view MoinMoin/support/passlib/apps.py @ 6111:1fdd537e9d83

SubProcess: reimplement exec_cmd subclassing Popen and overriding some methods isn't pretty. the code we have was written for py 2.4 or so and the py 2.7 Popen looked quite different. this way with the timer should be less problematic.
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 06 Sep 2016 04:39:28 +0200
parents 86a41c2bedec
children 7f0616feeae9
line wrap: on
line source
"""passlib.apps"""
#=============================================================================
# imports
#=============================================================================
# core
import logging; log = logging.getLogger(__name__)
from itertools import chain
# site
# pkg
from passlib import hash
from passlib.context import LazyCryptContext
from passlib.utils import sys_bits
# local
__all__ = [
    'custom_app_context',
    'django_context',
    'ldap_context', 'ldap_nocrypt_context',
    'mysql_context', 'mysql4_context', 'mysql3_context',
    'phpass_context',
    'phpbb3_context',
    'postgres_context',
]

#=============================================================================
# master containing all identifiable hashes
#=============================================================================
def _load_master_config():
    from passlib.registry import list_crypt_handlers

    # get master list
    schemes = list_crypt_handlers()

    # exclude the ones we know have ambiguous or greedy identify() methods.
    excluded = [
        # frequently confused for eachother
        'bigcrypt',
        'crypt16',

        # no good identifiers
        'cisco_pix',
        'cisco_type7',
        'htdigest',
        'mysql323',
        'oracle10',

        # all have same size
        'lmhash',
        'msdcc',
        'msdcc2',
        'nthash',

        # plaintext handlers
        'plaintext',
        'ldap_plaintext',

        # disabled handlers
        'django_disabled',
        'unix_disabled',
        'unix_fallback',
    ]
    for name in excluded:
        schemes.remove(name)

    # return config
    return dict(schemes=schemes, default="sha256_crypt")
master_context = LazyCryptContext(onload=_load_master_config)

#=============================================================================
# for quickly bootstrapping new custom applications
#=============================================================================
custom_app_context = LazyCryptContext(
    # choose some reasonbly strong schemes
    schemes=["sha512_crypt", "sha256_crypt"],

    # set some useful global options
    default="sha256_crypt" if sys_bits < 64 else "sha512_crypt",
    all__vary_rounds = 0.1,

    # set a good starting point for rounds selection
    sha512_crypt__min_rounds = 535000,
    sha256_crypt__min_rounds = 535000,

    # if the admin user category is selected, make a much stronger hash,
    admin__sha512_crypt__min_rounds = 1024000,
    admin__sha256_crypt__min_rounds = 1024000,
    )

#=============================================================================
# django
#=============================================================================
_django10_schemes = [
        "django_salted_sha1", "django_salted_md5", "django_des_crypt",
        "hex_md5", "django_disabled",
]

django10_context = LazyCryptContext(
    schemes=_django10_schemes,
    default="django_salted_sha1",
    deprecated=["hex_md5"],
)

_django14_schemes = ["django_pbkdf2_sha256", "django_pbkdf2_sha1",
                     "django_bcrypt"] + _django10_schemes
django14_context = LazyCryptContext(
    schemes=_django14_schemes,
    deprecated=_django10_schemes,
)

_django16_schemes = _django14_schemes[:]
_django16_schemes.insert(1, "django_bcrypt_sha256")
django16_context = LazyCryptContext(
    schemes=_django16_schemes,
    deprecated=_django10_schemes,
)

# this will always point to latest version
django_context = django16_context

#=============================================================================
# ldap
#=============================================================================
std_ldap_schemes = ["ldap_salted_sha1", "ldap_salted_md5",
                      "ldap_sha1", "ldap_md5",
                      "ldap_plaintext" ]

# create context with all std ldap schemes EXCEPT crypt
ldap_nocrypt_context = LazyCryptContext(std_ldap_schemes)

# create context with all possible std ldap + ldap crypt schemes
def _iter_ldap_crypt_schemes():
    from passlib.utils import unix_crypt_schemes
    return ('ldap_' + name for name in unix_crypt_schemes)

def _iter_ldap_schemes():
    """helper which iterates over supported std ldap schemes"""
    return chain(std_ldap_schemes, _iter_ldap_crypt_schemes())
ldap_context = LazyCryptContext(_iter_ldap_schemes())

### create context with all std ldap schemes + crypt schemes for localhost
##def _iter_host_ldap_schemes():
##    "helper which iterates over supported std ldap schemes"
##    from passlib.handlers.ldap_digests import get_host_ldap_crypt_schemes
##    return chain(std_ldap_schemes, get_host_ldap_crypt_schemes())
##ldap_host_context = LazyCryptContext(_iter_host_ldap_schemes())

#=============================================================================
# mysql
#=============================================================================
mysql3_context = LazyCryptContext(["mysql323"])
mysql4_context = LazyCryptContext(["mysql41", "mysql323"], deprecated="mysql323")
mysql_context = mysql4_context # tracks latest mysql version supported

#=============================================================================
# postgres
#=============================================================================
postgres_context = LazyCryptContext(["postgres_md5"])

#=============================================================================
# phpass & variants
#=============================================================================
def _create_phpass_policy(**kwds):
    """helper to choose default alg based on bcrypt availability"""
    kwds['default'] = 'bcrypt' if hash.bcrypt.has_backend() else 'phpass'
    return kwds

phpass_context = LazyCryptContext(
    schemes=["bcrypt", "phpass", "bsdi_crypt"],
    onload=_create_phpass_policy,
    )

phpbb3_context = LazyCryptContext(["phpass"], phpass__ident="H")

# TODO: support the drupal phpass variants (see phpass homepage)

#=============================================================================
# roundup
#=============================================================================

_std_roundup_schemes = [ "ldap_hex_sha1", "ldap_hex_md5", "ldap_des_crypt", "roundup_plaintext" ]
roundup10_context = LazyCryptContext(_std_roundup_schemes)

# NOTE: 'roundup15' really applies to roundup 1.4.17+
roundup_context = roundup15_context = LazyCryptContext(
    schemes=_std_roundup_schemes + [ "ldap_pbkdf2_sha1" ],
    deprecated=_std_roundup_schemes,
    default = "ldap_pbkdf2_sha1",
    ldap_pbkdf2_sha1__default_rounds = 10000,
    )

#=============================================================================
# eof
#=============================================================================