From 6ae20292cc7aa6a712b492de306613192733e756 Mon Sep 17 00:00:00 2001 From: paulr Date: Sat, 26 Feb 2011 04:19:17 +1100 Subject: [PATCH] added client get users command --- gaas/gaasd/gaasclient.php | 16 +++++++++- gaas/lib/gaasClientMessages.php | 22 +++++++++++++ gaas/lib/gaasdLib.php | 3 +- gaas/lib/gaasdMessages.php | 24 ++++++++++++++ gaas/lib/globalLib.php | 67 ++++++++++++++++++++++++++++++++++++--- unittests/getadusers.php | 8 +++++ 6 files changed, 133 insertions(+), 7 deletions(-) create mode 100644 unittests/getadusers.php diff --git a/gaas/gaasd/gaasclient.php b/gaas/gaasd/gaasclient.php index 6880dcd..b03a216 100644 --- a/gaas/gaasd/gaasclient.php +++ b/gaas/gaasd/gaasclient.php @@ -17,11 +17,12 @@ function usage() echo "\tsetclientgroup groupname - change the group membership requirements for client's with AD\n"; echo "\tsetadmingroup groupname - change the group membership requirements for admin's with AD\n"; echo "\tprovisionuser username [HOTP|TOTP] [KEY]- provision the user \"username\"\n"; + echo "\tgetusers [admin|client] [part-of-username] [yes] - get user list with admin or client group, part of a username and return only those with tokens (yes)\n"; echo "\n"; exit(0); } -if($argc < 1) { +if($argc < 2) { usage(); } @@ -65,6 +66,19 @@ switch($argv[1]) { echo "Resetting AD admin group details failed\n"; } break; + case "getusers": + $group = "client"; + $partof = ""; + $onlytokens = "no"; + if(isset($argv[2])) $group = $argv[2]; + if(isset($argv[3])) $partof = $argv[3]; + if(isset($argv[4])) $onlytokens = $argv[4]; + $ret = $myga->MSG_GET_USERS($group, $partof, $onlytokens); + //print_r($ret); + foreach($ret as $user) { + echo $user["realname"]." (".$user["username"].")\n"; + } + break; default: echo "No such command, ".$argv[1]."\n"; usage(); diff --git a/gaas/lib/gaasClientMessages.php b/gaas/lib/gaasClientMessages.php index d110ba2..332295a 100644 --- a/gaas/lib/gaasClientMessages.php +++ b/gaas/lib/gaasClientMessages.php @@ -73,4 +73,26 @@ function gaasProvisionUser_clientsend($params) return $msg; } +function gaasGetUsers_clientsend($params) +{ + $msg["havetokens"] = false; + $msg["userpattern"] = ""; + $msg["group"] = "client"; + if(isset($params[0])) { + if($params[0] == "admin") { + $msg["group"] = "admin"; + } + } + if(isset($params[1])) { + $msg["userpattern"] = $params[1]; + } + if(isset($params[2])) { + if($params[2] == "yes") { + $msg["havetokens"] = true; + } + } + + return $msg; +} + ?> \ No newline at end of file diff --git a/gaas/lib/gaasdLib.php b/gaas/lib/gaasdLib.php index a2b50de..ab6b4ad 100644 --- a/gaas/lib/gaasdLib.php +++ b/gaas/lib/gaasdLib.php @@ -51,7 +51,8 @@ function createDB() // users_tokendata is used by ga4php, users_otk is the qrcode data link if needed, // tokentype is the software/hardware token types - $sql = 'CREATE TABLE "users" ("users_id" INTEGER PRIMARY KEY AUTOINCREMENT,"users_username" TEXT, "users_realname" TEXT, "users_password" TEXT, "users_tokendata" TEXT, "users_otk" TEXT, "user_enabled" TEXT, "users_tokentype" TEXT);'; + $sql = 'CREATE TABLE "users" ("users_id" INTEGER PRIMARY KEY AUTOINCREMENT,"users_username" TEXT, "users_realname" TEXT, \ + "users_password" TEXT, "users_tokendata" TEXT, "users_qrcodeid" TEXT, "user_enabled" TEXT, "users_tokentype" TEXT);'; $dbobject->query($sql); $sql = 'CREATE TABLE "config" ("conf_id" INTEGER PRIMARY KEY AUTOINCREMENT,"conf_name" TEXT, "conf_value" TEXT);'; $dbobject->query($sql); diff --git a/gaas/lib/gaasdMessages.php b/gaas/lib/gaasdMessages.php index 3b23da4..94fb8c0 100644 --- a/gaas/lib/gaasdMessages.php +++ b/gaas/lib/gaasdMessages.php @@ -182,4 +182,28 @@ function gaasProvisionUser_server($msg) return true; } +function gaasGetUsers_server($msg) +{ + $haveTokens = $msg["havetokens"]; + $userPatter = $msg["userpattern"]; + $group = $msg["group"]; + + if(confGetval("backend") == "AD") { + $adgroup = ""; + if($group == "admin") { + $adgroup = confGetVal("ad.admindef"); + } else { + $adgroup = confGetVal("ad.clientdef"); + } + $addom = confGetVal("ad.domain"); + $aduser = confGetVal("ad.user"); + $adpass = confGetVal("ad.pass"); + echo "using group $adgroup for $group\n"; + + $users = getUsersInGroup($addom, $aduser, $adpass, $adgroup); + } else { + // internal db + } + return $users; +} ?> \ No newline at end of file diff --git a/gaas/lib/globalLib.php b/gaas/lib/globalLib.php index 184be7f..f3fe9fb 100644 --- a/gaas/lib/globalLib.php +++ b/gaas/lib/globalLib.php @@ -18,16 +18,18 @@ define("MSG_SET_AD_LOGIN", 20); define("MSG_SET_CLIENT_GROUP", 21); define("MSG_SET_ADMIN_GROUP", 22); define("MSG_PROVISION_USER",23); - +define("MSG_GET_USERS", 24); // the gaasd call's $MESSAGE[]_server() for the server side // and $MESSAGE[]_client() for the client side $MESSAGES[MSG_STATUS] = "gaasStatus"; -$MESSAGES[MSG_INIT_SERVER] = "gaasInitServer"; -$MESSAGES[MSG_SET_AD_LOGIN] = "gaasSetADLogin"; -$MESSAGES[MSG_SET_CLIENT_GROUP] = "gaasSetClientGroup"; +$MESSAGES[MSG_INIT_SERVER] = "gaasInitServer"; +$MESSAGES[MSG_SET_AD_LOGIN] = "gaasSetADLogin"; // domain, user, password +$MESSAGES[MSG_SET_CLIENT_GROUP] = "gaasSetClientGroup"; // groupname $MESSAGES[MSG_SET_ADMIN_GROUP] = "gaasSetAdminGroup"; -$MESSAGES[MSG_PROVISION_USER] = "gaasProvisionUser"; +$MESSAGES[MSG_PROVISION_USER] = "gaasProvisionUser"; // username +$MESSAGES[MSG_GET_USERS] = "gaasGetUsers"; // [admin|client], [name pattern], [only with tokens] + global $MESSAGES; @@ -150,6 +152,61 @@ function userInGroup($user, $domain, $adlogin, $adpass, $group) return false; } + +function getUsersInGroup($domain, $adlogin, $adpass, $group) +{ + $addom = $domain; + + $servers = dns_get_record("_gc._tcp.$addom"); + if(count($servers)<1) { + echo "AD servers cant be found, fail!\n"; + } + + + // we should check all servers, but lets just go with 0 for now + $cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]); + $bind = ldap_bind($cnt, "$adlogin@$addom", "$adpass"); + if($bind) { + } else { + echo "Bind Failed\n"; + return false; + } + + $ars = explode(".", $addom); + + $tcn = ""; + foreach($ars as $val) { + $tcn .= "DC=$val,"; + } + + $basecn = preg_replace("/,$/", "", $tcn); + + // first, find the dn for our user + $sr = ldap_search($cnt, "$basecn", "(&(objectCategory=group)(cn=$group))"); + $info = ldap_get_entries($cnt, $sr); + //print_r($info); + $groupcn=$info[0]["dn"]; + //exit(0); + + $basecn = preg_replace("/,$/", "", $tcn); + $sr = ldap_search($cnt, "$basecn", "(&(objectCategory=user)(memberof:1.2.840.113556.1.4.1941:=$groupcn))"); + //$fil = "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))"; + $info = ldap_get_entries($cnt, $sr); + //print_r($info); + $arbi = ""; + //exit(0); + $i = 0; + foreach($info as $kpot => $lpot) { + if(isset($lpot["samaccountname"])) { + $arbi[$i]["username"] = $lpot["samaccountname"][0]; + $arbi[$i]["realname"] = $lpot["name"][0]; + $i++; + } + } + + return $arbi; +} + function generateRandomString($len) { $str = ""; diff --git a/unittests/getadusers.php b/unittests/getadusers.php new file mode 100644 index 0000000..c8ae4d9 --- /dev/null +++ b/unittests/getadusers.php @@ -0,0 +1,8 @@ + \ No newline at end of file -- 1.7.0.4