/* Build OTP params */
$otpParams = array('modified' => time(), 'otp' => $otp, 'nonce' => $nonce, 'yk_publicname' => $yk_publicname, 'yk_counter' => $otpinfo['session_counter'], 'yk_use' => $otpinfo['session_use'], 'yk_high' => $otpinfo['high'], 'yk_low' => $otpinfo['low']);
/* First check if OTP is seen with the same nonce, in such case we have an replayed request */
if ($sync->countersEqual($localParams, $otpParams) && $localParams['nonce'] == $otpParams['nonce']) {
$myLog->log(LOG_WARNING, 'Replayed request');
sendResp(S_REPLAYED_REQUEST, $myLog, $apiKey, $extra);
}
/* Check the OTP counters against local db */
if ($sync->countersHigherThanOrEqual($localParams, $otpParams)) {
$sync->log(LOG_WARNING, 'replayed OTP: Local counters higher');
$sync->log(LOG_WARNING, 'replayed OTP: Local counters ', $localParams);
$sync->log(LOG_WARNING, 'replayed OTP: Otp counters ', $otpParams);
sendResp(S_REPLAYED_OTP, $myLog, $apiKey, $extra);
}
/* Valid OTP, update database. */
if (!$sync->updateDbCounters($otpParams)) {
$myLog->log(LOG_CRIT, 'Failed to update yubikey counters in database');
sendResp(S_BACKEND_ERROR, $myLog, $apiKey);
}
/* Queue sync requests */
if (!$sync->queue($otpParams, $localParams)) {
$myLog->log(LOG_CRIT, 'ykval-verify:critical:failed to queue sync requests');
sendResp(S_BACKEND_ERROR, $myLog, $apiKey);
}
$nr_servers = $sync->getNumberOfServers();
$req_answers = ceil($nr_servers * $sl / 100.0);
if ($req_answers > 0) {
$syncres = $sync->sync($req_answers, $timeout);
$nr_answers = $sync->getNumberOfAnswers();
$nr_valid_answers = $sync->getNumberOfValidAnswers();
$sl_success_rate = floor(100.0 * $nr_valid_answers / $nr_servers);
# Get local counter data
#
$yk_publicname = $syncParams['yk_publicname'];
$localParams = $sync->getLocalParams($yk_publicname);
if (!$localParams) {
$myLog->log(LOG_NOTICE, 'Invalid Yubikey ' . $yk_publicname);
sendResp(S_BACKEND_ERROR, $apiKey);
exit;
}
if ($localParams['active'] != 1) {
$myLog->log(LOG_NOTICE, 'De-activated Yubikey ' . $yk_publicname);
sendResp(S_BAD_OTP, $apiKey);
exit;
}
/* Conditional update local database */
$sync->updateDbCounters($syncParams);
$myLog->log(LOG_DEBUG, 'Local params ', $localParams);
$myLog->log(LOG_DEBUG, 'Sync request params ', $syncParams);
#
# Compare sync and local counters and generate warnings according to
#
# http://code.google.com/p/yubikey-val-server-php/wiki/ServerReplicationProtocol
#
if ($sync->countersHigherThan($localParams, $syncParams)) {
$myLog->log(LOG_WARNING, 'Remote server out of sync.');
}
if ($sync->countersEqual($localParams, $syncParams)) {
if ($syncParams['modified'] == $localParams['modified'] && $syncParams['nonce'] == $localParams['nonce']) {
$myLog->log(LOG_NOTICE, 'Sync request unnessecarily sent');
}
if ($syncParams['modified'] != $localParams['modified'] && $syncParams['nonce'] == $localParams['nonce']) {
