| 337 | self.realTestPamAuth() |
| 338 | |
| 339 | def realTestPamAuth(self): |
| 340 | db = self.db.copy() |
| 341 | import os |
| 342 | |
| 343 | db["password"] = os.environ.get("PASSWORD") |
| 344 | cur = self.connect().cursor() |
| 345 | try: |
| 346 | cur.execute("show grants for " + TestAuthentication.osuser + "@localhost") |
| 347 | grants = cur.fetchone()[0] |
| 348 | cur.execute("drop user " + TestAuthentication.osuser + "@localhost") |
| 349 | except pymysql.OperationalError as e: |
| 350 | # assuming the user doesn't exist which is ok too |
| 351 | self.assertEqual(1045, e.args[0]) |
| 352 | grants = None |
| 353 | with TempUser( |
| 354 | cur, |
| 355 | TestAuthentication.osuser + "@localhost", |
| 356 | self.databases[0]["database"], |
| 357 | "pam", |
| 358 | os.environ.get("PAMSERVICE"), |
| 359 | ): |
| 360 | try: |
| 361 | pymysql.connect(user=TestAuthentication.osuser, **db) |
| 362 | db["password"] = "very bad guess at password" |
| 363 | with self.assertRaises(pymysql.err.OperationalError): |
| 364 | pymysql.connect( |
| 365 | user=TestAuthentication.osuser, |
| 366 | auth_plugin_map={ |
| 367 | b"mysql_cleartext_password": TestAuthentication.DefectiveHandler |
| 368 | }, |
| 369 | **self.db, |
| 370 | ) |
| 371 | except pymysql.OperationalError as e: |
| 372 | self.assertEqual(1045, e.args[0]) |
| 373 | # we had 'bad guess at password' work with pam. Well at least we get |
| 374 | # a permission denied here |
| 375 | with self.assertRaises(pymysql.err.OperationalError): |
| 376 | pymysql.connect( |
| 377 | user=TestAuthentication.osuser, |
| 378 | auth_plugin_map={ |
| 379 | b"mysql_cleartext_password": TestAuthentication.DefectiveHandler |
| 380 | }, |
| 381 | **self.db, |
| 382 | ) |
| 383 | if grants: |
| 384 | # recreate the user |
| 385 | cur.execute(grants) |
| 386 | |
| 387 | @pytest.mark.skipif(not socket_auth, reason="connection to unix_socket required") |
| 388 | @pytest.mark.skipif( |