added hardware token add/list methods.

diff --git a/gaas/gaasd/gaasclient.php b/gaas/gaasd/gaasclient.php
index 8b17bfd..09c7303 100644 (file)
--- a/gaas/gaasd/gaasclient.php
+++ b/gaas/gaasd/gaasclient.php
@@ -16,7 +16,10 @@ function usage()
        echo "\tsetadlogin username password domain\n";
        echo "\tsetclientgroup groupname - change the group membership requirements for client's with AD\n";
        echo "\tsetadmingroup groupname - change the group membership requirements for admin's with AD\n";
-       echo "\tprovision username [HOTP|TOTP] [KEY]- provision the user \"username\"\n";
+       echo "\tprovisiontoken username [HOTP|TOTP] [KEY]- provision the user \"username\"\n";
+       echo "\tassign username tokenid - assign a hardware token to a user\n";
+       echo "\taddtoken token_name token_key token_type - adds a hardware token to the DB\n";
+       echo "\tgethwtokens - gets a list of hardware tokens by token_name\n";
        echo "\tgetusers [admin|client] [part-of-username] [yes] - get user list with admin or client group, part of a username and return only those with tokens (yes)\n";
        echo "\tdeleteuser username - deletes the key for the specified user\n";
        echo "\n";
@@ -67,7 +70,24 @@ switch($argv[1]) {
                        echo "Resetting AD admin group details failed\n";
                }
                break;
-       case "provision":
+       case "assign":
+               $username = $argv[2];
+               $tokenid = $argv[3];
+               $ret = $myga->MSG_ASSIGN_TOKEN($username, $tokenid);
+               break;
+       case "gethwtokens":
+               $ret = $myga->MSG_GET_HARDWARE();
+               foreach($ret as $tok) {
+                       echo "Token, ".$tok["name"]." is of type ".$tok["type"]."\n";
+               }
+               break;
+       case "addtoken":
+               $tokenid = $argv[2];
+               $tokenkey = $argv[3];
+               $tokentype = $argv[4];
+               $ret = $myga->MSG_ADD_HARDWARE($tokenid, $tokenkey, $tokentype);
+               break;
+       case "provisiontoken":
                $username = $argv[2];
                $ttype = "";
                $tkey = "";

diff --git a/gaas/lib/gaasClientMessages.php b/gaas/lib/gaasClientMessages.php
index 6cee61d..8564dd6 100644 (file)
--- a/gaas/lib/gaasClientMessages.php
+++ b/gaas/lib/gaasClientMessages.php
@@ -82,6 +82,31 @@ function gaasProvisionUser_clientsend($params)
        return $msg;
 }
 
+function gaasGetHardwareTokens_clientsend($params)
+{
+       return $params;
+}
+
+// TODO ERROR CHECK
+function gaasAddHardwareToken_clientsend($params)
+{
+       $msg["tokenid"] = $params[0];
+       $msg["tokenkey"] = $params[1];
+       $msg["tokentype"] = $params[2];
+               
+       print_r($msg);
+       return $msg;
+}
+
+// TODO ERROR CHECK
+function gaasAssignToken_clientsend($params)
+{
+       $msg["username"] = $params[0];
+       $msg["tokenid"] = $params[1];
+       
+       return $msg;
+}
+
 function gaasGetUsers_clientsend($params)
 {
        $msg["havetokens"] = false;

diff --git a/gaas/lib/gaasdLib.php b/gaas/lib/gaasdLib.php
index f854666..6d56e31 100644 (file)
--- a/gaas/lib/gaasdLib.php
+++ b/gaas/lib/gaasdLib.php
@@ -113,6 +113,12 @@ function hasToken($username)
        return true;
 }
 
+function createUserInDB($username, $realname)
+{
+       $db = getDB();
+       
+       $sql = "insert into users values (NULL, '$username', '$realname', '', '$data', '', '1', '')";           
+}
 
 // a funciton to deal with Config Vars
 function confGetVal($varname)

diff --git a/gaas/lib/gaasdMessages.php b/gaas/lib/gaasdMessages.php
index 82a07e1..8e5aff5 100644 (file)
--- a/gaas/lib/gaasdMessages.php
+++ b/gaas/lib/gaasdMessages.php
@@ -194,7 +194,14 @@ function gaasProvisionUser_server($msg)
        if(confGetVal("backend") == "AD") {
                if(userInGroup($msg["username"], confGetVal("ad.domain"), confGetVal("ad.user"), confGetVal("ad.pass"), confGetVal("ad.clientdef"))) {
                        $myga = new gaasdGA();
-                       $myga->setUser($msg["username"], $ttype, "", $tkey);
+                       
+                       // TODO - figure out how to deal with the token origin - i.e. software/hardware
+                       if($msg["origin"] == "hardware") {
+                               echo "want a hardware token, but i dont know how to do this yet\n";
+                       } else {
+                               echo "using software token\n";
+                               $myga->setUser($msg["username"], $ttype, "", $tkey);
+                       }
                } else {
                        echo "User not in client group\n";
                }
@@ -206,6 +213,54 @@ function gaasProvisionUser_server($msg)
        return true;
 }
 
+// TODO error check/ value check
+function gaasAddHardwareToken_server($msg)
+{
+       $tokenid = $msg["tokenid"];
+       $tokenkey = $msg["tokenkey"];
+       $tokentype = $msg["tokentype"];
+       
+       //"hardwaretokens" ("tok_id" INTEGER PRIMARY KEY AUTOINCREMENT,"tok_name" TEXT, "tok_key" TEXT, "tok_type" TEXT);';
+       print_r($msg);
+       $db = getDB();
+       $sql = "insert into hardwaretokens values (NULL, '$tokenid', '$tokenkey', '$tokentype')";
+       echo "Sql is $sql\n";
+       $ret = $db->query($sql);
+       if($ret) return true;
+       else return false;
+       
+}
+
+
+function gaasGetHardwareTokens_server($msg)
+{
+       $db = getDB();
+       
+       $sql = "select tok_name, tok_type from hardwaretokens";
+       $ret = $db->query($sql);
+       
+       $toks = "";
+       $i = 0;
+       foreach($ret as $row) {
+               $toks[$i]["name"] = $row["tok_name"];
+               $toks[$i]["type"] = $row["tok_type"];
+               $i++;
+       }
+       
+       return $toks;
+}
+
+
+function gaasAssignToken_server($msg)
+{
+       if(!isset($msg["tokenid"])) return false;
+       
+       // now, we check the username is in the client gorup
+       // now we check the token id is valid in the hardware db.
+       
+       // then we assign to the user
+}
+
 function gaasGetUsers_server($msg)
 {
        $haveTokens = $msg["havetokens"];

diff --git a/gaas/lib/globalLib.php b/gaas/lib/globalLib.php
index db2ef2e..bbfd2fc 100644 (file)
--- a/gaas/lib/globalLib.php
+++ b/gaas/lib/globalLib.php
@@ -5,7 +5,7 @@ $BASE_DIR = realpath(dirname(__FILE__)."/../../");
 global $BASE_DIR;
 
 // the tcp port number we use for comms
-$TCP_PORT_NUMBER = 21356;
+$TCP_PORT_NUMBER = 21256;
 global $TCP_PORT_NUMBER;
 
 
@@ -20,6 +20,9 @@ define("MSG_SET_ADMIN_GROUP", 22);
 define("MSG_PROVISION_USER",23);
 define("MSG_GET_USERS", 24);
 define("MSG_DELETE_USER", 25);
+define("MSG_ASSIGN_TOKEN",26);
+define("MSG_ADD_HARDWARE",27);
+define("MSG_GET_HARDWARE",28);
 
 // the gaasd call's $MESSAGE[<MSG>]_server() for the server side
 // and $MESSAGE[<msg>]_client() for the client side 
@@ -28,9 +31,12 @@ $MESSAGES[MSG_INIT_SERVER] = "gaasInitServer";
 $MESSAGES[MSG_SET_AD_LOGIN] = "gaasSetADLogin"; // domain, user, password
 $MESSAGES[MSG_SET_CLIENT_GROUP] = "gaasSetClientGroup"; // groupname
 $MESSAGES[MSG_SET_ADMIN_GROUP] = "gaasSetAdminGroup";
-$MESSAGES[MSG_PROVISION_USER] = "gaasProvisionUser"; // username
+$MESSAGES[MSG_PROVISION_USER] = "gaasProvisionUser"; // username, tokentype, tokenkey, hardware|software
 $MESSAGES[MSG_GET_USERS] = "gaasGetUsers"; // [admin|client], [name pattern], [only with tokens]
 $MESSAGES[MSG_DELETE_USER] = "gaasDeleteUser"; // username
+$MESSAGES[MSG_ASSIGN_TOKEN] = "gaasAssignToken"; // username, tokenid
+$MESSAGES[MSG_ADD_HARDWARE] = "gaasAddHardwareToken"; // username, tokenid
+$MESSAGES[MSG_GET_HARDWARE] = "gaasGetHardwareTokens"; //
 
 global $MESSAGES;