rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-02-08 03:54:20 +01:00
Code Issues Projects Releases Wiki Activity

Refactor.

Browse Source 
- before opening up a database connection (and init synclib),
	verify request comes from whitelisted address first.
This commit is contained in:
Jean Paul Galea 2015-07-16 23:41:22 +02:00
parent 2196310a0b
commit ea97dbf73d
1 changed files with 10 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
ykval-sync.php
View File

@ -43,9 +43,18 @@ $myLog->addField('ip', $ipaddr);
if (empty($_SERVER['QUERY_STRING'])) { if (empty($_SERVER['QUERY_STRING'])) {
sendResp(S_MISSING_PARAMETER, $myLog); sendResp(S_MISSING_PARAMETER, $myLog);
} }
$myLog->log(LOG_INFO, 'Request: ' . $_SERVER['QUERY_STRING']); $myLog->log(LOG_INFO, 'Request: ' . $_SERVER['QUERY_STRING']);
// verify request sent by whitelisted address
$myLog->log(LOG_DEBUG, 'Received request from ' . $ipaddr);
if (in_array($ipaddr, $allowed, TRUE) === FALSE) {
$myLog->log(LOG_NOTICE, 'Operation not allowed from IP ' . $ipaddr);
$myLog->log(LOG_DEBUG, 'Remote IP ' . $ipaddr . ' not listed in allowed sync pool : ' . implode(', ', $allowed));
sendResp(S_OPERATION_NOT_ALLOWED, $myLog);
}
$sync = new SyncLib('ykval-sync:synclib'); $sync = new SyncLib('ykval-sync:synclib');
$sync->addField('ip', $ipaddr); $sync->addField('ip', $ipaddr);
@ -53,17 +62,6 @@ if (! $sync->isConnected()) {
sendResp(S_BACKEND_ERROR, $myLog); sendResp(S_BACKEND_ERROR, $myLog);
} }
#
# Verify that request comes from valid server
#
$myLog->log(LOG_DEBUG, 'Received request from ' . $ipaddr);
if (in_array($ipaddr, $allowed, TRUE) === FALSE) {
$myLog->log(LOG_NOTICE, 'Operation not allowed from IP ' . $ipaddr);
$myLog->log(LOG_DEBUG, 'Remote IP ' . $ipaddr . ' not listed in allowed sync pool : ' . implode(', ', $allowed));
sendResp(S_OPERATION_NOT_ALLOWED, $myLog);
}
# #
# Define requirements on protocol # Define requirements on protocol
# #