ó ö 5Xc@s“dZddlZddlZejeƒZddlmZddlm Z m Z m Z ddl m Z mZddlmZmZmZmZmZddlmZddljjZdd d d gZd Zd „Zd„Zd„Zd„Z dej!ej"ej#ej$fd„ƒYZ%d ej"ej&ej#ej$fd„ƒYZ'd ej#ej$fd„ƒYZ(d ej!ej#ej$fd„ƒYZ)dS(sFpasslib.handlers.des_crypt - traditional unix (DES) crypt and variantsiÿÿÿÿN(twarn(t safe_cryptt test_cryptt to_unicode(th64th64big(tbyte_elem_valuetut uascii_to_strtunicodetsuppress_cause(tdes_encrypt_int_blockt des_cryptt bsdi_crypttbigcrypttcrypt16tcCstd„t|d ƒDƒƒS(sØconvert secret to 64-bit DES key. this only uses the first 8 bytes of the secret, and discards the high 8th bit of each byte at that. a null parity bit is inserted after every 7th bit of the output. css1|]'\}}t|ƒd@d|d>VqdS(ii9iN(R(t.0titc((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pys (si(tsumt enumerate(tsecret((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_crypt_secret_to_keys cCs¬t|ƒdkst‚tj|ƒ}t|tƒrH|jdƒ}nt|tƒs]t‚t|kr~t j j t ƒ‚nt |ƒ}t|d|dƒ}tj|ƒS(s pure-python backed for des_cryptisutf-8ii(tlentAssertionErrorRt decode_int12t isinstanceR tencodetbytest_BNULLtuhtexctNullPasswordErrorR RR Rt encode_int64(Rtsaltt salt_valuet key_valuetresult((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_raw_des_crypt+s  cCskt|ƒ}d}t|ƒ}xF||krf|d}t|||!ƒ}t||ƒ|A}|}q!W|S(s,convert secret to DES key used by bsdi_crypti(RRR (RR%tidxtendtnextt tmp_value((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_bsdi_secret_to_keyIs    cCs”tj|ƒ}t|tƒr0|jdƒ}nt|tƒsEt‚t|krftj j t ƒ‚nt |ƒ}t |d||ƒ}tj|ƒS(s"pure-python backend for bsdi_cryptsutf-8i(Rt decode_int24RR RRRRRR R!R R,R RR"(RtroundsR#R$R%R&((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_raw_bsdi_cryptUs  cBs»eZdZdZdZejZdZdZ Z ejZ dZ e jedƒe je jBƒZed„ƒZd „Zd „ZdZed „ƒZd„Zed„ƒZd„ZRS(s›This class implements the des-crypt password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 2 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :param bool truncate_error: By default, des_crypt will silently truncate passwords larger than 8 bytes. Setting ``truncate_error=True`` will cause :meth:`~passlib.ifc.PasswordHash.hash` to raise a :exc:`~passlib.exc.PasswordTruncateError` instead. .. versionadded:: 1.7 :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 R R#ttruncate_errori iisU ^ (?P[./a-z0-9]{2}) (?P[./a-z0-9]{11})? $cCs@t|ddƒ}|d |d}}|d|d|p<dƒS(NtasciithashiR#tchecksum(RtNone(tclsR2R#tchk((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt from_string´scCs&tdƒ|j|jf}t|ƒS(Ns%s%s(RR#R3R(tselfR2((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt to_stringºscCs&|jr|j|ƒn|j|ƒS(N(t use_defaultst_check_truncate_policyt_calc_checksum_backend(R8R((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_calc_checksumÁs tos_crypttbuiltincCs+tddƒr#|j|jƒtStSdS(Nttestt abgOeLfPimXQo(Rt_set_calc_checksum_backendt_calc_checksum_os_crypttTruetFalse(R5((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_load_backend_os_cryptÐscCs[t||jƒ}|rJ|j|jƒr<t|ƒdksBt‚|dS|j|ƒSdS(Ni i(RR#t startswithRRt_calc_checksum_builtin(R8RR2((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRCØs *cCs|j|jƒtS(N(RBRHRD(R5((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_load_backend_builtinçscCs"t||jjdƒƒjdƒS(NR1(R'R#Rtdecode(R8R((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRHìs(ssaltR0(R>R?(t__name__t __module__t__doc__tnamet setting_kwdsRt HASH64_CHARStchecksum_charst checksum_sizet min_salt_sizet max_salt_sizet salt_charst truncate_sizetretcompileRtXtIt _hash_regext classmethodR7R9R=tbackendsRFRCRIRH(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR ps$       cBsñeZdZdZdZdZejZdZ Z ejZ dZ dZ dZd Zejed ƒejejBƒZed „ƒZd „ZeZed „ƒZed„ƒZd„ZdZed„ƒZd„Z ed„ƒZ!d„Z"RS(s This class implements the BSDi-Crypt password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 4 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 5001, must be between 1 and 16777215, inclusive. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 .. versionchanged:: 1.6 :meth:`hash` will now issue a warning if an even number of rounds is used (see :ref:`bsdi-crypt-security-issues` regarding weak DES keys). R R#R.i ii‰iiÿÿÿtlinears ^ _ (?P[./a-z0-9]{4}) (?P[./a-z0-9]{4}) (?P[./a-z0-9]{11})? $cCsˆt|ddƒ}|jj|ƒ}|s?tjj|ƒ‚n|jdddƒ\}}}|dtj|j dƒƒd|d|ƒS(NR1R2R.R#R6R3( RR[tmatchRR tInvalidHashErrortgroupRR-R(R5R2tmR.R#R6((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR74scCs>tdƒtj|jƒjdƒ|j|jf}t|ƒS(Ns_%s%s%sR1(RRt encode_int24R.RJR#R3R(R8R2((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR9As!cKs?tt|ƒj|}|jd@s;tdtjjƒn|S(NisHbsdi_crypt rounds should be odd, as even rounds may reveal weak DES keys(tsuperR tusingtdefault_roundsRRR tPasslibSecurityWarning(R5tkwdstsubcls((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyReNs  cCstt|ƒjƒ}|dBS(Ni(RdR t_generate_rounds(R5R.((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRjWscKs'|jd@stStt|ƒj|S(Ni(R.RDRdR t_calc_needs_update(R8Rh((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRkes R>R?cCs+tddƒr#|j|jƒtStSdS(NR@s_/...lLDAxARksGCHin.(RRBRCRDRE(R5((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRFtscCse|jƒ}t||ƒ}|rT|j|d ƒrFt|ƒdksLt‚|dS|j|ƒSdS(Ni iiõÿÿÿ(R9RRGRRRH(R8RtconfigR2((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRC|s  +cCs|j|jƒtS(N(RBRHRD(R5((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRIŠscCs(t||j|jjdƒƒjdƒS(NR1(R/R.R#RRJ(R8R((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRHs(ssaltsrounds(sos_cryptsbuiltin(#RKRLRMRNRORRRRPRQRSRTRURft min_roundst max_roundst rounds_costRWRXRRYRZR[R\R7R9RDt_avoid_even_roundsReRjRkR]RFRCRIRH(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR ós0        cBs…eZdZdZd ZejZdZZ ejZ e j e dƒe je jBƒZed„ƒZd„Zed„Zd„ZRS( sgThis class implements the BigCrypt password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 22 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 RR#isX ^ (?P[./a-z0-9]{2}) (?P([./a-z0-9]{11})+)? $cCsjt|ddƒ}|jj|ƒ}|s?tjj|ƒ‚n|jddƒ\}}|d|d|ƒS(NR1R2R#R6R3(RR[R_RR R`Ra(R5R2RbR#R6((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR7Ãs cCs&tdƒ|j|jf}t|ƒS(Ns%s%s(RR#R3R(R8R2((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR9ÌscCsGtt|ƒj|d|ƒ}t|ƒdrCtjj|ƒ‚n|S(Ntrelaxedi (RdRt_norm_checksumRRR R`(R8R3Rq((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRrÐscCsŸt|tƒr!|jdƒ}nt||jjdƒƒ}d}t|ƒ}xA||kr‘|d}|t|||!|dd!ƒ7}|}qQW|jdƒS(Nsutf-8R1iiõÿÿÿi÷ÿÿÿ(RR RR'R#RRJ(R8RR6R(R)R*((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR=Ùs  ! (ssalt(RKRLRMRNRORRPRQRSRTRURWRXRRYRZR[R\R7R9RERrR=(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR–s      cBs…eZdZdZd ZdZejZdZ Z ejZ dZ e jedƒe je jBƒZed„ƒZd „Zd „ZRS( s˜This class implements the crypt16 password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 2 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :param bool truncate_error: By default, crypt16 will silently truncate passwords larger than 16 bytes. Setting ``truncate_error=True`` will cause :meth:`~passlib.ifc.PasswordHash.hash` to raise a :exc:`~passlib.exc.PasswordTruncateError` instead. .. versionadded:: 1.7 :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 RR#R0iiisU ^ (?P[./a-z0-9]{2}) (?P[./a-z0-9]{22})? $cCsjt|ddƒ}|jj|ƒ}|s?tjj|ƒ‚n|jddƒ\}}|d|d|ƒS(NR1R2R#R6R3(RR[R_RR R`Ra(R5R2RbR#R6((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR7+s cCs&tdƒ|j|jf}t|ƒS(Ns%s%s(RR#R3R(R8R2((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR94scCsñt|tƒr!|jdƒ}n|jr:|j|ƒnytj|jjdƒƒ}Wn#tk r~t tdƒƒ‚nXt |ƒ}t |d|dƒ}t |dd!ƒ}t |d|dƒ}t j |ƒt j |ƒ}|jdƒS( Nsutf-8R1sinvalid chars in saltiiiii(RR RR:R;RRR#t ValueErrorR RR RR"RJ(R8RR$tkey1tresult1tkey2tresult2R6((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR=;s   (ssaltstruncate_error(RKRLRMRNRORRRRPRQRSRTRURVRWRXRRYRZR[R\R7R9R=(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRés     (*RMRWtloggingt getLoggerRKtlogtwarningsRt passlib.utilsRRRtpasslib.utils.binaryRRtpasslib.utils.compatRRRR R tpasslib.crypto.desR tpasslib.utils.handlerstutilsthandlersRt__all__RRR'R,R/t TruncateMixintHasManyBackendstHasSalttGenericHandlerR t HasRoundsR RR(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyts,  (    +ƒ+£S