From: paulr Date: Mon, 6 Dec 2010 07:31:32 +0000 (+1100) Subject: added varius components for supporting user website. X-Git-Url: http://git.pjr.cc/?a=commitdiff_plain;h=1e9b1b3a5c4dd1f033ae5f3145d7bb7bcd73a4d6;p=ga4php.git added varius components for supporting user website. --- diff --git a/authserver/authd/authd.php b/authserver/authd/authd.php index 3f723e5..67036a7 100644 --- a/authserver/authd/authd.php +++ b/authserver/authd/authd.php @@ -48,7 +48,26 @@ if($pid == -1) { $authval = $myga->authenticateUser($username, $passcode); msg_send($cl_queue, MSG_AUTH_USER_TOKEN, $authval); break; - + case MSG_GET_OTK_ID: + if(!isset($msg["username"])) { + msg_send($cl_queue, MSG_GET_OTK_ID, false); + } else { + $username = $msg["username"]; + $sql = "select users_otk from users where users_username='$username'"; + $dbo = getDatabase(); + $res = $dbo->query($sql); + $otkid = ""; + foreach($res as $row) { + $otkid = $row["users_otk"]; + } + + if($otkid == "") { + msg_send($cl_queue, MSG_GET_OTK_ID, false); + } else { + msg_send($cl_queue, MSG_GET_OTK_ID, $otkid); + } + } + break; case MSG_GET_OTK_PNG: if(!isset($msg["otk"])) { msg_send($cl_queue, MSG_GET_OTK_PNG, false); @@ -64,6 +83,8 @@ if($pid == -1) { if($username == "") { msg_send($cl_queue, MSG_GET_OTK_PNG, false); + } else if($username != $msg["username"]) { + msg_send($cl_queue, MSG_GET_OTK_PNG, false); } else { $hand = fopen("otks/$otk.png", "rb"); $data = fread($hand, filesize("otks/$otk.png")); diff --git a/authserver/lib/authClient.php b/authserver/lib/authClient.php index e1b941f..62419bd 100644 --- a/authserver/lib/authClient.php +++ b/authserver/lib/authClient.php @@ -55,7 +55,32 @@ class GAAuthClient { return $msg; } - function getOtkPng($otk) { + function getOtkID($username) { + global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT; + + + if(!msg_queue_exists($MSG_QUEUE_KEY_ID_SERVER)) { + return false; + } + + if(!msg_queue_exists($MSG_QUEUE_KEY_ID_CLIENT)) { + return false; + } + // TODO we need to setup a client queue sem lock here + + $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT); + $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER); + + $message["username"] = $username; + msg_send($sr_queue, MSG_GET_OTK_ID, $message, true, true, $msg_err); + + msg_receive($cl_queue, 0, $msg_type, 16384, $msg); + + return $msg; + + } + + function getOtkPng($username, $otk) { global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT; @@ -72,6 +97,7 @@ class GAAuthClient { $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER); $message["otk"] = $otk; + $message["username"] = $username; error_log("sending message, $otk"); msg_send($sr_queue, MSG_GET_OTK_PNG, $message, true, true, $msg_err); @@ -201,7 +227,6 @@ class GAAuthClient { $message["passcode"] = $passcode; msg_send($sr_queue, MSG_AUTH_USER_TOKEN, $message, true, true, $msg_err); - echo "message sent\n"; msg_receive($cl_queue, 0, $msg_type, 16384, $msg); diff --git a/authserver/lib/lib.php b/authserver/lib/lib.php index 9737566..689389a 100644 --- a/authserver/lib/lib.php +++ b/authserver/lib/lib.php @@ -14,6 +14,7 @@ define("MSG_SET_USER_TOKEN", 7); define("MSG_SET_USER_TOKEN_TYPE", 8); define("MSG_GET_USERS", 9); define("MSG_GET_OTK_PNG", 10); +define("MSG_GET_OTK_ID", 11); if(file_exists("../../lib/ga4php.php")) require_once("../../lib/ga4php.php"); if(file_exists("../lib/ga4php.php")) require_once("../lib/ga4php.php"); diff --git a/authserver/usercmd.php b/authserver/usercmd.php index aad5e3a..d19fa54 100644 --- a/authserver/usercmd.php +++ b/authserver/usercmd.php @@ -35,20 +35,25 @@ if(!isset($argv[1])) { echo "\tsettoken: settoken - sets the key (hex) for a token\n"; echo "\tsettype: settype - sets a token type for a user\n"; echo "\tgetusers: getusers - gets a list of users\n"; - echo "\tgetotk: getotk - gets the OTK png for a key\n"; + echo "\tgetotk: getotk - gets the OTKID for a key\n"; + echo "\tradauth: radauth - for radius, only returns a code\n"; return 0; } switch($argv[1]) { + case "radauth": + if($myAC->authUserToken($argv[2], $argv[3])==1) { + return 0; + } else { + return 255; + } + break; case "getotk": - $val = $myAC->getOtkPng($argv[2]); + $val = $myAC->getOtkID($argv[2]); if($val === false) { echo "Failure\n"; } else { - $hand = fopen("val.png", "w"); - fwrite($hand, $val); - fclose($hand); - echo "In val.png\n"; + echo "$val\n"; } break; case "auth": diff --git a/authserver/www/admin.php b/authserver/www/admin.php index b47978f..e214751 100644 --- a/authserver/www/admin.php +++ b/authserver/www/admin.php @@ -11,7 +11,7 @@ * then user admin would be less disconnected. I.e. if a user was deleted from AD, their token * data should disappear with them. */ -require_once("actions.php"); +require_once("admin_actions.php"); // the logged in component if($loggedin) { @@ -20,7 +20,7 @@ if($loggedin) { Welcome to the Google Authenticator Authentication Server Manager Application

Users

- +getUsers(); foreach($users as $user) { @@ -35,7 +35,7 @@ foreach($users as $user) { if($user["hastoken"]) $hastoken = "Yes"; else $hastoken = "No"; - if($user["otk"]!="") $otk = "Get"; + if($user["otk"]!="") $otk = "Get"; else $otk = "Already Claimed"; $delete = "Delete"; @@ -47,6 +47,15 @@ foreach($users as $user) {
UsernameRealNameHas Password?Has Token?OTKUpdateDelete
UsernameRealNameHas Password?Has Token?One Time KeyUpdateDelete

Create User(s) - Enter a comma seperated list of names:
+Got One Time Key for user $username, this one-time-key can only be retrieved once, after that it is deleted
"; + echo "\"one
"; +} + +?>

Radius Clients

Not yet implemented diff --git a/authserver/www/admin_actions.php b/authserver/www/admin_actions.php index d6a224c..bddbc55 100644 --- a/authserver/www/admin_actions.php +++ b/authserver/www/admin_actions.php @@ -32,7 +32,12 @@ if(isset($_REQUEST["action"])) { break; case "createuser": $username = $_REQUEST["username"]; - $myAC->addUser($username); + $users = explode(",",$username); + foreach($users as $user) { + $user = trim($user); + error_log("createing, $user\n"); + if($user != "" && strlen($user)>2) $myAC->addUser($user); + } header("Location: admin.php"); exit(0); break; @@ -57,10 +62,10 @@ if(isset($_REQUEST["action"])) { $myAC->setUserPass($username, ""); break; case "getotkimg": - $otk = $_REQUEST["otk"]; + $username = $_REQUEST["username"]; error_log("requesting otk, $otk"); - $otk_img = $myAC->getOtkPng($otk); + $otk_img = $myAC->getOtkPng($username,$otk); header("Content-type: image/png"); echo $otk_img; exit(0); diff --git a/authserver/www/index.php b/authserver/www/index.php new file mode 100644 index 0000000..c8824b8 --- /dev/null +++ b/authserver/www/index.php @@ -0,0 +1,32 @@ + + +

Welcome to the GAAS User Self Admin Site

+Login Failure"; +} + +if(!$loggedin) { +?> +
+Username:
+Token Code:
+ +
+ + + +Hi user + + + + diff --git a/authserver/www/user_actions.php b/authserver/www/user_actions.php new file mode 100644 index 0000000..70e281a --- /dev/null +++ b/authserver/www/user_actions.php @@ -0,0 +1,38 @@ +authUserToken($username, $token)) { + + $_SESSION["loggedin"] = true; + $_SESSION["username"] = $username; + header("Location: index.php"); + } else { + error_log("login failed, $username, $token"); + header("Location: index.php?message=loginfail"); + } + break; + } +} +?> \ No newline at end of file