(conn, pkt)
| 211 | |
| 212 | |
| 213 | def caching_sha2_password_auth(conn, pkt): |
| 214 | # No password fast path |
| 215 | if not conn.password: |
| 216 | return _roundtrip(conn, b"") |
| 217 | |
| 218 | if pkt.is_auth_switch_request(): |
| 219 | # Try from fast auth |
| 220 | conn.salt = pkt.read_all() |
| 221 | if conn.salt.endswith(b"\0"): # str.removesuffix is available in 3.9 |
| 222 | conn.salt = conn.salt[:-1] |
| 223 | if DEBUG: |
| 224 | print(f"caching sha2: Trying fast path. salt={conn.salt.hex()!r}") |
| 225 | scrambled = scramble_caching_sha2(conn.password, conn.salt) |
| 226 | pkt = _roundtrip(conn, scrambled) |
| 227 | # else: fast auth is tried in initial handshake |
| 228 | |
| 229 | if not pkt.is_extra_auth_data(): |
| 230 | raise OperationalError( |
| 231 | "caching sha2: Unknown packet for fast auth: %s" % pkt._data[:1] |
| 232 | ) |
| 233 | |
| 234 | # magic numbers: |
| 235 | # 2 - request public key |
| 236 | # 3 - fast auth succeeded |
| 237 | # 4 - need full auth |
| 238 | |
| 239 | pkt.advance(1) |
| 240 | n = pkt.read_uint8() |
| 241 | |
| 242 | if n == 3: |
| 243 | if DEBUG: |
| 244 | print("caching sha2: succeeded by fast path.") |
| 245 | pkt = conn._read_packet() |
| 246 | pkt.check_error() # pkt must be OK packet |
| 247 | return pkt |
| 248 | |
| 249 | if n != 4: |
| 250 | raise OperationalError("caching sha2: Unknown result for fast auth: %s" % n) |
| 251 | |
| 252 | if DEBUG: |
| 253 | print("caching sha2: Trying full auth...") |
| 254 | |
| 255 | if conn._secure: |
| 256 | if DEBUG: |
| 257 | print("caching sha2: Sending plain password via secure connection") |
| 258 | return _roundtrip(conn, conn.password + b"\0") |
| 259 | |
| 260 | if not conn.server_public_key: |
| 261 | pkt = _roundtrip(conn, b"\x02") # Request public key |
| 262 | if not pkt.is_extra_auth_data(): |
| 263 | raise OperationalError( |
| 264 | "caching sha2: Unknown packet for public key: %s" % pkt._data[:1] |
| 265 | ) |
| 266 | |
| 267 | conn.server_public_key = pkt._data[1:] |
| 268 | if DEBUG: |
| 269 | print(conn.server_public_key.decode("ascii")) |
| 270 |
nothing calls this directly
no test coverage detected
searching dependent graphs…