1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
"""passlib.hash.nthash - unix-crypt compatible nthash passwords"""
#=========================================================
#imports
#=========================================================
#core
import re
import logging; log = logging.getLogger(__name__)
from warnings import warn
#site
#libs
from passlib.base import register_crypt_handler
from passlib.utils.md4 import md4
from passlib.utils import autodocument
from passlib.utils.handlers import ExtHandler
#pkg
#local
__all__ = [
"NTHash",
]
#=========================================================
#backend
#=========================================================
def raw_nthash(secret, hex=False):
"encode password using md4-based NTHASH algorithm; returns string of raw bytes"
hash = md4(secret.encode("utf-16le"))
return hash.hexdigest() if hex else hash.digest()
#=========================================================
#handler
#=========================================================
class NTHash(ExtHandler):
#=========================================================
#class attrs
#=========================================================
name = "nthash"
setting_kwds = ("ident",)
#=========================================================
#init
#=========================================================
_extra_init_settings = ("ident",)
@classmethod
def norm_ident(cls, value, strict=False):
if value is None:
if strict:
raise ValueError, "no ident specified"
return "3"
if value not in ("3", "NT"):
raise ValueError, "invalid ident"
return value
#=========================================================
#formatting
#=========================================================
@classmethod
def identify(cls, hash):
return bool(hash) and (hash.startswith("$3$") or hash.startswith("$NT$"))
_pat = re.compile(r"""
^
\$(?P<ident>3\$\$|NT\$)
(?P<chk>[a-f0-9]{32})
$
""", re.X)
@classmethod
def from_string(cls, hash):
if not hash:
raise ValueError, "no hash specified"
m = cls._pat.match(hash)
if not m:
raise ValueError, "invalid nthash"
ident, chk = m.group("ident", "chk")
return cls(ident=ident.strip("$"), checksum=chk, strict=True)
def to_string(self):
ident = self.ident
if ident == "3":
return "$3$$" + self.checksum
else:
assert ident == "NT"
return "$NT$" + self.checksum
#=========================================================
#primary interface
#=========================================================
_stub_checksum = "0" * 32
@classmethod
def genconfig(cls, ident=None):
return cls(ident=ident, checksum=self._stub_checksum).to_string()
def calc_checksum(self, secret):
if secret is None:
raise TypeError, "secret must be a string"
return raw_nthash(secret, hex=True)
#=========================================================
#eoc
#=========================================================
autodocument(NTHash, settings_doc="""
:param ident:
This handler supports two different :ref:`modular-crypt-format` identifiers.
It defaults to ``3``, but users may specify the alternate ``NT`` identifier
which is used in some contexts.
""")
register_crypt_handler(NTHash)
#=========================================================
#eof
#=========================================================
|