ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilAuthProviderApache.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once './Services/Authentication/classes/Provider/class.ilAuthProvider.php';
5 include_once './Services/Authentication/interfaces/interface.ilAuthProviderInterface.php';
6 include_once './Services/Authentication/interfaces/interface.ilAuthProviderAccountMigrationInterface.php';
7 
14 class ilAuthProviderApache extends ilAuthProvider implements ilAuthProviderInterface, ilAuthProviderAccountMigrationInterface
15 {
16  const APACHE_AUTH_TYPE_DIRECT_MAPPING = 1;
17  const APACHE_AUTH_TYPE_EXTENDED_MAPPING = 2;
18  const APACHE_AUTH_TYPE_BY_FUNCTION = 3;
19 
20  private $settings = null;
21 
22  private $migration_account = '';
23  private $force_new_account = false;
24 
25 
30  public function __construct(\ilAuthCredentials $credentials)
31  {
32  parent::__construct($credentials);
33 
34  include_once './Services/Administration/classes/class.ilSetting.php';
35  $this->settings = new ilSetting('apache_auth');
36  }
37 
42  protected function getSettings()
43  {
44  return $this->settings;
45  }
46 
51  public function doAuthentication(\ilAuthStatus $status)
52  {
53  if (!$this->getSettings()->get('apache_enable_auth')) {
54  $this->getLogger()->info('Apache auth disabled.');
55  $this->handleAuthenticationFail($status, 'apache_auth_err_disabled');
56  return false;
57  }
58 
59  if (
60  !$this->getSettings()->get('apache_auth_indicator_name') ||
61  !$this->getSettings()->get('apache_auth_indicator_value')
62  ) {
63  $this->getLogger()->warning('Apache auth indicator match failure.');
64  $this->handleAuthenticationFail($status, 'apache_auth_err_indicator_match_failure');
65  return false;
66  }
67 
68  if (
69  !in_array(
70  $_SERVER[$this->getSettings()->get('apache_auth_indicator_name')],
71  array_filter(array_map('trim', str_getcsv($this->getSettings()->get('apache_auth_indicator_value'))))
72  )
73  ) {
74  $this->getLogger()->warning('Apache authentication failed (indicator name <-> value');
75  $this->handleAuthenticationFail($status, 'err_wrong_login');
76  return false;
77  }
78 
79  include_once './Services/Utilities/classes/class.ilUtil.php';
80  if (!ilUtil::isLogin($this->getCredentials()->getUsername())) {
81  $this->getLogger()->warning('Invalid login name given: ' . $this->getCredentials()->getUsername());
82  $this->handleAuthenticationFail($status, 'apache_auth_err_invalid_login');
83  return false;
84  }
85 
86  if (!strlen($this->getCredentials()->getUsername())) {
87  $this->getLogger()->info('No username given');
88  $this->handleAuthenticationFail($status, 'err_wrong_login');
89  return false;
90  }
91 
92  // Apache with ldap as data source
93  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
94  if ($this->getSettings()->get('apache_enable_ldap')) {
95  return $this->handleLDAPDataSource($status);
96  }
97 
98  $login = ilObjUser::_checkExternalAuthAccount('apache', $this->getCredentials()->getUsername());
99  $usr_id = ilObjUser::_lookupId($login);
100  if (!$usr_id) {
101  $this->getLogger()->info('Cannot find user id for external account: ' . $this->getCredentials()->getUsername());
102  $this->handleAuthenticationFail($status, 'err_wrong_login');
103  return false;
104  }
105 
106  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
107  $status->setAuthenticatedUserId($usr_id);
108  return true;
109  }
110 
117  public function migrateAccount(\ilAuthStatus $status)
118  {
119  $this->force_new_account = true;
120  if ($this->getSettings()->get('apache_enable_ldap')) {
121  return $this->handleLDAPDataSource($status);
122  }
123  }
124 
129  public function createNewAccount(\ilAuthStatus $status)
130  {
131  $this->force_new_account = true;
132  if ($this->getSettings()->get('apache_enable_ldap')) {
133  return $this->handleLDAPDataSource($status);
134  }
135  }
136 
141  public function getExternalAccountName()
142  {
143  return $this->migration_account;
144  }
145 
150  public function setExternalAccountName($a_name)
151  {
152  $this->migration_account = $a_name;
153  }
154 
158  public function getTriggerAuthMode()
159  {
160  return AUTH_APACHE;
161  }
162 
166  public function getUserAuthModeName()
167  {
168  if ($this->getSettings()->get('apache_ldap_sid')) {
169  return 'ldap_' . (string) $this->getSettings()->get('apache_ldap_sid');
170  }
171  return 'apache';
172  }
173 
179  protected function handleLDAPDataSource(ilAuthStatus $status)
180  {
181  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
182  $server = ilLDAPServer::getInstanceByServerId(
183  $this->getSettings()->get('apache_ldap_sid')
184  );
185 
186  $this->getLogger()->debug('Using ldap data source with server configuration: ' . $server->getName());
187 
188  include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
189  $sync = new ilLDAPUserSynchronisation('ldap_' . $server->getServerId(), $server->getServerId());
190  $sync->setExternalAccount($this->getCredentials()->getUsername());
191  $sync->setUserData(array());
192  $sync->forceCreation($this->force_new_account);
193  $sync->forceReadLdapData(true);
194 
195  try {
196  $internal_account = $sync->sync();
197  $this->getLogger()->debug('Internal account: ' . $internal_account);
198  } catch (UnexpectedValueException $e) {
199  $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
200  $this->handleAuthenticationFail($status, 'err_wrong_login');
201  return false;
202  } catch (ilLDAPSynchronisationForbiddenException $e) {
203  // No syncronisation allowed => create Error
204  $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
205  $this->handleAuthenticationFail($status, 'err_auth_ldap_no_ilias_user');
206  return false;
207  } catch (ilLDAPAccountMigrationRequiredException $e) {
208  // Account migration required
209  $this->setExternalAccountName($this->getCredentials()->getUsername());
210  $this->getLogger()->info('Authentication failed: account migration required for external account: ' . $this->getCredentials()->getUsername());
211  $status->setStatus(ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED);
212  return false;
213  }
214  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
215  $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
216  return true;
217  }
218 }
settings
settings()
Definition: settings.php:2
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:11
ilAuthProviderApache\__construct
__construct(\ilAuthCredentials $credentials)
Constructor.
Definition: class.ilAuthProviderApache.php:30
ilAuthProviderApache\handleLDAPDataSource
handleLDAPDataSource(ilAuthStatus $status)
Handle ldap as data source.
Definition: class.ilAuthProviderApache.php:179
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:827
ilAuthProviderApache\migrateAccount
migrateAccount(\ilAuthStatus $status)
Migrate existing account Maybe ldap sync has to be performed here.
Definition: class.ilAuthProviderApache.php:117
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:19
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12
$server
$server
Definition: sabredav.php:48
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:62
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId($a_id)
Definition: class.ilAuthStatus.php:116
ilAuthProviderApache\createNewAccount
createNewAccount(\ilAuthStatus $status)
Create new account for account migration.
Definition: class.ilAuthProviderApache.php:129
ilAuthProvider
Base class for authentication providers (radius, ldap, apache, ...)
Definition: class.ilAuthProvider.php:11
ilAuthProviderInterface
Standard interface for auth provider implementations.
Definition: interface.ilAuthProviderInterface.php:11
ilAuthStatus\setStatus
setStatus($a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63
ilAuthProviderApache\getTriggerAuthMode
getTriggerAuthMode()
Get auth mode of current authentication type.
Definition: class.ilAuthProviderApache.php:158
$sync
$sync
Definition: memcacheSync.php:62
ilAuthProviderApache\getExternalAccountName
getExternalAccountName()
Get external account name.
Definition: class.ilAuthProviderApache.php:141
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3909
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
ilAuthProviderApache\getUserAuthModeName
getUserAuthModeName()
Get user auth mode name.
Definition: class.ilAuthProviderApache.php:166
ilUtil\isLogin
static isLogin($a_login)
Definition: class.ilUtil.php:1304
ilAuthProviderApache\doAuthentication
doAuthentication(\ilAuthStatus $status)
Definition: class.ilAuthProviderApache.php:51
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
$login
$login
Definition: cron.php:13
ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:11
ilAuthProviderApache\setExternalAccountName
setExternalAccountName($a_name)
Set external account name.
Definition: class.ilAuthProviderApache.php:150
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:20