X-Git-Url: http://git.pjr.cc/?a=blobdiff_plain;f=gaas%2Flib%2FglobalLib.php;h=79857cf5615cb92ee718d8a8f5ecdcc9fadd505a;hb=HEAD;hp=51854875d88990d149828a766bb3c3e2e72d3f69;hpb=e90887f0fd673f152c95fb9965707d9f0aa07497;p=ga4php.git diff --git a/gaas/lib/globalLib.php b/gaas/lib/globalLib.php index 5185487..79857cf 100644 --- a/gaas/lib/globalLib.php +++ b/gaas/lib/globalLib.php @@ -5,10 +5,34 @@ $BASE_DIR = realpath(dirname(__FILE__)."/../../"); global $BASE_DIR; // the tcp port number we use for comms -$TCP_PORT_NUMBER = 21335; +$TCP_PORT_NUMBER = 21256; global $TCP_PORT_NUMBER; +/* tasks we need to do (- prefix means done or working) + * - status + * - init + * - set ad login + * - set ad client group + * - set ad admin group + * - provision user + * - get users + * - delete user + * - create hardware token + * - list hardware tokens + * - assign hardware token + * disable user + * set user password + * enable admin for user + * disable admin for user + * resync token + * get qrcode + * re-create user token + * set user pin + * authenticate user by token + * authenticate user by password + * + */ // the messages structure, used to extend gaas if needed @@ -17,15 +41,27 @@ define("MSG_INIT_SERVER", 19); define("MSG_SET_AD_LOGIN", 20); define("MSG_SET_CLIENT_GROUP", 21); define("MSG_SET_ADMIN_GROUP", 22); - +define("MSG_PROVISION_USER",23); +define("MSG_GET_USERS", 24); +define("MSG_DELETE_USER", 25); +define("MSG_ASSIGN_TOKEN",26); +define("MSG_ADD_HARDWARE",27); +define("MSG_GET_HARDWARE",28); // the gaasd call's $MESSAGE[]_server() for the server side // and $MESSAGE[]_client() for the client side -$MESSAGES[MSG_STATUS] = "gaasStatus"; -$MESSAGES[MSG_INIT_SERVER] = "gaasInitServer"; -$MESSAGES[MSG_SET_AD_LOGIN] = "gaasSetADLogin"; -$MESSAGES[MSG_SET_CLIENT_GROUP] = "gaasSetClientGroup"; -$MESSAGES[MSG_SET_ADMIN_GROUP] = "gaasSetAdminGroup"; +$MESSAGES[MSG_STATUS] = "gaasStatus"; // +$MESSAGES[MSG_INIT_SERVER] = "gaasInitServer"; // AD: "AD", "user", "pass", "domain", "client def", "admin def" - IN: "IN", "user", "pass" +$MESSAGES[MSG_SET_AD_LOGIN] = "gaasSetADLogin"; // domain, user, password +$MESSAGES[MSG_SET_CLIENT_GROUP] = "gaasSetClientGroup"; // groupname +$MESSAGES[MSG_SET_ADMIN_GROUP] = "gaasSetAdminGroup"; // groupname +$MESSAGES[MSG_PROVISION_USER] = "gaasProvisionUser"; // username, tokentype, tokenkey, hardware|software +$MESSAGES[MSG_GET_USERS] = "gaasGetUsers"; // [admin|client], [name pattern], [only with tokens] +$MESSAGES[MSG_DELETE_USER] = "gaasDeleteUser"; // username +$MESSAGES[MSG_ASSIGN_TOKEN] = "gaasAssignToken"; // username, tokenid +$MESSAGES[MSG_ADD_HARDWARE] = "gaasAddHardwareToken"; // username, tokenid +$MESSAGES[MSG_GET_HARDWARE] = "gaasGetHardwareTokens"; // + global $MESSAGES; @@ -98,6 +134,113 @@ function getADGroups($domain, $user, $password) return $info; } +function userInGroup($user, $domain, $adlogin, $adpass, $group) +{ + $addom = $domain; + $usertocheck = $user; + + $servers = dns_get_record("_gc._tcp.$addom"); + if(count($servers)<1) { + echo "AD servers cant be found, fail!\n"; + } + + + // we should check all servers, but lets just go with 0 for now + $cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]); + $bind = ldap_bind($cnt, "$adlogin@$addom", "$adpass"); + if($bind) { + } else { + echo "Bind Failed\n"; + return false; + } + + $ars = explode(".", $addom); + + $tcn = ""; + foreach($ars as $val) { + $tcn .= "DC=$val,"; + } + + $basecn = preg_replace("/,$/", "", $tcn); + + // first, find the dn for our user + $sr = ldap_search($cnt, "$basecn", "(&(objectclass=user)(samaccountname=$usertocheck))"); + $info = ldap_get_entries($cnt, $sr); + //print_r($info); + $usercn=$info[0]["dn"]; + + + //exit(0); + + //echo "usercn: $usercn\n"; + $basecn = preg_replace("/,$/", "", $tcn); + $sr = ldap_search($cnt, "$basecn", "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))"); + $fil = "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))"; + $info = ldap_get_entries($cnt, $sr); + foreach($info as $kpot => $lpot) { + if(isset($lpot["samaccountname"])) { + //echo "checking: ".$lpot["cn"][0]."\n"; + if(strtolower($lpot["cn"][0]) == strtolower($group)) return true; + } + } + return false; +} + + +function getUsersInGroup($domain, $adlogin, $adpass, $group) +{ + $addom = $domain; + + $servers = dns_get_record("_gc._tcp.$addom"); + if(count($servers)<1) { + echo "AD servers cant be found, fail!\n"; + } + + + // we should check all servers, but lets just go with 0 for now + $cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]); + $bind = ldap_bind($cnt, "$adlogin@$addom", "$adpass"); + if($bind) { + } else { + echo "Bind Failed\n"; + return false; + } + + $ars = explode(".", $addom); + + $tcn = ""; + foreach($ars as $val) { + $tcn .= "DC=$val,"; + } + + $basecn = preg_replace("/,$/", "", $tcn); + + // first, find the dn for our user + $sr = ldap_search($cnt, "$basecn", "(&(objectCategory=group)(cn=$group))"); + $info = ldap_get_entries($cnt, $sr); + //print_r($info); + $groupcn=$info[0]["dn"]; + //exit(0); + + $basecn = preg_replace("/,$/", "", $tcn); + $sr = ldap_search($cnt, "$basecn", "(&(objectCategory=user)(memberof:1.2.840.113556.1.4.1941:=$groupcn))"); + //$fil = "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))"; + $info = ldap_get_entries($cnt, $sr); + //print_r($info); + $arbi = ""; + //exit(0); + $i = 0; + foreach($info as $kpot => $lpot) { + if(isset($lpot["samaccountname"])) { + $arbi[$i]["realname"] = $lpot["name"][0]; + $arbi[$i]["username"] = strtolower($lpot["samaccountname"][0]); + $i++; + } + } + + return $arbi; +} + function generateRandomString($len) { $str = "";