New Paste

 

Recent Pastes

Administrate




Pastebin on paste.luisaranguren.com

PasteID: 16d
Pasted by Anonymous, 2017-08-06 15:20:35 GMT
Expires Never
Paste size 6.43 Kb
Tools Raw   Download
 
  1. <?php 
  2. /** 
  3. * Roundcube-YubiKey-plugin 
  4. * This plugin enables YubiKey authentication within Roundcube webmail against  
  5. * the YubiKey web service API. 
  6. * @author Danny Fullerton <northox@mantor.org> 
  7. * @license GPL2 
  8. * Acknowledgement: This code is based on work done by Oliver Martin which was 
  9. * using patches from dirkm. 
  10. */ 
  11.  
  12. require_once('lib/Yubico.php'); 
  13.  
  14. class yubikey_authentication extends rcube_plugin 
  15.   private function is_enabled() 
  16.     $r = ($this->get('yubikey') === true); 
  17.     return $r; 
  18.    
  19.   private function is_required() 
  20.     $r = ($this->get('yubikey_required') == 'on'); 
  21.     return $r; 
  22.   
  23.   private function disallow_change() 
  24.     $r = false; 
  25.     if ($this->get('yubikey_disallow_user_changes') === true) {  
  26.       $r = ($this->is_required() && strlen($this->get('yubikey_id')) == 12); 
  27.      
  28.     return $r; 
  29.    
  30.   private function get($v) 
  31.     return rcmail::get_instance()->config->get($v); 
  32.   
  33.   // TODO add error message 
  34.   private function fail() 
  35.     rcmail::get_instance()->logout_actions(); 
  36.     rcmail::get_instance()->kill_session(); 
  37.   }  
  38.  
  39.   function init() 
  40.     $this->load_config(); 
  41.  
  42.     // minimal configuration validation 
  43.     $id = $this->get('yubikey_api_id'); 
  44.     $key = $this->get('yubikey_api_key'); 
  45.     if ($this->is_enabled() && (empty($id) || empty($key)))  
  46.       throw new Exception('yubikey_api_id and yubikey_api_key must be set'); 
  47.      
  48.     $this->add_texts('localization/', true); 
  49.  
  50.     $this->add_hook('preferences_list', array($this, 'preferences_list')); 
  51.     $this->add_hook('preferences_save', array($this, 'preferences_save')); 
  52.     $this->add_hook('template_object_loginform', array($this, 'update_login_form')); 
  53.     $this->add_hook('login_after', array($this, 'login_after')); 
  54.  
  55.   function update_login_form($p) 
  56.     if ($this->is_enabled()) 
  57.       $this->include_script('yubikey.js'); 
  58.  
  59.     return $p; 
  60.  
  61.   function login_after($args) 
  62.     if (!$this->is_enabled() || !$this->is_required()) return $args; 
  63.   
  64.     $otp = rcube_utils::get_input_value('_yubikey', rcube_utils::INPUT_POST); 
  65.     $id = $this->get('yubikey_id'); 
  66.     $id2 = $this->get('yubikey_id2'); 
  67.     $id3 = $this->get('yubikey_id3'); 
  68.     $url = $this->get('yubikey_api_url'); 
  69.     $https = true; 
  70.     if (!empty($url) && $_url = parse_url($url)) { 
  71.       if ($_url['scheme'] == "http") $https = false; 
  72.       $urlpart = $_url['host']; 
  73.       if (!empty($_url['port'])) $urlpart .= ':'.$_url['port']; 
  74.       $urlpart .= $_url['path']; 
  75.   
  76.     // make sure that there is a YubiKey ID in the user's prefs 
  77.     // and that it matches the first 12 characters of the OTP 
  78.  
  79.     if (empty($id) && empty($id2) && empty($id3)) 
  80.       $this->fail(); 
  81.     if (substr($otp, 0, 12) !== $id && substr($otp, 0, 12) !== $id2 && substr($otp, 0, 12) !== $id3 ) 
  82.       $this->fail(); 
  83.     else 
  84.       try 
  85.         $yubi = new Auth_Yubico( 
  86.           $this->get('yubikey_api_id'),  
  87.           $this->get('yubikey_api_key'),  
  88.           $https, 
  89.           true 
  90.         ); 
  91.          
  92.         if (!empty($urlpart)) $yubi->addURLpart($urlpart);        
  93.         $yubi->verify($otp); 
  94.       catch(Exception $e) 
  95.         $this->fail(); 
  96.  
  97.     return $args; 
  98.   
  99.   function preferences_list($args) 
  100.     if ($args['section'] != 'server' || !$this->is_enabled()) return $args; 
  101.      
  102.     $disabled = $this->disallow_change(); 
  103.   
  104.     // add checkbox to enable/disable YubiKey auth for the current user 
  105.     $chk_yubikey = new html_checkbox( 
  106.       array( 
  107.         'name'     => '_yubikey_required', 
  108.         'id'       => 'rcmfd_yubikey_required', 
  109.         'disabled' => $disabled 
  110.     ); 
  111.     $args['blocks']['main']['options']['yubikey_required'] = array( 
  112.       'title' => html::label( 
  113.         'rcmfd_yubikey_required',  
  114.         rcube::Q($this->gettext('yubikeyrequired')) 
  115.       ),  
  116.       'content' => $chk_yubikey->show(!$this->is_required()) // TODO this is weird 
  117.     ); 
  118.  
  119.     // add inputfield for the YubiKey id 
  120.     $input_yubikey_id = new html_inputfield( 
  121.       array( 
  122.         'name'     => '_yubikey_id',  
  123.         'id'       => 'rcmfd_yubikey_id',  
  124.         'size'     => 12, 
  125.         'disabled' => $disabled 
  126.     ); 
  127.     $args['blocks']['main']['options']['yubikey_id'] = array( 
  128.       'title' => html::label( 
  129.         'rcmfd_yubikey_id',  
  130.         rcube::Q($this->gettext('yubikeyid')) 
  131.       ), 
  132.       'content' => $input_yubikey_id->show($this->get('yubikey_id')) 
  133.     ); 
  134.  
  135.     // add inputfield for the YubiKey id2 
  136.     $input_yubikey_id2 = new html_inputfield( 
  137.       array( 
  138.         'name'     => '_yubikey_id2',  
  139.         'id'       => 'rcmfd_yubikey_id2',  
  140.         'size'     => 12, 
  141.         'disabled' => $disabled 
  142.     ); 
  143.     $args['blocks']['main']['options']['yubikey_id2'] = array( 
  144.       'title' => html::label( 
  145.         'rcmfd_yubikey_id2',  
  146.         rcube::Q($this->gettext('yubikeyid2')) 
  147.       ), 
  148.       'content' => $input_yubikey_id2->show($this->get('yubikey_id2')) 
  149.     ); 
  150.  
  151.         // add inputfield for the YubiKey id3 
  152.     $input_yubikey_id3 = new html_inputfield( 
  153.       array( 
  154.         'name'     => '_yubikey_id3',  
  155.         'id'       => 'rcmfd_yubikey_id3',  
  156.         'size'     => 12, 
  157.         'disabled' => $disabled 
  158.     ); 
  159.     $args['blocks']['main']['options']['yubikey_id3'] = array( 
  160.       'title' => html::label( 
  161.         'rcmfd_yubikey_id3',  
  162.         rcube::Q($this->gettext('yubikeyid3')) 
  163.       ), 
  164.       'content' => $input_yubikey_id3->show($this->get('yubikey_id3')) 
  165.     ); 
  166.   
  167.     return $args; 
  168.  
  169.   function preferences_save($args) 
  170.     if (!$this->is_enabled()) return $args; 
  171.      
  172.     if ($this->disallow_change()) 
  173.       // use values already saved earlier 
  174.       $args['prefs']['yubikey_required'] = true; 
  175.       $args['prefs']['yubikey_id']       = $this->get('yubikey_id'); 
  176.       $args['prefs']['yubikey_id2']       = $this->get('yubikey_id2'); 
  177.       $args['prefs']['yubikey_id3']       = $this->get('yubikey_id3'); 
  178.     else { 
  179.       // use newly posted values 
  180.       $args['prefs']['yubikey_required'] = isset($_POST['_yubikey_required']); 
  181.       $args['prefs']['yubikey_id']       = substr($_POST['_yubikey_id'], 0, 12); 
  182.       $args['prefs']['yubikey_id2']       = substr($_POST['_yubikey_id2'], 0, 12); 
  183.       $args['prefs']['yubikey_id3']       = substr($_POST['_yubikey_id3'], 0, 12); 
  184.      
  185.     return $args; 
  186. ?> 
  187.  
  188.  
 
 
 
 
Written by Xan Manning, 2010.