*/ if ($protocol_version < 2.0) { /* We need to create a nonce manually here */ $nonce = md5(uniqid(rand())); $myLog->log(LOG_INFO, 'protocol version below 2.0. Created nonce ' . $nonce); } //// Which YK-KSM should we talk to? // $urls = otp2ksmurls($otp, $client); if (!is_array($urls)) { sendResp(S_BACKEND_ERROR, $myLog, $apiKey); exit; } //// Decode OTP from input // $otpinfo = KSMdecryptOTP($urls, $myLog); if (!is_array($otpinfo)) { sendResp(S_BAD_OTP, $myLog, $apiKey); exit; } $myLog->log(LOG_DEBUG, "Decrypted OTP:", $otpinfo); //// Get Yubikey from DB // $devId = substr($otp, 0, strlen($otp) - TOKEN_LEN); $yk_publicname = $devId; $localParams = $sync->getLocalParams($yk_publicname); if (!$localParams) { $myLog->log(LOG_NOTICE, 'Invalid Yubikey ' . $yk_publicname); sendResp(S_BACKEND_ERROR, $myLog, $apiKey); exit; }
if ($protocol_version < 2.0) { // we need to create a nonce manually here $nonce = md5(uniqid(rand())); $myLog->log(LOG_INFO, "protocol version below 2.0. Created nonce {$nonce}"); } // which YK-KSM should we talk to? $urls = otp2ksmurls($otp, $client); if (!is_array($urls)) { sendResp(S_BACKEND_ERROR, $myLog, $apiKey); } // decode OTP from input $curlopts = array(); if (array_key_exists('__YKVAL_KSM_CURL_OPTS__', $baseParams)) { $curlopts = $baseParams['__YKVAL_KSM_CURL_OPTS__']; } if (($otpinfo = KSMdecryptOTP($urls, $myLog, $curlopts)) === FALSE) { sendResp(S_BAD_OTP, $myLog, $apiKey); } $myLog->log(LOG_DEBUG, 'Decrypted OTP:', $otpinfo); // get Yubikey from DB $yk_publicname = substr($otp, 0, strlen($otp) - TOKEN_LEN); if (($localParams = $sync->getLocalParams($yk_publicname)) === FALSE) { $myLog->log(LOG_NOTICE, "Invalid Yubikey {$yk_publicname}"); sendResp(S_BACKEND_ERROR, $myLog, $apiKey); } $myLog->log(LOG_DEBUG, 'Auth data:', $localParams); if ($localParams['active'] != 1) { $myLog->log(LOG_NOTICE, "De-activated Yubikey {$yk_publicname}"); sendResp(S_BAD_OTP, $myLog, $apiKey); } /* Build OTP params */
*/ if ($protocol_version < 2.0) { /* We need to create a nonce manually here */ $nonce = md5(uniqid(rand())); $myLog->log(LOG_INFO, 'protocol version below 2.0. Created nonce ' . $nonce); } //// Which YK-KSM should we talk to? // $urls = otp2ksmurls($otp, $client); if (!is_array($urls)) { sendResp(S_BACKEND_ERROR, $apiKey); exit; } //// Decode OTP from input // $otpinfo = KSMdecryptOTP($urls); if (!is_array($otpinfo)) { sendResp(S_BAD_OTP, $apiKey); exit; } $myLog->log(LOG_DEBUG, "Decrypted OTP:", $otpinfo); //// Get Yubikey from DB // $devId = substr($otp, 0, strlen($otp) - TOKEN_LEN); $yk_publicname = $devId; $localParams = $sync->getLocalParams($yk_publicname); if (!$localParams) { $myLog->log(LOG_NOTICE, 'Invalid Yubikey ' . $yk_publicname); sendResp(S_BACKEND_ERROR, $apiKey); exit; }