diff options
| author | Piotr Pawlow <pp@siedziba.pl> | 2017-03-19 17:47:45 +0100 |
|---|---|---|
| committer | Piotr Pawlow <pp@siedziba.pl> | 2017-03-19 17:47:45 +0100 |
| commit | 4251d5f5e46a822b56e8a8c52c2aea53f107065b (patch) | |
| tree | e73689bf55f073480d59d9293c7a839dfe5d59de | |
Initial commit.
| -rw-r--r-- | auth.php | 44 | ||||
| -rw-r--r-- | composer.json | 5 | ||||
| -rw-r--r-- | config_default.json | 8 |
3 files changed, 57 insertions, 0 deletions
diff --git a/auth.php b/auth.php new file mode 100644 index 0000000..7e839c9 --- /dev/null +++ b/auth.php @@ -0,0 +1,44 @@ +<?php +include_once "vendor/autoload.php"; +use OTPHP\TOTP; + +function load_config($file) { + $json = file_get_contents($file); + if ($json === FALSE) die("Error reading config file $file\n"); + $config = json_decode($json); + if (!is_object($config)) die("Bad config file $file\n"); + return $config; +} + +$lockfile = fopen(__FILE__, 'r'); +if ($lockfile === FALSE) die("Cannot open lock file\n"); +if (!flock($lockfile, LOCK_EX)) die("Cannot acquire exclisive lock\n"); + +$options = getopt("c:"); +$config = load_config(@$options['c']); +$config_default = load_config(__DIR__.'/config_default.json'); + +foreach($config_default as $k => $v) if (!isset($config->{$k})) $config->{$k} = $v; + +if (!preg_match('/^[A-Z2-7]+$/i', $config->secret)) die("Base32 encoded secret required\n"); +$totp = new TOTP(null, $config->secret, $config->period, $config->digest, $config->digits); +while(true) { + sleep($config->delay); + echo "Czas serwera: "; + $now = new DateTime(); + echo $now->format('Y-m-d H:i:s'); + echo "\n"; + echo "Podaj kod:\n"; + $code = readline(); + if ($totp->verify($code, null, $config->window)) { + break; + } else { + echo "Zły kod\n"; + echo "Spróbuj ponownie\n"; + } +} +fclose($lockfile); + +$cmd = getenv('SSH_ORIGINAL_COMMAND'); +if ($cmd !== FALSE) passthru($cmd); +else passthru(getenv('SHELL').' -'); diff --git a/composer.json b/composer.json new file mode 100644 index 0000000..c259f57 --- /dev/null +++ b/composer.json @@ -0,0 +1,5 @@ +{ + "require": { + "spomky-labs/otphp": "^8.3" + } +} diff --git a/config_default.json b/config_default.json new file mode 100644 index 0000000..a0f795d --- /dev/null +++ b/config_default.json @@ -0,0 +1,8 @@ +{ + "secret": "*** Base32 encoded secret ***", + "period": 30, + "window": 1, + "digest": "sha1", + "digits": 6, + "delay": 3 +}
\ No newline at end of file |