3 // the global lib sets alot of global variables, its fairly unexciting
4 $BASE_DIR = realpath(dirname(__FILE__)."/../../");
7 // the tcp port number we use for comms
8 $TCP_PORT_NUMBER = 21256;
9 global $TCP_PORT_NUMBER;
12 /* tasks we need to do (- prefix means done or working)
16 * - set ad client group
17 * - set ad admin group
21 * - create hardware token
22 * - list hardware tokens
23 * - assign hardware token
26 * enable admin for user
27 * disable admin for user
30 * re-create user token
38 // the messages structure, used to extend gaas if needed
39 define("MSG_STATUS", 18);
40 define("MSG_INIT_SERVER", 19);
41 define("MSG_SET_AD_LOGIN", 20);
42 define("MSG_SET_CLIENT_GROUP", 21);
43 define("MSG_SET_ADMIN_GROUP", 22);
44 define("MSG_PROVISION_USER",23);
45 define("MSG_GET_USERS", 24);
46 define("MSG_DELETE_USER", 25);
47 define("MSG_ASSIGN_TOKEN",26);
48 define("MSG_ADD_HARDWARE",27);
49 define("MSG_GET_HARDWARE",28);
51 // the gaasd call's $MESSAGE[<MSG>]_server() for the server side
52 // and $MESSAGE[<msg>]_client() for the client side
53 $MESSAGES[MSG_STATUS] = "gaasStatus"; //
54 $MESSAGES[MSG_INIT_SERVER] = "gaasInitServer"; // AD: "AD", "user", "pass", "domain", "client def", "admin def" - IN: "IN", "user", "pass"
55 $MESSAGES[MSG_SET_AD_LOGIN] = "gaasSetADLogin"; // domain, user, password
56 $MESSAGES[MSG_SET_CLIENT_GROUP] = "gaasSetClientGroup"; // groupname
57 $MESSAGES[MSG_SET_ADMIN_GROUP] = "gaasSetAdminGroup"; // groupname
58 $MESSAGES[MSG_PROVISION_USER] = "gaasProvisionUser"; // username, tokentype, tokenkey, hardware|software
59 $MESSAGES[MSG_GET_USERS] = "gaasGetUsers"; // [admin|client], [name pattern], [only with tokens]
60 $MESSAGES[MSG_DELETE_USER] = "gaasDeleteUser"; // username
61 $MESSAGES[MSG_ASSIGN_TOKEN] = "gaasAssignToken"; // username, tokenid
62 $MESSAGES[MSG_ADD_HARDWARE] = "gaasAddHardwareToken"; // username, tokenid
63 $MESSAGES[MSG_GET_HARDWARE] = "gaasGetHardwareTokens"; //
73 function adTestLogin($domain, $user, $password)
75 $servers = dns_get_record("_gc._tcp.$domain");
76 if(count($servers)<1) {
77 echo "AD servers cant be found for $domain, fail!\n";
80 echo count($servers)." AD servers returned, using ".$servers[0]["target"]."\n";
82 // we should check all servers, but lets just go with 0 for now
83 $cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]);
85 $bind = ldap_bind($cnt, "$user@$domain", "$password");
87 echo "login has succeeded\n";
90 echo "login has failed\n";
95 function getADGroups($domain, $user, $password)
97 $servers = dns_get_record("_gc._tcp.$domain");
98 if(count($servers)<1) {
99 echo "AD servers cant be found for $domain, fail!\n";
102 echo count($servers)." AD servers returned, using ".$servers[0]["target"]."\n";
104 // we should check all servers, but lets just go with 0 for now
105 $cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]);
107 $bind = ldap_bind($cnt, "$user@$domain", "$password");
109 echo "login has failed\n";
113 $ars = explode(".", $addom);
116 foreach($ars as $val) {
120 $basecn = preg_replace("/,$/", "", $tcn);
122 $sr = ldap_search($cnt, "$basecn", "(objectclass=group)");
123 $info = ldap_get_entries($cnt, $sr);
125 if($info["count"] < 1) {
126 echo "Couldn't find a matching group\n";
129 echo "Found a group, ".$info[0]["cn"][0]."\n";
130 echo "With a description of, ".$info[0]["description"][0]."\n";
131 echo "and a dn of, ".$info[0]["dn"]."\n";
137 function userInGroup($user, $domain, $adlogin, $adpass, $group)
140 $usertocheck = $user;
142 $servers = dns_get_record("_gc._tcp.$addom");
143 if(count($servers)<1) {
144 echo "AD servers cant be found, fail!\n";
148 // we should check all servers, but lets just go with 0 for now
149 $cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]);
150 $bind = ldap_bind($cnt, "$adlogin@$addom", "$adpass");
153 echo "Bind Failed\n";
157 $ars = explode(".", $addom);
160 foreach($ars as $val) {
164 $basecn = preg_replace("/,$/", "", $tcn);
166 // first, find the dn for our user
167 $sr = ldap_search($cnt, "$basecn", "(&(objectclass=user)(samaccountname=$usertocheck))");
168 $info = ldap_get_entries($cnt, $sr);
170 $usercn=$info[0]["dn"];
175 //echo "usercn: $usercn\n";
176 $basecn = preg_replace("/,$/", "", $tcn);
177 $sr = ldap_search($cnt, "$basecn", "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))");
178 $fil = "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))";
179 $info = ldap_get_entries($cnt, $sr);
180 foreach($info as $kpot => $lpot) {
181 if(isset($lpot["samaccountname"])) {
182 //echo "checking: ".$lpot["cn"][0]."\n";
183 if(strtolower($lpot["cn"][0]) == strtolower($group)) return true;
190 function getUsersInGroup($domain, $adlogin, $adpass, $group)
194 $servers = dns_get_record("_gc._tcp.$addom");
195 if(count($servers)<1) {
196 echo "AD servers cant be found, fail!\n";
200 // we should check all servers, but lets just go with 0 for now
201 $cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]);
202 $bind = ldap_bind($cnt, "$adlogin@$addom", "$adpass");
205 echo "Bind Failed\n";
209 $ars = explode(".", $addom);
212 foreach($ars as $val) {
216 $basecn = preg_replace("/,$/", "", $tcn);
218 // first, find the dn for our user
219 $sr = ldap_search($cnt, "$basecn", "(&(objectCategory=group)(cn=$group))");
220 $info = ldap_get_entries($cnt, $sr);
222 $groupcn=$info[0]["dn"];
225 $basecn = preg_replace("/,$/", "", $tcn);
226 $sr = ldap_search($cnt, "$basecn", "(&(objectCategory=user)(memberof:1.2.840.113556.1.4.1941:=$groupcn))");
227 //$fil = "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))";
228 $info = ldap_get_entries($cnt, $sr);
233 foreach($info as $kpot => $lpot) {
234 if(isset($lpot["samaccountname"])) {
235 $arbi[$lpot["samaccountname"][0]] = $lpot["name"][0];
242 function generateRandomString($len)
245 $strpos = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
247 for($i=0; $i<$len; $i++) {
248 $str .= $strpos[rand(0, strlen($strpos)-1)];
254 function generateHexString($len)
257 $strpos = "0123456789ABCDEF";
259 for($i=0; $i<$len; $i++) {
260 $str .= $strpos[rand(0, strlen($strpos)-1)];