedSecret) exchangeHash = h.digest() signature = privKey.sign(exchangeHash) self.assertEqual( self.packets, [ ( transport.MSG_KEXDH_REPLY, common.NS(pubKey.blob()) + common.NS(self.proto._encodeECPublicKey(self.proto.ecPub)) + common.NS(signature), ), (transport.MSG_NEWKEYS, b""), ], ) class ServerSSHTransportECDHTests( ServerSSHTransportECDHBaseCase, ECDHMixin, TransportTestCase ): """ ecdh-sha2-nistp256 tests for SSHServerTransport. """ @skipWithoutX25519 class ServerSSHTransportCurve25519SHA256Tests( ServerSSHTransportECDHBaseCase, Curve25519SHA256Mixin, TransportTestCase ): """ curve25519-sha256 tests for SSHServerTransport. """ class ClientSSHTransportBaseCase(ServerAndClientSSHTransportBaseCase): """ Base case for SSHClientTransport tests. """ klass: Optional[Type[transport.SSHTransportBase]] = transport.SSHClientTransport def verifyHostKey(self, pubKey, fingerprint): """ Mock version of SSHClientTransport.verifyHostKey. """ self.calledVerifyHostKey = True self.assertEqual(pubKey, self.blob) self.assertEqual( fingerprint.replace(b":", b""), binascii.hexlify(md5(pubKey).digest()) ) return defer.succeed(True) def setUp(self): TransportTestCase.setUp(self) self.blob = keys.Key.fromString(keydata.publicRSA_openssh).blob() self.privObj = keys.Key.fromString(keydata.privateRSA_openssh) self.calledVerifyHostKey = False self.proto.verifyHostKey = self.verifyHostKey class ClientSSHTransportTests(ClientSSHTransportBaseCase, TransportTestCase): """ Tests for SSHClientTransport. """ def test_KEXINITMultipleAlgorithms(self): """ Receiving a KEXINIT packet listing multiple supported algorithms will set up the first common algorithm, ordered after our preference. """ self.proto.dataReceived( b"SSH-2.0-Twisted\r\n\x00\x00\x01\xf4\x04\x14" b"\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99" b"\x99\x00\x00\x00bdiffie-hellman-group1-sha1,diffie-hellman-g" b"roup-exchange-sha1,diffie-hellman-group-exchange-sha256\x00" b"\x00\x00\x0fssh-dss,ssh-rsa\x00\x00\x00\x85aes128-ctr,aes128-" b"cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,cast128-ctr,c" b"ast128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc\x00" b"\x00\x00\x85aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes25" b"6-ctr,aes256-cbc,cast128-ctr,cast128-cbc,blowfish-ctr,blowfis" b"h-cbc,3des-ctr,3des-cbc\x00\x00\x00\x12hmac-md5,hmac-sha1\x00" b"\x00\x00\x12hmac-md5,hmac-sha1\x00\x00\x00\tzlib,none\x00\x00" b"\x00\tzlib,none\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" b"\x00\x00\x99\x99\x99\x99" ) # Even if client prefer diffie-hellman-group1-sha1, we will go for # diffie-hellman-group-exchange-sha256 as this what we prefer and is # also supported by the server. self.assertEqual(self.proto.kexAlg, b"diffie-hellman-group-exchange-sha256") self.assertEqual(self.proto.keyAlg, b"ssh-rsa") self.assertEqual(self.proto.outgoingCompressionType, b"none") self.assertEqual(self.proto.incomingCompressionType, b"none") ne = self.proto.nextEncryptions self.assertEqual(ne.outCipType, b"aes256-ctr") self.assertEqual(ne.inCipType, b"aes256-ctr") self.assertEqual(ne.outMACType, b"hmac-sha1") self.assertEqual(ne.inMACType, b"hmac-sha1") def test_notImplementedClientMethods(self): """ verifyHostKey() should return a Deferred which fails with a NotImplementedError exception. connectionSecure() should raise NotImplementedError(). """ self.assertRaises(NotImplementedError, self.klass().connectionSecure) def _checkRaises(f): f.trap(NotImplementedError) d = self.klass().verifyHostKey(None, None) return d.addCallback(self.fail).addErrback(_checkRaises) def assertKexInitResponseForDH(self, kexAlgorithm, bits): """ Test that a KEXINIT packet with a group1 or group14 key exchange results in a correct KEXDH_INIT response. @param kexAlgorithm: The key exchange algorithm to use @type kexAlgorithm: L{str} """ self.proto.supportedKeyExchanges = [kexAlgorithm] # Imitate reception of server key exchange request contained # in data returned by self.transport.value() self.proto.dataReceived(self.transport.value()) x = self.proto.dhSecretKey.private_numbers().x self.assertEqual(common.MP(x)[5:], b"\x99" * (bits // 8)) # Data sent to server should be a transport.MSG_KEXDH_INIT # message containing our public key. self.assertEqual( self.packets, [(transport.MSG_KEXDH_INIT, self.proto.dhSecretKeyPublicMP)] ) def test_KEXINIT_group14(self): """ KEXINIT messages requesting diffie-hellman-group14-sha1 result in KEXDH_INIT responses. """ self.assertKexInitResponseForDH(b"diffie-hellman-group14-sha1", 2048) def test_KEXINIT_badKexAlg(self): """ Test that the client raises a ConchError if it receives a KEXINIT message but doesn't have a key exchange algorithm that we understand. """ self.proto.supportedKeyExchanges = [b"diffie-hellman-group24-sha1"] data = self.transport.value().replace(b"group14", b"group24") self.assertRaises(ConchError, self.proto.dataReceived, data) def test_KEXINITExtensionNegotiation(self): """ If the server sends "ext-info-s" in its key exchange algorithms, then the client notes that the server supports extension negotiation. See RFC 8308, section 2.1. """ kexInitPacket = ( b"\x00" * 16 + common.NS(b"diffie-hellman-group-exchange-sha256,ext-info-s") + common.NS(b"ssh-rsa") + common.NS(b"aes256-ctr") + common.NS(b"aes256-ctr") + common.NS(b"hmac-sha1") + common.NS(b"hmac-sha1") + common.NS(b"none") + common.NS(b"none") + common.NS(b"") + common.NS(b"") + b"\x00" + b"\x00\x00\x00\x00" ) self.proto.ssh_KEXINIT(kexInitPacket) self.assertTrue(self.proto._peerSupportsExtensions) def begin_KEXDH_REPLY(self): """ Utility for test_KEXDH_REPLY and test_disconnectKEXDH_REPLYBadSignature. Begins a Diffie-Hellman key exchange in the named group Group-14 and computes information needed to return either a correct or incorrect signature. """ self.test_KEXINIT_group14() f = 2 fMP = common.MP(f) x = self.proto.dhSecretKey.private_numbers().x p = self.proto.p sharedSecret = _MPpow(f, x, p) h = sha1() h.update(common.NS(self.proto.ourVersionString) * 2) h.update(common.NS(self.proto.ourKexInitPayload) * 2) h.update(common.NS(self.blob)) h.update(self.proto.dhSecretKeyPublicMP) h.update(fMP) h.update(sharedSecret) exchangeHash = h.digest() signature = self.privObj.sign(exchangeHash) return (exchangeHash, signature, common.NS(self.blob) + fMP) def test_KEXDH_REPLY(self): """ Test that the KEXDH_REPLY message verifies the server. """ (exchangeHash, signature, packetStart) = self.begin_KEXDH_REPLY() def _cbTestKEXDH_REPLY(value): self.assertIsNone(value) self.assertTrue(self.calledVerifyHostKey) self.assertEqual(self.proto.sessionID, exchangeHash) d = self.proto.ssh_KEX_DH_GEX_GROUP(packetStart + common.NS(signature)) d.addCallback(_cbTestKEXDH_REPLY) return d def test_keySetup(self): """ Test that _keySetup sets up the next encryption keys. """ self.proto.kexAlg = b"diffie-hellman-group14-sha1" self.proto.nextEncryptions = MockCipher() self.simulateKeyExchange(b"AB", b"CD") self.assertEqual(self.proto.sessionID, b"CD") self.simulateKeyExchange(b"AB", b"EF") self.assertEqual(self.proto.sessionID, b"CD") self.assertEqual(self.packets[-1], (transport.MSG_NEWKEYS, b"")) newKeys = [self.proto._getKey(c, b"AB", b"EF") for c in iterbytes(b"ABCDEF")] self.assertEqual( self.proto.nextEncryptions.keys, (newKeys[0], newKeys[2], newKeys[1], newKeys[3], newKeys[4], newKeys[5]), ) def test_NEWKEYS(self): """ Test that NEWKEYS transitions the keys from nextEncryptions to currentEncryptions. """ self.test_KEXINITMultipleAlgorithms() secure = [False] def stubConnectionSecure(): secure[0] = True self.proto.connectionSecure = stubConnectionSecure self.proto.nextEncryptions = transport.SSHCiphers( b"none", b"none", b"none", b"none" ) self.simulateKeyExchange(b"AB", b"CD") self.assertIsNot(self.proto.currentEncryptions, self.proto.nextEncryptions) self.proto.nextEncryptions = MockCipher() self.proto.ssh_NEWKEYS(b"") self.assertIsNone(self.proto.outgoingCompression) self.assertIsNone(self.proto.incomingCompression) self.assertIs(self.proto.currentEncryptions, self.proto.nextEncryptions) self.assertTrue(secure[0]) self.proto.outgoingCompressionType = b"zlib" self.simulateKeyExchange(b"AB", b"GH") self.proto.ssh_NEWKEYS(b"") self.assertIsNotNone(self.proto.outgoingCompression) self.proto.incomingCompressionType = b"zlib" self.simulateKeyExchange(b"AB", b"IJ") self.proto.ssh_NEWKEYS(b"") self.assertIsNotNone(self.proto.incomingCompression) def test_SERVICE_ACCEPT(self): """ Test that the SERVICE_ACCEPT packet starts the requested service. """ self.proto.instance = MockService() self.proto.ssh_SERVICE_ACCEPT(b"\x00\x00\x00\x0bMockService") self.assertTrue(self.proto.instance.started) def test_requestService(self): """ Test that requesting a service sends a SERVICE_REQUEST packet. """ self.proto.requestService(MockService()) self.assertEqual( self.packets, [(transport.MSG_SERVICE_REQUEST, b"\x00\x00\x00\x0bMockService")], ) def test_disconnectKEXDH_REPLYBadSignature(self): """ Test that KEXDH_REPLY disconnects if the signature is bad. """ (exchangeHash, signature, packetStart) = self.begin_KEXDH_REPLY() d = self.proto.ssh_KEX_DH_GEX_GROUP(packetStart + common.NS(b"bad signature")) return d.addCallback( lambda _: self.checkDisconnected(transport.DISCONNECT_KEY_EXCHANGE_FAILED) ) def test_disconnectKEX_ECDH_REPLYBadSignature(self): """ Test that KEX_ECDH_REPLY disconnects if the signature is bad. """ kexmsg = ( b"\xAA" * 16 + common.NS(b"ecdh-sha2-nistp256") + common.NS(b"ssh-rsa") + common.NS(b"aes256-ctr") + common.NS(b"aes256-ctr") + common.NS(b"hmac-sha1") + common.NS(b"hmac-sha1") + common.NS(b"none") + common.NS(b"none") + common.NS(b"") + common.NS(b"") + b"\x00" + b"\x00\x00\x00\x00" ) self.proto.ssh_KEXINIT(kexmsg) self.proto.dataReceived(b"SSH-2.0-OpenSSH\r\n") self.proto.ecPriv = ec.generate_private_key(ec.SECP256R1(), default_backend()) self.proto.ecPub = self.proto.ecPriv.public_key() # Generate the private key thisPriv = ec.generate_private_key(ec.SECP256R1(), default_backend()) # Get the public key thisPub = thisPriv.public_key() encPub = thisPub.public_bytes( serialization.Encoding.X962, serialization.PublicFormat.UncompressedPoint ) self.proto.curve = ec.SECP256R1() self.proto.kexAlg = b"ecdh-sha2-nistp256" self.proto._ssh_KEX_ECDH_REPLY( common.NS(MockFactory().getPublicKeys()[b"ssh-rsa"].blob()) + common.NS(encPub) + common.NS(b"bad-signature") ) self.checkDisconnected(transport.DISCONNECT_KEY_EXCHANGE_FAILED) def test_disconnectNEWKEYSData(self): """ Test that NEWKEYS disconnects if it receives data. """ self.proto.ssh_NEWKEYS(b"bad packet") self.checkDisconnected() def test_disconnectSERVICE_ACCEPT(self): """ Test that SERVICE_ACCEPT disconnects if the accepted protocol is differet from the asked-for protocol. """ self.proto.instance = MockService() self.proto.ssh_SERVICE_ACCEPT(b"\x00\x00\x00\x03bad") self.checkDisconnected() def test_noPayloadSERVICE_ACCEPT(self): """ Some commercial SSH servers don't send a payload with the SERVICE_ACCEPT message. Conch pretends that it got the correct name of the service. """ self.proto.instance = MockService() self.proto.ssh_SERVICE_ACCEPT(b"") # no payload self.assertTrue(self.proto.instance.started) self.assertEqual(len(self.packets), 0) # not disconnected class ClientSSHTransportDHGroupExchangeBaseCase(ClientSSHTransportBaseCase): """ Diffie-Hellman group exchange tests for SSHClientTransport. """ """ 1536-bit modulus from RFC 3526 """ P1536 = int( "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" "83655D23DCA3AD961C62F356208552BB9ED529077096966D" "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF", 16, ) def test_KEXINIT_groupexchange(self): """ KEXINIT packet with a group-exchange key exchange results in a KEX_DH_GEX_REQUEST message. """ self.proto.supportedKeyExchanges = [self.kexAlgorithm] self.proto.dataReceived(self.transport.value()) # The response will include our advertised group sizes. self.assertEqual( self.packets, [ ( transport.MSG_KEX_DH_GEX_REQUEST, b"\x00\x00\x04\x00\x00\x00\x08\x00\x00\x00\x20\x00", ) ], ) def test_KEX_DH_GEX_GROUP(self): """ Test that the KEX_DH_GEX_GROUP message results in a KEX_DH_GEX_INIT message with the client's Diffie-Hellman public key. """ self.test_KEXINIT_groupexchange() self.proto.ssh_KEX_DH_GEX_GROUP(common.MP(self.P1536) + common.MP(2)) self.assertEqual(self.proto.p, self.P1536) self.assertEqual(self.proto.g, 2) x = self.proto.dhSecretKey.private_numbers().x self.assertEqual(common.MP(x)[5:], b"\x99" * 192) self.assertEqual( self.proto.dhSecretKeyPublicMP, common.MP(pow(2, x, self.P1536)) ) self.assertEqual( self.packets[1:], [(transport.MSG_KEX_DH_GEX_INIT, self.proto.dhSecretKeyPublicMP)], ) def begin_KEX_DH_GEX_REPLY(self): """ Utility for test_KEX_DH_GEX_REPLY and test_disconnectGEX_REPLYBadSignature. Begins a Diffie-Hellman key exchange in an unnamed (server-specified) group and computes information needed to return either a correct or incorrect signature. """ self.test_KEX_DH_GEX_GROUP() p = self.proto.p f = 3 fMP = common.MP(f) sharedSecret = _MPpow(f, self.proto.dhSecretKey.private_numbers().x, p) h = self.hashProcessor() h.update(common.NS(self.proto.ourVersionString) * 2) h.update(common.NS(self.proto.ourKexInitPayload) * 2) h.update(common.NS(self.blob)) # Here is the wire format for advertised min, pref and max DH sizes. h.update(b"\x00\x00\x04\x00\x00\x00\x08\x00\x00\x00\x20\x00") # And the selected group parameters. h.update(common.MP(self.P1536) + common.MP(2)) h.update(self.proto.dhSecretKeyPublicMP) h.update(fMP) h.update(sharedSecret) exchangeHash = h.digest() signature = self.privObj.sign(exchangeHash) return (exchangeHash, signature, common.NS(self.blob) + fMP) def test_KEX_DH_GEX_REPLY(self): """ Test that the KEX_DH_GEX_REPLY message results in a verified server. """ (exchangeHash, signature, packetStart) = self.begin_KEX_DH_GEX_REPLY() def _cbTestKEX_DH_GEX_REPLY(value): self.assertIsNone(value) self.assertTrue(self.calledVerifyHostKey) self.assertEqual(self.proto.sessionID, exchangeHash) d = self.proto.ssh_KEX_DH_GEX_REPLY(packetStart + common.NS(signature)) d.addCallback(_cbTestKEX_DH_GEX_REPLY) return d def test_disconnectGEX_REPLYBadSignature(self): """ Test that KEX_DH_GEX_REPLY disconnects if the signature is bad. """ (exchangeHash, signature, packetStart) = self.begin_KEX_DH_GEX_REPLY() d = self.proto.ssh_KEX_DH_GEX_REPLY(packetStart + common.NS(b"bad signature")) return d.addCallback( lambda _: self.checkDisconnected(transport.DISCONNECT_KEY_EXCHANGE_FAILED) ) def test_disconnectKEX_ECDH_REPLYBadSignature(self): """ Test that KEX_ECDH_REPLY disconnects if the signature is bad. """ kexmsg = ( b"\xAA" * 16 + common.NS(b"ecdh-sha2-nistp256") + common.NS(b"ssh-rsa") + common.NS(b"aes256-ctr") + common.NS(b"aes256-ctr") + common.NS(b"hmac-sha1") + common.NS(b"hmac-sha1") + common.NS(b"none") + common.NS(b"none") + common.NS(b"") + common.NS(b"") + b"\x00" + b"\x00\x00\x00\x00" ) self.proto.ssh_KEXINIT(kexmsg) self.proto.dataReceived(b"SSH-2.0-OpenSSH\r\n") self.proto.ecPriv = ec.generate_private_key(ec.SECP256R1(), default_backend()) self.proto.ecPub = self.proto.ecPriv.public_key() # Generate the private key thisPriv = ec.generate_private_key(ec.SECP256R1(), default_backend()) # Get the public key thisPub = thisPriv.public_key() encPub = thisPub.public_bytes( serialization.Encoding.X962, serialization.PublicFormat.UncompressedPoint ) self.proto.curve = ec.SECP256R1() self.proto.kexAlg = b"ecdh-sha2-nistp256" self.proto._ssh_KEX_ECDH_REPLY( common.NS(MockFactory().getPublicKeys()[b"ssh-rsa"].blob()) + common.NS(encPub) + common.NS(b"bad-signature") ) self.checkDisconnected(transport.DISCONNECT_KEY_EXCHANGE_FAILED) class ClientSSHTransportDHGroupExchangeSHA1Tests( ClientSSHTransportDHGroupExchangeBaseCase, DHGroupExchangeSHA1Mixin, TransportTestCase, ): """ diffie-hellman-group-exchange-sha1 tests for SSHClientTransport. """ class ClientSSHTransportDHGroupExchangeSHA256Tests( ClientSSHTransportDHGroupExchangeBaseCase, DHGroupExchangeSHA256Mixin, TransportTestCase, ): """ diffie-hellman-group-exchange-sha256 tests for SSHClientTransport. """ class ClientSSHTransportECDHBaseCase(ClientSSHTransportBaseCase): """ Elliptic Curve Diffie-Hellman tests for SSHClientTransport. """ def test_KEXINIT(self): """ KEXINIT packet with an elliptic curve key exchange results in a KEXDH_INIT message. """ self.proto.supportedKeyExchanges = [self.kexAlgorithm] self.proto.dataReceived(self.transport.value()) # The response will include the client's ephemeral public key. self.assertEqual( self.packets, [ ( transport.MSG_KEXDH_INIT, common.NS(self.proto._encodeECPublicKey(self.proto.ecPub)), ) ], ) def begin_KEXDH_REPLY(self): """ Utility for test_KEXDH_REPLY and test_disconnectKEXDH_REPLYBadSignature. Begins an Elliptic Curve Diffie-Hellman key exchange and computes information needed to return either a correct or incorrect signature. """ self.test_KEXINIT() privKey = MockFactory().getPrivateKeys()[b"ssh-rsa"] pubKey = MockFactory().getPublicKeys()[b"ssh-rsa"] ecPriv = self.proto._generateECPrivateKey() ecPub = ecPriv.public_key() encPub = self.proto._encodeECPublicKey(ecPub) sharedSecret = self.proto._generateECSharedSecret( ecPriv, self.proto._encodeECPublicKey(self.proto.ecPub) ) h = self.hashProcessor() h.update(common.NS(self.proto.ourVersionString)) h.update(common.NS(self.proto.otherVersionString)) h.update(common.NS(self.proto.ourKexInitPayload)) h.update(common.NS(self.proto.otherKexInitPayload)) h.update(common.NS(pubKey.blob())) h.update(common.NS(self.proto._encodeECPublicKey(self.proto.ecPub))) h.update(common.NS(encPub)) h.update(sharedSecret) exchangeHash = h.digest() signature = privKey.sign(exchangeHash) return (exchangeHash, signature, common.NS(pubKey.blob()) + common.NS(encPub)) def test_KEXDH_REPLY(self): """ Test that the KEXDH_REPLY message completes the key exchange. """ (exchangeHash, signature, packetStart) = self.begin_KEXDH_REPLY() def _cbTestKEXDH_REPLY(value): self.assertIsNone(value) self.assertTrue(self.calledVerifyHostKey) self.assertEqual(self.proto.sessionID, exchangeHash) d = self.proto.ssh_KEX_DH_GEX_GROUP(packetStart + common.NS(signature)) d.addCallback(_cbTestKEXDH_REPLY) return d def test_disconnectKEXDH_REPLYBadSignature(self): """ Test that KEX_ECDH_REPLY disconnects if the signature is bad. """ (exchangeHash, signature, packetStart) = self.begin_KEXDH_REPLY() d = self.proto.ssh_KEX_DH_GEX_GROUP(packetStart + common.NS(b"bad signature")) return d.addCallback( lambda _: self.checkDisconnected(transport.DISCONNECT_KEY_EXCHANGE_FAILED) ) class ClientSSHTransportECDHTests( ClientSSHTransportECDHBaseCase, ECDHMixin, TransportTestCase ): """ ecdh-sha2-nistp256 tests for SSHClientTransport. """ @skipWithoutX25519 class ClientSSHTransportCurve25519SHA256Tests( ClientSSHTransportECDHBaseCase, Curve25519SHA256Mixin, TransportTestCase ): """ curve25519-sha256 tests for SSHClientTransport. """ class GetMACTests(TestCase): """ Tests for L{SSHCiphers._getMAC}. """ if dependencySkip: skip = dependencySkip def setUp(self): self.ciphers = transport.SSHCiphers(b"A", b"B", b"C", b"D") def getSharedSecret(self): """ Generate a new shared secret to be used with the tests. @return: A new secret. @rtype: L{bytes} """ return insecureRandom(64) def assertGetMAC(self, hmacName, hashProcessor, digestSize, blockPadSize): """ Check that when L{SSHCiphers._getMAC} is called with a supportd HMAC algorithm name it returns a tuple of (digest object, inner pad, outer pad, digest size) with a C{key} attribute set to the value of the key supplied. @param hmacName: Identifier of HMAC algorithm. @type hmacName: L{bytes} @param hashProcessor: Callable for the hash algorithm. @type hashProcessor: C{callable} @param digestSize: Size of the digest for algorithm. @type digestSize: L{int} @param blockPadSize: Size of padding applied to the shared secret to match the block size. @type blockPadSize: L{int} """ secret = self.getSharedSecret() params = self.ciphers._getMAC(hmacName, secret) key = secret[:digestSize] + b"\x00" * blockPadSize innerPad = bytes(ord(b) ^ 0x36 for b in iterbytes(key)) outerPad = bytes(ord(b) ^ 0x5C for b in iterbytes(key)) self.assertEqual((hashProcessor, innerPad, outerPad, digestSize), params) self.assertEqual(key, params.key) def test_hmacsha2512(self): """ When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha2-512"} MAC algorithm name it returns a tuple of (sha512 digest object, inner pad, outer pad, sha512 digest size) with a C{key} attribute set to the value of the key supplied. """ self.assertGetMAC(b"hmac-sha2-512", sha512, digestSize=64, blockPadSize=64) def test_hmacsha2384(self): """ When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha2-384"} MAC algorithm name it returns a tuple of (sha384 digest object, inner pad, outer pad, sha384 digest size) with a C{key} attribute set to the value of the key supplied. """ self.assertGetMAC(b"hmac-sha2-384", sha384, digestSize=48, blockPadSize=80) def test_hmacsha2256(self): """ When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha2-256"} MAC algorithm name it returns a tuple of (sha256 digest object, inner pad, outer pad, sha256 digest size) with a C{key} attribute set to the value of the key supplied. """ self.assertGetMAC(b"hmac-sha2-256", sha256, digestSize=32, blockPadSize=32) def test_hmacsha1(self): """ When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha1"} MAC algorithm name it returns a tuple of (sha1 digest object, inner pad, outer pad, sha1 digest size) with a C{key} attribute set to the value of the key supplied. """ self.assertGetMAC(b"hmac-sha1", sha1, digestSize=20, blockPadSize=44) def test_hmacmd5(self): """ When L{SSHCiphers._getMAC} is called with the C{b"hmac-md5"} MAC algorithm name it returns a tuple of (md5 digest object, inner pad, outer pad, md5 digest size) with a C{key} attribute set to the value of the key supplied. """ self.assertGetMAC(b"hmac-md5", md5, digestSize=16, blockPadSize=48) def test_none(self): """ When L{SSHCiphers._getMAC} is called with the C{b"none"} MAC algorithm name it returns a tuple of (None, "", "", 0). """ key = self.getSharedSecret() params = self.ciphers._getMAC(b"none", key) self.assertEqual((None, b"", b"", 0), params) class SSHCiphersTests(TestCase): """ Tests for the SSHCiphers helper class. """ if dependencySkip: skip = dependencySkip def test_init(self): """ Test that the initializer sets up the SSHCiphers object. """ ciphers = transport.SSHCiphers(b"A", b"B", b"C", b"D") self.assertEqual(ciphers.outCipType, b"A") self.assertEqual(ciphers.inCipType, b"B") self.assertEqual(ciphers.outMACType, b"C") self.assertEqual(ciphers.inMACType, b"D") def test_getCipher(self): """ Test that the _getCipher method returns the correct cipher. """ ciphers = transport.SSHCiphers(b"A", b"B", b"C", b"D") iv = key = b"\x00" * 16 for cipName, (algClass, keySize, counter) in ciphers.cipherMap.items(): cip = ciphers._getCipher(cipName, iv, key) if cipName == b"none": self.assertIsInstance(cip, transport._DummyCipher) else: self.assertIsInstance(cip.algorithm, algClass) def test_setKeysCiphers(self): """ Test that setKeys sets up the ciphers. """ key = b"\x00" * 64 for cipName in transport.SSHTransportBase.supportedCiphers: modName, keySize, counter = transport.SSHCiphers.cipherMap[cipName] encCipher = transport.SSHCiphers(cipName, b"none", b"none", b"none") decCipher = transport.SSHCiphers(b"none", cipName, b"none", b"none") cip = encCipher._getCipher(cipName, key, key) bs = cip.algorithm.block_size // 8 encCipher.setKeys(key, key, b"", b"", b"", b"") decCipher.setKeys(b"", b"", key, key, b"", b"") self.assertEqual(encCipher.encBlockSize, bs) self.assertEqual(decCipher.decBlockSize, bs) encryptor = cip.encryptor() enc = encryptor.update(key[:bs]) enc2 = encryptor.update(key[:bs]) self.assertEqual(encCipher.encrypt(key[:bs]), enc) self.assertEqual(encCipher.encrypt(key[:bs]), enc2) self.assertEqual(decCipher.decrypt(enc), key[:bs]) self.assertEqual(decCipher.decrypt(enc2), key[:bs]) def test_setKeysMACs(self): """ Test that setKeys sets up the MACs. """ key = b"\x00" * 64 for macName, mod in transport.SSHCiphers.macMap.items(): outMac = transport.SSHCiphers(b"none", b"none", macName, b"none") inMac = transport.SSHCiphers(b"none", b"none", b"none", macName) outMac.setKeys(b"", b"", b"", b"", key, b"") inMac.setKeys(b"", b"", b"", b"", b"", key) if mod: ds = mod().digest_size else: ds = 0 self.assertEqual(inMac.verifyDigestSize, ds) if mod: mod, i, o, ds = outMac._getMAC(macName, key) seqid = 0 data = key packet = b"\x00" * 4 + key if mod: mac = mod(o + mod(i + packet).digest()).digest() else: mac = b"" self.assertEqual(outMac.makeMAC(seqid, data), mac) self.assertTrue(inMac.verify(seqid, data, mac)) def test_makeMAC(self): """ L{SSHCiphers.makeMAC} computes the HMAC of an outgoing SSH message with a particular sequence id and content data. """ # Use the test vectors given in the appendix of RFC 2104. vectors = [ (b"\x0b" * 16, b"Hi There", b"9294727a3638bb1c13f48ef8158bfc9d"), ( b"Jefe", b"what do ya want for nothing?", b"750c783e6ab0b503eaa86e310a5db738", ), (b"\xAA" * 16, b"\xDD" * 50, b"56be34521d144c88dbb8c733f0e8b3f6"), ] for key, data, mac in vectors: outMAC = transport.SSHCiphers(b"none", b"none", b"hmac-md5", b"none") outMAC.outMAC = outMAC._getMAC(b"hmac-md5", key) (seqid,) = struct.unpack(">L", data[:4]) shortened = data[4:] self.assertEqual( mac, binascii.hexlify(outMAC.makeMAC(seqid, shortened)), f"Failed HMAC test vector; key={key!r} data={data!r}", ) class TransportLoopbackTests(TestCase): """ Test the server transport and client transport against each other, """ if dependencySkip: skip = dependencySkip def _runClientServer(self, mod): """ Run an async client and server, modifying each using the mod function provided. Returns a Deferred called back when both Protocols have disconnected. @type mod: C{func} @rtype: C{defer.Deferred} """ factory = MockFactory() server = transport.SSHServerTransport() server.factory = factory factory.startFactory() server.errors = [] server.receiveError = lambda code, desc: server.errors.append((code, desc)) client = transport.SSHClientTransport() client.verifyHostKey = lambda x, y: defer.succeed(None) client.errors = [] client.receiveError = lambda code, desc: client.errors.append((code, desc)) client.connectionSecure = lambda: client.loseConnection() server.supportedPublicKeys = list(server.factory.getPublicKeys().keys()) server = mod(server) client = mod(client) def check(ignored, server, client): name = repr( [ server.supportedCiphers[0], server.supportedMACs[0], server.supportedKeyExchanges[0], server.supportedCompressions[0], ] ) self.assertEqual(client.errors, []) self.assertEqual( server.errors, [(transport.DISCONNECT_CONNECTION_LOST, b"user closed connection")], ) if server.supportedCiphers[0] == b"none": self.assertFalse(server.isEncrypted(), name) self.assertFalse(client.isEncrypted(), name) else: self.assertTrue(server.isEncrypted(), name) self.assertTrue(client.isEncrypted(), name) if server.supportedMACs[0] == b"none": self.assertFalse(server.isVerified(), name) self.assertFalse(client.isVerified(), name) else: self.assertTrue(server.isVerified(), name) self.assertTrue(client.isVerified(), name) d = loopback.loopbackAsync(server, client) d.addCallback(check, server, client) return d def test_ciphers(self): """ Test that the client and server play nicely together, in all the various combinations of ciphers. """ deferreds = [] for cipher in transport.SSHTransportBase.supportedCiphers + [b"none"]: def setCipher(proto): proto.supportedCiphers = [cipher] return proto deferreds.append(self._runClientServer(setCipher)) return defer.DeferredList(deferreds, fireOnOneErrback=True) def test_macs(self): """ Like test_ciphers, but for the various MACs. """ deferreds = [] for mac in transport.SSHTransportBase.supportedMACs + [b"none"]: def setMAC(proto): proto.supportedMACs = [mac] return proto deferreds.append(self._runClientServer(setMAC)) return defer.DeferredList(deferreds, fireOnOneErrback=True) def test_keyexchanges(self): """ Like test_ciphers, but for the various key exchanges. """ deferreds = [] for kexAlgorithm in transport.SSHTransportBase.supportedKeyExchanges: def setKeyExchange(proto): proto.supportedKeyExchanges = [kexAlgorithm] return proto deferreds.append(self._runClientServer(setKeyExchange)) return defer.DeferredList(deferreds, fireOnOneErrback=True) def test_compressions(self): """ Like test_ciphers, but for the various compressions. """ deferreds = [] for compression in transport.SSHTransportBase.supportedCompressions: def setCompression(proto): proto.supportedCompressions = [compression] return proto deferreds.append(self._runClientServer(setCompression)) return defer.DeferredList(deferreds, fireOnOneErrback=True) ��test/test_agent.py��0000644��00000031643�15027667726�0010263 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for L{twisted.conch.ssh.agent}. """ import struct from twisted.test import iosim from twisted.trial import unittest try: import cryptography as _cryptography except ImportError: cryptography = None else: cryptography = _cryptography try: import pyasn1 as _pyasn1 # type: ignore[import] except ImportError: pyasn1 = None else: pyasn1 = _pyasn1 try: from twisted.conch.ssh import agent as _agent, keys as _keys except ImportError: keys = agent = None else: keys, agent = _keys, _agent from twisted.conch.error import ConchError, MissingKeyStoreError from twisted.conch.test import keydata class StubFactory: """ Mock factory that provides the keys attribute required by the SSHAgentServerProtocol """ def __init__(self): self.keys = {} class AgentTestBase(unittest.TestCase): """ Tests for SSHAgentServer/Client. """ if agent is None or keys is None: skip = "Cannot run without cryptography or PyASN1" def setUp(self): # wire up our client <-> server self.client, self.server, self.pump = iosim.connectedServerAndClient( agent.SSHAgentServer, agent.SSHAgentClient ) # the server's end of the protocol is stateful and we store it on the # factory, for which we only need a mock self.server.factory = StubFactory() # pub/priv keys of each kind self.rsaPrivate = keys.Key.fromString(keydata.privateRSA_openssh) self.dsaPrivate = keys.Key.fromString(keydata.privateDSA_openssh) self.rsaPublic = keys.Key.fromString(keydata.publicRSA_openssh) self.dsaPublic = keys.Key.fromString(keydata.publicDSA_openssh) class ServerProtocolContractWithFactoryTests(AgentTestBase): """ The server protocol is stateful and so uses its factory to track state across requests. This test asserts that the protocol raises if its factory doesn't provide the necessary storage for that state. """ def test_factorySuppliesKeyStorageForServerProtocol(self): # need a message to send into the server msg = struct.pack("!LB", 1, agent.AGENTC_REQUEST_IDENTITIES) del self.server.factory.__dict__["keys"] self.assertRaises(MissingKeyStoreError, self.server.dataReceived, msg) class UnimplementedVersionOneServerTests(AgentTestBase): """ Tests for methods with no-op implementations on the server. We need these for clients, such as openssh, that try v1 methods before going to v2. Because the client doesn't expose these operations with nice method names, we invoke sendRequest directly with an op code. """ def test_agentc_REQUEST_RSA_IDENTITIES(self): """ assert that we get the correct op code for an RSA identities request """ d = self.client.sendRequest(agent.AGENTC_REQUEST_RSA_IDENTITIES, b"") self.pump.flush() def _cb(packet): self.assertEqual(agent.AGENT_RSA_IDENTITIES_ANSWER, ord(packet[0:1])) return d.addCallback(_cb) def test_agentc_REMOVE_RSA_IDENTITY(self): """ assert that we get the correct op code for an RSA remove identity request """ d = self.client.sendRequest(agent.AGENTC_REMOVE_RSA_IDENTITY, b"") self.pump.flush() return d.addCallback(self.assertEqual, b"") def test_agentc_REMOVE_ALL_RSA_IDENTITIES(self): """ assert that we get the correct op code for an RSA remove all identities request. """ d = self.client.sendRequest(agent.AGENTC_REMOVE_ALL_RSA_IDENTITIES, b"") self.pump.flush() return d.addCallback(self.assertEqual, b"") if agent is not None: class CorruptServer(agent.SSHAgentServer): # type: ignore[name-defined] """ A misbehaving server that returns bogus response op codes so that we can verify that our callbacks that deal with these op codes handle such miscreants. """ def agentc_REQUEST_IDENTITIES(self, data): self.sendResponse(254, b"") def agentc_SIGN_REQUEST(self, data): self.sendResponse(254, b"") class ClientWithBrokenServerTests(AgentTestBase): """ verify error handling code in the client using a misbehaving server """ def setUp(self): AgentTestBase.setUp(self) self.client, self.server, self.pump = iosim.connectedServerAndClient( CorruptServer, agent.SSHAgentClient ) # the server's end of the protocol is stateful and we store it on the # factory, for which we only need a mock self.server.factory = StubFactory() def test_signDataCallbackErrorHandling(self): """ Assert that L{SSHAgentClient.signData} raises a ConchError if we get a response from the server whose opcode doesn't match the protocol for data signing requests. """ d = self.client.signData(self.rsaPublic.blob(), b"John Hancock") self.pump.flush() return self.assertFailure(d, ConchError) def test_requestIdentitiesCallbackErrorHandling(self): """ Assert that L{SSHAgentClient.requestIdentities} raises a ConchError if we get a response from the server whose opcode doesn't match the protocol for identity requests. """ d = self.client.requestIdentities() self.pump.flush() return self.assertFailure(d, ConchError) class AgentKeyAdditionTests(AgentTestBase): """ Test adding different flavors of keys to an agent. """ def test_addRSAIdentityNoComment(self): """ L{SSHAgentClient.addIdentity} adds the private key it is called with to the SSH agent server to which it is connected, associating it with the comment it is called with. This test asserts that omitting the comment produces an empty string for the comment on the server. """ d = self.client.addIdentity(self.rsaPrivate.privateBlob()) self.pump.flush() def _check(ignored): serverKey = self.server.factory.keys[self.rsaPrivate.blob()] self.assertEqual(self.rsaPrivate, serverKey[0]) self.assertEqual(b"", serverKey[1]) return d.addCallback(_check) def test_addDSAIdentityNoComment(self): """ L{SSHAgentClient.addIdentity} adds the private key it is called with to the SSH agent server to which it is connected, associating it with the comment it is called with. This test asserts that omitting the comment produces an empty string for the comment on the server. """ d = self.client.addIdentity(self.dsaPrivate.privateBlob()) self.pump.flush() def _check(ignored): serverKey = self.server.factory.keys[self.dsaPrivate.blob()] self.assertEqual(self.dsaPrivate, serverKey[0]) self.assertEqual(b"", serverKey[1]) return d.addCallback(_check) def test_addRSAIdentityWithComment(self): """ L{SSHAgentClient.addIdentity} adds the private key it is called with to the SSH agent server to which it is connected, associating it with the comment it is called with. This test asserts that the server receives/stores the comment as sent by the client. """ d = self.client.addIdentity( self.rsaPrivate.privateBlob(), comment=b"My special key" ) self.pump.flush() def _check(ignored): serverKey = self.server.factory.keys[self.rsaPrivate.blob()] self.assertEqual(self.rsaPrivate, serverKey[0]) self.assertEqual(b"My special key", serverKey[1]) return d.addCallback(_check) def test_addDSAIdentityWithComment(self): """ L{SSHAgentClient.addIdentity} adds the private key it is called with to the SSH agent server to which it is connected, associating it with the comment it is called with. This test asserts that the server receives/stores the comment as sent by the client. """ d = self.client.addIdentity( self.dsaPrivate.privateBlob(), comment=b"My special key" ) self.pump.flush() def _check(ignored): serverKey = self.server.factory.keys[self.dsaPrivate.blob()] self.assertEqual(self.dsaPrivate, serverKey[0]) self.assertEqual(b"My special key", serverKey[1]) return d.addCallback(_check) class AgentClientFailureTests(AgentTestBase): def test_agentFailure(self): """ verify that the client raises ConchError on AGENT_FAILURE """ d = self.client.sendRequest(254, b"") self.pump.flush() return self.assertFailure(d, ConchError) class AgentIdentityRequestsTests(AgentTestBase): """ Test operations against a server with identities already loaded. """ def setUp(self): AgentTestBase.setUp(self) self.server.factory.keys[self.dsaPrivate.blob()] = ( self.dsaPrivate, b"a comment", ) self.server.factory.keys[self.rsaPrivate.blob()] = ( self.rsaPrivate, b"another comment", ) def test_signDataRSA(self): """ Sign data with an RSA private key and then verify it with the public key. """ d = self.client.signData(self.rsaPublic.blob(), b"John Hancock") self.pump.flush() signature = self.successResultOf(d) expected = self.rsaPrivate.sign(b"John Hancock") self.assertEqual(expected, signature) self.assertTrue(self.rsaPublic.verify(signature, b"John Hancock")) def test_signDataDSA(self): """ Sign data with a DSA private key and then verify it with the public key. """ d = self.client.signData(self.dsaPublic.blob(), b"John Hancock") self.pump.flush() def _check(sig): # Cannot do this b/c DSA uses random numbers when signing # expected = self.dsaPrivate.sign("John Hancock") # self.assertEqual(expected, sig) self.assertTrue(self.dsaPublic.verify(sig, b"John Hancock")) return d.addCallback(_check) def test_signDataRSAErrbackOnUnknownBlob(self): """ Assert that we get an errback if we try to sign data using a key that wasn't added. """ del self.server.factory.keys[self.rsaPublic.blob()] d = self.client.signData(self.rsaPublic.blob(), b"John Hancock") self.pump.flush() return self.assertFailure(d, ConchError) def test_requestIdentities(self): """ Assert that we get all of the keys/comments that we add when we issue a request for all identities. """ d = self.client.requestIdentities() self.pump.flush() def _check(keyt): expected = {} expected[self.dsaPublic.blob()] = b"a comment" expected[self.rsaPublic.blob()] = b"another comment" received = {} for k in keyt: received[keys.Key.fromString(k[0], type="blob").blob()] = k[1] self.assertEqual(expected, received) return d.addCallback(_check) class AgentKeyRemovalTests(AgentTestBase): """ Test support for removing keys in a remote server. """ def setUp(self): AgentTestBase.setUp(self) self.server.factory.keys[self.dsaPrivate.blob()] = ( self.dsaPrivate, b"a comment", ) self.server.factory.keys[self.rsaPrivate.blob()] = ( self.rsaPrivate, b"another comment", ) def test_removeRSAIdentity(self): """ Assert that we can remove an RSA identity. """ # only need public key for this d = self.client.removeIdentity(self.rsaPrivate.blob()) self.pump.flush() def _check(ignored): self.assertEqual(1, len(self.server.factory.keys)) self.assertIn(self.dsaPrivate.blob(), self.server.factory.keys) self.assertNotIn(self.rsaPrivate.blob(), self.server.factory.keys) return d.addCallback(_check) def test_removeDSAIdentity(self): """ Assert that we can remove a DSA identity. """ # only need public key for this d = self.client.removeIdentity(self.dsaPrivate.blob()) self.pump.flush() def _check(ignored): self.assertEqual(1, len(self.server.factory.keys)) self.assertIn(self.rsaPrivate.blob(), self.server.factory.keys) return d.addCallback(_check) def test_removeAllIdentities(self): """ Assert that we can remove all identities. """ d = self.client.removeAllIdentities() self.pump.flush() def _check(ignored): self.assertEqual(0, len(self.server.factory.keys)) return d.addCallback(_check) ��test/test_forwarding.py��0000644��00000004162�15027667726�0011323 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for L{twisted.conch.ssh.forwarding}. """ from twisted.python.reflect import requireModule cryptography = requireModule("cryptography") if cryptography: from twisted.conch.ssh import forwarding from twisted.internet.address import IPv6Address from twisted.internet.test.test_endpoints import deterministicResolvingReactor from twisted.test.proto_helpers import MemoryReactorClock, StringTransport from twisted.trial import unittest class TestSSHConnectForwardingChannel(unittest.TestCase): """ Unit and integration tests for L{SSHConnectForwardingChannel}. """ if not cryptography: skip = "Cannot run without cryptography" def makeTCPConnection(self, reactor): """ Fake that connection was established for first connectTCP request made on C{reactor}. @param reactor: Reactor on which to fake the connection. @type reactor: A reactor. """ factory = reactor.tcpClients[0][2] connector = reactor.connectors[0] protocol = factory.buildProtocol(None) transport = StringTransport(peerAddress=connector.getDestination()) protocol.makeConnection(transport) def test_channelOpenHostnameRequests(self): """ When a hostname is sent as part of forwarding requests, it is resolved using HostnameEndpoint's resolver. """ sut = forwarding.SSHConnectForwardingChannel(hostport=("fwd.example.org", 1234)) # Patch channel and resolver to not touch the network. memoryReactor = MemoryReactorClock() sut._reactor = deterministicResolvingReactor(memoryReactor, ["::1"]) sut.channelOpen(None) self.makeTCPConnection(memoryReactor) self.successResultOf(sut._channelOpenDeferred) # Channel is connected using a forwarding client to the resolved # address of the requested host. self.assertIsInstance(sut.client, forwarding.SSHForwardingClient) self.assertEqual( IPv6Address("TCP", "::1", 1234), sut.client.transport.getPeer() ) ��test/test_recvline.py��0000644��00000061530�15027667726�0010772 0��ustar�00��# -- test-case-name: twisted.conch.test.test_recvline -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for L{twisted.conch.recvline} and fixtures for testing related functionality. """ import os import sys from unittest import skipIf from twisted.conch import recvline from twisted.conch.insults import insults from twisted.cred import portal from twisted.internet import defer, error from twisted.python import components, filepath, reflect from twisted.python.compat import iterbytes from twisted.python.reflect import requireModule from twisted.test.proto_helpers import StringTransport from twisted.trial.unittest import SkipTest, TestCase stdio = requireModule("twisted.conch.stdio") properEnv = dict(os.environ) properEnv["PYTHONPATH"] = os.pathsep.join(sys.path) class ArrowsTests(TestCase): def setUp(self): self.underlyingTransport = StringTransport() self.pt = insults.ServerProtocol() self.p = recvline.HistoricRecvLine() self.pt.protocolFactory = lambda: self.p self.pt.factory = self self.pt.makeConnection(self.underlyingTransport) def test_printableCharacters(self): """ When L{HistoricRecvLine} receives a printable character, it adds it to the current line buffer. """ self.p.keystrokeReceived(b"x", None) self.p.keystrokeReceived(b"y", None) self.p.keystrokeReceived(b"z", None) self.assertEqual(self.p.currentLineBuffer(), (b"xyz", b"")) def test_horizontalArrows(self): """ When L{HistoricRecvLine} receives a LEFT_ARROW or RIGHT_ARROW keystroke it moves the cursor left or right in the current line buffer, respectively. """ kR = lambda ch: self.p.keystrokeReceived(ch, None) for ch in iterbytes(b"xyz"): kR(ch) self.assertEqual(self.p.currentLineBuffer(), (b"xyz", b"")) kR(self.pt.RIGHT_ARROW) self.assertEqual(self.p.currentLineBuffer(), (b"xyz", b"")) kR(self.pt.LEFT_ARROW) self.assertEqual(self.p.currentLineBuffer(), (b"xy", b"z")) kR(self.pt.LEFT_ARROW) self.assertEqual(self.p.currentLineBuffer(), (b"x", b"yz")) kR(self.pt.LEFT_ARROW) self.assertEqual(self.p.currentLineBuffer(), (b"", b"xyz")) kR(self.pt.LEFT_ARROW) self.assertEqual(self.p.currentLineBuffer(), (b"", b"xyz")) kR(self.pt.RIGHT_ARROW) self.assertEqual(self.p.currentLineBuffer(), (b"x", b"yz")) kR(self.pt.RIGHT_ARROW) self.assertEqual(self.p.currentLineBuffer(), (b"xy", b"z")) kR(self.pt.RIGHT_ARROW) self.assertEqual(self.p.currentLineBuffer(), (b"xyz", b"")) kR(self.pt.RIGHT_ARROW) self.assertEqual(self.p.currentLineBuffer(), (b"xyz", b"")) def test_newline(self): """ When {HistoricRecvLine} receives a newline, it adds the current line buffer to the end of its history buffer. """ kR = lambda ch: self.p.keystrokeReceived(ch, None) for ch in iterbytes(b"xyz\nabc\n123\n"): kR(ch) self.assertEqual(self.p.currentHistoryBuffer(), ((b"xyz", b"abc", b"123"), ())) kR(b"c") kR(b"b") kR(b"a") self.assertEqual(self.p.currentHistoryBuffer(), ((b"xyz", b"abc", b"123"), ())) kR(b"\n") self.assertEqual( self.p.currentHistoryBuffer(), ((b"xyz", b"abc", b"123", b"cba"), ()) ) def test_verticalArrows(self): """ When L{HistoricRecvLine} receives UP_ARROW or DOWN_ARROW keystrokes it move the current index in the current history buffer up or down, and resets the current line buffer to the previous or next line in history, respectively for each. """ kR = lambda ch: self.p.keystrokeReceived(ch, None) for ch in iterbytes(b"xyz\nabc\n123\n"): kR(ch) self.assertEqual(self.p.currentHistoryBuffer(), ((b"xyz", b"abc", b"123"), ())) self.assertEqual(self.p.currentLineBuffer(), (b"", b"")) kR(self.pt.UP_ARROW) self.assertEqual(self.p.currentHistoryBuffer(), ((b"xyz", b"abc"), (b"123",))) self.assertEqual(self.p.currentLineBuffer(), (b"123", b"")) kR(self.pt.UP_ARROW) self.assertEqual(self.p.currentHistoryBuffer(), ((b"xyz",), (b"abc", b"123"))) self.assertEqual(self.p.currentLineBuffer(), (b"abc", b"")) kR(self.pt.UP_ARROW) self.assertEqual(self.p.currentHistoryBuffer(), ((), (b"xyz", b"abc", b"123"))) self.assertEqual(self.p.currentLineBuffer(), (b"xyz", b"")) kR(self.pt.UP_ARROW) self.assertEqual(self.p.currentHistoryBuffer(), ((), (b"xyz", b"abc", b"123"))) self.assertEqual(self.p.currentLineBuffer(), (b"xyz", b"")) for i in range(4): kR(self.pt.DOWN_ARROW) self.assertEqual(self.p.currentHistoryBuffer(), ((b"xyz", b"abc", b"123"), ())) def test_home(self): """ When L{HistoricRecvLine} receives a HOME keystroke it moves the cursor to the beginning of the current line buffer. """ kR = lambda ch: self.p.keystrokeReceived(ch, None) for ch in iterbytes(b"hello, world"): kR(ch) self.assertEqual(self.p.currentLineBuffer(), (b"hello, world", b"")) kR(self.pt.HOME) self.assertEqual(self.p.currentLineBuffer(), (b"", b"hello, world")) def test_end(self): """ When L{HistoricRecvLine} receives an END keystroke it moves the cursor to the end of the current line buffer. """ kR = lambda ch: self.p.keystrokeReceived(ch, None) for ch in iterbytes(b"hello, world"): kR(ch) self.assertEqual(self.p.currentLineBuffer(), (b"hello, world", b"")) kR(self.pt.HOME) kR(self.pt.END) self.assertEqual(self.p.currentLineBuffer(), (b"hello, world", b"")) def test_backspace(self): """ When L{HistoricRecvLine} receives a BACKSPACE keystroke it deletes the character immediately before the cursor. """ kR = lambda ch: self.p.keystrokeReceived(ch, None) for ch in iterbytes(b"xyz"): kR(ch) self.assertEqual(self.p.currentLineBuffer(), (b"xyz", b"")) kR(self.pt.BACKSPACE) self.assertEqual(self.p.currentLineBuffer(), (b"xy", b"")) kR(self.pt.LEFT_ARROW) kR(self.pt.BACKSPACE) self.assertEqual(self.p.currentLineBuffer(), (b"", b"y")) kR(self.pt.BACKSPACE) self.assertEqual(self.p.currentLineBuffer(), (b"", b"y")) def test_delete(self): """ When L{HistoricRecvLine} receives a DELETE keystroke, it delets the character immediately after the cursor. """ kR = lambda ch: self.p.keystrokeReceived(ch, None) for ch in iterbytes(b"xyz"): kR(ch) self.assertEqual(self.p.currentLineBuffer(), (b"xyz", b"")) kR(self.pt.DELETE) self.assertEqual(self.p.currentLineBuffer(), (b"xyz", b"")) kR(self.pt.LEFT_ARROW) kR(self.pt.DELETE) self.assertEqual(self.p.currentLineBuffer(), (b"xy", b"")) kR(self.pt.LEFT_ARROW) kR(self.pt.DELETE) self.assertEqual(self.p.currentLineBuffer(), (b"x", b"")) kR(self.pt.LEFT_ARROW) kR(self.pt.DELETE) self.assertEqual(self.p.currentLineBuffer(), (b"", b"")) kR(self.pt.DELETE) self.assertEqual(self.p.currentLineBuffer(), (b"", b"")) def test_insert(self): """ When not in INSERT mode, L{HistoricRecvLine} inserts the typed character at the cursor before the next character. """ kR = lambda ch: self.p.keystrokeReceived(ch, None) for ch in iterbytes(b"xyz"): kR(ch) kR(self.pt.LEFT_ARROW) kR(b"A") self.assertEqual(self.p.currentLineBuffer(), (b"xyA", b"z")) kR(self.pt.LEFT_ARROW) kR(b"B") self.assertEqual(self.p.currentLineBuffer(), (b"xyB", b"Az")) def test_typeover(self): """ When in INSERT mode and upon receiving a keystroke with a printable character, L{HistoricRecvLine} replaces the character at the cursor with the typed character rather than inserting before. Ah, the ironies of INSERT mode. """ kR = lambda ch: self.p.keystrokeReceived(ch, None) for ch in iterbytes(b"xyz"): kR(ch) kR(self.pt.INSERT) kR(self.pt.LEFT_ARROW) kR(b"A") self.assertEqual(self.p.currentLineBuffer(), (b"xyA", b"")) kR(self.pt.LEFT_ARROW) kR(b"B") self.assertEqual(self.p.currentLineBuffer(), (b"xyB", b"")) def test_unprintableCharacters(self): """ When L{HistoricRecvLine} receives a keystroke for an unprintable function key with no assigned behavior, the line buffer is unmodified. """ kR = lambda ch: self.p.keystrokeReceived(ch, None) pt = self.pt for ch in ( pt.F1, pt.F2, pt.F3, pt.F4, pt.F5, pt.F6, pt.F7, pt.F8, pt.F9, pt.F10, pt.F11, pt.F12, pt.PGUP, pt.PGDN, ): kR(ch) self.assertEqual(self.p.currentLineBuffer(), (b"", b"")) from twisted.conch import telnet from twisted.conch.insults import helper from twisted.conch.test.loopback import LoopbackRelay class EchoServer(recvline.HistoricRecvLine): def lineReceived(self, line): self.terminal.write(line + b"\n" + self.ps[self.pn]) # An insults API for this would be nice. left = b"\x1b[D" right = b"\x1b[C" up = b"\x1b[A" down = b"\x1b[B" insert = b"\x1b[2~" home = b"\x1b[1~" delete = b"\x1b[3~" end = b"\x1b[4~" backspace = b"\x7f" from twisted.cred import checkers try: from twisted.conch.manhole_ssh import ( ConchFactory, TerminalRealm, TerminalSession, TerminalSessionTransport, TerminalUser, ) from twisted.conch.ssh import ( channel, connection, keys, session, transport, userauth, ) except ImportError: ssh = False else: ssh = True class SessionChannel(channel.SSHChannel): name = b"session" def __init__( self, protocolFactory, protocolArgs, protocolKwArgs, width, height, a, kw ): channel.SSHChannel.__init__(self, a, *kw) self.protocolFactory = protocolFactory self.protocolArgs = protocolArgs self.protocolKwArgs = protocolKwArgs self.width = width self.height = height def channelOpen(self, data): term = session.packRequest_pty_req( b"vt102", (self.height, self.width, 0, 0), b"" ) self.conn.sendRequest(self, b"pty-req", term) self.conn.sendRequest(self, b"shell", b"") self._protocolInstance = self.protocolFactory( self.protocolArgs, *self.protocolKwArgs ) self._protocolInstance.factory = self self._protocolInstance.makeConnection(self) def closed(self): self._protocolInstance.connectionLost(error.ConnectionDone()) def dataReceived(self, data): self._protocolInstance.dataReceived(data) class TestConnection(connection.SSHConnection): def __init__( self, protocolFactory, protocolArgs, protocolKwArgs, width, height, a, *kw ): connection.SSHConnection.__init__(self, a, *kw) self.protocolFactory = protocolFactory self.protocolArgs = protocolArgs self.protocolKwArgs = protocolKwArgs self.width = width self.height = height def serviceStarted(self): self.__channel = SessionChannel( self.protocolFactory, self.protocolArgs, self.protocolKwArgs, self.width, self.height, ) self.openChannel(self.__channel) def write(self, data): return self.__channel.write(data) class TestAuth(userauth.SSHUserAuthClient): def __init__(self, username, password, a, *kw): userauth.SSHUserAuthClient.__init__(self, username, a, *kw) self.password = password def getPassword(self): return defer.succeed(self.password) class TestTransport(transport.SSHClientTransport): def __init__( self, protocolFactory, protocolArgs, protocolKwArgs, username, password, width, height, a, *kw, ): self.protocolFactory = protocolFactory self.protocolArgs = protocolArgs self.protocolKwArgs = protocolKwArgs self.username = username self.password = password self.width = width self.height = height def verifyHostKey(self, hostKey, fingerprint): return defer.succeed(True) def connectionSecure(self): self.__connection = TestConnection( self.protocolFactory, self.protocolArgs, self.protocolKwArgs, self.width, self.height, ) self.requestService( TestAuth(self.username, self.password, self.__connection) ) def write(self, data): return self.__connection.write(data) class TestSessionTransport(TerminalSessionTransport): def protocolFactory(self): return self.avatar.conn.transport.factory.serverProtocol() class TestSession(TerminalSession): transportFactory = TestSessionTransport class TestUser(TerminalUser): pass components.registerAdapter(TestSession, TestUser, session.ISession) class NotifyingExpectableBuffer(helper.ExpectableBuffer): def __init__(self): self.onConnection = defer.Deferred() self.onDisconnection = defer.Deferred() def connectionMade(self): helper.ExpectableBuffer.connectionMade(self) self.onConnection.callback(self) def connectionLost(self, reason): self.onDisconnection.errback(reason) class _BaseMixin: WIDTH = 80 HEIGHT = 24 def _assertBuffer(self, lines): receivedLines = self.recvlineClient.__bytes__().splitlines() expectedLines = lines + ([b""] (self.HEIGHT - len(lines) - 1)) self.assertEqual(len(receivedLines), len(expectedLines)) for i in range(len(receivedLines)): self.assertEqual( receivedLines[i], expectedLines[i], b"".join(receivedLines[max(0, i - 1) : i + 1]) + b" != " + b"".join(expectedLines[max(0, i - 1) : i + 1]), ) def _trivialTest(self, inputLine, output): done = self.recvlineClient.expect(b"done") self._testwrite(inputLine) def finished(ign): self._assertBuffer(output) return done.addCallback(finished) class _SSHMixin(_BaseMixin): def setUp(self): if not ssh: raise SkipTest( "cryptography requirements missing, can't run historic " "recvline tests over ssh" ) u, p = b"testuser", b"testpass" rlm = TerminalRealm() rlm.userFactory = TestUser rlm.chainedProtocolFactory = lambda: insultsServer checker = checkers.InMemoryUsernamePasswordDatabaseDontUse() checker.addUser(u, p) ptl = portal.Portal(rlm) ptl.registerChecker(checker) sshFactory = ConchFactory(ptl) sshKey = keys._getPersistentRSAKey( filepath.FilePath(self.mktemp()), keySize=512 ) sshFactory.publicKeys[b"ssh-rsa"] = sshKey sshFactory.privateKeys[b"ssh-rsa"] = sshKey sshFactory.serverProtocol = self.serverProtocol sshFactory.startFactory() recvlineServer = self.serverProtocol() insultsServer = insults.ServerProtocol(lambda: recvlineServer) sshServer = sshFactory.buildProtocol(None) clientTransport = LoopbackRelay(sshServer) recvlineClient = NotifyingExpectableBuffer() insultsClient = insults.ClientProtocol(lambda: recvlineClient) sshClient = TestTransport( lambda: insultsClient, (), {}, u, p, self.WIDTH, self.HEIGHT ) serverTransport = LoopbackRelay(sshClient) sshClient.makeConnection(clientTransport) sshServer.makeConnection(serverTransport) self.recvlineClient = recvlineClient self.sshClient = sshClient self.sshServer = sshServer self.clientTransport = clientTransport self.serverTransport = serverTransport return recvlineClient.onConnection def _testwrite(self, data): self.sshClient.write(data) from twisted.conch.test import test_telnet class TestInsultsClientProtocol(insults.ClientProtocol, test_telnet.TestProtocol): pass class TestInsultsServerProtocol(insults.ServerProtocol, test_telnet.TestProtocol): pass class _TelnetMixin(_BaseMixin): def setUp(self): recvlineServer = self.serverProtocol() insultsServer = TestInsultsServerProtocol(lambda: recvlineServer) telnetServer = telnet.TelnetTransport(lambda: insultsServer) clientTransport = LoopbackRelay(telnetServer) recvlineClient = NotifyingExpectableBuffer() insultsClient = TestInsultsClientProtocol(lambda: recvlineClient) telnetClient = telnet.TelnetTransport(lambda: insultsClient) serverTransport = LoopbackRelay(telnetClient) telnetClient.makeConnection(clientTransport) telnetServer.makeConnection(serverTransport) serverTransport.clearBuffer() clientTransport.clearBuffer() self.recvlineClient = recvlineClient self.telnetClient = telnetClient self.clientTransport = clientTransport self.serverTransport = serverTransport return recvlineClient.onConnection def _testwrite(self, data): self.telnetClient.write(data) class _StdioMixin(_BaseMixin): def setUp(self): # A memory-only terminal emulator, into which the server will # write things and make other state changes. What ends up # here is basically what a user would have seen on their # screen. testTerminal = NotifyingExpectableBuffer() # An insults client protocol which will translate bytes # received from the child process into keystroke commands for # an ITerminalProtocol. insultsClient = insults.ClientProtocol(lambda: testTerminal) # A process protocol which will translate stdout and stderr # received from the child process to dataReceived calls and # error reporting on an insults client protocol. processClient = stdio.TerminalProcessProtocol(insultsClient) # Run twisted/conch/stdio.py with the name of a class # implementing ITerminalProtocol. This class will be used to # handle bytes we send to the child process. exe = sys.executable module = stdio.__file__ if module.endswith(".pyc") or module.endswith(".pyo"): module = module[:-1] args = [exe, module, reflect.qual(self.serverProtocol)] from twisted.internet import reactor clientTransport = reactor.spawnProcess( processClient, exe, args, env=properEnv, usePTY=True ) self.recvlineClient = self.testTerminal = testTerminal self.processClient = processClient self.clientTransport = clientTransport # Wait for the process protocol and test terminal to become # connected before proceeding. The former should always # happen first, but it doesn't hurt to be safe. return defer.gatherResults( filter(None, [processClient.onConnection, testTerminal.expect(b">>> ")]) ) def tearDown(self): # Kill the child process. We're done with it. try: self.clientTransport.signalProcess("KILL") except (error.ProcessExitedAlready, OSError): pass def trap(failure): failure.trap(error.ProcessTerminated) self.assertIsNone(failure.value.exitCode) self.assertEqual(failure.value.status, 9) return self.testTerminal.onDisconnection.addErrback(trap) def _testwrite(self, data): self.clientTransport.write(data) class RecvlineLoopbackMixin: serverProtocol = EchoServer def testSimple(self): return self._trivialTest( b"first line\ndone", [b">>> first line", b"first line", b">>> done"] ) def testLeftArrow(self): return self._trivialTest( insert + b"first line" + left * 4 + b"xxxx\ndone", [b">>> first xxxx", b"first xxxx", b">>> done"], ) def testRightArrow(self): return self._trivialTest( insert + b"right line" + left * 4 + right * 2 + b"xx\ndone", [b">>> right lixx", b"right lixx", b">>> done"], ) def testBackspace(self): return self._trivialTest( b"second line" + backspace * 4 + b"xxxx\ndone", [b">>> second xxxx", b"second xxxx", b">>> done"], ) def testDelete(self): return self._trivialTest( b"delete xxxx" + left * 4 + delete * 4 + b"line\ndone", [b">>> delete line", b"delete line", b">>> done"], ) def testInsert(self): return self._trivialTest( b"third ine" + left * 3 + b"l\ndone", [b">>> third line", b"third line", b">>> done"], ) def testTypeover(self): return self._trivialTest( b"fourth xine" + left * 4 + insert + b"l\ndone", [b">>> fourth line", b"fourth line", b">>> done"], ) def testHome(self): return self._trivialTest( insert + b"blah line" + home + b"home\ndone", [b">>> home line", b"home line", b">>> done"], ) def testEnd(self): return self._trivialTest( b"end " + left * 4 + end + b"line\ndone", [b">>> end line", b"end line", b">>> done"], ) class RecvlineLoopbackTelnetTests(_TelnetMixin, TestCase, RecvlineLoopbackMixin): pass class RecvlineLoopbackSSHTests(_SSHMixin, TestCase, RecvlineLoopbackMixin): pass @skipIf(not stdio, "Terminal requirements missing, can't run recvline tests over stdio") class RecvlineLoopbackStdioTests(_StdioMixin, TestCase, RecvlineLoopbackMixin): pass class HistoricRecvlineLoopbackMixin: serverProtocol = EchoServer def testUpArrow(self): return self._trivialTest( b"first line\n" + up + b"\ndone", [ b">>> first line", b"first line", b">>> first line", b"first line", b">>> done", ], ) def test_DownArrowToPartialLineInHistory(self): """ Pressing down arrow to visit an entry that was added to the history by pressing the up arrow instead of return does not raise a L{TypeError}. @see: U{http://twistedmatrix.com/trac/ticket/9031} @return: A L{defer.Deferred} that fires when C{b"done"} is echoed back. """ return self._trivialTest( b"first line\n" + b"partial line" + up + down + b"\ndone", [ b">>> first line", b"first line", b">>> partial line", b"partial line", b">>> done", ], ) def testDownArrow(self): return self._trivialTest( b"first line\nsecond line\n" + up * 2 + down + b"\ndone", [ b">>> first line", b"first line", b">>> second line", b"second line", b">>> second line", b"second line", b">>> done", ], ) class HistoricRecvlineLoopbackTelnetTests( _TelnetMixin, TestCase, HistoricRecvlineLoopbackMixin ): pass class HistoricRecvlineLoopbackSSHTests( _SSHMixin, TestCase, HistoricRecvlineLoopbackMixin ): pass @skipIf( not stdio, "Terminal requirements missing, " "can't run historic recvline tests over stdio", ) class HistoricRecvlineLoopbackStdioTests( _StdioMixin, TestCase, HistoricRecvlineLoopbackMixin ): pass class TransportSequenceTests(TestCase): """ L{twisted.conch.recvline.TransportSequence} """ def test_invalidSequence(self): """ Initializing a L{recvline.TransportSequence} with no args raises an assertion. """ self.assertRaises(AssertionError, recvline.TransportSequence) ��test/test_cftp.py��0000644��00000142507�15027667726�0010123 0��ustar�00��# -- test-case-name: twisted.conch.test.test_cftp -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE file for details. """ Tests for L{twisted.conch.scripts.cftp}. """ import getpass import locale import operator import os import struct import sys import time from io import BytesIO from unittest import skipIf from zope.interface import implementer from twisted.conch import ls from twisted.conch.interfaces import ISFTPFile from twisted.conch.test.test_filetransfer import FileTransferTestAvatar, SFTPTestBase from twisted.cred import portal from twisted.internet import defer, error, interfaces, protocol, reactor from twisted.internet.task import Clock from twisted.internet.utils import getProcessOutputAndValue, getProcessValue from twisted.python import log from twisted.python.fakepwd import UserDatabase from twisted.python.filepath import FilePath from twisted.python.procutils import which from twisted.python.reflect import requireModule from twisted.test.proto_helpers import StringTransport from twisted.trial.unittest import TestCase pyasn1 = requireModule("pyasn1") cryptography = requireModule("cryptography") unix = requireModule("twisted.conch.unix") if cryptography and pyasn1: try: from twisted.conch.scripts import cftp from twisted.conch.scripts.cftp import SSHSession from twisted.conch.ssh import filetransfer from twisted.conch.test import test_conch, test_ssh from twisted.conch.test.test_conch import FakeStdio from twisted.conch.test.test_filetransfer import FileTransferForTestAvatar except ImportError: pass skipTests = False if None in (unix, cryptography, pyasn1, interfaces.IReactorProcess(reactor, None)): skipTests = True @skipIf(skipTests, "don't run w/o spawnProcess or cryptography or pyasn1") class SSHSessionTests(TestCase): """ Tests for L{twisted.conch.scripts.cftp.SSHSession}. """ def test_eofReceived(self): """ L{twisted.conch.scripts.cftp.SSHSession.eofReceived} loses the write half of its stdio connection. """ stdio = FakeStdio() channel = SSHSession() channel.stdio = stdio channel.eofReceived() self.assertTrue(stdio.writeConnLost) class ListingTests(TestCase): """ Tests for L{lsLine}, the function which generates an entry for a file or directory in an SFTP I{ls} command's output. """ if getattr(time, "tzset", None) is None: skip = "Cannot test timestamp formatting code without time.tzset" def setUp(self): """ Patch the L{ls} module's time function so the results of L{lsLine} are deterministic. """ self.now = 123456789 def fakeTime(): return self.now self.patch(ls, "time", fakeTime) # Make sure that the timezone ends up the same after these tests as # it was before. if "TZ" in os.environ: self.addCleanup(operator.setitem, os.environ, "TZ", os.environ["TZ"]) self.addCleanup(time.tzset) else: def cleanup(): # os.environ.pop is broken! Don't use it! Ever! Or die! try: del os.environ["TZ"] except KeyError: pass time.tzset() self.addCleanup(cleanup) def _lsInTimezone(self, timezone, stat): """ Call L{ls.lsLine} after setting the timezone to C{timezone} and return the result. """ # Set the timezone to a well-known value so the timestamps are # predictable. os.environ["TZ"] = timezone time.tzset() return ls.lsLine("foo", stat) def test_oldFile(self): """ A file with an mtime six months (approximately) or more in the past has a listing including a low-resolution timestamp. """ # Go with 7 months. That's more than 6 months. then = self.now - (60 * 60 * 24 * 31 * 7) stat = os.stat_result((0, 0, 0, 0, 0, 0, 0, 0, then, 0)) self.assertEqual( self._lsInTimezone("America/New_York", stat), "!--------- 0 0 0 0 Apr 26 1973 foo", ) self.assertEqual( self._lsInTimezone("Pacific/Auckland", stat), "!--------- 0 0 0 0 Apr 27 1973 foo", ) def test_oldSingleDigitDayOfMonth(self): """ A file with a high-resolution timestamp which falls on a day of the month which can be represented by one decimal digit is formatted with one padding 0 to preserve the columns which come after it. """ # A point about 7 months in the past, tweaked to fall on the first of a # month so we test the case we want to test. then = self.now - (60 * 60 * 24 * 31 * 7) + (60 * 60 * 24 * 5) stat = os.stat_result((0, 0, 0, 0, 0, 0, 0, 0, then, 0)) self.assertEqual( self._lsInTimezone("America/New_York", stat), "!--------- 0 0 0 0 May 01 1973 foo", ) self.assertEqual( self._lsInTimezone("Pacific/Auckland", stat), "!--------- 0 0 0 0 May 02 1973 foo", ) def test_newFile(self): """ A file with an mtime fewer than six months (approximately) in the past has a listing including a high-resolution timestamp excluding the year. """ # A point about three months in the past. then = self.now - (60 * 60 * 24 * 31 * 3) stat = os.stat_result((0, 0, 0, 0, 0, 0, 0, 0, then, 0)) self.assertEqual( self._lsInTimezone("America/New_York", stat), "!--------- 0 0 0 0 Aug 28 17:33 foo", ) self.assertEqual( self._lsInTimezone("Pacific/Auckland", stat), "!--------- 0 0 0 0 Aug 29 09:33 foo", ) # If alternate locale is not available, the next test will be # skipped, please install this locale for it to run currentLocale = locale.getlocale() try: try: locale.setlocale(locale.LC_ALL, "es_AR.UTF8") except locale.Error: localeSkip = True else: locale.setlocale(locale.LC_ALL, currentLocale) except: pass @skipIf(localeSkip, "The es_AR.UTF8 locale is not installed.") def test_localeIndependent(self): """ The month name in the date is locale independent. """ # A point about three months in the past. then = self.now - (60 * 60 * 24 * 31 * 3) stat = os.stat_result((0, 0, 0, 0, 0, 0, 0, 0, then, 0)) # Fake that we're in a language where August is not Aug (e.g.: Spanish) currentLocale = locale.getlocale() locale.setlocale(locale.LC_ALL, "es_AR.UTF8") self.addCleanup(locale.setlocale, locale.LC_ALL, currentLocale) self.assertEqual( self._lsInTimezone("America/New_York", stat), "!--------- 0 0 0 0 Aug 28 17:33 foo", ) self.assertEqual( self._lsInTimezone("Pacific/Auckland", stat), "!--------- 0 0 0 0 Aug 29 09:33 foo", ) def test_newSingleDigitDayOfMonth(self): """ A file with a high-resolution timestamp which falls on a day of the month which can be represented by one decimal digit is formatted with one padding 0 to preserve the columns which come after it. """ # A point about three months in the past, tweaked to fall on the first # of a month so we test the case we want to test. then = self.now - (60 * 60 * 24 * 31 * 3) + (60 * 60 * 24 * 4) stat = os.stat_result((0, 0, 0, 0, 0, 0, 0, 0, then, 0)) self.assertEqual( self._lsInTimezone("America/New_York", stat), "!--------- 0 0 0 0 Sep 01 17:33 foo", ) self.assertEqual( self._lsInTimezone("Pacific/Auckland", stat), "!--------- 0 0 0 0 Sep 02 09:33 foo", ) class InMemorySSHChannel(StringTransport): """ Minimal implementation of a L{SSHChannel} like class which only reads and writes data from memory. """ def __init__(self, conn): """ @param conn: The SSH connection associated with this channel. @type conn: L{SSHConnection} """ self.conn = conn self.localClosed = 0 super().__init__() class FilesystemAccessExpectations: """ A test helper used to support expected filesystem access. """ def __init__(self): self._cache = {} def put(self, path, flags, stream): """ @param path: Path at which the stream is requested. @type path: L{str} @param path: Flags with which the stream is requested. @type path: L{str} @param stream: A stream. @type stream: C{File} """ self._cache[(path, flags)] = stream def pop(self, path, flags): """ Remove a stream from the memory. @param path: Path at which the stream is requested. @type path: L{str} @param path: Flags with which the stream is requested. @type path: L{str} @return: A stream. @rtype: C{File} """ return self._cache.pop((path, flags)) class InMemorySFTPClient: """ A L{filetransfer.FileTransferClient} which does filesystem operations in memory, without touching the local disc or the network interface. @ivar _availableFiles: File like objects which are available to the SFTP client. @type _availableFiles: L{FilesystemRegister} """ def __init__(self, availableFiles): self.transport = InMemorySSHChannel(self) self.options = { "requests": 1, "buffersize": 10, } self._availableFiles = availableFiles def openFile(self, filename, flags, attrs): """ @see: L{filetransfer.FileTransferClient.openFile}. Retrieve and remove cached file based on flags. """ return self._availableFiles.pop(filename, flags) @implementer(ISFTPFile) class InMemoryRemoteFile(BytesIO): """ An L{ISFTPFile} which handles all data in memory. """ def __init__(self, name): """ @param name: Name of this file. @type name: L{str} """ self.name = name BytesIO.__init__(self) def writeChunk(self, start, data): """ @see: L{ISFTPFile.writeChunk} """ self.seek(start) self.write(data) return defer.succeed(self) def close(self): """ @see: L{ISFTPFile.writeChunk} Keeps data after file was closed to help with testing. """ self._closed = True def getAttrs(self): # ISFTPFile.getAttrs pass def readChunk(self, offset, length): # ISFTPFile.readChunk pass def setAttrs(self, attrs): # ISFTPFile.getAttrs pass def getvalue(self): """ Get current data of file. Allow reading data event when file is closed. """ return BytesIO.getvalue(self) @skipIf(skipTests, "don't run w/o spawnProcess or cryptography or pyasn1") class StdioClientTests(TestCase): """ Tests for L{cftp.StdioClient}. """ def setUp(self): """ Create a L{cftp.StdioClient} hooked up to dummy transport and a fake user database. """ self.fakeFilesystem = FilesystemAccessExpectations() sftpClient = InMemorySFTPClient(self.fakeFilesystem) self.client = cftp.StdioClient(sftpClient) self.client.currentDirectory = "/" self.database = self.client._pwd = UserDatabase() # Use a fixed width for all tests so that we get the same results when # running these tests from different terminals. # Run tests in a wide console so that all items are delimited by at # least one space character. self.setKnownConsoleSize(500, 24) # Intentionally bypassing makeConnection - that triggers some code # which uses features not provided by our dumb Connection fake. self.client.transport = self.client.client.transport def test_exec(self): """ The I{exec} command runs its arguments locally in a child process using the user's shell. """ self.database.addUser( getpass.getuser(), "secret", os.getuid(), 1234, "foo", "bar", sys.executable ) d = self.client._dispatchCommand("exec print(1 + 2)") d.addCallback(self.assertEqual, b"3\n") return d def test_execWithoutShell(self): """ If the local user has no shell, the I{exec} command runs its arguments using I{/bin/sh}. """ self.database.addUser( getpass.getuser(), "secret", os.getuid(), 1234, "foo", "bar", "" ) d = self.client._dispatchCommand("exec echo hello") d.addCallback(self.assertEqual, b"hello\n") return d def test_bang(self): """ The I{exec} command is run for lines which start with C{"!"}. """ self.database.addUser( getpass.getuser(), "secret", os.getuid(), 1234, "foo", "bar", "/bin/sh" ) d = self.client._dispatchCommand("!echo hello") d.addCallback(self.assertEqual, b"hello\n") return d def setKnownConsoleSize(self, width, height): """ For the duration of this test, patch C{cftp}'s C{fcntl} module to return a fixed width and height. @param width: the width in characters @type width: L{int} @param height: the height in characters @type height: L{int} """ # Local import to avoid win32 issues. import tty class FakeFcntl: def ioctl(self, fd, opt, mutate): if opt != tty.TIOCGWINSZ: self.fail("Only window-size queries supported.") return struct.pack("4H", height, width, 0, 0) self.patch(cftp, "fcntl", FakeFcntl()) def test_printProgressBarReporting(self): """ L{StdioClient._printProgressBar} prints a progress description, including percent done, amount transferred, transfer rate, and time remaining, all based the given start time, the given L{FileWrapper}'s progress information and the reactor's current time. """ # Use a short, known console width because this simple test doesn't # need to test the console padding. self.setKnownConsoleSize(10, 34) clock = self.client.reactor = Clock() wrapped = BytesIO(b"x") wrapped.name = b"sample" wrapper = cftp.FileWrapper(wrapped) wrapper.size = 1024 * 10 startTime = clock.seconds() clock.advance(2.0) wrapper.total += 4096 self.client._printProgressBar(wrapper, startTime) result = b"\rb'sample' 40% 4.0kB 2.0kBps 00:03 " self.assertEqual(self.client.transport.value(), result) def test_printProgressBarNoProgress(self): """ L{StdioClient._printProgressBar} prints a progress description that indicates 0 bytes transferred if no bytes have been transferred and no time has passed. """ self.setKnownConsoleSize(10, 34) clock = self.client.reactor = Clock() wrapped = BytesIO(b"x") wrapped.name = b"sample" wrapper = cftp.FileWrapper(wrapped) startTime = clock.seconds() self.client._printProgressBar(wrapper, startTime) result = b"\rb'sample' 0% 0.0B 0.0Bps 00:00 " self.assertEqual(self.client.transport.value(), result) def test_printProgressBarEmptyFile(self): """ Print the progress for empty files. """ self.setKnownConsoleSize(10, 34) wrapped = BytesIO() wrapped.name = b"empty-file" wrapper = cftp.FileWrapper(wrapped) self.client._printProgressBar(wrapper, 0) result = b"\rb'empty-file'100% 0.0B 0.0Bps 00:00 " self.assertEqual(result, self.client.transport.value()) def test_getFilenameEmpty(self): """ Returns empty value for both filename and remaining data. """ result = self.client._getFilename(" ") self.assertEqual(("", ""), result) def test_getFilenameOnlyLocal(self): """ Returns empty value for remaining data when line contains only a filename. """ result = self.client._getFilename("only-local") self.assertEqual(("only-local", ""), result) def test_getFilenameNotQuoted(self): """ Returns filename and remaining data striped of leading and trailing spaces. """ result = self.client._getFilename(" local remote file ") self.assertEqual(("local", "remote file"), result) def test_getFilenameQuoted(self): """ Returns filename and remaining data not striped of leading and trailing spaces when quoted paths are requested. """ result = self.client._getFilename(' " local file " " remote file " ') self.assertEqual((" local file ", '" remote file "'), result) def makeFile(self, path=None, content=b""): """ Create a local file and return its path. When `path` is L{None}, it will create a new temporary file. @param path: Optional path for the new file. @type path: L{str} @param content: Content to be written in the new file. @type content: L{bytes} @return: Path to the newly create file. """ if path is None: path = self.mktemp() with open(path, "wb") as file: file.write(content) return path def checkPutMessage(self, transfers, randomOrder=False): """ Check output of cftp client for a put request. @param transfers: List with tuple of (local, remote, progress). @param randomOrder: When set to C{True}, it will ignore the order in which put reposes are received """ output = self.client.transport.value() output = output.decode("utf-8") output = output.split("\n\r") expectedOutput = [] actualOutput = [] for local, remote, expected in transfers: # For each transfer we have a list of reported progress which # ends with the final message informing that file was transferred. expectedTransfer = [] for line in expected: expectedTransfer.append(f"{local} {line}") expectedTransfer.append(f"Transferred {local} to {remote}") expectedOutput.append(expectedTransfer) progressParts = output.pop(0).strip("\r").split("\r") actual = progressParts[:-1] last = progressParts[-1].strip("\n").split("\n") actual.extend(last) actualTransfer = [] # Each transferred file is on a line with summary on the last # line. Summary is copying at the end. for line in actual[:-1]: # Output line is in the format # NAME PROGRESS_PERCENTAGE PROGRESS_BYTES SPEED ETA. # For testing we only care about the # PROGRESS_PERCENTAGE and PROGRESS values. # Ignore SPPED and ETA. line = line.strip().rsplit(" ", 2)[0] # NAME can be followed by a lot of spaces so we need to # reduce them to single space. line = line.strip().split(" ", 1) actualTransfer.append(f"{line[0]} {line[1].strip()}") actualTransfer.append(actual[-1]) actualOutput.append(actualTransfer) if randomOrder: self.assertEqual(sorted(expectedOutput), sorted(actualOutput)) else: self.assertEqual(expectedOutput, actualOutput) self.assertEqual( 0, len(output), "There are still put responses which were not checked.", ) def test_cmd_PUTSingleNoRemotePath(self): """ A name based on local path is used when remote path is not provided. The progress is updated while chunks are transferred. """ content = b"Test\r\nContent" localPath = self.makeFile(content=content) flags = filetransfer.FXF_WRITE \| filetransfer.FXF_CREAT \| filetransfer.FXF_TRUNC remoteName = os.path.join("/", os.path.basename(localPath)) remoteFile = InMemoryRemoteFile(remoteName) self.fakeFilesystem.put(remoteName, flags, defer.succeed(remoteFile)) self.client.client.options["buffersize"] = 10 deferred = self.client.cmd_PUT(localPath) self.successResultOf(deferred) self.assertEqual(content, remoteFile.getvalue()) self.assertTrue(remoteFile._closed) self.checkPutMessage( [(localPath, remoteName, ["76% 10.0B", "100% 13.0B", "100% 13.0B"])] ) def test_cmd_PUTSingleRemotePath(self): """ Remote path is extracted from first filename after local file. Any other data in the line is ignored. """ localPath = self.makeFile() flags = filetransfer.FXF_WRITE \| filetransfer.FXF_CREAT \| filetransfer.FXF_TRUNC remoteName = "/remote-path" remoteFile = InMemoryRemoteFile(remoteName) self.fakeFilesystem.put(remoteName, flags, defer.succeed(remoteFile)) deferred = self.client.cmd_PUT(f"{localPath} {remoteName} ignored") self.successResultOf(deferred) self.checkPutMessage([(localPath, remoteName, ["100% 0.0B"])]) self.assertTrue(remoteFile._closed) self.assertEqual(b"", remoteFile.getvalue()) def test_cmd_PUTMultipleNoRemotePath(self): """ When a gobbing expression is used local files are transferred with remote file names based on local names. """ first = self.makeFile() firstName = os.path.basename(first) secondName = "second-name" parent = os.path.dirname(first) second = self.makeFile(path=os.path.join(parent, secondName)) flags = filetransfer.FXF_WRITE \| filetransfer.FXF_CREAT \| filetransfer.FXF_TRUNC firstRemotePath = f"/{firstName}" secondRemotePath = f"/{secondName}" firstRemoteFile = InMemoryRemoteFile(firstRemotePath) secondRemoteFile = InMemoryRemoteFile(secondRemotePath) self.fakeFilesystem.put(firstRemotePath, flags, defer.succeed(firstRemoteFile)) self.fakeFilesystem.put( secondRemotePath, flags, defer.succeed(secondRemoteFile) ) deferred = self.client.cmd_PUT(os.path.join(parent, "")) self.successResultOf(deferred) self.assertTrue(firstRemoteFile._closed) self.assertEqual(b"", firstRemoteFile.getvalue()) self.assertTrue(secondRemoteFile._closed) self.assertEqual(b"", secondRemoteFile.getvalue()) self.checkPutMessage( [ (first, firstRemotePath, ["100% 0.0B"]), (second, secondRemotePath, ["100% 0.0B"]), ], randomOrder=True, ) def test_cmd_PUTMultipleWithRemotePath(self): """ When a gobbing expression is used local files are transferred with remote file names based on local names. when a remote folder is requested remote paths are composed from remote path and local filename. """ first = self.makeFile() firstName = os.path.basename(first) secondName = "second-name" parent = os.path.dirname(first) second = self.makeFile(path=os.path.join(parent, secondName)) flags = filetransfer.FXF_WRITE \| filetransfer.FXF_CREAT \| filetransfer.FXF_TRUNC firstRemoteFile = InMemoryRemoteFile(firstName) secondRemoteFile = InMemoryRemoteFile(secondName) firstRemotePath = f"/remote/{firstName}" secondRemotePath = f"/remote/{secondName}" self.fakeFilesystem.put(firstRemotePath, flags, defer.succeed(firstRemoteFile)) self.fakeFilesystem.put( secondRemotePath, flags, defer.succeed(secondRemoteFile) ) deferred = self.client.cmd_PUT("{} remote".format(os.path.join(parent, ""))) self.successResultOf(deferred) self.assertTrue(firstRemoteFile._closed) self.assertEqual(b"", firstRemoteFile.getvalue()) self.assertTrue(secondRemoteFile._closed) self.assertEqual(b"", secondRemoteFile.getvalue()) self.checkPutMessage( [ (first, firstName, ["100% 0.0B"]), (second, secondName, ["100% 0.0B"]), ], randomOrder=True, ) class FileTransferTestRealm: def __init__(self, testDir): self.testDir = testDir def requestAvatar(self, avatarID, mind, interfaces): a = FileTransferTestAvatar(self.testDir) return interfaces[0], a, lambda: None class SFTPTestProcess(protocol.ProcessProtocol): """ Protocol for testing cftp. Provides an interface between Python (where all the tests are) and the cftp client process (which does the work that is being tested). """ def __init__(self, onOutReceived): """ @param onOutReceived: A L{Deferred} to be fired as soon as data is received from stdout. """ self.clearBuffer() self.onOutReceived = onOutReceived self.onProcessEnd = None self._expectingCommand = None self._processEnded = False def clearBuffer(self): """ Clear any buffered data received from stdout. Should be private. """ self.buffer = b"" self._linesReceived = [] self._lineBuffer = b"" def outReceived(self, data): """ Called by Twisted when the cftp client prints data to stdout. """ log.msg("got %r" % data) lines = (self._lineBuffer + data).split(b"\n") self._lineBuffer = lines.pop(-1) self._linesReceived.extend(lines) # XXX - not strictly correct. # We really want onOutReceived to fire after the first 'cftp>' prompt # has been received. (See use in OurServerCmdLineClientTests.setUp) if self.onOutReceived is not None: d, self.onOutReceived = self.onOutReceived, None d.callback(data) self.buffer += data self._checkForCommand() def _checkForCommand(self): prompt = b"cftp> " if self._expectingCommand and self._lineBuffer == prompt: buf = b"\n".join(self._linesReceived) if buf.startswith(prompt): buf = buf[len(prompt) :] self.clearBuffer() d, self._expectingCommand = self._expectingCommand, None d.callback(buf) def errReceived(self, data): """ Called by Twisted when the cftp client prints data to stderr. """ log.msg("err: %s" % data) def getBuffer(self): """ Return the contents of the buffer of data received from stdout. """ return self.buffer def runCommand(self, command): """ Issue the given command via the cftp client. Return a C{Deferred} that fires when the server returns a result. Note that the C{Deferred} will callback even if the server returns some kind of error. @param command: A string containing an sftp command. @return: A C{Deferred} that fires when the sftp server returns a result. The payload is the server's response string. """ self._expectingCommand = defer.Deferred() self.clearBuffer() if isinstance(command, str): command = command.encode("utf-8") self.transport.write(command + b"\n") return self._expectingCommand def runScript(self, commands): """ Run each command in sequence and return a Deferred that fires when all commands are completed. @param commands: A list of strings containing sftp commands. @return: A C{Deferred} that fires when all commands are completed. The payload is a list of response strings from the server, in the same order as the commands. """ sem = defer.DeferredSemaphore(1) dl = [sem.run(self.runCommand, command) for command in commands] return defer.gatherResults(dl) def killProcess(self): """ Kill the process if it is still running. If the process is still running, sends a KILL signal to the transport and returns a C{Deferred} which fires when L{processEnded} is called. @return: a C{Deferred}. """ if self._processEnded: return defer.succeed(None) self.onProcessEnd = defer.Deferred() self.transport.signalProcess("KILL") return self.onProcessEnd def processEnded(self, reason): """ Called by Twisted when the cftp client process ends. """ self._processEnded = True if self.onProcessEnd: d, self.onProcessEnd = self.onProcessEnd, None d.callback(None) class CFTPClientTestBase(SFTPTestBase): def setUp(self): with open("dsa_test.pub", "wb") as f: f.write(test_ssh.publicDSA_openssh) with open("dsa_test", "wb") as f: f.write(test_ssh.privateDSA_openssh) os.chmod("dsa_test", 33152) with open("kh_test", "wb") as f: f.write(b"127.0.0.1 " + test_ssh.publicRSA_openssh) return SFTPTestBase.setUp(self) def startServer(self): realm = FileTransferTestRealm(self.testDir) p = portal.Portal(realm) p.registerChecker(test_ssh.conchTestPublicKeyChecker()) fac = test_ssh.ConchTestServerFactory() fac.portal = p self.server = reactor.listenTCP(0, fac, interface="127.0.0.1") def stopServer(self): if not hasattr(self.server.factory, "proto"): return self._cbStopServer(None) self.server.factory.proto.expectedLoseConnection = 1 d = defer.maybeDeferred(self.server.factory.proto.transport.loseConnection) d.addCallback(self._cbStopServer) return d def _cbStopServer(self, ignored): return defer.maybeDeferred(self.server.stopListening) def tearDown(self): for f in ["dsa_test.pub", "dsa_test", "kh_test"]: try: os.remove(f) except BaseException: pass return SFTPTestBase.tearDown(self) @skipIf(skipTests, "don't run w/o spawnProcess or cryptography or pyasn1") class OurServerCmdLineClientTests(CFTPClientTestBase): """ Functional tests which launch a SFTP server over TCP on localhost and check cftp command line interface using a spawned process. Due to the spawned process you can not add a debugger breakpoint for the client code. """ def setUp(self): CFTPClientTestBase.setUp(self) self.startServer() cmds = ( "-p %i -l testuser " "--known-hosts kh_test " "--user-authentications publickey " "--host-key-algorithms ssh-rsa " "-i dsa_test " "-a " "-v " "127.0.0.1" ) port = self.server.getHost().port cmds = test_conch._makeArgs((cmds % port).split(), mod="cftp") log.msg(f"running {sys.executable} {cmds}") d = defer.Deferred() self.processProtocol = SFTPTestProcess(d) d.addCallback(lambda _: self.processProtocol.clearBuffer()) env = os.environ.copy() env["PYTHONPATH"] = os.pathsep.join(sys.path) encodedCmds = [] encodedEnv = {} for cmd in cmds: if isinstance(cmd, str): cmd = cmd.encode("utf-8") encodedCmds.append(cmd) for var in env: val = env[var] if isinstance(var, str): var = var.encode("utf-8") if isinstance(val, str): val = val.encode("utf-8") encodedEnv[var] = val log.msg(encodedCmds) log.msg(encodedEnv) reactor.spawnProcess( self.processProtocol, sys.executable, encodedCmds, env=encodedEnv ) return d def tearDown(self): d = self.stopServer() d.addCallback(lambda _: self.processProtocol.killProcess()) return d def _killProcess(self, ignored): try: self.processProtocol.transport.signalProcess("KILL") except error.ProcessExitedAlready: pass def runCommand(self, command): """ Run the given command with the cftp client. Return a C{Deferred} that fires when the command is complete. Payload is the server's output for that command. """ return self.processProtocol.runCommand(command) def runScript(self, commands): """ Run the given commands with the cftp client. Returns a C{Deferred} that fires when the commands are all complete. The C{Deferred}'s payload is a list of output for each command. """ return self.processProtocol.runScript(commands) def testCdPwd(self): """ Test that 'pwd' reports the current remote directory, that 'lpwd' reports the current local directory, and that changing to a subdirectory then changing to its parent leaves you in the original remote directory. """ # XXX - not actually a unit test, see docstring. homeDir = self.testDir d = self.runScript("pwd", "lpwd", "cd testDirectory", "cd ..", "pwd") def cmdOutput(output): """ Callback function for handling command output. """ cmds = [] for cmd in output: if isinstance(cmd, bytes): cmd = cmd.decode("utf-8") cmds.append(cmd) return cmds[:3] + cmds[4:] d.addCallback(cmdOutput) d.addCallback(self.assertEqual, [homeDir.path, os.getcwd(), "", homeDir.path]) return d def testChAttrs(self): """ Check that 'ls -l' output includes the access permissions and that this output changes appropriately with 'chmod'. """ def _check(results): self.flushLoggedErrors() self.assertTrue(results[0].startswith(b"-rw-r--r--")) self.assertEqual(results[1], b"") self.assertTrue(results[2].startswith(b"----------"), results[2]) self.assertEqual(results[3], b"") d = self.runScript( "ls -l testfile1", "chmod 0 testfile1", "ls -l testfile1", "chmod 644 testfile1", ) return d.addCallback(_check) # XXX test chgrp/own def testList(self): """ Check 'ls' works as expected. Checks for wildcards, hidden files, listing directories and listing empty directories. """ def _check(results): self.assertEqual( results[0], [b"testDirectory", b"testRemoveFile", b"testRenameFile", b"testfile1"], ) self.assertEqual( results[1], [b"testDirectory", b"testRemoveFile", b"testRenameFile", b"testfile1"], ) self.assertEqual(results[2], [b"testRemoveFile", b"testRenameFile"]) self.assertEqual( results[3], [b".testHiddenFile", b"testRemoveFile", b"testRenameFile"] ) self.assertEqual(results[4], [b""]) d = self.runScript( "ls", "ls ../" + self.testDir.basename(), "ls File", "ls -a File", "ls -l testDirectory", ) d.addCallback(lambda xs: [x.split(b"\n") for x in xs]) return d.addCallback(_check) def testHelp(self): """ Check that running the '?' command returns help. """ d = self.runCommand("?") helpText = cftp.StdioClient(None).cmd_HELP("").strip() if isinstance(helpText, str): helpText = helpText.encode("utf-8") d.addCallback(self.assertEqual, helpText) return d def assertFilesEqual(self, name1, name2, msg=None): """ Assert that the files at C{name1} and C{name2} contain exactly the same data. """ self.assertEqual(name1.getContent(), name2.getContent(), msg) def testGet(self): """ Test that 'get' saves the remote file to the correct local location, that the output of 'get' is correct and that 'rm' actually removes the file. """ # XXX - not actually a unit test expectedOutput = "Transferred {}/testfile1 to {}/test file2".format( self.testDir.path, self.testDir.path, ) if isinstance(expectedOutput, str): expectedOutput = expectedOutput.encode("utf-8") def _checkGet(result): self.assertTrue(result.endswith(expectedOutput)) self.assertFilesEqual( self.testDir.child("testfile1"), self.testDir.child("test file2"), "get failed", ) return self.runCommand('rm "test file2"') d = self.runCommand(f'get testfile1 "{self.testDir.path}/test file2"') d.addCallback(_checkGet) d.addCallback( lambda _: self.assertFalse(self.testDir.child("test file2").exists()) ) return d def testWildcardGet(self): """ Test that 'get' works correctly when given wildcard parameters. """ def _check(ignored): self.assertFilesEqual( self.testDir.child("testRemoveFile"), FilePath("testRemoveFile"), "testRemoveFile get failed", ) self.assertFilesEqual( self.testDir.child("testRenameFile"), FilePath("testRenameFile"), "testRenameFile get failed", ) d = self.runCommand("get testR") return d.addCallback(_check) def testPut(self): """ Check that 'put' uploads files correctly and that they can be successfully removed. Also check the output of the put command. """ # XXX - not actually a unit test expectedOutput = ( b"Transferred " + self.testDir.asBytesMode().path + b"/testfile1 to " + self.testDir.asBytesMode().path + b'/test"file2' ) def _checkPut(result): self.assertFilesEqual( self.testDir.child("testfile1"), self.testDir.child('test"file2') ) self.assertTrue(result.endswith(expectedOutput)) return self.runCommand('rm "test\\"file2"') d = self.runCommand(f'put {self.testDir.path}/testfile1 "test\\"file2"') d.addCallback(_checkPut) d.addCallback( lambda _: self.assertFalse(self.testDir.child('test"file2').exists()) ) return d def test_putOverLongerFile(self): """ Check that 'put' uploads files correctly when overwriting a longer file. """ # XXX - not actually a unit test with self.testDir.child("shorterFile").open(mode="w") as f: f.write(b"a") with self.testDir.child("longerFile").open(mode="w") as f: f.write(b"bb") def _checkPut(result): self.assertFilesEqual( self.testDir.child("shorterFile"), self.testDir.child("longerFile") ) d = self.runCommand(f"put {self.testDir.path}/shorterFile longerFile") d.addCallback(_checkPut) return d def test_putMultipleOverLongerFile(self): """ Check that 'put' uploads files correctly when overwriting a longer file and you use a wildcard to specify the files to upload. """ # XXX - not actually a unit test someDir = self.testDir.child("dir") someDir.createDirectory() with someDir.child("file").open(mode="w") as f: f.write(b"a") with self.testDir.child("file").open(mode="w") as f: f.write(b"bb") def _checkPut(result): self.assertFilesEqual(someDir.child("file"), self.testDir.child("file")) d = self.runCommand(f"put {self.testDir.path}/dir/") d.addCallback(_checkPut) return d def testWildcardPut(self): """ What happens if you issue a 'put' command and include a wildcard (i.e. '') in parameter? Check that all files matching the wildcard are uploaded to the correct directory. """ def check(results): self.assertEqual(results[0], b"") self.assertEqual(results[2], b"") self.assertFilesEqual( self.testDir.child("testRemoveFile"), self.testDir.parent().child("testRemoveFile"), "testRemoveFile get failed", ) self.assertFilesEqual( self.testDir.child("testRenameFile"), self.testDir.parent().child("testRenameFile"), "testRenameFile get failed", ) d = self.runScript( "cd ..", f"put {self.testDir.path}/testR", "cd %s" % self.testDir.basename(), ) d.addCallback(check) return d def testLink(self): """ Test that 'ln' creates a file which appears as a link in the output of 'ls'. Check that removing the new file succeeds without output. """ def _check(results): self.flushLoggedErrors() self.assertEqual(results[0], b"") self.assertTrue(results[1].startswith(b"l"), "link failed") return self.runCommand("rm testLink") d = self.runScript("ln testLink testfile1", "ls -l testLink") d.addCallback(_check) d.addCallback(self.assertEqual, b"") return d def testRemoteDirectory(self): """ Test that we can create and remove directories with the cftp client. """ def _check(results): self.assertEqual(results[0], b"") self.assertTrue(results[1].startswith(b"d")) return self.runCommand("rmdir testMakeDirectory") d = self.runScript("mkdir testMakeDirectory", "ls -l testMakeDirector?") d.addCallback(_check) d.addCallback(self.assertEqual, b"") return d def test_existingRemoteDirectory(self): """ Test that a C{mkdir} on an existing directory fails with the appropriate error, and doesn't log an useless error server side. """ def _check(results): self.assertEqual(results[0], b"") self.assertEqual(results[1], b"remote error 11: mkdir failed") d = self.runScript("mkdir testMakeDirectory", "mkdir testMakeDirectory") d.addCallback(_check) return d def testLocalDirectory(self): """ Test that we can create a directory locally and remove it with the cftp client. This test works because the 'remote' server is running out of a local directory. """ d = self.runCommand(f"lmkdir {self.testDir.path}/testLocalDirectory") d.addCallback(self.assertEqual, b"") d.addCallback(lambda _: self.runCommand("rmdir testLocalDirectory")) d.addCallback(self.assertEqual, b"") return d def testRename(self): """ Test that we can rename a file. """ def _check(results): self.assertEqual(results[0], b"") self.assertEqual(results[1], b"testfile2") return self.runCommand("rename testfile2 testfile1") d = self.runScript("rename testfile1 testfile2", "ls testfile?") d.addCallback(_check) d.addCallback(self.assertEqual, b"") return d @skipIf(skipTests, "don't run w/o spawnProcess or cryptography or pyasn1") class OurServerBatchFileTests(CFTPClientTestBase): """ Functional tests which launch a SFTP server over localhost and checks csftp in batch interface. """ def setUp(self): CFTPClientTestBase.setUp(self) self.startServer() def tearDown(self): CFTPClientTestBase.tearDown(self) return self.stopServer() def _getBatchOutput(self, f): fn = self.mktemp() with open(fn, "w") as fp: fp.write(f) port = self.server.getHost().port cmds = ( "-p %i -l testuser " "--known-hosts kh_test " "--user-authentications publickey " "--host-key-algorithms ssh-rsa " "-i dsa_test " "-a " "-v -b %s 127.0.0.1" ) % (port, fn) cmds = test_conch._makeArgs(cmds.split(), mod="cftp")[1:] log.msg(f"running {sys.executable} {cmds}") env = os.environ.copy() env["PYTHONPATH"] = os.pathsep.join(sys.path) self.server.factory.expectedLoseConnection = 1 d = getProcessOutputAndValue(sys.executable, cmds, env=env) def _cleanup(res): os.remove(fn) return res d.addCallback(lambda res: res[0]) d.addBoth(_cleanup) return d def testBatchFile(self): """ Test whether batch file function of cftp ('cftp -b batchfile'). This works by treating the file as a list of commands to be run. """ cmds = """pwd ls exit """ def _cbCheckResult(res): res = res.split(b"\n") log.msg("RES %s" % repr(res)) self.assertIn(self.testDir.asBytesMode().path, res[1]) self.assertEqual( res[3:-2], [b"testDirectory", b"testRemoveFile", b"testRenameFile", b"testfile1"], ) d = self._getBatchOutput(cmds) d.addCallback(_cbCheckResult) return d def testError(self): """ Test that an error in the batch file stops running the batch. """ cmds = """chown 0 missingFile pwd exit """ def _cbCheckResult(res): self.assertNotIn(self.testDir.asBytesMode().path, res) d = self._getBatchOutput(cmds) d.addCallback(_cbCheckResult) return d def testIgnoredError(self): """ Test that a minus sign '-' at the front of a line ignores any errors. """ cmds = """-chown 0 missingFile pwd exit """ def _cbCheckResult(res): self.assertIn(self.testDir.asBytesMode().path, res) d = self._getBatchOutput(cmds) d.addCallback(_cbCheckResult) return d @skipIf(skipTests, "don't run w/o spawnProcess or cryptography or pyasn1") @skipIf(not which("sftp"), "no sftp command-line client available") class OurServerSftpClientTests(CFTPClientTestBase): """ Test the sftp server against sftp command line client. """ def setUp(self): CFTPClientTestBase.setUp(self) return self.startServer() def tearDown(self): return self.stopServer() def test_extendedAttributes(self): """ Test the return of extended attributes by the server: the sftp client should ignore them, but still be able to parse the response correctly. This test is mainly here to check that L{filetransfer.FILEXFER_ATTR_EXTENDED} has the correct value. """ fn = self.mktemp() with open(fn, "w") as f: f.write("ls .\nexit") port = self.server.getHost().port oldGetAttr = FileTransferForTestAvatar._getAttrs def _getAttrs(self, s): attrs = oldGetAttr(self, s) attrs["ext_foo"] = "bar" return attrs self.patch(FileTransferForTestAvatar, "_getAttrs", _getAttrs) self.server.factory.expectedLoseConnection = True # PubkeyAcceptedKeyTypes does not exist prior to OpenSSH 7.0 so we # first need to check if we can set it. If we can, -V will just print # the version without doing anything else; if we can't, we will get a # configuration error. d = getProcessValue("ssh", ("-o", "PubkeyAcceptedKeyTypes=ssh-dss", "-V")) def hasPAKT(status): if status == 0: args = ("-o", "PubkeyAcceptedKeyTypes=ssh-dss") else: args = () # Pass -F /dev/null to avoid the user's configuration file from # being loaded, as it may contain settings that cause our tests to # fail or hang. args += ( "-F", "/dev/null", "-o", "IdentityFile=dsa_test", "-o", "UserKnownHostsFile=kh_test", "-o", "HostKeyAlgorithms=ssh-rsa", "-o", "Port=%i" % (port,), "-b", fn, "testuser@127.0.0.1", ) return args def check(result): self.assertEqual(result[2], 0) for i in [ b"testDirectory", b"testRemoveFile", b"testRenameFile", b"testfile1", ]: self.assertIn(i, result[0]) d.addCallback(hasPAKT) d.addCallback(lambda args: getProcessOutputAndValue("sftp", args)) return d.addCallback(check) ��test/test_helper.py��0000644��00000047101�15027667726�0010440 0��ustar�00��# -- test-case-name: twisted.conch.test.test_helper -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. from twisted.conch.insults import helper from twisted.conch.insults.insults import ( BLINK, BOLD, G0, G1, G2, G3, NORMAL, REVERSE_VIDEO, UNDERLINE, modes, privateModes, ) from twisted.trial import unittest WIDTH = 80 HEIGHT = 24 class BufferTests(unittest.TestCase): def setUp(self): self.term = helper.TerminalBuffer() self.term.connectionMade() def testInitialState(self): self.assertEqual(self.term.width, WIDTH) self.assertEqual(self.term.height, HEIGHT) self.assertEqual(self.term.__bytes__(), b"\n" * (HEIGHT - 1)) self.assertEqual(self.term.reportCursorPosition(), (0, 0)) def test_initialPrivateModes(self): """ Verify that only DEC Auto Wrap Mode (DECAWM) and DEC Text Cursor Enable Mode (DECTCEM) are initially in the Set Mode (SM) state. """ self.assertEqual( {privateModes.AUTO_WRAP: True, privateModes.CURSOR_MODE: True}, self.term.privateModes, ) def test_carriageReturn(self): """ C{"\r"} moves the cursor to the first column in the current row. """ self.term.cursorForward(5) self.term.cursorDown(3) self.assertEqual(self.term.reportCursorPosition(), (5, 3)) self.term.insertAtCursor(b"\r") self.assertEqual(self.term.reportCursorPosition(), (0, 3)) def test_linefeed(self): """ C{"\n"} moves the cursor to the next row without changing the column. """ self.term.cursorForward(5) self.assertEqual(self.term.reportCursorPosition(), (5, 0)) self.term.insertAtCursor(b"\n") self.assertEqual(self.term.reportCursorPosition(), (5, 1)) def test_newline(self): """ C{write} transforms C{"\n"} into C{"\r\n"}. """ self.term.cursorForward(5) self.term.cursorDown(3) self.assertEqual(self.term.reportCursorPosition(), (5, 3)) self.term.write(b"\n") self.assertEqual(self.term.reportCursorPosition(), (0, 4)) def test_setPrivateModes(self): """ Verify that L{helper.TerminalBuffer.setPrivateModes} changes the Set Mode (SM) state to "set" for the private modes it is passed. """ expected = self.term.privateModes.copy() self.term.setPrivateModes([privateModes.SCROLL, privateModes.SCREEN]) expected[privateModes.SCROLL] = True expected[privateModes.SCREEN] = True self.assertEqual(expected, self.term.privateModes) def test_resetPrivateModes(self): """ Verify that L{helper.TerminalBuffer.resetPrivateModes} changes the Set Mode (SM) state to "reset" for the private modes it is passed. """ expected = self.term.privateModes.copy() self.term.resetPrivateModes([privateModes.AUTO_WRAP, privateModes.CURSOR_MODE]) del expected[privateModes.AUTO_WRAP] del expected[privateModes.CURSOR_MODE] self.assertEqual(expected, self.term.privateModes) def testCursorDown(self): self.term.cursorDown(3) self.assertEqual(self.term.reportCursorPosition(), (0, 3)) self.term.cursorDown() self.assertEqual(self.term.reportCursorPosition(), (0, 4)) self.term.cursorDown(HEIGHT) self.assertEqual(self.term.reportCursorPosition(), (0, HEIGHT - 1)) def testCursorUp(self): self.term.cursorUp(5) self.assertEqual(self.term.reportCursorPosition(), (0, 0)) self.term.cursorDown(20) self.term.cursorUp(1) self.assertEqual(self.term.reportCursorPosition(), (0, 19)) self.term.cursorUp(19) self.assertEqual(self.term.reportCursorPosition(), (0, 0)) def testCursorForward(self): self.term.cursorForward(2) self.assertEqual(self.term.reportCursorPosition(), (2, 0)) self.term.cursorForward(2) self.assertEqual(self.term.reportCursorPosition(), (4, 0)) self.term.cursorForward(WIDTH) self.assertEqual(self.term.reportCursorPosition(), (WIDTH, 0)) def testCursorBackward(self): self.term.cursorForward(10) self.term.cursorBackward(2) self.assertEqual(self.term.reportCursorPosition(), (8, 0)) self.term.cursorBackward(7) self.assertEqual(self.term.reportCursorPosition(), (1, 0)) self.term.cursorBackward(1) self.assertEqual(self.term.reportCursorPosition(), (0, 0)) self.term.cursorBackward(1) self.assertEqual(self.term.reportCursorPosition(), (0, 0)) def testCursorPositioning(self): self.term.cursorPosition(3, 9) self.assertEqual(self.term.reportCursorPosition(), (3, 9)) def testSimpleWriting(self): s = b"Hello, world." self.term.write(s) self.assertEqual(self.term.__bytes__(), s + b"\n" + b"\n" * (HEIGHT - 2)) def testOvertype(self): s = b"hello, world." self.term.write(s) self.term.cursorBackward(len(s)) self.term.resetModes([modes.IRM]) self.term.write(b"H") self.assertEqual( self.term.__bytes__(), (b"H" + s[1:]) + b"\n" + b"\n" * (HEIGHT - 2) ) def testInsert(self): s = b"ello, world." self.term.write(s) self.term.cursorBackward(len(s)) self.term.setModes([modes.IRM]) self.term.write(b"H") self.assertEqual( self.term.__bytes__(), (b"H" + s) + b"\n" + b"\n" * (HEIGHT - 2) ) def testWritingInTheMiddle(self): s = b"Hello, world." self.term.cursorDown(5) self.term.cursorForward(5) self.term.write(s) self.assertEqual( self.term.__bytes__(), b"\n" * 5 + (self.term.fill * 5) + s + b"\n" + b"\n" * (HEIGHT - 7), ) def testWritingWrappedAtEndOfLine(self): s = b"Hello, world." self.term.cursorForward(WIDTH - 5) self.term.write(s) self.assertEqual( self.term.__bytes__(), s[:5].rjust(WIDTH) + b"\n" + s[5:] + b"\n" + b"\n" * (HEIGHT - 3), ) def testIndex(self): self.term.index() self.assertEqual(self.term.reportCursorPosition(), (0, 1)) self.term.cursorDown(HEIGHT) self.assertEqual(self.term.reportCursorPosition(), (0, HEIGHT - 1)) self.term.index() self.assertEqual(self.term.reportCursorPosition(), (0, HEIGHT - 1)) def testReverseIndex(self): self.term.reverseIndex() self.assertEqual(self.term.reportCursorPosition(), (0, 0)) self.term.cursorDown(2) self.assertEqual(self.term.reportCursorPosition(), (0, 2)) self.term.reverseIndex() self.assertEqual(self.term.reportCursorPosition(), (0, 1)) def test_nextLine(self): """ C{nextLine} positions the cursor at the beginning of the row below the current row. """ self.term.nextLine() self.assertEqual(self.term.reportCursorPosition(), (0, 1)) self.term.cursorForward(5) self.assertEqual(self.term.reportCursorPosition(), (5, 1)) self.term.nextLine() self.assertEqual(self.term.reportCursorPosition(), (0, 2)) def testSaveCursor(self): self.term.cursorDown(5) self.term.cursorForward(7) self.assertEqual(self.term.reportCursorPosition(), (7, 5)) self.term.saveCursor() self.term.cursorDown(7) self.term.cursorBackward(3) self.assertEqual(self.term.reportCursorPosition(), (4, 12)) self.term.restoreCursor() self.assertEqual(self.term.reportCursorPosition(), (7, 5)) def testSingleShifts(self): self.term.singleShift2() self.term.write(b"Hi") ch = self.term.getCharacter(0, 0) self.assertEqual(ch[0], b"H") self.assertEqual(ch[1].charset, G2) ch = self.term.getCharacter(1, 0) self.assertEqual(ch[0], b"i") self.assertEqual(ch[1].charset, G0) self.term.singleShift3() self.term.write(b"!!") ch = self.term.getCharacter(2, 0) self.assertEqual(ch[0], b"!") self.assertEqual(ch[1].charset, G3) ch = self.term.getCharacter(3, 0) self.assertEqual(ch[0], b"!") self.assertEqual(ch[1].charset, G0) def testShifting(self): s1 = b"Hello" s2 = b"World" s3 = b"Bye!" self.term.write(b"Hello\n") self.term.shiftOut() self.term.write(b"World\n") self.term.shiftIn() self.term.write(b"Bye!\n") g = G0 h = 0 for s in (s1, s2, s3): for i in range(len(s)): ch = self.term.getCharacter(i, h) self.assertEqual(ch[0], s[i : i + 1]) self.assertEqual(ch[1].charset, g) g = g == G0 and G1 or G0 h += 1 def testGraphicRendition(self): self.term.selectGraphicRendition(BOLD, UNDERLINE, BLINK, REVERSE_VIDEO) self.term.write(b"W") self.term.selectGraphicRendition(NORMAL) self.term.write(b"X") self.term.selectGraphicRendition(BLINK) self.term.write(b"Y") self.term.selectGraphicRendition(BOLD) self.term.write(b"Z") ch = self.term.getCharacter(0, 0) self.assertEqual(ch[0], b"W") self.assertTrue(ch[1].bold) self.assertTrue(ch[1].underline) self.assertTrue(ch[1].blink) self.assertTrue(ch[1].reverseVideo) ch = self.term.getCharacter(1, 0) self.assertEqual(ch[0], b"X") self.assertFalse(ch[1].bold) self.assertFalse(ch[1].underline) self.assertFalse(ch[1].blink) self.assertFalse(ch[1].reverseVideo) ch = self.term.getCharacter(2, 0) self.assertEqual(ch[0], b"Y") self.assertTrue(ch[1].blink) self.assertFalse(ch[1].bold) self.assertFalse(ch[1].underline) self.assertFalse(ch[1].reverseVideo) ch = self.term.getCharacter(3, 0) self.assertEqual(ch[0], b"Z") self.assertTrue(ch[1].blink) self.assertTrue(ch[1].bold) self.assertFalse(ch[1].underline) self.assertFalse(ch[1].reverseVideo) def testColorAttributes(self): s1 = b"Merry xmas" s2 = b"Just kidding" self.term.selectGraphicRendition( helper.FOREGROUND + helper.RED, helper.BACKGROUND + helper.GREEN ) self.term.write(s1 + b"\n") self.term.selectGraphicRendition(NORMAL) self.term.write(s2 + b"\n") for i in range(len(s1)): ch = self.term.getCharacter(i, 0) self.assertEqual(ch[0], s1[i : i + 1]) self.assertEqual(ch[1].charset, G0) self.assertFalse(ch[1].bold) self.assertFalse(ch[1].underline) self.assertFalse(ch[1].blink) self.assertFalse(ch[1].reverseVideo) self.assertEqual(ch[1].foreground, helper.RED) self.assertEqual(ch[1].background, helper.GREEN) for i in range(len(s2)): ch = self.term.getCharacter(i, 1) self.assertEqual(ch[0], s2[i : i + 1]) self.assertEqual(ch[1].charset, G0) self.assertFalse(ch[1].bold) self.assertFalse(ch[1].underline) self.assertFalse(ch[1].blink) self.assertFalse(ch[1].reverseVideo) self.assertEqual(ch[1].foreground, helper.WHITE) self.assertEqual(ch[1].background, helper.BLACK) def testEraseLine(self): s1 = b"line 1" s2 = b"line 2" s3 = b"line 3" self.term.write(b"\n".join((s1, s2, s3)) + b"\n") self.term.cursorPosition(1, 1) self.term.eraseLine() self.assertEqual( self.term.__bytes__(), s1 + b"\n" + b"\n" + s3 + b"\n" + b"\n" * (HEIGHT - 4), ) def testEraseToLineEnd(self): s = b"Hello, world." self.term.write(s) self.term.cursorBackward(5) self.term.eraseToLineEnd() self.assertEqual(self.term.__bytes__(), s[:-5] + b"\n" + b"\n" * (HEIGHT - 2)) def testEraseToLineBeginning(self): s = b"Hello, world." self.term.write(s) self.term.cursorBackward(5) self.term.eraseToLineBeginning() self.assertEqual( self.term.__bytes__(), s[-4:].rjust(len(s)) + b"\n" + b"\n" * (HEIGHT - 2) ) def testEraseDisplay(self): self.term.write(b"Hello world\n") self.term.write(b"Goodbye world\n") self.term.eraseDisplay() self.assertEqual(self.term.__bytes__(), b"\n" * (HEIGHT - 1)) def testEraseToDisplayEnd(self): s1 = b"Hello world" s2 = b"Goodbye world" self.term.write(b"\n".join((s1, s2, b""))) self.term.cursorPosition(5, 1) self.term.eraseToDisplayEnd() self.assertEqual( self.term.__bytes__(), s1 + b"\n" + s2[:5] + b"\n" + b"\n" * (HEIGHT - 3) ) def testEraseToDisplayBeginning(self): s1 = b"Hello world" s2 = b"Goodbye world" self.term.write(b"\n".join((s1, s2))) self.term.cursorPosition(5, 1) self.term.eraseToDisplayBeginning() self.assertEqual( self.term.__bytes__(), b"\n" + s2[6:].rjust(len(s2)) + b"\n" + b"\n" * (HEIGHT - 3), ) def testLineInsertion(self): s1 = b"Hello world" s2 = b"Goodbye world" self.term.write(b"\n".join((s1, s2))) self.term.cursorPosition(7, 1) self.term.insertLine() self.assertEqual( self.term.__bytes__(), s1 + b"\n" + b"\n" + s2 + b"\n" + b"\n" * (HEIGHT - 4), ) def testLineDeletion(self): s1 = b"Hello world" s2 = b"Middle words" s3 = b"Goodbye world" self.term.write(b"\n".join((s1, s2, s3))) self.term.cursorPosition(9, 1) self.term.deleteLine() self.assertEqual( self.term.__bytes__(), s1 + b"\n" + s3 + b"\n" + b"\n" * (HEIGHT - 3) ) class FakeDelayedCall: called = False cancelled = False def __init__(self, fs, timeout, f, a, kw): self.fs = fs self.timeout = timeout self.f = f self.a = a self.kw = kw def active(self): return not (self.cancelled or self.called) def cancel(self): self.cancelled = True # self.fs.calls.remove(self) def call(self): self.called = True self.f(self.a, self.kw) class FakeScheduler: def __init__(self): self.calls = [] def callLater(self, timeout, f, a, *kw): self.calls.append(FakeDelayedCall(self, timeout, f, a, kw)) return self.calls[-1] class ExpectTests(unittest.TestCase): def setUp(self): self.term = helper.ExpectableBuffer() self.term.connectionMade() self.fs = FakeScheduler() def testSimpleString(self): result = [] d = self.term.expect(b"hello world", timeout=1, scheduler=self.fs) d.addCallback(result.append) self.term.write(b"greeting puny earthlings\n") self.assertFalse(result) self.term.write(b"hello world\n") self.assertTrue(result) self.assertEqual(result[0].group(), b"hello world") self.assertEqual(len(self.fs.calls), 1) self.assertFalse(self.fs.calls[0].active()) def testBrokenUpString(self): result = [] d = self.term.expect(b"hello world") d.addCallback(result.append) self.assertFalse(result) self.term.write(b"hello ") self.assertFalse(result) self.term.write(b"worl") self.assertFalse(result) self.term.write(b"d") self.assertTrue(result) self.assertEqual(result[0].group(), b"hello world") def testMultiple(self): result = [] d1 = self.term.expect(b"hello ") d1.addCallback(result.append) d2 = self.term.expect(b"world") d2.addCallback(result.append) self.assertFalse(result) self.term.write(b"hello") self.assertFalse(result) self.term.write(b" ") self.assertEqual(len(result), 1) self.term.write(b"world") self.assertEqual(len(result), 2) self.assertEqual(result[0].group(), b"hello ") self.assertEqual(result[1].group(), b"world") def testSynchronous(self): self.term.write(b"hello world") result = [] d = self.term.expect(b"hello world") d.addCallback(result.append) self.assertTrue(result) self.assertEqual(result[0].group(), b"hello world") def testMultipleSynchronous(self): self.term.write(b"goodbye world") result = [] d1 = self.term.expect(b"bye") d1.addCallback(result.append) d2 = self.term.expect(b"world") d2.addCallback(result.append) self.assertEqual(len(result), 2) self.assertEqual(result[0].group(), b"bye") self.assertEqual(result[1].group(), b"world") def _cbTestTimeoutFailure(self, res): self.assertTrue(hasattr(res, "type")) self.assertEqual(res.type, helper.ExpectationTimeout) def testTimeoutFailure(self): d = self.term.expect(b"hello world", timeout=1, scheduler=self.fs) d.addBoth(self._cbTestTimeoutFailure) self.fs.calls[0].call() def testOverlappingTimeout(self): self.term.write(b"not zoomtastic") result = [] d1 = self.term.expect(b"hello world", timeout=1, scheduler=self.fs) d1.addBoth(self._cbTestTimeoutFailure) d2 = self.term.expect(b"zoom") d2.addCallback(result.append) self.fs.calls[0].call() self.assertEqual(len(result), 1) self.assertEqual(result[0].group(), b"zoom") class CharacterAttributeTests(unittest.TestCase): """ Tests for L{twisted.conch.insults.helper.CharacterAttribute}. """ def test_equality(self): """ L{CharacterAttribute}s must have matching character attribute values (bold, blink, underline, etc) with the same values to be considered equal. """ self.assertEqual(helper.CharacterAttribute(), helper.CharacterAttribute()) self.assertEqual( helper.CharacterAttribute(), helper.CharacterAttribute(charset=G0) ) self.assertEqual( helper.CharacterAttribute( bold=True, underline=True, blink=False, reverseVideo=True, foreground=helper.BLUE, ), helper.CharacterAttribute( bold=True, underline=True, blink=False, reverseVideo=True, foreground=helper.BLUE, ), ) self.assertNotEqual( helper.CharacterAttribute(), helper.CharacterAttribute(charset=G1) ) self.assertNotEqual( helper.CharacterAttribute(bold=True), helper.CharacterAttribute(bold=False) ) def test_wantOneDeprecated(self): """ L{twisted.conch.insults.helper.CharacterAttribute.wantOne} emits a deprecation warning when invoked. """ # Trigger the deprecation warning. helper._FormattingState().wantOne(bold=True) warningsShown = self.flushWarnings([self.test_wantOneDeprecated]) self.assertEqual(len(warningsShown), 1) self.assertEqual(warningsShown[0]["category"], DeprecationWarning) deprecatedClass = "twisted.conch.insults.helper._FormattingState.wantOne" self.assertEqual( warningsShown[0]["message"], "%s was deprecated in Twisted 13.1.0" % (deprecatedClass), ) ��test/test_userauth.py��0000644��00000101423�15027667726�0011017 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for the implementation of the ssh-userauth service. Maintainer: Paul Swartz """ from types import ModuleType from typing import Optional from zope.interface import implementer from twisted.conch.error import ConchError, ValidPublicKey from twisted.cred.checkers import ICredentialsChecker from twisted.cred.credentials import IAnonymous, ISSHPrivateKey, IUsernamePassword from twisted.cred.error import UnauthorizedLogin from twisted.cred.portal import IRealm, Portal from twisted.internet import defer, task from twisted.protocols import loopback from twisted.python.reflect import requireModule from twisted.trial import unittest keys: Optional[ModuleType] = None if requireModule("cryptography") and requireModule("pyasn1"): from twisted.conch.checkers import SSHProtocolChecker from twisted.conch.ssh import keys, transport, userauth from twisted.conch.ssh.common import NS from twisted.conch.test import keydata else: class transport: # type: ignore[no-redef] class SSHTransportBase: """ A stub class so that later class definitions won't die. """ class userauth: # type: ignore[no-redef] class SSHUserAuthClient: """ A stub class so that later class definitions won't die. """ class ClientUserAuth(userauth.SSHUserAuthClient): """ A mock user auth client. """ def getPublicKey(self): """ If this is the first time we've been called, return a blob for the DSA key. Otherwise, return a blob for the RSA key. """ if self.lastPublicKey: return keys.Key.fromString(keydata.publicRSA_openssh) else: return defer.succeed(keys.Key.fromString(keydata.publicDSA_openssh)) def getPrivateKey(self): """ Return the private key object for the RSA key. """ return defer.succeed(keys.Key.fromString(keydata.privateRSA_openssh)) def getPassword(self, prompt=None): """ Return 'foo' as the password. """ return defer.succeed(b"foo") def getGenericAnswers(self, name, information, answers): """ Return 'foo' as the answer to two questions. """ return defer.succeed(("foo", "foo")) class OldClientAuth(userauth.SSHUserAuthClient): """ The old SSHUserAuthClient returned a cryptography key object from getPrivateKey() and a string from getPublicKey """ def getPrivateKey(self): return defer.succeed(keys.Key.fromString(keydata.privateRSA_openssh).keyObject) def getPublicKey(self): return keys.Key.fromString(keydata.publicRSA_openssh).blob() class ClientAuthWithoutPrivateKey(userauth.SSHUserAuthClient): """ This client doesn't have a private key, but it does have a public key. """ def getPrivateKey(self): return def getPublicKey(self): return keys.Key.fromString(keydata.publicRSA_openssh) class FakeTransport(transport.SSHTransportBase): """ L{userauth.SSHUserAuthServer} expects an SSH transport which has a factory attribute which has a portal attribute. Because the portal is important for testing authentication, we need to be able to provide an interesting portal object to the L{SSHUserAuthServer}. In addition, we want to be able to capture any packets sent over the transport. @ivar packets: a list of 2-tuples: (messageType, data). Each 2-tuple is a sent packet. @type packets: C{list} @param lostConnecion: True if loseConnection has been called on us. @type lostConnection: L{bool} """ class Service: """ A mock service, representing the other service offered by the server. """ name = b"nancy" def serviceStarted(self): pass class Factory: """ A mock factory, representing the factory that spawned this user auth service. """ def getService(self, transport, service): """ Return our fake service. """ if service == b"none": return FakeTransport.Service def __init__(self, portal): self.factory = self.Factory() self.factory.portal = portal self.lostConnection = False self.transport = self self.packets = [] def sendPacket(self, messageType, message): """ Record the packet sent by the service. """ self.packets.append((messageType, message)) def isEncrypted(self, direction): """ Pretend that this transport encrypts traffic in both directions. The SSHUserAuthServer disables password authentication if the transport isn't encrypted. """ return True def loseConnection(self): self.lostConnection = True @implementer(IRealm) class Realm: """ A mock realm for testing L{userauth.SSHUserAuthServer}. This realm is not actually used in the course of testing, so it returns the simplest thing that could possibly work. """ def requestAvatar(self, avatarId, mind, interfaces): return defer.succeed((interfaces[0], None, lambda: None)) @implementer(ICredentialsChecker) class PasswordChecker: """ A very simple username/password checker which authenticates anyone whose password matches their username and rejects all others. """ credentialInterfaces = (IUsernamePassword,) def requestAvatarId(self, creds): if creds.username == creds.password: return defer.succeed(creds.username) return defer.fail(UnauthorizedLogin("Invalid username/password pair")) @implementer(ICredentialsChecker) class PrivateKeyChecker: """ A very simple public key checker which authenticates anyone whose public/private keypair is the same keydata.public/privateRSA_openssh. """ credentialInterfaces = (ISSHPrivateKey,) def requestAvatarId(self, creds): if creds.blob == keys.Key.fromString(keydata.publicRSA_openssh).blob(): if creds.signature is not None: obj = keys.Key.fromString(creds.blob) if obj.verify(creds.signature, creds.sigData): return creds.username else: raise ValidPublicKey() raise UnauthorizedLogin() @implementer(ICredentialsChecker) class AnonymousChecker: """ A simple checker which isn't supported by L{SSHUserAuthServer}. """ credentialInterfaces = (IAnonymous,) def requestAvatarId(self, credentials): # ICredentialsChecker.requestAvatarId pass class SSHUserAuthServerTests(unittest.TestCase): """ Tests for SSHUserAuthServer. """ if keys is None: skip = "cannot run without cryptography" def setUp(self): self.realm = Realm() self.portal = Portal(self.realm) self.portal.registerChecker(PasswordChecker()) self.portal.registerChecker(PrivateKeyChecker()) self.authServer = userauth.SSHUserAuthServer() self.authServer.transport = FakeTransport(self.portal) self.authServer.serviceStarted() self.authServer.supportedAuthentications.sort() # give a consistent # order def tearDown(self): self.authServer.serviceStopped() self.authServer = None def _checkFailed(self, ignored): """ Check that the authentication has failed. """ self.assertEqual( self.authServer.transport.packets[-1], (userauth.MSG_USERAUTH_FAILURE, NS(b"password,publickey") + b"\x00"), ) def test_noneAuthentication(self): """ A client may request a list of authentication 'method name' values that may continue by using the "none" authentication 'method name'. See RFC 4252 Section 5.2. """ d = self.authServer.ssh_USERAUTH_REQUEST( NS(b"foo") + NS(b"service") + NS(b"none") ) return d.addCallback(self._checkFailed) def test_successfulPasswordAuthentication(self): """ When provided with correct password authentication information, the server should respond by sending a MSG_USERAUTH_SUCCESS message with no other data. See RFC 4252, Section 5.1. """ packet = b"".join([NS(b"foo"), NS(b"none"), NS(b"password"), b"\0", NS(b"foo")]) d = self.authServer.ssh_USERAUTH_REQUEST(packet) def check(ignored): self.assertEqual( self.authServer.transport.packets, [(userauth.MSG_USERAUTH_SUCCESS, b"")], ) return d.addCallback(check) def test_failedPasswordAuthentication(self): """ When provided with invalid authentication details, the server should respond by sending a MSG_USERAUTH_FAILURE message which states whether the authentication was partially successful, and provides other, open options for authentication. See RFC 4252, Section 5.1. """ # packet = username, next_service, authentication type, FALSE, password packet = b"".join([NS(b"foo"), NS(b"none"), NS(b"password"), b"\0", NS(b"bar")]) self.authServer.clock = task.Clock() d = self.authServer.ssh_USERAUTH_REQUEST(packet) self.assertEqual(self.authServer.transport.packets, []) self.authServer.clock.advance(2) return d.addCallback(self._checkFailed) def test_successfulPrivateKeyAuthentication(self): """ Test that private key authentication completes successfully, """ blob = keys.Key.fromString(keydata.publicRSA_openssh).blob() obj = keys.Key.fromString(keydata.privateRSA_openssh) packet = ( NS(b"foo") + NS(b"none") + NS(b"publickey") + b"\xff" + NS(obj.sshType()) + NS(blob) ) self.authServer.transport.sessionID = b"test" signature = obj.sign( NS(b"test") + bytes((userauth.MSG_USERAUTH_REQUEST,)) + packet ) packet += NS(signature) d = self.authServer.ssh_USERAUTH_REQUEST(packet) def check(ignored): self.assertEqual( self.authServer.transport.packets, [(userauth.MSG_USERAUTH_SUCCESS, b"")], ) return d.addCallback(check) def test_requestRaisesConchError(self): """ ssh_USERAUTH_REQUEST should raise a ConchError if tryAuth returns None. Added to catch a bug noticed by pyflakes. """ d = defer.Deferred() def mockCbFinishedAuth(self, ignored): self.fail("request should have raised ConochError") def mockTryAuth(kind, user, data): return None def mockEbBadAuth(reason): d.errback(reason.value) self.patch(self.authServer, "tryAuth", mockTryAuth) self.patch(self.authServer, "_cbFinishedAuth", mockCbFinishedAuth) self.patch(self.authServer, "_ebBadAuth", mockEbBadAuth) packet = NS(b"user") + NS(b"none") + NS(b"public-key") + NS(b"data") # If an error other than ConchError is raised, this will trigger an # exception. self.authServer.ssh_USERAUTH_REQUEST(packet) return self.assertFailure(d, ConchError) def test_verifyValidPrivateKey(self): """ Test that verifying a valid private key works. """ blob = keys.Key.fromString(keydata.publicRSA_openssh).blob() packet = ( NS(b"foo") + NS(b"none") + NS(b"publickey") + b"\x00" + NS(b"ssh-rsa") + NS(blob) ) d = self.authServer.ssh_USERAUTH_REQUEST(packet) def check(ignored): self.assertEqual( self.authServer.transport.packets, [(userauth.MSG_USERAUTH_PK_OK, NS(b"ssh-rsa") + NS(blob))], ) return d.addCallback(check) def test_failedPrivateKeyAuthenticationWithoutSignature(self): """ Test that private key authentication fails when the public key is invalid. """ blob = keys.Key.fromString(keydata.publicDSA_openssh).blob() packet = ( NS(b"foo") + NS(b"none") + NS(b"publickey") + b"\x00" + NS(b"ssh-dsa") + NS(blob) ) d = self.authServer.ssh_USERAUTH_REQUEST(packet) return d.addCallback(self._checkFailed) def test_failedPrivateKeyAuthenticationWithSignature(self): """ Test that private key authentication fails when the public key is invalid. """ blob = keys.Key.fromString(keydata.publicRSA_openssh).blob() obj = keys.Key.fromString(keydata.privateRSA_openssh) packet = ( NS(b"foo") + NS(b"none") + NS(b"publickey") + b"\xff" + NS(b"ssh-rsa") + NS(blob) + NS(obj.sign(blob)) ) self.authServer.transport.sessionID = b"test" d = self.authServer.ssh_USERAUTH_REQUEST(packet) return d.addCallback(self._checkFailed) def test_unsupported_publickey(self): """ Private key authentication fails when the public key type is unsupported or the public key is corrupt. """ blob = keys.Key.fromString(keydata.publicDSA_openssh).blob() # Change the blob to a bad type blob = NS(b"ssh-bad-type") + blob[11:] packet = ( NS(b"foo") + NS(b"none") + NS(b"publickey") + b"\x00" + NS(b"ssh-rsa") + NS(blob) ) d = self.authServer.ssh_USERAUTH_REQUEST(packet) return d.addCallback(self._checkFailed) def test_ignoreUnknownCredInterfaces(self): """ L{SSHUserAuthServer} sets up C{SSHUserAuthServer.supportedAuthentications} by checking the portal's credentials interfaces and mapping them to SSH authentication method strings. If the Portal advertises an interface that L{SSHUserAuthServer} can't map, it should be ignored. This is a white box test. """ server = userauth.SSHUserAuthServer() server.transport = FakeTransport(self.portal) self.portal.registerChecker(AnonymousChecker()) server.serviceStarted() server.serviceStopped() server.supportedAuthentications.sort() # give a consistent order self.assertEqual(server.supportedAuthentications, [b"password", b"publickey"]) def test_removePasswordIfUnencrypted(self): """ Test that the userauth service does not advertise password authentication if the password would be send in cleartext. """ self.assertIn(b"password", self.authServer.supportedAuthentications) # no encryption clearAuthServer = userauth.SSHUserAuthServer() clearAuthServer.transport = FakeTransport(self.portal) clearAuthServer.transport.isEncrypted = lambda x: False clearAuthServer.serviceStarted() clearAuthServer.serviceStopped() self.assertNotIn(b"password", clearAuthServer.supportedAuthentications) # only encrypt incoming (the direction the password is sent) halfAuthServer = userauth.SSHUserAuthServer() halfAuthServer.transport = FakeTransport(self.portal) halfAuthServer.transport.isEncrypted = lambda x: x == "in" halfAuthServer.serviceStarted() halfAuthServer.serviceStopped() self.assertIn(b"password", halfAuthServer.supportedAuthentications) def test_unencryptedConnectionWithoutPasswords(self): """ If the L{SSHUserAuthServer} is not advertising passwords, then an unencrypted connection should not cause any warnings or exceptions. This is a white box test. """ # create a Portal without password authentication portal = Portal(self.realm) portal.registerChecker(PrivateKeyChecker()) # no encryption clearAuthServer = userauth.SSHUserAuthServer() clearAuthServer.transport = FakeTransport(portal) clearAuthServer.transport.isEncrypted = lambda x: False clearAuthServer.serviceStarted() clearAuthServer.serviceStopped() self.assertEqual(clearAuthServer.supportedAuthentications, [b"publickey"]) # only encrypt incoming (the direction the password is sent) halfAuthServer = userauth.SSHUserAuthServer() halfAuthServer.transport = FakeTransport(portal) halfAuthServer.transport.isEncrypted = lambda x: x == "in" halfAuthServer.serviceStarted() halfAuthServer.serviceStopped() self.assertEqual(clearAuthServer.supportedAuthentications, [b"publickey"]) def test_loginTimeout(self): """ Test that the login times out. """ timeoutAuthServer = userauth.SSHUserAuthServer() timeoutAuthServer.clock = task.Clock() timeoutAuthServer.transport = FakeTransport(self.portal) timeoutAuthServer.serviceStarted() timeoutAuthServer.clock.advance(11 * 60 * 60) timeoutAuthServer.serviceStopped() self.assertEqual( timeoutAuthServer.transport.packets, [ ( transport.MSG_DISCONNECT, b"\x00" * 3 + bytes((transport.DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE,)) + NS(b"you took too long") + NS(b""), ) ], ) self.assertTrue(timeoutAuthServer.transport.lostConnection) def test_cancelLoginTimeout(self): """ Test that stopping the service also stops the login timeout. """ timeoutAuthServer = userauth.SSHUserAuthServer() timeoutAuthServer.clock = task.Clock() timeoutAuthServer.transport = FakeTransport(self.portal) timeoutAuthServer.serviceStarted() timeoutAuthServer.serviceStopped() timeoutAuthServer.clock.advance(11 * 60 * 60) self.assertEqual(timeoutAuthServer.transport.packets, []) self.assertFalse(timeoutAuthServer.transport.lostConnection) def test_tooManyAttempts(self): """ Test that the server disconnects if the client fails authentication too many times. """ packet = b"".join([NS(b"foo"), NS(b"none"), NS(b"password"), b"\0", NS(b"bar")]) self.authServer.clock = task.Clock() for i in range(21): d = self.authServer.ssh_USERAUTH_REQUEST(packet) self.authServer.clock.advance(2) def check(ignored): self.assertEqual( self.authServer.transport.packets[-1], ( transport.MSG_DISCONNECT, b"\x00" * 3 + bytes((transport.DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE,)) + NS(b"too many bad auths") + NS(b""), ), ) return d.addCallback(check) def test_failIfUnknownService(self): """ If the user requests a service that we don't support, the authentication should fail. """ packet = NS(b"foo") + NS(b"") + NS(b"password") + b"\0" + NS(b"foo") self.authServer.clock = task.Clock() d = self.authServer.ssh_USERAUTH_REQUEST(packet) return d.addCallback(self._checkFailed) def test_tryAuthEdgeCases(self): """ tryAuth() has two edge cases that are difficult to reach. 1) an authentication method auth_* returns None instead of a Deferred. 2) an authentication type that is defined does not have a matching auth_* method. Both these cases should return a Deferred which fails with a ConchError. """ def mockAuth(packet): return None self.patch(self.authServer, "auth_publickey", mockAuth) # first case self.patch(self.authServer, "auth_password", None) # second case def secondTest(ignored): d2 = self.authServer.tryAuth(b"password", None, None) return self.assertFailure(d2, ConchError) d1 = self.authServer.tryAuth(b"publickey", None, None) return self.assertFailure(d1, ConchError).addCallback(secondTest) class SSHUserAuthClientTests(unittest.TestCase): """ Tests for SSHUserAuthClient. """ if keys is None: skip = "cannot run without cryptography" def setUp(self): self.authClient = ClientUserAuth(b"foo", FakeTransport.Service()) self.authClient.transport = FakeTransport(None) self.authClient.transport.sessionID = b"test" self.authClient.serviceStarted() def tearDown(self): self.authClient.serviceStopped() self.authClient = None def test_init(self): """ Test that client is initialized properly. """ self.assertEqual(self.authClient.user, b"foo") self.assertEqual(self.authClient.instance.name, b"nancy") self.assertEqual( self.authClient.transport.packets, [(userauth.MSG_USERAUTH_REQUEST, NS(b"foo") + NS(b"nancy") + NS(b"none"))], ) def test_USERAUTH_SUCCESS(self): """ Test that the client succeeds properly. """ instance = [None] def stubSetService(service): instance[0] = service self.authClient.transport.setService = stubSetService self.authClient.ssh_USERAUTH_SUCCESS(b"") self.assertEqual(instance[0], self.authClient.instance) def test_publickey(self): """ Test that the client can authenticate with a public key. """ self.authClient.ssh_USERAUTH_FAILURE(NS(b"publickey") + b"\x00") self.assertEqual( self.authClient.transport.packets[-1], ( userauth.MSG_USERAUTH_REQUEST, NS(b"foo") + NS(b"nancy") + NS(b"publickey") + b"\x00" + NS(b"ssh-dss") + NS(keys.Key.fromString(keydata.publicDSA_openssh).blob()), ), ) # that key isn't good self.authClient.ssh_USERAUTH_FAILURE(NS(b"publickey") + b"\x00") blob = NS(keys.Key.fromString(keydata.publicRSA_openssh).blob()) self.assertEqual( self.authClient.transport.packets[-1], ( userauth.MSG_USERAUTH_REQUEST, ( NS(b"foo") + NS(b"nancy") + NS(b"publickey") + b"\x00" + NS(b"ssh-rsa") + blob ), ), ) self.authClient.ssh_USERAUTH_PK_OK( NS(b"ssh-rsa") + NS(keys.Key.fromString(keydata.publicRSA_openssh).blob()) ) sigData = ( NS(self.authClient.transport.sessionID) + bytes((userauth.MSG_USERAUTH_REQUEST,)) + NS(b"foo") + NS(b"nancy") + NS(b"publickey") + b"\x01" + NS(b"ssh-rsa") + blob ) obj = keys.Key.fromString(keydata.privateRSA_openssh) self.assertEqual( self.authClient.transport.packets[-1], ( userauth.MSG_USERAUTH_REQUEST, NS(b"foo") + NS(b"nancy") + NS(b"publickey") + b"\x01" + NS(b"ssh-rsa") + blob + NS(obj.sign(sigData)), ), ) def test_publickey_without_privatekey(self): """ If the SSHUserAuthClient doesn't return anything from signData, the client should start the authentication over again by requesting 'none' authentication. """ authClient = ClientAuthWithoutPrivateKey(b"foo", FakeTransport.Service()) authClient.transport = FakeTransport(None) authClient.transport.sessionID = b"test" authClient.serviceStarted() authClient.tryAuth(b"publickey") authClient.transport.packets = [] self.assertIsNone(authClient.ssh_USERAUTH_PK_OK(b"")) self.assertEqual( authClient.transport.packets, [(userauth.MSG_USERAUTH_REQUEST, NS(b"foo") + NS(b"nancy") + NS(b"none"))], ) def test_no_publickey(self): """ If there's no public key, auth_publickey should return a Deferred called back with a False value. """ self.authClient.getPublicKey = lambda x: None d = self.authClient.tryAuth(b"publickey") def check(result): self.assertFalse(result) return d.addCallback(check) def test_password(self): """ Test that the client can authentication with a password. This includes changing the password. """ self.authClient.ssh_USERAUTH_FAILURE(NS(b"password") + b"\x00") self.assertEqual( self.authClient.transport.packets[-1], ( userauth.MSG_USERAUTH_REQUEST, NS(b"foo") + NS(b"nancy") + NS(b"password") + b"\x00" + NS(b"foo"), ), ) self.authClient.ssh_USERAUTH_PK_OK(NS(b"") + NS(b"")) self.assertEqual( self.authClient.transport.packets[-1], ( userauth.MSG_USERAUTH_REQUEST, NS(b"foo") + NS(b"nancy") + NS(b"password") + b"\xff" + NS(b"foo") * 2, ), ) def test_no_password(self): """ If getPassword returns None, tryAuth should return False. """ self.authClient.getPassword = lambda: None self.assertFalse(self.authClient.tryAuth(b"password")) def test_keyboardInteractive(self): """ Make sure that the client can authenticate with the keyboard interactive method. """ self.authClient.ssh_USERAUTH_PK_OK_keyboard_interactive( NS(b"") + NS(b"") + NS(b"") + b"\x00\x00\x00\x01" + NS(b"Password: ") + b"\x00" ) self.assertEqual( self.authClient.transport.packets[-1], ( userauth.MSG_USERAUTH_INFO_RESPONSE, b"\x00\x00\x00\x02" + NS(b"foo") + NS(b"foo"), ), ) def test_USERAUTH_PK_OK_unknown_method(self): """ If C{SSHUserAuthClient} gets a MSG_USERAUTH_PK_OK packet when it's not expecting it, it should fail the current authentication and move on to the next type. """ self.authClient.lastAuth = b"unknown" self.authClient.transport.packets = [] self.authClient.ssh_USERAUTH_PK_OK(b"") self.assertEqual( self.authClient.transport.packets, [(userauth.MSG_USERAUTH_REQUEST, NS(b"foo") + NS(b"nancy") + NS(b"none"))], ) def test_USERAUTH_FAILURE_sorting(self): """ ssh_USERAUTH_FAILURE should sort the methods by their position in SSHUserAuthClient.preferredOrder. Methods that are not in preferredOrder should be sorted at the end of that list. """ def auth_firstmethod(): self.authClient.transport.sendPacket(255, b"here is data") def auth_anothermethod(): self.authClient.transport.sendPacket(254, b"other data") return True self.authClient.auth_firstmethod = auth_firstmethod self.authClient.auth_anothermethod = auth_anothermethod # although they shouldn't get called, method callbacks auth_* MUST # exist in order for the test to work properly. self.authClient.ssh_USERAUTH_FAILURE(NS(b"anothermethod,password") + b"\x00") # should send password packet self.assertEqual( self.authClient.transport.packets[-1], ( userauth.MSG_USERAUTH_REQUEST, NS(b"foo") + NS(b"nancy") + NS(b"password") + b"\x00" + NS(b"foo"), ), ) self.authClient.ssh_USERAUTH_FAILURE( NS(b"firstmethod,anothermethod,password") + b"\xff" ) self.assertEqual( self.authClient.transport.packets[-2:], [(255, b"here is data"), (254, b"other data")], ) def test_disconnectIfNoMoreAuthentication(self): """ If there are no more available user authentication messages, the SSHUserAuthClient should disconnect with code DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE. """ self.authClient.ssh_USERAUTH_FAILURE(NS(b"password") + b"\x00") self.authClient.ssh_USERAUTH_FAILURE(NS(b"password") + b"\xff") self.assertEqual( self.authClient.transport.packets[-1], ( transport.MSG_DISCONNECT, b"\x00\x00\x00\x0e" + NS(b"no more authentication methods available") + b"\x00\x00\x00\x00", ), ) def test_ebAuth(self): """ _ebAuth (the generic authentication error handler) should send a request for the 'none' authentication method. """ self.authClient.transport.packets = [] self.authClient._ebAuth(None) self.assertEqual( self.authClient.transport.packets, [(userauth.MSG_USERAUTH_REQUEST, NS(b"foo") + NS(b"nancy") + NS(b"none"))], ) def test_defaults(self): """ getPublicKey() should return None. getPrivateKey() should return a failed Deferred. getPassword() should return a failed Deferred. getGenericAnswers() should return a failed Deferred. """ authClient = userauth.SSHUserAuthClient(b"foo", FakeTransport.Service()) self.assertIsNone(authClient.getPublicKey()) def check(result): result.trap(NotImplementedError) d = authClient.getPassword() return d.addCallback(self.fail).addErrback(check2) def check2(result): result.trap(NotImplementedError) d = authClient.getGenericAnswers(None, None, None) return d.addCallback(self.fail).addErrback(check3) def check3(result): result.trap(NotImplementedError) d = authClient.getPrivateKey() return d.addCallback(self.fail).addErrback(check) class LoopbackTests(unittest.TestCase): if keys is None: skip = "cannot run without cryptography or PyASN1" class Factory: class Service: name = b"TestService" def serviceStarted(self): self.transport.loseConnection() def serviceStopped(self): pass def getService(self, avatar, name): return self.Service def test_loopback(self): """ Test that the userauth server and client play nicely with each other. """ server = userauth.SSHUserAuthServer() client = ClientUserAuth(b"foo", self.Factory.Service()) # set up transports server.transport = transport.SSHTransportBase() server.transport.service = server server.transport.isEncrypted = lambda x: True client.transport = transport.SSHTransportBase() client.transport.service = client server.transport.sessionID = client.transport.sessionID = b"" # don't send key exchange packet server.transport.sendKexInit = client.transport.sendKexInit = lambda: None # set up server authentication server.transport.factory = self.Factory() server.passwordDelay = 0 # remove bad password delay realm = Realm() portal = Portal(realm) checker = SSHProtocolChecker() checker.registerChecker(PasswordChecker()) checker.registerChecker(PrivateKeyChecker()) checker.areDone = lambda aId: (len(checker.successfulCredentials[aId]) == 2) portal.registerChecker(checker) server.transport.factory.portal = portal d = loopback.loopbackAsync(server.transport, client.transport) server.transport.transport.logPrefix = lambda: "_ServerLoopback" client.transport.transport.logPrefix = lambda: "_ClientLoopback" server.serviceStarted() client.serviceStarted() def check(ignored): self.assertEqual(server.transport.service.name, b"TestService") return d.addCallback(check) class ModuleInitializationTests(unittest.TestCase): if keys is None: skip = "cannot run without cryptography or PyASN1" def test_messages(self): # Several message types have value 60, check that MSG_USERAUTH_PK_OK # is always the one which is mapped. self.assertEqual( userauth.SSHUserAuthServer.protocolMessages[60], "MSG_USERAUTH_PK_OK" ) self.assertEqual( userauth.SSHUserAuthClient.protocolMessages[60], "MSG_USERAUTH_PK_OK" ) ��test/test_telnet.py��0000644��00000064267�15027667726�0010470 0��ustar�00��# -- test-case-name: twisted.conch.test.test_telnet -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for L{twisted.conch.telnet}. """ from zope.interface import implementer from zope.interface.verify import verifyObject from twisted.conch import telnet from twisted.internet import defer from twisted.python.compat import iterbytes from twisted.test import proto_helpers from twisted.trial import unittest @implementer(telnet.ITelnetProtocol) class TestProtocol: localEnableable = () remoteEnableable = () def __init__(self): self.data = b"" self.subcmd = [] self.calls = [] self.enabledLocal = [] self.enabledRemote = [] self.disabledLocal = [] self.disabledRemote = [] def makeConnection(self, transport): d = transport.negotiationMap = {} d[b"\x12"] = self.neg_TEST_COMMAND d = transport.commandMap = transport.commandMap.copy() for cmd in ("EOR", "NOP", "DM", "BRK", "IP", "AO", "AYT", "EC", "EL", "GA"): d[getattr(telnet, cmd)] = lambda arg, cmd=cmd: self.calls.append(cmd) def dataReceived(self, data): self.data += data def connectionLost(self, reason): pass def neg_TEST_COMMAND(self, payload): self.subcmd = payload def enableLocal(self, option): if option in self.localEnableable: self.enabledLocal.append(option) return True return False def disableLocal(self, option): self.disabledLocal.append(option) def enableRemote(self, option): if option in self.remoteEnableable: self.enabledRemote.append(option) return True return False def disableRemote(self, option): self.disabledRemote.append(option) def connectionMade(self): # IProtocol.connectionMade pass def unhandledCommand(self, command, argument): # ITelnetProtocol.unhandledCommand pass def unhandledSubnegotiation(self, command, data): # ITelnetProtocol.unhandledSubnegotiation pass class InterfacesTests(unittest.TestCase): def test_interface(self): """ L{telnet.TelnetProtocol} implements L{telnet.ITelnetProtocol} """ p = telnet.TelnetProtocol() verifyObject(telnet.ITelnetProtocol, p) class TelnetTransportTests(unittest.TestCase): """ Tests for L{telnet.TelnetTransport}. """ def setUp(self): self.p = telnet.TelnetTransport(TestProtocol) self.t = proto_helpers.StringTransport() self.p.makeConnection(self.t) def testRegularBytes(self): # Just send a bunch of bytes. None of these do anything # with telnet. They should pass right through to the # application layer. h = self.p.protocol L = [ b"here are some bytes la la la", b"some more arrive here", b"lots of bytes to play with", b"la la la", b"ta de da", b"dum", ] for b in L: self.p.dataReceived(b) self.assertEqual(h.data, b"".join(L)) def testNewlineHandling(self): # Send various kinds of newlines and make sure they get translated # into \n. h = self.p.protocol L = [ b"here is the first line\r\n", b"here is the second line\r\0", b"here is the third line\r\n", b"here is the last line\r\0", ] for b in L: self.p.dataReceived(b) self.assertEqual( h.data, L[0][:-2] + b"\n" + L[1][:-2] + b"\r" + L[2][:-2] + b"\n" + L[3][:-2] + b"\r", ) def testIACEscape(self): # Send a bunch of bytes and a couple quoted \xFFs. Unquoted, # \xFF is a telnet command. Quoted, one of them from each pair # should be passed through to the application layer. h = self.p.protocol L = [ b"here are some bytes\xff\xff with an embedded IAC", b"and here is a test of a border escape\xff", b"\xff did you get that IAC?", ] for b in L: self.p.dataReceived(b) self.assertEqual(h.data, b"".join(L).replace(b"\xff\xff", b"\xff")) def _simpleCommandTest(self, cmdName): # Send a single simple telnet command and make sure # it gets noticed and the appropriate method gets # called. h = self.p.protocol cmd = telnet.IAC + getattr(telnet, cmdName) L = [b"Here's some bytes, tra la la", b"But ono!" + cmd + b" an interrupt"] for b in L: self.p.dataReceived(b) self.assertEqual(h.calls, [cmdName]) self.assertEqual(h.data, b"".join(L).replace(cmd, b"")) def testInterrupt(self): self._simpleCommandTest("IP") def testEndOfRecord(self): self._simpleCommandTest("EOR") def testNoOperation(self): self._simpleCommandTest("NOP") def testDataMark(self): self._simpleCommandTest("DM") def testBreak(self): self._simpleCommandTest("BRK") def testAbortOutput(self): self._simpleCommandTest("AO") def testAreYouThere(self): self._simpleCommandTest("AYT") def testEraseCharacter(self): self._simpleCommandTest("EC") def testEraseLine(self): self._simpleCommandTest("EL") def testGoAhead(self): self._simpleCommandTest("GA") def testSubnegotiation(self): # Send a subnegotiation command and make sure it gets # parsed and that the correct method is called. h = self.p.protocol cmd = telnet.IAC + telnet.SB + b"\x12hello world" + telnet.IAC + telnet.SE L = [b"These are some bytes but soon" + cmd, b"there will be some more"] for b in L: self.p.dataReceived(b) self.assertEqual(h.data, b"".join(L).replace(cmd, b"")) self.assertEqual(h.subcmd, list(iterbytes(b"hello world"))) def testSubnegotiationWithEmbeddedSE(self): # Send a subnegotiation command with an embedded SE. Make sure # that SE gets passed to the correct method. h = self.p.protocol cmd = telnet.IAC + telnet.SB + b"\x12" + telnet.SE + telnet.IAC + telnet.SE L = [b"Some bytes are here" + cmd + b"and here", b"and here"] for b in L: self.p.dataReceived(b) self.assertEqual(h.data, b"".join(L).replace(cmd, b"")) self.assertEqual(h.subcmd, [telnet.SE]) def testBoundarySubnegotiation(self): # Send a subnegotiation command. Split it at every possible byte boundary # and make sure it always gets parsed and that it is passed to the correct # method. cmd = ( telnet.IAC + telnet.SB + b"\x12" + telnet.SE + b"hello" + telnet.IAC + telnet.SE ) for i in range(len(cmd)): h = self.p.protocol = TestProtocol() h.makeConnection(self.p) a, b = cmd[:i], cmd[i:] L = [b"first part" + a, b + b"last part"] for data in L: self.p.dataReceived(data) self.assertEqual(h.data, b"".join(L).replace(cmd, b"")) self.assertEqual(h.subcmd, [telnet.SE] + list(iterbytes(b"hello"))) def _enabledHelper(self, o, eL=[], eR=[], dL=[], dR=[]): self.assertEqual(o.enabledLocal, eL) self.assertEqual(o.enabledRemote, eR) self.assertEqual(o.disabledLocal, dL) self.assertEqual(o.disabledRemote, dR) def testRefuseWill(self): # Try to enable an option. The server should refuse to enable it. cmd = telnet.IAC + telnet.WILL + b"\x12" data = b"surrounding bytes" + cmd + b"to spice things up" self.p.dataReceived(data) self.assertEqual(self.p.protocol.data, data.replace(cmd, b"")) self.assertEqual(self.t.value(), telnet.IAC + telnet.DONT + b"\x12") self._enabledHelper(self.p.protocol) def testRefuseDo(self): # Try to enable an option. The server should refuse to enable it. cmd = telnet.IAC + telnet.DO + b"\x12" data = b"surrounding bytes" + cmd + b"to spice things up" self.p.dataReceived(data) self.assertEqual(self.p.protocol.data, data.replace(cmd, b"")) self.assertEqual(self.t.value(), telnet.IAC + telnet.WONT + b"\x12") self._enabledHelper(self.p.protocol) def testAcceptDo(self): # Try to enable an option. The option is in our allowEnable # list, so we will allow it to be enabled. cmd = telnet.IAC + telnet.DO + b"\x19" data = b"padding" + cmd + b"trailer" h = self.p.protocol h.localEnableable = (b"\x19",) self.p.dataReceived(data) self.assertEqual(self.t.value(), telnet.IAC + telnet.WILL + b"\x19") self._enabledHelper(h, eL=[b"\x19"]) def testAcceptWill(self): # Same as testAcceptDo, but reversed. cmd = telnet.IAC + telnet.WILL + b"\x91" data = b"header" + cmd + b"padding" h = self.p.protocol h.remoteEnableable = (b"\x91",) self.p.dataReceived(data) self.assertEqual(self.t.value(), telnet.IAC + telnet.DO + b"\x91") self._enabledHelper(h, eR=[b"\x91"]) def testAcceptWont(self): # Try to disable an option. The server must allow any option to # be disabled at any time. Make sure it disables it and sends # back an acknowledgement of this. cmd = telnet.IAC + telnet.WONT + b"\x29" # Jimmy it - after these two lines, the server will be in a state # such that it believes the option to have been previously enabled # via normal negotiation. s = self.p.getOptionState(b"\x29") s.him.state = "yes" data = b"fiddle dee" + cmd self.p.dataReceived(data) self.assertEqual(self.p.protocol.data, data.replace(cmd, b"")) self.assertEqual(self.t.value(), telnet.IAC + telnet.DONT + b"\x29") self.assertEqual(s.him.state, "no") self._enabledHelper(self.p.protocol, dR=[b"\x29"]) def testAcceptDont(self): # Try to disable an option. The server must allow any option to # be disabled at any time. Make sure it disables it and sends # back an acknowledgement of this. cmd = telnet.IAC + telnet.DONT + b"\x29" # Jimmy it - after these two lines, the server will be in a state # such that it believes the option to have beenp previously enabled # via normal negotiation. s = self.p.getOptionState(b"\x29") s.us.state = "yes" data = b"fiddle dum " + cmd self.p.dataReceived(data) self.assertEqual(self.p.protocol.data, data.replace(cmd, b"")) self.assertEqual(self.t.value(), telnet.IAC + telnet.WONT + b"\x29") self.assertEqual(s.us.state, "no") self._enabledHelper(self.p.protocol, dL=[b"\x29"]) def testIgnoreWont(self): # Try to disable an option. The option is already disabled. The # server should send nothing in response to this. cmd = telnet.IAC + telnet.WONT + b"\x47" data = b"dum de dum" + cmd + b"tra la la" self.p.dataReceived(data) self.assertEqual(self.p.protocol.data, data.replace(cmd, b"")) self.assertEqual(self.t.value(), b"") self._enabledHelper(self.p.protocol) def testIgnoreDont(self): # Try to disable an option. The option is already disabled. The # server should send nothing in response to this. Doing so could # lead to a negotiation loop. cmd = telnet.IAC + telnet.DONT + b"\x47" data = b"dum de dum" + cmd + b"tra la la" self.p.dataReceived(data) self.assertEqual(self.p.protocol.data, data.replace(cmd, b"")) self.assertEqual(self.t.value(), b"") self._enabledHelper(self.p.protocol) def testIgnoreWill(self): # Try to enable an option. The option is already enabled. The # server should send nothing in response to this. Doing so could # lead to a negotiation loop. cmd = telnet.IAC + telnet.WILL + b"\x56" # Jimmy it - after these two lines, the server will be in a state # such that it believes the option to have been previously enabled # via normal negotiation. s = self.p.getOptionState(b"\x56") s.him.state = "yes" data = b"tra la la" + cmd + b"dum de dum" self.p.dataReceived(data) self.assertEqual(self.p.protocol.data, data.replace(cmd, b"")) self.assertEqual(self.t.value(), b"") self._enabledHelper(self.p.protocol) def testIgnoreDo(self): # Try to enable an option. The option is already enabled. The # server should send nothing in response to this. Doing so could # lead to a negotiation loop. cmd = telnet.IAC + telnet.DO + b"\x56" # Jimmy it - after these two lines, the server will be in a state # such that it believes the option to have been previously enabled # via normal negotiation. s = self.p.getOptionState(b"\x56") s.us.state = "yes" data = b"tra la la" + cmd + b"dum de dum" self.p.dataReceived(data) self.assertEqual(self.p.protocol.data, data.replace(cmd, b"")) self.assertEqual(self.t.value(), b"") self._enabledHelper(self.p.protocol) def testAcceptedEnableRequest(self): # Try to enable an option through the user-level API. This # returns a Deferred that fires when negotiation about the option # finishes. Make sure it fires, make sure state gets updated # properly, make sure the result indicates the option was enabled. d = self.p.do(b"\x42") h = self.p.protocol h.remoteEnableable = (b"\x42",) self.assertEqual(self.t.value(), telnet.IAC + telnet.DO + b"\x42") self.p.dataReceived(telnet.IAC + telnet.WILL + b"\x42") d.addCallback(self.assertEqual, True) d.addCallback(lambda _: self._enabledHelper(h, eR=[b"\x42"])) return d def test_refusedEnableRequest(self): """ If the peer refuses to enable an option we request it to enable, the L{Deferred} returned by L{TelnetProtocol.do} fires with an L{OptionRefused} L{Failure}. """ # Try to enable an option through the user-level API. This returns a # Deferred that fires when negotiation about the option finishes. Make # sure it fires, make sure state gets updated properly, make sure the # result indicates the option was enabled. self.p.protocol.remoteEnableable = (b"\x42",) d = self.p.do(b"\x42") self.assertEqual(self.t.value(), telnet.IAC + telnet.DO + b"\x42") s = self.p.getOptionState(b"\x42") self.assertEqual(s.him.state, "no") self.assertEqual(s.us.state, "no") self.assertTrue(s.him.negotiating) self.assertFalse(s.us.negotiating) self.p.dataReceived(telnet.IAC + telnet.WONT + b"\x42") d = self.assertFailure(d, telnet.OptionRefused) d.addCallback(lambda ignored: self._enabledHelper(self.p.protocol)) d.addCallback(lambda ignored: self.assertFalse(s.him.negotiating)) return d def test_refusedEnableOffer(self): """ If the peer refuses to allow us to enable an option, the L{Deferred} returned by L{TelnetProtocol.will} fires with an L{OptionRefused} L{Failure}. """ # Try to offer an option through the user-level API. This returns a # Deferred that fires when negotiation about the option finishes. Make # sure it fires, make sure state gets updated properly, make sure the # result indicates the option was enabled. self.p.protocol.localEnableable = (b"\x42",) d = self.p.will(b"\x42") self.assertEqual(self.t.value(), telnet.IAC + telnet.WILL + b"\x42") s = self.p.getOptionState(b"\x42") self.assertEqual(s.him.state, "no") self.assertEqual(s.us.state, "no") self.assertFalse(s.him.negotiating) self.assertTrue(s.us.negotiating) self.p.dataReceived(telnet.IAC + telnet.DONT + b"\x42") d = self.assertFailure(d, telnet.OptionRefused) d.addCallback(lambda ignored: self._enabledHelper(self.p.protocol)) d.addCallback(lambda ignored: self.assertFalse(s.us.negotiating)) return d def testAcceptedDisableRequest(self): # Try to disable an option through the user-level API. This # returns a Deferred that fires when negotiation about the option # finishes. Make sure it fires, make sure state gets updated # properly, make sure the result indicates the option was enabled. s = self.p.getOptionState(b"\x42") s.him.state = "yes" d = self.p.dont(b"\x42") self.assertEqual(self.t.value(), telnet.IAC + telnet.DONT + b"\x42") self.p.dataReceived(telnet.IAC + telnet.WONT + b"\x42") d.addCallback(self.assertEqual, True) d.addCallback(lambda _: self._enabledHelper(self.p.protocol, dR=[b"\x42"])) return d def testNegotiationBlocksFurtherNegotiation(self): # Try to disable an option, then immediately try to enable it, then # immediately try to disable it. Ensure that the 2nd and 3rd calls # fail quickly with the right exception. s = self.p.getOptionState(b"\x24") s.him.state = "yes" self.p.dont(b"\x24") # fires after the first line of _final def _do(x): d = self.p.do(b"\x24") return self.assertFailure(d, telnet.AlreadyNegotiating) def _dont(x): d = self.p.dont(b"\x24") return self.assertFailure(d, telnet.AlreadyNegotiating) def _final(x): self.p.dataReceived(telnet.IAC + telnet.WONT + b"\x24") # an assertion that only passes if d2 has fired self._enabledHelper(self.p.protocol, dR=[b"\x24"]) # Make sure we allow this self.p.protocol.remoteEnableable = (b"\x24",) d = self.p.do(b"\x24") self.p.dataReceived(telnet.IAC + telnet.WILL + b"\x24") d.addCallback(self.assertEqual, True) d.addCallback( lambda _: self._enabledHelper( self.p.protocol, eR=[b"\x24"], dR=[b"\x24"] ) ) return d d = _do(None) d.addCallback(_dont) d.addCallback(_final) return d def testSuperfluousDisableRequestRaises(self): # Try to disable a disabled option. Make sure it fails properly. d = self.p.dont(b"\xab") return self.assertFailure(d, telnet.AlreadyDisabled) def testSuperfluousEnableRequestRaises(self): # Try to disable a disabled option. Make sure it fails properly. s = self.p.getOptionState(b"\xab") s.him.state = "yes" d = self.p.do(b"\xab") return self.assertFailure(d, telnet.AlreadyEnabled) def testLostConnectionFailsDeferreds(self): d1 = self.p.do(b"\x12") d2 = self.p.do(b"\x23") d3 = self.p.do(b"\x34") class TestException(Exception): pass self.p.connectionLost(TestException("Total failure!")) d1 = self.assertFailure(d1, TestException) d2 = self.assertFailure(d2, TestException) d3 = self.assertFailure(d3, TestException) return defer.gatherResults([d1, d2, d3]) class TestTelnet(telnet.Telnet): """ A trivial extension of the telnet protocol class useful to unit tests. """ def __init__(self): telnet.Telnet.__init__(self) self.events = [] def applicationDataReceived(self, data): """ Record the given data in C{self.events}. """ self.events.append(("bytes", data)) def unhandledCommand(self, command, data): """ Record the given command in C{self.events}. """ self.events.append(("command", command, data)) def unhandledSubnegotiation(self, command, data): """ Record the given subnegotiation command in C{self.events}. """ self.events.append(("negotiate", command, data)) class TelnetTests(unittest.TestCase): """ Tests for L{telnet.Telnet}. L{telnet.Telnet} implements the TELNET protocol (RFC 854), including option and suboption negotiation, and option state tracking. """ def setUp(self): """ Create an unconnected L{telnet.Telnet} to be used by tests. """ self.protocol = TestTelnet() def test_enableLocal(self): """ L{telnet.Telnet.enableLocal} should reject all options, since L{telnet.Telnet} does not know how to implement any options. """ self.assertFalse(self.protocol.enableLocal(b"\0")) def test_enableRemote(self): """ L{telnet.Telnet.enableRemote} should reject all options, since L{telnet.Telnet} does not know how to implement any options. """ self.assertFalse(self.protocol.enableRemote(b"\0")) def test_disableLocal(self): """ It is an error for L{telnet.Telnet.disableLocal} to be called, since L{telnet.Telnet.enableLocal} will never allow any options to be enabled locally. If a subclass overrides enableLocal, it must also override disableLocal. """ self.assertRaises(NotImplementedError, self.protocol.disableLocal, b"\0") def test_disableRemote(self): """ It is an error for L{telnet.Telnet.disableRemote} to be called, since L{telnet.Telnet.enableRemote} will never allow any options to be enabled remotely. If a subclass overrides enableRemote, it must also override disableRemote. """ self.assertRaises(NotImplementedError, self.protocol.disableRemote, b"\0") def test_requestNegotiation(self): """ L{telnet.Telnet.requestNegotiation} formats the feature byte and the payload bytes into the subnegotiation format and sends them. See RFC 855. """ transport = proto_helpers.StringTransport() self.protocol.makeConnection(transport) self.protocol.requestNegotiation(b"\x01", b"\x02\x03") self.assertEqual( transport.value(), # IAC SB feature bytes IAC SE b"\xff\xfa\x01\x02\x03\xff\xf0", ) def test_requestNegotiationEscapesIAC(self): """ If the payload for a subnegotiation includes I{IAC}, it is escaped by L{telnet.Telnet.requestNegotiation} with another I{IAC}. See RFC 855. """ transport = proto_helpers.StringTransport() self.protocol.makeConnection(transport) self.protocol.requestNegotiation(b"\x01", b"\xff") self.assertEqual(transport.value(), b"\xff\xfa\x01\xff\xff\xff\xf0") def _deliver(self, data, expected): """ Pass the given bytes to the protocol's C{dataReceived} method and assert that the given events occur. """ received = self.protocol.events = [] self.protocol.dataReceived(data) self.assertEqual(received, list(expected)) def test_oneApplicationDataByte(self): """ One application-data byte in the default state gets delivered right away. """ self._deliver(b"a", ("bytes", b"a")) def test_twoApplicationDataBytes(self): """ Two application-data bytes in the default state get delivered together. """ self._deliver(b"bc", ("bytes", b"bc")) def test_threeApplicationDataBytes(self): """ Three application-data bytes followed by a control byte get delivered, but the control byte doesn't. """ self._deliver(b"def" + telnet.IAC, ("bytes", b"def")) def test_escapedControl(self): """ IAC in the escaped state gets delivered and so does another application-data byte following it. """ self._deliver(telnet.IAC) self._deliver(telnet.IAC + b"g", ("bytes", telnet.IAC + b"g")) def test_carriageReturn(self): """ A carriage return only puts the protocol into the newline state. A linefeed in the newline state causes just the newline to be delivered. A nul in the newline state causes a carriage return to be delivered. An IAC in the newline state causes a carriage return to be delivered and puts the protocol into the escaped state. Anything else causes a carriage return and that thing to be delivered. """ self._deliver(b"\r") self._deliver(b"\n", ("bytes", b"\n")) self._deliver(b"\r\n", ("bytes", b"\n")) self._deliver(b"\r") self._deliver(b"\0", ("bytes", b"\r")) self._deliver(b"\r\0", ("bytes", b"\r")) self._deliver(b"\r") self._deliver(b"a", ("bytes", b"\ra")) self._deliver(b"\ra", ("bytes", b"\ra")) self._deliver(b"\r") self._deliver( telnet.IAC + telnet.IAC + b"x", ("bytes", b"\r" + telnet.IAC + b"x") ) def test_applicationDataBeforeSimpleCommand(self): """ Application bytes received before a command are delivered before the command is processed. """ self._deliver( b"x" + telnet.IAC + telnet.NOP, ("bytes", b"x"), ("command", telnet.NOP, None), ) def test_applicationDataBeforeCommand(self): """ Application bytes received before a WILL/WONT/DO/DONT are delivered before the command is processed. """ self.protocol.commandMap = {} self._deliver( b"y" + telnet.IAC + telnet.WILL + b"\x00", ("bytes", b"y"), ("command", telnet.WILL, b"\x00"), ) def test_applicationDataBeforeSubnegotiation(self): """ Application bytes received before a subnegotiation command are delivered before the negotiation is processed. """ self._deliver( b"z" + telnet.IAC + telnet.SB + b"Qx" + telnet.IAC + telnet.SE, ("bytes", b"z"), ("negotiate", b"Q", [b"x"]), ) ��test/test_default.py��0000644��00000026504�15027667726�0010611 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for L{twisted.conch.client.default}. """ import sys from unittest import skipIf from twisted.conch.error import ConchError from twisted.conch.test import keydata from twisted.python.compat import nativeString from twisted.python.filepath import FilePath from twisted.python.reflect import requireModule from twisted.python.runtime import platform from twisted.test.proto_helpers import StringTransport from twisted.trial.unittest import TestCase doSkip = False skipReason = "" if requireModule("cryptography") and requireModule("pyasn1"): from twisted.conch.client import default from twisted.conch.client.agent import SSHAgentClient from twisted.conch.client.default import SSHUserAuthClient from twisted.conch.client.options import ConchOptions from twisted.conch.ssh.keys import Key else: doSkip = True skipReason = "cryptography and PyASN1 required for twisted.conch.client.default." skip = skipReason # no SSL available, skip the entire module if platform.isWindows(): doSkip = True skipReason = ( "genericAnswers and getPassword does not work on Windows." " Should be fixed as part of fixing bug 6409 and 6410" ) if not sys.stdin.isatty(): doSkip = True skipReason = "sys.stdin is not an interactive tty" if not sys.stdout.isatty(): doSkip = True skipReason = "sys.stdout is not an interactive tty" class SSHUserAuthClientTests(TestCase): """ Tests for L{SSHUserAuthClient}. @type rsaPublic: L{Key} @ivar rsaPublic: A public RSA key. """ def setUp(self): self.rsaPublic = Key.fromString(keydata.publicRSA_openssh) self.tmpdir = FilePath(self.mktemp()) self.tmpdir.makedirs() self.rsaFile = self.tmpdir.child("id_rsa") self.rsaFile.setContent(keydata.privateRSA_openssh) self.tmpdir.child("id_rsa.pub").setContent(keydata.publicRSA_openssh) def test_signDataWithAgent(self): """ When connected to an agent, L{SSHUserAuthClient} can use it to request signatures of particular data with a particular L{Key}. """ client = SSHUserAuthClient(b"user", ConchOptions(), None) agent = SSHAgentClient() transport = StringTransport() agent.makeConnection(transport) client.keyAgent = agent cleartext = b"Sign here" client.signData(self.rsaPublic, cleartext) self.assertEqual( transport.value(), b"\x00\x00\x01\x2d\r\x00\x00\x01\x17" + self.rsaPublic.blob() + b"\x00\x00\x00\t" + cleartext + b"\x00\x00\x00\x00", ) def test_agentGetPublicKey(self): """ L{SSHUserAuthClient} looks up public keys from the agent using the L{SSHAgentClient} class. That L{SSHAgentClient.getPublicKey} returns a L{Key} object with one of the public keys in the agent. If no more keys are present, it returns L{None}. """ agent = SSHAgentClient() agent.blobs = [self.rsaPublic.blob()] key = agent.getPublicKey() self.assertTrue(key.isPublic()) self.assertEqual(key, self.rsaPublic) self.assertIsNone(agent.getPublicKey()) def test_getPublicKeyFromFile(self): """ L{SSHUserAuthClient.getPublicKey()} is able to get a public key from the first file described by its options' C{identitys} list, and return the corresponding public L{Key} object. """ options = ConchOptions() options.identitys = [self.rsaFile.path] client = SSHUserAuthClient(b"user", options, None) key = client.getPublicKey() self.assertTrue(key.isPublic()) self.assertEqual(key, self.rsaPublic) def test_getPublicKeyAgentFallback(self): """ If an agent is present, but doesn't return a key, L{SSHUserAuthClient.getPublicKey} continue with the normal key lookup. """ options = ConchOptions() options.identitys = [self.rsaFile.path] agent = SSHAgentClient() client = SSHUserAuthClient(b"user", options, None) client.keyAgent = agent key = client.getPublicKey() self.assertTrue(key.isPublic()) self.assertEqual(key, self.rsaPublic) def test_getPublicKeyBadKeyError(self): """ If L{keys.Key.fromFile} raises a L{keys.BadKeyError}, the L{SSHUserAuthClient.getPublicKey} tries again to get a public key by calling itself recursively. """ options = ConchOptions() self.tmpdir.child("id_dsa.pub").setContent(keydata.publicDSA_openssh) dsaFile = self.tmpdir.child("id_dsa") dsaFile.setContent(keydata.privateDSA_openssh) options.identitys = [self.rsaFile.path, dsaFile.path] self.tmpdir.child("id_rsa.pub").setContent(b"not a key!") client = SSHUserAuthClient(b"user", options, None) key = client.getPublicKey() self.assertTrue(key.isPublic()) self.assertEqual(key, Key.fromString(keydata.publicDSA_openssh)) self.assertEqual(client.usedFiles, [self.rsaFile.path, dsaFile.path]) def test_getPrivateKey(self): """ L{SSHUserAuthClient.getPrivateKey} will load a private key from the last used file populated by L{SSHUserAuthClient.getPublicKey}, and return a L{Deferred} which fires with the corresponding private L{Key}. """ rsaPrivate = Key.fromString(keydata.privateRSA_openssh) options = ConchOptions() options.identitys = [self.rsaFile.path] client = SSHUserAuthClient(b"user", options, None) # Populate the list of used files client.getPublicKey() def _cbGetPrivateKey(key): self.assertFalse(key.isPublic()) self.assertEqual(key, rsaPrivate) return client.getPrivateKey().addCallback(_cbGetPrivateKey) def test_getPrivateKeyPassphrase(self): """ L{SSHUserAuthClient} can get a private key from a file, and return a Deferred called back with a private L{Key} object, even if the key is encrypted. """ rsaPrivate = Key.fromString(keydata.privateRSA_openssh) passphrase = b"this is the passphrase" self.rsaFile.setContent(rsaPrivate.toString("openssh", passphrase=passphrase)) options = ConchOptions() options.identitys = [self.rsaFile.path] client = SSHUserAuthClient(b"user", options, None) # Populate the list of used files client.getPublicKey() def _getPassword(prompt): self.assertEqual( prompt, f"Enter passphrase for key '{self.rsaFile.path}': " ) return nativeString(passphrase) def _cbGetPrivateKey(key): self.assertFalse(key.isPublic()) self.assertEqual(key, rsaPrivate) self.patch(client, "_getPassword", _getPassword) return client.getPrivateKey().addCallback(_cbGetPrivateKey) @skipIf(doSkip, skipReason) def test_getPassword(self): """ Get the password using L{twisted.conch.client.default.SSHUserAuthClient.getPassword} """ class FakeTransport: def __init__(self, host): self.transport = self self.host = host def getPeer(self): return self options = ConchOptions() client = SSHUserAuthClient(b"user", options, None) client.transport = FakeTransport("127.0.0.1") def getpass(prompt): self.assertEqual(prompt, "user@127.0.0.1's password: ") return "bad password" self.patch(default.getpass, "getpass", getpass) d = client.getPassword() d.addCallback(self.assertEqual, b"bad password") return d @skipIf(doSkip, skipReason) def test_getPasswordPrompt(self): """ Get the password using L{twisted.conch.client.default.SSHUserAuthClient.getPassword} using a different prompt. """ options = ConchOptions() client = SSHUserAuthClient(b"user", options, None) prompt = b"Give up your password" def getpass(p): self.assertEqual(p, nativeString(prompt)) return "bad password" self.patch(default.getpass, "getpass", getpass) d = client.getPassword(prompt) d.addCallback(self.assertEqual, b"bad password") return d @skipIf(doSkip, skipReason) def test_getPasswordConchError(self): """ Get the password using L{twisted.conch.client.default.SSHUserAuthClient.getPassword} and trigger a {twisted.conch.error import ConchError}. """ options = ConchOptions() client = SSHUserAuthClient(b"user", options, None) def getpass(prompt): raise KeyboardInterrupt("User pressed CTRL-C") self.patch(default.getpass, "getpass", getpass) stdout, stdin = sys.stdout, sys.stdin d = client.getPassword(b"?") @d.addErrback def check_sys(fail): self.assertEqual([stdout, stdin], [sys.stdout, sys.stdin]) return fail self.assertFailure(d, ConchError) @skipIf(doSkip, skipReason) def test_getGenericAnswers(self): """ L{twisted.conch.client.default.SSHUserAuthClient.getGenericAnswers} """ options = ConchOptions() client = SSHUserAuthClient(b"user", options, None) def getpass(prompt): self.assertEqual(prompt, "pass prompt") return "getpass" self.patch(default.getpass, "getpass", getpass) def raw_input(prompt): self.assertEqual(prompt, "raw_input prompt") return "raw_input" self.patch(default, "_input", raw_input) d = client.getGenericAnswers( b"Name", b"Instruction", [(b"pass prompt", False), (b"raw_input prompt", True)], ) d.addCallback(self.assertListEqual, ["getpass", "raw_input"]) return d class ConchOptionsParsing(TestCase): """ Options parsing. """ def test_macs(self): """ Specify MAC algorithms. """ opts = ConchOptions() e = self.assertRaises(SystemExit, opts.opt_macs, "invalid-mac") self.assertIn("Unknown mac type", e.code) opts = ConchOptions() opts.opt_macs("hmac-sha2-512") self.assertEqual(opts["macs"], [b"hmac-sha2-512"]) opts.opt_macs(b"hmac-sha2-512") self.assertEqual(opts["macs"], [b"hmac-sha2-512"]) opts.opt_macs("hmac-sha2-256,hmac-sha1,hmac-md5") self.assertEqual(opts["macs"], [b"hmac-sha2-256", b"hmac-sha1", b"hmac-md5"]) def test_host_key_algorithms(self): """ Specify host key algorithms. """ opts = ConchOptions() e = self.assertRaises(SystemExit, opts.opt_host_key_algorithms, "invalid-key") self.assertIn("Unknown host key type", e.code) opts = ConchOptions() opts.opt_host_key_algorithms("ssh-rsa") self.assertEqual(opts["host-key-algorithms"], [b"ssh-rsa"]) opts.opt_host_key_algorithms(b"ssh-dss") self.assertEqual(opts["host-key-algorithms"], [b"ssh-dss"]) opts.opt_host_key_algorithms("ssh-rsa,ssh-dss") self.assertEqual(opts["host-key-algorithms"], [b"ssh-rsa", b"ssh-dss"]) ��test/test_tap.py��0000644��00000011655�15027667726�0007752 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for L{twisted.conch.tap}. """ from twisted.application.internet import StreamServerEndpointService from twisted.cred import error from twisted.cred.credentials import ISSHPrivateKey, IUsernamePassword, UsernamePassword from twisted.python.reflect import requireModule from twisted.trial.unittest import TestCase cryptography = requireModule("cryptography") pyasn1 = requireModule("pyasn1") unix = requireModule("twisted.conch.unix") if cryptography and pyasn1 and unix: from twisted.conch import tap from twisted.conch.openssh_compat.factory import OpenSSHFactory class MakeServiceTests(TestCase): """ Tests for L{tap.makeService}. """ if not cryptography: skip = "can't run without cryptography" if not pyasn1: skip = "Cannot run without PyASN1" if not unix: skip = "can't run on non-posix computers" usernamePassword = (b"iamuser", b"thisispassword") def setUp(self): """ Create a file with two users. """ self.filename = self.mktemp() with open(self.filename, "wb+") as f: f.write(b":".join(self.usernamePassword)) self.options = tap.Options() def test_basic(self): """ L{tap.makeService} returns a L{StreamServerEndpointService} instance running on TCP port 22, and the linked protocol factory is an instance of L{OpenSSHFactory}. """ config = tap.Options() service = tap.makeService(config) self.assertIsInstance(service, StreamServerEndpointService) self.assertEqual(service.endpoint._port, 22) self.assertIsInstance(service.factory, OpenSSHFactory) def test_defaultAuths(self): """ Make sure that if the C{--auth} command-line option is not passed, the default checkers are (for backwards compatibility): SSH and UNIX """ numCheckers = 2 self.assertIn( ISSHPrivateKey, self.options["credInterfaces"], "SSH should be one of the default checkers", ) self.assertIn( IUsernamePassword, self.options["credInterfaces"], "UNIX should be one of the default checkers", ) self.assertEqual( numCheckers, len(self.options["credCheckers"]), "There should be %d checkers by default" % (numCheckers,), ) def test_authAdded(self): """ The C{--auth} command-line option will add a checker to the list of checkers, and it should be the only auth checker """ self.options.parseOptions(["--auth", "file:" + self.filename]) self.assertEqual(len(self.options["credCheckers"]), 1) def test_multipleAuthAdded(self): """ Multiple C{--auth} command-line options will add all checkers specified to the list ofcheckers, and there should only be the specified auth checkers (no default checkers). """ self.options.parseOptions( [ "--auth", "file:" + self.filename, "--auth", "memory:testuser:testpassword", ] ) self.assertEqual(len(self.options["credCheckers"]), 2) def test_authFailure(self): """ The checker created by the C{--auth} command-line option returns a L{Deferred} that fails with L{UnauthorizedLogin} when presented with credentials that are unknown to that checker. """ self.options.parseOptions(["--auth", "file:" + self.filename]) checker = self.options["credCheckers"][-1] invalid = UsernamePassword(self.usernamePassword[0], "fake") # Wrong password should raise error return self.assertFailure( checker.requestAvatarId(invalid), error.UnauthorizedLogin ) def test_authSuccess(self): """ The checker created by the C{--auth} command-line option returns a L{Deferred} that returns the avatar id when presented with credentials that are known to that checker. """ self.options.parseOptions(["--auth", "file:" + self.filename]) checker = self.options["credCheckers"][-1] correct = UsernamePassword(self.usernamePassword) d = checker.requestAvatarId(correct) def checkSuccess(username): self.assertEqual(username, correct.username) return d.addCallback(checkSuccess) def test_checkers(self): """ The L{OpenSSHFactory} built by L{tap.makeService} has a portal with L{ISSHPrivateKey} and L{IUsernamePassword} interfaces registered as checkers. """ config = tap.Options() service = tap.makeService(config) portal = service.factory.portal self.assertEqual( set(portal.checkers.keys()), {ISSHPrivateKey, IUsernamePassword} ) ��test/test_openssh_compat.py��0000644��00000011414�15027667726�0012201 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for L{twisted.conch.openssh_compat}. """ import os from unittest import skipIf from twisted.conch.ssh._kex import getDHGeneratorAndPrime from twisted.conch.test import keydata from twisted.python.filepath import FilePath from twisted.python.reflect import requireModule from twisted.test.test_process import MockOS from twisted.trial.unittest import TestCase doSkip = False skipReason = "" if requireModule("cryptography") and requireModule("pyasn1"): from twisted.conch.openssh_compat.factory import OpenSSHFactory else: doSkip = True skipReason = "Cannot run without cryptography or PyASN1" if not hasattr(os, "geteuid"): doSkip = True skipReason = "geteuid/seteuid not available" @skipIf(doSkip, skipReason) class OpenSSHFactoryTests(TestCase): """ Tests for L{OpenSSHFactory}. """ def setUp(self): self.factory = OpenSSHFactory() self.keysDir = FilePath(self.mktemp()) self.keysDir.makedirs() self.factory.dataRoot = self.keysDir.path self.moduliDir = FilePath(self.mktemp()) self.moduliDir.makedirs() self.factory.moduliRoot = self.moduliDir.path self.keysDir.child("ssh_host_foo").setContent(b"foo") self.keysDir.child("bar_key").setContent(b"foo") self.keysDir.child("ssh_host_one_key").setContent(keydata.privateRSA_openssh) self.keysDir.child("ssh_host_two_key").setContent(keydata.privateDSA_openssh) self.keysDir.child("ssh_host_three_key").setContent(b"not a key content") self.keysDir.child("ssh_host_one_key.pub").setContent(keydata.publicRSA_openssh) self.moduliDir.child("moduli").setContent( b"\n" b"# $OpenBSD: moduli,v 1.xx 2016/07/26 12:34:56 jhacker Exp $i\n" b"# Time Type Tests Tries Size Generator Modulus\n" b"20030501000000 2 6 100 2047 2 " b"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74" b"020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437" b"4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" b"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05" b"98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB" b"9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" b"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718" b"3995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF" b"\n" ) self.mockos = MockOS() self.patch(os, "seteuid", self.mockos.seteuid) self.patch(os, "setegid", self.mockos.setegid) def test_getPublicKeys(self): """ L{OpenSSHFactory.getPublicKeys} should return the available public keys in the data directory """ keys = self.factory.getPublicKeys() self.assertEqual(len(keys), 1) keyTypes = keys.keys() self.assertEqual(list(keyTypes), [b"ssh-rsa"]) def test_getPrivateKeys(self): """ Will return the available private keys in the data directory, ignoring key files which failed to be loaded. """ keys = self.factory.getPrivateKeys() self.assertEqual(len(keys), 2) keyTypes = keys.keys() self.assertEqual(set(keyTypes), {b"ssh-rsa", b"ssh-dss"}) self.assertEqual(self.mockos.seteuidCalls, []) self.assertEqual(self.mockos.setegidCalls, []) def test_getPrivateKeysAsRoot(self): """ L{OpenSSHFactory.getPrivateKeys} should switch to root if the keys aren't readable by the current user. """ keyFile = self.keysDir.child("ssh_host_two_key") # Fake permission error by changing the mode keyFile.chmod(0000) self.addCleanup(keyFile.chmod, 0o777) # And restore the right mode when seteuid is called savedSeteuid = os.seteuid def seteuid(euid): keyFile.chmod(0o777) return savedSeteuid(euid) self.patch(os, "seteuid", seteuid) keys = self.factory.getPrivateKeys() self.assertEqual(len(keys), 2) keyTypes = keys.keys() self.assertEqual(set(keyTypes), {b"ssh-rsa", b"ssh-dss"}) self.assertEqual(self.mockos.seteuidCalls, [0, os.geteuid()]) self.assertEqual(self.mockos.setegidCalls, [0, os.getegid()]) def test_getPrimes(self): """ L{OpenSSHFactory.getPrimes} should return the available primes in the moduli directory. """ primes = self.factory.getPrimes() self.assertEqual( primes, { 2048: [getDHGeneratorAndPrime(b"diffie-hellman-group14-sha1")], }, ) ��test/test_keys.py��0000644��00000172067�15027667726�0010146 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for L{twisted.conch.ssh.keys}. """ import base64 import os from textwrap import dedent from twisted.conch.test import keydata from twisted.python import randbytes from twisted.python.filepath import FilePath from twisted.python.reflect import requireModule from twisted.trial import unittest cryptography = requireModule("cryptography") if cryptography is None: skipCryptography = "Cannot run without cryptography." pyasn1 = requireModule("pyasn1") if cryptography and pyasn1: from cryptography.hazmat.backends import default_backend from twisted.conch.ssh import common, keys, sexpy ED25519_SUPPORTED = default_backend().ed25519_supported() else: ED25519_SUPPORTED = False def skipWithoutEd25519(f): if not ED25519_SUPPORTED: f.skip = "ed25519 not supported on this system" return f class KeyTests(unittest.TestCase): if cryptography is None: skip = skipCryptography if pyasn1 is None: skip = "Cannot run without PyASN1" def setUp(self): self.rsaObj = keys.Key._fromRSAComponents( n=keydata.RSAData["n"], e=keydata.RSAData["e"], d=keydata.RSAData["d"], p=keydata.RSAData["p"], q=keydata.RSAData["q"], u=keydata.RSAData["u"], )._keyObject self.dsaObj = keys.Key._fromDSAComponents( y=keydata.DSAData["y"], p=keydata.DSAData["p"], q=keydata.DSAData["q"], g=keydata.DSAData["g"], x=keydata.DSAData["x"], )._keyObject self.ecObj = keys.Key._fromECComponents( x=keydata.ECDatanistp256["x"], y=keydata.ECDatanistp256["y"], privateValue=keydata.ECDatanistp256["privateValue"], curve=keydata.ECDatanistp256["curve"], )._keyObject self.ecObj384 = keys.Key._fromECComponents( x=keydata.ECDatanistp384["x"], y=keydata.ECDatanistp384["y"], privateValue=keydata.ECDatanistp384["privateValue"], curve=keydata.ECDatanistp384["curve"], )._keyObject self.ecObj521 = keys.Key._fromECComponents( x=keydata.ECDatanistp521["x"], y=keydata.ECDatanistp521["y"], privateValue=keydata.ECDatanistp521["privateValue"], curve=keydata.ECDatanistp521["curve"], )._keyObject if ED25519_SUPPORTED: self.ed25519Obj = keys.Key._fromEd25519Components( a=keydata.Ed25519Data["a"], k=keydata.Ed25519Data["k"] )._keyObject self.rsaSignature = ( b"\x00\x00\x00\x07ssh-rsa\x00\x00\x01\x00~Y\xa3\xd7\xfdW\xc6pu@" b"\xd81\xa1S\xf3O\xdaE\xf4/\x1ex\x1d\xf1\x9a\xe1G3\xd9\xd6U\x1f" b"\x8c\xd9\x1b\x8b\x90\x0e\x8a\xc1\x91\xd8\x0cd\xc9\x0c\xe7\xb2" b"\xc9,'=\x15\x1cQg\xe7x\xb5j\xdbI\xc0\xde\xafb\xd7@\xcar\x0b" b"\xce\xa3zM\x151q5\xde\xfa\x0c{wjKN\x88\xcbC\xe5\x89\xc3\xf9i" b"\x96\x91\xdb\xca}\xdbR\x1a\x13T\xf9\x0cDJH\x0b\x06\xcfl\xf3" b"\x13[\x82\xa2\x9d\x93\xfd\x8e\xce\|\xfb^n\xd4\xed\xe2\xd1\x8a" b"\xb7aY\x9bB\x8f\xa4\xc7\xbe7\xb5\x0b9j\xa4.\x87\x13\xf7\xf0" b"\xda\xd7\xd2\xf9\x1f9p\xfd?\x18\x0f\xf2N\x9b\xcf/\x1e)\n>A\x19" b"\xc2\xb5j\xf9UW\xd4\xae\x87B\xe6\x99t\xa2y\x90\x98\xa2\xaaf\xcb" b"\x86\xe5k\xe3\xce\xe0u\x1c\xeb\x93\x1aN\x88\xc9\x93Y\xc3.V\xb1L" b"44`C\xc7\xa66\xaf\xfa\x7f\x04Y\x92\xfa\xa4\x1a\x18%\x19\xd5 4^" b"\xb9rY\xba \x01\xf9.\x89%H\xbe\x1c\x83A\x96" ) self.dsaSignature = ( b"\x00\x00\x00\x07ssh-dss\x00\x00\x00(?\xc7\xeb\x86;\xd5TFA\xb4" b"\xdf\x0c\xc4E@4,d\xbc\t\xd9\xae\xdd[\xed-\x82nQ\x8cf\x9b\xe8\xe1" b"jrg\x84p<" ) self.patch(randbytes, "secureRandom", lambda x: b"\xff" * x) self.keyFile = self.mktemp() with open(self.keyFile, "wb") as f: f.write(keydata.privateRSA_lsh) def tearDown(self): os.unlink(self.keyFile) def test_size(self): """ The L{keys.Key.size} method returns the size of key object in bits. """ self.assertEqual(keys.Key(self.rsaObj).size(), 2048) self.assertEqual(keys.Key(self.dsaObj).size(), 1024) self.assertEqual(keys.Key(self.ecObj).size(), 256) self.assertEqual(keys.Key(self.ecObj384).size(), 384) self.assertEqual(keys.Key(self.ecObj521).size(), 521) if ED25519_SUPPORTED: self.assertEqual(keys.Key(self.ed25519Obj).size(), 256) def test__guessStringType(self): """ Test that the _guessStringType method guesses string types correctly. """ self.assertEqual( keys.Key._guessStringType(keydata.publicRSA_openssh), "public_openssh" ) self.assertEqual( keys.Key._guessStringType(keydata.publicDSA_openssh), "public_openssh" ) self.assertEqual( keys.Key._guessStringType(keydata.publicECDSA_openssh), "public_openssh" ) if ED25519_SUPPORTED: self.assertEqual( keys.Key._guessStringType(keydata.publicEd25519_openssh), "public_openssh", ) self.assertEqual( keys.Key._guessStringType(keydata.privateRSA_openssh), "private_openssh" ) self.assertEqual( keys.Key._guessStringType(keydata.privateRSA_openssh_new), "private_openssh" ) self.assertEqual( keys.Key._guessStringType(keydata.privateDSA_openssh), "private_openssh" ) self.assertEqual( keys.Key._guessStringType(keydata.privateDSA_openssh_new), "private_openssh" ) self.assertEqual( keys.Key._guessStringType(keydata.privateECDSA_openssh), "private_openssh" ) self.assertEqual( keys.Key._guessStringType(keydata.privateECDSA_openssh_new), "private_openssh", ) if ED25519_SUPPORTED: self.assertEqual( keys.Key._guessStringType(keydata.privateEd25519_openssh_new), "private_openssh", ) self.assertEqual(keys.Key._guessStringType(keydata.publicRSA_lsh), "public_lsh") self.assertEqual(keys.Key._guessStringType(keydata.publicDSA_lsh), "public_lsh") self.assertEqual( keys.Key._guessStringType(keydata.privateRSA_lsh), "private_lsh" ) self.assertEqual( keys.Key._guessStringType(keydata.privateDSA_lsh), "private_lsh" ) self.assertEqual( keys.Key._guessStringType(keydata.privateRSA_agentv3), "agentv3" ) self.assertEqual( keys.Key._guessStringType(keydata.privateDSA_agentv3), "agentv3" ) self.assertEqual( keys.Key._guessStringType(b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00\x01\x01"), "blob", ) self.assertEqual( keys.Key._guessStringType(b"\x00\x00\x00\x07ssh-dss\x00\x00\x00\x01\x01"), "blob", ) self.assertEqual(keys.Key._guessStringType(b"not a key"), None) def test_public(self): """ The L{keys.Key.public} method returns a public key for both public and private keys. """ # NB: This assumes that the private and public keys correspond # to each other. privateRSAKey = keys.Key.fromString(keydata.privateRSA_openssh) publicRSAKey = keys.Key.fromString(keydata.publicRSA_openssh) self.assertEqual(privateRSAKey.public(), publicRSAKey.public()) privateDSAKey = keys.Key.fromString(keydata.privateDSA_openssh) publicDSAKey = keys.Key.fromString(keydata.publicDSA_openssh) self.assertEqual(privateDSAKey.public(), publicDSAKey.public()) privateECDSAKey = keys.Key.fromString(keydata.privateECDSA_openssh) publicECDSAKey = keys.Key.fromString(keydata.publicECDSA_openssh) self.assertEqual(privateECDSAKey.public(), publicECDSAKey.public()) if ED25519_SUPPORTED: privateEd25519Key = keys.Key.fromString(keydata.privateEd25519_openssh_new) publicEd25519Key = keys.Key.fromString(keydata.publicEd25519_openssh) self.assertEqual(privateEd25519Key.public(), publicEd25519Key.public()) def test_isPublic(self): """ The L{keys.Key.isPublic} method returns True for public keys otherwise False. """ rsaKey = keys.Key.fromString(keydata.privateRSA_openssh) dsaKey = keys.Key.fromString(keydata.privateDSA_openssh) ecdsaKey = keys.Key.fromString(keydata.privateECDSA_openssh) self.assertTrue(rsaKey.public().isPublic()) self.assertFalse(rsaKey.isPublic()) self.assertTrue(dsaKey.public().isPublic()) self.assertFalse(dsaKey.isPublic()) self.assertTrue(ecdsaKey.public().isPublic()) self.assertFalse(ecdsaKey.isPublic()) if ED25519_SUPPORTED: ed25519Key = keys.Key.fromString(keydata.privateEd25519_openssh_new) self.assertTrue(ed25519Key.public().isPublic()) self.assertFalse(ed25519Key.isPublic()) def _testPublicPrivateFromString(self, public, private, type, data): self._testPublicFromString(public, type, data) self._testPrivateFromString(private, type, data) def _testPublicFromString(self, public, type, data): publicKey = keys.Key.fromString(public) self.assertTrue(publicKey.isPublic()) self.assertEqual(publicKey.type(), type) for k, v in publicKey.data().items(): self.assertEqual(data[k], v) def _testPrivateFromString(self, private, type, data): privateKey = keys.Key.fromString(private) self.assertFalse(privateKey.isPublic()) self.assertEqual(privateKey.type(), type) for k, v in data.items(): self.assertEqual(privateKey.data()[k], v) def test_fromOpenSSH(self): """ Test that keys are correctly generated from OpenSSH strings. """ self._testPublicPrivateFromString( keydata.publicECDSA_openssh, keydata.privateECDSA_openssh, "EC", keydata.ECDatanistp256, ) self._testPublicPrivateFromString( keydata.publicRSA_openssh, keydata.privateRSA_openssh, "RSA", keydata.RSAData, ) self.assertEqual( keys.Key.fromString( keydata.privateRSA_openssh_encrypted, passphrase=b"encrypted" ), keys.Key.fromString(keydata.privateRSA_openssh), ) self.assertEqual( keys.Key.fromString(keydata.privateRSA_openssh_alternate), keys.Key.fromString(keydata.privateRSA_openssh), ) self._testPublicPrivateFromString( keydata.publicDSA_openssh, keydata.privateDSA_openssh, "DSA", keydata.DSAData, ) if ED25519_SUPPORTED: self._testPublicPrivateFromString( keydata.publicEd25519_openssh, keydata.privateEd25519_openssh_new, "Ed25519", keydata.Ed25519Data, ) def test_fromOpenSSHErrors(self): """ Tests for invalid key types. """ badKey = b"""-----BEGIN FOO PRIVATE KEY----- MIGkAgEBBDAtAi7I8j73WCX20qUM5hhHwHuFzYWYYILs2Sh8UZ+awNkARZ/Fu2LU LLl5RtOQpbWgBwYFK4EEACKhZANiAATU17sA9P5FRwSknKcFsjjsk0+E3CeXPYX0 Tk/M0HK3PpWQWgrO8JdRHP9eFE9O/23P8BumwFt7F/AvPlCzVd35VfraFT0o4cCW G0RqpQ+np31aKmeJshkcYALEchnU+tQ= -----END EC PRIVATE KEY-----""" self.assertRaises( keys.BadKeyError, keys.Key._fromString_PRIVATE_OPENSSH, badKey, None ) def test_fromOpenSSH_with_whitespace(self): """ If key strings have trailing whitespace, it should be ignored. """ # from bug #3391, since our test key data doesn't have # an issue with appended newlines privateDSAData = b"""-----BEGIN DSA PRIVATE KEY----- MIIBuwIBAAKBgQDylESNuc61jq2yatCzZbenlr9llG+p9LhIpOLUbXhhHcwC6hrh EZIdCKqTO0USLrGoP5uS9UHAUoeN62Z0KXXWTwOWGEQn/syyPzNJtnBorHpNUT9D Qzwl1yUa53NNgEctpo4NoEFOx8PuU6iFLyvgHCjNn2MsuGuzkZm7sI9ZpQIVAJiR 9dPc08KLdpJyRxz8T74b4FQRAoGAGBc4Z5Y6R/HZi7AYM/iNOM8su6hrk8ypkBwR a3Dbhzk97fuV3SF1SDrcQu4zF7c4CtH609N5nfZs2SUjLLGPWln83Ysb8qhh55Em AcHXuROrHS/sDsnqu8FQp86MaudrqMExCOYyVPE7jaBWW+/JWFbKCxmgOCSdViUJ esJpBFsCgYEA7+jtVvSt9yrwsS/YU1QGP5wRAiDYB+T5cK4HytzAqJKRdC5qS4zf C7R0eKcDHHLMYO39aPnCwXjscisnInEhYGNblTDyPyiyNxAOXuC8x7luTmwzMbNJ /ow0IqSj0VF72VJN9uSoPpFd4lLT0zN8v42RWja0M8ohWNf+YNJluPgCFE0PT4Vm SUrCyZXsNh6VXwjs3gKQ -----END DSA PRIVATE KEY-----""" self.assertEqual( keys.Key.fromString(privateDSAData), keys.Key.fromString(privateDSAData + b"\n"), ) def test_fromNewerOpenSSH(self): """ Newer versions of OpenSSH generate encrypted keys which have a longer IV than the older versions. These newer keys are also loaded. """ key = keys.Key.fromString( keydata.privateRSA_openssh_encrypted_aes, passphrase=b"testxp" ) self.assertEqual(key.type(), "RSA") key2 = keys.Key.fromString( keydata.privateRSA_openssh_encrypted_aes + b"\n", passphrase=b"testxp" ) self.assertEqual(key, key2) def test_fromOpenSSH_v1_format(self): """ OpenSSH 6.5 introduced a newer "openssh-key-v1" private key format (made the default in OpenSSH 7.8). Loading keys in this format produces identical results to loading the same keys in the old PEM-based format. """ for old, new in ( (keydata.privateRSA_openssh, keydata.privateRSA_openssh_new), (keydata.privateDSA_openssh, keydata.privateDSA_openssh_new), (keydata.privateECDSA_openssh, keydata.privateECDSA_openssh_new), (keydata.privateECDSA_openssh384, keydata.privateECDSA_openssh384_new), (keydata.privateECDSA_openssh521, keydata.privateECDSA_openssh521_new), ): self.assertEqual(keys.Key.fromString(new), keys.Key.fromString(old)) self.assertEqual( keys.Key.fromString( keydata.privateRSA_openssh_encrypted_new, passphrase=b"encrypted" ), keys.Key.fromString( keydata.privateRSA_openssh_encrypted, passphrase=b"encrypted" ), ) def test_fromOpenSSH_windows_line_endings(self): """ Test that keys are correctly generated from OpenSSH strings with Windows line endings. """ privateDSAData = b"""-----BEGIN DSA PRIVATE KEY----- MIIBuwIBAAKBgQDylESNuc61jq2yatCzZbenlr9llG+p9LhIpOLUbXhhHcwC6hrh EZIdCKqTO0USLrGoP5uS9UHAUoeN62Z0KXXWTwOWGEQn/syyPzNJtnBorHpNUT9D Qzwl1yUa53NNgEctpo4NoEFOx8PuU6iFLyvgHCjNn2MsuGuzkZm7sI9ZpQIVAJiR 9dPc08KLdpJyRxz8T74b4FQRAoGAGBc4Z5Y6R/HZi7AYM/iNOM8su6hrk8ypkBwR a3Dbhzk97fuV3SF1SDrcQu4zF7c4CtH609N5nfZs2SUjLLGPWln83Ysb8qhh55Em AcHXuROrHS/sDsnqu8FQp86MaudrqMExCOYyVPE7jaBWW+/JWFbKCxmgOCSdViUJ esJpBFsCgYEA7+jtVvSt9yrwsS/YU1QGP5wRAiDYB+T5cK4HytzAqJKRdC5qS4zf C7R0eKcDHHLMYO39aPnCwXjscisnInEhYGNblTDyPyiyNxAOXuC8x7luTmwzMbNJ /ow0IqSj0VF72VJN9uSoPpFd4lLT0zN8v42RWja0M8ohWNf+YNJluPgCFE0PT4Vm SUrCyZXsNh6VXwjs3gKQ -----END DSA PRIVATE KEY-----""" self.assertEqual( keys.Key.fromString(privateDSAData), keys.Key.fromString(privateDSAData.replace(b"\n", b"\r\n")), ) def test_fromLSHPublicUnsupportedType(self): """ C{BadKeyError} exception is raised when public key has an unknown type. """ sexp = sexpy.pack([[b"public-key", [b"bad-key", [b"p", b"2"]]]]) self.assertRaises( keys.BadKeyError, keys.Key.fromString, data=b"{" + base64.b64encode(sexp) + b"}", ) def test_fromLSHPrivateUnsupportedType(self): """ C{BadKeyError} exception is raised when private key has an unknown type. """ sexp = sexpy.pack([[b"private-key", [b"bad-key", [b"p", b"2"]]]]) self.assertRaises( keys.BadKeyError, keys.Key.fromString, sexp, ) def test_fromLSHRSA(self): """ RSA public and private keys can be generated from a LSH strings. """ self._testPublicPrivateFromString( keydata.publicRSA_lsh, keydata.privateRSA_lsh, "RSA", keydata.RSAData, ) def test_fromLSHDSA(self): """ DSA public and private key can be generated from LSHs. """ self._testPublicPrivateFromString( keydata.publicDSA_lsh, keydata.privateDSA_lsh, "DSA", keydata.DSAData, ) def test_fromAgentv3(self): """ Test that keys are correctly generated from Agent v3 strings. """ self._testPrivateFromString(keydata.privateRSA_agentv3, "RSA", keydata.RSAData) self._testPrivateFromString(keydata.privateDSA_agentv3, "DSA", keydata.DSAData) self.assertRaises( keys.BadKeyError, keys.Key.fromString, b"\x00\x00\x00\x07ssh-foo" + b"\x00\x00\x00\x01\x01" * 5, ) def test_fromStringNormalizesUnicodePassphrase(self): """ L{keys.Key.fromString} applies Normalization Form KC to Unicode passphrases. """ key = keys.Key(self.rsaObj) key_data = key.toString("openssh", passphrase="verschl\u00FCsselt".encode()) self.assertEqual( keys.Key.fromString(key_data, passphrase="verschlu\u0308sselt"), key ) # U+FFFF is a "noncharacter" and guaranteed to have General_Category # Cn (Unassigned). self.assertRaises( keys.PassphraseNormalizationError, keys.Key.fromString, key_data, passphrase="unassigned \uFFFF", ) def test_fromStringErrors(self): """ keys.Key.fromString should raise BadKeyError when the key is invalid. """ self.assertRaises(keys.BadKeyError, keys.Key.fromString, b"") # no key data with a bad key type self.assertRaises(keys.BadKeyError, keys.Key.fromString, b"", "bad_type") # trying to decrypt a key which doesn't support encryption self.assertRaises( keys.BadKeyError, keys.Key.fromString, keydata.publicRSA_lsh, passphrase=b"unencrypted", ) # trying to decrypt a key with the wrong passphrase self.assertRaises( keys.EncryptedKeyError, keys.Key.fromString, keys.Key(self.rsaObj).toString("openssh", passphrase=b"encrypted"), ) # key with no key data self.assertRaises( keys.BadKeyError, keys.Key.fromString, b"-----BEGIN RSA KEY-----\nwA==\n" ) # key with invalid DEK Info self.assertRaises( keys.BadKeyError, keys.Key.fromString, b"""-----BEGIN ENCRYPTED RSA KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: weird type 4Ed/a9OgJWHJsne7yOGWeWMzHYKsxuP9w1v0aYcp+puS75wvhHLiUnNwxz0KDi6n T3YkKLBsoCWS68ApR2J9yeQ6R+EyS+UQDrO9nwqo3DB5BT3Ggt8S1wE7vjNLQD0H g/SJnlqwsECNhh8aAx+Ag0m3ZKOZiRD5mCkcDQsZET7URSmFytDKOjhFn3u6ZFVB sXrfpYc6TJtOQlHd/52JB6aAbjt6afSv955Z7enIi+5yEJ5y7oYQTaE5zrFMP7N5 9LbfJFlKXxEddy/DErRLxEjmC+t4svHesoJKc2jjjyNPiOoGGF3kJXea62vsjdNV gMK5Eged3TBVIk2dv8rtJUvyFeCUtjQ1UJZIebScRR47KrbsIpCmU8I4/uHWm5hW 0mOwvdx1L/mqx/BHqVU9Dw2COhOdLbFxlFI92chkovkmNk4P48ziyVnpm7ME22sE vfCMsyirdqB1mrL4CSM7FXONv+CgfBfeYVkYW8RfJac9U1L/O+JNn7yee414O/rS hRYw4UdWnH6Gg6niklVKWNY0ZwUZC8zgm2iqy8YCYuneS37jC+OEKP+/s6HSKuqk 2bzcl3/TcZXNSM815hnFRpz0anuyAsvwPNRyvxG2/DacJHL1f6luV4B0o6W410yf qXQx01DLo7nuyhJqoH3UGCyyXB+/QUs0mbG2PAEn3f5dVs31JMdbt+PrxURXXjKk 4cexpUcIpqqlfpIRe3RD0sDVbH4OXsGhi2kiTfPZu7mgyFxKopRbn1KwU1qKinfY EU9O4PoTak/tPT+5jFNhaP+HrURoi/pU8EAUNSktl7xAkHYwkN/9Cm7DeBghgf3n 8+tyCGYDsB5utPD0/Xe9yx0Qhc/kMm4xIyQDyA937dk3mUvLC9vulnAP8I+Izim0 fZ182+D1bWwykoD0997mUHG/AUChWR01V1OLwRyPv2wUtiS8VNG76Y2aqKlgqP1P V+IvIEqR4ERvSBVFzXNF8Y6j/sVxo8+aZw+d0L1Ns/R55deErGg3B8i/2EqGd3r+ 0jps9BqFHHWW87n3VyEB3jWCMj8Vi2EJIfa/7pSaViFIQn8LiBLf+zxG5LTOToK5 xkN42fReDcqi3UNfKNGnv4dsplyTR2hyx65lsj4bRKDGLKOuB1y7iB0AGb0LtcAI dcsVlcCeUquDXtqKvRnwfIMg+ZunyjqHBhj3qgRgbXbT6zjaSdNnih569aTg0Vup VykzZ7+n/KVcGLmvX0NesdoI7TKbq4TnEIOynuG5Sf+2GpARO5bjcWKSZeN/Ybgk gccf8Cqf6XWqiwlWd0B7BR3SymeHIaSymC45wmbgdstrbk7Ppa2Tp9AZku8M2Y7c 8mY9b+onK075/ypiwBm4L4GRNTFLnoNQJXx0OSl4FNRWsn6ztbD+jZhu8Seu10Jw SEJVJ+gmTKdRLYORJKyqhDet6g7kAxs4EoJ25WsOnX5nNr00rit+NkMPA7xbJT+7 CfI51GQLw7pUPeO2WNt6yZO/YkzZrqvTj5FEwybkUyBv7L0gkqu9wjfDdUw0fVHE xEm4DxjEoaIp8dW/JOzXQ2EF+WaSOgdYsw3Ac+rnnjnNptCdOEDGP6QBkt+oXj4P -----END RSA PRIVATE KEY-----""", passphrase="encrypted", ) # key with invalid encryption type self.assertRaises( keys.BadKeyError, keys.Key.fromString, b"""-----BEGIN ENCRYPTED RSA KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: FOO-123-BAR,01234567 4Ed/a9OgJWHJsne7yOGWeWMzHYKsxuP9w1v0aYcp+puS75wvhHLiUnNwxz0KDi6n T3YkKLBsoCWS68ApR2J9yeQ6R+EyS+UQDrO9nwqo3DB5BT3Ggt8S1wE7vjNLQD0H g/SJnlqwsECNhh8aAx+Ag0m3ZKOZiRD5mCkcDQsZET7URSmFytDKOjhFn3u6ZFVB sXrfpYc6TJtOQlHd/52JB6aAbjt6afSv955Z7enIi+5yEJ5y7oYQTaE5zrFMP7N5 9LbfJFlKXxEddy/DErRLxEjmC+t4svHesoJKc2jjjyNPiOoGGF3kJXea62vsjdNV gMK5Eged3TBVIk2dv8rtJUvyFeCUtjQ1UJZIebScRR47KrbsIpCmU8I4/uHWm5hW 0mOwvdx1L/mqx/BHqVU9Dw2COhOdLbFxlFI92chkovkmNk4P48ziyVnpm7ME22sE vfCMsyirdqB1mrL4CSM7FXONv+CgfBfeYVkYW8RfJac9U1L/O+JNn7yee414O/rS hRYw4UdWnH6Gg6niklVKWNY0ZwUZC8zgm2iqy8YCYuneS37jC+OEKP+/s6HSKuqk 2bzcl3/TcZXNSM815hnFRpz0anuyAsvwPNRyvxG2/DacJHL1f6luV4B0o6W410yf qXQx01DLo7nuyhJqoH3UGCyyXB+/QUs0mbG2PAEn3f5dVs31JMdbt+PrxURXXjKk 4cexpUcIpqqlfpIRe3RD0sDVbH4OXsGhi2kiTfPZu7mgyFxKopRbn1KwU1qKinfY EU9O4PoTak/tPT+5jFNhaP+HrURoi/pU8EAUNSktl7xAkHYwkN/9Cm7DeBghgf3n 8+tyCGYDsB5utPD0/Xe9yx0Qhc/kMm4xIyQDyA937dk3mUvLC9vulnAP8I+Izim0 fZ182+D1bWwykoD0997mUHG/AUChWR01V1OLwRyPv2wUtiS8VNG76Y2aqKlgqP1P V+IvIEqR4ERvSBVFzXNF8Y6j/sVxo8+aZw+d0L1Ns/R55deErGg3B8i/2EqGd3r+ 0jps9BqFHHWW87n3VyEB3jWCMj8Vi2EJIfa/7pSaViFIQn8LiBLf+zxG5LTOToK5 xkN42fReDcqi3UNfKNGnv4dsplyTR2hyx65lsj4bRKDGLKOuB1y7iB0AGb0LtcAI dcsVlcCeUquDXtqKvRnwfIMg+ZunyjqHBhj3qgRgbXbT6zjaSdNnih569aTg0Vup VykzZ7+n/KVcGLmvX0NesdoI7TKbq4TnEIOynuG5Sf+2GpARO5bjcWKSZeN/Ybgk gccf8Cqf6XWqiwlWd0B7BR3SymeHIaSymC45wmbgdstrbk7Ppa2Tp9AZku8M2Y7c 8mY9b+onK075/ypiwBm4L4GRNTFLnoNQJXx0OSl4FNRWsn6ztbD+jZhu8Seu10Jw SEJVJ+gmTKdRLYORJKyqhDet6g7kAxs4EoJ25WsOnX5nNr00rit+NkMPA7xbJT+7 CfI51GQLw7pUPeO2WNt6yZO/YkzZrqvTj5FEwybkUyBv7L0gkqu9wjfDdUw0fVHE xEm4DxjEoaIp8dW/JOzXQ2EF+WaSOgdYsw3Ac+rnnjnNptCdOEDGP6QBkt+oXj4P -----END RSA PRIVATE KEY-----""", passphrase="encrypted", ) # key with bad IV (AES) self.assertRaises( keys.BadKeyError, keys.Key.fromString, b"""-----BEGIN ENCRYPTED RSA KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,01234 4Ed/a9OgJWHJsne7yOGWeWMzHYKsxuP9w1v0aYcp+puS75wvhHLiUnNwxz0KDi6n T3YkKLBsoCWS68ApR2J9yeQ6R+EyS+UQDrO9nwqo3DB5BT3Ggt8S1wE7vjNLQD0H g/SJnlqwsECNhh8aAx+Ag0m3ZKOZiRD5mCkcDQsZET7URSmFytDKOjhFn3u6ZFVB sXrfpYc6TJtOQlHd/52JB6aAbjt6afSv955Z7enIi+5yEJ5y7oYQTaE5zrFMP7N5 9LbfJFlKXxEddy/DErRLxEjmC+t4svHesoJKc2jjjyNPiOoGGF3kJXea62vsjdNV gMK5Eged3TBVIk2dv8rtJUvyFeCUtjQ1UJZIebScRR47KrbsIpCmU8I4/uHWm5hW 0mOwvdx1L/mqx/BHqVU9Dw2COhOdLbFxlFI92chkovkmNk4P48ziyVnpm7ME22sE vfCMsyirdqB1mrL4CSM7FXONv+CgfBfeYVkYW8RfJac9U1L/O+JNn7yee414O/rS hRYw4UdWnH6Gg6niklVKWNY0ZwUZC8zgm2iqy8YCYuneS37jC+OEKP+/s6HSKuqk 2bzcl3/TcZXNSM815hnFRpz0anuyAsvwPNRyvxG2/DacJHL1f6luV4B0o6W410yf qXQx01DLo7nuyhJqoH3UGCyyXB+/QUs0mbG2PAEn3f5dVs31JMdbt+PrxURXXjKk 4cexpUcIpqqlfpIRe3RD0sDVbH4OXsGhi2kiTfPZu7mgyFxKopRbn1KwU1qKinfY EU9O4PoTak/tPT+5jFNhaP+HrURoi/pU8EAUNSktl7xAkHYwkN/9Cm7DeBghgf3n 8+tyCGYDsB5utPD0/Xe9yx0Qhc/kMm4xIyQDyA937dk3mUvLC9vulnAP8I+Izim0 fZ182+D1bWwykoD0997mUHG/AUChWR01V1OLwRyPv2wUtiS8VNG76Y2aqKlgqP1P V+IvIEqR4ERvSBVFzXNF8Y6j/sVxo8+aZw+d0L1Ns/R55deErGg3B8i/2EqGd3r+ 0jps9BqFHHWW87n3VyEB3jWCMj8Vi2EJIfa/7pSaViFIQn8LiBLf+zxG5LTOToK5 xkN42fReDcqi3UNfKNGnv4dsplyTR2hyx65lsj4bRKDGLKOuB1y7iB0AGb0LtcAI dcsVlcCeUquDXtqKvRnwfIMg+ZunyjqHBhj3qgRgbXbT6zjaSdNnih569aTg0Vup VykzZ7+n/KVcGLmvX0NesdoI7TKbq4TnEIOynuG5Sf+2GpARO5bjcWKSZeN/Ybgk gccf8Cqf6XWqiwlWd0B7BR3SymeHIaSymC45wmbgdstrbk7Ppa2Tp9AZku8M2Y7c 8mY9b+onK075/ypiwBm4L4GRNTFLnoNQJXx0OSl4FNRWsn6ztbD+jZhu8Seu10Jw SEJVJ+gmTKdRLYORJKyqhDet6g7kAxs4EoJ25WsOnX5nNr00rit+NkMPA7xbJT+7 CfI51GQLw7pUPeO2WNt6yZO/YkzZrqvTj5FEwybkUyBv7L0gkqu9wjfDdUw0fVHE xEm4DxjEoaIp8dW/JOzXQ2EF+WaSOgdYsw3Ac+rnnjnNptCdOEDGP6QBkt+oXj4P -----END RSA PRIVATE KEY-----""", passphrase="encrypted", ) # key with bad IV (DES3) self.assertRaises( keys.BadKeyError, keys.Key.fromString, b"""-----BEGIN ENCRYPTED RSA KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,01234 4Ed/a9OgJWHJsne7yOGWeWMzHYKsxuP9w1v0aYcp+puS75wvhHLiUnNwxz0KDi6n T3YkKLBsoCWS68ApR2J9yeQ6R+EyS+UQDrO9nwqo3DB5BT3Ggt8S1wE7vjNLQD0H g/SJnlqwsECNhh8aAx+Ag0m3ZKOZiRD5mCkcDQsZET7URSmFytDKOjhFn3u6ZFVB sXrfpYc6TJtOQlHd/52JB6aAbjt6afSv955Z7enIi+5yEJ5y7oYQTaE5zrFMP7N5 9LbfJFlKXxEddy/DErRLxEjmC+t4svHesoJKc2jjjyNPiOoGGF3kJXea62vsjdNV gMK5Eged3TBVIk2dv8rtJUvyFeCUtjQ1UJZIebScRR47KrbsIpCmU8I4/uHWm5hW 0mOwvdx1L/mqx/BHqVU9Dw2COhOdLbFxlFI92chkovkmNk4P48ziyVnpm7ME22sE vfCMsyirdqB1mrL4CSM7FXONv+CgfBfeYVkYW8RfJac9U1L/O+JNn7yee414O/rS hRYw4UdWnH6Gg6niklVKWNY0ZwUZC8zgm2iqy8YCYuneS37jC+OEKP+/s6HSKuqk 2bzcl3/TcZXNSM815hnFRpz0anuyAsvwPNRyvxG2/DacJHL1f6luV4B0o6W410yf qXQx01DLo7nuyhJqoH3UGCyyXB+/QUs0mbG2PAEn3f5dVs31JMdbt+PrxURXXjKk 4cexpUcIpqqlfpIRe3RD0sDVbH4OXsGhi2kiTfPZu7mgyFxKopRbn1KwU1qKinfY EU9O4PoTak/tPT+5jFNhaP+HrURoi/pU8EAUNSktl7xAkHYwkN/9Cm7DeBghgf3n 8+tyCGYDsB5utPD0/Xe9yx0Qhc/kMm4xIyQDyA937dk3mUvLC9vulnAP8I+Izim0 fZ182+D1bWwykoD0997mUHG/AUChWR01V1OLwRyPv2wUtiS8VNG76Y2aqKlgqP1P V+IvIEqR4ERvSBVFzXNF8Y6j/sVxo8+aZw+d0L1Ns/R55deErGg3B8i/2EqGd3r+ 0jps9BqFHHWW87n3VyEB3jWCMj8Vi2EJIfa/7pSaViFIQn8LiBLf+zxG5LTOToK5 xkN42fReDcqi3UNfKNGnv4dsplyTR2hyx65lsj4bRKDGLKOuB1y7iB0AGb0LtcAI dcsVlcCeUquDXtqKvRnwfIMg+ZunyjqHBhj3qgRgbXbT6zjaSdNnih569aTg0Vup VykzZ7+n/KVcGLmvX0NesdoI7TKbq4TnEIOynuG5Sf+2GpARO5bjcWKSZeN/Ybgk gccf8Cqf6XWqiwlWd0B7BR3SymeHIaSymC45wmbgdstrbk7Ppa2Tp9AZku8M2Y7c 8mY9b+onK075/ypiwBm4L4GRNTFLnoNQJXx0OSl4FNRWsn6ztbD+jZhu8Seu10Jw SEJVJ+gmTKdRLYORJKyqhDet6g7kAxs4EoJ25WsOnX5nNr00rit+NkMPA7xbJT+7 CfI51GQLw7pUPeO2WNt6yZO/YkzZrqvTj5FEwybkUyBv7L0gkqu9wjfDdUw0fVHE xEm4DxjEoaIp8dW/JOzXQ2EF+WaSOgdYsw3Ac+rnnjnNptCdOEDGP6QBkt+oXj4P -----END RSA PRIVATE KEY-----""", passphrase="encrypted", ) def test_fromFile(self): """ Test that fromFile works correctly. """ self.assertEqual( keys.Key.fromFile(self.keyFile), keys.Key.fromString(keydata.privateRSA_lsh) ) self.assertRaises(keys.BadKeyError, keys.Key.fromFile, self.keyFile, "bad_type") self.assertRaises( keys.BadKeyError, keys.Key.fromFile, self.keyFile, passphrase="unencrypted" ) def test_init(self): """ Test that the PublicKey object is initialized correctly. """ obj = keys.Key._fromRSAComponents(n=5, e=3)._keyObject key = keys.Key(obj) self.assertEqual(key._keyObject, obj) def test_equal(self): """ Test that Key objects are compared correctly. """ rsa1 = keys.Key(self.rsaObj) rsa2 = keys.Key(self.rsaObj) rsa3 = keys.Key(keys.Key._fromRSAComponents(n=5, e=3)._keyObject) dsa = keys.Key(self.dsaObj) self.assertTrue(rsa1 == rsa2) self.assertFalse(rsa1 == rsa3) self.assertFalse(rsa1 == dsa) self.assertFalse(rsa1 == object) self.assertFalse(rsa1 == None) def test_notEqual(self): """ Test that Key objects are not-compared correctly. """ rsa1 = keys.Key(self.rsaObj) rsa2 = keys.Key(self.rsaObj) rsa3 = keys.Key(keys.Key._fromRSAComponents(n=5, e=3)._keyObject) dsa = keys.Key(self.dsaObj) self.assertFalse(rsa1 != rsa2) self.assertTrue(rsa1 != rsa3) self.assertTrue(rsa1 != dsa) self.assertTrue(rsa1 != object) self.assertTrue(rsa1 != None) def test_dataError(self): """ The L{keys.Key.data} method raises RuntimeError for bad keys. """ badKey = keys.Key(b"") self.assertRaises(RuntimeError, badKey.data) def test_fingerprintdefault(self): """ Test that the fingerprint method returns fingerprint in L{FingerprintFormats.MD5-HEX} format by default. """ self.assertEqual( keys.Key(self.rsaObj).fingerprint(), "85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:da", ) self.assertEqual( keys.Key(self.dsaObj).fingerprint(), "63:15:b3:0e:e6:4f:50:de:91:48:3d:01:6b:b3:13:c1", ) def test_fingerprint_md5_hex(self): """ fingerprint method generates key fingerprint in L{FingerprintFormats.MD5-HEX} format if explicitly specified. """ self.assertEqual( keys.Key(self.rsaObj).fingerprint(keys.FingerprintFormats.MD5_HEX), "85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:da", ) self.assertEqual( keys.Key(self.dsaObj).fingerprint(keys.FingerprintFormats.MD5_HEX), "63:15:b3:0e:e6:4f:50:de:91:48:3d:01:6b:b3:13:c1", ) def test_fingerprintsha256(self): """ fingerprint method generates key fingerprint in L{FingerprintFormats.SHA256-BASE64} format if explicitly specified. """ self.assertEqual( keys.Key(self.rsaObj).fingerprint(keys.FingerprintFormats.SHA256_BASE64), "FBTCOoknq0mHy+kpfnY9tDdcAJuWtCpuQMaV3EsvbUI=", ) self.assertEqual( keys.Key(self.dsaObj).fingerprint(keys.FingerprintFormats.SHA256_BASE64), "Wz5o2YbKyxOEcJn1au/UaALSVruUzfz0vaLI1xiIGyY=", ) def test_fingerprintBadFormat(self): """ A C{BadFingerPrintFormat} error is raised when unsupported formats are requested. """ with self.assertRaises(keys.BadFingerPrintFormat) as em: keys.Key(self.rsaObj).fingerprint("sha256-base") self.assertEqual( "Unsupported fingerprint format: sha256-base", em.exception.args[0] ) def test_type(self): """ Test that the type method returns the correct type for an object. """ self.assertEqual(keys.Key(self.rsaObj).type(), "RSA") self.assertEqual(keys.Key(self.rsaObj).sshType(), b"ssh-rsa") self.assertEqual(keys.Key(self.dsaObj).type(), "DSA") self.assertEqual(keys.Key(self.dsaObj).sshType(), b"ssh-dss") self.assertEqual(keys.Key(self.ecObj).type(), "EC") self.assertEqual( keys.Key(self.ecObj).sshType(), keydata.ECDatanistp256["curve"] ) if ED25519_SUPPORTED: self.assertEqual(keys.Key(self.ed25519Obj).type(), "Ed25519") self.assertEqual(keys.Key(self.ed25519Obj).sshType(), b"ssh-ed25519") self.assertRaises(RuntimeError, keys.Key(None).type) self.assertRaises(RuntimeError, keys.Key(None).sshType) self.assertRaises(RuntimeError, keys.Key(self).type) self.assertRaises(RuntimeError, keys.Key(self).sshType) def test_fromBlobUnsupportedType(self): """ A C{BadKeyError} error is raised whey the blob has an unsupported key type. """ badBlob = common.NS(b"ssh-bad") self.assertRaises(keys.BadKeyError, keys.Key.fromString, badBlob) def test_fromBlobRSA(self): """ A public RSA key is correctly generated from a public key blob. """ rsaPublicData = { "n": keydata.RSAData["n"], "e": keydata.RSAData["e"], } rsaBlob = ( common.NS(b"ssh-rsa") + common.MP(rsaPublicData["e"]) + common.MP(rsaPublicData["n"]) ) rsaKey = keys.Key.fromString(rsaBlob) self.assertTrue(rsaKey.isPublic()) self.assertEqual(rsaPublicData, rsaKey.data()) def test_fromBlobDSA(self): """ A public DSA key is correctly generated from a public key blob. """ dsaPublicData = { "p": keydata.DSAData["p"], "q": keydata.DSAData["q"], "g": keydata.DSAData["g"], "y": keydata.DSAData["y"], } dsaBlob = ( common.NS(b"ssh-dss") + common.MP(dsaPublicData["p"]) + common.MP(dsaPublicData["q"]) + common.MP(dsaPublicData["g"]) + common.MP(dsaPublicData["y"]) ) dsaKey = keys.Key.fromString(dsaBlob) self.assertTrue(dsaKey.isPublic()) self.assertEqual(dsaPublicData, dsaKey.data()) def test_fromBlobECDSA(self): """ Key.fromString generates ECDSA keys from blobs. """ from cryptography import utils ecPublicData = { "x": keydata.ECDatanistp256["x"], "y": keydata.ECDatanistp256["y"], "curve": keydata.ECDatanistp256["curve"], } ecblob = ( common.NS(ecPublicData["curve"]) + common.NS(ecPublicData["curve"][-8:]) + common.NS( b"\x04" + utils.int_to_bytes(ecPublicData["x"], 32) + utils.int_to_bytes(ecPublicData["y"], 32) ) ) eckey = keys.Key.fromString(ecblob) self.assertTrue(eckey.isPublic()) self.assertEqual(ecPublicData, eckey.data()) @skipWithoutEd25519 def test_fromBlobEd25519(self): """ A public Ed25519 key is correctly generated from a public key blob. """ ed25519PublicData = { "a": keydata.Ed25519Data["a"], } ed25519Blob = common.NS(b"ssh-ed25519") + common.NS(ed25519PublicData["a"]) ed25519Key = keys.Key.fromString(ed25519Blob) self.assertTrue(ed25519Key.isPublic()) self.assertEqual(ed25519PublicData, ed25519Key.data()) def test_fromPrivateBlobUnsupportedType(self): """ C{BadKeyError} is raised when loading a private blob with an unsupported type. """ badBlob = common.NS(b"ssh-bad") self.assertRaises(keys.BadKeyError, keys.Key._fromString_PRIVATE_BLOB, badBlob) def test_fromPrivateBlobRSA(self): """ A private RSA key is correctly generated from a private key blob. """ rsaBlob = ( common.NS(b"ssh-rsa") + common.MP(keydata.RSAData["n"]) + common.MP(keydata.RSAData["e"]) + common.MP(keydata.RSAData["d"]) + common.MP(keydata.RSAData["u"]) + common.MP(keydata.RSAData["p"]) + common.MP(keydata.RSAData["q"]) ) rsaKey = keys.Key._fromString_PRIVATE_BLOB(rsaBlob) self.assertFalse(rsaKey.isPublic()) self.assertEqual(keydata.RSAData, rsaKey.data()) self.assertEqual( rsaKey, keys.Key._fromString_PRIVATE_BLOB(rsaKey.privateBlob()) ) def test_fromPrivateBlobDSA(self): """ A private DSA key is correctly generated from a private key blob. """ dsaBlob = ( common.NS(b"ssh-dss") + common.MP(keydata.DSAData["p"]) + common.MP(keydata.DSAData["q"]) + common.MP(keydata.DSAData["g"]) + common.MP(keydata.DSAData["y"]) + common.MP(keydata.DSAData["x"]) ) dsaKey = keys.Key._fromString_PRIVATE_BLOB(dsaBlob) self.assertFalse(dsaKey.isPublic()) self.assertEqual(keydata.DSAData, dsaKey.data()) self.assertEqual( dsaKey, keys.Key._fromString_PRIVATE_BLOB(dsaKey.privateBlob()) ) def test_fromPrivateBlobECDSA(self): """ A private EC key is correctly generated from a private key blob. """ from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import ec publicNumbers = ec.EllipticCurvePublicNumbers( x=keydata.ECDatanistp256["x"], y=keydata.ECDatanistp256["y"], curve=ec.SECP256R1(), ) ecblob = ( common.NS(keydata.ECDatanistp256["curve"]) + common.NS(keydata.ECDatanistp256["curve"][-8:]) + common.NS( publicNumbers.public_key(default_backend()).public_bytes( serialization.Encoding.X962, serialization.PublicFormat.UncompressedPoint, ) ) + common.MP(keydata.ECDatanistp256["privateValue"]) ) eckey = keys.Key._fromString_PRIVATE_BLOB(ecblob) self.assertFalse(eckey.isPublic()) self.assertEqual(keydata.ECDatanistp256, eckey.data()) self.assertEqual(eckey, keys.Key._fromString_PRIVATE_BLOB(eckey.privateBlob())) @skipWithoutEd25519 def test_fromPrivateBlobEd25519(self): """ A private Ed25519 key is correctly generated from a private key blob. """ ed25519Blob = ( common.NS(b"ssh-ed25519") + common.NS(keydata.Ed25519Data["a"]) + common.NS(keydata.Ed25519Data["k"] + keydata.Ed25519Data["a"]) ) ed25519Key = keys.Key._fromString_PRIVATE_BLOB(ed25519Blob) self.assertFalse(ed25519Key.isPublic()) self.assertEqual(keydata.Ed25519Data, ed25519Key.data()) self.assertEqual( ed25519Key, keys.Key._fromString_PRIVATE_BLOB(ed25519Key.privateBlob()) ) def test_blobRSA(self): """ Return the over-the-wire SSH format of the RSA public key. """ self.assertEqual( keys.Key(self.rsaObj).blob(), common.NS(b"ssh-rsa") + common.MP(self.rsaObj.private_numbers().public_numbers.e) + common.MP(self.rsaObj.private_numbers().public_numbers.n), ) def test_blobDSA(self): """ Return the over-the-wire SSH format of the DSA public key. """ publicNumbers = self.dsaObj.private_numbers().public_numbers self.assertEqual( keys.Key(self.dsaObj).blob(), common.NS(b"ssh-dss") + common.MP(publicNumbers.parameter_numbers.p) + common.MP(publicNumbers.parameter_numbers.q) + common.MP(publicNumbers.parameter_numbers.g) + common.MP(publicNumbers.y), ) def test_blobEC(self): """ Return the over-the-wire SSH format of the EC public key. """ from cryptography import utils byteLength = (self.ecObj.curve.key_size + 7) // 8 self.assertEqual( keys.Key(self.ecObj).blob(), common.NS(keydata.ECDatanistp256["curve"]) + common.NS(keydata.ECDatanistp256["curve"][-8:]) + common.NS( b"\x04" + utils.int_to_bytes( self.ecObj.private_numbers().public_numbers.x, byteLength ) + utils.int_to_bytes( self.ecObj.private_numbers().public_numbers.y, byteLength ) ), ) @skipWithoutEd25519 def test_blobEd25519(self): """ Return the over-the-wire SSH format of the Ed25519 public key. """ from cryptography.hazmat.primitives import serialization publicBytes = self.ed25519Obj.public_key().public_bytes( serialization.Encoding.Raw, serialization.PublicFormat.Raw ) self.assertEqual( keys.Key(self.ed25519Obj).blob(), common.NS(b"ssh-ed25519") + common.NS(publicBytes), ) def test_blobNoKey(self): """ C{RuntimeError} is raised when the blob is requested for a Key which is not wrapping anything. """ badKey = keys.Key(None) self.assertRaises(RuntimeError, badKey.blob) def test_privateBlobRSA(self): """ L{keys.Key.privateBlob} returns the SSH protocol-level format of an RSA private key. """ numbers = self.rsaObj.private_numbers() self.assertEqual( keys.Key(self.rsaObj).privateBlob(), common.NS(b"ssh-rsa") + common.MP(numbers.public_numbers.n) + common.MP(numbers.public_numbers.e) + common.MP(numbers.d) + common.MP(numbers.iqmp) + common.MP(numbers.p) + common.MP(numbers.q), ) def test_privateBlobDSA(self): """ L{keys.Key.privateBlob} returns the SSH protocol-level format of a DSA private key. """ publicNumbers = self.dsaObj.private_numbers().public_numbers self.assertEqual( keys.Key(self.dsaObj).privateBlob(), common.NS(b"ssh-dss") + common.MP(publicNumbers.parameter_numbers.p) + common.MP(publicNumbers.parameter_numbers.q) + common.MP(publicNumbers.parameter_numbers.g) + common.MP(publicNumbers.y) + common.MP(self.dsaObj.private_numbers().x), ) def test_privateBlobEC(self): """ L{keys.Key.privateBlob} returns the SSH ptotocol-level format of EC private key. """ from cryptography.hazmat.primitives import serialization self.assertEqual( keys.Key(self.ecObj).privateBlob(), common.NS(keydata.ECDatanistp256["curve"]) + common.NS(keydata.ECDatanistp256["curve"][-8:]) + common.NS( self.ecObj.public_key().public_bytes( serialization.Encoding.X962, serialization.PublicFormat.UncompressedPoint, ) ) + common.MP(self.ecObj.private_numbers().private_value), ) @skipWithoutEd25519 def test_privateBlobEd25519(self): """ L{keys.Key.privateBlob} returns the SSH protocol-level format of an Ed25519 private key. """ from cryptography.hazmat.primitives import serialization publicBytes = self.ed25519Obj.public_key().public_bytes( serialization.Encoding.Raw, serialization.PublicFormat.Raw ) privateBytes = self.ed25519Obj.private_bytes( serialization.Encoding.Raw, serialization.PrivateFormat.Raw, serialization.NoEncryption(), ) self.assertEqual( keys.Key(self.ed25519Obj).privateBlob(), common.NS(b"ssh-ed25519") + common.NS(publicBytes) + common.NS(privateBytes + publicBytes), ) def test_privateBlobNoKeyObject(self): """ Raises L{RuntimeError} if the underlying key object does not exists. """ badKey = keys.Key(None) self.assertRaises(RuntimeError, badKey.privateBlob) def test_toOpenSSHRSA(self): """ L{keys.Key.toString} serializes an RSA key in OpenSSH format. """ key = keys.Key.fromString(keydata.privateRSA_agentv3) self.assertEqual(key.toString("openssh"), keydata.privateRSA_openssh) self.assertEqual( key.toString("openssh", passphrase=b"encrypted"), keydata.privateRSA_openssh_encrypted, ) self.assertEqual( key.public().toString("openssh"), keydata.publicRSA_openssh[:-8] ) # no comment self.assertEqual( key.public().toString("openssh", comment=b"comment"), keydata.publicRSA_openssh, ) def test_toOpenSSHRSA_v1_format(self): """ L{keys.Key.toString} serializes an RSA key in OpenSSH's v1 format. """ key = keys.Key.fromString(keydata.privateRSA_openssh) new_key_data = key.toString("openssh", subtype="v1") new_enc_key_data = key.toString("openssh", subtype="v1", passphrase="encrypted") self.assertEqual( b"-----BEGIN OPENSSH PRIVATE KEY-----", new_key_data.splitlines()[0] ) self.assertEqual( b"-----BEGIN OPENSSH PRIVATE KEY-----", new_enc_key_data.splitlines()[0] ) self.assertEqual(key, keys.Key.fromString(new_key_data)) self.assertEqual( key, keys.Key.fromString(new_enc_key_data, passphrase="encrypted") ) def test_toOpenSSHDSA(self): """ L{keys.Key.toString} serializes a DSA key in OpenSSH format. """ key = keys.Key.fromString(keydata.privateDSA_lsh) self.assertEqual(key.toString("openssh"), keydata.privateDSA_openssh) self.assertEqual( key.public().toString("openssh", comment=b"comment"), keydata.publicDSA_openssh, ) self.assertEqual( key.public().toString("openssh"), keydata.publicDSA_openssh[:-8] ) # no comment def test_toOpenSSHDSA_v1_format(self): """ L{keys.Key.toString} serializes a DSA key in OpenSSH's v1 format. """ key = keys.Key.fromString(keydata.privateDSA_openssh) new_key_data = key.toString("openssh", subtype="v1") new_enc_key_data = key.toString("openssh", subtype="v1", passphrase="encrypted") self.assertEqual( b"-----BEGIN OPENSSH PRIVATE KEY-----", new_key_data.splitlines()[0] ) self.assertEqual( b"-----BEGIN OPENSSH PRIVATE KEY-----", new_enc_key_data.splitlines()[0] ) self.assertEqual(key, keys.Key.fromString(new_key_data)) self.assertEqual( key, keys.Key.fromString(new_enc_key_data, passphrase="encrypted") ) def test_toOpenSSHECDSA(self): """ L{keys.Key.toString} serializes an ECDSA key in OpenSSH format. """ key = keys.Key.fromString(keydata.privateECDSA_openssh) self.assertEqual( key.public().toString("openssh", comment=b"comment"), keydata.publicECDSA_openssh, ) self.assertEqual( key.public().toString("openssh"), keydata.publicECDSA_openssh[:-8] ) # no comment def test_toOpenSSHECDSA_v1_format(self): """ L{keys.Key.toString} serializes an ECDSA key in OpenSSH's v1 format. """ key = keys.Key.fromString(keydata.privateECDSA_openssh) new_key_data = key.toString("openssh", subtype="v1") new_enc_key_data = key.toString("openssh", subtype="v1", passphrase="encrypted") self.assertEqual( b"-----BEGIN OPENSSH PRIVATE KEY-----", new_key_data.splitlines()[0] ) self.assertEqual( b"-----BEGIN OPENSSH PRIVATE KEY-----", new_enc_key_data.splitlines()[0] ) self.assertEqual(key, keys.Key.fromString(new_key_data)) self.assertEqual( key, keys.Key.fromString(new_enc_key_data, passphrase="encrypted") ) @skipWithoutEd25519 def test_toOpenSSHEd25519(self): """ L{keys.Key.toString} serializes an Ed25519 key in OpenSSH's v1 format. """ key = keys.Key.fromString(keydata.privateEd25519_openssh_new) new_key_data = key.toString("openssh") new_enc_key_data = key.toString("openssh", passphrase="encrypted") self.assertEqual( b"-----BEGIN OPENSSH PRIVATE KEY-----", new_key_data.splitlines()[0] ) self.assertEqual( b"-----BEGIN OPENSSH PRIVATE KEY-----", new_enc_key_data.splitlines()[0] ) self.assertEqual(key, keys.Key.fromString(new_key_data)) self.assertEqual( key, keys.Key.fromString(new_enc_key_data, passphrase="encrypted") ) self.assertEqual(new_key_data, key.toString("openssh", subtype="v1")) @skipWithoutEd25519 def test_toOpenSSHEd25519_PEM_format(self): """ L{keys.Key.toString} refuses to serialize an Ed25519 key in OpenSSH's old PEM format, as no encoding of Ed25519 is defined for that format. """ key = keys.Key.fromString(keydata.privateEd25519_openssh_new) self.assertRaises(ValueError, key.toString, "openssh", subtype="PEM") def test_toLSHRSA(self): """ L{keys.Key.toString} serializes an RSA key in LSH format. """ key = keys.Key.fromString(keydata.privateRSA_openssh) self.assertEqual(key.toString("lsh"), keydata.privateRSA_lsh) self.assertEqual(key.public().toString("lsh"), keydata.publicRSA_lsh) def test_toLSHDSA(self): """ L{keys.Key.toString} serializes a DSA key in LSH format. """ key = keys.Key.fromString(keydata.privateDSA_openssh) self.assertEqual(key.toString("lsh"), keydata.privateDSA_lsh) self.assertEqual(key.public().toString("lsh"), keydata.publicDSA_lsh) def test_toAgentv3RSA(self): """ L{keys.Key.toString} serializes an RSA key in Agent v3 format. """ key = keys.Key.fromString(keydata.privateRSA_openssh) self.assertEqual(key.toString("agentv3"), keydata.privateRSA_agentv3) def test_toAgentv3DSA(self): """ L{keys.Key.toString} serializes a DSA key in Agent v3 format. """ key = keys.Key.fromString(keydata.privateDSA_openssh) self.assertEqual(key.toString("agentv3"), keydata.privateDSA_agentv3) def test_toStringNormalizesUnicodePassphrase(self): """ L{keys.Key.toString} applies Normalization Form KC to Unicode passphrases. """ key = keys.Key(self.rsaObj) key_data = key.toString("openssh", passphrase="verschlu\u0308sselt") self.assertEqual( keys.Key.fromString(key_data, passphrase="verschl\u00FCsselt".encode()), key, ) # U+FFFF is a "noncharacter" and guaranteed to have General_Category # Cn (Unassigned). self.assertRaises( keys.PassphraseNormalizationError, key.toString, "openssh", passphrase="unassigned \uFFFF", ) def test_toStringErrors(self): """ L{keys.Key.toString} raises L{keys.BadKeyError} when passed an invalid format type. """ self.assertRaises(keys.BadKeyError, keys.Key(self.rsaObj).toString, "bad_type") def test_signAndVerifyRSA(self): """ Signed data can be verified using RSA. """ data = b"some-data" key = keys.Key.fromString(keydata.privateRSA_openssh) signature = key.sign(data) self.assertTrue(key.public().verify(signature, data)) self.assertTrue(key.verify(signature, data)) def test_signAndVerifyDSA(self): """ Signed data can be verified using DSA. """ data = b"some-data" key = keys.Key.fromString(keydata.privateDSA_openssh) signature = key.sign(data) self.assertTrue(key.public().verify(signature, data)) self.assertTrue(key.verify(signature, data)) def test_signAndVerifyEC(self): """ Signed data can be verified using EC. """ data = b"some-data" key = keys.Key.fromString(keydata.privateECDSA_openssh) signature = key.sign(data) key384 = keys.Key.fromString(keydata.privateECDSA_openssh384) signature384 = key384.sign(data) key521 = keys.Key.fromString(keydata.privateECDSA_openssh521) signature521 = key521.sign(data) self.assertTrue(key.public().verify(signature, data)) self.assertTrue(key.verify(signature, data)) self.assertTrue(key384.public().verify(signature384, data)) self.assertTrue(key384.verify(signature384, data)) self.assertTrue(key521.public().verify(signature521, data)) self.assertTrue(key521.verify(signature521, data)) @skipWithoutEd25519 def test_signAndVerifyEd25519(self): """ Signed data can be verified using Ed25519. """ data = b"some-data" key = keys.Key.fromString(keydata.privateEd25519_openssh_new) signature = key.sign(data) self.assertTrue(key.public().verify(signature, data)) self.assertTrue(key.verify(signature, data)) def test_verifyRSA(self): """ A known-good RSA signature verifies successfully. """ key = keys.Key.fromString(keydata.publicRSA_openssh) self.assertTrue(key.verify(self.rsaSignature, b"")) self.assertFalse(key.verify(self.rsaSignature, b"a")) self.assertFalse(key.verify(self.dsaSignature, b"")) def test_verifyDSA(self): """ A known-good DSA signature verifies successfully. """ key = keys.Key.fromString(keydata.publicDSA_openssh) self.assertTrue(key.verify(self.dsaSignature, b"")) self.assertFalse(key.verify(self.dsaSignature, b"a")) self.assertFalse(key.verify(self.rsaSignature, b"")) def test_verifyDSANoPrefix(self): """ Some commercial SSH servers send DSA keys as 2 20-byte numbers; they are still verified as valid keys. """ key = keys.Key.fromString(keydata.publicDSA_openssh) self.assertTrue(key.verify(self.dsaSignature[-40:], b"")) def test_reprPrivateRSA(self): """ The repr of a L{keys.Key} contains all of the RSA components for an RSA private key. """ self.assertEqual( repr(keys.Key(self.rsaObj)), """<RSA Private Key (2048 bits) attr d: \t21:4c:08:66:a2:28:d5:b4:fb:8e:0f:72:1b:85:09: \t00:b9:f2:4e:37:f0:1c:57:4b:e3:51:7f:9e:23:a7: \te4:3a:98:55:1b:ea:8b:7a:98:1e:bc:d8:ba:b1:f9: \t89:12:18:60:ac:e8:cc:0b:4e:09:5a:40:6a:ba:2f: \t99:f8:b3:24:60:84:b9:ce:69:95:9a:f9:e2:fc:1f: \t51:4d:27:15:db:2b:27:ad:ef:b4:69:ac:be:7d:10: \teb:86:47:70:73:b4:00:87:95:15:3b:37:f9:e7:14: \te7:80:bb:68:1e:1b:e6:dd:bb:73:63:b9:67:e6:b2: \t27:7f:cf:cf:30:9b:c2:98:fd:d9:18:36:2f:36:2e: \tf1:3d:81:7a:9f:e1:03:2d:47:db:34:51:62:39:dd: \t4f:e9:ac:a8:8b:d9:d6:f3:84:c4:17:b9:71:9d:06: \t08:42:78:4d:bb:c5:2a:f4:c3:58:cd:55:2b:ed:be: \t33:5f:04:ea:7b:e6:04:24:63:f2:2d:d7:3d:1b:6c: \td5:9c:63:43:2f:92:88:8d:3e:6e:da:18:37:d8:0f: \t25:67:89:1d:b9:46:34:5e:c9:ce:c4:8b:ed:92:5a: \t33:07:0f:df:86:08:f9:92:e9:db:eb:38:08:36:c9: \tcd:cd:0a:01:48:5b:39:3e:7a:ca:c6:80:a9:dc:d4: \t39 attr e: \t01:00:01 attr n: \t00:d5:6a:ac:78:23:d6:d6:1b:ec:25:a1:50:c4:77: \t63:50:84:45:01:55:42:14:2a:2a:e0:d0:60:ee:d4: \te9:a3:ad:4a:fa:39:06:5e:84:55:75:5f:00:36:bf: \t6f:aa:2a:3f:83:26:37:c1:69:2e:5b:fd:f0:f3:d2: \t7d:d6:98:cd:3a:40:78:d5:ca:a8:18:c0:11:93:24: \t09:0c:81:4c:8f:f7:9c:ed:13:16:6a:a4:04:e9:49: \t77:c3:e4:55:64:b3:79:68:9e:2c:08:eb:ac:e8:04: \t2d:21:77:05:a7:8e:ef:53:30:0d:a5:e5:bb:3d:6a: \te2:09:36:6f:fd:34:d3:7d:6f:46:ff:87:da:a9:29: \t27:aa:ff:ad:f5:85:e6:3e:1a:b8:7a:1d:4a:b1:ea: \tc0:5a:f7:30:df:1f:c2:a4:e4:ef:3f:91:49:96:40: \td5:19:77:2d:37:c3:5e:ec:9d:a6:3a:44:a5:c2:a4: \t29:dd:d5:ba:9c:3d:45:b3:c6:2c:18:64:d5:ba:3d: \tdf:ab:7f:cd:42:ac:a7:f1:18:0b:a0:58:15:62:0b: \ta4:2a:6e:43:c3:e4:04:9f:35:a3:47:8e:46:ed:33: \ta5:65:bd:bc:3b:29:6e:02:0b:57:df:74:e8:13:b4: \t37:35:7e:83:5f:20:26:60:a6:dc:ad:8b:c6:6c:79: \t98:f7 attr p: \t00:d9:70:06:d8:e2:bc:d4:78:91:50:94:d4:c1:1b: \t89:38:6c:46:64:5a:51:a0:9a:07:3d:48:8f:03:51: \tcc:6b:12:8e:7d:1a:b1:65:e7:71:75:39:e0:32:05: \t75:8d:18:4c:af:93:b1:49:b1:66:5f:78:62:7a:d1: \t0c:ca:e6:4d:43:b3:9c:f4:6b:7d:e6:0c:98:dc:cf: \t21:62:8e:d5:2e:12:de:04:ae:d7:24:6e:83:31:a2: \t15:a2:44:3d:22:a9:62:26:22:b9:b2:ed:54:0a:9d: \t08:83:a7:07:0d:ff:19:18:8e:d8:ab:1d:da:48:9c: \t31:68:11:a1:66:6d:e3:d8:1d attr q: \t00:fb:44:17:8b:a4:36:be:1e:37:1d:a7:f6:61:6c: \t04:c4:aa:dd:78:3e:07:8c:1e:33:02:ae:03:14:87: \t83:7a:e5:9e:7d:08:67:a8:f2:aa:bf:12:70:cf:72: \ta9:a7:c7:0b:1d:88:d5:20:fd:9c:63:ca:47:30:55: \t4e:8b:c4:cf:f4:7f:16:a4:92:12:74:a1:09:c2:c4: \t6e:9c:8c:33:ef:a5:e5:f7:e0:2b:ad:4f:5c:11:aa: \t1a:84:37:5b:fd:7a:ea:c3:cd:7c:b0:c8:e4:1f:54: \t63:b5:c7:af:df:f4:09:a7:fc:c7:25:fc:5c:e9:91: \td7:92:c5:98:1e:56:d3:b1:23 attr u: \t00:85:4b:1b:7a:9b:12:10:37:9e:1f:ad:5e:da:fe: \tc6:96:fe:df:35:6b:b9:34:e2:16:97:92:26:09:bd: \tbd:70:20:03:a7:35:bd:2d:1b:a0:d2:07:47:2b:d4: \tde:a8:a8:07:07:1b:b8:04:20:a7:27:41:3c:6c:39: \t39:e9:41:ce:e7:17:1d:d1:4c:5c:bc:3d:d2:26:26: \tfe:6a:d6:fd:48:72:ae:46:fa:7b:c3:d3:19:60:44: \t1d:a5:13:a7:80:f5:63:29:d4:7a:5d:06:07:16:5d: \tf6:8b:3d:cb:64:3a:e2:84:5a:4d:8c:06:2d:2d:9d: \t1c:eb:83:4c:78:3d:79:54:ce>""", ) def test_reprPublicRSA(self): """ The repr of a L{keys.Key} contains all of the RSA components for an RSA public key. """ self.assertEqual( repr(keys.Key(self.rsaObj).public()), """<RSA Public Key (2048 bits) attr e: \t01:00:01 attr n: \t00:d5:6a:ac:78:23:d6:d6:1b:ec:25:a1:50:c4:77: \t63:50:84:45:01:55:42:14:2a:2a:e0:d0:60:ee:d4: \te9:a3:ad:4a:fa:39:06:5e:84:55:75:5f:00:36:bf: \t6f:aa:2a:3f:83:26:37:c1:69:2e:5b:fd:f0:f3:d2: \t7d:d6:98:cd:3a:40:78:d5:ca:a8:18:c0:11:93:24: \t09:0c:81:4c:8f:f7:9c:ed:13:16:6a:a4:04:e9:49: \t77:c3:e4:55:64:b3:79:68:9e:2c:08:eb:ac:e8:04: \t2d:21:77:05:a7:8e:ef:53:30:0d:a5:e5:bb:3d:6a: \te2:09:36:6f:fd:34:d3:7d:6f:46:ff:87:da:a9:29: \t27:aa:ff:ad:f5:85:e6:3e:1a:b8:7a:1d:4a:b1:ea: \tc0:5a:f7:30:df:1f:c2:a4:e4:ef:3f:91:49:96:40: \td5:19:77:2d:37:c3:5e:ec:9d:a6:3a:44:a5:c2:a4: \t29:dd:d5:ba:9c:3d:45:b3:c6:2c:18:64:d5:ba:3d: \tdf:ab:7f:cd:42:ac:a7:f1:18:0b:a0:58:15:62:0b: \ta4:2a:6e:43:c3:e4:04:9f:35:a3:47:8e:46:ed:33: \ta5:65:bd:bc:3b:29:6e:02:0b:57:df:74:e8:13:b4: \t37:35:7e:83:5f:20:26:60:a6:dc:ad:8b:c6:6c:79: \t98:f7>""", ) def test_reprPublicECDSA(self): """ The repr of a L{keys.Key} contains all the OpenSSH format for an ECDSA public key. """ self.assertEqual( repr(keys.Key(self.ecObj).public()), dedent( """\ <Elliptic Curve Public Key (256 bits) curve: \tecdsa-sha2-nistp256 x: \t{x} y: \t{y}> """ ).format(keydata.ECDatanistp256), ) def test_reprPrivateECDSA(self): """ The repr of a L{keys.Key} contains all the OpenSSH format for an ECDSA private key. """ self.assertEqual( repr(keys.Key(self.ecObj)), dedent( """\ <Elliptic Curve Private Key (256 bits) curve: \tecdsa-sha2-nistp256 privateValue: \t{privateValue} x: \t{x} y: \t{y}> """ ).format(keydata.ECDatanistp256), ) @skipWithoutEd25519 def test_reprPublicEd25519(self): """ The repr of a L{keys.Key} contains all the OpenSSH format for an Ed25519 public key. """ self.assertEqual( repr(keys.Key(self.ed25519Obj).public()), dedent( """\ <Ed25519 Public Key (256 bits) attr a: \tf1:16:d1:15:4a:1e:15:0e:19:5e:19:46:b5:f2:44: \t0d:b2:52:a0:ae:2a:6b:23:13:73:45:fd:40:d9:57: \t7b:8b>""" ), ) @skipWithoutEd25519 def test_reprPrivateEd25519(self): """ The repr of a L{keys.Key} contains all the OpenSSH format for an Ed25519 private key. """ self.assertEqual( repr(keys.Key(self.ed25519Obj)), dedent( """\ <Ed25519 Private Key (256 bits) attr a: \tf1:16:d1:15:4a:1e:15:0e:19:5e:19:46:b5:f2:44: \t0d:b2:52:a0:ae:2a:6b:23:13:73:45:fd:40:d9:57: \t7b:8b attr k: \t37:2f:25:da:8d:d4:a8:9a:78:7c:61:f0:98:01:c6: \tf4:5e:6d:67:05:69:31:37:4c:69:0d:05:55:bb:c9: \t44:58>""" ), ) class PersistentRSAKeyTests(unittest.TestCase): """ Tests for L{keys._getPersistentRSAKey}. """ if cryptography is None: skip = skipCryptography def test_providedArguments(self): """ L{keys._getPersistentRSAKey} will put the key in C{directory}/C{filename}, with the key length of C{keySize}. """ tempDir = FilePath(self.mktemp()) keyFile = tempDir.child("mykey.pem") key = keys._getPersistentRSAKey(keyFile, keySize=512) self.assertEqual(key.size(), 512) self.assertTrue(keyFile.exists()) def test_noRegeneration(self): """ L{keys._getPersistentRSAKey} will not regenerate the key if the key already exists. """ tempDir = FilePath(self.mktemp()) keyFile = tempDir.child("mykey.pem") key = keys._getPersistentRSAKey(keyFile, keySize=512) self.assertEqual(key.size(), 512) self.assertTrue(keyFile.exists()) keyContent = keyFile.getContent() # Set the key size to 1024 bits. Since it exists already, it will find # the 512 bit key, and not generate a 1024 bit key. key = keys._getPersistentRSAKey(keyFile, keySize=1024) self.assertEqual(key.size(), 512) self.assertEqual(keyFile.getContent(), keyContent) def test_keySizeZero(self): """ If the key generated by L{keys.getPersistentRSAKey} is set to None the key size should then become 0. """ tempDir = FilePath(self.mktemp()) keyFile = tempDir.child("mykey.pem") key = keys._getPersistentRSAKey(keyFile, keySize=512) key._keyObject = None self.assertEqual(key.size(), 0) ��test/__init__.py��0000644��00000000016�15027667726�0007653 0��ustar�00��"conch tests" ��test/test_ssh.py��0000644��00000100252�15027667726�0007753 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for L{twisted.conch.ssh}. """ import struct from twisted.conch.test.keydata import ( privateDSA_openssh, privateRSA_openssh, publicDSA_openssh, publicRSA_openssh, ) from twisted.conch.test.loopback import LoopbackRelay from twisted.cred import portal from twisted.cred.error import UnauthorizedLogin from twisted.internet import defer, protocol, reactor from twisted.internet.error import ProcessTerminated from twisted.python import failure, log from twisted.python.reflect import requireModule from twisted.trial import unittest cryptography = requireModule("cryptography") pyasn1 = requireModule("pyasn1") if cryptography: from twisted.conch import avatar, error from twisted.conch.ssh import _kex, common, forwarding, session else: class avatar: # type: ignore[no-redef] class ConchUser: pass class ConchTestRealm: """ A realm which expects a particular avatarId to log in once and creates a L{ConchTestAvatar} for that request. @ivar expectedAvatarID: The only avatarID that this realm will produce an avatar for. @ivar avatar: A reference to the avatar after it is requested. """ avatar = None def __init__(self, expectedAvatarID): self.expectedAvatarID = expectedAvatarID def requestAvatar(self, avatarID, mind, interfaces): """ Return a new L{ConchTestAvatar} if the avatarID matches the expected one and this is the first avatar request. """ if avatarID == self.expectedAvatarID: if self.avatar is not None: raise UnauthorizedLogin("Only one login allowed") self.avatar = ConchTestAvatar() return interfaces[0], self.avatar, self.avatar.logout raise UnauthorizedLogin( f"Only {self.expectedAvatarID!r} may log in, not {avatarID!r}" ) class ConchTestAvatar(avatar.ConchUser): """ An avatar against which various SSH features can be tested. @ivar loggedOut: A flag indicating whether the avatar logout method has been called. """ if not cryptography: skip = "cannot run without cryptography" loggedOut = False def __init__(self): avatar.ConchUser.__init__(self) self.listeners = {} self.globalRequests = {} self.channelLookup.update( { b"session": session.SSHSession, b"direct-tcpip": forwarding.openConnectForwardingClient, } ) self.subsystemLookup.update({b"crazy": CrazySubsystem}) def global_foo(self, data): self.globalRequests["foo"] = data return 1 def global_foo_2(self, data): self.globalRequests["foo_2"] = data return 1, b"data" def global_tcpip_forward(self, data): host, port = forwarding.unpackGlobal_tcpip_forward(data) try: listener = reactor.listenTCP( port, forwarding.SSHListenForwardingFactory( self.conn, (host, port), forwarding.SSHListenServerForwardingChannel ), interface=host, ) except BaseException: log.err(None, "something went wrong with remote->local forwarding") return 0 else: self.listeners[(host, port)] = listener return 1 def global_cancel_tcpip_forward(self, data): host, port = forwarding.unpackGlobal_tcpip_forward(data) listener = self.listeners.get((host, port), None) if not listener: return 0 del self.listeners[(host, port)] listener.stopListening() return 1 def logout(self): self.loggedOut = True for listener in self.listeners.values(): log.msg("stopListening %s" % listener) listener.stopListening() class ConchSessionForTestAvatar: """ An ISession adapter for ConchTestAvatar. """ def __init__(self, avatar): """ Initialize the session and create a reference to it on the avatar for later inspection. """ self.avatar = avatar self.avatar._testSession = self self.cmd = None self.proto = None self.ptyReq = False self.eof = 0 self.onClose = defer.Deferred() def getPty(self, term, windowSize, attrs): log.msg("pty req") self._terminalType = term self._windowSize = windowSize self.ptyReq = True def openShell(self, proto): log.msg("opening shell") self.proto = proto EchoTransport(proto) self.cmd = b"shell" def execCommand(self, proto, cmd): self.cmd = cmd self.proto = proto f = cmd.split()[0] if f == b"false": t = FalseTransport(proto) # Avoid disconnecting this immediately. If the channel is closed # before execCommand even returns the caller gets confused. reactor.callLater(0, t.loseConnection) elif f == b"echo": t = EchoTransport(proto) t.write(cmd[5:]) t.loseConnection() elif f == b"secho": t = SuperEchoTransport(proto) t.write(cmd[6:]) t.loseConnection() elif f == b"eecho": t = ErrEchoTransport(proto) t.write(cmd[6:]) t.loseConnection() else: raise error.ConchError("bad exec") self.avatar.conn.transport.expectedLoseConnection = 1 def eofReceived(self): self.eof = 1 def closed(self): log.msg('closed cmd "%s"' % self.cmd) self.remoteWindowLeftAtClose = self.proto.session.remoteWindowLeft self.onClose.callback(None) from twisted.python import components if cryptography: components.registerAdapter( ConchSessionForTestAvatar, ConchTestAvatar, session.ISession ) class CrazySubsystem(protocol.Protocol): def __init__(self, args, *kw): pass def connectionMade(self): """ good ... good """ class FalseTransport: """ False transport should act like a /bin/false execution, i.e. just exit with nonzero status, writing nothing to the terminal. @ivar proto: The protocol associated with this transport. @ivar closed: A flag tracking whether C{loseConnection} has been called yet. """ def __init__(self, p): """ @type p L{twisted.conch.ssh.session.SSHSessionProcessProtocol} instance """ self.proto = p p.makeConnection(self) self.closed = 0 def loseConnection(self): """ Disconnect the protocol associated with this transport. """ if self.closed: return self.closed = 1 self.proto.inConnectionLost() self.proto.outConnectionLost() self.proto.errConnectionLost() self.proto.processEnded(failure.Failure(ProcessTerminated(255, None, None))) class EchoTransport: def __init__(self, p): self.proto = p p.makeConnection(self) self.closed = 0 def write(self, data): log.msg(repr(data)) self.proto.outReceived(data) self.proto.outReceived(b"\r\n") if b"\x00" in data: # mimic 'exit' for the shell test self.loseConnection() def loseConnection(self): if self.closed: return self.closed = 1 self.proto.inConnectionLost() self.proto.outConnectionLost() self.proto.errConnectionLost() self.proto.processEnded(failure.Failure(ProcessTerminated(0, None, None))) class ErrEchoTransport: def __init__(self, p): self.proto = p p.makeConnection(self) self.closed = 0 def write(self, data): self.proto.errReceived(data) self.proto.errReceived(b"\r\n") def loseConnection(self): if self.closed: return self.closed = 1 self.proto.inConnectionLost() self.proto.outConnectionLost() self.proto.errConnectionLost() self.proto.processEnded(failure.Failure(ProcessTerminated(0, None, None))) class SuperEchoTransport: def __init__(self, p): self.proto = p p.makeConnection(self) self.closed = 0 def write(self, data): self.proto.outReceived(data) self.proto.outReceived(b"\r\n") self.proto.errReceived(data) self.proto.errReceived(b"\r\n") def loseConnection(self): if self.closed: return self.closed = 1 self.proto.inConnectionLost() self.proto.outConnectionLost() self.proto.errConnectionLost() self.proto.processEnded(failure.Failure(ProcessTerminated(0, None, None))) if cryptography is not None and pyasn1 is not None: from twisted.conch import checkers from twisted.conch.ssh import ( channel, connection, factory, keys, transport, userauth, ) class ConchTestPasswordChecker: credentialInterfaces = (checkers.IUsernamePassword,) def requestAvatarId(self, credentials): if ( credentials.username == b"testuser" and credentials.password == b"testpass" ): return defer.succeed(credentials.username) return defer.fail(Exception("Bad credentials")) class ConchTestSSHChecker(checkers.SSHProtocolChecker): def areDone(self, avatarId): if avatarId != b"testuser" or len(self.successfulCredentials[avatarId]) < 2: return False return True class ConchTestServerFactory(factory.SSHFactory): noisy = False services = { b"ssh-userauth": userauth.SSHUserAuthServer, b"ssh-connection": connection.SSHConnection, } def buildProtocol(self, addr): proto = ConchTestServer() proto.supportedPublicKeys = self.privateKeys.keys() proto.factory = self if hasattr(self, "expectedLoseConnection"): proto.expectedLoseConnection = self.expectedLoseConnection self.proto = proto return proto def getPublicKeys(self): return { b"ssh-rsa": keys.Key.fromString(publicRSA_openssh), b"ssh-dss": keys.Key.fromString(publicDSA_openssh), } def getPrivateKeys(self): return { b"ssh-rsa": keys.Key.fromString(privateRSA_openssh), b"ssh-dss": keys.Key.fromString(privateDSA_openssh), } def getPrimes(self): """ Diffie-Hellman primes that can be used for the diffie-hellman-group-exchange-sha1 key exchange. @return: The primes and generators. @rtype: L{dict} mapping the key size to a C{list} of C{(generator, prime)} tupple. """ # In these tests, we hardwire the prime values to those defined by # the diffie-hellman-group14-sha1 key exchange algorithm, to avoid # requiring a moduli file when running tests. # See OpenSSHFactory.getPrimes. return {2048: [_kex.getDHGeneratorAndPrime(b"diffie-hellman-group14-sha1")]} def getService(self, trans, name): return factory.SSHFactory.getService(self, trans, name) class ConchTestBase: done = 0 def connectionLost(self, reason): if self.done: return if not hasattr(self, "expectedLoseConnection"): raise unittest.FailTest( f"unexpectedly lost connection {self}\n{reason}" ) self.done = 1 def receiveError(self, reasonCode, desc): self.expectedLoseConnection = 1 # Some versions of OpenSSH (for example, OpenSSH_5.3p1) will # send a DISCONNECT_BY_APPLICATION error before closing the # connection. Other, older versions (for example, # OpenSSH_5.1p1), won't. So accept this particular error here, # but no others. if reasonCode != transport.DISCONNECT_BY_APPLICATION: log.err( Exception( "got disconnect for %s: reason %s, desc: %s" % (self, reasonCode, desc) ) ) self.loseConnection() def receiveUnimplemented(self, seqID): raise unittest.FailTest(f"got unimplemented: seqid {seqID}") class ConchTestServer(ConchTestBase, transport.SSHServerTransport): def connectionLost(self, reason): ConchTestBase.connectionLost(self, reason) transport.SSHServerTransport.connectionLost(self, reason) class ConchTestClient(ConchTestBase, transport.SSHClientTransport): """ @ivar _channelFactory: A callable which accepts an SSH connection and returns a channel which will be attached to a new channel on that connection. """ def __init__(self, channelFactory): self._channelFactory = channelFactory def connectionLost(self, reason): ConchTestBase.connectionLost(self, reason) transport.SSHClientTransport.connectionLost(self, reason) def verifyHostKey(self, key, fp): keyMatch = key == keys.Key.fromString(publicRSA_openssh).blob() fingerprintMatch = fp == b"85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:da" if keyMatch and fingerprintMatch: return defer.succeed(1) return defer.fail(Exception("Key or fingerprint mismatch")) def connectionSecure(self): self.requestService( ConchTestClientAuth( b"testuser", ConchTestClientConnection(self._channelFactory) ) ) class ConchTestClientAuth(userauth.SSHUserAuthClient): hasTriedNone = 0 # have we tried the 'none' auth yet? canSucceedPublicKey = 0 # can we succeed with this yet? canSucceedPassword = 0 def ssh_USERAUTH_SUCCESS(self, packet): if not self.canSucceedPassword and self.canSucceedPublicKey: raise unittest.FailTest( "got USERAUTH_SUCCESS before password and publickey" ) userauth.SSHUserAuthClient.ssh_USERAUTH_SUCCESS(self, packet) def getPassword(self): self.canSucceedPassword = 1 return defer.succeed(b"testpass") def getPrivateKey(self): self.canSucceedPublicKey = 1 return defer.succeed(keys.Key.fromString(privateDSA_openssh)) def getPublicKey(self): return keys.Key.fromString(publicDSA_openssh) class ConchTestClientConnection(connection.SSHConnection): """ @ivar _completed: A L{Deferred} which will be fired when the number of results collected reaches C{totalResults}. """ name = b"ssh-connection" results = 0 totalResults = 8 def __init__(self, channelFactory): connection.SSHConnection.__init__(self) self._channelFactory = channelFactory def serviceStarted(self): self.openChannel(self._channelFactory(conn=self)) class SSHTestChannel(channel.SSHChannel): def __init__(self, name, opened, args, *kwargs): self.name = name self._opened = opened self.received = [] self.receivedExt = [] self.onClose = defer.Deferred() channel.SSHChannel.__init__(self, args, kwargs) def openFailed(self, reason): self._opened.errback(reason) def channelOpen(self, ignore): self._opened.callback(self) def dataReceived(self, data): self.received.append(data) def extReceived(self, dataType, data): if dataType == connection.EXTENDED_DATA_STDERR: self.receivedExt.append(data) else: log.msg(f"Unrecognized extended data: {dataType!r}") def request_exit_status(self, status): [self.status] = struct.unpack(">L", status) def eofReceived(self): self.eofCalled = True def closed(self): self.onClose.callback(None) def conchTestPublicKeyChecker(): """ Produces a SSHPublicKeyChecker with an in-memory key mapping with a single use: 'testuser' @return: L{twisted.conch.checkers.SSHPublicKeyChecker} """ conchTestPublicKeyDB = checkers.InMemorySSHKeyDB( {b"testuser": [keys.Key.fromString(publicDSA_openssh)]} ) return checkers.SSHPublicKeyChecker(conchTestPublicKeyDB) class SSHProtocolTests(unittest.TestCase): """ Tests for communication between L{SSHServerTransport} and L{SSHClientTransport}. """ if not cryptography: skip = "can't run without cryptography" if not pyasn1: skip = "Cannot run without PyASN1" def _ourServerOurClientTest(self, name=b"session", kwargs): """ Create a connected SSH client and server protocol pair and return a L{Deferred} which fires with an L{SSHTestChannel} instance connected to a channel on that SSH connection. """ result = defer.Deferred() self.realm = ConchTestRealm(b"testuser") p = portal.Portal(self.realm) sshpc = ConchTestSSHChecker() sshpc.registerChecker(ConchTestPasswordChecker()) sshpc.registerChecker(conchTestPublicKeyChecker()) p.registerChecker(sshpc) fac = ConchTestServerFactory() fac.portal = p fac.startFactory() self.server = fac.buildProtocol(None) self.clientTransport = LoopbackRelay(self.server) self.client = ConchTestClient( lambda conn: SSHTestChannel(name, result, conn=conn, *kwargs) ) self.serverTransport = LoopbackRelay(self.client) self.server.makeConnection(self.serverTransport) self.client.makeConnection(self.clientTransport) return result def test_subsystemsAndGlobalRequests(self): """ Run the Conch server against the Conch client. Set up several different channels which exercise different behaviors and wait for them to complete. Verify that the channels with errors log them. """ channel = self._ourServerOurClientTest() def cbSubsystem(channel): self.channel = channel return self.assertFailure( channel.conn.sendRequest( channel, b"subsystem", common.NS(b"not-crazy"), 1 ), Exception, ) channel.addCallback(cbSubsystem) def cbNotCrazyFailed(ignored): channel = self.channel return channel.conn.sendRequest( channel, b"subsystem", common.NS(b"crazy"), 1 ) channel.addCallback(cbNotCrazyFailed) def cbGlobalRequests(ignored): channel = self.channel d1 = channel.conn.sendGlobalRequest(b"foo", b"bar", 1) d2 = channel.conn.sendGlobalRequest(b"foo-2", b"bar2", 1) d2.addCallback(self.assertEqual, b"data") d3 = self.assertFailure( channel.conn.sendGlobalRequest(b"bar", b"foo", 1), Exception ) return defer.gatherResults([d1, d2, d3]) channel.addCallback(cbGlobalRequests) def disconnect(ignored): self.assertEqual( self.realm.avatar.globalRequests, {"foo": b"bar", "foo_2": b"bar2"} ) channel = self.channel channel.conn.transport.expectedLoseConnection = True channel.conn.serviceStopped() channel.loseConnection() channel.addCallback(disconnect) return channel def test_shell(self): """ L{SSHChannel.sendRequest} can open a shell with a I{pty-req} request, specifying a terminal type and window size. """ channel = self._ourServerOurClientTest() data = session.packRequest_pty_req(b"conch-test-term", (24, 80, 0, 0), b"") def cbChannel(channel): self.channel = channel return channel.conn.sendRequest(channel, b"pty-req", data, 1) channel.addCallback(cbChannel) def cbPty(ignored): # The server-side object corresponding to our client side channel. session = self.realm.avatar.conn.channels[0].session self.assertIs(session.avatar, self.realm.avatar) self.assertEqual(session._terminalType, b"conch-test-term") self.assertEqual(session._windowSize, (24, 80, 0, 0)) self.assertTrue(session.ptyReq) channel = self.channel return channel.conn.sendRequest(channel, b"shell", b"", 1) channel.addCallback(cbPty) def cbShell(ignored): self.channel.write(b"testing the shell!\x00") self.channel.conn.sendEOF(self.channel) return defer.gatherResults( [self.channel.onClose, self.realm.avatar._testSession.onClose] ) channel.addCallback(cbShell) def cbExited(ignored): if self.channel.status != 0: log.msg("shell exit status was not 0: %i" % (self.channel.status,)) self.assertEqual( b"".join(self.channel.received), b"testing the shell!\x00\r\n" ) self.assertTrue(self.channel.eofCalled) self.assertTrue(self.realm.avatar._testSession.eof) channel.addCallback(cbExited) return channel def test_failedExec(self): """ If L{SSHChannel.sendRequest} issues an exec which the server responds to with an error, the L{Deferred} it returns fires its errback. """ channel = self._ourServerOurClientTest() def cbChannel(channel): self.channel = channel return self.assertFailure( channel.conn.sendRequest(channel, b"exec", common.NS(b"jumboliah"), 1), Exception, ) channel.addCallback(cbChannel) def cbFailed(ignored): # The server logs this exception when it cannot perform the # requested exec. errors = self.flushLoggedErrors(error.ConchError) self.assertEqual(errors[0].value.args, ("bad exec", None)) channel.addCallback(cbFailed) return channel def test_falseChannel(self): """ When the process started by a L{SSHChannel.sendRequest} exec request exits, the exit status is reported to the channel. """ channel = self._ourServerOurClientTest() def cbChannel(channel): self.channel = channel return channel.conn.sendRequest(channel, b"exec", common.NS(b"false"), 1) channel.addCallback(cbChannel) def cbExec(ignored): return self.channel.onClose channel.addCallback(cbExec) def cbClosed(ignored): # No data is expected self.assertEqual(self.channel.received, []) self.assertNotEqual(self.channel.status, 0) channel.addCallback(cbClosed) return channel def test_errorChannel(self): """ Bytes sent over the extended channel for stderr data are delivered to the channel's C{extReceived} method. """ channel = self._ourServerOurClientTest(localWindow=4, localMaxPacket=5) def cbChannel(channel): self.channel = channel return channel.conn.sendRequest( channel, b"exec", common.NS(b"eecho hello"), 1 ) channel.addCallback(cbChannel) def cbExec(ignored): return defer.gatherResults( [self.channel.onClose, self.realm.avatar._testSession.onClose] ) channel.addCallback(cbExec) def cbClosed(ignored): self.assertEqual(self.channel.received, []) self.assertEqual(b"".join(self.channel.receivedExt), b"hello\r\n") self.assertEqual(self.channel.status, 0) self.assertTrue(self.channel.eofCalled) self.assertEqual(self.channel.localWindowLeft, 4) self.assertEqual( self.channel.localWindowLeft, self.realm.avatar._testSession.remoteWindowLeftAtClose, ) channel.addCallback(cbClosed) return channel def test_unknownChannel(self): """ When an attempt is made to open an unknown channel type, the L{Deferred} returned by L{SSHChannel.sendRequest} fires its errback. """ d = self.assertFailure( self._ourServerOurClientTest(b"crazy-unknown-channel"), Exception ) def cbFailed(ignored): errors = self.flushLoggedErrors(error.ConchError) self.assertEqual(errors[0].value.args, (3, "unknown channel")) self.assertEqual(len(errors), 1) d.addCallback(cbFailed) return d def test_maxPacket(self): """ An L{SSHChannel} can be configured with a maximum packet size to receive. """ # localWindow needs to be at least 11 otherwise the assertion about it # in cbClosed is invalid. channel = self._ourServerOurClientTest(localWindow=11, localMaxPacket=1) def cbChannel(channel): self.channel = channel return channel.conn.sendRequest( channel, b"exec", common.NS(b"secho hello"), 1 ) channel.addCallback(cbChannel) def cbExec(ignored): return self.channel.onClose channel.addCallback(cbExec) def cbClosed(ignored): self.assertEqual(self.channel.status, 0) self.assertEqual(b"".join(self.channel.received), b"hello\r\n") self.assertEqual(b"".join(self.channel.receivedExt), b"hello\r\n") self.assertEqual(self.channel.localWindowLeft, 11) self.assertTrue(self.channel.eofCalled) channel.addCallback(cbClosed) return channel def test_echo(self): """ Normal standard out bytes are sent to the channel's C{dataReceived} method. """ channel = self._ourServerOurClientTest(localWindow=4, localMaxPacket=5) def cbChannel(channel): self.channel = channel return channel.conn.sendRequest( channel, b"exec", common.NS(b"echo hello"), 1 ) channel.addCallback(cbChannel) def cbEcho(ignored): return defer.gatherResults( [self.channel.onClose, self.realm.avatar._testSession.onClose] ) channel.addCallback(cbEcho) def cbClosed(ignored): self.assertEqual(self.channel.status, 0) self.assertEqual(b"".join(self.channel.received), b"hello\r\n") self.assertEqual(self.channel.localWindowLeft, 4) self.assertTrue(self.channel.eofCalled) self.assertEqual( self.channel.localWindowLeft, self.realm.avatar._testSession.remoteWindowLeftAtClose, ) channel.addCallback(cbClosed) return channel class SSHFactoryTests(unittest.TestCase): if not cryptography: skip = "can't run without cryptography" if not pyasn1: skip = "Cannot run without PyASN1" def makeSSHFactory(self, primes=None): sshFactory = factory.SSHFactory() gpk = lambda: {"ssh-rsa": keys.Key(None)} sshFactory.getPrimes = lambda: primes sshFactory.getPublicKeys = sshFactory.getPrivateKeys = gpk sshFactory.startFactory() return sshFactory def test_buildProtocol(self): """ By default, buildProtocol() constructs an instance of SSHServerTransport. """ factory = self.makeSSHFactory() protocol = factory.buildProtocol(None) self.assertIsInstance(protocol, transport.SSHServerTransport) def test_buildProtocolRespectsProtocol(self): """ buildProtocol() calls 'self.protocol()' to construct a protocol instance. """ calls = [] def makeProtocol(args): calls.append(args) return transport.SSHServerTransport() factory = self.makeSSHFactory() factory.protocol = makeProtocol factory.buildProtocol(None) self.assertEqual([()], calls) def test_buildProtocolNoPrimes(self): """ Group key exchanges are not supported when we don't have the primes database. """ f1 = self.makeSSHFactory(primes=None) p1 = f1.buildProtocol(None) self.assertNotIn( b"diffie-hellman-group-exchange-sha1", p1.supportedKeyExchanges ) self.assertNotIn( b"diffie-hellman-group-exchange-sha256", p1.supportedKeyExchanges ) def test_buildProtocolWithPrimes(self): """ Group key exchanges are supported when we have the primes database. """ f2 = self.makeSSHFactory(primes={1: (2, 3)}) p2 = f2.buildProtocol(None) self.assertIn(b"diffie-hellman-group-exchange-sha1", p2.supportedKeyExchanges) self.assertIn(b"diffie-hellman-group-exchange-sha256", p2.supportedKeyExchanges) def test_buildProtocolKexECDSA(self): """ ECDSA key exchanges are listed with 256 having a higher priority among ECDSA. """ f2 = self.makeSSHFactory() p2 = f2.buildProtocol(None) # The list might contain other algorightm. # For this test just check the order for ECDSA KEX. self.assertIn( b"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521", b",".join(p2.supportedKeyExchanges), ) class MPTests(unittest.TestCase): """ Tests for L{common.getMP}. @cvar getMP: a method providing a MP parser. @type getMP: C{callable} """ if not cryptography: skip = "can't run without cryptography" if not pyasn1: skip = "Cannot run without PyASN1" if cryptography: getMP = staticmethod(common.getMP) def test_getMP(self): """ L{common.getMP} should parse the a multiple precision integer from a string: a 4-byte length followed by length bytes of the integer. """ self.assertEqual(self.getMP(b"\x00\x00\x00\x04\x00\x00\x00\x01"), (1, b"")) def test_getMPBigInteger(self): """ L{common.getMP} should be able to parse a big enough integer (that doesn't fit on one byte). """ self.assertEqual( self.getMP(b"\x00\x00\x00\x04\x01\x02\x03\x04"), (16909060, b"") ) def test_multipleGetMP(self): """ L{common.getMP} has the ability to parse multiple integer in the same string. """ self.assertEqual( self.getMP( b"\x00\x00\x00\x04\x00\x00\x00\x01" b"\x00\x00\x00\x04\x00\x00\x00\x02", 2, ), (1, 2, b""), ) def test_getMPRemainingData(self): """ When more data than needed is sent to L{common.getMP}, it should return the remaining data. """ self.assertEqual( self.getMP(b"\x00\x00\x00\x04\x00\x00\x00\x01foo"), (1, b"foo") ) def test_notEnoughData(self): """ When the string passed to L{common.getMP} doesn't even make 5 bytes, it should raise a L{struct.error}. """ self.assertRaises(struct.error, self.getMP, b"\x02\x00") class GMPYInstallDeprecationTests(unittest.TestCase): """ Tests for the deprecation of former GMPY accidental public API. """ if not cryptography: skip = "cannot run without cryptography" def test_deprecated(self): """ L{twisted.conch.ssh.common.install} is deprecated. """ common.install() warnings = self.flushWarnings([self.test_deprecated]) self.assertEqual(len(warnings), 1) self.assertEqual( warnings[0]["message"], "twisted.conch.ssh.common.install was deprecated in Twisted 16.5.0", ) ��error.py��0000644��00000005143�15027667726�0006274 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ An error to represent bad things happening in Conch. Maintainer: Paul Swartz """ from twisted.cred.error import UnauthorizedLogin class ConchError(Exception): def __init__(self, value, data=None): Exception.__init__(self, value, data) self.value = value self.data = data class NotEnoughAuthentication(Exception): """ This is thrown if the authentication is valid, but is not enough to successfully verify the user. i.e. don't retry this type of authentication, try another one. """ class ValidPublicKey(UnauthorizedLogin): """ Raised by public key checkers when they receive public key credentials that don't contain a signature at all, but are valid in every other way. (e.g. the public key matches one in the user's authorized_keys file). Protocol code (eg L{SSHUserAuthServer<twisted.conch.ssh.userauth.SSHUserAuthServer>}) which attempts to log in using L{ISSHPrivateKey<twisted.cred.credentials.ISSHPrivateKey>} credentials should be prepared to handle a failure of this type by telling the user to re-authenticate using the same key and to include a signature with the new attempt. See U{http://www.ietf.org/rfc/rfc4252.txt} section 7 for more details. """ class IgnoreAuthentication(Exception): """ This is thrown to let the UserAuthServer know it doesn't need to handle the authentication anymore. """ class MissingKeyStoreError(Exception): """ Raised if an SSHAgentServer starts receiving data without its factory providing a keys dict on which to read/write key data. """ class UserRejectedKey(Exception): """ The user interactively rejected a key. """ class InvalidEntry(Exception): """ An entry in a known_hosts file could not be interpreted as a valid entry. """ class HostKeyChanged(Exception): """ The host key of a remote host has changed. @ivar offendingEntry: The entry which contains the persistent host key that disagrees with the given host key. @type offendingEntry: L{twisted.conch.interfaces.IKnownHostEntry} @ivar path: a reference to the known_hosts file that the offending entry was loaded from @type path: L{twisted.python.filepath.FilePath} @ivar lineno: The line number of the offending entry in the given path. @type lineno: L{int} """ def __init__(self, offendingEntry, path, lineno): Exception.__init__(self) self.offendingEntry = offendingEntry self.path = path self.lineno = lineno ��interfaces.py��0000644��00000035106�15027667726�0007270 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ This module contains interfaces defined for the L{twisted.conch} package. """ from zope.interface import Attribute, Interface class IConchUser(Interface): """ A user who has been authenticated to Cred through Conch. This is the interface between the SSH connection and the user. """ conn = Attribute("The SSHConnection object for this user.") def lookupChannel(channelType, windowSize, maxPacket, data): """ The other side requested a channel of some sort. C{channelType} is the type of channel being requested, as an ssh connection protocol channel type. C{data} is any other packet data (often nothing). We return a subclass of L{SSHChannel<ssh.channel.SSHChannel>}. If the channel type is unknown, we return C{None}. For other failures, we raise an exception. If a L{ConchError<error.ConchError>} is raised, the C{.value} will be the message, and the C{.data} will be the error code. @param channelType: The requested channel type @type channelType: L{bytes} @param windowSize: The initial size of the remote window @type windowSize: L{int} @param maxPacket: The largest packet we should send @type maxPacket: L{int} @param data: Additional request data @type data: L{bytes} @rtype: a subclass of L{SSHChannel} or L{None} """ def lookupSubsystem(subsystem, data): """ The other side requested a subsystem. We return a L{Protocol} implementing the requested subsystem. If the subsystem is not available, we return C{None}. @param subsystem: The name of the subsystem being requested @type subsystem: L{bytes} @param data: Additional request data (often nothing) @type data: L{bytes} @rtype: L{Protocol} or L{None} """ def gotGlobalRequest(requestType, data): """ A global request was sent from the other side. We return a true value on success or a false value on failure. If we indicate success by returning a tuple, its second item will be sent to the other side as additional response data. @param requestType: The type of the request @type requestType: L{bytes} @param data: Additional request data @type data: L{bytes} @rtype: boolean or L{tuple} """ class ISession(Interface): def getPty(term, windowSize, modes): """ Get a pseudo-terminal for use by a shell or command. If a pseudo-terminal is not available, or the request otherwise fails, raise an exception. """ def openShell(proto): """ Open a shell and connect it to proto. @param proto: a L{ProcessProtocol} instance. """ def execCommand(proto, command): """ Execute a command. @param proto: a L{ProcessProtocol} instance. """ def windowChanged(newWindowSize): """ Called when the size of the remote screen has changed. """ def eofReceived(): """ Called when the other side has indicated no more data will be sent. """ def closed(): """ Called when the session is closed. """ class EnvironmentVariableNotPermitted(ValueError): """Setting this environment variable in this session is not permitted.""" class ISessionSetEnv(Interface): """A session that can set environment variables.""" def setEnv(name, value): """ Set an environment variable for the shell or command to be started. From U{RFC 4254, section 6.4 <https://tools.ietf.org/html/rfc4254#section-6.4>}: "Uncontrolled setting of environment variables in a privileged process can be a security hazard. It is recommended that implementations either maintain a list of allowable variable names or only set environment variables after the server process has dropped sufficient privileges." (OpenSSH refuses all environment variables by default, but has an C{AcceptEnv} configuration option to select specific variables to accept.) @param name: The name of the environment variable to set. @type name: L{bytes} @param value: The value of the environment variable to set. @type value: L{bytes} @raise EnvironmentVariableNotPermitted: if setting this environment variable is not permitted. """ class ISFTPServer(Interface): """ SFTP subsystem for server-side communication. Each method should check to verify that the user has permission for their actions. """ avatar = Attribute( """ The avatar returned by the Realm that we are authenticated with, and represents the logged-in user. """ ) def gotVersion(otherVersion, extData): """ Called when the client sends their version info. otherVersion is an integer representing the version of the SFTP protocol they are claiming. extData is a dictionary of extended_name : extended_data items. These items are sent by the client to indicate additional features. This method should return a dictionary of extended_name : extended_data items. These items are the additional features (if any) supported by the server. """ return {} def openFile(filename, flags, attrs): """ Called when the clients asks to open a file. @param filename: a string representing the file to open. @param flags: an integer of the flags to open the file with, ORed together. The flags and their values are listed at the bottom of L{twisted.conch.ssh.filetransfer} as FXF_. @param attrs: a list of attributes to open the file with. It is a dictionary, consisting of 0 or more keys. The possible keys are:: size: the size of the file in bytes uid: the user ID of the file as an integer gid: the group ID of the file as an integer permissions: the permissions of the file with as an integer. the bit representation of this field is defined by POSIX. atime: the access time of the file as seconds since the epoch. mtime: the modification time of the file as seconds since the epoch. ext_: extended attributes. The server is not required to understand this, but it may. NOTE: there is no way to indicate text or binary files. it is up to the SFTP client to deal with this. This method returns an object that meets the ISFTPFile interface. Alternatively, it can return a L{Deferred} that will be called back with the object. """ def removeFile(filename): """ Remove the given file. This method returns when the remove succeeds, or a Deferred that is called back when it succeeds. @param filename: the name of the file as a string. """ def renameFile(oldpath, newpath): """ Rename the given file. This method returns when the rename succeeds, or a L{Deferred} that is called back when it succeeds. If the rename fails, C{renameFile} will raise an implementation-dependent exception. @param oldpath: the current location of the file. @param newpath: the new file name. """ def makeDirectory(path, attrs): """ Make a directory. This method returns when the directory is created, or a Deferred that is called back when it is created. @param path: the name of the directory to create as a string. @param attrs: a dictionary of attributes to create the directory with. Its meaning is the same as the attrs in the L{openFile} method. """ def removeDirectory(path): """ Remove a directory (non-recursively) It is an error to remove a directory that has files or directories in it. This method returns when the directory is removed, or a Deferred that is called back when it is removed. @param path: the directory to remove. """ def openDirectory(path): """ Open a directory for scanning. This method returns an iterable object that has a close() method, or a Deferred that is called back with same. The close() method is called when the client is finished reading from the directory. At this point, the iterable will no longer be used. The iterable should return triples of the form (filename, longname, attrs) or Deferreds that return the same. The sequence must support __getitem__, but otherwise may be any 'sequence-like' object. filename is the name of the file relative to the directory. logname is an expanded format of the filename. The recommended format is: -rwxr-xr-x 1 mjos staff 348911 Mar 25 14:29 t-filexfer 1234567890 123 12345678 12345678 12345678 123456789012 The first line is sample output, the second is the length of the field. The fields are: permissions, link count, user owner, group owner, size in bytes, modification time. attrs is a dictionary in the format of the attrs argument to openFile. @param path: the directory to open. """ def getAttrs(path, followLinks): """ Return the attributes for the given path. This method returns a dictionary in the same format as the attrs argument to openFile or a Deferred that is called back with same. @param path: the path to return attributes for as a string. @param followLinks: a boolean. If it is True, follow symbolic links and return attributes for the real path at the base. If it is False, return attributes for the specified path. """ def setAttrs(path, attrs): """ Set the attributes for the path. This method returns when the attributes are set or a Deferred that is called back when they are. @param path: the path to set attributes for as a string. @param attrs: a dictionary in the same format as the attrs argument to L{openFile}. """ def readLink(path): """ Find the root of a set of symbolic links. This method returns the target of the link, or a Deferred that returns the same. @param path: the path of the symlink to read. """ def makeLink(linkPath, targetPath): """ Create a symbolic link. This method returns when the link is made, or a Deferred that returns the same. @param linkPath: the pathname of the symlink as a string. @param targetPath: the path of the target of the link as a string. """ def realPath(path): """ Convert any path to an absolute path. This method returns the absolute path as a string, or a Deferred that returns the same. @param path: the path to convert as a string. """ def extendedRequest(extendedName, extendedData): """ This is the extension mechanism for SFTP. The other side can send us arbitrary requests. If we don't implement the request given by extendedName, raise NotImplementedError. The return value is a string, or a Deferred that will be called back with a string. @param extendedName: the name of the request as a string. @param extendedData: the data the other side sent with the request, as a string. """ class IKnownHostEntry(Interface): """ A L{IKnownHostEntry} is an entry in an OpenSSH-formatted C{known_hosts} file. @since: 8.2 """ def matchesKey(key): """ Return True if this entry matches the given Key object, False otherwise. @param key: The key object to match against. @type key: L{twisted.conch.ssh.keys.Key} """ def matchesHost(hostname): """ Return True if this entry matches the given hostname, False otherwise. Note that this does no name resolution; if you want to match an IP address, you have to resolve it yourself, and pass it in as a dotted quad string. @param hostname: The hostname to match against. @type hostname: L{str} """ def toString(): """ @return: a serialized string representation of this entry, suitable for inclusion in a known_hosts file. (Newline not included.) @rtype: L{str} """ class ISFTPFile(Interface): """ This represents an open file on the server. An object adhering to this interface should be returned from L{openFile}(). """ def close(): """ Close the file. This method returns nothing if the close succeeds immediately, or a Deferred that is called back when the close succeeds. """ def readChunk(offset, length): """ Read from the file. If EOF is reached before any data is read, raise EOFError. This method returns the data as a string, or a Deferred that is called back with same. @param offset: an integer that is the index to start from in the file. @param length: the maximum length of data to return. The actual amount returned may less than this. For normal disk files, however, this should read the requested number (up to the end of the file). """ def writeChunk(offset, data): """ Write to the file. This method returns when the write completes, or a Deferred that is called when it completes. @param offset: an integer that is the index to start from in the file. @param data: a string that is the data to write. """ def getAttrs(): """ Return the attributes for the file. This method returns a dictionary in the same format as the attrs argument to L{openFile} or a L{Deferred} that is called back with same. """ def setAttrs(attrs): """ Set the attributes for the file. This method returns when the attributes are set or a Deferred that is called back when they are. @param attrs: a dictionary in the same format as the attrs argument to L{openFile}. """ ��insults/text.py��0000644��00000012467�15027667726�0007637 0��ustar�00��# -- test-case-name: twisted.conch.test.test_text -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Character attribute manipulation API. This module provides a domain-specific language (using Python syntax) for the creation of text with additional display attributes associated with it. It is intended as an alternative to manually building up strings containing ECMA 48 character attribute control codes. It currently supports foreground and background colors (black, red, green, yellow, blue, magenta, cyan, and white), intensity selection, underlining, blinking and reverse video. Character set selection support is planned. Character attributes are specified by using two Python operations: attribute lookup and indexing. For example, the string \"Hello world\" with red foreground and all other attributes set to their defaults, assuming the name twisted.conch.insults.text.attributes has been imported and bound to the name \"A\" (with the statement C{from twisted.conch.insults.text import attributes as A}, for example) one uses this expression:: A.fg.red[\"Hello world\"] Other foreground colors are set by substituting their name for \"red\". To set both a foreground and a background color, this expression is used:: A.fg.red[A.bg.green[\"Hello world\"]] Note that either A.bg.green can be nested within A.fg.red or vice versa. Also note that multiple items can be nested within a single index operation by separating them with commas:: A.bg.green[A.fg.red[\"Hello\"], " ", A.fg.blue[\"world\"]] Other character attributes are set in a similar fashion. To specify a blinking version of the previous expression:: A.blink[A.bg.green[A.fg.red[\"Hello\"], " ", A.fg.blue[\"world\"]]] C{A.reverseVideo}, C{A.underline}, and C{A.bold} are also valid. A third operation is actually supported: unary negation. This turns off an attribute when an enclosing expression would otherwise have caused it to be on. For example:: A.underline[A.fg.red[\"Hello\", -A.underline[\" world\"]]] A formatting structure can then be serialized into a string containing the necessary VT102 control codes with L{assembleFormattedText}. @see: L{twisted.conch.insults.text._CharacterAttributes} @author: Jp Calderone """ from incremental import Version from twisted.conch.insults import helper, insults from twisted.python import _textattributes from twisted.python.deprecate import deprecatedModuleAttribute flatten = _textattributes.flatten deprecatedModuleAttribute( Version("Twisted", 13, 1, 0), "Use twisted.conch.insults.text.assembleFormattedText instead.", "twisted.conch.insults.text", "flatten", ) _TEXT_COLORS = { "black": helper.BLACK, "red": helper.RED, "green": helper.GREEN, "yellow": helper.YELLOW, "blue": helper.BLUE, "magenta": helper.MAGENTA, "cyan": helper.CYAN, "white": helper.WHITE, } class _CharacterAttributes(_textattributes.CharacterAttributesMixin): """ Factory for character attributes, including foreground and background color and non-color attributes such as bold, reverse video and underline. Character attributes are applied to actual text by using object indexing-syntax (C{obj['abc']}) after accessing a factory attribute, for example:: attributes.bold['Some text'] These can be nested to mix attributes:: attributes.bold[attributes.underline['Some text']] And multiple values can be passed:: attributes.normal[attributes.bold['Some'], ' text'] Non-color attributes can be accessed by attribute name, available attributes are: - bold - blink - reverseVideo - underline Available colors are: 0. black 1. red 2. green 3. yellow 4. blue 5. magenta 6. cyan 7. white @ivar fg: Foreground colors accessed by attribute name, see above for possible names. @ivar bg: Background colors accessed by attribute name, see above for possible names. """ fg = _textattributes._ColorAttribute( _textattributes._ForegroundColorAttr, _TEXT_COLORS ) bg = _textattributes._ColorAttribute( _textattributes._BackgroundColorAttr, _TEXT_COLORS ) attrs = { "bold": insults.BOLD, "blink": insults.BLINK, "underline": insults.UNDERLINE, "reverseVideo": insults.REVERSE_VIDEO, } def assembleFormattedText(formatted): """ Assemble formatted text from structured information. Currently handled formatting includes: bold, blink, reverse, underline and color codes. For example:: from twisted.conch.insults.text import attributes as A assembleFormattedText( A.normal[A.bold['Time: '], A.fg.lightRed['Now!']]) Would produce "Time: " in bold formatting, followed by "Now!" with a foreground color of light red and without any additional formatting. @param formatted: Structured text and attributes. @rtype: L{str} @return: String containing VT102 control sequences that mimic those specified by C{formatted}. @see: L{twisted.conch.insults.text._CharacterAttributes} @since: 13.1 """ return _textattributes.flatten(formatted, helper._FormattingState(), "toVT102") attributes = _CharacterAttributes() __all__ = ["attributes", "flatten"] ��insults/__pycache__/text.cpython-310.pyc��0000644��00000012427�15027667726�0014172 0��ustar�00��o ��b7�� @��s��d�Z�ddlmZ�ddlmZmZ�ddlmZ�ddlm Z �ej Z e edddd�d d d��ejejej ejejejejejd�ZG�d d��dej�Zdd��Ze��ZddgZdS�)aJ�� Character attribute manipulation API. This module provides a domain-specific language (using Python syntax) for the creation of text with additional display attributes associated with it. It is intended as an alternative to manually building up strings containing ECMA 48 character attribute control codes. It currently supports foreground and background colors (black, red, green, yellow, blue, magenta, cyan, and white), intensity selection, underlining, blinking and reverse video. Character set selection support is planned. Character attributes are specified by using two Python operations: attribute lookup and indexing. For example, the string "Hello world" with red foreground and all other attributes set to their defaults, assuming the name twisted.conch.insults.text.attributes has been imported and bound to the name "A" (with the statement C{from twisted.conch.insults.text import attributes as A}, for example) one uses this expression:: A.fg.red["Hello world"] Other foreground colors are set by substituting their name for "red". To set both a foreground and a background color, this expression is used:: A.fg.red[A.bg.green["Hello world"]] Note that either A.bg.green can be nested within A.fg.red or vice versa. Also note that multiple items can be nested within a single index operation by separating them with commas:: A.bg.green[A.fg.red["Hello"], " ", A.fg.blue["world"]] Other character attributes are set in a similar fashion. To specify a blinking version of the previous expression:: A.blink[A.bg.green[A.fg.red["Hello"], " ", A.fg.blue["world"]]] C{A.reverseVideo}, C{A.underline}, and C{A.bold} are also valid. A third operation is actually supported: unary negation. This turns off an attribute when an enclosing expression would otherwise have caused it to be on. For example:: A.underline[A.fg.red["Hello", -A.underline[" world"]]] A formatting structure can then be serialized into a string containing the necessary VT102 control codes with L{assembleFormattedText}. @see: L{twisted.conch.insults.text._CharacterAttributes} @author: Jp Calderone ��)�Version)�helper�insults)�_textattributes)�deprecatedModuleAttribute�Twisted� ��z=Use twisted.conch.insults.text.assembleFormattedText instead.ztwisted.conch.insults.text�flatten)�black�red�green�yellow�blue�magenta�cyan�whitec��@��sB��e�Zd�ZdZe�eje�Ze�ej e�Z ejej ejejd�ZdS�)�_CharacterAttributesaA�� Factory for character attributes, including foreground and background color and non-color attributes such as bold, reverse video and underline. Character attributes are applied to actual text by using object indexing-syntax (C{obj['abc']}) after accessing a factory attribute, for example:: attributes.bold['Some text'] These can be nested to mix attributes:: attributes.bold[attributes.underline['Some text']] And multiple values can be passed:: attributes.normal[attributes.bold['Some'], ' text'] Non-color attributes can be accessed by attribute name, available attributes are: - bold - blink - reverseVideo - underline Available colors are: 0. black 1. red 2. green 3. yellow 4. blue 5. magenta 6. cyan 7. white @ivar fg: Foreground colors accessed by attribute name, see above for possible names. @ivar bg: Background colors accessed by attribute name, see above for possible names. )�bold�blink� underline�reverseVideoN)�__name__� __module__�__qualname__�__doc__r��_ColorAttribute�_ForegroundColorAttr�_TEXT_COLORS�fg�_BackgroundColorAttr�bgr��BOLD�BLINK� UNDERLINE� REVERSE_VIDEO�attrs��r'��r'��</usr/lib/python3/dist-packages/twisted/conch/insults/text.pyr��V��s��,�� r��c��C��s��t��\|�t��d�S�)a�� Assemble formatted text from structured information. Currently handled formatting includes: bold, blink, reverse, underline and color codes. For example:: from twisted.conch.insults.text import attributes as A assembleFormattedText( A.normal[A.bold['Time: '], A.fg.lightRed['Now!']]) Would produce "Time: " in bold formatting, followed by "Now!" with a foreground color of light red and without any additional formatting. @param formatted: Structured text and attributes. @rtype: L{str} @return: String containing VT102 control sequences that mimic those specified by C{formatted}. @see: L{twisted.conch.insults.text._CharacterAttributes} @since: 13.1 �toVT102)r��r ��r��_FormattingState)� formattedr'��r'��r(��assembleFormattedText��s��r,�� attributesN)r��incrementalr��twisted.conch.insultsr��r��twisted.pythonr��twisted.python.deprecater��r ��BLACK�RED�GREEN�YELLOW�BLUE�MAGENTA�CYAN�WHITEr��CharacterAttributesMixinr��r,��r-��__all__r'��r'��r'��r(��<module>��s2��6��<��insults/__pycache__/__init__.cpython-310.pyc��0000644��00000000356�15027667726�0014743 0��ustar�00��o ��bL��@��s��d�Z�dS�)zE Insults: a replacement for Curses/S-Lang. Very basic at the moment.N)�__doc__��r��r��@/usr/lib/python3/dist-packages/twisted/conch/insults/__init__.py�<module>��s��insults/__pycache__/window.cpython-310.pyc��0000644��00000070523�15027667726�0014516 0��ustar�00��o ��bk��@��s��d�Z�ddlZddlmZmZ�ddlmZ�G�dd��de�Z G�dd��d�Z G�d d ��d �ZG�dd��de�ZG�d d��de�Z G�dd��de�ZG�dd��de�ZG�dd��de�ZG�dd��de�ZG�dd��de�ZG�dd��de�Zdd��Zdd��Zdd ��ZG�d!d"��d"e�ZG�d#d$��d$e�ZG�d%d&��d&e�ZG�d'd(��d(e�ZG�d)d��de�ZG�d+d,��d,e�ZG�d-d.��d.e�ZG�d/d0��d0e�ZG�d1d2��d2e�ZG�d3d4��d4e�Z G�d5d6��d6e�Z!d7d8��Z"G�d9d:��d:e�Z#dS�);z< Simple insults-based widget library @author: Jp Calderone ��N)�helper�insults)�textc��@��e�Zd�ZdZdS�)� YieldFocusz, Input focus manipulation exception N)�__name__� __module__�__qualname__�__doc__��r��r��>/usr/lib/python3/dist-packages/twisted/conch/insults/window.pyr��r��c��@��,��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd S�) �BoundedTerminalWrapperc��C��sJ��\|\|�_�\|\|�_\|\|�_\|\|�_\|\|�_\|j\|�_\|j\|�_\|j\|�_\|j\|�_\|j \|�_ d�S��N) �width�height�xoff�yoff�terminal� cursorForward�selectCharacterSet�selectGraphicRendition� saveCursor� restoreCursor)�selfr��r��r��r��r��r��r��r��__init__��s��zBoundedTerminalWrapper.__init__c��C��s��\|�j��\|�jt\|�j\|��\|�jt\|�j\|��S�r��)r��cursorPositionr��minr��r��r��)r��x�yr��r��r��r��"��s�� z%BoundedTerminalWrapper.cursorPositionc��C��s��\|�j��\|�j\|�j�S�r��)r��r��r��r��r��r��r��r�� cursorHome'��s��z!BoundedTerminalWrapper.cursorHomec��C��s��\|�j��\|�S�r��)r��write)r��datar��r��r��r#����zBoundedTerminalWrapper.writeN)r��r��r ��r��r��r"��r#��r��r��r��r��r��s ��r��c��@��s��e�Zd�ZdZdZdZd�ZZdd��Zdd��Z dd��Z d d ��Zdd��Zd d��Z dd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��ZdS�)�WidgetFNc��C��s4��\|�j�sd\|�_�\|�jd�ur\|�jj�s\|�j��d�S�d�S�d�S��NT)�dirty�parent�repaintr!��r��r��r��r��4��s ��zWidget.repaintc��C��s ��d\|�_�d�S�r'��)r(��r!��r��r��r��filthy:�� z Widget.filthyc��C��s��\|��\|��\|\|\|��d�S�r��)r+��draw�r��r��r��r��r��r��r��redraw=��s��z Widget.redrawc��C��sB��\|\|�j�ks \|\|�jks \|�jr\|\|�_�\|\|�_d\|�_\|��\|\|\|��d�S�d�S��NF)r��r��r(��renderr.��r��r��r��r-��A��s��zWidget.drawc��C��d�S�r��r��r.��r��r��r��r1��H��z Widget.renderc��C��r2��r��r��r!��r��r��r��sizeHintK��r3��zWidget.sizeHintc��C��sT��\|dkr\|��\|��d�S�\|dkr\|��d�S�\|tjv�r"\|��\|\|��d�S�\|��\|\|��d�S�)N�� )�tabReceived�backspaceReceivedr�� FUNCTION_KEYS�functionKeyReceived�characterReceived�r��keyID�modifierr��r��r��keystrokeReceivedN��s�� zWidget.keystrokeReceivedc��C��t��r��r��r��r>��r��r��r��r7��X��zWidget.tabReceivedc��C��s��d\|�_�\|��dS�)z� Called when focus is being given to this widget. May raise YieldFocus is this widget does not want focus. TN��focusedr��r!��r��r��r�� focusReceived\��s��zWidget.focusReceivedc��C��s��d\|�_�\|��d�S�r0��rD��r!��r��r��r�� focusLoste��zWidget.focusLostc��C��r2��r��r��r!��r��r��r��r8��i��r3��zWidget.backspaceReceivedc��C��s@��\|}t�\|t�s\|�d�}t\|�d\|�d��}\|d�ur\|\|��d�S�d�S�)N�utf-8�func_)� isinstance�str�decode�getattr)r��r=��r>��name�funcr��r��r��r:��l��s�� zWidget.functionKeyReceivedc��C��r2��r��r��r<��r��r��r��r;��t��r3��zWidget.characterReceived)r��r��r ��rE��r)��r(��r��r��r��r+��r/��r-��r1��r4��r?��r7��rF��rG��r8��r:��r;��r��r��r��r��r&��.��s$�� r&��c��@��sX��e�Zd�ZdZdZdZdd��Zdd��Zdd ��Zd d��Z dd ��Z dd��Zdd��Zdd��Z dS�)�ContainerWidgetzZ @ivar focusedChild: The contained widget which currently has focus, or None. NFc��C��s��t��\|��g�\|�_d�S�r��)r&��r��childrenr!��r��r��r��r�� zContainerWidget.__init__c��C��sb��\|j�d�u�sJ��\|�\|_�\|�j�\|��\|�jd�u�r+\|�jr+z\|��W�n �ty'��Y�nw�\|\|�_\|��d�S�r��)r)��rR��append�focusedChildrE��rF��r��r��r��childr��r��r��addChild��s��zContainerWidget.addChildc��C��s,��\|j�\|�u�sJ��d�\|_�\|�j�\|��\|��d�S�r��)r)��rR��remover��rV��r��r��r��remChild��s��zContainerWidget.remChildc��C��s"��\|�j�D�]}\|��qt�\|��d�S�r��)rR��r+��r&��)r��chr��r��r��r+��s�� zContainerWidget.filthyc��C��s��\|�j�D�] }\|�\|\|\|��qd�S�r��)rR��r-��)r��r��r��r��r[��r��r��r��r1��s�� zContainerWidget.renderc��C��s��\|��\|�jd�ur)\|�j��\|�j}d�\|�_z \|�j�\|�d�}W�n�ty(��t��w�d}\|t\|�j�k�rXz \|�j\|��W�n �tyH��\|d7�}Y�n w�\|�j\|�\|�_d�S�\|t\|�j�k�s2t��)N��r��) r��rU��rG��rR��index� ValueErrorr��lenrF��)r��rU��curFocusr��r��r��changeFocus��s�� zContainerWidget.changeFocusc��C��s��\|��d\|�_d�S�r'��)ra��rE��r!��r��r��r��rF��s�� zContainerWidget.focusReceivedc��C��sV��\|�j�d�ur"z \|�j��\|\|��W�d�S��ty!��\|��\|��Y�d�S�w�t�\|�\|\|��d�S�r��)rU��r?��r��ra��r��r&��r<��r��r��r��r?��s�� z!ContainerWidget.keystrokeReceived)r��r��r ��r ��rU��rE��r��rX��rZ��r+��r1��ra��rF��r?��r��r��r��r��rQ��x��s�� rQ��c��@��s@��e�Zd�ZdZdZdd��ZdZdd��Zdd ��Zd d��Z dd ��Z dS�)� TopWindowaM�� A top-level container object which provides focus wrap-around and paint scheduling. @ivar painter: A no-argument callable which will be invoked when this widget needs to be redrawn. @ivar scheduler: A one-argument callable which will be invoked with a no-argument callable and should arrange for it to invoked at some point in the near future. The no-argument callable will cause this widget and all its children to be redrawn. It is typically beneficial for the no-argument callable to be invoked at the end of handling for whatever event is currently active; for example, it might make sense to call it at the end of L{twisted.conch.insults.insults.ITerminalProtocol.keystrokeReceived}. Note, however, that since calls to this may also be made in response to no apparent event, arrangements should be made for the function to be called even if an event handler such as C{keystrokeReceived} is not on the call stack (eg, using L{reactor.callLater<twisted.internet.interfaces.IReactorTime.callLater>} with a short timeout). Tc��C��t��\|��\|\|�_\|\|�_d�S�r��)rQ��r��painter� scheduler)r��rd��re��r��r��r��r�� zTopWindow.__init__Nc��C��s,��\|�j�d�u�rt��\|�_�\|��\|�j��t�\|��d�S�r��)� _paintCall�objectre��_paintrQ��r��r!��r��r��r��r��s�� zTopWindow.repaintc��C��s��d�\|�_�\|��d�S�r��)rg��rd��r!��r��r��r��ri��rH��zTopWindow._paintc��C��sJ��zt��\|��W�d�S��ty$��z t��\|��W�Y�d�S��ty#��Y�Y�d�S�w�w�r��)rQ��ra��r��r!��r��r��r��ra��s��zTopWindow.changeFocusc��C��s2��z t��\|�\|\|��W�d�S��ty��\|��Y�d�S�w�r��)rQ��r?��r��ra��r<��r��r��r��r?��s ��zTopWindow.keystrokeReceived)r��r��r ��r ��rE��r��rg��r��ri��ra��r?��r��r��r��r��rb��s�� rb��c��@��s��e�Zd�Zdd��Zdd��ZdS�)�AbsoluteBoxc��C��sF��t�t\|�j��D�]}\|�j\|�d�\|u�r\|\|\|f\|�j\|<��d�S�qtd\|��)Nr��z No such child)�ranger_��rR��r^��)r��rW��r��r ��nr��r��r�� moveChild��s�� zAbsoluteBox.moveChildc��C��s<��\|�j�D�]\}}}t\|\|\|�\|\|�\|\|�}\|�\|\|\|��qd�S�r��)rR��r��r-��)r��r��r��r��r[��r��r ��wrapr��r��r��r1��s��zAbsoluteBox.renderN)r��r��r ��rm��r1��r��r��r��r��rj��s��rj��c��@��s6��e�Zd�Zed�\ZZZefdd�Zdd��Zdd��Z dS�) �_Box��c��C��t��\|��\|\|�_d�S�r��)rQ��r��gravity)r��rr��r��r��r��r��rS��z _Box.__init__c��C��s��d}d}\|�j�D�]`}\|��}\|d�u�rd}\|�jdkr@\|d�d�u�r!d�}n \|d�ur+\|\|d�7�}\|d�d�u�r4d�}q\|d�ur?t\|\|d��}q\|d�d�u�rId�}n\|d�urTt\|\|d��}\|d�d�u�r]d�}q\|d�urg\|\|d�7�}q\|\|fS�)Nr��NNr\��)rR��r4��variableDimension�max)r��r��r��r[��hintr��r��r��r4��s4�� z _Box.sizeHintc��C��s��\|�j�sd�S�d}g�}\|�j�D�]}\|��}\|d�u�rd}\|\|�j�d�u�r#\|d7�}\|�\|\|�j��q\|\|f\|�j�}tdd��\|D��} \|rFt\|\| �\|��} d�}}t\|\|�j��D�]6\} }\| d�u�rZ\| } \|\|}}\|�jdkrg\| }n\| }t\|\|\|\|\|�}\|�\|\|\|��\|�jdkr�\|\| 7�}qP\|\| 7�}qPd�S�)Nr��rs��r\��c��s��s��\|�] }\|d�ur\|V��qd�S�r��r��)�.0�wr��r��r�� <genexpr>D��s��z_Box.render.<locals>.<genexpr>) rR��r4��rt��rT��sum�int�zipr��r-��)r��r��r��r��greedy�wantsr[��rv��length� totalWant� leftForGreedy�widthOffset�heightOffset�want�subWidth� subHeightrn��r��r��r��r1��5��sF�� z_Box.renderN) r��r��r ��rk��TOP�CENTER�BOTTOMr��r4��r1��r��r��r��r��ro��s ��ro��c��@��r��)�HBoxr��N�r��r��r ��rt��r��r��r��r��r��b��r ��r��c��@��r��)�VBoxr\��Nr��r��r��r��r��r��f��r ��r��c��@��e�Zd�Zdd��ZdS�)�Packerc�� C��s��\|�j�sd�S�tt\|�j��d�d��}dd��t\|�D��}t\|�j��D�]\}}\|\|t\|��\|��qt��}t\|j\|��\|�\|\|\|��d�S�)Ng��?c��S��s��g�\|�]}t��qS�r��)r��)rw��rl��r��r��r�� <listcomp>p��s��z!Packer.render.<locals>.<listcomp>) rR��r{��r_��rk�� enumeraterX��r��mapr1��) r��r��r��r��root�boxesrl��r[��hr��r��r��r1��k��s��z Packer.renderN)r��r��r ��r1��r��r��r��r��r��j��r��c��@��sD��e�Zd�ZdZdZdd��Zdd��Zdd��Zd d ��Zdd��Z d d��Z dS�)�CanvasFNc��C��s��t��\|��\|��dd��d�S��Nr\��)r&��r��resizer!��r��r��r��r��}��s�� zCanvas.__init__c��C��s��t��dd\|�\|��}\|�jd�ur1tt\|\|�j��D�]}tt\|\|�j��D�]}\|�\|\|f�\|\|\|�\|�<�q!q\|\|�_\|\|�_\|\|�_\|�j\|krD\|d�\|�_\|�j\|krP\|d�\|�_d�S�d�S�)N�B�� r\��)�array�contentsrk��r��_width�_heightr��r ��)r��r��r��r��r��r ��r��r��r��r��s�� z Canvas.resizec��C��s��\|\}}\|�j�\|�j\|�\|��S�r��r��r��)r��r]��r��r ��r��r��r��__getitem__��s��zCanvas.__getitem__c��C��s ��\|\}}\|\|�j�\|�j\|�\|�<�d�S�r��r��)r��r]��valuer��r ��r��r��r��__setitem__��s��zCanvas.__setitem__c��C��s��t��ddt\|�j��\|�_d�S�)Nr��r��)r��r_��r��r!��r��r��r��clear��s��zCanvas.clearc��C��s��\|r\|sd�S�\|\|�j�ks\|\|�jkr\|��\|\|��t\|�D�]%}\|�d\|��\|�j\|�j�\|�\|�j�\|�\|�j��}\|d�\|��}\|�\|��qd�S��Nr��)r��r��r��rk��r��r��tobytesr#��)r��r��r��r��ir��r��r��r��r1��s��z Canvas.render)r��r��r ��rE��r��r��r��r��r��r��r1��r��r��r��r��r��x��s��r��c��C��sB��\|��tjtj��\|��\|\|��\|��d\|\|��\|��tjtj��d�S�)N��q)r��r�� CS_DRAWING�G0r��r#��CS_US)r��r ��left�rightr��r��r��horizontalLine��s��r��c��C��sJ��\|��tjtj��t\|\|�D�] }\|��\|\|��\|��d��q \|��tjtj��d�S�)N��x)r��r��r��r��rk��r��r#��r��)r��r��top�bottomrl��r��r��r��verticalLine��s ��r��c��C��s��\|\}}\|\}}\|��tjtj��\|��\|\|��\|��d��\|��d\|d��\|��d��t\|d��D�]}\|��\|\|\|�d��\|��d��\|��\|d��\|��d��q/\|��d\|\|�d��\|��d��\|��d\|d��\|��d ��\|��tjtj��d S�)z� Draw a rectangle @type position: L{tuple} @param position: A tuple of the (top, left) coordinates of the rectangle. @type dimension: L{tuple} @param dimension: A tuple of the (width, height) size of the rectangle. ��lr��kr\��r��r��m��jN) r��r��r��r��r��r#��rk��r��r��)r��position� dimensionr��r��r��r��rl��r��r��r�� rectangle��s"�� r��c��@��sD��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dS�)�Borderc��C��s��t��\|��\|\|�_\|�\|�j_d�S�r��)r&��r�� containeer)��r��r��r��r��r��r��s�� zBorder.__init__c��C�� \|�j��S�r��)r��rF��r!��r��r��r��rF��r,��zBorder.focusReceivedc��C��r��r��)r��rG��r!��r��r��r��rG��r,��zBorder.focusLostc��C��s��\|�j��\|\|�S�r��)r��r?��r<��r��r��r��r?��zBorder.keystrokeReceivedc��C��s`��\|�j��}\|d�u�rd}\|d�d�u�rd�}n\|d�d�}\|d�d�u�r&d�}\|\|fS�\|d�d�}\|\|fS�)Nrs��r��r��r\��)r��r4��)r��rv��r��r ��r��r��r��r4��s�� zBorder.sizeHintc��C��\|�j��t�\|��d�S�r��r��r+��r&��r!��r��r��r��r+�� z Border.filthyc��C��s`��\|�j�jr \|�d��t\|d\|\|f��\|�d��t\|\|d�\|d�dd�}\|�j��\|d�\|d�\|��d�S�)N��[31m)r��r��[0mr��r\��)r��rE��r#��r��r��r-��)r��r��r��r��rn��r��r��r��r1��s�� z Border.renderN) r��r��r ��r��rF��rG��r?��r4��r+��r1��r��r��r��r��r��s��r��c��@��r��) �Buttonc��C��rc��r��)r&��r��label�onPress)r��r��r��r��r��r��r��rf��zButton.__init__c��C��s��t�\|�j�dfS�r��)r_��r��r!��r��r��r��r4��r��zButton.sizeHintc��C��s��\|dkr \|��d�S�d�S��N�� )r��r<��r��r��r��r;�� s��zButton.characterReceivedc��C��s:��\|��dd��\|�jr\|�d\|�j�d��d�S�\|�\|�j��d�S�)Nr��s��[1mr��)r��rE��r#��r��r.��r��r��r��r1�� s��z Button.renderN)r��r��r ��r��r4��r;��r1��r��r��r��r��r��s ��r��c��@��sT��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dd��Z dd��ZdS�)� TextInputc��C��s&��t��\|��\|\|�_\|\|�_d\|�_d\|�_d�S�)N��r��)r&��r��onSubmit�maxwidth�buffer�cursor)r��r��r��r��r��r��r��s �� zTextInput.__init__c��C��s(��\|d�\|�j��\|�_t\|�j�\|�_\|��d�S�r��)r��r��r_��r��r��r��r��r��r��r��setText��s��zTextInput.setTextc��C��s(��\|�j�dkr\|��j�d8��_�\|��d�S�d�S��Nr��r\��)r��r��rB��r��r��r��func_LEFT_ARROW"��s�� zTextInput.func_LEFT_ARROWc��C��s.��\|�j�t\|�j�k�r\|��j�d7��_�\|��d�S�d�S�r��)r��r_��r��r��rB��r��r��r��func_RIGHT_ARROW'��s��zTextInput.func_RIGHT_ARROWc��C��sN��\|�j�dkr%\|�jd�\|�j�d��\|�j\|�j�d��\|�_\|��j�d8��_�\|��d�S�d�S�r��)r��r��r��r!��r��r��r��r8��,��s �� &�zTextInput.backspaceReceivedc��C��sl��\|dkr\|��\|�j��d�S�t\|�j�\|�jk�r4\|�jd�\|�j��\|�\|�j\|�jd��\|�_\|��jd7��_\|��d�S�d�S�)Nr��r\��)r��r��r_��r��r��r��r<��r��r��r��r;��2��s��"��zTextInput.characterReceivedc��C��s��\|�j�d�dfS�r��)r��r!��r��r��r��r4��=��r��zTextInput.sizeHintc��C��s��\|��}\|�dd��\|�jrB\|�\|d�\|�j��t\|\|\|�j\|�jd��p$d��\|�\|\|�jd�d��\|�d\|�jt\|��d��d�S�\|�jt\|��}\|�\|d\|��d�S�)Nr��r\��r��_)�_renderTextr��rE��r#��r��r��r_��)r��r��r��r��currentText�morer��r��r��r1��@��s�� zTextInput.renderc��C��\|�j�S�r��)r��r!��r��r��r��r��L��zTextInput._renderTextN)r��r��r ��r��r��r��r��r8��r;��r4��r1��r��r��r��r��r��r��s��r��c��@��r��)� PasswordInputc��C��s��dt�\|�j��S�)N�)r_��r��r!��r��r��r��r��Q��r��zPasswordInput._renderTextN)r��r��r ��r��r��r��r��r��r��P��r��r��c��@��s:��e�Zd�ZdZd dd�Zdd��Zdd��Zd d ��Zdd��ZdS�)� TextOutputr��Nc��C��rq��r��)r&��r��size)r��r��r��r��r��r��X��rS��zTextOutput.__init__c��C��r��r��)r��r!��r��r��r��r4��\��r��zTextOutput.sizeHintc��C��s8��\|��dd��\|�jd�\|��}\|�\|d\|t\|��d�S��Nr��r��)r��r��r#��r_��)r��r��r��r��r��r��r��r��r1��_��s��zTextOutput.renderc��C��s��\|\|�_�\|��d�S�r��)r��r��r��r��r��r��r��d��rH��zTextOutput.setTextc��C��r@��r��rA��r!��r��r��r��rF��h��r��zTextOutput.focusReceivedr��) r��r��r ��r��r��r4��r1��r��rF��r��r��r��r��r��U��s�� r��c��@��s.��e�Zd�Zed�\ZZdefdd�Zdd��ZdS�)�TextOutputArear��Nc��C��s��t��\|�\|��\|\|�_d�S�r��)r��r�� longLines)r��r��r��r��r��r��r��o��s�� zTextOutputArea.__init__c��C��s��d}\|�j��}g�}\|rX\|�j\|�jkrC\|�d�}t\|t�s \|�d�}g�}t� \|\|�D�]} t\| t �s4\| �d�} \|�\| ��q(\|� \|p@dg��n\|�\|�d�d�\|��t\|�\|krVn\|st\|d�\|��D�]\}} \|�d\|��\|�\| ��q`d�S�)Nr��rI��r��)r�� splitlinesr��WRAP�poprK��rL��rM��tptext� greedyWrap�bytes�encoderT��extendr_��r��r��r#��)r��r��r��r��rl�� inputLines�outputLines�line�wrappedLines�wrappedLine�Lr��r��r��r1��s��s,�� zTextOutputArea.render)r��r��r ��rk��r��TRUNCATEr��r1��r��r��r��r��r��l��s��r��c��@��sh��e�Zd�ZdZdZedd��Zejdd��Zedd��Zejdd��ZdZ d Z d d��Zdd ��Zdd��Z dS�)�Viewportr��c��C��r��r��)�_xOffsetr!��r��r��r��xOffset��rC��zViewport.xOffsetc��C�� \|�j�\|kr\|\|�_�\|��d�S�d�S�r��)r��r��r��r��r��r��r��r�� c��C��r��r��)�_yOffsetr!��r��r��r��yOffset��rC��zViewport.yOffsetc��C��r��r��)r��r��r��r��r��r��r��r��c��C��sD��t��\|��\|\|�_\|�\|�j_t��\|�_\|�j\|�j_\|�j \|�j_ \|�j��d�S�r��)r&��r��r��r)��r��TerminalBuffer�_bufr��r��r��r��connectionMader��r��r��r��r��s�� zViewport.__init__c��C��r��r��r��r!��r��r��r��r+��r��zViewport.filthyc�� C��s��\|�j��\|�j\|�j\|�j��t\|�jj\|�j\|�j\|��D�];\}}\|�d\|��d}t\|\|�j \|�j \|��D�]\}\}}\|\|�jj u�r?d}\|�\|��q1\|\|k�rT\|�d\|\|�d��qd�S�)Nr��r��r\��)r��r-��r��r��r��r��linesr��r��r��voidr#��) r��r��r��r��r ��r��rl��r[��attrr��r��r��r1��s��$��zViewport.renderN)r��r��r ��r��r��propertyr��setterr��r��r��r��r+��r1��r��r��r��r��r��s �� r��c��@��s$��e�Zd�Zdd��Zdd��Zdd��ZdS�)� _Scrollbarc��C��s��t��\|��\|\|�_d\|�_d�S�)N��)r&��r��onScroll�percent)r��r��r��r��r��r��rf��z_Scrollbar.__init__c��C��$��t�dtd\|��d��\|�_\|��d�S�)N��?r��r��ru��r��r��r��r!��r��r��r��smaller��z_Scrollbar.smallerc��C��r��)Nr��r��r\��r ��r!��r��r��r��bigger��r��z_Scrollbar.biggerN)r��r��r ��r��r ��r��r��r��r��r��r��s��r��c��@��<��e�Zd�Zdd��Zdd��Zdd��ZdZdZd Zd Z dd��Z d S�)�HorizontalScrollbarc��C��dS�)Nr��r��r!��r��r��r��r4��r3��zHorizontalScrollbar.sizeHintc��C��\|��d�S�r��r ��rB��r��r��r��r��r%��z#HorizontalScrollbar.func_LEFT_ARROWc��C��r��r��r��rB��r��r��r��r��r%��z$HorizontalScrollbar.func_RIGHT_ARROWu��◀u��▶��░��▓c��C��sd��\|��dd��\|d�}t\|\|�j��}\|\|�}\|�j\|�j\|��\|�j�\|�j\|��\|�j�}\|�\|�d��d�S�)Nr��rp��rI��) r��r{��r��_left�_bar�_slider�_rightr#��r��)r��r��r��r��rl��before�after�mer��r��r��r1��s��zHorizontalScrollbar.renderN)r��r��r ��r4��r��r��r��r��r��r��r1��r��r��r��r��r��r��c��@��r ��)�VerticalScrollbarc��C��r��)N)r\��Nr��r!��r��r��r��r4��r3��zVerticalScrollbar.sizeHintc��C��r��r��r��rB��r��r��r�� func_UP_ARROW��r%��zVerticalScrollbar.func_UP_ARROWc��C��r��r��r��rB��r��r��r��func_DOWN_ARROW��r%��z!VerticalScrollbar.func_DOWN_ARROWu��▲u��▼r��r��c��C��s��\|��dd��t\|�j\|d��}\|�\|�j�d��td\|d��D�]!}\|��d\|��\|\|d�kr7\|�\|�j�d��q\|�\|�j�d��q\|��d\|d��\|�\|�j �d��d�S�)Nr��r��rI��r\��) r��r{��r��r#��_upr��rk��r��r��_down)r��r��r��r��knobr��r��r��r��r1��s��zVerticalScrollbar.renderN)r��r��r ��r4��r��r��r ��r!��r��r��r1��r��r��r��r��r��r��r��c��@��sX��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zdd��ZdS�)�ScrolledAreaz� A L{ScrolledArea} contains another widget wrapped in a viewport and vertical and horizontal scrollbars for moving the viewport around. c��C��sL��t��\|��t\|�\|�_t\|�j�\|�_t\|�j�\|�_ \|�j\|�j\|�j fD�]}\|�\|_ qd�S�r��)r&��r��r�� _viewportr��_horizScroll�_horizr��_vertScroll�_vertr)��)r��r��rx��r��r��r��r��s�� zScrolledArea.__init__c��C��.��\|�j��j\|7��_td\|�j�j�\|�j�_\|�j�jd�S��Nr��g��9@)r$��r��ru��r��rl��r��r��r��r%��zScrolledArea._horizScrollc��C��r)��r��)r$��r��ru��r+��r��r��r��r'��#��r,��zScrolledArea._vertScrollc��C��\|�j��d�S�r��)r(��r ��rB��r��r��r��r��(��r��zScrolledArea.func_UP_ARROWc��C��r-��r��)r(��r��rB��r��r��r��r��+��r��zScrolledArea.func_DOWN_ARROWc��C��r-��r��)r&��r ��rB��r��r��r��r��.��r��zScrolledArea.func_LEFT_ARROWc��C��r-��r��)r&��r��rB��r��r��r��r��1��r��zScrolledArea.func_RIGHT_ARROWc��C��s,��\|�j��\|�j��\|�j��t�\|��d�S�r��)r$��r+��r&��r(��r&��r!��r��r��r��r+��4��s�� zScrolledArea.filthyc��C��s��t�\|\|d�\|d�dd�}\|�j�\|d�\|d�\|��\|�jr \|�d��t\|dd\|d��t\|dd\|d��\|�j�d\|d�t�\|d\|d�\|d�d��\|�j�\|dt�\|\|dd\|d��\|�d��d�S�)Nr��r\��r��r��r��) r��r$��r-��rE��r#��r��r��r(��r&��)r��r��r��r��wrapperr��r��r��r1��:��s�� zScrolledArea.renderN) r��r��r ��r ��r��r%��r'��r��r��r��r��r+��r1��r��r��r��r��r#��s�� r#��c��C��s6��\|��\|��ttj��\|��\|��\|��\|��d�S�r��)r��r��rL��r�� REVERSE_VIDEOr#��r��r��)r��r[��r��r��r��r��J��s �� r��c��@��sV��e�Zd�ZdZdZddd�Zdd��Zdd��Zd d ��Zdd��Z d d��Z dd��Zdd��ZdS�)� Selectionr��Nc��C��s>��t��\|��\|\|�_\|\|�_\|\|�_\|d�urttt\|�j��\|�_d�S�d�S�r��) r&��r��sequence�onSelect� minVisibleru��r��r_��r��)r��r1��r2��r3��r��r��r��r��Y��s�� zSelection.__init__c��C��s��\|�j�d�ur\|�j\|�j�fS�d�S�r��)r3��r��r!��r��r��r��r4��a��s�� zSelection.sizeHintc��C��s@��\|�j�dkr\|��j�d8��_�\|�jdkr\|��jd8��_\|��d�S�d�S�r��)�focusedIndex�renderOffsetr��rB��r��r��r��r��e��s�� zSelection.func_UP_ARROWc��C��sB��\|�j�dkr\|��j\|�j�8��_d\|�_�n td\|�j\|�j��\|�_\|��d�S�r��)r5��r4��ru��r��r��rB��r��r��r�� func_PGUPl��s �� zSelection.func_PGUPc��C��sP��\|�j�t\|�j�d�k�r&\|��j�d7��_�\|�j\|�jd�k�r \|��jd7��_\|��d�S�d�S�r��)r4��r_��r1��r5��r��r��rB��r��r��r��r��t��s��zSelection.func_DOWN_ARROWc��C��s��\|�j�\|�jd�kr2\|�j\|�j��d�}\|\|�j�t\|�j�kr$t\|�j�\|�j�d�}\|��j\|7��_\|�jd�\|�_�ntt\|�j�d�\|�j\|�j��\|�_\|��d�S�r��)r5��r��r4��r_��r1��r��r��)r��r>��changer��r��r�� func_PGDN{��s��zSelection.func_PGDNc��C��s"��\|dkr\|��\|�j\|�j��d�S�d�S�r��)r2��r1��r4��r<��r��r��r��r;��s��zSelection.characterReceivedc�� C��s��\|\|�_�\|�j\|�j�}\|t\|�j�\|�krtdt\|�j�\|��}\|�j\|\|\|��}t\|�D�]H\}}\|�d\|��\|\|�jkrU\|��\|�j rJt tj�t tj �f}nt tj�f}\|j\|��\|d�\|��} \|�\| d\|t\| ��\|\|�jkrq\|��q)d�S�r��)r��r4��r5��r_��r1��ru��r��r��r��rE��rL��r��r/��BOLDr��r#��r��) r��r��r��r��start�elementsrl��ele�modesr��r��r��r��r1��s&�� zSelection.renderr��) r��r��r ��r4��r5��r��r4��r��r6��r��r8��r;��r1��r��r��r��r��r0��R��s�� r0��)$r ��r��twisted.conch.insultsr��r��twisted.pythonr��r�� Exceptionr��r��r&��rQ��rb��rj��ro��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r#��r��r0��r��r��r��r��<module>��s>��JP:Q1;:;��insults/__pycache__/helper.cpython-310.pyc��0000644��00000044262�15027667726�0014467 0��ustar�00��o ��b�?�� @��s��d�Z�ddlZddlZddlmZ�ddlmZ�ddlmZ�ddl m Z mZmZ�ddl mZ�ddlmZ�dd lmZ�dd lmZmZ�dZdZed �\ ZZZZZZZZ Z!G�dd��dej"�Z#e#Z$eedddd�ddd��eej%�G�dd��dej&��Z'G�dd��de(�Z)G�dd��de'�Zg�d�Z+dS�)z< Partial in-memory terminal emulator @author: Jp Calderone ��N)�implementer)�Version)�insults)�defer�protocol�reactor)�Logger)�_textattributes)� iterbytes)� deprecated�deprecatedModuleAttribute��(�� c��@��sR��e�Zd�ZdZdZejddddeedfdd�Z e edddd ��d d��Zdd ��Z dS�)�_FormattingStatez� Represents the formatting state/attributes of a single character. Character set, intensity, underlinedness, blinkitude, video reversal, as well as foreground and background colors made up a character's attributes. ��charset�bold� underline�blink�reverseVideo� foreground� background�_subtractingFc �� C��s4��\|\|�_�\|\|�_\|\|�_\|\|�_\|\|�_\|\|�_\|\|�_\|\|�_d�S��Nr��) �selfr��r��r��r��r��r��r��r��r��>/usr/lib/python3/dist-packages/twisted/conch/insults/helper.py�__init__3��s�� z_FormattingState.__init__�Twisted� ��r��c��K��s��\|��\}}\|��\|\|�S�)a<�� Add a character attribute to a copy of this formatting state. @param kw: An optional attribute name and value can be provided with a keyword argument. @return: A formatting state instance with the new attribute. @see: L{DefaultFormattingState._withAttribute}. )�popitem�_withAttribute)r��kw�k�vr��r��r��wantOneG��s��z_FormattingState.wantOnec��C��s��g�}\|�j�r \|�d��\|�jr\|�tj��\|�jr\|�tj��\|�jr%\|�tj��\|�j r.\|�tj ��\|�jtkr;\|�t \|�j��\|�jtkrH\|�t\|�j��\|rVdd�tt\|��d�S�dS�)Nr��z[�;�m��)r��appendr��r��BOLDr�� UNDERLINEr��BLINKr�� REVERSE_VIDEOr��WHITE� FOREGROUNDr��BLACK� BACKGROUND�join�map�str)r��attrsr��r��r��toVT102V��s$�� z_FormattingState.toVT102N)�__name__� __module__�__qualname__�__doc__�compareAttributesr��G0r0��r2��r��r��r��r'��r8��r��r��r��r��r��s�� r��r��r ��r!��z=Use twisted.conch.insults.text.assembleFormattedText instead.ztwisted.conch.insults.helper�CharacterAttributec��@��s��e�Zd�ZdZdD�]Zed�Ze�d�Zee��qdZ dZ dZdZd Z e��Ze��Zd d��Zdd ��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��Zdydd�Zdydd�Zdydd �Zdyd!d"�Zd#d$��Zd%d&��Zd'd(��Z d)d��Z!d+d,��Z"d-d.��Z#d/d0��Z$d1d2��Z%d3d4��Z&d5d6��Z'd7d8��Z(d9d:��Z)d;d<��Zd=d>��Z+d?d@��Z,dAdB��Z-dCdD��Z.dEdF��Z/dGdH��Z0dIdJ��Z1dKdL��Z2dMdN��Z3dOdP��Z4dQdR��Z5dSdT��Z6dydUdV�Z7dydWdX�Z8dydYdZ�Z9d[d\��Z:d]d^��Z;d_d`��Z<dadb��Z=dcdd��Z>dedf��Z?dgdh��Z@didj��ZAdkdl��ZBdmdn��ZCdodp��ZDdzdrds�ZEdtdu��ZFdvdw��ZGdxS�){�TerminalBufferz) An in-memory terminal emulator. )s��UP_ARROWs ��DOWN_ARROWs��RIGHT_ARROWs ��LEFT_ARROWs��HOMEs��INSERTs��DELETEs��ENDs��PGUPs��PGDNs��F1s��F2s��F3s��F4s��F5s��F6s��F7s��F8s��F9s��F10s��F11s��F12s�� = object()�ascii�� P�� c��C��s��\|�j�\|�\|�S�r��)�lines)r��x�yr��r��r��getCharacter��zTerminalBuffer.getCharacterc��C��\|��d�S�r��)�reset�r��r��r��r��connectionMade��zTerminalBuffer.connectionMadec��C��s$��t�\|�dd��D�]}\|��\|��qdS�)z� Add the given printable bytes to the terminal. Line feeds in L{bytes} will be replaced with carriage return / line feed pairs. �� s�� N)r ��replace�insertAtCursor)r��data�br��r��r��write��s��zTerminalBuffer.writec��C��s��t�\|�jfi�\|�j��S�r��)r�� activeCharset�graphicRenditionrN��r��r��r��_currentFormattingState��s��z&TerminalBuffer._currentFormattingStatec��C��s��\|dkr d\|�_�dS�\|dkr\|��dS�\|tj�d�v�r[\|�j�\|�jkr%\|��\|\|��f}\|�j� t jj�rI\|g\|�j\|�j �\|�j�\|�j��<�\|�j\|�j ��n \|\|�j\|�j �\|�j�<�\|��j�d7��_�dS�dS�)a�� Add one byte to the terminal at the cursor and make consequent state updates. If b is a carriage return, move the cursor to the beginning of the current row. If b is a line feed, move the cursor to the next row or scroll down if the cursor is already in the last row. Otherwise, if b is printable, put it at the cursor position (inserting or overwriting as dictated by the current mode) and move the cursor. �� r��rQ��rA��r!��N)rH��_scrollDown�string� printable�encode�width�nextLinerY��modes�getr��IRMrG��rI��pop)r��rU��chr��r��r��rS��s�� zTerminalBuffer.insertAtCursorc��s��fdd�t�\|�D��S�)Nc��s��g�\|�] }��j��f�qS�r��)�voidrY��.0�irN��r��r�� <listcomp>��s��z-TerminalBuffer._emptyLine.<locals>.<listcomp>)�range�r��r_��r��rN��r�� _emptyLine��zTerminalBuffer._emptyLinec��C��sL��\|��j�d7��_�\|�j�\|�jkr$\|��j�d8��_�\|�jd=�\|�j�\|��\|�j��d�S�d�S�)Nr!��r��)rI��heightrG��r+��rm��r_��rN��r��r��r��r[��s��zTerminalBuffer._scrollDownc��C��sD��\|��j�d8��_�\|�j�dk�r d\|�_�\|�jd=�\|�j�d\|��\|�j��d�S�d�S�)Nr!��r��)rI��rG��insertrm��r_��rN��r��r��r�� _scrollUp��s�� zTerminalBuffer._scrollUpr!��c��C��t�d\|�j\|��\|�_d�S��Nr��)�maxrI��r��nr��r��r��cursorUp��rn��zTerminalBuffer.cursorUpc��C��s��t�\|�jd�\|�j\|��\|�_d�S��Nr!��)�minro��rI��rv��r��r��r�� cursorDown��s��zTerminalBuffer.cursorDownc��C��rs��rt��)ru��rH��rv��r��r��r��cursorBackward��rn��zTerminalBuffer.cursorBackwardc��C��s��t�\|�j\|�j\|��\|�_d�S�r��)rz��r_��rH��rv��r��r��r�� cursorForward��zTerminalBuffer.cursorForwardc��C��s��\|\|�_�\|\|�_d�S�r��rH��rI��)r��column�liner��r��r��cursorPosition��s�� zTerminalBuffer.cursorPositionc��C��s��\|�j�j\|�_\|�j�j\|�_d�S�r��)�homerH��rI��rN��r��r��r�� cursorHome��s�� zTerminalBuffer.cursorHomec��C��rL��r��)r[��rN��r��r��r��index��rP��zTerminalBuffer.indexc��C��rL��r��)rr��rN��r��r��r��reverseIndex��rP��zTerminalBuffer.reverseIndexc��C��s��d\|�_�\|��dS�)zW Update the cursor position attributes and scroll down if appropriate. r��N)rH��r[��rN��r��r��r��r`��s��zTerminalBuffer.nextLinec��C��s��\|�j�\|�jf\|�_d�S�r��)rH��rI��_savedCursorrN��r��r��r�� saveCursor��zTerminalBuffer.saveCursorc��C��s��\|�j�\\|�_\|�_\|�`�d�S�r��)r��rH��rI��rN��r��r��r�� restoreCursor ��s��zTerminalBuffer.restoreCursorc��C��s��\|D�]}d\|�j�\|<�qd�S�)NT)ra��r��ra��r)��r��r��r��setModes ��s��zTerminalBuffer.setModesc�� C��s,��\|D�]}z\|�j�\|=�W�q�ty��Y�qw�d�S�r��)ra��KeyErrorr��r��r��r�� resetModes��s��zTerminalBuffer.resetModesc��C��s��\|D�]}d\|�j�\|<�qdS�)aH�� Enable the given modes. Track which modes have been enabled so that the implementations of other L{insults.ITerminalTransport} methods can be properly implemented to respect these settings. @see: L{resetPrivateModes} @see: L{insults.ITerminalTransport.setPrivateModes} TN)�privateModesr��r��r��r��setPrivateModes��s��zTerminalBuffer.setPrivateModesc�� C��s,��\|D�]}z\|�j�\|=�W�q�ty��Y�qw�dS�)z� Disable the given modes. @see: L{setPrivateModes} @see: L{insults.ITerminalTransport.resetPrivateModes} N)r��r��r��r��r��r��resetPrivateModes&��s��z TerminalBuffer.resetPrivateModesc��C�� d\|�_�d�S�)N�app�� keypadModerN��r��r��r��applicationKeypadMode3�� z$TerminalBuffer.applicationKeypadModec��C��r��)N�numr��rN��r��r��r��numericKeypadMode6��r��z TerminalBuffer.numericKeypadModec��C��s��\|\|�j�\|<�d�S�r��)�charsets)r��charSet�whichr��r��r��selectCharacterSet9��rK��z!TerminalBuffer.selectCharacterSetc��C��t�j\|�_d�S�r��)r��r>��rW��rN��r��r��r��shiftIn<��rP��zTerminalBuffer.shiftInc��C��r��r��)r��G1rW��rN��r��r��r��shiftOut?��rP��zTerminalBuffer.shiftOutc��.��j��tj�_��j��fdd�}\|�_d�S�)Nc��\|��`��_d�S�r��rS��rW��rU��f�oldActiveCharsetr��r��r��rS��G�� z3TerminalBuffer.singleShift2.<locals>.insertAtCursor)rW��r��G2rS��r��rS��r��r��r��singleShift2B�� zTerminalBuffer.singleShift2c��r��)Nc��r��r��r��r��r��r��r��rS��S��r��z3TerminalBuffer.singleShift3.<locals>.insertAtCursor)rW��r��G3rS��r��r��r��r��singleShift3N��r��zTerminalBuffer.singleShift3c�� G��s��\|D�]�}\|t�jkrddddttd�\|�_q\|t�jkrd\|�jd<�q\|t�jkrd\|�jd<�q\|t�jkr5d\|�jd<�q\|t�jkr@d\|�jd<�qzt \|�}W�n�t yW��\|�jjd\|d ��Y�qw�t \|��krdt t�krnn�n\|t �\|�jd <�qt\|��krztt�kr�n�n\|t�\|�jd<�q\|�jjd\|d ��qd�S�)NF�r��r��r��r��r��r��Tr��r��r��r��z-Unknown graphic rendition attribute: {attr!r})�attrr��r��)r��NORMALr0��r2��rX��r,��r-��r.��r/��int� ValueError�_log�errorr1��N_COLORSr3��)r�� attributes�ar&��r��r��r��selectGraphicRenditionZ��s@�� z%TerminalBuffer.selectGraphicRenditionc��C��s��\|��\|�j�\|�j\|�j<�d�S�r��)rm��r_��rG��rI��rN��r��r��r�� eraseLine~��r~��zTerminalBuffer.eraseLinec��C��s,��\|�j�\|�j�}\|��\|�\|�j\|�j�\|�jd��<�d�S�r��)r_��rH��rm��rG��rI��rl��r��r��r��eraseToLineEnd��s�� zTerminalBuffer.eraseToLineEndc��C��s��\|��\|�jd��\|�j\|�j�d�\|�jd��<�d�S�ry��)rm��rH��rG��rI��rN��r��r��r��eraseToLineBeginning��s��z#TerminalBuffer.eraseToLineBeginningc��s��fdd�t��j�D��_d�S�)Nc��g�\|�]}��j��qS�r��rm��r_��rg��rN��r��r��rj��z/TerminalBuffer.eraseDisplay.<locals>.<listcomp>)rk��ro��rG��rN��r��rN��r��eraseDisplay��s��zTerminalBuffer.eraseDisplayc��sB��j��j�d�}��fdd�t\|�D��j��jd�d��<�d�S�)Nr!��c��r��r��r��rg��rN��r��r��rj��r��z4TerminalBuffer.eraseToDisplayEnd.<locals>.<listcomp>)r��ro��rI��rk��rG��)r��ro��r��rN��r��eraseToDisplayEnd��s��z TerminalBuffer.eraseToDisplayEndc��s0��fdd�t��j�D��jd��j�<�d�S�)Nc��r��r��r��rg��rN��r��r��rj��r��z:TerminalBuffer.eraseToDisplayBeginning.<locals>.<listcomp>)r��rk��rI��rG��rN��r��rN��r��eraseToDisplayBeginning��s��(z&TerminalBuffer.eraseToDisplayBeginningc��C��sD��\|�j�\|�j�\|�j\|�j\|��=�\|�j�\|�j��\|��t\|�j\|�j�\|��d�S�r��)rG��rI��rH��extendrm��rz��r_��rv��r��r��r��deleteCharacter��s��zTerminalBuffer.deleteCharacterc��s6��fdd�t�\|�D��j��j��j�<��j��jd��=�d�S�)Nc��r��r��r��rg��rN��r��r��rj��r��z-TerminalBuffer.insertLine.<locals>.<listcomp>)rk��rG��rI��ro��rv��r��rN��r�� insertLine��s��$zTerminalBuffer.insertLinec��s6��j��j��j\|��=��j��fdd�t\|�D��d�S�)Nc��r��r��r��rg��rN��r��r��rj��r��z-TerminalBuffer.deleteLine.<locals>.<listcomp>)rG��rI��r��rk��rv��r��rN��r�� deleteLine��s��"zTerminalBuffer.deleteLinec��C��s��\|�j�\|�jfS�r��r��rN��r��r��r��reportCursorPosition��rP��z#TerminalBuffer.reportCursorPositionc��C��s��t��dd�\|�_d�\|�_\|�_i�\|�_i�\|�_\|��t�jjt�jj g��d\|�_ t�j\|�_ddddt td�\|�_t�jt�jt�jt�jt�jt�jt�jt�ji\|�_\|��d�S�)Nr��r��Fr��)r��Vectorr��rH��rI��ra��r��r�� AUTO_WRAP�CURSOR_MODE� numericKeypadr>��rW��r0��r2��rX��CS_USr��r��CS_ALTERNATEr��CS_ALTERNATE_SPECIALr��r��rN��r��r��r��rM��s,�� zTerminalBuffer.resetc��C��s��t�dt\|��d�S�)NzCould not handle)�print�repr)r��bufr��r��r��unhandledControlSequence��r��z'TerminalBuffer.unhandledControlSequencec��C��sr��g�}\|�j�D�].}g�}d}\|D�]\}}\|\|�jur \|�\|��t\|�}q \|�\|�j��q \|�d�\|d�\|��qd�\|�S�)Nr��rQ��)rG��rf��r+��len�fillr4��)r��rG��Lr��lengthre��r��r��r��r�� __bytes__��s�� zTerminalBuffer.__bytes__c��C��t�d��)Nz%Unimplemented: TerminalBuffer.getHost��NotImplementedErrorrN��r��r��r��getHost��zTerminalBuffer.getHostc��C��r��)Nz%Unimplemented: TerminalBuffer.getPeerr��rN��r��r��r��getPeer��r��zTerminalBuffer.getPeerc��C��r��)Nz,Unimplemented: TerminalBuffer.loseConnectionr��rN��r��r��r��loseConnection��r��zTerminalBuffer.loseConnectionc��C��r��)Nz+Unimplemented: TerminalBuffer.writeSequencer��r��rT��r��r��r�� writeSequence��r��zTerminalBuffer.writeSequencec��C��r��)Nz5Unimplemented: TerminalBuffer.horizontalTabulationSetr��rN��r��r��r��horizontalTabulationSet��s��z&TerminalBuffer.horizontalTabulationSetc��C��r��)Nz-Unimplemented: TerminalBuffer.tabulationClearr��rN��r��r��r��tabulationClear��r��zTerminalBuffer.tabulationClearc��C��r��)Nz0Unimplemented: TerminalBuffer.tabulationClearAllr��rN��r��r��r��tabulationClearAll��r��z!TerminalBuffer.tabulationClearAllTc��C��r��)Nz.Unimplemented: TerminalBuffer.doubleHeightLiner��)r��topr��r��r��doubleHeightLine��r��zTerminalBuffer.doubleHeightLinec��C��r��)Nz-Unimplemented: TerminalBuffer.singleWidthLiner��rN��r��r��r��singleWidthLine��r��zTerminalBuffer.singleWidthLinec��C��r��)Nz-Unimplemented: TerminalBuffer.doubleWidthLiner��rN��r��r��r��doubleWidthLine��r��zTerminalBuffer.doubleWidthLineN)r!��)T)Hr9��r:��r;��r<��keyID� execBytes�decode�execStr�exec�TAB� BACKSPACEr_��ro��r��objectrf��r��r��rJ��rO��rV��rY��rS��rm��r[��rr��rx��r{��r\|��r}��r��r��r��r��r`��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��rM��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r@��x��s�� $ r@��c��@��s��e�Zd�ZdS�)�ExpectationTimeoutN)r9��r:��r;��r��r��r��r��r��s��r��c��@��sF��e�Zd�ZdZdd��Zdd��Zdd��Zdd ��Zd d��Zde fd d�Z dS�)�ExpectableBufferr��c��C��s��t��\|��g�\|�_d�S�r��)r@��rO�� _expectingrN��r��r��r��rO�� zExpectableBuffer.connectionMadec��C��s��t��\|�\|��\|��d�S�r��)r@��rV��_checkExpectedr��r��r��r��rV��zExpectableBuffer.writec��C��s��t��\|��d\|�_d�S�rt��)r@��r��_markrN��r��r��r��r��r��zExpectableBuffer.cursorHomec��C��s��\|��t��\|��d�S�r��)�errbackr��r��)r��dr��r��r��_timeoutExpected��r��z!ExpectableBuffer._timeoutExpectedc��C��s��\|��\|�jd��}\|�jrO\|�jd�\}}}\|r\|��s\|�jd=�q \|�\|�D�]#}\|r,\|��\|�jd=�\|��j\|��7��_\|\|��d��}\|�\|��nd�S�\|�jsd�S�d�S�rt��)r��r��r��active�finditer�cancel�end�callback)r��s�expr�timer�deferred�matchr��r��r��r��s �� zExpectableBuffer._checkExpectedNc��C��sD��t��}d�}\|r\|�\|\|�j\|�}\|�j�t�\|�\|\|f��\|��\|S�r��) r��Deferred� callLaterr��r��r+��re�compiler��)r�� expression�timeout� schedulerr��r��r��r��r��expect"��s��zExpectableBuffer.expect)r9��r:��r;��r��rO��rV��r��r��r��r��r ��r��r��r��r��r��s��r��)r?��r@��r��),r<��r��r\��zope.interfacer��incrementalr��twisted.conch.insultsr��twisted.internetr��r��r��twisted.loggerr��twisted.pythonr ��twisted.python.compatr ��twisted.python.deprecater��r��r1��r3��rk��r2��RED�GREEN�YELLOW�BLUE�MAGENTA�CYANr0��r��_FormattingStateMixinr��r?��ITerminalTransport�Protocolr@�� Exceptionr��r��__all__r��r��r��r��<module>��s<��N� ��/��insults/__pycache__/insults.cpython-310.pyc��0000644��00000110326�15027667726�0014704 0��ustar�00��o ��b2��@��s^��d�Z�ddlmZmZ�ddlmZmZmZ�ddl m Z mZ�G�dd��de�Zee�G�dd��d��Z G�d d ��d ej�ZdZdd iZG�dd��d�ZG�dd��d�ZdZdZdZdZdZdZdZdZdZdZdZdZdZ dZ!G�dd ��d �Z"d!d"��Z#d#Z$G�d$d%��d%�Z%d&d'��e$D��Z&ee�G�d(d)��d)ej'��Z(e)e$e&�D�] \ZZ+e,e(ee+��q�G�dd+��d+ej'�Z-g�d,�Z.d-S�).z? VT102 and VT220 terminal manipulation. @author: Jp Calderone ��)� Interface�implementer)�defer� interfaces�protocol)� iterbytes� networkStringc��@��s4��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��ZdS�)�ITerminalProtocolc��C��dS�)zX Called with an L{ITerminalTransport} when a connection is established. N��)� transportr��r��?/usr/lib/python3/dist-packages/twisted/conch/insults/insults.py�makeConnection��z ITerminalProtocol.makeConnectionc��C��r ��)a`�� A keystroke was received. Each keystroke corresponds to one invocation of this method. keyID is a string identifier for that key. Printable characters are represented by themselves. Control keys, such as arrows and function keys, are represented with symbolic constants on L{ServerProtocol}. Nr��)�keyID�modifierr��r��r ��keystrokeReceived��r��z#ITerminalProtocol.keystrokeReceivedc��C��r ��)z� Called to indicate the size of the terminal. A terminal of 80x24 should be assumed if this method is not called. This method might not be called for real terminals. Nr��)�width�heightr��r��r ��terminalSize"��r��zITerminalProtocol.terminalSizec��C��r ��z� Called when an unsupported control sequence is received. @type seq: L{str} @param seq: The whole control sequence which could not be interpreted. Nr��seqr��r��r ��unhandledControlSequence��r��zITerminalProtocol.unhandledControlSequencec��C��r ��)zh Called when the connection has been lost. reason is a Failure describing why. Nr��)�reasonr��r��r ��connectionLost2��r��z ITerminalProtocol.connectionLostN)�__name__� __module__�__qualname__r��r��r��r��r��r��r��r��r ��r ��s��r ��c��@��s<��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd S�)�TerminalProtocolc��C��s��\|\|�_�\|��d�S��N)�terminal�connectionMade)�selfr!��r��r��r ��r��<��s��zTerminalProtocol.makeConnectionc��C��r ��)zA Called after a connection has been established. Nr��r#��r��r��r ��r"��A��r��zTerminalProtocol.connectionMadec��C��d�S�r ��r��)r#��r��r��r��r��r ��r��F��z"TerminalProtocol.keystrokeReceivedc��C��r%��r ��r��)r#��r��r��r��r��r ��r��I��r&��zTerminalProtocol.terminalSizec��C��r%��r ��r��)r#��r��r��r��r ��r��L��r&��z)TerminalProtocol.unhandledControlSequencec��C��r%��r ��r��r#��r��r��r��r ��r��O��r&��zTerminalProtocol.connectionLostN) r��r��r��r��r"��r��r��r��r��r��r��r��r ��r��:��s��r��c��@��sd��e�Zd�ZdVdd�ZdVdd�ZdVdd�ZdVdd �Zd d��Zdd ��Zdd��Z dd��Z dd��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��Zd d!��Zd"d#��Zd$d%��Zd&d'��Zd(d)��Zdd+��Zd,d-��Zd.d/��Zd0d1��Zd2d3��Zd4d5��ZdWd7d8�Zd9d:��Zd;d<��Zd=d>��Z d?d@��Z!dAdB��Z"dCdD��Z#dEdF��Z$dGdH��Z%dVdIdJ�Z&dVdKdL�Z'dVdMdN�Z(dOdP��Z)dQdR��ZdSdT��Z+dUS�)X�ITerminalTransport��c��C��r ��)z- Move the cursor up n lines. Nr��nr��r��r ��cursorUpT��r��zITerminalTransport.cursorUpc��C��r ��)z/ Move the cursor down n lines. Nr��r��r��r��r �� cursorDownY��r��zITerminalTransport.cursorDownc��C��r ��)z2 Move the cursor right n columns. Nr��r��r��r��r �� cursorForward^��r��z ITerminalTransport.cursorForwardc��C��r ��)z1 Move the cursor left n columns. Nr��r��r��r��r ��cursorBackwardc��r��z!ITerminalTransport.cursorBackwardc��C��r ��)z? Move the cursor to the given line and column. Nr��)�column�liner��r��r ��cursorPositionh��r��z!ITerminalTransport.cursorPositionc��C��r ��)z' Move the cursor home. Nr��r��r��r��r �� cursorHomem��r��zITerminalTransport.cursorHomec��C��r ��)zS Move the cursor down one line, performing scrolling if necessary. Nr��r��r��r��r ��indexr��r��zITerminalTransport.indexc��C��r ��)zQ Move the cursor up one line, performing scrolling if necessary. Nr��r��r��r��r ��reverseIndexw��r��zITerminalTransport.reverseIndexc��C��r ��)zl Move the cursor to the first position on the next line, performing scrolling if necessary. Nr��r��r��r��r ��nextLine\|��r��zITerminalTransport.nextLinec��C��r ��)zj Save the cursor position, character attribute, character set, and origin mode selection. Nr��r��r��r��r �� saveCursor��r��zITerminalTransport.saveCursorc��C��r ��)z� Restore the previously saved cursor position, character attribute, character set, and origin mode selection. If no cursor state was previously saved, move the cursor to the home position. Nr��r��r��r��r �� restoreCursor��r��z ITerminalTransport.restoreCursorc��C��r ��)z6 Set the given modes on the terminal. Nr��modesr��r��r ��setModes��r��zITerminalTransport.setModesc��C��r ��)z8 Reset the given modes on the terminal. Nr��)�moder��r��r �� resetModes��r��zITerminalTransport.resetModesc��C��r ��)zB Set the given DEC private modes on the terminal. Nr��r9��r��r��r ��setPrivateModes��r��z"ITerminalTransport.setPrivateModesc��C��r ��)zD Reset the given DEC private modes on the terminal. Nr��r9��r��r��r ��resetPrivateModes��r��z$ITerminalTransport.resetPrivateModesc��C��r ��)z� Cause keypad to generate control functions. Cursor key mode selects the type of characters generated by cursor keys. Nr��r��r��r��r ��applicationKeypadMode��r��z(ITerminalTransport.applicationKeypadModec��C��r ��)z= Cause keypad to generate normal characters. Nr��r��r��r��r ��numericKeypadMode��r��z$ITerminalTransport.numericKeypadModec��C��r ��)z� Select a character set. charSet should be one of CS_US, CS_UK, CS_DRAWING, CS_ALTERNATE, or CS_ALTERNATE_SPECIAL. which should be one of G0 or G1. Nr��)�charSet�whichr��r��r ��selectCharacterSet��r��z%ITerminalTransport.selectCharacterSetc��C��r ��)z0 Activate the G0 character set. Nr��r��r��r��r ��shiftIn��r��zITerminalTransport.shiftInc��C��r ��)z0 Activate the G1 character set. Nr��r��r��r��r ��shiftOut��r��zITerminalTransport.shiftOutc��C��r ��)zG Shift to the G2 character set for a single character. Nr��r��r��r��r ��singleShift2��r��zITerminalTransport.singleShift2c��C��r ��)zG Shift to the G3 character set for a single character. Nr��r��r��r��r ��singleShift3��r��zITerminalTransport.singleShift3c��G��r ��)z� Enabled one or more character attributes. Arguments should be one or more of UNDERLINE, REVERSE_VIDEO, BLINK, or BOLD. NORMAL may also be specified to disable all character attributes. Nr��)� attributesr��r��r ��selectGraphicRendition��r��z)ITerminalTransport.selectGraphicRenditionc��C��r ��)z@ Set a tab stop at the current cursor position. Nr��r��r��r��r ��horizontalTabulationSet��r��zITerminalTransport.horizontalTabulationSetc��C��r ��)zD Clear the tab stop at the current cursor position. Nr��r��r��r��r ��tabulationClear��r��z"ITerminalTransport.tabulationClearc��C��r ��)z& Clear all tab stops. Nr��r��r��r��r ��tabulationClearAll��r��z%ITerminalTransport.tabulationClearAllTc��C��r ��)z� Make the current line the top or bottom half of a double-height, double-width line. If top is True, the current line is the top half. Otherwise, it is the bottom half. Nr��)�topr��r��r ��doubleHeightLine��r��z#ITerminalTransport.doubleHeightLinec��C��r ��)zK Make the current line a single-width, single-height line. Nr��r��r��r��r ��singleWidthLine��r��z"ITerminalTransport.singleWidthLinec��C��r ��)z< Make the current line a double-width line. Nr��r��r��r��r ��doubleWidthLine��r��z"ITerminalTransport.doubleWidthLinec��C��r ��)zV Erase from the cursor to the end of line, including cursor position. Nr��r��r��r��r ��eraseToLineEnd��r��z!ITerminalTransport.eraseToLineEndc��C��r ��)zd Erase from the cursor to the beginning of the line, including the cursor position. Nr��r��r��r��r ��eraseToLineBeginning��r��z'ITerminalTransport.eraseToLineBeginningc��C��r ��)z/ Erase the entire cursor line. Nr��r��r��r��r �� eraseLine��r��zITerminalTransport.eraseLinec��C��r ��)za Erase from the cursor to the end of the display, including the cursor position. Nr��r��r��r��r ��eraseToDisplayEnd��r��z$ITerminalTransport.eraseToDisplayEndc��C��r ��)zg Erase from the cursor to the beginning of the display, including the cursor position. Nr��r��r��r��r ��eraseToDisplayBeginning��r��zITerminalTransport.eraseToDisplayBeginningc��C��r ��)z+ Erase the entire display. Nr��r��r��r��r ��eraseDisplay��r��zITerminalTransport.eraseDisplayc��C��r ��)z� Delete n characters starting at the cursor position. Characters to the right of deleted characters are shifted to the left. Nr��r��r��r��r ��deleteCharacter��r��z"ITerminalTransport.deleteCharacterc��C��r ��)z� Insert n lines at the cursor position. Lines below the cursor are shifted down. Lines moved past the bottom margin are lost. This command is ignored when the cursor is outside the scroll region. Nr��r��r��r��r �� insertLine��r��zITerminalTransport.insertLinec��C��r ��)z� Delete n lines starting at the cursor position. Lines below the cursor are shifted up. This command is ignored when the cursor is outside the scroll region. Nr��r��r��r��r �� deleteLine ��r��zITerminalTransport.deleteLinec��C��r ��)zi Return a Deferred that fires with a two-tuple of (x, y) indicating the cursor position. Nr��r��r��r��r ��reportCursorPosition(��r��z'ITerminalTransport.reportCursorPositionc��C��r ��)z: Reset the terminal to its initial state. Nr��r��r��r��r ��reset-��r��zITerminalTransport.resetc��C��r ��r��r��r��r��r��r ��r��2��r��z+ITerminalTransport.unhandledControlSequenceN�r)��T),r��r��r��r,��r-��r.��r/��r2��r3��r4��r5��r6��r7��r8��r;��r=��r>��r?��r@��rA��rD��rE��rF��rG��rH��rJ��rK��rL��rM��rO��rP��rQ��rR��rS��rT��rU��rV��rW��rX��rY��rZ��r[��r\��r��r��r��r��r ��r(��S��sT�� r(��~s��tildec��@��s(��e�Zd�ZdZd�ZZd�ZZd�ZZ dS�)r:��z$ ECMA 48 standardized modes ��N) r��r��r��__doc__�KEYBOARD_ACTION�KAM�INSERTION_REPLACEMENT�IRM�LINEFEED_NEWLINE�LNMr��r��r��r ��r:��?��s �� r:��c��@��s@��e�Zd�ZdZdZdZdZdZdZdZ dZ d Zd ZdZ dZd ZdS�)�privateModesz' ANSI-Compatible Private Modes r��r)��ra��rb��N)r��r��r��rd��ERROR� CURSOR_KEY� ANSI_VT52�COLUMN�SCROLL�SCREEN�ORIGIN� AUTO_WRAP�AUTO_REPEAT�PRINTER_FORM_FEED�PRINTER_EXTENT�CURSOR_MODEr��r��r��r ��rk��[��s��rk��s��CS_USs��CS_UKs ��CS_DRAWINGs��CS_ALTERNATEs��CS_ALTERNATE_SPECIALs��G0s��G1s��G2s��G3r)��rb��rm��ro��c��@��s��e�Zd�Zdd��ZdS�)�Vectorc��C��s��\|\|�_�\|\|�_d�S�r ��)�x�y)r#��r��r��r��r��r ��__init__��s�� zVector.__init__N)r��r��r��r��r��r��r��r ��r��s��r��c��C��sB��t�dd��}\|�t\|��d��W�d��d�S�1�sw��Y��d�S�)N�log�a� )�open�write�str)�s�fr��r��r ��r��s��"�r��)�UP_ARROW� DOWN_ARROW�RIGHT_ARROW� LEFT_ARROW�HOME�INSERT�DELETE�END�PGUP�PGDN� NUMPAD_MIDDLE�F1�F2�F3�F4�F5�F6�F7�F8�F9�F10�F11�F12�ALT�SHIFT�CONTROLc��@��s>��e�Zd�ZdZdeddfdd�Zdefdd�Zdefd d �ZdS�)�_constz3 @ivar name: A string naming this constant �name�returnNc��C��s ��\|\|�_�d�S�r ��r��)r#��r��r��r��r ��r��s�� z_const.__init__c��C��s��d\|�j��d�S�)N�[�]r��r$��r��r��r ��__repr__��z_const.__repr__c��C��s��d\|�j��d��d�S�)Nr��r��ascii)r��encoder$��r��r��r �� __bytes__��z_const.__bytes__) r��r��r��rd��r��r��r��bytesr��r��r��r��r ��r��s ��r��c��C��s��g�\|�]}t�\|��qS�r��)r��r��)�.0�_namer��r��r �� <listcomp>��s��r��c��@��s ��e�Zd�ZdZdZdZdZdZdZe dd�Z e dd�ZdZdZ d{d d �Zdd��Zd d��Zdd��Zdd��Zdd��Zdd��Zdd��Zdd��ZG�dd��d�Ze��Zd\|dd�Zd\|d d!�Zd\|d"d#�Zd\|d$d%�Zd&d'��Zd(d)��Zdd+��Zd,d-��Z d.d/��Z!d0d1��Z"d2d3��Z#d4d5��Z$d6d7��Z%d8d9��Z&d:d;��Z'd<d=��Z(d>d?��Z)d@dA��ZdBdC��Z+dDdE��Z,dFdG��Z-dHdI��Z.dJdK��Z/dLdM��Z0dNdO��Z1dPdQ��Z2d}dSdT�Z3dUdV��Z4dWdX��Z5dYdZ��Z6d[d\��Z7d]d^��Z8d_d`��Z9dadb��Z:dcdd��Z;d\|dedf�Z<d\|dgdh�Z=d\|didj�Z>d~dkdl�Z?dmdn��Z@dodp��ZAdqdr��ZBdsdt��ZCdudv��ZDdwdx��ZEdydz��ZFdS�)�ServerProtocolN�� data�P��r��c��O��s$��\|dur\|\|�_�\|\|�_\|\|�_g�\|�_dS�)a�� @param protocolFactory: A callable which will be invoked with a, kw and should return an ITerminalProtocol implementor. This will be invoked when a connection to this ServerProtocol is established. @param a: Any positional arguments to pass to protocolFactory. @param kw: Any keyword arguments to pass to protocolFactory. N)�protocolFactory�protocolArgs�protocolKwArgs�_cursorReports)r#��r��r��kwr��r��r ��r��s �� zServerProtocol.__init__c��C��t�d��)Nz%Unimplemented: ServerProtocol.getHost��NotImplementedErrorr$��r��r��r ��getHost��zServerProtocol.getHostc��C��r��)Nz%Unimplemented: ServerProtocol.getPeerr��r$��r��r��r ��getPeer��r��zServerProtocol.getPeerc��C��sZ��\|�j�d�ur+\|�j�\|�ji�\|�j��\|�_z\|�j}W�n �ty��Y�nw�\|\|�j_\|�j�\|��d�S�d�S�r ��)r��r��r��terminalProtocol�factory�AttributeErrorr��)r#��r��r��r��r ��r"��s�� zServerProtocol.connectionMadec��C��s��t�\|�D�]v}\|�jdkr\|dkrd\|�_q\|�j�\|d��q\|�jdkr<\|dkr+d\|�_g�\|�_q\|dkr3d\|�_qd\|�_\|��\|��q\|�jdkri\|dkrId\|�_q\|��sQ\|dkrb\|��d �\|�j�\|��\|�`d\|�_q\|�j� \|��q\|�jdkrw\|�� \|��d\|�_qtd ��d�S�)Nr��r_��escaped��[s��bracket-escaped��Os��low-function-escapedr`��r�� Illegal state)r��stater��r��escBuf�_handleShortControlSequence�isalpha�_handleControlSequence�join�append�!_handleLowFunctionControlSequence� ValueError)r#��data�chr��r��r ��dataReceived��s4�� zServerProtocol.dataReceivedc��C��s��\|�j��\|\|�j��d�S�r ��)r��r��r��)r#��r��r��r��r ��r��!��r��zServerProtocol._handleShortControlSequencec��C��sd��d\|�}t�\|�jt�\|dd��\|dd��d�d��}\|d�u�r%\|��\|��d�S�\|\|�\|�j\|d�d��d�S�)N��[��r��)�getattr�controlSequenceParser�CST�get�decoder��r��)r#��bufr��r��r��r ��r��$��s�� z%ServerProtocol._handleControlSequencec��C��s��\|�j��\|��d�S�r ��)r��r��)r#��r��r��r��r ��r��0��s��z'ServerProtocol.unhandledControlSequencec��C��sN��\|�j�\|�j\|�j\|�jd�}\|�\|�}\|d�ur\|�j�\|d��d�S�\|�j�d\|��d�S�)N)��P��Q��R��Ss��[O)r��r��r��r��r��r��r��r��)r#��r��functionKeysr��r��r��r ��r��3��s �� z0ServerProtocol._handleLowFunctionControlSequencec��@��s\��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dd��Z dd��Zdd��ZdS�)z$ServerProtocol.ControlSequenceParserc��C��,��\|dkr \|��\|jd��d�S�\|�\|d��d�S�)Nr��A)r��r��r��r#��proto�handlerr��r��r��r ��A<��z&ServerProtocol.ControlSequenceParser.Ac��C��r��)Nr��B)r��r��r��r��r��r��r ��BB��r��z&ServerProtocol.ControlSequenceParser.Bc��C��r��)Nr��C)r��r��r��r��r��r��r ��CH��r��z&ServerProtocol.ControlSequenceParser.Cc��C��r��)Nr��D)r��r��r��r��r��r��r ��DN��r��z&ServerProtocol.ControlSequenceParser.Dc��C��r��)Nr��E)r��r��r��r��r��r��r ��ET��r��z&ServerProtocol.ControlSequenceParser.Ec��C��r��)Nr��F)r��r��r��r��r��r��r ��FZ��r��z&ServerProtocol.ControlSequenceParser.Fc��C��r��)Nr��H)r��r��r��r��r��r��r ��H`��r��z&ServerProtocol.ControlSequenceParser.Hc�� C��s��\|j�s\|�\|d��d�S�\|�d�r_\|dd��}\|�d�}t\|�dkr+\|�\|d��d�S�\|\}}zt\|�t\|�}}W�n�tyK��\|�\|d��Y�d�S�w�\|j��d�}\|�\|d�\|d�f��d�S�\|�\|d��d�S�)Nr��r��ra��;r��r)��) r��r�� startswith�split�len�intr��pop�callback) r#��r��r��r��report�parts�Pl�Pc�dr��r��r ��Rf��s �� z&ServerProtocol.ControlSequenceParser.Rc��C��s.��\|dkr\|��\|j\|j��d�S�\|�\|d��d�S�)Nr��Z)r��TABr��r��r��r��r��r ��Zz��s��z&ServerProtocol.ControlSequenceParser.Zc��C��s��\|j�\|j\|j\|j\|j\|j\|j\|j\|j\|j \|j \|j\|j\|j d�}\|�d�r^\|dd��}zt\|�}W�n�tyA��\|�\|d��Y�d�S�w�\|�\|�}\|d�urU\|�\|\|�d��d�S�\|�\|d��d�S�\|�\|d��d�S�)N)r)��ra��rl��rb��rm��rn��rq��rr��rc��r��r��ra��r`��)r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��)r#��r��r��r��mapr��v�symbolicr��r��r ��tilde��s6�� zServerProtocol.ControlSequenceParser.tildeN) r��r��r��r��r��r��r��r��r��r��r��r ��r��r��r��r��r ��ControlSequenceParser;��s��r��r)��c��C��6��\|dksJ��t�\|�jj\|�d�\|�j_\|��d\|f��d�S�)Nr)��r��s��[%dA��max� cursorPosr��r��r#��r+��r��r��r ��r,��zServerProtocol.cursorUpc��C��>��\|dksJ��t�\|�jj\|�\|�jjd��\|�j_\|��d\|f��d�S�)Nr)��s��[%dB��minr��r��termSizer��r��r��r��r ��r-��zServerProtocol.cursorDownc��C��r��)Nr)��s��[%dC)r��r��r��r��r��r��r��r��r ��r.��r��zServerProtocol.cursorForwardc��C��r��)Nr)��r��s��[%dD)r��r��r��r��r��r��r��r ��r/��r��zServerProtocol.cursorBackwardc��C��s��\|��d\|d�\|d�f��d�S�)Ns��[%d;%dHr)��r��)r#��r0��r1��r��r��r ��r2��s��zServerProtocol.cursorPositionc��C��s��d�\|�j�_\|�j�_\|��d��d�S�)Nr��s��[H)r��r��r��r��r$��r��r��r ��r3��s��zServerProtocol.cursorHomec��C��s,��t�\|�jjd�\|�jjd��\|�j_\|��d��d�S�)Nr)��s��Dr��r$��r��r��r ��r4��s��zServerProtocol.indexc��C��s$��t�\|�jjd�d�\|�j_\|��d��d�S�)Nr)��r��s��Mr��r$��r��r��r ��r5��s��zServerProtocol.reverseIndexc��C��s4��d\|�j�_t\|�j�jd�\|�jjd��\|�j�_\|��d��d�S�)Nr��r)�� )r��r��r��r��r��r��r$��r��r��r ��r6��s��zServerProtocol.nextLinec��C��s"��t�\|�jj\|�jj�\|�_\|��d��d�S�)Ns��7)r��r��r��r��_savedCursorPosr��r$��r��r��r ��r7��s��zServerProtocol.saveCursorc��C��s��\|�j�\|�_\|�`�\|��d��d�S�)Ns��8)r!��r��r��r$��r��r��r ��r8��s��zServerProtocol.restoreCursorc��C����d��dd��\|D��}\|��d\|�d��d�S�)Nr��c��s��\|�]}d�\|f�V��qdS��%dNr��r��r<��r��r��r �� <genexpr>��zServerProtocol.setModes.<locals>.<genexpr>r��h�r��r��r#��r:�� modesBytesr��r��r ��r;��zServerProtocol.setModesc��C��r"��)Nr��c��s��r#��r$��r��r&��r��r��r ��r'��r(��z1ServerProtocol.setPrivateModes.<locals>.<genexpr>��[?r)��r��r+��r��r��r ��r>��zServerProtocol.setPrivateModesc��C��r"��)Nr��c��s��r#��r$��r��r&��r��r��r ��r'��r(��z,ServerProtocol.resetModes.<locals>.<genexpr>r��lr��r+��r��r��r ��r=��r-��zServerProtocol.resetModesc��C��r"��)Nr��c��s��r#��r$��r��r&��r��r��r ��r'��r(��z3ServerProtocol.resetPrivateModes.<locals>.<genexpr>r.��r0��r��r+��r��r��r ��r?��r/��z ServerProtocol.resetPrivateModesc��C��\|��d��d�S�)Ns��=r��r$��r��r��r ��r@��r��z$ServerProtocol.applicationKeypadModec��C��r1��)Ns��>r��r$��r��r��r ��rA��r��z ServerProtocol.numericKeypadModec��C��s��\|t�krd}n\|tkrd}ntd��\|tkrd}n \|tkr d}n\|tkr'd}n\|tkr.d}n\|tkr5d}ntd ��\|��d \|�\|��d�S�)N��(��)z7`which' argument to selectCharacterSet must be G0 or G1r��r��0��1��2z0Invalid `charSet' argument to selectCharacterSetr_��) �G0�G1r��CS_UK�CS_US� CS_DRAWING�CS_ALTERNATE�CS_ALTERNATE_SPECIALr��)r#��rB��rC��r��r��r ��rD��s"��z!ServerProtocol.selectCharacterSetc��C��r1��)N��r��r$��r��r��r ��rE��r��zServerProtocol.shiftInc��C��r1��)N��r��r$��r��r��r ��rF��r��zServerProtocol.shiftOutc��C��r1��)Ns��Nr��r$��r��r��r ��rG�� r��zServerProtocol.singleShift2c��C��r1��)Ns��Or��r$��r��r��r ��rH�� r��zServerProtocol.singleShift3c��G��s8��g�}\|D�] }\|��t\|��q\|��dd�\|��d��d�S�)Nr��r��m)r��r��r��r��)r#��rI��attrsr��r��r��r ��rJ��s��z%ServerProtocol.selectGraphicRenditionc��C��r1��)Ns��Hr��r$��r��r��r ��rK��r��z&ServerProtocol.horizontalTabulationSetc��C��r1��)Ns��[qr��r$��r��r��r ��rL��r��zServerProtocol.tabulationClearc��C��r1��)Ns��[3qr��r$��r��r��r ��rM��r��z!ServerProtocol.tabulationClearAllTc��C��s ��\|r \|��d��d�S�\|��d��d�S�)Ns��#3s��#4r��)r#��rN��r��r��r ��rO�� s��zServerProtocol.doubleHeightLinec��C��r1��)Ns��#5r��r$��r��r��r ��rP��&��r��zServerProtocol.singleWidthLinec��C��r1��)Ns��#6r��r$��r��r��r ��rQ��)��r��zServerProtocol.doubleWidthLinec��C��r1��)Ns��[Kr��r$��r��r��r ��rR��,��r��zServerProtocol.eraseToLineEndc��C��r1��)Ns��[1Kr��r$��r��r��r ��rS��/��r��z#ServerProtocol.eraseToLineBeginningc��C��r1��)Ns��[2Kr��r$��r��r��r ��rT��2��r��zServerProtocol.eraseLinec��C��r1��)Ns��[Jr��r$��r��r��r ��rU��5��r��z ServerProtocol.eraseToDisplayEndc��C��r1��)Ns��[1Jr��r$��r��r��r ��rV��8��r��z&ServerProtocol.eraseToDisplayBeginningc��C��r1��)Ns��[2Jr��r$��r��r��r ��rW��;��r��zServerProtocol.eraseDisplayc��C��\|��d\|f��d�S�)Ns��[%dPr��r��r��r��r ��rX��>��r��zServerProtocol.deleteCharacterc��C��rB��)Ns��[%dLr��r��r��r��r ��rY��A��r��zServerProtocol.insertLinec��C��rB��)Ns��[%dMr��r��r��r��r ��rZ��D��r��zServerProtocol.deleteLinec��C��sF��\|d�ur d\|f�}nd}\|d�urd\|f�}nd}\|��d\|\|f��d�S�)Nr%��r��s��[%b;%brr��)r#��first�lastr��r��r ��setScrollRegionG��s��zServerProtocol.setScrollRegionc��C��s��\|��d�S�r ��)rE��r$��r��r��r ��resetScrollRegionR��z ServerProtocol.resetScrollRegionc��C��s"��t��}\|�j�\|��\|��d��\|S�)Ns��[6n)r��Deferredr��r��r��)r#��r��r��r��r ��r[��U��s�� z#ServerProtocol.reportCursorPositionc��C��s:��d�\|�j�_\|�j�_z\|�`W�n �ty��Y�nw�\|��d��d�S�)Nr��s��c)r��r��r��r!��r��r��r$��r��r��r ��r\��[��s��zServerProtocol.resetc��C��s>��\|rt�\|t�s\|�d�}\|\|�_\|�j�d�\|�d��d�S�d�S�)Nzutf-8s�� r ��)� isinstancer��r�� lastWriter��r��r��r��r#��r��r��r��r ��r��d��s�� zServerProtocol.writec��C��s��\|��d�\|��d�S�)Nr��)r��r��rK��r��r��r �� writeSequencek��r��zServerProtocol.writeSequencec��C��s��\|��\|�j��d�S�r ��)r\��r��loseConnectionr$��r��r��r ��rM��n��s��zServerProtocol.loseConnectionc��C��s0��\|�j�d�urz\|�j��\|��W�d�\|�_�d�S�d�\|�_�w�d�S�r ��)r��r��r'��r��r��r ��r��r��s �� zServerProtocol.connectionLostr ��r]��r^��)NN)Gr��r��r��r��r��r �� BACKSPACErJ��r��r��r��r��scrollRegionr��r��r��r��r"��r��r��r��r��r��r��r��r,��r-��r.��r/��r2��r3��r4��r5��r6��r7��r8��r;��r>��r=��r?��r@��rA��rD��rE��rF��rG��rH��rJ��rK��rL��rM��rO��rP��rQ��rR��rS��rT��rU��rV��rW��rX��rY��rZ��rE��rF��r[��r\��r��rL��rM��r��r��r��r��r ��r��s�� f r��c��@��s��e�Zd�ZdZdZdZdZddddddd d ddd d�Zddddd�Ze e eee d�ZdZd#dd�Zdd��Zdd��Zdd��Zdd��ZG�dd ��d �Ze��Zd!d"��ZdS�)$�ClientProtocolNr��s��indexs��reverseIndexs��nextLines ��saveCursors ��restoreCursors��applicationKeypadModes��numericKeypadModes��singleShift2s��singleShift3s��horizontalTabulationSets��reset)r��Mr��7��8��=��>��Nr��r��c��bracket-escape� ��select-g0� ��select-g1��select-height-width)r��r2��r3��#)r��r��r4��r5��r6��c��O��s��\|dur\|\|�_�\|\|�_\|\|�_dS�)aw�� @param terminalFactory: A callable which will be invoked with a, kw and should return an ITerminalTransport provider. This will be invoked when this ClientProtocol establishes a connection. @param a: Any positional arguments to pass to terminalFactory. @param kw: Any keyword arguments to pass to terminalFactory. N)�terminalFactory�terminalArgs�terminalKwArgs)r#��r]��r��r��r��r��r ��r��s�� zClientProtocol.__init__c��C��s>��\|�j�d�ur\|�j�\|�ji�\|�j��\|�_\|�j\|�j_\|�j�\|��d�S�d�S�r ��)r]��r^��r_��r!��r��r��r$��r��r��r ��r"��s�� zClientProtocol.connectionMadec��C��s,��\|�j�d�urz\|�j��\|��W�\|�`�d�S�\|�`�w�d�S�r ��)r!��r��r'��r��r��r ��r��s �� zClientProtocol.connectionLostc��C��sV��g�}t�\|�D��]}\|�jdkrz\|dkr&\|r"\|�j�d�\|��\|dd�=�d\|�_q\|dkr@\|r:\|�j�d�\|��\|dd�=�\|�j��q\|dkrZ\|rT\|�j�d�\|��\|dd�=�\|�j��q\|dkrt\|rn\|�j�d�\|��\|dd�=�\|�j��q\|�\|��q\|�jdkr�\|�j � \|�}\|dur�d\|�_t\|�j\|�d ��q\|�j � \|�}\|dur�\|\|�_q\|�j�d\|��d\|�_q\|�jd kr�\|�jdu�r�g�\|�_\|��s�\|dkr�\|��d�\|�j�\|��\|�`d\|�_q\|�j�\|��q\|�jdkr�\|�j�\|�j� \|\|�t��d\|�_q\|�jd k�r\|�j�\|�j� \|\|�t��d\|�_q\|�jdk�r\|��\|��d\|�_qtd��\|�r)\|�j�d�\|��dS�dS�)z� Parse the given data from a terminal server, dispatching to event handlers defined by C{self.terminal}. r��r_��r��Nr��r?��r>��r��rX��r`��rY��rZ��r[��r��)r��r��r!��r��r��rF��rE��r/��r��_shortsr��r��r��_longsr��_escBufr��r��rD�� _charsetsr7��r8��_handleHeightWidthr��)r#��r��toWrite�b�fNamer��r��r��r ��r��sn�� zClientProtocol.dataReceivedc��C��sN��t�\|�jt�\|\|��d�d��}\|d�u�r\|�j�d\|�\|��d�S�\|\|�\|�j\|��d�S�)Nr��r��)r��r��r��r��r��r!��r��)r#��r��r!��r��r��r��r ��r��s��z%ClientProtocol._handleControlSequencec��@��s��e�Zd�Zdd��ZdD�] \ZZeed��q [dd��Zdd��Zd d ��Z dd��Z d d��Zdd��Zdd��Z dd��Zdd��Zdd��Zdd��ZdS�)z$ClientProtocol.ControlSequenceParserc��s��d\|��fdd�}\|S�)N�cursorc��s\��\|st�\|��d��d�S�zt\|�}W�n�ty$��\|�d\|��Y�d�S�w�t�\|��\|��d�S�)Nr)��r��)r��r��r��r��)r#��r��r��r��m�r��r+��r��r ��simple��s��z@ClientProtocol.ControlSequenceParser._makeSimple.<locals>.simpler��)r��rh��rl��r��rk��r ��_makeSimple��s��z0ClientProtocol.ControlSequenceParser._makeSimple))r��Up)r��Down)r��Forward)r��Backwardz = _makeSimple(ch, fName)c��C��N��zdd��\|��d�D��}W�n�ty��\|�d\|�d��Y�d�S�w�\|�\|��d�S�)Nc��S��g�\|�]}t�\|��qS�r��r��r&��r��r��r ��r��0��z:ClientProtocol.ControlSequenceParser.h.<locals>.<listcomp>r��r��r)��)r��r��r��r;��r#��r��r��r��r:��r��r��r ��h-��z&ClientProtocol.ControlSequenceParser.hc��C��rr��)Nc��S��rs��r��rt��r&��r��r��r ��r��9��ru��z:ClientProtocol.ControlSequenceParser.l.<locals>.<listcomp>r��r��l)r��r��r��r=��rv��r��r��r ��ry��6��rx��z&ClientProtocol.ControlSequenceParser.lc��C��s��\|��d�}t\|�dkr\|�d�d��d�S�t\|�dkrQz\|d�r%t\|d��}nd�}\|d�r2t\|d��}nd�}W�n�tyH��\|�d\|�d��Y�d�S�w�\|�\|\|��d�S�\|�d\|�d��d�S�)Nr��r)��ra��r��r��r)r��r��rE��r��r��r��)r#��r��r��r��r��pt�pbr��r��r ��r?��s"�� z&ClientProtocol.ControlSequenceParser.rc��C��N��\|s\|��d�S�\|dkr\|��d�S�\|dkr\|��d�S�\|�d\|�d��d�S�)Nr5��r6��r��K)rR��rS��rT��r��r��r��r��r ��KT��z&ClientProtocol.ControlSequenceParser.Kc��C��s��\|��d�S�r ��)r3��r��r��r��r ��r��^��rG��z&ClientProtocol.ControlSequenceParser.Hc��C��r~��)Nr5��r6��r��J)rU��rV��rW��r��r��r��r��r ��Ja��r��z&ClientProtocol.ControlSequenceParser.Jc��C��T��\|s \|��d��d�S�zt\|�}W�n�ty"��\|�d\|�d��Y�d�S�w�\|��\|��d�S�)Nr)��r��r��)rX��r��r��r��r#��r��r��r��r+��r��r��r ��Pk��z&ClientProtocol.ControlSequenceParser.Pc��C��r��)Nr)��r��L)rY��r��r��r��r��r��r��r ��Lv��r��z&ClientProtocol.ControlSequenceParser.Lc��C��r��)Nr)��r��rQ��)rZ��r��r��r��r��r��r��r ��M��r��z&ClientProtocol.ControlSequenceParser.Mc��C��sJ��\|dkr\|��\}}\|j�d\|d�\|d�f��d�S�\|�d\|�d��d�S�)N��6s��[%d;%dRr)��r��n)r[��r��r��r��)r#��r��r��r��r��r��r��r��r ��r+��s�� z&ClientProtocol.ControlSequenceParser.nc�� C��s^��\|s \|��t��d�S�g�}\|�d�D�]}zt\|�}W�n �ty!��Y�nw�\|�\|��q\|j�\|��d�S�)Nr��)rJ��NORMALr��r��r��r��)r#��r��r��r��rA��r��r��r��r ��rj��s��z&ClientProtocol.ControlSequenceParser.mN)r��r��r��rm��r��rh��execrw��ry��r}��r��r��r��r��r��r��r+��rj��r��r��r��r ��r��s �� r��c��C��sp��\|dkr\|�j��d��d�S�\|dkr\|�j��d��d�S�\|dkr#\|�j��d�S�\|dkr.\|�j��d�S�\|�j��d\|��d�S�)N��3T��4F��5r��s��#)r!��rO��rP��rQ��r��)r#��rg��r��r��r ��re��s��z!ClientProtocol._handleHeightWidthr ��)r��r��r��r]��r!��r��rc��ra��rb��r9��r:��r;��r<��r=��rd��r��r��r"��r��r��r��r��r��re��r��r��r��r ��rP��sL�� A�rP��)r ��r(��r:��rk�� FUNCTION_KEYSr:��r9��r;��r<��r=��r7��r8��G2�G3� UNDERLINE� REVERSE_VIDEO�BLINK�BOLDr��r��rP��N)/rd��zope.interfacer��r��twisted.internetr��r�� iinternetr��twisted.python.compatr��r��r ��r�� ITransportr(��CSIr��r:��rk��r:��r9��r;��r<��r=��r7��r8��r��r��r��r��r��r��r��r��r�� _KEY_NAMESr��r��Protocolr��zipr��const�setattrrP��__all__r��r��r��r ��<module>��sV��)�i��8��2��insults/window.py��0000644��00000065426�15027667726�0010165 0��ustar�00��# -- test-case-name: twisted.conch.test.test_window -- """ Simple insults-based widget library @author: Jp Calderone """ import array from twisted.conch.insults import helper, insults from twisted.python import text as tptext class YieldFocus(Exception): """ Input focus manipulation exception """ class BoundedTerminalWrapper: def __init__(self, terminal, width, height, xoff, yoff): self.width = width self.height = height self.xoff = xoff self.yoff = yoff self.terminal = terminal self.cursorForward = terminal.cursorForward self.selectCharacterSet = terminal.selectCharacterSet self.selectGraphicRendition = terminal.selectGraphicRendition self.saveCursor = terminal.saveCursor self.restoreCursor = terminal.restoreCursor def cursorPosition(self, x, y): return self.terminal.cursorPosition( self.xoff + min(self.width, x), self.yoff + min(self.height, y) ) def cursorHome(self): return self.terminal.cursorPosition(self.xoff, self.yoff) def write(self, data): return self.terminal.write(data) class Widget: focused = False parent = None dirty = False width = height = None def repaint(self): if not self.dirty: self.dirty = True if self.parent is not None and not self.parent.dirty: self.parent.repaint() def filthy(self): self.dirty = True def redraw(self, width, height, terminal): self.filthy() self.draw(width, height, terminal) def draw(self, width, height, terminal): if width != self.width or height != self.height or self.dirty: self.width = width self.height = height self.dirty = False self.render(width, height, terminal) def render(self, width, height, terminal): pass def sizeHint(self): return None def keystrokeReceived(self, keyID, modifier): if keyID == b"\t": self.tabReceived(modifier) elif keyID == b"\x7f": self.backspaceReceived() elif keyID in insults.FUNCTION_KEYS: self.functionKeyReceived(keyID, modifier) else: self.characterReceived(keyID, modifier) def tabReceived(self, modifier): # XXX TODO - Handle shift+tab raise YieldFocus() def focusReceived(self): """ Called when focus is being given to this widget. May raise YieldFocus is this widget does not want focus. """ self.focused = True self.repaint() def focusLost(self): self.focused = False self.repaint() def backspaceReceived(self): pass def functionKeyReceived(self, keyID, modifier): name = keyID if not isinstance(keyID, str): name = name.decode("utf-8") func = getattr(self, "func_" + name, None) if func is not None: func(modifier) def characterReceived(self, keyID, modifier): pass class ContainerWidget(Widget): """ @ivar focusedChild: The contained widget which currently has focus, or None. """ focusedChild = None focused = False def __init__(self): Widget.__init__(self) self.children = [] def addChild(self, child): assert child.parent is None child.parent = self self.children.append(child) if self.focusedChild is None and self.focused: try: child.focusReceived() except YieldFocus: pass else: self.focusedChild = child self.repaint() def remChild(self, child): assert child.parent is self child.parent = None self.children.remove(child) self.repaint() def filthy(self): for ch in self.children: ch.filthy() Widget.filthy(self) def render(self, width, height, terminal): for ch in self.children: ch.draw(width, height, terminal) def changeFocus(self): self.repaint() if self.focusedChild is not None: self.focusedChild.focusLost() focusedChild = self.focusedChild self.focusedChild = None try: curFocus = self.children.index(focusedChild) + 1 except ValueError: raise YieldFocus() else: curFocus = 0 while curFocus < len(self.children): try: self.children[curFocus].focusReceived() except YieldFocus: curFocus += 1 else: self.focusedChild = self.children[curFocus] return # None of our children wanted focus raise YieldFocus() def focusReceived(self): self.changeFocus() self.focused = True def keystrokeReceived(self, keyID, modifier): if self.focusedChild is not None: try: self.focusedChild.keystrokeReceived(keyID, modifier) except YieldFocus: self.changeFocus() self.repaint() else: Widget.keystrokeReceived(self, keyID, modifier) class TopWindow(ContainerWidget): """ A top-level container object which provides focus wrap-around and paint scheduling. @ivar painter: A no-argument callable which will be invoked when this widget needs to be redrawn. @ivar scheduler: A one-argument callable which will be invoked with a no-argument callable and should arrange for it to invoked at some point in the near future. The no-argument callable will cause this widget and all its children to be redrawn. It is typically beneficial for the no-argument callable to be invoked at the end of handling for whatever event is currently active; for example, it might make sense to call it at the end of L{twisted.conch.insults.insults.ITerminalProtocol.keystrokeReceived}. Note, however, that since calls to this may also be made in response to no apparent event, arrangements should be made for the function to be called even if an event handler such as C{keystrokeReceived} is not on the call stack (eg, using L{reactor.callLater<twisted.internet.interfaces.IReactorTime.callLater>} with a short timeout). """ focused = True def __init__(self, painter, scheduler): ContainerWidget.__init__(self) self.painter = painter self.scheduler = scheduler _paintCall = None def repaint(self): if self._paintCall is None: self._paintCall = object() self.scheduler(self._paint) ContainerWidget.repaint(self) def _paint(self): self._paintCall = None self.painter() def changeFocus(self): try: ContainerWidget.changeFocus(self) except YieldFocus: try: ContainerWidget.changeFocus(self) except YieldFocus: pass def keystrokeReceived(self, keyID, modifier): try: ContainerWidget.keystrokeReceived(self, keyID, modifier) except YieldFocus: self.changeFocus() class AbsoluteBox(ContainerWidget): def moveChild(self, child, x, y): for n in range(len(self.children)): if self.children[n][0] is child: self.children[n] = (child, x, y) break else: raise ValueError("No such child", child) def render(self, width, height, terminal): for (ch, x, y) in self.children: wrap = BoundedTerminalWrapper(terminal, width - x, height - y, x, y) ch.draw(width, height, wrap) class _Box(ContainerWidget): TOP, CENTER, BOTTOM = range(3) def __init__(self, gravity=CENTER): ContainerWidget.__init__(self) self.gravity = gravity def sizeHint(self): height = 0 width = 0 for ch in self.children: hint = ch.sizeHint() if hint is None: hint = (None, None) if self.variableDimension == 0: if hint[0] is None: width = None elif width is not None: width += hint[0] if hint[1] is None: height = None elif height is not None: height = max(height, hint[1]) else: if hint[0] is None: width = None elif width is not None: width = max(width, hint[0]) if hint[1] is None: height = None elif height is not None: height += hint[1] return width, height def render(self, width, height, terminal): if not self.children: return greedy = 0 wants = [] for ch in self.children: hint = ch.sizeHint() if hint is None: hint = (None, None) if hint[self.variableDimension] is None: greedy += 1 wants.append(hint[self.variableDimension]) length = (width, height)[self.variableDimension] totalWant = sum(w for w in wants if w is not None) if greedy: leftForGreedy = int((length - totalWant) / greedy) widthOffset = heightOffset = 0 for want, ch in zip(wants, self.children): if want is None: want = leftForGreedy subWidth, subHeight = width, height if self.variableDimension == 0: subWidth = want else: subHeight = want wrap = BoundedTerminalWrapper( terminal, subWidth, subHeight, widthOffset, heightOffset, ) ch.draw(subWidth, subHeight, wrap) if self.variableDimension == 0: widthOffset += want else: heightOffset += want class HBox(_Box): variableDimension = 0 class VBox(_Box): variableDimension = 1 class Packer(ContainerWidget): def render(self, width, height, terminal): if not self.children: return root = int(len(self.children) * 0.5 + 0.5) boxes = [VBox() for n in range(root)] for n, ch in enumerate(self.children): boxes[n % len(boxes)].addChild(ch) h = HBox() map(h.addChild, boxes) h.render(width, height, terminal) class Canvas(Widget): focused = False contents = None def __init__(self): Widget.__init__(self) self.resize(1, 1) def resize(self, width, height): contents = array.array("B", b" " * width * height) if self.contents is not None: for x in range(min(width, self._width)): for y in range(min(height, self._height)): contents[width * y + x] = self[x, y] self.contents = contents self._width = width self._height = height if self.x >= width: self.x = width - 1 if self.y >= height: self.y = height - 1 def __getitem__(self, index): (x, y) = index return self.contents[(self._width * y) + x] def __setitem__(self, index, value): (x, y) = index self.contents[(self._width * y) + x] = value def clear(self): self.contents = array.array("B", b" " * len(self.contents)) def render(self, width, height, terminal): if not width or not height: return if width != self._width or height != self._height: self.resize(width, height) for i in range(height): terminal.cursorPosition(0, i) text = self.contents[ self._width * i : self._width * i + self._width ].tobytes() text = text[:width] terminal.write(text) def horizontalLine(terminal, y, left, right): terminal.selectCharacterSet(insults.CS_DRAWING, insults.G0) terminal.cursorPosition(left, y) terminal.write(b"\161" * (right - left)) terminal.selectCharacterSet(insults.CS_US, insults.G0) def verticalLine(terminal, x, top, bottom): terminal.selectCharacterSet(insults.CS_DRAWING, insults.G0) for n in range(top, bottom): terminal.cursorPosition(x, n) terminal.write(b"\170") terminal.selectCharacterSet(insults.CS_US, insults.G0) def rectangle(terminal, position, dimension): """ Draw a rectangle @type position: L{tuple} @param position: A tuple of the (top, left) coordinates of the rectangle. @type dimension: L{tuple} @param dimension: A tuple of the (width, height) size of the rectangle. """ (top, left) = position (width, height) = dimension terminal.selectCharacterSet(insults.CS_DRAWING, insults.G0) terminal.cursorPosition(top, left) terminal.write(b"\154") terminal.write(b"\161" * (width - 2)) terminal.write(b"\153") for n in range(height - 2): terminal.cursorPosition(left, top + n + 1) terminal.write(b"\170") terminal.cursorForward(width - 2) terminal.write(b"\170") terminal.cursorPosition(0, top + height - 1) terminal.write(b"\155") terminal.write(b"\161" * (width - 2)) terminal.write(b"\152") terminal.selectCharacterSet(insults.CS_US, insults.G0) class Border(Widget): def __init__(self, containee): Widget.__init__(self) self.containee = containee self.containee.parent = self def focusReceived(self): return self.containee.focusReceived() def focusLost(self): return self.containee.focusLost() def keystrokeReceived(self, keyID, modifier): return self.containee.keystrokeReceived(keyID, modifier) def sizeHint(self): hint = self.containee.sizeHint() if hint is None: hint = (None, None) if hint[0] is None: x = None else: x = hint[0] + 2 if hint[1] is None: y = None else: y = hint[1] + 2 return x, y def filthy(self): self.containee.filthy() Widget.filthy(self) def render(self, width, height, terminal): if self.containee.focused: terminal.write(b"\x1b[31m") rectangle(terminal, (0, 0), (width, height)) terminal.write(b"\x1b[0m") wrap = BoundedTerminalWrapper(terminal, width - 2, height - 2, 1, 1) self.containee.draw(width - 2, height - 2, wrap) class Button(Widget): def __init__(self, label, onPress): Widget.__init__(self) self.label = label self.onPress = onPress def sizeHint(self): return len(self.label), 1 def characterReceived(self, keyID, modifier): if keyID == b"\r": self.onPress() def render(self, width, height, terminal): terminal.cursorPosition(0, 0) if self.focused: terminal.write(b"\x1b[1m" + self.label + b"\x1b[0m") else: terminal.write(self.label) class TextInput(Widget): def __init__(self, maxwidth, onSubmit): Widget.__init__(self) self.onSubmit = onSubmit self.maxwidth = maxwidth self.buffer = b"" self.cursor = 0 def setText(self, text): self.buffer = text[: self.maxwidth] self.cursor = len(self.buffer) self.repaint() def func_LEFT_ARROW(self, modifier): if self.cursor > 0: self.cursor -= 1 self.repaint() def func_RIGHT_ARROW(self, modifier): if self.cursor < len(self.buffer): self.cursor += 1 self.repaint() def backspaceReceived(self): if self.cursor > 0: self.buffer = self.buffer[: self.cursor - 1] + self.buffer[self.cursor :] self.cursor -= 1 self.repaint() def characterReceived(self, keyID, modifier): if keyID == b"\r": self.onSubmit(self.buffer) else: if len(self.buffer) < self.maxwidth: self.buffer = ( self.buffer[: self.cursor] + keyID + self.buffer[self.cursor :] ) self.cursor += 1 self.repaint() def sizeHint(self): return self.maxwidth + 1, 1 def render(self, width, height, terminal): currentText = self._renderText() terminal.cursorPosition(0, 0) if self.focused: terminal.write(currentText[: self.cursor]) cursor(terminal, currentText[self.cursor : self.cursor + 1] or b" ") terminal.write(currentText[self.cursor + 1 :]) terminal.write(b" " * (self.maxwidth - len(currentText) + 1)) else: more = self.maxwidth - len(currentText) terminal.write(currentText + b"_" * more) def _renderText(self): return self.buffer class PasswordInput(TextInput): def _renderText(self): return "" len(self.buffer) class TextOutput(Widget): text = b"" def __init__(self, size=None): Widget.__init__(self) self.size = size def sizeHint(self): return self.size def render(self, width, height, terminal): terminal.cursorPosition(0, 0) text = self.text[:width] terminal.write(text + b" " * (width - len(text))) def setText(self, text): self.text = text self.repaint() def focusReceived(self): raise YieldFocus() class TextOutputArea(TextOutput): WRAP, TRUNCATE = range(2) def __init__(self, size=None, longLines=WRAP): TextOutput.__init__(self, size) self.longLines = longLines def render(self, width, height, terminal): n = 0 inputLines = self.text.splitlines() outputLines = [] while inputLines: if self.longLines == self.WRAP: line = inputLines.pop(0) if not isinstance(line, str): line = line.decode("utf-8") wrappedLines = [] for wrappedLine in tptext.greedyWrap(line, width): if not isinstance(wrappedLine, bytes): wrappedLine = wrappedLine.encode("utf-8") wrappedLines.append(wrappedLine) outputLines.extend(wrappedLines or [b""]) else: outputLines.append(inputLines.pop(0)[:width]) if len(outputLines) >= height: break for n, L in enumerate(outputLines[:height]): terminal.cursorPosition(0, n) terminal.write(L) class Viewport(Widget): _xOffset = 0 _yOffset = 0 @property def xOffset(self): return self._xOffset @xOffset.setter def xOffset(self, value): if self._xOffset != value: self._xOffset = value self.repaint() @property def yOffset(self): return self._yOffset @yOffset.setter def yOffset(self, value): if self._yOffset != value: self._yOffset = value self.repaint() _width = 160 _height = 24 def __init__(self, containee): Widget.__init__(self) self.containee = containee self.containee.parent = self self._buf = helper.TerminalBuffer() self._buf.width = self._width self._buf.height = self._height self._buf.connectionMade() def filthy(self): self.containee.filthy() Widget.filthy(self) def render(self, width, height, terminal): self.containee.draw(self._width, self._height, self._buf) # XXX /Lame/ for y, line in enumerate( self._buf.lines[self._yOffset : self._yOffset + height] ): terminal.cursorPosition(0, y) n = 0 for n, (ch, attr) in enumerate(line[self._xOffset : self._xOffset + width]): if ch is self._buf.void: ch = b" " terminal.write(ch) if n < width: terminal.write(b" " * (width - n - 1)) class _Scrollbar(Widget): def __init__(self, onScroll): Widget.__init__(self) self.onScroll = onScroll self.percent = 0.0 def smaller(self): self.percent = min(1.0, max(0.0, self.onScroll(-1))) self.repaint() def bigger(self): self.percent = min(1.0, max(0.0, self.onScroll(+1))) self.repaint() class HorizontalScrollbar(_Scrollbar): def sizeHint(self): return (None, 1) def func_LEFT_ARROW(self, modifier): self.smaller() def func_RIGHT_ARROW(self, modifier): self.bigger() _left = "\N{BLACK LEFT-POINTING TRIANGLE}" _right = "\N{BLACK RIGHT-POINTING TRIANGLE}" _bar = "\N{LIGHT SHADE}" _slider = "\N{DARK SHADE}" def render(self, width, height, terminal): terminal.cursorPosition(0, 0) n = width - 3 before = int(n * self.percent) after = n - before me = ( self._left + (self._bar * before) + self._slider + (self._bar * after) + self._right ) terminal.write(me.encode("utf-8")) class VerticalScrollbar(_Scrollbar): def sizeHint(self): return (1, None) def func_UP_ARROW(self, modifier): self.smaller() def func_DOWN_ARROW(self, modifier): self.bigger() _up = "\N{BLACK UP-POINTING TRIANGLE}" _down = "\N{BLACK DOWN-POINTING TRIANGLE}" _bar = "\N{LIGHT SHADE}" _slider = "\N{DARK SHADE}" def render(self, width, height, terminal): terminal.cursorPosition(0, 0) knob = int(self.percent * (height - 2)) terminal.write(self._up.encode("utf-8")) for i in range(1, height - 1): terminal.cursorPosition(0, i) if i != (knob + 1): terminal.write(self._bar.encode("utf-8")) else: terminal.write(self._slider.encode("utf-8")) terminal.cursorPosition(0, height - 1) terminal.write(self._down.encode("utf-8")) class ScrolledArea(Widget): """ A L{ScrolledArea} contains another widget wrapped in a viewport and vertical and horizontal scrollbars for moving the viewport around. """ def __init__(self, containee): Widget.__init__(self) self._viewport = Viewport(containee) self._horiz = HorizontalScrollbar(self._horizScroll) self._vert = VerticalScrollbar(self._vertScroll) for w in self._viewport, self._horiz, self._vert: w.parent = self def _horizScroll(self, n): self._viewport.xOffset += n self._viewport.xOffset = max(0, self._viewport.xOffset) return self._viewport.xOffset / 25.0 def _vertScroll(self, n): self._viewport.yOffset += n self._viewport.yOffset = max(0, self._viewport.yOffset) return self._viewport.yOffset / 25.0 def func_UP_ARROW(self, modifier): self._vert.smaller() def func_DOWN_ARROW(self, modifier): self._vert.bigger() def func_LEFT_ARROW(self, modifier): self._horiz.smaller() def func_RIGHT_ARROW(self, modifier): self._horiz.bigger() def filthy(self): self._viewport.filthy() self._horiz.filthy() self._vert.filthy() Widget.filthy(self) def render(self, width, height, terminal): wrapper = BoundedTerminalWrapper(terminal, width - 2, height - 2, 1, 1) self._viewport.draw(width - 2, height - 2, wrapper) if self.focused: terminal.write(b"\x1b[31m") horizontalLine(terminal, 0, 1, width - 1) verticalLine(terminal, 0, 1, height - 1) self._vert.draw( 1, height - 1, BoundedTerminalWrapper(terminal, 1, height - 1, width - 1, 0) ) self._horiz.draw( width, 1, BoundedTerminalWrapper(terminal, width, 1, 0, height - 1) ) terminal.write(b"\x1b[0m") def cursor(terminal, ch): terminal.saveCursor() terminal.selectGraphicRendition(str(insults.REVERSE_VIDEO)) terminal.write(ch) terminal.restoreCursor() terminal.cursorForward() class Selection(Widget): # Index into the sequence focusedIndex = 0 # Offset into the displayed subset of the sequence renderOffset = 0 def __init__(self, sequence, onSelect, minVisible=None): Widget.__init__(self) self.sequence = sequence self.onSelect = onSelect self.minVisible = minVisible if minVisible is not None: self._width = max(map(len, self.sequence)) def sizeHint(self): if self.minVisible is not None: return self._width, self.minVisible def func_UP_ARROW(self, modifier): if self.focusedIndex > 0: self.focusedIndex -= 1 if self.renderOffset > 0: self.renderOffset -= 1 self.repaint() def func_PGUP(self, modifier): if self.renderOffset != 0: self.focusedIndex -= self.renderOffset self.renderOffset = 0 else: self.focusedIndex = max(0, self.focusedIndex - self.height) self.repaint() def func_DOWN_ARROW(self, modifier): if self.focusedIndex < len(self.sequence) - 1: self.focusedIndex += 1 if self.renderOffset < self.height - 1: self.renderOffset += 1 self.repaint() def func_PGDN(self, modifier): if self.renderOffset != self.height - 1: change = self.height - self.renderOffset - 1 if change + self.focusedIndex >= len(self.sequence): change = len(self.sequence) - self.focusedIndex - 1 self.focusedIndex += change self.renderOffset = self.height - 1 else: self.focusedIndex = min( len(self.sequence) - 1, self.focusedIndex + self.height ) self.repaint() def characterReceived(self, keyID, modifier): if keyID == b"\r": self.onSelect(self.sequence[self.focusedIndex]) def render(self, width, height, terminal): self.height = height start = self.focusedIndex - self.renderOffset if start > len(self.sequence) - height: start = max(0, len(self.sequence) - height) elements = self.sequence[start : start + height] for n, ele in enumerate(elements): terminal.cursorPosition(0, n) if n == self.renderOffset: terminal.saveCursor() if self.focused: modes = str(insults.REVERSE_VIDEO), str(insults.BOLD) else: modes = (str(insults.REVERSE_VIDEO),) terminal.selectGraphicRendition(modes) text = ele[:width] terminal.write(text + (b" " (width - len(text)))) if n == self.renderOffset: terminal.restoreCursor() ��insults/helper.py��0000644��00000037714�15027667726�0010134 0��ustar�00��# -- test-case-name: twisted.conch.test.test_helper -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Partial in-memory terminal emulator @author: Jp Calderone """ import re import string from zope.interface import implementer from incremental import Version from twisted.conch.insults import insults from twisted.internet import defer, protocol, reactor from twisted.logger import Logger from twisted.python import _textattributes from twisted.python.compat import iterbytes from twisted.python.deprecate import deprecated, deprecatedModuleAttribute FOREGROUND = 30 BACKGROUND = 40 BLACK, RED, GREEN, YELLOW, BLUE, MAGENTA, CYAN, WHITE, N_COLORS = range(9) class _FormattingState(_textattributes._FormattingStateMixin): """ Represents the formatting state/attributes of a single character. Character set, intensity, underlinedness, blinkitude, video reversal, as well as foreground and background colors made up a character's attributes. """ compareAttributes = ( "charset", "bold", "underline", "blink", "reverseVideo", "foreground", "background", "_subtracting", ) def __init__( self, charset=insults.G0, bold=False, underline=False, blink=False, reverseVideo=False, foreground=WHITE, background=BLACK, _subtracting=False, ): self.charset = charset self.bold = bold self.underline = underline self.blink = blink self.reverseVideo = reverseVideo self.foreground = foreground self.background = background self._subtracting = _subtracting @deprecated(Version("Twisted", 13, 1, 0)) def wantOne(self, kw): """ Add a character attribute to a copy of this formatting state. @param kw: An optional attribute name and value can be provided with a keyword argument. @return: A formatting state instance with the new attribute. @see: L{DefaultFormattingState._withAttribute}. """ k, v = kw.popitem() return self._withAttribute(k, v) def toVT102(self): # Spit out a vt102 control sequence that will set up # all the attributes set here. Except charset. attrs = [] if self._subtracting: attrs.append(0) if self.bold: attrs.append(insults.BOLD) if self.underline: attrs.append(insults.UNDERLINE) if self.blink: attrs.append(insults.BLINK) if self.reverseVideo: attrs.append(insults.REVERSE_VIDEO) if self.foreground != WHITE: attrs.append(FOREGROUND + self.foreground) if self.background != BLACK: attrs.append(BACKGROUND + self.background) if attrs: return "\x1b[" + ";".join(map(str, attrs)) + "m" return "" CharacterAttribute = _FormattingState deprecatedModuleAttribute( Version("Twisted", 13, 1, 0), "Use twisted.conch.insults.text.assembleFormattedText instead.", "twisted.conch.insults.helper", "CharacterAttribute", ) # XXX - need to support scroll regions and scroll history @implementer(insults.ITerminalTransport) class TerminalBuffer(protocol.Protocol): """ An in-memory terminal emulator. """ for keyID in ( b"UP_ARROW", b"DOWN_ARROW", b"RIGHT_ARROW", b"LEFT_ARROW", b"HOME", b"INSERT", b"DELETE", b"END", b"PGUP", b"PGDN", b"F1", b"F2", b"F3", b"F4", b"F5", b"F6", b"F7", b"F8", b"F9", b"F10", b"F11", b"F12", ): execBytes = keyID + b" = object()" execStr = execBytes.decode("ascii") exec(execStr) TAB = b"\t" BACKSPACE = b"\x7f" width = 80 height = 24 fill = b" " void = object() _log = Logger() def getCharacter(self, x, y): return self.lines[y][x] def connectionMade(self): self.reset() def write(self, data): """ Add the given printable bytes to the terminal. Line feeds in L{bytes} will be replaced with carriage return / line feed pairs. """ for b in iterbytes(data.replace(b"\n", b"\r\n")): self.insertAtCursor(b) def _currentFormattingState(self): return _FormattingState(self.activeCharset, self.graphicRendition) def insertAtCursor(self, b): """ Add one byte to the terminal at the cursor and make consequent state updates. If b is a carriage return, move the cursor to the beginning of the current row. If b is a line feed, move the cursor to the next row or scroll down if the cursor is already in the last row. Otherwise, if b is printable, put it at the cursor position (inserting or overwriting as dictated by the current mode) and move the cursor. """ if b == b"\r": self.x = 0 elif b == b"\n": self._scrollDown() elif b in string.printable.encode("ascii"): if self.x >= self.width: self.nextLine() ch = (b, self._currentFormattingState()) if self.modes.get(insults.modes.IRM): self.lines[self.y][self.x : self.x] = [ch] self.lines[self.y].pop() else: self.lines[self.y][self.x] = ch self.x += 1 def _emptyLine(self, width): return [(self.void, self._currentFormattingState()) for i in range(width)] def _scrollDown(self): self.y += 1 if self.y >= self.height: self.y -= 1 del self.lines[0] self.lines.append(self._emptyLine(self.width)) def _scrollUp(self): self.y -= 1 if self.y < 0: self.y = 0 del self.lines[-1] self.lines.insert(0, self._emptyLine(self.width)) def cursorUp(self, n=1): self.y = max(0, self.y - n) def cursorDown(self, n=1): self.y = min(self.height - 1, self.y + n) def cursorBackward(self, n=1): self.x = max(0, self.x - n) def cursorForward(self, n=1): self.x = min(self.width, self.x + n) def cursorPosition(self, column, line): self.x = column self.y = line def cursorHome(self): self.x = self.home.x self.y = self.home.y def index(self): self._scrollDown() def reverseIndex(self): self._scrollUp() def nextLine(self): """ Update the cursor position attributes and scroll down if appropriate. """ self.x = 0 self._scrollDown() def saveCursor(self): self._savedCursor = (self.x, self.y) def restoreCursor(self): self.x, self.y = self._savedCursor del self._savedCursor def setModes(self, modes): for m in modes: self.modes[m] = True def resetModes(self, modes): for m in modes: try: del self.modes[m] except KeyError: pass def setPrivateModes(self, modes): """ Enable the given modes. Track which modes have been enabled so that the implementations of other L{insults.ITerminalTransport} methods can be properly implemented to respect these settings. @see: L{resetPrivateModes} @see: L{insults.ITerminalTransport.setPrivateModes} """ for m in modes: self.privateModes[m] = True def resetPrivateModes(self, modes): """ Disable the given modes. @see: L{setPrivateModes} @see: L{insults.ITerminalTransport.resetPrivateModes} """ for m in modes: try: del self.privateModes[m] except KeyError: pass def applicationKeypadMode(self): self.keypadMode = "app" def numericKeypadMode(self): self.keypadMode = "num" def selectCharacterSet(self, charSet, which): self.charsets[which] = charSet def shiftIn(self): self.activeCharset = insults.G0 def shiftOut(self): self.activeCharset = insults.G1 def singleShift2(self): oldActiveCharset = self.activeCharset self.activeCharset = insults.G2 f = self.insertAtCursor def insertAtCursor(b): f(b) del self.insertAtCursor self.activeCharset = oldActiveCharset self.insertAtCursor = insertAtCursor def singleShift3(self): oldActiveCharset = self.activeCharset self.activeCharset = insults.G3 f = self.insertAtCursor def insertAtCursor(b): f(b) del self.insertAtCursor self.activeCharset = oldActiveCharset self.insertAtCursor = insertAtCursor def selectGraphicRendition(self, attributes): for a in attributes: if a == insults.NORMAL: self.graphicRendition = { "bold": False, "underline": False, "blink": False, "reverseVideo": False, "foreground": WHITE, "background": BLACK, } elif a == insults.BOLD: self.graphicRendition["bold"] = True elif a == insults.UNDERLINE: self.graphicRendition["underline"] = True elif a == insults.BLINK: self.graphicRendition["blink"] = True elif a == insults.REVERSE_VIDEO: self.graphicRendition["reverseVideo"] = True else: try: v = int(a) except ValueError: self._log.error( "Unknown graphic rendition attribute: {attr!r}", attr=a ) else: if FOREGROUND <= v <= FOREGROUND + N_COLORS: self.graphicRendition["foreground"] = v - FOREGROUND elif BACKGROUND <= v <= BACKGROUND + N_COLORS: self.graphicRendition["background"] = v - BACKGROUND else: self._log.error( "Unknown graphic rendition attribute: {attr!r}", attr=a ) def eraseLine(self): self.lines[self.y] = self._emptyLine(self.width) def eraseToLineEnd(self): width = self.width - self.x self.lines[self.y][self.x :] = self._emptyLine(width) def eraseToLineBeginning(self): self.lines[self.y][: self.x + 1] = self._emptyLine(self.x + 1) def eraseDisplay(self): self.lines = [self._emptyLine(self.width) for i in range(self.height)] def eraseToDisplayEnd(self): self.eraseToLineEnd() height = self.height - self.y - 1 self.lines[self.y + 1 :] = [self._emptyLine(self.width) for i in range(height)] def eraseToDisplayBeginning(self): self.eraseToLineBeginning() self.lines[: self.y] = [self._emptyLine(self.width) for i in range(self.y)] def deleteCharacter(self, n=1): del self.lines[self.y][self.x : self.x + n] self.lines[self.y].extend(self._emptyLine(min(self.width - self.x, n))) def insertLine(self, n=1): self.lines[self.y : self.y] = [self._emptyLine(self.width) for i in range(n)] del self.lines[self.height :] def deleteLine(self, n=1): del self.lines[self.y : self.y + n] self.lines.extend([self._emptyLine(self.width) for i in range(n)]) def reportCursorPosition(self): return (self.x, self.y) def reset(self): self.home = insults.Vector(0, 0) self.x = self.y = 0 self.modes = {} self.privateModes = {} self.setPrivateModes( [insults.privateModes.AUTO_WRAP, insults.privateModes.CURSOR_MODE] ) self.numericKeypad = "app" self.activeCharset = insults.G0 self.graphicRendition = { "bold": False, "underline": False, "blink": False, "reverseVideo": False, "foreground": WHITE, "background": BLACK, } self.charsets = { insults.G0: insults.CS_US, insults.G1: insults.CS_US, insults.G2: insults.CS_ALTERNATE, insults.G3: insults.CS_ALTERNATE_SPECIAL, } self.eraseDisplay() def unhandledControlSequence(self, buf): print("Could not handle", repr(buf)) def __bytes__(self): lines = [] for L in self.lines: buf = [] length = 0 for (ch, attr) in L: if ch is not self.void: buf.append(ch) length = len(buf) else: buf.append(self.fill) lines.append(b"".join(buf[:length])) return b"\n".join(lines) def getHost(self): # ITransport.getHost raise NotImplementedError("Unimplemented: TerminalBuffer.getHost") def getPeer(self): # ITransport.getPeer raise NotImplementedError("Unimplemented: TerminalBuffer.getPeer") def loseConnection(self): # ITransport.loseConnection raise NotImplementedError("Unimplemented: TerminalBuffer.loseConnection") def writeSequence(self, data): # ITransport.writeSequence raise NotImplementedError("Unimplemented: TerminalBuffer.writeSequence") def horizontalTabulationSet(self): # ITerminalTransport.horizontalTabulationSet raise NotImplementedError( "Unimplemented: TerminalBuffer.horizontalTabulationSet" ) def tabulationClear(self): # TerminalTransport.tabulationClear raise NotImplementedError("Unimplemented: TerminalBuffer.tabulationClear") def tabulationClearAll(self): # TerminalTransport.tabulationClearAll raise NotImplementedError("Unimplemented: TerminalBuffer.tabulationClearAll") def doubleHeightLine(self, top=True): # ITerminalTransport.doubleHeightLine raise NotImplementedError("Unimplemented: TerminalBuffer.doubleHeightLine") def singleWidthLine(self): # ITerminalTransport.singleWidthLine raise NotImplementedError("Unimplemented: TerminalBuffer.singleWidthLine") def doubleWidthLine(self): # ITerminalTransport.doubleWidthLine raise NotImplementedError("Unimplemented: TerminalBuffer.doubleWidthLine") class ExpectationTimeout(Exception): pass class ExpectableBuffer(TerminalBuffer): _mark = 0 def connectionMade(self): TerminalBuffer.connectionMade(self) self._expecting = [] def write(self, data): TerminalBuffer.write(self, data) self._checkExpected() def cursorHome(self): TerminalBuffer.cursorHome(self) self._mark = 0 def _timeoutExpected(self, d): d.errback(ExpectationTimeout()) self._checkExpected() def _checkExpected(self): s = self.__bytes__()[self._mark :] while self._expecting: expr, timer, deferred = self._expecting[0] if timer and not timer.active(): del self._expecting[0] continue for match in expr.finditer(s): if timer: timer.cancel() del self._expecting[0] self._mark += match.end() s = s[match.end() :] deferred.callback(match) break else: return def expect(self, expression, timeout=None, scheduler=reactor): d = defer.Deferred() timer = None if timeout: timer = scheduler.callLater(timeout, self._timeoutExpected, d) self._expecting.append((re.compile(expression), timer, d)) self._checkExpected() return d __all__ = ["CharacterAttribute", "TerminalBuffer", "ExpectableBuffer"] ��insults/insults.py��0000644��00000105462�15027667726�0010352 0��ustar�00��# -- test-case-name: twisted.conch.test.test_insults -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ VT102 and VT220 terminal manipulation. @author: Jp Calderone """ from zope.interface import Interface, implementer from twisted.internet import defer, interfaces as iinternet, protocol from twisted.python.compat import iterbytes, networkString class ITerminalProtocol(Interface): def makeConnection(transport): """ Called with an L{ITerminalTransport} when a connection is established. """ def keystrokeReceived(keyID, modifier): """ A keystroke was received. Each keystroke corresponds to one invocation of this method. keyID is a string identifier for that key. Printable characters are represented by themselves. Control keys, such as arrows and function keys, are represented with symbolic constants on L{ServerProtocol}. """ def terminalSize(width, height): """ Called to indicate the size of the terminal. A terminal of 80x24 should be assumed if this method is not called. This method might not be called for real terminals. """ def unhandledControlSequence(seq): """ Called when an unsupported control sequence is received. @type seq: L{str} @param seq: The whole control sequence which could not be interpreted. """ def connectionLost(reason): """ Called when the connection has been lost. reason is a Failure describing why. """ @implementer(ITerminalProtocol) class TerminalProtocol: def makeConnection(self, terminal): # assert ITerminalTransport.providedBy(transport), "TerminalProtocol.makeConnection must be passed an ITerminalTransport implementor" self.terminal = terminal self.connectionMade() def connectionMade(self): """ Called after a connection has been established. """ def keystrokeReceived(self, keyID, modifier): pass def terminalSize(self, width, height): pass def unhandledControlSequence(self, seq): pass def connectionLost(self, reason): pass class ITerminalTransport(iinternet.ITransport): def cursorUp(n=1): """ Move the cursor up n lines. """ def cursorDown(n=1): """ Move the cursor down n lines. """ def cursorForward(n=1): """ Move the cursor right n columns. """ def cursorBackward(n=1): """ Move the cursor left n columns. """ def cursorPosition(column, line): """ Move the cursor to the given line and column. """ def cursorHome(): """ Move the cursor home. """ def index(): """ Move the cursor down one line, performing scrolling if necessary. """ def reverseIndex(): """ Move the cursor up one line, performing scrolling if necessary. """ def nextLine(): """ Move the cursor to the first position on the next line, performing scrolling if necessary. """ def saveCursor(): """ Save the cursor position, character attribute, character set, and origin mode selection. """ def restoreCursor(): """ Restore the previously saved cursor position, character attribute, character set, and origin mode selection. If no cursor state was previously saved, move the cursor to the home position. """ def setModes(modes): """ Set the given modes on the terminal. """ def resetModes(mode): """ Reset the given modes on the terminal. """ def setPrivateModes(modes): """ Set the given DEC private modes on the terminal. """ def resetPrivateModes(modes): """ Reset the given DEC private modes on the terminal. """ def applicationKeypadMode(): """ Cause keypad to generate control functions. Cursor key mode selects the type of characters generated by cursor keys. """ def numericKeypadMode(): """ Cause keypad to generate normal characters. """ def selectCharacterSet(charSet, which): """ Select a character set. charSet should be one of CS_US, CS_UK, CS_DRAWING, CS_ALTERNATE, or CS_ALTERNATE_SPECIAL. which should be one of G0 or G1. """ def shiftIn(): """ Activate the G0 character set. """ def shiftOut(): """ Activate the G1 character set. """ def singleShift2(): """ Shift to the G2 character set for a single character. """ def singleShift3(): """ Shift to the G3 character set for a single character. """ def selectGraphicRendition(attributes): """ Enabled one or more character attributes. Arguments should be one or more of UNDERLINE, REVERSE_VIDEO, BLINK, or BOLD. NORMAL may also be specified to disable all character attributes. """ def horizontalTabulationSet(): """ Set a tab stop at the current cursor position. """ def tabulationClear(): """ Clear the tab stop at the current cursor position. """ def tabulationClearAll(): """ Clear all tab stops. """ def doubleHeightLine(top=True): """ Make the current line the top or bottom half of a double-height, double-width line. If top is True, the current line is the top half. Otherwise, it is the bottom half. """ def singleWidthLine(): """ Make the current line a single-width, single-height line. """ def doubleWidthLine(): """ Make the current line a double-width line. """ def eraseToLineEnd(): """ Erase from the cursor to the end of line, including cursor position. """ def eraseToLineBeginning(): """ Erase from the cursor to the beginning of the line, including the cursor position. """ def eraseLine(): """ Erase the entire cursor line. """ def eraseToDisplayEnd(): """ Erase from the cursor to the end of the display, including the cursor position. """ def eraseToDisplayBeginning(): """ Erase from the cursor to the beginning of the display, including the cursor position. """ def eraseDisplay(): """ Erase the entire display. """ def deleteCharacter(n=1): """ Delete n characters starting at the cursor position. Characters to the right of deleted characters are shifted to the left. """ def insertLine(n=1): """ Insert n lines at the cursor position. Lines below the cursor are shifted down. Lines moved past the bottom margin are lost. This command is ignored when the cursor is outside the scroll region. """ def deleteLine(n=1): """ Delete n lines starting at the cursor position. Lines below the cursor are shifted up. This command is ignored when the cursor is outside the scroll region. """ def reportCursorPosition(): """ Return a Deferred that fires with a two-tuple of (x, y) indicating the cursor position. """ def reset(): """ Reset the terminal to its initial state. """ def unhandledControlSequence(seq): """ Called when an unsupported control sequence is received. @type seq: L{str} @param seq: The whole control sequence which could not be interpreted. """ CSI = b"\x1b" CST = {b"~": b"tilde"} class modes: """ ECMA 48 standardized modes """ # BREAKS YOPUR KEYBOARD MOFO KEYBOARD_ACTION = KAM = 2 # When set, enables character insertion. New display characters # move old display characters to the right. Characters moved past # the right margin are lost. # When reset, enables replacement mode (disables character # insertion). New display characters replace old display # characters at cursor position. The old character is erased. INSERTION_REPLACEMENT = IRM = 4 # Set causes a received linefeed, form feed, or vertical tab to # move cursor to first column of next line. RETURN transmits both # a carriage return and linefeed. This selection is also called # new line option. # Reset causes a received linefeed, form feed, or vertical tab to # move cursor to next line in current column. RETURN transmits a # carriage return. LINEFEED_NEWLINE = LNM = 20 class privateModes: """ ANSI-Compatible Private Modes """ ERROR = 0 CURSOR_KEY = 1 ANSI_VT52 = 2 COLUMN = 3 SCROLL = 4 SCREEN = 5 ORIGIN = 6 AUTO_WRAP = 7 AUTO_REPEAT = 8 PRINTER_FORM_FEED = 18 PRINTER_EXTENT = 19 # Toggle cursor visibility (reset hides it) CURSOR_MODE = 25 # Character sets CS_US = b"CS_US" CS_UK = b"CS_UK" CS_DRAWING = b"CS_DRAWING" CS_ALTERNATE = b"CS_ALTERNATE" CS_ALTERNATE_SPECIAL = b"CS_ALTERNATE_SPECIAL" # Groupings (or something?? These are like variables that can be bound to character sets) G0 = b"G0" G1 = b"G1" # G2 and G3 cannot be changed, but they can be shifted to. G2 = b"G2" G3 = b"G3" # Character attributes NORMAL = 0 BOLD = 1 UNDERLINE = 4 BLINK = 5 REVERSE_VIDEO = 7 class Vector: def __init__(self, x, y): self.x = x self.y = y def log(s): with open("log", "a") as f: f.write(str(s) + "\n") # XXX TODO - These attributes are really part of the # ITerminalTransport interface, I think. _KEY_NAMES = ( "UP_ARROW", "DOWN_ARROW", "RIGHT_ARROW", "LEFT_ARROW", "HOME", "INSERT", "DELETE", "END", "PGUP", "PGDN", "NUMPAD_MIDDLE", "F1", "F2", "F3", "F4", "F5", "F6", "F7", "F8", "F9", "F10", "F11", "F12", "ALT", "SHIFT", "CONTROL", ) class _const: """ @ivar name: A string naming this constant """ def __init__(self, name: str) -> None: self.name = name def __repr__(self) -> str: return "[" + self.name + "]" def __bytes__(self) -> bytes: return ("[" + self.name + "]").encode("ascii") FUNCTION_KEYS = [_const(_name).__bytes__() for _name in _KEY_NAMES] @implementer(ITerminalTransport) class ServerProtocol(protocol.Protocol): protocolFactory = None terminalProtocol = None TAB = b"\t" BACKSPACE = b"\x7f" ## lastWrite = b"" state = b"data" termSize = Vector(80, 24) cursorPos = Vector(0, 0) scrollRegion = None # Factory who instantiated me factory = None def __init__(self, protocolFactory=None, a, kw): """ @param protocolFactory: A callable which will be invoked with a, *kw and should return an ITerminalProtocol implementor. This will be invoked when a connection to this ServerProtocol is established. @param a: Any positional arguments to pass to protocolFactory. @param kw: Any keyword arguments to pass to protocolFactory. """ # assert protocolFactory is None or ITerminalProtocol.implementedBy(protocolFactory), "ServerProtocol.__init__ must be passed an ITerminalProtocol implementor" if protocolFactory is not None: self.protocolFactory = protocolFactory self.protocolArgs = a self.protocolKwArgs = kw self._cursorReports = [] def getHost(self): # ITransport.getHost raise NotImplementedError("Unimplemented: ServerProtocol.getHost") def getPeer(self): # ITransport.getPeer raise NotImplementedError("Unimplemented: ServerProtocol.getPeer") def connectionMade(self): if self.protocolFactory is not None: self.terminalProtocol = self.protocolFactory( self.protocolArgs, *self.protocolKwArgs ) try: factory = self.factory except AttributeError: pass else: self.terminalProtocol.factory = factory self.terminalProtocol.makeConnection(self) def dataReceived(self, data): for ch in iterbytes(data): if self.state == b"data": if ch == b"\x1b": self.state = b"escaped" else: self.terminalProtocol.keystrokeReceived(ch, None) elif self.state == b"escaped": if ch == b"[": self.state = b"bracket-escaped" self.escBuf = [] elif ch == b"O": self.state = b"low-function-escaped" else: self.state = b"data" self._handleShortControlSequence(ch) elif self.state == b"bracket-escaped": if ch == b"O": self.state = b"low-function-escaped" elif ch.isalpha() or ch == b"~": self._handleControlSequence(b"".join(self.escBuf) + ch) del self.escBuf self.state = b"data" else: self.escBuf.append(ch) elif self.state == b"low-function-escaped": self._handleLowFunctionControlSequence(ch) self.state = b"data" else: raise ValueError("Illegal state") def _handleShortControlSequence(self, ch): self.terminalProtocol.keystrokeReceived(ch, self.ALT) def _handleControlSequence(self, buf): buf = b"\x1b[" + buf f = getattr( self.controlSequenceParser, CST.get(buf[-1:], buf[-1:]).decode("ascii"), None, ) if f is None: self.unhandledControlSequence(buf) else: f(self, self.terminalProtocol, buf[:-1]) def unhandledControlSequence(self, buf): self.terminalProtocol.unhandledControlSequence(buf) def _handleLowFunctionControlSequence(self, ch): functionKeys = {b"P": self.F1, b"Q": self.F2, b"R": self.F3, b"S": self.F4} keyID = functionKeys.get(ch) if keyID is not None: self.terminalProtocol.keystrokeReceived(keyID, None) else: self.terminalProtocol.unhandledControlSequence(b"\x1b[O" + ch) class ControlSequenceParser: def A(self, proto, handler, buf): if buf == b"\x1b[": handler.keystrokeReceived(proto.UP_ARROW, None) else: handler.unhandledControlSequence(buf + b"A") def B(self, proto, handler, buf): if buf == b"\x1b[": handler.keystrokeReceived(proto.DOWN_ARROW, None) else: handler.unhandledControlSequence(buf + b"B") def C(self, proto, handler, buf): if buf == b"\x1b[": handler.keystrokeReceived(proto.RIGHT_ARROW, None) else: handler.unhandledControlSequence(buf + b"C") def D(self, proto, handler, buf): if buf == b"\x1b[": handler.keystrokeReceived(proto.LEFT_ARROW, None) else: handler.unhandledControlSequence(buf + b"D") def E(self, proto, handler, buf): if buf == b"\x1b[": handler.keystrokeReceived(proto.NUMPAD_MIDDLE, None) else: handler.unhandledControlSequence(buf + b"E") def F(self, proto, handler, buf): if buf == b"\x1b[": handler.keystrokeReceived(proto.END, None) else: handler.unhandledControlSequence(buf + b"F") def H(self, proto, handler, buf): if buf == b"\x1b[": handler.keystrokeReceived(proto.HOME, None) else: handler.unhandledControlSequence(buf + b"H") def R(self, proto, handler, buf): if not proto._cursorReports: handler.unhandledControlSequence(buf + b"R") elif buf.startswith(b"\x1b["): report = buf[2:] parts = report.split(b";") if len(parts) != 2: handler.unhandledControlSequence(buf + b"R") else: Pl, Pc = parts try: Pl, Pc = int(Pl), int(Pc) except ValueError: handler.unhandledControlSequence(buf + b"R") else: d = proto._cursorReports.pop(0) d.callback((Pc - 1, Pl - 1)) else: handler.unhandledControlSequence(buf + b"R") def Z(self, proto, handler, buf): if buf == b"\x1b[": handler.keystrokeReceived(proto.TAB, proto.SHIFT) else: handler.unhandledControlSequence(buf + b"Z") def tilde(self, proto, handler, buf): map = { 1: proto.HOME, 2: proto.INSERT, 3: proto.DELETE, 4: proto.END, 5: proto.PGUP, 6: proto.PGDN, 15: proto.F5, 17: proto.F6, 18: proto.F7, 19: proto.F8, 20: proto.F9, 21: proto.F10, 23: proto.F11, 24: proto.F12, } if buf.startswith(b"\x1b["): ch = buf[2:] try: v = int(ch) except ValueError: handler.unhandledControlSequence(buf + b"~") else: symbolic = map.get(v) if symbolic is not None: handler.keystrokeReceived(map[v], None) else: handler.unhandledControlSequence(buf + b"~") else: handler.unhandledControlSequence(buf + b"~") controlSequenceParser = ControlSequenceParser() # ITerminalTransport def cursorUp(self, n=1): assert n >= 1 self.cursorPos.y = max(self.cursorPos.y - n, 0) self.write(b"\x1b[%dA" % (n,)) def cursorDown(self, n=1): assert n >= 1 self.cursorPos.y = min(self.cursorPos.y + n, self.termSize.y - 1) self.write(b"\x1b[%dB" % (n,)) def cursorForward(self, n=1): assert n >= 1 self.cursorPos.x = min(self.cursorPos.x + n, self.termSize.x - 1) self.write(b"\x1b[%dC" % (n,)) def cursorBackward(self, n=1): assert n >= 1 self.cursorPos.x = max(self.cursorPos.x - n, 0) self.write(b"\x1b[%dD" % (n,)) def cursorPosition(self, column, line): self.write(b"\x1b[%d;%dH" % (line + 1, column + 1)) def cursorHome(self): self.cursorPos.x = self.cursorPos.y = 0 self.write(b"\x1b[H") def index(self): # ECMA48 5th Edition removes this self.cursorPos.y = min(self.cursorPos.y + 1, self.termSize.y - 1) self.write(b"\x1bD") def reverseIndex(self): self.cursorPos.y = max(self.cursorPos.y - 1, 0) self.write(b"\x1bM") def nextLine(self): self.cursorPos.x = 0 self.cursorPos.y = min(self.cursorPos.y + 1, self.termSize.y - 1) self.write(b"\n") def saveCursor(self): self._savedCursorPos = Vector(self.cursorPos.x, self.cursorPos.y) self.write(b"\x1b7") def restoreCursor(self): self.cursorPos = self._savedCursorPos del self._savedCursorPos self.write(b"\x1b8") def setModes(self, modes): # XXX Support ANSI-Compatible private modes modesBytes = b";".join(b"%d" % (mode,) for mode in modes) self.write(b"\x1b[" + modesBytes + b"h") def setPrivateModes(self, modes): modesBytes = b";".join(b"%d" % (mode,) for mode in modes) self.write(b"\x1b[?" + modesBytes + b"h") def resetModes(self, modes): # XXX Support ANSI-Compatible private modes modesBytes = b";".join(b"%d" % (mode,) for mode in modes) self.write(b"\x1b[" + modesBytes + b"l") def resetPrivateModes(self, modes): modesBytes = b";".join(b"%d" % (mode,) for mode in modes) self.write(b"\x1b[?" + modesBytes + b"l") def applicationKeypadMode(self): self.write(b"\x1b=") def numericKeypadMode(self): self.write(b"\x1b>") def selectCharacterSet(self, charSet, which): # XXX Rewrite these as dict lookups if which == G0: which = b"(" elif which == G1: which = b")" else: raise ValueError("`which' argument to selectCharacterSet must be G0 or G1") if charSet == CS_UK: charSet = b"A" elif charSet == CS_US: charSet = b"B" elif charSet == CS_DRAWING: charSet = b"0" elif charSet == CS_ALTERNATE: charSet = b"1" elif charSet == CS_ALTERNATE_SPECIAL: charSet = b"2" else: raise ValueError("Invalid `charSet' argument to selectCharacterSet") self.write(b"\x1b" + which + charSet) def shiftIn(self): self.write(b"\x15") def shiftOut(self): self.write(b"\x14") def singleShift2(self): self.write(b"\x1bN") def singleShift3(self): self.write(b"\x1bO") def selectGraphicRendition(self, attributes): # each member of attributes must be a native string attrs = [] for a in attributes: attrs.append(networkString(a)) self.write(b"\x1b[" + b";".join(attrs) + b"m") def horizontalTabulationSet(self): self.write(b"\x1bH") def tabulationClear(self): self.write(b"\x1b[q") def tabulationClearAll(self): self.write(b"\x1b[3q") def doubleHeightLine(self, top=True): if top: self.write(b"\x1b#3") else: self.write(b"\x1b#4") def singleWidthLine(self): self.write(b"\x1b#5") def doubleWidthLine(self): self.write(b"\x1b#6") def eraseToLineEnd(self): self.write(b"\x1b[K") def eraseToLineBeginning(self): self.write(b"\x1b[1K") def eraseLine(self): self.write(b"\x1b[2K") def eraseToDisplayEnd(self): self.write(b"\x1b[J") def eraseToDisplayBeginning(self): self.write(b"\x1b[1J") def eraseDisplay(self): self.write(b"\x1b[2J") def deleteCharacter(self, n=1): self.write(b"\x1b[%dP" % (n,)) def insertLine(self, n=1): self.write(b"\x1b[%dL" % (n,)) def deleteLine(self, n=1): self.write(b"\x1b[%dM" % (n,)) def setScrollRegion(self, first=None, last=None): if first is not None: first = b"%d" % (first,) else: first = b"" if last is not None: last = b"%d" % (last,) else: last = b"" self.write(b"\x1b[%b;%br" % (first, last)) def resetScrollRegion(self): self.setScrollRegion() def reportCursorPosition(self): d = defer.Deferred() self._cursorReports.append(d) self.write(b"\x1b[6n") return d def reset(self): self.cursorPos.x = self.cursorPos.y = 0 try: del self._savedCursorPos except AttributeError: pass self.write(b"\x1bc") # ITransport def write(self, data): if data: if not isinstance(data, bytes): data = data.encode("utf-8") self.lastWrite = data self.transport.write(b"\r\n".join(data.split(b"\n"))) def writeSequence(self, data): self.write(b"".join(data)) def loseConnection(self): self.reset() self.transport.loseConnection() def connectionLost(self, reason): if self.terminalProtocol is not None: try: self.terminalProtocol.connectionLost(reason) finally: self.terminalProtocol = None # Add symbolic names for function keys for name, const in zip(_KEY_NAMES, FUNCTION_KEYS): setattr(ServerProtocol, name, const) class ClientProtocol(protocol.Protocol): terminalFactory = None terminal = None state = b"data" _escBuf = None _shorts = { b"D": b"index", b"M": b"reverseIndex", b"E": b"nextLine", b"7": b"saveCursor", b"8": b"restoreCursor", b"=": b"applicationKeypadMode", b">": b"numericKeypadMode", b"N": b"singleShift2", b"O": b"singleShift3", b"H": b"horizontalTabulationSet", b"c": b"reset", } _longs = { b"[": b"bracket-escape", b"(": b"select-g0", b")": b"select-g1", b"#": b"select-height-width", } _charsets = { b"A": CS_UK, b"B": CS_US, b"0": CS_DRAWING, b"1": CS_ALTERNATE, b"2": CS_ALTERNATE_SPECIAL, } # Factory who instantiated me factory = None def __init__(self, terminalFactory=None, a, kw): """ @param terminalFactory: A callable which will be invoked with a, *kw and should return an ITerminalTransport provider. This will be invoked when this ClientProtocol establishes a connection. @param a: Any positional arguments to pass to terminalFactory. @param kw: Any keyword arguments to pass to terminalFactory. """ # assert terminalFactory is None or ITerminalTransport.implementedBy(terminalFactory), "ClientProtocol.__init__ must be passed an ITerminalTransport implementor" if terminalFactory is not None: self.terminalFactory = terminalFactory self.terminalArgs = a self.terminalKwArgs = kw def connectionMade(self): if self.terminalFactory is not None: self.terminal = self.terminalFactory( self.terminalArgs, *self.terminalKwArgs ) self.terminal.factory = self.factory self.terminal.makeConnection(self) def connectionLost(self, reason): if self.terminal is not None: try: self.terminal.connectionLost(reason) finally: del self.terminal def dataReceived(self, data): """ Parse the given data from a terminal server, dispatching to event handlers defined by C{self.terminal}. """ toWrite = [] for b in iterbytes(data): if self.state == b"data": if b == b"\x1b": if toWrite: self.terminal.write(b"".join(toWrite)) del toWrite[:] self.state = b"escaped" elif b == b"\x14": if toWrite: self.terminal.write(b"".join(toWrite)) del toWrite[:] self.terminal.shiftOut() elif b == b"\x15": if toWrite: self.terminal.write(b"".join(toWrite)) del toWrite[:] self.terminal.shiftIn() elif b == b"\x08": if toWrite: self.terminal.write(b"".join(toWrite)) del toWrite[:] self.terminal.cursorBackward() else: toWrite.append(b) elif self.state == b"escaped": fName = self._shorts.get(b) if fName is not None: self.state = b"data" getattr(self.terminal, fName.decode("ascii"))() else: state = self._longs.get(b) if state is not None: self.state = state else: self.terminal.unhandledControlSequence(b"\x1b" + b) self.state = b"data" elif self.state == b"bracket-escape": if self._escBuf is None: self._escBuf = [] if b.isalpha() or b == b"~": self._handleControlSequence(b"".join(self._escBuf), b) del self._escBuf self.state = b"data" else: self._escBuf.append(b) elif self.state == b"select-g0": self.terminal.selectCharacterSet(self._charsets.get(b, b), G0) self.state = b"data" elif self.state == b"select-g1": self.terminal.selectCharacterSet(self._charsets.get(b, b), G1) self.state = b"data" elif self.state == b"select-height-width": self._handleHeightWidth(b) self.state = b"data" else: raise ValueError("Illegal state") if toWrite: self.terminal.write(b"".join(toWrite)) def _handleControlSequence(self, buf, terminal): f = getattr( self.controlSequenceParser, CST.get(terminal, terminal).decode("ascii"), None, ) if f is None: self.terminal.unhandledControlSequence(b"\x1b[" + buf + terminal) else: f(self, self.terminal, buf) class ControlSequenceParser: def _makeSimple(ch, fName): n = "cursor" + fName def simple(self, proto, handler, buf): if not buf: getattr(handler, n)(1) else: try: m = int(buf) except ValueError: handler.unhandledControlSequence(b"\x1b[" + buf + ch) else: getattr(handler, n)(m) return simple for (ch, fName) in ( ("A", "Up"), ("B", "Down"), ("C", "Forward"), ("D", "Backward"), ): exec(ch + " = _makeSimple(ch, fName)") del _makeSimple def h(self, proto, handler, buf): # XXX - Handle '?' to introduce ANSI-Compatible private modes. try: modes = [int(mode) for mode in buf.split(b";")] except ValueError: handler.unhandledControlSequence(b"\x1b[" + buf + b"h") else: handler.setModes(modes) def l(self, proto, handler, buf): # XXX - Handle '?' to introduce ANSI-Compatible private modes. try: modes = [int(mode) for mode in buf.split(b";")] except ValueError: handler.unhandledControlSequence(b"\x1b[" + buf + "l") else: handler.resetModes(modes) def r(self, proto, handler, buf): parts = buf.split(b";") if len(parts) == 1: handler.setScrollRegion(None, None) elif len(parts) == 2: try: if parts[0]: pt = int(parts[0]) else: pt = None if parts[1]: pb = int(parts[1]) else: pb = None except ValueError: handler.unhandledControlSequence(b"\x1b[" + buf + b"r") else: handler.setScrollRegion(pt, pb) else: handler.unhandledControlSequence(b"\x1b[" + buf + b"r") def K(self, proto, handler, buf): if not buf: handler.eraseToLineEnd() elif buf == b"1": handler.eraseToLineBeginning() elif buf == b"2": handler.eraseLine() else: handler.unhandledControlSequence(b"\x1b[" + buf + b"K") def H(self, proto, handler, buf): handler.cursorHome() def J(self, proto, handler, buf): if not buf: handler.eraseToDisplayEnd() elif buf == b"1": handler.eraseToDisplayBeginning() elif buf == b"2": handler.eraseDisplay() else: handler.unhandledControlSequence(b"\x1b[" + buf + b"J") def P(self, proto, handler, buf): if not buf: handler.deleteCharacter(1) else: try: n = int(buf) except ValueError: handler.unhandledControlSequence(b"\x1b[" + buf + b"P") else: handler.deleteCharacter(n) def L(self, proto, handler, buf): if not buf: handler.insertLine(1) else: try: n = int(buf) except ValueError: handler.unhandledControlSequence(b"\x1b[" + buf + b"L") else: handler.insertLine(n) def M(self, proto, handler, buf): if not buf: handler.deleteLine(1) else: try: n = int(buf) except ValueError: handler.unhandledControlSequence(b"\x1b[" + buf + b"M") else: handler.deleteLine(n) def n(self, proto, handler, buf): if buf == b"6": x, y = handler.reportCursorPosition() proto.transport.write(b"\x1b[%d;%dR" % (x + 1, y + 1)) else: handler.unhandledControlSequence(b"\x1b[" + buf + b"n") def m(self, proto, handler, buf): if not buf: handler.selectGraphicRendition(NORMAL) else: attrs = [] for a in buf.split(b";"): try: a = int(a) except ValueError: pass attrs.append(a) handler.selectGraphicRendition(attrs) controlSequenceParser = ControlSequenceParser() def _handleHeightWidth(self, b): if b == b"3": self.terminal.doubleHeightLine(True) elif b == b"4": self.terminal.doubleHeightLine(False) elif b == b"5": self.terminal.singleWidthLine() elif b == b"6": self.terminal.doubleWidthLine() else: self.terminal.unhandledControlSequence(b"\x1b#" + b) __all__ = [ # Interfaces "ITerminalProtocol", "ITerminalTransport", # Symbolic constants "modes", "privateModes", "FUNCTION_KEYS", "CS_US", "CS_UK", "CS_DRAWING", "CS_ALTERNATE", "CS_ALTERNATE_SPECIAL", "G0", "G1", "G2", "G3", "UNDERLINE", "REVERSE_VIDEO", "BLINK", "BOLD", "NORMAL", # Protocol classes "ServerProtocol", "ClientProtocol", ] ��insults/__init__.py��0000644��00000000114�15027667726�0010374 0��ustar�00��""" Insults: a replacement for Curses/S-Lang. Very basic at the moment.""" ��manhole.py��0000644��00000027104�15027667726�0006567 0��ustar�00��# -- test-case-name: twisted.conch.test.test_manhole -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Line-input oriented interactive interpreter loop. Provides classes for handling Python source input and arbitrary output interactively from a Twisted application. Also included is syntax coloring code with support for VT102 terminals, control code handling (^C, ^D, ^Q), and reasonable handling of Deferreds. @author: Jp Calderone """ import code import sys import tokenize from io import BytesIO from twisted.conch import recvline from twisted.internet import defer from twisted.python.compat import _get_async_param from twisted.python.htmlizer import TokenPrinter class FileWrapper: """ Minimal write-file-like object. Writes are translated into addOutput calls on an object passed to __init__. Newlines are also converted from network to local style. """ softspace = 0 state = "normal" def __init__(self, o): self.o = o def flush(self): pass def write(self, data): self.o.addOutput(data.replace("\r\n", "\n")) def writelines(self, lines): self.write("".join(lines)) class ManholeInterpreter(code.InteractiveInterpreter): """ Interactive Interpreter with special output and Deferred support. Aside from the features provided by L{code.InteractiveInterpreter}, this class captures sys.stdout output and redirects it to the appropriate location (the Manhole protocol instance). It also treats Deferreds which reach the top-level specially: each is formatted to the user with a unique identifier and a new callback and errback added to it, each of which will format the unique identifier and the result with which the Deferred fires and then pass it on to the next participant in the callback chain. """ numDeferreds = 0 def __init__(self, handler, locals=None, filename="<console>"): code.InteractiveInterpreter.__init__(self, locals) self._pendingDeferreds = {} self.handler = handler self.filename = filename self.resetBuffer() def resetBuffer(self): """ Reset the input buffer. """ self.buffer = [] def push(self, line): """ Push a line to the interpreter. The line should not have a trailing newline; it may have internal newlines. The line is appended to a buffer and the interpreter's runsource() method is called with the concatenated contents of the buffer as source. If this indicates that the command was executed or invalid, the buffer is reset; otherwise, the command is incomplete, and the buffer is left as it was after the line was appended. The return value is 1 if more input is required, 0 if the line was dealt with in some way (this is the same as runsource()). @param line: line of text @type line: L{bytes} @return: L{bool} from L{code.InteractiveInterpreter.runsource} """ self.buffer.append(line) source = b"\n".join(self.buffer) source = source.decode("utf-8") more = self.runsource(source, self.filename) if not more: self.resetBuffer() return more def runcode(self, a, kw): orighook, sys.displayhook = sys.displayhook, self.displayhook try: origout, sys.stdout = sys.stdout, FileWrapper(self.handler) try: code.InteractiveInterpreter.runcode(self, a, kw) finally: sys.stdout = origout finally: sys.displayhook = orighook def displayhook(self, obj): self.locals["_"] = obj if isinstance(obj, defer.Deferred): # XXX Ick, where is my "hasFired()" interface? if hasattr(obj, "result"): self.write(repr(obj)) elif id(obj) in self._pendingDeferreds: self.write("<Deferred #%d>" % (self._pendingDeferreds[id(obj)][0],)) else: d = self._pendingDeferreds k = self.numDeferreds d[id(obj)] = (k, obj) self.numDeferreds += 1 obj.addCallbacks( self._cbDisplayDeferred, self._ebDisplayDeferred, callbackArgs=(k, obj), errbackArgs=(k, obj), ) self.write("<Deferred #%d>" % (k,)) elif obj is not None: self.write(repr(obj)) def _cbDisplayDeferred(self, result, k, obj): self.write("Deferred #%d called back: %r" % (k, result), True) del self._pendingDeferreds[id(obj)] return result def _ebDisplayDeferred(self, failure, k, obj): self.write("Deferred #%d failed: %r" % (k, failure.getErrorMessage()), True) del self._pendingDeferreds[id(obj)] return failure def write(self, data, isAsync=None, kwargs): isAsync = _get_async_param(isAsync, kwargs) self.handler.addOutput(data, isAsync) CTRL_C = b"\x03" CTRL_D = b"\x04" CTRL_BACKSLASH = b"\x1c" CTRL_L = b"\x0c" CTRL_A = b"\x01" CTRL_E = b"\x05" class Manhole(recvline.HistoricRecvLine): r""" Mediator between a fancy line source and an interactive interpreter. This accepts lines from its transport and passes them on to a L{ManholeInterpreter}. Control commands (^C, ^D, ^\) are also handled with something approximating their normal terminal-mode behavior. It can optionally be constructed with a dict which will be used as the local namespace for any code executed. """ namespace = None def __init__(self, namespace=None): recvline.HistoricRecvLine.__init__(self) if namespace is not None: self.namespace = namespace.copy() def connectionMade(self): recvline.HistoricRecvLine.connectionMade(self) self.interpreter = ManholeInterpreter(self, self.namespace) self.keyHandlers[CTRL_C] = self.handle_INT self.keyHandlers[CTRL_D] = self.handle_EOF self.keyHandlers[CTRL_L] = self.handle_FF self.keyHandlers[CTRL_A] = self.handle_HOME self.keyHandlers[CTRL_E] = self.handle_END self.keyHandlers[CTRL_BACKSLASH] = self.handle_QUIT def handle_INT(self): """ Handle ^C as an interrupt keystroke by resetting the current input variables to their initial state. """ self.pn = 0 self.lineBuffer = [] self.lineBufferIndex = 0 self.interpreter.resetBuffer() self.terminal.nextLine() self.terminal.write(b"KeyboardInterrupt") self.terminal.nextLine() self.terminal.write(self.ps[self.pn]) def handle_EOF(self): if self.lineBuffer: self.terminal.write(b"\a") else: self.handle_QUIT() def handle_FF(self): """ Handle a 'form feed' byte - generally used to request a screen refresh/redraw. """ self.terminal.eraseDisplay() self.terminal.cursorHome() self.drawInputLine() def handle_QUIT(self): self.terminal.loseConnection() def _needsNewline(self): w = self.terminal.lastWrite return not w.endswith(b"\n") and not w.endswith(b"\x1bE") def addOutput(self, data, isAsync=None, kwargs): isAsync = _get_async_param(isAsync, *kwargs) if isAsync: self.terminal.eraseLine() self.terminal.cursorBackward(len(self.lineBuffer) + len(self.ps[self.pn])) self.terminal.write(data) if isAsync: if self._needsNewline(): self.terminal.nextLine() self.terminal.write(self.ps[self.pn]) if self.lineBuffer: oldBuffer = self.lineBuffer self.lineBuffer = [] self.lineBufferIndex = 0 self._deliverBuffer(oldBuffer) def lineReceived(self, line): more = self.interpreter.push(line) self.pn = bool(more) if self._needsNewline(): self.terminal.nextLine() self.terminal.write(self.ps[self.pn]) class VT102Writer: """ Colorizer for Python tokens. A series of tokens are written to instances of this object. Each is colored in a particular way. The final line of the result of this is generally added to the output. """ typeToColor = { "identifier": b"\x1b[31m", "keyword": b"\x1b[32m", "parameter": b"\x1b[33m", "variable": b"\x1b[1;33m", "string": b"\x1b[35m", "number": b"\x1b[36m", "op": b"\x1b[37m", } normalColor = b"\x1b[0m" def __init__(self): self.written = [] def color(self, type): r = self.typeToColor.get(type, b"") return r def write(self, token, type=None): if token and token != b"\r": c = self.color(type) if c: self.written.append(c) self.written.append(token) if c: self.written.append(self.normalColor) def __bytes__(self): s = b"".join(self.written) return s.strip(b"\n").splitlines()[-1] if bytes == str: # Compat with Python 2.7 __str__ = __bytes__ def lastColorizedLine(source): """ Tokenize and colorize the given Python source. Returns a VT102-format colorized version of the last line of C{source}. @param source: Python source code @type source: L{str} or L{bytes} @return: L{bytes} of colorized source """ if not isinstance(source, bytes): source = source.encode("utf-8") w = VT102Writer() p = TokenPrinter(w.write).printtoken s = BytesIO(source) for token in tokenize.tokenize(s.readline): (tokenType, string, start, end, line) = token p(tokenType, string, start, end, line) return bytes(w) class ColoredManhole(Manhole): """ A REPL which syntax colors input as users type it. """ def getSource(self): """ Return a string containing the currently entered source. This is only the code which will be considered for execution next. """ return b"\n".join(self.interpreter.buffer) + b"\n" + b"".join(self.lineBuffer) def characterReceived(self, ch, moreCharactersComing): if self.mode == "insert": self.lineBuffer.insert(self.lineBufferIndex, ch) else: self.lineBuffer[self.lineBufferIndex : self.lineBufferIndex + 1] = [ch] self.lineBufferIndex += 1 if moreCharactersComing: # Skip it all, we'll get called with another character in # like 2 femtoseconds. return if ch == b" ": # Don't bother to try to color whitespace self.terminal.write(ch) return source = self.getSource() # Try to write some junk try: coloredLine = lastColorizedLine(source) except tokenize.TokenError: # We couldn't do it. Strange. Oh well, just add the character. self.terminal.write(ch) else: # Success! Clear the source on this line. self.terminal.eraseLine() self.terminal.cursorBackward( len(self.lineBuffer) + len(self.ps[self.pn]) - 1 ) # And write a new, colorized one. self.terminal.write(self.ps[self.pn] + coloredLine) # And move the cursor to where it belongs n = len(self.lineBuffer) - self.lineBufferIndex if n: self.terminal.cursorBackward(n) ��manhole_tap.py��0000644��00000012554�15027667726�0007436 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ TAP plugin for creating telnet- and ssh-accessible manhole servers. @author: Jp Calderone """ from zope.interface import implementer from twisted.application import service, strports from twisted.conch import manhole, manhole_ssh, telnet from twisted.conch.insults import insults from twisted.conch.ssh import keys from twisted.cred import checkers, portal from twisted.internet import protocol from twisted.python import filepath, usage class makeTelnetProtocol: def __init__(self, portal): self.portal = portal def __call__(self): auth = telnet.AuthenticatingTelnetProtocol args = (self.portal,) return telnet.TelnetTransport(auth, args) class chainedProtocolFactory: def __init__(self, namespace): self.namespace = namespace def __call__(self): return insults.ServerProtocol(manhole.ColoredManhole, self.namespace) @implementer(portal.IRealm) class _StupidRealm: def __init__(self, proto, a, kw): self.protocolFactory = proto self.protocolArgs = a self.protocolKwArgs = kw def requestAvatar(self, avatarId, interfaces): if telnet.ITelnetProtocol in interfaces: return ( telnet.ITelnetProtocol, self.protocolFactory(self.protocolArgs, self.protocolKwArgs), lambda: None, ) raise NotImplementedError() class Options(usage.Options): optParameters = [ [ "telnetPort", "t", None, ( "strports description of the address on which to listen for telnet " "connections" ), ], [ "sshPort", "s", None, ( "strports description of the address on which to listen for ssh " "connections" ), ], [ "passwd", "p", "/etc/passwd", "name of a passwd(5)-format username/password file", ], [ "sshKeyDir", None, "<USER DATA DIR>", "Directory where the autogenerated SSH key is kept.", ], ["sshKeyName", None, "server.key", "Filename of the autogenerated SSH key."], ["sshKeySize", None, 4096, "Size of the automatically generated SSH key."], ] def __init__(self): usage.Options.__init__(self) self["namespace"] = None def postOptions(self): if self["telnetPort"] is None and self["sshPort"] is None: raise usage.UsageError( "At least one of --telnetPort and --sshPort must be specified" ) def makeService(options): """ Create a manhole server service. @type options: L{dict} @param options: A mapping describing the configuration of the desired service. Recognized key/value pairs are:: "telnetPort": strports description of the address on which to listen for telnet connections. If None, no telnet service will be started. "sshPort": strports description of the address on which to listen for ssh connections. If None, no ssh service will be started. "namespace": dictionary containing desired initial locals for manhole connections. If None, an empty dictionary will be used. "passwd": Name of a passwd(5)-format username/password file. "sshKeyDir": The folder that the SSH server key will be kept in. "sshKeyName": The filename of the key. "sshKeySize": The size of the key, in bits. Default is 4096. @rtype: L{twisted.application.service.IService} @return: A manhole service. """ svc = service.MultiService() namespace = options["namespace"] if namespace is None: namespace = {} checker = checkers.FilePasswordDB(options["passwd"]) if options["telnetPort"]: telnetRealm = _StupidRealm( telnet.TelnetBootstrapProtocol, insults.ServerProtocol, manhole.ColoredManhole, namespace, ) telnetPortal = portal.Portal(telnetRealm, [checker]) telnetFactory = protocol.ServerFactory() telnetFactory.protocol = makeTelnetProtocol(telnetPortal) telnetService = strports.service(options["telnetPort"], telnetFactory) telnetService.setServiceParent(svc) if options["sshPort"]: sshRealm = manhole_ssh.TerminalRealm() sshRealm.chainedProtocolFactory = chainedProtocolFactory(namespace) sshPortal = portal.Portal(sshRealm, [checker]) sshFactory = manhole_ssh.ConchFactory(sshPortal) if options["sshKeyDir"] != "<USER DATA DIR>": keyDir = options["sshKeyDir"] else: from twisted.python._appdirs import getDataDirectory keyDir = getDataDirectory() keyLocation = filepath.FilePath(keyDir).child(options["sshKeyName"]) sshKey = keys._getPersistentRSAKey(keyLocation, int(options["sshKeySize"])) sshFactory.publicKeys[b"ssh-rsa"] = sshKey sshFactory.privateKeys[b"ssh-rsa"] = sshKey sshService = strports.service(options["sshPort"], sshFactory) sshService.setServiceParent(svc) return svc ��unix.py��0000644��00000040246�15027667726�0006131 0��ustar�00��# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ A UNIX SSH server. """ import fcntl import grp import os import pty import pwd import socket import struct import time import tty from zope.interface import implementer from twisted.conch import ttymodes from twisted.conch.avatar import ConchUser from twisted.conch.error import ConchError from twisted.conch.interfaces import ISession, ISFTPFile, ISFTPServer from twisted.conch.ls import lsLine from twisted.conch.ssh import filetransfer, forwarding, session from twisted.conch.ssh.filetransfer import ( FXF_APPEND, FXF_CREAT, FXF_EXCL, FXF_READ, FXF_TRUNC, FXF_WRITE, ) from twisted.cred import portal from twisted.internet.error import ProcessExitedAlready from twisted.logger import Logger from twisted.python import components from twisted.python.compat import nativeString try: import utmp # type: ignore[import] except ImportError: utmp = None @implementer(portal.IRealm) class UnixSSHRealm: def requestAvatar(self, username, mind, interfaces): user = UnixConchUser(username) return interfaces[0], user, user.logout class UnixConchUser(ConchUser): def __init__(self, username): ConchUser.__init__(self) self.username = username self.pwdData = pwd.getpwnam(self.username) l = [self.pwdData[3]] for groupname, password, gid, userlist in grp.getgrall(): if username in userlist: l.append(gid) self.otherGroups = l self.listeners = {} # Dict mapping (interface, port) -> listener self.channelLookup.update( { b"session": session.SSHSession, b"direct-tcpip": forwarding.openConnectForwardingClient, } ) self.subsystemLookup.update({b"sftp": filetransfer.FileTransferServer}) def getUserGroupId(self): return self.pwdData[2:4] def getOtherGroups(self): return self.otherGroups def getHomeDir(self): return self.pwdData[5] def getShell(self): return self.pwdData[6] def global_tcpip_forward(self, data): hostToBind, portToBind = forwarding.unpackGlobal_tcpip_forward(data) from twisted.internet import reactor try: listener = self._runAsUser( reactor.listenTCP, portToBind, forwarding.SSHListenForwardingFactory( self.conn, (hostToBind, portToBind), forwarding.SSHListenServerForwardingChannel, ), interface=hostToBind, ) except BaseException: return 0 else: self.listeners[(hostToBind, portToBind)] = listener if portToBind == 0: portToBind = listener.getHost()[2] # The port return 1, struct.pack(">L", portToBind) else: return 1 def global_cancel_tcpip_forward(self, data): hostToBind, portToBind = forwarding.unpackGlobal_tcpip_forward(data) listener = self.listeners.get((hostToBind, portToBind), None) if not listener: return 0 del self.listeners[(hostToBind, portToBind)] self._runAsUser(listener.stopListening) return 1 def logout(self): # Remove all listeners. for listener in self.listeners.values(): self._runAsUser(listener.stopListening) self._log.info( "avatar {username} logging out ({nlisteners})", username=self.username, nlisteners=len(self.listeners), ) def _runAsUser(self, f, args, kw): euid = os.geteuid() egid = os.getegid() groups = os.getgroups() uid, gid = self.getUserGroupId() os.setegid(0) os.seteuid(0) os.setgroups(self.getOtherGroups()) os.setegid(gid) os.seteuid(uid) try: f = iter(f) except TypeError: f = [(f, args, kw)] try: for i in f: func = i[0] args = len(i) > 1 and i[1] or () kw = len(i) > 2 and i[2] or {} r = func(args, *kw) finally: os.setegid(0) os.seteuid(0) os.setgroups(groups) os.setegid(egid) os.seteuid(euid) return r @implementer(ISession) class SSHSessionForUnixConchUser: _log = Logger() def __init__(self, avatar, reactor=None): """ Construct an C{SSHSessionForUnixConchUser}. @param avatar: The L{UnixConchUser} for whom this is an SSH session. @param reactor: An L{IReactorProcess} used to handle shell and exec requests. Uses the default reactor if None. """ if reactor is None: from twisted.internet import reactor self._reactor = reactor self.avatar = avatar self.environ = {"PATH": "/bin:/usr/bin:/usr/local/bin"} self.pty = None self.ptyTuple = 0 def addUTMPEntry(self, loggedIn=1): if not utmp: return ipAddress = self.avatar.conn.transport.transport.getPeer().host (packedIp,) = struct.unpack("L", socket.inet_aton(ipAddress)) ttyName = self.ptyTuple[2][5:] t = time.time() t1 = int(t) t2 = int((t - t1) 1e6) entry = utmp.UtmpEntry() entry.ut_type = loggedIn and utmp.USER_PROCESS or utmp.DEAD_PROCESS entry.ut_pid = self.pty.pid entry.ut_line = ttyName entry.ut_id = ttyName[-4:] entry.ut_tv = (t1, t2) if loggedIn: entry.ut_user = self.avatar.username entry.ut_host = socket.gethostbyaddr(ipAddress)[0] entry.ut_addr_v6 = (packedIp, 0, 0, 0) a = utmp.UtmpRecord(utmp.UTMP_FILE) a.pututline(entry) a.endutent() b = utmp.UtmpRecord(utmp.WTMP_FILE) b.pututline(entry) b.endutent() def getPty(self, term, windowSize, modes): self.environ["TERM"] = term self.winSize = windowSize self.modes = modes master, slave = pty.openpty() ttyname = os.ttyname(slave) self.environ["SSH_TTY"] = ttyname self.ptyTuple = (master, slave, ttyname) def openShell(self, proto): if not self.ptyTuple: # We didn't get a pty-req. self._log.error("tried to get shell without pty, failing") raise ConchError("no pty") uid, gid = self.avatar.getUserGroupId() homeDir = self.avatar.getHomeDir() shell = self.avatar.getShell() self.environ["USER"] = self.avatar.username self.environ["HOME"] = homeDir self.environ["SHELL"] = shell shellExec = os.path.basename(shell) peer = self.avatar.conn.transport.transport.getPeer() host = self.avatar.conn.transport.transport.getHost() self.environ["SSH_CLIENT"] = f"{peer.host} {peer.port} {host.port}" self.getPtyOwnership() self.pty = self._reactor.spawnProcess( proto, shell, [f"-{shellExec}"], self.environ, homeDir, uid, gid, usePTY=self.ptyTuple, ) self.addUTMPEntry() fcntl.ioctl(self.pty.fileno(), tty.TIOCSWINSZ, struct.pack("4H", self.winSize)) if self.modes: self.setModes() self.oldWrite = proto.transport.write proto.transport.write = self._writeHack self.avatar.conn.transport.transport.setTcpNoDelay(1) def execCommand(self, proto, cmd): uid, gid = self.avatar.getUserGroupId() homeDir = self.avatar.getHomeDir() shell = self.avatar.getShell() or "/bin/sh" self.environ["HOME"] = homeDir command = (shell, "-c", cmd) peer = self.avatar.conn.transport.transport.getPeer() host = self.avatar.conn.transport.transport.getHost() self.environ["SSH_CLIENT"] = f"{peer.host} {peer.port} {host.port}" if self.ptyTuple: self.getPtyOwnership() self.pty = self._reactor.spawnProcess( proto, shell, command, self.environ, homeDir, uid, gid, usePTY=self.ptyTuple or 0, ) if self.ptyTuple: self.addUTMPEntry() if self.modes: self.setModes() self.avatar.conn.transport.transport.setTcpNoDelay(1) def getPtyOwnership(self): ttyGid = os.stat(self.ptyTuple[2])[5] uid, gid = self.avatar.getUserGroupId() euid, egid = os.geteuid(), os.getegid() os.setegid(0) os.seteuid(0) try: os.chown(self.ptyTuple[2], uid, ttyGid) finally: os.setegid(egid) os.seteuid(euid) def setModes(self): pty = self.pty attr = tty.tcgetattr(pty.fileno()) for mode, modeValue in self.modes: if mode not in ttymodes.TTYMODES: continue ttyMode = ttymodes.TTYMODES[mode] if len(ttyMode) == 2: # Flag. flag, ttyAttr = ttyMode if not hasattr(tty, ttyAttr): continue ttyval = getattr(tty, ttyAttr) if modeValue: attr[flag] = attr[flag] \| ttyval else: attr[flag] = attr[flag] & ~ttyval elif ttyMode == "OSPEED": attr[tty.OSPEED] = getattr(tty, f"B{modeValue}") elif ttyMode == "ISPEED": attr[tty.ISPEED] = getattr(tty, f"B{modeValue}") else: if not hasattr(tty, ttyMode): continue ttyval = getattr(tty, ttyMode) attr[tty.CC][ttyval] = bytes((modeValue,)) tty.tcsetattr(pty.fileno(), tty.TCSANOW, attr) def eofReceived(self): if self.pty: self.pty.closeStdin() def closed(self): if self.ptyTuple and os.path.exists(self.ptyTuple[2]): ttyGID = os.stat(self.ptyTuple[2])[5] os.chown(self.ptyTuple[2], 0, ttyGID) if self.pty: try: self.pty.signalProcess("HUP") except (OSError, ProcessExitedAlready): pass self.pty.loseConnection() self.addUTMPEntry(0) self._log.info("shell closed") def windowChanged(self, winSize): self.winSize = winSize fcntl.ioctl(self.pty.fileno(), tty.TIOCSWINSZ, struct.pack("4H", self.winSize)) def _writeHack(self, data): """ Hack to send ignore messages when we aren't echoing. """ if self.pty is not None: attr = tty.tcgetattr(self.pty.fileno())[3] if not attr & tty.ECHO and attr & tty.ICANON: # No echo. self.avatar.conn.transport.sendIgnore("\x00" * (8 + len(data))) self.oldWrite(data) @implementer(ISFTPServer) class SFTPServerForUnixConchUser: def __init__(self, avatar): self.avatar = avatar def _setAttrs(self, path, attrs): """ NOTE: this function assumes it runs as the logged-in user: i.e. under _runAsUser() """ if "uid" in attrs and "gid" in attrs: os.chown(path, attrs["uid"], attrs["gid"]) if "permissions" in attrs: os.chmod(path, attrs["permissions"]) if "atime" in attrs and "mtime" in attrs: os.utime(path, (attrs["atime"], attrs["mtime"])) def _getAttrs(self, s): return { "size": s.st_size, "uid": s.st_uid, "gid": s.st_gid, "permissions": s.st_mode, "atime": int(s.st_atime), "mtime": int(s.st_mtime), } def _absPath(self, path): home = self.avatar.getHomeDir() return os.path.join(nativeString(home.path), nativeString(path)) def gotVersion(self, otherVersion, extData): return {} def openFile(self, filename, flags, attrs): return UnixSFTPFile(self, self._absPath(filename), flags, attrs) def removeFile(self, filename): filename = self._absPath(filename) return self.avatar._runAsUser(os.remove, filename) def renameFile(self, oldpath, newpath): oldpath = self._absPath(oldpath) newpath = self._absPath(newpath) return self.avatar._runAsUser(os.rename, oldpath, newpath) def makeDirectory(self, path, attrs): path = self._absPath(path) return self.avatar._runAsUser( [(os.mkdir, (path,)), (self._setAttrs, (path, attrs))] ) def removeDirectory(self, path): path = self._absPath(path) self.avatar._runAsUser(os.rmdir, path) def openDirectory(self, path): return UnixSFTPDirectory(self, self._absPath(path)) def getAttrs(self, path, followLinks): path = self._absPath(path) if followLinks: s = self.avatar._runAsUser(os.stat, path) else: s = self.avatar._runAsUser(os.lstat, path) return self._getAttrs(s) def setAttrs(self, path, attrs): path = self._absPath(path) self.avatar._runAsUser(self._setAttrs, path, attrs) def readLink(self, path): path = self._absPath(path) return self.avatar._runAsUser(os.readlink, path) def makeLink(self, linkPath, targetPath): linkPath = self._absPath(linkPath) targetPath = self._absPath(targetPath) return self.avatar._runAsUser(os.symlink, targetPath, linkPath) def realPath(self, path): return os.path.realpath(self._absPath(path)) def extendedRequest(self, extName, extData): raise NotImplementedError @implementer(ISFTPFile) class UnixSFTPFile: def __init__(self, server, filename, flags, attrs): self.server = server openFlags = 0 if flags & FXF_READ == FXF_READ and flags & FXF_WRITE == 0: openFlags = os.O_RDONLY if flags & FXF_WRITE == FXF_WRITE and flags & FXF_READ == 0: openFlags = os.O_WRONLY if flags & FXF_WRITE == FXF_WRITE and flags & FXF_READ == FXF_READ: openFlags = os.O_RDWR if flags & FXF_APPEND == FXF_APPEND: openFlags \|= os.O_APPEND if flags & FXF_CREAT == FXF_CREAT: openFlags \|= os.O_CREAT if flags & FXF_TRUNC == FXF_TRUNC: openFlags \|= os.O_TRUNC if flags & FXF_EXCL == FXF_EXCL: openFlags \|= os.O_EXCL if "permissions" in attrs: mode = attrs["permissions"] del attrs["permissions"] else: mode = 0o777 fd = server.avatar._runAsUser(os.open, filename, openFlags, mode) if attrs: server.avatar._runAsUser(server._setAttrs, filename, attrs) self.fd = fd def close(self): return self.server.avatar._runAsUser(os.close, self.fd) def readChunk(self, offset, length): return self.server.avatar._runAsUser( [(os.lseek, (self.fd, offset, 0)), (os.read, (self.fd, length))] ) def writeChunk(self, offset, data): return self.server.avatar._runAsUser( [(os.lseek, (self.fd, offset, 0)), (os.write, (self.fd, data))] ) def getAttrs(self): s = self.server.avatar._runAsUser(os.fstat, self.fd) return self.server._getAttrs(s) def setAttrs(self, attrs): raise NotImplementedError class UnixSFTPDirectory: def __init__(self, server, directory): self.server = server self.files = server.avatar._runAsUser(os.listdir, directory) self.dir = directory def __iter__(self): return self def __next__(self): try: f = self.files.pop(0) except IndexError: raise StopIteration else: s = self.server.avatar._runAsUser(os.lstat, os.path.join(self.dir, f)) longname = lsLine(f, s) attrs = self.server._getAttrs(s) return (f, longname, attrs) next = __next__ def close(self): self.files = [] components.registerAdapter( SFTPServerForUnixConchUser, UnixConchUser, filetransfer.ISFTPServer ) components.registerAdapter(SSHSessionForUnixConchUser, UnixConchUser, session.ISession) ��stdio.py��0000644��00000005325�15027667726�0006267 0��ustar�00��# -- test-case-name: twisted.conch.test.test_manhole -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Asynchronous local terminal input handling @author: Jp Calderone """ import os import sys import termios import tty from twisted.conch.insults.insults import ServerProtocol from twisted.conch.manhole import ColoredManhole from twisted.internet import defer, protocol, reactor, stdio from twisted.python import failure, log, reflect class UnexpectedOutputError(Exception): pass class TerminalProcessProtocol(protocol.ProcessProtocol): def __init__(self, proto): self.proto = proto self.onConnection = defer.Deferred() def connectionMade(self): self.proto.makeConnection(self) self.onConnection.callback(None) self.onConnection = None def write(self, data): """ Write to the terminal. @param data: Data to write. @type data: L{bytes} """ self.transport.write(data) def outReceived(self, data): """ Receive data from the terminal. @param data: Data received. @type data: L{bytes} """ self.proto.dataReceived(data) def errReceived(self, data): """ Report an error. @param data: Data to include in L{Failure}. @type data: L{bytes} """ self.transport.loseConnection() if self.proto is not None: self.proto.connectionLost(failure.Failure(UnexpectedOutputError(data))) self.proto = None def childConnectionLost(self, childFD): if self.proto is not None: self.proto.childConnectionLost(childFD) def processEnded(self, reason): if self.proto is not None: self.proto.connectionLost(reason) self.proto = None class ConsoleManhole(ColoredManhole): """ A manhole protocol specifically for use with L{stdio.StandardIO}. """ def connectionLost(self, reason): """ When the connection is lost, there is nothing more to do. Stop the reactor so that the process can exit. """ reactor.stop() def runWithProtocol(klass): fd = sys.__stdin__.fileno() oldSettings = termios.tcgetattr(fd) tty.setraw(fd) try: stdio.StandardIO(ServerProtocol(klass)) reactor.run() finally: termios.tcsetattr(fd, termios.TCSANOW, oldSettings) os.write(fd, b"\r\x1bc\r") def main(argv=None): log.startLogging(open("child.log", "w")) if argv is None: argv = sys.argv[1:] if argv: klass = reflect.namedClass(argv[0]) else: klass = ConsoleManhole runWithProtocol(klass) if __name__ == "__main__": main() ��avatar.py��0000644��00000003151�15027667726�0006416 0��ustar�00��# -- test-case-name: twisted.conch.test.test_conch -- from zope.interface import implementer from twisted.conch.error import ConchError from twisted.conch.interfaces import IConchUser from twisted.conch.ssh.connection import OPEN_UNKNOWN_CHANNEL_TYPE from twisted.logger import Logger from twisted.python.compat import nativeString @implementer(IConchUser) class ConchUser: _log = Logger() def __init__(self): self.channelLookup = {} self.subsystemLookup = {} @property def conn(self): return self._conn @conn.setter def conn(self, value): self._conn = value def lookupChannel(self, channelType, windowSize, maxPacket, data): klass = self.channelLookup.get(channelType, None) if not klass: raise ConchError(OPEN_UNKNOWN_CHANNEL_TYPE, "unknown channel") else: return klass( remoteWindow=windowSize, remoteMaxPacket=maxPacket, data=data, avatar=self, ) def lookupSubsystem(self, subsystem, data): self._log.debug( "Subsystem lookup: {subsystem!r}", subsystem=self.subsystemLookup ) klass = self.subsystemLookup.get(subsystem, None) if not klass: return False return klass(data, avatar=self) def gotGlobalRequest(self, requestType, data): # XXX should this use method dispatch? requestType = nativeString(requestType.replace(b"-", b"_")) f = getattr(self, "global_%s" % requestType, None) if not f: return 0 return f(data) ��ls.py��0000644��00000005205�15027667726�0005560 0��ustar�00��# -- test-case-name: twisted.conch.test.test_cftp -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. import array import stat from time import localtime, strftime, time # Locale-independent month names to use instead of strftime's _MONTH_NAMES = dict( list( zip( list(range(1, 13)), "Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec".split(), ) ) ) def lsLine(name, s): """ Build an 'ls' line for a file ('file' in its generic sense, it can be of any type). """ mode = s.st_mode perms = array.array("B", b"-" * 10) ft = stat.S_IFMT(mode) if stat.S_ISDIR(ft): perms[0] = ord("d") elif stat.S_ISCHR(ft): perms[0] = ord("c") elif stat.S_ISBLK(ft): perms[0] = ord("b") elif stat.S_ISREG(ft): perms[0] = ord("-") elif stat.S_ISFIFO(ft): perms[0] = ord("f") elif stat.S_ISLNK(ft): perms[0] = ord("l") elif stat.S_ISSOCK(ft): perms[0] = ord("s") else: perms[0] = ord("!") # User if mode & stat.S_IRUSR: perms[1] = ord("r") if mode & stat.S_IWUSR: perms[2] = ord("w") if mode & stat.S_IXUSR: perms[3] = ord("x") # Group if mode & stat.S_IRGRP: perms[4] = ord("r") if mode & stat.S_IWGRP: perms[5] = ord("w") if mode & stat.S_IXGRP: perms[6] = ord("x") # Other if mode & stat.S_IROTH: perms[7] = ord("r") if mode & stat.S_IWOTH: perms[8] = ord("w") if mode & stat.S_IXOTH: perms[9] = ord("x") # Suid/sgid if mode & stat.S_ISUID: if perms[3] == ord("x"): perms[3] = ord("s") else: perms[3] = ord("S") if mode & stat.S_ISGID: if perms[6] == ord("x"): perms[6] = ord("s") else: perms[6] = ord("S") if isinstance(name, bytes): name = name.decode("utf-8") lsPerms = perms.tobytes() lsPerms = lsPerms.decode("utf-8") lsresult = [ lsPerms, str(s.st_nlink).rjust(5), " ", str(s.st_uid).ljust(9), str(s.st_gid).ljust(9), str(s.st_size).rjust(8), " ", ] # Need to specify the month manually, as strftime depends on locale ttup = localtime(s.st_mtime) sixmonths = 60 * 60 * 24 * 7 * 26 if s.st_mtime + sixmonths < time(): # Last edited more than 6mo ago strtime = strftime("%%s %d %Y ", ttup) else: strtime = strftime("%%s %d %H:%M ", ttup) lsresult.append(strtime % (_MONTH_NAMES[ttup[1]],)) lsresult.append(name) return "".join(lsresult) __all__ = ["lsLine"] ��manhole_ssh.py��0000644��00000010513�15027667726�0007440 0��ustar�00��# -- test-case-name: twisted.conch.test.test_manhole -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ insults/SSH integration support. @author: Jp Calderone """ from typing import Dict from zope.interface import implementer from twisted.conch import avatar, error as econch, interfaces as iconch from twisted.conch.insults import insults from twisted.conch.ssh import factory, session from twisted.python import components class _Glue: """ A feeble class for making one attribute look like another. This should be replaced with a real class at some point, probably. Try not to write new code that uses it. """ def __init__(self, *kw): self.__dict__.update(kw) def __getattr__(self, name): raise AttributeError(self.name, "has no attribute", name) class TerminalSessionTransport: def __init__(self, proto, chainedProtocol, avatar, width, height): self.proto = proto self.avatar = avatar self.chainedProtocol = chainedProtocol protoSession = self.proto.session self.proto.makeConnection( _Glue( write=self.chainedProtocol.dataReceived, loseConnection=lambda: avatar.conn.sendClose(protoSession), name="SSH Proto Transport", ) ) def loseConnection(): self.proto.loseConnection() self.chainedProtocol.makeConnection( _Glue( write=self.proto.write, loseConnection=loseConnection, name="Chained Proto Transport", ) ) # XXX TODO # chainedProtocol is supposed to be an ITerminalTransport, # maybe. That means perhaps its terminalProtocol attribute is # an ITerminalProtocol, it could be. So calling terminalSize # on that should do the right thing But it'd be nice to clean # this bit up. self.chainedProtocol.terminalProtocol.terminalSize(width, height) @implementer(iconch.ISession) class TerminalSession(components.Adapter): transportFactory = TerminalSessionTransport chainedProtocolFactory = insults.ServerProtocol def getPty(self, term, windowSize, attrs): self.height, self.width = windowSize[:2] def openShell(self, proto): self.transportFactory( proto, self.chainedProtocolFactory(), iconch.IConchUser(self.original), self.width, self.height, ) def execCommand(self, proto, cmd): raise econch.ConchError("Cannot execute commands") def windowChanged(self, newWindowSize): # ISession.windowChanged raise NotImplementedError("Unimplemented: TerminalSession.windowChanged") def eofReceived(self): # ISession.eofReceived raise NotImplementedError("Unimplemented: TerminalSession.eofReceived") def closed(self): # ISession.closed pass class TerminalUser(avatar.ConchUser, components.Adapter): def __init__(self, original, avatarId): components.Adapter.__init__(self, original) avatar.ConchUser.__init__(self) self.channelLookup[b"session"] = session.SSHSession class TerminalRealm: userFactory = TerminalUser sessionFactory = TerminalSession transportFactory = TerminalSessionTransport chainedProtocolFactory = insults.ServerProtocol def _getAvatar(self, avatarId): comp = components.Componentized() user = self.userFactory(comp, avatarId) sess = self.sessionFactory(comp) sess.transportFactory = self.transportFactory sess.chainedProtocolFactory = self.chainedProtocolFactory comp.setComponent(iconch.IConchUser, user) comp.setComponent(iconch.ISession, sess) return user def __init__(self, transportFactory=None): if transportFactory is not None: self.transportFactory = transportFactory def requestAvatar(self, avatarId, mind, interfaces): for i in interfaces: if i is iconch.IConchUser: return (iconch.IConchUser, self._getAvatar(avatarId), lambda: None) raise NotImplementedError() class ConchFactory(factory.SSHFactory): publicKeys: Dict[bytes, bytes] = {} privateKeys: Dict[bytes, bytes] = {} def __init__(self, portal): self.portal = portal ��__init__.py��0000644��00000000306�15027667726�0006676 0��ustar�00��# -- test-case-name: twisted.conch.test -- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Twisted Conch: The Twisted Shell. Terminal emulation, SSHv2 and telnet. """ ��

| ver. 1.4 | Github | . | PHP 8.2.28 | Generation time: 0.09 | proxy | phpinfo | Settings