summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-07-14 04:36:01 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:52:13 -0500
commit9d0783bf211dffe58845b36b0669f05bf8bf25b5 (patch)
tree3a7434e8a13cf736d2deb7268ef7cf3864cf9499 /source3/passdb
parent8f93b500320d7d4341dfea37fd1f82d02b1ce980 (diff)
downloadsamba-9d0783bf211dffe58845b36b0669f05bf8bf25b5.tar.gz
samba-9d0783bf211dffe58845b36b0669f05bf8bf25b5.tar.bz2
samba-9d0783bf211dffe58845b36b0669f05bf8bf25b5.zip
r1492: Rework our random number generation system.
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). Andrew Bartlett (This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/machine_sid.c2
-rw-r--r--source3/passdb/secrets.c60
2 files changed, 30 insertions, 32 deletions
diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c
index 47b9e2d487..ce1354ce81 100644
--- a/source3/passdb/machine_sid.c
+++ b/source3/passdb/machine_sid.c
@@ -67,7 +67,7 @@ static void generate_random_sid(DOM_SID *sid)
sid->num_auths = 0;
sid->sub_auths[sid->num_auths++] = 21;
- generate_random_buffer(raw_sid_data, 12, True);
+ generate_random_buffer(raw_sid_data, 12);
for (i = 0; i < 3; i++)
sid->sub_auths[sid->num_auths++] = IVAL(raw_sid_data, i*4);
}
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 2b3175bed2..e7637f689d 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -30,10 +30,27 @@
static TDB_CONTEXT *tdb;
+/**
+ * Use a TDB to store an incrementing random seed.
+ *
+ * Initialised to the current pid, the very first time Samba starts,
+ * and incremented by one each time it is needed.
+ *
+ * @note Not called by systems with a working /dev/urandom.
+ */
+static void get_rand_seed(int *new_seed)
+{
+ *new_seed = sys_getpid();
+ if (tdb) {
+ tdb_change_int32_atomic(tdb, "INFO/random_seed", new_seed, 1);
+ }
+}
+
/* open up the secrets database */
BOOL secrets_init(void)
{
pstring fname;
+ char dummy;
if (tdb)
return True;
@@ -47,6 +64,18 @@ BOOL secrets_init(void)
DEBUG(0,("Failed to open %s\n", fname));
return False;
}
+
+ /**
+ * Set a reseed function for the crypto random generator
+ *
+ * This avoids a problem where systems without /dev/urandom
+ * could send the same challenge to multiple clients
+ */
+ set_rand_reseed_callback(get_rand_seed);
+
+ /* Ensure that the reseed is done now, while we are root, etc */
+ generate_random_buffer(&dummy, sizeof(dummy));
+
return True;
}
@@ -504,37 +533,6 @@ BOOL trusted_domain_password_delete(const char *domain)
}
-/*******************************************************************
- Reset the 'done' variables so after a client process is created
- from a fork call these calls will be re-done. This should be
- expanded if more variables need reseting.
- ******************************************************************/
-
-void reset_globals_after_fork(void)
-{
- unsigned char dummy;
-
- secrets_init();
-
- /*
- * Increment the global seed value to ensure every smbd starts
- * with a new random seed.
- */
-
- if (tdb) {
- uint32 initial_val = sys_getpid();
- tdb_change_int32_atomic(tdb, "INFO/random_seed", (int *)&initial_val, 1);
- set_rand_reseed_data((unsigned char *)&initial_val, sizeof(initial_val));
- }
-
- /*
- * Re-seed the random crypto generator, so all smbd's
- * started from the same parent won't generate the same
- * sequence.
- */
- generate_random_buffer( &dummy, 1, True);
-}
-
BOOL secrets_store_ldap_pw(const char* dn, char* pw)
{
char *key = NULL;