python: Use secrets.token_bytes instead of random

random should not be used to create secure random numbers for tokens.
The secrets module is exactly for this.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/lsa_utils.py b/python/samba/lsa_utils.py
index 0fc8f418edbeeb4982b7a904206916baa3e5bad8..f2ac8931c2b35098aa538bab630fbb39afe53e54 100644 (file)
--- a/python/samba/lsa_utils.py
+++ b/python/samba/lsa_utils.py
@@ -22,8 +22,8 @@ from samba import NTSTATUSError, arcfour_encrypt, string_to_byte_array
 from samba.ntstatus import (
     NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE
 )
-import random
 from samba import crypto
+from secrets import token_bytes
 
 
 def OpenPolicyFallback(
@@ -76,9 +76,7 @@ def CreateTrustedDomainRelax(
 ):
 
     def generate_AuthInfoInternal(session_key, incoming=None, outgoing=None):
-        confounder = [0] * 512
-        for i in range(len(confounder)):
-            confounder[i] = random.randint(0, 255)
+        confounder = string_to_byte_array(token_bytes(512))
 
         trustpass = drsblobs.trustDomainPasswords()