]>
Commit | Line | Data |
---|---|---|
1 | #!/usr/bin/env python | |
2 | """ | |
3 | http://www.openldap.org/faq/data/cache/347.html | |
4 | ||
5 | As seen working on Ubuntu 12.04 with OpenLDAP 2.4.28-1.1ubuntu4 | |
6 | ||
7 | Author: Roberto Aguilar <roberto@baremetal.io> | |
8 | """ | |
9 | import hashlib | |
10 | import os | |
11 | import base64 | |
12 | ||
13 | ||
14 | def check_password(tagged_digest_salt, password): | |
15 | digest_salt_b64 = tagged_digest_salt.encode('utf-8')[6:] | |
16 | digest_salt = base64.decodebytes(digest_salt_b64) | |
17 | digest = digest_salt[:20] | |
18 | salt = digest_salt[20:] | |
19 | print(len(digest)) | |
20 | print(salt) | |
21 | ||
22 | sha = hashlib.sha1(password.encode('utf-8')) | |
23 | sha.update(salt) | |
24 | ||
25 | return digest == sha.digest() | |
26 | ||
27 | ||
28 | def make_secret(password): | |
29 | """ | |
30 | Encodes the given password as a base64 SSHA hash+salt buffer | |
31 | """ | |
32 | salt = os.urandom(4) | |
33 | ||
34 | # hash the password and append the salt | |
35 | sha = hashlib.sha1(password.encode('utf-8')) | |
36 | sha.update(salt) | |
37 | ||
38 | # create a base64 encoded string of the concatenated digest + salt | |
39 | digest_salt_b64 = base64.b64encode(sha.digest() + salt).decode() | |
40 | ||
41 | # now tag the digest above with the {SSHA} tag | |
42 | tagged_digest_salt = '{{SSHA}}{}'.format(digest_salt_b64) | |
43 | ||
44 | return tagged_digest_salt | |
45 | ||
46 | ||
47 | if __name__ == '__main__': | |
48 | # buffer straight out of OpenLDAP | |
49 | ldap_buf = '{SSHA}n8qRdZpyk5Ayb8PGWfFzT8vcNpGR4ebQ' | |
50 | password = "riefCutBisnumadNie" | |
51 | print( 'ldap buffer result: {}'.format(check_password(ldap_buf, password))) | |
52 | ||
53 | # check that make_secret() above can properly encode | |
54 | print( 'checking make_secret: {}'.format(check_password(make_secret(password), password))) |