Re: (ITS#9055) contrib/slapd-modules/passwd/totp improvements

On Thu, Sep 05, 2019 at 11:52:45AM +0200, Ond??ej Kuzn??k wrote:

• could you split it in two patches, one to check the previous time step (+doc) and one to support the new schemes (+doc)?

Working on it, will have updated patches up shortly...

• I don't think you need to allocate a copy of the passwd just come in, you can just frame it into separate bervals reusing the provided buffer so long as you keep in mind they are not NUL-terminated properly.

Are you referring to the chk_totp_and_pw() function? If so, since the expected format is <password><totp> with no seperator, if I terminated the password part that would overwrite the first char of totp, yes? That's the reason I make a copy and allocate an extra byte for the NUL.

Just a style note, if there's an else coming, could you make sure both the if and the else blocks are in {}?

Implemented, it will be included in the updated patches.