NULL, 'time_end' => NULL, 'time_taken' => NULL, 'ip' => NULL, 'client' => NULL, 'public_id' => NULL, 'otp' => NULL, 'status' => NULL, 'nonce' => NULL, 'signed' => NULL, 'counter' => NULL, 'low' => NULL, 'high' => NULL, 'use' => NULL, 'tls' => NULL, 'protocol' => NULL, ); /** * Set field value. * * @param $name string * @param $value mixed * @return bool */ public function set($name, $value) { // not settable from outside if ($name === 'time_end' || $name === 'time_taken') return false; if (array_key_exists($name, $this->fields) === FALSE) return false; $this->fields[$name] = $value; return true; } /** * Write verify request log line to syslog. * * P.S only writes to syslog if __YKVAL_VERIFY_LOGFORMAT__ * is set correctly in ykval-config.php. * * @return bool */ public function write() { if (($logformat = $this->logformat()) === FALSE) return false; $values = array(); foreach ($this->sanitized() as $key => $val) { $values['%'.$key.'%'] = $val; } $message = strtr($logformat, $values); if (!is_string($message)) return false; return syslog(LOG_INFO, $message); } /** * Fetch the logging format as set in the configuration file. * * @return string|bool */ private function logformat() { require_once 'ykval-config.php'; if (!isset($baseParams) || !is_array($baseParams) || !array_key_exists('__YKVAL_VERIFY_LOGFORMAT__', $baseParams) || !is_string($baseParams['__YKVAL_VERIFY_LOGFORMAT__'])) { return false; } return $baseParams['__YKVAL_VERIFY_LOGFORMAT__']; } /** * Sanitize untrusted values from clients before writing them to syslog. * * P.S. signed, status, time_start, tls are assumed safe, * since they are set internally. * * @return array sanitized $this->fields */ private function sanitized() { $a = $this->fields; if (preg_match('/^[cbdefghijklnrtuv]+$/', $a['public_id']) !== 1 || strlen($a['public_id']) < 1 || strlen($a['public_id']) > (OTP_MAX_LEN - TOKEN_LEN)) { $a['public_id'] = '-'; } if (preg_match('/^[cbdefghijklnrtuv]+$/', $a['otp']) !== 1 || strlen($a['otp']) < TOKEN_LEN || strlen($a['otp']) > OTP_MAX_LEN) { $a['otp'] = '-'; } if (preg_match('/^[0-9]+$/', $a['client']) !== 1) $a['client'] = '-'; if (filter_var($a['ip'], FILTER_VALIDATE_IP) === FALSE) $a['ip'] = '-'; if (is_int($a['counter']) === FALSE) $a['counter'] = '-'; if (is_int($a['low']) === FALSE) $a['low'] = '-'; if (is_int($a['high']) === FALSE) $a['high'] = '-'; if (is_int($a['use']) === FALSE) $a['use'] = '-'; if (preg_match('/^[a-zA-Z0-9]{16,40}$/', $a['nonce']) !== 1) $a['nonce'] = '-'; if (is_float($a['protocol']) === TRUE) $a['protocol'] = sprintf('%.1f', $a['protocol']); else $a['protocol'] = '-'; $start = explode(' ', $a['time_start']); $start_msec = $start[0]; $start_sec = $start[1]; $start = bcadd($start_sec, $start_msec, 8); unset($start_sec, $start_msec); $end = explode(' ', microtime()); $end_msec = $end[0]; $end_sec = $end[1]; $end = bcadd($end_sec, $end_msec, 8); unset($end_sec, $end_msec); $taken = bcsub($end, $start, 8); $a['time_start'] = $start; $a['time_end'] = $end; $a['time_taken'] = $taken; return $a; } }