00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025 define ("AUTH_LOCAL",1);
00026 define ("AUTH_LDAP",2);
00027 define ("AUTH_RADIUS",3);
00028 define ("AUTH_SCRIPT",4);
00029 define ("AUTH_SHIBBOLETH",5);
00030 define ("AUTH_CAS",6);
00031 define ("AUTH_SOAP",7);
00032
00033
00034 define ("AUTH_INACTIVE",18);
00035
00036 define('AUTH_MULTIPLE',20);
00037
00038 define('AUTH_SOAP_NO_ILIAS_USER', -100);
00039 define('AUTH_LDAP_NO_ILIAS_USER',-200);
00040 define('AUTH_RADIUS_NO_ILIAS_USER',-300);
00041
00042 define('AUTH_MODE_INACTIVE',-1000);
00043
00044
00045
00046
00047 define('AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL', -101);
00048 define('AUTH_CAS_NO_ILIAS_USER', -90);
00049
00058 class ilAuthUtils
00059 {
00060
00064 function _initAuth()
00065 {
00066 global $ilAuth, $ilSetting, $ilDB, $ilClientIniFile,$ilBench;
00067
00068 $ilBench->start('Auth','initAuth');
00069
00070
00071 if (!is_object($ilSetting))
00072 {
00073 die ("Fatal Error: ilAuthUtils::_initAuth called without ilSetting.");
00074 }
00075
00076
00077 if (!is_object($ilDB))
00078 {
00079 die ("Fatal Error: ilAuthUtils::_initAuth called without ilDB.");
00080 }
00081
00082
00083 if (!is_object($ilClientIniFile))
00084 {
00085 die ("Fatal Error: ilAuthUtils::_initAuth called without ilClientIniFile.");
00086 }
00087
00088
00089
00090 define ("AUTH_DEFAULT", $ilSetting->get("auth_mode") ? $ilSetting->get("auth_mode") : AUTH_LOCAL);
00091
00092
00093
00094
00095
00096
00097
00098
00099
00100 if (empty($_SESSION) ||
00101 (!isset($_SESSION['_authsession']['registered']) ||
00102 $_SESSION['_authsession']['registered'] !== true))
00103 {
00104
00105 if ($_POST['username'] != '' and $_POST['password'] != '')
00106 {
00107 $user_auth_mode = ilAuthUtils::_getAuthModeOfUser($_POST['username'], $_POST['password'], $ilDB);
00108
00109 if ($user_auth_mode == AUTH_CAS && $ilSetting->get("cas_allow_local"))
00110 {
00111 $user_auth_mode = AUTH_LOCAL;
00112 }
00113 if ($user_auth_mode == AUTH_SOAP && $ilSetting->get("soap_auth_allow_local"))
00114 {
00115 $user_auth_mode = AUTH_LOCAL;
00116 }
00117 }
00118 }
00119
00120
00121 if (!$ilSetting->get("soap_auth_active") && $user_auth_mode == AUTH_SOAP)
00122 {
00123 $user_auth_mode = AUTH_LOCAL;
00124 }
00125
00126
00127
00128
00129 if (($ilSetting->get("soap_auth_active") && !empty($_GET["ext_uid"])
00130 && !empty($_GET["soap_pw"])) || $user_auth_mode == AUTH_SOAP)
00131 {
00132 include_once("Services/SOAPAuth/classes/class.ilSOAPAuth.php");
00133
00134 if (!is_object($GLOBALS['ilSOAPAuth']))
00135 {
00136 $auth_params = array(
00137 "server_hostname" => $ilSetting->get("soap_auth_server"),
00138 "server_port" => $ilSetting->get("soap_auth_port"),
00139 "server_uri" => $ilSetting->get("soap_auth_uri"),
00140 "https" => $ilSetting->get("soap_auth_use_https"),
00141 "namespace" => $ilSetting->get("soap_auth_namespace"),
00142 "use_dotnet" => $ilSetting->get("soap_auth_use_dotnet")
00143 );
00144
00145
00146 $ilSOAPAuth = new ilSOAPAuth($auth_params);
00147 $GLOBALS['ilSOAPAuth'] =& $ilSOAPAuth;
00148 }
00149 else
00150 {
00151 $ilSOAPAuth =& $GLOBALS['ilSOAPAuth'];
00152 }
00153
00154 define ("AUTH_CURRENT", AUTH_SOAP);
00155 }
00156
00157
00158 else if ( $ilSetting->get("shib_active")
00159 && $_SERVER[$ilSetting->get("shib_login")])
00160 {
00161 define ("AUTH_CURRENT", AUTH_SHIBBOLETH);
00162 }
00163
00164 else if ($ilSetting->get("cas_active") && $_POST['username'] == '')
00165 {
00166 include_once("Services/CAS/classes/class.ilCASAuth.php");
00167
00168 if (!is_object($GLOBALS['ilCASAuth']))
00169 {
00170 $auth_params = array(
00171 "server_version" => CAS_VERSION_2_0,
00172 "server_hostname" => $ilSetting->get("cas_server"),
00173 "server_port" => $ilSetting->get("cas_port"),
00174 "server_uri" => $ilSetting->get("cas_uri"));
00175
00176
00177 $ilCASAuth = new ilCASAuth($auth_params);
00178
00179 $GLOBALS['ilCASAuth'] =& $ilCASAuth;
00180 }
00181 else
00182 {
00183 $ilCASAuth =& $GLOBALS['ilCASAuth'];
00184 }
00185
00186 if ($_GET["forceCASLogin"] == "1")
00187 {
00188 $ilCASAuth->forceCASAuth();
00189 }
00190
00191 if ($ilCASAuth->checkCASAuth())
00192 {
00193 define ("AUTH_CURRENT", AUTH_CAS);
00194 }
00195 else
00196 {
00197 define ("AUTH_CURRENT", $user_auth_mode);
00198
00199 }
00200 }
00201 else
00202 {
00203 define ("AUTH_CURRENT", $user_auth_mode);
00204 }
00205
00206 switch (AUTH_CURRENT)
00207 {
00208 case AUTH_LOCAL:
00209 include_once('./Services/Authentication/classes/class.ilAuthDB.php');
00210 $ilAuth = new ilAuthDB();
00211 break;
00212
00213 case AUTH_LDAP:
00214 $ilBench->start('Auth','Auth_LDAP');
00215 include_once 'Services/LDAP/classes/class.ilAuthLDAP.php';
00216 $ilAuth = new ilAuthLDAP();
00217 $ilBench->stop('Auth','Auth_LDAP');
00218
00219
00220
00221
00222
00223
00224
00225
00226
00227
00228
00229
00230
00231 break;
00232
00233 case AUTH_RADIUS:
00234 include_once('Services/Radius/classes/class.ilAuthRadius.php');
00235 $ilAuth = new ilAuthRadius();
00236 break;
00237
00238
00239 case AUTH_SHIBBOLETH:
00240
00241
00242 $auth_params = array();
00243 $ilAuth = new ShibAuth($auth_params,true);
00244 break;
00245
00246 case AUTH_CAS:
00247 $ilAuth =& $ilCASAuth;
00248 $ilAuth->forceCASAuth();
00249 break;
00250
00251 case AUTH_SOAP:
00252 $ilAuth =& $ilSOAPAuth;
00253 break;
00254
00255 case AUTH_MULTIPLE:
00256 include_once('./Services/Authentication/classes/class.ilAuthMultiple.php');
00257 $ilAuth = new ilAuthMultiple();
00258 break;
00259
00260 case AUTH_INACTIVE:
00261 include_once('./Services/Authentication/classes/class.ilAuthInactive.php');
00262 $ilAuth = new ilAuthInactive(AUTH_MODE_INACTIVE);
00263 break;
00264
00265 default:
00266 include_once('./Services/Authentication/classes/class.ilAuthDB.php');
00267 $ilAuth = new ilAuthDB();
00268 break;
00269
00270 }
00271
00272 $ilAuth->setIdle($ilClientIniFile->readVariable("session","expire"), false);
00273 $ilAuth->setExpire(0);
00274 ini_set("session.cookie_lifetime", "0");
00275
00276 $GLOBALS['ilAuth'] =& $ilAuth;
00277
00278 $ilBench->stop('Auth','initAuth');
00279 }
00280
00281 function _getAuthModeOfUser($a_username,$a_password,$a_db_handler = '')
00282 {
00283 global $ilDB;
00284
00285 if(isset($_POST['auth_mode']))
00286 {
00287 return (int) $_POST['auth_mode'];
00288 }
00289
00290 include_once('./Services/Authentication/classes/class.ilAuthModeDetermination.php');
00291 $det = ilAuthModeDetermination::_getInstance();
00292
00293 if(!$det->isManualSelection())
00294 {
00295 return AUTH_MULTIPLE;
00296 }
00297
00298
00299 $db =& $ilDB;
00300
00301 if ($a_db_handler != '')
00302 {
00303 $db =& $a_db_handler;
00304 }
00305
00306
00307
00308 $q = "SELECT auth_mode FROM usr_data WHERE ".
00309 "login = ".$ilDB->quote($a_username);
00310
00311
00312
00313 $r = $db->query($q);
00314 $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
00315
00316
00317 $auth_mode = self::_getAuthMode($row->auth_mode,$db);
00318
00319 return in_array($auth_mode,self::_getActiveAuthModes()) ? $auth_mode : AUTH_INACTIVE;
00320 }
00321
00322 function _getAuthMode($a_auth_mode,$a_db_handler = '')
00323 {
00324 global $ilDB;
00325
00326 $db =& $ilDB;
00327
00328 if ($a_db_handler != '')
00329 {
00330 $db =& $a_db_handler;
00331 }
00332
00333 switch ($a_auth_mode)
00334 {
00335 case "local":
00336 return AUTH_LOCAL;
00337 break;
00338
00339 case "ldap":
00340 return AUTH_LDAP;
00341 break;
00342
00343 case "radius":
00344 return AUTH_RADIUS;
00345 break;
00346
00347 case "script":
00348 return AUTH_SCRIPT;
00349 break;
00350
00351 case "shibboleth":
00352 return AUTH_SHIBBOLETH;
00353 break;
00354
00355 case "cas":
00356 return AUTH_CAS;
00357 break;
00358
00359 case "soap":
00360 return AUTH_SOAP;
00361 break;
00362
00363
00364 default:
00365 $q = "SELECT value FROM settings WHERE ".
00366 "keyword='auth_mode'";
00367 $r = $db->query($q);
00368 $row = $r->fetchRow();
00369 return $row[0];
00370 break;
00371 }
00372 }
00373
00374 function _getAuthModeName($a_auth_key)
00375 {
00376 global $ilias;
00377
00378 switch ($a_auth_key)
00379 {
00380 case AUTH_LOCAL:
00381 return "local";
00382 break;
00383
00384 case AUTH_LDAP:
00385 return "ldap";
00386 break;
00387
00388 case AUTH_RADIUS:
00389 return "radius";
00390 break;
00391
00392 case AUTH_CAS:
00393 return "cas";
00394 break;
00395
00396 case AUTH_SCRIPT:
00397 return "script";
00398 break;
00399
00400 case AUTH_SHIBBOLETH:
00401 return "shibboleth";
00402 break;
00403
00404 case AUTH_SOAP:
00405 return "soap";
00406 break;
00407
00408 default:
00409 return "default";
00410 break;
00411 }
00412 }
00413
00414 function _getActiveAuthModes()
00415 {
00416 global $ilias,$ilSetting;
00417
00418 $modes = array(
00419 'default' => $ilSetting->get("auth_mode"),
00420 'local' => AUTH_LOCAL
00421 );
00422 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
00423 if(count(ilLDAPServer::_getActiveServerList()))
00424 {
00425 $modes['ldap'] = AUTH_LDAP;
00426 }
00427 if ($ilSetting->get("radius_active")) $modes['radius'] = AUTH_RADIUS;
00428 if ($ilSetting->get("shib_active")) $modes['shibboleth'] = AUTH_SHIBBOLETH;
00429 if ($ilSetting->get("script_active")) $modes['script'] = AUTH_SCRIPT;
00430 if ($ilSetting->get("cas_active")) $modes['cas'] = AUTH_CAS;
00431 if ($ilSetting->get("soap_auth_active")) $modes['soap'] = AUTH_SOAP;
00432 return $modes;
00433 }
00434
00435 function _getAllAuthModes()
00436 {
00437 return array(
00438 AUTH_LOCAL => ilAuthUtils::_getAuthModeName(AUTH_LOCAL),
00439 AUTH_LDAP => ilAuthUtils::_getAuthModeName(AUTH_LDAP),
00440 AUTH_SHIBBOLETH => ilAuthUtils::_getAuthModeName(AUTH_SHIBBOLETH),
00441 AUTH_CAS => ilAuthUtils::_getAuthModeName(AUTH_CAS),
00442 AUTH_SOAP => ilAuthUtils::_getAuthModeName(AUTH_SOAP),
00443 AUTH_RADIUS => ilAuthUtils::_getAuthModeName(AUTH_RADIUS));
00444 }
00445
00450 function _generateLogin($a_login)
00451 {
00452 global $ilDB;
00453
00454
00455 $found = false;
00456 $postfix = 0;
00457 $c_login = $a_login;
00458 while(!$found)
00459 {
00460 $r = $ilDB->query("SELECT login FROM usr_data WHERE login = ".
00461 $ilDB->quote($c_login));
00462 if ($r->numRows() > 0)
00463 {
00464 $postfix++;
00465 $c_login = $a_login.$postfix;
00466 }
00467 else
00468 {
00469 $found = true;
00470 }
00471 }
00472
00473 return $c_login;
00474 }
00475
00476 public static function _hasMultipleAuthenticationMethods()
00477 {
00478 include_once('Services/Radius/classes/class.ilRadiusSettings.php');
00479
00480 $rad_settings = ilRadiusSettings::_getInstance();
00481 if($rad_settings->isActive())
00482 {
00483 return true;
00484 }
00485 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
00486 return count(ilLDAPServer::_getActiveServerList()) ? true : false;
00487 }
00488
00489 public static function _getMultipleAuthModeOptions($lng)
00490 {
00491 global $ilSetting;
00492
00493
00494 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
00495
00496 $options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
00497
00498
00499 if($ldap_id = ilLDAPServer::_getFirstActiveServer())
00500 {
00501 $ldap_server = new ilLDAPServer($ldap_id);
00502 $options[AUTH_LDAP]['txt'] = $ldap_server->getName();
00503 }
00504 include_once('Services/Radius/classes/class.ilRadiusSettings.php');
00505 $rad_settings = ilRadiusSettings::_getInstance();
00506 if($rad_settings->isActive())
00507 {
00508 $options[AUTH_RADIUS]['txt'] = $rad_settings->getName();
00509 }
00510
00511 if($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_LDAP)
00512 {
00513 $default = AUTH_LDAP;
00514 }
00515 elseif($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_RADIUS)
00516 {
00517 $default = AUTH_RADIUS;
00518 }
00519 else
00520 {
00521 $default = AUTH_LOCAL;
00522 }
00523
00524 $default = $ilSetting->get('default_auth_mode',$default);
00525 $default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default;
00526
00527 $options[$default]['checked'] = true;
00528 return $options ? $options : array();
00529 }
00530
00540 public static function _isExternalAccountEnabled()
00541 {
00542 global $ilSetting;
00543
00544 if($ilSetting->get("cas_active"))
00545 {
00546 return true;
00547 }
00548 if($ilSetting->get("soap_auth_active"))
00549 {
00550 return true;
00551 }
00552 if($ilSetting->get("shib_active"))
00553 {
00554 return true;
00555 }
00556 if($ilSetting->get('radius_active'))
00557 {
00558 return true;
00559 }
00560 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
00561 if(count(ilLDAPServer::_getActiveServerList()))
00562 {
00563 return true;
00564 }
00565 return false;
00566 }
00567
00576 public static function _allowPasswordModificationByAuthMode($a_auth_mode)
00577 {
00578 switch($a_auth_mode)
00579 {
00580 case AUTH_LDAP:
00581 case AUTH_RADIUS:
00582 return false;
00583 default:
00584 return true;
00585 }
00586 }
00587
00596 public static function _needsExternalAccountByAuthMode($a_auth_mode)
00597 {
00598 switch($a_auth_mode)
00599 {
00600 case AUTH_LOCAL:
00601 return false;
00602 default:
00603 return true;
00604 }
00605 }
00606 }
00607 ?>
