ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilAuthUtils.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4
5
6// define auth modes
7define ("AUTH_LOCAL",1);
8define ("AUTH_LDAP",2);
9define ("AUTH_RADIUS",3);
10define ("AUTH_SCRIPT",4);
11define ("AUTH_SHIBBOLETH",5);
12define ("AUTH_CAS",6);
13define ("AUTH_SOAP",7);
14// BEGIN WebDAV: Add support for HTTP authentication
15define ("AUTH_HTTP",8);
16// END WebDAV: Add support for HTTP authentication
17define ("AUTH_ECS",9);
18
19define ("AUTH_APACHE",11);
20
21define ("AUTH_INACTIVE",18);
22
23define('AUTH_MULTIPLE',20);
24
25define ('AUTH_SESSION', 21);
26
27define('AUTH_SOAP_NO_ILIAS_USER', -100);
28define('AUTH_LDAP_NO_ILIAS_USER',-200);
29define('AUTH_RADIUS_NO_ILIAS_USER',-300);
30
31// apache auhtentication failed...
32// maybe no (valid) certificate or
33// username could not be extracted
34define('AUTH_APACHE_FAILED', -500);
35
36
37define('AUTH_MODE_INACTIVE',-1000);
38
39// an external user cannot be found in ilias, but his email address
40// matches one or more ILIAS users
41define('AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL', -101);
42define('AUTH_CAS_NO_ILIAS_USER', -90);
43
44// ilUser validation (no login)
45define('AUTH_USER_WRONG_IP', -600);
46define('AUTH_USER_INACTIVE', -601);
47define('AUTH_USER_TIME_LIMIT_EXCEEDED', -602);
48define('AUTH_USER_SIMULTANEOUS_LOGIN', -603);
49define('AUTH_CAPTCHA_INVALID', -604);
50
51
52include_once './Services/Authentication/classes/class.ilAuthFactory.php';
53require_once('Services/Authentication/classes/class.ilSessionControl.php');
54
55
63class ilAuthUtils
64{
65 const LOCAL_PWV_FULL = 1;
66 const LOCAL_PWV_NO = 2;
67 const LOCAL_PWV_USER = 3;
68
69
73 public static function initSession()
74 {
75
76 }
77
78 public static function handleForcedAuthentication()
79 {
80 if(isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']))
81 {
82 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
83 $credentials = new ilAuthFrontendCredentials();
84 $credentials->setUsername($_GET['ecs_login']);
85 $credentials->setAuthMode(AUTH_ECS);
86
87 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
88 $provider_factory = new ilAuthProviderFactory();
89 $providers = $provider_factory->getProviders($credentials);
90
91 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
92 $status = ilAuthStatus::getInstance();
93
94 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
95 $frontend_factory = new ilAuthFrontendFactory();
96 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
97 $frontend = $frontend_factory->getFrontend(
98 $GLOBALS['DIC']['ilAuthSession'],
99 $status,
100 $credentials,
101 $providers
102 );
103
104 $frontend->authenticate();
105
106 switch($status->getStatus())
107 {
108 case ilAuthStatus::STATUS_AUTHENTICATED:
109 return;
110
111 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
112 ilInitialisation::goToPublicSection();
113 return;
114 }
115 }
116 }
117
118
122 public static function _initAuth()
123 {
124 global $ilAuth, $ilSetting, $ilDB, $ilClientIniFile,$ilBench;
125
126 $user_auth_mode = false;
127 $ilBench->start('Auth','initAuth');
128
129
130 // get default auth mode
131 //$default_auth_mode = $this->getSetting("auth_mode");
132 define ("AUTH_DEFAULT", $ilSetting->get("auth_mode") ? $ilSetting->get("auth_mode") : AUTH_LOCAL);
133
134 // determine authentication method if no session is found and username & password is posted
135 // does this if statement make any sense? we enter this block nearly everytime.
136
137 if(
138 empty($_SESSION) ||
139 (!isset($_SESSION['_authsession']['registered']) ||
140 $_SESSION['_authsession']['registered'] !== true))
141 {
142 ilLoggerFactory::getLogger('auth')->debug('User is not remembered');
143
144 // no sesssion found
145 if (isset($_POST['username']) and $_POST['username'] != '' and $_POST['password'] != '' or isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']) or isset($_POST['oid_username']) or isset($_GET['oid_check_status']))
146 {
147 $user_auth_mode = ilAuthUtils::_getAuthModeOfUser($_POST['username'], $_POST['password'], $ilDB);
148 ilLoggerFactory::getLogger('auth')->debug('Authmode is '. $user_auth_mode);
149
150 if ($user_auth_mode == AUTH_CAS && $ilSetting->get("cas_allow_local"))
151 {
152 $user_auth_mode = AUTH_LOCAL;
153 }
154 if ($user_auth_mode == AUTH_SOAP && $ilSetting->get("soap_auth_allow_local"))
155 {
156 $user_auth_mode = AUTH_LOCAL;
157 }
158 if ($user_auth_mode == AUTH_SHIBBOLETH && $ilSetting->get("shib_auth_allow_local"))
159 {
160 $user_auth_mode = AUTH_LOCAL;
161 }
162 }
163 else if ($_POST['auth_mode'] == AUTH_APACHE)
164 {
165 $user_auth_mode = AUTH_APACHE;
166 }
167 }
168
169 // to do: other solution?
170 if (!$ilSetting->get("soap_auth_active") && $user_auth_mode == AUTH_SOAP)
171 {
172 $user_auth_mode = AUTH_LOCAL;
173 }
174
175 if($ilSetting->get("cas_active") && $_GET['forceCASLogin'])
176 {
177 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_CAS);
178 $user_auth_mode = AUTH_CAS;
179 }
180
181 if($ilSetting->get("apache_active") && $user_auth_mode == AUTH_APACHE)
182 {
183 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
184 $user_auth_mode = AUTH_APACHE;
185 }
186
187 // begin-patch auth
188 $user_auth_mode = AUTH_SESSION;
189
190
191 // BEGIN WebDAV: Share session between browser and WebDAV client.
192 // The realm is needed to support a common session between Auth_HTTP and Auth.
193 // It also helps us to distinguish between parallel sessions run on different clients.
194 // Common session only works if we use a common session name starting with "_authhttp".
195 // We must use the "_authttp" prefix, because it is hardcoded in the session name of
196 // class Auth_HTTP.
197 // Whenever we use Auth_HTTP, we need to explicitly switch off "sessionSharing", because
198 // it interfers with the session mechanism of the other Auth modules. If we would
199 // keep this switched on, then users could steal each others session, which would cause
200 // a major security breach.
201 // Note: The realm and sessionName used here, must be the same as in
202 // class ilBaseAuthentication. Otherwise, Soap clients won't be able to log
203 // in to ILIAS.
204 $realm = CLIENT_ID;
205 //$this->writelog('ilias.php realm='.$realm);
206 // END WebDAV: Share session between browser and WebDAV client.
207
208//var_dump($_SESSION);
209//echo "1-".$ilSetting->get("soap_auth_active")."-";
210 // if soap authentication activated and soap credentials given
211 if (($ilSetting->get("soap_auth_active") && !empty($_GET["ext_uid"])
212 && !empty($_GET["soap_pw"])) || $user_auth_mode == AUTH_SOAP)
213 {
214
215 define('AUTH_CURRENT',AUTH_SOAP);
216 }
217 // if Shibboleth is active and the user is authenticated
218 // we set auth_mode to Shibboleth
219 else if ( $ilSetting->get("shib_active")
220 && $_SERVER[$ilSetting->get("shib_login")])
221 {
222 define ("AUTH_CURRENT", AUTH_SHIBBOLETH);
223 }
224 else
225 {
226 define ("AUTH_CURRENT", $user_auth_mode);
227 }
228//var_dump($_SESSION);
229
230 // Determine the authentication method to use
231 if (defined("WebDAV_Authentication") && WebDAV_Authentication == 'HTTP') {
232 // Since WebDAV clients create the login form by
233 // themselves, we can not provide buttons on the form for
234 // choosing an authentication method.
235 // If the user is already logged in, we continue using
236 // the current authentication method. If the user is
237 // not logged in yet, we use the "multiple authentication"
238 // method using a predefined sequence of authentication methods.
239 $authmode = AUTH_CURRENT ? AUTH_CURRENT : AUTH_MULTIPLE;
240 }
241 else
242 {
243 $authmode = AUTH_CURRENT;
244 }
245//var_dump($authmode);
246 // if no auth mode selected AND default mode is AUTH_APACHE then use it...
247 if ($authmode == null && AUTH_DEFAULT == AUTH_APACHE)
248 $authmode = AUTH_APACHE;
249
250 // begin-patch ldap_multiple
251 // we cast to int => AUTH_LDAP_1 matches AUTH_LDAP
252 switch ((int) $authmode)
253 {
254 case AUTH_LDAP:
255
256 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
257 $sid = ilLDAPServer::getServerIdByAuthMode($authmode);
258 include_once './Services/LDAP/classes/class.ilAuthContainerLDAP.php';
259 $ilAuth = ilAuthFactory::factory(new ilAuthContainerLDAP($sid));
260 break;
261
262 case AUTH_RADIUS:
263
264 include_once './Services/Radius/classes/class.ilAuthContainerRadius.php';
265 $ilAuth = ilAuthFactory::factory(new ilAuthContainerRadius());
266 break;
267
268 case AUTH_SHIBBOLETH:
269 include_once './Services/AuthShibboleth/classes/class.ilShibboleth.php';
270 $ilAuth = new ShibAuth(array(),true);
271 break;
272
273 case AUTH_CAS:
274
275 include_once './Services/CAS/classes/class.ilAuthContainerCAS.php';
276 $ilAuth = ilAuthFactory::factory(new ilAuthContainerCAS());
277 break;
278
279 case AUTH_SOAP:
280
281 include_once './Services/SOAPAuth/classes/class.ilAuthContainerSOAP.php';
282 $ilAuth = ilAuthFactory::factory(new ilAuthContainerSOAP());
283 break;
284
285 case AUTH_MULTIPLE:
286
287 include_once './Services/Authentication/classes/class.ilAuthContainerMultiple.php';
288 $ilAuth = ilAuthFactory::factory(new ilAuthContainerMultiple());
289 break;
290
291 case AUTH_ECS:
292 include_once './Services/WebServices/ECS/classes/class.ilAuthContainerECS.php';
293 $ilAuth = ilAuthFactory::factory(new ilAuthContainerECS());
294 break;
295
296
297 case AUTH_INACTIVE:
298 require_once('./Services/Authentication/classes/class.ilAuthInactive.php');
299 $ilAuth = new ilAuthInactive(AUTH_MODE_INACTIVE);
300 break;
301
302 case AUTH_APACHE:
303 include_once './Services/AuthApache/classes/class.ilAuthContainerApache.php';
304 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
305 $ilAuth = ilAuthFactory::factory(new ilAuthContainerApache());
306 break;
307
308 // begin-patch auth_plugin
309 case AUTH_LOCAL:
310 global $ilDB;
311 if($ilDB instanceof ilDBPdo) {
312 require_once 'Services/Authentication/classes/PDO/class.ilPDOAuthentication.php';
313 $ilAuth = new ilPDOAuthentication(ilAuthFactory::getContextOptions(ilAuthFactory::getContext()));
314 } else {
315 include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
316 $ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
317 }
318 break;
319
320 case AUTH_SESSION:
321
322
323 default:
324 // check for plugin
325 if($authmode)
326 {
327 foreach(self::getAuthPlugins() as $pl)
328 {
329 $container = $pl->getContainer($authmode);
330 if($container instanceof Auth_Container)
331 {
332 ilLoggerFactory::getLogger('auth')->info('Using plugin authentication with auth mode ' . $authmode);
333 $ilAuth = ilAuthFactory::factory($container);
334 break 2;
335 }
336 }
337 }
338 #$GLOBALS['ilLog']->write(__METHOD__.' Using default authentication');
339 // default for logged in users
340 if($ilDB instanceof ilDBPdo) {
341 require_once 'Services/Authentication/classes/PDO/class.ilPDOAuthentication.php';
342 $ilAuth = new ilPDOAuthentication();
343 } else {
344 include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
345 $ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
346 }
347 break;
348 // end-patch auth_plugin
349 }
350
351 // Due to a bug in Pear Auth_HTTP, we can't use idle time
352 // with WebDAV clients. If we used it, users could never log
353 // back into ILIAS once their session idled out. :(
354 if (!defined("WebDAV_Authentication") || WebDAV_Authentication != 'HTTP')
355 {
356 $ilAuth->setIdle(ilSession::getIdleValue(), false);
357 }
358 $ilAuth->setExpire(0);
359
360 ini_set("session.cookie_lifetime", "0");
361//echo "-".get_class($ilAuth)."-";
362
363 ilSessionControl::checkExpiredSession();
364
365 $ilBench->stop('Auth','initAuth');
366 ilLoggerFactory::getLogger('auth')->debug('Using auth implementation: ' . get_class($ilAuth));
367 }
368
369 static function _getAuthModeOfUser($a_username,$a_password,$a_db_handler = '')
370 {
371 global $ilDB;
372
373 if(isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']))
374 {
375 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_ECS);
376 return AUTH_ECS;
377 }
378 if(isset($_POST['auth_mode']))
379 {
380 // begin-patch ldap_multiple
381 return $_POST['auth_mode'];
382 // end-patch ldap_multiple
383 }
384
385 include_once('./Services/Authentication/classes/class.ilAuthModeDetermination.php');
386 $det = ilAuthModeDetermination::_getInstance();
387
388 if(!$det->isManualSelection() and $det->getCountActiveAuthModes() > 1)
389 {
390 ilLoggerFactory::getLogger('auth')->debug('Using AUTH_MULTIPLE');
391 return AUTH_MULTIPLE;
392 }
393
394
395 $db =& $ilDB;
396
397 if ($a_db_handler != '')
398 {
399 $db =& $a_db_handler;
400 }
401
402 // Is it really necessary to check the auth mode with password ?
403 // Changed: smeyer
404 $q = "SELECT auth_mode FROM usr_data WHERE ".
405 "login = ".$ilDB->quote($a_username);
406 //"passwd = ".$ilDB->quote(md5($a_password))."";
407
408
409 $r = $db->query($q);
410 $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
411//echo "+".$row->auth_mode."+";
412
413
414 $auth_mode = self::_getAuthMode($row->auth_mode,$db);
415
416 return in_array($auth_mode,self::_getActiveAuthModes()) ? $auth_mode : AUTH_INACTIVE;
417 }
418
419 static function _getAuthMode($a_auth_mode,$a_db_handler = '')
420 {
421 global $ilDB, $ilSetting;
422
423 $db =& $ilDB;
424
425 if ($a_db_handler != '')
426 {
427 $db =& $a_db_handler;
428 }
429
430 // begin-patch ldap_multiple
431 if(strpos($a_auth_mode, '_') !== FALSE)
432 {
433 $auth_arr = explode('_',$a_auth_mode);
434 $auth_switch = $auth_arr[0];
435 }
436 else
437 {
438 $auth_switch = $a_auth_mode;
439 }
440 switch ($auth_switch)
441 {
442 case "local":
443 return AUTH_LOCAL;
444 break;
445
446 case "ldap":
447 // begin-patch ldap_multiple
448 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
449 return ilLDAPServer::getKeyByAuthMode($a_auth_mode);
450 // end-patch ldap_multiple
451
452 case "radius":
453 return AUTH_RADIUS;
454 break;
455
456 case "script":
457 return AUTH_SCRIPT;
458 break;
459
460 case "shibboleth":
461 return AUTH_SHIBBOLETH;
462 break;
463
464 case "cas":
465 return AUTH_CAS;
466 break;
467
468 case "soap":
469 return AUTH_SOAP;
470 break;
471
472 case 'ecs':
473 return AUTH_ECS;
474
475 case 'apache':
476 return AUTH_APACHE;
477
478 default:
479 return $ilSetting->get("auth_mode");
480 break;
481 }
482 }
483
484 public static function _getAuthModeName($a_auth_key)
485 {
486 global $ilias;
487
488 // begin-patch ldap_multiple
489 switch ((int) $a_auth_key)
490 {
491 case AUTH_LOCAL:
492 return "local";
493 break;
494
495 case AUTH_LDAP:
496 // begin-patch ldap_multiple
497 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
498 return ilLDAPServer::getAuthModeByKey($a_auth_key);
499 // end-patch ldap_multiple
500
501 case AUTH_RADIUS:
502 return "radius";
503 break;
504
505 case AUTH_CAS:
506 return "cas";
507 break;
508
509 case AUTH_SCRIPT:
510 return "script";
511 break;
512
513 case AUTH_SHIBBOLETH:
514 return "shibboleth";
515 break;
516
517 case AUTH_SOAP:
518 return "soap";
519 break;
520
521 case AUTH_ECS:
522 return 'ecs';
523
524 case AUTH_APACHE:
525 return 'apache';
526
527 default:
528 return "default";
529 break;
530 }
531 }
532
533 static function _getActiveAuthModes()
534 {
535 global $ilias,$ilSetting;
536
537 $modes = array(
538 'default' => $ilSetting->get("auth_mode"),
539 'local' => AUTH_LOCAL
540 );
541 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
542 // begin-patch ldap_multiple
543 foreach(ilLDAPServer::_getActiveServerList() as $sid)
544 {
545 $modes['ldap_'.$sid] = (AUTH_LDAP.'_'.$sid);
546 }
547 // end-patch ldap_multiple
548 if ($ilSetting->get("radius_active")) $modes['radius'] = AUTH_RADIUS;
549 if ($ilSetting->get("shib_active")) $modes['shibboleth'] = AUTH_SHIBBOLETH;
550 if ($ilSetting->get("script_active")) $modes['script'] = AUTH_SCRIPT;
551 if ($ilSetting->get("cas_active")) $modes['cas'] = AUTH_CAS;
552 if ($ilSetting->get("soap_auth_active")) $modes['soap'] = AUTH_SOAP;
553 if ($ilSetting->get("apache_active")) $modes['apache'] = AUTH_APACHE;
554
555 include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
556 if(ilECSServerSettings::getInstance()->activeServerExists())
557 {
558 $modes['ecs'] = AUTH_ECS;
559 }
560
561 // begin-path auth_plugin
562 foreach(self::getAuthPlugins() as $pl)
563 {
564 foreach($pl->getAuthIds() as $auth_id)
565 {
566 if($pl->isAuthActive($auth_id))
567 {
568 $modes[$pl->getAuthName($auth_id)] = $auth_id;
569 }
570 }
571 }
572 // end-path auth_plugin
573 return $modes;
574 }
575
576 static function _getAllAuthModes()
577 {
578 $modes = array(
579 AUTH_LOCAL,
580 AUTH_LDAP,
581 AUTH_SHIBBOLETH,
582 AUTH_CAS,
583 AUTH_SOAP,
584 AUTH_RADIUS,
585 AUTH_ECS,
586 AUTH_OPENID,
587 AUTH_APACHE
588 );
589 $ret = array();
590 foreach($modes as $mode)
591 {
592 // multi ldap implementation
593 if($mode == AUTH_LDAP)
594 {
595 foreach(ilLDAPServer::_getServerList() as $ldap_id)
596 {
597 $id = AUTH_LDAP . '_' . $ldap_id;
598 $ret[$id] = ilAuthUtils::_getAuthModeName($id);
599 }
600 continue;
601 }
602 $ret[$mode] = ilAuthUtils::_getAuthModeName($mode);
603 }
604 return $ret;
605 }
606
611 public static function _generateLogin($a_login)
612 {
613 global $ilDB;
614
615 // Check if username already exists
616 $found = false;
617 $postfix = 0;
618 $c_login = $a_login;
619 while(!$found)
620 {
621 $r = $ilDB->query("SELECT login FROM usr_data WHERE login = ".
622 $ilDB->quote($c_login));
623 if ($r->numRows() > 0)
624 {
625 $postfix++;
626 $c_login = $a_login.$postfix;
627 }
628 else
629 {
630 $found = true;
631 }
632 }
633
634 return $c_login;
635 }
636
637 public static function _hasMultipleAuthenticationMethods()
638 {
639 include_once('Services/Radius/classes/class.ilRadiusSettings.php');
640
641 $rad_settings = ilRadiusSettings::_getInstance();
642 if($rad_settings->isActive())
643 {
644 return true;
645 }
646 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
647
648 if (count(ilLDAPServer::_getActiveServerList()))
649 return true;
650
651 global $ilSetting;
652
653 if ($ilSetting->get('apache_active')) {
654 return true;
655 }
656
657 // begin-patch auth_plugin
658 foreach(ilAuthUtils::getAuthPlugins() as $pl)
659 {
660 foreach($pl->getAuthIds() as $auth_id)
661 {
662 if($pl->getMultipleAuthModeOptions($auth_id))
663 {
664 return true;
665 }
666 }
667 }
668 // end-patch auth_plugin
669
670
671 return false;
672 }
673
674 public static function _getMultipleAuthModeOptions($lng)
675 {
676 global $ilSetting;
677
678 // in the moment only ldap is activated as additional authentication method
679 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
680
681 $options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
682
683
684 // begin-patch ldap_multiple
685 foreach(ilLDAPServer::_getActiveServerList() as $sid)
686 {
687 $server = ilLDAPServer::getInstanceByServerId($sid);
688 $options[AUTH_LDAP.'_'.$sid]['txt'] = $server->getName();
689 }
690 // end-patch ldap_multiple
691
692 include_once('Services/Radius/classes/class.ilRadiusSettings.php');
693 $rad_settings = ilRadiusSettings::_getInstance();
694 if($rad_settings->isActive())
695 {
696 $options[AUTH_RADIUS]['txt'] = $rad_settings->getName();
697 }
698
699 if ($ilSetting->get('apache_active'))
700 {
701 global $lng;
702 $apache_settings = new ilSetting('apache_auth');
703 $options[AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
704 $options[AUTH_APACHE]['hide_in_ui'] = true;
705 }
706
707 if($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_LDAP)
708 {
709 $default = AUTH_LDAP;
710 }
711 elseif($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_RADIUS)
712 {
713 $default = AUTH_RADIUS;
714 }
715 else
716 {
717 $default = AUTH_LOCAL;
718 }
719
720 $default = $ilSetting->get('default_auth_mode',$default);
721 $default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default;
722
723
724 // begin-patch auth_plugin
725 $pls = ilAuthUtils::getAuthPlugins();
726 foreach($pls as $pl)
727 {
728 $auths = $pl->getAuthIds();
729 foreach($auths as $auth_id)
730 {
731 $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
732 if($pl_auth_option)
733 {
734 $options = $options + $pl_auth_option;
735 }
736 }
737 }
738 // end-patch auth_plugins
739
740 if(array_key_exists($default, $options))
741 {
742 $options[$default]['checked'] = true;
743 }
744
745 return $options ? $options : array();
746 }
747
757 public static function _isExternalAccountEnabled()
758 {
759 global $ilSetting;
760
761 if($ilSetting->get("cas_active"))
762 {
763 return true;
764 }
765 if($ilSetting->get("soap_auth_active"))
766 {
767 return true;
768 }
769 if($ilSetting->get("shib_active"))
770 {
771 return true;
772 }
773 if($ilSetting->get('radius_active'))
774 {
775 return true;
776 }
777 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
778 if(count(ilLDAPServer::_getActiveServerList()))
779 {
780 return true;
781 }
782
783 // begin-path auth_plugin
784 foreach(self::getAuthPlugins() as $pl)
785 {
786 foreach($pl->getAuthIds() as $auth_id)
787 {
788 if($pl->isAuthActive($auth_id) and $pl->isExternalAccountNameRequired($auth_id))
789 {
790 return true;
791 }
792 }
793 }
794 // end-path auth_plugin
795
796 return false;
797 }
798
807 public static function _allowPasswordModificationByAuthMode($a_auth_mode)
808 {
809 // begin-patch ldap_multiple
810 // cast to int
811 switch((int) $a_auth_mode)
812 {
813 case AUTH_LDAP:
814 case AUTH_RADIUS:
815 case AUTH_ECS:
816 return false;
817 default:
818 return true;
819 }
820 }
821
830 public static function _needsExternalAccountByAuthMode($a_auth_mode)
831 {
832 switch($a_auth_mode)
833 {
834 case AUTH_LOCAL:
835 case AUTH_APACHE:
836 return false;
837 default:
838 return true;
839 }
840 }
841
845 public static function isPasswordModificationHidden()
846 {
848 global $ilSetting;
849
850 if ($ilSetting->get('usr_settings_hide_password') || $ilSetting->get('usr_settings_disable_password')) {
851 return true;
852 }
853
854 return false;
855 }
856
862 public static function isLocalPasswordEnabledForAuthMode($a_authmode)
863 {
864 global $ilSetting;
865
866 switch((int) $a_authmode)
867 {
868 // always enabled
869 case AUTH_LOCAL:
870 case AUTH_APACHE:
871 return true;
872
873 // No local passwords for these auth modes
874 case AUTH_LDAP:
875 case AUTH_RADIUS:
876 case AUTH_ECS:
877 case AUTH_SCRIPT:
878 return false;
879
880 case AUTH_SHIBBOLETH:
881 return $ilSetting->get("shib_auth_allow_local");
882 case AUTH_SOAP:
883 return $ilSetting->get("soap_auth_allow_local");
884 case AUTH_CAS:
885 return $ilSetting->get("cas_allow_local");
886
887 }
888 return false;
889 }
890
891
892
898 public static function isPasswordModificationEnabled($a_authmode)
899 {
900 global $ilSetting;
901
902 if (self::isPasswordModificationHidden()) {
903 return false;
904 }
905
906 // begin-patch ldap_multiple
907 // cast to int
908 switch((int) $a_authmode)
909 {
910 // No local passwords for these auth modes
911 case AUTH_LDAP:
912 case AUTH_RADIUS:
913 case AUTH_ECS:
914 case AUTH_SCRIPT:
915 return false;
916
917 // Always for and local
918 case AUTH_LOCAL:
919 case AUTH_APACHE:
920 return true;
921
922 // Read setting:
923 case AUTH_SHIBBOLETH:
924 return $ilSetting->get("shib_auth_allow_local");
925 case AUTH_SOAP:
926 return $ilSetting->get("soap_auth_allow_local");
927 case AUTH_CAS:
928 return $ilSetting->get("cas_allow_local");
929 }
930 }
931
937 public static function supportsLocalPasswordValidation($a_authmode)
938 {
939 // begin-patch ldap_multiple
940 // cast to int
941 switch((int) $a_authmode)
942 {
943 case AUTH_LDAP:
944 case AUTH_LOCAL:
945 case AUTH_RADIUS:
946 return ilAuthUtils::LOCAL_PWV_FULL;
947
948 case AUTH_SHIBBOLETH:
949 case AUTH_SOAP:
950 case AUTH_CAS:
951 if(!ilAuthUtils::isPasswordModificationEnabled($a_authmode))
952 {
953 return ilAuthUtils::LOCAL_PWV_NO;
954 }
955 return ilAuthUtils::LOCAL_PWV_USER;
956
957 case AUTH_ECS:
958 case AUTH_SCRIPT:
959 case AUTH_APACHE:
960 default:
961 return ilAuthUtils::LOCAL_PWV_USER;
962 }
963 }
964
965 // begin-patch auth_plugin
970 public static function getAuthPlugins()
971 {
972 $pls = $GLOBALS['ilPluginAdmin']->getActivePluginsForSlot(
973 IL_COMP_SERVICE,
974 'Authentication',
975 'authhk'
976 );
977 $pl_objs = array();
978 foreach($pls as $pl)
979 {
980 $pl_objs[] = $GLOBALS['ilPluginAdmin']->getPluginObject(
981 IL_COMP_SERVICE,
982 'Authentication',
983 'authhk',
984 $pl
985 );
986 }
987 return $pl_objs;
988 }
989 // end-patch auth_plugins
990
995 public static function getAuthModeTranslation($a_auth_key)
996 {
997 global $lng;
998
999 switch((int) $a_auth_key)
1000 {
1001 case AUTH_LDAP:
1002 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
1003 $sid = ilLDAPServer::getServerIdByAuthMode($a_auth_key);
1004 $server = ilLDAPServer::getInstanceByServerId($sid);
1005 return $server->getName();
1006
1007 default:
1008 return $lng->txt('auth_'.self::_getAuthModeName($a_auth_key));
1009 }
1010 }
1011}
1012?>
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
Auth_Container
php
An exception for terminatinating execution or to throw for unit testing.
AUTH_SHIBBOLETH
const AUTH_SHIBBOLETH
Definition: class.ilAuthUtils.php:11
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:19
AUTH_SESSION
const AUTH_SESSION
Definition: class.ilAuthUtils.php:25
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:17
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
AUTH_MULTIPLE
const AUTH_MULTIPLE
Definition: class.ilAuthUtils.php:23
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
AUTH_SCRIPT
const AUTH_SCRIPT
Definition: class.ilAuthUtils.php:10
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
AUTH_INACTIVE
const AUTH_INACTIVE
Definition: class.ilAuthUtils.php:21
AUTH_MODE_INACTIVE
const AUTH_MODE_INACTIVE
Definition: class.ilAuthUtils.php:37
AUTH_SOAP
const AUTH_SOAP
Definition: class.ilAuthUtils.php:13
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6
ilAuthContainerApache
Authentication against ILIAS database.
Definition: class.ilAuthContainerApache.php:13
ilAuthContainerCAS
@classDescription CAS authentication
Definition: class.ilAuthContainerCAS.php:15
ilAuthContainerECS
Custom PEAR Auth Container for ECS auth checks.
Definition: class.ilAuthContainerECS.php:35
ilAuthContainerLDAP
Overwritten Pear class AuthContainerLDAP This class is overwritten to support nested groups.
Definition: class.ilAuthContainerLDAP.php:37
ilAuthContainerMDB2
Authentication against ILIAS database.
Definition: class.ilAuthContainerMDB2.php:36
ilAuthContainerRadius
@classDescription Overwritten Pear class AuthContainerRadius This class is overwritten to support to ...
Definition: class.ilAuthContainerRadius.php:38
ilAuthContainerSOAP
@classDescription Authentication against external SOAP server
Definition: class.ilAuthContainerSOAP.php:36
ilAuthFactory\factory
static factory(ilAuthContainerBase $deco)
The factory.
Definition: class.ilAuthFactory.php:130
ilAuthFactory\getContextOptions
static getContextOptions()
Get options for a specific context.
Definition: class.ilAuthFactory.php:116
ilAuthFactory\setContext
static setContext($a_context)
set context
Definition: class.ilAuthFactory.php:95
ilAuthFrontendFactory
Factory for auth frontend classes.
Definition: class.ilAuthFrontendFactory.php:12
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:42
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:19
ilAuthUtils
static utility functions used to manage authentication modes
Definition: class.ilAuthUtils.php:64
ilAuthUtils\_allowPasswordModificationByAuthMode
static _allowPasswordModificationByAuthMode($a_auth_mode)
Allow password modification.
Definition: class.ilAuthUtils.php:807
ilAuthUtils\_getAuthMode
static _getAuthMode($a_auth_mode, $a_db_handler='')
Definition: class.ilAuthUtils.php:419
ilAuthUtils\_getActiveAuthModes
static _getActiveAuthModes()
Definition: class.ilAuthUtils.php:533
ilAuthUtils\initSession
static initSession()
Initialize session.
Definition: class.ilAuthUtils.php:73
ilAuthUtils\supportsLocalPasswordValidation
static supportsLocalPasswordValidation($a_authmode)
Check if local password validation is supported.
Definition: class.ilAuthUtils.php:937
ilAuthUtils\isLocalPasswordEnabledForAuthMode
static isLocalPasswordEnabledForAuthMode($a_authmode)
Check if local password validation is enabled for a specific auth_mode.
Definition: class.ilAuthUtils.php:862
ilAuthUtils\_getAuthModeOfUser
static _getAuthModeOfUser($a_username, $a_password, $a_db_handler='')
Definition: class.ilAuthUtils.php:369
ilAuthUtils\_getMultipleAuthModeOptions
static _getMultipleAuthModeOptions($lng)
Definition: class.ilAuthUtils.php:674
ilAuthUtils\_isExternalAccountEnabled
static _isExternalAccountEnabled()
Check if an external account name is required.
Definition: class.ilAuthUtils.php:757
ilAuthUtils\getAuthPlugins
static getAuthPlugins()
Get active enabled auth plugins.
Definition: class.ilAuthUtils.php:970
ilAuthUtils\getAuthModeTranslation
static getAuthModeTranslation($a_auth_key)
Definition: class.ilAuthUtils.php:995
ilAuthUtils\_initAuth
static _initAuth()
initialises $ilAuth
Definition: class.ilAuthUtils.php:122
ilAuthUtils\_hasMultipleAuthenticationMethods
static _hasMultipleAuthenticationMethods()
Definition: class.ilAuthUtils.php:637
ilAuthUtils\isPasswordModificationEnabled
static isPasswordModificationEnabled($a_authmode)
Check if password modification is enabled.
Definition: class.ilAuthUtils.php:898
ilAuthUtils\_generateLogin
static _generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:611
ilAuthUtils\_needsExternalAccountByAuthMode
static _needsExternalAccountByAuthMode($a_auth_mode)
Check if chosen auth mode needs an external account entry.
Definition: class.ilAuthUtils.php:830
ilAuthUtils\handleForcedAuthentication
static handleForcedAuthentication()
Definition: class.ilAuthUtils.php:78
ilAuthUtils\_getAllAuthModes
static _getAllAuthModes()
Definition: class.ilAuthUtils.php:576
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:484
ilDBPdo
Class pdoDB.
Definition: class.ilDBPdo.php:18
ilECSServerSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilECSServerSettings.php:54
ilInitialisation\goToPublicSection
static goToPublicSection()
go to public section
Definition: class.ilInitialisation.php:631
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:387
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:200
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:105
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey($a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:401
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:416
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilRadiusSettings\_getInstance
static _getInstance()
singleton get instance
Definition: class.ilRadiusSettings.php:74
ilSessionControl\checkExpiredSession
static checkExpiredSession()
checks for possibly expired session should be called from ilAuthUtils::__initAuth() so it's called be...
Definition: class.ilSessionControl.php:85
ilSession\getIdleValue
static getIdleValue($fixedMode=false)
Returns the idle time in seconds.
Definition: class.ilSession.php:342
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:33
$server
$server
Definition: dummy_client.php:12
$r
$r
Definition: example_031.php:79
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$ilBench
global $ilBench
Definition: ilias.php:18
$ret
$ret
Definition: parser.php:6
defined
defined( 'APPLICATION_ENV')||define( 'APPLICATION_ENV'
Definition: bootstrap.php:27
$lng
global $lng
Definition: privfeed.php:17
$ilSetting
global $ilSetting
Definition: privfeed.php:17
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$options
if(!is_array($argv)) $options
Definition: tcpdf_addfont.php:137
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
WebDAV_Authentication
const WebDAV_Authentication
Definition: webdav.php:30