o #fD/@sdZddlmZdgZddlZddlmZmZmZm Z ddl m Z m Z m Z ddlmZmZmZmZmZmZmZdd lmZd d lmZd d lmZmZd d lmZerYd dlmZGdddZdS)z6Implementing support for MySQL Authentication Plugins.) annotationsMySQLAuthenticatorN) TYPE_CHECKINGAnyDictOptional)InterfaceErrorNotSupportedError get_exception)AUTH_SWITCH_STATUSDEFAULT_CHARSET_IDDEFAULT_MAX_ALLOWED_PACKET ERR_STATUSEXCHANGE_FURTHER_STATUS MFA_STATUS OK_STATUS) HandShakeType)logger)MySQLAuthPluginget_auth_plugin) MySQLProtocol) MySQLSocketc @seZdZdZd5ddZed6ddZed7d d Z d8d9ddZd:ddZ d:ddZ d d d d d e d!e d d d d"f d;d3d4Z d S)        z MySQLAuthenticator._mfa_n_factorcs|dtkrt|dkrtd|dtkr7tdt|\}}|||jj ||fi|j IdH}|dt krVtdt |}|jj ||fi|j IdH}|dtkrftd|jj|S|dtkrtdtd |jj|||IdHS|dtkrt|dS) aHandle server's response. Args: sock: Pointer to the socket connection. pkt: Server's response after completing the `HandShakeResponse`. Returns: ok_packet: If last server's response is an OK packet. None: If last server's response isn't an OK packet and no ERROR was raised. Raises: errors.ErrorTypes: If got an ERROR response. NotSupportedError: If got Authentication with old (insecure) passwords. r=zAuthentication with old (insecure) passwords is not supported. For more information, lookup Password Hashing in the latest MySQL manualz+Server's response is an auth switch requestNzExchanging further packetsz%s completed succesfullyz$Starting multi-factor authenticationzMFA 1 factor %s)r lenr rr6rparse_auth_switch_requestr8r!r@rrrArBrr?rrFrr )r$r9r:r-rEr%r%r&_handle_server_responses@          z*MySQLAuthenticator._handle_server_responserrF handshaker password1 password2 password3databasecharset client_flagsmax_allowed_packet auth_pluginr5 conn_attrsOptional[Dict[str, str]]is_change_user_requestr,rcs||_|||d|_t||_| |_tj|||||| | | | | ||j|j d \}|_ |r/dnd}|j |g|RIdHt | IdH}|||IdH}|durXtdd|S)a Perform the authentication phase. During re-authentication you must set `is_change_user_request` to True. Args: sock: Pointer to the socket connection. handshake: Initial handshake. username: Account's username. password1: Account's password factor 1. password2: Account's password factor 2. password3: Account's password factor 3. database: Initial database name for the connection. charset: Client charset (see [1]), only the lower 8-bits. client_flags: Integer representing client capabilities flags. max_allowed_packet: Maximum packet size. auth_plugin: Authorization plugin name. auth_plugin_class: Authorization plugin class (has higher precedence than the authorization plugin name). conn_attrs: Connection attributes. is_change_user_request: Whether is a `change user request` operation or not. plugin_config: Custom configuration to be passed to the auth plugin when invoked. The parameters defined here will override the ones defined in the auth plugin itself. Returns: ok_packet: OK packet. Raises: InterfaceError: If OK packet is NULL. References: [1]: https://dev.mysql.com/doc/dev/mysql-server/latest/ page_protocol_basic_character_set.html#a_protocol_character_set )rr) rKr1passwordrOrPrQrRrSr5rTrVr*r,)rr)NNNzGot a NULL ok_pkt)rrcopydeepcopyrr"r make_authr*r,r!writer;readrJr )r$r9rKr1rLrMrNrOrPrQrRrSr5rTrVr,response_payload send_argsr:ok_pktr%r%r& authenticates65   zMySQLAuthenticator.authenticate)rr)rr()rr+)NNr) r-r.r/r0r1r0r2r3rr)r9rr:r;rr<) r9rrKrr1r.rLr.rMr.rNr.rOr0rPr3rQr3rRr3rSr0r5r0rTrUrVr(r,rrr;)__name__ __module__ __qualname____doc__r'propertyr*r,r8rFrJr rrar%r%r%r&r:s4    " 6;) re __future__r__all__rYtypingrrrrerrorsr r r protocolr r rrrrrtypesrrpluginsrrrnetworkrrr%r%r%r&s $