ó ö 5Xc@s(dZddlmZmZddlmZddlZddlZeje ƒZ ddl m Z ddl mZddlmZmZmZddljjZdd gZd „Zd Zed ƒZd „Zd „Zdejejejfd„ƒYZ d ejejejfd„ƒYZ!dS(sÈpasslib.handlers.mssql - MS-SQL Password Hash Notes ===== MS-SQL has used a number of hash algs over the years, most of which were exposed through the undocumented 'pwdencrypt' and 'pwdcompare' sql functions. Known formats ------------- 6.5 snefru hash, ascii encoded password no examples found 7.0 snefru hash, unicode (what encoding?) saw ref that these blobs were 16 bytes in size no examples found 2000 byte string using displayed as 0x hex, using 0x0100 prefix. contains hashes of password and upper-case password. 2007 same as 2000, but without the upper-case hash. refs ---------- https://blogs.msdn.com/b/lcris/archive/2007/04/30/sql-server-2005-about-login-password-hashes.aspx?Redirected=true http://us.generation-nt.com/securing-passwords-hash-help-35429432.html http://forum.md5decrypter.co.uk/topic230-mysql-and-mssql-get-password-hashes.aspx http://www.theregister.co.uk/2002/07/08/cracking_ms_sql_server_passwords/ iÿÿÿÿ(thexlifyt unhexlify(tsha1N(twarn(tconsteq(t bascii_to_strtunicodetut mssql2000t mssql2005cCsGt|tƒst‚t|tƒs*t‚t|jdƒ|ƒjƒS(Ns utf-16-le(t isinstanceRtAssertionErrortbytesRtencodetdigest(tsecrettsalt((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyt _raw_mssql9st0x0100cCs‡t|tƒr7t|ƒ|krƒ|jtƒrƒtSnLt|tƒrnt|ƒ|krƒ|jtƒrƒtSntj j |dƒ‚t S(s#common identify for mssql 2000/2005thash( R Rtlent startswithtUIDENTtTrueR tBIDENTtuhtexctExpectedStringErrortFalse(Rtcsizetbsize((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyt _ident_mssqlBs!!cCst|tƒret|ƒ|krë|jtƒrëyt|djdƒƒSWqbtk r^qbXqën†t|tƒrÖt|tƒs‰t ‚t|ƒ|krë|jt ƒrëyt|dƒSWqÓtk rÏqÓXqënt j j |dƒ‚t j j|ƒ‚dS(sAcommon parser for mssql 2000/2005; returns 4 byte salt + checksumisutf-8RN(R RRRRRR t TypeErrorR R RRRRtInvalidHashError(RRRthandler((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyt _parse_mssqlPs!  !  cBsieZdZdZd ZdZdZZed„ƒZ ed„ƒZ d„Z d„Z ed „ƒZ RS( s*This class implements the password hash used by MS-SQL 2000, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 4 bytes in length. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. RRi(icCst|ddƒS(Ni^i.(R(tclsR((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pytidentifyŽscCs0t|dd|ƒ}|d|d d|dƒS(Ni^i.Ritchecksum(R#(R$Rtdata((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyt from_string’scCs*|j|j}dtt|ƒjƒƒS(NR(RR&RRtupper(tselftraw((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyt to_string—scCsJt|tƒr!|jdƒ}n|j}t||ƒt|jƒ|ƒS(Nsutf-8(R R tdecodeRRR)(R*RR((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyt_calc_checksumœs cCstj|ƒ|j|ƒ}|j}|dkrFtjj|ƒ‚nt|tƒrg|j dƒ}nt |j ƒ|j ƒ}t ||dƒS(Nsutf-8i(Rtvalidate_secretR(R&tNoneRtMissingDigestErrorR R R-RR)RR(R$RRR*tchktresult((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pytverify¢s   (ssalt(t__name__t __module__t__doc__tnamet setting_kwdst checksum_sizet min_salt_sizet max_salt_sizet classmethodR%R(R,R.R4(((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyRfs   cBsZeZdZdZd ZdZdZZed„ƒZ ed„ƒZ d„Z d„Z RS( s*This class implements the password hash used by MS-SQL 2005, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 4 bytes in length. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. R RiicCst|ddƒS(Ni6i(R(R$R((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyR%ÛscCs0t|dd|ƒ}|d|d d|dƒS(Ni6iRiR&(R#(R$RR'((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyR(ßscCs*|j|j}dtt|ƒƒjƒS(NR(RR&RRR)(R*R+((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyR,äscCs1t|tƒr!|jdƒ}nt||jƒS(Nsutf-8(R R R-RR(R*R((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyR.és(ssalt( R5R6R7R8R9R:R;R<R=R%R(R,R.(((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyR ³s  ("R7tbinasciiRRthashlibRtretloggingt getLoggerR5tlogtwarningsRt passlib.utilsRtpasslib.utils.compatRRRtpasslib.utils.handlerstutilsthandlersRt__all__RRRRR#t HasRawSalttHasRawChecksumtGenericHandlerRR (((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyt!s$       %M