예제 #1
0
/**
 * Handle Swekey authentication error.
 */
function Swekey_auth_error()
{
    if (!isset($_SESSION['SWEKEY'])) {
        return null;
    }
    if (!$_SESSION['SWEKEY']['ENABLED']) {
        return null;
    }
    include_once './libraries/plugins/auth/swekey/authentication.inc.php';
    ?>
    <script>
    function Swekey_GetValidKey()
    {
        var valids = "<?php 
    foreach ($_SESSION['SWEKEY']['VALID_SWEKEYS'] as $key => $value) {
        echo $key . ',';
    }
    ?>
";
        var connected_keys = Swekey_ListKeyIds().split(",");
        for (i in connected_keys) {
            if (connected_keys[i] != null && connected_keys[i].length == 32) {
                if (valids.indexOf(connected_keys[i]) >= 0) {
                   return connected_keys[i];
                }
            }
        }


        if (connected_keys.length > 0) {
            if (connected_keys[0].length == 32) {
                return "unknown_key_" + connected_keys[0];
            }
        }

        return "none";
    }

    var key = Swekey_GetValidKey();

    function timedCheck()
    {
        if (key != Swekey_GetValidKey()) {
            window.location.search = "?swekey_reset";
        } else {
            setTimeout("timedCheck()",1000);
        }
    }

    setTimeout("timedCheck()",1000);
    </script>
     <?php 
    if (!empty($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY'])) {
        return null;
    }
    if (count($_SESSION['SWEKEY']['VALID_SWEKEYS']) == 0) {
        return sprintf(__('File %s does not contain any key id'), $GLOBALS['cfg']['Server']['auth_swekey_config']);
    }
    include_once "libraries/plugins/auth/swekey/swekey.php";
    Swekey_SetCheckServer($_SESSION['SWEKEY']['CONF_SERVER_CHECK']);
    Swekey_SetRndTokenServer($_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN']);
    Swekey_SetStatusServer($_SESSION['SWEKEY']['CONF_SERVER_STATUS']);
    Swekey_EnableTokenCache($_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE']);
    $caFile = $_SESSION['SWEKEY']['CONF_CA_FILE'];
    if (empty($caFile)) {
        $caFile = __FILE__;
        $pos = strrpos($caFile, '/');
        if ($pos === false) {
            $pos = strrpos($caFile, '\\');
            // windows
        }
        $caFile = substr($caFile, 0, $pos + 1) . 'musbe-ca.crt';
        //        echo "\n<!-- $caFile -->\n";
        //        if (file_exists($caFile))
        //            echo "<!-- exists -->\n";
    }
    if (file_exists($caFile)) {
        Swekey_SetCAFile($caFile);
    } elseif (!empty($caFile) && substr($_SESSION['SWEKEY']['CONF_SERVER_CHECK'], 0, 8) == "https://") {
        return "Internal Error: CA File {$caFile} not found";
    }
    $result = null;
    $swekey_id = $_GET['swekey_id'];
    $swekey_otp = $_GET['swekey_otp'];
    if (isset($swekey_id)) {
        unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
        if (!isset($_SESSION['SWEKEY']['RND_TOKEN'])) {
            unset($swekey_id);
        } else {
            if (strlen($swekey_id) == 32) {
                $res = Swekey_CheckOtp($swekey_id, $_SESSION['SWEKEY']['RND_TOKEN'], $swekey_otp);
                unset($_SESSION['SWEKEY']['RND_TOKEN']);
                if (!$res) {
                    $result = __('Hardware authentication failed') . ' (' . Swekey_GetLastError() . ')';
                } else {
                    $_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY'] = $swekey_id;
                    $_SESSION['SWEKEY']['FORCE_USER'] = $_SESSION['SWEKEY']['VALID_SWEKEYS'][$swekey_id];
                    return null;
                }
            } else {
                $result = __('No valid authentication key plugged');
                if ($_SESSION['SWEKEY']['CONF_DEBUG']) {
                    $result .= "<br/>" . htmlspecialchars($swekey_id);
                }
                unset($_SESSION['SWEKEY']['CONF_LOADED']);
                // reload the conf file
            }
        }
    } else {
        unset($_SESSION['SWEKEY']);
    }
    $_SESSION['SWEKEY']['RND_TOKEN'] = Swekey_GetFastRndToken();
    if (strlen($_SESSION['SWEKEY']['RND_TOKEN']) != 64) {
        $result = __('Hardware authentication failed') . ' (' . Swekey_GetLastError() . ')';
        unset($_SESSION['SWEKEY']['CONF_LOADED']);
        // reload the conf file
    }
    if (!isset($swekey_id)) {
        ?>
        <script>
        if (key.length != 32) {
            window.location.search="?swekey_id=" + key + "&token=<?php 
        echo $_SESSION[' PMA_token '];
        ?>
";
        } else {
            var url = "" + window.location;
            if (url.indexOf("?") > 0) {
                url = url.substr(0, url.indexOf("?"));
            }
            Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php 
        echo session_id();
        ?>
&token=<?php 
        echo $_SESSION[' PMA_token '];
        ?>
");
            var otp = Swekey_GetOtp(key, <?php 
        echo '"' . $_SESSION['SWEKEY']['RND_TOKEN'] . '"';
        ?>
);
            window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp + "&token=<?php 
        echo $_SESSION[' PMA_token '];
        ?>
";
        }
        </script>
        <?php 
        return __('Authenticating…');
    }
    return $result;
}
예제 #2
0
 public function IsSwekeyAuthenticated($swekey_id)
 {
     $config = $this->GetConfig();
     // delete the cookie
     @setcookie('swekey_dont_verify_' . $swekey_id, "0", time() - 60000);
     $session = $this->LoadSession();
     $ids = array();
     if (!empty($session)) {
         if (!empty($session['ids'])) {
             $ids = $session['ids'];
         }
     }
     if (is_array($ids) && in_array($swekey_id, $ids, true)) {
         if (!empty($config['allow_disabled'])) {
             @setcookie('swekey_disabled_id', 'none', 0, '/');
         }
         return true;
     }
     if (!empty($config['allow_disabled'])) {
         if (!empty($config['status_server'])) {
             Swekey_SetStatusServer($config['status_server']);
         }
         $status = Swekey_GetStatus($swekey_id);
         if ($status == SWEKEY_STATUS_INACTIVE || $status == SWEKEY_STATUS_LOST || $status == SWEKEY_STATUS_STOLEN) {
             @setcookie('swekey_disabled_id', $swekey_id, 0, '/');
             return true;
         }
     }
     return false;
 }