Mercurial Mercurial > repos > yubikey / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added session key salt support
authorDan
Wed, 19 Aug 2009 01:30:04 -0400
changeset 32 b00055a88867
parent 31 e931602f9f2f
child 33 1303cf9c594c
Added session key salt support
plugins/Yubikey.php file | annotate | diff | comparison | revisions
plugins/yubikey/auth.php file | annotate | diff | comparison | revisions
plugins/yubikey/usercp.php file | annotate | diff | comparison | revisions 
--- a/plugins/Yubikey.php	Fri Aug 07 16:17:34 2009 -0400
+++ b/plugins/Yubikey.php	Wed Aug 19 01:30:04 2009 -0400
@@ -138,6 +138,9 @@
       yubiucp: {
         panel_title: 'Yubikey settings',
         
+        msg_save_title: 'Yubikey preferences saved',
+        msg_save_body: 'Your preferences have been saved. You will be transferred back to the User CP momentarily.',
+        
         field_enable_title: 'Enable Yubikey support on my account:',
         field_enable_hint: 'Disabling support will remove any keys that are enrolled for your account.',
         field_enable: 'Enabled',
--- a/plugins/yubikey/auth.php	Fri Aug 07 16:17:34 2009 -0400
+++ b/plugins/yubikey/auth.php	Wed Aug 19 01:30:04 2009 -0400
@@ -7,6 +7,8 @@
 $plugins->attachHook('login_process_userdata_json', 'return yubikey_auth_hook_json($userinfo, $req["level"], @$req["remember"]);');
 // hook into special page init
 $plugins->attachHook('session_started', 'yubikey_add_special_pages();');
+// session key security
+$plugins->attachHook('session_key_calc', 'yubikey_sk_calc($user_id, $key_pieces, $sk_mode);');
 
 function yubikey_auth_hook_json(&$userdata, $level, $remember)
 {
@@ -240,6 +242,20 @@
     ));
 }
 
+function yubikey_sk_calc($user_id, &$key_pieces, &$sk_mode)
+{
+  global $db, $session, $paths, $template, $plugins; // Common objects
+  // hash the user's yubikeys
+  $q = $db->sql_query('SELECT yubi_uid FROM ' . table_prefix . "yubikey WHERE user_id = $user_id;");
+  if ( !$q )
+    $db->_die();
+  
+  while ( $row = $db->fetchrow() )
+  {
+    $key_pieces[] = $row['yubi_uid'];
+  }
+}
+
 function page_Special_Yubikey()
 {
   global $db, $session, $paths, $template, $plugins; // Common objects
--- a/plugins/yubikey/usercp.php	Fri Aug 07 16:17:34 2009 -0400
+++ b/plugins/yubikey/usercp.php	Wed Aug 19 01:30:04 2009 -0400
@@ -98,6 +98,19 @@
     $q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_yubikey_flags = $yubi_flags WHERE user_id = {$session->user_id};");
     if ( !$q )
       $db->_die();
+    
+    // regenerate session
+    $q = $db->sql_query('SELECT password FROM ' . table_prefix . "users WHERE user_id = {$session->user_id};");
+    if ( !$q )
+      $db->_die();
+    list($password_hmac) = $db->fetchrow_num();
+    
+    $session->register_session($session->user_id, $session->username, $password_hmac, USER_LEVEL_MEMBER, false);
+    $session->logout(USER_LEVEL_CHPREF);
+    
+    // redirect back to normal CP
+    @ob_end_clean();
+    redirect(makeUrlNS('Special', 'Preferences'), $lang->get('yubiucp_msg_save_title'), $lang->get('yubiucp_msg_save_body'), 3);
   }
   else
   {
Yubikey support