3 // this file defines all the messages used by gaaasd
5 // there are only really two status messages at this point - "init" meaning we have no been defined yet
6 // and "running" meaning we have been defined
7 function gaasStatus_server($messages)
9 global $initState, $backEnd;
12 if($initState != false && $backEnd != "") {
14 $be = confGetVal("backend");
16 $dom = confGetVal("ad.domain");
17 $user = confGetVal("ad.user");
18 $client = confGetVal("ad.clientdef");
19 $admin = confGetVal("ad.admindef");
20 $return .= " - AD integrated to $dom, GAASD Username: $user, Clients Group: $client, Admins Group: $admin";
22 $return .= " - internal database";
33 function gaasInitServer_server($msg)
35 global $initState, $backEnd;
37 error_log("Init server called\n");
38 // here we "init" the server, if we're ad, we attempt to connect to AD and if it all works
39 // we then create the db
40 // $m["backend"] = "AD|IN";
42 // $m["domain"] = "somedomain.com";
43 // $m["user"] = "someuser";
44 // $m["pass"] = "somepassword";
45 // $m["userdef"] = "user definition paramaters";
47 // $m["user"] = "someuser";
48 // $m["pass"] = "somepass";
49 echo "initstate is $initState";
56 error_log("init server called when server already init'd\n");
60 if($msg["backend"] == "AD") {
62 // attempt connect to AD, verify creds
63 $addom = $msg["domain"];
64 $adlogin = $msg["user"];
65 $adpass = $msg["pass"];
66 $adclientdef = $msg["clientdef"];
67 $adadmindef = $msg["admindef"];
69 // now wee test our logins...
70 // first look up the domain name stuff
71 $servers = dns_get_record("_gc._tcp.$addom");
72 if(count($servers)<1) {
73 echo "AD servers cant be found, fail!\n";
76 // we should check all servers, but lets just go with 0 for now
77 $res = adTestLogin($addom, $adlogin, $adpass);
85 confSetVal("ad.domain", $addom);
86 confSetVal("ad.user", $adlogin);
87 confSetVal("ad.pass", $adpass);
88 confSetVal("ad.encryptionkey", generateHexString(32));
89 confSetVal("ad.clientdef", $adclientdef);
90 confSetVal("ad.admindef", $adadmindef);
91 confSetVal("backend", "AD");
92 confSetVal("defaulttokentype", "TOTP");
97 // and that should be it... i think cept im in a forked erg.. lets assume it works, need pain i do not.
99 } else if($msg["backend"] == "IN") {
104 // create the user in the db
105 $username = $msg["user"];
106 $password = $msg["pass"];
108 $myga = new gaasdGA();
109 $myga->setUser($username);
111 if($password == "") $pass = "";
112 else $pass = hash('sha512', $password);
115 $db->query($sql = "update users set users_password='$pass' where users_username='$username'");
117 $initState = "running";
125 function gaasSetADLogin_server($msg)
127 global $initState, $backEnd;
129 if($initState != "running") {
130 return "not in running init state";
133 if($backEnd != "AD") {
134 return "not setup as AD client";
137 $addom = $msg["domain"];
138 $adlogin = $msg["user"];
139 $adpass = $msg["pass"];
141 $res = adTestLogin($addmo, $adlogin, $adpass);
143 return "not able to connect to AD with given cred's";
146 confSetVal("ad.domain", $addom);
147 confSetVal("ad.user", $adlogin);
148 confSetVal("ad.pass", $adpass);
154 function gaasSetAdminGroup_server($msg)
156 if(confGetVal("backend") == "AD") {
157 confSetVal("ad.admindef", $msg["admingroup"]);
163 function gaasSetClientGroup_server($msg)
165 if(confGetVal("backend") == "AD") {
166 confSetVal("ad.clientdef", $msg["clientgroup"]);
172 function gaasProvisionUser_server($msg)
175 // function userInGroup($user, $domain, $adlogin, $adpass, $group)
176 echo "in provision user\n";
178 $dttype = confGetVal("defaulttokentype");
179 if($dttype != "HOTP" && $dttype != "TOTP") {
180 echo "default token type not set, setting to TOTP\n";
181 confSetVal("defaulttokentype", "TOTP");
184 if($msg["tokentype"] == "") {
185 $ttype = confGetVal("defaulttokentype");
187 $ttype = $msg["tokentype"];
189 if($ttype != "HOTP" && $ttype != "TOTP") {
190 echo "using default token type, $dttype because user entered value of $ttype doesnt make sense\n";
193 $tkey = $msg["tokenkey"];
194 if(confGetVal("backend") == "AD") {
195 if(userInGroup($msg["username"], confGetVal("ad.domain"), confGetVal("ad.user"), confGetVal("ad.pass"), confGetVal("ad.clientdef"))) {
196 $myga = new gaasdGA();
197 $myga->setUser($msg["username"], $ttype, "", $tkey);
199 echo "User not in client group\n";
209 function gaasGetUsers_server($msg)
211 $haveTokens = $msg["havetokens"];
212 $userPatter = $msg["userpattern"];
213 $group = $msg["group"];
215 if(confGetval("backend") == "AD") {
217 if($group == "admin") {
218 $adgroup = confGetVal("ad.admindef");
220 $adgroup = confGetVal("ad.clientdef");
222 $addom = confGetVal("ad.domain");
223 $aduser = confGetVal("ad.user");
224 $adpass = confGetVal("ad.pass");
225 //echo "using group $adgroup for $group\n";
227 $users = getUsersInGroup($addom, $aduser, $adpass, $adgroup);
228 foreach($users as $user => $real) {
237 function gaasDeleteUser_server($msg)
239 $username = $msg["username"];
241 $db->query($sql = "delete from users where users_username='$username'");