Attachment 11807 Details for Bug 11699 – Patch from master with cherry-pick information (for v4-3-test)

[patch] Patch from master with cherry-pick information (for v4-3-test)

bug11699-v43.patch (text/plain), 12.67 KB, created by Karolin Seeger on 2016-02-04 11:13:27 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Karolin Seeger

Created: 2016-02-04 11:13:27 UTC

Size: 12.67 KB

patch

obsolete

>From 622c9f0935211fe48bd8adbea6eed5326aecf13c Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Thu, 28 Jan 2016 13:44:33 +0100
>Subject: [PATCH 1/6] python:samba: add a generic string_to_byte_array() helper
> function
>
>We should avoid implementing this again and again.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=11699
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Alexander Bokovoy <ab@samba.org>
>(cherry picked from commit 65127d16744763d0865ca9ce4d039866785e3fc7)
>---
> python/samba/__init__.py | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
>diff --git a/python/samba/__init__.py b/python/samba/__init__.py
>index 84b0b1f..6adc412 100644
>--- a/python/samba/__init__.py
>+++ b/python/samba/__init__.py
>@@ -362,6 +362,14 @@ def dn_from_dns_name(dnsdomain):
> def current_unix_time():
>     return int(time.time())
> 
>+def string_to_byte_array(string):
>+    blob = [0] * len(string)
>+
>+    for i in range(len(string)):
>+        blob[i] = ord(string[i])
>+
>+    return blob
>+
> import _glue
> version = _glue.version
> interface_ips = _glue.interface_ips
>-- 
>1.9.1
>
>
>From 722a18529636300caa96ddf9aa00f459a5e91a11 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Thu, 28 Jan 2016 13:52:44 +0100
>Subject: [PATCH 2/6] python:samba: add a generic arcfour_encrypt() helper
> function
>
>This works with Crypto.Cipher.ARC4 (from python*-crypto) and
>fallback to M2Crypto.RC4.RC4 (from [python*-]m2crypto).
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=11699
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Alexander Bokovoy <ab@samba.org>
>(cherry picked from commit 078a7ae71081c24991bb34c818cc2c763eefad99)
>---
> python/samba/__init__.py | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
>diff --git a/python/samba/__init__.py b/python/samba/__init__.py
>index 6adc412..aaf335c 100644
>--- a/python/samba/__init__.py
>+++ b/python/samba/__init__.py
>@@ -370,6 +370,22 @@ def string_to_byte_array(string):
> 
>     return blob
> 
>+def arcfour_encrypt(key, data):
>+    try:
>+        from Crypto.Cipher import ARC4
>+        c = ARC4.new(key)
>+        return c.encrypt(data)
>+    except ImportError as e:
>+        pass
>+    try:
>+        from M2Crypto.RC4 import RC4
>+        c = RC4(key)
>+        return c.update(data)
>+    except ImportError as e:
>+        pass
>+    raise Exception("arcfour_encrypt() requires " +
>+                    "python*-crypto or python*-m2crypto or m2crypto")
>+
> import _glue
> version = _glue.version
> interface_ips = _glue.interface_ips
>-- 
>1.9.1
>
>
>From 72c6c9f52e624a84111e02c4515a2dd5c6bb1b70 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Thu, 28 Jan 2016 14:00:38 +0100
>Subject: [PATCH 3/6] python:samba/join.py: make use of the generic
> arcfour_encrypt() and string_to_byte_array() functions
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=11699
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Alexander Bokovoy <ab@samba.org>
>(cherry picked from commit d5423feb4b3d388d2de8e1745a8f1138b42b64f5)
>---
> python/samba/join.py | 19 +++----------------
> 1 file changed, 3 insertions(+), 16 deletions(-)
>
>diff --git a/python/samba/join.py b/python/samba/join.py
>index c356145..f71f3de 100644
>--- a/python/samba/join.py
>+++ b/python/samba/join.py
>@@ -20,7 +20,7 @@
> 
> from samba.auth import system_session
> from samba.samdb import SamDB
>-from samba import gensec, Ldb, drs_utils
>+from samba import gensec, Ldb, drs_utils, arcfour_encrypt, string_to_byte_array
> import ldb, samba, sys, uuid
> from samba.ndr import ndr_pack
> from samba.dcerpc import security, drsuapi, misc, nbt, lsa, drsblobs
>@@ -944,19 +944,6 @@ class dc_join(object):
>     def join_setup_trusts(ctx):
>         """provision the local SAM."""
> 
>-        def arcfour_encrypt(key, data):
>-            from Crypto.Cipher import ARC4
>-            c = ARC4.new(key)
>-            return c.encrypt(data)
>-
>-        def string_to_array(string):
>-            blob = [0] * len(string)
>-
>-            for i in range(len(string)):
>-                blob[i] = ord(string[i])
>-
>-            return blob
>-
>         print "Setup domain trusts with server %s" % ctx.server
>         binding_options = ""  # why doesn't signing work here? w2k8r2 claims no session key
>         lsaconn = lsa.lsarpc("ncacn_np:%s[%s]" % (ctx.server, binding_options),
>@@ -986,7 +973,7 @@ class dc_join(object):
>         except RuntimeError:
>             pass
> 
>-        password_blob = string_to_array(ctx.trustdom_pass.encode('utf-16-le'))
>+        password_blob = string_to_byte_array(ctx.trustdom_pass.encode('utf-16-le'))
> 
>         clear_value = drsblobs.AuthInfoClear()
>         clear_value.size = len(password_blob)
>@@ -1022,7 +1009,7 @@ class dc_join(object):
> 
>         auth_blob = lsa.DATA_BUF2()
>         auth_blob.size = len(encrypted_trustpass)
>-        auth_blob.data = string_to_array(encrypted_trustpass)
>+        auth_blob.data = string_to_byte_array(encrypted_trustpass)
> 
>         auth_info = lsa.TrustDomainInfoAuthInfoInternal()
>         auth_info.auth_blob = auth_blob
>-- 
>1.9.1
>
>
>From 242bec20290f818788906c3f7ac9de27a9bf25dd Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Thu, 28 Jan 2016 14:00:38 +0100
>Subject: [PATCH 4/6] python:samba/netcmd/domain: make use of the generic
> arcfour_encrypt() and string_to_byte_array() functions
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=11699
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Alexander Bokovoy <ab@samba.org>
>(cherry picked from commit 452234b7bcdee2e0e3df6e0500ff798062bc5b9e)
>---
> python/samba/netcmd/domain.py | 23 +++++------------------
> 1 file changed, 5 insertions(+), 18 deletions(-)
>
>diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
>index f0710f2..119e8b2 100644
>--- a/python/samba/netcmd/domain.py
>+++ b/python/samba/netcmd/domain.py
>@@ -58,7 +58,7 @@ from samba.upgrade import upgrade_from_samba3
> from samba.drs_utils import (
>                             sendDsReplicaSync, drsuapi_connect, drsException,
>                             sendRemoveDsServer)
>-
>+from samba import arcfour_encrypt, string_to_byte_array
> 
> from samba.dsdb import (
>     DS_DOMAIN_FUNCTION_2000,
>@@ -2125,24 +2125,16 @@ class cmd_domain_trust_create(DomainTrustCommand):
>                     password = None
>                     self.outf.write("Sorry, passwords do not match.\n")
> 
>-        def string_to_array(string):
>-            blob = [0] * len(string)
>-
>-            for i in range(len(string)):
>-                blob[i] = ord(string[i])
>-
>-            return blob
>-
>         incoming_secret = None
>         outgoing_secret = None
>         remote_policy_access = lsa.LSA_POLICY_VIEW_LOCAL_INFORMATION
>         if create_location == "local":
>             if local_trust_info.trust_direction & lsa.LSA_TRUST_DIRECTION_INBOUND:
>                 incoming_password = get_password("Incoming Trust")
>-                incoming_secret = string_to_array(incoming_password.encode('utf-16-le'))
>+                incoming_secret = string_to_byte_array(incoming_password.encode('utf-16-le'))
>             if local_trust_info.trust_direction & lsa.LSA_TRUST_DIRECTION_OUTBOUND:
>                 outgoing_password = get_password("Outgoing Trust")
>-                outgoing_secret = string_to_array(outgoing_password.encode('utf-16-le'))
>+                outgoing_secret = string_to_byte_array(outgoing_password.encode('utf-16-le'))
> 
>             remote_trust_info = None
>         else:
>@@ -2167,7 +2159,7 @@ class cmd_domain_trust_create(DomainTrustCommand):
>                     #
>                     # We can remove this once our client libraries
>                     # support using the correct NTHASH.
>-                    return string_to_array(pw1.encode('utf-16-le'))
>+                    return string_to_byte_array(pw1.encode('utf-16-le'))
> 
>                 # We mix characters from generate_random_password
>                 # with random numbers from random.randint()
>@@ -2320,11 +2312,6 @@ class cmd_domain_trust_create(DomainTrustCommand):
>             except RuntimeError as error:
>                 raise self.RemoteRuntimeError(self, error, "failed to get netlogon dc info")
> 
>-        def arcfour_encrypt(key, data):
>-            from Crypto.Cipher import ARC4
>-            c = ARC4.new(key)
>-            return c.encrypt(data)
>-
>         def generate_AuthInOutBlob(secret, update_time):
>             if secret is None:
>                 blob = drsblobs.trustAuthInOutBlob()
>@@ -2368,7 +2355,7 @@ class cmd_domain_trust_create(DomainTrustCommand):
> 
>             auth_blob = lsa.DATA_BUF2()
>             auth_blob.size = len(encrypted_trustpass)
>-            auth_blob.data = string_to_array(encrypted_trustpass)
>+            auth_blob.data = string_to_byte_array(encrypted_trustpass)
> 
>             auth_info = lsa.TrustDomainInfoAuthInfoInternal()
>             auth_info.auth_blob = auth_blob
>-- 
>1.9.1
>
>
>From 96d8cda55ed5db4e4dfdadb754fe8e03496aba86 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Thu, 28 Jan 2016 14:00:38 +0100
>Subject: [PATCH 5/6] s4:scripting/devel: make use of the generic
> arcfour_encrypt() and string_to_byte_array() functions
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=11699
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Alexander Bokovoy <ab@samba.org>
>(cherry picked from commit 8841b1e641e1b950c2f36b26db982473b73b9d3b)
>---
> source4/scripting/devel/createtrust | 18 +++---------------
> 1 file changed, 3 insertions(+), 15 deletions(-)
>
>diff --git a/source4/scripting/devel/createtrust b/source4/scripting/devel/createtrust
>index 7f1ba33..6c0de1c 100755
>--- a/source4/scripting/devel/createtrust
>+++ b/source4/scripting/devel/createtrust
>@@ -11,21 +11,9 @@ import samba
> import samba.getopt as options
> from samba.dcerpc import lsa, security, drsblobs
> from samba.ndr import ndr_pack
>+from samba import arcfour_encrypt, string_to_byte_array
> import random
> 
>-def arcfour_encrypt(key, data):
>-    from Crypto.Cipher import ARC4
>-    c = ARC4.new(key)
>-    return c.encrypt(data)
>-
>-def string_to_array(string):
>-    blob = [0] * len(string)
>-
>-    for i in range(len(string)):
>-        blob[i] = ord(string[i])
>-
>-    return blob
>-
> ########### main code ###########
> if __name__ == "__main__":
>     parser = OptionParser("createtrust [options] server")
>@@ -73,7 +61,7 @@ if __name__ == "__main__":
>     info.trust_type = lsa.LSA_TRUST_TYPE_UPLEVEL
>     info.trust_attributes = lsa.LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
> 
>-    password_blob = string_to_array("password".encode('utf-16-le'))
>+    password_blob = string_to_byte_array("password".encode('utf-16-le'))
> 
>     clear_value = drsblobs.AuthInfoClear()
>     clear_value.size = len(password_blob)
>@@ -123,7 +111,7 @@ if __name__ == "__main__":
> 
>     auth_blob = lsa.DATA_BUF2()
>     auth_blob.size = len(encrypted_trustpass)
>-    auth_blob.data = string_to_array(encrypted_trustpass)
>+    auth_blob.data = string_to_byte_array(encrypted_trustpass)
> 
>     auth_info = lsa.TrustDomainInfoAuthInfoInternal()
>     auth_info.auth_blob = auth_blob
>-- 
>1.9.1
>
>
>From 7a3ec27a0b8191c880ceebdc320336e9de0b1ffe Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Thu, 28 Jan 2016 15:10:00 +0100
>Subject: [PATCH 6/6] python:tests/core: add tests for arcfour_encrypt() and
> string_to_byte_array()
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=11699
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Alexander Bokovoy <ab@samba.org>
>
>Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
>Autobuild-Date(master): Wed Feb  3 11:42:29 CET 2016 on sn-devel-144
>
>(cherry picked from commit 915185aa585a622d338698f847171972d1a15a21)
>---
> python/samba/tests/core.py | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
>diff --git a/python/samba/tests/core.py b/python/samba/tests/core.py
>index 8206e68..9dbaff1 100644
>--- a/python/samba/tests/core.py
>+++ b/python/samba/tests/core.py
>@@ -20,6 +20,7 @@
> import ldb
> import os
> import samba
>+from samba import arcfour_encrypt, string_to_byte_array
> from samba.tests import TestCase, TestCaseInTempDir
> 
> class SubstituteVarTestCase(TestCase):
>@@ -48,6 +49,21 @@ class SubstituteVarTestCase(TestCase):
>         self.assertRaises(Exception, samba.check_all_substituted,
>                 "Not subsituted: ${FOOBAR}")
> 
>+class ArcfourTestCase(TestCase):
>+
>+    def test_arcfour_direct(self):
>+        key = '12345678'
>+        plain = 'abcdefghi'
>+        crypt_expected = '\xda\x91Z\xb0l\xd7\xb9\xcf\x99'
>+        crypt_calculated = arcfour_encrypt(key, plain)
>+        self.assertEquals(crypt_expected, crypt_calculated)
>+
>+class StringToByteArrayTestCase(TestCase):
>+
>+    def test_byte_array(self):
>+        expected = [218, 145, 90, 176, 108, 215, 185, 207, 153]
>+        calculated = string_to_byte_array('\xda\x91Z\xb0l\xd7\xb9\xcf\x99')
>+        self.assertEquals(expected, calculated)
> 
> class LdbExtensionTests(TestCaseInTempDir):
> 
>-- 
>1.9.1
>

Flags:

metze: review+
ab: review+

Actions: View

Attachments on bug 11699: 11797 | 11806 | 11807