ILIAS  release_4-3 Revision
 All Data Structures Namespaces Files Functions Variables Groups Pages
ilAuthContainerApache Class Reference

Authentication against ILIAS database. More...

+ Inheritance diagram for ilAuthContainerApache:
+ Collaboration diagram for ilAuthContainerApache:

Public Member Functions

 __construct ()
 Constructor.
 fetchData ($a_username, $password, $isChallengeResponse=false)
 Fetch data from storage container.
- Public Member Functions inherited from Auth_Container
 Auth_Container ()
 Constructor.
 verifyPassword ($password1, $password2, $cryptType="md5")
 Crypt and verfiy the entered password.
 supportsChallengeResponse ()
 Returns true if the container supports Challenge Response password authentication.
 getCryptType ()
 Returns the crypt current crypt type of the container.
 listUsers ()
 List all users that are available from the storage container.
 getUser ($username)
 Returns a user assoc array.
 addUser ($username, $password, $additional=null)
 Add a new user to the storage container.
 removeUser ($username)
 Remove user from the storage container.
 changePassword ($username, $password)
 Change password for user in the storage container.
 log ($message, $level=AUTH_LOG_DEBUG)
 Log a message to the Auth log.
- Public Member Functions inherited from ilAuthContainerBase
 loginObserver ($a_username, $a_auth)
 Called after successful login.
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login.
 checkAuthObserver ($a_username, $a_auth)
 Called after check auth requests.
 logoutObserver ($a_username, $a_auth)
 Called after logout.

Static Public Member Functions

static forceCreation ($value)

Static Public Attributes

static $force_creation = false

Protected Member Functions

 updateRequired ($a_username)
 Check if an update is required.

Private Member Functions

 initLDAPAttributeToUser ()
 Init LDAP attribute mapping.

Additional Inherited Members

- Data Fields inherited from Auth_Container
 $activeUser = ""
 User that is currently selected from the storage container.
 $_auth_obj = null
 The Auth object this container is attached to.

Detailed Description

Authentication against ILIAS database.

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 35 of file class.ilAuthContainerApache.php.

Constructor & Destructor Documentation

ilAuthContainerApache::__construct ( )

Constructor.

Definition at line 43 of file class.ilAuthContainerApache.php.

{
}

Member Function Documentation

ilAuthContainerApache::fetchData (   $username,
  $password,
  $isChallengeResponse = false 
)

Fetch data from storage container.

Has to be overwritten by each storage class

public

Reimplemented from Auth_Container.

Definition at line 58 of file class.ilAuthContainerApache.php.

References $_GET, $_POST, $_SESSION, $force_creation, $ilIliasIniFile, $lng, $query, ilObjUser\_checkExternalAuthAccount(), ilLDAPServer\_getFirstActiveServer(), AUTH_APACHE_FAILED, exit, ilLDAPRoleAssignmentRules\getAssignmentsForCreation(), IL_CERT_SSO, initLDAPAttributeToUser(), ilUtil\isLogin(), ilUtil\redirect(), ilLDAPRoleAssignmentRules\ROLE_ACTION_ASSIGN, and updateRequired().

{ //var_dump(func_get_args());
//var_dump($_SERVER);
global $lng;
$settings = new ilSetting('apache_auth');
if (!$settings->get('apache_enable_auth'))
{
return false;
}
if (!$settings->get('apache_auth_indicator_name') || !$settings->get('apache_auth_indicator_value'))
{
return false;
}
if (!ilUtil::isLogin($a_username))
{
return false;
}
if ($a_username == 'anonymous' && $password == 'anonymous') {
global $ilDB;
$query = 'SELECT * FROM usr_data WHERE login = %s';
$qres = $ilDB->queryF($query, array('text'), array($a_username));
$userRow = $ilDB->fetchAssoc($qres);
if (is_array($userRow) && $userRow['usr_id'])
{
// user as a local account...
// fetch logindata
$this->activeUser = $userRow['login'];
foreach ($userRow as $key => $value) {
if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
continue;
}
// Use reference to the auth object if exists
// This is because the auth session variable can change so a static call to setAuthData does not make sense
$this->_auth_obj->setAuthData($key, $value);
}
//var_dump($userRow);
$this->_auth_obj->setAuth($userRow['login']);
return true;
}
return false;
}
if (!$_SESSION['login_invalid'] && in_array($_SERVER[$settings->get('apache_auth_indicator_name')], array_filter(array_map('trim', str_getcsv($settings->get('apache_auth_indicator_value'))))))
{
// we have a valid apache auth
global $ilDB;
if ($settings->get('apache_enable_local'))
{
$query = 'SELECT * FROM usr_data WHERE login = %s OR (auth_mode = %s AND ext_account = %s)';
$qres = $ilDB->queryF($query, array('text', 'text', 'text'), array($a_username, 'apache', $a_username));
$userRow = $ilDB->fetchAssoc($qres);
if (is_array($userRow) && $userRow['usr_id'])
{
// user as a local account...
// fetch logindata
$this->activeUser = $userRow['login'];
foreach ($userRow as $key => $value) {
if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
continue;
}
// Use reference to the auth object if exists
// This is because the auth session variable can change so a static call to setAuthData does not make sense
$this->_auth_obj->setAuthData($key, $value);
}
//var_dump($userRow);
$this->_auth_obj->setAuth($userRow['login']);
return true;
}
}
// if no local user has been found AND ldap lookup is enabled
if($settings->get('apache_enable_ldap'))
{
include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
$this->server->doConnectionCheck();
$config = $this->server->toPearAuthArray();
$query = new ilLDAPQuery($this->server);
$query->bind();
$ldapUser = $query->fetchUser($a_username);
if ($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config['userattr']] == $a_username)
{
$ldapUser[$a_username]['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache",$a_username);
$user_data = $ldapUser[$a_username];//array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
if($this->server->enabledSyncOnLogin())
{
if(!$user_data['ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation)
{
$this->_auth_obj->logout();
$_SESSION['tmp_auth_mode'] = 'apache';
$_SESSION['tmp_external_account'] = $a_username;
$_SESSION['tmp_pass'] = $_POST['password'];
include_once('./Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php');
$roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($a_username, $user_data);
$_SESSION['tmp_roles'] = array();
foreach($roles as $info)
{
{
$_SESSION['tmp_roles'][] = $info['id'];
}
}
ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
}
if($this->updateRequired($a_username))
{
$this->ldap_attr_to_user->setUserData($ldapUser);
$this->ldap_attr_to_user->refresh();
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache",$a_username);
}
else
{
// User exists and no update required
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache",$a_username);
}
}
if ($user_data['ilInternalAccount'])
{
$this->_auth_obj->setAuth($user_data['ilInternalAccount']);
return true;
}
}
}
if ($settings->get('apache_enable_local') && $settings->get('apache_local_autocreate'))
{
// no local user, no ldap match or ldap not activated
// if (!self::$force_creation)
// {
// $_SESSION['tmp_auth_mode'] = 'apache';
// $_SESSION['tmp_external_account'] = $a_username;
// $_SESSION['tmp_pass'] = $_POST['password'];
//ilUtil::redirect('https://lernwelt.janposselt.de/ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
// }
// else
// {
if ($_GET['r'])
$_SESSION['profile_complete_redirect'] = $_GET['r'];
$user = new ilObjUser();
$user->setLogin($a_username);
$user->setExternalAccount($a_username);
$user->setProfileIncomplete(true);
$user->create();
$user->setAuthMode('apache');
// set a timestamp for last_password_change
// this ts is needed by the ACCOUNT_SECURITY_MODE_CUSTOMIZED
// in ilSecuritySettings
$user->setLastPasswordChangeTS( time() );
$user->setTimeLimitUnlimited(1);
$user->setActive(1);
//insert user data in table user_data
$user->saveAsNew();
$user->writePrefs();
global $rbacadmin;
$rbacadmin->assignUser($settings->get('apache_default_role', 4),$user->getId(),true);
return true;
// }
}
}
else if (defined('IL_CERT_SSO') && IL_CERT_SSO) {
define('APACHE_ERRORCODE', AUTH_APACHE_FAILED);
}
return false;
}

+ Here is the call graph for this function:

static ilAuthContainerApache::forceCreation (   $value)
static

Definition at line 53 of file class.ilAuthContainerApache.php.

{
self::$force_creation = $value;
}
ilAuthContainerApache::initLDAPAttributeToUser ( )
private

Init LDAP attribute mapping.

private

Definition at line 275 of file class.ilAuthContainerApache.php.

Referenced by fetchData().

{
include_once('Services/LDAP/classes/class.ilLDAPAttributeToUser.php');
$this->ldap_attr_to_user = new ilLDAPAttributeToUser($this->server);
}

+ Here is the caller graph for this function:

ilAuthContainerApache::updateRequired (   $a_username)
protected

Check if an update is required.

Returns
Parameters
string$a_username

Definition at line 247 of file class.ilAuthContainerApache.php.

References ilObjUser\_checkExternalAuthAccount(), ilLDAPRoleAssignmentRule\hasRulesForUpdate(), and ilLDAPAttributeMapping\hasRulesForUpdate().

Referenced by fetchData().

{
if(!ilObjUser::_checkExternalAuthAccount("apache",$a_username))
{
return true;
}
// Check attribute mapping on login
include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
if(ilLDAPAttributeMapping::hasRulesForUpdate($this->server->getServerId()))
{
#$GLOBALS['ilLog']->write(__METHOD__.': Required 2');
return true;
}
include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
{
#$GLOBALS['ilLog']->write(__METHOD__.': Required 3');
return true;
}
return false;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Field Documentation

ilAuthContainerApache::$force_creation = false
static

Definition at line 38 of file class.ilAuthContainerApache.php.

Referenced by fetchData().


The documentation for this class was generated from the following file: