From 7657754e02a5fa62265327937a6c7fd19b381610 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Fri, 10 Mar 2017 16:47:02 +0200
Subject: [PATCH] ipaserver/dcerpc.py: use arcfour_encrypt from samba

Samba Python bindings provide samba.arcfour_encrypt(key, data). Instead
of implementing own wrapper, use Samba's.

In future Samba versions this wrapper will be FIPS 140-2 compatible.

Fixes https://pagure.io/freeipa/issue/6697

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
---
 ipaserver/dcerpc.py | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index f00141bb5..2d9d7e557 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -44,11 +44,10 @@ from samba import credentials
 from samba.dcerpc import security, lsa, drsblobs, nbt, netlogon
 from samba.ndr import ndr_pack, ndr_print
 from samba import net
+from samba import arcfour_encrypt
 import samba
 # pylint: enable=import-error
 
-from cryptography.hazmat.primitives.ciphers import Cipher, algorithms
-from cryptography.hazmat.backends import default_backend
 import ldap as _ldap
 from ipapython import ipaldap
 from dns import resolver, rdatatype
@@ -168,13 +167,6 @@ def assess_dcerpc_exception(num=None, message=None):
     return errors.RemoteRetrieveError(reason=reason)
 
 
-def arcfour_encrypt(key, data):
-    algorithm = algorithms.ARC4(key)
-    cipher = Cipher(algorithm, mode=None, backend=default_backend())
-    encryptor = cipher.encryptor()
-    return encryptor.update(data)
-
-
 class ExtendedDNControl(LDAPControl):
     # This class attempts to implement LDAP control that would work
     # with both python-ldap 2.4.x and 2.3.x, thus there is mix of properties