mirror of
https://github.com/Yubico/yubikey-val.git
synced 2025-01-20 10:52:15 +01:00
102 lines
2.5 KiB
PHP
102 lines
2.5 KiB
PHP
<?php require_once '../yubiphpbase/appinclude.php';
|
|
require_once '../yubiphpbase/yubi_lib.php';
|
|
require_once 'common.php';
|
|
|
|
header("content-type: text/plain");
|
|
|
|
$trace = 1;
|
|
|
|
$client = getHttpVal('id', 0);
|
|
if ($client <= 0) {
|
|
debug('Client ID is missing, default to 1 (root)');
|
|
$client = 1;
|
|
}
|
|
|
|
$nonce = getHttpVal('nonce', '');
|
|
if ($nonce == '') {
|
|
reply(S_MISSING_PARAMETER, '', $client, '', 'nonce');
|
|
exit;
|
|
}
|
|
|
|
$h = getHttpVal('h', '');
|
|
if ($h == '') {
|
|
reply(S_MISSING_PARAMETER, '', $client, $nonce, 'h');
|
|
exit;
|
|
}
|
|
|
|
$op = getHttpVal('operation', '');
|
|
if ($op == '') {
|
|
reply(S_MISSING_PARAMETER, '', $client, $nonce, 'operation');
|
|
exit;
|
|
} else if ($op != 'add_key') {
|
|
reply(S_OPERATION_NOT_ALLOWED, $ci['secret'], $client, $nonce, $op);
|
|
exit;
|
|
}
|
|
|
|
$ci = getClientInfo($client);
|
|
|
|
if (! isset($ci['id'])) {
|
|
debug('Client '.$client.' not found!');
|
|
$client = 1;
|
|
if (($ci = getClientInfo($client)) == null) {
|
|
debug('Root client not found, service not installed properly!');
|
|
reply(S_BACKEND_ERROR, '', $client, $nonce, 'root client');
|
|
exit;
|
|
}
|
|
reply(S_BAD_CLIENT, $ci['secret'], $client, $nonce);
|
|
exit;
|
|
}
|
|
|
|
if ($ci['perm_id'] != 1 && $ci['perm_id'] != 2) {
|
|
reply(S_OPERATION_NOT_ALLOWED, $ci['secret'], $client, $nonce, $ci['perm_id']);
|
|
exit;
|
|
}
|
|
|
|
$tokenId = base64_encode(genRandRaw(6));
|
|
$secret = base64_encode(genRandRaw(16));
|
|
$keyid = addNewKey($tokenId, 1, $secret, '', $client);
|
|
|
|
if ($keyid > 0) {
|
|
debug('Key '.$keyid.' added');
|
|
reply(S_OK, $ci['secret'], $client, $nonce);
|
|
} else {
|
|
reply(S_BACKEND_ERROR, $ci['secret'], $client, $nonce);
|
|
exit;
|
|
}
|
|
|
|
function reply($status, $apiKey, $client_id, $nonce, $info=null) {
|
|
global $tokenId;
|
|
|
|
if ($status == null) {
|
|
$status = S_BACKEND_ERROR;
|
|
}
|
|
|
|
date_default_timezone_set('UTC');
|
|
$timestamp = date('Y-m-d\TH:i:s\ZZ', time());
|
|
|
|
//// Prepare the response to the user
|
|
//
|
|
$respParams = 'status='.$status.'&t='.$timestamp;
|
|
|
|
// Generate the signature
|
|
debug('API key: '.$apiKey); // API key of the client
|
|
debug('Signing response: '.$respParams);
|
|
// the TRUE at the end states we want the raw value, not hexadecimal form
|
|
$hmac = hash_hmac('sha1', utf8_encode($respParams), $apiKey, true);
|
|
//outputToFile('hmac', $hmac, "b");
|
|
// now take that byte value and base64 encode it
|
|
$hmac = base64_encode($hmac);
|
|
|
|
echo 'h='.$hmac.PHP_EOL;
|
|
if ($info != null) {
|
|
echo 'info='.$info.PHP_EOL;
|
|
}
|
|
echo 'nonce='.$nonce.PHP_EOL;
|
|
echo 'status='.$status.PHP_EOL;
|
|
echo 't='.$timestamp.PHP_EOL;
|
|
echo PHP_EOL;
|
|
|
|
} // End reply
|
|
|
|
?>
|