From de4ba479608adbde94ddc8f82fc9bf92b8bf7cd7 Mon Sep 17 00:00:00 2001 From: paulr Date: Sun, 27 Feb 2011 04:16:00 +1100 Subject: [PATCH] added some code to deal with username case (made it all lower) added some code to getuser to show token existence --- gaas/gaasd/gaasclient.php | 12 +++++++++--- gaas/lib/gaasClientMessages.php | 13 ++++++++----- gaas/lib/gaasdLib.php | 14 -------------- gaas/lib/gaasdMessages.php | 25 +++++++++++++++---------- gaas/lib/globalLib.php | 8 +++++--- 5 files changed, 37 insertions(+), 35 deletions(-) diff --git a/gaas/gaasd/gaasclient.php b/gaas/gaasd/gaasclient.php index 09c7303..cb57c38 100644 --- a/gaas/gaasd/gaasclient.php +++ b/gaas/gaasd/gaasclient.php @@ -16,7 +16,7 @@ function usage() echo "\tsetadlogin username password domain\n"; echo "\tsetclientgroup groupname - change the group membership requirements for client's with AD\n"; echo "\tsetadmingroup groupname - change the group membership requirements for admin's with AD\n"; - echo "\tprovisiontoken username [HOTP|TOTP] [KEY]- provision the user \"username\"\n"; + echo "\tprovisiontoken username [HOTP|TOTP] [KEY] - provision the user \"username\"\n"; echo "\tassign username tokenid - assign a hardware token to a user\n"; echo "\taddtoken token_name token_key token_type - adds a hardware token to the DB\n"; echo "\tgethwtokens - gets a list of hardware tokens by token_name\n"; @@ -103,8 +103,14 @@ switch($argv[1]) { if(isset($argv[3])) $partof = $argv[3]; if(isset($argv[4])) $onlytokens = $argv[4]; $ret = $myga->MSG_GET_USERS($group, $partof, $onlytokens); - foreach($ret as $user => $real) { - echo "$real ($user)\n"; + foreach($ret as $key => $val) { + $real = $val["realname"]; + $user = $val["username"]; + $hastok = ""; + if($val["hastoken"]) { + $hastok = " * "; + } + echo "$hastok$real ($user)\n"; } break; case "deleteuser": diff --git a/gaas/lib/gaasClientMessages.php b/gaas/lib/gaasClientMessages.php index 8564dd6..5d36230 100644 --- a/gaas/lib/gaasClientMessages.php +++ b/gaas/lib/gaasClientMessages.php @@ -49,7 +49,7 @@ function gaasInitServer_clientrecv($params) function gaasSetADLogin_clientsend($params) { $msg["domain"] = $params[2]; - $msg["user"] = $params[0]; + $msg["user"] = strtolower($params[0]); $msg["pass"] = $params[1]; return $msg; @@ -69,7 +69,7 @@ function gaasSetAdminGroup_clientsend($params) function gaasProvisionUser_clientsend($params) { - $msg["username"] = $params[0]; + $msg["username"] = strtolower($params[0]); $msg["tokentype"] = ""; $msg["tokenkey"] = ""; if(isset($params[1])) { @@ -101,7 +101,7 @@ function gaasAddHardwareToken_clientsend($params) // TODO ERROR CHECK function gaasAssignToken_clientsend($params) { - $msg["username"] = $params[0]; + $msg["username"] = strtolower($params[0]); $msg["tokenid"] = $params[1]; return $msg; @@ -111,11 +111,14 @@ function gaasGetUsers_clientsend($params) { $msg["havetokens"] = false; $msg["userpattern"] = ""; - $msg["group"] = "client"; + $msg["group"] = "all"; if(isset($params[0])) { if($params[0] == "admin") { $msg["group"] = "admin"; } + if($params[0] == "client") { + $msg["group"] = "client"; + } } if(isset($params[1])) { $msg["userpattern"] = $params[1]; @@ -132,7 +135,7 @@ function gaasGetUsers_clientsend($params) function gaasDeleteUser_clientsend($params) { - $msg["username"] = $params[0]; + $msg["username"] = strtolower($params[0]); return $msg; } diff --git a/gaas/lib/gaasdLib.php b/gaas/lib/gaasdLib.php index b54390e..f0f78b0 100644 --- a/gaas/lib/gaasdLib.php +++ b/gaas/lib/gaasdLib.php @@ -99,20 +99,6 @@ function confDelVar($varname) } -function hasToken($username) -{ - $db = getDB(); - - $sql = "select * from users where users_username='$username'"; - $res = $db->query($sql); - if(!$res) return false; - foreach($res as $row) { - print_r($row); - } - - return true; -} - function createUserInDB($username, $realname) { $db = getDB(); diff --git a/gaas/lib/gaasdMessages.php b/gaas/lib/gaasdMessages.php index 82d6d8e..a0b1efa 100644 --- a/gaas/lib/gaasdMessages.php +++ b/gaas/lib/gaasdMessages.php @@ -195,13 +195,8 @@ function gaasProvisionUser_server($msg) if(userInGroup($msg["username"], confGetVal("ad.domain"), confGetVal("ad.user"), confGetVal("ad.pass"), confGetVal("ad.clientdef"))) { $myga = new gaasdGA(); - // TODO - figure out how to deal with the token origin - i.e. software/hardware - if($msg["origin"] == "hardware") { - echo "want a hardware token, but i dont know how to do this yet\n"; - } else { - echo "using software token\n"; - $myga->setUser($msg["username"], $ttype, "", $tkey); - } + echo "using software token\n"; + $myga->setUser($msg["username"], $ttype, "", $tkey); } else { echo "User not in client group\n"; } @@ -307,6 +302,7 @@ function gaasGetUsers_server($msg) $haveTokens = $msg["havetokens"]; $userPatter = $msg["userpattern"]; $group = $msg["group"]; + $myga = new gaasdGA(); if(confGetval("backend") == "AD") { $adgroup = ""; @@ -314,19 +310,28 @@ function gaasGetUsers_server($msg) $adgroup = confGetVal("ad.admindef"); } else { $adgroup = confGetVal("ad.clientdef"); - } + } $addom = confGetVal("ad.domain"); $aduser = confGetVal("ad.user"); $adpass = confGetVal("ad.pass"); //echo "using group $adgroup for $group\n"; $users = getUsersInGroup($addom, $aduser, $adpass, $adgroup); - foreach($users as $user => $real) { - hasToken($user); + foreach($users as $key => $val) { + $user = $val["username"]; + //echo "checking $user for token - "; + if($myga->hasToken($user)) { + $users[$key]["hastoken"] = true; + //echo "yes\n"; + } else { + $users[$key]["hastoken"] = false; + //echo "no\n"; + } } } else { // internal db } + //print_r($users); return $users; } diff --git a/gaas/lib/globalLib.php b/gaas/lib/globalLib.php index 4aea836..79857cf 100644 --- a/gaas/lib/globalLib.php +++ b/gaas/lib/globalLib.php @@ -29,8 +29,8 @@ global $TCP_PORT_NUMBER; * get qrcode * re-create user token * set user pin - * authenticate token - * authenticate pin + * authenticate user by token + * authenticate user by password * */ @@ -232,7 +232,9 @@ function getUsersInGroup($domain, $adlogin, $adpass, $group) $i = 0; foreach($info as $kpot => $lpot) { if(isset($lpot["samaccountname"])) { - $arbi[$lpot["samaccountname"][0]] = $lpot["name"][0]; + $arbi[$i]["realname"] = $lpot["name"][0]; + $arbi[$i]["username"] = strtolower($lpot["samaccountname"][0]); + $i++; } } -- 1.7.0.4