rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-02-26 21:54:16 +01:00
Code Issues Projects Releases Wiki Activity

Cosmetic changes.

Browse Source
This commit is contained in:
Jean Paul Galea 2015-07-17 21:30:30 +02:00
parent d9194c854d
commit ac3b4978b8
1 changed files with 68 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
ykval-verify.php
View File

@ -38,19 +38,23 @@ header("content-type: text/plain");
$myLog = new Log('ykval-verify'); $myLog = new Log('ykval-verify');
$myLog->addField('ip', $_SERVER['REMOTE_ADDR']); $myLog->addField('ip', $_SERVER['REMOTE_ADDR']);
$query_string = ''; $query_string = '';
if ($_POST) { if ($_POST)
$kv = array(); {
foreach ($_POST as $key => $value) { $kv = array();
$kv[] = "$key=$value"; foreach ($_POST as $key => $value)
} {
$query_string = "POST: " . join("&", $kv); $kv[] = "$key=$value";
} else { }
$query_string = "Request: " . $_SERVER['QUERY_STRING']; $query_string = "POST: " . join("&", $kv);
}
else
{
$query_string = "Request: " . $_SERVER['QUERY_STRING'];
} }
$myLog->log(LOG_INFO, $query_string . $myLog->log(LOG_INFO, $query_string .
" (at " . date("c") . " " . microtime() . ") " . " (at " . date("c") . " " . microtime() . ") " .
(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" ? "HTTPS" : "HTTP")); (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" ? "HTTPS" : "HTTP"));
/* Detect protocol version */ /* Detect protocol version */
if (preg_match("/\/wsapi\/([0-9]+)\.([0-9]+)\//", $_SERVER['REQUEST_URI'], $out)) if (preg_match("/\/wsapi\/([0-9]+)\.([0-9]+)\//", $_SERVER['REQUEST_URI'], $out))
@ -120,59 +124,72 @@ if ($protocol_version >= 2.0)
*/ */
/* Change default protocol "strings" to numeric values */ /* Change default protocol "strings" to numeric values */
if (isset($sl) && strcasecmp($sl, 'fast')==0) { if (isset($sl) && strcasecmp($sl, 'fast') == 0)
$sl=$baseParams['__YKVAL_SYNC_FAST_LEVEL__']; {
$sl = $baseParams['__YKVAL_SYNC_FAST_LEVEL__'];
} }
if (isset($sl) && strcasecmp($sl, 'secure')==0) { if (isset($sl) && strcasecmp($sl, 'secure') == 0)
$sl=$baseParams['__YKVAL_SYNC_SECURE_LEVEL__']; {
$sl = $baseParams['__YKVAL_SYNC_SECURE_LEVEL__'];
} }
if (!isset($sl) || $sl == '') { if (!isset($sl) || $sl == '')
$sl=$baseParams['__YKVAL_SYNC_DEFAULT_LEVEL__']; {
$sl = $baseParams['__YKVAL_SYNC_DEFAULT_LEVEL__'];
} }
if (!isset($timeout) || $timeout == '') { if (!isset($timeout) || $timeout == '')
$timeout=$baseParams['__YKVAL_SYNC_DEFAULT_TIMEOUT__']; {
$timeout = $baseParams['__YKVAL_SYNC_DEFAULT_TIMEOUT__'];
} }
if ($otp == '') { if ($otp == '')
$myLog->log(LOG_NOTICE, 'OTP is missing'); {
sendResp(S_MISSING_PARAMETER, $myLog); $myLog->log(LOG_NOTICE, 'OTP is missing');
sendResp(S_MISSING_PARAMETER, $myLog);
} }
if (strlen($otp) < TOKEN_LEN || strlen ($otp) > OTP_MAX_LEN) { if (strlen($otp) < TOKEN_LEN || strlen ($otp) > OTP_MAX_LEN)
$myLog->log(LOG_NOTICE, 'Incorrect OTP length: ' . $otp); {
sendResp(S_BAD_OTP, $myLog); $myLog->log(LOG_NOTICE, 'Incorrect OTP length: ' . $otp);
sendResp(S_BAD_OTP, $myLog);
} }
if (preg_match("/^[cbdefghijklnrtuv]+$/", $otp)==0) { if (preg_match("/^[cbdefghijklnrtuv]+$/", $otp) == 0)
$myLog->log(LOG_NOTICE, 'Invalid OTP: ' . $otp); {
sendResp(S_BAD_OTP, $myLog); $myLog->log(LOG_NOTICE, 'Invalid OTP: ' . $otp);
sendResp(S_BAD_OTP, $myLog);
} }
if (preg_match("/^[0-9]+$/", $client)==0){ if (preg_match("/^[0-9]+$/", $client) == 0)
$myLog->log(LOG_NOTICE, 'id provided in request must be an integer'); {
sendResp(S_MISSING_PARAMETER, $myLog); $myLog->log(LOG_NOTICE, 'id provided in request must be an integer');
sendResp(S_MISSING_PARAMETER, $myLog);
} }
if ($client <= 0) { if ($client <= 0)
$myLog->log(LOG_NOTICE, 'Client ID is missing'); {
sendResp(S_MISSING_PARAMETER, $myLog); $myLog->log(LOG_NOTICE, 'Client ID is missing');
sendResp(S_MISSING_PARAMETER, $myLog);
} }
if ($timeout && preg_match("/^[0-9]+$/", $timeout)==0) { if ($timeout && preg_match("/^[0-9]+$/", $timeout) == 0)
$myLog->log(LOG_NOTICE, 'timeout is provided but not correct'); {
sendResp(S_MISSING_PARAMETER, $myLog); $myLog->log(LOG_NOTICE, 'timeout is provided but not correct');
sendResp(S_MISSING_PARAMETER, $myLog);
} }
if (isset($nonce) && preg_match("/^[A-Za-z0-9]+$/", $nonce)==0) { if (isset($nonce) && preg_match("/^[A-Za-z0-9]+$/", $nonce) == 0)
$myLog->log(LOG_NOTICE, 'NONCE is provided but not correct'); {
sendResp(S_MISSING_PARAMETER, $myLog); $myLog->log(LOG_NOTICE, 'NONCE is provided but not correct');
sendResp(S_MISSING_PARAMETER, $myLog);
} }
if (isset($nonce) && (strlen($nonce) < 16 || strlen($nonce) > 40)) { if (isset($nonce) && (strlen($nonce) < 16 || strlen($nonce) > 40))
$myLog->log(LOG_NOTICE, 'Nonce too short or too long'); {
sendResp(S_MISSING_PARAMETER, $myLog); $myLog->log(LOG_NOTICE, 'Nonce too short or too long');
sendResp(S_MISSING_PARAMETER, $myLog);
} }
if ($sl && (preg_match("/^[0-9]+$/", $sl)==0 || ($sl<0 || $sl>100))) { if ($sl && (preg_match("/^[0-9]+$/", $sl)==0 || ($sl<0 || $sl>100)))
$myLog->log(LOG_NOTICE, 'SL is provided but not correct'); {
sendResp(S_MISSING_PARAMETER, $myLog); $myLog->log(LOG_NOTICE, 'SL is provided but not correct');
sendResp(S_MISSING_PARAMETER, $myLog);
} }
/** /**
@ -338,12 +355,12 @@ else
} }
$myLog->log(LOG_INFO, "ykval-verify:notice:synclevel=" . $sl . $myLog->log(LOG_INFO, "ykval-verify:notice:synclevel=" . $sl .
" nr servers=" . $nr_servers . " nr servers=" . $nr_servers .
" req answers=" . $req_answers . " req answers=" . $req_answers .
" answers=" . $nr_answers . " answers=" . $nr_answers .
" valid answers=" . $nr_valid_answers . " valid answers=" . $nr_valid_answers .
" sl success rate=" . $sl_success_rate . " sl success rate=" . $sl_success_rate .
" timeout=" . $timeout); " timeout=" . $timeout);
if ($syncres == False) if ($syncres == False)
{ {