186e0f1b9SPhilipp Neuser<?php 286e0f1b9SPhilipp Neuser// must be run within Dokuwiki 386e0f1b9SPhilipp Neuserif(!defined('DOKU_INC')) die(); 486e0f1b9SPhilipp Neuser 5*441eb5d5SChristian Marguse dokuwiki\Extension\Event; 6*441eb5d5SChristian Marg 786e0f1b9SPhilipp Neuser/** 886e0f1b9SPhilipp Neuser* Chained authentication backend 986e0f1b9SPhilipp Neuser* 1086e0f1b9SPhilipp Neuser* @license GPL 2 (http://www.gnu.org/licenses/gpl.html) 11d9c5261fSeinhirn* @author Philipp Neuser <pneuser@physik.fu-berlin.de> 12d9c5261fSeinhirn* @author Christian Marg <marg@rz.tu-clausthal.de> 13d9c5261fSeinhirn* 14d9c5261fSeinhirn* Based on "Chained authentication backend" 15d9c5261fSeinhirn* by Grant Gardner <grant@lastweekend.com.au> 16d9c5261fSeinhirn* see https://www.dokuwiki.org/auth:ggauth 17d9c5261fSeinhirn* 1886e0f1b9SPhilipp Neuser*/ 1986e0f1b9SPhilipp Neuserclass auth_plugin_authchained extends DokuWiki_Auth_Plugin { 2086e0f1b9SPhilipp Neuser public $success = true; 2132fe206aSeinhirn //array with authentication plugins 2286e0f1b9SPhilipp Neuser protected $chained_plugins = array(); 2386e0f1b9SPhilipp Neuser protected $chained_auth = NULL; 24d9c5261fSeinhirn protected $usermanager_auth = NULL; 25a015b733SPawel Jasinski protected $any_external = false; 2686e0f1b9SPhilipp Neuser 2786e0f1b9SPhilipp Neuser /** 2886e0f1b9SPhilipp Neuser * Constructor. 2986e0f1b9SPhilipp Neuser * 3086e0f1b9SPhilipp Neuser * Loads all configured plugins or the authentication plugin of the 3186e0f1b9SPhilipp Neuser * logged in user. 3286e0f1b9SPhilipp Neuser * 3386e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 34d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 3586e0f1b9SPhilipp Neuser */ 3686e0f1b9SPhilipp Neuser public function __construct() { 3786e0f1b9SPhilipp Neuser global $conf; 3886e0f1b9SPhilipp Neuser // call parent 3986e0f1b9SPhilipp Neuser # parent::__constructor(); 4086e0f1b9SPhilipp Neuser 4132fe206aSeinhirn //check if there is already an authentication plugin selected 429e84dbfbSPhilipp Neuser if( isset($_SESSION[DOKU_COOKIE]['plugin']['authchained']['module']) && 4332fe206aSeinhirn !empty($_SESSION[DOKU_COOKIE]['plugin']['authchained']['module']) ) { 4432fe206aSeinhirn 45d9c5261fSeinhirn //get previously selected authentication plugin 46d9c5261fSeinhirn $this->chained_auth =& plugin_load('auth',$_SESSION[DOKU_COOKIE]['plugin']['authchained']['module']); 47d9c5261fSeinhirn if ( is_null($this->chained_auth) || !$this->chained_auth->success ) { 48d9c5261fSeinhirn $this->success = false; 49d9c5261fSeinhirn } 5012767e67SEmmanuel Collignon } 5112767e67SEmmanuel Collignon 5286e0f1b9SPhilipp Neuser //get authentication plugins 53d9c5261fSeinhirn if($this->getConf('authtypes')){ 54d9c5261fSeinhirn foreach(explode(":",$this->getConf('authtypes')) as $tmp_plugin){ 55d9c5261fSeinhirn $tmp_class =& plugin_load('auth',$tmp_plugin); 56d9c5261fSeinhirn 57d9c5261fSeinhirn if ( !is_null($tmp_class) || $tmp_class->success ) { 5886e0f1b9SPhilipp Neuser $tmp_module = array($tmp_plugin,$tmp_class); 5986e0f1b9SPhilipp Neuser array_push($this->chained_plugins, $tmp_module); 60a015b733SPawel Jasinski $this->any_external |= $tmp_class->canDo('external'); 61d9c5261fSeinhirn } else { 62d9c5261fSeinhirn msg("Problem constructing $tmp_plugin",-1); 63d9c5261fSeinhirn $this->success = false; 64d9c5261fSeinhirn } 6586e0f1b9SPhilipp Neuser } 6686e0f1b9SPhilipp Neuser } else { 6786e0f1b9SPhilipp Neuser $success = false; 6886e0f1b9SPhilipp Neuser } 69d9c5261fSeinhirn 70d9c5261fSeinhirn // If defined, instantiate usermanager authtype. 71d9c5261fSeinhirn // No need to check for duplicates, "plugin_load" does that for us. 72d9c5261fSeinhirn if($this->getConf('usermanager_authtype')){ 73d9c5261fSeinhirn $this->usermanager_auth =& plugin_load('auth',$this->getConf('usermanager_authtype')); 74d9c5261fSeinhirn if(is_null($this->usermanager_auth) || !$this->usermanager_auth->success ) { 75d9c5261fSeinhirn msg("Problem constructing usermanager authtype: ".$this->getConf('usermanager_authtype'),-1); 76d9c5261fSeinhirn $this->success = false; 77d9c5261fSeinhirn } 78d9c5261fSeinhirn } else { 79d9c5261fSeinhirn $this->usermanager_auth =& $this->chained_auth; 80d9c5261fSeinhirn } 81d9c5261fSeinhirn 8286e0f1b9SPhilipp Neuser //debug 8386e0f1b9SPhilipp Neuser // print_r($chained_plugins); 8486e0f1b9SPhilipp Neuser } 8586e0f1b9SPhilipp Neuser 8686e0f1b9SPhilipp Neuser /** 8786e0f1b9SPhilipp Neuser * Forwards the authentication to configured authplugins. 8886e0f1b9SPhilipp Neuser * Returns true, if the usermanager authtype has the capability and no user 8986e0f1b9SPhilipp Neuser * is logged in. 9086e0f1b9SPhilipp Neuser * 9186e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 92d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 9386e0f1b9SPhilipp Neuser * @param string $cap the capability to check 9486e0f1b9SPhilipp Neuser * @return bool 9586e0f1b9SPhilipp Neuser */ 9686e0f1b9SPhilipp Neuser public function canDo($cap) { 97d9c5261fSeinhirn global $ACT; 98c368b833SPhilipp Neuser # print_r($cap); 9932fe206aSeinhirn if(is_null($this->chained_auth)) { 100a015b733SPawel Jasinski if ($cap == "external") { 101a015b733SPawel Jasinski return $this->any_external; 102a015b733SPawel Jasinski } 103d9c5261fSeinhirn if (!is_null($this->usermanager_auth)) { 104d9c5261fSeinhirn return $this->usermanager_auth->canDo($cap); 10532fe206aSeinhirn } else { 106d9c5261fSeinhirn return parent::canDo($cap); 107d9c5261fSeinhirn } 108d9c5261fSeinhirn } else { 109d9c5261fSeinhirn switch($cap) { 110d9c5261fSeinhirn case 'Profile': 11154719a74SPawel Jasinski case 'logout': 1125db6eafaSPawel Jasinski case 'external': 113d9c5261fSeinhirn //Depends on current user. 114d9c5261fSeinhirn return $this->chained_auth->canDo($cap); 115d9c5261fSeinhirn case 'UserMod': 116d9c5261fSeinhirn case 'addUser': 117d9c5261fSeinhirn case 'delUser': 118d9c5261fSeinhirn case 'getUsers': 119d9c5261fSeinhirn case 'getUserCount': 120d9c5261fSeinhirn case 'getGroups': 121d9c5261fSeinhirn //Depends on the auth for use with user manager 122d9c5261fSeinhirn return $this->usermanager_auth->canDo($cap); 123d9c5261fSeinhirn case 'modPass': 124d9c5261fSeinhirn case 'modName': 125d9c5261fSeinhirn case 'modLogin': 126d9c5261fSeinhirn case 'modGroups': 127d9c5261fSeinhirn case 'modMail': 128d9c5261fSeinhirn /** 129d9c5261fSeinhirn * Use request attributes to guess whether we are in the Profile or UserManager 130d9c5261fSeinhirn * and return the appropriate auth capabilities 131d9c5261fSeinhirn */ 1324cbfa2dcSUnFefeSauvage if ($ACT == "admin" && isset($_REQUEST['page']) && $_REQUEST['page']=="usermanager") { 133d9c5261fSeinhirn return $this->usermanager_auth->canDo($cap); 134d9c5261fSeinhirn } else { 135d9c5261fSeinhirn // assume we want profile info. 13686e0f1b9SPhilipp Neuser return $this->chained_auth->canDo($cap); 13786e0f1b9SPhilipp Neuser } 138d9c5261fSeinhirn default: 139d9c5261fSeinhirn //Everything else (false) 140d9c5261fSeinhirn return parent::canDo($cap); 14186e0f1b9SPhilipp Neuser } 142d9c5261fSeinhirn #echo "canDo $cap ".$this->chained_auth->canDo($cap)."\n"; 143d9c5261fSeinhirn } 14486e0f1b9SPhilipp Neuser } 14586e0f1b9SPhilipp Neuser 14686e0f1b9SPhilipp Neuser /** 14786e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user and 14886e0f1b9SPhilipp Neuser * unsets our session variable. 14986e0f1b9SPhilipp Neuser * @see auth_logoff() 15086e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de 151d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 15286e0f1b9SPhilipp Neuser */ 15386e0f1b9SPhilipp Neuser public function logOff() { 15486e0f1b9SPhilipp Neuser if(!is_null($this->chained_auth)) 15586e0f1b9SPhilipp Neuser $this->chained_auth->logOff(); 1569e84dbfbSPhilipp Neuser unset($_SESSION[DOKU_COOKIE]['plugin']['authchained']['module']); 15786e0f1b9SPhilipp Neuser } 15886e0f1b9SPhilipp Neuser 15986e0f1b9SPhilipp Neuser /** 16086e0f1b9SPhilipp Neuser * Do all authentication [ OPTIONAL ] 16186e0f1b9SPhilipp Neuser * If the current plugin is external, be external. 16286e0f1b9SPhilipp Neuser * 16386e0f1b9SPhilipp Neuser * @see auth_login() 16486e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 165d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 16686e0f1b9SPhilipp Neuser * 16786e0f1b9SPhilipp Neuser * @param string $user Username 16886e0f1b9SPhilipp Neuser * @param string $pass Cleartext Password 16986e0f1b9SPhilipp Neuser * @param bool $sticky Cookie should not expire 17086e0f1b9SPhilipp Neuser * @return bool true on successful auth 17186e0f1b9SPhilipp Neuser */ 17286e0f1b9SPhilipp Neuser public function trustExternal($user, $pass, $sticky = false) { 1736fb8fffbSPawel Jasinski global $INPUT; 174a015b733SPawel Jasinski foreach($this->chained_plugins as $module) { 1755db6eafaSPawel Jasinski if($module[1]->canDo('external') && $module[1]->trustExternal($user, $pass, $sticky)) { 176a015b733SPawel Jasinski $_SESSION[DOKU_COOKIE]['plugin']['authchained']['module'] = $module[0]; 177a015b733SPawel Jasinski $this->chained_auth = $module[1]; 178a015b733SPawel Jasinski return true; 179a015b733SPawel Jasinski } 180a015b733SPawel Jasinski } 1816fb8fffbSPawel Jasinski $evdata = array( 1826fb8fffbSPawel Jasinski 'user' => $INPUT->str('u'), 1836fb8fffbSPawel Jasinski 'password' => $INPUT->str('p'), 1846fb8fffbSPawel Jasinski 'sticky' => $INPUT->bool('r'), 1856fb8fffbSPawel Jasinski 'silent' => $INPUT->bool('http_credentials') 1866fb8fffbSPawel Jasinski ); 187*441eb5d5SChristian Marg Event::createAndTrigger('AUTH_LOGIN_CHECK', $evdata, 'auth_login_wrapper'); 188a015b733SPawel Jasinski return false; 18986e0f1b9SPhilipp Neuser } 19086e0f1b9SPhilipp Neuser 19186e0f1b9SPhilipp Neuser /** 19286e0f1b9SPhilipp Neuser * Check user+password [ MUST BE OVERRIDDEN ] 19386e0f1b9SPhilipp Neuser * 19486e0f1b9SPhilipp Neuser * Checks if the given user exists in one of the plugins and checks 19586e0f1b9SPhilipp Neuser * against the given password. The first plugin returning true becomes 19686e0f1b9SPhilipp Neuser * auth plugin of the user session. 19786e0f1b9SPhilipp Neuser * 19886e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de 199d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 20086e0f1b9SPhilipp Neuser * @param string $user the user name 20186e0f1b9SPhilipp Neuser * @param string $pass the clear text password 20286e0f1b9SPhilipp Neuser * @return bool 20386e0f1b9SPhilipp Neuser */ 20486e0f1b9SPhilipp Neuser public function checkPass($user, $pass) { 20586e0f1b9SPhilipp Neuser //debug 20686e0f1b9SPhilipp Neuser // print_r($this->chained_plugins); 207fca3c6d7SPawel Jasinski if(!is_null($this->chained_auth)) 20832fe206aSeinhirn return $this->chained_auth->checkPass($user, $pass); 209fca3c6d7SPawel Jasinski foreach($this->chained_plugins as $module) { 210fca3c6d7SPawel Jasinski if($module[1]->canDo('external') && $module[1]->trustExternal($user, $pass)) { 211fca3c6d7SPawel Jasinski $_SESSION[DOKU_COOKIE]['plugin']['authchained']['module'] = $module[0]; 212fca3c6d7SPawel Jasinski $this->chained_auth = $module[1]; 213fca3c6d7SPawel Jasinski return true; 214fca3c6d7SPawel Jasinski } 215fca3c6d7SPawel Jasinski if($module[1]->checkPass($user, $pass)) { 216fca3c6d7SPawel Jasinski $_SESSION[DOKU_COOKIE]['plugin']['authchained']['module'] = $module[0]; 217fca3c6d7SPawel Jasinski $this->chained_auth = $module[1]; 218fca3c6d7SPawel Jasinski return true; 219fca3c6d7SPawel Jasinski } 22032fe206aSeinhirn } 22186e0f1b9SPhilipp Neuser return false; 22286e0f1b9SPhilipp Neuser } 22386e0f1b9SPhilipp Neuser 22486e0f1b9SPhilipp Neuser /** 22586e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 22686e0f1b9SPhilipp Neuser * checks all plugins if the users exists. The first plugin returning 22786e0f1b9SPhilipp Neuser * data is used. 22886e0f1b9SPhilipp Neuser * 22986e0f1b9SPhilipp Neuser * name string full name of the user 23086e0f1b9SPhilipp Neuser * mail string email addres of the user 23186e0f1b9SPhilipp Neuser * grps array list of groups the user is in 23286e0f1b9SPhilipp Neuser * 23386e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 234d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 23586e0f1b9SPhilipp Neuser * @param string $user the user name 23686e0f1b9SPhilipp Neuser * @return array containing user data or false 23786e0f1b9SPhilipp Neuser */ 238c27cbb90Srnck public function getUserData($user, $requireGroups=true) { 23912767e67SEmmanuel Collignon global $ACT, $INPUT; 24012767e67SEmmanuel Collignon 24186e0f1b9SPhilipp Neuser //if(!$this->cando['external']) msg("no valid authorisation system in use", -1); 24286e0f1b9SPhilipp Neuser // echo "TESTSETEST"; 2431b39d8c6Seinhirn 2441b39d8c6Seinhirn //print_r($this->chained_auth); 2454cbfa2dcSUnFefeSauvage if ($ACT == "admin" && isset($_REQUEST['page']) && $_REQUEST['page']=="usermanager") { 2461b39d8c6Seinhirn if(!is_null($this->usermanager_auth)) 2471b39d8c6Seinhirn return $this->usermanager_auth->getUserData($user); 2484e6f1bb5Seinhirn } 2491b39d8c6Seinhirn 2509ad8d9f1Seinhirn if(is_null($this->chained_auth)||(!is_null($INPUT->server) && $user != $INPUT->server->str('REMOTE_USER'))) { 25132fe206aSeinhirn foreach($this->chained_plugins as $module) { 25286e0f1b9SPhilipp Neuser $tmp_array = $module[1]->getUserData($user); 25386e0f1b9SPhilipp Neuser if(!is_bool($tmp_array)) 25486e0f1b9SPhilipp Neuser $tmp_chk_arr =array_filter($tmp_array); 25586e0f1b9SPhilipp Neuser if(!empty($tmp_chk_arr) && $tmp_array) 25686e0f1b9SPhilipp Neuser return $tmp_array; 25786e0f1b9SPhilipp Neuser } 25886e0f1b9SPhilipp Neuser return false; 25932fe206aSeinhirn } else { 26086e0f1b9SPhilipp Neuser return $this->chained_auth->getUserData($user); 26186e0f1b9SPhilipp Neuser } 26286e0f1b9SPhilipp Neuser } 26386e0f1b9SPhilipp Neuser 26486e0f1b9SPhilipp Neuser /** 26586e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 26686e0f1b9SPhilipp Neuser * returns null. 26786e0f1b9SPhilipp Neuser * 26886e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 269d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 27086e0f1b9SPhilipp Neuser * @param string $user 27186e0f1b9SPhilipp Neuser * @param string $pass 27286e0f1b9SPhilipp Neuser * @param string $name 27386e0f1b9SPhilipp Neuser * @param string $mail 27486e0f1b9SPhilipp Neuser * @param null|array $grps 27586e0f1b9SPhilipp Neuser * @return bool|null 27686e0f1b9SPhilipp Neuser */ 27786e0f1b9SPhilipp Neuser public function createUser($user, $pass, $name, $mail, $grps = null) { 278d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('addUser')) { 279d9c5261fSeinhirn return $this->usermanager_auth->createUser($user, $pass, $name, $mail, $grps); 28086e0f1b9SPhilipp Neuser } else { 28132fe206aSeinhirn msg("authorisation method does not allow creation of new users", -1); 28286e0f1b9SPhilipp Neuser return null; 28386e0f1b9SPhilipp Neuser } 28486e0f1b9SPhilipp Neuser } 28586e0f1b9SPhilipp Neuser 28686e0f1b9SPhilipp Neuser /** 28786e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 28886e0f1b9SPhilipp Neuser * returns false 28986e0f1b9SPhilipp Neuser * 29086e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 291d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 29286e0f1b9SPhilipp Neuser * @param string $user nick of the user to be changed 29386e0f1b9SPhilipp Neuser * @param array $changes array of field/value pairs to be changed (password will be clear text) 29486e0f1b9SPhilipp Neuser * @return bool 29586e0f1b9SPhilipp Neuser */ 29686e0f1b9SPhilipp Neuser public function modifyUser($user, $changes) { 297d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('UserMod') ) { 298d9c5261fSeinhirn return $this->usermanager_auth->modifyUser($user, $changes); 29986e0f1b9SPhilipp Neuser } else { 30032fe206aSeinhirn msg("authorisation method does not allow modifying of user data", -1); 301d9c5261fSeinhirn return null; 30286e0f1b9SPhilipp Neuser } 30386e0f1b9SPhilipp Neuser } 30486e0f1b9SPhilipp Neuser 30586e0f1b9SPhilipp Neuser /** 30686e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 30786e0f1b9SPhilipp Neuser * returns false 30886e0f1b9SPhilipp Neuser * 30986e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 310d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 31186e0f1b9SPhilipp Neuser * @param array $users 31286e0f1b9SPhilipp Neuser * @return int number of users deleted 31386e0f1b9SPhilipp Neuser */ 31486e0f1b9SPhilipp Neuser public function deleteUsers($users) { 315d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('delUser') ) { 316d9c5261fSeinhirn return $this->usermanager_auth->deleteUsers($users); 31786e0f1b9SPhilipp Neuser }else{ 31886e0f1b9SPhilipp Neuser msg("authorisation method does not allow deleting of users", -1); 31986e0f1b9SPhilipp Neuser return false; 32086e0f1b9SPhilipp Neuser } 32186e0f1b9SPhilipp Neuser } 32286e0f1b9SPhilipp Neuser 32386e0f1b9SPhilipp Neuser /** 32486e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 32586e0f1b9SPhilipp Neuser * returns 0 32686e0f1b9SPhilipp Neuser * 32786e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 328d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 32986e0f1b9SPhilipp Neuser * @param array $filter array of field/pattern pairs, empty array for no filter 33086e0f1b9SPhilipp Neuser * @return int 33186e0f1b9SPhilipp Neuser */ 33286e0f1b9SPhilipp Neuser public function getUserCount($filter = array()) { 333d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('getUserCount') ){ 334d9c5261fSeinhirn return $this->usermanager_auth->getUserCount($filter); 33586e0f1b9SPhilipp Neuser } else { 33686e0f1b9SPhilipp Neuser msg("authorisation method does not provide user counts", -1); 33786e0f1b9SPhilipp Neuser return 0; 33886e0f1b9SPhilipp Neuser } 33986e0f1b9SPhilipp Neuser } 34086e0f1b9SPhilipp Neuser 34186e0f1b9SPhilipp Neuser /** 34286e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 34386e0f1b9SPhilipp Neuser * returns empty array 34486e0f1b9SPhilipp Neuser * 34586e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 346d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 34786e0f1b9SPhilipp Neuser * @param int $start index of first user to be returned 34886e0f1b9SPhilipp Neuser * @param int $limit max number of users to be returned 34986e0f1b9SPhilipp Neuser * @param array $filter array of field/pattern pairs, null for no filter 35086e0f1b9SPhilipp Neuser * @return array list of userinfo (refer getUserData for internal userinfo details) 35186e0f1b9SPhilipp Neuser */ 35286e0f1b9SPhilipp Neuser public function retrieveUsers($start = 0, $limit = -1, $filter = null) { 353d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('getUsers') ) { 354d9c5261fSeinhirn //msg("RetrieveUsers is using ".get_class($this->usermanager_auth)); 355d9c5261fSeinhirn return $this->usermanager_auth->retrieveUsers($start, $limit, $filter); 35686e0f1b9SPhilipp Neuser } else { 35786e0f1b9SPhilipp Neuser msg("authorisation method does not support mass retrievals", -1); 35886e0f1b9SPhilipp Neuser return array(); 35986e0f1b9SPhilipp Neuser } 36086e0f1b9SPhilipp Neuser } 36186e0f1b9SPhilipp Neuser 36286e0f1b9SPhilipp Neuser /** 36386e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 36486e0f1b9SPhilipp Neuser * returns false 36586e0f1b9SPhilipp Neuser * 36686e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 367d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 36886e0f1b9SPhilipp Neuser * @param string $group 36986e0f1b9SPhilipp Neuser * @return bool 37086e0f1b9SPhilipp Neuser */ 37186e0f1b9SPhilipp Neuser public function addGroup($group) { 372d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('addGroup') ) { 373d9c5261fSeinhirn return $this->usermanager_auth->addGroup($group); 37486e0f1b9SPhilipp Neuser } else { 37532fe206aSeinhirn msg("authorisation method does not support independent group creation", -1); 37686e0f1b9SPhilipp Neuser return false; 37786e0f1b9SPhilipp Neuser } 37886e0f1b9SPhilipp Neuser } 37986e0f1b9SPhilipp Neuser 38086e0f1b9SPhilipp Neuser /** 38186e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 38286e0f1b9SPhilipp Neuser * returns empty array 38386e0f1b9SPhilipp Neuser * 38486e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 385d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 38686e0f1b9SPhilipp Neuser * @param int $start 38786e0f1b9SPhilipp Neuser * @param int $limit 38886e0f1b9SPhilipp Neuser * @return array 38986e0f1b9SPhilipp Neuser */ 39086e0f1b9SPhilipp Neuser public function retrieveGroups($start = 0, $limit = 0) { 391d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('getGroups') ) { 392d9c5261fSeinhirn return $this->usermanager_auth->retrieveGroups($start,$limit); 39386e0f1b9SPhilipp Neuser } else { 39432fe206aSeinhirn msg("authorisation method does not support group list retrieval", -1); 39586e0f1b9SPhilipp Neuser return array(); 39686e0f1b9SPhilipp Neuser } 39786e0f1b9SPhilipp Neuser } 39886e0f1b9SPhilipp Neuser 39986e0f1b9SPhilipp Neuser /** 40086e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 40186e0f1b9SPhilipp Neuser * returns true 40286e0f1b9SPhilipp Neuser * 40386e0f1b9SPhilipp Neuser * @return bool 40486e0f1b9SPhilipp Neuser */ 40586e0f1b9SPhilipp Neuser public function isCaseSensitive() { 40686e0f1b9SPhilipp Neuser if(is_null($this->chained_auth)) 407d9c5261fSeinhirn return parent::isCaseSensitive(); 40886e0f1b9SPhilipp Neuser else 40986e0f1b9SPhilipp Neuser return $this->chained_auth->isCaseSensitive(); 41086e0f1b9SPhilipp Neuser } 41186e0f1b9SPhilipp Neuser 41286e0f1b9SPhilipp Neuser /** 41386e0f1b9SPhilipp Neuser * Sanitize a given username [OPTIONAL] 41486e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 41586e0f1b9SPhilipp Neuser * returns false 41686e0f1b9SPhilipp Neuser * 41786e0f1b9SPhilipp Neuser * 41886e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 419d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 42086e0f1b9SPhilipp Neuser * @param string $user username 42186e0f1b9SPhilipp Neuser * @return string the cleaned username 42286e0f1b9SPhilipp Neuser */ 42386e0f1b9SPhilipp Neuser public function cleanUser($user) { 424d9c5261fSeinhirn global $ACT; 42586e0f1b9SPhilipp Neuser //print_r($this->chained_auth); 4264cbfa2dcSUnFefeSauvage if ($ACT == "admin" && isset($_REQUEST['page']) && $_REQUEST['page']=="usermanager") { 427d9c5261fSeinhirn if(!is_null($this->usermanager_auth)) 428d9c5261fSeinhirn return $this->usermanager_auth->cleanUser($user); 429d9c5261fSeinhirn } else { 430d9c5261fSeinhirn if(!is_null($this->chained_auth)) 43186e0f1b9SPhilipp Neuser return $this->chained_auth->cleanUser($user); 43286e0f1b9SPhilipp Neuser } 433d9c5261fSeinhirn return parent::cleanUser($user); 434d9c5261fSeinhirn } 43586e0f1b9SPhilipp Neuser 43686e0f1b9SPhilipp Neuser /** 43786e0f1b9SPhilipp Neuser * Sanitize a given groupname [OPTIONAL] 43886e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 43986e0f1b9SPhilipp Neuser * returns false 44086e0f1b9SPhilipp Neuser * 44186e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 442d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 44386e0f1b9SPhilipp Neuser * @param string $group groupname 44486e0f1b9SPhilipp Neuser * @return string the cleaned groupname 44586e0f1b9SPhilipp Neuser */ 44686e0f1b9SPhilipp Neuser public function cleanGroup($group) { 447d9c5261fSeinhirn global $ACT; 4484cbfa2dcSUnFefeSauvage if ($ACT == "admin" && isset($_REQUEST['page']) && $_REQUEST['page']=="usermanager") { 449d9c5261fSeinhirn if(!is_null($this->usermanager_auth)) 450d9c5261fSeinhirn return $this->usermanager_auth->cleanGroup($group); 45132fe206aSeinhirn } else { 452d9c5261fSeinhirn if(!is_null($this->chained_auth)) 45386e0f1b9SPhilipp Neuser return $this->chained_auth->cleanGroup($group); 45486e0f1b9SPhilipp Neuser } 455d9c5261fSeinhirn return parent::cleanGroup($group); 45632fe206aSeinhirn } 45786e0f1b9SPhilipp Neuser 45886e0f1b9SPhilipp Neuser 45986e0f1b9SPhilipp Neuser public function useSessionCache($user) { 46086e0f1b9SPhilipp Neuser global $conf; 46186e0f1b9SPhilipp Neuser if(is_null($this->chained_auth)) 462d9c5261fSeinhirn return parent::useSessionCache($user); 46386e0f1b9SPhilipp Neuser else 46486e0f1b9SPhilipp Neuser return $this->chained_auth->useSessionCache($user); 46586e0f1b9SPhilipp Neuser } 466d9c5261fSeinhirn 46786e0f1b9SPhilipp Neuser} 468