From 7a3573a6f0ed629b6cf3dbfff93a2916001d1f11 Mon Sep 17 00:00:00 2001
From: Tomasz bla Fortuna <bla@thera.be>
Date: Sun, 20 Dec 2009 01:02:26 +0100
Subject: [PATCH] dont-skip option removed.

This should simplify implementation of more needed functions.
---
 ChangeLog                  |  4 ++--
 examples/otpasswd.conf     |  1 -
 libotp/ppp.h               |  3 ++-
 libotp/ppp_common.h        |  2 +-
 libotp/state.c             |  2 +-
 pam/pam_helpers.c          |  4 ++--
 pam/pam_helpers.h          |  5 ++---
 pam/pam_otpasswd.c         | 11 +----------
 utility/otpasswd.c         |  9 +--------
 utility/otpasswd_actions.c |  5 -----
 10 files changed, 12 insertions(+), 34 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 01ba082..efd2e56 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,7 +11,8 @@ ChangeLog / TODO
 Trying to sort tasks according to their priority.
 
 2009-12-13 v0.5
-	* [-] Remove dont-skip option.
+	* [+] Check bit distribution for alphabets not divisible by 2
+	* [+] Remove dont-skip option.
 	* [-] Keeping track of failures.
 	      Started (place in state files created)
 	* [-] Implement static passwords;
@@ -26,7 +27,6 @@ Trying to sort tasks according to their priority.
 	      more fine-grained is necessary.
 	* [-] Scan all FIXME/TODO entries
 	* [-] Manuals
-	* [-] Check bit distribution for alphabets not divisible by 2
 	* [-] Improve error messages when state file is not found.
         * [?] Big thing - Move state files to /etc + SUID.
 	* [?] Use locales for user messages [_("")? ]
diff --git a/examples/otpasswd.conf b/examples/otpasswd.conf
index 66791cb..39e3cda 100644
--- a/examples/otpasswd.conf
+++ b/examples/otpasswd.conf
@@ -99,7 +99,6 @@ OOB_USER=nobody
 #
 ##
 ALLOW_KEY_GENERATION=1
-ALLOW_SKIPPING=1
 ALLOW_PASSCODE_PRINT=1
 ALLOW_KEY_PRINT=1
 
diff --git a/libotp/ppp.h b/libotp/ppp.h
index 2831a25..b0b855b 100644
--- a/libotp/ppp.h
+++ b/libotp/ppp.h
@@ -118,7 +118,8 @@ extern int ppp_release(state *s, int store, int unlock);
  */
 extern int ppp_increment(state *s);
 
-/* Locked
+/* THIS WAS USED FOR SKIPPING. NOT USED NOW.
+ * Lock
  * Read
  * Decrement counter
  * Compare with current
diff --git a/libotp/ppp_common.h b/libotp/ppp_common.h
index be444ed..f3ea735 100644
--- a/libotp/ppp_common.h
+++ b/libotp/ppp_common.h
@@ -23,7 +23,7 @@ enum errors {
 
 enum flags {
 	FLAG_SHOW = 1,
-	FLAG_SKIP = 2,
+	/* FLAG_SKIP removed */
 	FLAG_ALPHABET_EXTENDED = 4,
 	FLAG_NOT_SALTED = 8,
 };
diff --git a/libotp/state.c b/libotp/state.c
index d6a4bdf..d7a0e3c 100644
--- a/libotp/state.c
+++ b/libotp/state.c
@@ -497,7 +497,7 @@ int state_load(state *s)
 		goto error;
 	}
 
-	if (s->flags > (FLAG_SHOW|FLAG_SKIP|FLAG_ALPHABET_EXTENDED|FLAG_NOT_SALTED)) {
+	if (s->flags > (FLAG_SHOW|FLAG_ALPHABET_EXTENDED|FLAG_NOT_SALTED)) {
 		print(PRINT_ERROR, "Unsupported set of flags. %s is invalid\n", 
 		      s->filename);
 		goto error;
diff --git a/pam/pam_helpers.c b/pam/pam_helpers.c
index c7a40b2..323a587 100644
--- a/pam/pam_helpers.c
+++ b/pam/pam_helpers.c
@@ -269,7 +269,7 @@ void ph_show_message(pam_handle_t *pamh, const options *opt, const char *msg)
 		_pam_drop_reply(resp, 1);
 }
 
-int ph_state_increment(pam_handle_t *pamh, int flags, int enforced, const options *opt, state *s)
+int ph_increment(pam_handle_t *pamh, const options *opt, state *s)
 {
 	const char enforced_msg[] = "otpasswd: Key not generated, unable to login.";
 	const char lock_msg[] = "otpasswd: Unable to lock user state file.";
@@ -292,7 +292,7 @@ int ph_state_increment(pam_handle_t *pamh, int flags, int enforced, const option
 		return PAM_AUTH_ERR;
 
 	case STATE_DOESNT_EXISTS:
-		if (enforced == 0) {
+		if (opt->enforce == 0) {
 			/* Not enforced - ignore */
 			return PAM_IGNORE;
 		} else {
diff --git a/pam/pam_helpers.h b/pam/pam_helpers.h
index f280a8b..6319e01 100644
--- a/pam/pam_helpers.h
+++ b/pam/pam_helpers.h
@@ -33,10 +33,9 @@ extern int ph_out_of_band(const options *opt, state *s);
 extern void ph_show_message(pam_handle_t *pamh, const options *opt, const char *msg);
 
 /* Load state, increment save, handle errors if any */
-extern int ph_state_increment(pam_handle_t *pamh, int flags, int enforced, 
-			      const options *opt, state *s);
+extern int ph_increment(pam_handle_t *pamh, const options *opt, state *s);
 
-/* Function which automates a bit talking with user */
+/* Function which automates a bit talking with a user */
 extern struct pam_response *ph_query_user(
 	pam_handle_t *pamh, int flags, int show,
 	const char *prompt, const state *s);
diff --git a/pam/pam_otpasswd.c b/pam/pam_otpasswd.c
index 3d57aae..d9f957e 100644
--- a/pam/pam_otpasswd.c
+++ b/pam/pam_otpasswd.c
@@ -64,7 +64,7 @@ PAM_EXTERN int pam_sm_authenticate(
 	for (tries = 0; tries < (opt->retry == 0 ? 1 : 3); tries++) {
 		if (tries == 0 || opt->retry == 1) {
 			/* First time or we are retrying while changing the password */
-			retval = ph_state_increment(pamh, flags, opt->enforce, opt, s);
+			retval = ph_increment(pamh, opt, s);
 			if (retval != 0)
 				goto cleanup;
 
@@ -118,15 +118,6 @@ PAM_EXTERN int pam_sm_authenticate(
 		}
 
 		/* Error during authentication */
-		if (opt->retry == 0 && opt->secure == 0 && ppp_is_flag(s, FLAG_SKIP) == 0) {
-			/* Decrement counter */
-			retval = ppp_decrement(s);
-			if (retval != 0) {
-				retval = PAM_AUTH_ERR;
-				print(PRINT_WARN, "Error while decrementing\n");
-				goto cleanup;
-			}
-		}
 		retval = PAM_AUTH_ERR;
 	}
 
diff --git a/utility/otpasswd.c b/utility/otpasswd.c
index 41359be..329e2d5 100644
--- a/utility/otpasswd.c
+++ b/utility/otpasswd.c
@@ -80,8 +80,6 @@ static void _usage(int argc, const char **argv)
 		"\nConfiguration:\n"
 		"  -f, --flag <arg>\n"
 		"               Manages various user-selectable flags:\n"
-		"               skip              skip passcode on failure (default)\n"
-		"               dont-skip         do not skip passcodes on failure\n"
 		"               show              show passcode while authenticating (default)\n"
 		"               dont-show         do not show passcode\n"
 		"               alphabet-simple   64-character alphabet (default)\n"
@@ -110,7 +108,6 @@ static void _usage(int argc, const char **argv)
 		"  --check       Run all testcases.\n"
 
 		"\nNotes:\n"
-		"  \"dont-skip\" flag might introduce a security hole.\n"
 		"  Both --text and --latex can get \"next\" as a parameter which\n"
 		"  will print the first not-yet printed passcard\n"
 		"\nExamples:\n"
@@ -226,11 +223,7 @@ int process_cmd_line(int argc, char **argv)
 
 			assert(optarg != NULL);
 
-			if (strcmp(optarg, "skip") == 0)
-				options.flag_set_mask |= FLAG_SKIP;
-			else if (strcmp(optarg, "dont-skip") == 0)
-				options.flag_clear_mask |= FLAG_SKIP;
-			else if (strcmp(optarg, "show") == 0)
+			if (strcmp(optarg, "show") == 0)
 				options.flag_set_mask |= FLAG_SHOW;
 			else if (strcmp(optarg, "dont-show") == 0)
 				options.flag_clear_mask |= FLAG_SHOW;
diff --git a/utility/otpasswd_actions.c b/utility/otpasswd_actions.c
index 84ec103..9484642 100644
--- a/utility/otpasswd_actions.c
+++ b/utility/otpasswd_actions.c
@@ -118,11 +118,6 @@ static void _show_flags(const state *s)
 	else
 		printf("dont-show ");
 
-	if (s->flags & FLAG_SKIP)
-		printf("skip ");
-	else
-		printf("dont-skip ");
-
 	if (s->flags & FLAG_ALPHABET_EXTENDED)
 		printf("alphabet-extended ");
 	else