From: paulr Date: Fri, 25 Feb 2011 18:13:14 +0000 (+1100) Subject: fixed the provision user method X-Git-Url: http://git.pjr.cc/?a=commitdiff_plain;h=1d0624b43d97b21304c89b482ebad52b07700559;p=ga4php.git fixed the provision user method --- diff --git a/gaas/gaasd/gaasclient.php b/gaas/gaasd/gaasclient.php index d671d5c..8b17bfd 100644 --- a/gaas/gaasd/gaasclient.php +++ b/gaas/gaasd/gaasclient.php @@ -69,6 +69,11 @@ switch($argv[1]) { break; case "provision": $username = $argv[2]; + $ttype = ""; + $tkey = ""; + if(isset($argv[3])) $ttype = $argv[3]; + if(isset($argv[4])) $tkey = $argv[4]; + $ret = $myga->MSG_PROVISION_USER($username, $ttype, $tkey); break; case "getusers": $group = "client"; diff --git a/gaas/lib/gaasClientMessages.php b/gaas/lib/gaasClientMessages.php index 9f5f256..6cee61d 100644 --- a/gaas/lib/gaasClientMessages.php +++ b/gaas/lib/gaasClientMessages.php @@ -70,6 +70,15 @@ function gaasSetAdminGroup_clientsend($params) function gaasProvisionUser_clientsend($params) { $msg["username"] = $params[0]; + $msg["tokentype"] = ""; + $msg["tokenkey"] = ""; + if(isset($params[1])) { + $msg["tokentype"] = $params[1]; + } + if(isset($params[2])) { + $msg["tokenkey"] = $params[2]; + } + echo "sending msg\n"; return $msg; } diff --git a/gaas/lib/gaasdLib.php b/gaas/lib/gaasdLib.php index 18ce1bf..f854666 100644 --- a/gaas/lib/gaasdLib.php +++ b/gaas/lib/gaasdLib.php @@ -51,9 +51,11 @@ function createDB() // users_tokendata is used by ga4php, users_otk is the qrcode data link if needed, // tokentype is the software/hardware token types - $sql = 'CREATE TABLE "users" ("users_id" INTEGER PRIMARY KEY AUTOINCREMENT,"users_username" TEXT, "users_realname" TEXT, \ - "users_password" TEXT, "users_tokendata" TEXT, "users_qrcodeid" TEXT, "user_enabled" TEXT, "users_tokentype" TEXT);'; + $sql = 'CREATE TABLE "users" ("users_id" INTEGER PRIMARY KEY AUTOINCREMENT,"users_username" TEXT, "users_realname" TEXT, "users_password" TEXT, "users_tokendata" TEXT, "users_qrcodeid" TEXT, "user_enabled" TEXT, "users_tokentype" TEXT);'; $dbobject->query($sql); + //if(!$res) { + //echo "Create user table failed\n"; + //} $sql = 'CREATE TABLE "config" ("conf_id" INTEGER PRIMARY KEY AUTOINCREMENT,"conf_name" TEXT, "conf_value" TEXT);'; $dbobject->query($sql); $sql = 'CREATE TABLE "radclients" ("rad_id" INTEGER PRIMARY KEY AUTOINCREMENT,"rad_name" TEXT, "rad_ip" TEXT, "rad_secret" TEXT, "rad_desc" TEXT);'; @@ -189,15 +191,17 @@ class gaasdGA extends GoogleAuthenticator // we need to check if the user exists, and if so put the data, if not create the data $sql = "select * from users where users_username='$username'"; + echo "sql was: $sql\n"; $res = $dbObject->query($sql); if($res->fetchColumn() > 0) { // do update //error_log("doing userdata update"); + //"users_id" INTEGER PRIMARY KEY AUTOINCREMENT,"users_username" TEXT, "users_realname" TEXT, "users_password" TEXT, "users_tokendata" TEXT, "users_qrcodeid" TEXT, "user_enabled" TEXT, "users_tokentype" TEXT) $sql = "update users set users_tokendata='$data' where users_username='$username'"; } else { // do insert //error_log("doing user data create"); - $sql = "insert into users values (NULL, '$username', '', '', '$data', '')"; + $sql = "insert into users values (NULL, '$username', '', '', '$data', '', '1', 'software')"; } if($dbObject->query($sql)) { diff --git a/gaas/lib/gaasdMessages.php b/gaas/lib/gaasdMessages.php index 5115759..82a07e1 100644 --- a/gaas/lib/gaasdMessages.php +++ b/gaas/lib/gaasdMessages.php @@ -89,6 +89,7 @@ function gaasInitServer_server($msg) confSetVal("ad.clientdef", $adclientdef); confSetVal("ad.admindef", $adadmindef); confSetVal("backend", "AD"); + confSetVal("defaulttokentype", "TOTP"); $initState = true; $backEnd = "AD"; @@ -172,8 +173,31 @@ function gaasProvisionUser_server($msg) { // function userInGroup($user, $domain, $adlogin, $adpass, $group) + echo "in provision user\n"; + print_r($msg); + $dttype = confGetVal("defaulttokentype"); + if($dttype != "HOTP" && $dttype != "TOTP") { + echo "default token type not set, setting to TOTP\n"; + confSetVal("defaulttokentype", "TOTP"); + $dttype = "TOTP"; + } + if($msg["tokentype"] == "") { + $ttype = confGetVal("defaulttokentype"); + } else { + $ttype = $msg["tokentype"]; + } + if($ttype != "HOTP" && $ttype != "TOTP") { + echo "using default token type, $dttype because user entered value of $ttype doesnt make sense\n"; + $ttype = $dttype; + } + $tkey = $msg["tokenkey"]; if(confGetVal("backend") == "AD") { - userInGroup($msg["username"], confGetVal("ad.domain"), confGetVal("ad.user", $adlogin), confGetVal("ad.pass"), confGetVal("ad.clientdef")); + if(userInGroup($msg["username"], confGetVal("ad.domain"), confGetVal("ad.user"), confGetVal("ad.pass"), confGetVal("ad.clientdef"))) { + $myga = new gaasdGA(); + $myga->setUser($msg["username"], $ttype, "", $tkey); + } else { + echo "User not in client group\n"; + } } else { // internal db } diff --git a/gaas/lib/globalLib.php b/gaas/lib/globalLib.php index a49f1ef..db2ef2e 100644 --- a/gaas/lib/globalLib.php +++ b/gaas/lib/globalLib.php @@ -5,7 +5,7 @@ $BASE_DIR = realpath(dirname(__FILE__)."/../../"); global $BASE_DIR; // the tcp port number we use for comms -$TCP_PORT_NUMBER = 21336; +$TCP_PORT_NUMBER = 21356; global $TCP_PORT_NUMBER; @@ -142,13 +142,15 @@ function userInGroup($user, $domain, $adlogin, $adpass, $group) //exit(0); + //echo "usercn: $usercn\n"; $basecn = preg_replace("/,$/", "", $tcn); $sr = ldap_search($cnt, "$basecn", "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))"); $fil = "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))"; $info = ldap_get_entries($cnt, $sr); foreach($info as $kpot => $lpot) { if(isset($lpot["samaccountname"])) { - if($lpot["cn"][0] == $group) return true; + //echo "checking: ".$lpot["cn"][0]."\n"; + if(strtolower($lpot["cn"][0]) == strtolower($group)) return true; } } return false;