--- /dev/null
+<?php
+
+if($argc < 4) {
+ echo "usage: ".$argv[0]. " domain user password admingroup\n";
+ return 0;
+}
+
+$addom = $argv[1];
+$adlogin = $argv[2];
+$adpass = $argv[3];
+$adgroup = $argv[4];
+
+$servers = dns_get_record("_gc._tcp.$addom");
+if(count($servers)<1) {
+ echo "AD servers cant be found, fail!\n";
+}
+
+echo count($servers)." AD servers returned, using ".$servers[0]["target"]."\n";
+
+// we should check all servers, but lets just go with 0 for now
+$cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]);
+echo "Connected\n";
+$bind = ldap_bind($cnt, "$adlogin@$addom", "$adpass");
+if($bind) {
+ echo "Bind passed\n";
+} else {
+ echo "Bind Failed\n";
+}
+
+$ars = explode(".", $addom);
+
+$tcn = "";
+foreach($ars as $val) {
+ $tcn .= "DC=$val,";
+}
+
+$basecn = preg_replace("/,$/", "", $tcn);
+
+//$sr = ldap_search($cnt, "$basecn", "(&(objectclass=person)(memberof=*Administrators*))");
+//$sr = ldap_search($cnt, "$basecn", "(CN=CN=Administrators,CN=Builtin,DC=syd,DC=sententia,DC=com,DC=au)");
+$sr = ldap_search($cnt, "$basecn", "(&(objectclass=group)(CN=$adgroup))");
+$info = ldap_get_entries($cnt, $sr);
+
+if($info["count"] < 1) {
+ echo "Couldn't find a matching group\n";
+ return 0;
+} else {
+ echo "Found a group, ".$info[0]["cn"][0]."\n";
+ echo "With a description of, ".$info[0]["description"][0]."\n";
+ echo "and a dn of, ".$info[0]["dn"]."\n";
+}
+
+//echo "info:\n";
+//print_r($info);
+echo "Users in this group:\n";
+// this is the MS way of dealing with nested groups, much less painful then the possible alternatives
+$sr = ldap_search($cnt, "$basecn", "(&(objectCategory=user)(memberof:1.2.840.113556.1.4.1941:=".$info[0]["dn"]."))");
+$info = ldap_get_entries($cnt, $sr);
+foreach($info as $kpot => $lpot) {
+ //print_r($kpot);
+ //print_r($lpot);
+ if(isset($lpot["samaccountname"])) {
+ echo "User: ".$lpot["samaccountname"][0]."\n";
+ }
+ //echo "User: ".$kpot["samaaccountname"][0]."\n";
+ //echo "$kpot, $lpot\n";
+ //return 0;
+}
+?>
\ No newline at end of file
$myga = new GAASClient();
-$myga->MSG_INIT_SERVER("AD", "user", "password", "domain", "cdef", "adef");
+global $argv;
+
+function usage()
+{
+ global $argv;
+ echo "Usage: ".$argv[0]." command [options]\n";
+ echo "\nCommands:\n\tinit AD user password domain clientgroup admingroup\n";
+ echo "\tinit IN user password\n";
+ echo "\n";
+ exit(0);
+}
+
+if($argc < 1) {
+ usage();
+}
+
+switch($argv[1]) {
+ case "init":
+ if($argv[2] == "AD") {
+ if($argc < 7) usage();
+ }
+ $ret = $myga->MSG_INIT_SERVER("AD", $argv[3], $argv[4], $argv[5], $argv[6], $argv[7]);
+ echo "Ret:\n";
+ print_r($ret);
+ if($ret) {
+ echo "initialising server succeeded\n";
+ } else {
+ echo "initialising server failed\n";
+ }
+ break;
+ default:
+ echo "No such command, ".$argv[1]."\n";
+ usage();
+
+}
?>
// IN: "IN", "user", "pass"
function gaasInitServer_clientsend($params)
{
+ echo "backend:\n";
+ print_r($params);
+ echo "\n";
$msg["backend"] = $params[0];
$msg["user"] = $params[1];
$msg["pass"] = $params[2];
if($msg["backend"] == "AD") {
$msg["domain"] = $params[3];
$msg["clientdef"] = $params[4];
- $msg["admindef"] = $params[4];
+ $msg["admindef"] = $params[5];
} else if($msg["backend"] == "IN") {
// we dont do anything
} else {
// pretty simple, it either works or doesnt, we just pass on the result
function gaasInitServer_clientrecv($params)
{
+ echo "in recv, params\n";
+ print_r($params);
return $params;
}
+
+function gaasSetADLogin_clientsend($params)
+{
+
+}
+
+function gaasSetADLogin_clientrecv($params)
+{
+
+}
?>
\ No newline at end of file
{
global $initState, $backEnd;
+ error_log("Init server called\n");
// here we "init" the server, if we're ad, we attempt to connect to AD and if it all works
// we then create the db
// $m["backend"] = "AD|IN";
// IN expects
// $m["user"] = "someuser";
// $m["pass"] = "somepass";
- if($initState != "init") {
+ echo "initstate is $initState\n";
+ if($initState) {
+ echo "true\n";
+ } else {
+ echo "false\n";
+ }
+ if($initState) {
+ error_log("init server called when server already init'd\n");
return false;
}
}
// we should check all servers, but lets just go with 0 for now
- $cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]);
- ldap_bind($cnt, "$adlogin", "$adpass");
-
+ $res = adTestLogin($addom, $adlogin, $adpass);
+ if(!$res) {
+ echo "AD login test failed\n";
+ return false;
+ } else {
+ echo "AD login test succeeded\n";
+ }
// then
confSetVal("ad.clientdef", $adclientdef);
confSetVal("ad.admindef", $adadmindef);
- $initState = "running";
+ $initState = true;
$backEnd = "AD";
// and that should be it... i think cept im in a forked erg.. lets assume it works, need pain i do not.
return false;
}
}
+
+
+function gaasSetADLogin_server($msg)
+{
+ global $initState, $backEnd;
+
+ if($initState != "running") {
+ return "not in running init state";
+ }
+
+ if($backEnd != "AD") {
+ return "not setup as AD client";
+ }
+
+ $addom = $msg["domain"];
+ $adlogin = $msg["user"];
+ $adpass = $msg["pass"];
+ $adclientdef = $msg["clientdef"];
+ $adadmindef = $msg["admindef"];
+
+ $res = adTestLogin($addmo, $adlogin, $adpass);
+ if($res != 0) {
+ return "not able to connect to AD with given cred's";
+ }
+
+ confSetVal("ad.domain", $addom);
+ confSetVal("ad.user", $adlogin);
+ confSetVal("ad.pass", $adpass);
+ confSetVal("ad.clientdef", $adclientdef);
+ confSetVal("ad.admindef", $adadmindef);
+
+ return true;
+
+}
?>
\ No newline at end of file
$TCP_PORT_NUMBER = 21335;
global $TCP_PORT_NUMBER;
+
+
+
// the messages structure, used to extend gaas if needed
-define("MSG_AUTH_USER_TOKEN", 1);
-define("MSG_ADD_USER_TOKEN", 2);
-define("MSG_DELETE_USER", 3);
-define("MSG_AUTH_USER_PASSWORD", 4);
-define("MSG_SET_USER_PASSWORD", 5);
-define("MSG_SET_USER_REALNAME", 6);
-define("MSG_SET_USER_TOKEN", 7);
-define("MSG_SET_USER_TOKEN_TYPE", 8);
-define("MSG_GET_USERS", 9);
-define("MSG_GET_OTK_PNG", 10);
-define("MSG_GET_OTK_ID", 11);
-define("MSG_DELETE_USER_TOKEN", 12);
-define("MSG_SYNC_TOKEN", 13);
-define("MSG_GET_TOKEN_TYPE", 14);
-define("MSG_GET_RADIUS_CLIENTS", 15);
-define("MSG_REMOVE_RADIUS_CLIENT", 16);
-define("MSG_ADD_RADIUS_CLIENT", 17);
define("MSG_STATUS", 18);
define("MSG_INIT_SERVER", 19);
+define("MSG_SET_AD_LOGIN", 20);
// the gaasd call's $MESSAGE[<MSG>]_server() for the server side
// and $MESSAGE[<msg>]_client() for the client side
-
-$MESSAGES[MSG_AUTH_USER_TOKEN] = "gaasAuthUserToken";
-$MESSAGES[MSG_ADD_USER_TOKEN] = "gaasAddUserToken";
-$MESSAGES[MSG_DELETE_USER] = "gaasDeleteUser";
-$MESSAGES[MSG_AUTH_USER_PASSWORD] = "gaasAuthUserPass";
-$MESSAGES[MSG_SET_USER_PASSWORD] = "gaasSetUserPass";
-$MESSAGES[MSG_SET_USER_REALNAME] = "gaasSetUserRealName";
-$MESSAGES[MSG_SET_USER_TOKEN] = "gaasSetUserToken";
-$MESSAGES[MSG_SET_USER_TOKEN_TYPE] = "gaasSetUserTokenType";
-$MESSAGES[MSG_GET_USERS] = "gaasGetUsers";
-$MESSAGES[MSG_GET_OTK_PNG] = "gaasGetOTKPng";
-$MESSAGES[MSG_GET_OTK_ID] = "gaasGetOTKID";
-$MESSAGES[MSG_DELETE_USER_TOKEN] = "gaasDeleteUserToken";
-$MESSAGES[MSG_SYNC_TOKEN] = "gaasSyncToken";
-$MESSAGES[MSG_GET_TOKEN_TYPE] = "gaasGetTokenType";
-$MESSAGES[MSG_GET_RADIUS_CLIENTS] = "gaasGetRadiusClients";
-$MESSAGES[MSG_REMOVE_RADIUS_CLIENT] = "gaasRemoveRadiusClient";
-$MESSAGES[MSG_ADD_RADIUS_CLIENT] = "gaasAddRadiusClient";
$MESSAGES[MSG_STATUS] = "gaasStatus";
$MESSAGES[MSG_INIT_SERVER] = "gaasInitServer";
+$MESSAGES[MSG_SET_AD_LOGIN] = "gaasSetADLogin";
global $MESSAGES;
+
+
+
+
+
+
+function adTestLogin($domain, $user, $password)
+{
+ $servers = dns_get_record("_gc._tcp.$domain");
+ if(count($servers)<1) {
+ echo "AD servers cant be found for $domain, fail!\n";
+ }
+
+ echo count($servers)." AD servers returned, using ".$servers[0]["target"]."\n";
+
+ // we should check all servers, but lets just go with 0 for now
+ $cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]);
+ echo "Connected\n";
+ $bind = ldap_bind($cnt, "$user@$domain", "$password");
+ if($bind) {
+ echo "bind is true $user@$domain $password\n";
+ return true;
+ } else {
+ echo "bind is false $user@$domain $password\n";
+ return false;
+ }
+}
+
+function getADGroups($domain, $user, $password)
+{
+
+}
+
function generateRandomString($len)
{
$str = "";
projects / ga4php.git / commitdiff