File: //opt/saltstack/salt/lib/python3.10/site-packages/salt/auth/__pycache__/file.cpython-310.pyc
o
�����N�gv!�����������������������@���sz���d�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�e���e���Z�d�Z d�d���Z
d�d���Z�d�d ��Z�d
d���Z
d�d
��Z�d�d���Z�e�e�e�d���Z�d�d���Z�d�S�)�a����
Provide authentication using local files
.. versionadded:: 2018.3.0
The `file` auth module allows simple authentication via local files. Different
filetypes are supported, including:
1. Text files, with passwords in plaintext or hashed
2. Apache-style htpasswd files
3. Apache-style htdigest files
.. note::
The ``python-passlib`` library is required when using a ``^filetype`` of
``htpasswd`` or ``htdigest``.
The simplest example is a plaintext file with usernames and passwords:
.. code-block:: yaml
external_auth:
file:
^filename: /etc/insecure-user-list.txt
gene:
- .*
dean:
- test.*
In this example the ``/etc/insecure-user-list.txt`` file would be formatted
as so:
.. code-block:: text
dean:goneFishing
gene:OceanMan
``^filename`` is the only required parameter. Any parameter that begins with
a ``^`` is passed directly to the underlying file authentication function
via ``kwargs``, with the leading ``^`` being stripped.
The text file option is configurable to work with legacy formats:
.. code-block:: yaml
external_auth:
file:
^filename: /etc/legacy_users.txt
^filetype: text
^hashtype: md5
^username_field: 2
^password_field: 3
^field_separator: '|'
trey:
- .*
This would authenticate users against a file of the following format:
.. code-block:: text
46|trey|16a0034f90b06bf3c5982ed8ac41aab4
555|mike|b6e02a4d2cb2a6ef0669e79be6fd02e4
2001|page|14fce21db306a43d3b680da1a527847a
8888|jon|c4e94ba906578ccf494d71f45795c6cb
.. note::
The :py:func:`hashutil.digest <salt.modules.hashutil.digest>` execution
function is used for comparing hashed passwords, so any algorithm
supported by that function will work.
There is also support for Apache-style ``htpasswd`` and ``htdigest`` files:
.. code-block:: yaml
external_auth:
file:
^filename: /var/www/html/.htusers
^filetype: htpasswd
cory:
- .*
When using ``htdigest`` the ``^realm`` must be set:
.. code-block:: yaml
external_auth:
file:
^filename: /var/www/html/.htdigest
^filetype: htdigest
^realm: MySecureRealm
cory:
- .*
�����N��filec��������������������C���s����t�S�)�N)���__virtualname__��r����r�����B/opt/saltstack/salt/lib/python3.10/site-packages/salt/auth/file.py��__virtual__m���s������r����c��������������������C���s����d�d�d�d�d�d���}�t�d���t���D�]�}�|���d���r#t�d���t���|���|�|�d�d ����<�q�d
|�v�r/t���d�����d�S�t�j���|�d
����sAt���d
|�d
������d�S�t�|�d�����|�d�<�t�|�d�����|�d�<�|�S�)�zL
Setup defaults and check configuration variables for auth backends
��text� plaintext��:����������)���filetype��hashtype��field_separator��username_field��password_fieldZ
external_auth��^N��filenamezYsalt.auth.file: An authentication file must be specified via external_auth:file:^filenameFz`salt.auth.file: The configured external_auth:file:^filename (%s)does not exist on the filesystemr����r����) Z�__opts__r�����
startswith��log��error��os��path��exists��int)���config��optr����r����r������_get_file_auth_configq���s0�����������������
���������������������������������r����c������������
���
���K���s`���|�d���}�|�d���}�|�d���}�|�d���d���}�|�d���d���}�t�j�j���|�d�����}�|�����D�]x} | ������|���}
z�|
|���}�W�n���t�yL������t�� d�|�|�����Y���W�d ��������d
S�w�z�|
|���}�W�n���t�yk������t�� d�|�|�����Y���W�d ��������d
S�w�|�|�k�r�|�d�k�r�|�|�k�r���W�d ��������d
S�n�|�t
d���|�|���k�r���W�d ��������d
S���W�d ��������d
S�q%W�d ��������d
S�1�s�w�������Y���d
S�)�z�
The text file function can authenticate plaintext and digest methods
that are available in the :py:func:`hashutil.digest <salt.modules.hashutil.digest>`
function.
r����r
���r����r����r
���r������rz=salt.auth.file: username field (%s) does not exist in file %sNFz=salt.auth.file: password field (%s) does not exist in file %sr����Tz�hashutil.digest)���salt��utils��filesZ�fopen� readlines��strip��split�
IndexErrorr����r����Z�__salt__)
��username��password��kwargsr����r
���r����r����r������pwfile��line��fieldsZ
this_usernameZ
this_passwordr����r����r������_text����s^����������������������������������������������������������������������������������!������
��"���"r+���c��������������������K���sH���d�d�l�m�}���|�|�d�����}�t�j�j���|�d���d���d�k�r�|���|�|���S�|���|�|���S�)�z@
Provide authentication via Apache-style htpasswd files
r����)���HtpasswdFiler������passlib_version��1.6)���passlib.apacher,���r����r������versions��version_cmp��verify��check_password)�r%���r&���r'���r,���r(���r����r����r����� _htpasswd����s
�������������r4���c��������������������K���sj���|���d�d���}�|�s�t���d�����d�S�d�d�l�m�}���|�|�d�����}�t�j�j���|�d���d ��d�k�r.|�� |�|�|���S�|��
|�|�|���S�)
z@
Provide authentication via Apache-style htdigest files
��realmNzTsalt.auth.file: A ^realm must be defined in external_auth:file for htdigest filetypeFr����)���HtdigestFiler����r-���r.���)���getr����r����r/���r6���r����r����r0���r1���r2���r3���)�r%���r&���r'���r5���r6���r(���r����r����r����� _htdigest����s��������������������������r8���c��������������������K���st���|���d�d�������}�z�d�d�l�}�|�j�|�d�<�W�n���t�y#������t���d�|�����Y�d�S�w�|�d�k�r1t�|�|�f�i�|�����S�t�|�|�f�i�|�����S�) zK
Gate function for _htpasswd and _htdigest authentication backends
r������htpasswdr����Nr-���zFsalt.auth.file: The python-passlib library is required for %s filetypeF��htdigest) r7�����lower��passlib��__version__��ImportErrorr����r����r8���r4���)�r%���r&���r'���r����r<���r����r����r������_htfile����s��������������������������������r?���)�r����r9���r:���c��������������������C���s0���t���}�|�s�d�S�t���|�d���d���}�|�|�|�f�i�|�����S�)�a����
File based authentication
^filename
The path to the file to use for authentication.
^filetype
The type of file: ``text``, ``htpasswd``, ``htdigest``.
Default: ``text``
^realm
The realm required by htdigest authentication.
.. note::
The following parameters are only used with the ``text`` filetype.
^hashtype
The digest format of the password. Can be ``plaintext`` or any digest
available via :py:func:`hashutil.digest <salt.modules.hashutil.digest>`.
Default: ``plaintext``
^field_separator
The character to use as a delimiter between fields in a text file.
Default: ``:``
^username_field
The numbered field in the text file that contains the username, with
numbering beginning at 1 (one).
Default: ``1``
^password_field
The numbered field in the text file that contains the password, with
numbering beginning at 1 (one).
Default: ``2``
Fr����r����)�r������FILETYPE_FUNCTION_MAPr7���)�r%���r&���r����Z
auth_functionr����r����r������auth����s
����*��������rA���)���__doc__��loggingr����Z�salt.utils.filesr����Z�salt.utils.versions� getLogger��__name__r����r����r����r����r+���r4���r8���r?���r@���rA���r����r����r����r������<module>����s�������`������
��������&�2��������