fixed the provision user method

author paulr <me@pjr.cc>

Fri, 25 Feb 2011 18:13:14 +0000 (05:13 +1100)

committer paulr <me@pjr.cc>

Fri, 25 Feb 2011 18:13:14 +0000 (05:13 +1100)
author paulr <me@pjr.cc>
Fri, 25 Feb 2011 18:13:14 +0000 (05:13 +1100)
committer paulr <me@pjr.cc>
Fri, 25 Feb 2011 18:13:14 +0000 (05:13 +1100)
diff --git a/gaas/gaasd/gaasclient.php b/gaas/gaasd/gaasclient.php

index d671d5c..8b17bfd 100644 (file)
--- a/gaas/gaasd/gaasclient.php
+++ b/gaas/gaasd/gaasclient.php
@@ -69,6 +69,11 @@ switch($argv[1]) {
                break;
        case "provision":
                $username = $argv[2];
+               $ttype = "";
+               $tkey = "";
+               if(isset($argv[3])) $ttype = $argv[3];
+               if(isset($argv[4])) $tkey = $argv[4];
+               $ret = $myga->MSG_PROVISION_USER($username, $ttype, $tkey);
                break;
        case "getusers":
                $group = "client";
diff --git a/gaas/lib/gaasClientMessages.php b/gaas/lib/gaasClientMessages.php

index 9f5f256..6cee61d 100644 (file)
--- a/gaas/lib/gaasClientMessages.php
+++ b/gaas/lib/gaasClientMessages.php
@@ -70,6 +70,15 @@ function gaasSetAdminGroup_clientsend($params)
 function gaasProvisionUser_clientsend($params)
 {
        $msg["username"] = $params[0];
+       $msg["tokentype"] = "";
+       $msg["tokenkey"] = "";
+       if(isset($params[1])) {
+               $msg["tokentype"] = $params[1];
+       }
+       if(isset($params[2])) {
+               $msg["tokenkey"] = $params[2];
+       }
+       echo "sending msg\n";
        return $msg;
 }
 
diff --git a/gaas/lib/gaasdLib.php b/gaas/lib/gaasdLib.php

index 18ce1bf..f854666 100644 (file)
--- a/gaas/lib/gaasdLib.php
+++ b/gaas/lib/gaasdLib.php
@@ -51,9 +51,11 @@ function createDB()
        
        // users_tokendata is used by ga4php, users_otk is the qrcode data link if needed, 
        // tokentype is the software/hardware token types
-       $sql = 'CREATE TABLE "users" ("users_id" INTEGER PRIMARY KEY AUTOINCREMENT,"users_username" TEXT, "users_realname" TEXT, \
-               "users_password" TEXT, "users_tokendata" TEXT, "users_qrcodeid" TEXT, "user_enabled" TEXT, "users_tokentype" TEXT);';
+       $sql = 'CREATE TABLE "users" ("users_id" INTEGER PRIMARY KEY AUTOINCREMENT,"users_username" TEXT, "users_realname" TEXT, "users_password" TEXT, "users_tokendata" TEXT, "users_qrcodeid" TEXT, "user_enabled" TEXT, "users_tokentype" TEXT);';
        $dbobject->query($sql);
+       //if(!$res) {
+               //echo "Create user table failed\n";
+       //}
        $sql = 'CREATE TABLE "config" ("conf_id" INTEGER PRIMARY KEY AUTOINCREMENT,"conf_name" TEXT, "conf_value" TEXT);';
        $dbobject->query($sql);
        $sql = 'CREATE TABLE "radclients" ("rad_id" INTEGER PRIMARY KEY AUTOINCREMENT,"rad_name" TEXT, "rad_ip" TEXT, "rad_secret" TEXT, "rad_desc" TEXT);';
@@ -189,15 +191,17 @@ class gaasdGA extends GoogleAuthenticator
                
                // we need to check if the user exists, and if so put the data, if not create the data
                $sql = "select * from users where users_username='$username'";
+               echo "sql was: $sql\n";
                $res = $dbObject->query($sql);
                if($res->fetchColumn() > 0) {
                        // do update
                        //error_log("doing userdata update");
+                       //"users_id" INTEGER PRIMARY KEY AUTOINCREMENT,"users_username" TEXT, "users_realname" TEXT, "users_password" TEXT, "users_tokendata" TEXT, "users_qrcodeid" TEXT, "user_enabled" TEXT, "users_tokentype" TEXT)
                        $sql = "update users set users_tokendata='$data' where users_username='$username'";
                } else {
                        // do insert
                        //error_log("doing user data create");
-                       $sql = "insert into users values (NULL, '$username', '', '', '$data', '')";
+                       $sql = "insert into users values (NULL, '$username', '', '', '$data', '', '1', 'software')";
                }
                
                if($dbObject->query($sql)) {
diff --git a/gaas/lib/gaasdMessages.php b/gaas/lib/gaasdMessages.php

index 5115759..82a07e1 100644 (file)
--- a/gaas/lib/gaasdMessages.php
+++ b/gaas/lib/gaasdMessages.php
@@ -89,6 +89,7 @@ function gaasInitServer_server($msg)
                confSetVal("ad.clientdef", $adclientdef);
                confSetVal("ad.admindef", $adadmindef);
                confSetVal("backend", "AD");
+               confSetVal("defaulttokentype", "TOTP");
                
                $initState = true;
                $backEnd = "AD";
@@ -172,8 +173,31 @@ function gaasProvisionUser_server($msg)
 {
        
        // function userInGroup($user, $domain, $adlogin, $adpass, $group)
+       echo "in provision user\n";
+       print_r($msg);
+       $dttype = confGetVal("defaulttokentype");
+       if($dttype != "HOTP" && $dttype != "TOTP") {
+               echo "default token type not set, setting to TOTP\n";
+               confSetVal("defaulttokentype", "TOTP");
+               $dttype = "TOTP";
+       }
+       if($msg["tokentype"] == "") {
+               $ttype = confGetVal("defaulttokentype");
+       } else {
+               $ttype = $msg["tokentype"];
+       }
+       if($ttype != "HOTP" && $ttype != "TOTP") {
+               echo "using default token type, $dttype because user entered value of $ttype doesnt make sense\n";
+               $ttype = $dttype;
+       }
+       $tkey = $msg["tokenkey"];
        if(confGetVal("backend") == "AD") {
-               userInGroup($msg["username"], confGetVal("ad.domain"), confGetVal("ad.user", $adlogin), confGetVal("ad.pass"), confGetVal("ad.clientdef"));
+               if(userInGroup($msg["username"], confGetVal("ad.domain"), confGetVal("ad.user"), confGetVal("ad.pass"), confGetVal("ad.clientdef"))) {
+                       $myga = new gaasdGA();
+                       $myga->setUser($msg["username"], $ttype, "", $tkey);
+               } else {
+                       echo "User not in client group\n";
+               }
        } else {
                // internal db
        }
diff --git a/gaas/lib/globalLib.php b/gaas/lib/globalLib.php

index a49f1ef..db2ef2e 100644 (file)
--- a/gaas/lib/globalLib.php
+++ b/gaas/lib/globalLib.php
@@ -5,7 +5,7 @@ $BASE_DIR = realpath(dirname(__FILE__)."/../../");
 global $BASE_DIR;
 
 // the tcp port number we use for comms
-$TCP_PORT_NUMBER = 21336;
+$TCP_PORT_NUMBER = 21356;
 global $TCP_PORT_NUMBER;
 
 
@@ -142,13 +142,15 @@ function userInGroup($user, $domain, $adlogin, $adpass, $group)
        
        //exit(0);
        
+       //echo "usercn: $usercn\n";
        $basecn = preg_replace("/,$/", "", $tcn);
        $sr = ldap_search($cnt, "$basecn", "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))");
        $fil = "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))";
        $info = ldap_get_entries($cnt, $sr);
        foreach($info as $kpot => $lpot) {
                if(isset($lpot["samaccountname"])) {
-                       if($lpot["cn"][0] == $group) return true;
+                       //echo "checking: ".$lpot["cn"][0]."\n";
+                       if(strtolower($lpot["cn"][0]) == strtolower($group)) return true;
                }
        }
        return false;
author	paulr <me@pjr.cc>
	Fri, 25 Feb 2011 18:13:14 +0000 (05:13 +1100)
committer	paulr <me@pjr.cc>
	Fri, 25 Feb 2011 18:13:14 +0000 (05:13 +1100)
gaas/gaasd/gaasclient.php		patch \| blob \| history
gaas/lib/gaasClientMessages.php		patch \| blob \| history
gaas/lib/gaasdLib.php		patch \| blob \| history
gaas/lib/gaasdMessages.php		patch \| blob \| history
gaas/lib/globalLib.php		patch \| blob \| history