From ed17c8875954b347ff8c2657d6edd27b0b792173 Mon Sep 17 00:00:00 2001 From: Tomasz bla Fortuna Date: Sat, 2 Nov 2013 14:51:40 +0100 Subject: [PATCH] Updated documentation and manual pages. Also fixed Debian package just a bit to better support documentation and example installation. --- docs/SECURITY | 73 +++++++++++++------ docs/agent_otp.1 | 28 +++---- docs/otpasswd.1 | 22 ++++-- docs/otpasswd.5 | 36 +++++---- docs/pam_otpasswd.8 | 7 +- examples/otpasswd.conf | 22 ++---- examples/otpasswd_oob.sh | 29 +++++--- tools/debian_pkg_template/README.Debian | 15 +++- tools/debian_pkg_template/control | 2 +- tools/debian_pkg_template/copyright | 6 +- .../libpam-otpasswd.install | 2 +- .../libpam-otpasswd.manpages | 2 +- tools/debian_pkg_template/otpasswd-bin.docs | 3 + .../debian_pkg_template/otpasswd-bin.install | 3 +- .../debian_pkg_template/otpasswd-bin.manpages | 2 +- tools/package.sh | 4 + 16 files changed, 153 insertions(+), 103 deletions(-) diff --git a/docs/SECURITY b/docs/SECURITY index 90bb89b..3699cd0 100644 --- a/docs/SECURITY +++ b/docs/SECURITY @@ -1,20 +1,32 @@ OTPasswd - One-Time Password Authentication System -------------------------------------------------- - https://savannah.nongnu.org/projects/otpasswd - Updated: 29-Dec-09 (v0.5pre1) + http://otpasswd.thera.be + Updated: 02-Nov-2013 (v0.8) SECURITY GUIDE - Contents ======== + 0. Intro 1. Security Concerns 2. Passcode Generation Algorithm 3. About PAM (short lecture) +Intro +----- +Security is a difficult topic, especially once you give up the notion +of ultimately `trusted' client while being unable to estimate your +trust at all. Use appropriate measures against threats based on their +probability and risk factor. This file sumarises some topics the +authors of OTPasswd had in mind while developing it. Let it inspire +you to do your own thinking. + +How often do you log into your systems from untrusted clients? I don't +really trust my mobile in the first place, so... the answer for me is +'often'. OTPasswd lets me reduce the risks a bit. 1. Security Concerns ==================== @@ -29,7 +41,7 @@ There are certain security related issues you should be aware of. if the attacker manages to discover your UNIX password, for example through the use of a key logger or by sniffing the E-M radiation of your keyboard's PS/2 connection, the attacker would still need to - have access to your passcard. + have access to your passcard. II. The second issue is that a Denial-of-Service (DoS) attack is possible in some configurations. When an attacker repeatedly tries to authenticate @@ -57,15 +69,16 @@ There are certain security related issues you should be aware of. 3) By receiving passcodes on an as-needed basis via a secure channel which cannot be blocked by attacker, such as SMS text-messaging. - In some scenarios this scheme could also be susceptible to a DoS - attack. For example, if a free SMS gateway is used which imposes - usage limits, an attacker who is aware of your phone number could - easily exhaust your daily quota of text messages. While this type of - attack is technically possible, it's also quite unlikely. However, - it does serve to highlight the fact that every countermeasure has - vulnerabilities. As far as this particular attack is concerned, - SMS transmissions could simply be sent using a different method, - such as making use of a GSM phone/modem connected to the computer. + In some scenarios this scheme could also be susceptible to a + DoS attack. For example, if a free SMS gateway is used which + imposes usage limits, an attacker who is aware of your phone + number could easily exhaust your daily quota of text messages. + While this type of attack is technically possible, it's also + quite unlikely. However, it does serve to highlight the fact + that every countermeasure has vulnerabilities. As far as this + particular attack is concerned, SMS transmissions could simply + be sent using a different method, such as making use of a GSM + phone/modem connected to the computer. NOTE: Early versions of OTPasswd included what was known as the @@ -81,7 +94,8 @@ There are certain security related issues you should be aware of. sessions. Since this option did not meet its intended design goal, it was ultimately removed. -III. If an attacker is able to collect used passcards, it is conceivable +III. Theoretical attack on cryptographic algorithms: + If an attacker is able to collect used passcards, it is conceivable that a brute-force attack could be made on the cryptographic key which was used to generate the passcodes. If the key is discovered, then future passcodes could be generated at will. Given the cipher @@ -103,7 +117,8 @@ III. If an attacker is able to collect used passcards, it is conceivable IMPORTANT. In order to securely login to a system with SSH you still must have trusted SSH client software (from a pendrive, for example) and you must validate the SSH server key fingerprint. Also, beware of -man-from-behind attacks when you're banged in the head after authenticating. +man-from-behind attacks when you're banged in the head after +authenticating. @@ -227,9 +242,28 @@ and finally: pam_unix - checks password according to /etc/shadow -This is an overview of the default PAM authentication schema (for Gentoo). -Somewhere in this process we will need to add our OTP authentication. +This is an overview of the default PAM authentication schema (for +Gentoo). Somewhere in this process we will need to add our OTP +authentication. There exists also alternative way of PAM module +configuration using [] notation instead of required/requisite +options. For more information about Linux-PAM, you may consult the +PAM(7) man page on your system, or read the PAM System Administrator's +Guide, which can be found at: + + http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/Linux-PAM_SAG.html + +PAM Profiles +------------ +Newer systems allows for PAM profile configuration. System keeps +profiles in (e.g.) /usr/share/pam-configs and a certain tool +(pam-auth-update) allows one to enable or disable selected +profile. OTPasswd has a profile included in `examples' directory and +it's the recommended way of configuring OTPasswd. + + +Manual PAM configuration: +------------------------ The easiest approach is just to modify the first file: /etc/pam.d/sshd. At the end of all the 'auth' entries, we can just add our pam_otpasswd module. The file would then look like this: @@ -295,10 +329,5 @@ by modifying auth line: password include system-remote-login session include system-remote-login -For more information about Linux-PAM, you may consult the PAM(7) man page -on your system, or read the PAM System Administrator's Guide, which can -be found at: - - http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/Linux-PAM_SAG.html ### diff --git a/docs/agent_otp.1 b/docs/agent_otp.1 index 0e8a730..8d44741 100644 --- a/docs/agent_otp.1 +++ b/docs/agent_otp.1 @@ -19,18 +19,20 @@ .\" along with OTPasswd. If not, see . .\" .\" Author: R Hannes Beinert & Tomasz bla Fortuna -.\" Version: otpasswd v0.7 -.\" Update: 15-Sep-10 +.\" Update: 02-Nov-13 .\" -.TH OTPASSWD 1 2010-09-15 "OTPasswd v0.7" "OTPasswd User Manual" +.TH AGENT_OTPASSWD 1 2013-11-02 "OTPasswd v0.8" "OTPasswd User Manual" .\" + .SH NAME agent_otp \- One-time password agent .\" + .SH SYNOPSIS .B agent_otp [\fIoptions\fR] .\" + .SH DESCRIPTION The \fIotpasswd\fR agent serves as the backend for otpasswd utility. To enhance security in the version 0.7, the utility was split into agent, @@ -42,6 +44,7 @@ be noted that agent is executed each time user runs the utility. That said, agent has a limited interface used solely for diagnostics. You can use it when you're logged as root or then agent is not a SUID binary. .\" + .SH OPTIONS .TP \fB\--testcase\fR @@ -60,20 +63,11 @@ That said it's vital that this program was written and tested correctly. .SH SEE ALSO \fBotpasswd\fR(1), -\fBotpasswd\fR(7), -\fBpam_otpasswd\fR(8), -\fBotpasswd.conf\fR(5), -\fBotshadow\fR(5), \fBotpasswd\fR(5) +\fBpam_otpasswd\fR(8), .\" + .SH DOCUMENTATION -The documentation for \fBotpasswd\fR is also maintained as a Texinfo manual. -If the \fBinfo\fR and \fBotpasswd\fR programs are properly installed at your -site, the following command should give you access to the manual: -.PP -.ti +4m -$ info otpasswd -.PP In addition to this manual, various other documents are included with the source to this package. Depending upon the \fBOTPasswd\fR package that was installed, @@ -97,8 +91,9 @@ NNTP newsreader at . .\" .\" *AUTHORS .\" + .SH LICENSE -Copyright (c) 2009, 2010 Tomasz bla Fortuna +Copyright (c) 2009-2013 Tomasz bla Fortuna .PP This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -113,11 +108,12 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program in a LICENSE file. .\" + .SH AVAILABILITY The latest version of the \fBOTPasswd\fR package is available in source form at the project website .nh -https://savannah.nongnu.org/projects/otpasswd +http://otpasswd.thera.be .hy 1 .\" .\" End of Manual: otpasswd(1) diff --git a/docs/otpasswd.1 b/docs/otpasswd.1 index a0f49ce..a5117ef 100644 --- a/docs/otpasswd.1 +++ b/docs/otpasswd.1 @@ -1,7 +1,7 @@ .\" .\" otpasswd(1) - One-Time Password Authentication System .\" -.\" Copyright (c) 2010 Tomasz bla Fortuna +.\" Copyright (c) 2010-2013 Tomasz bla Fortuna .\" .\" This file is part of OTPasswd. .\" @@ -19,18 +19,20 @@ .\" along with OTPasswd. If not, see . .\" .\" Author: R Hannes Beinert & Tomasz bla Fortuna -.\" Version: otpasswd v0.7 -.\" Update: 15-Sep-10 +.\" Update: 02-Nov-13 .\" -.TH OTPASSWD 1 2010-09-15 "OTPasswd v0.7" "OTPasswd User Manual" +.TH OTPASSWD 1 2013-11-02 "OTPasswd v0.8" "OTPasswd User Manual" .\" + .SH NAME otpasswd \- One-time password management utility .\" + .SH SYNOPSIS .B otpasswd [\fIoptions\fR] .\" + .SH DESCRIPTION The \fIotpasswd\fR utility serves as the primary management tool for the \fBOTPasswd\fR one-time password authentication package @@ -247,11 +249,13 @@ Brackets are optional. .RE .PD .\" + .SH SECURITY NOTES This section needs to be completed (FIXME). Until this section is written, see the docs/security file which is distributed with the \fBOTPasswd\fR sources. .\" + .SH EXIT STATUS \fBotpasswd\fR will return zero on success and non-zero on failure. This can be used for scripting @@ -261,6 +265,7 @@ This can be used for scripting .\" ERRORS [Typically only in Sections 2, 3] .\" ENVIRONMENT .\" + .SH FILES .TP /etc/otpasswd @@ -316,6 +321,7 @@ operation. For more information, see \fBpam_otpasswd\fR(8). .\" .\" VERSIONS [Normally only in Sections 2, 3] .\" + .SH COMPATIBILITY The \fBOTPasswd\fR authentication system is compatible with the "Perfect Paper Passwords" specification version 3 (PPPv3) as @@ -337,6 +343,7 @@ of the PPP specification. .\" NOTES .\" BUGS .\" + .SH EXAMPLES Every user must generate a key in order to use \fBOTPasswd\fR. Depending on the value of the \fBSALT_DEF\fR parameter in the @@ -401,13 +408,11 @@ $ rm tmp.latex tmp.pdf .RE .\" .SH SEE ALSO -\fBotpasswd\fR(7), \fBpam_otpasswd\fR(8), -\fBotpasswd.conf\fR(5), -\fBotshadow\fR(5), \fBotpasswd\fR(5) \fBagent_otp\fR(1) .\" + .SH DOCUMENTATION The documentation for \fBotpasswd\fR is also maintained as a Texinfo manual. If the \fBinfo\fR and \fBotpasswd\fR programs are properly installed at your @@ -439,6 +444,7 @@ NNTP newsreader at . .\" .\" *AUTHORS .\" + .SH HISTORY The creation of this program was inspired by the \fBppp\-pam\fR project (http://code.google.com/p/ppp\-pam). @@ -448,6 +454,7 @@ however ultimately it was decided to do a complete rewrite. The two projects share some code, such as locking functions, but nothing more. It would be reasonable to think of \fBOTPasswd\fR as a fork of \fBppp\-pam\fR. .\" + .SH LICENSE Copyright (c) 2009, 2010 Tomasz bla Fortuna .PP @@ -464,6 +471,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program in a LICENSE file. .\" + .SH AVAILABILITY The latest version of the \fBOTPasswd\fR package is available in source form at the project website diff --git a/docs/otpasswd.5 b/docs/otpasswd.5 index 9870de7..25b7867 100644 --- a/docs/otpasswd.5 +++ b/docs/otpasswd.5 @@ -1,7 +1,7 @@ .\" .\" otpasswd(5) - One-Time Password Authentication System .\" -.\" Copyright (c) 2010 Tomasz bla Fortuna +.\" Copyright (c) 2010-2013 Tomasz bla Fortuna .\" .\" This file is part of OTPasswd. .\" @@ -19,10 +19,9 @@ .\" along with OTPasswd. If not, see . .\" .\" Author: R Hannes Beinert & Tomasz bla Fortuna -.\" Version: otpasswd v0.7 -.\" Update: 15-Sep-10 +.\" Update: 02-Nov-13 .\" -.TH OTPASSWD 1 2010-09-15 "OTPasswd v0.7" "OTPasswd User Manual" +.TH OTPASSWD 5 2013-11-02 "OTPasswd v0.8" "OTPasswd User Manual" .\" .SH NAME ~/.otpasswd - OTPasswd user state information file @@ -31,19 +30,18 @@ .\" CONFIGURATION [Normally only in Section 4] .\" .SH DESCRIPTION -This file is used to store the user state information in the user's $HOME -directory for the \fBOTPasswd\fR one-time password authentication system. -It is \fIonly\fR used when the \fIDB=user\fR parameter setting has been -specified in the \fBotpasswd.conf\fR(5) system configuration file. +This file is used to store the user state information in the user's +$HOME directory and in the /etc/otpasswd/otshadow global file for the +\fBOTPasswd\fR one-time password authentication system. +The only difference is that the system-wide database contains +records for all users with \fBOTPasswd\fR state information. + .PP The \fB~/.otpasswd\fR file contains all state information required for the \fBOTPasswd\fR system to properly authenticate a user. .PP -Note that the system-wide user state information database \fBotshadow\fR(5) -is formatted in exactly the same manner as the \fB~/.otpasswd\fR file -described here, with the exception that the system-wide database contains -records for all users with \fBOTPasswd\fR state information. .\" + .SH FORMAT \fBOTPasswd\fR user state information is formatted as a single line of plain text with 14 fields delimited by colons (':'). @@ -85,6 +83,7 @@ Channel Contact Information .RE .PD .\" + .SH FIELD DEFINITIONS .TP \fBLogin name\fR @@ -254,6 +253,7 @@ types of information to be present. .\" .\" OPTIONS [Normally only in Sections 1, 8] .\" + .SH SECURITY NOTES When the \fBOTPasswd\fR system operates by keeping user state information in the user's $HOME directory, it presents a fundamental security problem. @@ -308,26 +308,23 @@ The implicit security policy by operating in this manner is that .\" *COMPATIBILITY .\" CONFORMING TO .\" -.SH NOTES -See \fBotpasswd\fR(7) for further information about the -\fBOTPasswd\fR one-time password authentication system. .\" .\" BUGS .\" EXAMPLE(S) .\" + .SH SEE ALSO -\fBotpasswd\fR(7), \fBotpasswd\fR(1), +\fBagent_otp\fR(1), \fBpam_otpasswd\fR(8), -\fBotpasswd.conf\fR(5), -\fBotshadow\fR(5), .\" .\" *DOCUMENTATION .\" *AUTHORS .\" *HISTORY .\" + .SH LICENSE -Copyright (c) 2009, 2010 Tomasz bla Fortuna +Copyright (c) 2009-2013 Tomasz bla Fortuna .PP This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -342,6 +339,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program in a LICENSE file. .\" + .SH AVAILABILITY The latest version of the \fBOTPasswd\fR package is available in source form at the project website diff --git a/docs/pam_otpasswd.8 b/docs/pam_otpasswd.8 index 4e9e039..2b111c5 100644 --- a/docs/pam_otpasswd.8 +++ b/docs/pam_otpasswd.8 @@ -1,7 +1,7 @@ .\" .\" pam_otpasswd(8) - One-Time Password Authentication System .\" -.\" Copyright (c) 2010 Tomasz bla Fortuna +.\" Copyright (c) 2010-2013 Tomasz bla Fortuna .\" .\" This file is part of OTPasswd. .\" @@ -19,10 +19,9 @@ .\" along with OTPasswd. If not, see . .\" .\" Author: R Hannes Beinert & Tomasz bla Fortuna -.\" Version: otpasswd v0.7 -.\" Update: 15-Sep-10 +.\" Update: 02-Nov-13 .\" -.TH OTPASSWD 1 2010-09-15 "OTPasswd v0.7" "OTPasswd User Manual" +.TH PAM_OTPASSWD 8 2013-11-02 "OTPasswd v0.8" "OTPasswd User Manual" .\" .SH NAME pam_otpasswd \- Module for OTPasswd one-time password authentication diff --git a/examples/otpasswd.conf b/examples/otpasswd.conf index 1ff4299..9d55b71 100644 --- a/examples/otpasswd.conf +++ b/examples/otpasswd.conf @@ -2,7 +2,7 @@ # OTPasswd - One-Time Password Authentication System # -------------------------------------------------- # https://savannah.nongnu.org/projects/otpasswd -# Updated: 15-Sep-10 (v0.7) +# Updated: 02-Nov-13 (v0.8) # # Configuration of OTPasswd PAM module and key management utility. # @@ -11,8 +11,8 @@ # Whitespaces around '=' are not ignored and values musn't be # surrounded with " or '. Whitespace after arguments is trimmed. # -# Most policy affects administrator and user (length of code -# usable alphabet), but some disable options only for user +# Most policy affects administrator and user (length of code usable +# alphabet), but some options disable functionality only for users # (contact/label changing, account disabling). # # There are some options which aren't implemented currently. @@ -46,17 +46,11 @@ DB=user # suffix. State copy might be created with .old suffix. DB_USER=.otpasswd -# Option USER defines a user, the utility will have to be run in certain -# conditions. This option is ignored when DB=user, and should be located -# after DB in config file. -# In situations when this option is not ignored, utility is -# SUID to either: -# root - (NI!) utility will drop it's privileges to USER as fast as it -# reads config file. This approach protects utility executable -# from being tampered by a successful attacker. -# USER - user which owns config file and /etc/otpasswd directory used -# to hold user database. This option is then used passively to -# make sure SUID is configured correctly. + +# Option USER is used only in DB=global setting. It has to be placed +# below DB option in config file. USER defines a system user used by +# agent_otp to drop privileges from root. This user must be the owner +# of /etc/otpasswd directory. USER=otpasswd # MySQL configuration (NI!) diff --git a/examples/otpasswd_oob.sh b/examples/otpasswd_oob.sh index f99fcf8..ccaaee0 100755 --- a/examples/otpasswd_oob.sh +++ b/examples/otpasswd_oob.sh @@ -1,9 +1,17 @@ #!/bin/bash -# $1 - contact -# $2 - passcode -# $3 - current column... (in future) -# $4 - current row... (in future) +# OTPasswd OOB external script EXAMPLE. +# It won't work by itself. + +# If you receive emails on your mobile you might want to send an email +# here; that's pretty much simpliest thing you might want to do. + +# $1 - contact data set by user (sanitize!) +# $2 - requested passcode +# Not yet implemented / reserved +# $3 - passcode column (in future) +# $4 - passcode row (in future) +# $5 - passcode passcard (in future) # Passcode with extended alphabet can contain # ' " ~ etc. Keep it safe! @@ -12,12 +20,12 @@ # to SANITIZE it correctly! If it's a phone number you can # check it with regular expression -# Exemplary simple OOB utility. (Polish 'Plus' operator internet gateway) -# Change it before using. +# Example for Polish 'PLUS' operator via Internet SMS gateway. # Contacts are phone numbers in format "48xxxyyyzzz" -SENDMAIL=/usr/sbin/sendmail # Update to match your system. +SENDMAIL=/usr/sbin/sendmail +## # Sanitize contact data echo "$1" | egrep '^[0-9]+$' > /dev/null if [ $? != 0 ]; then @@ -25,12 +33,15 @@ if [ $? != 0 ]; then exit 1 fi -# Send email +## +# Send an email TO="<$1@text.plusgsm.CHANGEME.pl>" echo -en "To:$TO\nFrom: OTP \nSubject: OTP password\n\nPasscode = $2\n" | $SENDMAIL "$TO" -# Tests. +## +# Tests - if you're unsure if OOB is executed. # whoami >> /tmp/OOB_TEST # echo "CONTACT '$1' CODE '$2'" >> /tmp/OOB_TEST + exit 0 diff --git a/tools/debian_pkg_template/README.Debian b/tools/debian_pkg_template/README.Debian index ba8db14..d36a17a 100644 --- a/tools/debian_pkg_template/README.Debian +++ b/tools/debian_pkg_template/README.Debian @@ -1,5 +1,5 @@ OTPasswd for Debian -------------------- +=================== Treat 0.8 as a testing release-candidate before 1.0 version. Using in default DB=user mode as an additional layer of the authentication @@ -15,6 +15,9 @@ To use with SSH: For more information see homepage and upstream README/INSTALL files. + +Using in DB=GLOBAL mode +----------------------- To use DB=global agent_otp needs to be SETUID root. Also additional system user will be required. You can set SUID-bit on agent-otp like this: @@ -23,10 +26,14 @@ So that SUID will stick even when package gets updated. And create user for OTPasswd like this: # adduser --system --no-create-home otpasswd +# chown otpasswd /etc/otpasswd; chmod g-rwx,o-rwx /etc/otpasswd -R + -Release plan: Version 0.9 and 1.0 will be published after 0.8 is - tested and reviewed (see upstream Changelog) No major new - functionality is planned for 1.0 version. +Release plan +------------ +Version 0.9 and 1.0 will be published after 0.8 is tested and reviewed +(see upstream Changelog) No major new functionality is planned for 1.0 +version. -- Tomasz Fortuna -Build-Depends: cdbs, debhelper (>= 9), cmake, libpam0g-dev +Build-Depends: cdbs, debhelper (>= 8), cmake, libpam0g-dev Standards-Version: 3.9.4 Homepage: http://otpasswd.thera.be diff --git a/tools/debian_pkg_template/copyright b/tools/debian_pkg_template/copyright index c1fb4b6..3712312 100644 --- a/tools/debian_pkg_template/copyright +++ b/tools/debian_pkg_template/copyright @@ -1,6 +1,6 @@ This package was debianized by Luke Faraone on Fri, -18 Dec 2009 20:46:18 -0500 - version 0.4. Completely new package -created by Tomasz bla Fortuna on Sat 26 Oct 2013. +18 Dec 2009 20:46:18 -0500 - version 0.4. Package completely redone by +Tomasz bla Fortuna on Sat 26 Oct 2013. It was downloaded from @@ -39,7 +39,7 @@ License: version. If you delete this exception statement from all source files in the program, then also delete it here. - + IMPORTANT: It was always planned to relicense this software under BSD-like license one day. Most changes required for relicensing are already complete. To contribute to the project you have to agree to diff --git a/tools/debian_pkg_template/libpam-otpasswd.install b/tools/debian_pkg_template/libpam-otpasswd.install index 18926d5..1f72ac1 100644 --- a/tools/debian_pkg_template/libpam-otpasswd.install +++ b/tools/debian_pkg_template/libpam-otpasswd.install @@ -1,2 +1,2 @@ lib/security/pam_otpasswd.so -examples/pam-configs/otpasswd usr/share/pam-configs \ No newline at end of file +examples/pam-configs/otpasswd usr/share/pam-configs diff --git a/tools/debian_pkg_template/libpam-otpasswd.manpages b/tools/debian_pkg_template/libpam-otpasswd.manpages index 29f79d7..90ae2a6 100644 --- a/tools/debian_pkg_template/libpam-otpasswd.manpages +++ b/tools/debian_pkg_template/libpam-otpasswd.manpages @@ -1 +1 @@ -docs/pam_otpasswd.8 \ No newline at end of file +docs/pam_otpasswd.8 diff --git a/tools/debian_pkg_template/otpasswd-bin.docs b/tools/debian_pkg_template/otpasswd-bin.docs index 801169d..0928c10 100644 --- a/tools/debian_pkg_template/otpasswd-bin.docs +++ b/tools/debian_pkg_template/otpasswd-bin.docs @@ -1,2 +1,5 @@ README docs/SECURITY +examples/otpasswd.conf +examples/otpasswd-login +examples/otpasswd_oob.sh \ No newline at end of file diff --git a/tools/debian_pkg_template/otpasswd-bin.install b/tools/debian_pkg_template/otpasswd-bin.install index 2268ac2..30db94f 100644 --- a/tools/debian_pkg_template/otpasswd-bin.install +++ b/tools/debian_pkg_template/otpasswd-bin.install @@ -1,3 +1,4 @@ usr/bin/otpasswd usr/bin/agent_otp -etc/otpasswd/otpasswd.conf \ No newline at end of file +etc/otpasswd/otpasswd.conf +examples/otpasswd_oob.sh etc/otpasswd/ diff --git a/tools/debian_pkg_template/otpasswd-bin.manpages b/tools/debian_pkg_template/otpasswd-bin.manpages index 4d0b145..97a7011 100644 --- a/tools/debian_pkg_template/otpasswd-bin.manpages +++ b/tools/debian_pkg_template/otpasswd-bin.manpages @@ -1,3 +1,3 @@ docs/otpasswd.1 docs/otpasswd.5 -docs/agent_otp.1 \ No newline at end of file +docs/agent_otp.1 diff --git a/tools/package.sh b/tools/package.sh index 072b927..da6066f 100755 --- a/tools/package.sh +++ b/tools/package.sh @@ -46,11 +46,15 @@ test_build () { } check_versions () { + echo + echo "* DATES:" + egrep '20[01][0-9]|[0-9]{2}-[A-Za-z]{3}-[0-9]{2}' $(find . -type f -regex '.*\.[hc158]') echo echo '* CHECK VERSIONS' echo "Cmakelists versions:" grep OR_VERSION CMakeLists.txt grep PROG_VERSION $(find . -type f -regex '.*\.[ch]') | grep -i define + egrep 'v[0-9]+\.[0-9]+' docs/*.1 docs/*.5 docs/*.8 examples/*conf | grep -v PPPv3.1 echo echo "If they are ok - hit enter to continue"