rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-02-20 12:54:23 +01:00
Code Issues Projects Releases Wiki Activity

Remove ID column from yubikeys and queue table. Renamed and changed random_key to server_nonce

Browse Source
This commit is contained in:
Olov Danielson 2010-01-12 13:00:28 +00:00
parent bace6d58a8
commit 6cc547f791
6 changed files with 154 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
tests/DbTest.php
View File

@ -18,6 +18,7 @@ class DbTest extends PHPUnit_Framework_TestCase
$this->db->connect(); $this->db->connect();
$this->db->customQuery("drop table unittest"); $this->db->customQuery("drop table unittest");
$this->db->customQuery("create table unittest (id int,value1 int, value2 int)"); $this->db->customQuery("create table unittest (id int,value1 int, value2 int)");
} }
public function test_template() public function test_template()
{ {
@ -83,5 +84,40 @@ class DbTest extends PHPUnit_Framework_TestCase
'id'=>1))); 'id'=>1)));
$this->assertEquals(1, $this->db->rowCount(), "1 row should have been affected by previous statement"); $this->assertEquals(1, $this->db->rowCount(), "1 row should have been affected by previous statement");
} }
public function testConditionalUpdate()
{
$this->assertTrue($this->db->save('unittest', array('value1'=>100,
'value2'=>200,
'id'=>1)));
$condition="(100 > value1 or (100=value1 and 200>value2))";
$this->assertTrue($this->db->conditionalUpdate('unittest', 1, array('value2'=>201), $condition));
$this->assertEquals(0, $this->db->rowCount(), "One row should have been affected");
$condition="(100 > value1 or (100=value1 and 201>value2))";
$this->assertTrue($this->db->conditionalUpdate('unittest', 1, array('value2'=>201), $condition));
$this->assertEquals(1, $this->db->rowCount(), "One row should have been affected");
}
public function testConditionalUpdateBy()
{
$this->assertTrue($this->db->save('unittest', array('value1'=>100,
'value2'=>200,
'id'=>1)));
$condition="(100 > value1 or (100=value1 and 201>value2))";
$this->assertTrue($this->db->conditionalUpdateBy('unittest', 'value1', 100, array('value2'=>201), $condition));
$this->assertEquals(1, $this->db->rowCount(), "One row should have been affected");
$this->db->customQuery("drop table myunittest");
$this->db->customQuery("create table myunittest (id int, string1 varchar(10), value1 int)");
$this->assertTrue($this->db->save('myunittest', array('value1'=>100,
'string1'=>'hej',
'id'=>1)));
$condition="(101 > value1)";
$this->assertTrue($this->db->conditionalUpdateBy('myunittest', 'string1', 'hej', array('value1'=>101), $condition));
$this->assertEquals(1, $this->db->rowCount(), "One row should have been affected");
}
} }
?> ?>

55
tests/syncLibTest.php
View File

@ -57,7 +57,23 @@ class SyncLibTest extends PHPUnit_Framework_TestCase
$this->assertEquals($nr_servers + $queue_length, $sl->getQueueLength()); $this->assertEquals($nr_servers + $queue_length, $sl->getQueueLength());
$lastSync=$sl->getLast(); $res=$sl->db->findByMultiple('queue',
array("modified"=>1259585588,
"server_nonce"=>$sl->server_nonce));
$lastRes=$res[0];
$info=$sl->otpParamsFromInfoString($lastRes['info']);
$lastSync=array('queued'=>$lastRes['queued'],
'modified'=>$lastRes['modified'],
'otp'=>$lastRes['otp'],
'server'=>$lastRes['server'],
'nonce'=>$info['nonce'],
'yk_publicname'=>$info['yk_publicname'],
'yk_counter'=>$info['yk_counter'],
'yk_use'=>$info['yk_use'],
'yk_high'=>$info['yk_high'],
'yk_low'=>$info['yk_low']);
$this->assertEquals($lastSync['modified'], 1259585588); $this->assertEquals($lastSync['modified'], 1259585588);
$this->assertEquals($lastSync['otp'], "ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui"); $this->assertEquals($lastSync['otp'], "ccccccccccccfrhiutjgfnvgdurgliidceuilikvfhui");
$this->assertEquals($lastSync['yk_publicname'], "cccccccccccc"); $this->assertEquals($lastSync['yk_publicname'], "cccccccccccc");
@ -269,12 +285,45 @@ class SyncLibTest extends PHPUnit_Framework_TestCase
$this->assertTrue($sl->queue($p1, $p1)); $this->assertTrue($sl->queue($p1, $p1));
$res=$sl->getLast();
$res=$sl->db->findByMultiple('queue',
array("modified"=>1259585588+1000,
"server_nonce"=>$sl->server_nonce));
$lastRes=$res[0];
$info=$sl->otpParamsFromInfoString($lastRes['info']);
$res=array('queued'=>$lastRes['queued'],
'modified'=>$lastRes['modified'],
'otp'=>$lastRes['otp'],
'server'=>$lastRes['server'],
'nonce'=>$info['nonce'],
'yk_publicname'=>$info['yk_publicname'],
'yk_counter'=>$info['yk_counter'],
'yk_use'=>$info['yk_use'],
'yk_high'=>$info['yk_high'],
'yk_low'=>$info['yk_low']);
$this->assertNotNull($res['queued']); $this->assertNotNull($res['queued']);
$res=$sl->sync(3); $res=$sl->sync(3);
$this->assertEquals(1+$start_length, $sl->getQueueLength()); $this->assertEquals(1+$start_length, $sl->getQueueLength());
$res=$sl->getLast();
$res=$sl->db->findByMultiple('queue',
array("modified"=>1259585588+1000,
"server_nonce"=>$sl->server_nonce));
$lastRes=$res[0];
$info=$sl->otpParamsFromInfoString($lastRes['info']);
$res=array('queued'=>$lastRes['queued'],
'modified'=>$lastRes['modified'],
'otp'=>$lastRes['otp'],
'server'=>$lastRes['server'],
'nonce'=>$info['nonce'],
'yk_publicname'=>$info['yk_publicname'],
'yk_counter'=>$info['yk_counter'],
'yk_use'=>$info['yk_use'],
'yk_high'=>$info['yk_high'],
'yk_low'=>$info['yk_low']);
$this->assertNull($res['queued']); $this->assertNull($res['queued']);

31
ykval-db.php
View File

@ -136,7 +136,7 @@ class Db
if($this->dbh) { if($this->dbh) {
$this->result = $this->dbh->query($query); $this->result = $this->dbh->query($query);
if (! $this->result){ if (! $this->result){
$this->myLog->log(LOG_ERR, 'Database error: ' . print_r($this->dbh->errorInfo(), true)); $this->myLog->log(LOG_INFO, 'Database error: ' . print_r($this->dbh->errorInfo(), true));
$this->myLog->log(LOG_INFO, 'Query was: ' . $query); $this->myLog->log(LOG_INFO, 'Query was: ' . $query);
return false; return false;
} }
@ -174,7 +174,7 @@ class Db
return true; return true;
} }
$query = rtrim($query, ",") . " WHERE " . $k . ' = ' . $v; $query = rtrim($query, ",") . " WHERE " . $k . " = '" . $v . "'";
// Insert UPDATE statement at beginning // Insert UPDATE statement at beginning
$query = "UPDATE " . $table . " SET " . $query; $query = "UPDATE " . $table . " SET " . $query;
@ -197,16 +197,17 @@ class Db
} }
/** /**
* function to update row in database * function to update row in database based on a condition
* *
* @param string $table Database table to update row in * @param string $table Database table to update row in
* @param int $id Id on row to update * @param string $k Column to select row on
* @param string $v Value to select row on
* @param array $values Array with key=>values to update * @param array $values Array with key=>values to update
* @param string $condition conditional statement * @param string $condition conditional statement
* @return boolean True on success, otherwise false. * @return boolean True on success, otherwise false.
* *
*/ */
public function conditional_update($table, $id, $values, $condition) public function conditionalUpdateBy($table, $k, $v, $values, $condition)
{ {
foreach ($values as $key=>$value){ foreach ($values as $key=>$value){
@ -217,7 +218,7 @@ class Db
return true; return true;
} }
$query = rtrim($query, ",") . " WHERE id = " . $id . " and " . $condition; $query = rtrim($query, ",") . " WHERE " . $k . " = '" . $v . "' and " . $condition;
// Insert UPDATE statement at beginning // Insert UPDATE statement at beginning
$query = "UPDATE " . $table . " SET " . $query; $query = "UPDATE " . $table . " SET " . $query;
@ -225,6 +226,23 @@ class Db
return $this->query($query, false); return $this->query($query, false);
} }
/**
* Function to update row in database based on a condition.
* An ID value is passed to select the appropriate column
*
* @param string $table Database table to update row in
* @param int $id Id on row to update
* @param array $values Array with key=>values to update
* @param string $condition conditional statement
* @return boolean True on success, otherwise false.
*
*/
public function conditionalUpdate($table, $id, $values, $condition)
{
return $this->conditionalUpdateBy($table, 'id', $id, $values, $condition);
}
/** /**
* function to insert new row in database * function to insert new row in database
* *
@ -311,6 +329,7 @@ or false on failure.
if ($rev==1) $query.= " ORDER BY id DESC"; if ($rev==1) $query.= " ORDER BY id DESC";
if ($nr!=null) $query.= " LIMIT " . $nr; if ($nr!=null) $query.= " LIMIT " . $nr;
$this->myLog->log(LOG_NOTICE, 'query is ' . $query);
$result = $this->query($query, true); $result = $this->query($query, true);
if (!$result) return false; if (!$result) return false;

9
ykval-db.sql
View File

@ -10,7 +10,6 @@ CREATE TABLE clients (
); );
CREATE TABLE yubikeys ( CREATE TABLE yubikeys (
id INT NOT NULL UNIQUE AUTO_INCREMENT,
active BOOLEAN DEFAULT TRUE, active BOOLEAN DEFAULT TRUE,
created INT NOT NULL, created INT NOT NULL,
modified INT NOT NULL, modified INT NOT NULL,
@ -22,16 +21,14 @@ CREATE TABLE yubikeys (
yk_high INT, yk_high INT,
nonce VARCHAR(32) DEFAULT '', nonce VARCHAR(32) DEFAULT '',
notes VARCHAR(100) DEFAULT '', notes VARCHAR(100) DEFAULT '',
PRIMARY KEY (id) PRIMARY KEY (yk_publicname)
); );
CREATE TABLE queue ( CREATE TABLE queue (
id INT NOT NULL UNIQUE AUTO_INCREMENT,
queued INT DEFAULT NULL, queued INT DEFAULT NULL,
modified INT DEFAULT NULL, modified INT DEFAULT NULL,
random_key INT, server_nonce VARCHAR(32) NOT NULL,
otp VARCHAR(100) NOT NULL, otp VARCHAR(100) NOT NULL,
server VARCHAR(100) NOT NULL, server VARCHAR(100) NOT NULL,
info VARCHAR(256) NOT NULL, info VARCHAR(256) NOT NULL
PRIMARY KEY (id)
); );

81
ykval-synclib.php
View File

@ -21,7 +21,8 @@ class SyncLib
$baseParams['__YKVAL_DB_PW__'], $baseParams['__YKVAL_DB_PW__'],
$baseParams['__YKVAL_DB_OPTIONS__']); $baseParams['__YKVAL_DB_OPTIONS__']);
$this->isConnected=$this->db->connect(); $this->isConnected=$this->db->connect();
$this->random_key=rand(0,1<<16); $this->server_nonce=md5(uniqid(rand()));
} }
function isConnected() function isConnected()
@ -49,24 +50,9 @@ class SyncLib
if($res->rowCount()>0) return $res->fetch(PDO::FETCH_ASSOC); if($res->rowCount()>0) return $res->fetch(PDO::FETCH_ASSOC);
else return false; else return false;
} }
function getLast()
{
$res=$this->db->last('queue', 1);
$info=$this->otpParamsFromInfoString($res['info']);
return array('queued'=>$res['queued'],
'modified'=>$res['modified'],
'otp'=>$res['otp'],
'server'=>$res['server'],
'nonce'=>$info['nonce'],
'yk_publicname'=>$info['yk_publicname'],
'yk_counter'=>$info['yk_counter'],
'yk_use'=>$info['yk_use'],
'yk_high'=>$info['yk_high'],
'yk_low'=>$info['yk_low']);
}
public function getQueueLength() public function getQueueLength()
{ {
return count($this->db->last('queue', null)); return count($this->db->findBy('queue', null, null, null));
} }
public function createInfoString($otpParams, $localParams) public function createInfoString($otpParams, $localParams)
@ -111,7 +97,7 @@ class SyncLib
'modified'=>$otpParams['modified'], 'modified'=>$otpParams['modified'],
'otp'=>$otpParams['otp'], 'otp'=>$otpParams['otp'],
'server'=>$server, 'server'=>$server,
'random_key'=>$this->random_key, 'server_nonce'=>$this->server_nonce,
'info'=>$info))) $res=False; 'info'=>$info))) $res=False;
} }
return $res; return $res;
@ -147,11 +133,10 @@ class SyncLib
'yk_counter'=>0, 'yk_counter'=>0,
'yk_use'=>0, 'yk_use'=>0,
'nonce'=>0)); 'nonce'=>0));
$res=$this->db->findBy('yubikeys', 'yk_publicname', $yk_publicname, 1); $res=$this->db->findBy('yubikeys', 'yk_publicname', $yk_publicname,1);
} }
if ($res) { if ($res) {
$localParams=array('id'=>$res['id'], $localParams=array('modified'=>$res['modified'],
'modified'=>$res['modified'],
'otp'=>$res['otp'], 'otp'=>$res['otp'],
'nonce'=>$res['nonce'], 'nonce'=>$res['nonce'],
'active'=>$res['active'], 'active'=>$res['active'],
@ -161,10 +146,10 @@ class SyncLib
'yk_high'=>$res['yk_high'], 'yk_high'=>$res['yk_high'],
'yk_low'=>$res['yk_low']); 'yk_low'=>$res['yk_low']);
$this->log(LOG_NOTICE, "counter found in db ", $localParams); $this->log(LOG_NOTICE, "yubikey found in db ", $localParams);
return $localParams; return $localParams;
} else { } else {
$this->log(LOG_NOTICE, 'params for identity ' . $yk_publicname . ' not found in database'); $this->log(LOG_NOTICE, 'params for yk_publicname ' . $yk_publicname . ' not found in database');
return false; return false;
} }
} }
@ -191,27 +176,28 @@ class SyncLib
public function updateDbCounters($params) public function updateDbCounters($params)
{ {
$res=$this->db->lastBy('yubikeys', 'yk_publicname', $params['yk_publicname']); $res=$this->db->findBy('yubikeys', 'yk_publicname', $params['yk_publicname'], 1);
if (isset($res['id'])) { $this->log(LOG_NOTICE, 'yk_publicname is ' . $res['yk_publicname']);
if (isset($res['yk_publicname'])) {
$condition='('.$params['yk_counter'].'>yk_counter or ('.$params['yk_counter'].'=yk_counter and ' . $condition='('.$params['yk_counter'].'>yk_counter or ('.$params['yk_counter'].'=yk_counter and ' .
$params['yk_use'] . '>yk_use))' ; $params['yk_use'] . '>yk_use))' ;
if(! $this->db->conditional_update('yubikeys', if(! $this->db->conditionalUpdateBy('yubikeys', 'yk_publicname', $params['yk_publicname'],
$res['id'], array('modified'=>$params['modified'],
array('modified'=>$params['modified'], 'yk_counter'=>$params['yk_counter'],
'yk_counter'=>$params['yk_counter'], 'yk_use'=>$params['yk_use'],
'yk_use'=>$params['yk_use'], 'yk_low'=>$params['yk_low'],
'yk_low'=>$params['yk_low'], 'yk_high'=>$params['yk_high'],
'yk_high'=>$params['yk_high'], 'nonce'=>$params['nonce']),
'nonce'=>$params['nonce']), $condition))
$condition))
{ {
$this->log(LOG_CRIT, 'failed to update internal DB with new counters'); $this->log(LOG_CRIT, 'failed to update internal DB with new counters');
return false; return false;
} else { } else
if ($this->db->rowCount()>0) $this->log(LOG_NOTICE, "updated database ", $params); {
else $this->log(LOG_NOTICE, 'database not updated', $params); if ($this->db->rowCount()>0) $this->log(LOG_NOTICE, "updated database ", $params);
return true; else $this->log(LOG_NOTICE, 'database not updated', $params);
} return true;
}
} else return false; } else return false;
} }
@ -241,10 +227,10 @@ class SyncLib
$server=$out[1]; $server=$out[1];
$this->log(LOG_DEBUG, "deleting server=" . $server . $this->log(LOG_DEBUG, "deleting server=" . $server .
" modified=" . $this->otpParams['modified'] . " modified=" . $this->otpParams['modified'] .
" random_key=" . $this->random_key); " server_nonce=" . $this->server_nonce);
$this->db->deleteByMultiple('queue', $this->db->deleteByMultiple('queue',
array("modified"=>$this->otpParams['modified'], array("modified"=>$this->otpParams['modified'],
"random_key"=>$this->random_key, "server_nonce"=>$this->server_nonce,
'server'=>$server)); 'server'=>$server));
} }
@ -328,8 +314,13 @@ class SyncLib
} }
/* Deletion */ /* Deletion */
$this->log(LOG_NOTICE, 'deleting queue entry with id=' . $entry['id']); $this->log(LOG_NOTICE, 'deleting queue entry with modified=' . $entry['id'] .
$this->db->deleteByMultiple('queue', array('id'=>$entry['id'])); ' server_nonce=' . $entry['server_nonce'] .
' server=' . $entry['server']);
$this->db->deleteByMultiple('queue',
array("modified"=>$entry['modified'],
"server_nonce"=>$entry['server_nonce'],
'server'=>$entry['nonce']));
} }
} /* End of loop over each queue entry for a server */ } /* End of loop over each queue entry for a server */
@ -344,7 +335,7 @@ class SyncLib
*/ */
$urls=array(); $urls=array();
$res=$this->db->findByMultiple('queue', array("modified"=>$this->otpParams['modified'], "random_key"=>$this->random_key)); $res=$this->db->findByMultiple('queue', array("modified"=>$this->otpParams['modified'], "server_nonce"=>$this->server_nonce));
foreach ($res as $row) { foreach ($res as $row) {
$urls[]=$row['server'] . $urls[]=$row['server'] .
"?otp=" . $row['otp'] . "?otp=" . $row['otp'] .
@ -428,7 +419,7 @@ class SyncLib
NULL queued_time for remaining entries in queue, to allow NULL queued_time for remaining entries in queue, to allow
daemon to take care of them as soon as possible. */ daemon to take care of them as soon as possible. */
$this->db->updateBy('queue', 'random_key', $this->random_key, $this->db->updateBy('queue', 'server_nonce', $this->server_nonce,
array('queued'=>NULL)); array('queued'=>NULL));

1
ykval-verify.php
View File

@ -173,6 +173,7 @@ if ($sync->countersHigherThanOrEqual($localParams, $otpParams)) {
/* Valid OTP, update database. */ /* Valid OTP, update database. */
if(!$sync->updateDbCounters($otpParams)) { if(!$sync->updateDbCounters($otpParams)) {
$myLog->log(LOG_CRIT, "Failed to update yubikey counters in database");
sendResp(S_BACKEND_ERROR, $apiKey); sendResp(S_BACKEND_ERROR, $apiKey);
exit; exit;
} }