—

              
#!/usr/local/bin/perl
# $Id: ace_initd,v 1.4 2001/06/22 19:08:46 root Exp $
use Authen::ACE;
use IO::Socket::INET;
use Sys::Syslog;
use Crypt::CBC;
use Config::General;
my $conf = new Config::General("/etc/ace_initd.conf");
my %config = $conf->getall;
$ENV{'VAR_ACE'} = $config{'VAR_ACE'};
my $port = $config{'port'} || 1969;
my $syslog = $config{'syslog'} || "local2";
my $secret = $config{'AuthCryptKey'} || "secret";
my $crypt = new Crypt::CBC ( $secret, "Blowfish" );
my $server = IO::Socket::INET->new ( LocalPort       =>   $port,
                                        Proto           =>   'udp' )
    or die "Couldn't be a tcp server on port $port: $!\n";
openlog ( 'ace_initd', 'nowait', $syslog );
my %ACE;
my $mesg;
my $result;
my $request;
my $info;
my $pid;
my $rand;
while ( $server->recv($mesg, 1024) ) {
   $mesg = $crypt->decrypt_hex ( $mesg );
   my ( $rand, $request, $type, $username, $passcode ) = split /\:/, $mesg;
      eval {
        if ( ! $ACE{$request} ) {
           $ACE{$request} = new Authen::ACE;
        }
        if ( $type eq "check" ) {
           ($result,$info) = $ACE{$request}->Check($passcode,$username);
        }
        if ( $type eq "next" ) {
           ($result,$info) = $ACE{$request}->Next($passcode);
        }
        if ( $type eq "pin" ) {
           ($result,$info) = $ACE{$request}->PIN($passcode);
        }
        if ( $result != 5 && $result != 2 ) {
           delete $ACE{$request};
        } 
      };
   if ( $@ ) {
        $result = 1;       
        syslog ( 'err', '$type $username $result via exception');
   }
   syslog ( 'info', '$type $username $result:$$info{system_pin}:$$info{min_pin_len}:$$info{max_pin_len}:$$info{alphanumeric}:$$info{user_selectable}');
        if ( $result ) {
                $mesg = "$rand:$result:$$info{system_pin}:$$info{min_pin_len}:$$info{max_pin_len}:$$info{alphanumeric}:$$info{user_selectable}";
        } else {
                $mesg = "$rand:$result:::::";
        }
   $mesg = $crypt->encrypt_hex ( $mesg );
   $server->send ($mesg);
}
__END__
HideShow 92 lines of Pod
=head1 NAME
ace_initd -  ACE Authentication daemon for Apache::AuthenSecurID::Auth 
=head1 SYNOPSIS
 # Configuration in /etc/ace_initd.conf   
 VAR_ACE /the/ace/data/directory
 port 1969 
 AuthCryptKey Encryption_Key
 syslog local2
=head1 DESCRIPTION
This daemon handles the ACE authentication requests for the 
Apache::SecurID::Auth module.  It is a single threaded, single
fork server that listens on a specified UDP port.  Incoming requests
are decrypted and requests forwarded to the ACE server.  If a specific
request is in either in NEXT TOKEN MODE or SET PIN MODE the Authen::ACE
object is not deleted.  It is instead kept in memory to handle those
specific requests later.
=head1 LIST OF TOKENS
=item *
VAR_ACE
Specifies the location of the F<sdconf.rec> file.  It defaults to 
F</opt/ace/data> if this variable is not set.
=item *
AuthCryptKey
The Blowfish key used to encrypt and decrypt the authentication cookie. 
It defaults to F<my secret> if this variable is not set.
=item *
ace_initd_port
The port the that the Ace request daemon listens on.  It defaults to F<1969> 
if this variable is not set.
=item *
syslog
The syslog facility ace_initd logs to.  It defaults to F<local2> 
if this variable is not set.
=head1 CONFIGURATION
Either run from the command line;
prompt$ nohup ./ace_initd &
or write the appropriate scripts in the /etc/rc directories.
=head1 PREREQUISITES
ace_initd requires Crypt::Blowfish, Crypt::CBC and Authen::ACE.
=head1 SEE ALSO
L<Authen::ACE> L<Apache::AuthenSecurID> L<Apache::AuthenSecurID::Auth>
=head1 AUTHORS
=item *
mod_perl by Doug MacEachern <dougm@osf.org>
=item *
Authen::ACE by Dave Carrigan <Dave.Carrigan@iplenergy.com>
=item *
Apache::AuthenSecurID by David Berk <dberk@lump.org>
=item *
Apache::AuthenSecurID::Auth by David Berk <dberk@lump.org>
=head1 COPYRIGHT
ace_initd is free software; you can redistribute it and/or modify 
it under the same terms as Perl itself.
=cut