s4:rpc_server: Use generate_secret_buffer() for backupkey wap_key

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index a826ae083f439777cc4946ecfa93b7a488a20d20..d192858e4685415833783dbee8d03fcec835f6e2 100644 (file)
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -1263,7 +1263,8 @@ static WERROR generate_bkrp_server_wrap_key(TALLOC_CTX *ctx, struct ldb_context
        char *secret_name;
        TALLOC_CTX *frame = talloc_stackframe();
 
-       generate_random_buffer(wrap_key.key, sizeof(wrap_key.key));
+       /* We need to use a CSPRNG which reseeds for generating session keys. */
+       generate_secret_buffer(wrap_key.key, sizeof(wrap_key.key));
 
        ndr_err = ndr_push_struct_blob(&blob_wrap_key, ctx, &wrap_key, (ndr_push_flags_fn_t)ndr_push_bkrp_dc_serverwrap_key);
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {