From 3ff2d0d93d1b4a21ffea072510d7b132520f49ed Mon Sep 17 00:00:00 2001
From: Paul Chen <chenpaul@gmail.com>
Date: Fri, 26 Sep 2008 03:21:11 +0000
Subject: [PATCH] add key

---
 add_key.php   | 101 ++++++++++++++++++++++++++++++++++++++++++++++++++
 common.php    |  39 +++++++++++++++++++
 verifyOTP.php |  33 +----------------
 3 files changed, 142 insertions(+), 31 deletions(-)
 create mode 100644 add_key.php
 create mode 100644 common.php

diff --git a/add_key.php b/add_key.php
new file mode 100644
index 0000000..e535f96
--- /dev/null
+++ b/add_key.php
@@ -0,0 +1,101 @@
+<?php require_once '../yubiphpbase/appinclude.php';
+	  require_once '../yubiphpbase/yubi_lib.php';
+	  require_once 'common.php';
+	  
+header("content-type: text/plain");
+
+$trace = 1;
+
+$client = getHttpVal('id', 0);
+if ($client <= 0) {
+	debug('Client ID is missing, default to 1 (root)');
+	$client = 1;
+}
+
+$nonce = getHttpVal('nonce', '');
+if ($nonce == '') {
+	reply(S_MISSING_PARAMETER, '', $client, '', 'nonce');
+	exit;
+}
+
+$h = getHttpVal('h', '');
+if ($h == '') {
+	reply(S_MISSING_PARAMETER, '', $client, $nonce, 'h');
+	exit;
+}
+
+$op = getHttpVal('operation', '');
+if ($op == '') {
+	reply(S_MISSING_PARAMETER, '', $client, $nonce, 'operation');
+	exit;
+} else if ($op != 'add_key') {
+	reply(S_OPERATION_NOT_ALLOWED, $ci['secret'], $client, $nonce, $op);
+	exit;
+}
+
+$ci = getClientInfo($client);
+
+if (! isset($ci['id'])) {
+	debug('Client '.$client.' not found!');
+	$client = 1;
+	if (($ci = getClientInfo($client)) == null)  {
+		debug('Root client not found, service not installed properly!');
+		reply(S_BACKEND_ERROR, '', $client, $nonce, 'root client');
+		exit;
+	}	
+	reply(S_BAD_CLIENT, $ci['secret'], $client, $nonce);
+	exit;
+}
+
+if ($ci['perm_id'] != 1 && $ci['perm_id'] != 2) {
+  	reply(S_OPERATION_NOT_ALLOWED, $ci['secret'], $client, $nonce, $ci['perm_id']);
+	exit;
+}
+
+$tokenId = genRandB64(6);
+$secret = genRandB64(16);
+$keyid = addNewKey($tokenId, 1, $secret, '', $client);
+
+if ($keyid > 0) {
+	debug('Key '.$keyid.' added');
+	reply(S_OK, $ci['secret'], $client, $nonce);
+} else {
+	reply(S_BACKEND_ERROR, $ci['secret'], $client, $nonce);
+	exit;
+}
+
+function reply($status, $apiKey, $client_id, $nonce, $info=null) {
+	global $tokenId;
+	
+	if ($status == null) {
+		$status = S_BACKEND_ERROR;
+	}
+
+	date_default_timezone_set('UTC');
+	$timestamp = date('Y-m-d\TH:i:s\ZZ', time());
+
+	//// Prepare the response to the user
+	//
+	$respParams = 'status='.$status.'&t='.$timestamp;
+
+	// Generate the signature
+	debug('API key: '.$apiKey); // API key of the client
+	debug('Signing: '.$respParams);
+	// the TRUE at the end states we want the raw value, not hexadecimal form
+	$hmac = hash_hmac('sha1', utf8_encode($respParams), $apiKey, true);
+	//outputToFile('hmac', $hmac, "b");
+	// now take that byte value and base64 encode it
+	$hmac = base64_encode($hmac);
+
+	echo 'h='.$hmac.PHP_EOL;
+	if ($info != null) {
+		echo 'info='.$info.PHP_EOL;
+	}
+	echo 'nonce='.$nonce.PHP_EOL;
+	echo 'status='.$status.PHP_EOL;
+	echo 't='.$timestamp.PHP_EOL;
+	echo PHP_EOL;
+	
+} // End reply
+
+?>
diff --git a/common.php b/common.php
new file mode 100644
index 0000000..f982ca6
--- /dev/null
+++ b/common.php
@@ -0,0 +1,39 @@
+<?php
+
+define('S_OK', 'OK');
+define('S_BAD_OTP', 'BAD_OTP');
+define('S_BAD_CLIENT', 'BAD_CLIENT'); // New, added by paul 20080920
+define('S_REPLAYED_OTP', 'REPLAYED_OTP');
+define('S_BAD_SIGNATURE', 'BAD_SIGNATURE');
+define('S_MISSING_PARAMETER', 'MISSING_PARAMETER');
+//define('S_NO_SUCH_CLIENT', 'NO_SUCH_CLIENT'); // Deprecated by paul 20080920
+define('S_OPERATION_NOT_ALLOWED', 'OPERATION_NOT_ALLOWED');
+define('S_BACKEND_ERROR', 'BACKEND_ERROR');
+
+function debug($msg, $exit=false) {
+	global $trace;
+	if ($trace) {
+		if (is_array($msg)) {
+			print_r($msg);
+		} else {
+			echo 'debug> '.$msg;
+		}
+		echo "\n";
+	}
+	if ($exit) {
+		die ('<font color=red><h4>Exit</h4></font>');
+	}
+}
+
+function genRandB64($len) {
+	$r = hash('sha1', rand(999,99999999));
+	$r = substr(0,$len);
+	return base64_encode($r);
+}
+
+function outputToFile($outFname, $content, $mode, $append=false) {
+    $out = fopen($outFname, ($append ? "a" : "w"));
+    fwrite($out, $content);
+    fclose($out);
+}
+?>
diff --git a/verifyOTP.php b/verifyOTP.php
index fbb00d6..d574660 100644
--- a/verifyOTP.php
+++ b/verifyOTP.php
@@ -1,16 +1,7 @@
 <?php require_once '../yubiphpbase/appinclude.php';
 	  require_once '../yubiphpbase/yubi_lib.php';
-
-define('S_OK', 'OK');
-define('S_BAD_OTP', 'BAD_OTP');
-define('S_BAD_CLIENT', 'BAD_CLIENT'); // New, added by paul 20080920
-define('S_REPLAYED_OTP', 'REPLAYED_OTP');
-define('S_BAD_SIGNATURE', 'BAD_SIGNATURE');
-define('S_MISSING_PARAMETER', 'MISSING_PARAMETER');
-//define('S_NO_SUCH_CLIENT', 'NO_SUCH_CLIENT'); // Deprecated by paul 20080920
-define('S_OPERATION_NOT_ALLOWED', 'OPERATION_NOT_ALLOWED');
-define('S_BACKEND_ERROR', 'BACKEND_ERROR');
-
+	  require_once 'common.php';
+	  
 header("content-type: text/plain");
 
 if (!isset($trace)) { $trace = 0; }
@@ -206,21 +197,6 @@ function sendResp($status, $info=null) {
 
 } // End sendResp
 
-function debug($msg, $exit=false) {
-	global $trace;
-	if ($trace) {
-		if (is_array($msg)) {
-			print_r($msg);
-		} else {
-			echo 'debug> '.$msg;
-		}
-		echo "\n";
-	}
-	if ($exit) {
-		die ('<font color=red><h4>Exit</h4></font>');
-	}
-}
-
 function updDB($keyid, $new) {
 	$stmt = 'UPDATE yubikeys SET '.
 		'accessed=NOW(),'.
@@ -237,9 +213,4 @@ function updDB($keyid, $new) {
 	return true;
 }
 
-function outputToFile($outFname, $content, $mode, $append=false) {
-    $out = fopen($outFname, ($append ? "a" : "w"));
-    fwrite($out, $content);
-    fclose($out);
-}
 ?>