diff options
| author | b1galez <b1galez@fbcee277-3294-991b-8290-beb7048acdd6> | 2010-12-03 12:48:30 +0000 |
|---|---|---|
| committer | b1galez <b1galez@fbcee277-3294-991b-8290-beb7048acdd6> | 2010-12-03 12:48:30 +0000 |
| commit | 9bf083cb245cf2f06d2bb7ab48cfe7dfef591eb1 (patch) | |
| tree | 32b06380a1a39d722fa903f4557fb012f690f5a0 | |
| parent | git-svn-id: http://yubico-yubiserve.googlecode.com/svn/trunk@17 fbcee277-3294... (diff) | |
| download | yubico-yubiserve-9bf083cb245cf2f06d2bb7ab48cfe7dfef591eb1.tar.gz yubico-yubiserve-9bf083cb245cf2f06d2bb7ab48cfe7dfef591eb1.tar.bz2 yubico-yubiserve-9bf083cb245cf2f06d2bb7ab48cfe7dfef591eb1.zip | |
Modified yubiserve.py to fix issue 1.
git-svn-id: http://yubico-yubiserve.googlecode.com/svn/trunk@18 fbcee277-3294-991b-8290-beb7048acdd6
| -rwxr-xr-x | yubiserve.py | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/yubiserve.py b/yubiserve.py index a18d6dd..ed95997 100755 --- a/yubiserve.py +++ b/yubiserve.py @@ -171,8 +171,10 @@ class Yubiserve (BaseHTTPServer.BaseHTTPRequestHandler): iso_time = time.strftime("%Y-%m-%dT%H:%M:%S") try: result = 't=' + iso_time + '\r\notp=' + getData['otp'] + '\r\nnonce=' + getData['nonce'] + '\r\nsl=100\r\nstatus=' + [k for k, v in otpvalidation.status.iteritems() if v == validation][0] + '\r\n' + orderedResult = 'nonce=' + getData['nonce'] + '&otp=' + getData['otp'] + '&sl=100&status=' + [k for k, v in otpvalidation.status.iteritems() if v == validation][0] + '&t=' + iso_time except KeyError: result = 't=' + iso_time + '\r\notp=' + getData['otp'] + '\r\nnonce=\r\nsl=100\r\nstatus=' + [k for k, v in otpvalidation.status.iteritems() if v == validation][0] + '\r\n' + orderedResult = 'nonce=&otp=' + getData['otp'] + 'sl=100&status=' + [k for k, v in otpvalidation.status.iteritems() if v == validation][0] + '&t=' + iso_time otp_hmac = '' try: if (getData['id'] != None): @@ -182,7 +184,7 @@ class Yubiserve (BaseHTTPServer.BaseHTTPRequestHandler): cur.execute("SELECT secret from apikeys WHERE id = '" + apiID + "'") if cur.rowcount != 0: api_key = cur.fetchone()[0] - otp_hmac = hmac.new(api_key.decode('base64'), msg=result, digestmod=hashlib.sha1).hexdigest().decode('hex').encode('base64').strip() + otp_hmac = hmac.new(api_key, msg=orderedResult, digestmod=hashlib.sha1).hexdigest().decode('hex').encode('base64').strip() else: result = 't=' + iso_time + '\r\notp=' + getData['otp'] + '\r\nstatus=NO_CLIENT\r\n' except KeyError: @@ -195,10 +197,8 @@ class Yubiserve (BaseHTTPServer.BaseHTTPRequestHandler): self.send_header('Content-type', 'text/plain') self.end_headers() iso_time = time.strftime("%Y-%m-%dT%H:%M:%S") - try: - result = 't=' + iso_time + '\r\notp=\r\nnonce=\r\nstatus=MISSING_PARAMETER\r\n' - except KeyError: - result = 't=' + iso_time + '\r\notp=\r\nnonce=\r\nstatus=MISSING_PARAMETER\r\n' + result = 't=' + iso_time + '\r\notp=\r\nnonce=\r\nstatus=MISSING_PARAMETER\r\n' + orderedResult = 'nonce=&otp=&status=MISSING_PARAMETER&t=' + iso_time otp_hmac = '' try: if (getData['id'] != None): @@ -208,7 +208,7 @@ class Yubiserve (BaseHTTPServer.BaseHTTPRequestHandler): cur.execute("SELECT secret from apikeys WHERE id = '" + apiID + "'") if cur.rowcount != 0: api_key = cur.fetchone()[0] - otp_hmac = hmac.new(api_key.decode('base64'), msg=result, digestmod=hashlib.sha1).hexdigest().decode('hex').encode('base64').strip() + otp_hmac = hmac.new(api_key, msg=orderedResult, digestmod=hashlib.sha1).hexdigest().decode('hex').encode('base64').strip() except KeyError: pass self.wfile.write('h=' + otp_hmac + '\r\n' + result + '\r\n') @@ -243,12 +243,12 @@ class Yubiserve (BaseHTTPServer.BaseHTTPRequestHandler): cur.execute("SELECT secret from apikeys WHERE id = '" + apiID + "'") if cur.rowcount != 0: api_key = cur.fetchone()[0] - otp_hmac = hmac.new(api_key.decode('base64'), msg=result, digestmod=hashlib.sha1).hexdigest().decode('hex').encode('base64').strip() + otp_hmac = hmac.new(api_key, msg=result, digestmod=hashlib.sha1).hexdigest().decode('hex').encode('base64').strip() else: result = 'otp=' + getData['otp'] + '\r\nstatus=NO_CLIENT\r\nt=' + iso_time except KeyError: pass - self.wfile.write(result + '\nh=' + otp_hmac) + self.wfile.write(result + '\r\nh=' + otp_hmac) return else: self.send_response(200) @@ -265,10 +265,10 @@ class Yubiserve (BaseHTTPServer.BaseHTTPRequestHandler): cur.execute("SELECT secret from apikeys WHERE id = '" + apiID + "'") if cur.rowcount != 0: api_key = cur.fetchone()[0] - otp_hmac = hmac.new(api_key.decode('base64'), msg=result, digestmod=hashlib.sha1).hexdigest().decode('hex').encode('base64').strip() + otp_hmac = hmac.new(api_key, msg=result, digestmod=hashlib.sha1).hexdigest().decode('hex').encode('base64').strip() except KeyError: pass - self.wfile.write('h=' + otp_hmac + '\n' + result) + self.wfile.write('h=' + otp_hmac + '\r\n' + result) return except KeyError: pass @@ -286,10 +286,10 @@ class Yubiserve (BaseHTTPServer.BaseHTTPRequestHandler): cur.execute("SELECT secret from apikeys WHERE id = '" + apiID + "'") if cur.rowcount != 0: api_key = cur.fetchone()[0] - otp_hmac = hmac.new(api_key.decode('base64'), msg=result, digestmod=hashlib.sha1).hexdigest().decode('hex').encode('base64').strip() + otp_hmac = hmac.new(api_key, msg=result, digestmod=hashlib.sha1).hexdigest().decode('hex').encode('base64').strip() except KeyError: pass - self.wfile.write('h=' + otp_hmac + '\n' + result) + self.wfile.write('h=' + otp_hmac + '\r\n' + result) return do_HEAD = do_GET do_PUT = do_GET |