d84d7367feAdd a feature flag to control whether to fall back to the "other" policy for chains that are still empty after the requested policy was loaded.
Dag-Erling Smørgrav
2015-07-30 23:42:38 +0000
653950434cFully fix the input overflow bug and add a test case for it.
Dag-Erling Smørgrav
2015-03-19 00:42:58 +0000
bf92462945Include oath.man in the distribution tarball.
Dag-Erling Smørgrav
2015-03-19 00:21:23 +0000
737e1bef50Increment by three, not one, after successfully decoding a character. Add a boundary check.
Dag-Erling Smørgrav
2015-03-19 00:07:19 +0000
a1f83b0b30Add unit tests for RFC 3986 percent encoding / decoding.
Dag-Erling Smørgrav
2015-03-19 00:06:32 +0000
e30d116c36stray endif in previous commit
Dag-Erling Smørgrav
2015-01-27 22:34:04 +0000
6b947dd00amerge r787,r830-r840,r845,r852-r853: build and packaging improvements merge r854: silence all cast-qual warnings except in test suite
Dag-Erling Smørgrav
2015-01-27 22:33:15 +0000
ce014fab92Silence all remaining qual-cast warnings except in the test suite.
Dag-Erling Smørgrav
2015-01-27 22:13:03 +0000
563ac2d4bbRemove the pamgdb script, since "libtool exec gdb" does the same job better.
Dag-Erling Smørgrav
2015-01-15 17:20:49 +0000
8a2e3ce9b6BullseyeCoverage needs to know exactly which compiler we're using.
Dag-Erling Smørgrav
2015-01-15 17:18:03 +0000
00fb76245aSilence an uninitialized variable warning from gcc, which does not realize that the resynchronization loop will always run at least once. Adjust the loop condition, which unintentionally ignored errors. Remove a debugging message.
Dag-Erling Smørgrav
2014-12-15 17:11:36 +0000
1cffa76b4fTrack liboath: - Use UINT_MAX to indicate an invalid response. - The meaning of the window parameter has changed slightly. The calc command now accepts a count of codes to generate. The resync command now fails if the key is not resynchronizable. Clean up the usage message. Document exit codes.
Dag-Erling Smørgrav
2014-12-15 17:00:59 +0000
cec8549503Change the meaning of the window parameter to always indicate the number of codes to check *in addition* to the current code. Note that for TOTP, the window goes in both directions; a window of 1 means to check the current code plus the previous and next.
Dag-Erling Smørgrav
2014-12-15 16:42:31 +0000
e959d8c160Consistently use UINT_MAX, not -1, to indicate an invalid response.
Dag-Erling Smørgrav
2014-12-15 16:12:29 +0000
2f686b73cbRequire the user to specify the OATH mode (HOTP or TOTP) when generating a new key.
Dag-Erling Smørgrav
2014-12-11 14:06:59 +0000
c7a5aa489fAdd an oath_mode(3) function which translates from mode names to numbers.
Dag-Erling Smørgrav
2014-12-11 13:58:15 +0000
e84c236ee9Recognize enums and unions as well as structs.
Dag-Erling Smørgrav
2014-12-11 13:56:51 +0000
8988b9122eThe read-only option that was implemented in r841 was inaccessible because the getopt(3) spec had not been updated to include it.
Dag-Erling Smørgrav
2014-11-25 14:01:58 +0000
da2c1e7120Fix a few cases where we incorrectly (and needlessly) cast away const qualifiers.
Dag-Erling Smørgrav
2014-11-25 10:35:19 +0000
753721df82Implement HOTP resynchronization: the user provides two consecutive codes from their token. If the first code is found within the synchronization window (currently hardcoded to 99) and the second is the next code in the sequence, the counter is reset to one past the second code.
Dag-Erling Smørgrav
2014-11-12 17:30:38 +0000
d130c0ec09Turn writeback mode on by default in oathkey(1).
Dag-Erling Smørgrav
2014-11-12 16:21:15 +0000
fc5eeb8fd9Trust configure to provide the correct source directory.
Dag-Erling Smørgrav
2014-11-07 16:44:26 +0000
4b2bc748fdMake sure we package symlinks as well as files, but don't package .la files.
Dag-Erling Smørgrav
2014-11-02 13:47:08 +0000
273bae0b16Oops - the line count is incremented by the line continuation, not by the word that precedes it.
Dag-Erling Smørgrav
2014-10-28 17:50:17 +0000
16ae1d5b87Further improve the line continuation tests.
Dag-Erling Smørgrav
2014-10-28 17:47:55 +0000
1e3740645eAdd a test case for line continuation within whitespace, similar to the corresponding test in t_openpam_readword.
Dag-Erling Smørgrav
2014-10-28 13:48:00 +0000
ac54af0d69Add configure options to build as much as possible using the system libpam and / or liboath. Doing so disables building the corresponding library and its documentation, but still builts the corresponding tools and modules and runs the unit tests.
Dag-Erling Smørgrav
2014-10-28 10:25:58 +0000
385dfb33cbUse $() instead of @@ in Makefiles. Don't build OATH man pages if --without-oath.
Dag-Erling Smørgrav
2014-10-28 09:03:41 +0000
37baf24e77Change manifest syntax from YAML to UCL to match recent versions of pkg. Also, move the description out of the script.
Dag-Erling Smørgrav
2014-10-24 11:14:51 +0000
623d9e7b2fSmall tweak to avoid marking up initialisms and acronyms like GCC, API and PAM as code. As a side effect, this simplifies the code for CVEs.
Dag-Erling Smørgrav
2014-10-09 14:34:03 +0000
561cd87dbeRefactor. The only major change is that CVE numbers now link to the corresponding NVD database entry.
Dag-Erling Smørgrav
2014-10-09 14:28:41 +0000
8ad7aa9039- Set the sameuser flag when a non-root user manipulates their own key. - Rename the uri command to geturi (but retain backward compatibility). - Add a getkey command that prints the key in hexadecimal.
Dag-Erling Smørgrav
2014-10-08 11:02:44 +0000
89f5473b9dmerge r802: require at least one service function to have succeeded. merge r803: introduce strlset() and use it to clear authentication tokens merge r804: remove keywords from text files merge r805: include CVE numbers in change log merge r806: prepare to release Ourouparia
Dag-Erling Smørgrav
2014-09-09 09:41:32 +0000
95a55b95cfPrepare for releasing Ourouparia on Thursday.
Dag-Erling Smørgrav
2014-09-09 09:33:54 +0000
2ae3b8b727Include CVE numbers when available
Dag-Erling Smørgrav
2014-09-09 09:13:00 +0000
547794d58eRemove keywords from pure text files.
Dag-Erling Smørgrav
2014-09-09 09:11:31 +0000
69b1a97268Introduce strlset(), a memset() variant for strings where the actual size of the buffer is not necessarily known, and which can replace the "memset(str, 0, strlen(str))" idiom. Use it to clear buffers which may have contained authentication tokens.
Dag-Erling Smørgrav
2014-09-09 09:07:51 +0000
131aba915fFrom NetBSD: require at least one service function to have succeeded.
Dag-Erling Smørgrav
2014-09-09 08:08:13 +0000
bdb75a6c92merge r800: belatedly document support for module search paths
Dag-Erling Smørgrav
2014-09-08 12:43:20 +0000
548c44573cBelatedly document the addition of module search paths.
Dag-Erling Smørgrav
2014-09-08 12:42:29 +0000
05630b94beSpell the name of the University of Oslo in English.
Dag-Erling Smørgrav
2014-07-10 17:16:48 +0000
1efe822057For TOTP keys, we record when the key was last used. For HOTP keys, however, we want to record the *next* allowed counter value.
Dag-Erling Smørgrav
2014-04-11 10:35:18 +0000
b61b6f9c74Add a test for lines containing more words than will fit in openpam_readword()'s initial allocation.
Dag-Erling Smørgrav
2014-03-17 14:27:03 +0000
e58f05403eSupport line continuation in whitespace.
Dag-Erling Smørgrav
2014-03-17 14:11:41 +0000
4614107c94Missed one
Dag-Erling Smørgrav
2014-03-17 14:10:33 +0000
f7e8328354Additional tests for various end-of-line / end-of-file corner cases, and for comments that aren't comments.
Dag-Erling Smørgrav
2014-03-17 14:08:31 +0000
ebdefa45caFix buffer overflow in the b64complete test case by increasing the size of the buffer used in tests.
Dag-Erling Smørgrav
2014-03-10 11:13:05 +0000
7914208b2dDon't forget do distribute oath_impl.h.
Dag-Erling Smørgrav
2014-03-10 10:03:57 +0000
9853f0d8d5Generate man pages for oath_key_from_uri() and oath_uri_decode().
Dag-Erling Smørgrav
2014-03-10 09:59:01 +0000
5d59548018When I changed the argument type from uint8_t * to char *, I forgot that they were being used as array indices. Cast them back to uint8_t.
Dag-Erling Smørgrav
2014-03-09 14:11:44 +0000
6c087dd523Add test vectors which encode to the complete alphabet.
Dag-Erling Smørgrav
2014-03-09 14:10:06 +0000
2efb7c4b01Support (but ignore, for now) the issuer parameter.
Dag-Erling Smørgrav
2014-03-09 13:08:14 +0000
d60017fe80Additional tests (which also fail) for unexpected padding.
Dag-Erling Smørgrav
2014-03-09 12:04:56 +0000
183cc6d511The dummy constants have moved to oath_constants.h. Add annotation macros for coverage analysis.
Dag-Erling Smørgrav
2014-03-09 11:51:08 +0000
c5265319ffCompletely rewrite the test suite for the RFC 4648 encoding / decoding functions and add many new tests, several of which fail.
Dag-Erling Smørgrav
2014-03-09 11:49:08 +0000
01809a1b48Switch from uint8_t to char.
Dag-Erling Smørgrav
2014-03-09 11:45:05 +0000
17144e7a5fReplace base{32,64}_decode() with table-driven implementations. The new code is less strict about padding, thus ensuring compatibility with implementations which do not understand padding, such as MIME::Base32.
Dag-Erling Smørgrav
2014-03-06 17:54:58 +0000
4645bc1762Fix base{32,64}_decode(). The former handled padding incorrectly; the latter was derived from the former, and had a couple of copy-paste bugs in addition to the padding bug.
Dag-Erling Smørgrav
2014-03-06 12:35:47 +0000
576e1e6b1cAdd tests for base{32,64}_decode(). Both are broken.
Dag-Erling Smørgrav
2014-03-06 12:32:29 +0000
56f7cf21f5Make stdout line-buffered so verbose output is easier to read.
Dag-Erling Smørgrav
2014-03-06 12:31:31 +0000
03207fcd61oops, braino in previous commit.
Dag-Erling Smørgrav
2014-03-06 12:30:44 +0000