MCPcopy
hub / github.com/PyMySQL/PyMySQL / caching_sha2_password_auth

Function caching_sha2_password_auth

pymysql/_auth.py:213–272  ·  view source on GitHub ↗
(conn, pkt)

Source from the content-addressed store, hash-verified

211
212
213def caching_sha2_password_auth(conn, pkt):
214 # No password fast path
215 if not conn.password:
216 return _roundtrip(conn, b"")
217
218 if pkt.is_auth_switch_request():
219 # Try from fast auth
220 conn.salt = pkt.read_all()
221 if conn.salt.endswith(b"\0"): # str.removesuffix is available in 3.9
222 conn.salt = conn.salt[:-1]
223 if DEBUG:
224 print(f"caching sha2: Trying fast path. salt={conn.salt.hex()!r}")
225 scrambled = scramble_caching_sha2(conn.password, conn.salt)
226 pkt = _roundtrip(conn, scrambled)
227 # else: fast auth is tried in initial handshake
228
229 if not pkt.is_extra_auth_data():
230 raise OperationalError(
231 "caching sha2: Unknown packet for fast auth: %s" % pkt._data[:1]
232 )
233
234 # magic numbers:
235 # 2 - request public key
236 # 3 - fast auth succeeded
237 # 4 - need full auth
238
239 pkt.advance(1)
240 n = pkt.read_uint8()
241
242 if n == 3:
243 if DEBUG:
244 print("caching sha2: succeeded by fast path.")
245 pkt = conn._read_packet()
246 pkt.check_error() # pkt must be OK packet
247 return pkt
248
249 if n != 4:
250 raise OperationalError("caching sha2: Unknown result for fast auth: %s" % n)
251
252 if DEBUG:
253 print("caching sha2: Trying full auth...")
254
255 if conn._secure:
256 if DEBUG:
257 print("caching sha2: Sending plain password via secure connection")
258 return _roundtrip(conn, conn.password + b"\0")
259
260 if not conn.server_public_key:
261 pkt = _roundtrip(conn, b"\x02") # Request public key
262 if not pkt.is_extra_auth_data():
263 raise OperationalError(
264 "caching sha2: Unknown packet for public key: %s" % pkt._data[:1]
265 )
266
267 conn.server_public_key = pkt._data[1:]
268 if DEBUG:
269 print(conn.server_public_key.decode("ascii"))
270

Callers

nothing calls this directly

Calls 11

_roundtripFunction · 0.85
scramble_caching_sha2Function · 0.85
OperationalErrorClass · 0.85
sha2_rsa_encryptFunction · 0.85
read_allMethod · 0.80
is_extra_auth_dataMethod · 0.80
advanceMethod · 0.80
read_uint8Method · 0.80
_read_packetMethod · 0.80
check_errorMethod · 0.80

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…