%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib64/python2.7/site-packages/zmq/auth/
Upload File :
Create Path :
Current File : //lib64/python2.7/site-packages/zmq/auth/base.pyc

�
+�{Wc@s�dZddlZddlZddlmZddlmZmZmZm	Z	ddl
mZddlm
Z
dZd	Zd
efd��YZd
dgZdS(
s*Base implementation of 0MQ authentication.i����N(tz85(tbytestunicodetbtu(t_check_versioni(tload_certificatest*s1.0t
AuthenticatorcBs�eZdZdddd�Zd�Zd�Zd�Zd�Zddd�Z	ddd	�Z
ddd
�Zd�Zd�Z
d
�Zd�Zdd�ZRS(s�Implementation of ZAP authentication for zmq connections.

    Note:
    
    - libzmq provides four levels of security: default NULL (which the Authenticator does
      not see), and authenticated NULL, PLAIN, CURVE, and GSSAPI, which the Authenticator can see.
    - until you add policies, all incoming NULL connections are allowed.
      (classic ZeroMQ behavior), and all PLAIN and CURVE connections are denied.
    - GSSAPI requires no configuration.
    sutf-8cCs�tdd�|ptjj�|_||_t|_d|_	t
�|_t
�|_i|_
i|_|p|tjd�|_dS(Niitsecurityszmq.auth(ii(RtzmqtContexttinstancetcontexttencodingtFalset	allow_anytNonet
zap_sockettsett	whitelistt	blacklistt	passwordstcertstloggingt	getLoggertlog(tselfR
RR((s3/usr/lib64/python2.7/site-packages/zmq/auth/base.pyt__init__s
					cCsH|jjtj�|_d|j_|jjd�|jjd�dS(sCreate and bind the ZAP socketisinproc://zeromq.zap.01tStartingN(	R
tsocketR
tREPRtlingertbindRtdebug(R((s3/usr/lib64/python2.7/site-packages/zmq/auth/base.pytstart/scCs&|jr|jj�nd|_dS(sClose the ZAP socketN(RtcloseR(R((s3/usr/lib64/python2.7/site-packages/zmq/auth/base.pytstop6s	cGsH|jrtd��n|jjddj|��|jj|�dS(saAllow (whitelist) IP address(es).
        
        Connections from addresses not in the whitelist will be rejected.
        
        - For NULL, all clients from this address will be accepted.
        - For real auth setups, they will be allowed to continue with authentication.
        
        whitelist is mutually exclusive with blacklist.
        s-Only use a whitelist or a blacklist, not bothsAllowing %st,N(Rt
ValueErrorRR"tjoinRtupdate(Rt	addresses((s3/usr/lib64/python2.7/site-packages/zmq/auth/base.pytallow<s
	cGsH|jrtd��n|jjddj|��|jj|�dS(s�Deny (blacklist) IP address(es).
        
        Addresses not in the blacklist will be allowed to continue with authentication.
        
        Blacklist is mutually exclusive with whitelist.
        s-Only use a whitelist or a blacklist, not boths
Denying %sR&N(RR'RR"R(RR)(RR*((s3/usr/lib64/python2.7/site-packages/zmq/auth/base.pytdenyKs	RcCs-|r||j|<n|jjd|�dS(s�Configure PLAIN authentication for a given domain.
        
        PLAIN authentication uses a plain-text password file.
        To cover all domains, use "*".
        You can modify the password file at any time; it is reloaded automatically.
        sConfigure plain: %sN(RRR"(RtdomainR((s3/usr/lib64/python2.7/site-packages/zmq/auth/base.pytconfigure_plainWscCs~|jjd||�|tkr.t|_nLt|_yt|�|j|<Wn)tk
ry}|jj	d||�nXdS(s�Configure CURVE authentication for a given domain.
        
        CURVE authentication uses a directory that holds all public client certificates,
        i.e. their public keys.
        
        To cover all domains, use "*".
        
        You can add and remove certificates in that directory at any time.
        
        To allow all client keys without checking, specify CURVE_ALLOW_ANY for the location.
        sConfigure curve: %s[%s]s&Failed to load CURVE certs from %s: %sN(
RR"tCURVE_ALLOW_ANYtTrueRRRRt	Exceptionterror(RR-tlocationte((s3/usr/lib64/python2.7/site-packages/zmq/auth/base.pytconfigure_curvebs	cCsdS(s�Configure GSSAPI authentication
        
        Currently this is a no-op because there is nothing to configure with GSSAPI.
        N((RR-R3((s3/usr/lib64/python2.7/site-packages/zmq/auth/base.pytconfigure_gssapizscCs�t|�dkre|jjd|�t|�dkrJ|jjd�n|j|ddd�dS|d \}}}}}}|d}t||jd	�}t||jd	�}|tkr�|jjd
|�|j|dd�dS|jjd||||||�t}	t}
d
}|j	ru||j	krSt
}	|jjd|�q�t
}
d}|jjd|�nV|jr�||jkr�t
}
d}|jjd|�q�t
}	|jjd|�ntd�}|
s�|dkr	|	r	|jjd�t
}	q�|dkr�t|�dkrQ|jjd|�|j|dd�dSg|D]}
t|
|jd	�^qX\}}|j|||�\}	}q�|dkr
t|�dkr�|jjd|�|j|dd�dS|d}|j
||�\}	}q�|dkr�t|�dkrR|jjd|�|j|dd�dSt|dd	�}|j||�\}	}q�n|	r�|j|dd |�n|j|d|�dS(!sPerform ZAP authenticationis*Invalid ZAP message, not enough frames: %risNot enough information to replyit400sNot enough framesNtreplacesInvalid ZAP version: %rsInvalid versionsQversion: %r, request_id: %r, domain: %r, address: %r, identity: %r, mechanism: %rs	NO ACCESSsPASSED (whitelist) address=%ssAddress not in whitelists$DENIED (not in whitelist) address=%ssAddress is blacklistedsDENIED (blacklist) address=%ss$PASSED (not in blacklist) address=%stusertNULLsALLOWED (NULL)tPLAINsInvalid PLAIN credentials: %rsInvalid credentialstCURVEsInvalid CURVE credentials: %ritGSSAPIsInvalid GSSAPI credentials: %rt200tOK(tlenRR2t_send_zap_replyRRtVERSIONR"RRR0Rt_authenticate_plaint_authenticate_curvet_authenticate_gssapi(Rtmsgtversiont
request_idR-taddresstidentityt	mechanismtcredentialstallowedtdeniedtreasontusernametctpasswordtkeyt	principal((s3/usr/lib64/python2.7/site-packages/zmq/auth/base.pythandle_zap_message�s~
	
			.
cCs�t}d}|jr�|s$d}n||jkrx||j|kro||j||krft}qud}q~d}nd}|r�|jjd|||�q�|jjd|�nd}|jjd	|�||fS(
sPLAIN ZAP authenticationtRsInvalid passwordsInvalid usernamesInvalid domains1ALLOWED (PLAIN) domain=%s username=%s password=%ss	DENIED %ssNo passwords definedsDENIED (PLAIN) %s(RRR0RR"(RR-RPRRRMRO((s3/usr/lib64/python2.7/site-packages/zmq/auth/base.pyRC�s&					cCs�t}d}|jr4t}d}|jjd�n�|sCd}n||jkr�tj|�}|j|j|�r�t}d}nd}|r�dnd}|jjd|||�nd	}||fS(
sCURVE ZAP authenticationRVR?s ALLOWED (CURVE allow any client)RsUnknown keytALLOWEDtDENIEDs"%s (CURVE) domain=%s client_key=%ssUnknown domain(	RRR0RR"RRtencodetget(RR-t
client_keyRMROtz85_client_keytstatus((s3/usr/lib64/python2.7/site-packages/zmq/auth/base.pyRD�s&			cCs |jjd||�tdfS(sPNothing to do for GSSAPI, which has already been handled by an external service.s'ALLOWED (GSSAPI) domain=%s principal=%sR?(RR"R0(RR-RT((s3/usr/lib64/python2.7/site-packages/zmq/auth/base.pyREsR9cCs�|dkr|nd}t|t�r?|j|jd�}nd}|jjd||�t|||||g}|jj|�dS(s.Send a ZAP reply to finish the authentication.R>RVR8sZAP reply code=%s text=%sN(	t
isinstanceRRYRRR"RBRtsend_multipart(RRHtstatus_codetstatus_texttuser_idtmetadatatreply((s3/usr/lib64/python2.7/site-packages/zmq/auth/base.pyRA!sN(t__name__t
__module__t__doc__RRR#R%R+R,R.R5R6RURCRDRERA(((s3/usr/lib64/python2.7/site-packages/zmq/auth/base.pyRs
					[	!		R/(RgRR
t	zmq.utilsRtzmq.utils.strtypesRRRRt	zmq.errorRRRR/RBtobjectRt__all__(((s3/usr/lib64/python2.7/site-packages/zmq/auth/base.pyt<module>s"�

Zerion Mini Shell 1.0