projects / ga4php.git / blob
? search:


82d6d8eb11df5e3d25c13c2a0d7504666f382948
[ga4php.git] / gaas / lib / gaasdMessages.php
1 <?php
2
3 // this file defines all the messages used by gaaasd
4
5 // there are only really two status messages at this point - "init" meaning we have no been defined yet
6 // and "running" meaning we have been defined
7 function gaasStatus_server($messages)
8 {
9         global $initState, $backEnd;
10
11         $return = "init";
12         if($initState != false && $backEnd != "") {
13                 $return = "running";
14                 $be = confGetVal("backend");
15                 if($be == "AD") {
16                         $dom = confGetVal("ad.domain");
17                         $user = confGetVal("ad.user");
18                         $client = confGetVal("ad.clientdef");
19                         $admin = confGetVal("ad.admindef");
20                         $return .= " - AD integrated to $dom, GAASD Username: $user, Clients Group: $client, Admins Group: $admin";             
21                 } else {
22                         $return .= " - internal database";
23                 }
24                 
25         }
26         
27         
28         
29         return $return;
30 }
31
32
33 function gaasInitServer_server($msg)
34 {
35         global $initState, $backEnd;
36         
37         error_log("Init server called\n");
38         // here we "init" the server, if we're ad, we attempt to connect to AD and if it all works
39         // we then create the db
40         // $m["backend"] = "AD|IN";
41         // AD expects:
42         // $m["domain"] = "somedomain.com";
43         // $m["user"] = "someuser";
44         // $m["pass"] = "somepassword";
45         // $m["userdef"] = "user definition paramaters";
46         // IN expects
47         // $m["user"] = "someuser";
48         // $m["pass"] = "somepass";
49         echo "initstate is $initState";
50         if($initState) {
51                 echo "true\n";
52         } else {
53                 echo "false\n";
54         }
55         if($initState) {
56                 error_log("init server called when server already init'd\n");
57                 return false;
58         }
59         
60         if($msg["backend"] == "AD") {
61                 $backEnd = "AD";
62                 // attempt connect to AD, verify creds
63                 $addom = $msg["domain"];
64                 $adlogin = $msg["user"];
65                 $adpass = $msg["pass"];
66                 $adclientdef = $msg["clientdef"];
67                 $adadmindef = $msg["admindef"];
68                 
69                 // now wee test our logins...
70                 // first look up the domain name stuff
71                 $servers = dns_get_record("_gc._tcp.$addom");
72                 if(count($servers)<1) {
73                         echo "AD servers cant be found, fail!\n";
74                 }
75                 
76                 // we should check all servers, but lets just go with 0 for now
77                 $res =  adTestLogin($addom, $adlogin, $adpass);
78                 if(!$res) {
79                         return false;
80                 }
81                 
82                 
83                 // then
84                 createDB();
85                 confSetVal("ad.domain", $addom);
86                 confSetVal("ad.user", $adlogin);
87                 confSetVal("ad.pass", $adpass);
88                 confSetVal("ad.encryptionkey", generateHexString(32));
89                 confSetVal("ad.clientdef", $adclientdef);
90                 confSetVal("ad.admindef", $adadmindef);
91                 confSetVal("backend", "AD");
92                 confSetVal("defaulttokentype", "TOTP");
93                 
94                 $initState = true;
95                 $backEnd = "AD";
96                 
97                 // and that should be it... i think cept im in a forked erg.. lets assume it works, need pain i do not.
98                 return true;
99         } else if($msg["backend"] == "IN") {
100                 // this ones simpler
101                 $backEnd = "IN";
102                 createDB();
103                 
104                 // create the user in the db
105                 $username = $msg["user"];
106                 $password = $msg["pass"];
107                 
108                 $myga = new gaasdGA();
109                 $myga->setUser($username);
110                 
111                 if($password == "") $pass = "";
112                 else $pass = hash('sha512', $password);
113                 
114                 $db = getDB();
115                 $db->query($sql = "update users set users_password='$pass' where users_username='$username'");
116                 
117                 $initState = "running";
118                 return true;
119         } else {
120                 return false;
121         }
122 }
123
124
125 function gaasSetADLogin_server($msg)
126 {
127         global $initState, $backEnd;
128         
129         if($initState != "running") {
130                 return "not in running init state";
131         }
132         
133         if($backEnd != "AD") {
134                 return "not setup as AD client";
135         }
136         
137         $addom = $msg["domain"];
138         $adlogin = $msg["user"];
139         $adpass = $msg["pass"];
140         
141         $res = adTestLogin($addmo, $adlogin, $adpass);
142         if($res != 0) {
143                 return "not able to connect to AD with given cred's";
144         }
145         
146         confSetVal("ad.domain", $addom);
147         confSetVal("ad.user", $adlogin);
148         confSetVal("ad.pass", $adpass);
149         
150         return true;
151         
152 }
153
154 function gaasSetAdminGroup_server($msg)
155 {
156         if(confGetVal("backend") == "AD") {
157                 confSetVal("ad.admindef", $msg["admingroup"]);
158         } else return false;
159         
160         return true;
161 }
162
163 function gaasSetClientGroup_server($msg)
164 {
165         if(confGetVal("backend") == "AD") {
166                 confSetVal("ad.clientdef", $msg["clientgroup"]);
167         } else return false;
168         
169         return true;
170 }
171
172 function gaasProvisionUser_server($msg)
173 {
174         
175         // function userInGroup($user, $domain, $adlogin, $adpass, $group)
176         echo "in provision user\n";
177         print_r($msg);
178         $dttype = confGetVal("defaulttokentype");
179         if($dttype != "HOTP" && $dttype != "TOTP") {
180                 echo "default token type not set, setting to TOTP\n";
181                 confSetVal("defaulttokentype", "TOTP");
182                 $dttype = "TOTP";
183         }
184         if($msg["tokentype"] == "") {
185                 $ttype = confGetVal("defaulttokentype");
186         } else {
187                 $ttype = $msg["tokentype"];
188         }
189         if($ttype != "HOTP" && $ttype != "TOTP") {
190                 echo "using default token type, $dttype because user entered value of $ttype doesnt make sense\n";
191                 $ttype = $dttype;
192         }
193         $tkey = $msg["tokenkey"];
194         if(confGetVal("backend") == "AD") {
195                 if(userInGroup($msg["username"], confGetVal("ad.domain"), confGetVal("ad.user"), confGetVal("ad.pass"), confGetVal("ad.clientdef"))) {
196                         $myga = new gaasdGA();
197                         
198                         // TODO - figure out how to deal with the token origin - i.e. software/hardware
199                         if($msg["origin"] == "hardware") {
200                                 echo "want a hardware token, but i dont know how to do this yet\n";
201                         } else {
202                                 echo "using software token\n";
203                                 $myga->setUser($msg["username"], $ttype, "", $tkey);
204                         }
205                 } else {
206                         echo "User not in client group\n";
207                 }
208         } else {
209                 // internal db
210         }
211         
212         
213         return true;
214 }
215
216 // TODO error check/ value check
217 function gaasAddHardwareToken_server($msg)
218 {
219         $tokenid = $msg["tokenid"];
220         $tokenkey = $msg["tokenkey"];
221         $tokentype = strtoupper($msg["tokentype"]);
222         
223         if($tokentype != "HOTP" && $tokentype != "TOTP") {
224                 echo "invalid token type from hardware entry\n";
225                 return false;
226         }
227         //"hardwaretokens" ("tok_id" INTEGER PRIMARY KEY AUTOINCREMENT,"tok_name" TEXT, "tok_key" TEXT, "tok_type" TEXT);';
228         print_r($msg);
229         $db = getDB();
230         $sql = "insert into hardwaretokens values (NULL, '$tokenid', '$tokenkey', '$tokentype')";
231         echo "Sql is $sql\n";
232         $ret = $db->query($sql);
233         if($ret) return true;
234         else return false;
235         
236 }
237
238
239 function gaasGetHardwareTokens_server($msg)
240 {
241         $db = getDB();
242         
243         $sql = "select tok_name, tok_type from hardwaretokens";
244         $ret = $db->query($sql);
245         
246         $toks = "";
247         $i = 0;
248         foreach($ret as $row) {
249                 $toks[$i]["name"] = $row["tok_name"];
250                 $toks[$i]["type"] = $row["tok_type"];
251                 $i++;
252         }
253         
254         return $toks;
255 }
256
257
258 function gaasAssignToken_server($msg)
259 {
260         if(!isset($msg["tokenid"])) return false;
261         
262         $tokenid = $msg["tokenid"];
263         
264         // now, we check the username is in the client gorup
265         if(confGetVal("backend") == "AD") {
266                 if(userInGroup($msg["username"], confGetVal("ad.domain"), confGetVal("ad.user"), confGetVal("ad.pass"), confGetVal("ad.clientdef"))) {
267                         $myga = new gaasdGA();
268                         
269                         $sql = "select * from hardwaretokens"; // where tok_name='$tokenid'";
270                         echo "yes, i am here $sql\n";
271                         $db = getDB();
272                         $ret = $db->query($sql);
273                         $tok_key = "";
274                         $tok_type = "";
275                         if(!$ret) {
276                                 echo "got a token assignment for an invalid name\n";
277                                 print_r($msg);
278                                 return false;
279                         } else {
280                                 // we have something
281                                 echo "i am here?\n";
282                                 foreach($ret as $row) {
283                                         echo "got a row\n";
284                                         print_r($row);
285                                         $tok_key = $row["tok_key"];
286                                         $tok_type = $row["tok_type"];
287                                 }
288                         }
289                         
290                         if($tok_type == "" || $tok_key == "") {
291                                 echo "error in token data from hardware token in DB\n";
292                         }
293                         
294                         echo "and here too, $tok_type, $tok_key\n";
295                         if(!$myga->setUser($msg["username"], $tok_type, "", $tok_key)) {
296                                 print_r($msg);
297                                 echo "errror assigning token?\n";
298                         }
299                 } else return false;
300         }
301         
302         // then we assign to the user
303 }
304
305 function gaasGetUsers_server($msg)
306 {
307         $haveTokens = $msg["havetokens"];
308         $userPatter = $msg["userpattern"];
309         $group = $msg["group"];
310         
311         if(confGetval("backend") == "AD") {
312                 $adgroup = "";
313                 if($group == "admin") {
314                         $adgroup = confGetVal("ad.admindef");
315                 } else {
316                         $adgroup = confGetVal("ad.clientdef");
317                 }
318                 $addom = confGetVal("ad.domain");
319                 $aduser = confGetVal("ad.user");
320                 $adpass = confGetVal("ad.pass");
321                 //echo "using group $adgroup for $group\n";
322                 
323                 $users = getUsersInGroup($addom, $aduser, $adpass, $adgroup);
324                 foreach($users as $user => $real) {
325                         hasToken($user);
326                 }
327         } else {
328                 // internal db
329         }
330         return $users;
331 }
332
333 function gaasDeleteUser_server($msg)
334 {
335         $username = $msg["username"];
336         $db = getDB();
337         if($db->query("delete from users where users_username='$username'")) {
338                 return true;
339         } else return false;
340         
341 }
342 ?>
Unnamed repository; edit this file 'description' to name the repository.