,h9dZddlmZddlmZmZmZmZddlm Z m Z m Z ddl m Z ddl mZmZddlmZmZmZmZmZmZmZmZdd lmZerdd lmZGd d Zy )z5Implementing support for MySQL Authentication Plugins) annotations) TYPE_CHECKINGAnyDictOptional)InterfaceErrorNotSupportedError get_exception)logger)MySQLAuthPluginget_auth_plugin)AUTH_SWITCH_STATUSDEFAULT_CHARSET_IDDEFAULT_MAX_ALLOWED_PACKET ERR_STATUSEXCHANGE_FURTHER_STATUS MFA_STATUS OK_STATUS MySQLProtocol) HandShakeType) MySQLSocketc eZdZdZddZeddZeddZddZe de f ddZ d dd Z dd Z dd Zd d d d de de dddd ddf ddZy)MySQLAuthenticatorz$Implements the authentication phase.cXd|_i|_i|_d|_d|_d|_y)z Constructor.FN) _username _passwords_plugin_config _ssl_enabled_auth_strategy_auth_plugin_classselfs `/var/www/html/Resume-Scraper/venv/lib/python3.12/site-packages/mysql/connector/authentication.py__init__zMySQLAuthenticator.__init__8s0 *,.0"'9=15c|jS)z&Signals whether or not SSL is enabled.)r r#s r% ssl_enabledzMySQLAuthenticator.ssl_enabledAs   r'c|jS)aCustom arguments that are being provided to the authentication plugin when called. The parameters defined here will override the ones defined in the auth plugin itself. The plugin config is a read-only property - the plugin configuration provided when invoking `authenticate()` is recorded and can be queried by accessing this property. Returns: dict: The latest plugin configuration provided when invoking `authenticate()`. )rr#s r% plugin_configz MySQLAuthenticator.plugin_configFs"""r'c:|jj|y)z,Update the 'plugin_config' instance variableN)rupdate)r$configs r%update_plugin_configz'MySQLAuthenticator.update_plugin_configWs ""6*r'rc |i}tj|||}|j|tjd|j |j d|j d|j d|j dd|j dd|j d |j d  }tjd |j||tjd d|_|S)aSets up an SSL communication channel. Args: sock: Pointer to the socket connection. host: Server host name. ssl_options: SSL and TLS connection options (see `network.MySQLSocket.build_ssl_context`). charset: Client charset (see [1]), only the lower 8-bits. client_flags: Integer representing client capabilities flags. max_allowed_packet: Maximum packet size. Returns: ssl_request_payload: Payload used to carry out SSL authentication. References: [1]: https://dev.mysql.com/doc/dev/mysql-server/latest/ page_protocol_basic_character_set.html#a_protocol_character_set )charset client_flagsmax_allowed_packetzBuilding SSL contextcacertkey verify_certFverify_identity tls_versionstls_ciphersuites)ssl_cassl_certssl_keyssl_verify_certssl_verify_identityr9tls_cipher_suiteszSwitching to SSLzSSL has been enabledT) r make_auth_sslsendr debugbuild_ssl_contextget switch_to_sslr ) r$sockhost ssl_optionsr1r2r3ssl_request_payload ssl_contexts r% setup_sslzMySQLAuthenticator.setup_ssl[s6  K,99%1  %& +,,,??4( __V,OOE*'OOM5A +0A5 I$8)oo.@A-   '( ;- +, ""r'Nc| |j}| |j}tjd|t ||||j j |d|j|_y)aSwitches the authorization plugin. Args: new_strategy_name: New authorization plugin name to switch to. strategy_class: New authorization plugin class to switch to (has higher precedence than the authorization plugin name). username: Username to be used - if not defined, the username provided when `authentication()` was invoked is used. password_factor: Up to three levels of authentication (MFA) are allowed, hence you can choose the password corresponding to the 1st, 2nd, or 3rd factor - 1st is the default. NzSwitching to strategy %s) plugin_nameauth_plugin_classr)r)) rr"r rCrrrEr)r!)r$new_strategy_namestrategy_classusernamepassword_factors r%_switch_auth_strategyz(MySQLAuthenticator._switch_auth_strategysq&  ~~H  !!44N /1BC o)^   OO   4((  r'cd}|dtk(r-||jvr tdtj|\}}|j ||t jd||jj|jj||fi|j}|dtk(r=tj|}|jj||fi|j}|dtk(rt jd|S|dt k(r t#||dz }|dtk(r-t j$dy ) a Handles MFA (Multi-Factor Authentication) response. Up to three levels of authentication (MFA) are allowed. Args: sock: Pointer to the socket connection. pkt: MFA response. Returns: ok_packet: If last server's response is an OK packet. None: If last server's response isn't an OK packet and no ERROR was raised. Raises: InterfaceError: If got an invalid N factor. errors.ErrorTypes: If got an ERROR response. z5Failed Multi Factor Authentication (invalid N factor))rSzMFA %i factor %szMFA completed succesfullyrz"MFA terminated with a no ok packetN)rrr rparse_auth_next_factorrTr rCr!nameauth_switch_responserrparse_auth_more_dataauth_more_responserrr warning)r$rGpktn_factorrP auth_datas r% _mfa_n_factorz MySQLAuthenticator._mfa_n_factorsP*!f "t.$K,9+O+OPS+T ( y  & &'8( & S LL+Xt7J7J7O7O P:$%%::i#'#6#6C1v00)>>sC   q6' ' LLF G+8+R+RSV+W ( y  & &'8 9:$%%::i#'#6#6C q6, , LL5 6%::3?I8$%%88i#'#6#6C q6Y  LL3T5H5H5M5M NJ q6Z  LL? @ LL*D,?,?,D,D E%%dC0 0 q6Z $ $r'rFcf||_|||d|_| |_tj|||||| | | | | ||j |j  \}|_|rdd|fndd|f}|j|g|t|j|}|j||}| tdd|S)aPerforms the authentication phase. During re-authentication you must set `is_change_user_request` to True. Args: sock: Pointer to the socket connection. handshake: Initial handshake. username: Account's username. password1: Account's password factor 1. password2: Account's password factor 2. password3: Account's password factor 3. database: Initial database name for the connection. charset: Client charset (see [1]), only the lower 8-bits. client_flags: Integer representing client capabilities flags. max_allowed_packet: Maximum packet size. auth_plugin: Authorization plugin name. auth_plugin_class: Authorization plugin class (has higher precedence than the authorization plugin name). conn_attrs: Connection attributes. is_change_user_request: Whether is a `change user request` operation or not. read_timeout: Timeout in seconds upto which the connector should wait for the server to reply back before raising an ReadTimeoutError. write_timeout: Timeout in seconds upto which the connector should spend to send data to the server before raising an WriteTimeoutError. Returns: ok_packet: OK packet. Raises: InterfaceError: If OK packet is NULL. ReadTimeoutError: If the time taken for the server to reply back exceeds 'read_timeout' (if set). WriteTimeoutError: If the time taken to send data packets to the server exceeds 'write_timeout' (if set). References: [1]: https://dev.mysql.com/doc/dev/mysql-server/latest/ page_protocol_basic_character_set.html#a_protocol_character_set )rrV) handshakerRpassworddatabaser1r2r3 auth_pluginrO conn_attrsis_change_user_requestr)r+rNzGot a NULL ok_pkt) rrr"r make_authr)r+r!rBbytesrecvrfr )r$rGrirR password1 password2 password3rkr1r2r3rlrOrmrn read_timeout write_timeoutresponse_payload send_argsr^ok_pkts r% authenticatezMySQLAuthenticator.authenticate#st"'I)D"31>0G0G%1#/!#9((,,1 -$-&&= !m,   "/Y/DIIl+,--dC8 > !454 ? r')returnNone)r{bool)r{Dict[str, Any])r.r~r{r|)rGrrHstrrIzOptional[Dict[str, Any]]r1intr2rr3rr{rp)NNr) rPrrQ Optional[str]rRrrSrr{r|)rGrr^rpr{zOptional[bytes])"rGrrirrRrrrrrsrrtrrkrr1rr2rr3rrlrrOrrmzOptional[Dict[str, str]]rnr}ru Optional[int]rvrr{rp)__name__ __module__ __qualname____doc__r&propertyr)r+r/rrrLrTrarfrzr'r%rr5s.6!!## +*"<7#7#7#. 7#  7#  7# 7# 7#x)-"&    &        D444  4l555  5v"&)"<%)+//3',&*'+#^^!^ ^  ^  ^^ ^^^ ^#^)^-^!%^ $!^"%#^$ %^r'rN)r __future__rtypingrrrrerrorsr r r r pluginsr rprotocolrrrrrrrrtypesrnetworkrrrr'r%rsE:<"55DD5   !$LLr'