1616import traceback
1717import warnings
1818
19+ < << << << HEAD
1920from .charset import charset_by_name , charset_by_id
21+ == == == =
22+ from .auth import sha256_password_plugin as _auth
23+ from .charset import MBLENGTH , charset_by_name , charset_by_id
24+ > >> >> >> 695 df63 ... Add support for SHA256 auth plugin
2025from .constants import CLIENT , COMMAND , CR , FIELD_TYPE , SERVER_STATUS
2126from . import converters
2227from .cursors import Cursor
4348 # KeyError occurs when there's no entry in OS database for a current user.
4449 DEFAULT_USER = None
4550
46-
4751DEBUG = False
4852
4953_py_version = sys .version_info [:2 ]
@@ -107,7 +111,6 @@ def _scramble(password, message):
107111 result = s .digest ()
108112 return _my_crypt (result , stage1 )
109113
110-
111114def _my_crypt (message1 , message2 ):
112115 length = len (message1 )
113116 result = b''
@@ -186,6 +189,7 @@ def lenenc_int(i):
186189 else :
187190 raise ValueError ("Encoding %x is larger than %x - no representation in LengthEncodedInteger" % (i , (1 << 64 )))
188191
192+
189193class Connection (object ):
190194 """
191195 Representation of a socket with a mysql server.
@@ -240,6 +244,7 @@ class Connection(object):
240244 The class needs an authenticate method taking an authentication packet as
241245 an argument. For the dialog plugin, a prompt(echo, prompt) method can be used
242246 (if no authenticate method) for returning a string from the user. (experimental)
247+ :param server_public_key: SHA256 authenticaiton plugin public key value. (default: '')
243248 :param db: Alias for database. (for compatibility to MySQLdb)
244249 :param passwd: Alias for password. (for compatibility to MySQLdb)
245250 :param binary_prefix: Add _binary prefix on bytes and bytearray. (default: False)
@@ -262,7 +267,7 @@ def __init__(self, host=None, user=None, password="",
262267 autocommit = False , db = None , passwd = None , local_infile = False ,
263268 max_allowed_packet = 16 * 1024 * 1024 , defer_connect = False ,
264269 auth_plugin_map = {}, read_timeout = None , write_timeout = None ,
265- bind_address = None , binary_prefix = False ):
270+ bind_address = None , binary_prefix = False , server_public_key = '' ):
266271 if no_delay is not None :
267272 warnings .warn ("no_delay option is deprecated" , DeprecationWarning )
268273
@@ -379,6 +384,9 @@ def _config(key, arg):
379384 self .max_allowed_packet = max_allowed_packet
380385 self ._auth_plugin_map = auth_plugin_map
381386 self ._binary_prefix = binary_prefix
387+ if b"sha256_password" not in self ._auth_plugin_map :
388+ self ._auth_plugin_map [b"sha256_password" ] = _auth .SHA256PasswordPlugin
389+ self .server_public_key = server_public_key
382390 if defer_connect :
383391 self ._sock = None
384392 else :
@@ -507,7 +515,7 @@ def select_db(self, db):
507515
508516 def escape (self , obj , mapping = None ):
509517 """Escape whatever value you pass to it.
510-
518+
511519 Non-standard, for internal use; do not use this in your applications.
512520 """
513521 if isinstance (obj , str_type ):
@@ -521,7 +529,7 @@ def escape(self, obj, mapping=None):
521529
522530 def literal (self , obj ):
523531 """Alias for escape()
524-
532+
525533 Non-standard, for internal use; do not use this in your applications.
526534 """
527535 return self .escape (obj , self .encoders )
@@ -861,6 +869,14 @@ def _request_authentication(self):
861869 authresp = b''
862870 if self ._auth_plugin_name in ('' , 'mysql_native_password' ):
863871 authresp = _scramble (self .password .encode ('latin1' ), self .salt )
872+ elif self ._auth_plugin_name == 'sha256_password' :
873+ if self .ssl and self .server_capabilities & CLIENT .SSL :
874+ authresp = self .password .encode ('latin1' ) + b'\0 '
875+ else :
876+ if self .password is not None :
877+ authresp = b'\1 '
878+ else :
879+ authresp = b'\0 '
864880
865881 if self .server_capabilities & CLIENT .PLUGIN_AUTH_LENENC_CLIENT_DATA :
866882 data += lenenc_int (len (authresp )) + authresp
@@ -896,24 +912,20 @@ def _request_authentication(self):
896912 data = _scramble_323 (self .password .encode ('latin1' ), self .salt ) + b'\0 '
897913 self .write_packet (data )
898914 auth_packet = self ._read_packet ()
915+ elif auth_packet .is_extra_auth_data ():
916+ # https://dev.mysql.com/doc/internals/en/successful-authentication.html
917+ handler = self ._get_auth_plugin_handler (self ._auth_plugin_name )
918+ handler .authenticate (auth_packet )
899919
900920 def _process_auth (self , plugin_name , auth_packet ):
901- plugin_class = self ._auth_plugin_map .get (plugin_name )
902- if not plugin_class :
903- plugin_class = self ._auth_plugin_map .get (plugin_name .decode ('ascii' ))
904- if plugin_class :
921+ handler = self ._get_auth_plugin_handler (plugin_name )
922+ if handler != None :
905923 try :
906- handler = plugin_class (self )
907924 return handler .authenticate (auth_packet )
908925 except AttributeError :
909926 if plugin_name != b'dialog' :
910927 raise err .OperationalError (2059 , "Authentication plugin '%s'" \
911928 " not loaded: - %r missing authenticate method" % (plugin_name , plugin_class ))
912- except TypeError :
913- raise err .OperationalError (2059 , "Authentication plugin '%s'" \
914- " not loaded: - %r cannot be constructed with connection object" % (plugin_name , plugin_class ))
915- else :
916- handler = None
917929 if plugin_name == b"mysql_native_password" :
918930 # https://dev.mysql.com/doc/internals/en/secure-password-authentication.html#packet-Authentication::Native41
919931 data = _scramble (self .password .encode ('latin1' ), auth_packet .read_all ())
@@ -958,6 +970,20 @@ def _process_auth(self, plugin_name, auth_packet):
958970 pkt = self ._read_packet ()
959971 pkt .check_error ()
960972 return pkt
973+
974+ def _get_auth_plugin_handler (self , plugin_name ):
975+ plugin_class = self ._auth_plugin_map .get (plugin_name )
976+ if not plugin_class :
977+ plugin_class = self ._auth_plugin_map .get (plugin_name .decode ('ascii' ))
978+ if plugin_class :
979+ try :
980+ handler = plugin_class (self )
981+ except TypeError :
982+ raise err .OperationalError (2059 , "Authentication plugin '%s'" \
983+ " not loaded: - %r cannot be constructed with connection object" % (plugin_name , plugin_class ))
984+ else :
985+ handler = None
986+ return handler
961987
962988 # _mysql support
963989 def thread_id (self ):
@@ -1232,7 +1258,7 @@ def _get_descriptions(self):
12321258 # This behavior is different from TEXT / BLOB.
12331259 # We should decode result by connection encoding regardless charsetnr.
12341260 # See https://github.com/PyMySQL/PyMySQL/issues/488
1235- encoding = conn_encoding # SELECT CAST(... AS JSON)
1261+ encoding = conn_encoding # SELECT CAST(... AS JSON)
12361262 elif field_type in TEXT_TYPES :
12371263 if field .charsetnr == 63 : # binary
12381264 # TEXTs with charset=binary means BINARY types.
0 commit comments