From 590f7600a8319d4ae08c32a32e7713ea6f9e2edb Mon Sep 17 00:00:00 2001 From: paulr Date: Tue, 7 Dec 2010 20:35:10 +1100 Subject: [PATCH] added a command for syncing tokens to the auth server --- authserver/authd/authd.php | 11 +++++++++++ authserver/authd/gaasdata.sqlite | Bin 0 -> 7168 bytes authserver/lib/authClient.php | 26 ++++++++++++++++++++++++++ authserver/lib/lib.php | 1 + authserver/usercmd.php | 8 ++++++++ lib/ga4php.php | 4 ++-- 6 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 authserver/authd/gaasdata.sqlite diff --git a/authserver/authd/authd.php b/authserver/authd/authd.php index 15416c0..c1e1722 100644 --- a/authserver/authd/authd.php +++ b/authserver/authd/authd.php @@ -115,6 +115,17 @@ if($pid == -1) { } break; + case MSG_SYNC_TOKEN: + if(!isset($msg["username"])) { + msg_send($cl_queue, MSG_SYNC_TOKEN, false); + } else { + $tokenone = $msg["tokenone"]; + $tokentwo = $msg["tokentwo"]; + + msg_send($cl_queue,MSG_SYNC_TOKEN, $myga->resyncCode($username, $tokenone, $tokentwo)); + } + + break; case MSG_ADD_USER_TOKEN: echo "Call to add user token\n"; if(!isset($msg["username"])) { diff --git a/authserver/authd/gaasdata.sqlite b/authserver/authd/gaasdata.sqlite new file mode 100644 index 0000000000000000000000000000000000000000..4219f4c461c3fdac75b9e5652dbe18e9988624ea GIT binary patch literal 7168 zcmeI0%~P8|6u=?aS`WXWcj!?)z#7pQ9{%(({XlTQSwC%7&SNTp?_%q zhMs!qLTsy!hn{k%`-Zph-oCeQ_s8xGL-%k$EvS-Y(=jd-U04xBQFx~)f*|~4TFPst zD@?_EWw%O7`=3N+QMKB4L4vH|!U-&wz(MVGeQQhX7nqD_elcSE{WPZ+mvj<6HKlDI zwF9IC?f3ggc@n!Z!DHHFnVYvC#MOGeF5YF;n3p-7=2cUBl;5a)4P|5TaGJ&q#qk2P zhkWJ0cigt$S3aS>((VNv$7883@`C1laG6^cY$yRb37X2idrI->8TS{Q=U3U36?ha~ zWJ5ZMae<%svtqdLY%b2`OsLJIHR<<>U+()^W;JO|{Pv(8Gp`?*{BcPHZr_S;g!T11 zS(eLvPDc2gsK8EiLP(^wT9jCZ5lKJEt|BAIDv_(YX(jr)+jb&73fI}%*cki1(O655aEbKmT_A&*_34Y z>u34micb4MrgbL8yfZj6oQXff+R-Ib=nP7qbJa;d4#VTV77otlUJyZd5DwhI?s+)w zwY+V|jOH0+F@R{rh)jGK?e)@*?i$`smUfZd>n&ogU1rC7_B1?(03WNPD0NI6WOH|? ztb=a;j4}3RF^dULoV2424Y!&H0)P8=^H8&I@QI(1ZdJeR3%UqhFXnv6)^Rki^4UDf zy3B8v=U? UJ}#U9C%_4C0-OLR@E;TS1w5GQXaE2J literal 0 HcmV?d00001 diff --git a/authserver/lib/authClient.php b/authserver/lib/authClient.php index c5ef6dd..735c8a1 100644 --- a/authserver/lib/authClient.php +++ b/authserver/lib/authClient.php @@ -3,6 +3,32 @@ require_once("lib.php"); class GAAuthClient { + function syncUserToken($username, $tokenone, $tokentwo) { + global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT; + + + if(!msg_queue_exists($MSG_QUEUE_KEY_ID_SERVER)) { + return false; + } + + if(!msg_queue_exists($MSG_QUEUE_KEY_ID_CLIENT)) { + return false; + } + // TODO we need to setup a client queue sem lock here + + $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT); + $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER); + + $message["username"] = $username; + $message["tokenone"] = $tokenone; + $message["tokentwo"] = $tokentwo; + + msg_send($sr_queue, MSG_SYNC_TOKEN, $message, true, true, $msg_err); + + msg_receive($cl_queue, 0, $msg_type, 16384, $msg); + return $msg; + + } function setUserToken($username, $token) { global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT; diff --git a/authserver/lib/lib.php b/authserver/lib/lib.php index 52f09ca..c3ac220 100644 --- a/authserver/lib/lib.php +++ b/authserver/lib/lib.php @@ -16,6 +16,7 @@ define("MSG_GET_USERS", 9); define("MSG_GET_OTK_PNG", 10); define("MSG_GET_OTK_ID", 11); define("MSG_DELETE_USER_TOKEN", 12); +define("MSG_SYNC_TOKEN", 13); // BASE_DIR = $BASE_DIR = realpath(dirname(__FILE__)."/../../"); diff --git a/authserver/usercmd.php b/authserver/usercmd.php index 3c094db..5888c0f 100644 --- a/authserver/usercmd.php +++ b/authserver/usercmd.php @@ -37,10 +37,18 @@ if(!isset($argv[1])) { echo "\tgetusers: getusers - gets a list of users\n"; echo "\tgetotk: getotk - gets the OTKID for a key\n"; echo "\tradauth: radauth - for radius, only returns a code\n"; + echo "\tsynctoken: synctoken - resync's a hotp token based on two token codes\n"; return 0; } switch($argv[1]) { + case "synctoken": + if($myAC->syncUserToken($argv[2], $argv[3], $argv[4])) { + echo "Token synced\n"; + } else { + echo "Token not synced\n"; + } + break; case "radauth": if($myAC->authUserToken($argv[2], $argv[3])==1) { syslog(LOG_WARNING, "Got good request for user, ".$argv[2]); diff --git a/lib/ga4php.php b/lib/ga4php.php index 784a918..3870f9c 100644 --- a/lib/ga4php.php +++ b/lib/ga4php.php @@ -154,7 +154,7 @@ abstract class GoogleAuthenticator { $en = $tlid+$this->hotpSkew; for($i=$st; $i<$en; $i++) { $stest = $this->oath_hotp($tkey, $i); - error_log("testing code: $code, $stest, $tkey, $tid"); + //error_log("testing code: $code, $stest, $tkey, $tid"); if($code == $stest) { $tokendata["tokencounter"] = $i; $this->internalPutData($username, $tokendata); @@ -199,7 +199,7 @@ abstract class GoogleAuthenticator { // for keys // $this->dbConnector->query('CREATE TABLE "tokens" ("token_id" INTEGER PRIMARY KEY AUTOINCREMENT,"token_key" TEXT NOT NULL, "token_type" TEXT NOT NULL, "token_lastid" INTEGER NOT NULL)'); - $tokendata = internalGetData($username); + $tokendata = $this->internalGetData($username); // TODO: check return value $ttype = $tokendata["tokentype"]; -- 1.7.0.4