U 烳dm@s2dZddlZddlZddlZddlZddlZddlZddlZddlZddl m Z ddl m Z ddl Z ej ddkrddlZddlZefZeZnddlZddlZeZeZdZdZdZd Zd Zd aeZd d d ddZ ej!Z"d Z#e$e#ddZ%ej&dkrej'nej(Z)dZ%ej*+e%dZ,ddZ-ddZ.ddZ/dBddZ0dCddZ1dDdd Z2dEd!d"Z3d#d$Z4d%d&Z5d'd(Z6Gd)d*d*e7Z8Gd+d,d,e8Z9Gd-d.d.ej:Z;Gd/d0d0ej(ZGd3d4d4e)Z?Gd5d6d6ej=e?Z@Gd7d8d8eAZBd9d:ZCd;d<ZDdFd=d>ZEdGd?d@ZFeGdAkr.eFdS)Ha *sshtunnel* - Initiate SSH tunnels via a remote gateway. ``sshtunnel`` works by opening a port forwarding SSH connection in the background, using threads. The connection(s) are closed when explicitly calling the :meth:`SSHTunnelForwarder.stop` method or using it as a context. N)select)hexlifyz0.4.0Zpahaz皙?g$@Tssh_address_or_hostssh_pkeymute_exceptions) ssh_addressssh_hostssh_private_key/raise_exception_if_any_forwarder_have_a_problemTRACEz~/.sshposixconfigcCs"t|tstdt|jdS)NzIP is not a string ({0})) isinstance string_typesAssertionErrorformattype__name__)hostrF/var/www/html/myproject/myenv/lib/python3.8/site-packages/sshtunnel.py check_hostNsrcCs,t|tstd|dks(td|dS)NzPORT is not a numberrzPORT < 0 ({0}))rintrr)portrrr check_portTsrcCst|tr$t|dt|dnbt|trrtjdkr@tdtj |st tj |tj std |ntd t|jdS)a Check if the format of the address is correct Arguments: address (tuple): (``str``, ``int``) representing an IP address and port, respectively .. note:: alternatively a local ``address`` can be a ``str`` when working with UNIX domain sockets, if supported by the platform Raises: ValueError: raised when address has an incorrect format Example: >>> check_address(('127.0.0.1', 22)) rrrz-Platform does not support UNIX domain socketsz.ADDRESS not a valid socket domain socket ({0})z9ADDRESS is not a tuple, string, or character buffer ({0})N)rtuplerrrosname ValueErrorpathexistsaccessdirnameW_OKrrraddressrrr check_addressYs     r)FcCsJtdd|Dst|r4tdd|Dr4td|D] }t|q8dS)a Check if the format of the addresses is correct Arguments: address_list (list[tuple]): Sequence of (``str``, ``int``) pairs, each representing an IP address and port respectively .. note:: when supported by the platform, one or more of the elements in the list can be of type ``str``, representing a valid UNIX domain socket is_remote (boolean): Whether or not the address list Raises: AssertionError: raised when ``address_list`` contains an invalid element ValueError: raised when any address in the list has an incorrect format Example: >>> check_addresses([('127.0.0.1', 22), ('127.0.0.1', 2222)]) css|]}t|ttfVqdSN)rrr.0xrrr sz"check_addresses..css|]}t|tVqdSr*)rrr+rrrr.sz3UNIX domain sockets not allowed for remoteaddressesN)allranyr))Z address_list is_remoter(rrrcheck_addresses{s r2cCs|p td}tdd|jDsJ||p,tt}t|||pDtd|rn|||jD]}||q^|r|t|d|rt j dkrt dtd}|j |j|S) a Attach or create a new logger and add a console handler if not present Arguments: logger (Optional[logging.Logger]): :class:`logging.Logger` instance; a new one is created if this argument is empty loglevel (Optional[str or int]): :class:`logging.Logger`'s level, either as a string (i.e. ``ERROR``) or in numeric format (10 == ``DEBUG``) .. note:: a value of 1 == ``TRACE`` enables Tracing mode capture_warnings (boolean): Enable/disable capturing the events logged by the warnings module into ``logger``'s handlers Default: True .. note:: ignored in python 2.6 add_paramiko_handler (boolean): Whether or not add a console handler for ``paramiko.transport``'s logger if no handler present Default: True Return: :class:`logging.Logger` zsshtunnel.SSHTunnelForwardercss|]}t|tjVqdSr*)rloggingHandlerr+rrrr.sz create_logger..)handlerloglevellogger)Tz py.warnings) r3 getLoggerr0handlerssetLevelDEFAULT_LOGLEVEL StreamHandler _add_handler_check_paramiko_handlerssys version_infocaptureWarningsextend)r8r6Zcapture_warningsZadd_paramiko_handlerconsole_handlerr5Z pywarningsrrr create_loggers*#      rGcCsN||p t|jtjkr0d}|t|n|td||dS)z< Add a handler to an existing logging.Logger object z[%(asctime)s| %(levelname)-4.3s|%(threadName)10.9s/%(lineno)04d@%(module)-10.9s| %(message)sz)%(asctime)s| %(levelname)-8s| %(message)sN)r=r>levelr3DEBUG setFormatter Formatter addHandler)r8r5r6_fmtrrrr@s r@cCsDtd}|js@|r|j|_n"t}|td||dS)zN Add a console handler for paramiko.transport's logger if not present zparamiko.transportzP%(asctime)s | %(levelname)-8s| PARAMIKO: %(lineno)03d@%(module)-10s| %(message)sN)r3r;r<r?rJrKrL)r8Zparamiko_loggerrFrrrrAs  rAcCst|trd|St|S)Nz {0[0]}:{0[1]})rrrstrr'rrraddress_to_strs  rOc Cs tt}td7aW5QRX|SNr)_LOCK_CONNECTION_COUNTER)uidrrrget_connection_idsrTcsttjfddDS)z, Remove dictionary keys whose value is None csg|]}|dkr|qSr*r)r,i dictionaryrr s z'_remove_none_values..)listmappoprVrrVr_remove_none_valuessr\c@s eZdZdZddZddZdS)BaseSSHTunnelForwarderErrorz8 Exception raised by :class:`SSHTunnelForwarder` errors cOs|d|r|dnd|_dS)Nvaluer)r[r^selfargskwargsrrr__init__sz$BaseSSHTunnelForwarderError.__init__cCs|jSr*)r^rarrr__str__sz#BaseSSHTunnelForwarderError.__str__N)r __module__ __qualname____doc__rdrfrrrrr]sr]c@seZdZdZdS)HandlerSSHTunnelForwarderErrorz' Exception for Tunnel forwarder errors N)rrgrhrirrrrrjsrjc@s0eZdZdZdZdZdZdZddZddZ dS)_ForwardHandlerz% Base handler for tunnel connections Nc Cs|jrt|j|gggd\}}}|j|kr||jd}|sR|jtd|jq|jtd|j|j t || |||kr| s|jtd|jq|d}|jtd|jt ||j |qdS)Niz>>> OUT {0} recv empty data >>>z >>> OUT {0} send to {1}: {2} >>>z <<< IN {0} recv is not ready << Serve over domain sockets (does not work on Windows) cOs4t|dd|_td|_tj|f||dSr)rGr[r8rrr _StreamServerrdr`rrrrds z_StreamForwardServer.__init__cCs|jSr*rrerrrr~sz"_StreamForwardServer.local_addresscCsdSr*rrerrrrsz_StreamForwardServer.local_hostcCsdSr*rrerrrrsz_StreamForwardServer.local_portcCs|jjSr*rrerrrrssz#_StreamForwardServer.remote_addresscCs |jjdSrrrerrrrsz _StreamForwardServer.remote_hostcCs |jjdSrPrrerrrrsz _StreamForwardServer.remote_portN) rrgrhrirdrr~rrrsrrrrrrrs     rc@seZdZdZeZdS)_ThreadingStreamForwardServerrNrrrrrrsrc@seZdZdZdZeZeZddZddZ ddZ d d Z d d Z d dZ ddZdeddddddddddddddddddfddZedWddZedXddZedYddZeddZedZddZedfd d!Zd"d#Zd$d%Zed[d&d'Zed(d)Zed\d*d+Zd,d-Zd]d.d/Zd0d1Z d2d3Z!d4d5Z"d^d7d8Z#d_d9d:Z$e%d;d<Z&e%d=d>Z'e%d?d@Z(e%dAdBZ)e%dCdDZ*e%dEdFZ+e%dGdHZ,e%dIdJZ-dKdLZ.dMdNZ/dOdPZ0dQdRZ1dSdTZ2dUdVZ3dS)`SSHTunnelForwardera # **SSH tunnel class** - Initialize a SSH tunnel to a remote host according to the input arguments - Optionally: + Read an SSH configuration file (typically ``~/.ssh/config``) + Load keys from a running SSH agent (i.e. Pageant, GNOME Keyring) Raises: :class:`.BaseSSHTunnelForwarderError`: raised by SSHTunnelForwarder class methods :class:`.HandlerSSHTunnelForwarderError`: raised by tunnel forwarder threads .. note:: Attributes ``mute_exceptions`` and ``raise_exception_if_any_forwarder_have_a_problem`` (deprecated) may be used to silence most exceptions raised from this class Keyword Arguments: ssh_address_or_host (tuple or str): IP or hostname of ``REMOTE GATEWAY``. It may be a two-element tuple (``str``, ``int``) representing IP and port respectively, or a ``str`` representing the IP address only .. versionadded:: 0.0.4 ssh_config_file (str): SSH configuration file that will be read. If explicitly set to ``None``, parsing of this configuration is omitted Default: :const:`SSH_CONFIG_FILE` .. versionadded:: 0.0.4 ssh_host_key (str): Representation of a line in an OpenSSH-style "known hosts" file. ``REMOTE GATEWAY``'s key fingerprint will be compared to this host key in order to prevent against SSH server spoofing. Important when using passwords in order not to accidentally do a login attempt to a wrong (perhaps an attacker's) machine ssh_username (str): Username to authenticate as in ``REMOTE SERVER`` Default: current local user name ssh_password (str): Text representing the password used to connect to ``REMOTE SERVER`` or for unlocking a private key. .. note:: Avoid coding secret password directly in the code, since this may be visible and make your service vulnerable to attacks ssh_port (int): Optional port number of the SSH service on ``REMOTE GATEWAY``, when `ssh_address_or_host`` is a ``str`` representing the IP part of ``REMOTE GATEWAY``'s address Default: 22 ssh_pkey (str or paramiko.PKey): **Private** key file name (``str``) to obtain the public key from or a **public** key (:class:`paramiko.pkey.PKey`) ssh_private_key_password (str): Password for an encrypted ``ssh_pkey`` .. note:: Avoid coding secret password directly in the code, since this may be visible and make your service vulnerable to attacks ssh_proxy (socket-like object or tuple): Proxy where all SSH traffic will be passed through. It might be for example a :class:`paramiko.proxy.ProxyCommand` instance. See either the :class:`paramiko.transport.Transport`'s sock parameter documentation or ``ProxyCommand`` in ``ssh_config(5)`` for more information. It is also possible to specify the proxy address as a tuple of type (``str``, ``int``) representing proxy's IP and port .. note:: Ignored if ``ssh_proxy_enabled`` is False .. versionadded:: 0.0.5 ssh_proxy_enabled (boolean): Enable/disable SSH proxy. If True and user's ``ssh_config_file`` contains a ``ProxyCommand`` directive that matches the specified ``ssh_address_or_host``, a :class:`paramiko.proxy.ProxyCommand` object will be created where all SSH traffic will be passed through Default: ``True`` .. versionadded:: 0.0.4 local_bind_address (tuple): Local tuple in the format (``str``, ``int``) representing the IP and port of the local side of the tunnel. Both elements in the tuple are optional so both ``('', 8000)`` and ``('10.0.0.1', )`` are valid values Default: ``('0.0.0.0', RANDOM_PORT)`` .. versionchanged:: 0.0.8 Added the ability to use a UNIX domain socket as local bind address local_bind_addresses (list[tuple]): In case more than one tunnel is established at once, a list of tuples (in the same format as ``local_bind_address``) can be specified, such as [(ip1, port_1), (ip_2, port2), ...] Default: ``[local_bind_address]`` .. versionadded:: 0.0.4 remote_bind_address (tuple): Remote tuple in the format (``str``, ``int``) representing the IP and port of the remote side of the tunnel. remote_bind_addresses (list[tuple]): In case more than one tunnel is established at once, a list of tuples (in the same format as ``remote_bind_address``) can be specified, such as [(ip1, port_1), (ip_2, port2), ...] Default: ``[remote_bind_address]`` .. versionadded:: 0.0.4 allow_agent (boolean): Enable/disable load of keys from an SSH agent Default: ``True`` .. versionadded:: 0.0.8 host_pkey_directories (list): Look for pkeys in folders on this list, for example ['~/.ssh']. Default: ``None`` (disabled) .. versionadded:: 0.1.4 compression (boolean): Turn on/off transport compression. By default compression is disabled since it may negatively affect interactive sessions Default: ``False`` .. versionadded:: 0.0.8 logger (logging.Logger): logging instance for sshtunnel and paramiko Default: :class:`logging.Logger` instance with a single :class:`logging.StreamHandler` handler and :const:`DEFAULT_LOGLEVEL` level .. versionadded:: 0.0.3 mute_exceptions (boolean): Allow silencing :class:`BaseSSHTunnelForwarderError` or :class:`HandlerSSHTunnelForwarderError` exceptions when enabled Default: ``False`` .. versionadded:: 0.0.8 set_keepalive (float): Interval in seconds defining the period in which, if no data was sent over the connection, a *'keepalive'* packet will be sent (and ignored by the remote host). This can be useful to keep connections alive over a NAT. You can set to 0.0 for disable keepalive. Default: 5.0 (no keepalive packets are sent) .. versionadded:: 0.0.7 threaded (boolean): Allow concurrent connections over a single tunnel Default: ``True`` .. versionadded:: 0.0.3 ssh_address (str): Superseded by ``ssh_address_or_host``, tuple of type (str, int) representing the IP and port of ``REMOTE SERVER`` .. deprecated:: 0.0.4 ssh_host (str): Superseded by ``ssh_address_or_host``, tuple of type (str, int) representing the IP and port of ``REMOTE SERVER`` .. deprecated:: 0.0.4 ssh_private_key (str or paramiko.PKey): Superseded by ``ssh_pkey``, which can represent either a **private** key file name (``str``) or a **public** key (:class:`paramiko.pkey.PKey`) .. deprecated:: 0.0.8 raise_exception_if_any_forwarder_have_a_problem (boolean): Allow silencing :class:`BaseSSHTunnelForwarderError` or :class:`HandlerSSHTunnelForwarderError` exceptions when set to False Default: ``True`` .. versionadded:: 0.0.4 .. deprecated:: 0.0.8 (use ``mute_exceptions`` instead) Attributes: tunnel_is_up (dict): Describe whether or not the other side of the tunnel was reported to be up (and we must close it) or not (skip shutting down that tunnel) .. note:: This attribute should not be modified .. note:: When :attr:`.skip_tunnel_checkup` is disabled or the local bind is a UNIX socket, the value will always be ``True`` **Example**:: {('127.0.0.1', 55550): True, # this tunnel is up ('127.0.0.1', 55551): False} # this one isn't where 55550 and 55551 are the local bind ports skip_tunnel_checkup (boolean): Disable tunnel checkup (default for backwards compatibility). .. versionadded:: 0.1.0 TcCsFz t|Wn"tk r.|jdYdSX||j|dS)a Check if a tunnel is up (remote target's host is reachable on TCP target's port) Arguments: target (tuple): tuple of type (``str``, ``int``) indicating the listen IP address and port Return: boolean .. deprecated:: 0.1.0 Replaced by :meth:`.check_tunnels()` and :attr:`.tunnel_is_up` zTarget must be a tuple (IP, port), where IP is a string (i.e. "192.168.0.1") and port is an integer (i.e. 40000). Alternatively target can be a valid UNIX domain socket.FT)r)r!r8warning check_tunnels tunnel_is_upget)ratargetrrr local_is_ups  zSSHTunnelForwarder.local_is_upcCs4|j}z d|_|jD]}||qW5||_XdS)zg Check that if all tunnels are established and populates :attr:`.tunnel_is_up` FN)skip_tunnel_checkup _server_list _check_tunnel)rar_srvrrrrs  z SSHTunnelForwarder.check_tunnelscCs:|jrd|j|j<dS|jd|jt|jtrHt t j t j }nt t j t j }| tzzV|jdkrzd|jfn|j}|||jjtdd|j|j<|jd|jWnlt jk r|jd|jd |j|j<Yn8tjk r&|jd |jd|j|j<YnXW5|XdS) z( Check if tunnel is already established TNzChecking tunnel to: {0}0.0.0.0z 127.0.0.1g?)r{zTunnel to {0} is DOWNFzTunnel to {0} is UP)rrr~r8rrrrsrrrAF_UNIX SOCK_STREAMAF_INET settimeoutrrrrconnectrrdebugrrEmpty)rarsZ connect_torrrrs>        z SSHTunnelForwarder._check_tunnelcsGfdddt}|S)z( Make SSH Handler class cseZdZZjZjZdS)zCSSHTunnelForwarder._make_ssh_forward_handler_class..HandlerN)rrgrhrs _transportrr8rremote_address_rarrr4<sr4)rk)rarr4rrr_make_ssh_forward_handler_class8sz2SSHTunnelForwarder._make_ssh_forward_handler_classcCs|jr tStSr*) _threadedrrrarrrr_make_ssh_forward_server_classBsz1SSHTunnelForwarder._make_ssh_forward_server_classcCs|jr tStSr*)rrrrrrr%_make_stream_ssh_forward_server_classEs z8SSHTunnelForwarder._make_stream_ssh_forward_server_classc Cs||}ztt|tr|jn|j}||}||||jd}|r`|j|_|j |d|j |j <n| t dt|t|Wn0tk r| t dt|t|YnXdS)z5 Make SSH forward proxy Server class r7FzsProblem setting up ssh {0} <> {1} forwarder. You can suppress this exception by using the `mute_exceptions`argumentzLCouldn't open tunnel {0} <> {1} might be in use or destination not reachableN)rrrrrr8daemon_forward_serversrrappendrr_raiser]rrOIOError)rarslocal_bind_addressZ_HandlerZforward_maker_classZ_ServerZssh_forward_serverrrr_make_ssh_forward_serverIs>  z+SSHTunnelForwarder._make_ssh_forward_serverNFg@c Os| pt|_t| d||_||_g|_i|_||_d|_dD]}| |||}q>| |d|}| dd|pr| |_ t |t rt ||\}}n|}|dd}|rtd||j||dd |_|| | |_||j|j|_|||| |||r|nd||j\|_|_}|_|_|_|j||||||jd \|_|_t|jt|j|j d |j|j|j|j!d |jdS) Nr7Fr r r r ssh_portzUnknown arguments: {0}T)r1) ssh_passwordrssh_pkey_password allow_agenthost_pkey_directoriesr8z,Connecting to gateway: {0}:{1} as user '{2}'z#Concurrent connections allowed: {0})"rGr8rA ssh_host_key set_keepaliverrris_alive_process_deprecated_raise_fwd_excrrr)r[r!r _get_binds _remote_binds _local_binds_consolidate_binds_read_ssh_configr ssh_usernamer ssh_proxy compression_consolidate_authr ssh_pkeysrrrrr)rarssh_config_filerrrssh_private_key_passwordrZssh_proxy_enabledrrlocal_bind_addressesr8r Zremote_bind_addressremote_bind_addressesrZthreadedrrrrbrcdeprecated_argumentr rrrrrdos           zSSHTunnelForwarder.__init__c CsXt}|sd}dzzttj|d} | | W5QRX| |} |pV| d}|pl| ddgd}| d}|p| d}| d } |p| rt | nd}|dkr| d d }| d krd nd}WnPtk r|r|d|Yn*ttfk r |r|dYnXW5||p4t||rDt|nd||fSX)z Read ssh_config_file and tries to look for user (ssh_username), identityfile (ssh_pkey), port (ssh_port) and proxycommand (ssh_proxy) entries for ssh_host NruserZ identityfilerhostnamer proxycommandrr_ZYESTFz*Could not read SSH configuration file: {0}z*Skipping loading of ssh configuration file)rZ SSHConfiggetpassgetuserropenrr" expanduserparselookupr ProxyCommandupperrrrAttributeError TypeErrorrr) r rrrrrrr8Z ssh_configfZ hostname_inforrrrrsR      z#SSHTunnelForwarder._read_ssh_configcCs0t}|}|r(|dt|t|S)z Load public keys from any available SSH agent Arguments: logger (Optional[logging.Logger]) Return: list z{0} keys loaded from agent)rZAgentget_keysrrrlenrY)r8Zparamiko_agentZ agent_keysrrrget_agent_keyss z!SSHTunnelForwarder.get_agent_keysc Cs|rtj|dng}|dkr"tg}tjtjtjd}ttdrHtj|d<|D]}| D]}t j t j |d|}z2t j |rtj||||d}|r||WqXtk r} z|r|d|| W5d} ~ XYqXXqXqL|r|d t||S) a3 Load public keys from any available SSH agent or local .ssh directory. Arguments: logger (Optional[logging.Logger]) host_pkey_directories (Optional[list[str]]): List of local directories where host SSH pkeys in the format "id_*" are searched. For example, ['~/.ssh'] .. versionadded:: 0.1.0 allow_agent (Optional[boolean]): Whether or not load keys from agent Default: False Return: list r7N)rsaZdsaZecdsa Ed25519KeyZed25519zid_{}) pkey_filer8key_typez%Private key file {0} check error: {1}z{0} key(s) loaded)rrDEFAULT_SSH_DIRECTORYrRSAKeyDSSKeyECDSAKeyhasattrrkeysrr"rjoinrisfileread_private_key_filerOSErrorrrrr) r8rrrZparamiko_key_types directoryZkeytypessh_pkey_expandedrrrrrr'sF    zSSHTunnelForwarder.get_keyscCs<t|t|}|dkr td|ddt|D|S)z Fill local_binds with defaults when no value/s were specified, leaving paramiko to decide in which local port the tunnel will be open rzLToo many local bind addresses (local_bind_addresses > remote_bind_addresses)cSsg|]}dqS))rrrr+rrrrXjsz9SSHTunnelForwarder._consolidate_binds..)rr!rErange)Z local_bindsZ remote_bindscountrrrr`s z%SSHTunnelForwarder._consolidate_bindscCstj|||d}t|tr\tj|}tj|rHtj||p>||d}n|r\| d |t|t j j rv|d||s|std||fS)a2 Get sure authentication information is in place. ``ssh_pkey`` may be of classes: - ``str`` - in this case it represents a private key file; public key will be obtained from it - ``paramiko.Pkey`` - it will be transparently added to loaded keys )r8rr)r pkey_passwordr8zPrivate key file not found: {0}rz$No password or public key available!)rrrrrr"rr#r rrrpkeyZPKeyinsertr!)rrrrrr8Zssh_loaded_pkeysr rrrrms,    z$SSHTunnelForwarder._consolidate_authcCs(|jr||n|jt||dSr*)rr8rr)ra exceptionreasonrrrrs zSSHTunnelForwarder._raisecCs |jrLt|jtjjr(t|jjd}n t|j}|jd ||j}n |j |j f}t|t j r| t||j |j ft|}|j}t|t j r| t||j|j|jd|j|_t|t j r|}t|j|j|jf}|jd |||S)z0 Return the SSH transport to the remote gateway rzConnecting via proxy: {0})compressz'Transport socket info: {0}, timeout={1})rrrproxyrrcmdr8rrr rrr SSH_TIMEOUTr TransportsockrZuse_compressionrdaemon_transportdaemon gettimeoutfamilyrproto)raZ proxy_repr_socket transportrZ sock_timeoutZ sock_inforrr_get_transports2         z!SSHTunnelForwarder._get_transportc Cs|jsz |Wntjk rBd|j}|j|YdStj tjfk r}z2d}||j|j |j d}|j|WYdSd}~XYnXt |j |jD]V\}}z|||Wqtk r}zd|j}|j|W5d}~XYqXqdS)zP Create SSH tunnels on top of a transport to the remote gateway z/Could not resolve IP address for {0}, aborting!Nz*Could not connect to gateway {0}:{1} : {2}rz%Problem setting SSH Forwarder up: {0}) is_active_connect_to_gatewayrgaierrorrr r8rrrrrbziprrrr]r^)ramsgrtemplateremlocrrr_create_tunnelss(    z"SSHTunnelForwarder._create_tunnelscCs|rdnd}|s.|s.|r(td|qDgSn|rD|rDtd||rN|g}|st|D].\}}t|trZt|dkrZ|ddf||<qZt|||S)NremotelocalzXNo {0} bind addresses specified. Use '{0}_bind_address' or '{0}_bind_addresses' argumentzZYou can't use both '{0}_bind_address' and '{0}_bind_addresses' arguments. Use one of them.rr)r!r enumeraterrrr2)Z bind_addressZbind_addressesr1Z addr_kindrUZ local_bindrrrrs&  zSSHTunnelForwarder._get_bindscCs^|tkrtd|||krZtd|t|t|rPtd|t|n ||S|S)z8 Processes optional deprecate arguments z%{0} not included in deprecations listz%'{0}' is DEPRECATED use '{1}' insteadz?You can't use both '{0}' and '{1}'. Please only use one of them) _DEPRECATIONSr!rwarningswarnDeprecationWarningr[)ZattribZdeprecated_attribrcrrrrs$ z&SSHTunnelForwarder._process_deprecatedc Csd}tjtjtjf}ttdr*|tjf7}|r4|fn|D]}z.|j||d}|rb|d||WqWq8tj k r|r| d|YqYq8tj k r|r|d||Yq8Xq8|S)a Get SSH Public key from a private key file, given an optional password Arguments: pkey_file (str): File containing a private key (RSA, DSS or ECDSA) Keyword Arguments: pkey_password (Optional[str]): Password to decrypt the private key logger (Optional[logging.Logger]) Return: paramiko.Pkey Nr)passwordz/Private key file ({0}, {1}) successfully loadedz Password is required for key {0}zFPrivate key file ({0}) could not be loaded as type {1} or bad password) rrrrrrZfrom_private_key_filerrZPasswordRequiredExceptionrr)rrrr8rZ key_typesZ pkey_classrrrr s:    z(SSHTunnelForwarder.read_private_key_filecCs|jr|jddS||js2|jtdd|jD]>}tj |j |fd t |j d}|j|_|||q8t|j|_|js|tddS)z Start the SSH tunnels zAlready started!Nz*Could not establish session to SSH gateway)rzSrv-{0})rrbr z(An error occurred while opening tunnels.)rr8rr*r"rr]r threadingThread_serve_forever_wrapperrrOrrrstartrr0rvaluesrj)rarthreadrrrr6,s,   zSSHTunnelForwarder.startcCsR|jdddd|jDp$d}|jd||j|dg|_i|_dS) a Shut the tunnel down. By default we are always waiting until closing all connections. You can use `force=True` to force close connections Keyword Arguments: force (bool): Force close current connections Default: False .. versionadded:: 0.2.2 .. note:: This **had** to be handled with care before ``0.1.0``: - if a port redirection is opened - the destination is not reachable - we attempt a connection to that tunnel (``SYN`` is sent and acknowledged, then a ``FIN`` packet is sent and never acknowledged... weird) - we try to shutdown: it will not succeed until ``FIN_WAIT_2`` and ``CLOSE_WAIT`` time out. .. note:: Handle these scenarios with :attr:`.tunnel_is_up`: if False, server ``shutdown()`` will be skipped on that tunnel zClosing all open connections...z, css|]}t|jVqdSr*)rOr~)r,krrrr.`sz*SSHTunnelForwarder.stop..NonezListening tunnels: forceN)r8rrrrr_stop_transportr)rar<Zopened_address_textrrrstopCs  zSSHTunnelForwarder.stopcCs |dS)z3 Stop the an active tunnel, alias to :meth:`.stop` Nr>rerrrrgszSSHTunnelForwarder.closecCs||dS)z/ Restart connection to the gateway and tunnels N)r>r6rerrrrestartkszSSHTunnelForwarder.restartc Cs|jD]~}|jdt|z4||_|jj|j |j |d|jj rVWdSWqt j k r|jd|YqXq|jr |jddt|jz4||_|jj|j |j |jd|jj rWdSWn,t j k r |jd|YnX|jddS) z Open connection to SSH gateway - First try with all keys loaded from an SSH agent (if allowed) - Then with those passed directly or read from ~/.ssh/config - As last resort, try with a provided password zTrying to log in with key: {0})hostkeyusernamerNzAuthentication errorz#Trying to log in with password: {0}*)rArBr2z$Could not open connection to gateway)rr8rrrget_fingerprintr!rrrrrrZAuthenticationExceptionr=rrr)rakeyrrrr#ps>             z&SSHTunnelForwarder._connect_to_gatewayrcCsN|jdt|jt|j|||jdt|jt|jdS)zB Wrapper for the server created for a SSH forward zOpening tunnel: {0} <> {1}zTunnel: {0} <> {1} releasedN)r8rrrrOr~rs serve_forever)rar poll_intervalrrrr5s   z)SSHTunnelForwarder._serve_forever_wrapperc CsTz |Wn2ttfk r>}z|j|W5d}~XYnX|rj|jrj|jd|j|j |j D]}|j |j rdnd}|jd t|j t|j|||t|trpzt|j Wqptk r}z|jd |j t|W5d}~XYqpXqpd|_|jrD|jd|j|j |jddS) z< Close the underlying transport when nothing more is needed NzClosing ssh transportupZdownz&Shutting down tunnel: {0} <> {1} ({2})z Unable to unlink socket {0}: {1}FzTransport is closed)_check_is_startedr]rjr8rr"rrrrZ stop_threadrrr~rrOrsshutdown server_closerrrunlinkrrrrr)rar<rrstatusrrrr=sB            z"SSHTunnelForwarder._stop_transportcCs(|t|jdkrtd|jdS)Nrz7Use .local_bind_ports property for more than one tunnelr)rIrrr]local_bind_portsrerrrlocal_bind_ports z"SSHTunnelForwarder.local_bind_portcCs(|t|jdkrtd|jdS)Nrz7Use .local_bind_hosts property for more than one tunnelr)rIrrr]local_bind_hostsrerrrlocal_bind_hosts z"SSHTunnelForwarder.local_bind_hostcCs(|t|jdkrtd|jdS)Nrz;Use .local_bind_addresses property for more than one tunnelr)rIrrr]rrerrrrs z%SSHTunnelForwarder.local_bind_addresscCs|dd|jDS)zU Return a list containing the ports of local side of the TCP tunnels cSsg|]}|jdk r|jqSr*)rr,_serverrrrrXs z7SSHTunnelForwarder.local_bind_ports..rIrrerrrrNsz#SSHTunnelForwarder.local_bind_portscCs|dd|jDS)zU Return a list containing the IP addresses listening for the tunnels cSsg|]}|jdk r|jqSr*)rrRrrrrXs z7SSHTunnelForwarder.local_bind_hosts..rTrerrrrPsz#SSHTunnelForwarder.local_bind_hostscCs|dd|jDS)zU Return a list of (IP, port) pairs for the local side of the tunnels cSsg|] }|jqSr)r~rRrrrrXsz;SSHTunnelForwarder.local_bind_addresses..rTrerrrrsz'SSHTunnelForwarder.local_bind_addressescstfddjDS)zY Return a dictionary containing the active local<>remote tunnel_bindings c3s&|]}j|jr|j|jfVqdSr*)rr~rsrRrerrr.s z5SSHTunnelForwarder.tunnel_bindings..)dictrrerrertunnel_bindingss z"SSHTunnelForwarder.tunnel_bindingscCsd|jkr|jrdSdS)z3 Return True if the underlying SSH transport is up rTF)__dict__rr"rerrrr"s zSSHTunnelForwarder.is_activecCs(|jsd}t||js$d}t|dS)Nz-Server is not started. Please .start() first!z/Tunnels are not started. Please .start() first!)r"r]rrj)rar&rrrrIs z$SSHTunnelForwarder._check_is_startedcCs|jt|jrdd|jDndd}t|tjdddddd d d d d ddddg}||j|j |j |j rx|j j dnd|j ||jr|jnd|jrdnd|jsdn d|j|jrdnd|jrdnd|jrdndt|jj|j|jS)NcSs g|]}|t|fqSr)get_namerrD)r,rErrrrXsz.SSHTunnelForwarder.__str__..)r2Zpkeysz {0} objectzssh gateway: {1}:{2}z proxy: {3}z username: {4}zauthentication: {5}z hostkey: {6}zstatus: {7}startedzkeepalive messages: {8}ztunnel connection check: {9}z#concurrent connections: {10}allowedzcompression: {11}requestedzlogging level: {12}zlocal binds: {13}zremote binds: {14}rnoz not checkedr_znot disabledz every {0} secenabled)rr0rr\rlineseprr __class__r rrrrrrrrrrr3 getLevelNamer8rHrr)ra credentialsr'rrrrfsR       zSSHTunnelForwarder.__str__cCs|Sr*)rfrerrr__repr__CszSSHTunnelForwarder.__repr__cCs0z||WStk r*|YnXdSr*)r6KeyboardInterrupt__exit__rerrr __enter__Fs zSSHTunnelForwarder.__enter__cGs|jdddS)NTr;r?)rarbrrrrbMszSSHTunnelForwarder.__exit__cCs(|js |jr$|jd|jdddS)NzIt looks like you didn't call the .stop() before the SSHTunnelForwarder obj was collected by the garbage collector! Running .stop(force=True)Tr;)r"rr8rr>rerrr__del__Ps  zSSHTunnelForwarder.__del__)NNNNNN)N)NNF)NNNTNN)F)NNN)F)r)F)4rrgrhrirrrrrrrrrrrSSH_CONFIG_FILErd staticmethodrrrrrr]rr!r*rrr r6r>rr@r#r5r=rrOrQrrNrPrrVr"rIrfr`rcrbrdrrrrrs$ ( k <  8  &   , $%  #        )rcOst|dd|ddd|d<|dd}dD]}t|||}q0|dd}|d d }|d d}|rxtd t|st|t r|f}n ||ff}t||}||_ |S) a Open an SSH Tunnel, wrapper for :class:`SSHTunnelForwarder` Arguments: destination (Optional[tuple]): SSH server's IP address and port in the format (``ssh_address``, ``ssh_port``) Keyword Arguments: debug_level (Optional[int or str]): log level for :class:`logging.Logger` instance, i.e. ``DEBUG`` skip_tunnel_checkup (boolean): Enable/disable the local side check and populate :attr:`~SSHTunnelForwarder.tunnel_is_up` Default: True .. versionadded:: 0.1.0 .. note:: A value of ``debug_level`` set to 1 == ``TRACE`` enables tracing mode .. note:: See :class:`SSHTunnelForwarder` for keyword arguments **Example**:: from sshtunnel import open_tunnel with open_tunnel(SERVER, ssh_username=SSH_USER, ssh_port=22, ssh_password=SSH_PASSWORD, remote_bind_address=(REMOTE_HOST, REMOTE_PORT), local_bind_address=('', LOCAL_PORT)) as server: def do_something(port): pass print("LOCAL PORTS:", server.local_bind_port) do_something(server.local_bind_port) r8N debug_level)r8r6rrrrrTblock_on_closez'block_on_close' is DEPRECATED. You should use either .stop() or .stop(force=True), depends on what you do with the active connections. This option has no affect since 0.3.0) rGrr[rrr/r0r1rrr)rbrcrrrrrhZ forwarderrrr open_tunnelYs0,         ricCszP|d}t|dkr&|d}d}n|\}}|s<|sd?jtd@dAdB|jdCdDtdEddFdG|jdHdItt dJdKt dL|jdMdNd3dOdPdQ|jdRdSdTdUdVdQ|jdWdXddYdZd[d\t ||S)]z2 Parse arguments directly passed from CLI z(Pure python ssh tunnel utils Version {0}) descriptionformatter_classr zbSSH server IP address (GW for SSH tunnels) set with "-- ssh_address" if immediately after -R or -L)rhelpz-Uz --usernamerzSSH server account username)rdestrrz-pz --server_portrrz!SSH server TCP port (default: 22))rrsdefaultrrz-Pz --passwordrzSSH server account passwordz-Rz--remote_bind_address+zIP:PORTTrzRemote bind address sequence: ip_1:port_1 ip_2:port_2 ... ip_n:port_n Equivalent to ssh -Lxxxx:IP_ADDRESS:PORT If port is omitted, defaults to 22. Example: -R 10.10.10.10: 10.10.10.10:5900)rnargsrtmetavarrequiredrsrrz-Lz--local_bind_addressrCraTLocal bind address sequence: ip_1:port_1 ip_2:port_2 ... ip_n:port_n Elements may also be valid UNIX socket domains: /tmp/foo.sock /tmp/bar.sock ... /tmp/baz.sock Equivalent to ssh -LPORT:xxxxxxxxx:xxxx, being the local IP address optional. By default it will listen in all interfaces (0.0.0.0) and choose a random port. Example: -L :40000)rrvrsrwrrz-kz--ssh_host_keyzGateway's host keyz-Kz--private_key_filer ZKEY_FILEzRSA/DSS/ECDSA private key file)rsrwrrrz-Sz--private_key_passwordrZ KEY_PASSWORDz"RSA/DSS/ECDSA private key passwordz-tz --threaded store_truez+Allow concurrent connections to each tunnel)actionrrz-vz --verboserrz(Increase output verbosity (default: {0}))rzrtrrz-Vz --versionversionz%(prog)s {version})r{zShow version number and quit)rzr{rrz-xz--proxyrz'IP and port of SSH proxy to destination)rrsrwrrz-cz--configrz'SSH configuration file, defaults to {0})rrtrsrrz-zz --compressrz1Request server for compression over SSH transport)rzrsrrz-nz --noagent store_falserz*Disable looking for keys from an SSH agentz-dz--host_pkey_directoriesrZFOLDERzGList of directories where SSH pkeys (in the format `id_*`) may be found)rvrsrwrr)rlArgumentParserr __version__RawTextHelpFormatter add_argumentrNrror3r^r>revars parse_args)rbparserrrr_parse_argumentss  rc Kst|}t|t|dd}tjtjtjtjt g}| d||| D]\}}| ||qNt f|}|j r~tdW5QRXdS)a Pass input arguments to open_tunnel Mandatory: ssh_address, -R (remote bind address list) Optional: -U (username) we may gather it from SSH_CONFIG_FILE or current username -p (server_port), defaults to 22 -P (password) -L (local_bind_address), default to 0.0.0.0:22 -k (ssh_host_key) -K (private_key_file), may be gathered from SSH_CONFIG_FILE -S (private_key_password) -t (threaded), allow concurrent connections over tunnels -v (verbose), up to 3 (-vvv) to raise loglevel from ERROR to DEBUG -V (version) -x (proxy), ProxyCommand's IP:PORT, may be gathered from config file -c (ssh_config), ssh configuration file (defaults to SSH_CONFIG_FILE) -z (compress) -n (noagent), disable looking for keys from an Agent -d (host_pkey_directories), look for keys on these folders verbosergz> Press or to stop! N)rr\minr[r3ERRORWARNINGINFOrIrq setdefaultitemsririnput_)rbextras arguments verbosityZlevelsextrar^Ztunnelrrr _cli_mainYs r__main__)F)NNTT)NN)N)N)N)HrirrBrrr3rlr/r3rbinasciirrrCrr SocketServerr basestringr raw_inputrrNinputr~ __author__rrrrRLockrQr.rr>rq addLevelNamerr UnixStreamServerrrr"rrerrr)r2rGr@rArOrTr\rr]rjBaseRequestHandlerrkrThreadingMixInrrrobjectrrirorrrrrrrs     " # ;     Q3 # }K  ,