1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
"""passlib.apps"""
#=========================================================
#imports
#=========================================================
#core
import logging; log = logging.getLogger(__name__)
from itertools import chain
#site
#libs
from passlib import hash
from passlib.context import LazyCryptContext
from passlib.utils import sys_bits
#pkg
#local
__all__ = [
'custom_app_context',
'django_context',
'ldap_context', 'ldap_nocrypt_context',
'mysql_context', 'mysql4_context', 'mysql3_context',
'phpass_context',
'phpbb3_context',
'postgres_context',
]
#=========================================================
#for quickly bootstrapping new custom applications
#=========================================================
custom_app_context = LazyCryptContext(
#choose some reasonbly strong schemes
schemes=["sha512_crypt", "sha256_crypt"],
# TODO: enable passprep for default policy? would definitely be a good
# idea for most applications; but want passprep to get a release or
# two worth of deployment & feedback before turning it on here.
## all__passprep = "saslprep,raw",
#set some useful global options
all__vary_rounds = "10%",
default="sha256_crypt" if sys_bits < 64 else "sha512_crypt",
#set a good starting point for rounds selection
sha512_crypt__default_rounds = 40000,
sha256_crypt__default_rounds = 40000,
#if the admin user category is selected, make a much stronger hash,
admin__sha512_crypt__default_rounds = 80000,
admin__sha256_crypt__default_rounds = 80000,
)
#=========================================================
#django
#=========================================================
# XXX: should this be integrated with passlib.ext.django,
# so that it's policy changes to reflect what the extension has set?
# in that case we might need a default_django_context as well.
django_context = LazyCryptContext(
schemes=[
"django_salted_sha1", "django_salted_md5", "django_des_crypt",
"hex_md5", "django_disabled",
],
default="django_salted_sha1",
deprecated=["hex_md5"],
)
#=========================================================
#ldap
#=========================================================
std_ldap_schemes = ["ldap_salted_sha1", "ldap_salted_md5",
"ldap_sha1", "ldap_md5",
"ldap_plaintext" ]
#create context with all std ldap schemes EXCEPT crypt
ldap_nocrypt_context = LazyCryptContext(std_ldap_schemes)
#create context with all possible std ldap + ldap crypt schemes
def _iter_ldap_crypt_schemes():
from passlib.utils import unix_crypt_schemes
return ('ldap_' + name for name in unix_crypt_schemes)
def _iter_ldap_schemes():
"helper which iterates over supported std ldap schemes"
return chain(std_ldap_schemes, _iter_ldap_crypt_schemes())
ldap_context = LazyCryptContext(_iter_ldap_schemes())
###create context with all std ldap schemes + crypt schemes for localhost
##def _iter_host_ldap_schemes():
## "helper which iterates over supported std ldap schemes"
## from passlib.handlers.ldap_digests import get_host_ldap_crypt_schemes
## return chain(std_ldap_schemes, get_host_ldap_crypt_schemes())
##ldap_host_context = LazyCryptContext(_iter_host_ldap_schemes())
#=========================================================
#mysql
#=========================================================
mysql3_context = LazyCryptContext(["mysql323"])
mysql4_context = LazyCryptContext(["mysql41", "mysql323"], deprecated="mysql323")
mysql_context = mysql4_context #tracks latest mysql version supported
#=========================================================
#postgres
#=========================================================
postgres_context = LazyCryptContext(["postgres_md5"])
#=========================================================
#phpass & variants
#=========================================================
def _create_phpass_policy(**kwds):
"helper to choose default alg based on bcrypt availability"
kwds['default'] = 'bcrypt' if hash.bcrypt.has_backend() else 'phpass'
return kwds
phpass_context = LazyCryptContext(
schemes=["bcrypt", "phpass", "bsdi_crypt"],
onload=_create_phpass_policy,
)
phpbb3_context = LazyCryptContext(["phpass"], phpass__ident="H")
#TODO: support the drupal phpass variants (see phpass homepage)
#=========================================================
#roundup
#=========================================================
_std_roundup_schemes = [ "ldap_hex_sha1", "ldap_hex_md5", "ldap_des_crypt", "roundup_plaintext" ]
roundup10_context = LazyCryptContext(_std_roundup_schemes)
#NOTE: 'roundup15' really applies to roundup 1.4.17+
roundup_context = roundup15_context = LazyCryptContext(
schemes=_std_roundup_schemes + [ "ldap_pbkdf2_sha1" ],
deprecated=_std_roundup_schemes,
default = "ldap_pbkdf2_sha1",
ldap_pbkdf2_sha1__default_rounds = 10000,
)
#=========================================================
# eof
#=========================================================
|
