diff options
| author | Björn Jacke <bj@sernet.de> | 2019-07-04 20:38:50 +0200 |
|---|---|---|
| committer | Bjoern Jacke <bjacke@samba.org> | 2019-08-22 12:28:30 +0000 |
| commit | 436423162592a684d52634e6db05f20bce6a5362 (patch) | |
| tree | b0084a676c60488af037c33d2f3d1771de1768e2 /python | |
| parent | a7383889282d3b92a9c2eaded85a5ba20e828134 (diff) | |
| download | samba-436423162592a684d52634e6db05f20bce6a5362.tar.gz | |
python: use os.urandom, which is available in python by definition
os.urandom also uses CSPRNG methods like getrandom() when the underlying OS
provides those.
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'python')
| -rw-r--r-- | python/samba/netcmd/user.py | 41 |
1 files changed, 2 insertions, 39 deletions
diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py index 121050a26e6..e9f35f158e3 100644 --- a/python/samba/netcmd/user.py +++ b/python/samba/netcmd/user.py @@ -124,33 +124,6 @@ virtual_attributes = { }, } -get_random_bytes_fn = None -if get_random_bytes_fn is None: - try: - import Crypto.Random - get_random_bytes_fn = Crypto.Random.get_random_bytes - except ImportError as e: - pass -if get_random_bytes_fn is None: - try: - import M2Crypto.Rand - get_random_bytes_fn = M2Crypto.Rand.rand_bytes - except ImportError as e: - pass - - -def check_random(): - if get_random_bytes_fn is not None: - return None - return "Crypto.Random or M2Crypto.Rand required" - - -def get_random_bytes(num): - random_reason = check_random() - if random_reason is not None: - raise ImportError(random_reason) - return get_random_bytes_fn(num) - def get_crypt_value(alg, utf8pw, rounds=0): algs = { @@ -158,7 +131,7 @@ def get_crypt_value(alg, utf8pw, rounds=0): "6": {"length": 86}, } assert alg in algs - salt = get_random_bytes(16) + salt = os.urandom(16) # The salt needs to be in [A-Za-z0-9./] # base64 is close enough and as we had 16 # random bytes but only need 16 characters @@ -203,9 +176,6 @@ def get_rounds(options): try: - random_reason = check_random() - if random_reason is not None: - raise ImportError(random_reason) import hashlib h = hashlib.sha1() h = None @@ -213,8 +183,6 @@ try: } except ImportError as e: reason = "hashlib.sha1()" - if random_reason: - reason += " and " + random_reason reason += " required" disabled_virtual_attributes["virtualSSHA"] = { "reason": reason, @@ -222,9 +190,6 @@ except ImportError as e: for (alg, attr) in [("5", "virtualCryptSHA256"), ("6", "virtualCryptSHA512")]: try: - random_reason = check_random() - if random_reason is not None: - raise ImportError(random_reason) import crypt v = get_crypt_value(alg, "") v = None @@ -232,8 +197,6 @@ for (alg, attr) in [("5", "virtualCryptSHA256"), ("6", "virtualCryptSHA512")]: } except ImportError as e: reason = "crypt" - if random_reason: - reason += " and " + random_reason reason += " required" disabled_virtual_attributes[attr] = { "reason": reason, @@ -1307,7 +1270,7 @@ class GetPasswordCommand(Command): u8 = get_utf8(a, b, username or account_name) if u8 is None: continue - salt = get_random_bytes(4) + salt = os.urandom(4) h = hashlib.sha1() h.update(u8) h.update(salt) |