Hello community,
here is the log from the commit of package ykclient for openSUSE:Factory checked in at 2016-06-02 09:36:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ykclient (Old)
and /work/SRC/openSUSE:Factory/.ykclient.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ykclient"
Changes:
--------
--- /work/SRC/openSUSE:Factory/ykclient/ykclient.changes 2015-04-15 16:27:41.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.ykclient.new/ykclient.changes 2016-06-02 09:36:45.000000000 +0200
@@ -1,0 +2,13 @@
+Tue May 17 14:42:29 UTC 2016 - t.gruner@katodev.de
+
+- Add .sig file to ykclient.spec
+
+-------------------------------------------------------------------
+Thu Nov 12 14:42:12 UTC 2015 - t.gruner@katodev.de
+
+- Version 2.15 (released 2015-11-12)
+ - Add ykclient_get_server_response() to the library.
+ - Show more information from the commandline on debug.
+ - Add proxy support via Curl.
+
+-------------------------------------------------------------------
Old:
----
ykclient-2.14.tar.gz
New:
----
ykclient-2.15.tar.gz
ykclient-2.15.tar.gz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ykclient.spec ++++++
--- /var/tmp/diff_new_pack.moO9Cb/_old 2016-06-02 09:36:46.000000000 +0200
+++ /var/tmp/diff_new_pack.moO9Cb/_new 2016-06-02 09:36:46.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ykclient
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,16 +17,18 @@
Name: ykclient
-Version: 2.14
+Version: 2.15
Release: 0
Summary: Online validation of Yubikey OTPs
License: BSD-2-Clause
Group: Productivity/Networking/Security
Url: https://developers.yubico.com/
-Source: https://developers.yubico.com/yubico-c-client/Releases/ykclient-%{version}.tar.gz
+Source0: https://developers.yubico.com/yubico-c-client/Releases/ykclient-%{version}.tar.gz
+Source1: https://developers.yubico.com/yubico-c-client/Releases/ykclient-%{version}.tar.gz.sig
BuildRequires: curl-devel
BuildRequires: help2man
BuildRequires: pkgconfig
+Requires: libykclient3 = %{version}
Provides: yubico-c-client = %{version}
BuildRoot: %{_tmppath}/%{name}-%{version}-build
++++++ ykclient-2.14.tar.gz -> ykclient-2.15.tar.gz ++++++
++++ 2210 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/ChangeLog new/ykclient-2.15/ChangeLog
--- old/ykclient-2.14/ChangeLog 2015-03-05 13:57:25.000000000 +0100
+++ new/ykclient-2.15/ChangeLog 2015-11-12 09:33:27.000000000 +0100
@@ -1,3 +1,45 @@
+2015-11-12 Klas Lindfors
+
+ * NEWS: NEWS for 2.15
+
+2015-11-11 Klas Lindfors
+
+ * : Merge pull request #36 from mikemn/master Add proxy support via Curl
+
+2015-07-09 Klas Lindfors
+
+ * ykclient.c: make sure there is always at least one handle found with clang scan-build
+
+2015-07-05 Klas Lindfors
+
+ * Makefile.am, configure.ac: add help2adoc for releases
+
+2015-06-24 Klas Lindfors
+
+ * configure.ac: bump libtool variables correctly since a symbol was
+ added
+
+2015-06-24 Klas Lindfors
+
+ * tool.c: tool: use server response to print out more debug info
+
+2015-06-24 Klas Lindfors
+
+ * libykclient.map, ykclient.c, ykclient.h: add an interface to fetch
+ the last server response
+
+2015-06-24 Klas Lindfors
+
+ * ykclient.c: add timestamp to the default query
+
+2015-06-15 Klas Lindfors
+
+ * tool.c: add --cai to commandline tool help
+
+2015-03-05 Klas Lindfors
+
+ * NEWS, configure.ac: bump versions
+
2015-03-05 Klas Lindfors
* NEWS: NEWS for 2.14
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/Makefile.am new/ykclient-2.15/Makefile.am
--- old/ykclient-2.14/Makefile.am 2015-02-20 09:10:41.000000000 +0100
+++ new/ykclient-2.15/Makefile.am 2015-07-05 18:57:20.000000000 +0200
@@ -134,3 +134,5 @@
cd $(srcdir) && git tag -u $(KEYID) -m $(VERSION) $(PACKAGE)-$(VERSION)
cd $(srcdir) && git push --tags
$(YUBICO_WWW_REPO)/publish $(PROJECT) $(VERSION) $(PACKAGE)-$(VERSION).tar.gz*
+ $(HELP2ADOC) -e ./ykclient -n "YubiCloud One-Time-Password Validation Client" > ykclient.1.txt
+ $(YUBICO_WWW_REPO)/save-mans $(PROJECT) ykclient.1.txt
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/NEWS new/ykclient-2.15/NEWS
--- old/ykclient-2.14/NEWS 2015-03-05 13:54:14.000000000 +0100
+++ new/ykclient-2.15/NEWS 2015-11-12 09:32:36.000000000 +0100
@@ -1,5 +1,13 @@
Yubikey-c-client NEWS -- History of user-visible changes. -*- outline -*-
+* Version 2.15 (released 2015-11-12)
+
+** Add ykclient_get_server_response() to the library.
+
+** Show more information from the commandline on debug.
+
+** Add proxy support via Curl.
+
* Version 2.14 (released 2015-03-05)
** Switch default templates to https.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/build-aux/ar-lib new/ykclient-2.15/build-aux/ar-lib
--- old/ykclient-2.14/build-aux/ar-lib 2015-02-08 21:09:29.000000000 +0100
+++ new/ykclient-2.15/build-aux/ar-lib 2015-11-12 09:33:04.000000000 +0100
@@ -4,7 +4,7 @@
me=ar-lib
scriptversion=2012-03-01.08; # UTC
-# Copyright (C) 2010-2013 Free Software Foundation, Inc.
+# Copyright (C) 2010-2014 Free Software Foundation, Inc.
# Written by Peter Rosin .
#
# This program is free software; you can redistribute it and/or modify
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/build-aux/compile new/ykclient-2.15/build-aux/compile
--- old/ykclient-2.14/build-aux/compile 2015-02-08 21:09:29.000000000 +0100
+++ new/ykclient-2.15/build-aux/compile 2015-11-12 09:33:04.000000000 +0100
@@ -3,7 +3,7 @@
scriptversion=2012-10-14.11; # UTC
-# Copyright (C) 1999-2013 Free Software Foundation, Inc.
+# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Written by Tom Tromey .
#
# This program is free software; you can redistribute it and/or modify
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/build-aux/missing new/ykclient-2.15/build-aux/missing
--- old/ykclient-2.14/build-aux/missing 2015-02-08 21:09:29.000000000 +0100
+++ new/ykclient-2.15/build-aux/missing 2015-11-12 09:33:04.000000000 +0100
@@ -3,7 +3,7 @@
scriptversion=2013-10-28.13; # UTC
-# Copyright (C) 1996-2013 Free Software Foundation, Inc.
+# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard , 1996.
# This program is free software; you can redistribute it and/or modify
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/build-aux/test-driver new/ykclient-2.15/build-aux/test-driver
--- old/ykclient-2.14/build-aux/test-driver 2015-02-08 21:09:29.000000000 +0100
+++ new/ykclient-2.15/build-aux/test-driver 2015-11-12 09:33:05.000000000 +0100
@@ -3,7 +3,7 @@
scriptversion=2013-07-13.22; # UTC
-# Copyright (C) 2011-2013 Free Software Foundation, Inc.
+# Copyright (C) 2011-2014 Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -106,11 +106,14 @@
# Test script is run here.
"$@" >$log_file 2>&1
estatus=$?
+
if test $enable_hard_errors = no && test $estatus -eq 99; then
- estatus=1
+ tweaked_estatus=1
+else
+ tweaked_estatus=$estatus
fi
-case $estatus:$expect_failure in
+case $tweaked_estatus:$expect_failure in
0:yes) col=$red res=XPASS recheck=yes gcopy=yes;;
0:*) col=$grn res=PASS recheck=no gcopy=no;;
77:*) col=$blu res=SKIP recheck=no gcopy=yes;;
@@ -119,6 +122,12 @@
*:*) col=$red res=FAIL recheck=yes gcopy=yes;;
esac
+# Report the test outcome and exit status in the logs, so that one can
+# know whether the test passed or failed simply by looking at the '.log'
+# file, without the need of also peaking into the corresponding '.trs'
+# file (automake bug#11814).
+echo "$res $test_name (exit status: $estatus)" >>$log_file
+
# Report outcome to console.
echo "${col}${res}${std}: $test_name"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/configure.ac new/ykclient-2.15/configure.ac
--- old/ykclient-2.14/configure.ac 2015-02-20 09:10:41.000000000 +0100
+++ new/ykclient-2.15/configure.ac 2015-07-05 18:02:07.000000000 +0200
@@ -26,7 +26,7 @@
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-AC_INIT([ykclient], [2.14], [yubico-devel@googlegroups.com])
+AC_INIT([ykclient], [2.15], [yubico-devel@googlegroups.com])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([m4])
@@ -34,9 +34,9 @@
# Interfaces changed/added/removed: CURRENT++ REVISION=0
# Interfaces added: AGE++
# Interfaces removed: AGE=0
-AC_SUBST(LT_CURRENT, 8)
-AC_SUBST(LT_REVISION, 4)
-AC_SUBST(LT_AGE, 5)
+AC_SUBST(LT_CURRENT, 9)
+AC_SUBST(LT_REVISION, 0)
+AC_SUBST(LT_AGE, 6)
AM_INIT_AUTOMAKE([1.11 -Wall -Werror])
AM_SILENT_RULES([yes])
@@ -45,6 +45,7 @@
m4_ifdef([AM_PROG_AR], [AM_PROG_AR])
AM_MISSING_PROG(HELP2MAN, help2man, $missing_dir)
+AM_MISSING_PROG(HELP2ADOC, help2adoc, $missing_dir)
AC_LIBTOOL_WIN32_DLL
AC_PROG_LIBTOOL
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/libykclient.map new/ykclient-2.15/libykclient.map
--- old/ykclient-2.14/libykclient.map 2014-06-03 09:12:22.000000000 +0200
+++ new/ykclient-2.15/libykclient.map 2015-11-11 12:54:55.000000000 +0100
@@ -65,3 +65,9 @@
ykclient_set_ca_info;
ykclient_set_url_bases;
} Base;
+
+YKCLIENT_2.15 {
+ global:
+ ykclient_get_server_response;
+ ykclient_set_proxy;
+} YKCLIENT_2.12;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/tool.c new/ykclient-2.15/tool.c
--- old/ykclient-2.14/tool.c 2015-02-20 09:10:56.000000000 +0100
+++ new/ykclient-2.15/tool.c 2015-11-11 12:57:54.000000000 +0100
@@ -53,7 +53,11 @@
" \"http://api.yubico.com/wsapi/verify\"\n"
" --ca CADIR Path to directory containing Certificate Authoritity,\n"
" e.g., \"/usr/local/etc/CERTS\"\n"
+ " --cai CAFILE Path to a file holding one or more certificated to\n"
+ " verify the peer with\n"
" --apikey Key API key for HMAC validation of request/response\n"
+ " --proxy ip:port Connect to validation service through a proxy,\n"
+ " e.g., \"socks5h://user:pass@127.0.0.1:1080\"\n"
"\n"
"Exit status is 0 on success, 1 if there is a hard failure, 2 if the\n"
"OTP was replayed, 3 for other soft OTP-related failures.\n"
@@ -64,6 +68,7 @@
{"ca", 1, 0, 'c'},
{"cai", 1, 0, 'i'},
{"apikey", 1, 0, 'a'},
+ {"proxy", 1, 0, 'p'},
{"debug", 0, 0, 'd'},
{"help", 0, 0, 'h'},
{"version", 0, 0, 'V'},
@@ -74,7 +79,7 @@
static void
parse_args (int argc, char *argv[],
unsigned int *client_id, char **token, char **url, char **ca,
- char **cai, char **api_key, int *debug)
+ char **cai, char **api_key, char **proxy, int *debug)
{
while (1)
{
@@ -131,6 +136,15 @@
*cai = optarg;
break;
+ case 'p':
+ if (strlen(optarg) < 1)
+ {
+ fprintf (stderr, "error: must give a valid proxy [scheme]://ip:port");
+ exit (EXIT_FAILURE);
+ }
+ *proxy = optarg;
+ break;
+
case 'h':
printf ("%s", usage);
exit (EXIT_SUCCESS);
@@ -172,20 +186,17 @@
main (int argc, char *argv[])
{
unsigned int client_id;
- char *token, *url = NULL, *ca = NULL, *api_key = NULL, *cai = NULL;
+ char *token, *url = NULL, *ca = NULL, *api_key = NULL, *cai = NULL, *proxy = NULL;
int debug = 0;
ykclient_rc ret;
ykclient_t *ykc = NULL;
- parse_args (argc, argv, &client_id, &token, &url, &ca, &cai, &api_key,
+ parse_args (argc, argv, &client_id, &token, &url, &ca, &cai, &api_key, &proxy,
&debug);
- if (ca || cai)
- {
- ret = ykclient_init (&ykc);
- if (ret != YKCLIENT_OK)
- return EXIT_FAILURE;
- }
+ ret = ykclient_init (&ykc);
+ if (ret != YKCLIENT_OK)
+ return EXIT_FAILURE;
if (ca)
{
@@ -196,6 +207,10 @@
{
ykclient_set_ca_info (ykc, cai);
}
+ if (proxy)
+ {
+ ykclient_set_proxy (ykc, proxy);
+ }
if (debug)
{
@@ -210,13 +225,29 @@
fprintf (stderr, " token: %s\n", token);
if (api_key != NULL)
fprintf (stderr, " api key: %s\n", api_key);
+ if (proxy != NULL)
+ fprintf (stderr, "Using proxy: %s\n", proxy);
}
ret = ykclient_verify_otp_v2 (ykc, token, client_id, NULL, 1,
(const char **) &url, api_key);
if (debug)
- printf ("Verification output (%d): %s\n", ret, ykclient_strerror (ret));
+ {
+ const ykclient_server_response_t *srv_response = ykclient_get_server_response (ykc);
+ printf ("Response from: %s\n", ykclient_get_last_url (ykc));
+ printf ("Verification output (%d): %s\n", ret, ykclient_strerror (ret));
+ printf (" otp: %s\n", ykclient_server_response_get (srv_response, "otp"));
+ printf (" nonce: %s\n", ykclient_server_response_get (srv_response, "nonce"));
+ printf (" t: %s\n", ykclient_server_response_get (srv_response, "t"));
+ printf (" timestamp: %s\n", ykclient_server_response_get (srv_response, "timestamp"));
+ printf (" sessioncounter: %s\n", ykclient_server_response_get (srv_response, "sessioncounter"));
+ printf (" sessionuse: %s\n", ykclient_server_response_get (srv_response, "sessionuse"));
+ printf (" sl: %s\n", ykclient_server_response_get (srv_response, "sl"));
+ printf (" status: %s\n", ykclient_server_response_get (srv_response, "status"));
+ }
+
+ ykclient_done(&ykc);
if (ret == YKCLIENT_REPLAYED_OTP)
return 2;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/ykclient.1 new/ykclient-2.15/ykclient.1
--- old/ykclient-2.14/ykclient.1 2015-03-05 13:54:21.000000000 +0100
+++ new/ykclient-2.15/ykclient.1 2015-11-12 09:33:28.000000000 +0100
@@ -1,10 +1,10 @@
-.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.44.1.
-.TH YKCLIENT "1" "March 2015" "ykclient 2.14" "User Commands"
+.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.2.
+.TH YKCLIENT "1" "November 2015" "ykclient 2.15" "User Commands"
.SH NAME
ykclient \- YubiCloud One-Time-Password Validation Client
.SH SYNOPSIS
.B ykclient
-[\fIOPTION\fR]... \fICLIENTID YUBIKEYOTP\fR
+[\fI\,OPTION\/\fR]... \fI\,CLIENTID YUBIKEYOTP\/\fR
.SH DESCRIPTION
Validate the YUBIKEYOTP one\-time\-password against the YubiCloud
using CLIENTID as the client identifier.
@@ -28,8 +28,16 @@
Path to directory containing Certificate Authoritity,
e.g., "/usr/local/etc/CERTS"
.TP
+\fB\-\-cai\fR CAFILE
+Path to a file holding one or more certificated to
+verify the peer with
+.TP
\fB\-\-apikey\fR Key
API key for HMAC validation of request/response
+.TP
+\fB\-\-proxy\fR ip:port
+Connect to validation service through a proxy,
+e.g., "socks5h://user:pass@127.0.0.1:1080"
.PP
Exit status is 0 on success, 1 if there is a hard failure, 2 if the
OTP was replayed, 3 for other soft OTP\-related failures.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/ykclient.c new/ykclient-2.15/ykclient.c
--- old/ykclient-2.14/ykclient.c 2015-02-20 09:10:56.000000000 +0100
+++ new/ykclient-2.15/ykclient.c 2015-11-11 12:57:54.000000000 +0100
@@ -52,6 +52,7 @@
#define ADD_OTP "&otp="
#define ADD_HASH "&h="
#define ADD_ID "?id="
+#define ADD_TS "×tamp=1"
#define TEMPLATE_FORMAT_OLD 1
#define TEMPLATE_FORMAT_NEW 2
@@ -60,6 +61,7 @@
{
const char *ca_path;
const char *ca_info;
+ const char *proxy;
size_t num_templates;
char **url_templates;
int template_format;
@@ -71,6 +73,7 @@
char *nonce;
char nonce_supplied;
int verify_signature;
+ ykclient_server_response_t *srv_response;
};
struct curl_data
@@ -152,6 +155,7 @@
p->ca_path = NULL;
p->ca_info = NULL;
+ p->proxy = NULL;
p->key = NULL;
p->keylen = 0;
@@ -162,6 +166,8 @@
p->nonce = NULL;
p->nonce_supplied = 0;
+ p->srv_response = NULL;
+
/*
* Verification of server signature can only be done if there is
* an API key provided
@@ -202,6 +208,11 @@
free ((*ykc)->url_templates);
}
+ if ((*ykc)->srv_response)
+ {
+ ykclient_server_response_free((*ykc)->srv_response);
+ }
+
free ((*ykc)->key_buf);
free (*ykc);
}
@@ -320,6 +331,17 @@
curl_easy_setopt (easy, CURLOPT_CAINFO, ykc->ca_info);
}
+ if (ykc->proxy)
+ {
+ /*
+ * The proxy string may be prefixed with [scheme]://ip:port to specify which kind of proxy is used.
+ * Valid choices are: socks4://, socks4a://, socks5:// or socks5h://
+ * Use socks5h to ask the proxy to do the dns resolving.
+ * If no scheme or port is specified HTTP proxy port 1080 will be used.
+ */
+ curl_easy_setopt (easy, CURLOPT_PROXY, ykc->proxy);
+ }
+
curl_easy_setopt (easy, CURLOPT_WRITEDATA, (void *) data);
curl_easy_setopt (easy, CURLOPT_PRIVATE, (void *) data);
curl_easy_setopt (easy, CURLOPT_WRITEFUNCTION, curl_callback);
@@ -329,6 +351,11 @@
p->easy[p->num_easy] = easy;
}
+ if(p->num_easy == 0) {
+ ykclient_handle_done (&p);
+ return YKCLIENT_BAD_INPUT;
+ }
+
/* Take this opportunity to allocate the array for expanded URLs */
p->url_exp = malloc (sizeof (char *) * p->num_easy);
if (!p->url_exp)
@@ -562,6 +589,17 @@
ykc->ca_info = ca_info;
}
+/** Set the proxy
+ *
+ * Must be called before creating handles.
+ */
+void
+ykclient_set_proxy (ykclient_t * ykc, const char *proxy)
+{
+ ykc->proxy = proxy;
+}
+
+
/** Set a single URL template
*
* @param ykc Yubikey client configuration.
@@ -838,7 +876,7 @@
{
size_t len =
strlen (template) + strlen (encoded_otp) + strlen (ADD_OTP) +
- strlen (ADD_ID) + 1;
+ strlen (ADD_ID) + strlen(ADD_TS) + 1;
len += snprintf (NULL, 0, "%d", client_id);
if (nonce)
@@ -854,12 +892,12 @@
if (nonce)
{
- snprintf (*url_exp, len, "%s" ADD_ID "%d" ADD_NONCE "%s" ADD_OTP "%s",
+ snprintf (*url_exp, len, "%s" ADD_ID "%d" ADD_NONCE "%s" ADD_OTP "%s" ADD_TS,
template, client_id, nonce, encoded_otp);
}
else
{
- snprintf (*url_exp, len, "%s" ADD_ID "%d" ADD_OTP "%s", template,
+ snprintf (*url_exp, len, "%s" ADD_ID "%d" ADD_OTP "%s" ADD_TS, template,
client_id, encoded_otp);
}
return YKCLIENT_OK;
@@ -1162,7 +1200,6 @@
{
ykclient_rc out = YKCLIENT_OK;
int requests;
- ykclient_server_response_t *srv_response = NULL;
if (!ykc->num_templates)
{
@@ -1268,22 +1305,27 @@
curl_easy_getinfo (curl_easy, CURLINFO_EFFECTIVE_URL, &url_used);
strncpy (ykc->last_url, url_used, sizeof (ykc->last_url));
- srv_response = ykclient_server_response_init ();
- if (srv_response == NULL)
+ if(ykc->srv_response)
+ {
+ ykclient_server_response_free (ykc->srv_response);
+ }
+
+ ykc->srv_response = ykclient_server_response_init ();
+ if (ykc->srv_response == NULL)
{
out = YKCLIENT_PARSE_ERROR;
goto finish;
}
out = ykclient_server_response_parse (data->curl_chunk,
- srv_response);
+ ykc->srv_response);
if (out != YKCLIENT_OK)
{
goto finish;
}
if (ykc->verify_signature != 0 &&
- ykclient_server_response_verify_signature (srv_response,
+ ykclient_server_response_verify_signature (ykc->srv_response,
ykc->key,
ykc->keylen))
{
@@ -1291,7 +1333,7 @@
goto finish;
}
- status = ykclient_server_response_get (srv_response, "status");
+ status = ykclient_server_response_get (ykc->srv_response, "status");
if (!status)
{
out = YKCLIENT_PARSE_ERROR;
@@ -1314,7 +1356,7 @@
if (nonce)
{
char *server_nonce =
- ykclient_server_response_get (srv_response,
+ ykclient_server_response_get (ykc->srv_response,
"nonce");
if (server_nonce == NULL || strcmp (nonce, server_nonce))
{
@@ -1323,7 +1365,7 @@
}
}
- server_otp = ykclient_server_response_get (srv_response, "otp");
+ server_otp = ykclient_server_response_get (ykc->srv_response, "otp");
if (server_otp == NULL || strcmp (yubikey, server_otp))
{
out = YKCLIENT_HMAC_ERROR;
@@ -1337,17 +1379,12 @@
goto finish;
}
- ykclient_server_response_free (srv_response);
- srv_response = NULL;
+ ykclient_server_response_free (ykc->srv_response);
+ ykc->srv_response = NULL;
}
}
while (requests);
finish:
- if (srv_response)
- {
- ykclient_server_response_free (srv_response);
- }
-
return out;
}
@@ -1506,3 +1543,11 @@
yubikey_otp,
client_id, hexkey, 0, NULL, NULL);
}
+
+/**
+ * Fetch out server response of last query
+ */
+const ykclient_server_response_t *
+ykclient_get_server_response(ykclient_t *ykc) {
+ return ykc->srv_response;
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/ykclient.h new/ykclient-2.15/ykclient.h
--- old/ykclient-2.14/ykclient.h 2015-02-20 09:09:55.000000000 +0100
+++ new/ykclient-2.15/ykclient.h 2015-11-11 12:54:55.000000000 +0100
@@ -38,6 +38,7 @@
#include
#include
+#include
#ifdef __cplusplus
extern "C"
@@ -96,6 +97,8 @@
extern void ykclient_set_ca_info (ykclient_t * ykc, const char *ca_info);
+ extern void ykclient_set_proxy (ykclient_t * ykc, const char *proxy);
+
/*
* Set the nonce. A default nonce is generated in ykclient_init(), but
* if you either want to specify your own nonce, or want to remove the
@@ -129,6 +132,8 @@
const char **urls,
const char *api_key);
+/* Fetch out the server response form the last query */
+ extern const ykclient_server_response_t *ykclient_get_server_response(ykclient_t *ykc);
#ifdef __cplusplus
}
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/ykclient_version.h new/ykclient-2.15/ykclient_version.h
--- old/ykclient-2.14/ykclient_version.h 2015-02-20 09:11:16.000000000 +0100
+++ new/ykclient-2.15/ykclient_version.h 2015-11-12 09:33:10.000000000 +0100
@@ -42,7 +42,7 @@
* version number. Used together with ykclient_check_version() to
* verify header file and run-time library consistency.
*/
-#define YKCLIENT_VERSION_STRING "2.14"
+#define YKCLIENT_VERSION_STRING "2.15"
/**
* YKCLIENT_VERSION_NUMBER
@@ -52,7 +52,7 @@
* this symbol will have the value 0x01020300. The last two digits
* are only used between public releases, and will otherwise be 00.
*/
-#define YKCLIENT_VERSION_NUMBER 0x020e00
+#define YKCLIENT_VERSION_NUMBER 0x020f00
/**
* YKCLIENT_VERSION_MAJOR
@@ -70,7 +70,7 @@
* level of the header file version number. For example, when the
* header version is 1.2.3 this symbol will be 2.
*/
-#define YKCLIENT_VERSION_MINOR 14
+#define YKCLIENT_VERSION_MINOR 15
/**
* YKCLIENT_VERSION_PATCH