refactor so verify early finds out which of $_GET and $_POST to use and
then stick to using only that for the entire flow.
sync only works with GET anyways so use $_GET directly.
- introduced recently in these log format changes.
- require_once 'ykval-config.php in logformat()
did not import, because it takes place in ykval-verify.php.
- hence logformat() did not have $baseParams in scope,
so we never write the log line.
- refactor and set format outside the class itself.
- Traditionally we wrote two lines for each ykval-verify.php call,
'Request:' and 'Response:'.
- This commit allows us to log both request/response values in a single line.
- For backward compatibility, the old logging is kept in place.
- To write this line to syslog, __YKVAL_VERIFY_LOGFORMAT__ needs to be set.
Currently, when following the installation instructions, the scripts
adding clients to the database don’t work as the user `ykval_verifier`
does not have any insert rights for the table `clients`.
```
LOG_DEBUG:ykval-gen-clients:db:DB query is:SELECT id FROM clients ORDER BY id DESC LIMIT 1
LOG_DEBUG:ykval-gen-clients:db:DB query is: INSERT INTO clients (id,active,created,secret,email,notes,otp) VALUES ('1', '1', '1404359826','XXXXXXXXXXXXXXXXXXXXXXXX =','','','')
LOG_INFO:ykval-gen-clients:db:Database query error: Array ( [0] => 42000 [1] => 1142 [2] => INSERT command denied to user 'ykval_verifier'@'localhost' for table 'clients' )
LOG_ERR:ykval-gen-clients:Failed to insert new client with query INSERT INTO clients (id,active,created,secret,email,notes,otp) VALUES ('1', '1', '1404359826’,’XXXXXXXXXXXXXXXXXXXXXXXX=','','','')
Failed to insert new client with query INSERT INTO clients (id,active,created,secret,email,notes,otp) VALUES ('1', '1', '1404359826','XXXXXXXXXXXXXXXXXXXXXXXX =','','','')`
```
Therefore, update the documentation, to also grant the user
`ykval_verifier` the rights to insert and update records into the table
`clients`. No delete rights are granted, because there is an `active`
column, which should probably used over deletion of clients.
Note, the original idea was probably to use two database users. One for
inserting and updating data, and one for querying/validating it. As,
nothing is written about this though, use the existing/recommended user
for both things.
Fixes: #20 (ykval_verifier SQL user doesn't have permission to INSERT
INTO clients, breaks ykval-gen-clients)
Ubuntu 12.04 LTS will be supported until April 2017, but Ubuntu 14.04
LTS has been around long enough, so it’s well tested and probably more
common to install than 12.04 LTS. It’s supported until April 2019 [1].
[1] https://wiki.ubuntu.com/Releases
- previously the default config only included port 80.
- this was changed in 382cfc2ab5,
to avoid issues with yhsm-yubikey-ksm, which defaults to port 8002.
- however, this broke configurations running with yubikey-ksm,
which defaults to port 80.
- a better approach is to have both projects using the same defaults,
but for now we'll include both urls instead.
- the ksm decrypt requests happen asynchronously,
so there should not be any performance degradation.
(since either one of the urls will timeout)
- simplify and avoid using different arrays with same values.
- build $otpParams from $otpinfo as soon as we have ksm result,
then unset $otpinfo.
- futher down, only use $otpParams and $localParams.