ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilAuthProviderApache.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4include_once './Services/Authentication/classes/Provider/class.ilAuthProvider.php';
5include_once './Services/Authentication/interfaces/interface.ilAuthProviderInterface.php';
6include_once './Services/Authentication/interfaces/interface.ilAuthProviderAccountMigrationInterface.php';
7
14class ilAuthProviderApache extends ilAuthProvider implements ilAuthProviderInterface, ilAuthProviderAccountMigrationInterface
15{
16 const APACHE_AUTH_TYPE_DIRECT_MAPPING = 1;
17 const APACHE_AUTH_TYPE_EXTENDED_MAPPING = 2;
18 const APACHE_AUTH_TYPE_BY_FUNCTION = 3;
19
20 private $settings = null;
21
22 private $migration_account = '';
23 private $force_new_account = false;
24
25
30 public function __construct(\ilAuthCredentials $credentials)
31 {
32 parent::__construct($credentials);
33
34 include_once './Services/Administration/classes/class.ilSetting.php';
35 $this->settings = new ilSetting('apache_auth');
36 }
37
42 protected function getSettings()
43 {
44 return $this->settings;
45 }
46
51 public function doAuthentication(\ilAuthStatus $status)
52 {
53 if (!$this->getSettings()->get('apache_enable_auth')) {
54 $this->getLogger()->info('Apache auth disabled.');
55 $this->handleAuthenticationFail($status, 'apache_auth_err_disabled');
56 return false;
57 }
58
59 if (
60 !$this->getSettings()->get('apache_auth_indicator_name') ||
61 !$this->getSettings()->get('apache_auth_indicator_value')
62 ) {
63 $this->getLogger()->warning('Apache auth indicator match failure.');
64 $this->handleAuthenticationFail($status, 'apache_auth_err_indicator_match_failure');
65 return false;
66 }
67
68 if (
69 !in_array(
70 $_SERVER[$this->getSettings()->get('apache_auth_indicator_name')],
71 array_filter(array_map('trim', str_getcsv($this->getSettings()->get('apache_auth_indicator_value'))))
72 )
73 ) {
74 $this->getLogger()->warning('Apache authentication failed (indicator name <-> value');
75 $this->handleAuthenticationFail($status, 'err_wrong_login');
76 return false;
77 }
78
79 include_once './Services/Utilities/classes/class.ilUtil.php';
80 if (!ilUtil::isLogin($this->getCredentials()->getUsername())) {
81 $this->getLogger()->warning('Invalid login name given: ' . $this->getCredentials()->getUsername());
82 $this->handleAuthenticationFail($status, 'apache_auth_err_invalid_login');
83 return false;
84 }
85
86 if (!strlen($this->getCredentials()->getUsername())) {
87 $this->getLogger()->info('No username given');
88 $this->handleAuthenticationFail($status, 'err_wrong_login');
89 return false;
90 }
91
92 // Apache with ldap as data source
93 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
94 if ($this->getSettings()->get('apache_enable_ldap')) {
95 return $this->handleLDAPDataSource($status);
96 }
97
98 $login = ilObjUser::_checkExternalAuthAccount('apache', $this->getCredentials()->getUsername());
99 $usr_id = ilObjUser::_lookupId($login);
100 if (!$usr_id) {
101 $this->getLogger()->info('Cannot find user id for external account: ' . $this->getCredentials()->getUsername());
102 $this->handleAuthenticationFail($status, 'err_wrong_login');
103 return false;
104 }
105
106 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
107 $status->setAuthenticatedUserId($usr_id);
108 return true;
109 }
110
117 public function migrateAccount(\ilAuthStatus $status)
118 {
119 $this->force_new_account = true;
120 if ($this->getSettings()->get('apache_enable_ldap')) {
121 return $this->handleLDAPDataSource($status);
122 }
123 }
124
129 public function createNewAccount(\ilAuthStatus $status)
130 {
131 $this->force_new_account = true;
132 if ($this->getSettings()->get('apache_enable_ldap')) {
133 return $this->handleLDAPDataSource($status);
134 }
135 }
136
141 public function getExternalAccountName()
142 {
143 return $this->migration_account;
144 }
145
150 public function setExternalAccountName($a_name)
151 {
152 $this->migration_account = $a_name;
153 }
154
158 public function getTriggerAuthMode()
159 {
160 return AUTH_APACHE;
161 }
162
166 public function getUserAuthModeName()
167 {
168 if ($this->getSettings()->get('apache_ldap_sid')) {
169 return 'ldap_' . (string) $this->getSettings()->get('apache_ldap_sid');
170 }
171 return 'apache';
172 }
173
179 protected function handleLDAPDataSource(ilAuthStatus $status)
180 {
181 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
182 $server = ilLDAPServer::getInstanceByServerId(
183 $this->getSettings()->get('apache_ldap_sid')
184 );
185
186 $this->getLogger()->debug('Using ldap data source with server configuration: ' . $server->getName());
187
188 include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
189 $sync = new ilLDAPUserSynchronisation('ldap_' . $server->getServerId(), $server->getServerId());
190 $sync->setExternalAccount($this->getCredentials()->getUsername());
191 $sync->setUserData(array());
192 $sync->forceCreation($this->force_new_account);
193 $sync->forceReadLdapData(true);
194
195 try {
196 $internal_account = $sync->sync();
197 $this->getLogger()->debug('Internal account: ' . $internal_account);
198 } catch (UnexpectedValueException $e) {
199 $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
200 $this->handleAuthenticationFail($status, 'err_wrong_login');
201 return false;
202 } catch (ilLDAPSynchronisationForbiddenException $e) {
203 // No syncronisation allowed => create Error
204 $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
205 $this->handleAuthenticationFail($status, 'err_auth_ldap_no_ilias_user');
206 return false;
207 } catch (ilLDAPAccountMigrationRequiredException $e) {
208 // Account migration required
209 $this->setExternalAccountName($this->getCredentials()->getUsername());
210 $this->getLogger()->info('Authentication failed: account migration required for external account: ' . $this->getCredentials()->getUsername());
211 $status->setStatus(ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED);
212 return false;
213 }
214 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
215 $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
216 return true;
217 }
218}
php
An exception for terminatinating execution or to throw for unit testing.
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:19
ilAuthProviderApache\getTriggerAuthMode
getTriggerAuthMode()
Get auth mode of current authentication type.
Definition: class.ilAuthProviderApache.php:158
ilAuthProviderApache\getExternalAccountName
getExternalAccountName()
Get external account name.
Definition: class.ilAuthProviderApache.php:141
ilAuthProviderApache\createNewAccount
createNewAccount(\ilAuthStatus $status)
Create new account for account migration.
Definition: class.ilAuthProviderApache.php:129
ilAuthProviderApache\handleLDAPDataSource
handleLDAPDataSource(ilAuthStatus $status)
Handle ldap as data source.
Definition: class.ilAuthProviderApache.php:179
ilAuthProviderApache\__construct
__construct(\ilAuthCredentials $credentials)
Constructor.
Definition: class.ilAuthProviderApache.php:30
ilAuthProviderApache\doAuthentication
doAuthentication(\ilAuthStatus $status)
Definition: class.ilAuthProviderApache.php:51
ilAuthProviderApache\getUserAuthModeName
getUserAuthModeName()
Get user auth mode name.
Definition: class.ilAuthProviderApache.php:166
ilAuthProviderApache\migrateAccount
migrateAccount(\ilAuthStatus $status)
Migrate existing account Maybe ldap sync has to be performed here.
Definition: class.ilAuthProviderApache.php:117
ilAuthProviderApache\setExternalAccountName
setExternalAccountName($a_name)
Set external account name.
Definition: class.ilAuthProviderApache.php:150
ilAuthProvider
Base class for authentication providers (radius, ldap, apache, ...)
Definition: class.ilAuthProvider.php:12
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:12
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:20
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:13
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:15
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3692
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:784
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:33
ilUtil\isLogin
static isLogin($a_login)
Definition: class.ilUtil.php:1317
$server
$server
Definition: getUserInfo.php:12
ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:12
ilAuthProviderInterface
Standard interface for auth provider implementations.
Definition: interface.ilAuthProviderInterface.php:12
$sync
$sync
Definition: memcacheSync.php:62
settings
settings()
Definition: settings.php:2
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54