# HG changeset patch # User Dan # Date 1249282379 14400 # Node ID 9fdc988ce46e4a4dcec541d9872094cd45c93496 # Parent 6edb31919f0ea1b54ff492974668797dac6cfb6b Added counter and ANY_CLIENT settings to ShowAESKey; Significant improvements to claim system: Added master switch for the whole system; Added ability for administrators to "su" to client ID 0 to manage pooled keys; Added ability for admins to release key when it is added diff -r 6edb31919f0e -r 9fdc988ce46e YubikeyManagement.php --- a/YubikeyManagement.php Sat Aug 01 01:42:21 2009 -0400 +++ b/YubikeyManagement.php Mon Aug 03 02:52:59 2009 -0400 @@ -90,8 +90,11 @@ Validation API URL: %validate_url%
Remember to secure your user account! Your Enano login is used to administer your YMS account. For maximum security, use the Yubikey Settings page of the User Control Panel to require both a password and a Yubikey OTP to log in.
', msg_no_yubikeys: 'No Yubikeys found', + msg_editing_zero: 'Notice: You are currently viewing the YMS profile for Client ID 0, the pool of claimable keys. By default, anybody can validate or claim these Yubikeys, but you can prevent validation of these keys by marking them inactive here. All key settings such as lifecycle state and notes are reset when a user claims a key here.', btn_add_key: 'Add Yubikey', btn_add_key_preregistered: 'Claim a New Key', + btn_switch_to_zero: 'Edit claimable pool', + btn_switch_from_zero: 'Switch back to my client', state_active: 'Active', state_inactive: 'Inactive', @@ -115,6 +118,9 @@ lbl_addkey_field_any_client_name: 'Allow validation by any client:', lbl_addkey_field_any_client_hint: 'If unchecked, OTPs from this Yubikey can only be verified by someone using your client ID. Check this if you plan to use this Yubikey on websites you don\'t control.', lbl_addkey_field_any_client: 'Other clients can validate OTPs from this key', + lbl_addkey_field_allow_claim_name: 'Place key in claimable pool:', + lbl_addkey_field_allow_claim_hint: 'After this key is added, YMS will release your ownership of this key so that other users may claim it.', + lbl_addkey_field_allow_claim: 'Release this key and allow others to claim it', btn_addkey_submit: 'Register key', msg_addkey_success: 'This key has been successfully registered.', @@ -130,10 +136,19 @@ lbl_custom_hint: 'For your security, this is used to validate your ownership of this Yubikey.', // AES key view interface + showaes_heading_main: 'View AES key and counters', showaes_th: 'AES secret key for key %public_id%', showaes_lbl_hex: 'Hex:', showaes_lbl_modhex: 'ModHex:', showaes_lbl_base64: 'Base64:', + showaes_th_counter: 'Counters', + showaes_field_session_count: 'Session count:', + showaes_field_session_count_hint: 'Incremented by 1 each time you insert this Yubikey into a USB port.', + showaes_field_otp_count: 'OTP count:', + showaes_field_otp_count_hint: 'Incremented by 1 each time you press the button on the Yubikey; reset when the Yubikey is plugged in.', + + err_expected_int: 'Expected an integer', + msg_counter_update_success: 'The counters for this Yubikey have been updated.', // API key view interface th_client_id: 'Client ID', @@ -161,7 +176,7 @@ btn_note_view: 'View or edit note', btn_note_create: 'No note; click to create', btn_delete_key: 'Delete key', - btn_show_aes: 'Show AES secret', + btn_show_aes: 'AES secret and counter information', btn_show_converter: 'Binary encoding converter', btn_show_client_info: 'View client info', @@ -172,6 +187,11 @@ acp_field_require_reauth_title: 'Require re-authentication to access YMS interface:', acp_field_require_reauth_hint: 'This can be redundant and unnecessary if the sole purpose of your Enano installation is for YMS purposes.', acp_field_require_reauth: 'YMS pages require re-authentication', + acp_field_claim_enable_title: 'Allow users to claim Yubikeys:', + acp_field_claim_enable_hint: 'If you plan to program your own Yubikeys and give them to others, enable this to allow them to create YMS accounts and "claim" the keys so they can see AES secrets and control settings on their keys.' . $lang->get('yms_err_yubikey_plugin_missing_body') . '
'); } + // Client switch allowed? + if ( $session->user_level >= USER_LEVEL_ADMIN && getConfig('yms_claim_enable', 0) == 1 ) + { + $on_home = empty($_POST) && !$paths->getParam(0); + + // yes. + $configkey = "yms_zeroeditsess_{$session->user_id}"; + if ( getConfig($configkey, 0) == 1 && !isset($_GET['client_switch']) ) + { + // set to zero + $yms_client_id = 0; + } + else if ( !getConfig($configkey) && isset($_GET['client_switch']) ) + { + // set to zero + update config + $yms_client_id = 0; + setConfig($configkey, 1); + } + else if ( getConfig($configkey) && isset($_GET['client_switch']) ) + { + // turning off + setConfig($configkey, false); + } + + // display a notice + if ( $yms_client_id == 0 && $on_home ) + { + $output->add_after_header('