rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-01-19 16:52:15 +01:00
Code Issues Projects Releases Wiki Activity

Only allowed sync requests from specified IP addresses

Browse Source
This commit is contained in:
Olov Danielson 2010-01-11 10:25:25 +00:00
parent 199296c91f
commit 94c8e17ef6
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ykval-config.php
View File

@ -11,6 +11,10 @@ $baseParams['__YKVAL_DB_OPTIONS__'] = array();
$baseParams['__YKVAL_SYNC_POOL__'] = array("http://1.2.3.4/wsapi/2.0/sync", $baseParams['__YKVAL_SYNC_POOL__'] = array("http://1.2.3.4/wsapi/2.0/sync",
"http://2.3.4.5/wsapi/2.0/sync", "http://2.3.4.5/wsapi/2.0/sync",
"http://3.4.5.6/wsapi/2.0/sync"); "http://3.4.5.6/wsapi/2.0/sync");
# An array of IP addresses allowed to issue sync requests
$baseParams['__YKVAL_ALLOWED_SYNC_POOL__'] = array("1.2.3.4",
"2.3.4.5",
"3.4.5.6");
# Specify how often the sync daemon awakens # Specify how often the sync daemon awakens
$baseParams['__YKVAL_SYNC_INTERVAL__'] = 10; $baseParams['__YKVAL_SYNC_INTERVAL__'] = 10;

19
ykval-sync.php
View File

@ -15,6 +15,25 @@ if (! $sync->isConnected()) {
exit; exit;
} }
#
# Verify that request comes from valid server
#
$sync->log('notice', 'remote request ip is ' . $_SERVER['REMOTE_ADDR']);
$allowed=False;
foreach ($baseParams['__YKVAL_ALLOWED_SYNC_POOL__'] as $server) {
$sync->log('notice', 'checking against ip ' . $server);
if ($_SERVER['REMOTE_ADDR'] == $server) {
$sync->log('notice', 'server ' . $server . ' is allower');
$allowed=True;
break;
}
}
if (!$allowed) {
sendResp(S_OPERATION_NOT_ALLOWED, $apiKey);
exit;
}
# #
# Define requirements on protocoll # Define requirements on protocoll
# #