From 219e0d050e37686ca89513fc6d567b0f88327173 Mon Sep 17 00:00:00 2001 From: chove Date: Fri, 28 Apr 2006 02:09:45 +0200 Subject: [PATCH] en fait c'est comme on veut, insensible la casse, mme si beaucoup prfrent des majuscules. pour mettre tout le monde content, on est completement insensible la casse darcs-hash:20060428000945-4ec08-5e9d3af39d4ce4ca82d6361b26e3daf2ed2811db.gz --- gestion/ldap_passwd.py | 58 +++++++++++++++++------------------------- 1 file changed, 24 insertions(+), 34 deletions(-) diff --git a/gestion/ldap_passwd.py b/gestion/ldap_passwd.py index 00b5919b..df73050d 100644 --- a/gestion/ldap_passwd.py +++ b/gestion/ldap_passwd.py @@ -1,7 +1,7 @@ # -*- coding: iso8859-15 -*- ############################################################################### # ldap_passwd.py : manipulation des mots de passes LDAP -# $Id: ldap_passwd.py,v 1.2 2006-04-28 00:01:09 chove Exp $ +# $Id: ldap_passwd.py,v 1.3 2006-04-28 00:09:45 chove Exp $ ############################################################################### # The authors of this code are # Bjorn Ove Grotan @@ -57,6 +57,19 @@ try: except: smb = False +algos={} +algos = { + 'ssha':'Seeded SHA', + 'sha':'Secure Hash Algorithm', + 'md5':'MD5', + 'smd5':'Seeded MD5', + 'crypt':'standard unix crypt' +} +if smb: + algos['lmpassword'] = 'lan man hash' + algos['ntpassword'] = 'nt hash' + + def getsalt(chars=string.letters+string.digits, length=16): ''' Generate a random salt. Default length is 16 ''' salt = '' @@ -69,38 +82,26 @@ def mkpasswd(pwd, sambaver=3, algo='SSHA', salt=getsalt()): crypt-algorihtms. This module was written for use with LDAP - so default is seeded sha ''' - - alg = { - 'SSHA':'Seeded SHA', - 'SHA':'Secure Hash Algorithm', - 'MD5':'MD5', - 'SMD5':'Seeded MD5', - 'crypt':'standard unix crypt' - } - - if smb: - alg['LMPassword'] = 'lan man hash' - alg['NTPassword'] = 'nt hash' - if algo not in alg.keys(): + if algo not in algos.keys(): raise TypeError, 'Algorithm <%s> not supported in this version.' % algo - if algo == 'SSHA': + if algo == 'ssha': pwdhash = "{SSHA}" + base64.encodestring(sha.new(str(pwd) + salt).digest() + salt) - elif algo =='SHA': + elif algo =='sha': pwdhash = "{SHA}" + base64.encodestring(sha.new(str(pwd)).digest()) - elif algo =='MD5': + elif algo =='md5': pwdhash = "{MD5}" + base64.encodestring(md5.new(str(pwd)).digest()) - elif algo == 'SMD5': + elif algo == 'smd5': pwdhash = "{SMD5}" + base64.encodestring(md5.new(str(pwd) + salt).digest() + salt) elif algo =='crypt': - pwdhash = "{crypt}" + crypt.crypt(str(pwd),getsalt(length=2)) # crypt only uses a salt of length 2 - elif algo == 'LMPassword': + pwdhash = "{CRYPT}" + crypt.crypt(str(pwd),getsalt(length=2)) # crypt only uses a salt of length 2 + elif algo == 'lmpassword': if sambaver==3: pwdhash = "{sambaLMPassword}" + smbpasswd.lmhash(pwd) elif sambaver==2: pwdhash = "{lmPassword}" + smbpasswd.lmhash(pwd) - elif algo == 'NTPassword': + elif algo == 'ntpassword': if sambaver == 3: pwdhash = "{sambaNTPassword}" + smbpasswd.lmhash(pwd) elif sambaver == 2: @@ -110,19 +111,8 @@ def mkpasswd(pwd, sambaver=3, algo='SSHA', salt=getsalt()): def checkpwd(pwd, pwdhash): ''' Check if the password matches the hash ''' - alg = { - 'SSHA':'Seeded SHA', - 'SHA':'Secure Hash Algorithm', - 'MD5':'MD5', - 'SMD5':'Seeded MD5', - 'crypt':'standard unix crypt' - } - - if smb: - alg['LMPassword'] = 'lan man hash' - alg['NTPassword'] = 'nt hash' - algo = pwdhash[1:].split('}')[0] + algo = algo.lower() if algo.startswith('samba'): sambaver = 3 @@ -130,7 +120,7 @@ def checkpwd(pwd, pwdhash): else: sambaver = 2 - if not algo in alg.keys(): + if not algo in algos.keys(): raise TypeError, 'Algorithm <%s> not supported in this version.' % algo if alg[algo].startswith('Seeded '):