1
0
mirror of https://github.com/Yubico/yubikey-val.git synced 2024-11-29 00:24:13 +01:00
Commit Graph

885 Commits

Author SHA1 Message Date
Jean Paul Galea
be784b8aaa Fix issue with $baseParam value.
- introduced recently in these log format changes.

- require_once 'ykval-config.php in logformat()
	did not import, because it takes place in ykval-verify.php.

- hence logformat() did not have $baseParams in scope,
	so we never write the log line.

- refactor and set format outside the class itself.
2016-04-18 16:38:39 +02:00
Jean Paul Galea
0838ecf56f Add sl and timeout to request log variables. 2016-04-18 16:33:00 +02:00
Jean Paul Galea
3edc7f077b Make it clear that default will be a string digit.
- since getHttpVal casts to string anyway.
2016-04-18 16:15:11 +02:00
Jean Paul Galea
714d6c9117 Avoid ambiguity with client id.
- getHttpVal always returns a string,
	so always treat $client as a string in other checks.
2016-04-18 16:10:42 +02:00
Jean Paul Galea
28c64e64fb Add tls and protocol variables to request log. 2016-04-18 15:40:04 +02:00
Jean Paul Galea
8a18cfea68 Rename variable. 2016-04-18 14:50:39 +02:00
Jean Paul Galea
922fe50163 Fix syntax errors introduced in previous commit. 2016-04-18 14:48:29 +02:00
Jean Paul Galea
c01c19c860 Add a verify request log line.
- Traditionally we wrote two lines for each ykval-verify.php call,
	'Request:' and 'Response:'.

- This commit allows us to log both request/response values in a single line.

- For backward compatibility, the old logging is kept in place.

- To write this line to syslog, __YKVAL_VERIFY_LOGFORMAT__ needs to be set.
2016-04-18 14:42:57 +02:00
Klas Lindfors
3a85744814 limit how many queued entries we get on each run
if there's more than 1000 queued we will get another 1000 on the next
run.
2016-03-14 14:52:15 +01:00
Klas Lindfors
ba0d6fc193 put building syncurl in a function 2016-03-08 09:33:53 +01:00
Klas Lindfors
2a0f74c78d implement paralell syncing with curl_multi 2016-03-08 09:33:53 +01:00
Paul Menzel
6c8377e35e doc/Installation: Grant insert and update rights to ykval_verifier
Currently, when following the installation instructions, the scripts
adding clients to the database don’t work as the user `ykval_verifier`
does not have any insert rights for the table `clients`.

```
LOG_DEBUG:ykval-gen-clients:db:DB query is:SELECT id FROM clients ORDER BY id DESC LIMIT 1
LOG_DEBUG:ykval-gen-clients:db:DB query is: INSERT INTO clients (id,active,created,secret,email,notes,otp) VALUES ('1', '1', '1404359826','XXXXXXXXXXXXXXXXXXXXXXXX =','','','')
LOG_INFO:ykval-gen-clients:db:Database query error: Array ( [0] => 42000 [1] => 1142 [2] => INSERT command denied to user 'ykval_verifier'@'localhost' for table 'clients' )
LOG_ERR:ykval-gen-clients:Failed to insert new client with query INSERT INTO clients (id,active,created,secret,email,notes,otp) VALUES ('1', '1', '1404359826’,’XXXXXXXXXXXXXXXXXXXXXXXX=','','','')
Failed to insert new client with query INSERT INTO clients (id,active,created,secret,email,notes,otp) VALUES ('1', '1', '1404359826','XXXXXXXXXXXXXXXXXXXXXXXX =','','','')`
```

Therefore, update the documentation, to also grant the user
`ykval_verifier` the rights to insert and update records into the table
`clients`. No delete rights are granted, because there is an `active`
column, which should probably used over deletion of clients.

Note, the original idea was probably to use two database users. One for
inserting and updating data, and one for querying/validating it. As,
nothing is written about this though, use the existing/recommended user
for both things.

Fixes: #20 (ykval_verifier SQL user doesn't have permission to INSERT
INTO clients, breaks ykval-gen-clients)
2016-02-08 12:26:27 +01:00
Klas Lindfors
a4f8c24877 Merge pull request #38 from paulmenzel/improve-documentation-for-import-export-data
Improve documentation for import export data
2016-02-05 13:00:17 +01:00
Paul Menzel
9edbf78e6a doc/Import_Export_Data: Correct typo in *information*
Add the missing *r* in *information*.
2016-02-04 23:29:27 +01:00
Paul Menzel
aa645ad52a doc/Import_Export_Data: Remove trailing whitespace
Run the command `StripWhitespace` from Vim Better Whitespace Plugin [1].

[1] https://github.com/ntpeters/vim-better-whitespace
2016-02-04 23:28:22 +01:00
Klas Lindfors
b3d8206da0 Merge pull request #37 from paulmenzel/add-install-command-for-non-deb-distributions
doc/Installation: Add install commands for non-Debian distributions
2016-01-07 15:28:54 +01:00
Paul Menzel
ab11b5ed91 doc/Installation: Add install commands for non-Debian distributions
Running `sudo make install` on non-Debian distributions fails, as the
group of the Apache HTTP server are named differently. Therefore, update
the documentation. The group name for SUSE is taken from the [OTRS
manual][1].

[1]: https://otrs.github.io/doc/manual/admin/4.0/de/html/manual-installation-of-otrs.html
2016-01-05 22:38:31 +01:00
Klas Lindfors
c688a9ecba Merge pull request #36 from paulmenzel/improve-installation-documentation
Improve installation documentation
2016-01-05 10:21:58 +01:00
Paul Menzel
26de7d6c66 doc/Installation: Mark up file names [1]
[1] http://asciidoctor.org/docs/asciidoc-syntax-quick-reference/#source-code
2015-12-23 16:12:28 +01:00
Paul Menzel
249ae16094 doc/Installation: Update Ubuntu recommendation to 14.04 LTS
Ubuntu 12.04 LTS will be supported until April 2017, but Ubuntu 14.04
LTS has been around long enough, so it’s well tested and probably more
common to install than 12.04 LTS. It’s supported until April 2019 [1].

[1] https://wiki.ubuntu.com/Releases
2015-12-23 15:54:02 +01:00
Paul Menzel
6a3c57992d doc/Installation: Fix wording to *The following steps apply …* 2015-12-23 15:39:45 +01:00
Klas Lindfors
0024848e2f Merge pull request #35 from paulmenzel/remove-trailing-whitespace-from-installation-documentation
doc/Installation: Remove trailing whitespace
2015-12-22 08:56:33 +01:00
Paul Menzel
ea0c0d4d9b doc/Installation: Remove trailing whitespace
Run the command `StripWhitespace` from Vim Better Whitespace Plugin [1].

[1] https://github.com/ntpeters/vim-better-whitespace
2015-12-21 18:35:09 +01:00
Jean Paul Galea
426ff9d4cb Merge pull request #33 from paulmenzel/fix-typo-in-comment-of-config-file
ykval-config.php: Spell *addresses* correctly in comment
2015-12-09 16:45:19 +01:00
Jean Paul Galea
32dd78b875 Merge pull request #34 from paulmenzel/fix-spelling-of-ksm
ykval-config.php: Use *ksm* instead of *kms*
2015-12-09 16:44:58 +01:00
Paul Menzel
8d3be1f352 ykval-config.php: Use *ksm* instead of *kms*
Avoid confusion and use the correct spelling for the three letter
acronym KSM (Key Storage Module).
2015-12-08 16:31:53 +01:00
Paul Menzel
ec8bbd3f53 ykval-config.php: Spell *addresses* correctly in comment 2015-12-08 16:24:33 +01:00
Jean Paul Galea
9e351f69e5 Bump versions. 2015-10-05 09:16:54 +02:00
Jean Paul Galea
45d01d2106 NEWS for 2.33 2015-10-05 09:07:45 +02:00
Jean Paul Galea
c4b20dd105 Added localhost port 80 for ksm service.
- previously the default config only included port 80.

- this was changed in 382cfc2ab5,
	to avoid issues with yhsm-yubikey-ksm, which defaults to port 8002.

- however, this broke configurations running with yubikey-ksm,
	which defaults to port 80.

- a better approach is to have both projects using the same defaults,
	but for now we'll include both urls instead.

- the ksm decrypt requests happen asynchronously,
	so there should not be any performance degradation.

	(since either one of the urls will timeout)
2015-09-24 11:19:32 +02:00
Jean Paul Galea
cf3b089fcc Drop some comments.
- not really helpful, better to just depend on what the code does.
2015-09-15 19:54:23 +00:00
Jean Paul Galea
d0a8657e84 Avoid variable aliases. 2015-09-15 18:41:51 +00:00
Jean Paul Galea
c46d13da17 Refactor.
- simplify and avoid using different arrays with same values.

- build $otpParams from $otpinfo as soon as we have ksm result,
	then unset $otpinfo.

- futher down, only use $otpParams and $localParams.
2015-09-15 18:29:55 +00:00
Jean Paul Galea
8f8b8b8e8c Refactor and modify LOG_INFO message.
- as a result of this commit,
	key=val are separated with two spaces instead of one.
2015-09-15 17:37:49 +00:00
Jean Paul Galea
a577d0eb0c Avoid variable aliases. 2015-09-15 17:25:53 +00:00
Jean Paul Galea
28ec07af7f Avoid variable aliases. 2015-09-15 17:24:45 +00:00
Jean Paul Galea
8d6520964f Avoid variable aliases. 2015-09-15 17:24:04 +00:00
Jean Paul Galea
99e6d8586d Avoid variable aliases. 2015-09-15 16:34:34 +00:00
Jean Paul Galea
fbbc03dcee Avoid variable aliases. 2015-09-15 16:33:30 +00:00
Jean Paul Galea
6443bbc01c Avoid variable aliases. 2015-09-15 16:31:54 +00:00
Jean Paul Galea
ba29b63be1 Avoid variable aliases. 2015-09-15 16:29:07 +00:00
Jean Paul Galea
c9e1c0c54a Bump versions. 2015-09-14 15:46:33 +02:00
Jean Paul Galea
d3788cc322 NEWS for 2.32 2015-09-14 15:41:00 +02:00
Jean Paul Galea
4433285c33 Refactor. 2015-09-10 20:58:04 +02:00
Jean Paul Galea
ad167cd38a Modified log messages.
- avoid doing what is already handled by the Log class.

- the log name is appended automatically,
	so don't append it again in the invocation.

	i.e. "ykval-verify"

- the log level name is also appended automatically,
	so don't append it manually, especially when it doesn't match the log priority!

	i.e. LOG_WARNING -> ":notice:"

- fix whitespace in some messages.
2015-09-10 20:53:56 +02:00
Jean Paul Galea
2df72604ed Cosmetic. 2015-09-10 20:37:24 +02:00
Jean Paul Galea
a1443857f7 Refactor. 2015-09-10 20:35:51 +02:00
Jean Paul Galea
694f5aee32 Refactor. 2015-09-10 20:33:35 +02:00
Jean Paul Galea
d34eb7895f Rename variable. 2015-09-10 20:32:21 +02:00
Jean Paul Galea
5d9459ec5c Rename variable. 2015-09-10 20:31:39 +02:00