*h9SrSSKJr SSKJrJrJrJr SSKJ r J r J r SSK J r SSK JrJr SSKJrJrJrJrJrJrJrJr SS KJr \(aSS KJr "S S 5rg )z5Implementing support for MySQL Authentication Plugins) annotations) TYPE_CHECKINGAnyDictOptional)InterfaceErrorNotSupportedError get_exception)logger)MySQLAuthPluginget_auth_plugin)AUTH_SWITCH_STATUSDEFAULT_CHARSET_IDDEFAULT_MAX_ALLOWED_PACKET ERR_STATUSEXCHANGE_FURTHER_STATUS MFA_STATUS OK_STATUS MySQLProtocol) HandShakeType) MySQLSocketc@\rSrSrSrSSjr\SSj5r\SSj5rSSjr \ S\ 4SSjjr SSS jjr SS jrSS jrS S S S S \ S\ S S S SS S 4SSjjrSrg )MySQLAuthenticator5z$Implements the authentication phase.cXSUl0Ul0UlSUlSUlSUlg)z Constructor.FN) _username _passwords_plugin_config _ssl_enabled_auth_strategy_auth_plugin_classselfs V/var/www/auris/envauris/lib/python3.13/site-packages/mysql/connector/authentication.py__init__MySQLAuthenticator.__init__8s0 *,.0"'9=15cUR$)z&Signals whether or not SSL is enabled.)r!r$s r& ssl_enabledMySQLAuthenticator.ssl_enabledAs   r)cUR$)aCustom arguments that are being provided to the authentication plugin when called. The parameters defined here will override the ones defined in the auth plugin itself. The plugin config is a read-only property - the plugin configuration provided when invoking `authenticate()` is recorded and can be queried by accessing this property. Returns: dict: The latest plugin configuration provided when invoking `authenticate()`. )r r$s r& plugin_config MySQLAuthenticator.plugin_configFs"""r)c:URRU5 g)z,Update the 'plugin_config' instance variableN)r update)r%configs r&update_plugin_config'MySQLAuthenticator.update_plugin_configWs ""6*r)rc Uc0n[R"UUUS9nURU5 [R"S5 UR UR S5UR S5UR S5UR SS5UR SS5UR S 5UR S 5S 9n[R"S 5 URX5 [R"S 5 SUlU$)a{Sets up an SSL communication channel. Args: sock: Pointer to the socket connection. host: Server host name. ssl_options: SSL and TLS connection options (see `network.MySQLSocket.build_ssl_context`). charset: Client charset (see [1]), only the lower 8-bits. client_flags: Integer representing client capabilities flags. max_allowed_packet: Maximum packet size. Returns: ssl_request_payload: Payload used to carry out SSL authentication. References: [1]: https://dev.mysql.com/doc/dev/mysql-server/latest/ page_protocol_basic_character_set.html#a_protocol_character_set )charset client_flagsmax_allowed_packetzBuilding SSL contextcacertkey verify_certFverify_identity tls_versionstls_ciphersuites)ssl_cassl_certssl_keyssl_verify_certssl_verify_identityr>tls_cipher_suiteszSwitching to SSLzSSL has been enabledT) r make_auth_sslsendr debugbuild_ssl_contextget switch_to_sslr!) r%sockhost ssl_optionsr6r7r8ssl_request_payload ssl_contexts r& setup_sslMySQLAuthenticator.setup_ssl[s6  K,99%1  %& +,,,??4( __V,OOE*'OOM5A +0A5 I$8)oo.@A-   '( ;- +, ""r)NcUc URnUc URn[R"SU5 [ XS9"UUR R US5URS9Ulg)a^Switches the authorization plugin. Args: new_strategy_name: New authorization plugin name to switch to. strategy_class: New authorization plugin class to switch to (has higher precedence than the authorization plugin name). username: Username to be used - if not defined, the username provided when `authentication()` was invoked is used. password_factor: Up to three levels of authentication (MFA) are allowed, hence you can choose the password corresponding to the 1st, 2nd, or 3rd factor - 1st is the default. NzSwitching to strategy %s) plugin_nameauth_plugin_classr)r+) rr#r rHrrrJr+r")r%new_strategy_namestrategy_classusernamepassword_factors r&_switch_auth_strategy(MySQLAuthenticator._switch_auth_strategysk&  ~~H  !!44N /1BC-)   OO   4((  r)cSnUS[:XGa/X0R;a [S5e[R"U5upEUR XCS9 [ R"SX0RR5 URR"X40URD6nUS[:Xa=[R"U5nURR"X40URD6nUS[:Xa[ R"S5 U$US[ :Xa [#U5eUS- nUS[:XaGM/[ R$"S5 g ) aHandles MFA (Multi-Factor Authentication) response. Up to three levels of authentication (MFA) are allowed. Args: sock: Pointer to the socket connection. pkt: MFA response. Returns: ok_packet: If last server's response is an OK packet. None: If last server's response isn't an OK packet and no ERROR was raised. Raises: InterfaceError: If got an invalid N factor. errors.ErrorTypes: If got an ERROR response. z5Failed Multi Factor Authentication (invalid N factor))rYzMFA %i factor %szMFA completed succesfullyrz"MFA terminated with a no ok packetN)rrr rparse_auth_next_factorrZr rHr"nameauth_switch_responser rparse_auth_more_dataauth_more_responserrr warning)r%rLpktn_factorrV auth_datas r& _mfa_n_factor MySQLAuthenticator._mfa_n_factors@*!f ".$K,9+O+OPS+T (   & &'8 & S LL+X7J7J7O7O P%%::#'#6#6C1v00)>>sC ))<<'+':':1v" 89 1v##C(( MH7!f ": ;<r)cZUS[:Xa[U5S:Xa [S5eUS[:Xaf[R"S5 [ R "U5up4URU5 URR"X40URD6nUS[:XaS[R"S5 [ R"U5nURR"X40URD6nUS[:Xa-[R"SURR5 U$US[ :XaR[R"S5 [R"SURR5 UR#X5$US[$:Xa ['U5eg ) aHandles server's response. Args: sock: Pointer to the socket connection. pkt: Server's response after completing the `HandShakeResponse`. Returns: ok_packet: If last server's response is an OK packet. None: If last server's response isn't an OK packet and no ERROR was raised. Raises: errors.ErrorTypes: If got an ERROR response. NotSupportedError: If got Authentication with old (insecure) passwords. r^zAuthentication with old (insecure) passwords is not supported. For more information, lookup Password Hashing in the latest MySQL manualz+Server's response is an auth switch requestzExchanging further packetsz%s completed succesfullyz$Starting multi-factor authenticationzMFA 1 factor %sN)rlenr r rHrparse_auth_switch_requestrZr"rar rrbrcrr`rrhrr )r%rLrerVrgs r&_handle_server_response*MySQLAuthenticator._handle_server_responsest& q6' 'CHM#>  q6' ' LLF G+8+R+RSV+W (   & &'8 9%%::#'#6#6C q6, , LL5 6%::3?I%%88#'#6#6C q6Y  LL3T5H5H5M5M NJ q6Z  LL? @ LL*D,?,?,D,D E%%d0 0 q6Z $ $r)rFchX0lXEUS.UlXl[R"UUUUUU U U U U UUR UR S9 unUlU(aSSU4OSSU4nUR"U/UQ76 [URU55nURUU5nUc [S5SeU$)aPerforms the authentication phase. During re-authentication you must set `is_change_user_request` to True. Args: sock: Pointer to the socket connection. handshake: Initial handshake. username: Account's username. password1: Account's password factor 1. password2: Account's password factor 2. password3: Account's password factor 3. database: Initial database name for the connection. charset: Client charset (see [1]), only the lower 8-bits. client_flags: Integer representing client capabilities flags. max_allowed_packet: Maximum packet size. auth_plugin: Authorization plugin name. auth_plugin_class: Authorization plugin class (has higher precedence than the authorization plugin name). conn_attrs: Connection attributes. is_change_user_request: Whether is a `change user request` operation or not. read_timeout: Timeout in seconds upto which the connector should wait for the server to reply back before raising an ReadTimeoutError. write_timeout: Timeout in seconds upto which the connector should spend to send data to the server before raising an WriteTimeoutError. Returns: ok_packet: OK packet. Raises: InterfaceError: If OK packet is NULL. ReadTimeoutError: If the time taken for the server to reply back exceeds 'read_timeout' (if set). WriteTimeoutError: If the time taken to send data packets to the server exceeds 'write_timeout' (if set). References: [1]: https://dev.mysql.com/doc/dev/mysql-server/latest/ page_protocol_basic_character_set.html#a_protocol_character_set )rr]) handshakerXpassworddatabaser6r7r8 auth_pluginrU conn_attrsis_change_user_requestr+r.rNzGot a NULL ok_pkt) rrr#r make_authr+r.r"rGbytesrecvrnr )r%rLrrrX password1 password2 password3rtr6r7r8rurUrvrw read_timeout write_timeoutresponse_payload send_argsreok_pkts r& authenticateMySQLAuthenticator.authenticate#st"')D"31>0G0G%1#/!#9((,,1 -$-&&= !m,  "/Y/DIIl+,--dC8 > !454 ? r))r#r"rr r!r)returnNone)rbool)rDict[str, Any])r2rrr)rLrrMstrrNzOptional[Dict[str, Any]]r6intr7rr8rrry)NNr) rVrrW Optional[str]rXrrYrrr)rLrreryrzOptional[bytes])"rLrrrrrXrr{rr|rr}rrtrr6rr7rr8rrurrUrrvzOptional[Dict[str, str]]rwrr~ Optional[int]rrrry)__name__ __module__ __qualname____firstlineno____doc__r'propertyr+r.r3rrrQrZrhrnr__static_attributes__r)r&rr5s.6!!## +*"<7#7#7#. 7#  7#  7# 7# 7#x)-"&    &        D444  4l555  5v"&)"<%)+//3',&*'+#^^!^ ^  ^  ^^ ^^^ ^#^)^-^!%^ $!^"%#^$ %^^r)rN)r __future__rtypingrrrrerrorsr r r r pluginsr rprotocolrrrrrrrrtypesrnetworkrrrr)r&rsE:<"55DD5   !$LLr)