| Server IP : 23.254.227.96 / Your IP : 216.73.216.7 Web Server : Apache/2.4.62 (Unix) OpenSSL/1.1.1k System : Linux hwsrv-1277026.hostwindsdns.com 4.18.0-477.13.1.el8_8.x86_64 #1 SMP Tue May 30 14:53:41 EDT 2023 x86_64 User : viralblo ( 1001) PHP Version : 8.1.31 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /usr/share/crypto-policies/python/policygenerators/ |
Upload File : |
# SPDX-License-Identifier: LGPL-2.1-or-later
# Copyright (c) 2019 Red Hat, Inc.
# Copyright (c) 2019 Tomáš Mráz <tmraz@fedoraproject.org>
from .configgenerator import ConfigGenerator
class KRB5Generator(ConfigGenerator):
CONFIG_NAME = 'krb5'
SCOPES = {'kerberos', 'krb5'}
cipher_map = {
'AES-256-CTR':'',
'AES-128-CTR':'',
'AES-256-GCM':'',
'AES-256-CCM':'',
'CHACHA20-POLY1305':'',
'CAMELLIA-256-GCM':'',
'AES-128-GCM':'',
'AES-128-CCM':'',
'CAMELLIA-128-GCM':'',
'AES-256-CBC':'aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192',
'AES-128-CBC':'aes128-cts-hmac-sha1-96 aes128-cts-hmac-sha256-128',
'CAMELLIA-256-CBC':'camellia256-cts-cmac',
'CAMELLIA-128-CBC':'camellia128-cts-cmac',
'RC4-128':'arcfour-hmac-md5',
'DES-CBC':'',
'CAMELLIA-128-CTS':'camellia128-cts-cmac',
'3DES-CBC':''
}
@classmethod
def generate_config(cls, policy):
p = policy.enabled
sep = ' '
cfg = '[libdefaults]\n'
cfg += 'permitted_enctypes = '
s = ''
for i in p['cipher']:
try:
s = cls.append(s, cls.cipher_map[i], sep)
except KeyError:
pass
if 'RC4-128' in p['cipher'] and 'MD5' in p['hash']:
s = cls.append(s, 'arcfour-hmac-md5', sep)
cfg += s + '\n'
# By default libkrb5 sets the min_bits to 2048, don't
# go lower than that.
if policy.integers['min_dh_size'] > 2048:
# $string .= "pkinit_dh_min_bits=$min_dh_size\n";
# krb5.conf only accepts 2048 or 4096
cfg += 'pkinit_dh_min_bits=4096\n'
return cfg
@classmethod
def test_config(cls, config): # pylint: disable=unused-argument
return True