From d751cc8f54e6e8b05e5d9d549fedde8fa713aa71 Mon Sep 17 00:00:00 2001
From: paulr <me@pjr.cc>
Date: Fri, 11 Feb 2011 02:11:56 +1100
Subject: [PATCH] cant quite figure out why the client messages for init server arent working correctly

---
 example/adsearchtest/adtest.php |   69 ++++++++++++++++++++++++++++++++++++
 gaas/gaasd/gaasclient.php       |   36 ++++++++++++++++++-
 gaas/lib/gaasClientMessages.php |   17 ++++++++-
 gaas/lib/gaasdMessages.php      |   56 +++++++++++++++++++++++++++---
 gaas/lib/globalLib.php          |   73 ++++++++++++++++++++------------------
 5 files changed, 209 insertions(+), 42 deletions(-)
 create mode 100644 example/adsearchtest/adtest.php

diff --git a/example/adsearchtest/adtest.php b/example/adsearchtest/adtest.php
new file mode 100644
index 0000000..5f906fc
--- /dev/null
+++ b/example/adsearchtest/adtest.php
@@ -0,0 +1,69 @@
+<?php
+
+if($argc < 4) {
+	echo "usage: ".$argv[0]. " domain user password admingroup\n";
+	return 0;
+}
+
+$addom = $argv[1];
+$adlogin = $argv[2];
+$adpass = $argv[3];
+$adgroup = $argv[4];
+
+$servers = dns_get_record("_gc._tcp.$addom");
+if(count($servers)<1) {
+	echo "AD servers cant be found, fail!\n";
+}
+
+echo count($servers)." AD servers returned, using ".$servers[0]["target"]."\n";
+
+// we should check all servers, but lets just go with 0 for now
+$cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]);
+echo "Connected\n";
+$bind = ldap_bind($cnt, "$adlogin@$addom", "$adpass");
+if($bind) {
+	echo "Bind passed\n";
+} else {
+	echo "Bind Failed\n";
+}
+
+$ars = explode(".", $addom);
+
+$tcn = "";
+foreach($ars as $val) {
+	$tcn .= "DC=$val,";
+}
+
+$basecn = preg_replace("/,$/", "", $tcn);
+
+//$sr = ldap_search($cnt, "$basecn", "(&(objectclass=person)(memberof=*Administrators*))");
+//$sr = ldap_search($cnt, "$basecn", "(CN=CN=Administrators,CN=Builtin,DC=syd,DC=sententia,DC=com,DC=au)");
+$sr = ldap_search($cnt, "$basecn", "(&(objectclass=group)(CN=$adgroup))");
+$info = ldap_get_entries($cnt, $sr);
+
+if($info["count"] < 1) {
+	echo "Couldn't find a matching group\n";
+	return 0;
+} else {
+	echo "Found a group, ".$info[0]["cn"][0]."\n";
+	echo "With a description of, ".$info[0]["description"][0]."\n";
+	echo "and a dn of, ".$info[0]["dn"]."\n";
+}
+
+//echo "info:\n";
+//print_r($info);
+echo "Users in this group:\n";
+// this is the MS way of dealing with nested groups, much less painful then the possible alternatives
+$sr = ldap_search($cnt, "$basecn", "(&(objectCategory=user)(memberof:1.2.840.113556.1.4.1941:=".$info[0]["dn"]."))");
+$info = ldap_get_entries($cnt, $sr);
+foreach($info as $kpot => $lpot) {
+	//print_r($kpot);
+	//print_r($lpot);
+	if(isset($lpot["samaccountname"])) {
+		echo "User: ".$lpot["samaccountname"][0]."\n";
+	}
+	//echo "User: ".$kpot["samaaccountname"][0]."\n";
+	//echo "$kpot, $lpot\n";
+	//return 0;
+}
+?>
\ No newline at end of file
diff --git a/gaas/gaasd/gaasclient.php b/gaas/gaasd/gaasclient.php
index 4c6fd35..5e075a6 100644
--- a/gaas/gaasd/gaasclient.php
+++ b/gaas/gaasd/gaasclient.php
@@ -4,6 +4,40 @@ require_once("../lib/gaasdClient.php");
 
 $myga = new GAASClient();
 
-$myga->MSG_INIT_SERVER("AD", "user", "password", "domain", "cdef", "adef");
+global $argv;
+
+function usage()
+{
+	global $argv;
+	echo "Usage: ".$argv[0]." command [options]\n";
+	echo "\nCommands:\n\tinit AD user password domain clientgroup admingroup\n";
+	echo "\tinit IN user password\n";
+	echo "\n";
+	exit(0);
+}
+
+if($argc < 1) {
+	usage();
+}
+
+switch($argv[1]) {
+	case "init":
+		if($argv[2] == "AD") {
+			if($argc < 7) usage();
+		}
+		$ret = $myga->MSG_INIT_SERVER("AD", $argv[3], $argv[4], $argv[5], $argv[6], $argv[7]);
+		echo "Ret:\n";
+		print_r($ret);
+		if($ret) {
+			echo "initialising server succeeded\n";
+		} else {
+			echo "initialising server failed\n";
+		}
+		break;
+	default:
+		echo "No such command, ".$argv[1]."\n";
+		usage();
+		
+}
 
 ?>
diff --git a/gaas/lib/gaasClientMessages.php b/gaas/lib/gaasClientMessages.php
index ee4233f..5e5e2ce 100644
--- a/gaas/lib/gaasClientMessages.php
+++ b/gaas/lib/gaasClientMessages.php
@@ -18,6 +18,9 @@ function gaasStatus_clientrecv($params)
 // IN: "IN", "user", "pass"
 function gaasInitServer_clientsend($params)
 {
+	echo "backend:\n";
+	print_r($params);
+	echo "\n";
 	$msg["backend"] = $params[0];
 	$msg["user"] = $params[1];
 	$msg["pass"] = $params[2];
@@ -25,7 +28,7 @@ function gaasInitServer_clientsend($params)
 	if($msg["backend"] == "AD") {
 		$msg["domain"] = $params[3];
 		$msg["clientdef"] = $params[4];
-		$msg["admindef"] = $params[4];
+		$msg["admindef"] = $params[5];
 	} else if($msg["backend"] == "IN") {
 		// we dont do anything
 	} else {
@@ -39,6 +42,18 @@ function gaasInitServer_clientsend($params)
 // pretty simple, it either works or doesnt, we just pass on the result
 function gaasInitServer_clientrecv($params)
 {
+	echo "in recv, params\n";
+	print_r($params);
 	return $params;
 }
+
+function gaasSetADLogin_clientsend($params)
+{
+	
+}
+
+function gaasSetADLogin_clientrecv($params)
+{
+	
+}
 ?>
\ No newline at end of file
diff --git a/gaas/lib/gaasdMessages.php b/gaas/lib/gaasdMessages.php
index c7b4f88..a0afbeb 100644
--- a/gaas/lib/gaasdMessages.php
+++ b/gaas/lib/gaasdMessages.php
@@ -21,6 +21,7 @@ function gaasInitServer_server($msg)
 {
 	global $initState, $backEnd;
 	
+	error_log("Init server called\n");
 	// here we "init" the server, if we're ad, we attempt to connect to AD and if it all works
 	// we then create the db
 	// $m["backend"] = "AD|IN";
@@ -32,7 +33,14 @@ function gaasInitServer_server($msg)
 	// IN expects
 	// $m["user"] = "someuser";
 	// $m["pass"] = "somepass";
-	if($initState != "init") {
+	echo "initstate is $initState\n";
+	if($initState) {
+		echo "true\n";
+	} else {
+		echo "false\n";
+	}
+	if($initState) {
+		error_log("init server called when server already init'd\n");
 		return false;
 	}
 	
@@ -53,9 +61,13 @@ function gaasInitServer_server($msg)
 		}
 		
 		// we should check all servers, but lets just go with 0 for now
-		$cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]);
-		ldap_bind($cnt, "$adlogin", "$adpass");
-		
+		$res =  adTestLogin($addom, $adlogin, $adpass);
+		if(!$res) {
+			echo "AD login test failed\n";
+			return false;
+		} else {
+			echo "AD login test succeeded\n";
+		}
 		
 		
 		// then
@@ -67,7 +79,7 @@ function gaasInitServer_server($msg)
 		confSetVal("ad.clientdef", $adclientdef);
 		confSetVal("ad.admindef", $adadmindef);
 		
-		$initState = "running";
+		$initState = true;
 		$backEnd = "AD";
 		
 		// and that should be it... i think cept im in a forked erg.. lets assume it works, need pain i do not.
@@ -97,4 +109,38 @@ function gaasInitServer_server($msg)
 		return false;
 	}
 }
+
+
+function gaasSetADLogin_server($msg)
+{
+	global $initState, $backEnd;
+	
+	if($initState != "running") {
+		return "not in running init state";
+	}
+	
+	if($backEnd != "AD") {
+		return "not setup as AD client";
+	}
+	
+	$addom = $msg["domain"];
+	$adlogin = $msg["user"];
+	$adpass = $msg["pass"];
+	$adclientdef = $msg["clientdef"];
+	$adadmindef = $msg["admindef"];
+	
+	$res = adTestLogin($addmo, $adlogin, $adpass);
+	if($res != 0) {
+		return "not able to connect to AD with given cred's";
+	}
+	
+	confSetVal("ad.domain", $addom);
+	confSetVal("ad.user", $adlogin);
+	confSetVal("ad.pass", $adpass);
+	confSetVal("ad.clientdef", $adclientdef);
+	confSetVal("ad.admindef", $adadmindef);
+	
+	return true;
+	
+}
 ?>
\ No newline at end of file
diff --git a/gaas/lib/globalLib.php b/gaas/lib/globalLib.php
index 89e24b2..e43cda2 100644
--- a/gaas/lib/globalLib.php
+++ b/gaas/lib/globalLib.php
@@ -8,51 +8,54 @@ global $BASE_DIR;
 $TCP_PORT_NUMBER = 21335;
 global $TCP_PORT_NUMBER;
 
+
+
+
 // the messages structure, used to extend gaas if needed
-define("MSG_AUTH_USER_TOKEN", 1);
-define("MSG_ADD_USER_TOKEN", 2);
-define("MSG_DELETE_USER", 3);
-define("MSG_AUTH_USER_PASSWORD", 4);
-define("MSG_SET_USER_PASSWORD", 5);
-define("MSG_SET_USER_REALNAME", 6);
-define("MSG_SET_USER_TOKEN", 7);
-define("MSG_SET_USER_TOKEN_TYPE", 8);
-define("MSG_GET_USERS", 9);
-define("MSG_GET_OTK_PNG", 10);
-define("MSG_GET_OTK_ID", 11);
-define("MSG_DELETE_USER_TOKEN", 12);
-define("MSG_SYNC_TOKEN", 13);
-define("MSG_GET_TOKEN_TYPE", 14);
-define("MSG_GET_RADIUS_CLIENTS", 15);
-define("MSG_REMOVE_RADIUS_CLIENT", 16);
-define("MSG_ADD_RADIUS_CLIENT", 17);
 define("MSG_STATUS", 18);
 define("MSG_INIT_SERVER", 19);
+define("MSG_SET_AD_LOGIN", 20);
 
 // the gaasd call's $MESSAGE[<MSG>]_server() for the server side
 // and $MESSAGE[<msg>]_client() for the client side 
-
-$MESSAGES[MSG_AUTH_USER_TOKEN] = "gaasAuthUserToken";
-$MESSAGES[MSG_ADD_USER_TOKEN] = "gaasAddUserToken";
-$MESSAGES[MSG_DELETE_USER] = "gaasDeleteUser";
-$MESSAGES[MSG_AUTH_USER_PASSWORD] = "gaasAuthUserPass";
-$MESSAGES[MSG_SET_USER_PASSWORD] = "gaasSetUserPass";
-$MESSAGES[MSG_SET_USER_REALNAME] = "gaasSetUserRealName";
-$MESSAGES[MSG_SET_USER_TOKEN] = "gaasSetUserToken";
-$MESSAGES[MSG_SET_USER_TOKEN_TYPE] = "gaasSetUserTokenType";
-$MESSAGES[MSG_GET_USERS] = "gaasGetUsers";
-$MESSAGES[MSG_GET_OTK_PNG] = "gaasGetOTKPng";
-$MESSAGES[MSG_GET_OTK_ID] = "gaasGetOTKID";
-$MESSAGES[MSG_DELETE_USER_TOKEN] = "gaasDeleteUserToken";
-$MESSAGES[MSG_SYNC_TOKEN] = "gaasSyncToken";
-$MESSAGES[MSG_GET_TOKEN_TYPE] = "gaasGetTokenType";
-$MESSAGES[MSG_GET_RADIUS_CLIENTS] = "gaasGetRadiusClients";
-$MESSAGES[MSG_REMOVE_RADIUS_CLIENT] = "gaasRemoveRadiusClient";
-$MESSAGES[MSG_ADD_RADIUS_CLIENT] = "gaasAddRadiusClient";
 $MESSAGES[MSG_STATUS] = "gaasStatus";
 $MESSAGES[MSG_INIT_SERVER] = "gaasInitServer";
+$MESSAGES[MSG_SET_AD_LOGIN] = "gaasSetADLogin";
 global $MESSAGES;
 
+
+
+
+
+
+
+function adTestLogin($domain, $user, $password)
+{
+	$servers = dns_get_record("_gc._tcp.$domain");
+	if(count($servers)<1) {
+		echo "AD servers cant be found for $domain, fail!\n";
+	}
+	
+	echo count($servers)." AD servers returned, using ".$servers[0]["target"]."\n";
+	
+	// we should check all servers, but lets just go with 0 for now
+	$cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]);
+	echo "Connected\n";
+	$bind = ldap_bind($cnt, "$user@$domain", "$password");
+	if($bind) {
+		echo "bind is true $user@$domain $password\n";
+		return true;
+	} else {
+		echo "bind is false $user@$domain $password\n";
+		return false;
+	}	
+}
+
+function getADGroups($domain, $user, $password)
+{
+	
+}
+
 function generateRandomString($len)
 {
 	$str = "";
-- 
1.7.0.4