author | Pascal Volk <neverseen@users.sourceforge.net> |
Tue, 20 Jul 2010 18:40:16 +0000 | |
branch | v0.6.x |
changeset 300 | efa001edc349 |
parent 292 | 619dadc0fd25 |
child 316 | 31d8931dc535 |
permissions | -rw-r--r-- |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
1 |
# -*- coding: UTF-8 -*- |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
2 |
# Copyright (c) 2010, Pascal Volk |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
3 |
# See COPYING for distribution information. |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
4 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
5 |
""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
6 |
VirtualMailManager.password |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
7 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
8 |
VirtualMailManager's password module to generate password hashes from |
287
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
9 |
passwords or random passwords. This module provides following |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
10 |
functions: |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
11 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
12 |
hashed_password = pwhash(password[, scheme][, user]) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
13 |
random_password = randompw() |
287
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
14 |
scheme, encoding = verify_scheme(scheme) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
15 |
""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
16 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
17 |
from crypt import crypt |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
18 |
from random import SystemRandom |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
19 |
from subprocess import Popen, PIPE |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
20 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
21 |
try: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
22 |
import hashlib |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
23 |
except ImportError: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
24 |
from VirtualMailManager.pycompat import hashlib |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
25 |
|
272
446483386914
VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
268
diff
changeset
|
26 |
from VirtualMailManager import ENCODING |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
27 |
from VirtualMailManager.EmailAddress import EmailAddress |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
28 |
from VirtualMailManager.common import get_unicode, version_str |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
29 |
from VirtualMailManager.constants.ERROR import VMM_ERROR |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
30 |
from VirtualMailManager.errors import VMMError |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
31 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
32 |
COMPAT = hasattr(hashlib, 'compat') |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
33 |
SALTCHARS = './0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
34 |
PASSWDCHARS = '._-+#*23456789abcdefghikmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ' |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
35 |
DEFAULT_B64 = (None, 'B64', 'BASE64') |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
36 |
DEFAULT_HEX = (None, 'HEX') |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
37 |
CRYPT_ID_MD5 = 1 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
38 |
CRYPT_ID_BLF = '2a' |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
39 |
CRYPT_ID_SHA256 = 5 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
40 |
CRYPT_ID_SHA512 = 6 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
41 |
CRYPT_SALT_LEN = 2 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
42 |
CRYPT_BLF_ROUNDS_MIN = 4 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
43 |
CRYPT_BLF_ROUNDS_MAX = 31 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
44 |
CRYPT_BLF_SALT_LEN = 22 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
45 |
CRYPT_MD5_SALT_LEN = 8 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
46 |
CRYPT_SHA2_ROUNDS_DEFAULT = 5000 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
47 |
CRYPT_SHA2_ROUNDS_MIN = 1000 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
48 |
CRYPT_SHA2_ROUNDS_MAX = 999999999 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
49 |
CRYPT_SHA2_SALT_LEN = 16 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
50 |
SALTED_ALGO_SALT_LEN = 4 |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
51 |
|
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
52 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
53 |
_ = lambda msg: msg |
272
446483386914
VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
268
diff
changeset
|
54 |
cfg_dget = lambda option: None |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
55 |
_sys_rand = SystemRandom() |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
56 |
_choice = _sys_rand.choice |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
57 |
_get_salt = lambda s_len: ''.join(_choice(SALTCHARS) for x in xrange(s_len)) |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
58 |
|
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
59 |
|
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
60 |
def _dovecotpw(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
61 |
"""Communicates with dovecotpw (Dovecot 2.0: `doveadm pw`) and returns |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
62 |
the hashed password: {scheme[.encoding]}hash |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
63 |
""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
64 |
if encoding: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
65 |
scheme = '.'.join((scheme, encoding)) |
272
446483386914
VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
268
diff
changeset
|
66 |
cmd_args = [cfg_dget('bin.dovecotpw'), '-s', scheme, '-p', |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
67 |
get_unicode(password)] |
272
446483386914
VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
268
diff
changeset
|
68 |
if cfg_dget('misc.dovecot_version') >= 0x20000a01: |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
69 |
cmd_args.insert(1, 'pw') |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
70 |
process = Popen(cmd_args, stdout=PIPE, stderr=PIPE) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
71 |
stdout, stderr = process.communicate() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
72 |
if process.returncode: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
73 |
raise VMMError(stderr.strip(), VMM_ERROR) |
274
45ec5c3cfef4
VMM/password: added small output check on _dovecotpw().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
272
diff
changeset
|
74 |
hashed = stdout.strip() |
45ec5c3cfef4
VMM/password: added small output check on _dovecotpw().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
272
diff
changeset
|
75 |
if not hashed.startswith('{%s}' % scheme): |
45ec5c3cfef4
VMM/password: added small output check on _dovecotpw().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
272
diff
changeset
|
76 |
raise VMMError('Unexpected result from %s: %s' % |
45ec5c3cfef4
VMM/password: added small output check on _dovecotpw().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
272
diff
changeset
|
77 |
(cfg_dget('bin.dovecotpw'), hashed), VMM_ERROR) |
45ec5c3cfef4
VMM/password: added small output check on _dovecotpw().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
272
diff
changeset
|
78 |
return hashed |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
79 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
80 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
81 |
def _md4_new(): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
82 |
"""Returns an new MD4-hash object if supported by the hashlib or |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
83 |
provided by PyCrypto - other `None`. |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
84 |
""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
85 |
try: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
86 |
return hashlib.new('md4') |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
87 |
except ValueError, err: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
88 |
if str(err) == 'unsupported hash type': |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
89 |
if not COMPAT: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
90 |
try: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
91 |
from Crypto.Hash import MD4 |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
92 |
return MD4.new() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
93 |
except ImportError: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
94 |
return None |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
95 |
else: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
96 |
raise |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
97 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
98 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
99 |
def _sha256_new(data=''): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
100 |
"""Returns a new sha256 object from the hashlib. |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
101 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
102 |
Returns `None` if the PyCrypto in pycompat.hashlib is too old.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
103 |
if not COMPAT: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
104 |
return hashlib.sha256(data) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
105 |
try: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
106 |
return hashlib.new('sha256', data) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
107 |
except ValueError, err: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
108 |
if str(err) == 'unsupported hash type': |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
109 |
return None |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
110 |
else: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
111 |
raise |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
112 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
113 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
114 |
def _format_digest(digest, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
115 |
"""Formats the arguments to a string: {scheme[.encoding]}digest.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
116 |
if not encoding: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
117 |
return '{%s}%s' % (scheme, digest) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
118 |
return '{%s.%s}%s' % (scheme, encoding, digest) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
119 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
120 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
121 |
def _clear_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
122 |
"""Generates a (encoded) CLEARTEXT/PLAIN 'hash'.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
123 |
if encoding: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
124 |
if encoding == 'HEX': |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
125 |
password = password.encode('hex') |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
126 |
else: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
127 |
password = password.encode('base64').replace('\n', '') |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
128 |
return _format_digest(password, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
129 |
return get_unicode('{%s}%s' % (scheme, password)) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
130 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
131 |
|
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
132 |
def _get_crypt_blowfish_salt(): |
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
133 |
"""Generates a salt for Blowfish crypt.""" |
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
134 |
rounds = cfg_dget('misc.crypt_blowfish_rounds') |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
135 |
if rounds < CRYPT_BLF_ROUNDS_MIN: |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
136 |
rounds = CRYPT_BLF_ROUNDS_MIN |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
137 |
elif rounds > CRYPT_BLF_ROUNDS_MAX: |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
138 |
rounds = CRYPT_BLF_ROUNDS_MAX |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
139 |
return '$%s$%02d$%s' % (CRYPT_ID_BLF, rounds, |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
140 |
_get_salt(CRYPT_BLF_SALT_LEN)) |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
141 |
|
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
142 |
|
291
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
143 |
def _get_crypt_sha2_salt(crypt_id): |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
144 |
"""Generates a salt for crypt using the SHA-256 or SHA-512 encryption |
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
145 |
method. |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
146 |
*crypt_id* must be either `5` (SHA-256) or `6` (SHA-512). |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
147 |
""" |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
148 |
assert crypt_id in (CRYPT_ID_SHA256, CRYPT_ID_SHA512), 'invalid crypt ' \ |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
149 |
'id: %r' % crypt_id |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
150 |
if crypt_id is CRYPT_ID_SHA512: |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
151 |
rounds = cfg_dget('misc.crypt_sha512_rounds') |
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
152 |
else: |
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
153 |
rounds = cfg_dget('misc.crypt_sha256_rounds') |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
154 |
if rounds < CRYPT_SHA2_ROUNDS_MIN: |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
155 |
rounds = CRYPT_SHA2_ROUNDS_MIN |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
156 |
elif rounds > CRYPT_SHA2_ROUNDS_MAX: |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
157 |
rounds = CRYPT_SHA2_ROUNDS_MAX |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
158 |
if rounds == CRYPT_SHA2_ROUNDS_DEFAULT: |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
159 |
return '$%d$%s' % (crypt_id, _get_salt(CRYPT_SHA2_SALT_LEN)) |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
160 |
return '$%d$rounds=%d$%s' % (crypt_id, rounds, |
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
161 |
_get_salt(CRYPT_SHA2_SALT_LEN)) |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
162 |
|
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
163 |
|
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
164 |
def _crypt_hash(password, scheme, encoding): |
291
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
165 |
"""Generates (encoded) CRYPT/MD5/{BLF,MD5,SHA{256,512}}-CRYPT hashes.""" |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
166 |
if scheme == 'CRYPT': |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
167 |
salt = _get_salt(CRYPT_SALT_LEN) |
291
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
168 |
elif scheme == 'BLF-CRYPT': |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
169 |
salt = _get_crypt_blowfish_salt() |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
170 |
elif scheme in ('MD5-CRYPT', 'MD5'): |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
171 |
salt = '$%d$%s' % (CRYPT_ID_MD5, _get_salt(CRYPT_MD5_SALT_LEN)) |
291
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
172 |
elif scheme == 'SHA256-CRYPT': |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
173 |
salt = _get_crypt_sha2_salt(CRYPT_ID_SHA256) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
174 |
else: |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
175 |
salt = _get_crypt_sha2_salt(CRYPT_ID_SHA512) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
176 |
encrypted = crypt(password, salt) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
177 |
if encoding: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
178 |
if encoding == 'HEX': |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
179 |
encrypted = encrypted.encode('hex') |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
180 |
else: |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
181 |
encrypted = encrypted.encode('base64').replace('\n', '') |
291
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
182 |
if scheme in ('BLF-CRYPT', 'SHA256-CRYPT', 'SHA512-CRYPT') and \ |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
183 |
cfg_dget('misc.dovecot_version') < 0x20000b06: |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
184 |
scheme = 'CRYPT' |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
185 |
return _format_digest(encrypted, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
186 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
187 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
188 |
def _md4_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
189 |
"""Generates encoded PLAIN-MD4 hashes.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
190 |
md4 = _md4_new() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
191 |
if md4: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
192 |
md4.update(password) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
193 |
if encoding in DEFAULT_HEX: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
194 |
digest = md4.hexdigest() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
195 |
else: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
196 |
digest = md4.digest().encode('base64').rstrip() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
197 |
return _format_digest(digest, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
198 |
return _dovecotpw(password, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
199 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
200 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
201 |
def _md5_hash(password, scheme, encoding, user=None): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
202 |
"""Generates DIGEST-MD5 aka PLAIN-MD5 and LDAP-MD5 hashes.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
203 |
md5 = hashlib.md5() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
204 |
if scheme == 'DIGEST-MD5': |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
205 |
# Prior to Dovecot v1.1.12/v1.2.beta2 there was a problem with a |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
206 |
# empty auth_realms setting in dovecot.conf and user@domain.tld |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
207 |
# usernames. So we have to generate different hashes for different |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
208 |
# versions. See also: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
209 |
# http://dovecot.org/list/dovecot-news/2009-March/000103.html |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
210 |
# http://hg.dovecot.org/dovecot-1.1/rev/2b0043ba89ae |
272
446483386914
VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
268
diff
changeset
|
211 |
if cfg_dget('misc.dovecot_version') >= 0x1010cf00: |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
212 |
md5.update('%s:%s:' % (user.localpart, user.domainname)) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
213 |
else: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
214 |
md5.update('%s::' % user) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
215 |
md5.update(password) |
290
e2785e04f92e
VMM/…: re-indented long queries and error messages.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
289
diff
changeset
|
216 |
if (scheme in ('PLAIN-MD5', 'DIGEST-MD5') and encoding in DEFAULT_HEX) or \ |
e2785e04f92e
VMM/…: re-indented long queries and error messages.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
289
diff
changeset
|
217 |
(scheme == 'LDAP-MD5' and encoding == 'HEX'): |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
218 |
digest = md5.hexdigest() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
219 |
else: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
220 |
digest = md5.digest().encode('base64').rstrip() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
221 |
return _format_digest(digest, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
222 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
223 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
224 |
def _ntlm_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
225 |
"""Generates NTLM hashes.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
226 |
md4 = _md4_new() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
227 |
if md4: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
228 |
password = ''.join('%s\x00' % c for c in password) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
229 |
md4.update(password) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
230 |
if encoding in DEFAULT_HEX: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
231 |
digest = md4.hexdigest() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
232 |
else: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
233 |
digest = md4.digest().encode('base64').rstrip() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
234 |
return _format_digest(digest, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
235 |
return _dovecotpw(password, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
236 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
237 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
238 |
def _sha1_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
239 |
"""Generates SHA1 aka SHA hashes.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
240 |
sha1 = hashlib.sha1(password) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
241 |
if encoding in DEFAULT_B64: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
242 |
digest = sha1.digest().encode('base64').rstrip() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
243 |
else: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
244 |
digest = sha1.hexdigest() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
245 |
return _format_digest(digest, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
246 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
247 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
248 |
def _sha256_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
249 |
"""Generates SHA256 hashes.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
250 |
sha256 = _sha256_new(password) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
251 |
if sha256: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
252 |
if encoding in DEFAULT_B64: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
253 |
digest = sha256.digest().encode('base64').rstrip() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
254 |
else: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
255 |
digest = sha256.hexdigest() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
256 |
return _format_digest(digest, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
257 |
return _dovecotpw(password, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
258 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
259 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
260 |
def _sha512_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
261 |
"""Generates SHA512 hashes.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
262 |
if not COMPAT: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
263 |
sha512 = hashlib.sha512(password) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
264 |
if encoding in DEFAULT_B64: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
265 |
digest = sha512.digest().encode('base64').replace('\n', '') |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
266 |
else: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
267 |
digest = sha512.hexdigest() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
268 |
return _format_digest(digest, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
269 |
return _dovecotpw(password, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
270 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
271 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
272 |
def _smd5_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
273 |
"""Generates SMD5 (salted PLAIN-MD5) hashes.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
274 |
md5 = hashlib.md5(password) |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
275 |
salt = _get_salt(SALTED_ALGO_SALT_LEN) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
276 |
md5.update(salt) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
277 |
if encoding in DEFAULT_B64: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
278 |
digest = (md5.digest() + salt).encode('base64').rstrip() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
279 |
else: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
280 |
digest = md5.hexdigest() + salt.encode('hex') |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
281 |
return _format_digest(digest, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
282 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
283 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
284 |
def _ssha1_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
285 |
"""Generates SSHA (salted SHA/SHA1) hashes.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
286 |
sha1 = hashlib.sha1(password) |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
287 |
salt = _get_salt(SALTED_ALGO_SALT_LEN) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
288 |
sha1.update(salt) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
289 |
if encoding in DEFAULT_B64: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
290 |
digest = (sha1.digest() + salt).encode('base64').rstrip() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
291 |
else: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
292 |
digest = sha1.hexdigest() + salt.encode('hex') |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
293 |
return _format_digest(digest, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
294 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
295 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
296 |
def _ssha256_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
297 |
"""Generates SSHA256 (salted SHA256) hashes.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
298 |
sha256 = _sha256_new(password) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
299 |
if sha256: |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
300 |
salt = _get_salt(SALTED_ALGO_SALT_LEN) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
301 |
sha256.update(salt) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
302 |
if encoding in DEFAULT_B64: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
303 |
digest = (sha256.digest() + salt).encode('base64').rstrip() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
304 |
else: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
305 |
digest = sha256.hexdigest() + salt.encode('hex') |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
306 |
return _format_digest(digest, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
307 |
return _dovecotpw(password, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
308 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
309 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
310 |
def _ssha512_hash(password, scheme, encoding): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
311 |
"""Generates SSHA512 (salted SHA512) hashes.""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
312 |
if not COMPAT: |
292
619dadc0fd25
VMM/password: added some CRYPT_* constants.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
291
diff
changeset
|
313 |
salt = _get_salt(SALTED_ALGO_SALT_LEN) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
314 |
sha512 = hashlib.sha512(password + salt) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
315 |
if encoding in DEFAULT_B64: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
316 |
digest = (sha512.digest() + salt).encode('base64').replace('\n', |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
317 |
'') |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
318 |
else: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
319 |
digest = sha512.hexdigest() + salt.encode('hex') |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
320 |
return _format_digest(digest, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
321 |
return _dovecotpw(password, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
322 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
323 |
_scheme_info = { |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
324 |
'CLEARTEXT': (_clear_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
325 |
'CRAM-MD5': (_dovecotpw, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
326 |
'CRYPT': (_crypt_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
327 |
'DIGEST-MD5': (_md5_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
328 |
'HMAC-MD5': (_dovecotpw, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
329 |
'LANMAN': (_dovecotpw, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
330 |
'LDAP-MD5': (_md5_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
331 |
'MD5': (_crypt_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
332 |
'MD5-CRYPT': (_crypt_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
333 |
'NTLM': (_ntlm_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
334 |
'OTP': (_dovecotpw, 0x10100a01), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
335 |
'PLAIN': (_clear_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
336 |
'PLAIN-MD4': (_md4_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
337 |
'PLAIN-MD5': (_md5_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
338 |
'RPA': (_dovecotpw, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
339 |
'SHA': (_sha1_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
340 |
'SHA1': (_sha1_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
341 |
'SHA256': (_sha256_hash, 0x10100a01), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
342 |
'SHA512': (_sha512_hash, 0x20000b03), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
343 |
'SKEY': (_dovecotpw, 0x10100a01), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
344 |
'SMD5': (_smd5_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
345 |
'SSHA': (_ssha1_hash, 0x10000f00), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
346 |
'SSHA256': (_ssha256_hash, 0x10200a04), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
347 |
'SSHA512': (_ssha512_hash, 0x20000b03), |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
348 |
} |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
349 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
350 |
|
287
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
351 |
def verify_scheme(scheme): |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
352 |
"""Checks if the password scheme *scheme* is known and supported by the |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
353 |
configured `misc.dovecot_version`. |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
354 |
|
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
355 |
The *scheme* maybe a password scheme's name (e.g.: 'PLAIN') or a scheme |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
356 |
name with a encoding suffix (e.g. 'PLAIN.BASE64'). If the scheme is |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
357 |
known and supported by the used Dovecot version, |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
358 |
a tuple ``(scheme, encoding)`` will be returned. |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
359 |
The `encoding` in the tuple may be `None`. |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
360 |
|
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
361 |
Raises a `VMMError` if the password scheme: |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
362 |
* is unknown |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
363 |
* depends on a newer Dovecot version |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
364 |
* has a unknown encoding suffix |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
365 |
""" |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
366 |
assert isinstance(scheme, basestring), 'Not a str/unicode: %r' % scheme |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
367 |
scheme_encoding = scheme.upper().split('.') |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
368 |
scheme = scheme_encoding[0] |
291
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
369 |
if scheme not in _scheme_info: |
287
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
370 |
raise VMMError(_(u"Unsupported password scheme: '%s'") % scheme, |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
371 |
VMM_ERROR) |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
372 |
if cfg_dget('misc.dovecot_version') < _scheme_info[scheme][1]: |
290
e2785e04f92e
VMM/…: re-indented long queries and error messages.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
289
diff
changeset
|
373 |
raise VMMError(_(u"The password scheme '%(scheme)s' requires Dovecot " |
e2785e04f92e
VMM/…: re-indented long queries and error messages.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
289
diff
changeset
|
374 |
u">= v%(version)s") % {'scheme': scheme, |
e2785e04f92e
VMM/…: re-indented long queries and error messages.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
289
diff
changeset
|
375 |
'version': version_str(_scheme_info[scheme][1])}, |
287
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
376 |
VMM_ERROR) |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
377 |
if len(scheme_encoding) > 1: |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
378 |
if cfg_dget('misc.dovecot_version') < 0x10100a01: |
290
e2785e04f92e
VMM/…: re-indented long queries and error messages.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
289
diff
changeset
|
379 |
raise VMMError(_(u'Encoding suffixes for password schemes require ' |
e2785e04f92e
VMM/…: re-indented long queries and error messages.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
289
diff
changeset
|
380 |
u'Dovecot >= v1.1.alpha1'), VMM_ERROR) |
287
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
381 |
if scheme_encoding[1] not in ('B64', 'BASE64', 'HEX'): |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
382 |
raise VMMError(_(u"Unsupported password encoding: '%s'") % |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
383 |
scheme_encoding[1], VMM_ERROR) |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
384 |
encoding = scheme_encoding[1] |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
385 |
else: |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
386 |
encoding = None |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
387 |
return scheme, encoding |
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
388 |
|
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
389 |
|
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
390 |
def pwhash(password, scheme=None, user=None): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
391 |
"""Generates a password hash from the plain text *password* string. |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
392 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
393 |
If no *scheme* is given the password scheme from the configuration will |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
394 |
be used for the hash generation. When 'DIGEST-MD5' is used as scheme, |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
395 |
also an EmailAddress instance must be given as *user* argument. |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
396 |
""" |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
397 |
if not isinstance(password, basestring): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
398 |
raise TypeError('Password is not a string: %r' % password) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
399 |
if isinstance(password, unicode): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
400 |
password = password.encode(ENCODING) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
401 |
password = password.strip() |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
402 |
if not password: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
403 |
raise ValueError("Couldn't accept empty password.") |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
404 |
if scheme is None: |
272
446483386914
VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
268
diff
changeset
|
405 |
scheme = cfg_dget('misc.password_scheme') |
287
1e77dd639fa3
VMM/password: moved the 'scheme check' code from pwhash() to the
Pascal Volk <neverseen@users.sourceforge.net>
parents:
284
diff
changeset
|
406 |
scheme, encoding = verify_scheme(scheme) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
407 |
if scheme == 'DIGEST-MD5': |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
408 |
assert isinstance(user, EmailAddress) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
409 |
return _md5_hash(password, scheme, encoding, user) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
410 |
return _scheme_info[scheme][0](password, scheme, encoding) |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
411 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
412 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
413 |
def randompw(): |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
414 |
"""Generates a plain text random password. |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
415 |
|
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
416 |
The length of the password can be configured in the ``vmm.cfg`` |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
417 |
(account.password_length). |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
418 |
""" |
272
446483386914
VMM/Config: Added method Config.install() -> global cfg_dget().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
268
diff
changeset
|
419 |
pw_len = cfg_dget('account.password_length') |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
420 |
if pw_len < 8: |
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
421 |
pw_len = 8 |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
422 |
return ''.join(_sys_rand.sample(PASSWDCHARS, pw_len)) |
268
beb8f4421f92
VMM: added new modules password and pycompat.hashlib.
Pascal Volk <neverseen@users.sourceforge.net>
parents:
diff
changeset
|
423 |
|
291
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
424 |
|
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
425 |
def _test_crypt_algorithms(): |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
426 |
"""Check for Blowfish/SHA-256/SHA-512 support in crypt.crypt().""" |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
427 |
_blowfish = '$2a$04$0123456789abcdefABCDE.N.drYX5yIAL1LkTaaZotW3yI0hQhZru' |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
428 |
_sha256 = '$5$rounds=1000$0123456789abcdef$K/DksR0DT01hGc8g/kt9McEgrbFMKi\ |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
429 |
9qrb1jehe7hn4' |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
430 |
_sha512 = '$6$rounds=1000$0123456789abcdef$ZIAd5WqfyLkpvsVCVUU1GrvqaZTqvh\ |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
431 |
JoouxdSqJO71l9Ld3tVrfOatEjarhghvEYADkq//LpDnTeO90tcbtHR1' |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
432 |
|
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
433 |
if crypt('08/15!test~4711', '$2a$04$0123456789abcdefABCDEF$') == _blowfish: |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
434 |
_scheme_info['BLF-CRYPT'] = (_crypt_hash, 0x10000f00) |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
435 |
if crypt('08/15!test~4711', '$5$rounds=1000$0123456789abcdef$') == _sha256: |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
436 |
_scheme_info['SHA256-CRYPT'] = (_crypt_hash, 0x10000f00) |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
437 |
if crypt('08/15!test~4711', '$6$rounds=1000$0123456789abcdef$') == _sha512: |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
438 |
_scheme_info['SHA512-CRYPT'] = (_crypt_hash, 0x10000f00) |
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
439 |
|
7ef3f117a230
VMM/password: adapted Blowfish/SHA-256/SHA-512 crypt() to recent
Pascal Volk <neverseen@users.sourceforge.net>
parents:
290
diff
changeset
|
440 |
_test_crypt_algorithms() |
284
ec1966828246
VMM/password: Added support Blowfish/SHA-256/SHA-512 crypt().
Pascal Volk <neverseen@users.sourceforge.net>
parents:
274
diff
changeset
|
441 |
del _, cfg_dget, _test_crypt_algorithms |