X-Git-Url: https://mudpy.org/gitweb?a=blobdiff_plain;f=lib%2Fmudpy%2Fpassword.py;h=68e1a5fa02795e31701a04755ae96c08b5a386bb;hb=710db132b0f10fee3897e581b190660e22b0b950;hp=94d690bd49bbb420df7c0c25cac13ebd235e4cfe;hpb=c6c355717beeda5c40390d1f6fdcfb1e9807d171;p=mudpy.git diff --git a/lib/mudpy/password.py b/lib/mudpy/password.py index 94d690b..68e1a5f 100644 --- a/lib/mudpy/password.py +++ b/lib/mudpy/password.py @@ -1,7 +1,7 @@ # -*- coding: utf-8 -*- -u"""Password hashing functions and constants for the mudpy engine.""" +"""Password hashing functions and constants for the mudpy engine.""" -# Copyright (c) 2004-2011 Jeremy Stanley . Permission +# Copyright (c) 2004-2013 Jeremy Stanley . Permission # to use, copy, modify, and distribute this software is granted under # terms provided in the LICENSE file distributed with this software. @@ -21,12 +21,10 @@ def _pack_bytes(numbers): between 0 and 255 into a packed sequence akin to a C-style string. """ import struct - # this will need to be declared as b"" during 2to3 migration - packed = "" + packed = b"" for number in numbers: number = int(number) assert 0 <= number <= 255 - # need to use b"B" during 2to3 migration packed += struct.pack("B", number) return packed @@ -39,8 +37,8 @@ def _bytes_to_text(byte_sequence): import base64 return base64.b64encode( byte_sequence, - u"./".encode(u"ascii") - ).rstrip(u"=") + b"./" + ).decode("ascii").rstrip("=") def _generate_salt(salt_len=2): @@ -55,12 +53,12 @@ def _generate_salt(salt_len=2): import math import random salt = [] - for i in xrange(int(math.ceil(salt_len * 0.75))): + for i in range(int(math.ceil(salt_len * 0.75))): salt.append(random.randint(0, 255)) return _bytes_to_text(_pack_bytes(salt))[:salt_len] -def upgrade_legacy_hash(legacy_hash, salt, sep=u"$"): +def upgrade_legacy_hash(legacy_hash, salt, sep="$"): """ This utility function is meant to provide a migration path for users of mudpy's legacy account-name-salted MD5 hexdigest password hashes. @@ -69,14 +67,13 @@ def upgrade_legacy_hash(legacy_hash, salt, sep=u"$"): returned. """ import re - assert re.match(u"^[0-9a-f]{32}$", + assert re.match("^[0-9a-f]{32}$", legacy_hash), "Not a valid MD5 hexdigest" - # this needs to be declared as b"" in 2to3 - collapsed = "" - for i in xrange(16): + collapsed = b"" + for i in range(16): # this needs to become a byte() call in 2to3 - collapsed += chr(int(legacy_hash[2 * i:2 * i + 2], 16)) - return u"%s%s%s%s%s%s%s%s" % ( + collapsed += bytes(legacy_hash[2 * i:2 * i + 2].decode("ascii")) + return "%s%s%s%s%s%s%s%s" % ( sep, MD5, sep, @@ -94,7 +91,7 @@ def create( algorithm=SHA1, rounds=4, salt_len=2, - sep=u"$" + sep="$" ): """ The meat of the module, this function takes a provided password and @@ -163,12 +160,18 @@ def create( # iterate the hashing algorithm over its own digest the specified # number of times - for i in xrange(2 ** rounds): - hashed = algorithms[algorithm](hashed).digest() + for i in range(2 ** rounds): + hashed = algorithms[algorithm](hashed.encode("utf-8")).digest() + # TODO: remove this exception trap after the switch to py2k + try: + hashed = "".join(format(x, "02x") for x in bytes(hashed)) + except ValueError: + hashed = "".join(format(ord(x), "02x") for x in bytes(hashed)) # concatenate the output fields, coercing into text form as needed - return u"%s%s%s%s%s%s%s%s" % ( - sep, algorithm, sep, rounds, sep, salt, sep, _bytes_to_text(hashed) + return "%s%s%s%s%s%s%s%s" % ( + sep, algorithm, sep, rounds, sep, salt, sep, + _bytes_to_text(hashed.encode("ascii")) ) @@ -180,7 +183,8 @@ def verify(password, encoded_hash): comes out the same as the encoded_hash. """ sep = encoded_hash[0] - algorithm, rounds, salt, hashed = encoded_hash[1:].split(sep) + import mudpy.misc + algorithm, rounds, salt, hashed = encoded_hash.split(sep)[1:] if encoded_hash == create( password=password, salt=salt,