ó ö 5Xc@s“dZddlZddlZejeƒZddlmZddlm Z m Z m Z ddl m Z mZddlmZmZmZmZmZddlmZddljjZdd d d gZd Zd „Zd„Zd„Zd„Z dej!ej"ej#ej$fd„ƒYZ%d ej"ej&ej#ej$fd„ƒYZ'd ej#ej$fd„ƒYZ(d ej!ej#ej$fd„ƒYZ)dS(sFpasslib.handlers.des_crypt - traditional unix (DES) crypt and variantsiÿÿÿÿN(twarn(t safe_cryptt test_cryptt to_unicode(th64th64big(tbyte_elem_valuetut uascii_to_strtunicodetsuppress_cause(tdes_encrypt_int_blockt des_cryptt bsdi_crypttbigcrypttcrypt16tcCstd„t|d ƒDƒƒS(sØconvert secret to 64-bit DES key. this only uses the first 8 bytes of the secret, and discards the high 8th bit of each byte at that. a null parity bit is inserted after every 7th bit of the output. css1|]'\}}t|ƒd@d|d>VqdS(ii9iN(R(t.0titc((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pys (si(tsumt enumerate(tsecret((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_crypt_secret_to_keys cCstj|ƒ}t|tƒr0|jdƒ}nt|krQtjjt ƒ‚nt |ƒ}t |d|dƒ}t j |ƒS(s pure-python backed for des_cryptsutf-8ii(Rt decode_int12t isinstanceR tencodet_BNULLtuhtexctNullPasswordErrorR RR Rt encode_int64(Rtsaltt salt_valuet key_valuetresult((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_raw_des_crypt+s   cCskt|ƒ}d}t|ƒ}xF||krf|d}t|||!ƒ}t||ƒ|A}|}q!W|S(s,convert secret to DES key used by bsdi_crypti(RtlenR (RR"tidxtendtnextt tmp_value((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_bsdi_secret_to_keyIs    cCstj|ƒ}t|tƒr0|jdƒ}nt|krQtjjt ƒ‚nt |ƒ}t |d||ƒ}t j |ƒS(s"pure-python backend for bsdi_cryptsutf-8i(Rt decode_int24RR RRRRRR R*R RR(RtroundsR R!R"R#((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_raw_bsdi_cryptUs  cBs»eZdZdZdZejZdZdZ Z ejZ dZ e jedƒe je jBƒZed„ƒZd „Zd „ZdZed „ƒZd„Zed„ƒZd„ZRS(s›This class implements the des-crypt password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 2 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :param bool truncate_error: By default, des_crypt will silently truncate passwords larger than 8 bytes. Setting ``truncate_error=True`` will cause :meth:`~passlib.ifc.PasswordHash.hash` to raise a :exc:`~passlib.exc.PasswordTruncateError` instead. .. versionadded:: 1.7 :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 R R ttruncate_errori iisU ^ (?P[./a-z0-9]{2}) (?P[./a-z0-9]{11})? $cCs@t|ddƒ}|d |d}}|d|d|p<dƒS(NtasciithashiR tchecksum(RtNone(tclsR0R tchk((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt from_string´scCs&tdƒ|j|jf}t|ƒS(Ns%s%s(RR R1R(tselfR0((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt to_stringºscCs&|jr|j|ƒn|j|ƒS(N(t use_defaultst_check_truncate_policyt_calc_checksum_backend(R6R((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_calc_checksumÁs tos_crypttbuiltincCs+tddƒr#|j|jƒtStSdS(Nttestt abgOeLfPimXQo(Rt_set_calc_checksum_backendt_calc_checksum_os_crypttTruetFalse(R3((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_load_backend_os_cryptÐscCs1t||jƒ}|r |dS|j|ƒSdS(Ni(RR t_calc_checksum_builtin(R6RR0((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRAØscCs|j|jƒtS(N(R@RERB(R3((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_load_backend_builtinçscCs"t||jjdƒƒjdƒS(NR/(R$R Rtdecode(R6R((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyREìs(ssaltR.(R<R=(t__name__t __module__t__doc__tnamet setting_kwdsRt HASH64_CHARStchecksum_charst checksum_sizet min_salt_sizet max_salt_sizet salt_charst truncate_sizetretcompileRtXtIt _hash_regext classmethodR5R7R;tbackendsRDRARFRE(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR ps$       cBsñeZdZdZdZdZejZdZ Z ejZ dZ dZ dZd Zejed ƒejejBƒZed „ƒZd „ZeZed „ƒZed„ƒZd„ZdZed„ƒZd„Z ed„ƒZ!d„Z"RS(s This class implements the BSDi-Crypt password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 4 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 5001, must be between 1 and 16777215, inclusive. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 .. versionchanged:: 1.6 :meth:`hash` will now issue a warning if an even number of rounds is used (see :ref:`bsdi-crypt-security-issues` regarding weak DES keys). R R R,i ii‰iiÿÿÿtlinears ^ _ (?P[./a-z0-9]{4}) (?P[./a-z0-9]{4}) (?P[./a-z0-9]{11})? $cCsˆt|ddƒ}|jj|ƒ}|s?tjj|ƒ‚n|jdddƒ\}}}|dtj|j dƒƒd|d|ƒS(NR/R0R,R R4R1( RRXtmatchRRtInvalidHashErrortgroupRR+R(R3R0tmR,R R4((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR54scCs>tdƒtj|jƒjdƒ|j|jf}t|ƒS(Ns_%s%s%sR/(RRt encode_int24R,RGR R1R(R6R0((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR7As!cKs?tt|ƒj|}|jd@s;tdtjjƒn|S(NisHbsdi_crypt rounds should be odd, as even rounds may reveal weak DES keys(tsuperR tusingtdefault_roundsRRRtPasslibSecurityWarning(R3tkwdstsubcls((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRbNs  cCstt|ƒjƒ}|dBS(Ni(RaR t_generate_rounds(R3R,((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRgWscKs'|jd@stStt|ƒj|S(Ni(R,RBRaR t_calc_needs_update(R6Re((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRhes R<R=cCs+tddƒr#|j|jƒtStSdS(NR>s_/...lLDAxARksGCHin.(RR@RARBRC(R3((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRDtscCs:|jƒ}t||ƒ}|r)|dS|j|ƒSdS(Niõÿÿÿ(R7RRE(R6RtconfigR0((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRA|s  cCs|j|jƒtS(N(R@RERB(R3((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRFŠscCs(t||j|jjdƒƒjdƒS(NR/(R-R,R RRG(R6R((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyREs(ssaltsrounds(sos_cryptsbuiltin(#RHRIRJRKRLRORRMRNRPRQRRRct min_roundst max_roundst rounds_costRTRURRVRWRXRYR5R7RBt_avoid_even_roundsRbRgRhRZRDRARFRE(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR ós0        cBs…eZdZdZd ZejZdZZ ejZ e j e dƒe je jBƒZed„ƒZd„Zed„Zd„ZRS( sgThis class implements the BigCrypt password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 22 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 RR isX ^ (?P[./a-z0-9]{2}) (?P([./a-z0-9]{11})+)? $cCsjt|ddƒ}|jj|ƒ}|s?tjj|ƒ‚n|jddƒ\}}|d|d|ƒS(NR/R0R R4R1(RRXR\RRR]R^(R3R0R_R R4((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR5Ãs cCs&tdƒ|j|jf}t|ƒS(Ns%s%s(RR R1R(R6R0((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR7ÌscCsGtt|ƒj|d|ƒ}t|ƒdrCtjj|ƒ‚n|S(Ntrelaxedi (RaRt_norm_checksumR%RRR](R6R1Rn((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRoÐscCsŸt|tƒr!|jdƒ}nt||jjdƒƒ}d}t|ƒ}xA||kr‘|d}|t|||!|dd!ƒ7}|}qQW|jdƒS(Nsutf-8R/iiõÿÿÿi÷ÿÿÿ(RR RR$R R%RG(R6RR4R&R'R(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR;Ùs  ! (ssalt(RHRIRJRKRLRRMRNRPRQRRRTRURRVRWRXRYR5R7RCRoR;(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR–s      cBs…eZdZdZd ZdZejZdZ Z ejZ dZ e jedƒe je jBƒZed„ƒZd „Zd „ZRS( s˜This class implements the crypt16 password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 2 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :param bool truncate_error: By default, crypt16 will silently truncate passwords larger than 16 bytes. Setting ``truncate_error=True`` will cause :meth:`~passlib.ifc.PasswordHash.hash` to raise a :exc:`~passlib.exc.PasswordTruncateError` instead. .. versionadded:: 1.7 :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 RR R.iiisU ^ (?P[./a-z0-9]{2}) (?P[./a-z0-9]{22})? $cCsjt|ddƒ}|jj|ƒ}|s?tjj|ƒ‚n|jddƒ\}}|d|d|ƒS(NR/R0R R4R1(RRXR\RRR]R^(R3R0R_R R4((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR5+s cCs&tdƒ|j|jf}t|ƒS(Ns%s%s(RR R1R(R6R0((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR74scCsñt|tƒr!|jdƒ}n|jr:|j|ƒnytj|jjdƒƒ}Wn#tk r~t tdƒƒ‚nXt |ƒ}t |d|dƒ}t |dd!ƒ}t |d|dƒ}t j |ƒt j |ƒ}|jdƒS( Nsutf-8R/sinvalid chars in saltiiiii(RR RR8R9RRR t ValueErrorR RR RRRG(R6RR!tkey1tresult1tkey2tresult2R4((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR;;s   (ssaltstruncate_error(RHRIRJRKRLRORRMRNRPRQRRRSRTRURRVRWRXRYR5R7R;(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRés     (*RJRTtloggingt getLoggerRHtlogtwarningsRt passlib.utilsRRRtpasslib.utils.binaryRRtpasslib.utils.compatRRRR R tpasslib.crypto.desR tpasslib.utils.handlerstutilsthandlersRt__all__RRR$R*R-t TruncateMixintHasManyBackendstHasSalttGenericHandlerR t HasRoundsR RR(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyts,  (    +ƒ+£S