mgyB dZddlZddlZddlmZddlZddlZddlmZm Z m Z m Z ddlm Z m Z mZmZmZddlmZddlmZmZdd lmZmZdd lmZdd lmZdd lmZer dd lm Z ddl!m"Z"e e e#gdfZ$dZ%dZ&dZ'dZ(dZ)dZ*dZ+dZ,dZ-dZ.dZ/dZ0dZ1dZ2dZ3de4dee4e4e5ffdZ6dejnde4d e5dee4fd!Z8Gd"d#e Z9Gd$d%eZ:Gd&d'Z;Gd(d)Zdejnd*e e4de4d-e4dee#e#ff d.Z?d*e e4de4d-e4d/e#d0e#ddf d1Z@dejnde4d*e e4de;fd2ZAd3d4dejnd*e e4d/e#d0e#de e<f d5ZBy)6zX11 forwarding supportN)Path) TYPE_CHECKINGCallableDictIterable) NamedTupleOptionalSequenceSetTuple)OPEN_CONNECT_FAILED) SSHForwarderSSHForwarderCoro) SSHListenercreate_tcp_forward_listener)logger)ChannelOpenError)DataType) SSHChannel)SSHServerConnectionisMIT-MAGIC-COOKIE-1z-cg?ip @ localhostdisplayreturnc" |jdd\}}|jdr|jdr|dd}|jd}|dk\rt ||dzd}|d|}nd}|||fS#t t f$r t d dwxYw) zParse an X11 display value:r [].rNzInvalid X11 display)rsplit startswithendswithfindint ValueErrorUnicodeEncodeError)rhostdpynumidxscreens ,lib/python3.12/site-packages/asyncssh/x11.py_parse_displayr3Js :~~c1- f ??3 DMM#$6":Dkk# !8A(FDS\FF   * +:./T9:s A+A22Bloopr.familycK |j|d|tjd{}|Dcgc] }|dd c}S7#tj$rgcYSwxYwcc}ww)z-Look up IPv4 or IPv6 addresses of a host namer)r5typeN) getaddrinfosocket SOCK_STREAMgaierror)r4r.r5addrinfoais r2 _lookup_hostr?^sw))$&/5/A/A*CC ( (xBqE!Hx (( C ??  )sBA'&AAAA'A"A'AAA'AA'cPeZdZUdZeed<eed<eed<eed<eed<defdZy ) SSHXAuthorityEntryzAn entry in an Xauthority filer5addrr/protodatar c dtdtfddtdtffd }dj|j||j||j ||j ||jfS)zConstruct an Xauthority entryvaluer c&|jddS)z.Construct a big-endian 16-bit unsigned integerbig)to_bytes)rFs r2_uint16z-SSHXAuthorityEntry.__bytes__.._uint16ws>>!U+ +rDc,t||zS)z.Construct a binary string with a 16-bit lengthlen)rDrKs r2_stringz-SSHXAuthorityEntry.__bytes__.._string|s3t9%, ,rLrL)r+bytesjoinr5rBr/rCrD)selfrPrKs @r2 __bytes__zSSHXAuthorityEntry.__bytes__tsz ,3 ,5 ,  -% -E - xx-wtyy/A -wtzz/B +-. .rLN)__name__ __module__ __qualname____doc__r+__annotations__rQrTrLr2rArAks*( K K M L K.5.rLrAceZdZdZdddeffd ZdedefdZdedefd Z e d edefd Z e d edefd Z d eddfdZ d eddfdZd eddfdZdd ededdffd ZxZS)SSHX11ClientForwarderz!X11 forwarding connection handlerlistenerSSHX11ClientListenerpeerct||||_d|_d|_|j |_d|_d|_d|_ d|_ d|_ d|_ d|_ d|_y)NrL r)super__init__ _listener_inpbuf _bytes_needed _recv_prefix _recv_handler_endian_prefix_auth_proto_len_auth_data_len _auth_proto_auth_proto_pad _auth_data_auth_data_pad)rSr]r_ __class__s r2rczSSHX11ClientForwarder.__init__sq ! +/+<+<   "!rLrFr cl|jdk(rt|dz |dzfSt|dz|dz fS)z Encode a 16-bit unsigned integerB)rirQrSrFs r2_encode_uint16z$SSHX11ClientForwarder._encode_uint16s@ <<4 %1*eck23 3%#+uz23 3rLcX|jdk(r|ddz|dzS|ddz|dzS)z Decode a 16-bit unsigned integerrsrrtr )rirvs r2_decode_uint16z$SSHX11ClientForwarder._decode_uint16s> <<4 !HMU1X- -!HMU1X- -rLlengthc|dzdzdzS)z8Return length rounded up to the next multiple of 4 bytesr8rZ)rzs r2 _padded_lenz!SSHX11ClientForwarder._padded_lens!!Q&&rLrDc@t|dz}||r d|z dzzSdzS)z%Pad a string to a multiple of 4 bytesr8rLrN)rDrzs r2_padzSSHX11ClientForwarder._pads/TQF f,@@C@@rLNc|dd|_||_|j|dd|_|j|dd|_|j |_|j|j|_y)zParse X11 client prefixNr rrtr) rirjryrkrl_recv_auth_protorhr}rfrSrDs r2rgz"SSHX11ClientForwarder._recv_prefixsqBQx  #224!9="11$q*=!22!--d.B.BCrLc|d|j|_||jd|_|j|_|j |j |_y)zExtract X11 auth protocolN)rkrmrn_recv_auth_datarhr}rlrfrs r2rz&SSHX11ClientForwarder._recv_auth_protosW 5!5!56#D$8$8$9:!11!--d.A.ABrLc |d|j|_||jd|_ |jj |j|_|j |j z|jz|jz|jz|_d|_d|_y#t$rd}djtdt|f|jd|jd|jt|dzdz|j|f} |j||j!n#t"$rYnwxYwd|_YwxYw)zExtract X11 auth dataNsInvalid authentication key rLr r|r8)rlrorprd validate_authrjrmrnreKeyErrorrRrQrOrwrwrite write_eofOSErrorrhrf)rSrDreasonresponses r2rz%SSHX11ClientForwarder._recv_auth_datasS3 3 34"4#6#6#78 1"nn::4??KDO$!LL4+;+;; 00137??C //0DL"- 4Fxx3v;'7!8!%!4!4R!8!%!4!4Q!7!%!4!4c&kAo!5K!L!%6!2 !45H   8$   DL s6*B((BE$)!E  E$ EE$E E$#E$datatypec|jr|xj|z c_|jryt|j|jk\rI|jd|j}|j|jd|_|j|ny|jry|j}d|_|rt|||yy)z(Handle incoming data from the X11 clientNrL)rhrerOrfrb data_received)rSrDrrqs r2rz#SSHX11ClientForwarder.data_receiveds    LLD L$$t||$(:(::<<(;););<> A)> A&A!!A&&A)rcv|j|\}}|r|j|=|j|=|jS)z7Validate client auth and enforce single connection flag)rrr)rSrrrs r2rz"SSHX11ClientListener.validate_authCsA#'-- "<  k*!!$'rLN)rUrVrWrXasyncioAbstractEventLooprrQrcrr r+rrr\rrrZrLr2r^r^sBCW66CcC3C"C/4C(5c55"&5+0s1B+C5 +< +D + 1*? 1    5  rLr^cDeZdZdZdedefdZdddedefd Zddde fd Z y ) SSHX11ServerListenerz/Server listener used to forward X11 connections tcp_listenerrc>||_||_t|_yr) _tcp_listener_displayset _channels)rSrrs r2rczSSHX11ServerListener.__init__Rs) &)erLrrr1r cZ|jj||jd|S)z8Attach a channel to this listener and return its displayr&)raddr)rSrr1s r2rzSSHX11ServerListener.attachWs% 4 --00rLc |jj||js|jj yy#t$rY3wxYw)rTF)rremoverrclose)rSrs r2rzSSHX11ServerListener.detach^sN  NN ! !$ '~~    $ $ &   sA AAN) rUrVrWrXrrrcr+rrrrZrLr2rrOsE9,[,3, 1<111 < D rLr auth_pathc|stjjd}|s#tt ddj }|S)z'Compute the path to the Xauthority file XAUTHORITY~z .Xauthority)renvirongetrr expanduser)rs r2get_xauth_pathrms< JJNN<0 S-0;;=> rLc #|Kdtdtffd dtffd dtffd } t|d5 } t |||||/#t$rYnwxYw#t$r t ddwxYw dddy#1swYyxYw#t $rYywxYww) z&Walk the entries in an Xauthority filenr cRj|}t||k7rt|S)zRead exactly n bytes)readrOEOFError)rrD auth_files r2 _read_byteszwalk_xauth.._read_bytes|s(~~a  t9>N rLc<tjddS)zRead a 16-bit unsigned integerrHrI)r+ from_bytes)rsr2 _read_uint16z walk_xauth.._read_uint16s~~k!ne44rLcS)z Read a stringrZ)rrsr2 _read_stringz walk_xauth.._read_strings<>**rLrbzIncomplete Xauthority entryN)r+rQopenrrAr,r)rrr5rrrs @@@r2 walk_xauthryssu5#5 +%+  )T "i)^FN,V\^-9^\^-9^==  N$%BCMN  # " "    s,B< B-B!A/ %A>.B!/ A;8B!:A;;B!>BB!B- B<!B*&B-)B<*B-- B96B<8B99B<r/cKt|}|jds|dvrtj}|j d}g}g}t |D][}|j r|j |k7r |jtk(rX|s#t||tjd{}tjtj|j}||v}n|jtk(rX|s#t||tjd{}tjtj|j}||v}nJ|jtk(r|j|j dk(}n|jt k(rd}nd}|sD|j"|j$fcSt'j(dt*t-j.t0fS7@7׭w) z1Look up Xauthority data for the specified displayrrrrasciiNidnaTFz3No xauth entry found for display: using random auth)rr(r: gethostnameencoderr/r5XAUTH_FAMILY_IPV4r?AF_INET inet_ntoprBXAUTH_FAMILY_IPV6AF_INET6XAUTH_FAMILY_HOSTNAMEXAUTH_FAMILY_WILDrCrDrdebug1XAUTH_PROTO_COOKIErrXAUTH_COOKIE_LEN) r4rr.r/ ipv4_addrs ipv6_addrsentryrBmatchs r2 lookup_xauthrs y)I st'@@!!# ]]7 #F "J "JI& <||y#t$rYwxYw#t"$r&t%j&t(d{7Y(wxYww)z0Update Xauthority data for the specified displayrrrrNxbz!Unable to acquire Xauthority lock) r(r:rrrrXAUTH_LOCK_SUFFIXtimerstatst_ctimeXAUTH_LOCK_DEADunlinkFileNotFoundErrorrangeXAUTH_LOCK_TRIESrFileExistsErrorrsleepXAUTH_LOCK_DELAYr,rArrrQrr5rBr/rreplace) rr.r/rr new_auth_pathnew_filer new_entryrs r2 update_xauthrs st'@@!!# ;;v D [   (Fy)I 11MH 99;/88 8? J IIm $# $ M40H  % <=="#8$#):yBI NN5#$I& LLI,, , inn0L 0 00 NN5< ('  NNJJ}i(5     2-- 01 1 1 2scA+G9.AF7>G9 GBG94AG97 GG9GG9%G6,G/-G62G95G66G9c|Kt|\}}}t||||d{\}}t|||||S7w)z>Create a listener to accept X11 connections forwarded over SSHN)r3rr^)r4rrr.r/rrrs r2create_x11_client_listenerrsI %W-OD&!".tYf"MMJ dFJ JJNs !<:<connrc xKtttD]l} t|||jt t |zd{}dt |fz} t|t t|||d{t||cSy7D#t$rY}wxYw7%#t$r|jYywxYww)z5Create a listener to forward X11 connections over SSHNz%s:%d) rX11_DISPLAY_STARTX11_MAX_DISPLAYSrcreate_x11_connectionX11_LISTEN_HOSTrrrrr,rr)rr4rrrr/rrs r2create_x11_server_listenerr s)+;< !<dD66!7"99L _f55 y/3v;)96 6 6 $L'::#=& #9     6        spB:'B BB  B:B2B3B7B:B  BB:BB:BB73B:6B77B:)CrXrrpathlibrr:rtypingrrrrrr r r r constantsrforwardrrr]rrloggingrmiscrsessionrchannelr connectionrrQ _RecvHandlerrXAUTH_FAMILY_DECNETrrrrrrrrrrr r r rr+r3rr?rAr\r^rrrrrrrrZrLr2rsa*  ::==*3>"#/%$/0 . $ C E#sC-$8 ( )W66 )c )" )'/} )..6{2L{2|H H V< hsm  & #& (+=">& R*