0
1
Fork 0
hedera-web-mindshore/rest/core/account.php

255 lines
5.9 KiB
PHP
Raw Normal View History

2016-10-27 11:22:04 +00:00
<?php
2018-05-23 10:14:20 +00:00
class Account {
static function trySync($db, $userName, $password = NULL) {
$isSync = $db->getValue(
2017-05-30 13:27:49 +00:00
'SELECT sync FROM account.user WHERE name = #',
2017-11-28 15:07:21 +00:00
[$userName]
2017-05-30 13:27:49 +00:00
);
if ($isSync)
return;
2018-05-23 10:14:20 +00:00
self::sync($db, $userName, $password);
2017-05-30 13:27:49 +00:00
}
2018-05-23 10:14:20 +00:00
static function sync($db, $userName, $password = NULL, $force = TRUE) {
$hasAccount = $db->getValue(
2016-10-27 11:22:04 +00:00
'SELECT COUNT(*) > 0
FROM account.user u
JOIN account.account a ON u.id = a.id
WHERE u.name = #',
2017-11-28 15:07:21 +00:00
[$userName]
2016-10-27 11:22:04 +00:00
);
2018-05-23 10:14:20 +00:00
if ($hasAccount) {
self::ldapSync($db, $userName, $password);
self::sambaSync($db, $userName, $password);
2017-05-30 13:27:49 +00:00
}
2017-05-02 12:33:48 +00:00
2018-05-23 10:14:20 +00:00
$db->query(
2017-05-30 13:27:49 +00:00
'UPDATE account.user SET sync = TRUE WHERE name = #',
2017-11-28 15:07:21 +00:00
[$userName]
2017-05-02 12:33:48 +00:00
);
2017-05-30 13:27:49 +00:00
}
/**
* Synchronizes the user credentials in the LDAP server.
*/
2018-05-23 10:14:20 +00:00
static function ldapSync($db, $userName, $password) {
2017-05-30 13:27:49 +00:00
// Gets LDAP configuration parameters
2018-05-23 10:14:20 +00:00
$conf = $db->getObject(
2017-05-30 13:27:49 +00:00
'SELECT host, rdn, password, baseDn, filter
FROM account.ldapConfig');
// Connects an authenticates against server
2018-05-23 10:14:20 +00:00
$ds = ldap_connect($conf->host);
2017-05-30 13:27:49 +00:00
if (!$ds)
2018-05-23 10:14:20 +00:00
throw new Exception("Can't connect to LDAP server: ". ldapError($ds));
2017-05-30 13:27:49 +00:00
try {
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
2018-05-23 10:14:20 +00:00
$bind = ldap_bind($ds, $conf->rdn, base64_decode($conf->password));
if (!$bind)
2018-05-23 10:14:20 +00:00
throw new Exception("Authentication failed on LDAP server: ". ldapError($ds));
// Prepares the data
2018-05-23 10:14:20 +00:00
$domain = $db->getValue('SELECT domain FROM account.mailConfig');
2018-05-23 10:14:20 +00:00
$user = $db->getObject(
'SELECT id, nickname, lang
FROM account.user
WHERE name = #',
[$userName]
);
2018-05-23 10:14:20 +00:00
$cn = empty($user->nickname) ? $userName : $user->nickname;
2018-05-23 10:14:20 +00:00
$nameArgs = explode(' ', $user->nickname);
$givenName = $nameArgs[0];
2018-05-23 10:14:20 +00:00
if (count($nameArgs) > 1)
$sn = $nameArgs[1];
2018-05-23 10:14:20 +00:00
if (empty($sn))
$sn = 'Empty';
$attrs = [
'cn' => $cn,
'displayName' => $user->nickname,
'givenName' => $givenName,
'sn' => $sn,
'mail' => "$userName@{$domain}",
2018-05-23 10:14:20 +00:00
'userPassword' => sshaEncode($password),
'preferredLanguage' => $user->lang
];
// Search the user entry
$filter = "uid=$userName";
if (!empty($conf->filter))
$filter = "(&($filter)($conf->filter))";
2018-05-23 10:14:20 +00:00
$res = ldap_search($ds, $conf->baseDn, $filter);
if (!$res)
2018-05-23 10:14:20 +00:00
throw new Exception("Can't get the LDAP entry: ". ldapError($ds));
$dn = "uid=$userName,{$conf->baseDn}";
2018-05-23 10:14:20 +00:00
$entry = ldap_first_entry($ds, $res);
2018-05-23 10:14:20 +00:00
$classes = ldap_get_values($ds, $entry, 'objectClass');
2018-05-23 10:14:20 +00:00
if (!in_array('inetOrgPerson', $classes)) {
ldap_delete($ds, $dn);
$entry = NULL;
}
2018-05-23 10:14:20 +00:00
if ($entry) {
$modifs = [];
2018-05-23 10:14:20 +00:00
$curAttrs = ldap_get_attributes($ds, $entry);
2018-05-23 10:14:20 +00:00
foreach($attrs as $attribute => $value)
if (!empty($value)) {
$modifs[] = [
'attrib' => $attribute,
'modtype' => LDAP_MODIFY_BATCH_REPLACE,
'values' => [$value]
];
2018-05-23 11:09:55 +00:00
} elseif (isset($curAttrs[$attribute])) {
$modifs[] = [
'attrib' => $attribute,
'modtype' => LDAP_MODIFY_BATCH_REMOVE_ALL
];
}
2018-05-23 10:14:20 +00:00
$updated = ldap_modify_batch($ds, $dn, $modifs);
2018-05-23 11:09:55 +00:00
} else {
$addAttrs = [];
2018-05-23 10:14:20 +00:00
foreach($attrs as $attribute => $value)
if (!empty($value))
$addAttrs[$attribute] = $value;
2018-05-23 10:14:20 +00:00
$addAttrs = array_merge($addAttrs, [
'objectClass' => ['inetOrgPerson'],
'uid' => $userName
]);
2018-05-23 10:14:20 +00:00
$updated = ldap_add($ds, $dn, $addAttrs);
}
if (!$updated)
2018-05-23 10:14:20 +00:00
throw new Exception("Can't update the LDAP entry: ". ldapError($ds));
2018-05-23 11:09:55 +00:00
} catch (Exception $e) {
2018-05-23 10:14:20 +00:00
ldap_unbind($ds);
throw $e;
2017-05-30 13:27:49 +00:00
}
}
/**
* Synchronizes the user credentials in the Samba server.
*/
2018-05-23 10:14:20 +00:00
static function sambaSync($db, $userName, $password) {
$conf = $db->getObject(
2017-11-28 15:07:21 +00:00
'SELECT host, sshUser, sshPass, uidBase
2017-05-30 13:27:49 +00:00
FROM account.sambaConfig'
2016-10-27 11:22:04 +00:00
);
2017-11-28 15:07:21 +00:00
2018-05-23 10:14:20 +00:00
$domain = $db->getValue('SELECT domain FROM account.mailConfig');
2017-05-30 13:27:49 +00:00
2018-05-23 10:14:20 +00:00
$samba = new SshConnection($conf->host
2017-05-30 13:27:49 +00:00
,$conf->sshUser
2018-05-23 10:14:20 +00:00
,base64_decode($conf->sshPass)
2017-05-02 12:33:48 +00:00
);
2017-05-30 13:27:49 +00:00
$scriptDir = '/mnt/cluster/scripts';
2016-10-27 11:22:04 +00:00
2017-05-02 12:33:48 +00:00
// Creates the Samba user and initializes it's home directory
2016-10-27 11:22:04 +00:00
2018-05-23 10:14:20 +00:00
$userId = $db->getValue(
2017-11-28 15:07:21 +00:00
'SELECT id FROM account.user WHERE name = #', [$userName]);
2016-10-27 11:22:04 +00:00
2018-05-23 10:14:20 +00:00
$samba->exec("$scriptDir/create-user.sh %s %s %s"
2017-11-28 15:07:21 +00:00
,$userName
2017-05-30 13:27:49 +00:00
,$conf->uidBase + $userId
2017-11-28 15:07:21 +00:00
,"$userName@{$domain}"
2017-05-30 13:27:49 +00:00
);
2016-10-27 11:22:04 +00:00
2017-05-02 12:33:48 +00:00
// Syncronizes the Samba password
2016-10-27 11:22:04 +00:00
2018-05-23 10:14:20 +00:00
if (empty($password))
2017-05-02 12:33:48 +00:00
return;
2018-05-23 10:14:20 +00:00
$samba->exec("$scriptDir/set-password.sh %s %s"
2017-11-28 15:07:21 +00:00
,$userName
2017-05-30 13:27:49 +00:00
,$password
);
2016-10-27 11:22:04 +00:00
}
}
2018-05-23 10:14:20 +00:00
function ldapError($ds) {
return ldap_errno($ds) .': '. ldap_error($ds);
2017-05-30 13:27:49 +00:00
}
2018-05-23 10:14:20 +00:00
function sshaEncode($value) {
mt_srand((double) microtime() * 1000000);
$salt = pack('CCCC', mt_rand(), mt_rand(), mt_rand(), mt_rand());
$hash = '{SSHA}' . base64_encode(pack('H*', sha1($value . $salt)) . $salt);
2017-05-30 13:27:49 +00:00
return $hash;
}
2018-05-23 10:14:20 +00:00
function sshaVerify($hash, $value) {
$ohash = base64_decode(substr($hash, 6));
$osalt = substr($ohash, 20);
$ohash = substr($ohash, 0, 20);
$nhash = pack('H*', sha1($value . $osalt));
2017-05-30 13:27:49 +00:00
return $ohash == $nhash;
}
2018-05-23 10:14:20 +00:00
class SshConnection {
2016-10-27 11:22:04 +00:00
var $connection;
/**
* Abrebiated method to make SSH connections.
2017-05-30 13:27:49 +00:00
*/
2018-05-23 10:14:20 +00:00
function __construct($host, $user, $password) {
$this->connection = $connection = ssh2_connect($host);
2016-10-27 11:22:04 +00:00
if (!$connection)
2018-05-23 10:14:20 +00:00
throw new Exception("Can't connect to SSH server $host");
2016-10-27 11:22:04 +00:00
2018-05-23 10:14:20 +00:00
$authOk = ssh2_auth_password($connection, $user, $password);
2016-10-27 11:22:04 +00:00
if (!$authOk)
2018-05-23 10:14:20 +00:00
throw new Exception("SSH authentication failed on server $host");
2016-10-27 11:22:04 +00:00
return $connection;
}
/**
* Executes a command on the host.
2017-05-30 13:27:49 +00:00
*/
2018-05-23 10:14:20 +00:00
function exec() {
$nargs = func_num_args();
$args = func_get_args();
2017-05-30 13:27:49 +00:00
for ($i = 1; $i < $nargs; $i++)
2018-05-23 10:14:20 +00:00
$args[$i] = self::escape($args[$i]);
2017-05-30 13:27:49 +00:00
2018-05-23 10:14:20 +00:00
$command = call_user_func_array('sprintf', $args);
return ssh2_exec($this->connection, $command);
2016-10-27 11:22:04 +00:00
}
/**
* Escapes the double quotes from an string.
2017-05-30 13:27:49 +00:00
*/
2018-05-23 10:14:20 +00:00
static function escape($str) {
return '"'. str_replace('"', '\\"', $str) .'"';
2016-10-27 11:22:04 +00:00
}
}