CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_random_challenge()

It's good to have just a single isolated function that will generate
random challenges, in future we can add some logic in order to
avoid weak values, which are likely to be rejected by a server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index b6c8ba281bab491e815c4be76c8d574c18c5c74f..dbbef9e7a3ce979e15324b969ce4ca436bd8ecbb 100644 (file)
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -26,9 +26,17 @@
 #include "libcli/auth/libcli_auth.h"
 #include "../libcli/security/dom_sid.h"
 
+
+void netlogon_creds_random_challenge(struct netr_Credential *challenge)
+{
+       ZERO_STRUCTP(challenge);
+       generate_random_buffer(challenge->data, sizeof(challenge->data));
+}
+
 static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds,
                                      const struct netr_Credential *in,
                                      struct netr_Credential *out)
+
 {
        if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
                AES_KEY key;

diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 82febe74440add3600e4797d8a7504b863136b74..82797d453ed670e383424a06fec0a7f7e77f41eb 100644 (file)
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -11,6 +11,8 @@
 
 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/credentials.c  */
 
+void netlogon_creds_random_challenge(struct netr_Credential *challenge);
+
 void netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key);
 void netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key);
 void netlogon_creds_des_encrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass);