b6b438
From a9efbcf21a5dc8b8b8195916b8a5eaa03ccbf5a5 Mon Sep 17 00:00:00 2001
b6b438
From: Andreas Schneider <asn@samba.org>
b6b438
Date: Wed, 31 Jul 2019 15:42:26 +0200
b6b438
Subject: [PATCH 073/187] s4:rpc_server: Use generate_secret_buffer() for
b6b438
 netlogon challange
b6b438
b6b438
Signed-off-by: Andreas Schneider <asn@samba.org>
b6b438
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
b6b438
(cherry picked from commit a21770cfdffd2a21045a1bc87e489af0f4c6f130)
b6b438
---
b6b438
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 3 ++-
b6b438
 1 file changed, 2 insertions(+), 1 deletion(-)
b6b438
b6b438
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
b6b438
index ac745e32b02..f4e24b7fd7f 100644
b6b438
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
b6b438
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
b6b438
@@ -90,7 +90,8 @@ static NTSTATUS dcesrv_netr_ServerReqChallenge(struct dcesrv_call_state *dce_cal
b6b438
 
b6b438
 	pipe_state->client_challenge = *r->in.credentials;
b6b438
 
b6b438
-	generate_random_buffer(pipe_state->server_challenge.data,
b6b438
+	/* We need to use a CSPRNG which reseeds for generating session keys. */
b6b438
+	generate_secret_buffer(pipe_state->server_challenge.data,
b6b438
 			       sizeof(pipe_state->server_challenge.data));
b6b438
 
b6b438
 	*r->out.return_credentials = pipe_state->server_challenge;
b6b438
-- 
b6b438
2.23.0
b6b438