|
 |
d738b9 |
From a23d45875c03d6284f6b5b2851d3ecb8d3ec88ce Mon Sep 17 00:00:00 2001
|
|
|
d738b9 |
From: Matt Rogers <mrogers@redhat.com>
|
|
|
d738b9 |
Date: Wed, 5 Apr 2017 16:48:55 -0400
|
|
|
d738b9 |
Subject: [PATCH] Use the canonical client principal name for OTP
|
|
|
d738b9 |
|
|
|
d738b9 |
In the OTP module, when constructing the RADIUS request, use the
|
|
|
d738b9 |
canonicalized client principal (using the new client_name kdcpreauth
|
|
|
d738b9 |
callback) instead of the request client principal.
|
|
|
d738b9 |
|
|
|
d738b9 |
ticket: 8571 (new)
|
|
|
d738b9 |
(cherry picked from commit 6411398e35e343cdc4d2d103b079c4d3b9031f7e)
|
|
|
d738b9 |
---
|
|
|
d738b9 |
src/plugins/preauth/otp/main.c | 3 ++-
|
|
|
d738b9 |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
d738b9 |
|
|
|
d738b9 |
diff --git a/src/plugins/preauth/otp/main.c b/src/plugins/preauth/otp/main.c
|
|
|
d738b9 |
index 2649e9a90..a1b681682 100644
|
|
|
d738b9 |
--- a/src/plugins/preauth/otp/main.c
|
|
|
d738b9 |
+++ b/src/plugins/preauth/otp/main.c
|
|
|
d738b9 |
@@ -331,7 +331,8 @@ otp_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
|
|
|
d738b9 |
|
|
|
d738b9 |
/* Send the request. */
|
|
|
d738b9 |
otp_state_verify((otp_state *)moddata, cb->event_context(context, rock),
|
|
|
d738b9 |
- request->client, config, req, on_response, rs);
|
|
|
d738b9 |
+ cb->client_name(context, rock), config, req, on_response,
|
|
|
d738b9 |
+ rs);
|
|
|
d738b9 |
cb->free_string(context, rock, config);
|
|
|
d738b9 |
|
|
|
d738b9 |
k5_free_pa_otp_req(context, req);
|