ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilAuthContainerRadius.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 include_once('Auth/Container/RADIUS.php');
25 
37 class ilAuthContainerRadius extends Auth_Container_Radius
38 {
39  private $radius_settings = null;
40  private $rad_to_user = null;
41  private $log = null;
42  private $force_creation = false;
43 
51  public function __construct()
52  {
53  $this->initSettings();
54 
55  // Convert password to latin1
56  if($this->radius_settings->getCharset() == ilRadiusSettings::RADIUS_CHARSET_LATIN1)
57  {
58  #$_POST['username'] = utf8_decode($_POST['username']);
59  #$_POST['password'] = utf8_decode($_POST['password']);
60  $GLOBALS['ilLog']->write(__METHOD__.': Decoded username and password to latin1.');
61  }
62 
63  parent::__construct($this->radius_settings->toPearAuthArray());
64 
65  }
66 
67  /*
68  public function fetchData($username, $password, $challenge = null)
69  {
70  return true;
71  }
72  */
73 
81  public function forceCreation($a_status)
82  {
83  $this->force_creation = true;
84  }
85 
91  public function loginObserver($a_username,$a_auth)
92  {
93  // Radius with ldap as data source
94  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
95  if(ilLDAPServer::isDataSourceActive(AUTH_RADIUS))
96  {
97  return $this->handleLDAPDataSource($a_auth,$a_username);
98  }
99 
100  $user_data = array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
101  $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("radius",$a_username);
102 
103  if(!$user_data['ilInternalAccount'])
104  {
105  if($this->radius_settings->enabledCreation())
106  {
107  if($this->radius_settings->isAccountMigrationEnabled() and !$this->force_creation)
108  {
109  $a_auth->logout();
110  $_SESSION['tmp_auth_mode'] = 'radius';
111  $_SESSION['tmp_auth_mode_type'] = 'radius';
112  $_SESSION['tmp_external_account'] = $a_username;
113  $_SESSION['tmp_pass'] = $_POST['password'];
114  $_SESSION['tmp_roles'] = array(0 => $this->radius_settings->getDefaultRole());
115 
116  ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmd=showAccountMigration&cmdClass=ilstartupgui');
117  }
118  $this->initRADIUSAttributeToUser();
119  $new_name = $this->radius_user->create($a_username);
120  $a_auth->setAuth($new_name);
121  return true;
122  }
123  else
124  {
125  // No syncronisation allowed => create Error
126  $a_auth->status = AUTH_RADIUS_NO_ILIAS_USER;
127  $a_auth->logout();
128  return false;
129  }
130 
131  }
132  else
133  {
134  $a_auth->setAuth($user_data['ilInternalAccount']);
135  return true;
136  }
137  }
138 
143  private function initSettings()
144  {
145  include_once 'Services/Radius/classes/class.ilRadiusSettings.php';
146  $this->radius_settings = ilRadiusSettings::_getInstance();
147  }
148 
149 
156  private function initRADIUSAttributeToUser()
157  {
158  include_once('Services/Radius/classes/class.ilRadiusAttributeToUser.php');
159  $this->radius_user = new ilRadiusAttributeToUser();
160  }
161 
167  protected function handleLDAPDataSource($a_auth,$ext_account)
168  {
169  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
170  $server = ilLDAPServer::getInstanceByServerId(
171  ilLDAPServer::getDataSource(AUTH_RADIUS)
172  );
173 
174  $GLOBALS['ilLog']->write(__METHOD__.'Using ldap data source');
175 
176  include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
177  $sync = new ilLDAPUserSynchronisation('radius', $server->getServerId());
178  $sync->setExternalAccount($ext_account);
179  $sync->setUserData(array());
180  $sync->forceCreation($this->force_creation);
181 
182  try {
183  $internal_account = $sync->sync();
184  }
185  catch(UnexpectedValueException $e) {
186  $GLOBALS['ilLog']->write(__METHOD__.': Login failed with message: '. $e->getMessage());
187  $a_auth->status = AUTH_WRONG_LOGIN;
188  $a_auth->logout();
189  return false;
190  }
191  catch(ilLDAPSynchronisationForbiddenException $e) {
192  // No syncronisation allowed => create Error
193  $GLOBALS['ilLog']->write(__METHOD__.': Login failed with message: '. $e->getMessage());
194  $a_auth->status = AUTH_RADIUS_NO_ILIAS_USER;
195  $a_auth->logout();
196  return false;
197  }
198  catch(ilLDAPAccountMigrationRequiredException $e) {
199  $GLOBALS['ilLog']->write(__METHOD__.': Starting account migration.');
200  $a_auth->logout();
201  ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
202  }
203 
204  $a_auth->setAuth($internal_account);
205  return true;
206  }
207 
211  public function supportsCaptchaVerification()
212  {
213  return true;
214  }
215 }
216 
217 ?>
$_POST
$_POST['username']
Definition: cron.php:12
Auth_Container_Radius
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
ilAuthContainerRadius\initRADIUSAttributeToUser
initRADIUSAttributeToUser()
Init RADIUS attribute mapping.
Definition: class.ilAuthContainerRadius.php:156
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14
AUTH_RADIUS_NO_ILIAS_USER
const AUTH_RADIUS_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:28
ilLDAPUserSynchronisation\setExternalAccount
setExternalAccount($a_ext)
Set external account (unique for each auth mode)
Definition: class.ilLDAPUserSynchronisation.php:61
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilAuthContainerRadius\handleLDAPDataSource
handleLDAPDataSource($a_auth, $ext_account)
Handle ldap as data source.
Definition: class.ilAuthContainerRadius.php:167
ilLDAPServer\isDataSourceActive
static isDataSourceActive($a_auth_mode)
Check if a data source is active for a specific auth mode ilDB $ilDB.
Definition: class.ilLDAPServer.php:299
ilRadiusSettings\_getInstance
static _getInstance()
singleton get instance
Definition: class.ilRadiusSettings.php:74
ilAuthContainerRadius\forceCreation
forceCreation($a_status)
Force creation of user accounts.
Definition: class.ilAuthContainerRadius.php:81
ilLDAPServer\getDataSource
static getDataSource($a_auth_mode)
Definition: class.ilLDAPServer.php:314
$server
$server
Definition: dummy_client.php:12
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3766
ilAuthContainerRadius
Overwritten Pear class AuthContainerRadius This class is overwritten to support to perform Radius aut...
Definition: class.ilAuthContainerRadius.php:37
AUTH_WRONG_LOGIN
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
ilAuthContainerRadius\initSettings
initSettings()
Init radius settings.
Definition: class.ilAuthContainerRadius.php:143
$GLOBALS
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
ilAuthContainerRadius\loginObserver
loginObserver($a_username, $a_auth)
Called from base class after successful login.
Definition: class.ilAuthContainerRadius.php:91
ilUtil\redirect
static redirect($a_script)
http redirect to other script
Definition: class.ilUtil.php:3635
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9