5Xc@sdZddlZddlZejeZddlmZddlm Z m Z m Z ddl m Z mZddlmZmZmZmZmZddlmZddljjZdd d d gZd Zd ZdZdZdZ dej!ej"ej#ej$fdYZ%d ej"ej&ej#ej$fdYZ'd ej#ej$fdYZ(d ej!ej#ej$fdYZ)dS(sFpasslib.handlers.des_crypt - traditional unix (DES) crypt and variantsiN(twarn(t safe_cryptt test_cryptt to_unicode(th64th64big(tbyte_elem_valuetut uascii_to_strtunicodetsuppress_cause(tdes_encrypt_int_blockt des_cryptt bsdi_crypttbigcrypttcrypt16tcCstdt|d DS(sconvert secret to 64-bit DES key. this only uses the first 8 bytes of the secret, and discards the high 8th bit of each byte at that. a null parity bit is inserted after every 7th bit of the output. css1|]'\}}t|d@d|d>VqdS(ii9iN(R(t.0titc((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pys (si(tsumt enumerate(tsecret((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_crypt_secret_to_keys cCst|dksttj|}t|trH|jd}nt|ts]tt|kr~t j j t nt |}t|d|d}tj|S(s pure-python backed for des_cryptisutf-8ii(tlentAssertionErrorRt decode_int12t isinstanceR tencodetbytest_BNULLtuhtexctNullPasswordErrorR RR Rt encode_int64(Rtsaltt salt_valuet key_valuetresult((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_raw_des_crypt+s  cCskt|}d}t|}xF||krf|d}t|||!}t|||A}|}q!W|S(s,convert secret to DES key used by bsdi_crypti(RRR (RR%tidxtendtnextt tmp_value((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_bsdi_secret_to_keyIs    cCstj|}t|tr0|jd}nt|tsEtt|krftj j t nt |}t |d||}tj|S(s"pure-python backend for bsdi_cryptsutf-8i(Rt decode_int24RR RRRRRR R!R R,R RR"(RtroundsR#R$R%R&((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_raw_bsdi_cryptUs  cBseZdZdZdZejZdZdZ Z ejZ dZ e jede je jBZedZd Zd ZdZed ZdZedZdZRS(sThis class implements the des-crypt password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 2 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :param bool truncate_error: By default, des_crypt will silently truncate passwords larger than 8 bytes. Setting ``truncate_error=True`` will cause :meth:`~passlib.ifc.PasswordHash.hash` to raise a :exc:`~passlib.exc.PasswordTruncateError` instead. .. versionadded:: 1.7 :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 R R#ttruncate_errori iisU ^ (?P[./a-z0-9]{2}) (?P[./a-z0-9]{11})? $cCs@t|dd}|d |d}}|d|d|p<dS(NtasciithashiR#tchecksum(RtNone(tclsR2R#tchk((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt from_stringscCs&td|j|jf}t|S(Ns%s%s(RR#R3R(tselfR2((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt to_stringscCs&|jr|j|n|j|S(N(t use_defaultst_check_truncate_policyt_calc_checksum_backend(R8R((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_calc_checksums tos_crypttbuiltincCs+tddr#|j|jtStSdS(Nttestt abgOeLfPimXQo(Rt_set_calc_checksum_backendt_calc_checksum_os_crypttTruetFalse(R5((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_load_backend_os_cryptscCs[t||j}|rJ|j|jr<t|dksBt|dS|j|SdS(Ni i(RR#t startswithRRt_calc_checksum_builtin(R8RR2((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRCs *cCs|j|jtS(N(RBRHRD(R5((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyt_load_backend_builtinscCs"t||jjdjdS(NR1(R'R#Rtdecode(R8R((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRHs(ssaltR0(R>R?(t__name__t __module__t__doc__tnamet setting_kwdsRt HASH64_CHARStchecksum_charst checksum_sizet min_salt_sizet max_salt_sizet salt_charst truncate_sizetretcompileRtXtIt _hash_regext classmethodR7R9R=tbackendsRFRCRIRH(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR ps$       cBseZdZdZdZdZejZdZ Z ejZ dZ dZ dZd Zejed ejejBZed Zd ZeZed ZedZdZdZedZdZ edZ!dZ"RS(s This class implements the BSDi-Crypt password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 4 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 5001, must be between 1 and 16777215, inclusive. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 .. versionchanged:: 1.6 :meth:`hash` will now issue a warning if an even number of rounds is used (see :ref:`bsdi-crypt-security-issues` regarding weak DES keys). R R#R.i iiiitlinears ^ _ (?P[./a-z0-9]{4}) (?P[./a-z0-9]{4}) (?P[./a-z0-9]{11})? $cCst|dd}|jj|}|s?tjj|n|jddd\}}}|dtj|j dd|d|S(NR1R2R.R#R6R3( RR[tmatchRR tInvalidHashErrortgroupRR-R(R5R2tmR.R#R6((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR74scCs>tdtj|jjd|j|jf}t|S(Ns_%s%s%sR1(RRt encode_int24R.RJR#R3R(R8R2((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR9As!cKs?tt|j|}|jd@s;tdtjjn|S(NisHbsdi_crypt rounds should be odd, as even rounds may reveal weak DES keys(tsuperR tusingtdefault_roundsRRR tPasslibSecurityWarning(R5tkwdstsubcls((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyReNs  cCstt|j}|dBS(Ni(RdR t_generate_rounds(R5R.((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRjWscKs'|jd@stStt|j|S(Ni(R.RDRdR t_calc_needs_update(R8Rh((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRkes R>R?cCs+tddr#|j|jtStSdS(NR@s_/...lLDAxARksGCHin.(RRBRCRDRE(R5((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRFtscCse|j}t||}|rT|j|d rFt|dksLt|dS|j|SdS(Ni ii(R9RRGRRRH(R8RtconfigR2((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRC|s  +cCs|j|jtS(N(RBRHRD(R5((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRIscCs(t||j|jjdjdS(NR1(R/R.R#RRJ(R8R((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRHs(ssaltsrounds(sos_cryptsbuiltin(#RKRLRMRNRORRRRPRQRSRTRURft min_roundst max_roundst rounds_costRWRXRRYRZR[R\R7R9RDt_avoid_even_roundsReRjRkR]RFRCRIRH(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR s0        cBseZdZdZd ZejZdZZ ejZ e j e de je jBZedZdZedZdZRS( sgThis class implements the BigCrypt password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 22 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 RR#isX ^ (?P[./a-z0-9]{2}) (?P([./a-z0-9]{11})+)? $cCsjt|dd}|jj|}|s?tjj|n|jdd\}}|d|d|S(NR1R2R#R6R3(RR[R_RR R`Ra(R5R2RbR#R6((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR7s cCs&td|j|jf}t|S(Ns%s%s(RR#R3R(R8R2((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR9scCsGtt|j|d|}t|drCtjj|n|S(Ntrelaxedi (RdRt_norm_checksumRRR R`(R8R3Rq((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRrscCst|tr!|jd}nt||jjd}d}t|}xA||kr|d}|t|||!|dd!7}|}qQW|jdS(Nsutf-8R1iii(RR RR'R#RRJ(R8RR6R(R)R*((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR=s  ! (ssalt(RKRLRMRNRORRPRQRSRTRURWRXRRYRZR[R\R7R9RERrR=(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRs      cBseZdZdZd ZdZejZdZ Z ejZ dZ e jede je jBZedZd Zd ZRS( sThis class implements the crypt16 password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 2 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :param bool truncate_error: By default, crypt16 will silently truncate passwords larger than 16 bytes. Setting ``truncate_error=True`` will cause :meth:`~passlib.ifc.PasswordHash.hash` to raise a :exc:`~passlib.exc.PasswordTruncateError` instead. .. versionadded:: 1.7 :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 RR#R0iiisU ^ (?P[./a-z0-9]{2}) (?P[./a-z0-9]{22})? $cCsjt|dd}|jj|}|s?tjj|n|jdd\}}|d|d|S(NR1R2R#R6R3(RR[R_RR R`Ra(R5R2RbR#R6((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR7+s cCs&td|j|jf}t|S(Ns%s%s(RR#R3R(R8R2((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR94scCst|tr!|jd}n|jr:|j|nytj|jjd}Wn#tk r~t tdnXt |}t |d|d}t |dd!}t |d|d}t j |t j |}|jdS( Nsutf-8R1sinvalid chars in saltiiiii(RR RR:R;RRR#t ValueErrorR RR RR"RJ(R8RR$tkey1tresult1tkey2tresult2R6((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyR=;s   (ssaltstruncate_error(RKRLRMRNRORRRRPRQRSRTRURVRWRXRRYRZR[R\R7R9R=(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyRs     (*RMRWtloggingt getLoggerRKtlogtwarningsRt passlib.utilsRRRtpasslib.utils.binaryRRtpasslib.utils.compatRRRR R tpasslib.crypto.desR tpasslib.utils.handlerstutilsthandlersRt__all__RRR'R,R/t TruncateMixintHasManyBackendstHasSalttGenericHandlerR t HasRoundsR RR(((s>/usr/lib/python2.7/site-packages/passlib/handlers/des_crypt.pyts,  (    ++S