mirror of
https://github.com/Yubico/yubikey-val.git
synced 2024-12-03 03:24:15 +01:00
Remove getapikey service.
This commit is contained in:
Simon Josefsson
parent
a2b0649681
commit
8fd22d6c2e
8
Makefile
8
Makefile
@ -29,18 +29,16 @@
|
||||
VERSION=1.1
|
||||
PACKAGE=yubikey-val
|
||||
CODE=ykval-api.html ykval-db.sql ykval-revoke.php ykval-common.php \
|
||||
ykval-getapikey.php ykval-verify.php test-multi.php \
|
||||
ykval-config.php ykval-ping.php
|
||||
ykval-verify.php test-multi.php ykval-config.php \
|
||||
ykval-ping.php
|
||||
DOCS=doc/Installation.wiki
|
||||
GAK=get-api-key/index.php
|
||||
|
||||
all: $(PACKAGE)-$(VERSION).tgz
|
||||
|
||||
$(PACKAGE)-$(VERSION).tgz: $(FILES)
|
||||
mkdir $(PACKAGE)-$(VERSION) $(PACKAGE)-$(VERSION)/doc $(PACKAGE)-$(VERSION)/get-api-key
|
||||
mkdir $(PACKAGE)-$(VERSION) $(PACKAGE)-$(VERSION)/doc
|
||||
cp $(CODE) $(PACKAGE)-$(VERSION)/
|
||||
cp $(DOCS) $(PACKAGE)-$(VERSION)/doc/
|
||||
cp $(GAK) $(PACKAGE)-$(VERSION)/get-api-key/
|
||||
tar cfz $(PACKAGE)-$(VERSION).tgz $(PACKAGE)-$(VERSION)
|
||||
rm -rf $(PACKAGE)-$(VERSION)
|
||||
|
||||
|
||||
@ -1,81 +0,0 @@
|
||||
<?php
|
||||
if (isset($_REQUEST["email"])) {
|
||||
$email = $_REQUEST["email"];
|
||||
} else {
|
||||
$email = "";
|
||||
}
|
||||
if (isset($_REQUEST["otp"])) {
|
||||
$otp = $_REQUEST["otp"];
|
||||
} else {
|
||||
$otp = "";
|
||||
}
|
||||
|
||||
# Quit early on no input
|
||||
if ($email && $otp) {
|
||||
|
||||
# Change URL as appropriate. Use https for non-local connections.
|
||||
$url = "http://localhost/wsapi/getapikey?email=" .
|
||||
$email . "&otp=" . $otp;
|
||||
$ch = curl_init($url);
|
||||
curl_setopt($ch, CURLOPT_USERAGENT, "Get_API_Key");
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
|
||||
$result = curl_exec($ch);
|
||||
curl_close($ch);
|
||||
|
||||
if (preg_match('/^code=ok\nid=([0-9]+)\nkey=(.*)/', $result, $out)) {
|
||||
$id = $out[1];
|
||||
$key = $out[2];
|
||||
} else {
|
||||
error_log ("YK-GAK bad curl output: $result");
|
||||
}
|
||||
}
|
||||
?>
|
||||
<html>
|
||||
<head>
|
||||
<title>Yubico - Get API Key</title>
|
||||
</head>
|
||||
|
||||
<body onLoad="document.getapikey.email.focus();">
|
||||
<h1>Yubico - Get API Key</h1>
|
||||
|
||||
<?php if (isset($id) && isset($key)) { ?>
|
||||
|
||||
<p>Congratulations! Please find below your client identity and
|
||||
client API key.
|
||||
|
||||
<p><table border=1>
|
||||
<tr><td>Id:</td><td><?php print $id; ?></td></tr>
|
||||
<tr><td>API Key:</td><td><?php print $key; ?></td></tr>
|
||||
</table>
|
||||
|
||||
<p>For more information on how to use this, see the Developers web
|
||||
pages.
|
||||
|
||||
<?php } else { ?>
|
||||
|
||||
<p>Here you can generate a shared symmetric key for use with the
|
||||
Yubico Web Services. You need to authenticate yourself using a
|
||||
Yubikey One-Time Password and provide your e-mail address as a
|
||||
reference.
|
||||
|
||||
<p><hr>
|
||||
|
||||
<?php if (isset($result)) { ?>
|
||||
<h1 style="font-weight: bold; color:#EE1111">
|
||||
Authentication failure. Please try again. </h1>
|
||||
<?php } ?>
|
||||
|
||||
<p><form name="getapikey" method="post"><table>
|
||||
<tr><td>E-mail address:</td>
|
||||
<td><input type="text" name="email"></td></tr>
|
||||
<tr><td>Yubikey OTP:</td>
|
||||
<td><input autocomplete="off" type="password" name="otp"></td></tr>
|
||||
<tr><td colspan="2">
|
||||
<input type="submit" value="Generate API Key"></td></tr>
|
||||
</table>
|
||||
</form>
|
||||
|
||||
<?php } ?>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
@ -25,14 +25,6 @@ $baseParams['__YKVAL_SYNC_DEFAULT_TIMEOUT__'] = 1;
|
||||
|
||||
$baseParams['__YKVAL_SYNC_MAX_SIMUL__'] = 50;
|
||||
|
||||
# For the get-api-key service.
|
||||
$baseParams['__YKGAK_DB_HOST__'] = $baseParams['__YKVAL_DB_HOST__'];
|
||||
$baseParams['__YKGAK_DB_NAME__'] = $baseParams['__YKVAL_DB_NAME__'];
|
||||
$baseParams['__YKGAK_DB_USER__'] = 'ykval_getapikey';
|
||||
$baseParams['__YKGAK_DB_PW__'] = 'secondpassword';
|
||||
$baseParams['__YKGAK_ID__'] = '';
|
||||
$baseParams['__YKGAK_KEY__'] = '';
|
||||
|
||||
# For the revoke service.
|
||||
$baseParams['__YKR_DB_HOST__'] = $baseParams['__YKVAL_DB_HOST__'];
|
||||
$baseParams['__YKR_DB_NAME__'] = $baseParams['__YKVAL_DB_NAME__'];
|
||||
@ -40,9 +32,6 @@ $baseParams['__YKR_DB_USER__'] = 'ykval_revoke';
|
||||
$baseParams['__YKR_DB_PW__'] = 'thirdpassword';
|
||||
$baseParams['__YKR_IP__'] = '1.2.3.4';
|
||||
|
||||
|
||||
|
||||
|
||||
// otp2ksmurls: Return array of YK-KSM URLs for decrypting OTP for
|
||||
// CLIENT. The URLs must be fully qualified, i.e., contain the OTP
|
||||
// itself.
|
||||
|
||||
@ -49,11 +49,6 @@ GRANT SELECT(id, secret, active)
|
||||
GRANT SELECT,INSERT,UPDATE,DELETE
|
||||
ON ykval.queue to 'ykval_verifier'@'localhost';
|
||||
|
||||
-- DROP USER 'ykval_getapikey'@'localhost';
|
||||
CREATE USER 'ykval_getapikey'@'localhost';
|
||||
GRANT SELECT(id),INSERT
|
||||
ON ykval.clients to 'ykval_getapikey'@'localhost';
|
||||
|
||||
-- DROP USER 'ykval_revoke'@'localhost';
|
||||
CREATE USER 'ykval_revoke'@'localhost';
|
||||
GRANT UPDATE(active)
|
||||
|
||||
@ -1,64 +0,0 @@
|
||||
<?php
|
||||
require_once 'ykval-common.php';
|
||||
require_once 'ykval-config.php';
|
||||
require_once 'Auth/Yubico.php';
|
||||
|
||||
header("content-type: text/plain");
|
||||
|
||||
debug("Request: " . $_SERVER['QUERY_STRING']);
|
||||
|
||||
$conn = mysql_connect($baseParams['__YKGAK_DB_HOST__'],
|
||||
$baseParams['__YKGAK_DB_USER__'],
|
||||
$baseParams['__YKGAK_DB_PW__']);
|
||||
if (!$conn) {
|
||||
logdie("code=connecterror");
|
||||
}
|
||||
if (!mysql_select_db($baseParams['__YKGAK_DB_NAME__'], $conn)) {
|
||||
logdie("code=selecterror");
|
||||
}
|
||||
|
||||
$email = $_REQUEST["email"];
|
||||
$otp = $_REQUEST["otp"];
|
||||
if (!$email || !$otp || !(strpos($email . $otp, " ") === FALSE)) {
|
||||
logdie("code=noparam");
|
||||
}
|
||||
|
||||
$yubi = &new Auth_Yubico($baseParams['__YKGAK_ID__'],
|
||||
$baseParams['__YKGAK_KEY__']);
|
||||
$auth = $yubi->verify($otp);
|
||||
if (PEAR::isError($auth)) {
|
||||
logdie("code=badotp\nstatus=" . $auth->getMessage());
|
||||
}
|
||||
|
||||
$sqlid = mysql_real_escape_string($email . " " . $yubikey);
|
||||
|
||||
$fh = fopen("/dev/urandom", "r")
|
||||
or logdie ("code=openerror");
|
||||
$rnd = fread ($fh, 20)
|
||||
or logdie ("code=readerror");
|
||||
fclose ($fh);
|
||||
$b64rnd = base64_encode ($rnd);
|
||||
|
||||
$query = "SELECT MAX(id) FROM clients";
|
||||
$result = mysql_query($query, $conn);
|
||||
if (!$result) {
|
||||
debug("SQL query error: " . mysql_error());
|
||||
logdie("code=maxiderror");
|
||||
}
|
||||
$id = mysql_fetch_row ($result);
|
||||
mysql_free_result($result);
|
||||
$id = $id[0] + 1;
|
||||
|
||||
$query = "INSERT INTO clients (id, created, email, otp, secret) " .
|
||||
"VALUES (\"$id\", NOW(), " . mysql_quote($email) . ", " .
|
||||
mysql_quote($otp) . ", " . "\"$b64rnd\")";
|
||||
if (!mysql_query($query, $conn)) {
|
||||
debug("SQL query error: " . mysql_error());
|
||||
logdie("code=inserterror");
|
||||
}
|
||||
|
||||
mysql_close($conn);
|
||||
|
||||
debug("Successfully added client ID $id");
|
||||
echo "code=ok\nid=$id\nkey=$b64rnd\n";
|
||||
?>
|
||||
Loading…
Reference in New Issue
Block a user