From 17d7c1e759c50b2fe796306f5ca3f46e064cadaa Mon Sep 17 00:00:00 2001
From: paulr <me@pjr.cc>
Date: Sat, 12 Feb 2011 01:48:14 +1100
Subject: [PATCH] trying to figure out why one of the DC servers is really bad.

---
 example/adsearchtest/usersearch.php |   67 +++++++++++++++++++++++++++++++++++
 gaas/gaasd/gaasclient.php           |    1 +
 gaas/lib/gaasClientMessages.php     |   18 +++------
 gaas/lib/gaasdClient.php            |    7 +++-
 gaas/lib/globalLib.php              |   52 +++++++++++++++++++++++++++
 unittests/useringroup.php           |   14 +++++++
 6 files changed, 145 insertions(+), 14 deletions(-)
 create mode 100644 example/adsearchtest/usersearch.php
 create mode 100644 unittests/useringroup.php

diff --git a/example/adsearchtest/usersearch.php b/example/adsearchtest/usersearch.php
new file mode 100644
index 0000000..a433d01
--- /dev/null
+++ b/example/adsearchtest/usersearch.php
@@ -0,0 +1,67 @@
+<?php 
+if($argc < 4) {
+	echo "usage: ".$argv[0]. " domain user password usertocheck\n";
+	return 0;
+}
+
+$addom = $argv[1];
+$adlogin = $argv[2];
+$adpass = $argv[3];
+$usertocheck = $argv[4];
+
+$servers = dns_get_record("_gc._tcp.$addom");
+if(count($servers)<1) {
+	echo "AD servers cant be found, fail!\n";
+}
+
+echo count($servers)." AD servers returned, using ".$servers[0]["target"]."\n";
+
+// we should check all servers, but lets just go with 0 for now
+$cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]);
+echo "Connected\n";
+$bind = ldap_bind($cnt, "$adlogin", "$adpass");
+if($bind) {
+	echo "Bind passed\n";
+} else {
+	echo "Bind Failed\n";
+}
+
+$ars = explode(".", $addom);
+
+$tcn = "";
+foreach($ars as $val) {
+	$tcn .= "DC=$val,";
+}
+
+$basecn = preg_replace("/,$/", "", $tcn);
+
+// first, find the dn for our user
+$sr = ldap_search($cnt, "$basecn", "(&(objectclass=user)(samaccountname=$usertocheck))");
+$info = ldap_get_entries($cnt, $sr);
+//print_r($info);
+$usercn=$info[0]["dn"];
+
+
+//exit(0);
+
+$basecn = preg_replace("/,$/", "", $tcn);
+$sr = ldap_search($cnt, "$basecn", "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))");
+$fil = "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))";
+$info = ldap_get_entries($cnt, $sr);
+echo "groups for this user, $fil\n";
+//print_r($info);
+foreach($info as $kpot => $lpot) {
+	//print_r($kpot);
+	//print_r($lpot);
+	if(isset($lpot["cn"])) {
+		echo "Group: ".$lpot["cn"][0]."\n";
+	}
+	//echo "User: ".$kpot["samaaccountname"][0]."\n";
+	//echo "$kpot, $lpot\n";
+	//return 0;
+}
+
+
+
+
+?>
\ No newline at end of file
diff --git a/gaas/gaasd/gaasclient.php b/gaas/gaasd/gaasclient.php
index 361acb1..6880dcd 100644
--- a/gaas/gaasd/gaasclient.php
+++ b/gaas/gaasd/gaasclient.php
@@ -16,6 +16,7 @@ function usage()
 	echo "\tsetadlogin username password domain\n";
 	echo "\tsetclientgroup groupname - change the group membership requirements for client's with AD\n";
 	echo "\tsetadmingroup groupname - change the group membership requirements for admin's with AD\n";
+	echo "\tprovisionuser username [HOTP|TOTP] [KEY]- provision the user \"username\"\n";
 	echo "\n";
 	exit(0);
 }
diff --git a/gaas/lib/gaasClientMessages.php b/gaas/lib/gaasClientMessages.php
index 69589fc..d66bf08 100644
--- a/gaas/lib/gaasClientMessages.php
+++ b/gaas/lib/gaasClientMessages.php
@@ -37,6 +37,10 @@ function gaasInitServer_clientsend($params)
 }
 
 // pretty simple, it either works or doesnt, we just pass on the result
+// im leaving this function here as an example of how you deal
+// with data coming back from the server but prior to returning
+// to the client. if it just returns the data back to the client
+// you doing have to define a recving function
 function gaasInitServer_clientrecv($params)
 {
 	return $params;
@@ -51,31 +55,21 @@ function gaasSetADLogin_clientsend($params)
 	return $msg;
 }
 
-function gaasSetADLogin_clientrecv($params)
-{
-	return $params;
-}
-
 function gaasSetClientGroup_clientsend($params)
 {
 	$msg["clientgroup"] = $params[0];
 	return $msg;
 }
 
-function gaasSetClientGroup_clientrecv($params)
-{
-	return $params;
-}
-
 function gaasSetAdminGroup_clientsend($params)
 {
 	$msg["admingroup"] = $params[0];
 	return $msg;
 }
 
-function gaasSetAdminGroup_clientrecv($params)
+function gaasProvisionUser_clientsend($params)
 {
-	return $params;
+	return $msg;
 }
 
 ?>
\ No newline at end of file
diff --git a/gaas/lib/gaasdClient.php b/gaas/lib/gaasdClient.php
index 3a990e8..c8eb7ba 100644
--- a/gaas/lib/gaasdClient.php
+++ b/gaas/lib/gaasdClient.php
@@ -86,8 +86,11 @@ class GAASClient {
 		$function_recv = $MESSAGES[$st_defined]."_clientrecv";
 		//echo "real function is $function_send, $function_recv\n";
 		
-		if(function_exists($function_send) && function_exists($function_recv)) {
-			return $function_recv($this->sendReceive($st_defined, $function_send($params)));
+		if(function_exists($function_send)) {
+			$fromsend = $this->sendReceive($st_defined, $function_send($params)));
+			if(function_exists($function_recv)) {
+				return $function_recv($fromsend);
+			} else return $fromsend;
 		} else {
 			error_log("Function, $function does not exist!");
 		}
diff --git a/gaas/lib/globalLib.php b/gaas/lib/globalLib.php
index 5185487..b628956 100644
--- a/gaas/lib/globalLib.php
+++ b/gaas/lib/globalLib.php
@@ -17,6 +17,7 @@ define("MSG_INIT_SERVER", 19);
 define("MSG_SET_AD_LOGIN", 20);
 define("MSG_SET_CLIENT_GROUP", 21);
 define("MSG_SET_ADMIN_GROUP", 22);
+define("MSG_PROVISION_USER",23);
 
 
 // the gaasd call's $MESSAGE[<MSG>]_server() for the server side
@@ -26,6 +27,7 @@ $MESSAGES[MSG_INIT_SERVER] = "gaasInitServer";
 $MESSAGES[MSG_SET_AD_LOGIN] = "gaasSetADLogin";
 $MESSAGES[MSG_SET_CLIENT_GROUP] = "gaasSetClientGroup";
 $MESSAGES[MSG_SET_ADMIN_GROUP] = "gaasSetAdminGroup";
+$MESSAGES[MSG_PROVISION_USER] = "gaasProvisionUser";
 global $MESSAGES;
 
 
@@ -98,6 +100,56 @@ function getADGroups($domain, $user, $password)
 	return $info;
 }
 
+function userInGroup($user, $domain, $adlogin, $adpass, $group)
+{
+	$addom = $domain;
+	$usertocheck = $user;
+	
+	$servers = dns_get_record("_gc._tcp.$addom");
+	if(count($servers)<1) {
+		echo "AD servers cant be found, fail!\n";
+	}
+	
+	
+	// we should check all servers, but lets just go with 0 for now
+	$cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]);
+	$bind = ldap_bind($cnt, "$adlogin@$addom", "$adpass");
+	if($bind) {
+	} else {
+		echo "Bind Failed\n";
+		return false;
+	}
+	
+	$ars = explode(".", $addom);
+	
+	$tcn = "";
+	foreach($ars as $val) {
+		$tcn .= "DC=$val,";
+	}
+	
+	$basecn = preg_replace("/,$/", "", $tcn);
+	
+	// first, find the dn for our user
+	$sr = ldap_search($cnt, "$basecn", "(&(objectclass=user)(samaccountname=$usertocheck))");
+	$info = ldap_get_entries($cnt, $sr);
+	//print_r($info);
+	$usercn=$info[0]["dn"];
+	
+	
+	//exit(0);
+	
+	$basecn = preg_replace("/,$/", "", $tcn);
+	$sr = ldap_search($cnt, "$basecn", "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))");
+	$fil = "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))";
+	$info = ldap_get_entries($cnt, $sr);
+	foreach($info as $kpot => $lpot) {
+		if(isset($lpot["samaccountname"])) {
+			if($lpot["cn"][0] == $group) return true;
+		}
+	}
+	return false;
+}
+
 function generateRandomString($len)
 {
 	$str = "";
diff --git a/unittests/useringroup.php b/unittests/useringroup.php
new file mode 100644
index 0000000..06c7cc3
--- /dev/null
+++ b/unittests/useringroup.php
@@ -0,0 +1,14 @@
+<?php
+
+require_once("../gaas/lib/globalLib.php");
+
+// function userInGroup($user, $domain, $adlogin, $adpass, $group)
+$ret = userInGroup($argv[1], $argv[2], $argv[3], $argv[4], $argv[5]);
+
+if($ret) {
+	echo "true\n";
+} else {
+	echo "False\n";
+}
+
+?>
\ No newline at end of file
-- 
1.7.0.4