ipaserver/dcerpc.py: use arcfour_encrypt from samba

Samba Python bindings provide samba.arcfour_encrypt(key, data). Instead of implementing own wrapper, use Samba's. In future Samba versions this wrapper will be FIPS 140-2 compatible. Fixes https://pagure.io/freeipa/issue/6697 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-03-10 16:47:02 +02:00 · 2017-03-10 16:47:02 +02:00 · 7657754e02
commit 7657754e02
parent 5d3a0e6758
1 changed files with 1 additions and 9 deletions
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@ -44,11 +44,10 @@ from samba import credentials
 from samba.dcerpc import security, lsa, drsblobs, nbt, netlogon
 from samba.ndr import ndr_pack, ndr_print
 from samba import net
+from samba import arcfour_encrypt
 import samba
 # pylint: enable=import-error

-from cryptography.hazmat.primitives.ciphers import Cipher, algorithms
-from cryptography.hazmat.backends import default_backend
 import ldap as _ldap
 from ipapython import ipaldap
 from dns import resolver, rdatatype
@ -168,13 +167,6 @@ def assess_dcerpc_exception(num=None, message=None):
    return errors.RemoteRetrieveError(reason=reason)


-def arcfour_encrypt(key, data):
-    algorithm = algorithms.ARC4(key)
-    cipher = Cipher(algorithm, mode=None, backend=default_backend())
-    encryptor = cipher.encryptor()
-    return encryptor.update(data)
-
-
 class ExtendedDNControl(LDAPControl):
    # This class attempts to implement LDAP control that would work
    # with both python-ldap 2.4.x and 2.3.x, thus there is mix of properties