fixed a minor thing with the hotp skew

[ga4php.git] / authserver / authd / authd.php

diff --git a/authserver/authd/authd.php b/authserver/authd/authd.php
index 616eab7..2474b3a 100644 (file)
--- a/authserver/authd/authd.php
+++ b/authserver/authd/authd.php
@@ -22,13 +22,8 @@ if($pid == -1) {
        echo "i am a parent, i leave\n";
        exit(0);
 } else {
-       
-       
-       /// ok, this is just testing stuff... create queue
        global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
        
-       
-       
        $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT, 0666 | 'IPC_CREAT');
        $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER, 0666 | 'IPC_CREAT');
 
@@ -40,30 +35,204 @@ if($pid == -1) {
        
        while(true) {
                msg_receive($sr_queue, 0, $msg_type, 16384, $msg);
-               echo "Got message $msg_type\n";
                print_r($msg);
                switch($msg_type) {
-                       case MSG_AUTH_USER:
-                               echo "got auth message, $msg\n";
-                               $username = $msg["user"];
+                       case MSG_AUTH_USER_TOKEN:
+                               echo "Call to auth user token\n";
+                               // minimal checking, we leav it up to authenticateUser to do the real
+                               // checking
+                               if(!isset($msg["username"])) $msg["username"] = "";
+                               if(!isset($msg["passcode"])) $msg["passcode"] = "";
+                               $username = $msg["username"];
                                $passcode = $msg["passcode"];
                                global $myga;
-                               msg_send($cl_queue, MSG_AUTH_USER, $myga->authenticateUser($username, $passcode));
+                               $authval = $myga->authenticateUser($username, $passcode);
+                               msg_send($cl_queue, MSG_AUTH_USER_TOKEN, $authval);
                                break;
-                       case MSG_ADD_USER:
-                               echo "add user\n";
+                       case MSG_ADD_USER_TOKEN:
+                               echo "Call to add user token\n";
+                               if(!isset($msg["username"])) {
+                                       msg_send($cl_queue, MSG_ADD_USER_TOKEN, false); 
+                               } else {
+                                       $username = $msg["username"];
+                                       $tokentype="HOTP";
+                                       if(isset($msg["tokentype"])) {
+                                               $tokentype="HOTP";
+                                       }
+                                       $hexkey = "";
+                                       if(isset($msg["hexkey"])) {
+                                               $hexkey = $msg["hexkey"];
+                                       }
+                                       global $myga;
+                                       $myga->setUser($username, $tokentype, "", $hexkey);
+                                       
+                                       msg_send($cl_queue, MSG_ADD_USER_TOKEN, $myga->createUrl($username));
+                               }
+                               break;
+                       case MSG_DELETE_USER:
+                               echo "Call to del user\n";
+                               if(!isset($msg["username"])) {
+                                       msg_send($cl_queue, MSG_DELETE_USER, false);    
+                               } else {
+                                       $username = $msg["username"];                           
+                                       global $myga;
+                                       msg_send($cl_queue, MSG_DELETE_USER, $myga->deleteUser($username));
+                               }
+                               break;
+                       case MSG_AUTH_USER_PASSWORD:
+                               // TODO
+                               echo "Call to auth user pass\n";
+                               if(!isset($msg["username"])) {
+                                       msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
+                                       break;
+                               }
+                               if(!isset($msg["password"])) {
+                                       msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
+                                       break;
+                               }
+                               
                                $username = $msg["username"];
+                               $password = $msg["password"];
+                               $sql = "select users_password from users where users_username='$username'";
+                               $dbo = getDatabase();
+                               $res = $dbo->query($sql);
+                               $pass = "";
+                               foreach($res as $row) {
+                                       $pass = $row["users_password"];
+                               }
+                               
+                               // TODO now do auth
+                               $ourpass = hash('sha512', $password);
+                               echo "ourpass: $ourpass\nourhash: $pass\n";
+                               if($ourpass == $pass) {
+                                       msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, true);
+                                       
+                               } else {
+                                       msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
+                                       
+                               }
+                               
+                               break;
+                       case MSG_SET_USER_PASSWORD:
+                               echo "Call to set user pass\n";
+                               // TODO
+                               if(!isset($msg["username"])) {
+                                       msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
+                                       break;
+                               }
+                               if(!isset($msg["password"])) {
+                                       msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
+                                       break;
+                               }
+                               
+                               $username = $msg["username"];
+                               $password = $msg["password"];
+                               
+                               $pass = hash('sha512', $password);
+                               
+                               $dbo = getDatabase();
+                               $sql = "update users set users_password='$pass' where users_username='$username'";
+                               
+                               $dbo->query($sql);
+
+                               msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
+                               
+                               
+                               // these are irrelavent yet
+                               // TODO now set pass
+                               break;
+                       case MSG_SET_USER_REALNAME:
+                               echo "Call to set user realname\n";
+                               // TODO
+                               if(!isset($msg["username"])) {
+                                       msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
+                                       break;
+                               }
+                               if(!isset($msg["realname"])) {
+                                       msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
+                                       break;
+                               }
+                               
+                               $username = $msg["username"];
+                               $realname = $msg["realname"];
+                               $sql = "update users set users_realname='$realname' where users_username='$username'";
+                               $dbo = getDatabase();
+                               
+                               $dbo->query($sql);
+
+                               msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
+                               
+                               // TODO now set real name
+                               break;
+                       case MSG_SET_USER_TOKEN:
+                               // TODO
+                               echo "Call to set user token\n";
+                               if(!isset($msg["username"])) {
+                                       msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
+                                       break;
+                               }
+                               if(!isset($msg["tokenstring"])) {
+                                       msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
+                                       break;
+                               }
+                               
                                global $myga;
-                               msg_send($cl_queue, MSG_ADD_USER, $myga->setUser($username));
+                               $myga->setUserKey($username, $passcode);
+                               msg_send($cl_queue, MSG_SET_USER_TOKEN, $myga->createUrl($username));
+                               
+                               // TODO now set token 
+                               break;                  
+                       case MSG_SET_USER_TOKEN_TYPE:
+                               // TODO
+                               echo "Call to set user token type\n";
+                               if(!isset($msg["username"])) {
+                                       msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
+                                       break;
+                               }
+                               if(!isset($msg["tokentype"])) {
+                                       msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
+                                       break;
+                               }
+                               
+                               $username = $msg["username"];
+                               $tokentype = $msg["tokentype"];
+                               global $myga;
+                               msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, $myga->setTokenType($username, $tokentype));
+                               
+                               // TODO now set token 
                                break;
-                       case MSG_DELETE_USER:
+                       case MSG_GET_USERS:
+                               // TODO this needs to be better
+                               $sql = "select * from users";
+                               
+                               $dbo = getDatabase();
+                               $res = $dbo->query($sql);
+                               
+                               $users = "";
+                               $i = 0;
+                               foreach($res as $row) {
+                                       $users[$i]["username"] = $row["users_username"];
+                                       $users[$i]["realname"] = $row["users_realname"];
+                                       if($row["users_password"]!="") {
+                                               $users[$i]["haspass"] = true;
+                                       } else {
+                                               $users[$i]["haspass"] = false;
+                                       }
+                                       echo "user: ".$users[$i]["username"]." has tdata: \"".$row["users_tokendata"]."\"\n";
+                                       if($row["users_tokendata"]!="") {
+                                               $users[$i]["hastoken"] = true;
+                                       } else {
+                                               $users[$i]["hastoken"] = false;
+                                       }
+                                       $i++; 
+                               }
+                               msg_send($cl_queue, MSG_GET_USERS, $users);
+                               
+                               // TODO now set token 
                                break;
-                       default:
-                               echo "um??\n";
                                
                }               
-               echo "Back to wait\n";
        }       
 }
 
-?>
\ No newline at end of file
+?>