# HG changeset patch # User Dan # Date 1249098536 14400 # Node ID 647f0aa485dda070f59bf6fee8c7f0d6b951b324 # Parent 0dac837643a446adcaee6ff5218c723c5c8d4141 Some modifications to support the YMS plugin diff -r 0dac837643a4 -r 647f0aa485dd plugins/Yubikey.php --- a/plugins/Yubikey.php Fri Jul 17 17:15:29 2009 -0400 +++ b/plugins/Yubikey.php Fri Jul 31 23:48:56 2009 -0400 @@ -171,6 +171,8 @@ field_reg_require_otp_title: 'Yubikey required for registration:', field_reg_require_otp_hint: 'If this is enabled, users will be asked to enroll a Yubikey during registration. The enrolled Yubikey will be authorized for the new account.', field_reg_require_otp: 'Require Yubikey during registration', + field_use_local_pre: 'Or:', + field_use_local: 'Use local YMS', err_invalid_auth_server: 'The URL to the Yubikey authentication server that you entered is invalid.' } diff -r 0dac837643a4 -r 647f0aa485dd plugins/yubikey/admincp.php --- a/plugins/yubikey/admincp.php Fri Jul 17 17:15:29 2009 -0400 +++ b/plugins/yubikey/admincp.php Fri Jul 31 23:48:56 2009 -0400 @@ -49,6 +49,16 @@ + '; + echo $lang->get('yubiacp_field_use_local_pre'); + ?> '; + } + ?> @@ -87,6 +97,7 @@ setConfig('yubikey_api_key_id', intval($_POST['yubikey_api_key_id'])); setConfig('yubikey_enroll_limit', intval($_POST['yubikey_enroll_limit'])); setConfig('yubikey_reg_require_otp', isset($_POST['yubikey_reg_require_otp']) ? '1' : '0'); + setConfig('yubikey_use_local_yms', isset($_POST['yubikey_use_local_yms']) && defined('YMS_INSTALLED') ? '1' : '0'); if ( preg_match('#^(?:https?://)?(\[?[a-z0-9-:]+(?:\.[a-z0-9-:]+\]?)*)(/.*)$#', $_POST['yubikey_auth_server']) ) setConfig('yubikey_auth_server', $_POST['yubikey_auth_server']); diff -r 0dac837643a4 -r 647f0aa485dd plugins/yubikey/corelib.php --- a/plugins/yubikey/corelib.php Fri Jul 17 17:15:29 2009 -0400 +++ b/plugins/yubikey/corelib.php Fri Jul 31 23:48:56 2009 -0400 @@ -57,6 +57,24 @@ 'error' => 'otp_invalid_chars' ); } + // are we using local YMS? + if ( getConfig('yubikey_use_local_yms', 0) && defined('YMS_INSTALLED') ) + { + $result = yms_validate_otp($otp, $api_id); + if ( $result == 'OK' ) + { + return array( + 'success' => true + ); + } + else + { + return array( + 'success' => false, + 'error' => strtolower("response_{$result}") + ); + } + } // make HTTP request require_once( ENANO_ROOT . '/includes/http.php' ); $auth_url = getConfig('yubikey_auth_server', YK_DEFAULT_VERIFY_URL); @@ -161,20 +179,33 @@ } } -function yubikey_sign($arr) +function yubikey_sign($arr, $use_api_key = false) { static $api_key = false; ksort($arr); - if ( !$api_key ) + if ( !$use_api_key ) { - $api_key = getConfig('yubikey_api_key'); - $api_key = hexencode(base64_decode($api_key), '', ''); + if ( !$api_key ) + { + $api_key = getConfig('yubikey_api_key'); + $api_key = hexencode(base64_decode($api_key), '', ''); + } + $use_api_key = $api_key; } + /* + else + { + $use_api_key = hexencode(base64_decode($use_api_key), '', ''); + } + */ - if ( isset($arr['h']) ) - unset($arr['h']); + foreach ( array('h', 'title', 'auth', 'do') as $key ) + { + if ( isset($arr[$key]) ) + unset($arr[$key]); + } $req = array(); foreach ( $arr as $key => $val ) @@ -183,7 +214,7 @@ } $req = implode('&', $req); - $sig = hmac_sha1($req, $api_key); + $sig = hmac_sha1($req, $use_api_key); $sig = hexdecode($sig); $sig = base64_encode($sig);