mirror of
https://github.com/samba-team/samba.git
synced 2025-01-22 22:04:08 +03:00
36a2ee20bc
Implement a small Python module that exposes arcfour_crypt_blob() function widely used in Samba C code. When Samba Python bindings are used to call LSA CreateTrustedDomainEx2, there is a need to encrypt trusted credentials with RC4 cipher. Current Samba Python code relies on Python runtime to provide RC4 cipher. However, in FIPS 140-2 mode system crypto libraries do not provide access RC4 cipher at all. According to Microsoft dochelp team, Windows is treating AuthenticationInformation blob encryption as 'plain text' in terms of FIPS 140-2, thus doing application-level encryption. Replace samba.arcfour_encrypt() implementation with a call to samba.crypto.arcfour_crypt_blob(). Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Simo Sorce <idra@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Mar 15 01:30:24 CET 2017 on sn-devel-144 (cherry picked from commit bbeef554f2c15e739f6095fcb57d9ef6646b411c) BUG: https://bugzilla.samba.org/show_bug.cgi?id=12690 Include samba.crypto Python module to 4.6