/**
* Constructor
*
* @access public
* @param array array of pear parameters
*
*/
public function __construct()
{
global $ilLog;
include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
$this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
$this->log = $ilLog;
parent::__construct($this->server->toPearAuthArray());
}
/**
* Get default global role
* @return
*/
public static function getDefaultRole()
{
if (self::$default_role) {
return self::$default_role;
}
include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
include_once './Services/LDAP/classes/class.ilLDAPServer.php';
return self::$default_role = ilLDAPAttributeMapping::_lookupGlobalRole(ilLDAPServer::_getFirstActiveServer());
}
/**
* Init login form
*/
protected function initLoginForm()
{
global $rbacsystem, $lng, $ilSetting;
include_once "./Services/Form/classes/class.ilPropertyFormGUI.php";
$this->form = new ilPropertyFormGUI();
$this->form->setFormAction($this->ctrl->getFormAction($this, 'saveLoginInfo'));
$this->form->setTableWidth('80%');
$this->form->setTitle($this->lng->txt('login_information'));
$this->form->addCommandButton('saveLoginInfo', $this->lng->txt('save'));
include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
include_once 'Services/Radius/classes/class.ilRadiusSettings.php';
$rad_settings = ilRadiusSettings::_getInstance();
if ($ldap_id = ilLDAPServer::_getFirstActiveServer() or $rad_settings->isActive()) {
$select = new ilSelectInputGUI($this->lng->txt('default_auth_mode'), 'default_auth_mode');
$select->setValue($ilSetting->get('default_auth_mode', AUTH_LOCAL));
$select->setInfo($this->lng->txt('default_auth_mode_info'));
$options[AUTH_LOCAL] = $this->lng->txt('auth_local');
if ($ldap_id) {
$options[AUTH_LDAP] = $this->lng->txt('auth_ldap');
}
if ($rad_settings->isActive()) {
$options[AUTH_RADIUS] = $this->lng->txt('auth_radius');
}
$select->setOptions($options);
$this->form->addItem($select);
}
if (!is_object($this->loginSettings)) {
$this->loginSettings = new ilSetting("login_settings");
}
$login_settings = $this->loginSettings->getAll();
$languages = $lng->getInstalledLanguages();
$def_language = $lng->getDefaultLanguage();
foreach ($this->setDefLangFirst($def_language, $languages) as $lang_key) {
$add = "";
if ($lang_key == $def_language) {
$add = " (" . $lng->txt("default") . ")";
}
$textarea = new ilTextAreaInputGUI($lng->txt("meta_l_" . $lang_key) . $add, 'login_message_' . $lang_key);
$textarea->setRows(10);
$textarea->setValue($login_settings["login_message_" . $lang_key]);
$textarea->setUseRte(true);
$textarea->setRteTagSet("extended");
$this->form->addItem($textarea);
unset($login_settings["login_message_" . $lang_key]);
}
foreach ($login_settings as $key => $message) {
$lang_key = substr($key, strrpos($key, "_") + 1, strlen($key) - strrpos($key, "_"));
$textarea = new ilTextAreaInputGUI($lng->txt("meta_l_" . $lang_key) . $add, 'login_message_' . $lang_key);
$textarea->setRows(10);
$textarea->setValue($message);
$textarea->setUseRte(true);
$textarea->setRteTagSet("extended");
if (!in_array($lang_key, $languages)) {
$textarea->setAlert($lng->txt("not_installed"));
}
$this->form->addItem($textarea);
}
}
function fetchData($a_username, $password, $isChallengeResponse = false)
{
//var_dump(func_get_args());
//var_dump($_SERVER);
global $lng;
$settings = new ilSetting('apache_auth');
if (!$settings->get('apache_enable_auth')) {
return false;
}
if (!$settings->get('apache_auth_indicator_name') || !$settings->get('apache_auth_indicator_value')) {
return false;
}
if (!ilUtil::isLogin($a_username)) {
return false;
}
if ($a_username == 'anonymous' && $password == 'anonymous') {
global $ilDB;
$query = 'SELECT * FROM usr_data WHERE login = %s';
$qres = $ilDB->queryF($query, array('text'), array($a_username));
$userRow = $ilDB->fetchAssoc($qres);
if (is_array($userRow) && $userRow['usr_id']) {
// user as a local account...
// fetch logindata
$this->activeUser = $userRow['login'];
foreach ($userRow as $key => $value) {
if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
continue;
}
// Use reference to the auth object if exists
// This is because the auth session variable can change so a static call to setAuthData does not make sense
$this->_auth_obj->setAuthData($key, $value);
}
//var_dump($userRow);
$this->_auth_obj->setAuth($userRow['login']);
return true;
}
return false;
}
if (!$_SESSION['login_invalid'] && $_SERVER[$settings->get('apache_auth_indicator_name')] == $settings->get('apache_auth_indicator_value')) {
// we have a valid apache auth
global $ilDB;
if ($settings->get('apache_enable_local')) {
$query = 'SELECT * FROM usr_data WHERE login = %s OR (auth_mode = %s AND ext_account = %s)';
$qres = $ilDB->queryF($query, array('text', 'text', 'text'), array($a_username, 'apache', $a_username));
$userRow = $ilDB->fetchAssoc($qres);
if (is_array($userRow) && $userRow['usr_id']) {
// user as a local account...
// fetch logindata
$this->activeUser = $userRow['login'];
foreach ($userRow as $key => $value) {
if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
continue;
}
// Use reference to the auth object if exists
// This is because the auth session variable can change so a static call to setAuthData does not make sense
$this->_auth_obj->setAuthData($key, $value);
}
//var_dump($userRow);
$this->_auth_obj->setAuth($userRow['login']);
return true;
}
}
// if no local user has been found AND ldap lookup is enabled
if ($settings->get('apache_enable_ldap')) {
include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
$this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
$this->server->doConnectionCheck();
$config = $this->server->toPearAuthArray();
$query = new ilLDAPQuery($this->server);
$ldapUser = $query->fetchUser($a_username);
if ($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config['userattr']] == $a_username) {
$ldapUser[$a_username]['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username);
$user_data = $ldapUser[$a_username];
//array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
if ($this->server->enabledSyncOnLogin()) {
if (!$user_data['ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation) {
$this->_auth_obj->logout();
$_SESSION['tmp_auth_mode'] = 'apache';
$_SESSION['tmp_external_account'] = $a_username;
$_SESSION['tmp_pass'] = $_POST['password'];
include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
$roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($a_username, $user_data);
$_SESSION['tmp_roles'] = array();
foreach ($roles as $info) {
if ($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN) {
$_SESSION['tmp_roles'][] = $info['id'];
}
}
ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
exit;
}
if ($this->updateRequired($a_username)) {
$this->initLDAPAttributeToUser();
$this->ldap_attr_to_user->setUserData($ldapUser);
$this->ldap_attr_to_user->refresh();
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username);
} else {
// User exists and no update required
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username);
}
}
if ($user_data['ilInternalAccount']) {
$this->_auth_obj->setAuth($user_data['ilInternalAccount']);
return true;
}
}
}
if ($settings->get('apache_enable_local') && $settings->get('apache_local_autocreate')) {
// no local user, no ldap match or ldap not activated
// if (!self::$force_creation)
// {
// $_SESSION['tmp_auth_mode'] = 'apache';
// $_SESSION['tmp_external_account'] = $a_username;
// $_SESSION['tmp_pass'] = $_POST['password'];
//ilUtil::redirect('https://lernwelt.janposselt.de/ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
// }
// else
// {
global $ilIliasIniFile;
if ($_GET['r']) {
$_SESSION['profile_complete_redirect'] = $_GET['r'];
}
$user = new ilObjUser();
$user->setLogin($a_username);
$user->setExternalAccount($a_username);
$user->setProfileIncomplete(true);
$user->create();
$user->setAuthMode('apache');
// set a timestamp for last_password_change
// this ts is needed by ilSecuritySettings
$user->setLastPasswordChangeTS(time());
$user->setTimeLimitUnlimited(1);
$user->setActive(1);
//insert user data in table user_data
$user->saveAsNew();
$user->writePrefs();
global $rbacadmin;
$rbacadmin->assignUser($settings->get('apache_default_role', 4), $user->getId(), true);
return true;
// }
}
} else {
if (defined('IL_CERT_SSO') && IL_CERT_SSO) {
define('APACHE_ERRORCODE', AUTH_APACHE_FAILED);
}
}
return false;
}
/**
* @param $a_username
* @param $password
* @param bool $isChallengeResponse
* @return bool|void
* @throws ilLDAPQueryException
*/
function fetchData($a_username, $password, $isChallengeResponse = false)
{
/**
* @var $ilDB ilDB
* @var $ilSetting ilSetting
* @var $rbacadmin ilRbacAdmin
*/
global $ilDB, $ilSetting, $rbacadmin;
$settings = new ilSetting('apache_auth');
if (!$settings->get('apache_enable_auth')) {
return false;
}
if (!$settings->get('apache_auth_indicator_name') || !$settings->get('apache_auth_indicator_value')) {
return false;
}
if (!ilUtil::isLogin($a_username)) {
return false;
}
if ($a_username == 'anonymous' && $password == 'anonymous') {
$query = 'SELECT * FROM usr_data WHERE login = %s';
$qres = $ilDB->queryF($query, array('text'), array($a_username));
$userRow = $ilDB->fetchAssoc($qres);
if (is_array($userRow) && $userRow['usr_id']) {
// user as a local account...
// fetch logindata
$this->activeUser = $userRow['login'];
foreach ($userRow as $key => $value) {
if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
continue;
}
// Use reference to the auth object if exists
// This is because the auth session variable can change so a static call to setAuthData does not make sense
$this->_auth_obj->setAuthData($key, $value);
}
$this->_auth_obj->setAuth($userRow['login']);
return true;
}
return false;
}
if (!$_SESSION['login_invalid'] && in_array($_SERVER[$settings->get('apache_auth_indicator_name')], array_filter(array_map('trim', str_getcsv($settings->get('apache_auth_indicator_value')))))) {
// we have a valid apache auth
$list = array($ilSetting->get('auth_mode'));
// Respect the auth method sequence
include_once './Services/Authentication/classes/class.ilAuthModeDetermination.php';
$det = ilAuthModeDetermination::_getInstance();
if (!$det->isManualSelection() && $det->getCountActiveAuthModes() > 1) {
$list = array();
foreach (ilAuthModeDetermination::_getInstance()->getAuthModeSequence() as $auth_mode) {
$list[] = $auth_mode;
}
}
foreach ($list as $auth_mode) {
if (AUTH_LDAP == $auth_mode) {
// if no local user has been found AND ldap lookup is enabled
if ($settings->get('apache_enable_ldap')) {
include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
$this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
$this->server->doConnectionCheck();
$config = $this->server->toPearAuthArray();
$query = new ilLDAPQuery($this->server);
$query->bind();
$ldapUser = $query->fetchUser($a_username);
if ($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config['userattr']] == $a_username) {
$ldapUser[$a_username]['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
$user_data = $ldapUser[$a_username];
//array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
if ($this->server->enabledSyncOnLogin()) {
if (!$user_data['ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation) {
$this->_auth_obj->logout();
$_SESSION['tmp_auth_mode'] = 'ldap';
$_SESSION['tmp_external_account'] = $a_username;
$_SESSION['tmp_pass'] = $_POST['password'];
include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
$roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($a_username, $user_data);
$_SESSION['tmp_roles'] = array();
foreach ($roles as $info) {
if ($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN) {
$_SESSION['tmp_roles'][] = $info['id'];
}
}
ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
}
if ($this->updateRequired($a_username)) {
$this->initLDAPAttributeToUser();
$this->ldap_attr_to_user->setUserData($ldapUser);
$this->ldap_attr_to_user->refresh();
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
} else {
// User exists and no update required
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
}
}
if ($user_data['ilInternalAccount']) {
$this->_auth_obj->setAuth($user_data['ilInternalAccount']);
$this->_auth_obj->username = $user_data['ilInternalAccount'];
return true;
}
}
}
} else {
if (AUTH_APACHE != $auth_mode && $settings->get('apache_enable_local')) {
$condition = '';
if ($ilSetting->get("auth_mode") && $ilSetting->get("auth_mode") == 'ldap') {
$condition = " AND auth_mode != " . $ilDB->quote('default', 'text') . " ";
}
$query = "SELECT * FROM usr_data WHERE login = %s AND auth_mode != %s {$condition}";
$qres = $ilDB->queryF($query, array('text', 'text'), array($a_username, 'ldap'));
$userRow = $ilDB->fetchAssoc($qres);
if (is_array($userRow) && $userRow['usr_id']) {
// user as a local account...
// fetch logindata
$this->activeUser = $userRow['login'];
foreach ($userRow as $key => $value) {
if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
continue;
}
// Use reference to the auth object if exists
// This is because the auth session variable can change so a static call to setAuthData does not make sense
$this->_auth_obj->setAuthData($key, $value);
}
$this->_auth_obj->setAuth($userRow['login']);
return true;
}
}
}
}
if ($settings->get('apache_enable_local') && $settings->get('apache_local_autocreate')) {
if ($_GET['r']) {
$_SESSION['profile_complete_redirect'] = $_GET['r'];
}
$user = new ilObjUser();
$user->setLogin($a_username);
$user->setExternalAccount($a_username);
$user->setProfileIncomplete(true);
$user->create();
$user->setAuthMode('apache');
// set a timestamp for last_password_change
// this ts is needed by ilSecuritySettings
$user->setLastPasswordChangeTS(time());
$user->setTimeLimitUnlimited(1);
$user->setActive(1);
//insert user data in table user_data
$user->saveAsNew();
$user->writePrefs();
$rbacadmin->assignUser($settings->get('apache_default_role', 4), $user->getId(), true);
return true;
}
} else {
if (defined('IL_CERT_SSO') && IL_CERT_SSO) {
define('APACHE_ERRORCODE', AUTH_APACHE_FAILED);
}
}
return false;
}
/**
* Create user account
* @param type $a_person_id
*/
private function createMember($a_person_id)
{
try {
include_once './Services/LDAP/classes/class.ilLDAPServer.php';
$server = ilLDAPServer::getInstanceByServerId(ilLDAPServer::_getFirstActiveServer());
$server->doConnectionCheck();
include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
$query = new ilLDAPQuery($server);
$query->bind(IL_LDAP_BIND_DEFAULT);
$users = $query->fetchUser($a_person_id);
if ($users) {
include_once './Services/LDAP/classes/class.ilLDAPAttributeToUser.php';
$xml = new ilLDAPAttributeToUser($server);
$xml->setNewUserAuthMode($server->getAuthenticationMappingKey());
$xml->setUserData($users);
$xml->refresh();
}
} catch (ilLDAPQueryException $exc) {
$this->log->write($exc->getMessage());
}
}
/**
* Read settings
*
* @access private
* @param
*
*/
private function read()
{
global $ilSetting;
$this->kind = $this->settings->get('kind', self::TYPE_MANUAL);
include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
$ldap_active = ilLDAPServer::_getFirstActiveServer();
include_once 'Services/Radius/classes/class.ilRadiusSettings.php';
$rad_settings = ilRadiusSettings::_getInstance();
$rad_active = $rad_settings->isActive();
$soap_active = $ilSetting->get('soap_auth_active', false);
// apache settings
$apache_settings = new ilSetting('apache_auth');
$apache_active = $apache_settings->get('apache_enable_auth');
// Check if active
for ($i = 0; $i < 5; $i++) {
if ($auth_mode = $this->settings->get((string) $i, 0)) {
switch ($auth_mode) {
case AUTH_LOCAL:
$this->position[] = $auth_mode;
break;
case AUTH_LDAP:
if ($ldap_active) {
$this->position[] = $auth_mode;
}
break;
case AUTH_RADIUS:
if ($rad_active) {
$this->position[] = $auth_mode;
}
break;
case AUTH_SOAP:
if ($soap_active) {
$this->position[] = $auth_mode;
}
break;
case AUTH_APACHE:
if ($apache_active) {
$this->position[] = $auth_mode;
}
break;
}
}
}
// Append missing active auth modes
if (!in_array(AUTH_LOCAL, $this->position)) {
$this->position[] = AUTH_LOCAL;
}
if ($ldap_active) {
if (!in_array(AUTH_LDAP, $this->position)) {
$this->position[] = AUTH_LDAP;
}
}
if ($rad_active) {
if (!in_array(AUTH_RADIUS, $this->position)) {
$this->position[] = AUTH_RADIUS;
}
}
if ($soap_active) {
if (!in_array(AUTH_SOAP, $this->position)) {
$this->position[] = AUTH_SOAP;
}
}
if ($apache_active) {
if (!in_array(AUTH_APACHE, $this->position)) {
$this->position[] = AUTH_APACHE;
}
}
}
public static function _getMultipleAuthModeOptions($lng)
{
global $ilSetting;
// in the moment only ldap is activated as additional authentication method
include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
$options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
// LDAP
if ($ldap_id = ilLDAPServer::_getFirstActiveServer()) {
$ldap_server = new ilLDAPServer($ldap_id);
$options[AUTH_LDAP]['txt'] = $ldap_server->getName();
}
include_once 'Services/Radius/classes/class.ilRadiusSettings.php';
$rad_settings = ilRadiusSettings::_getInstance();
if ($rad_settings->isActive()) {
$options[AUTH_RADIUS]['txt'] = $rad_settings->getName();
}
if ($ilSetting->get('apache_active')) {
global $lng;
$apache_settings = new ilSetting('apache_auth');
$options[AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
$options[AUTH_APACHE]['hide_in_ui'] = true;
}
if ($ilSetting->get('auth_mode', AUTH_LOCAL) == AUTH_LDAP) {
$default = AUTH_LDAP;
} elseif ($ilSetting->get('auth_mode', AUTH_LOCAL) == AUTH_RADIUS) {
$default = AUTH_RADIUS;
} else {
$default = AUTH_LOCAL;
}
$default = $ilSetting->get('default_auth_mode', $default);
$default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default;
// begin-patch auth_plugin
$pls = ilAuthUtils::getAuthPlugins();
foreach ($pls as $pl) {
$auths = $pl->getAuthIds();
foreach ($auths as $auth_id) {
$pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
if ($pl_auth_option) {
$options = $options + $pl_auth_option;
}
}
}
// end-patch auth_plugins
$options[$default]['checked'] = true;
return $options ? $options : array();
}
/**
* Check if user is member of specific group
*
* @access private
* @param array user data
* @param array user_data
*
*/
private function isGroupMember($a_user_data)
{
global $ilLog;
if ($this->isMemberAttributeDN()) {
$user_cmp = $a_user_data['dn'];
} else {
$user_cmp = $a_user_data['ilExternalAccount'];
}
include_once 'Services/LDAP/classes/class.ilLDAPQuery.php';
include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
$server = ilLDAPServer::getInstanceByServerId(ilLDAPServer::_getFirstActiveServer());
try {
$query = new ilLDAPQuery($server);
$query->bind();
$res = $query->query($this->getDN(), sprintf('(%s=%s)', $this->getMemberAttribute(), $user_cmp), IL_LDAP_SCOPE_BASE, array('dn'));
return $res->numRows() ? true : false;
} catch (ilLDAPQueryException $e) {
$ilLog->write(__METHOD__ . ': Caught Exception: ' . $e->getMessage());
return false;
}
}
