1
"""passlib.exc -- exceptions & warnings raised by passlib"""
2
#=============================================================================
4
#=============================================================================
5
class MissingBackendError(RuntimeError):
6
"""Error raised if multi-backend handler has no available backends;
7
or if specifically requested backend is not available.
9
:exc:`!MissingBackendError` derives
10
from :exc:`RuntimeError`, since it usually indicates
11
lack of an external library or OS feature.
12
This is primarily raised by handlers which depend on
13
external libraries (which is currently just
14
:class:`~passlib.hash.bcrypt`).
17
class PasswordSizeError(ValueError):
18
"""Error raised if a password exceeds the maximum size allowed
19
by Passlib (4096 characters).
21
Many password hash algorithms take proportionately larger amounts of time and/or
22
memory depending on the size of the password provided. This could present
23
a potential denial of service (DOS) situation if a maliciously large
24
password is provided to an application. Because of this, Passlib enforces
25
a maximum size limit, but one which should be *much* larger
26
than any legitimate password. :exc:`!PasswordSizeError` derives
27
from :exc:`!ValueError`.
30
Applications wishing to use a different limit should set the
31
``PASSLIB_MAX_PASSWORD_SIZE`` environmental variable before
32
Passlib is loaded. The value can be any large positive integer.
37
ValueError.__init__(self, "password exceeds maximum allowed size")
39
# this also prevents a glibc crypt segfault issue, detailed here ...
40
# http://www.openwall.com/lists/oss-security/2011/11/15/1
42
#=============================================================================
44
#=============================================================================
45
class PasslibWarning(UserWarning):
46
"""base class for Passlib's user warnings.
51
class PasslibConfigWarning(PasslibWarning):
52
"""Warning issued when non-fatal issue is found related to the configuration
53
of a :class:`~passlib.context.CryptContext` instance.
55
This occurs primarily in one of two cases:
57
* The CryptContext contains rounds limits which exceed the hard limits
58
imposed by the underlying algorithm.
59
* An explicit rounds value was provided which exceeds the limits
60
imposed by the CryptContext.
62
In both of these cases, the code will perform correctly & securely;
63
but the warning is issued as a sign the configuration may need updating.
66
class PasslibHashWarning(PasslibWarning):
67
"""Warning issued when non-fatal issue is found with parameters
68
or hash string passed to a passlib hash class.
70
This occurs primarily in one of two cases:
72
* A rounds value or other setting was explicitly provided which
73
exceeded the handler's limits (and has been clamped
74
by the :ref:`relaxed<relaxed-keyword>` flag).
76
* A malformed hash string was encountered which (while parsable)
80
class PasslibRuntimeWarning(PasslibWarning):
81
"""Warning issued when something unexpected happens during runtime.
83
The fact that it's a warning instead of an error means Passlib
84
was able to correct for the issue, but that it's anonmalous enough
85
that the developers would love to hear under what conditions it occurred.
88
class PasslibSecurityWarning(PasslibWarning):
89
"""Special warning issued when Passlib encounters something
90
that might affect security.
93
#=============================================================================
96
# note: these functions are used by the hashes in Passlib to raise common
97
# error messages. They are currently just functions which return ValueError,
98
# rather than subclasses of ValueError, since the specificity isn't needed
99
# yet; and who wants to import a bunch of error classes when catching
100
# ValueError will do?
101
#=============================================================================
103
def _get_name(handler):
104
return handler.name if handler else "<unnamed>"
106
#------------------------------------------------------------------------
108
#------------------------------------------------------------------------
109
def type_name(value):
110
"return pretty-printed string containing name of value's type"
111
cls = value.__class__
112
if cls.__module__ and cls.__module__ not in ["__builtin__", "builtins"]:
113
return "%s.%s" % (cls.__module__, cls.__name__)
119
def ExpectedTypeError(value, expected, param):
120
"error message when param was supposed to be one type, but found another"
121
# NOTE: value is never displayed, since it may sometimes be a password.
122
name = type_name(value)
123
return TypeError("%s must be %s, not %s" % (param, expected, name))
125
def ExpectedStringError(value, param):
126
"error message when param was supposed to be unicode or bytes"
127
return ExpectedTypeError(value, "unicode or bytes", param)
129
#------------------------------------------------------------------------
130
# encrypt/verify parameter errors
131
#------------------------------------------------------------------------
132
def MissingDigestError(handler=None):
133
"raised when verify() method gets passed config string instead of hash"
134
name = _get_name(handler)
135
return ValueError("expected %s hash, got %s config string instead" %
138
def NullPasswordError(handler=None):
139
"raised by OS crypt() supporting hashes, which forbid NULLs in password"
140
name = _get_name(handler)
141
return ValueError("%s does not allow NULL bytes in password" % name)
143
#------------------------------------------------------------------------
144
# errors when parsing hashes
145
#------------------------------------------------------------------------
146
def InvalidHashError(handler=None):
147
"error raised if unrecognized hash provided to handler"
148
return ValueError("not a valid %s hash" % _get_name(handler))
150
def MalformedHashError(handler=None, reason=None):
151
"error raised if recognized-but-malformed hash provided to handler"
152
text = "malformed %s hash" % _get_name(handler)
154
text = "%s (%s)" % (text, reason)
155
return ValueError(text)
157
def ZeroPaddedRoundsError(handler=None):
158
"error raised if hash was recognized but contained zero-padded rounds field"
159
return MalformedHashError(handler, "zero-padded rounds")
161
#------------------------------------------------------------------------
162
# settings / hash component errors
163
#------------------------------------------------------------------------
164
def ChecksumSizeError(handler, raw=False):
165
"error raised if hash was recognized, but checksum was wrong size"
166
# TODO: if handler.use_defaults is set, this came from app-provided value,
167
# not from parsing a hash string, might want different error msg.
168
checksum_size = handler.checksum_size
169
unit = "bytes" if raw else "chars"
170
reason = "checksum must be exactly %d %s" % (checksum_size, unit)
171
return MalformedHashError(handler, reason)
173
#=============================================================================
175
#=============================================================================