/**
  * @param array $a_data
  *
  * @return bool
  */
 public function doesMatch(array $a_data)
 {
     if ($this->isPluginActive()) {
         return ilShibbolethRoleAssignmentRules::callPlugin($this->getPluginId(), $a_data);
     }
     if (!isset($a_data[$this->getName()])) {
         return false;
     }
     $values = $a_data[$this->getName()];
     if (is_array($values)) {
         return in_array($this->getValue(), $values);
     } else {
         $pattern = str_replace('*', '.*?', $this->getValue());
         return (bool) preg_match('/^' . $pattern . '$/us', $values);
     }
 }
Ejemplo n.º 2
0
 /**
  * Login function
  *
  * @access private
  * @return void
  */
 public function login()
 {
     $shibServerData = shibServerData::getInstance($_SERVER);
     if ($shibServerData->getLogin()) {
         $shibUser = shibUser::getInstance($shibServerData);
         if ($shibUser->isNew()) {
             $shibUser->createFields();
             $shibUser = ilShibbolethPluginWrapper::getInstance()->beforeCreateUser($shibUser);
             $shibUser->create();
             $shibUser->updateOwner();
             $shibUser->saveAsNew();
             $shibUser = ilShibbolethPluginWrapper::getInstance()->afterCreateUser($shibUser);
             ilShibbolethRoleAssignmentRules::doAssignments($shibUser->getId(), $_SERVER);
         } else {
             $shibUser->updateFields();
             $shibUser->update();
             $shibUser = ilShibbolethPluginWrapper::getInstance()->beforeUpdateUser($shibUser);
             $shibUser->update();
             $shibUser = ilShibbolethPluginWrapper::getInstance()->afterUpdateUser($shibUser);
             ilShibbolethRoleAssignmentRules::updateAssignments($shibUser->getId(), $_SERVER);
         }
         $this->setAuth($shibUser->getLogin(), $shibUser);
         ilObjUser::_updateLastLogin($shibUser->getId());
         if ($_GET['target'] != '') {
             ilUtil::redirect('goto.php?target=' . $_GET['target'] . '&client_id=' . CLIENT_ID);
         }
     } else {
         $this->status = AUTH_WRONG_LOGIN;
     }
 }
 /**
  * @param $a_plugin_id
  * @param $a_user_data
  *
  * @return bool
  */
 public static function callPlugin($a_plugin_id, $a_user_data)
 {
     global $ilPluginAdmin;
     if (self::$active_plugins == NULL) {
         self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk');
     }
     $assigned = false;
     foreach (self::$active_plugins as $plugin_name) {
         $ok = false;
         $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk', $plugin_name);
         if ($plugin_obj instanceof ilShibbolethRoleAssignmentPlugin) {
             $ok = $plugin_obj->checkRoleAssignment($a_plugin_id, $a_user_data);
         }
         if ($ok) {
             $assigned = true;
         }
     }
     return $assigned;
 }
Ejemplo n.º 4
0
 /**
  * Login function
  *
  * @access private
  * @return void
  */
 function login()
 {
     global $ilias, $rbacadmin, $ilSetting;
     if (!empty($_SERVER[$ilias->getSetting('shib_login')])) {
         // Store user's Shibboleth sessionID for logout
         $this->session['shibboleth_session_id'] = $_SERVER['Shib-Session-ID'];
         // Get loginname of user, new login name is generated if user is new
         $username = $this->generateLogin();
         // Authorize this user
         $this->setAuth($username);
         $userObj = new ilObjUser();
         // Check wether this account exists already, if not create it
         if (!ilObjUser::getUserIdByLogin($username)) {
             $newUser["firstname"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]);
             $newUser["lastname"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]);
             $newUser["login"] = $username;
             // Password must be random to prevent users from manually log in using the login data from Shibboleth users
             $newUser["passwd"] = md5(end(ilUtil::generatePasswords(1)));
             $newUser["passwd_type"] = IL_PASSWD_MD5;
             if ($ilias->getSetting('shib_update_gender') && ($_SERVER[$ilias->getSetting('shib_gender')] == 'm' || $_SERVER[$ilias->getSetting('shib_gender')] == 'f')) {
                 $newUser["gender"] = $_SERVER[$ilias->getSetting('shib_gender')];
             }
             // Save mapping between ILIAS user and Shibboleth uniqueID
             $newUser["ext_account"] = $_SERVER[$ilias->getSetting('shib_login')];
             // other data
             $newUser["title"] = $_SERVER[$ilias->getSetting('shib_title')];
             $newUser["institution"] = $_SERVER[$ilias->getSetting('shib_institution')];
             $newUser["department"] = $_SERVER[$ilias->getSetting('shib_department')];
             $newUser["street"] = $_SERVER[$ilias->getSetting('shib_street')];
             $newUser["city"] = $_SERVER[$ilias->getSetting('shib_city')];
             $newUser["zipcode"] = $_SERVER[$ilias->getSetting('shib_zipcode')];
             $newUser["country"] = $_SERVER[$ilias->getSetting('shib_country')];
             $newUser["phone_office"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_office')]);
             $newUser["phone_home"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_home')]);
             $newUser["phone_mobile"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_mobile')]);
             $newUser["fax"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_fax')]);
             $newUser["matriculation"] = $_SERVER[$ilias->getSetting('shib_matriculation')];
             $newUser["email"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_email')]);
             $newUser["hobby"] = $_SERVER[$ilias->getSetting('shib_hobby')];
             $newUser["auth_mode"] = "shibboleth";
             // system data
             $userObj->assignData($newUser);
             $userObj->setTitle($userObj->getFullname());
             $userObj->setDescription($userObj->getEmail());
             $userObj->setLanguage($this->getFirstString($_SERVER[$ilias->getSetting('shib_language')]));
             // Time limit
             $userObj->setTimeLimitOwner(7);
             $userObj->setTimeLimitUnlimited(1);
             $userObj->setTimeLimitFrom(time());
             $userObj->setTimeLimitUntil(time());
             // Modify user data before creating the user
             // Include custom code that can be used to further modify
             // certain Shibboleth user attributes
             if ($ilias->getSetting('shib_data_conv') && $ilias->getSetting('shib_data_conv') != '' && is_readable($ilias->getSetting('shib_data_conv'))) {
                 include $ilias->getSetting('shib_data_conv');
             }
             // Create use in DB
             $userObj->create();
             $userObj->setActive(1);
             $userObj->updateOwner();
             //insert user data in table user_data
             $userObj->saveAsNew();
             // store acceptance of user agreement
             //$userObj->writeAccepted();
             // Default prefs
             $userObj->setPref('hits_per_page', $ilSetting->get('hits_per_page', 30));
             $userObj->setPref('show_users_online', $ilSetting->get('show_users_online', 'y'));
             // setup user preferences
             $userObj->writePrefs();
             //set role entries
             #$rbacadmin->assignUser($ilias->getSetting('shib_user_default_role'), $userObj->getId(),true);
             // New role assignment
             include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
             ilShibbolethRoleAssignmentRules::doAssignments($userObj->getId(), $_SERVER);
             // Authorize this user
             $this->setAuth($userObj->getLogin());
         } else {
             // Update user account
             $uid = $userObj->checkUserId();
             $userObj->setId($uid);
             $userObj->read($uid);
             if ($ilias->getSetting('shib_update_gender') && ($_SERVER[$ilias->getSetting('shib_gender')] == 'm' || $_SERVER[$ilias->getSetting('shib_gender')] == 'f')) {
                 $userObj->setGender($_SERVER[$ilias->getSetting('shib_gender')]);
             }
             if ($ilias->getSetting('shib_update_title')) {
                 $userObj->setTitle($_SERVER[$ilias->getSetting('shib_title')]);
             }
             $userObj->setFirstname($this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]));
             $userObj->setLastname($this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]));
             $userObj->setFullname();
             if ($ilias->getSetting('shib_update_institution')) {
                 $userObj->setInstitution($_SERVER[$ilias->getSetting('shib_institution')]);
             }
             if ($ilias->getSetting('shib_update_department')) {
                 $userObj->setDepartment($_SERVER[$ilias->getSetting('shib_department')]);
             }
             if ($ilias->getSetting('shib_update_street')) {
                 $userObj->setStreet($_SERVER[$ilias->getSetting('shib_street')]);
             }
             if ($ilias->getSetting('shib_update_city')) {
                 $userObj->setCity($_SERVER[$ilias->getSetting('shib_city')]);
             }
             if ($ilias->getSetting('shib_update_zipcode')) {
                 $userObj->setZipcode($_SERVER[$ilias->getSetting('shib_zipcode')]);
             }
             if ($ilias->getSetting('shib_update_country')) {
                 $userObj->setCountry($_SERVER[$ilias->getSetting('shib_country')]);
             }
             if ($ilias->getSetting('shib_update_phone_office')) {
                 $userObj->setPhoneOffice($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_office')]));
             }
             if ($ilias->getSetting('shib_update_phone_home')) {
                 $userObj->setPhoneHome($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_home')]));
             }
             if ($ilias->getSetting('shib_update_phone_mobile')) {
                 $userObj->setPhoneMobile($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_mobile')]));
             }
             if ($ilias->getSetting('shib_update_fax')) {
                 $userObj->setFax($_SERVER[$ilias->getSetting('shib_fax')]);
             }
             if ($ilias->getSetting('shib_update_matriculation')) {
                 $userObj->setMatriculation($_SERVER[$ilias->getSetting('shib_matriculation')]);
             }
             if ($ilias->getSetting('shib_update_email')) {
                 $userObj->setEmail($this->getFirstString($_SERVER[$ilias->getSetting('shib_email')]));
             }
             if ($ilias->getSetting('shib_update_hobby')) {
                 $userObj->setHobby($_SERVER[$ilias->getSetting('shib_hobby')]);
             }
             if ($ilias->getSetting('shib_update_language')) {
                 $userObj->setLanguage($_SERVER[$ilias->getSetting('shib_language')]);
             }
             // Include custom code that can be used to further modify
             // certain Shibboleth user attributes
             if ($ilias->getSetting('shib_data_conv') && $ilias->getSetting('shib_data_conv') != '' && is_readable($ilias->getSetting('shib_data_conv'))) {
                 include $ilias->getSetting('shib_data_conv');
             }
             $userObj->update();
             // Update role assignments
             include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
             ilShibbolethRoleAssignmentRules::updateAssignments($userObj->getId(), $_SERVER);
         }
         // we are authenticated: redirect, if possible
         if ($_GET["target"] != "") {
             ilUtil::redirect("goto.php?target=" . $_GET["target"] . "&client_id=" . CLIENT_ID);
         }
     } else {
         // This should never occur unless Shibboleth is not configured properly
         $this->status = AUTH_WRONG_LOGIN;
     }
 }
 protected function setSubTabs()
 {
     global $ilSetting;
     include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
     if ($ilSetting->get('shib_active') == 0 and ilShibbolethRoleAssignmentRules::getCountRules() == 0) {
         return false;
     }
     // DONE: show sub tabs if there is any role assignment rule
     $this->tabs_gui->addSubTabTarget('shib_settings', $this->ctrl->getLinkTarget($this, 'settings'));
     $this->tabs_gui->addSubTabTarget('shib_role_assignment', $this->ctrl->getLinkTarget($this, 'roleAssignment'));
     return true;
 }
Ejemplo n.º 6
0
 /**
  * Login function
  *
  * @access private
  * @return void
  */
 public function login()
 {
     global $ilias, $ilSetting;
     // for backword compatibility of hook environment variables
     $shibServerData = shibServerData::getInstance($_SERVER);
     if ($shibServerData->getLogin()) {
         $shibUser = shibUser::buildInstance($shibServerData);
         // for backword compatibility of hook environment variables
         $userObj =& $shibUser;
         // For shib_data_conv included Script
         $newUser = $shibUser->isNew();
         // For shib_data_conv included Script
         if ($shibUser->isNew()) {
             $shibUser->createFields();
             $shibUser->setPref('hits_per_page', $ilSetting->get('hits_per_page'));
             // Modify user data before creating the user
             // Include custom code that can be used to further modify
             // certain Shibboleth user attributes
             if ($ilias->getSetting('shib_data_conv') and $ilias->getSetting('shib_data_conv') != '' and is_readable($ilias->getSetting('shib_data_conv'))) {
                 include $ilias->getSetting('shib_data_conv');
             }
             $shibUser = ilShibbolethPluginWrapper::getInstance()->beforeCreateUser($shibUser);
             $shibUser->create();
             $shibUser->updateOwner();
             $shibUser->saveAsNew();
             $shibUser->writePrefs();
             $shibUser = ilShibbolethPluginWrapper::getInstance()->afterCreateUser($shibUser);
             ilShibbolethRoleAssignmentRules::doAssignments($shibUser->getId(), $_SERVER);
         } else {
             $shibUser->updateFields();
             // Include custom code that can be used to further modify
             // certain Shibboleth user attributes
             if ($ilias->getSetting('shib_data_conv') and $ilias->getSetting('shib_data_conv') != '' and is_readable($ilias->getSetting('shib_data_conv'))) {
                 include $ilias->getSetting('shib_data_conv');
             }
             //				$shibUser->update();
             $shibUser = ilShibbolethPluginWrapper::getInstance()->beforeUpdateUser($shibUser);
             $shibUser->update();
             $shibUser = ilShibbolethPluginWrapper::getInstance()->afterUpdateUser($shibUser);
             ilShibbolethRoleAssignmentRules::updateAssignments($shibUser->getId(), $_SERVER);
         }
         $this->setAuth($shibUser->getLogin(), $shibUser);
         ilObjUser::_updateLastLogin($shibUser->getId());
         if ($_GET['target'] != '') {
             ilUtil::redirect('goto.php?target=' . $_GET['target'] . '&client_id=' . CLIENT_ID);
         }
     } else {
         $this->status = AUTH_WRONG_LOGIN;
     }
 }
 public function matches($a_data)
 {
     if ($this->isPluginActive()) {
         include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
         return ilShibbolethRoleAssignmentRules::callPlugin($this->getPluginId(), $a_data);
     }
     // No value
     if (!isset($a_data[$this->getName()])) {
         return false;
     }
     $values = $a_data[$this->getName()];
     if (is_array($values)) {
         return in_array($this->getValue(), $values);
     } else {
         return $this->wildcardCompare($this->getValue(), $values);
         #return $this->getValue() == $values;
     }
 }