rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-02-01 01:52:18 +01:00
Code Issues Projects Releases Wiki Activity

Cosmetic changes.

Browse Source 
- brackets, comment blocks.
This commit is contained in:
Jean Paul Galea 2015-07-17 00:21:16 +02:00
parent cc4eba8a56
commit c09908f111
1 changed files with 31 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
ykval-sync.php
View File

@ -33,7 +33,8 @@ require_once 'ykval-synclib.php';
header('content-type: text/plain');
if (empty($_SERVER['QUERY_STRING'])) {
if (empty($_SERVER['QUERY_STRING']))
{
sendResp(S_MISSING_PARAMETER, $myLog);
}
@ -47,7 +48,8 @@ $myLog->log(LOG_DEBUG, "Received request from $ipaddr");
// verify request sent by whitelisted address
if (in_array($ipaddr, $allowed, TRUE) === FALSE) {
if (in_array($ipaddr, $allowed, TRUE) === FALSE)
{
$myLog->log(LOG_NOTICE, "Operation not allowed from IP $ipaddr");
$myLog->log(LOG_DEBUG, "Remote IP $ipaddr not listed in allowed sync pool : " . implode(', ', $allowed));
sendResp(S_OPERATION_NOT_ALLOWED, $myLog);
@ -72,7 +74,8 @@ foreach ($syncParams as $param => $value)
{
$value = getHttpVal($param, NULL);
if ($value == NULL) {
if ($value == NULL)
{
$myLog->log(LOG_NOTICE, "Received request with parameter[s] ($param) missing value");
sendResp(S_MISSING_PARAMETER, $myLog);
}
@ -86,7 +89,8 @@ $myLog->log(LOG_INFO, $tmp_log);
$sync = new SyncLib('ykval-sync:synclib');
$sync->addField('ip', $ipaddr);
if (! $sync->isConnected()) {
if (! $sync->isConnected())
{
sendResp(S_BACKEND_ERROR, $myLog);
}
@ -113,7 +117,8 @@ foreach (array('modified','yk_counter', 'yk_use', 'yk_high', 'yk_low') as $param
// get local counter data
$yk_publicname = $syncParams['yk_publicname'];
$localParams = $sync->getLocalParams($yk_publicname);
if (!$localParams) {
if (!$localParams)
{
$myLog->log(LOG_NOTICE, 'Invalid Yubikey ' . $yk_publicname);
sendResp(S_BACKEND_ERROR, $myLog);
}
@ -129,14 +134,18 @@ $myLog->log(LOG_DEBUG, 'Sync request params ', $syncParams);
* https://developers.yubico.com/yubikey-val/doc/ServerReplicationProtocol.html
*/
if ($sync->countersHigherThan($localParams, $syncParams)) {
if ($sync->countersHigherThan($localParams, $syncParams))
{
$myLog->log(LOG_WARNING, 'Remote server out of sync.');
}
if ($sync->countersEqual($localParams, $syncParams)) {
if ($syncParams['modified'] == $localParams['modified'] && $syncParams['nonce'] == $localParams['nonce']) {
/* This is not an error. When the remote server received an OTP to verify, it would
if ($sync->countersEqual($localParams, $syncParams))
{
if ($syncParams['modified'] == $localParams['modified']
&& $syncParams['nonce'] == $localParams['nonce'])
{
/**
* This is not an error. When the remote server received an OTP to verify, it would
* have sent out sync requests immediately. When the required number of responses had
* been received, the current implementation discards all additional responses (to
* return the result to the client as soon as possible). If our response sent last
@ -146,20 +155,27 @@ if ($sync->countersEqual($localParams, $syncParams)) {
$myLog->log(LOG_INFO, 'Sync request unnecessarily sent');
}
if ($syncParams['modified'] != $localParams['modified'] && $syncParams['nonce'] == $localParams['nonce']) {
if ($syncParams['modified'] != $localParams['modified']
&& $syncParams['nonce'] == $localParams['nonce'])
{
$deltaModified = $syncParams['modified'] - $localParams['modified'];
if ($deltaModified < -1 || $deltaModified > 1) {
if ($deltaModified < -1 || $deltaModified > 1)
{
$myLog->log(LOG_WARNING, "We might have a replay. 2 events at different times have generated the same counters. The time difference is $deltaModified seconds");
}
}
if ($syncParams['nonce'] != $localParams['nonce']) {
if ($syncParams['nonce'] != $localParams['nonce'])
{
$myLog->log(LOG_WARNING, 'Remote server has received a request to validate an already validated OTP ');
}
}
if ($localParams['active'] != 1) {
/* The remote server has accepted an OTP from a YubiKey which we would not.
if ($localParams['active'] != 1)
{
/**
* The remote server has accepted an OTP from a YubiKey which we would not.
* We still needed to update our counters with the counters from the OTP though.
*/
$myLog->log(LOG_WARNING, "Received sync-request for de-activated Yubikey $yk_publicname - check database synchronization!!!");