OpenPAM/OpenPAM
OpenPAM
/
OpenPAM
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Commit Graph

  • d84d7367fe Add a feature flag to control whether to fall back to the "other" policy for chains that are still empty after the requested policy was loaded. Dag-Erling Smørgrav 2015-07-30 23:42:38 +0000
  • 653950434c Fully fix the input overflow bug and add a test case for it. Dag-Erling Smørgrav 2015-03-19 00:42:58 +0000
  • bf92462945 Include oath.man in the distribution tarball. Dag-Erling Smørgrav 2015-03-19 00:21:23 +0000
  • 34ef29ccf8 ignore generated file Dag-Erling Smørgrav 2015-03-19 00:16:42 +0000
  • 737e1bef50 Increment by three, not one, after successfully decoding a character. Add a boundary check. Dag-Erling Smørgrav 2015-03-19 00:07:19 +0000
  • a1f83b0b30 Add unit tests for RFC 3986 percent encoding / decoding. Dag-Erling Smørgrav 2015-03-19 00:06:32 +0000
  • e30d116c36 stray endif in previous commit Dag-Erling Smørgrav 2015-01-27 22:34:04 +0000
  • 6b947dd00a merge r787,r830-r840,r845,r852-r853: build and packaging improvements merge r854: silence all cast-qual warnings except in test suite Dag-Erling Smørgrav 2015-01-27 22:33:15 +0000
  • ce014fab92 Silence all remaining qual-cast warnings except in the test suite. Dag-Erling Smørgrav 2015-01-27 22:13:03 +0000
  • 563ac2d4bb Remove the pamgdb script, since "libtool exec gdb" does the same job better. Dag-Erling Smørgrav 2015-01-15 17:20:49 +0000
  • 8a2e3ce9b6 BullseyeCoverage needs to know exactly which compiler we're using. Dag-Erling Smørgrav 2015-01-15 17:18:03 +0000
  • 00fb76245a Silence an uninitialized variable warning from gcc, which does not realize that the resynchronization loop will always run at least once. Adjust the loop condition, which unintentionally ignored errors. Remove a debugging message. Dag-Erling Smørgrav 2014-12-15 17:11:36 +0000
  • 1cffa76b4f Track liboath: - Use UINT_MAX to indicate an invalid response. - The meaning of the window parameter has changed slightly. The calc command now accepts a count of codes to generate. The resync command now fails if the key is not resynchronizable. Clean up the usage message. Document exit codes. Dag-Erling Smørgrav 2014-12-15 17:00:59 +0000
  • cec8549503 Change the meaning of the window parameter to always indicate the number of codes to check *in addition* to the current code. Note that for TOTP, the window goes in both directions; a window of 1 means to check the current code plus the previous and next. Dag-Erling Smørgrav 2014-12-15 16:42:31 +0000
  • e959d8c160 Consistently use UINT_MAX, not -1, to indicate an invalid response. Dag-Erling Smørgrav 2014-12-15 16:12:29 +0000
  • 2f686b73cb Require the user to specify the OATH mode (HOTP or TOTP) when generating a new key. Dag-Erling Smørgrav 2014-12-11 14:06:59 +0000
  • c7a5aa489f Add an oath_mode(3) function which translates from mode names to numbers. Dag-Erling Smørgrav 2014-12-11 13:58:15 +0000
  • e84c236ee9 Recognize enums and unions as well as structs. Dag-Erling Smørgrav 2014-12-11 13:56:51 +0000
  • 8988b9122e The read-only option that was implemented in r841 was inaccessible because the getopt(3) spec had not been updated to include it. Dag-Erling Smørgrav 2014-11-25 14:01:58 +0000
  • da2c1e7120 Fix a few cases where we incorrectly (and needlessly) cast away const qualifiers. Dag-Erling Smørgrav 2014-11-25 10:35:19 +0000
  • 753721df82 Implement HOTP resynchronization: the user provides two consecutive codes from their token. If the first code is found within the synchronization window (currently hardcoded to 99) and the second is the next code in the sequence, the counter is reset to one past the second code. Dag-Erling Smørgrav 2014-11-12 17:30:38 +0000
  • d130c0ec09 Turn writeback mode on by default in oathkey(1). Dag-Erling Smørgrav 2014-11-12 16:21:15 +0000
  • fc5eeb8fd9 Trust configure to provide the correct source directory. Dag-Erling Smørgrav 2014-11-07 16:44:26 +0000
  • f3fda3d07a Style nits Dag-Erling Smørgrav 2014-11-07 16:37:56 +0000
  • 4b2bc748fd Make sure we package symlinks as well as files, but don't package .la files. Dag-Erling Smørgrav 2014-11-02 13:47:08 +0000
  • 273bae0b16 Oops - the line count is incremented by the line continuation, not by the word that precedes it. Dag-Erling Smørgrav 2014-10-28 17:50:17 +0000
  • 16ae1d5b87 Further improve the line continuation tests. Dag-Erling Smørgrav 2014-10-28 17:47:55 +0000
  • 1e3740645e Add a test case for line continuation within whitespace, similar to the corresponding test in t_openpam_readword. Dag-Erling Smørgrav 2014-10-28 13:48:00 +0000
  • ac54af0d69 Add configure options to build as much as possible using the system libpam and / or liboath. Doing so disables building the corresponding library and its documentation, but still builts the corresponding tools and modules and runs the unit tests. Dag-Erling Smørgrav 2014-10-28 10:25:58 +0000
  • 385dfb33cb Use $() instead of @@ in Makefiles. Don't build OATH man pages if --without-oath. Dag-Erling Smørgrav 2014-10-28 09:03:41 +0000
  • 37baf24e77 Change manifest syntax from YAML to UCL to match recent versions of pkg. Also, move the description out of the script. Dag-Erling Smørgrav 2014-10-24 11:14:51 +0000
  • 7ce556ed8d Remove obsolete text. Dag-Erling Smørgrav 2014-10-24 10:58:21 +0000
  • e6dc9378f7 staticize t_plan Dag-Erling Smørgrav 2014-10-24 08:49:47 +0000
  • 3f96e13f70 merge r828: additional tests for line continuation Dag-Erling Smørgrav 2014-10-23 08:26:17 +0000
  • e956efb61f Better tests for line continuation. Dag-Erling Smørgrav 2014-10-23 08:25:08 +0000
  • 9c55e81bbb Add a calc command that prints the current code. Dag-Erling Smørgrav 2014-10-22 10:03:14 +0000
  • 9700f8606d merge r790, r791: additional tests for openpam_readword() merge r793: additional tests for openpam_readlinev() Dag-Erling Smørgrav 2014-10-18 22:42:23 +0000
  • 918f37acdc merge r792: support line continuation in whitespace. merge r824: remove unused variable. Dag-Erling Smørgrav 2014-10-18 22:38:31 +0000
  • e5b05552fc Remove unused variable. Dag-Erling Smørgrav 2014-10-18 22:35:35 +0000
  • ce08052f96 Compare the return value from mmap() to MAP_FAILED, not NULL. Dag-Erling Smørgrav 2014-10-16 13:44:34 +0000
  • a27043ec13 merge r819, r820, r821: improvements to history2wiki Dag-Erling Smørgrav 2014-10-09 15:15:42 +0000
  • 2c148271ae Avoid double-quoting function-like macros. Dag-Erling Smørgrav 2014-10-09 14:45:32 +0000
  • 623d9e7b2f Small tweak to avoid marking up initialisms and acronyms like GCC, API and PAM as code. As a side effect, this simplifies the code for CVEs. Dag-Erling Smørgrav 2014-10-09 14:34:03 +0000
  • 561cd87dbe Refactor. The only major change is that CVE numbers now link to the corresponding NVD database entry. Dag-Erling Smørgrav 2014-10-09 14:28:41 +0000
  • 8ad7aa9039 - Set the sameuser flag when a non-root user manipulates their own key. - Rename the uri command to geturi (but retain backward compatibility). - Add a getkey command that prints the key in hexadecimal. Dag-Erling Smørgrav 2014-10-08 11:02:44 +0000
  • 37ff7929a0 Remove superfluous comments and blank lines. Dag-Erling Smørgrav 2014-10-08 10:58:11 +0000
  • ac7a182787 Tag OpenPAM Ourouparia openpam-20140912 origin/tags/openpam-20140912 Dag-Erling Smørgrav 2014-09-12 07:50:22 +0000
  • 18ca38b81c merge r813: credit Gavin Atkinson merge r814: autotools nits Dag-Erling Smørgrav 2014-09-12 07:47:27 +0000
  • 5c8ea43402 Spell out option names Dag-Erling Smørgrav 2014-09-12 07:46:46 +0000
  • b94f9e7ce7 Gavin helped out with CVE-2014-3879 Dag-Erling Smørgrav 2014-09-12 07:46:23 +0000
  • 590fc39338 merge r811: push back release date Dag-Erling Smørgrav 2014-09-12 07:24:23 +0000
  • 6846134790 Push back one day. Dag-Erling Smørgrav 2014-09-12 07:23:27 +0000
  • 9f736ec8f4 merge r809: typo Dag-Erling Smørgrav 2014-09-09 11:02:16 +0000
  • 1450290a72 typo Dag-Erling Smørgrav 2014-09-09 11:01:45 +0000
  • ed0929dcc0 merge r766, r767: fix svn:ignore Dag-Erling Smørgrav 2014-09-09 09:43:48 +0000
  • 89f5473b9d merge r802: require at least one service function to have succeeded. merge r803: introduce strlset() and use it to clear authentication tokens merge r804: remove keywords from text files merge r805: include CVE numbers in change log merge r806: prepare to release Ourouparia Dag-Erling Smørgrav 2014-09-09 09:41:32 +0000
  • 95a55b95cf Prepare for releasing Ourouparia on Thursday. Dag-Erling Smørgrav 2014-09-09 09:33:54 +0000
  • 2ae3b8b727 Include CVE numbers when available Dag-Erling Smørgrav 2014-09-09 09:13:00 +0000
  • 547794d58e Remove keywords from pure text files. Dag-Erling Smørgrav 2014-09-09 09:11:31 +0000
  • 69b1a97268 Introduce strlset(), a memset() variant for strings where the actual size of the buffer is not necessarily known, and which can replace the "memset(str, 0, strlen(str))" idiom. Use it to clear buffers which may have contained authentication tokens. Dag-Erling Smørgrav 2014-09-09 09:07:51 +0000
  • 131aba915f From NetBSD: require at least one service function to have succeeded. Dag-Erling Smørgrav 2014-09-09 08:08:13 +0000
  • bdb75a6c92 merge r800: belatedly document support for module search paths Dag-Erling Smørgrav 2014-09-08 12:43:20 +0000
  • 548c44573c Belatedly document the addition of module search paths. Dag-Erling Smørgrav 2014-09-08 12:42:29 +0000
  • 05630b94be Spell the name of the University of Oslo in English. Dag-Erling Smørgrav 2014-07-10 17:16:48 +0000
  • 79670fe2fb merge r797: add a missing cast Dag-Erling Smørgrav 2014-06-10 21:28:14 +0000
  • 57429ccc0e Add missing cast. Dag-Erling Smørgrav 2014-06-10 21:27:18 +0000
  • 4685f783f4 merge r795: fix error handling for nonexistent modules (CVE-2014-3879) Dag-Erling Smørgrav 2014-06-03 21:30:08 +0000
  • 7dbd5c38b7 In openpam_parse_chain(): Dag-Erling Smørgrav 2014-06-03 21:27:48 +0000
  • 1efe822057 For TOTP keys, we record when the key was last used. For HOTP keys, however, we want to record the *next* allowed counter value. Dag-Erling Smørgrav 2014-04-11 10:35:18 +0000
  • b61b6f9c74 Add a test for lines containing more words than will fit in openpam_readword()'s initial allocation. Dag-Erling Smørgrav 2014-03-17 14:27:03 +0000
  • e58f05403e Support line continuation in whitespace. Dag-Erling Smørgrav 2014-03-17 14:11:41 +0000
  • 4614107c94 Missed one Dag-Erling Smørgrav 2014-03-17 14:10:33 +0000
  • f7e8328354 Additional tests for various end-of-line / end-of-file corner cases, and for comments that aren't comments. Dag-Erling Smørgrav 2014-03-17 14:08:31 +0000
  • 14d31b83e8 Fix headers Dag-Erling Smørgrav 2014-03-12 00:04:20 +0000
  • a4ff6191f7 I must have been drunk when I wrote this. Dag-Erling Smørgrav 2014-03-12 00:03:53 +0000
  • 925436a04f Compress man pages before generating the manifest. Dag-Erling Smørgrav 2014-03-10 15:43:17 +0000
  • 078ac6bb4a Move oath_key_from_file() into a separate source file and document it. Dag-Erling Smørgrav 2014-03-10 15:37:55 +0000
  • 6722d714f5 Missing word Dag-Erling Smørgrav 2014-03-10 15:37:38 +0000
  • 38622bad18 Implement keyfile writeback. Dag-Erling Smørgrav 2014-03-10 15:31:30 +0000
  • ebdefa45ca Fix buffer overflow in the b64complete test case by increasing the size of the buffer used in tests. Dag-Erling Smørgrav 2014-03-10 11:13:05 +0000
  • 7914208b2d Don't forget do distribute oath_impl.h. Dag-Erling Smørgrav 2014-03-10 10:03:57 +0000
  • 9853f0d8d5 Generate man pages for oath_key_from_uri() and oath_uri_decode(). Dag-Erling Smørgrav 2014-03-10 09:59:01 +0000
  • 6243755aa2 Rudimentary key management tool. Dag-Erling Smørgrav 2014-03-10 09:55:15 +0000
  • 5d59548018 When I changed the argument type from uint8_t * to char *, I forgot that they were being used as array indices. Cast them back to uint8_t. Dag-Erling Smørgrav 2014-03-09 14:11:44 +0000
  • 6c087dd523 Add test vectors which encode to the complete alphabet. Dag-Erling Smørgrav 2014-03-09 14:10:06 +0000
  • 2efb7c4b01 Support (but ignore, for now) the issuer parameter. Dag-Erling Smørgrav 2014-03-09 13:08:14 +0000
  • 75a6073d2c Encoder: Dag-Erling Smørgrav 2014-03-09 12:48:48 +0000
  • d60017fe80 Additional tests (which also fail) for unexpected padding. Dag-Erling Smørgrav 2014-03-09 12:04:56 +0000
  • 183cc6d511 The dummy constants have moved to oath_constants.h. Add annotation macros for coverage analysis. Dag-Erling Smørgrav 2014-03-09 11:51:08 +0000
  • c5265319ff Completely rewrite the test suite for the RFC 4648 encoding / decoding functions and add many new tests, several of which fail. Dag-Erling Smørgrav 2014-03-09 11:49:08 +0000
  • 01809a1b48 Switch from uint8_t to char. Dag-Erling Smørgrav 2014-03-09 11:45:05 +0000
  • 17144e7a5f Replace base{32,64}_decode() with table-driven implementations. The new code is less strict about padding, thus ensuring compatibility with implementations which do not understand padding, such as MIME::Base32. Dag-Erling Smørgrav 2014-03-06 17:54:58 +0000
  • 4645bc1762 Fix base{32,64}_decode(). The former handled padding incorrectly; the latter was derived from the former, and had a couple of copy-paste bugs in addition to the padding bug. Dag-Erling Smørgrav 2014-03-06 12:35:47 +0000
  • 576e1e6b1c Add tests for base{32,64}_decode(). Both are broken. Dag-Erling Smørgrav 2014-03-06 12:32:29 +0000
  • 56f7cf21f5 Make stdout line-buffered so verbose output is easier to read. Dag-Erling Smørgrav 2014-03-06 12:31:31 +0000
  • 03207fcd61 oops, braino in previous commit. Dag-Erling Smørgrav 2014-03-06 12:30:44 +0000
  • 3dab19018f props Dag-Erling Smørgrav 2014-03-06 12:29:36 +0000
  • 9f84c11072 props Dag-Erling Smørgrav 2014-03-06 09:29:06 +0000
  • 46df1b1050 Document the is_upper() bug. Dag-Erling Smørgrav 2014-02-26 17:30:57 +0000
  • c87d7f0ff0 merge r759: add is_xdigit() predicate merge r760: add tests for ctype macros merge r761: fix bug in is_upper() merge r762: update credits Dag-Erling Smørgrav 2014-02-26 16:29:16 +0000