rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-02-01 10:52:18 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch 'feature/oracle_support'

Browse Source 
Conflicts:
	Makefile
This commit is contained in:
Klas Lindfors 2012-07-05 12:47:36 +02:00
commit e47d407fd9
14 changed files with 533 additions and 230 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Makefile
View File

@ -5,7 +5,8 @@ CODE = COPYING Makefile NEWS ykval-checksum-clients.php \
ykval-export.php ykval-import.php ykval-log.php ykval-ping.php \
ykval-queue.php ykval-revoke.php ykval-synclib.php \
ykval-sync.php ykval-verify.php ykval-export-clients.php \
ykval-import-clients.php ykval-resync.php
ykval-import-clients.php ykval-db-oci.php ykval-db-pdo.php \
ykval-db.oracle.sql ykval-resync.php
MUNIN = ykval-munin-ksmlatency.php ykval-munin-vallatency.php \
ykval-munin-queuelength.php ykval-munin-responses.pl \
ykval-munin-yubikeystats.php
@ -34,6 +35,8 @@ install:
install -D --mode 644 ykval-sync.php $(DESTDIR)$(phpprefix)/ykval-sync.php
install -D --mode 644 ykval-resync.php $(DESTDIR)$(phpprefix)/ykval-resync.php
install -D --mode 644 ykval-db.php $(DESTDIR)$(phpprefix)/ykval-db.php
install -D --mode 644 ykval-db-pdo.php $(DESTDIR)$(phpprefix)/ykval-db-pdo.php
install -D --mode 644 ykval-db-oci.php $(DESTDIR)$(phpprefix)/ykval-db-oci.php
install -D --mode 644 ykval-log.php $(DESTDIR)$(phpprefix)/ykval-log.php
install -D ykval-queue.php $(DESTDIR)$(sbinprefix)/ykval-queue
install -D ykval-export.php $(DESTDIR)$(sbinprefix)/ykval-export
@ -48,6 +51,7 @@ install:
install -D ykval-munin-yubikeystats.php $(DESTDIR)$(muninprefix)/ykval_yubikeystats
install -D --backup --mode 640 --group $(wwwgroup) ykval-config.php $(DESTDIR)$(etcprefix)/ykval-config.php-template
install -D --mode 644 ykval-db.sql $(DESTDIR)$(docprefix)/ykval-db.sql
install -D --mode 644 ykval-db.oracle.sql $(DESTDIR)$(docprefix)/ykval-db.oracle.sql
install -D --mode 644 $(DOCS) $(DESTDIR)$(docprefix)/
wwwprefix = /var/www/wsapi

18
ykval-checksum-clients.php
View File

@ -26,11 +26,7 @@ require_once 'ykval-db.php';
$logname="ykval-checksum-clients";
$myLog = new Log($logname);
$db=new Db($baseParams['__YKVAL_DB_DSN__'],
$baseParams['__YKVAL_DB_USER__'],
$baseParams['__YKVAL_DB_PW__'],
$baseParams['__YKVAL_DB_OPTIONS__'],
$logname . ':db');
$db = Db::GetDatabaseHandle($baseParams, $logname);
if (!$db->connect()) {
$myLog->log(LOG_WARNING, "Could not connect to database");
@ -41,16 +37,18 @@ $everything = "";
$result=$db->customQuery("SELECT id, active, secret ".
"FROM clients ".
"ORDER BY id");
while($row = $result->fetch(PDO::FETCH_ASSOC)) {
if ($row['active'] == "") {
while($row = $db->fetchArray($result)) {
$active = $row['active'];
if ($active == "") {
# For some reason PostgreSQL returns empty strings for false values?!
$row['active'] = "0";
$active = "0";
}
$everything = $everything .
$row['id'] . "\t" . $row['active'] . "\t" . $row['secret'] .
"\n";
$row['id'] . "\t" . $active . "\t" .
$row['secret'] . "\n";
}
$db->closeCursor($result);
$hash = sha1 ($everything);
if ($verbose) {

2
ykval-config.php
View File

@ -2,7 +2,7 @@
# For the validation interface.
$baseParams = array ();
$baseParams['__YKVAL_DB_DSN__'] = "mysql:dbname=ykval;host=127.0.0.1";
$baseParams['__YKVAL_DB_DSN__'] = "mysql:dbname=ykval;host=127.0.0.1"; # "oci:oracledb" for Oracle DB (with OCI library)
$baseParams['__YKVAL_DB_USER__'] = 'ykval_verifier';
$baseParams['__YKVAL_DB_PW__'] = 'lab';
$baseParams['__YKVAL_DB_OPTIONS__'] = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);

216
ykval-db-oci.php Normal file
View File

@ -0,0 +1,216 @@
<?php
/**
* Class for managing oracle database connection
*/
require_once('ykval-log.php');
require_once('ykval-db.php');
class DbImpl extends Db
{
/**
* Constructor
*
* @param string $host Database host
* @param string $user Database user
* @param string $pwd Database password
* @param string $name Database table name
* @return void
*
*/
public function __construct($db_dsn, $db_username, $db_password, $db_options, $name='ykval-db')
{
$this->db_dsn=$db_dsn;
$this->db_username=$db_username;
$this->db_password=$db_password;
$this->db_options=$db_options;
if(substr($db_dsn, 0, 4) == 'oci:') {
# "oci:" prefix needs to be removed before passing db_dsn to OCI
$this->db_dsn = substr($this->db_dsn, 4);
}
$this->myLog=new Log($name);
}
/**
* function to connect to database defined in config.php
*
* @return boolean True on success, otherwise false.
*
*/
public function connect(){
$this->dbh = oci_connect($this->db_username, $this->db_password, $this->db_dsn);
if (!$this->dbh) {
$error = oci_error();
$this->myLog->log(LOG_CRIT, "Database connection error: " . $error["message"]);
$this->dbh=Null;
return false;
}
return true;
}
protected function query($query, $returnresult=false) {
if(!$this->isConnected()) {
$this->connect();
}
if($this->isConnected()) {
$this->myLog->log(LOG_DEBUG, 'DB query is: ' . $query);
# OCI mode
$result = oci_parse($this->dbh, $query);
if(!oci_execute($result)) {
$this->myLog->log(LOG_INFO, 'Database query error: ' . preg_replace('/\n/',' ',print_r(oci_error($result), true)));
$this->dbh = Null;
return false;
}
$this->result = $result;
if ($returnresult) return $this->result;
else return true;
} else {
$this->myLog->log(LOG_CRIT, 'No database connection');
return false;
}
}
/**
* function to get a row from the query result
* Once all rows have been fetch, function closeCursor needs to be called
*
* @param object $result Query result object or null to use the current one
* @return array a query row
*
*/
public function fetchArray($result=null){
if(!$result) $result = $this->result;
if(!$result) return null;
$res = oci_fetch_array($result, OCI_ASSOC);
return array_change_key_case($res, CASE_LOWER);
}
/**
* function to close the cursor after having fetched rows
*
* @param object $result Query result object or null to use the current one
*
*/
public function closeCursor($result=null){
}
/**
* main function used to get rows by multiple key=>value pairs from Db table.
*
* @param string $table Database table to update row in
* @param array $where Array with column=>values to select rows by
* @param int $nr Number of rows to collect. NULL=>inifinity. Default=NULL.
* @param int $rev rev=1 indicates order should be reversed. Default=NULL.
* @param string distinct Select rows with distinct columns, Default=NULL
* @return mixed Array with values from Db row or 2d-array with multiple rows
*
*/
public function findByMultiple($table, $where, $nr=null, $rev=null, $distinct=null)
{
$value=""; /* quiet the PHP Notice */
$match=null; /* quiet the PHP Notice */
$query="SELECT";
if($nr!=null){
# LIMIT doesn't exist in Oracle, so we encapsulate the query to be
# able to filter a given number of rows afterwars (after ordering)
$query.= " * FROM (SELECT";
}
if ($distinct!=null) {
$query.= " DISTINCT " . $distinct;
} else {
$query.= " *";
}
$query.= " FROM " . $table;
if ($where!=null){
foreach ($where as $key=>$value) {
if ($key!=null) {
if ($value!=null) $match.= " ". $key . " = '" . $value . "' and";
else $match.= " ". $key . " is NULL and";
}
}
if ($match!=null) $query .= " WHERE" . $match;
$query=rtrim($query, "and");
$query=rtrim($query);
}
if ($rev==1) $query.= " ORDER BY id DESC";
if ($nr!=null) {
$query .= ") WHERE rownum < " . ($nr+1);
}
$result = $this->query($query, true);
if (!$result) return false;
if ($nr==1) {
$row = $this->fetchArray($result);
$this->closeCursor($result);
return $row;
}
else {
$collection=array();
while($row = $this->fetchArray($result)){
$collection[]=$row;
}
$this->closeCursor($result);
return $collection;
}
}
/**
* main function used to delete rows by multiple key=>value pairs from Db table.
*
* @param string $table Database table to delete row in
* @param array $where Array with column=>values to select rows by
* @param int $nr Number of rows to collect. NULL=>inifinity. Default=NULL.
* @param int $rev rev=1 indicates order should be reversed. Default=NULL.
* @param string distinct Select rows with distinct columns, Default=NULL
* @return boolean True on success, otherwise false.
*
*/
public function deleteByMultiple($table, $where, $nr=null, $rev=null)
{
$query="DELETE";
$query.= " FROM " . $table;
$query .= " WHERE id IN (SELECT id FROM " . $table;
if ($where!=null){
$query.= " WHERE";
foreach ($where as $key=>$value) {
$query.= " ". $key . " = '" . $value . "' and";
}
$query=rtrim($query, "and");
$query=rtrim($query);
}
if ($rev==1) $query.= " ORDER BY id DESC";
$query .= ")";
if ($nr!=null) $query.= " and rownum < " . ($nr+1);
return $this->query($query, false);
}
/**
* Function to get the number of rows
*
* @param object $result Query result object or null to use the current one
* @return int number of rows affected by last statement or 0 if database connection is not functional.
*
*/
public function rowCount($result=null)
{
if(!$result) $result = $this->result;
if($result) {
return oci_num_rows($result);
} else {
return 0;
}
}
}
?>

211
ykval-db-pdo.php Normal file
View File

@ -0,0 +1,211 @@
<?php
/**
* Class for managing database connection
*/
require_once('ykval-log.php');
require_once('ykval-db.php');
class DbImpl extends Db
{
/**
* Constructor
*
* @param string $host Database host
* @param string $user Database user
* @param string $pwd Database password
* @param string $name Database table name
* @return void
*
*/
public function __construct($db_dsn, $db_username, $db_password, $db_options, $name='ykval-db')
{
$this->db_dsn=$db_dsn;
$this->db_username=$db_username;
$this->db_password=$db_password;
$this->db_options=$db_options;
$this->myLog=new Log($name);
}
/**
* function to connect to database defined in config.php
*
* @return boolean True on success, otherwise false.
*
*/
public function connect(){
try {
$this->dbh = new PDO($this->db_dsn, $this->db_username, $this->db_password, $this->db_options);
} catch (PDOException $e) {
$this->myLog->log(LOG_CRIT, "Database connection error: " . $e->getMessage());
$this->dbh=Null;
return false;
}
return true;
}
protected function query($query, $returnresult=false) {
if(!$this->isConnected()) {
$this->connect();
}
if($this->isConnected()) {
$this->myLog->log(LOG_DEBUG, 'DB query is: ' . $query);
try {
$this->result = $this->dbh->query($query);
} catch (PDOException $e) {
$this->myLog->log(LOG_INFO, 'Database query error: ' . preg_replace('/\n/',' ',print_r($this->dbh->errorInfo(), true)));
$this->dbh = Null;
return false;
}
if ($returnresult) return $this->result;
else return true;
} else {
$this->myLog->log(LOG_CRIT, 'No database connection');
return false;
}
}
/**
* function to get a row from the query result
* Once all rows have been fetch, function closeCursor needs to be called
*
* @param object $result Query result object or null to use the current one
* @return array a query row
*
*/
public function fetchArray($result=null){
if(!$result) $result = $this->result;
if(!$result) return null;
return $result->fetch(PDO::FETCH_ASSOC);
}
/**
* function to close the cursor after having fetched rows
*
* @param object $result Query result object or null to use the current one
*
*/
public function closeCursor($result=null){
if(!$result) $result = $this->result;
$result->closeCursor();
}
public function truncateTable($name)
{
$this->query("TRUNCATE TABLE " . $name);
}
/**
* main function used to get rows by multiple key=>value pairs from Db table.
*
* @param string $table Database table to update row in
* @param array $where Array with column=>values to select rows by
* @param int $nr Number of rows to collect. NULL=>inifinity. Default=NULL.
* @param int $rev rev=1 indicates order should be reversed. Default=NULL.
* @param string distinct Select rows with distinct columns, Default=NULL
* @return mixed Array with values from Db row or 2d-array with multiple rows
*
*/
public function findByMultiple($table, $where, $nr=null, $rev=null, $distinct=null)
{
$value=""; /* quiet the PHP Notice */
$match=null; /* quiet the PHP Notice */
$query="SELECT";
if ($distinct!=null) {
$query.= " DISTINCT " . $distinct;
} else {
$query.= " *";
}
$query.= " FROM " . $table;
if ($where!=null){
foreach ($where as $key=>$value) {
if ($key!=null) {
if ($value!=null) $match.= " ". $key . " = '" . $value . "' and";
else $match.= " ". $key . " is NULL and";
}
}
if ($match!=null) $query .= " WHERE" . $match;
$query=rtrim($query, "and");
$query=rtrim($query);
}
if ($rev==1) $query.= " ORDER BY id DESC";
if ($nr!=null) $query.= " LIMIT " . $nr;
$result = $this->query($query, true);
if (!$result) return false;
if ($nr==1) {
$row = $this->fetchArray($result);
$this->closeCursor($result);
return $row;
}
else {
$collection=array();
while($row = $this->fetchArray($result)){
$collection[]=$row;
}
$this->closeCursor($result);
return $collection;
}
}
/**
* main function used to delete rows by multiple key=>value pairs from Db table.
*
* @param string $table Database table to delete row in
* @param array $where Array with column=>values to select rows by
* @param int $nr Number of rows to collect. NULL=>inifinity. Default=NULL.
* @param int $rev rev=1 indicates order should be reversed. Default=NULL.
* @param string distinct Select rows with distinct columns, Default=NULL
* @return boolean True on success, otherwise false.
*
*/
public function deleteByMultiple($table, $where, $nr=null, $rev=null)
{
$query="DELETE";
$query.= " FROM " . $table;
if ($where!=null){
$query.= " WHERE";
foreach ($where as $key=>$value) {
$query.= " ". $key . " = '" . $value . "' and";
}
$query=rtrim($query, "and");
$query=rtrim($query);
}
if ($rev==1) $query.= " ORDER BY id DESC";
if ($nr!=null) $query.= " LIMIT " . $nr;
return $this->query($query, false);
}
/**
* Function to get the number of rows
*
* @param object $result Query result object or null to use the current one
* @return int number of rows affected by last statement or 0 if database connection is not functional.
*
*/
public function rowCount($result=null)
{
if(!$result) $result = $this->result;
if($result) {
$count=$result->rowCount();
$result->closeCursor();
return $count;
} else {
return 0;
}
}
}
?>

36
ykval-db.oracle.sql Normal file
View File

@ -0,0 +1,36 @@
-- I created a new sql file because oracle does not allow boolean type
-- so I used the type NUMBER(1) which is pretty similar
CREATE TABLE clients (
id INT NOT NULL,
active NUMBER(1) DEFAULT 1,
created INT NOT NULL,
secret VARCHAR(60) DEFAULT '',
email VARCHAR(255),
notes VARCHAR(100) DEFAULT '',
otp VARCHAR(100) DEFAULT '',
PRIMARY KEY (id)
);
CREATE TABLE yubikeys (
active NUMBER(1) DEFAULT 1,
created INT NOT NULL,
modified INT NOT NULL,
yk_publicname VARCHAR(16) NOT NULL,
yk_counter INT NOT NULL,
yk_use INT NOT NULL,
yk_low INT NOT NULL,
yk_high INT NOT NULL,
nonce VARCHAR(40) DEFAULT '',
notes VARCHAR(100) DEFAULT '',
PRIMARY KEY (yk_publicname)
);
CREATE TABLE queue (
queued INT DEFAULT NULL,
modified INT DEFAULT NULL,
server_nonce VARCHAR(32) NOT NULL,
otp VARCHAR(100) NOT NULL,
server VARCHAR(100) NOT NULL,
info VARCHAR(256) NOT NULL
);

172
ykval-db.php
View File

@ -7,28 +7,24 @@
require_once('ykval-log.php');
class Db
abstract class Db
{
/**
* Constructor
* static function to determine database type and instantiate the correct subclass
*
* @param string $host Database host
* @param string $user Database user
* @param string $pwd Database password
* @param string $name Database table name
* @return void
*
*/
public function __construct($db_dsn, $db_username, $db_password, $db_options, $name='ykval-db')
* */
public static function GetDatabaseHandle($baseParams, $logname)
{
$this->db_dsn=$db_dsn;
$this->db_username=$db_username;
$this->db_password=$db_password;
$this->db_options=$db_options;
$this->myLog=new Log($name);
if(substr($baseParams['__YKVAL_DB_DSN__'], 0, 3) == 'oci') {
require_once 'ykval-db-oci.php';
} else {
require_once 'ykval-db-pdo.php';
}
return new DbImpl($baseParams['__YKVAL_DB_DSN__'],
$baseParams['__YKVAL_DB_USER__'],
$baseParams['__YKVAL_DB_PW__'],
$baseParams['__YKVAL_DB_OPTIONS__'],
$logname . ':db');
}
function addField($name, $value)
@ -85,45 +81,6 @@ class Db
if ($this->dbh!=NULL) return True;
else return False;
}
/**
* function to connect to database defined in config.php
*
* @return boolean True on success, otherwise false.
*
*/
public function connect(){
try {
$this->dbh = new PDO($this->db_dsn, $this->db_username, $this->db_password, $this->db_options);
} catch (PDOException $e) {
$this->myLog->log(LOG_CRIT, "Database connection error: " . $e->getMessage());
$this->dbh=Null;
return false;
}
return true;
}
private function query($query, $returnresult=false) {
if(!$this->isConnected()) {
$this->connect();
}
if($this->isConnected()) {
$this->myLog->log(LOG_DEBUG, 'DB query is: ' . $query);
try {
$this->result = $this->dbh->query($query);
} catch (PDOException $e) {
$this->myLog->log(LOG_INFO, 'Database query error: ' . preg_replace('/\n/',' ',print_r($this->dbh->errorInfo(), true)));
$this->dbh = Null;
return false;
}
if ($returnresult) return $this->result;
else return true;
} else {
$this->myLog->log(LOG_CRIT, 'No database connection');
return false;
}
}
public function truncateTable($name)
{
@ -273,90 +230,6 @@ or false on failure.
return $this->findByMultiple($table, array($key=>$value), $nr, $rev);
}
/**
* main function used to get rows by multiple key=>value pairs from Db table.
*
* @param string $table Database table to update row in
* @param array $where Array with column=>values to select rows by
* @param int $nr Number of rows to collect. NULL=>inifinity. Default=NULL.
* @param int $rev rev=1 indicates order should be reversed. Default=NULL.
* @param string distinct Select rows with distinct columns, Default=NULL
* @return mixed Array with values from Db row or 2d-array with multiple rows
*
*/
public function findByMultiple($table, $where, $nr=null, $rev=null, $distinct=null)
{
$value=""; /* quiet the PHP Notice */
$match=null; /* quiet the PHP Notice */
$query="SELECT";
if ($distinct!=null) {
$query.= " DISTINCT " . $distinct;
} else {
$query.= " *";
}
$query.= " FROM " . $table;
if ($where!=null){
foreach ($where as $key=>$value) {
if ($key!=null) {
if ($value!=null) $match.= " ". $key . " = '" . $value . "' and";
else $match.= " ". $key . " is NULL and";
}
}
if ($match!=null) $query .= " WHERE" . $match;
$query=rtrim($query, "and");
$query=rtrim($query);
}
if ($rev==1) $query.= " ORDER BY id DESC";
if ($nr!=null) $query.= " LIMIT " . $nr;
$result = $this->query($query, true);
if (!$result) return false;
if ($nr==1) {
$row = $result->fetch(PDO::FETCH_ASSOC);
$result->closeCursor();
return $row;
}
else {
$collection=array();
while($row = $result->fetch(PDO::FETCH_ASSOC)){
$collection[]=$row;
}
$result->closeCursor();
return $collection;
}
}
/**
* main function used to delete rows by multiple key=>value pairs from Db table.
*
* @param string $table Database table to delete row in
* @param array $where Array with column=>values to select rows by
* @param int $nr Number of rows to collect. NULL=>inifinity. Default=NULL.
* @param int $rev rev=1 indicates order should be reversed. Default=NULL.
* @param string distinct Select rows with distinct columns, Default=NULL
* @return boolean True on success, otherwise false.
*
*/
public function deleteByMultiple($table, $where, $nr=null, $rev=null)
{
$query="DELETE";
$query.= " FROM " . $table;
if ($where!=null){
$query.= " WHERE";
foreach ($where as $key=>$value) {
$query.= " ". $key . " = '" . $value . "' and";
}
$query=rtrim($query, "and");
$query=rtrim($query);
}
if ($rev==1) $query.= " ORDER BY id DESC";
if ($nr!=null) $query.= " LIMIT " . $nr;
return $this->query($query, false);
}
/**
* Function to do a custom query on database connection
*
@ -369,23 +242,6 @@ or false on failure.
return $this->query($query, true);
}
/**
* Function to do a custom query on database connection
*
* @return int number of rows affected by last statement or 0 if database connection is not functional.
*
*/
public function rowCount()
{
if($this->result) {
$count=$this->result->rowCount();
$this->result->closeCursor();
return $count;
} else {
return 0;
}
}
/**
* helper function used to get rows from Db table in reversed order.
* defaults to obtaining 1 row.

13
ykval-export-clients.php
View File

@ -10,11 +10,7 @@ require_once 'ykval-db.php';
$logname="ykval-export";
$myLog = new Log($logname);
$db=new Db($baseParams['__YKVAL_DB_DSN__'],
$baseParams['__YKVAL_DB_USER__'],
$baseParams['__YKVAL_DB_PW__'],
$baseParams['__YKVAL_DB_OPTIONS__'],
$logname . ':db');
$db = Db::GetDatabaseHandle($baseParams, $logname);
if (!$db->connect()) {
$myLog->log(LOG_WARNING, "Could not connect to database");
@ -22,7 +18,7 @@ if (!$db->connect()) {
}
$result = $db->customQuery("select id, active, created, secret, email, notes, otp from clients order by id");
while($row = $result->fetch(PDO::FETCH_ASSOC)){
while($row = $db->fetchArray($result)) {
echo $row['id'] .
"\t" . (int)$row['active'] .
"\t" . $row['created'] .
@ -31,7 +27,10 @@ while($row = $result->fetch(PDO::FETCH_ASSOC)){
"\t" . $row['notes'] .
"\t" . $row['otp'] .
"\n";
}
}
$db->closeCursor($result);
$db->disconnect();
$result=null;
$db=null;

12
ykval-export.php
View File

@ -10,11 +10,7 @@ require_once 'ykval-db.php';
$logname="ykval-export";
$myLog = new Log($logname);
$db=new Db($baseParams['__YKVAL_DB_DSN__'],
$baseParams['__YKVAL_DB_USER__'],
$baseParams['__YKVAL_DB_PW__'],
$baseParams['__YKVAL_DB_OPTIONS__'],
$logname . ':db');
$db = Db::GetDatabaseHandle($baseParams, $logname);
if (!$db->connect()) {
$myLog->log(LOG_WARNING, "Could not connect to database");
@ -22,7 +18,7 @@ if (!$db->connect()) {
}
$result=$db->customQuery("SELECT active, created, modified, yk_publicname, yk_counter, yk_use, yk_low, yk_high, nonce, notes FROM yubikeys ORDER BY yk_publicname");
while($row = $result->fetch(PDO::FETCH_ASSOC)){
while($row = $db->fetchArray($result)){
echo (int)$row['active'] .
"\t" . $row['created'] .
"\t" . $row['modified'] .
@ -36,8 +32,10 @@ while($row = $result->fetch(PDO::FETCH_ASSOC)){
"\n";
}
$db->closeCursor($result);
$db->disconnect();
$result=null;
$db=null;
?>
?>

9
ykval-import-clients.php
View File

@ -10,11 +10,7 @@ require_once 'ykval-db.php';
$logname="ykval-import";
$myLog = new Log($logname);
$db=new Db($baseParams['__YKVAL_DB_DSN__'],
$baseParams['__YKVAL_DB_USER__'],
$baseParams['__YKVAL_DB_PW__'],
$baseParams['__YKVAL_DB_OPTIONS__'],
$logname . ':db');
$db = Db::GetDatabaseHandle($baseParams, $logname);
if (!$db->connect()) {
$myLog->log(LOG_WARNING, "Could not connect to database");
@ -35,7 +31,7 @@ while ($res=fgetcsv(STDIN, 0, "\t")) {
$query="SELECT * FROM clients WHERE id='" . $params['id'] . "'";
$result=$db->customQuery($query);
if(!$result->fetch(PDO::FETCH_ASSOC)) {
if($db->rowCount($result) == 0) {
// We didn't have the id in database so we need to do insert instead
$query="INSERT INTO clients " .
"(id,active,created,secret,email,notes,otp) VALUES " .
@ -53,6 +49,7 @@ while ($res=fgetcsv(STDIN, 0, "\t")) {
exit(1);
}
}
$db->closeCursor($result);
}

9
ykval-import.php
View File

@ -10,11 +10,7 @@ require_once 'ykval-db.php';
$logname="ykval-import";
$myLog = new Log($logname);
$db=new Db($baseParams['__YKVAL_DB_DSN__'],
$baseParams['__YKVAL_DB_USER__'],
$baseParams['__YKVAL_DB_PW__'],
$baseParams['__YKVAL_DB_OPTIONS__'],
$logname . ':db');
$db = Db::GetDatabaseHandle($baseParams, $logname);
if (!$db->connect()) {
$myLog->log(LOG_WARNING, "Could not connect to database");
@ -38,7 +34,7 @@ while ($res=fgetcsv(STDIN, 0, "\t")) {
$query="SELECT * FROM yubikeys WHERE yk_publicname='" . $params['yk_publicname'] . "'";
$result=$db->customQuery($query);
if($result->fetch(PDO::FETCH_ASSOC)) {
if($db->rowCount($result)) {
$query="UPDATE yubikeys SET " .
"active='" . $params["active"] . "' " .
",created='" . $params["created"] . "' " .
@ -80,6 +76,7 @@ while ($res=fgetcsv(STDIN, 0, "\t")) {
exit(1);
}
}
$db->closeCursor($result);
}

6
ykval-revoke.php
View File

@ -27,11 +27,7 @@ if ($do != "enable" && $do != "disable") {
}
# Connect to db
$db = new Db($baseParams['__YKVAL_DB_DSN__'],
$baseParams['__YKVAL_DB_USER__'],
$baseParams['__YKVAL_DB_PW__'],
$baseParams['__YKVAL_DB_OPTIONS__'],
'ykval-revoke:db');
$db = Db::GetDatabaseHandle($baseParams, 'ykval-revoke');
if (!$db->connect()) {
logdie($myLog, "ERROR Database connect error");
}

51
ykval-synclib.php
View File

@ -15,12 +15,7 @@ class SyncLib
$this->myLog = new Log($logname);
global $baseParams;
$this->syncServers = $baseParams['__YKVAL_SYNC_POOL__'];
$this->db=new Db($baseParams['__YKVAL_DB_DSN__'],
$baseParams['__YKVAL_DB_USER__'],
$baseParams['__YKVAL_DB_PW__'],
$baseParams['__YKVAL_DB_OPTIONS__'],
$logname . ':db');
$this->db = Db::GetDatabaseHandle($baseParams, $logname);
$this->isConnected=$this->db->connect();
$this->server_nonce=md5(uniqid(rand()));
@ -56,9 +51,9 @@ class SyncLib
function getClientData($client)
{
$res=$this->db->customQuery("SELECT id, secret FROM clients WHERE active AND id='" . $client . "'");
$r = $res->fetch(PDO::FETCH_ASSOC);
$res->closeCursor();
$res = $this->db->customQuery("SELECT id, secret FROM clients WHERE active='1' AND id='" . $client . "'");
$r = $this->db->fetchArray($res);
$this->db->closeCursor($res);
if ($r) return $r;
else return false;
}
@ -143,7 +138,7 @@ class SyncLib
function getLocalParams($yk_publicname)
{
$this->log(LOG_INFO, "searching for yk_publicname " . $yk_publicname . " in local db");
$res = $this->db->findBy('yubikeys', 'yk_publicname', $yk_publicname,1);
$res = $this->db->findBy('yubikeys', 'yk_publicname', $yk_publicname, 1);
if (!$res) {
$this->log(LOG_NOTICE, 'Discovered new identity ' . $yk_publicname);
@ -160,14 +155,14 @@ class SyncLib
$res=$this->db->findBy('yubikeys', 'yk_publicname', $yk_publicname,1);
}
if ($res) {
$localParams=array('modified'=>$res['modified'],
'nonce'=>$res['nonce'],
'active'=>$res['active'],
'yk_publicname'=>$yk_publicname,
'yk_counter'=>$res['yk_counter'],
'yk_use'=>$res['yk_use'],
'yk_high'=>$res['yk_high'],
'yk_low'=>$res['yk_low']);
$localParams=array('modified' => $res['modified'],
'nonce' => $res['nonce'],
'active' => $res['active'],
'yk_publicname' => $yk_publicname,
'yk_counter' => $res['yk_counter'],
'yk_use' => $res['yk_use'],
'yk_high' => $res['yk_high'],
'yk_low' => $res['yk_low']);
$this->log(LOG_INFO, "yubikey found in db ", $localParams);
return $localParams;
@ -289,21 +284,20 @@ class SyncLib
$this->log(LOG_INFO, 'starting resync');
/* Loop over all unique servers in queue */
$queued_limit=time()-$older_than;
$res=$this->db->customQuery("select distinct server from queue WHERE queued < " . $queued_limit . " or queued is null");
$server_res=$this->db->customQuery("select distinct server from queue WHERE queued < " . $queued_limit . " or queued is null");
foreach ($res as $my_server) {
while ($my_server=$this->db->fetchArray($server_res)) {
$this->log(LOG_INFO, "Processing queue for server " . $my_server['server']);
$res=$this->db->customQuery("select * from queue WHERE (queued < " . $queued_limit . " or queued is null) and server='" . $my_server['server'] . "'");
$ch = curl_init();
while ($entry=$res->fetch(PDO::FETCH_ASSOC)) {
while ($entry=$this->db->fetchArray($res)) {
$this->log(LOG_INFO, "server=" . $entry['server'] . ", server_nonce=" . $entry['server_nonce'] . ", info=" . $entry['info']);
$url=$entry['server'] .
"?otp=" . $entry['otp'] .
"&modified=" . $entry['modified'] .
"&" . $this->otpPartFromInfoString($entry['info']);
/* Send out sync request */
$this->log(LOG_DEBUG, 'url is ' . $url);
curl_setopt($ch, CURLOPT_URL, $url);
@ -315,7 +309,7 @@ class SyncLib
$response = curl_exec($ch);
if ($response==False) {
$this->log(LOG_NOTICE, 'Timeout. Stopping queue resync for server ' . $my_server['server']);
$this->log(LOG_NOTICE, 'Timeout. Stopping queue resync for server ' . $entry['server']);
break;
}
@ -371,8 +365,8 @@ class SyncLib
/* Deletion */
$this->log(LOG_INFO, 'deleting queue entry with modified=' . $entry['modified'] .
' server_nonce=' . $entry['server_nonce'] .
' server=' . $entry['server']);
' server_nonce=' . $entry['server_nonce'] .
' server=' . $entry['server']);
$this->db->deleteByMultiple('queue',
array("modified"=>$entry['modified'],
"server_nonce"=>$entry['server_nonce'],
@ -388,9 +382,10 @@ class SyncLib
}
} /* End of loop over each queue entry for a server */
curl_close($ch);
$res->closeCursor();
curl_close($ch);
$this->db->closeCursor($res);
} /* End of loop over each distinct server in queue */
$this->db->closeCursor($server_res);
return true;
}
@ -402,7 +397,7 @@ class SyncLib
$urls=array();
$res=$this->db->findByMultiple('queue', array("modified"=>$this->otpParams['modified'], "server_nonce"=>$this->server_nonce));
foreach ($res as $row) {
foreach($res as $row) {
$urls[]=$row['server'] .
"?otp=" . $row['otp'] .
"&modified=" . $row['modified'] .

2
ykval-verify.php
View File

@ -11,7 +11,7 @@ $myLog = new Log('ykval-verify');
$myLog->addField('ip', $_SERVER['REMOTE_ADDR']);
$myLog->log(LOG_INFO, "Request: " . $_SERVER['QUERY_STRING'] .
" (at " . date("c") . " " . microtime() . ") " .
(isset($_SERVER["HTTPS"]) == TRUE ? ($_SERVER["HTTPS"] == "on" ? "HTTPS" : "HTTP") : "HTTP"));
(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" ? "HTTPS" : "HTTP"));
/* Detect protocol version */
if (preg_match("/\/wsapi\/([0-9]+)\.([0-9]+)\//", $_SERVER['REQUEST_URI'], $out)) {