author | Pascal Volk <user@localhost.localdomain.org> |
Sun, 21 Nov 2021 21:27:53 +0000 | |
branch | v0.7.x |
changeset 759 | 2a23083e2ea3 |
parent 731 | 77561c118f42 |
permissions | -rw-r--r-- |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
1 |
# -*- coding: UTF-8 -*- |
703
58815c004a61
Updated copyright notices to include the year 2014.
Pascal Volk <user@localhost.localdomain.org>
parents:
675
diff
changeset
|
2 |
# Copyright (c) 2010 - 2014, Pascal Volk |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
3 |
# See COPYING for distribution information. |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
4 |
""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
5 |
VirtualMailManager.password |
320
011066435e6f
VMM/*: Made all modules names lowercase, adjusted imports.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
316
diff
changeset
|
6 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
7 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
8 |
VirtualMailManager's password module to generate password hashes from |
287
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
9 |
passwords or random passwords. This module provides following |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
10 |
functions: |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
11 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
12 |
hashed_password = pwhash(password[, scheme][, user]) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
13 |
random_password = randompw() |
287
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
14 |
scheme, encoding = verify_scheme(scheme) |
461
cabdf94ec580
VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
417
diff
changeset
|
15 |
schemes, encodings = list_schemes() |
731
77561c118f42
VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents:
725
diff
changeset
|
16 |
scheme = extract_scheme(hashed_password) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
17 |
""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
18 |
|
636
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
19 |
import hashlib |
731
77561c118f42
VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents:
725
diff
changeset
|
20 |
import re |
636
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
21 |
|
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
22 |
from base64 import b64encode |
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
23 |
from binascii import b2a_hex |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
24 |
from crypt import crypt |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
25 |
from random import SystemRandom |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
26 |
from subprocess import Popen, PIPE |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
27 |
|
272
446483386914
VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
268
diff
changeset
|
28 |
from VirtualMailManager import ENCODING |
320
011066435e6f
VMM/*: Made all modules names lowercase, adjusted imports.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
316
diff
changeset
|
29 |
from VirtualMailManager.emailaddress import EmailAddress |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
30 |
from VirtualMailManager.common import get_unicode, version_str |
316
31d8931dc535
VMM/constants: Replaced the constants subpackage by a module.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
292
diff
changeset
|
31 |
from VirtualMailManager.constants import VMM_ERROR |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
32 |
from VirtualMailManager.errors import VMMError |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
33 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
34 |
SALTCHARS = './0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
35 |
PASSWDCHARS = '._-+#*23456789abcdefghikmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ' |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
36 |
DEFAULT_B64 = (None, 'B64', 'BASE64') |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
37 |
DEFAULT_HEX = (None, 'HEX') |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
38 |
CRYPT_ID_MD5 = 1 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
39 |
CRYPT_ID_BLF = '2a' |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
40 |
CRYPT_ID_SHA256 = 5 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
41 |
CRYPT_ID_SHA512 = 6 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
42 |
CRYPT_SALT_LEN = 2 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
43 |
CRYPT_BLF_ROUNDS_MIN = 4 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
44 |
CRYPT_BLF_ROUNDS_MAX = 31 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
45 |
CRYPT_BLF_SALT_LEN = 22 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
46 |
CRYPT_MD5_SALT_LEN = 8 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
47 |
CRYPT_SHA2_ROUNDS_DEFAULT = 5000 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
48 |
CRYPT_SHA2_ROUNDS_MIN = 1000 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
49 |
CRYPT_SHA2_ROUNDS_MAX = 999999999 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
50 |
CRYPT_SHA2_SALT_LEN = 16 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
51 |
SALTED_ALGO_SALT_LEN = 4 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
52 |
|
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
53 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
54 |
_ = lambda msg: msg |
272
446483386914
VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
268
diff
changeset
|
55 |
cfg_dget = lambda option: None |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
56 |
_sys_rand = SystemRandom() |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
57 |
_choice = _sys_rand.choice |
643
df1e3b67882a
Ran 2to3 from Python 3.2.3.
Pascal Volk <user@localhost.localdomain.org>
parents:
638
diff
changeset
|
58 |
_get_salt = lambda s_len: ''.join(_choice(SALTCHARS) for x in range(s_len)) |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
59 |
|
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
60 |
|
722
e37f60b0e3b5
VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents:
711
diff
changeset
|
61 |
def _doveadmpw(password, scheme, encoding): |
e37f60b0e3b5
VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents:
711
diff
changeset
|
62 |
"""Communicates with Dovecot's doveadm and returns |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
63 |
the hashed password: {scheme[.encoding]}hash |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
64 |
""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
65 |
if encoding: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
66 |
scheme = '.'.join((scheme, encoding)) |
722
e37f60b0e3b5
VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents:
711
diff
changeset
|
67 |
cmd_args = [cfg_dget('bin.doveadm'), 'pw', '-s', scheme, '-p', |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
68 |
get_unicode(password)] |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
69 |
process = Popen(cmd_args, stdout=PIPE, stderr=PIPE) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
70 |
stdout, stderr = process.communicate() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
71 |
if process.returncode: |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
72 |
raise VMMError(stderr.strip().decode(ENCODING), VMM_ERROR) |
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
73 |
hashed = stdout.strip().decode(ENCODING) |
274
45ec5c3cfef4
VMM/password: added small output check on _dovecotpw().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
272
diff
changeset
|
74 |
if not hashed.startswith('{%s}' % scheme): |
45ec5c3cfef4
VMM/password: added small output check on _dovecotpw().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
272
diff
changeset
|
75 |
raise VMMError('Unexpected result from %s: %s' % |
722
e37f60b0e3b5
VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents:
711
diff
changeset
|
76 |
(cfg_dget('bin.doveadm'), hashed), VMM_ERROR) |
274
45ec5c3cfef4
VMM/password: added small output check on _dovecotpw().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
272
diff
changeset
|
77 |
return hashed |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
78 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
79 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
80 |
def _md4_new(): |
655
2bf68600e914
VMM/password: Code cleanups:
Pascal Volk <user@localhost.localdomain.org>
parents:
651
diff
changeset
|
81 |
"""Returns an new MD4-hash object if supported by the hashlib - |
2bf68600e914
VMM/password: Code cleanups:
Pascal Volk <user@localhost.localdomain.org>
parents:
651
diff
changeset
|
82 |
otherwise `None`. |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
83 |
""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
84 |
try: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
85 |
return hashlib.new('md4') |
643
df1e3b67882a
Ran 2to3 from Python 3.2.3.
Pascal Volk <user@localhost.localdomain.org>
parents:
638
diff
changeset
|
86 |
except ValueError as err: |
655
2bf68600e914
VMM/password: Code cleanups:
Pascal Volk <user@localhost.localdomain.org>
parents:
651
diff
changeset
|
87 |
if err.args[0].startswith('unsupported hash type'): |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
88 |
return None |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
89 |
else: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
90 |
raise |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
91 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
92 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
93 |
def _format_digest(digest, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
94 |
"""Formats the arguments to a string: {scheme[.encoding]}digest.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
95 |
if not encoding: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
96 |
return '{%s}%s' % (scheme, digest) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
97 |
return '{%s.%s}%s' % (scheme, encoding, digest) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
98 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
99 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
100 |
def _clear_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
101 |
"""Generates a (encoded) CLEARTEXT/PLAIN 'hash'.""" |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
102 |
password = password.decode(ENCODING) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
103 |
if encoding: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
104 |
if encoding == 'HEX': |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
105 |
password = b2a_hex(password.encode()).decode() |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
106 |
else: |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
107 |
password = b64encode(password.encode()).decode() |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
108 |
return _format_digest(password, scheme, encoding) |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
109 |
return '{%s}%s' % (scheme, password) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
110 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
111 |
|
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
112 |
def _get_crypt_blowfish_salt(): |
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
113 |
"""Generates a salt for Blowfish crypt.""" |
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
114 |
rounds = cfg_dget('misc.crypt_blowfish_rounds') |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
115 |
if rounds < CRYPT_BLF_ROUNDS_MIN: |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
116 |
rounds = CRYPT_BLF_ROUNDS_MIN |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
117 |
elif rounds > CRYPT_BLF_ROUNDS_MAX: |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
118 |
rounds = CRYPT_BLF_ROUNDS_MAX |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
119 |
return '$%s$%02d$%s' % (CRYPT_ID_BLF, rounds, |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
120 |
_get_salt(CRYPT_BLF_SALT_LEN)) |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
121 |
|
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
122 |
|
291
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
123 |
def _get_crypt_sha2_salt(crypt_id): |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
124 |
"""Generates a salt for crypt using the SHA-256 or SHA-512 encryption |
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
125 |
method. |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
126 |
*crypt_id* must be either `5` (SHA-256) or `6` (SHA-512). |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
127 |
""" |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
128 |
assert crypt_id in (CRYPT_ID_SHA256, CRYPT_ID_SHA512), 'invalid crypt ' \ |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
129 |
'id: %r' % crypt_id |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
130 |
if crypt_id is CRYPT_ID_SHA512: |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
131 |
rounds = cfg_dget('misc.crypt_sha512_rounds') |
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
132 |
else: |
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
133 |
rounds = cfg_dget('misc.crypt_sha256_rounds') |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
134 |
if rounds < CRYPT_SHA2_ROUNDS_MIN: |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
135 |
rounds = CRYPT_SHA2_ROUNDS_MIN |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
136 |
elif rounds > CRYPT_SHA2_ROUNDS_MAX: |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
137 |
rounds = CRYPT_SHA2_ROUNDS_MAX |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
138 |
if rounds == CRYPT_SHA2_ROUNDS_DEFAULT: |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
139 |
return '$%d$%s' % (crypt_id, _get_salt(CRYPT_SHA2_SALT_LEN)) |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
140 |
return '$%d$rounds=%d$%s' % (crypt_id, rounds, |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
141 |
_get_salt(CRYPT_SHA2_SALT_LEN)) |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
142 |
|
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
143 |
|
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
144 |
def _crypt_hash(password, scheme, encoding): |
291
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
145 |
"""Generates (encoded) CRYPT/MD5/{BLF,MD5,SHA{256,512}}-CRYPT hashes.""" |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
146 |
if scheme == 'CRYPT': |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
147 |
salt = _get_salt(CRYPT_SALT_LEN) |
291
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
148 |
elif scheme == 'BLF-CRYPT': |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
149 |
salt = _get_crypt_blowfish_salt() |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
150 |
elif scheme in ('MD5-CRYPT', 'MD5'): |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
151 |
salt = '$%d$%s' % (CRYPT_ID_MD5, _get_salt(CRYPT_MD5_SALT_LEN)) |
291
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
152 |
elif scheme == 'SHA256-CRYPT': |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
153 |
salt = _get_crypt_sha2_salt(CRYPT_ID_SHA256) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
154 |
else: |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
155 |
salt = _get_crypt_sha2_salt(CRYPT_ID_SHA512) |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
156 |
encrypted = crypt(password.decode(ENCODING), salt) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
157 |
if encoding: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
158 |
if encoding == 'HEX': |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
159 |
encrypted = b2a_hex(encrypted.encode()).decode() |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
160 |
else: |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
161 |
encrypted = b64encode(encrypted.encode()).decode() |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
162 |
return _format_digest(encrypted, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
163 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
164 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
165 |
def _md4_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
166 |
"""Generates encoded PLAIN-MD4 hashes.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
167 |
md4 = _md4_new() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
168 |
if md4: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
169 |
md4.update(password) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
170 |
if encoding in DEFAULT_HEX: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
171 |
digest = md4.hexdigest() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
172 |
else: |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
173 |
digest = b64encode(md4.digest()).decode() |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
174 |
return _format_digest(digest, scheme, encoding) |
722
e37f60b0e3b5
VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents:
711
diff
changeset
|
175 |
return _doveadmpw(password, scheme, encoding) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
176 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
177 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
178 |
def _md5_hash(password, scheme, encoding, user=None): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
179 |
"""Generates DIGEST-MD5 aka PLAIN-MD5 and LDAP-MD5 hashes.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
180 |
md5 = hashlib.md5() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
181 |
if scheme == 'DIGEST-MD5': |
691
932cd76bf879
VMM: Dropped support for Dovecot versions before v1.2.0.
Pascal Volk <user@localhost.localdomain.org>
parents:
676
diff
changeset
|
182 |
md5.update(user.localpart.encode() + b':' + |
932cd76bf879
VMM: Dropped support for Dovecot versions before v1.2.0.
Pascal Volk <user@localhost.localdomain.org>
parents:
676
diff
changeset
|
183 |
user.domainname.encode() + b':') |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
184 |
md5.update(password) |
290
e2785e04f92e
VMM/…: re-indented long queries and error messages.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
289
diff
changeset
|
185 |
if (scheme in ('PLAIN-MD5', 'DIGEST-MD5') and encoding in DEFAULT_HEX) or \ |
e2785e04f92e
VMM/…: re-indented long queries and error messages.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
289
diff
changeset
|
186 |
(scheme == 'LDAP-MD5' and encoding == 'HEX'): |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
187 |
digest = md5.hexdigest() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
188 |
else: |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
189 |
digest = b64encode(md5.digest()).decode() |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
190 |
return _format_digest(digest, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
191 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
192 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
193 |
def _ntlm_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
194 |
"""Generates NTLM hashes.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
195 |
md4 = _md4_new() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
196 |
if md4: |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
197 |
password = b''.join(bytes(x) |
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
198 |
for x in zip(password, bytes(len(password)))) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
199 |
md4.update(password) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
200 |
if encoding in DEFAULT_HEX: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
201 |
digest = md4.hexdigest() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
202 |
else: |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
203 |
digest = b64encode(md4.digest()).decode() |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
204 |
return _format_digest(digest, scheme, encoding) |
722
e37f60b0e3b5
VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents:
711
diff
changeset
|
205 |
return _doveadmpw(password, scheme, encoding) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
206 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
207 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
208 |
def _sha1_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
209 |
"""Generates SHA1 aka SHA hashes.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
210 |
sha1 = hashlib.sha1(password) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
211 |
if encoding in DEFAULT_B64: |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
212 |
digest = b64encode(sha1.digest()).decode() |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
213 |
else: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
214 |
digest = sha1.hexdigest() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
215 |
return _format_digest(digest, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
216 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
217 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
218 |
def _sha256_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
219 |
"""Generates SHA256 hashes.""" |
636
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
220 |
sha256 = hashlib.sha256(password) |
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
221 |
if encoding in DEFAULT_B64: |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
222 |
digest = b64encode(sha256.digest()).decode() |
636
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
223 |
else: |
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
224 |
digest = sha256.hexdigest() |
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
225 |
return _format_digest(digest, scheme, encoding) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
226 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
227 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
228 |
def _sha512_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
229 |
"""Generates SHA512 hashes.""" |
636
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
230 |
sha512 = hashlib.sha512(password) |
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
231 |
if encoding in DEFAULT_B64: |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
232 |
digest = b64encode(sha512.digest()).decode() |
636
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
233 |
else: |
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
234 |
digest = sha512.hexdigest() |
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
235 |
return _format_digest(digest, scheme, encoding) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
236 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
237 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
238 |
def _smd5_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
239 |
"""Generates SMD5 (salted PLAIN-MD5) hashes.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
240 |
md5 = hashlib.md5(password) |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
241 |
salt = _get_salt(SALTED_ALGO_SALT_LEN).encode() |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
242 |
md5.update(salt) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
243 |
if encoding in DEFAULT_B64: |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
244 |
digest = b64encode(md5.digest() + salt).decode() |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
245 |
else: |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
246 |
digest = md5.hexdigest() + b2a_hex(salt).decode() |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
247 |
return _format_digest(digest, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
248 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
249 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
250 |
def _ssha1_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
251 |
"""Generates SSHA (salted SHA/SHA1) hashes.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
252 |
sha1 = hashlib.sha1(password) |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
253 |
salt = _get_salt(SALTED_ALGO_SALT_LEN).encode() |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
254 |
sha1.update(salt) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
255 |
if encoding in DEFAULT_B64: |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
256 |
digest = b64encode(sha1.digest() + salt).decode() |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
257 |
else: |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
258 |
digest = sha1.hexdigest() + b2a_hex(salt).decode() |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
259 |
return _format_digest(digest, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
260 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
261 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
262 |
def _ssha256_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
263 |
"""Generates SSHA256 (salted SHA256) hashes.""" |
636
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
264 |
sha256 = hashlib.sha256(password) |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
265 |
salt = _get_salt(SALTED_ALGO_SALT_LEN).encode() |
636
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
266 |
sha256.update(salt) |
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
267 |
if encoding in DEFAULT_B64: |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
268 |
digest = b64encode(sha256.digest() + salt).decode() |
636
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
269 |
else: |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
270 |
digest = sha256.hexdigest() + b2a_hex(salt).decode() |
636
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
271 |
return _format_digest(digest, scheme, encoding) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
272 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
273 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
274 |
def _ssha512_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
275 |
"""Generates SSHA512 (salted SHA512) hashes.""" |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
276 |
salt = _get_salt(SALTED_ALGO_SALT_LEN).encode() |
636
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
277 |
sha512 = hashlib.sha512(password + salt) |
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
278 |
if encoding in DEFAULT_B64: |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
279 |
digest = b64encode(sha512.digest() + salt).decode() |
636
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
280 |
else: |
651
6937cb38db71
VMM/password: Post-2to3 fixes.
Pascal Volk <user@localhost.localdomain.org>
parents:
643
diff
changeset
|
281 |
digest = sha512.hexdigest() + b2a_hex(salt).decode() |
636
27334cfc0c90
VMM/pycompat: Removed module hashlib.
Pascal Volk <user@localhost.localdomain.org>
parents:
633
diff
changeset
|
282 |
return _format_digest(digest, scheme, encoding) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
283 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
284 |
_scheme_info = { |
664
b5cc967a45ad
VMM/password: Added scheme CLEAR.
Pascal Volk <user@localhost.localdomain.org>
parents:
655
diff
changeset
|
285 |
'CLEAR': (_clear_hash, 0x2010df00), |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
286 |
'CLEARTEXT': (_clear_hash, 0x10000f00), |
722
e37f60b0e3b5
VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents:
711
diff
changeset
|
287 |
'CRAM-MD5': (_doveadmpw, 0x10000f00), |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
288 |
'CRYPT': (_crypt_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
289 |
'DIGEST-MD5': (_md5_hash, 0x10000f00), |
722
e37f60b0e3b5
VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents:
711
diff
changeset
|
290 |
'HMAC-MD5': (_doveadmpw, 0x10000f00), |
e37f60b0e3b5
VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents:
711
diff
changeset
|
291 |
'LANMAN': (_doveadmpw, 0x10000f00), |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
292 |
'LDAP-MD5': (_md5_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
293 |
'MD5': (_crypt_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
294 |
'MD5-CRYPT': (_crypt_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
295 |
'NTLM': (_ntlm_hash, 0x10000f00), |
722
e37f60b0e3b5
VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents:
711
diff
changeset
|
296 |
'OTP': (_doveadmpw, 0x10100a01), |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
297 |
'PLAIN': (_clear_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
298 |
'PLAIN-MD4': (_md4_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
299 |
'PLAIN-MD5': (_md5_hash, 0x10000f00), |
722
e37f60b0e3b5
VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents:
711
diff
changeset
|
300 |
'RPA': (_doveadmpw, 0x10000f00), |
e37f60b0e3b5
VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents:
711
diff
changeset
|
301 |
'SCRAM-SHA-1': (_doveadmpw, 0x20200a01), |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
302 |
'SHA': (_sha1_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
303 |
'SHA1': (_sha1_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
304 |
'SHA256': (_sha256_hash, 0x10100a01), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
305 |
'SHA512': (_sha512_hash, 0x20000b03), |
722
e37f60b0e3b5
VMM/password: Renamed _dovecotpw() -> _doveadmpw()
Pascal Volk <user@localhost.localdomain.org>
parents:
711
diff
changeset
|
306 |
'SKEY': (_doveadmpw, 0x10100a01), |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
307 |
'SMD5': (_smd5_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
308 |
'SSHA': (_ssha1_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
309 |
'SSHA256': (_ssha256_hash, 0x10200a04), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
310 |
'SSHA512': (_ssha512_hash, 0x20000b03), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
311 |
} |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
312 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
313 |
|
731
77561c118f42
VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents:
725
diff
changeset
|
314 |
def extract_scheme(password_hash): |
77561c118f42
VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents:
725
diff
changeset
|
315 |
"""Returns the extracted password scheme from *password_hash*. |
77561c118f42
VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents:
725
diff
changeset
|
316 |
|
77561c118f42
VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents:
725
diff
changeset
|
317 |
If the scheme couldn't be extracted, **None** will be returned. |
77561c118f42
VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents:
725
diff
changeset
|
318 |
""" |
77561c118f42
VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents:
725
diff
changeset
|
319 |
scheme = re.match(r'^\{([^\}]{3,37})\}', password_hash) |
77561c118f42
VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents:
725
diff
changeset
|
320 |
if scheme: |
77561c118f42
VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents:
725
diff
changeset
|
321 |
return scheme.groups()[0] |
77561c118f42
VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents:
725
diff
changeset
|
322 |
return scheme |
77561c118f42
VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents:
725
diff
changeset
|
323 |
|
77561c118f42
VMM/password: Added function extract_scheme().
Pascal Volk <user@localhost.localdomain.org>
parents:
725
diff
changeset
|
324 |
|
461
cabdf94ec580
VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
417
diff
changeset
|
325 |
def list_schemes(): |
cabdf94ec580
VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
417
diff
changeset
|
326 |
"""Returns the tuple (schemes, encodings). |
cabdf94ec580
VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
417
diff
changeset
|
327 |
|
cabdf94ec580
VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
417
diff
changeset
|
328 |
`schemes` is an iterator for all supported password schemes (depends on |
cabdf94ec580
VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
417
diff
changeset
|
329 |
the used Dovecot version and features of the libc). |
691
932cd76bf879
VMM: Dropped support for Dovecot versions before v1.2.0.
Pascal Volk <user@localhost.localdomain.org>
parents:
676
diff
changeset
|
330 |
`encodings` is a tuple with all usable encoding suffixes. |
461
cabdf94ec580
VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
417
diff
changeset
|
331 |
""" |
cabdf94ec580
VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
417
diff
changeset
|
332 |
dcv = cfg_dget('misc.dovecot_version') |
643
df1e3b67882a
Ran 2to3 from Python 3.2.3.
Pascal Volk <user@localhost.localdomain.org>
parents:
638
diff
changeset
|
333 |
schemes = (k for (k, v) in _scheme_info.items() if v[1] <= dcv) |
691
932cd76bf879
VMM: Dropped support for Dovecot versions before v1.2.0.
Pascal Volk <user@localhost.localdomain.org>
parents:
676
diff
changeset
|
334 |
encodings = ('.B64', '.BASE64', '.HEX') |
461
cabdf94ec580
VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
417
diff
changeset
|
335 |
return schemes, encodings |
cabdf94ec580
VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
417
diff
changeset
|
336 |
|
cabdf94ec580
VMM/password: Added function list_schemes().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
417
diff
changeset
|
337 |
|
287
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
338 |
def verify_scheme(scheme): |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
339 |
"""Checks if the password scheme *scheme* is known and supported by the |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
340 |
configured `misc.dovecot_version`. |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
341 |
|
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
342 |
The *scheme* maybe a password scheme's name (e.g.: 'PLAIN') or a scheme |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
343 |
name with a encoding suffix (e.g. 'PLAIN.BASE64'). If the scheme is |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
344 |
known and supported by the used Dovecot version, |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
345 |
a tuple ``(scheme, encoding)`` will be returned. |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
346 |
The `encoding` in the tuple may be `None`. |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
347 |
|
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
348 |
Raises a `VMMError` if the password scheme: |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
349 |
* is unknown |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
350 |
* depends on a newer Dovecot version |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
351 |
* has a unknown encoding suffix |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
352 |
""" |
655
2bf68600e914
VMM/password: Code cleanups:
Pascal Volk <user@localhost.localdomain.org>
parents:
651
diff
changeset
|
353 |
assert isinstance(scheme, str), 'Not a str: {!r}'.format(scheme) |
287
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
354 |
scheme_encoding = scheme.upper().split('.') |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
355 |
scheme = scheme_encoding[0] |
291
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
356 |
if scheme not in _scheme_info: |
643
df1e3b67882a
Ran 2to3 from Python 3.2.3.
Pascal Volk <user@localhost.localdomain.org>
parents:
638
diff
changeset
|
357 |
raise VMMError(_("Unsupported password scheme: '%s'") % scheme, |
287
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
358 |
VMM_ERROR) |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
359 |
if cfg_dget('misc.dovecot_version') < _scheme_info[scheme][1]: |
643
df1e3b67882a
Ran 2to3 from Python 3.2.3.
Pascal Volk <user@localhost.localdomain.org>
parents:
638
diff
changeset
|
360 |
raise VMMError(_("The password scheme '%(scheme)s' requires Dovecot " |
df1e3b67882a
Ran 2to3 from Python 3.2.3.
Pascal Volk <user@localhost.localdomain.org>
parents:
638
diff
changeset
|
361 |
">= v%(version)s.") % {'scheme': scheme, |
290
e2785e04f92e
VMM/…: re-indented long queries and error messages.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
289
diff
changeset
|
362 |
'version': version_str(_scheme_info[scheme][1])}, |
287
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
363 |
VMM_ERROR) |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
364 |
if len(scheme_encoding) > 1: |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
365 |
if scheme_encoding[1] not in ('B64', 'BASE64', 'HEX'): |
643
df1e3b67882a
Ran 2to3 from Python 3.2.3.
Pascal Volk <user@localhost.localdomain.org>
parents:
638
diff
changeset
|
366 |
raise VMMError(_("Unsupported password encoding: '%s'") % |
287
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
367 |
scheme_encoding[1], VMM_ERROR) |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
368 |
encoding = scheme_encoding[1] |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
369 |
else: |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
370 |
encoding = None |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
371 |
return scheme, encoding |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
372 |
|
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
373 |
|
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
374 |
def pwhash(password, scheme=None, user=None): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
375 |
"""Generates a password hash from the plain text *password* string. |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
376 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
377 |
If no *scheme* is given the password scheme from the configuration will |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
378 |
be used for the hash generation. When 'DIGEST-MD5' is used as scheme, |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
379 |
also an EmailAddress instance must be given as *user* argument. |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
380 |
""" |
643
df1e3b67882a
Ran 2to3 from Python 3.2.3.
Pascal Volk <user@localhost.localdomain.org>
parents:
638
diff
changeset
|
381 |
if not isinstance(password, str): |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
382 |
raise TypeError('Password is not a string: %r' % password) |
655
2bf68600e914
VMM/password: Code cleanups:
Pascal Volk <user@localhost.localdomain.org>
parents:
651
diff
changeset
|
383 |
password = password.encode(ENCODING).strip() |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
384 |
if not password: |
417
8209da83e256
VMM: Updated some messages. (doesn't, isn't) -> (does not, is not)
Pascal Volk <neverseen@users.sourceforge.net>
parents:
366
diff
changeset
|
385 |
raise ValueError("Could not accept empty password.") |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
386 |
if scheme is None: |
272
446483386914
VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
268
diff
changeset
|
387 |
scheme = cfg_dget('misc.password_scheme') |
287
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
388 |
scheme, encoding = verify_scheme(scheme) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
389 |
if scheme == 'DIGEST-MD5': |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
390 |
assert isinstance(user, EmailAddress) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
391 |
return _md5_hash(password, scheme, encoding, user) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
392 |
return _scheme_info[scheme][0](password, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
393 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
394 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
395 |
def randompw(): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
396 |
"""Generates a plain text random password. |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
397 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
398 |
The length of the password can be configured in the ``vmm.cfg`` |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
399 |
(account.password_length). |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
400 |
""" |
272
446483386914
VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
268
diff
changeset
|
401 |
pw_len = cfg_dget('account.password_length') |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
402 |
if pw_len < 8: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
403 |
pw_len = 8 |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
404 |
return ''.join(_sys_rand.sample(PASSWDCHARS, pw_len)) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
405 |
|
291
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
406 |
|
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
407 |
def _test_crypt_algorithms(): |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
408 |
"""Check for Blowfish/SHA-256/SHA-512 support in crypt.crypt().""" |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
409 |
_blowfish = '$2a$04$0123456789abcdefABCDE.N.drYX5yIAL1LkTaaZotW3yI0hQhZru' |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
410 |
_sha256 = '$5$rounds=1000$0123456789abcdef$K/DksR0DT01hGc8g/kt9McEgrbFMKi\ |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
411 |
9qrb1jehe7hn4' |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
412 |
_sha512 = '$6$rounds=1000$0123456789abcdef$ZIAd5WqfyLkpvsVCVUU1GrvqaZTqvh\ |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
413 |
JoouxdSqJO71l9Ld3tVrfOatEjarhghvEYADkq//LpDnTeO90tcbtHR1' |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
414 |
|
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
415 |
if crypt('08/15!test~4711', '$2a$04$0123456789abcdefABCDEF$') == _blowfish: |
725
300b76de5ad0
VMM/password: Dropped Dovecot v1 compatibility code.
Pascal Volk <user@localhost.localdomain.org>
parents:
722
diff
changeset
|
416 |
_scheme_info['BLF-CRYPT'] = (_crypt_hash, 0x20000b06) |
291
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
417 |
if crypt('08/15!test~4711', '$5$rounds=1000$0123456789abcdef$') == _sha256: |
725
300b76de5ad0
VMM/password: Dropped Dovecot v1 compatibility code.
Pascal Volk <user@localhost.localdomain.org>
parents:
722
diff
changeset
|
418 |
_scheme_info['SHA256-CRYPT'] = (_crypt_hash, 0x20000b06) |
291
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
419 |
if crypt('08/15!test~4711', '$6$rounds=1000$0123456789abcdef$') == _sha512: |
725
300b76de5ad0
VMM/password: Dropped Dovecot v1 compatibility code.
Pascal Volk <user@localhost.localdomain.org>
parents:
722
diff
changeset
|
420 |
_scheme_info['SHA512-CRYPT'] = (_crypt_hash, 0x20000b06) |
291
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
421 |
|
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
422 |
_test_crypt_algorithms() |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
423 |
del _, cfg_dget, _test_crypt_algorithms |