URL: https://github.com/freeipa/freeipa/pull/570 Author: abbra Title: #570: ipaserver/dcerpc.py: use arcfour_encrypt from samba Action: opened
PR body: """ Samba Python bindings provide samba.arcfour_encrypt(key, data). Instead of implementing own wrapper, use Samba's. In future Samba versions this wrapper will be FIPS 140-2 compatible. Fixes https://pagure.io/freeipa/issue/6697 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/570/head:pr570 git checkout pr570
From 73610344cab79f32a62b405ffb74d568c98226a3 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <aboko...@redhat.com> Date: Fri, 10 Mar 2017 16:47:02 +0200 Subject: [PATCH] ipaserver/dcerpc.py: use arcfour_encrypt from samba Samba Python bindings provide samba.arcfour_encrypt(key, data). Instead of implementing own wrapper, use Samba's. In future Samba versions this wrapper will be FIPS 140-2 compatible. Fixes https://pagure.io/freeipa/issue/6697 --- ipaserver/dcerpc.py | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index f00141b..2d9d7e5 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -44,11 +44,10 @@ from samba.dcerpc import security, lsa, drsblobs, nbt, netlogon from samba.ndr import ndr_pack, ndr_print from samba import net +from samba import arcfour_encrypt import samba # pylint: enable=import-error -from cryptography.hazmat.primitives.ciphers import Cipher, algorithms -from cryptography.hazmat.backends import default_backend import ldap as _ldap from ipapython import ipaldap from dns import resolver, rdatatype @@ -168,13 +167,6 @@ def assess_dcerpc_exception(num=None, message=None): return errors.RemoteRetrieveError(reason=reason) -def arcfour_encrypt(key, data): - algorithm = algorithms.ARC4(key) - cipher = Cipher(algorithm, mode=None, backend=default_backend()) - encryptor = cipher.encryptor() - return encryptor.update(data) - - class ExtendedDNControl(LDAPControl): # This class attempts to implement LDAP control that would work # with both python-ldap 2.4.x and 2.3.x, thus there is mix of properties
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code