Use correct interval for previous TOTP time slots

author Nick Porter <nick@portercomputing.co.uk>

Mon, 29 Apr 2024 08:15:20 +0000 (09:15 +0100)

committer Nick Porter <nick@portercomputing.co.uk>

Mon, 29 Apr 2024 08:15:20 +0000 (09:15 +0100)
author Nick Porter <nick@portercomputing.co.uk>
Mon, 29 Apr 2024 08:15:20 +0000 (09:15 +0100)
committer Nick Porter <nick@portercomputing.co.uk>
Mon, 29 Apr 2024 08:15:20 +0000 (09:15 +0100)
diff --git a/src/modules/rlm_totp/totp.c b/src/modules/rlm_totp/totp.c

index 3a01f48074ec832bac6081b3e3652062381d179f..4594f2ad964ef7d3c27233da49931710de09b76b 100644 (file)
--- a/src/modules/rlm_totp/totp.c
+++ b/src/modules/rlm_totp/totp.c
@@ -98,12 +98,12 @@ int fr_totp_cmp(fr_totp_t const *cfg, request_t *request, time_t now, uint8_t co
  
         /*
          *      First try to authenticate against the current OTP, then step
-        *      back in increments of BACK_STEP_SECS, up to BACK_STEPS times,
+        *      back in increments of `lookback_interval`, up to `lookback_steps` times,
          *      to authenticate properly in cases of long transit delay, as
          *      described in RFC 6238, section 5.2.
          */
  
-       for (i = 0, then = now; i <= cfg->lookback_steps; i++, then -= cfg->lookback_steps) {
+       for (i = 0, then = now; i <= cfg->lookback_steps; i++, then -= cfg->lookback_interval) {
                 padded = ((uint64_t) now) / cfg->time_step;
                 data[0] = padded >> 56;
                 data[1] = padded >> 48;
author	Nick Porter <nick@portercomputing.co.uk>
	Mon, 29 Apr 2024 08:15:20 +0000 (09:15 +0100)
committer	Nick Porter <nick@portercomputing.co.uk>
	Mon, 29 Apr 2024 08:15:20 +0000 (09:15 +0100)