From 365636e34a691530aef98a629c29d1837c4828cf Mon Sep 17 00:00:00 2001 From: Jean Paul Galea Date: Thu, 16 Jul 2015 23:53:08 +0200 Subject: [PATCH] Cosmetic changes. - spaces -> tabs --- ykval-sync.php | 124 ++++++++++++++++++++++++------------------------- 1 file changed, 62 insertions(+), 62 deletions(-) diff --git a/ykval-sync.php b/ykval-sync.php index 833cb22..5a61cfc 100644 --- a/ykval-sync.php +++ b/ykval-sync.php @@ -34,7 +34,7 @@ require_once 'ykval-synclib.php'; header('content-type: text/plain'); if (empty($_SERVER['QUERY_STRING'])) { - sendResp(S_MISSING_PARAMETER, $myLog); + sendResp(S_MISSING_PARAMETER, $myLog); } $ipaddr = $_SERVER['REMOTE_ADDR']; @@ -48,9 +48,9 @@ $myLog->log(LOG_DEBUG, 'Received request from ' . $ipaddr); // verify request sent by whitelisted address if (in_array($ipaddr, $allowed, TRUE) === FALSE) { - $myLog->log(LOG_NOTICE, 'Operation not allowed from IP ' . $ipaddr); - $myLog->log(LOG_DEBUG, 'Remote IP ' . $ipaddr . ' not listed in allowed sync pool : ' . implode(', ', $allowed)); - sendResp(S_OPERATION_NOT_ALLOWED, $myLog); + $myLog->log(LOG_NOTICE, 'Operation not allowed from IP ' . $ipaddr); + $myLog->log(LOG_DEBUG, 'Remote IP ' . $ipaddr . ' not listed in allowed sync pool : ' . implode(', ', $allowed)); + sendResp(S_OPERATION_NOT_ALLOWED, $myLog); } @@ -58,21 +58,21 @@ $sync = new SyncLib('ykval-sync:synclib'); $sync->addField('ip', $ipaddr); if (! $sync->isConnected()) { - sendResp(S_BACKEND_ERROR, $myLog); + sendResp(S_BACKEND_ERROR, $myLog); } # # Define requirements on protocol # $syncParams = array( - 'modified' => NULL, - 'otp' => NULL, - 'nonce' => NULL, - 'yk_publicname' => NULL, - 'yk_counter' => NULL, - 'yk_use' => NULL, - 'yk_high' => NULL, - 'yk_low' => NULL + 'modified' => NULL, + 'otp' => NULL, + 'nonce' => NULL, + 'yk_publicname' => NULL, + 'yk_counter' => NULL, + 'yk_use' => NULL, + 'yk_high' => NULL, + 'yk_low' => NULL ); # @@ -80,13 +80,13 @@ $syncParams = array( # $tmp_log = "Received "; foreach ($syncParams as $param=>$value) { - $value = getHttpVal($param, NULL); - if ($value==NULL) { - $myLog->log(LOG_NOTICE, "Received request with parameter[s] (" . $param . ") missing value"); - sendResp(S_MISSING_PARAMETER, $myLog); - } - $syncParams[$param] = $value; - $tmp_log .= "$param=$value "; + $value = getHttpVal($param, NULL); + if ($value==NULL) { + $myLog->log(LOG_NOTICE, "Received request with parameter[s] (" . $param . ") missing value"); + sendResp(S_MISSING_PARAMETER, $myLog); + } + $syncParams[$param] = $value; + $tmp_log .= "$param=$value "; } $myLog->log(LOG_INFO, $tmp_log); @@ -101,16 +101,16 @@ $sync->addField('otp', $syncParams['otp']); # foreach (array('modified','yk_counter', 'yk_use', 'yk_high', 'yk_low') as $param) { - // -1 is valid except for modified - if ($param !== 'modified' && $syncParams[$param] === '-1') - continue; + // -1 is valid except for modified + if ($param !== 'modified' && $syncParams[$param] === '-1') + continue; - // [0-9]+ - if ($syncParams[$param] !== '' && ctype_digit($syncParams[$param])) - continue; + // [0-9]+ + if ($syncParams[$param] !== '' && ctype_digit($syncParams[$param])) + continue; - $myLog->log(LOG_NOTICE, 'Input parameters ' . $param . ' not correct'); - sendResp(S_MISSING_PARAMETER, $myLog); + $myLog->log(LOG_NOTICE, 'Input parameters ' . $param . ' not correct'); + sendResp(S_MISSING_PARAMETER, $myLog); } # @@ -119,8 +119,8 @@ foreach (array('modified','yk_counter', 'yk_use', 'yk_high', 'yk_low') as $param $yk_publicname = $syncParams['yk_publicname']; $localParams = $sync->getLocalParams($yk_publicname); if (!$localParams) { - $myLog->log(LOG_NOTICE, 'Invalid Yubikey ' . $yk_publicname); - sendResp(S_BACKEND_ERROR, $myLog); + $myLog->log(LOG_NOTICE, 'Invalid Yubikey ' . $yk_publicname); + sendResp(S_BACKEND_ERROR, $myLog); } /* Conditional update local database */ @@ -135,50 +135,50 @@ $myLog->log(LOG_DEBUG, 'Sync request params ', $syncParams); */ if ($sync->countersHigherThan($localParams, $syncParams)) { - $myLog->log(LOG_WARNING, 'Remote server out of sync.'); + $myLog->log(LOG_WARNING, 'Remote server out of sync.'); } if ($sync->countersEqual($localParams, $syncParams)) { - if ($syncParams['modified'] == $localParams['modified'] && $syncParams['nonce'] == $localParams['nonce']) { - /* This is not an error. When the remote server received an OTP to verify, it would - * have sent out sync requests immediately. When the required number of responses had - * been received, the current implementation discards all additional responses (to - * return the result to the client as soon as possible). If our response sent last - * time was discarded, we will end up here when the background ykval-queue processes - * the sync request again. - */ - $myLog->log(LOG_INFO, 'Sync request unnecessarily sent'); - } + if ($syncParams['modified'] == $localParams['modified'] && $syncParams['nonce'] == $localParams['nonce']) { + /* This is not an error. When the remote server received an OTP to verify, it would + * have sent out sync requests immediately. When the required number of responses had + * been received, the current implementation discards all additional responses (to + * return the result to the client as soon as possible). If our response sent last + * time was discarded, we will end up here when the background ykval-queue processes + * the sync request again. + */ + $myLog->log(LOG_INFO, 'Sync request unnecessarily sent'); + } - if ($syncParams['modified'] != $localParams['modified'] && $syncParams['nonce'] == $localParams['nonce']) { - $deltaModified = $syncParams['modified'] - $localParams['modified']; - if ($deltaModified < -1 || $deltaModified > 1) { - $myLog->log(LOG_WARNING, 'We might have a replay. 2 events at different times have generated the same counters. The time difference is ' . $deltaModified . ' seconds'); - } - } + if ($syncParams['modified'] != $localParams['modified'] && $syncParams['nonce'] == $localParams['nonce']) { + $deltaModified = $syncParams['modified'] - $localParams['modified']; + if ($deltaModified < -1 || $deltaModified > 1) { + $myLog->log(LOG_WARNING, 'We might have a replay. 2 events at different times have generated the same counters. The time difference is ' . $deltaModified . ' seconds'); + } + } - if ($syncParams['nonce'] != $localParams['nonce']) { - $myLog->log(LOG_WARNING, 'Remote server has received a request to validate an already validated OTP '); - } + if ($syncParams['nonce'] != $localParams['nonce']) { + $myLog->log(LOG_WARNING, 'Remote server has received a request to validate an already validated OTP '); + } } if ($localParams['active'] != 1) { - /* The remote server has accepted an OTP from a YubiKey which we would not. - * We still needed to update our counters with the counters from the OTP though. - */ - $myLog->log(LOG_WARNING, 'Received sync-request for de-activated Yubikey ' . $yk_publicname . ' - check database synchronization!!!'); - sendResp(S_BAD_OTP, $myLog); + /* The remote server has accepted an OTP from a YubiKey which we would not. + * We still needed to update our counters with the counters from the OTP though. + */ + $myLog->log(LOG_WARNING, 'Received sync-request for de-activated Yubikey ' . $yk_publicname . ' - check database synchronization!!!'); + sendResp(S_BAD_OTP, $myLog); } $extra = array( - 'modified' => $localParams['modified'], - 'nonce' => $localParams['nonce'], - 'yk_publicname' => $yk_publicname, - 'yk_counter' => $localParams['yk_counter'], - 'yk_use' => $localParams['yk_use'], - 'yk_high' => $localParams['yk_high'], - 'yk_low' => $localParams['yk_low'] + 'modified' => $localParams['modified'], + 'nonce' => $localParams['nonce'], + 'yk_publicname' => $yk_publicname, + 'yk_counter' => $localParams['yk_counter'], + 'yk_use' => $localParams['yk_use'], + 'yk_high' => $localParams['yk_high'], + 'yk_low' => $localParams['yk_low'] ); sendResp(S_OK, $myLog, '', $extra);