Apache2-AuthenSecurID
view release on metacpan or search on metacpan
Auth/RCS/Auth.pm,v view on Meta::CPAN
date 2002.07.30.20.31.10; author Administrator; state Exp;
branches;
next 1.7;
1.7
date 2002.07.30.20.16.01; author Administrator; state Exp;
branches;
next 1.6;
1.6
date 2001.06.22.19.09.01; author root; state Exp;
branches;
next 1.5;
1.5
date 2001.06.22.18.15.02; author root; state Exp;
branches;
next 1.4;
1.4
date 2001.06.19.19.39.39; author root; state Exp;
branches;
next 1.3;
1.3
date 2001.06.19.19.05.36; author root; state Exp;
branches;
next 1.2;
1.2
date 2001.06.15.18.17.42; author root; state Exp;
branches;
next 1.1;
1.1
date 2001.06.15.17.57.04; author root; state Exp;
branches;
next ;
desc
@Created
@
1.10
log
@Ported to mod_perl2 and updated HTML.
@
text
@# $Id: Auth.pm,v 1.9 2002/07/31 16:44:14 Administrator Exp $
package Apache2::AuthenSecurID::Auth;
use strict;
use ModPerl::Registry;
use Apache2::porting;
use Apache2::Request;
use Apache2::Const qw(:common);
use IO::Socket::INET;
use Crypt::CBC;
use CGI qw(:standard);
use vars qw($VERSION);
$VERSION = '0.5';
sub handler {
my $r = shift;
my $req = Apache2::Request->new($r);
# seed the random number generator
srand( time ^ $$ ^ unpack "%L*", `ps axww | gzip -f` );
#get params
my $username = $req->param('username');
my $passcode = $req->param('passcode');
my $type = $req->param('type');
my $uri = $req->param('a');
# get ace_initd config directives
my $ace_initd_server = $r->dir_config("ace_initd_server") || "localhost";
my $ace_initd_port = $r->dir_config("ace_initd_port") || 1969;
# grab apache session cookie
my ($session_id) =
( ( $r->headers_in->{"Cookie"} || "" ) =~ /Apache=([^;]+)/ );
my $client = IO::Socket::INET->new(
PeerAddr => $ace_initd_server,
PeerPort => $ace_initd_port,
Proto => 'udp'
);
my %ACE;
my $request;
my $message;
my $extra_input;
if ( ( !$username && !$passcode )
|| ( $type ne "pin" && !$passcode )
|| ( $passcode =~ /\:/ ) )
{
$message = qq{
Please enter your username and passcode<br/>
Your passcode is your 4 - 8 digit pin plus<br/>
6 digit SecurID code. If you do not have<br/>
a PIN yet just enter the 6 digit SecurID code.
};
$extra_input = qq{
<label for="passcode">Passcode :</label>
<input type="password" name="passcode" id="passcode"/>
<input type="hidden" name="type" value="check"/>
<input type="hidden" name="a" value="$uri"/>
};
}
else {
if ( $type eq "pin" ) {
( $passcode, $message, $extra_input ) = check_pin( $r, $req );
if ($passcode) {
( $message, $extra_input ) =
Do_ACE( $username, $passcode, $type, $session_id, $client, $r, $req );
Auth/RCS/Auth.pm,v view on Meta::CPAN
<span style="font-weight: bold;">New Pin Required</span>
<p>
Pin must be alphanumeric!!
</p>
<p>
Please enter a $min_pin_len to $max_pin_len digit pin.
</p>
};
return ( 0, $message, $extra_info );
}
}
else {
if ( $pin1 =~ /[^0-9]/ ) {
$message = qq{
<span style="font-weight: bold;">New Pin Required</span>
<p>
Pin must be numeric!!
</p>
<p>
Please enter a $min_pin_len to $max_pin_len digit pin.
</p>
};
return ( 0, $message, $extra_info );
}
}
my $pin_length = length($pin1);
if ( $pin_length < $min_pin_len || $pin_length > $max_pin_len ) {
$message = qq{
<span style="font-weight: bold;">New Pin Required</span>
<p>
Pin must be the correct length!!
</p>
<p>
Please enter a $min_pin_len to $max_pin_len digit pin.
</p>
};
return ( 0, $message, $extra_info );
}
return ( $pin1, 0, 0 );
}
sub Do_ACE {
my ( $username, $passcode, $type, $session_id, $client, $r, $req ) = @@_;
$ENV{'VAR_ACE'} ||= "/opt/ace/data";
my $message;
my $extra_input;
my $result;
my %info;
my $ace;
my $mesg;
my $my_rand = rand();
my $return_rand;
my $crypt_key = $r->dir_config("AuthCryptKey");
my $crypt = new Crypt::CBC( $crypt_key, "Blowfish" );
$mesg =
$crypt->encrypt_hex("$my_rand:$session_id:$type:$username:$passcode");
$client->send($mesg);
$client->recv( $mesg, 1024 );
$mesg = $crypt->decrypt_hex($mesg);
(
$return_rand, $result, $info{system_pin}, $info{min_pin_len},
$info{max_pin_len}, $info{alphanumeric}, $info{user_selectable}
) = split /\:/, $mesg;
if ( $my_rand ne $return_rand ) {
$result = 100;
}
( $message, $extra_input ) =
Ace_Result( $result, \%info, $r, $crypt, $req, $username );
return ( $message, $extra_input );
}
sub Ace_Result {
my ( $result, $info, $r, $crypt, $req, $username ) = @@_;
my $message;
my $uri = $req->param('a');
my $extra_input = qq{
<label for="passcode">Passcode :</label>
<input type="password" name="passcode" id="passcode"/>
<input type="hidden" name="type" value="check"/>
<input type="hidden" name="a" value="$uri"/>
};
my $time = time();
if ( $result == 0 ) {
my $auth_cookie = $r->dir_config("AuthCookie") || "SecurID";
my $auth_user_cookie = $r->dir_config("AuthUserCookie")
|| "SecurID_User";
my $crypt_cookie = $crypt->encrypt_hex("$time:$username");
$r->headers_out->add( "Set-Cookie" => $auth_user_cookie . "="
. $username
. "; path="
. "/" );
$r->headers_out->add( "Set-Cookie" => $auth_cookie . "="
. $crypt_cookie
. "; path="
. "/" );
$uri = $crypt->decrypt_hex($uri);
# success
$message = qq{
<span style="font-weight: bold;">User Authenticated</span>
<script language="javascript">
window.location="$uri";
</script>
<!-- <p>
Auth/RCS/Auth.pm,v view on Meta::CPAN
It defaults to F<SecurID> if this variable is not set.
=item *
AuthUserCookie
The name of the of cookie that contains the value of the persons username
in plain text. This is checked against the contents of the encrypted cookie
to verify user. The cookie is set of other applications can identify
authorized users. It defaults to F<SecurID_User> if this variable is not set.
=item *
AuthCookiePath
The path of the of cookie to be set for the authentication token.
It defaults to F</> if this variable is not set.
=item *
AuthApacheCookie
The name of the mod_usertrack cookie. The mod_usertrack module must be
compile and enabled in order to track user sessions. This is set by the
CookieName directive in httpd.conf. It defaults to F<Apache> if this variable
is not set.
=item *
ace_initd_server
The name of the server running the ACE request daemon. This daemon is the
actual process that communicates with the ACE Server. If the user is in
NEXT TOKEN MODE due to repeated failures or SET PIN MODE the Authen::ACE
object must persist beyond the initial request. A request packet is
constructed with a random number, type of transaction, username, passcode
and session identifier. The request packet is then encrypted using Blowfish
and sent to the ACE request daemon. The ACE request daemon decrypts and
parses the packet. The request if forwarded to the ACE server and the
response is sent back to the handler. The random number originally sent is
returned to prevent attacks. It defaults to F<localhost> if this variable
is not set.
=item *
ace_initd_port
The port the that the Ace request daemon listens on. It defaults to F<1969>
if this variable is not set.
=head1 CONFIGURATION
The module should be loaded upon startup of the Apache daemon.
Add the following line to your httpd.conf:
PerlModule Apache2::AuthenSecurID::Auth
=head1 PREREQUISITES
For AuthenSecurID::Auth you need to enable the appropriate call-back hook
when making mod_perl:
perl Makefile.PL PERL_AUTHEN=1
AuthenSecurID::Auth requires Crypt::Blowfish and Crypt::CBC.
For AuthenSecurID::Auth to properly track users mod_usertrack must be
compiled and enabled.
=head1 SEE ALSO
L<Apache>, L<mod_perl>, L<Authen::ACE> L<Apache2::AuthenSecurID::Auth>
=head1 AUTHORS
=item *
mod_perl by Doug MacEachern <dougm@@osf.org>
=item *
Authen::ACE by Dave Carrigan <Dave.Carrigan@@iplenergy.com>
=item *
Apache::AuthenSecurID by David Berk <dberk@@lump.org>
=item *
Apache::AuthenSecurID::Auth by David Berk <dberk@@lump.org>
=item *
port to mod_perl2 and cleanups by Al Tobey <tobert@@gmail.com>
=head1 COPYRIGHT
The Apache2::AuthenSecurID::Auth module is free software; you can redistribute
it and/or modify it under the same terms as Perl itself.
=cut
@
1.9
log
@*** empty log message ***
@
text
@d1 1
a1 1
# $Id: Auth.pm,v 1.8 2002/07/30 20:31:10 Administrator Exp $
d3 1
a3 1
package Apache::AuthenSecurID::Auth;
d6 4
a9 3
use Apache;
use Apache::Registry;
use Apache::Constants qw(:common);
d12 1
d15 1
a15 2
$VERSION = '0.4';
d18 2
d21 2
a22 1
Auth/RCS/Auth.pm,v view on Meta::CPAN
if ( $pin1 != $pin2 ) {
$message = qq{
<b>New Pin Required</b><p>
Pins do not match!!<p>
Please enter a $min_pin_len to $max_pin_len digit pin.
};
return ( 0, $message, $extra_info );
}
if ( $alphanumeric ) {
if ( $pin1 =~ /[^0-9a-zA-Z]/ ) {
$message = qq{
<b>New Pin Required</b><p>
Pin must be alphanumeric!!<p>
Please enter a $min_pin_len to $max_pin_len digit pin.
};
return ( 0, $message, $extra_info );
}
} else {
if ( $pin1 =~ /[^0-9]/ ) {
$message = qq{
<b>New Pin Required</b><p>
Pin must be numeric!!<p>
Please enter a $min_pin_len to $max_pin_len digit pin.
};
return ( 0, $message, $extra_info );
}
}
d194 12
a205 1
my $pin_length = length ( $pin1 );
d207 1
a207 8
if ( $pin_length < $min_pin_len || $pin_length > $max_pin_len ) {
$message = qq{
<b>New Pin Required</b><p>
Pin must be the correct length!!<p>
Please enter a $min_pin_len to $max_pin_len digit pin.
};
return ( 0, $message, $extra_info );
}
a208 2
return ( $pin1, 0, 0 );
d213 1
a213 1
my ( $username,$passcode,$type,$session_id,$client,$r,$params ) = @@_;
d215 30
a244 28
$ENV{'VAR_ACE'} = "/opt/ace/data";
my $message;
my $extra_input;
my $result;
my %info;
my $ace;
my $mesg;
my $my_rand = rand();
my $return_rand;
my $crypt_key = $r->dir_config("AuthCryptKey");
my $crypt = new Crypt::CBC ( $crypt_key, "Blowfish" );
$mesg = $crypt->encrypt_hex ("$my_rand:$session_id:$type:$username:$passcode");
$client->send($mesg);
$client->recv($mesg, 1024);
$mesg = $crypt->decrypt_hex ( $mesg );
( $return_rand, $result, $info{system_pin}, $info{min_pin_len}, $info{max_pin_len},
$info{alphanumeric}, $info{user_selectable} )
= split /\:/, $mesg;
if ( $my_rand ne $return_rand ) {
$result = 100;
}
($message,$extra_input)=Ace_Result($result,\%info,$r,$crypt,$params,$username);
d246 1
a246 1
return ( $message, $extra_input );
d252 107
a358 238
my ( $result, $info, $r, $crypt, $params,$username ) = @@_;
my $message;
my $extra_input;
my $uri = $$params{'a'};
my $time = time ();
if ( $result == 0 ) {
my $auth_cookie = $r->dir_config("AuthCookie") || "SecurID";
my $auth_user_cookie = $r->dir_config("AuthUserCookie") || "SecurID_User";
my $crypt_cookie = $crypt->encrypt_hex ( "$time:$username" );
$r->headers_out->add("Set-Cookie" => $auth_user_cookie . "=" .
$username . "; path=" . "/");
$r->headers_out->add("Set-Cookie" => $auth_cookie . "=" .
$crypt_cookie . "; path=" . "/");
$uri = $crypt->decrypt_hex ( $uri );
# success
$message = qq{
<b>User Authenticated</b><p>
<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
window.location="$uri";
// End -->
</script>
If you do not have Java Script enabled<br>
please click <a href="$uri">here</a> to go to<br>
the protected page.<p>
Plase enter your username and passcode<br>
Your passcode is your 4 - 8 digit pin plus<br>
6 digit SecurID code. If you do not have<br>
a PIN yet just enter the 6 digit SecurID code.
};
$extra_input = qq{
<tr>
<td>
<font color=000000 face="Arial, Helvetica, sans-serif">
<b>
Auth/RCS/Auth.pm,v view on Meta::CPAN
1.2
log
@convert to Apache::Registry
@
text
@d6 1
a6 1
use Apache::Registery;
d18 1
d22 11
a32 9
my $username = %params {'username'};
my $passcode = %params{'passcode'};
my $type = %params{'type'};
my $session_id = $query->cookie(-name=>'Apache');
my $client = IO::Socket::INET->new ( PeerAddr => 'srent02.local.nyc01.cbsig.net',
PeerPort => 1969,
Proto => 'udp' )
a37 2
$r->content_type ('text/html');
$r->send_http_header;
d62 1
d68 1
a68 1
( $passcode, $message,$extra_input) = check_pin ( $query ) ;
d70 1
a70 1
($message,$extra_input) = Do_ACE($username,$passcode,$type,$session_id,$client);
d73 1
a73 1
($message,$extra_input) = Do_ACE($username,$passcode,$type,$session_id,$client);
d80 1
a80 1
my $head = qq{
d97 1
a97 1
SecurID Initalization
d148 3
a150 1
$r->print $head;
d156 1
a156 1
my ( $query ) = @@_;
d158 7
a164 5
my $pin1 = $query->param('pin1');
my $pin2 = $query->param('pin2');
my $alphanumeric = $query->param('alphanumeric');
my $min_pin_len = $query->param('min_pin_len');
my $max_pin_len = $query->param('max_pin_len');
d181 1
d244 1
a244 1
my ( $username, $passcode, $type, $session_id, $client ) = @@_;
d255 2
a256 1
my $crypt = new Crypt::CBC ( "this is the key", "Blowfish" );
d272 3
a274 2
($message,$extra_input) = Ace_Result ( $result, \%info );
d282 4
a285 1
my ( $result, $info ) = @@_;
d288 8
d299 5
d321 1
d346 1
d370 1
d393 1
d416 1
d458 1
d484 1
d509 1
@
1.1
log
@Initial revision
@
text
@a0 1
#!/usr/local/bin/perl
d2 6
a7 1
use CGI;
d10 4
a13 1
use strict;
d15 1
d17 2
a18 2
my $query = new CGI;
srand (time ^ $$ ^ unpack "%L*", `ps axww | gzip -f`);
d20 4
a23 3
my $username = $query->param('username');
my $passcode = $query->param('passcode');
my $type = $query->param('type');
d25 1
a25 1
my $session_id = $query->cookie(-name=>'Apache');
d27 1
a27 1
my $client = IO::Socket::INET->new ( PeerAddr => 'srent02.local.nyc01.cbsig.net',
d30 1
a30 1
or die "Couldn't be a tcp server on port 1969: $!\n";
d32 2
a33 2
my %ACE;
my $request;
d35 2
a36 2
print $query->header;
( run in 0.510 second using v1.01-cache-2.11-cpan-df04353d9ac )