vmm: comparison VirtualMailManager/password.py

equal deleted inserted replaced

-:429ba58bc302
+:6937cb38db71
 schemes, encodings = list_schemes()
 """
 import hashlib
+from base64 import b64encode
+from binascii import b2a_hex
 from crypt import crypt
 from random import SystemRandom
 from subprocess import Popen, PIPE
 from VirtualMailManager import ENCODING
 if cfg_dget('misc.dovecot_version') >= 0x20000a01:
 cmd_args.insert(1, 'pw')
 process = Popen(cmd_args, stdout=PIPE, stderr=PIPE)
 stdout, stderr = process.communicate()
 if process.returncode:
-raise VMMError(stderr.strip(), VMM_ERROR)
+raise VMMError(stderr.strip().decode(ENCODING), VMM_ERROR)
-hashed = stdout.strip()
+hashed = stdout.strip().decode(ENCODING)
 if not hashed.startswith('{%s}' % scheme):
 raise VMMError('Unexpected result from %s: %s' %
 (cfg_dget('bin.dovecotpw'), hashed), VMM_ERROR)
 return hashed
 return '{%s.%s}%s' % (scheme, encoding, digest)
 def _clear_hash(password, scheme, encoding):
 """Generates a (encoded) CLEARTEXT/PLAIN 'hash'."""
+password = password.decode(ENCODING)
 if encoding:
 if encoding == 'HEX':
-password = password.encode('hex')
+password = b2a_hex(password.encode()).decode()
 else:
-password = password.encode('base64').replace('\n', '')
+password = b64encode(password.encode()).decode()
 return _format_digest(password, scheme, encoding)
-return get_unicode('{%s}%s' % (scheme, password))
+return '{%s}%s' % (scheme, password)
 def _get_crypt_blowfish_salt():
 """Generates a salt for Blowfish crypt."""
 rounds = cfg_dget('misc.crypt_blowfish_rounds')
 salt = '$%d$%s' % (CRYPT_ID_MD5, _get_salt(CRYPT_MD5_SALT_LEN))
 elif scheme == 'SHA256-CRYPT':
 salt = _get_crypt_sha2_salt(CRYPT_ID_SHA256)
 else:
 salt = _get_crypt_sha2_salt(CRYPT_ID_SHA512)
-encrypted = crypt(password, salt)
+encrypted = crypt(password.decode(ENCODING), salt)
 if encoding:
 if encoding == 'HEX':
-encrypted = encrypted.encode('hex')
+encrypted = b2a_hex(encrypted.encode()).decode()
 else:
-encrypted = encrypted.encode('base64').replace('\n', '')
+encrypted = b64encode(encrypted.encode()).decode()
 if scheme in ('BLF-CRYPT', 'SHA256-CRYPT', 'SHA512-CRYPT') and \
 cfg_dget('misc.dovecot_version') < 0x20000b06:
 scheme = 'CRYPT'
 return _format_digest(encrypted, scheme, encoding)
 if md4:
 md4.update(password)
 if encoding in DEFAULT_HEX:
 digest = md4.hexdigest()
 else:
-digest = md4.digest().encode('base64').rstrip()
+digest = b64encode(md4.digest()).decode()
 return _format_digest(digest, scheme, encoding)
 return _dovecotpw(password, scheme, encoding)
 def _md5_hash(password, scheme, encoding, user=None):
 #  usernames. So we have to generate different hashes for different
 #  versions. See also:
 #       http://dovecot.org/list/dovecot-news/2009-March/000103.html
 #       http://hg.dovecot.org/dovecot-1.1/rev/2b0043ba89ae
 if cfg_dget('misc.dovecot_version') >= 0x1010cf00:
-md5.update('%s:%s:' % (user.localpart, user.domainname))
+md5.update(user.localpart.encode() + b':' +
+user.domainname.encode() + b':')
 else:
 md5.update('%s::' % user)
 md5.update(password)
 if (scheme in ('PLAIN-MD5', 'DIGEST-MD5') and encoding in DEFAULT_HEX) or \
 (scheme == 'LDAP-MD5' and encoding == 'HEX'):
 digest = md5.hexdigest()
 else:
-digest = md5.digest().encode('base64').rstrip()
+digest = b64encode(md5.digest()).decode()
 return _format_digest(digest, scheme, encoding)
 def _ntlm_hash(password, scheme, encoding):
 """Generates NTLM hashes."""
 md4 = _md4_new()
 if md4:
-password = ''.join('%s\x00' % c for c in password)
+password = b''.join(bytes(x)
+for x in zip(password, bytes(len(password))))
 md4.update(password)
 if encoding in DEFAULT_HEX:
 digest = md4.hexdigest()
 else:
-digest = md4.digest().encode('base64').rstrip()
+digest = b64encode(md4.digest()).decode()
 return _format_digest(digest, scheme, encoding)
 return _dovecotpw(password, scheme, encoding)
 def _sha1_hash(password, scheme, encoding):
 """Generates SHA1 aka SHA hashes."""
 sha1 = hashlib.sha1(password)
 if encoding in DEFAULT_B64:
-digest = sha1.digest().encode('base64').rstrip()
+digest = b64encode(sha1.digest()).decode()
 else:
 digest = sha1.hexdigest()
 return _format_digest(digest, scheme, encoding)
 def _sha256_hash(password, scheme, encoding):
 """Generates SHA256 hashes."""
 sha256 = hashlib.sha256(password)
 if encoding in DEFAULT_B64:
-digest = sha256.digest().encode('base64').rstrip()
+digest = b64encode(sha256.digest()).decode()
 else:
 digest = sha256.hexdigest()
 return _format_digest(digest, scheme, encoding)
 def _sha512_hash(password, scheme, encoding):
 """Generates SHA512 hashes."""
 sha512 = hashlib.sha512(password)
 if encoding in DEFAULT_B64:
-digest = sha512.digest().encode('base64').replace('\n', '')
+digest = b64encode(sha512.digest()).decode()
 else:
 digest = sha512.hexdigest()
 return _format_digest(digest, scheme, encoding)
 def _smd5_hash(password, scheme, encoding):
 """Generates SMD5 (salted PLAIN-MD5) hashes."""
 md5 = hashlib.md5(password)
-salt = _get_salt(SALTED_ALGO_SALT_LEN)
+salt = _get_salt(SALTED_ALGO_SALT_LEN).encode()
 md5.update(salt)
 if encoding in DEFAULT_B64:
-digest = (md5.digest() + salt).encode('base64').rstrip()
+digest = b64encode(md5.digest() + salt).decode()
 else:
-digest = md5.hexdigest() + salt.encode('hex')
+digest = md5.hexdigest() + b2a_hex(salt).decode()
 return _format_digest(digest, scheme, encoding)
 def _ssha1_hash(password, scheme, encoding):
 """Generates SSHA (salted SHA/SHA1) hashes."""
 sha1 = hashlib.sha1(password)
-salt = _get_salt(SALTED_ALGO_SALT_LEN)
+salt = _get_salt(SALTED_ALGO_SALT_LEN).encode()
 sha1.update(salt)
 if encoding in DEFAULT_B64:
-digest = (sha1.digest() + salt).encode('base64').rstrip()
+digest = b64encode(sha1.digest() + salt).decode()
 else:
-digest = sha1.hexdigest() + salt.encode('hex')
+digest = sha1.hexdigest() + b2a_hex(salt).decode()
 return _format_digest(digest, scheme, encoding)
 def _ssha256_hash(password, scheme, encoding):
 """Generates SSHA256 (salted SHA256) hashes."""
 sha256 = hashlib.sha256(password)
-salt = _get_salt(SALTED_ALGO_SALT_LEN)
+salt = _get_salt(SALTED_ALGO_SALT_LEN).encode()
 sha256.update(salt)
 if encoding in DEFAULT_B64:
-digest = (sha256.digest() + salt).encode('base64').rstrip()
+digest = b64encode(sha256.digest() + salt).decode()
 else:
-digest = sha256.hexdigest() + salt.encode('hex')
+digest = sha256.hexdigest() + b2a_hex(salt).decode()
 return _format_digest(digest, scheme, encoding)
 def _ssha512_hash(password, scheme, encoding):
 """Generates SSHA512 (salted SHA512) hashes."""
-salt = _get_salt(SALTED_ALGO_SALT_LEN)
+salt = _get_salt(SALTED_ALGO_SALT_LEN).encode()
 sha512 = hashlib.sha512(password + salt)
 if encoding in DEFAULT_B64:
-digest = (sha512.digest() + salt).encode('base64').replace('\n', '')
+digest = b64encode(sha512.digest() + salt).decode()
 else:
-digest = sha512.hexdigest() + salt.encode('hex')
+digest = sha512.hexdigest() + b2a_hex(salt).decode()
 return _format_digest(digest, scheme, encoding)
 _scheme_info = {
 'CLEARTEXT': (_clear_hash, 0x10000f00),
 'CRAM-MD5': (_dovecotpw, 0x10000f00),

branch	v0.7.x
changeset 651	6937cb38db71
parent 643	df1e3b67882a
child 655	2bf68600e914