rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-02-27 06:54:16 +01:00
Code Issues Projects Releases Wiki Activity

Code cleanups.

Browse Source
This commit is contained in:
Simon Josefsson 2009-03-11 00:54:19 +00:00
parent 420f2fb9bf
commit 34d5445767
2 changed files with 35 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
common.php
View File

@ -11,19 +11,11 @@ define('S_BACKEND_ERROR', 'BACKEND_ERROR');
define('TS_SEC', 0.119); define('TS_SEC', 0.119);
define('TS_REL_TOLERANCE', 0.3); define('TS_REL_TOLERANCE', 0.3);
define('TS_ABS_TOLERANCE', 20); define('TS_ABS_TOLERANCE', 20);
define('DEVICE_ID_LEN', 12);
require_once 'yubikey.php'; require_once 'yubikey.php';
require_once 'config.php'; require_once 'config.php';
function writeLog($msg, $debug=false) {
$fileMsg = date( 'Y-m-d H:i:s: ').trim($msg);
if (isset($_SERVER['REMOTE_ADDR'])) {
$fileMsg .= ' by '.$_SERVER['REMOTE_ADDR'];
}
$fileMsg .= "\n";
error_log($fileMsg, 3, "/tmp/yms.log");
}
function unescape($s) { function unescape($s) {
return str_replace('\\', "", $s); return str_replace('\\', "", $s);
} }
@ -35,7 +27,6 @@ function getHttpVal($key, $defaultVal) {
} else if (array_key_exists($key, $_POST)) { } else if (array_key_exists($key, $_POST)) {
$val = $_POST[$key]; $val = $_POST[$key];
} }
//return unescape(trim($val));
$v = unescape(trim($val)); $v = unescape(trim($val));
return $v; return $v;
} }
@ -69,22 +60,16 @@ function mysql_quote($value) {
return "'" . mysql_real_escape_string($value) . "'"; return "'" . mysql_real_escape_string($value) . "'";
} }
function debug($msg, $exit = false) { function debug($msg) {
global $trace; if (is_array($msg)) {
if ($trace) { $str = "";
if (is_array($msg)) { foreach($msg as $key => $value){
$str = ""; $str .= "$key=$value ";
foreach($msg as $key => $value){ }
$str .= " $key=$value"; } else {
} $str = $msg;
} else { }
$str = ' ' . $msg; error_log($str);
}
echo '<p>Debug>' . $str . "\n";
}
if ($exit) {
die('<font color=red><h4>Exit</h4></font>');
}
} }
// Return eg. 2008-11-21T06:11:55Z0711 // Return eg. 2008-11-21T06:11:55Z0711
@ -108,7 +93,7 @@ function sign($a, $apiKey, $debug=false) {
$qs .= '&'; $qs .= '&';
} }
} }
// Generate the signature // Generate the signature
// debug('API key: '.base64_encode($apiKey)); // API key of the client // debug('API key: '.base64_encode($apiKey)); // API key of the client
debug('SIGN: '.$qs); debug('SIGN: '.$qs);
@ -123,8 +108,6 @@ function sign($a, $apiKey, $debug=false) {
} // sign an array of query string } // sign an array of query string
define('DEVICE_ID_LEN', 12);
function modhexToB64($modhex_str) { function modhexToB64($modhex_str) {
$s = ModHex::Decode($modhex_str); $s = ModHex::Decode($modhex_str);
return base64_encode($s); return base64_encode($s);
@ -149,8 +132,8 @@ function b64ToHex($b64_str) {
function getAuthData($devId) { function getAuthData($devId) {
$tokenId = modhexToB64($devId); $tokenId = modhexToB64($devId);
$stmt = 'SELECT id, client_id, secret, active, counter, '. $stmt = 'SELECT id, client_id, secret, active, counter, '.
' sessionUse, low, high, accessed '. 'sessionUse, low, high, accessed FROM yubikeys WHERE active '.
' FROM yubikeys WHERE active AND tokenId='.mysql_quote($tokenId); 'AND tokenId='.mysql_quote($tokenId);
$r = query($stmt); $r = query($stmt);
if (mysql_num_rows($r) > 0) { if (mysql_num_rows($r) > 0) {
$row = mysql_fetch_assoc($r); $row = mysql_fetch_assoc($r);
@ -163,7 +146,7 @@ function getAuthData($devId) {
// $clientId: The decimal client identity // $clientId: The decimal client identity
function getClientData($clientId) { function getClientData($clientId) {
$stmt = 'SELECT secret, chk_sig, chk_owner, chk_time'. $stmt = 'SELECT secret, chk_sig, chk_owner, chk_time'.
' FROM clients WHERE active AND id='.mysql_quote($clientId); ' FROM clients WHERE active AND id='.mysql_quote($clientId);
$r = query($stmt); $r = query($stmt);
if (mysql_num_rows($r) > 0) { if (mysql_num_rows($r) > 0) {
$row = mysql_fetch_assoc($r); $row = mysql_fetch_assoc($r);

58
verify.php
View File

@ -3,23 +3,21 @@ require_once 'common.php';
header("content-type: text/plain"); header("content-type: text/plain");
if (!isset ($trace)) { debug("Request: " . $_SERVER['QUERY_STRING']);
$trace = 0;
}
//// Extract values from HTTP request //// Extract values from HTTP request
// //
$client = getHttpVal('id', 0); $client = getHttpVal('id', 0);
if ($client <= 0) { if ($client <= 0) {
debug('Client ID is missing'); debug('Client ID is missing');
sendResp(S_MISSING_PARAMETER, 'id'); sendResp(S_MISSING_PARAMETER);
exit; exit;
} }
$otp = getHttpVal('otp', ''); $otp = getHttpVal('otp', '');
if ($otp == '') { if ($otp == '') {
debug('OTP is missing'); debug('OTP is missing');
sendResp(S_MISSING_PARAMETER, 'otp'); sendResp(S_MISSING_PARAMETER);
exit; exit;
} }
$otp = strtolower($otp); $otp = strtolower($otp);
@ -29,7 +27,7 @@ $otp = strtolower($otp);
$cd = getClientData($client); $cd = getClientData($client);
if ($cd == null) { if ($cd == null) {
debug('Invalid client id ' . $client); debug('Invalid client id ' . $client);
sendResp(S_NO_SUCH_CLIENT, $client); sendResp(S_NO_SUCH_CLIENT);
exit; exit;
} }
debug($cd); debug($cd);
@ -40,8 +38,8 @@ $apiKey = base64_decode($cd['secret']);
$h = getHttpVal('h', ''); $h = getHttpVal('h', '');
if ($cd['chk_sig'] && $h == '') { if ($cd['chk_sig'] && $h == '') {
sendResp(S_MISSING_PARAMETER, 'h');
debug('Signature missing'); debug('Signature missing');
sendResp(S_MISSING_PARAMETER);
exit; exit;
} else if ($cd['chk_sig'] || $h != '') { } else if ($cd['chk_sig'] || $h != '') {
// Create the signature using the API key // Create the signature using the API key
@ -52,21 +50,20 @@ if ($cd['chk_sig'] && $h == '') {
// Compare it // Compare it
if ($hmac != $h) { if ($hmac != $h) {
sendResp(S_BAD_SIGNATURE);
debug('client hmac=' . $h . ', server hmac=' . $hmac); debug('client hmac=' . $h . ', server hmac=' . $hmac);
sendResp(S_BAD_SIGNATURE);
exit; exit;
} }
debug('signature ok h=' . $h);
} }
//// Get Yubikey from DB //// Get Yubikey from DB
// //
$devId = substr($otp, 0, 12); $devId = substr($otp, 0, DEVICE_ID_LEN);
$ad = getAuthData($devId); $ad = getAuthData($devId);
if ($ad == null) { if ($ad == null) {
debug('Invalid Yubikey ' . $devId); debug('Invalid Yubikey ' . $devId);
sendResp(S_BAD_OTP, $otp); sendResp(S_BAD_OTP);
exit; exit;
} else { } else {
debug($ad); debug($ad);
@ -79,11 +76,10 @@ $key16 = ModHex :: Decode($k);
//// Decode OTP from input //// Decode OTP from input
// //
debug('OTP validation req:');
$otpinfo = Yubikey :: Decode($otp, $key16); $otpinfo = Yubikey :: Decode($otp, $key16);
debug($otpinfo); debug($otpinfo);
if (!is_array($otpinfo)) { if (!is_array($otpinfo)) {
sendResp(S_BAD_OTP, $otp); sendResp(S_BAD_OTP);
exit; exit;
} }
@ -96,9 +92,6 @@ if ($sessionCounter < $seenSessionCounter) {
" this=" . $sessionCounter); " this=" . $sessionCounter);
sendResp(S_REPLAYED_OTP); sendResp(S_REPLAYED_OTP);
exit; exit;
} else {
debug("Session counter OK, seen=" . $seenSessionCounter .
" this=" . $sessionCounter);
} }
//// Check the session use //// Check the session use
@ -110,13 +103,17 @@ if ($sessionCounter == $seenSessionCounter && $sessionUse <= $seenSessionUse) {
' this=' . $sessionUse); ' this=' . $sessionUse);
sendResp(S_REPLAYED_OTP); sendResp(S_REPLAYED_OTP);
exit; exit;
} else {
debug("Session use OK, seen=" . $seenSessionUse .
' this=' . $sessionUse);
} }
updateDB($ad['id'], $otpinfo['session_counter'], $otpinfo['session_use'], //// Valid OTP, update database
$otpinfo['high'], $otpinfo['low']); //
$stmt = 'UPDATE yubikeys SET accessed=NOW()' .
', counter=' .$otpinfo['session_counter'] .
', sessionUse=' . $otpinfo['session_use'] .
', low=' . $otpinfo['low'] .
', high=' . $otpinfo['high'] .
' WHERE id=' . $ad['id'];
query($stmt);
//// Check the time stamp //// Check the time stamp
// //
@ -155,36 +152,21 @@ sendResp(S_OK);
// Functions // Functions
////////////////////////// //////////////////////////
function sendResp($status, $info = null) { function sendResp($status) {
global $ad, $apiKey; global $apiKey;
if ($status == null) { if ($status == null) {
$status = S_BACKEND_ERROR; $status = S_BACKEND_ERROR;
} }
$a['status'] = $status; $a['status'] = $status;
#$a['info'] = $info;
$a['t'] = getUTCTimeStamp(); $a['t'] = getUTCTimeStamp();
$h = sign($a, $apiKey); $h = sign($a, $apiKey);
echo "h=" . $h . "\r\n"; echo "h=" . $h . "\r\n";
echo "t=" . ($a['t']) . "\r\n"; echo "t=" . ($a['t']) . "\r\n";
echo "status=" . ($a['status']) . "\r\n"; echo "status=" . ($a['status']) . "\r\n";
if ($a['info'] != null) {
echo "info=" . ($a['info']) . "\r\n";
}
echo "\r\n"; echo "\r\n";
} // End sendResp } // End sendResp
function updateDB($id, $session_counter, $session_use, $ts_high, $ts_low) {
$stmt = 'UPDATE yubikeys SET ' .
'accessed=NOW(),' .
'counter=' . $session_counter . ',' .
'sessionUse=' . $session_use . ',' .
'low=' . $ts_low . ',' .
'high=' . $ts_high .
' WHERE id=' . $id;
query($stmt);
}
?> ?>