From: Andreas Schneider <asn@samba.org>
Date: Wed, 3 Apr 2024 08:54:41 +0000 (+0200)
Subject: python: Use secrets.token_bytes instead of random
X-Git-Tag: tdb-1.4.11~1261
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=23e61d2cebc999bfdd68628f2140bc81b6633132;p=thirdparty%2Fsamba.git

python: Use secrets.token_bytes instead of random

random should not be used to create secure random numbers for tokens.
The secrets module is exactly for this.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/python/samba/lsa_utils.py b/python/samba/lsa_utils.py
index 0fc8f418edb..f2ac8931c2b 100644
--- a/python/samba/lsa_utils.py
+++ b/python/samba/lsa_utils.py
@@ -22,8 +22,8 @@ from samba import NTSTATUSError, arcfour_encrypt, string_to_byte_array
 from samba.ntstatus import (
     NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE
 )
-import random
 from samba import crypto
+from secrets import token_bytes
 
 
 def OpenPolicyFallback(
@@ -76,9 +76,7 @@ def CreateTrustedDomainRelax(
 ):
 
     def generate_AuthInfoInternal(session_key, incoming=None, outgoing=None):
-        confounder = [0] * 512
-        for i in range(len(confounder)):
-            confounder[i] = random.randint(0, 255)
+        confounder = string_to_byte_array(token_bytes(512))
 
         trustpass = drsblobs.trustDomainPasswords()