function fetchData($a_username, $password, $isChallengeResponse = false)
 {
     //var_dump(func_get_args());
     //var_dump($_SERVER);
     global $lng;
     $settings = new ilSetting('apache_auth');
     if (!$settings->get('apache_enable_auth')) {
         return false;
     }
     if (!$settings->get('apache_auth_indicator_name') || !$settings->get('apache_auth_indicator_value')) {
         return false;
     }
     if (!ilUtil::isLogin($a_username)) {
         return false;
     }
     if ($a_username == 'anonymous' && $password == 'anonymous') {
         global $ilDB;
         $query = 'SELECT * FROM usr_data WHERE login = %s';
         $qres = $ilDB->queryF($query, array('text'), array($a_username));
         $userRow = $ilDB->fetchAssoc($qres);
         if (is_array($userRow) && $userRow['usr_id']) {
             // user as a local account...
             // fetch logindata
             $this->activeUser = $userRow['login'];
             foreach ($userRow as $key => $value) {
                 if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
                     continue;
                 }
                 // Use reference to the auth object if exists
                 // This is because the auth session variable can change so a static call to setAuthData does not make sense
                 $this->_auth_obj->setAuthData($key, $value);
             }
             //var_dump($userRow);
             $this->_auth_obj->setAuth($userRow['login']);
             return true;
         }
         return false;
     }
     if (!$_SESSION['login_invalid'] && $_SERVER[$settings->get('apache_auth_indicator_name')] == $settings->get('apache_auth_indicator_value')) {
         // we have a valid apache auth
         global $ilDB;
         if ($settings->get('apache_enable_local')) {
             $query = 'SELECT * FROM usr_data WHERE login = %s OR (auth_mode = %s AND ext_account = %s)';
             $qres = $ilDB->queryF($query, array('text', 'text', 'text'), array($a_username, 'apache', $a_username));
             $userRow = $ilDB->fetchAssoc($qres);
             if (is_array($userRow) && $userRow['usr_id']) {
                 // user as a local account...
                 // fetch logindata
                 $this->activeUser = $userRow['login'];
                 foreach ($userRow as $key => $value) {
                     if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
                         continue;
                     }
                     // Use reference to the auth object if exists
                     // This is because the auth session variable can change so a static call to setAuthData does not make sense
                     $this->_auth_obj->setAuthData($key, $value);
                 }
                 //var_dump($userRow);
                 $this->_auth_obj->setAuth($userRow['login']);
                 return true;
             }
         }
         // if no local user has been found AND ldap lookup is enabled
         if ($settings->get('apache_enable_ldap')) {
             include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
             $this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
             $this->server->doConnectionCheck();
             $config = $this->server->toPearAuthArray();
             $query = new ilLDAPQuery($this->server);
             $ldapUser = $query->fetchUser($a_username);
             if ($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config['userattr']] == $a_username) {
                 $ldapUser[$a_username]['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username);
                 $user_data = $ldapUser[$a_username];
                 //array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
                 if ($this->server->enabledSyncOnLogin()) {
                     if (!$user_data['ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation) {
                         $this->_auth_obj->logout();
                         $_SESSION['tmp_auth_mode'] = 'apache';
                         $_SESSION['tmp_external_account'] = $a_username;
                         $_SESSION['tmp_pass'] = $_POST['password'];
                         include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
                         $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($a_username, $user_data);
                         $_SESSION['tmp_roles'] = array();
                         foreach ($roles as $info) {
                             if ($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN) {
                                 $_SESSION['tmp_roles'][] = $info['id'];
                             }
                         }
                         ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
                         exit;
                     }
                     if ($this->updateRequired($a_username)) {
                         $this->initLDAPAttributeToUser();
                         $this->ldap_attr_to_user->setUserData($ldapUser);
                         $this->ldap_attr_to_user->refresh();
                         $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username);
                     } else {
                         // User exists and no update required
                         $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username);
                     }
                 }
                 if ($user_data['ilInternalAccount']) {
                     $this->_auth_obj->setAuth($user_data['ilInternalAccount']);
                     return true;
                 }
             }
         }
         if ($settings->get('apache_enable_local') && $settings->get('apache_local_autocreate')) {
             // no local user, no ldap match or ldap not activated
             //				if (!self::$force_creation)
             //				{
             //					$_SESSION['tmp_auth_mode'] = 'apache';
             //					$_SESSION['tmp_external_account'] = $a_username;
             //					$_SESSION['tmp_pass'] = $_POST['password'];
             //ilUtil::redirect('https://lernwelt.janposselt.de/ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
             //				}
             //				else
             //				{
             global $ilIliasIniFile;
             if ($_GET['r']) {
                 $_SESSION['profile_complete_redirect'] = $_GET['r'];
             }
             $user = new ilObjUser();
             $user->setLogin($a_username);
             $user->setExternalAccount($a_username);
             $user->setProfileIncomplete(true);
             $user->create();
             $user->setAuthMode('apache');
             // set a timestamp for last_password_change
             // this ts is needed by ilSecuritySettings
             $user->setLastPasswordChangeTS(time());
             $user->setTimeLimitUnlimited(1);
             $user->setActive(1);
             //insert user data in table user_data
             $user->saveAsNew();
             $user->writePrefs();
             global $rbacadmin;
             $rbacadmin->assignUser($settings->get('apache_default_role', 4), $user->getId(), true);
             return true;
             //				}
         }
     } else {
         if (defined('IL_CERT_SSO') && IL_CERT_SSO) {
             define('APACHE_ERRORCODE', AUTH_APACHE_FAILED);
         }
     }
     return false;
 }
Exemple #2
0
 /**
  * fetch required fields of user profile data
  *
  * @access private
  * @param
  * 
  */
 private function fetchUserProfileFields()
 {
     include_once 'Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
     $this->user_fields = array_merge(array($this->settings->getUserAttribute()), array('dn'), $this->mapping->getFields(), ilLDAPRoleAssignmentRules::getAttributeNames());
 }
 /**
  * @param      $a_username
  * @param      $password
  * @param bool $isChallengeResponse
  * @return bool|void
  * @throws ilLDAPQueryException
  */
 function fetchData($a_username, $password, $isChallengeResponse = false)
 {
     /**
      * @var $ilDB      ilDB
      * @var $ilSetting ilSetting
      * @var $rbacadmin ilRbacAdmin
      */
     global $ilDB, $ilSetting, $rbacadmin;
     $settings = new ilSetting('apache_auth');
     if (!$settings->get('apache_enable_auth')) {
         return false;
     }
     if (!$settings->get('apache_auth_indicator_name') || !$settings->get('apache_auth_indicator_value')) {
         return false;
     }
     if (!ilUtil::isLogin($a_username)) {
         return false;
     }
     if ($a_username == 'anonymous' && $password == 'anonymous') {
         $query = 'SELECT * FROM usr_data WHERE login = %s';
         $qres = $ilDB->queryF($query, array('text'), array($a_username));
         $userRow = $ilDB->fetchAssoc($qres);
         if (is_array($userRow) && $userRow['usr_id']) {
             // user as a local account...
             // fetch logindata
             $this->activeUser = $userRow['login'];
             foreach ($userRow as $key => $value) {
                 if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
                     continue;
                 }
                 // Use reference to the auth object if exists
                 // This is because the auth session variable can change so a static call to setAuthData does not make sense
                 $this->_auth_obj->setAuthData($key, $value);
             }
             $this->_auth_obj->setAuth($userRow['login']);
             return true;
         }
         return false;
     }
     if (!$_SESSION['login_invalid'] && in_array($_SERVER[$settings->get('apache_auth_indicator_name')], array_filter(array_map('trim', str_getcsv($settings->get('apache_auth_indicator_value')))))) {
         // we have a valid apache auth
         $list = array($ilSetting->get('auth_mode'));
         // Respect the auth method sequence
         include_once './Services/Authentication/classes/class.ilAuthModeDetermination.php';
         $det = ilAuthModeDetermination::_getInstance();
         if (!$det->isManualSelection() && $det->getCountActiveAuthModes() > 1) {
             $list = array();
             foreach (ilAuthModeDetermination::_getInstance()->getAuthModeSequence() as $auth_mode) {
                 $list[] = $auth_mode;
             }
         }
         foreach ($list as $auth_mode) {
             if (AUTH_LDAP == $auth_mode) {
                 // if no local user has been found AND ldap lookup is enabled
                 if ($settings->get('apache_enable_ldap')) {
                     include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
                     $this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
                     $this->server->doConnectionCheck();
                     $config = $this->server->toPearAuthArray();
                     $query = new ilLDAPQuery($this->server);
                     $query->bind();
                     $ldapUser = $query->fetchUser($a_username);
                     if ($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config['userattr']] == $a_username) {
                         $ldapUser[$a_username]['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
                         $user_data = $ldapUser[$a_username];
                         //array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
                         if ($this->server->enabledSyncOnLogin()) {
                             if (!$user_data['ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation) {
                                 $this->_auth_obj->logout();
                                 $_SESSION['tmp_auth_mode'] = 'ldap';
                                 $_SESSION['tmp_external_account'] = $a_username;
                                 $_SESSION['tmp_pass'] = $_POST['password'];
                                 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
                                 $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($a_username, $user_data);
                                 $_SESSION['tmp_roles'] = array();
                                 foreach ($roles as $info) {
                                     if ($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN) {
                                         $_SESSION['tmp_roles'][] = $info['id'];
                                     }
                                 }
                                 ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
                             }
                             if ($this->updateRequired($a_username)) {
                                 $this->initLDAPAttributeToUser();
                                 $this->ldap_attr_to_user->setUserData($ldapUser);
                                 $this->ldap_attr_to_user->refresh();
                                 $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
                             } else {
                                 // User exists and no update required
                                 $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
                             }
                         }
                         if ($user_data['ilInternalAccount']) {
                             $this->_auth_obj->setAuth($user_data['ilInternalAccount']);
                             $this->_auth_obj->username = $user_data['ilInternalAccount'];
                             return true;
                         }
                     }
                 }
             } else {
                 if (AUTH_APACHE != $auth_mode && $settings->get('apache_enable_local')) {
                     $condition = '';
                     if ($ilSetting->get("auth_mode") && $ilSetting->get("auth_mode") == 'ldap') {
                         $condition = " AND auth_mode != " . $ilDB->quote('default', 'text') . " ";
                     }
                     $query = "SELECT * FROM usr_data WHERE login = %s AND auth_mode != %s {$condition}";
                     $qres = $ilDB->queryF($query, array('text', 'text'), array($a_username, 'ldap'));
                     $userRow = $ilDB->fetchAssoc($qres);
                     if (is_array($userRow) && $userRow['usr_id']) {
                         // user as a local account...
                         // fetch logindata
                         $this->activeUser = $userRow['login'];
                         foreach ($userRow as $key => $value) {
                             if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
                                 continue;
                             }
                             // Use reference to the auth object if exists
                             // This is because the auth session variable can change so a static call to setAuthData does not make sense
                             $this->_auth_obj->setAuthData($key, $value);
                         }
                         $this->_auth_obj->setAuth($userRow['login']);
                         return true;
                     }
                 }
             }
         }
         if ($settings->get('apache_enable_local') && $settings->get('apache_local_autocreate')) {
             if ($_GET['r']) {
                 $_SESSION['profile_complete_redirect'] = $_GET['r'];
             }
             $user = new ilObjUser();
             $user->setLogin($a_username);
             $user->setExternalAccount($a_username);
             $user->setProfileIncomplete(true);
             $user->create();
             $user->setAuthMode('apache');
             // set a timestamp for last_password_change
             // this ts is needed by ilSecuritySettings
             $user->setLastPasswordChangeTS(time());
             $user->setTimeLimitUnlimited(1);
             $user->setActive(1);
             //insert user data in table user_data
             $user->saveAsNew();
             $user->writePrefs();
             $rbacadmin->assignUser($settings->get('apache_default_role', 4), $user->getId(), true);
             return true;
         }
     } else {
         if (defined('IL_CERT_SSO') && IL_CERT_SSO) {
             define('APACHE_ERRORCODE', AUTH_APACHE_FAILED);
         }
     }
     return false;
 }
 /**
  * Get attribute array for pear auth data
  *
  * @access private
  * @param 
  * 
  */
 private function getPearAtributeArray()
 {
     if ($this->enabledSyncOnLogin()) {
         include_once 'Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
         include_once 'Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
         $mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->getServerId());
         return array_merge(array($this->getUserAttribute()), $mapping->getFields(), array('dn'), ilLDAPRoleAssignmentRules::getAttributeNames());
     } else {
         return array($this->getUserAttribute());
     }
 }
 /**
  * Handle account migration
  * @todo to much session based handling
  */
 protected function handleAccountMigration()
 {
     // TODO: handle multiple ldap server
     $_SESSION['tmp_auth_mode'] = $this->getAuthMode();
     $_SESSION['tmp_external_account'] = $this->getExternalAccount();
     $_SESSION['tmp_pass'] = $_POST['password'];
     include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
     $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($this->getExternalAccount(), $this->getUserData());
     $_SESSION['tmp_roles'] = array();
     foreach ($roles as $info) {
         if ($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN) {
             $_SESSION['tmp_roles'][] = $info['id'];
         }
     }
     return true;
 }
 /**
  * Create xml string of user according to mapping rules 
  *
  * @access private
  * 
  */
 private function usersToXML()
 {
     include_once './Services/Xml/classes/class.ilXmlWriter.php';
     $this->writer = new ilXmlWriter();
     $this->writer->xmlStartTag('Users');
     $cnt_update = 0;
     $cnt_create = 0;
     // Single users
     foreach ($this->user_data as $external_account => $user) {
         $user['ilExternalAccount'] = $external_account;
         // Required fields
         if ($user['ilInternalAccount']) {
             $usr_id = ilObjUser::_lookupId($user['ilInternalAccount']);
             ++$cnt_update;
             // User exists
             $this->writer->xmlStartTag('User', array('Id' => $usr_id, 'Action' => 'Update'));
             $this->writer->xmlElement('Login', array(), $user['ilInternalAccount']);
             $this->writer->xmlElement('ExternalAccount', array(), $external_account);
             $this->writer->xmlElement('AuthMode', array(type => $this->getNewUserAuthMode()), null);
             $rules = $this->mapping->getRulesForUpdate();
             include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
             foreach (ilLDAPRoleAssignmentRules::getAssignmentsForUpdate($usr_id, $external_account, $user) as $role_data) {
                 $this->writer->xmlElement('Role', array('Id' => $role_data['id'], 'Type' => $role_data['type'], 'Action' => $role_data['action']), '');
             }
         } else {
             ++$cnt_create;
             // Create user
             $this->writer->xmlStartTag('User', array('Action' => 'Insert'));
             $this->writer->xmlElement('Login', array(), ilAuthUtils::_generateLogin($external_account));
             include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
             foreach (ilLDAPRoleAssignmentRules::getAssignmentsForCreation($external_account, $user) as $role_data) {
                 $this->writer->xmlElement('Role', array('Id' => $role_data['id'], 'Type' => $role_data['type'], 'Action' => $role_data['action']), '');
             }
             $rules = $this->mapping->getRules();
         }
         $this->writer->xmlElement('Active', array(), "true");
         $this->writer->xmlElement('TimeLimitOwner', array(), 7);
         $this->writer->xmlElement('TimeLimitUnlimited', array(), 1);
         $this->writer->xmlElement('TimeLimitFrom', array(), time());
         $this->writer->xmlElement('TimeLimitUntil', array(), time());
         // only for new users.
         // If auth_mode is 'default' (ldap) this status should remain.
         if (!$user['ilInternalAccount']) {
             $this->writer->xmlElement('AuthMode', array('type' => $this->getNewUserAuthMode()), $this->getNewUserAuthMode());
             $this->writer->xmlElement('ExternalAccount', array(), $external_account);
         }
         foreach ($rules as $field => $data) {
             // Do Mapping: it is possible to assign multiple ldap attribute to one user data field
             if (!($value = $this->doMapping($user, $data))) {
                 continue;
             }
             switch ($field) {
                 case 'gender':
                     switch (strtolower($value)) {
                         case 'm':
                         case 'male':
                             $this->writer->xmlElement('Gender', array(), 'm');
                             break;
                         case 'f':
                         case 'female':
                         default:
                             $this->writer->xmlElement('Gender', array(), 'f');
                             break;
                     }
                     break;
                 case 'firstname':
                     $this->writer->xmlElement('Firstname', array(), $value);
                     break;
                 case 'lastname':
                     $this->writer->xmlElement('Lastname', array(), $value);
                     break;
                 case 'hobby':
                     $this->writer->xmlElement('Hobby', array(), $value);
                     break;
                 case 'title':
                     $this->writer->xmlElement('Title', array(), $value);
                     break;
                 case 'institution':
                     $this->writer->xmlElement('Institution', array(), $value);
                     break;
                 case 'department':
                     $this->writer->xmlElement('Department', array(), $value);
                     break;
                 case 'street':
                     $this->writer->xmlElement('Street', array(), $value);
                     break;
                 case 'city':
                     $this->writer->xmlElement('City', array(), $value);
                     break;
                 case 'zipcode':
                     $this->writer->xmlElement('PostalCode', array(), $value);
                     break;
                 case 'country':
                     $this->writer->xmlElement('Country', array(), $value);
                     break;
                 case 'phone_office':
                     $this->writer->xmlElement('PhoneOffice', array(), $value);
                     break;
                 case 'phone_home':
                     $this->writer->xmlElement('PhoneHome', array(), $value);
                     break;
                 case 'phone_mobile':
                     $this->writer->xmlElement('PhoneMobile', array(), $value);
                     break;
                 case 'fax':
                     $this->writer->xmlElement('Fax', array(), $value);
                     break;
                 case 'email':
                     $this->writer->xmlElement('Email', array(), $value);
                     break;
                 case 'matriculation':
                     $this->writer->xmlElement('Matriculation', array(), $value);
                     break;
                     /*						
                     case 'photo':
                     	$this->writer->xmlElement('PersonalPicture',array('encoding' => 'Base64','imagetype' => 'image/jpeg'),
                     		base64_encode($this->convertInput($user[$value])));
                     	break;
                     */
                 /*						
                 case 'photo':
                 	$this->writer->xmlElement('PersonalPicture',array('encoding' => 'Base64','imagetype' => 'image/jpeg'),
                 		base64_encode($this->convertInput($user[$value])));
                 	break;
                 */
                 default:
                     // Handle user defined fields
                     if (substr($field, 0, 4) != 'udf_') {
                         continue;
                     }
                     $id_data = explode('_', $field);
                     if (!isset($id_data[1])) {
                         continue;
                     }
                     $this->initUserDefinedFields();
                     $definition = $this->udf->getDefinition($id_data[1]);
                     $this->writer->xmlElement('UserDefinedField', array('Id' => $definition['il_id'], 'Name' => $definition['field_name']), $value);
                     break;
             }
         }
         $this->writer->xmlEndTag('User');
     }
     if ($cnt_create) {
         $this->log->write('LDAP: Started creation of ' . $cnt_create . ' users.');
     }
     if ($cnt_update) {
         $this->log->write('LDAP: Started update of ' . $cnt_update . ' users.');
     }
     $this->writer->xmlEndTag('Users');
 }
 /**
  * Fetch additional attributes from plugin
  * @return 
  */
 protected static function getAdditionalPluginAttributes()
 {
     global $ilPluginAdmin;
     if (self::$active_plugins == null) {
         self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE, 'LDAP', 'ldaphk');
     }
     $attributes = array();
     foreach (self::$active_plugins as $plugin_name) {
         $ok = false;
         $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE, 'LDAP', 'ldaphk', $plugin_name);
         if ($plugin_obj instanceof ilLDAPRoleAssignmentPlugin) {
             $attributes = array_merge($attributes, $plugin_obj->getAdditionalAttributeNames());
         }
     }
     return $attributes ? $attributes : array();
 }
 /**
  * Check if a rule matches
  * @return 
  * @param object $a_user_data
  */
 public function matches($a_user_data)
 {
     global $ilLog;
     switch ($this->getType()) {
         case self::TYPE_PLUGIN:
             include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
             return ilLDAPRoleAssignmentRules::callPlugin($this->getPluginId(), $a_user_data);
         case self::TYPE_ATTRIBUTE:
             $attn = strtolower($this->getAttributeName());
             if (!isset($a_user_data[$attn])) {
                 return false;
             }
             if (!is_array($a_user_data[$attn])) {
                 $attribute_val = array(0 => $a_user_data[$attn]);
             } else {
                 $attribute_val = $a_user_data[$attn];
             }
             foreach ($attribute_val as $value) {
                 if ($this->wildcardCompare(trim($this->getAttributeValue()), trim($value))) {
                     $ilLog->write(__METHOD__ . ': Found role mapping: ' . ilObject::_lookupTitle($this->getRoleId()));
                     return true;
                 }
                 /*					
                 if(trim($value) == trim($this->getAttributeValue()))
                 {
                 				 		$ilLog->write(__METHOD__.': Found role mapping: '.ilObject::_lookupTitle($this->getRoleId()));
                 	return true;
                 }
                 */
             }
             return false;
         case self::TYPE_GROUP:
             return $this->isGroupMember($a_user_data);
     }
 }