rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-02-01 01:52:18 +01:00
Code Issues Projects Releases Wiki Activity

Storing local param info at the time when verify request arrived.

Browse Source 
Used to give correct warnings of wether local/remote is out of sync or not
This commit is contained in:
Olov Danielson 2009-12-04 11:57:49 +00:00
parent 362b40056d
commit 55aeffc066
5 changed files with 127 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
tests/syncLibTest.php
View File

@ -38,13 +38,22 @@ class SyncLibTest extends PHPUnit_Framework_TestCase
$queue_length = $sl->getQueueLength(); $queue_length = $sl->getQueueLength();
$sl->queue(1259585588, $sl->queue(array('modified'=>1259585588,
"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui", 'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
"cccccccccccc", 'yk_identity'=>"cccccccccccc",
10, 'yk_counter'=>10,
20, 'yk_use'=>20,
100, 'yk_high'=>100,
1000); 'yk_low'=>1000),
array('modified'=>1259585588,
'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
'yk_identity'=>"cccccccccccc",
'yk_counter'=>10,
'yk_use'=>18,
'yk_high'=>100,
'yk_low'=>1000)
);
$this->assertEquals($nr_servers + $queue_length, $sl->getQueueLength()); $this->assertEquals($nr_servers + $queue_length, $sl->getQueueLength());
$lastSync=$sl->getLast(); $lastSync=$sl->getLast();
@ -102,26 +111,47 @@ class SyncLibTest extends PHPUnit_Framework_TestCase
"http://localhost/wsapi/syncvalid3"); "http://localhost/wsapi/syncvalid3");
$start_length=$sl->getQueueLength(); $start_length=$sl->getQueueLength();
$this->assertTrue($sl->queue(1259671571+1000, $this->assertTrue(
"ccccccccccccculnnjikvhjduicubtkcvgvkcdcvdjhk", $sl->queue(array('modified'=>1259585588+1000,
"cccccccccccc", 'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
9, 'yk_identity'=>"cccccccccccc",
3, 'yk_counter'=>9,
55, 'yk_use'=>3,
18000)); 'yk_high'=>100,
'yk_low'=>1000),
array('modified'=>1259585588,
'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
'yk_identity'=>"cccccccccccc",
'yk_counter'=>10,
'yk_use'=>18,
'yk_high'=>100,
'yk_low'=>1000)
));
$res=$sl->sync(3); $res=$sl->sync(3);
$this->assertEquals(3, $sl->getNumberOfValidAnswers()); $this->assertEquals(3, $sl->getNumberOfValidAnswers());
$this->assertTrue($res, "all sync servers should be configured to return ok values"); $this->assertTrue($res, "all sync servers should be configured to return ok values");
$this->assertEquals($start_length, $sl->getQueueLength()); $this->assertEquals($start_length, $sl->getQueueLength());
$this->assertTrue($sl->queue(1259671571+1000, $this->assertTrue(
"ccccccccccccculnnjikvhjduicubtkcvgvkcdcvdjhk", $sl->queue(array('modified'=>1259585588+1000,
"cccccccccccc", 'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
9, 'yk_identity'=>"cccccccccccc",
3, 'yk_counter'=>9,
55, 'yk_use'=>3,
18000)); 'yk_high'=>100,
'yk_low'=>1000),
array('modified'=>1259585588,
'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
'yk_identity'=>"cccccccccccc",
'yk_counter'=>10,
'yk_use'=>18,
'yk_high'=>100,
'yk_low'=>1000)
));
$res=$sl->sync(2); $res=$sl->sync(2);
$this->assertEquals(2, $sl->getNumberOfValidAnswers()); $this->assertEquals(2, $sl->getNumberOfValidAnswers());
@ -139,13 +169,23 @@ class SyncLibTest extends PHPUnit_Framework_TestCase
"http://localhost/wsapi/syncinvalid3"); "http://localhost/wsapi/syncinvalid3");
$start_length=$sl->getQueueLength(); $start_length=$sl->getQueueLength();
$this->assertTrue($sl->queue(1259671571+1000, $this->assertTrue(
"ccccccccccccculnnjikvhjduicubtkcvgvkcdcvdjhk", $sl->queue(array('modified'=>1259585588+1000,
"cccccccccccc", 'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
9, 'yk_identity'=>"cccccccccccc",
3, 'yk_counter'=>9,
55, 'yk_use'=>3,
18000)); 'yk_high'=>100,
'yk_low'=>1000),
array('modified'=>1259585588,
'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
'yk_identity'=>"cccccccccccc",
'yk_counter'=>10,
'yk_use'=>18,
'yk_high'=>100,
'yk_low'=>1000)
));
$res=$sl->sync(3); $res=$sl->sync(3);
$this->assertEquals(0, $sl->getNumberOfValidAnswers()); $this->assertEquals(0, $sl->getNumberOfValidAnswers());
@ -163,13 +203,23 @@ class SyncLibTest extends PHPUnit_Framework_TestCase
"http://localhost/wsapi/syncvalid3"); "http://localhost/wsapi/syncvalid3");
$start_length=$sl->getQueueLength(); $start_length=$sl->getQueueLength();
$this->assertTrue($sl->queue(1259671571+1000, $this->assertTrue(
"ccccccccccccculnnjikvhjduicubtkcvgvkcdcvdjhk", $sl->queue(array('modified'=>1259585588+1000,
"cccccccccccc", 'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
9, 'yk_identity'=>"cccccccccccc",
3, 'yk_counter'=>9,
55, 'yk_use'=>3,
18000)); 'yk_high'=>100,
'yk_low'=>1000),
array('modified'=>1259585588,
'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
'yk_identity'=>"cccccccccccc",
'yk_counter'=>10,
'yk_use'=>18,
'yk_high'=>100,
'yk_low'=>1000)
));
$res=$sl->sync(1); $res=$sl->sync(1);
$this->assertEquals(1, $sl->getNumberOfValidAnswers()); $this->assertEquals(1, $sl->getNumberOfValidAnswers());

2
ykval-common.php
View File

@ -136,7 +136,7 @@ function retrieveURLasync ($urls, $ans_req=1, $match="^OK", $returl=False) {
$ch = array(); $ch = array();
foreach ($urls as $id => $url) { foreach ($urls as $id => $url) {
$handle = curl_init(); $handle = curl_init();
debug("url is: " . $url);
curl_setopt($handle, CURLOPT_URL, $url); curl_setopt($handle, CURLOPT_URL, $url);
curl_setopt($handle, CURLOPT_USERAGENT, "YK-VAL"); curl_setopt($handle, CURLOPT_USERAGENT, "YK-VAL");
curl_setopt($handle, CURLOPT_RETURNTRANSFER, 1); curl_setopt($handle, CURLOPT_RETURNTRANSFER, 1);

1
ykval-db.sql
View File

@ -32,6 +32,7 @@ CREATE TABLE queue (
id INT NOT NULL UNIQUE AUTO_INCREMENT, id INT NOT NULL UNIQUE AUTO_INCREMENT,
queued_time TIMESTAMP DEFAULT CURRENT_TIMESTAMP, queued_time TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
modified_time TIMESTAMP, modified_time TIMESTAMP,
random_key INT,
otp VARCHAR(100) NOT NULL, otp VARCHAR(100) NOT NULL,
server VARCHAR(100) NOT NULL, server VARCHAR(100) NOT NULL,
info VARCHAR(100) NOT NULL, info VARCHAR(100) NOT NULL,

33
ykval-synclib.php
View File

@ -53,27 +53,25 @@ class SyncLib
{ {
return count($this->db->last('queue', NULL)); return count($this->db->last('queue', NULL));
} }
public function queue($modified, $otp, $identity, $counter, $use, $high, $low) public function queue($otpParams, $localParams)
{ {
$info='yk_identity=' . $identity .
'&yk_counter=' . $counter .
'&yk_use=' . $use .
'&yk_high=' . $high .
'&yk_low=' . $low;
$this->otpParams['modified']=$modified;
$this->otpParams['otp']=$otp; $info='yk_identity=' . $otpParams['yk_identity'] .
$this->otpParams['yk_identity']=$identity; '&yk_counter=' . $otpParams['yk_counter'] .
$this->otpParams['yk_counter']=$counter; '&yk_use=' . $otpParams['yk_use'] .
$this->otpParams['yk_use']=$use; '&yk_high=' . $otpParams['yk_high'] .
$this->otpParams['yk_high']=$high; '&yk_low=' . $otpParams['yk_low'];
$this->otpParams['yk_low']=$low;
$this->otpParams = $otpParams;
$this->localParams = $localParams;
$res=True; $res=True;
foreach ($this->syncServers as $server) { foreach ($this->syncServers as $server) {
if(! $this->db->save('queue', array('modified_time'=>$this->UnixToDbTime($modified), if(! $this->db->save('queue', array('modified_time'=>$this->UnixToDbTime($otpParams['modified']),
'otp'=>$otp, 'otp'=>$otpParams['otp'],
'server'=>$server, 'server'=>$server,
'random_key'=>$this->random_key, 'random_key'=>$this->random_key,
'info'=>$info))) $res=False; 'info'=>$info))) $res=False;
@ -201,7 +199,8 @@ class SyncLib
/* /*
Parse responses Parse responses
*/ */
$localParams=$this->getLocalParams($this->otpParams['yk_identity']); $lastLocalParams=$this->getLocalParams($this->otpParams['yk_identity']);
$localParams = $this->localParams;
$this->answers = count($ans_arr); $this->answers = count($ans_arr);
$this->valid_answers = 0; $this->valid_answers = 0;
@ -212,7 +211,7 @@ class SyncLib
$this->log("notice", "response contains ", $resParams); $this->log("notice", "response contains ", $resParams);
/* Check if internal DB should be updated */ /* Check if internal DB should be updated */
if ($this->countersHigherThan($resParams, $localParams)) { if ($this->countersHigherThan($resParams, $lastLocalParams)) {
$this->updateDbCounters($resParams); $this->updateDbCounters($resParams);
} }

31
ykval-verify.php
View File

@ -165,13 +165,30 @@ $sl = new SyncLib();
// We need the modifed value from the DB // We need the modifed value from the DB
$stmp = 'SELECT accessed FROM yubikeys WHERE id=' . $ad['id']; $stmp = 'SELECT accessed FROM yubikeys WHERE id=' . $ad['id'];
query($conn, $stmt); query($conn, $stmt);
$sl->queue($modified,
$otp, $otpParams=array('modified'=>$modified,
$devId, 'otp'=>$otp,
$otpinfo['session_counter'], 'yk_identity'=>$devId,
$otpinfo['session_use'], 'yk_counter'=>$otpinfo['session_counter'],
$otpinfo['high'], 'yk_use'=>$otpinfo['session_use'],
$otpinfo['low']); 'yk_high'=>$otpinfo['high'],
'yk_low'=>$otpinfo['low']);
$localParams=array('modified'=>DbTimeToUnix($ad['accessed']),
'otp'=>'',
'yk_identity'=>$devId,
'yk_counter'=>$ad['counter'],
'yk_use'=>$ad['sessionUse'],
'yk_high'=>$ad['high'],
'yk_low'=>$ad['low']);
if (!$sl->queue($otpParams, $localParams)) {
debug("ykval-verify:critical:failed to queue sync requests");
sendResp(S_BACKEND_ERROR, $apiKey);
exit;
}
$required_answers=$sl->getNumberOfServers(); $required_answers=$sl->getNumberOfServers();
$syncres=$sl->sync($required_answers); $syncres=$sl->sync($required_answers);
$answers=$sl->getNumberOfAnswers(); $answers=$sl->getNumberOfAnswers();