From a9efbcf21a5dc8b8b8195916b8a5eaa03ccbf5a5 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 31 Jul 2019 15:42:26 +0200
Subject: [PATCH 073/187] s4:rpc_server: Use generate_secret_buffer() for
 netlogon challange

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a21770cfdffd2a21045a1bc87e489af0f4c6f130)
---
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index ac745e32b02..f4e24b7fd7f 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -90,7 +90,8 @@ static NTSTATUS dcesrv_netr_ServerReqChallenge(struct dcesrv_call_state *dce_cal
 
 	pipe_state->client_challenge = *r->in.credentials;
 
-	generate_random_buffer(pipe_state->server_challenge.data,
+	/* We need to use a CSPRNG which reseeds for generating session keys. */
+	generate_secret_buffer(pipe_state->server_challenge.data,
 			       sizeof(pipe_state->server_challenge.data));
 
 	*r->out.return_credentials = pipe_state->server_challenge;
-- 
2.23.0