r1498: (merge from 3.0)

Rework our random number generation system.

On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().

For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation.  This removes the 'need_reseed'
parameter from generate_random_buffer().

This also requires that we start the secrets subsystem, as that is
where the reseed value is stored, for systems without /dev/urandom.

In order to aviod identical streams in forked children, the random
state is re-initialised after the fork(), at the same point were we do
that to the tdbs.

Andrew Bartlett
(This used to be commit b97d3cb2efd68310b1aea8a3ac40a64979c8cdae)

1 files changed, 29 insertions, 0 deletions

diff --git a/source4/passdb/secrets.c b/source4/passdb/secrets.c
index b5bae614b6..21938db154 100644
--- a/source4/passdb/secrets.c
+++ b/source4/passdb/secrets.c
@@ -29,10 +29,27 @@
 
 static TDB_CONTEXT *tdb;
 
+/**
+ * Use a TDB to store an incrementing random seed.
+ *
+ * Initialised to the current pid, the very first time Samba starts,
+ * and incremented by one each time it is needed.  
+ * 
+ * @note Not called by systems with a working /dev/urandom.
+ */
+static void get_rand_seed(int *new_seed) 
+{
+	*new_seed = getpid();
+	if (tdb) {
+		tdb_change_int32_atomic(tdb, "INFO/random_seed", new_seed, 1);
+	}
+}
+
 /* open up the secrets database */
 BOOL secrets_init(void)
 {
 	pstring fname;
+	char dummy;
 
 	if (tdb)
 		return True;
@@ -46,6 +63,18 @@ BOOL secrets_init(void)
 		DEBUG(0,("Failed to open %s\n", fname));
 		return False;
 	}
+
+	/**
+	 * Set a reseed function for the crypto random generator 
+	 * 
+	 * This avoids a problem where systems without /dev/urandom
+	 * could send the same challenge to multiple clients
+	 */
+	set_rand_reseed_callback(get_rand_seed);
+
+	/* Ensure that the reseed is done now, while we are root, etc */
+	generate_random_buffer(&dummy, sizeof(dummy));
+
 	return True;
 }