[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Otpasswd-announce] 0.7b released

From: Tomasz bla Fortuna
Subject: [Otpasswd-announce] 0.7b released
Date: Wed, 15 Sep 2010 15:15:07 +0200

  I'm glad to announce that I've found some time and finished the
changes I've kept in repository since may.

Major changes include:
1) Dropped GMP dependency. OTPasswd has now it's own, small 128bit
arithmetic library. It requires 64bit types to exists so in future it
might need a bit of tweaking to work on wider range of architectures,
but all major ones should be covered by current code (x86, x86_64

2) Utility is not split into two separate executables:
  a) The frontend, command line interface, called "utility" in file
  'otpasswd' which is NEVER suid-root, parses user input, generated
  cards, can be translated using gettext etc.
  b) The backend, agent, inside "agent_otp" file. This is a program
  without an interface (has small interface for internal checks and
  config validation only) which, on behalf of utility, executes all
  actions related to user state files. In GLOBAL DB setting this
  executable is SUID-root (drops privileges later on) but it is not
  translatable, does not interact with user data directly, performs
  simpler tasks and implements policy.

Thanks to this split user can use output redirection of utility, which
was forbidden before and made using -l option rather cumbersome and he
can break execution with Control-C at any time. User can't in any
way alter agent execution (unless of course there are bugs), that is -
user can't BLOCK execution of agent while it holds locks on state,
which was kind of possible via the stdout previously and could render
system authentication locked.

3) Found one bug in static password handling. Update will invalidate
existing static passwords but state files aren't affected by other

4) Done full polish translation. In case somebody would like to
translate it to other languages there's an example xgettext command in
tools/locale_gen_template.sh (but should be run on all .h and all .c
  a) xgettext to extract messages from code
  b) msgmerge to update .po files with new messages
  c) poedit graphical editor for the translator
  d) msgfmt is done with CMake, but CMakeLists.txt would need update
  for each translation. It would be best to make it detect any new ones.

4) Removed backward skipping completely, accepts as input both
passcodes specifications CRR[card] and RRC[card].
5) Doxygen can generate internal documentation.
6) Updated manual pages, added manual page for agent, some fixes for
existing FIXMEs.
7) Maybe something more.
        * [+] Do not store things in mpz_t which don't need it (spass)
        * [+] Sanitize gettext environment
        * [+] Accept 2G[2] passcode specification entries.
        * [+] All previous functionality is now finally implemented.
              All implemented testcases where successfully run after
              The Split.   
        * [+] Printing with -l when skipped to the last passcard fixed .
        * [!] Fixed security bug in static password handling.

Testcase coverage of OTPasswd:

Internal docs:

Call/caller graphs in internal docs are fun.

Binaries (savannah mirrors might not yet have those files):

Gentoo ebuild:

Binary signature:
Version: GnuPG v2.0.16 (GNU/Linux)



Tomasz bla Fortuna
jid: bla(at)af.gliwice.pl
pgp: 0x90746E79 @ pgp.mit.edu
www: http://bla.thera.be

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]