--- a/plugins/Yubikey.php	Fri Jul 17 17:15:29 2009 -0400
+++ b/plugins/Yubikey.php	Fri Jul 31 23:48:56 2009 -0400
@@ -171,6 +171,8 @@
         field_reg_require_otp_title: 'Yubikey required for registration:',
         field_reg_require_otp_hint: 'If this is enabled, users will be asked to enroll a Yubikey during registration. The enrolled Yubikey will be authorized for the new account.',
         field_reg_require_otp: 'Require Yubikey during registration',
+        field_use_local_pre: 'Or:',
+        field_use_local: 'Use local YMS',
         
         err_invalid_auth_server: 'The URL to the Yubikey authentication server that you entered is invalid.'
       }

--- a/plugins/yubikey/admincp.php	Fri Jul 17 17:15:29 2009 -0400
+++ b/plugins/yubikey/admincp.php	Fri Jul 31 23:48:56 2009 -0400
@@ -49,6 +49,16 @@
       </td>
       <td class="row2">
         <input type="text" name="yubikey_auth_server" value="<?php echo htmlspecialchars(getConfig('yubikey_auth_server', YK_DEFAULT_VERIFY_URL)); ?>" size="30" />
+        <?php
+        if ( defined('YMS_INSTALLED') )
+        {
+          echo '<br />';
+          echo $lang->get('yubiacp_field_use_local_pre');
+          ?> <label><input type="checkbox" name="yubikey_use_local_yms" <?php echo getConfig('yubikey_use_local_yms', 0) ? 'checked="checked" ' : ''; ?>/><?php
+          echo $lang->get('yubiacp_field_use_local');
+          echo '</label>';
+        }
+        ?>
       </td>
     </tr>
     
@@ -87,6 +97,7 @@
   setConfig('yubikey_api_key_id', intval($_POST['yubikey_api_key_id']));
   setConfig('yubikey_enroll_limit', intval($_POST['yubikey_enroll_limit']));
   setConfig('yubikey_reg_require_otp', isset($_POST['yubikey_reg_require_otp']) ? '1' : '0');
+  setConfig('yubikey_use_local_yms', isset($_POST['yubikey_use_local_yms']) && defined('YMS_INSTALLED') ? '1' : '0');
   
   if ( preg_match('#^(?:https?://)?(\[?[a-z0-9-:]+(?:\.[a-z0-9-:]+\]?)*)(/.*)$#', $_POST['yubikey_auth_server']) )
     setConfig('yubikey_auth_server', $_POST['yubikey_auth_server']);

--- a/plugins/yubikey/corelib.php	Fri Jul 17 17:15:29 2009 -0400
+++ b/plugins/yubikey/corelib.php	Fri Jul 31 23:48:56 2009 -0400
@@ -57,6 +57,24 @@
         'error' => 'otp_invalid_chars'
       );
   }
+  // are we using local YMS?
+  if ( getConfig('yubikey_use_local_yms', 0) && defined('YMS_INSTALLED') )
+  {
+    $result = yms_validate_otp($otp, $api_id);
+    if ( $result == 'OK' )
+    {
+      return array(
+          'success' => true
+        );
+    }
+    else
+    {
+      return array(
+        'success' => false,
+        'error' => strtolower("response_{$result}")
+      );
+    }
+  }
   // make HTTP request
   require_once( ENANO_ROOT . '/includes/http.php' );
   $auth_url = getConfig('yubikey_auth_server', YK_DEFAULT_VERIFY_URL);
@@ -161,20 +179,33 @@
   }
 }
 
-function yubikey_sign($arr)
+function yubikey_sign($arr, $use_api_key = false)
 {
   static $api_key = false;
   
   ksort($arr);
   
-  if ( !$api_key )
+  if ( !$use_api_key )
   {
-    $api_key = getConfig('yubikey_api_key');
-    $api_key = hexencode(base64_decode($api_key), '', '');
+    if ( !$api_key )
+    {
+      $api_key = getConfig('yubikey_api_key');
+      $api_key = hexencode(base64_decode($api_key), '', '');
+    }
+    $use_api_key = $api_key;
   }
+  /*
+  else
+  {
+    $use_api_key = hexencode(base64_decode($use_api_key), '', '');
+  }
+  */
   
-  if ( isset($arr['h']) )
-    unset($arr['h']);
+  foreach ( array('h', 'title', 'auth', 'do') as $key )
+  {
+    if ( isset($arr[$key]) )
+      unset($arr[$key]);
+  }
   
   $req = array();
   foreach ( $arr as $key => $val )
@@ -183,7 +214,7 @@
   }
   $req = implode('&', $req);
   
-  $sig = hmac_sha1($req, $api_key);
+  $sig = hmac_sha1($req, $use_api_key);
   $sig = hexdecode($sig);
   $sig = base64_encode($sig);