From: paulr <me@pjr.cc>
Date: Fri, 25 Feb 2011 18:40:23 +0000 (+1100)
Subject: added hardware token add/list methods.
X-Git-Url: http://git.pjr.cc/?p=ga4php.git;a=commitdiff_plain;h=780b46793f356e819b52f2577b8701ce0815c20d

added hardware token add/list methods.
---

diff --git a/gaas/gaasd/gaasclient.php b/gaas/gaasd/gaasclient.php
index 8b17bfd..09c7303 100644
--- a/gaas/gaasd/gaasclient.php
+++ b/gaas/gaasd/gaasclient.php
@@ -16,7 +16,10 @@ function usage()
 	echo "\tsetadlogin username password domain\n";
 	echo "\tsetclientgroup groupname - change the group membership requirements for client's with AD\n";
 	echo "\tsetadmingroup groupname - change the group membership requirements for admin's with AD\n";
-	echo "\tprovision username [HOTP|TOTP] [KEY]- provision the user \"username\"\n";
+	echo "\tprovisiontoken username [HOTP|TOTP] [KEY]- provision the user \"username\"\n";
+	echo "\tassign username tokenid - assign a hardware token to a user\n";
+	echo "\taddtoken token_name token_key token_type - adds a hardware token to the DB\n";
+	echo "\tgethwtokens - gets a list of hardware tokens by token_name\n";
 	echo "\tgetusers [admin|client] [part-of-username] [yes] - get user list with admin or client group, part of a username and return only those with tokens (yes)\n";
 	echo "\tdeleteuser username - deletes the key for the specified user\n";
 	echo "\n";
@@ -67,7 +70,24 @@ switch($argv[1]) {
 			echo "Resetting AD admin group details failed\n";
 		}
 		break;
-	case "provision":
+	case "assign":
+		$username = $argv[2];
+		$tokenid = $argv[3];
+		$ret = $myga->MSG_ASSIGN_TOKEN($username, $tokenid);
+		break;
+	case "gethwtokens":
+		$ret = $myga->MSG_GET_HARDWARE();
+		foreach($ret as $tok) {
+			echo "Token, ".$tok["name"]." is of type ".$tok["type"]."\n";
+		}
+		break;
+	case "addtoken":
+		$tokenid = $argv[2];
+		$tokenkey = $argv[3];
+		$tokentype = $argv[4];
+		$ret = $myga->MSG_ADD_HARDWARE($tokenid, $tokenkey, $tokentype);
+		break;
+	case "provisiontoken":
 		$username = $argv[2];
 		$ttype = "";
 		$tkey = "";
diff --git a/gaas/lib/gaasClientMessages.php b/gaas/lib/gaasClientMessages.php
index 6cee61d..8564dd6 100644
--- a/gaas/lib/gaasClientMessages.php
+++ b/gaas/lib/gaasClientMessages.php
@@ -82,6 +82,31 @@ function gaasProvisionUser_clientsend($params)
 	return $msg;
 }
 
+function gaasGetHardwareTokens_clientsend($params)
+{
+	return $params;
+}
+
+// TODO ERROR CHECK
+function gaasAddHardwareToken_clientsend($params)
+{
+	$msg["tokenid"] = $params[0];
+	$msg["tokenkey"] = $params[1];
+	$msg["tokentype"] = $params[2];
+		
+	print_r($msg);
+	return $msg;
+}
+
+// TODO ERROR CHECK
+function gaasAssignToken_clientsend($params)
+{
+	$msg["username"] = $params[0];
+	$msg["tokenid"] = $params[1];
+	
+	return $msg;
+}
+
 function gaasGetUsers_clientsend($params)
 {
 	$msg["havetokens"] = false;
diff --git a/gaas/lib/gaasdLib.php b/gaas/lib/gaasdLib.php
index f854666..6d56e31 100644
--- a/gaas/lib/gaasdLib.php
+++ b/gaas/lib/gaasdLib.php
@@ -113,6 +113,12 @@ function hasToken($username)
 	return true;
 }
 
+function createUserInDB($username, $realname)
+{
+	$db = getDB();
+	
+	$sql = "insert into users values (NULL, '$username', '$realname', '', '$data', '', '1', '')";		
+}
 
 // a funciton to deal with Config Vars
 function confGetVal($varname)
diff --git a/gaas/lib/gaasdMessages.php b/gaas/lib/gaasdMessages.php
index 82a07e1..8e5aff5 100644
--- a/gaas/lib/gaasdMessages.php
+++ b/gaas/lib/gaasdMessages.php
@@ -194,7 +194,14 @@ function gaasProvisionUser_server($msg)
 	if(confGetVal("backend") == "AD") {
 		if(userInGroup($msg["username"], confGetVal("ad.domain"), confGetVal("ad.user"), confGetVal("ad.pass"), confGetVal("ad.clientdef"))) {
 			$myga = new gaasdGA();
-			$myga->setUser($msg["username"], $ttype, "", $tkey);
+			
+			// TODO - figure out how to deal with the token origin - i.e. software/hardware
+			if($msg["origin"] == "hardware") {
+				echo "want a hardware token, but i dont know how to do this yet\n";
+			} else {
+				echo "using software token\n";
+				$myga->setUser($msg["username"], $ttype, "", $tkey);
+			}
 		} else {
 			echo "User not in client group\n";
 		}
@@ -206,6 +213,54 @@ function gaasProvisionUser_server($msg)
 	return true;
 }
 
+// TODO error check/ value check
+function gaasAddHardwareToken_server($msg)
+{
+	$tokenid = $msg["tokenid"];
+	$tokenkey = $msg["tokenkey"];
+	$tokentype = $msg["tokentype"];
+	
+	//"hardwaretokens" ("tok_id" INTEGER PRIMARY KEY AUTOINCREMENT,"tok_name" TEXT, "tok_key" TEXT, "tok_type" TEXT);';
+	print_r($msg);
+	$db = getDB();
+	$sql = "insert into hardwaretokens values (NULL, '$tokenid', '$tokenkey', '$tokentype')";
+	echo "Sql is $sql\n";
+	$ret = $db->query($sql);
+	if($ret) return true;
+	else return false;
+	
+}
+
+
+function gaasGetHardwareTokens_server($msg)
+{
+	$db = getDB();
+	
+	$sql = "select tok_name, tok_type from hardwaretokens";
+	$ret = $db->query($sql);
+	
+	$toks = "";
+	$i = 0;
+	foreach($ret as $row) {
+		$toks[$i]["name"] = $row["tok_name"];
+		$toks[$i]["type"] = $row["tok_type"];
+		$i++;
+	}
+	
+	return $toks;
+}
+
+
+function gaasAssignToken_server($msg)
+{
+	if(!isset($msg["tokenid"])) return false;
+	
+	// now, we check the username is in the client gorup
+	// now we check the token id is valid in the hardware db.
+	
+	// then we assign to the user
+}
+
 function gaasGetUsers_server($msg)
 {
 	$haveTokens = $msg["havetokens"];
diff --git a/gaas/lib/globalLib.php b/gaas/lib/globalLib.php
index db2ef2e..bbfd2fc 100644
--- a/gaas/lib/globalLib.php
+++ b/gaas/lib/globalLib.php
@@ -5,7 +5,7 @@ $BASE_DIR = realpath(dirname(__FILE__)."/../../");
 global $BASE_DIR;
 
 // the tcp port number we use for comms
-$TCP_PORT_NUMBER = 21356;
+$TCP_PORT_NUMBER = 21256;
 global $TCP_PORT_NUMBER;
 
 
@@ -20,6 +20,9 @@ define("MSG_SET_ADMIN_GROUP", 22);
 define("MSG_PROVISION_USER",23);
 define("MSG_GET_USERS", 24);
 define("MSG_DELETE_USER", 25);
+define("MSG_ASSIGN_TOKEN",26);
+define("MSG_ADD_HARDWARE",27);
+define("MSG_GET_HARDWARE",28);
 
 // the gaasd call's $MESSAGE[<MSG>]_server() for the server side
 // and $MESSAGE[<msg>]_client() for the client side 
@@ -28,9 +31,12 @@ $MESSAGES[MSG_INIT_SERVER] = "gaasInitServer";
 $MESSAGES[MSG_SET_AD_LOGIN] = "gaasSetADLogin"; // domain, user, password
 $MESSAGES[MSG_SET_CLIENT_GROUP] = "gaasSetClientGroup"; // groupname
 $MESSAGES[MSG_SET_ADMIN_GROUP] = "gaasSetAdminGroup";
-$MESSAGES[MSG_PROVISION_USER] = "gaasProvisionUser"; // username
+$MESSAGES[MSG_PROVISION_USER] = "gaasProvisionUser"; // username, tokentype, tokenkey, hardware|software
 $MESSAGES[MSG_GET_USERS] = "gaasGetUsers"; // [admin|client], [name pattern], [only with tokens]
 $MESSAGES[MSG_DELETE_USER] = "gaasDeleteUser"; // username
+$MESSAGES[MSG_ASSIGN_TOKEN] = "gaasAssignToken"; // username, tokenid
+$MESSAGES[MSG_ADD_HARDWARE] = "gaasAddHardwareToken"; // username, tokenid
+$MESSAGES[MSG_GET_HARDWARE] = "gaasGetHardwareTokens"; //
 
 global $MESSAGES;