The Samba-Bugzilla – Attachment 11807 Details for
Bug 11699
Crypto.Cipher.ARC4 is not available on some platforms
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch from master with cherry-pick information (for v4-3-test)
bug11699-v43.patch (text/plain), 12.67 KB, created by
Karolin Seeger
on 2016-02-04 11:13:27 UTC
(
hide
)
Description:
Patch from master with cherry-pick information (for v4-3-test)
Filename:
MIME Type:
Creator:
Karolin Seeger
Created:
2016-02-04 11:13:27 UTC
Size:
12.67 KB
patch
obsolete
>From 622c9f0935211fe48bd8adbea6eed5326aecf13c Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 28 Jan 2016 13:44:33 +0100 >Subject: [PATCH 1/6] python:samba: add a generic string_to_byte_array() helper > function > >We should avoid implementing this again and again. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11699 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >(cherry picked from commit 65127d16744763d0865ca9ce4d039866785e3fc7) >--- > python/samba/__init__.py | 8 ++++++++ > 1 file changed, 8 insertions(+) > >diff --git a/python/samba/__init__.py b/python/samba/__init__.py >index 84b0b1f..6adc412 100644 >--- a/python/samba/__init__.py >+++ b/python/samba/__init__.py >@@ -362,6 +362,14 @@ def dn_from_dns_name(dnsdomain): > def current_unix_time(): > return int(time.time()) > >+def string_to_byte_array(string): >+ blob = [0] * len(string) >+ >+ for i in range(len(string)): >+ blob[i] = ord(string[i]) >+ >+ return blob >+ > import _glue > version = _glue.version > interface_ips = _glue.interface_ips >-- >1.9.1 > > >From 722a18529636300caa96ddf9aa00f459a5e91a11 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 28 Jan 2016 13:52:44 +0100 >Subject: [PATCH 2/6] python:samba: add a generic arcfour_encrypt() helper > function > >This works with Crypto.Cipher.ARC4 (from python*-crypto) and >fallback to M2Crypto.RC4.RC4 (from [python*-]m2crypto). > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11699 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >(cherry picked from commit 078a7ae71081c24991bb34c818cc2c763eefad99) >--- > python/samba/__init__.py | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > >diff --git a/python/samba/__init__.py b/python/samba/__init__.py >index 6adc412..aaf335c 100644 >--- a/python/samba/__init__.py >+++ b/python/samba/__init__.py >@@ -370,6 +370,22 @@ def string_to_byte_array(string): > > return blob > >+def arcfour_encrypt(key, data): >+ try: >+ from Crypto.Cipher import ARC4 >+ c = ARC4.new(key) >+ return c.encrypt(data) >+ except ImportError as e: >+ pass >+ try: >+ from M2Crypto.RC4 import RC4 >+ c = RC4(key) >+ return c.update(data) >+ except ImportError as e: >+ pass >+ raise Exception("arcfour_encrypt() requires " + >+ "python*-crypto or python*-m2crypto or m2crypto") >+ > import _glue > version = _glue.version > interface_ips = _glue.interface_ips >-- >1.9.1 > > >From 72c6c9f52e624a84111e02c4515a2dd5c6bb1b70 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 28 Jan 2016 14:00:38 +0100 >Subject: [PATCH 3/6] python:samba/join.py: make use of the generic > arcfour_encrypt() and string_to_byte_array() functions > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11699 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >(cherry picked from commit d5423feb4b3d388d2de8e1745a8f1138b42b64f5) >--- > python/samba/join.py | 19 +++---------------- > 1 file changed, 3 insertions(+), 16 deletions(-) > >diff --git a/python/samba/join.py b/python/samba/join.py >index c356145..f71f3de 100644 >--- a/python/samba/join.py >+++ b/python/samba/join.py >@@ -20,7 +20,7 @@ > > from samba.auth import system_session > from samba.samdb import SamDB >-from samba import gensec, Ldb, drs_utils >+from samba import gensec, Ldb, drs_utils, arcfour_encrypt, string_to_byte_array > import ldb, samba, sys, uuid > from samba.ndr import ndr_pack > from samba.dcerpc import security, drsuapi, misc, nbt, lsa, drsblobs >@@ -944,19 +944,6 @@ class dc_join(object): > def join_setup_trusts(ctx): > """provision the local SAM.""" > >- def arcfour_encrypt(key, data): >- from Crypto.Cipher import ARC4 >- c = ARC4.new(key) >- return c.encrypt(data) >- >- def string_to_array(string): >- blob = [0] * len(string) >- >- for i in range(len(string)): >- blob[i] = ord(string[i]) >- >- return blob >- > print "Setup domain trusts with server %s" % ctx.server > binding_options = "" # why doesn't signing work here? w2k8r2 claims no session key > lsaconn = lsa.lsarpc("ncacn_np:%s[%s]" % (ctx.server, binding_options), >@@ -986,7 +973,7 @@ class dc_join(object): > except RuntimeError: > pass > >- password_blob = string_to_array(ctx.trustdom_pass.encode('utf-16-le')) >+ password_blob = string_to_byte_array(ctx.trustdom_pass.encode('utf-16-le')) > > clear_value = drsblobs.AuthInfoClear() > clear_value.size = len(password_blob) >@@ -1022,7 +1009,7 @@ class dc_join(object): > > auth_blob = lsa.DATA_BUF2() > auth_blob.size = len(encrypted_trustpass) >- auth_blob.data = string_to_array(encrypted_trustpass) >+ auth_blob.data = string_to_byte_array(encrypted_trustpass) > > auth_info = lsa.TrustDomainInfoAuthInfoInternal() > auth_info.auth_blob = auth_blob >-- >1.9.1 > > >From 242bec20290f818788906c3f7ac9de27a9bf25dd Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 28 Jan 2016 14:00:38 +0100 >Subject: [PATCH 4/6] python:samba/netcmd/domain: make use of the generic > arcfour_encrypt() and string_to_byte_array() functions > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11699 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >(cherry picked from commit 452234b7bcdee2e0e3df6e0500ff798062bc5b9e) >--- > python/samba/netcmd/domain.py | 23 +++++------------------ > 1 file changed, 5 insertions(+), 18 deletions(-) > >diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py >index f0710f2..119e8b2 100644 >--- a/python/samba/netcmd/domain.py >+++ b/python/samba/netcmd/domain.py >@@ -58,7 +58,7 @@ from samba.upgrade import upgrade_from_samba3 > from samba.drs_utils import ( > sendDsReplicaSync, drsuapi_connect, drsException, > sendRemoveDsServer) >- >+from samba import arcfour_encrypt, string_to_byte_array > > from samba.dsdb import ( > DS_DOMAIN_FUNCTION_2000, >@@ -2125,24 +2125,16 @@ class cmd_domain_trust_create(DomainTrustCommand): > password = None > self.outf.write("Sorry, passwords do not match.\n") > >- def string_to_array(string): >- blob = [0] * len(string) >- >- for i in range(len(string)): >- blob[i] = ord(string[i]) >- >- return blob >- > incoming_secret = None > outgoing_secret = None > remote_policy_access = lsa.LSA_POLICY_VIEW_LOCAL_INFORMATION > if create_location == "local": > if local_trust_info.trust_direction & lsa.LSA_TRUST_DIRECTION_INBOUND: > incoming_password = get_password("Incoming Trust") >- incoming_secret = string_to_array(incoming_password.encode('utf-16-le')) >+ incoming_secret = string_to_byte_array(incoming_password.encode('utf-16-le')) > if local_trust_info.trust_direction & lsa.LSA_TRUST_DIRECTION_OUTBOUND: > outgoing_password = get_password("Outgoing Trust") >- outgoing_secret = string_to_array(outgoing_password.encode('utf-16-le')) >+ outgoing_secret = string_to_byte_array(outgoing_password.encode('utf-16-le')) > > remote_trust_info = None > else: >@@ -2167,7 +2159,7 @@ class cmd_domain_trust_create(DomainTrustCommand): > # > # We can remove this once our client libraries > # support using the correct NTHASH. >- return string_to_array(pw1.encode('utf-16-le')) >+ return string_to_byte_array(pw1.encode('utf-16-le')) > > # We mix characters from generate_random_password > # with random numbers from random.randint() >@@ -2320,11 +2312,6 @@ class cmd_domain_trust_create(DomainTrustCommand): > except RuntimeError as error: > raise self.RemoteRuntimeError(self, error, "failed to get netlogon dc info") > >- def arcfour_encrypt(key, data): >- from Crypto.Cipher import ARC4 >- c = ARC4.new(key) >- return c.encrypt(data) >- > def generate_AuthInOutBlob(secret, update_time): > if secret is None: > blob = drsblobs.trustAuthInOutBlob() >@@ -2368,7 +2355,7 @@ class cmd_domain_trust_create(DomainTrustCommand): > > auth_blob = lsa.DATA_BUF2() > auth_blob.size = len(encrypted_trustpass) >- auth_blob.data = string_to_array(encrypted_trustpass) >+ auth_blob.data = string_to_byte_array(encrypted_trustpass) > > auth_info = lsa.TrustDomainInfoAuthInfoInternal() > auth_info.auth_blob = auth_blob >-- >1.9.1 > > >From 96d8cda55ed5db4e4dfdadb754fe8e03496aba86 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 28 Jan 2016 14:00:38 +0100 >Subject: [PATCH 5/6] s4:scripting/devel: make use of the generic > arcfour_encrypt() and string_to_byte_array() functions > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11699 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >(cherry picked from commit 8841b1e641e1b950c2f36b26db982473b73b9d3b) >--- > source4/scripting/devel/createtrust | 18 +++--------------- > 1 file changed, 3 insertions(+), 15 deletions(-) > >diff --git a/source4/scripting/devel/createtrust b/source4/scripting/devel/createtrust >index 7f1ba33..6c0de1c 100755 >--- a/source4/scripting/devel/createtrust >+++ b/source4/scripting/devel/createtrust >@@ -11,21 +11,9 @@ import samba > import samba.getopt as options > from samba.dcerpc import lsa, security, drsblobs > from samba.ndr import ndr_pack >+from samba import arcfour_encrypt, string_to_byte_array > import random > >-def arcfour_encrypt(key, data): >- from Crypto.Cipher import ARC4 >- c = ARC4.new(key) >- return c.encrypt(data) >- >-def string_to_array(string): >- blob = [0] * len(string) >- >- for i in range(len(string)): >- blob[i] = ord(string[i]) >- >- return blob >- > ########### main code ########### > if __name__ == "__main__": > parser = OptionParser("createtrust [options] server") >@@ -73,7 +61,7 @@ if __name__ == "__main__": > info.trust_type = lsa.LSA_TRUST_TYPE_UPLEVEL > info.trust_attributes = lsa.LSA_TRUST_ATTRIBUTE_WITHIN_FOREST > >- password_blob = string_to_array("password".encode('utf-16-le')) >+ password_blob = string_to_byte_array("password".encode('utf-16-le')) > > clear_value = drsblobs.AuthInfoClear() > clear_value.size = len(password_blob) >@@ -123,7 +111,7 @@ if __name__ == "__main__": > > auth_blob = lsa.DATA_BUF2() > auth_blob.size = len(encrypted_trustpass) >- auth_blob.data = string_to_array(encrypted_trustpass) >+ auth_blob.data = string_to_byte_array(encrypted_trustpass) > > auth_info = lsa.TrustDomainInfoAuthInfoInternal() > auth_info.auth_blob = auth_blob >-- >1.9.1 > > >From 7a3ec27a0b8191c880ceebdc320336e9de0b1ffe Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 28 Jan 2016 15:10:00 +0100 >Subject: [PATCH 6/6] python:tests/core: add tests for arcfour_encrypt() and > string_to_byte_array() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11699 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> > >Autobuild-User(master): Stefan Metzmacher <metze@samba.org> >Autobuild-Date(master): Wed Feb 3 11:42:29 CET 2016 on sn-devel-144 > >(cherry picked from commit 915185aa585a622d338698f847171972d1a15a21) >--- > python/samba/tests/core.py | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > >diff --git a/python/samba/tests/core.py b/python/samba/tests/core.py >index 8206e68..9dbaff1 100644 >--- a/python/samba/tests/core.py >+++ b/python/samba/tests/core.py >@@ -20,6 +20,7 @@ > import ldb > import os > import samba >+from samba import arcfour_encrypt, string_to_byte_array > from samba.tests import TestCase, TestCaseInTempDir > > class SubstituteVarTestCase(TestCase): >@@ -48,6 +49,21 @@ class SubstituteVarTestCase(TestCase): > self.assertRaises(Exception, samba.check_all_substituted, > "Not subsituted: ${FOOBAR}") > >+class ArcfourTestCase(TestCase): >+ >+ def test_arcfour_direct(self): >+ key = '12345678' >+ plain = 'abcdefghi' >+ crypt_expected = '\xda\x91Z\xb0l\xd7\xb9\xcf\x99' >+ crypt_calculated = arcfour_encrypt(key, plain) >+ self.assertEquals(crypt_expected, crypt_calculated) >+ >+class StringToByteArrayTestCase(TestCase): >+ >+ def test_byte_array(self): >+ expected = [218, 145, 90, 176, 108, 215, 185, 207, 153] >+ calculated = string_to_byte_array('\xda\x91Z\xb0l\xd7\xb9\xcf\x99') >+ self.assertEquals(expected, calculated) > > class LdbExtensionTests(TestCaseInTempDir): > >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review+
ab
:
review+
Actions:
View
Attachments on
bug 11699
:
11797
|
11806
| 11807