rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-04-10 05:02:26 +02:00
Code Issues Projects Releases Wiki Activity

Cosmetic changes.

Browse Source
This commit is contained in:
Jean Paul Galea 2015-07-17 21:32:09 +02:00
parent ac3b4978b8
commit 8edf9ba465
1 changed files with 28 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
ykval-verify.php
View File

@ -54,7 +54,7 @@ else
$myLog->log(LOG_INFO, $query_string . $myLog->log(LOG_INFO, $query_string .
" (at " . date("c") . " " . microtime() . ") " . " (at " . date("c") . " " . microtime() . ") " .
(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" ? "HTTPS" : "HTTP")); (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" ? "HTTPS" : "HTTP"));
/* Detect protocol version */ /* Detect protocol version */
if (preg_match("/\/wsapi\/([0-9]+)\.([0-9]+)\//", $_SERVER['REQUEST_URI'], $out)) if (preg_match("/\/wsapi\/([0-9]+)\.([0-9]+)\//", $_SERVER['REQUEST_URI'], $out))
@ -199,7 +199,7 @@ if ($sl && (preg_match("/^[0-9]+$/", $sl)==0 || ($sl<0 || $sl>100)))
/* Initialize the sync library. Strive to use this instead of custom /* Initialize the sync library. Strive to use this instead of custom
DB requests, custom comparisons etc */ DB requests, custom comparisons etc */
$sync = new SyncLib('ykval-verify:synclib'); $sync = new SyncLib('ykval-verify:synclib');
$sync->addField('ip', $_SERVER['REMOTE_ADDR']); $sync->addField('ip', $_SERVER['REMOTE_ADDR']);
$sync->addField('otp', $otp); $sync->addField('otp', $otp);
@ -221,25 +221,33 @@ $myLog->log(LOG_DEBUG,"Client data:", $cd);
// //
$apiKey = base64_decode($cd['secret']); $apiKey = base64_decode($cd['secret']);
if ($h != '') { if ($h != '')
// Create the signature using the API key {
$a; // Create the signature using the API key
if($_GET) { $a;
$a = $_GET; if ($_GET)
} elseif($_POST) { {
$a = $_POST; $a = $_GET;
} else { }
sendRest(S_BACKEND_ERROR); elseif ($_POST)
exit; {
} $a = $_POST;
unset($a['h']); }
else
{
sendRest(S_BACKEND_ERROR);
exit;
}
unset($a['h']);
$hmac = sign($a, $apiKey, $myLog); $hmac = sign($a, $apiKey, $myLog);
// Compare it
if (!hash_equals($hmac, $h)) { // Compare it
$myLog->log(LOG_DEBUG, 'client hmac=' . $h . ', server hmac=' . $hmac); if (!hash_equals($hmac, $h))
sendResp(S_BAD_SIGNATURE, $myLog, $apiKey); {
} $myLog->log(LOG_DEBUG, 'client hmac=' . $h . ', server hmac=' . $hmac);
sendResp(S_BAD_SIGNATURE, $myLog, $apiKey);
}
} }
/* We need to add necessary parameters not available at earlier protocols after signature is computed. /* We need to add necessary parameters not available at earlier protocols after signature is computed.