]>
git.immae.eu Git - perso/Immae/Config/Nix.git/blob - wip-openldap-static/openldap_passwd.py
3 http://www.openldap.org/faq/data/cache/347.html
5 As seen working on Ubuntu 12.04 with OpenLDAP 2.4.28-1.1ubuntu4
7 Author: Roberto Aguilar <roberto@baremetal.io>
14 def check_password(tagged_digest_salt
, password
):
15 digest_salt_b64
= tagged_digest_salt
.encode('utf-8')[6:]
16 digest_salt
= base64
.decodebytes(digest_salt_b64
)
17 digest
= digest_salt
[:20]
18 salt
= digest_salt
[20:]
22 sha
= hashlib
.sha1(password
.encode('utf-8'))
25 return digest
== sha
.digest()
28 def make_secret(password
):
30 Encodes the given password as a base64 SSHA hash+salt buffer
34 # hash the password and append the salt
35 sha
= hashlib
.sha1(password
.encode('utf-8'))
38 # create a base64 encoded string of the concatenated digest + salt
39 digest_salt_b64
= base64
.b64encode(sha
.digest() + salt
).decode()
41 # now tag the digest above with the {SSHA} tag
42 tagged_digest_salt
= '{{SSHA}}{}'.format(digest_salt_b64
)
44 return tagged_digest_salt
47 if __name__
== '__main__':
48 # buffer straight out of OpenLDAP
49 ldap_buf
= '{SSHA}n8qRdZpyk5Ayb8PGWfFzT8vcNpGR4ebQ'
50 password
= "riefCutBisnumadNie"
51 print( 'ldap buffer result: {}'.format(check_password(ldap_buf
, password
)))
53 # check that make_secret() above can properly encode
54 print( 'checking make_secret: {}'.format(check_password(make_secret(password
), password
)))