X-Git-Url: http://git.pjr.cc/?a=blobdiff_plain;f=gaas%2Flib%2FglobalLib.php;h=b6289560fda78ac5c2309833aeb907c4d3e6a836;hb=17d7c1e759c50b2fe796306f5ca3f46e064cadaa;hp=89e24b2f4485145bc0a5abd24484296bc4fa23f4;hpb=01b5d6290a0d704099cef17071c1fc50b3049bee;p=ga4php.git diff --git a/gaas/lib/globalLib.php b/gaas/lib/globalLib.php index 89e24b2..b628956 100644 --- a/gaas/lib/globalLib.php +++ b/gaas/lib/globalLib.php @@ -8,51 +8,148 @@ global $BASE_DIR; $TCP_PORT_NUMBER = 21335; global $TCP_PORT_NUMBER; + + + // the messages structure, used to extend gaas if needed -define("MSG_AUTH_USER_TOKEN", 1); -define("MSG_ADD_USER_TOKEN", 2); -define("MSG_DELETE_USER", 3); -define("MSG_AUTH_USER_PASSWORD", 4); -define("MSG_SET_USER_PASSWORD", 5); -define("MSG_SET_USER_REALNAME", 6); -define("MSG_SET_USER_TOKEN", 7); -define("MSG_SET_USER_TOKEN_TYPE", 8); -define("MSG_GET_USERS", 9); -define("MSG_GET_OTK_PNG", 10); -define("MSG_GET_OTK_ID", 11); -define("MSG_DELETE_USER_TOKEN", 12); -define("MSG_SYNC_TOKEN", 13); -define("MSG_GET_TOKEN_TYPE", 14); -define("MSG_GET_RADIUS_CLIENTS", 15); -define("MSG_REMOVE_RADIUS_CLIENT", 16); -define("MSG_ADD_RADIUS_CLIENT", 17); define("MSG_STATUS", 18); define("MSG_INIT_SERVER", 19); +define("MSG_SET_AD_LOGIN", 20); +define("MSG_SET_CLIENT_GROUP", 21); +define("MSG_SET_ADMIN_GROUP", 22); +define("MSG_PROVISION_USER",23); + // the gaasd call's $MESSAGE[]_server() for the server side // and $MESSAGE[]_client() for the client side - -$MESSAGES[MSG_AUTH_USER_TOKEN] = "gaasAuthUserToken"; -$MESSAGES[MSG_ADD_USER_TOKEN] = "gaasAddUserToken"; -$MESSAGES[MSG_DELETE_USER] = "gaasDeleteUser"; -$MESSAGES[MSG_AUTH_USER_PASSWORD] = "gaasAuthUserPass"; -$MESSAGES[MSG_SET_USER_PASSWORD] = "gaasSetUserPass"; -$MESSAGES[MSG_SET_USER_REALNAME] = "gaasSetUserRealName"; -$MESSAGES[MSG_SET_USER_TOKEN] = "gaasSetUserToken"; -$MESSAGES[MSG_SET_USER_TOKEN_TYPE] = "gaasSetUserTokenType"; -$MESSAGES[MSG_GET_USERS] = "gaasGetUsers"; -$MESSAGES[MSG_GET_OTK_PNG] = "gaasGetOTKPng"; -$MESSAGES[MSG_GET_OTK_ID] = "gaasGetOTKID"; -$MESSAGES[MSG_DELETE_USER_TOKEN] = "gaasDeleteUserToken"; -$MESSAGES[MSG_SYNC_TOKEN] = "gaasSyncToken"; -$MESSAGES[MSG_GET_TOKEN_TYPE] = "gaasGetTokenType"; -$MESSAGES[MSG_GET_RADIUS_CLIENTS] = "gaasGetRadiusClients"; -$MESSAGES[MSG_REMOVE_RADIUS_CLIENT] = "gaasRemoveRadiusClient"; -$MESSAGES[MSG_ADD_RADIUS_CLIENT] = "gaasAddRadiusClient"; $MESSAGES[MSG_STATUS] = "gaasStatus"; $MESSAGES[MSG_INIT_SERVER] = "gaasInitServer"; +$MESSAGES[MSG_SET_AD_LOGIN] = "gaasSetADLogin"; +$MESSAGES[MSG_SET_CLIENT_GROUP] = "gaasSetClientGroup"; +$MESSAGES[MSG_SET_ADMIN_GROUP] = "gaasSetAdminGroup"; +$MESSAGES[MSG_PROVISION_USER] = "gaasProvisionUser"; global $MESSAGES; + + + + + + +function adTestLogin($domain, $user, $password) +{ + $servers = dns_get_record("_gc._tcp.$domain"); + if(count($servers)<1) { + echo "AD servers cant be found for $domain, fail!\n"; + } + + echo count($servers)." AD servers returned, using ".$servers[0]["target"]."\n"; + + // we should check all servers, but lets just go with 0 for now + $cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]); + echo "Connected\n"; + $bind = ldap_bind($cnt, "$user@$domain", "$password"); + if($bind) { + echo "login has succeeded\n"; + return true; + } else { + echo "login has failed\n"; + return false; + } +} + +function getADGroups($domain, $user, $password) +{ + $servers = dns_get_record("_gc._tcp.$domain"); + if(count($servers)<1) { + echo "AD servers cant be found for $domain, fail!\n"; + } + + echo count($servers)." AD servers returned, using ".$servers[0]["target"]."\n"; + + // we should check all servers, but lets just go with 0 for now + $cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]); + echo "Connected\n"; + $bind = ldap_bind($cnt, "$user@$domain", "$password"); + if(!$bind) { + echo "login has failed\n"; + return false; + } + + $ars = explode(".", $addom); + + $tcn = ""; + foreach($ars as $val) { + $tcn .= "DC=$val,"; + } + + $basecn = preg_replace("/,$/", "", $tcn); + + $sr = ldap_search($cnt, "$basecn", "(objectclass=group)"); + $info = ldap_get_entries($cnt, $sr); + + if($info["count"] < 1) { + echo "Couldn't find a matching group\n"; + return 0; + } else { + echo "Found a group, ".$info[0]["cn"][0]."\n"; + echo "With a description of, ".$info[0]["description"][0]."\n"; + echo "and a dn of, ".$info[0]["dn"]."\n"; + } + + return $info; +} + +function userInGroup($user, $domain, $adlogin, $adpass, $group) +{ + $addom = $domain; + $usertocheck = $user; + + $servers = dns_get_record("_gc._tcp.$addom"); + if(count($servers)<1) { + echo "AD servers cant be found, fail!\n"; + } + + + // we should check all servers, but lets just go with 0 for now + $cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]); + $bind = ldap_bind($cnt, "$adlogin@$addom", "$adpass"); + if($bind) { + } else { + echo "Bind Failed\n"; + return false; + } + + $ars = explode(".", $addom); + + $tcn = ""; + foreach($ars as $val) { + $tcn .= "DC=$val,"; + } + + $basecn = preg_replace("/,$/", "", $tcn); + + // first, find the dn for our user + $sr = ldap_search($cnt, "$basecn", "(&(objectclass=user)(samaccountname=$usertocheck))"); + $info = ldap_get_entries($cnt, $sr); + //print_r($info); + $usercn=$info[0]["dn"]; + + + //exit(0); + + $basecn = preg_replace("/,$/", "", $tcn); + $sr = ldap_search($cnt, "$basecn", "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))"); + $fil = "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))"; + $info = ldap_get_entries($cnt, $sr); + foreach($info as $kpot => $lpot) { + if(isset($lpot["samaccountname"])) { + if($lpot["cn"][0] == $group) return true; + } + } + return false; +} + function generateRandomString($len) { $str = "";