Use a random nonce in TGS requests

Commit ae0fee058ad883b2e82fa2b34f4e5f059e827a1b (ticket #5425) changed
the AS client code to use a random nonce, but left the TGS client code
using the current timestamp.  Use a random nonce for TGS requests as
well.

ticket: 8582 (new)

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 2ad0bd6ce7923abbf7419fe8aca7b5eab8267d88..310c32559822cadd826089729263ccb91304ec8a 100644 (file)
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -762,23 +762,6 @@ k5_init_creds_current_time(krb5_context context, krb5_init_creds_context ctx,
     }
 }
 
-/* Choose a random nonce for ctx->request. */
-static krb5_error_code
-pick_nonce(krb5_context context, krb5_init_creds_context ctx)
-{
-    krb5_error_code code = 0;
-    unsigned char random_buf[4];
-    krb5_data random_data = make_data(random_buf, 4);
-
-    /* We incorrectly encode this as signed, so make sure we use an unsigned
-     * value to avoid interoperability issues. */
-    code = krb5_c_random_make_octets(context, &random_data);
-    if (code != 0)
-        return code;
-    ctx->request->nonce = 0x7fffffff & load_32_n(random_buf);
-    return 0;
-}
-
 /* Set the timestamps for ctx->request based on the desired lifetimes. */
 static krb5_error_code
 set_request_times(krb5_context context, krb5_init_creds_context ctx)
@@ -1334,7 +1317,7 @@ init_creds_step_request(krb5_context context,
     }
 
     /* RFC 6113 requires a new nonce for the inner request on each try. */
-    code = pick_nonce(context, ctx);
+    code = k5_generate_nonce(context, &ctx->request->nonce);
     if (code != 0)
         goto cleanup;
 

diff --git a/src/lib/krb5/krb/int-proto.h b/src/lib/krb5/krb/int-proto.h
index 82fa03dee3a44b7349f5cb7aaa866b24066df79b..727125762a32de2fec9be19b5dfbb300cb9b7d95 100644 (file)
--- a/src/lib/krb5/krb/int-proto.h
+++ b/src/lib/krb5/krb/int-proto.h
@@ -102,6 +102,9 @@ krb5_get_cred_via_tkt_ext(krb5_context context, krb5_creds *tkt,
                           krb5_pa_data ***enc_padata, krb5_creds **out_cred,
                           krb5_keyblock **out_subkey);
 
+krb5_error_code
+k5_generate_nonce(krb5_context context, int32_t *out);
+
 krb5_error_code
 k5_make_tgs_req(krb5_context context, struct krb5int_fast_request_state *,
                 krb5_creds *tkt, krb5_flags kdcoptions,

diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c
index f6fdf68d4725e867e9954f3787f36d15dc5d2066..e43a5cc5b135349e5ed4f91cf80149eff0b4ba5a 100644 (file)
--- a/src/lib/krb5/krb/send_tgs.c
+++ b/src/lib/krb5/krb/send_tgs.c
@@ -28,6 +28,25 @@
 #include "int-proto.h"
 #include "fast.h"
 
+/* Choose a random nonce for an AS or TGS request. */
+krb5_error_code
+k5_generate_nonce(krb5_context context, int32_t *out)
+{
+    krb5_error_code ret;
+    unsigned char random_buf[4];
+    krb5_data random_data = make_data(random_buf, 4);
+
+    *out = 0;
+
+    /* We and Heimdal incorrectly encode nonces as signed, so make sure we use
+     * a non-negative value to avoid interoperability issues. */
+    ret = krb5_c_random_make_octets(context, &random_data);
+    if (ret)
+        return ret;
+    *out = 0x7FFFFFFF & load_32_n(random_buf);
+    return 0;
+}
+
 /* Construct an AP-REQ message for a TGS request. */
 static krb5_error_code
 tgs_construct_ap_req(krb5_context context, krb5_data *checksum_data,
@@ -156,10 +175,13 @@ k5_make_tgs_req(krb5_context context,
     req.till = desired->times.endtime ? desired->times.endtime :
         tgt->times.endtime;
     req.rtime = desired->times.renew_till;
+    ret = k5_generate_nonce(context, &req.nonce);
+    if (ret)
+        return ret;
+    *nonce_out = req.nonce;
     ret = krb5_timeofday(context, &time_now);
     if (ret)
         return ret;
-    *nonce_out = req.nonce = (krb5_int32)time_now;
     *timestamp_out = time_now;
 
     req.addresses = (krb5_address **)addrs;