debian/0000755000000000000000000000000012216341543007167 5ustar debian/yubikey-val.postinst0000644000000000000000000000154512212301103013222 0ustar #!/bin/sh set -e . /usr/share/debconf/confmodule . /usr/share/dbconfig-common/dpkg/postinst php_cf="/etc/yubico/val/config-db.php" cfg_cf="/etc/yubico/val/config-db.cfg" # PHP include dbc_generate_include_owner="root:www-data" dbc_generate_include_perms="0640" dbc_generate_include=php:$php_cf dbc_go yubikey-val $@ if [ `ykval-export-clients 2>/dev/null|grep -c ','` -eq 0 ]; then #No clients, create one ykval-gen-clients --urandom >/dev/null 2>&1 || true fi if [ -d /etc/apache2/conf.d ] && [ ! -e /etc/apache2/conf.d/yubikey-val.conf ]; then ln -s ../../yubico/val/apache.conf /etc/apache2/conf.d/yubikey-val.conf fi if [ -f /etc/init.d/apache2 ] ; then if [ -x /usr/sbin/invoke-rc.d ]; then invoke-rc.d apache2 reload 3>/dev/null || true else /etc/init.d/apache2 reload 3>/dev/null || true fi fi #DEBHELPER# exit 0 debian/compat0000644000000000000000000000000212212301103010345 0ustar 9 debian/copyright0000644000000000000000000000304412212301103011103 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: yubikey-val Upstream-Contact: ossmaint@yubico.com Source: https://github.com/Yubico/yubikey-val Files: * Copyright: Copyright (c) 2009-2013 Yubico AB License: BSD-2-clause All rights reserved. . Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. . * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. . THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. debian/rules0000755000000000000000000000027512212301103010233 0ustar #!/usr/bin/make -f # -*- makefile -*- override_dh_auto_build: # There is no default 'make' target for this package override_dh_installinit: dh_installinit --name ykval-queue %: dh $@ debian/yubikey-val.postrm0000644000000000000000000000147512212301103012665 0ustar #!/bin/sh set -e if [ -f /usr/share/debconf/confmodule ]; then . /usr/share/debconf/confmodule fi if [ -f /usr/share/dbconfig-common/dpkg/postrm ]; then . /usr/share/dbconfig-common/dpkg/postrm dbc_go yubikey-val $@ fi if [ "$1" = "purge" ]; then #This file is generated in postinst rm -f /etc/yubico/val/config-db.php if which ucf >/dev/null 2>&1; then ucf --purge /etc/yubico/val/config-db.php fi rm -rf /etc/yubico/val fi if [ "$1" = "remove" ] || [ "$1" = "purge" ]; then if [ -L /etc/apache2/conf.d/yubikey-val.conf ]; then rm -f /etc/apache2/conf.d/yubikey-val.conf fi if [ -x /usr/sbin/invoke-rc.d ]; then invoke-rc.d apache2 reload 3>/dev/null || true else /etc/init.d/apache2 reload 3>/dev/null || true fi fi #DEBHELPER# exit 0 debian/yubikey-val.docs0000644000000000000000000000004112212301103012255 0ustar NEWS usr/share/doc/yubikey-val/* debian/yubikey-val.prerm0000644000000000000000000000111712212301103012457 0ustar #!/bin/sh set -e . /usr/share/debconf/confmodule . /usr/share/dbconfig-common/dpkg/prerm dbc_go yubikey-val $@ case "$1" in remove|deconfigure) if [ -x /etc/init.d/ykval-queue ]; then if [ -x /usr/sbin/invoke-rc.d ]; then invoke-rc.d ykval-queue stop else /etc/init.d/ykval-queue stop fi fi ;; upgrade) ;; failed-upgrade) ;; *) echo "prerm called with unknown argument \`$1'" >&2 exit 0 ;; esac #DEBHELPER# exit 0 debian/yubikey-val.install0000644000000000000000000000016512212301103013002 0ustar debian/conf/apache.conf /etc/yubico/val/ debian/conf/dbconfig/* /usr/share/dbconfig-common/data/yubikey-val/install/ debian/README.Debian0000644000000000000000000000143712212301103011215 0ustar yubikey-val for Debian ---------------------- This package contains the YubiKey Validation (YK-VAL) server. Upon installation, a client API Key will be generated if none exists. On a fresh installation it will generally have an ID of 1 and a randomly generated secret key. To view the key, you may use the following command: sudo ykval-export-clients More clients can be generated by using the ykval-gen-clients command. For more information, you may use the man command for both of these commands. The homepage is: http://yubico.github.com/yubikey-val/ Documentation is available from here: https://github.com/Yubico/yubikey-val/wiki/_pages For production use, you may look into setting up the Munin probes as described here: https://github.com/Yubico/yubikey-val/wiki/MuninProbes debian/watch0000644000000000000000000000020612212301103010176 0ustar version=3 http://yubico.github.com/yubikey-val/releases.html .*/yubikey-val-(\d[\d.]*)\.(?:zip|tgz|tbz2|txz|tar\.gz|tar\.bz2|tar\.xz) debian/README.source0000644000000000000000000000157012216341435011351 0ustar We describe here one way to work with the package sources. Initialize cowbuilder: sudo cowbuilder --create --distribution sid --mirror http://http.debian.net/debian --debootstrapopts "--keyring=/usr/share/keyrings/debian-archive-keyring.gpg" --basepath /var/cache/pbuilder/base-debian-sid.cow Optionally update cowbuilder: sudo cowbuilder --update --basepath /var/cache/pbuilder/base-debian-sid.cow Clone the repository: git clone git@github.com:Yubico/yubikey-val-dpkg.git Build the package: git-buildpackage --git-pristine-tar --git-builder="pdebuild --auto-debsign --pbuilder cowbuilder -- --twice --basepath /var/cache/pbuilder/base-debian-sid.cow" If all goes well, you should have newly built packages in /var/cache/pbuilder/result/. Update the package to a new upstream release (don't forget debian/changelog): git-import-orig --pristine-tar /path/to/new-release.tar.gz debian/control0000644000000000000000000000342112216341372010572 0ustar Source: yubikey-val Section: net Priority: extra Maintainer: Debian Authentication Maintainers Uploaders: Simon Josefsson , Klas Lindfors , Dain Nilsson , Tommaso Galassi De Orchi , Daniel Pocock Build-Depends: debhelper (>= 9), po-debconf Standards-Version: 3.9.4 Homepage: https://github.com/Yubico/yubikey-val Vcs-Browser: https://github.com/Yubico/yubikey-val-dpkg Vcs-Git: git://github.com/Yubico/yubikey-val-dpkg.git Package: yubikey-val Architecture: all Depends: ${misc:Depends}, apache2, php5, php5-cli, php5-curl, php-pear, mysql-server | postgresql, php5-mysql | php5-pgsql, dbconfig-common Recommends: mysql-client | postgresql-client Suggests: yubikey-ksm | yhsm-yubikey-ksm Description: One-Time Password (OTP) validation server for YubiKey tokens YubiKeys are USB tokens that act like keyboards and generate one-time passwords. This package contains a server written in PHP for use with Apache to validate YubiKey OTPs. The architecture is that a set of validation servers manage the token counters and respond to OTP requests from clients, and utilize a set of back-end YubiKey Key Storage Module (KSM) servers to perform the actual AES key decryption. The protocols are openly published. There are two implementations of the KSM available: yubikey-ksm (PHP, secrets on disk in database) and yhsm-yubikey-ksm (Python, for use with secrets protected by the YubiHSM hardware). Sometimes the KSM runs on another server than the validation server, but it is possible to run both on the same machine. After installing and configuring this package you will have a YubiKey validation server up and running via Apache. debian/yubikey-val.manpages0000644000000000000000000000000412212301103013117 0ustar *.1 debian/changelog0000644000000000000000000000104112216341413011031 0ustar yubikey-val (2.24-1) unstable; urgency=low * New upstream release. * Improve README.source. * Change my uploader email address. -- Simon Josefsson Wed, 18 Sep 2013 17:12:49 +0200 yubikey-val (2.23-2) unstable; urgency=low [ Dain Nilsson ] * Removed debconf note (closes: #710844). -- Simon Josefsson Thu, 05 Sep 2013 20:20:26 +0200 yubikey-val (2.23-1) unstable; urgency=low * Initial package (closes: #699530). -- Dain Nilsson Wed, 17 Apr 2013 17:29:02 +0200 debian/conf/0000755000000000000000000000000012212301103010074 5ustar debian/conf/apache.conf0000644000000000000000000000110612212301103012162 0ustar # yubikey-val default Apache configuration Alias /wsapi/2.0/verify /usr/share/yubikey-val/ykval-verify.php Alias /wsapi/verify /usr/share/yubikey-val/ykval-verify.php Alias /wsapi/2.0/sync /usr/share/yubikey-val/ykval-sync.php Alias /wsapi/2.0/resync /usr/share/yubikey-val/ykval-resync.php Alias /wsapi/revoke /usr/share/yubikey-val/ykval-revoke.php Options None AllowOverride None Order allow,deny Allow from all php_value include_path ".:/etc/yubico/val:/usr/share/yubikey-val" debian/conf/dbconfig/0000755000000000000000000000000012212301103011647 5ustar debian/conf/dbconfig/mysql0000644000000000000000000000152112212301103012736 0ustar CREATE TABLE IF NOT EXISTS clients ( id INT NOT NULL UNIQUE, active BOOLEAN DEFAULT TRUE, created INT NOT NULL, secret VARCHAR(60) NOT NULL DEFAULT '', email VARCHAR(255), notes VARCHAR(100) DEFAULT '', otp VARCHAR(100) DEFAULT '', PRIMARY KEY (id) ); CREATE TABLE IF NOT EXISTS yubikeys ( active BOOLEAN DEFAULT TRUE, created INT NOT NULL, modified INT NOT NULL, yk_publicname VARCHAR(16) UNIQUE NOT NULL, yk_counter INT NOT NULL, yk_use INT NOT NULL, yk_low INT NOT NULL, yk_high INT NOT NULL, nonce VARCHAR(40) DEFAULT '', notes VARCHAR(100) DEFAULT '', PRIMARY KEY (yk_publicname) ); CREATE TABLE IF NOT EXISTS queue ( queued INT DEFAULT NULL, modified INT DEFAULT NULL, server_nonce VARCHAR(32) NOT NULL, otp VARCHAR(100) NOT NULL, server VARCHAR(100) NOT NULL, info VARCHAR(256) NOT NULL ); debian/conf/dbconfig/postgresql0000644000000000000000000000144712212301103014003 0ustar CREATE TABLE clients ( id INT NOT NULL UNIQUE, active BOOLEAN DEFAULT TRUE, created INT NOT NULL, secret VARCHAR(60) NOT NULL DEFAULT '', email VARCHAR(255), notes VARCHAR(100) DEFAULT '', otp VARCHAR(100) DEFAULT '', PRIMARY KEY (id) ); CREATE TABLE yubikeys ( active BOOLEAN DEFAULT TRUE, created INT NOT NULL, modified INT NOT NULL, yk_publicname VARCHAR(16) UNIQUE NOT NULL, yk_counter INT NOT NULL, yk_use INT NOT NULL, yk_low INT NOT NULL, yk_high INT NOT NULL, nonce VARCHAR(40) DEFAULT '', notes VARCHAR(100) DEFAULT '', PRIMARY KEY (yk_publicname) ); CREATE TABLE queue ( queued INT DEFAULT NULL, modified INT DEFAULT NULL, server_nonce VARCHAR(32) NOT NULL, otp VARCHAR(100) NOT NULL, server VARCHAR(100) NOT NULL, info VARCHAR(256) NOT NULL ); debian/yubikey-val.config0000755000000000000000000000120312212301103012576 0ustar #!/bin/sh set -e # source debconf stuff . /usr/share/debconf/confmodule if [ -f /usr/share/dbconfig-common/dpkg/config ]; then # we support mysql and pgsql dbc_dbtypes="mysql, pgsql" dbc_dbname="ykval" dbc_dbuser="ykval_verifier" # source dbconfig-common stuff . /usr/share/dbconfig-common/dpkg/config dbc_go yubikey-val $@ fi if [ "$1" = "reconfigure" ] && [ `ykval-export-clients 2>/dev/null|grep -c ','` -eq 0 ]; then #No clients, create one if `ykval-gen-clients --urandom >/dev/null 2>&1`; then db_input high yubikey-val/initial-client || true db_go fi fi #DEBHELPER# exit 0 debian/source/0000755000000000000000000000000012212301103010447 5ustar debian/source/format0000644000000000000000000000001412212301103011655 0ustar 3.0 (quilt) debian/yubikey-val.ykval-queue.init0000644000000000000000000000463712212301103014556 0ustar #!/bin/sh ### BEGIN INIT INFO # Provides: ykval-queue # Required-Start: $local_fs $remote_fs $network # Required-Stop: $local_fs $remote_fs $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Sync daemon for yubikey-val. # Description: # <...> # <...> ### END INIT INFO # Author: Dain Nilsson # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="yubikey-val sync daemon" NAME=ykval-queue DAEMON=/usr/sbin/ykval-queue DAEMON_ARGS="" PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME RUN_AS_USER=www-data # Exit if the package is not installed [ -x $DAEMON ] || exit 0 # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh # Define LSB log_* functions. # Depend on lsb-base (>= 3.0-6) to ensure that this file is present. . /lib/lsb/init-functions set -e # # Function that starts the daemon/service # do_start() { #Test manually and exit if running status_of_proc "$DAEMON" "$NAME" >/dev/null 2>&1 && exit 0 start-stop-daemon --start --quiet --background --chuid $RUN_AS_USER --make-pidfile --pidfile $PIDFILE --exec $DAEMON -- \ $DAEMON_ARGS } # # Function that stops the daemon/service # do_stop() { start-stop-daemon --stop --quiet --oknodo --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME rm -f $PIDFILE } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; status) status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? ;; restart|force-reload) log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) log_end_msg 1 ;; esac ;; *) echo "Usage: $SCRIPTNAME {start|stop|status|restart}" >&2 exit 3 ;; esac :