--- yubikey-server-c-0.5.orig/debian/TODO +++ yubikey-server-c-0.5/debian/TODO @@ -0,0 +1,2 @@ + +- maybe dbconfig-common integration? --- yubikey-server-c-0.5.orig/debian/changelog +++ yubikey-server-c-0.5/debian/changelog @@ -0,0 +1,47 @@ +yubikey-server-c (0.5-1.1) unstable; urgency=low + + * Non-maintainer upload. + * B-d on libgcrypt20-dev instead of libgcrypt11-dev. Closes: #864140 + + -- Andreas Metzler Sat, 27 Oct 2018 08:38:18 +0200 + +yubikey-server-c (0.5-1) unstable; urgency=low + + * New upstream release: + - be stricter about checking for configuration file (prevents + segfault) + - explicitly link against libgcrypt. Should fix build failure with + binutils-gold. Closes: #556920 + * Make sure to install sample configuration file. Closes: #565986 + * Clean up init file a little bit to prevent errors from grep. + + -- Tollef Fog Heen Wed, 27 Jan 2010 22:15:44 +0100 + +yubikey-server-c (0.4-1) unstable; urgency=low + + * New upstream version + - Fix assert error if OTP is too short to be a valid token. + * Remove -g from useradd call as it is not needed. Closes: #560168 + + -- Tollef Fog Heen Sun, 27 Dec 2009 12:12:59 +0100 + +yubikey-server-c (0.3-1) unstable; urgency=low + + * New upstream release. + - Fix accidential information disclosure where it would always log the + OTP passed in, even if this was not a valid OTP (like, a normal password). + + -- Tollef Fog Heen Tue, 27 Oct 2009 21:38:58 +0100 + +yubikey-server-c (0.2-1) unstable; urgency=low + + * New upstream version + - Fixes segfault. + + -- Tollef Fog Heen Mon, 26 Oct 2009 22:57:57 +0100 + +yubikey-server-c (0.1-1) unstable; urgency=low + + * Initial release + + -- Tollef Fog Heen Mon, 19 Oct 2009 16:35:58 +0200 --- yubikey-server-c-0.5.orig/debian/compat +++ yubikey-server-c-0.5/debian/compat @@ -0,0 +1 @@ +7 --- yubikey-server-c-0.5.orig/debian/control +++ yubikey-server-c-0.5/debian/control @@ -0,0 +1,20 @@ +Source: yubikey-server-c +Section: admin +Priority: optional +Maintainer: Tollef Fog Heen +Build-Depends: debhelper (>= 7), autotools-dev, libpq-dev, libmicrohttpd-dev, libyubikey-dev, pkg-config, libgcrypt20-dev +Standards-Version: 3.8.3 + +Package: yubikey-server-c +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Yubikey validation server + Yubikeys are USB tokens that act like keyboards and generate one-time + passwords. The tokens are produced and sold by Yubico + . + This is a server that checks the validity of those OTP tokens. There + are servers written in Java and PHP, while this one is written in C + . + It implements the server side of the API as described on + http://www.yubico.com/developers/api/ and can be used with any client + that implements the same API. --- yubikey-server-c-0.5.orig/debian/copyright +++ yubikey-server-c-0.5/debian/copyright @@ -0,0 +1,28 @@ +This work was packaged for Debian by Tollef Fog Heen , on Mon, 19 Oct 2009 16:35:58 +0200 + +Upstream Author: + + Tollef Fog Heen + +Copyright: + + Copyright (C) 2009 Tollef Fog Heen + +License: + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + version 2 as published by the Free Software Foundation. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. + +The full text of the GPL version 2 can be found in +/usr/share/common-licenses/GPL-2 on most Debian systems. \ No newline at end of file --- yubikey-server-c-0.5.orig/debian/docs +++ yubikey-server-c-0.5/debian/docs @@ -0,0 +1,2 @@ +README + --- yubikey-server-c-0.5.orig/debian/gitpkg-hook.sh +++ yubikey-server-c-0.5/debian/gitpkg-hook.sh @@ -0,0 +1,9 @@ +#! /bin/sh +# This file is used by gitpkg to extract a byte identical .orig.tar.gz +# file using pristine-tar. To use it you need pristine-tar, and to +# configure HOOK_FILE=debian/gitpkg-hook.sh in one of the places that +# gitpkg looks (currently _not_ the environment). +set -x +ORIGTGZ="${DEB_DIR}/${DEB_SOURCE}/${DEB_SOURCE}_${DEB_VERSION%-*}.orig.tar.gz" +echo "(cd $REPO_ROOT && pristine-tar checkout ${ORIGTGZ})" +(cd $REPO_ROOT && pristine-tar checkout ${ORIGTGZ}) --- yubikey-server-c-0.5.orig/debian/init +++ yubikey-server-c-0.5/debian/init @@ -0,0 +1,127 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: yubikeyd yubikey-server-c +# Required-Start: +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Yubikey validation server +# Description: +### END INIT INFO + +# Author: Tollef Fog Heen + +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="Description of the service" +CONFIGFILE=/etc/yubikeyd.conf +NAME=yubikeyd +DAEMON=/usr/sbin/$NAME +DAEMON_ARGS="-c $CONFIGFILE" +PIDFILE=/var/run/yubikeyd/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +if ! [ -r "$CONFIGFILE" ]; then + echo "Configuration file $CONFIGFILE does not exist or is not readable" + exit 1 +fi + +U=$(grep ^user= $CONFIGFILE| cut -d= -f 2) +G=$(grep ^group= $CONFIGFILE| cut -d= -f 2) + +# +# Function that starts the daemon/service +# +do_start() +{ + + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + mkdir -p "$(dirname $PIDFILE)" + chown "$U:$G" "$(dirname $PIDFILE)" + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + rm -f $PIDFILE + return "$RETVAL" +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: --- yubikey-server-c-0.5.orig/debian/rules +++ yubikey-server-c-0.5/debian/rules @@ -0,0 +1,13 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +%: + dh $@ --- yubikey-server-c-0.5.orig/debian/yubikey-server-c.install +++ yubikey-server-c-0.5/debian/yubikey-server-c.install @@ -0,0 +1 @@ +debian/yubikeyd.conf etc --- yubikey-server-c-0.5.orig/debian/yubikey-server-c.postinst +++ yubikey-server-c-0.5/debian/yubikey-server-c.postinst @@ -0,0 +1,7 @@ +#! /bin/sh -e + +if ! getent passwd yubikeyd> /dev/null; then + useradd -U -r -d /nonexistent yubikeyd +fi + +#DEBHELPER# --- yubikey-server-c-0.5.orig/debian/yubikeyd.conf +++ yubikey-server-c-0.5/debian/yubikeyd.conf @@ -0,0 +1,5 @@ +pidfile=/var/run/yubikeyd/yubikeyd.pid +user=yubikeyd +group=yubikeyd +dbdef=dbname=yubikey port=5432 +port=7443 --- yubikey-server-c-0.5.orig/schema.sql +++ yubikey-server-c-0.5/schema.sql @@ -0,0 +1,29 @@ + +-- -- +-- This should work with at least PostgreSQL. Maybe more -- +-- -- + +CREATE TABLE yubikey ( + yubikey_id serial NOT NULL, + active boolean NOT NULL DEFAULT 'f', + public_id varchar, -- fixed public bit of the key's output, modhex encoded + secret_uid bytea NOT NULL, -- secret uid bit of the key + secret_key bytea NOT NULL, + session_counter int, + session_use int +); + +INSERT INTO yubikey (active, public_id, + secret_uid, secret_key, session_counter, session_use) VALUES + ('t', 'tfheen', + E'\\000\\000\\000\\000\\000\\000', + decode('baef43c254e9d2217912e80ed71a7b4a', 'hex'), + 0, 0); + +CREATE TABLE shared_secret ( + secret_id serial NOT NULL, + secret bytea NOT NULL, + active boolean NOT NULL DEFAULT 'f' +); + +INSERT INTO shared_secret (secret, active) VALUES (decode('MQ6fOy1t/add/wisbu2O+LpPiMs=', 'base64'), 't'); --- yubikey-server-c-0.5.orig/src/util.h +++ yubikey-server-c-0.5/src/util.h @@ -0,0 +1,17 @@ + +#ifndef ysc_util_h__ +#define ysc_util_h__ + +#include + +void *ysc_memdup(void *p, size_t len); +size_t ysc_nstrstr(const char *haystack, const char *needle); + +size_t ysc_strftime(char *s, size_t max, const char *format, + const struct timeval *tv); + +char *ysc_b64_encode(char *s, ssize_t len); +ssize_t ysc_b64_decode(const char *s, char **r); + + +#endif /* ysc_util_h */