summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2007-10-16 01:27:15 +0200
committerStefan Metzmacher <metze@samba.org>2007-12-21 05:43:03 +0100
commit6554433fc227baab93398576db703c91db1541f2 (patch)
tree13437d4d9377c247afa30e4cb946b11a7c98c01c /source4/auth
parent1eaefd15cb7ad20165ea4c754535986b642e24f0 (diff)
downloadsamba-6554433fc227baab93398576db703c91db1541f2.tar.gz
samba-6554433fc227baab93398576db703c91db1541f2.tar.bz2
samba-6554433fc227baab93398576db703c91db1541f2.zip
r25660: Add a new interface 'generate_secret_buffer()', to be used when we
require top-quality entropy. We don't want to waste system enropy generating challenges (which simply need to be unpredictable, not secret) or when generating UUIDs. Rework generate_random_buffer() to use /dev/urandom less often, only to seed the existing RC4 based PRNG. (With an exception to ensure we don't waste this setup cost for very small entropy requests). Perhaps we should be using heimdal's code for this instead? This should drasticly reduce our entropy use, particularly in the build farm (automated Samba build on hosts without much other source of entropy). Andrew Bartlett (This used to be commit 6a5630d37191542022f02fae519227b7829ef620)
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/ntlmssp/ntlmssp_client.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c
index 61d6f1b25f..bff9fc0b8a 100644
--- a/source4/auth/ntlmssp/ntlmssp_client.c
+++ b/source4/auth/ntlmssp/ntlmssp_client.c
@@ -226,7 +226,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
/* Make up a new session key */
uint8_t client_session_key[16];
- generate_random_buffer(client_session_key, sizeof(client_session_key));
+ generate_secret_buffer(client_session_key, sizeof(client_session_key));
/* Encrypt the new session key with the old one */
encrypted_session_key = data_blob_talloc(gensec_ntlmssp_state,