55 return array( |
55 return array( |
56 'success' => false, |
56 'success' => false, |
57 'error' => 'otp_invalid_chars' |
57 'error' => 'otp_invalid_chars' |
58 ); |
58 ); |
59 } |
59 } |
|
60 // are we using local YMS? |
|
61 if ( getConfig('yubikey_use_local_yms', 0) && defined('YMS_INSTALLED') ) |
|
62 { |
|
63 $result = yms_validate_otp($otp, $api_id); |
|
64 if ( $result == 'OK' ) |
|
65 { |
|
66 return array( |
|
67 'success' => true |
|
68 ); |
|
69 } |
|
70 else |
|
71 { |
|
72 return array( |
|
73 'success' => false, |
|
74 'error' => strtolower("response_{$result}") |
|
75 ); |
|
76 } |
|
77 } |
60 // make HTTP request |
78 // make HTTP request |
61 require_once( ENANO_ROOT . '/includes/http.php' ); |
79 require_once( ENANO_ROOT . '/includes/http.php' ); |
62 $auth_url = getConfig('yubikey_auth_server', YK_DEFAULT_VERIFY_URL); |
80 $auth_url = getConfig('yubikey_auth_server', YK_DEFAULT_VERIFY_URL); |
63 $auth_url = preg_replace('#^https?://#i', '', $auth_url); |
81 $auth_url = preg_replace('#^https?://#i', '', $auth_url); |
64 if ( !preg_match('#^(\[?[a-z0-9-:]+(?:\.[a-z0-9-:]+\]?)*)(?::([0-9]+))?(/.*)$#U', $auth_url, $match) ) |
82 if ( !preg_match('#^(\[?[a-z0-9-:]+(?:\.[a-z0-9-:]+\]?)*)(?::([0-9]+))?(/.*)$#U', $auth_url, $match) ) |
159 'error' => strtolower("response_{$response['status']}") |
177 'error' => strtolower("response_{$response['status']}") |
160 ); |
178 ); |
161 } |
179 } |
162 } |
180 } |
163 |
181 |
164 function yubikey_sign($arr) |
182 function yubikey_sign($arr, $use_api_key = false) |
165 { |
183 { |
166 static $api_key = false; |
184 static $api_key = false; |
167 |
185 |
168 ksort($arr); |
186 ksort($arr); |
169 |
187 |
170 if ( !$api_key ) |
188 if ( !$use_api_key ) |
171 { |
189 { |
172 $api_key = getConfig('yubikey_api_key'); |
190 if ( !$api_key ) |
173 $api_key = hexencode(base64_decode($api_key), '', ''); |
191 { |
174 } |
192 $api_key = getConfig('yubikey_api_key'); |
175 |
193 $api_key = hexencode(base64_decode($api_key), '', ''); |
176 if ( isset($arr['h']) ) |
194 } |
177 unset($arr['h']); |
195 $use_api_key = $api_key; |
|
196 } |
|
197 /* |
|
198 else |
|
199 { |
|
200 $use_api_key = hexencode(base64_decode($use_api_key), '', ''); |
|
201 } |
|
202 */ |
|
203 |
|
204 foreach ( array('h', 'title', 'auth', 'do') as $key ) |
|
205 { |
|
206 if ( isset($arr[$key]) ) |
|
207 unset($arr[$key]); |
|
208 } |
178 |
209 |
179 $req = array(); |
210 $req = array(); |
180 foreach ( $arr as $key => $val ) |
211 foreach ( $arr as $key => $val ) |
181 { |
212 { |
182 $req[] = "$key=$val"; |
213 $req[] = "$key=$val"; |
183 } |
214 } |
184 $req = implode('&', $req); |
215 $req = implode('&', $req); |
185 |
216 |
186 $sig = hmac_sha1($req, $api_key); |
217 $sig = hmac_sha1($req, $use_api_key); |
187 $sig = hexdecode($sig); |
218 $sig = hexdecode($sig); |
188 $sig = base64_encode($sig); |
219 $sig = base64_encode($sig); |
189 |
220 |
190 return $sig; |
221 return $sig; |
191 } |
222 } |