Yubiradius 3.5.1 OTP Only - Full patch for adding temptoken

--- ropverify.bak.120328        2014-02-27 10:42:30.000000000 +1030
+++ ropverify.php       2014-02-27 10:42:25.000000000 +1030
@@ -42,6 +42,12 @@
   $skipLdapAuth = 1;
 }

+//added to allow 8 digit temporary tokens
+if ($otpOnlyAuthAllow == 1 && $passwdlen == 8) {
+  $otp = $passwd;
+  $skipLdapAuth = 1;
+}
+
 //james debug
 if ($debug) {
   $myLog->log(LOG_ERR, $otp);
root@spcppv03:/var/www/wsapi/aa# ls
ropverify.140227.diff  ropverify.140227full.diff  ropverify.bak.120328  ropverify.bak.php  ropverify.php
root@spcppv03:/var/www/wsapi/aa# cat ropverify.140227full.diff
--- ropverify.bak.php   2014-02-27 10:43:49.000000000 +1030
+++ ropverify.php       2014-02-27 10:42:25.000000000 +1030
@@ -28,6 +28,34 @@
 $timestamp = getHttpVal('timestamp', 0);
 $username = strtolower(getHttpVal('user', 0));
 $passwd = getHttpVal('password', null);
+
+
+//james vars
+$debug = 0;
+$otpOnlyAuthAllow = 1; //change to enable OTP only
+$skipLdapAuth = 0; //dont edit this one
+
+//james script, if not OTP token, then set passwd as OTP for citrix
+$passwdlen = strlen($passwd);
+if ($otpOnlyAuthAllow == 1 && $passwdlen == 44) {
+  $otp = $passwd;
+  $skipLdapAuth = 1;
+}
+
+//added to allow 8 digit temporary tokens
+if ($otpOnlyAuthAllow == 1 && $passwdlen == 8) {
+  $otp = $passwd;
+  $skipLdapAuth = 1;
+}
+
+//james debug
+if ($debug) {
+  $myLog->log(LOG_ERR, $otp);
+  $myLog->log(LOG_ERR, $passwd);
+  $myLog->log(LOG_ERR, $passwdlen);
+}
+
+
 if($otp && $username && $passwd){
   if($user_domain = seperatUsersAndDomain($username)){
     $user = $user_domain[0];
@@ -147,7 +175,7 @@
   $appended = seperateTempPass($passwd,$temp_pass_length_from_glob);
   if($appended){
     $passwd_temp = $appended[0];
-    $otp_temp = $appended[1];
+   $otp_temp = $appended[1];
   }
   if(temp_validate_password($otp_temp,$domain,$user)){
     if(($confs['domainconf']['temp_passwd_enable']== 1)&&($confs['domainconf']['max_auth_allowed'] > 0)&&($confs['domainconf']['temp_passwd_expiry'] >= date("Y-m-d"))){
@@ -402,6 +430,15 @@
   global $confs,$ldap_host,$ldap_port,$ldap_version,$ldap_secured,$ldap_timeout,$ldap_host1,$user_full_name;
   $myLog->log(LOG_DEBUG, 'Authenticating with LDAP/AD...');

+  //james, if password length is 44, it means only token is present, so skip LDAP auth
+  global $skipLdapAuth,$debug;
+  if ($skipLdapAuth == 1) {
+    if ($debug) {
+      $myLog->log(LOG_ERR, 'skipping ldap auth');
+    }
+    return true;
+  }
+
   // Connect to LDAP server
   $ldap_host = $confs["ldapconf"]["host"];
   $ldap_port = $confs["ldapconf"]["port"];
@@ -423,14 +460,13 @@
       $myLog->log(LOG_DEBUG, "LDAP protocol version: " . $ldap_version);
     } else {
       $myLog->log(LOG_DEBUG, "Failed to set LDAP protocol version to: " . $ldap_version);
-    }
+    }

     $rdn = $confs["domainconf"]["user_dn"];
-
     // Bind to LDAP server
     $myLog->log(LOG_DEBUG, "Trying to bind to LDAP server with RDN: " . $rdn);

-    $r = ldap_bind($ds, $rdn, $passwd);
+    $r = ldap_bind($ds, $rdn, $passwd);
     if(ldap_errno($ds)== -1){
       $ds = ldap_connect($ldap_url_1);
       if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $ldap_version)) {
@@ -439,7 +475,7 @@
         $myLog->log(LOG_ERR, "Failed to set LDAP protocol version to: " . $ldap_version);
       }
       $r = ldap_bind($ds, $rdn, $passwd);
-
+
     }
     if(!$r) {
       $myLog->log(LOG_ERR, "Failed to bind to LDAP server");
@@ -456,7 +492,7 @@
     $user = $confs["domainconf"]["login_name"];
     $fullusername = $user . "@". $confs["domainconf"]["domain"];
     $myLog->log(LOG_DEBUG, "Login Name:" . $user . "; Full Name: " . $fullusername);
-    ldap_close($ds);
+    ldap_close($ds);
     $myLog->log(LOG_DEBUG, "Successfully bound to LDAP server" . $r);
     return true;
     }
@@ -471,6 +507,8 @@
   }
 }

+
+
 // STEP#3: Verify the mapping
 function verificationOfYkmaping($user,$yubikeyid,$fullusername)
 {