diff options
| author | Nathaniel McCallum <npmccallum@redhat.com> | 2016-02-21 19:44:19 -0500 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-05-26 18:47:05 +0200 |
| commit | 8f356a4305a9aa74aacae36806d6e8ed1b765245 (patch) | |
| tree | 3db2b50ff598e5de789e6a852b55d7205b19191b | |
| parent | 204200d73bb135cb7b9b31b8f1ba5268d73094a5 (diff) | |
| download | freeipa-8f356a4305a9aa74aacae36806d6e8ed1b765245.tar.gz freeipa-8f356a4305a9aa74aacae36806d6e8ed1b765245.tar.xz freeipa-8f356a4305a9aa74aacae36806d6e8ed1b765245.zip | |
Enable authentication indicators for OTP and RADIUS
If the user is configured for OTP or RADIUS authentication, insert the
relevant authentication indicator.
https://fedorahosted.org/freeipa/ticket/433
Reviewed-By: Sumit Bose <sbose@redhat.com>
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb_principals.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c index 910d55c4a..d4adf27f2 100644 --- a/daemons/ipa-kdb/ipa_kdb_principals.c +++ b/daemons/ipa-kdb/ipa_kdb_principals.c @@ -512,7 +512,8 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext, krb5_db_entry **kentry, uint32_t *polmask) { - krb5_octet otp_string[] = {'o', 't', 'p', 0, '[', ']', 0 }; + const krb5_octet rad_string[] = "otp\0[{\"indicators\": [\"radius\"]}]"; + const krb5_octet otp_string[] = "otp\0[{\"indicators\": [\"otp\"]}]"; struct ipadb_context *ipactx; enum ipadb_user_auth ua; LDAP *lcontext; @@ -842,11 +843,16 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext, } /* If enabled, set the otp user string, enabling otp. */ - if (ua & (IPADB_USER_AUTH_RADIUS | IPADB_USER_AUTH_OTP)) { + if (ua & IPADB_USER_AUTH_OTP) { kerr = ipadb_set_tl_data(entry, KRB5_TL_STRING_ATTRS, sizeof(otp_string), otp_string); if (kerr) goto done; + } else if (ua & IPADB_USER_AUTH_RADIUS) { + kerr = ipadb_set_tl_data(entry, KRB5_TL_STRING_ATTRS, + sizeof(rad_string), rad_string); + if (kerr) + goto done; } kerr = 0; |