示例#1
0
    sendResp(S_MISSING_PARAMETER, $myLog);
}
if (isset($nonce) && (strlen($nonce) < 16 || strlen($nonce) > 40)) {
    $myLog->log(LOG_NOTICE, 'Nonce too short or too long');
    sendResp(S_MISSING_PARAMETER, $myLog);
}
/**
 * Timestamp parameter is not checked since current protocol
 *	says that 1 means request timestamp and anything else is discarded.
 */
/**
 * Initialize the sync library. Strive to use this instead of custom
 *	DB requests, custom comparisons etc.
 */
$sync = new SyncLib('ykval-verify:synclib');
$sync->addField('ip', $ipaddr);
$sync->addField('otp', $otp);
if (!$sync->isConnected()) {
    sendResp(S_BACKEND_ERROR, $myLog);
}
if (($cd = $sync->getClientData($client)) === FALSE) {
    $myLog->log(LOG_NOTICE, "Invalid client id {$client}");
    sendResp(S_NO_SUCH_CLIENT, $myLog);
}
$myLog->log(LOG_DEBUG, 'Client data:', $cd);
/**
 * Check client signature
 */
$apiKey = $cd['secret'];
$apiKey = base64_decode($apiKey);
unset($cd);
示例#2
0
    $res = $db->customQuery("SELECT yk_publicname FROM yubikeys WHERE active = true");
    while ($r = $db->fetchArray($res)) {
        $yubikeys[] = $r['yk_publicname'];
    }
    $db->closeCursor($res);
} else {
    # Check if key exists
    $r = $db->findBy('yubikeys', 'yk_publicname', $yk, 1);
    if (!$r) {
        logdie($myLog, "ERROR Unknown yubikey: {$yk}");
    }
    $yubikeys = array($yk);
}
/* Initialize the sync library. */
$sync = new SyncLib('ykval-resync:synclib');
$sync->addField('ip', $_SERVER['REMOTE_ADDR']);
$sync->addField('yk', $yk);
if (!$sync->isConnected()) {
    logdie($myLog, 'ERROR Database connect error (2)');
}
foreach ($yubikeys as $key) {
    if (($localParams = $sync->getLocalParams($key)) === FALSE) {
        logdie($myLog, 'ERROR Invalid Yubikey ' . $key);
    }
    $localParams['otp'] = $key . str_repeat('c', 32);
    // Fake an OTP, only used for logging.
    $myLog->log(LOG_DEBUG, "Auth data:", $localParams);
    /* Queue sync request */
    if (!$sync->queue($localParams, $localParams)) {
        logdie($myLog, 'ERROR Failed resync');
    }
示例#3
0
// define requirements on protocol
$syncParams = array('modified' => NULL, 'otp' => NULL, 'nonce' => NULL, 'yk_publicname' => NULL, 'yk_counter' => NULL, 'yk_use' => NULL, 'yk_high' => NULL, 'yk_low' => NULL);
// extract values from HTTP request
$tmp_log = 'Received ';
foreach ($syncParams as $param => $value) {
    $value = getHttpVal($param, NULL);
    if ($value == NULL) {
        $myLog->log(LOG_NOTICE, "Received request with parameter[s] ({$param}) missing value");
        sendResp(S_MISSING_PARAMETER, $myLog);
    }
    $syncParams[$param] = $value;
    $tmp_log .= "{$param}={$value} ";
}
$myLog->log(LOG_INFO, $tmp_log);
$sync = new SyncLib('ykval-sync:synclib');
$sync->addField('ip', $ipaddr);
if (!$sync->isConnected()) {
    sendResp(S_BACKEND_ERROR, $myLog);
}
// at this point we should have the otp so let's add it to the logging module
$myLog->addField('otp', $syncParams['otp']);
$sync->addField('otp', $syncParams['otp']);
// verify correctness of input parameters
foreach (array('modified', 'yk_counter', 'yk_use', 'yk_high', 'yk_low') as $param) {
    // -1 is valid except for modified
    if ($param !== 'modified' && $syncParams[$param] === '-1') {
        continue;
    }
    // [0-9]+
    if ($syncParams[$param] !== '' && ctype_digit($syncParams[$param])) {
        continue;
示例#4
0
<?php

require_once 'ykval-common.php';
require_once 'ykval-config.php';
require_once 'ykval-synclib.php';
$apiKey = '';
header("content-type: text/plain");
$myLog = new Log('ykval-sync');
$myLog->addField('ip', $_SERVER['REMOTE_ADDR']);
$myLog->log(LOG_INFO, "Request: " . $_SERVER['QUERY_STRING']);
$sync = new SyncLib('ykval-sync:synclib');
$sync->addField('ip', $_SERVER['REMOTE_ADDR']);
if (!$sync->isConnected()) {
    sendResp(S_BACKEND_ERROR, $apiKey);
    exit;
}
#
# Verify that request comes from valid server
#
$myLog->log(LOG_INFO, 'remote request ip is ' . $_SERVER['REMOTE_ADDR']);
$allowed = False;
foreach ($baseParams['__YKVAL_ALLOWED_SYNC_POOL__'] as $server) {
    $myLog->log(LOG_DEBUG, 'checking against ip ' . $server);
    if ($_SERVER['REMOTE_ADDR'] == $server) {
        $myLog->log(LOG_DEBUG, 'server ' . $server . ' is allowed');
        $allowed = True;
        break;
    }
}
if (!$allowed) {
    $myLog->log(LOG_NOTICE, 'Operation not allowed from IP ' . $_SERVER['REMOTE_ADDR']);
示例#5
0
    sendResp(S_MISSING_PARAMETER, $myLog);
    exit;
}
// NOTE: Timestamp parameter is not checked since current protocol says that 1 means request timestamp
// and anything else is discarded.
//// Get Client info from DB
//
if ($client <= 0) {
    $myLog->log(LOG_NOTICE, 'Client ID is missing');
    sendResp(S_MISSING_PARAMETER, $myLog);
    exit;
}
/* Initialize the sync library. Strive to use this instead of custom
   DB requests, custom comparisons etc */
$sync = new SyncLib('ykval-verify:synclib');
$sync->addField('ip', $_SERVER['REMOTE_ADDR']);
$sync->addField('otp', $otp);
if (!$sync->isConnected()) {
    sendResp(S_BACKEND_ERROR, $myLog);
    exit;
}
$cd = $sync->getClientData($client);
if (!$cd) {
    $myLog->log(LOG_NOTICE, 'Invalid client id ' . $client);
    sendResp(S_NO_SUCH_CLIENT, $myLog);
    exit;
}
$myLog->log(LOG_DEBUG, "Client data:", $cd);
//// Check client signature
//
$apiKey = base64_decode($cd['secret']);