VirtualMailManager/password.py
author Pascal Volk <neverseen@users.sourceforge.net>
Tue, 04 May 2010 22:26:04 +0000
branchv0.6.x
changeset 288 01cb71c1ae33
parent 287 1e77dd639fa3
child 289 142f188f7552
permissions -rw-r--r--
man5: added misc.dovecot_version to the minimal config example.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
     1
# -*- coding: UTF-8 -*-
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
     2
# Copyright (c) 2010, Pascal Volk
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
     3
# See COPYING for distribution information.
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
     4
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
     5
"""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
     6
    VirtualMailManager.password
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
     7
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
     8
    VirtualMailManager's password module to generate password hashes from
287
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
     9
    passwords or random passwords. This module provides following
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
    10
    functions:
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    11
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    12
        hashed_password = pwhash(password[, scheme][, user])
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    13
        random_password = randompw()
287
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
    14
        scheme, encoding = verify_scheme(scheme)
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    15
"""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    16
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    17
from crypt import crypt
284
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    18
from random import SystemRandom
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    19
from subprocess import Popen, PIPE
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    20
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    21
try:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    22
    import hashlib
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    23
except ImportError:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    24
    from VirtualMailManager.pycompat import hashlib
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    25
272
446483386914 VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 268
diff changeset
    26
from VirtualMailManager import ENCODING
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    27
from VirtualMailManager.EmailAddress import EmailAddress
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    28
from VirtualMailManager.common import get_unicode, version_str
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    29
from VirtualMailManager.constants.ERROR import VMM_ERROR
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    30
from VirtualMailManager.errors import VMMError
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    31
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    32
COMPAT = hasattr(hashlib, 'compat')
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    33
SALTCHARS = './0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    34
PASSWDCHARS = '._-+#*23456789abcdefghikmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ'
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    35
DEFAULT_B64 = (None, 'B64', 'BASE64')
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    36
DEFAULT_HEX = (None, 'HEX')
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    37
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    38
_ = lambda msg: msg
272
446483386914 VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 268
diff changeset
    39
cfg_dget = lambda option: None
284
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    40
_sys_rand = SystemRandom()
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    41
_get_salt = lambda salt_len: ''.join(_sys_rand.sample(SALTCHARS, salt_len))
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    42
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    43
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    44
def _test_crypt_algorithms():
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    45
    """Check for Blowfish/SHA-256/SHA-512 support in crypt.crypt()."""
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    46
    blowfish_ = sha256_ = sha512_ = False
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    47
    _blowfish = '$2a$04$0123456789abcdefABCDE.N.drYX5yIAL1LkTaaZotW3yI0hQhZru'
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    48
    _sha256 = '$5$rounds=1000$0123456789abcdef$K/DksR0DT01hGc8g/kt9McEgrbFMKi\
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    49
9qrb1jehe7hn4'
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    50
    _sha512 = '$6$rounds=1000$0123456789abcdef$ZIAd5WqfyLkpvsVCVUU1GrvqaZTqvh\
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    51
JoouxdSqJO71l9Ld3tVrfOatEjarhghvEYADkq//LpDnTeO90tcbtHR1'
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    52
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    53
    if crypt('08/15!test~4711', '$2a$04$0123456789abcdefABCDEF$') == _blowfish:
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    54
        blowfish_ = True
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    55
    if crypt('08/15!test~4711', '$5$rounds=1000$0123456789abcdef$') == _sha256:
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    56
        sha256_ = True
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    57
    if crypt('08/15!test~4711', '$6$rounds=1000$0123456789abcdef$') == _sha512:
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    58
        sha512_ = True
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    59
    return blowfish_, sha256_, sha512_
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    60
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    61
CRYPT_BLOWFISH, CRYPT_SHA256, CRYPT_SHA512 = _test_crypt_algorithms()
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    62
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    63
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    64
def _dovecotpw(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    65
    """Communicates with dovecotpw (Dovecot 2.0: `doveadm pw`) and returns
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    66
    the hashed password: {scheme[.encoding]}hash
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    67
    """
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    68
    if encoding:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    69
        scheme = '.'.join((scheme, encoding))
272
446483386914 VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 268
diff changeset
    70
    cmd_args = [cfg_dget('bin.dovecotpw'), '-s', scheme, '-p',
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    71
                get_unicode(password)]
272
446483386914 VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 268
diff changeset
    72
    if cfg_dget('misc.dovecot_version') >= 0x20000a01:
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    73
        cmd_args.insert(1, 'pw')
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    74
    process = Popen(cmd_args, stdout=PIPE, stderr=PIPE)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    75
    stdout, stderr = process.communicate()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    76
    if process.returncode:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    77
        raise VMMError(stderr.strip(), VMM_ERROR)
274
45ec5c3cfef4 VMM/password: added small output check on _dovecotpw().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 272
diff changeset
    78
    hashed = stdout.strip()
45ec5c3cfef4 VMM/password: added small output check on _dovecotpw().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 272
diff changeset
    79
    if not hashed.startswith('{%s}' % scheme):
45ec5c3cfef4 VMM/password: added small output check on _dovecotpw().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 272
diff changeset
    80
        raise VMMError('Unexpected result from %s: %s' %
45ec5c3cfef4 VMM/password: added small output check on _dovecotpw().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 272
diff changeset
    81
                       (cfg_dget('bin.dovecotpw'), hashed), VMM_ERROR)
45ec5c3cfef4 VMM/password: added small output check on _dovecotpw().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 272
diff changeset
    82
    return hashed
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    83
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    84
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    85
def _md4_new():
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    86
    """Returns an new MD4-hash object if supported by the hashlib or
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    87
    provided by PyCrypto - other `None`.
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    88
    """
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    89
    try:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    90
        return hashlib.new('md4')
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    91
    except ValueError, err:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    92
        if str(err) == 'unsupported hash type':
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    93
            if not COMPAT:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    94
                try:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    95
                    from Crypto.Hash import MD4
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    96
                    return MD4.new()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    97
                except ImportError:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    98
                    return None
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    99
        else:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   100
            raise
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   101
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   102
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   103
def _sha256_new(data=''):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   104
    """Returns a new sha256 object from the hashlib.
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   105
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   106
    Returns `None` if the PyCrypto in pycompat.hashlib is too old."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   107
    if not COMPAT:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   108
        return hashlib.sha256(data)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   109
    try:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   110
        return hashlib.new('sha256', data)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   111
    except ValueError, err:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   112
        if str(err) == 'unsupported hash type':
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   113
            return None
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   114
        else:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   115
            raise
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   116
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   117
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   118
def _format_digest(digest, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   119
    """Formats the arguments to a string: {scheme[.encoding]}digest."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   120
    if not encoding:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   121
        return '{%s}%s' % (scheme, digest)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   122
    return '{%s.%s}%s' % (scheme, encoding, digest)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   123
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   124
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   125
def _clear_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   126
    """Generates a (encoded) CLEARTEXT/PLAIN 'hash'."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   127
    if encoding:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   128
        if encoding == 'HEX':
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   129
            password = password.encode('hex')
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   130
        else:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   131
            password = password.encode('base64').replace('\n', '')
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   132
        return _format_digest(password, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   133
    return get_unicode('{%s}%s' % (scheme, password))
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   134
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   135
284
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   136
def _get_crypt_blowfish_salt():
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   137
    """Generates a salt for Blowfish crypt."""
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   138
    rounds = cfg_dget('misc.crypt_blowfish_rounds')
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   139
    if rounds < 4:
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   140
        rounds = 4
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   141
    elif rounds > 31:
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   142
        rounds = 31
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   143
    return '$2a$%02d$%s$' % (rounds, _get_salt(22))
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   144
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   145
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   146
def _get_crypt_shaxxx_salt(crypt_id):
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   147
    """Generates a salt for crypt using the SHA-256 or SHA-512 encryption
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   148
    method.
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   149
    *crypt_id* must be either `5` (SHA-256) or `6` (SHA1-512).
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   150
    """
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   151
    assert crypt_id in (5, 6), 'invalid crypt id: %r' % crypt_id
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   152
    if crypt_id is 6:
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   153
        rounds = cfg_dget('misc.crypt_sha512_rounds')
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   154
    else:
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   155
        rounds = cfg_dget('misc.crypt_sha256_rounds')
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   156
    if rounds < 1000:
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   157
        rounds = 1000
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   158
    elif rounds > 999999999:
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   159
        rounds = 999999999
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   160
    return '$%d$rounds=%d$%s$' % (crypt_id, rounds, _get_salt(16))
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   161
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   162
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   163
def _crypt_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   164
    """Generates (encoded) CRYPT/MD5/MD5-CRYPT hashes."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   165
    if scheme == 'CRYPT':
284
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   166
        if CRYPT_BLOWFISH and cfg_dget('misc.crypt_blowfish_rounds'):
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   167
            salt = _get_crypt_blowfish_salt()
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   168
        elif CRYPT_SHA512 and cfg_dget('misc.crypt_sha512_rounds'):
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   169
            salt = _get_crypt_shaxxx_salt(6)
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   170
        elif CRYPT_SHA256 and cfg_dget('misc.crypt_sha256_rounds'):
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   171
            salt = _get_crypt_shaxxx_salt(5)
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   172
        else:
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   173
            salt = _get_salt(2)
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   174
    else:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   175
        salt = '$1$%s$' % _get_salt(8)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   176
    encrypted = crypt(password, salt)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   177
    if encoding:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   178
        if encoding == 'HEX':
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   179
            encrypted = encrypted.encode('hex')
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   180
        else:
284
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   181
            encrypted = encrypted.encode('base64').replace('\n', '')
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   182
    return _format_digest(encrypted, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   183
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   184
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   185
def _md4_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   186
    """Generates encoded PLAIN-MD4 hashes."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   187
    md4 = _md4_new()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   188
    if md4:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   189
        md4.update(password)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   190
        if encoding in DEFAULT_HEX:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   191
            digest = md4.hexdigest()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   192
        else:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   193
            digest = md4.digest().encode('base64').rstrip()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   194
        return _format_digest(digest, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   195
    return _dovecotpw(password, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   196
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   197
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   198
def _md5_hash(password, scheme, encoding, user=None):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   199
    """Generates DIGEST-MD5 aka PLAIN-MD5 and LDAP-MD5 hashes."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   200
    md5 = hashlib.md5()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   201
    if scheme == 'DIGEST-MD5':
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   202
        #  Prior to Dovecot v1.1.12/v1.2.beta2 there was a problem with a
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   203
        #  empty auth_realms setting in dovecot.conf and user@domain.tld
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   204
        #  usernames. So we have to generate different hashes for different
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   205
        #  versions. See also:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   206
        #       http://dovecot.org/list/dovecot-news/2009-March/000103.html
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   207
        #       http://hg.dovecot.org/dovecot-1.1/rev/2b0043ba89ae
272
446483386914 VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 268
diff changeset
   208
        if cfg_dget('misc.dovecot_version') >= 0x1010cf00:
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   209
            md5.update('%s:%s:' % (user.localpart, user.domainname))
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   210
        else:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   211
            md5.update('%s::' % user)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   212
    md5.update(password)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   213
    if (scheme in ('PLAIN-MD5', 'DIGEST-MD5') and encoding in DEFAULT_HEX) \
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   214
      or (scheme == 'LDAP-MD5' and encoding == 'HEX'):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   215
        digest = md5.hexdigest()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   216
    else:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   217
        digest = md5.digest().encode('base64').rstrip()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   218
    return _format_digest(digest, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   219
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   220
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   221
def _ntlm_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   222
    """Generates NTLM hashes."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   223
    md4 = _md4_new()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   224
    if md4:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   225
        password = ''.join('%s\x00' % c for c in password)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   226
        md4.update(password)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   227
        if encoding in DEFAULT_HEX:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   228
            digest = md4.hexdigest()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   229
        else:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   230
            digest = md4.digest().encode('base64').rstrip()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   231
        return _format_digest(digest, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   232
    return _dovecotpw(password, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   233
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   234
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   235
def _sha1_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   236
    """Generates SHA1 aka SHA hashes."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   237
    sha1 = hashlib.sha1(password)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   238
    if encoding in DEFAULT_B64:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   239
        digest = sha1.digest().encode('base64').rstrip()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   240
    else:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   241
        digest = sha1.hexdigest()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   242
    return _format_digest(digest, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   243
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   244
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   245
def _sha256_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   246
    """Generates SHA256 hashes."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   247
    sha256 = _sha256_new(password)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   248
    if sha256:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   249
        if encoding in DEFAULT_B64:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   250
            digest = sha256.digest().encode('base64').rstrip()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   251
        else:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   252
            digest = sha256.hexdigest()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   253
        return _format_digest(digest, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   254
    return _dovecotpw(password, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   255
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   256
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   257
def _sha512_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   258
    """Generates SHA512 hashes."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   259
    if not COMPAT:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   260
        sha512 = hashlib.sha512(password)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   261
        if encoding in DEFAULT_B64:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   262
            digest = sha512.digest().encode('base64').replace('\n', '')
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   263
        else:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   264
            digest = sha512.hexdigest()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   265
        return _format_digest(digest, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   266
    return _dovecotpw(password, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   267
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   269
def _smd5_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   270
    """Generates SMD5 (salted PLAIN-MD5) hashes."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   271
    md5 = hashlib.md5(password)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   272
    salt = _get_salt(4)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   273
    md5.update(salt)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   274
    if encoding in DEFAULT_B64:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   275
        digest = (md5.digest() + salt).encode('base64').rstrip()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   276
    else:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   277
        digest = md5.hexdigest() + salt.encode('hex')
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   278
    return _format_digest(digest, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   279
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   280
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   281
def _ssha1_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   282
    """Generates SSHA (salted SHA/SHA1) hashes."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   283
    sha1 = hashlib.sha1(password)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   284
    salt = _get_salt(4)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   285
    sha1.update(salt)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   286
    if encoding in DEFAULT_B64:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   287
        digest = (sha1.digest() + salt).encode('base64').rstrip()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   288
    else:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   289
        digest = sha1.hexdigest() + salt.encode('hex')
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   290
    return _format_digest(digest, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   291
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   292
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   293
def _ssha256_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   294
    """Generates SSHA256 (salted SHA256) hashes."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   295
    sha256 = _sha256_new(password)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   296
    if sha256:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   297
        salt = _get_salt(4)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   298
        sha256.update(salt)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   299
        if encoding in DEFAULT_B64:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   300
            digest = (sha256.digest() + salt).encode('base64').rstrip()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   301
        else:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   302
            digest = sha256.hexdigest() + salt.encode('hex')
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   303
        return _format_digest(digest, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   304
    return _dovecotpw(password, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   305
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   306
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   307
def _ssha512_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   308
    """Generates SSHA512 (salted SHA512) hashes."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   309
    if not COMPAT:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   310
        salt = _get_salt(4)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   311
        sha512 = hashlib.sha512(password + salt)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   312
        if encoding in DEFAULT_B64:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   313
            digest = (sha512.digest() + salt).encode('base64').replace('\n',
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   314
                                                                       '')
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   315
        else:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   316
            digest = sha512.hexdigest() + salt.encode('hex')
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   317
        return _format_digest(digest, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   318
    return _dovecotpw(password, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   319
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   320
_scheme_info = {
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   321
    'CLEARTEXT': (_clear_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   322
    'CRAM-MD5': (_dovecotpw, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   323
    'CRYPT': (_crypt_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   324
    'DIGEST-MD5': (_md5_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   325
    'HMAC-MD5': (_dovecotpw, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   326
    'LANMAN': (_dovecotpw, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   327
    'LDAP-MD5': (_md5_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   328
    'MD5': (_crypt_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   329
    'MD5-CRYPT': (_crypt_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   330
    'NTLM': (_ntlm_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   331
    'OTP': (_dovecotpw, 0x10100a01),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   332
    'PLAIN': (_clear_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   333
    'PLAIN-MD4': (_md4_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   334
    'PLAIN-MD5': (_md5_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   335
    'RPA': (_dovecotpw, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   336
    'SHA': (_sha1_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   337
    'SHA1': (_sha1_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   338
    'SHA256': (_sha256_hash, 0x10100a01),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   339
    'SHA512': (_sha512_hash, 0x20000b03),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   340
    'SKEY': (_dovecotpw, 0x10100a01),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   341
    'SMD5': (_smd5_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   342
    'SSHA': (_ssha1_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   343
    'SSHA256': (_ssha256_hash, 0x10200a04),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   344
    'SSHA512': (_ssha512_hash, 0x20000b03),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   345
}
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   346
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   347
287
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   348
def verify_scheme(scheme):
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   349
    """Checks if the password scheme *scheme* is known and supported by the
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   350
    configured `misc.dovecot_version`.
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   351
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   352
    The *scheme* maybe a password scheme's name (e.g.: 'PLAIN') or a scheme
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   353
    name with a encoding suffix (e.g. 'PLAIN.BASE64').  If the scheme is
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   354
    known and supported by the used Dovecot version,
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   355
    a tuple ``(scheme, encoding)`` will be returned.
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   356
    The `encoding` in the tuple may be `None`.
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   357
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   358
    Raises a `VMMError` if the password scheme:
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   359
      * is unknown
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   360
      * depends on a newer Dovecot version
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   361
      * has a unknown encoding suffix
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   362
    """
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   363
    assert isinstance(scheme, basestring), 'Not a str/unicode: %r' % scheme
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   364
    scheme_encoding = scheme.upper().split('.')
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   365
    scheme = scheme_encoding[0]
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   366
    if not scheme in _scheme_info:
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   367
        raise VMMError(_(u"Unsupported password scheme: '%s'") % scheme,
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   368
                       VMM_ERROR)
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   369
    if cfg_dget('misc.dovecot_version') < _scheme_info[scheme][1]:
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   370
        raise VMMError(_(u"The password scheme '%(scheme)s' requires Dovecot \
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   371
>= v%(version)s") %
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   372
                       {'scheme': scheme,
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   373
                        'version': version_str(_scheme_info[scheme][1])},
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   374
                       VMM_ERROR)
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   375
    if len(scheme_encoding) > 1:
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   376
        if cfg_dget('misc.dovecot_version') < 0x10100a01:
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   377
            raise VMMError(_(u'Encoding suffixes for password schemes require \
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   378
Dovecot >= v1.1.alpha1'),
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   379
                           VMM_ERROR)
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   380
        if scheme_encoding[1] not in ('B64', 'BASE64', 'HEX'):
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   381
            raise VMMError(_(u"Unsupported password encoding: '%s'") %
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   382
                           scheme_encoding[1], VMM_ERROR)
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   383
        encoding = scheme_encoding[1]
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   384
    else:
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   385
        encoding = None
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   386
    return scheme, encoding
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   387
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   388
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   389
def pwhash(password, scheme=None, user=None):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   390
    """Generates a password hash from the plain text *password* string.
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   391
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   392
    If no *scheme* is given the password scheme from the configuration will
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   393
    be used for the hash generation.  When 'DIGEST-MD5' is used as scheme,
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   394
    also an EmailAddress instance must be given as *user* argument.
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   395
    """
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   396
    if not isinstance(password, basestring):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   397
        raise TypeError('Password is not a string: %r' % password)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   398
    if isinstance(password, unicode):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   399
        password = password.encode(ENCODING)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   400
    password = password.strip()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   401
    if not password:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   402
        raise ValueError("Couldn't accept empty password.")
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   403
    if scheme is None:
272
446483386914 VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 268
diff changeset
   404
        scheme = cfg_dget('misc.password_scheme')
287
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   405
    scheme, encoding = verify_scheme(scheme)
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   406
    if scheme == 'DIGEST-MD5':
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   407
        assert isinstance(user, EmailAddress)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   408
        return _md5_hash(password, scheme, encoding, user)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   409
    return _scheme_info[scheme][0](password, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   410
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   411
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   412
def randompw():
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   413
    """Generates a plain text random password.
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   414
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   415
    The length of the password can be configured in the ``vmm.cfg``
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   416
    (account.password_length).
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   417
    """
272
446483386914 VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 268
diff changeset
   418
    pw_len = cfg_dget('account.password_length')
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   419
    if pw_len < 8:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   420
        pw_len = 8
284
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   421
    return ''.join(_sys_rand.sample(PASSWDCHARS, pw_len))
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   422
284
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   423
del _, cfg_dget, _test_crypt_algorithms