r7676: Make VUID and TID choice random, as this gives us protection against

replay attacks under SMB signing, where the session key is a fixed
derivitive of the user's password.

This removes the VID offset, but I'm not worried about random client
bytes mattering here, given the space (and the fact that it applies to
very, very old clients).

Andrew Bartlett
(This used to be commit eb1d37c5a91a6bc4515469e1ae026d28c12d7149)

2 files changed, 2 insertions, 2 deletions

diff --git a/source4/smb_server/conn.c b/source4/smb_server/conn.c
index 6ca8e4286c..dfc310a161 100644
--- a/source4/smb_server/conn.c
+++ b/source4/smb_server/conn.c
@@ -73,7 +73,7 @@ struct smbsrv_tcon *smbsrv_tcon_new(struct smbsrv_connection *smb_conn)
 	tcon = talloc_zero(smb_conn, struct smbsrv_tcon);
 	if (!tcon) return NULL;
 
-	i = idr_get_new(smb_conn->tree.idtree_tid, tcon, UINT16_MAX);
+	i = idr_get_new_random(smb_conn->tree.idtree_tid, tcon, UINT16_MAX);
 	if (i == -1) {
 		DEBUG(1,("ERROR! Out of connection structures\n"));	       
 		return NULL;
diff --git a/source4/smb_server/session.c b/source4/smb_server/session.c
index bc2ac5fcb7..d7b7f22cd8 100644
--- a/source4/smb_server/session.c
+++ b/source4/smb_server/session.c
@@ -115,7 +115,7 @@ struct smbsrv_session *smbsrv_register_session(struct smbsrv_connection *smb_con
 
 	ZERO_STRUCTP(sess);
 
-	i = idr_get_new_above(smb_conn->sessions.idtree_vuid, sess, VUID_OFFSET, UINT16_MAX);
+	i = idr_get_new_random(smb_conn->sessions.idtree_vuid, sess, UINT16_MAX);
 	if (i == -1) {
 		DEBUG(1,("ERROR! Out of connection structures\n"));	       
 		talloc_free(sess);