--- a/plugins/yubikey/auth.php Fri Aug 07 16:17:34 2009 -0400
+++ b/plugins/yubikey/auth.php Wed Aug 19 01:30:04 2009 -0400
@@ -7,6 +7,8 @@
$plugins->attachHook('login_process_userdata_json', 'return yubikey_auth_hook_json($userinfo, $req["level"], @$req["remember"]);');
// hook into special page init
$plugins->attachHook('session_started', 'yubikey_add_special_pages();');
+// session key security
+$plugins->attachHook('session_key_calc', 'yubikey_sk_calc($user_id, $key_pieces, $sk_mode);');
function yubikey_auth_hook_json(&$userdata, $level, $remember)
{
@@ -240,6 +242,20 @@
));
}
+function yubikey_sk_calc($user_id, &$key_pieces, &$sk_mode)
+{
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ // hash the user's yubikeys
+ $q = $db->sql_query('SELECT yubi_uid FROM ' . table_prefix . "yubikey WHERE user_id = $user_id;");
+ if ( !$q )
+ $db->_die();
+
+ while ( $row = $db->fetchrow() )
+ {
+ $key_pieces[] = $row['yubi_uid'];
+ }
+}
+
function page_Special_Yubikey()
{
global $db, $session, $paths, $template, $plugins; // Common objects