From ea97dbf73dee7b41964c764458fbdcfe87260bb9 Mon Sep 17 00:00:00 2001
From: Jean Paul Galea <jeanpaul@yubico.com>
Date: Thu, 16 Jul 2015 23:41:22 +0200
Subject: [PATCH] Refactor.

- before opening up a database connection (and init synclib),
	verify request comes from whitelisted address first.
---
 ykval-sync.php | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/ykval-sync.php b/ykval-sync.php
index 51a7da0..a9f7d32 100644
--- a/ykval-sync.php
+++ b/ykval-sync.php
@@ -43,9 +43,18 @@ $myLog->addField('ip', $ipaddr);
 if (empty($_SERVER['QUERY_STRING'])) {
   sendResp(S_MISSING_PARAMETER, $myLog);
 }
-
 $myLog->log(LOG_INFO, 'Request: ' . $_SERVER['QUERY_STRING']);
 
+
+// verify request sent by whitelisted address
+$myLog->log(LOG_DEBUG, 'Received request from ' . $ipaddr);
+if (in_array($ipaddr, $allowed, TRUE) === FALSE) {
+  $myLog->log(LOG_NOTICE, 'Operation not allowed from IP ' . $ipaddr);
+  $myLog->log(LOG_DEBUG, 'Remote IP ' . $ipaddr . ' not listed in allowed sync pool : ' . implode(', ', $allowed));
+  sendResp(S_OPERATION_NOT_ALLOWED, $myLog);
+}
+
+
 $sync = new SyncLib('ykval-sync:synclib');
 $sync->addField('ip', $ipaddr);
 
@@ -53,17 +62,6 @@ if (! $sync->isConnected()) {
   sendResp(S_BACKEND_ERROR, $myLog);
 }
 
-#
-# Verify that request comes from valid server
-#
-$myLog->log(LOG_DEBUG, 'Received request from ' . $ipaddr);
-
-if (in_array($ipaddr, $allowed, TRUE) === FALSE) {
-  $myLog->log(LOG_NOTICE, 'Operation not allowed from IP ' . $ipaddr);
-  $myLog->log(LOG_DEBUG, 'Remote IP ' . $ipaddr . ' not listed in allowed sync pool : ' . implode(', ', $allowed));
-  sendResp(S_OPERATION_NOT_ALLOWED, $myLog);
-}
-
 #
 # Define requirements on protocol
 #