From 8288d3ccabef50ae2d75fe48cdd60c57d264cbe1 Mon Sep 17 00:00:00 2001 From: paulr Date: Fri, 24 Dec 2010 03:09:50 +1100 Subject: [PATCH] added the tcp code in, but its not running yet --- authserver/authd/authd.php | 443 +++++++++++++++++++++++++++++++++++++++++ authserver/lib/authClient.php | 61 ++++++ authserver/lib/lib.php | 3 + unittests/socketrecv.php | 28 +++ unittests/socketsend.php | 12 + 5 files changed, 547 insertions(+), 0 deletions(-) create mode 100644 unittests/socketrecv.php create mode 100644 unittests/socketsend.php diff --git a/authserver/authd/authd.php b/authserver/authd/authd.php index 912e12b..f5e35e9 100644 --- a/authserver/authd/authd.php +++ b/authserver/authd/authd.php @@ -30,9 +30,452 @@ if($pid == -1) { // a forked process thingy should be fully self contained and capable of dealing // with "problems", i.e. the parent doesnt want to have to clean up children global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT; + global $TCP_PORT_NUMBER; $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT, 0666 | 'IPC_CREAT'); $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER, 0666 | 'IPC_CREAT'); + + // Here goes the tcp equivalent + /* + $res = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); + socket_bind($res, "127.0.0.1", 10056); + socket_listen($res); + + while(true) { + $data_socket = socket_accept($res); + // now i fork + $forked = pcntl_fork(); + + // TODO: DEAL WITH THIS PROPERLY + if($forked == -1) { + echo "Failed to fork\n"; + } else if(!$forked) { + // I am the child, i process the request + // all the shit down below goes in here + $recvd = ""; + $continue = true; + while($continue) { + $size = socket_recv($data_socket, $recvd_a, 1024, 0); + $recvd .= $recvd_a; + if(preg_match("/.*\:EOD$/", $recvd) { + // we have a full string... break out + $continue = false; + break; + } + } + + $myga = new gaasGA(); + + $xps = explode(":", $recvd); + $component = unserialize(base64_decode($xps[1])); + $msg_type = $component["type"]; + $msg = $component["data"]; + + // the switch should now set a $data_returned value that gets bundled up and sent back to the client + // HERES WHERE THE SWITCH GOES + // ****** + switch($msg_type) { + case MSG_GET_RADIUS_CLIENTS: + $sql = "select * from radclients"; + $dbo = getDatabase(); + $res = $dbo->query($sql); + $clients = ""; + $i=0; + foreach($res as $row) { + // $sql = 'CREATE TABLE "radclients" ("rad_id" INTEGER PRIMARY KEY AUTOINCREMENT,"rad_name" TEXT, "rad_ip" TEXT, "rad_secret" TEXT, "rad_desc" TEXT);'; + $clients[$i]["name"] = $row["rad_name"]; + $clients[$i]["ip"] = $row["rad_ip"]; + $clients[$i]["secret"] = $row["rad_secret"]; + $clients[$i]["desc"] = $row["rad_desc"]; + $i++; + } + $data_returned = $clients; + break; + case MSG_REMOVE_RADIUS_CLIENT: + // it should send us a client by rad_name - doesnt work yet + $client = $msg["clientname"]; + $sql = "delete from radclients where rad_name='$client'"; + $dbo = getDatabase(); + $res = $dbo->query($sql); + updateRadius(); + $data_returned = true; + break; + case MSG_ADD_RADIUS_CLIENT: + echo "in addradclient\n"; + $client = $msg["clientname"]; + $clientsecret = $msg["clientsecret"]; + $clientip = $msg["clientip"]; + $clientdesc = $msg["clientdescription"]; + $dbo = getDatabase(); + + // check for existing clients with same name + $sql = "select * from radclients where rad_name='$client'"; + echo "doing select, $sql\n"; + $res = $dbo->query($sql); + if($res->fetchColumn() > 0) { + $data_returned = "name"; + + } else { + // check for existing clients with same ip + $sql = "select * from radclients where rad_ip='$clientip'"; + $res = $dbo->query($sql); + echo "doing select, $sql\n"; + if($res->fetchColumn() > 0) { + $data_returned = "ip"; + + } else { + $sql = "insert into radclients values (NULL, '$client', '$clientip', '$clientsecret', '$clientdesc')"; + $res = $dbo->query($sql); + updateRadius(); + $data_returned = true; + break; + } + } + break; + case MSG_DELETE_USER_TOKEN: + $username = $msg["username"]; + + $sql = "select users_otk from users where users_username='$username'"; + $dbo = getDatabase(); + $res = $dbo->query($sql); + $otkid = ""; + foreach($res as $row) { + $otkid = $row["users_otk"]; + } + if($otkid!="") { + global $BASE_DIR; + unlink("$BASE_DIR/authserver/authd/otks/$otkid.png"); + } + + $sql = "update users set users_tokendata='',users_otk='' where users_username='$username'"; + $dbo = getDatabase(); + $res = $dbo->query($sql); + + $data_returned = true; + break; + case MSG_AUTH_USER_TOKEN: + echo "Call to auth user token\n"; + // minimal checking, we leav it up to authenticateUser to do the real + // checking + if(!isset($msg["username"])) $msg["username"] = ""; + if(!isset($msg["passcode"])) $msg["passcode"] = ""; + $username = $msg["username"]; + $passcode = $msg["passcode"]; + global $myga; + $authval = $myga->authenticateUser($username, $passcode); + $data_returned = $authval; + break; + case MSG_GET_OTK_ID: + if(!isset($msg["username"])) { + msg_send($cl_queue, MSG_GET_OTK_ID, false); + } else { + $username = $msg["username"]; + $sql = "select users_otk from users where users_username='$username'"; + $dbo = getDatabase(); + $res = $dbo->query($sql); + $otkid = ""; + foreach($res as $row) { + $otkid = $row["users_otk"]; + } + + if($otkid == "") { + $data_returned = false; + } else { + $data_returned = $otkid; + } + } + break; + case MSG_GET_OTK_PNG: + if(!isset($msg["otk"])) { + msg_send($cl_queue, MSG_GET_OTK_PNG, false); + } else { + $otk = $msg["otk"]; + $sql = "select users_username from users where users_otk='$otk'"; + $dbo = getDatabase(); + $res = $dbo->query($sql); + $username = ""; + foreach($res as $row) { + $username = $row["users_username"]; + } + + if($username == "") { + $data_returned = false; + + } else if($username != $msg["username"]) { + $data_returned = false; + } else { + global $BASE_DIR; + $hand = fopen("$BASE_DIR/authserver/authd/otks/$otk.png", "rb"); + $data = fread($hand, filesize("$BASE_DIR/authserver/authd/otks/$otk.png")); + fclose($hand); + unlink("$BASE_DIR/authserver/authd/otks/$otk.png"); + $sql = "update users set users_otk='' where users_username='$username'"; + $dbo->query($sql); + error_log("senting otk, fsize: ".filesize("$BASE_DIR/authserver/authd/otks/$otk.png")." $otk "); + $data_returned = $data; + } + } + + break; + case MSG_SYNC_TOKEN: + if(!isset($msg["username"])) { + $data_returned = false; + } else { + $tokenone = $msg["tokenone"]; + $tokentwo = $msg["tokentwo"]; + + $data_returned = $myga->resyncCode($msg["username"], $tokenone, $tokentwo); + } + + break; + case MSG_GET_TOKEN_TYPE: + if(!isset($msg["username"])) { + $data_returned = false; + } else { + $data_returned = $myga->getTokenType($msg["username"]); + } + break; + case MSG_ADD_USER_TOKEN: + echo "Call to add user token\n"; + if(!isset($msg["username"])) { + $data_returned = false; + } else { + global $BASE_DIR; + $username = $msg["username"]; + $tokentype="TOTP"; + if(isset($msg["tokentype"])) { + $tokentype=$msg["tokentype"]; + } + $hexkey = ""; + if(isset($msg["hexkey"])) { + $hexkey = $msg["hexkey"]; + } + global $myga; + $myga->setUser($username, $tokentype, "", $hexkey); + + $url = $myga->createUrl($username); + echo "Url was: $url\n"; + if(!file_exists("$BASE_DIR/authserver/authd/otks")) mkdir("$BASE_DIR/authserver/authd/otks"); + $otk = generateRandomString(); + system("qrencode -o $BASE_DIR/authserver/authd/otks/$otk.png '$url'"); + + $sql = "update users set users_otk='$otk' where users_username='$username'"; + $dbo = getDatabase(); + $res = $dbo->query($sql); + + $data_returned = true; + } + break; + case MSG_DELETE_USER: + echo "Call to del user\n"; + if(!isset($msg["username"])) { + $data_returned = false; + } else { + $username = $msg["username"]; + global $myga; + + $sql = "select users_otk from users where users_username='$username'"; + $dbo = getDatabase(); + $res = $dbo->query($sql); + $otkid = ""; + foreach($res as $row) { + $otkid = $row["users_otk"]; + } + if($otkid!="") { + unlink("otks/$otkid.png"); + } + + + $sql = "delete from users where users_username='$username'"; + $dbo = getDatabase(); + $dbo->query($sql); + + $data_returned = true; + } + break; + case MSG_AUTH_USER_PASSWORD: + // TODO + echo "Call to auth user pass\n"; + if(!isset($msg["username"])) { + $data_returned = false; + break; + } + if(!isset($msg["password"])) { + $data_returned = false; + break; + } + + $username = $msg["username"]; + $password = $msg["password"]; + $sql = "select users_password from users where users_username='$username'"; + $dbo = getDatabase(); + $res = $dbo->query($sql); + $pass = ""; + foreach($res as $row) { + $pass = $row["users_password"]; + } + + // TODO now do auth + $ourpass = hash('sha512', $password); + echo "ourpass: $ourpass\nourhash: $pass\n"; + if($ourpass == $pass) { + $data_returned = true; + + } else { + $data_returned = false; + + } + + break; + case MSG_SET_USER_PASSWORD: + echo "how on earth is that happening Call to set user pass, wtf?\n"; + // TODO + print_r($msg); + if(!isset($msg["username"])) { + $data_returned = false; + echo "in break 1\n"; + break; + } + if(!isset($msg["password"])) { + $data_returned = false; + echo "in break 1\n"; + break; + } + + $username = $msg["username"]; + $password = $msg["password"]; + + echo "would set pass for $username, to $password\n"; + if($password == "") $pass = ""; + else $pass = hash('sha512', $password); + + $dbo = getDatabase(); + echo "in set user pass for $username, $pass\n"; + $sql = "update users set users_password='$pass' where users_username='$username'"; + + $dbo->query($sql); + + $data_returned = true; + + + // these are irrelavent yet + // TODO now set pass + break; + case MSG_SET_USER_REALNAME: + echo "Call to set user realname\n"; + // TODO + if(!isset($msg["username"])) { + $data_returned = false; + break; + } + if(!isset($msg["realname"])) { + $data_returned = false; + break; + } + + $username = $msg["username"]; + $realname = $msg["realname"]; + $sql = "update users set users_realname='$realname' where users_username='$username'"; + $dbo = getDatabase(); + + $dbo->query($sql); + + $data_returned = true; + + // TODO now set real name + break; + case MSG_SET_USER_TOKEN: + // TODO + echo "Call to set user token\n"; + if(!isset($msg["username"])) { + $data_returned = false; + break; + } + if(!isset($msg["tokenstring"])) { + $data_returned = false; + break; + } + + global $myga; + $username = $msg["username"]; + $token = $msg["tokenstring"]; + $return = $myga->setUserKey($username, $token); + $data_returned = $return; + + // TODO now set token + break; + case MSG_SET_USER_TOKEN_TYPE: + // TODO + echo "Call to set user token type\n"; + if(!isset($msg["username"])) { + $data_returned = false; + break; + } + if(!isset($msg["tokentype"])) { + $data_returned = false; + break; + } + + $username = $msg["username"]; + $tokentype = $msg["tokentype"]; + global $myga; + $data_returned = $myga->setTokenType($username, $tokentype); + + // TODO now set token + break; + case MSG_GET_USERS: + // TODO this needs to be better + $sql = "select * from users order by users_username"; + + $dbo = getDatabase(); + $res = $dbo->query($sql); + + $users = ""; + $i = 0; + foreach($res as $row) { + $users[$i]["username"] = $row["users_username"]; + $users[$i]["realname"] = $row["users_realname"]; + if($row["users_password"]!="") { + $users[$i]["haspass"] = true; + } else { + $users[$i]["haspass"] = false; + } + echo "user: ".$users[$i]["username"]." has tdata: \"".$row["users_tokendata"]."\"\n"; + if($row["users_tokendata"]!="") { + $users[$i]["hastoken"] = true; + } else { + $users[$i]["hastoken"] = false; + } + + if($row["users_otk"]!="") { + $users[$i]["otk"] = $row["users_otk"]; + } else { + $users[$i]["otk"] = ""; + } + $i++; + } + $data_returned = $users; + + // TODO now set token + break; + + } + + $d_comp["type"] = $msg_type; + $d_comp["data"] = $data_returned; + + $realdata_returning = "AS:".base64_encode(serialize($d_comp)).":EOD"; + + socket_send($data_socket, $realdata_returning, strlen($realdata_returning), 0); + socket_close($data_socket); + + // now our child exits? + return 0; + } + // otherwise return to the accept loop + } + + */ $myga = new gaasGA(); global $myga; diff --git a/authserver/lib/authClient.php b/authserver/lib/authClient.php index 539ddc1..e43d2cc 100644 --- a/authserver/lib/authClient.php +++ b/authserver/lib/authClient.php @@ -10,6 +10,67 @@ class GAAuthClient { // things we need to add here are: // 1) a way of saying "more data coming" cause getusers wont fit into one message // 2) timeouts and locking + + // io think this function should now "work" more or less as is + function sendReceiveTcp($message_type, $message) { + // yeah... this is totally gunna work + global $TCP_PORT_NUMBER; + + $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); + $res = socket_connect($socket, "127.0.0.1", $TCP_PORT_NUMBER); + if(!$res) { + socket_close($socket); + return false; + } + + $msg["type"] = $message_type; + $msg["data"] = $message; + + $datacomp = base64_encode(serialize($msg)); + $tosend = "AC:$datacomp:EOD"; + + socket_send($socket, $tosend, strlen($tosend)); + + // get up to one meg of data - this is bad... i can feel this function + // hurting alot + // TODO FIX THIS - its garbage code... im not really sure how to handle this really + // we need to read back as AS:data:EOD - i think it now does.. i hope, tho we need + // timeouts now. + $recvd = ""; + $continue = true; + while($continue) { + $size = socket_recv($socket, $recvd_a, 1024, 0); + $recvd .= $recvd_a; + if(preg_match("/.*\:EOD$/", $recvd) { + // we have a full string... break out + $continue = false; + break; + } + } + + + // first check we got something that makes sense + if(preg_match("/^AS:.*:EOD/", $recvd) < 1) { + socket_close($socket); + // we have a problem jim + return false; + } + + $xps = explode(":", $recvd); + + $component = unserialize(base64_decode($xps[1])); + + if($component["type"] != $message_type) { + // we have a problem jim + socket_close($socket); + return false; + } + + socket_close($socket); + + return $component["data"]; + } + function sendReceive($message_type, $message) { global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT; diff --git a/authserver/lib/lib.php b/authserver/lib/lib.php index c938b8e..bbdc186 100644 --- a/authserver/lib/lib.php +++ b/authserver/lib/lib.php @@ -4,6 +4,9 @@ if(!isset($MSG_QUEUE_KEY_ID_SERVER)) $MSG_QUEUE_KEY_ID_SERVER = "189751072"; // if(!isset($MSG_QUEUE_KEY_ID_CLIENT)) $MSG_QUEUE_KEY_ID_CLIENT = "189751073"; // ftok is not ok! global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT; +if(!isset($TCP_PORT_NUMBER)) $TCP_PORT_NUMBER = 21416; +global $TCP_PORT_NUMBER; + define("MSG_AUTH_USER_TOKEN", 1); define("MSG_ADD_USER_TOKEN", 2); define("MSG_DELETE_USER", 3); diff --git a/unittests/socketrecv.php b/unittests/socketrecv.php new file mode 100644 index 0000000..6c96d04 --- /dev/null +++ b/unittests/socketrecv.php @@ -0,0 +1,28 @@ + \ No newline at end of file diff --git a/unittests/socketsend.php b/unittests/socketsend.php new file mode 100644 index 0000000..dbafa38 --- /dev/null +++ b/unittests/socketsend.php @@ -0,0 +1,12 @@ + \ No newline at end of file -- 1.7.0.4