YubikeyManagement.php
author Dan Fuhry <dan@enanocms.org>
Mon, 24 Nov 2014 15:11:44 -0500 (2014-11-24)
changeset 8 be4a5f24bb29
parent 7 3db638306413
child 11 b9eb748ac1e4
permissions -rw-r--r--
Add support for freezing the YMS client ID
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
     1
<?php
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
     2
/**!info**
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
     3
{
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
     4
  "Plugin Name"  : "Yubikey management service",
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
     5
  "Plugin URI"   : "http://enanocms.org/plugin/yubikey-yms",
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
     6
  "Description"  : "Adds the ability for Enano to act as a Yubikey authentication provider. The Yubikey authentication plugin is a prerequisite.",
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
     7
  "Author"       : "Dan Fuhry",
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
     8
  "Version"      : "0.1",
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
     9
  "Author URI"   : "http://enanocms.org/"
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    10
}
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    11
**!*/
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    12
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    13
$plugins->attachHook('session_started', 'yms_add_special_pages();');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    14
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    15
function yms_add_special_pages()
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    16
{
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    17
  global $lang;
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    18
  
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    19
  register_special_page('YMS', 'yms_specialpage_yms');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    20
  register_special_page('YMSCreateClient', 'yms_specialpage_register');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    21
  register_special_page('YubikeyValidate', 'yms_specialpage_validate');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    22
}
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    23
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    24
define('YMS_DISABLED', 0);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    25
define('YMS_ENABLED', 1);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    26
define('YMS_ANY_CLIENT', 2);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    27
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    28
define('YMS_INSTALLED', 1);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    29
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    30
require(ENANO_ROOT . '/plugins/yms/yms.php');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    31
require(ENANO_ROOT . '/plugins/yms/libotp.php');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    32
require(ENANO_ROOT . '/plugins/yms/transcode.php');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    33
require(ENANO_ROOT . '/plugins/yms/backend.php');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    34
require(ENANO_ROOT . '/plugins/yms/validate.php');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    35
require(ENANO_ROOT . '/plugins/yms/validate-functions.php');
3
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
    36
require(ENANO_ROOT . '/plugins/yms/admincp.php');
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    37
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    38
/**!language**
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    39
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    40
The following text up to the closing comment tag is JSON language data.
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    41
It is not PHP code but your editor or IDE may highlight it as such. This
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    42
data is imported when the plugin is loaded for the first time; it provides
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    43
the strings displayed by this plugin's interface.
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    44
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    45
You should copy and paste this block when you create your own plugins so
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    46
that these comments and the basic structure of the language data is
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    47
preserved. All language data is in the same format as the Enano core
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    48
language files in the /language/* directories. See the Enano Localization
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    49
Guide and Enano API Documentation for further information on the format of
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    50
language files.
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    51
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    52
The exception in plugin language file format is that multiple languages
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    53
may be specified in the language block. This should be done by way of making
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    54
the top-level elements each a JSON language object, with elements named
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    55
according to the ISO-639-1 language they are representing. The path should be:
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    56
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    57
  root => language ID => categories array, ( strings object => category \
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    58
  objects => strings )
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    59
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    60
All text leading up to first curly brace is stripped by the parser; using
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    61
a code tag makes jEdit and other editors do automatic indentation and
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    62
syntax highlighting on the language data. The use of the code tag is not
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    63
necessary; it is only included as a tool for development.
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    64
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    65
<code>
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    66
{
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    67
  // english
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    68
  eng: {
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    69
    categories: [ 'meta', 'yms' ],
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    70
    strings: {
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    71
      meta: {
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    72
        yms: 'Yubikey management system'
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    73
      },
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    74
      yms: {
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    75
        specialpage_yms: 'Yubikey manager',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    76
        specialpage_register: 'Register YMS client',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    77
        specialpage_validate: 'Yubikey validation API',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    78
        err_yubikey_plugin_missing_title: 'Yubikey plugin not found',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    79
        err_yubikey_plugin_missing_body: 'The Yubikey YMS cannot load because the Enano <a href="http://enanocms.org/plugin/yubikey">Yubikey authentication plugin</a> is not installed. Please ask your administrator to install it.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    80
        err_client_exists_title: 'Client already exists',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    81
        err_client_exists_body: 'You cannot register another YMS client using this same user account.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    82
        register_confirm_title: 'Enable your account for Yubikey authentication',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    83
        register_confirm_body: 'As a Yubikey authentication client, you gain the ability to manage multiple Yubikeys and tie them to your own organization. It also lets you retrieve secret AES keys for tokens, register new or reprogrammed keys, validate Yubikey OTPs using your own API key, and deactivate keys in case of a compromise. Do you want to enable your account for Yubikey management?',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    84
        register_btn_submit: 'Create YMS client',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    85
        
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    86
        register_msg_success_title: 'Congratulations! Your account is now enabled for YMS access.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    87
        register_msg_success_body: '<p>You can now go to the <a href="%yms_link|htmlsafe%">YMS admin panel</a> and add your Yubikeys. Your client ID and API key are below:</p>
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    88
                                      <p class="yms-copypara">Client ID: <span class="yms-copyfield">%client_id%</span><br />
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    89
                                         API key: <span class="yms-copyfield">%api_key%</span><br />
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    90
                                         Validation API URL: <span class="yms-copyfield">%validate_url%</span></p>
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    91
                                    <p><b>Remember to secure your user account!</b> Your Enano login is used to administer your YMS account. For maximum security, use the Yubikey Settings page of the User Control Panel to require both a password and a Yubikey OTP to log in.</p>',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    92
        msg_no_yubikeys: 'No Yubikeys found',
4
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
    93
        msg_editing_zero: '<b>Notice:</b> You are currently viewing the YMS profile for Client ID 0, the pool of claimable keys. By default, anybody can validate or claim these Yubikeys, but you can prevent validation of these keys by marking them inactive here. All key settings such as lifecycle state and notes are reset when a user claims a key here.',
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    94
        btn_add_key: 'Add Yubikey',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    95
        btn_add_key_preregistered: 'Claim a New Key',
4
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
    96
        btn_switch_to_zero: 'Edit claimable pool',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
    97
        btn_switch_from_zero: 'Switch back to my client',
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    98
        state_active: 'Active',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
    99
        state_inactive: 'Inactive',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   100
        
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   101
        th_id: 'ID#',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   102
        th_publicid: 'OTP prefix',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   103
        th_createtime: 'Created',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   104
        th_accesstime: 'Last accessed',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   105
        th_state: 'Lifecycle state',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   106
        th_note: 'Note',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   107
        
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   108
        msg_access_never: 'Never',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   109
        
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   110
        // Add key interface
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   111
        lbl_addkey_heading: 'Register Yubikey',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   112
        lbl_addkey_desc: 'Register a Yubikey that you programmed yourself in YMS to enable validation of OTPs from that key against this server.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   113
        lbl_addkey_field_secret: 'AES secret key:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   114
        lbl_addkey_field_secret_hint: 'Input in ModHex, hex, or base-64. The format will be detected automatically.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   115
        lbl_addkey_field_otp: 'Enter an OTP from this Yubikey:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   116
        lbl_addkey_field_notes: 'Notes about this key:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   117
        lbl_addkey_field_state: 'Lifecycle state:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   118
        lbl_addkey_field_any_client_name: 'Allow validation by any client:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   119
        lbl_addkey_field_any_client_hint: 'If unchecked, OTPs from this Yubikey can only be verified by someone using your client ID. Check this if you plan to use this Yubikey on websites you don\'t control.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   120
        lbl_addkey_field_any_client: 'Other clients can validate OTPs from this key',
4
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   121
        lbl_addkey_field_allow_claim_name: 'Place key in claimable pool:',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   122
        lbl_addkey_field_allow_claim_hint: 'After this key is added, YMS will release your ownership of this key so that other users may claim it.',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   123
        lbl_addkey_field_allow_claim: 'Release this key and allow others to claim it',
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   124
        btn_addkey_submit: 'Register key',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   125
        msg_addkey_success: 'This key has been successfully registered.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   126
        
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   127
        err_addkey_crc_failed: 'The CRC check on the OTP failed. This usually means that your AES key is wrong or could not be properly interpreted.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   128
        err_addkey_invalid_key: 'There was an error decoding your AES secret key. Please enter a 128-bit hex, ModHex, or base-64 value.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   129
        err_addkey_invalid_otp: 'The OTP from the Yubikey is invalid.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   130
        err_addkey_key_exists: 'This Yubikey is already registered on this server.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   131
        
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   132
        // Claim key interface
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   133
        lbl_claimkey_heading: 'Claim Yubikey',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   134
        lbl_claimkey_desc: 'Attach a key you have not reprogrammed to your YMS account, so that you can see its AES secret key and keep track of it.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   135
        lbl_claimkey_field_otp: 'Enter an OTP from this Yubikey:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   136
        lbl_custom_hint: 'For your security, this is used to validate your ownership of this Yubikey.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   137
        
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   138
        // AES key view interface
4
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   139
        showaes_heading_main: 'View AES key and counters',
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   140
        showaes_th: 'AES secret key for key %public_id%',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   141
        showaes_lbl_hex: 'Hex:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   142
        showaes_lbl_modhex: 'ModHex:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   143
        showaes_lbl_base64: 'Base64:',
4
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   144
        showaes_th_counter: 'Counters',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   145
        showaes_field_session_count: 'Session count:',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   146
        showaes_field_session_count_hint: 'Incremented by 1 each time you insert this Yubikey into a USB port.',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   147
        showaes_field_otp_count: 'OTP count:',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   148
        showaes_field_otp_count_hint: 'Incremented by 1 each time you press the button on the Yubikey; reset when the Yubikey is plugged in.',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   149
        
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   150
        err_expected_int: 'Expected an integer',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   151
        msg_counter_update_success: 'The counters for this Yubikey have been updated.',
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   152
        
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   153
        // API key view interface
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   154
        th_client_id: 'Client ID',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   155
        lbl_client_id: 'Client ID:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   156
        th_api_key: 'API key',
6
c1b4f69c187e Added validation URL to client info page
Dan
parents: 4
diff changeset
   157
        lbl_validate_url: 'Validation API URL:',
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   158
        
2
bbdd428926b9 Added key deletion.
Dan
parents: 0
diff changeset
   159
        // Deletion interface
bbdd428926b9 Added key deletion.
Dan
parents: 0
diff changeset
   160
        msg_delete_confirm: 'Are you sure you want to delete this Yubikey?',
bbdd428926b9 Added key deletion.
Dan
parents: 0
diff changeset
   161
        err_delete_not_found: 'That Yubikey was not found, or it is not yours to delete.',
bbdd428926b9 Added key deletion.
Dan
parents: 0
diff changeset
   162
        msg_delete_success: 'The selected Yubikey has been deleted successfully.',
bbdd428926b9 Added key deletion.
Dan
parents: 0
diff changeset
   163
        
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   164
        // Binary format converter
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   165
        th_converted_value: 'Converted value',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   166
        conv_err_invalid_string: 'The string was invalid or you entered did not match the format you selected.',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   167
        th_converter: 'Convert binary formats',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   168
        conv_lbl_value: 'Value to convert:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   169
        conv_lbl_format: 'Current encoding:',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   170
        conv_lbl_format_auto: 'Auto-detect',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   171
        conv_lbl_format_hex: 'Hexadecimal',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   172
        conv_lbl_format_modhex: 'ModHex',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   173
        conv_lbl_format_base64: 'Base-64',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   174
        conv_btn_submit: 'Convert',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   175
        
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   176
        // Key list
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   177
        btn_note_view: 'View or edit note',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   178
        btn_note_create: 'No note; click to create',
2
bbdd428926b9 Added key deletion.
Dan
parents: 0
diff changeset
   179
        btn_delete_key: 'Delete key',
4
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   180
        btn_show_aes: 'AES secret and counter information',
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   181
        btn_show_converter: 'Binary encoding converter',
3
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   182
        btn_show_client_info: 'View client info',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   183
        
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   184
        // ADMIN
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   185
        acp_title: 'Yubikey Management Server',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   186
        acp_heading_main: 'YMS configuration',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   187
        acp_th_main: 'Yubikey Management Server options',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   188
        acp_field_require_reauth_title: 'Require re-authentication to access YMS interface:',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   189
        acp_field_require_reauth_hint: 'This can be redundant and unnecessary if the sole purpose of your Enano installation is for YMS purposes.',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   190
        acp_field_require_reauth: 'YMS pages require re-authentication',
4
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   191
        acp_field_claim_enable_title: 'Allow users to claim Yubikeys:',
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   192
        acp_field_claim_enable_hint: 'If you plan to program your own Yubikeys and give them to others, enable this to allow them to create YMS accounts and "claim" the keys so they can see AES secrets and control settings on their keys.<br />
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   193
                                      If you enable this, all Administrators will see an option when adding a new key to put it into the pool of unclaimed keys.<br />
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   194
                                      To claim a Yubikey, YMS requires users to enter a valid OTP, and optionally, an additional field you may configure below.',
8
be4a5f24bb29 Add support for freezing the YMS client ID
Dan Fuhry <dan@enanocms.org>
parents: 7
diff changeset
   195
		acp_field_force_client_id_title: 'Shared client ID:',
be4a5f24bb29 Add support for freezing the YMS client ID
Dan Fuhry <dan@enanocms.org>
parents: 7
diff changeset
   196
		acp_field_force_client_id_hint: 'If set, all Yubikeys will be registered to the same underlying client account. This allows everyone on the site to manage a single pool of Yubikeys using different accounts.',
4
9fdc988ce46e Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added
Dan
parents: 3
diff changeset
   197
        acp_field_claim_enable: 'Enable the claim system',
3
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   198
        acp_field_claimauth_enable_title: 'Use external authentication when claiming Yubikeys:',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   199
        acp_field_claimauth_enable_hint: 'This allows you to require an additional value - for example, the receipt number from the user\'s Yubikey order - when Yubikeys are claimed.',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   200
        acp_field_claimauth_enable: 'Require additional field to claim a Yubikey',
7
3db638306413 Fixed claimauth strings
Dan Fuhry <dan@enanocms.org>
parents: 6
diff changeset
   201
        acp_field_claimauth_title: 'Name of the field:',
3db638306413 Fixed claimauth strings
Dan Fuhry <dan@enanocms.org>
parents: 6
diff changeset
   202
        acp_field_claimauth_title_hint: 'The label of the field the user sees when they are prompted. Example: "Receipt number"',
3
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   203
        acp_field_claimauth_url_title: 'URL to claim authentication server:',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   204
        acp_field_claimauth_url_hint: 'The following variables will be applied:
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   205
                                       <ul>
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   206
                                         <li>%c = The value the user entered in your custom field</li>
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   207
                                         <li>%o = The Yubikey OTP from the form</li>
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   208
                                         <li>%h = The HMAC signature of the request</li>
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   209
                                       </ul>
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   210
                                       This authentication uses the same protocol as other Yubikey authentication servers. See the <a href="http://enanocms.org/plugin/yms" onclick="window.opeh(this.href); return false;">YMS plugin page on enanocms.org</a> for information on how to write an authentication server.<br />
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   211
                                       <b>Example URL:</b> <tt>http://10.4.27.3/wsapi/validateclaim?id=1&amp;tid=%c&amp;otp=%o&amp;h=%h</tt>',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   212
        acp_field_claimauth_key_title: 'API key for authentication server:',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   213
        acp_field_claimauth_key_hint: 'If provided, YMS will sign the requests it makes to your authentication server. Leave blank to disable signature support.',
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   214
        
6edb31919f0e Added admin CP. Basic feature set is finished!
Dan
parents: 2
diff changeset
   215
        acp_msg_saved: 'Your changes to the YMS configuration have been saved.',
0
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   216
      }
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   217
    }
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   218
  }
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   219
}
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   220
</code>
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   221
**!*/
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   222
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   223
/**!install dbms="mysql"; **
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   224
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   225
CREATE TABLE {{TABLE_PREFIX}}yms_clients(
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   226
  id int(12) NOT NULL DEFAULT 0,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   227
  apikey varchar(40) NOT NULL,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   228
  PRIMARY KEY ( id )
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   229
);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   230
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   231
CREATE TABLE {{TABLE_PREFIX}}yms_yubikeys(
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   232
  id int(12) NOT NULL auto_increment,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   233
  client_id int(12) NOT NULL DEFAULT 0,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   234
  public_id varchar(12) NOT NULL DEFAULT '000000000000',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   235
  private_id varchar(12) NOT NULL DEFAULT '000000000000',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   236
  session_count int(8) NOT NULL DEFAULT 0,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   237
  token_count int(8) NOT NULL DEFAULT 0,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   238
  create_time int(12) NOT NULL DEFAULT 0,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   239
  access_time int(12) NOT NULL DEFAULT 0,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   240
  token_time int(12) NOT NULL DEFAULT 0,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   241
  aes_secret varchar(40) NOT NULL DEFAULT '00000000000000000000000000000000',
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   242
  flags int(8) NOT NULL DEFAULT 1,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   243
  notes text,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   244
  PRIMARY KEY (id)
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   245
);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   246
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   247
**!*/
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options.
Dan
parents:
diff changeset
   248