Browse files

Initial import.

  • Loading branch information...
1 parent 374f6d2 commit 073f344cfa548354a8700836c96f6c64dbd849f6 @jas4711 jas4711 committed Jun 16, 2008
Showing with 1,017 additions and 0 deletions.
  1. +4 −0 AUTHORS
  2. +26 −0 COPYING
  3. +68 −0 Makefile.am
  4. +5 −0 NEWS
  5. +72 −0 README
  6. +48 −0 configure.ac
  7. +240 −0 libcurl.m4
  8. +293 −0 libykclient.c
  9. +76 −0 libykclient.h
  10. +59 −0 selftest.c
  11. +45 −0 simple.mk
  12. +81 −0 ykclient.c
View
4 AUTHORS
@@ -0,0 +1,4 @@
+Simon Josefsson <simon@yubico.com>
+
+For technical feedback, please consider using our forum:
+http://forum.yubico.com/
View
26 COPYING
@@ -0,0 +1,26 @@
+Copyright (c) 2006, 2007, 2008 Yubico AB
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ * Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
View
68 Makefile.am
@@ -0,0 +1,68 @@
+# Written by Simon Josefsson <simon@josefsson.org>.
+# Copyright (c) 2008 Yubico AB
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+AM_CPPFLAGS = @LIBCURL_CPPFLAGS@
+
+# The library.
+
+lib_LTLIBRARIES = libyubikey-client.la
+libyubikey_client_la_SOURCES = libykclient.h libykclient.c
+libyubikey_client_la_LIBADD = @LIBCURL@
+libyubikey_client_la_LDFLAGS = -no-undefined \
+ -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
+
+# The command line tools.
+
+bin_PROGRAMS = ykclient
+
+ykclient_SOURCES = ykclient.c
+ykclient_LDADD = ./libyubikey-client.la
+
+# Self tests.
+
+AM_LDFLAGS = -no-install
+LDADD = libyubikey-client.la
+
+check_PROGRAMS = selftest
+TESTS = $(check_PROGRAMS)
+
+# Release
+
+EXTRA_DIST = simple.mk
+
+ChangeLog:
+ svn2cl
+
+release:
+ rm -f ChangeLog
+ make ChangeLog distcheck
+ svn copy https://yubico-c-client.googlecode.com/svn/trunk/ \
+ https://yubico-c-client.googlecode.com/svn/tags/$(PACKAGE)-$(VERSION) \
+ -m "Tagging the $(VERSION) release of the $(PACKAGE) project."
+ googlecode_upload.py -s "Yubico C client library v$(VERSION)." \
+ -p yubico-c-client -u simon75j $(PACKAGE)-$(VERSION).tar.gz
View
5 NEWS
@@ -0,0 +1,5 @@
+Libyubikey-client NEWS -- History of user-visible changes. -*- outline -*-
+
+* Version 1.0 (unreleased)
+
+** Initial release, code from yubico-pam.
View
72 README
@@ -0,0 +1,72 @@
+#summary Introduction to Yubikey client C library
+#labels Featured,Phase-Deploy
+
+= Introduction =
+
+This is a library written in C to validate a Yubikey OTP against the
+Yubico online server. Description of included files:
+
+* AUTHORS, COPYING, NEWS, README: meta-information about the project.
+
+* libykclient.h, libykclient.c: Implementation of the library.
+
+* ykclient.c: Command line tool to validate an OTP.
+
+* selftest.c: Self tests of the library.
+
+* simple.mk: Simple makefile to build the above parts.
+
+* configure.ac, Makefile.am: Autoconf/Automake files.
+
+= Building =
+
+The simple way to build the package is by running 'make -f simple.mk
+check'. It will build each component, and also test them. See below
+for sample session.
+
+{{{
+$ make -f simple.mk check
+cc -I. -Wall -g -DPACKAGE=\"yubikey-client\" -DPACKAGE_VERSION=\"0\" -c -o libykclient.o libykclient.c
+libykclient.c: In function ‘yubikey_client_request’:
+libykclient.c:210: warning: implicit declaration of function ‘asprintf’
+cc -I. -Wall -g -DPACKAGE=\"yubikey-client\" -DPACKAGE_VERSION=\"0\" -lcurl ykclient.c libykclient.o -o ykclient
+cc -I. -Wall -g -DPACKAGE=\"yubikey-client\" -DPACKAGE_VERSION=\"0\" -lcurl selftest.c libykclient.o -o selftest
+./selftest
+return code (2): REPLAYED_OTP
+strerror(0): Success
+strerror(BAD_OTP): BAD_OTP
+
+All tests successful
+$
+}}}
+
+To build using the Autoconf, automake and libtool infrastructure,
+which is recommend for more advanced purposes especially
+cross-compilation, build it as follows.
+
+{{{
+$ autoreconf -fvi
+$ ./configure
+$ make check
+}}}
+
+= Command-line tools =
+
+There is one command line tool, ykclient, to validate a particular
+OTP. It needs a client id, which you can allocate for yourself on
+Yubico's web site.
+
+Example session below.
+
+{{{
+jas@mocca:~/src/yubico-c-client$ ./ykclient 16 dteffujehknhfjbrjnlnldnhcujvddbikngjrtgh
+Input:
+ client id: 16
+ token: dteffujehknhfjbrjnlnldnhcujvddbikngjrtgh
+Verification output (2): REPLAYED_OTP
+jas@mocca:~/src/yubico-c-client$
+}}}
+
+= Questions? =
+
+Talk to <simon@yubico.com>.
View
48 configure.ac
@@ -0,0 +1,48 @@
+# Written by Simon Josefsson <simon@josefsson.org>.
+# Copyright (c) 2008 Yubico AB
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+AC_INIT([libyubikey-client], [1.0], [simon@yubico.com])
+
+# Library code modified: REVISION++
+# Interfaces changed/added/removed: CURRENT++ REVISION=0
+# Interfaces added: AGE++
+# Interfaces removed: AGE=0
+AC_SUBST(LT_CURRENT, 0)
+AC_SUBST(LT_REVISION, 0)
+AC_SUBST(LT_AGE, 0)
+
+AM_INIT_AUTOMAKE([-Wall -Werror])
+AC_PROG_CC
+AC_LIBTOOL_WIN32_DLL
+AC_PROG_LIBTOOL
+
+LIBCURL_CHECK_CONFIG([yes], [], [], [
+ AC_MSG_ERROR([[Libcurl header files not found, install libcurl-dev.]])])
+
+AC_CONFIG_FILES(Makefile)
+AC_OUTPUT
View
240 libcurl.m4
@@ -0,0 +1,240 @@
+# LIBCURL_CHECK_CONFIG ([DEFAULT-ACTION], [MINIMUM-VERSION],
+# [ACTION-IF-YES], [ACTION-IF-NO])
+# ----------------------------------------------------------
+# David Shaw <dshaw@jabberwocky.com> May-09-2006
+#
+# Checks for libcurl. DEFAULT-ACTION is the string yes or no to
+# specify whether to default to --with-libcurl or --without-libcurl.
+# If not supplied, DEFAULT-ACTION is yes. MINIMUM-VERSION is the
+# minimum version of libcurl to accept. Pass the version as a regular
+# version number like 7.10.1. If not supplied, any version is
+# accepted. ACTION-IF-YES is a list of shell commands to run if
+# libcurl was successfully found and passed the various tests.
+# ACTION-IF-NO is a list of shell commands that are run otherwise.
+# Note that using --without-libcurl does run ACTION-IF-NO.
+#
+# This macro #defines HAVE_LIBCURL if a working libcurl setup is
+# found, and sets @LIBCURL@ and @LIBCURL_CPPFLAGS@ to the necessary
+# values. Other useful defines are LIBCURL_FEATURE_xxx where xxx are
+# the various features supported by libcurl, and LIBCURL_PROTOCOL_yyy
+# where yyy are the various protocols supported by libcurl. Both xxx
+# and yyy are capitalized. See the list of AH_TEMPLATEs at the top of
+# the macro for the complete list of possible defines. Shell
+# variables $libcurl_feature_xxx and $libcurl_protocol_yyy are also
+# defined to 'yes' for those features and protocols that were found.
+# Note that xxx and yyy keep the same capitalization as in the
+# curl-config list (e.g. it's "HTTP" and not "http").
+#
+# Users may override the detected values by doing something like:
+# LIBCURL="-lcurl" LIBCURL_CPPFLAGS="-I/usr/myinclude" ./configure
+#
+# For the sake of sanity, this macro assumes that any libcurl that is
+# found is after version 7.7.2, the first version that included the
+# curl-config script. Note that it is very important for people
+# packaging binary versions of libcurl to include this script!
+# Without curl-config, we can only guess what protocols are available,
+# or use curl_version_info to figure it out at runtime.
+
+AC_DEFUN([LIBCURL_CHECK_CONFIG],
+[
+ AH_TEMPLATE([LIBCURL_FEATURE_SSL],[Defined if libcurl supports SSL])
+ AH_TEMPLATE([LIBCURL_FEATURE_KRB4],[Defined if libcurl supports KRB4])
+ AH_TEMPLATE([LIBCURL_FEATURE_IPV6],[Defined if libcurl supports IPv6])
+ AH_TEMPLATE([LIBCURL_FEATURE_LIBZ],[Defined if libcurl supports libz])
+ AH_TEMPLATE([LIBCURL_FEATURE_ASYNCHDNS],[Defined if libcurl supports AsynchDNS])
+ AH_TEMPLATE([LIBCURL_FEATURE_IDN],[Defined if libcurl supports IDN])
+ AH_TEMPLATE([LIBCURL_FEATURE_SSPI],[Defined if libcurl supports SSPI])
+ AH_TEMPLATE([LIBCURL_FEATURE_NTLM],[Defined if libcurl supports NTLM])
+
+ AH_TEMPLATE([LIBCURL_PROTOCOL_HTTP],[Defined if libcurl supports HTTP])
+ AH_TEMPLATE([LIBCURL_PROTOCOL_HTTPS],[Defined if libcurl supports HTTPS])
+ AH_TEMPLATE([LIBCURL_PROTOCOL_FTP],[Defined if libcurl supports FTP])
+ AH_TEMPLATE([LIBCURL_PROTOCOL_FTPS],[Defined if libcurl supports FTPS])
+ AH_TEMPLATE([LIBCURL_PROTOCOL_FILE],[Defined if libcurl supports FILE])
+ AH_TEMPLATE([LIBCURL_PROTOCOL_TELNET],[Defined if libcurl supports TELNET])
+ AH_TEMPLATE([LIBCURL_PROTOCOL_LDAP],[Defined if libcurl supports LDAP])
+ AH_TEMPLATE([LIBCURL_PROTOCOL_DICT],[Defined if libcurl supports DICT])
+ AH_TEMPLATE([LIBCURL_PROTOCOL_TFTP],[Defined if libcurl supports TFTP])
+
+ AC_ARG_WITH(libcurl,
+ AC_HELP_STRING([--with-libcurl=DIR],[look for the curl library in DIR]),
+ [_libcurl_with=$withval],[_libcurl_with=ifelse([$1],,[yes],[$1])])
+
+ if test "$_libcurl_with" != "no" ; then
+
+ AC_PROG_AWK
+
+ _libcurl_version_parse="eval $AWK '{split(\$NF,A,\".\"); X=256*256*A[[1]]+256*A[[2]]+A[[3]]; print X;}'"
+
+ _libcurl_try_link=yes
+
+ if test -d "$_libcurl_with" ; then
+ LIBCURL_CPPFLAGS="-I$withval/include"
+ _libcurl_ldflags="-L$withval/lib"
+ AC_PATH_PROG([_libcurl_config],[curl-config],["$withval/bin"],
+ ["$withval/bin"])
+ else
+ AC_PATH_PROG([_libcurl_config],[curl-config])
+ fi
+
+ if test x$_libcurl_config != "x" ; then
+ AC_CACHE_CHECK([for the version of libcurl],
+ [libcurl_cv_lib_curl_version],
+ [libcurl_cv_lib_curl_version=`$_libcurl_config --version | $AWK '{print $[]2}'`])
+
+ _libcurl_version=`echo $libcurl_cv_lib_curl_version | $_libcurl_version_parse`
+ _libcurl_wanted=`echo ifelse([$2],,[0],[$2]) | $_libcurl_version_parse`
+
+ if test $_libcurl_wanted -gt 0 ; then
+ AC_CACHE_CHECK([for libcurl >= version $2],
+ [libcurl_cv_lib_version_ok],
+ [
+ if test $_libcurl_version -ge $_libcurl_wanted ; then
+ libcurl_cv_lib_version_ok=yes
+ else
+ libcurl_cv_lib_version_ok=no
+ fi
+ ])
+ fi
+
+ if test $_libcurl_wanted -eq 0 || test x$libcurl_cv_lib_version_ok = xyes ; then
+ if test x"$LIBCURL_CPPFLAGS" = "x" ; then
+ LIBCURL_CPPFLAGS=`$_libcurl_config --cflags`
+ fi
+ if test x"$LIBCURL" = "x" ; then
+ LIBCURL=`$_libcurl_config --libs`
+
+ # This is so silly, but Apple actually has a bug in their
+ # curl-config script. Fixed in Tiger, but there are still
+ # lots of Panther installs around.
+ case "${host}" in
+ powerpc-apple-darwin7*)
+ LIBCURL=`echo $LIBCURL | sed -e 's|-arch i386||g'`
+ ;;
+ esac
+ fi
+
+ # All curl-config scripts support --feature
+ _libcurl_features=`$_libcurl_config --feature`
+
+ # Is it modern enough to have --protocols? (7.12.4)
+ if test $_libcurl_version -ge 461828 ; then
+ _libcurl_protocols=`$_libcurl_config --protocols`
+ fi
+ else
+ _libcurl_try_link=no
+ fi
+
+ unset _libcurl_wanted
+ fi
+
+ if test $_libcurl_try_link = yes ; then
+
+ # we didn't find curl-config, so let's see if the user-supplied
+ # link line (or failing that, "-lcurl") is enough.
+ LIBCURL=${LIBCURL-"$_libcurl_ldflags -lcurl"}
+
+ AC_CACHE_CHECK([whether libcurl is usable],
+ [libcurl_cv_lib_curl_usable],
+ [
+ _libcurl_save_cppflags=$CPPFLAGS
+ CPPFLAGS="$LIBCURL_CPPFLAGS $CPPFLAGS"
+ _libcurl_save_libs=$LIBS
+ LIBS="$LIBCURL $LIBS"
+
+ AC_LINK_IFELSE(AC_LANG_PROGRAM([#include <curl/curl.h>],[
+/* Try and use a few common options to force a failure if we are
+ missing symbols or can't link. */
+int x;
+curl_easy_setopt(NULL,CURLOPT_URL,NULL);
+x=CURL_ERROR_SIZE;
+x=CURLOPT_WRITEFUNCTION;
+x=CURLOPT_FILE;
+x=CURLOPT_ERRORBUFFER;
+x=CURLOPT_STDERR;
+x=CURLOPT_VERBOSE;
+]),libcurl_cv_lib_curl_usable=yes,libcurl_cv_lib_curl_usable=no)
+
+ CPPFLAGS=$_libcurl_save_cppflags
+ LIBS=$_libcurl_save_libs
+ unset _libcurl_save_cppflags
+ unset _libcurl_save_libs
+ ])
+
+ if test $libcurl_cv_lib_curl_usable = yes ; then
+
+ # Does curl_free() exist in this version of libcurl?
+ # If not, fake it with free()
+
+ _libcurl_save_cppflags=$CPPFLAGS
+ CPPFLAGS="$CPPFLAGS $LIBCURL_CPPFLAGS"
+ _libcurl_save_libs=$LIBS
+ LIBS="$LIBS $LIBCURL"
+
+ AC_CHECK_FUNC(curl_free,,
+ AC_DEFINE(curl_free,free,
+ [Define curl_free() as free() if our version of curl lacks curl_free.]))
+
+ CPPFLAGS=$_libcurl_save_cppflags
+ LIBS=$_libcurl_save_libs
+ unset _libcurl_save_cppflags
+ unset _libcurl_save_libs
+
+ AC_DEFINE(HAVE_LIBCURL,1,
+ [Define to 1 if you have a functional curl library.])
+ AC_SUBST(LIBCURL_CPPFLAGS)
+ AC_SUBST(LIBCURL)
+
+ for _libcurl_feature in $_libcurl_features ; do
+ AC_DEFINE_UNQUOTED(AS_TR_CPP(libcurl_feature_$_libcurl_feature),[1])
+ eval AS_TR_SH(libcurl_feature_$_libcurl_feature)=yes
+ done
+
+ if test "x$_libcurl_protocols" = "x" ; then
+
+ # We don't have --protocols, so just assume that all
+ # protocols are available
+ _libcurl_protocols="HTTP FTP FILE TELNET LDAP DICT"
+
+ if test x$libcurl_feature_SSL = xyes ; then
+ _libcurl_protocols="$_libcurl_protocols HTTPS"
+
+ # FTPS wasn't standards-compliant until version
+ # 7.11.0
+ if test $_libcurl_version -ge 461568; then
+ _libcurl_protocols="$_libcurl_protocols FTPS"
+ fi
+ fi
+ fi
+
+ for _libcurl_protocol in $_libcurl_protocols ; do
+ AC_DEFINE_UNQUOTED(AS_TR_CPP(libcurl_protocol_$_libcurl_protocol),[1])
+ eval AS_TR_SH(libcurl_protocol_$_libcurl_protocol)=yes
+ done
+ else
+ unset LIBCURL
+ unset LIBCURL_CPPFLAGS
+ fi
+ fi
+
+ unset _libcurl_try_link
+ unset _libcurl_version_parse
+ unset _libcurl_config
+ unset _libcurl_feature
+ unset _libcurl_features
+ unset _libcurl_protocol
+ unset _libcurl_protocols
+ unset _libcurl_version
+ unset _libcurl_ldflags
+ fi
+
+ if test x$_libcurl_with = xno || test x$libcurl_cv_lib_curl_usable != xyes ; then
+ # This is the IF-NO path
+ ifelse([$4],,:,[$4])
+ else
+ # This is the IF-YES path
+ ifelse([$3],,:,[$3])
+ fi
+
+ unset _libcurl_with
+])dnl
View
293 libykclient.c
@@ -0,0 +1,293 @@
+/* libykclient.c --- Implementation of Yubikey client library.
+ *
+ * Written by Simon Josefsson <simon@josefsson.org>.
+ * Copyright (c) 2006, 2007, 2008 Yubico AB
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "libykclient.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <ctype.h>
+
+#include <curl/curl.h>
+
+#ifdef DEBUG
+# define D(x) do { \
+ printf ("debug: %s:%d (%s): ", __FILE__, __LINE__, __FUNCTION__); \
+ printf x; \
+ } while (0)
+#else
+# define D(x) /* nothing */
+#endif
+
+struct yubikey_client_st
+{
+ CURL *curl;
+ unsigned int client_id;
+ size_t keylen;
+ const char *key;
+};
+
+yubikey_client_t
+yubikey_client_init (void)
+{
+ yubikey_client_t p;
+
+ p = malloc (sizeof (*p));
+
+ if (!p)
+ return NULL;
+
+ p->curl = curl_easy_init ();
+ if (!p->curl)
+ {
+ free (p);
+ return NULL;
+ }
+
+ return p;
+}
+
+void
+yubikey_client_set_info (yubikey_client_t client,
+ unsigned int client_id,
+ size_t keylen,
+ const char *key)
+{
+ client->client_id = client_id;
+ client->keylen = keylen;
+ client->key = key;
+}
+
+void
+yubikey_client_done (yubikey_client_t *client)
+{
+ curl_easy_cleanup ((*client)->curl);
+ free (*client);
+ *client = NULL;
+}
+
+int
+yubikey_client_simple_request (const char *yubikey,
+ unsigned int client_id,
+ size_t keylen,
+ const char *key)
+{
+ yubikey_client_t p;
+ int ret;
+
+ p = yubikey_client_init ();
+
+ yubikey_client_set_info (p, client_id, keylen, key);
+
+ ret = yubikey_client_request (p, yubikey);
+
+ yubikey_client_done (&p);
+
+ return ret;
+}
+
+const char *
+yubikey_client_strerror (int ret)
+{
+ const char *p;
+
+ switch (ret)
+ {
+ case YUBIKEY_CLIENT_OK:
+ p = "Success";
+ break;
+
+ case YUBIKEY_CLIENT_BAD_OTP:
+ p = "BAD_OTP";
+ break;
+
+ case YUBIKEY_CLIENT_REPLAYED_OTP:
+ p = "REPLAYED_OTP";
+ break;
+
+ case YUBIKEY_CLIENT_BAD_SIGNATURE:
+ p = "BAD_SIGNATURE";
+ break;
+
+ case YUBIKEY_CLIENT_MISSING_PARAMETER:
+ p = "MISSING_PARAMETER";
+ break;
+
+ case YUBIKEY_CLIENT_NO_SUCH_CLIENT:
+ p = "NO_SUCH_CLIENT";
+ break;
+
+ case YUBIKEY_CLIENT_OPERATION_NOT_ALLOWED:
+ p = "OPERATION_NOT_ALLOWED";
+ break;
+
+ case YUBIKEY_CLIENT_BACKEND_ERROR:
+ p = "BACKEND_ERROR";
+ break;
+
+ case YUBIKEY_CLIENT_OUT_OF_MEMORY:
+ p = "Out of memory";
+ break;
+
+ case YUBIKEY_CLIENT_PARSE_ERROR:
+ p = "Internal parse error";
+ break;
+
+ default:
+ p = "Unknown error";
+ break;
+ }
+
+ return p;
+}
+
+struct MemoryStruct {
+ char *memory;
+ size_t size;
+};
+
+static size_t
+curl_callback (void *ptr, size_t size, size_t nmemb, void *data)
+{
+ size_t realsize = size * nmemb;
+ struct MemoryStruct *mem = (struct MemoryStruct *)data;
+
+ if (mem->memory)
+ mem->memory = realloc (mem->memory, mem->size + realsize + 1);
+ else
+ mem->memory = malloc (mem->size + realsize + 1);
+
+ if (mem->memory)
+ {
+ memcpy(&(mem->memory[mem->size]), ptr, realsize);
+ mem->size += realsize;
+ mem->memory[mem->size] = 0;
+ }
+
+ return realsize;
+}
+
+int
+yubikey_client_request (yubikey_client_t client,
+ const char *yubikey)
+{
+ struct MemoryStruct chunk = { NULL, 0 };
+ const char *url_template = "http://api.yubico.com/wsapi/verify?id=%d&otp=%s";
+ char *url;
+ char *user_agent = NULL;
+ char *status;
+ int out;
+
+ asprintf (&url, url_template, client->client_id, yubikey);
+ if (!url)
+ return YUBIKEY_CLIENT_OUT_OF_MEMORY;
+
+ curl_easy_setopt (client->curl, CURLOPT_URL, url);
+ curl_easy_setopt (client->curl, CURLOPT_WRITEFUNCTION, curl_callback);
+ curl_easy_setopt (client->curl, CURLOPT_WRITEDATA, (void *)&chunk);
+
+ asprintf (&user_agent, "%s/%s", PACKAGE, PACKAGE_VERSION);
+ if (user_agent)
+ curl_easy_setopt(client->curl, CURLOPT_USERAGENT, user_agent);
+
+ curl_easy_perform (client->curl);
+
+ if (chunk.size == 0 || chunk.memory == NULL)
+ {
+ out = YUBIKEY_CLIENT_PARSE_ERROR;
+ goto done;
+ }
+
+ D (("server response (%d): %.*s", chunk.size, chunk.size, chunk.memory));
+
+ status = strstr (chunk.memory, "status=");
+ if (!status)
+ {
+ out = YUBIKEY_CLIENT_PARSE_ERROR;
+ goto done;
+ }
+
+ while (status[strlen (status) - 1] == '\r'
+ || status[strlen (status) - 1] == '\n')
+ status[strlen (status) - 1] = '\0';
+
+ D (("parsed status (%d): %s\n", strlen (status), status));
+
+ if (strcmp (status, "status=OK") == 0)
+ {
+ out = YUBIKEY_CLIENT_OK;
+ goto done;
+ }
+ else if (strcmp (status, "status=BAD_OTP") == 0)
+ {
+ out = YUBIKEY_CLIENT_BAD_OTP;
+ goto done;
+ }
+ else if (strcmp (status, "status=REPLAYED_OTP") == 0)
+ {
+ out = YUBIKEY_CLIENT_REPLAYED_OTP;
+ goto done;
+ }
+ else if (strcmp (status, "status=BAD_SIGNATURE") == 0)
+ {
+ out = YUBIKEY_CLIENT_BAD_SIGNATURE;
+ goto done;
+ }
+ else if (strcmp (status, "status=MISSING_PARAMETER") == 0)
+ {
+ out = YUBIKEY_CLIENT_MISSING_PARAMETER;
+ goto done;
+ }
+ else if (strcmp (status, "status=NO_SUCH_CLIENT") == 0)
+ {
+ out = YUBIKEY_CLIENT_NO_SUCH_CLIENT;
+ goto done;
+ }
+ else if (strcmp (status, "status=OPERATION_NOT_ALLOWED") == 0)
+ {
+ out = YUBIKEY_CLIENT_OPERATION_NOT_ALLOWED;
+ goto done;
+ }
+ else if (strcmp (status, "status=BACKEND_ERROR") == 0)
+ {
+ out = YUBIKEY_CLIENT_BACKEND_ERROR;
+ goto done;
+ }
+
+ out = YUBIKEY_CLIENT_PARSE_ERROR;
+
+ done:
+ if (user_agent)
+ free (user_agent);
+
+ return out;
+}
View
76 libykclient.h
@@ -0,0 +1,76 @@
+/* libykclient.h --- Definitions and prototypes for Yubico client library.
+ *
+ * Written by Simon Josefsson <simon@josefsson.org>.
+ * Copyright (c) 2006, 2007, 2008 Yubico AB
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef YUBIKEY_CLIENT_H
+# define YUBIKEY_CLIENT_H
+
+# include <stdint.h>
+# include <string.h>
+
+typedef enum {
+ /* Official yubikey client API errors. */
+ YUBIKEY_CLIENT_OK = 0,
+ YUBIKEY_CLIENT_BAD_OTP,
+ YUBIKEY_CLIENT_REPLAYED_OTP,
+ YUBIKEY_CLIENT_BAD_SIGNATURE,
+ YUBIKEY_CLIENT_MISSING_PARAMETER,
+ YUBIKEY_CLIENT_NO_SUCH_CLIENT,
+ YUBIKEY_CLIENT_OPERATION_NOT_ALLOWED,
+ YUBIKEY_CLIENT_BACKEND_ERROR,
+ /* Other implementation specific errors. */
+ YUBIKEY_CLIENT_OUT_OF_MEMORY = 100,
+ YUBIKEY_CLIENT_PARSE_ERROR
+} yubikey_client_rc;
+
+typedef struct yubikey_client_st *yubikey_client_t;
+
+yubikey_client_t yubikey_client_init (void);
+void yubikey_client_done (yubikey_client_t *client);
+
+void
+yubikey_client_set_info (yubikey_client_t client,
+ unsigned int client_id,
+ size_t keylen,
+ const char *key);
+
+const char *yubikey_client_strerror (int ret);
+
+int yubikey_client_request (yubikey_client_t client, const char *yubikey);
+
+/* One call interface. */
+int
+yubikey_client_simple_request (const char *yubikey,
+ unsigned int client_id,
+ size_t keylen,
+ const char *key);
+
+#endif
View
59 selftest.c
@@ -0,0 +1,59 @@
+/* selftest.c --- Self-tests for Yubico client library.
+ *
+ * Written by Simon Josefsson <simon@josefsson.org>.
+ * Copyright (c) 2006, 2007, 2008 Yubico AB
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <libykclient.h>
+#include <stdio.h>
+
+int
+main (void)
+{
+ yubikey_client_t c;
+ int ret;
+
+ c = yubikey_client_init ();
+
+ yubikey_client_set_info (c, 16, 6, "foobar");
+
+ ret = yubikey_client_request (c, "dteffujehknhfjbrjnlnldnhcujvddbikngjrtgh");
+
+ printf ("return code (%d): %s\n", ret, yubikey_client_strerror (ret));
+
+ yubikey_client_done (&c);
+
+ printf ("strerror(0): %s\n", yubikey_client_strerror (0));
+ printf ("strerror(BAD_OTP): %s\n",
+ yubikey_client_strerror (YUBIKEY_CLIENT_BAD_OTP));
+
+ printf ("\nAll tests successful\n");
+
+ return 0;
+}
View
45 simple.mk
@@ -0,0 +1,45 @@
+# Makefile --- Instructions for make to build Yubikey client library and tools.
+#
+# Written by Simon Josefsson <simon@josefsson.org>.
+# Copyright (c) 2006, 2007, 2008 Yubico AB
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+CFLAGS = -I. -Wall -g -DPACKAGE=\"yubikey-client\" -DPACKAGE_VERSION=\"0\"
+
+LDFLAGS = -lcurl
+
+PROGRAMS = ykclient selftest
+
+all: $(PROGRAMS)
+
+$(PROGRAMS): libykclient.o
+
+clean:
+ rm -f $(PROGRAMS) *~ *.o
+
+check: all
+ ./selftest
View
81 ykclient.c
@@ -0,0 +1,81 @@
+/* ykclient.c --- Command line interface to libyubikey-client.
+ *
+ * Written by Simon Josefsson <simon@josefsson.org>.
+ * Copyright (c) 2006, 2007, 2008 Yubico AB
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "libykclient.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <string.h>
+
+int
+main (int argc, char *argv[])
+{
+ char *client_id, *token;
+ int ret;
+
+ /* Parse command line parameters. */
+ if (argc != 3)
+ {
+ printf ("Usage: %s <client_id> <yubikey_output>\n", argv[0]);
+ printf (" CLIENT_ID: your client id integer\n");
+ printf (" YUBIKEY_OUTPUT: One-time password generated by yubikey\n");
+ return EXIT_FAILURE;
+ }
+
+ client_id = argv[1];
+ token = argv[2];
+
+ if (atoi (client_id) <= 0)
+ {
+ printf ("error: client identity must be a non-zero integer.\n");
+ return EXIT_FAILURE;
+ }
+
+ if (strlen (token) < 32)
+ {
+ printf ("error: ModHex encoded token must be at least 32 characters.\n");
+ return EXIT_FAILURE;
+ }
+
+ /* Debug. */
+ printf ("Input:\n");
+ printf (" client id: %d\n", atoi (client_id));
+ printf (" token: %s\n", token);
+
+ ret = yubikey_client_simple_request (token, atoi (client_id), 0, NULL);
+
+ printf ("Verification output (%d): %s\n", ret, yubikey_client_strerror (ret));
+
+ return EXIT_FAILURE;
+}

0 comments on commit 073f344

Please sign in to comment.