Refactor.

- after each sendResp() we had an exit; - move exit; inside sendResp() function instead.
2025-03-03 18:29:18 +01:00 · 2015-07-16 22:47:16 +02:00 · 2015-07-16 22:47:16 +02:00 · 291bd32bae
commit 291bd32bae
parent bc5319327b
3 changed files with 1 additions and 32 deletions
--- a/ykval-common.php
+++ b/ykval-common.php
@ -271,6 +271,7 @@ function sendResp($status, $logger, $apiKey = '', $extra = null) {
    " (at " . date("c") . " " . microtime() . ")");

  echo $str;
+  exit;
 }

 // backport from PHP 5.6
--- a/ykval-sync.php
+++ b/ykval-sync.php
@ -41,7 +41,6 @@ $myLog->addField('ip', $_SERVER['REMOTE_ADDR']);

 if (empty($_SERVER['QUERY_STRING'])) {
  sendResp(S_MISSING_PARAMETER, $myLog, $apiKey);
-  exit;
 }

 $myLog->log(LOG_INFO, 'Request: ' . $_SERVER['QUERY_STRING']);
@ -51,7 +50,6 @@ $sync->addField('ip', $_SERVER['REMOTE_ADDR']);

 if (! $sync->isConnected()) {
  sendResp(S_BACKEND_ERROR, $myLog, $apiKey);
-  exit;
 }

 #
@ -67,7 +65,6 @@ if (!$allowed) {
  $myLog->log(LOG_DEBUG, 'Remote IP ' . $_SERVER['REMOTE_ADDR'] . ' not listed in allowed sync pool : ' .
 	      implode(', ', $baseParams['__YKVAL_ALLOWED_SYNC_POOL__']));
  sendResp(S_OPERATION_NOT_ALLOWED, $myLog, $apiKey);
-  exit;
 }

 #
@ -95,7 +92,6 @@ foreach ($syncParams as $param=>$value) {
  if ($value==Null) {
    $myLog->log(LOG_NOTICE, "Received request with parameter[s] (" . $param . ") missing value");
    sendResp(S_MISSING_PARAMETER, $myLog, $apiKey);
-    exit;
  }
  $syncParams[$param]=$value;
  $tmp_log .= "$param=$value ";
@ -116,7 +112,6 @@ foreach (array('modified') as $param) {
  if (preg_match("/^[0-9]+$/", $syncParams[$param])==0) {
    $myLog->log(LOG_NOTICE, 'Input parameters ' . $param . ' not correct');
    sendResp(S_MISSING_PARAMETER, $myLog, $apiKey);
-    exit;
  }
 }

@ -124,7 +119,6 @@ foreach (array('yk_counter', 'yk_use', 'yk_high', 'yk_low') as $param) {
  if (preg_match("/^(-1|[0-9]+)$/", $syncParams[$param])==0) {
    $myLog->log(LOG_NOTICE, 'Input parameters ' . $param . ' not correct');
    sendResp(S_MISSING_PARAMETER, $myLog, $apiKey);
-    exit;
  }
 }

@ -140,7 +134,6 @@ $localParams = $sync->getLocalParams($yk_publicname);
 if (!$localParams) {
  $myLog->log(LOG_NOTICE, 'Invalid Yubikey ' . $yk_publicname);
  sendResp(S_BACKEND_ERROR, $myLog, $apiKey);
-  exit;
 }

 /* Conditional update local database */
@ -196,7 +189,6 @@ if ($localParams['active'] != 1) {
  $myLog->log(LOG_WARNING, 'Received sync-request for de-activated Yubikey ' . $yk_publicname .
 	      ' - check database synchronization!!!');
  sendResp(S_BAD_OTP, $myLog, $apiKey);
-  exit;
 }

 $extra = array(
--- a/ykval-verify.php
+++ b/ykval-verify.php
@ -96,7 +96,6 @@ if ($protocol_version>=2.0) {
  if(!$nonce) {
    $myLog->log(LOG_NOTICE, 'Nonce is missing and protocol version >= 2.0');
    sendResp(S_MISSING_PARAMETER, $myLog);
-    exit;
  }
 }

@ -131,51 +130,42 @@ if (!isset($timeout) || $timeout == '') {
 if ($otp == '') {
  $myLog->log(LOG_NOTICE, 'OTP is missing');
  sendResp(S_MISSING_PARAMETER, $myLog);
-  exit;
 }
 if (strlen($otp) < TOKEN_LEN || strlen ($otp) > OTP_MAX_LEN) {
  $myLog->log(LOG_NOTICE, 'Incorrect OTP length: ' . $otp);
  sendResp(S_BAD_OTP, $myLog);
-  exit;
 }
 if (preg_match("/^[cbdefghijklnrtuv]+$/", $otp)==0) {
  $myLog->log(LOG_NOTICE, 'Invalid OTP: ' . $otp);
  sendResp(S_BAD_OTP, $myLog);
-  exit;
 }

 if (preg_match("/^[0-9]+$/", $client)==0){
  $myLog->log(LOG_NOTICE, 'id provided in request must be an integer');
  sendResp(S_MISSING_PARAMETER, $myLog);
-  exit;
 }
 if ($client <= 0) {
  $myLog->log(LOG_NOTICE, 'Client ID is missing');
  sendResp(S_MISSING_PARAMETER, $myLog);
-  exit;
 }

 if ($timeout && preg_match("/^[0-9]+$/", $timeout)==0) {
  $myLog->log(LOG_NOTICE, 'timeout is provided but not correct');
  sendResp(S_MISSING_PARAMETER, $myLog);
-  exit;
 }

 if (isset($nonce) && preg_match("/^[A-Za-z0-9]+$/", $nonce)==0) {
  $myLog->log(LOG_NOTICE, 'NONCE is provided but not correct');
  sendResp(S_MISSING_PARAMETER, $myLog);
-  exit;
 }
 if (isset($nonce) && (strlen($nonce) < 16 || strlen($nonce) > 40)) {
  $myLog->log(LOG_NOTICE, 'Nonce too short or too long');
  sendResp(S_MISSING_PARAMETER, $myLog);
-  exit;
 }

 if ($sl && (preg_match("/^[0-9]+$/", $sl)==0 || ($sl<0 || $sl>100))) {
  $myLog->log(LOG_NOTICE, 'SL is provided but not correct');
  sendResp(S_MISSING_PARAMETER, $myLog);
-  exit;
 }

 /**
@ -192,14 +182,12 @@ $sync->addField('otp', $otp);

 if (! $sync->isConnected()) {
  sendResp(S_BACKEND_ERROR, $myLog);
-  exit;
 }

 $cd=$sync->getClientData($client);
 if(!$cd) {
  $myLog->log(LOG_NOTICE, 'Invalid client id ' . $client);
  sendResp(S_NO_SUCH_CLIENT, $myLog);
-  exit;
 }
 $myLog->log(LOG_DEBUG,"Client data:", $cd);

@ -225,7 +213,6 @@ if ($h != '') {
  if (!hash_equals($hmac, $h)) {
    $myLog->log(LOG_DEBUG, 'client hmac=' . $h . ', server hmac=' . $hmac);
    sendResp(S_BAD_SIGNATURE, $myLog, $apiKey);
-    exit;
  }
 }

@ -242,7 +229,6 @@ if ($protocol_version<2.0) {
 $urls = otp2ksmurls ($otp, $client);
 if (!is_array($urls)) {
  sendResp(S_BACKEND_ERROR, $myLog, $apiKey);
-  exit;
 }

 //// Decode OTP from input
@ -254,7 +240,6 @@ if (array_key_exists('__YKVAL_KSM_CURL_OPTS__', $baseParams)) {
 $otpinfo = KSMdecryptOTP($urls, $myLog, $curlopts);
 if (!is_array($otpinfo)) {
  sendResp(S_BAD_OTP, $myLog, $apiKey);
-  exit;
 }
 $myLog->log(LOG_DEBUG, "Decrypted OTP:", $otpinfo);

@ -266,14 +251,12 @@ $localParams = $sync->getLocalParams($yk_publicname);
 if (!$localParams) {
  $myLog->log(LOG_NOTICE, 'Invalid Yubikey ' . $yk_publicname);
  sendResp(S_BACKEND_ERROR, $myLog, $apiKey);
-  exit;
 }

 $myLog->log(LOG_DEBUG, "Auth data:", $localParams);
 if ($localParams['active'] != 1) {
  $myLog->log(LOG_NOTICE, 'De-activated Yubikey ' . $devId);
  sendResp(S_BAD_OTP, $myLog, $apiKey);
-  exit;
 }

 /* Build OTP params */
@ -293,7 +276,6 @@ if ($sync->countersEqual($localParams, $otpParams) &&
    $localParams['nonce']==$otpParams['nonce']) {
  $myLog->log(LOG_WARNING, 'Replayed request');
  sendResp(S_REPLAYED_REQUEST, $myLog, $apiKey, $extra);
-  exit;
 }

 /* Check the OTP counters against local db */
@ -302,7 +284,6 @@ if ($sync->countersHigherThanOrEqual($localParams, $otpParams)) {
  $sync->log(LOG_WARNING, 'replayed OTP: Local counters ', $localParams);
  $sync->log(LOG_WARNING, 'replayed OTP: Otp counters ', $otpParams);
  sendResp(S_REPLAYED_OTP, $myLog, $apiKey, $extra);
-  exit;
 }

 /* Valid OTP, update database. */
@ -310,7 +291,6 @@ if ($sync->countersHigherThanOrEqual($localParams, $otpParams)) {
 if(!$sync->updateDbCounters($otpParams)) {
  $myLog->log(LOG_CRIT, "Failed to update yubikey counters in database");
  sendResp(S_BACKEND_ERROR, $myLog, $apiKey);
-  exit;
 }

 /* Queue sync requests */
@ -318,7 +298,6 @@ if(!$sync->updateDbCounters($otpParams)) {
 if (!$sync->queue($otpParams, $localParams)) {
  $myLog->log(LOG_CRIT, "ykval-verify:critical:failed to queue sync requests");
  sendResp(S_BACKEND_ERROR, $myLog, $apiKey);
-  exit;
 }

 $nr_servers=$sync->getNumberOfServers();
@ -350,11 +329,9 @@ if($syncres==False) {
  $myLog->log(LOG_WARNING, "ykval-verify:notice:Sync failed");
  if ($nr_valid_answers!=$nr_answers) {
    sendResp(S_REPLAYED_OTP, $myLog, $apiKey, $extra);
-    exit;
  } else {
    $extra['sl']=$sl_success_rate;
    sendResp(S_NOT_ENOUGH_ANSWERS, $myLog, $apiKey, $extra);
-    exit;
  }
 }

@ -402,7 +379,6 @@ if ($sessionCounter == $seenSessionCounter && $sessionUse > $seenSessionUse) {
    $myLog->log(LOG_NOTICE, "OTP failed phishing test");
    if (0) {
      sendResp(S_DELAYED_OTP, $myLog, $apiKey, $extra);
-      exit;
    }
  }
 }