[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#9055) contrib/slapd-modules/passwd/totp improvements
On Thu, Sep 05, 2019 at 11:52:45AM +0200, Ond??ej Kuzn??k wrote:
> - could you split it in two patches, one to check the previous time step
> (+doc) and one to support the new schemes (+doc)?
Working on it, will have updated patches up shortly...
> - I don't think you need to allocate a copy of the passwd just come in,
> you can just frame it into separate bervals reusing the provided
> buffer so long as you keep in mind they are not NUL-terminated
> properly.
Are you referring to the chk_totp_and_pw() function? If so,
since the expected format is <password><totp> with no seperator,
if I terminated the password part that would overwrite the first
char of totp, yes? That's the reason I make a copy and allocate
an extra byte for the NUL.
> Just a style note, if there's an else coming, could you make sure both
> the if and the else blocks are in {}?
Implemented, it will be included in the updated patches.
--
Greg Veldman