head 1.5;
access;
symbols;
locks;
comment @# @;
1.5
date 2007.12.08.03.27.01; author atobey; state Exp;
branches;
next 1.4;
1.4
date 2001.06.22.19.08.46; author root; state Exp;
branches;
next 1.3;
1.3
date 2001.06.19.17.15.33; author root; state Exp;
branches;
next 1.2;
1.2
date 2001.06.19.17.13.44; author root; state Exp;
branches;
next 1.1;
1.1
date 2001.06.15.18.45.54; author root; state Exp;
branches;
next ;
desc
@Created
@
1.5
log
@Removed Config::General and switched to command-line configuration.
Added --daemon option to automatically background the process.
Added some other options.
@
text
@#!/opt/ActivePerl-5.8/bin/perl
# $Id: ace_initd,v 1.4 2001/06/22 19:08:46 root Exp $
use Authen::ACE;
use IO::Socket::INET;
use Sys::Syslog;
use Crypt::CBC;
use Getopt::Long;
our( $port, $facility, $secret, $listen, $var_ace, $daemon, $pidfile );
GetOptions(
"port=i" => \$port, "p=i" => \$port,
"facility=s" => \$facility, "f=s" => \$facility,
"secret=s" => \$secret, "s=s" => \$secret,
"listen=s" => \$listen, "l=s" => \$listen,
"var_ace=s" => \$var_ace, "a=s" => \$var_ace,
"daemon" => \$daemon, "d" => \$daemon,
"pidfile=s" => \$pidfile, "p=s" => \$pidfile
);
# make the secret not visible in 'ps' output
if ( $secret ) {
my $newname = $0;
$newname =~ s/$secret/###########/g;
$0 = $newname;
}
# background the program if --daemon/-d is specified
if ( $daemon ) {
my $pid = fork();
if ( $pid ) {
exit 0;
}
else {
eval {
require POSIX;
POSIX::setsid();
};
}
}
$var_ace ||= $ENV{VAR_ACE};
$ENV{'VAR_ACE'} ||= $var_ace;
$facility ||= 'local2';
$port ||= 1969;
$secret ||= 'secret';
$listen ||= '127.0.0.1';
write_pidfile( $pidfile );
my $crypt = new Crypt::CBC ( $secret, "Blowfish" );
# maybe make UNIX socket an option?
my $server = IO::Socket::INET->new(
LocalPort => $port,
Proto => 'udp',
LocalAddr => $listen
) or die "Couldn't be a tcp server on port $port: $!\n";
openlog ( 'ace_initd', 'nowait', $facility );
my %ACE;
my $mesg;
my $result;
my $request;
my $info;
my $rand;
while ( $server->recv($mesg, 1024) ) {
$mesg = $crypt->decrypt_hex ( $mesg );
my ( $rand, $request, $type, $username, $passcode ) = split /\:/, $mesg;
eval {
if ( ! $ACE{$request} ) {
$ACE{$request} = new Authen::ACE;
}
if ( $type eq "check" ) {
($result,$info) = $ACE{$request}->Check($passcode,$username);
}
if ( $type eq "next" ) {
($result,$info) = $ACE{$request}->Next($passcode);
}
if ( $type eq "pin" ) {
($result,$info) = $ACE{$request}->PIN($passcode);
}
if ( $result != 5 && $result != 2 ) {
delete $ACE{$request};
}
};
if ( $@@ ) {
$result = 1;
syslog ( 'err', "$type $username $result via exception");
}
syslog ( 'info', "$type $username $result" );
if ( $result ) {
$mesg = "$rand:$result:$$info{system_pin}:$$info{min_pin_len}:$$info{max_pin_len}:$$info{alphanumeric}:$$info{user_selectable}";
} else {
$mesg = "$rand:$result:::::";
}
$mesg = $crypt->encrypt_hex ( $mesg );
$server->send ($mesg);
}
sub write_pidfile {
my $file = shift;
return unless $file;
open( PID, "> $file" )
|| die "could not open pidfile \"$pidfile\" for writing: $!";
print PID $$;
close PID;
}
__END__
=head1 NAME
ace_initd - ACE Authentication daemon for Apache::AuthenSecurID::Auth
=head1 SYNOPSIS
nohup ./ace_initd --listen=127.0.0.1 --facility=local2 --secret=123456 --port=1969 --var_ace=/var/ace
=head1 DESCRIPTION
This daemon handles the ACE authentication requests for the
Apache::SecurID::Auth module. It is a single threaded, single
fork server that listens on a specified UDP port. Incoming requests
are decrypted and requests forwarded to the ACE server. If a specific
request is in either in NEXT TOKEN MODE or SET PIN MODE the Authen::ACE
object is not deleted. It is instead kept in memory to handle those
specific requests later.
=head1 LIST OF TOKENS
=item *
--var_ace
Specifies the location of the F<sdconf.rec> file. It defaults to
F<$ENV{VAR_ACE}> if this variable is not set.
=item *
--secret
The Blowfish key used to encrypt and decrypt the authentication cookie.
It defaults to F<my secret> if this variable is not set.
=item *
--port
The port the that the Ace request daemon listens on. It defaults to F<1969>
if this variable is not set.
=item *
--facility
The syslog facility ace_initd logs to. It defaults to F<local2>
if this variable is not set.
=item *
--daemon
Break off from the shell and become a daemon.
=head1 CONFIGURATION
Either run from the command line;
prompt$ nohup ./ace_initd &
or write the appropriate scripts in the /etc/rc directories.
=head1 PREREQUISITES
ace_initd requires Crypt::Blowfish, Crypt::CBC and Authen::ACE.
=head1 SEE ALSO
L<Authen::ACE> L<Apache::AuthenSecurID> L<Apache::AuthenSecurID::Auth>
=head1 AUTHORS
=item *
mod_perl by Doug MacEachern <dougm@@osf.org>
=item *
Authen::ACE by Dave Carrigan <Dave.Carrigan@@iplenergy.com>
=item *
Apache::AuthenSecurID by David Berk <dberk@@lump.org>
=item *
Apache::AuthenSecurID::Auth by David Berk <dberk@@lump.org>
=item *
Various changes by Al Tobey <tobert@@gmail.com>
=head1 COPYRIGHT
ace_initd is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.
=cut
@
1.4
log
@docs
@
text
@d1 1
a1 1
#!/usr/local/bin/perl
d3 1
a3 1
# $Id: ace_initd,v 1.3 2001/06/19 17:15:33 root Exp root $
d9 1
a9 1
use Config::General;
d11 1
a11 2
my $conf = new Config::General("/etc/ace_initd.conf");
my %config = $conf->getall;
d13 30
a42 1
$ENV{'VAR_ACE'} = $config{'VAR_ACE'};
d44 7
a50 3
my $port = $config{'port'} || 1969;
my $syslog = $config{'syslog'} || "local2";
my $secret = $config{'AuthCryptKey'} || "secret";
d54 6
a59 3
my $server = IO::Socket::INET->new ( LocalPort => $port,
Proto => 'udp' )
or die "Couldn't be a tcp server on port $port: $!\n";
d61 1
a61 2
openlog ( 'ace_initd', 'nowait', $syslog );
a67 1
my $pid;
a69 2
d74 15
a88 15
if ( ! $ACE{$request} ) {
$ACE{$request} = new Authen::ACE;
}
if ( $type eq "check" ) {
($result,$info) = $ACE{$request}->Check($passcode,$username);
}
if ( $type eq "next" ) {
($result,$info) = $ACE{$request}->Next($passcode);
}
if ( $type eq "pin" ) {
($result,$info) = $ACE{$request}->PIN($passcode);
}
if ( $result != 5 && $result != 2 ) {
delete $ACE{$request};
}
d91 2
a92 2
$result = 1;
syslog ( 'err', '$type $username $result via exception');
d95 6
a100 6
syslog ( 'info', '$type $username $result:$$info{system_pin}:$$info{min_pin_len}:$$info{max_pin_len}:$$info{alphanumeric}:$$info{user_selectable}');
if ( $result ) {
$mesg = "$rand:$result:$$info{system_pin}:$$info{min_pin_len}:$$info{max_pin_len}:$$info{alphanumeric}:$$info{user_selectable}";
} else {
$mesg = "$rand:$result:::::";
}
d105 8
a112 1
d123 1
a123 7
# Configuration in /etc/ace_initd.conf
VAR_ACE /the/ace/data/directory
port 1969
AuthCryptKey Encryption_Key
syslog local2
a134 1
d139 1
a139 1
VAR_ACE
d142 1
a142 1
F</opt/ace/data> if this variable is not set.
d145 1
a145 1
AuthCryptKey
d151 1
a151 1
ace_initd_port
d157 1
a157 1
syslog
d162 4
a176 1
a178 1
d197 3
@
1.3
log
@*** empty log message ***
@
text
@d3 1
a3 1
# $Id: ace_initd,v 1.2 2001/01/18 20:50:27 root Exp $
d17 1
a17 1
my $syslog = $config{'syslog'} || LOG_LOCAL_2;
d24 1
a24 1
or die "Couldn't be a tcp server on port 1010: $!\n";
d27 1
a27 1
openlog ( 'ace_initd', '', $syslog );
d76 94
@
1.2
log
@*** empty log message ***
@
text
@d3 2
@
1.1
log
@Initial revision
@
text
@d7 1
d9 2
a10 1
$ENV{'VAR_ACE'} = "/opt/ace/data";
d12 1
a12 1
$SIG{CHLD} = 'IGNORE';
d14 3
a16 1
my $crypt = new Crypt::CBC ( "this is the key", "Blowfish" );
d18 1
d20 1
a20 1
my $server = IO::Socket::INET->new ( LocalPort => 1969,
d25 1
a25 1
openlog ( 'ace_initd', '', 'LOG_LOCAL_2' );
d66 1
a66 1
$mesg = "$rand:$results:::::";
@