pollutri
/
res_levis_API
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
1 Branch
203 MiB
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
res_levis_API/lib/python3.6/site-packages/passlib/handlers/oracle.py

173 lines
6.5 KiB
Raw Permalink Blame History 

  1. """passlib.handlers.oracle - Oracle DB Password Hashes"""

  2. #=============================================================================

  3. # imports

  4. #=============================================================================

  5. # core

  6. from binascii import hexlify, unhexlify

  7. from hashlib import sha1

  8. import re

  9. import logging; log = logging.getLogger(__name__)

  10. # site

  11. # pkg

  12. from passlib.utils import to_unicode, xor_bytes

  13. from passlib.utils.compat import irange, u, \

  14.                                  uascii_to_str, unicode, str_to_uascii

  15. from passlib.crypto.des import des_encrypt_block

  16. import passlib.utils.handlers as uh

  17. # local

  18. __all__ = [

  19.     "oracle10g",

  20.     "oracle11g"

  21. ]

  22. 

  23. #=============================================================================

  24. # oracle10

  25. #=============================================================================

  26. def des_cbc_encrypt(key, value, iv=b'\x00' * 8, pad=b'\x00'):

  27.     """performs des-cbc encryption, returns only last block.

  28. 

  29.     this performs a specific DES-CBC encryption implementation

  30.     as needed by the Oracle10 hash. it probably won't be useful for

  31.     other purposes as-is.

  32. 

  33.     input value is null-padded to multiple of 8 bytes.

  34. 

  35.     :arg key: des key as bytes

  36.     :arg value: value to encrypt, as bytes.

  37.     :param iv: optional IV

  38.     :param pad: optional pad byte

  39. 

  40.     :returns: last block of DES-CBC encryption of all ``value``'s byte blocks.

  41.     """

  42.     value += pad * (-len(value) % 8) # null pad to multiple of 8

  43.     hash = iv # start things off

  44.     for offset in irange(0,len(value),8):

  45.         chunk = xor_bytes(hash, value[offset:offset+8])

  46.         hash = des_encrypt_block(key, chunk)

  47.     return hash

  48. 

  49. # magic string used as initial des key by oracle10

  50. ORACLE10_MAGIC = b"\x01\x23\x45\x67\x89\xAB\xCD\xEF"

  51. 

  52. class oracle10(uh.HasUserContext, uh.StaticHandler):

  53.     """This class implements the password hash used by Oracle up to version 10g, and follows the :ref:`password-hash-api`.

  54. 

  55.     It does a single round of hashing, and relies on the username as the salt.

  56. 

  57.     The :meth:`~passlib.ifc.PasswordHash.hash`, :meth:`~passlib.ifc.PasswordHash.genhash`, and :meth:`~passlib.ifc.PasswordHash.verify` methods all require the

  58.     following additional contextual keywords:

  59. 

  60.     :type user: str

  61.     :param user: name of oracle user account this password is associated with.

  62.     """

  63.     #===================================================================

  64.     # algorithm information

  65.     #===================================================================

  66.     name = "oracle10"

  67.     checksum_chars = uh.HEX_CHARS

  68.     checksum_size = 16

  69. 

  70.     #===================================================================

  71.     # methods

  72.     #===================================================================

  73.     @classmethod

  74.     def _norm_hash(cls, hash):

  75.         return hash.upper()

  76. 

  77.     def _calc_checksum(self, secret):

  78.         # FIXME: not sure how oracle handles unicode.

  79.         #        online docs about 10g hash indicate it puts ascii chars

  80.         #        in a 2-byte encoding w/ the high byte set to null.

  81.         #        they don't say how it handles other chars, or what encoding.

  82.         #

  83.         #        so for now, encoding secret & user to utf-16-be,

  84.         #        since that fits, and if secret/user is bytes,

  85.         #        we assume utf-8, and decode first.

  86.         #

  87.         #        this whole mess really needs someone w/ an oracle system,

  88.         #        and some answers :)

  89.         if isinstance(secret, bytes):

  90.             secret = secret.decode("utf-8")

  91.         user = to_unicode(self.user, "utf-8", param="user")

  92.         input = (user+secret).upper().encode("utf-16-be")

  93.         hash = des_cbc_encrypt(ORACLE10_MAGIC, input)

  94.         hash = des_cbc_encrypt(hash, input)

  95.         return hexlify(hash).decode("ascii").upper()

  96. 

  97.     #===================================================================

  98.     # eoc

  99.     #===================================================================

  100. 

  101. #=============================================================================

  102. # oracle11

  103. #=============================================================================

  104. class oracle11(uh.HasSalt, uh.GenericHandler):

  105.     """This class implements the Oracle11g password hash, and follows the :ref:`password-hash-api`.

  106. 

  107.     It supports a fixed-length salt.

  108. 

  109.     The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords:

  110. 

  111.     :type salt: str

  112.     :param salt:

  113.         Optional salt string.

  114.         If not specified, one will be autogenerated (this is recommended).

  115.         If specified, it must be 20 hexadecimal characters.

  116. 

  117.     :type relaxed: bool

  118.     :param relaxed:

  119.         By default, providing an invalid value for one of the other

  120.         keywords will result in a :exc:`ValueError`. If ``relaxed=True``,

  121.         and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning`

  122.         will be issued instead. Correctable errors include

  123.         ``salt`` strings that are too long.

  124. 

  125.         .. versionadded:: 1.6

  126.     """

  127.     #===================================================================

  128.     # class attrs

  129.     #===================================================================

  130.     #--GenericHandler--

  131.     name = "oracle11"

  132.     setting_kwds = ("salt",)

  133.     checksum_size = 40

  134.     checksum_chars = uh.UPPER_HEX_CHARS

  135. 

  136.     #--HasSalt--

  137.     min_salt_size = max_salt_size = 20

  138.     salt_chars = uh.UPPER_HEX_CHARS

  139. 

  140. 

  141.     #===================================================================

  142.     # methods

  143.     #===================================================================

  144.     _hash_regex = re.compile(u("^S:(?P<chk>[0-9a-f]{40})(?P<salt>[0-9a-f]{20})$"), re.I)

  145. 

  146.     @classmethod

  147.     def from_string(cls, hash):

  148.         hash = to_unicode(hash, "ascii", "hash")

  149.         m = cls._hash_regex.match(hash)

  150.         if not m:

  151.             raise uh.exc.InvalidHashError(cls)

  152.         salt, chk = m.group("salt", "chk")

  153.         return cls(salt=salt, checksum=chk.upper())

  154. 

  155.     def to_string(self):

  156.         chk = self.checksum

  157.         hash = u("S:%s%s") % (chk.upper(), self.salt.upper())

  158.         return uascii_to_str(hash)

  159. 

  160.     def _calc_checksum(self, secret):

  161.         if isinstance(secret, unicode):

  162.             secret = secret.encode("utf-8")

  163.         chk = sha1(secret + unhexlify(self.salt.encode("ascii"))).hexdigest()

  164.         return str_to_uascii(chk).upper()

  165. 

  166.     #===================================================================

  167.     # eoc

  168.     #===================================================================

  169. 

  170. #=============================================================================

  171. # eof

  172. #=============================================================================