[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Otpasswd-announce] 0.5_rc1v released

From: Tomasz bla Fortuna
Subject: [Otpasswd-announce] 0.5_rc1v released
Date: Sun, 24 Jan 2010 18:23:51 +0100


Commit 152050baa59855c07224b8ec34ba6dcc7795401f
Tag 0.5rc1

SHA256 of RC1 tarball:

Signature + source tarball pushed into Savannah Download section and
should be visible shortly.

Note that state file can still change in later version.

II. Roadmap
  This release changed much (see III), it needs tests. I've compiled 
and configured it already on three machines (x86+x64 Linux and x64
FreeBSD) in default configuration with OOB enabled. I have some guys 
who would like to do a code review, I'll try to do this.
  Everyone is asked to try this software in various configurations
and sent to mailing list informations about any bugs.

Some of features to be done:
  - OOB DoS protection (OOB usage time, delay between uses)
  - Long-time OOB using invented algorithm (featuring two passcodes)
  - Should be tested with SELinux and su.

III. Changes:
This release is a huge change comparing to 0.4v:
70 files changed, 15408 insertions(+), 3271 deletions(-)

Changes short:
- "Global operational mode" implemented. State is global. Users
  doesn't have access to it, policy might be enforced.
- Policy.
- Manual pages! + INSTALL/README rewritten.
- Static password (for OOB).
- Failure counting / displaying warnings.
- Configuration file 
- Code cleanups, preparations for gettext, bugfixes.

Development changelog (lot's of rubbish):
"Done" ChangeLog entries for 0.5:
        * [+] Check bit distribution for alphabets not divisible by 2
        * [+] Remove dont-skip option.
        * [+] GMP might leak information with reallocs of it's mpz_t
              Fixed by substituting alloc functions. num_init() must
              be called before any other gmp functions.
        * [+] Testcases added into make, with coverage measurement.
              They will modify your state data though so beware!
              PAM testcase added! Including coverage support, whoa!
        * [!] Bug in num.c/reallocate fixed. Did not exist in 0.4
        * [!] New testcase allowed to detect some memory leaks.
              Possibly exist in 0.4
        * [+] Improve error messages when state file is not found.
        * [+] Config file in /etc/security
              pam_access parses this file itself; samba(winbind) uses
              iniparser library (on MIT license)
        * [+] See how functions in otpasswd_actions initialize and
              deinitialize state, see if they can use ppp_, if not
              make them so they can. Or write some local static functions
              to handle errors during lock&load.
        * [+] Fix db* functions to return values from enum in ppp_common.h
        * [!] Skipping to 'next' not by 6...
        * [+] Removed dependency - OpenSSL
        * [+] Modify build config to work with CMake v2.4.7
        * [+] Config file revised.
        * [+] Multiple alphabet support
        * [+] Passing -f, -d, -c along with the -k.
        * [+] Partial policy implemented.
              Ensure that if the invalid state is read from file
              that the authentication will never succeed.
        * [+] Check if OOB script is not SUID?
        * [+] Ensure that PAM session can display warning in three calls
              to conversation function. If not, we must build a buffer
              (See for example how winscp shows that warning)
              (FIXED by simplifying warnings)
        * [+] Because of signals - redo permissions. (SUID required)
        * [+] The key/counter length is not checked when read from file.
        * [+] Big thing - Move state files to /etc + SUID.
        * [+] Manuals - Plenty of things finished thanks to Hannes Beinert.
        * [+] fsync before rename/unlock (see ext4 problem)
              sync() call inserted after fclose and before rename.
        * [+] First unlink lock file, then unlock to omit race condition?
        * [+] Add -r option to remove key and disable OTP.
        * [+] Fix user interface a bit.
        * [+] Keeping track of failures.
              Implemented, but not tested.
        * [+] Any possibility to change directory from /etc/otpasswd?
              This is going to be compile time option. Also otshadow 
              will be required to reside inside.
        * [+] right trim values from config?
        * [+] Check custom alphabet correction (whitespaces or multiple
              occurences of same character not allowed.
        * [!] Should we start suid root then drop to some config-defined user
              so attacker who breaks otpasswd can't modify the executable?
              Probably yes. Two modes of operation.
        * [+] Skip policy; deny skipping backwards. Add some semantic for
              skipping count of passcards? 
              WARNING: Might be removed and 'skipping backwards' will be
              totally locked.
        * [+] Implement static passwords;
              They might be required always or just to perform some commands
              like second-channel usage.
        * [+] Use locales for user messages [_("")? ]. Now do translations...
        * [+] Locale might mess up isalpha and isprint. 
              Fixed by adding isascii() before.
        * [!] User can always remove DISABLED flag if he can regenerate state.
              Should he be allowed to do this? More important question:
              What are we trying to disable? Disabling accounts is done with 
              other utilities.
        * [!] Can user lock program on some printf with some control of
              stdout? Probably yes. stdout buffering, not printing while locked
              or two-proc.
              FIXED: reopened /dev/tty. Does it suffice? Should be more less
              ok, but still it would be ok to limit number of outputed
              messages while state files are locked.
        * [!] Verify SIGCHLD won't clobber anything.
              FIXED: It shouldn't as we take care of our child (kill it when
              it's useless and wait for it)
        * [+] ssh config info to .ebuild elog!

Cheers and happy using,
Tomasz bla Fortuna
jid: bla(at)af.gliwice.pl
pgp: 0x90746E79 @ pgp.mit.edu
www: http://bla.thera.be

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]