3 // this file defines all the messages used by gaaasd
5 // there are only really two status messages at this point - "init" meaning we have no been defined yet
6 // and "running" meaning we have been defined
7 function gaasStatus_server($messages)
9 global $initState, $backEnd;
12 if($initState != false && $backEnd != "") {
14 $be = confGetVal("backend");
16 $dom = confGetVal("ad.domain");
17 $user = confGetVal("ad.user");
18 $client = confGetVal("ad.clientdef");
19 $admin = confGetVal("ad.admindef");
20 $return .= " - AD integrated to $dom, GAASD Username: $user, Clients Group: $client, Admins Group: $admin";
22 $return .= " - internal database";
33 function gaasInitServer_server($msg)
35 global $initState, $backEnd;
37 error_log("Init server called\n");
38 // here we "init" the server, if we're ad, we attempt to connect to AD and if it all works
39 // we then create the db
40 // $m["backend"] = "AD|IN";
42 // $m["domain"] = "somedomain.com";
43 // $m["user"] = "someuser";
44 // $m["pass"] = "somepassword";
45 // $m["userdef"] = "user definition paramaters";
47 // $m["user"] = "someuser";
48 // $m["pass"] = "somepass";
49 echo "initstate is $initState";
56 error_log("init server called when server already init'd\n");
60 if($msg["backend"] == "AD") {
62 // attempt connect to AD, verify creds
63 $addom = $msg["domain"];
64 $adlogin = $msg["user"];
65 $adpass = $msg["pass"];
66 $adclientdef = $msg["clientdef"];
67 $adadmindef = $msg["admindef"];
69 // now wee test our logins...
70 // first look up the domain name stuff
71 $servers = dns_get_record("_gc._tcp.$addom");
72 if(count($servers)<1) {
73 echo "AD servers cant be found, fail!\n";
76 // we should check all servers, but lets just go with 0 for now
77 $res = adTestLogin($addom, $adlogin, $adpass);
85 confSetVal("ad.domain", $addom);
86 confSetVal("ad.user", $adlogin);
87 confSetVal("ad.pass", $adpass);
88 confSetVal("ad.encryptionkey", generateHexString(32));
89 confSetVal("ad.clientdef", $adclientdef);
90 confSetVal("ad.admindef", $adadmindef);
91 confSetVal("backend", "AD");
92 confSetVal("defaulttokentype", "TOTP");
97 // and that should be it... i think cept im in a forked erg.. lets assume it works, need pain i do not.
99 } else if($msg["backend"] == "IN") {
104 // create the user in the db
105 $username = $msg["user"];
106 $password = $msg["pass"];
108 $myga = new gaasdGA();
109 $myga->setUser($username);
111 if($password == "") $pass = "";
112 else $pass = hash('sha512', $password);
115 $db->query($sql = "update users set users_password='$pass' where users_username='$username'");
117 $initState = "running";
125 function gaasSetADLogin_server($msg)
127 global $initState, $backEnd;
129 if($initState != "running") {
130 return "not in running init state";
133 if($backEnd != "AD") {
134 return "not setup as AD client";
137 $addom = $msg["domain"];
138 $adlogin = $msg["user"];
139 $adpass = $msg["pass"];
141 $res = adTestLogin($addmo, $adlogin, $adpass);
143 return "not able to connect to AD with given cred's";
146 confSetVal("ad.domain", $addom);
147 confSetVal("ad.user", $adlogin);
148 confSetVal("ad.pass", $adpass);
154 function gaasSetAdminGroup_server($msg)
156 if(confGetVal("backend") == "AD") {
157 confSetVal("ad.admindef", $msg["admingroup"]);
163 function gaasSetClientGroup_server($msg)
165 if(confGetVal("backend") == "AD") {
166 confSetVal("ad.clientdef", $msg["clientgroup"]);
172 function gaasProvisionUser_server($msg)
175 // function userInGroup($user, $domain, $adlogin, $adpass, $group)
176 echo "in provision user\n";
178 $dttype = confGetVal("defaulttokentype");
179 if($dttype != "HOTP" && $dttype != "TOTP") {
180 echo "default token type not set, setting to TOTP\n";
181 confSetVal("defaulttokentype", "TOTP");
184 if($msg["tokentype"] == "") {
185 $ttype = confGetVal("defaulttokentype");
187 $ttype = $msg["tokentype"];
189 if($ttype != "HOTP" && $ttype != "TOTP") {
190 echo "using default token type, $dttype because user entered value of $ttype doesnt make sense\n";
193 $tkey = $msg["tokenkey"];
194 if(confGetVal("backend") == "AD") {
195 if(userInGroup($msg["username"], confGetVal("ad.domain"), confGetVal("ad.user"), confGetVal("ad.pass"), confGetVal("ad.clientdef"))) {
196 $myga = new gaasdGA();
198 // TODO - figure out how to deal with the token origin - i.e. software/hardware
199 if($msg["origin"] == "hardware") {
200 echo "want a hardware token, but i dont know how to do this yet\n";
202 echo "using software token\n";
203 $myga->setUser($msg["username"], $ttype, "", $tkey);
206 echo "User not in client group\n";
216 // TODO error check/ value check
217 function gaasAddHardwareToken_server($msg)
219 $tokenid = $msg["tokenid"];
220 $tokenkey = $msg["tokenkey"];
221 $tokentype = strtoupper($msg["tokentype"]);
223 if($tokentype != "HOTP" && $tokentype != "TOTP") {
224 echo "invalid token type from hardware entry\n";
227 //"hardwaretokens" ("tok_id" INTEGER PRIMARY KEY AUTOINCREMENT,"tok_name" TEXT, "tok_key" TEXT, "tok_type" TEXT);';
230 $sql = "insert into hardwaretokens values (NULL, '$tokenid', '$tokenkey', '$tokentype')";
231 echo "Sql is $sql\n";
232 $ret = $db->query($sql);
233 if($ret) return true;
239 function gaasGetHardwareTokens_server($msg)
243 $sql = "select tok_name, tok_type from hardwaretokens";
244 $ret = $db->query($sql);
248 foreach($ret as $row) {
249 $toks[$i]["name"] = $row["tok_name"];
250 $toks[$i]["type"] = $row["tok_type"];
258 function gaasAssignToken_server($msg)
260 if(!isset($msg["tokenid"])) return false;
262 $tokenid = $msg["tokenid"];
264 // now, we check the username is in the client gorup
265 if(confGetVal("backend") == "AD") {
266 if(userInGroup($msg["username"], confGetVal("ad.domain"), confGetVal("ad.user"), confGetVal("ad.pass"), confGetVal("ad.clientdef"))) {
267 $myga = new gaasdGA();
269 $sql = "select * from hardwaretokens"; // where tok_name='$tokenid'";
270 echo "yes, i am here $sql\n";
272 $ret = $db->query($sql);
276 echo "got a token assignment for an invalid name\n";
282 foreach($ret as $row) {
285 $tok_key = $row["tok_key"];
286 $tok_type = $row["tok_type"];
290 if($tok_type == "" || $tok_key == "") {
291 echo "error in token data from hardware token in DB\n";
294 echo "and here too, $tok_type, $tok_key\n";
295 if(!$myga->setUser($msg["username"], $tok_type, "", $tok_key)) {
297 echo "errror assigning token?\n";
302 // then we assign to the user
305 function gaasGetUsers_server($msg)
307 $haveTokens = $msg["havetokens"];
308 $userPatter = $msg["userpattern"];
309 $group = $msg["group"];
311 if(confGetval("backend") == "AD") {
313 if($group == "admin") {
314 $adgroup = confGetVal("ad.admindef");
316 $adgroup = confGetVal("ad.clientdef");
318 $addom = confGetVal("ad.domain");
319 $aduser = confGetVal("ad.user");
320 $adpass = confGetVal("ad.pass");
321 //echo "using group $adgroup for $group\n";
323 $users = getUsersInGroup($addom, $aduser, $adpass, $adgroup);
324 foreach($users as $user => $real) {
333 function gaasDeleteUser_server($msg)
335 $username = $msg["username"];
337 if($db->query("delete from users where users_username='$username'")) {