From 1e9b1b3a5c4dd1f033ae5f3145d7bb7bcd73a4d6 Mon Sep 17 00:00:00 2001
From: paulr <me@pjr.cc>
Date: Mon, 6 Dec 2010 18:31:32 +1100
Subject: [PATCH] added varius components for supporting user website.

---
 authserver/authd/authd.php       |   23 ++++++++++++++++++++++-
 authserver/lib/authClient.php    |   29 +++++++++++++++++++++++++++--
 authserver/lib/lib.php           |    1 +
 authserver/usercmd.php           |   17 +++++++++++------
 authserver/www/admin.php         |   15 ++++++++++++---
 authserver/www/admin_actions.php |   11 ++++++++---
 authserver/www/index.php         |   32 ++++++++++++++++++++++++++++++++
 authserver/www/user_actions.php  |   38 ++++++++++++++++++++++++++++++++++++++
 8 files changed, 151 insertions(+), 15 deletions(-)
 create mode 100644 authserver/www/index.php
 create mode 100644 authserver/www/user_actions.php

diff --git a/authserver/authd/authd.php b/authserver/authd/authd.php
index 3f723e5..67036a7 100644
--- a/authserver/authd/authd.php
+++ b/authserver/authd/authd.php
@@ -48,7 +48,26 @@ if($pid == -1) {
 				$authval = $myga->authenticateUser($username, $passcode);
 				msg_send($cl_queue, MSG_AUTH_USER_TOKEN, $authval);
 				break;
-				
+			case MSG_GET_OTK_ID:
+				if(!isset($msg["username"])) {
+					msg_send($cl_queue, MSG_GET_OTK_ID, false);
+				} else {
+					$username = $msg["username"];
+					$sql = "select users_otk from users where users_username='$username'";
+					$dbo = getDatabase();
+					$res = $dbo->query($sql);
+					$otkid = "";
+					foreach($res as $row) {
+						$otkid = $row["users_otk"];
+					}
+					
+					if($otkid == "") {
+						msg_send($cl_queue, MSG_GET_OTK_ID, false);
+					} else {
+						msg_send($cl_queue, MSG_GET_OTK_ID, $otkid);
+					}
+				}
+				break;
 			case MSG_GET_OTK_PNG:
 				if(!isset($msg["otk"])) {
 					msg_send($cl_queue, MSG_GET_OTK_PNG, false);
@@ -64,6 +83,8 @@ if($pid == -1) {
 					
 					if($username == "") {
 						msg_send($cl_queue, MSG_GET_OTK_PNG, false);
+					} else if($username != $msg["username"]) {
+						msg_send($cl_queue, MSG_GET_OTK_PNG, false);
 					} else {
 						$hand = fopen("otks/$otk.png", "rb");
 						$data = fread($hand, filesize("otks/$otk.png"));
diff --git a/authserver/lib/authClient.php b/authserver/lib/authClient.php
index e1b941f..62419bd 100644
--- a/authserver/lib/authClient.php
+++ b/authserver/lib/authClient.php
@@ -55,7 +55,32 @@ class GAAuthClient {
 		return $msg;
 	}
 	
-	function getOtkPng($otk) {
+	function getOtkID($username) {
+		global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
+		
+		
+		if(!msg_queue_exists($MSG_QUEUE_KEY_ID_SERVER)) {
+			return false;
+		}
+
+		if(!msg_queue_exists($MSG_QUEUE_KEY_ID_CLIENT)) {
+			return false;
+		}
+		// TODO we need to setup a client queue sem lock here
+		
+		$cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT);
+		$sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER);
+
+		$message["username"] = $username;
+		msg_send($sr_queue, MSG_GET_OTK_ID, $message, true, true, $msg_err);
+		
+		msg_receive($cl_queue, 0, $msg_type, 16384, $msg);
+		
+		return $msg;
+		
+	}
+	
+	function getOtkPng($username, $otk) {
 		global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
 		
 		
@@ -72,6 +97,7 @@ class GAAuthClient {
 		$sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER);
 
 		$message["otk"] = $otk;
+		$message["username"] = $username;
 		error_log("sending message, $otk");
 		msg_send($sr_queue, MSG_GET_OTK_PNG, $message, true, true, $msg_err);
 		
@@ -201,7 +227,6 @@ class GAAuthClient {
 		$message["passcode"] = $passcode;
 		
 		msg_send($sr_queue, MSG_AUTH_USER_TOKEN, $message, true, true, $msg_err);
-		echo "message sent\n";
 		
 		msg_receive($cl_queue, 0, $msg_type, 16384, $msg);
 		
diff --git a/authserver/lib/lib.php b/authserver/lib/lib.php
index 9737566..689389a 100644
--- a/authserver/lib/lib.php
+++ b/authserver/lib/lib.php
@@ -14,6 +14,7 @@ define("MSG_SET_USER_TOKEN", 7);
 define("MSG_SET_USER_TOKEN_TYPE", 8);
 define("MSG_GET_USERS", 9);
 define("MSG_GET_OTK_PNG", 10);
+define("MSG_GET_OTK_ID", 11);
 
 if(file_exists("../../lib/ga4php.php")) require_once("../../lib/ga4php.php");
 if(file_exists("../lib/ga4php.php")) require_once("../lib/ga4php.php");
diff --git a/authserver/usercmd.php b/authserver/usercmd.php
index aad5e3a..d19fa54 100644
--- a/authserver/usercmd.php
+++ b/authserver/usercmd.php
@@ -35,20 +35,25 @@ if(!isset($argv[1])) {
 	echo "\tsettoken: settoken <username> <tokenkey> - sets the key (hex) for a token\n";
 	echo "\tsettype: settype <username> <tokentype> - sets a token type for a user\n";
 	echo "\tgetusers: getusers - gets a list of users\n";
-	echo "\tgetotk: getotk <username> - gets the OTK png for a key\n";
+	echo "\tgetotk: getotk <username> - gets the OTKID for a key\n";
+	echo "\tradauth: radauth <username> <pin> - for radius, only returns a code\n";
 	return 0;	
 }
 
 switch($argv[1]) {
+	case "radauth":
+		if($myAC->authUserToken($argv[2], $argv[3])==1) {
+			return 0;
+		} else {
+			return 255;
+		}
+		break;
 	case "getotk":
-		$val = $myAC->getOtkPng($argv[2]);
+		$val = $myAC->getOtkID($argv[2]);
 		if($val === false) {
 			echo "Failure\n";
 		} else {
-			$hand = fopen("val.png", "w");
-			fwrite($hand, $val);
-			fclose($hand);
-			echo "In val.png\n";
+			echo "$val\n";
 		}
 		break;
 	case "auth":
diff --git a/authserver/www/admin.php b/authserver/www/admin.php
index b47978f..e214751 100644
--- a/authserver/www/admin.php
+++ b/authserver/www/admin.php
@@ -11,7 +11,7 @@
  * then user admin would be less disconnected. I.e. if a user was deleted from AD, their token
  * data should disappear with them.
  */
-require_once("actions.php");
+require_once("admin_actions.php");
 
 // the logged in component
 if($loggedin) {
@@ -20,7 +20,7 @@ if($loggedin) {
 Welcome to the Google Authenticator Authentication Server Manager Application<br>
 <hr><h2>Users</h2>
 <table border="1">
-<tr><th>Username</th><th>RealName</th><th>Has Password?</th><th>Has Token?</th><th>OTK</th><th>Update</th><th>Delete</th></tr>
+<tr><th>Username</th><th>RealName</th><th>Has Password?</th><th>Has Token?</th><th>One Time Key</th><th>Update</th><th>Delete</th></tr>
 <?php
 $users = $myAC->getUsers();
 foreach($users as $user) {
@@ -35,7 +35,7 @@ foreach($users as $user) {
 	if($user["hastoken"]) $hastoken = "Yes";
 	else $hastoken = "No";
 	
-	if($user["otk"]!="") $otk = "<a href=\"?action=getotkimg&otk=".$user["otk"]."\">Get</a>";
+	if($user["otk"]!="") $otk = "<a href=\"?action=getotk&username=$username&otk=".$user["otk"]."\">Get</a>";
 	else $otk = "Already Claimed";
 	
 	$delete = "<a href=\"?action=delete&username=$username\">Delete</a>";
@@ -47,6 +47,15 @@ foreach($users as $user) {
 </table><br>
 <form method="post" action="?action=createuser">Create User(s) - Enter a comma seperated list of names: <input type="text" name="username" size="120"> <input type="submit" value="Create"></form>
 
+<?php
+if(isset($_REQUEST["action"])) if($_REQUEST["action"] == "getotk") {
+	$username = $_REQUEST["username"];
+	$otk = $_REQUEST["otk"];
+	echo "<hr>Got One Time Key for user $username, this one-time-key can only be retrieved once, after that it is deleted<br>";
+	echo "<img src=\"?action=getotkimg&username=$username&otk=$otk\" alt=\"one time key error\"><br>";
+} 
+
+?>
 <hr><h2>Radius Clients</h2>
 Not yet implemented
 
diff --git a/authserver/www/admin_actions.php b/authserver/www/admin_actions.php
index d6a224c..bddbc55 100644
--- a/authserver/www/admin_actions.php
+++ b/authserver/www/admin_actions.php
@@ -32,7 +32,12 @@ if(isset($_REQUEST["action"])) {
 			break;
 		case "createuser":
 			$username = $_REQUEST["username"];
-			$myAC->addUser($username);
+			$users = explode(",",$username);
+			foreach($users as $user) {
+				$user = trim($user);
+				error_log("createing, $user\n");
+				if($user != "" && strlen($user)>2) $myAC->addUser($user);
+			}
 			header("Location: admin.php");
 			exit(0);
 			break;
@@ -57,10 +62,10 @@ if(isset($_REQUEST["action"])) {
 			$myAC->setUserPass($username, "");
 			break;
 		case "getotkimg":
-			
 			$otk = $_REQUEST["otk"];
+			$username = $_REQUEST["username"];
 			error_log("requesting otk, $otk");
-			$otk_img = $myAC->getOtkPng($otk);
+			$otk_img = $myAC->getOtkPng($username,$otk);
 			header("Content-type: image/png");
 			echo $otk_img;
 			exit(0);
diff --git a/authserver/www/index.php b/authserver/www/index.php
new file mode 100644
index 0000000..c8824b8
--- /dev/null
+++ b/authserver/www/index.php
@@ -0,0 +1,32 @@
+<?php 
+
+require_once("user_actions.php");
+
+?>
+<html>
+<h1>Welcome to the GAAS User Self Admin Site</h1>
+<?php
+if(isset($_REQUEST["message"])) {
+	echo "<font color=\"red\"><i>Login Failure</i></font>";
+} 
+
+if(!$loggedin) {
+?>
+<form method="post" action="?action=login">
+Username: <input type="text" name="username"><br>
+Token Code: <input type="text" name="tokencode"><br>
+<input type="submit" value="Login">
+</form>
+</html>
+<?php
+	exit(0); 
+} else {
+?>
+
+Hi user
+</html>
+
+<?php 
+}
+?>
+
diff --git a/authserver/www/user_actions.php b/authserver/www/user_actions.php
new file mode 100644
index 0000000..70e281a
--- /dev/null
+++ b/authserver/www/user_actions.php
@@ -0,0 +1,38 @@
+<?php 
+require_once("../lib/authClient.php");
+
+$myAC = new GAAuthClient();
+
+
+$loggedin = false;
+session_start();
+
+if(isset($_SESSION["loggedin"])) if($_SESSION["loggedin"]) {
+	error_log("session exists, poof!");
+	$loggedin = true;
+} else {
+	error_log("no session");
+	$loggedin = false;
+}
+
+if(isset($_REQUEST["action"])) {
+	error_log("action set: ".$_REQUEST["action"]);
+	switch($_REQUEST["action"]) {
+		case "login":
+			error_log("being login");
+			$username = $_REQUEST["username"];
+			$token = $_REQUEST["tokencode"];
+			
+			if($myAC->authUserToken($username, $token)) {
+				
+				$_SESSION["loggedin"] = true;
+				$_SESSION["username"] = $username;
+				header("Location: index.php");
+			} else {
+				error_log("login failed, $username, $token");
+				header("Location: index.php?message=loginfail");
+			}
+			break;
+	}
+}
+?>
\ No newline at end of file
-- 
1.7.0.4