o Jli#7@sdZddlmZddlZddlmZmZmZmZddl m Z m Z m Z ddl m Z ddlmZmZdd lmZmZmZmZmZmZmZmZdd lmZmZerTdd lmZGd d d ZdS)z5Implementing support for MySQL Authentication Plugins) annotationsN) TYPE_CHECKINGAnyDictOptional)InterfaceErrorNotSupportedError get_exception)logger)MySQLAuthPluginget_auth_plugin)AUTH_SWITCH_STATUSDEFAULT_CHARSET_IDDEFAULT_MAX_ALLOWED_PACKET ERR_STATUSEXCHANGE_FURTHER_STATUS MFA_STATUS OK_STATUS MySQLProtocol) ConnAttrsType HandShakeType) MySQLSocketc @seZdZdZd:ddZed;ddZedd?d!d"Z d@d%d&Z d@d'd(Z d)d)d)d)ded e dddd*f dAd8d9ZdS)BMySQLAuthenticatoraImplements the authentication phase. The caller has access to the following API: - ssl_enabled (property, read-only): signals whether or not SSL is enabled. - plugin_config (property, read-only): custom arguments that will be provided to the authentication plugin when called. - setup_ssl (method): Set up an SSL communication channel. - authenticate (method): Performs the authentication phase. returnNonecCs(d|_i|_i|_d|_d|_d|_dS)z Constructor.FN) _username _passwords_plugin_config _ssl_enabled_auth_strategy_auth_plugin_classselfr%n/var/www/html/tatsat2dev/dashboard-backend/venv/lib/python3.10/site-packages/mysql/connector/authentication.py__init__Es  zMySQLAuthenticator.__init__boolcC|jS)z&Signals whether or not SSL is enabled.)r r#r%r%r& ssl_enabledNszMySQLAuthenticator.ssl_enabledDict[str, Any]cCr))zCustom arguments that will be provided to the authentication plugin when called. The parameters defined here will override the ones defined in the auth plugin itself. )rr#r%r%r& plugin_configSsz MySQLAuthenticator.plugin_configrsockrhoststr ssl_optionsOptional[Dict[str, Any]]charsetint client_flagsmax_allowed_packetbytesc Cs|duri}tj|||d}||td|j|d|d|d|dd|d d|d |d d }td |||tdd|_|S)aSet up an SSL communication channel. Args: sock: Pointer to the socket connection. host: Server host name. ssl_options: SSL and TLS connection options (see `network.MySQLSocket.build_ssl_context`). charset: Client charset (see [1]), only the lower 8-bits. client_flags: Integer representing client capabilities flags. max_allowed_packet: Maximum packet size. Returns: ssl_request_payload: Payload used to carry out SSL authentication. References: [1]: https://dev.mysql.com/doc/dev/mysql-server/latest/ page_protocol_basic_character_set.html#a_protocol_character_set N)r2r4r5zBuilding SSL contextcacertkey verify_certFverify_identity tls_versionstls_ciphersuites)ssl_cassl_certssl_keyssl_verify_certssl_verify_identityr<tls_cipher_suiteszSwitching to SSLzSSL has been enabledT) r make_auth_sslsendr debugbuild_ssl_contextget switch_to_sslr ) r$r-r.r0r2r4r5ssl_request_payload ssl_contextr%r%r& setup_ssl]s.      zMySQLAuthenticator.setup_sslNrnew_strategy_namestrategy_class Optional[str]usernamepassword_factorcCsP|dur|j}|dur|j}td|t||d||j|d|jd|_dS)aSwitch the authorization plugin. Args: new_strategy_name: New authorization plugin name to switch to. strategy_class: New authorization plugin class to switch to (has higher precedence than the authorization plugin name). username: Username to be used, if not defined the username provided when `authentication` was called is used. password_factor: Up to three levels of authentication (MFA) are allowed, hence you can choose the password corresponding to the 1st, 2nd, or 3rd factor. 1st is the default. Returns: None. NzSwitching to strategy %s) plugin_nameauth_plugin_classr)r*) rr"r rFr rrHr*r!)r$rMrNrPrQr%r%r&_switch_auth_strategys   z(MySQLAuthenticator._switch_auth_strategypktOptional[bytes]cCsd}|dtkrl||jvrtdt|\}}|j||dtd||jj |jj ||fi|j }|dt krKt |}|jj||fi|j }|dtkrXtd|S|dtkrbt||d7}|dtkstdd S) a Handle MFA (Multi-Factor Authentication) response. Up to three levels of authentication (MFA) are allowed. Args: sock: Pointer to the socket connection. pkt: MFA response. Returns: ok_packet: If last server's response is an OK packet. None: If last server's response isn't an OK packet and no ERROR was raised. Raises: InterfaceError: If got an invalid N factor. errors.ErrorTypes: If got an ERROR response. z5Failed Multi Factor Authentication (invalid N factor))rQzMFA %i factor %szMFA completed succesfullyrz"MFA terminated with a no ok packetN)rrrrparse_auth_next_factorrTr rFr!nameauth_switch_responserrparse_auth_more_dataauth_more_responserrr warning)r$r-rUn_factorrM auth_datar%r%r& _mfa_n_factors<        z MySQLAuthenticator._mfa_n_factorcCs|dtkrt|dkrtd|dtkr3tdt|\}}|||jj ||fi|j }|dt krOtdt |}|jj ||fi|j }|dtkr_td|jj|S|dtkrxtdtd|jj|||S|dtkrt|d S) aHandles server's response. Args: sock: Pointer to the socket connection. pkt: Server's response after completing the `HandShakeResponse`. Returns: ok_packet: If last server's response is an OK packet. None: If last server's response isn't an OK packet and no ERROR was raised. Raises: errors.ErrorTypes: If got an ERROR response. NotSupportedError: If got Authentication with old (insecure) passwords. rXzAuthentication with old (insecure) passwords is not supported. For more information, lookup Password Hashing in the latest MySQL manualz+Server's response is an auth switch requestzExchanging further packetsz%s completed succesfullyz$Starting multi-factor authenticationzMFA 1 factor %sN)rlenr r rFrparse_auth_switch_requestrTr!r[rrr\r]rrZrrarr )r$r-rUrMr`r%r%r&_handle_server_responses>           z*MySQLAuthenticator._handle_server_responserF handshaker password1 password2 password3database auth_pluginrS conn_attrsOptional[ConnAttrsType]is_change_user_requestr,rcKs||_|||d|_t||_| |_tj|||||| | | | | ||j|j d \}|_ |r.dnd}|j |g|Rt | }|||}|durNtdd|S)aPerforms the authentication phase. During re-authentication you should set `is_change_user_request` to True. Args: sock: Pointer to the socket connection. handshake: Initial handshake. username: Account's username. password1: Account's password factor 1. password2: Account's password factor 2. password3: Account's password factor 3. database: Initial database name for the connection charset: Client charset (see [1]), only the lower 8-bits. client_flags: Integer representing client capabilities flags. max_allowed_packet: Maximum packet size. auth_plugin: Authorization plugin name. auth_plugin_class: Authorization plugin class (has higher precedence than the authorization plugin name). conn_attrs: Connection attributes. is_change_user_request: Whether is a `change user request` operation or not. plugin_config: Custom configuration to be passed to the auth plugin when invoked. The parameters defined here will override the ones defined in the auth plugin itself. Returns: ok_packet: OK packet. Raises: InterfaceError: If OK packet is NULL. References: [1]: https://dev.mysql.com/doc/dev/mysql-server/latest/ page_protocol_basic_character_set.html#a_protocol_character_set )rrW) rfrPpasswordrjr2r4r5rkrSrlrnr*r,)rr)NNNzGot a NULL ok_pkt)rrcopydeepcopyrr"r make_authr*r,r!rEr6recvrer)r$r-rfrPrgrhrirjr2r4r5rkrSrlrnr,response_payload send_argsrUok_pktr%r%r& authenticate(s45     zMySQLAuthenticator.authenticate)rr)rr()rr+)r-rr.r/r0r1r2r3r4r3r5r3rr6)NNr) rMr/rNrOrPrOrQr3rr)r-rrUr6rrV) r-rrfrrPr/rgr/rhr/rir/rjrOr2r3r4r3r5r3rkrOrSrOrlrmrnr(r,rrr6)__name__ __module__ __qualname____doc__r'propertyr*r,rrrLrTrarerxr%r%r%r&r7s<    < % 6;r) r| __future__rrqtypingrrrrerrorsrr r r pluginsr r protocolrrrrrrrrtypesrrnetworkrrr%r%r%r&s  (