5Xc@s(dZddlmZmZddlmZddlZddlZeje Z ddl m Z ddl mZddlmZmZmZddljjZdd gZd Zd Zed Zd Zd ZdejejejfdYZ d ejejejfdYZ!dS(spasslib.handlers.mssql - MS-SQL Password Hash Notes ===== MS-SQL has used a number of hash algs over the years, most of which were exposed through the undocumented 'pwdencrypt' and 'pwdcompare' sql functions. Known formats ------------- 6.5 snefru hash, ascii encoded password no examples found 7.0 snefru hash, unicode (what encoding?) saw ref that these blobs were 16 bytes in size no examples found 2000 byte string using displayed as 0x hex, using 0x0100 prefix. contains hashes of password and upper-case password. 2007 same as 2000, but without the upper-case hash. refs ---------- https://blogs.msdn.com/b/lcris/archive/2007/04/30/sql-server-2005-about-login-password-hashes.aspx?Redirected=true http://us.generation-nt.com/securing-passwords-hash-help-35429432.html http://forum.md5decrypter.co.uk/topic230-mysql-and-mssql-get-password-hashes.aspx http://www.theregister.co.uk/2002/07/08/cracking_ms_sql_server_passwords/ i(thexlifyt unhexlify(tsha1N(twarn(tconsteq(t bascii_to_strtunicodetut mssql2000t mssql2005cCsGt|tstt|ts*tt|jd|jS(Ns utf-16-le(t isinstanceRtAssertionErrortbytesRtencodetdigest(tsecrettsalt((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyt _raw_mssql9st0x0100cCst|tr7t||kr|jtrtSnLt|trnt||kr|jtrtSntj j |dt S(s#common identify for mssql 2000/2005thash( R Rtlent startswithtUIDENTtTrueR tBIDENTtuhtexctExpectedStringErrortFalse(Rtcsizetbsize((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyt _ident_mssqlBs!!cCst|tret||kr|jtryt|djdSWqbtk r^qbXqnt|trt|tst t||kr|jt ryt|dSWqtk rqXqnt j j |dt j j|dS(sAcommon parser for mssql 2000/2005; returns 4 byte salt + checksumisutf-8RN(R RRRRRR t TypeErrorR R RRRRtInvalidHashError(RRRthandler((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyt _parse_mssqlPs!  !  cBsieZdZdZd ZdZdZZedZ edZ dZ dZ ed Z RS( s*This class implements the password hash used by MS-SQL 2000, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 4 bytes in length. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. RRi(icCst|ddS(Ni^i.(R(tclsR((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pytidentifyscCs0t|dd|}|d|d d|dS(Ni^i.Ritchecksum(R#(R$Rtdata((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyt from_stringscCs*|j|j}dtt|jS(NR(RR&RRtupper(tselftraw((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyt to_stringscCsJt|tr!|jd}n|j}t||t|j|S(Nsutf-8(R R tdecodeRRR)(R*RR((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyt_calc_checksums cCstj||j|}|j}|dkrFtjj|nt|trg|j d}nt |j |j }t ||dS(Nsutf-8i(Rtvalidate_secretR(R&tNoneRtMissingDigestErrorR R R-RR)RR(R$RRR*tchktresult((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pytverifys   (ssalt(t__name__t __module__t__doc__tnamet setting_kwdst checksum_sizet min_salt_sizet max_salt_sizet classmethodR%R(R,R.R4(((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyRfs   cBsZeZdZdZd ZdZdZZedZ edZ dZ dZ RS( s*This class implements the password hash used by MS-SQL 2005, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 4 bytes in length. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. R RiicCst|ddS(Ni6i(R(R$R((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyR%scCs0t|dd|}|d|d d|dS(Ni6iRiR&(R#(R$RR'((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyR(scCs*|j|j}dtt|jS(NR(RR&RRR)(R*R+((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyR,scCs1t|tr!|jd}nt||jS(Nsutf-8(R R R-RR(R*R((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyR.s(ssalt( R5R6R7R8R9R:R;R<R=R%R(R,R.(((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyR s  ("R7tbinasciiRRthashlibRtretloggingt getLoggerR5tlogtwarningsRt passlib.utilsRtpasslib.utils.compatRRRtpasslib.utils.handlerstutilsthandlersRt__all__RRRRR#t HasRawSalttHasRawChecksumtGenericHandlerRR (((s:/usr/lib/python2.7/site-packages/passlib/handlers/mssql.pyt!s$       %M