rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-01-20 10:52:15 +01:00
Code Issues Projects Releases Wiki Activity

Restore responding BAD_OTP if YubiKey is disabled.

Browse Source 
It seems that we might get into problems if responding OK - the other
sync client validation server would think we approved of the OTP.
This commit is contained in:
Fredrik Thulin 2012-06-14 13:30:04 +02:00
parent b5849acef1
commit 0fe0be9980
1 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
ykval-sync.php
View File

@ -116,15 +116,6 @@ if (!$localParams) {
exit; exit;
} }
if ($localParams['active'] != 1) {
/* The remote server has accepted an OTP from a YubiKey which we would not. We update our
* counters
*/
$myLog->log(LOG_WARNING, 'Received sync-request for de-activated Yubikey ' . $yk_publicname .
' - check database synchronization!!!');
}
/* Conditional update local database */ /* Conditional update local database */
$sync->updateDbCounters($syncParams); $sync->updateDbCounters($syncParams);
@ -169,7 +160,15 @@ if ($sync->countersEqual($localParams, $syncParams)) {
} }
} }
if ($localParams['active'] != 1) {
/* The remote server has accepted an OTP from a YubiKey which we would not.
* We still needed to update our counters with the counters from the OTP though.
*/
$myLog->log(LOG_WARNING, 'Received sync-request for de-activated Yubikey ' . $yk_publicname .
' - check database synchronization!!!');
sendResp(S_BAD_OTP, $apiKey);
exit;
}
$extra=array('modified'=>$localParams['modified'], $extra=array('modified'=>$localParams['modified'],
'nonce'=>$localParams['nonce'], 'nonce'=>$localParams['nonce'],