authserver/usercmd.php

   1 <?php
   2 /*
   3  *
   4  *
   5  * This file is designed as a "script" extension to freeradius (or some such tool) for radius authentication.
   6  * Also provided is a simple web interface for managing users in freeradius.
   7  *
   8  * The simple web interface should also provide a mechanism for configuring freeradius itself
   9  *
  10  */
  11
  12 require_once("lib/authClient.php");
  13
  14 $myAC = new GAAuthClient();
  15
  16 /*
  17 define("MSG_AUTH_USER_TOKEN", 1);
  18 define("MSG_ADD_USER_TOKEN", 2);
  19 define("MSG_DELETE_USER", 3);
  20 define("MSG_AUTH_USER_PASSWORD", 4);
  21 define("MSG_SET_USER_PASSWORD", 5);
  22 define("MSG_SET_USER_REALNAME", 6);
  23 define("MSG_SET_USER_TOKEN", 7);
  24 define("MSG_SET_USER_TOKEN_TYPE", 8);
  25
  26  */
  27 if(!isset($argv[1])) {
  28         echo "Usage: ".$argv[0]." command username [args]\n";
  29         echo "\tadd: add <username> - returns token code url\n";
  30         echo "\tauth: auth <username> <passcode> - returns 0/1 for pass/fail\n";
  31         echo "\tdelete: delete <username> - deletes user\n";
  32         echo "\tauthpass: authpass <username> <password> - returns 0/1 for pass/fail\n";
  33         echo "\tsetpass: setpass <username> <password> - sets a password for a user (x to remove pass)\n";
  34         echo "\tsetname: setname <username> <realname> - sets the real name for a user\n";
  35         echo "\tsettoken: settoken <username> <tokenkey> - sets the key (hex) for a token\n";
  36         echo "\tsettype: settype <username> <tokentype> - sets a token type for a user\n";
  37         echo "\tgetusers: getusers - gets a list of users\n";
  38         echo "\tgetotk: getotk <username> - gets the OTKID for a key\n";
  39         echo "\tradauth: radauth <username> <pin> - for radius, only returns a code\n";
  40         echo "\tsynctoken: synctoken <username> <tokenone> <tokentwo> - resync's a hotp token based on two token codes\n";
  41         return 0;
  42 }
  43
  44 switch($argv[1]) {
  45         case "synctoken":
  46                 if($myAC->syncUserToken($argv[2], $argv[3], $argv[4])) {
  47                         echo "Token synced\n";
  48                 } else {
  49                         echo "Token not synced\n";
  50                 }
  51                 break;
  52         case "radauth":
  53                 if($myAC->authUserToken($argv[2], $argv[3])==1) {
  54                         syslog(LOG_WARNING, "Got good request for user, ".$argv[2]);
  55                         exit(0);
  56                 } else {
  57                         syslog(LOG_WARNING, "Got bad request for user, ".$argv[2]);
  58                         exit(255);
  59                 }
  60                 break;
  61         case "getotk":
  62                 $val = $myAC->getOtkID($argv[2]);
  63                 if($val === false) {
  64                         echo "Failure\n";
  65                 } else {
  66                         echo "$val\n";
  67                 }
  68                 break;
  69         case "auth":
  70                 if($myAC->authUserToken($argv[2], $argv[3])==1) {
  71                         echo "Pass!\n";
  72                 } else {
  73                         echo "Fail!\n";
  74                 }
  75                 break;
  76         case "add":
  77                 $return = $myAC->addUser($argv[2]);
  78                 echo "Created user, ".$argv[2]." returned $return\n";
  79                 break;
  80         case "delete":
  81                 $res = $myAC->deleteUser($argv[2]);
  82                 if($res) {
  83                         echo "Deleted\n";
  84                 } else {
  85                         echo "Failure?\n";
  86                 }
  87                 break;
  88         case "authpass":
  89                 $ret = $myAC->authUserPass($argv[2], $argv[3]);
  90                 if($ret) echo "Authenticated\n";
  91                 else echo "Failed\n";
  92                 break;
  93         case "setpass":
  94                 $res = $myAC->setUserPass($argv[2], $argv[3]);
  95                 if($res) echo "Password Set\n";
  96                 else echo "Failure?\n";
  97                 break;
  98         case "setname":
  99                 $ret = $myAC->setUserRealName($argv[2], $argv[3]);
 100                 if($ret) echo "Real Name Set\n";
 101                 else echo "Failure?\n";
 102                 break;
 103         case "settoken":
 104                 $ret = $myAC->setUserToken($argv[2], $argv[3]);
 105                 if($ret) echo "Token Set\n";
 106                 else echo "Failure?\n";
 107                 break;
 108         case "settype":
 109                 $ret = $myAC->setUserTokenType($argv[2], $argv[3]);
 110                 if($ret) echo "Token Type Set\n";
 111                 else echo "Failure?\n";
 112                 break;
 113         case "getusers":
 114                 $users = $myAC->getUsers();
 115                 foreach($users as $user) {
 116                         if($user["realname"] != "") $realname = $user["realname"];
 117                         else $realname = "- Not Set -";
 118
 119                         if($user["haspass"]) $haspass = "Yes";
 120                         else $haspass = "No";
 121
 122                         if($user["hastoken"]) $hastoken = "Yes";
 123                         else $hastoken = "No";
 124
 125                         echo "Username: ".$user["username"]."\n";
 126                         echo "\tReal Name: ".$realname."\n";
 127                         echo "\tHas Password?: ".$haspass."\n";
 128                         echo "\tHas Token?: ".$hastoken."\n\n";
 129                 }
 130                 break;
 131 }
 132 ?>