%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python2.7/site-packages/salt/transport/mixins/
Upload File :
Create Path :
Current File : //lib/python2.7/site-packages/salt/transport/mixins/auth.pyc

�
���^c@@s�ddlmZmZmZddlZddlZddlZddlZddlZddl	Z	ddl
Z
ddlZddl
ZddlZddlZddlZddlZddlZddlZddlZddlmZddlmZddlZyddlmZeZWnOek
rse Zyddl!m"Z"Wqtek
roddl#m"Z"qtXnXej$e%�Z&de'fd��YZ(d	e'fd
��YZ)dS(i(tabsolute_importtprint_functiontunicode_literalsN(tCacheCli(tsix(tRSA(t
PKCS1_OAEPtAESPubClientMixincB@s&eZd�Zejjd��ZRS(cC@s�|jjd�r�|jdt�s9tjjd��ntjj|jdd�}tjj	||d|jd��s�tjjd��q�ndS(Nusign_pub_messagesusigu<Message signing is enabled but the payload has no signature.upki_diruminion_master.pubuloadu%Message signature failed to validate.(
toptstgettFalsetsalttcrypttAuthenticationErrortostpathtjointverify_signature(tselftpayloadtmaster_pubkey_path((s>/usr/lib/python2.7/site-packages/salt/transport/mixins/auth.pyt_verify_master_signature,s%cc@s�tjd|�|ddkr�|j|�y!|jjj|d�|d<Wq�tjjk
r�|jj	�V|jjj|d�|d<q�Xnt
jj|��dS(NuDecoding payload: %suencuaesuload(
tlogttraceRtautht	crypticletloadsRRR
tauthenticatettornadotgentReturn(RR((s>/usr/lib/python2.7/site-packages/salt/transport/mixins/auth.pyt_decode_payload6s
!$(t__name__t
__module__RRRt	coroutineR(((s>/usr/lib/python2.7/site-packages/salt/transport/mixins/auth.pyR+s	
tAESReqServerMixincB@sDeZdZd�Zd�Zd�Zd�Zd�Zd�ZRS(u;
    Mixin to house all of the master-side auth crypto
    cC@spdtjjjkrlitjtjtjj	j
tjjj
���d6tjjj
d6tjjjd<ndS(uB
        Pre-fork we need to create the zmq router device
        uaesusecretureloadN(RtmastertSMastertsecretstmultiprocessingtArraytctypestc_chartutilststringutilstto_bytesRt	Crypticletgenerate_key_string(Rt_((s>/usr/lib/python2.7/site-packages/salt/transport/mixins/auth.pytpre_forkKs%cC@s�tjj|j�|_tjj|jtjjj	ddj
�|_tjj
j|j|jddt�|_
tjjj|j�|_|jdr�t|j�|_n$t|_tjjj|j�|_tjj|j�|_dS(Nuaesusecretusock_dirtlistenu	con_cache(RRtSerialRtserialRR.R$R%R&tvalueRR+teventtget_master_eventR
tdaemonst	masterapitAutoKeytauto_keyRt	cache_clitminionst	CkMinionst	ckminionst
MasterKeyst
master_key(RR0t__((s>/usr/lib/python2.7/site-packages/salt/transport/mixins/auth.pyt	post_fork[s/+
	c
C@sBtjj|jdd|�}tjjj�}tjj|j|�}ytjj|�}WnLt	t
tfk
r�|jj
i�Stk
r�tjd�idd6SXi}tjs�tjjj|�}ntr�|j|tj�|d<n"tj|�}	|	j|�|d<|j
|tk	r1|ni�||<|S(uW
        The server equivalent of ReqChannel.crypted_transfer_decode_dictentry
        upki_diruminionsuAES key not founduerrorukey(RRRRRRR.R/tget_rsa_pub_keyt
ValueErrort
IndexErrort	TypeErrorRtdumpstIOErrorRterrorRtPY2R+R,R-tHAS_M2tpublic_encryptRtpkcs1_oaep_paddingRtnewtencryptR
(
Rtrettdictkeyttargettpubfntkeytpcrypttpubtprettcipher((s>/usr/lib/python2.7/site-packages/salt/transport/mixins/auth.pyt_encrypt_privatens0			

	cC@s]tjjjddj|jjkrYtjj|j	tjjjddj�|_t
StS(un
        Check to see if a fresh AES key is available and update the components
        of the worker
        uaesusecret(RR$R%R&R5Rt
key_stringRR.RtTrueR
(R((s>/usr/lib/python2.7/site-packages/salt/transport/mixins/auth.pyt_update_aes�s&/cC@s{|ddkrwy|jj|d�|d<Wqwtjjk
rs|j�sV�n|jj|d�|d<qwXn|S(Nuencuaesuload(RRRRR
R](RR((s>/usr/lib/python2.7/site-packages/salt/transport/mixins/auth.pyR�s!c
C@s�tjjj|j|d�sLtjd|d�idd6itd6d6Stjd|d�|jdd	kr�|jr�|jj	�}n1|j
j�}t|�d
kr�tjd�nt|�|jdks�|d|kr�dj
|jd|d�}tj|�itd
6dd6|dd6|dd6}|jjd�tkr||jj|tjjjdd��nidd6idd6d6Sq�n|jj|d�}|jj|d|jdd��}tjj|jdd|d�}tjj|jdd|d�}tjj|jdd|d�}	tjj|jdd|d�}
|jdrrn�tjj|	�rtjd|d�itd
6|dd6|dd6}|jjd�tkr�|jj|tjjjdd��nidd6itd6d6Stjj|�r5tjjj|d���}|j�j�|dj�kr,tjd|d�tjjj|
d��}|j |d�WdQXitd
6|dd6d d6|dd6}|jjd�tkr|jj|tjjjdd��nidd6itd6d6SWdQXn�tjj|�stjj!|�r�tjd!|d�itd
6|dd6|dd6}|jjd�tkr�|jj|tjjjdd��nidd6itd6d6S|r|	}
tjd"|d�d#}t}n5|sG|}
tjd$|d�d%}t}nd}
|
dk	r3
tjjj|
d��}|j |d�WdQXidd6i|d6d6}i|d
6|d6|dd6|dd6}|jjd�tkr|jj|tjjjdd��n|Sntjj|�r�	|r�yt"j#||	�Wnt$t%fk
r\nXtjd&|d�idd6itd6d6}itd
6d#d6|dd6|dd6}|jjd�tkr�|jj|tjjjdd��n|S|s�tjjj|d���}|j�|dkr�tjd'|d�tjjj|
d��}|j |d�WdQXitd
6|dd6d d6|dd6}|jjd�tkr�|jj|tjjjdd��nidd6itd6d6Stjd(|d|d�itd
6d%d6|dd6|dd6}|jjd�tkr|jj|tjjjdd��nidd6itd6d6SWdQXq3
tjjj|d���}|j�|dkr�	tjd)|d�tjjj|
d��}|j |d�WdQXitd
6|dd6|dd6}|jjd�tkr{	|jj|tjjjdd��nidd6itd6d6Stj&|�WdQXn�tj'd*�itd
6|dd6|dd6}|jjd�tkr
|jj|tjjjdd��nidd6itd6d6Stjd+|d�tjj|�r�
|jdr�
tjjj|d��}|j |d�WdQXn�|jdr�d,}tjj|�r�
tjjj|d��}|j�}WdQXn|drN|d|krNtj(d-�tjjj|d��}|j |d�WdQXq�|ds�tjd.j
|d��idd6itd6d6Snd}|jr�|jj)|dg�nytj*j+|�}WnEt,t-t.fk
r}tjd/||�idd6itd6d6SXt/s-t0j1|�}nidd6|j2j3�d06|jd1d16}|jd2r/
|j2j4�r�tj(d3�tj(|j2j4��|j5i|j2j4�d46�q/
tjj6j7|jd5|j�}tj(d6�tj*j8|j2j9�d7|d0|�}|j5it:j;|�d46�nt/sM
t0j1|j2j<�}n|jd8d9kr:d:|kr�
yet/r�
|j2j<j=|d:t>j?�}n|j@|d:�}d;j
tjAjBjCd<d=jD|�}WqtEk
r�
qXntjAjBjCd<d=jD}t/r$|jF|t>j?�|d<<q|jG|�|d<<n�d:|kr�ykt/r�|j2j<j=|d:t>j?�}|jF|t>j?�|d:<n&|j@|d:�}|jG|�|d:<Wq�tEk
r�q�XntjAjBjCd<d=jD}t/r|jF|t>j?�|d<<n|jG|�|d<<tjjHjItJjK|�jL��}tj*jM|j2j<|�|d><itd
6d?d6|dd6|dd6}|jjd�tkr�|jj|tjjjdd��n|S(@u,
        Authenticate the client, use the sent public key to encrypt the AES key
        which was generated at start up.

        This method fires an event over the master event manager. The event is
        tagged "auth" and returns a dict with information about the auth
        event

        # Verify that the key we are receiving matches the stored key
        # Store the key if it is not there
        # Make an RSA key with the pub key
        # Encrypt the AES key as an encrypted salt.payload
        # Package the return and return it
        uidu)Authentication request from invalid id %suclearuencuretuloaduAuthentication request from %sumax_minionsii�u|With large numbers of minions it is advised to enable the ConCache with 'con_cache: True' in the masters configuration file.uNToo many minions connected (max_minions={0}). Rejecting connection from id {1}uresultufulluactupubuauth_eventstprefixuauthuautosign_grainsupki_diruminionsuminions_preuminions_rejecteduminions_deniedu	open_modeu@Public key rejected for %s. Key is present in rejection key dir.uru|Authentication attempt from %s failed, the public keys did not match. This may be an attempt to compromise the Salt cluster.uw+Nudeniedu New public key %s is a directoryu2New public key for %s rejected via autoreject_fileurejectu'New public key for %s placed in pendingupendu6Pending public key for %s rejected via autoreject_fileu�Authentication attempt from %s failed, the public key in pending did not match. This may be an attempt to compromise the Salt cluster.ufAuthentication failed from host %s, the key is in pending and needs to be accepted with salt-key -a %su�Authentication attempt from %s failed, the public keys in pending did not match. This may be an attempt to compromise the Salt cluster.u&Unaccounted for authentication failureuAuthentication accepted from %suu&Host key change detected in open mode.uPublic key is empty: {0}uCorrupt public key "%s": %supub_keyupublish_portumaster_sign_pubkeyu%Adding pubkey signature to auth-replyupub_sigusigning_key_passu(Signing master public key before sendingiu	auth_modeiutokenu	{0}_|-{1}uaesusecretusiguaccept(NRR+tverifytvalid_idRRtinfoR
R<t
get_cachedR?t
connected_idstlentformatR	R\R6t
fire_eventttagifyR;tcheck_autorejecttcheck_autosigntNoneRRRtisfiletfilestfopentreadtstripRJtwritetisdirtshutiltmoveRItOSErrortremovetwarningtdebugt	put_cacheRRDRERFRGRLRRORAtget_pub_strtpubkey_signaturetupdatetsdbtsdb_gettsign_messagetget_sign_pathstbinasciit
b2a_base64RUtprivate_decryptRRNtdecryptR$R%R&R5t	ExceptionRMRPR,R-thashlibtsha256t	hexdigesttprivate_encrypt(RtloadR=tmsgteloadtauto_rejectt	auto_signRTt
pubfn_pendtpubfn_rejectedtpubfn_deniedtpubfn_handletfp_tkey_pathtkey_actt
key_resultRQtdisk_keyRWterrRYtkey_passtpub_signtmciphertmtokentaestdigest((s>/usr/lib/python2.7/site-packages/salt/transport/mixins/auth.pyt_auth�s�
	



(
%




	
(
"
(

(
		

(	

(
(

(

(


(
!



	



 "
 *

	$
((	R R!t__doc__R1RCRZR]RR�(((s>/usr/lib/python2.7/site-packages/salt/transport/mixins/auth.pyR#Fs			!	
	(*t
__future__RRRR'R)tloggingRR�RrR�t
salt.cryptRtsalt.payloadtsalt.mastertsalt.transport.frametsalt.utils.eventtsalt.utils.filestsalt.utils.minionstsalt.utils.stringutilstsalt.utils.verifytsalt.utils.cacheRtsalt.extRttornado.genRtM2CryptoRR\RLtImportErrorR
tCryptodome.CipherRt
Crypto.Ciphert	getLoggerR RtobjectRR#(((s>/usr/lib/python2.7/site-packages/salt/transport/mixins/auth.pyt<module>s>




Zerion Mini Shell 1.0