|
ykclient fails, but it shouldn't!
i get the following when trying to authenticate to a local authentication server:
[gmatz@bunnybear ykclient-2.2]$ ./ykclient 1 frrdebhfhebhtdvevvthgktfutbigvkufb
Input:
client id: 1
token: frrdebhfhebhtdvevvthgktfutbigvkufb
Verification output (101): Could not parse server response
however my webserver log says:
2009-04-29 15:45:01,863 [http-8080-1] DEBUG com.yubico.wsapi.Database - com.mysql.jdbc.ServerPreparedStatement[1] - select * from clients where id = '1'
2009-04-29 15:45:01,866 [http-8080-1] DEBUG com.yubico.wsapi.Database - com.mysql.jdbc.ServerPreparedStatement[2] - select * from perms where id = '1'
2009-04-29 15:45:01,868 [http-8080-1] INFO com.yubico.wsapi.Perms - Checking [VerificationRequest [Request [Message map={id=1, otp=frhikfucfnvevtunnfrrdirlcdliihivdutlbjllhdcu}]]] against [Perms verify otp=true, add clients=true, delete clients=true, add keys=true, delete keys=true]
2009-04-29 15:45:01,895 [http-8080-1] INFO com.yubico.wsapi.Database - com.mysql.jdbc.ServerPreparedStatement[1] - select * from yubikeys where tokenId = 'TGeU4Evz'
2009-04-29 15:45:01,897 [http-8080-1] DEBUG com.yubico.wsapi.Database - com.mysql.jdbc.ServerPreparedStatement[1] - select * from yubikeys where tokenId = 'TGeU4Evz'
2009-04-29 15:45:01,899 [http-8080-1] DEBUG com.yubico.wsapi.KeySubsystem - secret=[Secret key=X3YvTwzsvfDC6CZoo3NJ6g==]
2009-04-29 15:45:01,899 [http-8080-1] DEBUG com.yubico.wsapi.KeySubsystem - otp=vtunnfrrdirlcdliihivdutlbjllhdcu
2009-04-29 15:45:01,919 [http-8080-1] DEBUG com.yubico.wsapi.Database - com.mysql.jdbc.ServerPreparedStatement[1] - update yubikeys set accessed='2009-04-29 15:45:01', counter=64, high=101, low=48332, sessionUse=0 where tokenId='TGeU4Evz'
2009-04-29 15:45:01,987 [http-8080-1] DEBUG com.yubico.wsapi.VerificationResponse - client signer=[Client created=Wed Apr 15 00:00:00 GMT-05:00 2009, email=fooo@bar.com, secret=[Secret key=Mysecret], perms=[Perms verify otp=true, add clients=true, delete clients=true, add keys=true, delete keys=true]]
2009-04-29 15:45:01,987 [http-8080-1] DEBUG com.yubico.wsapi.Message - message.sign, map={t=2009-04-29T15:45:01Z0987, status=OK}
2009-04-29 15:45:01,987 [http-8080-1] DEBUG com.yubico.wsapi.Crypto - about to sign {t=2009-04-29T15:45:01Z0987, status=OK}
2009-04-29 15:45:01,988 [http-8080-1] DEBUG com.yubico.wsapi.Crypto - signing status=OK&t=2009-04-29T15:45:01Z0987 with [Secret key=MySecret] into hpiahOFNvJ6DA3rUxnUnqIe1k/g=
strace says that ykclient (libcurl) is initiating a HTTP/1.1 call (its default), so i tried a few HTTP/1.0 GETs by hand and it looks like it fails in HTTP/1.1 GETs and only works with HTTP/1.0 GETs
[gmatz@bunnybear ykclient-2.2]$ telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /wsapi/verify?id=1&otp=frhikfucfnvecjgvhkbigeknvglrdlbclhbbnlkhnujk HTTP/1.0
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 73
Date: Wed, 29 Apr 2009 20:50:03 GMT
Connection: close
t=2009-04-29T15:50:03Z0415
status=OK
h=qrEMiTi7i4tcOR2NKJem1VDoYZk=
Connection closed by foreign host.
[gmatz@bunnybear ykclient-2.2]$ telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /wsapi/verify?id=1&otp=frhikfucfnvelvgjgdujjvvhulvrjtjdnuffnnegflbh HTTP/1.1
HTTP/1.1 400 Bad Request
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Date: Wed, 29 Apr 2009 20:50:27 GMT
Connection: close
0
Connection closed by foreign host.
I added a line to ykclient.c to force a 1.0 connection:
curl_easy_setopt (ykc->curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
but I still get a 1.1 response from my tomcat 6 server.
BTW, does anyone know why the server is hard-coded in ykclient? why it doesn't take command line params?
any help here would be much appreciated.
Regards,
Guy
|
Login
FAQ
Search
No problem at all, Mr. Matz
"buy a beer" emoticons?