[Freeipa-devel] [freeipa PR#570][opened] ipaserver/dcerpc.py: use arcfour_encrypt from samba

Fri, 10 Mar 2017 06:51:56 -0800 

   URL: https://github.com/freeipa/freeipa/pull/570
Author: abbra
 Title: #570: ipaserver/dcerpc.py: use arcfour_encrypt from samba
Action: opened

PR body:
"""
Samba Python bindings provide samba.arcfour_encrypt(key, data). Instead
of implementing own wrapper, use Samba's.

In future Samba versions this wrapper will be FIPS 140-2 compatible.

Fixes https://pagure.io/freeipa/issue/6697
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/570/head:pr570
git checkout pr570

From 73610344cab79f32a62b405ffb74d568c98226a3 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <aboko...@redhat.com>
Date: Fri, 10 Mar 2017 16:47:02 +0200
Subject: [PATCH] ipaserver/dcerpc.py: use arcfour_encrypt from samba

Samba Python bindings provide samba.arcfour_encrypt(key, data). Instead
of implementing own wrapper, use Samba's.

In future Samba versions this wrapper will be FIPS 140-2 compatible.

Fixes https://pagure.io/freeipa/issue/6697
---
 ipaserver/dcerpc.py | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index f00141b..2d9d7e5 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -44,11 +44,10 @@
 from samba.dcerpc import security, lsa, drsblobs, nbt, netlogon
 from samba.ndr import ndr_pack, ndr_print
 from samba import net
+from samba import arcfour_encrypt
 import samba
 # pylint: enable=import-error
 
-from cryptography.hazmat.primitives.ciphers import Cipher, algorithms
-from cryptography.hazmat.backends import default_backend
 import ldap as _ldap
 from ipapython import ipaldap
 from dns import resolver, rdatatype
@@ -168,13 +167,6 @@ def assess_dcerpc_exception(num=None, message=None):
     return errors.RemoteRetrieveError(reason=reason)
 
 
-def arcfour_encrypt(key, data):
-    algorithm = algorithms.ARC4(key)
-    cipher = Cipher(algorithm, mode=None, backend=default_backend())
-    encryptor = cipher.encryptor()
-    return encryptor.update(data)
-
-
 class ExtendedDNControl(LDAPControl):
     # This class attempts to implement LDAP control that would work
     # with both python-ldap 2.4.x and 2.3.x, thus there is mix of properties

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to