ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilAuthContainerRadius.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
24include_once('Auth/Container/RADIUS.php');
25
38{
39 private $radius_settings = null;
40 private $rad_to_user = null;
41 private $log = null;
42 private $force_creation = false;
43
51 public function __construct()
52 {
53 $this->initSettings();
54
55 // Convert password to latin1
56 if($this->radius_settings->getCharset() == ilRadiusSettings::RADIUS_CHARSET_LATIN1)
57 {
58 #$_POST['username'] = utf8_decode($_POST['username']);
59 #$_POST['password'] = utf8_decode($_POST['password']);
60 $GLOBALS['ilLog']->write(__METHOD__.': Decoded username and password to latin1.');
61 }
62
63 parent::__construct($this->radius_settings->toPearAuthArray());
64
65 }
66
67 /*
68 public function fetchData($username, $password, $challenge = null)
69 {
70 return true;
71 }
72 */
73
81 public function forceCreation($a_status)
82 {
83 $this->force_creation = true;
84 }
85
91 public function loginObserver($a_username,$a_auth)
92 {
93 // Radius with ldap as data source
94 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
96 {
97 return $this->handleLDAPDataSource($a_auth,$a_username);
98 }
99
100 $user_data = array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
101 $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("radius",$a_username);
102
103 if(!$user_data['ilInternalAccount'])
104 {
105 if($this->radius_settings->enabledCreation())
106 {
107 if($this->radius_settings->isAccountMigrationEnabled() and !$this->force_creation)
108 {
109 $a_auth->logout();
110 $_SESSION['tmp_auth_mode'] = 'radius';
111 $_SESSION['tmp_auth_mode_type'] = 'radius';
112 $_SESSION['tmp_external_account'] = $a_username;
113 $_SESSION['tmp_pass'] = $_POST['password'];
114 $_SESSION['tmp_roles'] = array(0 => $this->radius_settings->getDefaultRole());
115
116 ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmd=showAccountMigration&cmdClass=ilstartupgui');
117 }
119 $new_name = $this->radius_user->create($a_username);
120 $a_auth->setAuth($new_name);
121 return true;
122 }
123 else
124 {
125 // No syncronisation allowed => create Error
126 $a_auth->status = AUTH_RADIUS_NO_ILIAS_USER;
127 $a_auth->logout();
128 return false;
129 }
130
131 }
132 else
133 {
134 $a_auth->setAuth($user_data['ilInternalAccount']);
135 return true;
136 }
137 }
138
143 private function initSettings()
144 {
145 include_once 'Services/Radius/classes/class.ilRadiusSettings.php';
146 $this->radius_settings = ilRadiusSettings::_getInstance();
147 }
148
149
156 private function initRADIUSAttributeToUser()
157 {
158 include_once('Services/Radius/classes/class.ilRadiusAttributeToUser.php');
159 $this->radius_user = new ilRadiusAttributeToUser();
160 }
161
167 protected function handleLDAPDataSource($a_auth,$ext_account)
168 {
169 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
172 );
173
174 $GLOBALS['ilLog']->write(__METHOD__.'Using ldap data source');
175
176 include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
177 $sync = new ilLDAPUserSynchronisation('radius', $server->getServerId());
178 $sync->setExternalAccount($ext_account);
179 $sync->setUserData(array());
180 $sync->forceCreation($this->force_creation);
181
182 try {
183 $internal_account = $sync->sync();
184 }
185 catch(UnexpectedValueException $e) {
186 $GLOBALS['ilLog']->write(__METHOD__.': Login failed with message: '. $e->getMessage());
187 $a_auth->status = AUTH_WRONG_LOGIN;
188 $a_auth->logout();
189 return false;
190 }
192 // No syncronisation allowed => create Error
193 $GLOBALS['ilLog']->write(__METHOD__.': Login failed with message: '. $e->getMessage());
194 $a_auth->status = AUTH_RADIUS_NO_ILIAS_USER;
195 $a_auth->logout();
196 return false;
197 }
199 $GLOBALS['ilLog']->write(__METHOD__.': Starting account migration.');
200 $a_auth->logout();
201 ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
202 }
203
204 $a_auth->setAuth($internal_account);
205 return true;
206 }
207
212 {
213 return true;
214 }
215}
216
217?>
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
$_SESSION["AccountId"]
const AUTH_RADIUS_NO_ILIAS_USER
const AUTH_RADIUS
@classDescription Overwritten Pear class AuthContainerRadius This class is overwritten to support to ...
forceCreation($a_status)
Force creation of user accounts.
loginObserver($a_username, $a_auth)
Called from base class after successful login.
initSettings()
Init radius settings.
initRADIUSAttributeToUser()
Init RADIUS attribute mapping.
handleLDAPDataSource($a_auth, $ext_account)
Handle ldap as data source.
Description of ilLDAPAccountMigrationRequiredException.
static getDataSource($a_auth_mode)
static getInstanceByServerId($a_server_id)
Get instance by server id.
static isDataSourceActive($a_auth_mode)
Check if a data source is active for a specific auth mode @global ilDB $ilDB.
Synchronization of user accounts used in auth container ldap, radius , cas,...
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
static _getInstance()
singleton get instance
static redirect($a_script)
http redirect to other script
$_POST['username']
Definition: cron.php:12
$server
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276