ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilAuthUtils.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
5 
6 // define auth modes
7 define ("AUTH_LOCAL",1);
8 define ("AUTH_LDAP",2);
9 define ("AUTH_RADIUS",3);
10 define ("AUTH_SCRIPT",4);
11 define ("AUTH_SHIBBOLETH",5);
12 define ("AUTH_CAS",6);
13 define ("AUTH_SOAP",7);
14 // BEGIN WebDAV: Add support for HTTP authentication
15 define ("AUTH_HTTP",8);
16 // END WebDAV: Add support for HTTP authentication
17 define ("AUTH_ECS",9);
18 define('AUTH_OPENID',10);
19 
20 define ("AUTH_APACHE",11);
21 
22 define ("AUTH_INACTIVE",18);
23 
24 define('AUTH_MULTIPLE',20);
25 
26 define('AUTH_SOAP_NO_ILIAS_USER', -100);
27 define('AUTH_LDAP_NO_ILIAS_USER',-200);
28 define('AUTH_RADIUS_NO_ILIAS_USER',-300);
29 define('AUTH_OPENID_NO_ILIAS_USER',-400);
30 
31 // apache auhtentication failed...
32 // maybe no (valid) certificate or
33 // username could not be extracted
34 define('AUTH_APACHE_FAILED', -500);
35 
36 
37 define('AUTH_MODE_INACTIVE',-1000);
38 
39 // an external user cannot be found in ilias, but his email address
40 // matches one or more ILIAS users
41 define('AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL', -101);
42 define('AUTH_CAS_NO_ILIAS_USER', -90);
43 
44 // ilUser validation (no login)
45 define('AUTH_USER_WRONG_IP', -600);
46 define('AUTH_USER_INACTIVE', -601);
47 define('AUTH_USER_TIME_LIMIT_EXCEEDED', -602);
48 define('AUTH_USER_SIMULTANEOUS_LOGIN', -603);
49 define('AUTH_CAPTCHA_INVALID', -604);
50 define('AUTH_USER_INACTIVE_LOGIN_ATTEMPTS', -605);
51 
52 
53 include_once './Services/Authentication/classes/class.ilAuthFactory.php';
54 require_once('Services/Authentication/classes/class.ilSessionControl.php');
55 
56 
64 class ilAuthUtils
65 {
66  const LOCAL_PWV_FULL = 1;
67  const LOCAL_PWV_NO = 2;
68  const LOCAL_PWV_USER = 3;
69 
70 
74  function _initAuth()
75  {
76  global $ilAuth, $ilSetting, $ilDB, $ilClientIniFile,$ilBench;
77 
78  $user_auth_mode = false;
79  $ilBench->start('Auth','initAuth');
80 
81 
82  // get default auth mode
83  //$default_auth_mode = $this->getSetting("auth_mode");
84  define ("AUTH_DEFAULT", $ilSetting->get("auth_mode") ? $ilSetting->get("auth_mode") : AUTH_LOCAL);
85 
86  // determine authentication method if no session is found and username & password is posted
87  // does this if statement make any sense? we enter this block nearly everytime.
88 
89  if (empty($_SESSION) ||
90  (!isset($_SESSION['_authsession']['registered']) ||
91  $_SESSION['_authsession']['registered'] !== true))
92  {
93  // no sesssion found
94  if (isset($_POST['username']) and $_POST['username'] != '' and $_POST['password'] != '' or isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']) or isset($_POST['oid_username']) or isset($_GET['oid_check_status']))
95  {
96  $user_auth_mode = ilAuthUtils::_getAuthModeOfUser($_POST['username'], $_POST['password'], $ilDB);
97  ilLoggerFactory::getLogger('auth')->debug('Authmode is '. $user_auth_mode);
98 
99  if ($user_auth_mode == AUTH_CAS && $ilSetting->get("cas_allow_local"))
100  {
101  $user_auth_mode = AUTH_LOCAL;
102  }
103  if ($user_auth_mode == AUTH_SOAP && $ilSetting->get("soap_auth_allow_local"))
104  {
105  $user_auth_mode = AUTH_LOCAL;
106  }
107  if ($user_auth_mode == AUTH_SHIBBOLETH && $ilSetting->get("shib_auth_allow_local"))
108  {
109  $user_auth_mode = AUTH_LOCAL;
110  }
111  }
112  else if ($_POST['auth_mode'] == AUTH_APACHE)
113  {
114  $user_auth_mode = AUTH_APACHE;
115  }
116  }
117 
118  // to do: other solution?
119  if (!$ilSetting->get("soap_auth_active") && $user_auth_mode == AUTH_SOAP)
120  {
121  $user_auth_mode = AUTH_LOCAL;
122  }
123 
124  if($ilSetting->get("cas_active") && $_GET['forceCASLogin'])
125  {
126  ilAuthFactory::setContext(ilAuthFactory::CONTEXT_CAS);
127  $user_auth_mode = AUTH_CAS;
128  }
129 
130  if($ilSetting->get("apache_active") && $user_auth_mode == AUTH_APACHE)
131  {
132  ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
133  $user_auth_mode = AUTH_APACHE;
134  }
135 
136  // BEGIN WebDAV: Share session between browser and WebDAV client.
137  // The realm is needed to support a common session between Auth_HTTP and Auth.
138  // It also helps us to distinguish between parallel sessions run on different clients.
139  // Common session only works if we use a common session name starting with "_authhttp".
140  // We must use the "_authttp" prefix, because it is hardcoded in the session name of
141  // class Auth_HTTP.
142  // Whenever we use Auth_HTTP, we need to explicitly switch off "sessionSharing", because
143  // it interfers with the session mechanism of the other Auth modules. If we would
144  // keep this switched on, then users could steal each others session, which would cause
145  // a major security breach.
146  // Note: The realm and sessionName used here, must be the same as in
147  // class ilBaseAuthentication. Otherwise, Soap clients won't be able to log
148  // in to ILIAS.
149  $realm = CLIENT_ID;
150  //$this->writelog('ilias.php realm='.$realm);
151  // END WebDAV: Share session between browser and WebDAV client.
152 
153 //var_dump($_SESSION);
154 //echo "1-".$ilSetting->get("soap_auth_active")."-";
155  // if soap authentication activated and soap credentials given
156  if (($ilSetting->get("soap_auth_active") && !empty($_GET["ext_uid"])
157  && !empty($_GET["soap_pw"])) || $user_auth_mode == AUTH_SOAP)
158  {
159 
160  define('AUTH_CURRENT',AUTH_SOAP);
161  }
162  // if Shibboleth is active and the user is authenticated
163  // we set auth_mode to Shibboleth
164  else if ( $ilSetting->get("shib_active")
165  && $_SERVER[$ilSetting->get("shib_login")])
166  {
167  define ("AUTH_CURRENT", AUTH_SHIBBOLETH);
168  }
169  else
170  {
171  define ("AUTH_CURRENT", $user_auth_mode);
172  }
173 //var_dump($_SESSION);
174 
175  // Determine the authentication method to use
176  if (defined("WebDAV_Authentication") && WebDAV_Authentication == 'HTTP') {
177  // Since WebDAV clients create the login form by
178  // themselves, we can not provide buttons on the form for
179  // choosing an authentication method.
180  // If the user is already logged in, we continue using
181  // the current authentication method. If the user is
182  // not logged in yet, we use the "multiple authentication"
183  // method using a predefined sequence of authentication methods.
184  $authmode = AUTH_CURRENT ? AUTH_CURRENT : AUTH_MULTIPLE;
185  }
186  else
187  {
188  $authmode = AUTH_CURRENT;
189  }
190 //var_dump($authmode);
191  // if no auth mode selected AND default mode is AUTH_APACHE then use it...
192  if ($authmode == null && AUTH_DEFAULT == AUTH_APACHE)
193  $authmode = AUTH_APACHE;
194 
195  // begin-patch ldap_multiple
196  // we cast to int => AUTH_LDAP_1 matches AUTH_LDAP
197  switch ((int) $authmode)
198  {
199  case AUTH_LDAP:
200 
201  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
202  $sid = ilLDAPServer::getServerIdByAuthMode($authmode);
203  include_once './Services/LDAP/classes/class.ilAuthContainerLDAP.php';
204  $ilAuth = ilAuthFactory::factory(new ilAuthContainerLDAP($sid));
205  break;
206 
207  case AUTH_RADIUS:
208 
209  include_once './Services/Radius/classes/class.ilAuthContainerRadius.php';
210  $ilAuth = ilAuthFactory::factory(new ilAuthContainerRadius());
211  break;
212 
213  case AUTH_SHIBBOLETH:
214  // build option string for SHIB::Auth
215  $auth_params = array();
216  $auth_params['sessionName'] = "_authhttp".md5($realm);
217  $ilAuth = new ShibAuth($auth_params,true);
218  break;
219 
220  case AUTH_CAS:
221 
222  include_once './Services/CAS/classes/class.ilAuthContainerCAS.php';
223  $ilAuth = ilAuthFactory::factory(new ilAuthContainerCAS());
224  break;
225 
226  case AUTH_SOAP:
227 
228  include_once './Services/SOAPAuth/classes/class.ilAuthContainerSOAP.php';
229  $ilAuth = ilAuthFactory::factory(new ilAuthContainerSOAP());
230  break;
231 
232  case AUTH_MULTIPLE:
233 
234  include_once './Services/Authentication/classes/class.ilAuthContainerMultiple.php';
235  $ilAuth = ilAuthFactory::factory(new ilAuthContainerMultiple());
236  break;
237 
238  case AUTH_ECS:
239  include_once './Services/WebServices/ECS/classes/class.ilAuthContainerECS.php';
240  $ilAuth = ilAuthFactory::factory(new ilAuthContainerECS());
241  break;
242 
243  case AUTH_OPENID:
244 
245  include_once './Services/OpenId/classes/class.ilAuthContainerOpenId.php';
246  $ilAuth = ilAuthFactory::factory(new ilAuthContainerOpenId());
247  break;
248 
249  case AUTH_INACTIVE:
250  require_once('./Services/Authentication/classes/class.ilAuthInactive.php');
251  $ilAuth = new ilAuthInactive(AUTH_MODE_INACTIVE);
252  break;
253 
254  case AUTH_APACHE:
255  include_once './Services/AuthApache/classes/class.ilAuthContainerApache.php';
256  ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
257  $ilAuth = ilAuthFactory::factory(new ilAuthContainerApache());
258  break;
259 
260  // begin-patch auth_plugin
261  case AUTH_LOCAL:
262  global $ilLog;
263  include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
264  $ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
265  break;
266 
267  default:
268  // check for plugin
269  if($authmode)
270  {
271  foreach(self::getAuthPlugins() as $pl)
272  {
273  $container = $pl->getContainer($authmode);
274  if($container instanceof Auth_Container)
275  {
276  ilLoggerFactory::getLogger('auth')->info('Using plugin authentication with auth mode ' . $authmode);
277  $ilAuth = ilAuthFactory::factory($container);
278  break 2;
279  }
280  }
281  }
282  #$GLOBALS['ilLog']->write(__METHOD__.' Using default authentication');
283  // default for logged in users
284  include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
285  $ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
286  break;
287  // end-patch auth_plugin
288  }
289 
290  // Due to a bug in Pear Auth_HTTP, we can't use idle time
291  // with WebDAV clients. If we used it, users could never log
292  // back into ILIAS once their session idled out. :(
293  if (!defined("WebDAV_Authentication") || WebDAV_Authentication != 'HTTP')
294  {
295  $ilAuth->setIdle(ilSession::getIdleValue(), false);
296  }
297  $ilAuth->setExpire(0);
298 
299  ini_set("session.cookie_lifetime", "0");
300 //echo "-".get_class($ilAuth)."-";
301  $GLOBALS['ilAuth'] =& $ilAuth;
302 
303  ilSessionControl::checkExpiredSession();
304 
305  $ilBench->stop('Auth','initAuth');
306  }
307 
308  function _getAuthModeOfUser($a_username,$a_password,$a_db_handler = '')
309  {
310  global $ilDB;
311 
312  if(isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']))
313  {
314  ilAuthFactory::setContext(ilAuthFactory::CONTEXT_ECS);
315  return AUTH_ECS;
316  }
317  if(isset($_POST['auth_mode']))
318  {
319  // begin-patch ldap_multiple
320  return $_POST['auth_mode'];
321  // end-patch ldap_multiple
322  }
323  if(isset($_POST['oid_username']) or $_GET['oid_check_status'])
324  {
325  ilAuthFactory::setContext(ilAuthFactory::CONTEXT_OPENID);
326  return AUTH_OPENID;
327  }
328 
329  include_once('./Services/Authentication/classes/class.ilAuthModeDetermination.php');
330  $det = ilAuthModeDetermination::_getInstance();
331 
332  if(!$det->isManualSelection() and $det->getCountActiveAuthModes() > 1)
333  {
334  ilLoggerFactory::getLogger('auth')->debug('Using AUTH_MULTIPLE');
335  return AUTH_MULTIPLE;
336  }
337 
338 
339  $db =& $ilDB;
340 
341  if ($a_db_handler != '')
342  {
343  $db =& $a_db_handler;
344  }
345 
346  // Is it really necessary to check the auth mode with password ?
347  // Changed: smeyer
348  $q = "SELECT auth_mode FROM usr_data WHERE ".
349  "login = ".$ilDB->quote($a_username);
350  //"passwd = ".$ilDB->quote(md5($a_password))."";
351 
352 
353  $r = $db->query($q);
354  $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
355 //echo "+".$row->auth_mode."+";
356 
357 
358  $auth_mode = self::_getAuthMode($row->auth_mode,$db);
359 
360  return in_array($auth_mode,self::_getActiveAuthModes()) ? $auth_mode : AUTH_INACTIVE;
361  }
362 
363  function _getAuthMode($a_auth_mode,$a_db_handler = '')
364  {
365  global $ilDB, $ilSetting;
366 
367  $db =& $ilDB;
368 
369  if ($a_db_handler != '')
370  {
371  $db =& $a_db_handler;
372  }
373 
374  // begin-patch ldap_multiple
375  if(strpos($a_auth_mode, '_') !== FALSE)
376  {
377  $auth_arr = explode('_',$a_auth_mode);
378  $auth_switch = $auth_arr[0];
379  }
380  else
381  {
382  $auth_switch = $a_auth_mode;
383  }
384  switch ($auth_switch)
385  {
386  case "local":
387  return AUTH_LOCAL;
388  break;
389 
390  case "ldap":
391  // begin-patch ldap_multiple
392  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
393  return ilLDAPServer::getKeyByAuthMode($a_auth_mode);
394  // end-patch ldap_multiple
395 
396  case "radius":
397  return AUTH_RADIUS;
398  break;
399 
400  case "script":
401  return AUTH_SCRIPT;
402  break;
403 
404  case "shibboleth":
405  return AUTH_SHIBBOLETH;
406  break;
407 
408  case "cas":
409  return AUTH_CAS;
410  break;
411 
412  case "soap":
413  return AUTH_SOAP;
414  break;
415 
416  case 'ecs':
417  return AUTH_ECS;
418 
419  case 'openid':
420  return AUTH_OPENID;
421 
422  case 'apache':
423  return AUTH_APACHE;
424 
425  default:
426  return $ilSetting->get("auth_mode");
427  break;
428  }
429  }
430 
431  public static function _getAuthModeName($a_auth_key)
432  {
433  global $ilias;
434 
435  // begin-patch ldap_multiple
436  switch ((int) $a_auth_key)
437  {
438  case AUTH_LOCAL:
439  return "local";
440  break;
441 
442  case AUTH_LDAP:
443  // begin-patch ldap_multiple
444  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
445  return ilLDAPServer::getAuthModeByKey($a_auth_key);
446  // end-patch ldap_multiple
447 
448  case AUTH_RADIUS:
449  return "radius";
450  break;
451 
452  case AUTH_CAS:
453  return "cas";
454  break;
455 
456  case AUTH_SCRIPT:
457  return "script";
458  break;
459 
460  case AUTH_SHIBBOLETH:
461  return "shibboleth";
462  break;
463 
464  case AUTH_SOAP:
465  return "soap";
466  break;
467 
468  case AUTH_ECS:
469  return 'ecs';
470 
471  case AUTH_APACHE:
472  return 'apache';
473 
474  case AUTH_OPENID:
475  return 'open_id';
476 
477  default:
478  return "default";
479  break;
480  }
481  }
482 
483  function _getActiveAuthModes()
484  {
485  global $ilias,$ilSetting;
486 
487  $modes = array(
488  'default' => $ilSetting->get("auth_mode"),
489  'local' => AUTH_LOCAL
490  );
491  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
492  // begin-patch ldap_multiple
493  foreach(ilLDAPServer::_getActiveServerList() as $sid)
494  {
495  $modes['ldap_'.$sid] = (AUTH_LDAP.'_'.$sid);
496  }
497  // end-patch ldap_multiple
498  if ($ilSetting->get("radius_active")) $modes['radius'] = AUTH_RADIUS;
499  if ($ilSetting->get("shib_active")) $modes['shibboleth'] = AUTH_SHIBBOLETH;
500  if ($ilSetting->get("script_active")) $modes['script'] = AUTH_SCRIPT;
501  if ($ilSetting->get("cas_active")) $modes['cas'] = AUTH_CAS;
502  if ($ilSetting->get("soap_auth_active")) $modes['soap'] = AUTH_SOAP;
503  if ($ilSetting->get("apache_active")) $modes['apache'] = AUTH_APACHE;
504 
505  include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
506  if(ilECSServerSettings::getInstance()->activeServerExists())
507  {
508  $modes['ecs'] = AUTH_ECS;
509  }
510 
511  include_once './Services/OpenId/classes/class.ilOpenIdSettings.php';
512  if(ilOpenIdSettings::getInstance()->isActive())
513  {
514  $modes['openid'] = AUTH_OPENID;
515  }
516 
517  // begin-path auth_plugin
518  foreach(self::getAuthPlugins() as $pl)
519  {
520  foreach($pl->getAuthIds() as $auth_id)
521  {
522  if($pl->isAuthActive($auth_id))
523  {
524  $modes[$pl->getAuthName($auth_id)] = $auth_id;
525  }
526  }
527  }
528  // end-path auth_plugin
529  return $modes;
530  }
531 
532  function _getAllAuthModes()
533  {
534  $modes = array(
535  AUTH_LOCAL,
536  AUTH_LDAP,
537  AUTH_SHIBBOLETH,
538  AUTH_CAS,
539  AUTH_SOAP,
540  AUTH_RADIUS,
541  AUTH_ECS,
542  AUTH_OPENID,
543  AUTH_APACHE
544  );
545  $ret = array();
546  foreach($modes as $mode)
547  {
548  // multi ldap implementation
549  if($mode == AUTH_LDAP)
550  {
551  foreach(ilLDAPServer::_getServerList() as $ldap_id)
552  {
553  $id = AUTH_LDAP . '_' . $ldap_id;
554  $ret[$id] = ilAuthUtils::_getAuthModeName($id);
555  }
556  continue;
557  }
558  $ret[$mode] = ilAuthUtils::_getAuthModeName($mode);
559  }
560  return $ret;
561  }
562 
567  function _generateLogin($a_login)
568  {
569  global $ilDB;
570 
571  // Check if username already exists
572  $found = false;
573  $postfix = 0;
574  $c_login = $a_login;
575  while(!$found)
576  {
577  $r = $ilDB->query("SELECT login FROM usr_data WHERE login = ".
578  $ilDB->quote($c_login));
579  if ($r->numRows() > 0)
580  {
581  $postfix++;
582  $c_login = $a_login.$postfix;
583  }
584  else
585  {
586  $found = true;
587  }
588  }
589 
590  return $c_login;
591  }
592 
593  public static function _hasMultipleAuthenticationMethods()
594  {
595  include_once('Services/Radius/classes/class.ilRadiusSettings.php');
596 
597  $rad_settings = ilRadiusSettings::_getInstance();
598  if($rad_settings->isActive())
599  {
600  return true;
601  }
602  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
603 
604  if (count(ilLDAPServer::_getActiveServerList()))
605  return true;
606 
607  global $ilSetting;
608 
609  if ($ilSetting->get('apache_active')) {
610  return true;
611  }
612 
613  // begin-patch auth_plugin
614  foreach(ilAuthUtils::getAuthPlugins() as $pl)
615  {
616  foreach($pl->getAuthIds() as $auth_id)
617  {
618  if($pl->getMultipleAuthModeOptions($auth_id))
619  {
620  return true;
621  }
622  }
623  }
624  // end-patch auth_plugin
625 
626 
627  return false;
628  }
629 
630  public static function _getMultipleAuthModeOptions($lng)
631  {
632  global $ilSetting;
633 
634  // in the moment only ldap is activated as additional authentication method
635  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
636 
637  $options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
638 
639 
640  // begin-patch ldap_multiple
641  foreach(ilLDAPServer::_getActiveServerList() as $sid)
642  {
643  $server = ilLDAPServer::getInstanceByServerId($sid);
644  $options[AUTH_LDAP.'_'.$sid]['txt'] = $server->getName();
645  }
646  // end-patch ldap_multiple
647 
648  include_once('Services/Radius/classes/class.ilRadiusSettings.php');
649  $rad_settings = ilRadiusSettings::_getInstance();
650  if($rad_settings->isActive())
651  {
652  $options[AUTH_RADIUS]['txt'] = $rad_settings->getName();
653  }
654 
655  if ($ilSetting->get('apache_active'))
656  {
657  global $lng;
658  $apache_settings = new ilSetting('apache_auth');
659  $options[AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
660  $options[AUTH_APACHE]['hide_in_ui'] = true;
661  }
662 
663  if($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_LDAP)
664  {
665  $default = AUTH_LDAP;
666  }
667  elseif($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_RADIUS)
668  {
669  $default = AUTH_RADIUS;
670  }
671  else
672  {
673  $default = AUTH_LOCAL;
674  }
675 
676  $default = $ilSetting->get('default_auth_mode',$default);
677  $default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default;
678 
679 
680  // begin-patch auth_plugin
681  $pls = ilAuthUtils::getAuthPlugins();
682  foreach($pls as $pl)
683  {
684  $auths = $pl->getAuthIds();
685  foreach($auths as $auth_id)
686  {
687  $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
688  if($pl_auth_option)
689  {
690  $options = $options + $pl_auth_option;
691  }
692  }
693  }
694  // end-patch auth_plugins
695 
696  if(array_key_exists($default, $options))
697  {
698  $options[$default]['checked'] = true;
699  }
700 
701  return $options ? $options : array();
702  }
703 
713  public static function _isExternalAccountEnabled()
714  {
715  global $ilSetting;
716 
717  if($ilSetting->get("cas_active"))
718  {
719  return true;
720  }
721  if($ilSetting->get("soap_auth_active"))
722  {
723  return true;
724  }
725  if($ilSetting->get("shib_active"))
726  {
727  return true;
728  }
729  if($ilSetting->get('radius_active'))
730  {
731  return true;
732  }
733  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
734  if(count(ilLDAPServer::_getActiveServerList()))
735  {
736  return true;
737  }
738  include_once './Services/OpenId/classes/class.ilOpenIdSettings.php';
739  if(ilOpenIdSettings::getInstance()->isActive())
740  {
741  return true;
742  }
743 
744  // begin-path auth_plugin
745  foreach(self::getAuthPlugins() as $pl)
746  {
747  foreach($pl->getAuthIds() as $auth_id)
748  {
749  if($pl->isAuthActive($auth_id) and $pl->isExternalAccountNameRequired($auth_id))
750  {
751  return true;
752  }
753  }
754  }
755  // end-path auth_plugin
756 
757  return false;
758  }
759 
768  public static function _allowPasswordModificationByAuthMode($a_auth_mode)
769  {
770  // begin-patch ldap_multiple
771  // cast to int
772  switch((int) $a_auth_mode)
773  {
774  case AUTH_LDAP:
775  case AUTH_RADIUS:
776  case AUTH_ECS:
777  case AUTH_OPENID:
778  return false;
779  default:
780  return true;
781  }
782  }
783 
792  public static function _needsExternalAccountByAuthMode($a_auth_mode)
793  {
794  switch($a_auth_mode)
795  {
796  case AUTH_LOCAL:
797  case AUTH_APACHE:
798  return false;
799  default:
800  return true;
801  }
802  }
803 
807  public static function isPasswordModificationHidden()
808  {
810  global $ilSetting;
811 
812  if ($ilSetting->get('usr_settings_hide_password') || $ilSetting->get('usr_settings_disable_password')) {
813  return true;
814  }
815 
816  return false;
817  }
818 
824  public static function isPasswordModificationEnabled($a_authmode)
825  {
826  global $ilSetting;
827 
828  if (self::isPasswordModificationHidden()) {
829  return false;
830  }
831 
832  // begin-patch ldap_multiple
833  // cast to int
834  switch((int) $a_authmode)
835  {
836  // No local passwords for these auth modes
837  case AUTH_LDAP:
838  case AUTH_RADIUS:
839  case AUTH_ECS:
840  case AUTH_SCRIPT:
841  return false;
842 
843  // Always for openid and local
844  case AUTH_LOCAL:
845  case AUTH_OPENID:
846  case AUTH_APACHE:
847  return true;
848 
849  // Read setting:
850  case AUTH_SHIBBOLETH:
851  return $ilSetting->get("shib_auth_allow_local");
852  case AUTH_SOAP:
853  return $ilSetting->get("soap_auth_allow_local");
854  case AUTH_CAS:
855  return $ilSetting->get("cas_allow_local");
856  }
857  }
858 
864  public static function supportsLocalPasswordValidation($a_authmode)
865  {
866  // begin-patch ldap_multiple
867  // cast to int
868  switch((int) $a_authmode)
869  {
870  case AUTH_LDAP:
871  case AUTH_LOCAL:
872  case AUTH_RADIUS:
873  return ilAuthUtils::LOCAL_PWV_FULL;
874 
875  case AUTH_SHIBBOLETH:
876  case AUTH_SOAP:
877  case AUTH_CAS:
878  if(!ilAuthUtils::isPasswordModificationEnabled($a_authmode))
879  {
880  return ilAuthUtils::LOCAL_PWV_NO;
881  }
882  return ilAuthUtils::LOCAL_PWV_USER;
883 
884  case AUTH_ECS:
885  case AUTH_OPENID:
886  case AUTH_SCRIPT:
887  case AUTH_APACHE:
888  default:
889  return ilAuthUtils::LOCAL_PWV_USER;
890  }
891  }
892 
893  // begin-patch auth_plugin
898  public static function getAuthPlugins()
899  {
900  $pls = $GLOBALS['ilPluginAdmin']->getActivePluginsForSlot(
901  IL_COMP_SERVICE,
902  'Authentication',
903  'authhk'
904  );
905  $pl_objs = array();
906  foreach($pls as $pl)
907  {
908  $pl_objs[] = $GLOBALS['ilPluginAdmin']->getPluginObject(
909  IL_COMP_SERVICE,
910  'Authentication',
911  'authhk',
912  $pl
913  );
914  }
915  return $pl_objs;
916  }
917  // end-patch auth_plugins
918 
923  public static function getAuthModeTranslation($a_auth_key)
924  {
925  global $lng;
926 
927  switch((int) $a_auth_key)
928  {
929  case AUTH_LDAP:
930  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
931  $sid = ilLDAPServer::getServerIdByAuthMode($a_auth_key);
932  $server = ilLDAPServer::getInstanceByServerId($sid);
933  return $server->getName();
934 
935  default:
936  return $lng->txt('auth_'.self::_getAuthModeName($a_auth_key));
937  }
938  }
939 }
940 ?>
AUTH_INACTIVE
const AUTH_INACTIVE
Definition: class.ilAuthUtils.php:22
Auth_Container
Definition: Container.php:39
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:32
AUTH_MODE_INACTIVE
const AUTH_MODE_INACTIVE
Definition: class.ilAuthUtils.php:37
AUTH_MULTIPLE
const AUTH_MULTIPLE
Definition: class.ilAuthUtils.php:24
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
$_POST
$_POST['username']
Definition: cron.php:12
ilOpenIdSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilOpenIdSettings.php:40
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
ilAuthUtils\_hasMultipleAuthenticationMethods
static _hasMultipleAuthenticationMethods()
Definition: class.ilAuthUtils.php:593
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:200
$ret
$ret
Definition: Structures_BibTex_example.php:7
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilAuthContainerLDAP
Overwritten Pear class AuthContainerLDAP This class is overwritten to support nested groups...
Definition: class.ilAuthContainerLDAP.php:36
AUTH_OPENID
const AUTH_OPENID
Definition: class.ilAuthUtils.php:18
ilECSServerSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilECSServerSettings.php:54
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey($a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:401
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
AUTH_SHIBBOLETH
const AUTH_SHIBBOLETH
Definition: class.ilAuthUtils.php:11
ilAuthUtils\supportsLocalPasswordValidation
static supportsLocalPasswordValidation($a_authmode)
Check if local password validation is supported.
Definition: class.ilAuthUtils.php:864
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:105
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:20
ilAuthContainerMDB2
Authentication against ILIAS database.
Definition: class.ilAuthContainerMDB2.php:35
ilAuthUtils\_needsExternalAccountByAuthMode
static _needsExternalAccountByAuthMode($a_auth_mode)
Check if chosen auth mode needs an external account entry.
Definition: class.ilAuthUtils.php:792
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:431
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
ilAuthUtils\_getAuthModeOfUser
_getAuthModeOfUser($a_username, $a_password, $a_db_handler='')
Definition: class.ilAuthUtils.php:308
ilAuthUtils\_allowPasswordModificationByAuthMode
static _allowPasswordModificationByAuthMode($a_auth_mode)
Allow password modification.
Definition: class.ilAuthUtils.php:768
ilAuthUtils
static utility functions used to manage authentication modes
Definition: class.ilAuthUtils.php:64
ilAuthUtils\getAuthPlugins
static getAuthPlugins()
Get active enabled auth plugins.
Definition: class.ilAuthUtils.php:898
$r
$r
Definition: example_031.php:79
$options
if(!is_array($argv)) $options
Definition: tcpdf_addfont.php:137
AUTH_SCRIPT
const AUTH_SCRIPT
Definition: class.ilAuthUtils.php:10
ilAuthUtils\_getMultipleAuthModeOptions
static _getMultipleAuthModeOptions($lng)
Definition: class.ilAuthUtils.php:630
ilAuthUtils\_generateLogin
_generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:567
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:17
ilRadiusSettings\_getInstance
static _getInstance()
singleton get instance
Definition: class.ilRadiusSettings.php:74
ilAuthFactory\setContext
static setContext($a_context)
set context
Definition: class.ilAuthFactory.php:106
ilSessionControl\checkExpiredSession
static checkExpiredSession()
checks for possibly expired session should be called from ilAuthUtils::__initAuth() so it&#39;s called be...
Definition: class.ilSessionControl.php:85
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
ilAuthUtils\_getAuthMode
_getAuthMode($a_auth_mode, $a_db_handler='')
Definition: class.ilAuthUtils.php:363
ilAuthUtils\_isExternalAccountEnabled
static _isExternalAccountEnabled()
Check if an external account name is required.
Definition: class.ilAuthUtils.php:713
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:387
ilSession\getIdleValue
static getIdleValue($fixedMode=false)
Returns the idle time in seconds.
Definition: class.ilSession.php:316
$ilLog
$ilLog
Definition: inc.setup_header.php:136
ilAuthUtils\_initAuth
_initAuth()
initialises $ilAuth
Definition: class.ilAuthUtils.php:74
AUTH_SOAP
const AUTH_SOAP
Definition: class.ilAuthUtils.php:13
$server
$server
Definition: dummy_client.php:12
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:416
WebDAV_Authentication
const WebDAV_Authentication
Definition: webdav.php:30
ilAuthUtils\getAuthModeTranslation
static getAuthModeTranslation($a_auth_key)
Definition: class.ilAuthUtils.php:923
$ilSetting
global $ilSetting
Definition: privfeed.php:40
$lng
global $lng
Definition: privfeed.php:40
ilAuthContainerRadius
Overwritten Pear class AuthContainerRadius This class is overwritten to support to perform Radius aut...
Definition: class.ilAuthContainerRadius.php:37
$ilBench
global $ilBench
Definition: ilias.php:18
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilAuthContainerApache
Authentication against ILIAS database.
Definition: class.ilAuthContainerApache.php:12
ilAuthFactory\factory
static factory(ilAuthContainerBase $deco)
The factory.
Definition: class.ilAuthFactory.php:141
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
$_REQUEST
if($_REQUEST['ilias_path']) define('ILIAS_HTTP_PATH' $_REQUEST['ilias_path']
Definition: index.php:7
$GLOBALS
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
ilAuthContainerSOAP
Authentication against external SOAP server
Definition: class.ilAuthContainerSOAP.php:35
ilAuthContainerECS
Custom PEAR Auth Container for ECS auth checks.
Definition: class.ilAuthContainerECS.php:34
ilAuthUtils\isPasswordModificationEnabled
static isPasswordModificationEnabled($a_authmode)
Check if password modification is enabled.
Definition: class.ilAuthUtils.php:824
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6
ilAuthContainerOpenId
Pear auth container for openid
Definition: class.ilAuthContainerOpenId.php:13
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9