??????????????
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 173

Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 174

Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 175

Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 176

Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 177

Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 178
 Udac@`sddlmZmZmZeZddlZddlZddlZddl Z ddl Z ddl Z ddl Z ddl Z ddlZddlZddlmZddlmZddlmZeZeZeZeZyej%ejdeddlmZWdQXddl m!Z!dd l"m#Z#m$Z$dd l%m&Z&dd l'm(Z(dd l)m*Z+m,Z,m-Z-e!Ze.ZWne/k rnXy`dd l0m1Z2e.Zddl3m4Z5dd l3m&Z6ddl7m8Z9ddl:m;Z<e.ZWne/k rnXddl=m>Z>m?Z?ddl@mAZBddlCmDZDmEZEddlFmGZGddlHmIZImJZJmKZKddlLmMZMddlNmOZOeMZPdZQeRdfZSeRdfZTdZUereUd7ZUneUd7ZUde>fdYZVdeVfd YZWd!e>fd"YZXd#ZYdd$d%ZZed&Z[eed'Z\eed(Z]d)Z^d*Z_d+Z`ed,Zad-fd.YZbd/ebfd0YZcd1Zdeeeed2Zed3ebfd4YZfd5effd6YZgd7egfd8YZhd9Zid:Zjed;Zked<Zld=fd>YZmd?fd@YZndAfdBYZoieod6ZpdS(Ci(tabsolute_importtdivisiontprint_functionN(thexlify(t unhexlify(tErrortignore(tInvalidSignature(tdefault_backend(thashestpadding(tHMAC(t PBKDF2HMAC(tCiphert algorithmstmodes(tAES(tSHA256(tCounter(tPBKDF2(t AnsibleErrortAnsibleAssertionError(t constants(tPY3t binary_type(tzip(tto_bytestto_textt to_native(tDisplay(t makedirs_safes$ANSIBLE_VAULTuAES256sEansible-vault requires either the cryptography library (preferred) ors a newer version ofs pycrypto in order to function.tAnsibleVaultErrorcB`seZRS((t__name__t __module__(((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRcstAnsibleVaultPasswordErrorcB`seZRS((R R!(((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyR"gstAnsibleVaultFormatErrorcB`seZRS((R R!(((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyR#ksc C`sfy4tt|dddddddddd}Wnttfk rNtSX|jtrbtStS(s Test if this is vault encrypted data blob :arg data: a byte or text string to test whether it is recognized as vault encrypted data :returns: True if it is recognized. Otherwise, False. tencodingtasciiterrorststrictt nonstring(RRt UnicodeErrort TypeErrortFalset startswithtb_HEADERtTrue(tdatatb_data((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt is_encryptedos4icC`sE|j}z$|j|t|j|SWd|j|XdS(sTest if the contents of a file obj are a vault encrypted data blob. :arg file_obj: A file object that will be read from. :kwarg start_pos: A byte offset in the file to start reading the header from. Defaults to 0, the beginning of the file. :kwarg count: Read up to this number of bytes from the file to determine if it looks like encrypted vault data. The default is -1, read to the end of file. :returns: True if the file looks like a vault file. Otherwise, False. N(ttelltseekR1tread(tfile_objt start_postcounttcurrent_position((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pytis_encrypted_files  cC`s|j}|djjd}|dj}t|dj}|}t|dkr|t|dj}ndj|d}||||fS(Nit;iiiit(t splitlineststriptsplitRtlentjoin(tb_vaulttext_envelopetdefault_vault_idt b_tmpdatat b_tmpheadert b_versiont cipher_nametvault_idt b_ciphertext((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt_parse_vaulttext_envelopes cC`sq|p tj}yt||SWnJtk rl}d}|rO|d|7}n|d|7}t|nXdS(sParse the vaulttext envelope When data is saved, it has a header prepended and is formatted into 80 character lines. This method extracts the information from the header and then removes the header and the inserted newlines. The string returned is suitable for processing by the Cipher classes. :arg b_vaulttext: byte str containing the data from a save file :kwarg default_vault_id: The vault_id name to use if the vaulttext does not provide one. :kwarg filename: The filename that the data came from. This is only used to make better error messages in case the data cannot be decrypted. This is optional. :returns: A tuple of byte str of the vaulttext suitable to pass to parse_vaultext, a byte str of the vault format version, the name of the cipher used, and the vault_id. :raises: AnsibleVaultFormatError: if the vaulttext_envelope format is invalid sVault envelope format errors in %ss: %sN(tCtDEFAULT_VAULT_IDENTITYRIt ExceptionR#(RARBtfilenametexctmsg((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pytparse_vaulttext_envelopesc C`s|stdn|pd}|r<|dkr<d}nt|ddd}t|ddd}t|ddd}t||g}|dkr|r|j|ndj|}|g} | gtd t|d D]} || | d !^q7} | d g7} d j| } | S( s Add header and format to 80 columns :arg b_ciphertext: the encrypted and hexlified data as a byte string :arg cipher_name: unicode cipher name (for ex, u'AES256') :arg version: unicode vault version (for ex, '1.2'). Optional ('1.1' is default) :arg vault_id: unicode vault identifier. If provided, the version will be bumped to 1.2. :returns: a byte str that should be dumped into a file. It's formatted to 80 char columns and has the header prepended s-the cipher must be set before adding a headers1.1udefaults1.2sutf-8R&R'R:iiPR;s (RRR-tappendR@trangeR?( RHRFtversionRGREt b_vault_idt b_cipher_namet header_partstheadert b_vaulttextti((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pytformat_vaulttext_envelopes&     : cC`s>yt|SWn)ttfk r9}td|nXdS(Ns Vault format unhexlify error: %s(Rt BinasciiErrorR*R#(R0RN((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt _unhexlifyscC`sLt|}|jdd\}}}t|}t|}|||fS(Ns i(R\R>(RXtb_salttb_crypted_hmacRH((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt_parse_vaulttexts    cC`sQyt|SWn<tk r$n)tk rL}d|}t|nXdS(swParse the vaulttext :arg b_vaulttext: byte str containing the vaulttext (ciphertext, salt, crypted_hmac) :returns: A tuple of byte str of the ciphertext suitable for passing to a Cipher class's decrypt() function, a byte str of the salt, and a byte str of the crypted_hmac :raises: AnsibleVaultFormatError: if the vaulttext format is invalid s Vault vaulttext format error: %sN(R_R#RL(RXRNRO((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pytparse_vaulttexts   cC`s%|p d}|s!t|ndS(sCheck the secret against minimal requirements. Raises: AnsibleVaultPasswordError if the password does not meet requirements. Currently, only requirement is that the password is not None or an empty string. s#Invalid vault password was providedN(R"(tsecretRO((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pytverify_secret_is_not_emptys t VaultSecretcB`s2eZdZddZedZdZRS(sKOpaque/abstract objects for a single vault secret. ie, a password or a key.cC`s ||_dS(N(t_bytes(tselfRd((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt__init__'scC`s|jS(sThe secret as a bytestring. Sub classes that store text types will need to override to encode the text to bytes. (Rd(Re((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pytbytes+scC`s|jS(N(Rd(Re((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pytload3sN(R R!t__doc__tNoneRftpropertyRgRh(((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRc$s tPromptVaultSecretcB`sMeZdgZddddZedZdZdZdZ RS(sVault password (%s): cC`sJtt|jd|||_|dkr=|j|_n ||_dS(NRd(tsuperRlRfRGRjtdefault_prompt_formatstprompt_formats(ReRdRGRo((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRf:s   cC`s|jS(N(Rd(Re((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRgCscC`s|j|_dS(N(task_vault_passwordsRd(Re((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRhGscC`sg}x|jD]}|i|jd6}ytj|dt}Wn$tk ritd|jnXt|t|ddddj }|j |qWx"|D]}|j |d|qW|r|dSdS( NRGtprivates$EOFError (ctrl-d) on prompt for (%s)R&R'R(t simplerepri( RoRGtdisplaytpromptR.tEOFErrorRRbRR=RQtconfirmRj(Retb_vault_passwordst prompt_formatRtt vault_passt b_vault_passtb_vault_password((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRpJs   cC`s||krtdndS(NsPasswords do not match(R(Retb_vault_pass_1tb_vault_pass_2((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRvbs N( R R!RnRjRfRkRgRhRpRv(((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRl7s     cC`s/tjj|\}}|jdr+tStS(sWDetermine if a vault secret script is a client script that can be given --vault-id argss-client(tostpathtsplitexttendswithR.R+(RMt script_nametdummy((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pytscript_is_clientjsc C`stjjtjj|}tjj|sCtd|n|j|rt|rtj dt |t d|d|d|d|St d|d|d|St d|d|d|S(Ns(The vault password file %s was not foundu.The vault password file %s is a client script.RMRGR$tloader(R~Rtrealpatht expandusertexistsRt is_executableRRstvvvvRtClientScriptVaultSecrettScriptVaultSecrettFileVaultSecret(RMRGR$Rt this_path((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pytget_file_vault_secretxs  RcB`sDeZddddZedZdZdZdZRS(cC`sJtt|j||_||_|p.d|_d|_d|_dS(Ntutf8( RmRRfRMRR$RjRdt_text(ReRMR$R((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRfs    cC`s0|jr|jS|jr,|jj|jSdS(N(RdRtencodeR$Rj(Re((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRgs   cC`s|j|j|_dS(N(t _read_fileRMRd(Re((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRhscC`sy/t|d}|jj}|jWn/ttfk r`}td||fnX|jj||\}}|jd}t |dd||S(s Read a vault password from a file or if executable, execute the script and retrieve password from STDOUT trbs)Could not read vault password file %s: %ss ROs2Invalid vault password was provided from file (%s)( topenR4R=tclosetOSErrortIOErrorRRt_decrypt_if_vault_dataRb(ReRMtfRytet b_vault_dataR((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRs  cC`s.|jr d|jj|jfSd|jjS(Ns%s(filename='%s')s%s()(RMt __class__R (Re((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt__repr__s N( R R!RjRfRkRgRhRR(((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRs    RcB`s,eZdZdZdZdZRS(cC`s|jj|s%td|n|j}|j|\}}}|j||||jd}d|}t|d||S(Ns/The vault password script %s was not executables s4Invalid vault password was provided from script (%s)RO(RRRt_build_commandt_runt_check_resultsR=Rb(ReRMtcommandtstdouttstderrtpRytempty_password_msg((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRs   cC`svytj|dtj}Wn8tk rV}d}||j|f}t|nX|j\}}|||fS(NRspProblem running vault password script %s (%s). If this is not a script, remove the executable bit from the file.(t subprocesstPopentPIPERRMRt communicate(ReRRRt msg_formatRORR((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRscC`s5|jdkr1td|j|j|fndS(Nis3Vault password script %s returned non-zero (%s): %s(t returncodeRRM(ReRRtpopen((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRscC`s |jgS(N(RM(Re((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRs(R R!RRRR(((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRs   RcB`sGeZdZdddddZdZdZdZdZRS(icC`sUtt|jd|d|d|||_tjdt|t|fdS(NRMR$Ru8Executing vault password client script: %s --vault-id %s(RmRRft _vault_idRsRR(ReRMR$RRG((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRfs  cC`sy%tj|dtjdtj}Wn8tk r_}d}||j|f}t|nX|j\}}|||fS(NRRswProblem running vault password client script %s (%s). If this is not a script, remove the executable bit from the file.(RRRRRMRR(ReRRRRRORR((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRs  cC`so|j|jkr4td|j|j|fn|jdkrktd|j|j|j|fndS(NsIVault password client script %s did not find a secret for vault-id=%s: %sis^Vault password client script %s returned non-zero (%s) when getting secret for vault-id=%s: %s(RtVAULT_ID_UNKNOWN_RCRRMR(ReRRR((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRs cC`s2|jg}|jr.|jd|jgn|S(Ns --vault-id(RMRtextend(ReR((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyR s  cC`s4|jr&d|jj|j|jfSd|jjS(Ns %s(filename='%s', vault_id='%s')s%s()(RMRR R(Re((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRs N( R R!RRjRfRRRR(((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRs   cC`s?|s gSg|D]$\}}||kr||f^q}|S(sVFind all VaultSecret objects that are mapped to any of the target_vault_ids in secrets((tsecretsttarget_vault_idsRGRatmatches((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt match_secretss1cC`s!t||}|r|dSdS(sFind the best secret from secrets that matches target_vault_ids Since secrets should be ordered so the early secrets are 'better' than later ones, this just finds all the matches, then returns the first secretiN(RRj(RRR((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pytmatch_best_secret"scC`stjdt||dkr2tdn|g}t||}|rT|Std|g|D]\}}|^qdfdS(Nuencrypt_vault_id=%ssBmatch_encrypt_vault_id_secret requires a non None encrypt_vault_idsHDid not find a match for --encrypt-vault-id=%s in the known vault-ids %s(RsRRRjRRR(Rtencrypt_vault_idtencrypt_vault_id_matcherstencrypt_secrett_vt_vs((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pytmatch_encrypt_vault_id_secret.s   cC`s_tjdt||r-t|d|Sg|D]\}}|^q4}t||}|S(s@Find the best/first/only secret in secrets to use for encryptinguencrypt_vault_id=%sR(RsRRRR(RRRRt_vault_id_matcherst best_secret((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pytmatch_encrypt_secretBs tVaultLibcB`s;eZddZdddZddZddZRS(cC`s%|p g|_d|_d|_dS(Ns1.2(RRjRFRE(ReR((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRfUs c C`s?|d kr<|jr-t|j\}}q<tdnt|dd}t|ritdn|j s|jtkrd|_nyt |j}Wn)t k rtdj |jnX|rt j dt|t|fnt j dt||j||}t||jd |}|S( sVault encrypt a piece of data. :arg plaintext: a text or byte string to encrypt. :returns: a utf-8 encoded byte str of encrypted data. The string contains a header identifying this as vault encrypted data and formatted to newline terminated lines of 80 characters. This is suitable for dumping as is to a vault file. If the string passed in is a text string, it will be encoded to UTF-8 before encryption. s2A vault password must be specified to encrypt dataR&tsurrogate_or_strictsinput is already encrypteduAES256u{0} cipher could not be foundu1Encrypting with vault_id "%s" and vault secret %su3Encrypting without a vault_id using vault secret %sRGN(RjRRRRR1RRFtCIPHER_WRITE_WHITELISTtCIPHER_MAPPINGtKeyErrortformatRstvvvvvRtencryptRZ( Ret plaintextRaRGRt b_plaintextt this_cipherRHRX((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRZs*     &  cC`s"|j|d|\}}}|S(sDecrypt a piece of vault encrypted data. :arg vaulttext: a string to decrypt. Since vault encrypted data is an ascii text format this can be either a byte str or unicode string. :kwarg filename: a filename that the data came from. This is only used to make better error messages in case the data cannot be decrypted. :returns: a byte string containing the decrypted data and the vault-id that was used RM(tdecrypt_and_get_vault_id(Ret vaulttextRMRRGt vault_secret((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pytdecrypts cC`st|dddd}|jdkr6tdnt|std}|re|dt|7}nt|nt|d|\}}}}|tkrt |}ntd j |d} |jstd ng} d} d} |rut j d t || j|t|j| } | r[t j d t |t |fqut j d t |ntjs| jg|jD]\}}||kr|^qnt|j| }x|D]d\}}t j dt |t |t |fyt jdt |t |f|j||} | dk r|} |} d}|rpd|}nt j dt |t |t |fPnWqtk r}d}|r|dt |7}n|d|7}t j|qtk r2}t jdt |t ||fqqXqWd}|rZ|dt|7}nt|| dkrd}|r|dt|7}nt|n| | | fS(sDecrypt a piece of vault encrypted data. :arg vaulttext: a string to decrypt. Since vault encrypted data is an ascii text format this can be either a byte str or unicode string. :kwarg filename: a filename that the data came from. This is only used to make better error messages in case the data cannot be decrypted. :returns: a byte string containing the decrypted data and the vault-id vault-secret that was used R&R'R$sutf-8s2A vault password must be specified to decrypt datas!input is not vault encrypted datas %s is not a vault encrypted fileRMs{0} cipher could not be founds0Attempting to decrypt but no vault secrets foundu&Found a vault_id (%s) in the vaulttextuMWe have a secret associated with vault id (%s), will try to use to decrypt %su\Found a vault_id (%s) in the vault text, but we do not have a associated secret (--vault-id)u3Trying to use vault secret=(%s) id=%s to decrypt %su Trying secret %s for vault_id=%sR;s of "%s"u3Decrypt%s successful with secret=%s and vault_id=%suThere was a vault format erroru in %su: %suKTried to use the vault secret (%s) to decrypt (%s) but it failed. Error: %ssBDecryption failed (no vault secrets were found that could decrypt)s on %ssDecryption failedN(RRRjRR1RRRPtCIPHER_WHITELISTRRRsRRRQRRJtDEFAULT_VAULT_ID_MATCHRRRR#twarning(ReRRMRXRORRFRGRRtvault_id_matcherst vault_id_usedtvault_secret_usedt_matchesRt_dummytmatched_secretstvault_secret_idRt file_slugRNR((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRs       & 8,#  &     N(R R!RjRfRRR(((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRTs . t VaultEditorcB`seZddZdZdZdeddZdZddZ dddZ ddZ ddZ d Z d Zdd Zd Zed dZdZdZRS(cC`s|p t|_dS(N(Rtvault(ReR((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRfsc C`s tjj|}|dkrtd|}d}t|d}xt|D]}|jddtj|d|}tj |}x(td||D]}|j |qW|j ||| |j |krt ntj |qRWWdQXndS( sr"Destroy a file, when shred (core-utils) is not available Unix `shred' destroys files "so that they can be recovered only with great difficulty with specialised hardware, if at all". It is based on the method from the paper "Secure Deletion of Data from Magnetic and Solid-State Memory", Proceedings of the Sixth USENIX Security Symposium (San Jose, California, July 22-25, 1996). We do not go to that length to re-implement shred in Python; instead, overwriting with a block of random data should suffice. See https://github.com/ansible/ansible/pull/13700 . iiiitwbNii (R~RtgetsizetminRRRR3trandomtrandintturandomtwriteR2Rtfsync( Rettmp_pathtfile_lent max_chunk_lentpassestfht_t chunk_lenR/((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt_shred_file_custom s  cC`s|tjj|sdSytjd|g}Wnttfk rNd}nX|dkrk|j|ntj|dS(sjSecurely destroy a decrypted file Note standard limitations of GNU shred apply (For flash, overwriting would have no effect due to wear leveling; for other storage systems, the async kernel->filesystem->disk calls never guarantee data hits the disk; etc). Furthermore, if your tmp dirs is on tmpfs (ramdisks), it is a non-issue. Nevertheless, some form of overwriting the data (instead of just removing the fs index entry) is a good idea. If shred is not available (e.g. on windows, or no core-utils installed), fall back on a custom shredding method. Ntshredii( R~RtisfileRtcallRt ValueErrorRtremove(ReRtr((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt _shred_file2s   cC`stjjtjj|\}}tjd|dtj\}} |j| } zKy#|ry|j ||dt nWn!t k r|j | nXWdtj |Xytj| WnEt k r} |j | tddj| t| fnX|j| } |s*|| kr|jj| |d|} |j | | |j| |tjdt|t|t|fn|j | dS(NtsuffixtdirRs&Unable to execute the command "%s": %st RGu<Saved edited file "%s" encrypted using %s and vault id "%s"(R~RRRttempfiletmkstempRJtDEFAULT_LOCAL_TMPt_editor_shell_commandt write_dataR+RLRRRRRR@Rt read_dataRRt shuffle_filesRsRR(ReRMRat existing_datat force_saveRGtroottexttfdRtcmdRRCRH((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt_edit_file_helperSs.$!    )/cC`s&|dkr|Stjj|}|S(Nt-(R~RR(ReRMt real_path((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt _real_path~s cC`s|jj||d|}|S(NRG(RR(ReRRaRGRH((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt encrypt_bytesscC`sS|j|}|j|}|jj||d|}|j||pK|dS(NRG(RRRRR(ReRMRaRGt output_fileRRH((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt encrypt_filescC`s|j|}|j|}y|jj|d|}Wn5tk rq}tdt|t|fnX|j||p|dtdS(NRMs %s for %sR(RRRRRRRR+(ReRMRt ciphertextRR((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt decrypt_files&cC`stjj|}|rOtjj| rOtjdt|t|ntjj|rtt d|n|j ||d|dS(s create a new encrypted file u%s does not exist, creating...s$%s exists, please use 'edit' insteadRGN( R~RtdirnameRRsRRRRRR(ReRMRaRGR ((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt create_files c C`sd}d}|j|}|j|}t|}y|jj|\}}}Wn5tk r}tdt|t|fnXt|d|\}}} } | t k} |j ||d|d| d| dS(Ns %s for %sRMRRRG( RjRRRRRRRRPRR( ReRMRRRXRRRRRFRGR((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt edit_files & cC`sw|j|}t|}y |jj|d|}|SWn5tk rr}tdt|t|fnXdS(NRMs %s for %s(RRRRRRR(ReRMRXRRR((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRs c C`sw|j|}tj|}|j|}t|}tjdt|t|t|fy|jj|\}}} Wn5t k r} t dt | t |fnX|dkrt d|nt di} | j ||d|} |j| |tj||jtj||j|jtjdt|t|t|t|fdS(Nu@Rekeying file "%s" to with new vault-id "%s" and vault secret %ss %s for %ss<The value for the new_password to rekey %s with is not validRRGuiRekeyed file "%s" (decrypted with vault id "%s") was encrypted with new vault-id "%s" and vault secret %s(RR~tstatRRRsRRRRRRjRRRtchmodtst_modetchowntst_uidtst_gid( ReRMtnew_vault_secrett new_vault_idtprevRXRRRRRt new_vaulttb_new_vaulttext((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt rekey_files&  #&   cC`syF|dkr!tjj}n$t|d}|j}WdQXWnPtk r}t|}|syt|}ntdt||fnX|S(NRRs#Unable to read source file (%s): %s(tsyststdinR4RRLRtreprR(ReRMR/RRRO((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRs   ic C`st|dd}t}y.t|toBtj|tjdk}Wntk rYnX|rtj|dtj ||n}|dkrt t j dt j }|j |nItj j|r|r|j|qtj|ntjd}zy1tj|tjtjBtjBtjB|} WnTtk r} | jtjkrotdt| ntd t| nXzTy$tj| dtj | |Wn)tk r} td t| nXWd tj| XWd tj|Xd S( s)Write the data bytes to given path This is used to write a byte string to a file or stdout. It is used for writing the results of vault encryption or decryption. It is used for saving the ciphertext after encryption and it is also used for saving the plaintext after decrypting a vault. The type of the 'data' arg should be bytes, since in the plaintext case, the original contents can be of any text encoding or arbitrary binary data. When used to write the result of vault encryption, the val of the 'data' arg should be a utf-8 encoded byte string and not a text typ and not a text type.. When used to write the result of vault decryption, the val of the 'data' arg should be a byte string and not a text type. :arg data: the byte string (bytes) data :arg thefile: file descriptor or filename to save 'data' to. :arg shred: if shred==True, make sure that the original data is first shredded so that is cannot be recovered. :returns: None R&R'iiRtbufferi?s:Vault file got recreated while we were operating on it: %ss)Problem creating temporary vault file: %ss+Unable to write to temporary vault file: %sN(RR+t isinstancetinttfcntltF_GETFDRLR~t ftruncateRtgetattrRRRRRRtumaskRtO_CREATtO_EXCLtO_RDWRtO_TRUNCRterrnotEEXISTRRR( ReR/tthefileRtmodet b_file_datatis_fdtoutputt current_umaskRtoseR((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRs@.  1cC`sd}tjj|r7tj|}tj|ntj|||dk rtj||j tj ||j |j ndS(N( RjR~RRRRtshutiltmoveRRRRR(RetsrctdestR((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRes cC`s5tjjdd}tj|}|j||S(NtEDITORtvi(R~tenvirontgettshlexR>RQ(ReRMt env_editorteditor((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRts N(R R!RjRfRRR+RRRRR R R RRRR.RRR(((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRs   % !+    ( M t VaultAES256cB`seZdZdZedZedZedZedZ edZ edZ edZ ed Z ed Zed Zed ZRS( sw Vault implementation using AES-CTR with an HMAC-SHA256 authentication code. Keys are derived using PBKDF2 cC`s!t rt rttndS(N(tHAS_CRYPTOGRAPHYt HAS_PYCRYPTORtNEED_CRYPTO_LIBRARY(Re((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRfsc C`sHtdtjdd||d|dddt}|j|}|S(Nt algorithmtlengthitsaltt iterationsi'tbackend(R R RtCRYPTOGRAPHY_BACKENDtderive(t b_passwordR]t key_lengtht iv_lengthtkdft b_derivedkey((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt_create_key_cryptographys  cC`st}tj|||jS(N(tSHA256_pycryptot HMAC_pycryptotnewtdigest(Rtst hash_function((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt _pbkdf2_prfsc C`s0t||dd||ddd|j}|S(NtdkLeniR7i'tprf(tPBKDF2_pycryptoRT(tclsRHR]RIRJRL((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt_create_key_pycryptosc C`sd}trPtjjd}|j||||}||d|d|!}nVtrd}|j||||}t||d|d|!}ntt d|| }|||d!}|||fS(Ni iiis(Detected in initctr)( R>RRt block_sizeRMR?RYRRR@( RXRHR]RIRJRLtb_ivtb_key1tb_key2((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt_gen_key_initctrs" c C`sttj|tj|t}|j}tjtjj j }|j |j ||j }||j 7}t |tjt}|j ||j } tt| ddt|fS(NR&R(tC_CipherRRRtCTRRFt encryptorR tPKCS7RZtpaddertupdatetfinalizeR R RRR( RR\R]R[tcipherRaRcRHthmactb_hmac((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt_encrypt_cryptographys$ "  c C`stj}|t||p |}|t|t|dddd7}tjddt|d}tj|tjd|}|j |}t j||t } t| j dd t |fS( NR$R%R&R'it initial_valueitcounterR(t AES_pycryptoRZR?RtchrtCounter_pycryptoRPRtMODE_CTRRRORNt hexdigestR( RR\R]R[tbstpadding_lengthtctrRfRHRg((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt_encrypt_pycryptos &c C`s|dkrtdntjd}|j}|j||\}}}tru|j||||\}} n7tr|j ||||\}} nt t ddj t ||| g} t | } | S(Ns'The secret passed to encrypt() was Nonei s(Detected in encrypt)s (RjRR~RRgR^R>RiR?RtRR@R@R( RXRRaR]RHR\R]R[RhRHRX((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyRs  !! c C`st|tjt}|j|y|jt|Wn#tk ra}td|nXt t j |t j |t}|j} tjdj} | j| j|| j| j} | S(NsHMAC verification failed: %si(R R RRFRdtverifyR\RRR_RRRR`t decryptorR RbtunpadderRe( RXRHR^R\R]R[RgRRfRvRwR((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt_decrypt_cryptographys $  cC`st|tot|ts-tdnt|t|krItSd}xNt||D]=\}}tr|||AO}q_|t|t|AO}q_W|dkS(s Comparing 2 byte arrrays in constant time to avoid timing attacks. It would be nice if there was a library for this but hey. s6_is_equal can only be used to compare two byte stringsi(RRR*R?R+RRtord(tb_atb_btresulttb_xtb_y((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt _is_equals c C`stj||t}|j|t|js7dStjddt|d}t j|t j d|}|j |} t r| d} nt | d} | | } | S(NiRjiRki(RORPRNRRRpRjRnRRlRoRRRy( RXRHR^R\R]R[t hmac_decryptRsRfRRr((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyt_decrypt_pycrypto.s  c C`st|\}}}|j}|j||\}}} tr]|j||||| } n4tr|j||||| } nttd| S(Ns(Detected in decrypt)( R`RgR^R>RxR?RRR@( RXRXRaRHR]R^RHR\R]R[R((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyREs (R R!RiRft staticmethodRMRTt classmethodRYR^RiRtRRxRRR(((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyR=s   (qt __future__RRRttypet __metaclass__R)R R~RR:R2RRRtwarningstbinasciiRRRR[R+R>R?tHAS_SOME_PYCRYPTORjRFtcatch_warningst simplefiltertDeprecationWarningtcryptography.exceptionsRtcryptography.hazmat.backendsRtcryptography.hazmat.primitivesR R t#cryptography.hazmat.primitives.hmacR t)cryptography.hazmat.primitives.kdf.pbkdf2R t&cryptography.hazmat.primitives.ciphersR R_RRR.t ImportErrort Crypto.CipherRRlt Crypto.HashRRNROt Crypto.UtilRRntCrypto.Protocol.KDFRRWtansible.errorsRRtansibleRRJtansible.module_utils.sixRRtansible.module_utils.six.movesRtansible.module_utils._textRRRtansible.utils.displayRtansible.utils.pathRRsR-t frozensetRRR@RR"R#R1R9RIRPRZR\R_R`RbRcRlRRRRRRRRRRRR=R(((sB/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.pyts                     )   3 4*0  {