Metadata-Version: 2.4
Name: crypt_r
Version: 3.13.1
Summary: A copy of the `crypt` module that was removed in Python 3.13
Author-email: "Steven D. Majewski" <sdm7g@virginia.edu>
Maintainer-email: Miro Hrončok <miro@hroncok.cz>, Petr Viktorin <encukou@gmail.com>, Tomáš Hrnčiar <tomas.hrnciar@me.com>, Karolina Surma <ksurma@redhat.com>
License: A. HISTORY OF THE SOFTWARE
        ==========================
        
        Python was created in the early 1990s by Guido van Rossum at Stichting
        Mathematisch Centrum (CWI, see https://www.cwi.nl) in the Netherlands
        as a successor of a language called ABC.  Guido remains Python's
        principal author, although it includes many contributions from others.
        
        In 1995, Guido continued his work on Python at the Corporation for
        National Research Initiatives (CNRI, see https://www.cnri.reston.va.us)
        in Reston, Virginia where he released several versions of the
        software.
        
        In May 2000, Guido and the Python core development team moved to
        BeOpen.com to form the BeOpen PythonLabs team.  In October of the same
        year, the PythonLabs team moved to Digital Creations, which became
        Zope Corporation.  In 2001, the Python Software Foundation (PSF, see
        https://www.python.org/psf/) was formed, a non-profit organization
        created specifically to own Python-related Intellectual Property.
        Zope Corporation was a sponsoring member of the PSF.
        
        All Python releases are Open Source (see https://opensource.org for
        the Open Source Definition).  Historically, most, but not all, Python
        releases have also been GPL-compatible; the table below summarizes
        the various releases.
        
            Release         Derived     Year        Owner       GPL-
                            from                                compatible? (1)
        
            0.9.0 thru 1.2              1991-1995   CWI         yes
            1.3 thru 1.5.2  1.2         1995-1999   CNRI        yes
            1.6             1.5.2       2000        CNRI        no
            2.0             1.6         2000        BeOpen.com  no
            1.6.1           1.6         2001        CNRI        yes (2)
            2.1             2.0+1.6.1   2001        PSF         no
            2.0.1           2.0+1.6.1   2001        PSF         yes
            2.1.1           2.1+2.0.1   2001        PSF         yes
            2.1.2           2.1.1       2002        PSF         yes
            2.1.3           2.1.2       2002        PSF         yes
            2.2 and above   2.1.1       2001-now    PSF         yes
        
        Footnotes:
        
        (1) GPL-compatible doesn't mean that we're distributing Python under
            the GPL.  All Python licenses, unlike the GPL, let you distribute
            a modified version without making your changes open source.  The
            GPL-compatible licenses make it possible to combine Python with
            other software that is released under the GPL; the others don't.
        
        (2) According to Richard Stallman, 1.6.1 is not GPL-compatible,
            because its license has a choice of law clause.  According to
            CNRI, however, Stallman's lawyer has told CNRI's lawyer that 1.6.1
            is "not incompatible" with the GPL.
        
        Thanks to the many outside volunteers who have worked under Guido's
        direction to make these releases possible.
        
        
        B. TERMS AND CONDITIONS FOR ACCESSING OR OTHERWISE USING PYTHON
        ===============================================================
        
        Python software and documentation are licensed under the
        Python Software Foundation License Version 2.
        
        Starting with Python 3.8.6, examples, recipes, and other code in
        the documentation are dual licensed under the PSF License Version 2
        and the Zero-Clause BSD license.
        
        Some software incorporated into Python is under different licenses.
        The licenses are listed with code falling under that license.
        
        
        PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2
        --------------------------------------------
        
        1. This LICENSE AGREEMENT is between the Python Software Foundation
        ("PSF"), and the Individual or Organization ("Licensee") accessing and
        otherwise using this software ("Python") in source or binary form and
        its associated documentation.
        
        2. Subject to the terms and conditions of this License Agreement, PSF hereby
        grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce,
        analyze, test, perform and/or display publicly, prepare derivative works,
        distribute, and otherwise use Python alone or in any derivative version,
        provided, however, that PSF's License Agreement and PSF's notice of copyright,
        i.e., "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
        2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Python Software Foundation;
        All Rights Reserved" are retained in Python alone or in any derivative version
        prepared by Licensee.
        
        3. In the event Licensee prepares a derivative work that is based on
        or incorporates Python or any part thereof, and wants to make
        the derivative work available to others as provided herein, then
        Licensee hereby agrees to include in any such work a brief summary of
        the changes made to Python.
        
        4. PSF is making Python available to Licensee on an "AS IS"
        basis.  PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR
        IMPLIED.  BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND
        DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS
        FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT
        INFRINGE ANY THIRD PARTY RIGHTS.
        
        5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON
        FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS
        A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON,
        OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
        
        6. This License Agreement will automatically terminate upon a material
        breach of its terms and conditions.
        
        7. Nothing in this License Agreement shall be deemed to create any
        relationship of agency, partnership, or joint venture between PSF and
        Licensee.  This License Agreement does not grant permission to use PSF
        trademarks or trade name in a trademark sense to endorse or promote
        products or services of Licensee, or any third party.
        
        8. By copying, installing or otherwise using Python, Licensee
        agrees to be bound by the terms and conditions of this License
        Agreement.
        
        
        BEOPEN.COM LICENSE AGREEMENT FOR PYTHON 2.0
        -------------------------------------------
        
        BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1
        
        1. This LICENSE AGREEMENT is between BeOpen.com ("BeOpen"), having an
        office at 160 Saratoga Avenue, Santa Clara, CA 95051, and the
        Individual or Organization ("Licensee") accessing and otherwise using
        this software in source or binary form and its associated
        documentation ("the Software").
        
        2. Subject to the terms and conditions of this BeOpen Python License
        Agreement, BeOpen hereby grants Licensee a non-exclusive,
        royalty-free, world-wide license to reproduce, analyze, test, perform
        and/or display publicly, prepare derivative works, distribute, and
        otherwise use the Software alone or in any derivative version,
        provided, however, that the BeOpen Python License is retained in the
        Software, alone or in any derivative version prepared by Licensee.
        
        3. BeOpen is making the Software available to Licensee on an "AS IS"
        basis.  BEOPEN MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR
        IMPLIED.  BY WAY OF EXAMPLE, BUT NOT LIMITATION, BEOPEN MAKES NO AND
        DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS
        FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF THE SOFTWARE WILL NOT
        INFRINGE ANY THIRD PARTY RIGHTS.
        
        4. BEOPEN SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF THE
        SOFTWARE FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS
        AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THE SOFTWARE, OR ANY
        DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
        
        5. This License Agreement will automatically terminate upon a material
        breach of its terms and conditions.
        
        6. This License Agreement shall be governed by and interpreted in all
        respects by the law of the State of California, excluding conflict of
        law provisions.  Nothing in this License Agreement shall be deemed to
        create any relationship of agency, partnership, or joint venture
        between BeOpen and Licensee.  This License Agreement does not grant
        permission to use BeOpen trademarks or trade names in a trademark
        sense to endorse or promote products or services of Licensee, or any
        third party.  As an exception, the "BeOpen Python" logos available at
        http://www.pythonlabs.com/logos.html may be used according to the
        permissions granted on that web page.
        
        7. By copying, installing or otherwise using the software, Licensee
        agrees to be bound by the terms and conditions of this License
        Agreement.
        
        
        CNRI LICENSE AGREEMENT FOR PYTHON 1.6.1
        ---------------------------------------
        
        1. This LICENSE AGREEMENT is between the Corporation for National
        Research Initiatives, having an office at 1895 Preston White Drive,
        Reston, VA 20191 ("CNRI"), and the Individual or Organization
        ("Licensee") accessing and otherwise using Python 1.6.1 software in
        source or binary form and its associated documentation.
        
        2. Subject to the terms and conditions of this License Agreement, CNRI
        hereby grants Licensee a nonexclusive, royalty-free, world-wide
        license to reproduce, analyze, test, perform and/or display publicly,
        prepare derivative works, distribute, and otherwise use Python 1.6.1
        alone or in any derivative version, provided, however, that CNRI's
        License Agreement and CNRI's notice of copyright, i.e., "Copyright (c)
        1995-2001 Corporation for National Research Initiatives; All Rights
        Reserved" are retained in Python 1.6.1 alone or in any derivative
        version prepared by Licensee.  Alternately, in lieu of CNRI's License
        Agreement, Licensee may substitute the following text (omitting the
        quotes): "Python 1.6.1 is made available subject to the terms and
        conditions in CNRI's License Agreement.  This Agreement together with
        Python 1.6.1 may be located on the internet using the following
        unique, persistent identifier (known as a handle): 1895.22/1013.  This
        Agreement may also be obtained from a proxy server on the internet
        using the following URL: http://hdl.handle.net/1895.22/1013".
        
        3. In the event Licensee prepares a derivative work that is based on
        or incorporates Python 1.6.1 or any part thereof, and wants to make
        the derivative work available to others as provided herein, then
        Licensee hereby agrees to include in any such work a brief summary of
        the changes made to Python 1.6.1.
        
        4. CNRI is making Python 1.6.1 available to Licensee on an "AS IS"
        basis.  CNRI MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR
        IMPLIED.  BY WAY OF EXAMPLE, BUT NOT LIMITATION, CNRI MAKES NO AND
        DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS
        FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON 1.6.1 WILL NOT
        INFRINGE ANY THIRD PARTY RIGHTS.
        
        5. CNRI SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON
        1.6.1 FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS
        A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON 1.6.1,
        OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
        
        6. This License Agreement will automatically terminate upon a material
        breach of its terms and conditions.
        
        7. This License Agreement shall be governed by the federal
        intellectual property law of the United States, including without
        limitation the federal copyright law, and, to the extent such
        U.S. federal law does not apply, by the law of the Commonwealth of
        Virginia, excluding Virginia's conflict of law provisions.
        Notwithstanding the foregoing, with regard to derivative works based
        on Python 1.6.1 that incorporate non-separable material that was
        previously distributed under the GNU General Public License (GPL), the
        law of the Commonwealth of Virginia shall govern this License
        Agreement only as to issues arising under or with respect to
        Paragraphs 4, 5, and 7 of this License Agreement.  Nothing in this
        License Agreement shall be deemed to create any relationship of
        agency, partnership, or joint venture between CNRI and Licensee.  This
        License Agreement does not grant permission to use CNRI trademarks or
        trade name in a trademark sense to endorse or promote products or
        services of Licensee, or any third party.
        
        8. By clicking on the "ACCEPT" button where indicated, or by copying,
        installing or otherwise using Python 1.6.1, Licensee agrees to be
        bound by the terms and conditions of this License Agreement.
        
                ACCEPT
        
        
        CWI LICENSE AGREEMENT FOR PYTHON 0.9.0 THROUGH 1.2
        --------------------------------------------------
        
        Copyright (c) 1991 - 1995, Stichting Mathematisch Centrum Amsterdam,
        The Netherlands.  All rights reserved.
        
        Permission to use, copy, modify, and distribute this software and its
        documentation for any purpose and without fee is hereby granted,
        provided that the above copyright notice appear in all copies and that
        both that copyright notice and this permission notice appear in
        supporting documentation, and that the name of Stichting Mathematisch
        Centrum or CWI not be used in advertising or publicity pertaining to
        distribution of the software without specific, written prior
        permission.
        
        STICHTING MATHEMATISCH CENTRUM DISCLAIMS ALL WARRANTIES WITH REGARD TO
        THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
        FITNESS, IN NO EVENT SHALL STICHTING MATHEMATISCH CENTRUM BE LIABLE
        FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
        WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
        ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
        OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
        
        ZERO-CLAUSE BSD LICENSE FOR CODE IN THE PYTHON DOCUMENTATION
        ----------------------------------------------------------------------
        
        Permission to use, copy, modify, and/or distribute this software for any
        purpose with or without fee is hereby granted.
        
        THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
        REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
        AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
        INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
        LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
        OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
        PERFORMANCE OF THIS SOFTWARE.
        
Project-URL: Homepage, https://github.com/fedora-python/crypt_r
Project-URL: Bug Tracker, https://github.com/fedora-python/crypt_r/issues
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: License :: OSI Approved :: Python Software Foundation License
Classifier: Operating System :: POSIX :: Linux
Requires-Python: >=3.11
Description-Content-Type: text/x-rst
License-File: LICENSE
Dynamic: license-file

crypt_r --- Function to check Unix passwords
============================================

Originally by: Steven D. Majewski <sdm7g@virginia.edu>

The ``crypt_r`` module is a renamed copy of the ``crypt`` module
as it was present in Python 3.12 before it was removed.

See `PEP 594`_ for details of the removal.

Unlike ``crypt``, this library always exposes the `crypt_r(3)`_ function, not `crypt(3)`_.

Note that ``crypt_r`` is not part of any standard.
This library is tested with the ``crypt_r`` implementation in Fedora Linux
(libxcrypt, as of 2024), and should work with compatible implementations of ``crypt_r``
(such as ``libcrypt.so`` from older glibc).

Note that the improvements in ``crypt_r`` over ``crypt`` are in memory management and thread safety,
not security/cryptography.

It is easy to use ``crypt_r`` in an insecure way. Notably:
All hashing methods except ``METHOD_CRYPT`` (the original Unix algorithm from the 1970s)
are optional platform-specific extensions.
This library does not expose modern hashing methods like libxcrypt's yescrypt.
The last wrapper update is from 2017.
No future development is planned.

To use this module, you can either import ``crypt_r`` explicitly
or use the old ``crypt`` name for backward compatibility.
However, on Python older than 3.13, the ``crypt`` module
from the standard library will usually take precedence on ``sys.path``.

Here follows the original documentation for the removed ``crypt`` module,
updated to refer to it as ``crypt_r``:

--------------

This module implements an interface to the `crypt_r(3)`_ routine, which is
a one-way hash function based upon a modified DES algorithm; see the Unix man
page for further details.  Possible uses include storing hashed passwords
so you can check passwords without storing the actual password, or attempting
to crack Unix passwords with a dictionary.

Notice that the behavior of this module depends on the actual implementation  of
the `crypt_r(3)`_ routine in the running system.  Therefore, any
extensions available on the current implementation will also  be available on
this module.

Hashing Methods
---------------

New in Python 3.3.

The ``crypt_r`` module defines the list of hashing methods (not all methods
are available on all platforms):

``METHOD_SHA512``
   A Modular Crypt Format method with 16 character salt and 86 character
   hash based on the SHA-512 hash function.  This is the strongest method.

``METHOD_SHA256``
   Another Modular Crypt Format method with 16 character salt and 43
   character hash based on the SHA-256 hash function.

``METHOD_BLOWFISH``
   Another Modular Crypt Format method with 22 character salt and 31
   character hash based on the Blowfish cipher.

   New in Python 3.7.

``METHOD_MD5``
   Another Modular Crypt Format method with 8 character salt and 22
   character hash based on the MD5 hash function.

``METHOD_CRYPT``
   The traditional method with a 2 character salt and 13 characters of
   hash.  This is the weakest method.


Module Attributes
-----------------

New in Python 3.3.

``methods``
   A list of available password hashing algorithms, as
   ``crypt.METHOD_*`` objects.  This list is sorted from strongest to
   weakest.


Module Functions
----------------

The ``crypt_r`` module defines the following functions:

``crypt(word, salt=None)``
   *word* will usually be a user's password as typed at a prompt or  in a graphical
   interface.  The optional *salt* is either a string as returned from
   ``mksalt()``, one of the ``crypt.METHOD_*`` values (though not all
   may be available on all platforms), or a full encrypted password
   including salt, as returned by this function.  If *salt* is not
   provided, the strongest method available in ``methods`` will be used.

   Checking a password is usually done by passing the plain-text password
   as *word* and the full results of a previous  ``crypt``  call,
   which should be the same as the results of this call.

   *salt* (either a random 2 or 16 character string, possibly prefixed with
   ``$digit$`` to indicate the method) which will be used to perturb the
   encryption algorithm.  The characters in *salt* must be in the set
   ``[./a-zA-Z0-9]``, with the exception of Modular Crypt Format which
   prefixes a ``$digit$``.

   Returns the hashed password as a string, which will be composed of
   characters from the same alphabet as the salt.

   Since a few `crypt_r(3)`_ extensions allow different values, with
   different sizes in the *salt*, it is recommended to use  the full crypted
   password as salt when checking for a password.

   Changed in Python 3.3:
   Accept ``crypt.METHOD_*`` values in addition to strings for *salt*.


``mksalt(method=None, *, rounds=None)``
   Return a randomly generated salt of the specified method.  If no
   *method* is given, the strongest method available in ``methods`` is
   used.

   The return value is a string suitable for passing as the *salt* argument
   to  ``crypt`` .

   *rounds* specifies the number of rounds for ``METHOD_SHA256``,
   ``METHOD_SHA512`` and ``METHOD_BLOWFISH``.
   For ``METHOD_SHA256`` and ``METHOD_SHA512`` it must be an integer between
   ``1000`` and ``999_999_999``, the default is ``5000``.  For
   ``METHOD_BLOWFISH`` it must be a power of two between ``16`` (2\ :sup:`4`)
   and ``2_147_483_648`` (2\ :sup:`31`), the default is ``4096``
   (2\ :sup:`12`).

   New in Python 3.3.

   Changed in Python 3.7:
   Added the *rounds* parameter.


Examples
--------

A simple example illustrating typical use (a constant-time comparison
operation is needed to limit exposure to timing attacks.
`hmac.compare_digest()`_ is suitable for this purpose):

.. code-block:: python

   import pwd
   import crypt_r
   import getpass
   from hmac import compare_digest as compare_hash

   def login():
       username = input('Python login: ')
       cryptedpasswd = pwd.getpwnam(username)[1]
       if cryptedpasswd:
           if cryptedpasswd == 'x' or cryptedpasswd == '*':
               raise ValueError('no support for shadow passwords')
           cleartext = getpass.getpass()
           return compare_hash(crypt_r.crypt(cleartext, cryptedpasswd), cryptedpasswd)
       else:
           return True

To generate a hash of a password using the strongest available method and
check it against the original:

.. code-block:: python

   import crypt_r
   from hmac import compare_digest as compare_hash

   hashed = crypt_r.crypt(plaintext)
   if not compare_hash(hashed, crypt_r.crypt(plaintext, hashed)):
       raise ValueError("hashed version doesn't validate against original")

--------------


Changelog
---------

3.13.1
^^^^^^

* Fix build with ``-Werror=incompatible-pointer-types``


3.13.0
^^^^^^

* Initial fork from CPython 3.12.3
* Always uses the `crypt_r(3)`_ function, never `crypt(3)`_
* Renamed the Python modules to ``crypt_r`` and ``_crypt_r``

For historical changes when this module was included in Python,
please refer to the `Python 3.12 Changelog`_.


.. _PEP 594: https://peps.python.org/pep-0594/#crypt
.. _crypt(3): https://manpages.debian.org/crypt(3)
.. _crypt_r(3): https://manpages.debian.org/crypt_r(3)
.. _hmac.compare_digest(): https://docs.python.org/3/library/hmac.html#hmac.compare_digest
.. _Python 3.12 Changelog: https://docs.python.org/3.12/whatsnew/changelog.html
