From 590f7600a8319d4ae08c32a32e7713ea6f9e2edb Mon Sep 17 00:00:00 2001
From: paulr <me@pjr.cc>
Date: Tue, 7 Dec 2010 20:35:10 +1100
Subject: [PATCH] added a command for syncing tokens to the auth server

---
 authserver/authd/authd.php       |   11 +++++++++++
 authserver/authd/gaasdata.sqlite |  Bin 0 -> 7168 bytes
 authserver/lib/authClient.php    |   26 ++++++++++++++++++++++++++
 authserver/lib/lib.php           |    1 +
 authserver/usercmd.php           |    8 ++++++++
 lib/ga4php.php                   |    4 ++--
 6 files changed, 48 insertions(+), 2 deletions(-)
 create mode 100644 authserver/authd/gaasdata.sqlite

diff --git a/authserver/authd/authd.php b/authserver/authd/authd.php
index 15416c0..c1e1722 100644
--- a/authserver/authd/authd.php
+++ b/authserver/authd/authd.php
@@ -115,6 +115,17 @@ if($pid == -1) {
 				}
 				
 				break;
+			case MSG_SYNC_TOKEN:
+				if(!isset($msg["username"])) {
+					msg_send($cl_queue, MSG_SYNC_TOKEN, false);
+				} else {
+					$tokenone = $msg["tokenone"];
+					$tokentwo = $msg["tokentwo"];
+					
+					msg_send($cl_queue,MSG_SYNC_TOKEN, $myga->resyncCode($username, $tokenone, $tokentwo));
+				}
+				
+				break;
 			case MSG_ADD_USER_TOKEN:
 				echo "Call to add user token\n";
 				if(!isset($msg["username"])) {
diff --git a/authserver/authd/gaasdata.sqlite b/authserver/authd/gaasdata.sqlite
new file mode 100644
index 0000000000000000000000000000000000000000..4219f4c461c3fdac75b9e5652dbe18e9988624ea
GIT binary patch
literal 7168
zcmeI0%~P8|6u=?aS`W<h;^fNYq+<>XWcj!?)z#7pQ9{%(({XlTQSwC%7&SNTp?_%q
zhMs!qLTsy!hn{k%`-Zph-oCeQ_s8xGL-%k$EvS-Y(=jd-U04xBQFx~)f*|~4TFPst
zD@?_EWw%O7`=3N+QMKB4L4vH|!U-&wz(MVGeQQhX7nqD_elcSE{WPZ+mvj<6HKlDI
zwF9IC?f3ggc@n!Z!DHHFnVYvC#MOGeF5YF;n3p-7=2cUBl;5a)4P|5TaGJ&q#qk2P
zhkWJ0cigt$S3aS>((VNv$7883@`C1laG6^cY$yRb37X2idrI->8TS{Q=U3U36?ha~
zWJ5ZMae<%svtqdLY%b2`OsLJIHR<<>U+()^W;JO|{Pv(8Gp`?*{BcPHZr_S;g!T11
zS(eLvPDc2gsK8EiLP(^wT9jC<Rc+OzF)(67wTKOX7019PI-yCd5=eom+pWk12DS*X
zEkM-RG%ZM>Z5lKJEt|BAIDv_(YX(jr)+jb&73fI}%*cki1(O655aEbKmT_A&*_34Y
z>u34micb4MrgbL8yfZj6oQXff+R-Ib=nP7qbJa;d4#VTV77otlUJyZd5DwhI?s+)w
zwY+V|jOH0+F@R{rh)jGK?e)@*?i$`smUfZd>n&ogU1rC7_B1?(03WNPD0NI6WOH|?
ztb=a;j4}3RF^dULoV2424Y!&H0)P8=^H8&I@QI(1ZdJeR3%UqhFXnv6)^Rki^4UDf
zy3B8v=U<e52<+m*32*{0fxwz5)y3-Lr1=t-%h$*WZ~~kFC%_4C0?!hVnD-UaRi@>?
UJ}#U9C%_4C0-OLR@E;TS1w5GQXaE2J

literal 0
HcmV?d00001

diff --git a/authserver/lib/authClient.php b/authserver/lib/authClient.php
index c5ef6dd..735c8a1 100644
--- a/authserver/lib/authClient.php
+++ b/authserver/lib/authClient.php
@@ -3,6 +3,32 @@
 require_once("lib.php");
 
 class GAAuthClient {
+	function syncUserToken($username, $tokenone, $tokentwo) {
+		global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
+		
+		
+		if(!msg_queue_exists($MSG_QUEUE_KEY_ID_SERVER)) {
+			return false;
+		}
+
+		if(!msg_queue_exists($MSG_QUEUE_KEY_ID_CLIENT)) {
+			return false;
+		}
+		// TODO we need to setup a client queue sem lock here
+		
+		$cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT);
+		$sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER);
+		
+		$message["username"] = $username;
+		$message["tokenone"] = $tokenone;
+		$message["tokentwo"] = $tokentwo;
+
+		msg_send($sr_queue, MSG_SYNC_TOKEN, $message, true, true, $msg_err);
+		
+		msg_receive($cl_queue, 0, $msg_type, 16384, $msg);
+		return $msg;		
+		
+	}
 	
 	function setUserToken($username, $token) {
 		global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
diff --git a/authserver/lib/lib.php b/authserver/lib/lib.php
index 52f09ca..c3ac220 100644
--- a/authserver/lib/lib.php
+++ b/authserver/lib/lib.php
@@ -16,6 +16,7 @@ define("MSG_GET_USERS", 9);
 define("MSG_GET_OTK_PNG", 10);
 define("MSG_GET_OTK_ID", 11);
 define("MSG_DELETE_USER_TOKEN", 12);
+define("MSG_SYNC_TOKEN", 13);
 
 // BASE_DIR = 
 $BASE_DIR = realpath(dirname(__FILE__)."/../../");
diff --git a/authserver/usercmd.php b/authserver/usercmd.php
index 3c094db..5888c0f 100644
--- a/authserver/usercmd.php
+++ b/authserver/usercmd.php
@@ -37,10 +37,18 @@ if(!isset($argv[1])) {
 	echo "\tgetusers: getusers - gets a list of users\n";
 	echo "\tgetotk: getotk <username> - gets the OTKID for a key\n";
 	echo "\tradauth: radauth <username> <pin> - for radius, only returns a code\n";
+	echo "\tsynctoken: synctoken <username> <tokenone> <tokentwo> - resync's a hotp token based on two token codes\n";
 	return 0;	
 }
 
 switch($argv[1]) {
+	case "synctoken":
+		if($myAC->syncUserToken($argv[2], $argv[3], $argv[4])) {
+			echo "Token synced\n";
+		} else {
+			echo "Token not synced\n";
+		}
+		break;
 	case "radauth":
 		if($myAC->authUserToken($argv[2], $argv[3])==1) {
 			syslog(LOG_WARNING, "Got good request for user, ".$argv[2]);
diff --git a/lib/ga4php.php b/lib/ga4php.php
index 784a918..3870f9c 100644
--- a/lib/ga4php.php
+++ b/lib/ga4php.php
@@ -154,7 +154,7 @@ abstract class GoogleAuthenticator {
 				$en = $tlid+$this->hotpSkew;
 				for($i=$st; $i<$en; $i++) {
 					$stest = $this->oath_hotp($tkey, $i);
-					error_log("testing code: $code, $stest, $tkey, $tid");
+					//error_log("testing code: $code, $stest, $tkey, $tid");
 					if($code == $stest) {
 						$tokendata["tokencounter"] = $i;
 						$this->internalPutData($username, $tokendata);
@@ -199,7 +199,7 @@ abstract class GoogleAuthenticator {
 		// for keys
 		
 		//		$this->dbConnector->query('CREATE TABLE "tokens" ("token_id" INTEGER PRIMARY KEY AUTOINCREMENT,"token_key" TEXT NOT NULL, "token_type" TEXT NOT NULL, "token_lastid" INTEGER NOT NULL)');
-		$tokendata = internalGetData($username);
+		$tokendata = $this->internalGetData($username);
 		
 		// TODO: check return value
 		$ttype = $tokendata["tokentype"];
-- 
1.7.0.4