[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Ppolicy overlay password checking module

Andris.Eiduks@tietoenator.com wrote:
Hi !

A pair days ago I finished the same.
And it works ...


  /* Allocate  */
    message = (char *)malloc(sizeof(char) * (strlen(retmsg)+1));

A comment on style: The C language spec defines sizeof(char) == 1. Explicitly multiplying by "sizeof(char)" in C code is redundant, distracting, and confusing.

It would have been better just to use strdup() here.

/* Copy the contents of the string. */
strcpy(message, retmsg);

return pwqr;

Only my returned error message slapd shows in log file and doesn't
forward to client.

That is by design. These errors are only meant for system administrators to view. Passing them back to the client would allow an attacker to discover the policy, and assist in password cracking attempts.

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/