echo "\tsetclientgroup groupname - change the group membership requirements for client's with AD\n";
echo "\tsetadmingroup groupname - change the group membership requirements for admin's with AD\n";
echo "\tprovisionuser username [HOTP|TOTP] [KEY]- provision the user \"username\"\n";
+ echo "\tgetusers [admin|client] [part-of-username] [yes] - get user list with admin or client group, part of a username and return only those with tokens (yes)\n";
echo "\n";
exit(0);
}
-if($argc < 1) {
+if($argc < 2) {
usage();
}
echo "Resetting AD admin group details failed\n";
}
break;
+ case "getusers":
+ $group = "client";
+ $partof = "";
+ $onlytokens = "no";
+ if(isset($argv[2])) $group = $argv[2];
+ if(isset($argv[3])) $partof = $argv[3];
+ if(isset($argv[4])) $onlytokens = $argv[4];
+ $ret = $myga->MSG_GET_USERS($group, $partof, $onlytokens);
+ //print_r($ret);
+ foreach($ret as $user) {
+ echo $user["realname"]." (".$user["username"].")\n";
+ }
+ break;
default:
echo "No such command, ".$argv[1]."\n";
usage();
return $msg;
}
+function gaasGetUsers_clientsend($params)
+{
+ $msg["havetokens"] = false;
+ $msg["userpattern"] = "";
+ $msg["group"] = "client";
+ if(isset($params[0])) {
+ if($params[0] == "admin") {
+ $msg["group"] = "admin";
+ }
+ }
+ if(isset($params[1])) {
+ $msg["userpattern"] = $params[1];
+ }
+ if(isset($params[2])) {
+ if($params[2] == "yes") {
+ $msg["havetokens"] = true;
+ }
+ }
+
+ return $msg;
+}
+
?>
\ No newline at end of file
// users_tokendata is used by ga4php, users_otk is the qrcode data link if needed,
// tokentype is the software/hardware token types
- $sql = 'CREATE TABLE "users" ("users_id" INTEGER PRIMARY KEY AUTOINCREMENT,"users_username" TEXT, "users_realname" TEXT, "users_password" TEXT, "users_tokendata" TEXT, "users_otk" TEXT, "user_enabled" TEXT, "users_tokentype" TEXT);';
+ $sql = 'CREATE TABLE "users" ("users_id" INTEGER PRIMARY KEY AUTOINCREMENT,"users_username" TEXT, "users_realname" TEXT, \
+ "users_password" TEXT, "users_tokendata" TEXT, "users_qrcodeid" TEXT, "user_enabled" TEXT, "users_tokentype" TEXT);';
$dbobject->query($sql);
$sql = 'CREATE TABLE "config" ("conf_id" INTEGER PRIMARY KEY AUTOINCREMENT,"conf_name" TEXT, "conf_value" TEXT);';
$dbobject->query($sql);
return true;
}
+function gaasGetUsers_server($msg)
+{
+ $haveTokens = $msg["havetokens"];
+ $userPatter = $msg["userpattern"];
+ $group = $msg["group"];
+
+ if(confGetval("backend") == "AD") {
+ $adgroup = "";
+ if($group == "admin") {
+ $adgroup = confGetVal("ad.admindef");
+ } else {
+ $adgroup = confGetVal("ad.clientdef");
+ }
+ $addom = confGetVal("ad.domain");
+ $aduser = confGetVal("ad.user");
+ $adpass = confGetVal("ad.pass");
+ echo "using group $adgroup for $group\n";
+
+ $users = getUsersInGroup($addom, $aduser, $adpass, $adgroup);
+ } else {
+ // internal db
+ }
+ return $users;
+}
?>
\ No newline at end of file
define("MSG_SET_CLIENT_GROUP", 21);
define("MSG_SET_ADMIN_GROUP", 22);
define("MSG_PROVISION_USER",23);
-
+define("MSG_GET_USERS", 24);
// the gaasd call's $MESSAGE[<MSG>]_server() for the server side
// and $MESSAGE[<msg>]_client() for the client side
$MESSAGES[MSG_STATUS] = "gaasStatus";
-$MESSAGES[MSG_INIT_SERVER] = "gaasInitServer";
-$MESSAGES[MSG_SET_AD_LOGIN] = "gaasSetADLogin";
-$MESSAGES[MSG_SET_CLIENT_GROUP] = "gaasSetClientGroup";
+$MESSAGES[MSG_INIT_SERVER] = "gaasInitServer";
+$MESSAGES[MSG_SET_AD_LOGIN] = "gaasSetADLogin"; // domain, user, password
+$MESSAGES[MSG_SET_CLIENT_GROUP] = "gaasSetClientGroup"; // groupname
$MESSAGES[MSG_SET_ADMIN_GROUP] = "gaasSetAdminGroup";
-$MESSAGES[MSG_PROVISION_USER] = "gaasProvisionUser";
+$MESSAGES[MSG_PROVISION_USER] = "gaasProvisionUser"; // username
+$MESSAGES[MSG_GET_USERS] = "gaasGetUsers"; // [admin|client], [name pattern], [only with tokens]
+
global $MESSAGES;
return false;
}
+
+function getUsersInGroup($domain, $adlogin, $adpass, $group)
+{
+ $addom = $domain;
+
+ $servers = dns_get_record("_gc._tcp.$addom");
+ if(count($servers)<1) {
+ echo "AD servers cant be found, fail!\n";
+ }
+
+
+ // we should check all servers, but lets just go with 0 for now
+ $cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]);
+ $bind = ldap_bind($cnt, "$adlogin@$addom", "$adpass");
+ if($bind) {
+ } else {
+ echo "Bind Failed\n";
+ return false;
+ }
+
+ $ars = explode(".", $addom);
+
+ $tcn = "";
+ foreach($ars as $val) {
+ $tcn .= "DC=$val,";
+ }
+
+ $basecn = preg_replace("/,$/", "", $tcn);
+
+ // first, find the dn for our user
+ $sr = ldap_search($cnt, "$basecn", "(&(objectCategory=group)(cn=$group))");
+ $info = ldap_get_entries($cnt, $sr);
+ //print_r($info);
+ $groupcn=$info[0]["dn"];
+ //exit(0);
+
+ $basecn = preg_replace("/,$/", "", $tcn);
+ $sr = ldap_search($cnt, "$basecn", "(&(objectCategory=user)(memberof:1.2.840.113556.1.4.1941:=$groupcn))");
+ //$fil = "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))";
+ $info = ldap_get_entries($cnt, $sr);
+ //print_r($info);
+ $arbi = "";
+ //exit(0);
+ $i = 0;
+ foreach($info as $kpot => $lpot) {
+ if(isset($lpot["samaccountname"])) {
+ $arbi[$i]["username"] = $lpot["samaccountname"][0];
+ $arbi[$i]["realname"] = $lpot["name"][0];
+ $i++;
+ }
+ }
+
+ return $arbi;
+}
+
function generateRandomString($len)
{
$str = "";
--- /dev/null
+<?php
+require_once("../gaas/lib/globalLib.php");
+
+// function userInGroup($user, $domain, $adlogin, $adpass, $group)
+$ret = getUsersInGroup($argv[1], $argv[2], $argv[3], $argv[4]);
+
+print_r($ret);
+?>
\ No newline at end of file
projects / ga4php.git / commitdiff