Merge branch 'master' of github.com:Yubico/yubikey-val-server-php

2025-02-27 06:54:16 +01:00 · 2012-06-15 11:04:32 +02:00 · 2012-06-15 11:04:32 +02:00 · 64e9671b49
commit 64e9671b49
parent 1fd2e77da1 f72f00c338
4 changed files with 67 additions and 3 deletions
--- a/3
+++ b/3
@ -7,7 +7,7 @@ CODE = COPYING Makefile NEWS ykval-checksum-clients.php			\
 	ykval-sync.php ykval-verify.php ykval-export-clients.php 	\
 	ykval-import-clients.php
 MUNIN = ykval-munin-ksmlatency.php ykval-munin-vallatency.php	\
-	ykval-munin-queuelength.php
+	ykval-munin-queuelength.php ykval-munin-responses.pl
 DOCS = doc/ClientInfoFormat.wiki doc/Installation.wiki			\
 	doc/RevocationService.wiki doc/ServerReplicationProtocol.wiki	\
 	doc/SyncMonitor.wiki doc/Troubleshooting.wiki
@ -42,6 +42,7 @@ install:
 	install -D ykval-munin-ksmlatency.php $(DESTDIR)$(muninprefix)/ykval_ksmlatency
 	install -D ykval-munin-vallatency.php $(DESTDIR)$(muninprefix)/ykval_vallatency
 	install -D ykval-munin-queuelength.php $(DESTDIR)$(muninprefix)/ykval_queuelength
+	install -D ykval-munin-responses.pl $(DESTDIR)$(muninprefix)/ykval_responses
 	install -D --backup --mode 640 --group $(wwwgroup) ykval-config.php $(DESTDIR)$(etcprefix)/ykval-config.php-template
 	install -D --mode 644 ykval-db.sql $(DESTDIR)$(docprefix)/ykval-db.sql
 	install -D --mode 644 $(DOCS) $(DESTDIR)$(docprefix)/
--- a/15
+++ b/15
@ -1,4 +1,17 @@
-* Version 2.17 unreleased
+* Version 2.17 released 2012-06-15
+
+  * Logging improvements.
+    use ykval-verify/ykval-sync correctly for whole flow
+    clarify/degrade various logging messages
+
+  * Fix mysql error introduced in 2.14, also logs
+    database updated/not updated correctly.
+
+  * Accept sync for disabled keys, but still answer BAD_OTP.
+
+  * Remove from sync queue on BAD_OTP answer.
+
+  * Add munin plugin for response types.

 * Version 2.16 released 2012-06-13

--- a/ykval-munin-responses.pl
+++ b/ykval-munin-responses.pl
@ -0,0 +1,48 @@
+#!/usr/bin/perl
+#%# family=auto
+#%# capabilities=autoconf
+
+use strict;
+use warnings;
+
+my @types = qw/OK BAD_OTP MISSING_PARAMETER BACKEND_ERROR BAD_SIGNATURE DELAYED_OTP NO_SUCH_CLIENT NOT_ENOUGH_ANSWERS REPLAYED_REQUEST REPLAYED_OTP OPERATION_NOT_ALLOWED/;
+my $logfile = "/var/log/yubikey-val-server-php.log";
+
+if(@ARGV > 0) {
+  if($ARGV[0] eq "autoconf") {
+    print "yes\n";
+    exit 0;
+  } elsif($ARGV[0] eq "config") {
+    print "multigraph yk_responses\n";
+    print "graph_title YK-VAL response types\n";
+    print "graph_vlabel responses\n";
+    print "graph_category ykval\n";
+
+    foreach my $type (@types) {
+      print "${type}.label ${type}\n";
+      print "${type}.type DERIVE\n";
+      print "${type}.info Responses\n";
+      print "${type}.min 0\n";
+      print "${type}.draw LINE1\n";
+    }
+    exit 0
+  }
+  print "unknown command '${ARGV[0]}'\n";
+  exit 1
+}
+
+my %statuses = map { $_ => 0 } @types;
+
+my $reg = qr/status=([A-Z_]+)/;
+open (LOGFILE, "grep 'ykval-verify.*Response' $logfile |");
+while(<LOGFILE>) {
+  next unless /$reg/;
+  $statuses{$1}++;
+}
+close LOGFILE;
+
+print "multigraph yk_responses\n";
+foreach my $type (@types) {
+  print "${type}.value ${statuses{$type}}\n";
+}
+exit 0
--- a/ykval-sync.php
+++ b/ykval-sync.php
@ -153,7 +153,9 @@ if ($sync->countersEqual($localParams, $syncParams)) {
  if ($syncParams['modified']!=$localParams['modified'] &&
      $syncParams['nonce']==$localParams['nonce']) {
    $deltaModified = $syncParams['modified'] - $localParams['modified'];
-    $myLog->log(LOG_WARNING, 'We might have a replay. 2 events at different times have generated the same counters. The time difference is ' . $deltaModified . ' seconds');
+    if($deltaModified < -1 || $deltaModified > 1) {
+      $myLog->log(LOG_WARNING, 'We might have a replay. 2 events at different times have generated the same counters. The time difference is ' . $deltaModified . ' seconds');
+    }
  }

  if ($syncParams['nonce']!=$localParams['nonce']) {