diff options
Diffstat (limited to 'Use-the-canonical-client-principal-name-for-OTP.patch')
-rw-r--r-- | Use-the-canonical-client-principal-name-for-OTP.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/Use-the-canonical-client-principal-name-for-OTP.patch b/Use-the-canonical-client-principal-name-for-OTP.patch new file mode 100644 index 0000000..1cc6163 --- /dev/null +++ b/Use-the-canonical-client-principal-name-for-OTP.patch @@ -0,0 +1,29 @@ +From ca74a8a49f4a05c0b602c9dc473fd16fe71847fd Mon Sep 17 00:00:00 2001 +From: Matt Rogers <mrogers@redhat.com> +Date: Wed, 5 Apr 2017 16:48:55 -0400 +Subject: [PATCH] Use the canonical client principal name for OTP + +In the OTP module, when constructing the RADIUS request, use the +canonicalized client principal (using the new client_name kdcpreauth +callback) instead of the request client principal. + +ticket: 8571 (new) +(cherry picked from commit 6411398e35e343cdc4d2d103b079c4d3b9031f7e) +--- + src/plugins/preauth/otp/main.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/plugins/preauth/otp/main.c b/src/plugins/preauth/otp/main.c +index 2649e9a90..a1b681682 100644 +--- a/src/plugins/preauth/otp/main.c ++++ b/src/plugins/preauth/otp/main.c +@@ -331,7 +331,8 @@ otp_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request, + + /* Send the request. */ + otp_state_verify((otp_state *)moddata, cb->event_context(context, rock), +- request->client, config, req, on_response, rs); ++ cb->client_name(context, rock), config, req, on_response, ++ rs); + cb->free_string(context, rock, config); + + k5_free_pa_otp_req(context, req); |