-
Notifications
You must be signed in to change notification settings - Fork 1
/
linotp.php
106 lines (87 loc) · 2.79 KB
/
linotp.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<?php
class linotp extends rcube_plugin
{
// registered tasks for this plugin.
public $task = 'login|logout';
// Dynalogin server and port
private $linotp_server;
private $linotp_port;
private $linotp_emergencypw;
function init()
{
$rcmail = rcmail::get_instance();
// check whether the "global_config" plugin is available,
// otherwise load the config manually.
$plugins = $rcmail->config->get('plugins');
$plugins = array_flip($plugins);
if (!isset($plugins['global_config'])) {
$this->load_config();
}
// load plugin configuration.
$this->linotp_server = $rcmail->config->get('linotp_server', 'localhost');
$this->linotp_port = $rcmail->config->get('linotp_port', 443);
$this->linotp_emergencypw = $rcmail->config->get('linotp_emergencypw', '');
// login form modification hook.
$this->add_hook('template_object_loginform', array($this,'linotp_loginform'));
// register hooks.
$this->add_hook('authenticate', array($this, 'authenticate'));
}
function linotp_loginform($content)
{
// load localizations.
$this->add_texts('localization', true);
// import javascript client code.
$this->include_script('linotp.js');
return $content;
}
function authenticate($args)
{
$this->authenticate_args = $args;
$user = $args['user'];
$pass = $args['pass'];
$code = get_input_value('_code', RCUBE_INPUT_POST);
if (!self::linotp_auth($user, $pass, $code, $this->linotp_server, $this->linotp_port, $this->linotp_emergencypw))
{
write_log('errors', 'linotp: OTP verfication failed');
$args['abort'] = true;
}
return $args;
}
function linotp_auth($user, $pass, $code, $server, $port, $emergencypw)
{
$sock = fsockopen("ssl://".$server, $port, $errno, $errstr, 30);
if (!$sock) {
write_log('errors',"Network error: $errstr ($errno)");
if ($code == $emergencypw){
write_log('errors',"Allow user $user due to emergency password");
return 1;
}
write_log('errors',"Disallow user $user due to network error");
return 0;
}
$data = "user=" . urlencode(strtolower($user)) . "&pass=" . urlencode($pass.$code);
$request = "POST /validate/check HTTPS/1.1\r\n";
$request .= "Host: ".$server."\r\n";
$request .= "Content-type: application/x-www-form-urlencoded\r\n";
$request .= "Content-length: " . strlen($data) . "\r\n";
$request .= "Connection: close\r\n\r\n";
fputs($sock, $request);
fputs($sock, $data);
$headers = "";
while ($str = trim(fgets($sock, 4096)))
$headers .= "$str\n";
$body = "";
while (!feof($sock))
$body .= fgets($sock, 4096);
fclose($sock);
$pos = strpos ( $body , "\"value\": true");
if (!$pos) {
write_log('errors', $user." not authorized");
return 0;
}
if ($pos > 0){
return 1;
}
return 0;
}
}