Reorganizing init of crypt schemes

diff --git a/lib/pp_admintools/app/set_ldap_password.py b/lib/pp_admintools/app/set_ldap_password.py
index 7231a6020e1e161cfe732898dab9f71adeb9f3ce..7320f00347dd3a95dd3b215d77a5d4f9971e15cc 100644 (file)
--- a/lib/pp_admintools/app/set_ldap_password.py
+++ b/lib/pp_admintools/app/set_ldap_password.py
@@ -28,7 +28,7 @@ from .ldap import LdapAppError
 from .ldap import BaseLdapApplication
 from .ldap import PasswordFileOptionAction
 
-__version__ = '0.3.1'
+__version__ = '0.4.1'
 LOG = logging.getLogger(__name__)
 
 _ = XLATOR.gettext
@@ -53,15 +53,61 @@ class SetLdapPasswordApplication(BaseLdapApplication):
     except KeyError:
         pass
 
-    ldap_context = passlib.apps.ldap_context
-    available_schemes = list(ldap_context.schemes())
-    available_schemes.append('ldap_pbkdf2_sha1')
-    available_schemes.append('ldap_pbkdf2_sha256')
-    available_schemes.append('ldap_pbkdf2_sha512')
+    possible_schemes = (
+        'ldap_des_crypt',
+        'ldap_bcrypt',
+        'ldap_md5',
+        'ldap_md5_crypt',
+        'ldap_salted_md5',
+        'ldap_sha1',
+        'ldap_sha1_crypt',
+        'ldap_salted_sha1',
+        'ldap_pbkdf2_sha1',
+        'ldap_sha256_crypt',
+        'ldap_salted_sha256',
+        'ldap_pbkdf2_sha256',
+        'ldap_sha512_crypt',
+        'ldap_salted_sha512',
+        'ldap_pbkdf2_sha512',
+    )
 
-    passlib_context = passlib.context.CryptContext(schemes=available_schemes)
+    ldap_context = passlib.apps.ldap_context
+    available_schemes = []
+
+    schema_ids = {
+        'ldap_des_crypt': 'CRYPT',
+        'ldap_bcrypt': 'BCRYPT',
+        'ldap_md5': 'MD5',
+        'ldap_md5_crypt': 'MD5-CRYPT',
+        'ldap_salted_md5': 'SMD5',
+        'ldap_sha1': 'SHA',
+        'ldap_sha1_crypt': 'SHA-CRYPT',
+        'ldap_salted_sha1': 'SSHA',
+        'ldap_pbkdf2_sha1': 'PBKDF2-SHA',
+        'ldap_sha256_crypt': 'SHA256-CRYPT',
+        'ldap_salted_sha256': 'SSHA256',
+        'ldap_pbkdf2_sha256': 'PBKDF2-SHA256',
+        'ldap_sha512_crypt': 'SHA512-CRYPT',
+        'ldap_salted_sha512': 'SSHA512',
+        'ldap_pbkdf2_sha512': 'PBKDF2-SHA512',
+    }
+
+    passlib_context = None
     default_schema = 'ldap_salted_sha256'
-    passlib_context.update(default=default_schema)
+
+    # -------------------------------------------------------------------------
+    @classmethod
+    def init_pass_schemes(cls):
+
+        cls.available_schemes = []
+        all_handlers = passlib.registry.list_crypt_handlers()
+
+        for schema in cls.possible_schemes:
+            if schema in all_handlers:
+                cls.available_schemes.append(schema)
+
+        cls.passlib_context = passlib.context.CryptContext(schemes=cls.available_schemes)
+        cls.passlib_context.update(default=cls.default_schema)
 
     # -------------------------------------------------------------------------
     def __init__(self, appname=None, base_dir=None):
@@ -70,6 +116,8 @@ class SetLdapPasswordApplication(BaseLdapApplication):
         self.use_multiple_ldap_connections = False
         self.show_cmdline_ldap_timeout = True
 
+        self.init_pass_schemes()
+
         self.current_password = None
         self.need_current_password = False
         self.do_user_bind = False
@@ -107,8 +155,11 @@ class SetLdapPasswordApplication(BaseLdapApplication):
 
         res['available_schemes'] = self.available_schemes
         res['default_schema'] = self.passlib_context.default_scheme()
+        res['schema_ids'] = self.schema_ids
         if self.current_password and self.verbose < 5:
             res['current_password'] = '******'
+        if self.new_password and self.verbose < 5:
+            res['new_password'] = '******'
 
         return res