diff options
| author | Eli Collins <elic@assurancetechnologies.com> | 2011-03-23 12:17:21 -0400 |
|---|---|---|
| committer | Eli Collins <elic@assurancetechnologies.com> | 2011-03-23 12:17:21 -0400 |
| commit | da3ef25603c88ef0979a37dd2a55c3a95c4fef79 (patch) | |
| tree | 1858a675fa188d7fa5b75307e0418b0bbc5362a3 | |
| parent | 75d476686d15e08efa2686d51efe6c5d511504cb (diff) | |
| download | passlib-da3ef25603c88ef0979a37dd2a55c3a95c4fef79.tar.gz | |
ldap_plaintext: replaces ldap_cleartext, has proper behavior (using slappasswd as reference)
| -rw-r--r-- | docs/lib/passlib.hash.ldap_digests.rst | 12 | ||||
| -rw-r--r-- | passlib/handlers/ldap_digests.py | 14 | ||||
| -rw-r--r-- | passlib/registry.py | 2 | ||||
| -rw-r--r-- | passlib/tests/test_drivers.py | 7 |
4 files changed, 18 insertions, 17 deletions
diff --git a/docs/lib/passlib.hash.ldap_digests.rst b/docs/lib/passlib.hash.ldap_digests.rst index a0730b7..103129e 100644 --- a/docs/lib/passlib.hash.ldap_digests.rst +++ b/docs/lib/passlib.hash.ldap_digests.rst @@ -6,9 +6,9 @@ PassLib provides support for a most of the hashes used by LDAP, as stored in the :rfc:`2307` format. -This includes ``{MD5}``, ``{SMD5}``, ``{SHA}``, ``{SSHA}``, and ``{CLEARTEXT}``. -Many of these schemes (in particular ``{CLEARTEXT}``, ``{MD5}``, and ``{SHA}``) -are very insecure, and should not be used except when required. +This includes ``{MD5}``, ``{SMD5}``, ``{SHA}``, ``{SSHA}``. +Many of these schemes are somewhat to very insecure, +and should not be used except when required. .. note:: @@ -43,7 +43,7 @@ Interface .. autoclass:: ldap_salted_md5() .. autoclass:: ldap_sha1() .. autoclass:: ldap_salted_sha1() -.. autoclass:: ldap_cleartext() +.. autoclass:: ldap_plaintext() .. rst-class:: html-toggle @@ -89,10 +89,6 @@ ldap_salted_sha1 After decoding, this results in a raw salt string ``lS\x93I``, and a raw SHA1 checksum of ``\xa4\xaa\xa46\xbdm\xab|-B\xa9>Q\xc3\xf2\x03q\xe7\x03c``. -ldap_cleartext - - This hash has the format :samp:`{{CLEARTEXT}}{password}`. - References ========== diff --git a/passlib/handlers/ldap_digests.py b/passlib/handlers/ldap_digests.py index 7942f3f..4c20960 100644 --- a/passlib/handlers/ldap_digests.py +++ b/passlib/handlers/ldap_digests.py @@ -145,20 +145,24 @@ class ldap_salted_sha1(_SaltedBase64DigestHelper): _pat = re.compile(r"^\{SSHA\}(?P<tmp>[+/a-zA-Z0-9]{32})$") _default_chk = '\x00' * 20 -class ldap_cleartext(SimpleHandler): +class ldap_plaintext(SimpleHandler): """This class stores passwords in plaintext, and follows the :ref:`password-hash-api`. + This class acts much like the generic :class:`!passlib.hash.plaintext` handler, + except that it will identify a hash only if it does NOT begin with the ``{XXX}`` identifier prefix + used by RFC2307 passwords. + Unicode passwords will be encoded using utf-8. """ - name = "ldap_cleartext" + name = "ldap_plaintext" setting_kwds = () context_kwds = () - _pat = re.compile(r"^\{CLEARTEXT\}(?P<pwd>.*)$") + _2307_pat = re.compile(r"^\{[a-zA-Z0-9-]+\}.*$") @classmethod def identify(cls, hash): - return bool(hash and cls._pat.match(hash)) + return bool(hash and not cls._2307_pat.match(hash)) @classmethod def genhash(cls, secret, hash): @@ -168,7 +172,7 @@ class ldap_cleartext(SimpleHandler): raise TypeError, "secret must be string" if isinstance(secret, unicode): secret = secret.encode("utf-8") - return "{CLEARTEXT}" + secret + return secret @classmethod def verify(cls, secret, hash): diff --git a/passlib/registry.py b/passlib/registry.py index 24e6031..2d4f5b3 100644 --- a/passlib/registry.py +++ b/passlib/registry.py @@ -84,7 +84,7 @@ _handler_locations = { "hex_sha1": ("passlib.handlers.digests", "hex_sha1"), "hex_sha256": ("passlib.handlers.digests", "hex_sha256"), "hex_sha512": ("passlib.handlers.digests", "hex_sha512"), - "ldap_cleartext": ("passlib.handlers.ldap_digests","ldap_cleartext"), + "ldap_plaintext": ("passlib.handlers.ldap_digests","ldap_plaintext"), "ldap_md5": ("passlib.handlers.ldap_digests","ldap_md5"), "ldap_sha1": ("passlib.handlers.ldap_digests","ldap_sha1"), "ldap_salted_md5": ("passlib.handlers.ldap_digests","ldap_salted_md5"), diff --git a/passlib/tests/test_drivers.py b/passlib/tests/test_drivers.py index 957c53b..32e3823 100644 --- a/passlib/tests/test_drivers.py +++ b/passlib/tests/test_drivers.py @@ -243,9 +243,10 @@ class LdapSaltedSha1Test(HandlerCase): ("secret", "{SSHA}0H+zTv8o4MR4H43n03eCsvw1luG8LdB7"), ] -class LdapClearTextTest(HandlerCase): - handler = ldap_digests.ldap_cleartext - known_correct_hashes = [ ("password", '{CLEARTEXT}password') ] +class LdapPlaintextTest(HandlerCase): + handler = ldap_digests.ldap_plaintext + known_correct_hashes = [ ("password", 'password') ] + known_unidentified_hashes = [ "{MD5}fooey" ] # helloworld -> '{CRYPT}dQ58WW.1980Ig' |