/[smeserver]/rpms/samba/sme10/samba-v4.6-lib-crypto-implement-samba.crypto-Python-module-for-.patch
ViewVC logotype

Annotation of /rpms/samba/sme10/samba-v4.6-lib-crypto-implement-samba.crypto-Python-module-for-.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Wed Aug 9 04:48:55 2023 UTC (14 months, 3 weeks ago) by jpp
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +0 -0 lines
FILE REMOVED
Initial import

1 jpp 1.1 From 8a696458dac335071d98f39dfd1380192fbe7733 Mon Sep 17 00:00:00 2001
2     From: Alexander Bokovoy <ab@samba.org>
3     Date: Fri, 10 Mar 2017 16:20:06 +0200
4     Subject: [PATCH] lib/crypto: implement samba.crypto Python module for RC4
5     MIME-Version: 1.0
6     Content-Type: text/plain; charset=UTF-8
7     Content-Transfer-Encoding: 8bit
8    
9     Implement a small Python module that exposes arcfour_crypt_blob()
10     function widely used in Samba C code.
11    
12     When Samba Python bindings are used to call LSA CreateTrustedDomainEx2,
13     there is a need to encrypt trusted credentials with RC4 cipher.
14    
15     Current Samba Python code relies on Python runtime to provide RC4
16     cipher. However, in FIPS 140-2 mode system crypto libraries do not
17     provide access RC4 cipher at all. According to Microsoft dochelp team,
18     Windows is treating AuthenticationInformation blob encryption as 'plain
19     text' in terms of FIPS 140-2, thus doing application-level encryption.
20    
21     Replace samba.arcfour_encrypt() implementation with a call to
22     samba.crypto.arcfour_crypt_blob().
23    
24     Signed-off-by: Alexander Bokovoy <ab@samba.org>
25     Reviewed-by: Simo Sorce <idra@samba.org>
26     Reviewed-by: Guenther Deschner <gd@samba.org>
27    
28     Autobuild-User(master): Günther Deschner <gd@samba.org>
29     Autobuild-Date(master): Wed Mar 15 01:30:24 CET 2017 on sn-devel-144
30    
31     (cherry picked from commit bbeef554f2c15e739f6095fcb57d9ef6646b411c)
32     ---
33     lib/crypto/py_crypto.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++++
34     lib/crypto/wscript_build | 7 ++++
35     python/samba/__init__.py | 16 ++-------
36     3 files changed, 99 insertions(+), 14 deletions(-)
37     create mode 100644 lib/crypto/py_crypto.c
38    
39     diff --git a/lib/crypto/py_crypto.c b/lib/crypto/py_crypto.c
40     new file mode 100644
41     index 0000000..bf7f9f4
42     --- /dev/null
43     +++ b/lib/crypto/py_crypto.c
44     @@ -0,0 +1,90 @@
45     +/*
46     + Unix SMB/CIFS implementation.
47     + Samba crypto functions
48     +
49     + Copyright (C) Alexander Bokovoy <ab@samba.org> 2017
50     +
51     + This program is free software; you can redistribute it and/or modify
52     + it under the terms of the GNU General Public License as published by
53     + the Free Software Foundation; either version 3 of the License, or
54     + (at your option) any later version.
55     +
56     + This program is distributed in the hope that it will be useful,
57     + but WITHOUT ANY WARRANTY; without even the implied warranty of
58     + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
59     + GNU General Public License for more details.
60     +
61     + You should have received a copy of the GNU General Public License
62     + along with this program. If not, see <http://www.gnu.org/licenses/>.
63     +*/
64     +
65     +#include <Python.h>
66     +#include "includes.h"
67     +#include "python/py3compat.h"
68     +#include "lib/crypto/arcfour.h"
69     +
70     +static PyObject *py_crypto_arcfour_crypt_blob(PyObject *module, PyObject *args, PyObject *kwargs)
71     +{
72     + DATA_BLOB data, key;
73     + PyObject *py_data, *py_key, *result;
74     + TALLOC_CTX *ctx;
75     +
76     + if (!PyArg_ParseTuple(args, "OO", &py_data, &py_key))
77     + return NULL;
78     +
79     + if (!PyBytes_Check(py_data)) {
80     + PyErr_Format(PyExc_TypeError, "bytes expected");
81     + return NULL;
82     + }
83     +
84     + if (!PyBytes_Check(py_key)) {
85     + PyErr_Format(PyExc_TypeError, "bytes expected");
86     + return NULL;
87     + }
88     +
89     + ctx = talloc_new(NULL);
90     +
91     + data.length = PyBytes_Size(py_data);
92     + data.data = talloc_memdup(ctx, PyBytes_AsString(py_data), data.length);
93     + if (!data.data) {
94     + talloc_free(ctx);
95     + return PyErr_NoMemory();
96     + }
97     +
98     + key.data = (uint8_t *)PyBytes_AsString(py_key);
99     + key.length = PyBytes_Size(py_key);
100     +
101     + arcfour_crypt_blob(data.data, data.length, &key);
102     +
103     + result = PyBytes_FromStringAndSize((const char*) data.data, data.length);
104     + talloc_free(ctx);
105     + return result;
106     +}
107     +
108     +
109     +static const char py_crypto_arcfour_crypt_blob_doc[] = "arcfour_crypt_blob(data, key)\n"
110     + "Encrypt the data with RC4 algorithm using the key";
111     +
112     +static PyMethodDef py_crypto_methods[] = {
113     + { "arcfour_crypt_blob", (PyCFunction)py_crypto_arcfour_crypt_blob, METH_VARARGS, py_crypto_arcfour_crypt_blob_doc },
114     + { NULL },
115     +};
116     +
117     +static struct PyModuleDef moduledef = {
118     + PyModuleDef_HEAD_INIT,
119     + .m_name = "crypto",
120     + .m_doc = "Crypto functions required for SMB",
121     + .m_size = -1,
122     + .m_methods = py_crypto_methods,
123     +};
124     +
125     +MODULE_INIT_FUNC(crypto)
126     +{
127     + PyObject *m;
128     +
129     + m = PyModule_Create(&moduledef);
130     + if (m == NULL)
131     + return NULL;
132     +
133     + return m;
134     +}
135     diff --git a/lib/crypto/wscript_build b/lib/crypto/wscript_build
136     index 7f94532..d1f152e 100644
137     --- a/lib/crypto/wscript_build
138     +++ b/lib/crypto/wscript_build
139     @@ -25,3 +25,10 @@ bld.SAMBA_SUBSYSTEM('TORTURE_LIBCRYPTO',
140     autoproto='test_proto.h',
141     deps='LIBCRYPTO'
142     )
143     +
144     +for env in bld.gen_python_environments():
145     + bld.SAMBA_PYTHON('python_crypto',
146     + source='py_crypto.c',
147     + deps='LIBCRYPTO',
148     + realname='samba/crypto.so'
149     + )
150     diff --git a/python/samba/__init__.py b/python/samba/__init__.py
151     index 19d5e38..fa4244a 100644
152     --- a/python/samba/__init__.py
153     +++ b/python/samba/__init__.py
154     @@ -371,20 +371,8 @@ def string_to_byte_array(string):
155     return blob
156    
157     def arcfour_encrypt(key, data):
158     - try:
159     - from Crypto.Cipher import ARC4
160     - c = ARC4.new(key)
161     - return c.encrypt(data)
162     - except ImportError as e:
163     - pass
164     - try:
165     - from M2Crypto.RC4 import RC4
166     - c = RC4(key)
167     - return c.update(data)
168     - except ImportError as e:
169     - pass
170     - raise Exception("arcfour_encrypt() requires " +
171     - "python*-crypto or python*-m2crypto or m2crypto")
172     + from samba.crypto import arcfour_crypt_blob
173     + return arcfour_crypt_blob(data, key)
174    
175     import _glue
176     version = _glue.version
177     --
178     2.9.3
179    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed