VirtualMailManager/password.py
author Pascal Volk <user@localhost.localdomain.org>
Sun, 08 Jun 2014 17:08:35 +0000
branchv0.7.x
changeset 750 8931c6b8435e
parent 731 77561c118f42
permissions -rw-r--r--
VMM/handler: Handler.user_delete() Added parameter `delete_home'.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
     1
# -*- coding: UTF-8 -*-
703
58815c004a61 Updated copyright notices to include the year 2014.
Pascal Volk <user@localhost.localdomain.org>
parents: 675
diff changeset
     2
# Copyright (c) 2010 - 2014, Pascal Volk
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
     3
# See COPYING for distribution information.
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
     4
"""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
     5
    VirtualMailManager.password
320
011066435e6f VMM/*: Made all modules names lowercase, adjusted imports.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 316
diff changeset
     6
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
     7
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
     8
    VirtualMailManager's password module to generate password hashes from
287
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
     9
    passwords or random passwords. This module provides following
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
    10
    functions:
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    11
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    12
        hashed_password = pwhash(password[, scheme][, user])
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    13
        random_password = randompw()
287
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
    14
        scheme, encoding = verify_scheme(scheme)
461
cabdf94ec580 VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 417
diff changeset
    15
        schemes, encodings = list_schemes()
731
77561c118f42 VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents: 725
diff changeset
    16
        scheme = extract_scheme(hashed_password)
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    17
"""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    18
636
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
    19
import hashlib
731
77561c118f42 VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents: 725
diff changeset
    20
import re
636
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
    21
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
    22
from base64 import b64encode
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
    23
from binascii import b2a_hex
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    24
from crypt import crypt
284
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    25
from random import SystemRandom
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    26
from subprocess import Popen, PIPE
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    27
272
446483386914 VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 268
diff changeset
    28
from VirtualMailManager import ENCODING
320
011066435e6f VMM/*: Made all modules names lowercase, adjusted imports.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 316
diff changeset
    29
from VirtualMailManager.emailaddress import EmailAddress
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    30
from VirtualMailManager.common import get_unicode, version_str
316
31d8931dc535 VMM/constants: Replaced the constants subpackage by a module.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 292
diff changeset
    31
from VirtualMailManager.constants import VMM_ERROR
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    32
from VirtualMailManager.errors import VMMError
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    33
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    34
SALTCHARS = './0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    35
PASSWDCHARS = '._-+#*23456789abcdefghikmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ'
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    36
DEFAULT_B64 = (None, 'B64', 'BASE64')
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    37
DEFAULT_HEX = (None, 'HEX')
292
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
    38
CRYPT_ID_MD5 = 1
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
    39
CRYPT_ID_BLF = '2a'
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
    40
CRYPT_ID_SHA256 = 5
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
    41
CRYPT_ID_SHA512 = 6
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
    42
CRYPT_SALT_LEN = 2
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
    43
CRYPT_BLF_ROUNDS_MIN = 4
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
    44
CRYPT_BLF_ROUNDS_MAX = 31
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
    45
CRYPT_BLF_SALT_LEN = 22
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
    46
CRYPT_MD5_SALT_LEN = 8
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
    47
CRYPT_SHA2_ROUNDS_DEFAULT = 5000
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
    48
CRYPT_SHA2_ROUNDS_MIN = 1000
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
    49
CRYPT_SHA2_ROUNDS_MAX = 999999999
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
    50
CRYPT_SHA2_SALT_LEN = 16
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
    51
SALTED_ALGO_SALT_LEN = 4
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
    52
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    53
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    54
_ = lambda msg: msg
272
446483386914 VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 268
diff changeset
    55
cfg_dget = lambda option: None
284
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    56
_sys_rand = SystemRandom()
292
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
    57
_choice = _sys_rand.choice
643
df1e3b67882a Ran 2to3 from Python 3.2.3.
Pascal Volk <user@localhost.localdomain.org>
parents: 638
diff changeset
    58
_get_salt = lambda s_len: ''.join(_choice(SALTCHARS) for x in range(s_len))
284
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    59
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
    60
722
e37f60b0e3b5 VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents: 711
diff changeset
    61
def _doveadmpw(password, scheme, encoding):
e37f60b0e3b5 VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents: 711
diff changeset
    62
    """Communicates with Dovecot's doveadm and returns
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    63
    the hashed password: {scheme[.encoding]}hash
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    64
    """
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    65
    if encoding:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    66
        scheme = '.'.join((scheme, encoding))
722
e37f60b0e3b5 VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents: 711
diff changeset
    67
    cmd_args = [cfg_dget('bin.doveadm'), 'pw', '-s', scheme, '-p',
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    68
                get_unicode(password)]
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    69
    process = Popen(cmd_args, stdout=PIPE, stderr=PIPE)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    70
    stdout, stderr = process.communicate()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    71
    if process.returncode:
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
    72
        raise VMMError(stderr.strip().decode(ENCODING), VMM_ERROR)
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
    73
    hashed = stdout.strip().decode(ENCODING)
274
45ec5c3cfef4 VMM/password: added small output check on _dovecotpw().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 272
diff changeset
    74
    if not hashed.startswith('{%s}' % scheme):
45ec5c3cfef4 VMM/password: added small output check on _dovecotpw().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 272
diff changeset
    75
        raise VMMError('Unexpected result from %s: %s' %
722
e37f60b0e3b5 VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents: 711
diff changeset
    76
                       (cfg_dget('bin.doveadm'), hashed), VMM_ERROR)
274
45ec5c3cfef4 VMM/password: added small output check on _dovecotpw().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 272
diff changeset
    77
    return hashed
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    78
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    79
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    80
def _md4_new():
655
2bf68600e914 VMM/password: Code cleanups:
Pascal Volk <user@localhost.localdomain.org>
parents: 651
diff changeset
    81
    """Returns an new MD4-hash object if supported by the hashlib -
2bf68600e914 VMM/password: Code cleanups:
Pascal Volk <user@localhost.localdomain.org>
parents: 651
diff changeset
    82
    otherwise `None`.
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    83
    """
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    84
    try:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    85
        return hashlib.new('md4')
643
df1e3b67882a Ran 2to3 from Python 3.2.3.
Pascal Volk <user@localhost.localdomain.org>
parents: 638
diff changeset
    86
    except ValueError as err:
655
2bf68600e914 VMM/password: Code cleanups:
Pascal Volk <user@localhost.localdomain.org>
parents: 651
diff changeset
    87
        if err.args[0].startswith('unsupported hash type'):
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    88
            return None
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    89
        else:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    90
            raise
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    91
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    92
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    93
def _format_digest(digest, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    94
    """Formats the arguments to a string: {scheme[.encoding]}digest."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    95
    if not encoding:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    96
        return '{%s}%s' % (scheme, digest)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    97
    return '{%s.%s}%s' % (scheme, encoding, digest)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    98
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
    99
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   100
def _clear_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   101
    """Generates a (encoded) CLEARTEXT/PLAIN 'hash'."""
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   102
    password = password.decode(ENCODING)
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   103
    if encoding:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   104
        if encoding == 'HEX':
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   105
            password = b2a_hex(password.encode()).decode()
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   106
        else:
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   107
            password = b64encode(password.encode()).decode()
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   108
        return _format_digest(password, scheme, encoding)
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   109
    return '{%s}%s' % (scheme, password)
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   110
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   111
284
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   112
def _get_crypt_blowfish_salt():
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   113
    """Generates a salt for Blowfish crypt."""
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   114
    rounds = cfg_dget('misc.crypt_blowfish_rounds')
292
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   115
    if rounds < CRYPT_BLF_ROUNDS_MIN:
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   116
        rounds = CRYPT_BLF_ROUNDS_MIN
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   117
    elif rounds > CRYPT_BLF_ROUNDS_MAX:
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   118
        rounds = CRYPT_BLF_ROUNDS_MAX
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   119
    return '$%s$%02d$%s' % (CRYPT_ID_BLF, rounds,
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   120
                            _get_salt(CRYPT_BLF_SALT_LEN))
284
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   121
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   122
291
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   123
def _get_crypt_sha2_salt(crypt_id):
284
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   124
    """Generates a salt for crypt using the SHA-256 or SHA-512 encryption
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   125
    method.
292
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   126
    *crypt_id* must be either `5` (SHA-256) or `6` (SHA-512).
284
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   127
    """
292
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   128
    assert crypt_id in (CRYPT_ID_SHA256, CRYPT_ID_SHA512), 'invalid crypt ' \
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   129
           'id: %r' % crypt_id
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   130
    if crypt_id is CRYPT_ID_SHA512:
284
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   131
        rounds = cfg_dget('misc.crypt_sha512_rounds')
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   132
    else:
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   133
        rounds = cfg_dget('misc.crypt_sha256_rounds')
292
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   134
    if rounds < CRYPT_SHA2_ROUNDS_MIN:
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   135
        rounds = CRYPT_SHA2_ROUNDS_MIN
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   136
    elif rounds > CRYPT_SHA2_ROUNDS_MAX:
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   137
        rounds = CRYPT_SHA2_ROUNDS_MAX
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   138
    if rounds == CRYPT_SHA2_ROUNDS_DEFAULT:
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   139
        return '$%d$%s' % (crypt_id, _get_salt(CRYPT_SHA2_SALT_LEN))
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   140
    return '$%d$rounds=%d$%s' % (crypt_id, rounds,
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   141
                                 _get_salt(CRYPT_SHA2_SALT_LEN))
284
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   142
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   143
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   144
def _crypt_hash(password, scheme, encoding):
291
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   145
    """Generates (encoded) CRYPT/MD5/{BLF,MD5,SHA{256,512}}-CRYPT hashes."""
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   146
    if scheme == 'CRYPT':
292
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   147
        salt = _get_salt(CRYPT_SALT_LEN)
291
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   148
    elif scheme == 'BLF-CRYPT':
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   149
        salt = _get_crypt_blowfish_salt()
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   150
    elif scheme in ('MD5-CRYPT', 'MD5'):
292
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   151
        salt = '$%d$%s' % (CRYPT_ID_MD5, _get_salt(CRYPT_MD5_SALT_LEN))
291
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   152
    elif scheme == 'SHA256-CRYPT':
292
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   153
        salt = _get_crypt_sha2_salt(CRYPT_ID_SHA256)
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   154
    else:
292
619dadc0fd25 VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 291
diff changeset
   155
        salt = _get_crypt_sha2_salt(CRYPT_ID_SHA512)
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   156
    encrypted = crypt(password.decode(ENCODING), salt)
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   157
    if encoding:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   158
        if encoding == 'HEX':
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   159
            encrypted = b2a_hex(encrypted.encode()).decode()
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   160
        else:
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   161
            encrypted = b64encode(encrypted.encode()).decode()
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   162
    return _format_digest(encrypted, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   163
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   164
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   165
def _md4_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   166
    """Generates encoded PLAIN-MD4 hashes."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   167
    md4 = _md4_new()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   168
    if md4:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   169
        md4.update(password)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   170
        if encoding in DEFAULT_HEX:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   171
            digest = md4.hexdigest()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   172
        else:
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   173
            digest = b64encode(md4.digest()).decode()
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   174
        return _format_digest(digest, scheme, encoding)
722
e37f60b0e3b5 VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents: 711
diff changeset
   175
    return _doveadmpw(password, scheme, encoding)
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   176
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   177
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   178
def _md5_hash(password, scheme, encoding, user=None):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   179
    """Generates DIGEST-MD5 aka PLAIN-MD5 and LDAP-MD5 hashes."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   180
    md5 = hashlib.md5()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   181
    if scheme == 'DIGEST-MD5':
691
932cd76bf879 VMM: Dropped support for Dovecot versions before v1.2.0.
Pascal Volk <user@localhost.localdomain.org>
parents: 676
diff changeset
   182
        md5.update(user.localpart.encode() + b':' +
932cd76bf879 VMM: Dropped support for Dovecot versions before v1.2.0.
Pascal Volk <user@localhost.localdomain.org>
parents: 676
diff changeset
   183
                   user.domainname.encode() + b':')
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   184
    md5.update(password)
290
e2785e04f92e VMM/…: re-indented long queries and error messages.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 289
diff changeset
   185
    if (scheme in ('PLAIN-MD5', 'DIGEST-MD5') and encoding in DEFAULT_HEX) or \
e2785e04f92e VMM/…: re-indented long queries and error messages.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 289
diff changeset
   186
       (scheme == 'LDAP-MD5' and encoding == 'HEX'):
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   187
        digest = md5.hexdigest()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   188
    else:
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   189
        digest = b64encode(md5.digest()).decode()
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   190
    return _format_digest(digest, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   191
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   192
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   193
def _ntlm_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   194
    """Generates NTLM hashes."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   195
    md4 = _md4_new()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   196
    if md4:
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   197
        password = b''.join(bytes(x)
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   198
                            for x in zip(password, bytes(len(password))))
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   199
        md4.update(password)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   200
        if encoding in DEFAULT_HEX:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   201
            digest = md4.hexdigest()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   202
        else:
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   203
            digest = b64encode(md4.digest()).decode()
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   204
        return _format_digest(digest, scheme, encoding)
722
e37f60b0e3b5 VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents: 711
diff changeset
   205
    return _doveadmpw(password, scheme, encoding)
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   206
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   207
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   208
def _sha1_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   209
    """Generates SHA1 aka SHA hashes."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   210
    sha1 = hashlib.sha1(password)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   211
    if encoding in DEFAULT_B64:
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   212
        digest = b64encode(sha1.digest()).decode()
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   213
    else:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   214
        digest = sha1.hexdigest()
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   215
    return _format_digest(digest, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   216
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   217
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   218
def _sha256_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   219
    """Generates SHA256 hashes."""
636
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   220
    sha256 = hashlib.sha256(password)
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   221
    if encoding in DEFAULT_B64:
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   222
        digest = b64encode(sha256.digest()).decode()
636
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   223
    else:
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   224
        digest = sha256.hexdigest()
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   225
    return _format_digest(digest, scheme, encoding)
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   226
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   227
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   228
def _sha512_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   229
    """Generates SHA512 hashes."""
636
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   230
    sha512 = hashlib.sha512(password)
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   231
    if encoding in DEFAULT_B64:
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   232
        digest = b64encode(sha512.digest()).decode()
636
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   233
    else:
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   234
        digest = sha512.hexdigest()
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   235
    return _format_digest(digest, scheme, encoding)
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   236
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   237
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   238
def _smd5_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   239
    """Generates SMD5 (salted PLAIN-MD5) hashes."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   240
    md5 = hashlib.md5(password)
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   241
    salt = _get_salt(SALTED_ALGO_SALT_LEN).encode()
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   242
    md5.update(salt)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   243
    if encoding in DEFAULT_B64:
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   244
        digest = b64encode(md5.digest() + salt).decode()
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   245
    else:
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   246
        digest = md5.hexdigest() + b2a_hex(salt).decode()
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   247
    return _format_digest(digest, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   248
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   249
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   250
def _ssha1_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   251
    """Generates SSHA (salted SHA/SHA1) hashes."""
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   252
    sha1 = hashlib.sha1(password)
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   253
    salt = _get_salt(SALTED_ALGO_SALT_LEN).encode()
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   254
    sha1.update(salt)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   255
    if encoding in DEFAULT_B64:
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   256
        digest = b64encode(sha1.digest() + salt).decode()
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   257
    else:
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   258
        digest = sha1.hexdigest() + b2a_hex(salt).decode()
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   259
    return _format_digest(digest, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   260
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   261
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   262
def _ssha256_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   263
    """Generates SSHA256 (salted SHA256) hashes."""
636
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   264
    sha256 = hashlib.sha256(password)
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   265
    salt = _get_salt(SALTED_ALGO_SALT_LEN).encode()
636
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   266
    sha256.update(salt)
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   267
    if encoding in DEFAULT_B64:
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   268
        digest = b64encode(sha256.digest() + salt).decode()
636
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   269
    else:
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   270
        digest = sha256.hexdigest() + b2a_hex(salt).decode()
636
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   271
    return _format_digest(digest, scheme, encoding)
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   272
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   273
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   274
def _ssha512_hash(password, scheme, encoding):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   275
    """Generates SSHA512 (salted SHA512) hashes."""
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   276
    salt = _get_salt(SALTED_ALGO_SALT_LEN).encode()
636
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   277
    sha512 = hashlib.sha512(password + salt)
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   278
    if encoding in DEFAULT_B64:
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   279
        digest = b64encode(sha512.digest() + salt).decode()
636
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   280
    else:
651
6937cb38db71 VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents: 643
diff changeset
   281
        digest = sha512.hexdigest() + b2a_hex(salt).decode()
636
27334cfc0c90 VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents: 633
diff changeset
   282
    return _format_digest(digest, scheme, encoding)
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   283
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   284
_scheme_info = {
664
b5cc967a45ad VMM/password: Added scheme CLEAR.
Pascal Volk <user@localhost.localdomain.org>
parents: 655
diff changeset
   285
    'CLEAR': (_clear_hash, 0x2010df00),
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   286
    'CLEARTEXT': (_clear_hash, 0x10000f00),
722
e37f60b0e3b5 VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents: 711
diff changeset
   287
    'CRAM-MD5': (_doveadmpw, 0x10000f00),
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   288
    'CRYPT': (_crypt_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   289
    'DIGEST-MD5': (_md5_hash, 0x10000f00),
722
e37f60b0e3b5 VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents: 711
diff changeset
   290
    'HMAC-MD5': (_doveadmpw, 0x10000f00),
e37f60b0e3b5 VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents: 711
diff changeset
   291
    'LANMAN': (_doveadmpw, 0x10000f00),
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   292
    'LDAP-MD5': (_md5_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   293
    'MD5': (_crypt_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   294
    'MD5-CRYPT': (_crypt_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   295
    'NTLM': (_ntlm_hash, 0x10000f00),
722
e37f60b0e3b5 VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents: 711
diff changeset
   296
    'OTP': (_doveadmpw, 0x10100a01),
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   297
    'PLAIN': (_clear_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   298
    'PLAIN-MD4': (_md4_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   299
    'PLAIN-MD5': (_md5_hash, 0x10000f00),
722
e37f60b0e3b5 VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents: 711
diff changeset
   300
    'RPA': (_doveadmpw, 0x10000f00),
e37f60b0e3b5 VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents: 711
diff changeset
   301
    'SCRAM-SHA-1': (_doveadmpw, 0x20200a01),
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   302
    'SHA': (_sha1_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   303
    'SHA1': (_sha1_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   304
    'SHA256': (_sha256_hash, 0x10100a01),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   305
    'SHA512': (_sha512_hash, 0x20000b03),
722
e37f60b0e3b5 VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents: 711
diff changeset
   306
    'SKEY': (_doveadmpw, 0x10100a01),
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   307
    'SMD5': (_smd5_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   308
    'SSHA': (_ssha1_hash, 0x10000f00),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   309
    'SSHA256': (_ssha256_hash, 0x10200a04),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   310
    'SSHA512': (_ssha512_hash, 0x20000b03),
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   311
}
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   312
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   313
731
77561c118f42 VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents: 725
diff changeset
   314
def extract_scheme(password_hash):
77561c118f42 VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents: 725
diff changeset
   315
    """Returns the extracted password scheme from *password_hash*.
77561c118f42 VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents: 725
diff changeset
   316
77561c118f42 VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents: 725
diff changeset
   317
    If the scheme couldn't be extracted, **None** will be returned.
77561c118f42 VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents: 725
diff changeset
   318
    """
77561c118f42 VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents: 725
diff changeset
   319
    scheme = re.match(r'^\{([^\}]{3,37})\}', password_hash)
77561c118f42 VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents: 725
diff changeset
   320
    if scheme:
77561c118f42 VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents: 725
diff changeset
   321
        return scheme.groups()[0]
77561c118f42 VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents: 725
diff changeset
   322
    return scheme
77561c118f42 VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents: 725
diff changeset
   323
77561c118f42 VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents: 725
diff changeset
   324
461
cabdf94ec580 VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 417
diff changeset
   325
def list_schemes():
cabdf94ec580 VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 417
diff changeset
   326
    """Returns the tuple (schemes, encodings).
cabdf94ec580 VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 417
diff changeset
   327
cabdf94ec580 VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 417
diff changeset
   328
    `schemes` is an iterator for all supported password schemes (depends on
cabdf94ec580 VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 417
diff changeset
   329
    the used Dovecot version and features of the libc).
691
932cd76bf879 VMM: Dropped support for Dovecot versions before v1.2.0.
Pascal Volk <user@localhost.localdomain.org>
parents: 676
diff changeset
   330
    `encodings` is a tuple with all usable encoding suffixes.
461
cabdf94ec580 VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 417
diff changeset
   331
    """
cabdf94ec580 VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 417
diff changeset
   332
    dcv = cfg_dget('misc.dovecot_version')
643
df1e3b67882a Ran 2to3 from Python 3.2.3.
Pascal Volk <user@localhost.localdomain.org>
parents: 638
diff changeset
   333
    schemes = (k for (k, v) in _scheme_info.items() if v[1] <= dcv)
691
932cd76bf879 VMM: Dropped support for Dovecot versions before v1.2.0.
Pascal Volk <user@localhost.localdomain.org>
parents: 676
diff changeset
   334
    encodings = ('.B64', '.BASE64', '.HEX')
461
cabdf94ec580 VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 417
diff changeset
   335
    return schemes, encodings
cabdf94ec580 VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 417
diff changeset
   336
cabdf94ec580 VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 417
diff changeset
   337
287
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   338
def verify_scheme(scheme):
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   339
    """Checks if the password scheme *scheme* is known and supported by the
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   340
    configured `misc.dovecot_version`.
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   341
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   342
    The *scheme* maybe a password scheme's name (e.g.: 'PLAIN') or a scheme
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   343
    name with a encoding suffix (e.g. 'PLAIN.BASE64').  If the scheme is
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   344
    known and supported by the used Dovecot version,
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   345
    a tuple ``(scheme, encoding)`` will be returned.
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   346
    The `encoding` in the tuple may be `None`.
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   347
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   348
    Raises a `VMMError` if the password scheme:
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   349
      * is unknown
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   350
      * depends on a newer Dovecot version
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   351
      * has a unknown encoding suffix
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   352
    """
655
2bf68600e914 VMM/password: Code cleanups:
Pascal Volk <user@localhost.localdomain.org>
parents: 651
diff changeset
   353
    assert isinstance(scheme, str), 'Not a str: {!r}'.format(scheme)
287
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   354
    scheme_encoding = scheme.upper().split('.')
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   355
    scheme = scheme_encoding[0]
291
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   356
    if scheme not in _scheme_info:
643
df1e3b67882a Ran 2to3 from Python 3.2.3.
Pascal Volk <user@localhost.localdomain.org>
parents: 638
diff changeset
   357
        raise VMMError(_("Unsupported password scheme: '%s'") % scheme,
287
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   358
                       VMM_ERROR)
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   359
    if cfg_dget('misc.dovecot_version') < _scheme_info[scheme][1]:
643
df1e3b67882a Ran 2to3 from Python 3.2.3.
Pascal Volk <user@localhost.localdomain.org>
parents: 638
diff changeset
   360
        raise VMMError(_("The password scheme '%(scheme)s' requires Dovecot "
df1e3b67882a Ran 2to3 from Python 3.2.3.
Pascal Volk <user@localhost.localdomain.org>
parents: 638
diff changeset
   361
                         ">= v%(version)s.") % {'scheme': scheme,
290
e2785e04f92e VMM/…: re-indented long queries and error messages.
Pascal Volk <neverseen@users.sourceforge.net>
parents: 289
diff changeset
   362
                       'version': version_str(_scheme_info[scheme][1])},
287
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   363
                       VMM_ERROR)
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   364
    if len(scheme_encoding) > 1:
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   365
        if scheme_encoding[1] not in ('B64', 'BASE64', 'HEX'):
643
df1e3b67882a Ran 2to3 from Python 3.2.3.
Pascal Volk <user@localhost.localdomain.org>
parents: 638
diff changeset
   366
            raise VMMError(_("Unsupported password encoding: '%s'") %
287
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   367
                           scheme_encoding[1], VMM_ERROR)
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   368
        encoding = scheme_encoding[1]
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   369
    else:
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   370
        encoding = None
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   371
    return scheme, encoding
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   372
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   373
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   374
def pwhash(password, scheme=None, user=None):
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   375
    """Generates a password hash from the plain text *password* string.
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   376
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   377
    If no *scheme* is given the password scheme from the configuration will
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   378
    be used for the hash generation.  When 'DIGEST-MD5' is used as scheme,
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   379
    also an EmailAddress instance must be given as *user* argument.
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   380
    """
643
df1e3b67882a Ran 2to3 from Python 3.2.3.
Pascal Volk <user@localhost.localdomain.org>
parents: 638
diff changeset
   381
    if not isinstance(password, str):
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   382
        raise TypeError('Password is not a string: %r' % password)
655
2bf68600e914 VMM/password: Code cleanups:
Pascal Volk <user@localhost.localdomain.org>
parents: 651
diff changeset
   383
    password = password.encode(ENCODING).strip()
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   384
    if not password:
417
8209da83e256 VMM: Updated some messages. (doesn't, isn't) -> (does not, is not)
Pascal Volk <neverseen@users.sourceforge.net>
parents: 366
diff changeset
   385
        raise ValueError("Could not accept empty password.")
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   386
    if scheme is None:
272
446483386914 VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 268
diff changeset
   387
        scheme = cfg_dget('misc.password_scheme')
287
1e77dd639fa3 VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents: 284
diff changeset
   388
    scheme, encoding = verify_scheme(scheme)
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   389
    if scheme == 'DIGEST-MD5':
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   390
        assert isinstance(user, EmailAddress)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   391
        return _md5_hash(password, scheme, encoding, user)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   392
    return _scheme_info[scheme][0](password, scheme, encoding)
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   393
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   394
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   395
def randompw():
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   396
    """Generates a plain text random password.
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   397
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   398
    The length of the password can be configured in the ``vmm.cfg``
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   399
    (account.password_length).
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   400
    """
272
446483386914 VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 268
diff changeset
   401
    pw_len = cfg_dget('account.password_length')
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   402
    if pw_len < 8:
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   403
        pw_len = 8
284
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   404
    return ''.join(_sys_rand.sample(PASSWDCHARS, pw_len))
268
beb8f4421f92 VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff changeset
   405
291
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   406
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   407
def _test_crypt_algorithms():
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   408
    """Check for Blowfish/SHA-256/SHA-512 support in crypt.crypt()."""
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   409
    _blowfish = '$2a$04$0123456789abcdefABCDE.N.drYX5yIAL1LkTaaZotW3yI0hQhZru'
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   410
    _sha256 = '$5$rounds=1000$0123456789abcdef$K/DksR0DT01hGc8g/kt9McEgrbFMKi\
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   411
9qrb1jehe7hn4'
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   412
    _sha512 = '$6$rounds=1000$0123456789abcdef$ZIAd5WqfyLkpvsVCVUU1GrvqaZTqvh\
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   413
JoouxdSqJO71l9Ld3tVrfOatEjarhghvEYADkq//LpDnTeO90tcbtHR1'
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   414
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   415
    if crypt('08/15!test~4711', '$2a$04$0123456789abcdefABCDEF$') == _blowfish:
725
300b76de5ad0 VMM/password: Dropped Dovecot v1 compatibility code.
Pascal Volk <user@localhost.localdomain.org>
parents: 722
diff changeset
   416
        _scheme_info['BLF-CRYPT'] = (_crypt_hash, 0x20000b06)
291
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   417
    if crypt('08/15!test~4711', '$5$rounds=1000$0123456789abcdef$') == _sha256:
725
300b76de5ad0 VMM/password: Dropped Dovecot v1 compatibility code.
Pascal Volk <user@localhost.localdomain.org>
parents: 722
diff changeset
   418
        _scheme_info['SHA256-CRYPT'] = (_crypt_hash, 0x20000b06)
291
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   419
    if crypt('08/15!test~4711', '$6$rounds=1000$0123456789abcdef$') == _sha512:
725
300b76de5ad0 VMM/password: Dropped Dovecot v1 compatibility code.
Pascal Volk <user@localhost.localdomain.org>
parents: 722
diff changeset
   420
        _scheme_info['SHA512-CRYPT'] = (_crypt_hash, 0x20000b06)
291
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   421
7ef3f117a230 VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents: 290
diff changeset
   422
_test_crypt_algorithms()
284
ec1966828246 VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents: 274
diff changeset
   423
del _, cfg_dget, _test_crypt_algorithms