rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-02-01 01:52:18 +01:00
Code Issues Projects Releases Wiki Activity

Cosmetic changes.

Browse Source 
- readability at the expense of long lines.
This commit is contained in:
Jean Paul Galea 2015-07-16 23:28:20 +02:00
parent 12e58b1dd0
commit 1d331555c5
1 changed files with 6 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
ykval-sync.php
View File

@ -56,22 +56,19 @@ if (! $sync->isConnected()) {
# #
# Verify that request comes from valid server # Verify that request comes from valid server
# #
$myLog->log(LOG_DEBUG, 'Received request from ' . $ipaddr); $myLog->log(LOG_DEBUG, 'Received request from ' . $ipaddr);
$allowed = in_array($ipaddr, $baseParams['__YKVAL_ALLOWED_SYNC_POOL__']); $allowed = in_array($ipaddr, $baseParams['__YKVAL_ALLOWED_SYNC_POOL__']);
if (!$allowed) { if (!$allowed) {
$myLog->log(LOG_NOTICE, 'Operation not allowed from IP ' . $ipaddr); $myLog->log(LOG_NOTICE, 'Operation not allowed from IP ' . $ipaddr);
$myLog->log(LOG_DEBUG, 'Remote IP ' . $ipaddr . ' not listed in allowed sync pool : ' . $myLog->log(LOG_DEBUG, 'Remote IP ' . $ipaddr . ' not listed in allowed sync pool : ' . implode(', ', $baseParams['__YKVAL_ALLOWED_SYNC_POOL__']));
implode(', ', $baseParams['__YKVAL_ALLOWED_SYNC_POOL__']));
sendResp(S_OPERATION_NOT_ALLOWED, $myLog, $apiKey); sendResp(S_OPERATION_NOT_ALLOWED, $myLog, $apiKey);
} }
# #
# Define requirements on protocol # Define requirements on protocol
# #
$syncParams = array( $syncParams = array(
'modified' => NULL, 'modified' => NULL,
'otp' => NULL, 'otp' => NULL,
@ -86,7 +83,6 @@ $syncParams = array(
# #
# Extract values from HTTP request # Extract values from HTTP request
# #
$tmp_log = "Received "; $tmp_log = "Received ";
foreach ($syncParams as $param=>$value) { foreach ($syncParams as $param=>$value) {
$value = getHttpVal($param, NULL); $value = getHttpVal($param, NULL);
@ -108,7 +104,6 @@ $sync->addField('otp', $syncParams['otp']);
# #
# Verify correctness of input parameters # Verify correctness of input parameters
# #
foreach (array('modified','yk_counter', 'yk_use', 'yk_high', 'yk_low') as $param) foreach (array('modified','yk_counter', 'yk_use', 'yk_high', 'yk_low') as $param)
{ {
// -1 is valid except for modified // -1 is valid except for modified
@ -123,11 +118,9 @@ foreach (array('modified','yk_counter', 'yk_use', 'yk_high', 'yk_low') as $param
sendResp(S_MISSING_PARAMETER, $myLog, $apiKey); sendResp(S_MISSING_PARAMETER, $myLog, $apiKey);
} }
# #
# Get local counter data # Get local counter data
# #
$yk_publicname = $syncParams['yk_publicname']; $yk_publicname = $syncParams['yk_publicname'];
$localParams = $sync->getLocalParams($yk_publicname); $localParams = $sync->getLocalParams($yk_publicname);
if (!$localParams) { if (!$localParams) {
@ -141,19 +134,15 @@ $sync->updateDbCounters($syncParams);
$myLog->log(LOG_DEBUG, 'Local params ', $localParams); $myLog->log(LOG_DEBUG, 'Local params ', $localParams);
$myLog->log(LOG_DEBUG, 'Sync request params ', $syncParams); $myLog->log(LOG_DEBUG, 'Sync request params ', $syncParams);
# /**
# Compare sync and local counters and generate warnings according to * Compare sync and local counters and generate warnings according to
# * https://developers.yubico.com/yubikey-val/doc/ServerReplicationProtocol.html
# https://developers.yubico.com/yubikey-val/doc/ServerReplicationProtocol.html */
#
if ($sync->countersHigherThan($localParams, $syncParams)) { if ($sync->countersHigherThan($localParams, $syncParams)) {
$myLog->log(LOG_WARNING, 'Remote server out of sync.'); $myLog->log(LOG_WARNING, 'Remote server out of sync.');
} }
if ($sync->countersEqual($localParams, $syncParams)) { if ($sync->countersEqual($localParams, $syncParams)) {
if ($syncParams['modified']==$localParams['modified'] && if ($syncParams['modified']==$localParams['modified'] &&
@ -185,8 +174,7 @@ if ($localParams['active'] != 1) {
/* The remote server has accepted an OTP from a YubiKey which we would not. /* The remote server has accepted an OTP from a YubiKey which we would not.
* We still needed to update our counters with the counters from the OTP though. * We still needed to update our counters with the counters from the OTP though.
*/ */
$myLog->log(LOG_WARNING, 'Received sync-request for de-activated Yubikey ' . $yk_publicname . $myLog->log(LOG_WARNING, 'Received sync-request for de-activated Yubikey ' . $yk_publicname . ' - check database synchronization!!!');
' - check database synchronization!!!');
sendResp(S_BAD_OTP, $myLog, $apiKey); sendResp(S_BAD_OTP, $myLog, $apiKey);
} }