# HG changeset patch
# User Dan
# Date 1249099146 14400
# Node ID b9a3da602841691978a29a382c5b80b6fcb7e779
# Parent  647f0aa485dda070f59bf6fee8c7f0d6b951b324# Parent  ba1a31f16afe2ee6a564f1b4a9f14dd094b5c098
Merged branches from Scribus and Charlie

diff -r ba1a31f16afe -r b9a3da602841 plugins/Yubikey.php
--- a/plugins/Yubikey.php	Wed Jul 29 12:09:35 2009 -0400
+++ b/plugins/Yubikey.php	Fri Jul 31 23:59:06 2009 -0400
@@ -171,6 +171,8 @@
         field_reg_require_otp_title: 'Yubikey required for registration:',
         field_reg_require_otp_hint: 'If this is enabled, users will be asked to enroll a Yubikey during registration. The enrolled Yubikey will be authorized for the new account.',
         field_reg_require_otp: 'Require Yubikey during registration',
+        field_use_local_pre: 'Or:',
+        field_use_local: 'Use local YMS',
         
         err_invalid_auth_server: 'The URL to the Yubikey authentication server that you entered is invalid.'
       }
diff -r ba1a31f16afe -r b9a3da602841 plugins/yubikey/admincp.php
--- a/plugins/yubikey/admincp.php	Wed Jul 29 12:09:35 2009 -0400
+++ b/plugins/yubikey/admincp.php	Fri Jul 31 23:59:06 2009 -0400
@@ -49,6 +49,16 @@
       </td>
       <td class="row2">
         <input type="text" name="yubikey_auth_server" value="<?php echo htmlspecialchars(getConfig('yubikey_auth_server', YK_DEFAULT_VERIFY_URL)); ?>" size="30" />
+        <?php
+        if ( defined('YMS_INSTALLED') )
+        {
+          echo '<br />';
+          echo $lang->get('yubiacp_field_use_local_pre');
+          ?> <label><input type="checkbox" name="yubikey_use_local_yms" <?php echo getConfig('yubikey_use_local_yms', 0) ? 'checked="checked" ' : ''; ?>/><?php
+          echo $lang->get('yubiacp_field_use_local');
+          echo '</label>';
+        }
+        ?>
       </td>
     </tr>
     
@@ -87,6 +97,7 @@
   setConfig('yubikey_api_key_id', intval($_POST['yubikey_api_key_id']));
   setConfig('yubikey_enroll_limit', intval($_POST['yubikey_enroll_limit']));
   setConfig('yubikey_reg_require_otp', isset($_POST['yubikey_reg_require_otp']) ? '1' : '0');
+  setConfig('yubikey_use_local_yms', isset($_POST['yubikey_use_local_yms']) && defined('YMS_INSTALLED') ? '1' : '0');
   
   if ( preg_match('#^(?:https?://)?(\[?[a-z0-9-:]+(?:\.[a-z0-9-:]+\]?)*)(/.*)$#', $_POST['yubikey_auth_server']) )
     setConfig('yubikey_auth_server', $_POST['yubikey_auth_server']);
diff -r ba1a31f16afe -r b9a3da602841 plugins/yubikey/auth.php
--- a/plugins/yubikey/auth.php	Wed Jul 29 12:09:35 2009 -0400
+++ b/plugins/yubikey/auth.php	Fri Jul 31 23:59:06 2009 -0400
@@ -28,6 +28,14 @@
     $userdata['yubikey_otp'] = $userdata['password'];
   }
   
+  // Look for a lockout
+  $lockout_info = $session->get_lockout_info($lockdata);
+  if ( $lockout_info['locked_out'] )
+  {
+    // pass on to normal auth so the lockout can be sent back properly
+    return null;
+  }
+  
   if ( !empty($userdata['username']) )
   {
     // get flags
diff -r ba1a31f16afe -r b9a3da602841 plugins/yubikey/corelib.php
--- a/plugins/yubikey/corelib.php	Wed Jul 29 12:09:35 2009 -0400
+++ b/plugins/yubikey/corelib.php	Fri Jul 31 23:59:06 2009 -0400
@@ -57,6 +57,24 @@
         'error' => 'otp_invalid_chars'
       );
   }
+  // are we using local YMS?
+  if ( getConfig('yubikey_use_local_yms', 0) && defined('YMS_INSTALLED') )
+  {
+    $result = yms_validate_otp($otp, $api_id);
+    if ( $result == 'OK' )
+    {
+      return array(
+          'success' => true
+        );
+    }
+    else
+    {
+      return array(
+        'success' => false,
+        'error' => strtolower("response_{$result}")
+      );
+    }
+  }
   // make HTTP request
   require_once( ENANO_ROOT . '/includes/http.php' );
   $auth_url = getConfig('yubikey_auth_server', YK_DEFAULT_VERIFY_URL);
@@ -161,20 +179,33 @@
   }
 }
 
-function yubikey_sign($arr)
+function yubikey_sign($arr, $use_api_key = false)
 {
   static $api_key = false;
   
   ksort($arr);
   
-  if ( !$api_key )
+  if ( !$use_api_key )
   {
-    $api_key = getConfig('yubikey_api_key');
-    $api_key = hexencode(base64_decode($api_key), '', '');
+    if ( !$api_key )
+    {
+      $api_key = getConfig('yubikey_api_key');
+      $api_key = hexencode(base64_decode($api_key), '', '');
+    }
+    $use_api_key = $api_key;
   }
+  /*
+  else
+  {
+    $use_api_key = hexencode(base64_decode($use_api_key), '', '');
+  }
+  */
   
-  if ( isset($arr['h']) )
-    unset($arr['h']);
+  foreach ( array('h', 'title', 'auth', 'do') as $key )
+  {
+    if ( isset($arr[$key]) )
+      unset($arr[$key]);
+  }
   
   $req = array();
   foreach ( $arr as $key => $val )
@@ -183,7 +214,7 @@
   }
   $req = implode('&', $req);
   
-  $sig = hmac_sha1($req, $api_key);
+  $sig = hmac_sha1($req, $use_api_key);
   $sig = hexdecode($sig);
   $sig = base64_encode($sig);
   
diff -r ba1a31f16afe -r b9a3da602841 plugins/yubikey/yubikey.js
--- a/plugins/yubikey/yubikey.js	Wed Jul 29 12:09:35 2009 -0400
+++ b/plugins/yubikey/yubikey.js	Fri Jul 31 23:59:06 2009 -0400
@@ -222,7 +222,7 @@
       // ... yet?
       return;
     
-    attachHook('login_build_form', 'yk_login_dlg_hook(table);');
+    attachHook('login_build_form', 'yk_login_dlg_hook(table, data);');
     attachHook('login_build_userinfo', 'if ( window.yubikey_otp_current ) userinfo.yubikey_otp = window.yubikey_otp_current;');
     if ( title == namespace_list.Special + 'Preferences/Yubikey' )
     {
@@ -230,7 +230,7 @@
     }
   });
 
-function yk_login_dlg_hook(table)
+function yk_login_dlg_hook(table, data)
 {
   window.yubikey_otp_current = false;
   var tr = document.createElement('tr');
@@ -246,7 +246,7 @@
       $('#messageBoxButtons input:button:first').focus();
       $('#ajax_login_field_captcha').focus();
     });
-  if ( window.yk_reg_require_otp || window.yk_user_enabled )
+  if ( ( window.yk_reg_require_otp || window.yk_user_enabled ) && !data.locked_out.locked_out )
   {
     setTimeout(function()
       {