OpenPAM

Timeline
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

50 check-ins occurring around d1dba799b54b76f7.

2014-10-09
14:28
Refactor. The only major change is that CVE numbers now link to the corresponding NVD database entry. check-in: d1084bd842 user: des tags: trunk, svn-rev-819
2014-10-08
11:02
- Set the sameuser flag when a non-root user manipulates their own key. - Rename the uri command to geturi (but retain backward compatibility). - Add a getkey command that prints the key in hexadecimal. check-in: 846f86fdc2 user: des tags: trunk, svn-rev-818
10:58
Remove superfluous comments and blank lines. check-in: 1e0f39de5d user: des tags: trunk, svn-rev-817
2014-09-12
07:47
merge r813: credit Gavin Atkinson merge r814: autotools nits check-in: 3ca647ead4 user: des tags: nooath, svn-rev-815
07:46
Spell out option names check-in: 078b80035e user: des tags: trunk, svn-rev-814
07:46
Gavin helped out with CVE-2014-3879 check-in: b99eb61794 user: des tags: trunk, svn-rev-813
07:24
merge r811: push back release date check-in: 7f26a70ee4 user: des tags: nooath, svn-rev-812
07:23
Push back one day. check-in: ba81ad34e5 user: des tags: trunk, svn-rev-811
2014-09-09
11:02
merge r809: typo check-in: 426e1bf66d user: des tags: nooath, svn-rev-810
11:01
typo check-in: 285048c0f6 user: des tags: trunk, svn-rev-809
09:41
merge r802: require at least one service function to have succeeded. merge r803: introduce strlset() and use it to clear authentication tokens merge r804: remove keywords from text files merge r805: include CVE numbers in change log merge r806: prepare to release Ourouparia check-in: 46610f4e95 user: des tags: nooath, svn-rev-807
09:33
Prepare for releasing Ourouparia on Thursday. check-in: eabae2b7a6 user: des tags: trunk, svn-rev-806
09:13
Include CVE numbers when available check-in: 3f602e46ac user: des tags: trunk, svn-rev-805
09:11
Remove keywords from pure text files. check-in: 35f4088d20 user: des tags: trunk, svn-rev-804
09:07
Introduce strlset(), a memset() variant for strings where the actual size of the buffer is not necessarily known, and which can replace the "memset(str, 0, strlen(str))" idiom. Use it to clear buffers which may have contained authentication tokens. check-in: 846d7d18e9 user: des tags: trunk, svn-rev-803
08:08
From NetBSD: require at least one service function to have succeeded. check-in: 4c02729206 user: des tags: trunk, svn-rev-802
2014-09-08
12:43
merge r800: belatedly document support for module search paths check-in: 6224ff9195 user: des tags: nooath, svn-rev-801
12:42
Belatedly document the addition of module search paths. check-in: 2311f7fc2f user: des tags: trunk, svn-rev-800
2014-07-10
17:16
Spell the name of the University of Oslo in English. check-in: 6192379474 user: des tags: trunk, svn-rev-799
2014-06-10
21:28
merge r797: add a missing cast check-in: 5375bac033 user: des tags: nooath, svn-rev-798
21:27
Add missing cast. Submitted by: Jörg Sonnenberger <joerg@britannica.bec.de> check-in: 6b95d23709 user: des tags: trunk, svn-rev-797
2014-06-03
21:30
merge r795: fix error handling for nonexistent modules (CVE-2014-3879) check-in: 1e5e81870d user: des tags: nooath, svn-rev-796
21:27
In openpam_parse_chain(): 1. Finish a comment which was meant to describe the four different termination conditions for the loop in openpam_parse_chain() but ended in mid-sentence. 2. Ensure that errno is consistently set to EINVAL if a syntax error is encountered in the policy file. 3. If openpam_load_module() fails because the module could not be loaded, set errno to ENOEXEC instead of ENOENT. This closes a hole where a missing module or a typo in a module name would cause the corresponding chain to fail open. Normally, if the policy exists but cannot be loaded, openpam_load_chain() will return an error, and openpam_configure() will discard any partially constructed chains. However, openpam_load_chain() interprets ENOENT to mean that the policy was not found, so it does not immediately return an error, the partially-loaded chain is not discarded, and the policy is incorrectly considered to have been successfully loaded. 4. Ensure that errors encountered while parsing an included policy are correctly propagated to the original policy, and that ENOENT while processing an include directive is a hard error, not a soft error. CVE-2014-3879 check-in: 0c1f0dad51 user: des tags: trunk, svn-rev-795
2014-04-11
10:35
For TOTP keys, we record when the key was last used. For HOTP keys, however, we want to record the *next* allowed counter value. check-in: 15cac5bc81 user: des tags: trunk, svn-rev-794
2014-03-17
14:27
Add a test for lines containing more words than will fit in openpam_readword()'s initial allocation. check-in: d1dba799b5 user: des tags: trunk, svn-rev-793
14:11
Support line continuation in whitespace. check-in: 3d00ab46d7 user: des tags: trunk, svn-rev-792
14:10
Missed one check-in: ba1efd50a1 user: des tags: trunk, svn-rev-791
14:08
Additional tests for various end-of-line / end-of-file corner cases, and for comments that aren't comments. check-in: e9a1b43d6c user: des tags: trunk, svn-rev-790
2014-03-12
00:04
Fix headers check-in: abfd8c88ea user: des tags: trunk, svn-rev-789
00:03
I must have been drunk when I wrote this. check-in: ef81458892 user: des tags: trunk, svn-rev-788
2014-03-10
15:43
Compress man pages before generating the manifest. check-in: 177415585f user: des tags: trunk, svn-rev-787
15:37
Move oath_key_from_file() into a separate source file and document it. check-in: 61a0543a96 user: des tags: trunk, svn-rev-786
15:37
Missing word check-in: 96d2019111 user: des tags: trunk, svn-rev-785
15:31
Implement keyfile writeback. check-in: 8259cfafd1 user: des tags: trunk, svn-rev-784
11:13
Fix buffer overflow in the b64complete test case by increasing the size of the buffer used in tests. check-in: d80350d499 user: des tags: trunk, svn-rev-783
10:03
Don't forget do distribute oath_impl.h. check-in: a55b1f9eef user: des tags: trunk, svn-rev-782
09:59
Generate man pages for oath_key_from_uri() and oath_uri_decode(). check-in: 9973a776f6 user: des tags: trunk, svn-rev-781
09:55
Rudimentary key management tool. check-in: d8f81f417a user: des tags: trunk, svn-rev-780
2014-03-09
14:11
When I changed the argument type from uint8_t * to char *, I forgot that they were being used as array indices. Cast them back to uint8_t. check-in: ce39eb9ed4 user: des tags: trunk, svn-rev-779
14:10
Add test vectors which encode to the complete alphabet. check-in: 0cd58588f8 user: des tags: trunk, svn-rev-778
13:08
Support (but ignore, for now) the issuer parameter. check-in: 4feb45a7fa user: des tags: trunk, svn-rev-777
12:48
Encoder: - Return the desired length when the buffer is too small. - Annotate the switch so Bullseye doesn't complain about an uncovered default case. Decoder: - The table approach was a good idea, but there was no way to tell the difference between a character that decodes as 0 and an invalid character. Modify the tables so an invalid character is indicated by 0xff instead of 0x00. - Check that padding starts in a valid position. Note that we still don't check for left-over bits. - The overflow test always failed, because we set *olen = len before comparing them. check-in: 8daaa8b636 user: des tags: trunk, svn-rev-776
12:04
Additional tests (which also fail) for unexpected padding. check-in: c38bd14523 user: des tags: trunk, svn-rev-775
11:51
The dummy constants have moved to oath_constants.h. Add annotation macros for coverage analysis. check-in: 5249fa6670 user: des tags: trunk, svn-rev-774
11:49
Completely rewrite the test suite for the RFC 4648 encoding / decoding functions and add many new tests, several of which fail. check-in: 2ac3b1e59f user: des tags: trunk, svn-rev-773
11:45
Switch from uint8_t to char. check-in: 7b1e5cece2 user: des tags: trunk, svn-rev-772
2014-03-06
17:54
Replace base{32,64}_decode() with table-driven implementations. The new code is less strict about padding, thus ensuring compatibility with implementations which do not understand padding, such as MIME::Base32. check-in: 2140f77235 user: des tags: trunk, svn-rev-771
12:35
Fix base{32,64}_decode(). The former handled padding incorrectly; the latter was derived from the former, and had a couple of copy-paste bugs in addition to the padding bug. check-in: 140d7db810 user: des tags: trunk, svn-rev-770
12:32
Add tests for base{32,64}_decode(). Both are broken. check-in: d1db275c83 user: des tags: trunk, svn-rev-769
12:31
Make stdout line-buffered so verbose output is easier to read. check-in: a57ba446f2 user: des tags: trunk, svn-rev-768