CirrusLooking to find clock time minus 30 seconds
So i have configured the google authenticator for users to two-factor authenticate when they login to my web portals. Been working fine, however on some devices the users clocks are off by 5-10 seconds and this is causing them to fail the verification process of the irule. The full code can be found at this link:
So what i want is when the irule fails the user, repeat the code again but this time have the irule grab the proper time and minus 30 seconds off it. I am thinking this will give me the code for the previous code and should pass the user basically allowing the user to enter teh current code and the code from before. ( a buffer for human error).
set time [binary format W* [expr [clock seconds] / 30]]
So I am wondering how do i minus 30 seconds from the following line.....
maybe like this:
set time [binary format W* [expr [clock seconds - 30] / 30]]???
I will start by saying that many authentication systems rely on accurately synchronized clocks in order to avoid replay messages, and I suspect Google Authenticator is the same. As such, it is better to have clients and servers that both use NTP.
Having said that: the square brackets are an evaluation operator. The command inside the operators are evaluated in-place. If you pass [clock seconds - 30], then Tcl will try to execute the command clock and pass it three parameters, namely: seconds, -, and 30. You don't want that. Instead, you want to force arithmetic evaluation using expr, which treats parameters as a series of operators. So, this is what you're looking for:
set time [binary format W* [expr { ([clock seconds] - 30) / 30 }]
Notice that you must use parentheses to force the order of evaluation (subtraction first, then division), as is required by normal algebraic rules. Also notice the squirly brackets for the expr command. They are not strictly required, but are always recommended to avoid double-evaluation.
Incidentally, since you grab clock seconds first, then the following provides the same outcome:
set cs [expr { [clock seconds] / 30 }] set time [binary format W* $cs] set css [incr cs -1]That is, css will be the equivalent of your formula, but is simpler to compute.
