Main RocketGit repo
List of commits:
| Subject | Hash | Author | Date (UTC) |
|---|---|---|---|
| Send errors on sterr instead of stdout for ssh commands | 006772c3e526e6cdbc92a52b452842bf8b46c4eb | Catalin(ux) M. BOIE | 2017-04-29 22:53:25 |
| Added samples config files in the doc folder | 6dad3cb75cba2203fe2f091285a708822192f306 | Catalin(ux) M. BOIE | 2017-04-29 15:12:05 |
| Added sample nginx config file | c7c1a7057ddf6fcca6e02ee63d46777bfa94c8bd | Catalin(ux) M. BOIE | 2017-04-29 14:46:56 |
| Improved error reporting when php-fpm receives chunked encoding | fe158537256add633f02076e8359cd8f2267d54f | Catalin(ux) M. BOIE | 2017-04-29 14:46:18 |
| Get rid of strage rewriting in we server config | 8f845f11e9edfa5291965f570a5c971056416b62 | Catalin(ux) M. BOIE | 2017-04-29 14:43:23 |
| Do not allow anyone to activate the debug (rg_debug). | 0a296ec27e6988e91db8cac50e53345a8bce1c81 | Catalin(ux) M. BOIE | 2017-04-26 20:09:06 |
| Forgot to add diff_too_big file | b6297ed622b8fd1562f6ab05b279290367612b89 | Catalin(ux) M. BOIE | 2017-04-26 20:08:29 |
| Added a functional test for http.postBuffer problem | ff650d024cd5f82f796a225c204e156c9e1213f4 | Catalin(ux) M. BOIE | 2017-04-26 20:07:47 |
| Added a 'Thanks' section | e7c9731dd32fe48befc58bf08044fd5649f523f4 | Catalin(ux) M. BOIE | 2017-04-26 20:06:49 |
| Some big fixes for push over http | 56ebd277c71c50e40af9465cd3867dc885f054b9 | Catalin(ux) M. BOIE | 2017-04-26 20:00:53 |
| Do not recursively set the rights - not needed | a9edce3101ad2450b67a575265827aa69efd5c63 | Catalin(ux) M. BOIE | 2017-04-17 07:16:01 |
| Cosmetic changes | 4bb36da63972e7e152e4e476e84ed55baba02911 | Catalin(ux) M. BOIE | 2017-04-15 09:29:09 |
| Add possibility for admin to limit the git log --patch limit | 1865405c40ebe92aa1bc6fd4569dcbb0e3af476c | Catalin(ux) M. BOIE | 2017-04-15 09:28:46 |
| Silent curl in API functional test | e6808bc97d201fd4944de0ad2982c3090ae4743a | Catalin(ux) M. BOIE | 2017-04-15 06:31:04 |
| Fixed a lot of tests which used time() for different fields and sometime lost the time race | 6a61493189d07110d3c5fdbe34ea0725d5abbd3b | Catalin(ux) M. BOIE | 2017-04-15 06:25:40 |
| Fixed the crash with big diffs by setting a limit | 788e15942d8272685764a25b640eba2c07046437 | Catalin(ux) M. BOIE | 2017-04-15 06:24:30 |
| Allow .well-known folder access | 90519cd03bf64839d1a9fc2497e58bd63d8ce6f3 | Catalin(ux) M. BOIE | 2017-04-12 16:50:16 |
| When an un-auth user is visiting a user page with no repo, do not invite to create a repo | 6904e1eac3f46c281ae6b4757bcaa16d2acc6169 | Catalin(ux) M. BOIE | 2017-03-27 15:23:52 |
| Added a 'push' target in Makefile to not forget to push tags... | 92a9b78e26d8a3e7b466f5aa45678dd2db8d4310 | Catalin(ux) M. BOIE | 2017-03-26 14:29:55 |
| Bump version to 0.67 | 6f1c9a6d7f7d40d65def54e23a3590556a346bb8 | Catalin(ux) M. BOIE | 2017-03-26 09:44:32 |
Commit 006772c3e526e6cdbc92a52b452842bf8b46c4eb
- Send errors on sterr instead of stdout for ssh commands
Author: Catalin(ux) M. BOIE
Author date (UTC): 2017-04-29 22:53
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2017-04-29 22:53
Parent(s): 6dad3cb75cba2203fe2f091285a708822192f306
Signing key:
Tree: 677a5195360e42bd30bd18142473f91ed872f85d
Author: Catalin(ux) M. BOIE
Author date (UTC): 2017-04-29 22:53
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2017-04-29 22:53
Parent(s): 6dad3cb75cba2203fe2f091285a708822192f306
Signing key:
Tree: 677a5195360e42bd30bd18142473f91ed872f85d
| File | Lines added | Lines deleted |
|---|---|---|
| inc/ssh.inc.php | 39 | 34 |
| scripts/remote.php | 6 | 1 |
| tests/ssh.php | 97 | 54 |
| File inc/ssh.inc.php changed (mode: 100644) (index 6c072f4..60f67ef) | |||
| ... | ... | function rg_ssh_repo($db, $uid, $paras) | |
| 56 | 56 | rg_log('ssh_repo: ' . rg_array2string($paras)); | rg_log('ssh_repo: ' . rg_array2string($paras)); |
| 57 | 57 | ||
| 58 | 58 | if (empty($paras)) { | if (empty($paras)) { |
| 59 | echo 'Please specify the repo name.' . "\n"; | ||
| 59 | fwrite(STDERR, 'Please specify the repo name.' . "\n"); | ||
| 60 | 60 | exit(0); | exit(0); |
| 61 | 61 | } | } |
| 62 | 62 | ||
| ... | ... | function rg_ssh_repo($db, $uid, $paras) | |
| 64 | 64 | ||
| 65 | 65 | $ri = rg_repo_info($db, 0, $uid, $repo_name); | $ri = rg_repo_info($db, 0, $uid, $repo_name); |
| 66 | 66 | if ($ri['exists'] != 1) { | if ($ri['exists'] != 1) { |
| 67 | echo 'Error: unknown repo.' . "\n"; | ||
| 67 | fwrite(STDERR, 'Error: unknown repo.' . "\n"); | ||
| 68 | 68 | exit(0); | exit(0); |
| 69 | 69 | } | } |
| 70 | 70 | ||
| ... | ... | function rg_ssh_repo($db, $uid, $paras) | |
| 112 | 112 | . $reason . "\n"; | . $reason . "\n"; |
| 113 | 113 | } | } |
| 114 | 114 | } else { | } else { |
| 115 | echo 'Error: cannot get info about the lock status!' . "\n"; | ||
| 115 | fwrite(STDERR, 'Error: cannot get info about the' | ||
| 116 | . ' lock status!' . "\n"); | ||
| 116 | 117 | } | } |
| 117 | 118 | } | } |
| 118 | 119 | ||
| ... | ... | function rg_ssh_totp_verify_ip($db, $uid, $ip) | |
| 125 | 126 | while (1) { | while (1) { |
| 126 | 127 | $r = rg_totp_verify_ip($db, $uid, $ip); | $r = rg_totp_verify_ip($db, $uid, $ip); |
| 127 | 128 | if ($r['ok'] !== 1) { | if ($r['ok'] !== 1) { |
| 128 | echo 'Error: ' . rg_totp_error() . ".\n"; | ||
| 129 | fwrite(STDERR, 'Error: ' . rg_totp_error() . ".\n"); | ||
| 129 | 130 | break; | break; |
| 130 | 131 | } | } |
| 131 | 132 | ||
| ... | ... | function rg_ssh_totp_verify_ip($db, $uid, $ip) | |
| 135 | 136 | } | } |
| 136 | 137 | ||
| 137 | 138 | if (empty($r['ip_list'])) { | if (empty($r['ip_list'])) { |
| 138 | echo 'Error: ' . rg_totp_error() . ".\n"; | ||
| 139 | fwrite(STDERR, 'Error: ' . rg_totp_error() . ".\n"); | ||
| 139 | 140 | break; | break; |
| 140 | 141 | } | } |
| 141 | 142 | ||
| ... | ... | function rg_ssh_totp($db, $ip, $uid, $paras) | |
| 163 | 164 | ||
| 164 | 165 | $r = rg_totp_enroll($db, $uid, 'SSH', $secret, $ip, 'f'); | $r = rg_totp_enroll($db, $uid, 'SSH', $secret, $ip, 'f'); |
| 165 | 166 | if ($r !== TRUE) { | if ($r !== TRUE) { |
| 166 | echo 'Error: ' . rg_totp_error() . ".\n"; | ||
| 167 | fwrite(STDERR, 'Error: ' . rg_totp_error() . ".\n"); | ||
| 167 | 168 | break; | break; |
| 168 | 169 | } | } |
| 169 | 170 | ||
| ... | ... | function rg_ssh_totp($db, $ip, $uid, $paras) | |
| 180 | 181 | ||
| 181 | 182 | $v = rg_totp_device_verify($db, $uid, $token); | $v = rg_totp_device_verify($db, $uid, $token); |
| 182 | 183 | if ($v['token_valid'] != 1) { | if ($v['token_valid'] != 1) { |
| 183 | echo 'Error: ' . rg_totp_error() . ".\n"; | ||
| 184 | fwrite(STDERR, 'Error: ' . rg_totp_error() . ".\n"); | ||
| 184 | 185 | break; | break; |
| 185 | 186 | } | } |
| 186 | 187 | ||
| ... | ... | function rg_ssh_totp($db, $ip, $uid, $paras) | |
| 211 | 212 | ||
| 212 | 213 | $v = rg_totp_verify_any($db, $uid, $token); | $v = rg_totp_verify_any($db, $uid, $token); |
| 213 | 214 | if ($v['token_valid'] != 1) { | if ($v['token_valid'] != 1) { |
| 214 | echo 'Error: ' . rg_totp_error() . ".\n"; | ||
| 215 | fwrite(STDERR, 'Error: ' . rg_totp_error() . ".\n"); | ||
| 215 | 216 | break; | break; |
| 216 | 217 | } | } |
| 217 | 218 | ||
| ... | ... | function rg_ssh_totp($db, $ip, $uid, $paras) | |
| 220 | 221 | gmdate('d') + $days, gmdate('Y')); | gmdate('d') + $days, gmdate('Y')); |
| 221 | 222 | $r = rg_totp_add_ip($db, $uid, $v['id'], $ip, $expire_ts); | $r = rg_totp_add_ip($db, $uid, $v['id'], $ip, $expire_ts); |
| 222 | 223 | if ($r === FALSE) { | if ($r === FALSE) { |
| 223 | echo 'Error: ' . rg_totp_error() . ".\n"; | ||
| 224 | fwrite(STDERR, 'Error: ' . rg_totp_error() . ".\n"); | ||
| 224 | 225 | break; | break; |
| 225 | 226 | } | } |
| 226 | 227 | ||
| ... | ... | function rg_ssh_totp($db, $ip, $uid, $paras) | |
| 248 | 249 | ||
| 249 | 250 | $v = rg_totp_verify_any($db, $uid, $token); | $v = rg_totp_verify_any($db, $uid, $token); |
| 250 | 251 | if ($v['token_valid'] != 1) { | if ($v['token_valid'] != 1) { |
| 251 | echo 'Error: ' . rg_totp_error() . ".\n"; | ||
| 252 | fwrite(STDERR, 'Error: ' . rg_totp_error() . ".\n"); | ||
| 252 | 253 | break; | break; |
| 253 | 254 | } | } |
| 254 | 255 | ||
| 255 | 256 | $r = rg_totp_unenroll($db, $uid); | $r = rg_totp_unenroll($db, $uid); |
| 256 | 257 | if ($r !== TRUE) { | if ($r !== TRUE) { |
| 257 | echo'Error: ' . rg_totp_error() . ".\n"; | ||
| 258 | fwrite(STDERR< 'Error: ' . rg_totp_error() . ".\n"); | ||
| 258 | 259 | break; | break; |
| 259 | 260 | } | } |
| 260 | 261 | ||
| ... | ... | function rg_ssh_totp($db, $ip, $uid, $paras) | |
| 266 | 267 | ||
| 267 | 268 | $v = rg_totp_device_verify($db, $uid, $token); | $v = rg_totp_device_verify($db, $uid, $token); |
| 268 | 269 | if ($v['token_valid'] != 1) { | if ($v['token_valid'] != 1) { |
| 269 | echo 'Error: ' . rg_totp_error() . ".\n"; | ||
| 270 | fwrite(STDERR, 'Error: ' . rg_totp_error() . ".\n"); | ||
| 270 | 271 | break; | break; |
| 271 | 272 | } | } |
| 272 | 273 | ||
| 273 | 274 | $a = array($v['id'] => ''); | $a = array($v['id'] => ''); |
| 274 | 275 | $r = rg_totp_remove($db, $uid, $a); | $r = rg_totp_remove($db, $uid, $a); |
| 275 | 276 | if ($r !== TRUE) { | if ($r !== TRUE) { |
| 276 | echo 'Error: ' . rg_totp_error() . ".\n"; | ||
| 277 | fwrite(STDERR, 'Error: ' . rg_totp_error() . ".\n"); | ||
| 277 | 278 | break; | break; |
| 278 | 279 | } | } |
| 279 | 280 | ||
| ... | ... | function rg_ssh_totp($db, $ip, $uid, $paras) | |
| 282 | 283 | ||
| 283 | 284 | case 'inval': | case 'inval': |
| 284 | 285 | if (empty($paras)) { | if (empty($paras)) { |
| 285 | echo 'Error: Please specify the IP address or \'all\'.' . "\n"; | ||
| 286 | fwrite(STDERR, 'Error: Please specify the IP address' | ||
| 287 | . ' or \'all\'.' . "\n"); | ||
| 286 | 288 | break; | break; |
| 287 | 289 | } | } |
| 288 | 290 | ||
| ... | ... | function rg_ssh_totp($db, $ip, $uid, $paras) | |
| 293 | 295 | ||
| 294 | 296 | $r = rg_totp_del_ip($db, $uid, $del_ip); | $r = rg_totp_del_ip($db, $uid, $del_ip); |
| 295 | 297 | if ($r['found'] != 1) { | if ($r['found'] != 1) { |
| 296 | echo 'Error: ' . rg_totp_error() . ".\n"; | ||
| 298 | fwrite(STDERR, 'Error: ' . rg_totp_error() . ".\n"); | ||
| 297 | 299 | break; | break; |
| 298 | 300 | } | } |
| 299 | 301 | ||
| ... | ... | function rg_ssh_totp($db, $ip, $uid, $paras) | |
| 301 | 303 | break; | break; |
| 302 | 304 | ||
| 303 | 305 | default: | default: |
| 304 | echo 'Posible TOTP commands:' . "\n"; | ||
| 305 | echo ' enroll <token> - adds a new device in the system' . "\n"; | ||
| 306 | echo ' val [X(w|d|h|m|s)] <token> - adds your IP to the allow list for X time' . "\n"; | ||
| 307 | echo ' the default is 1 hour; X is a number; defauls is \'minutes\';' . "\n"; | ||
| 308 | echo ' w=weeks, d=days, h=hours, m=minutes, and s for seconds' . "\n"; | ||
| 309 | echo ' list-val - lists the already validated IPs' . "\n"; | ||
| 310 | echo ' inval ip|all - invalidates IP address(es)' . "\n"; | ||
| 311 | echo ' remove-device <token> - removes a device from TOTP system' . "\n"; | ||
| 312 | echo ' unenroll <token> - removes all devices and scratch codes from TOTP system' . "\n"; | ||
| 313 | echo "\n"; | ||
| 314 | echo 'Notes:' . "\n"; | ||
| 315 | echo ' - <token> means a code generated by mobile device or a scratch code' . "\n"; | ||
| 306 | fwrite(STDERR, "\n" | ||
| 307 | . 'Posible TOTP commands:' . "\n" | ||
| 308 | . ' enroll <token> - adds a new device in the system' . "\n" | ||
| 309 | . ' val [X(w|d|h|m|s)] <token> - adds your IP to the allow list for X time' . "\n" | ||
| 310 | . ' the default is 1 hour; X is a number; defauls is \'minutes\';' . "\n" | ||
| 311 | . ' w=weeks, d=days, h=hours, m=minutes, and s=seconds' . "\n" | ||
| 312 | . ' list-val - lists the already validated IPs' . "\n" | ||
| 313 | . ' inval ip|all - invalidates IP address(es)' . "\n" | ||
| 314 | . ' remove-device <token> - removes a device from TOTP system' . "\n" | ||
| 315 | . ' unenroll <token> - removes all devices and scratch codes from TOTP system' . "\n" | ||
| 316 | . "\n" | ||
| 317 | . 'Notes:' . "\n" | ||
| 318 | . ' - <token> means a code generated by mobile device or a scratch code' . "\n" | ||
| 319 | ); | ||
| 316 | 320 | break; | break; |
| 317 | 321 | } | } |
| 318 | 322 | ||
| ... | ... | function rg_ssh_dispatch($db, $ip, $uid, $orig_cmd) | |
| 382 | 386 | $r = rg_totp_verify_ip($db, $uid, $ip); | $r = rg_totp_verify_ip($db, $uid, $ip); |
| 383 | 387 | if (($r['ok'] !== 1) | if (($r['ok'] !== 1) |
| 384 | 388 | || ($r['enrolled'] && empty($r['ip_list']))) { | || ($r['enrolled'] && empty($r['ip_list']))) { |
| 385 | echo 'Error: ' . rg_totp_error() . ".\n"; | ||
| 389 | fwrite(STDERR, 'Error: ' . rg_totp_error() . ".\n"); | ||
| 386 | 390 | return TRUE; // = we must exit' | return TRUE; // = we must exit' |
| 387 | 391 | } | } |
| 388 | 392 | break; | break; |
| ... | ... | function rg_ssh_dispatch($db, $ip, $uid, $orig_cmd) | |
| 396 | 400 | case 'totp': rg_ssh_totp($db, $ip, $uid, $paras); return TRUE; | case 'totp': rg_ssh_totp($db, $ip, $uid, $paras); return TRUE; |
| 397 | 401 | case 'api': rg_ssh_api($db, $ip, $uid, $paras); return TRUE; | case 'api': rg_ssh_api($db, $ip, $uid, $paras); return TRUE; |
| 398 | 402 | case '': | case '': |
| 399 | echo "Available commmands:\n" | ||
| 400 | . " status - show some status about the user\n" | ||
| 401 | . " repos - list repos and information about them\n" | ||
| 402 | . " repo - list info about a repo\n" | ||
| 403 | . " totp - two-factor authentication commands\n" | ||
| 404 | . " api - API calls\n"; | ||
| 403 | fwrite(STDERR, "\n" | ||
| 404 | . 'Available commmands:' . "\n" | ||
| 405 | . ' status - show some status about the user' . "\n" | ||
| 406 | . ' repos - list repos and information about them' . "\n" | ||
| 407 | . ' repo - list info about a repo' . "\n" | ||
| 408 | . ' totp - two-factor authentication commands' . "\n" | ||
| 409 | . ' api - API calls' . "\n"); | ||
| 405 | 410 | return TRUE; | return TRUE; |
| 406 | 411 | } | } |
| 407 | 412 | ||
| File scripts/remote.php changed (mode: 100644) (index 6c496a6..7321acb) | |||
| ... | ... | function fatal($str) | |
| 53 | 53 | exit(1); | exit(1); |
| 54 | 54 | } | } |
| 55 | 55 | ||
| 56 | umask(0022); | ||
| 56 | @umask(0022); | ||
| 57 | |||
| 58 | // Without next lines the STDOUT/STDERR are mixed | ||
| 59 | @stream_set_write_buffer(STDOUT, 0); | ||
| 60 | @stream_set_write_buffer(STDERR, 0); | ||
| 61 | |||
| 57 | 62 | ||
| 58 | 63 | rg_log("Start ($rocketgit_version)..."); | rg_log("Start ($rocketgit_version)..."); |
| 59 | 64 | rg_log("_SERVER: " . rg_array2string($_SERVER)); | rg_log("_SERVER: " . rg_array2string($_SERVER)); |
| File tests/ssh.php changed (mode: 100644) (index 6c9518d..ec2a99a) | |||
| ... | ... | rg_log(''); | |
| 44 | 44 | $list = array('', 'status', 'repos', 'repo', 'totp'); | $list = array('', 'status', 'repos', 'repo', 'totp'); |
| 45 | 45 | foreach ($list as $s) { | foreach ($list as $s) { |
| 46 | 46 | rg_log('Connecting for [' . $s . ']'); | rg_log('Connecting for [' . $s . ']'); |
| 47 | $r = shell_exec($cmd . ' ' . $s . ' 2>&1'); | ||
| 48 | if (!strstr($r, "Welcome to RocketGit")) { | ||
| 49 | rg_log('r=' . $r); | ||
| 50 | rg_log("Trying to get the help detected missing welcome!"); | ||
| 47 | $r = rg_exec($cmd . ' ' . $s, '', FALSE, FALSE); | ||
| 48 | if ($r['ok'] != 1) { | ||
| 49 | rg_log_ml('error: ' . $r['stderr']); | ||
| 51 | 50 | exit(1); | exit(1); |
| 52 | 51 | } | } |
| 53 | if (strstr($r, 'Error: .')) { | ||
| 54 | rg_log('r=' . $r); | ||
| 55 | rg_log('Error is empty for \'' . $s . '\'! Not good!'); | ||
| 52 | if (!strstr($r['stderr'], "Welcome to RocketGit")) { | ||
| 53 | rg_log_ml('stderr: ' . $r['stderr']); | ||
| 54 | rg_log("Trying to get the help detected missing welcome!"); | ||
| 56 | 55 | exit(1); | exit(1); |
| 57 | 56 | } | } |
| 58 | 57 | } | } |
| ... | ... | foreach ($list as $s) { | |
| 60 | 59 | $list = array('remove-device', 'unenroll'); | $list = array('remove-device', 'unenroll'); |
| 61 | 60 | foreach ($list as $s) { | foreach ($list as $s) { |
| 62 | 61 | rg_log('Connecting for [totp ' . $s . ']'); | rg_log('Connecting for [totp ' . $s . ']'); |
| 63 | $r = shell_exec($cmd . ' totp ' . $s . ' 2>&1'); | ||
| 64 | if (strstr($r, 'Error: .')) { | ||
| 65 | rg_log('r=' . $r); | ||
| 66 | rg_log('Error is empty for \'' . $s . '\'! Not good!'); | ||
| 62 | $r = rg_exec($cmd . ' totp ' . $s, '', FALSE, FALSE); | ||
| 63 | if ($r['ok'] != 1) { | ||
| 64 | rg_log_ml('error: ' . $r['stderr']); | ||
| 67 | 65 | exit(1); | exit(1); |
| 68 | 66 | } | } |
| 69 | 67 | } | } |
| ... | ... | foreach ($list as $s) { | |
| 71 | 69 | ||
| 72 | 70 | rg_log(''); | rg_log(''); |
| 73 | 71 | rg_log_enter('Testing wrong command'); | rg_log_enter('Testing wrong command'); |
| 74 | $r = shell_exec($cmd . ' wrongcmd ' . ' 2>&1'); | ||
| 75 | if (!strstr($r, "nknown command")) { | ||
| 76 | rg_log('r=' . $r); | ||
| 72 | $r = rg_exec($cmd . ' wrongcmd', '', FALSE, FALSE); | ||
| 73 | if ($r['ok'] != 0) { | ||
| 74 | rg_log_ml('error: ' . $r['stderr']); | ||
| 75 | rg_log('We should receive error code 0 not ' . $r['ok'] . '!'); | ||
| 76 | exit(1); | ||
| 77 | } | ||
| 78 | if (!strstr($r['stderr'], "nknown command")) { | ||
| 79 | rg_log('stderr: ' . $r['stderr']); | ||
| 77 | 80 | rg_log("Wrong answer for a wrong command!"); | rg_log("Wrong answer for a wrong command!"); |
| 78 | 81 | exit(1); | exit(1); |
| 79 | 82 | } | } |
| ... | ... | rg_log_exit(); | |
| 82 | 85 | ||
| 83 | 86 | rg_log(''); | rg_log(''); |
| 84 | 87 | rg_log('Testing enroll procedure'); | rg_log('Testing enroll procedure'); |
| 85 | $r = shell_exec($cmd . ' totp enroll'); | ||
| 86 | $t = explode('enter the following code: ', $r); | ||
| 88 | $r = rg_exec($cmd . ' totp enroll', '', FALSE, FALSE); | ||
| 89 | $t = explode('enter the following code: ', $r['data']); | ||
| 87 | 90 | $t = explode('.', $t[1]); | $t = explode('.', $t[1]); |
| 88 | 91 | $key = trim($t[0]); | $key = trim($t[0]); |
| 89 | 92 | rg_log("key=$key"); | rg_log("key=$key"); |
| 90 | 93 | ||
| 91 | 94 | $tc = intval(time() / 30) - 1; // we try one in the past | $tc = intval(time() / 30) - 1; // we try one in the past |
| 92 | 95 | $token = rg_totp_compute($key, $tc, 6); | $token = rg_totp_compute($key, $tc, 6); |
| 93 | $r = shell_exec($cmd . ' totp enroll ' . $token); | ||
| 94 | if (!strstr($r, 'Success!')) { | ||
| 95 | rg_log('r=' . $r); | ||
| 96 | $r = rg_exec($cmd . ' totp enroll ' . $token, '', FALSE, FALSE); | ||
| 97 | if ($r['ok'] != 1) { | ||
| 98 | rg_log_ml('error: ' . $r['stderr']); | ||
| 99 | exit(1); | ||
| 100 | } | ||
| 101 | if (!strstr($r['data'], 'Success!')) { | ||
| 102 | rg_log('data: ' . $r['data']); | ||
| 96 | 103 | rg_log('Cannot enroll!'); | rg_log('Cannot enroll!'); |
| 97 | 104 | exit(1); | exit(1); |
| 98 | 105 | } | } |
| ... | ... | rg_log(''); | |
| 102 | 109 | rg_log('Testing \'val\' command'); | rg_log('Testing \'val\' command'); |
| 103 | 110 | $tc = intval(time() / 30); | $tc = intval(time() / 30); |
| 104 | 111 | $token = rg_totp_compute($key, $tc, 6); | $token = rg_totp_compute($key, $tc, 6); |
| 105 | $r = shell_exec($cmd . ' totp val ' . $token . ' 2m'); | ||
| 106 | if (!strstr($r, 'Success!')) { | ||
| 107 | rg_log('r=' . $r); | ||
| 112 | $r = rg_exec($cmd . ' totp val ' . $token . ' 2m', '', FALSE, FALSE); | ||
| 113 | if ($r['ok'] != 1) { | ||
| 114 | rg_log_ml('error: ' . $r['stderr']); | ||
| 115 | exit(1); | ||
| 116 | } | ||
| 117 | if (!strstr($r['data'], 'Success!')) { | ||
| 118 | rg_log('data: ' . $r['data']); | ||
| 108 | 119 | rg_log('Cannot validate ip!'); | rg_log('Cannot validate ip!'); |
| 109 | 120 | exit(1); | exit(1); |
| 110 | 121 | } | } |
| 111 | $t = explode('valid till ', $r); | ||
| 122 | $t = explode('valid till ', $r['data']); | ||
| 112 | 123 | $t = explode(' (', $t[1]); | $t = explode(' (', $t[1]); |
| 113 | 124 | $exp = trim($t[0]); | $exp = trim($t[0]); |
| 114 | 125 | rg_log('exp=' . $exp); | rg_log('exp=' . $exp); |
| 115 | 126 | ||
| 116 | 127 | rg_log(''); | rg_log(''); |
| 117 | 128 | rg_log('Reuse of the token must be forbidden (device)'); | rg_log('Reuse of the token must be forbidden (device)'); |
| 118 | $r = shell_exec($cmd . ' totp val ' . $token . ' 2m'); | ||
| 119 | if (!strstr($r, 'cannot reuse')) { | ||
| 120 | rg_log('r=' . $r); | ||
| 129 | $r = rg_exec($cmd . ' totp val ' . $token . ' 2m', '', FALSE, FALSE); | ||
| 130 | if ($r['ok'] != 1) { | ||
| 131 | rg_log_ml('error: ' . $r['stderr']); | ||
| 132 | exit(1); | ||
| 133 | } | ||
| 134 | if (!strstr($r['stderr'], 'cannot reuse')) { | ||
| 135 | rg_log('stderr: ' . $r['data']); | ||
| 121 | 136 | rg_log('we get no error on token reuse!'); | rg_log('we get no error on token reuse!'); |
| 122 | 137 | exit(1); | exit(1); |
| 123 | 138 | } | } |
| ... | ... | if (!strstr($r, 'cannot reuse')) { | |
| 125 | 140 | ||
| 126 | 141 | rg_log(''); | rg_log(''); |
| 127 | 142 | rg_log('Testing \'list-val\' command'); | rg_log('Testing \'list-val\' command'); |
| 128 | $r = shell_exec($cmd . ' totp list-val'); | ||
| 129 | if (!strstr($r, $exp)) { | ||
| 130 | rg_log('r=' . $r); | ||
| 143 | $r = rg_exec($cmd . ' totp list-val', '', FALSE, FALSE); | ||
| 144 | if ($r['ok'] != 1) { | ||
| 145 | rg_log_ml('error: ' . $r['stderr']); | ||
| 146 | exit(1); | ||
| 147 | } | ||
| 148 | if (!strstr($r['data'], $exp)) { | ||
| 149 | rg_log('data: ' . $r['data']); | ||
| 131 | 150 | rg_log('Invalid output for list-val!'); | rg_log('Invalid output for list-val!'); |
| 132 | 151 | exit(1); | exit(1); |
| 133 | 152 | } | } |
| ... | ... | rg_log(''); | |
| 137 | 156 | rg_log('Testing \'inval\' command - wrong ip'); | rg_log('Testing \'inval\' command - wrong ip'); |
| 138 | 157 | $tc = intval(time() / 30) + 1; // we try one in the future | $tc = intval(time() / 30) + 1; // we try one in the future |
| 139 | 158 | $token = rg_totp_compute($key, $tc, 6); | $token = rg_totp_compute($key, $tc, 6); |
| 140 | $r = shell_exec($cmd . ' totp inval 1.1.1.1'); | ||
| 141 | if (!strstr($r, 'ip not found')) { | ||
| 142 | rg_log('r=' . $r); | ||
| 159 | $r = rg_exec($cmd . ' totp inval 1.1.1.1', '', FALSE, FALSE); | ||
| 160 | if ($r['ok'] != 1) { | ||
| 161 | rg_log_ml('error: ' . $r['stderr']); | ||
| 162 | exit(1); | ||
| 163 | } | ||
| 164 | if (!strstr($r['stderr'], 'ip not found')) { | ||
| 165 | rg_log('stderr: ' . $r['stderr']); | ||
| 143 | 166 | rg_log('Cannot invalidate ip!'); | rg_log('Cannot invalidate ip!'); |
| 144 | 167 | exit(1); | exit(1); |
| 145 | 168 | } | } |
| ... | ... | rg_log(''); | |
| 149 | 172 | rg_log('Testing \'inval\' command - all'); | rg_log('Testing \'inval\' command - all'); |
| 150 | 173 | $tc = intval(time() / 30) + 1; // we try one in the future | $tc = intval(time() / 30) + 1; // we try one in the future |
| 151 | 174 | $token = rg_totp_compute($key, $tc, 6); | $token = rg_totp_compute($key, $tc, 6); |
| 152 | $r = shell_exec($cmd . ' totp inval all'); | ||
| 153 | if (!strstr($r, 'Success!')) { | ||
| 154 | rg_log('r=' . $r); | ||
| 175 | $r = rg_exec($cmd . ' totp inval all', '', FALSE, FALSE); | ||
| 176 | if ($r['ok'] != 1) { | ||
| 177 | rg_log_ml('error: ' . $r['stderr']); | ||
| 178 | exit(1); | ||
| 179 | } | ||
| 180 | if (!strstr($r['data'], 'Success!')) { | ||
| 181 | rg_log('data: ' . $r['data']); | ||
| 155 | 182 | rg_log('Cannot invalidate all!'); | rg_log('Cannot invalidate all!'); |
| 156 | 183 | exit(1); | exit(1); |
| 157 | 184 | } | } |
| ... | ... | rg_log('Testing \'remove-device\''); | |
| 162 | 189 | $tc = intval(time() / 30) + 2; | $tc = intval(time() / 30) + 2; |
| 163 | 190 | $token = rg_totp_compute($key, $tc, 6); | $token = rg_totp_compute($key, $tc, 6); |
| 164 | 191 | $_cmd = $cmd . ' totp remove-device ' . $token; | $_cmd = $cmd . ' totp remove-device ' . $token; |
| 165 | rg_log('Sending cmd ' . $_cmd); | ||
| 166 | $r = shell_exec($_cmd); | ||
| 167 | if (!strstr($r, 'Success!')) { | ||
| 168 | rg_log('r=' . $r); | ||
| 192 | $r = rg_exec($_cmd, '', FALSE, FALSE); | ||
| 193 | if ($r['ok'] != 1) { | ||
| 194 | rg_log_ml('error: ' . $r['stderr']); | ||
| 195 | exit(1); | ||
| 196 | } | ||
| 197 | if (!strstr($r['data'], 'Success!')) { | ||
| 198 | rg_log('data: ' . $r['data']); | ||
| 169 | 199 | rg_log('Cannot remove device!'); | rg_log('Cannot remove device!'); |
| 170 | 200 | exit(1); | exit(1); |
| 171 | 201 | } | } |
| ... | ... | rg_log('Testing \'unenroll\''); | |
| 188 | 218 | $token = array_pop($sc); | $token = array_pop($sc); |
| 189 | 219 | $token = ltrim($token, '0'); | $token = ltrim($token, '0'); |
| 190 | 220 | $_cmd = $cmd . ' totp unenroll ' . $token; | $_cmd = $cmd . ' totp unenroll ' . $token; |
| 191 | rg_log('Sending cmd ' . $_cmd); | ||
| 192 | $r = shell_exec($_cmd); | ||
| 193 | if (!strstr($r, 'You are now unenrolled')) { | ||
| 194 | rg_log('r=' . $r); | ||
| 221 | $r = rg_exec($_cmd, '', FALSE, FALSE); | ||
| 222 | if ($r['ok'] != 1) { | ||
| 223 | rg_log_ml('error: ' . $r['stderr']); | ||
| 224 | exit(1); | ||
| 225 | } | ||
| 226 | if (!strstr($r['data'], 'You are now unenrolled')) { | ||
| 227 | rg_log('data: ' . $r['data']); | ||
| 195 | 228 | rg_log('Cannot unenroll!'); | rg_log('Cannot unenroll!'); |
| 196 | 229 | exit(1); | exit(1); |
| 197 | 230 | } | } |
| ... | ... | if (!strstr($r, 'You are now unenrolled')) { | |
| 199 | 232 | rg_log(''); | rg_log(''); |
| 200 | 233 | rg_log('After enroll we should not be able to use the scratch codes'); | rg_log('After enroll we should not be able to use the scratch codes'); |
| 201 | 234 | $token = array_pop($sc); | $token = array_pop($sc); |
| 202 | $r = shell_exec($cmd . ' totp val ' . $token . ' 2m'); | ||
| 203 | if (strstr($r, 'Success!')) { | ||
| 204 | rg_log('r=' . $r); | ||
| 235 | $r = rg_exec($cmd . ' totp val ' . $token . ' 2m', '', FALSE, FALSE); | ||
| 236 | if ($r['ok'] != 1) { | ||
| 237 | rg_log_ml('error: ' . $r['stderr']); | ||
| 238 | exit(1); | ||
| 239 | } | ||
| 240 | if (strstr($r['data'], 'Success!')) { | ||
| 241 | rg_log('data: ' . $r['data']); | ||
| 205 | 242 | rg_log('Seems we are able to use scratch codes after unenroll!'); | rg_log('Seems we are able to use scratch codes after unenroll!'); |
| 206 | 243 | exit(1); | exit(1); |
| 207 | 244 | } | } |
| ... | ... | rg_log(''); | |
| 214 | 251 | rg_log('sc: testing \'val\' cmd...'); | rg_log('sc: testing \'val\' cmd...'); |
| 215 | 252 | $token = array_pop($sc); | $token = array_pop($sc); |
| 216 | 253 | $_cmd = $cmd . ' totp val ' . $token . ' 2m'; | $_cmd = $cmd . ' totp val ' . $token . ' 2m'; |
| 217 | rg_log('Sending cmd ' . $_cmd); | ||
| 218 | $r = shell_exec($_cmd); | ||
| 219 | if (!strstr($r, 'Success!')) { | ||
| 220 | rg_log('r=' . $r); | ||
| 254 | $r = rg_exec($_cmd, '', FALSE, FALSE); | ||
| 255 | if ($r['ok'] != 1) { | ||
| 256 | rg_log_ml('error: ' . $r['stderr']); | ||
| 257 | exit(1); | ||
| 258 | } | ||
| 259 | if (!strstr($r['data'], 'Success!')) { | ||
| 260 | rg_log('data: ' . $r['data']); | ||
| 221 | 261 | rg_log('Cannot validate ip!'); | rg_log('Cannot validate ip!'); |
| 222 | 262 | exit(1); | exit(1); |
| 223 | 263 | } | } |
| ... | ... | if (!strstr($r, 'Success!')) { | |
| 226 | 266 | rg_log(''); | rg_log(''); |
| 227 | 267 | rg_log('Reuse of the scratch code must be forbidden (sc)'); | rg_log('Reuse of the scratch code must be forbidden (sc)'); |
| 228 | 268 | $_cmd = $cmd . ' totp val ' . $token . ' 2m'; | $_cmd = $cmd . ' totp val ' . $token . ' 2m'; |
| 229 | rg_log('Sending cmd ' . $_cmd); | ||
| 230 | $r = shell_exec($_cmd); | ||
| 231 | if (!strstr($r, 'invalid token')) { | ||
| 232 | rg_log('r=' . $r); | ||
| 269 | $r = rg_exec($_cmd, '', FALSE, FALSE); | ||
| 270 | if ($r['ok'] != 1) { | ||
| 271 | rg_log_ml('error: ' . $r['stderr']); | ||
| 272 | exit(1); | ||
| 273 | } | ||
| 274 | if (!strstr($r['stderr'], 'invalid token')) { | ||
| 275 | rg_log('stderr: ' . $r['stderr']); | ||
| 233 | 276 | rg_log('we get no error on token reuse!'); | rg_log('we get no error on token reuse!'); |
| 234 | 277 | exit(1); | exit(1); |
| 235 | 278 | } | } |
Hints:
Before first commit, do not forget to setup your git environment:
Clone this repository using HTTP(S):
Clone this repository using ssh (do not forget to upload a key first):
Clone this repository using git:
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"
git config --global user.email "your@email_here"
Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/catalinux/rocketgit
Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit
Clone this repository using git:
git clone git://git.rocketgit.com/user/catalinux/rocketgit
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main
... make some changes and some commits ...
git push origin main
RocketGit
Rocket your launch!
Rocket your launch!