diff options
author | Stefan Metzmacher <metze@samba.org> | 2020-09-16 16:04:57 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2020-09-18 12:48:38 +0000 |
commit | b813cdcac377210c3ab18e0d0a0c1a76870b1d74 (patch) | |
tree | e0b7579f45d09e26bd66d60ef7205ff28a9a5877 /libcli | |
parent | 380938b00fb9fdb5b100e77000a059199695f43a (diff) | |
download | samba-b813cdcac377210c3ab18e0d0a0c1a76870b1d74.tar.gz |
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_random_challenge()
It's good to have just a single isolated function that will generate
random challenges, in future we can add some logic in order to
avoid weak values, which are likely to be rejected by a server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'libcli')
-rw-r--r-- | libcli/auth/credentials.c | 6 | ||||
-rw-r--r-- | libcli/auth/proto.h | 2 |
2 files changed, 8 insertions, 0 deletions
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index c541eeff470..46259f39306 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -33,6 +33,12 @@ #include <gnutls/gnutls.h> #include <gnutls/crypto.h> +void netlogon_creds_random_challenge(struct netr_Credential *challenge) +{ + ZERO_STRUCTP(challenge); + generate_random_buffer(challenge->data, sizeof(challenge->data)); +} + static NTSTATUS netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds, const struct netr_Credential *in, struct netr_Credential *out) diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index 88f4a7c6c50..396484a5437 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -13,6 +13,8 @@ /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/credentials.c */ +void netlogon_creds_random_challenge(struct netr_Credential *challenge); + NTSTATUS netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key); NTSTATUS netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, |