sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-27 22:50:26 +03:00
Code

auth/credentials: Add get_aes256_key()

Browse Source 
This makes it possible to generate AES256 keys in Python from a given
password and salt.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2022-05-09 14:37:58 +12:00 committed by Andrew Bartlett
parent 0d9835e1e4
commit f33aa94c9e
1 changed files with 56 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
auth/credentials/pycredentials.c
View File

@ -937,6 +937,54 @@ static PyObject *py_creds_get_secure_channel_type(PyObject *self, PyObject *args
return PyLong_FromLong(channel_type);
}
static PyObject *py_creds_get_aes256_key(PyObject *self, PyObject *args)
{
struct loadparm_context *lp_ctx = NULL;
TALLOC_CTX *mem_ctx = NULL;
PyObject *py_lp_ctx = Py_None;
const char *salt = NULL;
DATA_BLOB aes_256;
int code;
PyObject *ret = NULL;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "s|O", &salt, &py_lp_ctx))
return NULL;
mem_ctx = talloc_new(NULL);
if (mem_ctx == NULL) {
PyErr_NoMemory();
return NULL;
}
lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
if (lp_ctx == NULL) {
talloc_free(mem_ctx);
return NULL;
}
code = cli_credentials_get_aes256_key(creds,
mem_ctx,
lp_ctx,
salt,
&aes_256);
if (code != 0) {
PyErr_SetString(PyExc_RuntimeError,
"Failed to generate AES256 key");
talloc_free(mem_ctx);
return NULL;
}
ret = PyBytes_FromStringAndSize((const char *)aes_256.data,
aes_256.length);
talloc_free(mem_ctx);
return ret;
}
static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
PyObject *args)
{
@ -1417,6 +1465,14 @@ static PyMethodDef py_creds_methods[] = {
.ml_meth = py_creds_get_secure_channel_type,
.ml_flags = METH_VARARGS,
},
{
.ml_name = "get_aes256_key",
.ml_meth = py_creds_get_aes256_key,
.ml_flags = METH_VARARGS,
.ml_doc = "S.get_aes256_key(salt[, lp]) -> bytes\n"
"Generate an AES256 key using the current password and\n"
"the specified salt",
},
{
.ml_name = "encrypt_netr_crypt_password",
.ml_meth = py_creds_encrypt_netr_crypt_password,