diff options
| author | Stefan Metzmacher <metze@samba.org> | 2020-09-16 16:04:57 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2020-09-18 13:27:15 +0200 |
| commit | b57b6004db8ac9fef38227e67d1d77a237600f30 (patch) | |
| tree | d7c8bb71ab36b51d72ed725464c7db07a529ab6d | |
| parent | 45d4e54606743ad076987a33d28f6d4b9a59d9ba (diff) | |
| download | samba-b57b6004db8ac9fef38227e67d1d77a237600f30.tar.gz | |
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_random_challenge()
It's good to have just a single isolated function that will generate
random challenges, in future we can add some logic in order to
avoid weak values, which are likely to be rejected by a server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
| -rw-r--r-- | libcli/auth/credentials.c | 6 | ||||
| -rw-r--r-- | libcli/auth/proto.h | 2 |
2 files changed, 8 insertions, 0 deletions
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index c541eeff470..46259f39306 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -33,6 +33,12 @@ #include <gnutls/gnutls.h> #include <gnutls/crypto.h> +void netlogon_creds_random_challenge(struct netr_Credential *challenge) +{ + ZERO_STRUCTP(challenge); + generate_random_buffer(challenge->data, sizeof(challenge->data)); +} + static NTSTATUS netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds, const struct netr_Credential *in, struct netr_Credential *out) diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index 88f4a7c6c50..396484a5437 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -13,6 +13,8 @@ /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/credentials.c */ +void netlogon_creds_random_challenge(struct netr_Credential *challenge); + NTSTATUS netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key); NTSTATUS netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, |