//Can be used in order to debug DUO authentication require_once 'sessions.php'; session_start(); if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) { die('Hacking attempt...'); } if (!isset($_SESSION['settings']['cpassman_dir']) || $_SESSION['settings']['cpassman_dir'] == "" || $_SESSION['settings']['cpassman_dir'] == ".") { $_SESSION['settings']['cpassman_dir'] = ".."; } // DUO if ($_POST['type'] === "identify_duo_user") { // This step creates the DUO request encrypted key include $_SESSION['settings']['cpassman_dir'] . '/includes/settings.php'; // load library require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Authentication/DuoSecurity/Duo.php'; $sig_request = Duo::signRequest(IKEY, SKEY, AKEY, $_POST['login']); if ($debugDuo == 1) { $dbgDuo = fopen($_SESSION['settings']['path_to_files_folder'] . "/duo.debug.txt", "w"); fputs($dbgDuo, "\n\n-----\n\n" . "sig request : " . $_POST['login'] . "\n" . 'resp : ' . $sig_request . "\n"); } // return result echo '[{"sig_request" : "' . $sig_request . '"}]'; } elseif ($_POST['type'] == "identify_duo_user_check") { // this step is verifying the response received from the server include $_SESSION['settings']['cpassman_dir'] . '/includes/settings.php'; // load library require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Authentication/DuoSecurity/Duo.php'; $resp = Duo::verifyResponse(IKEY, SKEY, AKEY, $_POST['sig_response']); if ($debugDuo == 1) { $dbgDuo = fopen($_SESSION['settings']['path_to_files_folder'] . "/duo.debug.txt", "a"); fputs($dbgDuo, "\n\n-----\n\n" . "sig response : " . $_POST['sig_response'] . "\n" . 'resp : ' . $resp . "\n");
function duo_sign_request($user, $redirect) { $ikey = duo_get_option('duo_ikey'); $skey = duo_get_option('duo_skey'); $host = duo_get_option('duo_host'); $akey = duo_get_akey(); $username = $user->user_login; $duo_time = duo_get_time(); $request_sig = Duo::signRequest($ikey, $skey, $akey, $username, $duo_time); duo_debug_log("Displaying iFrame. Username: {$username} cookie domain: " . COOKIE_DOMAIN . " redirect_to_url: {$redirect} ikey: {$ikey} host: {$host} duo_time: {$duo_time}"); duo_debug_log("Duo request signature: {$request_sig}"); $post_action = esc_url(site_url('wp-login.php', 'login_post')); $iframe_attributes = array('id' => 'duo_iframe', 'data-host' => $host, 'data-sig-request' => $request_sig, 'data-post-action' => $post_action, 'frameborder' => '0'); $iframe_attributes = array_map("parameterize", array_keys($iframe_attributes), array_values($iframe_attributes)); $iframe_attributes = implode(" ", $iframe_attributes); ?> <html> <head> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <?php global $wp_version; if (version_compare($wp_version, "3.3", "<=")) { echo '<link rel="stylesheet" type="text/css" href="' . admin_url('css/login.css') . '" />'; } else { if (version_compare($wp_version, "3.7", "<=")) { echo '<link rel="stylesheet" type="text/css" href="' . admin_url('css/wp-admin.css') . '" />'; echo '<link rel="stylesheet" type="text/css" href="' . admin_url('css/colors-fresh.css') . '" />'; } else { if (version_compare($wp_version, "3.8", "<=")) { echo '<link rel="stylesheet" type="text/css" href="' . admin_url('css/wp-admin.css') . '" />'; echo '<link rel="stylesheet" type="text/css" href="' . admin_url('css/colors.css') . '" />'; } else { echo '<link rel="stylesheet" type="text/css" href="' . admin_url('css/login.min.css') . '" />'; } } } ?> <style> body { background: #f1f1f1; } .centerHeader { width: 100%; padding-top: 8%; } #WPLogo { width: 100%; } .iframe_div { width: 90%; max-width: 620px; margin: 0 auto; } #duo_iframe { height: 500px; width: 100%; min-width: 304px; max-width: 620px; } div { background: transparent; } </style> </head> <body class="login" > <script src="<?php echo plugins_url('duo_web/Duo-Web-v2.min.js?v=2', __FILE__); ?> "></script> <h1 class="centerHeader"> <a href="http://wordpress.org/" id="WPLogo" title="Powered by WordPress"><?php echo get_bloginfo('name'); ?> </a> </h1> <div class="iframe_div"> <iframe <?php echo $iframe_attributes; ?> ></iframe> </div> <form method="POST" style="display:none;" id="duo_form"> <?php if (isset($_POST['rememberme'])) { ?> <input type="hidden" name="rememberme" value="<?php echo esc_attr($_POST['rememberme']); ?> "/> <?php } if (isset($_REQUEST['interim-login'])) { echo '<input type="hidden" name="interim-login" value="1"/>'; } else { echo '<input type="hidden" name="redirect_to" value="' . esc_attr($redirect) . '"/>'; } ?> </form> </body> </html> <?php }
function tryToLogUser(&$httpVars, $isLast = false) { // CATCH THE STANDARD LOGIN OPERATION if (!isset($httpVars["get_action"]) || $httpVars["get_action"] != "login") { return false; } if (AJXP_Utils::userAgentIsNativePydioApp()) { return false; } $userId = isset($httpVars["userid"]) ? trim($httpVars["userid"]) : null; $duoActive = false; if (!empty($userId)) { $uObject = ConfService::getConfStorageImpl()->createUserObject($userId); if ($uObject != null) { $duoActive = $uObject->mergedRole->filterParameterValue("authfront.duosecurity", "DUO_AUTH_ACTIVE", AJXP_REPO_SCOPE_ALL, false); } } if (!$duoActive) { return false; } $rememberLogin = ""; $rememberPass = ""; $secureToken = ""; $loggedUser = null; include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php"; if (AuthService::suspectBruteForceLogin() && (!isset($httpVars["captcha_code"]) || !CaptchaProvider::checkCaptchaResult($httpVars["captcha_code"]))) { $loggingResult = -4; } else { $userId = isset($httpVars["userid"]) ? trim($httpVars["userid"]) : null; $userPass = isset($httpVars["password"]) ? trim($httpVars["password"]) : null; $rememberMe = isset($httpVars["remember_me"]) && $httpVars["remember_me"] == "true" ? true : false; $cookieLogin = isset($httpVars["cookie_login"]) ? true : false; $loggingResult = AuthService::logUser($userId, $userPass, false, $cookieLogin, $httpVars["login_seed"]); if ($rememberMe && $loggingResult == 1) { $rememberLogin = "******"; $rememberPass = "******"; } if ($loggingResult == 1) { session_regenerate_id(true); $secureToken = AuthService::generateSecureToken(); } if ($loggingResult < 1 && AuthService::suspectBruteForceLogin()) { $loggingResult = -4; // Force captcha reload } } $loggedUser = AuthService::getLoggedUser(); if ($loggedUser != null) { $force = $loggedUser->mergedRole->filterParameterValue("core.conf", "DEFAULT_START_REPOSITORY", AJXP_REPO_SCOPE_ALL, -1); $passId = -1; if (isset($httpVars["tmp_repository_id"])) { $passId = $httpVars["tmp_repository_id"]; } else { if ($force != "" && $loggedUser->canSwitchTo($force) && !isset($httpVars["tmp_repository_id"]) && !isset($_SESSION["PENDING_REPOSITORY_ID"])) { $passId = $force; } } $res = ConfService::switchUserToActiveRepository($loggedUser, $passId); if (!$res) { AuthService::disconnect(); $loggingResult = -3; } } if ($loggedUser != null && (AuthService::hasRememberCookie() || isset($rememberMe) && $rememberMe == true)) { AuthService::refreshRememberCookie($loggedUser); } AJXP_XMLWriter::header(); AJXP_XMLWriter::loggingResult($loggingResult, $rememberLogin, $rememberPass, $secureToken); AJXP_XMLWriter::close(); if ($loggingResult > 0 && $loggedUser != null) { require_once $this->getBaseDir() . "/duo_php/duo_web.php"; $appUnique = $this->getFilteredOption("DUO_AUTH_AKEY"); $iKey = $this->getFilteredOption("DUO_AUTH_IKEY"); $sKey = $this->getFilteredOption("DUO_AUTH_SKEY"); $res = Duo::signRequest($iKey, $sKey, $appUnique, $loggedUser->getId()); $loggedUser->personalRole->setParameterValue("authfront.duosecurity", "DUO_AUTH_LAST_SIGNATURE", $res); $loggedUser->setLock("duo_show_iframe"); $loggedUser->save("superuser"); } // if($loggingResult > 0 || $isLast){ exit; // } }
throw new SimpleSAML_Error_BadRequest('Missing required username attribute.'); } if ($resp != NULL and $resp === $username) { SimpleSAML_Auth_ProcessingChain::resumeProcessing($this->data['state']); } else { throw new SimpleSAML_Error_BadRequest('Response verification failed.'); } } /* * Verify username and password. If the user and pass are good, then generate * a sig_request and load up the Duo iframe for secondary authentication. */ if (isset($attributes[$username_attribute])) { $username = $attributes[$username_attribute][0]; // Generate sig request and then load up Duo javascript and iframe $sig_request = Duo::signRequest(IKEY, SKEY, AKEY, $username); ?> <script src="Duo-Web-v2.min.js"></script> <link rel="stylesheet" type="text/css" href="Duo-Frame.css"> <?php foreach ($this->data['yesData'] as $name => $value) { printf('<input type="hidden" id="%s" name="%s" value="%s" />', xssafe($name), xssafe($name), xssafe($value)); } ?> <iframe id="duo_iframe" frameborder="0" data-host="<?php xecho(HOST); ?> " data-sig-request="<?php xecho($sig_request); ?>
<?php // ******************************** // DO NOT MODIFY // ******************************** $returnUrl = ulUtils::CurrentURL(); $sig_request = Duo::signRequest(UL_DUOSEC_IKEY, UL_DUOSEC_SKEY, UL_DUOSEC_AKEY, $uid); // ******************************** // MAKE MODIFICATION BELOW WHERE NOTED // If possible, only insert but do not modify // ******************************** // ******************************** // Your HTML here // doctype, head, title etc. // ******************************** ?> <script src="<?php echo UL_DUOSEC_JQUERY_URI; ?> "></script> <script src="<?php echo UL_DUOSEC_JS_URL; ?> "></script> <script> Duo.init({ 'host':'<?php echo UL_DUOSEC_HOST; ?> ', 'post_action':'<?php
$name = $attributes['namePerson']; } addlog(LOG_LOGIN, "oid: '{$oidlogin}'; email: '{$email}'; friendly: '{$friendly}'; name: '{$name}'"); } // is this OpenID known to us? $query = "\n SELECT uid, use_duo\n FROM users\n WHERE oidlogin='******'\n LIMIT 1;\n "; $result = do_query($query); if (has_results($result)) { $row = get_row($result); $use_duo = $row['use_duo']; $uid = (string) $row['uid']; } if ($use_duo) { addlog(LOG_LOGIN, sprintf(" duo login for UID %s (openid %s)", $uid, $oidlogin)); show_header('login', 0); $sig_request = Duo::signRequest(IKEY, SKEY, AKEY, $oidlogin); ?> <script src="js/Duo-Web-v1.bundled.min.js"></script> <script> Duo.init({'host': <?php echo "'" . HOST . "'"; ?> , 'post_action': '?page=login', 'sig_request': <?php echo "'" . $sig_request . "'"; ?> }); </script> <iframe id="duo_iframe" width="500" height="800" frameborder="0" allowtransparency="true" style="background: transparent;"></iframe> <?php