1
0
mirror of https://github.com/Yubico/yubikey-val.git synced 2024-11-29 09:24:12 +01:00
Commit Graph

43 Commits

Author SHA1 Message Date
Simon Josefsson
f2b05822ef Silence PHP warnings. 2012-05-21 09:12:33 +02:00
Klas Lindfors
2e0dbfa2c3 build up the array to sign by taking $_GET or $_POST and remove the h key 2012-05-16 13:45:08 +02:00
Klas Lindfors
854a6527d6 update comment about nonce to reflect what the code actually does enforce 2012-05-08 13:43:21 +02:00
Klas Lindfors
da24a3fe30 fix fast or secure strings as sl
move transformation of strings for sync and default values for sync and
timeout to before sanity checking.
2012-02-22 14:27:24 +01:00
Simon Josefsson
a68539e884 Tiny fixes to silence PHP warnings from Hiroki Nose <Hiroki_Nose@totec.co.jp>.
1. PHP Notice:  Use of undefined constant CURL_OK - assumed 'CURL_OK' in /usr/share/ykval/ykval-common.php on line 156 
 2. PHP Notice:  Undefined index: HTTPS in /usr/share/ykval/ykval-verify.php on line 14 
 3. PHP Notice:  Undefined variable: query in /usr/share/ykval/ykval-db.php on line 186
2011-10-25 08:08:31 +00:00
Simon Josefsson
fb506d0238 Don't echo (unsanitized) OTP/NONCE values back to client when
sending error codes.  Reported by Paul van Empelen.
2011-08-18 12:19:15 +00:00
Simon Josefsson
016313a1e3 Support YubiKey OTPs filtered through a US Dvorak keyboard layout. 2010-09-21 08:13:36 +00:00
Simon Josefsson
dd9f472e77 Fix typo. 2010-09-12 10:42:32 +00:00
Simon Josefsson
8ea97ab0fb Sanity check OTP variable before trusting it.
Reported by Ricky Zhou <ricky@fedoraproject.org>.
2010-09-12 10:39:23 +00:00
Simon Josefsson
c9f58a83c7 Log HTTPS status. 2010-08-22 14:38:26 +00:00
Simon Josefsson
069092fd6b Timestamp requests. 2010-08-22 13:27:46 +00:00
Simon Josefsson
7b18b50ee7 When number of sync servers equals zero, set sync result to success.
Patch from arte42.ripe in issue #7.
2010-05-17 13:06:06 +00:00
Simon Josefsson
2f099df58c Don't reject on nonce error for v1.x requests. 2010-04-23 21:44:25 +00:00
Simon Josefsson
522c301dae Permit somewhat longer nonces (think SHA1 hex). 2010-04-23 20:33:45 +00:00
Simon Josefsson
4ac054f9cd Improve error checking of nonce. 2010-04-23 20:32:39 +00:00
Olov Danielson
93652d54f6 Corrected spelling error for replayed_request 2010-01-20 14:06:57 +00:00
Olov Danielson
1809e7fb90 Added otp, nonce in all responses for protocol >= 2.0. 2010-01-20 10:37:21 +00:00
Olov Danielson
6ab59bb850 . 2010-01-19 12:53:29 +00:00
Olov Danielson
9bc6b90e45 In protocol versions less than 2.0, nonce needs to added by server. This must be done after signature is computed. 2010-01-19 12:45:31 +00:00
Simon Josefsson
9cf8bce177 Fix last commit. 2010-01-14 14:19:20 +00:00
Simon Josefsson
005b6af0fc Review fixes. 2010-01-14 14:15:17 +00:00
Olov Danielson
12bd456dca . 2010-01-14 11:58:19 +00:00
Olov Danielson
c2245924cf Added possibility to use custom fields in logging module. Also added client IP and otp in verify and sync logs. 2010-01-14 11:25:17 +00:00
Olov Danielson
433c82cce7 Added a few checks for input parameters and corrected warnings according to new docuemnt 2010-01-14 09:39:48 +00:00
Olov Danielson
ab952c523c . 2010-01-13 15:32:57 +00:00
Olov Danielson
0d105e5ecc . 2010-01-12 15:24:38 +00:00
Olov Danielson
6cc547f791 Remove ID column from yubikeys and queue table. Renamed and changed random_key to server_nonce 2010-01-12 13:00:28 +00:00
Olov Danielson
a839954882 Unified logging to use Log class defined in ykval-log.php which in turn uses syslog.
NOTE: ykval common debug function is still available but uses Log class aswell to actually
log message.
2010-01-11 12:06:00 +00:00
Olov Danielson
851aa21c66 Changed to using PDO database connection 2010-01-08 16:35:25 +00:00
Olov Danielson
b9701c16ea Changed DB-names to be more consistent (WARNING current revision might be broken but needs to be submitted for multiserver test purposes) 2010-01-08 13:54:33 +00:00
Olov Danielson
6788e5effa 1. Nonce introduced in protocol. This required changes in the chain from client->verify->sync.
2. ykval-verify is modified a bit. It now acts more as a flow controller and relies on ykval-synclib 
to do details on DB-calls and counterlogic. The "system" decision making is still located in ykval-verify.
2009-12-15 10:17:51 +00:00
Olov Danielson
7be831db12 Corrected calculation of hmac with extra parameters (protocol v. 2). Corrected calculation of sl return value (use float inside) 2009-12-08 16:07:08 +00:00
Olov Danielson
03366efa60 sl parameter returned on "NOT_ENOUGH_ANSWERS" 2009-12-08 10:26:27 +00:00
Olov Danielson
f7cf1e1a5d Taking care of sl and timeout parameters in new protocol 2009-12-07 19:13:20 +00:00
Olov Danielson
55aeffc066 Storing local param info at the time when verify request arrived.
Used to give correct warnings of wether local/remote is out of sync or not
2009-12-04 11:57:49 +00:00
Olov Danielson
f04dcbc0e7 Committed first trial version for replication protocol. 2009-12-02 17:32:20 +00:00
Olov Danielson
65d150ccde Added option to get timestamp and session counters in the response.
Use with

verify?id=x&otp=xxx..&timestamp=1

returns timestamp, sessoncounter and session use in response
2009-10-05 14:53:28 +00:00
Simon Josefsson
9b5602656a Lay foundation for get-api-key service. 2009-08-28 10:55:56 +00:00
Simon Josefsson
479d5b1e7f Cleanups. 2009-05-06 15:07:05 +00:00
Simon Josefsson
2a0a4e389e If adding key doesn't work, it is an internal error. 2009-05-06 14:44:03 +00:00
Simon Josefsson
4050b68af8 Don't use die. 2009-05-06 14:23:04 +00:00
Simon Josefsson
c72f75f539 Drop chk_time. 2009-05-06 13:20:40 +00:00
Simon Josefsson
716182d744 Rename and cleanup. 2009-05-04 14:41:18 +00:00