16 if ( !function_exists('yubikey_validate_otp') ) |
19 if ( !function_exists('yubikey_validate_otp') ) |
17 { |
20 { |
18 die_friendly($lang->get('yms_err_yubikey_plugin_missing_title'), '<p>' . $lang->get('yms_err_yubikey_plugin_missing_body') . '</p>'); |
21 die_friendly($lang->get('yms_err_yubikey_plugin_missing_title'), '<p>' . $lang->get('yms_err_yubikey_plugin_missing_body') . '</p>'); |
19 } |
22 } |
20 |
23 |
|
24 // Client switch allowed? |
|
25 if ( $session->user_level >= USER_LEVEL_ADMIN && getConfig('yms_claim_enable', 0) == 1 ) |
|
26 { |
|
27 $on_home = empty($_POST) && !$paths->getParam(0); |
|
28 |
|
29 // yes. |
|
30 $configkey = "yms_zeroeditsess_{$session->user_id}"; |
|
31 if ( getConfig($configkey, 0) == 1 && !isset($_GET['client_switch']) ) |
|
32 { |
|
33 // set to zero |
|
34 $yms_client_id = 0; |
|
35 } |
|
36 else if ( !getConfig($configkey) && isset($_GET['client_switch']) ) |
|
37 { |
|
38 // set to zero + update config |
|
39 $yms_client_id = 0; |
|
40 setConfig($configkey, 1); |
|
41 } |
|
42 else if ( getConfig($configkey) && isset($_GET['client_switch']) ) |
|
43 { |
|
44 // turning off |
|
45 setConfig($configkey, false); |
|
46 } |
|
47 |
|
48 // display a notice |
|
49 if ( $yms_client_id == 0 && $on_home ) |
|
50 { |
|
51 $output->add_after_header('<div class="info-box">' . $lang->get('yms_msg_editing_zero') . '</div>'); |
|
52 } |
|
53 } |
|
54 |
21 // Does the client exist? |
55 // Does the client exist? |
22 $q = $db->sql_query('SELECT 1 FROM ' . table_prefix . "yms_clients WHERE id = {$session->user_id};"); |
56 $q = $db->sql_query('SELECT 1 FROM ' . table_prefix . "yms_clients WHERE id = {$yms_client_id};"); |
23 if ( !$q ) |
57 if ( !$q ) |
24 $db->_die(); |
58 $db->_die(); |
25 |
59 |
26 $client_exists = $db->numrows(); |
60 $client_exists = $db->numrows(); |
27 $db->free_result(); |
61 $db->free_result(); |
28 if ( !$client_exists ) |
62 if ( !$client_exists && $yms_client_id > 0 ) |
29 { |
63 { |
30 redirect(makeUrlNS('Special', 'YMSCreateClient'), '', '', 0); |
64 redirect(makeUrlNS('Special', 'YMSCreateClient'), '', '', 0); |
31 } |
65 } |
32 |
66 |
33 // Check for a subpage request |
67 // Check for a subpage request |
55 { |
89 { |
56 $client_id = false; |
90 $client_id = false; |
57 $enabled = $_POST['state'] == 'active'; |
91 $enabled = $_POST['state'] == 'active'; |
58 $any_client = isset($_POST['any_client']); |
92 $any_client = isset($_POST['any_client']); |
59 $notes = $_POST['notes']; |
93 $notes = $_POST['notes']; |
|
94 |
|
95 // Release key? |
|
96 if ( $session->user_level >= USER_LEVEL_ADMIN && getConfig('yms_claim_enable', 0) == 1 && isset($_POST['allow_claim']) ) |
|
97 { |
|
98 $client_id = 0; |
|
99 // also allow anyone to validate OTPs from it and mark it as active |
|
100 $any_client = true; |
|
101 $enabled = true; |
|
102 } |
|
103 |
60 $result = yms_add_yubikey($_POST['add_aes'], $_POST['add_otp'], $client_id, $enabled, $any_client, $notes); |
104 $result = yms_add_yubikey($_POST['add_aes'], $_POST['add_otp'], $client_id, $enabled, $any_client, $notes); |
61 yms_send_response('yms_msg_addkey_success', $result); |
105 yms_send_response('yms_msg_addkey_success', $result); |
62 } |
106 } |
63 else if ( isset($_POST['claim_otp']) ) |
107 else if ( isset($_POST['claim_otp']) && getConfig('yms_claim_enable', 0) == 1 ) |
64 { |
108 { |
65 // do we need to validate a custom field? |
109 // do we need to validate a custom field? |
66 if ( ($url = getConfig('yms_claim_auth_url')) && getConfig('yms_claim_auth_field') && getConfig('yms_claim_auth_enable', 0) == 1 ) |
110 if ( ($url = getConfig('yms_claim_auth_url')) && getConfig('yms_claim_auth_field') && getConfig('yms_claim_auth_enable', 0) == 1 ) |
67 { |
111 { |
68 if ( ($result = yms_validate_custom_field($_POST['custom_field'], $_POST['claim_otp'], $url)) !== true ) |
112 if ( ($result = yms_validate_custom_field($_POST['custom_field'], $_POST['claim_otp'], $url)) !== true ) |
87 csrf_request_confirm(); |
131 csrf_request_confirm(); |
88 $id = intval($paths->getParam(1)); |
132 $id = intval($paths->getParam(1)); |
89 $result = yms_delete_key($id); |
133 $result = yms_delete_key($id); |
90 yms_send_response('yms_msg_delete_success', $result); |
134 yms_send_response('yms_msg_delete_success', $result); |
91 } |
135 } |
|
136 else if ( isset($_POST['update_counters']) ) |
|
137 { |
|
138 $yk_id = $_POST['update_counters']; |
|
139 $scount = $_POST['session_count']; |
|
140 $tcount = $_POST['token_count']; |
|
141 $any_client = isset($_POST['any_client']); |
|
142 $result = yms_update_counters($yk_id, $scount, $tcount, false, $any_client); |
|
143 yms_send_response('yms_msg_counter_update_success', $result); |
|
144 } |
92 |
145 |
93 if ( isset($_GET['toggle']) && isset($_GET['state']) ) |
146 if ( isset($_GET['toggle']) && isset($_GET['state']) ) |
94 { |
147 { |
95 $id = intval($_GET['toggle']); |
148 $id = intval($_GET['toggle']); |
96 if ( $_GET['state'] === 'active' ) |
149 if ( $_GET['state'] === 'active' ) |
97 $expr = 'flags | ' . YMS_ENABLED; |
150 $expr = 'flags | ' . YMS_ENABLED; |
98 else |
151 else |
99 $expr = 'flags & ~' . YMS_ENABLED; |
152 $expr = 'flags & ~' . YMS_ENABLED; |
100 |
153 |
101 $q = $db->sql_query('UPDATE ' . table_prefix . "yms_yubikeys SET flags = $expr WHERE id = $id AND client_id = {$session->user_id};"); |
154 $q = $db->sql_query('UPDATE ' . table_prefix . "yms_yubikeys SET flags = $expr WHERE id = $id AND client_id = {$yms_client_id};"); |
102 if ( !$q ) |
155 if ( !$q ) |
103 $db->die_json(); |
156 $db->die_json(); |
104 } |
157 } |
105 |
158 |
106 // Preload JS libraries we need for Yubikey |
159 // Preload JS libraries we need for Yubikey |
122 <div class="yms-buttons"> |
175 <div class="yms-buttons"> |
123 <a class="abutton abutton_green icon" style="background-image: url(<?php echo scriptPath; ?>/plugins/yms/icons/key_add.png);" |
176 <a class="abutton abutton_green icon" style="background-image: url(<?php echo scriptPath; ?>/plugins/yms/icons/key_add.png);" |
124 href="<?php echo makeUrlNS('Special', 'YMS/AddKey'); ?>" onclick="yms_showpage('AddKey'); return false;"> |
177 href="<?php echo makeUrlNS('Special', 'YMS/AddKey'); ?>" onclick="yms_showpage('AddKey'); return false;"> |
125 <?php echo $lang->get('yms_btn_add_key'); ?> |
178 <?php echo $lang->get('yms_btn_add_key'); ?> |
126 </a> |
179 </a> |
|
180 <?php if ( getConfig('yms_claim_enable', 0) == 1 && $yms_client_id > 0 ): ?> |
127 <a class="abutton abutton_blue icon" style="background-image: url(<?php echo scriptPath; ?>/plugins/yms/icons/key_add.png);" |
181 <a class="abutton abutton_blue icon" style="background-image: url(<?php echo scriptPath; ?>/plugins/yms/icons/key_add.png);" |
128 href="<?php echo makeUrlNS('Special', 'YMS/AddPreregisteredKey'); ?>" onclick="yms_showpage('AddPreregisteredKey'); return false;"> |
182 href="<?php echo makeUrlNS('Special', 'YMS/AddPreregisteredKey'); ?>" onclick="yms_showpage('AddPreregisteredKey'); return false;"> |
129 <?php echo $lang->get('yms_btn_add_key_preregistered'); ?> |
183 <?php echo $lang->get('yms_btn_add_key_preregistered'); ?> |
130 </a> |
184 </a> |
|
185 <?php endif; ?> |
131 </div> |
186 </div> |
132 <?php |
187 <?php |
133 |
188 |
134 // Pull all Yubikeys |
189 // Pull all Yubikeys |
135 $q = $db->sql_query('SELECT id, public_id, session_count, create_time, access_time, flags, notes FROM ' . table_prefix . "yms_yubikeys WHERE client_id = {$session->user_id} ORDER BY id ASC;"); |
190 $q = $db->sql_query('SELECT id, public_id, session_count, create_time, access_time, flags, notes FROM ' . table_prefix . "yms_yubikeys WHERE client_id = {$yms_client_id} ORDER BY id ASC;"); |
136 if ( !$q ) |
191 if ( !$q ) |
137 $db->_die(); |
192 $db->_die(); |
138 |
193 |
139 if ( $db->numrows() < 1 ) |
194 if ( $db->numrows() < 1 ) |
140 { |
195 { |
404 |
482 |
405 // Show the AES secret for a key |
483 // Show the AES secret for a key |
406 function page_Special_YMS_ShowAESKey() |
484 function page_Special_YMS_ShowAESKey() |
407 { |
485 { |
408 global $db, $session, $paths, $template, $plugins; // Common objects |
486 global $db, $session, $paths, $template, $plugins; // Common objects |
409 global $lang, $output; |
487 global $lang, $output, $yms_client_id; |
410 |
488 |
411 $output->add_after_header('<div class="breadcrumbs"> |
489 $output->add_after_header('<div class="breadcrumbs"> |
412 <a href="' . makeUrlNS('Special', 'YMS') . '">' . $lang->get('yms_specialpage_yms') . '</a> » |
490 <a href="' . makeUrlNS('Special', 'YMS') . '">' . $lang->get('yms_specialpage_yms') . '</a> » |
413 ' . $lang->get('yms_btn_show_aes') . ' |
491 ' . $lang->get('yms_btn_show_aes') . ' |
414 </div>'); |
492 </div>'); |
415 |
493 |
416 $id = intval($paths->getParam(1)); |
494 $id = intval($paths->getParam(1)); |
417 |
495 |
418 // verify ownership, retrieve key |
496 // verify ownership, retrieve key |
419 $q = $db->sql_query('SELECT client_id, public_id, aes_secret FROM ' . table_prefix . "yms_yubikeys WHERE id = $id;"); |
497 $q = $db->sql_query('SELECT client_id, public_id, aes_secret, session_count, token_count, flags FROM ' . table_prefix . "yms_yubikeys WHERE id = $id;"); |
420 if ( !$q ) |
498 if ( !$q ) |
421 $db->_die(); |
499 $db->_die(); |
422 |
500 |
423 if ( $db->numrows() < 1 ) |
501 if ( $db->numrows() < 1 ) |
424 { |
502 { |
425 die_friendly('no rows', '<p>key not found</p>'); |
503 die_friendly('no rows', '<p>key not found</p>'); |
426 } |
504 } |
427 |
505 |
428 list($client_id, $public_id, $secret) = $db->fetchrow_num(); |
506 list($client_id, $public_id, $secret, $scount, $tcount, $flags) = $db->fetchrow_num(); |
429 $db->free_result(); |
507 $db->free_result(); |
430 |
508 |
431 if ( $client_id !== $session->user_id ) |
509 if ( $client_id !== $yms_client_id ) |
432 die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>'); |
510 die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>'); |
|
511 |
|
512 $output->header(); |
|
513 ?> |
|
514 |
|
515 <h3><?php echo $lang->get('yms_showaes_heading_main'); ?></h3> |
|
516 |
|
517 <form action="<?php echo makeUrlNS('Special', 'YMS'); ?>" method="post"> |
|
518 <input type="hidden" name="update_counters" value="<?php echo $id; ?>" /> |
|
519 |
|
520 <div class="tblholder"> |
|
521 <table border="0" cellspacing="1" cellpadding="4"> |
|
522 <tr> |
|
523 <th colspan="2"> |
|
524 <?php echo $lang->get('yms_showaes_th', array('public_id' => yms_modhex_encode($public_id))); ?> |
|
525 </th> |
|
526 </tr> |
|
527 |
|
528 <!-- hex --> |
|
529 <tr> |
|
530 <td class="row2" style="width: 50%;"> |
|
531 <?php echo $lang->get('yms_showaes_lbl_hex'); ?> |
|
532 </td> |
|
533 <td class="row1"> |
|
534 <?php echo $secret; ?> |
|
535 </td> |
|
536 </tr> |
|
537 |
|
538 <!-- modhex --> |
|
539 <tr> |
|
540 <td class="row2"> |
|
541 <?php echo $lang->get('yms_showaes_lbl_modhex'); ?> |
|
542 </td> |
|
543 <td class="row1"> |
|
544 <?php echo yms_modhex_encode($secret); ?> |
|
545 </td> |
|
546 </tr> |
|
547 |
|
548 <!-- base64 --> |
|
549 <tr> |
|
550 <td class="row2"> |
|
551 <?php echo $lang->get('yms_showaes_lbl_base64'); ?> |
|
552 </td> |
|
553 <td class="row1"> |
|
554 <?php echo base64_encode(yms_tobinary($secret)); ?> |
|
555 </td> |
|
556 </tr> |
|
557 |
|
558 <!-- COUNTERS --> |
|
559 <tr> |
|
560 <th colspan="2"> |
|
561 <?php echo $lang->get('yms_showaes_th_counter'); ?> |
|
562 </th> |
|
563 </tr> |
|
564 |
|
565 <tr> |
|
566 <td class="row2"> |
|
567 <?php echo $lang->get('yms_showaes_field_session_count'); ?><br /> |
|
568 <small><?php echo $lang->get('yms_showaes_field_session_count_hint'); ?></small> |
|
569 </td> |
|
570 <td class="row1"> |
|
571 <input type="text" name="session_count" value="<?php echo $scount; ?>" size="5" /> |
|
572 </td> |
|
573 </tr> |
|
574 |
|
575 <tr> |
|
576 <td class="row2"> |
|
577 <?php echo $lang->get('yms_showaes_field_otp_count'); ?><br /> |
|
578 <small><?php echo $lang->get('yms_showaes_field_otp_count_hint'); ?></small> |
|
579 </td> |
|
580 <td class="row1"> |
|
581 <input type="text" name="token_count" value="<?php echo $tcount; ?>" size="5" /> |
|
582 </td> |
|
583 </tr> |
|
584 |
|
585 <!-- Any client --> |
|
586 <tr> |
|
587 <td class="row2"> |
|
588 <?php echo $lang->get('yms_lbl_addkey_field_any_client_name'); ?><br /> |
|
589 <small><?php echo $lang->get('yms_lbl_addkey_field_any_client_hint'); ?></small> |
|
590 </td> |
|
591 <td class="row1"> |
|
592 <label> |
|
593 <input type="checkbox" name="any_client" <?php if ( $flags & YMS_ANY_CLIENT ) echo 'checked="checked" '; ?>/> |
|
594 <?php echo $lang->get('yms_lbl_addkey_field_any_client'); ?> |
|
595 </label> |
|
596 </td> |
|
597 </tr> |
|
598 |
|
599 <tr> |
|
600 <th class="subhead" colspan="2"> |
|
601 <input type="submit" value="<?php echo $lang->get('etc_save_changes'); ?>" /> |
|
602 </td> |
|
603 </tr> |
|
604 |
|
605 </table> |
|
606 </div> |
|
607 |
|
608 </form> |
|
609 <?php |
|
610 $output->footer(); |
|
611 } |
|
612 |
|
613 // show the user's API key and client ID |
|
614 function page_Special_YMS_ShowClientInfo() |
|
615 { |
|
616 global $db, $session, $paths, $template, $plugins; // Common objects |
|
617 global $lang, $output, $yms_client_id; |
|
618 |
|
619 $output->add_after_header('<div class="breadcrumbs"> |
|
620 <a href="' . makeUrlNS('Special', 'YMS') . '">' . $lang->get('yms_specialpage_yms') . '</a> » |
|
621 ' . $lang->get('yms_btn_show_client_info') . ' |
|
622 </div>'); |
|
623 |
|
624 $q = $db->sql_query('SELECT apikey FROM ' . table_prefix . "yms_clients WHERE id = {$yms_client_id};"); |
|
625 if ( !$q ) |
|
626 $db->_die(); |
|
627 |
|
628 list($api_key) = $db->fetchrow_num(); |
|
629 $db->free_result(); |
|
630 |
|
631 $api_key = yms_tobinary($api_key); |
433 |
632 |
434 $output->header(); |
633 $output->header(); |
435 ?> |
634 ?> |
436 <div class="tblholder"> |
635 <div class="tblholder"> |
437 <table border="0" cellspacing="1" cellpadding="4"> |
636 <table border="0" cellspacing="1" cellpadding="4"> |
438 <tr> |
|
439 <th colspan="2"> |
|
440 <?php echo $lang->get('yms_showaes_th', array('public_id' => yms_modhex_encode($public_id))); ?> |
|
441 </th> |
|
442 </tr> |
|
443 |
|
444 <!-- hex --> |
|
445 <tr> |
|
446 <td class="row2" style="width: 50%;"> |
|
447 <?php echo $lang->get('yms_showaes_lbl_hex'); ?> |
|
448 </td> |
|
449 <td class="row1"> |
|
450 <?php echo $secret; ?> |
|
451 </td> |
|
452 </tr> |
|
453 |
|
454 <!-- modhex --> |
|
455 <tr> |
|
456 <td class="row2"> |
|
457 <?php echo $lang->get('yms_showaes_lbl_modhex'); ?> |
|
458 </td> |
|
459 <td class="row1"> |
|
460 <?php echo yms_modhex_encode($secret); ?> |
|
461 </td> |
|
462 </tr> |
|
463 |
|
464 <!-- base64 --> |
|
465 <tr> |
|
466 <td class="row2"> |
|
467 <?php echo $lang->get('yms_showaes_lbl_base64'); ?> |
|
468 </td> |
|
469 <td class="row1"> |
|
470 <?php echo base64_encode(yms_tobinary($secret)); ?> |
|
471 </td> |
|
472 </tr> |
|
473 |
|
474 </table> |
|
475 </div> |
|
476 <?php |
|
477 $output->footer(); |
|
478 } |
|
479 |
|
480 // show the user's API key and client ID |
|
481 function page_Special_YMS_ShowClientInfo() |
|
482 { |
|
483 global $db, $session, $paths, $template, $plugins; // Common objects |
|
484 global $lang, $output; |
|
485 |
|
486 $output->add_after_header('<div class="breadcrumbs"> |
|
487 <a href="' . makeUrlNS('Special', 'YMS') . '">' . $lang->get('yms_specialpage_yms') . '</a> » |
|
488 ' . $lang->get('yms_btn_show_client_info') . ' |
|
489 </div>'); |
|
490 |
|
491 $q = $db->sql_query('SELECT apikey FROM ' . table_prefix . "yms_clients WHERE id = {$session->user_id};"); |
|
492 if ( !$q ) |
|
493 $db->_die(); |
|
494 |
|
495 list($api_key) = $db->fetchrow_num(); |
|
496 $db->free_result(); |
|
497 |
|
498 $api_key = yms_tobinary($api_key); |
|
499 |
|
500 $output->header(); |
|
501 ?> |
|
502 <div class="tblholder"> |
|
503 <table border="0" cellspacing="1" cellpadding="4"> |
|
504 |
637 |
505 <tr> |
638 <tr> |
506 <th colspan="2"><?php echo $lang->get('yms_th_client_id'); ?></th> |
639 <th colspan="2"><?php echo $lang->get('yms_th_client_id'); ?></th> |
507 </tr> |
640 </tr> |
508 |
641 |
509 <tr> |
642 <tr> |
510 <td class="row2"><?php echo $lang->get('yms_lbl_client_id'); ?></td> |
643 <td class="row2"><?php echo $lang->get('yms_lbl_client_id'); ?></td> |
511 <td class="row1"><?php echo strval($session->user_id); ?></td> |
644 <td class="row1"><?php echo strval($yms_client_id); ?></td> |
512 </tr> |
645 </tr> |
513 |
646 |
514 <tr> |
647 <tr> |
515 <th colspan="2"><?php echo $lang->get('yms_th_api_key'); ?></th> |
648 <th colspan="2"><?php echo $lang->get('yms_th_api_key'); ?></th> |
516 </tr> |
649 </tr> |