From 28c64e64fb3d5724efe29010385a5deb99801b43 Mon Sep 17 00:00:00 2001 From: Jean Paul Galea Date: Mon, 18 Apr 2016 15:40:04 +0200 Subject: [PATCH] Add tls and protocol variables to request log. --- ykval-config.php | 4 +++- ykval-log-verify.php | 9 ++++++++- ykval-verify.php | 2 ++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/ykval-config.php b/ykval-config.php index 2a39183..ae7dad7 100644 --- a/ykval-config.php +++ b/ykval-config.php @@ -150,8 +150,10 @@ function otp2ksmurls ($otp, $client) * %low% * %high% * %use% + * %tls% + * %protocol% * * If a value is malformed or not available, * a dash '-' is written instead. */ -//$baseParams['__YKVAL_VERIFY_LOGFORMAT__'] = '[%time_start%] [%ip%] [%client%] [%public_id%] [%otp%] [%status%] [%time_taken%] [%nonce%] [%signed%] [%counter%] [%low%] [%high%] [%use%]'; +//$baseParams['__YKVAL_VERIFY_LOGFORMAT__'] = '[%time_start%] [%ip%] [%tls%] [%protocol%] [%client%] [%public_id%] [%otp%] [%status%] [%time_taken%] [%nonce%] [%signed%] [%counter%] [%low%] [%high%] [%use%]'; diff --git a/ykval-log-verify.php b/ykval-log-verify.php index 6b58b99..56cd658 100644 --- a/ykval-log-verify.php +++ b/ykval-log-verify.php @@ -46,6 +46,8 @@ class LogVerify 'low' => NULL, 'high' => NULL, 'use' => NULL, + 'tls' => NULL, + 'protocol' => NULL, ); /** @@ -118,7 +120,7 @@ class LogVerify /** * Sanitize untrusted values from clients before writing them to syslog. * - * P.S. signed, status, time_start are assumed safe, + * P.S. signed, status, time_start, tls are assumed safe, * since they are set internally. * * @return array sanitized $this->fields @@ -162,6 +164,11 @@ class LogVerify if (preg_match('/^[a-zA-Z0-9]{16,40}$/', $a['nonce']) !== 1) $a['nonce'] = '-'; + if (is_float($a['protocol']) === TRUE) + $a['protocol'] = sprintf('%.1f', $a['protocol']); + else + $a['protocol'] = '-'; + $start = explode(' ', $a['time_start']); $start_msec = $start[0]; $start_sec = $start[1]; diff --git a/ykval-verify.php b/ykval-verify.php index 3917b8d..5eb230f 100644 --- a/ykval-verify.php +++ b/ykval-verify.php @@ -57,6 +57,7 @@ $myLog->addField('ip', $ipaddr); $myLog->request = new LogVerify(); $myLog->request->set('ip', $ipaddr); +$myLog->request->set('tls', ($https ? 'tls' : '-')); $myLog->request->set('time_start', $time_start); unset($time_start); @@ -91,6 +92,7 @@ else $protocol_version = 1.0; } +$myLog->request->set('protocol', $protocol_version); $myLog->log(LOG_DEBUG, "found protocol version $protocol_version"); /**