Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Bring ASN.1 code closer to draft-ietf-krb-wg-otp-preauth-18.

  • Loading branch information...
commit e5baf4255e69efec89acc8b6b706cf1d733c0c92 1 parent deb161b
Linus Nordberg authored
26 src/include/k5-int.h
@@ -953,22 +953,23 @@ krb5int_find_pa_data(krb5_context, krb5_pa_data *const *, krb5_preauthtype);
953 953
954 954 void krb5_free_etype_info(krb5_context, krb5_etype_info);
955 955
956   -typedef struct _krb5_otp_keyinfo {
  956 +typedef struct _krb5_otp_tokeninfo {
957 957 krb5_int32 flags;
958 958 krb5_data otp_vendor;
959   - krb5_data otp_challenge;
  959 + krb5_octet_data otp_challenge;
960 960 krb5_int32 otp_length;
961   - krb5_data otp_keyid;
962   - krb5_data otp_algid;
963   - krb5_algorithm_identifier hash_alg;
  961 + krb5_octet_data otp_token_id;
  962 + krb5_data otp_alg_id;
  963 + krb5_algorithm_identifier supported_hash_alg; /* FIXME: SEQUENCE OF */
  964 + /* krb5_int16 n_supported_hash_alg; */
964 965 krb5_int32 iteration_count;
965   -} krb5_otp_keyinfo;
  966 +} krb5_otp_tokeninfo;
966 967
967 968 typedef struct _krb5_pa_otp_challenge {
968 969 krb5_data nonce;
969 970 krb5_data otp_service;
970   - krb5_otp_keyinfo otp_keyinfo;
971   - krb5_int32 n_otp_keyinfo;
  971 + krb5_otp_tokeninfo *otp_tokeninfo;
  972 + krb5_int32 n_otp_tokeninfo;
972 973 krb5_data salt;
973 974 krb5_data s2kparams;
974 975 } krb5_pa_otp_challenge;
@@ -980,12 +981,13 @@ typedef struct _krb5_pa_otp_req {
980 981 krb5_algorithm_identifier hash_alg;
981 982 krb5_int32 iteration_count;
982 983 krb5_data otp_value;
  984 + krb5_data otp_pin;
983 985 krb5_data otp_challenge;
  986 + krb5_timestamp otp_time;
984 987 krb5_data otp_counter;
985 988 krb5_int32 otp_format;
986   - krb5_timestamp otp_time;
987   - krb5_data otp_keyid;
988   - krb5_data otp_algid;
  989 + krb5_data otp_token_id;
  990 + krb5_data otp_alg_id;
989 991 krb5_data otp_vendor;
990 992 } krb5_pa_otp_req;
991 993
@@ -1799,7 +1801,7 @@ krb5_error_code
1799 1801 encode_krb5_ad_signedpath_data(const krb5_ad_signedpath_data *, krb5_data **);
1800 1802
1801 1803 krb5_error_code
1802   -encode_krb5_otp_keyinfo(const krb5_otp_keyinfo *, krb5_data **);
  1804 +encode_krb5_otp_tokeninfo(const krb5_otp_tokeninfo *, krb5_data **);
1803 1805
1804 1806 krb5_error_code
1805 1807 encode_krb5_pa_otp_challenge(const krb5_pa_otp_challenge *, krb5_data **);
68 src/lib/krb5/asn.1/asn1_k_decode.c
@@ -1752,7 +1752,40 @@ asn1_decode_typed_data_ptr(asn1buf *buf, krb5_typed_data **valptr)
1752 1752 decode_ptr(krb5_typed_data *, asn1_decode_typed_data);
1753 1753 }
1754 1754
1755   -/* Definitions for http://tools.ietf.org/html/draft-ietf-krb-wg-otp-preauth-14 */
  1755 +/* Definitions for draft-ietf-krb-wg-otp-preauth-18. */
  1756 +
  1757 +asn1_error_code
  1758 +asn1_decode_otp_tokeninfo(asn1buf *buf, krb5_otp_tokeninfo *val)
  1759 +{
  1760 + setup();
  1761 + val->flags = 0;
  1762 + val->otp_vendor.data = NULL;
  1763 + val->otp_challenge.data = NULL;
  1764 + val->otp_length = 0;
  1765 + val->otp_token_id.data = NULL;
  1766 + val->otp_alg_id.data = NULL;
  1767 + val->iteration_count = 0;
  1768 + { begin_structure();
  1769 + get_field(val->flags,0,asn1_decode_int32); /* FIXME: OTPFlags */
  1770 + opt_lenfield(val->otp_vendor.length,val->otp_vendor.data,1,asn1_decode_generalstring); /* FIXME: UTF8String */
  1771 + opt_lenfield(val->otp_challenge.length,val->otp_challenge.data,2,asn1_decode_octetstring); /* FIXME: OCTET STRING (SIZE(1..MAX)) */
  1772 + get_field(val->otp_length,3,asn1_decode_int32);
  1773 + opt_lenfield(val->otp_token_id.length,val->otp_token_id.data,4,asn1_decode_octetstring);
  1774 + opt_lenfield(val->otp_alg_id.length,val->otp_alg_id.data,5,asn1_decode_charstring); /* FIXME: AnyURI */
  1775 + /* TODO: supportedHashAlg [6] SEQUENCE OF AlgorithmIdentifier OPTIONAL
  1776 + asn1_decode_sequence_of_algorithm_identifier() */
  1777 + get_field(val->iteration_count,7,asn1_decode_int32);
  1778 + end_structure();
  1779 + }
  1780 +
  1781 + return 0;
  1782 + error_out:
  1783 + krb5_free_data_contents(NULL, &val->otp_vendor);
  1784 + free(val->otp_challenge.data); val->otp_challenge.data = 0;
  1785 + free(val->otp_token_id.data); val->otp_token_id.data = 0;
  1786 + krb5_free_data_contents(NULL, &val->otp_alg_id);
  1787 + return retval;
  1788 +}
1756 1789
1757 1790 asn1_error_code
1758 1791 asn1_decode_pa_otp_challenge(asn1buf *buf, krb5_pa_otp_challenge *val)
@@ -1760,16 +1793,16 @@ asn1_decode_pa_otp_challenge(asn1buf *buf, krb5_pa_otp_challenge *val)
1760 1793 setup();
1761 1794 val->nonce.data = NULL;
1762 1795 val->otp_service.data = NULL;
1763   - val->otp_keyinfo.flags = -1;
  1796 + val->otp_tokeninfo = NULL;
1764 1797 val->salt.data = NULL;
1765 1798 val->s2kparams.data = NULL;
1766 1799 { begin_structure();
1767 1800 get_lenfield(val->nonce.length,val->nonce.data,0,asn1_decode_charstring);
1768 1801 opt_lenfield(val->otp_service.length,val->otp_service.data,1,asn1_decode_octetstring);
1769   - /* TODO: otp_keyinfo */
  1802 + /* TODO: otp_tokeninfo: otp-tokenInfo [2] SEQUENCE (SIZE(1..MAX)) OF OTP-TOKENINFO
  1803 + asn1_decode_otp_tokeninfo() */
1770 1804 opt_lenfield(val->salt.length,val->salt.data,3,asn1_decode_generalstring);
1771 1805 opt_lenfield(val->s2kparams.length,val->s2kparams.data,4,asn1_decode_octetstring);
1772   -
1773 1806 end_structure();
1774 1807 }
1775 1808 return 0;
@@ -1778,7 +1811,7 @@ asn1_decode_pa_otp_challenge(asn1buf *buf, krb5_pa_otp_challenge *val)
1778 1811 val->nonce.data = NULL;
1779 1812 krb5_free_data_contents(NULL, &val->otp_service);
1780 1813 val->otp_service.data = NULL;
1781   - val->otp_keyinfo.flags = -1;
  1814 + /* TODO: free val->otp_tokeninfo */
1782 1815 krb5_free_data_contents(NULL, &val->salt);
1783 1816 val->salt.data = NULL;
1784 1817 krb5_free_data_contents(NULL, &val->s2kparams);
@@ -1809,28 +1842,30 @@ asn1_decode_pa_otp_req(asn1buf *buf, krb5_pa_otp_req *val)
1809 1842 val->hash_alg.parameters.data = NULL;
1810 1843 val->iteration_count = 0;
1811 1844 val->otp_value.data = NULL;
  1845 + val->otp_pin.data = NULL;
1812 1846 val->otp_challenge.data = NULL;
  1847 + val->otp_time = 0;
1813 1848 val->otp_counter.data = NULL;
1814 1849 val->otp_format = 0;
1815   - val->otp_time = 0;
1816   - val->otp_keyid.data = NULL;
1817   - val->otp_algid.data = NULL;
  1850 + val->otp_token_id.data = NULL;
  1851 + val->otp_alg_id.data = NULL;
1818 1852 val->otp_vendor.data = NULL;
1819 1853 { begin_structure();
1820 1854 get_field(val->flags,0,asn1_decode_krb5_flags);
1821 1855 opt_lenfield(val->nonce.length,val->nonce.data,1,asn1_decode_charstring);
1822 1856 opt_encfield(val->enc_data,2,asn1_decode_encrypted_data);
1823   - /* TODO: hash algorithms */
  1857 + /* TODO: hash_alg: hashAlg [3] AlgorithmIdentifier OPTIONAL */
1824 1858 opt_field(val->iteration_count,4,asn1_decode_int32,0);
1825 1859 opt_lenfield(val->otp_value.length,val->otp_value.data,5,asn1_decode_charstring);
1826   - opt_lenfield(val->otp_challenge.length,val->otp_challenge.data,6,asn1_decode_charstring);
1827   - opt_lenfield(val->otp_counter.length,val->otp_counter.data,7,asn1_decode_charstring);
1828   - opt_field(val->otp_format,8,asn1_decode_int32,0);
1829   -
1830   - opt_lenfield(val->otp_keyid.length,val->otp_keyid.data,10,asn1_decode_charstring);
1831   - opt_lenfield(val->otp_algid.length,val->otp_algid.data,11,asn1_decode_charstring);
1832   - opt_lenfield(val->otp_vendor.length,val->otp_vendor.data,12,asn1_decode_charstring);
1833 1860
  1861 + opt_lenfield(val->otp_pin.length,val->otp_pin.data,6,asn1_decode_charstring);
  1862 + opt_lenfield(val->otp_challenge.length,val->otp_challenge.data,7,asn1_decode_charstring);
  1863 + opt_field(val->otp_time,8,asn1_decode_kerberos_time,0);
  1864 + opt_lenfield(val->otp_counter.length,val->otp_counter.data,9,asn1_decode_charstring);
  1865 + opt_field(val->otp_format,10,asn1_decode_int32,0); /* FIXME: Correct type is OTPFormat. */
  1866 + opt_lenfield(val->otp_token_id.length,val->otp_token_id.data,11,asn1_decode_charstring);
  1867 + opt_lenfield(val->otp_alg_id.length,val->otp_alg_id.data,12,asn1_decode_charstring);
  1868 + opt_lenfield(val->otp_vendor.length,val->otp_vendor.data,13,asn1_decode_charstring);
1834 1869 end_structure();
1835 1870 }
1836 1871 return 0;
@@ -1840,3 +1875,4 @@ asn1_decode_pa_otp_req(asn1buf *buf, krb5_pa_otp_req *val)
1840 1875 /* FIXME: add more frees */
1841 1876 return retval;
1842 1877 }
  1878 +
2  src/lib/krb5/asn.1/asn1_k_decode.h
@@ -276,6 +276,8 @@ asn1_error_code asn1_decode_iakerb_header(asn1buf *buf,
276 276 asn1_error_code asn1_decode_iakerb_finished(asn1buf *buf,
277 277 krb5_iakerb_finished *val);
278 278
  279 +asn1_error_code asn1_decode_otp_tokeninfo(asn1buf *buf,
  280 + krb5_otp_tokeninfo *val);
279 281 asn1_error_code asn1_decode_pa_otp_challenge(asn1buf *buf,
280 282 krb5_pa_otp_challenge *val);
281 283
99 src/lib/krb5/asn.1/asn1_k_encode.c
@@ -2160,7 +2160,7 @@ asn1_encode_typed_data(asn1buf *buf, const krb5_typed_data *val,
2160 2160 asn1_cleanup();
2161 2161 }
2162 2162
2163   -/* Definitions for http://tools.ietf.org/html/draft-ietf-krb-wg-otp-preauth-14 */
  2163 +/* Definitions for draft-ietf-krb-wg-otp-preauth-18. */
2164 2164
2165 2165 DEFFNLENTYPE(oid, unsigned char *, asn1_encode_oid);
2166 2166 DEFFIELDTYPE(ostring_octet_data, krb5_octet_data,
@@ -2171,22 +2171,29 @@ static const struct field_info algorithm_identifier_fields[] = {
2171 2171 FIELDOF_NORM(krb5_algorithm_identifier, oid_data, algorithm, 0),
2172 2172 FIELDOF_OPT(krb5_algorithm_identifier, ostring_octet_data, parameters, 1, 1),
2173 2173 };
2174   -static const struct field_info otp_keyinfo_fields[] = {
2175   - FIELDOF_NORM(krb5_otp_keyinfo, krb5_flags, flags, 0),
2176   - FIELDOF_OPT(krb5_otp_keyinfo, ostring_data, otp_vendor, 1, 1), /* FIXME: not the right type ?? */
2177   - FIELDOF_OPT(krb5_otp_keyinfo, ostring_data, otp_challenge, 2, 1),
2178   - FIELDOF_OPT(krb5_otp_keyinfo, int32, otp_length, 3, 3),
2179   - FIELDOF_OPT(krb5_otp_keyinfo, ostring_data, otp_keyid, 4, 4),
2180   - FIELDOF_OPT(krb5_otp_keyinfo, ostring_data, otp_algid, 5, 5), /* FIXME: not the right type ?? */
2181   - FIELDOF_OPT(krb5_otp_keyinfo, algorithm_identifier, hash_alg, 6, 6),
2182   - FIELDOF_OPT(krb5_otp_keyinfo, int32, iteration_count, 7, 7),
  2174 +static const struct field_info otp_tokeninfo_fields[] = {
  2175 + FIELDOF_NORM(krb5_otp_tokeninfo, krb5_flags, flags, 0),
  2176 + FIELDOF_OPT(krb5_otp_tokeninfo, ostring_data, otp_vendor, 1, 1), /* FIXME: not the right type ?? */
  2177 + FIELDOF_OPT(krb5_otp_tokeninfo, ostring_data, otp_challenge, 2, 2),
  2178 + FIELDOF_OPT(krb5_otp_tokeninfo, int32, otp_length, 3, 3),
  2179 + FIELDOF_OPT(krb5_otp_tokeninfo, ostring_data, otp_token_id, 4, 4),
  2180 + FIELDOF_OPT(krb5_otp_tokeninfo, ostring_data, otp_alg_id, 5, 5), /* FIXME: not the right type ?? */
  2181 + FIELDOF_OPT(krb5_otp_tokeninfo, algorithm_identifier, supported_hash_alg, 6, 6), /* FIXME: SEQUENCE OF (!) AlgorithmIdentifier. */
  2182 + FIELDOF_OPT(krb5_otp_tokeninfo, int32, iteration_count, 7, 7),
2183 2183 };
2184 2184
  2185 +/* TODO: OTPFormat */
  2186 +/* OTPFormat ::= INTEGER {
  2187 + decimal(0),
  2188 + hexadecimal(1),
  2189 + alphanumeric(2),
  2190 + binary(3) } */
  2191 +
2185 2192 static unsigned int
2186   -otp_keyinfo_optional (const void *p)
  2193 +otp_tokeninfo_optional (const void *p)
2187 2194 {
2188 2195 unsigned int optional = 0;
2189   - const krb5_otp_keyinfo *val = p;
  2196 + const krb5_otp_tokeninfo *val = p;
2190 2197
2191 2198 if (val->otp_vendor.data)
2192 2199 optional |= (1u<<1);
@@ -2194,33 +2201,26 @@ otp_keyinfo_optional (const void *p)
2194 2201 optional |= (1u<<2);
2195 2202 if (val->otp_length)
2196 2203 optional |= (1u<<3);
2197   - if (val->otp_keyid.data)
  2204 + if (val->otp_token_id.data)
2198 2205 optional |= (1u<<4);
2199   - if (val->otp_algid.data)
  2206 + if (val->otp_alg_id.data)
2200 2207 optional |= (1u<<5);
2201   - if (val->hash_alg.algorithm.data)
  2208 + if (val->supported_hash_alg.algorithm.data)
2202 2209 optional |= (1u<<6);
2203 2210 if (val->iteration_count)
2204 2211 optional |= (1u<<7);
2205 2212 return optional;
2206 2213 }
2207 2214
2208   -DEFSEQTYPE( otp_keyinfo, krb5_otp_keyinfo, otp_keyinfo_fields, otp_keyinfo_optional);
2209   -MAKE_FULL_ENCODER(encode_krb5_otp_keyinfo, otp_keyinfo);
2210   -
2211   -#define FIELDOF_OPTSEQOF_LEN(STYPE,DESC,PTRFIELD,LENFIELD,LENTYPE,TAG, OPT) \
2212   - { \
2213   - field_sequenceof_len, \
2214   - OFFOF(STYPE, PTRFIELD, aux_typedefname_##DESC), \
2215   - OFFOF(STYPE, LENFIELD, aux_typedefname_##LENTYPE), \
2216   - TAG, OPT, &krb5int_asn1type_##DESC, &krb5int_asn1type_##LENTYPE \
2217   - }
  2215 +DEFSEQTYPE(otp_tokeninfo, krb5_otp_tokeninfo, otp_tokeninfo_fields,
  2216 + otp_tokeninfo_optional);
  2217 +DEFPTRTYPE(otp_tokeninfo_ptr, otp_tokeninfo);
  2218 +MAKE_FULL_ENCODER(encode_krb5_otp_tokeninfo, otp_tokeninfo);
2218 2219
2219 2220 static const struct field_info pa_otp_challenge_fields[] = {
2220 2221 FIELDOF_NORM(krb5_pa_otp_challenge, ostring_data, nonce, 0),
2221 2222 FIELDOF_OPT(krb5_pa_otp_challenge, ostring_data, otp_service, 1, 1), /* FIXME: not the right type ?? */
2222   - /* OPTIONAL according to the description of the field */
2223   - FIELDOF_OPTSEQOF_LEN(krb5_pa_otp_challenge, otp_keyinfo, otp_keyinfo, n_otp_keyinfo, int32, 2, 2),
  2223 + FIELDOF_SEQOF_INT32(krb5_pa_otp_challenge, otp_tokeninfo_ptr, otp_tokeninfo, n_otp_tokeninfo, 2),
2224 2224 FIELDOF_OPT(krb5_pa_otp_challenge, gstring_data, salt, 3, 3),
2225 2225 FIELDOF_OPT(krb5_pa_otp_challenge, ostring_data, s2kparams, 4, 4),
2226 2226 };
@@ -2233,11 +2233,6 @@ pa_otp_challenge_optional (const void *p)
2233 2233
2234 2234 if (val->otp_service.data)
2235 2235 optional |= (1u<<1);
2236   -/* flags is the only mandatory field of otp_keyinfo and the value 0 is marked
2237   - * as reserved so we take -1 to indicate that otp_keyinfo is not set for
2238   - * pa_otp_challenge */
2239   - if (val->otp_keyinfo.flags > -1)
2240   - optional |= (1u<<2);
2241 2236 if (val->salt.data)
2242 2237 optional |= (1u<<3);
2243 2238 if (val->s2kparams.data)
@@ -2245,24 +2240,26 @@ pa_otp_challenge_optional (const void *p)
2245 2240 return optional;
2246 2241 }
2247 2242
2248   -DEFSEQTYPE( pa_otp_challenge, krb5_pa_otp_challenge, pa_otp_challenge_fields, pa_otp_challenge_optional);
  2243 +DEFSEQTYPE(pa_otp_challenge, krb5_pa_otp_challenge, pa_otp_challenge_fields,
  2244 + pa_otp_challenge_optional);
2249 2245 MAKE_FULL_ENCODER(encode_krb5_pa_otp_challenge, pa_otp_challenge);
2250 2246
2251 2247
2252 2248 static const struct field_info pa_otp_req_fields[] = {
2253 2249 FIELDOF_NORM(krb5_pa_otp_req, krb5_flags, flags, 0),
2254 2250 FIELDOF_OPT(krb5_pa_otp_req, ostring_data, nonce, 1, 1),
2255   - FIELDOF_OPT(krb5_pa_otp_req, encrypted_data, enc_data, 2, 2), /* FIXME: not optional */
  2251 + FIELDOF_NORM(krb5_pa_otp_req, encrypted_data, enc_data, 2),
2256 2252 FIELDOF_OPT(krb5_pa_otp_req, algorithm_identifier, hash_alg, 3, 3),
2257 2253 FIELDOF_OPT(krb5_pa_otp_req, int32, iteration_count, 4, 4),
2258 2254 FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_value, 5, 5),
2259   - FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_challenge, 6, 6),
2260   - FIELDOF_OPT(krb5_pa_otp_req, kerberos_time, otp_time, 7, 7),
2261   - FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_counter, 8, 8),
2262   - FIELDOF_OPT(krb5_pa_otp_req, int32, otp_format, 9, 9), /* FIXME: not the right type ?? */
2263   - FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_keyid, 10, 10),
2264   - FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_algid, 11, 11), /* FIXME: not the right type ?? */
2265   - FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_vendor, 12, 12), /* FIXME: not the right type ?? */
  2255 + FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_pin, 6, 6),
  2256 + FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_challenge, 7, 7), /* FIXME: SIZE(1..MAX) */
  2257 + FIELDOF_OPT(krb5_pa_otp_req, kerberos_time, otp_time, 8, 8),
  2258 + FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_counter, 9, 9),
  2259 + FIELDOF_OPT(krb5_pa_otp_req, int32, otp_format, 10, 10), /* FIXME: Correct type is OTPFormat. */
  2260 + FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_token_id, 11, 11),
  2261 + FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_alg_id, 12, 12), /* FIXME: Correct type is AnyURI. */
  2262 + FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_vendor, 13, 13), /* FIXME: Correct type is UTF8String. */
2266 2263 };
2267 2264
2268 2265 static unsigned int
@@ -2272,29 +2269,29 @@ pa_otp_req_optional (const void *p)
2272 2269 const krb5_pa_otp_req *val = p;
2273 2270
2274 2271 if (val->nonce.data)
2275   - optional |= (1u <<1);
2276   - if (val->enc_data.ciphertext.data)
2277   - optional |= (1u<<2);
  2272 + optional |= (1u<<1);
2278 2273 if (val->hash_alg.algorithm.data)
2279 2274 optional |= (1u<<3);
2280 2275 if (val->iteration_count)
2281 2276 optional |= (1u<<4);
2282 2277 if (val->otp_value.data)
2283 2278 optional |= (1u<<5);
2284   - if (val->otp_challenge.data)
  2279 + if (val->otp_pin.data)
2285 2280 optional |= (1u<<6);
2286   - if (val->otp_time)
  2281 + if (val->otp_challenge.data)
2287 2282 optional |= (1u<<7);
2288   - if (val->otp_counter.data)
  2283 + if (val->otp_time)
2289 2284 optional |= (1u<<8);
2290   - if (val->otp_format)
  2285 + if (val->otp_counter.data)
2291 2286 optional |= (1u<<9);
2292   - if (val->otp_keyid.data)
  2287 + if (val->otp_format)
2293 2288 optional |= (1u<<10);
2294   - if (val->otp_algid.data)
  2289 + if (val->otp_token_id.data)
2295 2290 optional |= (1u<<11);
2296   - if (val->otp_vendor.data)
  2291 + if (val->otp_alg_id.data)
2297 2292 optional |= (1u<<12);
  2293 + if (val->otp_vendor.data)
  2294 + optional |= (1u<<13);
2298 2295 return optional;
2299 2296 }
2300 2297 DEFSEQTYPE( pa_otp_req, krb5_pa_otp_req, pa_otp_req_fields, pa_otp_req_optional);
20 src/plugins/preauth/otp/otp_main.c
@@ -303,8 +303,8 @@ otp_client_process(krb5_context context,
303 303 otp_req.otp_value.length = strlen(otp_ctx->otp);
304 304 }
305 305 if (otp_ctx->token_id != NULL) {
306   - otp_req.otp_keyid.data = otp_ctx->token_id;
307   - otp_req.otp_keyid.length = strlen(otp_ctx->token_id);
  306 + otp_req.otp_token_id.data = otp_ctx->token_id;
  307 + otp_req.otp_token_id.length = strlen(otp_ctx->token_id);
308 308 }
309 309 }
310 310
@@ -659,14 +659,21 @@ otp_server_get_edata(krb5_context context,
659 659 *((uint32_t *) (otp_challenge.nonce.data + armor_key->length + 4)) =
660 660 htonl(now_usec);
661 661
662   - /* otp_challenge.otp_keyinfo.flags |= FIXME->keyinfo_flags; */
663   - otp_challenge.otp_keyinfo.flags = -1;
  662 + otp_challenge.n_otp_tokeninfo = 1;
  663 + otp_challenge.otp_tokeninfo = calloc(otp_challenge.n_otp_tokeninfo,
  664 + sizeof(krb5_otp_tokeninfo));
  665 + if (otp_challenge.otp_tokeninfo == NULL) {
  666 + return ENOMEM;
  667 + }
  668 + /* TODO: Delegate to otp methods to decide on the flags. */
  669 + otp_challenge.otp_tokeninfo[0].flags = 0;
664 670
665 671 /* Encode challenge. */
666 672 retval = encode_krb5_pa_otp_challenge(&otp_challenge,
667 673 &encoded_otp_challenge);
668 674 if (retval != 0) {
669 675 SERVER_DEBUG("Unable to encode challenge.");
  676 + free(otp_challenge.otp_tokeninfo);
670 677 return retval;
671 678 }
672 679
@@ -775,8 +782,9 @@ otp_server_verify_padata(krb5_context context,
775 782 goto errout;
776 783 }
777 784 SERVER_DEBUG("Got OTP [%s].", otp);
778   - if (otp_req->otp_keyid.data != NULL) {
779   - tokenid = strndup(otp_req->otp_keyid.data, otp_req->otp_keyid.length);
  785 + if (otp_req->otp_token_id.data != NULL) {
  786 + tokenid = strndup(otp_req->otp_token_id.data,
  787 + otp_req->otp_token_id.length);
780 788 if (tokenid == NULL) {
781 789 retval = ENOMEM;
782 790 goto errout;

0 comments on commit e5baf42

Please sign in to comment.
Something went wrong with that request. Please try again.