rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-02-01 01:52:18 +01:00
Code Issues Projects Releases Wiki Activity
309 Commits 7 Branches 44 Tags
Commit Graph

40 Commits

Author SHA1 Message Date
Klas Lindfors
da24a3fe30 fix fast or secure strings as sl 
move transformation of strings for sync and default values for sync and
timeout to before sanity checking.
 2012-02-22 14:27:24 +01:00
Simon Josefsson
a68539e884 Tiny fixes to silence PHP warnings from Hiroki Nose <Hiroki_Nose@totec.co.jp>. 
1. PHP Notice:  Use of undefined constant CURL_OK - assumed 'CURL_OK' in /usr/share/ykval/ykval-common.php on line 156 
 2. PHP Notice:  Undefined index: HTTPS in /usr/share/ykval/ykval-verify.php on line 14 
 3. PHP Notice:  Undefined variable: query in /usr/share/ykval/ykval-db.php on line 186
 2011-10-25 08:08:31 +00:00
Simon Josefsson
fb506d0238 Don't echo (unsanitized) OTP/NONCE values back to client when 
sending error codes.  Reported by Paul van Empelen.
 2011-08-18 12:19:15 +00:00
Simon Josefsson
016313a1e3 Support YubiKey OTPs filtered through a US Dvorak keyboard layout. 2010-09-21 08:13:36 +00:00
Simon Josefsson
dd9f472e77 Fix typo. 2010-09-12 10:42:32 +00:00
Simon Josefsson
8ea97ab0fb Sanity check OTP variable before trusting it. 
Reported by Ricky Zhou <ricky@fedoraproject.org>.
 2010-09-12 10:39:23 +00:00
Simon Josefsson
c9f58a83c7 Log HTTPS status. 2010-08-22 14:38:26 +00:00
Simon Josefsson
069092fd6b Timestamp requests. 2010-08-22 13:27:46 +00:00
Simon Josefsson
7b18b50ee7 When number of sync servers equals zero, set sync result to success. 
Patch from arte42.ripe in issue #7.
 2010-05-17 13:06:06 +00:00
Simon Josefsson
2f099df58c Don't reject on nonce error for v1.x requests. 2010-04-23 21:44:25 +00:00
Simon Josefsson
522c301dae Permit somewhat longer nonces (think SHA1 hex). 2010-04-23 20:33:45 +00:00
Simon Josefsson
4ac054f9cd Improve error checking of nonce. 2010-04-23 20:32:39 +00:00
Olov Danielson
93652d54f6 Corrected spelling error for replayed_request 2010-01-20 14:06:57 +00:00
Olov Danielson
1809e7fb90 Added otp, nonce in all responses for protocol >= 2.0. 2010-01-20 10:37:21 +00:00
Olov Danielson
6ab59bb850 . 2010-01-19 12:53:29 +00:00
Olov Danielson
9bc6b90e45 In protocol versions less than 2.0, nonce needs to added by server. This must be done after signature is computed. 2010-01-19 12:45:31 +00:00
Simon Josefsson
9cf8bce177 Fix last commit. 2010-01-14 14:19:20 +00:00
Simon Josefsson
005b6af0fc Review fixes. 2010-01-14 14:15:17 +00:00
Olov Danielson
12bd456dca . 2010-01-14 11:58:19 +00:00
Olov Danielson
c2245924cf Added possibility to use custom fields in logging module. Also added client IP and otp in verify and sync logs. 2010-01-14 11:25:17 +00:00
Olov Danielson
433c82cce7 Added a few checks for input parameters and corrected warnings according to new docuemnt 2010-01-14 09:39:48 +00:00
Olov Danielson
ab952c523c . 2010-01-13 15:32:57 +00:00
Olov Danielson
0d105e5ecc . 2010-01-12 15:24:38 +00:00
Olov Danielson
6cc547f791 Remove ID column from yubikeys and queue table. Renamed and changed random_key to server_nonce 2010-01-12 13:00:28 +00:00
Olov Danielson
a839954882 Unified logging to use Log class defined in ykval-log.php which in turn uses syslog. 
NOTE: ykval common debug function is still available but uses Log class aswell to actually
log message.
 2010-01-11 12:06:00 +00:00
Olov Danielson
851aa21c66 Changed to using PDO database connection 2010-01-08 16:35:25 +00:00
Olov Danielson
b9701c16ea Changed DB-names to be more consistent (WARNING current revision might be broken but needs to be submitted for multiserver test purposes) 2010-01-08 13:54:33 +00:00
Olov Danielson
6788e5effa 1. Nonce introduced in protocol. This required changes in the chain from client->verify->sync. 
2. ykval-verify is modified a bit. It now acts more as a flow controller and relies on ykval-synclib 
to do details on DB-calls and counterlogic. The "system" decision making is still located in ykval-verify.
 2009-12-15 10:17:51 +00:00
Olov Danielson
7be831db12 Corrected calculation of hmac with extra parameters (protocol v. 2). Corrected calculation of sl return value (use float inside) 2009-12-08 16:07:08 +00:00
Olov Danielson
03366efa60 sl parameter returned on "NOT_ENOUGH_ANSWERS" 2009-12-08 10:26:27 +00:00
Olov Danielson
f7cf1e1a5d Taking care of sl and timeout parameters in new protocol 2009-12-07 19:13:20 +00:00
Olov Danielson
55aeffc066 Storing local param info at the time when verify request arrived. 
Used to give correct warnings of wether local/remote is out of sync or not
 2009-12-04 11:57:49 +00:00
Olov Danielson
f04dcbc0e7 Committed first trial version for replication protocol. 2009-12-02 17:32:20 +00:00
Olov Danielson
65d150ccde Added option to get timestamp and session counters in the response. 
Use with

verify?id=x&otp=xxx..&timestamp=1

returns timestamp, sessoncounter and session use in response
 2009-10-05 14:53:28 +00:00
Simon Josefsson
9b5602656a Lay foundation for get-api-key service. 2009-08-28 10:55:56 +00:00
Simon Josefsson
479d5b1e7f Cleanups. 2009-05-06 15:07:05 +00:00
Simon Josefsson
2a0a4e389e If adding key doesn't work, it is an internal error. 2009-05-06 14:44:03 +00:00
Simon Josefsson
4050b68af8 Don't use die. 2009-05-06 14:23:04 +00:00
Simon Josefsson
c72f75f539 Drop chk_time. 2009-05-06 13:20:40 +00:00
Simon Josefsson
716182d744 Rename and cleanup. 2009-05-04 14:41:18 +00:00