gaas/lib/gaasdMessages.php

   1 <?php
   2
   3 // this file defines all the messages used by gaaasd
   4
   5 // there are only really two status messages at this point - "init" meaning we have no been defined yet
   6 // and "running" meaning we have been defined
   7 function gaasStatus_server($messages)
   8 {
   9         global $initState, $backEnd;
  10
  11         $return = "init";
  12         if($initState != false && $backEnd != "") {
  13                 $return = "running";
  14                 $be = confGetVal("backend");
  15                 if($be == "AD") {
  16                         $dom = confGetVal("ad.domain");
  17                         $user = confGetVal("ad.user");
  18                         $client = confGetVal("ad.clientdef");
  19                         $admin = confGetVal("ad.admindef");
  20                         $return .= " - AD integrated to $dom, GAASD Username: $user, Clients Group: $client, Admins Group: $admin";
  21                 } else {
  22                         $return .= " - internal database";
  23                 }
  24
  25         }
  26
  27
  28
  29         return $return;
  30 }
  31
  32
  33 function gaasInitServer_server($msg)
  34 {
  35         global $initState, $backEnd;
  36
  37         error_log("Init server called\n");
  38         // here we "init" the server, if we're ad, we attempt to connect to AD and if it all works
  39         // we then create the db
  40         // $m["backend"] = "AD|IN";
  41         // AD expects:
  42         // $m["domain"] = "somedomain.com";
  43         // $m["user"] = "someuser";
  44         // $m["pass"] = "somepassword";
  45         // $m["userdef"] = "user definition paramaters";
  46         // IN expects
  47         // $m["user"] = "someuser";
  48         // $m["pass"] = "somepass";
  49         echo "initstate is $initState";
  50         if($initState) {
  51                 echo "true\n";
  52         } else {
  53                 echo "false\n";
  54         }
  55         if($initState) {
  56                 error_log("init server called when server already init'd\n");
  57                 return false;
  58         }
  59
  60         if($msg["backend"] == "AD") {
  61                 $backEnd = "AD";
  62                 // attempt connect to AD, verify creds
  63                 $addom = $msg["domain"];
  64                 $adlogin = $msg["user"];
  65                 $adpass = $msg["pass"];
  66                 $adclientdef = $msg["clientdef"];
  67                 $adadmindef = $msg["admindef"];
  68
  69                 // now wee test our logins...
  70                 // first look up the domain name stuff
  71                 $servers = dns_get_record("_gc._tcp.$addom");
  72                 if(count($servers)<1) {
  73                         echo "AD servers cant be found, fail!\n";
  74                 }
  75
  76                 // we should check all servers, but lets just go with 0 for now
  77                 $res =  adTestLogin($addom, $adlogin, $adpass);
  78                 if(!$res) {
  79                         return false;
  80                 }
  81
  82
  83                 // then
  84                 createDB();
  85                 confSetVal("ad.domain", $addom);
  86                 confSetVal("ad.user", $adlogin);
  87                 confSetVal("ad.pass", $adpass);
  88                 confSetVal("ad.encryptionkey", generateHexString(32));
  89                 confSetVal("ad.clientdef", $adclientdef);
  90                 confSetVal("ad.admindef", $adadmindef);
  91                 confSetVal("backend", "AD");
  92                 confSetVal("defaulttokentype", "TOTP");
  93
  94                 $initState = true;
  95                 $backEnd = "AD";
  96
  97                 // and that should be it... i think cept im in a forked erg.. lets assume it works, need pain i do not.
  98                 return true;
  99         } else if($msg["backend"] == "IN") {
 100                 // this ones simpler
 101                 $backEnd = "IN";
 102                 createDB();
 103
 104                 // create the user in the db
 105                 $username = $msg["user"];
 106                 $password = $msg["pass"];
 107
 108                 $myga = new gaasdGA();
 109                 $myga->setUser($username);
 110
 111                 if($password == "") $pass = "";
 112                 else $pass = hash('sha512', $password);
 113
 114                 $db = getDB();
 115                 $db->query($sql = "update users set users_password='$pass' where users_username='$username'");
 116
 117                 $initState = "running";
 118                 return true;
 119         } else {
 120                 return false;
 121         }
 122 }
 123
 124
 125 function gaasSetADLogin_server($msg)
 126 {
 127         global $initState, $backEnd;
 128
 129         if($initState != "running") {
 130                 return "not in running init state";
 131         }
 132
 133         if($backEnd != "AD") {
 134                 return "not setup as AD client";
 135         }
 136
 137         $addom = $msg["domain"];
 138         $adlogin = $msg["user"];
 139         $adpass = $msg["pass"];
 140
 141         $res = adTestLogin($addmo, $adlogin, $adpass);
 142         if($res != 0) {
 143                 return "not able to connect to AD with given cred's";
 144         }
 145
 146         confSetVal("ad.domain", $addom);
 147         confSetVal("ad.user", $adlogin);
 148         confSetVal("ad.pass", $adpass);
 149
 150         return true;
 151
 152 }
 153
 154 function gaasSetAdminGroup_server($msg)
 155 {
 156         if(confGetVal("backend") == "AD") {
 157                 confSetVal("ad.admindef", $msg["admingroup"]);
 158         } else return false;
 159
 160         return true;
 161 }
 162
 163 function gaasSetClientGroup_server($msg)
 164 {
 165         if(confGetVal("backend") == "AD") {
 166                 confSetVal("ad.clientdef", $msg["clientgroup"]);
 167         } else return false;
 168
 169         return true;
 170 }
 171
 172 function gaasProvisionUser_server($msg)
 173 {
 174
 175         // function userInGroup($user, $domain, $adlogin, $adpass, $group)
 176         echo "in provision user\n";
 177         print_r($msg);
 178         $dttype = confGetVal("defaulttokentype");
 179         if($dttype != "HOTP" && $dttype != "TOTP") {
 180                 echo "default token type not set, setting to TOTP\n";
 181                 confSetVal("defaulttokentype", "TOTP");
 182                 $dttype = "TOTP";
 183         }
 184         if($msg["tokentype"] == "") {
 185                 $ttype = confGetVal("defaulttokentype");
 186         } else {
 187                 $ttype = $msg["tokentype"];
 188         }
 189         if($ttype != "HOTP" && $ttype != "TOTP") {
 190                 echo "using default token type, $dttype because user entered value of $ttype doesnt make sense\n";
 191                 $ttype = $dttype;
 192         }
 193         $tkey = $msg["tokenkey"];
 194         if(confGetVal("backend") == "AD") {
 195                 if(userInGroup($msg["username"], confGetVal("ad.domain"), confGetVal("ad.user"), confGetVal("ad.pass"), confGetVal("ad.clientdef"))) {
 196                         $myga = new gaasdGA();
 197                         $myga->setUser($msg["username"], $ttype, "", $tkey);
 198                 } else {
 199                         echo "User not in client group\n";
 200                 }
 201         } else {
 202                 // internal db
 203         }
 204
 205
 206         return true;
 207 }
 208
 209 function gaasGetUsers_server($msg)
 210 {
 211         $haveTokens = $msg["havetokens"];
 212         $userPatter = $msg["userpattern"];
 213         $group = $msg["group"];
 214
 215         if(confGetval("backend") == "AD") {
 216                 $adgroup = "";
 217                 if($group == "admin") {
 218                         $adgroup = confGetVal("ad.admindef");
 219                 } else {
 220                         $adgroup = confGetVal("ad.clientdef");
 221                 }
 222                 $addom = confGetVal("ad.domain");
 223                 $aduser = confGetVal("ad.user");
 224                 $adpass = confGetVal("ad.pass");
 225                 //echo "using group $adgroup for $group\n";
 226
 227                 $users = getUsersInGroup($addom, $aduser, $adpass, $adgroup);
 228                 foreach($users as $user => $real) {
 229                         hasToken($user);
 230                 }
 231         } else {
 232                 // internal db
 233         }
 234         return $users;
 235 }
 236
 237 function gaasDeleteUser_server($msg)
 238 {
 239         $username = $msg["username"];
 240         $db = getDB();
 241         $db->query($sql = "delete from users where users_username='$username'");
 242
 243 }
 244 ?>