ILIAS  Release_5_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilAuthUtils.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
5 
6 // define auth modes
7 define ("AUTH_LOCAL",1);
8 define ("AUTH_LDAP",2);
9 define ("AUTH_RADIUS",3);
10 define ("AUTH_SCRIPT",4);
11 define ("AUTH_SHIBBOLETH",5);
12 define ("AUTH_CAS",6);
13 define ("AUTH_SOAP",7);
14 // BEGIN WebDAV: Add support for HTTP authentication
15 define ("AUTH_HTTP",8);
16 // END WebDAV: Add support for HTTP authentication
17 define ("AUTH_ECS",9);
18 define('AUTH_OPENID',10);
19 
20 define ("AUTH_APACHE",11);
21 
22 define ("AUTH_INACTIVE",18);
23 
24 define('AUTH_MULTIPLE',20);
25 
26 define('AUTH_SOAP_NO_ILIAS_USER', -100);
27 define('AUTH_LDAP_NO_ILIAS_USER',-200);
28 define('AUTH_RADIUS_NO_ILIAS_USER',-300);
29 define('AUTH_OPENID_NO_ILIAS_USER',-400);
30 
31 // apache auhtentication failed...
32 // maybe no (valid) certificate or
33 // username could not be extracted
34 define('AUTH_APACHE_FAILED', -500);
35 
36 
37 define('AUTH_MODE_INACTIVE',-1000);
38 
39 // an external user cannot be found in ilias, but his email address
40 // matches one or more ILIAS users
41 define('AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL', -101);
42 define('AUTH_CAS_NO_ILIAS_USER', -90);
43 
44 // ilUser validation (no login)
45 define('AUTH_USER_WRONG_IP', -600);
46 define('AUTH_USER_INACTIVE', -601);
47 define('AUTH_USER_TIME_LIMIT_EXCEEDED', -602);
48 define('AUTH_USER_SIMULTANEOUS_LOGIN', -603);
49 define('AUTH_CAPTCHA_INVALID', -604);
50 
51 
52 include_once './Services/Authentication/classes/class.ilAuthFactory.php';
53 require_once('Services/Authentication/classes/class.ilSessionControl.php');
54 
55 
63 class ilAuthUtils
64 {
65  const LOCAL_PWV_FULL = 1;
66  const LOCAL_PWV_NO = 2;
67  const LOCAL_PWV_USER = 3;
68 
69 
73  function _initAuth()
74  {
75  global $ilAuth, $ilSetting, $ilDB, $ilClientIniFile,$ilBench;
76 
77  $user_auth_mode = false;
78  $ilBench->start('Auth','initAuth');
79 
80 
81  // get default auth mode
82  //$default_auth_mode = $this->getSetting("auth_mode");
83  define ("AUTH_DEFAULT", $ilSetting->get("auth_mode") ? $ilSetting->get("auth_mode") : AUTH_LOCAL);
84 
85  // determine authentication method if no session is found and username & password is posted
86  // does this if statement make any sense? we enter this block nearly everytime.
87 
88  if (empty($_SESSION) ||
89  (!isset($_SESSION['_authsession']['registered']) ||
90  $_SESSION['_authsession']['registered'] !== true))
91  {
92  // no sesssion found
93  if (isset($_POST['username']) and $_POST['username'] != '' and $_POST['password'] != '' or isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']) or isset($_POST['oid_username']) or isset($_GET['oid_check_status']))
94  {
95  $user_auth_mode = ilAuthUtils::_getAuthModeOfUser($_POST['username'], $_POST['password'], $ilDB);
96 
97  if ($user_auth_mode == AUTH_CAS && $ilSetting->get("cas_allow_local"))
98  {
99  $user_auth_mode = AUTH_LOCAL;
100  }
101  if ($user_auth_mode == AUTH_SOAP && $ilSetting->get("soap_auth_allow_local"))
102  {
103  $user_auth_mode = AUTH_LOCAL;
104  }
105  if ($user_auth_mode == AUTH_SHIBBOLETH && $ilSetting->get("shib_auth_allow_local"))
106  {
107  $user_auth_mode = AUTH_LOCAL;
108  }
109  }
110  else if ($_POST['auth_mode'] == AUTH_APACHE)
111  {
112  $user_auth_mode = AUTH_APACHE;
113  }
114  }
115 
116  // to do: other solution?
117  if (!$ilSetting->get("soap_auth_active") && $user_auth_mode == AUTH_SOAP)
118  {
119  $user_auth_mode = AUTH_LOCAL;
120  }
121 
122  if($ilSetting->get("cas_active") && $_GET['forceCASLogin'])
123  {
124  ilAuthFactory::setContext(ilAuthFactory::CONTEXT_CAS);
125  $user_auth_mode = AUTH_CAS;
126  }
127 
128  if($ilSetting->get("apache_active") && $user_auth_mode == AUTH_APACHE)
129  {
130  ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
131  $user_auth_mode = AUTH_APACHE;
132  }
133 
134  // BEGIN WebDAV: Share session between browser and WebDAV client.
135  // The realm is needed to support a common session between Auth_HTTP and Auth.
136  // It also helps us to distinguish between parallel sessions run on different clients.
137  // Common session only works if we use a common session name starting with "_authhttp".
138  // We must use the "_authttp" prefix, because it is hardcoded in the session name of
139  // class Auth_HTTP.
140  // Whenever we use Auth_HTTP, we need to explicitly switch off "sessionSharing", because
141  // it interfers with the session mechanism of the other Auth modules. If we would
142  // keep this switched on, then users could steal each others session, which would cause
143  // a major security breach.
144  // Note: The realm and sessionName used here, must be the same as in
145  // class ilBaseAuthentication. Otherwise, Soap clients won't be able to log
146  // in to ILIAS.
147  $realm = CLIENT_ID;
148  //$this->writelog('ilias.php realm='.$realm);
149  // END WebDAV: Share session between browser and WebDAV client.
150 
151 //var_dump($_SESSION);
152 //echo "1-".$ilSetting->get("soap_auth_active")."-";
153  // if soap authentication activated and soap credentials given
154  if (($ilSetting->get("soap_auth_active") && !empty($_GET["ext_uid"])
155  && !empty($_GET["soap_pw"])) || $user_auth_mode == AUTH_SOAP)
156  {
157 
158  define('AUTH_CURRENT',AUTH_SOAP);
159  }
160  // if Shibboleth is active and the user is authenticated
161  // we set auth_mode to Shibboleth
162  else if ( $ilSetting->get("shib_active")
163  && $_SERVER[$ilSetting->get("shib_login")])
164  {
165  define ("AUTH_CURRENT", AUTH_SHIBBOLETH);
166  }
167  else
168  {
169  define ("AUTH_CURRENT", $user_auth_mode);
170  }
171 //var_dump($_SESSION);
172 
173  // Determine the authentication method to use
174  if (defined("WebDAV_Authentication") && WebDAV_Authentication == 'HTTP') {
175  // Since WebDAV clients create the login form by
176  // themselves, we can not provide buttons on the form for
177  // choosing an authentication method.
178  // If the user is already logged in, we continue using
179  // the current authentication method. If the user is
180  // not logged in yet, we use the "multiple authentication"
181  // method using a predefined sequence of authentication methods.
182  $authmode = AUTH_CURRENT ? AUTH_CURRENT : AUTH_MULTIPLE;
183  }
184  else
185  {
186  $authmode = AUTH_CURRENT;
187  }
188 //var_dump($authmode);
189  // if no auth mode selected AND default mode is AUTH_APACHE then use it...
190  if ($authmode == null && AUTH_DEFAULT == AUTH_APACHE)
191  $authmode = AUTH_APACHE;
192 
193  switch ($authmode)
194  {
195  case AUTH_LDAP:
196 
197  include_once './Services/LDAP/classes/class.ilAuthContainerLDAP.php';
198  $ilAuth = ilAuthFactory::factory(new ilAuthContainerLDAP());
199  break;
200 
201  case AUTH_RADIUS:
202 
203  include_once './Services/Radius/classes/class.ilAuthContainerRadius.php';
204  $ilAuth = ilAuthFactory::factory(new ilAuthContainerRadius());
205  break;
206 
207  case AUTH_SHIBBOLETH:
208  // build option string for SHIB::Auth
209  $auth_params = array();
210  $auth_params['sessionName'] = "_authhttp".md5($realm);
211  $ilAuth = new ShibAuth($auth_params,true);
212  break;
213 
214  case AUTH_CAS:
215 
216  include_once './Services/CAS/classes/class.ilAuthContainerCAS.php';
217  $ilAuth = ilAuthFactory::factory(new ilAuthContainerCAS());
218  break;
219 
220  case AUTH_SOAP:
221 
222  include_once './Services/SOAPAuth/classes/class.ilAuthContainerSOAP.php';
223  $ilAuth = ilAuthFactory::factory(new ilAuthContainerSOAP());
224  break;
225 
226  case AUTH_MULTIPLE:
227 
228  include_once './Services/Authentication/classes/class.ilAuthContainerMultiple.php';
229  $ilAuth = ilAuthFactory::factory(new ilAuthContainerMultiple());
230  break;
231 
232  case AUTH_ECS:
233  include_once './Services/WebServices/ECS/classes/class.ilAuthContainerECS.php';
234  $ilAuth = ilAuthFactory::factory(new ilAuthContainerECS());
235  break;
236 
237  case AUTH_OPENID:
238 
239  include_once './Services/OpenId/classes/class.ilAuthContainerOpenId.php';
240  $ilAuth = ilAuthFactory::factory(new ilAuthContainerOpenId());
241  break;
242 
243  case AUTH_INACTIVE:
244  require_once('./Services/Authentication/classes/class.ilAuthInactive.php');
245  $ilAuth = new ilAuthInactive(AUTH_MODE_INACTIVE);
246  break;
247 
248  case AUTH_APACHE:
249  include_once './Services/AuthApache/classes/class.ilAuthContainerApache.php';
250  ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
251  $ilAuth = ilAuthFactory::factory(new ilAuthContainerApache());
252  break;
253 
254  // begin-patch auth_plugin
255  case AUTH_LOCAL:
256  global $ilLog;
257  include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
258  $ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
259  break;
260 
261  default:
262  // check for plugin
263  if($authmode)
264  {
265  foreach(self::getAuthPlugins() as $pl)
266  {
267  $container = $pl->getContainer($authmode);
268  if($container instanceof Auth_Container)
269  {
270  $GLOBALS['ilLog']->write(__METHOD__.' Using plugin authentication with auth_mode '.$authmode);
271  $ilAuth = ilAuthFactory::factory($container);
272  break 2;
273  }
274  }
275  }
276  #$GLOBALS['ilLog']->write(__METHOD__.' Using default authentication');
277  // default for logged in users
278  include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
279  $ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
280  break;
281  // end-patch auth_plugin
282  }
283 
284  // Due to a bug in Pear Auth_HTTP, we can't use idle time
285  // with WebDAV clients. If we used it, users could never log
286  // back into ILIAS once their session idled out. :(
287  if (!defined("WebDAV_Authentication") || WebDAV_Authentication != 'HTTP')
288  {
289  $ilAuth->setIdle(ilSession::getIdleValue(), false);
290  }
291  $ilAuth->setExpire(0);
292 
293  ini_set("session.cookie_lifetime", "0");
294 //echo "-".get_class($ilAuth)."-";
295  $GLOBALS['ilAuth'] =& $ilAuth;
296 
297  ilSessionControl::checkExpiredSession();
298 
299  $ilBench->stop('Auth','initAuth');
300  }
301 
302  function _getAuthModeOfUser($a_username,$a_password,$a_db_handler = '')
303  {
304  global $ilDB;
305 
306  if(isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']))
307  {
308  ilAuthFactory::setContext(ilAuthFactory::CONTEXT_ECS);
309  return AUTH_ECS;
310  }
311  if(isset($_POST['auth_mode']))
312  {
313  return (int) $_POST['auth_mode'];
314  }
315  if(isset($_POST['oid_username']) or $_GET['oid_check_status'])
316  {
317  $GLOBALS['ilLog']->write(__METHOD__.' set context to open id');
318  ilAuthFactory::setContext(ilAuthFactory::CONTEXT_OPENID);
319  return AUTH_OPENID;
320  }
321 
322  include_once('./Services/Authentication/classes/class.ilAuthModeDetermination.php');
323  $det = ilAuthModeDetermination::_getInstance();
324 
325  if(!$det->isManualSelection() and $det->getCountActiveAuthModes() > 1)
326  {
327  return AUTH_MULTIPLE;
328  }
329 
330 
331  $db =& $ilDB;
332 
333  if ($a_db_handler != '')
334  {
335  $db =& $a_db_handler;
336  }
337 
338  // Is it really necessary to check the auth mode with password ?
339  // Changed: smeyer
340  $q = "SELECT auth_mode FROM usr_data WHERE ".
341  "login = ".$ilDB->quote($a_username);
342  //"passwd = ".$ilDB->quote(md5($a_password))."";
343 
344 
345  $r = $db->query($q);
346  $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
347 //echo "+".$row->auth_mode."+";
348 
349  $auth_mode = self::_getAuthMode($row->auth_mode,$db);
350 
351  return in_array($auth_mode,self::_getActiveAuthModes()) ? $auth_mode : AUTH_INACTIVE;
352  }
353 
354  function _getAuthMode($a_auth_mode,$a_db_handler = '')
355  {
356  global $ilDB, $ilSetting;
357 
358  $db =& $ilDB;
359 
360  if ($a_db_handler != '')
361  {
362  $db =& $a_db_handler;
363  }
364 
365  switch ($a_auth_mode)
366  {
367  case "local":
368  return AUTH_LOCAL;
369  break;
370 
371  case "ldap":
372  return AUTH_LDAP;
373  break;
374 
375  case "radius":
376  return AUTH_RADIUS;
377  break;
378 
379  case "script":
380  return AUTH_SCRIPT;
381  break;
382 
383  case "shibboleth":
384  return AUTH_SHIBBOLETH;
385  break;
386 
387  case "cas":
388  return AUTH_CAS;
389  break;
390 
391  case "soap":
392  return AUTH_SOAP;
393  break;
394 
395  case 'ecs':
396  return AUTH_ECS;
397 
398  case 'openid':
399  return AUTH_OPENID;
400 
401  case 'apache':
402  return AUTH_APACHE;
403 
404  default:
405  return $ilSetting->get("auth_mode");
406  break;
407  }
408  }
409 
410  public static function _getAuthModeName($a_auth_key)
411  {
412  global $ilias;
413 
414  switch ($a_auth_key)
415  {
416  case AUTH_LOCAL:
417  return "local";
418  break;
419 
420  case AUTH_LDAP:
421  return "ldap";
422  break;
423 
424  case AUTH_RADIUS:
425  return "radius";
426  break;
427 
428  case AUTH_CAS:
429  return "cas";
430  break;
431 
432  case AUTH_SCRIPT:
433  return "script";
434  break;
435 
436  case AUTH_SHIBBOLETH:
437  return "shibboleth";
438  break;
439 
440  case AUTH_SOAP:
441  return "soap";
442  break;
443 
444  case AUTH_ECS:
445  return 'ecs';
446 
447  case AUTH_APACHE:
448  return 'apache';
449 
450  case AUTH_OPENID:
451  return 'open_id';
452 
453  default:
454  return "default";
455  break;
456  }
457  }
458 
459  function _getActiveAuthModes()
460  {
461  global $ilias,$ilSetting;
462 
463  $modes = array(
464  'default' => $ilSetting->get("auth_mode"),
465  'local' => AUTH_LOCAL
466  );
467  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
468  if(count(ilLDAPServer::_getActiveServerList()))
469  {
470  $modes['ldap'] = AUTH_LDAP;
471  }
472  if ($ilSetting->get("radius_active")) $modes['radius'] = AUTH_RADIUS;
473  if ($ilSetting->get("shib_active")) $modes['shibboleth'] = AUTH_SHIBBOLETH;
474  if ($ilSetting->get("script_active")) $modes['script'] = AUTH_SCRIPT;
475  if ($ilSetting->get("cas_active")) $modes['cas'] = AUTH_CAS;
476  if ($ilSetting->get("soap_auth_active")) $modes['soap'] = AUTH_SOAP;
477  if ($ilSetting->get("apache_active")) $modes['apache'] = AUTH_APACHE;
478 
479  include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
480  if(ilECSServerSettings::getInstance()->activeServerExists())
481  {
482  $modes['ecs'] = AUTH_ECS;
483  }
484 
485  include_once './Services/OpenId/classes/class.ilOpenIdSettings.php';
486  if(ilOpenIdSettings::getInstance()->isActive())
487  {
488  $modes['openid'] = AUTH_OPENID;
489  }
490 
491  // begin-path auth_plugin
492  foreach(self::getAuthPlugins() as $pl)
493  {
494  foreach($pl->getAuthIds() as $auth_id)
495  {
496  if($pl->isAuthActive($auth_id))
497  {
498  $modes[$pl->getAuthName($auth_id)] = $auth_id;
499  }
500  }
501  }
502  // end-path auth_plugin
503  return $modes;
504  }
505 
506  function _getAllAuthModes()
507  {
508  return array(
509  AUTH_LOCAL => ilAuthUtils::_getAuthModeName(AUTH_LOCAL),
510  AUTH_LDAP => ilAuthUtils::_getAuthModeName(AUTH_LDAP),
511  AUTH_SHIBBOLETH => ilAuthUtils::_getAuthModeName(AUTH_SHIBBOLETH),
512  AUTH_CAS => ilAuthUtils::_getAuthModeName(AUTH_CAS),
513  AUTH_SOAP => ilAuthUtils::_getAuthModeName(AUTH_SOAP),
514  AUTH_RADIUS => ilAuthUtils::_getAuthModeName(AUTH_RADIUS),
515  AUTH_ECS => ilAuthUtils::_getAuthModeName(AUTH_ECS),
516  AUTH_OPENID => ilAuthUtils::_getAuthModeName(AUTH_OPENID),
517  AUTH_APACHE => ilAuthUtils::_getAuthModeName(AUTH_APACHE)
518  );
519  }
520 
525  function _generateLogin($a_login)
526  {
527  global $ilDB;
528 
529  // Check if username already exists
530  $found = false;
531  $postfix = 0;
532  $c_login = $a_login;
533  while(!$found)
534  {
535  $r = $ilDB->query("SELECT login FROM usr_data WHERE login = ".
536  $ilDB->quote($c_login));
537  if ($r->numRows() > 0)
538  {
539  $postfix++;
540  $c_login = $a_login.$postfix;
541  }
542  else
543  {
544  $found = true;
545  }
546  }
547 
548  return $c_login;
549  }
550 
551  public static function _hasMultipleAuthenticationMethods()
552  {
553  include_once('Services/Radius/classes/class.ilRadiusSettings.php');
554 
555  $rad_settings = ilRadiusSettings::_getInstance();
556  if($rad_settings->isActive())
557  {
558  return true;
559  }
560  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
561 
562  if (count(ilLDAPServer::_getActiveServerList()))
563  return true;
564 
565  global $ilSetting;
566 
567  if ($ilSetting->get('apache_active')) {
568  return true;
569  }
570 
571  // begin-patch auth_plugin
572  foreach(ilAuthUtils::getAuthPlugins() as $pl)
573  {
574  foreach($pl->getAuthIds() as $auth_id)
575  {
576  if($pl->getMultipleAuthModeOptions($auth_id))
577  {
578  return true;
579  }
580  }
581  }
582  // end-patch auth_plugin
583 
584 
585  return false;
586  }
587 
588  public static function _getMultipleAuthModeOptions($lng)
589  {
590  global $ilSetting;
591 
592  // in the moment only ldap is activated as additional authentication method
593  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
594 
595  $options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
596 
597  // LDAP
598  if($ldap_id = ilLDAPServer::_getFirstActiveServer())
599  {
600  $ldap_server = new ilLDAPServer($ldap_id);
601  $options[AUTH_LDAP]['txt'] = $ldap_server->getName();
602  }
603  include_once('Services/Radius/classes/class.ilRadiusSettings.php');
604  $rad_settings = ilRadiusSettings::_getInstance();
605  if($rad_settings->isActive())
606  {
607  $options[AUTH_RADIUS]['txt'] = $rad_settings->getName();
608  }
609 
610  if ($ilSetting->get('apache_active'))
611  {
612  global $lng;
613  $apache_settings = new ilSetting('apache_auth');
614  $options[AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
615  $options[AUTH_APACHE]['hide_in_ui'] = true;
616  }
617 
618  if($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_LDAP)
619  {
620  $default = AUTH_LDAP;
621  }
622  elseif($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_RADIUS)
623  {
624  $default = AUTH_RADIUS;
625  }
626  else
627  {
628  $default = AUTH_LOCAL;
629  }
630 
631  $default = $ilSetting->get('default_auth_mode',$default);
632  $default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default;
633 
634 
635  // begin-patch auth_plugin
636  $pls = ilAuthUtils::getAuthPlugins();
637  foreach($pls as $pl)
638  {
639  $auths = $pl->getAuthIds();
640  foreach($auths as $auth_id)
641  {
642  $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
643  if($pl_auth_option)
644  {
645  $options = $options + $pl_auth_option;
646  }
647  }
648  }
649  // end-patch auth_plugins
650 
651  $options[$default]['checked'] = true;
652 
653  return $options ? $options : array();
654  }
655 
665  public static function _isExternalAccountEnabled()
666  {
667  global $ilSetting;
668 
669  if($ilSetting->get("cas_active"))
670  {
671  return true;
672  }
673  if($ilSetting->get("soap_auth_active"))
674  {
675  return true;
676  }
677  if($ilSetting->get("shib_active"))
678  {
679  return true;
680  }
681  if($ilSetting->get('radius_active'))
682  {
683  return true;
684  }
685  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
686  if(count(ilLDAPServer::_getActiveServerList()))
687  {
688  return true;
689  }
690  include_once './Services/OpenId/classes/class.ilOpenIdSettings.php';
691  if(ilOpenIdSettings::getInstance()->isActive())
692  {
693  return true;
694  }
695 
696  // begin-path auth_plugin
697  foreach(self::getAuthPlugins() as $pl)
698  {
699  foreach($pl->getAuthIds() as $auth_id)
700  {
701  if($pl->isAuthActive($auth_id) and $pl->isExternalAccountNameRequired($auth_id))
702  {
703  return true;
704  }
705  }
706  }
707  // end-path auth_plugin
708 
709  return false;
710  }
711 
720  public static function _allowPasswordModificationByAuthMode($a_auth_mode)
721  {
722  switch($a_auth_mode)
723  {
724  case AUTH_LDAP:
725  case AUTH_RADIUS:
726  case AUTH_ECS:
727  case AUTH_OPENID:
728  return false;
729  default:
730  return true;
731  }
732  }
733 
742  public static function _needsExternalAccountByAuthMode($a_auth_mode)
743  {
744  switch($a_auth_mode)
745  {
746  case AUTH_LOCAL:
747  case AUTH_APACHE:
748  return false;
749  default:
750  return true;
751  }
752  }
753 
759  public static function isPasswordModificationEnabled($a_authmode)
760  {
761  global $ilSetting;
762 
763  if($ilSetting->get('usr_settings_hide_password') or $ilSetting->get('usr_settings_disable_password'))
764  {
765  return false;
766  }
767 
768  switch($a_authmode)
769  {
770  // No local passwords for these auth modes
771  case AUTH_LDAP:
772  case AUTH_RADIUS:
773  case AUTH_ECS:
774  case AUTH_SCRIPT:
775  return false;
776 
777  // Always for openid and local
778  case AUTH_LOCAL:
779  case AUTH_OPENID:
780  case AUTH_APACHE:
781  return true;
782 
783  // Read setting:
784  case AUTH_SHIBBOLETH:
785  return $ilSetting->get("shib_auth_allow_local");
786  case AUTH_SOAP:
787  return $ilSetting->get("soap_auth_allow_local");
788  case AUTH_CAS:
789  return $ilSetting->get("cas_allow_local");
790  }
791  }
792 
798  public static function supportsLocalPasswordValidation($a_authmode)
799  {
800  switch($a_authmode)
801  {
802  case AUTH_LDAP:
803  case AUTH_LOCAL:
804  case AUTH_RADIUS:
805  return ilAuthUtils::LOCAL_PWV_FULL;
806 
807  case AUTH_SHIBBOLETH:
808  case AUTH_SOAP:
809  case AUTH_CAS:
810  if(!ilAuthUtils::isPasswordModificationEnabled($a_authmode))
811  {
812  return ilAuthUtils::LOCAL_PWV_NO;
813  }
814  return ilAuthUtils::LOCAL_PWV_USER;
815 
816  case AUTH_ECS:
817  case AUTH_OPENID:
818  case AUTH_SCRIPT:
819  case AUTH_APACHE:
820  default:
821  return ilAuthUtils::LOCAL_PWV_USER;
822  }
823  }
824 
825  // begin-patch auth_plugin
830  public static function getAuthPlugins()
831  {
832  $pls = $GLOBALS['ilPluginAdmin']->getActivePluginsForSlot(
833  IL_COMP_SERVICE,
834  'Authentication',
835  'authhk'
836  );
837  $pl_objs = array();
838  foreach($pls as $pl)
839  {
840  $pl_objs[] = $GLOBALS['ilPluginAdmin']->getPluginObject(
841  IL_COMP_SERVICE,
842  'Authentication',
843  'authhk',
844  $pl
845  );
846  }
847  return $pl_objs;
848  }
849  // end-patch auth_plugins
850 }
851 ?>