[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#9055) contrib/slapd-modules/passwd/totp improvements

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#9055) contrib/slapd-modules/passwd/totp improvements
From: gv@members.scinet.supercomputing.org
Date: Thu, 05 Sep 2019 14:59:49 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

On Thu, Sep 05, 2019 at 11:52:45AM +0200, Ond??ej Kuzn??k wrote:
> - could you split it in two patches, one to check the previous time step
>   (+doc) and one to support the new schemes (+doc)?

Working on it, will have updated patches up shortly...

> - I don't think you need to allocate a copy of the passwd just come in,
>   you can just frame it into separate bervals reusing the provided
>   buffer so long as you keep in mind they are not NUL-terminated
>   properly.

Are you referring to the chk_totp_and_pw() function?  If so,
since the expected format is <password><totp> with no seperator,
if I terminated the password part that would overwrite the first
char of totp, yes?  That's the reason I make a copy and allocate
an extra byte for the NUL.

> Just a style note, if there's an else coming, could you make sure both
> the if and the else blocks are in {}?

Implemented, it will be included in the updated patches.

-- 
Greg Veldman

Prev by Date: Re: (ITS#9055) contrib/slapd-modules/passwd/totp improvements
Next by Date: ITS#9074 published: SECURITY: Not able to view directory structure in 389 management Console
Index(es):
- Chronological
- Thread