nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

swekey patch 7

Browse Source
This commit is contained in:
Marc Delisle
2008-10-08 16:56:55 +00:00
parent f2c9af09e3
commit 19f448af24
4 changed files with 111 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
libraries/auth/swekey/authentication.inc.php
View File

@@ -8,45 +8,64 @@
function Swekey_Plugin()
{
try
{
{
if (g_SwekeyPlugin != null)
return g_SwekeyPlugin;
if (window.ActiveXObject)
{
g_SwekeyPlugin = new ActiveXObject("FbAuthAx.FbAuthCtl")
g_SwekeyPlugin = document.getElementById("swekey_activex");
if (g_SwekeyPlugin == null)
{
// we must create the activex that way instead of new ActiveXObject("FbAuthAx.FbAuthCtl");
// ortherwise SetClientSite is not called and we can not get the url
var div = document.createElement('div');
div.innerHTML='<object id="swekey_activex" style="display:none" CLASSID="CLSID:8E02E3F9-57AA-4EE1-AA68-A42DD7B0FADE"></object>';
// Never append to the body because it may still loading and it breaks IE
document.body.insertBefore(div, document.body.firstChild);
g_SwekeyPlugin = document.getElementById("swekey_activex");
}
return g_SwekeyPlugin;
}
g_SwekeyPlugin = document.embeds["script_generated_swekey_plugin"];
g_SwekeyPlugin = document.getElementById("swekey_plugin");
if (g_SwekeyPlugin != null)
return g_SwekeyPlugin;
for (x = 0; x < navigator.plugins.length; x ++)
for (i = 0; i < navigator.plugins.length; i ++)
{
try
{
if (navigator.plugins[x][0].type == "application/fbauth-plugin")
if (navigator.plugins[i] == null)
{
navigator.plugins.refresh();
}
else if (navigator.plugins[i][0] != null && navigator.plugins[i][0].type == "application/fbauth-plugin")
{
var x = document.createElement('embed');
x.setAttribute('type', 'application/fbauth-plugin');
x.setAttribute('id', 'script_generated_swekey_plugin');
x.setAttribute('id', 'swekey_plugin');
x.setAttribute('width', '0');
x.setAttribute('height', '0');
x.setAttribute('hidden', 'true');
document.body.appendChild(x);
g_SwekeyPlugin = document.embeds["script_generated_swekey_plugin"];
x.style.dislay='none';
//document.body.appendChild(x);
document.body.insertBefore(x, document.body.firstChild);
g_SwekeyPlugin = document.getElementById("swekey_plugin");
return g_SwekeyPlugin;
}
}
catch (e)
{
navigator.plugins.refresh();
//alert ('Failed to create plugin: ' + e);
}
}
}
catch (e)
{
// alert("Swekey_Plugin " + e);
//alert("Swekey_Plugin " + e);
g_SwekeyPlugin = null;
}
return null;
@@ -94,6 +113,40 @@
return "";
}
// -------------------------------------------------------------------
// Ask the Connected Swekey to generate a OTP linked to the current https host
// id: The id of the connected Swekey (returne by Swekey_ListKeyIds())
// rt: A random token
// return: The calculated OTP encoded in a 64 chars hexadecimal value.
// or "" if the current url does not start with https
function Swekey_GetLinkedOtp(id, rt)
{
try
{
return Swekey_Plugin().getlinkedotp(id, rt);
}
catch (e)
{
// alert("Swekey_GetSOtp " + e);
}
return "";
}
// -------------------------------------------------------------------
// Calls Swekey_GetOtp or Swekey_GetLinkedOtp depending if we are in
// an https page or not.
// id: The id of the connected Swekey (returne by Swekey_ListKeyIds())
// rt: A random token
// return: The calculated OTP encoded in a 64 chars hexadecimal value.
function Swekey_GetSmartOtp(id, rt)
{
var res = Swekey_GetLinkedOtp(id, rt);
if (res == "")
res = Swekey_GetOtp(id, rt);
return res;
}
// -------------------------------------------------------------------
// Set a unplug handler (url) to the specified connected feebee
// id: The id of the connected Swekey (returne by Swekey_ListKeyIds())
@@ -110,4 +163,5 @@
// alert("Swekey_SetUnplugUrl " + e);
}
}
</script>

35
libraries/auth/swekey/swekey.auth.lib.php
View File

@@ -30,7 +30,7 @@ function Swekey_auth_check()
}
// Set default values for settings
if (isset($_SESSION['SWEKEY']['CONF_SERVER_CHECK']))
if (! isset($_SESSION['SWEKEY']['CONF_SERVER_CHECK']))
$_SESSION['SWEKEY']['CONF_SERVER_CHECK'] = "";
if (! isset($_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN']))
$_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN'] = "";
@@ -39,7 +39,7 @@ function Swekey_auth_check()
if (! isset($_SESSION['SWEKEY']['CONF_CA_FILE']))
$_SESSION['SWEKEY']['CONF_CA_FILE'] = "";
if (! isset($_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE']))
$_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE'] = false;
$_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE'] = true;
if (! isset($_SESSION['SWEKEY']['CONF_DEBUG']))
$_SESSION['SWEKEY']['CONF_DEBUG'] = false;
}
@@ -92,7 +92,7 @@ function Swekey_auth_error()
{
if (key != Swekey_GetValidKey())
{
window.location.search = "";
window.location.search = "?swekey_reset";
}
else
setTimeout("timedCheck()",1000);
@@ -127,9 +127,12 @@ function Swekey_auth_error()
// if (file_exists($caFile))
// echo "<!-- exists -->\n";
}
if (file_exists($caFile))
Swekey_SetCAFile($caFile);
else if (! empty($caFile) && (substr($_SESSION['SWEKEY']['CONF_SERVER_CHECK'], 0, 8) == "https://"))
return "Internal Error: CA File $caFile not found";
$result = null;
parse_str($_SERVER['QUERY_STRING']);
if (isset($swekey_id)) {
@@ -181,9 +184,7 @@ function Swekey_auth_error()
var url = "" + window.location;
if (url.indexOf("?") > 0)
url = url.substr(0, url.indexOf("?"));
if (url.lastIndexOf("/") > 0)
url = url.substr(0, url.lastIndexOf("/"));
Swekey_SetUnplugUrl(key, "pma_login", url + "/libraries/auth/swekey/unplugged.php?session_to_unset=<?php echo session_id();?>");
Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>");
var otp = Swekey_GetOtp(key, <?php echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>);
window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp;
}
@@ -218,7 +219,7 @@ function Swekey_login($input_name, $input_go)
?>
function open_swekey_site()
{
window.open("http://www.swekey.com?promo=pma");
window.open("http://phpmyadmin.net/auth_key");
}
var input_username = document.getElementById("<?php echo $input_name; ?>");
@@ -249,4 +250,22 @@ function Swekey_login($input_name, $input_go)
echo '</script>';
}
}
if (strstr($_SERVER['QUERY_STRING'],'session_to_unset') != false)
{
parse_str($_SERVER['QUERY_STRING']);
session_write_close();
session_id($session_to_unset);
session_start();
$_SESSION = array();
session_write_close();
session_destroy();
exit;
}
if (isset($_GET['swekey_reset']))
{
unset($_SESSION['SWEKEY']);
}
?>

43
libraries/auth/swekey/swekey.php
View File

@@ -61,7 +61,7 @@ global $gSwekeyCA;
global $gSwekeyTokenCacheEnabled;
if (! isset($gSwekeyTokenCacheEnabled))
$gSwekeyTokenCacheEnabled = false;
$gSwekeyTokenCacheEnabled = true;
/**
* Change the address of the Check server.
@@ -185,7 +185,7 @@ function Swekey_HttpGet($url, &$response_code)
if (substr($url, 0, 8) == "https://")
{
global $gSwekeyCA;
$caFileOk = false;
if (! empty($gSwekeyCA))
{
if (file_exists($gSwekeyCA))
@@ -199,17 +199,8 @@ function Swekey_HttpGet($url, &$response_code)
error_log("SWEKEY_ERROR:Could not find CA file $gSwekeyCA getting $url");
}
if ($caFileOk)
{
curl_setopt($sess, CURLOPT_SSL_VERIFYHOST, '1');
curl_setopt($sess, CURLOPT_SSL_VERIFYPEER, '1');
}
else
{
curl_setopt($sess, CURLOPT_SSL_VERIFYHOST, '0');
curl_setopt($sess, CURLOPT_SSL_VERIFYPEER, '0');
}
curl_setopt($sess, CURLOPT_SSL_VERIFYHOST, '2');
curl_setopt($sess, CURLOPT_SSL_VERIFYPEER, '2');
curl_setopt($sess, CURLOPT_CONNECTTIMEOUT, '20');
curl_setopt($sess, CURLOPT_TIMEOUT, '20');
}
@@ -350,7 +341,10 @@ function Swekey_GetHalfRndToken()
*/
function Swekey_GetFastHalfRndToken()
{
global $gSwekeyTokenCacheEnabled;
$res = "";
$cachefile = "";
// We check if we have a valid RT is the session
if (isset($_SESSION['rnd-token-date']))
@@ -360,14 +354,15 @@ function Swekey_GetFastHalfRndToken()
// If not we try to get it from a temp file (PHP >= 5.2.1 only)
if (strlen($res) != 32 && $gSwekeyTokenCacheEnabled)
{
if (function_exists('sys_get_temp_dir') )
if (function_exists('sys_get_temp_dir'))
{
$tempdir = sys_get_temp_dir();
$modif = filemtime($tempdir."/swekey-rnd-token");
$cachefile = $tempdir."/swekey-rnd-token-".get_current_user();
$modif = filemtime($cachefile);
if ($modif != false)
if (time() - $modif < 30)
if (time() - $modif < 30)
{
$res = @file_get_contents($tempdir."/swekey-rnd-token");
$res = @file_get_contents($cachefile);
if (strlen($res) != 32)
$res = "";
else
@@ -378,23 +373,22 @@ function Swekey_GetFastHalfRndToken()
}
}
}
// If we don't have a valid RT here we have to get it from the server
if (strlen($res) != 32)
{
$res = substr(Swekey_GetHalfRndToken(), 0, 32);
$_SESSION['rnd-token'] = $res;
$_SESSION['rnd-token-date'] = time();
if (isset($tempdir))
if (! empty($cachefile))
{
// we unlink the file so no possible tempfile race attack (thanks Thijs)
unlink($tempdir."/swekey-rnd-token");
$file = fopen ($tempdir."/swekey-rnd-token" , "x");
unlink($cachefile);
$file = fopen($cachefile , "x");
if ($file != FALSE)
{
@fwrite($file, $res);
@fclose($file);
chmod($tempdir."/swekey-rnd-token", 0666); // it is a shared file everybody can read and write it
}
}
}
@@ -444,8 +438,7 @@ define ("SWEKEY_STATUS_OK",0);
define ("SWEKEY_STATUS_NOT_FOUND",1); // The key does not exist in the db
define ("SWEKEY_STATUS_INACTIVE",2); // The key has never been activated
define ("SWEKEY_STATUS_LOST",3); // The user has lost his key
define ("SWEKEY_STATUS_STOLLEN",4); // The key was stollen
define ("SWEKEY_STATUS_STOLEN",4); // The key was stollen
define ("SWEKEY_STATUS_STOLEN",4); // The key was stolen
define ("SWEKEY_STATUS_FEE_DUE",5); // The annual fee was not paid
define ("SWEKEY_STATUS_OBSOLETE",6); // The hardware is no longer supported
define ("SWEKEY_STATUS_UNKOWN",201); // We could not connect to the authentication server
@@ -474,7 +467,7 @@ function Swekey_GetStatusStr($status)
case SWEKEY_STATUS_NOT_FOUND : return 'Key does not exist in the db';
case SWEKEY_STATUS_INACTIVE : return 'Key not activated';
case SWEKEY_STATUS_LOST : return 'Key was lost';
case SWEKEY_STATUS_STOLLEN : return 'Key was stollen';
case SWEKEY_STATUS_STOLEN : return 'Key was stolen';
case SWEKEY_STATUS_FEE_DUE : return 'The annual fee was not paid';
case SWEKEY_STATUS_OBSOLETE : return 'Key no longer supported';
case SWEKEY_STATUS_REPLACED : return 'This key has been replaced by a backup key';

9
libraries/auth/swekey/unplugged.php
View File

@@ -1,9 +0,0 @@
<?php
// This url is triggered when a swekey is unplugged
parse_str($_SERVER['QUERY_STRING']);
session_id($session_to_unset);
session_start();
session_unset();
?>