static krb5_error_code
otp_client_prep_questions(krb5_context context, krb5_clpreauth_moddata moddata,
krb5_clpreauth_modreq modreq,
krb5_get_init_creds_opt *opt,
krb5_clpreauth_callbacks cb,
krb5_clpreauth_rock rock, krb5_kdc_req *request,
krb5_data *encoded_request_body,
krb5_data *encoded_previous_request,
krb5_pa_data *pa_data)
{
krb5_pa_otp_challenge *chl;
krb5_error_code retval;
krb5_data tmp;
char *json;
if (modreq == NULL)
return ENOMEM;
/* Decode the challenge. */
tmp = make_data(pa_data->contents, pa_data->length);
retval = decode_krb5_pa_otp_challenge(&tmp,
(krb5_pa_otp_challenge **)modreq);
if (retval != 0)
return retval;
chl = *(krb5_pa_otp_challenge **)modreq;
/* Remove unsupported tokeninfos. */
retval = filter_supported_tokeninfos(context, chl->tokeninfo);
if (retval != 0)
return retval;
/* Remove tokeninfos that don't match the recorded description, if that
* results in there being only one that does. */
retval = filter_config_tokeninfos(context, cb, rock, chl->tokeninfo);
if (retval != 0)
return retval;
/* Make the JSON representation. */
retval = codec_encode_challenge(context, chl, &json);
if (retval != 0)
return retval;
/* Ask the question. */
retval = cb->ask_responder_question(context, rock,
KRB5_RESPONDER_QUESTION_OTP,
json);
free(json);
return retval;
}