*/
#define KRB5_RESPONDER_OTP_FLAGS_NEXTOTP (1 << 2)
+/**
+ * This flag indicates that the PIN MUST be returned as a separate item. This
+ * flag only takes effect if KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN is set. If
+ * this flag is not set, the responder may either concatenate PIN + token value
+ * and store it as "value" in the answer or it may return them separately. If
+ * they are returned separately, they will be concatenated internally.
+ */
+#define KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN (1 << 3)
+
typedef struct krb5_responder_context_st *krb5_responder_context;
/**
goto error;
flags = KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN;
- if (ti->flags & KRB5_OTP_FLAG_COLLECT_PIN)
+ if (ti->flags & KRB5_OTP_FLAG_COLLECT_PIN) {
flags |= KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN;
+ if (ti->flags & KRB5_OTP_FLAG_SEPARATE_PIN)
+ flags |= KRB5_RESPONDER_OTP_FLAGS_NEXTOTP;
+ }
if (ti->flags & KRB5_OTP_FLAG_NEXTOTP)
flags |= KRB5_RESPONDER_OTP_FLAGS_NEXTOTP;
goto error;
if (ti->flags & KRB5_OTP_FLAG_COLLECT_PIN) {
- if (pin == NULL || pin->data == NULL) {
- retval = EINVAL; /* No pin found! */
- goto error;
- }
-
if (ti->flags & KRB5_OTP_FLAG_SEPARATE_PIN) {
+ if (pin == NULL || pin->data == NULL) {
+ retval = EINVAL; /* No pin found! */
+ goto error;
+ }
+
retval = krb5int_copy_data_contents(ctx, pin, &req->pin);
if (retval != 0)
goto error;
- } else {
+ } else if (pin != NULL && pin->data != NULL) {
krb5_free_data_contents(ctx, &req->otp_value);
retval = asprintf(&req->otp_value.data, "%.*s%.*s",
pin->length, pin->data,
goto error;
}
req->otp_value.length = req->pin.length + req->otp_value.length;
- }
+ } /* Otherwise, the responder has already combined them. */
}
*out_req = req;
projects / thirdparty / krb5.git / commitdiff
