Replace passlib with built-in crypt

bitsd/server/auth.py

@@ -6,8 +6,8 @@
 # GNU GPLv3. See COPYING at top level for more information.
 #
 from datetime import datetime, timedelta
+import crypt
 
-from passlib.hash import sha512_crypt as Hasher
 from tornado.options import options
 
 from bitsd.persistence.query import get_user, get_last_login_attempt, log_last_login_attempt
@@ -70,19 +70,20 @@ def verify(session, username, supplied_password, ip_address):
     if user is None:
         LOG.warn("Failed attempt for non existent user %r", username)
         # Calculate hash anyway (see docs for the explanation)
-        Hasher.encrypt(supplied_password)
+        crypt.crypt(supplied_password, crypt.mksalt(rounds=656000))
         log_last_login_attempt(session, ip_address, username)
         return False
     else:
-        valid = Hasher.verify(supplied_password, user.password)
-        if not valid:
+        new_pw = crypt.crypt(supplied_password, user.password)
+        if not user.password == new_pw:
             log_last_login_attempt(session, ip_address, username)
-        return valid
+        else:
+            return True
 
 
 def useradd(session, username, password):
     """Add user with hashed password to database"""
-    user = User(username, Hasher.encrypt(password))
+    user = User(username, crypt.crypt(password, crypt.mksalt(rounds=656000)))
     persist(session, user)
 
 
@@ -95,5 +96,5 @@ def userdel(session, username):
 def usermod(session, username, password):
     """"Modify password for existing user."""
     user = get_user(session, username)
-    user.password = Hasher.encrypt(password)
+    user.password = crypt.crypt(password, crypt.mksalt(rounds=656000))
     persist(session, user)

requirements.txt

 futures
-passlib
 markdown
 sqlalchemy>=0.7
 tornado==4.*

setup.py

@@ -22,8 +22,7 @@ setup(
         'sqlalchemy >= 0.7',
         'markdown',
         'futures',
-        'pycares',
-        'passlib'
+        'pycares'
     ],
     packages=[
         'bitsd',