Permalink
Browse files

latest Swekey fixes

  • Loading branch information...
1 parent 737de47 commit 930ee57a1c440815291101f1db394e69e1125016 @lem9 lem9 committed Sep 6, 2008
@@ -54,7 +54,7 @@
// $cfg['Servers'][$i]['history'] = 'pma_history';
// $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords';
/* Contrib / Swekey authentication */
-// $cfg['Servers'][$i]['auth_swekey_config'] = './swekey.conf';
+// $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf';
/*
* End of servers configuration
@@ -1,12 +1,12 @@
# This is a typical file used to enable Swekey hardware authentication.
#
# To activate the Swekey authentication add the following line in your config.inc.php file.
-# $cfg['Servers'][$i]['auth_swekey_config'] = './swekey.conf';
-# Then rename this file "swekey.conf" and copy it next to your config.inc.php file.
+# $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf';
+# Then rename this file "swekey-pma.conf" and copy it in the /etc directory.
# Add all the Swekey ids you want to grant access to in the file.
# After each Swekey id put the corresponding user.
#
-# If you don't know the id of a Swekey just go on the http://auth-sample.musbe.com
+# If you don't know the id of a Swekey just go on the http://www.swekey.com?sel=support
# page while your Swekey is connected.
#
# If you need to purchase a Swekey please visit http://phpmyadmin.net/auth_key
@@ -17,8 +17,29 @@
000000000000000000000000000089E4:steve
0000000000000000000000000000231E:scott
-# You can also uncomment the following lines if you want to use custom authentication servers
+#
+# Include following lines if you want to use authentication servers in ssl mode.
+# Authentication is slower but more secure.
+#
+
+SERVER_CHECK=https://auth-check-ssl.musbe.net
+SERVER_RNDTOKEN=https://auth-rnd-gen-ssl.musbe.net
+SERVER_STATUS=https://auth-status-ssl.musbe.net
+
+
+
+#
+# In case of you want to use https servers you can set the path of the root certificate file
+#
+
+#CA_FILE=/var/http-root/phpmyadmin/libraries/auth/swekey/musbe-ca.crt
+
+#
+# If your sever receive lot of login requests, you can enable the random token caching to
+# accelerate the authentication process.
+# This is disabled by default because the cache file having full public access is vulnerable to
+# a deny of service attack.
+# You can enable it when your server is running in a secure environment.
+#
-#SERVER_CHECK=http://auth-check.musbe.net
-#SERVER_RNDTOKEN=http://auth-rnd-gen.musbe.net
-#SERVER_STATUS=http://auth-status.musbe.net
+#ENABLE_TOKEN_CACHE=1
@@ -221,32 +221,7 @@ function PMA_auth()
// use fieldset, don't show doc link
PMA_select_language(true, false);
}
-
- // BEGIN Swekey Integration
- $swekeyErr = Swekey_auth_error();
- if ($swekeyErr != null) {
- PMA_Message::error($swekeyErr)->display();
- if ($GLOBALS['error_handler']->hasDisplayErrors()) {
- echo '<div>';
- $GLOBALS['error_handler']->dispErrors();
- echo '</div>';
- }
- echo '</div>' . "\n";
- if (file_exists('./config.footer.inc.php')) {
- require './config.footer.inc.php';
- }
- echo '</body></html>';
- exit;
- }
-
- if (isset($_SESSION['PHP_AUTH_FORCE_USER'])) {
- $default_user = $_SESSION['PHP_AUTH_FORCE_USER'];
- $user_input_disabled = 'readonly="readonly"';
- } else {
- $user_input_disabled = '';
- }
- // END Swekey Integration
-
+
?>
<br />
<!-- Login form -->
@@ -268,7 +243,7 @@ function PMA_auth()
<?php } ?>
<div class="item">
<label for="input_username"><?php echo $GLOBALS['strLogUsername']; ?></label>
- <input type="text" name="pma_username" id="input_username" value="<?php echo htmlspecialchars($default_user); ?>" size="24" class="textfield" <?php echo $user_input_disabled; ?>/>
+ <input type="text" name="pma_username" id="input_username" value="" size="24" class="textfield"/>
</div>
<div class="item">
<label for="input_password"><?php echo $GLOBALS['strLogPassword']; ?></label>
@@ -296,7 +271,7 @@ function PMA_auth()
?>
</fieldset>
<fieldset class="tblFooters">
- <input value="<?php echo $GLOBALS['strGo']; ?>" type="submit" />
+ <input value="<?php echo $GLOBALS['strGo']; ?>" type="submit" id="input_go" />
<?php
$_form_params = array();
if (! empty($GLOBALS['target'])) {
@@ -314,7 +289,13 @@ function PMA_auth()
?>
</fieldset>
</form>
+
<?php
+
+ // BEGIN Swekey Integration
+ Swekey_login('input_username', 'input_go');
+ // END Swekey Integration
+
// show the "Cookies required" message only if cookies are disabled
// (we previously tried to set some cookies)
if (empty($_COOKIE)) {
@@ -1,52 +1,91 @@
-<?php
+<script>
-?>
- <embed type="application/fbauth-plugin" width=1 height=1 hidden="true" id="fbauth"><br>
- <script>
- var glob_SwekeyPlugin = document.embeds["fbauth"];
- var glob_ValidSwekeyId;
- var glob_ValidSwekeyOtp;
+ var g_SwekeyPlugin = null;
+
+ // -------------------------------------------------------------------
+ // Create the swekey plugin if it does not exists
+ function Swekey_Plugin()
+ {
+ try
+ {
+ if (g_SwekeyPlugin != null)
+ return g_SwekeyPlugin;
+
+ if (window.ActiveXObject)
+ {
+ g_SwekeyPlugin = new ActiveXObject("FbAuthAx.FbAuthCtl")
+ return g_SwekeyPlugin;
+ }
+
+ g_SwekeyPlugin = document.embeds["script_generated_swekey_plugin"];
+ if (g_SwekeyPlugin != null)
+ return g_SwekeyPlugin;
+
+ for (x = 0; x < navigator.plugins.length; x ++)
+ {
+ try
+ {
+ if (navigator.plugins[x][0].type == "application/fbauth-plugin")
+ {
+ var x = document.createElement('embed');
+ x.setAttribute('type', 'application/fbauth-plugin');
+ x.setAttribute('id', 'script_generated_swekey_plugin');
+ x.setAttribute('width', '0');
+ x.setAttribute('height', '0');
+ x.setAttribute('hidden', 'true');
+ document.body.appendChild(x);
+ g_SwekeyPlugin = document.embeds["script_generated_swekey_plugin"];
+ return g_SwekeyPlugin;
+ }
+ }
+ catch (e)
+ {
+ }
+ }
+ }
+ catch (e)
+ {
+// alert("Swekey_Plugin " + e);
+ g_SwekeyPlugin = null;
+ }
+ return null;
+ }
+
+ // -------------------------------------------------------------------
+ // Returns true if the swekey plugin is installed
+ function Swekey_Installed()
+ {
+ return (Swekey_Plugin() != null);
+ }
// -------------------------------------------------------------------
// List the id of the Swekey connected to the PC
// Returns a string containing comma separated Swekey Ids
- // A Swekey id is a 32 char hexadecimal value.
+ // A Swekey is a 32 char hexadecimal value.
function Swekey_ListKeyIds()
{
try
{
- if (window.ActiveXObject)
- {
- var x = new ActiveXObject("FbAuthAx.FbAuthCtl");
- return x.list();
- }
- else
- return glob_SwekeyPlugin.list();
+ return Swekey_Plugin().list();
}
catch (e)
{
-// alert("Swekey_ListKeyIds" + e);
+// alert("Swekey_ListKeyIds " + e);
}
return "";
}
-
+
// -------------------------------------------------------------------
// Ask the Connected Swekey to generate an OTP
- // fbid: The id of the connected Swekey (returne by Swekey_ListKeyIds())
+ // id: The id of the connected Swekey (returne by Swekey_ListKeyIds())
// rt: A random token
// return: The calculated OTP encoded in a 64 chars hexadecimal value.
- function Swekey_GetOtp(fbid, rt)
+ function Swekey_GetOtp(id, rt)
{
try
{
- if (window.ActiveXObject)
- {
- var x = new ActiveXObject("FbAuthAx.FbAuthCtl");
- return x.getotp(fbid, rt);
- }
- else
- return glob_SwekeyPlugin.getotp(fbid, rt);
+ return Swekey_Plugin().getotp(id, rt);
}
catch (e)
{
@@ -56,60 +95,19 @@ function Swekey_GetOtp(fbid, rt)
}
// -------------------------------------------------------------------
- // Set a unplug handler (url) to the specified connected swekey
- // fbid: The id of the connected Swekey (returne by Swekey_ListKeyIds())
+ // Set a unplug handler (url) to the specified connected feebee
+ // id: The id of the connected Swekey (returne by Swekey_ListKeyIds())
// key: The key that index that url, (aplhanumeric values only)
// url: The url that will be launched ("" deletes the url)
- function Swekey_SetUnplugUrl(fbid, key, url)
+ function Swekey_SetUnplugUrl(id, key, url)
{
try
{
- if (window.ActiveXObject)
- {
- var x = new ActiveXObject("FbAuthAx.FbAuthCtl");
- return x.setunplugurl(fbid, key, url);
- }
- else
- return glob_SwekeyPlugin.setunplugurl(fbid, key, url);
+ return Swekey_Plugin().setunplugurl(id, key, url);
}
catch (e)
{
// alert("Swekey_SetUnplugUrl " + e);
}
}
-
- // -------------------------------------------------------------------
- // Return a valid connected key id
- function Swekey_GetValidKey()
- {
- var valids = <?php echo '"'.$_SESSION['PHP_AUTH_VALID_SWEKEYS'].'"';?>;
- var connected_keys = Swekey_ListKeyIds().split(",");
- for (i in connected_keys)
- if (connected_keys[i] != null && connected_keys[i].length == 32)
- if (valids.indexOf(connected_keys[i]) >= 0)
- return connected_keys[i];
-
- return "none";
- }
-
- // -------------------------------------------------------------------
- // Return a valid connected key id
- function Swekey_GetOtpFromValidKey()
- {
- var key = Swekey_GetValidKey();
- if (key.length != 32)
- return "";
-
- var url = "" + window.location;
-
- if (url.indexOf("?") > 0)
- url = url.substr(0, url.indexOf("?"));
-
- if (url.lastIndexOf("/") > 0)
- url = url.substr(0, url.lastIndexOf("/"));
-
- Swekey_SetUnplugUrl(key, "pma_login", url + "/libraries/auth/swekey/unplugged.php?session_to_unset=<?php echo session_id();?>");
-
- return Swekey_GetOtp(key, <?php echo '"'.$_SESSION['PHP_AUTH_SWEKEY_RND_TOKEN'].'"';?>);
- }
- </script>
+</script>
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEKjCCAxKgAwIBAgIJAMjw7QcLWCd6MA0GCSqGSIb3DQEBBQUAMGsxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRQwEgYDVQQKEwtNdXNiZSwgSW5j
+LjESMBAGA1UEAxMJbXVzYmUuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQG11c2Jl
+LmNvbTAeFw0wODA5MDQxNDE2MTNaFw0zNzEyMjExNDE2MTNaMGsxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRQwEgYDVQQKEwtNdXNiZSwgSW5jLjES
+MBAGA1UEAxMJbXVzYmUuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQG11c2JlLmNv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOBhOljxVzQfK4gted2I
+d3BemcjW4abAUOzn3KYWXpPO5xIfVeXNDGkDbyH+X+7fo94sX25/ewuKNFDSOcvo
+tXHq7uQenTHB35r+a+LY81KceUHgW90a3XsqPAkwAjyYcgo3zmM2DtLvw+5Yod8T
+wAHk9m3qavnQ1uk99jBTwL7RZ9jIZHh9pFCL93uJc2obtd8O96Iycbn2q0w/AWbb
++eUVWIHzvLtfPvROeL3lJzr/Uz5LjKapxJ3qyqASflfHpnj9pU8l6g2TQ6Hg5KT5
+tLFkRe7uGhOfRtOQ/+NjaWrEuNCFnpyN4Q5Fv+5qA1Ip1IpH0200sWbAf/k2u0Qp
+Sx0CAwEAAaOB0DCBzTAdBgNVHQ4EFgQUczJrQ7hCvtsnzcqiDIZ/GSn/CiwwgZ0G
+A1UdIwSBlTCBkoAUczJrQ7hCvtsnzcqiDIZ/GSn/Ciyhb6RtMGsxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRQwEgYDVQQKEwtNdXNiZSwgSW5jLjES
+MBAGA1UEAxMJbXVzYmUuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQG11c2JlLmNv
+bYIJAMjw7QcLWCd6MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGxk
+8xzIljeBDQWWVRr0NEALVSv3i09V4jAKkyEOfmZ8lKMKJi0atwbtjrXTzLnNYj+Q
+pyUbyY/8ItWvV7pnVxMiF9qcer7e9X4vw358GZuMVE/da1nWxz+CwzTm5oO30RzA
+antM9bISFFr9lJq69bDWOnCUi1IG8DSL3TxtlABso7S4vqiZ+sB33l6k1K4a/Njb
+QkU9UejKhKkVVZTsOrumfnOJ4MCmPfX8Y/AY2o670y5HnzpxerIYziCVzApPVrW7
+sKH0tuVGturMfQOKgstYe4/m9glBTeTLMkjD+6MJC2ONBD7GAiOO95gNl5M1fzJQ
+FEe5CJ7DCYl0GdmLXXw=
+-----END CERTIFICATE-----
Oops, something went wrong.

0 comments on commit 930ee57

Please sign in to comment.