YubikeyManagement.php
author Dan Fuhry <dan@enanocms.org>
Wed, 11 Jan 2017 13:02:34 +0000
changeset 12 31387f4022e5
parent 11 b9eb748ac1e4
permissions -rw-r--r--
Tolerate up to 0.5Hz difference in OTP timestamps I've received complaints of OTP validation failures during the trial rollout at Datto. I dumped a few OTPs along with the times of validation and found that the user's Yubikey was running its oscillator at 8.32Hz. This commit adds tolerance for up to 0.5Hz of variation to the OTP's timestamp field.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
     1
<?php
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
     2
/**!info**
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
     3
{
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
     4
  "Plugin Name"  : "Yubikey management service",
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
     5
  "Plugin URI"   : "http://enanocms.org/plugin/yubikey-yms",
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
     6
  "Description"  : "Adds the ability for Enano to act as a Yubikey authentication provider. The Yubikey authentication plugin is a prerequisite.",
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
     7
  "Author"       : "Dan Fuhry",
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
     8
  "Version"      : "0.1",
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
     9
  "Author URI"   : "http://enanocms.org/"
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    10
}
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    11
**!*/
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    12
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    13
$plugins->attachHook('session_started', 'yms_add_special_pages();');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    14
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    15
function yms_add_special_pages()
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    16
{
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    17
  global $lang;
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    18
  
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    19
  register_special_page('YMS', 'yms_specialpage_yms');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    20
  register_special_page('YMSCreateClient', 'yms_specialpage_register');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    21
  register_special_page('YubikeyValidate', 'yms_specialpage_validate');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    22
}
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    23
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    24
define('YMS_DISABLED', 0);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    25
define('YMS_ENABLED', 1);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    26
define('YMS_ANY_CLIENT', 2);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    27
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    28
define('YMS_INSTALLED', 1);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    29
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    30
require(ENANO_ROOT . '/plugins/yms/yms.php');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    31
require(ENANO_ROOT . '/plugins/yms/libotp.php');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    32
require(ENANO_ROOT . '/plugins/yms/transcode.php');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    33
require(ENANO_ROOT . '/plugins/yms/backend.php');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    34
require(ENANO_ROOT . '/plugins/yms/validate.php');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    35
require(ENANO_ROOT . '/plugins/yms/validate-functions.php');
3
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
    36
require(ENANO_ROOT . '/plugins/yms/admincp.php');
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    37
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    38
/**!language**
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    39
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    40
The following text up to the closing comment tag is JSON language data.
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    41
It is not PHP code but your editor or IDE may highlight it as such. This
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    42
data is imported when the plugin is loaded for the first time; it provides
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    43
the strings displayed by this plugin's interface.
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    44
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    45
You should copy and paste this block when you create your own plugins so
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    46
that these comments and the basic structure of the language data is
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    47
preserved. All language data is in the same format as the Enano core
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    48
language files in the /language/* directories. See the Enano Localization
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    49
Guide and Enano API Documentation for further information on the format of
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    50
language files.
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    51
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    52
The exception in plugin language file format is that multiple languages
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    53
may be specified in the language block. This should be done by way of making
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    54
the top-level elements each a JSON language object, with elements named
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    55
according to the ISO-639-1 language they are representing. The path should be:
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    56
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    57
  root => language ID => categories array, ( strings object => category \
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    58
  objects => strings )
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    59
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    60
All text leading up to first curly brace is stripped by the parser; using
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    61
a code tag makes jEdit and other editors do automatic indentation and
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    62
syntax highlighting on the language data. The use of the code tag is not
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    63
necessary; it is only included as a tool for development.
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    64
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    65
<code>
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    66
{
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    67
  // english
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    68
  eng: {
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    69
    categories: [ 'meta', 'yms' ],
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    70
    strings: {
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    71
      meta: {
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    72
        yms: 'Yubikey management system'
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    73
      },
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    74
      yms: {
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    75
        specialpage_yms: 'Yubikey manager',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    76
        specialpage_register: 'Register YMS client',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    77
        specialpage_validate: 'Yubikey validation API',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    78
        err_yubikey_plugin_missing_title: 'Yubikey plugin not found',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    79
        err_yubikey_plugin_missing_body: 'The Yubikey YMS cannot load because the Enano <a href="http://enanocms.org/plugin/yubikey">Yubikey authentication plugin</a> is not installed. Please ask your administrator to install it.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    80
        err_client_exists_title: 'Client already exists',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    81
        err_client_exists_body: 'You cannot register another YMS client using this same user account.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    82
        register_confirm_title: 'Enable your account for Yubikey authentication',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    83
        register_confirm_body: 'As a Yubikey authentication client, you gain the ability to manage multiple Yubikeys and tie them to your own organization. It also lets you retrieve secret AES keys for tokens, register new or reprogrammed keys, validate Yubikey OTPs using your own API key, and deactivate keys in case of a compromise. Do you want to enable your account for Yubikey management?',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    84
        register_btn_submit: 'Create YMS client',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    85
        
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    86
        register_msg_success_title: 'Congratulations! Your account is now enabled for YMS access.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    87
        register_msg_success_body: '<p>You can now go to the <a href="%yms_link|htmlsafe%">YMS admin panel</a> and add your Yubikeys. Your client ID and API key are below:</p>
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    88
                                      <p class="yms-copypara">Client ID: <span class="yms-copyfield">%client_id%</span><br />
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    89
                                         API key: <span class="yms-copyfield">%api_key%</span><br />
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    90
                                         Validation API URL: <span class="yms-copyfield">%validate_url%</span></p>
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    91
                                    <p><b>Remember to secure your user account!</b> Your Enano login is used to administer your YMS account. For maximum security, use the Yubikey Settings page of the User Control Panel to require both a password and a Yubikey OTP to log in.</p>',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    92
        msg_no_yubikeys: 'No Yubikeys found',
4
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
    93
        msg_editing_zero: '<b>Notice:</b> You are currently viewing the YMS profile for Client ID 0, the pool of claimable keys. By default, anybody can validate or claim these Yubikeys, but you can prevent validation of these keys by marking them inactive here. All key settings such as lifecycle state and notes are reset when a user claims a key here.',
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    94
        btn_add_key: 'Add Yubikey',
11
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
    95
        btn_add_batch: 'Batch upload Yubikeys',
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    96
        btn_add_key_preregistered: 'Claim a New Key',
4
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
    97
        btn_switch_to_zero: 'Edit claimable pool',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
    98
        btn_switch_from_zero: 'Switch back to my client',
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    99
        state_active: 'Active',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   100
        state_inactive: 'Inactive',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   101
        
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   102
        th_id: 'ID#',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   103
        th_publicid: 'OTP prefix',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   104
        th_createtime: 'Created',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   105
        th_accesstime: 'Last accessed',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   106
        th_state: 'Lifecycle state',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   107
        th_note: 'Note',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   108
        
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   109
        msg_access_never: 'Never',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   110
        
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   111
        // Add key interface
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   112
        lbl_addkey_heading: 'Register Yubikey',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   113
        lbl_addkey_desc: 'Register a Yubikey that you programmed yourself in YMS to enable validation of OTPs from that key against this server.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   114
        lbl_addkey_field_secret: 'AES secret key:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   115
        lbl_addkey_field_secret_hint: 'Input in ModHex, hex, or base-64. The format will be detected automatically.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   116
        lbl_addkey_field_otp: 'Enter an OTP from this Yubikey:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   117
        lbl_addkey_field_notes: 'Notes about this key:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   118
        lbl_addkey_field_state: 'Lifecycle state:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   119
        lbl_addkey_field_any_client_name: 'Allow validation by any client:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   120
        lbl_addkey_field_any_client_hint: 'If unchecked, OTPs from this Yubikey can only be verified by someone using your client ID. Check this if you plan to use this Yubikey on websites you don\'t control.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   121
        lbl_addkey_field_any_client: 'Other clients can validate OTPs from this key',
4
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   122
        lbl_addkey_field_allow_claim_name: 'Place key in claimable pool:',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   123
        lbl_addkey_field_allow_claim_hint: 'After this key is added, YMS will release your ownership of this key so that other users may claim it.',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   124
        lbl_addkey_field_allow_claim: 'Release this key and allow others to claim it',
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   125
        btn_addkey_submit: 'Register key',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   126
        msg_addkey_success: 'This key has been successfully registered.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   127
        
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   128
        err_addkey_crc_failed: 'The CRC check on the OTP failed. This usually means that your AES key is wrong or could not be properly interpreted.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   129
        err_addkey_invalid_key: 'There was an error decoding your AES secret key. Please enter a 128-bit hex, ModHex, or base-64 value.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   130
        err_addkey_invalid_otp: 'The OTP from the Yubikey is invalid.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   131
        err_addkey_key_exists: 'This Yubikey is already registered on this server.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   132
        
11
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   133
        // Batch add key interface
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   134
        lbl_add_batch_heading: 'Batch upload new Yubikeys',
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   135
        lbl_add_batch_desc: '<p>Using this form you can upload a CSV file containing any number of new Yubikeys to add.</p>
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   136
                             <p>Binary columns may be in either hexadecimal or ModHex format. If the format is ambiguous, hexadecimal will be assumed.</p>
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   137
                             <p>The header for the CSV must specify which columns are included. See below:</p>
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   138
                             <ul>
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   139
                               <li><tt>aes_secret</tt> <strong>(required)</strong> Binary - the AES secret key that encrypts the data portion of OTPs.</li>
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   140
                               <li><tt>otp</tt> <em>(optional)</em> ModHex - a single sample OTP from the key - if provided, all values below will be derived from the sample OTP.</li>
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   141
                               <li><tt>public_id</tt> <strong>(required if <tt>otp</tt> is not present)</strong> Binary - the public identifier of the key.</li>
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   142
                               <li><tt>private_id</tt> <strong>(required if <tt>otp</tt> is not present)</strong> Binary - the private identifier of the key, used as an integrity check inside the encrypted portion of the OTP.</li>
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   143
                               <li><tt>session_count</tt> <em>(optional)</em> Integer - the number of times the Yubikey has been plugged in. Defaults to zero.</li>
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   144
                               <li><tt>token_count</tt> <em>(optional)</em> Integer - the number of OTPs generated since this Yubikey was plugged in. Defaults to zero.</li>
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   145
                               <li><tt>token_time</tt> <em>(optional)</em> Integer - the 24 bit 8Hz internal timer value of the Yubikey.</li>
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   146
                               <li><tt>lifecycle_state</tt> <em>(optional)</em> String with the value "active" or "inactive". Defaults to "active".</li>
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   147
                               <li><tt>access</tt> <em>(optional)</em> Who can validate OTPs generated by this Yubikey - just your client ("restricted") or anyone ("global"). Defaults to "restricted".</li>
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   148
                               <li><tt>notes</tt> <em>(optional)</em> Textual notes for this Yubikey</li>
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   149
                             </ul>',
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   150
        lbl_add_batch_field_csv: 'Paste CSV:',
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   151
        lbl_add_batch_field_csv_hint: 'See the format documentation above.',
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   152
        btn_add_batch_submit: 'Register Yubikeys',
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   153
        
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   154
        err_add_batch_missing_aes_key: 'Column "aes_secret" is missing.',
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   155
        err_add_batch_missing_id: 'You must provide either the "otp" column or "public_id" and "private_id".',
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   156
        
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   157
        lbl_add_batch_success_head: 'CSV processed successfully.',
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   158
        err_add_batch_success: 'Line %line%, public ID %public_id%: success',
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   159
        err_add_batch_bad_row_count: 'Line %line%: Missing or extra columns',
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   160
        err_add_batch_aes_secret: 'Line %line%: AES key must be 16 bytes binary',
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   161
        err_add_batch_bad_otp: 'Line %line%: Failed to decode OTP',
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   162
        err_add_batch_bad_public_id: 'Line %line%: Public ID must be 6 bytes binary',
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   163
        err_add_batch_bad_lifecycle_state: 'Line %line%: Lifecycle state must be "active" or "inactive"',
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   164
        err_add_batch_bad_access: 'Line %line%: Access must be "global" or "restricted"',
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   165
        err_add_batch_duplicate: 'Line %line%, public ID %public_id%: Duplicate Yubikey, this key is already registered in the system',
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   166
        err_add_batch_query: 'Line %line%, public ID %public_id%: SQL error: %error%',
b9eb748ac1e4 Add CSV based batch Yubikey registration
Dan Fuhry <dan@enanocms.org>
parents: 8
diff changeset
   167
        
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   168
        // Claim key interface
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   169
        lbl_claimkey_heading: 'Claim Yubikey',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   170
        lbl_claimkey_desc: 'Attach a key you have not reprogrammed to your YMS account, so that you can see its AES secret key and keep track of it.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   171
        lbl_claimkey_field_otp: 'Enter an OTP from this Yubikey:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   172
        lbl_custom_hint: 'For your security, this is used to validate your ownership of this Yubikey.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   173
        
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   174
        // AES key view interface
4
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   175
        showaes_heading_main: 'View AES key and counters',
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   176
        showaes_th: 'AES secret key for key %public_id%',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   177
        showaes_lbl_hex: 'Hex:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   178
        showaes_lbl_modhex: 'ModHex:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   179
        showaes_lbl_base64: 'Base64:',
4
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   180
        showaes_th_counter: 'Counters',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   181
        showaes_field_session_count: 'Session count:',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   182
        showaes_field_session_count_hint: 'Incremented by 1 each time you insert this Yubikey into a USB port.',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   183
        showaes_field_otp_count: 'OTP count:',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   184
        showaes_field_otp_count_hint: 'Incremented by 1 each time you press the button on the Yubikey; reset when the Yubikey is plugged in.',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   185
        
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   186
        err_expected_int: 'Expected an integer',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   187
        msg_counter_update_success: 'The counters for this Yubikey have been updated.',
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   188
        
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   189
        // API key view interface
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   190
        th_client_id: 'Client ID',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   191
        lbl_client_id: 'Client ID:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   192
        th_api_key: 'API key',
6
c1b4f69c187e Added validation URL to client info page
Dan
parents: 4
diff changeset
   193
        lbl_validate_url: 'Validation API URL:',
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   194
        
2
bbdd428926b9 Added key deletion.
Dan
parents: 0
diff changeset
   195
        // Deletion interface
bbdd428926b9 Added key deletion.
Dan
parents: 0
diff changeset
   196
        msg_delete_confirm: 'Are you sure you want to delete this Yubikey?',
bbdd428926b9 Added key deletion.
Dan
parents: 0
diff changeset
   197
        err_delete_not_found: 'That Yubikey was not found, or it is not yours to delete.',
bbdd428926b9 Added key deletion.
Dan
parents: 0
diff changeset
   198
        msg_delete_success: 'The selected Yubikey has been deleted successfully.',
bbdd428926b9 Added key deletion.
Dan
parents: 0
diff changeset
   199
        
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   200
        // Binary format converter
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   201
        th_converted_value: 'Converted value',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   202
        conv_err_invalid_string: 'The string was invalid or you entered did not match the format you selected.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   203
        th_converter: 'Convert binary formats',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   204
        conv_lbl_value: 'Value to convert:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   205
        conv_lbl_format: 'Current encoding:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   206
        conv_lbl_format_auto: 'Auto-detect',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   207
        conv_lbl_format_hex: 'Hexadecimal',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   208
        conv_lbl_format_modhex: 'ModHex',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   209
        conv_lbl_format_base64: 'Base-64',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   210
        conv_btn_submit: 'Convert',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   211
        
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   212
        // Key list
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   213
        btn_note_view: 'View or edit note',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   214
        btn_note_create: 'No note; click to create',
2
bbdd428926b9 Added key deletion.
Dan
parents: 0
diff changeset
   215
        btn_delete_key: 'Delete key',
4
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   216
        btn_show_aes: 'AES secret and counter information',
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   217
        btn_show_converter: 'Binary encoding converter',
3
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   218
        btn_show_client_info: 'View client info',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   219
        
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   220
        // ADMIN
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   221
        acp_title: 'Yubikey Management Server',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   222
        acp_heading_main: 'YMS configuration',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   223
        acp_th_main: 'Yubikey Management Server options',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   224
        acp_field_require_reauth_title: 'Require re-authentication to access YMS interface:',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   225
        acp_field_require_reauth_hint: 'This can be redundant and unnecessary if the sole purpose of your Enano installation is for YMS purposes.',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   226
        acp_field_require_reauth: 'YMS pages require re-authentication',
4
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   227
        acp_field_claim_enable_title: 'Allow users to claim Yubikeys:',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   228
        acp_field_claim_enable_hint: 'If you plan to program your own Yubikeys and give them to others, enable this to allow them to create YMS accounts and "claim" the keys so they can see AES secrets and control settings on their keys.<br />
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   229
                                      If you enable this, all Administrators will see an option when adding a new key to put it into the pool of unclaimed keys.<br />
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   230
                                      To claim a Yubikey, YMS requires users to enter a valid OTP, and optionally, an additional field you may configure below.',
8
be4a5f24bb29 Add support for freezing the YMS client ID
Dan Fuhry <dan@enanocms.org>
parents: 7
diff changeset
   231
		acp_field_force_client_id_title: 'Shared client ID:',
be4a5f24bb29 Add support for freezing the YMS client ID
Dan Fuhry <dan@enanocms.org>
parents: 7
diff changeset
   232
		acp_field_force_client_id_hint: 'If set, all Yubikeys will be registered to the same underlying client account. This allows everyone on the site to manage a single pool of Yubikeys using different accounts.',
4
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   233
        acp_field_claim_enable: 'Enable the claim system',
3
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   234
        acp_field_claimauth_enable_title: 'Use external authentication when claiming Yubikeys:',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   235
        acp_field_claimauth_enable_hint: 'This allows you to require an additional value - for example, the receipt number from the user\'s Yubikey order - when Yubikeys are claimed.',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   236
        acp_field_claimauth_enable: 'Require additional field to claim a Yubikey',
7
3db638306413 Fixed claimauth strings
Dan Fuhry <dan@enanocms.org>
parents: 6
diff changeset
   237
        acp_field_claimauth_title: 'Name of the field:',
3db638306413 Fixed claimauth strings
Dan Fuhry <dan@enanocms.org>
parents: 6
diff changeset
   238
        acp_field_claimauth_title_hint: 'The label of the field the user sees when they are prompted. Example: "Receipt number"',
3
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   239
        acp_field_claimauth_url_title: 'URL to claim authentication server:',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   240
        acp_field_claimauth_url_hint: 'The following variables will be applied:
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   241
                                       <ul>
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   242
                                         <li>%c = The value the user entered in your custom field</li>
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   243
                                         <li>%o = The Yubikey OTP from the form</li>
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   244
                                         <li>%h = The HMAC signature of the request</li>
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   245
                                       </ul>
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   246
                                       This authentication uses the same protocol as other Yubikey authentication servers. See the <a href="http://enanocms.org/plugin/yms" onclick="window.opeh(this.href); return false;">YMS plugin page on enanocms.org</a> for information on how to write an authentication server.<br />
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   247
                                       <b>Example URL:</b> <tt>http://10.4.27.3/wsapi/validateclaim?id=1&amp;tid=%c&amp;otp=%o&amp;h=%h</tt>',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   248
        acp_field_claimauth_key_title: 'API key for authentication server:',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   249
        acp_field_claimauth_key_hint: 'If provided, YMS will sign the requests it makes to your authentication server. Leave blank to disable signature support.',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   250
        
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   251
        acp_msg_saved: 'Your changes to the YMS configuration have been saved.',
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   252
      }
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   253
    }
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   254
  }
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   255
}
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   256
</code>
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   257
**!*/
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   258
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   259
/**!install dbms="mysql"; **
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   260
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   261
CREATE TABLE {{TABLE_PREFIX}}yms_clients(
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   262
  id int(12) NOT NULL DEFAULT 0,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   263
  apikey varchar(40) NOT NULL,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   264
  PRIMARY KEY ( id )
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   265
);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   266
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   267
CREATE TABLE {{TABLE_PREFIX}}yms_yubikeys(
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   268
  id int(12) NOT NULL auto_increment,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   269
  client_id int(12) NOT NULL DEFAULT 0,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   270
  public_id varchar(12) NOT NULL DEFAULT '000000000000',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   271
  private_id varchar(12) NOT NULL DEFAULT '000000000000',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   272
  session_count int(8) NOT NULL DEFAULT 0,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   273
  token_count int(8) NOT NULL DEFAULT 0,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   274
  create_time int(12) NOT NULL DEFAULT 0,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   275
  access_time int(12) NOT NULL DEFAULT 0,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   276
  token_time int(12) NOT NULL DEFAULT 0,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   277
  aes_secret varchar(40) NOT NULL DEFAULT '00000000000000000000000000000000',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   278
  flags int(8) NOT NULL DEFAULT 1,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   279
  notes text,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   280
  PRIMARY KEY (id)
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   281
);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   282
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   283
**!*/
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   284