rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-02-08 03:54:20 +01:00
Code Issues Projects Releases Wiki Activity

Made ykval-config.php work out of the box.

Browse Source
This commit is contained in:
Dain Nilsson 2013-01-28 15:09:53 +01:00
parent ffb207e48a
commit 08ae17bbbd
2 changed files with 34 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -50,7 +50,7 @@ install:
install -D ykval-munin-queuelength.php $(DESTDIR)$(muninprefix)/ykval_queuelength
install -D ykval-munin-responses.pl $(DESTDIR)$(muninprefix)/ykval_responses
install -D ykval-munin-yubikeystats.php $(DESTDIR)$(muninprefix)/ykval_yubikeystats
install -D --backup --mode 640 --group $(wwwgroup) ykval-config.php $(DESTDIR)$(etcprefix)/ykval-config.php-template
install -D --backup --mode 640 --group $(wwwgroup) ykval-config.php $(DESTDIR)$(etcprefix)/ykval-config.php
install -D --mode 644 ykval-db.sql $(DESTDIR)$(docprefix)/ykval-db.sql
install -D --mode 644 ykval-db.oracle.sql $(DESTDIR)$(docprefix)/ykval-db.oracle.sql
install -D --mode 644 $(DOCS) $(DESTDIR)$(docprefix)/

52
ykval-config.php
View File

@ -1,28 +1,41 @@
<?php # -*- php -*-
//ykval will use the configuration stored in /etc/yubico/val/config-db.php, if that file exists. If it does not exist, the below values will be used.
if(!include '/etc/yubico/val/config-db.php') {
$dbuser='ykval_verifier';
$dbpass='yourpassword';
$basepath='';
$dbname='ykval';
$dbserver='';
$dbport='';
$dbtype='mysql';
}
# For the validation interface.
$baseParams = array ();
$baseParams['__YKVAL_DB_DSN__'] = "mysql:dbname=ykval;host=127.0.0.1"; # "oci:oracledb" for Oracle DB (with OCI library)
$baseParams['__YKVAL_DB_USER__'] = 'ykval_verifier';
$baseParams['__YKVAL_DB_PW__'] = 'lab';
$baseParams['__YKVAL_DB_DSN__'] = "$dbtype:dbname=$dbname;host=127.0.0.1"; # "oci:oracledb" for Oracle DB (with OCI library)
$baseParams['__YKVAL_DB_USER__'] = $dbuser;
$baseParams['__YKVAL_DB_PW__'] = $dbpass;
$baseParams['__YKVAL_DB_OPTIONS__'] = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
# For the validation server sync
$baseParams['__YKVAL_SYNC_POOL__'] = array("http://api2.example.com/wsapi/2.0/sync",
"http://api3.example.com/wsapi/2.0/sync",
"http://api4.example.com/wsapi/2.0/sync");
$baseParams['__YKVAL_SYNC_POOL__'] = array(/*"http://api2.example.com/wsapi/2.0/sync",*/
/*"http://api3.example.com/wsapi/2.0/sync",*/
/* "http://api4.example.com/wsapi/2.0/sync"*/);
# An array of IP addresses allowed to issue sync requests
# NOTE: You must use IP addresses here.
$baseParams['__YKVAL_ALLOWED_SYNC_POOL__'] = array("1.2.3.4",
"2.3.4.5",
"3.4.5.6");
$baseParams['__YKVAL_ALLOWED_SYNC_POOL__'] = array(/*"1.2.3.4",*/
/*"2.3.4.5",*/
/*"3.4.5.6"*/);
# An array of IP addresses allowed to issue YubiKey activation/deactivation
# requests through ykval-revoke.php. NOTE: You must use IP addresses here.
$baseParams['__YKREV_IPS__'] = array("127.0.0.1");
$baseParams['__YKREV_IPS__'] = array(/*"127.0.0.1"*/);
# An array of IP addresses allowed to issue database resync requests through
# ykval-resync.php. NOTE: You must use IP addresses here.
$baseParams['__YKRESYNC_IPS__'] = array("127.0.0.1");
$baseParams['__YKRESYNC_IPS__'] = array(/*"127.0.0.1"*/);
# Specify how often the sync daemon awakens
$baseParams['__YKVAL_SYNC_INTERVAL__'] = 10;
@ -41,17 +54,18 @@ $baseParams['__YKVAL_SYNC_DEFAULT_TIMEOUT__'] = 1;
// CLIENT. The URLs must be fully qualified, i.e., contain the OTP
// itself.
function otp2ksmurls ($otp, $client) {
if ($client == 42) {
return array("http://another-ykkms.example.com/wsapi/decrypt?otp=$otp");
}
//if ($client == 42) {
// return array("http://another-ykkms.example.com/wsapi/decrypt?otp=$otp");
//}
if (preg_match ("/^dteffujehknh/", $otp)) {
return array("http://different-ykkms.example.com/wsapi/decrypt?otp=$otp");
}
//if (preg_match ("/^dteffujehknh/", $otp)) {
// return array("http://different-ykkms.example.com/wsapi/decrypt?otp=$otp");
//}
return array(
"http://ykkms1.example.com/wsapi/decrypt?otp=$otp",
"http://ykkms2.example.com/wsapi/decrypt?otp=$otp",
//"http://ykkms1.example.com/wsapi/decrypt?otp=$otp",
//"http://ykkms2.example.com/wsapi/decrypt?otp=$otp",
"http://127.0.0.1/wsapi/decrypt?otp=$otp"
);
}