--- a/YubikeyManagement.php	Sat Aug 01 01:05:45 2009 -0400
+++ b/YubikeyManagement.php	Sat Aug 01 01:42:21 2009 -0400
@@ -33,6 +33,7 @@
 require(ENANO_ROOT . '/plugins/yms/backend.php');
 require(ENANO_ROOT . '/plugins/yms/validate.php');
 require(ENANO_ROOT . '/plugins/yms/validate-functions.php');
+require(ENANO_ROOT . '/plugins/yms/admincp.php');
 
 /**!language**
 
@@ -162,7 +163,31 @@
         btn_delete_key: 'Delete key',
         btn_show_aes: 'Show AES secret',
         btn_show_converter: 'Binary encoding converter',
-        btn_show_client_info: 'View client info'
+        btn_show_client_info: 'View client info',
+        
+        // ADMIN
+        acp_title: 'Yubikey Management Server',
+        acp_heading_main: 'YMS configuration',
+        acp_th_main: 'Yubikey Management Server options',
+        acp_field_require_reauth_title: 'Require re-authentication to access YMS interface:',
+        acp_field_require_reauth_hint: 'This can be redundant and unnecessary if the sole purpose of your Enano installation is for YMS purposes.',
+        acp_field_require_reauth: 'YMS pages require re-authentication',
+        acp_field_claimauth_enable_title: 'Use external authentication when claiming Yubikeys:',
+        acp_field_claimauth_enable_hint: 'This allows you to require an additional value - for example, the receipt number from the user\'s Yubikey order - when Yubikeys are claimed.',
+        acp_field_claimauth_enable: 'Require additional field to claim a Yubikey',
+        acp_field_claimauth_url_title: 'URL to claim authentication server:',
+        acp_field_claimauth_url_hint: 'The following variables will be applied:
+                                       <ul>
+                                         <li>%c = The value the user entered in your custom field</li>
+                                         <li>%o = The Yubikey OTP from the form</li>
+                                         <li>%h = The HMAC signature of the request</li>
+                                       </ul>
+                                       This authentication uses the same protocol as other Yubikey authentication servers. See the <a href="http://enanocms.org/plugin/yms" onclick="window.opeh(this.href); return false;">YMS plugin page on enanocms.org</a> for information on how to write an authentication server.<br />
+                                       <b>Example URL:</b> <tt>http://10.4.27.3/wsapi/validateclaim?id=1&amp;tid=%c&amp;otp=%o&amp;h=%h</tt>',
+        acp_field_claimauth_key_title: 'API key for authentication server:',
+        acp_field_claimauth_key_hint: 'If provided, YMS will sign the requests it makes to your authentication server. Leave blank to disable signature support.',
+        
+        acp_msg_saved: 'Your changes to the YMS configuration have been saved.',
       }
     }
   }

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/yms/admincp.php	Sat Aug 01 01:42:21 2009 -0400
@@ -0,0 +1,111 @@
+<?php
+
+$plugins->attachHook('session_started', "yms_add_admincp();");
+ 
+function yms_add_admincp()
+{
+  global $paths;
+ 
+  $paths->addAdminNode('adm_cat_appearance', 'yms_acp_title', 'YMS', scriptPath . '/plugins/yms/icons/admincp.png');
+}
+ 
+function page_Admin_YMS()
+{
+  // Security check
+  global $session;
+  if ( $session->auth_level < USER_LEVEL_ADMIN )
+    return false;
+  
+  global $lang;
+  
+  if ( isset($_POST['submit']) )
+  {
+    setConfig('yms_require_reauth', isset($_POST['require_reauth']) ? '1' : '0');
+    setConfig('yms_claim_auth_enable', isset($_POST['claimauth_enable']) ? '1' : '0');
+    setConfig('yms_claim_auth_field', $_POST['claimauth_field']);
+    setConfig('yms_claim_auth_url', $_POST['claimauth_url']);
+    setConfig('yms_claim_auth_key', $_POST['claimauth_key']);
+    
+    echo '<div class="info-box">' . $lang->get('yms_acp_msg_saved') . '</div>';
+  }
+ 
+  acp_start_form();
+  ?>
+  <h3><?php echo $lang->get('yms_acp_heading_main'); ?></h3>
+  
+  <div class="tblholder">
+  <table border="0" cellspacing="1" cellpadding="4">
+  
+    <tr>
+      <th colspan="2"><?php echo $lang->get('yms_acp_th_main'); ?></th>
+    </tr>
+    
+    <tr>
+      <td class="row2" style="width: 50%;">
+        <?php echo $lang->get('yms_acp_field_require_reauth_title'); ?><br />
+        <small><?php echo $lang->get('yms_acp_field_require_reauth_hint'); ?></small>
+      </td>
+      <td class="row1" style="width: 50%;">
+        <label>
+          <input type="checkbox" name="require_reauth" <?php if ( getConfig('yms_require_reauth', 1) == 1 ) echo 'checked="checked" '; ?>/>
+          <?php echo $lang->get('yms_acp_field_require_reauth'); ?>
+        </label>
+      </td>
+    </tr>
+    
+    <tr>
+      <td class="row2" style="width: 50%;">
+        <?php echo $lang->get('yms_acp_field_claimauth_enable_title'); ?><br />
+        <small><?php echo $lang->get('yms_acp_field_claimauth_enable_hint'); ?></small>
+      </td>
+      <td class="row1" style="width: 50%;">
+        <label>
+          <input type="checkbox" name="claimauth_enable" <?php if ( getConfig('yms_claim_auth_enable', 1) == 1 ) echo 'checked="checked" '; ?>/>
+          <?php echo $lang->get('yms_acp_field_claimauth_enable'); ?>
+        </label>
+      </td>
+    </tr>
+    
+    <tr>
+      <td class="row2" style="width: 50%;">
+        <?php echo $lang->get('yms_acp_field_claimauth_enable_title'); ?><br />
+        <small><?php echo $lang->get('yms_acp_field_claimauth_enable_hint'); ?></small>
+      </td>
+      <td class="row1" style="width: 50%;">
+        <input type="text" name="claimauth_field" value="<?php echo htmlspecialchars(getConfig('yms_claim_auth_field', '')); ?>" size="40" />
+      </td>
+    </tr>
+    
+    <tr>
+      <td class="row2" style="width: 50%;">
+        <?php echo $lang->get('yms_acp_field_claimauth_url_title'); ?><br />
+        <small><?php echo $lang->get('yms_acp_field_claimauth_url_hint'); ?></small>
+      </td>
+      <td class="row1" style="width: 50%;">
+        <input type="text" name="claimauth_url" value="<?php echo htmlspecialchars(getConfig('yms_claim_auth_url', '')); ?>" size="40" />
+      </td>
+    </tr>
+    
+    <tr>
+      <td class="row2" style="width: 50%;">
+        <?php echo $lang->get('yms_acp_field_claimauth_key_title'); ?><br />
+        <small><?php echo $lang->get('yms_acp_field_claimauth_key_hint'); ?></small>
+      </td>
+      <td class="row1" style="width: 50%;">
+        <input type="text" name="claimauth_key" value="<?php echo htmlspecialchars(getConfig('yms_claim_auth_key', '')); ?>" size="40" />
+      </td>
+    </tr>
+    
+    <tr>
+      <th colspan="2" class="subhead">
+        <input name="submit" type="submit" value="<?php echo $lang->get('etc_save_changes'); ?>" />
+      </th>
+    </tr>
+  
+  </table>
+  </div>
+  
+  </form>
+  <?php
+}
+

Binary file yms/icons/admincp.png has changed

--- a/yms/yms.php	Sat Aug 01 01:05:45 2009 -0400
+++ b/yms/yms.php	Sat Aug 01 01:42:21 2009 -0400
@@ -63,7 +63,7 @@
   else if ( isset($_POST['claim_otp']) )
   {
     // do we need to validate a custom field?
-    if ( ($url = getConfig('yms_claim_auth_url')) && getConfig('yms_claim_auth_field') )
+    if ( ($url = getConfig('yms_claim_auth_url')) && getConfig('yms_claim_auth_field') && getConfig('yms_claim_auth_enable', 0) == 1 )
     {
       if ( ($result = yms_validate_custom_field($_POST['custom_field'], $_POST['claim_otp'], $url)) !== true )
         yms_send_response('n/a', $result);