ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
class.ilAuthContainerApache.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2014 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4require_once 'Auth/Container/MDB2.php';
5
12class ilAuthContainerApache extends Auth_Container
13{
17 public static $force_creation = false;
18
22 public function __construct()
23 {
24 parent::__construct();
25 }
26
30 public static function forceCreation($value)
31 {
32 self::$force_creation = $value;
33 }
34
42 function fetchData($a_username, $password, $isChallengeResponse = false)
43 {
49 global $ilDB, $ilSetting , $rbacadmin;
50
51 $settings = new ilSetting('apache_auth');
52
53 if(!$settings->get('apache_enable_auth'))
54 {
55 return false;
56 }
57 if(!$settings->get('apache_auth_indicator_name') || !$settings->get('apache_auth_indicator_value'))
58 {
59 return false;
60 }
61 if(!ilUtil::isLogin($a_username))
62 {
63 return false;
64 }
65
66 if($a_username == 'anonymous' && $password == 'anonymous')
67 {
68 $query = 'SELECT * FROM usr_data WHERE login = %s';
69 $qres = $ilDB->queryF($query, array('text'), array($a_username));
70 $userRow = $ilDB->fetchAssoc($qres);
71
72 if(is_array($userRow) && $userRow['usr_id'])
73 {
74 // user as a local account...
75 // fetch logindata
76 $this->activeUser = $userRow['login'];
77 foreach($userRow as $key => $value)
78 {
79 if($key == $this->options['passwordcol'] || $key == $this->options['usernamecol'])
80 {
81 continue;
82 }
83 // Use reference to the auth object if exists
84 // This is because the auth session variable can change so a static call to setAuthData does not make sense
85 $this->_auth_obj->setAuthData($key, $value);
86 }
87 $this->_auth_obj->setAuth($userRow['login']);
88 return true;
89 }
90 return false;
91 }
92
93 if(
94 !$_SESSION['login_invalid'] &&
95 in_array(
96 $_SERVER[$settings->get('apache_auth_indicator_name')],
97 array_filter(array_map('trim', str_getcsv($settings->get('apache_auth_indicator_value'))))
98 )
99 )
100 {
101 // we have a valid apache auth
102 $list = array(
103 $ilSetting->get('auth_mode')
104 );
105
106 // Respect the auth method sequence
107 include_once('./Services/Authentication/classes/class.ilAuthModeDetermination.php');
108 $det = ilAuthModeDetermination::_getInstance();
109 if(!$det->isManualSelection() && $det->getCountActiveAuthModes() > 1)
110 {
111 $list = array();
112 foreach(ilAuthModeDetermination::_getInstance()->getAuthModeSequence() as $auth_mode)
113 {
114 $list[] = $auth_mode;
115 }
116 }
117
118 foreach($list as $auth_mode)
119 {
120 if(AUTH_LDAP == $auth_mode)
121 {
122 // if no local user has been found AND ldap lookup is enabled
123 if($settings->get('apache_enable_ldap'))
124 {
125 include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
126 $this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
127 $this->server->doConnectionCheck();
128
129 $config = $this->server->toPearAuthArray();
130
131 $query = new ilLDAPQuery($this->server);
132 $query->bind();
133 $ldapUser = $query->fetchUser($a_username);
134
135 if($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config['userattr']] == $a_username)
136 {
137 $ldapUser[$a_username]['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
138 $user_data = $ldapUser[$a_username]; //array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
139 if($this->server->enabledSyncOnLogin())
140 {
141 if(!$user_data['ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation)
142 {
143 $this->_auth_obj->logout();
144 $_SESSION['tmp_auth_mode'] = 'ldap';
145 $_SESSION['tmp_external_account'] = $a_username;
146 $_SESSION['tmp_pass'] = $_POST['password'];
147
148 include_once('./Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php');
149 $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($a_username, $user_data);
150 $_SESSION['tmp_roles'] = array();
151 foreach($roles as $info)
152 {
153 if($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN)
154 {
155 $_SESSION['tmp_roles'][] = $info['id'];
156 }
157 }
158
159 ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
160 }
161
162 if($this->updateRequired($a_username))
163 {
164 $this->initLDAPAttributeToUser();
165 $this->ldap_attr_to_user->setUserData($ldapUser);
166 $this->ldap_attr_to_user->refresh();
167 $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
168 }
169 else
170 {
171 // User exists and no update required
172 $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
173 }
174 }
175 if($user_data['ilInternalAccount'])
176 {
177 $this->_auth_obj->setAuth($user_data['ilInternalAccount']);
178 $this->_auth_obj->username = $user_data['ilInternalAccount'];
179 return true;
180 }
181 }
182 }
183 }
184 else if(AUTH_APACHE != $auth_mode && $settings->get('apache_enable_local'))
185 {
186 $condition = '';
187 if($ilSetting->get("auth_mode") && $ilSetting->get("auth_mode") == 'ldap')
188 {
189 $condition = " AND auth_mode != " . $ilDB->quote('default', 'text') . " ";
190 }
191 $query = "SELECT * FROM usr_data WHERE login = %s AND auth_mode != %s $condition";
192 $qres = $ilDB->queryF($query, array('text', 'text'), array($a_username, 'ldap'));
193 $userRow = $ilDB->fetchAssoc($qres);
194
195 if(is_array($userRow) && $userRow['usr_id'])
196 {
197 // user as a local account...
198 // fetch logindata
199 $this->activeUser = $userRow['login'];
200 foreach($userRow as $key => $value)
201 {
202 if($key == $this->options['passwordcol'] || $key == $this->options['usernamecol'])
203 {
204 continue;
205 }
206 // Use reference to the auth object if exists
207 // This is because the auth session variable can change so a static call to setAuthData does not make sense
208 $this->_auth_obj->setAuthData($key, $value);
209 }
210 $this->_auth_obj->setAuth($userRow['login']);
211 return true;
212 }
213 }
214 }
215
216 if($settings->get('apache_enable_local') && $settings->get('apache_local_autocreate'))
217 {
218 if($_GET['r'])
219 {
220 $_SESSION['profile_complete_redirect'] = $_GET['r'];
221 }
222
223 $user = new ilObjUser();
224 $user->setLogin($a_username);
225 $user->setExternalAccount($a_username);
226 $user->setProfileIncomplete(true);
227 $user->create();
228 $user->setAuthMode('apache');
229 // set a timestamp for last_password_change
230 // this ts is needed by ilSecuritySettings
231 $user->setLastPasswordChangeTS(time());
232 $user->setTimeLimitUnlimited(1);
233
234 $user->setActive(1);
235 //insert user data in table user_data
236 $user->saveAsNew();
237 $user->writePrefs();
238 $rbacadmin->assignUser($settings->get('apache_default_role', 4), $user->getId(), true);
239 return true;
240 }
241 }
242 else if(defined('IL_CERT_SSO') && IL_CERT_SSO)
243 {
244 define('APACHE_ERRORCODE', AUTH_APACHE_FAILED);
245 }
246
247 return false;
248 }
249
255 protected function updateRequired($a_username)
256 {
257 if(!ilObjUser::_checkExternalAuthAccount("ldap", $a_username))
258 {
259 return true;
260 }
261 // Check attribute mapping on login
262 include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
263 if(ilLDAPAttributeMapping::hasRulesForUpdate($this->server->getServerId()))
264 {
265 return true;
266 }
267 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
268 if(ilLDAPRoleAssignmentRule::hasRulesForUpdate())
269 {
270 return true;
271 }
272 return false;
273 }
274
279 private function initLDAPAttributeToUser()
280 {
281 include_once('Services/LDAP/classes/class.ilLDAPAttributeToUser.php');
282 $this->ldap_attr_to_user = new ilLDAPAttributeToUser($this->server);
283 }
284}
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
Auth_Container
Definition: Container.php:40
Auth_Container\fetchData
fetchData($username, $password, $isChallengeResponse=false)
Fetch data from storage container.
Definition: Container.php:82
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:20
AUTH_APACHE_FAILED
const AUTH_APACHE_FAILED
Definition: class.ilAuthUtils.php:34
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
ilAuthContainerApache
Authentication against ILIAS database.
Definition: class.ilAuthContainerApache.php:13
ilAuthContainerApache\initLDAPAttributeToUser
initLDAPAttributeToUser()
Init LDAP attribute mapping @access private.
Definition: class.ilAuthContainerApache.php:279
ilAuthContainerApache\updateRequired
updateRequired($a_username)
Check if an update is required.
Definition: class.ilAuthContainerApache.php:255
ilLDAPAttributeMapping\hasRulesForUpdate
static hasRulesForUpdate($a_server_id)
Check if there is ldap attribute -> user data mapping which which is updated on login.
Definition: class.ilLDAPAttributeMapping.php:120
ilLDAPAttributeToUser
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
Definition: class.ilLDAPAttributeToUser.php:35
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:85
ilLDAPRoleAssignmentRules\getAssignmentsForCreation
static getAssignmentsForCreation($a_usr_name, $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:165
ilLDAPServer\_getFirstActiveServer
static _getFirstActiveServer()
Get first active server.
Definition: class.ilLDAPServer.php:180
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3767
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:33
ilUtil\isLogin
isLogin($a_login)
Definition: class.ilUtil.php:1414
ilUtil\redirect
static redirect($a_script)
http redirect to other script
Definition: class.ilUtil.php:3611
$_POST
$_POST['username']
Definition: cron.php:12
$_SESSION
< a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage_show.php?sid=' + Math.random(); this.blur(); return false">< img src="./images/refresh.png" alt="Reload Image" height="32" width="32" onclick="this.blur()" align="bottom" border="0"/></a >< br/>< strong > Enter Code *if($_SERVER['REQUEST_METHOD']=='POST' &&@ $_POST['do']=='contact') $_SESSION['ctform']['success']
Definition: example_form.php:192
$ilSetting
global $ilSetting
Definition: privfeed.php:40
IL_CERT_SSO
const IL_CERT_SSO
Definition: index.php:5
$ilDB
global $ilDB
Definition: storeScorm2004.php:19