%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python3.9/site-packages/passlib/handlers/__pycache__/
Upload File :
Create Path :
Current File : //lib/python3.9/site-packages/passlib/handlers/__pycache__/cisco.cpython-39.pyc

a

f�Wc�?�@s�dZddlmZmZddlmZddlZe�e�Z	ddl
mZddlm
Z
mZmZmZddlmZddlmZmZmZmZmZmZddlmmZgd	�Zd
ZGdd�dej ej!�Z"Gd
d�de"�Z#Gdd�dej$�Z%dS)z1
passlib.handlers.cisco -- Cisco password hashes
�)�hexlify�	unhexlify)�md5N)�warn)�right_pad_string�
to_unicode�
repeat_string�to_bytes)�h64)�unicode�u�join_byte_values�join_byte_elems�iter_byte_values�
uascii_to_str)�	cisco_pix�	cisco_asa�cisco_type7s ��������������������������������c@s6eZdZdZdZdZdZdZdZe	j
ZdZdd�Z
dS)ra�
    This class implements the password hash used by older Cisco PIX firewalls,
    and follows the :ref:`password-hash-api`.
    It does a single round of hashing, and relies on the username
    as the salt.

    This class only allows passwords <= 16 bytes, anything larger
    will result in a :exc:`~passlib.exc.PasswordSizeError` if passed to :meth:`~cisco_pix.hash`,
    and be silently rejected if passed to :meth:`~cisco_pix.verify`.

    The :meth:`~passlib.ifc.PasswordHash.hash`,
    :meth:`~passlib.ifc.PasswordHash.genhash`, and
    :meth:`~passlib.ifc.PasswordHash.verify` methods
    all support the following extra keyword:

    :param str user:
        String containing name of user account this password is associated with.

        This is *required* in order to correctly hash passwords associated
        with a user account on the Cisco device, as it is used to salt
        the hash.

        Conversely, this *must* be omitted or set to ``""`` in order to correctly
        hash passwords which don't have an associated user account
        (such as the "enable" password).

    .. versionadded:: 1.6

    .. versionchanged:: 1.7.1

        Passwords > 16 bytes are now rejected / throw error instead of being silently truncated,
        to match Cisco behavior.  A number of :ref:`bugs <passlib-asa96-bug>` were fixed
        which caused prior releases to generate unverifiable hashes in certain cases.
    �TFcCs�|j}t|t�r|�d�}d}t|�|jkr^|jrVd|j|jf}tj	j
|j|d��n|t}|j}|r�t|t�r||�d�}|r�t|�dkr�|t
|d�7}|r�t|�dkr�d}nd}t||�}|r�||7}t|���}td	d
�t|�D��}t�|��d�S)a7
        This function implements the "encrypted" hash format used by Cisco
        PIX & ASA. It's behavior has been confirmed for ASA 9.6,
        but is presumed correct for PIX & other ASA releases,
        as it fits with known test vectors, and existing literature.

        While nearly the same, the PIX & ASA hashes have slight differences,
        so this function performs differently based on the _is_asa class flag.
        Noteable changes from PIX to ASA include password size limit
        increased from 16 -> 32, and other internal changes.
        �utf-8Nz.Password too long (%s allows at most %d bytes))�msg��r� css"|]\}}|dd@r|VqdS)��N�)�.0�i�crr�:/usr/lib/python3.9/site-packages/passlib/handlers/cisco.py�	<genexpr>��z+cisco_pix._calc_checksum.<locals>.<genexpr>�ascii)�_is_asa�
isinstancer�encode�len�
truncate_size�use_defaults�name�uh�excZPasswordSizeError�_DUMMY_BYTES�userrrr�digestr�	enumerater
Zencode_bytes�decode)�self�secretZasaZspoil_digestrr.Zpad_sizer/rrr �_calc_checksumgs4



�



zcisco_pix._calc_checksumN)�__name__�
__module__�__qualname__�__doc__r*r(Ztruncate_errorZtruncate_verify_rejectZ
checksum_sizer+ZHASH64_CHARS�checksum_charsr$r4rrrr r$s)rc@seZdZdZdZdZdZdS)ra�
    This class implements the password hash used by Cisco ASA/PIX 7.0 and newer (2005).
    Aside from a different internal algorithm, it's use and format is identical
    to the older :class:`cisco_pix` class.

    For passwords less than 13 characters, this should be identical to :class:`!cisco_pix`,
    but will generate a different hash for most larger inputs
    (See the `Format & Algorithm`_ section for the details).

    This class only allows passwords <= 32 bytes, anything larger
    will result in a :exc:`~passlib.exc.PasswordSizeError` if passed to :meth:`~cisco_asa.hash`,
    and be silently rejected if passed to :meth:`~cisco_asa.verify`.

    .. versionadded:: 1.7

    .. versionchanged:: 1.7.1

        Passwords > 32 bytes are now rejected / throw error instead of being silently truncated,
        to match Cisco behavior.  A number of :ref:`bugs <passlib-asa96-bug>` were fixed
        which caused prior releases to generate unverifiable hashes in certain cases.
    rTN)r5r6r7r8r*r(r$rrrr r�srcs�eZdZdZdZdZejZdZ	dZ
ed�fdd�	�Zedd	��Z
d�fd
d�	Zedd
d��Zedd��Zdd�Zdd�Zeddd��Zed�Zedd��Z�ZS)ra+
    This class implements the "Type 7" password encoding used by Cisco IOS,
    and follows the :ref:`password-hash-api`.
    It has a simple 4-5 bit salt, but is nonetheless a reversible encoding
    instead of a real hash.

    The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords:

    :type salt: int
    :param salt:
        This may be an optional salt integer drawn from ``range(0,16)``.
        If omitted, one will be chosen at random.

    :type relaxed: bool
    :param relaxed:
        By default, providing an invalid value for one of the other
        keywords will result in a :exc:`ValueError`. If ``relaxed=True``,
        and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning`
        will be issued instead. Correctable errors include
        ``salt`` values that are out of range.

    Note that while this class outputs digests in upper-case hexadecimal,
    it will accept lower-case as well.

    This class also provides the following additional method:

    .. automethod:: decode
    ��saltr�4NcsHtt|�jfi|��}�durD|j�|�d�d��t�fdd��|_|S)N�relaxed)r=cs�S�Nrrr:rr �<lambda>fr"z#cisco_type7.using.<locals>.<lambda>)�superr�using�
_norm_salt�get�staticmethod�_generate_salt)�clsr;�kwds�subcls��	__class__r:r rAas
zcisco_type7.usingcCsLt|dd�}t|�dkr$tj�|��t|dd��}|||dd���d�S)Nr#�hash�)r;�checksum)rr'r+r,ZInvalidHashError�int�upper)rFrKr;rrr �from_stringis
zcisco_type7.from_stringcshtt|�jfi|��|dur*|�|�}n4|jrV|��}|�|�|ks^Jd|f��ntd��||_dS)Nzgenerated invalid salt: %rzno salt specified)r@r�__init__rBr)rE�	TypeErrorr;)r2r;rGrIrr rQqszcisco_type7.__init__FcCsjt|t�stj�|dd��d|kr0|jkr8nn|Sd}|r^t|tj�|dkrXdS|jSt|��dS)z�
        validate & normalize salt value.
        .. note::
            the salt for this algorithm is an integer 0-52, not a string
        Zintegerr;rz"salt/offset must be in 0..52 rangeN)	r%rNr+r,ZExpectedTypeError�max_salt_valuerZPasslibHashWarning�
ValueError)rFr;r=rrrr rB|s
zcisco_type7._norm_saltcCstj�dd�S)Nr�)r+�rngZrandintrrrr rE�szcisco_type7._generate_saltcCsd|jt|j�fS)Nz%02d%s)r;rrM)r2rrr �	to_string�szcisco_type7.to_stringcCs0t|t�r|�d�}t|�||j���d���S)Nrr#)r%rr&r�_cipherr;r1rO)r2r3rrr r4�s

zcisco_type7._calc_checksumrcCs:|�|�}t|j�d��}|�||j�}|r6|�|�S|S)z�decode hash, returning original password.

        :arg hash: encoded password
        :param encoding: optional encoding to use (defaults to ``UTF-8``).
        :returns: password as unicode
        r#)rPrrMr&rXr;r1)rFrK�encodingr2�tmp�rawrrr r1�s
zcisco_type7.decodez5dsfd;kfoA,.iyewrkldJKDHSUBsgvca69834ncxv9873254k;fg87cs0|j�t���t���fdd�tt|��D��S)z1xor static key against data - encrypts & decryptsc3s*|]"\}}|t��|��AVqdSr>)�ord)r�idx�value��keyZkey_sizer;rr r!�s�z&cisco_type7._cipher.<locals>.<genexpr>)�_keyr'r
r0r)rF�datar;rr_r rX�s

�zcisco_type7._cipher)N)N)F)r)r5r6r7r8r*Zsetting_kwdsr+ZUPPER_HEX_CHARSr9Zmin_salt_valuerS�classmethodrArPrQrBrDrErWr4r1rrarX�
__classcell__rrrIr r)s,#


r)&r8ZbinasciirrZhashlibrZloggingZ	getLoggerr5�log�warningsrZ
passlib.utilsrrrr	Zpasslib.utils.binaryr
Zpasslib.utils.compatrrr
rrrZpasslib.utils.handlersZutils�handlersr+�__all__r-ZHasUserContextZ
StaticHandlerrrZGenericHandlerrrrrr �<module>s V0

Zerion Mini Shell 1.0