/** * Constructor * * @access public * @param array array of pear parameters * */ public function __construct() { global $ilLog; include_once 'Services/LDAP/classes/class.ilLDAPServer.php'; $this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer()); $this->log = $ilLog; parent::__construct($this->server->toPearAuthArray()); }
/** * Get default global role * @return */ public static function getDefaultRole() { if (self::$default_role) { return self::$default_role; } include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php'; include_once './Services/LDAP/classes/class.ilLDAPServer.php'; return self::$default_role = ilLDAPAttributeMapping::_lookupGlobalRole(ilLDAPServer::_getFirstActiveServer()); }
/** * Init login form */ protected function initLoginForm() { global $rbacsystem, $lng, $ilSetting; include_once "./Services/Form/classes/class.ilPropertyFormGUI.php"; $this->form = new ilPropertyFormGUI(); $this->form->setFormAction($this->ctrl->getFormAction($this, 'saveLoginInfo')); $this->form->setTableWidth('80%'); $this->form->setTitle($this->lng->txt('login_information')); $this->form->addCommandButton('saveLoginInfo', $this->lng->txt('save')); include_once 'Services/LDAP/classes/class.ilLDAPServer.php'; include_once 'Services/Radius/classes/class.ilRadiusSettings.php'; $rad_settings = ilRadiusSettings::_getInstance(); if ($ldap_id = ilLDAPServer::_getFirstActiveServer() or $rad_settings->isActive()) { $select = new ilSelectInputGUI($this->lng->txt('default_auth_mode'), 'default_auth_mode'); $select->setValue($ilSetting->get('default_auth_mode', AUTH_LOCAL)); $select->setInfo($this->lng->txt('default_auth_mode_info')); $options[AUTH_LOCAL] = $this->lng->txt('auth_local'); if ($ldap_id) { $options[AUTH_LDAP] = $this->lng->txt('auth_ldap'); } if ($rad_settings->isActive()) { $options[AUTH_RADIUS] = $this->lng->txt('auth_radius'); } $select->setOptions($options); $this->form->addItem($select); } if (!is_object($this->loginSettings)) { $this->loginSettings = new ilSetting("login_settings"); } $login_settings = $this->loginSettings->getAll(); $languages = $lng->getInstalledLanguages(); $def_language = $lng->getDefaultLanguage(); foreach ($this->setDefLangFirst($def_language, $languages) as $lang_key) { $add = ""; if ($lang_key == $def_language) { $add = " (" . $lng->txt("default") . ")"; } $textarea = new ilTextAreaInputGUI($lng->txt("meta_l_" . $lang_key) . $add, 'login_message_' . $lang_key); $textarea->setRows(10); $textarea->setValue($login_settings["login_message_" . $lang_key]); $textarea->setUseRte(true); $textarea->setRteTagSet("extended"); $this->form->addItem($textarea); unset($login_settings["login_message_" . $lang_key]); } foreach ($login_settings as $key => $message) { $lang_key = substr($key, strrpos($key, "_") + 1, strlen($key) - strrpos($key, "_")); $textarea = new ilTextAreaInputGUI($lng->txt("meta_l_" . $lang_key) . $add, 'login_message_' . $lang_key); $textarea->setRows(10); $textarea->setValue($message); $textarea->setUseRte(true); $textarea->setRteTagSet("extended"); if (!in_array($lang_key, $languages)) { $textarea->setAlert($lng->txt("not_installed")); } $this->form->addItem($textarea); } }
function fetchData($a_username, $password, $isChallengeResponse = false) { //var_dump(func_get_args()); //var_dump($_SERVER); global $lng; $settings = new ilSetting('apache_auth'); if (!$settings->get('apache_enable_auth')) { return false; } if (!$settings->get('apache_auth_indicator_name') || !$settings->get('apache_auth_indicator_value')) { return false; } if (!ilUtil::isLogin($a_username)) { return false; } if ($a_username == 'anonymous' && $password == 'anonymous') { global $ilDB; $query = 'SELECT * FROM usr_data WHERE login = %s'; $qres = $ilDB->queryF($query, array('text'), array($a_username)); $userRow = $ilDB->fetchAssoc($qres); if (is_array($userRow) && $userRow['usr_id']) { // user as a local account... // fetch logindata $this->activeUser = $userRow['login']; foreach ($userRow as $key => $value) { if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) { continue; } // Use reference to the auth object if exists // This is because the auth session variable can change so a static call to setAuthData does not make sense $this->_auth_obj->setAuthData($key, $value); } //var_dump($userRow); $this->_auth_obj->setAuth($userRow['login']); return true; } return false; } if (!$_SESSION['login_invalid'] && $_SERVER[$settings->get('apache_auth_indicator_name')] == $settings->get('apache_auth_indicator_value')) { // we have a valid apache auth global $ilDB; if ($settings->get('apache_enable_local')) { $query = 'SELECT * FROM usr_data WHERE login = %s OR (auth_mode = %s AND ext_account = %s)'; $qres = $ilDB->queryF($query, array('text', 'text', 'text'), array($a_username, 'apache', $a_username)); $userRow = $ilDB->fetchAssoc($qres); if (is_array($userRow) && $userRow['usr_id']) { // user as a local account... // fetch logindata $this->activeUser = $userRow['login']; foreach ($userRow as $key => $value) { if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) { continue; } // Use reference to the auth object if exists // This is because the auth session variable can change so a static call to setAuthData does not make sense $this->_auth_obj->setAuthData($key, $value); } //var_dump($userRow); $this->_auth_obj->setAuth($userRow['login']); return true; } } // if no local user has been found AND ldap lookup is enabled if ($settings->get('apache_enable_ldap')) { include_once 'Services/LDAP/classes/class.ilLDAPServer.php'; $this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer()); $this->server->doConnectionCheck(); $config = $this->server->toPearAuthArray(); $query = new ilLDAPQuery($this->server); $ldapUser = $query->fetchUser($a_username); if ($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config['userattr']] == $a_username) { $ldapUser[$a_username]['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username); $user_data = $ldapUser[$a_username]; //array_change_key_case($a_auth->getAuthData(),CASE_LOWER); if ($this->server->enabledSyncOnLogin()) { if (!$user_data['ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation) { $this->_auth_obj->logout(); $_SESSION['tmp_auth_mode'] = 'apache'; $_SESSION['tmp_external_account'] = $a_username; $_SESSION['tmp_pass'] = $_POST['password']; include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php'; $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($a_username, $user_data); $_SESSION['tmp_roles'] = array(); foreach ($roles as $info) { if ($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN) { $_SESSION['tmp_roles'][] = $info['id']; } } ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration'); exit; } if ($this->updateRequired($a_username)) { $this->initLDAPAttributeToUser(); $this->ldap_attr_to_user->setUserData($ldapUser); $this->ldap_attr_to_user->refresh(); $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username); } else { // User exists and no update required $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username); } } if ($user_data['ilInternalAccount']) { $this->_auth_obj->setAuth($user_data['ilInternalAccount']); return true; } } } if ($settings->get('apache_enable_local') && $settings->get('apache_local_autocreate')) { // no local user, no ldap match or ldap not activated // if (!self::$force_creation) // { // $_SESSION['tmp_auth_mode'] = 'apache'; // $_SESSION['tmp_external_account'] = $a_username; // $_SESSION['tmp_pass'] = $_POST['password']; //ilUtil::redirect('https://lernwelt.janposselt.de/ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration'); // } // else // { global $ilIliasIniFile; if ($_GET['r']) { $_SESSION['profile_complete_redirect'] = $_GET['r']; } $user = new ilObjUser(); $user->setLogin($a_username); $user->setExternalAccount($a_username); $user->setProfileIncomplete(true); $user->create(); $user->setAuthMode('apache'); // set a timestamp for last_password_change // this ts is needed by ilSecuritySettings $user->setLastPasswordChangeTS(time()); $user->setTimeLimitUnlimited(1); $user->setActive(1); //insert user data in table user_data $user->saveAsNew(); $user->writePrefs(); global $rbacadmin; $rbacadmin->assignUser($settings->get('apache_default_role', 4), $user->getId(), true); return true; // } } } else { if (defined('IL_CERT_SSO') && IL_CERT_SSO) { define('APACHE_ERRORCODE', AUTH_APACHE_FAILED); } } return false; }
/** * @param $a_username * @param $password * @param bool $isChallengeResponse * @return bool|void * @throws ilLDAPQueryException */ function fetchData($a_username, $password, $isChallengeResponse = false) { /** * @var $ilDB ilDB * @var $ilSetting ilSetting * @var $rbacadmin ilRbacAdmin */ global $ilDB, $ilSetting, $rbacadmin; $settings = new ilSetting('apache_auth'); if (!$settings->get('apache_enable_auth')) { return false; } if (!$settings->get('apache_auth_indicator_name') || !$settings->get('apache_auth_indicator_value')) { return false; } if (!ilUtil::isLogin($a_username)) { return false; } if ($a_username == 'anonymous' && $password == 'anonymous') { $query = 'SELECT * FROM usr_data WHERE login = %s'; $qres = $ilDB->queryF($query, array('text'), array($a_username)); $userRow = $ilDB->fetchAssoc($qres); if (is_array($userRow) && $userRow['usr_id']) { // user as a local account... // fetch logindata $this->activeUser = $userRow['login']; foreach ($userRow as $key => $value) { if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) { continue; } // Use reference to the auth object if exists // This is because the auth session variable can change so a static call to setAuthData does not make sense $this->_auth_obj->setAuthData($key, $value); } $this->_auth_obj->setAuth($userRow['login']); return true; } return false; } if (!$_SESSION['login_invalid'] && in_array($_SERVER[$settings->get('apache_auth_indicator_name')], array_filter(array_map('trim', str_getcsv($settings->get('apache_auth_indicator_value')))))) { // we have a valid apache auth $list = array($ilSetting->get('auth_mode')); // Respect the auth method sequence include_once './Services/Authentication/classes/class.ilAuthModeDetermination.php'; $det = ilAuthModeDetermination::_getInstance(); if (!$det->isManualSelection() && $det->getCountActiveAuthModes() > 1) { $list = array(); foreach (ilAuthModeDetermination::_getInstance()->getAuthModeSequence() as $auth_mode) { $list[] = $auth_mode; } } foreach ($list as $auth_mode) { if (AUTH_LDAP == $auth_mode) { // if no local user has been found AND ldap lookup is enabled if ($settings->get('apache_enable_ldap')) { include_once 'Services/LDAP/classes/class.ilLDAPServer.php'; $this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer()); $this->server->doConnectionCheck(); $config = $this->server->toPearAuthArray(); $query = new ilLDAPQuery($this->server); $query->bind(); $ldapUser = $query->fetchUser($a_username); if ($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config['userattr']] == $a_username) { $ldapUser[$a_username]['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username); $user_data = $ldapUser[$a_username]; //array_change_key_case($a_auth->getAuthData(),CASE_LOWER); if ($this->server->enabledSyncOnLogin()) { if (!$user_data['ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation) { $this->_auth_obj->logout(); $_SESSION['tmp_auth_mode'] = 'ldap'; $_SESSION['tmp_external_account'] = $a_username; $_SESSION['tmp_pass'] = $_POST['password']; include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php'; $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($a_username, $user_data); $_SESSION['tmp_roles'] = array(); foreach ($roles as $info) { if ($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN) { $_SESSION['tmp_roles'][] = $info['id']; } } ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration'); } if ($this->updateRequired($a_username)) { $this->initLDAPAttributeToUser(); $this->ldap_attr_to_user->setUserData($ldapUser); $this->ldap_attr_to_user->refresh(); $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username); } else { // User exists and no update required $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username); } } if ($user_data['ilInternalAccount']) { $this->_auth_obj->setAuth($user_data['ilInternalAccount']); $this->_auth_obj->username = $user_data['ilInternalAccount']; return true; } } } } else { if (AUTH_APACHE != $auth_mode && $settings->get('apache_enable_local')) { $condition = ''; if ($ilSetting->get("auth_mode") && $ilSetting->get("auth_mode") == 'ldap') { $condition = " AND auth_mode != " . $ilDB->quote('default', 'text') . " "; } $query = "SELECT * FROM usr_data WHERE login = %s AND auth_mode != %s {$condition}"; $qres = $ilDB->queryF($query, array('text', 'text'), array($a_username, 'ldap')); $userRow = $ilDB->fetchAssoc($qres); if (is_array($userRow) && $userRow['usr_id']) { // user as a local account... // fetch logindata $this->activeUser = $userRow['login']; foreach ($userRow as $key => $value) { if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) { continue; } // Use reference to the auth object if exists // This is because the auth session variable can change so a static call to setAuthData does not make sense $this->_auth_obj->setAuthData($key, $value); } $this->_auth_obj->setAuth($userRow['login']); return true; } } } } if ($settings->get('apache_enable_local') && $settings->get('apache_local_autocreate')) { if ($_GET['r']) { $_SESSION['profile_complete_redirect'] = $_GET['r']; } $user = new ilObjUser(); $user->setLogin($a_username); $user->setExternalAccount($a_username); $user->setProfileIncomplete(true); $user->create(); $user->setAuthMode('apache'); // set a timestamp for last_password_change // this ts is needed by ilSecuritySettings $user->setLastPasswordChangeTS(time()); $user->setTimeLimitUnlimited(1); $user->setActive(1); //insert user data in table user_data $user->saveAsNew(); $user->writePrefs(); $rbacadmin->assignUser($settings->get('apache_default_role', 4), $user->getId(), true); return true; } } else { if (defined('IL_CERT_SSO') && IL_CERT_SSO) { define('APACHE_ERRORCODE', AUTH_APACHE_FAILED); } } return false; }
/** * Create user account * @param type $a_person_id */ private function createMember($a_person_id) { try { include_once './Services/LDAP/classes/class.ilLDAPServer.php'; $server = ilLDAPServer::getInstanceByServerId(ilLDAPServer::_getFirstActiveServer()); $server->doConnectionCheck(); include_once './Services/LDAP/classes/class.ilLDAPQuery.php'; $query = new ilLDAPQuery($server); $query->bind(IL_LDAP_BIND_DEFAULT); $users = $query->fetchUser($a_person_id); if ($users) { include_once './Services/LDAP/classes/class.ilLDAPAttributeToUser.php'; $xml = new ilLDAPAttributeToUser($server); $xml->setNewUserAuthMode($server->getAuthenticationMappingKey()); $xml->setUserData($users); $xml->refresh(); } } catch (ilLDAPQueryException $exc) { $this->log->write($exc->getMessage()); } }
/** * Read settings * * @access private * @param * */ private function read() { global $ilSetting; $this->kind = $this->settings->get('kind', self::TYPE_MANUAL); include_once 'Services/LDAP/classes/class.ilLDAPServer.php'; $ldap_active = ilLDAPServer::_getFirstActiveServer(); include_once 'Services/Radius/classes/class.ilRadiusSettings.php'; $rad_settings = ilRadiusSettings::_getInstance(); $rad_active = $rad_settings->isActive(); $soap_active = $ilSetting->get('soap_auth_active', false); // apache settings $apache_settings = new ilSetting('apache_auth'); $apache_active = $apache_settings->get('apache_enable_auth'); // Check if active for ($i = 0; $i < 5; $i++) { if ($auth_mode = $this->settings->get((string) $i, 0)) { switch ($auth_mode) { case AUTH_LOCAL: $this->position[] = $auth_mode; break; case AUTH_LDAP: if ($ldap_active) { $this->position[] = $auth_mode; } break; case AUTH_RADIUS: if ($rad_active) { $this->position[] = $auth_mode; } break; case AUTH_SOAP: if ($soap_active) { $this->position[] = $auth_mode; } break; case AUTH_APACHE: if ($apache_active) { $this->position[] = $auth_mode; } break; } } } // Append missing active auth modes if (!in_array(AUTH_LOCAL, $this->position)) { $this->position[] = AUTH_LOCAL; } if ($ldap_active) { if (!in_array(AUTH_LDAP, $this->position)) { $this->position[] = AUTH_LDAP; } } if ($rad_active) { if (!in_array(AUTH_RADIUS, $this->position)) { $this->position[] = AUTH_RADIUS; } } if ($soap_active) { if (!in_array(AUTH_SOAP, $this->position)) { $this->position[] = AUTH_SOAP; } } if ($apache_active) { if (!in_array(AUTH_APACHE, $this->position)) { $this->position[] = AUTH_APACHE; } } }
public static function _getMultipleAuthModeOptions($lng) { global $ilSetting; // in the moment only ldap is activated as additional authentication method include_once 'Services/LDAP/classes/class.ilLDAPServer.php'; $options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias'); // LDAP if ($ldap_id = ilLDAPServer::_getFirstActiveServer()) { $ldap_server = new ilLDAPServer($ldap_id); $options[AUTH_LDAP]['txt'] = $ldap_server->getName(); } include_once 'Services/Radius/classes/class.ilRadiusSettings.php'; $rad_settings = ilRadiusSettings::_getInstance(); if ($rad_settings->isActive()) { $options[AUTH_RADIUS]['txt'] = $rad_settings->getName(); } if ($ilSetting->get('apache_active')) { global $lng; $apache_settings = new ilSetting('apache_auth'); $options[AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth')); $options[AUTH_APACHE]['hide_in_ui'] = true; } if ($ilSetting->get('auth_mode', AUTH_LOCAL) == AUTH_LDAP) { $default = AUTH_LDAP; } elseif ($ilSetting->get('auth_mode', AUTH_LOCAL) == AUTH_RADIUS) { $default = AUTH_RADIUS; } else { $default = AUTH_LOCAL; } $default = $ilSetting->get('default_auth_mode', $default); $default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default; // begin-patch auth_plugin $pls = ilAuthUtils::getAuthPlugins(); foreach ($pls as $pl) { $auths = $pl->getAuthIds(); foreach ($auths as $auth_id) { $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id); if ($pl_auth_option) { $options = $options + $pl_auth_option; } } } // end-patch auth_plugins $options[$default]['checked'] = true; return $options ? $options : array(); }
/** * Check if user is member of specific group * * @access private * @param array user data * @param array user_data * */ private function isGroupMember($a_user_data) { global $ilLog; if ($this->isMemberAttributeDN()) { $user_cmp = $a_user_data['dn']; } else { $user_cmp = $a_user_data['ilExternalAccount']; } include_once 'Services/LDAP/classes/class.ilLDAPQuery.php'; include_once 'Services/LDAP/classes/class.ilLDAPServer.php'; $server = ilLDAPServer::getInstanceByServerId(ilLDAPServer::_getFirstActiveServer()); try { $query = new ilLDAPQuery($server); $query->bind(); $res = $query->query($this->getDN(), sprintf('(%s=%s)', $this->getMemberAttribute(), $user_cmp), IL_LDAP_SCOPE_BASE, array('dn')); return $res->numRows() ? true : false; } catch (ilLDAPQueryException $e) { $ilLog->write(__METHOD__ . ': Caught Exception: ' . $e->getMessage()); return false; } }