Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 3:31 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Wed Apr 29, 2009 9:58 pm 
Offline

Joined: Fri Jan 02, 2009 6:45 pm
Posts: 2
ykclient fails, but it shouldn't!
i get the following when trying to authenticate to a local authentication server:
[gmatz@bunnybear ykclient-2.2]$ ./ykclient 1 frrdebhfhebhtdvevvthgktfutbigvkufb
Input:
client id: 1
token: frrdebhfhebhtdvevvthgktfutbigvkufb
Verification output (101): Could not parse server response

however my webserver log says:

2009-04-29 15:45:01,863 [http-8080-1] DEBUG com.yubico.wsapi.Database - com.mysql.jdbc.ServerPreparedStatement[1] - select * from clients where id = '1'
2009-04-29 15:45:01,866 [http-8080-1] DEBUG com.yubico.wsapi.Database - com.mysql.jdbc.ServerPreparedStatement[2] - select * from perms where id = '1'
2009-04-29 15:45:01,868 [http-8080-1] INFO com.yubico.wsapi.Perms - Checking [VerificationRequest [Request [Message map={id=1, otp=frhikfucfnvevtunnfrrdirlcdliihivdutlbjllhdcu}]]] against [Perms verify otp=true, add clients=true, delete clients=true, add keys=true, delete keys=true]
2009-04-29 15:45:01,895 [http-8080-1] INFO com.yubico.wsapi.Database - com.mysql.jdbc.ServerPreparedStatement[1] - select * from yubikeys where tokenId = 'TGeU4Evz'
2009-04-29 15:45:01,897 [http-8080-1] DEBUG com.yubico.wsapi.Database - com.mysql.jdbc.ServerPreparedStatement[1] - select * from yubikeys where tokenId = 'TGeU4Evz'
2009-04-29 15:45:01,899 [http-8080-1] DEBUG com.yubico.wsapi.KeySubsystem - secret=[Secret key=X3YvTwzsvfDC6CZoo3NJ6g==]
2009-04-29 15:45:01,899 [http-8080-1] DEBUG com.yubico.wsapi.KeySubsystem - otp=vtunnfrrdirlcdliihivdutlbjllhdcu
2009-04-29 15:45:01,919 [http-8080-1] DEBUG com.yubico.wsapi.Database - com.mysql.jdbc.ServerPreparedStatement[1] - update yubikeys set accessed='2009-04-29 15:45:01', counter=64, high=101, low=48332, sessionUse=0 where tokenId='TGeU4Evz'
2009-04-29 15:45:01,987 [http-8080-1] DEBUG com.yubico.wsapi.VerificationResponse - client signer=[Client created=Wed Apr 15 00:00:00 GMT-05:00 2009, email=fooo@bar.com, secret=[Secret key=Mysecret], perms=[Perms verify otp=true, add clients=true, delete clients=true, add keys=true, delete keys=true]]
2009-04-29 15:45:01,987 [http-8080-1] DEBUG com.yubico.wsapi.Message - message.sign, map={t=2009-04-29T15:45:01Z0987, status=OK}
2009-04-29 15:45:01,987 [http-8080-1] DEBUG com.yubico.wsapi.Crypto - about to sign {t=2009-04-29T15:45:01Z0987, status=OK}
2009-04-29 15:45:01,988 [http-8080-1] DEBUG com.yubico.wsapi.Crypto - signing status=OK&t=2009-04-29T15:45:01Z0987 with [Secret key=MySecret] into hpiahOFNvJ6DA3rUxnUnqIe1k/g=

strace says that ykclient (libcurl) is initiating a HTTP/1.1 call (its default), so i tried a few HTTP/1.0 GETs by hand and it looks like it fails in HTTP/1.1 GETs and only works with HTTP/1.0 GETs

[gmatz@bunnybear ykclient-2.2]$ telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /wsapi/verify?id=1&otp=frhikfucfnvecjgvhkbigeknvglrdlbclhbbnlkhnujk HTTP/1.0

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 73
Date: Wed, 29 Apr 2009 20:50:03 GMT
Connection: close

t=2009-04-29T15:50:03Z0415
status=OK
h=qrEMiTi7i4tcOR2NKJem1VDoYZk=

Connection closed by foreign host.
[gmatz@bunnybear ykclient-2.2]$ telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /wsapi/verify?id=1&otp=frhikfucfnvelvgjgdujjvvhulvrjtjdnuffnnegflbh HTTP/1.1

HTTP/1.1 400 Bad Request
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Date: Wed, 29 Apr 2009 20:50:27 GMT
Connection: close

0

Connection closed by foreign host.


I added a line to ykclient.c to force a 1.0 connection:
curl_easy_setopt (ykc->curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);

but I still get a 1.1 response from my tomcat 6 server.

BTW, does anyone know why the server is hard-coded in ykclient? why it doesn't take command line params?

any help here would be much appreciated.

Regards,
Guy


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Apr 30, 2009 4:26 pm 
Offline

Joined: Thu Apr 30, 2009 4:22 pm
Posts: 3
I rerun Guy's test with ykclient SVN revision 59 (latest as of today). It looks like there is some problem parsing out lines of response.
Here's the output of ykclient run with debug enabled. Notice how the status variable has length of 51 and contains both status=... and h=... lines.

./ykclient 2 tgueneblcteluhgudfnbbiffevgddlifgnngiekvuiuu
Input:
client id: 2
token: tgueneblcteluhgudfnbbiffevgddlifgnngiekvuiuu
debug: ykclient.c:399 (ykclient_request): server response (83): t=2009-04-30T10:16:03Z0613
status=REPLAYED_OTP
h=BWwOiYTKijmo3SJCmUT1XyMLGPY=

debug: ykclient.c:412 (ykclient_request): parsed status (51): status=REPLAYED_OTP
h=BWwOiYTKijmo3SJCmUT1XyMLGPY=
Verification output (101): Could not parse server response


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 30, 2009 5:02 pm 
Offline

Joined: Thu Apr 30, 2009 4:22 pm
Posts: 3
Running into a known issue
http://code.google.com/p/yubico-c-clien ... etail?id=2


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 30, 2009 5:45 pm 
Offline

Joined: Fri Jan 02, 2009 6:45 pm
Posts: 2
And it looks like you've found a resolution to the issue! Thanks so much, Mr. Sushkin! It's a pleasure to be a part of the Yubico community with such helpful people such as yourself! If only there was a "pat on the back" emoticon . . . I would give you *two* of them!

Thanks again,
Guy Matz


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 30, 2009 8:07 pm 
Offline

Joined: Thu Apr 30, 2009 4:22 pm
Posts: 3
guymatz wrote:
And it looks like you've found a resolution to the issue! Thanks so much, Mr. Sushkin! It's a pleasure to be a part of the Yubico community with such helpful people such as yourself! If only there was a "pat on the back" emoticon . . . I would give you *two* of them!

Thanks again,
Guy Matz


:lol: No problem at all, Mr. Matz
:idea: "buy a beer" emoticons?


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group