From: paulr Date: Tue, 7 Dec 2010 22:31:14 +0000 (+1100) Subject: set token types X-Git-Url: http://git.pjr.cc/?a=commitdiff_plain;h=2d6b0d3ff36c0e388ea51163cb2ebee072a03dab;p=ga4php.git set token types and ssync tokens --- diff --git a/authserver/authd/authd.php b/authserver/authd/authd.php index c1e1722..576a507 100644 --- a/authserver/authd/authd.php +++ b/authserver/authd/authd.php @@ -122,10 +122,17 @@ if($pid == -1) { $tokenone = $msg["tokenone"]; $tokentwo = $msg["tokentwo"]; - msg_send($cl_queue,MSG_SYNC_TOKEN, $myga->resyncCode($username, $tokenone, $tokentwo)); + msg_send($cl_queue, MSG_SYNC_TOKEN, $myga->resyncCode($msg["username"], $tokenone, $tokentwo)); } break; + case MSG_GET_TOKEN_TYPE: + if(!isset($msg["username"])) { + msg_send($cl_queue, MSG_GET_TOKEN_TYPE, false); + } else { + msg_send($cl_queue, MSG_GET_TOKEN_TYPE, $myga->getTokenType($msg["username"])); + } + break; case MSG_ADD_USER_TOKEN: echo "Call to add user token\n"; if(!isset($msg["username"])) { diff --git a/authserver/lib/authClient.php b/authserver/lib/authClient.php index 735c8a1..ba6c2ff 100644 --- a/authserver/lib/authClient.php +++ b/authserver/lib/authClient.php @@ -30,6 +30,29 @@ class GAAuthClient { } + function getUserTokenType($username) { + global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT; + + + if(!msg_queue_exists($MSG_QUEUE_KEY_ID_SERVER)) { + return false; + } + + if(!msg_queue_exists($MSG_QUEUE_KEY_ID_CLIENT)) { + return false; + } + // TODO we need to setup a client queue sem lock here + + $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT); + $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER); + + $message["username"] = $username; + msg_send($sr_queue, MSG_GET_TOKEN_TYPE, $message, true, true, $msg_err); + + msg_receive($cl_queue, 0, $msg_type, 16384, $msg); + return $msg; + } + function setUserToken($username, $token) { global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT; diff --git a/authserver/lib/lib.php b/authserver/lib/lib.php index c3ac220..83d7ced 100644 --- a/authserver/lib/lib.php +++ b/authserver/lib/lib.php @@ -17,6 +17,7 @@ define("MSG_GET_OTK_PNG", 10); define("MSG_GET_OTK_ID", 11); define("MSG_DELETE_USER_TOKEN", 12); define("MSG_SYNC_TOKEN", 13); +define("MSG_GET_TOKEN_TYPE", 14); // BASE_DIR = $BASE_DIR = realpath(dirname(__FILE__)."/../../"); diff --git a/authserver/usercmd.php b/authserver/usercmd.php index 5888c0f..1d4db80 100644 --- a/authserver/usercmd.php +++ b/authserver/usercmd.php @@ -38,10 +38,15 @@ if(!isset($argv[1])) { echo "\tgetotk: getotk - gets the OTKID for a key\n"; echo "\tradauth: radauth - for radius, only returns a code\n"; echo "\tsynctoken: synctoken - resync's a hotp token based on two token codes\n"; + echo "\ttokentype: tokentype - gets the token type for a user\n"; return 0; } switch($argv[1]) { + case "tokentype": + $msg = $myAC->getUserTokenType($argv[2]); + echo "token type: $msg\n"; + break; case "synctoken": if($myAC->syncUserToken($argv[2], $argv[3], $argv[4])) { echo "Token synced\n"; diff --git a/authserver/www/admin.php b/authserver/www/admin.php index bc61744..24d02b4 100644 --- a/authserver/www/admin.php +++ b/authserver/www/admin.php @@ -56,6 +56,21 @@ if(isset($_REQUEST["edituser"])) { +getUserTokenType($username)=="HOTP") { +?> +
+

Resync Tokens

+ + + +
Token One
Token Two
+ +
+ +

Custom Tokens - doesnt work yet


For assiging in a user-created or hardware tokens
diff --git a/authserver/www/admin_actions.php b/authserver/www/admin_actions.php index e5ddb11..a3511e2 100644 --- a/authserver/www/admin_actions.php +++ b/authserver/www/admin_actions.php @@ -10,6 +10,29 @@ else $loggedin = false; if(isset($_REQUEST["action"])) { switch($_REQUEST["action"]) { + case "customtoken": + $ttype = $_REQUEST["tokentype"]; + $tkey = $_REQUEST["tokenkey"]; + $username = $_REQUEST["username"]; + $ret1 = $myAC->setUserTokenType($username, $ttype); + $ret2 = $myAC->setUserToken($username, $tkey); + error_log("got, $ret1, $ret2..."); + break; + case "synctoken": + $username = $_REQUEST["username"]; + $tokenone = $_REQUEST["tokenone"]; + $tokentwo = $_REQUEST["tokentwo"]; + $retval = $myAC->syncUserToken($username, $tokenone, $tokentwo); + error_log("retval: $retval"); + if($retval) { + header("Location: ?message=".urlencode("token synced")); + exit(0); + } else { + header("Location: ?error=".urlencode("token not synced")); + exit(0); + } + + break; case "recreatehotptoken": $username = $_REQUEST["username"]; $myAC->addUser($username, "HOTP"); diff --git a/lib/ga4php.php b/lib/ga4php.php index 3870f9c..125556a 100644 --- a/lib/ga4php.php +++ b/lib/ga4php.php @@ -222,7 +222,7 @@ abstract class GoogleAuthenticator { $stest2 = $this->oath_hotp($tkey, $i+1); if($code2 == $stest2) { $tokendata["tokencounter"] = $i+1; - internalPutData($username, $tokendata); + $this->internalPutData($username, $tokendata); return true; } }