Mercurial Mercurial > repos > yms / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add support for freezing the YMS client ID
authorDan Fuhry <dan@enanocms.org>
Mon, 24 Nov 2014 15:11:44 -0500
changeset 8 be4a5f24bb29
parent 7 3db638306413
child 9 d58bafde2a92
Add support for freezing the YMS client ID
YubikeyManagement.php file | annotate | diff | comparison | revisions
yms/admincp.php file | annotate | diff | comparison | revisions
yms/yms.php file | annotate | diff | comparison | revisions 
--- a/YubikeyManagement.php	Fri Aug 20 01:43:08 2010 -0400
+++ b/YubikeyManagement.php	Mon Nov 24 15:11:44 2014 -0500
@@ -192,6 +192,8 @@
         acp_field_claim_enable_hint: 'If you plan to program your own Yubikeys and give them to others, enable this to allow them to create YMS accounts and "claim" the keys so they can see AES secrets and control settings on their keys.<br />
                                       If you enable this, all Administrators will see an option when adding a new key to put it into the pool of unclaimed keys.<br />
                                       To claim a Yubikey, YMS requires users to enter a valid OTP, and optionally, an additional field you may configure below.',
+		acp_field_force_client_id_title: 'Shared client ID:',
+		acp_field_force_client_id_hint: 'If set, all Yubikeys will be registered to the same underlying client account. This allows everyone on the site to manage a single pool of Yubikeys using different accounts.',
         acp_field_claim_enable: 'Enable the claim system',
         acp_field_claimauth_enable_title: 'Use external authentication when claiming Yubikeys:',
         acp_field_claimauth_enable_hint: 'This allows you to require an additional value - for example, the receipt number from the user\'s Yubikey order - when Yubikeys are claimed.',
--- a/yms/admincp.php	Fri Aug 20 01:43:08 2010 -0400
+++ b/yms/admincp.php	Mon Nov 24 15:11:44 2014 -0500
@@ -21,6 +21,7 @@
   if ( isset($_POST['submit']) )
   {
     setConfig('yms_require_reauth', isset($_POST['require_reauth']) ? '1' : '0');
+    setConfig('yms_force_client_id', !empty($_POST['force_client_id']) && ctype_digit($_POST['force_client_id']) ? $_POST['force_client_id'] : '');
     setConfig('yms_claim_enable', isset($_POST['claim_enable']) ? '1' : '0');
     setConfig('yms_claim_auth_enable', isset($_POST['claimauth_enable']) ? '1' : '0');
     setConfig('yms_claim_auth_field', $_POST['claimauth_field']);
@@ -56,6 +57,16 @@
     
     <tr>
       <td class="row2" style="width: 50%;">
+        <?php echo $lang->get('yms_acp_field_force_client_id_title'); ?><br />
+        <small><?php echo $lang->get('yms_acp_field_force_client_id_hint'); ?></small>
+      </td>
+      <td class="row1" style="width: 50%;">
+        <input type="text" size="5" name="force_client_id" <?php if ( ($force_cid = getConfig('yms_force_client_id', 0)) > 0 ) echo 'value="' . $force_cid . '"'; ?>/>
+      </td>
+    </tr>
+    
+    <tr>
+      <td class="row2" style="width: 50%;">
         <?php echo $lang->get('yms_acp_field_claim_enable_title'); ?><br />
         <small><?php echo $lang->get('yms_acp_field_claim_enable_hint'); ?></small>
       </td>
--- a/yms/yms.php	Fri Aug 20 01:43:08 2010 -0400
+++ b/yms/yms.php	Mon Nov 24 15:11:44 2014 -0500
@@ -7,7 +7,7 @@
   global $output;
   global $yms_client_id;
   
-  $yms_client_id = $session->user_id;
+  $yms_client_id = ($force_cid = getConfig('yms_force_client_id', 0)) > 0 ? intval($force_cid) : $session->user_id;
   
   // Require re-auth?
   if ( $session->auth_level < USER_LEVEL_CHPREF && getConfig('yms_require_reauth', 1) == 1 )
Yubikey Management Server