diff options
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-05-09 14:37:58 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2022-06-26 22:10:29 +0000 |
| commit | f33aa94c9ee26a44132feca8fc4c460f88a48ee2 (patch) | |
| tree | fe57f50e8108e42d93407f6b17ddbd679aa0b556 /auth | |
| parent | 0d9835e1e497d667ce49f00d5127d2231055793f (diff) | |
| download | samba-f33aa94c9ee26a44132feca8fc4c460f88a48ee2.tar.gz | |
auth/credentials: Add get_aes256_key()
This makes it possible to generate AES256 keys in Python from a given
password and salt.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth')
| -rw-r--r-- | auth/credentials/pycredentials.c | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c index b779f274b89..013d2958ea2 100644 --- a/auth/credentials/pycredentials.c +++ b/auth/credentials/pycredentials.c @@ -937,6 +937,54 @@ static PyObject *py_creds_get_secure_channel_type(PyObject *self, PyObject *args return PyLong_FromLong(channel_type); } +static PyObject *py_creds_get_aes256_key(PyObject *self, PyObject *args) +{ + struct loadparm_context *lp_ctx = NULL; + TALLOC_CTX *mem_ctx = NULL; + PyObject *py_lp_ctx = Py_None; + const char *salt = NULL; + DATA_BLOB aes_256; + int code; + PyObject *ret = NULL; + struct cli_credentials *creds = PyCredentials_AsCliCredentials(self); + if (creds == NULL) { + PyErr_Format(PyExc_TypeError, "Credentials expected"); + return NULL; + } + + if (!PyArg_ParseTuple(args, "s|O", &salt, &py_lp_ctx)) + return NULL; + + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + PyErr_NoMemory(); + return NULL; + } + + lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx); + if (lp_ctx == NULL) { + talloc_free(mem_ctx); + return NULL; + } + + code = cli_credentials_get_aes256_key(creds, + mem_ctx, + lp_ctx, + salt, + &aes_256); + if (code != 0) { + PyErr_SetString(PyExc_RuntimeError, + "Failed to generate AES256 key"); + talloc_free(mem_ctx); + return NULL; + } + + ret = PyBytes_FromStringAndSize((const char *)aes_256.data, + aes_256.length); + talloc_free(mem_ctx); + return ret; +} + static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self, PyObject *args) { @@ -1418,6 +1466,14 @@ static PyMethodDef py_creds_methods[] = { .ml_flags = METH_VARARGS, }, { + .ml_name = "get_aes256_key", + .ml_meth = py_creds_get_aes256_key, + .ml_flags = METH_VARARGS, + .ml_doc = "S.get_aes256_key(salt[, lp]) -> bytes\n" + "Generate an AES256 key using the current password and\n" + "the specified salt", + }, + { .ml_name = "encrypt_netr_crypt_password", .ml_meth = py_creds_encrypt_netr_crypt_password, .ml_flags = METH_VARARGS, |