mirror of
https://github.com/Yubico/yubikey-val.git
synced 2024-11-29 09:24:12 +01:00
Code cleanups.
This commit is contained in:
Simon Josefsson
parent
420f2fb9bf
commit
34d5445767
47
common.php
47
common.php
@ -11,19 +11,11 @@ define('S_BACKEND_ERROR', 'BACKEND_ERROR');
|
||||
define('TS_SEC', 0.119);
|
||||
define('TS_REL_TOLERANCE', 0.3);
|
||||
define('TS_ABS_TOLERANCE', 20);
|
||||
define('DEVICE_ID_LEN', 12);
|
||||
|
||||
require_once 'yubikey.php';
|
||||
require_once 'config.php';
|
||||
|
||||
function writeLog($msg, $debug=false) {
|
||||
$fileMsg = date( 'Y-m-d H:i:s: ').trim($msg);
|
||||
if (isset($_SERVER['REMOTE_ADDR'])) {
|
||||
$fileMsg .= ' by '.$_SERVER['REMOTE_ADDR'];
|
||||
}
|
||||
$fileMsg .= "\n";
|
||||
error_log($fileMsg, 3, "/tmp/yms.log");
|
||||
}
|
||||
|
||||
function unescape($s) {
|
||||
return str_replace('\\', "", $s);
|
||||
}
|
||||
@ -35,7 +27,6 @@ function getHttpVal($key, $defaultVal) {
|
||||
} else if (array_key_exists($key, $_POST)) {
|
||||
$val = $_POST[$key];
|
||||
}
|
||||
//return unescape(trim($val));
|
||||
$v = unescape(trim($val));
|
||||
return $v;
|
||||
}
|
||||
@ -69,22 +60,16 @@ function mysql_quote($value) {
|
||||
return "'" . mysql_real_escape_string($value) . "'";
|
||||
}
|
||||
|
||||
function debug($msg, $exit = false) {
|
||||
global $trace;
|
||||
if ($trace) {
|
||||
if (is_array($msg)) {
|
||||
$str = "";
|
||||
foreach($msg as $key => $value){
|
||||
$str .= " $key=$value";
|
||||
}
|
||||
} else {
|
||||
$str = ' ' . $msg;
|
||||
}
|
||||
echo '<p>Debug>' . $str . "\n";
|
||||
}
|
||||
if ($exit) {
|
||||
die('<font color=red><h4>Exit</h4></font>');
|
||||
}
|
||||
function debug($msg) {
|
||||
if (is_array($msg)) {
|
||||
$str = "";
|
||||
foreach($msg as $key => $value){
|
||||
$str .= "$key=$value ";
|
||||
}
|
||||
} else {
|
||||
$str = $msg;
|
||||
}
|
||||
error_log($str);
|
||||
}
|
||||
|
||||
// Return eg. 2008-11-21T06:11:55Z0711
|
||||
@ -108,7 +93,7 @@ function sign($a, $apiKey, $debug=false) {
|
||||
$qs .= '&';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// Generate the signature
|
||||
// debug('API key: '.base64_encode($apiKey)); // API key of the client
|
||||
debug('SIGN: '.$qs);
|
||||
@ -123,8 +108,6 @@ function sign($a, $apiKey, $debug=false) {
|
||||
|
||||
} // sign an array of query string
|
||||
|
||||
define('DEVICE_ID_LEN', 12);
|
||||
|
||||
function modhexToB64($modhex_str) {
|
||||
$s = ModHex::Decode($modhex_str);
|
||||
return base64_encode($s);
|
||||
@ -149,8 +132,8 @@ function b64ToHex($b64_str) {
|
||||
function getAuthData($devId) {
|
||||
$tokenId = modhexToB64($devId);
|
||||
$stmt = 'SELECT id, client_id, secret, active, counter, '.
|
||||
' sessionUse, low, high, accessed '.
|
||||
' FROM yubikeys WHERE active AND tokenId='.mysql_quote($tokenId);
|
||||
'sessionUse, low, high, accessed FROM yubikeys WHERE active '.
|
||||
'AND tokenId='.mysql_quote($tokenId);
|
||||
$r = query($stmt);
|
||||
if (mysql_num_rows($r) > 0) {
|
||||
$row = mysql_fetch_assoc($r);
|
||||
@ -163,7 +146,7 @@ function getAuthData($devId) {
|
||||
// $clientId: The decimal client identity
|
||||
function getClientData($clientId) {
|
||||
$stmt = 'SELECT secret, chk_sig, chk_owner, chk_time'.
|
||||
' FROM clients WHERE active AND id='.mysql_quote($clientId);
|
||||
' FROM clients WHERE active AND id='.mysql_quote($clientId);
|
||||
$r = query($stmt);
|
||||
if (mysql_num_rows($r) > 0) {
|
||||
$row = mysql_fetch_assoc($r);
|
||||
|
||||
58
verify.php
58
verify.php
@ -3,23 +3,21 @@ require_once 'common.php';
|
||||
|
||||
header("content-type: text/plain");
|
||||
|
||||
if (!isset ($trace)) {
|
||||
$trace = 0;
|
||||
}
|
||||
debug("Request: " . $_SERVER['QUERY_STRING']);
|
||||
|
||||
//// Extract values from HTTP request
|
||||
//
|
||||
$client = getHttpVal('id', 0);
|
||||
if ($client <= 0) {
|
||||
debug('Client ID is missing');
|
||||
sendResp(S_MISSING_PARAMETER, 'id');
|
||||
sendResp(S_MISSING_PARAMETER);
|
||||
exit;
|
||||
}
|
||||
|
||||
$otp = getHttpVal('otp', '');
|
||||
if ($otp == '') {
|
||||
debug('OTP is missing');
|
||||
sendResp(S_MISSING_PARAMETER, 'otp');
|
||||
sendResp(S_MISSING_PARAMETER);
|
||||
exit;
|
||||
}
|
||||
$otp = strtolower($otp);
|
||||
@ -29,7 +27,7 @@ $otp = strtolower($otp);
|
||||
$cd = getClientData($client);
|
||||
if ($cd == null) {
|
||||
debug('Invalid client id ' . $client);
|
||||
sendResp(S_NO_SUCH_CLIENT, $client);
|
||||
sendResp(S_NO_SUCH_CLIENT);
|
||||
exit;
|
||||
}
|
||||
debug($cd);
|
||||
@ -40,8 +38,8 @@ $apiKey = base64_decode($cd['secret']);
|
||||
$h = getHttpVal('h', '');
|
||||
|
||||
if ($cd['chk_sig'] && $h == '') {
|
||||
sendResp(S_MISSING_PARAMETER, 'h');
|
||||
debug('Signature missing');
|
||||
sendResp(S_MISSING_PARAMETER);
|
||||
exit;
|
||||
} else if ($cd['chk_sig'] || $h != '') {
|
||||
// Create the signature using the API key
|
||||
@ -52,21 +50,20 @@ if ($cd['chk_sig'] && $h == '') {
|
||||
|
||||
// Compare it
|
||||
if ($hmac != $h) {
|
||||
sendResp(S_BAD_SIGNATURE);
|
||||
debug('client hmac=' . $h . ', server hmac=' . $hmac);
|
||||
sendResp(S_BAD_SIGNATURE);
|
||||
exit;
|
||||
}
|
||||
debug('signature ok h=' . $h);
|
||||
}
|
||||
|
||||
//// Get Yubikey from DB
|
||||
//
|
||||
$devId = substr($otp, 0, 12);
|
||||
$devId = substr($otp, 0, DEVICE_ID_LEN);
|
||||
$ad = getAuthData($devId);
|
||||
|
||||
if ($ad == null) {
|
||||
debug('Invalid Yubikey ' . $devId);
|
||||
sendResp(S_BAD_OTP, $otp);
|
||||
sendResp(S_BAD_OTP);
|
||||
exit;
|
||||
} else {
|
||||
debug($ad);
|
||||
@ -79,11 +76,10 @@ $key16 = ModHex :: Decode($k);
|
||||
|
||||
//// Decode OTP from input
|
||||
//
|
||||
debug('OTP validation req:');
|
||||
$otpinfo = Yubikey :: Decode($otp, $key16);
|
||||
debug($otpinfo);
|
||||
if (!is_array($otpinfo)) {
|
||||
sendResp(S_BAD_OTP, $otp);
|
||||
sendResp(S_BAD_OTP);
|
||||
exit;
|
||||
}
|
||||
|
||||
@ -96,9 +92,6 @@ if ($sessionCounter < $seenSessionCounter) {
|
||||
" this=" . $sessionCounter);
|
||||
sendResp(S_REPLAYED_OTP);
|
||||
exit;
|
||||
} else {
|
||||
debug("Session counter OK, seen=" . $seenSessionCounter .
|
||||
" this=" . $sessionCounter);
|
||||
}
|
||||
|
||||
//// Check the session use
|
||||
@ -110,13 +103,17 @@ if ($sessionCounter == $seenSessionCounter && $sessionUse <= $seenSessionUse) {
|
||||
' this=' . $sessionUse);
|
||||
sendResp(S_REPLAYED_OTP);
|
||||
exit;
|
||||
} else {
|
||||
debug("Session use OK, seen=" . $seenSessionUse .
|
||||
' this=' . $sessionUse);
|
||||
}
|
||||
|
||||
updateDB($ad['id'], $otpinfo['session_counter'], $otpinfo['session_use'],
|
||||
$otpinfo['high'], $otpinfo['low']);
|
||||
//// Valid OTP, update database
|
||||
//
|
||||
$stmt = 'UPDATE yubikeys SET accessed=NOW()' .
|
||||
', counter=' .$otpinfo['session_counter'] .
|
||||
', sessionUse=' . $otpinfo['session_use'] .
|
||||
', low=' . $otpinfo['low'] .
|
||||
', high=' . $otpinfo['high'] .
|
||||
' WHERE id=' . $ad['id'];
|
||||
query($stmt);
|
||||
|
||||
//// Check the time stamp
|
||||
//
|
||||
@ -155,36 +152,21 @@ sendResp(S_OK);
|
||||
// Functions
|
||||
//////////////////////////
|
||||
|
||||
function sendResp($status, $info = null) {
|
||||
global $ad, $apiKey;
|
||||
function sendResp($status) {
|
||||
global $apiKey;
|
||||
|
||||
if ($status == null) {
|
||||
$status = S_BACKEND_ERROR;
|
||||
}
|
||||
|
||||
$a['status'] = $status;
|
||||
#$a['info'] = $info;
|
||||
$a['t'] = getUTCTimeStamp();
|
||||
$h = sign($a, $apiKey);
|
||||
|
||||
echo "h=" . $h . "\r\n";
|
||||
echo "t=" . ($a['t']) . "\r\n";
|
||||
echo "status=" . ($a['status']) . "\r\n";
|
||||
if ($a['info'] != null) {
|
||||
echo "info=" . ($a['info']) . "\r\n";
|
||||
}
|
||||
echo "\r\n";
|
||||
|
||||
} // End sendResp
|
||||
|
||||
function updateDB($id, $session_counter, $session_use, $ts_high, $ts_low) {
|
||||
$stmt = 'UPDATE yubikeys SET ' .
|
||||
'accessed=NOW(),' .
|
||||
'counter=' . $session_counter . ',' .
|
||||
'sessionUse=' . $session_use . ',' .
|
||||
'low=' . $ts_low . ',' .
|
||||
'high=' . $ts_high .
|
||||
' WHERE id=' . $id;
|
||||
query($stmt);
|
||||
}
|
||||
?>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user