o 5 h2@sXdZddlmZmZddlmZmZmZmZddl Z e e Z ddl Z ddlmZddlmZmZddlmZmZmZddlmZddlmmZgd ZGd d d ejZGd d d ej ej!ej"Z#GdddeZ$GdddeZ%Gddde#Z&Gddde#Z'Gddde#Z(Gddde#Z)GdddeZ*ddeDZ+ddZ,e,dS) z.passlib.handlers.digests - plain hash digests ) b64encode b64decode)md5sha1sha256sha512N) plaintext)unix_crypt_schemes to_unicode) uascii_to_strunicodeu) classproperty)ldap_plaintextldap_md5 ldap_sha1ldap_salted_md5ldap_salted_sha1ldap_salted_sha256ldap_salted_sha512ldap_des_cryptldap_bsdi_cryptldap_md5_cryptldap_sha1_crypt ldap_bcryptldap_sha256_cryptldap_sha512_cryptc@s6eZdZdZdZdZdZejZ e ddZ ddZ dS)_Base64DigestHelperzhelper for ldap_md5 / ldap_sha1NcCs|jS)z/tell StaticHandler to strip ident from checksum)identclsr!q/var/www/html/construction_image-detection-poc/venv/lib/python3.10/site-packages/passlib/handlers/ldap_digests.py _hash_prefix2sz _Base64DigestHelper._hash_prefixcCs0t|tr |d}||}t|dS)Nutf-8ascii) isinstancer encode _hash_funcdigestrdecode)selfsecretchkr!r!r"_calc_checksum7s  z"_Base64DigestHelper._calc_checksum) __name__ __module__ __qualname____doc__rr( _hash_regexuhPADDED_BASE64_CHARSchecksum_charsrr#r.r!r!r!r"r)s  rc@sVeZdZdZdZejZdZdZ dZ dZ Z dZ dZ dZ eddZdd Zd d ZdS) _SaltedBase64DigestHelperz-helper for ldap_salted_md5 / ldap_salted_sha1)salt salt_sizeNcCst|dd}|j|}|stj|z t|dd}Wn t y-tj |w|j }|s5J||d|||ddS)Nr%hashtmp)checksumr8) r r3matchr4excInvalidHashErrorrgroupr' TypeErrorMalformedHashError checksum_size)r r<mdatacsr!r!r" from_stringNs     z%_SaltedBase64DigestHelper.from_stringcCs(|j|j}|jt|d}t|S)Nr%)r>r8rrr*r )r+rGr<r!r!r" to_string\s z#_SaltedBase64DigestHelper.to_stringcCs(t|tr |d}|||jS)Nr$)r&r r'r(r8r))r+r,r!r!r"r.as  z(_SaltedBase64DigestHelper._calc_checksum)r/r0r1r2 setting_kwdsr4r5r6rr(r3 min_salt_size max_salt_sizedefault_salt_size classmethodrIrJr.r!r!r!r"r7=s  r7c@.eZdZdZdZedZeZe edZ dS)rzThis class stores passwords using LDAP's plain MD5 format, and follows the :ref:`password-hash-api`. The :meth:`~passlib.ifc.PasswordHash.hash` and :meth:`~passlib.ifc.PasswordHash.genconfig` methods have no optional keywords. z{MD5}z%^\{MD5\}(?P[+/a-zA-Z0-9]{22}==)$N) r/r0r1r2namer rrr(recompiler3r!r!r!r"ri rc@rP)rzThis class stores passwords using LDAP's plain SHA1 format, and follows the :ref:`password-hash-api`. The :meth:`~passlib.ifc.PasswordHash.hash` and :meth:`~passlib.ifc.PasswordHash.genconfig` methods have no optional keywords. z{SHA}z$^\{SHA\}(?P[+/a-zA-Z0-9]{27}=)$N) r/r0r1r2rQr rrr(rRrSr3r!r!r!r"rsrTrc@2eZdZdZdZedZdZeZ e edZ dS)raThis class stores passwords using LDAP's salted MD5 format, and follows the :ref:`password-hash-api`. It supports a 4-16 byte salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string. :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. Defaults to 4 bytes for compatibility with the LDAP spec, but some systems use larger salts, and Passlib supports any value between 4-16. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 .. versionchanged:: 1.6 This format now supports variable length salts, instead of a fix 4 bytes. z{SMD5}r;z+^\{SMD5\}(?P[+/a-zA-Z0-9]{27,}={0,2})$N) r/r0r1r2rQr rrErr(rRrSr3r!r!r!r"r}s rc@rU)ra This class stores passwords using LDAP's "Salted SHA1" format, and follows the :ref:`password-hash-api`. It supports a 4-16 byte salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string. :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. Defaults to 4 bytes for compatibility with the LDAP spec, but some systems use larger salts, and Passlib supports any value between 4-16. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 .. versionchanged:: 1.6 This format now supports variable length salts, instead of a fix 4 bytes. z{SSHA}z+^\{SSHA\}(?P[+/a-zA-Z0-9]{32,}={0,2})$N) r/r0r1r2rQr rrErr(rRrSr3r!r!r!r"rs"rc@6eZdZdZdZedZdZdZe Z e edZ dS)raC This class stores passwords using LDAP's "Salted SHA2-256" format, and follows the :ref:`password-hash-api`. It supports a 4-16 byte salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string. :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. Defaults to 8 bytes for compatibility with the LDAP spec, but Passlib supports any value between 4-16. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.7.3 z {SSHA256} z.^\{SSHA256\}(?P[+/a-zA-Z0-9]{48,}={0,2})$N)r/r0r1r2rQr rrErNrr(rRrSr3r!r!r!r"rrc@rW)raC This class stores passwords using LDAP's "Salted SHA2-512" format, and follows the :ref:`password-hash-api`. It supports a 4-16 byte salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string. :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. Defaults to 8 bytes for compatibility with the LDAP spec, but Passlib supports any value between 4-16. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.7.3 z {SSHA512}@rYz.^\{SSHA512\}(?P[+/a-zA-Z0-9]{91,}={0,2})$N)r/r0r1r2rQr rrErNrr(rRrSr3r!r!r!r"rrZrc@sHeZdZdZdZeedZe j ddde ddZ e dd Z d S) raYThis class stores passwords in plaintext, and follows the :ref:`password-hash-api`. This class acts much like the generic :class:`!passlib.hash.plaintext` handler, except that it will identify a hash only if it does NOT begin with the ``{XXX}`` identifier prefix used by RFC2307 passwords. The :meth:`~passlib.ifc.PasswordHash.hash`, :meth:`~passlib.ifc.PasswordHash.genhash`, and :meth:`~passlib.ifc.PasswordHash.verify` methods all require the following additional contextual keyword: :type encoding: str :param encoding: This controls the character encoding to use (defaults to ``utf-8``). This encoding will be used to encode :class:`!unicode` passwords under Python 2, and decode :class:`!bytes` hashes under Python 3. .. versionchanged:: 1.6 The ``encoding`` keyword was added. z ^\{\w+\}.*$z1.7z2.0) deprecatedremovedcCsdS)N!r!rr!r!r" genconfig:szldap_plaintext.genconfigcCs"t|}t|o|j|duS)N)r4to_unicode_for_identifybool _2307_patr?)r r<r!r!r"identifyAs zldap_plaintext.identifyN)r/r0r1r2rQrRrSr rbr4deprecated_methodrOr_rcr!r!r!r"r s  rcCsg|]}d|qS)ldap_r!).0rQr!r!r" LsrgcCs8t}tD]}d|}tj||tddd||<q~dS)Nrez{CRYPT}T)prefixlazy)globalsr r4 PrefixWrapperr )gwnamerQr!r!r"_init_ldap_crypt_handlersNs rn)-r2base64rrhashlibrrrrlogging getLoggerr/logrRpasslib.handlers.miscr passlib.utilsr r passlib.utils.compatr r r passlib.utils.decorrpasslib.utils.handlersutilshandlersr4__all__ StaticHandlerr HasRawSaltHasRawChecksumGenericHandlerr7rrrrrrrldap_crypt_schemesrnr!r!r!r"s.  ,  ',((,