--- /dev/null
+<?php
+if($argc < 4) {
+ echo "usage: ".$argv[0]. " domain user password usertocheck\n";
+ return 0;
+}
+
+$addom = $argv[1];
+$adlogin = $argv[2];
+$adpass = $argv[3];
+$usertocheck = $argv[4];
+
+$servers = dns_get_record("_gc._tcp.$addom");
+if(count($servers)<1) {
+ echo "AD servers cant be found, fail!\n";
+}
+
+echo count($servers)." AD servers returned, using ".$servers[0]["target"]."\n";
+
+// we should check all servers, but lets just go with 0 for now
+$cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]);
+echo "Connected\n";
+$bind = ldap_bind($cnt, "$adlogin", "$adpass");
+if($bind) {
+ echo "Bind passed\n";
+} else {
+ echo "Bind Failed\n";
+}
+
+$ars = explode(".", $addom);
+
+$tcn = "";
+foreach($ars as $val) {
+ $tcn .= "DC=$val,";
+}
+
+$basecn = preg_replace("/,$/", "", $tcn);
+
+// first, find the dn for our user
+$sr = ldap_search($cnt, "$basecn", "(&(objectclass=user)(samaccountname=$usertocheck))");
+$info = ldap_get_entries($cnt, $sr);
+//print_r($info);
+$usercn=$info[0]["dn"];
+
+
+//exit(0);
+
+$basecn = preg_replace("/,$/", "", $tcn);
+$sr = ldap_search($cnt, "$basecn", "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))");
+$fil = "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))";
+$info = ldap_get_entries($cnt, $sr);
+echo "groups for this user, $fil\n";
+//print_r($info);
+foreach($info as $kpot => $lpot) {
+ //print_r($kpot);
+ //print_r($lpot);
+ if(isset($lpot["cn"])) {
+ echo "Group: ".$lpot["cn"][0]."\n";
+ }
+ //echo "User: ".$kpot["samaaccountname"][0]."\n";
+ //echo "$kpot, $lpot\n";
+ //return 0;
+}
+
+
+
+
+?>
\ No newline at end of file
echo "\tsetadlogin username password domain\n";
echo "\tsetclientgroup groupname - change the group membership requirements for client's with AD\n";
echo "\tsetadmingroup groupname - change the group membership requirements for admin's with AD\n";
+ echo "\tprovisionuser username [HOTP|TOTP] [KEY]- provision the user \"username\"\n";
echo "\n";
exit(0);
}
}
// pretty simple, it either works or doesnt, we just pass on the result
+// im leaving this function here as an example of how you deal
+// with data coming back from the server but prior to returning
+// to the client. if it just returns the data back to the client
+// you doing have to define a recving function
function gaasInitServer_clientrecv($params)
{
return $params;
return $msg;
}
-function gaasSetADLogin_clientrecv($params)
-{
- return $params;
-}
-
function gaasSetClientGroup_clientsend($params)
{
$msg["clientgroup"] = $params[0];
return $msg;
}
-function gaasSetClientGroup_clientrecv($params)
-{
- return $params;
-}
-
function gaasSetAdminGroup_clientsend($params)
{
$msg["admingroup"] = $params[0];
return $msg;
}
-function gaasSetAdminGroup_clientrecv($params)
+function gaasProvisionUser_clientsend($params)
{
- return $params;
+ return $msg;
}
?>
\ No newline at end of file
$function_recv = $MESSAGES[$st_defined]."_clientrecv";
//echo "real function is $function_send, $function_recv\n";
- if(function_exists($function_send) && function_exists($function_recv)) {
- return $function_recv($this->sendReceive($st_defined, $function_send($params)));
+ if(function_exists($function_send)) {
+ $fromsend = $this->sendReceive($st_defined, $function_send($params)));
+ if(function_exists($function_recv)) {
+ return $function_recv($fromsend);
+ } else return $fromsend;
} else {
error_log("Function, $function does not exist!");
}
define("MSG_SET_AD_LOGIN", 20);
define("MSG_SET_CLIENT_GROUP", 21);
define("MSG_SET_ADMIN_GROUP", 22);
+define("MSG_PROVISION_USER",23);
// the gaasd call's $MESSAGE[<MSG>]_server() for the server side
$MESSAGES[MSG_SET_AD_LOGIN] = "gaasSetADLogin";
$MESSAGES[MSG_SET_CLIENT_GROUP] = "gaasSetClientGroup";
$MESSAGES[MSG_SET_ADMIN_GROUP] = "gaasSetAdminGroup";
+$MESSAGES[MSG_PROVISION_USER] = "gaasProvisionUser";
global $MESSAGES;
return $info;
}
+function userInGroup($user, $domain, $adlogin, $adpass, $group)
+{
+ $addom = $domain;
+ $usertocheck = $user;
+
+ $servers = dns_get_record("_gc._tcp.$addom");
+ if(count($servers)<1) {
+ echo "AD servers cant be found, fail!\n";
+ }
+
+
+ // we should check all servers, but lets just go with 0 for now
+ $cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]);
+ $bind = ldap_bind($cnt, "$adlogin@$addom", "$adpass");
+ if($bind) {
+ } else {
+ echo "Bind Failed\n";
+ return false;
+ }
+
+ $ars = explode(".", $addom);
+
+ $tcn = "";
+ foreach($ars as $val) {
+ $tcn .= "DC=$val,";
+ }
+
+ $basecn = preg_replace("/,$/", "", $tcn);
+
+ // first, find the dn for our user
+ $sr = ldap_search($cnt, "$basecn", "(&(objectclass=user)(samaccountname=$usertocheck))");
+ $info = ldap_get_entries($cnt, $sr);
+ //print_r($info);
+ $usercn=$info[0]["dn"];
+
+
+ //exit(0);
+
+ $basecn = preg_replace("/,$/", "", $tcn);
+ $sr = ldap_search($cnt, "$basecn", "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))");
+ $fil = "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))";
+ $info = ldap_get_entries($cnt, $sr);
+ foreach($info as $kpot => $lpot) {
+ if(isset($lpot["samaccountname"])) {
+ if($lpot["cn"][0] == $group) return true;
+ }
+ }
+ return false;
+}
+
function generateRandomString($len)
{
$str = "";
--- /dev/null
+<?php
+
+require_once("../gaas/lib/globalLib.php");
+
+// function userInGroup($user, $domain, $adlogin, $adpass, $group)
+$ret = userInGroup($argv[1], $argv[2], $argv[3], $argv[4], $argv[5]);
+
+if($ret) {
+ echo "true\n";
+} else {
+ echo "False\n";
+}
+
+?>
\ No newline at end of file
projects / ga4php.git / commitdiff