www/create.php

   1 <?php
   2 header('Content-Type: text/plain');
   3
   4 include(__DIR__ . '/../common.php');
   5
   6 if (defined('ALLOW_ANONYMOUS_ACCESS') && constant('ALLOW_ANONYMOUS_ACCESS')) {
   7         $username = constant('ALLOW_ANONYMOUS_ACCESS');
   8 } else {
   9         $username = $_SERVER['REMOTE_USER'] ?? NULL;
  10 }
  11
  12 if (empty($username)) {
  13         header('Status: 401 Unauthorized');
  14         die("# No username");
  15 }
  16 if (!preg_match('/[a-zA-Z0-9.-]+\\$?/', $username)) {
  17         header("Status: 418 I'm a teapot");
  18         die("# Badly formatted username");
  19 }
  20
  21 debug($search = ldap_search($ldap, LDAP_BASE, '(samAccountName=' . $username . ')', array('dn')));
  22 debug($res = ldap_get_entries($ldap, $search), 2);
  23
  24 if (preg_match_all('/,OU=([^,]+),/', $res[0]['dn'] ?? '', $matches)) {
  25         $ou = implode('-', $matches[1]);
  26 } else {
  27         header('Status: 403 Forbidden');
  28         die("# No OU detected");
  29 }
  30
  31 passthru(escapeshellarg(__DIR__) . '/../create-cert.sh ' . escapeshellarg($ou) . ' ' . escapeshellarg($username), $result_code);
  32
  33 if ($result_code != 0) {
  34         echo "# create-cert exited non-zero";
  35 }