def verify_password(plaintext_password, hash):
"""Verifies a plain password string agailst a given password hash.
It uses a ldap_context to verify RFC 2307 hashes including the GNU
{crypt} extension. If the passord is a basic 2-byte-salted hash
given grom old unix crypt() the ldap_context will fail. For this we
try to crypt() the given plaintext using the first two bytes of the
given hash als salt and compare the two hashes.
"""
try:
result = ldap_context.verify(plaintext_password, hash)
if result:
return result
except ValueError:
pass
if hash.startswith("{crypt}") and len(hash) > 9:
real_hash = hash[7:]
salt = hash[7:9]
crypted = crypt(plaintext_password, salt)
return crypted == real_hash
return False
评论列表
文章目录
