From: Tollef Fog Heen Date: Wed, 7 Oct 2009 11:52:18 +0000 (+0200) Subject: Decude query string a bit, grab shared secret from db X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e33c4647064c146541def6bb573d7a9795a2cab7;p=yubikey-server-c Decude query string a bit, grab shared secret from db --- diff --git a/schema.sql b/schema.sql index 43f6f7e..eacc6f8 100644 --- a/schema.sql +++ b/schema.sql @@ -1,14 +1,22 @@ -- -- --- This should work with at least PostgreSQL and SQLite. Maybe more -- +-- This should work with at least PostgreSQL. Maybe more -- -- -- CREATE TABLE yubikey ( - yubikey_id int NOT NULL, + yubikey_id serial NOT NULL, active boolean NOT NULL DEFAULT 'f', secret_id varchar NOT NULL, session_counter int, session_use int ); -INSERT INTO yubikey (yubikey_id, active, secret_id, session_counter, session_use) VALUES (0, 't', 'secret', 0,0); \ No newline at end of file +INSERT INTO yubikey (yubikey_id, active, secret_id, session_counter, session_use) VALUES (0, 't', 'secret', 0,0); + +CREATE TABLE shared_secret ( + secret_id serial NOT NULL, + secret_base64 varchar NOT NULL, + active boolean NOT NULL DEFAULT 'f' +); + +INSERT INTO shared_secrets (secret_base64, active) VALUES ('MQ6fOy1t/add/wisbu2O+LpPiMs=', 't'); diff --git a/src/main.c b/src/main.c index 3ed235f..6ff5afb 100644 --- a/src/main.c +++ b/src/main.c @@ -18,6 +18,7 @@ #define PORT 8000 +#include #include #include #include @@ -29,6 +30,22 @@ PGconn *db_conn; +enum return_codes { + OK = 0, + BAD_OTP, + REPLAYED_OTP, + BAD_SIGNATURE, + MISSING_PARAMETER, + NO_SUCH_CLIENT, + OPERATION_NOT_ALLOWED, + BACKEND_ERROR +}; + +struct error { + enum return_codes status; + const char *info; +}; + static int handle_request(void *data, struct MHD_Connection *conn, const char *url, @@ -44,10 +61,22 @@ static int handle_request(void *data, PGresult *res; const char *paramValues[1]; int i; + const char *id = NULL, *otp = NULL, *h = NULL, *shared_secret; + struct error *e; + + /* Parse query string, grab id, otp and h (optional) */ - paramValues[0] = "0"; + id = MHD_lookup_connection_value(conn, MHD_GET_ARGUMENT_KIND, "id"); + otp = MHD_lookup_connection_value(conn, MHD_GET_ARGUMENT_KIND, "otp"); + h = MHD_lookup_connection_value(conn, MHD_GET_ARGUMENT_KIND, "h"); + fprintf(stderr, "got params: url=%s id=%s otp=%s, h=%s\n", url, id, + otp, h); + /* XXX Handle missing params here */ + + /* Do query to grab shared secret, we need this later anyway */ + paramValues[0] = id; res = PQexecParams(db_conn, - "SELECT secret_id FROM yubikey WHERE yubikey_id = $1", + "SELECT secret_base64 FROM shared_secret WHERE secret_id = $1", 1, /* one param */ NULL, /* let the backend deduce param type */ paramValues, @@ -60,11 +89,15 @@ static int handle_request(void *data, fprintf(stderr, "SELECT failed: %s", PQerrorMessage(db_conn)); PQclear(res); return MHD_NO; + /* XXX Better error handling*/ } - + /* If h exists, verify FIXME */ + /* Validate OTP */ + /* Update status, if appropriate */ + /* Generate response, sign it */ for (i = 0; i < PQntuples(res); i++) { const char *fullname; - + fullname = PQgetvalue(res, i, 0); response = MHD_create_response_from_data(strlen(fullname), (void*)fullname, MHD_YES, MHD_YES);