g9dZddlmZddlmZmZmZmZddlm Z m Z m Z ddl m Z ddl mZmZddlmZmZmZmZmZmZmZmZdd lmZerdd lmZGd d Zd S)z5Implementing support for MySQL Authentication Plugins) annotations) TYPE_CHECKINGAnyDictOptional)InterfaceErrorNotSupportedError get_exception)logger)MySQLAuthPluginget_auth_plugin)AUTH_SWITCH_STATUSDEFAULT_CHARSET_IDDEFAULT_MAX_ALLOWED_PACKET ERR_STATUSEXCHANGE_FURTHER_STATUS MFA_STATUS OK_STATUS MySQLProtocol) HandShakeType) MySQLSocketceZdZdZd5dZed6dZed7dZd8d Ze d e fd9dZ d:d;dZ dMySQLAuthenticatorz$Implements the authentication phase.returnNonecZd|_i|_i|_d|_d|_d|_dS)z Constructor.FN) _username _passwords_plugin_config _ssl_enabled_auth_strategy_auth_plugin_classselfs j/var/www/html/nodeJS/PythonScripts/venv3.11/lib/python3.11/site-packages/mysql/connector/authentication.py__init__zMySQLAuthenticator.__init__8s6 *,.0"'9=15boolc|jS)z&Signals whether or not SSL is enabled.)r"r%s r' ssl_enabledzMySQLAuthenticator.ssl_enabledAs   r)Dict[str, Any]c|jS)aCustom arguments that are being provided to the authentication plugin when called. The parameters defined here will override the ones defined in the auth plugin itself. The plugin config is a read-only property - the plugin configuration provided when invoking `authenticate()` is recorded and can be queried by accessing this property. Returns: dict: The latest plugin configuration provided when invoking `authenticate()`. )r!r%s r' plugin_configz MySQLAuthenticator.plugin_configFs ""r)configc:|j|dS)z,Update the 'plugin_config' instance variableN)r!update)r&r0s r'update_plugin_configz'MySQLAuthenticator.update_plugin_configWs ""6*****r)rsockrhoststr ssl_optionsOptional[Dict[str, Any]]charsetint client_flagsmax_allowed_packetbytesc ^|i}tj|||}||tjd||d|d|d|dd|d d|d |d  }tjd |||tjdd|_|S)aSets up an SSL communication channel. Args: sock: Pointer to the socket connection. host: Server host name. ssl_options: SSL and TLS connection options (see `network.MySQLSocket.build_ssl_context`). charset: Client charset (see [1]), only the lower 8-bits. client_flags: Integer representing client capabilities flags. max_allowed_packet: Maximum packet size. Returns: ssl_request_payload: Payload used to carry out SSL authentication. References: [1]: https://dev.mysql.com/doc/dev/mysql-server/latest/ page_protocol_basic_character_set.html#a_protocol_character_set N)r9r;r<zBuilding SSL contextcacertkey verify_certFverify_identity tls_versionstls_ciphersuites)ssl_cassl_certssl_keyssl_verify_certssl_verify_identityrDtls_cipher_suiteszSwitching to SSLzSSL has been enabledT) r make_auth_sslsendr debugbuild_ssl_contextget switch_to_sslr") r&r4r5r7r9r;r<ssl_request_payload ssl_contexts r' setup_sslzMySQLAuthenticator.setup_ssl[s)6  K,9%1    %&&& +,,,,,??4(( __V,,OOE**'OOM5AA +0A5 I I$88)oo.@AA-    '((( ;--- +,,, ""r)Nrnew_strategy_namestrategy_class Optional[str]usernamepassword_factorc||j}||j}tjd|t ||||j|d|j|_dS)aSwitches the authorization plugin. Args: new_strategy_name: New authorization plugin name to switch to. strategy_class: New authorization plugin class to switch to (has higher precedence than the authorization plugin name). username: Username to be used - if not defined, the username provided when `authentication()` was invoked is used. password_factor: Up to three levels of authentication (MFA) are allowed, hence you can choose the password corresponding to the 1st, 2nd, or 3rd factor - 1st is the default. NzSwitching to strategy %s) plugin_nameauth_plugin_classr)r,) rr$r rNrr rPr,r#)r&rUrVrXrYs r'_switch_auth_strategyz(MySQLAuthenticator._switch_auth_strategys&  ~H  !!4N /1BCCC o)^     O   4 4(    r)pktOptional[bytes]cd}|dtkr||jvrtdtj|\}}|||t jd||jj |jj ||fi|j }|dtkr-tj |}|jj||fi|j }|dtkrt jd|S|dt krt#||dz }|dtkt jdd S) a Handles MFA (Multi-Factor Authentication) response. Up to three levels of authentication (MFA) are allowed. Args: sock: Pointer to the socket connection. pkt: MFA response. Returns: ok_packet: If last server's response is an OK packet. None: If last server's response isn't an OK packet and no ERROR was raised. Raises: InterfaceError: If got an invalid N factor. errors.ErrorTypes: If got an ERROR response. z5Failed Multi Factor Authentication (invalid N factor))rYzMFA %i factor %szMFA completed succesfullyrz"MFA terminated with a no ok packetN)rr r rparse_auth_next_factorr]r rNr#nameauth_switch_responser!rparse_auth_more_dataauth_more_responserrr warning)r&r4r^n_factorrU auth_datas r' _mfa_n_factorz MySQLAuthenticator._mfa_n_factorsx*!f ""t..$K,9+OPS+T+T ( y  & &'8( & S S S L+Xt7J7O P P P:$%:i#'#6C1v000)>sCC   q6' ' ' LF G G G+8+RSV+W+W ( y  & &'8 9 9 9:$%:i#'#6C q6, , , L5 6 6 6%:3??I8$%8i#'#6C q6Y   L3T5H5M N N NJ q6Z   L? @ @ @ L*D,?,D E E E%%dC00 0 q6Z  $$ $tr)rF handshaker password1 password2 password3database auth_pluginr\ conn_attrsOptional[Dict[str, str]]is_change_user_request read_timeout Optional[int] write_timeoutcf||_|||d|_| |_tj|||||| | | | | ||j|j \}|_|rdd|fndd|f}|j|g|Rt| |}| ||}|tdd|S)aPerforms the authentication phase. During re-authentication you must set `is_change_user_request` to True. Args: sock: Pointer to the socket connection. handshake: Initial handshake. username: Account's username. password1: Account's password factor 1. password2: Account's password factor 2. password3: Account's password factor 3. database: Initial database name for the connection. charset: Client charset (see [1]), only the lower 8-bits. client_flags: Integer representing client capabilities flags. max_allowed_packet: Maximum packet size. auth_plugin: Authorization plugin name. auth_plugin_class: Authorization plugin class (has higher precedence than the authorization plugin name). conn_attrs: Connection attributes. is_change_user_request: Whether is a `change user request` operation or not. read_timeout: Timeout in seconds upto which the connector should wait for the server to reply back before raising an ReadTimeoutError. write_timeout: Timeout in seconds upto which the connector should spend to send data to the server before raising an WriteTimeoutError. Returns: ok_packet: OK packet. Raises: InterfaceError: If OK packet is NULL. ReadTimeoutError: If the time taken for the server to reply back exceeds 'read_timeout' (if set). WriteTimeoutError: If the time taken to send data packets to the server exceeds 'write_timeout' (if set). References: [1]: https://dev.mysql.com/doc/dev/mysql-server/latest/ page_protocol_basic_character_set.html#a_protocol_character_set )rra) rqrXpasswordrur9r;r<rvr\rwryr,r/rNzGot a NULL ok_pkt) rr r$r make_authr,r/r#rMr=recvrpr )r&r4rqrXrrrsrtrur9r;r<rvr\rwryrzr|response_payload send_argsr^ok_pkts r' authenticatezMySQLAuthenticator.authenticate#st"'I)DD"31>0G%1#/!#9(,1 1 1 -$-&& -Q= ! !m,   "/Y////DIIl++,,--dC88 > !4554 ? r))rr)rr*)rr-)r0r-rr)r4rr5r6r7r8r9r:r;r:r<r:rr=)NNr) rUr6rVrWrXrWrYr:rr)r4rr^r=rr_)"r4rrqrrXr6rrr6rsr6rtr6rurWr9r:r;r:r<r:rvrWr\rWrwrxryr*rzr{r|r{rr=)__name__ __module__ __qualname____doc__r(propertyr,r/r3rrrTr]rkrprr)r'rr5sB..6666!!!X!###X# ++++*"<7#7#7#7#7#x)-"&      D4444l5555v"&)"<%)+//3',&*'+#^^^^^^^r)rN)r __future__rtypingrrrrerrorsr r r r pluginsr rprotocolrrrrrrrrtypesrnetworkrrrr)r'rsY:<;""""""555555555555DDDDDDDDDD55555555                    ! %$$$$$$LLLLLLLLLLr)