XR_2dZddlmZmZddlmZmZmZmZddl Z e j e Z ddl Z ddlmZddlmZmZddlmZmZmZddlmZddlmcmZgd ZGd d ejZGd d ej ej!ej"Z#GddeZ$GddeZ%Gdde#Z&Gdde#Z'Gdde#Z(Gdde#Z)GddeZ*deDZ+dZ,e,dS)z.passlib.handlers.digests - plain hash digests ) b64encode b64decode)md5sha1sha256sha512N) plaintext)unix_crypt_schemes to_unicode) uascii_to_strunicodeu) classproperty)ldap_plaintextldap_md5 ldap_sha1ldap_salted_md5ldap_salted_sha1ldap_salted_sha256ldap_salted_sha512ldap_des_cryptldap_bsdi_cryptldap_md5_cryptldap_sha1_crypt ldap_bcryptldap_sha256_cryptldap_sha512_cryptcHeZdZdZdZdZdZejZ e dZ dZ dS)_Base64DigestHelperzhelper for ldap_md5 / ldap_sha1Nc|jS)z/tell StaticHandler to strip ident from checksum)identclss ?/usr/lib/python3/dist-packages/passlib/handlers/ldap_digests.py _hash_prefixz _Base64DigestHelper._hash_prefix2s yct|tr|d}||}t |dS)Nutf-8ascii) isinstancer encode _hash_funcdigestrdecode)selfsecretchks r$_calc_checksumz"_Base64DigestHelper._calc_checksum7s\ fg & & ,]]7++Foof%%,,..~~$$W---r&) __name__ __module__ __qualname____doc__r!r, _hash_regexuhPADDED_BASE64_CHARSchecksum_charsrr%r2r&r$rr)s[)) EJK+N].....r&rcfeZdZdZdZejZdZdZ dZ dxZ Z dZ dZ dZ edZdZdZdS) _SaltedBase64DigestHelperz-helper for ldap_salted_md5 / ldap_salted_sha1)salt salt_sizeNct|dd}|j|}|stj| t |dd}n-#t$r tj |wxYw|j }|sJ||d|||dS)Nr)hashtmp)checksumr>) r r7matchr8excInvalidHashErrorrgroupr+ TypeErrorMalformedHashError checksum_size)r#rCmdatacss r$ from_stringz%_SaltedBase64DigestHelper.from_stringNs$00 O ! !$ ' ' /&))#.. . 1QWWU^^227;;<r!rr.r )r/rNrCs r$ to_stringz#_SaltedBase64DigestHelper.to_string\s>}ty(zIdOO227;;;T"""r&ct|tr|d}|||jzS)Nr()r*r r+r,r>r-)r/r0s r$r2z(_SaltedBase64DigestHelper._calc_checksumasJ fg & & ,]]7++Fv 12299;;;r&)r3r4r5r6 setting_kwdsr8r9r:r!r,r7 min_salt_size max_salt_sizedefault_salt_size classmethodrPrRr2r;r&r$r=r==s77(L+N EJK$%%MM MM 7 7[ 7### <<<<[+/a-zA-Z0-9]{22}==)$N) r3r4r5r6namerr!rr,recompiler7r;r&r$rrisM D AgJJEJ"*QQGHHIIKKKr&rcbeZdZdZdZedZeZe j edZ dS)rzThis class stores passwords using LDAP's plain SHA1 format, and follows the :ref:`password-hash-api`. The :meth:`~passlib.ifc.PasswordHash.hash` and :meth:`~passlib.ifc.PasswordHash.genconfig` methods have no optional keywords. z{SHA}z$^\{SHA\}(?P[+/a-zA-Z0-9]{27}=)$N) r3r4r5r6rZrr!rr,r[r\r7r;r&r$rrssM D AgJJEJ"*QQFGGHHKKKr&rcfeZdZdZdZedZdZeZ e j edZ dS)raThis class stores passwords using LDAP's salted MD5 format, and follows the :ref:`password-hash-api`. It supports a 4-16 byte salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string. :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. Defaults to 4 bytes for compatibility with the LDAP spec, but some systems use larger salts, and Passlib supports any value between 4-16. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 .. versionchanged:: 1.6 This format now supports variable length salts, instead of a fix 4 bytes. z{SMD5}rAz+^\{SMD5\}(?P[+/a-zA-Z0-9]{27,}={0,2})$N) r3r4r5r6rZrr!rLrr,r[r\r7r;r&r$rr}sS@ D AhKKEMJ"*QQMNNOOKKKr&rcfeZdZdZdZedZdZeZ e j edZ dS)ra This class stores passwords using LDAP's "Salted SHA1" format, and follows the :ref:`password-hash-api`. It supports a 4-16 byte salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string. :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. Defaults to 4 bytes for compatibility with the LDAP spec, but some systems use larger salts, and Passlib supports any value between 4-16. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 .. versionchanged:: 1.6 This format now supports variable length salts, instead of a fix 4 bytes. z{SSHA}z+^\{SSHA\}(?P[+/a-zA-Z0-9]{32,}={0,2})$N) r3r4r5r6rZrr!rLrr,r[r\r7r;r&r$rrsS!!D D AhKKEMJ"*QQMNNOOKKKr&rcjeZdZdZdZedZdZdZe Z e j edZ dS)raC This class stores passwords using LDAP's "Salted SHA2-256" format, and follows the :ref:`password-hash-api`. It supports a 4-16 byte salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string. :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. Defaults to 8 bytes for compatibility with the LDAP spec, but Passlib supports any value between 4-16. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.7.3 z {SSHA256} z.^\{SSHA256\}(?P[+/a-zA-Z0-9]{48,}={0,2})$N)r3r4r5r6rZrr!rLrWrr,r[r\r7r;r&r$rrX< D AkNNEMJ"*QQPQQRRKKKr&rcjeZdZdZdZedZdZdZe Z e j edZ dS)raC This class stores passwords using LDAP's "Salted SHA2-512" format, and follows the :ref:`password-hash-api`. It supports a 4-16 byte salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string. :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. Defaults to 8 bytes for compatibility with the LDAP spec, but Passlib supports any value between 4-16. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.7.3 z {SSHA512}@rcz.^\{SSHA512\}(?P[+/a-zA-Z0-9]{91,}={0,2})$N)r3r4r5r6rZrr!rLrWrr,r[r\r7r;r&r$rrrdr&rceZdZdZdZejedZe j dde dZ e dZ dS) raYThis class stores passwords in plaintext, and follows the :ref:`password-hash-api`. This class acts much like the generic :class:`!passlib.hash.plaintext` handler, except that it will identify a hash only if it does NOT begin with the ``{XXX}`` identifier prefix used by RFC2307 passwords. The :meth:`~passlib.ifc.PasswordHash.hash`, :meth:`~passlib.ifc.PasswordHash.genhash`, and :meth:`~passlib.ifc.PasswordHash.verify` methods all require the following additional contextual keyword: :type encoding: str :param encoding: This controls the character encoding to use (defaults to ``utf-8``). This encoding will be used to encode :class:`!unicode` passwords under Python 2, and decode :class:`!bytes` hashes under Python 3. .. versionchanged:: 1.6 The ``encoding`` keyword was added. z ^\{\w+\}.*$z1.7z2.0) deprecatedremovedcdS)N!r;r"s r$ genconfigzldap_plaintext.genconfig:s sr&ctj|}t|o|j|duS)N)r8to_unicode_for_identifybool _2307_patrF)r#rCs r$identifyzldap_plaintext.identifyAs:)$//Dzz?cm11$774??r&N)r3r4r5r6rZr[r\rrpr8deprecated_methodrXrlrqr;r&r$rr s, D 11^,,--IRUE:::[;: @@[@@@r&rcg|]}d|zS)ldap_r;).0rZs r$ rvLsFFF$w~FFFr&ct}tD]/}d|z}tj||t dd||<0~dS)Nrtz{CRYPT}T)prefixlazy)globalsr r8 PrefixWrapperr)gwnamerZs r$_init_ldap_crypt_handlersr~NsS  A#PP"4q||$OOO$ r&)-r6base64rrhashlibrrrrlogging getLoggerr3logr[passlib.handlers.miscr passlib.utilsr r passlib.utils.compatr r rpasslib.utils.decorrpasslib.utils.handlersutilshandlersr8__all__ StaticHandlerr HasRawSaltHasRawChecksumGenericHandlerr=rrrrrrrldap_crypt_schemesr~r;r&r$rs ('''''''------------'g'11 ,+++++88888888::::::::::------#########   ,....."*...('<'<'<'<'< r/@"BS'<'<'