ILIAS  Release_4_2_x_branch Revision 61807
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilAuthContainerApache.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 include_once 'Auth/Container/MDB2.php';
25 
35 class ilAuthContainerApache extends Auth_Container
36 {
37 
38  public static $force_creation = false;
39 
43  public function __construct()
44  {
45  parent::__construct($options);
46  }
47  /*
48  public function loginObserver($a_username, $a_auth)
49  {
50  //var_dump($a_username);
51  }
52  */
53  public static function forceCreation($value)
54  {
55  self::$force_creation = $value;
56  }
57 
58  function fetchData($a_username, $password, $isChallengeResponse=false)
59  { //var_dump(func_get_args());
60  //var_dump($_SERVER);
61  global $lng;
62  $settings = new ilSetting('apache_auth');
63 
64  if (!$settings->get('apache_enable_auth'))
65  {
66  return false;
67  }
68  if (!$settings->get('apache_auth_indicator_name') || !$settings->get('apache_auth_indicator_value'))
69  {
70  return false;
71  }
72  if (!ilUtil::isLogin($a_username))
73  {
74  return false;
75  }
76 
77  if ($a_username == 'anonymous' && $password == 'anonymous') {
78  global $ilDB;
79  $query = 'SELECT * FROM usr_data WHERE login = %s';
80  $qres = $ilDB->queryF($query, array('text'), array($a_username));
81 
82  $userRow = $ilDB->fetchAssoc($qres);
83 
84  if (is_array($userRow) && $userRow['usr_id'])
85  {
86  // user as a local account...
87  // fetch logindata
88  $this->activeUser = $userRow['login'];
89  foreach ($userRow as $key => $value) {
90  if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
91  continue;
92  }
93  // Use reference to the auth object if exists
94  // This is because the auth session variable can change so a static call to setAuthData does not make sense
95  $this->_auth_obj->setAuthData($key, $value);
96  }
97  //var_dump($userRow);
98  $this->_auth_obj->setAuth($userRow['login']);
99  return true;
100  }
101  return false;
102  }
103 
104  if (!$_SESSION['login_invalid'] && $_SERVER[$settings->get('apache_auth_indicator_name')] == $settings->get('apache_auth_indicator_value'))
105  {
106  // we have a valid apache auth
107  global $ilDB;
108 
109  if ($settings->get('apache_enable_local'))
110  {
111  $query = 'SELECT * FROM usr_data WHERE login = %s OR (auth_mode = %s AND ext_account = %s)';
112  $qres = $ilDB->queryF($query, array('text', 'text', 'text'), array($a_username, 'apache', $a_username));
113 
114  $userRow = $ilDB->fetchAssoc($qres);
115 
116  if (is_array($userRow) && $userRow['usr_id'])
117  {
118  // user as a local account...
119  // fetch logindata
120  $this->activeUser = $userRow['login'];
121  foreach ($userRow as $key => $value) {
122  if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
123  continue;
124  }
125  // Use reference to the auth object if exists
126  // This is because the auth session variable can change so a static call to setAuthData does not make sense
127  $this->_auth_obj->setAuthData($key, $value);
128  }
129  //var_dump($userRow);
130  $this->_auth_obj->setAuth($userRow['login']);
131  return true;
132  }
133  }
134 
135  // if no local user has been found AND ldap lookup is enabled
136  if($settings->get('apache_enable_ldap'))
137  {
138  include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
139  $this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
140  $this->server->doConnectionCheck();
141 
142  $config = $this->server->toPearAuthArray();
143 
144  $query = new ilLDAPQuery($this->server);
145  $ldapUser = $query->fetchUser($a_username);
146 
147  if ($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config['userattr']] == $a_username)
148  {
149  $ldapUser[$a_username]['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache",$a_username);
150  $user_data = $ldapUser[$a_username];//array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
151  if($this->server->enabledSyncOnLogin())
152  {
153  if(!$user_data['ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation)
154  {
155  $this->_auth_obj->logout();
156  $_SESSION['tmp_auth_mode'] = 'apache';
157  $_SESSION['tmp_external_account'] = $a_username;
158  $_SESSION['tmp_pass'] = $_POST['password'];
159 
160  include_once('./Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php');
161  $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($a_username, $user_data);
162  $_SESSION['tmp_roles'] = array();
163  foreach($roles as $info)
164  {
165  if($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN)
166  {
167  $_SESSION['tmp_roles'][] = $info['id'];
168  }
169  }
170 
171  ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
172  exit;
173  }
174 
175  if($this->updateRequired($a_username))
176  {
177  $this->initLDAPAttributeToUser();
178  $this->ldap_attr_to_user->setUserData($ldapUser);
179  $this->ldap_attr_to_user->refresh();
180  $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache",$a_username);
181  }
182  else
183  {
184  // User exists and no update required
185  $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache",$a_username);
186  }
187  }
188  if ($user_data['ilInternalAccount'])
189  {
190  $this->_auth_obj->setAuth($user_data['ilInternalAccount']);
191  return true;
192  }
193  }
194  }
195 
196  if ($settings->get('apache_enable_local') && $settings->get('apache_local_autocreate'))
197  {
198  // no local user, no ldap match or ldap not activated
199 // if (!self::$force_creation)
200 // {
201 // $_SESSION['tmp_auth_mode'] = 'apache';
202 // $_SESSION['tmp_external_account'] = $a_username;
203 // $_SESSION['tmp_pass'] = $_POST['password'];
204  //ilUtil::redirect('https://lernwelt.janposselt.de/ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
205 // }
206 // else
207 // {
208  global $ilIliasIniFile;
209  if ($_GET['r'])
210  $_SESSION['profile_complete_redirect'] = $_GET['r'];
211 
212  $user = new ilObjUser();
213  $user->setLogin($a_username);
214  $user->setExternalAccount($a_username);
215  $user->setProfileIncomplete(true);
216  $user->create();
217  $user->setAuthMode('apache');
218  // set a timestamp for last_password_change
219  // this ts is needed by the ACCOUNT_SECURITY_MODE_CUSTOMIZED
220  // in ilSecuritySettings
221  $user->setLastPasswordChangeTS( time() );
222  $user->setTimeLimitUnlimited(1);
223 
224  $user->setActive(1);
225  //insert user data in table user_data
226  $user->saveAsNew();
227  $user->writePrefs();
228  global $rbacadmin;
229  $rbacadmin->assignUser($settings->get('apache_default_role', 4),$user->getId(),true);
230  return true;
231 // }
232  }
233  }
234  else if (defined('IL_CERT_SSO') && IL_CERT_SSO) {
235  define('APACHE_ERRORCODE', AUTH_APACHE_FAILED);
236  }
237 
238  return false;
239  }
240 
246  protected function updateRequired($a_username)
247  {
248  if(!ilObjUser::_checkExternalAuthAccount("apache",$a_username))
249  {
250  return true;
251  }
252  // Check attribute mapping on login
253  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
254  if(ilLDAPAttributeMapping::hasRulesForUpdate($this->server->getServerId()))
255  {
256  #$GLOBALS['ilLog']->write(__METHOD__.': Required 2');
257  return true;
258  }
259  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
260  if(ilLDAPRoleAssignmentRule::hasRulesForUpdate())
261  {
262  #$GLOBALS['ilLog']->write(__METHOD__.': Required 3');
263  return true;
264  }
265  return false;
266  }
267 
274  private function initLDAPAttributeToUser()
275  {
276  include_once('Services/LDAP/classes/class.ilLDAPAttributeToUser.php');
277  $this->ldap_attr_to_user = new ilLDAPAttributeToUser($this->server);
278  }
279 
280 }
281 ?>