1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
<?php
// Autoload classes from ./inc which adhere to naming scheme <lowercasename>.inc.php
spl_autoload_register(function ($class) {
$file = 'inc/' . preg_replace('/[^a-z0-9]/', '', strtolower($class)) . '.inc.php';
if (!file_exists($file))
return;
require_once $file;
});
require_once 'config.php';
$action = Request::any('action');
//
// Even newer version - QR code based
//
if ($action === 'qrgen') {
// Generate new QR code
$token = Request::get('token');
if (strlen($token) !== 16) {
http_response_code(400);
die('Wrong token length');
}
Database::exec("DELETE FROM client_token WHERE dateline < UNIX_TIMESTAMP() - 300");
$ret = Database::exec("INSERT INTO client_token (username, token, dateline, qrtoken)
VALUES ('', '', UNIX_TIMESTAMP(), :token)", ['token' => $token], true);
if ($ret === false) {
http_response_code(400);
die('Token already in use');
}
$code = QRCode::getMinimumQRCode('https://' . CONFIG_FORCE_DOMAIN . '/?qr=' . $token, QR_ERROR_CORRECT_LEVEL_L);
Header('Content-Type: image/svg+xml; charset=utf-8');
$code->printSVG(16);
exit;
}
if ($action === 'qrpoll') {
$token = Request::get('token');
$ret = Database::queryFirst("SELECT username, token, dmsdsession FROM client_token WHERE qrtoken = :qrtoken LIMIT 1",
['qrtoken' => $token]);
if ($ret === false) {
http_response_code(404);
exit;
}
if ($ret['username'] === '') {
http_response_code(204);
exit;
}
// Successful, send reply to lightdm
$retval = $ret['username'] . "\n" . $ret['token'];
if (!empty($ret['dmsdsession'])) {
$retval .= "\n" . $ret['dmsdsession'];
}
die ($retval);
}
//
// New version - browser based
//
if ($action === 'browser') {
// Browser requesting a token
Header('Location: shib/client_auth.php?token=' . Request::any('token'));
exit;
}
if ($action === 'verify') {
// pam stack on client trying to verify
$row = Database::queryFirst("SELECT username FROM client_token WHERE token = :token AND dateline > UNIX_TIMESTAMP() - 300",
['token' => (string)Request::any('token')]);
Header('Content-Type: text/plain; charset=utf-8');
if ($row === false) {
die("ERROR=Invalid token");
}
Database::exec("DELETE FROM client_token WHERE token = :token LIMIT 1",
['token' => (string)Request::any('token')]);
die("USER={$row['username']}");
}
//
// Old way, ECP
//
Header('Content-Type: text/plain; charset=utf-8');
$res = Database::simpleQuery("SELECT suffix, authmethod FROM organization INNER JOIN organization_suffix USING(organizationid)");
while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
if (substr($row['authmethod'], 0, 5) === 'https') {
echo $row['suffix'], '=', $row['authmethod'], "\n";
}
}
|
