rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-03-02 06:29:16 +01:00
Code Issues Projects Releases Wiki Activity

Remove getapikey service.

Browse Source
This commit is contained in:
Simon Josefsson 2009-12-15 14:59:24 +00:00
parent a2b0649681
commit 8fd22d6c2e
5 changed files with 3 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Makefile
View File

@ -29,18 +29,16 @@
VERSION=1.1 VERSION=1.1
PACKAGE=yubikey-val PACKAGE=yubikey-val
CODE=ykval-api.html ykval-db.sql ykval-revoke.php ykval-common.php \ CODE=ykval-api.html ykval-db.sql ykval-revoke.php ykval-common.php \
ykval-getapikey.php ykval-verify.php test-multi.php \ ykval-verify.php test-multi.php ykval-config.php \
ykval-config.php ykval-ping.php ykval-ping.php
DOCS=doc/Installation.wiki DOCS=doc/Installation.wiki
GAK=get-api-key/index.php
all: $(PACKAGE)-$(VERSION).tgz all: $(PACKAGE)-$(VERSION).tgz
$(PACKAGE)-$(VERSION).tgz: $(FILES) $(PACKAGE)-$(VERSION).tgz: $(FILES)
mkdir $(PACKAGE)-$(VERSION) $(PACKAGE)-$(VERSION)/doc $(PACKAGE)-$(VERSION)/get-api-key mkdir $(PACKAGE)-$(VERSION) $(PACKAGE)-$(VERSION)/doc
cp $(CODE) $(PACKAGE)-$(VERSION)/ cp $(CODE) $(PACKAGE)-$(VERSION)/
cp $(DOCS) $(PACKAGE)-$(VERSION)/doc/ cp $(DOCS) $(PACKAGE)-$(VERSION)/doc/
cp $(GAK) $(PACKAGE)-$(VERSION)/get-api-key/
tar cfz $(PACKAGE)-$(VERSION).tgz $(PACKAGE)-$(VERSION) tar cfz $(PACKAGE)-$(VERSION).tgz $(PACKAGE)-$(VERSION)
rm -rf $(PACKAGE)-$(VERSION) rm -rf $(PACKAGE)-$(VERSION)

81
get-api-key/index.php
View File

@ -1,81 +0,0 @@
<?php
if (isset($_REQUEST["email"])) {
$email = $_REQUEST["email"];
} else {
$email = "";
}
if (isset($_REQUEST["otp"])) {
$otp = $_REQUEST["otp"];
} else {
$otp = "";
}
# Quit early on no input
if ($email && $otp) {
# Change URL as appropriate. Use https for non-local connections.
$url = "http://localhost/wsapi/getapikey?email=" .
$email . "&otp=" . $otp;
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_USERAGENT, "Get_API_Key");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
curl_close($ch);
if (preg_match('/^code=ok\nid=([0-9]+)\nkey=(.*)/', $result, $out)) {
$id = $out[1];
$key = $out[2];
} else {
error_log ("YK-GAK bad curl output: $result");
}
}
?>
<html>
<head>
<title>Yubico - Get API Key</title>
</head>
<body onLoad="document.getapikey.email.focus();">
<h1>Yubico - Get API Key</h1>
<?php if (isset($id) && isset($key)) { ?>
<p>Congratulations! Please find below your client identity and
client API key.
<p><table border=1>
<tr><td>Id:</td><td><?php print $id; ?></td></tr>
<tr><td>API Key:</td><td><?php print $key; ?></td></tr>
</table>
<p>For more information on how to use this, see the Developers web
pages.
<?php } else { ?>
<p>Here you can generate a shared symmetric key for use with the
Yubico Web Services. You need to authenticate yourself using a
Yubikey One-Time Password and provide your e-mail address as a
reference.
<p><hr>
<?php if (isset($result)) { ?>
<h1 style="font-weight: bold; color:#EE1111">
Authentication failure. Please try again. </h1>
<?php } ?>
<p><form name="getapikey" method="post"><table>
<tr><td>E-mail address:</td>
<td><input type="text" name="email"></td></tr>
<tr><td>Yubikey OTP:</td>
<td><input autocomplete="off" type="password" name="otp"></td></tr>
<tr><td colspan="2">
<input type="submit" value="Generate API Key"></td></tr>
</table>
</form>
<?php } ?>
</body>
</html>

11
ykval-config.php
View File

@ -25,14 +25,6 @@ $baseParams['__YKVAL_SYNC_DEFAULT_TIMEOUT__'] = 1;
$baseParams['__YKVAL_SYNC_MAX_SIMUL__'] = 50; $baseParams['__YKVAL_SYNC_MAX_SIMUL__'] = 50;
# For the get-api-key service.
$baseParams['__YKGAK_DB_HOST__'] = $baseParams['__YKVAL_DB_HOST__'];
$baseParams['__YKGAK_DB_NAME__'] = $baseParams['__YKVAL_DB_NAME__'];
$baseParams['__YKGAK_DB_USER__'] = 'ykval_getapikey';
$baseParams['__YKGAK_DB_PW__'] = 'secondpassword';
$baseParams['__YKGAK_ID__'] = '';
$baseParams['__YKGAK_KEY__'] = '';
# For the revoke service. # For the revoke service.
$baseParams['__YKR_DB_HOST__'] = $baseParams['__YKVAL_DB_HOST__']; $baseParams['__YKR_DB_HOST__'] = $baseParams['__YKVAL_DB_HOST__'];
$baseParams['__YKR_DB_NAME__'] = $baseParams['__YKVAL_DB_NAME__']; $baseParams['__YKR_DB_NAME__'] = $baseParams['__YKVAL_DB_NAME__'];
@ -40,9 +32,6 @@ $baseParams['__YKR_DB_USER__'] = 'ykval_revoke';
$baseParams['__YKR_DB_PW__'] = 'thirdpassword'; $baseParams['__YKR_DB_PW__'] = 'thirdpassword';
$baseParams['__YKR_IP__'] = '1.2.3.4'; $baseParams['__YKR_IP__'] = '1.2.3.4';
// otp2ksmurls: Return array of YK-KSM URLs for decrypting OTP for // otp2ksmurls: Return array of YK-KSM URLs for decrypting OTP for
// CLIENT. The URLs must be fully qualified, i.e., contain the OTP // CLIENT. The URLs must be fully qualified, i.e., contain the OTP
// itself. // itself.

5
ykval-db.sql
View File

@ -49,11 +49,6 @@ GRANT SELECT(id, secret, active)
GRANT SELECT,INSERT,UPDATE,DELETE GRANT SELECT,INSERT,UPDATE,DELETE
ON ykval.queue to 'ykval_verifier'@'localhost'; ON ykval.queue to 'ykval_verifier'@'localhost';
-- DROP USER 'ykval_getapikey'@'localhost';
CREATE USER 'ykval_getapikey'@'localhost';
GRANT SELECT(id),INSERT
ON ykval.clients to 'ykval_getapikey'@'localhost';
-- DROP USER 'ykval_revoke'@'localhost'; -- DROP USER 'ykval_revoke'@'localhost';
CREATE USER 'ykval_revoke'@'localhost'; CREATE USER 'ykval_revoke'@'localhost';
GRANT UPDATE(active) GRANT UPDATE(active)

64
ykval-getapikey.php
View File

@ -1,64 +0,0 @@
<?php
require_once 'ykval-common.php';
require_once 'ykval-config.php';
require_once 'Auth/Yubico.php';
header("content-type: text/plain");
debug("Request: " . $_SERVER['QUERY_STRING']);
$conn = mysql_connect($baseParams['__YKGAK_DB_HOST__'],
$baseParams['__YKGAK_DB_USER__'],
$baseParams['__YKGAK_DB_PW__']);
if (!$conn) {
logdie("code=connecterror");
}
if (!mysql_select_db($baseParams['__YKGAK_DB_NAME__'], $conn)) {
logdie("code=selecterror");
}
$email = $_REQUEST["email"];
$otp = $_REQUEST["otp"];
if (!$email || !$otp || !(strpos($email . $otp, " ") === FALSE)) {
logdie("code=noparam");
}
$yubi = &new Auth_Yubico($baseParams['__YKGAK_ID__'],
$baseParams['__YKGAK_KEY__']);
$auth = $yubi->verify($otp);
if (PEAR::isError($auth)) {
logdie("code=badotp\nstatus=" . $auth->getMessage());
}
$sqlid = mysql_real_escape_string($email . " " . $yubikey);
$fh = fopen("/dev/urandom", "r")
or logdie ("code=openerror");
$rnd = fread ($fh, 20)
or logdie ("code=readerror");
fclose ($fh);
$b64rnd = base64_encode ($rnd);
$query = "SELECT MAX(id) FROM clients";
$result = mysql_query($query, $conn);
if (!$result) {
debug("SQL query error: " . mysql_error());
logdie("code=maxiderror");
}
$id = mysql_fetch_row ($result);
mysql_free_result($result);
$id = $id[0] + 1;
$query = "INSERT INTO clients (id, created, email, otp, secret) " .
"VALUES (\"$id\", NOW(), " . mysql_quote($email) . ", " .
mysql_quote($otp) . ", " . "\"$b64rnd\")";
if (!mysql_query($query, $conn)) {
debug("SQL query error: " . mysql_error());
logdie("code=inserterror");
}
mysql_close($conn);
debug("Successfully added client ID $id");
echo "code=ok\nid=$id\nkey=$b64rnd\n";
?>