From 6ae20292cc7aa6a712b492de306613192733e756 Mon Sep 17 00:00:00 2001
From: paulr <me@pjr.cc>
Date: Sat, 26 Feb 2011 04:19:17 +1100
Subject: [PATCH] added client get users command

---
 gaas/gaasd/gaasclient.php       |   16 +++++++++-
 gaas/lib/gaasClientMessages.php |   22 +++++++++++++
 gaas/lib/gaasdLib.php           |    3 +-
 gaas/lib/gaasdMessages.php      |   24 ++++++++++++++
 gaas/lib/globalLib.php          |   67 ++++++++++++++++++++++++++++++++++++---
 unittests/getadusers.php        |    8 +++++
 6 files changed, 133 insertions(+), 7 deletions(-)
 create mode 100644 unittests/getadusers.php

diff --git a/gaas/gaasd/gaasclient.php b/gaas/gaasd/gaasclient.php
index 6880dcd..b03a216 100644
--- a/gaas/gaasd/gaasclient.php
+++ b/gaas/gaasd/gaasclient.php
@@ -17,11 +17,12 @@ function usage()
 	echo "\tsetclientgroup groupname - change the group membership requirements for client's with AD\n";
 	echo "\tsetadmingroup groupname - change the group membership requirements for admin's with AD\n";
 	echo "\tprovisionuser username [HOTP|TOTP] [KEY]- provision the user \"username\"\n";
+	echo "\tgetusers [admin|client] [part-of-username] [yes] - get user list with admin or client group, part of a username and return only those with tokens (yes)\n";
 	echo "\n";
 	exit(0);
 }
 
-if($argc < 1) {
+if($argc < 2) {
 	usage();
 }
 
@@ -65,6 +66,19 @@ switch($argv[1]) {
 			echo "Resetting AD admin group details failed\n";
 		}
 		break;
+	case "getusers":
+		$group = "client";
+		$partof = "";
+		$onlytokens = "no";
+		if(isset($argv[2])) $group = $argv[2];
+		if(isset($argv[3])) $partof = $argv[3];
+		if(isset($argv[4])) $onlytokens = $argv[4];
+		$ret = $myga->MSG_GET_USERS($group, $partof, $onlytokens);
+		//print_r($ret);
+		foreach($ret as $user) {
+			echo $user["realname"]." (".$user["username"].")\n";
+		}
+		break;
 	default:
 		echo "No such command, ".$argv[1]."\n";
 		usage();
diff --git a/gaas/lib/gaasClientMessages.php b/gaas/lib/gaasClientMessages.php
index d110ba2..332295a 100644
--- a/gaas/lib/gaasClientMessages.php
+++ b/gaas/lib/gaasClientMessages.php
@@ -73,4 +73,26 @@ function gaasProvisionUser_clientsend($params)
 	return $msg;
 }
 
+function gaasGetUsers_clientsend($params)
+{
+	$msg["havetokens"] = false;
+	$msg["userpattern"] = "";
+	$msg["group"] = "client";
+	if(isset($params[0])) {
+		if($params[0] == "admin") {
+			$msg["group"] = "admin";
+		}
+	}
+	if(isset($params[1])) {
+		$msg["userpattern"] = $params[1];
+	}
+	if(isset($params[2])) {
+		if($params[2] == "yes") {
+			$msg["havetokens"] = true;
+		}
+	}
+	
+	return $msg;
+}
+
 ?>
\ No newline at end of file
diff --git a/gaas/lib/gaasdLib.php b/gaas/lib/gaasdLib.php
index a2b50de..ab6b4ad 100644
--- a/gaas/lib/gaasdLib.php
+++ b/gaas/lib/gaasdLib.php
@@ -51,7 +51,8 @@ function createDB()
 	
 	// users_tokendata is used by ga4php, users_otk is the qrcode data link if needed, 
 	// tokentype is the software/hardware token types
-	$sql = 'CREATE TABLE "users" ("users_id" INTEGER PRIMARY KEY AUTOINCREMENT,"users_username" TEXT, "users_realname" TEXT, "users_password" TEXT, "users_tokendata" TEXT, "users_otk" TEXT, "user_enabled" TEXT, "users_tokentype" TEXT);';
+	$sql = 'CREATE TABLE "users" ("users_id" INTEGER PRIMARY KEY AUTOINCREMENT,"users_username" TEXT, "users_realname" TEXT, \
+		"users_password" TEXT, "users_tokendata" TEXT, "users_qrcodeid" TEXT, "user_enabled" TEXT, "users_tokentype" TEXT);';
 	$dbobject->query($sql);
 	$sql = 'CREATE TABLE "config" ("conf_id" INTEGER PRIMARY KEY AUTOINCREMENT,"conf_name" TEXT, "conf_value" TEXT);';
 	$dbobject->query($sql);
diff --git a/gaas/lib/gaasdMessages.php b/gaas/lib/gaasdMessages.php
index 3b23da4..94fb8c0 100644
--- a/gaas/lib/gaasdMessages.php
+++ b/gaas/lib/gaasdMessages.php
@@ -182,4 +182,28 @@ function gaasProvisionUser_server($msg)
 	return true;
 }
 
+function gaasGetUsers_server($msg)
+{
+	$haveTokens = $msg["havetokens"];
+	$userPatter = $msg["userpattern"];
+	$group = $msg["group"];
+	
+	if(confGetval("backend") == "AD") {
+		$adgroup = "";
+		if($group == "admin") {
+			$adgroup = confGetVal("ad.admindef");
+		} else {
+			$adgroup = confGetVal("ad.clientdef");
+		}
+		$addom = confGetVal("ad.domain");
+		$aduser = confGetVal("ad.user");
+		$adpass = confGetVal("ad.pass");
+		echo "using group $adgroup for $group\n";
+		
+		$users = getUsersInGroup($addom, $aduser, $adpass, $adgroup);
+	} else {
+		// internal db
+	}	
+	return $users;
+}
 ?>
\ No newline at end of file
diff --git a/gaas/lib/globalLib.php b/gaas/lib/globalLib.php
index 184be7f..f3fe9fb 100644
--- a/gaas/lib/globalLib.php
+++ b/gaas/lib/globalLib.php
@@ -18,16 +18,18 @@ define("MSG_SET_AD_LOGIN", 20);
 define("MSG_SET_CLIENT_GROUP", 21);
 define("MSG_SET_ADMIN_GROUP", 22);
 define("MSG_PROVISION_USER",23);
-
+define("MSG_GET_USERS", 24);
 
 // the gaasd call's $MESSAGE[<MSG>]_server() for the server side
 // and $MESSAGE[<msg>]_client() for the client side 
 $MESSAGES[MSG_STATUS] = "gaasStatus";
-$MESSAGES[MSG_INIT_SERVER] = "gaasInitServer";
-$MESSAGES[MSG_SET_AD_LOGIN] = "gaasSetADLogin";
-$MESSAGES[MSG_SET_CLIENT_GROUP] = "gaasSetClientGroup";
+$MESSAGES[MSG_INIT_SERVER] = "gaasInitServer"; 
+$MESSAGES[MSG_SET_AD_LOGIN] = "gaasSetADLogin"; // domain, user, password
+$MESSAGES[MSG_SET_CLIENT_GROUP] = "gaasSetClientGroup"; // groupname
 $MESSAGES[MSG_SET_ADMIN_GROUP] = "gaasSetAdminGroup";
-$MESSAGES[MSG_PROVISION_USER] = "gaasProvisionUser";
+$MESSAGES[MSG_PROVISION_USER] = "gaasProvisionUser"; // username
+$MESSAGES[MSG_GET_USERS] = "gaasGetUsers"; // [admin|client], [name pattern], [only with tokens]
+
 global $MESSAGES;
 
 
@@ -150,6 +152,61 @@ function userInGroup($user, $domain, $adlogin, $adpass, $group)
 	return false;
 }
 
+
+function getUsersInGroup($domain, $adlogin, $adpass, $group)
+{
+	$addom = $domain;
+	
+	$servers = dns_get_record("_gc._tcp.$addom");
+	if(count($servers)<1) {
+		echo "AD servers cant be found, fail!\n";
+	}
+	
+	
+	// we should check all servers, but lets just go with 0 for now
+	$cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]);
+	$bind = ldap_bind($cnt, "$adlogin@$addom", "$adpass");
+	if($bind) {
+	} else {
+		echo "Bind Failed\n";
+		return false;
+	}
+	
+	$ars = explode(".", $addom);
+	
+	$tcn = "";
+	foreach($ars as $val) {
+		$tcn .= "DC=$val,";
+	}
+	
+	$basecn = preg_replace("/,$/", "", $tcn);
+	
+	// first, find the dn for our user
+	$sr = ldap_search($cnt, "$basecn", "(&(objectCategory=group)(cn=$group))");
+	$info = ldap_get_entries($cnt, $sr);
+	//print_r($info);
+	$groupcn=$info[0]["dn"];
+	//exit(0);
+	
+	$basecn = preg_replace("/,$/", "", $tcn);
+	$sr = ldap_search($cnt, "$basecn", "(&(objectCategory=user)(memberof:1.2.840.113556.1.4.1941:=$groupcn))");
+	//$fil = "(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$usercn))";
+	$info = ldap_get_entries($cnt, $sr);
+	//print_r($info);
+	$arbi = "";
+	//exit(0);
+	$i = 0;
+	foreach($info as $kpot => $lpot) {
+		if(isset($lpot["samaccountname"])) {
+			$arbi[$i]["username"] = $lpot["samaccountname"][0];
+			$arbi[$i]["realname"] = $lpot["name"][0];
+			$i++;
+		}
+	}
+	
+	return $arbi;
+}
+
 function generateRandomString($len)
 {
 	$str = "";
diff --git a/unittests/getadusers.php b/unittests/getadusers.php
new file mode 100644
index 0000000..c8ae4d9
--- /dev/null
+++ b/unittests/getadusers.php
@@ -0,0 +1,8 @@
+<?php 
+require_once("../gaas/lib/globalLib.php");
+
+// function userInGroup($user, $domain, $adlogin, $adpass, $group)
+$ret = getUsersInGroup($argv[1], $argv[2], $argv[3], $argv[4]);
+
+print_r($ret);
+?>
\ No newline at end of file
-- 
1.7.0.4