rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-03-04 03:29:18 +01:00
Code Issues Projects Releases Wiki Activity

Add tls and protocol variables to request log.

Browse Source
This commit is contained in:
Jean Paul Galea 2016-04-18 15:40:04 +02:00
parent 8a18cfea68
commit 28c64e64fb
3 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ykval-config.php
View File

@ -150,8 +150,10 @@ function otp2ksmurls ($otp, $client)
* %low% * %low%
* %high% * %high%
* %use% * %use%
* %tls%
* %protocol%
* *
* If a value is malformed or not available, * If a value is malformed or not available,
* a dash '-' is written instead. * a dash '-' is written instead.
*/ */
//$baseParams['__YKVAL_VERIFY_LOGFORMAT__'] = '[%time_start%] [%ip%] [%client%] [%public_id%] [%otp%] [%status%] [%time_taken%] [%nonce%] [%signed%] [%counter%] [%low%] [%high%] [%use%]'; //$baseParams['__YKVAL_VERIFY_LOGFORMAT__'] = '[%time_start%] [%ip%] [%tls%] [%protocol%] [%client%] [%public_id%] [%otp%] [%status%] [%time_taken%] [%nonce%] [%signed%] [%counter%] [%low%] [%high%] [%use%]';

9
ykval-log-verify.php
View File

@ -46,6 +46,8 @@ class LogVerify
'low' => NULL, 'low' => NULL,
'high' => NULL, 'high' => NULL,
'use' => NULL, 'use' => NULL,
'tls' => NULL,
'protocol' => NULL,
); );
/** /**
@ -118,7 +120,7 @@ class LogVerify
/** /**
* Sanitize untrusted values from clients before writing them to syslog. * Sanitize untrusted values from clients before writing them to syslog.
* *
* P.S. signed, status, time_start are assumed safe, * P.S. signed, status, time_start, tls are assumed safe,
* since they are set internally. * since they are set internally.
* *
* @return array sanitized $this->fields * @return array sanitized $this->fields
@ -162,6 +164,11 @@ class LogVerify
if (preg_match('/^[a-zA-Z0-9]{16,40}$/', $a['nonce']) !== 1) if (preg_match('/^[a-zA-Z0-9]{16,40}$/', $a['nonce']) !== 1)
$a['nonce'] = '-'; $a['nonce'] = '-';
if (is_float($a['protocol']) === TRUE)
$a['protocol'] = sprintf('%.1f', $a['protocol']);
else
$a['protocol'] = '-';
$start = explode(' ', $a['time_start']); $start = explode(' ', $a['time_start']);
$start_msec = $start[0]; $start_msec = $start[0];
$start_sec = $start[1]; $start_sec = $start[1];

2
ykval-verify.php
View File

@ -57,6 +57,7 @@ $myLog->addField('ip', $ipaddr);
$myLog->request = new LogVerify(); $myLog->request = new LogVerify();
$myLog->request->set('ip', $ipaddr); $myLog->request->set('ip', $ipaddr);
$myLog->request->set('tls', ($https ? 'tls' : '-'));
$myLog->request->set('time_start', $time_start); $myLog->request->set('time_start', $time_start);
unset($time_start); unset($time_start);
@ -91,6 +92,7 @@ else
$protocol_version = 1.0; $protocol_version = 1.0;
} }
$myLog->request->set('protocol', $protocol_version);
$myLog->log(LOG_DEBUG, "found protocol version $protocol_version"); $myLog->log(LOG_DEBUG, "found protocol version $protocol_version");
/** /**