rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-01-20 01:52:15 +01:00
Code Issues Projects Releases Wiki Activity

Storing local param info at the time when verify request arrived.

Browse Source 
Used to give correct warnings of wether local/remote is out of sync or not
This commit is contained in:
Olov Danielson 2009-12-04 11:57:49 +00:00
parent 362b40056d
commit 55aeffc066
5 changed files with 127 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
tests/syncLibTest.php
View File

@ -38,13 +38,22 @@ class SyncLibTest extends PHPUnit_Framework_TestCase
$queue_length = $sl->getQueueLength();
$sl->queue(1259585588,
"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
"cccccccccccc",
10,
20,
100,
1000);
$sl->queue(array('modified'=>1259585588,
'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
'yk_identity'=>"cccccccccccc",
'yk_counter'=>10,
'yk_use'=>20,
'yk_high'=>100,
'yk_low'=>1000),
array('modified'=>1259585588,
'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
'yk_identity'=>"cccccccccccc",
'yk_counter'=>10,
'yk_use'=>18,
'yk_high'=>100,
'yk_low'=>1000)
);
$this->assertEquals($nr_servers + $queue_length, $sl->getQueueLength());
$lastSync=$sl->getLast();
@ -102,26 +111,47 @@ class SyncLibTest extends PHPUnit_Framework_TestCase
"http://localhost/wsapi/syncvalid3");
$start_length=$sl->getQueueLength();
$this->assertTrue($sl->queue(1259671571+1000,
"ccccccccccccculnnjikvhjduicubtkcvgvkcdcvdjhk",
"cccccccccccc",
9,
3,
55,
18000));
$this->assertTrue(
$sl->queue(array('modified'=>1259585588+1000,
'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
'yk_identity'=>"cccccccccccc",
'yk_counter'=>9,
'yk_use'=>3,
'yk_high'=>100,
'yk_low'=>1000),
array('modified'=>1259585588,
'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
'yk_identity'=>"cccccccccccc",
'yk_counter'=>10,
'yk_use'=>18,
'yk_high'=>100,
'yk_low'=>1000)
));
$res=$sl->sync(3);
$this->assertEquals(3, $sl->getNumberOfValidAnswers());
$this->assertTrue($res, "all sync servers should be configured to return ok values");
$this->assertEquals($start_length, $sl->getQueueLength());
$this->assertTrue($sl->queue(1259671571+1000,
"ccccccccccccculnnjikvhjduicubtkcvgvkcdcvdjhk",
"cccccccccccc",
9,
3,
55,
18000));
$this->assertTrue(
$sl->queue(array('modified'=>1259585588+1000,
'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
'yk_identity'=>"cccccccccccc",
'yk_counter'=>9,
'yk_use'=>3,
'yk_high'=>100,
'yk_low'=>1000),
array('modified'=>1259585588,
'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
'yk_identity'=>"cccccccccccc",
'yk_counter'=>10,
'yk_use'=>18,
'yk_high'=>100,
'yk_low'=>1000)
));
$res=$sl->sync(2);
$this->assertEquals(2, $sl->getNumberOfValidAnswers());
@ -139,13 +169,23 @@ class SyncLibTest extends PHPUnit_Framework_TestCase
"http://localhost/wsapi/syncinvalid3");
$start_length=$sl->getQueueLength();
$this->assertTrue($sl->queue(1259671571+1000,
"ccccccccccccculnnjikvhjduicubtkcvgvkcdcvdjhk",
"cccccccccccc",
9,
3,
55,
18000));
$this->assertTrue(
$sl->queue(array('modified'=>1259585588+1000,
'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
'yk_identity'=>"cccccccccccc",
'yk_counter'=>9,
'yk_use'=>3,
'yk_high'=>100,
'yk_low'=>1000),
array('modified'=>1259585588,
'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
'yk_identity'=>"cccccccccccc",
'yk_counter'=>10,
'yk_use'=>18,
'yk_high'=>100,
'yk_low'=>1000)
));
$res=$sl->sync(3);
$this->assertEquals(0, $sl->getNumberOfValidAnswers());
@ -163,13 +203,23 @@ class SyncLibTest extends PHPUnit_Framework_TestCase
"http://localhost/wsapi/syncvalid3");
$start_length=$sl->getQueueLength();
$this->assertTrue($sl->queue(1259671571+1000,
"ccccccccccccculnnjikvhjduicubtkcvgvkcdcvdjhk",
"cccccccccccc",
9,
3,
55,
18000));
$this->assertTrue(
$sl->queue(array('modified'=>1259585588+1000,
'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
'yk_identity'=>"cccccccccccc",
'yk_counter'=>9,
'yk_use'=>3,
'yk_high'=>100,
'yk_low'=>1000),
array('modified'=>1259585588,
'otp'=>"ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui",
'yk_identity'=>"cccccccccccc",
'yk_counter'=>10,
'yk_use'=>18,
'yk_high'=>100,
'yk_low'=>1000)
));
$res=$sl->sync(1);
$this->assertEquals(1, $sl->getNumberOfValidAnswers());

2
ykval-common.php
View File

@ -136,7 +136,7 @@ function retrieveURLasync ($urls, $ans_req=1, $match="^OK", $returl=False) {
$ch = array();
foreach ($urls as $id => $url) {
$handle = curl_init();
debug("url is: " . $url);
curl_setopt($handle, CURLOPT_URL, $url);
curl_setopt($handle, CURLOPT_USERAGENT, "YK-VAL");
curl_setopt($handle, CURLOPT_RETURNTRANSFER, 1);

1
ykval-db.sql
View File

@ -32,6 +32,7 @@ CREATE TABLE queue (
id INT NOT NULL UNIQUE AUTO_INCREMENT,
queued_time TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
modified_time TIMESTAMP,
random_key INT,
otp VARCHAR(100) NOT NULL,
server VARCHAR(100) NOT NULL,
info VARCHAR(100) NOT NULL,

33
ykval-synclib.php
View File

@ -53,27 +53,25 @@ class SyncLib
{
return count($this->db->last('queue', NULL));
}
public function queue($modified, $otp, $identity, $counter, $use, $high, $low)
public function queue($otpParams, $localParams)
{
$info='yk_identity=' . $identity .
'&yk_counter=' . $counter .
'&yk_use=' . $use .
'&yk_high=' . $high .
'&yk_low=' . $low;
$this->otpParams['modified']=$modified;
$this->otpParams['otp']=$otp;
$this->otpParams['yk_identity']=$identity;
$this->otpParams['yk_counter']=$counter;
$this->otpParams['yk_use']=$use;
$this->otpParams['yk_high']=$high;
$this->otpParams['yk_low']=$low;
$info='yk_identity=' . $otpParams['yk_identity'] .
'&yk_counter=' . $otpParams['yk_counter'] .
'&yk_use=' . $otpParams['yk_use'] .
'&yk_high=' . $otpParams['yk_high'] .
'&yk_low=' . $otpParams['yk_low'];
$this->otpParams = $otpParams;
$this->localParams = $localParams;
$res=True;
foreach ($this->syncServers as $server) {
if(! $this->db->save('queue', array('modified_time'=>$this->UnixToDbTime($modified),
'otp'=>$otp,
if(! $this->db->save('queue', array('modified_time'=>$this->UnixToDbTime($otpParams['modified']),
'otp'=>$otpParams['otp'],
'server'=>$server,
'random_key'=>$this->random_key,
'info'=>$info))) $res=False;
@ -201,7 +199,8 @@ class SyncLib
/*
Parse responses
*/
$localParams=$this->getLocalParams($this->otpParams['yk_identity']);
$lastLocalParams=$this->getLocalParams($this->otpParams['yk_identity']);
$localParams = $this->localParams;
$this->answers = count($ans_arr);
$this->valid_answers = 0;
@ -212,7 +211,7 @@ class SyncLib
$this->log("notice", "response contains ", $resParams);
/* Check if internal DB should be updated */
if ($this->countersHigherThan($resParams, $localParams)) {
if ($this->countersHigherThan($resParams, $lastLocalParams)) {
$this->updateDbCounters($resParams);
}

31
ykval-verify.php
View File

@ -165,13 +165,30 @@ $sl = new SyncLib();
// We need the modifed value from the DB
$stmp = 'SELECT accessed FROM yubikeys WHERE id=' . $ad['id'];
query($conn, $stmt);
$sl->queue($modified,
$otp,
$devId,
$otpinfo['session_counter'],
$otpinfo['session_use'],
$otpinfo['high'],
$otpinfo['low']);
$otpParams=array('modified'=>$modified,
'otp'=>$otp,
'yk_identity'=>$devId,
'yk_counter'=>$otpinfo['session_counter'],
'yk_use'=>$otpinfo['session_use'],
'yk_high'=>$otpinfo['high'],
'yk_low'=>$otpinfo['low']);
$localParams=array('modified'=>DbTimeToUnix($ad['accessed']),
'otp'=>'',
'yk_identity'=>$devId,
'yk_counter'=>$ad['counter'],
'yk_use'=>$ad['sessionUse'],
'yk_high'=>$ad['high'],
'yk_low'=>$ad['low']);
if (!$sl->queue($otpParams, $localParams)) {
debug("ykval-verify:critical:failed to queue sync requests");
sendResp(S_BACKEND_ERROR, $apiKey);
exit;
}
$required_answers=$sl->getNumberOfServers();
$syncres=$sl->sync($required_answers);
$answers=$sl->getNumberOfAnswers();