1
0
mirror of https://github.com/Yubico/yubikey-val.git synced 2024-11-29 00:24:13 +01:00
Commit Graph

851 Commits

Author SHA1 Message Date
Jean Paul Galea
c6cbf17d7b Refactor.
- unset temporary variable.
2016-05-17 11:05:47 +02:00
Jean Paul Galea
4c1b58986d Fix.
- $request was never set if both $_POST and $_GET are empty!
2016-05-17 10:57:12 +02:00
Jean Paul Galea
58213bfc8d Bump versions. 2016-05-16 15:46:31 +02:00
Jean Paul Galea
e78ec528a8 NEWS for 2.36 2016-05-16 15:36:42 +02:00
Klas Lindfors
958960a049 Merge pull request #39 from paulmenzel/grant-insert-and-update-rights-to-db-user-ykval_verifier
doc/Installation: Grant insert and update rights to `ykval_verifier`
2016-05-09 08:12:35 +02:00
Klas Lindfors
53a5b0553d Merge branch 'sync-fixup' 2016-05-03 09:36:52 +02:00
Klas Lindfors
fc7d9fdc84 add php 7.0 for travis 2016-04-29 15:45:50 +02:00
Klas Lindfors
aaef07083a make getHttpVal() take the array to extract from
refactor so verify early finds out which of $_GET and $_POST to use and
then stick to using only that for the entire flow.

sync only works with GET anyways so use $_GET directly.
2016-04-29 15:42:37 +02:00
Klas Lindfors
131f1c5e11 use strtok() instead of explode() since we only care about first element 2016-04-29 09:48:59 +02:00
Klas Lindfors
ec3f7788a0 use different syntax to caputer first element of explode() call
apparently not supported in 5.3 to get first element directly
2016-04-29 09:21:27 +02:00
Klas Lindfors
9a5a24c45f rework re-sync to not use CURLOPT_PRIVATE
relates #41
2016-04-29 09:06:25 +02:00
Klas Lindfors
b47206fff9 bump version 2016-04-19 16:27:20 +02:00
Klas Lindfors
3216dbdc47 news for 2.35 2016-04-19 16:25:31 +02:00
Klas Lindfors
925def6706 add ykval-log-verify.php to the install target 2016-04-19 16:24:25 +02:00
Jean Paul Galea
d077c93c30 Bump versions. 2016-04-19 09:12:59 +02:00
Jean Paul Galea
bc0a4ffffe NEWS for 2.34 2016-04-18 19:04:40 +02:00
Jean Paul Galea
be784b8aaa Fix issue with $baseParam value.
- introduced recently in these log format changes.

- require_once 'ykval-config.php in logformat()
	did not import, because it takes place in ykval-verify.php.

- hence logformat() did not have $baseParams in scope,
	so we never write the log line.

- refactor and set format outside the class itself.
2016-04-18 16:38:39 +02:00
Jean Paul Galea
0838ecf56f Add sl and timeout to request log variables. 2016-04-18 16:33:00 +02:00
Jean Paul Galea
3edc7f077b Make it clear that default will be a string digit.
- since getHttpVal casts to string anyway.
2016-04-18 16:15:11 +02:00
Jean Paul Galea
714d6c9117 Avoid ambiguity with client id.
- getHttpVal always returns a string,
	so always treat $client as a string in other checks.
2016-04-18 16:10:42 +02:00
Jean Paul Galea
28c64e64fb Add tls and protocol variables to request log. 2016-04-18 15:40:04 +02:00
Jean Paul Galea
8a18cfea68 Rename variable. 2016-04-18 14:50:39 +02:00
Jean Paul Galea
922fe50163 Fix syntax errors introduced in previous commit. 2016-04-18 14:48:29 +02:00
Jean Paul Galea
c01c19c860 Add a verify request log line.
- Traditionally we wrote two lines for each ykval-verify.php call,
	'Request:' and 'Response:'.

- This commit allows us to log both request/response values in a single line.

- For backward compatibility, the old logging is kept in place.

- To write this line to syslog, __YKVAL_VERIFY_LOGFORMAT__ needs to be set.
2016-04-18 14:42:57 +02:00
Klas Lindfors
3a85744814 limit how many queued entries we get on each run
if there's more than 1000 queued we will get another 1000 on the next
run.
2016-03-14 14:52:15 +01:00
Klas Lindfors
ba0d6fc193 put building syncurl in a function 2016-03-08 09:33:53 +01:00
Klas Lindfors
2a0f74c78d implement paralell syncing with curl_multi 2016-03-08 09:33:53 +01:00
Paul Menzel
6c8377e35e doc/Installation: Grant insert and update rights to ykval_verifier
Currently, when following the installation instructions, the scripts
adding clients to the database don’t work as the user `ykval_verifier`
does not have any insert rights for the table `clients`.

```
LOG_DEBUG:ykval-gen-clients:db:DB query is:SELECT id FROM clients ORDER BY id DESC LIMIT 1
LOG_DEBUG:ykval-gen-clients:db:DB query is: INSERT INTO clients (id,active,created,secret,email,notes,otp) VALUES ('1', '1', '1404359826','XXXXXXXXXXXXXXXXXXXXXXXX =','','','')
LOG_INFO:ykval-gen-clients:db:Database query error: Array ( [0] => 42000 [1] => 1142 [2] => INSERT command denied to user 'ykval_verifier'@'localhost' for table 'clients' )
LOG_ERR:ykval-gen-clients:Failed to insert new client with query INSERT INTO clients (id,active,created,secret,email,notes,otp) VALUES ('1', '1', '1404359826’,’XXXXXXXXXXXXXXXXXXXXXXXX=','','','')
Failed to insert new client with query INSERT INTO clients (id,active,created,secret,email,notes,otp) VALUES ('1', '1', '1404359826','XXXXXXXXXXXXXXXXXXXXXXXX =','','','')`
```

Therefore, update the documentation, to also grant the user
`ykval_verifier` the rights to insert and update records into the table
`clients`. No delete rights are granted, because there is an `active`
column, which should probably used over deletion of clients.

Note, the original idea was probably to use two database users. One for
inserting and updating data, and one for querying/validating it. As,
nothing is written about this though, use the existing/recommended user
for both things.

Fixes: #20 (ykval_verifier SQL user doesn't have permission to INSERT
INTO clients, breaks ykval-gen-clients)
2016-02-08 12:26:27 +01:00
Klas Lindfors
a4f8c24877 Merge pull request #38 from paulmenzel/improve-documentation-for-import-export-data
Improve documentation for import export data
2016-02-05 13:00:17 +01:00
Paul Menzel
9edbf78e6a doc/Import_Export_Data: Correct typo in *information*
Add the missing *r* in *information*.
2016-02-04 23:29:27 +01:00
Paul Menzel
aa645ad52a doc/Import_Export_Data: Remove trailing whitespace
Run the command `StripWhitespace` from Vim Better Whitespace Plugin [1].

[1] https://github.com/ntpeters/vim-better-whitespace
2016-02-04 23:28:22 +01:00
Klas Lindfors
b3d8206da0 Merge pull request #37 from paulmenzel/add-install-command-for-non-deb-distributions
doc/Installation: Add install commands for non-Debian distributions
2016-01-07 15:28:54 +01:00
Paul Menzel
ab11b5ed91 doc/Installation: Add install commands for non-Debian distributions
Running `sudo make install` on non-Debian distributions fails, as the
group of the Apache HTTP server are named differently. Therefore, update
the documentation. The group name for SUSE is taken from the [OTRS
manual][1].

[1]: https://otrs.github.io/doc/manual/admin/4.0/de/html/manual-installation-of-otrs.html
2016-01-05 22:38:31 +01:00
Klas Lindfors
c688a9ecba Merge pull request #36 from paulmenzel/improve-installation-documentation
Improve installation documentation
2016-01-05 10:21:58 +01:00
Paul Menzel
26de7d6c66 doc/Installation: Mark up file names [1]
[1] http://asciidoctor.org/docs/asciidoc-syntax-quick-reference/#source-code
2015-12-23 16:12:28 +01:00
Paul Menzel
249ae16094 doc/Installation: Update Ubuntu recommendation to 14.04 LTS
Ubuntu 12.04 LTS will be supported until April 2017, but Ubuntu 14.04
LTS has been around long enough, so it’s well tested and probably more
common to install than 12.04 LTS. It’s supported until April 2019 [1].

[1] https://wiki.ubuntu.com/Releases
2015-12-23 15:54:02 +01:00
Paul Menzel
6a3c57992d doc/Installation: Fix wording to *The following steps apply …* 2015-12-23 15:39:45 +01:00
Klas Lindfors
0024848e2f Merge pull request #35 from paulmenzel/remove-trailing-whitespace-from-installation-documentation
doc/Installation: Remove trailing whitespace
2015-12-22 08:56:33 +01:00
Paul Menzel
ea0c0d4d9b doc/Installation: Remove trailing whitespace
Run the command `StripWhitespace` from Vim Better Whitespace Plugin [1].

[1] https://github.com/ntpeters/vim-better-whitespace
2015-12-21 18:35:09 +01:00
Jean Paul Galea
426ff9d4cb Merge pull request #33 from paulmenzel/fix-typo-in-comment-of-config-file
ykval-config.php: Spell *addresses* correctly in comment
2015-12-09 16:45:19 +01:00
Jean Paul Galea
32dd78b875 Merge pull request #34 from paulmenzel/fix-spelling-of-ksm
ykval-config.php: Use *ksm* instead of *kms*
2015-12-09 16:44:58 +01:00
Paul Menzel
8d3be1f352 ykval-config.php: Use *ksm* instead of *kms*
Avoid confusion and use the correct spelling for the three letter
acronym KSM (Key Storage Module).
2015-12-08 16:31:53 +01:00
Paul Menzel
ec8bbd3f53 ykval-config.php: Spell *addresses* correctly in comment 2015-12-08 16:24:33 +01:00
Jean Paul Galea
9e351f69e5 Bump versions. 2015-10-05 09:16:54 +02:00
Jean Paul Galea
45d01d2106 NEWS for 2.33 2015-10-05 09:07:45 +02:00
Jean Paul Galea
c4b20dd105 Added localhost port 80 for ksm service.
- previously the default config only included port 80.

- this was changed in 382cfc2ab5,
	to avoid issues with yhsm-yubikey-ksm, which defaults to port 8002.

- however, this broke configurations running with yubikey-ksm,
	which defaults to port 80.

- a better approach is to have both projects using the same defaults,
	but for now we'll include both urls instead.

- the ksm decrypt requests happen asynchronously,
	so there should not be any performance degradation.

	(since either one of the urls will timeout)
2015-09-24 11:19:32 +02:00
Jean Paul Galea
cf3b089fcc Drop some comments.
- not really helpful, better to just depend on what the code does.
2015-09-15 19:54:23 +00:00
Jean Paul Galea
d0a8657e84 Avoid variable aliases. 2015-09-15 18:41:51 +00:00
Jean Paul Galea
c46d13da17 Refactor.
- simplify and avoid using different arrays with same values.

- build $otpParams from $otpinfo as soon as we have ksm result,
	then unset $otpinfo.

- futher down, only use $otpParams and $localParams.
2015-09-15 18:29:55 +00:00
Jean Paul Galea
8f8b8b8e8c Refactor and modify LOG_INFO message.
- as a result of this commit,
	key=val are separated with two spaces instead of one.
2015-09-15 17:37:49 +00:00