rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2024-11-29 09:24:12 +01:00
Code Issues Projects Releases Wiki Activity
841 Commits 7 Branches 44 Tags 1.1 MiB
ec3f7788a0
Commit Graph

127 Commits

Author SHA1 Message Date
Jean Paul Galea
b417759932 Update copyright year. 2015-07-20 20:01:16 +00:00
Jean Paul Galea
c94f0d03a1 Refactor. 
- getClientData() returns array or bool false on failure.
 2015-07-18 00:19:04 +02:00
Jean Paul Galea
ef8a8640c7 FIXME markers. 2015-07-18 00:09:19 +02:00
Jean Paul Galea
ed169f49c5 Refactor. 
- getLocalParams() returns array or bool false on failure.
 2015-07-17 23:17:28 +02:00
Jean Paul Galea
e604477fff Refactor. 
- str sub instead of concat.
 2015-07-17 23:11:32 +02:00
Jean Paul Galea
2b434df808 Refactor. 
- removed duplicate variable.
 2015-07-17 23:10:27 +02:00
Jean Paul Galea
8991c2c0c4 Cosmetic changes. 2015-07-17 23:01:36 +02:00
Jean Paul Galea
1e2568da3c Refactor. 
- KSMDecryptOTP returns array or bool false on failure.
 2015-07-17 22:55:23 +02:00
Jean Paul Galea
8edf9ba465 Cosmetic changes. 2015-07-17 21:32:09 +02:00
Jean Paul Galea
ac3b4978b8 Cosmetic changes. 2015-07-17 21:30:30 +02:00
Jean Paul Galea
d9194c854d Cosmetic changes. 2015-07-17 21:25:15 +02:00
Jean Paul Galea
a66322754d Cosmetic changes. 2015-07-17 21:23:00 +02:00
Jean Paul Galea
2170247166 Cosmetic changes. 2015-07-17 21:20:14 +02:00
Jean Paul Galea
38c048b833 Cosmetic changes. 2015-07-17 21:17:29 +02:00
Jean Paul Galea
be27f62236 Cosmetic changes. 2015-07-17 21:16:40 +02:00
Jean Paul Galea
291bd32bae Refactor. 
- after each sendResp() we had an exit;

- move exit; inside sendResp() function instead.
 2015-07-16 22:47:16 +02:00
Jean Paul Galea
bc5319327b Unwrap function. 2015-07-16 22:35:34 +02:00
Jean Paul Galea
6e4b89048e Refactor. 
- better grouping for validation.
 2015-07-16 15:39:42 +02:00
Jean Paul Galea
e76c5002f2 Drop php closing tags. 2015-07-15 15:14:25 +02:00
Jean Paul Galea
8df329aa0e Allowed certain cURL options to be configurable. 
- When calling either URLs in the sync pool or the KSMs,
    the following curl options are configurable;

    CURLOPT_PROTOCOLS
    CURLOPT_IPRESOLVE
    CURLOPT_SSLVERSION
    CURLOPT_SSL_VERIFYPEER
    CURLOPT_SSL_VERIFYHOST
    CURLOPT_CAINFO
    CURLOPT_CAPATH
 2015-04-13 17:42:13 +02:00
Dain Nilsson
1b2dfd136c Use constant time string comparisson for validating HMAC signature 
(fixes #26).
 2014-09-27 15:47:57 +02:00
Simon Josefsson
276616d871 Use LF as EOL consistently. 2013-04-17 17:24:50 +02:00
Simon Josefsson
ae217ceb10 Log query for POST requests too. 2013-03-12 11:23:25 +01:00
Dain Nilsson
ee1f040b00 Updated copyright headers. 2013-02-04 17:39:36 +01:00
Klas Lindfors
34706698a4 Merge branch 'master' into feature/oracle_support 
Conflicts:
	ykval-db.php
	ykval-export.php
	ykval-synclib.php
 2012-06-29 10:33:41 +02:00
Fredrik Thulin
499377fd2f Change protocol version logging to 'debug'. 2012-06-14 15:54:51 +02:00
Fredrik Thulin
6c80f76102 Get rid of debug() - use log_format() for the formatting part. 2012-06-14 15:23:53 +02:00
Fredrik Thulin
765620f17b Merge branch 'master' of github.com:Yubico/yubikey-val-server-php into devel/refactor_retrieveURLasync 2012-06-14 15:19:19 +02:00
Fredrik Thulin
c8e9eb828f Pass logger object to retrieveURLasync() 2012-06-14 15:19:04 +02:00
Klas Lindfors
6c9edb0db2 instead of passing context to sendResp, give it a logger. 2012-06-14 15:15:47 +02:00
Klas Lindfors
01969a279e let sendResp take one more parameter $context 
use for logging if it's a response to sync or verify.
 2012-06-14 14:55:50 +02:00
Klas Lindfors
cf49385bf3 rest of oracle patches from Remi Mollon <Remi.Mollon@cern.ch> 2012-06-12 10:35:49 +02:00
Fredrik Thulin
b5976ad3c9 delete-trailing-whitespace 2012-05-29 11:07:19 +02:00
Klas Lindfors
6a94b396dc check if $sl or $timeout is empty, if they are insert default 2012-05-24 14:37:01 +02:00
Simon Josefsson
f2b05822ef Silence PHP warnings. 2012-05-21 09:12:33 +02:00
Klas Lindfors
2e0dbfa2c3 build up the array to sign by taking $_GET or $_POST and remove the h key 2012-05-16 13:45:08 +02:00
Klas Lindfors
854a6527d6 update comment about nonce to reflect what the code actually does enforce 2012-05-08 13:43:21 +02:00
Klas Lindfors
da24a3fe30 fix fast or secure strings as sl 
move transformation of strings for sync and default values for sync and
timeout to before sanity checking.
 2012-02-22 14:27:24 +01:00
Simon Josefsson
a68539e884 Tiny fixes to silence PHP warnings from Hiroki Nose <Hiroki_Nose@totec.co.jp>. 
1. PHP Notice:  Use of undefined constant CURL_OK - assumed 'CURL_OK' in /usr/share/ykval/ykval-common.php on line 156 
 2. PHP Notice:  Undefined index: HTTPS in /usr/share/ykval/ykval-verify.php on line 14 
 3. PHP Notice:  Undefined variable: query in /usr/share/ykval/ykval-db.php on line 186
 2011-10-25 08:08:31 +00:00
Simon Josefsson
fb506d0238 Don't echo (unsanitized) OTP/NONCE values back to client when 
sending error codes.  Reported by Paul van Empelen.
 2011-08-18 12:19:15 +00:00
Simon Josefsson
016313a1e3 Support YubiKey OTPs filtered through a US Dvorak keyboard layout. 2010-09-21 08:13:36 +00:00
Simon Josefsson
dd9f472e77 Fix typo. 2010-09-12 10:42:32 +00:00
Simon Josefsson
8ea97ab0fb Sanity check OTP variable before trusting it. 
Reported by Ricky Zhou <ricky@fedoraproject.org>.
 2010-09-12 10:39:23 +00:00
Simon Josefsson
c9f58a83c7 Log HTTPS status. 2010-08-22 14:38:26 +00:00
Simon Josefsson
069092fd6b Timestamp requests. 2010-08-22 13:27:46 +00:00
Simon Josefsson
7b18b50ee7 When number of sync servers equals zero, set sync result to success. 
Patch from arte42.ripe in issue #7.
 2010-05-17 13:06:06 +00:00
Simon Josefsson
2f099df58c Don't reject on nonce error for v1.x requests. 2010-04-23 21:44:25 +00:00
Simon Josefsson
522c301dae Permit somewhat longer nonces (think SHA1 hex). 2010-04-23 20:33:45 +00:00
Simon Josefsson
4ac054f9cd Improve error checking of nonce. 2010-04-23 20:32:39 +00:00
Olov Danielson
93652d54f6 Corrected spelling error for replayed_request 2010-01-20 14:06:57 +00:00
Olov Danielson
1809e7fb90 Added otp, nonce in all responses for protocol >= 2.0. 2010-01-20 10:37:21 +00:00
Olov Danielson
6ab59bb850 . 2010-01-19 12:53:29 +00:00
Olov Danielson
9bc6b90e45 In protocol versions less than 2.0, nonce needs to added by server. This must be done after signature is computed. 2010-01-19 12:45:31 +00:00
Simon Josefsson
9cf8bce177 Fix last commit. 2010-01-14 14:19:20 +00:00
Simon Josefsson
005b6af0fc Review fixes. 2010-01-14 14:15:17 +00:00
Olov Danielson
12bd456dca . 2010-01-14 11:58:19 +00:00
Olov Danielson
c2245924cf Added possibility to use custom fields in logging module. Also added client IP and otp in verify and sync logs. 2010-01-14 11:25:17 +00:00
Olov Danielson
433c82cce7 Added a few checks for input parameters and corrected warnings according to new docuemnt 2010-01-14 09:39:48 +00:00
Olov Danielson
ab952c523c . 2010-01-13 15:32:57 +00:00
Olov Danielson
0d105e5ecc . 2010-01-12 15:24:38 +00:00
Olov Danielson
6cc547f791 Remove ID column from yubikeys and queue table. Renamed and changed random_key to server_nonce 2010-01-12 13:00:28 +00:00
Olov Danielson
a839954882 Unified logging to use Log class defined in ykval-log.php which in turn uses syslog. 
NOTE: ykval common debug function is still available but uses Log class aswell to actually
log message.
 2010-01-11 12:06:00 +00:00
Olov Danielson
851aa21c66 Changed to using PDO database connection 2010-01-08 16:35:25 +00:00
Olov Danielson
b9701c16ea Changed DB-names to be more consistent (WARNING current revision might be broken but needs to be submitted for multiserver test purposes) 2010-01-08 13:54:33 +00:00
Olov Danielson
6788e5effa 1. Nonce introduced in protocol. This required changes in the chain from client->verify->sync. 
2. ykval-verify is modified a bit. It now acts more as a flow controller and relies on ykval-synclib 
to do details on DB-calls and counterlogic. The "system" decision making is still located in ykval-verify.
 2009-12-15 10:17:51 +00:00
Olov Danielson
7be831db12 Corrected calculation of hmac with extra parameters (protocol v. 2). Corrected calculation of sl return value (use float inside) 2009-12-08 16:07:08 +00:00
Olov Danielson
03366efa60 sl parameter returned on "NOT_ENOUGH_ANSWERS" 2009-12-08 10:26:27 +00:00
Olov Danielson
f7cf1e1a5d Taking care of sl and timeout parameters in new protocol 2009-12-07 19:13:20 +00:00
Olov Danielson
55aeffc066 Storing local param info at the time when verify request arrived. 
Used to give correct warnings of wether local/remote is out of sync or not
 2009-12-04 11:57:49 +00:00
Olov Danielson
f04dcbc0e7 Committed first trial version for replication protocol. 2009-12-02 17:32:20 +00:00
Olov Danielson
65d150ccde Added option to get timestamp and session counters in the response. 
Use with

verify?id=x&otp=xxx..&timestamp=1

returns timestamp, sessoncounter and session use in response
 2009-10-05 14:53:28 +00:00
Simon Josefsson
9b5602656a Lay foundation for get-api-key service. 2009-08-28 10:55:56 +00:00
Simon Josefsson
479d5b1e7f Cleanups. 2009-05-06 15:07:05 +00:00
Simon Josefsson
2a0a4e389e If adding key doesn't work, it is an internal error. 2009-05-06 14:44:03 +00:00
Simon Josefsson
4050b68af8 Don't use die. 2009-05-06 14:23:04 +00:00
Simon Josefsson
c72f75f539 Drop chk_time. 2009-05-06 13:20:40 +00:00
Simon Josefsson
716182d744 Rename and cleanup. 2009-05-04 14:41:18 +00:00