Decude query string a bit, grab shared secret from db

diff --git a/schema.sql b/schema.sql
index 43f6f7ecb7b305d81970091caa66fca0237648d5..eacc6f8400c73698695943ee8ebd75bbc96c91c2 100644 (file)
--- a/schema.sql
+++ b/schema.sql
@@ -1,14 +1,22 @@
 
 -- --
--- This should work with at least PostgreSQL and SQLite.  Maybe more --
+-- This should work with at least PostgreSQL.  Maybe more --
 -- --
 
 CREATE TABLE yubikey (
-       yubikey_id int NOT NULL,
+       yubikey_id serial NOT NULL,
        active boolean NOT NULL DEFAULT 'f',
        secret_id varchar NOT NULL,
        session_counter int,
        session_use int
 );
 
-INSERT INTO yubikey (yubikey_id, active, secret_id, session_counter, session_use) VALUES (0, 't', 'secret', 0,0);
\ No newline at end of file
+INSERT INTO yubikey (yubikey_id, active, secret_id, session_counter, session_use) VALUES (0, 't', 'secret', 0,0);
+
+CREATE TABLE shared_secret (
+       secret_id serial NOT NULL,
+       secret_base64 varchar NOT NULL,
+       active boolean NOT NULL DEFAULT 'f'
+);
+
+INSERT INTO shared_secrets (secret_base64, active) VALUES ('MQ6fOy1t/add/wisbu2O+LpPiMs=', 't');

diff --git a/src/main.c b/src/main.c
index 3ed235f3ad3785b000b4b0d9e0ba135fc7d404bc..6ff5afb6515a12d9aa8d36deb5c61239e6f00e6f 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -18,6 +18,7 @@
 
 #define PORT 8000
 
+#include <assert.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <stdint.h>
@@ -29,6 +30,22 @@
 
 PGconn     *db_conn;
 
+enum return_codes {
+       OK = 0,
+       BAD_OTP,
+       REPLAYED_OTP,
+       BAD_SIGNATURE,
+       MISSING_PARAMETER,
+       NO_SUCH_CLIENT,
+       OPERATION_NOT_ALLOWED,
+       BACKEND_ERROR
+};
+
+struct error {
+       enum return_codes status;
+       const char *info;
+};
+
 static int handle_request(void *data,
                          struct MHD_Connection *conn,
                          const char *url,
@@ -44,10 +61,22 @@ static int handle_request(void *data,
        PGresult   *res;
        const char *paramValues[1];
        int i;
+       const char *id = NULL, *otp = NULL, *h = NULL, *shared_secret;
+       struct error *e;
+
+       /* Parse query string, grab id, otp and h (optional) */
 
-       paramValues[0] = "0";
+       id = MHD_lookup_connection_value(conn, MHD_GET_ARGUMENT_KIND, "id");
+       otp = MHD_lookup_connection_value(conn, MHD_GET_ARGUMENT_KIND, "otp");
+       h = MHD_lookup_connection_value(conn, MHD_GET_ARGUMENT_KIND, "h");
+       fprintf(stderr, "got params: url=%s id=%s otp=%s, h=%s\n", url, id, 
+               otp, h);
+       /* XXX Handle missing params here */
+
+       /* Do query to grab shared secret, we need this later anyway */
+       paramValues[0] = id;
        res = PQexecParams(db_conn,
-                          "SELECT secret_id FROM yubikey WHERE yubikey_id = $1",
+                          "SELECT secret_base64 FROM shared_secret WHERE secret_id = $1",
                           1,       /* one param */
                           NULL,    /* let the backend deduce param type */
                           paramValues,
@@ -60,11 +89,15 @@ static int handle_request(void *data,
                fprintf(stderr, "SELECT failed: %s", PQerrorMessage(db_conn));
                PQclear(res);
                return MHD_NO;
+               /* XXX Better error handling*/
        }
-
+       /* If h exists, verify FIXME */
+       /* Validate OTP */
+       /* Update status, if appropriate */
+       /* Generate response, sign it */
        for (i = 0; i < PQntuples(res); i++) {
                const char *fullname;
-               
+
                fullname = PQgetvalue(res, i, 0);
                response = MHD_create_response_from_data(strlen(fullname), (void*)fullname,
                                                         MHD_YES, MHD_YES);