From 6c9edb0db24ca9bf96acde5f123b07aa0aca2992 Mon Sep 17 00:00:00 2001 From: Klas Lindfors Date: Thu, 14 Jun 2012 15:15:47 +0200 Subject: [PATCH] instead of passing context to sendResp, give it a logger. --- ykval-common.php | 6 ++---- ykval-sync.php | 24 +++++++++++------------ ykval-verify.php | 51 ++++++++++++++++++++++++------------------------ 3 files changed, 39 insertions(+), 42 deletions(-) diff --git a/ykval-common.php b/ykval-common.php index ae204cc..ce4c9ce 100644 --- a/ykval-common.php +++ b/ykval-common.php @@ -219,12 +219,11 @@ function KSMdecryptOTP($urls) { return $ret; } // End decryptOTP -function sendResp($status, $context, $apiKey = '', $extra = null) { +function sendResp($status, $logger, $apiKey = '', $extra = null) { if ($status == null) { $status = S_BACKEND_ERROR; } - $a['status'] = $status; $a['t'] = getUTCTimeStamp(); if ($extra){ @@ -242,8 +241,7 @@ function sendResp($status, $context, $apiKey = '', $extra = null) { $str .= "status=" . ($a['status']) . "\r\n"; $str .= "\r\n"; - global $ykval_common_log; - $ykval_common_log->log(LOG_INFO, "Context=" . $context . " Response: " . $str . + $logger->log(LOG_INFO, "Response: " . $str . " (at " . date("c") . " " . microtime() . ")"); echo $str; diff --git a/ykval-sync.php b/ykval-sync.php index 2f3111d..8a5a6d3 100644 --- a/ykval-sync.php +++ b/ykval-sync.php @@ -4,25 +4,25 @@ require_once 'ykval-config.php'; require_once 'ykval-synclib.php'; $apiKey = ''; -$context = 'sync'; header("content-type: text/plain"); -if(empty($_SERVER['QUERY_STRING'])) { - sendResp(S_MISSING_PARAMETER, $context, $apiKey); - exit; -} $myLog = new Log('ykval-sync'); $myLog->addField('ip', $_SERVER['REMOTE_ADDR']); +if(empty($_SERVER['QUERY_STRING'])) { + sendResp(S_MISSING_PARAMETER, $myLog, $apiKey); + exit; +} + $myLog->log(LOG_INFO, "Request: " . $_SERVER['QUERY_STRING']); $sync = new SyncLib('ykval-sync:synclib'); $sync->addField('ip', $_SERVER['REMOTE_ADDR']); if (! $sync->isConnected()) { - sendResp(S_BACKEND_ERROR, $context, $apiKey); + sendResp(S_BACKEND_ERROR, $myLog, $apiKey); exit; } @@ -42,7 +42,7 @@ foreach ($baseParams['__YKVAL_ALLOWED_SYNC_POOL__'] as $server) { } if (!$allowed) { $myLog->log(LOG_NOTICE, 'Operation not allowed from IP ' . $_SERVER['REMOTE_ADDR']); - sendResp(S_OPERATION_NOT_ALLOWED, $context, $apiKey); + sendResp(S_OPERATION_NOT_ALLOWED, $myLog, $apiKey); exit; } @@ -68,7 +68,7 @@ foreach ($syncParams as $param=>$value) { $value = getHttpVal($param, Null); if ($value==Null) { $myLog->log(LOG_NOTICE, "Received request with parameter[s] (" . $param . ") missing value"); - sendResp(S_MISSING_PARAMETER, $context, $apiKey); + sendResp(S_MISSING_PARAMETER, $myLog, $apiKey); exit; } $syncParams[$param]=$value; @@ -89,7 +89,7 @@ $sync->addField('otp', $syncParams['otp']); foreach (array('modified') as $param) { if (preg_match("/^[0-9]+$/", $syncParams[$param])==0) { $myLog->log(LOG_NOTICE, 'Input parameters ' . $param . ' not correct'); - sendResp(S_MISSING_PARAMETER, $context, $apiKey); + sendResp(S_MISSING_PARAMETER, $myLog, $apiKey); exit; } } @@ -97,7 +97,7 @@ foreach (array('modified') as $param) { foreach (array('yk_counter', 'yk_use', 'yk_high', 'yk_low') as $param) { if (preg_match("/^(-1|[0-9]+)$/", $syncParams[$param])==0) { $myLog->log(LOG_NOTICE, 'Input parameters ' . $param . ' not correct'); - sendResp(S_MISSING_PARAMETER, $context, $apiKey); + sendResp(S_MISSING_PARAMETER, $myLog, $apiKey); exit; } } @@ -113,7 +113,7 @@ $yk_publicname = $syncParams['yk_publicname']; $localParams = $sync->getLocalParams($yk_publicname); if (!$localParams) { $myLog->log(LOG_NOTICE, 'Invalid Yubikey ' . $yk_publicname); - sendResp(S_BACKEND_ERROR, $context, $apiKey); + sendResp(S_BACKEND_ERROR, $myLog, $apiKey); exit; } @@ -180,6 +180,6 @@ $extra=array('modified'=>$localParams['modified'], 'yk_high'=>$localParams['yk_high'], 'yk_low'=>$localParams['yk_low']); -sendResp(S_OK, $context, $apiKey, $extra); +sendResp(S_OK, $myLog, $apiKey, $extra); ?> diff --git a/ykval-verify.php b/ykval-verify.php index a5a5944..58a5cfa 100644 --- a/ykval-verify.php +++ b/ykval-verify.php @@ -4,7 +4,6 @@ require_once 'ykval-config.php'; require_once 'ykval-synclib.php'; $apiKey = ''; -$context = 'verify'; header("content-type: text/plain"); @@ -57,7 +56,7 @@ if ($protocol_version>=2.0) { /* Nonce is required from protocol 2.0 */ if(!$nonce) { $myLog->log(LOG_NOTICE, 'Nonce is missing and protocol version >= 2.0'); - sendResp(S_MISSING_PARAMETER, $context); + sendResp(S_MISSING_PARAMETER, $myLog); exit; } } @@ -91,49 +90,49 @@ if (!isset($timeout) || $timeout == '') { if ($otp == '') { $myLog->log(LOG_NOTICE, 'OTP is missing'); - sendResp(S_MISSING_PARAMETER, $context); + sendResp(S_MISSING_PARAMETER, $myLog); exit; } if (strlen($otp) < TOKEN_LEN || strlen ($otp) > OTP_MAX_LEN) { $myLog->log(LOG_NOTICE, 'Incorrect OTP length: ' . $otp); - sendResp(S_BAD_OTP, $context); + sendResp(S_BAD_OTP, $myLog); exit; } if (preg_match("/^[cbdefghijklnrtuv]+$/", $otp)==0) { $myLog->log(LOG_NOTICE, 'Invalid OTP: ' . $otp); - sendResp(S_BAD_OTP, $context); + sendResp(S_BAD_OTP, $myLog); exit; } if (preg_match("/^[0-9]+$/", $client)==0){ $myLog->log(LOG_NOTICE, 'id provided in request must be an integer'); - sendResp(S_MISSING_PARAMETER, $context); + sendResp(S_MISSING_PARAMETER, $myLog); exit; } if ($timeout && preg_match("/^[0-9]+$/", $timeout)==0) { $myLog->log(LOG_NOTICE, 'timeout is provided but not correct'); - sendResp(S_MISSING_PARAMETER, $context); + sendResp(S_MISSING_PARAMETER, $myLog); exit; } if (isset($nonce) && preg_match("/^[A-Za-z0-9]+$/", $nonce)==0) { $myLog->log(LOG_NOTICE, 'NONCE is provided but not correct'); - sendResp(S_MISSING_PARAMETER, $context); + sendResp(S_MISSING_PARAMETER, $myLog); exit; } if (isset($nonce) && (strlen($nonce) < 16 || strlen($nonce) > 40)) { $myLog->log(LOG_NOTICE, 'Nonce too short or too long'); - sendResp(S_MISSING_PARAMETER, $context); + sendResp(S_MISSING_PARAMETER, $myLog); exit; } if ($sl && (preg_match("/^[0-9]+$/", $sl)==0 || ($sl<0 || $sl>100))) { $myLog->log(LOG_NOTICE, 'SL is provided but not correct'); - sendResp(S_MISSING_PARAMETER, $context); + sendResp(S_MISSING_PARAMETER, $myLog); exit; } @@ -144,7 +143,7 @@ if ($sl && (preg_match("/^[0-9]+$/", $sl)==0 || ($sl<0 || $sl>100))) { // if ($client <= 0) { $myLog->log(LOG_NOTICE, 'Client ID is missing'); - sendResp(S_MISSING_PARAMETER, $context); + sendResp(S_MISSING_PARAMETER, $myLog); exit; } @@ -157,14 +156,14 @@ $sync->addField('ip', $_SERVER['REMOTE_ADDR']); $sync->addField('otp', $otp); if (! $sync->isConnected()) { - sendResp(S_BACKEND_ERROR, $context); + sendResp(S_BACKEND_ERROR, $myLog); exit; } $cd=$sync->getClientData($client); if(!$cd) { $myLog->log(LOG_NOTICE, 'Invalid client id ' . $client); - sendResp(S_NO_SUCH_CLIENT, $context); + sendResp(S_NO_SUCH_CLIENT, $myLog); exit; } $myLog->log(LOG_DEBUG,"Client data:", $cd); @@ -190,7 +189,7 @@ if ($h != '') { // Compare it if ($hmac != $h) { $myLog->log(LOG_DEBUG, 'client hmac=' . $h . ', server hmac=' . $hmac); - sendResp(S_BAD_SIGNATURE, $context, $apiKey); + sendResp(S_BAD_SIGNATURE, $myLog, $apiKey); exit; } } @@ -207,7 +206,7 @@ if ($protocol_version<2.0) { // $urls = otp2ksmurls ($otp, $client); if (!is_array($urls)) { - sendResp(S_BACKEND_ERROR, $context, $apiKey); + sendResp(S_BACKEND_ERROR, $myLog, $apiKey); exit; } @@ -215,7 +214,7 @@ if (!is_array($urls)) { // $otpinfo = KSMdecryptOTP($urls); if (!is_array($otpinfo)) { - sendResp(S_BAD_OTP, $context, $apiKey); + sendResp(S_BAD_OTP, $myLog, $apiKey); exit; } $myLog->log(LOG_DEBUG, "Decrypted OTP:", $otpinfo); @@ -227,14 +226,14 @@ $yk_publicname=$devId; $localParams = $sync->getLocalParams($yk_publicname); if (!$localParams) { $myLog->log(LOG_NOTICE, 'Invalid Yubikey ' . $yk_publicname); - sendResp(S_BACKEND_ERROR, $context, $apiKey); + sendResp(S_BACKEND_ERROR, $myLog, $apiKey); exit; } $myLog->log(LOG_DEBUG, "Auth data:", $localParams); if ($localParams['active'] != 1) { $myLog->log(LOG_NOTICE, 'De-activated Yubikey ' . $devId); - sendResp(S_BAD_OTP, $context, $apiKey); + sendResp(S_BAD_OTP, $myLog, $apiKey); exit; } @@ -254,7 +253,7 @@ $otpParams=array('modified'=>time(), if ($sync->countersEqual($localParams, $otpParams) && $localParams['nonce']==$otpParams['nonce']) { $myLog->log(LOG_WARNING, 'Replayed request'); - sendResp(S_REPLAYED_REQUEST, $context, $apiKey, $extra); + sendResp(S_REPLAYED_REQUEST, $myLog, $apiKey, $extra); exit; } @@ -263,7 +262,7 @@ if ($sync->countersHigherThanOrEqual($localParams, $otpParams)) { $sync->log(LOG_WARNING, 'replayed OTP: Local counters higher'); $sync->log(LOG_WARNING, 'replayed OTP: Local counters ', $localParams); $sync->log(LOG_WARNING, 'replayed OTP: Otp counters ', $otpParams); - sendResp(S_REPLAYED_OTP, $context, $apiKey, $extra); + sendResp(S_REPLAYED_OTP, $myLog, $apiKey, $extra); exit; } @@ -271,7 +270,7 @@ if ($sync->countersHigherThanOrEqual($localParams, $otpParams)) { if(!$sync->updateDbCounters($otpParams)) { $myLog->log(LOG_CRIT, "Failed to update yubikey counters in database"); - sendResp(S_BACKEND_ERROR, $context, $apiKey); + sendResp(S_BACKEND_ERROR, $myLog, $apiKey); exit; } @@ -279,7 +278,7 @@ if(!$sync->updateDbCounters($otpParams)) { if (!$sync->queue($otpParams, $localParams)) { $myLog->log(LOG_CRIT, "ykval-verify:critical:failed to queue sync requests"); - sendResp(S_BACKEND_ERROR, $context, $apiKey); + sendResp(S_BACKEND_ERROR, $myLog, $apiKey); exit; } @@ -311,11 +310,11 @@ if($syncres==False) { there were not enough answers */ $myLog->log(LOG_WARNING, "ykval-verify:notice:Sync failed"); if ($nr_valid_answers!=$nr_answers) { - sendResp(S_REPLAYED_OTP, $context, $apiKey, $extra); + sendResp(S_REPLAYED_OTP, $myLog, $apiKey, $extra); exit; } else { $extra['sl']=$sl_success_rate; - sendResp(S_NOT_ENOUGH_ANSWERS, $context, $apiKey, $extra); + sendResp(S_NOT_ENOUGH_ANSWERS, $myLog, $apiKey, $extra); exit; } } @@ -363,7 +362,7 @@ if ($sessionCounter == $seenSessionCounter && $sessionUse > $seenSessionUse) { if ($deviation > TS_ABS_TOLERANCE && $percent > TS_REL_TOLERANCE) { $myLog->log(LOG_NOTICE, "OTP failed phishing test"); if (0) { - sendResp(S_DELAYED_OTP, $context, $apiKey, $extra); + sendResp(S_DELAYED_OTP, $myLog, $apiKey, $extra); exit; } } @@ -379,6 +378,6 @@ if ($timestamp==1){ $extra['sessionuse'] = $sessionUse; } -sendResp(S_OK, $context, $apiKey, $extra); +sendResp(S_OK, $myLog, $apiKey, $extra); ?>