rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-01-20 10:52:15 +01:00
Code Issues Projects Releases Wiki Activity

instead of passing context to sendResp, give it a logger.

Browse Source
This commit is contained in:
Klas Lindfors 2012-06-14 15:15:47 +02:00
parent 01969a279e
commit 6c9edb0db2
3 changed files with 39 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ykval-common.php
View File

@ -219,12 +219,11 @@ function KSMdecryptOTP($urls) {
return $ret;
} // End decryptOTP
function sendResp($status, $context, $apiKey = '', $extra = null) {
function sendResp($status, $logger, $apiKey = '', $extra = null) {
if ($status == null) {
$status = S_BACKEND_ERROR;
}
$a['status'] = $status;
$a['t'] = getUTCTimeStamp();
if ($extra){
@ -242,8 +241,7 @@ function sendResp($status, $context, $apiKey = '', $extra = null) {
$str .= "status=" . ($a['status']) . "\r\n";
$str .= "\r\n";
global $ykval_common_log;
$ykval_common_log->log(LOG_INFO, "Context=" . $context . " Response: " . $str .
$logger->log(LOG_INFO, "Response: " . $str .
" (at " . date("c") . " " . microtime() . ")");
echo $str;

24
ykval-sync.php
View File

@ -4,25 +4,25 @@ require_once 'ykval-config.php';
require_once 'ykval-synclib.php';
$apiKey = '';
$context = 'sync';
header("content-type: text/plain");
if(empty($_SERVER['QUERY_STRING'])) {
sendResp(S_MISSING_PARAMETER, $context, $apiKey);
exit;
}
$myLog = new Log('ykval-sync');
$myLog->addField('ip', $_SERVER['REMOTE_ADDR']);
if(empty($_SERVER['QUERY_STRING'])) {
sendResp(S_MISSING_PARAMETER, $myLog, $apiKey);
exit;
}
$myLog->log(LOG_INFO, "Request: " . $_SERVER['QUERY_STRING']);
$sync = new SyncLib('ykval-sync:synclib');
$sync->addField('ip', $_SERVER['REMOTE_ADDR']);
if (! $sync->isConnected()) {
sendResp(S_BACKEND_ERROR, $context, $apiKey);
sendResp(S_BACKEND_ERROR, $myLog, $apiKey);
exit;
}
@ -42,7 +42,7 @@ foreach ($baseParams['__YKVAL_ALLOWED_SYNC_POOL__'] as $server) {
}
if (!$allowed) {
$myLog->log(LOG_NOTICE, 'Operation not allowed from IP ' . $_SERVER['REMOTE_ADDR']);
sendResp(S_OPERATION_NOT_ALLOWED, $context, $apiKey);
sendResp(S_OPERATION_NOT_ALLOWED, $myLog, $apiKey);
exit;
}
@ -68,7 +68,7 @@ foreach ($syncParams as $param=>$value) {
$value = getHttpVal($param, Null);
if ($value==Null) {
$myLog->log(LOG_NOTICE, "Received request with parameter[s] (" . $param . ") missing value");
sendResp(S_MISSING_PARAMETER, $context, $apiKey);
sendResp(S_MISSING_PARAMETER, $myLog, $apiKey);
exit;
}
$syncParams[$param]=$value;
@ -89,7 +89,7 @@ $sync->addField('otp', $syncParams['otp']);
foreach (array('modified') as $param) {
if (preg_match("/^[0-9]+$/", $syncParams[$param])==0) {
$myLog->log(LOG_NOTICE, 'Input parameters ' . $param . ' not correct');
sendResp(S_MISSING_PARAMETER, $context, $apiKey);
sendResp(S_MISSING_PARAMETER, $myLog, $apiKey);
exit;
}
}
@ -97,7 +97,7 @@ foreach (array('modified') as $param) {
foreach (array('yk_counter', 'yk_use', 'yk_high', 'yk_low') as $param) {
if (preg_match("/^(-1|[0-9]+)$/", $syncParams[$param])==0) {
$myLog->log(LOG_NOTICE, 'Input parameters ' . $param . ' not correct');
sendResp(S_MISSING_PARAMETER, $context, $apiKey);
sendResp(S_MISSING_PARAMETER, $myLog, $apiKey);
exit;
}
}
@ -113,7 +113,7 @@ $yk_publicname = $syncParams['yk_publicname'];
$localParams = $sync->getLocalParams($yk_publicname);
if (!$localParams) {
$myLog->log(LOG_NOTICE, 'Invalid Yubikey ' . $yk_publicname);
sendResp(S_BACKEND_ERROR, $context, $apiKey);
sendResp(S_BACKEND_ERROR, $myLog, $apiKey);
exit;
}
@ -180,6 +180,6 @@ $extra=array('modified'=>$localParams['modified'],
'yk_high'=>$localParams['yk_high'],
'yk_low'=>$localParams['yk_low']);
sendResp(S_OK, $context, $apiKey, $extra);
sendResp(S_OK, $myLog, $apiKey, $extra);
?>

51
ykval-verify.php
View File

@ -4,7 +4,6 @@ require_once 'ykval-config.php';
require_once 'ykval-synclib.php';
$apiKey = '';
$context = 'verify';
header("content-type: text/plain");
@ -57,7 +56,7 @@ if ($protocol_version>=2.0) {
/* Nonce is required from protocol 2.0 */
if(!$nonce) {
$myLog->log(LOG_NOTICE, 'Nonce is missing and protocol version >= 2.0');
sendResp(S_MISSING_PARAMETER, $context);
sendResp(S_MISSING_PARAMETER, $myLog);
exit;
}
}
@ -91,49 +90,49 @@ if (!isset($timeout) || $timeout == '') {
if ($otp == '') {
$myLog->log(LOG_NOTICE, 'OTP is missing');
sendResp(S_MISSING_PARAMETER, $context);
sendResp(S_MISSING_PARAMETER, $myLog);
exit;
}
if (strlen($otp) < TOKEN_LEN || strlen ($otp) > OTP_MAX_LEN) {
$myLog->log(LOG_NOTICE, 'Incorrect OTP length: ' . $otp);
sendResp(S_BAD_OTP, $context);
sendResp(S_BAD_OTP, $myLog);
exit;
}
if (preg_match("/^[cbdefghijklnrtuv]+$/", $otp)==0) {
$myLog->log(LOG_NOTICE, 'Invalid OTP: ' . $otp);
sendResp(S_BAD_OTP, $context);
sendResp(S_BAD_OTP, $myLog);
exit;
}
if (preg_match("/^[0-9]+$/", $client)==0){
$myLog->log(LOG_NOTICE, 'id provided in request must be an integer');
sendResp(S_MISSING_PARAMETER, $context);
sendResp(S_MISSING_PARAMETER, $myLog);
exit;
}
if ($timeout && preg_match("/^[0-9]+$/", $timeout)==0) {
$myLog->log(LOG_NOTICE, 'timeout is provided but not correct');
sendResp(S_MISSING_PARAMETER, $context);
sendResp(S_MISSING_PARAMETER, $myLog);
exit;
}
if (isset($nonce) && preg_match("/^[A-Za-z0-9]+$/", $nonce)==0) {
$myLog->log(LOG_NOTICE, 'NONCE is provided but not correct');
sendResp(S_MISSING_PARAMETER, $context);
sendResp(S_MISSING_PARAMETER, $myLog);
exit;
}
if (isset($nonce) && (strlen($nonce) < 16 || strlen($nonce) > 40)) {
$myLog->log(LOG_NOTICE, 'Nonce too short or too long');
sendResp(S_MISSING_PARAMETER, $context);
sendResp(S_MISSING_PARAMETER, $myLog);
exit;
}
if ($sl && (preg_match("/^[0-9]+$/", $sl)==0 || ($sl<0 || $sl>100))) {
$myLog->log(LOG_NOTICE, 'SL is provided but not correct');
sendResp(S_MISSING_PARAMETER, $context);
sendResp(S_MISSING_PARAMETER, $myLog);
exit;
}
@ -144,7 +143,7 @@ if ($sl && (preg_match("/^[0-9]+$/", $sl)==0 || ($sl<0 || $sl>100))) {
//
if ($client <= 0) {
$myLog->log(LOG_NOTICE, 'Client ID is missing');
sendResp(S_MISSING_PARAMETER, $context);
sendResp(S_MISSING_PARAMETER, $myLog);
exit;
}
@ -157,14 +156,14 @@ $sync->addField('ip', $_SERVER['REMOTE_ADDR']);
$sync->addField('otp', $otp);
if (! $sync->isConnected()) {
sendResp(S_BACKEND_ERROR, $context);
sendResp(S_BACKEND_ERROR, $myLog);
exit;
}
$cd=$sync->getClientData($client);
if(!$cd) {
$myLog->log(LOG_NOTICE, 'Invalid client id ' . $client);
sendResp(S_NO_SUCH_CLIENT, $context);
sendResp(S_NO_SUCH_CLIENT, $myLog);
exit;
}
$myLog->log(LOG_DEBUG,"Client data:", $cd);
@ -190,7 +189,7 @@ if ($h != '') {
// Compare it
if ($hmac != $h) {
$myLog->log(LOG_DEBUG, 'client hmac=' . $h . ', server hmac=' . $hmac);
sendResp(S_BAD_SIGNATURE, $context, $apiKey);
sendResp(S_BAD_SIGNATURE, $myLog, $apiKey);
exit;
}
}
@ -207,7 +206,7 @@ if ($protocol_version<2.0) {
//
$urls = otp2ksmurls ($otp, $client);
if (!is_array($urls)) {
sendResp(S_BACKEND_ERROR, $context, $apiKey);
sendResp(S_BACKEND_ERROR, $myLog, $apiKey);
exit;
}
@ -215,7 +214,7 @@ if (!is_array($urls)) {
//
$otpinfo = KSMdecryptOTP($urls);
if (!is_array($otpinfo)) {
sendResp(S_BAD_OTP, $context, $apiKey);
sendResp(S_BAD_OTP, $myLog, $apiKey);
exit;
}
$myLog->log(LOG_DEBUG, "Decrypted OTP:", $otpinfo);
@ -227,14 +226,14 @@ $yk_publicname=$devId;
$localParams = $sync->getLocalParams($yk_publicname);
if (!$localParams) {
$myLog->log(LOG_NOTICE, 'Invalid Yubikey ' . $yk_publicname);
sendResp(S_BACKEND_ERROR, $context, $apiKey);
sendResp(S_BACKEND_ERROR, $myLog, $apiKey);
exit;
}
$myLog->log(LOG_DEBUG, "Auth data:", $localParams);
if ($localParams['active'] != 1) {
$myLog->log(LOG_NOTICE, 'De-activated Yubikey ' . $devId);
sendResp(S_BAD_OTP, $context, $apiKey);
sendResp(S_BAD_OTP, $myLog, $apiKey);
exit;
}
@ -254,7 +253,7 @@ $otpParams=array('modified'=>time(),
if ($sync->countersEqual($localParams, $otpParams) &&
$localParams['nonce']==$otpParams['nonce']) {
$myLog->log(LOG_WARNING, 'Replayed request');
sendResp(S_REPLAYED_REQUEST, $context, $apiKey, $extra);
sendResp(S_REPLAYED_REQUEST, $myLog, $apiKey, $extra);
exit;
}
@ -263,7 +262,7 @@ if ($sync->countersHigherThanOrEqual($localParams, $otpParams)) {
$sync->log(LOG_WARNING, 'replayed OTP: Local counters higher');
$sync->log(LOG_WARNING, 'replayed OTP: Local counters ', $localParams);
$sync->log(LOG_WARNING, 'replayed OTP: Otp counters ', $otpParams);
sendResp(S_REPLAYED_OTP, $context, $apiKey, $extra);
sendResp(S_REPLAYED_OTP, $myLog, $apiKey, $extra);
exit;
}
@ -271,7 +270,7 @@ if ($sync->countersHigherThanOrEqual($localParams, $otpParams)) {
if(!$sync->updateDbCounters($otpParams)) {
$myLog->log(LOG_CRIT, "Failed to update yubikey counters in database");
sendResp(S_BACKEND_ERROR, $context, $apiKey);
sendResp(S_BACKEND_ERROR, $myLog, $apiKey);
exit;
}
@ -279,7 +278,7 @@ if(!$sync->updateDbCounters($otpParams)) {
if (!$sync->queue($otpParams, $localParams)) {
$myLog->log(LOG_CRIT, "ykval-verify:critical:failed to queue sync requests");
sendResp(S_BACKEND_ERROR, $context, $apiKey);
sendResp(S_BACKEND_ERROR, $myLog, $apiKey);
exit;
}
@ -311,11 +310,11 @@ if($syncres==False) {
there were not enough answers */
$myLog->log(LOG_WARNING, "ykval-verify:notice:Sync failed");
if ($nr_valid_answers!=$nr_answers) {
sendResp(S_REPLAYED_OTP, $context, $apiKey, $extra);
sendResp(S_REPLAYED_OTP, $myLog, $apiKey, $extra);
exit;
} else {
$extra['sl']=$sl_success_rate;
sendResp(S_NOT_ENOUGH_ANSWERS, $context, $apiKey, $extra);
sendResp(S_NOT_ENOUGH_ANSWERS, $myLog, $apiKey, $extra);
exit;
}
}
@ -363,7 +362,7 @@ if ($sessionCounter == $seenSessionCounter && $sessionUse > $seenSessionUse) {
if ($deviation > TS_ABS_TOLERANCE && $percent > TS_REL_TOLERANCE) {
$myLog->log(LOG_NOTICE, "OTP failed phishing test");
if (0) {
sendResp(S_DELAYED_OTP, $context, $apiKey, $extra);
sendResp(S_DELAYED_OTP, $myLog, $apiKey, $extra);
exit;
}
}
@ -379,6 +378,6 @@ if ($timestamp==1){
$extra['sessionuse'] = $sessionUse;
}
sendResp(S_OK, $context, $apiKey, $extra);
sendResp(S_OK, $myLog, $apiKey, $extra);
?>