ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
All Data Structures Namespaces Files Functions Variables Modules Pages
Public Member Functions | Protected Member Functions | Private Member Functions | Private Attributes
ilAuthContainerRadius Class Reference
ServicesRadius

Overwritten Pear class AuthContainerRadius This class is overwritten to support to perform Radius authentication with specific ILIAS options. More...

+ Inheritance diagram for ilAuthContainerRadius:
+ Collaboration diagram for ilAuthContainerRadius:

Public Member Functions

 __construct ()
 Constructor. More...
 
 forceCreation ($a_status)
 Force creation of user accounts. More...
 
 loginObserver ($a_username, $a_auth)
 Called from base class after successful login. More...
 
 supportsCaptchaVerification ()
 

Protected Member Functions

 handleLDAPDataSource ($a_auth, $ext_account)
 Handle ldap as data source. More...
 

Private Member Functions

 initSettings ()
 Init radius settings. More...
 
 initRADIUSAttributeToUser ()
 Init RADIUS attribute mapping. More...
 

Private Attributes

 $radius_settings = null
 
 $rad_to_user = null
 
 $log = null
 
 $force_creation = false
 

Detailed Description

Overwritten Pear class AuthContainerRadius This class is overwritten to support to perform Radius authentication with specific ILIAS options.

Author
Stefan Meyer <smeyer.de>
Version
$Id$

Definition at line 37 of file class.ilAuthContainerRadius.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthContainerRadius::__construct ( )

Constructor.

public

Parameters
arrayAn associative array of pear parameters

Definition at line 51 of file class.ilAuthContainerRadius.php.

References $GLOBALS, initSettings(), and ilRadiusSettings\RADIUS_CHARSET_LATIN1.

52  {
53  $this->initSettings();
54 
55  // Convert password to latin1
56  if($this->radius_settings->getCharset() == ilRadiusSettings::RADIUS_CHARSET_LATIN1)
57  {
58  #$_POST['username'] = utf8_decode($_POST['username']);
59  #$_POST['password'] = utf8_decode($_POST['password']);
60  $GLOBALS['ilLog']->write(__METHOD__.': Decoded username and password to latin1.');
61  }
62 
63  parent::__construct($this->radius_settings->toPearAuthArray());
64 
65  }
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4
ilAuthContainerRadius\initSettings
initSettings()
Init radius settings.
Definition: class.ilAuthContainerRadius.php:142
+ Here is the call graph for this function:

Member Function Documentation

◆ forceCreation()

ilAuthContainerRadius::forceCreation (   $a_status)

Force creation of user accounts.

public

Parameters
boolforce_creation

Definition at line 81 of file class.ilAuthContainerRadius.php.

82  {
83  $this->force_creation = true;
84  }

◆ handleLDAPDataSource()

ilAuthContainerRadius::handleLDAPDataSource (   $a_auth,
  $ext_account 
)
protected

Handle ldap as data source.

Parameters
Auth$auth
string$ext_account

Definition at line 166 of file class.ilAuthContainerRadius.php.

References $GLOBALS, $server, AUTH_RADIUS, AUTH_RADIUS_NO_ILIAS_USER, AUTH_WRONG_LOGIN, ilLDAPServer\getDataSource(), ilLDAPServer\getInstanceByServerId(), ilUtil\redirect(), and ilLDAPUserSynchronisation\setExternalAccount().

Referenced by loginObserver().

167  {
168  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
169  $server = ilLDAPServer::getInstanceByServerId(
170  ilLDAPServer::getDataSource(AUTH_RADIUS)
171  );
172 
173  $GLOBALS['ilLog']->write(__METHOD__.'Using ldap data source');
174 
175  include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
176  $sync = new ilLDAPUserSynchronisation('radius', $server->getServerId());
177  $sync->setExternalAccount($ext_account);
178  $sync->setUserData(array());
179  $sync->forceCreation($this->force_creation);
180 
181  try {
182  $internal_account = $sync->sync();
183  }
184  catch(UnexpectedValueException $e) {
185  $GLOBALS['ilLog']->write(__METHOD__.': Login failed with message: '. $e->getMessage());
186  $a_auth->status = AUTH_WRONG_LOGIN;
187  $a_auth->logout();
188  return false;
189  }
190  catch(ilLDAPSynchronisationForbiddenException $e) {
191  // No syncronisation allowed => create Error
192  $GLOBALS['ilLog']->write(__METHOD__.': Login failed with message: '. $e->getMessage());
193  $a_auth->status = AUTH_RADIUS_NO_ILIAS_USER;
194  $a_auth->logout();
195  return false;
196  }
197  catch(ilLDAPAccountMigrationRequiredException $e) {
198  $GLOBALS['ilLog']->write(__METHOD__.': Starting account migration.');
199  $a_auth->logout();
200  ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
201  }
202 
203  $a_auth->setAuth($internal_account);
204  return true;
205  }
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14
AUTH_RADIUS_NO_ILIAS_USER
const AUTH_RADIUS_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:28
ilLDAPUserSynchronisation\setExternalAccount
setExternalAccount($a_ext)
Set external account (unique for each auth mode)
Definition: class.ilLDAPUserSynchronisation.php:60
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Definition: class.ilLDAPServer.php:53
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4
ilLDAPServer\getDataSource
static getDataSource($a_auth_mode)
Definition: class.ilLDAPServer.php:266
$server
$server
Definition: dummy_client.php:12
AUTH_WRONG_LOGIN
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
ilUtil\redirect
static redirect($a_script)
http redirect to other script
Definition: class.ilUtil.php:3611
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initRADIUSAttributeToUser()

ilAuthContainerRadius::initRADIUSAttributeToUser ( )
private

Init RADIUS attribute mapping.

private

Definition at line 155 of file class.ilAuthContainerRadius.php.

Referenced by loginObserver().

156  {
157  include_once('Services/Radius/classes/class.ilRadiusAttributeToUser.php');
158  $this->radius_user = new ilRadiusAttributeToUser();
159  }
+ Here is the caller graph for this function:

◆ initSettings()

ilAuthContainerRadius::initSettings ( )
private

Init radius settings.

Returns
void

Definition at line 142 of file class.ilAuthContainerRadius.php.

References ilRadiusSettings\_getInstance().

Referenced by __construct().

143  {
144  include_once 'Services/Radius/classes/class.ilRadiusSettings.php';
145  $this->radius_settings = ilRadiusSettings::_getInstance();
146  }
ilRadiusSettings\_getInstance
static _getInstance()
singleton get instance
Definition: class.ilRadiusSettings.php:74
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ loginObserver()

ilAuthContainerRadius::loginObserver (   $a_username,
  $a_auth 
)

Called from base class after successful login.

Parameters
stringusername

Definition at line 91 of file class.ilAuthContainerRadius.php.

References $_POST, $_SESSION, $force_creation, ilObjUser\_checkExternalAuthAccount(), AUTH_RADIUS, AUTH_RADIUS_NO_ILIAS_USER, handleLDAPDataSource(), initRADIUSAttributeToUser(), ilLDAPServer\isDataSourceActive(), and ilUtil\redirect().

92  {
93  // Radius with ldap as data source
94  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
95  if(ilLDAPServer::isDataSourceActive(AUTH_RADIUS))
96  {
97  return $this->handleLDAPDataSource($a_auth,$a_username);
98  }
99 
100  $user_data = array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
101  $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("radius",$a_username);
102 
103  if(!$user_data['ilInternalAccount'])
104  {
105  if($this->radius_settings->enabledCreation())
106  {
107  if($this->radius_settings->isAccountMigrationEnabled() and !$this->force_creation)
108  {
109  $a_auth->logout();
110  $_SESSION['tmp_auth_mode'] = 'radius';
111  $_SESSION['tmp_external_account'] = $a_username;
112  $_SESSION['tmp_pass'] = $_POST['password'];
113  $_SESSION['tmp_roles'] = array(0 => $this->radius_settings->getDefaultRole());
114 
115  ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmd=showAccountMigration&cmdClass=ilstartupgui');
116  }
117  $this->initRADIUSAttributeToUser();
118  $new_name = $this->radius_user->create($a_username);
119  $a_auth->setAuth($new_name);
120  return true;
121  }
122  else
123  {
124  // No syncronisation allowed => create Error
125  $a_auth->status = AUTH_RADIUS_NO_ILIAS_USER;
126  $a_auth->logout();
127  return false;
128  }
129 
130  }
131  else
132  {
133  $a_auth->setAuth($user_data['ilInternalAccount']);
134  return true;
135  }
136  }
$_SESSION
< a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage_show.php?sid=' + Math.random(); this.blur(); return false">< img src="./images/refresh.png" alt="Reload Image" height="32" width="32" onclick="this.blur()" align="bottom" border="0"/></a >< br/>< strong > Enter Code *if($_SERVER['REQUEST_METHOD']=='POST' &&@ $_POST['do']=='contact') $_SESSION['ctform']['success']
Definition: example_form.php:192
$_POST
$_POST['username']
Definition: cron.php:12
ilAuthContainerRadius\initRADIUSAttributeToUser
initRADIUSAttributeToUser()
Init RADIUS attribute mapping.
Definition: class.ilAuthContainerRadius.php:155
AUTH_RADIUS_NO_ILIAS_USER
const AUTH_RADIUS_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:28
ilAuthContainerRadius\handleLDAPDataSource
handleLDAPDataSource($a_auth, $ext_account)
Handle ldap as data source.
Definition: class.ilAuthContainerRadius.php:166
ilLDAPServer\isDataSourceActive
static isDataSourceActive($a_auth_mode)
Check if a data source is active for a specific auth mode ilDB $ilDB.
Definition: class.ilLDAPServer.php:251
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3767
ilUtil\redirect
static redirect($a_script)
http redirect to other script
Definition: class.ilUtil.php:3611
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9
+ Here is the call graph for this function:

◆ supportsCaptchaVerification()

ilAuthContainerRadius::supportsCaptchaVerification ( )
Returns
bool

Definition at line 210 of file class.ilAuthContainerRadius.php.

211  {
212  return true;
213  }

Field Documentation

◆ $force_creation

ilAuthContainerRadius::$force_creation = false
private

Definition at line 42 of file class.ilAuthContainerRadius.php.

Referenced by loginObserver().

◆ $log

ilAuthContainerRadius::$log = null
private

Definition at line 41 of file class.ilAuthContainerRadius.php.

◆ $rad_to_user

ilAuthContainerRadius::$rad_to_user = null
private

Definition at line 40 of file class.ilAuthContainerRadius.php.

◆ $radius_settings

ilAuthContainerRadius::$radius_settings = null
private

Definition at line 39 of file class.ilAuthContainerRadius.php.

The documentation for this class was generated from the following file: