On Wed, Jul 31, 2019 at 08:14:55PM +0000, gv@members.scinet.supercomputing.org wrote:
v3 of the patch is available, which includes hashing functions and documents the expected input format when using those functions. I don't have the updated module on any of my servers yet, but running slappasswd from my build directory does seem to yield the same results as the non-password versions:
$ ../../../../servers/slapd/slappasswd -T passwd -o module-load=`pwd`/.libs/pw-totp.so -h "{TOTP1}" New password: Re-enter new password: {TOTP1}GAYA====
$ ../../../../servers/slapd/slappasswd -T passwd -o module-load=`pwd`/.libs/pw-totp.so -h "{TOTP1ANDPW}" New password: Re-enter new password: {TOTP1ANDPW}GAYA====|{SSHA}Qo6WiIWWsWohlwZSo9oQkImKvSNArGio
This is using an OTP seed of 00 and a password of foo
Hi Greg, looking at the code, I think I'd be ok with this functionality and nothing major comes up for me.
I would like to see a few changes though: - could you split it in two patches, one to check the previous time step (+doc) and one to support the new schemes (+doc)? - I don't think you need to allocate a copy of the passwd just come in, you can just frame it into separate bervals reusing the provided buffer so long as you keep in mind they are not NUL-terminated properly.
Just a style note, if there's an else coming, could you make sure both the if and the else blocks are in {}?
Regards,
-
ondra@mistotebe.net