authserver/authd/authd.php

   1 <?php
   2
   3 if(file_exists("config.php")) {
   4         require_once("config.php");
   5 } else {
   6         // config file doesnt exist, we must abort sensibly
   7 }
   8
   9 // get out master library for ga4php
  10 require_once("../lib/lib.php");
  11
  12
  13 //exit(0);
  14 // first we want to fork into the background like all good daemons should
  15 //$pid = pcntl_fork();
  16 $pid = 0;
  17
  18 if($pid == -1) {
  19
  20 } else if($pid) {
  21         // i am the parent, i shall leave
  22         echo "i am a parent, i leave\n";
  23         exit(0);
  24 } else {
  25         global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
  26
  27         $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT, 0666 | 'IPC_CREAT');
  28         $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER, 0666 | 'IPC_CREAT');
  29
  30         $myga = new gaasGA();
  31         global $myga;
  32
  33
  34         print_r($myga);
  35
  36         while(true) {
  37                 msg_receive($sr_queue, 0, $msg_type, 16384, $msg);
  38                 print_r($msg);
  39                 switch($msg_type) {
  40                         case MSG_AUTH_USER_TOKEN:
  41                                 echo "Call to auth user token\n";
  42                                 // minimal checking, we leav it up to authenticateUser to do the real
  43                                 // checking
  44                                 if(!isset($msg["username"])) $msg["username"] = "";
  45                                 if(!isset($msg["passcode"])) $msg["passcode"] = "";
  46                                 $username = $msg["username"];
  47                                 $passcode = $msg["passcode"];
  48                                 global $myga;
  49                                 $authval = $myga->authenticateUser($username, $passcode);
  50                                 msg_send($cl_queue, MSG_AUTH_USER_TOKEN, $authval);
  51                                 break;
  52                         case MSG_ADD_USER_TOKEN:
  53                                 echo "Call to add user token\n";
  54                                 if(!isset($msg["username"])) {
  55                                         msg_send($cl_queue, MSG_ADD_USER_TOKEN, false);
  56                                 } else {
  57                                         $username = $msg["username"];
  58                                         $tokentype="HOTP";
  59                                         if(isset($msg["tokentype"])) {
  60                                                 $tokentype="HOTP";
  61                                         }
  62                                         $hexkey = "";
  63                                         if(isset($msg["hexkey"])) {
  64                                                 $hexkey = $msg["hexkey"];
  65                                         }
  66                                         global $myga;
  67                                         $myga->setUser($username, $tokentype, "", $hexkey);
  68
  69                                         msg_send($cl_queue, MSG_ADD_USER_TOKEN, $myga->createUrl($username));
  70                                 }
  71                                 break;
  72                         case MSG_DELETE_USER:
  73                                 echo "Call to del user\n";
  74                                 if(!isset($msg["username"])) {
  75                                         msg_send($cl_queue, MSG_DELETE_USER, false);
  76                                 } else {
  77                                         $username = $msg["username"];
  78                                         global $myga;
  79                                         $sql = "delete from users where users_username='$username'";
  80                                         $dbo = getDatabase();
  81                                         $dbo->query($sql);
  82
  83                                         msg_send($cl_queue, MSG_DELETE_USER, true);
  84                                 }
  85                                 break;
  86                         case MSG_AUTH_USER_PASSWORD:
  87                                 // TODO
  88                                 echo "Call to auth user pass\n";
  89                                 if(!isset($msg["username"])) {
  90                                         msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
  91                                         break;
  92                                 }
  93                                 if(!isset($msg["password"])) {
  94                                         msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
  95                                         break;
  96                                 }
  97
  98                                 $username = $msg["username"];
  99                                 $password = $msg["password"];
 100                                 $sql = "select users_password from users where users_username='$username'";
 101                                 $dbo = getDatabase();
 102                                 $res = $dbo->query($sql);
 103                                 $pass = "";
 104                                 foreach($res as $row) {
 105                                         $pass = $row["users_password"];
 106                                 }
 107
 108                                 // TODO now do auth
 109                                 $ourpass = hash('sha512', $password);
 110                                 echo "ourpass: $ourpass\nourhash: $pass\n";
 111                                 if($ourpass == $pass) {
 112                                         msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, true);
 113
 114                                 } else {
 115                                         msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
 116
 117                                 }
 118
 119                                 break;
 120                         case MSG_SET_USER_PASSWORD:
 121                                 echo "Call to set user pass\n";
 122                                 // TODO
 123                                 if(!isset($msg["username"])) {
 124                                         msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
 125                                         break;
 126                                 }
 127                                 if(!isset($msg["password"])) {
 128                                         msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
 129                                         break;
 130                                 }
 131
 132                                 $username = $msg["username"];
 133                                 $password = $msg["password"];
 134
 135                                 $pass = hash('sha512', $password);
 136
 137                                 $dbo = getDatabase();
 138                                 $sql = "update users set users_password='$pass' where users_username='$username'";
 139
 140                                 $dbo->query($sql);
 141
 142                                 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
 143
 144
 145                                 // these are irrelavent yet
 146                                 // TODO now set pass
 147                                 break;
 148                         case MSG_SET_USER_REALNAME:
 149                                 echo "Call to set user realname\n";
 150                                 // TODO
 151                                 if(!isset($msg["username"])) {
 152                                         msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
 153                                         break;
 154                                 }
 155                                 if(!isset($msg["realname"])) {
 156                                         msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
 157                                         break;
 158                                 }
 159
 160                                 $username = $msg["username"];
 161                                 $realname = $msg["realname"];
 162                                 $sql = "update users set users_realname='$realname' where users_username='$username'";
 163                                 $dbo = getDatabase();
 164
 165                                 $dbo->query($sql);
 166
 167                                 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
 168
 169                                 // TODO now set real name
 170                                 break;
 171                         case MSG_SET_USER_TOKEN:
 172                                 // TODO
 173                                 echo "Call to set user token\n";
 174                                 if(!isset($msg["username"])) {
 175                                         msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
 176                                         break;
 177                                 }
 178                                 if(!isset($msg["tokenstring"])) {
 179                                         msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
 180                                         break;
 181                                 }
 182
 183                                 global $myga;
 184                                 $username = $msg["username"];
 185                                 $token = $msg["tokenstring"];
 186                                 $return = $myga->setUserKey($username, $token);
 187                                 msg_send($cl_queue, MSG_SET_USER_TOKEN, $return);
 188
 189                                 // TODO now set token
 190                                 break;
 191                         case MSG_SET_USER_TOKEN_TYPE:
 192                                 // TODO
 193                                 echo "Call to set user token type\n";
 194                                 if(!isset($msg["username"])) {
 195                                         msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
 196                                         break;
 197                                 }
 198                                 if(!isset($msg["tokentype"])) {
 199                                         msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
 200                                         break;
 201                                 }
 202
 203                                 $username = $msg["username"];
 204                                 $tokentype = $msg["tokentype"];
 205                                 global $myga;
 206                                 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, $myga->setTokenType($username, $tokentype));
 207
 208                                 // TODO now set token
 209                                 break;
 210                         case MSG_GET_USERS:
 211                                 // TODO this needs to be better
 212                                 $sql = "select * from users";
 213
 214                                 $dbo = getDatabase();
 215                                 $res = $dbo->query($sql);
 216
 217                                 $users = "";
 218                                 $i = 0;
 219                                 foreach($res as $row) {
 220                                         $users[$i]["username"] = $row["users_username"];
 221                                         $users[$i]["realname"] = $row["users_realname"];
 222                                         if($row["users_password"]!="") {
 223                                                 $users[$i]["haspass"] = true;
 224                                         } else {
 225                                                 $users[$i]["haspass"] = false;
 226                                         }
 227                                         echo "user: ".$users[$i]["username"]." has tdata: \"".$row["users_tokendata"]."\"\n";
 228                                         if($row["users_tokendata"]!="") {
 229                                                 $users[$i]["hastoken"] = true;
 230                                         } else {
 231                                                 $users[$i]["hastoken"] = false;
 232                                         }
 233                                         $i++;
 234                                 }
 235                                 msg_send($cl_queue, MSG_GET_USERS, $users);
 236
 237                                 // TODO now set token
 238                                 break;
 239
 240                 }
 241         }
 242 }
 243
 244 ?>