2009-04-27 19:57:24 +02:00
|
|
|
<?php # -*- php -*-
|
2009-03-10 23:50:35 +01:00
|
|
|
|
2009-08-28 12:55:56 +02:00
|
|
|
# For the validation interface.
|
2009-03-10 23:50:35 +01:00
|
|
|
$baseParams = array ();
|
2012-06-12 10:35:49 +02:00
|
|
|
$baseParams['__YKVAL_DB_DSN__'] = "mysql:dbname=ykval;host=127.0.0.1"; # "oci:oracledb" for Oracle DB (with OCI library)
|
2009-08-28 12:55:56 +02:00
|
|
|
$baseParams['__YKVAL_DB_USER__'] = 'ykval_verifier';
|
2009-12-02 18:32:20 +01:00
|
|
|
$baseParams['__YKVAL_DB_PW__'] = 'lab';
|
2012-05-22 13:15:25 +02:00
|
|
|
$baseParams['__YKVAL_DB_OPTIONS__'] = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
|
2009-12-15 15:56:01 +01:00
|
|
|
|
2009-12-02 18:32:20 +01:00
|
|
|
# For the validation server sync
|
2012-05-29 11:07:19 +02:00
|
|
|
$baseParams['__YKVAL_SYNC_POOL__'] = array("http://api2.example.com/wsapi/2.0/sync",
|
|
|
|
"http://api3.example.com/wsapi/2.0/sync",
|
2010-01-13 15:17:52 +01:00
|
|
|
"http://api4.example.com/wsapi/2.0/sync");
|
2010-01-11 11:25:25 +01:00
|
|
|
# An array of IP addresses allowed to issue sync requests
|
2010-01-13 15:17:52 +01:00
|
|
|
# NOTE: You must use IP addresses here.
|
2012-05-29 11:07:19 +02:00
|
|
|
$baseParams['__YKVAL_ALLOWED_SYNC_POOL__'] = array("1.2.3.4",
|
|
|
|
"2.3.4.5",
|
2010-01-11 11:25:25 +01:00
|
|
|
"3.4.5.6");
|
2009-12-15 15:56:01 +01:00
|
|
|
|
2012-06-14 13:00:39 +02:00
|
|
|
# An array of IP addresses allowed to issue YubiKey activation/deactivation
|
|
|
|
# requests through ykval-revoke.php. NOTE: You must use IP addresses here.
|
|
|
|
$baseParams['__YKREV_IPS__'] = array("127.0.0.1");
|
2012-06-18 15:05:23 +02:00
|
|
|
# An array of IP addresses allowed to issue database resync requests through
|
|
|
|
# ykval-resync.php. NOTE: You must use IP addresses here.
|
|
|
|
$baseParams['__YKRESYNC_IPS__'] = array("127.0.0.1");
|
2012-06-14 13:00:39 +02:00
|
|
|
|
2009-12-15 15:56:01 +01:00
|
|
|
# Specify how often the sync daemon awakens
|
2010-01-10 17:46:11 +01:00
|
|
|
$baseParams['__YKVAL_SYNC_INTERVAL__'] = 10;
|
2009-12-15 15:56:01 +01:00
|
|
|
# Specify how long the sync daemon will wait for response
|
2009-12-07 20:13:20 +01:00
|
|
|
$baseParams['__YKVAL_SYNC_RESYNC_TIMEOUT__'] = 30;
|
2009-12-15 15:56:01 +01:00
|
|
|
# Specify how old entries in the database should be considered aborted attempts
|
2010-01-10 17:46:11 +01:00
|
|
|
$baseParams['__YKVAL_SYNC_OLD_LIMIT__'] = 10;
|
2009-12-15 15:56:01 +01:00
|
|
|
|
|
|
|
# These are settings for the validation server.
|
2009-12-07 20:13:20 +01:00
|
|
|
$baseParams['__YKVAL_SYNC_FAST_LEVEL__'] = 1;
|
2010-01-11 16:41:27 +01:00
|
|
|
$baseParams['__YKVAL_SYNC_SECURE_LEVEL__'] = 40;
|
|
|
|
$baseParams['__YKVAL_SYNC_DEFAULT_LEVEL__'] = 60;
|
2009-12-07 20:13:20 +01:00
|
|
|
$baseParams['__YKVAL_SYNC_DEFAULT_TIMEOUT__'] = 1;
|
2009-08-28 12:55:56 +02:00
|
|
|
|
2009-04-27 19:57:24 +02:00
|
|
|
// otp2ksmurls: Return array of YK-KSM URLs for decrypting OTP for
|
|
|
|
// CLIENT. The URLs must be fully qualified, i.e., contain the OTP
|
2010-01-13 15:17:52 +01:00
|
|
|
// itself.
|
2009-04-27 19:57:24 +02:00
|
|
|
function otp2ksmurls ($otp, $client) {
|
|
|
|
if ($client == 42) {
|
2010-01-13 15:17:52 +01:00
|
|
|
return array("http://another-ykkms.example.com/wsapi/decrypt?otp=$otp");
|
2009-04-27 19:57:24 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (preg_match ("/^dteffujehknh/", $otp)) {
|
2010-01-13 15:17:52 +01:00
|
|
|
return array("http://different-ykkms.example.com/wsapi/decrypt?otp=$otp");
|
2009-04-27 19:57:24 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return array(
|
2010-01-13 15:17:52 +01:00
|
|
|
"http://ykkms1.example.com/wsapi/decrypt?otp=$otp",
|
|
|
|
"http://ykkms2.example.com/wsapi/decrypt?otp=$otp",
|
2009-04-27 19:57:24 +02:00
|
|
|
);
|
|
|
|
}
|
2009-03-10 23:50:35 +01:00
|
|
|
|
|
|
|
?>
|