hASrSSKrSSKrSSKJrJrJrJrJrJ r J r J r SSK r SSK Jr SSKJr SSKJr SrS r"S S 5rS S /rg) z*Base implementation of 0MQ authentication.N)Any AwaitableDictListOptionalSetTupleUnion)_check_version)z85)load_certificates*s1.0c l\rSrSr%SrS\S'\\S'\\S'\\\ 4\S'S\S '\ \\S '\ \\S '\\\\\44\S '\\\\ \ 44\S '\ \S'S/S\ SS\S\ 4Sjjr S0SjrS0SjrS\SS4SjrS\SS4SjrS1S\S \ \\\4SS4SjjrS2S\S\\\R*4SS4SjjrS1S\S\ SS4SjjrS\ S\4SjrS1S\S\ \SS4SjjrS \\ 4S!jrS\S"\S#\S\\\ 44S$jrS\S%\ S\\\ 44S&jrS\S'\ S\\\ 44S(jrS3S)\ S*\ S+\ S,\SS4 S-jjr S.r!g)4 AuthenticatoraImplementation of ZAP authentication for zmq connections. This authenticator class does not register with an event loop. As a result, you will need to manually call `handle_zap_message`:: auth = zmq.Authenticator() auth.allow("127.0.0.1") auth.start() while True: await auth.handle_zap_msg(auth.zap_socket.recv_multipart()) Alternatively, you can register `auth.zap_socket` with a poller. Since many users will want to run ZAP in a way that does not block the main thread, other authentication classes (such as :mod:`zmq.auth.thread`) are provided. Note: - libzmq provides four levels of security: default NULL (which the Authenticator does not see), and authenticated NULL, PLAIN, CURVE, and GSSAPI, which the Authenticator can see. - until you add policies, all incoming NULL connections are allowed. (classic ZeroMQ behavior), and all PLAIN and CURVE connections are denied. - GSSAPI requires no configuration. z zmq.Contextcontextencoding allow_anycredentials_providersz zmq.Socket zap_socket_allowed_denied passwordscertslogNcJ[SS5 U=(d [RR5UlX lSUl0UlSUl[5Ul [5Ul 0Ul 0Ul U=(d [R"S5Ulg)N)rsecurityFzzmq.auth)r zmqContextinstancerrrrrsetrrrrlogging getLoggerr)selfrrrs `C:\Users\julio\OneDrive\Documentos\Trabajo\Ideas Frescas\venv\Lib\site-packages\zmq/auth/base.py__init__Authenticator.__init__:s} vz*8#++"6"6"8  %'" u  7'++J7returncURR[R[RS9UlSUR lUR RS5 URRS5 g)zCreate and bind the ZAP socket) socket_classr zinproc://zeromq.zap.01StartingN) rsocketr REPSocketrlingerbindrdebugr&s r'startAuthenticator.startPsT,,--cggCJJ-O!" 56 z"r*chUR(aURR5 SUlg)zClose the ZAP socketN)rcloser5s r'stopAuthenticator.stopWs ?? OO ! ! #r* addressescUR(a [S5eURRSSR U55 UR R U5 g)aAllow IP address(es). Connections from addresses not explicitly allowed will be rejected. - For NULL, all clients from this address will be accepted. - For real auth setups, they will be allowed to continue with authentication. allow is mutually exclusive with deny. z Only use allow or deny, not bothz Allowing %s,N)r ValueErrorrr4joinrupdater&r<s r'allowAuthenticator.allow]sD <<?@ @ }chhy&9: Y'r*cUR(a [S5eURRSSR U55 UR R U5 g)zDeny IP address(es). Addresses not explicitly denied will be allowed to continue with authentication. deny is mutually exclusive with allow. z"Only use a allow or deny, not bothz Denying %sr>N)rr?rr4r@rrArBs r'denyAuthenticator.denylsD ==AB B |SXXi%89 I&r*domaincfU(aX RU'URRSU5 g)zConfigure PLAIN authentication for a given domain. PLAIN authentication uses a plain-text password file. To cover all domains, use "*". You can modify the password file at any time; it is reloaded automatically. zConfigure plain: %sNrrr4)r&rHrs r'configure_plainAuthenticator.configure_plainxs& %.NN6 " ,f5r*locationcURRSX5 U[:XaSUlgSUl[ U5UR U'g![ a&nURRSX#5 SnAgSnAff=f)aConfigure CURVE authentication for a given domain. CURVE authentication uses a directory that holds all public client certificates, i.e. their public keys. To cover all domains, use "*". You can add and remove certificates in that directory at any time. configure_curve must be called every time certificates are added or removed, in order to update the Authenticator's state To allow all client keys without checking, specify CURVE_ALLOW_ANY for the location. zConfigure curve: %s[%s]TFz&Failed to load CURVE certs from %s: %sN)rr4CURVE_ALLOW_ANYrrr Exceptionerror)r&rHrMes r'configure_curveAuthenticator.configure_curvesn" 0&C  &!DN"DN V%6x%@ 6" VGUU VsA BA;;Bcredentials_providercnSUlUbX RU'gURRSU5 g)a9Configure CURVE authentication for a given domain. CURVE authentication using a callback function validating the client public key according to a custom mechanism, e.g. checking the key against records in a db. credentials_provider is an object of a class which implements a callback method accepting two parameters (domain and key), e.g.:: class CredentialsProvider(object): def __init__(self): ...e.g. db connection def callback(self, domain, key): valid = ...lookup key and/or domain in db if valid: logging.info('Authorizing: {0}, {1}'.format(domain, key)) return True else: logging.warning('NOT Authorizing: {0}, {1}'.format(domain, key)) return False To cover all domains, use "*". FNz0None credentials_provider provided for domain:%s)rrrrQ)r&rHrUs r'configure_curve_callback&Authenticator.configure_curve_callbacks26  +1E & &v . HHNNMv Vr*client_public_keycL[R"U5RS5$)aReturn the User-Id corresponding to a CURVE client's public key Default implementation uses the z85-encoding of the public key. Override to define a custom mapping of public key : user-id This is only called on successful authentication. Parameters ---------- client_public_key: bytes The client public key used for the given message Returns ------- user_id: unicode The user ID as text ascii)r encodedecode)r&rYs r' curve_user_idAuthenticator.curve_user_ids&zz+,33G<# UH oRTRS5v M" g7f)rhN)r]r).0cr&s r' 3Authenticator.handle_zap_message..$s$&@K1HHT]]I66 s(+sCURVEzInvalid CURVE credentials: %rrsGSSAPIzInvalid GSSAPI credentials: %rutf8200OK)lenrrQ_send_zap_replyr]rVERSIONr4rr_authenticate_plain_authenticate_curver^_authenticate_gssapi)r&rdversion request_idrHaddressidentity mechanism credentialsalloweddeniedreasonusernamepasswordkey principals` r'handle_zap_message Authenticator.handle_zap_messages9 s8a< HHNNG M3x!|@A $$SVV5IJ DGGAVh!"g t}}i8.. : g  HHNN4c :  V5G H   8        ==$--'NrrcSnSnUR(aU(dSnXR;a0X RU;aX0RUU:XaSnOSnOSnOSnU(a!URRSUUU5 XE4$URRS U5 XE4$S nURRS U5 XE4$) zPLAIN ZAP authenticationFr*rTsInvalid passwordsInvalid usernamesInvalid domainz1ALLOWED (PLAIN) domain=%s username=%s password=%sz DENIED %ssNo passwords definedzDENIED (PLAIN) %srJ)r&rHrrr~rs r'ru!Authenticator._authenticate_plainCs >>'~~f55>> (#CC"&!40F*G  {F3 -F HHNN. 7r* client_keyc# SnSnUR(a"SnSnURRS5 X44$UR0:waU(dSnXR;a[R "U5nURUR X5n[U[5(a UIShvN nU(aSnSnOSnU(aS OS nURRS UUU5 X44$S nX44$U(dSnXR;al[R "U5nURURU5(aSnSnOSnU(aS OS nURRS UUU5 X44$S nX44$N7f)zCURVE ZAP authenticationFr*Trqz ALLOWED (CURVE allow any client)rNs Unknown keyALLOWEDDENIEDz0%s (CURVE auth_callback) domain=%s client_key=%ssUnknown domainz"%s (CURVE) domain=%s client_key=%s) rrr4rr r\callback isinstancerrget)r&rHrr~rz85_client_keyrstatuss r'rv!Authenticator._authenticate_curveis >>GF HHNN= >fe ' '2 -333!$J!7..v6??Wa++A"G"F+F&-8F" @3+2-#!$J!7::f%)).99"G"F+F&-88" +Q sB.F0E>1CFrc<URRSX5 g)zPNothing to do for GSSAPI, which has already been handled by an external service.z'ALLOWED (GSSAPI) domain=%s principal=%s)Trq)rr4)r&rHrs r'rw"Authenticator._authenticate_gssapis @&Tr*ry status_code status_textuser_idcUS:XaUOSn[U[5(aURURS5nSnURR SX#5 [ XX4U/nURRU5 g)z.Send a ZAP reply to finish the authentication.rpr*rhzZAP reply code=%s text=%sN) rstrr\rrr4rtrsend_multipart)r&ryrrrmetadatareplys r'rsAuthenticator._send_zap_replysk)F2' gs # #nnT]]I>G 2KM*;R &&u-r*) rrrrrrrrrr)Nzutf-8N)r+N)rN)r.)ri)"__name__ __module__ __qualname____firstlineno____doc____annotations__rboolrrrbytesrr(r6r:rCrFrKr osPathLikerSrWr^rbrrr rurvrwrs__static_attributes__rar*r'rrsm4MOS>)#h XCc3h'(( T%*%% && H,0 8-(88 8,# ( ( ( 's 't 'HL 6 6,4T#s(^,D 6  6FIVV+0bkk1A+BV V8>B W W7: W  WD=u==,<@  +3C=  b=DKb=H$$%($47$ tU{ $L<<',< tU{ <|35U4QV;EW# ... .  .  ..r*rrO)rr$rtypingrrrrrrr r r zmq.errorr zmq.utilsr rrrOrtr__all__rar*r'rsI0  JJJ $$ f.f.R - .r*