5Xc@sdZddlZddlZejeZddlmZddlm Z m Z m Z ddl m Z mZddlmZmZmZmZmZddlmZddljjZdd d d gZd Zd ZdZdZdZ dej!ej"ej#ej$fdYZ%d ej"ej&ej#ej$fdYZ'd ej#ej$fdYZ(d ej!ej#ej$fdYZ)dS(sFpasslib.handlers.des_crypt - traditional unix (DES) crypt and variantsiN(twarn(t safe_cryptt test_cryptt to_unicode(th64th64big(tbyte_elem_valuetut uascii_to_strtunicodetsuppress_cause(tdes_encrypt_int_blockt des_cryptt bsdi_crypttbigcrypttcrypt16tcCstdt|d DS(sconvert secret to 64-bit DES key. this only uses the first 8 bytes of the secret, and discards the high 8th bit of each byte at that. a null parity bit is inserted after every 7th bit of the output. css1|]'\}}t|d@d|d>VqdS(ii9iN(R(t.0titc((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pys (si(tsumt enumerate(tsecret((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_crypt_secret_to_keys cCstj|}t|tr0|jd}nt|krQtjjt nt |}t |d|d}t j |S(s pure-python backed for des_cryptsutf-8ii(Rt decode_int12t isinstanceR tencodet_BNULLtuhtexctNullPasswordErrorR RR Rt encode_int64(Rtsaltt salt_valuet key_valuetresult((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_raw_des_crypt+s   cCskt|}d}t|}xF||krf|d}t|||!}t|||A}|}q!W|S(s,convert secret to DES key used by bsdi_crypti(RtlenR (RR"tidxtendtnextt tmp_value((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_bsdi_secret_to_keyIs    cCstj|}t|tr0|jd}nt|krQtjjt nt |}t |d||}t j |S(s"pure-python backend for bsdi_cryptsutf-8i(Rt decode_int24RR RRRRRR R*R RR(RtroundsR R!R"R#((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_raw_bsdi_cryptUs  cBseZdZdZdZejZdZdZ Z ejZ dZ e jede je jBZedZd Zd ZdZed ZdZedZdZRS(sThis class implements the des-crypt password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 2 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :param bool truncate_error: By default, des_crypt will silently truncate passwords larger than 8 bytes. Setting ``truncate_error=True`` will cause :meth:`~passlib.ifc.PasswordHash.hash` to raise a :exc:`~passlib.exc.PasswordTruncateError` instead. .. versionadded:: 1.7 :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 R R ttruncate_errori iisU ^ (?P[./a-z0-9]{2}) (?P[./a-z0-9]{11})? $cCs@t|dd}|d |d}}|d|d|p<dS(NtasciithashiR tchecksum(RtNone(tclsR0R tchk((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt from_stringscCs&td|j|jf}t|S(Ns%s%s(RR R1R(tselfR0((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt to_stringscCs&|jr|j|n|j|S(N(t use_defaultst_check_truncate_policyt_calc_checksum_backend(R6R((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_calc_checksums tos_crypttbuiltincCs+tddr#|j|jtStSdS(Nttestt abgOeLfPimXQo(Rt_set_calc_checksum_backendt_calc_checksum_os_crypttTruetFalse(R3((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_load_backend_os_cryptscCs1t||j}|r |dS|j|SdS(Ni(RR t_calc_checksum_builtin(R6RR0((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRAscCs|j|jtS(N(R@RERB(R3((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_load_backend_builtinscCs"t||jjdjdS(NR/(R$R Rtdecode(R6R((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyREs(ssaltR.(R<R=(t__name__t __module__t__doc__tnamet setting_kwdsRt HASH64_CHARStchecksum_charst checksum_sizet min_salt_sizet max_salt_sizet salt_charst truncate_sizetretcompileRtXtIt _hash_regext classmethodR5R7R;tbackendsRDRARFRE(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR ps$       cBseZdZdZdZdZejZdZ Z ejZ dZ dZ dZd Zejed ejejBZed Zd ZeZed ZedZdZdZedZdZ edZ!dZ"RS(s This class implements the BSDi-Crypt password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 4 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 5001, must be between 1 and 16777215, inclusive. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 .. versionchanged:: 1.6 :meth:`hash` will now issue a warning if an even number of rounds is used (see :ref:`bsdi-crypt-security-issues` regarding weak DES keys). R R R,i iiiitlinears ^ _ (?P[./a-z0-9]{4}) (?P[./a-z0-9]{4}) (?P[./a-z0-9]{11})? $cCst|dd}|jj|}|s?tjj|n|jddd\}}}|dtj|j dd|d|S(NR/R0R,R R4R1( RRXtmatchRRtInvalidHashErrortgroupRR+R(R3R0tmR,R R4((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR54scCs>tdtj|jjd|j|jf}t|S(Ns_%s%s%sR/(RRt encode_int24R,RGR R1R(R6R0((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR7As!cKs?tt|j|}|jd@s;tdtjjn|S(NisHbsdi_crypt rounds should be odd, as even rounds may reveal weak DES keys(tsuperR tusingtdefault_roundsRRRtPasslibSecurityWarning(R3tkwdstsubcls((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRbNs  cCstt|j}|dBS(Ni(RaR t_generate_rounds(R3R,((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRgWscKs'|jd@stStt|j|S(Ni(R,RBRaR t_calc_needs_update(R6Re((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRhes R<R=cCs+tddr#|j|jtStSdS(NR>s_/...lLDAxARksGCHin.(RR@RARBRC(R3((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRDtscCs:|j}t||}|r)|dS|j|SdS(Ni(R7RRE(R6RtconfigR0((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRA|s  cCs|j|jtS(N(R@RERB(R3((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRFscCs(t||j|jjdjdS(NR/(R-R,R RRG(R6R((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyREs(ssaltsrounds(sos_cryptsbuiltin(#RHRIRJRKRLRORRMRNRPRQRRRct min_roundst max_roundst rounds_costRTRURRVRWRXRYR5R7RBt_avoid_even_roundsRbRgRhRZRDRARFRE(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR s0        cBseZdZdZd ZejZdZZ ejZ e j e de je jBZedZdZedZdZRS( sgThis class implements the BigCrypt password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 22 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 RR isX ^ (?P[./a-z0-9]{2}) (?P([./a-z0-9]{11})+)? $cCsjt|dd}|jj|}|s?tjj|n|jdd\}}|d|d|S(NR/R0R R4R1(RRXR\RRR]R^(R3R0R_R R4((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR5s cCs&td|j|jf}t|S(Ns%s%s(RR R1R(R6R0((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR7scCsGtt|j|d|}t|drCtjj|n|S(Ntrelaxedi (RaRt_norm_checksumR%RRR](R6R1Rn((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRoscCst|tr!|jd}nt||jjd}d}t|}xA||kr|d}|t|||!|dd!7}|}qQW|jdS(Nsutf-8R/iii(RR RR$R R%RG(R6RR4R&R'R(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR;s  ! (ssalt(RHRIRJRKRLRRMRNRPRQRRRTRURRVRWRXRYR5R7RCRoR;(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRs      cBseZdZdZd ZdZejZdZ Z ejZ dZ e jede je jBZedZd Zd ZRS( sThis class implements the crypt16 password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 2 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :param bool truncate_error: By default, crypt16 will silently truncate passwords larger than 16 bytes. Setting ``truncate_error=True`` will cause :meth:`~passlib.ifc.PasswordHash.hash` to raise a :exc:`~passlib.exc.PasswordTruncateError` instead. .. versionadded:: 1.7 :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 RR R.iiisU ^ (?P[./a-z0-9]{2}) (?P[./a-z0-9]{22})? $cCsjt|dd}|jj|}|s?tjj|n|jdd\}}|d|d|S(NR/R0R R4R1(RRXR\RRR]R^(R3R0R_R R4((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR5+s cCs&td|j|jf}t|S(Ns%s%s(RR R1R(R6R0((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR74scCst|tr!|jd}n|jr:|j|nytj|jjd}Wn#tk r~t tdnXt |}t |d|d}t |dd!}t |d|d}t j |t j |}|jdS( Nsutf-8R/sinvalid chars in saltiiiii(RR RR8R9RRR t ValueErrorR RR RRRG(R6RR!tkey1tresult1tkey2tresult2R4((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR;;s   (ssaltstruncate_error(RHRIRJRKRLRORRMRNRPRQRRRSRTRURRVRWRXRYR5R7R;(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRs     (*RJRTtloggingt getLoggerRHtlogtwarningsRt passlib.utilsRRRtpasslib.utils.binaryRRtpasslib.utils.compatRRRR R tpasslib.crypto.desR tpasslib.utils.handlerstutilsthandlersRt__all__RRR$R*R-t TruncateMixintHasManyBackendstHasSalttGenericHandlerR t HasRoundsR RR(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyts,  (    ++S