o NDi)@sRddlZddlZzddlZdZWn eydZYnwz ddlmZdZWn ey1dZYnwzddlmZWn eyEdZYnwee Z dZ Gddde Z Gdd d e ZGd d d e ZGd d d e ZGddde ZGdddeZeZGddde ZGdddeZGdddeZGdddeZGdddeZdS)NTF) SASLClient ProxyExecutec@seZdZdZddZdS) AuthProviderz An abstract class that defines the interface that will be used for creating :class:`~.Authenticator` instances when opening new connections to Cassandra. .. versionadded:: 2.0.0 cCt)z Implementations of this class should return a new instance of :class:`~.Authenticator` or one of its subclasses. NotImplementedErrorselfhostr G/var/www/Datamplify/venv/lib/python3.10/site-packages/cassandra/auth.pynew_authenticator2szAuthProvider.new_authenticatorN)__name__ __module__ __qualname____doc__r r r r r r)s rc@s.eZdZdZdZ ddZddZddZdS) Authenticatora8 An abstract class that handles SASL authentication with Cassandra servers. Each time a new connection is created and the server requires authentication, a new instance of this class will be created by the corresponding :class:`~.AuthProvider` to handler that authentication. The lifecycle of the new :class:`~.Authenticator` will the be: 1) The :meth:`~.initial_response()` method will be called. The return value will be sent to the server to initiate the handshake. 2) The server will respond to each client response by either issuing a challenge or indicating that the authentication is complete (successful or not). If a new challenge is issued, :meth:`~.evaluate_challenge()` will be called to produce a response that will be sent to the server. This challenge/response negotiation will continue until the server responds that authentication is successful (or an :exc:`~.AuthenticationFailed` is raised). 3) When the server indicates that authentication is successful, :meth:`~.on_authentication_success` will be called a token string that that the server may optionally have sent. The exact nature of the negotiation between the client and server is specific to the authentication mechanism configured server-side. .. versionadded:: 2.0.0 NcCdS)z Returns an message to send to the server to initiate the SASL handshake. :const:`None` may be returned to send an empty message. Nr r r r r initial_response[szAuthenticator.initial_responsecCr)z Called when the server sends a challenge message. Generally, this method should return :const:`None` when authentication is complete from a client perspective. Otherwise, a string should be returned. rr challenger r r evaluate_challengebsz Authenticator.evaluate_challengecCr)z Called when the server indicates that authentication was successful. Depending on the authentication mechanism, `token` may be :const:`None` or a string. Nr )r tokenr r r on_authentication_successjsz'Authenticator.on_authentication_success)rrrrserver_authenticator_classrrrr r r r r:s rc@ eZdZdZddZddZdS)PlainTextAuthProvidera An :class:`~.AuthProvider` that works with Cassandra's PasswordAuthenticator. Example usage:: from cassandra.cluster import Cluster from cassandra.auth import PlainTextAuthProvider auth_provider = PlainTextAuthProvider( username='cassandra', password='cassandra') cluster = Cluster(auth_provider=auth_provider) .. versionadded:: 2.0.0 cC||_||_dSNusernamepasswordr r!r"r r r __init__ zPlainTextAuthProvider.__init__cCst|j|jSr)PlainTextAuthenticatorr!r"rr r r r sz'PlainTextAuthProvider.new_authenticatorNrrrrr$r r r r r rss rc@r)%TransitionalModePlainTextAuthProvidera@ An :class:`~.AuthProvider` that works with DSE TransitionalModePlainTextAuthenticator. Example usage:: from cassandra.cluster import Cluster from cassandra.auth import TransitionalModePlainTextAuthProvider auth_provider = TransitionalModePlainTextAuthProvider() cluster = Cluster(auth_provider=auth_provider) .. warning:: TransitionalModePlainTextAuthProvider will be removed in cassandra-driver 4.0. The transitional mode will be handled internally without the need of any auth provider. cCstddS)NzTransitionalModePlainTextAuthProvider will be removed in cassandra-driver 4.0. The transitional mode will be handled internally without the need of any auth provider.)logwarningrr r r r$sz.TransitionalModePlainTextAuthProvider.__init__cCstSr)&TransitionalModePlainTextAuthenticatorrr r r r sz7TransitionalModePlainTextAuthProvider.new_authenticatorNr'r r r r r(s r(c@r)SaslAuthProvidera An :class:`~.AuthProvider` supporting general SASL auth mechanisms Suitable for GSSAPI or other SASL mechanisms Example usage:: from cassandra.cluster import Cluster from cassandra.auth import SaslAuthProvider sasl_kwargs = {'service': 'something', 'mechanism': 'GSSAPI', 'qops': 'auth'.split(',')} auth_provider = SaslAuthProvider(**sasl_kwargs) cluster = Cluster(auth_provider=auth_provider) .. versionadded:: 2.1.4 cKs*tdurtdd|vrtd||_dS)N+The puresasl library has not been installedr zTkwargs should not contain 'host' since it is passed dynamically to new_authenticator)r ImportError ValueError sasl_kwargs)r r0r r r r$s  zSaslAuthProvider.__init__cCst|fi|jSr)SaslAuthenticatorr0rr r r r sz"SaslAuthProvider.new_authenticatorNr'r r r r r,s r,c@s*eZdZdZd ddZddZddZd S) r1z A pass-through :class:`~.Authenticator` using the third party package 'pure-sasl' for authentication .. versionadded:: 2.1.4 GSSAPIcKs*tdurtdt|||fi||_dS)Nr-)rr.sasl)r r service mechanismr0r r r r$szSaslAuthenticator.__init__cCs |jSrr3processrr r r rs z"SaslAuthenticator.initial_responsecCs |j|Srr6rr r r rs z$SaslAuthenticator.evaluate_challengeN)r2)rrrrr$rrr r r r r1s   r1c@s"eZdZdZd ddZddZd S) DSEGSSAPIAuthProviderz Auth provider for GSS API authentication. Works with legacy `KerberosAuthenticator` or `DseAuthenticator` if `kerberos` scheme is enabled. dseauthTcKs4tstdts td||_||_||_||_dS)a :param service: name of the service :param qops: iterable of "Quality of Protection" allowed; see ``puresasl.QOP`` :param resolve_host_name: boolean flag indicating whether the authenticator should reverse-lookup an FQDN when creating a new authenticator. Default is ``True``, which will resolve, or return the numeric address if there is no PTR record. Setting ``False`` creates the authenticator with the numeric address known by Cassandra :param properties: additional keyword properties to pass for the ``puresasl.mechanisms.GSSAPIMechanism`` class. Presently, 'principal' (user) is the only one referenced in the ``pure-sasl`` implementation r-z+The kerberos library has not been installedN)_have_puresaslr._have_kerberosr4qopsresolve_host_name properties)r r4r>r?r@r r r r$s  zDSEGSSAPIAuthProvider.__init__cCs.|jr t|dfdd}t||j|j|jS)Nr)r?socket getnameinfoGSSAPIAuthenticatorr4r>r@rr r r r sz'DSEGSSAPIAuthProvider.new_authenticatorN)r9r:Tr'r r r r r8s  r8c@s$eZdZddZddZddZdS)BaseDSEAuthenticatorcCtd)Nzget_mechanism not implementedrrr r r get_mechanismz"BaseDSEAuthenticator.get_mechanismcCrE)Nz%get_initial_challenge not implementedrrr r r get_initial_challengerGz*BaseDSEAuthenticator.get_initial_challengecCs |jdkr |S||S)Nz0com.datastax.bdp.cassandra.auth.DseAuthenticator)rrFrrHrr r r rs z%BaseDSEAuthenticator.initial_responseN)rrrrFrHrr r r r rDs rDc@,eZdZddZddZddZddZd S) r&cCrrr r#r r r r$ r%zPlainTextAuthenticator.__init__cCr)NsPLAINr rr r r rFz$PlainTextAuthenticator.get_mechanismcCr)N PLAIN-STARTr rr r r rHrJz,PlainTextAuthenticator.get_initial_challengecCs(|dkrd|j|jf}|Std)NrKz%s%sz6Did not receive a valid challenge response from server)r!r"encode Exception)r rdatar r r rsz)PlainTextAuthenticator.evaluate_challengeNrrrr$rFrHrr r r r r&s  r&cs eZdZdZfddZZS)r+zc Authenticator that accounts for DSE authentication is configured with transitional mode. cstt|dddS)N)superr+r$r __class__r r r$ sz/TransitionalModePlainTextAuthenticator.__init__)rrrrr$ __classcell__r r rRr r+sr+c@rI) rCcCs&|pi}t||dfd|i||_dS)Nr2r>)rr3)r r r4r>r@r r r r$%szGSSAPIAuthenticator.__init__cCr)NsGSSAPIr rr r r rF)rJz!GSSAPIAuthenticator.get_mechanismcCrNs GSSAPI-STARTr rr r r rH,rJz)GSSAPIAuthenticator.get_initial_challengecCs|dkr |jS|j|SrUr6rr r r r/s  z&GSSAPIAuthenticator.evaluate_challengeNrOr r r r rC$s  rC)rAloggingkerberosr=r.puresasl.clientrr< getLoggerrr)_proxy_execute_keyobjectrrrr(r,r1DSEPlainTextAuthProviderr8rDr&r+rCr r r r sB     9