XR__WdZddlZddlZejeZddlmZddlm Z m Z m Z ddl m Z mZddlmZmZmZmZmZddlmZddlmcmZgdZd Zd Zd Zd Zd Z Gddej!ej"ej#ej$Z%Gddej"ej&ej#ej$Z'Gddej#ej$Z(Gddej!ej#ej$Z)dS)zFpasslib.handlers.des_crypt - traditional unix (DES) crypt and variantsN)warn) safe_crypt test_crypt to_unicode)h64h64big)byte_elem_valueu uascii_to_strunicodesuppress_cause)des_encrypt_int_block) des_crypt bsdi_cryptbigcryptcrypt16c^tdt|ddDS)zconvert secret to 64-bit DES key. this only uses the first 8 bytes of the secret, and discards the high 8th bit of each byte at that. a null parity bit is inserted after every 7th bit of the output. c3RK|]"\}}t|dzd|dzz zV#dS)9N)r ).0ics z'_crypt_secret_to_key..(sT221a ""T)r!A#v6222222Nr)sum enumerate)secrets r_crypt_secret_to_keyr"sB 22$VBQBZ00222 2 22rct|dksJtj|}t|tr|d}t|t sJt|vr$tj tt|}t|d|d}tj|S)z pure-python backed for des_cryptutf-8r)lenr decode_int12 isinstancer encodebytes_BNULLuhexcNullPasswordErrorrr"rr encode_int64)r!salt salt_value key_valueresults r_raw_des_cryptr5+s t99>>>>!$''J&'""(w'' fe $ $$$$f&&y111%V,,I#9aR @ @F  v & &&rct|}d}t|}||kr7|dz}t|||}t|||z }|}||k7|S)z,convert secret to DES key used by bsdi_cryptr)r"r'r)r!r3idxendnext tmp_values r_bsdi_secret_to_keyr;Iss$V,,I C f++C ))Qw(D)9:: ))Y??)K  )) rcptj|}t|tr|d}t|t sJt |vr$tj tt|}t|d||}tj|S)z"pure-python backend for bsdi_cryptr%r)r decode_int24r)r r*r+r,r-r.r/rr;rrr0)r!roundsr1r2r3r4s r_raw_bsdi_cryptr?Us!$''J&'""(w'' fe $ $$$$f&&z222$F++I#9aV D DF  v & &&rceZdZdZdZdZejZdZ dxZ Z ejZ dZ ejedejejzZedZdZd Zd Zed Zd Zed ZdZdS)raThis class implements the des-crypt password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 2 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :param bool truncate_error: By default, des_crypt will silently truncate passwords larger than 8 bytes. Setting ``truncate_error=True`` will cause :meth:`~passlib.ifc.PasswordHash.hash` to raise a :exc:`~passlib.exc.PasswordTruncateError` instead. .. versionadded:: 1.7 :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 r1truncate_error r$rzU ^ (?P[./a-z0-9]{2}) (?P[./a-z0-9]{11})? $cjt|dd}|dd|dd}}|||pdS)Nasciihashr$r1checksum)r)clsrFr1chks r from_stringzdes_crypt.from_stringsE$00!Hd122hcss{d3333rc\td|j|jfz}t|SNz%s%sr r1rHr selfrFs r to_stringzdes_crypt.to_string)yyDIt}55T"""rcd|jr||||S)N) use_defaults_check_truncate_policy_calc_checksum_backendrPr!s r_calc_checksumzdes_crypt._calc_checksums5   0  ' ' / / /**6222ros_cryptbuiltinc^tddr||jdSdS)Ntest abgOeLfPimXQoTFr_set_calc_checksum_backend_calc_checksum_os_cryptrIs r_load_backend_os_cryptz des_crypt._load_backend_os_crypts5 fo . .   * *3+F G G G45rct||j}|||S||jrt |dkr&t j||j||ddS)N r$)rr1_calc_checksum_builtin startswithr'r-r.CryptBackendError)rPr!rFs rraz!des_crypt._calc_checksum_os_crypts~&$),, <..v66 6ty)) BSYY"__&**4DAA AABBxrc:||jdSNTr`rfrbs r_load_backend_builtinzdes_crypt._load_backend_builtin &&s'ABBBtrcxt||jddSNrE)r5r1r*decoderWs rrfz des_crypt._calc_checksum_builtins0fdi&6&6w&?&?@@GGPPPrN)__name__ __module__ __qualname____doc__name setting_kwdsr- HASH64_CHARSchecksum_chars checksum_size min_salt_size max_salt_size salt_chars truncate_sizerecompiler XI _hash_regex classmethodrKrQrXbackendsrcrarlrfrrrrps!H D-L _NM %&%MMJ M"*QQ tBDy K 44[4 ###333'H [   [QQQQQrrc@eZdZdZdZdZdZejZ dxZ Z ejZ dZ dZdZdZejed ejejzZed Zd Zd Zefd ZefdZfdZdZedZdZ edZ!dZ"xZ#S)ra This class implements the BSDi-Crypt password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 4 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 5001, must be between 1 and 16777215, inclusive. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 .. versionchanged:: 1.6 :meth:`hash` will now issue a warning if an even number of rounds is used (see :ref:`bsdi-crypt-security-issues` regarding weak DES keys). )r1r>rCiilinearz ^ _ (?P[./a-z0-9]{4}) (?P[./a-z0-9]{4}) (?P[./a-z0-9]{11})? $c6t|dd}|j|}|stj||ddd\}}}|tj| d||S)NrErFr>r1rJ)r>r1rH) rrmatchr-r.InvalidHashErrorgrouprr=r*)rIrFmr>r1rJs rrKzbsdi_crypt.from_string4s$00 O ! !$ ' ' /&))#.. .GGHfe<<cs#FMM'$:$:;;    rctdtj|jd|j|jfz}t|S)Nz_%s%s%srE)r r encode_int24r>rpr1rHr rOs rrQzbsdi_crypt.to_stringAsK||s/ <<CCGLL#y$-99T"""rTc tt|jdi|}|jdzst dt jj|S)NrzHbsdi_crypt rounds should be odd, as even rounds may reveal weak DES keysr)superrusingdefault_roundsrr-r.PasslibSecurityWarning)rIkwdssubcls __class__s rrzbsdi_crypt.usingNsW-z3''-5555$q( 0 [. 0 0 0 rc\tt|}|dzS)Nr)rr_generate_rounds)rIr>rs rrzbsdi_crypt._generate_roundsWs)z3''88:: axrc \|jdzsdStt|jdi|S)NrTr)r>rr_calc_needs_update)rPrrs rrzbsdi_crypt._calc_needs_updatees9{Q 49uZ&&9AADAAArrYc^tddr||jdSdS)Nr]z_/...lLDAxARksGCHin.TFr_rbs rrcz!bsdi_crypt._load_backend_os_cryptts6 f4 5 5   * *3+F G G G45rc.|}t||}|||S||ddrt |dkr!t j||||ddS)N )rQrrfrgr'r-r.rh)rPr!configrFs rraz"bsdi_crypt._calc_checksum_os_crypt|s!!&&)) <..v66 6vbqbz** ?c$ii2oo&**4>> >CDDzrc:||jdSrjrkrbs rrlz bsdi_crypt._load_backend_builtinrmrct||j|jddSro)r?r>r1r*rprWs rrfz!bsdi_crypt._calc_checksum_builtins5vt{DI4D4DW4M4MNNUUV]^^^r)$rqrrrsrtrurvryr-rwrxrzr{r|r min_rounds max_rounds rounds_costr~rr rrrrrKrQ_avoid_even_roundsrrrrrcrarlrf __classcell__rs@rrrsF D%LM_N%&%MMJNJJK"*QQ  tBDy K   [  ###[[BBBBB'H [   [_______rrceZdZdZdZdZejZdxZ Z ejZ e j ede je jzZedZdZd fd Zd ZxZS) ragThis class implements the BigCrypt password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 22 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 )r1r$zX ^ (?P[./a-z0-9]{2}) (?P([./a-z0-9]{11})+)? $ct|dd}|j|}|stj||dd\}}|||SNrErFr1rJrGrrrr-r.rrrIrFrr1rJs rrKzbigcrypt.from_stringr$00 O ! !$ ' ' /&))#.. .GGFE** css++++rc\td|j|jfz}t|SrMrNrOs rrQzbigcrypt.to_stringrRrFctt|||}t|dzrtj||S)N)relaxedrC)rr_norm_checksumr'r-r.r)rPrHrrs rrzbigcrypt._norm_checksumsS4((77'7RR x==2  0&))$// /rc^t|tr|d}t||jd}d}t |}||kr0|dz}|t||||ddz }|}||k0|dS)Nr%rErri)r)r r*r5r1r'rp)rPr!rJr7r8r9s rrXzbigcrypt._calc_checksums fg & & ,]]7++FVTY%5%5g%>%>??&kkCii7D >&T"2CBK@@ @CCCiizz'"""r)F)rqrrrsrtrurvr-rwrxrzr{r|r~rr rrrrrKrQrrXrrs@rrrs4 DL_N%&%MMJ "*QQ tBDy K ,,[,### # # # # # # #rrceZdZdZdZdZdZejZ dxZ Z ejZ dZ ejedejejzZedZdZd Zd S) raThis class implements the crypt16 password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 2 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :param bool truncate_error: By default, crypt16 will silently truncate passwords larger than 16 bytes. Setting ``truncate_error=True`` will cause :meth:`~passlib.ifc.PasswordHash.hash` to raise a :exc:`~passlib.exc.PasswordTruncateError` instead. .. versionadded:: 1.7 :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 rAr$zU ^ (?P[./a-z0-9]{2}) (?P[./a-z0-9]{22})? $ct|dd}|j|}|stj||dd\}}|||Srrrs rrKzcrypt16.from_string+rrc\td|j|jfz}t|SrMrNrOs rrQzcrypt16.to_string4rRrcNt|tr|d}|jr|| t j|jd}n*#t$rttdwxYwt|}t|d|d}t|dd}t|d|d}tj |tj |z}|dS) Nr%rEzinvalid chars in saltrrrr)r)r r*rTrUrr(r1 ValueErrorr r"rrr0rp)rPr!r2key1result1key2result2rJs rrXzcrypt16._calc_checksum;s( fg & & ,]]7++F   0  ' ' / / / F)$)*:*:7*C*CDDJJ F F F ,C!D!DEE E F$F++(aR@@$F1R4L11(aQ??!'**V-@-I-IIzz'"""s ,A55'BN)rqrrrsrtrurvryr-rwrxrzr{r|r}r~rr rrrrrKrQrXrrrrrsH D-L M_N %&%MMJ M "*QQ tBDy K ,,[,########rr)*rtr~logging getLoggerrqlogwarningsr passlib.utilsrrrpasslib.utils.binaryrrpasslib.utils.compatr r r r r passlib.crypto.desrpasslib.utils.handlersutilshandlersr-__all__r,r"r5r;r? TruncateMixinHasManyBackendsHasSaltGenericHandlerr HasRoundsrrrrrrrsALL  'g'11=<<<<<<<<<,,,,,,,,[[[[[[[[[[[[[[444444#########     2 2 2'''<   '''6}Q}Q}Q}Q}Q ""4bj"BS}Q}Q}QF]_]_]_]_]_#R\2:r?P]_]_]_FM#M#M#M#M#rz2,M#M#M#fn#n#n#n#n#b B,=n#n#n#n#n#r