def _auth_switch_request(self, username=None, password=None): """Handle second part of authentication Raises NotSupportedError when we get the old, insecure password reply back. Raises any error coming from MySQL. """ packet = yield from self._socket.recv() if packet[4] == 254 and len(packet) == 5: raise errors.NotSupportedError( "Authentication with old (insecure) passwords " "is not supported. For more information, lookup " "Password Hashing in the latest MySQL manual") elif packet[4] == 254: # AuthSwitchRequest (new_auth_plugin, auth_data) = self._protocol.parse_auth_switch_request(packet) auth = get_auth_plugin(new_auth_plugin)( auth_data, password=password, ssl_enabled=self._ssl_active) response = auth.auth_response() yield from self._socket.drain() if response == b'\x00': self._socket.send(b'') else: self._socket.send(response) packet = yield from self._socket.recv() if packet[4] != 1: return self._handle_ok(packet) else: auth_data = self._protocol.parse_auth_more_data(packet) elif packet[4] == 255: raise errors.get_exception(packet)
def test_get_auth_plugin(self): self.assertRaises(mysql.connector.NotSupportedError, authentication.get_auth_plugin, 'spam') self.assertRaises(mysql.connector.NotSupportedError, authentication.get_auth_plugin, '') # Test using standard plugins plugin_classes = {} for name, obj in inspect.getmembers(authentication): if inspect.isclass(obj) and hasattr(obj, 'plugin_name'): if obj.plugin_name: plugin_classes[obj.plugin_name] = obj for plugin_name in _STANDARD_PLUGINS: self.assertEqual(plugin_classes[plugin_name], authentication.get_auth_plugin(plugin_name), "Failed getting class for {0}".format(plugin_name))
def _auth_response(self, client_flags, username, password, database, auth_plugin, auth_data, ssl_enabled): """Prepare the authentication response""" if not password: return '\x00' try: auth = get_auth_plugin(auth_plugin)(auth_data, username=username, password=password, database=database, ssl_enabled=ssl_enabled) plugin_auth_response = auth.auth_response() except (TypeError, errors.InterfaceError) as exc: raise errors.ProgrammingError( "Failed authentication: {0}".format(str(exc))) if client_flags & ClientFlag.SECURE_CONNECTION: resplen = len(plugin_auth_response) auth_response = struct.pack('<B', resplen) + plugin_auth_response else: auth_response = plugin_auth_response + '\x00' return auth_response