s4:rpc_server: Use generate_secret_buffer() for backupkey wap_key

Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Andreas Schneider <asn@samba.org> 2019-07-31 15:41:29 +0200
committer: Andreas Schneider <asn@cryptomilk.org> 2019-08-12 09:23:40 +0000
commit: 5a62056b4530e4c509444be9164a1fca1dce193f (patch)
tree: 98316700c4454403c1d608cc145dc42162bf5c7c /source4
parent: 4b2480518bd3887be3a6cfb713523ac084e09fd5 (diff)
download: samba-5a62056b4530e4c509444be9164a1fca1dce193f.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index a826ae083f4..d192858e468 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -1263,7 +1263,8 @@ static WERROR generate_bkrp_server_wrap_key(TALLOC_CTX *ctx, struct ldb_context
 	char *secret_name;
 	TALLOC_CTX *frame = talloc_stackframe();
 
-	generate_random_buffer(wrap_key.key, sizeof(wrap_key.key));
+	/* We need to use a CSPRNG which reseeds for generating session keys. */
+	generate_secret_buffer(wrap_key.key, sizeof(wrap_key.key));
 
 	ndr_err = ndr_push_struct_blob(&blob_wrap_key, ctx, &wrap_key, (ndr_push_flags_fn_t)ndr_push_bkrp_dc_serverwrap_key);
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
author	Andreas Schneider <asn@samba.org>	2019-07-31 15:41:29 +0200
committer	Andreas Schneider <asn@cryptomilk.org>	2019-08-12 09:23:40 +0000
commit	5a62056b4530e4c509444be9164a1fca1dce193f (patch)
tree	98316700c4454403c1d608cc145dc42162bf5c7c /source4
parent	4b2480518bd3887be3a6cfb713523ac084e09fd5 (diff)
download	samba-5a62056b4530e4c509444be9164a1fca1dce193f.tar.gz