59313f56a4Do not use oath_[ht]otp_match() as predicates - a non-zero return can mean an error occurred. We should probably switch to the standard Unix idiom of returning 0 for success.
Dag-Erling Smørgrav
2014-01-22 15:13:56 +0000
e8cd86aade- The key length is in bytes, not bits, so the correct default is 20 and not 160 (which would actually overflow). This should probably be a macro. - Implement random key generation using OpenSSL's RAND_bytes(3).
Dag-Erling Smørgrav
2014-01-22 15:12:15 +0000
11a8c730d2Enable OATH by default and tweak some option description strings.
Dag-Erling Smørgrav
2014-01-20 11:25:44 +0000
9c592d628cNote that saving the keyfile updates a TOTP key's lastused parameter.
Dag-Erling Smørgrav
2014-01-20 10:48:39 +0000
aa338bce81Add oath_key_create(3) which creates an OATH key from scratch.
Dag-Erling Smørgrav
2014-01-20 10:47:10 +0000
efb78b5569merge r748: typo in pam_conv(3) man page merge r749: update mkpkgng for pkg 1.2 merge r750: credit bapt@freebsd.org
Dag-Erling Smørgrav
2014-01-13 21:34:29 +0000
df95e0530dCredit Baptiste Daroussin for his various contributions, including but not limited to r749.
Dag-Erling Smørgrav
2014-01-13 21:27:03 +0000
d68deb210cUpdate the way we extract the pkg version and ABI to match pkg 1.2.
Dag-Erling Smørgrav
2014-01-13 21:26:25 +0000
d9f3164b53The maximum number of messages in a single invocation conversation function is called PAM_MAX_NUM_MSG, not PAM_NUM_MSG.
Dag-Erling Smørgrav
2014-01-13 21:23:05 +0000
00df607198merge r746: typos in man pages
Dag-Erling Smørgrav
2013-12-10 14:03:16 +0000
7b4ce30d8eCurrently, openpam_policy_path is a hardcoded array of short strings, and filename is much larger than it needs to be. However, this might not be the case in the future. To be safe, add a length check after strlcpy(). This should silence a Coverity warning about possible array overflow.
Dag-Erling Smørgrav
2013-09-21 23:22:48 +0000
cf0612ac98I've always run aclocal before libtoolize, but the latter installs .m4 files, which requires regenerating aclocal.m4, so it should really be the other way around.
Dag-Erling Smørgrav
2013-09-08 19:27:39 +0000
c3cacd763amerge r742: caught_signal should be static.
Dag-Erling Smørgrav
2013-09-07 19:26:36 +0000
914a5b3708caught_signal should be static; gcc doesn't seem to mind, whereas some clang versions (but not all) complain.
Dag-Erling Smørgrav
2013-09-07 19:25:57 +0000
60d3d1dae7Prepare for OpenPAM Nummularia.
Dag-Erling Smørgrav
2013-09-07 12:53:55 +0000
83162901d4Catch up with trunk
Dag-Erling Smørgrav
2013-09-07 12:52:42 +0000
2e6439e932Prepare for OpenPAM Nummularia, which will be released later today from the nooath branch.
Dag-Erling Smørgrav
2013-09-07 12:37:27 +0000
8568521d18It appears that "pkg create" works correctly, even though it complains loudly about unresolved library dependencies.
Dag-Erling Smørgrav
2013-09-07 12:36:18 +0000
3bc114befaIt is entirely possible that pkg is present but not installed as a package, or that the pkg binary in $PATH is not the one that was installed (e.g. a development version in $HOME/bin/pkg). Therefore, use pkg -vv rather than pkg query to determine the pkg version.
Dag-Erling Smørgrav
2013-08-23 17:07:42 +0000
7eacdef3fdThis script is now sufficiently complex to merit a copyright statement and a license.
Dag-Erling Smørgrav
2013-08-22 17:48:45 +0000
ac8841d2bdSupport storing the non-standard lastused parameter in a key URI. Also fix some default values.
Dag-Erling Smørgrav
2013-08-21 15:32:54 +0000
0446934acbKeep track of when a TOTP key was last used and prevent reuse of the same sequence number.
Dag-Erling Smørgrav
2013-08-21 15:32:14 +0000
2cc13d4b85Allow digits in identifiers.
Dag-Erling Smørgrav
2013-08-21 15:28:24 +0000
e565eb6258Document the key structure members a little better.
Dag-Erling Smørgrav
2013-08-21 15:15:21 +0000
3b992508b8Use a dummy bit in the key structure instead of relying on the label.
Dag-Erling Smørgrav
2013-08-21 15:14:02 +0000
01d54c2924Use the defined constant.
Dag-Erling Smørgrav
2013-08-21 15:10:31 +0000
df82cbb560Change the label used for dummy keys to something OpenPAM-specific.
Dag-Erling Smørgrav
2013-08-21 15:08:40 +0000
4264bfb000Silence spurious warnings from aclocal.
Dag-Erling Smørgrav
2013-08-18 14:47:20 +0000
90715a13d4Extend the append-svn-revision-to-package-version logic to all non-numeric branches, not just trunk.
Dag-Erling Smørgrav
2013-08-18 12:13:21 +0000
a03bbedb50Increase the default synchronization window, and provide options to control it.
Dag-Erling Smørgrav
2013-08-16 13:45:55 +0000
b9ec47c689Don't forget to install all the liboath headers.
Dag-Erling Smørgrav
2013-08-16 12:58:05 +0000
0c4d5add5fImplement key saving, and change the outcome of failing to save the key from a system error to a service error.
Dag-Erling Smørgrav
2013-08-16 12:32:26 +0000
d34ad5ab09liboath needs generic alloc() / free() facilities for key data; oath_key_alloc() does the right thing, but oath_key_to_uri() doesn't.
Dag-Erling Smørgrav
2013-08-16 12:18:00 +0000
efa93c4a5fDon't log the text we read, it may contain sensitive information (such as an OATH OTP key, since liboath uses openpam_readline() to read the keyfile)
Dag-Erling Smørgrav
2013-08-16 11:57:54 +0000
b8ec0155ab- If @PACKAGE_VERSION@ is "trunk" and svnversion prints something sensible, append the svn revision. - Implement an ugly workaround for the shlib issue. - Clean up and add comments.
Dag-Erling Smørgrav
2013-08-16 10:26:24 +0000
fe081dbbfcUnfortunately, Linux doesn't have MAP_NOCORE.
Dag-Erling Smørgrav
2013-08-15 16:00:41 +0000
dfe04a59e4svn:ignore the mkpkgng script.
Dag-Erling Smørgrav
2013-08-15 15:24:50 +0000
88a91c2d02Rename oath_dummy_key() to oath_key_dummy() and move it into its own file.
Dag-Erling Smørgrav
2013-08-15 15:23:58 +0000
066e2b91ffRecord the last successful use of a TOTP key. Also add commented-out logic to prevent reuse of the same code or an earlier code within the window, and make some minor type adjustments.
Dag-Erling Smørgrav
2013-08-15 15:21:31 +0000
b578b6a715Add a script that creates a FreeBSD pkgng package. It does not currently work as intended due to a bug in pkgng's shlib handling.
Dag-Erling Smørgrav
2013-08-15 14:01:04 +0000
efe4bec74aRemove --with-modules-dir now that we DTRT by default.
Dag-Erling Smørgrav
2013-08-15 13:59:33 +0000
5847a34802The --with-modules-dir configure option never quite worked, and became even more badly broken when the dynamic loader was rewritten in March. Reimplement it the way it was always meant to work (but never did):
Dag-Erling Smørgrav
2013-08-15 13:22:51 +0000
c9387115d9Factor out oath_key_{alloc,free}() and implement wiring / locking.
Dag-Erling Smørgrav
2013-07-12 10:47:14 +0000
c05b6dd046INFTIM is a BSDism; use -1 instead.
Dag-Erling Smørgrav
2013-07-11 16:40:08 +0000
93d104bfd6Reimplement, hopefully with marginally fewer bugs. There is an unfortunate amount of code duplication between the tty and non-tty paths, but the alternative is greatly increased complexity.
Dag-Erling Smørgrav
2013-07-11 16:37:25 +0000
3a53d5117bDocument that openpam_log(3) saves and restores errno(2).
Dag-Erling Smørgrav
2013-07-11 16:36:02 +0000
6950b99458Add a command-line option that controls openpam_ttyconv_timeout.
Dag-Erling Smørgrav
2013-07-11 16:33:34 +0000
3ab09a4f26OPENPAM_DEBUG (--enable-debug) has a double action: it enables the debugging macros, and sets the initial value of openpam_debug to 1. This effectively gives the user a choice between no debugging at all, or drowning in debugging messages from every part of the system.
Dag-Erling Smørgrav
2013-04-14 15:44:32 +0000
a43b9256fcLog an error if open() failed for any other reason than ENOENT.
Dag-Erling Smørgrav
2013-04-14 14:49:59 +0000
70d5d18643Initialize has_ver and has_so to false, not true.
Dag-Erling Smørgrav
2013-04-14 14:48:29 +0000
2fc7038ca4Always restore errno before returning from openpam_log().
Dag-Erling Smørgrav
2013-04-14 14:36:05 +0000
9f0aba7d25Note need for loop detection
Dag-Erling Smørgrav
2013-03-29 21:38:21 +0000
9f6bdd74f4Clean up and simplify dummy key handling.
Dag-Erling Smørgrav
2013-03-18 21:38:58 +0000
7da9af6602Set a reasonable, hard limit on label length. This removes the need for a variable-length key structure (to accommodate a variable-length label) and vastly simplifies key parsing.
Dag-Erling Smørgrav
2013-03-18 21:34:29 +0000
f3f8ccc9c3An 80-byte key makes no sense, since HMAC hashes keys longer than 64 bytes. Google Authenticator uses 20-byte keys.
Dag-Erling Smørgrav
2013-03-18 21:19:41 +0000
496bd4632b- Add module options for specifying what to do if the user has no key or if the key was unreadable or invalid.
Dag-Erling Smørgrav
2013-03-18 19:20:54 +0000
2be62b5732Document the changes to the module loading code.
Dag-Erling Smørgrav
2013-03-17 20:06:01 +0000
422a3ccd39- Mention quoting and add a cross-reference to openpam_readword(3), which has a detailed explanation of how the file is parsed.
Dag-Erling Smørgrav
2013-03-17 20:04:06 +0000
794601a544Make the .so suffix optional, so these three lines are now equivalent:
Dag-Erling Smørgrav
2013-03-17 19:42:33 +0000
4f9b0f6342...and there's more to come.
Dag-Erling Smørgrav
2013-03-17 19:37:00 +0000
d4ab77b35cDocument the effect of module options (echo_pass, *_prompt etc)
Dag-Erling Smørgrav
2013-03-17 19:26:07 +0000
30f65f8a44Add a "maintained by" footer to ThinkSec-authored pages, like we do for pam(3), openpam(3) and pam.conf(5).
Dag-Erling Smørgrav
2013-03-17 19:21:55 +0000