authserver/authd/authd.php

   1 <?php
   2
   3 // TODO: SO MUCH ERROR CHECKING ITS NOT FUNNY
   4
   5 if(file_exists("config.php")) {
   6         require_once("config.php");
   7 } else {
   8         // config file doesnt exist, we must abort sensibly
   9 }
  10
  11 // get out master library for ga4php
  12 require_once("../lib/lib.php");
  13
  14
  15 //exit(0);
  16 // first we want to fork into the background like all good daemons should
  17 //$pid = pcntl_fork();
  18 $pid = 0;
  19
  20 if($pid == -1) {
  21
  22 } else if($pid) {
  23         // i am the parent, i shall leave
  24         echo "i am a parent, i leave\n";
  25         exit(0);
  26 } else {
  27         global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
  28
  29         $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT, 0666 | 'IPC_CREAT');
  30         $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER, 0666 | 'IPC_CREAT');
  31
  32         $myga = new gaasGA();
  33         global $myga;
  34
  35
  36         while(true) {
  37                 msg_receive($sr_queue, 0, $msg_type, 16384, $msg);
  38                 switch($msg_type) {
  39                         case MSG_AUTH_USER_TOKEN:
  40                                 echo "Call to auth user token\n";
  41                                 // minimal checking, we leav it up to authenticateUser to do the real
  42                                 // checking
  43                                 if(!isset($msg["username"])) $msg["username"] = "";
  44                                 if(!isset($msg["passcode"])) $msg["passcode"] = "";
  45                                 $username = $msg["username"];
  46                                 $passcode = $msg["passcode"];
  47                                 global $myga;
  48                                 $authval = $myga->authenticateUser($username, $passcode);
  49                                 msg_send($cl_queue, MSG_AUTH_USER_TOKEN, $authval);
  50                                 break;
  51                         case MSG_GET_OTK_ID:
  52                                 if(!isset($msg["username"])) {
  53                                         msg_send($cl_queue, MSG_GET_OTK_ID, false);
  54                                 } else {
  55                                         $username = $msg["username"];
  56                                         $sql = "select users_otk from users where users_username='$username'";
  57                                         $dbo = getDatabase();
  58                                         $res = $dbo->query($sql);
  59                                         $otkid = "";
  60                                         foreach($res as $row) {
  61                                                 $otkid = $row["users_otk"];
  62                                         }
  63
  64                                         if($otkid == "") {
  65                                                 msg_send($cl_queue, MSG_GET_OTK_ID, false);
  66                                         } else {
  67                                                 msg_send($cl_queue, MSG_GET_OTK_ID, $otkid);
  68                                         }
  69                                 }
  70                                 break;
  71                         case MSG_GET_OTK_PNG:
  72                                 if(!isset($msg["otk"])) {
  73                                         msg_send($cl_queue, MSG_GET_OTK_PNG, false);
  74                                 } else {
  75                                         $otk = $msg["otk"];
  76                                         $sql = "select users_username from users where users_otk='$otk'";
  77                                         $dbo = getDatabase();
  78                                         $res = $dbo->query($sql);
  79                                         $username = "";
  80                                         foreach($res as $row) {
  81                                                 $username = $row["users_username"];
  82                                         }
  83
  84                                         if($username == "") {
  85                                                 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
  86                                         } else if($username != $msg["username"]) {
  87                                                 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
  88                                         } else {
  89                                                 $hand = fopen("otks/$otk.png", "rb");
  90                                                 $data = fread($hand, filesize("otks/$otk.png"));
  91                                                 fclose($hand);
  92                                                 //unlink("otks/$otk.png");
  93                                                 //$sql = "update users set users_otk='' where users_username='$username'";
  94                                                 //$dbo->query($sql);
  95                                                 error_log("senting otk, fsize: ".filesize("otks/$otk.png")." $otk ");
  96                                                 msg_send($cl_queue, MSG_GET_OTK_PNG, $data);
  97                                         }
  98                                 }
  99
 100                                 break;
 101                         case MSG_ADD_USER_TOKEN:
 102                                 echo "Call to add user token\n";
 103                                 if(!isset($msg["username"])) {
 104                                         msg_send($cl_queue, MSG_ADD_USER_TOKEN, false);
 105                                 } else {
 106                                         $username = $msg["username"];
 107                                         $tokentype="HOTP";
 108                                         if(isset($msg["tokentype"])) {
 109                                                 $tokentype="HOTP";
 110                                         }
 111                                         $hexkey = "";
 112                                         if(isset($msg["hexkey"])) {
 113                                                 $hexkey = $msg["hexkey"];
 114                                         }
 115                                         global $myga;
 116                                         $myga->setUser($username, $tokentype, "", $hexkey);
 117
 118                                         $url = $myga->createUrl($username);
 119                                         mkdir("otks");
 120                                         $otk = generateRandomString();
 121                                         system("qrencode -o otks/$otk.png $url");
 122
 123                                         $sql = "update users set users_otk='$otk' where users_username='$username'";
 124                                         $dbo = getDatabase();
 125                                         $res = $dbo->query($sql);
 126
 127                                         msg_send($cl_queue, MSG_ADD_USER_TOKEN, true);
 128                                 }
 129                                 break;
 130                         case MSG_DELETE_USER:
 131                                 echo "Call to del user\n";
 132                                 if(!isset($msg["username"])) {
 133                                         msg_send($cl_queue, MSG_DELETE_USER, false);
 134                                 } else {
 135                                         $username = $msg["username"];
 136                                         global $myga;
 137                                         $sql = "delete from users where users_username='$username'";
 138                                         $dbo = getDatabase();
 139                                         $dbo->query($sql);
 140
 141                                         msg_send($cl_queue, MSG_DELETE_USER, true);
 142                                 }
 143                                 break;
 144                         case MSG_AUTH_USER_PASSWORD:
 145                                 // TODO
 146                                 echo "Call to auth user pass\n";
 147                                 if(!isset($msg["username"])) {
 148                                         msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
 149                                         break;
 150                                 }
 151                                 if(!isset($msg["password"])) {
 152                                         msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
 153                                         break;
 154                                 }
 155
 156                                 $username = $msg["username"];
 157                                 $password = $msg["password"];
 158                                 $sql = "select users_password from users where users_username='$username'";
 159                                 $dbo = getDatabase();
 160                                 $res = $dbo->query($sql);
 161                                 $pass = "";
 162                                 foreach($res as $row) {
 163                                         $pass = $row["users_password"];
 164                                 }
 165
 166                                 // TODO now do auth
 167                                 $ourpass = hash('sha512', $password);
 168                                 echo "ourpass: $ourpass\nourhash: $pass\n";
 169                                 if($ourpass == $pass) {
 170                                         msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, true);
 171
 172                                 } else {
 173                                         msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
 174
 175                                 }
 176
 177                                 break;
 178                         case MSG_SET_USER_PASSWORD:
 179                                 echo "how on earth is that happening Call to set user pass, wtf?\n";
 180                                 // TODO
 181                                 print_r($msg);
 182                                 if(!isset($msg["username"])) {
 183                                         msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
 184                                         echo "in break 1\n";
 185                                         break;
 186                                 }
 187                                 if(!isset($msg["password"])) {
 188                                         msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
 189                                         echo "in break 1\n";
 190                                         break;
 191                                 }
 192
 193                                 $username = $msg["username"];
 194                                 $password = $msg["password"];
 195
 196                                 echo "would set pass for $username, to $password\n";
 197                                 if($password == "") $pass = "";
 198                                 else $pass = hash('sha512', $password);
 199
 200                                 $dbo = getDatabase();
 201                                 echo "in set user pass for $username, $pass\n";
 202                                 $sql = "update users set users_password='$pass' where users_username='$username'";
 203
 204                                 $dbo->query($sql);
 205
 206                                 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
 207
 208
 209                                 // these are irrelavent yet
 210                                 // TODO now set pass
 211                                 break;
 212                         case MSG_SET_USER_REALNAME:
 213                                 echo "Call to set user realname\n";
 214                                 // TODO
 215                                 if(!isset($msg["username"])) {
 216                                         msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
 217                                         break;
 218                                 }
 219                                 if(!isset($msg["realname"])) {
 220                                         msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
 221                                         break;
 222                                 }
 223
 224                                 $username = $msg["username"];
 225                                 $realname = $msg["realname"];
 226                                 $sql = "update users set users_realname='$realname' where users_username='$username'";
 227                                 $dbo = getDatabase();
 228
 229                                 $dbo->query($sql);
 230
 231                                 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
 232
 233                                 // TODO now set real name
 234                                 break;
 235                         case MSG_SET_USER_TOKEN:
 236                                 // TODO
 237                                 echo "Call to set user token\n";
 238                                 if(!isset($msg["username"])) {
 239                                         msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
 240                                         break;
 241                                 }
 242                                 if(!isset($msg["tokenstring"])) {
 243                                         msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
 244                                         break;
 245                                 }
 246
 247                                 global $myga;
 248                                 $username = $msg["username"];
 249                                 $token = $msg["tokenstring"];
 250                                 $return = $myga->setUserKey($username, $token);
 251                                 msg_send($cl_queue, MSG_SET_USER_TOKEN, $return);
 252
 253                                 // TODO now set token
 254                                 break;
 255                         case MSG_SET_USER_TOKEN_TYPE:
 256                                 // TODO
 257                                 echo "Call to set user token type\n";
 258                                 if(!isset($msg["username"])) {
 259                                         msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
 260                                         break;
 261                                 }
 262                                 if(!isset($msg["tokentype"])) {
 263                                         msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
 264                                         break;
 265                                 }
 266
 267                                 $username = $msg["username"];
 268                                 $tokentype = $msg["tokentype"];
 269                                 global $myga;
 270                                 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, $myga->setTokenType($username, $tokentype));
 271
 272                                 // TODO now set token
 273                                 break;
 274                         case MSG_GET_USERS:
 275                                 // TODO this needs to be better
 276                                 $sql = "select * from users";
 277
 278                                 $dbo = getDatabase();
 279                                 $res = $dbo->query($sql);
 280
 281                                 $users = "";
 282                                 $i = 0;
 283                                 foreach($res as $row) {
 284                                         $users[$i]["username"] = $row["users_username"];
 285                                         $users[$i]["realname"] = $row["users_realname"];
 286                                         if($row["users_password"]!="") {
 287                                                 $users[$i]["haspass"] = true;
 288                                         } else {
 289                                                 $users[$i]["haspass"] = false;
 290                                         }
 291                                         echo "user: ".$users[$i]["username"]." has tdata: \"".$row["users_tokendata"]."\"\n";
 292                                         if($row["users_tokendata"]!="") {
 293                                                 $users[$i]["hastoken"] = true;
 294                                         } else {
 295                                                 $users[$i]["hastoken"] = false;
 296                                         }
 297
 298                                         if($row["users_otk"]!="") {
 299                                                 $users[$i]["otk"] = $row["users_otk"];
 300                                         } else {
 301                                                 $users[$i]["otk"] = "";
 302                                         }
 303                                         $i++;
 304                                 }
 305                                 msg_send($cl_queue, MSG_GET_USERS, $users);
 306
 307                                 // TODO now set token
 308                                 break;
 309
 310                 }
 311         }
 312 }
 313
 314 ?>