i( SrSSKrSSKrSSKJr SSKJrJr \R"SS55r \R"SS55r \R"S S 55r \R"S S 55r \R"S S55r \R\ \ \ \ \ 4rSS\R \R\\\R$\4S\R \S\R \S\R$\4Sjjrg)zCredentials that can be used by a client. These are the various credentials that can be used as a client to authenticate with a service. See the docstring for each credential type to identify what credentials are usable for each authenticaton protocol. N) is_ntlm_hash)InvalidCredentialErrorNoCredentialErrorc\rSrSr%Sr\\S'\R"SS9r \\S'\ S\ R\4Sj5r S rg ) PasswordzPlaintext username and password credential. This is the simple username and password credential that is supported by all authentication protocols. Attributes: username: The username. password: The password for the user. usernameF)reprpasswordreturnc /SQ$)1List of protocols the credential can be used for.)credsspkerberosntlmselfs L/home/james-whalen/.local/lib/python3.13/site-packages/spnego/_credential.pysupported_protocolsPassword.supported_protocols#s /.rN)__name__ __module__ __qualname____firstlineno____doc__str__annotations__ dataclassesfieldr propertytypingListr__static_attributes__rrrrrsEM%%51Hc1 /V[[%5//rrct\rSrSr%SrSr\R\\ S'\ S\R\4Sj5r Sr g)CredentialCache)zCached credential. Uses the provider specific cached credential. Can also specify a username to select a specific cached credential. Attributes: username: Optional username used to select a specific credential in the cache. Nr r c SS/$)Nrrrrs rr#CredentialCache.supported_protocols7s F##rr)rrrrrr r#Optionalrrr"r$rr%rrrr'r')s>&*Hfooc") $V[[%5$$rr'c\rSrSr%Sr\\S'\R"SSS9r \ R\\S'\R"SSS9r \ R\\S'\ S \ R\4S j5rS rg) NTLMHash<aNTLM LM/NT Hash credential. Used with :class:`NTLMProxy` for NTLM authentication backed by an NT and/or LM hash value. In modern iterations of NTLM only the NT hash needs to be specified and LM is ignored but both can be specified and the NTLM code will use them as necessary. Attributes: username: The username the hashes are for. lm_hash: The LM hash as a hex string, can be `None` in most cases. nt_hash: The NT hash as a hex string. r NF)defaultr lm_hashnt_hashr cS/$)rrrrs rrNTLMHash.supported_protocolsOs xrr)rrrrrrrr r!r0r#r+r1r"r$rr%rrrr-r-<sp M$/$5$5d$OGV__S !O$/$5$5d$OGV__S !O V[[%5rr-c~\rSrSr%Sr\\S'Sr\R\\S'\ S\R\4Sj5r Sr g) KerberosKeytabUa9Kerberos Keytab Credential. Used with :class:`GSSAPIProxy` or :class:`SSPIProxy` for Kerberos authentication. It is used to retrieve a Kerberos ticket using a keytab for authentication rather than a password. Attributes: keytab: The keytab to use for authentication. The path will not be expanded of have variables substituted so should be the absolute path to the keytab. principal: The Kerberos principal to get the credential for. Should be in the UPN form `username@REALM.COM`. Set to `None` to use the first keytab entry. keytabN principalr cS/$rrrrs rr"KerberosKeytab.supported_protocolsi |rrrrrrrrrr8r#r+r"r$rr%rrrr5r5UsC  K&*Ivs#* V[[%5rr5c~\rSrSr%Sr\\S'Sr\R\\S'\ S\R\4Sj5r Sr g) KerberosCCacheoaKerberos CCache Credential. Used with :class:`GSSAPIProxy` for Kerberos authentication. It is used to specify the credential cache that has the stored Kerberos credential for authentication. The ccache value is specified in the form ``TYPE:RESIDUAL`` where the ``TYPE`` supported is down to the installed Kerberos/GSSAPI implementation and ``RESIDUAL`` is a value specific to the type. Common types are: DIR: The value is the path to a directory containing a collection of `FILE` caches. FILE: The value is the path to an individual cache. MEMORY: The value is a unique identifier to a cache stored in memory of the current process. It must be resolvable by the linked GSSAPI provider that this library uses. There are other ccache types but they are mostly platform or GSSAPI implementation specific. .. Note: This only works on Linux, Windows does not have the concept of separate CCaches. Attributes: ccache: The ccache in the form ``TYPE:RESIDUAL`` to use for a Kerberos credential. The path will not be expanded of have variables substituted so should be the absolute path to the ccache. principal: Optional principal to get in the credential cache specified. ccacheNr8r cS/$r:rrs rr"KerberosCCache.supported_protocolsr<rrr=rrrr?r?osC< K&*Ivs#* V[[%5rr?r r required_protocolr c U(aw[U[5(aIUc [US9/nO_[U5(a UR SS5up4[ XUS9/nO/[ XS9/nO$[U[5(dU/nO [5/n/n[5nUHn[U[[[[ [ 45(d [SS9eSnURHn X;dM URU 5 S nM U(dMnURU5 M U(a.X&;a)S R[!U55n [#S US U 3S9eU$) aProcess user input credentials. Converts the user facing credential input into a list of credentials that is known by spnego. Also filters out any duplicate credentials/ones that are rendered obsolete by any ones preceding it. For example NTLMHash won't be used if it's specified after Password in the credential list. Args: username: The username or list of credentials to process. password: The password for username when it's a string. required_protocol: Optionally checks that at least 1 credential must support the protocol specified. Returns: typing.List[Credential]: A list of credentials based on the free-form input. )r :)r r0r1)r r zMInvalid username/credential specified, must be a string or Credential object.) context_msgFTz, zA credential for z* is needed but only found credentials for ) isinstancerr'rsplitr-rlistsetr?r5rraddappendjoinsortedr) r r rDlmnt credentialsused_protocolscred cred_useful cred_protocolfound_protocolss runify_credentialsrYsS, h $ $+X>?h''!Q/$hBOP$hJKHd++ zH$%&+-K&)eN$..RZ\d eff(k   !55M2""=1" 6 ;   t $".D))F>$:;+,=+>?./1  r)NNN)rr r#spnego._ntlm_raw.cryptorspnego.exceptionsrr dataclassrr'r-r5r?Union Credentialr+rr$rYrrrr_sH 0G  ///( $$$$ 0 2 %%%X\\/>>8U]] ^ Y]%).2@oofll3 FKK