libs/rpcd-mod-rad3-enc/files/rad3-enc


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

#!/usr/bin/python3

# cspell:words encpass enctype hpasswd jsonin passlib plainpass radicale

import sys
import json
from passlib.hash import apr_md5_crypt, sha256_crypt, sha512_crypt # pyright: ignore[reportMissingModuleSource]
from radicale import utils # pyright: ignore[reportMissingImports]

def main():

    if len(sys.argv) < 2:
        return -1

    if sys.argv[1] == 'list':
        print('{ "encrypt": { "type": "str", "plainpass": "str" } }\n')
        return 0

    if sys.argv[1] == 'call':
        if len(sys.argv) < 3:
            return -1

    if sys.argv[2] != 'encrypt':
        return -1

    encpass = ""
    error = ""

    try:
        jsonin = json.loads(sys.stdin.readline())
        enctype = jsonin['type'].strip()
        plainpass = jsonin['plainpass']

        if enctype == 'plain':
            encpass = plainpass
        elif enctype == 'md5':
            encpass = apr_md5_crypt.hash(plainpass).strip()
        elif enctype == 'sha256':
            encpass = sha256_crypt.using(rounds=5000).hash(plainpass).strip()
        elif enctype == 'sha512':
            encpass = sha512_crypt.using(rounds=5000).hash(plainpass).strip()
        elif enctype == 'bcrypt':
            try:
                from passlib.hash import bcrypt  # pyright: ignore[reportMissingModuleSource]
            except ImportError as e:
                raise RuntimeError("hpasswd encryption method 'bcrypt' requires the bcrypt module, which is missing") from e
            else:
                encpass = bcrypt.hash(plainpass).strip()
        elif enctype == 'argon2':
            try:
                import argon2 # pyright: ignore[reportMissingImports]
            except ImportError as e:
                raise RuntimeError("hpasswd encryption method 'argon2' requires the argon2 module, which is missing") from e
            else:
                encpass = argon2.using(type="ID").hash(plainpass).strip()

    except Exception as e:
        encpass = ""
        error = str(e)

    if ((encpass == "") and (error == "")):
        error = "unable to encrypt password"

    if error:
        print(json.dumps({ "encrypted_password": encpass, "error": error}))
    else:
        print(json.dumps({ "encrypted_password": encpass}))

    return 0

main()