if(userInGroup($msg["username"], confGetVal("ad.domain"), confGetVal("ad.user"), confGetVal("ad.pass"), confGetVal("ad.clientdef"))) {
$myga = new gaasdGA();
- // TODO - figure out how to deal with the token origin - i.e. software/hardware
- if($msg["origin"] == "hardware") {
- echo "want a hardware token, but i dont know how to do this yet\n";
- } else {
- echo "using software token\n";
- $myga->setUser($msg["username"], $ttype, "", $tkey);
- }
+ echo "using software token\n";
+ $myga->setUser($msg["username"], $ttype, "", $tkey);
} else {
echo "User not in client group\n";
}
{
$tokenid = $msg["tokenid"];
$tokenkey = $msg["tokenkey"];
- $tokentype = $msg["tokentype"];
+ $tokentype = strtoupper($msg["tokentype"]);
+ if($tokentype != "HOTP" && $tokentype != "TOTP") {
+ echo "invalid token type from hardware entry\n";
+ return false;
+ }
//"hardwaretokens" ("tok_id" INTEGER PRIMARY KEY AUTOINCREMENT,"tok_name" TEXT, "tok_key" TEXT, "tok_type" TEXT);';
print_r($msg);
$db = getDB();
{
if(!isset($msg["tokenid"])) return false;
+ $tokenid = $msg["tokenid"];
+
// now, we check the username is in the client gorup
- // now we check the token id is valid in the hardware db.
+ if(confGetVal("backend") == "AD") {
+ if(userInGroup($msg["username"], confGetVal("ad.domain"), confGetVal("ad.user"), confGetVal("ad.pass"), confGetVal("ad.clientdef"))) {
+ $myga = new gaasdGA();
+
+ $sql = "select * from hardwaretokens"; // where tok_name='$tokenid'";
+ echo "yes, i am here $sql\n";
+ $db = getDB();
+ $ret = $db->query($sql);
+ $tok_key = "";
+ $tok_type = "";
+ if(!$ret) {
+ echo "got a token assignment for an invalid name\n";
+ print_r($msg);
+ return false;
+ } else {
+ // we have something
+ echo "i am here?\n";
+ foreach($ret as $row) {
+ echo "got a row\n";
+ print_r($row);
+ $tok_key = $row["tok_key"];
+ $tok_type = $row["tok_type"];
+ }
+ }
+
+ if($tok_type == "" || $tok_key == "") {
+ echo "error in token data from hardware token in DB\n";
+ }
+
+ echo "and here too, $tok_type, $tok_key\n";
+ if(!$myga->setUser($msg["username"], $tok_type, "", $tok_key)) {
+ print_r($msg);
+ echo "errror assigning token?\n";
+ }
+ } else return false;
+ }
// then we assign to the user
}
$haveTokens = $msg["havetokens"];
$userPatter = $msg["userpattern"];
$group = $msg["group"];
+ $myga = new gaasdGA();
if(confGetval("backend") == "AD") {
$adgroup = "";
$adgroup = confGetVal("ad.admindef");
} else {
$adgroup = confGetVal("ad.clientdef");
- }
+ }
$addom = confGetVal("ad.domain");
$aduser = confGetVal("ad.user");
$adpass = confGetVal("ad.pass");
//echo "using group $adgroup for $group\n";
$users = getUsersInGroup($addom, $aduser, $adpass, $adgroup);
- foreach($users as $user => $real) {
- hasToken($user);
+ foreach($users as $key => $val) {
+ $user = $val["username"];
+ //echo "checking $user for token - ";
+ if($myga->hasToken($user)) {
+ $users[$key]["hastoken"] = true;
+ //echo "yes\n";
+ } else {
+ $users[$key]["hastoken"] = false;
+ //echo "no\n";
+ }
}
} else {
// internal db
}
+ //print_r($users);
return $users;
}
{
$username = $msg["username"];
$db = getDB();
- $db->query($sql = "delete from users where users_username='$username'");
+ if($db->query("delete from users where users_username='$username'")) {
+ return true;
+ } else return false;
}
?>
\ No newline at end of file