$authval = $myga->authenticateUser($username, $passcode);
msg_send($cl_queue, MSG_AUTH_USER_TOKEN, $authval);
break;
-
+ case MSG_GET_OTK_ID:
+ if(!isset($msg["username"])) {
+ msg_send($cl_queue, MSG_GET_OTK_ID, false);
+ } else {
+ $username = $msg["username"];
+ $sql = "select users_otk from users where users_username='$username'";
+ $dbo = getDatabase();
+ $res = $dbo->query($sql);
+ $otkid = "";
+ foreach($res as $row) {
+ $otkid = $row["users_otk"];
+ }
+
+ if($otkid == "") {
+ msg_send($cl_queue, MSG_GET_OTK_ID, false);
+ } else {
+ msg_send($cl_queue, MSG_GET_OTK_ID, $otkid);
+ }
+ }
+ break;
case MSG_GET_OTK_PNG:
if(!isset($msg["otk"])) {
msg_send($cl_queue, MSG_GET_OTK_PNG, false);
if($username == "") {
msg_send($cl_queue, MSG_GET_OTK_PNG, false);
+ } else if($username != $msg["username"]) {
+ msg_send($cl_queue, MSG_GET_OTK_PNG, false);
} else {
$hand = fopen("otks/$otk.png", "rb");
$data = fread($hand, filesize("otks/$otk.png"));
return $msg;
}
- function getOtkPng($otk) {
+ function getOtkID($username) {
+ global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
+
+
+ if(!msg_queue_exists($MSG_QUEUE_KEY_ID_SERVER)) {
+ return false;
+ }
+
+ if(!msg_queue_exists($MSG_QUEUE_KEY_ID_CLIENT)) {
+ return false;
+ }
+ // TODO we need to setup a client queue sem lock here
+
+ $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT);
+ $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER);
+
+ $message["username"] = $username;
+ msg_send($sr_queue, MSG_GET_OTK_ID, $message, true, true, $msg_err);
+
+ msg_receive($cl_queue, 0, $msg_type, 16384, $msg);
+
+ return $msg;
+
+ }
+
+ function getOtkPng($username, $otk) {
global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
$sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER);
$message["otk"] = $otk;
+ $message["username"] = $username;
error_log("sending message, $otk");
msg_send($sr_queue, MSG_GET_OTK_PNG, $message, true, true, $msg_err);
$message["passcode"] = $passcode;
msg_send($sr_queue, MSG_AUTH_USER_TOKEN, $message, true, true, $msg_err);
- echo "message sent\n";
msg_receive($cl_queue, 0, $msg_type, 16384, $msg);
define("MSG_SET_USER_TOKEN_TYPE", 8);
define("MSG_GET_USERS", 9);
define("MSG_GET_OTK_PNG", 10);
+define("MSG_GET_OTK_ID", 11);
if(file_exists("../../lib/ga4php.php")) require_once("../../lib/ga4php.php");
if(file_exists("../lib/ga4php.php")) require_once("../lib/ga4php.php");
echo "\tsettoken: settoken <username> <tokenkey> - sets the key (hex) for a token\n";
echo "\tsettype: settype <username> <tokentype> - sets a token type for a user\n";
echo "\tgetusers: getusers - gets a list of users\n";
- echo "\tgetotk: getotk <username> - gets the OTK png for a key\n";
+ echo "\tgetotk: getotk <username> - gets the OTKID for a key\n";
+ echo "\tradauth: radauth <username> <pin> - for radius, only returns a code\n";
return 0;
}
switch($argv[1]) {
+ case "radauth":
+ if($myAC->authUserToken($argv[2], $argv[3])==1) {
+ return 0;
+ } else {
+ return 255;
+ }
+ break;
case "getotk":
- $val = $myAC->getOtkPng($argv[2]);
+ $val = $myAC->getOtkID($argv[2]);
if($val === false) {
echo "Failure\n";
} else {
- $hand = fopen("val.png", "w");
- fwrite($hand, $val);
- fclose($hand);
- echo "In val.png\n";
+ echo "$val\n";
}
break;
case "auth":
* then user admin would be less disconnected. I.e. if a user was deleted from AD, their token
* data should disappear with them.
*/
-require_once("actions.php");
+require_once("admin_actions.php");
// the logged in component
if($loggedin) {
Welcome to the Google Authenticator Authentication Server Manager Application<br>
<hr><h2>Users</h2>
<table border="1">
-<tr><th>Username</th><th>RealName</th><th>Has Password?</th><th>Has Token?</th><th>OTK</th><th>Update</th><th>Delete</th></tr>
+<tr><th>Username</th><th>RealName</th><th>Has Password?</th><th>Has Token?</th><th>One Time Key</th><th>Update</th><th>Delete</th></tr>
<?php
$users = $myAC->getUsers();
foreach($users as $user) {
if($user["hastoken"]) $hastoken = "Yes";
else $hastoken = "No";
- if($user["otk"]!="") $otk = "<a href=\"?action=getotkimg&otk=".$user["otk"]."\">Get</a>";
+ if($user["otk"]!="") $otk = "<a href=\"?action=getotk&username=$username&otk=".$user["otk"]."\">Get</a>";
else $otk = "Already Claimed";
$delete = "<a href=\"?action=delete&username=$username\">Delete</a>";
</table><br>
<form method="post" action="?action=createuser">Create User(s) - Enter a comma seperated list of names: <input type="text" name="username" size="120"> <input type="submit" value="Create"></form>
+<?php
+if(isset($_REQUEST["action"])) if($_REQUEST["action"] == "getotk") {
+ $username = $_REQUEST["username"];
+ $otk = $_REQUEST["otk"];
+ echo "<hr>Got One Time Key for user $username, this one-time-key can only be retrieved once, after that it is deleted<br>";
+ echo "<img src=\"?action=getotkimg&username=$username&otk=$otk\" alt=\"one time key error\"><br>";
+}
+
+?>
<hr><h2>Radius Clients</h2>
Not yet implemented
break;
case "createuser":
$username = $_REQUEST["username"];
- $myAC->addUser($username);
+ $users = explode(",",$username);
+ foreach($users as $user) {
+ $user = trim($user);
+ error_log("createing, $user\n");
+ if($user != "" && strlen($user)>2) $myAC->addUser($user);
+ }
header("Location: admin.php");
exit(0);
break;
$myAC->setUserPass($username, "");
break;
case "getotkimg":
-
$otk = $_REQUEST["otk"];
+ $username = $_REQUEST["username"];
error_log("requesting otk, $otk");
- $otk_img = $myAC->getOtkPng($otk);
+ $otk_img = $myAC->getOtkPng($username,$otk);
header("Content-type: image/png");
echo $otk_img;
exit(0);
--- /dev/null
+<?php
+
+require_once("user_actions.php");
+
+?>
+<html>
+<h1>Welcome to the GAAS User Self Admin Site</h1>
+<?php
+if(isset($_REQUEST["message"])) {
+ echo "<font color=\"red\"><i>Login Failure</i></font>";
+}
+
+if(!$loggedin) {
+?>
+<form method="post" action="?action=login">
+Username: <input type="text" name="username"><br>
+Token Code: <input type="text" name="tokencode"><br>
+<input type="submit" value="Login">
+</form>
+</html>
+<?php
+ exit(0);
+} else {
+?>
+
+Hi user
+</html>
+
+<?php
+}
+?>
+
--- /dev/null
+<?php
+require_once("../lib/authClient.php");
+
+$myAC = new GAAuthClient();
+
+
+$loggedin = false;
+session_start();
+
+if(isset($_SESSION["loggedin"])) if($_SESSION["loggedin"]) {
+ error_log("session exists, poof!");
+ $loggedin = true;
+} else {
+ error_log("no session");
+ $loggedin = false;
+}
+
+if(isset($_REQUEST["action"])) {
+ error_log("action set: ".$_REQUEST["action"]);
+ switch($_REQUEST["action"]) {
+ case "login":
+ error_log("being login");
+ $username = $_REQUEST["username"];
+ $token = $_REQUEST["tokencode"];
+
+ if($myAC->authUserToken($username, $token)) {
+
+ $_SESSION["loggedin"] = true;
+ $_SESSION["username"] = $username;
+ header("Location: index.php");
+ } else {
+ error_log("login failed, $username, $token");
+ header("Location: index.php?message=loginfail");
+ }
+ break;
+ }
+}
+?>
\ No newline at end of file
projects / ga4php.git / commitdiff