From: paulr Date: Tue, 7 Dec 2010 09:35:10 +0000 (+1100) Subject: added a command for syncing tokens to the auth server X-Git-Url: http://git.pjr.cc/?a=commitdiff_plain;h=590f7600a8319d4ae08c32a32e7713ea6f9e2edb;p=ga4php.git added a command for syncing tokens to the auth server --- diff --git a/authserver/authd/authd.php b/authserver/authd/authd.php index 15416c0..c1e1722 100644 --- a/authserver/authd/authd.php +++ b/authserver/authd/authd.php @@ -115,6 +115,17 @@ if($pid == -1) { } break; + case MSG_SYNC_TOKEN: + if(!isset($msg["username"])) { + msg_send($cl_queue, MSG_SYNC_TOKEN, false); + } else { + $tokenone = $msg["tokenone"]; + $tokentwo = $msg["tokentwo"]; + + msg_send($cl_queue,MSG_SYNC_TOKEN, $myga->resyncCode($username, $tokenone, $tokentwo)); + } + + break; case MSG_ADD_USER_TOKEN: echo "Call to add user token\n"; if(!isset($msg["username"])) { diff --git a/authserver/authd/gaasdata.sqlite b/authserver/authd/gaasdata.sqlite new file mode 100644 index 0000000..4219f4c Binary files /dev/null and b/authserver/authd/gaasdata.sqlite differ diff --git a/authserver/lib/authClient.php b/authserver/lib/authClient.php index c5ef6dd..735c8a1 100644 --- a/authserver/lib/authClient.php +++ b/authserver/lib/authClient.php @@ -3,6 +3,32 @@ require_once("lib.php"); class GAAuthClient { + function syncUserToken($username, $tokenone, $tokentwo) { + global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT; + + + if(!msg_queue_exists($MSG_QUEUE_KEY_ID_SERVER)) { + return false; + } + + if(!msg_queue_exists($MSG_QUEUE_KEY_ID_CLIENT)) { + return false; + } + // TODO we need to setup a client queue sem lock here + + $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT); + $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER); + + $message["username"] = $username; + $message["tokenone"] = $tokenone; + $message["tokentwo"] = $tokentwo; + + msg_send($sr_queue, MSG_SYNC_TOKEN, $message, true, true, $msg_err); + + msg_receive($cl_queue, 0, $msg_type, 16384, $msg); + return $msg; + + } function setUserToken($username, $token) { global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT; diff --git a/authserver/lib/lib.php b/authserver/lib/lib.php index 52f09ca..c3ac220 100644 --- a/authserver/lib/lib.php +++ b/authserver/lib/lib.php @@ -16,6 +16,7 @@ define("MSG_GET_USERS", 9); define("MSG_GET_OTK_PNG", 10); define("MSG_GET_OTK_ID", 11); define("MSG_DELETE_USER_TOKEN", 12); +define("MSG_SYNC_TOKEN", 13); // BASE_DIR = $BASE_DIR = realpath(dirname(__FILE__)."/../../"); diff --git a/authserver/usercmd.php b/authserver/usercmd.php index 3c094db..5888c0f 100644 --- a/authserver/usercmd.php +++ b/authserver/usercmd.php @@ -37,10 +37,18 @@ if(!isset($argv[1])) { echo "\tgetusers: getusers - gets a list of users\n"; echo "\tgetotk: getotk - gets the OTKID for a key\n"; echo "\tradauth: radauth - for radius, only returns a code\n"; + echo "\tsynctoken: synctoken - resync's a hotp token based on two token codes\n"; return 0; } switch($argv[1]) { + case "synctoken": + if($myAC->syncUserToken($argv[2], $argv[3], $argv[4])) { + echo "Token synced\n"; + } else { + echo "Token not synced\n"; + } + break; case "radauth": if($myAC->authUserToken($argv[2], $argv[3])==1) { syslog(LOG_WARNING, "Got good request for user, ".$argv[2]); diff --git a/lib/ga4php.php b/lib/ga4php.php index 784a918..3870f9c 100644 --- a/lib/ga4php.php +++ b/lib/ga4php.php @@ -154,7 +154,7 @@ abstract class GoogleAuthenticator { $en = $tlid+$this->hotpSkew; for($i=$st; $i<$en; $i++) { $stest = $this->oath_hotp($tkey, $i); - error_log("testing code: $code, $stest, $tkey, $tid"); + //error_log("testing code: $code, $stest, $tkey, $tid"); if($code == $stest) { $tokendata["tokencounter"] = $i; $this->internalPutData($username, $tokendata); @@ -199,7 +199,7 @@ abstract class GoogleAuthenticator { // for keys // $this->dbConnector->query('CREATE TABLE "tokens" ("token_id" INTEGER PRIMARY KEY AUTOINCREMENT,"token_key" TEXT NOT NULL, "token_type" TEXT NOT NULL, "token_lastid" INTEGER NOT NULL)'); - $tokendata = internalGetData($username); + $tokendata = $this->internalGetData($username); // TODO: check return value $ttype = $tokendata["tokentype"];