.orig -> .dist, changelog cleanup, regeneration when disabled.

CMakeLists.txt

@@ -152,7 +152,7 @@ INSTALL(TARGETS pam_otpasswd otpasswd
 #  LIBRARY DESTINATION /lib)
 
 INSTALL(FILES examples/otpasswd-login DESTINATION /etc/pam.d)
-INSTALL(FILES examples/otpasswd.conf.orig DESTINATION /etc/otpasswd)
+INSTALL(FILES examples/otpasswd.conf.dist DESTINATION /etc/otpasswd)
 
 INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/${man_gz_1} DESTINATION "share/man/man1")
 INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/${man_gz_5} DESTINATION "share/man/man5")

ChangeLog

@@ -74,19 +74,27 @@ Done:
               They might be required always or just to perform some commands
               like second-channel usage.
         * [+] Use locales for user messages [_("")? ]. Now do translations...
+        * [+] Locale might mess up isalpha and isprint. 
+              Fixed by adding isascii() before.
+        * [!] User can always remove DISABLED flag if he can regenerate state.
+              Should he be allowed to do this? More important question:
+              What are we trying to disable? Disabling accounts is done with 
+              other utilities.
 TODO Major:
         * [?] Parametrize PAM messages.
         * [%] Can user lock program on some printf with some control of
         stdout?
+        * [?] OOB Channel usage time updates + DoS security
+        * [?] Static password expire warnings + enforcement. 
         * [?] Do not store things in mpz_t which don't need it (spass)
         * [?] Sanitize gettext environment
-        * [?] locale might mess up isalpha and isprint. 
         * [?] Logging warnings printed to user at WARN level
         * [?] Key quality checking (duplicates)
         * [?] Verify SIGCHLD won't clobber anything.
         * [?] "Problem solving section" in docs, mentioning use of -v on
               errors in the first place.
         * [?] Global DB should work with users which aren't in passwd.
+              Should it?
         * [?] Check if lock files are links. if so. fail. Or rather always unlink
               before overwritting.
         * [?] Logging into syslog from utility if SUID; Also deny -v.
@@ -104,10 +112,6 @@ TODO Major:
         * [-] Scan all FIXME/TODO entries
         * [?] SELinux compatibility.
         * [?] Import/export of ascii state lines...
-        * [%] User can always remove DISABLED flag if he can regenerate state.
-              Should he be allowed to do this? More important question:
-              What are we trying to disable? Disabling accounts is done with 
-              other utilities.
         * [?] Make otpasswd work with su (there's additional information 'who
               is trying to get authenticated'. Just test it.
 

utility/actions.c

@@ -147,6 +147,12 @@ int action_key(options_t *options)
 			goto cleanup;
 		}
 
+		if (s->flags & FLAG_DISABLED) {
+			print(_("Your current state is disabled. Cannot regenerate "
+			        "until you remove the disabled flag.\n"));
+			goto cleanup;
+		}
+
 		/* We loaded state correctly, key exists */
 		puts(
 			"*************************************************\n"