From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 16 Sep 2020 14:04:57 +0000 (+0200)
Subject: CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_random_challenge()
X-Git-Tag: samba-4.12.7~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e862b4ce5678ce19d7d529fd76cfc4e67195ed10;p=thirdparty%2Fsamba.git

CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_random_challenge()

It's good to have just a single isolated function that will generate
random challenges, in future we can add some logic in order to
avoid weak values, which are likely to be rejected by a server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index c541eeff470..46259f39306 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -33,6 +33,12 @@
 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
 
+void netlogon_creds_random_challenge(struct netr_Credential *challenge)
+{
+	ZERO_STRUCTP(challenge);
+	generate_random_buffer(challenge->data, sizeof(challenge->data));
+}
+
 static NTSTATUS netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds,
 					  const struct netr_Credential *in,
 					  struct netr_Credential *out)
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 88f4a7c6c50..396484a5437 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -13,6 +13,8 @@
 
 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/credentials.c  */
 
+void netlogon_creds_random_challenge(struct netr_Credential *challenge);
+
 NTSTATUS netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds,
 					  struct netr_LMSessionKey *key);
 NTSTATUS netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds,