webauthn

lam-packaging/debian/copyright

@@ -415,6 +415,33 @@ E:
   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+F:  
+  
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.  
+
 
 Programs and licenses with other licenses and/or authors than the
 main license and authors:
@@ -438,6 +465,7 @@ templates/lib/extra/cropperjs               B  2018  Chen Fengyuan
 style/600_cropper*.css                      B  2018  Chen Fengyuan
 templates/lib/extra/duo/*.js                E  2019  Duo Security
 lib/3rdParty/duo/*.php                      E  2019  Duo Security
+graphics/webauthn.svg                       F  2017  Duo Security, Inc.
 templates/lib/600_jquery.magnific-popup.js  B  2016  Dmitry Semenov
 style/610_magnific-popup.css                B  2016  Dmitry Semenov
 style/responsive/105_normalize.css          B        Nicolas Gallagher and Jonathan Neal

lam/copyright

@@ -414,6 +414,33 @@ E:
   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+F:  
+  
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.  
+  
 
 Programs and licenses with other licenses and/or authors than the
 main license and authors:
@@ -437,6 +464,7 @@ templates/lib/extra/cropperjs               B  2018  Chen Fengyuan
 style/600_cropper*.css                      B  2018  Chen Fengyuan
 templates/lib/extra/duo/*.js                E  2019  Duo Security
 lib/3rdParty/duo/*.php                      E  2019  Duo Security
+graphics/webauthn.svg                       F  2017  Duo Security, Inc.
 templates/lib/600_jquery.magnific-popup.js  B  2016  Dmitry Semenov
 style/610_magnific-popup.css                B  2016  Dmitry Semenov
 style/responsive/105_normalize.css          B        Nicolas Gallagher and Jonathan Neal

lam/lib/2factor.inc

@@ -3,8 +3,8 @@ namespace LAM\LIB\TWO_FACTOR;
 use \selfServiceProfile;
 use \LAMConfig;
 use \htmlScript;
-use \htmlInputField;
 use \htmlIframe;
+use \htmlImage;
 
 /*
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
@@ -464,6 +464,76 @@ class DuoProvider extends BaseProvider {
 
 }
 
+/**
+ * Provider for Webauthn.
+ */
+class WebauthnProvider extends BaseProvider {
+
+	/**
+	 * Constructor.
+	 *
+	 * @param TwoFactorConfiguration $config configuration
+	 */
+	public function __construct(&$config) {
+		$this->config = $config;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::getSerials()
+	 */
+	public function getSerials($user, $password) {
+		return array('WEBAUTHN');
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::isShowSubmitButton()
+	 */
+	public function isShowSubmitButton() {
+		return false;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::hasCustomInputForm()
+	 */
+	public function hasCustomInputForm() {
+		return true;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @see \LAM\LIB\TWO_FACTOR\BaseProvider::addCustomInput()
+	 */
+	public function addCustomInput(&$row, $userDn) {
+		$pathPrefix = $this->config->isSelfService ? '../' : '';
+		$row->add(new htmlImage($pathPrefix . '../graphics/webauthn.svg'), 12);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::verify2ndFactor()
+	 */
+	public function verify2ndFactor($user, $password, $serial, $twoFactorInput) {
+		logNewMessage(LOG_DEBUG, 'PrivacyIDEAProvider: Checking 2nd factor for ' . $user);
+		$loginAttribute = $this->getLoginAttributeValue($user);
+		$response = $_POST['sig_response'];
+		include_once(__DIR__ . "/3rdParty/duo/Web.php");
+		$result = \Duo\Web::verifyResponse(
+				$this->config->twoFactorAuthenticationClientId,
+				$this->config->twoFactorAuthenticationSecretKey,
+				$this->getAKey(),
+				$response);
+		if ($result === $loginAttribute) {
+			return true;
+		}
+		logNewMessage(LOG_ERR, 'DUO authentication failed');
+		return false;
+	}
+
+}
+
 /**
  * Returns the correct 2 factor provider.
  */
@@ -477,6 +547,8 @@ class TwoFactorProviderService {
 	const TWO_FACTOR_YUBICO = 'yubico';
 	/** 2factor authentication via DUO */
 	const TWO_FACTOR_DUO = 'duo';
+	/** 2factor authentication via webauthn */
+	const TWO_FACTOR_WEBAUTHN = 'webauthn';
 
 	private $config;