File Coverage

blib/lib/Apache/AuthenSecurID/Auth.pm

Criterion	Covered	Total	%
statement	4	6	66.6
branch			n/a
condition			n/a
subroutine	2	2	100.0
pod			n/a
total	6	8	75.0

line

stmt

bran

cond

sub

pod

time

code

# $Id: Auth.pm,v 1.9 2002/07/31 16:44:14 Administrator Exp $

package Apache::AuthenSecurID::Auth;

656

use strict;

4992

use Apache;

use Apache::Registry;

use Apache::Constants qw(:common);

use IO::Socket::INET;

use Crypt::CBC;

use vars qw($VERSION);

$VERSION = '0.4';

sub handler {

my $r = shift;

# seed the random number generator

srand (time ^ $$ ^ unpack "%L*", `ps axww | gzip -f`);

#get params

my %params = ( $r->args, $r->content );

my $username = $params {'username'};

my $passcode = $params{'passcode'};

my $type = $params{'type'};

my $uri = $params{'a'};

# get ace_initd config directives

my $ace_initd_server = $r->dir_config("ace_initd_server") || "localhost";

my $ace_initd_port = $r->dir_config("ace_initd_port") || 1969;

# grab apache session cookie

my ( $session_id ) = ( ($r->header_in("Cookie") || "") =~

/Apache=([^;]+)/);

my $client = IO::Socket::INET->new ( PeerAddr => $ace_initd_server,

PeerPort => $ace_initd_port,

Proto => 'udp' );

my %ACE;

my $request;

my $message;

my $extra_input;

if ( ( ! $username && ! $passcode ) || ( $type ne "pin" && ! $passcode ) ||

( $passcode =~ /\:/ ) ) {

$message = qq{

Please enter your username and passcode

Your passcode is your 4 - 8 digit pin plus

6 digit SecurID code. If you do not have

a PIN yet just enter the 6 digit SecurID code.

};

$extra_input = qq{

Passcode :

};

} else {

if ( $type eq "pin" ) {

( $passcode, $message,$extra_input) = check_pin ( \%params ) ;

if ( $passcode ) {

($message,$extra_input) = Do_ACE($username,$passcode,$type,$session_id,$client,$r,\%params);

}

} else {

($message,$extra_input) = Do_ACE($username,$passcode,$type,$session_id,$client,$r,\%params);

}

my $head = qq{

97
98
99
100
101							SecurID Authorization
102
103
104
105
106
107
108
109							$message
110
111
112
113

114

115

116

117

118

119
120
121
122
123							Username :
124
125
126
127
128
129
130
131							$extra_input
132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

};

151

152

$r->content_type ('text/html');

153

$r->send_http_header;

154

$r->print ($head);

155

156

}

157

158

sub check_pin {

159

160

my ( $params ) = @_;

161

162

my $pin1 = $$params{'pin1'};

163

my $pin2 = $$params{'pin2'};

164

my $alphanumeric = $$params{'alphanumeric'};

165

my $min_pin_len = $$params{'min_pin_len'};

166

my $max_pin_len = $$params{'max_pin_len'};

167

my $uri = $$params{'a'};

168

my $message;

169

170

my $extra_info = qq{

171

172

173

174

175

PIN :

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

PIN ( Again ) :

193

194

195

196

197

198

199

200

};

201

202

if ( $pin1 != $pin2 ) {

203

$message = qq{

204

New Pin Required

205

Pins do not match!!

206

Please enter a $min_pin_len to $max_pin_len digit pin.

207

};

208

return ( 0, $message, $extra_info );

209

}

210

211

if ( $alphanumeric ) {

212

if ( $pin1 =~ /[^0-9a-zA-Z]/ ) {

213

$message = qq{

214

New Pin Required

215

Pin must be alphanumeric!!

216

Please enter a $min_pin_len to $max_pin_len digit pin.

217

};

218

return ( 0, $message, $extra_info );

219

}

220

} else {

221

if ( $pin1 =~ /[^0-9]/ ) {

222

$message = qq{

223

New Pin Required

224

Pin must be numeric!!

225

Please enter a $min_pin_len to $max_pin_len digit pin.

226

};

227

return ( 0, $message, $extra_info );

228

}

229

}

230

231

my $pin_length = length ( $pin1 );

232

233

if ( $pin_length < $min_pin_len || $pin_length > $max_pin_len ) {

234

$message = qq{

235

New Pin Required

236

Pin must be the correct length!!

237

Please enter a $min_pin_len to $max_pin_len digit pin.

238

};

239

return ( 0, $message, $extra_info );

240

}

241

242

return ( $pin1, 0, 0 );

243

244

}

245

246

sub Do_ACE {

247

248

my ( $username,$passcode,$type,$session_id,$client,$r,$params ) = @_;

249

250

$ENV{'VAR_ACE'} = "/opt/ace/data";

251

my $message;

252

my $extra_input;

253

my $result;

254

my %info;

255

my $ace;

256

my $mesg;

257

my $my_rand = rand();

258

my $return_rand;

259

260

my $crypt_key = $r->dir_config("AuthCryptKey");

261

my $crypt = new Crypt::CBC ( $crypt_key, "Blowfish" );

262

263

$mesg = $crypt->encrypt_hex ("$my_rand:$session_id:$type:$username:$passcode");

264

$client->send($mesg);

265

266

$client->recv($mesg, 1024);

267

$mesg = $crypt->decrypt_hex ( $mesg );

268

269

270

( $return_rand, $result, $info{system_pin}, $info{min_pin_len}, $info{max_pin_len},

271

$info{alphanumeric}, $info{user_selectable} )

272

= split /\:/, $mesg;

273

274

if ( $my_rand ne $return_rand ) {

275

$result = 100;

276

}

277

($message,$extra_input)=Ace_Result($result,\%info,$r,$crypt,$params,$username);

278

279

return ( $message, $extra_input );

280

281

}

282

283

sub Ace_Result {

284

285

my ( $result, $info, $r, $crypt, $params,$username ) = @_;

286

my $message;

287

my $extra_input;

288

my $uri = $$params{'a'};

289

my $time = time ();

290

291

if ( $result == 0 ) {

292

293

my $auth_cookie = $r->dir_config("AuthCookie") || "SecurID";

294

my $auth_user_cookie = $r->dir_config("AuthUserCookie") || "SecurID_User";

295

my $crypt_cookie = $crypt->encrypt_hex ( "$time:$username" );

296

$r->headers_out->add("Set-Cookie" => $auth_user_cookie . "=" .

297

$username . "; path=" . "/");

298

$r->headers_out->add("Set-Cookie" => $auth_cookie . "=" .

299

$crypt_cookie . "; path=" . "/");

300

301

$uri = $crypt->decrypt_hex ( $uri );

302

303

# success

304

$message = qq{

305

User Authenticated

306

311

If you do not have Java Script enabled

312

please click here to go to

313

the protected page.

314

Plase enter your username and passcode

315

Your passcode is your 4 - 8 digit pin plus

316

6 digit SecurID code. If you do not have

317

a PIN yet just enter the 6 digit SecurID code.

318

};

319

$extra_input = qq{

320

321

322

323

324

Passcode :

325

326

327

328

329

330

331

332

333

334

};

335

} elsif ( $result == 1 ) {

336

# failure

337

$message = qq{

338

User Authentication Failed

339

Plase enter your username and passcode

340

Your passcode is your 4 - 8 digit pin plus

341

6 digit SecurID code. If you do not have

342

a PIN yet just enter the 6 digit SecurID code.

343

};

344

$extra_input = qq{

345

346

347

348

349

Passcode :

350

351

352

353

354

355

356

357

358

359

};

360

} elsif ( $result == 100 ) {

361

# failure

362

$message = qq{

363

User Authentication Failed

364

The ACE server is either down or behaving

365

incorrectly. Please conact your system

366

administrator.

367

};

368

$extra_input = qq{

369

370

371

372

373

Passcode :

374

375

376

377

378

379

380

381

382

383

};

384

} elsif ( $result == 2 ) {

385

# next token code

386

$message = qq{

387

Next Token Required

388

Plase wait for you token to change and enter

389

the 6 digit SecurID token code.

390

};

391

$extra_input = qq{

392

393

394

395

396

Next Token Code :

397

398

399

400

401

402

403

404

405

406

};

407

} elsif ( $result == 5 ) {

408

# New PIN required.

409

if ( $$info{user_selectable} >= 1 ) {

410

$message = qq{

411

New Pin Required

412

Please enter a $$info{min_pin_len} to $$info{max_pin_len} digit pin.

413

};

414

$extra_input = qq{

415

416

417

418

419

PIN :

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

PIN ( Again ) :

437

438

439

440

441

442

443

444

};

445

446

} else {

447

$message = qq{

448

You have been assignes a new PIN.

449

Your PIN is: $$info{system_pin}

450

Please remember your PIN. Do not share it

451

with anyone else.

452

Please enter your username and passcode

453

Your passcode is your 4 - 8 digit pin plus

454

6 digit SecurID code.

455

};

456

$extra_input = qq{

457

458

459

460

461

Passcode :

462

463

464

465

466

467

468

469

470

471

};

472

}

473

} elsif ( $result == 6 ) {

474

$message = qq{

475

PIN Accepted

476

Please remember you PIN. Do not share it

477

with anyone else.

478

Please enter your username and passcode

479

Your passcode is your 4 - 8 digit pin plus

480

6 digit SecurID code.

481

};

482

$extra_input = qq{

483

484

485

486

487

Passcode :

488

489

490

491

492

493

494

495

496

497

};

498

499

} elsif ( $result == 7 ) {

500

$message = qq{

501

PIN Rejected

502

Please contact the system administrator.

503

Please enter your username and passcode

504

Your passcode is your 4 - 8 digit pin plus

505

6 digit SecurID code.

506

};

507

$extra_input = qq{

508

509

510

511

512

Passcode :

513

514

515

516

517

518

519

520

521

522

};

523

524

}

525

return ( $message, $extra_input );

526

}

527

528

529

530

531

__END__