ILIAS  release_4-3 Revision
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilAuthContainerApache.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 include_once 'Auth/Container/MDB2.php';
25 
35 class ilAuthContainerApache extends Auth_Container
36 {
37 
38  public static $force_creation = false;
39 
43  public function __construct()
44  {
45  parent::__construct($options);
46  }
47  /*
48  public function loginObserver($a_username, $a_auth)
49  {
50  //var_dump($a_username);
51  }
52  */
53  public static function forceCreation($value)
54  {
55  self::$force_creation = $value;
56  }
57 
58  function fetchData($a_username, $password, $isChallengeResponse=false)
59  { //var_dump(func_get_args());
60  //var_dump($_SERVER);
61  global $lng;
62  $settings = new ilSetting('apache_auth');
63 
64  if (!$settings->get('apache_enable_auth'))
65  {
66  return false;
67  }
68  if (!$settings->get('apache_auth_indicator_name') || !$settings->get('apache_auth_indicator_value'))
69  {
70  return false;
71  }
72  if (!ilUtil::isLogin($a_username))
73  {
74  return false;
75  }
76 
77  if ($a_username == 'anonymous' && $password == 'anonymous') {
78  global $ilDB;
79  $query = 'SELECT * FROM usr_data WHERE login = %s';
80  $qres = $ilDB->queryF($query, array('text'), array($a_username));
81 
82  $userRow = $ilDB->fetchAssoc($qres);
83 
84  if (is_array($userRow) && $userRow['usr_id'])
85  {
86  // user as a local account...
87  // fetch logindata
88  $this->activeUser = $userRow['login'];
89  foreach ($userRow as $key => $value) {
90  if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
91  continue;
92  }
93  // Use reference to the auth object if exists
94  // This is because the auth session variable can change so a static call to setAuthData does not make sense
95  $this->_auth_obj->setAuthData($key, $value);
96  }
97  //var_dump($userRow);
98  $this->_auth_obj->setAuth($userRow['login']);
99  return true;
100  }
101  return false;
102  }
103 
104  if (!$_SESSION['login_invalid'] && in_array($_SERVER[$settings->get('apache_auth_indicator_name')], array_filter(array_map('trim', str_getcsv($settings->get('apache_auth_indicator_value'))))))
105  {
106  // we have a valid apache auth
107  global $ilDB;
108 
109  if ($settings->get('apache_enable_local'))
110  {
111  $query = 'SELECT * FROM usr_data WHERE login = %s OR (auth_mode = %s AND ext_account = %s)';
112  $qres = $ilDB->queryF($query, array('text', 'text', 'text'), array($a_username, 'apache', $a_username));
113 
114  $userRow = $ilDB->fetchAssoc($qres);
115 
116  if (is_array($userRow) && $userRow['usr_id'])
117  {
118  // user as a local account...
119  // fetch logindata
120  $this->activeUser = $userRow['login'];
121  foreach ($userRow as $key => $value) {
122  if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
123  continue;
124  }
125  // Use reference to the auth object if exists
126  // This is because the auth session variable can change so a static call to setAuthData does not make sense
127  $this->_auth_obj->setAuthData($key, $value);
128  }
129  //var_dump($userRow);
130  $this->_auth_obj->setAuth($userRow['login']);
131  return true;
132  }
133  }
134 
135  // if no local user has been found AND ldap lookup is enabled
136  if($settings->get('apache_enable_ldap'))
137  {
138  include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
139  $this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
140  $this->server->doConnectionCheck();
141 
142  $config = $this->server->toPearAuthArray();
143 
144  $query = new ilLDAPQuery($this->server);
145  $query->bind();
146  $ldapUser = $query->fetchUser($a_username);
147 
148  if ($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config['userattr']] == $a_username)
149  {
150  $ldapUser[$a_username]['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache",$a_username);
151  $user_data = $ldapUser[$a_username];//array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
152  if($this->server->enabledSyncOnLogin())
153  {
154  if(!$user_data['ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation)
155  {
156  $this->_auth_obj->logout();
157  $_SESSION['tmp_auth_mode'] = 'apache';
158  $_SESSION['tmp_external_account'] = $a_username;
159  $_SESSION['tmp_pass'] = $_POST['password'];
160 
161  include_once('./Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php');
162  $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($a_username, $user_data);
163  $_SESSION['tmp_roles'] = array();
164  foreach($roles as $info)
165  {
166  if($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN)
167  {
168  $_SESSION['tmp_roles'][] = $info['id'];
169  }
170  }
171 
172  ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
173  exit;
174  }
175 
176  if($this->updateRequired($a_username))
177  {
178  $this->initLDAPAttributeToUser();
179  $this->ldap_attr_to_user->setUserData($ldapUser);
180  $this->ldap_attr_to_user->refresh();
181  $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache",$a_username);
182  }
183  else
184  {
185  // User exists and no update required
186  $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache",$a_username);
187  }
188  }
189  if ($user_data['ilInternalAccount'])
190  {
191  $this->_auth_obj->setAuth($user_data['ilInternalAccount']);
192  return true;
193  }
194  }
195  }
196 
197  if ($settings->get('apache_enable_local') && $settings->get('apache_local_autocreate'))
198  {
199  // no local user, no ldap match or ldap not activated
200 // if (!self::$force_creation)
201 // {
202 // $_SESSION['tmp_auth_mode'] = 'apache';
203 // $_SESSION['tmp_external_account'] = $a_username;
204 // $_SESSION['tmp_pass'] = $_POST['password'];
205  //ilUtil::redirect('https://lernwelt.janposselt.de/ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
206 // }
207 // else
208 // {
209  global $ilIliasIniFile;
210  if ($_GET['r'])
211  $_SESSION['profile_complete_redirect'] = $_GET['r'];
212 
213  $user = new ilObjUser();
214  $user->setLogin($a_username);
215  $user->setExternalAccount($a_username);
216  $user->setProfileIncomplete(true);
217  $user->create();
218  $user->setAuthMode('apache');
219  // set a timestamp for last_password_change
220  // this ts is needed by the ACCOUNT_SECURITY_MODE_CUSTOMIZED
221  // in ilSecuritySettings
222  $user->setLastPasswordChangeTS( time() );
223  $user->setTimeLimitUnlimited(1);
224 
225  $user->setActive(1);
226  //insert user data in table user_data
227  $user->saveAsNew();
228  $user->writePrefs();
229  global $rbacadmin;
230  $rbacadmin->assignUser($settings->get('apache_default_role', 4),$user->getId(),true);
231  return true;
232 // }
233  }
234  }
235  else if (defined('IL_CERT_SSO') && IL_CERT_SSO) {
236  define('APACHE_ERRORCODE', AUTH_APACHE_FAILED);
237  }
238 
239  return false;
240  }
241 
247  protected function updateRequired($a_username)
248  {
249  if(!ilObjUser::_checkExternalAuthAccount("apache",$a_username))
250  {
251  return true;
252  }
253  // Check attribute mapping on login
254  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
255  if(ilLDAPAttributeMapping::hasRulesForUpdate($this->server->getServerId()))
256  {
257  #$GLOBALS['ilLog']->write(__METHOD__.': Required 2');
258  return true;
259  }
260  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
261  if(ilLDAPRoleAssignmentRule::hasRulesForUpdate())
262  {
263  #$GLOBALS['ilLog']->write(__METHOD__.': Required 3');
264  return true;
265  }
266  return false;
267  }
268 
275  private function initLDAPAttributeToUser()
276  {
277  include_once('Services/LDAP/classes/class.ilLDAPAttributeToUser.php');
278  $this->ldap_attr_to_user = new ilLDAPAttributeToUser($this->server);
279  }
280 
281 }
282 ?>