auto  ˆ¾Ã 0ÂÁ ˆ¾Ã 0ÂÁ9ˆl–ß=¿J*e¶¥8 Eq·n2ò˜´oÄ ƒh¹a–ß=¿J*e¶¥8 Eq·n2ò˜´oÃdisabled ˆ¿Å 0¾Ã ˆ¿Å 0¾Ã ˆ¿Å 0¾Ã ˆ¿Å 0¾Ã ˆ¿Å 0¾Ã#ˆl–äY>”*i?u¸ ¸ \”Å£Æ „ÿ¿Ä'}"""passlib.handlers.digests - plain hash digests """ #============================================================================= # imports #============================================================================= # core from base64 import b64encode, b64decode from hashlib import md5, sha1 import logging; log = logging.getLogger(__name__) import re # site # pkg from passlib.handlers.misc import plaintext from passlib.utils import unix_crypt_schemes, to_unicode from passlib.utils.compat import uascii_to_str, unicode, u from passlib.utils.decor import classproperty import passlib.utils.handlers as uh # local __all__ = [ "ldap_plaintext", "ldap_md5", "ldap_sha1", "ldap_salted_md5", "ldap_salted_sha1", ##"get_active_ldap_crypt_schemes", "ldap_des_crypt", "ldap_bsdi_crypt", "ldap_md5_crypt", "ldap_sha1_crypt" "ldap_bcrypt", "ldap_sha256_crypt", "ldap_sha512_crypt", ] #============================================================================= # ldap helpers #============================================================================= class _Base64DigestHelper(uh.StaticHandler): """helper for ldap_md5 / ldap_sha1""" # XXX: could combine this with hex digests in digests.py ident = None # required - prefix identifier _hash_func = None # required - hash function _hash_regex = None # required - regexp to recognize hash checksum_chars = uh.PADDED_BASE64_CHARS @classproperty def _hash_prefix(cls): """tell StaticHandler to strip ident from checksum""" return cls.ident def _calc_checksum(self, secret): if isinstance(secret, unicode): secret = secret.encode("utf-8") chk = self._hash_func(secret).digest() return b64encode(chk).decode("ascii") class _SaltedBase64DigestHelper(uh.HasRawSalt, uh.HasRawChecksum, uh.GenericHandler): """helper for ldap_salted_md5 / ldap_salted_sha1""" setting_kwds = ("salt", "salt_size") checksum_chars = uh.PADDED_BASE64_CHARS ident = None # required - prefix identifier _hash_func = None # required - hash function _hash_regex = None # required - regexp to recognize hash min_salt_size = max_salt_size = 4 # NOTE: openldap implementation uses 4 byte salt, # but it's been reported (issue 30) that some servers use larger salts. # the semi-related rfc3112 recommends support for up to 16 byte salts. min_salt_size = 4 default_salt_size = 4 max_salt_size = 16 @classmethod def from_string(cls, hash): hash = to_unicode(hash, "ascii", "hash") m = cls._hash_regex.match(hash) if not m: raise uh.exc.InvalidHashError(cls) try: data = b64decode(m.group("tmp").encode("ascii")) except TypeError: raise uh.exc.MalformedHashError(cls) cs = cls.checksum_size assert cs return cls(checksum=data[:cs], salt=data[cs:]) def to_string(self): data = self.checksum + self.salt hash = self.ident + b64encode(data).decode("ascii") return uascii_to_str(hash) def _calc_checksum(self, secret): if isinstance(secret, unicode): secret = secret.encode("utf-8") return self._hash_func(secret + self.salt).digest() #============================================================================= # implementations #============================================================================= class ldap_md5(_Base64DigestHelper): """This class stores passwords using LDAP's plain MD5 format, and follows the :ref:`password-hash-api`. The :meth:`~passlib.ifc.PasswordHash.hash` and :meth:`~passlib.ifc.PasswordHash.genconfig` methods have no optional keywords. """ name = "ldap_md5" ident = u("{MD5}") _has