From 35b1b31f8a580f44fff97f7fb500dd9c283ea8c5 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Thu, 22 Sep 2022 18:36:21 +0200 Subject: [PATCH] Reorganizing init of crypt schemes --- lib/pp_admintools/app/set_ldap_password.py | 67 +++++++++++++++++++--- 1 file changed, 59 insertions(+), 8 deletions(-) diff --git a/lib/pp_admintools/app/set_ldap_password.py b/lib/pp_admintools/app/set_ldap_password.py index 7231a60..7320f00 100644 --- a/lib/pp_admintools/app/set_ldap_password.py +++ b/lib/pp_admintools/app/set_ldap_password.py @@ -28,7 +28,7 @@ from .ldap import LdapAppError from .ldap import BaseLdapApplication from .ldap import PasswordFileOptionAction -__version__ = '0.3.1' +__version__ = '0.4.1' LOG = logging.getLogger(__name__) _ = XLATOR.gettext @@ -53,15 +53,61 @@ class SetLdapPasswordApplication(BaseLdapApplication): except KeyError: pass - ldap_context = passlib.apps.ldap_context - available_schemes = list(ldap_context.schemes()) - available_schemes.append('ldap_pbkdf2_sha1') - available_schemes.append('ldap_pbkdf2_sha256') - available_schemes.append('ldap_pbkdf2_sha512') + possible_schemes = ( + 'ldap_des_crypt', + 'ldap_bcrypt', + 'ldap_md5', + 'ldap_md5_crypt', + 'ldap_salted_md5', + 'ldap_sha1', + 'ldap_sha1_crypt', + 'ldap_salted_sha1', + 'ldap_pbkdf2_sha1', + 'ldap_sha256_crypt', + 'ldap_salted_sha256', + 'ldap_pbkdf2_sha256', + 'ldap_sha512_crypt', + 'ldap_salted_sha512', + 'ldap_pbkdf2_sha512', + ) - passlib_context = passlib.context.CryptContext(schemes=available_schemes) + ldap_context = passlib.apps.ldap_context + available_schemes = [] + + schema_ids = { + 'ldap_des_crypt': 'CRYPT', + 'ldap_bcrypt': 'BCRYPT', + 'ldap_md5': 'MD5', + 'ldap_md5_crypt': 'MD5-CRYPT', + 'ldap_salted_md5': 'SMD5', + 'ldap_sha1': 'SHA', + 'ldap_sha1_crypt': 'SHA-CRYPT', + 'ldap_salted_sha1': 'SSHA', + 'ldap_pbkdf2_sha1': 'PBKDF2-SHA', + 'ldap_sha256_crypt': 'SHA256-CRYPT', + 'ldap_salted_sha256': 'SSHA256', + 'ldap_pbkdf2_sha256': 'PBKDF2-SHA256', + 'ldap_sha512_crypt': 'SHA512-CRYPT', + 'ldap_salted_sha512': 'SSHA512', + 'ldap_pbkdf2_sha512': 'PBKDF2-SHA512', + } + + passlib_context = None default_schema = 'ldap_salted_sha256' - passlib_context.update(default=default_schema) + + # ------------------------------------------------------------------------- + @classmethod + def init_pass_schemes(cls): + + cls.available_schemes = [] + all_handlers = passlib.registry.list_crypt_handlers() + + for schema in cls.possible_schemes: + if schema in all_handlers: + cls.available_schemes.append(schema) + + cls.passlib_context = passlib.context.CryptContext(schemes=cls.available_schemes) + cls.passlib_context.update(default=cls.default_schema) # ------------------------------------------------------------------------- def __init__(self, appname=None, base_dir=None): @@ -70,6 +116,8 @@ class SetLdapPasswordApplication(BaseLdapApplication): self.use_multiple_ldap_connections = False self.show_cmdline_ldap_timeout = True + self.init_pass_schemes() + self.current_password = None self.need_current_password = False self.do_user_bind = False @@ -107,8 +155,11 @@ class SetLdapPasswordApplication(BaseLdapApplication): res['available_schemes'] = self.available_schemes res['default_schema'] = self.passlib_context.default_scheme() + res['schema_ids'] = self.schema_ids if self.current_password and self.verbose < 5: res['current_password'] = '******' + if self.new_password and self.verbose < 5: + res['new_password'] = '******' return res -- 2.39.5