Hello community, here is the log from the commit of package ykclient for openSUSE:Factory checked in at 2016-06-02 09:36:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ykclient (Old) and /work/SRC/openSUSE:Factory/.ykclient.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ykclient" Changes: -------- --- /work/SRC/openSUSE:Factory/ykclient/ykclient.changes 2015-04-15 16:27:41.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ykclient.new/ykclient.changes 2016-06-02 09:36:45.000000000 +0200 @@ -1,0 +2,13 @@ +Tue May 17 14:42:29 UTC 2016 - [email protected] + +- Add .sig file to ykclient.spec + +------------------------------------------------------------------- +Thu Nov 12 14:42:12 UTC 2015 - [email protected] + +- Version 2.15 (released 2015-11-12) + - Add ykclient_get_server_response() to the library. + - Show more information from the commandline on debug. + - Add proxy support via Curl. + +------------------------------------------------------------------- Old: ---- ykclient-2.14.tar.gz New: ---- ykclient-2.15.tar.gz ykclient-2.15.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ykclient.spec ++++++ --- /var/tmp/diff_new_pack.moO9Cb/_old 2016-06-02 09:36:46.000000000 +0200 +++ /var/tmp/diff_new_pack.moO9Cb/_new 2016-06-02 09:36:46.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package ykclient # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,16 +17,18 @@ Name: ykclient -Version: 2.14 +Version: 2.15 Release: 0 Summary: Online validation of Yubikey OTPs License: BSD-2-Clause Group: Productivity/Networking/Security Url: https://developers.yubico.com/ -Source: https://developers.yubico.com/yubico-c-client/Releases/ykclient-%{version}.tar.gz +Source0: https://developers.yubico.com/yubico-c-client/Releases/ykclient-%{version}.tar.gz +Source1: https://developers.yubico.com/yubico-c-client/Releases/ykclient-%{version}.tar.gz.sig BuildRequires: curl-devel BuildRequires: help2man BuildRequires: pkgconfig +Requires: libykclient3 = %{version} Provides: yubico-c-client = %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ ykclient-2.14.tar.gz -> ykclient-2.15.tar.gz ++++++ ++++ 2210 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/ChangeLog new/ykclient-2.15/ChangeLog --- old/ykclient-2.14/ChangeLog 2015-03-05 13:57:25.000000000 +0100 +++ new/ykclient-2.15/ChangeLog 2015-11-12 09:33:27.000000000 +0100 @@ -1,3 +1,45 @@ +2015-11-12 Klas Lindfors <[email protected]> + + * NEWS: NEWS for 2.15 + +2015-11-11 Klas Lindfors <[email protected]> + + * : Merge pull request #36 from mikemn/master Add proxy support via Curl + +2015-07-09 Klas Lindfors <[email protected]> + + * ykclient.c: make sure there is always at least one handle found with clang scan-build + +2015-07-05 Klas Lindfors <[email protected]> + + * Makefile.am, configure.ac: add help2adoc for releases + +2015-06-24 Klas Lindfors <[email protected]> + + * configure.ac: bump libtool variables correctly since a symbol was + added + +2015-06-24 Klas Lindfors <[email protected]> + + * tool.c: tool: use server response to print out more debug info + +2015-06-24 Klas Lindfors <[email protected]> + + * libykclient.map, ykclient.c, ykclient.h: add an interface to fetch + the last server response + +2015-06-24 Klas Lindfors <[email protected]> + + * ykclient.c: add timestamp to the default query + +2015-06-15 Klas Lindfors <[email protected]> + + * tool.c: add --cai to commandline tool help + +2015-03-05 Klas Lindfors <[email protected]> + + * NEWS, configure.ac: bump versions + 2015-03-05 Klas Lindfors <[email protected]> * NEWS: NEWS for 2.14 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/Makefile.am new/ykclient-2.15/Makefile.am --- old/ykclient-2.14/Makefile.am 2015-02-20 09:10:41.000000000 +0100 +++ new/ykclient-2.15/Makefile.am 2015-07-05 18:57:20.000000000 +0200 @@ -134,3 +134,5 @@ cd $(srcdir) && git tag -u $(KEYID) -m $(VERSION) $(PACKAGE)-$(VERSION) cd $(srcdir) && git push --tags $(YUBICO_WWW_REPO)/publish $(PROJECT) $(VERSION) $(PACKAGE)-$(VERSION).tar.gz* + $(HELP2ADOC) -e ./ykclient -n "YubiCloud One-Time-Password Validation Client" > ykclient.1.txt + $(YUBICO_WWW_REPO)/save-mans $(PROJECT) ykclient.1.txt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/NEWS new/ykclient-2.15/NEWS --- old/ykclient-2.14/NEWS 2015-03-05 13:54:14.000000000 +0100 +++ new/ykclient-2.15/NEWS 2015-11-12 09:32:36.000000000 +0100 @@ -1,5 +1,13 @@ Yubikey-c-client NEWS -- History of user-visible changes. -*- outline -*- +* Version 2.15 (released 2015-11-12) + +** Add ykclient_get_server_response() to the library. + +** Show more information from the commandline on debug. + +** Add proxy support via Curl. + * Version 2.14 (released 2015-03-05) ** Switch default templates to https. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/build-aux/ar-lib new/ykclient-2.15/build-aux/ar-lib --- old/ykclient-2.14/build-aux/ar-lib 2015-02-08 21:09:29.000000000 +0100 +++ new/ykclient-2.15/build-aux/ar-lib 2015-11-12 09:33:04.000000000 +0100 @@ -4,7 +4,7 @@ me=ar-lib scriptversion=2012-03-01.08; # UTC -# Copyright (C) 2010-2013 Free Software Foundation, Inc. +# Copyright (C) 2010-2014 Free Software Foundation, Inc. # Written by Peter Rosin <[email protected]>. # # This program is free software; you can redistribute it and/or modify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/build-aux/compile new/ykclient-2.15/build-aux/compile --- old/ykclient-2.14/build-aux/compile 2015-02-08 21:09:29.000000000 +0100 +++ new/ykclient-2.15/build-aux/compile 2015-11-12 09:33:04.000000000 +0100 @@ -3,7 +3,7 @@ scriptversion=2012-10-14.11; # UTC -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # Written by Tom Tromey <[email protected]>. # # This program is free software; you can redistribute it and/or modify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/build-aux/missing new/ykclient-2.15/build-aux/missing --- old/ykclient-2.14/build-aux/missing 2015-02-08 21:09:29.000000000 +0100 +++ new/ykclient-2.15/build-aux/missing 2015-11-12 09:33:04.000000000 +0100 @@ -3,7 +3,7 @@ scriptversion=2013-10-28.13; # UTC -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard <[email protected]>, 1996. # This program is free software; you can redistribute it and/or modify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/build-aux/test-driver new/ykclient-2.15/build-aux/test-driver --- old/ykclient-2.14/build-aux/test-driver 2015-02-08 21:09:29.000000000 +0100 +++ new/ykclient-2.15/build-aux/test-driver 2015-11-12 09:33:05.000000000 +0100 @@ -3,7 +3,7 @@ scriptversion=2013-07-13.22; # UTC -# Copyright (C) 2011-2013 Free Software Foundation, Inc. +# Copyright (C) 2011-2014 Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -106,11 +106,14 @@ # Test script is run here. "$@" >$log_file 2>&1 estatus=$? + if test $enable_hard_errors = no && test $estatus -eq 99; then - estatus=1 + tweaked_estatus=1 +else + tweaked_estatus=$estatus fi -case $estatus:$expect_failure in +case $tweaked_estatus:$expect_failure in 0:yes) col=$red res=XPASS recheck=yes gcopy=yes;; 0:*) col=$grn res=PASS recheck=no gcopy=no;; 77:*) col=$blu res=SKIP recheck=no gcopy=yes;; @@ -119,6 +122,12 @@ *:*) col=$red res=FAIL recheck=yes gcopy=yes;; esac +# Report the test outcome and exit status in the logs, so that one can +# know whether the test passed or failed simply by looking at the '.log' +# file, without the need of also peaking into the corresponding '.trs' +# file (automake bug#11814). +echo "$res $test_name (exit status: $estatus)" >>$log_file + # Report outcome to console. echo "${col}${res}${std}: $test_name" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/configure.ac new/ykclient-2.15/configure.ac --- old/ykclient-2.14/configure.ac 2015-02-20 09:10:41.000000000 +0100 +++ new/ykclient-2.15/configure.ac 2015-07-05 18:02:07.000000000 +0200 @@ -26,7 +26,7 @@ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -AC_INIT([ykclient], [2.14], [[email protected]]) +AC_INIT([ykclient], [2.15], [[email protected]]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_MACRO_DIR([m4]) @@ -34,9 +34,9 @@ # Interfaces changed/added/removed: CURRENT++ REVISION=0 # Interfaces added: AGE++ # Interfaces removed: AGE=0 -AC_SUBST(LT_CURRENT, 8) -AC_SUBST(LT_REVISION, 4) -AC_SUBST(LT_AGE, 5) +AC_SUBST(LT_CURRENT, 9) +AC_SUBST(LT_REVISION, 0) +AC_SUBST(LT_AGE, 6) AM_INIT_AUTOMAKE([1.11 -Wall -Werror]) AM_SILENT_RULES([yes]) @@ -45,6 +45,7 @@ m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) AM_MISSING_PROG(HELP2MAN, help2man, $missing_dir) +AM_MISSING_PROG(HELP2ADOC, help2adoc, $missing_dir) AC_LIBTOOL_WIN32_DLL AC_PROG_LIBTOOL diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/libykclient.map new/ykclient-2.15/libykclient.map --- old/ykclient-2.14/libykclient.map 2014-06-03 09:12:22.000000000 +0200 +++ new/ykclient-2.15/libykclient.map 2015-11-11 12:54:55.000000000 +0100 @@ -65,3 +65,9 @@ ykclient_set_ca_info; ykclient_set_url_bases; } Base; + +YKCLIENT_2.15 { + global: + ykclient_get_server_response; + ykclient_set_proxy; +} YKCLIENT_2.12; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/tool.c new/ykclient-2.15/tool.c --- old/ykclient-2.14/tool.c 2015-02-20 09:10:56.000000000 +0100 +++ new/ykclient-2.15/tool.c 2015-11-11 12:57:54.000000000 +0100 @@ -53,7 +53,11 @@ " \"http://api.yubico.com/wsapi/verify\"\n"; " --ca CADIR Path to directory containing Certificate Authoritity,\n" " e.g., \"/usr/local/etc/CERTS\"\n" + " --cai CAFILE Path to a file holding one or more certificated to\n" + " verify the peer with\n" " --apikey Key API key for HMAC validation of request/response\n" + " --proxy ip:port Connect to validation service through a proxy,\n" + " e.g., \"socks5h://user:[email protected]:1080\"\n" "\n" "Exit status is 0 on success, 1 if there is a hard failure, 2 if the\n" "OTP was replayed, 3 for other soft OTP-related failures.\n" @@ -64,6 +68,7 @@ {"ca", 1, 0, 'c'}, {"cai", 1, 0, 'i'}, {"apikey", 1, 0, 'a'}, + {"proxy", 1, 0, 'p'}, {"debug", 0, 0, 'd'}, {"help", 0, 0, 'h'}, {"version", 0, 0, 'V'}, @@ -74,7 +79,7 @@ static void parse_args (int argc, char *argv[], unsigned int *client_id, char **token, char **url, char **ca, - char **cai, char **api_key, int *debug) + char **cai, char **api_key, char **proxy, int *debug) { while (1) { @@ -131,6 +136,15 @@ *cai = optarg; break; + case 'p': + if (strlen(optarg) < 1) + { + fprintf (stderr, "error: must give a valid proxy [scheme]://ip:port"); + exit (EXIT_FAILURE); + } + *proxy = optarg; + break; + case 'h': printf ("%s", usage); exit (EXIT_SUCCESS); @@ -172,20 +186,17 @@ main (int argc, char *argv[]) { unsigned int client_id; - char *token, *url = NULL, *ca = NULL, *api_key = NULL, *cai = NULL; + char *token, *url = NULL, *ca = NULL, *api_key = NULL, *cai = NULL, *proxy = NULL; int debug = 0; ykclient_rc ret; ykclient_t *ykc = NULL; - parse_args (argc, argv, &client_id, &token, &url, &ca, &cai, &api_key, + parse_args (argc, argv, &client_id, &token, &url, &ca, &cai, &api_key, &proxy, &debug); - if (ca || cai) - { - ret = ykclient_init (&ykc); - if (ret != YKCLIENT_OK) - return EXIT_FAILURE; - } + ret = ykclient_init (&ykc); + if (ret != YKCLIENT_OK) + return EXIT_FAILURE; if (ca) { @@ -196,6 +207,10 @@ { ykclient_set_ca_info (ykc, cai); } + if (proxy) + { + ykclient_set_proxy (ykc, proxy); + } if (debug) { @@ -210,13 +225,29 @@ fprintf (stderr, " token: %s\n", token); if (api_key != NULL) fprintf (stderr, " api key: %s\n", api_key); + if (proxy != NULL) + fprintf (stderr, "Using proxy: %s\n", proxy); } ret = ykclient_verify_otp_v2 (ykc, token, client_id, NULL, 1, (const char **) &url, api_key); if (debug) - printf ("Verification output (%d): %s\n", ret, ykclient_strerror (ret)); + { + const ykclient_server_response_t *srv_response = ykclient_get_server_response (ykc); + printf ("Response from: %s\n", ykclient_get_last_url (ykc)); + printf ("Verification output (%d): %s\n", ret, ykclient_strerror (ret)); + printf (" otp: %s\n", ykclient_server_response_get (srv_response, "otp")); + printf (" nonce: %s\n", ykclient_server_response_get (srv_response, "nonce")); + printf (" t: %s\n", ykclient_server_response_get (srv_response, "t")); + printf (" timestamp: %s\n", ykclient_server_response_get (srv_response, "timestamp")); + printf (" sessioncounter: %s\n", ykclient_server_response_get (srv_response, "sessioncounter")); + printf (" sessionuse: %s\n", ykclient_server_response_get (srv_response, "sessionuse")); + printf (" sl: %s\n", ykclient_server_response_get (srv_response, "sl")); + printf (" status: %s\n", ykclient_server_response_get (srv_response, "status")); + } + + ykclient_done(&ykc); if (ret == YKCLIENT_REPLAYED_OTP) return 2; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/ykclient.1 new/ykclient-2.15/ykclient.1 --- old/ykclient-2.14/ykclient.1 2015-03-05 13:54:21.000000000 +0100 +++ new/ykclient-2.15/ykclient.1 2015-11-12 09:33:28.000000000 +0100 @@ -1,10 +1,10 @@ -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.44.1. -.TH YKCLIENT "1" "March 2015" "ykclient 2.14" "User Commands" +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.2. +.TH YKCLIENT "1" "November 2015" "ykclient 2.15" "User Commands" .SH NAME ykclient \- YubiCloud One-Time-Password Validation Client .SH SYNOPSIS .B ykclient -[\fIOPTION\fR]... \fICLIENTID YUBIKEYOTP\fR +[\fI\,OPTION\/\fR]... \fI\,CLIENTID YUBIKEYOTP\/\fR .SH DESCRIPTION Validate the YUBIKEYOTP one\-time\-password against the YubiCloud using CLIENTID as the client identifier. @@ -28,8 +28,16 @@ Path to directory containing Certificate Authoritity, e.g., "/usr/local/etc/CERTS" .TP +\fB\-\-cai\fR CAFILE +Path to a file holding one or more certificated to +verify the peer with +.TP \fB\-\-apikey\fR Key API key for HMAC validation of request/response +.TP +\fB\-\-proxy\fR ip:port +Connect to validation service through a proxy, +e.g., "socks5h://user:[email protected]:1080" .PP Exit status is 0 on success, 1 if there is a hard failure, 2 if the OTP was replayed, 3 for other soft OTP\-related failures. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/ykclient.c new/ykclient-2.15/ykclient.c --- old/ykclient-2.14/ykclient.c 2015-02-20 09:10:56.000000000 +0100 +++ new/ykclient-2.15/ykclient.c 2015-11-11 12:57:54.000000000 +0100 @@ -52,6 +52,7 @@ #define ADD_OTP "&otp=" #define ADD_HASH "&h=" #define ADD_ID "?id=" +#define ADD_TS "×tamp=1" #define TEMPLATE_FORMAT_OLD 1 #define TEMPLATE_FORMAT_NEW 2 @@ -60,6 +61,7 @@ { const char *ca_path; const char *ca_info; + const char *proxy; size_t num_templates; char **url_templates; int template_format; @@ -71,6 +73,7 @@ char *nonce; char nonce_supplied; int verify_signature; + ykclient_server_response_t *srv_response; }; struct curl_data @@ -152,6 +155,7 @@ p->ca_path = NULL; p->ca_info = NULL; + p->proxy = NULL; p->key = NULL; p->keylen = 0; @@ -162,6 +166,8 @@ p->nonce = NULL; p->nonce_supplied = 0; + p->srv_response = NULL; + /* * Verification of server signature can only be done if there is * an API key provided @@ -202,6 +208,11 @@ free ((*ykc)->url_templates); } + if ((*ykc)->srv_response) + { + ykclient_server_response_free((*ykc)->srv_response); + } + free ((*ykc)->key_buf); free (*ykc); } @@ -320,6 +331,17 @@ curl_easy_setopt (easy, CURLOPT_CAINFO, ykc->ca_info); } + if (ykc->proxy) + { + /* + * The proxy string may be prefixed with [scheme]://ip:port to specify which kind of proxy is used. + * Valid choices are: socks4://, socks4a://, socks5:// or socks5h:// + * Use socks5h to ask the proxy to do the dns resolving. + * If no scheme or port is specified HTTP proxy port 1080 will be used. + */ + curl_easy_setopt (easy, CURLOPT_PROXY, ykc->proxy); + } + curl_easy_setopt (easy, CURLOPT_WRITEDATA, (void *) data); curl_easy_setopt (easy, CURLOPT_PRIVATE, (void *) data); curl_easy_setopt (easy, CURLOPT_WRITEFUNCTION, curl_callback); @@ -329,6 +351,11 @@ p->easy[p->num_easy] = easy; } + if(p->num_easy == 0) { + ykclient_handle_done (&p); + return YKCLIENT_BAD_INPUT; + } + /* Take this opportunity to allocate the array for expanded URLs */ p->url_exp = malloc (sizeof (char *) * p->num_easy); if (!p->url_exp) @@ -562,6 +589,17 @@ ykc->ca_info = ca_info; } +/** Set the proxy + * + * Must be called before creating handles. + */ +void +ykclient_set_proxy (ykclient_t * ykc, const char *proxy) +{ + ykc->proxy = proxy; +} + + /** Set a single URL template * * @param ykc Yubikey client configuration. @@ -838,7 +876,7 @@ { size_t len = strlen (template) + strlen (encoded_otp) + strlen (ADD_OTP) + - strlen (ADD_ID) + 1; + strlen (ADD_ID) + strlen(ADD_TS) + 1; len += snprintf (NULL, 0, "%d", client_id); if (nonce) @@ -854,12 +892,12 @@ if (nonce) { - snprintf (*url_exp, len, "%s" ADD_ID "%d" ADD_NONCE "%s" ADD_OTP "%s", + snprintf (*url_exp, len, "%s" ADD_ID "%d" ADD_NONCE "%s" ADD_OTP "%s" ADD_TS, template, client_id, nonce, encoded_otp); } else { - snprintf (*url_exp, len, "%s" ADD_ID "%d" ADD_OTP "%s", template, + snprintf (*url_exp, len, "%s" ADD_ID "%d" ADD_OTP "%s" ADD_TS, template, client_id, encoded_otp); } return YKCLIENT_OK; @@ -1162,7 +1200,6 @@ { ykclient_rc out = YKCLIENT_OK; int requests; - ykclient_server_response_t *srv_response = NULL; if (!ykc->num_templates) { @@ -1268,22 +1305,27 @@ curl_easy_getinfo (curl_easy, CURLINFO_EFFECTIVE_URL, &url_used); strncpy (ykc->last_url, url_used, sizeof (ykc->last_url)); - srv_response = ykclient_server_response_init (); - if (srv_response == NULL) + if(ykc->srv_response) + { + ykclient_server_response_free (ykc->srv_response); + } + + ykc->srv_response = ykclient_server_response_init (); + if (ykc->srv_response == NULL) { out = YKCLIENT_PARSE_ERROR; goto finish; } out = ykclient_server_response_parse (data->curl_chunk, - srv_response); + ykc->srv_response); if (out != YKCLIENT_OK) { goto finish; } if (ykc->verify_signature != 0 && - ykclient_server_response_verify_signature (srv_response, + ykclient_server_response_verify_signature (ykc->srv_response, ykc->key, ykc->keylen)) { @@ -1291,7 +1333,7 @@ goto finish; } - status = ykclient_server_response_get (srv_response, "status"); + status = ykclient_server_response_get (ykc->srv_response, "status"); if (!status) { out = YKCLIENT_PARSE_ERROR; @@ -1314,7 +1356,7 @@ if (nonce) { char *server_nonce = - ykclient_server_response_get (srv_response, + ykclient_server_response_get (ykc->srv_response, "nonce"); if (server_nonce == NULL || strcmp (nonce, server_nonce)) { @@ -1323,7 +1365,7 @@ } } - server_otp = ykclient_server_response_get (srv_response, "otp"); + server_otp = ykclient_server_response_get (ykc->srv_response, "otp"); if (server_otp == NULL || strcmp (yubikey, server_otp)) { out = YKCLIENT_HMAC_ERROR; @@ -1337,17 +1379,12 @@ goto finish; } - ykclient_server_response_free (srv_response); - srv_response = NULL; + ykclient_server_response_free (ykc->srv_response); + ykc->srv_response = NULL; } } while (requests); finish: - if (srv_response) - { - ykclient_server_response_free (srv_response); - } - return out; } @@ -1506,3 +1543,11 @@ yubikey_otp, client_id, hexkey, 0, NULL, NULL); } + +/** + * Fetch out server response of last query + */ +const ykclient_server_response_t * +ykclient_get_server_response(ykclient_t *ykc) { + return ykc->srv_response; +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/ykclient.h new/ykclient-2.15/ykclient.h --- old/ykclient-2.14/ykclient.h 2015-02-20 09:09:55.000000000 +0100 +++ new/ykclient-2.15/ykclient.h 2015-11-11 12:54:55.000000000 +0100 @@ -38,6 +38,7 @@ #include <ykclient_errors.h> #include <ykclient_version.h> +#include <ykclient_server_response.h> #ifdef __cplusplus extern "C" @@ -96,6 +97,8 @@ extern void ykclient_set_ca_info (ykclient_t * ykc, const char *ca_info); + extern void ykclient_set_proxy (ykclient_t * ykc, const char *proxy); + /* * Set the nonce. A default nonce is generated in ykclient_init(), but * if you either want to specify your own nonce, or want to remove the @@ -129,6 +132,8 @@ const char **urls, const char *api_key); +/* Fetch out the server response form the last query */ + extern const ykclient_server_response_t *ykclient_get_server_response(ykclient_t *ykc); #ifdef __cplusplus } #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ykclient-2.14/ykclient_version.h new/ykclient-2.15/ykclient_version.h --- old/ykclient-2.14/ykclient_version.h 2015-02-20 09:11:16.000000000 +0100 +++ new/ykclient-2.15/ykclient_version.h 2015-11-12 09:33:10.000000000 +0100 @@ -42,7 +42,7 @@ * version number. Used together with ykclient_check_version() to * verify header file and run-time library consistency. */ -#define YKCLIENT_VERSION_STRING "2.14" +#define YKCLIENT_VERSION_STRING "2.15" /** * YKCLIENT_VERSION_NUMBER @@ -52,7 +52,7 @@ * this symbol will have the value 0x01020300. The last two digits * are only used between public releases, and will otherwise be 00. */ -#define YKCLIENT_VERSION_NUMBER 0x020e00 +#define YKCLIENT_VERSION_NUMBER 0x020f00 /** * YKCLIENT_VERSION_MAJOR @@ -70,7 +70,7 @@ * level of the header file version number. For example, when the * header version is 1.2.3 this symbol will be 2. */ -#define YKCLIENT_VERSION_MINOR 14 +#define YKCLIENT_VERSION_MINOR 15 /** * YKCLIENT_VERSION_PATCH
