ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilAuthUtils.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4
5
6// define auth modes
7define ("AUTH_LOCAL",1);
8define ("AUTH_LDAP",2);
9define ("AUTH_RADIUS",3);
10define ("AUTH_SCRIPT",4);
11define ("AUTH_SHIBBOLETH",5);
12define ("AUTH_CAS",6);
13define ("AUTH_SOAP",7);
14// BEGIN WebDAV: Add support for HTTP authentication
15define ("AUTH_HTTP",8);
16// END WebDAV: Add support for HTTP authentication
17define ("AUTH_ECS",9);
18define('AUTH_OPENID',10);
19
20define ("AUTH_APACHE",11);
21
22define ("AUTH_INACTIVE",18);
23
24define('AUTH_MULTIPLE',20);
25
26define('AUTH_SOAP_NO_ILIAS_USER', -100);
27define('AUTH_LDAP_NO_ILIAS_USER',-200);
28define('AUTH_RADIUS_NO_ILIAS_USER',-300);
29define('AUTH_OPENID_NO_ILIAS_USER',-400);
30
31// apache auhtentication failed...
32// maybe no (valid) certificate or
33// username could not be extracted
34define('AUTH_APACHE_FAILED', -500);
35
36
37define('AUTH_MODE_INACTIVE',-1000);
38
39// an external user cannot be found in ilias, but his email address
40// matches one or more ILIAS users
41define('AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL', -101);
42define('AUTH_CAS_NO_ILIAS_USER', -90);
43
44// ilUser validation (no login)
45define('AUTH_USER_WRONG_IP', -600);
46define('AUTH_USER_INACTIVE', -601);
47define('AUTH_USER_TIME_LIMIT_EXCEEDED', -602);
48define('AUTH_USER_SIMULTANEOUS_LOGIN', -603);
49define('AUTH_CAPTCHA_INVALID', -604);
50define('AUTH_USER_INACTIVE_LOGIN_ATTEMPTS', -605);
51
52
53include_once './Services/Authentication/classes/class.ilAuthFactory.php';
54require_once('Services/Authentication/classes/class.ilSessionControl.php');
55
56
64class ilAuthUtils
65{
66 const LOCAL_PWV_FULL = 1;
67 const LOCAL_PWV_NO = 2;
68 const LOCAL_PWV_USER = 3;
69
70
74 function _initAuth()
75 {
76 global $ilAuth, $ilSetting, $ilDB, $ilClientIniFile,$ilBench;
77
78 $user_auth_mode = false;
79 $ilBench->start('Auth','initAuth');
80
81
82 // get default auth mode
83 //$default_auth_mode = $this->getSetting("auth_mode");
84 define ("AUTH_DEFAULT", $ilSetting->get("auth_mode") ? $ilSetting->get("auth_mode") : AUTH_LOCAL);
85
86 // determine authentication method if no session is found and username & password is posted
87 // does this if statement make any sense? we enter this block nearly everytime.
88
89 if (empty($_SESSION) ||
90 (!isset($_SESSION['_authsession']['registered']) ||
91 $_SESSION['_authsession']['registered'] !== true))
92 {
93 // no sesssion found
94 if (isset($_POST['username']) and $_POST['username'] != '' and $_POST['password'] != '' or isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']) or isset($_POST['oid_username']) or isset($_GET['oid_check_status']))
95 {
96 $user_auth_mode = ilAuthUtils::_getAuthModeOfUser($_POST['username'], $_POST['password'], $ilDB);
97 ilLoggerFactory::getLogger('auth')->debug('Authmode is '. $user_auth_mode);
98
99 if ($user_auth_mode == AUTH_CAS && $ilSetting->get("cas_allow_local"))
100 {
101 $user_auth_mode = AUTH_LOCAL;
102 }
103 if ($user_auth_mode == AUTH_SOAP && $ilSetting->get("soap_auth_allow_local"))
104 {
105 $user_auth_mode = AUTH_LOCAL;
106 }
107 if ($user_auth_mode == AUTH_SHIBBOLETH && $ilSetting->get("shib_auth_allow_local"))
108 {
109 $user_auth_mode = AUTH_LOCAL;
110 }
111 }
112 else if ($_POST['auth_mode'] == AUTH_APACHE)
113 {
114 $user_auth_mode = AUTH_APACHE;
115 }
116 }
117
118 // to do: other solution?
119 if (!$ilSetting->get("soap_auth_active") && $user_auth_mode == AUTH_SOAP)
120 {
121 $user_auth_mode = AUTH_LOCAL;
122 }
123
124 if($ilSetting->get("cas_active") && $_GET['forceCASLogin'])
125 {
126 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_CAS);
127 $user_auth_mode = AUTH_CAS;
128 }
129
130 if($ilSetting->get("apache_active") && $user_auth_mode == AUTH_APACHE)
131 {
132 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
133 $user_auth_mode = AUTH_APACHE;
134 }
135
136 // BEGIN WebDAV: Share session between browser and WebDAV client.
137 // The realm is needed to support a common session between Auth_HTTP and Auth.
138 // It also helps us to distinguish between parallel sessions run on different clients.
139 // Common session only works if we use a common session name starting with "_authhttp".
140 // We must use the "_authttp" prefix, because it is hardcoded in the session name of
141 // class Auth_HTTP.
142 // Whenever we use Auth_HTTP, we need to explicitly switch off "sessionSharing", because
143 // it interfers with the session mechanism of the other Auth modules. If we would
144 // keep this switched on, then users could steal each others session, which would cause
145 // a major security breach.
146 // Note: The realm and sessionName used here, must be the same as in
147 // class ilBaseAuthentication. Otherwise, Soap clients won't be able to log
148 // in to ILIAS.
149 $realm = CLIENT_ID;
150 //$this->writelog('ilias.php realm='.$realm);
151 // END WebDAV: Share session between browser and WebDAV client.
152
153//var_dump($_SESSION);
154//echo "1-".$ilSetting->get("soap_auth_active")."-";
155 // if soap authentication activated and soap credentials given
156 if (($ilSetting->get("soap_auth_active") && !empty($_GET["ext_uid"])
157 && !empty($_GET["soap_pw"])) || $user_auth_mode == AUTH_SOAP)
158 {
159
160 define('AUTH_CURRENT',AUTH_SOAP);
161 }
162 // if Shibboleth is active and the user is authenticated
163 // we set auth_mode to Shibboleth
164 else if ( $ilSetting->get("shib_active")
165 && $_SERVER[$ilSetting->get("shib_login")])
166 {
167 define ("AUTH_CURRENT", AUTH_SHIBBOLETH);
168 }
169 else
170 {
171 define ("AUTH_CURRENT", $user_auth_mode);
172 }
173//var_dump($_SESSION);
174
175 // Determine the authentication method to use
176 if (defined("WebDAV_Authentication") && WebDAV_Authentication == 'HTTP') {
177 // Since WebDAV clients create the login form by
178 // themselves, we can not provide buttons on the form for
179 // choosing an authentication method.
180 // If the user is already logged in, we continue using
181 // the current authentication method. If the user is
182 // not logged in yet, we use the "multiple authentication"
183 // method using a predefined sequence of authentication methods.
184 $authmode = AUTH_CURRENT ? AUTH_CURRENT : AUTH_MULTIPLE;
185 }
186 else
187 {
188 $authmode = AUTH_CURRENT;
189 }
190//var_dump($authmode);
191 // if no auth mode selected AND default mode is AUTH_APACHE then use it...
192 if ($authmode == null && AUTH_DEFAULT == AUTH_APACHE)
193 $authmode = AUTH_APACHE;
194
195 // begin-patch ldap_multiple
196 // we cast to int => AUTH_LDAP_1 matches AUTH_LDAP
197 switch ((int) $authmode)
198 {
199 case AUTH_LDAP:
200
201 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
202 $sid = ilLDAPServer::getServerIdByAuthMode($authmode);
203 include_once './Services/LDAP/classes/class.ilAuthContainerLDAP.php';
204 $ilAuth = ilAuthFactory::factory(new ilAuthContainerLDAP($sid));
205 break;
206
207 case AUTH_RADIUS:
208
209 include_once './Services/Radius/classes/class.ilAuthContainerRadius.php';
210 $ilAuth = ilAuthFactory::factory(new ilAuthContainerRadius());
211 break;
212
213 case AUTH_SHIBBOLETH:
214 // build option string for SHIB::Auth
215 $auth_params = array();
216 $auth_params['sessionName'] = "_authhttp".md5($realm);
217 $ilAuth = new ShibAuth($auth_params,true);
218 break;
219
220 case AUTH_CAS:
221
222 include_once './Services/CAS/classes/class.ilAuthContainerCAS.php';
223 $ilAuth = ilAuthFactory::factory(new ilAuthContainerCAS());
224 break;
225
226 case AUTH_SOAP:
227
228 include_once './Services/SOAPAuth/classes/class.ilAuthContainerSOAP.php';
229 $ilAuth = ilAuthFactory::factory(new ilAuthContainerSOAP());
230 break;
231
232 case AUTH_MULTIPLE:
233
234 include_once './Services/Authentication/classes/class.ilAuthContainerMultiple.php';
235 $ilAuth = ilAuthFactory::factory(new ilAuthContainerMultiple());
236 break;
237
238 case AUTH_ECS:
239 include_once './Services/WebServices/ECS/classes/class.ilAuthContainerECS.php';
240 $ilAuth = ilAuthFactory::factory(new ilAuthContainerECS());
241 break;
242
243 case AUTH_OPENID:
244
245 include_once './Services/OpenId/classes/class.ilAuthContainerOpenId.php';
246 $ilAuth = ilAuthFactory::factory(new ilAuthContainerOpenId());
247 break;
248
249 case AUTH_INACTIVE:
250 require_once('./Services/Authentication/classes/class.ilAuthInactive.php');
251 $ilAuth = new ilAuthInactive(AUTH_MODE_INACTIVE);
252 break;
253
254 case AUTH_APACHE:
255 include_once './Services/AuthApache/classes/class.ilAuthContainerApache.php';
256 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
257 $ilAuth = ilAuthFactory::factory(new ilAuthContainerApache());
258 break;
259
260 // begin-patch auth_plugin
261 case AUTH_LOCAL:
262 global $ilLog;
263 include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
264 $ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
265 break;
266
267 default:
268 // check for plugin
269 if($authmode)
270 {
271 foreach(self::getAuthPlugins() as $pl)
272 {
273 $container = $pl->getContainer($authmode);
274 if($container instanceof Auth_Container)
275 {
276 ilLoggerFactory::getLogger('auth')->info('Using plugin authentication with auth mode ' . $authmode);
277 $ilAuth = ilAuthFactory::factory($container);
278 break 2;
279 }
280 }
281 }
282 #$GLOBALS['ilLog']->write(__METHOD__.' Using default authentication');
283 // default for logged in users
284 include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
285 $ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
286 break;
287 // end-patch auth_plugin
288 }
289
290 // Due to a bug in Pear Auth_HTTP, we can't use idle time
291 // with WebDAV clients. If we used it, users could never log
292 // back into ILIAS once their session idled out. :(
293 if (!defined("WebDAV_Authentication") || WebDAV_Authentication != 'HTTP')
294 {
295 $ilAuth->setIdle(ilSession::getIdleValue(), false);
296 }
297 $ilAuth->setExpire(0);
298
299 ini_set("session.cookie_lifetime", "0");
300//echo "-".get_class($ilAuth)."-";
301 $GLOBALS['ilAuth'] =& $ilAuth;
302
303 ilSessionControl::checkExpiredSession();
304
305 $ilBench->stop('Auth','initAuth');
306 }
307
308 function _getAuthModeOfUser($a_username,$a_password,$a_db_handler = '')
309 {
310 global $ilDB;
311
312 if(isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']))
313 {
314 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_ECS);
315 return AUTH_ECS;
316 }
317 if(isset($_POST['auth_mode']))
318 {
319 // begin-patch ldap_multiple
320 return $_POST['auth_mode'];
321 // end-patch ldap_multiple
322 }
323 if(isset($_POST['oid_username']) or $_GET['oid_check_status'])
324 {
325 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_OPENID);
326 return AUTH_OPENID;
327 }
328
329 include_once('./Services/Authentication/classes/class.ilAuthModeDetermination.php');
330 $det = ilAuthModeDetermination::_getInstance();
331
332 if(!$det->isManualSelection() and $det->getCountActiveAuthModes() > 1)
333 {
334 ilLoggerFactory::getLogger('auth')->debug('Using AUTH_MULTIPLE');
335 return AUTH_MULTIPLE;
336 }
337
338
339 $db =& $ilDB;
340
341 if ($a_db_handler != '')
342 {
343 $db =& $a_db_handler;
344 }
345
346 // Is it really necessary to check the auth mode with password ?
347 // Changed: smeyer
348 $q = "SELECT auth_mode FROM usr_data WHERE ".
349 "login = ".$ilDB->quote($a_username);
350 //"passwd = ".$ilDB->quote(md5($a_password))."";
351
352
353 $r = $db->query($q);
354 $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
355//echo "+".$row->auth_mode."+";
356
357
358 $auth_mode = self::_getAuthMode($row->auth_mode,$db);
359
360 return in_array($auth_mode,self::_getActiveAuthModes()) ? $auth_mode : AUTH_INACTIVE;
361 }
362
363 function _getAuthMode($a_auth_mode,$a_db_handler = '')
364 {
365 global $ilDB, $ilSetting;
366
367 $db =& $ilDB;
368
369 if ($a_db_handler != '')
370 {
371 $db =& $a_db_handler;
372 }
373
374 // begin-patch ldap_multiple
375 if(strpos($a_auth_mode, '_') !== FALSE)
376 {
377 $auth_arr = explode('_',$a_auth_mode);
378 $auth_switch = $auth_arr[0];
379 }
380 else
381 {
382 $auth_switch = $a_auth_mode;
383 }
384 switch ($auth_switch)
385 {
386 case "local":
387 return AUTH_LOCAL;
388 break;
389
390 case "ldap":
391 // begin-patch ldap_multiple
392 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
393 return ilLDAPServer::getKeyByAuthMode($a_auth_mode);
394 // end-patch ldap_multiple
395
396 case "radius":
397 return AUTH_RADIUS;
398 break;
399
400 case "script":
401 return AUTH_SCRIPT;
402 break;
403
404 case "shibboleth":
405 return AUTH_SHIBBOLETH;
406 break;
407
408 case "cas":
409 return AUTH_CAS;
410 break;
411
412 case "soap":
413 return AUTH_SOAP;
414 break;
415
416 case 'ecs':
417 return AUTH_ECS;
418
419 case 'openid':
420 return AUTH_OPENID;
421
422 case 'apache':
423 return AUTH_APACHE;
424
425 default:
426 return $ilSetting->get("auth_mode");
427 break;
428 }
429 }
430
431 public static function _getAuthModeName($a_auth_key)
432 {
433 global $ilias;
434
435 // begin-patch ldap_multiple
436 switch ((int) $a_auth_key)
437 {
438 case AUTH_LOCAL:
439 return "local";
440 break;
441
442 case AUTH_LDAP:
443 // begin-patch ldap_multiple
444 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
445 return ilLDAPServer::getAuthModeByKey($a_auth_key);
446 // end-patch ldap_multiple
447
448 case AUTH_RADIUS:
449 return "radius";
450 break;
451
452 case AUTH_CAS:
453 return "cas";
454 break;
455
456 case AUTH_SCRIPT:
457 return "script";
458 break;
459
460 case AUTH_SHIBBOLETH:
461 return "shibboleth";
462 break;
463
464 case AUTH_SOAP:
465 return "soap";
466 break;
467
468 case AUTH_ECS:
469 return 'ecs';
470
471 case AUTH_APACHE:
472 return 'apache';
473
474 case AUTH_OPENID:
475 return 'open_id';
476
477 default:
478 return "default";
479 break;
480 }
481 }
482
483 function _getActiveAuthModes()
484 {
485 global $ilias,$ilSetting;
486
487 $modes = array(
488 'default' => $ilSetting->get("auth_mode"),
489 'local' => AUTH_LOCAL
490 );
491 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
492 // begin-patch ldap_multiple
493 foreach(ilLDAPServer::_getActiveServerList() as $sid)
494 {
495 $modes['ldap_'.$sid] = (AUTH_LDAP.'_'.$sid);
496 }
497 // end-patch ldap_multiple
498 if ($ilSetting->get("radius_active")) $modes['radius'] = AUTH_RADIUS;
499 if ($ilSetting->get("shib_active")) $modes['shibboleth'] = AUTH_SHIBBOLETH;
500 if ($ilSetting->get("script_active")) $modes['script'] = AUTH_SCRIPT;
501 if ($ilSetting->get("cas_active")) $modes['cas'] = AUTH_CAS;
502 if ($ilSetting->get("soap_auth_active")) $modes['soap'] = AUTH_SOAP;
503 if ($ilSetting->get("apache_active")) $modes['apache'] = AUTH_APACHE;
504
505 include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
506 if(ilECSServerSettings::getInstance()->activeServerExists())
507 {
508 $modes['ecs'] = AUTH_ECS;
509 }
510
511 include_once './Services/OpenId/classes/class.ilOpenIdSettings.php';
512 if(ilOpenIdSettings::getInstance()->isActive())
513 {
514 $modes['openid'] = AUTH_OPENID;
515 }
516
517 // begin-path auth_plugin
518 foreach(self::getAuthPlugins() as $pl)
519 {
520 foreach($pl->getAuthIds() as $auth_id)
521 {
522 if($pl->isAuthActive($auth_id))
523 {
524 $modes[$pl->getAuthName($auth_id)] = $auth_id;
525 }
526 }
527 }
528 // end-path auth_plugin
529 return $modes;
530 }
531
532 function _getAllAuthModes()
533 {
534 $modes = array(
535 AUTH_LOCAL,
536 AUTH_LDAP,
537 AUTH_SHIBBOLETH,
538 AUTH_CAS,
539 AUTH_SOAP,
540 AUTH_RADIUS,
541 AUTH_ECS,
542 AUTH_OPENID,
543 AUTH_APACHE
544 );
545 $ret = array();
546 foreach($modes as $mode)
547 {
548 // multi ldap implementation
549 if($mode == AUTH_LDAP)
550 {
551 foreach(ilLDAPServer::_getServerList() as $ldap_id)
552 {
553 $id = AUTH_LDAP . '_' . $ldap_id;
554 $ret[$id] = ilAuthUtils::_getAuthModeName($id);
555 }
556 continue;
557 }
558 $ret[$mode] = ilAuthUtils::_getAuthModeName($mode);
559 }
560 return $ret;
561 }
562
567 function _generateLogin($a_login)
568 {
569 global $ilDB;
570
571 // Check if username already exists
572 $found = false;
573 $postfix = 0;
574 $c_login = $a_login;
575 while(!$found)
576 {
577 $r = $ilDB->query("SELECT login FROM usr_data WHERE login = ".
578 $ilDB->quote($c_login));
579 if ($r->numRows() > 0)
580 {
581 $postfix++;
582 $c_login = $a_login.$postfix;
583 }
584 else
585 {
586 $found = true;
587 }
588 }
589
590 return $c_login;
591 }
592
593 public static function _hasMultipleAuthenticationMethods()
594 {
595 include_once('Services/Radius/classes/class.ilRadiusSettings.php');
596
597 $rad_settings = ilRadiusSettings::_getInstance();
598 if($rad_settings->isActive())
599 {
600 return true;
601 }
602 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
603
604 if (count(ilLDAPServer::_getActiveServerList()))
605 return true;
606
607 global $ilSetting;
608
609 if ($ilSetting->get('apache_active')) {
610 return true;
611 }
612
613 // begin-patch auth_plugin
614 foreach(ilAuthUtils::getAuthPlugins() as $pl)
615 {
616 foreach($pl->getAuthIds() as $auth_id)
617 {
618 if($pl->getMultipleAuthModeOptions($auth_id))
619 {
620 return true;
621 }
622 }
623 }
624 // end-patch auth_plugin
625
626
627 return false;
628 }
629
630 public static function _getMultipleAuthModeOptions($lng)
631 {
632 global $ilSetting;
633
634 // in the moment only ldap is activated as additional authentication method
635 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
636
637 $options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
638
639
640 // begin-patch ldap_multiple
641 foreach(ilLDAPServer::_getActiveServerList() as $sid)
642 {
643 $server = ilLDAPServer::getInstanceByServerId($sid);
644 $options[AUTH_LDAP.'_'.$sid]['txt'] = $server->getName();
645 }
646 // end-patch ldap_multiple
647
648 include_once('Services/Radius/classes/class.ilRadiusSettings.php');
649 $rad_settings = ilRadiusSettings::_getInstance();
650 if($rad_settings->isActive())
651 {
652 $options[AUTH_RADIUS]['txt'] = $rad_settings->getName();
653 }
654
655 if ($ilSetting->get('apache_active'))
656 {
657 global $lng;
658 $apache_settings = new ilSetting('apache_auth');
659 $options[AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
660 $options[AUTH_APACHE]['hide_in_ui'] = true;
661 }
662
663 if($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_LDAP)
664 {
665 $default = AUTH_LDAP;
666 }
667 elseif($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_RADIUS)
668 {
669 $default = AUTH_RADIUS;
670 }
671 else
672 {
673 $default = AUTH_LOCAL;
674 }
675
676 $default = $ilSetting->get('default_auth_mode',$default);
677 $default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default;
678
679
680 // begin-patch auth_plugin
681 $pls = ilAuthUtils::getAuthPlugins();
682 foreach($pls as $pl)
683 {
684 $auths = $pl->getAuthIds();
685 foreach($auths as $auth_id)
686 {
687 $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
688 if($pl_auth_option)
689 {
690 $options = $options + $pl_auth_option;
691 }
692 }
693 }
694 // end-patch auth_plugins
695
696 if(array_key_exists($default, $options))
697 {
698 $options[$default]['checked'] = true;
699 }
700
701 return $options ? $options : array();
702 }
703
713 public static function _isExternalAccountEnabled()
714 {
715 global $ilSetting;
716
717 if($ilSetting->get("cas_active"))
718 {
719 return true;
720 }
721 if($ilSetting->get("soap_auth_active"))
722 {
723 return true;
724 }
725 if($ilSetting->get("shib_active"))
726 {
727 return true;
728 }
729 if($ilSetting->get('radius_active'))
730 {
731 return true;
732 }
733 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
734 if(count(ilLDAPServer::_getActiveServerList()))
735 {
736 return true;
737 }
738 include_once './Services/OpenId/classes/class.ilOpenIdSettings.php';
739 if(ilOpenIdSettings::getInstance()->isActive())
740 {
741 return true;
742 }
743
744 // begin-path auth_plugin
745 foreach(self::getAuthPlugins() as $pl)
746 {
747 foreach($pl->getAuthIds() as $auth_id)
748 {
749 if($pl->isAuthActive($auth_id) and $pl->isExternalAccountNameRequired($auth_id))
750 {
751 return true;
752 }
753 }
754 }
755 // end-path auth_plugin
756
757 return false;
758 }
759
768 public static function _allowPasswordModificationByAuthMode($a_auth_mode)
769 {
770 // begin-patch ldap_multiple
771 // cast to int
772 switch((int) $a_auth_mode)
773 {
774 case AUTH_LDAP:
775 case AUTH_RADIUS:
776 case AUTH_ECS:
777 case AUTH_OPENID:
778 return false;
779 default:
780 return true;
781 }
782 }
783
792 public static function _needsExternalAccountByAuthMode($a_auth_mode)
793 {
794 switch($a_auth_mode)
795 {
796 case AUTH_LOCAL:
797 case AUTH_APACHE:
798 return false;
799 default:
800 return true;
801 }
802 }
803
807 public static function isPasswordModificationHidden()
808 {
810 global $ilSetting;
811
812 if ($ilSetting->get('usr_settings_hide_password') || $ilSetting->get('usr_settings_disable_password')) {
813 return true;
814 }
815
816 return false;
817 }
818
824 public static function isPasswordModificationEnabled($a_authmode)
825 {
826 global $ilSetting;
827
828 if (self::isPasswordModificationHidden()) {
829 return false;
830 }
831
832 // begin-patch ldap_multiple
833 // cast to int
834 switch((int) $a_authmode)
835 {
836 // No local passwords for these auth modes
837 case AUTH_LDAP:
838 case AUTH_RADIUS:
839 case AUTH_ECS:
840 case AUTH_SCRIPT:
841 return false;
842
843 // Always for openid and local
844 case AUTH_LOCAL:
845 case AUTH_OPENID:
846 case AUTH_APACHE:
847 return true;
848
849 // Read setting:
850 case AUTH_SHIBBOLETH:
851 return $ilSetting->get("shib_auth_allow_local");
852 case AUTH_SOAP:
853 return $ilSetting->get("soap_auth_allow_local");
854 case AUTH_CAS:
855 return $ilSetting->get("cas_allow_local");
856 }
857 }
858
864 public static function supportsLocalPasswordValidation($a_authmode)
865 {
866 // begin-patch ldap_multiple
867 // cast to int
868 switch((int) $a_authmode)
869 {
870 case AUTH_LDAP:
871 case AUTH_LOCAL:
872 case AUTH_RADIUS:
873 return ilAuthUtils::LOCAL_PWV_FULL;
874
875 case AUTH_SHIBBOLETH:
876 case AUTH_SOAP:
877 case AUTH_CAS:
878 if(!ilAuthUtils::isPasswordModificationEnabled($a_authmode))
879 {
880 return ilAuthUtils::LOCAL_PWV_NO;
881 }
882 return ilAuthUtils::LOCAL_PWV_USER;
883
884 case AUTH_ECS:
885 case AUTH_OPENID:
886 case AUTH_SCRIPT:
887 case AUTH_APACHE:
888 default:
889 return ilAuthUtils::LOCAL_PWV_USER;
890 }
891 }
892
893 // begin-patch auth_plugin
898 public static function getAuthPlugins()
899 {
900 $pls = $GLOBALS['ilPluginAdmin']->getActivePluginsForSlot(
901 IL_COMP_SERVICE,
902 'Authentication',
903 'authhk'
904 );
905 $pl_objs = array();
906 foreach($pls as $pl)
907 {
908 $pl_objs[] = $GLOBALS['ilPluginAdmin']->getPluginObject(
909 IL_COMP_SERVICE,
910 'Authentication',
911 'authhk',
912 $pl
913 );
914 }
915 return $pl_objs;
916 }
917 // end-patch auth_plugins
918
923 public static function getAuthModeTranslation($a_auth_key)
924 {
925 global $lng;
926
927 switch((int) $a_auth_key)
928 {
929 case AUTH_LDAP:
930 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
931 $sid = ilLDAPServer::getServerIdByAuthMode($a_auth_key);
932 $server = ilLDAPServer::getInstanceByServerId($sid);
933 return $server->getName();
934
935 default:
936 return $lng->txt('auth_'.self::_getAuthModeName($a_auth_key));
937 }
938 }
939}
940?>
$ret
$ret
Definition: Structures_BibTex_example.php:7
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
Auth_Container
Definition: Container.php:40
AUTH_SHIBBOLETH
const AUTH_SHIBBOLETH
Definition: class.ilAuthUtils.php:11
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:20
AUTH_OPENID
const AUTH_OPENID
Definition: class.ilAuthUtils.php:18
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:17
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
AUTH_MULTIPLE
const AUTH_MULTIPLE
Definition: class.ilAuthUtils.php:24
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
AUTH_SCRIPT
const AUTH_SCRIPT
Definition: class.ilAuthUtils.php:10
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
AUTH_INACTIVE
const AUTH_INACTIVE
Definition: class.ilAuthUtils.php:22
AUTH_MODE_INACTIVE
const AUTH_MODE_INACTIVE
Definition: class.ilAuthUtils.php:37
AUTH_SOAP
const AUTH_SOAP
Definition: class.ilAuthUtils.php:13
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
ilAuthContainerApache
Authentication against ILIAS database.
Definition: class.ilAuthContainerApache.php:13
ilAuthContainerCAS
@classDescription CAS authentication
Definition: class.ilAuthContainerCAS.php:15
ilAuthContainerECS
Custom PEAR Auth Container for ECS auth checks.
Definition: class.ilAuthContainerECS.php:35
ilAuthContainerLDAP
Overwritten Pear class AuthContainerLDAP This class is overwritten to support nested groups.
Definition: class.ilAuthContainerLDAP.php:37
ilAuthContainerMDB2
Authentication against ILIAS database.
Definition: class.ilAuthContainerMDB2.php:36
ilAuthContainerOpenId
@classDescription Pear auth container for openid
Definition: class.ilAuthContainerOpenId.php:14
ilAuthContainerRadius
@classDescription Overwritten Pear class AuthContainerRadius This class is overwritten to support to ...
Definition: class.ilAuthContainerRadius.php:38
ilAuthContainerSOAP
@classDescription Authentication against external SOAP server
Definition: class.ilAuthContainerSOAP.php:36
ilAuthFactory\factory
static factory(ilAuthContainerBase $deco)
The factory.
Definition: class.ilAuthFactory.php:141
ilAuthFactory\setContext
static setContext($a_context)
set context
Definition: class.ilAuthFactory.php:106
ilAuthUtils
static utility functions used to manage authentication modes
Definition: class.ilAuthUtils.php:65
ilAuthUtils\_allowPasswordModificationByAuthMode
static _allowPasswordModificationByAuthMode($a_auth_mode)
Allow password modification.
Definition: class.ilAuthUtils.php:768
ilAuthUtils\supportsLocalPasswordValidation
static supportsLocalPasswordValidation($a_authmode)
Check if local password validation is supported.
Definition: class.ilAuthUtils.php:864
ilAuthUtils\_getAuthMode
_getAuthMode($a_auth_mode, $a_db_handler='')
Definition: class.ilAuthUtils.php:363
ilAuthUtils\_getAuthModeOfUser
_getAuthModeOfUser($a_username, $a_password, $a_db_handler='')
Definition: class.ilAuthUtils.php:308
ilAuthUtils\_getMultipleAuthModeOptions
static _getMultipleAuthModeOptions($lng)
Definition: class.ilAuthUtils.php:630
ilAuthUtils\_isExternalAccountEnabled
static _isExternalAccountEnabled()
Check if an external account name is required.
Definition: class.ilAuthUtils.php:713
ilAuthUtils\getAuthPlugins
static getAuthPlugins()
Get active enabled auth plugins.
Definition: class.ilAuthUtils.php:898
ilAuthUtils\getAuthModeTranslation
static getAuthModeTranslation($a_auth_key)
Definition: class.ilAuthUtils.php:923
ilAuthUtils\_generateLogin
_generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:567
ilAuthUtils\_hasMultipleAuthenticationMethods
static _hasMultipleAuthenticationMethods()
Definition: class.ilAuthUtils.php:593
ilAuthUtils\isPasswordModificationEnabled
static isPasswordModificationEnabled($a_authmode)
Check if password modification is enabled.
Definition: class.ilAuthUtils.php:824
ilAuthUtils\_needsExternalAccountByAuthMode
static _needsExternalAccountByAuthMode($a_auth_mode)
Check if chosen auth mode needs an external account entry.
Definition: class.ilAuthUtils.php:792
ilAuthUtils\_initAuth
_initAuth()
initialises $ilAuth
Definition: class.ilAuthUtils.php:74
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:431
ilECSServerSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilECSServerSettings.php:54
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:387
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:200
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:105
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey($a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:401
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:416
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilOpenIdSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilOpenIdSettings.php:40
ilRadiusSettings\_getInstance
static _getInstance()
singleton get instance
Definition: class.ilRadiusSettings.php:74
ilSessionControl\checkExpiredSession
static checkExpiredSession()
checks for possibly expired session should be called from ilAuthUtils::__initAuth() so it's called be...
Definition: class.ilSessionControl.php:85
ilSession\getIdleValue
static getIdleValue($fixedMode=false)
Returns the idle time in seconds.
Definition: class.ilSession.php:316
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:33
$_POST
$_POST['username']
Definition: cron.php:12
$server
$server
Definition: dummy_client.php:12
$r
$r
Definition: example_031.php:79
$GLOBALS
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
$ilBench
global $ilBench
Definition: ilias.php:18
$ilLog
$ilLog
Definition: inc.setup_header.php:136
$lng
global $lng
Definition: privfeed.php:40
$ilSetting
global $ilSetting
Definition: privfeed.php:40
$_REQUEST
if($_REQUEST['ilias_path']) define('ILIAS_HTTP_PATH' $_REQUEST['ilias_path']
Definition: index.php:7
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$options
if(!is_array($argv)) $options
Definition: tcpdf_addfont.php:137
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
WebDAV_Authentication
const WebDAV_Authentication
Definition: webdav.php:30