added hardware token add/list methods.

[ga4php.git] / gaas / lib / gaasdMessages.php

diff --git a/gaas/lib/gaasdMessages.php b/gaas/lib/gaasdMessages.php
index a0afbeb..8e5aff5 100644 (file)
--- a/gaas/lib/gaasdMessages.php
+++ b/gaas/lib/gaasdMessages.php
@@ -11,8 +11,21 @@ function gaasStatus_server($messages)
        $return = "init";
        if($initState != false && $backEnd != "") {
                $return = "running";
+               $be = confGetVal("backend");
+               if($be == "AD") {
+                       $dom = confGetVal("ad.domain");
+                       $user = confGetVal("ad.user");
+                       $client = confGetVal("ad.clientdef");
+                       $admin = confGetVal("ad.admindef");
+                       $return .= " - AD integrated to $dom, GAASD Username: $user, Clients Group: $client, Admins Group: $admin";             
+               } else {
+                       $return .= " - internal database";
+               }
+               
        }
        
+       
+       
        return $return;
 }
 
@@ -33,7 +46,7 @@ function gaasInitServer_server($msg)
        // IN expects
        // $m["user"] = "someuser";
        // $m["pass"] = "somepass";
-       echo "initstate is $initState\n";
+       echo "initstate is $initState";
        if($initState) {
                echo "true\n";
        } else {
@@ -63,10 +76,7 @@ function gaasInitServer_server($msg)
                // we should check all servers, but lets just go with 0 for now
                $res =  adTestLogin($addom, $adlogin, $adpass);
                if(!$res) {
-                       echo "AD login test failed\n";
                        return false;
-               } else {
-                       echo "AD login test succeeded\n";
                }
                
                
@@ -78,12 +88,13 @@ function gaasInitServer_server($msg)
                confSetVal("ad.encryptionkey", generateHexString(32));
                confSetVal("ad.clientdef", $adclientdef);
                confSetVal("ad.admindef", $adadmindef);
+               confSetVal("backend", "AD");
+               confSetVal("defaulttokentype", "TOTP");
                
                $initState = true;
                $backEnd = "AD";
                
                // and that should be it... i think cept im in a forked erg.. lets assume it works, need pain i do not.
-               
                return true;
        } else if($msg["backend"] == "IN") {
                // this ones simpler
@@ -126,8 +137,6 @@ function gaasSetADLogin_server($msg)
        $addom = $msg["domain"];
        $adlogin = $msg["user"];
        $adpass = $msg["pass"];
-       $adclientdef = $msg["clientdef"];
-       $adadmindef = $msg["admindef"];
        
        $res = adTestLogin($addmo, $adlogin, $adpass);
        if($res != 0) {
@@ -137,10 +146,154 @@ function gaasSetADLogin_server($msg)
        confSetVal("ad.domain", $addom);
        confSetVal("ad.user", $adlogin);
        confSetVal("ad.pass", $adpass);
-       confSetVal("ad.clientdef", $adclientdef);
-       confSetVal("ad.admindef", $adadmindef);
        
        return true;
        
 }
+
+function gaasSetAdminGroup_server($msg)
+{
+       if(confGetVal("backend") == "AD") {
+               confSetVal("ad.admindef", $msg["admingroup"]);
+       } else return false;
+       
+       return true;
+}
+
+function gaasSetClientGroup_server($msg)
+{
+       if(confGetVal("backend") == "AD") {
+               confSetVal("ad.clientdef", $msg["clientgroup"]);
+       } else return false;
+       
+       return true;
+}
+
+function gaasProvisionUser_server($msg)
+{
+       
+       // function userInGroup($user, $domain, $adlogin, $adpass, $group)
+       echo "in provision user\n";
+       print_r($msg);
+       $dttype = confGetVal("defaulttokentype");
+       if($dttype != "HOTP" && $dttype != "TOTP") {
+               echo "default token type not set, setting to TOTP\n";
+               confSetVal("defaulttokentype", "TOTP");
+               $dttype = "TOTP";
+       }
+       if($msg["tokentype"] == "") {
+               $ttype = confGetVal("defaulttokentype");
+       } else {
+               $ttype = $msg["tokentype"];
+       }
+       if($ttype != "HOTP" && $ttype != "TOTP") {
+               echo "using default token type, $dttype because user entered value of $ttype doesnt make sense\n";
+               $ttype = $dttype;
+       }
+       $tkey = $msg["tokenkey"];
+       if(confGetVal("backend") == "AD") {
+               if(userInGroup($msg["username"], confGetVal("ad.domain"), confGetVal("ad.user"), confGetVal("ad.pass"), confGetVal("ad.clientdef"))) {
+                       $myga = new gaasdGA();
+                       
+                       // TODO - figure out how to deal with the token origin - i.e. software/hardware
+                       if($msg["origin"] == "hardware") {
+                               echo "want a hardware token, but i dont know how to do this yet\n";
+                       } else {
+                               echo "using software token\n";
+                               $myga->setUser($msg["username"], $ttype, "", $tkey);
+                       }
+               } else {
+                       echo "User not in client group\n";
+               }
+       } else {
+               // internal db
+       }
+       
+       
+       return true;
+}
+
+// TODO error check/ value check
+function gaasAddHardwareToken_server($msg)
+{
+       $tokenid = $msg["tokenid"];
+       $tokenkey = $msg["tokenkey"];
+       $tokentype = $msg["tokentype"];
+       
+       //"hardwaretokens" ("tok_id" INTEGER PRIMARY KEY AUTOINCREMENT,"tok_name" TEXT, "tok_key" TEXT, "tok_type" TEXT);';
+       print_r($msg);
+       $db = getDB();
+       $sql = "insert into hardwaretokens values (NULL, '$tokenid', '$tokenkey', '$tokentype')";
+       echo "Sql is $sql\n";
+       $ret = $db->query($sql);
+       if($ret) return true;
+       else return false;
+       
+}
+
+
+function gaasGetHardwareTokens_server($msg)
+{
+       $db = getDB();
+       
+       $sql = "select tok_name, tok_type from hardwaretokens";
+       $ret = $db->query($sql);
+       
+       $toks = "";
+       $i = 0;
+       foreach($ret as $row) {
+               $toks[$i]["name"] = $row["tok_name"];
+               $toks[$i]["type"] = $row["tok_type"];
+               $i++;
+       }
+       
+       return $toks;
+}
+
+
+function gaasAssignToken_server($msg)
+{
+       if(!isset($msg["tokenid"])) return false;
+       
+       // now, we check the username is in the client gorup
+       // now we check the token id is valid in the hardware db.
+       
+       // then we assign to the user
+}
+
+function gaasGetUsers_server($msg)
+{
+       $haveTokens = $msg["havetokens"];
+       $userPatter = $msg["userpattern"];
+       $group = $msg["group"];
+       
+       if(confGetval("backend") == "AD") {
+               $adgroup = "";
+               if($group == "admin") {
+                       $adgroup = confGetVal("ad.admindef");
+               } else {
+                       $adgroup = confGetVal("ad.clientdef");
+               }
+               $addom = confGetVal("ad.domain");
+               $aduser = confGetVal("ad.user");
+               $adpass = confGetVal("ad.pass");
+               //echo "using group $adgroup for $group\n";
+               
+               $users = getUsersInGroup($addom, $aduser, $adpass, $adgroup);
+               foreach($users as $user => $real) {
+                       hasToken($user);
+               }
+       } else {
+               // internal db
+       }
+       return $users;
+}
+
+function gaasDeleteUser_server($msg)
+{
+       $username = $msg["username"];
+       $db = getDB();
+       $db->query($sql = "delete from users where users_username='$username'");
+       
+}
 ?>
\ No newline at end of file