ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
Public Member Functions | Static Public Member Functions | Data Fields
ilAuthUtils Class Reference

static utility functions used to manage authentication modes More...

+ Collaboration diagram for ilAuthUtils:

Public Member Functions

 _initAuth ()
 initialises $ilAuth More...
 
 _getAuthModeOfUser ($a_username, $a_password, $a_db_handler='')
 
 _getAuthMode ($a_auth_mode, $a_db_handler='')
 
 _getActiveAuthModes ()
 
 _getAllAuthModes ()
 
 _generateLogin ($a_login)
 generate free login by starting with a default string and adding postfix numbers More...
 

Static Public Member Functions

static _getAuthModeName ($a_auth_key)
 
static _hasMultipleAuthenticationMethods ()
 
static _getMultipleAuthModeOptions ($lng)
 
static _isExternalAccountEnabled ()
 Check if an external account name is required. More...
 
static _allowPasswordModificationByAuthMode ($a_auth_mode)
 Allow password modification. More...
 
static _needsExternalAccountByAuthMode ($a_auth_mode)
 Check if chosen auth mode needs an external account entry. More...
 
static isPasswordModificationEnabled ($a_authmode)
 Check if password modification is enabled. More...
 
static supportsLocalPasswordValidation ($a_authmode)
 Check if local password validation is supported. More...
 
static getAuthPlugins ()
 Get active enabled auth plugins. More...
 

Data Fields

const LOCAL_PWV_FULL = 1
 
const LOCAL_PWV_NO = 2
 
const LOCAL_PWV_USER = 3
 

Detailed Description

static utility functions used to manage authentication modes

Author
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

Definition at line 63 of file class.ilAuthUtils.php.

Member Function Documentation

◆ _allowPasswordModificationByAuthMode()

static ilAuthUtils::_allowPasswordModificationByAuthMode (   $a_auth_mode)
static

Allow password modification.

@access public

Parameters
intauth_mode

Definition at line 720 of file class.ilAuthUtils.php.

721 {
722 switch($a_auth_mode)
723 {
724 case AUTH_LDAP:
725 case AUTH_RADIUS:
726 case AUTH_ECS:
727 case AUTH_OPENID:
728 return false;
729 default:
730 return true;
731 }
732 }
AUTH_OPENID
const AUTH_OPENID
Definition: class.ilAuthUtils.php:18
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:17
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9

References AUTH_ECS, AUTH_LDAP, AUTH_OPENID, and AUTH_RADIUS.

Referenced by ilPasswordInputGUI\checkInput(), ilObjUserGUI\updateObject(), and ilObjUserGUI\updateObjectOld().

+ Here is the caller graph for this function:

◆ _generateLogin()

ilAuthUtils::_generateLogin (   $a_login)

generate free login by starting with a default string and adding postfix numbers

Definition at line 525 of file class.ilAuthUtils.php.

526 {
527 global $ilDB;
528
529 // Check if username already exists
530 $found = false;
531 $postfix = 0;
532 $c_login = $a_login;
533 while(!$found)
534 {
535 $r = $ilDB->query("SELECT login FROM usr_data WHERE login = ".
536 $ilDB->quote($c_login));
537 if ($r->numRows() > 0)
538 {
539 $postfix++;
540 $c_login = $a_login.$postfix;
541 }
542 else
543 {
544 $found = true;
545 }
546 }
547
548 return $c_login;
549 }
$ilDB
global $ilDB
Definition: storeScorm2004.php:19

References $ilDB.

Referenced by ilRadiusAttributeToUser\create(), ilOpenIdAttributeToUser\create(), ilAuthContainerECS\createUser(), ilCASAuth\login(), ilAuthContainerCAS\loginObserver(), ilAuthContainerSOAP\loginObserver(), and ilLDAPAttributeToUser\usersToXML().

+ Here is the caller graph for this function:

◆ _getActiveAuthModes()

ilAuthUtils::_getActiveAuthModes ( )

Definition at line 459 of file class.ilAuthUtils.php.

460 {
461 global $ilias,$ilSetting;
462
463 $modes = array(
464 'default' => $ilSetting->get("auth_mode"),
465 'local' => AUTH_LOCAL
466 );
467 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
468 if(count(ilLDAPServer::_getActiveServerList()))
469 {
470 $modes['ldap'] = AUTH_LDAP;
471 }
472 if ($ilSetting->get("radius_active")) $modes['radius'] = AUTH_RADIUS;
473 if ($ilSetting->get("shib_active")) $modes['shibboleth'] = AUTH_SHIBBOLETH;
474 if ($ilSetting->get("script_active")) $modes['script'] = AUTH_SCRIPT;
475 if ($ilSetting->get("cas_active")) $modes['cas'] = AUTH_CAS;
476 if ($ilSetting->get("soap_auth_active")) $modes['soap'] = AUTH_SOAP;
477 if ($ilSetting->get("apache_active")) $modes['apache'] = AUTH_APACHE;
478
479 include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
480 if(ilECSServerSettings::getInstance()->activeServerExists())
481 {
482 $modes['ecs'] = AUTH_ECS;
483 }
484
485 include_once './Services/OpenId/classes/class.ilOpenIdSettings.php';
486 if(ilOpenIdSettings::getInstance()->isActive())
487 {
488 $modes['openid'] = AUTH_OPENID;
489 }
490
491 // begin-path auth_plugin
492 foreach(self::getAuthPlugins() as $pl)
493 {
494 foreach($pl->getAuthIds() as $auth_id)
495 {
496 if($pl->isAuthActive($auth_id))
497 {
498 $modes[$pl->getAuthName($auth_id)] = $auth_id;
499 }
500 }
501 }
502 // end-path auth_plugin
503 return $modes;
504 }
AUTH_SHIBBOLETH
const AUTH_SHIBBOLETH
Definition: class.ilAuthUtils.php:11
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:20
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
AUTH_SCRIPT
const AUTH_SCRIPT
Definition: class.ilAuthUtils.php:10
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
AUTH_SOAP
const AUTH_SOAP
Definition: class.ilAuthUtils.php:13
ilECSServerSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilECSServerSettings.php:54
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:100
ilOpenIdSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilOpenIdSettings.php:40
$ilSetting
global $ilSetting
Definition: privfeed.php:40

References $ilSetting, ilLDAPServer\_getActiveServerList(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilOpenIdSettings\getInstance(), and ilECSServerSettings\getInstance().

Referenced by ilSoapInstallationInfoXMLWriter\__buildClient(), ilObjAuthSettingsGUI\authSettingsObject(), ilSoapAdministration\getNIC(), and ilObjUserGUI\initForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAllAuthModes()

ilAuthUtils::_getAllAuthModes ( )

Definition at line 506 of file class.ilAuthUtils.php.

507 {
508 return array(
509 AUTH_LOCAL => ilAuthUtils::_getAuthModeName(AUTH_LOCAL),
510 AUTH_LDAP => ilAuthUtils::_getAuthModeName(AUTH_LDAP),
511 AUTH_SHIBBOLETH => ilAuthUtils::_getAuthModeName(AUTH_SHIBBOLETH),
512 AUTH_CAS => ilAuthUtils::_getAuthModeName(AUTH_CAS),
513 AUTH_SOAP => ilAuthUtils::_getAuthModeName(AUTH_SOAP),
514 AUTH_RADIUS => ilAuthUtils::_getAuthModeName(AUTH_RADIUS),
515 AUTH_ECS => ilAuthUtils::_getAuthModeName(AUTH_ECS),
516 AUTH_OPENID => ilAuthUtils::_getAuthModeName(AUTH_OPENID),
517 AUTH_APACHE => ilAuthUtils::_getAuthModeName(AUTH_APACHE)
518 );
519 }
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:410

References _getAuthModeName(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID, AUTH_RADIUS, AUTH_SHIBBOLETH, and AUTH_SOAP.

Referenced by ilObjAuthSettingsGUI\authSettingsObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthMode()

ilAuthUtils::_getAuthMode (   $a_auth_mode,
  $a_db_handler = '' 
)

Definition at line 354 of file class.ilAuthUtils.php.

355 {
356 global $ilDB, $ilSetting;
357
358 $db =& $ilDB;
359
360 if ($a_db_handler != '')
361 {
362 $db =& $a_db_handler;
363 }
364
365 switch ($a_auth_mode)
366 {
367 case "local":
368 return AUTH_LOCAL;
369 break;
370
371 case "ldap":
372 return AUTH_LDAP;
373 break;
374
375 case "radius":
376 return AUTH_RADIUS;
377 break;
378
379 case "script":
380 return AUTH_SCRIPT;
381 break;
382
383 case "shibboleth":
384 return AUTH_SHIBBOLETH;
385 break;
386
387 case "cas":
388 return AUTH_CAS;
389 break;
390
391 case "soap":
392 return AUTH_SOAP;
393 break;
394
395 case 'ecs':
396 return AUTH_ECS;
397
398 case 'openid':
399 return AUTH_OPENID;
400
401 case 'apache':
402 return AUTH_APACHE;
403
404 default:
405 return $ilSetting->get("auth_mode");
406 break;
407 }
408 }

References $ilDB, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, and AUTH_SOAP.

Referenced by ilSoapUserAdministration\__validateUserData(), _getAuthModeOfUser(), ilPasswordInputGUI\checkInput(), ilObjUser\getAuthMode(), ilAuthContainerMDB2\loginObserver(), ilObjUserGUI\updateObject(), and ilObjUserGUI\updateObjectOld().

+ Here is the caller graph for this function:

◆ _getAuthModeName()

static ilAuthUtils::_getAuthModeName (   $a_auth_key)
static

Definition at line 410 of file class.ilAuthUtils.php.

411 {
412 global $ilias;
413
414 switch ($a_auth_key)
415 {
416 case AUTH_LOCAL:
417 return "local";
418 break;
419
420 case AUTH_LDAP:
421 return "ldap";
422 break;
423
424 case AUTH_RADIUS:
425 return "radius";
426 break;
427
428 case AUTH_CAS:
429 return "cas";
430 break;
431
432 case AUTH_SCRIPT:
433 return "script";
434 break;
435
436 case AUTH_SHIBBOLETH:
437 return "shibboleth";
438 break;
439
440 case AUTH_SOAP:
441 return "soap";
442 break;
443
444 case AUTH_ECS:
445 return 'ecs';
446
447 case AUTH_APACHE:
448 return 'apache';
449
450 case AUTH_OPENID:
451 return 'open_id';
452
453 default:
454 return "default";
455 break;
456 }
457 }

References AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, and AUTH_SOAP.

Referenced by ilSoapInstallationInfoXMLWriter\__buildClient(), ilObjUser\_checkExternalAuthAccount(), _getAllAuthModes(), ilObjUser\_getExternalAccountsByAuthMode(), ilObjAuthSettingsGUI\authSettingsObject(), ilLDAPServer\getAuthenticationMappingKey(), ilSoapAdministration\getNIC(), ilUserImportParser\importEndTag(), ilObjUserGUI\initForm(), ilLDAPQuery\parseAuthMode(), and ilUserImportParser\verifyEndTag().

+ Here is the caller graph for this function:

◆ _getAuthModeOfUser()

ilAuthUtils::_getAuthModeOfUser (   $a_username,
  $a_password,
  $a_db_handler = '' 
)

Definition at line 302 of file class.ilAuthUtils.php.

303 {
304 global $ilDB;
305
306 if(isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']))
307 {
308 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_ECS);
309 return AUTH_ECS;
310 }
311 if(isset($_POST['auth_mode']))
312 {
313 return (int) $_POST['auth_mode'];
314 }
315 if(isset($_POST['oid_username']) or $_GET['oid_check_status'])
316 {
317 $GLOBALS['ilLog']->write(__METHOD__.' set context to open id');
318 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_OPENID);
319 return AUTH_OPENID;
320 }
321
322 include_once('./Services/Authentication/classes/class.ilAuthModeDetermination.php');
323 $det = ilAuthModeDetermination::_getInstance();
324
325 if(!$det->isManualSelection() and $det->getCountActiveAuthModes() > 1)
326 {
327 return AUTH_MULTIPLE;
328 }
329
330
331 $db =& $ilDB;
332
333 if ($a_db_handler != '')
334 {
335 $db =& $a_db_handler;
336 }
337
338 // Is it really necessary to check the auth mode with password ?
339 // Changed: smeyer
340 $q = "SELECT auth_mode FROM usr_data WHERE ".
341 "login = ".$ilDB->quote($a_username);
342 //"passwd = ".$ilDB->quote(md5($a_password))."";
343
344
345 $r = $db->query($q);
346 $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
347//echo "+".$row->auth_mode."+";
348
349 $auth_mode = self::_getAuthMode($row->auth_mode,$db);
350
351 return in_array($auth_mode,self::_getActiveAuthModes()) ? $auth_mode : AUTH_INACTIVE;
352 }
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
AUTH_MULTIPLE
const AUTH_MULTIPLE
Definition: class.ilAuthUtils.php:24
AUTH_INACTIVE
const AUTH_INACTIVE
Definition: class.ilAuthUtils.php:22
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
ilAuthFactory\setContext
static setContext($a_context)
set context
Definition: class.ilAuthFactory.php:106
ilAuthUtils\_getAuthMode
_getAuthMode($a_auth_mode, $a_db_handler='')
Definition: class.ilAuthUtils.php:354
$_POST
$_POST['username']
Definition: cron.php:12
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4

References $_GET, $_POST, $GLOBALS, $ilDB, $row, _getAuthMode(), ilAuthModeDetermination\_getInstance(), AUTH_ECS, AUTH_INACTIVE, AUTH_MULTIPLE, AUTH_OPENID, ilAuthFactory\CONTEXT_ECS, ilAuthFactory\CONTEXT_OPENID, DB_FETCHMODE_OBJECT, and ilAuthFactory\setContext().

Referenced by _initAuth().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getMultipleAuthModeOptions()

static ilAuthUtils::_getMultipleAuthModeOptions (   $lng)
static

Definition at line 588 of file class.ilAuthUtils.php.

589 {
590 global $ilSetting;
591
592 // in the moment only ldap is activated as additional authentication method
593 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
594
595 $options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
596
597 // LDAP
598 if($ldap_id = ilLDAPServer::_getFirstActiveServer())
599 {
600 $ldap_server = new ilLDAPServer($ldap_id);
601 $options[AUTH_LDAP]['txt'] = $ldap_server->getName();
602 }
603 include_once('Services/Radius/classes/class.ilRadiusSettings.php');
604 $rad_settings = ilRadiusSettings::_getInstance();
605 if($rad_settings->isActive())
606 {
607 $options[AUTH_RADIUS]['txt'] = $rad_settings->getName();
608 }
609
610 if ($ilSetting->get('apache_active'))
611 {
612 global $lng;
613 $apache_settings = new ilSetting('apache_auth');
614 $options[AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
615 $options[AUTH_APACHE]['hide_in_ui'] = true;
616 }
617
618 if($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_LDAP)
619 {
620 $default = AUTH_LDAP;
621 }
622 elseif($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_RADIUS)
623 {
624 $default = AUTH_RADIUS;
625 }
626 else
627 {
628 $default = AUTH_LOCAL;
629 }
630
631 $default = $ilSetting->get('default_auth_mode',$default);
632 $default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default;
633
634
635 // begin-patch auth_plugin
636 $pls = ilAuthUtils::getAuthPlugins();
637 foreach($pls as $pl)
638 {
639 $auths = $pl->getAuthIds();
640 foreach($auths as $auth_id)
641 {
642 $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
643 if($pl_auth_option)
644 {
645 $options = $options + $pl_auth_option;
646 }
647 }
648 }
649 // end-patch auth_plugins
650
651 $options[$default]['checked'] = true;
652
653 return $options ? $options : array();
654 }
ilAuthUtils\getAuthPlugins
static getAuthPlugins()
Get active enabled auth plugins.
Definition: class.ilAuthUtils.php:830
ilLDAPServer\_getFirstActiveServer
static _getFirstActiveServer()
Get first active server.
Definition: class.ilLDAPServer.php:180
ilRadiusSettings\_getInstance
static _getInstance()
singleton get instance
Definition: class.ilRadiusSettings.php:74
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:33
$lng
global $lng
Definition: privfeed.php:40
$_REQUEST
if($_REQUEST['ilias_path']) define('ILIAS_HTTP_PATH' $_REQUEST['ilias_path']
Definition: index.php:7
$options
if(!is_array($argv)) $options
Definition: tcpdf_addfont.php:137

References $_REQUEST, $ilSetting, $lng, $options, ilLDAPServer\_getFirstActiveServer(), ilRadiusSettings\_getInstance(), AUTH_APACHE, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, and getAuthPlugins().

Referenced by ilStartUpGUI\showLoginForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _hasMultipleAuthenticationMethods()

static ilAuthUtils::_hasMultipleAuthenticationMethods ( )
static

Definition at line 551 of file class.ilAuthUtils.php.

552 {
553 include_once('Services/Radius/classes/class.ilRadiusSettings.php');
554
555 $rad_settings = ilRadiusSettings::_getInstance();
556 if($rad_settings->isActive())
557 {
558 return true;
559 }
560 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
561
562 if (count(ilLDAPServer::_getActiveServerList()))
563 return true;
564
565 global $ilSetting;
566
567 if ($ilSetting->get('apache_active')) {
568 return true;
569 }
570
571 // begin-patch auth_plugin
572 foreach(ilAuthUtils::getAuthPlugins() as $pl)
573 {
574 foreach($pl->getAuthIds() as $auth_id)
575 {
576 if($pl->getMultipleAuthModeOptions($auth_id))
577 {
578 return true;
579 }
580 }
581 }
582 // end-patch auth_plugin
583
584
585 return false;
586 }

References $ilSetting, ilLDAPServer\_getActiveServerList(), ilRadiusSettings\_getInstance(), and getAuthPlugins().

Referenced by ilStartUpGUI\showLoginForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _initAuth()

ilAuthUtils::_initAuth ( )

initialises $ilAuth

Definition at line 73 of file class.ilAuthUtils.php.

74 {
75 global $ilAuth, $ilSetting, $ilDB, $ilClientIniFile,$ilBench;
76
77 $user_auth_mode = false;
78 $ilBench->start('Auth','initAuth');
79
80
81 // get default auth mode
82 //$default_auth_mode = $this->getSetting("auth_mode");
83 define ("AUTH_DEFAULT", $ilSetting->get("auth_mode") ? $ilSetting->get("auth_mode") : AUTH_LOCAL);
84
85 // determine authentication method if no session is found and username & password is posted
86 // does this if statement make any sense? we enter this block nearly everytime.
87
88 if (empty($_SESSION) ||
89 (!isset($_SESSION['_authsession']['registered']) ||
90 $_SESSION['_authsession']['registered'] !== true))
91 {
92 // no sesssion found
93 if (isset($_POST['username']) and $_POST['username'] != '' and $_POST['password'] != '' or isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']) or isset($_POST['oid_username']) or isset($_GET['oid_check_status']))
94 {
95 $user_auth_mode = ilAuthUtils::_getAuthModeOfUser($_POST['username'], $_POST['password'], $ilDB);
96
97 if ($user_auth_mode == AUTH_CAS && $ilSetting->get("cas_allow_local"))
98 {
99 $user_auth_mode = AUTH_LOCAL;
100 }
101 if ($user_auth_mode == AUTH_SOAP && $ilSetting->get("soap_auth_allow_local"))
102 {
103 $user_auth_mode = AUTH_LOCAL;
104 }
105 if ($user_auth_mode == AUTH_SHIBBOLETH && $ilSetting->get("shib_auth_allow_local"))
106 {
107 $user_auth_mode = AUTH_LOCAL;
108 }
109 }
110 else if ($_POST['auth_mode'] == AUTH_APACHE)
111 {
112 $user_auth_mode = AUTH_APACHE;
113 }
114 }
115
116 // to do: other solution?
117 if (!$ilSetting->get("soap_auth_active") && $user_auth_mode == AUTH_SOAP)
118 {
119 $user_auth_mode = AUTH_LOCAL;
120 }
121
122 if($ilSetting->get("cas_active") && $_GET['forceCASLogin'])
123 {
124 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_CAS);
125 $user_auth_mode = AUTH_CAS;
126 }
127
128 if($ilSetting->get("apache_active") && $user_auth_mode == AUTH_APACHE)
129 {
130 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
131 $user_auth_mode = AUTH_APACHE;
132 }
133
134 // BEGIN WebDAV: Share session between browser and WebDAV client.
135 // The realm is needed to support a common session between Auth_HTTP and Auth.
136 // It also helps us to distinguish between parallel sessions run on different clients.
137 // Common session only works if we use a common session name starting with "_authhttp".
138 // We must use the "_authttp" prefix, because it is hardcoded in the session name of
139 // class Auth_HTTP.
140 // Whenever we use Auth_HTTP, we need to explicitly switch off "sessionSharing", because
141 // it interfers with the session mechanism of the other Auth modules. If we would
142 // keep this switched on, then users could steal each others session, which would cause
143 // a major security breach.
144 // Note: The realm and sessionName used here, must be the same as in
145 // class ilBaseAuthentication. Otherwise, Soap clients won't be able to log
146 // in to ILIAS.
147 $realm = CLIENT_ID;
148 //$this->writelog('ilias.php realm='.$realm);
149 // END WebDAV: Share session between browser and WebDAV client.
150
151//var_dump($_SESSION);
152//echo "1-".$ilSetting->get("soap_auth_active")."-";
153 // if soap authentication activated and soap credentials given
154 if (($ilSetting->get("soap_auth_active") && !empty($_GET["ext_uid"])
155 && !empty($_GET["soap_pw"])) || $user_auth_mode == AUTH_SOAP)
156 {
157
158 define('AUTH_CURRENT',AUTH_SOAP);
159 }
160 // if Shibboleth is active and the user is authenticated
161 // we set auth_mode to Shibboleth
162 else if ( $ilSetting->get("shib_active")
163 && $_SERVER[$ilSetting->get("shib_login")])
164 {
165 define ("AUTH_CURRENT", AUTH_SHIBBOLETH);
166 }
167 else
168 {
169 define ("AUTH_CURRENT", $user_auth_mode);
170 }
171//var_dump($_SESSION);
172
173 // Determine the authentication method to use
174 if (defined("WebDAV_Authentication") && WebDAV_Authentication == 'HTTP') {
175 // Since WebDAV clients create the login form by
176 // themselves, we can not provide buttons on the form for
177 // choosing an authentication method.
178 // If the user is already logged in, we continue using
179 // the current authentication method. If the user is
180 // not logged in yet, we use the "multiple authentication"
181 // method using a predefined sequence of authentication methods.
182 $authmode = AUTH_CURRENT ? AUTH_CURRENT : AUTH_MULTIPLE;
183 }
184 else
185 {
186 $authmode = AUTH_CURRENT;
187 }
188//var_dump($authmode);
189 // if no auth mode selected AND default mode is AUTH_APACHE then use it...
190 if ($authmode == null && AUTH_DEFAULT == AUTH_APACHE)
191 $authmode = AUTH_APACHE;
192
193 switch ($authmode)
194 {
195 case AUTH_LDAP:
196
197 include_once './Services/LDAP/classes/class.ilAuthContainerLDAP.php';
198 $ilAuth = ilAuthFactory::factory(new ilAuthContainerLDAP());
199 break;
200
201 case AUTH_RADIUS:
202
203 include_once './Services/Radius/classes/class.ilAuthContainerRadius.php';
204 $ilAuth = ilAuthFactory::factory(new ilAuthContainerRadius());
205 break;
206
207 case AUTH_SHIBBOLETH:
208 // build option string for SHIB::Auth
209 $auth_params = array();
210 $auth_params['sessionName'] = "_authhttp".md5($realm);
211 $ilAuth = new ShibAuth($auth_params,true);
212 break;
213
214 case AUTH_CAS:
215
216 include_once './Services/CAS/classes/class.ilAuthContainerCAS.php';
217 $ilAuth = ilAuthFactory::factory(new ilAuthContainerCAS());
218 break;
219
220 case AUTH_SOAP:
221
222 include_once './Services/SOAPAuth/classes/class.ilAuthContainerSOAP.php';
223 $ilAuth = ilAuthFactory::factory(new ilAuthContainerSOAP());
224 break;
225
226 case AUTH_MULTIPLE:
227
228 include_once './Services/Authentication/classes/class.ilAuthContainerMultiple.php';
229 $ilAuth = ilAuthFactory::factory(new ilAuthContainerMultiple());
230 break;
231
232 case AUTH_ECS:
233 include_once './Services/WebServices/ECS/classes/class.ilAuthContainerECS.php';
234 $ilAuth = ilAuthFactory::factory(new ilAuthContainerECS());
235 break;
236
237 case AUTH_OPENID:
238
239 include_once './Services/OpenId/classes/class.ilAuthContainerOpenId.php';
240 $ilAuth = ilAuthFactory::factory(new ilAuthContainerOpenId());
241 break;
242
243 case AUTH_INACTIVE:
244 require_once('./Services/Authentication/classes/class.ilAuthInactive.php');
245 $ilAuth = new ilAuthInactive(AUTH_MODE_INACTIVE);
246 break;
247
248 case AUTH_APACHE:
249 include_once './Services/AuthApache/classes/class.ilAuthContainerApache.php';
250 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
251 $ilAuth = ilAuthFactory::factory(new ilAuthContainerApache());
252 break;
253
254 // begin-patch auth_plugin
255 case AUTH_LOCAL:
256 global $ilLog;
257 include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
258 $ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
259 break;
260
261 default:
262 // check for plugin
263 if($authmode)
264 {
265 foreach(self::getAuthPlugins() as $pl)
266 {
267 $container = $pl->getContainer($authmode);
268 if($container instanceof Auth_Container)
269 {
270 $GLOBALS['ilLog']->write(__METHOD__.' Using plugin authentication with auth_mode '.$authmode);
271 $ilAuth = ilAuthFactory::factory($container);
272 break 2;
273 }
274 }
275 }
276 #$GLOBALS['ilLog']->write(__METHOD__.' Using default authentication');
277 // default for logged in users
278 include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
279 $ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
280 break;
281 // end-patch auth_plugin
282 }
283
284 // Due to a bug in Pear Auth_HTTP, we can't use idle time
285 // with WebDAV clients. If we used it, users could never log
286 // back into ILIAS once their session idled out. :(
287 if (!defined("WebDAV_Authentication") || WebDAV_Authentication != 'HTTP')
288 {
289 $ilAuth->setIdle(ilSession::getIdleValue(), false);
290 }
291 $ilAuth->setExpire(0);
292
293 ini_set("session.cookie_lifetime", "0");
294//echo "-".get_class($ilAuth)."-";
295 $GLOBALS['ilAuth'] =& $ilAuth;
296
297 ilSessionControl::checkExpiredSession();
298
299 $ilBench->stop('Auth','initAuth');
300 }
Auth_Container
Definition: Container.php:40
AUTH_MODE_INACTIVE
const AUTH_MODE_INACTIVE
Definition: class.ilAuthUtils.php:37
ilAuthContainerApache
Authentication against ILIAS database.
Definition: class.ilAuthContainerApache.php:13
ilAuthContainerCAS
@classDescription CAS authentication
Definition: class.ilAuthContainerCAS.php:15
ilAuthContainerECS
Custom PEAR Auth Container for ECS auth checks.
Definition: class.ilAuthContainerECS.php:35
ilAuthContainerLDAP
Overwritten Pear class AuthContainerLDAP This class is overwritten to support nested groups.
Definition: class.ilAuthContainerLDAP.php:37
ilAuthContainerMDB2
Authentication against ILIAS database.
Definition: class.ilAuthContainerMDB2.php:36
ilAuthContainerOpenId
@classDescription Pear auth container for openid
Definition: class.ilAuthContainerOpenId.php:14
ilAuthContainerRadius
@classDescription Overwritten Pear class AuthContainerRadius This class is overwritten to support to ...
Definition: class.ilAuthContainerRadius.php:38
ilAuthContainerSOAP
@classDescription Authentication against external SOAP server
Definition: class.ilAuthContainerSOAP.php:36
ilAuthFactory\factory
static factory(ilAuthContainerBase $deco)
The factory.
Definition: class.ilAuthFactory.php:141
ilAuthUtils\_getAuthModeOfUser
_getAuthModeOfUser($a_username, $a_password, $a_db_handler='')
Definition: class.ilAuthUtils.php:302
ilSessionControl\checkExpiredSession
static checkExpiredSession()
checks for possibly expired session should be called from ilAuthUtils::__initAuth() so it's called be...
Definition: class.ilSessionControl.php:85
ilSession\getIdleValue
static getIdleValue($fixedMode=false)
Returns the idle time in seconds.
Definition: class.ilSession.php:316
$_SESSION
< a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage_show.php?sid=' + Math.random(); this.blur(); return false">< img src="./images/refresh.png" alt="Reload Image" height="32" width="32" onclick="this.blur()" align="bottom" border="0"/></a >< br/>< strong > Enter Code *if($_SERVER['REQUEST_METHOD']=='POST' &&@ $_POST['do']=='contact') $_SESSION['ctform']['success']
Definition: example_form.php:192
$ilBench
global $ilBench
Definition: ilias.php:18
$ilLog
$ilLog
Definition: inc.setup_header.php:132
WebDAV_Authentication
const WebDAV_Authentication
Definition: webdav.php:30

References $_GET, $_POST, $_SESSION, $GLOBALS, $ilBench, $ilDB, $ilLog, $ilSetting, _getAuthModeOfUser(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_INACTIVE, AUTH_LDAP, AUTH_LOCAL, AUTH_MODE_INACTIVE, AUTH_MULTIPLE, AUTH_OPENID, AUTH_RADIUS, AUTH_SHIBBOLETH, AUTH_SOAP, ilSessionControl\checkExpiredSession(), ilAuthFactory\CONTEXT_APACHE, ilAuthFactory\CONTEXT_CAS, ilAuthFactory\factory(), ilSession\getIdleValue(), ilAuthFactory\setContext(), and WebDAV_Authentication.

Referenced by ilInitialisation\goToPublicSection(), and ilInitialisation\initUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _isExternalAccountEnabled()

static ilAuthUtils::_isExternalAccountEnabled ( )
static

Check if an external account name is required.

That's the case if Radius,LDAP, CAS or SOAP is active

@access public

Parameters

Definition at line 665 of file class.ilAuthUtils.php.

666 {
667 global $ilSetting;
668
669 if($ilSetting->get("cas_active"))
670 {
671 return true;
672 }
673 if($ilSetting->get("soap_auth_active"))
674 {
675 return true;
676 }
677 if($ilSetting->get("shib_active"))
678 {
679 return true;
680 }
681 if($ilSetting->get('radius_active'))
682 {
683 return true;
684 }
685 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
686 if(count(ilLDAPServer::_getActiveServerList()))
687 {
688 return true;
689 }
690 include_once './Services/OpenId/classes/class.ilOpenIdSettings.php';
691 if(ilOpenIdSettings::getInstance()->isActive())
692 {
693 return true;
694 }
695
696 // begin-path auth_plugin
697 foreach(self::getAuthPlugins() as $pl)
698 {
699 foreach($pl->getAuthIds() as $auth_id)
700 {
701 if($pl->isAuthActive($auth_id) and $pl->isExternalAccountNameRequired($auth_id))
702 {
703 return true;
704 }
705 }
706 }
707 // end-path auth_plugin
708
709 return false;
710 }

References $ilSetting, ilLDAPServer\_getActiveServerList(), and ilOpenIdSettings\getInstance().

Referenced by ilObjUserGUI\initForm(), and ilObjUserGUI\saveObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _needsExternalAccountByAuthMode()

static ilAuthUtils::_needsExternalAccountByAuthMode (   $a_auth_mode)
static

Check if chosen auth mode needs an external account entry.

@access public

Parameters
intauth_mode

Definition at line 742 of file class.ilAuthUtils.php.

743 {
744 switch($a_auth_mode)
745 {
746 case AUTH_LOCAL:
747 case AUTH_APACHE:
748 return false;
749 default:
750 return true;
751 }
752 }

References AUTH_APACHE, and AUTH_LOCAL.

Referenced by ilSoapUserAdministration\__validateUserData(), ilObjUser\isPasswordChangeDemanded(), and ilObjUserGUI\updateObjectOld().

+ Here is the caller graph for this function:

◆ getAuthPlugins()

static ilAuthUtils::getAuthPlugins ( )
static

Get active enabled auth plugins.

Returns
ilAuthDefinition

Definition at line 830 of file class.ilAuthUtils.php.

831 {
832 $pls = $GLOBALS['ilPluginAdmin']->getActivePluginsForSlot(
833 IL_COMP_SERVICE,
834 'Authentication',
835 'authhk'
836 );
837 $pl_objs = array();
838 foreach($pls as $pl)
839 {
840 $pl_objs[] = $GLOBALS['ilPluginAdmin']->getPluginObject(
841 IL_COMP_SERVICE,
842 'Authentication',
843 'authhk',
844 $pl
845 );
846 }
847 return $pl_objs;
848 }
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6

References $GLOBALS, and IL_COMP_SERVICE.

Referenced by _getMultipleAuthModeOptions(), _hasMultipleAuthenticationMethods(), ilAuthContainerMultiple\fetchData(), ilObjAuthSettingsGUI\initAuthModeDetermination(), and ilAuthModeDetermination\read().

+ Here is the caller graph for this function:

◆ isPasswordModificationEnabled()

static ilAuthUtils::isPasswordModificationEnabled (   $a_authmode)
static

Check if password modification is enabled.

Parameters
object$a_authmode
Returns

Definition at line 759 of file class.ilAuthUtils.php.

760 {
761 global $ilSetting;
762
763 if($ilSetting->get('usr_settings_hide_password') or $ilSetting->get('usr_settings_disable_password'))
764 {
765 return false;
766 }
767
768 switch($a_authmode)
769 {
770 // No local passwords for these auth modes
771 case AUTH_LDAP:
772 case AUTH_RADIUS:
773 case AUTH_ECS:
774 case AUTH_SCRIPT:
775 return false;
776
777 // Always for openid and local
778 case AUTH_LOCAL:
779 case AUTH_OPENID:
780 case AUTH_APACHE:
781 return true;
782
783 // Read setting:
784 case AUTH_SHIBBOLETH:
785 return $ilSetting->get("shib_auth_allow_local");
786 case AUTH_SOAP:
787 return $ilSetting->get("soap_auth_allow_local");
788 case AUTH_CAS:
789 return $ilSetting->get("cas_allow_local");
790 }
791 }

References $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, and AUTH_SOAP.

Referenced by ilPersonalSettingsGUI\allowPasswordChange(), ilAuthContainerMDB2\loginObserver(), and supportsLocalPasswordValidation().

+ Here is the caller graph for this function:

◆ supportsLocalPasswordValidation()

static ilAuthUtils::supportsLocalPasswordValidation (   $a_authmode)
static

Check if local password validation is supported.

Parameters
object$a_authmode
Returns

Definition at line 798 of file class.ilAuthUtils.php.

799 {
800 switch($a_authmode)
801 {
802 case AUTH_LDAP:
803 case AUTH_LOCAL:
804 case AUTH_RADIUS:
805 return ilAuthUtils::LOCAL_PWV_FULL;
806
807 case AUTH_SHIBBOLETH:
808 case AUTH_SOAP:
809 case AUTH_CAS:
810 if(!ilAuthUtils::isPasswordModificationEnabled($a_authmode))
811 {
812 return ilAuthUtils::LOCAL_PWV_NO;
813 }
814 return ilAuthUtils::LOCAL_PWV_USER;
815
816 case AUTH_ECS:
817 case AUTH_OPENID:
818 case AUTH_SCRIPT:
819 case AUTH_APACHE:
820 default:
821 return ilAuthUtils::LOCAL_PWV_USER;
822 }
823 }
ilAuthUtils\isPasswordModificationEnabled
static isPasswordModificationEnabled($a_authmode)
Check if password modification is enabled.
Definition: class.ilAuthUtils.php:759

References AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, isPasswordModificationEnabled(), LOCAL_PWV_FULL, LOCAL_PWV_NO, and LOCAL_PWV_USER.

Referenced by ilDAVUtils\isLocalPasswordInstructionRequired().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ LOCAL_PWV_FULL

const ilAuthUtils::LOCAL_PWV_FULL = 1

Definition at line 65 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_NO

const ilAuthUtils::LOCAL_PWV_NO = 2

Definition at line 66 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_USER

const ilAuthUtils::LOCAL_PWV_USER = 3

Definition at line 67 of file class.ilAuthUtils.php.

Referenced by ilDAVUtils\isLocalPasswordInstructionRequired(), and supportsLocalPasswordValidation().

The documentation for this class was generated from the following file: