a fWc2@sXdZddlmZmZddlmZmZmZmZddl Z e e Z ddl Z ddlmZddlmZmZddlmZmZmZddlmZddlmmZgd ZGd d d ejZGd d d ej ej!ej"Z#GdddeZ$GdddeZ%Gddde#Z&Gddde#Z'Gddde#Z(Gddde#Z)GdddeZ*ddeDZ+ddZ,e,dS) z.passlib.handlers.digests - plain hash digests ) b64encode b64decode)md5sha1sha256sha512N) plaintext)unix_crypt_schemes to_unicode) uascii_to_strunicodeu) classproperty)ldap_plaintextldap_md5 ldap_sha1ldap_salted_md5ldap_salted_sha1ldap_salted_sha256ldap_salted_sha512Zldap_des_cryptZldap_bsdi_cryptZldap_md5_cryptZldap_sha1_cryptZ ldap_bcryptZldap_sha256_cryptZldap_sha512_cryptc@s6eZdZdZdZdZdZejZ e ddZ ddZ dS)_Base64DigestHelperzhelper for ldap_md5 / ldap_sha1NcCs|jS)z/tell StaticHandler to strip ident from checksum)identclsrA/usr/lib/python3.9/site-packages/passlib/handlers/ldap_digests.py _hash_prefix2sz _Base64DigestHelper._hash_prefixcCs0t|tr|d}||}t|dS)Nutf-8ascii) isinstancer encode _hash_funcdigestrdecode)selfsecretZchkrrr_calc_checksum7s  z"_Base64DigestHelper._calc_checksum) __name__ __module__ __qualname____doc__rr! _hash_regexuhPADDED_BASE64_CHARSchecksum_charsrrr&rrrrr)s rc@sVeZdZdZdZejZdZdZ dZ dZ Z dZ dZ dZ eddZdd Zd d ZdS) _SaltedBase64DigestHelperz-helper for ldap_salted_md5 / ldap_salted_sha1)saltZ salt_sizeNcCst|dd}|j|}|s(tj|zt|dd}Wnt y^tj |Yn0|j }|snJ||d|||ddS)Nrhashtmp)checksumr0) r r+matchr,excZInvalidHashErrorrgroupr TypeErrorZMalformedHashError checksum_size)rr3mdatacsrrr from_stringNs    z%_SaltedBase64DigestHelper.from_stringcCs(|j|j}|jt|d}t|S)Nr)r5r0rrr#r )r$r<r3rrr to_string\s z#_SaltedBase64DigestHelper.to_stringcCs(t|tr|d}|||jS)Nr)rr r r!r0r")r$r%rrrr&as  z(_SaltedBase64DigestHelper._calc_checksum)r'r(r)r*Z setting_kwdsr,r-r.rr!r+Z min_salt_sizeZ max_salt_sizedefault_salt_size classmethodr>r?r&rrrrr/=s r/c@s.eZdZdZdZedZeZe edZ dS)rzThis class stores passwords using LDAP's plain MD5 format, and follows the :ref:`password-hash-api`. The :meth:`~passlib.ifc.PasswordHash.hash` and :meth:`~passlib.ifc.PasswordHash.genconfig` methods have no optional keywords. z{MD5}z%^\{MD5\}(?P[+/a-zA-Z0-9]{22}==)$N) r'r(r)r*namer rrr!recompiler+rrrrris rc@s.eZdZdZdZedZeZe edZ dS)rzThis class stores passwords using LDAP's plain SHA1 format, and follows the :ref:`password-hash-api`. The :meth:`~passlib.ifc.PasswordHash.hash` and :meth:`~passlib.ifc.PasswordHash.genconfig` methods have no optional keywords. z{SHA}z$^\{SHA\}(?P[+/a-zA-Z0-9]{27}=)$N) r'r(r)r*rBr rrr!rCrDr+rrrrrss rc@s2eZdZdZdZedZdZeZ e edZ dS)raThis class stores passwords using LDAP's salted MD5 format, and follows the :ref:`password-hash-api`. It supports a 4-16 byte salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string. :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. Defaults to 4 bytes for compatibility with the LDAP spec, but some systems use larger salts, and Passlib supports any value between 4-16. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 .. versionchanged:: 1.6 This format now supports variable length salts, instead of a fix 4 bytes. z{SMD5}r2z+^\{SMD5\}(?P[+/a-zA-Z0-9]{27,}={0,2})$N) r'r(r)r*rBr rr:rr!rCrDr+rrrrr}s  rc@s2eZdZdZdZedZdZeZ e edZ dS)ra This class stores passwords using LDAP's "Salted SHA1" format, and follows the :ref:`password-hash-api`. It supports a 4-16 byte salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string. :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. Defaults to 4 bytes for compatibility with the LDAP spec, but some systems use larger salts, and Passlib supports any value between 4-16. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 .. versionchanged:: 1.6 This format now supports variable length salts, instead of a fix 4 bytes. z{SSHA}z+^\{SSHA\}(?P[+/a-zA-Z0-9]{32,}={0,2})$N) r'r(r)r*rBr rr:rr!rCrDr+rrrrrs "rc@s6eZdZdZdZedZdZdZe Z e edZ dS)raC This class stores passwords using LDAP's "Salted SHA2-256" format, and follows the :ref:`password-hash-api`. It supports a 4-16 byte salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string. :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. Defaults to 8 bytes for compatibility with the LDAP spec, but Passlib supports any value between 4-16. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.7.3 z {SSHA256} z.^\{SSHA256\}(?P[+/a-zA-Z0-9]{48,}={0,2})$N)r'r(r)r*rBr rr:r@rr!rCrDr+rrrrrsrc@s6eZdZdZdZedZdZdZe Z e edZ dS)raC This class stores passwords using LDAP's "Salted SHA2-512" format, and follows the :ref:`password-hash-api`. It supports a 4-16 byte salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string. :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. Defaults to 8 bytes for compatibility with the LDAP spec, but Passlib supports any value between 4-16. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.7.3 z {SSHA512}@rGz.^\{SSHA512\}(?P[+/a-zA-Z0-9]{91,}={0,2})$N)r'r(r)r*rBr rr:r@rr!rCrDr+rrrrrsrc@sHeZdZdZdZeedZe j ddde ddZ e dd Z d S) raYThis class stores passwords in plaintext, and follows the :ref:`password-hash-api`. This class acts much like the generic :class:`!passlib.hash.plaintext` handler, except that it will identify a hash only if it does NOT begin with the ``{XXX}`` identifier prefix used by RFC2307 passwords. The :meth:`~passlib.ifc.PasswordHash.hash`, :meth:`~passlib.ifc.PasswordHash.genhash`, and :meth:`~passlib.ifc.PasswordHash.verify` methods all require the following additional contextual keyword: :type encoding: str :param encoding: This controls the character encoding to use (defaults to ``utf-8``). This encoding will be used to encode :class:`!unicode` passwords under Python 2, and decode :class:`!bytes` hashes under Python 3. .. versionchanged:: 1.6 The ``encoding`` keyword was added. z ^\{\w+\}.*$z1.7z2.0)Z deprecatedZremovedcCsdS)N!rrrrr genconfig:szldap_plaintext.genconfigcCs"t|}t|o |j|duS)N)r,Zto_unicode_for_identifybool _2307_patr6)rr3rrridentifyAs zldap_plaintext.identifyN)r'r(r)r*rBrCrDr rLr,Zdeprecated_methodrArJrMrrrrr s  rcCsg|] }d|qS)ldap_r).0rBrrr LrPcCs8t}tD]&}d|}tj||tddd||<q ~dS)NrNz{CRYPT}T)prefixZlazy)globalsr r,Z PrefixWrapperr )gZwnamerBrrr_init_ldap_crypt_handlersNs rU)-r*base64rrZhashlibrrrrZloggingZ getLoggerr'logrCZpasslib.handlers.miscrZ passlib.utilsr r Zpasslib.utils.compatr r r Zpasslib.utils.decorrZpasslib.utils.handlersZutilshandlersr,__all__Z StaticHandlerrZ HasRawSaltZHasRawChecksumZGenericHandlerr/rrrrrrrZldap_crypt_schemesrUrrrrs,  ,  ',((,