Don't expose binary format in preauth otp

(cherry picked from commit f2a177ddd2c4be7b2e2579a0bcd9d576a52ca216)

ticket: 7417
version_fixed: 1.11
status: resolved

diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index e515e8a01dd3ecbe324af0845c5bcc3c02a9666e..6a4f995a645a17fe1044461c49d773355d85ed18 100644 (file)
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -6408,7 +6408,6 @@ krb5_prompter_posix(krb5_context context, void *data, const char *name,
 #define KRB5_RESPONDER_OTP_FORMAT_DECIMAL 0
 #define KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL 1
 #define KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC 2
-#define KRB5_RESPONDER_OTP_FORMAT_BINARY 3
 
 /**
  * This flag indicates that the token value MUST be collected.

diff --git a/src/lib/krb5/krb/preauth_otp.c b/src/lib/krb5/krb/preauth_otp.c
index ef012bd899f589fb077334ec0ff8a8375fa40cd5..27157c5266594b71697485e6b420e7beeda31237 100644 (file)
--- a/src/lib/krb5/krb/preauth_otp.c
+++ b/src/lib/krb5/krb/preauth_otp.c
@@ -181,7 +181,8 @@ codec_encode_tokeninfo(krb5_otp_tokeninfo *ti, k5_json_object *out)
     if (retval != 0)
         goto error;
 
-    if (ti->format != KRB5_OTP_FORMAT_BASE64) {
+    if (ti->format != KRB5_OTP_FORMAT_BASE64 &&
+        ti->format != KRB5_OTP_FORMAT_BINARY) {
         retval = codec_int32_to_value(ti->format, obj, "format");
         if (retval != 0)
             goto error;