pax_global_header00006660000000000000000000000064146137136150014521gustar00rootroot0000000000000052 comment=b20e21d9f24d6fa17a6781bbc9f272ce38246eef crypt_r-3.13.1/000077500000000000000000000000001461371361500132705ustar00rootroot00000000000000crypt_r-3.13.1/.github/000077500000000000000000000000001461371361500146305ustar00rootroot00000000000000crypt_r-3.13.1/.github/workflows/000077500000000000000000000000001461371361500166655ustar00rootroot00000000000000crypt_r-3.13.1/.github/workflows/main.yml000066400000000000000000000006361461371361500203410ustar00rootroot00000000000000name: Run Tox tests on: [push, pull_request] jobs: tox_test: name: Tox test steps: - name: Checkout uses: actions/checkout@v4 - name: Run Tox tests id: test uses: fedora-python/tox-github-action@main with: tox_env: ${{ matrix.tox_env }} runs-on: ubuntu-latest strategy: matrix: tox_env: - py311 - py312 - py313 crypt_r-3.13.1/.gitignore000066400000000000000000000000521461371361500152550ustar00rootroot00000000000000build/ dist/ venv/ *.egg-info *.dist-info crypt_r-3.13.1/LICENSE000066400000000000000000000331601461371361500143000ustar00rootroot00000000000000A. HISTORY OF THE SOFTWARE ========================== Python was created in the early 1990s by Guido van Rossum at Stichting Mathematisch Centrum (CWI, see https://www.cwi.nl) in the Netherlands as a successor of a language called ABC. Guido remains Python's principal author, although it includes many contributions from others. In 1995, Guido continued his work on Python at the Corporation for National Research Initiatives (CNRI, see https://www.cnri.reston.va.us) in Reston, Virginia where he released several versions of the software. In May 2000, Guido and the Python core development team moved to BeOpen.com to form the BeOpen PythonLabs team. In October of the same year, the PythonLabs team moved to Digital Creations, which became Zope Corporation. In 2001, the Python Software Foundation (PSF, see https://www.python.org/psf/) was formed, a non-profit organization created specifically to own Python-related Intellectual Property. Zope Corporation was a sponsoring member of the PSF. All Python releases are Open Source (see https://opensource.org for the Open Source Definition). Historically, most, but not all, Python releases have also been GPL-compatible; the table below summarizes the various releases. Release Derived Year Owner GPL- from compatible? (1) 0.9.0 thru 1.2 1991-1995 CWI yes 1.3 thru 1.5.2 1.2 1995-1999 CNRI yes 1.6 1.5.2 2000 CNRI no 2.0 1.6 2000 BeOpen.com no 1.6.1 1.6 2001 CNRI yes (2) 2.1 2.0+1.6.1 2001 PSF no 2.0.1 2.0+1.6.1 2001 PSF yes 2.1.1 2.1+2.0.1 2001 PSF yes 2.1.2 2.1.1 2002 PSF yes 2.1.3 2.1.2 2002 PSF yes 2.2 and above 2.1.1 2001-now PSF yes Footnotes: (1) GPL-compatible doesn't mean that we're distributing Python under the GPL. All Python licenses, unlike the GPL, let you distribute a modified version without making your changes open source. The GPL-compatible licenses make it possible to combine Python with other software that is released under the GPL; the others don't. (2) According to Richard Stallman, 1.6.1 is not GPL-compatible, because its license has a choice of law clause. According to CNRI, however, Stallman's lawyer has told CNRI's lawyer that 1.6.1 is "not incompatible" with the GPL. Thanks to the many outside volunteers who have worked under Guido's direction to make these releases possible. B. TERMS AND CONDITIONS FOR ACCESSING OR OTHERWISE USING PYTHON =============================================================== Python software and documentation are licensed under the Python Software Foundation License Version 2. Starting with Python 3.8.6, examples, recipes, and other code in the documentation are dual licensed under the PSF License Version 2 and the Zero-Clause BSD license. Some software incorporated into Python is under different licenses. The licenses are listed with code falling under that license. PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2 -------------------------------------------- 1. This LICENSE AGREEMENT is between the Python Software Foundation ("PSF"), and the Individual or Organization ("Licensee") accessing and otherwise using this software ("Python") in source or binary form and its associated documentation. 2. Subject to the terms and conditions of this License Agreement, PSF hereby grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce, analyze, test, perform and/or display publicly, prepare derivative works, distribute, and otherwise use Python alone or in any derivative version, provided, however, that PSF's License Agreement and PSF's notice of copyright, i.e., "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Python Software Foundation; All Rights Reserved" are retained in Python alone or in any derivative version prepared by Licensee. 3. In the event Licensee prepares a derivative work that is based on or incorporates Python or any part thereof, and wants to make the derivative work available to others as provided herein, then Licensee hereby agrees to include in any such work a brief summary of the changes made to Python. 4. PSF is making Python available to Licensee on an "AS IS" basis. PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT INFRINGE ANY THIRD PARTY RIGHTS. 5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON, OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. 6. This License Agreement will automatically terminate upon a material breach of its terms and conditions. 7. Nothing in this License Agreement shall be deemed to create any relationship of agency, partnership, or joint venture between PSF and Licensee. This License Agreement does not grant permission to use PSF trademarks or trade name in a trademark sense to endorse or promote products or services of Licensee, or any third party. 8. By copying, installing or otherwise using Python, Licensee agrees to be bound by the terms and conditions of this License Agreement. BEOPEN.COM LICENSE AGREEMENT FOR PYTHON 2.0 ------------------------------------------- BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1 1. This LICENSE AGREEMENT is between BeOpen.com ("BeOpen"), having an office at 160 Saratoga Avenue, Santa Clara, CA 95051, and the Individual or Organization ("Licensee") accessing and otherwise using this software in source or binary form and its associated documentation ("the Software"). 2. Subject to the terms and conditions of this BeOpen Python License Agreement, BeOpen hereby grants Licensee a non-exclusive, royalty-free, world-wide license to reproduce, analyze, test, perform and/or display publicly, prepare derivative works, distribute, and otherwise use the Software alone or in any derivative version, provided, however, that the BeOpen Python License is retained in the Software, alone or in any derivative version prepared by Licensee. 3. BeOpen is making the Software available to Licensee on an "AS IS" basis. BEOPEN MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, BEOPEN MAKES NO AND DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF THE SOFTWARE WILL NOT INFRINGE ANY THIRD PARTY RIGHTS. 4. BEOPEN SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF THE SOFTWARE FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THE SOFTWARE, OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. 5. This License Agreement will automatically terminate upon a material breach of its terms and conditions. 6. This License Agreement shall be governed by and interpreted in all respects by the law of the State of California, excluding conflict of law provisions. Nothing in this License Agreement shall be deemed to create any relationship of agency, partnership, or joint venture between BeOpen and Licensee. This License Agreement does not grant permission to use BeOpen trademarks or trade names in a trademark sense to endorse or promote products or services of Licensee, or any third party. As an exception, the "BeOpen Python" logos available at http://www.pythonlabs.com/logos.html may be used according to the permissions granted on that web page. 7. By copying, installing or otherwise using the software, Licensee agrees to be bound by the terms and conditions of this License Agreement. CNRI LICENSE AGREEMENT FOR PYTHON 1.6.1 --------------------------------------- 1. This LICENSE AGREEMENT is between the Corporation for National Research Initiatives, having an office at 1895 Preston White Drive, Reston, VA 20191 ("CNRI"), and the Individual or Organization ("Licensee") accessing and otherwise using Python 1.6.1 software in source or binary form and its associated documentation. 2. Subject to the terms and conditions of this License Agreement, CNRI hereby grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce, analyze, test, perform and/or display publicly, prepare derivative works, distribute, and otherwise use Python 1.6.1 alone or in any derivative version, provided, however, that CNRI's License Agreement and CNRI's notice of copyright, i.e., "Copyright (c) 1995-2001 Corporation for National Research Initiatives; All Rights Reserved" are retained in Python 1.6.1 alone or in any derivative version prepared by Licensee. Alternately, in lieu of CNRI's License Agreement, Licensee may substitute the following text (omitting the quotes): "Python 1.6.1 is made available subject to the terms and conditions in CNRI's License Agreement. This Agreement together with Python 1.6.1 may be located on the internet using the following unique, persistent identifier (known as a handle): 1895.22/1013. This Agreement may also be obtained from a proxy server on the internet using the following URL: http://hdl.handle.net/1895.22/1013". 3. In the event Licensee prepares a derivative work that is based on or incorporates Python 1.6.1 or any part thereof, and wants to make the derivative work available to others as provided herein, then Licensee hereby agrees to include in any such work a brief summary of the changes made to Python 1.6.1. 4. CNRI is making Python 1.6.1 available to Licensee on an "AS IS" basis. CNRI MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, CNRI MAKES NO AND DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON 1.6.1 WILL NOT INFRINGE ANY THIRD PARTY RIGHTS. 5. CNRI SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON 1.6.1 FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON 1.6.1, OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. 6. This License Agreement will automatically terminate upon a material breach of its terms and conditions. 7. This License Agreement shall be governed by the federal intellectual property law of the United States, including without limitation the federal copyright law, and, to the extent such U.S. federal law does not apply, by the law of the Commonwealth of Virginia, excluding Virginia's conflict of law provisions. Notwithstanding the foregoing, with regard to derivative works based on Python 1.6.1 that incorporate non-separable material that was previously distributed under the GNU General Public License (GPL), the law of the Commonwealth of Virginia shall govern this License Agreement only as to issues arising under or with respect to Paragraphs 4, 5, and 7 of this License Agreement. Nothing in this License Agreement shall be deemed to create any relationship of agency, partnership, or joint venture between CNRI and Licensee. This License Agreement does not grant permission to use CNRI trademarks or trade name in a trademark sense to endorse or promote products or services of Licensee, or any third party. 8. By clicking on the "ACCEPT" button where indicated, or by copying, installing or otherwise using Python 1.6.1, Licensee agrees to be bound by the terms and conditions of this License Agreement. ACCEPT CWI LICENSE AGREEMENT FOR PYTHON 0.9.0 THROUGH 1.2 -------------------------------------------------- Copyright (c) 1991 - 1995, Stichting Mathematisch Centrum Amsterdam, The Netherlands. All rights reserved. Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Stichting Mathematisch Centrum or CWI not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. STICHTING MATHEMATISCH CENTRUM DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL STICHTING MATHEMATISCH CENTRUM BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ZERO-CLAUSE BSD LICENSE FOR CODE IN THE PYTHON DOCUMENTATION ---------------------------------------------------------------------- Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. crypt_r-3.13.1/MANIFEST.in000066400000000000000000000001261461371361500150250ustar00rootroot00000000000000include README.rst include LICENSE include tox.ini recursive-include src *.py *.h *.c crypt_r-3.13.1/README.rst000066400000000000000000000162511461371361500147640ustar00rootroot00000000000000crypt_r --- Function to check Unix passwords ============================================ Originally by: Steven D. Majewski The ``crypt_r`` module is a renamed copy of the ``crypt`` module as it was present in Python 3.12 before it was removed. See `PEP 594`_ for details of the removal. Unlike ``crypt``, this library always exposes the `crypt_r(3)`_ function, not `crypt(3)`_. Note that ``crypt_r`` is not part of any standard. This library is tested with the ``crypt_r`` implementation in Fedora Linux (libxcrypt, as of 2024), and should work with compatible implementations of ``crypt_r`` (such as ``libcrypt.so`` from older glibc). Note that the improvements in ``crypt_r`` over ``crypt`` are in memory management and thread safety, not security/cryptography. It is easy to use ``crypt_r`` in an insecure way. Notably: All hashing methods except ``METHOD_CRYPT`` (the original Unix algorithm from the 1970s) are optional platform-specific extensions. This library does not expose modern hashing methods like libxcrypt's yescrypt. The last wrapper update is from 2017. No future development is planned. To use this module, you can either import ``crypt_r`` explicitly or use the old ``crypt`` name for backward compatibility. However, on Python older than 3.13, the ``crypt`` module from the standard library will usually take precedence on ``sys.path``. Here follows the original documentation for the removed ``crypt`` module, updated to refer to it as ``crypt_r``: -------------- This module implements an interface to the `crypt_r(3)`_ routine, which is a one-way hash function based upon a modified DES algorithm; see the Unix man page for further details. Possible uses include storing hashed passwords so you can check passwords without storing the actual password, or attempting to crack Unix passwords with a dictionary. Notice that the behavior of this module depends on the actual implementation of the `crypt_r(3)`_ routine in the running system. Therefore, any extensions available on the current implementation will also be available on this module. Hashing Methods --------------- New in Python 3.3. The ``crypt_r`` module defines the list of hashing methods (not all methods are available on all platforms): ``METHOD_SHA512`` A Modular Crypt Format method with 16 character salt and 86 character hash based on the SHA-512 hash function. This is the strongest method. ``METHOD_SHA256`` Another Modular Crypt Format method with 16 character salt and 43 character hash based on the SHA-256 hash function. ``METHOD_BLOWFISH`` Another Modular Crypt Format method with 22 character salt and 31 character hash based on the Blowfish cipher. New in Python 3.7. ``METHOD_MD5`` Another Modular Crypt Format method with 8 character salt and 22 character hash based on the MD5 hash function. ``METHOD_CRYPT`` The traditional method with a 2 character salt and 13 characters of hash. This is the weakest method. Module Attributes ----------------- New in Python 3.3. ``methods`` A list of available password hashing algorithms, as ``crypt.METHOD_*`` objects. This list is sorted from strongest to weakest. Module Functions ---------------- The ``crypt_r`` module defines the following functions: ``crypt(word, salt=None)`` *word* will usually be a user's password as typed at a prompt or in a graphical interface. The optional *salt* is either a string as returned from ``mksalt()``, one of the ``crypt.METHOD_*`` values (though not all may be available on all platforms), or a full encrypted password including salt, as returned by this function. If *salt* is not provided, the strongest method available in ``methods`` will be used. Checking a password is usually done by passing the plain-text password as *word* and the full results of a previous ``crypt`` call, which should be the same as the results of this call. *salt* (either a random 2 or 16 character string, possibly prefixed with ``$digit$`` to indicate the method) which will be used to perturb the encryption algorithm. The characters in *salt* must be in the set ``[./a-zA-Z0-9]``, with the exception of Modular Crypt Format which prefixes a ``$digit$``. Returns the hashed password as a string, which will be composed of characters from the same alphabet as the salt. Since a few `crypt_r(3)`_ extensions allow different values, with different sizes in the *salt*, it is recommended to use the full crypted password as salt when checking for a password. Changed in Python 3.3: Accept ``crypt.METHOD_*`` values in addition to strings for *salt*. ``mksalt(method=None, *, rounds=None)`` Return a randomly generated salt of the specified method. If no *method* is given, the strongest method available in ``methods`` is used. The return value is a string suitable for passing as the *salt* argument to ``crypt`` . *rounds* specifies the number of rounds for ``METHOD_SHA256``, ``METHOD_SHA512`` and ``METHOD_BLOWFISH``. For ``METHOD_SHA256`` and ``METHOD_SHA512`` it must be an integer between ``1000`` and ``999_999_999``, the default is ``5000``. For ``METHOD_BLOWFISH`` it must be a power of two between ``16`` (2\ :sup:`4`) and ``2_147_483_648`` (2\ :sup:`31`), the default is ``4096`` (2\ :sup:`12`). New in Python 3.3. Changed in Python 3.7: Added the *rounds* parameter. Examples -------- A simple example illustrating typical use (a constant-time comparison operation is needed to limit exposure to timing attacks. `hmac.compare_digest()`_ is suitable for this purpose): .. code-block:: python import pwd import crypt_r import getpass from hmac import compare_digest as compare_hash def login(): username = input('Python login: ') cryptedpasswd = pwd.getpwnam(username)[1] if cryptedpasswd: if cryptedpasswd == 'x' or cryptedpasswd == '*': raise ValueError('no support for shadow passwords') cleartext = getpass.getpass() return compare_hash(crypt_r.crypt(cleartext, cryptedpasswd), cryptedpasswd) else: return True To generate a hash of a password using the strongest available method and check it against the original: .. code-block:: python import crypt_r from hmac import compare_digest as compare_hash hashed = crypt_r.crypt(plaintext) if not compare_hash(hashed, crypt_r.crypt(plaintext, hashed)): raise ValueError("hashed version doesn't validate against original") -------------- Changelog --------- 3.13.1 ^^^^^^ * Fix build with ``-Werror=incompatible-pointer-types`` 3.13.0 ^^^^^^ * Initial fork from CPython 3.12.3 * Always uses the `crypt_r(3)`_ function, never `crypt(3)`_ * Renamed the Python modules to ``crypt_r`` and ``_crypt_r`` For historical changes when this module was included in Python, please refer to the `Python 3.12 Changelog`_. .. _PEP 594: https://peps.python.org/pep-0594/#crypt .. _crypt(3): https://manpages.debian.org/crypt(3) .. _crypt_r(3): https://manpages.debian.org/crypt_r(3) .. _hmac.compare_digest(): https://docs.python.org/3/library/hmac.html#hmac.compare_digest .. _Python 3.12 Changelog: https://docs.python.org/3.12/whatsnew/changelog.html crypt_r-3.13.1/pyproject.toml000066400000000000000000000020721461371361500162050ustar00rootroot00000000000000[build-system] requires = ["setuptools>=61"] build-backend = "setuptools.build_meta" [project] name = "crypt_r" version = "3.13.1" authors = [ {name = "Steven D. Majewski", email = "sdm7g@virginia.edu"}, ] maintainers = [ {name = "Miro Hrončok", email = "miro@hroncok.cz"}, {name = "Petr Viktorin", email = "encukou@gmail.com"}, {name = "Tomáš Hrnčiar", email = "tomas.hrnciar@me.com"}, {name = "Karolina Surma", email = "ksurma@redhat.com"}, ] description = "A copy of the `crypt` module that was removed in Python 3.13" readme = "README.rst" requires-python = ">=3.11" classifiers = [ "Programming Language :: Python :: 3", "Programming Language :: Python :: Implementation :: CPython", "License :: OSI Approved :: Python Software Foundation License", "Operating System :: POSIX :: Linux", ] license = {file = "LICENSE"} [project.urls] "Homepage" = "https://github.com/fedora-python/crypt_r" "Bug Tracker" = "https://github.com/fedora-python/crypt_r/issues" [tool.setuptools] py-modules = ["crypt_r", "crypt"] package-dir = {"" = "src"} crypt_r-3.13.1/setup.py000066400000000000000000000004101461371361500147750ustar00rootroot00000000000000from setuptools import setup, Extension setup( ext_modules=[ Extension( '_crypt_r', sources=[ 'src/_crypt_r.c', ], libraries=[ 'crypt', ], ) ], ) crypt_r-3.13.1/src/000077500000000000000000000000001461371361500140575ustar00rootroot00000000000000crypt_r-3.13.1/src/_crypt_r.c000066400000000000000000000055471461371361500160570ustar00rootroot00000000000000/* cryptmodule.c - by Steve Majewski * * Taken from Python 3.12 with removed argument clinic code. */ #include "Python.h" #include #include /* Module crypt */ PyDoc_STRVAR(crypt_r_crypt__doc__, "crypt($module, word, salt, /)\n" "--\n" "\n" "Hash a *word* with the given *salt* and return the hashed password.\n" "\n" "*word* will usually be a user\'s password. *salt* (either a random 2 or 16\n" "character string, possibly prefixed with $digit$ to indicate the method)\n" "will be used to perturb the encryption algorithm and produce distinct\n" "results for a given *word*."); static PyObject * crypt_r_crypt(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { if (nargs != 2) { PyErr_Format(PyExc_TypeError,"crypt expected 2 arguments, got %zd", nargs); return NULL; } const char *word; const char *salt; Py_ssize_t word_length; Py_ssize_t salt_length; if (!PyUnicode_Check(args[0])) { PyErr_Format( PyExc_TypeError, "crypt argument 1 (word) must be string, not %s", Py_TYPE(args[0])->tp_name ); return NULL; } word = PyUnicode_AsUTF8AndSize(args[0], &word_length); if (word == NULL) { return NULL; } if (strlen(word) != (size_t)word_length) { PyErr_SetString( PyExc_ValueError, "crypt argument 1 (word) contains embedded null character" ); return NULL; } if (!PyUnicode_Check(args[1])) { PyErr_Format( PyExc_TypeError, "crypt argument 2 (salt) must be string, not %s", Py_TYPE(args[1])->tp_name ); return NULL; } salt = PyUnicode_AsUTF8AndSize(args[1], &salt_length); if (salt == NULL) { return NULL; } if (strlen(salt) != (size_t)salt_length) { PyErr_SetString( PyExc_ValueError, "crypt argument 2 (salt) contains embedded null character" ); return NULL; } char *crypt_result; struct crypt_data data; memset(&data, 0, sizeof(data)); crypt_result = crypt_r(word, salt, &data); if (crypt_result == NULL) { return PyErr_SetFromErrno(PyExc_OSError); } return PyUnicode_FromString(crypt_result); } static PyMethodDef crypt_r_methods[] = { {"crypt", (PyCFunction)crypt_r_crypt, METH_FASTCALL, crypt_r_crypt__doc__}, {NULL, NULL} /* sentinel */ }; static PyModuleDef_Slot _crypt_r_slots[] = { #ifdef Py_MOD_PER_INTERPRETER_GIL_SUPPORTED {Py_mod_multiple_interpreters, Py_MOD_PER_INTERPRETER_GIL_SUPPORTED}, #endif {0, NULL} }; static struct PyModuleDef crypt_r_module = { PyModuleDef_HEAD_INIT, "_crypt_r", NULL, 0, crypt_r_methods, _crypt_r_slots, NULL, NULL, NULL }; PyMODINIT_FUNC PyInit__crypt_r(void) { return PyModuleDef_Init(&crypt_r_module); } crypt_r-3.13.1/src/crypt.py000066400000000000000000000001701461371361500155700ustar00rootroot00000000000000"""Wrapper around crypt_r to provide the old name.""" from crypt_r import * from crypt_r import _saltchars # for tests crypt_r-3.13.1/src/crypt_r.py000066400000000000000000000073111461371361500161150ustar00rootroot00000000000000"""Wrapper to the POSIX crypt library call and associated functionality.""" import sys as _sys try: import _crypt_r except ModuleNotFoundError: if _sys.platform == 'win32': raise ImportError("The crypt_r module is not supported on Windows") else: raise import errno import string as _string from random import SystemRandom as _SystemRandom from collections import namedtuple as _namedtuple _saltchars = _string.ascii_letters + _string.digits + './' _sr = _SystemRandom() class _Method(_namedtuple('_Method', 'name ident salt_chars total_size')): """Class representing a salt method per the Modular Crypt Format or the legacy 2-character crypt method.""" def __repr__(self): return ''.format(self.name) def mksalt(method=None, *, rounds=None): """Generate a salt for the specified method. If not specified, the strongest available method will be used. """ if method is None: method = methods[0] if rounds is not None and not isinstance(rounds, int): raise TypeError(f'{rounds.__class__.__name__} object cannot be ' f'interpreted as an integer') if not method.ident: # traditional s = '' else: # modular s = f'${method.ident}$' if method.ident and method.ident[0] == '2': # Blowfish variants if rounds is None: log_rounds = 12 else: log_rounds = int.bit_length(rounds-1) if rounds != 1 << log_rounds: raise ValueError('rounds must be a power of 2') if not 4 <= log_rounds <= 31: raise ValueError('rounds out of the range 2**4 to 2**31') s += f'{log_rounds:02d}$' elif method.ident in ('5', '6'): # SHA-2 if rounds is not None: if not 1000 <= rounds <= 999_999_999: raise ValueError('rounds out of the range 1000 to 999_999_999') s += f'rounds={rounds}$' elif rounds is not None: raise ValueError(f"{method} doesn't support the rounds argument") s += ''.join(_sr.choice(_saltchars) for char in range(method.salt_chars)) return s def crypt(word, salt=None): """Return a string representing the one-way hash of a password, with a salt prepended. If ``salt`` is not specified or is ``None``, the strongest available method will be selected and a salt generated. Otherwise, ``salt`` may be one of the ``crypt_r.METHOD_*`` values, or a string as returned by ``crypt_r.mksalt()``. """ if salt is None or isinstance(salt, _Method): salt = mksalt(salt) return _crypt_r.crypt(word, salt) # available salting/crypto methods methods = [] def _add_method(name, *args, rounds=None): method = _Method(name, *args) globals()['METHOD_' + name] = method salt = mksalt(method, rounds=rounds) result = None try: result = crypt('', salt) except OSError as e: # Not all libc libraries support all encryption methods. if e.errno in {errno.EINVAL, errno.EPERM, errno.ENOSYS}: return False raise if result and len(result) == method.total_size: methods.append(method) return True return False _add_method('SHA512', '6', 16, 106) _add_method('SHA256', '5', 16, 63) # Choose the strongest supported version of Blowfish hashing. # Early versions have flaws. Version 'a' fixes flaws of # the initial implementation, 'b' fixes flaws of 'a'. # 'y' is the same as 'b', for compatibility # with openwall crypt_blowfish. for _v in 'b', 'y', 'a', '': if _add_method('BLOWFISH', '2' + _v, 22, 59 + len(_v), rounds=1<<4): break _add_method('MD5', '1', 8, 34) _add_method('CRYPT', None, 2, 13) del _v, _add_method crypt_r-3.13.1/tests/000077500000000000000000000000001461371361500144325ustar00rootroot00000000000000crypt_r-3.13.1/tests/test_crypt_r.py000066400000000000000000000073671461371361500175420ustar00rootroot00000000000000import sys import unittest import crypt_r class CryptRTestCase(unittest.TestCase): crypt = crypt_r def test_crypt(self): cr = self.crypt.crypt('mypassword') cr2 = self.crypt.crypt('mypassword', cr) self.assertEqual(cr2, cr) cr = self.crypt.crypt('mypassword', 'ab') if cr is not None: cr2 = self.crypt.crypt('mypassword', cr) self.assertEqual(cr2, cr) def test_salt(self): self.assertEqual(len(self.crypt._saltchars), 64) for method in self.crypt.methods: salt = self.crypt.mksalt(method) self.assertIn(len(salt) - method.salt_chars, {0, 1, 3, 4, 6, 7}) if method.ident: self.assertIn(method.ident, salt[:len(salt)-method.salt_chars]) def test_saltedcrypt(self): for method in self.crypt.methods: cr = self.crypt.crypt('assword', method) self.assertEqual(len(cr), method.total_size) cr2 = self.crypt.crypt('assword', cr) self.assertEqual(cr2, cr) cr = self.crypt.crypt('assword', self.crypt.mksalt(method)) self.assertEqual(len(cr), method.total_size) def test_methods(self): self.assertTrue(len(self.crypt.methods) >= 1) if sys.platform.startswith('openbsd'): self.assertEqual(self.crypt.methods, [self.crypt.METHOD_BLOWFISH]) else: self.assertEqual(self.crypt.methods[-1], self.crypt.METHOD_CRYPT) @unittest.skipUnless( crypt.METHOD_SHA256 in crypt.methods or crypt.METHOD_SHA512 in crypt.methods, 'requires support of SHA-2', ) def test_sha2_rounds(self): for method in (self.crypt.METHOD_SHA256, self.crypt.METHOD_SHA512): for rounds in 1000, 10_000, 100_000: salt = self.crypt.mksalt(method, rounds=rounds) self.assertIn('$rounds=%d$' % rounds, salt) self.assertEqual(len(salt) - method.salt_chars, 11 + len(str(rounds))) cr = self.crypt.crypt('mypassword', salt) self.assertTrue(cr) cr2 = self.crypt.crypt('mypassword', cr) self.assertEqual(cr2, cr) @unittest.skipUnless( crypt.METHOD_BLOWFISH in crypt.methods, 'requires support of Blowfish' ) def test_blowfish_rounds(self): for log_rounds in range(4, 11): salt = self.crypt.mksalt(self.crypt.METHOD_BLOWFISH, rounds=1 << log_rounds) self.assertIn('$%02d$' % log_rounds, salt) self.assertIn(len(salt) - self.crypt.METHOD_BLOWFISH.salt_chars, {6, 7}) cr = self.crypt.crypt('mypassword', salt) self.assertTrue(cr) cr2 = self.crypt.crypt('mypassword', cr) self.assertEqual(cr2, cr) def test_invalid_rounds(self): for method in (self.crypt.METHOD_SHA256, self.crypt.METHOD_SHA512, self.crypt.METHOD_BLOWFISH): with self.assertRaises(TypeError): self.crypt.mksalt(method, rounds='4096') with self.assertRaises(TypeError): self.crypt.mksalt(method, rounds=4096.0) for rounds in (0, 1, -1, 1<<999): with self.assertRaises(ValueError): self.crypt.mksalt(method, rounds=rounds) with self.assertRaises(ValueError): self.crypt.mksalt(self.crypt.METHOD_BLOWFISH, rounds=1000) for method in (self.crypt.METHOD_CRYPT, self.crypt.METHOD_MD5): with self.assertRaisesRegex(ValueError, 'support'): self.crypt.mksalt(method, rounds=4096) if sys.version_info >= (3, 13): import crypt class CryptTestCase(CryptRTestCase): crypt = crypt if __name__ == "__main__": unittest.main() crypt_r-3.13.1/tox.ini000066400000000000000000000002571461371361500146070ustar00rootroot00000000000000[tox] requires = tox>=4 env_list = py{311,312,313} [testenv] commands = python tests/test_crypt_r.py {posargs} setenv = CFLAGS=-Werror=incompatible-pointer-types