Radius clients

diff --git a/authserver/authd/authd.php b/authserver/authd/authd.php
index 520a39f..df57ed1 100644 (file)
--- a/authserver/authd/authd.php
+++ b/authserver/authd/authd.php
@@ -44,6 +44,7 @@ if($pid == -1) {
                                        $clients[$i]["ip"] = $row["rad_ip"];
                                        $clients[$i]["secret"] = $row["rad_secret"];
                                        $clients[$i]["desc"] = $row["rad_desc"];
+                                       $i++;
                                }
                                msg_send($cl_queue, MSG_GET_RADIUS_CLIENTS, $clients);
                                break;
@@ -62,11 +63,31 @@ if($pid == -1) {
                                $clientsecret = $msg["clientsecret"];
                                $clientip = $msg["clientip"];
                                $clientdesc = $msg["clientdescription"];
-                               $sql = "insert into radclients values (NULL, '$client', '$clientip', '$clientsecret', '$clientdesc')";
                                $dbo = getDatabase();
+                               
+                               // check for existing clients with same name
+                               $sql = "select * from radclients where rad_name='$client'";
+                               echo "doing select, $sql\n";
                                $res = $dbo->query($sql);
-                               updateRadius();
-                               msg_send($cl_queue, MSG_ADD_RADIUS_CLIENT, true);
+                               if($res->fetchColumn() > 0) {
+                                       msg_send($cl_queue, MSG_ADD_RADIUS_CLIENT, "name");
+                                               
+                               } else {
+                                       // check for existing clients with same ip
+                                       $sql = "select * from radclients where rad_ip='$clientip'";
+                                       $res = $dbo->query($sql);
+                                       echo "doing select, $sql\n";
+                                       if($res->fetchColumn() > 0) {
+                                               msg_send($cl_queue, MSG_ADD_RADIUS_CLIENT, "ip");
+                                                               
+                                       } else {
+                                               $sql = "insert into radclients values (NULL, '$client', '$clientip', '$clientsecret', '$clientdesc')";
+                                               $res = $dbo->query($sql);
+                                               updateRadius();
+                                               msg_send($cl_queue, MSG_ADD_RADIUS_CLIENT, true);
+                                               break;
+                                       }
+                               }
                                break;
                        case MSG_DELETE_USER_TOKEN:
                                $username = $msg["username"];

diff --git a/authserver/lib/authClient.php b/authserver/lib/authClient.php
index 9b8480f..dbce3c3 100644 (file)
--- a/authserver/lib/authClient.php
+++ b/authserver/lib/authClient.php
@@ -30,6 +30,54 @@ class GAAuthClient {
                msg_receive($cl_queue, 0, $msg_type, 16384, $msg);
                return $msg;
        }
+
+       function deleteRadiusClient($clientname) {
+               global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
+               
+               
+               if(!msg_queue_exists($MSG_QUEUE_KEY_ID_SERVER)) {
+                       return false;
+               }
+
+               if(!msg_queue_exists($MSG_QUEUE_KEY_ID_CLIENT)) {
+                       return false;
+               }
+               // TODO we need to setup a client queue sem lock here
+               
+               $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT);
+               $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER);
+               
+       
+               $message["clientname"] = $clientname;
+               msg_send($sr_queue, MSG_REMOVE_RADIUS_CLIENT, $message, true, true, $msg_err);
+               
+               msg_receive($cl_queue, 0, $msg_type, 16384, $msg);
+               return $msg;
+       }
+       
+       function getRadiusClients() {
+               global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
+               
+               
+               if(!msg_queue_exists($MSG_QUEUE_KEY_ID_SERVER)) {
+                       return false;
+               }
+
+               if(!msg_queue_exists($MSG_QUEUE_KEY_ID_CLIENT)) {
+                       return false;
+               }
+               // TODO we need to setup a client queue sem lock here
+               
+               $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT);
+               $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER);
+               
+       
+               msg_send($sr_queue, MSG_GET_RADIUS_CLIENTS, "", true, true, $msg_err);
+               
+               msg_receive($cl_queue, 0, $msg_type, 16384, $msg);
+               return $msg;
+       }
+       
        
        function syncUserToken($username, $tokenone, $tokentwo) {
                global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;

diff --git a/authserver/lib/lib.php b/authserver/lib/lib.php
index 0d6ab36..c938b8e 100644 (file)
--- a/authserver/lib/lib.php
+++ b/authserver/lib/lib.php
@@ -23,6 +23,7 @@ define("MSG_REMOVE_RADIUS_CLIENT", 16);
 define("MSG_ADD_RADIUS_CLIENT", 17);
 
 // BASE_DIR = 
+// messy
 $BASE_DIR = realpath(dirname(__FILE__)."/../../");
 global $BASE_DIR;
 
@@ -44,7 +45,9 @@ function generateRandomString()
 function updateRadius()
 {
        // this is hardcoded for now.
+       //$clientfile = "/etc/freeradius/clients.conf";
        $clientfile = "/tmp/clients.conf";
+       $reloadinit = "/etc/init.d/freeradius restart";
        
        $db = getDatabase();
        
@@ -56,10 +59,12 @@ function updateRadius()
                $cname = $row["rad_name"];
                $cip = $row["rad_ip"];
                $csec = $row["rad_secret"];
-               $lines = "client $cname {\nipaddr = $cip\nsecret = $csec\nrequire_message_authenticator = no\n}";
+               $lines = "client $cname {\nipaddr = $cip\nsecret = $csec\nrequire_message_authenticator = no\n}\n\n";
                fwrite($hand, $lines);
        }
        fclose($hand);
+       // not yet
+       //system($reloadinit);
 }
 
 

diff --git a/authserver/usercmd.php b/authserver/usercmd.php
index 3adf835..3525cbe 100644 (file)
--- a/authserver/usercmd.php
+++ b/authserver/usercmd.php
@@ -39,17 +39,35 @@ if(!isset($argv[1])) {
        echo "\tradauth: radauth <username> <pin> - for radius, only returns a code\n";
        echo "\tsynctoken: synctoken <username> <tokenone> <tokentwo> - resync's a hotp token based on two token codes\n";
        echo "\ttokentype: tokentype <username> - gets the token type for a user\n";
-       echo "\taddradclient: addradclient <client_name> <client_ip> <client_secret>\n";
+       echo "\taddradclient: addradclient <client_name> <client_ip> <client_secret> \"<description>\"- adds a radius client\n";
+       echo "\trmradclient: rmradclient <client_name> - removes a radius client with the name <client_name>\n";
+       echo "\tgetradclients: getradclients - returns a list of radius clients\n";
        return 0;       
 }
 
 switch($argv[1]) {
-       case "addradclient":
-               $msg = $myAC->addRadiusClient($argv[2], $argv[3], $argv[4], "");
+       case "rmradclient":
+               $msg = $myAC->deleteRadiusClient($argv[2]);
                if($msg) {
+                       echo "Successfully deleted\n";
+               }
+               break;
+       case "getradclients":
+               $msg = $myAC->getRadiusClients();
+               foreach($msg as $client) {
+                       if($client["desc"]=="") $desc = "no description set";
+                       else $desc = $client["desc"];
+                       echo $client["name"]." is ".$client["ip"].", $desc\n";
+               }
+               break;
+       case "addradclient":
+               $msg = $myAC->addRadiusClient($argv[2], $argv[3], $argv[4], $argv[5]);
+               if($msg === true) {
                        echo "Added successfully\n";
-               } else {
-                       echo "Not added\n";
+               } else if ($msg == "name") {
+                       echo "Client with same name exists already\n";
+               } else if ($msg == "ip") {
+                       echo "Client with same IP already exists\n";
                }
                break;
        case "tokentype":

diff --git a/authserver/www/admin.php b/authserver/www/admin.php
index 7f2c8a3..d277772 100644 (file)
--- a/authserver/www/admin.php
+++ b/authserver/www/admin.php
@@ -84,6 +84,11 @@ Token Type
 <input type="submit" value="Set">
 </form>
 <?php
+} else if(isset($_REQUEST["editclient"])) {
+?>
+this page is for editing radius clients, it doesnt exist yet.. What you need to do is delete the client and re-add it... go <a href="admin.php">back</a>
+</html>
+<?php 
 } else {
 ?>
 <hr><h2>Users</h2>
@@ -132,8 +137,30 @@ if(isset($_REQUEST["action"])) if($_REQUEST["action"] == "getotk") {
 
 ?>
 <hr><h2>Radius Clients</h2>
-Not yet implemented
-
+<table border="1">
+<tr><th>Name</th><th>IP Address</th><th>Description</th><th>Delete</th></tr>
+<?php
+$msg = $myAC->getRadiusClients();
+foreach($msg as $client) {
+       if($client["desc"]=="") $desc = "no description set";
+       else $desc = $client["desc"];
+       $clientname = $client["name"];
+       $clientip = $client["ip"];
+       echo "<tr><td><a href=\"?editclient=$clientname\">$clientname</a></td><td>$clientip</td><td>$desc</td><td><a href=\"?action=deleteradclient&clientname=$clientname\">Delete</a></td></tr>";
+}
+?>
+</table>
+<br>
+<h3>Add a Radius Client</h3>
+<form method="post" action="?action=addradclient">
+<table>
+<tr><td>Client Name</td><td><input type="text" name="clientname"></td></tr>
+<tr><td>Client IP</td><td><input type="text" name="clientip"></td></tr>
+<tr><td>Client Secret</td><td><input type="text" name="clientsecret"></td></tr>
+<tr><td>Client Description</td><td><input type="text" name="clientdesc"></td></tr>
+</table>
+<input type="submit" name="go" value="add">
+</form>
 <hr><a href="?action=logout">Logout</a> <a href="admin.php">Home</a>
 
 <?php 

diff --git a/authserver/www/admin_actions.php b/authserver/www/admin_actions.php
index a3511e2..3be1ae0 100644 (file)
--- a/authserver/www/admin_actions.php
+++ b/authserver/www/admin_actions.php
@@ -10,6 +10,27 @@ else $loggedin = false;
 
 if(isset($_REQUEST["action"])) {
        switch($_REQUEST["action"]) {
+               case "deleteradclient":
+                       $clientname = $_REQUEST["clientname"];
+                       $ret = $myAC->deleteRadiusClient($clientname);
+                       header("Location: ?message=".urlencode("Client Deleted"));
+                       exit(0);
+                       break;
+               case "addradclient":
+                       $clientname = $_REQUEST["clientname"];
+                       $clientip = $_REQUEST["clientip"];
+                       $clientsecret = $_REQUEST["clientsecret"];
+                       $clientdesc = $_REQUEST["clientdesc"];
+                       $ret = $myAC->addRadiusClient($clientname, $clientip, $clientsecret, $clientdesc);
+                       if($ret === true) {
+                               header("Location: ?message=".urlencode("Client Added"));
+                       } else if ($ret == "name") {
+                               header("Location: ?error=".urlencode("Client Name Already Existed"));
+                       } else if ($ret == "ip") {
+                               header("Location: ?error=".urlencode("Client IP Already Existed"));
+                       }
+                       exit(0);
+                       break;
                case "customtoken":
                        $ttype = $_REQUEST["tokentype"];
                        $tkey = $_REQUEST["tokenkey"];