#define K5_PLATFORM_H
#include "autoconf.h"
+/* for memcpy */
+#include <string.h>
/* Initialization and finalization function support for libraries.
#endif
}
+static inline unsigned short
+load_16_n (const unsigned char *p)
+{
+ uint16_t n;
+ memcpy(&n, p, 2);
+ return n;
+}
+static inline unsigned int
+load_32_n (const unsigned char *p)
+{
+ uint32_t n;
+ memcpy(&n, p, 4);
+ return n;
+}
+static inline UINT64_TYPE
+load_64_n (const unsigned char *p)
+{
+ UINT64_TYPE n;
+ memcpy(&n, p, 8);
+ return n;
+}
+
/* Make the interfaces to getpwnam and getpwuid consistent.
Model the wrappers on the POSIX thread-safe versions, but
use the unsafe system versions if the safe ones don't exist
* XXX we know they are the same size... and we should do
* something better than just the current time
*/
- request.nonce = (krb5_int32) time_now;
-
+ {
+ unsigned char random_buf[4];
+ krb5_data random_data;
+
+ random_data.length = 4;
+ random_data.data = random_buf;
+ if (krb5_c_random_make_octets(context, &random_data) == 0)
+ /* See RT ticket 3196 at MIT. If we set the high bit, we
+ may have compatibility problems with Heimdal, because
+ we (incorrectly) encode this value as signed. */
+ request.nonce = 0x7fffffff & load_32_n(random_buf);
+ else
+ /* XXX Yuck. Old version. */
+ request.nonce = (krb5_int32) time_now;
+ }
/* give the preauth plugins a chance to prep the request body */
krb5_preauth_prepare_request(context, options, &request);
ret = encode_krb5_kdc_req_body(&request, &encoded_request_body);
projects / krb5.git / commitdiff