203 lines
4.2 KiB
PHP
Executable File
203 lines
4.2 KiB
PHP
Executable File
<?php
|
|
|
|
class Account
|
|
{
|
|
static function trySync ($db, $user, $password = NULL)
|
|
{
|
|
$isSync = $db->getValue (
|
|
'SELECT sync FROM account.user WHERE name = #',
|
|
[$user]
|
|
);
|
|
|
|
if ($isSync)
|
|
return;
|
|
|
|
self::sync ($db, $user, $password);
|
|
}
|
|
|
|
static function sync ($db, $user, $password = NULL, $force = TRUE)
|
|
{
|
|
$hasAccount = $db->getValue (
|
|
'SELECT COUNT(*) > 0
|
|
FROM account.user u
|
|
JOIN account.account a ON u.id = a.id
|
|
WHERE u.name = #',
|
|
[$user]
|
|
);
|
|
|
|
if ($hasAccount)
|
|
{
|
|
self::ldapSync ($db, $user, $password);
|
|
self::sambaSync ($db, $user, $password);
|
|
}
|
|
|
|
$db->query (
|
|
'UPDATE account.user SET sync = TRUE WHERE name = #',
|
|
[$user]
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Synchronizes the user credentials in the LDAP server.
|
|
*/
|
|
static function ldapSync ($db, $user, $password)
|
|
{
|
|
if (empty ($password))
|
|
return;
|
|
|
|
// Gets LDAP configuration parameters
|
|
|
|
$conf = $db->getObject (
|
|
'SELECT host, rdn, password, baseDn, filter
|
|
FROM account.ldapConfig');
|
|
|
|
// Connects an authenticates against server
|
|
|
|
$ds = ldap_connect ($conf->host);
|
|
|
|
if (!$ds)
|
|
throw new Exception ("Can't connect to LDAP server: ". ldapError ($ds));
|
|
|
|
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
|
|
$bind = ldap_bind ($ds, $conf->rdn, base64_decode ($conf->password));
|
|
|
|
if (!$bind)
|
|
throw new Exception ("Authentication failed on LDAP server: ". ldapError ($ds));
|
|
|
|
// Search the user entry
|
|
|
|
$res = ldap_search ($ds, $conf->baseDn, "(&(uid=$user)($conf->filter))");
|
|
|
|
if (!$res)
|
|
throw new Exception ("Can't get the LDAP entry: ". ldapError ($ds));
|
|
|
|
$dn = "uid=$user,{$conf->baseDn}";
|
|
$entry = ldap_first_entry ($ds, $res);
|
|
|
|
if ($entry)
|
|
{
|
|
$info = ['userPassword' => sshaEncode ($password)];
|
|
ldap_modify ($ds, $dn, $info);
|
|
}
|
|
else
|
|
{
|
|
$info = [
|
|
'objectClass' => ['account', 'simpleSecurityObject', 'top'],
|
|
'uid' => $user,
|
|
'userPassword' => sshaEncode ($password)
|
|
];
|
|
ldap_add ($ds, $dn, $info);
|
|
}
|
|
|
|
ldap_unbind ($ds);
|
|
}
|
|
|
|
/**
|
|
* Synchronizes the user credentials in the Samba server.
|
|
*/
|
|
static function sambaSync ($db, $user, $password)
|
|
{
|
|
$conf = $db->getObject (
|
|
'SELECT host, sshUser, sshPass, domain, uidBase
|
|
FROM account.sambaConfig'
|
|
);
|
|
|
|
$samba = new SshConnection ($conf->host
|
|
,$conf->sshUser
|
|
,base64_decode ($conf->sshPass)
|
|
);
|
|
|
|
$scriptDir = '/mnt/cluster/scripts';
|
|
|
|
// Creates the Samba user and initializes it's home directory
|
|
|
|
$userId = $db->getValue (
|
|
'SELECT id FROM account.user WHERE name = #', [$user]);
|
|
|
|
$samba->exec ("$scriptDir/create-user.sh %s %s %s"
|
|
,$user
|
|
,$conf->uidBase + $userId
|
|
,"$user@{$conf->domain}"
|
|
);
|
|
|
|
// Syncronizes the Samba password
|
|
|
|
if (empty ($password))
|
|
return;
|
|
|
|
$samba->exec ("$scriptDir/set-password.sh %s %s"
|
|
,$user
|
|
,$password
|
|
);
|
|
}
|
|
}
|
|
|
|
function ldapError ($ds)
|
|
{
|
|
return ldap_errno ($ds) .': '. ldap_error ($ds);
|
|
}
|
|
|
|
function sshaEncode ($value)
|
|
{
|
|
mt_srand ((double) microtime () * 1000000);
|
|
$salt = pack ('CCCC', mt_rand (), mt_rand (), mt_rand (), mt_rand ());
|
|
$hash = '{SSHA}' . base64_encode (pack ('H*', sha1 ($value . $salt)) . $salt);
|
|
return $hash;
|
|
}
|
|
|
|
function sshaVerify ($hash, $value)
|
|
{
|
|
$ohash = base64_decode (substr ($hash, 6));
|
|
$osalt = substr ($ohash, 20);
|
|
$ohash = substr ($ohash, 0, 20);
|
|
$nhash = pack ('H*', sha1 ($value . $osalt));
|
|
return $ohash == $nhash;
|
|
}
|
|
|
|
class SshConnection
|
|
{
|
|
var $connection;
|
|
|
|
/**
|
|
* Abrebiated method to make SSH connections.
|
|
*/
|
|
function __construct ($host, $user, $password)
|
|
{
|
|
$this->connection = $connection = ssh2_connect ($host);
|
|
|
|
if (!$connection)
|
|
throw new Exception ("Can't connect to SSH server $host");
|
|
|
|
$authOk = ssh2_auth_password ($connection, $user, $password);
|
|
|
|
if (!$authOk)
|
|
throw new Exception ("SSH authentication failed on server $host");
|
|
|
|
return $connection;
|
|
}
|
|
|
|
/**
|
|
* Executes a command on the host.
|
|
*/
|
|
function exec ()
|
|
{
|
|
$nargs = func_num_args ();
|
|
$args = func_get_args ();
|
|
|
|
for ($i = 1; $i < $nargs; $i++)
|
|
$args[$i] = self::escape ($args[$i]);
|
|
|
|
$command = call_user_func_array ('sprintf', $args);
|
|
error_log ($command);
|
|
return ssh2_exec ($this->connection, $command);
|
|
}
|
|
|
|
/**
|
|
* Escapes the double quotes from an string.
|
|
*/
|
|
static function escape ($str)
|
|
{
|
|
return '"'. str_replace ('"', '\\"', $str) .'"';
|
|
}
|
|
}
|