r1498: (merge from 3.0)

Rework our random number generation system.

On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().

For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation.  This removes the 'need_reseed'
parameter from generate_random_buffer().

This also requires that we start the secrets subsystem, as that is
where the reseed value is stored, for systems without /dev/urandom.

In order to aviod identical streams in forked children, the random
state is re-initialised after the fork(), at the same point were we do
that to the tdbs.

Andrew Bartlett
(This used to be commit b97d3cb2efd68310b1aea8a3ac40a64979c8cdae)

3 files changed, 7 insertions, 7 deletions

diff --git a/source4/libcli/auth/ntlmssp.c b/source4/libcli/auth/ntlmssp.c
index 3c656f4e9e..75c1e30f56 100644
--- a/source4/libcli/auth/ntlmssp.c
+++ b/source4/libcli/auth/ntlmssp.c
@@ -108,7 +108,7 @@ void debug_ntlmssp_flags(uint32_t neg_flags)
 static const uint8_t *get_challenge(const struct ntlmssp_state *ntlmssp_state)
 {
 	static uint8_t chal[8];
-	generate_random_buffer(chal, sizeof(chal), False);
+	generate_random_buffer(chal, sizeof(chal));
 
 	return chal;
 }
@@ -1112,7 +1112,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
 		E_md4hash(ntlmssp_state->password, nt_hash);
 		
 		lm_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24);
-		generate_random_buffer(lm_response.data, 8, False);
+		generate_random_buffer(lm_response.data, 8);
 		memset(lm_response.data+8, 0, 16);
 
 		memcpy(session_nonce, challenge_blob.data, 8);
@@ -1202,7 +1202,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
 	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
 		/* Make up a new session key */
 		uint8_t client_session_key[16];
-		generate_random_buffer(client_session_key, sizeof(client_session_key), False);
+		generate_random_buffer(client_session_key, sizeof(client_session_key));
 
 		/* Encrypt the new session key with the old one */
 		encrypted_session_key = data_blob_talloc(ntlmssp_state->mem_ctx, 
diff --git a/source4/libcli/auth/schannel.c b/source4/libcli/auth/schannel.c
index 8a261a506c..aa89e7b84f 100644
--- a/source4/libcli/auth/schannel.c
+++ b/source4/libcli/auth/schannel.c
@@ -194,7 +194,7 @@ NTSTATUS schannel_seal_packet(struct schannel_state *state,
 	uint8_t sealing_key[16];
 	static const uint8_t netsec_sig[8] = NETSEC_SEAL_SIGNATURE;
 
-	generate_random_buffer(confounder, 8, False);
+	generate_random_buffer(confounder, 8);
 
 	RSIVAL(seq_num, 0, state->seq_num);
 	SIVAL(seq_num, 4, state->initiator?0x80:0);
diff --git a/source4/libcli/util/smbencrypt.c b/source4/libcli/util/smbencrypt.c
index 72c6589097..a02fdaa38b 100644
--- a/source4/libcli/util/smbencrypt.c
+++ b/source4/libcli/util/smbencrypt.c
@@ -283,7 +283,7 @@ static DATA_BLOB NTLMv2_generate_client_data(TALLOC_CTX *mem_ctx, const DATA_BLO
 
 	unix_to_nt_time(&nttime, time(NULL));
 
-	generate_random_buffer(client_chal, sizeof(client_chal), False);
+	generate_random_buffer(client_chal, sizeof(client_chal));
 
 	push_nttime(long_date, 0, nttime);
 
@@ -343,7 +343,7 @@ static DATA_BLOB LMv2_generate_response(const uint8_t ntlm_v2_hash[16],
 	
 	/* LMv2 */
 	/* client-supplied random data */
-	generate_random_buffer(lmv2_client_data.data, lmv2_client_data.length, False);	
+	generate_random_buffer(lmv2_client_data.data, lmv2_client_data.length);	
 
 	/* Given that data, and the challenge from the server, generate a response */
 	SMBOWFencrypt_ntv2(ntlm_v2_hash, server_chal, &lmv2_client_data, lmv2_response);
@@ -413,7 +413,7 @@ BOOL encode_pw_buffer(char buffer[516], const char *password, int string_flags)
 	
 	memcpy(&buffer[512 - new_pw_len], new_pw, new_pw_len);
 
-	generate_random_buffer((uint8_t *)buffer, 512 - new_pw_len, False);
+	generate_random_buffer((uint8_t *)buffer, 512 - new_pw_len);
 
 	/* 
 	 * The length of the new password is in the last 4 bytes of