186e0f1b9SPhilipp Neuser<?php 286e0f1b9SPhilipp Neuser// must be run within Dokuwiki 386e0f1b9SPhilipp Neuserif(!defined('DOKU_INC')) die(); 486e0f1b9SPhilipp Neuser 586e0f1b9SPhilipp Neuser/** 686e0f1b9SPhilipp Neuser* Chained authentication backend 786e0f1b9SPhilipp Neuser* 886e0f1b9SPhilipp Neuser* @license GPL 2 (http://www.gnu.org/licenses/gpl.html) 9d9c5261fSeinhirn* @author Philipp Neuser <pneuser@physik.fu-berlin.de> 10d9c5261fSeinhirn* @author Christian Marg <marg@rz.tu-clausthal.de> 11d9c5261fSeinhirn* 12d9c5261fSeinhirn* Based on "Chained authentication backend" 13d9c5261fSeinhirn* by Grant Gardner <grant@lastweekend.com.au> 14d9c5261fSeinhirn* see https://www.dokuwiki.org/auth:ggauth 15d9c5261fSeinhirn* 1686e0f1b9SPhilipp Neuser*/ 1786e0f1b9SPhilipp Neuserclass auth_plugin_authchained extends DokuWiki_Auth_Plugin { 1886e0f1b9SPhilipp Neuser public $success = true; 1932fe206aSeinhirn //array with authentication plugins 2086e0f1b9SPhilipp Neuser protected $chained_plugins = array(); 2186e0f1b9SPhilipp Neuser protected $chained_auth = NULL; 22d9c5261fSeinhirn protected $usermanager_auth = NULL; 2386e0f1b9SPhilipp Neuser 2486e0f1b9SPhilipp Neuser /** 2586e0f1b9SPhilipp Neuser * Constructor. 2686e0f1b9SPhilipp Neuser * 2786e0f1b9SPhilipp Neuser * Loads all configured plugins or the authentication plugin of the 2886e0f1b9SPhilipp Neuser * logged in user. 2986e0f1b9SPhilipp Neuser * 3086e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 31d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 3286e0f1b9SPhilipp Neuser */ 3386e0f1b9SPhilipp Neuser public function __construct() { 3486e0f1b9SPhilipp Neuser global $conf; 3586e0f1b9SPhilipp Neuser // call parent 3686e0f1b9SPhilipp Neuser # parent::__constructor(); 3786e0f1b9SPhilipp Neuser 3832fe206aSeinhirn //check if there is already an authentication plugin selected 399e84dbfbSPhilipp Neuser if( isset($_SESSION[DOKU_COOKIE]['plugin']['authchained']['module']) && 4032fe206aSeinhirn !empty($_SESSION[DOKU_COOKIE]['plugin']['authchained']['module']) ) { 4132fe206aSeinhirn 42d9c5261fSeinhirn //get previously selected authentication plugin 43d9c5261fSeinhirn $this->chained_auth =& plugin_load('auth',$_SESSION[DOKU_COOKIE]['plugin']['authchained']['module']); 44d9c5261fSeinhirn if ( is_null($this->chained_auth) || !$this->chained_auth->success ) { 45d9c5261fSeinhirn $this->success = false; 46d9c5261fSeinhirn } 4732fe206aSeinhirn } else { 4886e0f1b9SPhilipp Neuser //get authentication plugins 49d9c5261fSeinhirn if($this->getConf('authtypes')){ 50d9c5261fSeinhirn foreach(explode(":",$this->getConf('authtypes')) as $tmp_plugin){ 51d9c5261fSeinhirn $tmp_class =& plugin_load('auth',$tmp_plugin); 52d9c5261fSeinhirn 53d9c5261fSeinhirn if ( !is_null($tmp_class) || $tmp_class->success ) { 5486e0f1b9SPhilipp Neuser $tmp_module = array($tmp_plugin,$tmp_class); 5586e0f1b9SPhilipp Neuser array_push($this->chained_plugins, $tmp_module); 56d9c5261fSeinhirn } else { 57d9c5261fSeinhirn msg("Problem constructing $tmp_plugin",-1); 58d9c5261fSeinhirn $this->success = false; 59d9c5261fSeinhirn } 6086e0f1b9SPhilipp Neuser } 6186e0f1b9SPhilipp Neuser } else { 6286e0f1b9SPhilipp Neuser $success = false; 6386e0f1b9SPhilipp Neuser } 6486e0f1b9SPhilipp Neuser } 65d9c5261fSeinhirn 66d9c5261fSeinhirn // If defined, instantiate usermanager authtype. 67d9c5261fSeinhirn // No need to check for duplicates, "plugin_load" does that for us. 68d9c5261fSeinhirn if($this->getConf('usermanager_authtype')){ 69d9c5261fSeinhirn $this->usermanager_auth =& plugin_load('auth',$this->getConf('usermanager_authtype')); 70d9c5261fSeinhirn if(is_null($this->usermanager_auth) || !$this->usermanager_auth->success ) { 71d9c5261fSeinhirn msg("Problem constructing usermanager authtype: ".$this->getConf('usermanager_authtype'),-1); 72d9c5261fSeinhirn $this->success = false; 73d9c5261fSeinhirn } 74d9c5261fSeinhirn } else { 75d9c5261fSeinhirn $this->usermanager_auth =& $this->chained_auth; 76d9c5261fSeinhirn } 77d9c5261fSeinhirn 7886e0f1b9SPhilipp Neuser //debug 7986e0f1b9SPhilipp Neuser // print_r($chained_plugins); 8086e0f1b9SPhilipp Neuser } 8186e0f1b9SPhilipp Neuser 8286e0f1b9SPhilipp Neuser /** 8386e0f1b9SPhilipp Neuser * Forwards the authentication to configured authplugins. 8486e0f1b9SPhilipp Neuser * Returns true, if the usermanager authtype has the capability and no user 8586e0f1b9SPhilipp Neuser * is logged in. 8686e0f1b9SPhilipp Neuser * 8786e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 88d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 8986e0f1b9SPhilipp Neuser * @param string $cap the capability to check 9086e0f1b9SPhilipp Neuser * @return bool 9186e0f1b9SPhilipp Neuser */ 9286e0f1b9SPhilipp Neuser public function canDo($cap) { 93d9c5261fSeinhirn global $ACT; 94c368b833SPhilipp Neuser # print_r($cap); 9532fe206aSeinhirn if(is_null($this->chained_auth)) { 96d9c5261fSeinhirn if (!is_null($this->usermanager_auth)) { 97d9c5261fSeinhirn return $this->usermanager_auth->canDo($cap); 9832fe206aSeinhirn } else { 99d9c5261fSeinhirn return parent::canDo($cap); 100d9c5261fSeinhirn } 101d9c5261fSeinhirn } else { 102d9c5261fSeinhirn switch($cap) { 103d9c5261fSeinhirn case 'Profile': 104d9c5261fSeinhirn case 'logoff': 105d9c5261fSeinhirn //Depends on current user. 106d9c5261fSeinhirn return $this->chained_auth->canDo($cap); 107d9c5261fSeinhirn case 'UserMod': 108d9c5261fSeinhirn case 'addUser': 109d9c5261fSeinhirn case 'delUser': 110d9c5261fSeinhirn case 'getUsers': 111d9c5261fSeinhirn case 'getUserCount': 112d9c5261fSeinhirn case 'getGroups': 113d9c5261fSeinhirn //Depends on the auth for use with user manager 114d9c5261fSeinhirn return $this->usermanager_auth->canDo($cap); 115d9c5261fSeinhirn case 'modPass': 116d9c5261fSeinhirn case 'modName': 117d9c5261fSeinhirn case 'modLogin': 118d9c5261fSeinhirn case 'modGroups': 119d9c5261fSeinhirn case 'modMail': 120d9c5261fSeinhirn /** 121d9c5261fSeinhirn * Use request attributes to guess whether we are in the Profile or UserManager 122d9c5261fSeinhirn * and return the appropriate auth capabilities 123d9c5261fSeinhirn */ 124d9c5261fSeinhirn if ($ACT == "admin" && $_REQUEST['page']=="usermanager") { 125d9c5261fSeinhirn return $this->usermanager_auth->canDo($cap); 126d9c5261fSeinhirn } else { 127d9c5261fSeinhirn // assume we want profile info. 12886e0f1b9SPhilipp Neuser return $this->chained_auth->canDo($cap); 12986e0f1b9SPhilipp Neuser } 130d9c5261fSeinhirn// I don't know how to handle "external" in this context yet. 131d9c5261fSeinhirn// Is it in any way sensible to mix regular auth with external auth? 132d9c5261fSeinhirn// case 'external': 133d9c5261fSeinhirn// //We are external if one of the chains is valid for external use 134d9c5261fSeinhirn// return $this->trustExternal($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']); 135d9c5261fSeinhirn default: 136d9c5261fSeinhirn //Everything else (false) 137d9c5261fSeinhirn return parent::canDo($cap); 13886e0f1b9SPhilipp Neuser } 139d9c5261fSeinhirn #echo "canDo $cap ".$this->chained_auth->canDo($cap)."\n"; 140d9c5261fSeinhirn } 14186e0f1b9SPhilipp Neuser } 14286e0f1b9SPhilipp Neuser 14386e0f1b9SPhilipp Neuser /** 14486e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user and 14586e0f1b9SPhilipp Neuser * unsets our session variable. 14686e0f1b9SPhilipp Neuser * @see auth_logoff() 14786e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de 148d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 14986e0f1b9SPhilipp Neuser */ 15086e0f1b9SPhilipp Neuser public function logOff() { 15186e0f1b9SPhilipp Neuser if(!is_null($this->chained_auth)) 15286e0f1b9SPhilipp Neuser $this->chained_auth->logOff(); 1539e84dbfbSPhilipp Neuser unset($_SESSION[DOKU_COOKIE]['plugin']['authchained']['module']); 15486e0f1b9SPhilipp Neuser } 15586e0f1b9SPhilipp Neuser 15686e0f1b9SPhilipp Neuser /** 15786e0f1b9SPhilipp Neuser * Do all authentication [ OPTIONAL ] 15886e0f1b9SPhilipp Neuser * If the current plugin is external, be external. 15986e0f1b9SPhilipp Neuser * 16086e0f1b9SPhilipp Neuser * @see auth_login() 16186e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 162d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 16386e0f1b9SPhilipp Neuser * 16486e0f1b9SPhilipp Neuser * @param string $user Username 16586e0f1b9SPhilipp Neuser * @param string $pass Cleartext Password 16686e0f1b9SPhilipp Neuser * @param bool $sticky Cookie should not expire 16786e0f1b9SPhilipp Neuser * @return bool true on successful auth 16886e0f1b9SPhilipp Neuser */ 16986e0f1b9SPhilipp Neuser public function trustExternal($user, $pass, $sticky = false) { 17086e0f1b9SPhilipp Neuser if(!is_null($this->chained_auth) && $this->chained_auth->canDo('external')) 17186e0f1b9SPhilipp Neuser $this->chained_auth->trustExternal($user, $pass, $sticky); 17286e0f1b9SPhilipp Neuser } 17386e0f1b9SPhilipp Neuser 17486e0f1b9SPhilipp Neuser /** 17586e0f1b9SPhilipp Neuser * Check user+password [ MUST BE OVERRIDDEN ] 17686e0f1b9SPhilipp Neuser * 17786e0f1b9SPhilipp Neuser * Checks if the given user exists in one of the plugins and checks 17886e0f1b9SPhilipp Neuser * against the given password. The first plugin returning true becomes 17986e0f1b9SPhilipp Neuser * auth plugin of the user session. 18086e0f1b9SPhilipp Neuser * 18186e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de 182d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 18386e0f1b9SPhilipp Neuser * @param string $user the user name 18486e0f1b9SPhilipp Neuser * @param string $pass the clear text password 18586e0f1b9SPhilipp Neuser * @return bool 18686e0f1b9SPhilipp Neuser */ 18786e0f1b9SPhilipp Neuser public function checkPass($user, $pass) { 18886e0f1b9SPhilipp Neuser //debug 18986e0f1b9SPhilipp Neuser //print_r($this->chained_plugins); 1908a493abfSPhilipp Neuser if(is_null($this->chained_auth)) { 19132fe206aSeinhirn foreach($this->chained_plugins as $module) { 19232fe206aSeinhirn if($module[1]->canDo('external')) { 19332fe206aSeinhirn if($module[1]->trustExternal($user, $pass)) { 19432fe206aSeinhirn $_SESSION[DOKU_COOKIE]['plugin']['authchained']['module'] = $module[0]; 19586e0f1b9SPhilipp Neuser $this->chained_auth = $module[1]; 19686e0f1b9SPhilipp Neuser return true; 19786e0f1b9SPhilipp Neuser } else { 19832fe206aSeinhirn if($module[1]->checkPass($user, $pass)) { 19932fe206aSeinhirn $_SESSION[DOKU_COOKIE]['plugin']['authchained']['module'] = $module[0]; 20086e0f1b9SPhilipp Neuser $this->chained_auth = $module[1]; 20186e0f1b9SPhilipp Neuser return true; 20286e0f1b9SPhilipp Neuser } 20386e0f1b9SPhilipp Neuser } 20486e0f1b9SPhilipp Neuser } else { 20532fe206aSeinhirn if($module[1]->checkPass($user, $pass)) { 20632fe206aSeinhirn $_SESSION[DOKU_COOKIE]['plugin']['authchained']['module'] = $module[0]; 207b01c8fa4Seinhirn $this->chained_auth = $module[1]; 20886e0f1b9SPhilipp Neuser return true; 20986e0f1b9SPhilipp Neuser } 21086e0f1b9SPhilipp Neuser } 21186e0f1b9SPhilipp Neuser } 21232fe206aSeinhirn } else { 21332fe206aSeinhirn return $this->chained_auth->checkPass($user, $pass); 21432fe206aSeinhirn } 21586e0f1b9SPhilipp Neuser return false; 21686e0f1b9SPhilipp Neuser } 21786e0f1b9SPhilipp Neuser 21886e0f1b9SPhilipp Neuser /** 21986e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 22086e0f1b9SPhilipp Neuser * checks all plugins if the users exists. The first plugin returning 22186e0f1b9SPhilipp Neuser * data is used. 22286e0f1b9SPhilipp Neuser * 22386e0f1b9SPhilipp Neuser * name string full name of the user 22486e0f1b9SPhilipp Neuser * mail string email addres of the user 22586e0f1b9SPhilipp Neuser * grps array list of groups the user is in 22686e0f1b9SPhilipp Neuser * 22786e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 228d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 22986e0f1b9SPhilipp Neuser * @param string $user the user name 23086e0f1b9SPhilipp Neuser * @return array containing user data or false 23186e0f1b9SPhilipp Neuser */ 23286e0f1b9SPhilipp Neuser public function getUserData($user) { 2331b39d8c6Seinhirn global $ACT; 23486e0f1b9SPhilipp Neuser //if(!$this->cando['external']) msg("no valid authorisation system in use", -1); 23586e0f1b9SPhilipp Neuser // echo "TESTSETEST"; 2361b39d8c6Seinhirn 2371b39d8c6Seinhirn //print_r($this->chained_auth); 2381b39d8c6Seinhirn if ($ACT == "admin" && $_REQUEST['page']=="usermanager") { 2391b39d8c6Seinhirn if(!is_null($this->usermanager_auth)) 2401b39d8c6Seinhirn return $this->usermanager_auth->getUserData($user); 241*4e6f1bb5Seinhirn } 2421b39d8c6Seinhirn 24332fe206aSeinhirn if(is_null($this->chained_auth)) { 24432fe206aSeinhirn foreach($this->chained_plugins as $module) { 24586e0f1b9SPhilipp Neuser $tmp_array = $module[1]->getUserData($user); 24686e0f1b9SPhilipp Neuser if(!is_bool($tmp_array)) 24786e0f1b9SPhilipp Neuser $tmp_chk_arr =array_filter($tmp_array); 24886e0f1b9SPhilipp Neuser if(!empty($tmp_chk_arr) && $tmp_array) 24986e0f1b9SPhilipp Neuser return $tmp_array; 25086e0f1b9SPhilipp Neuser } 25186e0f1b9SPhilipp Neuser return false; 25232fe206aSeinhirn } else { 25386e0f1b9SPhilipp Neuser return $this->chained_auth->getUserData($user); 25486e0f1b9SPhilipp Neuser } 25586e0f1b9SPhilipp Neuser } 25686e0f1b9SPhilipp Neuser 25786e0f1b9SPhilipp Neuser /** 25886e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 25986e0f1b9SPhilipp Neuser * returns null. 26086e0f1b9SPhilipp Neuser * 26186e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 262d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 26386e0f1b9SPhilipp Neuser * @param string $user 26486e0f1b9SPhilipp Neuser * @param string $pass 26586e0f1b9SPhilipp Neuser * @param string $name 26686e0f1b9SPhilipp Neuser * @param string $mail 26786e0f1b9SPhilipp Neuser * @param null|array $grps 26886e0f1b9SPhilipp Neuser * @return bool|null 26986e0f1b9SPhilipp Neuser */ 27086e0f1b9SPhilipp Neuser public function createUser($user, $pass, $name, $mail, $grps = null) { 271d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('addUser')) { 272d9c5261fSeinhirn return $this->usermanager_auth->createUser($user, $pass, $name, $mail, $grps); 27386e0f1b9SPhilipp Neuser } else { 27432fe206aSeinhirn msg("authorisation method does not allow creation of new users", -1); 27586e0f1b9SPhilipp Neuser return null; 27686e0f1b9SPhilipp Neuser } 27786e0f1b9SPhilipp Neuser } 27886e0f1b9SPhilipp Neuser 27986e0f1b9SPhilipp Neuser /** 28086e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 28186e0f1b9SPhilipp Neuser * returns false 28286e0f1b9SPhilipp Neuser * 28386e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 284d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 28586e0f1b9SPhilipp Neuser * @param string $user nick of the user to be changed 28686e0f1b9SPhilipp Neuser * @param array $changes array of field/value pairs to be changed (password will be clear text) 28786e0f1b9SPhilipp Neuser * @return bool 28886e0f1b9SPhilipp Neuser */ 28986e0f1b9SPhilipp Neuser public function modifyUser($user, $changes) { 290d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('UserMod') ) { 291d9c5261fSeinhirn return $this->usermanager_auth->modifyUser($user, $changes); 29286e0f1b9SPhilipp Neuser } else { 29332fe206aSeinhirn msg("authorisation method does not allow modifying of user data", -1); 294d9c5261fSeinhirn return null; 29586e0f1b9SPhilipp Neuser } 29686e0f1b9SPhilipp Neuser } 29786e0f1b9SPhilipp Neuser 29886e0f1b9SPhilipp Neuser /** 29986e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 30086e0f1b9SPhilipp Neuser * returns false 30186e0f1b9SPhilipp Neuser * 30286e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 303d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 30486e0f1b9SPhilipp Neuser * @param array $users 30586e0f1b9SPhilipp Neuser * @return int number of users deleted 30686e0f1b9SPhilipp Neuser */ 30786e0f1b9SPhilipp Neuser public function deleteUsers($users) { 308d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('delUser') ) { 309d9c5261fSeinhirn return $this->usermanager_auth->deleteUsers($users); 31086e0f1b9SPhilipp Neuser }else{ 31186e0f1b9SPhilipp Neuser msg("authorisation method does not allow deleting of users", -1); 31286e0f1b9SPhilipp Neuser return false; 31386e0f1b9SPhilipp Neuser } 31486e0f1b9SPhilipp Neuser } 31586e0f1b9SPhilipp Neuser 31686e0f1b9SPhilipp Neuser /** 31786e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 31886e0f1b9SPhilipp Neuser * returns 0 31986e0f1b9SPhilipp Neuser * 32086e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 321d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 32286e0f1b9SPhilipp Neuser * @param array $filter array of field/pattern pairs, empty array for no filter 32386e0f1b9SPhilipp Neuser * @return int 32486e0f1b9SPhilipp Neuser */ 32586e0f1b9SPhilipp Neuser public function getUserCount($filter = array()) { 326d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('getUserCount') ){ 327d9c5261fSeinhirn return $this->usermanager_auth->getUserCount($filter); 32886e0f1b9SPhilipp Neuser } else { 32986e0f1b9SPhilipp Neuser msg("authorisation method does not provide user counts", -1); 33086e0f1b9SPhilipp Neuser return 0; 33186e0f1b9SPhilipp Neuser } 33286e0f1b9SPhilipp Neuser } 33386e0f1b9SPhilipp Neuser 33486e0f1b9SPhilipp Neuser /** 33586e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 33686e0f1b9SPhilipp Neuser * returns empty array 33786e0f1b9SPhilipp Neuser * 33886e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 339d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 34086e0f1b9SPhilipp Neuser * @param int $start index of first user to be returned 34186e0f1b9SPhilipp Neuser * @param int $limit max number of users to be returned 34286e0f1b9SPhilipp Neuser * @param array $filter array of field/pattern pairs, null for no filter 34386e0f1b9SPhilipp Neuser * @return array list of userinfo (refer getUserData for internal userinfo details) 34486e0f1b9SPhilipp Neuser */ 34586e0f1b9SPhilipp Neuser public function retrieveUsers($start = 0, $limit = -1, $filter = null) { 346d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('getUsers') ) { 347d9c5261fSeinhirn //msg("RetrieveUsers is using ".get_class($this->usermanager_auth)); 348d9c5261fSeinhirn return $this->usermanager_auth->retrieveUsers($start, $limit, $filter); 34986e0f1b9SPhilipp Neuser } else { 35086e0f1b9SPhilipp Neuser msg("authorisation method does not support mass retrievals", -1); 35186e0f1b9SPhilipp Neuser return array(); 35286e0f1b9SPhilipp Neuser } 35386e0f1b9SPhilipp Neuser } 35486e0f1b9SPhilipp Neuser 35586e0f1b9SPhilipp Neuser /** 35686e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 35786e0f1b9SPhilipp Neuser * returns false 35886e0f1b9SPhilipp Neuser * 35986e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 360d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 36186e0f1b9SPhilipp Neuser * @param string $group 36286e0f1b9SPhilipp Neuser * @return bool 36386e0f1b9SPhilipp Neuser */ 36486e0f1b9SPhilipp Neuser public function addGroup($group) { 365d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('addGroup') ) { 366d9c5261fSeinhirn return $this->usermanager_auth->addGroup($group); 36786e0f1b9SPhilipp Neuser } else { 36832fe206aSeinhirn msg("authorisation method does not support independent group creation", -1); 36986e0f1b9SPhilipp Neuser return false; 37086e0f1b9SPhilipp Neuser } 37186e0f1b9SPhilipp Neuser } 37286e0f1b9SPhilipp Neuser 37386e0f1b9SPhilipp Neuser /** 37486e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 37586e0f1b9SPhilipp Neuser * returns empty array 37686e0f1b9SPhilipp Neuser * 37786e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 378d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 37986e0f1b9SPhilipp Neuser * @param int $start 38086e0f1b9SPhilipp Neuser * @param int $limit 38186e0f1b9SPhilipp Neuser * @return array 38286e0f1b9SPhilipp Neuser */ 38386e0f1b9SPhilipp Neuser public function retrieveGroups($start = 0, $limit = 0) { 384d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('getGroups') ) { 385d9c5261fSeinhirn return $this->usermanager_auth->retrieveGroups($start,$limit); 38686e0f1b9SPhilipp Neuser } else { 38732fe206aSeinhirn msg("authorisation method does not support group list retrieval", -1); 38886e0f1b9SPhilipp Neuser return array(); 38986e0f1b9SPhilipp Neuser } 39086e0f1b9SPhilipp Neuser } 39186e0f1b9SPhilipp Neuser 39286e0f1b9SPhilipp Neuser /** 39386e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 39486e0f1b9SPhilipp Neuser * returns true 39586e0f1b9SPhilipp Neuser * 39686e0f1b9SPhilipp Neuser * @return bool 39786e0f1b9SPhilipp Neuser */ 39886e0f1b9SPhilipp Neuser public function isCaseSensitive() { 39986e0f1b9SPhilipp Neuser if(is_null($this->chained_auth)) 400d9c5261fSeinhirn return parent::isCaseSensitive(); 40186e0f1b9SPhilipp Neuser else 40286e0f1b9SPhilipp Neuser return $this->chained_auth->isCaseSensitive(); 40386e0f1b9SPhilipp Neuser } 40486e0f1b9SPhilipp Neuser 40586e0f1b9SPhilipp Neuser /** 40686e0f1b9SPhilipp Neuser * Sanitize a given username [OPTIONAL] 40786e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 40886e0f1b9SPhilipp Neuser * returns false 40986e0f1b9SPhilipp Neuser * 41086e0f1b9SPhilipp Neuser * 41186e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 412d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 41386e0f1b9SPhilipp Neuser * @param string $user username 41486e0f1b9SPhilipp Neuser * @return string the cleaned username 41586e0f1b9SPhilipp Neuser */ 41686e0f1b9SPhilipp Neuser public function cleanUser($user) { 417d9c5261fSeinhirn global $ACT; 41886e0f1b9SPhilipp Neuser //print_r($this->chained_auth); 419d9c5261fSeinhirn if ($ACT == "admin" && $_REQUEST['page']=="usermanager") { 420d9c5261fSeinhirn if(!is_null($this->usermanager_auth)) 421d9c5261fSeinhirn return $this->usermanager_auth->cleanUser($user); 422d9c5261fSeinhirn } else { 423d9c5261fSeinhirn if(!is_null($this->chained_auth)) 42486e0f1b9SPhilipp Neuser return $this->chained_auth->cleanUser($user); 42586e0f1b9SPhilipp Neuser } 426d9c5261fSeinhirn return parent::cleanUser($user); 427d9c5261fSeinhirn } 42886e0f1b9SPhilipp Neuser 42986e0f1b9SPhilipp Neuser /** 43086e0f1b9SPhilipp Neuser * Sanitize a given groupname [OPTIONAL] 43186e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 43286e0f1b9SPhilipp Neuser * returns false 43386e0f1b9SPhilipp Neuser * 43486e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 435d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 43686e0f1b9SPhilipp Neuser * @param string $group groupname 43786e0f1b9SPhilipp Neuser * @return string the cleaned groupname 43886e0f1b9SPhilipp Neuser */ 43986e0f1b9SPhilipp Neuser public function cleanGroup($group) { 440d9c5261fSeinhirn global $ACT; 441d9c5261fSeinhirn if ($ACT == "admin" && $_REQUEST['page']=="usermanager") { 442d9c5261fSeinhirn if(!is_null($this->usermanager_auth)) 443d9c5261fSeinhirn return $this->usermanager_auth->cleanGroup($group); 44432fe206aSeinhirn } else { 445d9c5261fSeinhirn if(!is_null($this->chained_auth)) 44686e0f1b9SPhilipp Neuser return $this->chained_auth->cleanGroup($group); 44786e0f1b9SPhilipp Neuser } 448d9c5261fSeinhirn return parent::cleanGroup($group); 44932fe206aSeinhirn } 45086e0f1b9SPhilipp Neuser 45186e0f1b9SPhilipp Neuser 45286e0f1b9SPhilipp Neuser public function useSessionCache($user) { 45386e0f1b9SPhilipp Neuser global $conf; 45486e0f1b9SPhilipp Neuser if(is_null($this->chained_auth)) 455d9c5261fSeinhirn return parent::useSessionCache($user); 45686e0f1b9SPhilipp Neuser else 45786e0f1b9SPhilipp Neuser return $this->chained_auth->useSessionCache($user); 45886e0f1b9SPhilipp Neuser } 459d9c5261fSeinhirn 46086e0f1b9SPhilipp Neuser} 461